Analysis Report · ACUBE Sandbox

Detection(s): BumbleBee

Analysis

Category	Package	Started	Completed	Duration	Options	Log(s)	MalScore
FILE	archive	2025-12-08 15:46:53	2025-12-08 15:50:07	194 seconds	Show Options	Show Analysis Log	8.4

vnc_port=5900

2025-12-06 18:31:41,692 [root] INFO: Date set to: 20251208T07:46:53, timeout set to: 180
2025-12-06 18:31:41,707 [root] DEBUG: Starting analyzer from: C:\tmpet5am7x7
2025-12-06 18:31:41,707 [root] DEBUG: Storing results at: C:\jcVWCJPBR
2025-12-06 18:31:41,707 [root] DEBUG: Pipe server name: \\.\PIPE\rZGssUMRJ
2025-12-06 18:31:41,707 [root] DEBUG: Python path: C:\Python38
2025-12-06 18:31:41,707 [root] INFO: analysis running as a normal user
2025-12-06 18:31:41,707 [root] INFO: analysis package specified: "archive"
2025-12-06 18:31:41,707 [root] DEBUG: importing analysis package module: "modules.packages.archive"...
2025-12-06 18:31:41,707 [root] DEBUG: imported analysis package "archive"
2025-12-06 18:31:41,707 [root] DEBUG: initializing analysis package "archive"...
2025-12-06 18:31:41,707 [lib.common.common] INFO: wrapping
2025-12-06 18:31:41,707 [lib.core.compound] INFO: C:\Users\user\AppData\Local\Temp already exists, skipping creation
2025-12-06 18:31:41,707 [root] DEBUG: New location of moved file: C:\Users\user\AppData\Local\Temp\folder-223205.iso
2025-12-06 18:31:41,707 [root] INFO: Analyzer: Package modules.packages.archive does not specify a DLL option
2025-12-06 18:31:41,707 [root] INFO: Analyzer: Package modules.packages.archive does not specify a DLL_64 option
2025-12-06 18:31:41,707 [root] INFO: Analyzer: Package modules.packages.archive does not specify a loader option
2025-12-06 18:31:41,707 [root] INFO: Analyzer: Package modules.packages.archive does not specify a loader_64 option
2025-12-06 18:31:41,738 [root] DEBUG: Imported auxiliary module "modules.auxiliary.browser"
2025-12-06 18:31:41,738 [root] DEBUG: Imported auxiliary module "modules.auxiliary.curtain"
2025-12-06 18:31:41,738 [root] DEBUG: Imported auxiliary module "modules.auxiliary.disguise"
2025-12-06 18:31:41,738 [root] DEBUG: Imported auxiliary module "modules.auxiliary.during_script"
2025-12-06 18:31:41,738 [root] DEBUG: Imported auxiliary module "modules.auxiliary.end_noisy_tasks"
2025-12-06 18:31:41,738 [root] DEBUG: Imported auxiliary module "modules.auxiliary.evtx"
2025-12-06 18:31:41,738 [root] DEBUG: Imported auxiliary module "modules.auxiliary.human"
2025-12-06 18:31:41,738 [root] DEBUG: Imported auxiliary module "modules.auxiliary.pre_script"
2025-12-06 18:31:41,738 [lib.api.screenshot] DEBUG: Importing 'PIL.ImageChops'
2025-12-06 18:31:41,770 [lib.api.screenshot] DEBUG: Importing 'PIL.ImageGrab'
2025-12-06 18:31:41,770 [lib.api.screenshot] DEBUG: Importing 'PIL.ImageDraw'
2025-12-06 18:31:41,770 [root] DEBUG: Imported auxiliary module "modules.auxiliary.screenshots"
2025-12-06 18:31:41,770 [root] DEBUG: Imported auxiliary module "modules.auxiliary.sysmon"
2025-12-06 18:31:41,770 [root] DEBUG: Imported auxiliary module "modules.auxiliary.tlsdump"
2025-12-06 18:31:41,770 [root] DEBUG: Imported auxiliary module "modules.auxiliary.usage"
2025-12-06 18:31:41,770 [root] DEBUG: Initialized auxiliary module "Browser"
2025-12-06 18:31:41,770 [root] DEBUG: attempting to configure 'Browser' from data
2025-12-06 18:31:41,770 [root] DEBUG: module Browser does not support data configuration, ignoring
2025-12-06 18:31:41,770 [root] DEBUG: Trying to start auxiliary module "modules.auxiliary.browser"...
2025-12-06 18:31:41,770 [root] DEBUG: Started auxiliary module modules.auxiliary.browser
2025-12-06 18:31:41,770 [root] DEBUG: Initialized auxiliary module "Curtain"
2025-12-06 18:31:41,770 [root] DEBUG: attempting to configure 'Curtain' from data
2025-12-06 18:31:41,770 [root] DEBUG: module Curtain does not support data configuration, ignoring
2025-12-06 18:31:41,770 [root] DEBUG: Trying to start auxiliary module "modules.auxiliary.curtain"...
2025-12-06 18:31:41,770 [root] DEBUG: Started auxiliary module modules.auxiliary.curtain
2025-12-06 18:31:41,770 [root] DEBUG: Initialized auxiliary module "Disguise"
2025-12-06 18:31:41,770 [root] DEBUG: attempting to configure 'Disguise' from data
2025-12-06 18:31:41,770 [root] DEBUG: module Disguise does not support data configuration, ignoring
2025-12-06 18:31:41,770 [root] DEBUG: Trying to start auxiliary module "modules.auxiliary.disguise"...
2025-12-06 18:31:41,770 [root] WARNING: Cannot execute auxiliary module modules.auxiliary.disguise: [WinError 5] Access is denied
2025-12-06 18:31:41,770 [root] DEBUG: Initialized auxiliary module "End_noisy_tasks"
2025-12-06 18:31:41,770 [root] DEBUG: attempting to configure 'End_noisy_tasks' from data
2025-12-06 18:31:41,770 [root] DEBUG: module End_noisy_tasks does not support data configuration, ignoring
2025-12-06 18:31:41,770 [root] DEBUG: Trying to start auxiliary module "modules.auxiliary.end_noisy_tasks"...
2025-12-06 18:31:41,770 [modules.auxiliary.end_noisy_tasks] DEBUG: taskkill /f /IM wuauclt.exe
2025-12-06 18:31:41,770 [root] DEBUG: Started auxiliary module modules.auxiliary.end_noisy_tasks
2025-12-06 18:31:41,770 [root] DEBUG: Initialized auxiliary module "Evtx"
2025-12-06 18:31:41,770 [root] DEBUG: attempting to configure 'Evtx' from data
2025-12-06 18:31:41,770 [root] DEBUG: module Evtx does not support data configuration, ignoring
2025-12-06 18:31:41,770 [root] DEBUG: Trying to start auxiliary module "modules.auxiliary.evtx"...
2025-12-06 18:31:41,770 [modules.auxiliary.evtx] DEBUG: Enabling advanced logging -> auditpol /set /subcategory:"Security State Change" /success:enable /failure:enable
2025-12-06 18:31:41,770 [root] DEBUG: Started auxiliary module modules.auxiliary.evtx
2025-12-06 18:31:41,770 [root] DEBUG: Initialized auxiliary module "Human"
2025-12-06 18:31:41,770 [root] DEBUG: attempting to configure 'Human' from data
2025-12-06 18:31:41,770 [root] DEBUG: module Human does not support data configuration, ignoring
2025-12-06 18:31:41,770 [root] DEBUG: Trying to start auxiliary module "modules.auxiliary.human"...
2025-12-06 18:31:41,785 [root] DEBUG: Started auxiliary module modules.auxiliary.human
2025-12-06 18:31:41,785 [root] DEBUG: Initialized auxiliary module "Pre_script"
2025-12-06 18:31:41,785 [root] DEBUG: attempting to configure 'Pre_script' from data
2025-12-06 18:31:41,785 [root] DEBUG: module Pre_script does not support data configuration, ignoring
2025-12-06 18:31:41,785 [root] DEBUG: Trying to start auxiliary module "modules.auxiliary.pre_script"...
2025-12-06 18:31:41,785 [root] DEBUG: Started auxiliary module modules.auxiliary.pre_script
2025-12-06 18:31:41,785 [root] DEBUG: Initialized auxiliary module "Screenshots"
2025-12-06 18:31:41,785 [root] DEBUG: attempting to configure 'Screenshots' from data
2025-12-06 18:31:41,785 [root] DEBUG: module Screenshots does not support data configuration, ignoring
2025-12-06 18:31:41,785 [root] DEBUG: Trying to start auxiliary module "modules.auxiliary.screenshots"...
2025-12-06 18:31:41,785 [root] DEBUG: Started auxiliary module modules.auxiliary.screenshots
2025-12-06 18:31:41,785 [root] DEBUG: Initialized auxiliary module "Sysmon"
2025-12-06 18:31:41,785 [root] DEBUG: attempting to configure 'Sysmon' from data
2025-12-06 18:31:41,785 [root] DEBUG: module Sysmon does not support data configuration, ignoring
2025-12-06 18:31:41,785 [root] DEBUG: Trying to start auxiliary module "modules.auxiliary.sysmon"...
2025-12-06 18:31:41,864 [modules.auxiliary.evtx] DEBUG: Enabling advanced logging -> auditpol /set /subcategory:"Security System Extension" /success:enable /failure:enable
2025-12-06 18:31:41,911 [modules.auxiliary.end_noisy_tasks] DEBUG: taskkill /f /IM wusa.exe
2025-12-06 18:31:41,911 [root] WARNING: Cannot execute auxiliary module modules.auxiliary.sysmon: In order to use the Sysmon functionality, it is required to have the SMaster(64|32).exe file and sysmonconfig-export.xml file in the bin path. Note that the SMaster(64|32).exe files are just the standard Sysmon binaries renamed to avoid anti-analysis detection techniques.
2025-12-06 18:31:41,911 [root] DEBUG: Initialized auxiliary module "TLSDumpMasterSecrets"
2025-12-06 18:31:41,911 [root] DEBUG: attempting to configure 'TLSDumpMasterSecrets' from data
2025-12-06 18:31:41,911 [root] DEBUG: module TLSDumpMasterSecrets does not support data configuration, ignoring
2025-12-06 18:31:41,911 [root] DEBUG: Trying to start auxiliary module "modules.auxiliary.tlsdump"...
2025-12-06 18:31:41,911 [modules.auxiliary.tlsdump] INFO: lsass.exe found, pid 668
2025-12-06 18:31:41,911 [modules.auxiliary.evtx] DEBUG: Enabling advanced logging -> auditpol /set /subcategory:"System Integrity" /success:enable /failure:enable
2025-12-06 18:31:41,911 [lib.api.process] WARNING: failed to open process 668
2025-12-06 18:31:41,911 [lib.api.process] WARNING: failed to open process 668
2025-12-06 18:31:41,911 [lib.api.process] WARNING: failed to open process 668
2025-12-06 18:31:41,911 [lib.api.process] DEBUG: Failed getting image name for pid 668
2025-12-06 18:31:41,911 [lib.api.process] WARNING: failed to open process 668
2025-12-06 18:31:41,911 [lib.api.process] DEBUG: Failed getting image name for pid 668
2025-12-06 18:31:41,911 [lib.api.process] DEBUG: Failed getting exit code for <Process 668 ???>
2025-12-06 18:31:41,911 [lib.api.process] WARNING: failed to open process 668
2025-12-06 18:31:41,911 [lib.api.process] DEBUG: Failed getting image name for pid 668
2025-12-06 18:31:41,911 [lib.api.process] WARNING: failed to open process 668
2025-12-06 18:31:41,911 [lib.api.process] DEBUG: Failed getting image name for pid 668
2025-12-06 18:31:41,911 [lib.api.process] WARNING: the <Process 668 ???> is not alive, injection aborted
2025-12-06 18:31:41,911 [root] DEBUG: Started auxiliary module modules.auxiliary.tlsdump
2025-12-06 18:31:41,911 [root] DEBUG: Initialized auxiliary module "Usage"
2025-12-06 18:31:41,911 [root] DEBUG: attempting to configure 'Usage' from data
2025-12-06 18:31:41,911 [root] DEBUG: module Usage does not support data configuration, ignoring
2025-12-06 18:31:41,911 [root] DEBUG: Trying to start auxiliary module "modules.auxiliary.usage"...
2025-12-06 18:31:41,911 [root] DEBUG: Started auxiliary module modules.auxiliary.usage
2025-12-06 18:31:41,911 [root] DEBUG: Initialized auxiliary module "During_script"
2025-12-06 18:31:41,911 [root] DEBUG: attempting to configure 'During_script' from data
2025-12-06 18:31:41,926 [root] DEBUG: module During_script does not support data configuration, ignoring
2025-12-06 18:31:41,926 [root] DEBUG: Trying to start auxiliary module "modules.auxiliary.during_script"...
2025-12-06 18:31:41,926 [root] DEBUG: Started auxiliary module modules.auxiliary.during_script
2025-12-06 18:31:41,957 [modules.auxiliary.evtx] DEBUG: Enabling advanced logging -> auditpol /set /subcategory:"IPsec Driver" /success:disable /failure:disable
2025-12-06 18:31:41,973 [modules.auxiliary.end_noisy_tasks] DEBUG: taskkill /f /IM WindowsUpdate.exe
2025-12-06 18:31:42,004 [modules.auxiliary.evtx] DEBUG: Enabling advanced logging -> auditpol /set /subcategory:"Other System Events" /success:disable /failure:enable
2025-12-06 18:31:42,036 [modules.auxiliary.end_noisy_tasks] DEBUG: taskkill /f /IM GoogleUpdate.exe
2025-12-06 18:31:42,051 [modules.auxiliary.evtx] DEBUG: Enabling advanced logging -> auditpol /set /subcategory:"Logon" /success:enable /failure:enable
2025-12-06 18:31:42,083 [modules.auxiliary.evtx] DEBUG: Enabling advanced logging -> auditpol /set /subcategory:"Logoff" /success:enable /failure:enable
2025-12-06 18:31:42,114 [modules.auxiliary.end_noisy_tasks] DEBUG: taskkill /f /IM MicrosoftEdgeUpdate.exe
2025-12-06 18:31:42,114 [modules.auxiliary.evtx] DEBUG: Enabling advanced logging -> auditpol /set /subcategory:"Account Lockout" /success:enable /failure:enable
2025-12-06 18:31:42,145 [root] INFO: Restarting WMI Service
2025-12-06 18:31:42,160 [modules.auxiliary.evtx] DEBUG: Enabling advanced logging -> auditpol /set /subcategory:"IPsec Main Mode" /success:disable /failure:disable
2025-12-06 18:31:42,176 [root] DEBUG: package modules.packages.archive does not support configure, ignoring
2025-12-06 18:31:42,176 [root] WARNING: configuration error for package modules.packages.archive: error importing data.packages.archive: No module named 'data.packages'
2025-12-06 18:31:42,176 [lib.common.zip_utils] DEBUG: ['C:\\Program Files\\7-Zip\\7z.exe', 'l', 'C:\\Users\\user\\AppData\\Local\\Temp\\folder-223205.iso']
2025-12-06 18:31:42,192 [modules.auxiliary.evtx] DEBUG: Enabling advanced logging -> auditpol /set /subcategory:"IPsec Quick Mode" /success:disable /failure:disable
2025-12-06 18:31:42,223 [modules.auxiliary.end_noisy_tasks] DEBUG: Command executed with exit code 1: reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate" /v DisableWindowsUpdateAccess /t REG_DWORD /d 1 /f
2025-12-06 18:31:42,239 [modules.auxiliary.evtx] DEBUG: Enabling advanced logging -> auditpol /set /subcategory:"IPsec Extended Mode" /success:disable /failure:disable
2025-12-06 18:31:42,301 [lib.common.zip_utils] DEBUG: ['C:\\Program Files\\7-Zip\\7z.exe', 'x', '-p', '-y', '-oC:\\folder-223205.iso', 'C:\\Users\\user\\AppData\\Local\\Temp\\folder-223205.iso']
2025-12-06 18:31:42,301 [modules.auxiliary.evtx] DEBUG: Enabling advanced logging -> auditpol /set /subcategory:"Other Logon/Logoff Events" /success:enable /failure:enable
2025-12-06 18:31:42,301 [modules.auxiliary.end_noisy_tasks] DEBUG: Command executed with exit code 1: reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\DataCollection" /v AllowTelemetry /t REG_DWORD /d 0 /f
2025-12-06 18:31:42,364 [modules.auxiliary.evtx] DEBUG: Enabling advanced logging -> auditpol /set /subcategory:"Network Policy Server" /success:enable /failure:enable
2025-12-06 18:31:42,364 [modules.auxiliary.end_noisy_tasks] DEBUG: Command executed with exit code 1: reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters" /v EnableICMPRedirect /t REG_DWORD /d 0 /f
2025-12-06 18:31:42,379 [lib.common.zip_utils] DEBUG: b'\r\n7-Zip 23.01 (x64) : Copyright (c) 1999-2023 Igor Pavlov : 2023-06-20\r\n\r\nScanning the drive for archives:\r\n1 file, 2306048 bytes (2252 KiB)\r\n\r\nExtracting archive: C:\\Users\\user\\AppData\\Local\\Temp\\folder-223205.iso\r\n--\r\nPath = C:\\Users\\user\\AppData\\Local\\Temp\\folder-223205.iso\r\nType = Iso\r\nPhysical Size = 2306048\r\nCreated = 2022-03-11 03:03:57.14\r\n\r\nEverything is Ok\r\n\r\nFiles: 2\r\nSize:       2252491\r\nCompressed: 2306048\r\n' b''
2025-12-06 18:31:42,379 [modules.packages.archive] DEBUG: ['documents.lnk', 'sysmon64.exe']
2025-12-06 18:31:42,379 [lib.common.zip_utils] INFO: Uploading C:\folder-223205.iso\documents.lnk to host
2025-12-06 18:31:42,379 [lib.common.results] INFO: Uploading file C:\folder-223205.iso\documents.lnk to files/b953d0b1efb9719f79954788480235b8eccb84b13c5d373969fa3a03aabef788; Size is 1227; Max size: 100000000
2025-12-06 18:31:42,379 [lib.common.zip_utils] INFO: Uploading C:\folder-223205.iso\sysmon64.exe to host
2025-12-06 18:31:42,395 [lib.common.results] INFO: Uploading file C:\folder-223205.iso\sysmon64.exe to files/9f35ac95864daf736de1471babe756a11fedd297379892375689fd97c9322344; Size is 2251264; Max size: 100000000
2025-12-06 18:31:42,395 [modules.packages.archive] WARNING: Couldn't copy C:\folder-223205.iso\documents.lnk to root of C: [Errno 13] Permission denied: 'C:\\documents.lnk'
2025-12-06 18:31:42,395 [modules.packages.archive] WARNING: Couldn't copy C:\folder-223205.iso\sysmon64.exe to root of C: [Errno 13] Permission denied: 'C:\\sysmon64.exe'
2025-12-06 18:31:42,395 [modules.packages.archive] DEBUG: Missing file option, auto executing: ['documents.lnk', 'sysmon64.exe']
2025-12-06 18:31:42,395 [lib.core.compound] INFO: C:\Users\user\AppData\Local\Temp already exists, skipping creation
2025-12-06 18:31:42,395 [lib.api.process] INFO: Successfully executed process from path "C:\Windows\system32\cmd.exe" with arguments "/c "cd ^"C:\folder-223205.iso^" && start /wait ^"^" ^"C:\folder-223205.iso\documents.lnk^"" with pid 552
2025-12-06 18:31:42,395 [lib.api.process] INFO: Monitor config for <Process 552 cmd.exe>: C:\tmpet5am7x7\dll\552.ini
2025-12-06 18:31:42,395 [lib.api.process] INFO: 32-bit DLL to inject is C:\tmpet5am7x7\dll\PUvGToE.dll, loader C:\tmpet5am7x7\bin\vKoIOfi.exe
2025-12-06 18:31:42,411 [modules.auxiliary.evtx] DEBUG: Enabling advanced logging -> auditpol /set /subcategory:"Special Logon" /success:enable /failure:enable
2025-12-06 18:31:42,411 [root] DEBUG: Loader: Injecting process 552 (thread 5528) with C:\tmpet5am7x7\dll\PUvGToE.dll.
2025-12-06 18:31:42,411 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.
2025-12-06 18:31:42,411 [root] DEBUG: Successfully injected DLL C:\tmpet5am7x7\dll\PUvGToE.dll.
2025-12-06 18:31:42,411 [lib.api.process] INFO: Injected into 32-bit <Process 552 cmd.exe>
2025-12-06 18:31:42,426 [modules.auxiliary.evtx] DEBUG: Enabling advanced logging -> auditpol /set /subcategory:"File System" /success:enable /failure:enable
2025-12-06 18:31:42,457 [modules.auxiliary.evtx] DEBUG: Enabling advanced logging -> auditpol /set /subcategory:"Registry" /success:enable /failure:enable
2025-12-06 18:31:42,489 [modules.auxiliary.evtx] DEBUG: Enabling advanced logging -> auditpol /set /subcategory:"Kernel Object" /success:enable /failure:enable
2025-12-06 18:31:42,520 [modules.auxiliary.evtx] DEBUG: Enabling advanced logging -> auditpol /set /subcategory:"SAM" /success:disable /failure:disable
2025-12-06 18:31:42,551 [modules.auxiliary.evtx] DEBUG: Enabling advanced logging -> auditpol /set /subcategory:"Certification Services" /success:enable /failure:enable
2025-12-06 18:31:42,582 [modules.auxiliary.evtx] DEBUG: Enabling advanced logging -> auditpol /set /subcategory:"Handle Manipulation" /success:disable /failure:disable
2025-12-06 18:31:42,598 [modules.auxiliary.evtx] DEBUG: Enabling advanced logging -> auditpol /set /subcategory:"Application Generated" /success:enable /failure:enable
2025-12-06 18:31:42,629 [modules.auxiliary.evtx] DEBUG: Enabling advanced logging -> auditpol /set /subcategory:"File Share" /success:enable /failure:enable
2025-12-06 18:31:42,661 [modules.auxiliary.evtx] DEBUG: Enabling advanced logging -> auditpol /set /subcategory:"Filtering Platform Packet Drop" /success:disable /failure:disable
2025-12-06 18:31:42,692 [modules.auxiliary.evtx] DEBUG: Enabling advanced logging -> auditpol /set /subcategory:"Filtering Platform Connection" /success:disable /failure:disable
2025-12-06 18:31:42,707 [modules.auxiliary.evtx] DEBUG: Enabling advanced logging -> auditpol /set /subcategory:"Other Object Access Events" /success:disable /failure:disable
2025-12-06 18:31:42,739 [modules.auxiliary.evtx] DEBUG: Enabling advanced logging -> auditpol /set /subcategory:"Sensitive Privilege Use" /success:disable /failure:disable
2025-12-06 18:31:42,770 [modules.auxiliary.evtx] DEBUG: Enabling advanced logging -> auditpol /set /subcategory:"Non Sensitive Privilege Use" /success:disable /failure:disable
2025-12-06 18:31:42,801 [modules.auxiliary.evtx] DEBUG: Enabling advanced logging -> auditpol /set /subcategory:"Other Privilege Use Events" /success:disable /failure:disable
2025-12-06 18:31:42,832 [modules.auxiliary.evtx] DEBUG: Enabling advanced logging -> auditpol /set /subcategory:"RPC Events" /success:enable /failure:enable
2025-12-06 18:31:42,848 [modules.auxiliary.evtx] DEBUG: Enabling advanced logging -> auditpol /set /subcategory:"Audit Policy Change" /success:enable /failure:enable
2025-12-06 18:31:42,879 [modules.auxiliary.evtx] DEBUG: Enabling advanced logging -> auditpol /set /subcategory:"Authentication Policy Change" /success:enable /failure:enable
2025-12-06 18:31:42,911 [modules.auxiliary.evtx] DEBUG: Enabling advanced logging -> auditpol /set /subcategory:"MPSSVC Rule-Level Policy Change" /success:disable /failure:disable
2025-12-06 18:31:42,926 [modules.auxiliary.evtx] DEBUG: Enabling advanced logging -> auditpol /set /subcategory:"Filtering Platform Policy Change" /success:disable /failure:disable
2025-12-06 18:31:42,958 [modules.auxiliary.evtx] DEBUG: Enabling advanced logging -> auditpol /set /subcategory:"Other Policy Change Events" /success:disable /failure:enable
2025-12-06 18:31:42,989 [modules.auxiliary.evtx] DEBUG: Enabling advanced logging -> auditpol /set /subcategory:"User Account Management" /success:enable /failure:enable
2025-12-06 18:31:43,020 [modules.auxiliary.evtx] DEBUG: Enabling advanced logging -> auditpol /set /subcategory:"Computer Account Management" /success:enable /failure:enable
2025-12-06 18:31:43,051 [modules.auxiliary.evtx] DEBUG: Enabling advanced logging -> auditpol /set /subcategory:"Security Group Management" /success:enable /failure:enable
2025-12-06 18:31:43,082 [modules.auxiliary.evtx] DEBUG: Enabling advanced logging -> auditpol /set /subcategory:"Distribution Group Management" /success:enable /failure:enable
2025-12-06 18:31:43,098 [modules.auxiliary.evtx] DEBUG: Enabling advanced logging -> auditpol /set /subcategory:"Application Group Management" /success:enable /failure:enable
2025-12-06 18:31:43,129 [modules.auxiliary.evtx] DEBUG: Enabling advanced logging -> auditpol /set /subcategory:"Other Account Management Events" /success:enable /failure:enable
2025-12-06 18:31:43,160 [modules.auxiliary.evtx] DEBUG: Enabling advanced logging -> auditpol /set /subcategory:"Directory Service Access" /success:enable /failure:enable
2025-12-06 18:31:43,176 [modules.auxiliary.evtx] DEBUG: Enabling advanced logging -> auditpol /set /subcategory:"Directory Service Changes" /success:enable /failure:enable
2025-12-06 18:31:43,207 [modules.auxiliary.evtx] DEBUG: Enabling advanced logging -> auditpol /set /subcategory:"Directory Service Replication" /success:disable /failure:enable
2025-12-06 18:31:43,238 [modules.auxiliary.evtx] DEBUG: Enabling advanced logging -> auditpol /set /subcategory:"Detailed Directory Service Replication" /success:disable /failure:disable
2025-12-06 18:31:43,270 [modules.auxiliary.evtx] DEBUG: Enabling advanced logging -> auditpol /set /subcategory:"Credential Validation" /success:enable /failure:enable
2025-12-06 18:31:43,285 [modules.auxiliary.evtx] DEBUG: Enabling advanced logging -> auditpol /set /subcategory:"Kerberos Service Ticket Operations" /success:enable /failure:enable
2025-12-06 18:31:43,317 [modules.auxiliary.evtx] DEBUG: Enabling advanced logging -> auditpol /set /subcategory:"Other Account Logon Events" /success:enable /failure:enable
2025-12-06 18:31:43,348 [modules.auxiliary.evtx] DEBUG: Enabling advanced logging -> auditpol /set /subcategory:"Kerberos Authentication Service" /success:enable /failure:enable
2025-12-06 18:31:43,363 [modules.auxiliary.evtx] DEBUG: Wiping Application
2025-12-06 18:31:43,395 [modules.auxiliary.evtx] DEBUG: Wiping HardwareEvents
2025-12-06 18:31:43,426 [modules.auxiliary.evtx] DEBUG: Wiping Internet Explorer
2025-12-06 18:31:43,457 [modules.auxiliary.evtx] DEBUG: Wiping Key Management Service
2025-12-06 18:31:43,473 [modules.auxiliary.evtx] DEBUG: Wiping OAlerts
2025-12-06 18:31:43,504 [modules.auxiliary.evtx] DEBUG: Wiping Security
2025-12-06 18:31:43,535 [modules.auxiliary.evtx] DEBUG: Wiping Setup
2025-12-06 18:31:43,567 [modules.auxiliary.evtx] DEBUG: Wiping System
2025-12-06 18:31:43,582 [modules.auxiliary.evtx] DEBUG: Wiping Windows PowerShell
2025-12-06 18:31:43,614 [modules.auxiliary.evtx] DEBUG: Wiping Microsoft-Windows-Sysmon/Operational
2025-12-06 18:31:44,426 [lib.api.process] INFO: Successfully resumed <Process 552 cmd.exe>
2025-12-06 18:31:44,426 [lib.core.compound] INFO: C:\Users\user\AppData\Local\Temp already exists, skipping creation
2025-12-06 18:31:44,426 [lib.api.process] INFO: Successfully executed process from path "C:\folder-223205.iso\sysmon64.exe" with arguments "" with pid 3592
2025-12-06 18:31:44,426 [lib.api.process] INFO: Monitor config for <Process 3592 sysmon64.exe>: C:\tmpet5am7x7\dll\3592.ini
2025-12-06 18:31:44,426 [lib.api.process] INFO: 64-bit DLL to inject is C:\tmpet5am7x7\dll\IklxUPDo.dll, loader C:\tmpet5am7x7\bin\GFMSQHhy.exe
2025-12-06 18:31:44,442 [root] DEBUG: Loader: Injecting process 3592 (thread 4020) with C:\tmpet5am7x7\dll\IklxUPDo.dll.
2025-12-06 18:31:44,442 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.
2025-12-06 18:31:44,442 [root] DEBUG: Successfully injected DLL C:\tmpet5am7x7\dll\IklxUPDo.dll.
2025-12-06 18:31:44,442 [lib.api.process] INFO: Injected into 64-bit <Process 3592 sysmon64.exe>
2025-12-06 18:31:44,473 [root] DEBUG: 552: Python path set to 'C:\Python38'.
2025-12-06 18:31:44,473 [root] INFO: Disabling sleep skipping.
2025-12-06 18:31:44,473 [root] DEBUG: 552: Dropped file limit defaulting to 100.
2025-12-06 18:31:44,473 [root] DEBUG: 552: YaraInit: Compiled 41 rule files
2025-12-06 18:31:44,473 [root] DEBUG: 552: YaraInit: Compiled rules saved to file C:\tmpet5am7x7\data\yara\capemon.yac
2025-12-06 18:31:44,489 [root] DEBUG: 552: YaraScan: Scanning 0x005A0000, size 0x595ee
2025-12-06 18:31:44,489 [root] DEBUG: Error 5 (0x5) - AmsiDumper: Is CAPE agent running elevated? Initialisation failed: Access is denied.
2025-12-06 18:31:44,489 [root] DEBUG: 552: Monitor initialised: 32-bit capemon loaded in process 552 at 0x73630000, thread 5528, image base 0x5a0000, stack from 0x3203000-0x3300000
2025-12-06 18:31:44,489 [root] DEBUG: 552: Commandline: "C:\Windows\system32\cmd.exe" /c "cd ^"C:\folder-223205.iso^" && start /wait ^"^" ^"C:\folder-223205.iso\documents.lnk^"
2025-12-06 18:31:44,489 [root] DEBUG: 552: GetAddressByYara: ModuleBase 0x77210000 FunctionName LdrpCallInitRoutine
2025-12-06 18:31:44,489 [root] DEBUG: 552: hook_api: LdrpCallInitRoutine export address 0x77282A30 obtained via GetFunctionAddress
2025-12-06 18:31:44,504 [root] DEBUG: 552: hook_api: Warning - CreateRemoteThreadEx export address 0x76BD866C differs from GetProcAddress -> 0x770F7630 (KERNELBASE.dll::0x137630)
2025-12-06 18:31:44,504 [root] DEBUG: 552: hook_api: Warning - CoCreateInstance export address 0x762B569D differs from GetProcAddress -> 0x769995D0 (combase.dll::0xd95d0)
2025-12-06 18:31:44,504 [root] DEBUG: 552: hook_api: Warning - CoCreateInstanceEx export address 0x762B56DC differs from GetProcAddress -> 0x7697C540 (combase.dll::0xbc540)
2025-12-06 18:31:44,504 [root] DEBUG: 552: hook_api: Warning - CoGetClassObject export address 0x762B5C6C differs from GetProcAddress -> 0x769651A0 (combase.dll::0xa51a0)
2025-12-06 18:31:44,504 [root] DEBUG: 552: hook_api: Warning - UpdateProcThreadAttribute export address 0x76BDFFD2 differs from GetProcAddress -> 0x770C47B0 (KERNELBASE.dll::0x1047b0)
2025-12-06 18:31:44,504 [root] WARNING: b'Unable to place hook on GetCommandLineA'
2025-12-06 18:31:44,504 [root] DEBUG: 552: set_hooks: Unable to hook GetCommandLineA
2025-12-06 18:31:44,504 [root] WARNING: b'Unable to place hook on GetCommandLineW'
2025-12-06 18:31:44,504 [root] DEBUG: 552: set_hooks: Unable to hook GetCommandLineW
2025-12-06 18:31:44,504 [root] DEBUG: 552: hook_api: Warning - CLSIDFromProgID export address 0x762B4ED6 differs from GetProcAddress -> 0x769316A0 (combase.dll::0x716a0)
2025-12-06 18:31:44,504 [root] DEBUG: 552: hook_api: Warning - CLSIDFromProgIDEx export address 0x762B4F13 differs from GetProcAddress -> 0x76930500 (combase.dll::0x70500)
2025-12-06 18:31:44,504 [root] DEBUG: 552: Hooked 611 out of 613 functions
2025-12-06 18:31:44,504 [root] DEBUG: 552: Syscall hook installed, syscall logging level 1
2025-12-06 18:31:44,504 [root] DEBUG: 552: WoW64fix: Windows version 10.0 not supported.
2025-12-06 18:31:44,504 [root] INFO: Loaded monitor into process with pid 552
2025-12-06 18:31:44,504 [root] DEBUG: 552: caller_dispatch: Added region at 0x005A0000 to tracked regions list (ntdll::memcpy returns to 0x005B68FA, thread 5528).
2025-12-06 18:31:44,504 [root] DEBUG: 552: YaraScan: Scanning 0x005A0000, size 0x595ee
