Gen:Variant.Symmi.45193 (B) (Emsisoft), Gen:Variant.Symmi.45193 (AdAware), Trojan.Win32.BHO.FD, GenericEmailWorm.YR (Lavasoft MAS)Behaviour: Trojan, Worm, EmailWorm
The description has been automatically generated by Lavasoft Malware Analysis System and it may contain incomplete or inaccurate information.
Summary
MD5: 1cced3bedb67aa3f0c25c29b3ee548cc
SHA1: ff4be4534e7aebb781c8321442fc77e15311aaab
SHA256: ae70cdc9ff5eed54795b884da3de4de70a2343ffd67e0e26a9f97b8fc6f57b78
SSDeep: 49152:YnVvmL/kK/vnuX0iky0a9sNJrDuiJbfBk9O2:Ye/9ik95GUBu
Size: 1748277 bytes
File type: EXE
Platform: WIN32
Entropy: Not Packed
PEID: MicrosoftVisualCv71EXE, MicrosoftVisualCv70, UPolyXv05_v6
Company: no certificate found
Created at: 2007-03-19 09:14:11
Analyzed on: WindowsXP SP3 32-bit
Summary: Trojan. A program that appears to do one thing but actually does another (a.k.a. Trojan Horse).
Dynamic Analysis
Payload
Behaviour | Description |
---|---|
EmailWorm | Worm can send e-mails. |
Process activity
The Trojan creates the following process(es):No processes have been created.The Trojan injects its code into the following process(es):
%original file name%.exe:464
Mutexes
The following mutexes were created/opened:No objects were found.
File activity
The process %original file name%.exe:464 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\crossdomain[1].xml (1472 bytes)
%Documents and Settings%\%current user%\Local Settings\History\History.IE5\desktop.ini (159 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\crossdomain[1].xml (11 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\{3550C75F-CFFD-4222-B875-0B0B1FE28513}\_extra\wheeeee.swf (69236 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\desktop.ini (67 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\crossdomain[1].xml (0 bytes)
Registry activity
The process %original file name%.exe:464 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65452"
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache4"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "3C 00 00 00 1B 00 00 00 01 00 00 00 00 00 00 00"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"
[HKLM\System\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache2"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"
[HKCU\Software\BRiGHTSTAR\Untitled\V1.0\Settings]
"Options" = "31 00 00 00 46 00 6F 00 73 00 74 00 65 00 72 00"
"crc" = "20 4B 34 C2 47 31 15 25 0C E6 C1 E0 35 C2 55 4C"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65452"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65452"
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "87 BB 5C 92 94 2B 99 85 F7 8A 6D 62 05 FB 30 03"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache1"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65452"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"MigrateProxy" = "1"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache3"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"
The Trojan modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"
The Trojan modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:
"ProxyBypass" = "1"
Proxy settings are disabled:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"
The Trojan modifies IE settings for security zones to map all urls to the Intranet Zone:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"
The Trojan deletes the following value(s) in system registry:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"
"ProxyServer"
"ProxyOverride"
Dropped PE files
There are no dropped PE files.
HOSTS file anomalies
No changes have been detected.
Rootkit activity
No anomalies have been detected.
Propagation
Removals
Remove it with Ad-Aware
- Click (here) to download and install Ad-Aware Free Antivirus.
- Update the definition files.
- Run a full scan of your computer.
Manual removal*
- Terminate malicious process(es) (How to End a Process With the Task Manager):No processes have been created.
- Delete the original Trojan file.
- Delete or disinfect the following files created/modified by the Trojan:
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\crossdomain[1].xml (1472 bytes)
%Documents and Settings%\%current user%\Local Settings\History\History.IE5\desktop.ini (159 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\crossdomain[1].xml (11 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\{3550C75F-CFFD-4222-B875-0B0B1FE28513}\_extra\wheeeee.swf (69236 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\desktop.ini (67 bytes) - Clean the Temporary Internet Files folder, which may contain infected files (How to clean Temporary Internet Files folder).
- Reboot the computer.
