HEUR:Trojan.Win32.Generic (Kaspersky), Trojan.GenericKD.2306985 (B) (Emsisoft), Trojan.GenericKD.2306985 (AdAware), Trojan.Win32.Delphi.FD, Trojan.Win32.Sasfis.FD, VirTool.Win32.DelfInject.FD, BankerGeneric.YR (Lavasoft MAS)Behaviour: Banker, Trojan, VirTool
The description has been automatically generated by Lavasoft Malware Analysis System and it may contain incomplete or inaccurate information.
Summary
MD5: 32729f403fec598fd447cc1459d6fc77
SHA1: b106b04bfd20549af2f6f37c153ebe12be73396a
SHA256: 225ec10e4f7527cf6fb447e0e0fc2206de732c932e0a09b92dd54287eb2cb632
SSDeep: 49152:53ratU0lWmeeXl2r f8A2c8Xo jPDxvjBCNlhEgrq mGiXB/xBaN1KVkezFLc:57h0lWg8Cj2c03iGD YTBajKVk2L
Size: 3203072 bytes
File type: EXE
Platform: WIN32
Entropy: Packed
PEID: MicrosoftVisualC, Armadillov183, MicrosoftVisualCv50v60MFC, MicrosoftVisualC50, Armadillov171, UPolyXv05_v6
Company: no certificate found
Created at: 2000-08-05 19:19:37
Analyzed on: WindowsXP SP3 32-bit
Summary: Trojan. A program that appears to do one thing but actually does another (a.k.a. Trojan Horse).
Dynamic Analysis
Payload
No specific payload has been found.
Process activity
The Trojan creates the following process(es):
%original file name%.exe:1648
schtasks.exe:260
The Trojan injects its code into the following process(es):
32729f403fec598fd447cc1459d6fc77.TMP0:1804
Mutexes
The following mutexes were created/opened:No objects were found.
File activity
The process %original file name%.exe:1648 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\ArmD.tmp (89 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\D8A4DF39.TMP (16 bytes)
C:\32729f403fec598fd447cc1459d6fc77.TMP0 (177115 bytes)
The process schtasks.exe:260 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%WinDir%\Tasks\startt.job (188 bytes)
The process 32729f403fec598fd447cc1459d6fc77.TMP0:1804 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\All Users\Start Menu\Programs\Startup\Wapp.exe (154878 bytes)
C:\autoexec.bat (1144 bytes)
The Trojan deletes the following file(s):
C:\AUTOEXEC.BAT (0 bytes)
Registry activity
The process %original file name%.exe:1648 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "89 46 6C C8 34 35 94 49 22 9D A4 98 4D B9 46 9A"
[HKCR\CLSID\{756DBD7B-C816-11D1-B2E4-0060975B8649}\TypeLib]
"(Default)" = "{D14EBB90-D27E-600C-1B5A-3A4AFBE2663A}"
[HKLM\SOFTWARE\The Silicon Realms Toolworks\Armadillo]
"{D8A4DF3904936BDC}" = "04 3C 2B 09 0A 5B 21 2F 21 EE E2 B0 03 CE 66 5C"
The process schtasks.exe:260 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "37 7E 04 2D E4 42 3E CB F0 19 78 03 DE 80 25 ED"
The process 32729f403fec598fd447cc1459d6fc77.TMP0:1804 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "F6 98 1E D0 F8 E0 17 01 4E A8 65 8C 2F B8 B8 95"
To automatically run itself each time Windows is booted, the Trojan adds the following link to its file to the system registry autorun key:
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Wapp" = "C:\Arquivos de programas\Wapp.exe"
Dropped PE files
MD5 | File path |
---|---|
292af900df60851749ca9c1b290792ad | c:\32729f403fec598fd447cc1459d6fc77.TMP0 |
292af900df60851749ca9c1b290792ad | c:\Documents and Settings\All Users\Start Menu\Programs\Startup\Wapp.exe |
cdf9f21934221a77a7d3903378101f9b | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\ArmD.tmp |
HOSTS file anomalies
No changes have been detected.
Rootkit activity
No anomalies have been detected.
Propagation
Removals
Remove it with Ad-Aware
- Click (here) to download and install Ad-Aware Free Antivirus.
- Update the definition files.
- Run a full scan of your computer.
Manual removal*
- Terminate malicious process(es) (How to End a Process With the Task Manager):
%original file name%.exe:1648
schtasks.exe:260 - Delete the original Trojan file.
- Delete or disinfect the following files created/modified by the Trojan:
%Documents and Settings%\%current user%\Local Settings\Temp\ArmD.tmp (89 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\D8A4DF39.TMP (16 bytes)
C:\32729f403fec598fd447cc1459d6fc77.TMP0 (177115 bytes)
%WinDir%\Tasks\startt.job (188 bytes)
%Documents and Settings%\All Users\Start Menu\Programs\Startup\Wapp.exe (154878 bytes)
C:\autoexec.bat (1144 bytes) - Delete the following value(s) in the autorun key (How to Work with System Registry):
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Wapp" = "C:\Arquivos de programas\Wapp.exe" - Reboot the computer.
Static Analysis
VersionInfo
No information is available.
No information is available.
PE Sections
Name | Virtual Address | Virtual Size | Raw Size | Entropy | Section MD5 |
---|---|---|---|---|---|
.text | 4096 | 43261 | 45056 | 4.33925 | 060397ee034ea327ff6c25d43423f78e |
.rdata | 49152 | 3912 | 4096 | 3.66297 | a7d7f7911596dad0699619423d1be3b3 |
.data | 53248 | 10044 | 4096 | 2.15136 | 32213c65e4d97a5d6b8a8d192094336b |
.rsrc | 65536 | 10932 | 12288 | 2.81421 | d97038a7ba35d42836a24c3fc9687752 |
Dropped from:
Downloaded by:
Similar by SSDeep:
Similar by Lavasoft Polymorphic Checker:
Network Activity
URLs
IDS verdicts (Suricata alerts: Emerging Threats ET ruleset)
Traffic
Map
The Trojan connects to the servers at the folowing location(s):
Strings from Dumps
%original file name%.exe_1648:
.text
.text
`.rdata
`.rdata
.data
.data
.rsrc
.rsrc
user32.dll
user32.dll
KERNEL32.dll
KERNEL32.dll
EnumWindows
EnumWindows
USER32.dll
USER32.dll
GDI32.dll
GDI32.dll
GetCPInfo
GetCPInfo
DebugActiveProcess() failed with error code %d. Please report to author.