2025-12-06 18:31:44,504 [root] DEBUG: 552: ProcessImageBase: Main module image at 0x005A0000 unmodified (entropy change 0.000000e+00)
2025-12-06 18:31:44,520 [root] DEBUG: 552: InstrumentationCallback: Added region at 0x76FC0000 to tracked regions list (thread 5528).
2025-12-06 18:31:44,520 [root] DEBUG: 552: set_hooks_by_export_directory: Hooked 0 out of 613 functions
2025-12-06 18:31:44,520 [root] DEBUG: 552: DLL loaded at 0x74EC0000: C:\Windows\SYSTEM32\kernel.appcore (0xf000 bytes).
2025-12-06 18:31:44,520 [root] DEBUG: 552: DLL loaded at 0x75CF0000: C:\Windows\System32\bcryptPrimitives (0x5f000 bytes).
2025-12-06 18:31:44,520 [root] DEBUG: 552: DLL loaded at 0x74CE0000: C:\Windows\system32\uxtheme (0x74000 bytes).
2025-12-06 18:31:44,536 [root] DEBUG: 552: DLL loaded at 0x75410000: C:\Windows\System32\shell32 (0x5b6000 bytes).
2025-12-06 18:31:44,536 [root] DEBUG: 552: InstrumentationCallback: Added region at 0x76B40000 to tracked regions list (thread 5528).
2025-12-06 18:31:44,551 [root] DEBUG: 552: DLL loaded at 0x73980000: C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.19041.1110_none_a8625c1886757984\comctl32 (0x210000 bytes).
2025-12-06 18:31:44,551 [root] DEBUG: 552: DLL loaded at 0x75F50000: C:\Windows\System32\SHCORE (0x87000 bytes).
2025-12-06 18:31:44,551 [root] DEBUG: 552: DLL loaded at 0x74680000: C:\Windows\System32\Wldp (0x25000 bytes).
2025-12-06 18:31:44,551 [root] DEBUG: 552: DLL loaded at 0x746B0000: C:\Windows\SYSTEM32\windows.storage (0x60d000 bytes).
2025-12-06 18:31:44,551 [root] DEBUG: 552: DLL loaded at 0x73EE0000: C:\Windows\System32\PROPSYS (0xc2000 bytes).
2025-12-06 18:31:44,551 [root] DEBUG: 552: DLL loaded at 0x762F0000: C:\Windows\System32\OLEAUT32 (0x96000 bytes).
2025-12-06 18:31:44,567 [root] DEBUG: 552: DLL loaded at 0x75C70000: C:\Windows\System32\clbcatq (0x7e000 bytes).
2025-12-06 18:31:44,567 [root] DEBUG: 552: DLL loaded at 0x74CC0000: C:\Windows\System32\profapi (0x18000 bytes).
2025-12-06 18:31:44,567 [root] DEBUG: 552: DLL loaded at 0x75EB0000: C:\Windows\System32\CFGMGR32 (0x3b000 bytes).
2025-12-06 18:31:44,567 [root] DEBUG: 552: DLL loaded at 0x74540000: C:\Windows\System32\apphelp (0xa0000 bytes).
2025-12-06 18:31:44,583 [root] DEBUG: 552: DLL loaded at 0x74530000: C:\Windows\System32\LINKINFO (0xb000 bytes).
2025-12-06 18:31:44,583 [root] DEBUG: 552: api-rate-cap: memcpy hook disabled due to rate
2025-12-06 18:31:44,583 [root] DEBUG: 552: DLL loaded at 0x73590000: C:\Windows\System32\Windows.StateRepositoryPS (0x93000 bytes).
2025-12-06 18:31:44,613 [root] DEBUG: 552: DLL loaded at 0x74510000: C:\Windows\System32\edputil (0x1b000 bytes).
2025-12-06 18:31:44,629 [root] DEBUG: 552: DLL loaded at 0x72D70000: C:\Windows\System32\iertutil (0x22d000 bytes).
2025-12-06 18:31:44,629 [root] DEBUG: 552: DLL loaded at 0x73EB0000: C:\Windows\System32\srvcli (0x1d000 bytes).
2025-12-06 18:31:44,629 [root] DEBUG: 552: DLL loaded at 0x74500000: C:\Windows\System32\netutils (0xb000 bytes).
2025-12-06 18:31:44,629 [root] DEBUG: 552: DLL loaded at 0x72FA0000: C:\Windows\System32\urlmon (0x1a8000 bytes).
2025-12-06 18:31:44,645 [root] DEBUG: 552: DLL loaded at 0x73E70000: C:\Windows\SYSTEM32\FLTLIB (0x8000 bytes).
2025-12-06 18:31:44,645 [root] DEBUG: 552: DLL loaded at 0x73EA0000: C:\Windows\SYSTEM32\virtdisk (0xf000 bytes).
2025-12-06 18:31:44,645 [root] DEBUG: 552: DLL loaded at 0x72C90000: C:\Windows\System32\wintypes (0xdb000 bytes).
2025-12-06 18:31:44,660 [root] DEBUG: 552: DLL loaded at 0x73540000: C:\Windows\System32\Bcp47Langs (0x48000 bytes).
2025-12-06 18:31:44,660 [root] DEBUG: 552: DLL loaded at 0x73490000: C:\Windows\System32\sppc (0x1c000 bytes).
2025-12-06 18:31:44,660 [root] DEBUG: 552: DLL loaded at 0x73520000: C:\Windows\System32\SLC (0x1f000 bytes).
2025-12-06 18:31:44,660 [root] DEBUG: 552: DLL loaded at 0x734B0000: C:\Windows\System32\USERENV (0x25000 bytes).
2025-12-06 18:31:44,660 [root] DEBUG: 552: DLL loaded at 0x73900000: C:\Windows\System32\appresolver (0x71000 bytes).
2025-12-06 18:31:44,660 [root] DEBUG: 552: DLL loaded at 0x74F20000: C:\Windows\SYSTEM32\cryptsp (0x13000 bytes).
2025-12-06 18:31:44,676 [root] DEBUG: 552: DLL loaded at 0x74EF0000: C:\Windows\system32\rsaenh (0x2f000 bytes).
2025-12-06 18:31:44,676 [root] DEBUG: 552: DLL loaded at 0x73450000: C:\Windows\System32\OneCoreCommonProxyStub (0x3d000 bytes).
2025-12-06 18:31:44,691 [root] DEBUG: 552: DLL loaded at 0x728D0000: C:\Windows\System32\OneCoreUAPCommonProxyStub (0x3b9000 bytes).
2025-12-06 18:31:44,691 [lib.api.process] WARNING: failed to open process 796
2025-12-06 18:31:44,691 [lib.api.process] WARNING: failed to open process 796
2025-12-06 18:31:44,691 [lib.api.process] WARNING: failed to open process 796
2025-12-06 18:31:44,691 [lib.api.process] DEBUG: Failed getting image name for pid 796
2025-12-06 18:31:44,691 [lib.api.process] WARNING: failed to open process 796
2025-12-06 18:31:44,691 [lib.api.process] DEBUG: Failed getting image name for pid 796
2025-12-06 18:31:44,691 [lib.api.process] DEBUG: Failed getting exit code for <Process 796 ???>
2025-12-06 18:31:44,691 [lib.api.process] WARNING: failed to open process 796
2025-12-06 18:31:44,691 [lib.api.process] DEBUG: Failed getting image name for pid 796
2025-12-06 18:31:44,691 [lib.api.process] WARNING: failed to open process 796
2025-12-06 18:31:44,691 [lib.api.process] DEBUG: Failed getting image name for pid 796
2025-12-06 18:31:44,691 [lib.api.process] WARNING: the <Process 796 ???> is not alive, injection aborted
2025-12-06 18:31:46,457 [lib.api.process] INFO: Successfully resumed <Process 3592 sysmon64.exe>
2025-12-06 18:31:46,473 [root] DEBUG: 3592: Python path set to 'C:\Python38'.
2025-12-06 18:31:46,473 [root] INFO: Disabling sleep skipping.
2025-12-06 18:31:46,473 [root] DEBUG: 3592: Dropped file limit defaulting to 100.
2025-12-06 18:31:46,473 [root] DEBUG: 3592: YaraInit: Compiled rules loaded from existing file C:\tmpet5am7x7\data\yara\capemon.yac
2025-12-06 18:31:46,473 [root] DEBUG: 3592: GetAddressByYara: ModuleBase 0x00007FF978DB0000 FunctionName RtlInsertInvertedFunctionTable
2025-12-06 18:31:46,488 [root] DEBUG: 3592: RtlInsertInvertedFunctionTable 0x00007FF978DC090E, LdrpInvertedFunctionTableSRWLock 0x00007FF978F1D510
2025-12-06 18:31:46,488 [root] DEBUG: 3592: YaraScan: Scanning 0x00007FF6FF260000, size 0x230db2
2025-12-06 18:31:46,504 [root] DEBUG: Error 5 (0x5) - AmsiDumper: Is CAPE agent running elevated? Initialisation failed: Access is denied.
2025-12-06 18:31:46,504 [root] DEBUG: 3592: Monitor initialised: 64-bit capemon loaded in process 3592 at 0x00007FF954F00000, thread 4020, image base 0x00007FF6FF260000, stack from 0x000000AEAB8F5000-0x000000AEAB900000
2025-12-06 18:31:46,504 [root] DEBUG: 3592: Commandline: "C:\folder-223205.iso\sysmon64.exe"
2025-12-06 18:31:46,504 [root] DEBUG: 3592: hook_api: LdrpCallInitRoutine export address 0x00007FF978DC99BC obtained via GetFunctionAddress
2025-12-06 18:31:46,504 [root] DEBUG: 3592: hook_api: Warning - CoCreateInstance export address 0x00007FF9775F42CB differs from GetProcAddress -> 0x00007FF97782A420 (combase.dll::0x2a420)
2025-12-06 18:31:46,504 [root] DEBUG: 3592: hook_api: Warning - CoCreateInstanceEx export address 0x00007FF9775F430A differs from GetProcAddress -> 0x00007FF9778A4180 (combase.dll::0xa4180)
2025-12-06 18:31:46,504 [root] DEBUG: 3592: hook_api: Warning - CoGetClassObject export address 0x00007FF9775F489A differs from GetProcAddress -> 0x00007FF97782EB00 (combase.dll::0x2eb00)
2025-12-06 18:31:46,520 [root] DEBUG: 3592: hook_api: Warning - CLSIDFromProgID export address 0x00007FF9775F3B16 differs from GetProcAddress -> 0x00007FF9778A8570 (combase.dll::0xa8570)
2025-12-06 18:31:46,520 [root] DEBUG: 3592: hook_api: Warning - CLSIDFromProgIDEx export address 0x00007FF9775F3B53 differs from GetProcAddress -> 0x00007FF9778A8A40 (combase.dll::0xa8a40)
2025-12-06 18:31:46,520 [root] WARNING: b'Unable to place hook on LockResource'
2025-12-06 18:31:46,520 [root] DEBUG: 3592: set_hooks: Unable to hook LockResource
2025-12-06 18:31:46,520 [root] DEBUG: 3592: Hooked 605 out of 606 functions
2025-12-06 18:31:46,520 [root] DEBUG: 3592: Syscall hook installed, syscall logging level 1
2025-12-06 18:31:46,520 [root] INFO: Loaded monitor into process with pid 3592
2025-12-06 18:31:46,535 [root] DEBUG: 3592: caller_dispatch: Added region at 0x00007FF6FF260000 to tracked regions list (kernel32::LoadLibraryExW returns to 0x00007FF6FF388282, thread 4020).
2025-12-06 18:31:46,535 [root] DEBUG: 3592: YaraScan: Scanning 0x00007FF6FF260000, size 0x230db2
2025-12-06 18:31:46,535 [root] DEBUG: 3592: ProcessImageBase: Main module image at 0x00007FF6FF260000 unmodified (entropy change 0.000000e+00)
2025-12-06 18:31:46,551 [root] DEBUG: 3592: set_hooks_by_export_directory: Hooked 0 out of 606 functions
2025-12-06 18:31:46,551 [root] DEBUG: 3592: DLL loaded at 0x00007FF974360000: C:\Windows\SYSTEM32\kernel.appcore (0x12000 bytes).
2025-12-06 18:31:46,551 [root] DEBUG: 3592: DLL loaded at 0x00007FF976A00000: C:\Windows\System32\bcryptPrimitives (0x82000 bytes).
2025-12-06 18:31:46,551 [lib.api.process] WARNING: failed to open process 2664
2025-12-06 18:31:46,551 [lib.api.process] WARNING: failed to open process 2664
2025-12-06 18:31:46,551 [lib.api.process] WARNING: failed to open process 2664
2025-12-06 18:31:46,551 [lib.api.process] DEBUG: Failed getting image name for pid 2664
2025-12-06 18:31:46,551 [lib.api.process] WARNING: failed to open process 2664
2025-12-06 18:31:46,551 [lib.api.process] DEBUG: Failed getting image name for pid 2664
2025-12-06 18:31:46,551 [lib.api.process] DEBUG: Failed getting exit code for <Process 2664 ???>
2025-12-06 18:31:46,551 [lib.api.process] WARNING: failed to open process 2664
2025-12-06 18:31:46,551 [lib.api.process] DEBUG: Failed getting image name for pid 2664
2025-12-06 18:31:46,551 [lib.api.process] WARNING: failed to open process 2664
2025-12-06 18:31:46,551 [lib.api.process] DEBUG: Failed getting image name for pid 2664
2025-12-06 18:31:46,551 [lib.api.process] WARNING: the <Process 2664 ???> is not alive, injection aborted
2025-12-06 18:31:46,707 [root] DEBUG: 552: CreateProcessHandler: Injection info set for new process 5064: C:\Windows\System32\rundll32.exe, ImageBase: 0x00500000
2025-12-06 18:31:46,707 [root] INFO: Announced 32-bit process name: rundll32.exe pid: 5064
2025-12-06 18:31:46,707 [lib.api.process] INFO: Monitor config for <Process 5064 rundll32.exe>: C:\tmpet5am7x7\dll\5064.ini
2025-12-06 18:31:46,707 [lib.api.process] INFO: 32-bit DLL to inject is C:\tmpet5am7x7\dll\PUvGToE.dll, loader C:\tmpet5am7x7\bin\vKoIOfi.exe
2025-12-06 18:31:46,707 [root] DEBUG: Loader: Injecting process 5064 (thread 5680) with C:\tmpet5am7x7\dll\PUvGToE.dll.
2025-12-06 18:31:46,707 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.
2025-12-06 18:31:46,707 [root] DEBUG: Successfully injected DLL C:\tmpet5am7x7\dll\PUvGToE.dll.
2025-12-06 18:31:46,707 [lib.api.process] INFO: Injected into 32-bit <Process 5064 rundll32.exe>
2025-12-06 18:31:46,723 [root] DEBUG: 552: DLL loaded at 0x72890000: C:\Windows\System32\MPR (0x19000 bytes).
2025-12-06 18:31:46,723 [root] DEBUG: 552: DLL loaded at 0x728B0000: C:\Windows\SYSTEM32\pcacli (0x11000 bytes).
2025-12-06 18:31:46,723 [root] DEBUG: 552: DLL loaded at 0x73E60000: C:\Windows\System32\sfc_os (0x10000 bytes).
2025-12-06 18:31:46,754 [root] DEBUG: 5064: Python path set to 'C:\Python38'.
2025-12-06 18:31:46,754 [root] DEBUG: 5064: Dropped file limit defaulting to 100.
2025-12-06 18:31:46,754 [root] INFO: Disabling sleep skipping.
2025-12-06 18:31:46,754 [root] DEBUG: 5064: YaraInit: Compiled rules loaded from existing file C:\tmpet5am7x7\data\yara\capemon.yac
2025-12-06 18:31:46,754 [root] DEBUG: 5064: YaraScan: Scanning 0x00500000, size 0x136e8
2025-12-06 18:31:46,754 [root] DEBUG: Error 5 (0x5) - AmsiDumper: Is CAPE agent running elevated? Initialisation failed: Access is denied.
2025-12-06 18:31:46,754 [root] DEBUG: 5064: Monitor initialised: 32-bit capemon loaded in process 5064 at 0x73630000, thread 5680, image base 0x500000, stack from 0x2974000-0x2980000
2025-12-06 18:31:46,754 [root] DEBUG: 5064: Commandline: "C:\Windows\System32\rundll32.exe" advpack.dll,RegisterOCX sysmon64.exe
2025-12-06 18:31:46,770 [root] DEBUG: 5064: GetAddressByYara: ModuleBase 0x77210000 FunctionName LdrpCallInitRoutine
2025-12-06 18:31:46,770 [root] DEBUG: 5064: hook_api: LdrpCallInitRoutine export address 0x77282A30 obtained via GetFunctionAddress
2025-12-06 18:31:46,770 [root] DEBUG: 5064: hook_api: Warning - CreateProcessA export address 0x76B74110 differs from GetProcAddress -> 0x726222A0 (AcLayers.DLL::0x222a0)
2025-12-06 18:31:46,770 [root] DEBUG: 5064: hook_api: Warning - CreateProcessW export address 0x76B588E0 differs from GetProcAddress -> 0x726224E0 (AcLayers.DLL::0x224e0)
2025-12-06 18:31:46,770 [root] DEBUG: 5064: hook_api: Warning - WinExec export address 0x76B9E1C0 differs from GetProcAddress -> 0x726227A0 (AcLayers.DLL::0x227a0)
2025-12-06 18:31:46,770 [root] DEBUG: 5064: hook_api: Warning - CreateRemoteThreadEx export address 0x76BD866C differs from GetProcAddress -> 0x770F7630 (KERNELBASE.dll::0x137630)
2025-12-06 18:31:46,770 [root] DEBUG: 5064: hook_api: Warning - CoCreateInstance export address 0x762B569D differs from GetProcAddress -> 0x769995D0 (combase.dll::0xd95d0)
2025-12-06 18:31:46,770 [root] DEBUG: 5064: hook_api: Warning - CoCreateInstanceEx export address 0x762B56DC differs from GetProcAddress -> 0x7697C540 (combase.dll::0xbc540)
2025-12-06 18:31:46,770 [root] DEBUG: 5064: hook_api: Warning - CoGetClassObject export address 0x762B5C6C differs from GetProcAddress -> 0x769651A0 (combase.dll::0xa51a0)
2025-12-06 18:31:46,770 [root] DEBUG: 5064: hook_api: Warning - UpdateProcThreadAttribute export address 0x76BDFFD2 differs from GetProcAddress -> 0x770C47B0 (KERNELBASE.dll::0x1047b0)
2025-12-06 18:31:46,770 [root] WARNING: b'Unable to place hook on GetCommandLineA'
2025-12-06 18:31:46,770 [root] DEBUG: 5064: set_hooks: Unable to hook GetCommandLineA
2025-12-06 18:31:46,770 [root] WARNING: b'Unable to place hook on GetCommandLineW'
2025-12-06 18:31:46,785 [root] DEBUG: 5064: set_hooks: Unable to hook GetCommandLineW
2025-12-06 18:31:46,785 [root] DEBUG: 5064: hook_api: Warning - CLSIDFromProgID export address 0x762B4ED6 differs from GetProcAddress -> 0x769316A0 (combase.dll::0x716a0)
2025-12-06 18:31:46,785 [root] DEBUG: 5064: hook_api: Warning - CLSIDFromProgIDEx export address 0x762B4F13 differs from GetProcAddress -> 0x76930500 (combase.dll::0x70500)
2025-12-06 18:31:46,785 [root] DEBUG: 5064: Hooked 611 out of 613 functions
2025-12-06 18:31:46,785 [root] DEBUG: 5064: Syscall hook installed, syscall logging level 1
2025-12-06 18:31:46,785 [root] DEBUG: 5064: WoW64fix: Windows version 10.0 not supported.
2025-12-06 18:31:46,785 [root] INFO: Loaded monitor into process with pid 5064
2025-12-06 18:31:46,785 [root] DEBUG: 5064: caller_dispatch: Added region at 0x00500000 to tracked regions list (ntdll::memcpy returns to 0x00505F1A, thread 5680).
2025-12-06 18:31:46,785 [root] DEBUG: 5064: YaraScan: Scanning 0x00500000, size 0x136e8
2025-12-06 18:31:46,785 [root] DEBUG: 5064: ProcessImageBase: Main module image at 0x00500000 unmodified (entropy change 0.000000e+00)
2025-12-06 18:31:46,785 [root] DEBUG: 5064: InstrumentationCallback: Added region at 0x76B40000 to tracked regions list (thread 5680).
2025-12-06 18:31:46,785 [root] DEBUG: 5064: DLL loaded at 0x74ED0000: C:\Windows\System32\VERSION (0x8000 bytes).
2025-12-06 18:31:46,785 [root] DEBUG: 5064: DLL loaded at 0x72550000: C:\Windows\System32\advpack (0x2e000 bytes).
2025-12-06 18:31:46,832 [root] DEBUG: 5064: DLL loaded at 0x74CE0000: C:\Windows\system32\uxtheme (0x74000 bytes).
2025-12-06 18:31:46,848 [root] DEBUG: 5064: DLL loaded at 0x76060000: C:\Windows\System32\MSCTF (0xd4000 bytes).
2025-12-06 18:31:46,848 [root] DEBUG: 5064: InstrumentationCallback: Added region at 0x76FC0000 to tracked regions list (thread 5680).
2025-12-06 18:31:46,848 [root] DEBUG: 5064: set_hooks_by_export_directory: Hooked 0 out of 613 functions
2025-12-06 18:31:46,848 [root] DEBUG: 5064: DLL loaded at 0x74EC0000: C:\Windows\SYSTEM32\kernel.appcore (0xf000 bytes).
2025-12-06 18:31:46,848 [root] DEBUG: 5064: DLL loaded at 0x75CF0000: C:\Windows\System32\bcryptPrimitives (0x5f000 bytes).
2025-12-06 18:31:46,848 [root] DEBUG: 5064: CreateProcessHandler: Injection info set for new process 3752: C:\folder-223205.iso\sysmon64.exe, ImageBase: 0x00000000
2025-12-06 18:31:46,863 [root] INFO: Announced 64-bit process name: sysmon64.exe pid: 3752
2025-12-06 18:31:46,863 [lib.api.process] INFO: Monitor config for <Process 3752 sysmon64.exe>: C:\tmpet5am7x7\dll\3752.ini
2025-12-06 18:31:46,863 [lib.api.process] INFO: 64-bit DLL to inject is C:\tmpet5am7x7\dll\IklxUPDo.dll, loader C:\tmpet5am7x7\bin\GFMSQHhy.exe
2025-12-06 18:31:46,863 [root] DEBUG: Loader: Injecting process 3752 (thread 2700) with C:\tmpet5am7x7\dll\IklxUPDo.dll.
2025-12-06 18:31:46,863 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.
2025-12-06 18:31:46,863 [root] DEBUG: Successfully injected DLL C:\tmpet5am7x7\dll\IklxUPDo.dll.
2025-12-06 18:31:46,863 [lib.api.process] INFO: Injected into 64-bit <Process 3752 sysmon64.exe>
2025-12-06 18:31:46,863 [root] DEBUG: 5064: WriteMemoryHandler: shellcode at 0x02E2ED40 (size 0x11c0) injected into process 3752.
2025-12-06 18:31:46,863 [lib.common.results] INFO: Uploading file C:\jcVWCJPBR\CAPE\5064_36220114611570122025 to CAPE\00b594101a01c30b174b59e2c8e822e278de85357ff2480f8d3d3e75266401c1; Size is 4449; Max size: 100000000
2025-12-06 18:31:46,879 [root] DEBUG: 5064: DumpMemory: Payload successfully created: C:\jcVWCJPBR\CAPE\5064_36220114611570122025 (size 4449 bytes)
2025-12-06 18:31:46,879 [root] DEBUG: 5064: WriteMemoryHandler: Dumped injected code/data from buffer.
2025-12-06 18:31:46,879 [root] INFO: Announced 64-bit process name: sysmon64.exe pid: 3752
2025-12-06 18:31:46,879 [lib.api.process] INFO: Monitor config for <Process 3752 sysmon64.exe>: C:\tmpet5am7x7\dll\3752.ini
2025-12-06 18:31:46,879 [lib.api.process] INFO: 64-bit DLL to inject is C:\tmpet5am7x7\dll\IklxUPDo.dll, loader C:\tmpet5am7x7\bin\GFMSQHhy.exe
2025-12-06 18:31:46,879 [root] DEBUG: Loader: Injecting process 3752 (thread 2700) with C:\tmpet5am7x7\dll\IklxUPDo.dll.
2025-12-06 18:31:46,879 [root] DEBUG: InjectDllViaIAT: This image has already been patched.
2025-12-06 18:31:46,879 [root] DEBUG: Successfully injected DLL C:\tmpet5am7x7\dll\IklxUPDo.dll.
2025-12-06 18:31:46,879 [lib.api.process] INFO: Injected into 64-bit <Process 3752 sysmon64.exe>
2025-12-06 18:31:46,879 [root] INFO: Announced 64-bit process name: sysmon64.exe pid: 3752
2025-12-06 18:31:46,879 [lib.api.process] INFO: Monitor config for <Process 3752 sysmon64.exe>: C:\tmpet5am7x7\dll\3752.ini
2025-12-06 18:31:46,879 [lib.api.process] INFO: 64-bit DLL to inject is C:\tmpet5am7x7\dll\IklxUPDo.dll, loader C:\tmpet5am7x7\bin\GFMSQHhy.exe
2025-12-06 18:31:46,879 [root] DEBUG: Loader: Injecting process 3752 (thread 2700) with C:\tmpet5am7x7\dll\IklxUPDo.dll.
2025-12-06 18:31:46,879 [root] DEBUG: InjectDllViaIAT: This image has already been patched.
2025-12-06 18:31:46,879 [root] DEBUG: Successfully injected DLL C:\tmpet5am7x7\dll\IklxUPDo.dll.
2025-12-06 18:31:46,879 [lib.api.process] INFO: Injected into 64-bit <Process 3752 sysmon64.exe>
2025-12-06 18:31:46,895 [root] DEBUG: 3752: Python path set to 'C:\Python38'.
2025-12-06 18:31:46,895 [root] DEBUG: 3752: Dropped file limit defaulting to 100.
2025-12-06 18:31:46,895 [root] INFO: Disabling sleep skipping.
2025-12-06 18:31:46,895 [root] DEBUG: 3752: YaraInit: Compiled rules loaded from existing file C:\tmpet5am7x7\data\yara\capemon.yac
2025-12-06 18:31:46,895 [root] DEBUG: 3752: GetAddressByYara: ModuleBase 0x00007FF978DB0000 FunctionName RtlInsertInvertedFunctionTable
2025-12-06 18:31:46,910 [root] DEBUG: 3752: RtlInsertInvertedFunctionTable 0x00007FF978DC090E, LdrpInvertedFunctionTableSRWLock 0x00007FF978F1D510
2025-12-06 18:31:46,910 [root] DEBUG: 3752: YaraScan: Scanning 0x00007FF6FF260000, size 0x230db2
2025-12-06 18:31:46,910 [root] DEBUG: Error 5 (0x5) - AmsiDumper: Is CAPE agent running elevated? Initialisation failed: Access is denied.
2025-12-06 18:31:46,910 [root] DEBUG: 3752: Monitor initialised: 64-bit capemon loaded in process 3752 at 0x00007FF954F00000, thread 2700, image base 0x00007FF6FF260000, stack from 0x00000039FD4F5000-0x00000039FD500000
2025-12-06 18:31:46,910 [root] DEBUG: 3752: Commandline: sysmon64.exe /RegServer
2025-12-06 18:31:46,926 [root] DEBUG: 3752: hook_api: LdrpCallInitRoutine export address 0x00007FF978DC99BC obtained via GetFunctionAddress
2025-12-06 18:31:46,926 [root] DEBUG: 3752: hook_api: Warning - CoCreateInstance export address 0x00007FF9775F42CB differs from GetProcAddress -> 0x00007FF97782A420 (combase.dll::0x2a420)
2025-12-06 18:31:46,926 [root] DEBUG: 3752: hook_api: Warning - CoCreateInstanceEx export address 0x00007FF9775F430A differs from GetProcAddress -> 0x00007FF9778A4180 (combase.dll::0xa4180)
2025-12-06 18:31:46,926 [root] DEBUG: 3752: hook_api: Warning - CoGetClassObject export address 0x00007FF9775F489A differs from GetProcAddress -> 0x00007FF97782EB00 (combase.dll::0x2eb00)
2025-12-06 18:31:46,926 [root] DEBUG: 3752: hook_api: Warning - CLSIDFromProgID export address 0x00007FF9775F3B16 differs from GetProcAddress -> 0x00007FF9778A8570 (combase.dll::0xa8570)
2025-12-06 18:31:46,926 [root] DEBUG: 3752: hook_api: Warning - CLSIDFromProgIDEx export address 0x00007FF9775F3B53 differs from GetProcAddress -> 0x00007FF9778A8A40 (combase.dll::0xa8a40)
2025-12-06 18:31:46,926 [root] WARNING: b'Unable to place hook on LockResource'
2025-12-06 18:31:46,926 [root] DEBUG: 3752: set_hooks: Unable to hook LockResource
2025-12-06 18:31:46,942 [root] DEBUG: 3752: Hooked 605 out of 606 functions
2025-12-06 18:31:46,942 [root] DEBUG: 3752: Syscall hook installed, syscall logging level 1
2025-12-06 18:31:46,942 [root] INFO: Loaded monitor into process with pid 3752
2025-12-06 18:31:46,942 [root] DEBUG: 3752: caller_dispatch: Added region at 0x00007FF6FF260000 to tracked regions list (kernel32::LoadLibraryExW returns to 0x00007FF6FF388282, thread 2700).
2025-12-06 18:31:46,942 [root] DEBUG: 3752: YaraScan: Scanning 0x00007FF6FF260000, size 0x230db2
2025-12-06 18:31:46,957 [root] DEBUG: 3752: ProcessImageBase: Main module image at 0x00007FF6FF260000 unmodified (entropy change 0.000000e+00)
2025-12-06 18:31:46,957 [root] DEBUG: 3752: set_hooks_by_export_directory: Hooked 0 out of 606 functions
2025-12-06 18:31:46,957 [root] DEBUG: 3752: DLL loaded at 0x00007FF974360000: C:\Windows\SYSTEM32\kernel.appcore (0x12000 bytes).
2025-12-06 18:31:46,957 [root] DEBUG: 3752: DLL loaded at 0x00007FF976A00000: C:\Windows\System32\bcryptPrimitives (0x82000 bytes).
2025-12-06 18:31:46,957 [root] DEBUG: 3752: NtTerminateProcess hook: Attempting to dump process 3752
2025-12-06 18:31:46,957 [root] DEBUG: 3752: DoProcessDump: Skipping process dump as code is identical on disk.
2025-12-06 18:31:46,973 [root] INFO: Process with pid 3752 has terminated
2025-12-06 18:31:46,973 [root] DEBUG: 5064: NtTerminateProcess hook: Attempting to dump process 5064
2025-12-06 18:31:46,973 [root] DEBUG: 5064: DoProcessDump: Skipping process dump as code is identical on disk.
2025-12-06 18:31:46,973 [root] INFO: Process with pid 5064 has terminated
2025-12-06 18:31:46,973 [root] DEBUG: 552: NtTerminateProcess hook: Attempting to dump process 552
2025-12-06 18:31:46,973 [root] DEBUG: 552: DoProcessDump: Skipping process dump as code is identical on disk.
2025-12-06 18:31:46,973 [root] INFO: Process with pid 552 has terminated
2025-12-06 18:31:48,567 [root] DEBUG: 3592: DLL loaded at 0x00007FF977E40000: C:\Windows\System32\clbcatq (0xa9000 bytes).
2025-12-06 18:31:48,567 [root] DEBUG: 3592: DLL loaded at 0x00007FF96CE60000: C:\Windows\SYSTEM32\wbemcomn (0x90000 bytes).
2025-12-06 18:31:48,567 [root] DEBUG: 3592: DLL loaded at 0x00007FF96CEF0000: C:\Windows\system32\wbem\wbemprox (0x11000 bytes).
2025-12-06 18:31:48,582 [root] DEBUG: 3592: DLL loaded at 0x00007FF96C5D0000: C:\Windows\system32\wbem\wbemsvc (0x14000 bytes).
2025-12-06 18:31:48,582 [root] DEBUG: 3592: DLL loaded at 0x00007FF96C4A0000: C:\Windows\system32\wbem\fastprox (0x10b000 bytes).
2025-12-06 18:31:48,582 [root] DEBUG: 3592: DLL loaded at 0x00007FF96C430000: C:\Windows\SYSTEM32\amsi (0x1f000 bytes).
2025-12-06 18:31:48,598 [root] DEBUG: 3592: DLL loaded at 0x00007FF976390000: C:\Windows\SYSTEM32\USERENV (0x2e000 bytes).
2025-12-06 18:31:48,598 [root] DEBUG: 3592: DLL loaded at 0x00007FF9763D0000: C:\Windows\SYSTEM32\profapi (0x1f000 bytes).
2025-12-06 18:31:48,598 [root] DEBUG: 3592: DLL loaded at 0x00007FF96BE40000: C:\Program Files\Windows Defender\MpOav (0x44000 bytes).
2025-12-06 18:31:48,598 [root] DEBUG: 3592: DLL loaded at 0x00007FF96C3A0000: C:\Windows\system32\version (0xa000 bytes).
2025-12-06 18:31:48,645 [root] DEBUG: 3592: DLL loaded at 0x00007FF975DC0000: C:\Windows\SYSTEM32\CRYPTSP (0x18000 bytes).
2025-12-06 18:31:48,645 [root] DEBUG: 3592: DLL loaded at 0x00007FF9754F0000: C:\Windows\system32\rsaenh (0x34000 bytes).
2025-12-06 18:31:48,645 [root] DEBUG: 3592: DLL loaded at 0x00007FF975BD0000: C:\Windows\system32\mswsock (0x6a000 bytes).
2025-12-06 18:31:48,645 [root] DEBUG: 3592: DLL loaded at 0x00007FF96CDC0000: C:\Windows\System32\rasadhlp (0xa000 bytes).
2025-12-06 18:34:47,176 [root] INFO: Analysis timeout hit, terminating analysis
2025-12-06 18:34:47,176 [lib.api.process] INFO: Terminate event set for <Process 3592 sysmon64.exe>
2025-12-06 18:34:47,176 [root] DEBUG: 3592: Terminate Event: Attempting to dump process 3592
2025-12-06 18:34:47,176 [root] DEBUG: 3592: DoProcessDump: Skipping process dump as code is identical on disk.
2025-12-06 18:34:47,176 [root] DEBUG: 3592: Terminate Event: Current region empty
2025-12-06 18:34:47,176 [lib.api.process] INFO: Termination confirmed for <Process 3592 sysmon64.exe>
2025-12-06 18:34:47,176 [root] INFO: Terminate event set for process 3592
2025-12-06 18:34:47,176 [root] INFO: Created shutdown mutex
2025-12-06 18:34:47,176 [root] DEBUG: 3592: Terminate Event: CAPE shutdown complete for process 3592
2025-12-06 18:34:48,192 [root] INFO: Shutting down package
2025-12-06 18:34:48,192 [root] INFO: Stopping auxiliary modules
2025-12-06 18:34:48,192 [root] INFO: Stopping auxiliary module: Browser
2025-12-06 18:34:48,192 [root] INFO: Stopping auxiliary module: Curtain
2025-12-06 18:34:48,192 [modules.auxiliary.curtain] ERROR: Curtain - Error collecting PowerShell events - [Errno 13] Permission denied: 'C:\\curtain.log'
2025-12-06 18:34:48,192 [modules.auxiliary.curtain] ERROR: Curtain log file not found!
2025-12-06 18:34:48,192 [root] INFO: Stopping auxiliary module: End_noisy_tasks
2025-12-06 18:34:48,192 [root] INFO: Stopping auxiliary module: Evtx
2025-12-06 18:34:48,192 [modules.auxiliary.evtx] DEBUG: Adding C:/windows/Sysnative/winevt/Logs\Application.evtx to zip dump
2025-12-06 18:34:48,192 [root] WARNING: Cannot terminate auxiliary module Evtx: [Errno 13] Permission denied: 'C:/windows/Sysnative/winevt/Logs\\Application.evtx'
2025-12-06 18:34:48,192 [root] INFO: Stopping auxiliary module: Human
2025-12-06 18:34:48,363 [root] INFO: Stopping auxiliary module: Pre_script
2025-12-06 18:34:48,363 [root] INFO: Stopping auxiliary module: Screenshots
2025-12-06 18:34:48,535 [root] INFO: Stopping auxiliary module: Usage
2025-12-06 18:34:49,129 [root] INFO: Stopping auxiliary module: During_script
2025-12-06 18:34:49,129 [root] INFO: Finishing auxiliary modules
2025-12-06 18:34:49,129 [root] INFO: Shutting down pipe server and dumping dropped files
2025-12-06 18:34:49,129 [root] WARNING: Folder at path "C:\jcVWCJPBR\debugger" does not exist, skipping
2025-12-06 18:34:49,129 [root] WARNING: Folder at path "C:\jcVWCJPBR\tlsdump" does not exist, skipping
2025-12-06 18:34:49,129 [root] INFO: Analysis completed

