Trojan.Generic.14783327_be544a694c

HEUR:Trojan-Downloader.Win32.Generic (Kaspersky), Trojan.Generic.14783327 (B) (Emsisoft), Trojan.Generic.14783327 (AdAware), Trojan.NSIS.StartPage.FD, mzpefinder_pcap_file.YR (Lavasoft MAS)Behaviour: Trojan-Downloader, Trojan

The description has been automatically generated by Lavasoft Malware Analysis System and it may contain incomplete or inaccurate information.

[^:]:%[^

[^:]:%[^

Protocol %s not supported or disabled in libcurl

Protocol %s not supported or disabled in libcurl

http_proxy

http_proxy

%5[^:@]:%5[^@]

%5[^:@]:%5[^@]

:%5[^@]

:%5[^@]

Port number too large: %lu

Port number too large: %lu

%s://%s%s%s:%hu%s%s%s

%s://%s%s%s:%hu%s%s%s

;type=%c

;type=%c

[%*45[0123456789abcdefABCDEF:.]%c

[%*45[0123456789abcdefABCDEF:.]%c

Couldn't find host %s in the _netrc file; using defaults

Couldn't find host %s in the _netrc file; using defaults

PTF@example.com

PTF@example.com

Couldn't resolve host '%s'

Couldn't resolve host '%s'

Couldn't resolve proxy '%s'

Couldn't resolve proxy '%s'

Connection #%ld to host %s left intact

Connection #%ld to host %s left intact

operation aborted by callback

operation aborted by callback

ioctl callback returned error %d

ioctl callback returned error %d

the ioctl callback returned %d

the ioctl callback returned %d

seek callback returned error %d

seek callback returned error %d

Operation timed out after %ld milliseconds with %lld bytes received

Operation timed out after %ld milliseconds with %lld bytes received

Operation timed out after %ld milliseconds with %lld out of %lld bytes received

Operation timed out after %ld milliseconds with %lld out of %lld bytes received

Problem (%d) in the Chunked-Encoded data

Problem (%d) in the Chunked-Encoded data

HTTP server doesn't seem to support byte ranges. Cannot resume.

HTTP server doesn't seem to support byte ranges. Cannot resume.

Excess found in a non pipelined read: excess = %zd url = %s (zero-length body)

Excess found in a non pipelined read: excess = %zd url = %s (zero-length body)

Rewinding stream by : %zd bytes on url %s (zero-length body)

Rewinding stream by : %zd bytes on url %s (zero-length body)

Excess found in a non pipelined read: excess = %zu, size = %lld, maxdownload = %lld, bytecount = %lld

Excess found in a non pipelined read: excess = %zu, size = %lld, maxdownload = %lld, bytecount = %lld

Rewinding stream by : %zu bytes on url %s (size = %lld, maxdownload = %lld, bytecount = %lld, nread = %zd)

Rewinding stream by : %zu bytes on url %s (size = %lld, maxdownload = %lld, bytecount = %lld, nread = %zd)

No URL set!

No URL set!

Violate RFC 2616/10.3.2 and switch from POST to GET

Violate RFC 2616/10.3.2 and switch from POST to GET

Violate RFC 2616/10.3.3 and switch from POST to GET

Violate RFC 2616/10.3.3 and switch from POST to GET

Disables POST, goes with %s

Disables POST, goes with %s

Issue another request to this URL: '%s'

Issue another request to this URL: '%s'

[^?&/:]://%c

[^?&/:]://%c

unspecified error %d

unspecified error %d

%s cookie %s="%s" for domain %s, path %s, expire %lld

%s cookie %s="%s" for domain %s, path %s, expire %lld

#HttpOnly_

#HttpOnly_

skipped cookie with bad tailmatch domain: %s

skipped cookie with bad tailmatch domain: %s

skipped cookie with illegal dotcount domain: %s

skipped cookie with illegal dotcount domain: %s

httponly

httponly

23[^;

23[^;

=]=I99[^;

=]=I99[^;

%s%s%s

%s%s%s

WARNING: failed to save cookies in %s

WARNING: failed to save cookies in %s

# Fatal libcurl error

# Fatal libcurl error

# Netscape HTTP Cookie File

# Netscape HTTP Cookie File

# hXXp://curl.haxx.se/docs/http-cookies.html

# hXXp://curl.haxx.se/docs/http-cookies.html

# This file was generated by libcurl! Edit at your own risk.

# This file was generated by libcurl! Edit at your own risk.

Send failure: %s

Send failure: %s

Recv failure: %s

Recv failure: %s

[%s %s %s]