DebugActiveProcess() failed with error code %d. Please report to author.
Failed to execute target process
Failed to execute target process
ARM*.TMP
ARM*.TMP
.TMP*
.TMP*
\\.\mailslot\client\
\\.\mailslot\client\
LoadLibrary error %d
LoadLibrary error %d
%d: %s
%d: %s
Location AX, code %u, thread handle is X
Location AX, code %u, thread handle is X
Location A, code %u, thread handle is X
Location A, code %u, thread handle is X
Simulate.CD
Simulate.CD
%s%s.TMP%d%s
%s%s.TMP%d%s
KERNEL32.DLL
KERNEL32.DLL
\\.\mailslot\server\
\\.\mailslot\server\
(Error code %u)
(Error code %u)
c:\32729f403fec598fd447cc1459d6fc77.TMP0
c:\32729f403fec598fd447cc1459d6fc77.TMP0
c:\%original file name%.exe
c:\%original file name%.exe
7777777
7777777
777777777777
777777777777
777777777
777777777
77777777
77777777
77777777777777777
77777777777777777
77777777777777777777
77777777777777777777
77777777777
77777777777
7777777777
7777777777
7777777777777
7777777777777
32729f403fec598fd447cc1459d6fc77.TMP0_1804:
.idata
.idata
.rdata
.rdata
P.reloc
P.reloc
P.rsrc
P.rsrc
kernel32.dll
kernel32.dll
Windows
Windows
MSWHEEL_ROLLMSG
MSWHEEL_ROLLMSG
MSH_WHEELSUPPORT_MSG
MSH_WHEELSUPPORT_MSG
MSH_SCROLL_LINES_MSG
MSH_SCROLL_LINES_MSG
$*@@@*$@@@$ *@@* $@@($*)@-$*@@$-*@@$*-@@(*$)@-*$@@*-$@@*$-@@-* $@-$ *@* $-@$ *-@$ -*@*- $@($ *)(* $)
$*@@@*$@@@$ *@@* $@@($*)@-$*@@$-*@@$*-@@(*$)@-*$@@*-$@@*$-@@-* $@-$ *@* $-@$ *-@$ -*@*- $@($ *)(* $)
oleaut32.dll
oleaut32.dll
EVariantBadIndexError
EVariantBadIndexError
ssShift
ssShift
htKeyword
htKeyword
EInvalidOperation
EInvalidOperation
u%CNu
u%CNu
%s[%d]
%s[%d]
%s_%d
%s_%d
EInvalidGraphicOperation
EInvalidGraphicOperation
USER32.DLL
USER32.DLL
comctl32.dll
comctl32.dll
uxtheme.dll
uxtheme.dll
Proportional
Proportional
MAPI32.DLL
MAPI32.DLL
PasswordChar
PasswordChar
OnKeyDown
OnKeyDown
OnKeyPress
OnKeyPress
OnKeyUp
OnKeyUp
ssHorizontal
ssHorizontal
OnKeyUp8mC
OnKeyUp8mC
IE(AL("%s",4),"AL(\"%0:s\",3)","JK(\"%1:s\",\"%0:s\")")
IE(AL("%s",4),"AL(\"%0:s\",3)","JK(\"%1:s\",\"%0:s\")")
JumpID("","%s")
JumpID("","%s")
TKeyEvent
TKeyEvent
TKeyPressEvent
TKeyPressEvent
HelpKeyword
HelpKeyword
crSQLWait
crSQLWait
%s (%s)
%s (%s)
imm32.dll
imm32.dll
AutoHotkeys
AutoHotkeys
ssHotTrack
ssHotTrack
TWindowState
TWindowState
poProportional
poProportional
TWMKey
TWMKey
KeyPreview
KeyPreview
WindowState
WindowState
System\CurrentControlSet\Control\Keyboard Layouts\%.8x
System\CurrentControlSet\Control\Keyboard Layouts\%.8x
vcltest3.dll
vcltest3.dll
Uh.eF
Uh.eF
User32.dll
User32.dll
OnExecuteMacro
OnExecuteMacro
Service %s
Service %s
Topic %s
Topic %s
getservbyport
getservbyport
WSAAsyncGetServByPort
WSAAsyncGetServByPort
WSAJoinLeaf
WSAJoinLeaf
WS2_32.DLL
WS2_32.DLL
127.0.0.1
127.0.0.1
TIdSocketListWindows
TIdSocketListWindows
TIdStackWindowsU
TIdStackWindowsU
IdStackWindows
IdStackWindows
%s, %d %s %d %s %s
%s, %d %s %d %s %s
ftpTransfer
ftpTransfer
ftpReady
ftpReady
ftpAborted
ftpAborted
ClientPortMinT
ClientPortMinT
ClientPortMax
ClientPortMax
PortH
PortH
EIdCanNotBindPortInRange
EIdCanNotBindPortInRange
EIdInvalidPortRangeSVW
EIdInvalidPortRangeSVW
saUsernamePassword
saUsernamePassword
PasswordT
PasswordT
Port
Port
0.0.0.1
0.0.0.1
TIdTCPStream
TIdTCPStream
End of stream: %s at %d
End of stream: %s at %d
TIdTCPConnection
TIdTCPConnection
TIdTCPConnection07G
TIdTCPConnection07G
IdTCPConnection
IdTCPConnection
EIdTCPConnectionError
EIdTCPConnectionError
EIdObjectTypeNotSupported
EIdObjectTypeNotSupported
TIdTCPClient
TIdTCPClient
IdTCPClient
IdTCPClient
BoundPort
BoundPort
PortU
PortU
%s
%s
=?WINDOWS
=?WINDOWS