Machine

Name	Label	Manager	Started On	Shutdown On
win10-64bit-tiny-2	win10-64bit-tiny-2	KVM	2025-12-08 15:46:53	2025-12-08 15:50:07

BumbleBee Config

Type	BumbleBee Config
Extracted From	sha256: 9f35ac95864daf736de1471babe756a11fedd297379892375689fd97c9322344 md5 0e0ab8f346dcf205639397928f854cae sha1 5d560a6e5d35bbe151d4ec8ce329f295443acce7 sha256 9f35ac95864daf736de1471babe756a11fedd297379892375689fd97c9322344 sha3_384 b860dbb4bf50a7e84f66d77d46c580ea8e853027cbb6a15797195cbdeb8612c91e4f0221fe391d6bed72982535ea5446 sha512 fc232e7e7d63aa8f018223cd92e8a980360b32afe82fecabac921fdbf7b1260893e32a28cd090ae8d17e562c8a08756a9e839e2666c18fb16a1f0812fb3d0a84
Botnet ID	444
Campaign ID	23.81.246.187:443

File Details

File Name	folder-223205.iso
File Type	ISO 9660 CD-ROM filesystem data ''
File Size	2306048 bytes
MD5	df34f23037c5dc05c2f03513928b4b97
SHA1	9b107dd8a2d34819bd94dfcc1bb65a0106a95660
SHA256	6483435f12ab4a0babe3abeda8511e1f00560f1e4482f30fa2ed32daf39c0be1 [VT] [MWDB] [Bazaar]
SHA3-384	2f5a8f535634ebb3f127ad81ace86ba188364e71a94f2cd44b3b735f6b19bebc6c46f4b3f62902f0c40ef5baaeb6a41b
CRC32	62807F6E
TLSH	T114B57C45A7A804E4DAB6C13CC9569607E7F2B8150370DBDF0AA84AFA0F237D11EBE754
Ssdeep	49152:5iCsh74TQUm5D0/pwphZ+byFW1igxwlqPGOg14:+2xlALay+LxO1O5
	File Strings BinGraph Vba2Graph

photo

MinghuaQu)

PARAMETERS

Downgraded-Bcc

aiKwZ

\$8H3

SECG curve over a 163 bit binary field

d2i_PKCS8PrivateKey_bio

A__[

AES256

LdrHotPatchRoutine

X509_CRL_add0_revoked

?49HoKC

no private key assigned

A^^[

no_comp

..\..\openssl-1.1.0f\crypto\err\err.c

.?AV?$clone_impl@U?$error_info_injector@Vlogic_error@std@@@exception_detail@boost@@@exception_detail@boost@@

X509_CERT_AUX

Subject Public Key Info:

UA-Media

open_console

List-Archive

id-GostR3410-94DH

api-ms-win-core-processthreads-l1-1-2

SetThreadpoolWait

mi-nz

pagerTelephoneNumber

SUVATAU

D$pA;

unsupported private key algorithm

GOST 28147-89 MAC

D3d$$

no section

new[]

u!!Bc

UVATAVAW

revocationDate

AES-128-ECB

priv:

sys$qiow error

unsupported key size

en-TT

L$HA+

generator:

@USVWATAUAVAWH

ECDHE-ECDSA-NULL-SHA

P-256

%04x -

CAPI_CTX_NEW

safeContentsBag

PKCS5_PBE_keyivgen

PRINTABLESTRING

+'+1+3+=+?+K+O+U+i+m+o+{+

@SWATAUAVAW

DSO support routines

GetTimeZoneInformation

united-states

%*sIndirect CRL

VWAVH

ENGINE_load_public_key

spanish-panama

SMIME-CAPS

dso already loaded

ec_GFp_nist_group_set_curve

OCSP_response_get1_basic

ec_wNAF_precompute_mult

CONNECT

t*D83t%

set-brand-Visa

PKCS12_key_gen_asc

mn-MN

@A_A^A]A\^

.?AV?$func@Utimer_thread_function@win_iocp_io_context@detail@asio@boost@@@win_thread@detail@asio@boost@@

unknown object type

v2i_AUTHORITY_KEYID

__ptr64

`RTTI

D$`H+

compatible

\$XHc

FlsAlloc

Hcz$Lcb

e##F^

T$XI#

RSA-SHA512

L$ USVWAVAW

setct-CRLNotificationTBS

pkcs12 pbe crypt error

.?AVout_of_range@std@@

Curves

PKCS12_newpass

portuguese-brazilian

resolve

nb-no

\$ HcX H

BN_BLINDING_invert_ex

policyid

EE certificate key too weak

bad x509 filetype

extension exists

d.certificate

wap-wsg-idm-ecid-wtls4

win32_joiner

ENGINE_ctrl_cmd_string

p.prime

ar-MA

api-ms-win-core-fibers-l1-1-1

serverhello tlsext

RSA_padding_add_PKCS1_OAEP_mgf1

Microsoft CSP Name

RRvM;;

X400-MTS-Identifier

LcD$@H

ri9V vdH

D+s$D+s D;

D$0E3

@SUVWATAUAVAWH

debug level (1=errors, 2=trace)

listen v6 only

id-pkix1-implicit-93

T$HH#

d.pwri

DSO failure

Incomplete-Copy

fi-fi

XA\_][

set-policy

invalidityDate

unknown alert type

api-ms-win-core-synch-l1-2-0

InitializeCriticalSectionAndSpinCount

Accept-Charset

Last-Modified

|$@I+

no signers

ru-RU

Received-SPF

3psC'dcG,

.?AUctype_base@std@@

protocol error

MapViewOfFile

Bc!! 0

sect409r1

could not set time

>.u/Hc

9\$ u

d$Px]L

australian

d2i_AutoPrivateKey

value.bag

2dV2:tN:

bad pad byte count

X509_ATTRIBUTE_create_by_OBJ

CA Repository

%%Jo..\r

uz-uz-latn

pbeWithMD5AndDES-CBC

dsaWithSHA

11eU%

D$PHk

AES-192-CFB

Not Before:

ecdsa-with-SHA256

L$XB3

.?AV?$service_base@V?$resolver_service@Vtcp@ip@asio@boost@@@detail@asio@boost@@@detail@asio@boost@@

L$,E3

ar-OM

dso not found

t$ UWAVH

no shared signature algorithms

id-Gost28147-89-CryptoPro-C-ParamSet

-----END

holland

win32_pathbyaddr

gost-mac

signedAttrs

do_tcreate

Downgraded-From

slot full

noRevAvail

GOST89

DSA_meth_new

nsSslServerName

GENERAL_NAME

TS_VERIFY

"%-U^7

RSA-PSK-AES128-GCM-SHA256

TS_CONF_load_key

quz-bo

GetModuleHandleA

D$LD3

D$`+E

alg_section

Proxy-Features

L+Bp3

..\..\openssl-1.1.0f\crypto\rsa\rsa_ameth.c

serverAuth

D$hH3

H9t$ht

M3j L

L$ UVWATAUAVAWH

Validity

assertion failed: keylen <= sizeof key

dsa_builtin_paramgen

certs

indirectCRL

tlsv1 alert insufficient security

No matching DANE TLSA records

.rtc$IAA

UATAUAVAWH

GetUserNameW

smime text error

%02X%02X

CertFindCertificateInStore

DSA PRIVATE KEY

C H1C@H

..\..\openssl-1.1.0f\crypto\asn1\a_strnid.c

.?AVhttp_error_category@detail@http@beast@boost@@

id-smime-spq-ets-sqt-unotice

setct-CertReqData

PKCS12_parse

reqCert

gnames_from_sectname

digest_enc_alg

..\..\openssl-1.1.0f\crypto\asn1\x_pkey.c

, path=

..\..\openssl-1.1.0f\crypto\x509\x509_att.c

Content-Description

invalid ticket keys length

GetModuleHandleW

%)+/5;=CGIOSYaegkmq

BF-OFB

auth-dss

D$(Lc

L#f0I

XA_A^^[

en-BZ

3L$43L$

D:\Sources\boost_1_68_0\boost/beast/http/impl/verb.ipp

ZwWriteVirtualMemory

EVP_MD_CTX_copy_ex

encryption not supported for this key type

1"1'1:1C1X1`1e1k1p1u1{1

SUVWATAW

LAI)haL<|p

Downgraded-Sender

object identifier routines

SpLc@0

id-pda-countryOfResidence

engine is not in the list

spkac

PEM_ASN1_read

certificate revoked

add signer error

expecting private key blob

ATAVAWH

D:\Sources\boost_1_68_0\boost/beast/http/impl/read.ipp

RSA_padding_add_none

unsupported or invalid name constraint syntax

M9B@I

-----

EVP_MD_size

TS_CONF_load_cert

A^A]A\[]

sma-NO

PA^_[

setext-pinAny

ECDSA-Parameters

B H3A0I3

eckey_priv_decode

DSA_SIG_new

pkcs7-signedData

Wza]lw

chinese

ASN1_BIT_STRING_set_bit

invalid header

.idata$3

no space on device

no stack?

CMS_KeyAgreeRecipientInfo

0A\_^

I96t4H

(wMww

invalid sequence number

0iN>/

L$PF3

camellia-256-cmac

t$ WATAUAVAW

module_run

ssl_get_sign_pkey

(t$@H

HA3R D3

D3l$(D3

DSO_up_ref

ad_timestamping

Public-Key-Pins-Report-Only

@SWAT

d=%-2d hl=%ld l=%4ld

dsa_with_SHA224

SECG curve over a 239 bit binary field

invalid modifier

p\lHtW

reserved

InitOnceExecuteOnce

api-ms-win-core-localization-l1-2-1

api-ms-win-appmodel-runtime-l1-1-1

do_EC_KEY_print

CERTIFICATE REQUEST

hmacWithSHA256

spanish-modern

SSL_CTX_use_RSAPrivateKey

basicConstraints

Extension Request

signature algorithms error

T$PA+

no matching digest type found

Sec-WebSocket-Protocol

setAttr-Cert

mime-mhs

nref_nos

X509_ATTRIBUTE_create_by_NID

unsupported cipher

kn-in

CMS_add1_ReceiptRequest

unknown signature algorithm

AdjustTokenPrivileges

PSK-AES128-CCM

CMS_decrypt_set1_password

ECDHE

PKCS7_SIGNER_INFO

GetFileType

Specifies to continue even if version checking fails (boolean)

c2pnb272w1

Not enough space

nl-be

street

de-AT

p WATAUAVAWH

rsa_item_verify

A_A^A]_^][

error setting encrypted data type

id-smime-mod-ets-eSignature-88

id-cmc-queryPending

.?AV?$_Ref_count_obj@Usequence@chunk_size@detail@http@beast@boost@@@std@@

peer does not accept heartbeats

UVWATAUAVAW

EC_GROUP_copy

do_ssl3_write

%s:%s

0A_A]A\^]

setct-CredRevReqTBSX

camellia-256-cfb

PKCS7_ENC_CONTENT

sa-in

t/j@h

D$P+D$T

tls_construct_new_session_ticket

S/MIME email

DH_meth_set1_name

des-ede-ecb

Q0H)Z

SUVAUAV

8ausH

nbio connect error

ECDHE-PSK-CAMELLIA128-SHA256

ssl_get_prev_session

@USVWAVH

SUVWAVAW

SXNET_get_id_asc

unsigned __int64 __cdecl boost::beast::read_size_or_throw<class boost::beast::basic_flat_buffer<class std::allocator<char> >>(class boost::beast::basic_flat_buffer<class std::allocator<char> > &,unsigned __int64)

D9u0u

D98Ht;H

algorithm

otherCertFormat

..\..\openssl-1.1.0f\ssl\record\rec_layer_d1.c

l$HHc

SetFilePointer

CAMELLIA-128-OFB

H9L$@v"H

3EtA#

HA_A^_^][

X9.62/SECG curve over a 256 bit prime field

t$8L9u@uT

.?AVresolver_service_base@detail@asio@boost@@

L9`8tA

SHGetSpecialFolderPathA

Adds a directory from which ENGINEs can be loaded

wap-wsg-idm-ecid-wtls9

..\..\openssl-1.1.0f\crypto\x509v3\v3_bcons.c

kernel32.dll

msCTLSign

valid

Not a directory

en-CA

NIST/SECG curve over a 163 bit binary field

Type Descriptor'

d2i_SSL_SESSION

ml-in

length mismatch

Proxy-Authenticate

D$8eV

D$0H3

.?AV?$typeid_wrapper@V?$resolver_service@Vtcp@ip@asio@boost@@@detail@asio@boost@@@detail@asio@boost@@

nsCertType

H9s(u

tPHcT$DL

pilotObjectClass

A..\..\openssl-1.1.0f\crypto\lhash\lhash.c

ec_GFp_mont_field_decode

DHE-DSS-AES256-SHA

list error

A03>A|

tB9kXu=H

tls_construct_cke_psk_preamble

J,A3J,A#

CMS_PasswordRecipientInfo

secp224r1

X509_SIG

format error in certificate's notBefore field

ssl_cert_new

hexsalt

D$`Lc

bio not set

t$`I;

secp128r2

T$8E3

Specifies the path to the new ENGINE shared library

`3QbE

D$8QZ^&

uVH9t$`t+H

D$8A;

SSL alert number

no lock available

l$PH;w t

L(;A:

processing

chunked

pubkey export length error

dl_unload

ar-sy

@WATAUAVAW

wap-wsg-idm-ecid-wtls12

setct-BatchAdminReqTBE

+h->|

@WATAW

personalTitle

T$TA#

H9D$pw[H

d.uniformResourceIdentifier

D$@L3

Signing Tool of Subject

L9Y u

AESGCM

ssl_scan_serverhello_tlsext

~=zG=d

.text$mn$00

..\..\openssl-1.1.0f\ssl\ssl_asn1.c

unknown ssl version

nl-NL

JXA3JXA#

Unspecified

L$ UVWATAUAVAW

pilotOrganization

kx-ecdhe-psk

GOST R 34.10-2001

VWAUAVAW

dtls1_buffer_record

H3D$XI

da-dk

uGH;;uBD:K

malloc failure

dNSDomain

MERGE

ApHcP

setext-cv

status expired

no renegotiation

D$(A+E

uninitialized

GetCommandLineA

A2VPD

3EpA#

Month number is out of range 1..12

H9o0t

ec_GFp_simple_set_compressed_coordinates

BIO_nwrite0

EDH-RSA-DES-CBC3-SHA

H5gRR-

SXNET_add_id_INTEGER

.?AV?$_Iosb@H@std@@

DeleteCriticalSection

es-VE

hr-ba

D W?{W

PEM_read_DHparams

id-smime-aa-ets-signerLocation

mt-MT

t$(E3

D$XE+

Title

content_type

debug_file

asn1_d2i_read_bio

CL$h3

account

fo-fo

|$`CI

EC_POINT_get_affine_coordinates_GF2m

NtReadVirtualMemory

t$ AWH

t3D9Y

`udt returning'

no operation set

DHE-PSK-AES256-CBC-SHA384

OpenSSL

BIO_write

ssl session id too long

unsupported encryption

crlNumber

No locks available

t1HcWXL

NtAllocateVirtualMemory

GetProfile

value.sdsicert

ssl3_generate_key_block

SSL_use_certificate

.pdata

secp112r2

\wab.exe

SetUnhandledExceptionFilter

de-lu

.?AV?$timer_queue@U?$time_traits@Vptime@posix_time@boost@@@asio@boost@@@detail@asio@boost@@

store_name

PSPECIFIED

X400-Originator

..\..\openssl-1.1.0f\crypto\bn\bn_exp.c

hong-kong

6666666666666666jjjjjjjjjjjjjjjj"

X-Device-Accept-Language

prime239v3

id-smime-spq-ets-sqt-uri

order

Element not found

Content-Disposition

pbeWithMD5AndRC2-CBC

8uucH

=A>s>y>

..\..\openssl-1.1.0f\crypto\dsa\dsa_ameth.c

da-DK

E0Lcx

.?AU?$error_info_injector@Vout_of_range@std@@@exception_detail@boost@@

T$PI+

UI_dup_input_string

CreateSemaphoreExW

D$HH1

sslclient

tls1_set_server_sigalgs

status_request_v2

host unreachable

A84.u

A8;B8u

camellia-192-ofb

id-GostR3410-2001-CryptoPro-C-ParamSet

..\..\openssl-1.1.0f\crypto\rsa\rsa_ossl.c

ECPKPARAMETERS

ASIdOrRange

@SVWATAUAV

Meter

%lu:%s:%s:%d:%s

Modulus:

unknown message digest

IDEA-CFB

TLSv1.2

cryptopro

openssl_conf

uzKs@>

void __cdecl boost::beast::http::message<1,struct boost::beast::http::basic_string_body<char,struct std::char_traits<char>,class std::allocator<char> >,class boost::beast::http::basic_fields<class std::allocator<char> > >::prepare_payload(struct std::integral_constant<bool,1>)

unsupported type

SXNET

D$8L9

.?AV_Iostream_error_category@std@@

I#K0H

nomask

capi_list_providers

PKCS7_ISSUER_AND_SERIAL

Set objShell = CreateObject("Wscript.Shell")

invalid section

assertion failed: ctx->num_untrusted <= num

@A_A^A\_^[]

l$xM#

X509v3 Policy Constraints

OPTIONS

JLA3JLA#

D$0H;

tlsv1 alert access denied

responses

Cookie2

VirtualAlloc

t$ A;

asn1 parse error

Hostname mismatch

setct-CapRevReqTBEX

CAPI_OPEN_STORE

|$TH9p

grasshopper-ctr

CertOpenStore

IP address mismatch

FDA~i

DTLSv1.2

excluded

assertion failed: ((long)msg_hdr->msg_len) > 0

..\..\openssl-1.1.0f\crypto\ec\ecdh_ossl.c

SRTP_AEAD_AES_256_GCM

%UUUU3

CryptoAPI DSA method

C q'O

@SATAUAW

OwHGTn^.

;!;#;-;9;E;S;Y;_;q;{;

Content-ID

first num too large

parse_tagging

permittedSubtrees

lastUpdate

auth-srp

<0|S<9

*laM-\SO

sha256WithRSAEncryption

NAN(IND)

ssl3_write_bytes

ipsecUser

already loaded

Disposition-Notification-To

fr-FR

0123456789abcdefghijklmnopqrstuvwxyz

NCONF_new

3L$,E

QSeA~

H3D$XH

uiD9~

A_A^A]A\_^][

getsockname truncated address

?*u:H

`vector deleting destructor'

fD91u

L$0H;

H9_(H

H;n t

OCSP_RESPDATA

J4A3J4A#

BC?>6t9^

..\..\openssl-1.1.0f\crypto\asn1\a_gentm.c

ec_GFp_nistp224_points_mul

old_rsa_priv_decode

pkey_ec_sign

i~wKVA\

xFD9#A

responseStatus

..\..\openssl-1.1.0f\crypto\ec\ec_print.c

policy path length

Different CRL scope

80tWD

DHparams_print_fp

dane tlsa bad certificate

extendedCertificateAttributes

localKeyID

assertion failed: *sbuffer != NULL || buffer != NULL

D3|$0A3

BIO_nwrite

organizationName

.?AVfailure@ios_base@std@@

subjectDirectoryAttributes

?H33H

tlsv1 alert record overflow

ess add signing cert error

tls_process_certificate_request

D9cpt

integer not ascii format

.?AV_com_error@@

u.addressRange

capwapAC

..\..\openssl-1.1.0f\ssl\d1_msg.c

version too low

t,D9p

sslv3 alert certificate expired

.?AV?$deadline_timer_service@U?$time_traits@Vptime@posix_time@boost@@@asio@boost@@@detail@asio@boost@@

id-smime-ct-DVCSResponseData

E-mail Protection

TS_RESP_CTX_new

bad line ending

d$(E3

spanish-mexican

T$PH1

S/MIME

T$DA3

aes-128-ecb

OCSP routines

..\..\openssl-1.1.0f\crypto\evp\bio_enc.c

assertion failed: ctx->buf_len <= (int)sizeof(ctx->buf)

NCONF_get_number_e

v2i_issuer_alt

SRP-RSA-AES-128-CBC-SHA

EC_POINT_set_affine_coordinates_GF2m

userCertificate

Downgraded-Mail-From

SSL_add_file_cert_subjects_to_stack

compute_key

bV}TS

PROXY_POLICY

issuerAltName

dhpublicnumber

%*spriv:

TS_TST_INFO_set_policy_id

bad dh value

PA_A^A]A\_^]

api-ms-win-core-string-l1-1-0

SSL_use_PrivateKey_ASN1

invalid number

WTLS curve over a 113 bit binary field

too many symbolic link levels

wrap mode not allowed

D9{\u

RSA_padding_check_PKCS1_type_2

0123456789ABCDEF

null before block missing

SetProfile

it-IT

..\..\openssl-1.1.0f\crypto\asn1\t_pkey.c

u.addressesOrRanges

ffffff

unwrap failure

X509_PURPOSE_set

\$PL9&u

NETSCAPE_CERT_SEQUENCE

wap-wsg-idm-ecid-wtls10

@SVWH

ar-BH

value.x509cert

ASN1_d2i_fp

,value:

AuthSRP

L$@F3

t$ AVH

record too small

entiA

t$(I;

snmpv2

D9~ u=L

otherCert

assertion failed: ssl_digest_methods[SSL_MD_SHA1_IDX] != NULL

fips_mode

delete

token present

MMHS-Subject-Indicator-Codes

DIR_LOAD

GOST 28147-89 Cryptocom ParamSet

Any Purpose

minimum

End of file

SUVATAVAW

common libcrypto routines

Require-Recipient-Valid-Since

uint32_c2i

de-DE

filename too long

L$ SUVWH

length

o&1m&

id-aes128-wrap-pad

brainpoolP192t1

\$ WH

T$PH+

camellia192

|$PH9

assertion failed: num > i && i > 0 && ss == 0

GetFileInformationByHandleEx

d2i_ASN1_UINTEGER

se-fi

A^A\_^][

..\..\openssl-1.1.0f\crypto\dso\dso_lib.c

aes-128-cfb1

not a socket

setct-AuthRevResTBS

stCD;

w``u N

content type not compressed data

en-gb

SECG curve over a 193 bit binary field

D$hD;

rsa_algor_to_md

EVP_PKEY_derive_init

CAMELLIA-128-CFB1

@UATAW

ms-MY

..\..\openssl-1.1.0f\crypto\ec\ec_key.c

seed-cbc

`vector destructor iterator'

.CRT$XIC

.?AV?$typeid_wrapper@V?$deadline_timer_service@U?$time_traits@Vptime@posix_time@boost@@@asio@boost@@@detail@asio@boost@@@detail@asio@boost@@

aes-128-cbc-hmac-sha256

uvD9c0upH

PEM_read_bio

invalid multiple rdns

camellia-128-ctr

no stream resources

PEM_write_PrivateKey

JTA3JTA#

pA^_^][

fa-IR

unable to find certificate

CTLOG_STORE_new

extended master secret

ENGINE_finish

S11b?

D$PH+

@.rsrc

EC_KEY_print_fp

|$PH;

command takes no input

D$XE3

VerifyCAPath

..\..\openssl-1.1.0f\crypto\x509v3\v3_alt.c

%s%lu (%s0x%lx)

BaseThreadInitThunk

X509_EXTENSION_create_by_NID

unused

id-tc26-agreement

|$8Hc

Content-Identifier

value.named_curve

invalid x931 digest

certificate verify error

Downgraded-Resent-Reply-To

NtSetInformationProcess

Original-Recipient

Permission denied

kGOST

..\..\openssl-1.1.0f\crypto\ec\eck_prn.c

t$ AV

d.digestedData

message imprint mismatch

D#D)D;D?DEDKDQDSDYDeDoD

ar-LY

X9.62 curve over a 191 bit binary field

Netscape Certificate Extension

setct-PCertResTBS

distpoint

BIO_puts

..\..\openssl-1.1.0f\crypto\x509v3\v3_asid.c

IPSec/IKE/Oakley curve #3 over a 155 bit binary field.

:u,f9Q

A\^][

L$0L+

BFUa.X

invalid purpose

error getting friendly name

sha224WithRSAEncryption

setCext-TokenType

H9k(u

privateKey

H9D$Ps

t0H9x

l$ VATAW

Service already exists.

rc5_ctrl

asn1_item_embed_new

|$ AVH

(A^_^]

subjectAltName

RSA_padding_add_PKCS1_PSS

D<H0D

?7zQ6$

wrong type

PKCS12_gen_mac

privilegeWithdrawn

Verify error:

H9k u

D:\Sources\boost_1_68_0\boost/beast/core/impl/static_string.ipp

id-tc26-algorithms

cms_get0_econtent_type

PKCS12_create

ecdh_cms_decrypt

..\..\openssl-1.1.0f\crypto\ct\ct_vfy.c

SSL_CTX_use_PrivateKey

prime192v1

Private-Key: (%d bit)

..\..\openssl-1.1.0f\crypto\bn\bn_mod.c

SSL_CTX_set_ct_validation_callback

@SVAUAVAWH

dnQualifier

ecp_nistz256_pre_comp_new

dh-cofactor-kdf

@pHcH

ENGINE_by_id

Listing containers CSP=%s, type = %d

srtp protection profile list too long

\$0L9

IND)ind)M

invalid or inconsistent certificate policy extension

buffer too small

unable to verify the first certificate

ar-EG

aes-192-cfb

unsupported protocol

t$xH+

PKCS5_pbe_set

..\..\openssl-1.1.0f\ssl\ssl_cert.c

id-tc26-hmac-gost-3411-2012-512

t:HcW

CertFreeCertificateContext

o2i_SCT_LIST

Content-Encoding

setct-AuthRevResBaggage

A_A^A]A\_^[]

id-cmc-identification

id-smime-ct-authEnvelopedData

..\..\openssl-1.1.0f\crypto\evp\p5_crpt2.c

CAMELLIA-256-CMAC

PKCS12

dinfo

inconsistent extms

L9q8t

RSA-MD5

VirtualQueryEx

no parameters set

"H)D$`E

RSA-MD2

""Df**T~

.gfids$y

XA_A^_]

invalid asrange

8A^_^[

unstructuredName

LcC 3

ENGINE_get_prev

cms_EnvelopedData_init_bio

UVWAVAW

Time Stamp signing

H9_Pu

gost89

PBE-MD5-RC2-64

X509v3 Any Policy

id-tc26-cipher

Eesst-Version

Reasons

rc2-ecb

Protocol

cms_get0_enveloped

Signing KDC Response

RSA_OAEP_PARAMS

cipher not initialized

md2WithRSAEncryption

unsupported label source

name too long

$Cw!R

value.parameters

PKCS12_MAC_DATA

tNLcd$0D;

ZUINT64

..\..\openssl-1.1.0f\crypto\cms\cms_env.c

Certificate Transparency required, but no valid SCTs found

openssl.cnf

)I3D)

..\..\openssl-1.1.0f\crypto\rsa\rsa_none.c

bad length

application verification failure

..\..\openssl-1.1.0f\crypto\cms\cms_pwri.c

dl_load

Filename too long

invalid srp username

aes-256-cbc-hmac-sha1

RtlAnsiStringToUnicodeString

the asn1 object identifier is not known for this md

PPxD<<%

SMIME_text

be-by

B8|09

Thread32First

(t$0H

B(I9A(

RC2-CFB

ot$ H

6#6165676;6M6O6S6Y6a6k6m6

Lc}oA

invalid extension string

sect239k1

D)d$0

sect113r1

|$P93~1

D$8H+|$HH

A_A^A]A\_^[

directory not empty

PBMAC1

PA]A\^][

GetSystemTimePreciseAsFileTime

fD96u

id-mod-ocsp

fD90t

se-SE

detached content

..\..\openssl-1.1.0f\crypto\pem\pem_info.c

unknown ttyget errno value

WriteFile

ESS_add_signing_cert

Expression:

D$(H1

@A^_^][

PEM_get_EVP_CIPHER_INFO

setct-CapRevReqTBSX

D84;u

Basis Type: %s

C>TQ

Netscape SSL Server Name

Invalidity Date

DSA_print_fp

NULL-SHA256

_is_double

BLAKE2s256

tlsv1 alert unknown ca

no_ticket

#ETHw

sr-ba-cyrl

es-ec

WS2_32.dll

ocsp_check_delegated

no content type

ProcessStartupInformation

unsupported field

failed to swap context

ec group new by name failure

SYSMON64.EXE

qcStatements

t$0E3

..\..\openssl-1.1.0f\crypto\objects\obj_xref.c

DH Private-Key

no key or cert

bmpstring is wrong length

ATAUAVAW

!!!!!!!!!!!!

jMG\^

network unreachable

L$PH;

D$$D;

s2i_skey_id

.?AVlogic_error@std@@

(Unicast/Multicast)

Domain error

RSA_print_fp

H9oHus

need one signer

X509V3_parse_list

@SUVWAUAV

3l$$#

text file busy

inconsistent header

gost89-ecb

_oD>Kg

fatal

south-africa

Cancel-Lock

EVP_DecryptFinal_ex

void __cdecl boost::beast::buffers_cat_view<class boost::beast::detail::buffers_ref<class boost::beast::buffers_cat_view<class boost::asio::const_buffer,class boost::asio::const_buffer,class boost::asio::const_buffer,class boost::beast::http::basic_fields<class std::allocator<char> >::writer::field_range,struct boost::beast::http::chunk_crlf> >,class boost::beast::http::detail::chunk_size,class boost::asio::const_buffer,struct boost::beast::http::chunk_crlf,class boost::asio::const_buffer,struct boost::beast::http::chunk_crlf>::const_iterator::increment(const struct std::integral_constant<unsigned __int64,6> &)

cannot find config variable

hexinfo

B*k@5

illegal byte sequence

X509_REVOKED

CRL has expired

ZwReadVirtualMemory

(D$`H

sslv3 alert certificate unknown

l$@H;

DHE-RSA-CHACHA20-POLY1305

ssl3_do_change_cipher_spec

t?D9

ssl session id conflict

s WAVAWH

UA-Color

BF>^G

AECDH-AES256-SHA

tls_process_finished

unsupported ssl version

Accept-Post

tI@8{:t

SSL server

spanish-peru

responderId

|$8t&

E8<$t+H

.?AV?$clone_impl@U?$error_info_injector@Vservice_already_exists@asio@boost@@@exception_detail@boost@@@exception_detail@boost@@

@UATH

at least (D)TLS 1.2 needed in Suite B mode

SSL_set_rfd

mr-IN

E0HcH

L$0)y

characters

NtTerminateProcess

GetOEMCP

lv-LV

H;|$H

xA^A]_^[]

spanish-ecuador

tls_post_process_client_key_exchange

OCSP Service Locator

D;l$8

H9D$(

RSA_padding_check_PKCS1_OAEP_mgf1

illegal scrypt parameters

wscript.exe

X509v3 Subject Key Identifier

UNDEF

PSK-AES256-CBC-SHA384

SSL_load_client_CA_file

\CKK1Kbz

invalid serverinfo data

H;C H

EVP_PKEY_paramgen

r<w4A

CipherString

@A_A^A\^[

H3A I3

fB9<@u

CMS_OriginatorInfo

kECDHE

.CRT$XCZ

G4M4Z4x4

invalid peer key

no valid scts

old_ec_priv_decode

L$ SH

DES-EDE3-CFB1

norwegian-nynorsk

v2i_TLS_FEATURE

GOST R 34.10-2012 (512 bit) ParamSet A

ee key too small

gost2001cc

CAMELLIA-192-CTR

rsaesOaep

parameters

Microsoft Commercial Code Signing

token not present

|$PeH

invalid salt length

C8<(u

contentEncryptionAlgorithm

zh-SG

.idata$4

MMHS-Acp127-Message-Identifier

subjectUID

Software engine support

\$4A3

d.signedData

DSA_do_verify

X509_ATTRIBUTE

invalid shift

XA_A^A\_^]

id-GostR3411-94-TestParamSet

.CRT$XLA

id-alg-dh-sig-hmac-sha1

UI_process

{zel#|67

odd number of chars

nonce not returned

en-zw

0123456789.:abcdefABCDEF

businessCategory

UINT64

GetFullPathNameW

t(9(~

illegal options on item template

d$`E3

A(H9F0uH

do_b2i

@UWATAUAVAW

mstring not universal

PKCS7_SIGNER_INFO_set

NtCreateThreadEx

vparams

d.authenticatedData

KxECDHE-PSK

MM)MRd

!_is_double

a2d_ASN1_OBJECT

sl-SI

NAN(SNAN)

..\..\openssl-1.1.0f\crypto\x509v3\v3_pmaps.c

#JJ5Jj

sys$assign error

%*sOnly User Certificates

A@@@@@@@@@

<E<P<W<a<q<x<

Acceptable OCSP Responses

sct invalid signature

smn-fi

PKCS12_verify_mac

hmacWithSHA1

$H3<$L3

D8t$Ht

crlsign

no config database

POLICYINFO

assertion failed: len <= SSL3_RT_MAX_PLAIN_LENGTH

list_csps

id-PasswordBasedMAC

maximum

set-msgExt

value=

id-aes192-wrap

es-pa

MMHS-Handling-Instructions

setct-AuthTokenTBE

tkfff

unsupported entry type

Zod(^?

|$0s-

es-PR

BN_mod_exp_simple

CAPI_CTRL

key_enc_algor

C-PEP

A\_^

fD9<Au

Whether to add a loaded ENGINE to the internal list (0=no,1=yes,2=mandatory)

id-cct

u3HcH<H

DSO_get_filename

getuserkey error

\$0I;

bad password read

AES128-SHA

NIST CURVE: %s

OBJ lib

api-ms-win-core-winrt-l1-1-0

<pqA1

pA_A^_[]

en-au

unexpected record

D$hI3

WAVAWH

AuthNULL

n]?iJ

id-GostR3410-2001-CryptoPro-XchB-ParamSet

$)$=$A$C$M$_$g$k$y$}$

SMIME_read_ASN1

DTLSv1

Position

H;J(u

set-brand-Novus

read timeout expired

OPENSSL_init_crypto

D$`H;C(u

UVWAUAVH

unknown group

MessageBoxA

;0123456789ABCDEF

D$lA+

RC2-40-CBC

sect163r1

L$(A3

coordinates out of range

PP@981

CMS_IssuerAndSerialNumber

@@@@@@@@!!!!

Destination

des-ede3-cbc

HcE@H

invalid scrypt parameters

X9_62_CHARACTERISTIC_TWO

ADH-AES256-SHA256

@USVH

UTF-8

mutex

value.byName

id-cmc-getCert

u)h$s

oMinghuaQu

L$ SUVWAUAW

X509_CRL_diff

A^A]_^[

D$8L3

PA_A^A\_^][

brainpoolP256r1

.%.-.3.7.9.?.W.[.o.y.

ssl session id has bad length

cookie gen callback failure

not initialised

SSL_CTX_set_ssl_version

Extension

seeAlso

.?AVexception@std@@

IMPLICIT

setct-BCIDistributionTBS

holdInstructionCode

ssl3_check_cert_and_algorithm

A_A^A]A\

invalid digit

holdInstructionNone

|$ ATAVAW

sdsiCertificate

|$@Hc

CreateFileMappingA

D$`H9D$

X509v3 Extended Key Usage

&&Lj66lZ??~A

A H;A

X509v3 Certificate Issuer

id-tc26-sign

C-Man

id-on-personalData

LcD$8H

"Df"*T~*

CT$PH

\$8M3

JhA3JhA#

class boost::basic_string_view<char,struct std::char_traits<char> > __cdecl boost::beast::http::detail::verb_to_string<void>(enum boost::beast::http::verb)

ASN1_GENERALIZEDTIME

fD9 tMH

L$0A3

id-characteristic-two-basis

AuthECDSA

N3`d?