[%s %s %s]

ssloc inet_ntop() failed with errno %d: %s

ssloc inet_ntop() failed with errno %d: %s

ssrem inet_ntop() failed with errno %d: %s

ssrem inet_ntop() failed with errno %d: %s

getsockname() failed with errno %d: %s

getsockname() failed with errno %d: %s

getpeername() failed with errno %d: %s

getpeername() failed with errno %d: %s

Failed to connect to %s: %s

Failed to connect to %s: %s

Trying %s...

Trying %s...

sa_addr inet_ntop() failed with errno %d: %s

sa_addr inet_ntop() failed with errno %d: %s

Failed to set SO_KEEPALIVE on fd %d

Failed to set SO_KEEPALIVE on fd %d

bind failed with errno %d: %s

bind failed with errno %d: %s

Local port: %hu

Local port: %hu

Bind to local port %hu failed, trying next

Bind to local port %hu failed, trying next

Couldn't bind to '%s'

Couldn't bind to '%s'

Local Interface %s is ip %s using address family %i

Local Interface %s is ip %s using address family %i

Name '%s' family %i resolved to '%s' family %i

Name '%s' family %i resolved to '%s' family %i

TCP_NODELAY set

TCP_NODELAY set

Could not set TCP_NODELAY: %s

Could not set TCP_NODELAY: %s

couldn't connect to %s at %s:%d

couldn't connect to %s at %s:%d

Unable to parse FTP file list

Unable to parse FTP file list

Error in the SSH layer

Error in the SSH layer

Caller must register CURLOPT_CONV_ callback options

Caller must register CURLOPT_CONV_ callback options

TFTP: No such user

TFTP: No such user

TFTP: Unknown transfer ID

TFTP: Unknown transfer ID

TFTP: Illegal operation

TFTP: Illegal operation

TFTP: Access Violation

TFTP: Access Violation

TFTP: File Not Found

TFTP: File Not Found

Login denied

Login denied

Issuer check against peer certificate failed

Issuer check against peer certificate failed

Invalid LDAP URL

Invalid LDAP URL

Unrecognized or bad HTTP Content or Transfer-Encoding

Unrecognized or bad HTTP Content or Transfer-Encoding

Problem with the SSL CA cert (path? access rights?)

Problem with the SSL CA cert (path? access rights?)

Peer certificate cannot be authenticated with given CA certificates

Peer certificate cannot be authenticated with given CA certificates

Problem with the local SSL certificate

Problem with the local SSL certificate

SSL peer certificate or SSH remote key was not OK

SSL peer certificate or SSH remote key was not OK

An unknown option was passed in to libcurl

An unknown option was passed in to libcurl

A libcurl function was given a bad argument

A libcurl function was given a bad argument

Operation was aborted by an application callback

Operation was aborted by an application callback

FTP: command REST failed

FTP: command REST failed

FTP: command PORT failed

FTP: command PORT failed

HTTP response code said error

HTTP response code said error

FTP: couldn't retrieve (RETR failed) the specified file

FTP: couldn't retrieve (RETR failed) the specified file

FTP: couldn't set file type

FTP: couldn't set file type

FTP: can't figure out the host in the PASV response

FTP: can't figure out the host in the PASV response

FTP: unknown 227 response format

FTP: unknown 227 response format

FTP: unknown PASV reply

FTP: unknown PASV reply

FTP: unknown PASS reply

FTP: unknown PASS reply

FTP: The server did not accept the PRET command.

FTP: The server did not accept the PRET command.

FTP: Accepting server connect has timed out

FTP: Accepting server connect has timed out

FTP: The server failed to connect to data port

FTP: The server failed to connect to data port

FTP: weird server reply

FTP: weird server reply

A requested feature, protocol or option was not found built-in in this libcurl due to a build-time decision.

A requested feature, protocol or option was not found built-in in this libcurl due to a build-time decision.