Static Analysis
VersionInfo
Company Name: BRiGHTSTAR
Product Name: HD Player
Product Version: 1.0
Legal Copyright:
Legal Trademarks:
Original Filename: Untitled.exe
Internal Name: Untitled
File Version: 1.0
File Description:
Comments:
Language: Russian (Russia)
Company Name: BRiGHTSTARProduct Name: HD Player Product Version: 1.0 Legal Copyright: Legal Trademarks: Original Filename: Untitled.exeInternal Name: UntitledFile Version: 1.0 File Description: Comments: Language: Russian (Russia)
PE Sections
Name | Virtual Address | Virtual Size | Raw Size | Entropy | Section MD5 |
---|---|---|---|---|---|
.text | 4096 | 757138 | 757760 | 4.62074 | 0c7c21bdcb0f9fbcaaff99a35fdd1ab0 |
.rdata | 761856 | 157774 | 159744 | 3.8446 | 86b146131f2b9dbb4ba44d8e74bd4ce5 |
.data | 921600 | 59268 | 24576 | 2.88194 | 8b1015905deab19b04b0e25c3f2370fe |
.rsrc | 983040 | 120288 | 122880 | 3.55226 | c7e020c18441a0b29a0ebe5b7485514b |
.!rdata | 1105920 | 135168 | 135168 | 0.29214 | 7ea6b83e1da96949817025ff711cabc7 |
Dropped from:
Downloaded by:
Similar by SSDeep:
Similar by Lavasoft Polymorphic Checker:
Network Activity
URLs
URL | IP |
---|---|
hxxp://cartoonnetwork.com/crossdomain.xml | |
hxxp://www.cartoonnetwork.com/crossdomain.xml | 157.166.239.102 |
IDS verdicts (Suricata alerts: Emerging Threats ET ruleset)
Traffic
GET /crossdomain.xml HTTP/1.1
Accept: */*
Accept-Language: en-US
x-flash-version: 11,6,602,168
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: VVV.cartoonnetwork.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 17 Jun 2015 08:38:03 GMT
Content-Type: application/xml
Transfer-Encoding: chunked
Connection: close
Vary: Accept-Encoding
Set-Cookie: CG=UA:07:Kharkov; path=/
Last-Modified: Tue, 22 Jul 2014 15:44:53 GMT
Cache-Control: max-age=600
Expires: Wed, 17 Jun 2015 08:40:44 GMT
X-Cache-Status: HIT
Content-Encoding: gzip
5c0..............Ms.6.....Pu..);n..c;.6.N;.\r.@.BL.4.Jv.}..(...v.(...>.`....O/y6..SJ..........._........<.F.e...I..:..u.........7..w..n..s..s.H.s./..2.I...c.c..._..~.gY.w.3...\..F...p0Z.b.w.a..93Vk...i......).=...WF<.., .|I3n ....Fy....NY....jp.r.....T\....c..I=...3..C..5#...8...2.=)......_...z..43....0...EZ>. .J.[.g..%1.Z?l..D.I...D../....I{Q..]p..8..9X..R..i2....f..8.......g....e.5.^*> a.........v..z\G.z."....r.o.U.7..5.p....A...d....M-f..CT.yR...D"^7d..clwD"V....?:.#......q(........D...%Uf....I@.'Y.(.Nu..1...c.Z...#...i...R4.....;.U...F......eL........C.|.... ......Em.a`.....z.p.[.p..u8..A."..C."T...`HA,...!p....Z....Y...F.(.Y9B..!......!.R.... .C."`....G./..!..Y.....]=..G..C[.....B....K....,8.....).'b..Px8Exr{....Qd.B....b*..p..<q~...'!.!...1.........m......<K.q0..y..b%m.H.p.Det../]..D$...x..-.0..].. ..6...O@..m...#.. ..{)j.h...<..'....*.\..9...V...[Z....,.aw..M.h..&....)..j,,.-.Dj........:)a..e.....A\.L.Y...8..=...E.T i3.C.%.O...me..Z......|.2..nh.<.4.......K..A../ ..t..d..h]...`......... .........E....<...l..j.\.3..........O...,.i..............T?rVZa.V......B.......)q\...u ...PAE.C..3. T[n......n......C..).....$W.N.B[...Q...*z.A.@6 ..f........U.>...3p=.....n...m...S..>...S.|.j.v......>.,....$....)K.h(..f...#......\........vE..<n..G.[U\7..........^.4..ln^. ......q7..%.V..dD"J....S.....%.m..D...dk..H$.p.....U......K.L.#.F...2R..Yb!{"...$y..2N`Zsx..Gx.P ..1Z..s.(.....(..2.. `.....2.......4...%5 .?./"..1o.....qz...v....N..:.#W.'.n....<... 1...:. y......0..