Indy 9.00.10
Indy 9.00.10
atLogin
atLogin
IdSMTP$
IdSMTP$
TIdSMTP
TIdSMTP
TIdSMTP$
TIdSMTP$
IdSMTP
IdSMTP
Password
Password
AUTH LOGIN
AUTH LOGIN
LOGIN
LOGIN
edtcp
edtcp
Edit1KeyPress
Edit1KeyPress
Edit2KeyPress
Edit2KeyPress
Edit3KeyPress
Edit3KeyPress
Edit4KeyPress
Edit4KeyPress
Edit5KeyPress
Edit5KeyPress
Edit6KeyPress
Edit6KeyPress
Edit7KeyPress
Edit7KeyPress
Edit8KeyPress
Edit8KeyPress
Edit9KeyPress
Edit9KeyPress
Edit10KeyPress
Edit10KeyPress
Edit11KeyPress
Edit11KeyPress
Edit12KeyPress
Edit12KeyPress
Edit13KeyPress
Edit13KeyPress
Edit14KeyPress
Edit14KeyPress
Edit15KeyPress
Edit15KeyPress
Edit16KeyPress
Edit16KeyPress
Edit17KeyPress
Edit17KeyPress
Edit18KeyPress
Edit18KeyPress
Edit19KeyPress
Edit19KeyPress
Edit20KeyPress
Edit20KeyPress
Edit21KeyPress
Edit21KeyPress
Edit22KeyPress
Edit22KeyPress
Edit23KeyPress
Edit23KeyPress
Edit24KeyPress
Edit24KeyPress
Edit25KeyPress
Edit25KeyPress
Edit26KeyPress
Edit26KeyPress
Edit27KeyPress
Edit27KeyPress
Edit28KeyPress
Edit28KeyPress
Edit29KeyPress
Edit29KeyPress
Edit30KeyPress
Edit30KeyPress
Edit31KeyPress
Edit31KeyPress
Edit32KeyPress
Edit32KeyPress
Edit33KeyPress
Edit33KeyPress
Edit34KeyPress
Edit34KeyPress
Edit35KeyPress
Edit35KeyPress
Edit36KeyPress
Edit36KeyPress
Edit37KeyPress
Edit37KeyPress
Edit38KeyPress
Edit38KeyPress
Edit39KeyPress
Edit39KeyPress
Edit40KeyPress
Edit40KeyPress
Edit41KeyPress
Edit41KeyPress
Edit42KeyPress
Edit42KeyPress
Edit43KeyPress
Edit43KeyPress
Edit44KeyPress
Edit44KeyPress
Edit45KeyPress
Edit45KeyPress
Edit46KeyPress
Edit46KeyPress
Edit47KeyPress
Edit47KeyPress
Edit48KeyPress
Edit48KeyPress
Edit49KeyPress
Edit49KeyPress
Edit50KeyPress
Edit50KeyPress
Edit51KeyPress
Edit51KeyPress
Edit52KeyPress
Edit52KeyPress
Edit53KeyPress
Edit53KeyPress
Edit54KeyPress
Edit54KeyPress
Edit55KeyPress
Edit55KeyPress
Edit56KeyPress
Edit56KeyPress
Edit57KeyPress
Edit57KeyPress
Edit58KeyPress
Edit58KeyPress
Edit59KeyPress
Edit59KeyPress
Edit60KeyPress
Edit60KeyPress
Edit61KeyPress
Edit61KeyPress
Edit62KeyPress
Edit62KeyPress
Edit63KeyPress
Edit63KeyPress
Edit64KeyPress
Edit64KeyPress
Edit65KeyPress
Edit65KeyPress
Edit66KeyPress
Edit66KeyPress
Edit67KeyPress
Edit67KeyPress
Edit68KeyPress
Edit68KeyPress
Edit69KeyPress
Edit69KeyPress
Edit70KeyPress
Edit70KeyPress
TSQLTimeStampVariantType
TSQLTimeStampVariantType
TSQLTimeStampData
TSQLTimeStampData
SqlTimSt
SqlTimSt
Uh.kJ
Uh.kJ
ole32.dll
ole32.dll
SQLTimeStamp
SQLTimeStamp
Password
Password
TLoginDialog
TLoginDialog
TPasswordDialog
TPasswordDialog
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
edaKeyPress
edaKeyPress
edcKeyPress
edcKeyPress
ffx6KeyDown
ffx6KeyDown
imgLogin2\
imgLogin2\
=-=-=-=-=-=-=-=-=-=-=-==-=-=-=-=-=
=-=-=-=-=-=-=-=-=-=-=-==-=-=-=-=-=
edtAgenciaKeyPress
edtAgenciaKeyPress
edtContaKeyPress
edtContaKeyPress
EDT_AgenciaKeyPress
EDT_AgenciaKeyPress
EDT_ContaKeyPress
EDT_ContaKeyPress
EDT_DigKeyPress
EDT_DigKeyPress
~-~ 01 ..:
~-~ 01 ..:
~-~ 02 ..:
~-~ 02 ..:
~-~ 03 ..:
~-~ 03 ..:
~-~ 04 ..:
~-~ 04 ..:
~-~ 05 ..:
~-~ 05 ..:
~-~ 06 ..:
~-~ 06 ..:
~-~ 07 ..:
~-~ 07 ..:
~-~ 08 ..:
~-~ 08 ..:
~-~ 09 ..:
~-~ 09 ..:
~-~ 10 ..:
~-~ 10 ..:
~-~ 11 ..:
~-~ 11 ..:
~-~ 12 ..:
~-~ 12 ..:
~-~ 13 ..:
~-~ 13 ..:
~-~ 14 ..:
~-~ 14 ..:
~-~ 15 ..:
~-~ 15 ..:
~-~ 16 ..:
~-~ 16 ..:
~-~ 17 ..:
~-~ 17 ..:
~-~ 18 ..:
~-~ 18 ..:
~-~ 19 ..:
~-~ 19 ..:
~-~ 20 ..:
~-~ 20 ..:
~-~ 21 ..:
~-~ 21 ..:
~-~ 22 ..:
~-~ 22 ..:
~-~ 23 ..:
~-~ 23 ..:
~-~ 24 ..:
~-~ 24 ..:
~-~ 25 ..:
~-~ 25 ..:
~-~ 26 ..:
~-~ 26 ..:
~-~ 27 ..:
~-~ 27 ..:
~-~ 28 ..:
~-~ 28 ..:
~-~ 29 ..:
~-~ 29 ..:
~-~ 30 ..:
~-~ 30 ..:
~-~ 31 ..:
~-~ 31 ..:
~-~ 32 ..:
~-~ 32 ..:
~-~ 33 ..:
~-~ 33 ..:
~-~ 34 ..:
~-~ 34 ..:
~-~ 35 ..:
~-~ 35 ..:
~-~ 36 ..:
~-~ 36 ..:
~-~ 37 ..:
~-~ 37 ..:
~-~ 38 ..:
~-~ 38 ..:
~-~ 39 ..:
~-~ 39 ..:
~-~ 40 ..:
~-~ 40 ..:
editsenhaeKeyPress
editsenhaeKeyPress
CactusROXKeyPress
CactusROXKeyPress
rpcrt4.dll
rpcrt4.dll
PUTA_01KeyPress
PUTA_01KeyPress
Uh.qM
Uh.qM
RADIO04KeyPress
RADIO04KeyPress
RADIO03KeyPress
RADIO03KeyPress
=-=-=-==-=-=-=-=-=-=-=-
=-=-=-==-=-=-=-=-=-=-=-
SMTP
SMTP
hitlerinfects@bol.com.br
hitlerinfects@bol.com.br
hgatinhainfects@gmail.com
hgatinhainfects@gmail.com
hgatinhainfos@gmail.com
hgatinhainfos@gmail.com
bushinfos@gmail.com
bushinfos@gmail.com
#!V!W!"!&!r%!%#%%%'%)%c%e%g%C%
#!V!W!"!&!r%!%#%%%'%)%c%e%g%C%
P%S%V%Y%\%
P%S%V%Y%\%
?456789:;
?456789:;
!"#$%&'()* ,-./0123
!"#$%&'()* ,-./0123
!"#$%&'()* ,-./0123456789:;?
!"#$%&'()* ,-./0123456789:;?
&'()* ,-./0123456789:;?
&'()* ,-./0123456789:;?
user32.dll
user32.dll
GetKeyboardType
GetKeyboardType
advapi32.dll
advapi32.dll
RegOpenKeyExA
RegOpenKeyExA
RegCloseKey
RegCloseKey
RegFlushKey
RegFlushKey
RegCreateKeyExA
RegCreateKeyExA
WinExec
WinExec
GetCPInfo
GetCPInfo
version.dll
version.dll
gdi32.dll
gdi32.dll
SetViewportOrgEx
SetViewportOrgEx
UnhookWindowsHookEx
UnhookWindowsHookEx
SetWindowsHookExA
SetWindowsHookExA
SetKeyboardState
SetKeyboardState
MsgWaitForMultipleObjects
MsgWaitForMultipleObjects
MapVirtualKeyA
MapVirtualKeyA
LoadKeyboardLayoutA
LoadKeyboardLayoutA
GetKeyboardState
GetKeyboardState
GetKeyboardLayoutList
GetKeyboardLayoutList
GetKeyboardLayout
GetKeyboardLayout
GetKeyState
GetKeyState
GetKeyNameTextA
GetKeyNameTextA
EnumWindows
EnumWindows
EnumThreadWindows
EnumThreadWindows
ActivateKeyboardLayout
ActivateKeyboardLayout
7 7$7(7,7074787
7 7$7(7,7074787
?#?)?.?9?
?#?)?.?9?
3M4
3M4
?0^0;1~1
?0^0;1~1
=!=$=6=>=
=!=$=6=>=
3 3$323:3
3 3$323:3
: :$:(:,:0:
: :$:(:,:0:
4$5(50545
4$5(50545
6-6D6}6
6-6D6}6
9 9$9(9,9094989
9 9$9(9,9094989
: :$:(:,:0:4:8:
: :$:(:,:0:4:8:
="=@=[=_=|=
="=@=[=_=|=
=!=0=8=]=
=!=0=8=]=
;";(;1;5;];
;";(;1;5;];
7Å’8_8
7Å’8_8
4%5X5
4%5X5
6m6Z6y6
6m6Z6y6
:$:(:,:0:4:
:$:(:,:0:4:
333333333333333333
333333333333333333
33333833
33333833
3333339
3333339
3333333333333338
3333333333333338
:*"*"$3338
:*"*"$3338
3333333
3333333
33333333
33333333
33333333333
33333333333
3333333333338
3333333333338
33338?383
33338?383
333333333333
333333333333
:*3:"$3338
:*3:"$3338
333333333333333
333333333333333
33333333333333
33333333333333
337373?3
337373?3
333373?33
333373?33
33333337
33333337
3733333
3733333
3337333
3337333
3333373
3333373
3737333
3737333
373333?3
373333?3
3333333333
3333333333
333333333
333333333
333?33?333
333?33?333
333373?3
333373?3
7777777
7777777
777777777777
777777777777
777777777
777777777
77777777
77777777
77777777777777777
77777777777777777
77777777777777777777
77777777777777777777
77777777777
77777777777
7777777777
7777777777
7777777777777
7777777777777
KWindows
KWindows
UrlMon
UrlMon
rSqlTimSt
rSqlTimSt
#IdSMTP
#IdSMTP
IdTCPStream
IdTCPStream
Font.Charset
Font.Charset
Font.Color
Font.Color
Font.Height
Font.Height
Font.Name
Font.Name
Font.Style
Font.Style
Picture.Data
Picture.Data
]]\]]\]]\]]\
]]\]]\]]\]]\
]]\}}}]]\
]]\}}}]]\
]]\]]\]]\]]\]]\]]\]]\]]\]]\]]\
]]\]]\]]\]]\]]\]]\]]\]]\]]\]]\
]]\]]\]]\
]]\]]\]]\
}msG0
}msG0
}}}]]\]]\
}}}]]\]]\
]]\]]\}}}
]]\]]\}}}
]]\]]\]]\]]\]]\]]\
]]\]]\]]\]]\]]\]]\
]]\]]\]]\}}}
]]\]]\]]\}}}
,.tb3I
,.tb3I
___\\\^^^
___\\\^^^
(7),01444
(7),01444
'9=82<.342>
'9=82<.342>
.q.uI;I
.q.uI;I
Wi"8E%X0
Wi"8E%X0
GT.LDA=H"
GT.LDA=H"
RÿF
RÿF
.VOV&
.VOV&
we9%CQ
we9%CQ
.jD|n!
