assemblyline-v4-service 4.4.0.24__py3-none-any.whl → 4.4.0.26__py3-none-any.whl

assemblyline_v4_service/common/pestudio/xml/strings.xml

@@ -1,2379 +0,0 @@
-<!--
-strings.mxl is part of the pestudio (www.winitor.com)
-It contains the strings that will be detected as blackListed by pestudio.
--->
-
-<xml version="1.0" encoding="utf-8" md5="2DAF1731A644116D0965C0CA4B51C082">
-
-  <settings>
-    <setting>
-
-      <!--
-      the minimum character size of a string
-      -->
-      <minimum-size>4</minimum-size>
-
-      <!--
-      1: Be case-sensitive when searching for strings
-      0: Dont be case-sensitive when searching for strings
-      -->
-      <CaseSensitive>0</CaseSensitive>
-
-      <!--
-      1: Enable Substring when searching for strings (e.g. "soft" being a substring of "software")
-      0: Disable Substring when searching for strings
-      -->
-      <Substring>0</Substring>
-
-      <!--  
-      0: Show Imported Library Names in Strings collection
-      1: Hide Imported Library Names from Strings collection 
-      -->
-      <HideImportedLibraryNames>0</HideImportedLibraryNames>
-
-      <!--  
-      0: Show Imported String Names in Strings collection
-      1: Hide Imported String Names from Strings collection 
-      -->
-      <HideImportedFunctionNames>0</HideImportedFunctionNames>
-
-    </setting>
-  </settings>
-
-  <privs>
-    <priv>SeAssignPrimaryTokenPrivilege</priv>
-    <priv>SeAuditPrivilege</priv>
-    <priv>SeBackupPrivilege</priv>
-    <priv>SeChangeNotifyPrivilege</priv>
-    <priv>SeCreateGlobalPrivilege</priv>
-    <priv>SeCreatePagefilePrivilege</priv>
-    <priv>SeCreatePermanentPrivilege</priv>
-    <priv>SeCreateSymbolicLinkPrivilege</priv>
-    <priv>SeCreateTokenPrivilege</priv>
-    <priv>SeDebugPrivilege</priv>
-    <priv>SeEnableDelegationPrivilege</priv>
-    <priv>SeImpersonatePrivilege</priv>
-    <priv>SeIncreaseBasePriorityPrivilege</priv>
-    <priv>SeIncreaseQuotaPrivilege</priv>
-    <priv>SeIncreaseWorkingSetPrivilege</priv>
-    <priv>SeLoadDriverPrivilege</priv>
-    <priv>SeLockMemoryPrivilege</priv>
-    <priv>SeMachineAccountPrivilege</priv>
-    <priv>SeManageVolumePrivilege</priv>
-    <priv>SeProfileSingleProcessPrivilege</priv>
-    <priv>SeRelabelPrivilege</priv>
-    <priv>SeRemoteShutdownPrivilege</priv>
-    <priv>SeRestorePrivilege</priv>
-    <priv>SeSecurityPrivilege</priv>
-    <priv>SeShutdownPrivilege</priv>
-    <priv>SeSyncAgentPrivilege</priv>
-    <priv>SeSystemEnvironmentPrivilege</priv>
-    <priv>SeSystemProfilePrivilege</priv>
-    <priv>SeSystemtimePrivilege</priv>
-    <priv>SeTakeOwnershipPrivilege</priv>
-    <priv>SeTcbPrivilege</priv>
-    <priv>SeTimeZonePrivilege</priv>
-    <priv>SeTrustedCredManAccessPrivilege</priv>
-    <priv>SeUndockPrivilege</priv>
-    <priv>SeUnsolicitedInputPrivilege</priv>
-  </privs>
-
-  <oids>
-    <oid>2.16.840.1.113730.4.1</oid>
-    <oid>1.3.6.1.4.1.311.10.3.3</oid>
-    <oid>1.3.6.1.5.5.7.3.2</oid>
-    <oid>1.3.6.1.5.5.7.3.1</oid>
-    <oid>1.2.840.113549.1.1.11</oid>
-    <oid>1.2.840.113549.1.1.2</oid>
-    <oid>1.2.840.113549.1.1.4</oid>
-    <oid>1.2.840.113549.1.1.5</oid>
-    <oid>1.2.840.113549.1.9.6</oid>
-    <oid>1.2.840.113549.2.5</oid>
-    <oid>1.2.840.113549.1.9.5</oid>
-    <oid>1.2.840.113556.1.4.1221</oid>
-    <oid>1.2.840.113556.1.4.1222</oid>
-    <oid>1.2.840.113556.1.4.1362</oid>
-    <oid>1.2.840.113556.1.4.1413</oid>
-    <oid>1.2.840.113556.1.4.521</oid>
-    <oid>1.2.840.113556.1.4.616</oid>
-    <oid>1.2.840.113556.1.4.801</oid>
-    <oid>1.2.840.113556.1.4.805</oid>
-    <oid>1.2.840.113556.1.4.903</oid>
-    <oid>1.2.840.113556.1.4.904</oid>
-    <oid>1.2.840.113556.1.4.905</oid>
-    <oid>1.2.840.113556.1.4.906</oid>
-    <oid>1.2.840.113556.1.4.907</oid>
-    <oid>1.3.14.3.2.26</oid>
-    <oid>1.3.14.3.2.29</oid>
-    <oid>1.3.14.3.2.3</oid>
-    <oid>1.3.6.1.4.1.311.2.1.12</oid>
-    <oid>1.3.6.1.4.1.1466.115.121.1.10</oid>
-    <oid>1.3.6.1.4.1.1466.115.121.1.11</oid>
-    <oid>1.3.6.1.4.1.1466.115.121.1.12</oid>
-    <oid>1.3.6.1.4.1.1466.115.121.1.13</oid>
-    <oid>1.3.6.1.4.1.1466.115.121.1.14</oid>
-    <oid>1.3.6.1.4.1.1466.115.121.1.15</oid>
-    <oid>1.3.6.1.4.1.1466.115.121.1.19</oid>
-    <oid>1.3.6.1.4.1.1466.115.121.1.2</oid>
-    <oid>1.3.6.1.4.1.1466.115.121.1.21</oid>
-    <oid>1.3.6.1.4.1.1466.115.121.1.22</oid>
-    <oid>1.3.6.1.4.1.1466.115.121.1.23</oid>
-    <oid>1.3.6.1.4.1.1466.115.121.1.24</oid>
-    <oid>1.3.6.1.4.1.1466.115.121.1.25</oid>
-    <oid>1.3.6.1.4.1.1466.115.121.1.26</oid>
-    <oid>1.3.6.1.4.1.1466.115.121.1.27</oid>
-    <oid>1.3.6.1.4.1.1466.115.121.1.28</oid>
-    <oid>1.3.6.1.4.1.1466.115.121.1.3</oid>
-    <oid>1.3.6.1.4.1.1466.115.121.1.32</oid>
-    <oid>1.3.6.1.4.1.1466.115.121.1.33</oid>
-    <oid>1.3.6.1.4.1.1466.115.121.1.34</oid>
-    <oid>1.3.6.1.4.1.1466.115.121.1.36</oid>
-    <oid>1.3.6.1.4.1.1466.115.121.1.37</oid>
-    <oid>1.3.6.1.4.1.1466.115.121.1.38</oid>
-    <oid>1.3.6.1.4.1.1466.115.121.1.39</oid>
-    <oid>1.3.6.1.4.1.1466.115.121.1.4</oid>
-    <oid>1.3.6.1.4.1.1466.115.121.1.40</oid>
-    <oid>1.3.6.1.4.1.1466.115.121.1.41</oid>
-    <oid>1.3.6.1.4.1.1466.115.121.1.43</oid>
-    <oid>1.3.6.1.4.1.1466.115.121.1.44</oid>
-    <oid>1.3.6.1.4.1.1466.115.121.1.5</oid>
-    <oid>1.3.6.1.4.1.1466.115.121.1.50</oid>
-    <oid>1.3.6.1.4.1.1466.115.121.1.51</oid>
-    <oid>1.3.6.1.4.1.1466.115.121.1.52</oid>
-    <oid>1.3.6.1.4.1.1466.115.121.1.53</oid>
-    <oid>1.3.6.1.4.1.1466.115.121.1.6</oid>
-    <oid>1.3.6.1.4.1.1466.115.121.1.7</oid>
-    <oid>1.3.6.1.4.1.1466.115.121.1.8</oid>
-    <oid>1.3.6.1.4.1.1466.115.121.1.9</oid>
-    <oid>1.3.6.1.4.1.311.10.3.6</oid>
-    <oid>1.3.6.1.4.1.311.88.2.1</oid>
-    <oid>1.3.6.1.4.1.311.88.2.2</oid>
-    <oid>1.3.6.1.5.5.7.3.3</oid>
-  </oids>
-
-  <exts>
-    <ext enable="1" risk="1">b64</ext>
-    <ext enable="1" risk="1">bat</ext>
-    <ext enable="1" risk="1">cert</ext>
-    <ext enable="1" risk="1">cmd</ext>
-    <ext enable="1" risk="1">dll</ext>
-    <ext enable="1" risk="1">exe</ext>
-    <ext enable="1" risk="1">ftp</ext>
-    <ext enable="1" risk="1">gzip</ext>
-    <ext enable="1" risk="1">hta</ext>
-    <ext enable="1" risk="1">html</ext>
-    <ext enable="1" risk="1">iso</ext>
-    <ext enable="1" risk="1">jar</ext>
-    <ext enable="1" risk="1">rsrc</ext>
-    <ext enable="1" risk="1">tar</ext>
-    <ext enable="1" risk="1">tmp</ext>
-    <ext enable="1" risk="1">temp</ext>
-    <ext enable="1" risk="1">tor</ext>
-    <ext enable="1" risk="1">url</ext>
-    <ext enable="1" risk="1">vb</ext>
-    <ext enable="1" risk="1">vbe</ext>
-    <ext enable="1" risk="1">vbs</ext>
-    <ext enable="1" risk="1">vbp</ext>
-    <ext enable="1" risk="1">xll</ext>
-    <ext enable="1" risk="1">zip</ext>
-  </exts>
-
-  <agents>
-    <agent>Mozilla/1.22</agent>
-    <agent>Mozilla/3.0</agent>
-    <agent>Mozilla/3.1</agent>
-    <agent>Mozilla/3.6</agent>
-    <agent>Mozilla/4.0</agent>
-    <agent>Mozilla/4.08</agent>
-    <agent>Mozilla/5.0</agent>
-
-    <agent>Opera/8.90</agent>
-    <agent>Opera/9.00</agent>
-    <agent>Opera/9.25</agent>
-    <agent>Opera/9.33</agent>
-    <agent>Opera 9.4</agent>
-    <agent>Opera/9.80</agent>
-  </agents>
-
-  <!-- guid -->
-  <guids>
-    <guid>27C3B8ED-0790-42BD-9AD7-18465E7F7696</guid>
-    <guid>27C3B8ED-0790-42BD-9AD7-18465E7F7696</guid>
-    <guid>27C3B8ED-0790-42BD-9AD7-18465E7F7696</guid>
-    <guid>97808F6C-4769-49D5-9553-18AE9C62ACD7</guid>
-    <guid>B196B286-BAB4-101A-B69C-00AA00341D07</guid>
-    <guid>D27CDB6E-AE6D-11CF-96B8-444553540000</guid>
-    <guid>abe2869f-9b47-4cd9-a358-c22904dba7f7</guid>
-    <guid>00000000-0000-0000-C000-000000000046</guid>
-    <guid>ADB880A6-D8FF-11CF-9377-00AA003B7A11</guid>
-    <guid>5e7e8100-9138-11d1-945a-00c04fc308ff</guid>
-    <guid>82bd0e67-9fea-4748-8672-d5efe5b779b0</guid>
-    <guid>5e7e8100-9138-11d1-945a-00c04fc308ff</guid>
-    <guid>82BD0E67-9FEA-4748-8672-D5EFE5B779B0</guid>
-    <guid>8856F961-340A-11D0-A96B-00C04FD705A2</guid>
-  </guids>
-
-  <!-- Registry -->
-  <regs>
-    <reg>\Device\KeyboardClass0</reg>
-    <reg>Software\Skype\Phone</reg>
-    <reg>\registry\machine\system\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\</reg>
-    <reg>Software\Microsoft</reg>
-    <reg>System\WPA\</reg>
-    <reg>HARDWARE\DEVICEMAP\SERIALCOMM</reg>
-    <reg>HARDWARE\DEVICEMAP\PARALLEL PORTS</reg>
-    <reg>Software\Microsoft\Windows\CurrentVersion\Run</reg>
-    <reg>.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunServices</reg>
-    <reg>.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Runonce</reg>
-    <reg>.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run</reg>
-    <reg>HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\UserReset</reg>
-    <reg>HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\</reg>
-    <reg>HKEY_CURRENT_USER\Software\Microsoft</reg>
-    <reg>HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\UserInit</reg>
-    <reg>HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell</reg>
-    <reg>HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\wdfmgr</reg>
-    <reg>HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\UserRestart</reg>
-    <reg>Software\Policies\Microsoft\Cryptography\AutoEnrollment</reg>
-    <reg>Software\KasperskyLab\protected\AVP9\settings</reg>
-    <reg>Software\KasperskyLab\protected\AVP8\settings</reg>
-    <reg>Software\kingsoft\AntiVirus</reg>
-    <reg>Software\JiangMin</reg>
-    <reg>Software\Norton\SecurityStatusSDK</reg>
-    <reg>Software\ESET\ESET Security\CurrentVersion\Info</reg>
-    <reg>Software\Cisco Systems\VPN Client\AllAccess</reg>
-    <reg>Software\AVAST Software</reg>
-    <reg>Software\ESET</reg>
-    <reg>Software\Classes\TypeLib\{F9043C88-F6F2-101A-A3C9-08002B2F49FB}\1.2\0\win32</reg>
-    <reg>CurrentVersion\Run</reg>
-    <reg>Hardware\Description\System\CentralProcessor</reg>
-    <reg>Hardware\ACPI\DSDT</reg>
-    <reg>HARDWARE\DEVICEMAP</reg>
-    <reg>hklm\SYSTEM\ControlSet001\Control\SafeBoot\Network\{4D36E967-E325-11CE-BFC1-08002BE10318}</reg>
-    <reg>hklm\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}</reg>
-    <reg>HARDWARE\DESCRIPTION\System\CentralProcessor\0</reg>
-    <reg>DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run</reg>
-    <reg>DisableTaskManager</reg>
-    <reg>HKCU\Control Panel\Desktop</reg>
-    <reg>LoadAppInit_DLLs</reg>
-    <reg>AppInit_DLLs</reg>
-    <reg>WarnOnIntranet</reg>
-    <reg>NoProtectedModeBanner</reg>
-    <reg>Global\{A3BD3259-3E4F-428a-84C8-F0463A9D3EB5}</reg>
-    <reg>Global\{A64C7F33-DA35-459b-96CA-63B51FB0CDB9}</reg>
-    <reg>CLSID\{6C736DB0-BD94-11D0-8A23-00AA00B58E10}\EnableEvents</reg>
-    <reg>ROOT\SecurityCenter</reg>
-    <reg>ROOT\SecurityCenter2</reg>
-    <reg>\shell\open\command</reg>
-    <reg>\Device\KeyboardClassC</reg>
-    <reg>\DosDevices\KeyboardClassC</reg>
-  </regs>
-
-  <oss>
-    <os>Microsoft Windows ME</os>
-    <os>Microsoft Windows 98</os>
-    <os>Microsoft Windows 95</os>
-    <os>Microsoft Windows 2000</os>
-    <os>Microsoft Windows XP</os>
-    <os>Home-Basic-Edition</os>
-    <os>Home-Premium-Edition</os>
-    <os>Home_Edition</os>
-    <os>Home_Server</os>
-    <os>WinNT</os>
-    <os>WIN32_NT</os>
-    <os>WIN_2008R2</os>
-    <os>WIN_7</os>
-    <os>WIN_2008</os>
-    <os>WIN_VISTA</os>
-    <os>WIN_2003</os>
-    <os>WIN_XPe</os>
-    <os>WIN_XP</os>
-    <os>WIN_2000</os>
-    <os>Web_Server_Edition</os>
-    <os>Standard_Edition_core_installation</os>
-    <os>Standard_Edition</os>
-    <os>Small_Business_Server_Premium_Edition</os>
-    <os>Small_Business_Server</os>
-    <os>Enterprise_Edition_for_ItaniumBased_System</os>
-    <os>Enterprise_Edition_core_installation</os>
-    <os>Datacenter_Edition_core_installation</os>
-    <os>Datacenter_Edition</os>
-    <os>Cluster_Server_Edition</os>
-    <os>Starter_Edition</os>
-    <os>Business_Edition</os>
-    <os>Enterprise_Edition</os>
-    <os>Home_Basic_Edition</os>
-    <os>Home_Premium_Edition</os>
-    <os>Ultimate_Edition</os>
-    <os>Server2008R2</os>
-    <os>Server2008</os>
-    <os>Win8</os>
-    <os>WinServer2012</os>
-    <os>Win7</os>
-    <os>WinServer2008R2</os>
-    <os>WinServer2008</os>
-    <os>Vista</os>
-    <os>WinHomeServer</os>
-    <os>WinServer2003R2</os>
-    <os>WinServer2003</os>
-    <os>WinXP64</os>
-    <os>WinXP</os>
-    <os>Win2K</os>
-    <os>Windows Me</os>
-    <os>Windows 98</os>
-    <os>Windows 95</os>
-    <os>Windows NT</os>
-    <os>Windows Vista</os>
-    <os>Windows 7</os>
-    <os>Windows 8</os>
-    <os>Windows 8.1</os>
-    <os>Windows NT 3.51</os>
-    <os>Windows NT 4.0</os>
-    <os>Windows Server</os>
-    <os>Windows Server 2012 R2</os>
-    <os>Windows 10</os>
-    <os>Windows Server 2016 Technical Preview</os>
-    <os>Ultimate Edition</os>
-    <os>Home Premium Edition</os>
-    <os>Home Basic Edition</os>
-    <os>Enterprise Edition</os>
-    <os>Business Edition</os>
-    <os>Starter Edition</os>
-    <os>Cluster Server Edition</os>
-    <os>Datacenter Edition</os>