URL using bad/illegal format or missing URL

URL using bad/illegal format or missing URL

Unsupported protocol

Unsupported protocol

Unknown error %d (%#x)

Unknown error %d (%#x)

Winsock version not supported

Winsock version not supported

Protocol family not supported

Protocol family not supported

Address family not supported

Address family not supported

Operation not supported

Operation not supported

Socket is unsupported

Socket is unsupported

Protocol is unsupported

Protocol is unsupported

Protocol option is unsupported

Protocol option is unsupported

Internal error removing splay node = %d

Internal error removing splay node = %d

Internal error clearing splay node = %d

Internal error clearing splay node = %d

%d.%d.%d.%d

%d.%d.%d.%d

The requested URL returned error: %d

The requested URL returned error: %d

@I.po

@I.po

6-q}k

6-q}k

version=1.0.1.8

version=1.0.1.8

C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\XxShow\*.*

C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\XxShow\*.*

in.html?

in.html?

1\"%CurrentUserName%"\LOCALS~1\Temp\nsx2.tmp

1\"%CurrentUserName%"\LOCALS~1\Temp\nsx2.tmp

1248.exe

1248.exe

1638648

1638648

-2067134396

-2067134396

adm\LOCALS~1\Temp\XxShow\XxTongji.dll

adm\LOCALS~1\Temp\XxShow\XxTongji.dll

95101248.exe

95101248.exe

c:\Setup_95101248.exe

c:\Setup_95101248.exe

D:\Program Files\XxShow

D:\Program Files\XxShow

C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\XxShow

C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\XxShow

Setup_95101248.exe

Setup_95101248.exe

CUME~1\"%CurrentUserName%"\LOCALS~1\Temp\nsh1.tmp

CUME~1\"%CurrentUserName%"\LOCALS~1\Temp\nsh1.tmp

C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\

C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\

352650550

352650550

1245428

1245428

1114338

1114338

1114320

1114320

1573190

1573190

2162906

2162906

1376468

1376468

95101248

95101248

1507518

1507518

1573146

1573146

1507522

1507522

1507538

1507538

1048780

1048780

1442126

1442126

1573052

1573052

1835232

1835232

1376520

1376520

1638642

1638642

1310942

1310942

1310970

1310970

722076749

722076749

Nullsoft Install System v2.46

Nullsoft Install System v2.46

2.0.0.0

2.0.0.0

Setup_95101248.exe_1596_rwx_10004000_00001000:

callback%d

callback%d

uuuyunbo_53_1248.exe_1536:

.text

.text

`.rdata

`.rdata

@.data

@.data

.rsrc

.rsrc

@.reloc

@.reloc

8%u*@Sj%

8%u*@Sj%

t.Gj:W

t.Gj:W

j.Yf;

j.Yf;

_tcPVj@

_tcPVj@

.PjRW

.PjRW

Internal error clearing splay node = %d

Internal error clearing splay node = %d

Internal error removing splay node = %d

Internal error removing splay node = %d

Could not resolve %s: %s

Could not resolve %s: %s

init_resolve_thread() failed for %s; %s

init_resolve_thread() failed for %s; %s

getaddrinfo() failed for %s:%d; %s

getaddrinfo() failed for %s:%d; %s

%s:%d

%s:%d

Hostname %s was found in DNS cache

Hostname %s was found in DNS cache

Connected to %s (%s) port %ld (#%ld)

Connected to %s (%s) port %ld (#%ld)

smtp

smtp

;type=%c

;type=%c

Send failure: %s

Send failure: %s

Write callback asked for PAUSE when not supported!

Write callback asked for PAUSE when not supported!

[%s %s %s]

[%s %s %s]

Failed to set SO_KEEPALIVE on fd %d

Failed to set SO_KEEPALIVE on fd %d

Failed to set SIO_KEEPALIVE_VALS on fd %d: %d

Failed to set SIO_KEEPALIVE_VALS on fd %d: %d

Couldn't bind to interface '%s'

Couldn't bind to interface '%s'

Local Interface %s is ip %s using address family %i

Local Interface %s is ip %s using address family %i

Name '%s' family %i resolved to '%s' family %i

Name '%s' family %i resolved to '%s' family %i

Couldn't bind to '%s'

Couldn't bind to '%s'

getsockname() failed with errno %d: %s

getsockname() failed with errno %d: %s

Local port: %hu

Local port: %hu

Bind to local port %hu failed, trying next

Bind to local port %hu failed, trying next

bind failed with errno %d: %s

bind failed with errno %d: %s

getpeername() failed with errno %d: %s

getpeername() failed with errno %d: %s

ssrem inet_ntop() failed with errno %d: %s

ssrem inet_ntop() failed with errno %d: %s

ssloc inet_ntop() failed with errno %d: %s

ssloc inet_ntop() failed with errno %d: %s

connect to %s port %ld failed: %s

connect to %s port %ld failed: %s

Failed to connect to %s port %ld: %s

Failed to connect to %s port %ld: %s

Could not set TCP_NODELAY: %s

Could not set TCP_NODELAY: %s

TCP_NODELAY set

TCP_NODELAY set

sa_addr inet_ntop() failed with errno %d: %s

sa_addr inet_ntop() failed with errno %d: %s

Trying %s...