T$0H9F

iA5StringSyntax

ECDHE-ECDSA-AES128-SHA256

A_A^A]A\^[

exponent2:

id-aes128-CCM

OCSP_CERTSTATUS

x%Jo%.\r.

EC_GROUP_check_discriminant

obwQ4

.pp@0

id-smime-cti-ets-proofOfDelivery

ssl negative length

GOST R 34.11-94 with GOST R 34.10-2001 Cryptocom

GENERAL_SUBTREE

subgroup order:

SVATAW

unexpected eoc

ChD9{`t

EVP_PKEY_verify

policyConstraints

reading strings

ZLONG

.rsrc

..\..\openssl-1.1.0f\crypto\evp\e_aes.c

CAMELLIA-128-CTR

tls_construct_cke_gost

l$@E3

id-qcs-pkixQCSyntax-v1

compression failure

SSL_set_cipher_list

AES-256-CFB

DH_meth_new

camellia-256-ctr

ENGINE_add

BH@H+

english-trinidad y tobago

custom ext handler already installed

A4x{%`

-Command "Wait-Process -Id

BIO_read

certificate chain too long

class boost::asio::const_buffer __cdecl boost::beast::buffers_cat_view<class boost::beast::http::detail::chunk_size,class boost::asio::const_buffer,struct boost::beast::http::chunk_crlf,class boost::asio::const_buffer,struct boost::beast::http::chunk_crlf,class boost::asio::const_buffer,class boost::asio::const_buffer,struct boost::beast::http::chunk_crlf>::const_iterator::dereference(const struct std::integral_constant<unsigned __int64,8> &) const

XA_A\][

unauthAttrs

CAPI_CERT_GET_FNAME

A_A^A\^]

assertion failed: EVP_CIPHER_CTX_iv_length(ctx) <= (int)sizeof(ctx->iv)

@UATAUAVH

AES128-CCM8

digest

RFC 5639 curve over a 192 bit prime field

VWATAUAVAWL

HcD$0

RSA_sign_ASN1_OCTET_STRING

BIO_ADDR_new

%*sX25519 Public-Key:

SECG curve over a 224 bit prime field

ENGINE_new

e8A_A^A]A\_^[]

hu-hu

string too long

zlib inflate error

mr"iR

Discarded-X400-IPMS-Extensions

LL-LZa

id-smime-cd

l$XE3

H9\$0

recipientInfos

p AWH

id-smime-alg-CMSRC2wrap

fJBGo

|$0H9Y

ADH-AES128-SHA256

data too small for key size

A>l$/

D3$$A

RC5-OFB

id-regInfo-certReq

invalid cmd name

assertion failed: ctx->buf_off <= (int)sizeof(ctx->buf)

set-brand-AmericanExpress

T$,A3

^<V7w

VWATAVAWH

Netscape Revocation Url

public key decode error

`eh vector vbase copy constructor iterator'

,name:

MMHS-Originator-Reference

L$XE3

QueueUserAPC

pkInitClientAuth

addr_validate_path_internal

i2s_ASN1_INTEGER

id-regCtrl-regToken

%.14s.%03dZ

no private value

.?AV?$resolver_service@Vtcp@ip@asio@boost@@@detail@asio@boost@@

0A_A^A]^[

BN_GENCB_new

void __cdecl boost::beast::buffers_cat_view<class boost::beast::http::detail::chunk_size,class boost::asio::const_buffer,struct boost::beast::http::chunk_crlf,class boost::asio::const_buffer,struct boost::beast::http::chunk_crlf,class boost::asio::const_buffer,class boost::asio::const_buffer,struct boost::beast::http::chunk_crlf>::const_iterator::increment(const struct std::integral_constant<unsigned __int64,8> &)

"HcK H

unable to find public key parameters

pilotGroups

invalid ipaddress

`vcall'

OPENSSL_WIN32_UTF8

algorithm mismatch

setct-CapTokenTBEX

GetCurrentPackageId

nsCertExt

No space left on device

%s %2d %02d:%02d:%02d %d%s

id-smime-ct-TDTInfo

SSL_CTX_set_cipher_list

@UVATAV

t\lHBW

.rsrc$01

H!D$ E

,l`L(

CryptCreateHash

==zGdd

dITRedirect

pilotAttributeSyntax

it-ch

EVP_PKEY_verify_recover

Certificate store flags: 1 = system store

seed-ofb

prf-gostr3411-94

i2d_ECPKParameters

dl_merger

A_A\]

malformed host or service

dataEncipherment

sect233k1

POST

Reply-By

@A^_^[]

v1 (0x0)

546:6V6\6i6|6

L9d$8t5L

RSA-SHA

CMS_Receipt

associatedName

en-ph

unknown public key type

@UWATAVAW

u;{Gk

0A^_]

cert cb error

8A_A]][

group=

1!1'1-191C1E1K1]1a1g1m1s1

missing parameter

x500UniqueIdentifier

u%fE9Q t

CreateProcessA

Apply-To-Redirect-Ref

, <^v

L$xI3

ts_CONF_invalid

E'H9E

missing dek iv

Set list options (1=summary,2=friendly name, 4=full printout, 8=PEM output, 16=XXX, 32=private key info)

H9]@tH

GetUserObjectInformationW

A_A^A]A\_

..\..\openssl-1.1.0f\crypto\x509v3\v3_bitst.c

GOST R 34.10-2012 (512 bit) ParamSet B

invalid compression bit

ar-eg

read only file system

unable to get certificate CRL

JpA3JpA#

..\..\openssl-1.1.0f\crypto\asn1\a_int.c

.?AU?$error_info_injector@Vlength_error@std@@@exception_detail@boost@@

%*sPolicy:

Df""T~**;

no_tls1_1

salt length recovery failed

Access-Control-Allow-Origin

notice_section

A_A^A]A\^

A^^]

0000000000000000

excludedSubtrees

8luMH

different key types

HA^_^]

called a function you should not call

L9'u$

X9.62 curve over a 304 bit binary field

`managed vector constructor iterator'

Rich%

tC9(~*H

PA_A^A]A\^

sys$dassgn error

Specifies an ENGINE id name for loading

PKCS8_set0_pbe

PA^_]

error setting cipher

certificate store name, default "MY"

CMS_add1_signer

|$Xt1I

CMS_SignerInfo_verify_content

X25519

DSAparams_print

SEQUENCE

RSA_padding_add_X931

SHA512

Conversion-With-Loss

`vector vbase constructor iterator'

PEM_X509_INFO_write_bio

Error in encoding

SECG curve over a 113 bit binary field

legacy_server_connect

Microsoft Individual Code Signing

wrong content type

friendlyCountry

TS_RESP_CTX_set_accuracy

keyBag

.?AV?$func@Vwork_io_context_runner@resolver_service_base@detail@asio@boost@@@win_thread@detail@asio@boost@@

content verify error

advapi32

SSL_read

x AVHcA

AuthE

T$0Ak

aes-128-xts

Lct$XH

Referer

3l$,D

RSA_padding_check_SSLv23

bn_set_words

Hct$4H;

x509Certificate

PA_A^A\^[

D$`A+EHA

d$ E3

OCTWRAP

dhSinglePass-cofactorDH-sha384kdf-scheme

read_state_machine

invalid random_device value

\$ UVAT

PSK-NULL-SHA256

assertion failed: bl <= (int)sizeof(ctx->buf)

D$`9D$$

H9D$0uU:K

tlsv1 bad certificate status response

D$,A3

ECDHE-PSK-AES128-CBC-SHA

assertion failed: aor != NULL && min != NULL && max != NULL

aRecord

H9k t

id-smime-aa-ets-sigPolicyId

Sender

irish-english

es-cr

;:u"H

@SWAW

|$0Lc

objCA

camellia_init_key

c2pnb208w1

X509_EXTENSION

d.rfc822Name

kx-srp

ssl_add_clienthello_use_srtp_ext

Diffie-Hellman based MAC

rFC822localPart

too long

NtFreeVirtualMemory

tlsv1 alert inappropriate fallback

CMS_EncryptedData_encrypt

CIPHERS

unknown pbe algorithm

costParameter

id-smime-aa-ets-CertificateRefs

..\..\openssl-1.1.0f\crypto\asn1\a_bitstr.c

D9idt

lt-lt

ko-KR

dsa routines

Content-Location

OCSP_basic_sign

SUVWAT

DHE-DSS-CAMELLIA128-SHA

d.subjectKeyIdentifier

UA-Windowpixels

L$pE3

SetConsoleCtrlHandler

general_allocate_boolean

Bh;+j

nStf,a

t)@80t

Salt Length: 0x

no_ssl3

bn_to_asn1_string

d2i_PrivateKey

D$8H1

rc2-64

A_A^A]A\]

d2i_PublicKey

no such file or directory

A_A]A\^]

SUVATAUAV

%*sVersion: %ld (0x%lX)

registeredAddress

eckey_param_decode

l$ VWAV

\$0H9Y

wrong signature size

documentSeries

ec_GFp_mont_group_set_curve

Any language

..\..\openssl-1.1.0f\ssl\d1_srtp.c

not ascii format

hashAlgorithm

do_PVK_header

tls illegal exporter label

<?xml version='1.0' encoding='UTF-8' standalone='yes'?>

D8t$8t

private key encode error

2'2C2N2T2Z2

id-smime-mod-ess

digest and key type not supported

CryptDecrypt

OPENSSL_init

great britain

' ) - 3 G M Q _ c e i w }

ssl3_get_record

D$@H1C

|$xE3

cipher parameter initialisation error

POLICY_MAPPINGS

DOCUMENT.LNK

distinguishedName

ecdh_kdf_md

argument out of domain

bn-in

invalid argument

CreateWaitableTimerA

ur-PK

Can't Parse Certificate %d

El$PH

ssl_ctx_make_profiles

ASN1_generate_v3

PA_A]A\^]

fB94Ou

jurisdictionST

rsa_padding_mode

%*s<Not Supported>

unsupported any defined by type

A_A^_

BH H+

assertion failed: EVP_CIPHER_iv_length(enc) <= (int)sizeof(iv)

Verifying - %s

unknown control command

L$XD3T$

OCSP_basic_add1_status

invalid null pkcs12 pointer

fieldType

EC_GROUP_get_degree

..\..\openssl-1.1.0f\crypto\rsa\rsa_pmeth.c

.CRT$XCL

@SUVWATAU

simpleSecurityObject

GOST R 34.11-2012 with 512 bit hash

unknown verb

PKCS5_v2_PBE_keyivgen

ec_GF2m_simple_set_compressed_coordinates

supportedAlgorithms

LogonUserExW

A H9A

SSL routines

Management

A0^WI

invalid signed data type

D$(L9

camellia-256-ofb

LcL$@HcT$DH

!"\kN

content type not signed data

no protocol option

CreateProcessInternalW

sect571k1

%*s%s

id-GostR3410-94-CryptoPro-B-ParamSet

certId

RRRRRRRR

HcD$8H

SSL_use_psk_identity_hint

bad reciprocal

auth-null

base64 decode error

EVP_EncryptFinal_ex

=trF6,#

D$(M3

0A^_^[]

gost-mac-12

signing not supported for this key type

Resent-From

Microsoft Visual C++ Runtime Library

library bug

A]_^][

Lj[;>

L$XH=

MMHS-Primary-Precedence

.gfids$x

ssl_session_dup

id-smime-aa-mlExpandHistory

des-cbc

OBJ_NAME_new_index

english-us

DH Parameters

signing ctrl failure

l$xt8

id-smime-aa-ets-signerAttr

t$0Hc

H SVWH

NtMapViewOfSection

SVWAVAWH

ecdsa-with-SHA1

class boost::beast::http::basic_fields<class std::allocator<char> >::value_type &__cdecl boost::beast::http::basic_fields<class std::allocator<char> >::new_element(enum boost::beast::http::field,class boost::basic_string_view<char,struct std::char_traits<char> >,class boost::basic_string_view<char,struct std::char_traits<char> >)

null is wrong length

L$@u-H

IA5STRING

t$PHc

id-smime-cti

EC_POINT_set_affine_coordinates_GFp

ASYNC_init_thread

log conf invalid key

RC5-CFB

engine_list_add

producedAt

data too large

Generator (uncompressed):

Encrypted

hA_A]

C$E3C

CMS_RecipientInfo_ktri_cert_cmp

OCSP_RESPID

ssl3_write_pending

english-usa

BIO_listen

invalid compressed point

d.receiptList

GetSystemTimeAsFileTime

unknown bit string argument

n03>Pu

t$ UH

Injection-Info

bad e value

ExitThread

brainpoolP160r1

ECDHE-RSA-AES256-GCM-SHA384

spanish-bolivia

T$PE3

file_ctrl

random number generation failed

invalid length

MT-Priority

pqT3^-ZI

K~Je#>!

connection refused

C(H9E

documentTitle

..\..\openssl-1.1.0f\crypto\evp\p_sign.c

SSL CA

jurisdictionLocalityName

pA_A^_^]

ZwProtectVirtualMemory

List all certificates in store

t5LcF

cryptacquirecontext error

bad target

ar-dz

FlushFileBuffers

ASN1_GENERALSTRING

@UVWATAUAV

idea-ofb

.?AV?$basic_stringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@

a2i_ASN1_INTEGER

dsa_paramgen_bits

TS_RESP_set_tst_info

k u?I

s11bS

setct-AuthRevReqTBS

SEED-CBC

|$ ATAUAVAWH

in use

cryptocom

end of chunk

dtls1_preprocess_fragment

en-US

INVALID

D$\+E

D$HE3

smj-no

Netscape CA Policy Url

operation not supported on this type

t$8E3

PostQueuedCompletionStatus

bignum routines

\$@u\

secp256k1

%*sRejected Uses:

gfffAi

..\..\openssl-1.1.0f\crypto\hmac\hm_pmeth.c

@8|$PtP

..\..\openssl-1.1.0f\crypto\bn\bn_sqrt.c

Access-Control-Request-Method

H9x t!H

t$ H3

NEW CERTIFICATE REQUEST

invalid fips mode

StarBurn SDK

~[fff

CMS_EncryptedContentInfo

there must be one signer

\$`I+

Access-Control

asn1_string_get_uint64

..\..\openssl-1.1.0f\ssl\ssl_conf.c

CAPI_RSA_PRIV_ENC

subject issuer mismatch

@UVWAV

@UWATAW

H+L$pH

@SWATAW

BN_CTX_new

NETSCAPE_SPKI_b64_decode

L;R(u

t$03l$,A

T*_}x:

assertion failed: ctx != NULL || ext != NULL

X9_62_FIELDID

)t$`H

too many links

D$09D$

SNAN)

cy-gb

F8D9^0

nameAssigner

..\..\openssl-1.1.0f\crypto\ui\ui_lib.c

ssl_cert_dup

unsupported status type

.?AV?$service_base@V?$deadline_timer_service@U?$time_traits@Vptime@posix_time@boost@@@asio@boost@@@detail@asio@boost@@@detail@asio@boost@@

RSA-PSK-NULL-SHA

CAMELLIA-256-CBC

INTEGER

PKCS7_add_crl

ZwClose

ADVAPI32.dll

xi;=2

OCSP responder

sequence or set needs config

Want-Digest

itu-t

D$@H1

H3D$0I

audio

T6$:.

CRL is not yet valid

\Windows Mail\wab.exe

setct-PI-TBS

C E3C

key usage does not include CRL signing

value.safes

@UVWATAVAW

no load function

asn1_str2type

Secure Electronic Transactions

ASN1_item_pack

Derived-From

dane tlsa bad public key

es-PE

pvk data too short

function not supported

Proxy Certificate Information

PKCS7_add_certificate

ASN1_SET_ANY

PBE2PARAM

MKCALENDAR

assertion failed: b <= sizeof ctx->buf

AES128-SHA256

..\..\openssl-1.1.0f\crypto\asn1\asn_mstbl.c

vJH+

CMS_RecipientInfo_encrypt

no matching digest

3L$ D

l$HA_A^A]A\_^

secure memory buffer

id-tc26-sign-constants

Access violation - no RTTI data!

9l$PtH

ECPKParameters_print_fp

tls_process_ske_dhe

Certificate Hold

setct-AuthReqTBS

A_A^A\

ubfD9A

.?AV?$win_iocp_socket_service@Vtcp@ip@asio@boost@@@detail@asio@boost@@

GetCurrentProcessId

Key Compromise

iu+-,

;w }^

te-in

-g/:4

L$PHc

%s%04x - <SPACES/NULS>

d.sign

Dynamic engine loading support

`eh vector constructor iterator'

Lookup and output certificates

%s/%s

EC_POINTs_make_affine

idea-ecb

dtls1_check_timeout_num

wap-wsg-idm-ecid-wtls6

.?AV?$_Ref_count@V?$vector@V?$basic_resolver_entry@Vtcp@ip@asio@boost@@@ip@asio@boost@@V?$allocator@V?$basic_resolver_entry@Vtcp@ip@asio@boost@@@ip@asio@boost@@@std@@@std@@@std@@

tlsv1 alert no renegotiation

D$HM3

TS_VERIFY_CTX_new

H9D$XH

CrlID

assertion failed: ctx->buf_off + i < (int)sizeof(ctx->buf)

DH lib

HA_A]A\_^[

id-pda

d.iPAddress

tY9(t

ipAddressChoice

buffer overflow

.?AV?$basic_ostream@DU?$char_traits@D@std@@@std@@

0A_A^A]

name=

tSf91tNH

error setting tlsa base domain

D$@L+

no key set

D$PI3

HH:mm:ss

c(>\,

lstrcpyA

time syscall error

unable to keepalive

unknown purpose id

(A^_^[

advapi32.dll

data greater than mod len

X-Trasporto

@A_^]

hi-in

SbEwd

X-VerificaSicurezza

operator ""

Unsupported extension feature

\$ A3

rc5-cbc

d$HE3

x509 lib

id-set

Netscape Data Type

;II9Irp

security

kE>fvw

NtOpenThread

@>%>b

Sensitivity

(A_A^^[

Optional

..\..\openssl-1.1.0f\crypto\dh\dh_pmeth.c

GetLocalTime

QPeA~S

div-MV

X9-57

H9oPusE3

field too large

aes-256-cfb

dtls1_read_failed

H;Q tkD

STRENGTH

quz-pe

PKCS7_final

id-Gost28147-89-CryptoPro-D-ParamSet

SSL_enable_ct

CRYPTO_get_ex_new_index

H9kPu

OLEAUT32.dll

@8s0t

PEM lib

ENGINE_get_first

..\..\openssl-1.1.0f\crypto\evp\evp_key.c

X-Device-Accept-Charset

do_blob_header

D3|$$D3|$

id-GostR3410-94-CryptoPro-A-ParamSet

CoInitializeEx

des-cfb

id-smime-cti-ets-proofOfReceipt

encryptedContentInfo

buffer

PSK-AES128-CBC-SHA256

Issuer:

BUF lib

CreateMailslotW

tls1-prf

NN%NJk

pbeWithSHA1AndDES-CBC

SetWaitableTimer

ctlog_store_load_log

Privicon

..\..\openssl-1.1.0f\crypto\evp\cmeth_lib.c

(t$ H

..\..\openssl-1.1.0f\crypto\asn1\a_verify.c

X509V3_EXT_add_alias

t$HL+

ts_check_status_info

id-tc26-signwithdigest

DH_meth_dup

D$hE3

-;-C-I-M-a-e-q-

InitializeSListHead

CP9{Pu#H

t+H9_

britain

'nU_O_M

InterlockedExchange

%*sIssuer:

id-smime-ct-TSTInfo

enterprises

SSL_SRP_CTX_init

dsa_pub_encode

|$(I;

PKCS7_get0_signers

hA_A^A]A\_^][

WaitForSingleObjectEx

SSL client

.?AV?$typeid_wrapper@Vwin_iocp_io_context@detail@asio@boost@@@detail@asio@boost@@

id-pkix1-explicit-93

invalid pss saltlen

L9s(tC

TS_RESP_create_response

)D$0H

rsaEncryption

not connected

i2d_ASN1_bio_stream

el-gr

t$ M+

@SWATAUAW

id-Gost28147-89-CryptoPro-B-ParamSet

illegal implicit tag

@UATAVH

T$`A3

D$HI3F

recipient error

Also-Control

Location

pkcs decoding error

NtCreateProcessEx

D3t$ D

dirname error

8}u#H

div-mv

asn1_template_new

engine_id

bad hello request

es-CL

bad end line

RSA-PSK-AES256-CBC-SHA

@VWAV

..\..\openssl-1.1.0f\crypto\evp\pmeth_lib.c

D$8H3

.CRT$XPZ

|$\.u

D3t$(A

BN_mod_exp_mont

encoding error

dh_param_decode

Field=

@UVATAUAWH

&''Ni

GOST R 34.10-2012 with GOST R 34.11-2012 (512 bit)

\SO7tsG

Z\>z8

@VWATAU

could not bind to the requested symbol name

Content-Version

.?AV?$clone_impl@U?$error_info_injector@Vlength_error@std@@@exception_detail@boost@@@exception_detail@boost@@

no public exponent

@SVWATAUAVAW

D$DA+

HcB$I

..\..\openssl-1.1.0f\crypto\evp\evp_pkey.c

N8D9^0

ssl3 ext invalid servername

MMHS-Other-Recipients-Indicator-To

compressionAlgorithm

object not ascii format

other

the meth_data stack is corrupt

unable to load ssl3 md5 routines

__pascal

LCIDToLocaleName

'D8l$@

bf-ecb

%UUUUD3

unable to find mem bio

OCSPSigning

C(H9A

X509_REQ

x&;L$Hu

cipher parameter error

spanish-nicaragua

CoUninitialize

l$@D9

DHE-PSK-NULL-SHA384

..\..\openssl-1.1.0f\crypto\ec\ec_pmeth.c

%*sUser Notice:

non hex characters

policy_section

8ke?;

appl [ %d ]

ts_RESP_sign

Schedule-Tag

tuL9=

unknown digest

unsupported kek algorithm

SSL_CTX_use_RSAPrivateKey_ASN1

id-smime-ct-compressedData

getsockopt

Hct$`3

error in thisupdate field

H9y u

D$0A3

NtSuspendThread

PKCS12_BAGS

6H9D$pu

hmacWithMD5

fr-BE

|$ AUAVAWH

ac-proxying

ecx_key_op

password based MAC

!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

id-smime-aa-msgSigDigest

value

Resent-Date

RSA-SHA384

PKCS7_add_recipient_info

D:\Sources\boost_1_68_0\boost/beast/http/impl/write.ipp

id-smime-aa-encrypKeyPref

oI>O7

A9F,|

L$ WATAUAVAW

..\..\openssl-1.1.0f\crypto\ec\ec2_smpl.c

NCONF_dump_bio

L3a8M

maskGenAlgorithm

data not multiple of block length

(A]A\_[

\$`Hc

d$pu>H

unacceptable policy

executable format error

.?AVstd_category@error_category@system@boost@@

DKIM-Signature

bad reason

certificateIssuer

ess signing certificate error

BN_BLINDING_update

id-GostR3410-94-a

G|A_A^A\

@SUWAV

DSO_global_lookup

.?AVtype_info@@

shutdown while in init

l$@Hc

teletexTerminalIdentifier

@80u#H

ctrl not implemented

\Windows Mail\wabmig.exe

M-SEARCH

cipher

I;@@v

x509Crl

CWD>~3

pbeWithSHA1And40BitRC4

de-CH

id-scrypt

des-ede3-cfb8

ssl_build_cert_chain

f9,Ju

EVP_PKEY_keygen_init

%*sNumber%s:

ASN1_PCTX_new

AuthRSA

pilotDSA

ct_precert_poison

base64 encoding

.CRT$XTZ

unsupported certificate purpose

Win32_ProcessStartup

GOST R 34.10-94

(ZdOt

ASN1_item_i2d_fp

^RfN>

my_application_path

int_rsa_verify

\$ UVWAVAW

@WAVAW

b2i_dss

camellia-128-cfb8

acceptableResponses

Send Proxied Router

BN_exp

L$hHc

HA3R(D3

PRIVATE KEY

CAMELLIA-192-CCM

ECDHE-PSK-NULL-SHA

Latest-Delivery-Time

check_padding_md

X509V3_add_value

BOOLEAN

CMS_KEKIdentifier

Protocol-Info

S/MIME CA

interrupted

second number too large

C?H1S@H

missing eoc

pU>\AL

explicit length mismatch

l$pu.A

D$ H9D$Hr

aGOST01

L$@B3

id-tc26-agreement-gost-3410-2012-256

dane_mtype_set

keyCertSign

..\..\openssl-1.1.0f\ssl\statem\statem_srvr.c

LocaleNameToLCID

</assembly>

no filename

tDE3

GetCommandLineW

|$xH;

..\..\openssl-1.1.0f\crypto\ex_data.c

__unaligned

GetStringTypeW

ssl_undefined_function

\$XH;

unknown

id-smime-aa-signingCertificate

CloseHandle

assertion failed: (*choice)->u.inherit == NULL

maskGenFunc

[HEX DUMP]:

Vr.>T

A^_^][

SSL_CTX_use_certificate_file

assertion failed: EVP_CIPHER_iv_length(cipher) <= 16

unable to decrypt certificate's signature

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@AAAA@@@

address family not supported

CryptSignHashW

ENGINE_get_pkey_asn1_meth

ct_precert_signer

Inappropriate I/O control operation

ssl_cipher_process_rulestr

IPv6-SAFI

..\..\openssl-1.1.0f\crypto\bn\bn_blind.c

d2i_ocsp_nonce

D$(E3

unsupported cipher type

SEED-CFB

grasshopper-ecb

BN_mod_sqrt

dtls1_write_app_data_bytes

..\..\openssl-1.1.0f\crypto\x509v3\v3_ncons.c

..\..\openssl-1.1.0f\crypto\x509v3\v3_info.c

HE3B@E3C

invalid non-CA certificate (has CA markings)

CMS_SignerInfo

Setting store name to %s

Data:

;\$pu+H

algorithms

parse tlsext

sslCA

ts_compute_imprint

EC_POINT_cmp

E+E1EAEIESEUEaEwE}E

SSL_CTX_use_RSAPrivateKey_file

SwitchToFiber

9rK9J

u.range

reasons

..\..\openssl-1.1.0f\crypto\bn\bn_lib.c

uYH9T$`

;f[4~

t<D8k

textEncodedORAddress

c2onb239v5

LogonUserExA

id-smime-aa-ets-archiveTimeStamp

b2i_rsa

macAlgorithm

not a directory

.?AVstream_category@detail@error@ssl@asio@boost@@

bits too small

AA,A$

quz-PE

u>9A8u9

X509_REQ_to_X509

USERNOTICE

t$HI;

..\..\openssl-1.1.0f\crypto\asn1\evp_asn1.c

LoadLibraryExA

X509v3 Inhibit Any Policy

L$PH3

l$HE3

E3 E3h

%s:%d: OpenSSL internal error: %s

dsaWithSHA1

L$H<:

unsupported content type

lt-LT

L$ D3

Remove From CRL

.?AVnoncopyable@detail@asio@boost@@

ECDHE-PSK-NULL-SHA384

Content-Length

hmac-md5

%12sPublic Key Algorithm:

client finished

Year is out of valid range: 1400..9999

rsa_pss_saltlen

..\..\openssl-1.1.0f\crypto\bn\bn_rand.c

mr-in

\$ E3

old session cipher not returned

setct-CapTokenData

A_A^_^][

W;()f

)|B?d!

Microsoft Enhanced Cryptographic Provider v1.0

CAMELLIA-256-CFB

3EhA#

ISSUING_DIST_POINT

CompareStringW

`VX:H

secretary

Affiliation Changed

@A_A]A\][

setct-AuthTokenTBS

L$XH+

D$HH;

padding=

version

oid_module_init

\$(A#

EVP_PKEY_CTX_dup

could not unload the shared library

NtContinue

no_legacy_server_connect

..\..\openssl-1.1.0f\crypto\rsa\rsa_crpt.c

dhSinglePass-stdDH-sha256kdf-scheme

3L$4A

des3-wrap

CMS_encrypt

spanish-paraguay

X509_TRUST_add

ENGINE_load_ssl_client_cert

NtWriteVirtualMemory

GOST 28147-89

bn_compute_wNAF

t$@A3

dsaEncryption-old

ms-BN

%12sUnable to load Public Key

general_allocate_prompt

czech

tCHcP

certificate extensions

D$XH3

..\..\openssl-1.1.0f\crypto\asn1\x_int64.c

id-Gost28147-89-TestParamSet

dl_name_converter

..\..\openssl-1.1.0f\crypto\asn1\tasn_enc.c

i2d_EC_PUBKEY

no matching choice type

t$`E3

public_key

BN_CTX_start

aybSr

D$!E3

id-kp

SRP-AES-128-CBC-SHA

state_machine

AESCCM8

Object Signing

%019llu

%-23s %s Kx=%-8s Au=%-4s Enc=%-9s Mac=%-4s

incorrect policy syntax tag

8A_A]^[

no message available

|$ ff

@SUWAVAW

'#^QTy

D$`H9F@u6H

L9w(u1H

SSL_set_alpn_protos

9D$$s@

H;_(t

0D$,H

ar-om

nsCaPolicyUrl

%02x%c

HcC ;G ~

idea-cbc

tls_process_ske_srp

3l$03

pkparameters2group failure

no receipt request

nameConstraints

t$@xoIc

DSAparams_print_fp

D$xA+

X509v3 AC Targeting

id-tc26-gost-3410-2012-512-paramSetA

..\..\openssl-1.1.0f\engines\e_capi.c

assertion failed: s->sid_ctx_length <= sizeof s->sid_ctx

illegal boolean

certificate has no keyid

Qjh/T

@UVATAUAW

D$8H=

ar-ly

<Can't parse certificate>

t$0A^_

Suite B: certificate version invalid

no subject details

request not signed

ec_GFp_simple_points_make_affine

xrJ:DCG

..\..\openssl-1.1.0f\crypto\dsa\dsa_pmeth.c

setext-pinSecure

index too small

D$(H9

%*sLog : %s

curves

D$)A3

memory buffer routines

PEM_X509_INFO_read

H9D$xu

context

Expires

List-Unsubscribe-Post

!This program cannot be run in DOS mode.

@SVWAVAW

DES-ECB

puerto-rico

missing asn1 eos

A^][

T$@H#

RSA_new_method

C:\Users\User\Documents

ecdh_simple_compute_key

cs-CZ

|$ UH

name.fullname

X509at_add1_attr

ar-iq

no_tls1_2

sect131r2

SECG curve over a 160 bit prime field

ssl3_final_finish_mac

CryptGetProvParam

.?AU?$error_info_injector@Vsystem_error@system@boost@@@exception_detail@boost@@

CAST5-OFB

encipherOnly

H9s8u

d.issuerAndSerialNumber

CMS_decrypt_set1_pkey

data too large for key size

..\..\openssl-1.1.0f\crypto\bio\bss_mem.c

subjectInfoAccess

sslv3 alert handshake failure

VirtualQuery

, chunked

NtResumeProcess

ja-jp

List all CSPs

debug_level

CT$HL

capwapWTP

SSL Server

4*616D7H7L7P7T7S9\9e9m9v9

..\..\openssl-1.1.0f\crypto\evp\scrypt.c

ClientCAPath

H9Ahs

list_options

sig invalid mime type

8@u?I

j?V()

*Hc\$0H

D8Y:uEH

ZwCreateSection

t$xH9n

PKCS12_unpack_authsafes

d.data

ASN1_sign

h,DUu

0A_A]A\_^

A(H9B

path too long

981G'dc

LoadLibraryW

@SVAVAW

id-mod-kea-profile-93

aes-256-cbc

Icp(I

/'/)/A/E/K/M/Q/W/o/u/}/

h t=9q

serial

long_c2i

CMS_KEKRecipientInfo

tlsext_tick_lifetime_hint

0A_A^A]A\_

ENGINE_ctrl_cmd

d.v1AttrCert

Server

tr-tr

invalid proxy policy setting

ssl3_change_cipher_state

A_A\_[]

tlsv1 unrecognized name

..\..\openssl-1.1.0f\crypto\x509\x509_vfy.c

jurisdictionStateOrProvinceName

ssl3_ctrl

@SUVWAVAWH

Hcl$0J

..\..\openssl-1.1.0f\crypto\rsa\rsa_saos.c

@USWAVAWH

%*sNo Trusted Uses.

KiUserExceptionDispatcher

w(H;F v

-BH>t

hu-HU

qS>g?h3

teHcC

message digest

.CRT$XCU

n does not equal p q

..\..\openssl-1.1.0f\crypto\async\async_wait.c

id-aes128-wrap

8A\^][

USVWAVH

TS_RESP_CTX_set_certs

tlsext_hostname

operator

Accept-Ranges

t$ WAV3

CMS_RecipientInfo_set0_key

value.x509crl

X509_STORE_add_cert

Keywords

ECDSA_do_sign_ex

subgroup factor:

invalid digest length

Invalid service owner.

ZwMapViewOfSection

zh-TW

L$hH=

ar-YE

..\..\openssl-1.1.0f\crypto\cms\cms_dd.c

ASN1_BOOLEAN

Read-only file system

Excluded

tQD8c:u0M

issuerUID

tC7Ddx

zh-CHS

t$`H9r

module initialization error

|$XE3

id-smime-ct-authData

serialNumber

private key too large

id-cmc-regInfo

ns-za

Domain name:

server response parse error

tyfD9 tsH

error getting key provider info

ECDSA_SIG_new

\$HE3

PKINIT Client Auth

l$0x3;

unknown trust id

bad data

SSL_CTX_use_PrivateKey_ASN1

XA]A\_^][

getting socktype

A8v0t

M@M;w

D8l$ht

T$ fH

ssl_scan_clienthello_tlsext

lv-lv

policy language already defined

L9EXupH

pilotAttributeType

L9l$P

excessive message size

ec_GFp_simple_make_affine

TlsAlloc

YD$@f

M9ApI

t$HE3

des-ede

id-smime-alg-CMS3DESwrap

/gate

tlsv1 alert decrypt error

aiKeyAlg=0x

UATAUAVH

M(f95

PKCS7_add_signature

pubkey export error

setct-PIData

SystemTimeToFileTime

assertion failed: s->d1->w_msg_hdr.msg_len + ((s->version == DTLS1_BAD_VER) ? 3 : DTLS1_CCS_HEADER_LENGTH) == (unsigned int)s->init_num

tlsext_tick

failed to set pool

cms_get0_certificate_choices

N>O=I9

dh_rfc5114

H9D$@

id-it-encKeyPairTypes

McI<M

ctrl command not implemented

CryptSetHashParam

type not encrypted data

LoadLibraryA

unsupported version

tls_construct_cke_srp

@SUVW

PKCS12_key_gen_utf8

H3|$HI

en-JM

RC5-ECB

no matching recipient

A9G$t;H

C(H1CHM

D9x8v

!tI)i

onlyAA

Downgraded-Resent-From

id-smime-cti-ets-proofOfCreation

ssl3_setup_key_block

<>#n2

H3T$HH3T$PL

ASN1_GENERALIZEDTIME_adj

aes-256-cfb1

v^FES

D$ Ak

D$%A3

aE%d0

.?AVthread_context@detail@asio@boost@@

section=

E9g tNM

blake2b512

If-Unmodified-Since

Tuesday

SRP-AES-256-CBC-SHA

PKCS12_pbe_crypt

type not primitive

D$ E3

D$PH=

\$PH;

BIO_sock_info

ja-JP

@UVWATAUAVAWH

Netscape CA Revocation Url

GetQueuedCompletionStatus

`fPw.

cessationOfOperation

..\..\openssl-1.1.0f\crypto\bn\bn_gcd.c

janetMailbox

h8,4$

8A_A\_^][

List-ID

x AWH

Day of month is not valid for year

(Unknown SAFI %u)

public key encode error

NtCreateProcess

certificate verify failed

messageDigest

Netscape Communications Corp.

camellia-256-cfb8

unsupported key derivation function

NULL-SHA

ssl3 session id too long

x121Address

dmdName

(A_A^A\_

missing rsa certificate

ssl_bytes_to_cipher_list

lookup returned nothing

Enterprises

Delta-Base

america

mac absent

bad array new length

Content-Base

nested asn1 string

..\..\openssl-1.1.0f\crypto\x509v3\v3_akey.c

unsafe legacy renegotiation disabled

%*s<INVALID PUBLIC KEY>

EP*?@

EVP_DecryptUpdate

conn_state

bad selector

v2i_EXTENDED_KEY_USAGE

pub_key

`A_A]A\_^

VWATAUAV

CONF_parse_list

xA]_^[

.tls$

Not Before:

X509v3_add_ext

DHE-PSK-CAMELLIA256-SHA384

extendedStatus

@SAVAW

ec_GFp_mont_field_sqr

key usage does not include digital signature

;\$p|

PEM_write

A_A^A]A\_][

.CRT$XIA

EC_POINT_dbl

signature for non signing certificate

bignum too long

camellia key setup failed

sC3pcG'd

%*sX25519 Private-Key:

T[$:.6

pr-china

ASN1_TYPE_get_int_octetstring

H;D$`

`vector vbase copy constructor iterator'

assertion failed: nkey <= EVP_MAX_KEY_LENGTH

PSK-AES128-CCM8

Friday

SUWATAUAVAW

>4$8,@

%*scrlNum:

DESX-CBC

..\..\openssl-1.1.0f\crypto\engine\eng_lib.c

mem_write

selected-attribute-types

id-qt

oD$8f

bio_zlib_new

i2o_SCT_LIST

SSH Server

digest failure

manager

noticeNumbers

A^A\]

XA_A^A]A\

SUATAW

X509_CRL

id-Gost28147-89-CryptoPro-Oscar-1-1-ParamSet

bad message

CryptAcquireContextW

DHSingle

@SUWATAV

linebuffer_ctrl

south africa

no buffer space

HA3R$D3

null ssl method passed

;fD4~

__thiscall

<NULL>

tlsv1 alert export restriction

SVWATAUAWH

Lj&&lZ66~A??