-    <os>Datacenter Edition (core installation)</os>
-    <os>Enterprise Edition (core installation)</os>
-    <os>Enterprise Edition for Itanium-based Systems</os>
-    <os>Small Business Server</os>
-    <os>Small Business Server Premium Edition</os>
-    <os>Standard Edition</os>
-    <os>Standard Edition (core installation)</os>
-    <os>Web Server Edition</os>
-    <os>Professional Edition</os>
-    <os>Windows Server 2003</os>
-    <os>Windows Server 2003 R2</os>
-    <os>Windows Storage Server 2003</os>
-    <os>Windows XP</os>
-    <os>Windows XP Professional x64 Edition</os>
-    <os>Windows XP Professional x64</os>
-    <os>Datacenter Edition for Itanium-based Systems</os>
-    <os>Datacenter x64 Edition</os>
-    <os>Enterprise x64 Edition</os>
-    <os>Standard x64 Edition</os>
-    <os>Compute Cluster Edition</os>
-    <os>Web Edition</os>
-    <os>Home Edition</os>
-    <os>Windows 2000</os>
-    <os>Datacenter Server</os>
-    <os>Advanced Server</os>
-    <os>Windows Home Server</os>
-    <os>Windows Server 2008</os>
-    <os>Windows Server 2008 R2</os>
-    <os>Windows Server R2</os>
-    <os>Media Center Edition</os>
-    <os>Tablet PC Edition</os>
-    <os>Embedded Edition</os>
-    <os>Professional x64 Edition</os>
-    <os>Storage Server 2003 R2</os>
-    <os>Storage Server 2003</os>
-    <os>Server 2003 R2</os>
-    <os>Server 2003</os>
-    <os>Server 2008</os>
-    <os>Business N</os>
-    <os>Datacenter Edition(Core)</os>
-    <os>Enterprise N</os>
-    <os>Enterprise Edition(Core)</os>
-    <os>Home Basic</os>
-    <os>Home Basic N</os>
-    <os>Home Premium</os>
-    <os>Home Premium N</os>
-    <os>Ultimate N</os>
-    <os>Standard Edition(Core)</os>
-    <os>NT3.1</os>
-    <os>NT3.5</os>
-    <os>NT3.51</os>
-    <os>2003 Server</os>
-    <os>2008 Server</os>
-    <os>Win Vista</os>
-    <os>Win Srv 2008</os>
-    <os>Win 7</os>
-    <os>Win 8</os>
-    <os>Windows+8.1</os>
-    <os>Win Srv 2003</os>
-    <os>Win Srv</os>
-    <os>Win XP</os>
-    <os>Windows+XP</os>
-    <os>Windows XP (5.1)</os>
-    <os>Win 2000</os>
-    <os>Windows Server 2012</os>
-    <os>32-bit Edition</os>
-    <os>64-bit Edition</os>
-    <os>Windows Server 2000</os>
-    <os>Windows Server 2000</os>
-    <os>Windows+8</os>
-    <os>Windows+7</os>
-    <os>Windows+Vista</os>
-    <os>Windows+Server+2003</os>
-    <os>Windows+2000</os>
-    <os>Windows 2000 (5.0)</os>
-    <os>Windows 7 (6.1)</os>
-    <os>Windows Server 2003  (5.2)</os>
-    <os>Windows Server 2003 R2 (5.2)</os>
-    <os>Windows Server 2008 (6.0)</os>
-    <os>Windows Server 2008 R2 (6.1)</os>
-    <os>Windows Vista (6.0)</os>
-  </oss>
-
-  <!--Sandbox Product IDs -->
-  <products>
-    <product>76487-640-1457236-23837</product>
-    <product>76487-337-8429955-22614</product>
-    <product>76487-644-3177037-23510</product>
-    <product>76487-640-8834005-23195</product>
-    <product>76487-640-0716662-23535</product>
-    <product>76487-644-8648466-23106</product>
-    <product>76487-341-5883812-22420</product>
-    <product>76487-OEM-0027453-63796</product>
-    <product>76497-640-6308873-23835</product>
-    <product>55274-640-2673064-23950</product>
-    <product>00426-293-8170032-85146</product>
-  </products>
-
-  <!-- SID (Security Identifiers -->
-  <sids>
-    <sid>S-1-0</sid>
-    <sid>S-1-0-0</sid>
-    <sid>S-1-1</sid>
-    <sid>S-1-1-0</sid>
-    <sid>S-1-2</sid>
-    <sid>S-1-2-0</sid>
-    <sid>S-1-2-1</sid>
-    <sid>S-1-3</sid>
-    <sid>S-1-3-0</sid>
-    <sid>S-1-3-1</sid>
-    <sid>S-1-3-2</sid>
-    <sid>S-1-3-3</sid>
-    <sid>S-1-3-4</sid>
-    <sid>S-1-5-80-0</sid>
-    <sid>S-1-4</sid>
-    <sid>S-1-5</sid>
-    <sid>S-1-5-1</sid>
-    <sid>S-1-5-2</sid>
-    <sid>S-1-5-3</sid>
-    <sid>S-1-5-4</sid>
-    <sid>S-1-5-6</sid>
-    <sid>S-1-5-7</sid>
-    <sid>S-1-5-8</sid>
-    <sid>S-1-5-9</sid>
-    <sid>S-1-5-10</sid>
-    <sid>S-1-5-11</sid>
-    <sid>S-1-5-12</sid>
-    <sid>S-1-5-13</sid>
-    <sid>S-1-5-14</sid>
-    <sid>S-1-5-15</sid>
-    <sid>S-1-5-17</sid>
-    <sid>S-1-5-18</sid>
-    <sid>S-1-5-19</sid>
-    <sid>S-1-5-20</sid>
-    <sid>S-1-5-32-544</sid>
-    <sid>S-1-5-32-545</sid>
-    <sid>S-1-5-32-546</sid>
-    <sid>S-1-5-32-547</sid>
-    <sid>S-1-5-32-548</sid>
-    <sid>S-1-5-32-549</sid>
-    <sid>S-1-5-32-550</sid>
-    <sid>S-1-5-32-551</sid>
-    <sid>S-1-5-32-552</sid>
-    <sid>S-1-5-64-10</sid>
-    <sid>S-1-5-64-14</sid>
-    <sid>S-1-5-64-21</sid>
-    <sid>S-1-5-80</sid>
-    <sid>S-1-5-83-0</sid>
-    <sid>S-1-16-0</sid>
-    <sid>S-1-16-4096</sid>
-    <sid>S-1-16-8192</sid>
-    <sid>S-1-16-8448</sid>
-    <sid>S-1-16-12288</sid>
-    <sid>S-1-16-16384</sid>
-    <sid>S-1-16-20480</sid>
-    <sid>S-1-16-28672</sid>
-    <sid>S-1-5-32-554</sid>
-    <sid>S-1-5-32-555</sid>
-    <sid>S-1-5-32-556</sid>
-    <sid>S-1-5-32-557</sid>
-    <sid>S-1-5-32-558</sid>
-    <sid>S-1-5-32-559</sid>
-    <sid>S-1-5-32-560</sid>
-    <sid>S-1-5-32-561</sid>
-    <sid>S-1-5-32-562</sid>
-    <sid>S-1-5-32-569</sid>
-    <sid>S-1-5-32-573</sid>
-    <sid>S-1-5-32-574</sid>
-    <sid>S-1-5-32-575</sid>
-    <sid>S-1-5-32-576</sid>
-    <sid>S-1-5-32-577</sid>
-    <sid>S-1-5-32-578</sid>
-    <sid>S-1-5-32-579</sid>
-    <sid>S-1-5-32-580</sid>
-    <sid>S-1-5-80-2006800713-1441093265-249754844-3404434343-1444102779</sid>
-    <sid>S-1-5-80-3864065939-1897331054-469427076-3133256761-1570309435</sid>
-  </sids>
-
-  <protocols>
-    <protocol enable="1" risk="1">httpmail</protocol>
-    <protocol enable="1" risk="1">nntp</protocol>
-    <protocol enable="1" risk="1">imap</protocol>
-    <protocol enable="1" risk="1">pop3</protocol>
-    <protocol enable="1" risk="1">smb</protocol>
-    <protocol enable="1" risk="1">smtp</protocol>
-    <protocol enable="1" risk="1">ftp</protocol>
-    <protocol enable="1" risk="1">icmp</protocol>
-  </protocols>
-
-  <keys>
-    <key enable="1" risk="1">[ESCAPE]</key>
-    <key enable="1" risk="1">[ENTER]</key>
-    <key enable="1" risk="1">[TAB]</key>
-    <key enable="1" risk="1">[DELETE]</key>
-    <key enable="1" risk="1">[CAPS LOCK]</key>
-    <key enable="1" risk="1">[BACKCPACE]</key>
-    <key enable="1" risk="1">[Backspace]</key>
-    <key enable="1" risk="1">[Enter]</key>
-    <key enable="1" risk="1">[Tab]</key>
-    <key enable="1" risk="1">[Arrow Left]</key>
-    <key enable="1" risk="1">[Arrow Up]</key>
-    <key enable="1" risk="1">[Arrow Right]</key>
-    <key enable="1" risk="1">[Arrow Down]</key>
-    <key enable="1" risk="1">[Home]</key>
-    <key enable="1" risk="1">[Page Up]</key>
-    <key enable="1" risk="1">[Page Down]</key>
-    <key enable="1" risk="1">[End]</key>
-    <key enable="1" risk="1">[Break]</key>
-    <key enable="1" risk="1">[Delete]</key>
-    <key enable="1" risk="1">[Insert]</key>
-    <key enable="1" risk="1">[Ent]</key>
-    <key enable="1" risk="1">[Print Screen]</key>
-    <key enable="1" risk="1">[Scroll Lock]</key>
-    <key enable="1" risk="1">[Caps Lock]</key>
-    <key enable="1" risk="1">[Alt]</key>
-    <key enable="1" risk="1">[Esc]</key>
-    <key enable="1" risk="1">[Back Space]</key>
-    <key enable="1" risk="1">[CONTROL]</key>
-    <key enable="1" risk="1">[PUSE]</key>
-    <key enable="1" risk="1">[LEFT]</key>
-    <key enable="1" risk="1">[RIGHT]</key>
-    <key enable="1" risk="1">[UP]</key>
-    <key enable="1" risk="1">[DOWN]</key>
-    <key enable="1" risk="1">[NUM LOCK]</key>
-    <key enable="1" risk="1">[RMOUSE]</key>
-    <key enable="1" risk="1">[LMOUSE]</key>
-    <key enable="1" risk="1">[AltRight]</key>
-    <key enable="1" risk="1">[AltLeft]</key>
-    <key enable="1" risk="1">[CtrlRight]</key>
-    <key enable="1" risk="1">[CtrlLeft]</key>
-    <key enable="1" risk="1">[ShiftRight]</key>
-    <key enable="1" risk="1">[ShiftLeft]</key>
-    <key enable="1" risk="1">[Scroll]</key>
-    <key enable="1" risk="1">[NumLock]</key>
-    <key enable="1" risk="1">[Sleep]</key>
-    <key enable="1" risk="1">[Menu]</key>
-    <key enable="1" risk="1">[WindowsRight]</key>
-    <key enable="1" risk="1">[WindowsLeft]</key>
-    <key enable="1" risk="1">[Suppr]</key>
-    <key enable="1" risk="1">[PrintScreen]</key>
-    <key enable="1" risk="1">[PageDown]</key>
-    <key enable="1" risk="1">[PageUp]</key>
-    <key enable="1" risk="1">[Caps]</key>
-    <key enable="1" risk="1">[Pause]</key>
-    <key enable="1" risk="1">[Ctrl]</key>
-    <key enable="1" risk="1">[Shift]</key>
-    <key enable="1" risk="1">[Clear]</key>
-    <key enable="1" risk="1">[DownArrow]</key>
-    <key enable="1" risk="1">[RightArrow]</key>
-    <key enable="1" risk="1">[UpArrow]</key>
-    <key enable="1" risk="1">[LeftArrow]</key>
-    <key enable="1" risk="1">[Space]</key>
-    <key enable="1" risk="1">[CapsLock]</key>
-    <key enable="1" risk="1">[ALT-DOWN]</key>
-    <key enable="1" risk="1">[ALT-UP]</key>
-    <key enable="1" risk="1">[APPS]</key>
-    <key enable="1" risk="1">[BACK]</key>
-    <key enable="1" risk="1">[CLR]</key>
-    <key enable="1" risk="1">[CTRL-DOWN]</key>
-    <key enable="1" risk="1">[CTRL-UP]</key>
-    <key enable="1" risk="1">[DEL]</key>
-    <key enable="1" risk="1">[EXECUTE]</key>
-    <key enable="1" risk="1">[F1]</key>
-    <key enable="1" risk="1">[F2]</key>
-    <key enable="1" risk="1">[F3]</key>
-    <key enable="1" risk="1">[F4]</key>
-    <key enable="1" risk="1">[F5]</key>
-    <key enable="1" risk="1">[F6]</key>
-    <key enable="1" risk="1">[F7]</key>
-    <key enable="1" risk="1">[F8]</key>
-    <key enable="1" risk="1">[F9]</key>
-    <key enable="1" risk="1">[F10]</key>
-    <key enable="1" risk="1">[F11]</key>
-    <key enable="1" risk="1">[F12]</key>
-    <key enable="1" risk="1">[HELP]</key>
-    <key enable="1" risk="1">[BACK_SPACE]</key>
-    <key enable="1" risk="1">[RETURN]</key>
-    <key enable="1" risk="1">[Esc]</key>
-    <key enable="1" risk="1">[TAB]</key>
-    <key enable="1" risk="1">[CAPS LOCK]</key>
-    <key enable="1" risk="1">[SPACE]</key>
-    <key enable="1" risk="1">[LEFT_SHIFT]</key>
-    <key enable="1" risk="1">[RIGHT_SHIFT]</key>
-    <key enable="1" risk="1">[LEFT_CONTROL]</key>
-    <key enable="1" risk="1">[RIGHT_CONTROL]</key>
-    <key enable="1" risk="1">[LCONTROL-DOWN]</key>
-    <key enable="1" risk="1">[LCONTROL-UP]</key>
-    <key enable="1" risk="1">[LMENU-DOWN]</key>
-    <key enable="1" risk="1">[LMENU-UP]</key>
-    <key enable="1" risk="1">[LWIN-DOWN]</key>
-    <key enable="1" risk="1">[LWIN-UP]</key>
-    <key enable="1" risk="1">[PGDOWN]</key>
-    <key enable="1" risk="1">[PGUP]</key>
-    <key enable="1" risk="1">[PRINT]</key>
-    <key enable="1" risk="1">[RCONTROL-DOWN]</key>
-    <key enable="1" risk="1">[RCONTROL-UP]</key>
-    <key enable="1" risk="1">[RMENU-DOWN]</key>
-    <key enable="1" risk="1">[RMENU-UP]</key>
-    <key enable="1" risk="1">[RWIN-DOWN]</key>
-    <key enable="1" risk="1">[RWIN-UP]</key>
-    <key enable="1" risk="1">[SELECT]</key>
-    <key enable="1" risk="1">[SEPARATOR]</key>
-    <key enable="1" risk="1">[SNAPSHOT]</key>
-    <key enable="1" risk="1">[PRSC]</key>
-  </keys>
-
-  <events>
-    <event enable="1" risk="1">OnActivate</event>
-    <event enable="1" risk="1">OnCanClose</event>
-    <event enable="1" risk="1">OnChange</event>
-    <event enable="1" risk="1">OnClick</event>
-    <event enable="1" risk="1">OnClose</event>
-    <event enable="1" risk="1">OnCloseQuery</event>
-    <event enable="1" risk="1">OnCloseUp</event>
-    <event enable="1" risk="1">OnClose</event>
-    <event enable="1" risk="1">OnCreate</event>
-    <event enable="1" risk="1">OnCreatePanelClass</event>
-    <event enable="1" risk="1">OnData</event>
-    <event enable="1" risk="1">OnDataFind</event>
-    <event enable="1" risk="1">OnDataHint</event>
-    <event enable="1" risk="1">OnDataStateChange</event>
-    <event enable="1" risk="1">OnDeletion</event>
-    <event enable="1" risk="1">OnDestroy</event>
-    <event enable="1" risk="1">OnDockOver</event>
-    <event enable="1" risk="1">OnDragDrop</event>
-    <event enable="1" risk="1">OnDragOver</event>
-    <event enable="1" risk="1">OnDropDown</event>
-    <event enable="1" risk="1">OnEndDock</event>
-    <event enable="1" risk="1">OnEndDrag</event>
-    <event enable="1" risk="1">OnExit</event>
-    <event enable="1" risk="1">OnKeyDown</event>
-    <event enable="1" risk="1">OnKeyPress</event>
-    <event enable="1" risk="1">OnKeyUp</event>
-    <event enable="1" risk="1">OnMouseDown</event>
-    <event enable="1" risk="1">OnMouseEnter</event>
-    <event enable="1" risk="1">OnMouseLeave</event>
-    <event enable="1" risk="1">OnMouseMove</event>
-    <event enable="1" risk="1">OnMouseUp</event>
-    <event enable="1" risk="1">OnProgress</event>
-    <event enable="1" risk="1">OnTimer</event>
-    <event enable="1" risk="1">OnUnDock</event>
-    <event enable="1" risk="1">OnUpdate</event>
-  </events>
-
-  <strings>
-    <string score="0">unzip</string>
-    <string score="0">inflate</string>
-    <string score="0">\\.\SICE</string>
-    <string score="0">\\.\SIWVID</string>
-    <string score="0">\\.\REGSYS</string>