Trying %s...

Immediate connect fail for %s: %s

Immediate connect fail for %s: %s

%s:%s

%s:%s

%sAuthorization: Basic %s

%sAuthorization: Basic %s

The requested URL returned error: %d

The requested URL returned error: %d

%s auth using %s with user '%s'

%s auth using %s with user '%s'

%s, d %s M d:d:d GMT

%s, d %s M d:d:d GMT

If-Modified-Since: %s

If-Modified-Since: %s

If-Unmodified-Since: %s

If-Unmodified-Since: %s

Last-Modified: %s

Last-Modified: %s

Referer: %s

Referer: %s

Accept-Encoding: %s

Accept-Encoding: %s

Chunky upload is not supported by HTTP 1.0

Chunky upload is not supported by HTTP 1.0

Host: %s%s%s

Host: %s%s%s

Host: %s%s%s:%hu

Host: %s%s%s:%hu

PTF://

PTF://

Range: bytes=%s

Range: bytes=%s

Content-Range: bytes %s%I64d/%I64d

Content-Range: bytes %s%I64d/%I64d

Content-Range: bytes %s/%I64d

Content-Range: bytes %s/%I64d

PTF://%s:%s@%s

PTF://%s:%s@%s

%s HTTP/%s

%s HTTP/%s

%s%s%s%s%s%s%s%s%s%s%s

%s%s%s%s%s%s%s%s%s%s%s

%s%s=%s

%s%s=%s

Internal HTTP POST error!

Internal HTTP POST error!

Content-Type: application/x-www-form-urlencoded

Content-Type: application/x-www-form-urlencoded

Failed sending HTTP POST request

Failed sending HTTP POST request

Failed sending HTTP request

Failed sending HTTP request

operation aborted by callback

operation aborted by callback

Read callback asked for PAUSE when not supported!

Read callback asked for PAUSE when not supported!

seek callback returned error %d

seek callback returned error %d

the ioctl callback returned %d

the ioctl callback returned %d

ioctl callback returned error %d

ioctl callback returned error %d

--:--:--

--:--:--

%3I64d %s %3I64d %s %3I64d %s %s %s %s %s %s %s

%3I64d %s %3I64d %s %3I64d %s %s %s %s %s %s %s

@Operation too slow. Less than %ld bytes/sec transferred the last %ld seconds

@Operation too slow. Less than %ld bytes/sec transferred the last %ld seconds

d:d:d

d:d:d

d:d

d:d

0123456789

0123456789

Unsupported protocol

Unsupported protocol

URL using bad/illegal format or missing URL

URL using bad/illegal format or missing URL

A requested feature, protocol or option was not found built-in in this libcurl due to a build-time decision.

A requested feature, protocol or option was not found built-in in this libcurl due to a build-time decision.

FTP: weird server reply

FTP: weird server reply

FTP: The server failed to connect to data port

FTP: The server failed to connect to data port

FTP: Accepting server connect has timed out

FTP: Accepting server connect has timed out

FTP: The server did not accept the PRET command.

FTP: The server did not accept the PRET command.

FTP: unknown PASS reply

FTP: unknown PASS reply

FTP: unknown PASV reply

FTP: unknown PASV reply

FTP: unknown 227 response format

FTP: unknown 227 response format

FTP: can't figure out the host in the PASV response

FTP: can't figure out the host in the PASV response

Error in the HTTP2 framing layer

Error in the HTTP2 framing layer

FTP: couldn't set file type

FTP: couldn't set file type

FTP: couldn't retrieve (RETR failed) the specified file

FTP: couldn't retrieve (RETR failed) the specified file

HTTP response code said error

HTTP response code said error

FTP: command PORT failed

FTP: command PORT failed

FTP: command REST failed

FTP: command REST failed

Operation was aborted by an application callback

Operation was aborted by an application callback

A libcurl function was given a bad argument

A libcurl function was given a bad argument

An unknown option was passed in to libcurl

An unknown option was passed in to libcurl

SSL peer certificate or SSH remote key was not OK

SSL peer certificate or SSH remote key was not OK

Problem with the local SSL certificate

Problem with the local SSL certificate

Peer certificate cannot be authenticated with given CA certificates

Peer certificate cannot be authenticated with given CA certificates

Problem with the SSL CA cert (path? access rights?)