<<< skipped >>>
Map
The Trojan connects to the servers at the folowing location(s):
Strings from Dumps
%original file name%.exe_464:
.text
.text
.rdata
.rdata
.data
.data
.rsrc
.rsrc
u2SSShY
u2SSShY
1SSShY
1SSShY
uDPW
uDPW
SSSSSh
SSSSSh
.PWuF
.PWuF
YYu.VW
YYu.VW
%uWVW
%uWVW
}`uk9U@t%9U(ua9U@t
}`uk9U@t%9U(ua9U@t
.QPWR
.QPWR
.tgPV
.tgPV
FTPjK
FTPjK
FtPj;
FtPj;
C.PjRVj
C.PjRVj
u.VV3
u.VV3
.SSSSSSh|
.SSSSSSh|
HHCTRL.OCX
HHCTRL.OCX
\\.\REGMON
\\.\REGMON
\\.\REGVXD
\\.\REGVXD
1.1.3
1.1.3
SWFKit.BK
SWFKit.BK
kernel32.dll
kernel32.dll
shlwapi.dll
shlwapi.dll
comctl32.dll
comctl32.dll
------%s will be expired on d-d-d------
------%s will be expired on d-d-d------
------%s will be expired after %d days after installed!------
------%s will be expired after %d days after installed!------
f%d_%s
f%d_%s
function f%d_%s() { return _call('%s', arguments);}
function f%d_%s() { return _call('%s', arguments);}
comdlg32.dll
comdlg32.dll
urlmon.dll
urlmon.dll
user32.dll
user32.dll
%sX%d.cab
%sX%d.cab
"%s" /Q /S
"%s" /Q /S
%sX%d.tmp
%sX%d.tmp
Failed to initialize the WIndows Socket!
Failed to initialize the WIndows Socket!
%d%% Free
%d%% Free
Physical memory available to Windows:
Physical memory available to Windows:
%d KB
%d KB
0xX
0xX
SCRNSAVE.EXE
SCRNSAVE.EXE
SYSTEM.INI
SYSTEM.INI
hXXp://VVV.swfbuddy.com
hXXp://VVV.swfbuddy.com
TOPURL
TOPURL
.main
.main
%s\DefaultIcon
%s\DefaultIcon
%s\shell\open\%s
%s\shell\open\%s
windowShape
windowShape
$EKHOTKEY
$EKHOTKEY
$KPDISABLEWINDOWKEYS
$KPDISABLEWINDOWKEYS
hotKey
hotKey
exitKeys
exitKeys
keyPress
keyPress
expiryMsg
expiryMsg
windowSize
windowSize
cmdItems
cmdItems
cmdLine
cmdLine
join
join
%s.%s
%s.%s
%s.%d
%s.%d
msgBox
msgBox
winio.sys
winio.sys
\\.\PhysicalDrive%d
\\.\PhysicalDrive%d
\\.\Scsi%d:
\\.\Scsi%d:
FtpGetFileSize
FtpGetFileSize
FtpRenameFileA
FtpRenameFileA
FtpDeleteFileA
FtpDeleteFileA
FtpRemoveDirectoryA
FtpRemoveDirectoryA
FtpCreateDirectoryA
FtpCreateDirectoryA
FtpSetCurrentDirectoryA
FtpSetCurrentDirectoryA
FtpGetCurrentDirectoryA
FtpGetCurrentDirectoryA
FtpOpenFileA
FtpOpenFileA
FtpFindFirstFileA
FtpFindFirstFileA
wininet.dll
wininet.dll
Mozilla/4.0 (compatible; MSIE 5.00; Windows 98)
Mozilla/4.0 (compatible; MSIE 5.00; Windows 98)
_InetFtp_
_InetFtp_
@F_%u
@F_%u
VVV.swfkit.com
VVV.swfkit.com
onGetUrl
onGetUrl
openFtp
openFtp
getHttpFileHeader
getHttpFileHeader
getHttpFileStatus
getHttpFileStatus
getHttpFileLastModifiedTime
getHttpFileLastModifiedTime
getHttpFileSize
getHttpFileSize
getUrl
getUrl
_FFish_MCI_%d
_FFish_MCI_%d
errorMsg
errorMsg
sendCmdString
sendCmdString
OK %d %s
OK %d %s
%d %s
%d %s
UIDL %d
UIDL %d
TOP %d %d
TOP %d %d
RETR %d
RETR %d
OK %d %d
OK %d %d
%d %d
%d %d
LIST %d
LIST %d
DELE %d
DELE %d
password
password
port
port
RegKey
RegKey
key not found
key not found
deleteKey
deleteKey
getSubkeyNames