-    <string score="0">\\.\REGVXG</string>
-    <string score="0">\\.\FILEVXG</string>
-    <string score="0">\\.\FILEM</string>
-    <string score="0">\\.\TR</string>
-
-    <string score="0">MSXML2.ServerXMLHTTP$</string>
-    <string score="0">MSXML2.DOMDocument$</string>
-    <string score="0">MSXML2.DOMDocument.6.0</string>
-    <string score="0">MSXML2.DOMDocument.5.0</string>
-    <string score="0">MSXML2.DOMDocument.4.0</string>
-    <string score="0">MSXML2.DOMDocument.3.0</string>
-    <string score="0">Word.Document.8</string>
-    <string score="0">PROJECT.THISDOCUMENT.AUTOOPEN</string>
-    <string score="0">PROJECTwm</string>
-
-    <string score="1">webcam</string>
-    <string score="1">Please Enable Content* to see this document.</string>
-    <string score="1">Enable Content</string>
-    <string score="1">Program Files (x86)</string>
-    <string score="1">Playx64</string>
-    <string score="1">PlayWin32</string>
-    <string score="1">PROCEXPLORER</string>
-    <string score="1">MSScriptControl.ScriptControl.1</string>
-    <string score="1">Embedded Control</string>
-    <string score="1">Microsoft Word 10.0</string>
-    <string score="1">OCXNAME</string>
-    <string score="0">Accept-Language: </string>
-    <string score="0">Accept-Encoding: </string>
-    <string score="0">Mr.Black</string>
-
-    <string score="0">WinZip Self-Extractor - Password</string>
-    <string score="0">This self-extracting Zip file is password protected.</string>
-    <string score="0">Windows Installer XML (3.0.5419.0)</string>
-    <string score="0">ResponseText</string>
-    <string score="0">Macros must be enabled to display the contents of the document.</string>
-
-    <string score="0">Your decryption price will</string>
-    <string score="0">Your personal files are encrypted!</string>
-    <string score="0">!!!Rescue your files!!!</string>
-    <string score="0">Any attempt to remove or corrupt this software will result</string>
-    <string score="0">Now you have the last chance to decrypt your files.</string>
-    <string score="0">Any attempt to remove or corrupt this software will result</string>
-    <string score="0">in immediate elimination of the private key by the server.</string>
-    <string score="0">the more chances are left to recover the files.</string>
-    <string score="0">You must install this browser</string>
-    <string score="0">Your decryption price will</string>
-    <string score="0">Everything is fine now decrypting all files.</string>
-    <string score="0">All files Decrypted</string>
-    <string score="0">Enter Decrypt Key</string>
-    <string score="0">WScript.Shell</string>
-    <string score="0">System Volume Information</string>
-    <string score="0">Boot</string>
-    <string score="0">This document was edited in later version of Microsoft Word.</string>
-    <string score="0">To load the document, please Enable Content.</string>
-
-    <string score="0">wevtutil clear-log Security</string>
-    <string score="0">wevtutil clear-log Setup</string>
-    <string score="0">wevtutil clear-log System</string>
-    <string score="0">wevtutil clear-log Application</string>
-    <string score="0">SECG curve over a 256 bit prime field</string>
-    <string score="0">SmartAssembly.Attributes</string>
-    <string score="0">Copyright (c) 1998-2009 by Joergen Ibsen All Rights Reserved.</string>
-    <string score="0">"Powered by SmartAssembly 6.8.0.121</string>
-    <string score="0">!Powered by SmartAssembly 6.6.1.44</string>
-
-    <string score="0">Microsoft Enhanced RSA and AES Cryptographic Provider</string>
-
-    <string score="0">$Info: This file is packed with the UPX executable packer http://upx.sf.net $</string>
-    <string score="0">$Id: UPX 3.91 Copyright (C) 1996-2013 the UPX Team. All Rights Reserved. $</string>
-    <string score="0">Microsoft Application Compatibility Toolkit 5.6</string>
-    <string score="0">System Manager</string>
-    <string score="0">Screen Capture</string>
-    <string score="0">Webcam Capture</string>
-    <string score="0">Packet Sniffer</string>
-    <string score="0">\\.\mailslot\%s</string>
-    <string score="0">Network Performance and Security Manager</string>
-    <string score="0">ProxyEnable</string>
-    <string score="0">ProxyServer</string>
-    <string score="0">ProxyOverride</string>
-    <string score="0">ProxyUserName</string>
-    <string score="0">ProxyPassword</string>
-    <string score="0">SkpWnd</string>
-    <string score="0">AdministratorsGroup</string>
-    <string score="0">NtAuthority</string>
-    <string score="0">masterkey</string>
-    <string score="0">IEHistory</string>
-    <string score="0">NT AUTHORITY</string>
-
-    <!-- Firefox -->
-    <string score="0">PR_Bind</string>
-    <string score="0">PR_Accept</string>
-    <string score="0">PR_AcceptRead</string>
-    <string score="0">PR_Connect</string>
-    <string score="0">PR_Listen</string>
-    <string score="0">PR_Read</string>
-    <string score="0">PR_Write</string>
-    <string score="0">PR_Writev</string>
-    <string score="0">PR_Close</string>
-    <string score="0">PR_Send</string>
-    <string score="0">PR_TransmitFile</string>
-    <string score="0">PR_OpenTCPSocket</string>
-    <string score="0">PR_GetSocketOption</string>
-    <string score="0">PR_SetSocketOption</string>
-    <string score="0">PR_Shutdown</string>
-    <string score="0">PR_GetError</string>
-    <string score="0">PR_SetError</string>
-    <string score="0">PR_GetNameForIdentity</string>
-
-    <!-- Unclassified -->
-    <string score="0">PClock</string>
-    <string score="0">Start scanner</string>
-    <string score="0">Scanner completed</string>
-    <string score="0">Start crypter</string>
-    <string score="0">Files encrypted</string>
-
-    <string score="0">TCustomDecompressor</string>
-    <string score="0">TCompressedBlockReader</string>
-    <string score="0">SoftDownloaderWnd</string>
-    <string score="0">MemoryScanner</string>
-    <string score="0">ActiveX Control</string>
-    <string score="0">\\.\PhysicalDrive%d</string>
-    <string score="0">Microsoft Windows Auto Update</string>
-    <string score="0">PB_DropAccept</string>
-    <string score="0">PB_WindowID</string>
-    <string score="0">IsAdmin</string>
-    <string score="0">CryptKeyType</string>
-    <string score="0">CryptKeyId</string>
-    <string score="0">NetAdapter</string>
-    <string score="0">Gateway</string>
-    <string score="0">PriWinsServer</string>
-    <string score="0">SecWinsServer</string>
-    <string score="0">DHCPServer</string>
-    <string score="0">DnsServer</string>
-    <string score="0">Microsoft Enhanced Cryptographic Provider v1.0</string>
-    <string score="0">Microsoft Base Cryptographic Provider v1.0</string>
-    <string score="0">Gestalt</string>
-    <string score="0">stub_helper</string>
-    <string score="0">vm_protect</string>
-
-    <string score="0">FtpServer</string>
-    <string score="0">FtpUserName</string>
-    <string score="0">FtpPassword</string>
-    <string score="0">FtpDirectory</string>
-    <string score="0">ServerType</string>
-    <string score="0">onEnterFrame</string>
-    <string score="0">error to get HDD firmware serial</string>
-    <string score="0">aPLib v1.01  -  the smaller the better :)</string>
-    <string score="0">TrojanEngine</string>
-    <string score="0">NetMon</string>
-    <string score="0">FileSmash</string>
-    <string score="0">IERepair</string>
-    <string score="0">KillVirus</string>
-    <string score="0">SoftMove</string>
-    <string score="0">SysClean</string>
-    <string score="0">Trojan</string>
-    <string score="0">CrashStackLen</string>
-    <string score="0">CrashDumpLen</string>
-    <string score="0">CrashStackBase64Len</string>
-    <string score="0">CrashDumpBase64Len</string>
-    <string score="0">CrashStack</string>
-    <string score="0">MinDump</string>
-    <string score="0">VIRUS</string>
-    <string score="0">QEMU</string>
-
-    <string score="0">Safengine Shielden v2.3.0.0</string>
-    <string score="0">EnumProcess</string>
-    <string score="0">InjectByPid</string>
-    <string score="0">Send to Server failed.</string>
-    <string score="0">HandShake with the server failed. Error:</string>
-    <string score="0">Microsoft Unified Security Protocol Provider</string>
-    <string score="0">ddos.bot</string>
-    <string score="0">makedir</string>
-    <string score="0">opencmd</string>
-    <string score="0">ProcessorNameString</string>
-    <string score="0">VendorIdentifier</string>
-    <string score="0">SystemBiosVersion</string>
-    <string score="0">SystemBiosDate</string>
-    <string score="0">VideoBiosVersion</string>
-    <string score="0">VideoBiosDate</string>
-    <string score="0">Windows File Protection</string>
-    <string score="0">LogonFailure</string>
-    <string score="0">killthread</string>
-    <string score="0">startkeylogger</string>
-    <string score="0">stopkeylogger</string>
-    <string score="0">listprocesses</string>
-    <string score="0">killprocess</string>
-    <string score="0">stopspy</string>
-    <string score="0">redirectspy</string>
-    <string score="0">stopredirectspy</string>
-    <string score="0">kazaabackupfiles</string>
-    <string score="0">SC_MONITORPOWER</string>
-    <string score="0">HWND_BROADCAST</string>
-    <string score="0">IsConnectedToInternet</string>
-    <string score="0">get_MachineName</string>
-    <string score="0">MacAddress</string>
-    <string score="0">InternetExplorer.Application</string>
-
-    <string score="0">EmailAddress</string>
-    <string score="0">PopServer</string>
-    <string score="0">PopPort</string>
-    <string score="0">PopAccount</string>
-    <string score="0">PopPassword</string>
-    <string score="0">SmtpServer</string>
-    <string score="0">SmtpPort</string>
-    <string score="0">SmtpAccount</string>
-    <string score="0">SmtpPassword</string>
-    <string score="0">WininetCacheCredentials</string>
-    <string score="0">PasswordType</string>
-    <string score="0">OutpostMonitor</string>
-
-    <string score="1">DisableAllPrivileges</string>
-    <string score="1">SetPrivilege</string>
-    <string score="0">telnet</string>
-    <string score="0">Download.Complete</string>
-    <string score="0">Download.Cancelled</string>
-    <string score="0">Download.Failed</string>
-    <string score="0">onLoadInit</string>
-    <string score="0">onLoadProgress</string>
-    <string score="0">onLoadError</string>
-    <string score="0">onLoadComplete</string>
-    <string score="0">onLoadStart</string>
-    <string score="0">onScroller</string>
-    <string score="0">onChanged</string>
-    <string score="0">onConstruct</string>
-    <string score="0">onDragOut</string>
-    <string score="0">onDragOver</string>
-    <string score="0">onRollOut</string>
-    <string score="0">onRollOver</string>
-    <string score="0">onReleaseOutside</string>
-    <string score="0">onRelease</string>
-    <string score="0">onPress</string>
-    <string score="0">onInitialize</string>
-    <string score="0">onKeyUp</string>
-    <string score="0">onKeyDownv</string>
-    <string score="0">onMouseUp</string>
-    <string score="0">onMouseDown</string>
-    <string score="0">onMouseMove</string>
-    <string score="0">onUnload</string>
-    <string score="0">onEnterFrame</string>
-    <string score="0">location.href</string>
-    <string score="0">xmlns:xlink</string>
-
-    <string score="0">SMTP Password</string>
-    <string score="0">HTTPMail Password</string>
-    <string score="0">NNTP Password</string>
-    <string score="0">IMAP Password</string>
-    <string score="0">POP3 Password</string>
-    <string score="0">NNTP Password</string>
-    <string score="0">IMAP Password</string>
-    <string score="0">POP3 Password</string>
-    <string score="0">IMAP Port</string>
-    <string score="0">SMTP Port</string>
-    <string score="0">POP3 Port</string>
-    <string score="0">SMTP User</string>
-    <string score="0">HTTPMail Server</string>
-    <string score="0">IMAP User</string>
-    <string score="0">POP3 User</string>
-    <string score="0">HTTP Server URL</string>
-    <string score="0">HTTP User</string>
-    <string score="0">Email</string>
-    <string score="0">IMAP User Name</string>
-    <string score="0">IMAP Server</string>
-    <string score="0">NNTP Server</string>
-    <string score="0">NNTP User Name</string>
-    <string score="0">NNTP Email Address</string>
-    <string score="0">SMTP User Name</string>
-    <string score="0">SMTP Server</string>
-    <string score="0">SMTP Email Address</string>
-
-    <string score="0">Adobe ImageReadyq</string>
-    <string score="0">ClearBrowsingHistoryOnExit</string>
-    <string score="0">GetMACAddress</string>
-    <string score="0">GetProcessesByName</string>
-    <string score="0">WebRequest</string>
-    <string score="0">WebResponse</string>
-    <string score="0">GetResponse</string>
-    <string score="0">GetVolumeSerial</string>
-    <string score="0">ENCRYPtSTRING</string>