Problem with the SSL CA cert (path? access rights?)

Unrecognized or bad HTTP Content or Transfer-Encoding

Unrecognized or bad HTTP Content or Transfer-Encoding

Invalid LDAP URL

Invalid LDAP URL

Issuer check against peer certificate failed

Issuer check against peer certificate failed

Login denied

Login denied

TFTP: File Not Found

TFTP: File Not Found

TFTP: Access Violation

TFTP: Access Violation

TFTP: Illegal operation

TFTP: Illegal operation

TFTP: Unknown transfer ID

TFTP: Unknown transfer ID

TFTP: No such user

TFTP: No such user

Caller must register CURLOPT_CONV_ callback options

Caller must register CURLOPT_CONV_ callback options

Error in the SSH layer

Error in the SSH layer

Unable to parse FTP file list

Unable to parse FTP file list

SSL public key does not match pinned public key

SSL public key does not match pinned public key

SSL server certificate status verification FAILED

SSL server certificate status verification FAILED

Protocol option is unsupported

Protocol option is unsupported

Protocol is unsupported

Protocol is unsupported

Socket is unsupported

Socket is unsupported

Operation not supported

Operation not supported

Address family not supported

Address family not supported

Protocol family not supported

Protocol family not supported

Winsock version not supported

Winsock version not supported

Unknown error %d (%#x)

Unknown error %d (%#x)

%d.%d.%d.%d

%d.%d.%d.%d

CLIENT libcurl 7.44.0-DEV

CLIENT libcurl 7.44.0-DEV

MATCH %s %s %s

MATCH %s %s %s

DEFINE %s %s

DEFINE %s %s

WSAStartup failed (%d)

WSAStartup failed (%d)

insufficient winsock version to support telnet

insufficient winsock version to support telnet

%s IAC %s

%s IAC %s

%s IAC %d

%s IAC %d

%s %s %s

%s %s %s

%s %s %d

%s %s %d

%s %d %d

%s %d %d

Sending data failed (%d)

Sending data failed (%d)

%s IAC SB

%s IAC SB

%s (unsupported)

%s (unsupported)

%d (unknown)

%d (unknown)

USER,%s

USER,%s

7[^= ]%*[ =]%5s

7[^= ]%*[ =]%5s

Syntax error in telnet option: %s

Syntax error in telnet option: %s

Unknown telnet option %s

Unknown telnet option %s

%c%c%c%c%s%c%c

%c%c%c%c%s%c%c

%c%c%c%c

%c%c%c%c

7[^,],7s

7[^,],7s

%c%s%c%s

%c%s%c%s

WS2_32.DLL

WS2_32.DLL

failed to load WS2_32.DLL (%d)

failed to load WS2_32.DLL (%d)

failed to find WSACreateEvent function (%d)

failed to find WSACreateEvent function (%d)

failed to find WSACloseEvent function (%d)

failed to find WSACloseEvent function (%d)

failed to find WSAEventSelect function (%d)

failed to find WSAEventSelect function (%d)

failed to find WSAEnumNetworkEvents function (%d)

failed to find WSAEnumNetworkEvents function (%d)

WSACreateEvent failed (%d)

WSACreateEvent failed (%d)

WSAEnumNetworkEvents failed (%d)

WSAEnumNetworkEvents failed (%d)

WSACloseEvent failed (%d)

WSACloseEvent failed (%d)

FreeLibrary(wsock2) failed (%d)

FreeLibrary(wsock2) failed (%d)

TFTP

TFTP

set timeouts for state %d; Total %ld, retry %d maxtry %d

set timeouts for state %d; Total %ld, retry %d maxtry %d

got option=(%s) value=(%s)

got option=(%s) value=(%s)

blksize is larger than max supported

blksize is larger than max supported

%s (%d)

%s (%d)

blksize is smaller than min supported

blksize is smaller than min supported

%s (%ld)

%s (%ld)

%s (%d) %s (%d)

%s (%d) %s (%d)

invalid tsize -:%s:- value in OACK packet

invalid tsize -:%s:- value in OACK packet

%s%c%s%c

%s%c%s%c

tftp_send_first: internal error

tftp_send_first: internal error

Received last DATA packet block %d again.