getSubkeyNames
\StringFileInfo\X\SpecialBuild
\StringFileInfo\X\SpecialBuild
\StringFileInfo\X\productVersion
\StringFileInfo\X\productVersion
\StringFileInfo\X\ProductName
\StringFileInfo\X\ProductName
\StringFileInfo\X\PrivateBuild
\StringFileInfo\X\PrivateBuild
\StringFileInfo\X\OriginalFilename
\StringFileInfo\X\OriginalFilename
\StringFileInfo\X\LegalTrademarks
\StringFileInfo\X\LegalTrademarks
\StringFileInfo\X\LegalCopyright
\StringFileInfo\X\LegalCopyright
\StringFileInfo\X\InternalName
\StringFileInfo\X\InternalName
\StringFileInfo\X\FileVersion
\StringFileInfo\X\FileVersion
\StringFileInfo\X\FileDescription
\StringFileInfo\X\FileDescription
\StringFileInfo\X\CompanyName
\StringFileInfo\X\CompanyName
\StringFileInfo\X\Comments
\StringFileInfo\X\Comments
Shell32.dll
Shell32.dll
software\microsoft\windows\currentversion
software\microsoft\windows\currentversion
windows
windows
findExecutable
findExecutable
windowStyle
windowStyle
URLShortcut
URLShortcut
> %d.d.d
> %d.d.d
Windows 32s
Windows 32s
Windows 95
Windows 95
Windows ME
Windows ME
Windows 98
Windows 98
Windows NT
Windows NT
Windows 2000
Windows 2000
Windows XP
Windows XP
getWindowsByName
getWindowsByName
windowState
windowState
getExeName
getExeName
processMsg
processMsg
- deflate 1.1.3 Copyright 1995-1998 Jean-loup Gailly
- deflate 1.1.3 Copyright 1995-1998 Jean-loup Gailly
HttpQueryInfoA
HttpQueryInfoA
HttpSendRequestA
HttpSendRequestA
HttpOpenRequestA
HttpOpenRequestA
InternetCrackUrlA
InternetCrackUrlA
InternetOpenUrlA
InternetOpenUrlA
InternetCanonicalizeUrlA
InternetCanonicalizeUrlA
illegal character '%s%c%c'
illegal character '%s%c%c'
illegal unicode character '%s%c%c%c%c'
illegal unicode character '%s%c%c%c%c'
unterminated %s constant
unterminated %s constant
unknown escape sequence '%c%c'
unknown escape sequence '%c%c'
ECMAScript don't allow line terminators in %s constants
ECMAScript don't allow line terminators in %s constants
syntax error: %s
syntax error: %s
invalid alias name of the imported function
invalid alias name of the imported function
inflate 1.1.3 Copyright 1995-1998 Mark Adler
inflate 1.1.3 Copyright 1995-1998 Mark Adler
dllimport
dllimport
import
import
export
export
?456789:;
?456789:;
!"#$%&'()* ,-./0123
!"#$%&'()* ,-./0123
attachment %d
attachment %d
====_SWFKIT_MAIL_PART_%X.%X.%X_====
====_SWFKIT_MAIL_PART_%X.%X.%X_====
Content-Transfer-Encoding: %s
Content-Transfer-Encoding: %s
Content-Type: %s; charset="%s"
Content-Type: %s; charset="%s"
Content-Type: %s; name="%s"
Content-Type: %s; name="%s"
Content-Disposition: attachment; filename="%s"
Content-Disposition: attachment; filename="%s"
Content-ID:
Content-ID:
--%s--
--%s--
boundary="%s"
boundary="%s"
X-Priority: %d
X-Priority: %d
X-Mailer: SWFKit.FFish
X-Mailer: SWFKit.FFish
Date: %s
Date: %s
Subject: =?%s?B?