-    <string score="0">ENCRYPTBYTe</string>
-    <string score="0">VBRUN</string>
-    <string score="0">Blowfish</string>
-    <string score="0">CreateDecryptor</string>
-    <string score="0">MD5CryptoServiceProvider</string>
-    <string score="0">TripleDESCryptoServiceProvider</string>
-    <string score="0">PaddingMode</string>
-    <string score="0">iexplorer</string>
-    <string score="0">Shell_TrayWnd</string>
-    <string score="0">ExecuteCommand</string>
-    <string score="0">RunPE</string>
-    <string score="0">CCleaner</string>
-    <string score="0">Binder</string>
-    <string score="0">SpyTheSpy</string>
-    <string score="0">TCPEye</string>
-    <string score="0">SpeedGear</string>
-    <string score="0">taskmgr</string>
-    <string score="0">IPBlocker</string>
-    <string score="0">CCleaner</string>
-    <string score="0">procexp</string>
-    <string score="0">Windows Update</string>
-    <string score="0">Payment ok</string>
-    <string score="0">Payment Received. Proceed to decryption.</string>
-    <string score="0">Waiting Payment</string>
-    <string score="0">Waiting TOR Connection</string>
-    <string score="0">TorLocker</string>
-    <string score="0">proxyPort = 58010</string>
-    <string score="0">socksParentProxy = 127.0.0.1:9150</string>
-    <string score="0">socksProxyType = socks5</string>
-    <string score="0">TorLocker_v0.9.3</string>
-    <string score="0">Wallpaper</string>
-    <string score="0">kippohome</string>
-    <string score="0">huffman</string>
-    <string score="0">DecodeHuffman</string>
-    <string score="0">Decode</string>
-    <string score="0">Inflate</string>
-    <string score="0">Unzip</string>
-    <string score="0">ZipAndEncrypt</string>
-    <string score="0">ZipAndAES</string>
-    <string score="0">LoadFile</string>
-    <string score="0">SafenSoft</string>
-    <string score="0">SysWatch</string>
-    <string score="0">McAfee</string>
-    <string score="0">Security Center</string>
-    <string score="0">Symantec</string>
-    <string score="0">Protection</string>
-    <string score="0">Norton</string>
-    <string score="0">Host OS</string>
-
-    <string score="0">ReadPort</string>
-    <string score="0">WritePort</string>
-    <string score="0">cookie_module</string>
-    <string score="0">Proxy-Connection</string>
-    <string score="0">CompressAndSend</string>
-    <string score="0">EncryptFile</string>
-    <string score="0">RunAsShellUser</string>
-    <string score="0">SVNCStartServer</string>
-    <string score="0">Terminal Server</string>
-    <string score="0">Enterprise</string>
-    <string score="0">LanmanNT</string>
-    <string score="0">CONNECTED</string>
-    <string score="0">SENDME</string>
-    <string score="0">EXTEND</string>
-    <string score="0">EXTENDED</string>
-    <string score="0">TRUNCATE</string>
-    <string score="0">TRUNCATED</string>
-    <string score="0">RESOLVE</string>
-    <string score="0">RESOLVED</string>
-    <string score="0">BEGIN_DIR</string>
-    <string score="0">ESTABLISH_INTRO</string>
-    <string score="0">ESTABLISH_RENDEZVOUS</string>
-    <string score="0">INTRODUCE1</string>
-    <string score="0">INTRODUCE2</string>
-    <string score="0">RENDEZVOUS1</string>
-    <string score="0">RENDEZVOUS2</string>
-    <string score="0">INTRO_ESTABLISHED</string>
-    <string score="0">RENDEZVOUS_ESTABLISHED</string>
-    <string score="0">INTRODUCE_ACK</string>
-    <string score="0">.onion/</string>
-    <string score="0">TMemoryScanner</string>
-    <string score="0">Symantec Shared</string>
-    <string score="0">CWSandbox</string>
-    <string score="0">AVAST Software</string>
-    <string score="0">Registry optimiser</string>
-    <string score="0">Optimizing the registry...</string>
-    <string score="0">Virtual HD</string>
-    <string score="0">db2admin</string>
-    <string score="0">changeme</string>
-    <string score="0">MsComCtl.ocx</string>
-    <string score="0">HotTracking</string>
-    <string score="0">OpenProcessToken fail</string>
-    <string score="0">AdjustTokenPrivileges fail</string>
-    <string score="0">formgrabber</string>
-    <string score="0">redirects</string>
-    <string score="0">httpinjects</string>
-    <string score="0">Transfer-Encoding</string>
-    <string score="0">NtShutdownSystem</string>
-    <string score="0">coin-miner</string>
-    <string score="0">regwrite</string>
-    <string score="0">urlmon</string>
-    <string score="0">Internet Explorer</string>
-    <string score="0">inhibitPolicyMapping</string>
-    <string score="0">Bad time value</string>
-    <string score="0">pubkey.bin</string>
-    <string score="0">openssl</string>
-    <string score="0">relativename</string>
-    <string score="0">Polynomial</string>
-    <string score="0">cryptedcount.txt</string>
-    <string score="0">explicitText</string>
-    <string score="0">ASN1</string>
-    <string score="0">requireExplicitPolicy</string>
-    <string score="0">LanmanWorkstation</string>
-    <string score="0">LanmanServer</string>
-    <string score="0">Salt Length</string>
-    <string score="0">Seed</string>
-    <string score="0">Prime</string>
-    <string score="0">config.nt</string>
-    <string score="0">autoexec.nt</string>
-    <string score="0">protocol testing</string>
-    <string score="0">experience Destroy</string>
-    <string score="0">Dispatch</string>
-    <string score="0">winsock</string>
-    <string score="0">connection failed</string>
-    <string score="0">open internet failed</string>
-    <string score="0">payload</string>
-    <string score="0">Wscript.Shell</string>
-    <string score="0">Shell.Application</string>
-    <string score="0">createobject</string>
-    <string score="0">Extracting</string>
-    <string score="0">UltraVnc</string>
-    <string score="0">UltraVncSC</string>
-    <string score="0">RunProgram</string>
-    <string score="0">Fast decoding</string>
-    <string score="0">Gina</string>
-    <string score="0">cgets</string>
-    <string score="0">NetworkService\Cookies\</string>
-    <string score="0">Scheduler</string>
-    <string score="0">Local Settings\History\History.IE5</string>
-    <string score="0">leave the progress due to 10 attempts</string>
-    <string score="0">unrarw32</string>
-    <string score="0">server</string>
-    <string score="0">verifyinginstaller</string>
-    <string score="0">CONNECT</string>
-    <string score="0">AppData</string>
-    <string score="0">admin</string>
-    <string score="0">Microsoft.VisualBasic</string>
-    <string score="0">Protocol not supported</string>
-    <string score="0">referer</string>
-    <string score="0">partner_online_url</string>
-    <string score="0">partner_new_url</string>
-    <string score="0">exe.agent.mail</string>
-    <string score="0">mail.ru</string>
-    <string score="0">password</string>
-    <string score="0">Launcher</string>
-    <string score="0">remote</string>
-    <string score="0">inject</string>
-    <string score="0">hook</string>
-    <string score="0">crack</string>
-    <string score="0">script</string>
-    <string score="0">browse</string>
-    <string score="0">Event</string>
-    <string score="0">Privilege</string>
-    <string score="0">Reboot</string>
-    <string score="0">CabinetFile</string>
-    <string score="0">cabfile</string>
-    <string score="0">extract</string>
-    <string score="0">VB Runtime Installation</string>
-    <string score="0">Command.com</string>
-    <string score="0">Resume</string>
-    <string score="0">Pause</string>
-    <string score="0">Socket</string>
-    <string score="0">GetCode</string>
-    <string score="0">Console</string>
-    <string score="0">LZStart</string>
-    <string score="0">shell</string>
-    <string score="0">alert</string>
-    <string score="0">reverse</string>
-    <string score="0">swap</string>
-    <string score="0">logon</string>
-    <string score="0">logoff</string>
-    <string score="0">HookProc</string>
-    <string score="0">attempt</string>
-    <string score="0">users</string>
-    <string score="0">load</string>
-    <string score="0">query</string>
-    <string score="0">scan</string>
-    <string score="0">module</string>
-    <string score="0">drop</string>
-    <string score="0">loop</string>
-    <string score="0">Download</string>
-    <string score="0">Upload</string>
-    <string score="0">CONNECT</string>
-    <string score="0">pipe</string>
-    <string score="0">Transaction</string>
-    <string score="0">Created by</string>
-    <string score="0">WinDir</string>
-    <string score="0">exec error</string>
-    <string score="0">application/x-www-form-urlencoded</string>
-    <string score="0">LordPE</string>
-    <string score="0">deflate</string>
-    <string score="0">60794-12b3-e4169440</string>
-    <string score="0">Keep-Alive</string>
-    <string score="0">Referer</string>
-    <string score="0">WinSta0</string>
-    <string score="0">Update</string>
-    <string score="0">Forbidden</string>
-    <string score="0">Accepted</string>
-    <string score="0">sessionid</string>
-
-    <string score="0">sharedaccess</string>
-    <string score="0">localgroup</string>
-    <string score="0">administrators</string>
-    <string score="0">Administrator</string>
-    <string score="0">guest</string>
-    <string score="0">RDP-Tcp</string>
-    <string score="0">UnknownProcess</string>
-    <string score="0">%d Day %d Hour %d Min</string>
-    <string score="0">termsrv_t</string>
-    <string score="0">Winlogon</string>
-    <string score="0">nsocket</string>
-    <string score="0">compression</string>
-    <string score="0">userprofile</string>
-    <string score="0">webkit</string>
-    <string score="0">command</string>
-    <string score="0">tracing</string>
-    <string score="0">sandbox</string>
-    <string score="0">keystroke</string>
-    <string score="0">scanning</string>
-    <string score="0">Callback</string>
-    <string score="0">torrent</string>
-    <string score="0">Outsanding</string>
-    <string score="0">localhost</string>
-    <string score="0">proxy</string>
-    <string score="0">downspeed</string>
-    <string score="0">webseeds</string>
-    <string score="0">POST</string>
-    <string score="0">fingerprint</string>
-    <string score="0">DNA_Proxy</string>
-    <string score="0">min_http_connections</string>
-    <string score="0">Unauthorized</string>
-    <string score="0">TOKEN</string>
-    <string score="0">multicast</string>
-    <string score="0">payload</string>
-    <string score="0">UPnP</string>
-    <string score="0">channel</string>
-    <string score="0">tracker</string>
-    <string score="0">NAT</string>
-    <string score="0">DHCP</string>
-    <string score="0">Host</string>
-    <string score="0">keyhash</string>
-    <string score="0">packet</string>
-    <string score="0">watchdog</string>
-    <string score="0">shared</string>
-    <string score="0">are you debugging me</string>
-    <string score="0">HHA Version 4.74.8702</string>
-
-    <string score="0">ThisprogrammustberununderWin32</string>
-    <string score="0">Exefiles</string>
-    <string score="0">Scanning</string>
-    <string score="0">StdOut</string>
-    <string score="0">Codecs</string>
-    <string score="0">ProgramFilesDir</string>
-    <string score="0">Install</string>
-    <string score="0">\Temp</string>
-    <string score="0">SHFOLDER</string>
-    <string score="0">NullsoftInst</string>
-    <string score="0">WinRAR SFX</string>
-    <string score="0">287333.dat</string>
-    <string score="0">\\cryptme\\</string>
-    <string score="0">run.vbs</string>
-    <string score="0">{0000054f-0000-0010-8000-00aa006d2ea4}</string>
-    <string score="0">Expires</string>
-    <string score="0">User-Agent</string>
-    <string score="0">Cookie</string>
-    <string score="0">Windows Update Service</string>
-    <string score="0">serialNumber</string>
-    <string score="0">userPassword</string>
-    <string score="0">public_key</string>
-    <string score="0">serial</string>
-    <string score="0">Private-Key</string>
-    <string score="0">Seed:</string>
-    <string score="0">encryption</string>
-    <string score="0">PECompact2</string>
-    <string score="0">logFile</string>
-    <string score="0">application/pdf</string>
-    <string score="0">Run as a daemon</string>
-    <string score="0">http.c</string>
-    <string score="0">client.c</string>
-    <string score="0">127.0.0.1</string>
-    <string score="0">serverTimeout</string>
-    <string score="0">Server closed connection</string>
-    <string score="0">nameserver</string>
-    <string score="0">COMSPEC</string>
-    <string score="0">OLLYDBG</string>
-    <string score="0">WinDbgFrameClass</string>
-    <string score="0">BankID</string>
-    <string score="0">Mscomctl32.ocx</string>
-    <string score="0">WebBrowser</string>
-    <string score="0">9368265E-85FE-11d1-8BE3-0000F8754DA1</string>
-    <string score="0">Scripting.FileSystemObject</string>
-    <string score="0">KerNel32.dll</string>