Received last DATA packet block %d again.

Received unexpected DATA packet block %d, expecting block %d

Received unexpected DATA packet block %d, expecting block %d

Timeout waiting for block %d ACK. Retries = %d

Timeout waiting for block %d ACK. Retries = %d

tftp_rx: internal error

tftp_rx: internal error

Received ACK for block %d, expecting %d

Received ACK for block %d, expecting %d

tftp_tx: giving up waiting for block %d ack

tftp_tx: giving up waiting for block %d ack

tftp_tx: internal error, event: %i

tftp_tx: internal error, event: %i

TFTP finished

TFTP finished

bind() failed; %s

bind() failed; %s

TFTP response timeout

TFTP response timeout

LDAP local: LDAP Vendor = %s ; LDAP Version = %d

LDAP local: LDAP Vendor = %s ; LDAP Version = %d

LDAP local: %s

LDAP local: %s

LDAP local: trying to establish %s connection

LDAP local: trying to establish %s connection

LDAP local: Cannot connect to %s:%ld

LDAP local: Cannot connect to %s:%ld

LDAP local: ldap_simple_bind_s %s

LDAP local: ldap_simple_bind_s %s

LDAP remote: %s

LDAP remote: %s

There are more than %d entries

There are more than %d entries

LOGIN %s %s

LOGIN %s %s

AUTHENTICATE %s %s

AUTHENTICATE %s %s

AUTHENTICATE %s

AUTHENTICATE %s

No known authentication mechanisms supported!

No known authentication mechanisms supported!

LIST "%s" *

LIST "%s" *

SELECT %s

SELECT %s

FETCH %s BODY[%s]

FETCH %s BODY[%s]

FETCH %s BODY[%s]

FETCH %s BODY[%s]

APPEND %s (\Seen) {%I64d}

APPEND %s (\Seen) {%I64d}

SEARCH %s

SEARCH %s

LOGINDISABLED

LOGINDISABLED

STARTTLS not supported.

STARTTLS not supported.

STARTTLS denied. %c

STARTTLS denied. %c

Access denied. %c

Access denied. %c

IMAPS not supported!

IMAPS not supported!

%cd

%cd

%s %s

%s %s

USER %s

USER %s

APOP %s %s

APOP %s %s

AUTH %s %s

AUTH %s %s

AUTH %s

AUTH %s

STLS not supported.

STLS not supported.

Authentication failed: %d

Authentication failed: %d

PASS %s

PASS %s

POP3S not supported!

POP3S not supported!

SMTP

SMTP

EHLO %s

EHLO %s

HELO %s

HELO %s

MAIL FROM:%s

MAIL FROM:%s

MAIL FROM:%s AUTH=%s

MAIL FROM:%s AUTH=%s

MAIL FROM:%s AUTH=%s SIZE=%s

MAIL FROM:%s AUTH=%s SIZE=%s

MAIL FROM:%s SIZE=%s

MAIL FROM:%s SIZE=%s

RCPT TO:%s

RCPT TO:%s

RCPT TO:

RCPT TO:

Got unexpected smtp-server response: %d

Got unexpected smtp-server response: %d

Remote access denied: %d

Remote access denied: %d

Command failed: %d

Command failed: %d

MAIL failed: %d

MAIL failed: %d

RCPT failed: %d

RCPT failed: %d

DATA failed: %d

DATA failed: %d

SMTPS not supported!

SMTPS not supported!

PORT

PORT

Preparing for accepting server on data port

Preparing for accepting server on data port

FTP response timeout

FTP response timeout

FTP response aborted due to select/poll error: %d

FTP response aborted due to select/poll error: %d

CWD %s

CWD %s

getsockname() failed: %s

getsockname() failed: %s

failed to resolve the address provided to PORT: %s

failed to resolve the address provided to PORT: %s

socket failure: %s

socket failure: %s

bind(port=%hu) on non-local address failed: %s

bind(port=%hu) on non-local address failed: %s

bind(port=%hu) failed: %s

bind(port=%hu) failed: %s

bind() failed, we ran out of ports!

bind() failed, we ran out of ports!