.jD|n!
:1-:1-90,
:1-:1-90,
}90,:1-:1-
}90,:1-:1-
81.qjg
81.qjg
2)%ULH4 'h_[%
2)%ULH4 'h_[%
.%!0'#5,(
.%!0'#5,(
;2.JA=SJF#
;2.JA=SJF#
tsr`^]SNNKGG2-.TON;41'
tsr`^]SNNKGG2-.TON;41'
;2.MD@
;2.MD@
6,%;3,,"
6,%;3,,"
@7.RJC,&!
@7.RJC,&!
7.*7.*1($
7.*7.*1($
1)"=5. #
1)"=5. #
;2.NEA
;2.NEA
.)& '&
.)& '&
5-&80).&
5-&80).&
5-&0(!:2 &
5-&0(!:2 &
:2 0(!5-&
:2 0(!5-&
7/(1)")!
7/(1)")!
:4/5/*0*%:4/
:4/5/*0*%:4/
0'#;2.RIE-$ ?62
0'#;2.RIE-$ ?62
;2.TKG
;2.TKG
=5.bZS1)":2 TLE #
=5.bZS1)":2 TLE #
91*1)"
91*1)"
=5.yqj
=5.yqj
0*%F@;"
0*%F@;"
8/%cZPYPF
8/%cZPYPF
?5.yoh
?5.yoh
0*%uoj
0*%uoj
/)$?94-'"
/)$?94-'"
-'"?94/)$
-'"?94/)$
;41;41/(%)"
;41;41/(%)"
-(%\XTNJF72261/:5151.LGC=85AGB>gb^>98=98;93$#
-(%\XTNJF72261/:5151.LGC=85AGB>gb^>98=98;93$#
yxup@=
yxup@=
==?==?==?
==?==?==?
==?==?==?==?==?
==?==?==?==?==?
gx:x.zP
gx:x.zP
7y.hVM:
7y.hVM:
Items.Strings
Items.Strings
$-W-K}
$-W-K}
Ff.Sx
Ff.Sx
&<.dg>
&<.dg>
&%xm:t
&%xm:t
R=O%Uo
R=O%Uo
%X\Av
%X\Av
.vUb=:
.vUb=:
S g
S g
.b%f^
.b%f^
%d^N1
%d^N1
PhXXps://wwwss.bradesco.com.br - Banco Bradesco S/A - Microsoft Internet Explorer
PhXXps://wwwss.bradesco.com.br - Banco Bradesco S/A - Microsoft Internet Explorer
\[[\[[\[[
\[[\[[\[[
\[[\[[\[[\[[
\[[\[[\[[\[[
\[[\[[\[[\[[\[[
\[[\[[\[[\[[\[[
f.np]
f.np]
m"qMSg4
m"qMSg4
-81%dY
-81%dY
%FjLs
%FjLs
j.JO}
j.JO}
!!!111{{{
!!!111{{{
!!!))){{{
!!!))){{{
111!!!111
111!!!111
{{{!!!111
{{{!!!111
{{{111{{{!!!
{{{111{{{!!!
{{{)))!!!)))
{{{)))!!!)))
!!!{{{!!!{{{
!!!{{{!!!{{{
{{{!!!{{{!!!
{{{!!!{{{!!!