-    <string score="0">downloader</string>
-    <string score="0">browser</string>
-    <string score="0">RemoveRange</string>
-    <string score="0">AuthenticationMode</string>
-    <string score="0">Downloader</string>
-    <string score="0">ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/</string>
-    <string score="0">FPC 2.7.1 [2013/10/22] for i386 - Win32</string>
-    <string score="0">pipedatacontinue</string>
-    <string score="0">Shell</string>
-    <string score="0">IE 8.5</string>
-    <string score="0">whoami</string>
-    <string score="0">pidrun</string>
-    <string score="0">geturl</string>
-    <string score="0">Destroy</string>
-    <string score="0">likubes</string>
-    <string score="0">file not found</string>
-    <string score="0">_RTL_CRITICAL_SECTION_DEBUG</string>
-    <string score="0">_RTL_CRITICAL_SECTION</string>
-    <string score="0">_SECURITY_ATTRIBUTES</string>
-    <string score="0">lpSecurityDescriptor</string>
-    <string score="0">SysUtils</string>
-    <string score="0">ActiveX</string>
-    <string score="0">Sitikat</string>
-    <string score="0">ping</string>
-    <string score="0">pkxm</string>
-    <string score="0">Reply from</string>
-    <string score="0">DCOM not installed</string>
-    <string score="0">PROXY_TYPE_DIRECT</string>
-    <string score="0">PROXY_TYPE_AUTO_DETECT</string>
-    <string score="0">downfile</string>
-    <string score="0">upfile</string>
-    <string score="0">quitz</string>
-    <string score="0">debugmessage</string>
-    <string score="0">debugclient</string>
-    <string score="0">debugfile</string>
-    <string score="0">delfile</string>
-    <string score="0">delmessage</string>
-    <string score="0">delclient</string>
-    <string score="0">listfiles</string>
-    <string score="0">listmessages</string>
-    <string score="0">listclients</string>
-    <string score="0">WinSta0\Default</string>
-    <string score="0">POST</string>
-    <string score="0">CONNECT</string>
-    <string score="0">NetSubKey</string>
-    <string score="0">FileDescrsiption</string>
-    <string score="0">state.ini</string>
-    <string score="0">sha256</string>
-    <string score="0">AckPacket</string>
-    <string score="0">Connection</string>
-    <string score="0">autoRunKeyPath</string>
-    <string score="0">SIGNATURE</string>
-    <string score="0">messageId</string>
-    <string score="0">HeartBeat</string>
-    <string score="0">Request</string>
-    <string score="0">Unload</string>
-    <string score="0">RequestLoop</string>
-    <string score="0">HeartBeatLoop</string>
-    <string score="0">TcpClient</string>
-    <string score="0">Connect</string>
-    <string score="0">Login</string>
-    <string score="0">CurrentUser</string>
-    <string score="0">CreateDomain</string>
-    <string score="0">ComputeHash</string>
-    <string score="0">cookies.*</string>
-    <string score="0">Tfrmrpcap</string>
-    <string score="0">ProcessLasso_Notification_Class</string>
-    <string score="0">TSystemExplorerTrayForm.UnicodeClass</string>
-    <string score="0">PROCMON_WINDOW_CLASS</string>
-    <string score="0">PROCEXPL</string>
-    <string score="0">WdcWindow</string>
-    <string score="0">ProcessHacker</string>
-    <string score="0">Dumper</string>
-    <string score="0">Dumper64</string>
-    <string score="0">APISpy32Class</string>
-    <string score="0">Zone.Identifier</string>
-    <string score="0">:Zone.Identifier</string>
-    <string score="0">Explorer.exe:Zone.Identifier</string>
-    <string score="0">Java Update Manager</string>
-    <string score="0">runas</string>
-    <string score="0">sysprep</string>
-    <string score="0">TokenPrivilege</string>
-    <string score="0">Shutdown</string>
-    <string score="0">WebKit2WebProcess</string>
-    <string score="0">Sleeping</string>
-    <string score="0">Rijndael</string>
-    <string score="0">SystemBiosVersion</string>
-    <string score="0">VideoBiosVersion</string>
-    <string score="0">UDPV6</string>
-    <string score="0">TCPV6</string>
-    <string score="0"> deflate 1.2.3 Copyright 1995-2005 Jean-loup Gailly</string>
-    <string score="0"> deflate 1.1.4 Copyright 1995-2002 Jean-loup Gailly</string>
-    <string score="0"> inflate 1.2.3 Copyright 1995-2005 Mark Adler </string>
-    <string score="0"> inflate 1.1.4 Copyright 1995-2002 Mark Adler </string>
-    <string score="0">RegisterRawInputDevices</string>
-    <string score="0">GetRawInputData</string>
-    <string score="0">sqlite3_open</string>
-    <string score="0">sqlite3_close</string>
-    <string score="0">sqlite3_prepare_v2</string>
-    <string score="0">sqlite3_step</string>
-    <string score="0">sqlite3_column_text</string>
-    <string score="0">Hibernating</string>
-    <string score="0">downtime-started</string>
-    <string score="0">uptime-started</string>
-    <string score="0">Intel Hardware Cryptographic Service Provider</string>
-    <string score="0">lpAddress</string>
-    <string score="0">BeginInvoke</string>
-    <string score="0">EndInvoke</string>
-    <string score="0">StatusChecker</string>
-    <string score="0">Encoding</string>
-    <string score="0">stand by</string>
-    <string score="0">startime</string>
-    <string score="0">throttle</string>
-    <string score="0">Mandatory Level</string>
-    <string score="0">_invoke_watson</string>
-    <string score="0">remove</string>
-    <string score="0">debug</string>
-    <string score="0">hostname</string>
-    <string score="0">clientkey</string>
-    <string score="0">reqfilepath</string>
-    <string score="0">reqfile</string>
-    <string score="0">postvalue</string>
-    <string score="0">postfile</string>
-    <string score="0">postdata</string>
-    <string score="0">mkdir</string>
-    <string score="0">rmdir</string>
-    <string score="0">chdir</string>
-    <string score="0">rpcsrv</string>
-    <string score="0">svchost</string>
-    <string score="0">Deleting Service...</string>
-    <string score="0">Service uninstall success.</string>
-    <string score="0">CompareString</string>
-    <string score="0">Engine started</string>
-    <string score="0">Running in background</string>
-    <string score="0">Stale thread</string>
-    <string score="0">Locking doors</string>
-    <string score="0">Rotors engaged</string>
-    <string score="0">\DosDevices\DKOM_Driver</string>
-    <string score="0">\Device\DKOM_Driver</string>
-    <string score="0">Process successfully hidden.</string>
-    <string score="0">Process ID: %d</string>
-    <string score="0">EPROCESS address: %#x</string>
-    <string score="0">ActiveProcessLinks offset: %#x</string>
-    <string score="0">Extracting %s</string>
-    <string score="0">Couponserver</string>
-    <string score="0">xmlUrl</string>
-    <string score="0">LoadXml</string>
-    <string score="0">LocalMachine</string>
-    <string score="0">DownloadAll</string>
-    <string score="0">DownloadComplete</string>
-    <string score="0">DownloadFile</string>
-    <string score="0">DownloadFileAsync</string>
-    <string score="0">DownloadServer</string>
-    <string score="0">DownloadThreads</string>
-    <string score="0">DownloadUrl</string>
-    <string score="0">Downloaded</string>
-    <string score="0">DownloadedBrowser</string>
-    <string score="0">Downloading...</string>
-    <string score="0">CorruptedMachine</string>
-    <string score="0">HtmlGenerator</string>
-    <string score="0">MachineInfo</string>
-    <string score="0">MachineRestriction</string>
-    <string score="0">RegSAM</string>
-    <string score="0">MemoryManagement</string>
-    <string score="0">Trackingurls</string>
-    <string score="0">DownloadUrl</string>
-    <string score="0">QueueDownloader</string>
-    <string score="0">ZipManager</string>
-    <string score="0">ZipStorer</string>
-    <string score="0">Firefox</string>
-    <string score="0">Chrome</string>
-    <string score="0">InternetExplorer</string>
-    <string score="0">GetIEVersion</string>
-    <string score="0">GetWBVersion</string>
-    <string score="0">webBrowser1</string>
-    <string score="0">changeHtmlCode</string>
-    <string score="0">retries</string>
-    <string score="0">completed</string>
-    <string score="0">addextension</string>
-    <string score="0">DownloadComplete</string>
-    <string score="0">add_DownloadComplete</string>
-    <string score="0">remove_DownloadComplete</string>
-    <string score="0">DownloadThreads</string>
-    <string score="0">Arquitecture</string>
-    <string score="0">internetTurbo</string>
-    <string score="0">strongvault</string>
-    <string score="0">amonetize</string>
-    <string score="0">Couponserver</string>
-    <string score="0">ShoppingChip</string>
-    <string score="0">UsedBrowser</string>
-    <string score="0">AndroidAPK</string>
-    <string score="0">IexplorerMinVersion</string>
-    <string score="0">checkMachineInfo</string>
-    <string score="0">checkCouponserver</string>
-    <string score="0">checkInternet</string>
-    <string score="0">hideWhenInstalling</string>
-    <string score="0">WebmasterId</string>
-    <string score="0">firewalls</string>
-    <string score="0">IsControlled</string>
-    <string score="0">Microsoft Network Monitoring Service</string>
-    <string score="0">Host Process for Windows Services</string>
-    <string score="0">MsNetMonitor</string>
-    <string score="0">HideWindow</string>
-    <string score="0">Windows Filter Driver</string>
-    <string score="0">firewall</string>
-    <string score="0">IsUserAdministrator</string>
-    <string score="0">CreateSubKey</string>
-    <string score="0">NotifyDownloading</string>
-    <string score="0">isvirtualMachine</string>
-    <string score="0">isdebugging</string>
-    <string score="0">HasDebugger</string>
-    <string score="0">debugging</string>
-    <string score="0">checkurls</string>
-    <string score="0">ListSoftwares</string>
-    <string score="0">CheckAdminPrivileges</string>
-    <string score="0">TrackOnDefaultBrowser</string>
-    <string score="0">GetDomain</string>
-    <string score="0">checkdomain</string>
-    <string score="0">bytesDownloaded</string>
-    <string score="0">logger</string>
-    <string score="0">This plugin is already loaded.</string>
-    <string score="0">The plugin you are trying to load does not exist</string>
-    <string score="0">Hook cleaning on</string>
-    <string score="0">PiD obfuscation on</string>
-    <string score="0">Code injection successful!</string>
-    <string score="0">Code injection failed!</string>
-    <string score="0">Injecting code ...</string>
-    <string score="0">Code Injection</string>
-    <string score="0">Creating a remote thread ...</string>
-    <string score="0">Keylogging disabled.</string>
-    <string score="0">failed to get memory</string>
-    <string score="0">#requireadmin</string>
-    <string score="0">#notrayicon</string>
-    <string score="0">#include-once</string>
-    <string score="0">D:\RECYCLER\</string>
-    <string score="0">Windows Registry Editor Version 5.00</string>
-    <string score="0">DisallowRun</string>
-    <string score="0">NoDriveTypeAutoRun</string>
-    <string score="0">HideFileExt</string>
-    <string score="0">Hidden</string>
-    <string score="0">Application cannot be run with debugger or monitoring tool(s) loaded!</string>
-    <string score="0">Logon User Name</string>
-    <string score="0">NoFolderOptions</string>
-
-    <string score="0">Starting Hide myself ...</string>
-    <string score="0">Starting Killing myself ...</string>
-    <string score="0">newKeyPair</string>
-    <string score="0">privateKey</string>
-    <string score="0">publicKey</string>
-    <string score="0">cypherText</string>
-    <string score="0">LZO real-time data compression library.</string>
-
-    <string score="0">Access denied!</string>
-    <string score="0">Total entries: %d</string>
-    <string score="0">Entries enumerated: %d</string>
-    <string score="0">Upload file ok!</string>
-    <string score="0">create remote file error!</string>
-    <string score="0">Download file ok!</string>
-    <string score="0">Reading remote file error!</string>
-    <string score="0">create pipe error!</string>
-    <string score="0">start cmd error!</string>
-    <string score="0">Logon user err!</string>
-    <string score="0">execute error!</string>
-    <string score="0">bind cmd frist!</string>
-    <string score="0">get user name error!</string>
-    <string score="0">cant get ver info!</string>
-    <string score="0">Windows?</string>
-    <string score="0">Remote</string>
-    <string score="0">Ramdisk</string>
-    <string score="0">Client process-%d-stoped!</string>
-    <string score="0">Create localfile error!</string>
-    <string score="0">DownloadEnd</string>
-    <string score="0">List domain server ok!#</string>
-    <string score="0">fileupload</string>
-    <string score="0">cruisenet</string>
-    <string score="0">javascript:</string>
-
-    <string score="0">All the important files on your computer were encrypted.</string>