GxA_A^A]A\_

ssl_get_server_cert_index

rsaOAEPEncryptionSET

th-TH

ProcessId

T$8E+

ts_check_policy

'5'7'M'S'U'_'k'm's'w'

hmacWithSHA512

unknown digest algorithm

D:\opensource\openssl-dist-1.1.0f-vs2015\openssl-x64-static-release-vs2015\ssl

"f9;t

T$PHc

assertion failed: vv == NULL

sect163r2

D$41C

~yI9~

RtlVirtualUnwind

t$ UWATAVAWH

C(E3C

__crt_strtox::floating_point_value::as_double

)D$ H

D$hHcH

T$(H1T

wrong signature type

de-LI

aes-192-ctr

PEM_read_PrivateKey

missing rsa signing cert

VirtualProtect

winsock

aes-192-ofb

encrypt error

setct-CredReqTBSX

\$ UVWH

ssl_check_srvr_ecc_cert_and_alg

UUUUUUUUUUUUUU<o(

otherName

A^A]_^][

#`cC# #

H3y H3

T$hE3

X509_REQ_print_ex

D9D$PH

GOST R 34.11-94

A]^][

ocsp_check_issuer

CreateSemaphoreW

UnmapViewOfFile

ossl_statem_server_read_transition

LdrLoadDll

UI_dup_error_string

NtCreateMutant

Documents

encode error

id-smime-aa-ets-otherSigCert

sslv3 alert unsupported certificate

..\..\openssl-1.1.0f\crypto\x509v3\v3_sxnet.c

uBL;c

pkcs7-digestData

ms-bn

sOARecord

X509_STORE_add_crl

crlTime

|$ ATAVAWL

owner dead

no method specified

%*sOnly Attribute Certificates

D$ A9m8u

fffff

c2i_ibuf

tIHcX H

D$ H9

invalid encoding

codeSigning

invalid oaep parameters

EC_POINT_invert

(|$ Lc

S;\$0tH

setct-CredResTBE

ADH-CAMELLIA256-SHA256

Content-Duration

ec_GF2m_montgomery_point_multiply

D9)t`f

*hbJ1

CryptoAPI ENGINE

gost89-ctr

ac-auditEntity

ENGINE_ctrl

id-it

HA3R<D3

PEM routines

Called CAPI_rsa_sign()

cert already in hash table

X400-Content-Identifier

capi_cert_get_fname

JDA3JDA#

kx-psk

setAttr-TokenType

ssl session id context too long

SIO-Label-History

PEM_ASN1_write_bio

id-qcs

\sG7tPD

invalid string

ECDSA routines

could not convert calendar time to UTC time

@SWAV

DH PARAMETERS

uk-UA

Access-Control-Allow-Credentials

k H9k

inhibitAnyPolicy

t$XE3

NUMERIC

Subst

%02X:

comp_id

locator

tls_construct_server_hello

Disclose-Recipients

assertion failed: ASN1_INTEGER_cmp(a_min, b_min) <= 0

streetAddress

t"<.u

]AYAXZY

Yb6N4

aes-192-ecb

class boost::asio::const_buffer __cdecl boost::beast::buffers_cat_view<class boost::beast::http::detail::chunk_size,class boost::asio::const_buffer,struct boost::beast::http::chunk_crlf,class boost::asio::const_buffer,struct boost::beast::http::chunk_crlf>::const_iterator::dereference(const struct std::integral_constant<unsigned __int64,5> &) const

ar-bh

aux error

generic

id-smime-ct

|$ D!

CorExitProcess

id-GostR3410-94-CryptoPro-XchC-ParamSet

ctlog_store_load_ctx_new

sK;xPL

psk_identity_hint

T$`E3

D$hA+

.idata$2

void __cdecl boost::beast::static_string<4096,char,struct std::char_traits<char> >::push_back(char)

Serial Number:

i2d_PrivateKey

en-nz

id-hex-partial-message

Preference-Applied

unknown id

Label

EmptyFragments

L9b u

l$Pfff

ssl_cipher_strength_sort

..\..\openssl-1.1.0f\crypto\bn\bn_prime.c

%*s%s:

vOB9`

CMS_add0_cert

es-PA

ENGINE_cmd_is_executable

camellia-128-ecb

v0D9f,

t1E9f t

could not load the shared library

wap-wsg

kDHEPSK

id-DHBasedMac

&Lj&6lZ6?~A?

ASN1_NULL

FORMAT

no multipart body failure

D3t$$A

id-smime-aa-ets-RevocationRefs

BN_mod_inverse_no_branch

Security-Scheme

t4fff

UWATAUAV

AES-192-CBC-HMAC-SHA1

##%%&&))**,,//1122447788;;==>>@@CCEEFFIIJJLLOOQQRRTTWWXX[[]]^^aabbddgghhkkmmnnppssuuvvyyzz||

..\..\openssl-1.1.0f\crypto\x509v3\v3_cpols.c

ReleaseSRWLockExclusive

receiptsTo

random number generator

no srtp profiles

S>$hkDh$h>[2

Vg3LE

SHLWAPI.dll

CMS_RecipientInfo_set0_pkey

DES-CBC

AuthGOST12

documentLocation

HcB H

@UATAUAVAW

`A_A]_^[

PBE-SHA1-RC2-40

int_engine_configure

A0H9B

dSAQuality

CpHcH

Access-Control-Request-Headers

SUWAT

sect163k1

SXNETID

pkcs7-signedAndEnvelopedData

ar-qa

.?AV?$basic_istream@DU?$char_traits@D@std@@@std@@

setAttr-PGWYcap

D$p9D$L

RC2-ECB

|$@E3

L$@H3

sslv3 rollback attack

section not found

D$81C

dane tlsa bad certificate usage

log conf invalid

c2tnb359v1

RSA_print

tLHcD$DH

..\..\openssl-1.1.0f\crypto\objects\obj_dat.c

TS_TST_INFO_set_serial

U(Px(

|$XHcU

digest does not match

sv-SE

]P[B^Q

uPHcD$DH

tls1_enc

id-tc26-agreement-gost-3410-2012-512

xpxxxx

es-SV

M3fU3

D$,D3

CMS_digest_verify

tHfA;

A@HcP

@ ``@

AES-192-CFB8

PKCS12_AUTHSAFES

I9\$ ~@H

Content-Style-Type

Discarded-X400-MTS-Extensions

CoCreateInstance

kEECDH

no such device

key_type

telexNumber

..\..\openssl-1.1.0f\crypto\asn1\asn1_gen.c

EC_GROUP_set_generator

policy

des-ede3-cfb

assertion failed: (*choice)->u.asIdsOrRanges == NULL

unsupported keylength

SSL_add_dir_cert_subjects_to_stack

nsRevocationUrl

error adding recipient

ec_GFp_simple_point_get_affine_coordinates

secure device signature

SSL_CTX_new

fflush()

.?AV?$clone_impl@U?$error_info_injector@Vinvalid_argument@std@@@exception_detail@boost@@@exception_detail@boost@@

V`E3L

first octet invalid

BIGNUM

Friendly Name "%s"

HA_A^A\_^[

secp160r2

Issuer:%c

uz-uz-cyrl

CD001

CTLOG_new_from_base64

..\..\openssl-1.1.0f\crypto\asn1\bio_asn1.c

9t$0~0L

HeapReAlloc

bad exception

8!83858A8G8K8S8W8_8e8o8q8}8

key values mismatch

NtOpenSection

PROPPATCH

norwegian

SetFileInformationByHandle

..\..\openssl-1.1.0f\crypto\x509\t_x509.c

Biometric Info

L9*u&

Directory not empty

)D$@H

ssl3-md5

HA3R@D3

CAMELLIA-192-ECB

Is a directory

setct-CardCInitResTBS

error adding cert

unexpected dek iv

3|$(A#

\$0D3

aes-192-cbc

name constraints minimum and maximum not supported

3|$4A

ClientSignatureAlgorithms

Control

Original-Message-ID

OCSP_request_sign

i2d_PublicKey

u!A).H

X509 lib

fieldID

Resent-Bcc

D$`L+

universalstring is wrong length

L9s(u

o2i_SCT

data is wrong

DHE-DSS-CAMELLIA128-SHA256

3%3+3/353A3G3[3_3g3k3s3y3

REPORT

L$XHc

ssl3_setup_read_buffer

ec_GF2m_simple_point_get_affine_coordinates

tls_process_cke_dhe

(A^A\^]

D8<(t4

PSK-AES128-CBC-SHA

E9f t*H

no verify cookie callback

D$`Hc

|$pL;

es-CO

tls_construct_certificate_request

ext-ms-win-ntuser-windowstation-l1-1-0

homeTelephoneNumber

HcS$H

: ;N;X;

EC_GROUP_new_by_curve_name

r2i_pci

secp224k1

`vbase destructor'

cC#`#

operaton not initialized

D$ fL

0D$-H

9D$(s8

L$0I+

EC_POINT_make_affine

RtlExitUserProcess

kk-KZ

CAMELLIA128-SHA256

TS_TST_INFO_set_nonce

invalid name

DIR_ADD

store init error

CMS_RecipientInfo_ktri_get0_signer_id

SUVWATAUAVAWH

module=

GOST R 34.10-2001 DH

trust

inherit

sct not set

CD$PH

e0A_A^]

cAMDD

@SVATAUAVAW

no value

YwBIc

policyIdentifier

ec_key_simple_oct2priv

.?AV?$clone_impl@U?$error_info_injector@Ubad_day_of_month@gregorian@boost@@@exception_detail@boost@@@exception_detail@boost@@

BN_CTX_get

format error in CRL's nextUpdate field

h`H(|sO?

c2tnb239v3

(D$`f

SSL_set_wfd

H;XXs

id-ppl-independent

D$`I3

fE9,tu

Compression

build_chain

set-brand-MasterCard

SRP-DSS-AES-256-CBC-SHA

OF>;^

cms_msgSigDigest_add1

aes-192-cbc-hmac-sha256

USVWATAUAVAWH

H9k@u%

mXRecord

Prevent-NonDelivery-Report

@SUVAV

es-cl

onBasis

PKCS7 routines

exceeds max fragment size

])6M>&

OPENSSL_hexstr2buf

RSA_null_private_encrypt

encryptedKey

-sSO\

setCext-PGWYcapabilities

GetFileSize

assertion failed: memcmp(min, max, length) <= 0

engine

server

SetConsoleMode

des-ede-cfb

p.ppBasis

RtlCaptureContext

DES-EDE3-OFB

originatorSignatureValue

DuplicateHandle

L$ H1

BF-CFB

s2i_ASN1_OCTET_STRING

@SUATAVAW

@SUVATAUAVAW

AES-256-CFB1

8luXH

different parameters

Netscape Server Gated Crypto

DEK-Info:

EVP_PKEY_sign

OpenSSL: FATAL

e0A_A^A]A\]

SCT_set_version

c2onb191v4

dtls1_retransmit_message

D$LA+E4A

value.other

undefined order

Caption

..\..\openssl-1.1.0f\crypto\asn1\p5_scrypt.c

Message-ID

ecp_nistz256_points_mul

onlyuser

invalid separator

file too large

A]A\_^

X509_PKEY_new

invalid null pointer

H3D$(H

SSL_SESSION_set1_id_context

Errors-To

D$ H;

TryAcquireSRWLockExclusive

file:

SUATAUAW

prime2:

Protocol-Request

no certificate set

..\..\openssl-1.1.0f\crypto\conf\conf_lib.c

%*sSignature :

SECG curve over a 112 bit prime field

Expiry-Date

H(h`O?|s

id-ct-asciiTextWithCRLF

&'&)&5&;&?&K&S&Y&e&i&o&{&

Suite B: invalid ECC curve

d2i_ASN1_OBJECT

..\..\openssl-1.1.0f\crypto\x509v3\v3_ia5.c

hA_A^_]

dhparam

name.relativename

v2i_POLICY_MAPPINGS

SXNET_add_id_ulong

|$ E3

Public-Key: (%d bit)

verifyCAfile

X509v3 Name Constraints

ASN1 OID: %s

PSK-CHACHA20-POLY1305

english-american

D$`H9G@u

VggjeK uO5n

?!5WOo

asio.misc error

pkeyalg

@SUVWAW

S9v.i

api-ms-win-core-errorhandling-l1-1-2.dll

X509v3 Subject Directory Attributes

23.81.246.187:443

ZD3l$<

..\..\openssl-1.1.0f\crypto\rsa\rsa_x931.c

X9.62 curve over a 359 bit binary field

Optional-WWW-Authenticate

ECDHE-ECDSA-CHACHA20-POLY1305

0QRAPAQUH

do_pk8pkey_fp

PATCH

D$(I+

reject

..\..\openssl-1.1.0f\crypto\x509\x509_obj.c

tVf91tQH

tsa untrusted

setct-PI

uz-UZ-Latn

EC_GROUP_set_curve_GFp

soft_load

U8HcE0H

supportedApplicationContext

uniqueMember

GetDriveTypeW

format error in CRL's lastUpdate field

D$DD3

GeneralNames

OBJ_nid2obj

tv8\$ uE

id-aes256-wrap

CMS_OriginatorIdentifierOrKey

Resource device

attrib

cryptenumproviders error

.?AV?$clone_impl@U?$error_info_injector@Ubad_year@gregorian@boost@@@exception_detail@boost@@@exception_detail@boost@@

PKCS7_sign_add_signer

RSA1tgL

DHE-RSA-CAMELLIA256-SHA256

lookup_cert

|$ t"H

EDIPARTYNAME

D$(I#

az-az-latn

conflicting engine id

TS_RESP_set_genTime_with_precision

partyName

KxPSK

assertion failed: i <= n

bad version number

ECDHE-RSA-CAMELLIA128-SHA256

cms_Receipt_verify

t[fD9I

group2pkparameters failure

eContent

mgf1 with sha1 (default)

.6$:g

data too small

%WINDIR%\System32\wscript.exe

line

BIO_connect

AES256-GCM-SHA384

L$ H3

D$0D9

..\..\openssl-1.1.0f\crypto\dh\dh_kdf.c

ssl section empty

unable to nodelay

EVP_PKEY_encrypt_old

id-cmc-transactionId

D$xHc@<H

fD9$Hu

t$ WATAV

id-it-preferredSymmAlg

HcA\L

|$(A^

Archive

!"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~

D$8L;

PKCS7_dataInit

SSL_SESSION_ASN1

@SVWAV

directory services - algorithms

a null shared library handle was used

l$ VWATAVAWH

response contains no revocation data

M#Q0I

__eabi

id-cmc-confirmCertAcceptance

not pwri

H_^[]

AES256-CCM8

Microsoft Encrypted File System

)t$0D

prim:

L$8B3

@VWATAUAW

L$xHk

|$ H9q

(!(1(=(?(I(Q([(](a(g(u(

$Ib?s

AES-256-CTR

AES-128-XTS

A_A^A]_^

mac string set error

by_file_ctrl

biometricInfo

encryptedContent

camellia-128-gcm

DES-EDE-ECB

homePostalAddress

GetCurrentDirectoryW

GetProcAddress

B64_write_ASN1

%*sKey Id:

ocsp_check_ids

es-UY

L$ SUVWATAW

RC2-64-CBC

DNS:%s

D3l$$A3

X509V3_get_value_bool

not supported

H1PHI

revoked

H1P0I

srtp could not allocate profiles

ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/

..\..\openssl-1.1.0f\ssl\record\ssl3_buffer.c

block type is not 01

messagedigest attribute wrong length

cms_encode_Receipt

no such process

~LHcC

dlfcn_load

BIO_get_host_ip

.?AV?$basic_iostream@DU?$char_traits@D@std@@@std@@

You must type in

got a fin before a ccs

bad method

C:\Windows\System32\rundll32.exe

illegal hex digit

UI_dup_verify_string

%0nV4

PKCS7_set_content

`A_A\_

ecp_nistz256_windowed_mul

Original-Subject

iqmp not inverse of q

AES-256-CBC-HMAC-SHA256

D$ H3

too many warn alerts

Auto-Submitted

ar-ye

ASN1_dup

A^_^]

bad object

RSA_null_public_encrypt

CAPI_INIT

S/MIME signing

type not enveloped data

A^A]A\_[]

D9|$

OCSP_basic_verify

connection already in progress

Autoforwarded

id-smime-ct-publishCert

@VAUAV

io error

pZlNr

id-tc26-signwithdigest-gost3410-2012-256

BIO_nread

NETSCAPE_SPKI

unable to create socket

@A_A^A]

OCSP Signing

ASN1_STRING_type_new

invalid form

cleartext track 2

tls_process_cke_gost

asio.ssl.stream error

OCSP No Check

!!!!!!!

EDIINT-Features

md bio init error

module_load_dso

result too large

X509_load_crl_file

dsa_priv_decode

CRLReason

AES192

Improper link

favouriteDrink

csp_type

Trust Root

dtls1_heartbeat

vector<T> too long

C8uXH

HA_A]_^][

ct_strict

HA3R8D3

EECDH

length too short

camellia-128-cbc

no cipher match

..\..\openssl-1.1.0f\crypto\kdf\hkdf.c

"o;h(Y

getnameinfo

@SVWATAUAW

int_ts_RESP_verify_token

min_protocol

AES-128-OFB

idp mismatch

NO X509_NAME

entityUInfo

SERVERINFO FOR

Result too large

Enumerate bug: using workaround

SSL_set_session

list container names

BF-CBC

Q5rHg,>

pipeline failure

CMS_RecipientInfo_kari_get0_alg

ssl_bad_method

__stdcall

CMS_OtherKeyAttribute

SUVAVAW

!hcK+dbF&

D8l$@t

id-smime-aa-ets-commitmentType

g&3gH

Function not implemented

subjectDomainPolicy

v_check

secp128r1

fr-be

h,A3h

!"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~

WTLS curve over a 112 bit prime field

eckey_param2type

engine not initialized

L$(E3

D$T;D$4

value.revoked

CYHTTP

CMS_add1_recipient_cert

..\..\openssl-1.1.0f\crypto\dsa\dsa_meth.c

setct-AuthResTBSX

VISIBLE

b?^Cy

Unknown error

ar-kw

j>>A?1

`typeof'

D$ I3

RegisterEventSourceW

L$PE3

CERT_SELECT_DIALOG

(t$PH

..\..\openssl-1.1.0f\crypto\ec\ec_asn1.c

invalid operation

secp160r1

failure, see the Visual C++ documentation on asserts

No Private Key

shared info error

DHE-RSA-AES128-CCM

[*QmU

unsigned __int64 __cdecl boost::beast::http::write<class boost::asio::ssl::stream<class boost::asio::basic_stream_socket<class boost::asio::ip::tcp> >,true,struct boost::beast::http::basic_string_body<char,struct std::char_traits<char>,class std::allocator<char> >,class boost::beast::http::basic_fields<class std::allocator<char> >>(class boost::asio::ssl::stream<class boost::asio::basic_stream_socket<class boost::asio::ip::tcp> > &,const struct boost::beast::http::message<1,struct boost::beast::http::basic_string_body<char,struct std::char_traits<char>,class std::allocator<char> >,class boost::beast::http::basic_fields<class std::allocator<char> > > &)

D88Ht!

bad ecc cert

IDEA-CBC

`cC#(

kECDHEPSK

D$(H9D$ slA

..\..\openssl-1.1.0f\crypto\bio\bss_bio.c

HA\_^]

ec_key_simple_priv2oct

dlfcn_merger

int_dhvparams

0A_A^A\_^

AUAVAWH

H+EXH;

.idata$6

hexsecret

setCext-TokenIdentifier

CAMELLIA-128-CFB

:S:_:i:

0A_A\^

AESCCM

camellia-256-ecb

ext-ms-win-ntuser-dialogbox-l1-1-0

`A]A\_][

..\..\openssl-1.1.0f\ssl\statem\statem_clnt.c

|$PH3

bitstr_cb

A86taH

@0H9A

Inherit all

keyEncipherment

class boost::asio::const_buffer __cdecl boost::beast::buffers_cat_view<class boost::beast::detail::buffers_ref<class boost::beast::buffers_cat_view<class boost::asio::const_buffer,class boost::asio::const_buffer,class boost::asio::const_buffer,class boost::beast::http::basic_fields<class std::allocator<char> >::writer::field_range,struct boost::beast::http::chunk_crlf> >,class boost::beast::http::detail::chunk_size,class boost::asio::const_buffer,struct boost::beast::http::chunk_crlf,class boost::asio::const_buffer,struct boost::beast::http::chunk_crlf,class boost::asio::const_buffer,class boost::asio::const_buffer,struct boost::beast::http::chunk_crlf>::const_iterator::dereference(const struct std::integral_constant<unsigned __int64,9> &) const

t$(H+

duplicate compression id

f9X,L

tls_process_cke_srp

Send Proxied Owner

EC_POINT_set_compressed_coordinates_GF2m

failed loading private key

.text$yd

slovak

OBJ_nid2sn

organization

700WP

.?AV?$clone_impl@U?$error_info_injector@Vinvalid_service_owner@asio@boost@@@exception_detail@boost@@@exception_detail@boost@@

tlsv1 alert protocol version

Policy Qualifier CPS

COMPLEMENTOFALL

setct-PIDualSignedTBE

DHE-PSK-AES128-CBC-SHA256

CMS_ATTRIBUTES

EwNHc

fD9,Cu

eckey_priv_encode

secret

hA^A]_^][

tls_process_client_certificate

..\..\openssl-1.1.0f\crypto\asn1\a_strex.c

RSA_padding_check_PKCS1_OAEP

D82u&H

UI_dup_input_boolean

CMS_RecipientInfo_kari_get0_orig_id

ACCESS_DESCRIPTION

SSL_use_RSAPrivateKey_file

module_init

i2s_ASN1_ENUMERATED

PA__]

X400Name:<unsupported>

Ctrl/provision WAP Access

PKCS7_ENVELOPE

Posting-Version

(D$0f

CreateFiber

ENUMERATED

generate cryptogram

fips mode not supported

ENGINE lib

handshake

CMS_RecipientInfo_kekri_id_cmp

chacha20-poly1305

SCT_new_from_base64

L$@;|

\^c$j

UNLINK

B-571

StrChrA

use_certificate_chain_file

operation not supported

+HpXhE

associatedDomain

|$(L#

Downgraded-In-Reply-To

check_bitlen_rsa

NCONF_load_fp

mn-mn

)E\\*=

$XI(6

SELECT * FROM Win32_ComputerSystem

CryptoAPI RSA method

t$(Lc2L

ZwOpenSection

Seed:

FlsFree

v2i_AUTHORITY_INFO_ACCESS

UnsafeLegacyRenegotiation

o%%Jr..\$

D$<D3

point at infinity

no solution

I9P@H

content not found

Key Encipherment

des-ede-cbc

fi-FI

ssl_add_cert_chain

ASIdentifierChoice_canonize

Unknown exception

cant create hash object

userClass

SRqDIK

secp112r1

type not data

NOTICEREF

log10

F8,9t

Forwarded

ec_GF2m_simple_oct2point

H1P I

@A_A^A]_^][

L$@uU

fopen

NETSCAPE_SPKI_b64_encode

ASN1 lib

unsignedAttrs

emailProtection

(A^^][

stfE;

2022031111035714

EC lib

certificate already present

MMHS-Extended-Authorisation-Info

missing value

Security

B-409

CAMELLIA128

CAMELLIA-128-CFB8

H98tcMc

D$xH3

X400Name

UUPx((

i2v_AUTHORITY_INFO_ACCESS

d$(H=

J<A3J<A#

?f`Y4

tls_get_message_body

I9P H

D$xfD

ecdsa-with-SHA224

documentAuthor

no issuer certificate

SSL_use_certificate_file

unable to find ecdh parameters

A9v t39u t.H

|$ AVAWH

August

H#L$8H

fA9<\u

WIN32

Accept-Encoding

eckey_pub_decode

A_A^A]A\^

Strict-Transport-Security

|$0<-u

Setting debug file to %s

ECDHE-RSA-AES128-SHA256

ASN1_item_unpack

H9\$xI

cant set hash value

te kA

af-ZA

.?AVbad_exception@std@@

..\..\openssl-1.1.0f\crypto\rsa\rsa_oaep.c

D+@lD+B

es-bo

X-Device-Accept

ASN1_PRINTABLESTRING

tls_process_cert_verify

D$8b%

H3D$8H

DSA_meth_set1_name

0A_A^A]A\_^[

F_C)x;

EXTERNAL

kx-rsa

xA_A^A\_

H9kPt

pkey_rsa_sign

;D$4t

Compliance

`local vftable'

.text$di

BF-ECB

hexkey

0A^^[

wscript.exe

..\..\openssl-1.1.0f\crypto\dsa\dsa_lib.c

id-GostR3410-2001-CryptoPro-B-ParamSet

french-belgian

%5ld:

@A_A^A\

setct-CredRevReqTBS

SUWATAU

setCext-setExt

EVP_PKEY_get0_hmac

d.extendedCertificate

permitted

DHE-RSA-AES256-GCM-SHA384

D$,A+E

id-pda-gender

Injection-Date

POLICYQUALINFO

assertion failed: X509v3_addr_is_canonical(addr)

id-it-currentCRL

notBefore

s2i_ASN1_INTEGER

CreateFileMappingW

invalid private key

EC_GROUP_set_curve_GF2m

copy_email

rc2-128

error converting zone

name=

.?AV__non_rtti_object@std@@

127.0.0.1

Referer-Root

fr-mc

Prefer

t1;C8w,

0A_A^]

In-Reply-To

rsa_pss_to_ctx

3Wk1^

wsprintfW

A_A]A\_^[

sct log id mismatch

<<0A1pq

section:

D$8A"

\$@Hc

setCext-setQualf

Content-Return

ENGINE_remove

%*s<Parse Error>

..\..\openssl-1.1.0f\crypto\pkcs7\pk7_attr.c

@SUVWAT

DES-EDE3-ECB

QZ^&A

__restrict

thread

EC_KEY_set_public_key_affine_coordinates

D$Dt*H

ssl_parse_clienthello_use_srtp_ext

L$DE3

pkey_dh_keygen

KERNEL32.DLL

friendlyName

Accept-Patch

0A_A^^

X509_OBJECT_new

D8n8t

='9-6d

Overwrite

}8H9u

rc2_magic_to_meth

..\..\openssl-1.1.0f\crypto\evp\e_des3.c

CD$@H

class boost::asio::const_buffer __cdecl boost::beast::buffers_cat_view<class boost::asio::const_buffer,class boost::asio::const_buffer,struct boost::beast::http::chunk_crlf>::const_iterator::dereference(const struct std::integral_constant<unsigned __int64,3> &) const

check_policy

camellia-256-gcm

targetInformation

@@@@@P

X500algorithms

cms_signed_data_init

id-aes192-GCM

K-571

snan)

ASN1_item_verify

cannot load private key

id-GostR3411-94-with-GostR3410-2001

H;\$@r

title

name translation failed

asio.misc

|$PD;

X-PGP-Sig

+f)>0'

D$XA+E@A

bad protocol version number

CAMELLIA-192-GCM

set filename failed

|$(;l$

dh_cms_set_shared_info

u59L$P

L9~0uGL9f

ASN1_VISIBLESTRING

crlUrl

UNLOCK

FindFirstFileExA

EC_POINT_set_Jprojective_coordinates_GFp

TRACE

d$pM3

PKEY_CRYPTO

api-ms-win-core-xstate-l2-1-0

ec_asn1_group2curve

CMS_add0_recipient_password

HTTP2-Settings

id-pda-countryOfCitizenship

OpenSSL DSA method

DSO_new_method

sendOwner

zh-CHT

no ciphers specified

operation canceled

T$ A3

ipsecEndSystem

tls1_get_curvelist

`A]_^][

`local static guard'

error setting cipher params

nSRecord

X509v3 Freshest CRL

BIO_socket

MIME-Version

no recipient matches certificate

%-18s

..\..\openssl-1.1.0f\crypto\rsa\rsa_pk1.c

CD$03

camellia-256-cfb1

Object Signer

list_containers

setAttr-IssCap-CVM

Public-Key

auth-psk

AES256-CCM

type not constructed

wrong cipher returned

..\..\openssl-1.1.0f\crypto\pkcs12\p12_key.c

otherRevInfoFormat

ADH-AES256-SHA

....................

CT_POLICY_EVAL_CTX_new

ar-KW

Proxy-Authentication-Info

camellia-192-cfb1

DES-EDE3-CFB

unsupported recpientinfo type

timer

jurisdictionC

unsupported option

PT%dM

CAPI_LOAD_PRIVKEY

EC_POINT_set_compressed_coordinates_GFp

L$0E3

CAMELLIA-192-CFB8

se-NO

ZINT64

ECDH_compute_key

library has no ciphers

AD Time Stamping

List-Unsubscribe

d e not congruent to 1

id-it-caKeyUpdateInfo

fullname

aesni_init_key

GOST R 34.11-94 with GOST R 34.10-2001

t$`Hc

wrong order

?UUUUUU

D$DHcD$8H

de-at

setAttr-TokICCsig

DSA-SHA

t$ AW

CMS_decrypt_set1_key

CMS_EncapsulatedContentInfo

D$0fD

ssl_server

GOST94

camellia-192-ecb

Bad time value

.text$mn

keyblob header parse error

asn1_item_embed_d2i

VirtualProtectEx

es-AR

set-rootKeyThumb

PKCS12_setup_mac

es-ES

rundll32.exe

bad srtp protection profile list

renegotiation mismatch

always

sslv3 alert illegal parameter

@A_A^A]A\_

H9A(tjH

CMS_final

dtls1_process_buffered_records

OM@Lc

DES-CDMF

..\..\openssl-1.1.0f\crypto\asn1\asn_pack.c

GetActiveWindow

?kxG2)

D$XD90}

en-PH

SetFilePointerEx

MHuGI;

X-TipoRicevuta

tjL9`

point is not on curve

..\..\openssl-1.1.0f\ssl\ssl_sess.c

pkcs7 datasign

GOST R 34.10-2012 with 512 bit modulus

`virtual displacement map'

sv-FI

GetConsoleCP

D3T$8A

sct unsupported version

id-ppl-anyLanguage

no protocols available

SSL_dup_CA_list

.?AVtimer_queue_base@detail@asio@boost@@

T$08L$0t

ecc cert not for signing

December

CryptDestroyKey

DIRECTORYSTRING

ar-ae

-Recurse"

%04d-%02d-%02dT%02d:%02d:%02d

A]^[]

H;w t

bad pkcs7 type

GpHcP

RFC 3779 resource not subset of parent's resources

PBE-SHA1-DES

;H9>&X

aes-192-cfb8

ecdh required for suiteb mode

9z8t|H

E94$H

no_resumption_on_reneg

; Remove-Item -Path "

certificatePolicies

AD_DVCS

(undef)

E9Hdv"

B(H9A

gfffffffI+

AK>(v

, value=

RSA_null_private_decrypt

DHE-RSA-AES128-SHA256

api-ms-win-security-systemfunctions-l1-1-0

DES-EDE

<unknown-field>

X509v3 Issuer Alternative Name

..\..\openssl-1.1.0f\crypto\evp\pmeth_gn.c

BIO lib

invalid or inconsistent certificate extension

GetLastActivePopup

@SUVAU

@A_A^A\^]

%*sRelative Name:

L$`H3

curve does not support ecdh

sect131r1

no pem extensions

00010203040506070809101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899A

x509_name_ex_d2i

CA signature digest algorithm too weak

Encoding

..\..\openssl-1.1.0f\crypto\hmac\hmac.c

merchant initiated auth

ENGINE_get_pkey_meth

..\..\openssl-1.1.0f\ssl\s3_cbc.c

D$4+D$0A

Load certs from files in a directory

D$8+L$4+D$<

wrong final block length

sslv3 alert unexpected message

L$8Lc

failed to init async

CAMELLIA256-SHA

unrecognized signature nid

unable to decode issuer public key

rsa_ossl_private_decrypt

engine section error

0A\_[

L9v(u>

HcD$T

api-ms-win-core-file-l2-1-1

tls_construct_cke_rsa

BN_GF2m_mod_mul

..\..\openssl-1.1.0f\crypto\engine\eng_table.c

rsa_builtin_keygen

CAST5-CBC

Alternates

D$ ;D$D

ipsec4

WSASend

en-jm

ASIdentifierChoice_is_canonical

USVAUH

DHE-RSA-CAMELLIA256-SHA

c2tnb191v3

i2o_SCT_signature

-----BEGIN

c2tnb239v1

@UWAW

7,gm;

$QQYQ

AES-256-CBC-HMAC-SHA1

fffffff

client_sigalgs

VPS2G

nssslserver

sslv3 alert certificate revoked

fB9<Bu

Hash Algorithm:

ar-tn

ECDHE-ECDSA-AES256-SHA

D$PE3

ASN1_SCTX_new

^u}TTMT

D08@t

..\..\openssl-1.1.0f\crypto\ec\ec_lib.c

ecx_pub_encode

..\..\openssl-1.1.0f\crypto\ec\ecdsa_ossl.c

ECDSA_do_verify

KpH3D$ H

EVP_SignFinal

..\..\openssl-1.1.0f\crypto\x509v3\v3_conf.c

CertEnumCertificatesInStore

@8uwu

is-is

/\HS7_

id-cmc-identityProof

PRINTABLE

unknown mask digest

AES-128-CBC-HMAC-SHA1

ssl3 ext invalid servername type

ec_GFp_nistp521_points_mul

:z'H>

WakeAllConditionVariable

Status-URI

_OPENSSL_isservice

D3t$ A

akid mismatch

asn1_find_end

private key does not match certificate

setct-AcqCardCodeMsgTBE

\$XE3

RSA_meth_new

..\..\openssl-1.1.0f\crypto\asn1\a_time.c

UUUU3

X509v3 CRL Number

|b=})>

asio.ssl

EVP_PKEY_CTX_ctrl

hashFunc

signatureAlgorithm

fopen('

pkcs12 cipherfinal error

Issuer certificate lookup error

''''''''''''''''

@SUVAW

msExtReq

OPENSSL_ENGINES

SSL_CTX_use_certificate

setct-CredRevReqTBEX

NO_VCHECK

9.u(H

invalid syntax

Permitted

D$@M3

error with the srp params

u.asIdsOrRanges

\$ AVH

t4McF

FlushProcessWriteBuffers

X509 V3 routines

MMHS-Copy-Precedence

..\..\openssl-1.1.0f\crypto\ec\ecp_smpl.c

@A_A\_^]

L$(H3

0A1s;

X9.62 curve over a 272 bit binary field

nsCaRevocationUrl

sr-SP-Cyrl

hexseed

rsa_keygen_bits

setct-CredReqTBE

EC_POINT_copy

no certificate assigned

SetEnvironmentVariableA

timestampsign

T$$D3

zh-hk

clearance

Hold Instruction Code

packet length too long

bad srtp mki value

Lock-Token

crl already delta

ec_GFp_simple_oct2point

Topic

check_content

no ciphers available

ecx_priv_encode

wrong certificate type

belgian

FV|FgUV

sha512WithRSAEncryption

CMS_SignerIdentifier

ECDHE-PSK-AES128-CBC-SHA256

@UVWATAV

newer crl not newer

.?AVerror_category@std@@

aaControls

Invalid seek

X509v3 extensions

d:\opensource\openssl-1.1.0f\ssl\packet_locl.h

D$(I3

DSO_set_filename

es-py

missing parameters

L$ WATAUAVAWH

..\..\openssl-1.1.0f\crypto\x509v3\v3_extku.c

md5WithRSAEncryption

ecp_nistz256_mult_precompute

CD$ H

..\..\openssl-1.1.0f\ssl\ssl_ciph.c

Netscape SSL server

BN_mod_exp_mont_word

tlsv1 alert internal error

\$xHc

!!!!!!!!