Lines.Strings
Lines.Strings
Prr.ZYj
Prr.ZYj
,.dD
,.dD
Adobe Photoshop CS2 Windows
Adobe Photoshop CS2 Windows
2007:06:15 22:37:00
2007:06:15 22:37:00
urlTEXT
urlTEXT
MsgeTEXT
MsgeTEXT
hXXp://ns.adobe.com/xap/1.0/
hXXp://ns.adobe.com/xap/1.0/
xmlns:dc="hXXp://purl.org/dc/elements/1.1/">
xmlns:dc="hXXp://purl.org/dc/elements/1.1/">
xmlns:xap="hXXp://ns.adobe.com/xap/1.0/">
xmlns:xap="hXXp://ns.adobe.com/xap/1.0/">
Adobe Photoshop CS2 Windows
Adobe Photoshop CS2 Windows
xmlns:xapMM="hXXp://ns.adobe.com/xap/1.0/mm/"
xmlns:xapMM="hXXp://ns.adobe.com/xap/1.0/mm/"
xmlns:stRef="hXXp://ns.adobe.com/xap/1.0/sType/ResourceRef#">
xmlns:stRef="hXXp://ns.adobe.com/xap/1.0/sType/ResourceRef#">
xmlns:tiff="hXXp://ns.adobe.com/tiff/1.0/">
xmlns:tiff="hXXp://ns.adobe.com/tiff/1.0/">
xmlns:exif="hXXp://ns.adobe.com/exif/1.0/">
xmlns:exif="hXXp://ns.adobe.com/exif/1.0/">
xmlns:photoshop="hXXp://ns.adobe.com/photoshop/1.0/">
xmlns:photoshop="hXXp://ns.adobe.com/photoshop/1.0/">
IEC hXXp://VVV.iec.ch
IEC hXXp://VVV.iec.ch
.IEC 61966-2.1 Default RGB colour space - sRGB
.IEC 61966-2.1 Default RGB colour space - sRGB
CRT curv
CRT curv
9=.RE
9=.RE
L%UM)
L%UM)
S%USA
S%USA
wURl}
wURl}
$J%Fs E"
$J%Fs E"
3%%CG
3%%CG
A.wge3X
A.wge3X
.qSR'
.qSR'
IU.Oo
IU.Oo
2007:06:16 00:02:02
2007:06:16 00:02:02
2007:06:16 00:01:04
2007:06:16 00:01:04
2007:06:16 00:01:19
2007:06:16 00:01:19
{.Ey&I
{.Ey&I
uK$=]%U
uK$=]%U
.ug=vA
.ug=vA
2007:06:16 00:01:38
2007:06:16 00:01:38
2007:06:16 00:02:17
2007:06:16 00:02:17
2007:06:16 01:49:58
2007:06:16 01:49:58
Brush.Color
Brush.Color
Pen.Color
Pen.Color
Pen.Style
Pen.Style
imgLogin2
imgLogin2
2007:06:16 01:59:48
2007:06:16 01:59:48
2007:06:16 01:16:55
2007:06:16 01:16:55
.lI%m
.lI%m
IC%Dt
IC%Dt
"-m}|
"-m}|
-fXn}
-fXn}
2007:06:16 01:39:08
2007:06:16 01:39:08
h^5.UY
h^5.UY
%4U4rO
%4U4rO
2007:06:19 18:02:01
2007:06:19 18:02:01
fw.vm
fw.vm
.RL=S
.RL=S
.ksd&
.ksd&
91q%Dr
91q%Dr
%S_B:q
%S_B:q
7.OhwfK
7.OhwfK
Y%0xq"4RG!
Y%0xq"4RG!
|.HKG$
|.HKG$
S%Fgr
S%Fgr
e-%uE
e-%uE
KO.BJ
KO.BJ
v/qTcrT
v/qTcrT
.EH=@
.EH=@
?lST%6X
?lST%6X
5%UM$
5%UM$
Ad%xCDRHC$R8
Ad%xCDRHC$R8
3ÂM
3ÂM
x\%UGT
x\%UGT
%Lp%D
%Lp%D
2007:06:16 03:25:12
2007:06:16 03:25:12
HorzScrollBar.Visible
HorzScrollBar.Visible
VertScrollBar.Visible
VertScrollBar.Visible
'5*/6*/6*/6
'5*/6*/6*/6
'5*/6*/6*/6*/6*/6*/6*/6
'5*/6*/6*/6*/6*/6*/6*/6
'5*/6*/6
'5*/6*/6
l
l
.tS`
.tS`
,=.yG
,=.yG
.mCOm5
.mCOm5
.Uk -{
.Uk -{
72]4:2.*
72]4:2.*
%.NU5
%.NU5
yJn.Rm
yJn.Rm
WÂ
WÂ
H8.YF
H8.YF
.iZUg9$
.iZUg9$
8.XA(
8.XA(
.PUU95'M
.PUU95'M
t=.ms
t=.ms
&.Xl]|e
&.Xl]|e
.cV|C
.cV|C
a.wFL`
a.wFL`
%x5--
%x5--
'.NyJJ
'.NyJJ
:N.Qj
:N.Qj
.nn|1
.nn|1
3L.kBu
3L.kBu
j(.zs
j(.zs
9e .nk y
9e .nk y
kM-.cuw
kM-.cuw
%C*z[k
%C*z[k
{,%X
{,%X
8.OcV
8.OcV
VX%FNR
VX%FNR
h.Un[.^W
h.Un[.^W
u*{%C
u*{%C
_.jxZ
_.jxZ
"8y%uId
"8y%uId
.BA$I
.BA$I
ZÆmw[i
ZÆmw[i
5.Lgyx_
5.Lgyx_
]n.Os-Yu
]n.Os-Yu
y%C'1
y%C'1
m%uTp
m%uTp
Xh.PDf
Xh.PDf
)i.HHIY
)i.HHIY
.HFVQ
.HFVQ
~%xgX
~%xgX
/.fHm
/.fHm
.nuM6mq
.nuM6mq
msgqm2$
msgqm2$
x}.nm
x}.nm
9:sshv
9:sshv
ex,.oK1
ex,.oK1
.KsrJq
.KsrJq
E $ZcmD)
E $ZcmD)
A1%XWaC
A1%XWaC
>"!B&%C'&?#"
>"!B&%C'&?#"
8/,:' =*
8/,:' =*
ZcmD)
ZcmD)
K#$N'%UcXM
K#$N'%UcXM
]hlP3%U2
]hlP3%U2
`enU.%X3
`enU.%X3
^=.VdbZ0
^=.VdbZ0
@@@>>>???
@@@>>>???
}}}666@@@
}}}666@@@
...555~~~555777
...555~~~555777
???>>>~~~
???>>>~~~
8;.OX
8;.OX
g4$f5%c$
g4$f5%c$
vv%8SpS|
vv%8SpS|
{.NN_
{.NN_
o9.vMo8S
o9.vMo8S
.Ycmc
.Ycmc
%sDT.
%sDT.