-    <string score="0">All the important files on your disks were encrypted.</string>
-
-    <string score="0">Schedule service command line interface</string>
-    <string score="0">already running</string>
-    <string score="0">Botnet has been shutdown - restart bot?</string>
-    <string score="0">Botnet shutdown</string>
-    <string score="0">QUIT :Botnet shutdown</string>
-    <string score="0">PRIVMSG %s :bingo - botnet shutting down</string>
-    <string score="0">Anti-debug</string>
-    <string score="0">.detour</string>
-    <string score="0">Detoured</string>
-    <string score="0">Client hook allocation failure.</string>
-    <string score="0">silentpostback</string>
-    <string score="0">AlreadyRunning</string>
-    <string score="0">StubInfo</string>
-    <string score="0">wrapper</string>
-    <string score="0">keeplog</string>
-    <string score="0">pingdialog</string>
-    <string score="0">runonce</string>
-    <string score="0">noreq</string>
-    <string score="0">verifycookies</string>
-    <string score="0">account</string>
-    <string score="0">accountid</string>
-    <string score="0">selftest</string>
-    <string score="0">silenterr</string>
-    <string score="0">preload</string>
-    <string score="0">PostbackSent</string>
-    <string score="0">StubRun</string>
-    <string score="0">StubExtract</string>
-    <string score="0">WaitablePort</string>
-    <string score="0">Waiting</string>
-    <string score="0">Waiting Connections</string>
-    <string score="0">ServiceMain</string>
-    <string score="0">ServTestDos</string>
-    <string score="0">VBoxGuest</string>
-    <string score="0">Betabot</string>
-    <string score="0">HGFS</string>
-    <string score="0">Hashtable</string>
-    <string score="0">GetResourceString</string>
-    <string score="0">Monitor</string>
-    <string score="0">www.memtest86.com</string>
-    <string score="0">boxedapp.com</string>
-    <string score="0">RegServer</string>
-    <string score="0">Send ack is successful.</string>
-    <string score="0">Get the right data.</string>
-    <string score="0">Receiving acknowledgment is successful.</string>
-    <string score="0">Receiving packet failed.</string>
-    <string score="0">Sending packet success...</string>
-    <string score="0">Cant get the right data</string>
-    <string score="0">Initialization is successful.</string>
-    <string score="0">Initialization is failed.</string>
-    <string score="0">tempPass.txt</string>
-    <string score="0">POP3 Password2</string>
-    <string score="0">POP3 Server</string>
-    <string score="0">POP3 User Name</string>
-    <string score="0">HTTPMail Password2</string>
-    <string score="0">HTTPMail User Name</string>
-    <string score="0"> 2004 2005 Pierre le Riche / Professional Software Development</string>
-    <string score="0">Broadcast adress :</string>
-    <string score="0">Broadcasts : NO</string>
-    <string score="0">Broadcasts : YES</string>
-    <string score="0">SHELLEXECUTE</string>
-    <string score="0">SHELLEXECUTEWAIT</string>
-    <string score="0">#BOT#CloseServer</string>
-    <string score="0">#BOT#OpenUrl</string>
-    <string score="0">#BOT#Ping</string>
-    <string score="0">#BOT#RunPrompt</string>
-    <string score="0">#BOT#SvrUninstall</string>
-    <string score="0">#BOT#URLDownload</string>
-    <string score="0">#BOT#URLUpdate</string>
-    <string score="0">#BOT#VisitUrl</string>
-    <string score="0">#CAMEND</string>
-    <string score="0">#FreezeIO</string>
-    <string score="0">#GetClipboardText</string>
-    <string score="0">#GetScreenSize</string>
-    <string score="0">#KCMDDC51#-</string>
-    <string score="0">#KEEPALIVE#</string>
-    <string score="0">#RemoteScreenSize</string>
-    <string score="0">#SendClip</string>
-    <string score="0">#SendTaskMgr</string>
-    <string score="0">#UnFreezeIO</string>
-    <string score="0">%IPPORTSCAN</string>
-    <string score="0">ActiveOfflineKeylogger</string>
-    <string score="0">ActiveOnlineKeyStrokes</string>
-    <string score="0">ActiveOnlineKeylogger</string>
-    <string score="0">AntiVirusDisableNotify</string>
-    <string score="0">BTMemoryLoadLibary: Cant attach library</string>
-    <string score="0">Be Right Back</string>
-    <string score="0">DownloadFail</string>
-    <string score="0">DownloadSuccess</string>
-    <string score="0">Progman</string>
-    <string score="0">Sender</string>
-    <string score="0">UPLOADEXEC</string>
-    <string score="0">UPLOADFILE</string>
-    <string score="0">UnActiveOfflineKeylogger</string>
-    <string score="0">UnActiveOnlineKeyStrokes</string>
-    <string score="0">UnBlockContact</string>
-    <string score="0">Video Capture</string>
-    <string score="0">WEBCAMLIVE</string>
-    <string score="0">WEBCAMSTOP</string>
-    <string score="0">drivers\etc\hosts</string>
-    <string score="0">unknown compression method</string>
-    <string score="0">wscsvc</string>
-    <string score="0">httpstop</string>
-    <string score="0">logstop</string>
-    <string score="0">ftfpstop</string>
-    <string score="0">procsstop</string>
-    <string score="0">securestop</string>
-    <string score="0">reconnect</string>
-    <string score="0">disconnect</string>
-    <string score="0">botid</string>
-    <string score="0">aliases</string>
-    <string score="0">flusharp</string>
-    <string score="0">flushdns</string>
-    <string score="0">crash</string>
-    <string score="0">killthreads</string>
-    <string score="0">killproc</string>
-    <string score="0">killid</string>
-    <string score="0">.download</string>
-    <string score="0">.update</string>
-    <string score="0">Kennwort</string>
-    <string score="0">Object dump complete.</string>
-    <string score="0">PAYPAL</string>
-    <string score="0">PAYPAL.COM</string>
-    <string score="0">Ping flood</string>
-    <string score="0">ROOTED</string>
-    <string score="0">Rebooting system</string>
-    <string score="0">Reconnecting</string>
-    <string score="0">Referer: %s</string>
-    <string score="0">Remote Command Prompt</string>
-    <string score="0">Removing Bot</string>
-    <string score="0">[DDoS]</string>
-    <string score="0">[KEYLOG]: %s</string>
-    <string score="0">[PSNIFF]</string>
-    <string score="0">[PING]</string>
-    <string score="0">[TFTP]</string>
-    <string score="0">[UPD]</string>
-    <string score="0">Download complete</string>
-    <string score="0">ALIEN-Z</string>
-    <string score="0">\Google\Chrome\User Data</string>
-    <string score="0">VncSrvWndProc</string>
-    <string score="0">VncStopServer</string>
-    <string score="0">VncStartServer</string>
-    <string score="0">VNCCreateServer</string>
-    <string score="0">VNCServerThread</string>
-    <string score="0">VNCStartServer</string>
-    <string score="0">FPUMaskValue</string>
-    <string score="0">PhysicalDrive0</string>
-    <string score="0">Protection Error</string>
-    <string score="0">LOADER ERROR</string>
-    <string score="0">The procedure entry point</string>
-    <string score="0">Invalid DOS signature</string>
-    <string score="0">Invalid COFF signature</string>
-    <string score="0">Invalid Windows Image</string>
-    <string score="0">Host is down.</string>
-    <string score="0">No route to host.</string>
-    <string score="0">CoMessengerU</string>
-    <string score="0">debugger</string>
-    <string score="0">sample</string>
-    <string score="0">virtual</string>
-    <string score="0">emulat</string>
-    <string score="0">GetProcesses</string>
-    <string score="0">MemoryStream</string>
-    <string score="0">GZipStream</string>
-    <string score="0">MulticastDelegate</string>
-    <string score="0">IAT processed</string>
-    <string score="0">putfile:</string>
-    <string score="0">getfile:</string>
-    <string score="0">Connecting</string>
-    <string score="0">Downloading</string>
-    <string score="0">Connecting</string>
-    <string score="0">Reconnect Pause</string>
-    <string score="0">Terminated</string>
-    <string score="0">Transfer Error</string>
-    <string score="0">Connection Error</string>
-    <string score="0">OpenRequest Error</string>
-    <string score="0">SendRequest Error</string>
-    <string score="0">URL Parts Error</string>
-    <string score="0">CreateThread Error</string>
-    <string score="0">Request Error</string>
-    <string score="0">Server Error</string>
-    <string score="0">Redirection</string>
-    <string score="0">TypeLib</string>
-    <string score="0">Interface</string>
-    <string score="0">FileType</string>
-    <string score="0">Component Categories</string>
-    <string score="0">CLSID</string>
-    <string score="0">AppID</string>
-    <string score="0">Delete</string>
-    <string score="0">NoRemove</string>
-    <string score="0">ForceRemove</string>
-    <string score="0">Keylogger</string>
-    <string score="0">crypter</string>
-    <string score="0">vbox</string>
-    <string score="0">NetKeyLogger</string>
-    <string score="0">TARGET</string>
-    <string score="0">pipeline</string>
-    <string score="0">miner</string>
-    <string score="0">Execute ERROR</string>
-    <string score="0">Download ERROR</string>
-    <string score="0">Executed As</string>
-    <string score="0">Execute ERROR</string>
-    <string score="0">Update ERROR</string>
-    <string score="0">Updating To</string>
-    <string score="0">Update ERROR</string>
-    <string score="0">ASPNET</string>
-    <string score="0">IUSR_</string>
-    <string score="0">IWAM_</string>
-    <string score="0">ASPNET</string>
-    <string score="0">POP3</string>
-    <string score="0">Admins</string>
-    <string score="0">webBrowser2</string>
-    <string score="0">IEFrame</string>
-    <string score="0">\\.\pipe\</string>
-    <string score="0">permission denied</string>
-    <string score="0">permission_denied</string>
-    <string score="0">connection_already_in_progress</string>
-    <string score="0">connection_aborted</string>
-    <string score="0">connection_refused</string>
-    <string score="0">host_unreachable</string>
-    <string score="0">already_connected</string>
-    <string score="0">network_down</string>
-    <string score="0">network_reset</string>
-    <string score="0">network_unreachable</string>
-    <string score="0">not_connected</string>
-    <string score="0">wrong_protocol_type</string>
-    <string score="0">broken pipe</string>
-    <string score="0">connection aborted</string>
-    <string score="0">connection already in progress</string>
-    <string score="0">connection refused</string>
-    <string score="0">host unreachable</string>
-    <string score="0">network down</string>
-    <string score="0">network reset</string>
-    <string score="0">network unreachable</string>
-    <string score="0">owner dead</string>
-    <string score="0">protocol error</string>
-    <string score="0">wrong protocol type</string>
-    <string score="0">EXECUTABLE</string>
-    <string score="0">master</string>
-    <string score="0">debian</string>
-    <string score="0">mysql</string>
-    <string score="0">daemon</string>
-    <string score="0">backup</string>
-    <string score="0">redhat</string>
-    <string score="0">VNC%d.%d</string>
-    <string score="0">exploitable</string>
-    <string score="0">passwd</string>
-    <string score="0">proxypasswd</string>
-    <string score="0">proxyuser</string>
-    <string score="0">Login denied</string>
-    <string score="0">Remote file not found</string>
-    <string score="0">RenameFile</string>
-    <string score="0">RunPrompt</string>
-    <string score="0">RunSelectedAsAdmin</string>
-    <string score="0">RunSelectedHidden</string>
-    <string score="0">RunSelectedShow</string>
-    <string score="0">RemoteMachineName</string>
-    <string score="0">AheadLib</string>
-    <string score="0">PlusDLL</string>
-    <string score="0">PLUSUNIT</string>
-    <string score="0">web-browser</string>
-    <string score="0">SetHook</string>
-    <string score="0">TMemoryScanner</string>
-    <string score="0">Protect</string>
-    <string score="0">PAGE_NOACCESS</string>
-    <string score="0">PAGE_READONLY</string>
-    <string score="0">PAGE_READWRITE</string>
-    <string score="0">PAGE_WRITECOPY</string>
-    <string score="0">PAGE_EXECUTE</string>
-    <string score="0">PAGE_EXECUTE_READ</string>
-    <string score="0">PAGE_EXECUTE_READWRITE</string>
-    <string score="0">PAGE_EXECUTE_WRITECOPY</string>
-    <string score="0">PAGE_GUARD</string>
-    <string score="0">PAGE_NOCACHE</string>
-    <string score="0">PAGE_WRITECOMBINE</string>
-
-    <string score="0">EXECUTE</string>
-    <string score="0">EXECUTE_READ</string>
-    <string score="0">EXECUTE_READWRITE</string>
-    <string score="0">EXECUTE_WRITECOPY</string>
-    <string score="0">NOACCESS</string>
-    <string score="0">READONLY</string>
-    <string score="0">READWRITE</string>
-    <string score="0">WRITECOPY</string>
-    <string score="0">MOVEFILE_REPLACE_EXISTING</string>
-    <string score="0">MOVEFILE_COPY_ALLOWED</string>