..\..\openssl-1.1.0f\crypto\asn1\a_dup.c

99rKJJ

setct-ErrorTBS

X509_ATTRIBUTE_set1_data

H1KHH

control command failed

BN_lshift

..\..\openssl-1.1.0f\crypto\bio\b_print.c

data too large for modulus

bad rsa encrypt

dane_i2d

cms_signerinfo_verify_cert

string=

do_b2i_bio

r2i_certpol

assertion failed: ctx->buf_len >= ctx->buf_off

SSL_check_private_key

rsa_ossl_public_decrypt

e+000

ac-targeting

restrict(

)D$PH

setct-CertReqTBE

SSL_clear

XA_A\

D7q/;M

id-GostR3410-94-CryptoPro-XchA-ParamSet

illegal zero content

cms_set1_keyid

gK99r

xWI96tRI

Authentication-Results

RSA-MD4

@A^A]A\^[

invalid key length

Line:

RtlLookupFunctionEntry

ec_GFp_simple_group_set_curve

Questionable extension field!

CRL Sign

ShowWindow

DHE-DSS-CAMELLIA256-SHA

PA\_^

PA__^

WinExec

rsadsi

keys not set

unwrap error

CryptImportKey

GENERALSTRING

..\..\openssl-1.1.0f\ssl\d1_lib.c

Microsoft Enhanced RSA and AES Cryptographic Provider

@WATAVAW

resource unavailable try again

zu-za

T$<D;

ar-lb

NCONF_dump_fp

assertion failed: ctx->cipher->block_size == 1 || ctx->cipher->block_size == 8 || ctx->cipher->block_size == 16

invalid string table value

DSS1t>L

BITWRAP

EGH9E

hmac-sha1

bn lib

H9L$pt*

&@'kd

tsa name mismatch

Downgraded-Resent-Cc

CRYPTO_free_ex_data

no conf or environment variable

engine routines

ASN1_SEQUENCE_ANY

..\..\openssl-1.1.0f\crypto\x509v3\v3_crld.c

CAPI_CTX_SET_PROVNAME

A^A]_]

3 3%3-32373=3D3P3W3]3f3k3p3u3|3

l$ VWAT

D$PH1C

digest too big for rsa key

.?AUbad_month@gregorian@boost@@

H9Fpu&H

PSK-AES256-GCM-SHA384

id-pda-placeOfBirth

iostream stream error

..\..\openssl-1.1.0f\crypto\stack\stack.c

id-aca-group

asn1_string_get_int64

freeaddrinfo

3<$E3

EC_GROUP_get_ecparameters

AA Compromise

D3l$$D

H9Qhv

ConvertFiberToThread

l$ VAVAW

connection reset

aes-256-xts

RoUninitialize

distpoint already set

SubmitThreadpoolWork

des_ede3_wrap_cipher

list_certs

dsa_priv_encode

..\..\openssl-1.1.0f\crypto\pkcs12\p12_crpt.c

countersignature

HcT$0L

a5j_5W

u)D9{

X509_INFO_new

ec_GFp_nistp256_points_mul

D$PD9|$8

PA_A^A\^]

mailPreferenceOption

UVATAUAV

X-Mittente

Unused

ASN1_TIME_adj

9K$t+

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@

RC5-CBC

SUVWAUAVAW

HcA<3

sslserver

..\..\openssl-1.1.0f\crypto\dh\dh_key.c

CMS_ContentInfo

x AVH

clienthello tlsext

PSK-AES256-CCM8

requestExtensions

vms_load

l$ VWATAVAW

\$@H;

Container name %s, len=%d, index=%d, flags=%d

domainComponent

EMPTY

setAttr-IssCap-Sig

2reateFileA

ASN1_IA5STRING

ct_precert_scts

__fastcall

\$8I3

singleLevelQuality

SSL_do_handshake

ole32.dll

A_A^^

wrap error

Create

OpenSSL HMAC method

ar-DZ

missing dsa signing cert

CreateEventExW

issuerNameHash

P-192

id-smime-aa-encapContentType

key type mismatch

int_ctrl_helper

desx-cbc

wrong protocol type

nd 3H

OPENSSL_finish

International Organizations

D$08\$0t

CreateProcessInternalA

ASN1_T61STRING

CMS_data

InitializeConditionVariable

DHE-RSA-AES256-CCM

..\..\openssl-1.1.0f\crypto\async\async.c

RSA-MDC2

DHE-DSS-AES256-GCM-SHA384

header limit exceeded

tls1_change_cipher_state

@SVWATAUAVAWH

bio_zlib_write

id-tc26

FindClose

9D$\s_H

aes-192-ccm

MM/dd/yy

PKEY_USAGE_PERIOD

data between ccs and finished

H;xXu9

id-mod-cmp

tls_construct_server_done

invalid bit string bits left

D:\Sources\boost_1_68_0\boost/beast/core/impl/read_size.ipp

certificate is not yet valid

ca key too small

NtCreateThread

ENGINE_get_next

A^A]A\]

pkey_ec_paramgen

no key

SVATAVAW

ECParameters_print

beast.http

D$8D")

McV<E+

singleExtensions

CMS_sign

;\$ |

CreateThread

explicitText

PKCS12 routines

T61STRING

J\A3J\A#

Send Owner

SSL_CTX_check_private_key

qualifiers

rc4-hmac-md5

invalid padding mode

IPv4-SAFI

ECDSA

$$3L$

UI routines

D$ Hk

pkcs5_scrypt_set

pcPathLengthConstraint

Ordering-Type

..\..\openssl-1.1.0f\ssl\s3_lib.c

0A_A^[

OPENSSL_buf2hexstr

value missing

x`\`U

wrong ssl version

e A_A^A\_]

invalid socket

gethostbyname addr is not af inet

%*scrlTime:

>#>)>/>3>A>W>c>e>w>

CMS_RecipientInfo

cant pack structure

H9D$P

@A_A^_^]

Sec-WebSocket-Key

te-IN

Access-Control-Expose-Headers

d.other

ALL:!COMPLEMENTOFDEFAULT:!eNULL

NoResumptionOnRenegotiation

?7?;?=?A?Y?_?e?g?y?}?

ts_verify_cert

Netscape Base Url

v2i_idp

setct-CapRevResData

CRL path validation error

pqualid

GetModuleFileNameA

publicKey

.xJ>Hf

error parsing url

GOST2012-NULL-GOST12

id-smime-alg-ESDHwith3DES

d.otherName

Bad address

south korea

?QY^&

T$ E3

infinite

invalid policy identifier

I96u H

signer certificate not found

NtDuplicateObject

RC4-HMAC-MD5

ECParameters_print_fp

SHELL32.dll

id-smime-aa-ets-escTimeStamp

req_info

content type not enveloped data

A_A^_^[

english-nz

CA Issuers

@UATAUAVAWH

MMHS-Message-Type

</requestedPrivileges>

x509_name_ex_new

MD5-SHA1

s$;S s

zh-mo

..\..\openssl-1.1.0f\ssl\record\rec_layer_s3.c

RtlUnwindEx

@UAVAW

ppBasis

ur-pk

D9|$(t\D

no start line

ECDHE-ECDSA-AES128-GCM-SHA256

<G%uRH

.CRT$XCA

DES-EDE-CBC

d.kekri

padding check failed

authority and issuer serial number mismatch

0A_A^A\][

size() + count > max_size()

zh-sg

t$@H9

owner

ECDHE-RSA-NULL-SHA

@USWATAWH

(t$@f

win32_bind_func

pkey_set_type

..\..\openssl-1.1.0f\crypto\x509\x509_lu.c

RSA_padding_check_none

SO_PATH

D$@M'

Microsoft Trust List Signing

ECDHE-PSK-AES256-CBC-SHA

th-th

jurisdictionL

D9?u=A

~w9l$@

D$`M3

v2i_subject_alt

Resolver-Location

id-smime-alg-3DESwrap

JJ5Jj

invalid log id length

srtp unknown protection profile

id-smime-aa-receiptRequest

asn1_cb

..\..\openssl-1.1.0f\crypto\x509v3\pcy_node.c

Mb=Lk

C(H9w0tTA

des-ede3-ofb

class boost::asio::const_buffer __cdecl boost::beast::buffers_cat_view<class boost::asio::const_buffer,class boost::asio::const_buffer,class boost::asio::const_buffer,class boost::beast::http::basic_fields<class std::allocator<char> >::writer::field_range,struct boost::beast::http::chunk_crlf>::const_iterator::dereference(const struct std::integral_constant<unsigned __int64,5> &) const

CMS_dataInit

0A_A^_

RSA-PSK-NULL-SHA256

task_id

DHE-RSA-AES128-CCM8

smime_sign

9^8u=L

bad allocation

D$ fH

GOST12

assertion failed: 0

D8d$ht

2)252Y2]2c2k2o2u2w2{2

D$(D3

'!'''"#$%''''''''&

PKCS7_signatureVerify

assertion failed: EVP_CIPHER_key_length(cipher) <= (int)sizeof(md_tmp)

asn1 encoding routines

L$0fI

variable expansion too long

\$pI;

void __cdecl boost::beast::buffers_cat_view<class boost::beast::http::detail::chunk_size,class boost::asio::const_buffer,struct boost::beast::http::chunk_crlf,class boost::asio::const_buffer,struct boost::beast::http::chunk_crlf>::const_iterator::increment(const struct std::integral_constant<unsigned __int64,5> &)

DELETE

tst info setup error

POLICY_MAPPING

MinghuaQuS

bad ecpoint

called with even modulus

list<T> too long

X9.62 curve over a 239 bit binary field

fG9,wu

ioctlsocket

CreateDirectoryA

..\..\openssl-1.1.0f\crypto\x509v3\v3_pci.c

D$8"a

D$@H;

l$pE3

|$8I#

sq-al

command takes input

problems getting password

s(Fdi

rc5-ecb

Accept-Features

receiptsFrom

\$0A;

BC (default)

R;vM;

Microsoft Universal Principal Name

SSLv3

l$PI;

ASN1_verify

FindNextFileW

SSL_use_PrivateKey

Type=

signedContentIdentifier

OCSP helper

surname

RAND_bytes

FMM)MRd

ssl_cert_set0_chain

@VATAUAVAW

IPSec User

MMHS-Originator-PLAD

VD$Pf

..\..\openssl-1.1.0f\crypto\dh\dh_lib.c

ntdll.dll

Content-Transfer-Encoding

@A_A^A]A\_^[

..\..\openssl-1.1.0f\ssl\statem\statem.c

^(O=

ro-RO

GOST R 34.10-2012 with GOST R 34.11-2012 (256 bit)

GENERAL_NAMES

UVWATAUAVAWH

0A_A^A\

9CXu;I

no inverse

es-co

!H88p

end of stream

OCTET STRING

l$pL+

pA_A^A]A\_

setct-AuthResTBS

d.ktri

.idata$5

GetCurrentProcessorNumber

D$0A+

EVP_PKEY_get0_RSA

LIST_ADD

DHE-RSA-AES256-CCM8

Urgency

NCONF_get_string

..\..\openssl-1.1.0f\crypto\bn\bn_gf2m.c

file exists

A+T$xE+D$|E+

..\..\openssl-1.1.0f\crypto\engine\tb_pkmeth.c

bad srp parameters

RSA-PSK-NULL-SHA384

SSL_COMP_add_compression_method

zh-cn

A_A]A\^]

Resent-Message-ID

encrypted length too long

blake2s256

issuerKeyHash

LeaveCriticalSection

fE9,Du

alg_module_init

SRTP_AES128_CM_SHA1_80

aes-192-cfb1

A_A^A]A\_^]

Content-features

certicom-arc

.CRT$XTA

char *__cdecl boost::beast::static_string<4096,char,struct std::char_traits<char> >::insert<const char*>(const char *,const char *,const char *)

T$ fI

February

PSK-CAMELLIA256-SHA384

unsupported padding

should retry

invalid iterator

l$ ATAVAW

L$PfD

ZwOpenFile

A^A]A\^]

B-233

CxfD9H

ADH-AES256-GCM-SHA384

Domain

dh_paramgen_generator

digest_alg

id-cmc-recipientNonce

PBEPARAM

L$`L;K(u

DES-EDE3-CFB8

9dcG'

SECLEVEL=

finish failed

unspecified certificate verification error

Keep-Alive

EC_GROUP_get_trinomial_basis

public-key:

tls_process_server_hello

You need to read the OpenSSL FAQ, https://www.openssl.org/docs/faq.html

:BAD OBJECT

D$8`K

8]Vc2

L$Xff

bad magic number

ServerInfoFile

lastModifiedTime

ISO US Member Body

D9t$8t

@UWAUAVH

l$YI+

CMS_OtherCertificateFormat

NCONF_load

GetEnvironmentVariableW

L$@M3

D$4E3

0A_A^A]A\_][

boolean is wrong length

r;w3A

no close brace

t$hM+

X-Device-Accept-Encoding

illegal or unsupported padding mode

.?AVbad_typeid@std@@

?E=$% B

engines

nsSGC

X9.62 curve over a 239 bit prime field

setct-AuthRevReqTBE

invalid bmpstring length

;t$0|

mime-mhs-headings

aes-256-ecb

affiliationChanged

Date-Received

TS_CONF_set_default_engine

L$0H;K

RtlPcToFileHeader

iciNWq

error reading messagedigest attribute

AuthDSS

dane cannot override mtype full

cast-cbc

camellia128

l$hfff

Genu3

D9k8u

ssl_add_clienthello_tlsext

AECDH-NULL-SHA

unknown tag

no child process

ekhHD

pkey_ec_ctrl

sct future timestamp

D$H+D$LH

M9&tb

D$0H;G

EC_KEY_generate_key

assertion failed: b <= sizeof ctx->final

TELETEXSTRING

.?AV_Facet_base@std@@

DHE-RSA-AES256-SHA256

rsaSignature

Subject

X9.62 curve over a 368 bit binary field

Netscape Certificate Sequence

H9{ t H

othername:<unsupported>

initials

2Ht\l

mime sig parse error

ta-in

#'#)#/#3#5#E#Q#S#Y#c#k#

@8|$PtN

es-ni

ASN1_BIT_STRING

}HHcE@H

ChaCha20-Poly1305

SELECT * FROM Win32_ComputerSystemProduct

@SWATAU

sys_version

2"2:2A2H2M2R2W2b2i2o2x2

mac setup error

@A__^

ZwQueryInformationProcess

aes-128-ocb

A_A^]

..\..\openssl-1.1.0f\crypto\o_str.c

set-brand-Diners

verification failure

@UVATAVAW

D:\opensource\openssl-dist-1.1.0f-vs2015\openssl-x64-static-release-vs2015\ssl/cert.pem

D3D$$D3

RSA Data Security, Inc. PKCS

internal list error

Illegal byte sequence

VerifyVersionInfoA

USWATAUAVH

ASN1_get_object

sct verification failed

key_arg

PKCS7_simple_smimecap

old session compression algorithm not returned

0A^A\_

List-Owner

..\..\openssl-1.1.0f\crypto\asn1\d2i_pr.c

d.compressedData

unable to find message digest

prime:

CAMELLIA-128-CCM

HA_A\_[

@@HcH

D8|$Pt

t&<"u

..\..\openssl-1.1.0f\crypto\rsa\rsa_meth.c

PEM_read_bio_PrivateKey

NtUnmapViewOfSection

camellia-192-cbc

ts_RESP_get_policy

EC_GROUP_get_curve_GF2m

ecdh_cofactor_mode

unsupported mask algorithm

(D$ M

X509_PUBKEY_set

bad packet length

1#1)1.13181?1D1I1O1V1[1`1f1m1r1w1|1

fr-MC

subjectSignTool

xatjD

R##Fe

tls12_check_peer_sigalg

with

LetSystemDirectoryA

II9Irp

tls1_export_keying_material

y @tc

fo-FO

sect193r2

dtls_get_reassembled_message

tDfff

assertion failed: l <= sizeof(c->iv)

`placement delete[] closure'

1 1$1(1,181<1@1D1H1L1P1T1X1\1`1d1h1l1p1t1x1|1

ca dn length mismatch

decryption failed

id-GostR3410-2001-TestParamSet

DEK-Info:

unavailable ip family

sha1WithRSA

GetModuleFileNameW

eROOT\CIMV2

PA_A^_^]

<0|RH

Hold Instruction Reject

L$XI#

aes-128-cfb8

GeneralString

@A^A]A\_^

nextupdate before thisupdate

3E`A#

3|rN>

id-smime-mod

dsaEncryption

id-on-permanentIdentifier

..\..\openssl-1.1.0f\crypto\dsa\dsa_asn1.c

..om?

IPAddrBlocks

OCSP_RESPBYTES

L$`H+A

msEFS

&`Pqy?

lstrcmpA

Input/output error

PA_A^^][

c2tnb191v1

setext-genCrypt

__based(

new-zealand

!"#$%&'()*+,-./0123

CreateMailslotA

ct_base64_decode

EC_POINT_get_affine_coordinates_GFp

ec_group_new_from_data

ec_GFp_nistp224_group_set_curve

ec_GFp_simple_point_set_affine_coordinates

dhSinglePass-stdDH-sha512kdf-scheme

id-it-caProtEncCert

|$@fff

d2i_ECPrivateKey

.97yY

BIT STRING

UTCTIME

UA-Pixels

no accept addr or service specified

gl-ES

TLS Web Server Authentication

Key Agreement

p.onBasis

EVP_EncryptUpdate

kekid

Newsgroups

tls_construct_client_key_exchange

CoSetProxyBlanket

Only Some Reasons

unspecified

i2d ecpkparameters failure

initialization error

t$ E3

required cipher missing

pl-pl

A_A^A]A\_[

L$hE3

..\..\openssl-1.1.0f\crypto\asn1\x_info.c

OCSP_SINGLERESP

u!HcM

PKCS12_pack_p7data

illegal time value

tlsv1 alert decode error

, retcode=

H WATAUAVAWH

d2i_ECParameters

no such file

NtSetContextThread

SCT_CTX_verify

too large

pr china

D8d$H

CryptExportKey

OpenProcess

9>powf

illegal negative value

id-cmc-revokeRequest

rsa_ossl_private_encrypt

timeout

ess_CERT_ID_new_init

3t$ A

D$DA3

STARBURN SDK 2022031111035714

fA;0t)fA98t

|$8;3

`@ `QE

If-Range

%*sExplicit Text: %s

;Y<u>D9`

A81t@@8r

norwegian-bokmal

missing second number

clientAuth

..\..\openssl-1.1.0f\crypto\bn\bn_shift.c

L9i u'

d$ H+

EC_GROUP_new

zlib deflate error

A^_^][

aes-256-cbc-hmac-sha256

timeStamping

MMHS-Other-Recipients-Indicator-CC

\$ A_A^A\

digest err

%*s%s-

functionality not supported

,HR>O

Superseded

=d__a_

)D$ E

t,9} u"

GOST R 3410-2001 Parameter Set Cryptocom

WakeConditionVariable

french-swiss

italian-swiss

issuerSignTool

result out of range

fD9,Ku

id-tc26-constants

documentIdentifier

,4$8_@

kdf parameter error

invalid public key blob

engine configuration error

cms_get0_revocation_choices

BN_new

Deferred-Delivery

parameter encoding error

spanish-chile

extendedKeyUsage

authority and subject key identifier mismatch

A_A^A]^][

capi_get_provname, returned name=%s, type=%d

JOINT-ISO-ITU-T

do_dh_print

Digital Signature

D$8E3

cmll_t4_init_key

responseType

PKCS7_sign

@8l$8t

syr-sy

trinidad & tobago

inappropriate io control operation

+D$@H

point arithmetic failure

..\..\openssl-1.1.0f\crypto\engine\eng_cnf.c

,#,/,5,9,A,W,Y,i,w,

Importance

VATAUAVAW

D$8B9

set-attr

(TEST_ENG_OPENSSL_RC4) test_init_key() called

DeregisterEventSource

S/MIME Capabilities

certificate not trusted

PKCS7_dataVerify

3EdA#

sendProxiedOwner

l$ZM+

d=%-2d hl=%ld l=inf

HcD$pH

CMS_SharedInfo

Sec-WebSocket-Version

@A_A^A\_^][

<0|;<9

L$0;L$l

DHE-RSA-SEED-SHA

ssl_validate_ct

A__^

66666666D

certBag

t$0I9p

+daE%

sw-KE

VBR-Info

init failed

..\..\openssl-1.1.0f\crypto\cms\cms_asn1.c

l$03t$

Hc@<H

invalid inheritance

w+H;F v

A_A^_

D3T$<3

m )]0)}4)u8D)u<D)}@D)eDD)mH

invalid signer certificate purpose

=j&&LZ66lA??~

keygen failure

kV!DA

keyEncryptionAlgorithm

UNSUBSCRIBE

A_A\_

invalid dsa public key blob magic number

keyAttr

ServerPreference

Content-Alternative

)D$ f

X509_print_ex_fp

.rtc$IZZ

..\..\openssl-1.1.0f\crypto\srp\srp_lib.c

unsupported encryption type

Downgraded-Message-Id

A_A^^]

id-GostR3410-94-aBis

id-it-revPassphrase

aes_wrap_cipher

BN_generate_prime_ex

CMS_RevocationInfoChoice

shaWithRSAEncryption

OCSP_parse_url

`vftable'

uz-UZ-Cyrl

OBJECT

A_A^_^[]

3|$(E

pkcs8ShroudedKeyBag

L$hH3

streaming not supported

PKCS12_SAFEBAG_create_pkcs8_encrypt

D18 t

counter

generationQualifier

id-it-unsupportedOIDs

sigalgs

msgsigdigest verification failure

D$(;D$<}

odd number of digits

tls_construct_finished

ADH-AES128-SHA

UA>N0Wl

certStatus

D$P9D$pt

echo_console

id-smime-alg-RC2wrap

ChainCAFile

OutputDebugStringW

cross device link

oid exists

unimplemented cipher

DeleteFiber

NtCreateUserProcess

SetThreadpoolTimer

rsa_oaep_md

DES-EDE-CFB

messagedigest wrong length

)KK1Kbz

assertion failed: item != NULL

camellia-256-ccm

\$`M+

OpenSSL X9.42 DH method

C(H9C u1H

can't find SRP server param

B-283

E_D+E

id-pkix1-explicit-88

CHACHA20

CAPI_VTRACE

L$4D;

J`A3J`A#

;22dV::tN

u*L9d$Ht#

xA^A\_^

cofactor

GetCurrentThreadId

broken pipe

D$(A3

EVP_PKEY_verify_recover_init

log conf missing key

ssl command section not found

inconsistent compression

D$(H9D$ viA

gost94

tls invalid ecpointformat list

IPSec End System

VWATAU

expecting a dsa key

F8A_A^A]A\_

capi_ctx_set_provname, name=%s, type=%d

EC_GROUP_check

empty file structure

VWATAV

\$ UVW

context not initialised

unable to load ssl3 sha1 routines

CMS_CertificateChoices

D:\Sources\boost_1_68_0\boost/beast/http/impl/fields.ipp

D$0Ic

assertion failed: aor->u.addressRange == NULL

invalid rsa public key blob magic number

]&g''}

D8d$8t

counter:

..\..\openssl-1.1.0f\crypto\x509v3\v3_enum.c

nn-no

@A^A]^][

>jtm}S

sw-ke

sha512

X509_CRL_print_fp

l$xuR

set-brand

setext-miAuth

ssl_version

sv-se

DHE-RSA-AES256-SHA

.?AVlength_error@std@@

id-it-keyPairParamReq

unsupported algorithm nid

id-regCtrl-pkiPublicationInfo

pkey_dh_derive

ts_get_status_text

ambiguous host or service

cant find capi context

0A]_^][

CMS_RecipientEncryptedKey

not kek

de-LU

..\..\openssl-1.1.0f\crypto\dh\dh_gen.c

GetTickCount

Content-Type

8]u#H

Require Explicit Policy

BN_GF2m_mod_solve_quad

..\..\openssl-1.1.0f\crypto\cmac\cmac.c

setct-CapReqTBE

D$49C

d.digest

|$hL;

CRL signature failure

ECDHE-ECDSA-AES128-SHA

sq-AL

Specifies whether to load from 'DIR_ADD' directories (0=no,1=yes,2=mandatory)

Diffie-Hellman routines

\$ H;

.?AVbad_array_new_length@std@@

version too high

prime192v3

DIST_POINT

..\..\openssl-1.1.0f\crypto\ec\ecp_nist.c

DSA lib

.?AVfacet@locale@std@@

hA_A^A\_^[

tls_process_ske_ecdhe

CAMELLIA-128-ECB

@VATAU

A_A^A\_^

H;A@v

3>fvw

id-cmc-popLinkRandom

`A_A^A]A\^][

I3J(L

crossCertificatePair

D8d$Ht

aes-128-gcm

SSL_write

wrong pkcs7 type

..\..\openssl-1.1.0f\crypto\engine\tb_asnmth.c

setct-AuthRevReqBaggage

sect113r2

X509V3 lib

assertion failed: i <= EVP_MAX_MD_SIZE

D3|$4E3

se-no

auth_attr

D$xI3

EVP_PKEY_new

ctrl operation not implemented

]P^BXQ

|$`Hc

BIO_new_NDEF

x509_pubkey_decode

L$HA3

[aOni*{

assertion failed: j <= sizeof(c->iv)

L$ WAW

dtls1_read_bytes

OCSP Archive Cutoff

..\..\openssl-1.1.0f\crypto\x509\x509name.c

TLSv1.0

3reateFileMappingA

az-AZ-Cyrl

HcT$pL

no signatures on data

s WATAUAVAWH

|$AL+

SCT_set1_signature

PKCS7_RECIP_INFO

SSL_CONF_cmd

userPassword

unknown info type

RoInitialize

PICS-Label

invalid pentanomial basis

ssl3_digest_cached_records

IPSec/IKE/Oakley curve #4 over a 185 bit binary field.

email:%s

A^A]A\_^

%*sFull Name:

pa-IN

RSA_verify

wZiK

8A_A^A]A\_^][

ASYNC_start_job

de-li

3t$<A

ec_GFp_simple_point2oct

SVWATAUAVAWH

t/D8e

CMS_OtherRevocationInfoFormat

assertion failed: t >= 0

id-Gost28147-89-CryptoPro-RIC-1-ParamSet

FreeLibraryAndExitThread

SSL_set_fd

setct-CertReqTBEX

error in nextupdate field

?:kP<

id-GostR3410-94-CryptoPro-XchB-ParamSet

inity

stbl_section

t$(H;

exponent1:

C0A1G

.CRT$XIAA

unable to finalize context

..\..\openssl-1.1.0f\crypto\bio\bss_file.c

t$HLc

T$xL3

key gen error

digestAlgorithm

ECDSA_sign_setup

cipher or hash unavailable

\W%08lX

X9.62 curve over a 163 bit binary field

EVP_PBE_alg_add_type

v2i_GENERAL_NAMES

master secret

D9L$`

signfinal error

Retry-After

EVP_OpenInit

PSK-NULL-SHA

T$`H#

camellia-128-cfb

spanish-dominican republic

compression disabled

%*sExtensions:

8A_A^_]

tls1_PRF

\$0E3

aes-128-cfb

setct-PInitResData

no compression specified

algor

setct-OIData

pbeWithMD2AndDES-CBC

ripemd160WithRSA

.?AV?$_Ref_count_del@XUnoop_deleter@socket_ops@detail@asio@boost@@@std@@

MultiByteToWideChar

..\..\openssl-1.1.0f\crypto\cms\cms_lib.c

pilotObject

assertion failed: !expected_len || s->s3->previous_server_finished_len

CMS_ReceiptsFrom

session_id

8euRH

connection aborted

no password

getsockname

system lib

SCT_set_signature_nid

tn8\$4

BN_usub

`A_A^^][

secp521r1

GOST 34.10-2001 Cryptocom

%*sOrganization: %s

_jbF~T

XA_^][

..\..\openssl-1.1.0f\crypto\evp\e_chacha20_poly1305.c

es-gt

at least TLS 1.0 needed in FIPS mode

`A__]

%8sIssuer Unique ID:

FIPS_mode_set

AES-192-CFB1

bad change cipher spec

No error

ar-SA

id-pe

ASN1_item_sign

en-IE

FALSE

JHA3JHA#

FIPS routines

postOfficeBox

v}`[>

%UUUU

0123456789abcdef

K-233

Message-Context

.?AVbad_alloc@std@@

ssl3_ctx_ctrl

BIO_new

abcdefghijklmnopqrstuvwxyz

..\..\openssl-1.1.0f\crypto\dh\dh_asn1.c

assertion failed: niv <= EVP_MAX_IV_LENGTH

unsupported compression algorithm

ka-ge

setAttr-Token-EMV

no result buffer

@UVAVH

l$@9_8H

PROPFIND

8su]H

CalDAV-Timezones

reason(%lu)

Certificate:

..\..\openssl-1.1.0f\crypto\evp\evp_enc.c

EC_GROUP_get_ecpkparameters

M;;va

auth-ecdsa

ZINT32

T$<D)

A^A\_^]

expaH

D$HH3

Content-Type: application/ocsp-request

@VWATAVAW

SATAUAW

bio_make_pair

%*sinherit

Pragma

@SUWATAW

HA^A]A\^][

Downgraded-Resent-To

id-smime-aa-securityLabel

?TY,>5

OpenSSL default user interface

error:%08lX:%s:%s:%s

could not set engine

^J_spY

no explicit policy

phrase is too short, needs to be at least %d chars

AES256-SHA256

bad field

Hold Instruction None

d$HLc

tls_process_next_proto

bf-ofb

opendir

need organization and numbers

D$PLc

H3T$HH

\$ WAVAW

No such device

Accept-Additions

aes128

https proxy request

Policy Qualifier User Notice

unsupported key encryption algorithm

@UVAW

\$0t&E

ar-IQ

setct-CapReqTBS

Public-Key-Pins

mime-mhs-bodies

LcewA

id-ce

DHE-PSK-AES256-CCM8

3ExA#

EC_POINT_new

CLIENT_CERT_SELECT

spanish-costa rica

ssl_parse_clienthello_renegotiate_ext

Bad file descriptor

x AUAVAWH

Reply-To

f9,Yu

Depth

PKCS12_SAFEBAG_create0_p8inf

t^HcB

d$pL+d$xH

D9e t0I

TS_TST_INFO_set_time

SSL_CERT_DIR

J0A3J0A#

noticeref

GetStdHandle

A;F\u9D

tAHcm

value.good

Content-MD5

id-smime-aa-macValue

invalid directory

fr-ch

@SUVWATAV

proxyPolicy

LoadLibraryWMoveFileWithProgressAMoveFileWithProgressW

RtlQueryEnvironmentVariable

id-cmc-popLinkWitness

sbgp-ipAddrBlock

http request

sk-sk

OpenThread

ttIcF

prime239v2

d.ediPartyName

protocol not supported

CTLOG_new

\\\\\\\\H

mi-NZ

asn1_output_data

@SVAUAW

unknown operation

ECDHE-RSA-AES256-SHA

originator

.CRT$XPXA

dhSinglePass-cofactorDH-sha256kdf-scheme

win32_load

keyAgreement

System32

@UVAV

camellia-192-ccm

d2i_ECPKParameters

.?AU?$error_info_injector@Ubad_day_of_month@gregorian@boost@@@exception_detail@boost@@

C@HcH

Nonce

ssl_set_cert

0D$.H

.CRT$XPX

undefined generator

%*sZone: %s, User:

assertion failed: s->d1->w_msg_hdr.msg_len + DTLS1_HM_HEADER_LENGTH == (unsigned int)s->init_num

prime192v2

no such device or address

setCext-Track2Data

ipsec3

bad Transfer-Encoding

dhKeyAgreement

Max-Forwards

D;T$hr A

missing rsa encrypting cert

Resource deadlock avoided

U8D83A

Downgraded-Resent-Bcc

setct-CapResTBE

setct-CapTokenTBE

A_A^A\_]

D$HH9

ta-IN

@@@@@@

t$ 34$

unhandled critical CRL extension

tls_process_cke_ecdhe

L$ SVW

EC_KEY_print

passed a null parameter

VWATAVAW

PA^_^][

<htr<jtb<lt6<tt&<wt

unsupported md algorithm

tt-RU

memory buffer

SSL_CERT_FILE

rmd160

kernel32

CreateProcessW

keyLength

policy when proxy language requires no policy

I9R@I

operation not supported for this keytype

document

File too large

Private-Key

REBIND

signingTime

D3\$ A

14 (default)

id-pkinit

SSL_set_ct_validation_callback

EVP_CIPHER_CTX_copy

write to read only BIO

haI)|pL<

pkey_rsa_verifyrecover

spanish-honduras

CMS_set_detached

wrong curve parameters

|$ E2

ssl3_setup_write_buffer

out of memory

aes-256-ocb

TS_REQ_set_policy_id

.?AV?$service_base@V?$win_iocp_socket_service@Vtcp@ip@asio@boost@@@detail@asio@boost@@@detail@asio@boost@@

NtCreateEvent

zh-MO

H;]Pu

NtCreateFile

pbeWithSHA1AndRC2-CBC

P-224

L;D$pu

cms_DigestAlgorithm_init_bio

p@0pqE5tsO?|1

@A_A]A\_]

pkcs5

BIO_get_new_index

H;C(u*H

y\PD>!