.Ms{x
.Ms{x
[x-.Aa
[x-.Aa
%x4gG#2L
%x4gG#2L
.heZT%
.heZT%
%CS4m9)0
%CS4m9)0
:Portal Banco Real - ABN AMRO - Microsoft Internet Explorer
:Portal Banco Real - ABN AMRO - Microsoft Internet Explorer
Icon.Data
Icon.Data
) T%X
) T%X
v.hpw
v.hpw
gls%d]
gls%d]
D`f%F
D`f%F
;#.RI-o
;#.RI-o
`.yMu
`.yMu
.Ziv>
.Ziv>
j*.pvr
j*.pvr
d .NDuW
d .NDuW
}Y.uO!uO!
}Y.uO!uO!
}Y.uO!uO!uO!uO!uO!
}Y.uO!uO!uO!uO!uO!
o}Y.uO!uO!uO!uO!uO!
o}Y.uO!uO!uO!uO!uO!
}Y.uO!uO!uO!uO!
}Y.uO!uO!uO!uO!
yU}Y.uO!uO!uO!uO!uO!}Y.
yU}Y.uO!uO!uO!uO!uO!}Y.
o}Y.uO!uO!uO!uO!uO!}Y.
o}Y.uO!uO!uO!uO!uO!}Y.
}Y.uO!uO!uO!uO!uO!uO!uO!uO!
}Y.uO!uO!uO!uO!uO!uO!uO!uO!
}Y.uO!uO!uO!
}Y.uO!uO!uO!
}Y.uO!uO!uO!uO!uO!uO!uO!uO!uO!uO!uO!
}Y.uO!uO!uO!uO!uO!uO!uO!uO!uO!uO!uO!
}Y.uO!
}Y.uO!
}Y.uO!uO!}Y.
}Y.uO!uO!}Y.
yU}Y.uO!uO!uO!
yU}Y.uO!uO!uO!
o}Y.uO!uO!
o}Y.uO!uO!
nH}Y.uO!uO!uO!}Y.
nH}Y.uO!uO!uO!}Y.
}Y.uO!uO!uO!uO!uO!uO!uO!uO!uO!
}Y.uO!uO!uO!uO!uO!uO!uO!uO!uO!
989101989
989101989
GU.iFQ
GU.iFQ
I%d|G
I%d|G
F.Rrt
F.Rrt
ap,.WV
ap,.WV
IJ*QrN.QjI4
IJ*QrN.QjI4
Irba('.ER
Irba('.ER
%.XJ
%.XJ
*.JtU
*.JtU
]x.iSUh
]x.iSUh
.Lu@]
.Lu@]
.Mz8U
.Mz8U
$Cp.Kx Jw">m
$Cp.Kx Jw">m
.Kx'FsIf
.Kx'FsIf
/N{4Q~.Mz5R
/N{4Q~.Mz5R
.Gq.Hp1JtRl
.Gq.Hp1JtRl
-GuRl
-GuRl
.Kx$An4Q~@]
.Kx$An4Q~@]
*Gs.KwGd
*Gs.KwGd
-Mx1Nz.NyJg
-Mx1Nz.NyJg
3P}(Er.KwHe
3P}(Er.KwHe
.Iu5P|>Y
.Iu5P|>Y
-Jw4Q}1Mv1Ks7Px7QvC]
-Jw4Q}1Mv1Ks7Px7QvC]
3Lv.GqHa
3Lv.GqHa
.Vg5,
.Vg5,
/,.xvvA=B
/,.xvvA=B
/,.BAC
/,.BAC
/,.HDI
/,.HDI
...FFF
...FFF
]]]000[[[
]]]000[[[
777$$$"""###
777$$$"""###
LoginDialog
LoginDialog
Database Login
Database Login
&Password:
&Password:
PasswordDialog
PasswordDialog
Enter password
Enter password
version="1.0.0.0"
version="1.0.0.0"
name="Microsoft.Windows.Common-Controls"
name="Microsoft.Windows.Common-Controls"
version="6.0.0.0"
version="6.0.0.0"
publicKeyToken="6595b64144ccf1df"
publicKeyToken="6595b64144ccf1df"
TLOGINDIALOG
TLOGINDIALOG
TPASSWORDDIALOG
TPASSWORDDIALOG
/Variant does not reference an automation object7Dispatch methods do not support more than 64 parameters
/Variant does not reference an automation object7Dispatch methods do not support more than 64 parameters
Remote Login
Remote Login
Command not supported.
Command not supported.
Address type not supported.
Address type not supported.
JPEG error #%d
JPEG error #%d
%s is not a valid BCD value$Could not parse SQL TimeStamp string
%s is not a valid BCD value$Could not parse SQL TimeStamp string
Invalid SQL date/time values
Invalid SQL date/time values
OLE error %.8x.Method '%s' not supported by automation object
OLE error %.8x.Method '%s' not supported by automation object
Request rejected or failed.5Request rejected because SOCKS server cannot connect.QRequest rejected because the client program and identd report different user-ids.
Request rejected or failed.5Request rejected because SOCKS server cannot connect.QRequest rejected because the client program and identd report different user-ids.
Socket is not connected..Cannot send or receive after socket is closed.#Too many references, cannot splice.
Socket is not connected..Cannot send or receive after socket is closed.#Too many references, cannot splice.
Operation would block.
Operation would block.
Operation now in progress.
Operation now in progress.
Operation already in progress.
Operation already in progress.
Socket operation on non-socket.
Socket operation on non-socket.
Protocol not supported.
Protocol not supported.
Socket type not supported."Operation not supported on socket.
Socket type not supported."Operation not supported on socket.
Protocol family not supported.0Address family not supported by protocol family.
Protocol family not supported.0Address family not supported by protocol family.
Connecting to %s.
Connecting to %s.
%s is not a valid service.
%s is not a valid service.