-    <string score="0">MOVEFILE_DELAY_UNTIL_REBOOT</string>
-    <string score="0">MOVEFILE_WRITE_THROUGH</string>
-
-    <string score="0">TokenUser</string>
-    <string score="0">TokenGroups</string>
-    <string score="0">TokenPrivileges</string>
-    <string score="0">TokenOwner</string>
-    <string score="0">TokenPrimaryGroup</string>
-    <string score="0">TokenDefaultDacl</string>
-    <string score="0">TokenSource</string>
-    <string score="0">TokenType</string>
-    <string score="0">TokenImpersonationLevel</string>
-    <string score="0">TokenStatistics</string>
-    <string score="0">TokenRestrictedSids</string>
-    <string score="0">TokenSessionId</string>
-    <string score="0">TokenGroupsAndPrivileges</string>
-    <string score="0">TokenSessionReference</string>
-    <string score="0">TokenSandBoxInert</string>
-    <string score="0">TokenAuditPolicy</string>
-    <string score="0">TokenOrigin</string>
-    <string score="0">TokenElevationType</string>
-    <string score="0">TokenLinkedToken</string>
-    <string score="0">TokenElevation</string>
-    <string score="0">TokenHasRestrictions</string>
-    <string score="0">TokenAccessInformation</string>
-    <string score="0">TokenVirtualizationAllowed</string>
-    <string score="0">TokenVirtualizationEnabled</string>
-    <string score="0">TokenIntegrityLevel</string>
-    <string score="0">TokenUIAccess</string>
-    <string score="0">TokenMandatoryPolicy</string>
-    <string score="0">TokenLogonSid</string>
-    <string score="0">TokenPrimary</string>
-    <string score="0">TokenImpersonation</string>
-    <string score="0">SecurityAnonymous</string>
-    <string score="0">SecurityIdentification</string>
-    <string score="0">SecurityImpersonation</string>
-    <string score="0">SecurityDelegation</string>
-
-    <string score="0">\\.\PhysicalDrive0</string>
-
-    <!-- VM patterns -->
-    <string score="0">windowsupdate</string>
-    <string score="0">wilderssecurity</string>
-    <string score="0">castlecops</string>
-    <string score="0">spamhaus</string>
-    <string score="0">cpsecure</string>
-    <string score="0">arcabit</string>
-    <string score="0">emsisoft</string>
-    <string score="0">sunbelt</string>
-    <string score="0">securecomputing</string>
-    <string score="0">rising</string>
-    <string score="0">prevx</string>
-    <string score="0">computerassociates</string>
-    <string score="0">networkassociates</string>
-    <string score="0">etrust</string>
-    <string score="0">rootkit</string>
-    <string score="0">spyware</string>
-
-    <string score="0">vmdebug</string>
-    <string score="0">VMware Replay Debugging Helper</string>
-    <string score="0">VMware VMCI Bus Driver</string>
-    <string score="0">vmci</string>
-    <string score="0">VMware Pointing Device</string>
-    <string score="0">vmmouse</string>
-    <string score="0">Virtual Machine Additions Mouse Integration Filter Driver</string>
-    <string score="0">msvmmouf</string>
-    <string score="0">MS Virtual SCSI Disk Device</string>
-    <string score="0">VMware Workstation v10</string>
-    <string score="0">VMwareDragDetWndClass</string>
-    <string score="0">VMwareSwitchUserControlClass</string>
-    <string score="0">VMware</string>
-    <string score="0">VMware Pointing</string>
-    <string score="0">VMware server memory</string>
-    <string score="0">VMware Replay</string>
-    <string score="0">AntiVirtualBox</string>
-    <string score="0">AntiVmWare</string>
-    <string score="0">AntiVirtualPC</string>
-    <string score="0">AntiMalwarebytes</string>
-    <string score="0">AntiOllydbg</string>
-    <string score="0">AntiWireshark</string>
-    <string score="0">antiSpyware</string>
-    <string score="0">Anti-Virus</string>
-    <string score="0">avast!</string>
-    <string score="0">AntiVir</string>
-    <string score="0">Inspection</string>
-    <string score="0">Malware</string>
-    <string score="0">Norton Personal Firewall</string>
-    <string score="0">ZoneAlarm</string>
-    <string score="0">Comodo Firewall</string>
-    <string score="0">eTrust EZ Firewall</string>
-    <string score="0">F-Secure Internet Security</string>
-    <string score="0">McAfee Personal Firewall</string>
-    <string score="0">Outpost Personal Firewall</string>
-    <string score="0">Panda Internet Seciruty Suite</string>
-    <string score="0">Panda Anti-Virus/Firewall</string>
-    <string score="0">BitDefnder/Bull Guard Antivirus</string>
-    <string score="0">Rising Firewall</string>
-    <string score="0">360Safe AntiArp</string>
-    <string score="0">Kingsoft Safe</string>
-    <string score="0">Fiddler</string>
-    <string score="0">wireshark</string>
-    <string score="0">Chromium</string>
-    <string score="80">!This is a PE executable</string>
-
-    <string score="0">NEWGRAB</string>
-    <string score="0">SCREENSHOT</string>
-    <string score="0">sURL</string>
-    <string score="0">sFileName</string>
-
-    <string score="0">AddressBook</string>
-    <string score="0">TrustedPeople</string>
-    <string score="0">TrustedPublisher</string>
-    <string score="0">RunProgram</string>
-    <string score="0">GUIMode</string>
-    <string score="0">@Install@</string>
-    <string score="0">@InstallEnd@</string>
-    <string score="0">protocol_not_supported</string>
-    <string score="0">network down</string>
-    <string score="0">network reset</string>
-    <string score="0">network unreachable</string>
-    <string score="0">network_down</string>
-    <string score="0">network_reset</string>
-    <string score="0">network_unreachable</string>
-    <string score="0">host unreachable</string>
-    <string score="0">host_unreachable</string>
-    <string score="0">PendingFileRenameOperations</string>
-    <string score="0">MyApplication.app</string>
-    <string score="0">Microsoft.Windows.MyCoolApp</string>
-    <string score="0">Application description here</string>
-    <string score="0">InstallHOOK</string>
-    <string score="0">InstallLocalHOOK</string>
-    <string score="0">UninstallHOOK</string>
-    <string score="0">ZLibEx</string>
-    <string score="0">PsAPI</string>
-    <string score="0">Xenocode Virtual Desktop</string>
-    <string score="0">start.spoon.net</string>
-    <string score="0">Spoon Virtual Machine</string>
-    <string score="0">Xenocode Virtual Appliance Runtime</string>
-    <string score="0">CPlApplet</string>
-    <string score="0">Java Security Plugin</string>
-    <string score="0">javaplugin</string>
-    <string score="0">Java Security Plugin</string>
-    <string score="0">Sun Java Security Plugin</string>
-    <string score="0">VMProtect begin</string>
-    <string score="0">VMProtect end</string>
-    <string score="0">[BeginChat]</string>
-    <string score="0">friend</string>
-    <string score="0">KernelUtil</string>
-    <string score="0">NETWORK SERVICE</string>
-    <string score="0">Cookies</string>
-    <string score="0">Administrative Tools</string>
-    <string score="0">WinFTP</string>
-    <string score="0">PortNumber</string>
-    <string score="0">CREATE_SUSPENDED</string>
-    <string score="0">VBScript.Encode</string>
-    <string score="0">JScript.Encode</string>
-    <string score="0">WScript</string>
-    <string score="0">ExeScriptPAD</string>
-    <string score="0">ExeScript</string>
-    <string score="0">silent</string>
-    <string score="0">ExeScript Host</string>
-    <string score="0">onbeforeunload</string>
-    <string score="0">onunload</string>
-    <string score="0">Godmode</string>
-    <string score="0">anonymous</string>
-    <string score="0">Connecting....</string>
-    <string score="0">DECOMPRESSOR</string>
-    <string score="0">antivirus</string>
-    <string score="0">AntivirusProduct</string>
-    <string score="0">DefaultBrowser</string>
-    <string score="0">MemoryProtection</string>
-    <string score="0">BaseScript</string>
-    <string score="0">Updater</string>
-    <string score="0">SafeStarter</string>
-    <string score="0">CreateProcessInternal</string>
-    <string score="0">IDetourHook</string>
-    <string score="0">DetourHook</string>
-
-    <string score="0">productUptoDate</string>
-    <string score="0">productState</string>
-
-    <!-- WMI-->
-    <string score="0">ScriptText</string>
-    <string score="0">ScriptingEngine</string>
-    <string score="0">ProbeScriptFint</string>
-    <string score="0">ActiveScriptEventConsumer</string>
-    <string score="0">__EventConsumer</string>
-    <string score="0">__EventFilter</string>
-    <string score="0">__FilterToConsumerBinding</string>
-    <string score="0">__TimerInstruction</string>
-    <string score="0">root/cimv2</string>
-    <string score="0">WbemScripting.SWbemLocator</string>
-    <string score="0">ROOT\CIMV2</string>
-    <string score="0">SELECT * from Win32_BaseBoard</string>
-    <string score="0">Manufacturer</string>
-    <string score="0">Model</string>
-    <string score="0">SerialNumber</string>
-    <string score="0">ChassisTypes</string>
-    <string score="0">SMBIOSAssetTag</string>
-
-    <!-- SQL -->
-    <string score="0">CREATE %s %.*s</string>
-    <string score="0">CREATE TABLE</string>
-    <string score="0">CREATE TABLE %Q.%s(%s)</string>
-    <string score="0">CREATE TABLE sqlite_master(</string>
-    <string score="0">CREATE VIRTUAL TABLE %T</string>
-    <string score="0">CREATE%s INDEX %.*s</string>
-
-    <string score="0">WMessages</string>
-    <string score="0">WM_HTML_GETOBJECT</string>
-    <string score="0">WM_MOUSEMOVE</string>
-    <string score="0">WM_LBUTTONUP</string>
-    <string score="0">WM_LBUTTONDOWN</string>
-    <string score="0">WM_COPYDATA</string>
-
-    <string score="0">STANDARD_RIGHTS_REQUIRED</string>
-    <string score="0">STANDARD_RIGHTS_READ</string>
-    <string score="0">TOKEN_ASSIGN_PRIMARY</string>
-    <string score="0">TOKEN_DUPLICATE</string>
-    <string score="0">TOKEN_IMPERSONATE</string>
-    <string score="0">TOKEN_QUERY</string>
-    <string score="0">TOKEN_QUERY_SOURCE</string>
-    <string score="0">TOKEN_ADJUST_PRIVILEGES</string>
-    <string score="0">TOKEN_ADJUST_GROUPS</string>
-    <string score="0">TOKEN_ADJUST_DEFAULT</string>
-    <string score="0">TOKEN_ADJUST_SESSIONID</string>
-    <string score="0">TOKEN_READ</string>
-    <string score="0">TOKEN_ALL_ACCESS</string>
-    <string score="0">ERROR_INSUFFICIENT_BUFFER</string>
-    <string score="0">SECURITY_MANDATORY_UNTRUSTED_RID</string>
-    <string score="0">SECURITY_MANDATORY_LOW_RID</string>
-    <string score="0">SECURITY_MANDATORY_MEDIUM_RID</string>
-    <string score="0">SECURITY_MANDATORY_HIGH_RID</string>
-    <string score="0">SECURITY_MANDATORY_SYSTEM_RID</string>
-    <string score="0">SECURITY_MANDATORY_LABEL_AUTHORITY</string>
-
-    <string score="0">SE_PRIVILEGE_ENABLED_BY_DEFAULT</string>
-    <string score="0">SE_PRIVILEGE_ENABLED</string>
-    <string score="0">SE_PRIVILEGE_REMOVED</string>
-    <string score="0">SE_PRIVILEGE_USED_FOR_ACCESS</string>
-    <string score="0">SE_PRIVILEGE_VALID_ATTRIBUTES</string>
-
-    <string score="0">SE_CREATE_TOKEN_NAME</string>
-    <string score="0">SE_ASSIGNPRIMARYTOKEN_NAME</string>
-    <string score="0">SE_LOCK_MEMORY_NAME</string>
-    <string score="0">SE_INCREASE_QUOTA_NAME</string>
-    <string score="0">SE_UNSOLICITED_INPUT_NAME</string>
-    <string score="0">SE_MACHINE_ACCOUNT_NAME</string>
-    <string score="0">SE_TCB_NAME</string>
-    <string score="0">SE_SECURITY_NAME</string>
-    <string score="0">SE_TAKE_OWNERSHIP_NAME</string>
-    <string score="0">SE_LOAD_DRIVER_NAME</string>
-    <string score="0">SE_SYSTEM_PROFILE_NAME</string>
-    <string score="0">SE_SYSTEMTIME_NAME</string>
-    <string score="0">SE_PROF_SINGLE_PROCESS_NAME</string>
-    <string score="0">SE_INC_BASE_PRIORITY_NAME</string>
-    <string score="0">SE_CREATE_PAGEFILE_NAME</string>
-    <string score="0">SE_CREATE_PERMANENT_NAME</string>
-    <string score="0">SE_BACKUP_NAME</string>
-    <string score="0">SE_RESTORE_NAME</string>
-    <string score="0">SE_SHUTDOWN_NAME</string>
-    <string score="0">SE_DEBUG_NAME</string>
-    <string score="0">SE_AUDIT_NAME</string>
-    <string score="0">SE_SYSTEM_ENVIRONMENT_NAME</string>
-    <string score="0">SE_CHANGE_NOTIFY_NAME</string>
-    <string score="0">SE_REMOTE_SHUTDOWN_NAME</string>
-    <string score="0">SE_UNDOCK_NAME</string>
-    <string score="0">SE_SYNC_AGENT_NAME</string>
-    <string score="0">SE_ENABLE_DELEGATION_NAME</string>
-    <string score="0">SE_MANAGE_VOLUME_NAME</string>
-    <string score="0">SE_IMPERSONATE_NAME</string>
-    <string score="0">SE_CREATE_GLOBAL_NAME</string>
-    <string score="0">SE_TRUSTED_CREDMAN_ACCESS_NAME</string>
-    <string score="0">SE_RELABEL_NAME</string>
-    <string score="0">SE_INC_WORKING_SET_NAME</string>
-    <string score="0">SE_TIME_ZONE_NAME</string>
-    <string score="0">SE_CREATE_SYMBOLIC_LINK_NAME</string>
-
-    <string score="0">SE_GROUP_ENABLED_BY_DEFAULT</string>
-    <string score="0">SE_GROUP_ENABLED</string>