1#INF

U1(\Q

argument list too long

es-hn

CTLOG_STORE_load_file

SSL_peek

CommandLine

D$ L3

issuer capabilities

hbJ*("

JtA3JtA#

D3D$0D

|$@-D

brainpoolP160t1

@SUATAUAW

D$8H1C

X509v3 Issuing Distribution Point

GOST 34.10-94 Cryptocom

_g@Cg

api-ms-win-core-sysinfo-l1-2-1

PKCS7_ctrl

cms_get0_signed

assertion failed: f->addressFamily->data != NULL

english-belize

gost94cc

%*sNo Rejected Uses.

l$ E+

DL-Expansion-History

|$ AUAVAW

win32_globallookup

TS_RESP_verify_signature

PKCS5_v2_PBKDF2_keyivgen

wrong lookup type

DHE-PSK-AES128-CCM

def_time_cb

BUF_MEM_grow

ENGINE_get_last

SNILS

ECDHE-ECDSA-CAMELLIA256-SHA384

NULL-MD5

`placement delete closure'

G8A_A^A\

(|YGNk

f9<Au

class boost::asio::const_buffer __cdecl boost::beast::buffers_cat_view<class boost::beast::detail::buffers_ref<class boost::beast::buffers_cat_view<class boost::asio::const_buffer,class boost::asio::const_buffer,class boost::asio::const_buffer,class boost::beast::http::basic_fields<class std::allocator<char> >::writer::field_range,struct boost::beast::http::chunk_crlf> >,class boost::beast::http::detail::chunk_size,class boost::asio::const_buffer,struct boost::beast::http::chunk_crlf,class boost::asio::const_buffer,struct boost::beast::http::chunk_crlf>::const_iterator::dereference(const struct std::integral_constant<unsigned __int64,6> &) const

X509_VAL

oD<Hf

unsupported signature type

cms_RecipientInfo_ktri_encrypt

OpenSSL CMAC method

spanish-uruguay

DHE-DSS-CAMELLIA256-SHA256

bf-cfb

invalid null value

aes-256-ccm

extension not found

Accept-Datetime

SUWATAUAV

H9k@u

..\..\openssl-1.1.0f\crypto\rsa\rsa_pss.c

get_cert_by_subject

A^A]_

unsupported algorithm

<"t1<\u

id-mod-kea-profile-88

id-smime-ct-contentCollection

D:\Sources\boost_1_68_0\boost/beast/core/impl/flat_buffer.ipp

PEM_ASN1_write

..\..\openssl-1.1.0f\crypto\x509\by_file.c

D$DA+E,A

! !K+hcF&db

X509v3 Delta CRL Indicator

Inhibit Policy Mapping

|$@9X

pilot

explicit

\$xH;

X509_NAME_add_entry

PSK-AES128-GCM-SHA256

J@A3J@A#

@SWATAV

EC_KEY_oct2priv

dane_tlsa_add

des-ecb

generic cryptogram

DIGESTS

SessionTicket

eu-es

A89Q0

CMS_Attributes_Sign

`+!]?

t2HcE

UVAUAVAW

expecting an object

jurisdictionCountryName

Setting debug level to %d

protocolInformation

ec_GF2m_simple_point_set_affine_coordinates

aes256-wrap

american-english

L$0L;

no matching signature

md5-sha1

unknown cipher returned

>//^q

D$ A9m8

RSA_verify_ASN1_OCTET_STRING

..\..\openssl-1.1.0f\crypto\ec\ec_mult.c

OCSP_REVOKEDINFO

7HcF0

,I<%w

KxECDHE

id-Gost28147-89-None-KeyMeshing

Content-Script-Type

@SAUAVAW

uAH9x

D:\Sources\boost_1_68_0\boost/beast/http/impl/message.ipp

compression library error

OM(E3

A_A^]

id-tc26-digest-constants

emailCA

pub:

5#5*50565

en-ca

FILE pointer

%s %s HTTP/1.0

%04d%02d%02d%02d%02d%02dZ

dsa_paramgen_md

id-regCtrl-oldCertID

brainpoolP320r1

C847u

dane not enabled

E()EP

pkcs7

ca-es

AES-256-CBC

Suite B: curve not allowed for this LOS

FreeEnvironmentStringsW

BN lib

DES-EDE-OFB

kx-dhe

BLAKE2b512

wrong curve

..\..\openssl-1.1.0f\ssl\statem\statem_lib.c

en-cb

D$@H=@W

CAMELLIA-192-CFB1

DHE-PSK-AES256-CBC-SHA

secureShellClient

B-163

postalAddress

IsValidLocale

id-smime-aa-ets-certValues

..\..\openssl-1.1.0f\crypto\bn\bn_div.c

format error in certificate's notAfter field

ec_GFp_nistp521_point_get_affine_coordinates

peer did not return a certificate

%*s<INVALID PRIVATE KEY>

setAttr-GenCryptgrm

.?AV?$clone_impl@U?$error_info_injector@Vsystem_error@system@boost@@@exception_detail@boost@@@exception_detail@boost@@

invalid object identifier

P-384

bad function call

1SPS0

ssl handshake failure

ChaCha20

proxyCertInfo

modulus:

0A^A]_^]

fr-CA

Exponent:

AES-128-OCB

uQ9G|uJ9C|uEHcOx

GetSystemTime

dane tlsa bad matching type

.rdata$T

id-aes128-GCM

+(#E%da

id-smime-mod-ets-eSignature-97

mac generation error

commonName

method

X509v3 CRL Reason Code

issuer_and_serial

BN_rand_range

SSL_SESSION_set1_id

L$`H9

EVP_PKCS82PKEY

.?AUnoop_deleter@socket_ops@detail@asio@boost@@

D9|$8}O

PKCS7_find_digest

FindFirstFileW

PKCS12_item_i2d_encrypt

ECDHE-PSK-AES256-CBC-SHA384

noticenos

ProfileObject

@SUVWAUAW

bad Content-Length

(A_A\_]

..\..\openssl-1.1.0f\crypto\evp\e_rc2.c

gost2012_256

rsa operations not supported

get_and_lock

english-aus

invalid digest type

BN_rshift

No such file or directory

SECG curve over a 131 bit binary field

D3\$03

SSL_CTX_enable_ct

CMS_add0_recipient_key

NIST/X9.62/SECG curve over a 192 bit prime field

..\..\openssl-1.1.0f\crypto\ct\ct_oct.c

CA Compromise

L(:A:

L$8H3

uint64_c2i

mt-mt

Downgraded-Resent-Sender

`_^]H

dane tlsa bad selector

assertion failed: j <= (int)sizeof(ctx->key)

d$hH+

DD$$H

rsa_keygen_pubexp

File exists

.?AV?$execution_context_service_base@Vwin_iocp_io_context@detail@asio@boost@@@detail@asio@boost@@

keyIdentifier

Negotiate

wap-wsg-idm-ecid-wtls5

sma-se

asio.ssl.stream

LcD$0H

%s: (%d bit)

H;D$xsiH

SRTP_AEAD_AES_128_GCM

UnhandledExceptionFilter

)>6{1n

bad chunk

DSO_bind_func

assertion failed: *currlen <= *maxlen

A_A]A\_][

bT&`E

%8sVersion: Unknown (%ld)

X509V3_EXT_add

T$XE3

id-cmc-encryptedPOP

~|u&L

INITY

OCSP_cert_id_new

66666666H

id-smime-ct-DVCSRequestData

7[7f7w7O8

bn to asn1 integer error

vMH9{

Return-Path

CRL_DIST_POINTS

error in extension

no proxy cert policy language defined

CMS_RecipientInfo_kekri_get0_id

!5!A!I!O!Y![!_!s!}!

G H9G

-rq@e

HeapAlloc

A]A\_^][

eLK(w

l$0E3

Verify failure

L$0Hc

r:D8v

D$0H#

id-regInfo

rsa_mgf1_md

PBE-SHA1-RC4-40

DirName:

LogonUserA

content and data present

member

unknown digest algorihm

session_id_context

Downgraded-References

PEM_do_header

Lc\$pI

id-HMACGostR3411-94

dh-std-kdf

SEQWRAP

USVWAUAVAWH

description

ssl library has no ciphers

Any Extended Key Usage

ar-sa

l$XHc

msUPN

Time Stamping

A_A^A]_^[]

ssl_create_cipher_list

dane tlsa bad digest length

..\..\openssl-1.1.0f\crypto\evp\encode.c

not enough memory

l$PM3

copy error

:BAD INTEGER

dmp1 not congruent to d

Microsoft Server Gated Crypto

K-409

Suite B: invalid signature algorithm

HAI8xpH

EC_PRIVATEKEY

id-cct-PKIData

user too long

aes-128-ctr

md_gost94

PKCS7_SIGNED

ssl_parse_serverhello_tlsext

Variant-Vary

..\Windows\System32\rundll32.exe$advpack.dll,RegisterOCX sysmon64.exe"%systemroot%\system32\imageres.dll

GxA+Il+H

dcobject

CMS_stream

`A^_^][

List-Subscribe

T$@Lc

setct-CapTokenTBS

EVP_PBE_CipherInit

RtlInitUnicodeString

t0HcS

Listing certs for store %s

m8L9c

\$PL9a

RFC 5639 curve over a 384 bit prime field

ECDHE-PSK-CHACHA20-POLY1305

D$P I

no default digest

CAMELLIA256

ResetEvent

tr-TR

rsa_oaep_label

dynamic

Subject Information Access

BUF_MEM_grow_clean

es-es

f9<Bu

Proxy-Authorization

Subject:

server response error

d.v2AttrCert

%3333D3

Transfer-Encoding

func(%lu)

VUUUH

ECDHE-RSA-CHACHA20-POLY1305

EC PRIVATE KEY

S,fA+

@UVWAVAWH

dhSinglePass-stdDH-sha224kdf-scheme

RtlExitUserThread

HcD$8L

canadian

ASYNC_pause_job

@VAVAW

d.envelopedData

smj-SE

CAMELLIA-256-CTR

-9Qht

OpenSSL default

\\\\\\\\D

es-sv

responseBytes

L$ UVWAVAWH

Message-Type

Set CSP type, (default RSA_PROV_FULL)

D$ D3

%02d%02d%02d%02d%02d%02dZ

assertion failed: n >= 0

spanish-guatemala

T$PHk

SSL_CTX_set_client_cert_engine

l$hD;

Certificate Sign

..\..\openssl-1.1.0f\crypto\engine\eng_dyn.c

DSA_SIG

`h````

mstring wrong tag

X!;3;

..\..\openssl-1.1.0f\crypto\bn\bn_intern.c

I9PXH

~;HcS

X509_NAME_INTERNAL

GetModuleHandleExA

id-cmc-statusInfo

void __cdecl boost::beast::buffers_cat_view<class boost::beast::detail::buffers_ref<class boost::beast::buffers_cat_view<class boost::asio::const_buffer,class boost::asio::const_buffer,class boost::asio::const_buffer,class boost::beast::http::basic_fields<class std::allocator<char> >::writer::field_range,struct boost::beast::http::chunk_crlf> >,class boost::beast::http::detail::chunk_size,class boost::asio::const_buffer,struct boost::beast::http::chunk_crlf,class boost::asio::const_buffer,struct boost::beast::http::chunk_crlf,class boost::asio::const_buffer,class boost::asio::const_buffer,struct boost::beast::http::chunk_crlf>::const_iterator::increment(const struct std::integral_constant<unsigned __int64,9> &)

es-pe

IP Address:<invalid>

Ht)I;

invalid digest

SELECT * FROM Win32_ComputerSystem

u-H9x

init fail

~)p$w

GOST2001-GOST89-GOST89

assertion failed: chunk >= 0

GetLastError

lcO/<1

ECPARAMETERS

0A__^

subtreeMinimumQuality

D$Ht%H

D$HIch

0A^A]^

@SVWAUAV

Set key lookup method (1=substring, 2=friendlyname, 3=container name)

IDEA-OFB

%8sSubject Unique ID:

CryptDuplicateKey

O44h\

rsa_mgf1_to_md

\$hH;

PeekNamedPipe

0N0W0`0h0q0

.reloc

Downgraded-Original-Recipient

?+>^m

capi_get_provname, index=%d

%s %s%lu (%s0x%lx)

CMS_OriginatorPublicKey

d$pI;

pkcs7-envelopedData

path length constraint exceeded

invalid cmd number

id-smime-aa-contentReference

pSourceFunc

`vector constructor iterator'

Interrupted function call

t$ WAVAWH

Proxy-Connection

result too small

AES-192-ECB

L9Ahs

sendProxiedRouter

NtOpenProcess

Original-Sender

..\..\openssl-1.1.0f\crypto\ec\ecdsa_vrf.c

xh-ZA

mdc2WithRSA

EVP_PKEY2PKCS8

PrivateKey

D8&t!

psk no server cb

GENSTR

unexpected body

es-mx

identified-organization

int_ctx_new

ssl_verify_cert_chain

L?UUUUUUU?

BN_mpi2bn

|$0A+

PSK-NULL-SHA384

secp160k1

RSA-RIPEMD160

d$XfD

VerSetConditionMask

@SUVWAUAVAW

@WATAUAW

p>|B>

id-it-implicitConfirm

ECDHParameters

SUVWATAUAV

%lu. %s

BN_BLINDING_convert_ex

set-addPolicy

nl-nl

EP+E(

UAVAWH

;.u1L

ASN1_TYPE_get_octetstring

A_A^A]A\_

ec_GFp_mont_field_set_to_one

D$xD9}

ts_CONF_lookup_fail

H^_[]

0A_A^A\_]

|$PL;

SUVWATAVAWH

aaj_55

Original-From

DHParameters

0#0)070;0U0Y0[0g0q0y0}0

\$ UVWATAUAVAWH

IJ_H^[

J A3J A#

l$HM9

aNULL

c2i_uint64_int

pA_A^A]A\_^[

..\..\openssl-1.1.0f\crypto\ct\ct_policy.c

userId

UI_ctrl

T$PH3

cms_CompressedData_create

desktop-i8bn9qk

.?AVservice@execution_context@asio@boost@@

pem name bad prefix

(h`H1pqA

X9.62 curve over a 176 bit binary field

..\..\openssl-1.1.0f\crypto\init.c

ECDHE-RSA-AES128-GCM-SHA256

Solicitation

TLS1-PRF

A^A\_][

8uu]H

oriType

curve

L$pH3

coefficient:

d.ori

sr-BA-Latn

not supported for this key type

upgrade

pkcs7 to ts tst info failed

X9.62 curve over a 208 bit binary field

SystemID

PKCS5_pbe2_set_scrypt

SECG curve over a 192 bit prime field

CXHc8H

L98u&H

0A_A^A]A\_^]

ssl_init_wbio_buffer

CAMELLIA-128-GCM

Allow

H;A v

dynamic_set_data_ctx

t(HcD$@L

invalid output length

unable to get certs public key

is-IS

MaxProtocol

..\..\openssl-1.1.0f\crypto\pkcs12\p12_utl.c

RSA-PSK-CAMELLIA128-SHA256

.?AVios_base@std@@

unknown command

unable to get issuer certificate

kok-IN

ASN1_item_i2d_bio

0A_A^A]_]

check_suiteb_cipher_list

ssl3_read_n

NtProtectVirtualMemory

0A]A\_][

PKCS7_RECIP_INFO_set

proxy path length constraint exceeded

excluded subtree violation

$d`D-laM

PBE-MD2-RC2-64

PKCS7_set_cipher

policy mismatch

Peer haven't sent GOST certificate, required for selected ciphersuite

((((( H

setAttr-SecDevSig

KxRSA

internal error

CreateFileA

aECDSA

status too old

d$@M3

dddd, MMMM dd, yyyy

Delivery-Date

DES-EDE3-CBC

id-smime-mod-oid

CreateToolhelp32Snapshot

NUMERICSTRING

Z:\hooker2\Common\md5.cpp

WATAUAVAW

A^_^

UI_get0_result

SCT_set0_log_id

processing error

@@@@$$$$$$$$$$$$$$$$@@@@@@@@@@@@@@@@

HfA;0

setAttr-IssCap

error opening store

..\..\openssl-1.1.0f\crypto\x509v3\v3_utl.c

MMfU33

sr-BA-Cyrl

.tls$ZZZ

HMAC-SHA1

inhibitPolicyMapping

474E4U4W4c4i4m4

ct_v1_log_id_from_pkey

0A^_^

|$ M;

GENTIME

D$@E3

PA_A^A]^]

v2!L.2

id-tc26-mac

ECDHE-PSK-NULL-SHA256

\$(A_A^A]A\

D$pI3

ASN1_TBOOLEAN

Not After :

unknown key type

TS_RESP_CTX_set_def_policy

X509_TRUST_set

mime no content type

missing init function

H9C v

crl verify failure

originatorInfo

rc2-40-cbc

expecting a dh key

Public Key

CAMELLIA-256-ECB

AES-128-CBC-HMAC-SHA256

CRL signing

@SUVWAV

D9kptEL

acpt_state

SHA256

Hold Instruction Call Issuer

OCSP_check_validity

cms_DigestedData_do_final

}_|mPG@j^h

duplicate zone id

IsDebuggerPresent

Subject:%c

BH+B

Set CSP name, (default CSP used if not specified)

C-Ext

NtGetContextThread

G8L9 u

Trailer Field: 0x

SoapAction

rc2-ofb

..\..\openssl-1.1.0f\crypto\engine\tb_digest.c

\$8A+

RSA-PSK-AES256-GCM-SHA384

old_dsa_priv_decode

tls_construct_cke_ecdhe

3l$<A3

`eh vector destructor iterator'

D3t$4A

BIO_lookup

INT32

%K3 QQ+

american

unknown state

#D$ D3

no cipher set

FlsGetValue

AES-192-CBC

ISO-US

..\..\openssl-1.1.0f\crypto\pem\pem_oth.c

ssl3_generate_master_secret

TRG7ts

self signed certificate

id-aca-chargingIdentity

l$<E3

Default-Style

`dynamic initializer for '

nsDataType

6tpD4

.data

asn1_template_ex_d2i

Bad dynamic_cast!

Public

response setup error

RIPEMD160

rc2-cbc

unknown error

assertion failed: s->init_num == (int)s->d1->w_msg_hdr.msg_len + DTLS1_HM_HEADER_LENGTH

RSA-SHA1

A_A^A\_^[

BIO_new_mem_buf

invalid pss parameters

..\..\openssl-1.1.0f\crypto\ec\ec_oct.c

``@ PP@

@SUVAVAW

~/Hc}

BIO_callback_ctrl

content type not data

(MPLS)

GetTickCount64

ASN1_UTCTIME_adj

invalid group order

language

..\..\openssl-1.1.0f\crypto\bn\bn_recp.c

setct-PResData

0A^][

..\..\openssl-1.1.0f\crypto\ec\ecdsa_sign.c

.?AV?$clone_impl@U?$error_info_injector@Ubad_month@gregorian@boost@@@exception_detail@boost@@@exception_detail@boost@@

too many temporary variables

~ $s%r

unsupported public key algorithm

ttHcX H

Extended OCSP Status

ilRdV

ADH-CAMELLIA256-SHA

DHE-RSA-CAMELLIA128-SHA

(

.CRT$XCC

sha224

@SUWAU

eContentType

X509V3_add1_i2d

adding object

mk-MK

UI_create_method

win32_merger

wap-wsg-idm-ecid-wtls3

EVP_CIPHER_CTX_ctrl

JdA3JdA#

T$ Lc

t$(Hc

KxSRP

capi_get_key, contname=%s, provname=%s, type=%d

;|$8~EH

FileTimeToSystemTime

tls_client_key_exchange_post_work

spanish-el salvador

A^_][

MMHS-Message-Instructions

setAttr-T2Enc

..\..\openssl-1.1.0f\crypto\pkcs7\pk7_doit.c

3C29FEA2-6FE8-4BF9-B98A-0E3442115F67

`vector copy constructor iterator'

prime-field

dh_priv_encode

ossl_ecdsa_verify_sig

bT&`D

SetEvent

9\$<t

(Unicast)

SSL_set_session_id_context

NNTP-Posting-Host

cleanup method function failed

..\..\openssl-1.1.0f\crypto\bn\bn_mont.c

set-brand-JCB

missing ocspsigning usage

status_request

setct-AuthRevResTBEB

t$]H+

BN_GF2m_mod_exp

en-ZA

HcO(E3

d.usernotice

D$0HcH

ssl_do_config

bad alloc

Authorization

el-GR

false

md5WithRSA

Already open

MEDIUM

EVP_PKEY_copy_parameters

D$(H3

id-mod-dvcs

A_A^A]

effffff

delete[]

fread

0A__^][

ipsecTunnel

SUITEB128C2

IsValidLocaleName

..\..\openssl-1.1.0f\crypto\asn1\tasn_fre.c

Schedule-Reply

ANY PRIVATE KEY

EVP_CipherInit_ex

field value too large

ECDHE-RSA-AES128-SHA

JPA3JPA#

dV22tN::

read key

p not prime

superseded

D$HA3

unsupported or invalid name syntax

Send Router

.>PJ;I:qE>

pa-in

CAST5-ECB

bad iv chars

scsv received when renegotiating

@UWAVAW

PKCS7 lib

H9A u

CAPI_RSA_PRIV_DEC

D;t$h

X509_CINF

getsockname error

input not initialized

CHECKOUT

CAPI_RSA_SIGN

@A_A^^

RSA_null_public_decrypt

`H(hqA1p

revocationTime

aes-128-cbc

verify_result

Exec format error

L$@Hc

..\..\openssl-1.1.0f\crypto\ct\ct_x509v3.c

X9_62_CURVE

LCMapStringW

encryption

id-smime-cti-ets-proofOfOrigin

do_pkcs7_signed_attrib

D$(H;

aes_init_key

grasshopper-cfb

D$@Hc@<H

55j_WW

sma-no

german-luxembourg

S`@0k

short header

async_ctx_new

az-AZ-Latn

signature

@SVAV

not key agreement

filename too big

RSA-NP-MD5

OpenSSL EC_KEY method

8_^][

PBE-SHA1-2DES

nistp224_pre_comp_new

CloseThreadpoolTimer

D3d$

J8A3J8A#

assertion failed: chain != NULL && sk_X509_num(chain) > 0

SuspendThread

ABCDEFGHIJKLMNOPQRSTUVWXYZ

Resent-Sender

RapportGP.dll

?@En[vP

no required digest

stED;

memory limit exceeded

block cipher pad is wrong

EC_POINT_get_Jprojective_coordinates_GFp

.?AU?$error_info_injector@Vinvalid_argument@std@@@exception_detail@boost@@

ec_GFp_nistp256_group_set_curve

dynamic_load

NIST/SECG curve over a 571 bit binary field

OpenSSL EC algorithm

unimplemented public key method

ar-ma

Cancel-Key

"!"%"+"1"9"K"O"c"g"s"u"

invalid trinomial basis

Proc-Type:

Resolution-Hint

3D$`E

GetCurrentThread

sma-SE

Received

%*scrlUrl:

contentType

bad q value

device or resource busy

setct-PANData

es-pr

ENGINE_pkey_asn1_find_str

identifier removed

rc5-cfb

D$8H9F

AUTHORITY_KEYID

Suite B: invalid public key algorithm

id-tc26-gost-28147-constants

d$@Lc

already connected

en-CB

CreateThreadpoolWait

NIST/SECG curve over a 521 bit prime field

unknown protocol

privateExponent:

error converting private key

Visual C++ CRT: Not enough memory to complete call to strerror.

M H1E

cons:

Resource temporarily unavailable

CAMELLIA-256-OFB

assertion failed: num == 1 && ctx->num_untrusted == num

copy_issuer

ECDHE-ECDSA-AES256-SHA384

PKCS12_set_mac

|$Hst

not proc type

md4WithRSAEncryption

RSA_PSS_PARAMS

L(;E:

A_A^[

receipt decode error

zlib not supported

@SVATAVAW

es-CR

Authentication-Control

D;](A

X509v3 Policy Mappings

D$Hu9

des-ede3-ecb

engine_unlocked_finish

tls_process_server_certificate

3ElA#

id-cct-PKIResponse

D$pE3

searchGuide

fG9$Ou

.?AV?$basic_streambuf@DU?$char_traits@D@std@@@std@@

stgE;

t$ WATAW

UTF8String

RSA-SHA224

EC_POINT_is_on_curve

CMS_RecipientInfo_set0_password

@USVWAUAVAWH

t$(L;

required compression algorithm missing

DHE-PSK-NULL-SHA256

..\..\openssl-1.1.0f\ssl\ssl_mcnf.c

invalid option

south-korea

__crt_strtox::floating_point_value::as_float

brainpoolP512t1

=!=-=3=7=?=C=o=s=u=y={=

sect409k1

key usage does not include certificate signing

L$/Hc

Key type: 1=AT_KEYEXCHANGE (default), 2=AT_SIGNATURE

|$ AV

/>58d%

otherMailbox

\$@I+

cms_add1_signingTime

sct invalid

H9;uVH

BIO_socket_nbio

ECDSA_sign_ex

RSAES-OAEP

id-smime-mod-msg-v3

d.cpsuri

EdiPartyName:<unsupported>

0A_A^A]A\]

teL9w@t9fff

tK@8{:t

T$hD+

encapContentInfo

assertion failed: !expected_len || s->s3->previous_client_finished_len

`A]^[

ENGINE_set_name

assertion failed: eckey->group->meth->keygen != NULL

@SVWATAVAW

joint-iso-itu-t

cmd not executable

heartbeat request already pending

RaiseException

assertion failed: ssl_digest_methods[SSL_MD_MD5_IDX] != NULL

..\..\openssl-1.1.0f\ssl\ssl_rsa.c

WAVAW

privateKeyUsagePeriod

id-GostR3410-2001-ParamSet-cc

DSO_convert_filename

id-alg

:BAD ENUMERATED

dgram_sctp_write

pA^A]A\_^][

tRM;J

gost2012_512

H;G v

pbeWithMD5AndCast5CBC

D3l$8A3

keyCompromise

T$@H+

i2b_PVK

HMAC GOST 34.11-2012 256 bit

+M<7>

t$ WATAUAVAWH

id-tc26-digest

ASN1_i2d_bio

SetLastError

X509_REQ_print_fp

wrong integer type

XA_A]_^[]

unable to get local issuer certificate

int_dhx942_dh

.rtc$TZZ

french-canadian

@VATAUAV

connect error

error getting public key

fD9,Pu

T$PI3

EVP lib

german-swiss

dh_priv_decode

id-Gost28147-89-CryptoPro-A-ParamSet

9\$0v<L

id-smime-aa

sl-si

ocsp_match_issuerid

invalid value

E_@8u

SK?Nv

network reset

id-smime-aa-signatureType

id-ecPublicKey

@USVWAUAVH

PBE-SHA1-RC4-128

error setting fips mode

dir_ctrl

arg2 lt arg3

DSA_do_sign

Timeout

BN_mod_exp_mont_consttime

k*do^

pbeWithSHA1And2-KeyTripleDES-CBC

L$0fH

EC_KEY_new_method

.?AU?$error_info_injector@Vservice_already_exists@asio@boost@@@exception_detail@boost@@

u4D9~

encode_pkcs1

camellia-128-ccm

es-ar

D$X+E

..\..\openssl-1.1.0f\crypto\kdf\tls1_prf.c

January

do_PVK_body

unknown extension

no link

..\..\openssl-1.1.0f\crypto\engine\eng_pkey.c

User name:

X9.42 DH

'L>[

@UVAVAW

: inherit

H+{0H+

fD9,Au

ASN1_OCTET_STRING

tt-ru

@UVWH

%*sLog ID :

..\..\openssl-1.1.0f\crypto\evp\p_lib.c

PBKDF2PARAM

HcE0H

tls_construct_client_hello

IsWow64Process

..\..\openssl-1.1.0f\crypto\ec\ecp_mont.c

\$pH;

international-organizations

U$qk.

l$@I;

TUUUU

f9,~u

0A^A\^][

china

{x`M`

not key transport

ecdh_single

`3SbE

GOST 28147-89 TC26 parameter set

BITSTRING

Sj~=eI

o|$0f

D$ H1

The descriptor does not fit into the select call's fd_set

GetCPInfo

H3A(I3

tDLcC

0A^A\_][

inappropriate fallback

argument is not a number

@USATAUAVH

ADH-SEED-SHA

enhancedSearchGuide

InitializeCriticalSectionEx

assertion failed: num == ctx->num_untrusted

:D$Xu

ct_cert_scts

PKCS12_unpack_p7data

S,, <Zw

D$@A+

sha256

%s%02x

contents

`local static thread guard'

GetLocaleInfoEx

engine_list_remove

QueryPerformanceCounter

PKCS7_encrypt

unsupported protocol family

.CRT$XCAA

t_L9k

length too long

es-MX

FormatMessageA

TlsFree

unknown key exchange type

unsigned __int64 __cdecl boost::beast::http::read<class boost::asio::ssl::stream<class boost::asio::basic_stream_socket<class boost::asio::ip::tcp> >,class boost::beast::basic_flat_buffer<class std::allocator<char> >,false,struct boost::beast::http::basic_string_body<char,struct std::char_traits<char>,class std::allocator<char> >,class std::allocator<char>>(class boost::asio::ssl::stream<class boost::asio::basic_stream_socket<class boost::asio::ip::tcp> > &,class boost::beast::basic_flat_buffer<class std::allocator<char> > &,struct boost::beast::http::message<0,struct boost::beast::http::basic_string_body<char,struct std::char_traits<char>,class std::allocator<char> >,class boost::beast::http::basic_fields<class std::allocator<char> > > &)

D$LHcD$8D

CompareStringEx

@SATAV

No such device or address

AreFileApisANSI

p is not prime

t7HcF

ts_check_nonces

american english

8A_A\_[

J;D10t

|$ A+

invalid init value

Encipher Only

J:xrG

H9+uFA

HA_A^

A_A^A]A\_^]

illegal format

cms_enveloped_data_init

JlA3JlA#

ProcessLoad

setct-CredRevReqTBE

Proxy-Instruction

aes-128-cbc-hmac-sha1

illegal nested tagging

tlsv1 unsupported extension

string too short

id-GostR3410-2001-CryptoPro-XchA-ParamSet

H_^][

not loaded

not basic response

IPAddressChoice

%s%c%08lx.%s%d

u795kZ

Sec-WebSocket-Accept

chinese-singapore

ec_GF2m_simple_point2oct

EC_POINT_add

..\..\openssl-1.1.0f\crypto\evp\p_verify.c

id-qt-unotice

A;A u

SetThreadInformation

conn_ctrl

d.x400Address

ky-kg

D$0H9D$8r

\$XA3

PKCS7_SIGN_ENVELOPE

`A_A^A\_^][

last octet invalid

RSA-SHA1-2

EVP_PKEY_decrypt_init

addressFamily

lstrlenA

challengePassword

`bB"(!