Subject: =?%s?B?
Bcc: %s
Bcc: %s
Cc: %s
Cc: %s
Reply-To: %s
Reply-To: %s
To: %s
To: %s
From: %s
From: %s
boundary="%s";
boundary="%s";
login
login
AUTH PLAIN %s
AUTH PLAIN %s
AUTH LOGIN
AUTH LOGIN
%s %s
%s %s
MAIL FROM:
MAIL FROM:
HELO %s
HELO %s
EHLO %s
EHLO %s
can't connect to the smtp server
can't connect to the smtp server
PASS %s
PASS %s
USER %s
USER %s
@F_%d
@F_%d
Reply from %d.%d.%d.%d: bytes=%d time=%dms TTL=%d
Reply from %d.%d.%d.%d: bytes=%d time=%dms TTL=%d
Unkown host %s
Unkown host %s
ICMP.DLL
ICMP.DLL
Reply from %s: bytes=%d time=%dms TTL=%d icmp_seq=%u
Reply from %s: bytes=%d time=%dms TTL=%d icmp_seq=%u
Pinging %s [%s]: with %d bytes of data:
Pinging %s [%s]: with %d bytes of data:
.yMax
.yMax
.xMax
.xMax
.yMin
.yMin
.xMin
.xMin
inetmib1.dll
inetmib1.dll
SYSTEM\CurrentControlSet\Services\VxD\MSTCP
SYSTEM\CurrentControlSet\Services\VxD\MSTCP
SYSTEM\CurrentControlSet\Services\Tcpip\parameters
SYSTEM\CurrentControlSet\Services\Tcpip\parameters
SYSTEM\CurrentControlSet\Services\Tcpip\parameters\Transient
SYSTEM\CurrentControlSet\Services\Tcpip\parameters\Transient
Runtime error: %s
Runtime error: %s
Warning: unknown method "%s"
Warning: unknown method "%s"
Warning: invalid index for operator []
Warning: invalid index for operator []
hook break %d
hook break %d
Warning: can't set property "%s" with a wrong type
Warning: can't set property "%s" with a wrong type
Warning: using undefined property "%s"
Warning: using undefined property "%s"
Warning: using undefined variable "%s"
Warning: using undefined variable "%s"
CNotSupportedException
CNotSupportedException
COMCTL32.DLL
COMCTL32.DLL
Afx:%p:%x:%p:%p:%p
Afx:%p:%x:%p:%p:%p
Afx:%p:%x
Afx:%p:%x
hhctrl.ocx
hhctrl.ocx
commctrl_DragListMsg
commctrl_DragListMsg
CCmdTarget
CCmdTarget
CHotKeyCtrl
CHotKeyCtrl
msctls_hotkey32
msctls_hotkey32
{X-X-X-XX-XXXXXX}
{X-X-X-XX-XXXXXX}
MSWHEEL_ROLLMSG
MSWHEEL_ROLLMSG
File%d
File%d
ntdll.dll
ntdll.dll
Software\Microsoft\Windows\CurrentVersion\Policies\Comdlg32
Software\Microsoft\Windows\CurrentVersion\Policies\Comdlg32
Software\Microsoft\Windows\CurrentVersion\Policies\Network
Software\Microsoft\Windows\CurrentVersion\Policies\Network
Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
%s.dll
%s.dll
CMDIChildWnd
CMDIChildWnd
CMDIFrameWnd
CMDIFrameWnd
oleaut32.dll
oleaut32.dll
olepro32.dll
olepro32.dll
ole32.dll
ole32.dll
mscoree.dll
mscoree.dll
?#%X.y
?#%X.y
Please contact the application's support team for more information.
Please contact the application's support team for more information.
internal state. The program cannot safely continue execution and must
internal state. The program cannot safely continue execution and must
continue execution and must now be terminated.
continue execution and must now be terminated.