-    <string score="0">SE_GROUP_OWNER</string>
-    <string score="0">SE_GROUP_USE_FOR_DENY_ONLY</string>
-    <string score="0">SE_GROUP_INTEGRITY</string>
-    <string score="0">SE_GROUP_INTEGRITY_ENABLED</string>
-    <string score="0">SE_GROUP_LOGON_ID</string>
-    <string score="0">SE_GROUP_RESOURCE</string>
-    <string score="0">SE_GROUP_VALID_ATTRIBUTES</string>
-
-    <!-- DOT NET-->
-    <string score="0">RuntimeHelpers</string>
-    <string score="0">System.Security</string>
-    <string score="0">System.Runtime.CompilerServices</string>
-    <string score="0">System.Security.Cryptography</string>
-    <string score="0">System.Reflection</string>
-    <string score="0">System.Text.RegularExpressions</string>
-    <string score="0">System.Runtime.InteropServices</string>
-    <string score="0">System.Security.Principal</string>
-    <string score="0">System.Threading</string>
-    <string score="0">System.IO.Compression</string>
-    <string score="0">System.Net.Configuration</string>
-    <string score="0">System.Net.Sockets</string>
-    <string score="0">Microsoft.VisualBasic.CompilerServices</string>
-    <string score="0">Internet Explorer_Server</string>
-    <string score="0">vbscript</string>
-    <string score="0">javascript</string>
-    <string score="0">JavaScript</string>
-    <string score="0">execScript</string>
-    <string score="0">AutoRun</string>
-    <string score="0">HashSize</string>
-    <string score="0">Algorithm</string>
-    <string score="0">BlockSize</string>
-    <string score="0">CipherMode</string>
-    <string score="0">Twofish</string>
-    <string score="0">Wrong password</string>
-    <string score="0">Proxy-Connection:</string>
-    <string score="0">WWW-Authenticate:</string>
-    <string score="0">Proxy-authenticate:</string>
-    <string score="0">Content-Length:</string>
-    <string score="0">Connection:</string>
-    <string score="0">Transfer-Encoding:</string>
-    <string score="0">GOPHER</string>
-    <string score="0">Digest</string>
-    <string score="0">nonce</string>
-    <string score="0">stale</string>
-    <string score="0">realm</string>
-    <string score="0">opaque</string>
-    <string score="0">Referer:</string>
-    <string score="0">Range:</string>
-    <string score="0">ConfuserEx v0.1.0</string>
-    <string score="0">ConfuserEx v0.1.1</string>
-    <string score="0">ConfuserEx v0.1.2</string>
-    <string score="0">ConfuserEx v0.2.0</string>
-    <string score="0">ConfuserEx v0.2.1</string>
-    <string score="0">ConfuserEx v0.2.2</string>
-    <string score="0">ConfuserEx v0.2.3</string>
-    <string score="0">ConfuserEx v0.3.0</string>
-    <string score="0">ConfuserEx v0.4.0</string>
-    <string score="0">ConfuserEx v0.5.0</string>
-
-    <!-- Well-known (local) directories -->
-    <string score="0">AppData\Local</string>
-    <string score="0">AppData\Local\Microsoft\Windows\History</string>
-    <string score="0">AppData\Local\Microsoft\Windows\Temporary Internet Files</string>
-    <string score="0">AppData\Roaming</string>
-    <string score="0">AppData\Roaming\Microsoft\Windows\Cookies</string>
-    <string score="0">AppData\Roaming\Microsoft\Windows\Network Shortcuts</string>
-    <string score="0">AppData\Roaming\Microsoft\Windows\Printer Shortcuts</string>
-    <string score="0">AppData\Roaming\Microsoft\Windows\Recent</string>
-    <string score="0">AppData\Roaming\Microsoft\Windows\SendTo</string>
-    <string score="0">AppData\Roaming\Microsoft\Windows\Start Menu</string>
-    <string score="0">AppData\Roaming\Microsoft\Windows\Start Menu\Programs</string>
-    <string score="0">AppData\Roaming\Microsoft\Windows\Templates</string>
-    <string score="0">Microsoft\Windows\Start Menu</string>
-    <string score="0">Microsoft\Windows\Start Menu\Programs</string>
-    <string score="0">Microsoft\Windows\Templates</string>
-    <string score="0">Public\Desktop</string>
-    <string score="0">Public\Documents</string>
-    <string score="0">Public\Favorites</string>
-    <string score="0">Public\Music</string>
-    <string score="0">Public\Pictures</string>
-    <string score="0">Public\Videos</string>
-    <string score="0">System</string>
-    <string score="0">Videos</string>
-    <string score="0">Windows NT\Accessories</string>
-    <string score="0">Explorer\Shell Folders</string>
-
-    <!-- Borland -->
-    <string score="0">TCoreThread</string>
-    <string score="0">EObserver</string>
-    <string score="0">TStream</string>
-    <string score="0">TFiler</string>
-    <string score="0">TReaderH</string>
-    <string score="0">TWriter4</string>
-    <string score="0">TComponent</string>
-    <string score="0">TFPList</string>
-    <string score="0">TList</string>
-    <string score="0">TThreadList</string>
-    <string score="0">TPersistent</string>
-    <string score="0">TCollection</string>
-    <string score="0">TStrings</string>
-    <string score="0">TStringList</string>
-    <string score="0">TOwnerStream</string>
-    <string score="0">THandleStream</string>
-    <string score="0">TFileStream</string>
-    <string score="0">TCustomMemoryStream</string>
-    <string score="0">TRegExpr</string>
-    <string score="0">ERegExpr</string>
-
-    <!-- AutoIt -->
-    <string score="0">/AutoIt3ExecuteLine</string>
-    <string score="0">/AutoIt3ExecuteScript</string>
-    <string score="0">/AutoIt3OutputDebug</string>
-    <string score="0">AutoIt3GUI</string>
-    <string score="0">AutoIt v3</string>
-    <string score="0">AutoIt script files (*.au3 *.a3x)</string>
-    <string score="0">AutoIt</string>
-    <string score="0">AUTOIT SCRIPT</string>
-    <string score="0">AUTOIT NO CMDEXECUTE</string>
-    <string score="0">AutoIt3OutputDebug</string>
-    <string score="0">AutoIt3ExecuteScript</string>
-    <string score="0">AutoIt3ExecuteLine</string>
-    <string score="0">#NoAutoIt3Execute</string>
-    <string score="0">Software\AutoIt v3\AutoIt</string>
-    <string score="0">*.au3;*.a3x</string>
-    <string score="0">AutoIt Error</string>
-    <string score="0">AutoIt has detected the stack has become corrupt.</string>
-    <string score="0">CompiledScript</string>
-    <string score="0">AutoIt v3 Script: 3 3 8 1</string>
-    <string score="0">AutoIt v3 Script: 3 3 8 0</string>
-    <string score="0">AutoIt3</string>
-    <string score="0">AUTOITPID</string>
-    <string score="0">AUTOITEXE</string>
-    <string score="0">AUTOITVERSION</string>
-    <string score="0">AUTOITSETOPTION</string>
-    <string score="0">AUTOITWINGETTITLE</string>
-    <string score="0">AUTOITWINSETTITLE</string>
-    <string score="0">powershell</string>
-    <string score="0">bitsadmin</string>
-    <string score="0">bitstransfer</string>
-    <string score="0">certutil</string>
-    <string score="0">downloadstring</string>
-    <string score="0">webclient</string>
-    <string score="0">ADODB.Stream</string>
-    <string score="0">SaveToFile</string>
-    <string score="0">Microsoft.XMLHTTP</string>
-    <string score="0">WinHttpRequest</string>
-
-  </strings>
-
-  <powershells>
-    <!-- https://blogs.technet.microsoft.com/heyscriptingguy/2015/06/11/table-of-basic-powershell-commands/ -->
-    <powershell score="0">Add-Content</powershell>
-    <powershell score="0">Add-PSSnapIn</powershell>
-    <powershell score="0">AppData</powershell>
-    <powershell score="0">Clear-Content</powershell>
-    <powershell score="0">Clear-Host</powershell>
-    <powershell score="0">Clear-History</powershell>
-    <powershell score="0">Clear-Item</powershell>
-    <powershell score="0">Clear-ItemProperty</powershell>
-    <powershell score="0">Clear-Variable</powershell>
-    <powershell score="0">Compare-Object</powershell>
-    <powershell score="0">Connect-PSSession</powershell>
-    <powershell score="0">Copy-Item</powershell>
-    <powershell score="0">Copy-ItemProperty</powershell>
-    <powershell score="0">Convert-Path</powershell>
-    <powershell score="0">cmd</powershell>
-    <powershell score="0">Disable-PSBreakpoint</powershell>
-    <powershell score="0">Disconnect-PSSession</powershell>
-    <powershell score="0">Enable-PSBreakpoint</powershell>
-    <powershell score="0">Enter-PSSession</powershell>
-    <powershell score="0">Export-Alias</powershell>
-    <powershell score="0">Export-Csv</powershell>
-    <powershell score="0">Export-PSSession</powershell>
-    <powershell score="0">Exit-PSSession</powershell>
-    <powershell score="0">Format-Custom</powershell>
-    <powershell score="0">Format-List</powershell>
-    <powershell score="0">ForEach-Object</powershell>
-    <powershell score="0">Format-Table</powershell>
-    <powershell score="0">Format-Wide</powershell>
-    <powershell score="0">Get-Alias</powershell>
-    <powershell score="0">Get-Content</powershell>
-    <powershell score="0">Get-ChildItem</powershell>
-    <powershell score="0">Get-Command</powershell>
-    <powershell score="0">Get-History</powershell>
-    <powershell score="0">Get-Item</powershell>
-    <powershell score="0">Get-Job</powershell>
-    <powershell score="0">Get-Location</powershell>
-    <powershell score="0">Get-Member</powershell>
-    <powershell score="0">Get-Module</powershell>
-    <powershell score="0">Get-ItemProperty</powershell>
-    <powershell score="0">Get-Location</powershell>
-    <powershell score="0">Get-Process</powershell>
-    <powershell score="0">Get-PSBreakpoint</powershell>
-    <powershell score="0">Get-PSCallStack</powershell>
-    <powershell score="0">Get-PSDrive</powershell>
-    <powershell score="0">Get-PSSession</powershell>
-    <powershell score="0">Get-PSSnapIn</powershell>
-    <powershell score="0">Get-Service</powershell>
-    <powershell score="0">Get-Unique</powershell>
-    <powershell score="0">Get-Variable</powershell>
-    <powershell score="0">Get-WmiObject</powershell>
-    <powershell score="0">Group-Object</powershell>
-    <powershell score="0">Import-Alias</powershell>
-    <powershell score="0">Import-Csv</powershell>
-    <powershell score="0">Import-Module</powershell>
-    <powershell score="0">Import-PSSession</powershell>
-    <powershell score="0">Invoke-Command</powershell>
-    <powershell score="0">Invoke-Expression</powershell>
-    <powershell score="0">Invoke-History</powershell>
-    <powershell score="0">Invoke-Item</powershell>
-    <powershell score="0">Invoke-RestMethod</powershell>
-    <powershell score="0">Invoke-WebRequest</powershell>
-    <powershell score="0">Invoke-WMIMethod</powershell>
-    <powershell score="0">Measure-Object</powershell>
-    <powershell score="0">Move-Item</powershell>
-    <powershell score="0">Move-ItemProperty</powershell>
-    <powershell score="0">New-Alias</powershell>
-    <powershell score="0">New-Item</powershell>
-    <powershell score="0">New-Module</powershell>
-    <powershell score="0">New-PSDrive</powershell>
-    <powershell score="0">New-PSSession</powershell>
-    <powershell score="0">New-PSSessionConfigurationFile</powershell>
-    <powershell score="0">New-Variable</powershell>
-    <powershell score="0">New-Object</powershell>
-    <powershell score="0">Out-GridView</powershell>
-    <powershell score="0">Out-Host</powershell>
-    <powershell score="0">Out-Printer</powershell>
-    <powershell score="0">Pop-Location</powershell>
-    <powershell score="0">Push-Location</powershell>
-    <powershell score="0">Receive-Job</powershell>
-    <powershell score="0">Receive-PSSession</powershell>
-    <powershell score="0">Remove-Job</powershell>
-    <powershell score="0">Remove-Item</powershell>
-    <powershell score="0">Remove-ItemProperty</powershell>
-    <powershell score="0">Remove-Module</powershell>
-    <powershell score="0">Remove-PSBreakpoint</powershell>
-    <powershell score="0">Remove-PSDrive</powershell>
-    <powershell score="0">Remove-PSSession</powershell>
-    <powershell score="0">Remove-PSSnapin</powershell>
-    <powershell score="0">Remove-Variable</powershell>
-    <powershell score="0">Remove-WMIObject</powershell>
-    <powershell score="0">Rename-Item</powershell>
-    <powershell score="0">Rename-ItemProperty</powershell>
-    <powershell score="0">Resolve-Path</powershell>
-    <powershell score="0">Resume-Job</powershell>
-    <powershell score="0">Select-Object</powershell>
-    <powershell score="0">Set-Alias</powershell>
-    <powershell score="0">Set-Content</powershell>
-    <powershell score="0">Set-Item</powershell>
-    <powershell score="0">Set-Location</powershell>
-    <powershell score="0">Set-PSBreakpoint</powershell>
-    <powershell score="0">Set-Variable</powershell>
-    <powershell score="0">Shell</powershell>
-    <powershell score="0">Show-Command</powershell>
-    <powershell score="0">Start-Job</powershell>
-    <powershell score="0">Start-Process</powershell>
-    <powershell score="0">Start-Service</powershell>
-    <powershell score="0">Stop-Process</powershell>
-    <powershell score="0">Where-Object</powershell>
-    <powershell score="0">Write-Output</powershell>
-
-  </powershells>
-</xml>
-