!"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\]^_`abcdefghijklmnopqrstuvwxyz{|}~

+en+eo+

..\..\openssl-1.1.0f\crypto\x509\x509_vpm.c

SH6tc

eu-ES

kk-kz

@A^A]A\][

dh_paramgen_prime_len

brainpoolP320t1

..\..\openssl-1.1.0f\crypto\bn\bn_add.c

aes-192-cbc-hmac-sha1

If-Schedule-Tag-Match

error setting key

no policy identifier

id-pda-dateOfBirth

Char=

ssl_cert_add0_chain_cert

PEM_read_bio_DHparams

)D$0f

ECPKParameters_print

resource deadlock would occur

..\..\openssl-1.1.0f\crypto\ocsp\v3_ocsp.c

setAttr-T2cleartxt

PROXY_CERT_INFO_EXTENSION

nn-NO

D$$D9B

HcG(H

CAMELLIA-256-CFB1

do_pk8pkey

GetUserDefaultLCID

tls1_check_duplicate_extensions

uW9{8

}gD9.

body limit exceeded

ar-TN

8luhH

A^_]

thisUpdate

UTF8STRING

If-Modified-Since

CertCloseStore

dtls_construct_hello_verify_request

D9Hdv

..\..\openssl-1.1.0f\crypto\engine\eng_ctrl.c

Program:

def_load_bio

pem name too short

engines section error

X509_check_private_key

id-smime-ct-contentInfo

ossl_ecdsa_sign_sig

..\..\openssl-1.1.0f\crypto\x509\x509_cmp.c

L9c u

CT routines

x509_name_encode

..\..\openssl-1.1.0f\crypto\x509v3\v3_prn.c

(>nH&p

asn1_do_adb

msSmartcardLogin

.CRT$XPA

state not recoverable

fD9 t

invalid compression algorithm

X400-Trace

PKCS5_pbe_set0_algor

SVWAVH

D$8H+

..\..\openssl-1.1.0f\crypto\asn1\x_long.c

setCext-merchData

countryName

tls_process_cke_rsa

'''''''''''''''''''''''''''''''''''''''''

ENGINE_set_default_string

tls_process_ske_psk_preamble

X509 CRL

i2o_ECPublicKey

id-smime-alg-ESDH

@SUATAU

D:\Sources\boost_1_68_0\boost/beast/core/impl/buffers_cat.ipp

}t5H+C

cms_DigestAlgorithm_find_ctx

ASCII

H;E v

A_A^A]A\_]

v2i_BASIC_CONSTRAINTS

TerminateProcess

LdrUnloadDll

SYSTEMID

H99u2

des-ede3

]t/H+C

no port defined

it-CH

|$ AVD

SetStdHandle

pkcs7-encryptedData

File:

Authentication-Info

zh-CN

chacha20_poly1305_ctrl

Authority Information Access

(D$ f

size() >= max_size()

%*sPath Length Constraint:

assertion failed: ssl_mac_secret_size[i] >= 0

keyUsage

assertion failed: s->init_off == 0

t@H9s

uniqueIdentifier

..\..\openssl-1.1.0f\crypto\evp\evp_lib.c

RtlCompareUnicodeString

0pp@5tqE?|sO541

yBNu'

singleRequestExtensions

DSO_load

whirlpool

3t$0A

common ok and cancel characters

msgsigdigest error

INT64

SUVWATAU

List-Post

%s%02X

CertGetCertificateContextProperty

GetLocaleInfoW

invalid mgf1 md

.00cfg

invalid message length

french-luxembourg

ec_GFp_nist_field_mul

en-tt

camellia256

no digest set

CMS_KeyAgreeRecipientIdentifier

unknown certificate type

NtQueryInformationThread

brainpoolP224r1

!>6'Y

hr-BA

i2d_ECParameters

CRYPT32.dll

.rdata$r

EnumSystemLocalesEx

..\..\openssl-1.1.0f\crypto\cms\cms_enc.c

ct_move_scts

header too long

CAMELLIA128-SHA

aes_t4_init_key

invalid lookup method

0A_A^A]A\^

PEM_SignFinal

PSK-CAMELLIA128-SHA256

setct-CertInqReqTBS

..\..\openssl-1.1.0f\ssl\t1_enc.c

PKCS8_encrypt

BN_bn2hex

sr-sp-cyrl

check_name_constraints

XA_A^A\[

ggen..\..\openssl-1.1.0f\crypto\dsa\dsa_gen.c

noecho_console

@SATAVAW

c2pnb163v1

DHE-PSK-CAMELLIA128-SHA256

H;t$0v

P M9P

r 9_ t

UA-Resolution

EXPLICIT

H+E H;

TS_REQ_set_nonce

FXL9fHu

ios_base::eofbit set

t$0H3

NIST/SECG/WTLS curve over a 163 bit binary field

MMHS-Exempted-Address

ENGINE_load_private_key

ReturnValue

id-smime-mod-ets-eSigPolicy-88

camellia-128-cfb1

ccs received early

(A_A\_^][

d.originatorKey

8A_^][

NCONF_get_section

X509_NAME_oneline

D3d$,A3

CAPI_GET_KEY

cannot load certificate

RtlNtStatusToDosError

message size

en-za

sect233r1

"`bB303

Path Loop

`string'

bp(=>?g

t(@83t#

7?7E7I7O7]7a7u7

BIO_gets

x((Pz

RC2-CBC

(INVALID PSS PARAMETERS)

tbsRequest

@SUVAT

parallelizationParameter

block type is not 02

rc5-ofb

3\$0H

bad cast

loading cert dir

(fS{ggRcjh

l}C.we

RSA_padding_add_SSLv23

asio.ssl error

D$@Hk

index > size()

H+O`H

D3d$,

EXTENDED_KEY_USAGE

%'%1%=%C%K%O%s%

t!HcU

L$(Hc

unsupported prf

brainpoolP256t1

.text$x

CMS_RecipientInfo_kari_get0_reks

L$HH=

.data$r

|$$A#

unknown option

3E\A#

..\..\openssl-1.1.0f\crypto\conf\conf_def.c

9Y>)F$

missing private key

NtOpenSemaphore

relativename

.?AV_Locimp@locale@std@@

invalid ct validation type

L$(H+

cipher has no object identifier

do_ext_i2d

@HcC(H

asn1_check_tlen

Windows

sequence not constructed

illegal null value

id-smime-ct-receipt

StrToIntA

9t$P~58

pkcs1

.?AU?$error_info_injector@Vinvalid_service_owner@asio@boost@@@exception_detail@boost@@

l$XL9

FindFirstFileExW

SVWAU

fD94Fu

Akernel32.dll

Certificate %d

ar-QA

URI:%s

lib(%lu)

response

id-smime-cti-ets-proofOfApproval

Alt-Svc

RFC 5639 curve over a 256 bit prime field

no signer key

D$PH9

v2i_POLICY_CONSTRAINTS

cast5-cbc

bad fopen mode

..\..\openssl-1.1.0f\ssl\ssl_lib.c

C-Opt

ko-kr

L$0C3

Permanent Identifier

asn1_collect

LdrGetProcedureAddress

11#?*0

PKCS7_verify

Eub'z

mn`I:T`H

D$HI3

facsimileTelephoneNumber

X509v3 Subject Alternative Name

Request

illegal integer

..\..\openssl-1.1.0f\crypto\x509v3\v3_addr.c

conout$

BIO_accept_ex

..\..\openssl-1.1.0f\crypto\ocsp\ocsp_cl.c

\$ UH

german-austrian

TS_TST_INFO_set_msg_imprint

psk identity not found

cms_RecipientInfo_kekri_decrypt

digitalSignature

unsupported public key type

fr-fr

setct-CertResTBE

dsa_param_decode

sslv3 alert decompression failure

AES128-GCM-SHA256

..\..\openssl-1.1.0f\crypto\evp\evp_cnf.c

b64_read_asn1

CMS routines

`local vftable constructor closure'

SECG/WTLS curve over a 112 bit prime field

`D$daM-l

id-aes256-wrap-pad

cms_set1_SignerIdentifier

pkey_ec_keygen

D$(+D$,

-s8("

@8|$Pt

flushing

/2GG>!B

fF9<qu

kNGY|(

bad value

unstructuredAddress

bad signature

If-Match

bumblebee

az-az-cyrl

A^_^[]

aes-192-ocb

D(8Ht}

no cipher

priv_key

rB2pBB

ansi-X9-62

pkcs7-data

GENERALIZEDTIME

digest check failed

CAMELLIA-128-CMAC

unhandled critical extension

HA3R,D3

invalid null name

unprotectedAttrs

value.byKey

g+V}+

ec_param_enc

NID=0x

ecdsa-with-Specified

des-ede-ofb

EVP_PBE_scrypt

\$ VWAT

~?Pa w

BITLIST

pkcs7_copy_existing_digest

]PRich

id-mod-attribute-cert

|$PE3

L$ C3

PA\_^][

D$HD3

EVP_PKEY_encrypt

FreeLibrary

not a square

|<C!FReQ

win32_name_converter

bad decompression

SVWATAUAVAW

TS_MSG_IMPRINT_set_algo

tpBasis

;*tAH;

d?000000`?

id-it-keyPairParamRep

cRLSign

proxy subject name violation

status not yet valid

id-cmc-senderNonce

TS_CONF_load_certs

%daE<<0

?Cu0f9w

dane_ctx_enable

Monday

bs-ba-latn

D:\opensource\openssl-dist-1.1.0f-vs2015\openssl-x64-static-release-vs2015\ssl/certs

%12s%s

RSA-PSK-CAMELLIA256-SHA384

PKCS7_to_TS_TST_INFO

D$\A+EDA

|$`H;

ar-LB

no msgsigdigest

ripemd160

..\..\openssl-1.1.0f\crypto\rsa\rsa_ssl.c

..\..\openssl-1.1.0f\crypto\ct\ct_sct_ctx.c

MKACTIVITY

cms_copy_messageDigest

mac verify failure

PKCS7_ATTRIBUTES

id-it-confirmWaitTime

cont [ %d ]

id-camellia128-wrap

~"D;;t

D$ H9D$8r$H

setct-BatchAdminReqData

BN_div

\$0H;

pp|B>>q

smj-NO

ETA)E|A

CryptDestroyHash

a2i_ASN1_STRING

do_dirname

fD9 u

telephoneNumber

certificate signature failure

I D;A

PKCS12_SAFEBAG

tls_prepare_client_certificate

cy-GB

requestList

6H9D$p

permitted subtree violation

pkey_ec_derive

SetEndOfFile

not initialized

A>pP&

KiUserApcDispatcher

..\..\openssl-1.1.0f\crypto\engine\eng_init.c

D$\M+

setct-AuthRevResTBE

invalid safi

roomNumber

id-camellia192-wrap

.?AVbad_function_call@std@@

zY;>u:m

T$ A;

pkcs7 add signed attr error

TLSv1.1

..\..\openssl-1.1.0f\crypto\ec\ecx_meth.c

BN_div_recp

DHE-PSK-AES256-CCM

ssl_get_new_session

SSL_use_certificate_ASN1

tpH9^

ssl3_init_finished_mac

setCext-hashedRoot

EC_KEY_new

H3D$ H3\$(H

X509_ALGOR

secp384r1

ssl_parse_serverhello_use_srtp_ext

id-hex-multipart-message

TS_RESP_set_status_info

authsafes

ec_GF2m_simple_group_set_curve

PURGE

subject

X509_NAME_ENTRY_set_object

..\..\openssl-1.1.0f\crypto\asn1\a_d2i_fp.c

DHE-DSS-AES256-SHA256

D3D$ A

keyfunc

MinghuaQuw

file open error

&>1;y

ECDHSingle

Archived-At

L$ UVWH

If-None-Match

unable to reuseaddr

%*sOnly CA Certificates

gfffD

data length too long

AH;G@v

.?AV?$ctype@D@std@@

L$8Mc

bad obs-fold

E>nEA

Got max container len %d

dmq1 not congruent to d

FlsSetValue

l$xHc

default_algorithms

D3L$0

L$@E3

cookie mismatch

BIO_nread0

SHA384

Disposition-Notification-Options

D$PHcX H

curve does not support signing

9B(|mE

ec_GFp_nist_field_sqr

|$0A_A^

.?AVinvalid_service_owner@asio@boost@@

?R0I?

id-aes192-wrap-pad

id-ppl

BITSTR

Organization

X509_STORE_CTX_get1_issuer

PA_A^_

Wednesday

SUITEB128ONLY

BIO_ctrl

@USVWAUAWH

\$HL3

asn1_ex_c2i

IsValidCodePage

OpenSSL RSA method

pbeWithMD2AndRC2-CBC

bio_zlib_read

H9\$X

PKCS7_bio_add_digest

ecdh_cms_set_shared_info

..\..\openssl-1.1.0f\crypto\x509\x_pubkey.c

bad address

D$HH1C

generate_key

ocsphelper

extension name error

D3|$$D

CMS_compress

%s %2d %02d:%02d:%02d%.*s %d%s

bg-BG

SubOK

id-aca-role

CMS_decrypt

D$@H+

modulus too large

not implemented

Thursday

setct-AuthReqTBE

Rbg.E

Execution	Discovery	Command and Control	Defense Evasion	Privilege Escalation
T1129 - Shared Modules dropper T1204 - User Execution lnk_archive_execution	T1082 - System Information Discovery user_discovery	T1071 - Application Layer Protocol dead_connect procmem_yara	T1055 - Process Injection resumethread_remote_process T1553 - Subvert Trust Controls lnk_archive_execution	T1055 - Process Injection resumethread_remote_process

Usage

Processing ( 1.85 seconds )

1.797 CAPE
0.041 BehaviorAnalysis
0.007 Heatmap
0.003 AnalysisInfo

Signatures ( 0.03 seconds )

0.004 antiav_detectreg
0.003 ransomware_files
0.002 antianalysis_detectfile
0.002 infostealer_ftp
0.002 ransomware_extensions
0.002 territorial_disputes_sigs
0.001 antianalysis_detectreg
0.001 antiav_detectfile
0.001 antivm_vbox_files
0.001 antivm_vbox_keys
0.001 browser_security
0.001 infostealer_bitcoin
0.001 infostealer_im
0.001 infostealer_mail
0.001 poullight_files
0.001 masquerade_process_name
0.001 ursnif_behavior

Reporting ( 0.06 seconds )

0.049 ReportHTML
0.004 LiteReport
0.004 JsonDump
0.003 MITRE_TTPS

Signatures

Attempts to connect to a dead IP:Port (1 unique times)

IP: 23.81.246.187:443

SetUnhandledExceptionFilter detected (possible anti-debug)

Possible date expiration check, exits too soon after checking local time

process: rundll32.exe, PID 5064

Makes WinAPI calls related to user discovery

Resolved address: 23.81.246.187 - {'443'}

Resumed a thread in another process

thread_resumed: Process rundll32.exe with process ID 5064 resumed a thread in another process with the process ID 3752

Checks for presence of debugger via IsDebuggerPresent

Yara detections observed in process dumps, payloads or dropped files

Hit: PID triggered the Yara rule 'BumbleBee' with data '['bumblebee', '/gate']'

Hit: PID triggered the Yara rule 'Execution_in_LNK' with data '['rundll32.exe', 'r\x00u\x00n\x00d\x00l\x00l\x003\x002\x00.\x00e\x00x\x00e\x00']'

Drops a binary and executes it

binary: C:\folder-223205.iso\sysmon64.exe

Executes a LNK file from within an archive file

command: "C:\folder-223205.iso\documents.lnk

command: C:\folder-223205.iso\documents.lnk

Screenshots

Session Playback

No playback available.

Hosts

No hosts contacted.

DNS

No domains contacted.

Summary

C:\Users\user\AppData\Local\Temp
C:\Users
C:\Users\user
C:\Users\user\AppData
C:\Users\user\AppData\Local
C:\
C:\folder-223205.iso
C:\folder-223205.iso\documents.lnk
C:\Windows\System32\kernel.appcore.dll
\??\MountPointManager
C:\Windows\System32\userenv.dll
C:\Windows\System32\profapi.dll
C:\Windows\Temp
C:\Program Files\Windows Defender\MpOAV.dll
C:\Windows\SysWOW64\advpack.dll
C:\Windows\SysWOW64\advpack.dll.manifest
C:\Windows\System32\msctf.dll
C:\Windows\System32\bcryptPrimitives.dll
C:\Windows\Globalization\Sorting\sortdefault.nls
C:\Windows\SysWOW64\sysmon64.exe
C:\folder-223205.iso\sysmon64.exe

HKEY_CURRENT_USER
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System
HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Command Processor\DisableUNCCheck
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Command Processor\EnableExtensions
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Command Processor\DelayedExpansion
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Command Processor\DefaultColor
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Command Processor\CompletionChar
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Command Processor\PathCompletionChar
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Command Processor\AutoRun
HKEY_CURRENT_USER\Software\Microsoft\Command Processor
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\CustomLocale
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\en-US
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\ExtendedLocale
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\en-US
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Session Manager\ResourcePolicies
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Themes\Personalize
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Themes\Personalize\AppsUseLightTheme
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{c0a8b6a3-0000-0000-0000-100000000000}\
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{c0a8b6a3-0000-0000-0000-100000000000}\Data
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{c0a8b6a3-0000-0000-0000-100000000000}\Generation
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{c0a8b6a3-0000-0000-0000-300300000000}\
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{c0a8b6a3-0000-0000-0000-300300000000}\Data
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{c0a8b6a3-0000-0000-0000-300300000000}\Generation
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.StateRepository.FileTypeAssociation
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.StateRepository.FileTypeAssociation\ActivationType
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.StateRepository.FileTypeAssociation\Server
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.StateRepository.FileTypeAssociation\DllPath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.StateRepository.FileTypeAssociation\Threading
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.StateRepository.FileTypeAssociation\TrustLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.StateRepository.FileTypeAssociation\CustomAttributes
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.StateRepository.FileTypeAssociation\RemoteServer
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.StateRepository.FileTypeAssociation\ActivateAsUser
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.StateRepository.FileTypeAssociation\ActivateInSharedBroker
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.StateRepository.FileTypeAssociation\ActivateInBrokerForMediumILContainer
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.StateRepository.FileTypeAssociation\Permissions
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.StateRepository.FileTypeAssociation\ActivateOnHostFlags
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLE\Diagnosis
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\Server
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\Server\StateRepository
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\Server\StateRepository\ExePath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\Server\StateRepository\CommandLine
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\Server\StateRepository\IdentityType
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\Server\StateRepository\Permissions
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\Server\StateRepository\ActivatableClasses
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\Server\StateRepository\ServerType
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\Server\StateRepository\AppId
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\Server\StateRepository\Identity
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\Server\StateRepository\ServiceName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\Server\StateRepository\ExplicitPsmActivationType
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\Server\StateRepository\CustomAttributes
HKEY_CURRENT_USER\Software\Classes\Interface\{8645456F-D9A2-4B82-AFEC-58F0E8DF0ACF}
HKEY_LOCAL_MACHINE\Software\Classes\Interface\{8645456F-D9A2-4B82-AFEC-58F0E8DF0ACF}
HKEY_CURRENT_USER\Software\Classes\WOW6432Node\Interface\{8645456f-d9a2-4b82-afec-58f0e8df0acf}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{8645456f-d9a2-4b82-afec-58f0e8df0acf}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{8645456f-d9a2-4b82-afec-58f0e8df0acf}\ProxyStubClsid32\(Default)
HKEY_CURRENT_USER\Software\Classes\CLSID\{C53E07EC-25F3-4093-AA39-FC67EA22E99D}
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{C53E07EC-25F3-4093-AA39-FC67EA22E99D}
HKEY_CURRENT_USER\Software\Classes\WOW6432Node\CLSID\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\TreatAs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\TreatAs
HKEY_CURRENT_USER\Software\Classes\WOW6432Node\CLSID\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\ActivateOnHostFlags
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\(Default)
HKEY_CURRENT_USER\Software\Classes\WOW6432Node\CLSID\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\InprocServer32
HKEY_CURRENT_USER\Software\Classes\WOW6432Node\CLSID\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\InProcServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\InProcServer32\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\InProcServer32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\InProcServer32\ThreadingModel
HKEY_CURRENT_USER\Software\Classes\WOW6432Node\CLSID\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\InprocHandler32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\InprocHandler32
HKEY_CURRENT_USER\Software\Classes\WOW6432Node\CLSID\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\InprocHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\InprocHandler
HKEY_CURRENT_USER\Software\Classes\WOW6432Node\CLSID\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\LocalServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\LocalServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\AppID
HKEY_CURRENT_USER\Software\Classes\WOW6432Node\CLSID\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\LocalServer
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\LocalServer
HKEY_CURRENT_USER\Software\Classes\WOW6432Node\CLSID\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\Elevation
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\Elevation
HKEY_CURRENT_USER\Software\Classes\Interface\{AF86E2E0-B12D-4C6A-9C5A-D7AA65101E90}
HKEY_LOCAL_MACHINE\Software\Classes\Interface\{AF86E2E0-B12D-4C6A-9C5A-D7AA65101E90}
HKEY_CURRENT_USER\Software\Classes\WOW6432Node\Interface\{AF86E2E0-B12D-4c6a-9C5A-D7AA65101E90}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{AF86E2E0-B12D-4c6a-9C5A-D7AA65101E90}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{AF86E2E0-B12D-4c6a-9C5A-D7AA65101E90}\ProxyStubClsid32\(Default)
HKEY_CURRENT_USER\Software\Classes\Interface\{89BC3F49-F8D9-5103-BA13-DE497E609167}
HKEY_LOCAL_MACHINE\Software\Classes\Interface\{89BC3F49-F8D9-5103-BA13-DE497E609167}
HKEY_CURRENT_USER\Software\Classes\WOW6432Node\Interface\{89bc3f49-f8d9-5103-ba13-de497e609167}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{89bc3f49-f8d9-5103-ba13-de497e609167}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{89bc3f49-f8d9-5103-ba13-de497e609167}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.StateRepository.Application
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.StateRepository.Application\ActivationType
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.StateRepository.Application\Server
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.StateRepository.Application\DllPath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.StateRepository.Application\Threading
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.StateRepository.Application\TrustLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.StateRepository.Application\CustomAttributes
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.StateRepository.Application\RemoteServer
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.StateRepository.Application\ActivateAsUser
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.StateRepository.Application\ActivateInSharedBroker
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.StateRepository.Application\ActivateInBrokerForMediumILContainer
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.StateRepository.Application\Permissions
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.StateRepository.Application\ActivateOnHostFlags
HKEY_CURRENT_USER\Software\Classes\Interface\{D81E96F1-A89C-417E-9335-59531026309D}
HKEY_LOCAL_MACHINE\Software\Classes\Interface\{D81E96F1-A89C-417E-9335-59531026309D}
HKEY_CURRENT_USER\Software\Classes\WOW6432Node\Interface\{d81e96f1-a89c-417e-9335-59531026309d}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{d81e96f1-a89c-417e-9335-59531026309d}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{d81e96f1-a89c-417e-9335-59531026309d}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.StateRepository.ApplicationExtension
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.StateRepository.ApplicationExtension\ActivationType
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.StateRepository.ApplicationExtension\Server
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.StateRepository.ApplicationExtension\DllPath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.StateRepository.ApplicationExtension\Threading
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.StateRepository.ApplicationExtension\TrustLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.StateRepository.ApplicationExtension\CustomAttributes
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.StateRepository.ApplicationExtension\RemoteServer
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.StateRepository.ApplicationExtension\ActivateAsUser
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.StateRepository.ApplicationExtension\ActivateInSharedBroker
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.StateRepository.ApplicationExtension\ActivateInBrokerForMediumILContainer
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.StateRepository.ApplicationExtension\Permissions
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.StateRepository.ApplicationExtension\ActivateOnHostFlags
HKEY_CURRENT_USER\Software\Classes\Interface\{B94B62A2-4012-4B7E-A395-F21CC665FD12}
HKEY_LOCAL_MACHINE\Software\Classes\Interface\{B94B62A2-4012-4B7E-A395-F21CC665FD12}
HKEY_CURRENT_USER\Software\Classes\WOW6432Node\Interface\{b94b62a2-4012-4b7e-a395-f21cc665fd12}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{b94b62a2-4012-4b7e-a395-f21cc665fd12}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{b94b62a2-4012-4b7e-a395-f21cc665fd12}\ProxyStubClsid32\(Default)
HKEY_CURRENT_USER\Software\Classes\Interface\{8DA928C9-4266-55D4-947A-48BE47300831}
HKEY_LOCAL_MACHINE\Software\Classes\Interface\{8DA928C9-4266-55D4-947A-48BE47300831}
HKEY_CURRENT_USER\Software\Classes\WOW6432Node\Interface\{8da928c9-4266-55d4-947a-48be47300831}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{8da928c9-4266-55d4-947a-48be47300831}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{8da928c9-4266-55d4-947a-48be47300831}\ProxyStubClsid32\(Default)
HKEY_CURRENT_USER\Software\Classes\Interface\{3BED20A5-6DEE-4297-B976-3B30DF69A7AA}
HKEY_LOCAL_MACHINE\Software\Classes\Interface\{3BED20A5-6DEE-4297-B976-3B30DF69A7AA}
HKEY_CURRENT_USER\Software\Classes\WOW6432Node\Interface\{3bed20a5-6dee-4297-b976-3b30df69a7aa}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{3bed20a5-6dee-4297-b976-3b30df69a7aa}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{3bed20a5-6dee-4297-b976-3b30df69a7aa}\ProxyStubClsid32\(Default)
HKEY_CURRENT_USER\Software\Classes\Interface\{6CB10ED7-4BCA-5561-B2E1-40E1197C1B0C}
HKEY_LOCAL_MACHINE\Software\Classes\Interface\{6CB10ED7-4BCA-5561-B2E1-40E1197C1B0C}
HKEY_CURRENT_USER\Software\Classes\WOW6432Node\Interface\{6cb10ed7-4bca-5561-b2e1-40e1197c1b0c}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{6cb10ed7-4bca-5561-b2e1-40e1197c1b0c}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{6cb10ed7-4bca-5561-b2e1-40e1197c1b0c}\ProxyStubClsid32\(Default)
HKEY_CURRENT_USER\Software\Classes\Interface\{06075BC6-9C03-45CD-A980-DB688D7407AD}
HKEY_LOCAL_MACHINE\Software\Classes\Interface\{06075BC6-9C03-45CD-A980-DB688D7407AD}
HKEY_CURRENT_USER\Software\Classes\WOW6432Node\Interface\{06075BC6-9C03-45CD-A980-DB688D7407AD}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{06075BC6-9C03-45CD-A980-DB688D7407AD}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{06075BC6-9C03-45CD-A980-DB688D7407AD}\ProxyStubClsid32\(Default)
HKEY_CURRENT_USER\Software\Classes\Interface\{657A8842-0B5E-40E1-B8CB-9AAFACC33AAB}
HKEY_LOCAL_MACHINE\Software\Classes\Interface\{657A8842-0B5E-40E1-B8CB-9AAFACC33AAB}
HKEY_CURRENT_USER\Software\Classes\WOW6432Node\Interface\{657A8842-0B5E-40E1-B8CB-9AAFACC33AAB}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{657A8842-0B5E-40E1-B8CB-9AAFACC33AAB}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{657A8842-0B5E-40E1-B8CB-9AAFACC33AAB}\ProxyStubClsid32\(Default)
HKEY_CURRENT_USER\Software\Classes\CLSID\{95E15D0A-66E6-93D9-C53C-76E6219D3341}
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{95E15D0A-66E6-93D9-C53C-76E6219D3341}
HKEY_CURRENT_USER\Software\Classes\WOW6432Node\CLSID\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\TreatAs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\TreatAs
HKEY_CURRENT_USER\Software\Classes\WOW6432Node\CLSID\{95E15D0A-66E6-93D9-C53C-76E6219D3341}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\ActivateOnHostFlags
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\(Default)
HKEY_CURRENT_USER\Software\Classes\WOW6432Node\CLSID\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\InprocServer32
HKEY_CURRENT_USER\Software\Classes\WOW6432Node\CLSID\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\InProcServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\InProcServer32\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\InProcServer32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\InProcServer32\ThreadingModel
HKEY_CURRENT_USER\Software\Classes\WOW6432Node\CLSID\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\InprocHandler32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\InprocHandler32
HKEY_CURRENT_USER\Software\Classes\WOW6432Node\CLSID\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\InprocHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\InprocHandler
HKEY_CURRENT_USER\Software\Classes\WOW6432Node\CLSID\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\LocalServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\LocalServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\AppID
HKEY_CURRENT_USER\Software\Classes\WOW6432Node\CLSID\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\LocalServer
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\LocalServer
HKEY_CURRENT_USER\Software\Classes\WOW6432Node\CLSID\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\Elevation
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\Elevation
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Storage.Streams.DataWriter
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Storage.Streams.DataWriter\ActivationType
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Storage.Streams.DataWriter\Server
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Storage.Streams.DataWriter\DllPath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Storage.Streams.DataWriter\Threading
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Storage.Streams.DataWriter\TrustLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Storage.Streams.DataWriter\CustomAttributes
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Storage.Streams.DataWriter\RemoteServer
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Storage.Streams.DataWriter\ActivateAsUser
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Storage.Streams.DataWriter\ActivateInSharedBroker
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Storage.Streams.DataWriter\ActivateInBrokerForMediumILContainer
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Storage.Streams.DataWriter\Permissions
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Storage.Streams.DataWriter\ActivateOnHostFlags
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Appx
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModelUnlock
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModelUnlock\AllowDevelopmentWithoutDevLicense
HKEY_LOCAL_MACHINE\Software\Microsoft\OLE\AppCompat
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\RaiseActivationAuthenticationLevel
HKEY_CURRENT_USER\Software\Classes
HKEY_CURRENT_USER\Software\Classes\AppID\sysmon64.exe
HKEY_CURRENT_USER\Software\Classes\Interface\{D4781CD6-E5D3-44DF-AD94-930EFE48A887}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{D4781CD6-E5D3-44DF-AD94-930EFE48A887}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{D4781CD6-E5D3-44DF-AD94-930EFE48A887}\ProxyStubClsid32\(Default)
HKEY_CURRENT_USER\Software\Classes\Interface\{9F6C78EF-FCE5-42FA-ABEA-3E7DF91921DC}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{9F6C78EF-FCE5-42FA-ABEA-3E7DF91921DC}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{9F6C78EF-FCE5-42FA-ABEA-3E7DF91921DC}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\en
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\en
HKEY_CURRENT_USER\Software\Classes\Interface\{9556DC99-828C-11CF-A37E-00AA003240C7}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{9556DC99-828C-11CF-A37E-00AA003240C7}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{9556DC99-828C-11CF-A37E-00AA003240C7}\ProxyStubClsid32\(Default)
HKEY_CURRENT_USER\Software\Classes\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}
HKEY_CURRENT_USER\Software\Classes\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\TreatAs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\TreatAs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\ActivateOnHostFlags
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\InprocServer32\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\InprocServer32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\InprocServer32\ThreadingModel
HKEY_CURRENT_USER\Software\Classes\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\InprocHandler32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\InprocHandler32
HKEY_CURRENT_USER\Software\Classes\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\InprocHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\InprocHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\LocalServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\AppID
HKEY_CURRENT_USER\Software\Classes\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\LocalServer
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\LocalServer
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\Elevation
HKEY_LOCAL_MACHINE\Software\Microsoft\AMSI\Providers
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{2781761E-28E0-4109-99FE-B9D127C57AFE}\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2781761E-28E0-4109-99FE-B9D127C57AFE}\InprocServer32\(Default)
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\ProfileList
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\ProgramData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\Public
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\Default
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CommonFilesDir
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir (x86)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CommonFilesDir (x86)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramW6432Dir
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CommonW6432Dir
HKEY_LOCAL_MACHINE\Software\Microsoft\AMSI
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\AMSI\FeatureBits
HKEY_CURRENT_USER\Software\Classes\Interface\{027947E1-D731-11CE-A357-000000000001}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{027947E1-D731-11CE-A357-000000000001}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{027947E1-D731-11CE-A357-000000000001}\ProxyStubClsid32\(Default)
HKEY_CURRENT_USER\Software\Classes\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}
HKEY_CURRENT_USER\Software\Classes\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\TreatAs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\TreatAs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\ActivateOnHostFlags
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\InprocServer32\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\InprocServer32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\InprocServer32\ThreadingModel
HKEY_CURRENT_USER\Software\Classes\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\InprocHandler32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\InprocHandler32
HKEY_CURRENT_USER\Software\Classes\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\InprocHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\InprocHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\LocalServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\AppID
HKEY_CURRENT_USER\Software\Classes\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\LocalServer
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\LocalServer
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\Elevation
HKEY_CURRENT_USER\Software\Classes\Interface\{1C1C45EE-4395-11D2-B60B-00104B703EFD}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1C1C45EE-4395-11D2-B60B-00104B703EFD}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1C1C45EE-4395-11D2-B60B-00104B703EFD}\ProxyStubClsid32\(Default)
HKEY_CURRENT_USER\Software\Classes\Interface\{423EC01E-2E35-11D2-B604-00104B703EFD}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{423EC01E-2E35-11D2-B604-00104B703EFD}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{423EC01E-2E35-11D2-B604-00104B703EFD}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\SideBySide
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\SideBySide\PreferExternalManifest
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Sorting\Versions\000603xx
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\Sorting\Ids
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sysmon64.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Wow64\x86\xtajit
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\AppCertDlls
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\SafeBoot\Option
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Cache
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Command Processor\DisableUNCCheck
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Command Processor\EnableExtensions
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Command Processor\DelayedExpansion
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Command Processor\DefaultColor
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Command Processor\CompletionChar
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Command Processor\PathCompletionChar
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Command Processor\AutoRun
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\en-US
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\en-US
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Session Manager\ResourcePolicies
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Themes\Personalize\AppsUseLightTheme
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{c0a8b6a3-0000-0000-0000-100000000000}\Data
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{c0a8b6a3-0000-0000-0000-100000000000}\Generation
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{c0a8b6a3-0000-0000-0000-300300000000}\Data
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{c0a8b6a3-0000-0000-0000-300300000000}\Generation
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.StateRepository.FileTypeAssociation\ActivationType
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.StateRepository.FileTypeAssociation\Server
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.StateRepository.FileTypeAssociation\DllPath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.StateRepository.FileTypeAssociation\Threading
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.StateRepository.FileTypeAssociation\TrustLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.StateRepository.FileTypeAssociation\RemoteServer
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.StateRepository.FileTypeAssociation\ActivateAsUser
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.StateRepository.FileTypeAssociation\ActivateInSharedBroker
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.StateRepository.FileTypeAssociation\ActivateInBrokerForMediumILContainer
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.StateRepository.FileTypeAssociation\Permissions
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.StateRepository.FileTypeAssociation\ActivateOnHostFlags
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\Server\StateRepository\ExePath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\Server\StateRepository\CommandLine
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\Server\StateRepository\IdentityType
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\Server\StateRepository\Permissions
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\Server\StateRepository\ActivatableClasses
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\Server\StateRepository\ServerType
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\Server\StateRepository\AppId
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\Server\StateRepository\Identity
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\Server\StateRepository\ServiceName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\Server\StateRepository\ExplicitPsmActivationType
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{8645456f-d9a2-4b82-afec-58f0e8df0acf}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\ActivateOnHostFlags
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\InProcServer32\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\InProcServer32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\InProcServer32\ThreadingModel
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\AppID
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{AF86E2E0-B12D-4c6a-9C5A-D7AA65101E90}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{89bc3f49-f8d9-5103-ba13-de497e609167}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.StateRepository.Application\ActivationType
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.StateRepository.Application\Server
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.StateRepository.Application\DllPath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.StateRepository.Application\Threading
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.StateRepository.Application\TrustLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.StateRepository.Application\RemoteServer
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.StateRepository.Application\ActivateAsUser
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.StateRepository.Application\ActivateInSharedBroker
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.StateRepository.Application\ActivateInBrokerForMediumILContainer
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.StateRepository.Application\Permissions
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.StateRepository.Application\ActivateOnHostFlags
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{d81e96f1-a89c-417e-9335-59531026309d}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.StateRepository.ApplicationExtension\ActivationType
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.StateRepository.ApplicationExtension\Server
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.StateRepository.ApplicationExtension\DllPath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.StateRepository.ApplicationExtension\Threading
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.StateRepository.ApplicationExtension\TrustLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.StateRepository.ApplicationExtension\RemoteServer
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.StateRepository.ApplicationExtension\ActivateAsUser
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.StateRepository.ApplicationExtension\ActivateInSharedBroker
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.StateRepository.ApplicationExtension\ActivateInBrokerForMediumILContainer
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.StateRepository.ApplicationExtension\Permissions
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.StateRepository.ApplicationExtension\ActivateOnHostFlags
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{b94b62a2-4012-4b7e-a395-f21cc665fd12}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{8da928c9-4266-55d4-947a-48be47300831}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{3bed20a5-6dee-4297-b976-3b30df69a7aa}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{6cb10ed7-4bca-5561-b2e1-40e1197c1b0c}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{06075BC6-9C03-45CD-A980-DB688D7407AD}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{657A8842-0B5E-40E1-B8CB-9AAFACC33AAB}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\ActivateOnHostFlags
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\InProcServer32\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\InProcServer32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\InProcServer32\ThreadingModel
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\AppID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Storage.Streams.DataWriter\ActivationType
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Storage.Streams.DataWriter\Server
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Storage.Streams.DataWriter\DllPath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Storage.Streams.DataWriter\Threading
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Storage.Streams.DataWriter\TrustLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Storage.Streams.DataWriter\RemoteServer
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Storage.Streams.DataWriter\ActivateAsUser
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Storage.Streams.DataWriter\ActivateInSharedBroker
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Storage.Streams.DataWriter\ActivateInBrokerForMediumILContainer
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Storage.Streams.DataWriter\Permissions
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Storage.Streams.DataWriter\ActivateOnHostFlags
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModelUnlock\AllowDevelopmentWithoutDevLicense
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\RaiseActivationAuthenticationLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{D4781CD6-E5D3-44DF-AD94-930EFE48A887}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{9F6C78EF-FCE5-42FA-ABEA-3E7DF91921DC}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\en
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\en
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{9556DC99-828C-11CF-A37E-00AA003240C7}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\ActivateOnHostFlags
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\InprocServer32\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\InprocServer32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\InprocServer32\ThreadingModel
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\AppID
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2781761E-28E0-4109-99FE-B9D127C57AFE}\InprocServer32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\ProgramData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\Public
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\Default
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CommonFilesDir
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir (x86)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CommonFilesDir (x86)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramW6432Dir
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CommonW6432Dir
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\AMSI\FeatureBits
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{027947E1-D731-11CE-A357-000000000001}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\ActivateOnHostFlags
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\InprocServer32\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\InprocServer32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\InprocServer32\ThreadingModel
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\AppID
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1C1C45EE-4395-11D2-B60B-00104B703EFD}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{423EC01E-2E35-11D2-B604-00104B703EFD}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\SideBySide\PreferExternalManifest
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Sorting\Versions\000603xx
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Cache

ntdll.dll.RtlWow64GetCurrentMachine
ntdll.dll.RtlWow64IsWowGuestMachineSupported

"C:\folder-223205.iso\documents.lnk
"C:\Windows\System32\rundll32.exe" advpack.dll,RegisterOCX sysmon64.exe
C:\folder-223205.iso\documents.lnk
sysmon64.exe /RegServer

Local\SM0:3592:304:WilStaging_02
Local\SM0:5064:168:WilStaging_02

No results

Sorry! No behavior.

Sorry! No tracee.

Sorry! No strace.

Sorry! No tracee.

No hosts contacted.

No TCP connections recorded.

No UDP connections recorded.

No domains contacted.

HTTP Requests

No HTTP(s) requests performed.

SMTP traffic

No SMTP traffic performed.

IRC traffic

No IRC requests performed.

No ICMP traffic performed.

CIF Results

No CIF Results

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Suricata HTTP

No Suricata HTTP

Sorry! No Suricata Extracted files.

Sorry! No dropped files.

Sorry! No CAPE files.

Sorry! No process dumps.