portuguese-brazilian
portuguese-brazilian
0123456789
0123456789
right-curly-bracket
right-curly-bracket
left-curly-bracket
left-curly-bracket
OLEAUT32.dll
OLEAUT32.dll
OLEACC.dll
OLEACC.dll
WINMM.dll
WINMM.dll
WSOCK32.dll
WSOCK32.dll
VERSION.dll
VERSION.dll
GetWindowsDirectoryA
GetWindowsDirectoryA
CreatePipe
CreatePipe
GetProcessHeaps
GetProcessHeaps
GetCPInfo
GetCPInfo
KERNEL32.dll
KERNEL32.dll
UnhookWindowsHookEx
UnhookWindowsHookEx
SetWindowsHookExA
SetWindowsHookExA
GetKeyState
GetKeyState
GetKeyNameTextA
GetKeyNameTextA
MapVirtualKeyA
MapVirtualKeyA
EnumThreadWindows
EnumThreadWindows
ExitWindowsEx
ExitWindowsEx
EnumWindows
EnumWindows
EnumChildWindows
EnumChildWindows
CreateDialogIndirectParamA
CreateDialogIndirectParamA
USER32.dll
USER32.dll
GetViewportExtEx
GetViewportExtEx
SetViewportOrgEx
SetViewportOrgEx
OffsetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
SetViewportExtEx
ScaleViewportExtEx
ScaleViewportExtEx
GDI32.dll
GDI32.dll
WINSPOOL.DRV
WINSPOOL.DRV
RegCloseKey
RegCloseKey
RegCreateKeyExA
RegCreateKeyExA
RegOpenKeyExA
RegOpenKeyExA
RegOpenKeyA
RegOpenKeyA
RegEnumKeyExA
RegEnumKeyExA
RegQueryInfoKeyA
RegQueryInfoKeyA
RegDeleteKeyA
RegDeleteKeyA
RegEnumKeyA
RegEnumKeyA
RegCreateKeyA
RegCreateKeyA
ADVAPI32.dll
ADVAPI32.dll
ShellExecuteA
ShellExecuteA
FindExecutableA
FindExecutableA
SHELL32.dll
SHELL32.dll
COMCTL32.dll
COMCTL32.dll
SHLWAPI.dll
SHLWAPI.dll
oledlg.dll
oledlg.dll
.PAVCFileException@@
.PAVCFileException@@
.PAVCObject@@
.PAVCObject@@
.PAVCException@@
.PAVCException@@
.PAVCTopBaseException@@
.PAVCTopBaseException@@
.PAVCZipException@@
.PAVCZipException@@
This executable file was created by an UNREGISTERED copy of SWFKit!
This executable file was created by an UNREGISTERED copy of SWFKit!
.PAVCOleException@@
.PAVCOleException@@
.PAVCSimpleException@@
.PAVCSimpleException@@
.PAVCMemoryException@@
.PAVCMemoryException@@
.PAVCNotSupportedException@@
.PAVCNotSupportedException@@
.?AVCNotSupportedException@@
.?AVCNotSupportedException@@
.?AVCCmdTarget@@
.?AVCCmdTarget@@
.?AVCCmdUI@@
.?AVCCmdUI@@
.?AVCTestCmdUI@@
.?AVCTestCmdUI@@
.PAVCUserException@@
.PAVCUserException@@
.?AVCHotKeyCtrl@@
.?AVCHotKeyCtrl@@
.PAVCArchiveException@@
.PAVCArchiveException@@
.PAVCResourceException@@
.PAVCResourceException@@
.?AVCMDIFrameWnd@@
.?AVCMDIFrameWnd@@
.?AVCMDIChildWnd@@
.?AVCMDIChildWnd@@
.PAVCOleDispatchException@@
.PAVCOleDispatchException@@
zcÃ
zcÃ
c:\documents and settings\"%CurrentUserName%"\local settings\temporary internet files
c:\documents and settings\"%CurrentUserName%"\local settings\temporary internet files
wheeeee.swf
wheeeee.swf
c:\%original file name%.exe
c:\%original file name%.exe
%S
%S
stdole2.tlbWWW
stdole2.tlbWWW
bstrMsgW
bstrMsgW
Created by MIDL version 6.00.0347 at Fri Mar 16 15:27:07 2007
Created by MIDL version 6.00.0347 at Fri Mar 16 15:27:07 2007
%d
%d
%s
%s
%s:%s. See also: %s.
%s:%s. See also: %s.
%s %s d d:d:d GMT% 04d %s%sd B.C.
%s %s d d:d:d GMT% 04d %s%sd B.C.
%s %s d d:d:d GMT% 04d %s%sd
%s %s d d:d:d GMT% 04d %s%sd
%s, d %s d d:d:d GMT B.C.