Socket Error # %d
Socket Error # %d
File "%s" not found1Only one TIdAntiFreeze can exist per application.
File "%s" not found1Only one TIdAntiFreeze can exist per application.
Object type not supported.
Object type not supported.
No data to read.$Can not bind in port range (%d - %d)
No data to read.$Can not bind in port range (%d - %d)
Invalid Port Range (%d - %d)
Invalid Port Range (%d - %d)
@ Outside address*Error on call Winsock2 library function %s&Error on loading Winsock2 library (%s)
@ Outside address*Error on call Winsock2 library function %s&Error on loading Winsock2 library (%s)
Resolving hostname %s.
Resolving hostname %s.
No help keyword specified.
No help keyword specified.
Connection Closed Gracefully.;Could not bind socket. Address and port are already in use.4Failed attempting to retrieve time zone information.
Connection Closed Gracefully.;Could not bind socket. Address and port are already in use.4Failed attempting to retrieve time zone information.
/Menu '%s' is already being used by another form
/Menu '%s' is already being used by another form
Error setting %s.Count8Listbox (%s) style must be virtual in order to set Count"Unable to find a Table of Contents
Error setting %s.Count8Listbox (%s) style must be virtual in order to set Count"Unable to find a Table of Contents
No help found for %s#No context-sensitive help installed$No topic-based help system installed
No help found for %s#No context-sensitive help installed$No topic-based help system installed
Invalid clipboard format Clipboard does not support Icons
Invalid clipboard format Clipboard does not support Icons
"An error returned from DDE ($0%x)/DDE Error - conversation not established ($0%x)0Error occurred when DDE ran out of memory ($0%x)"Unable to connect DDE conversation
"An error returned from DDE ($0%x)/DDE Error - conversation not established ($0%x)0Error occurred when DDE ran out of memory ($0%x)"Unable to connect DDE conversation
Invalid input value7Invalid input value. Use escape key to abandon changes
Invalid input value7Invalid input value. Use escape key to abandon changes
Error creating window class Cannot focus a disabled or invisible window!Control '%s' has no parent window
Error creating window class Cannot focus a disabled or invisible window!Control '%s' has no parent window
Failed to set data for '%s'
Failed to set data for '%s'
Resource %s not found
Resource %s not found
%s.Seek not implemented$Operation not allowed on sorted list$%s not in a class registration group
%s.Seek not implemented$Operation not allowed on sorted list$%s not in a class registration group
Property %s does not exist
Property %s does not exist
Thread creation error: %s
Thread creation error: %s
Thread Error: %s (%d)
Thread Error: %s (%d)
Unsupported clipboard format
Unsupported clipboard format
Invalid stream format$''%s'' is not a valid component name
Invalid stream format$''%s'' is not a valid component name
Invalid property element: %s
Invalid property element: %s
Invalid property type: %s
Invalid property type: %s
Invalid data type for '%s' List capacity out of bounds (%d)
Invalid data type for '%s' List capacity out of bounds (%d)
List count out of bounds (%d)
List count out of bounds (%d)
List index out of bounds (%d) Out of memory while expanding memory stream
List index out of bounds (%d) Out of memory while expanding memory stream
Error reading %s%s%s: %s
Error reading %s%s%s: %s
Failed to get data for '%s'
Failed to get data for '%s'
Ancestor for '%s' not found
Ancestor for '%s' not found
Cannot assign a %s to a %s
Cannot assign a %s to a %s
Bits index out of range*Can't write to a read-only resource streamECheckSynchronize called from thread $%x, which is NOT the main thread
Bits index out of range*Can't write to a read-only resource streamECheckSynchronize called from thread $%x, which is NOT the main thread
Class %s not found
Class %s not found
A class named %s already exists%List does not allow duplicates ($0%x)#A component named %s already exists%String list does not allow duplicates
A class named %s already exists%List does not allow duplicates ($0%x)#A component named %s already exists%String list does not allow duplicates
Cannot create file "%s". %s
Cannot create file "%s". %s
Cannot open file "%s". %s
Cannot open file "%s". %s
Operation not supported
Operation not supported
External exception %x
External exception %x
Interface not supported
Interface not supported
%s (%s, line %d)
%s (%s, line %d)
Abstract Error?Access violation at address %p in module '%s'. %s of address %p
Abstract Error?Access violation at address %p in module '%s'. %s of address %p
System Error. Code: %d.
System Error. Code: %d.
No argument for format '%s'"Variant method calls not supported
No argument for format '%s'"Variant method calls not supported
Invalid variant operation%Invalid variant operation (%s%.8x)
Invalid variant operation%Invalid variant operation (%s%.8x)
%s,Custom variant type (%s%.4x) is out of range/Custom variant type (%s%.4x) already used by %s*Custom variant type (%s%.4x) is not usable2Too many custom variant types have been registered5Could not convert variant of type (%s) into type (%s)=Overflow while converting variant of type (%s) into type (%s)
%s,Custom variant type (%s%.4x) is out of range/Custom variant type (%s%.4x) already used by %s*Custom variant type (%s%.4x) is not usable2Too many custom variant types have been registered5Could not convert variant of type (%s) into type (%s)=Overflow while converting variant of type (%s) into type (%s)
Integer overflow Invalid floating point operation
Integer overflow Invalid floating point operation
Invalid pointer operation
Invalid pointer operation
Invalid class typecast0Access violation at address %p. %s of address %p
Invalid class typecast0Access violation at address %p. %s of address %p
Operation aborted(Exception %s in module %s at %p.
Operation aborted(Exception %s in module %s at %p.
Application Error1Format '%s' invalid or incompatible with argument
Application Error1Format '%s' invalid or incompatible with argument
!'%s' is not a valid integer value('%s' is not a valid floating point value!'%s' is not a valid date and time
!'%s' is not a valid integer value('%s' is not a valid floating point value!'%s' is not a valid date and time
I/O error %d
I/O error %d