%s, d %s d d:d:d GMT B.C.
%s, d %s d d:d:d GMT
%s, d %s d d:d:d GMT
x%s.%s
x%s.%s
%s.length
%s.length
[object Inet.Ftp]
[object Inet.Ftp]
[object RegKey]
[object RegKey]
d[object URLShortcut]
d[object URLShortcut]
%s
%s
%s
%s
%s
%s
%s
%s
%s
%s
%s
%s
%s
%s
%s
%s
%s
%s
%s
%s
%s
%s
;/?:@&= $,#
;/?:@&= $,#
accKeyboardShortcut
accKeyboardShortcut
SUPPORT
SUPPORT
Key Press
Key Press
Disable Windows keys
Disable Windows keys
Exit Keys
Exit Keys
HotKey1
HotKey1
Custom Hot Key
Custom Hot Key
%s Registration
%s Registration
Please enter your name, a serial number and a registration code to register %s.
Please enter your name, a serial number and a registration code to register %s.
Enter the World Wide Web location (URL) or specify the local file you would like to open.
Enter the World Wide Web location (URL) or specify the local file you would like to open.
WEBSITE
WEBSITE
Port :
Port :
Prj.Document
Prj.Document
Invalid projector window size!Invalid projector window position5Flash (*.swf,*.spl)|*.swf;*.spl|All Files (*.*)|*.*||
Invalid projector window size!Invalid projector window position5Flash (*.swf,*.spl)|*.swf;*.spl|All Files (*.*)|*.*||
%s has expired!D%s
%s has expired!D%s
Press Register button to register %s, press OK button to exit.
Press Register button to register %s, press OK button to exit.
'This copy of program is licensed to: %s
'This copy of program is licensed to: %s
Serial Number: %s
Serial Number: %s
Replace%Select the entire document
Replace%Select the entire document
All Files (*.*)
All Files (*.*)
No error message is available.'An unsupported operation was attempted.$A required resource was unavailable.
No error message is available.'An unsupported operation was attempted.$A required resource was unavailable.
Page %u
Page %u
Pages %u-%u
Pages %u-%u
Output.prn1Printer Files (*.prn)|*.prn|All Files (*.*)|*.*||
Output.prn1Printer Files (*.prn)|*.prn|All Files (*.*)|*.*||
Command failed.)Insufficient memory to perform operation.PSystem registry entries have been removed and the INI file (if any) was deleted.BNot all of the system registry entries (or INI file) were removed.FThis program requires the file %s, which was not found on this system.tThis program is linked to the missing export %s in the file %s. This machine may have an incompatible version of %s.
Command failed.)Insufficient memory to perform operation.PSystem registry entries have been removed and the INI file (if any) was deleted.BNot all of the system registry entries (or INI file) were removed.FThis program requires the file %s, which was not found on this system.tThis program is linked to the missing export %s in the file %s. This machine may have an incompatible version of %s.
Destination disk drive is full.5Unable to read from %1, it is opened by someone else.AUnable to write to %1, it is read-only or opened by someone else..An unexpected error occurred while reading %1..An unexpected error occurred while writing %1.
Destination disk drive is full.5Unable to read from %1, it is opened by someone else.AUnable to write to %1, it is read-only or opened by someone else..An unexpected error occurred while reading %1..An unexpected error occurred while writing %1.
#Unable to load mail system support.
#Unable to load mail system support.
Access to %1 was denied..An invalid file handle was associated with %1.
Access to %1 was denied..An invalid file handle was associated with %1.
Seek failed on A hardware I/O error was reported while accessing %1.0A sharing violation occurred while accessing %1.0A locking violation occurred while accessing %1.
Seek failed on A hardware I/O error was reported while accessing %1.0A sharing violation occurred while accessing %1.0A locking violation occurred while accessing %1.
Disk full while accessing %1..An attempt was made to access %1 past its end.
Disk full while accessing %1..An attempt was made to access %1 past its end.
No error occurred.-An unknown error occurred while accessing %1./An attempt was made to write to the reading %1..An attempt was made to access %1 past its end.0An attempt was made to read from the writing %1.
No error occurred.-An unknown error occurred while accessing %1./An attempt was made to write to the reading %1..An attempt was made to access %1 past its end.0An attempt was made to read from the writing %1.
Untitled.exe
Untitled.exe