%s |%d|%s|%hu|

%s |%d|%s|%hu|

Failure sending EPRT command: %s

Failure sending EPRT command: %s

,%d,%d

,%d,%d

Failure sending PORT command: %s

Failure sending PORT command: %s

Connect data stream passively

Connect data stream passively

PRET %s

PRET %s

PRET STOR %s

PRET STOR %s

PRET RETR %s

PRET RETR %s

REST %d

REST %d

SIZE %s

SIZE %s

%s%s%s

%s%s%s

MDTM %s

MDTM %s

APPE %s

APPE %s

STOR %s

STOR %s

%c%c%c%u%c

%c%c%c%u%c

Illegal port number in EPSV reply

Illegal port number in EPSV reply

%d,%d,%d,%d,%d,%d

%d,%d,%d,%d,%d,%d

Skip %d.%d.%d.%d for data connection, re-use %s instead

Skip %d.%d.%d.%d for data connection, re-use %s instead

Bad PASV/EPSV response: d

Bad PASV/EPSV response: d

Can't resolve proxy host %s:%hu

Can't resolve proxy host %s:%hu

Can't resolve new host %s:%hu

Can't resolve new host %s:%hu

Failed to do PORT

Failed to do PORT

dddddd

dddddd

ddd d:d:d GMT

ddd d:d:d GMT

Last-Modified: %s, d %s M d:d:d GMT

Last-Modified: %s, d %s M d:d:d GMT

unsupported MDTM reply format

unsupported MDTM reply format

Got a d response code instead of the assumed 200

Got a d response code instead of the assumed 200

ftp server doesn't support SIZE

ftp server doesn't support SIZE

RETR %s

RETR %s

Failed FTP upload:

Failed FTP upload:

RETR response: d

RETR response: d

PBSZ %d

PBSZ %d

ACCT %s

ACCT %s

Access denied: d

Access denied: d

ACCT rejected by server: d

ACCT rejected by server: d

Got a d ftp-server response when 220 was expected

Got a d ftp-server response when 220 was expected

unsupported parameter to CURLOPT_FTPSSLAUTH: %d

unsupported parameter to CURLOPT_FTPSSLAUTH: %d

PROT %c

PROT %c

Entry path is '%s'

Entry path is '%s'

QUOT command failed with d

QUOT command failed with d

MKD %s

MKD %s

Failed to MKD dir: d

Failed to MKD dir: d

PRET command not accepted: d

PRET command not accepted: d

Remembering we are in dir "%s"

Remembering we are in dir "%s"

Failure sending ABOR command: %s

Failure sending ABOR command: %s

server did not report OK, got %d

server did not report OK, got %d

QUOT string not accepted: %s

QUOT string not accepted: %s

TYPE %c

TYPE %c

Connecting to %s (%s) port %d

Connecting to %s (%s) port %d

ftp_perform ends with SECONDARY: %d

ftp_perform ends with SECONDARY: %d

Wildcard - START of "%s"

Wildcard - START of "%s"

Wildcard - "%s" skipped by user

Wildcard - "%s" skipped by user

Failure sending QUIT command: %s

Failure sending QUIT command: %s

Uploading to a URL without a file name!

Uploading to a URL without a file name!

FTPS not supported!

FTPS not supported!

Couldn't open file %s

Couldn't open file %s

Can't open %s for writing

Can't open %s for writing

Can't get the size of %s

Can't get the size of %s

Refusing to issue an RTSP request [%s] without a session ID.

Refusing to issue an RTSP request [%s] without a session ID.

Transport:

Transport:

Transport: %s

Transport: %s

Refusing to issue an RTSP SETUP without a Transport: header.

Refusing to issue an RTSP SETUP without a Transport: header.

Range: %s

Range: %s

%s %s RTSP/1.0

%s %s RTSP/1.0

Session: %s

Session: %s

%s%s%s%s%s%s

%s%s%s%s%s%s

curl

curl

%sAuthorization: Digest %s

%sAuthorization: Digest %s

%sAuthorization: NTLM %s

%sAuthorization: NTLM %s

SOCKS4 communication to %s:%d

SOCKS4 communication to %s:%d

SOCKS4 connect to %s (locally resolved)

SOCKS4 connect to %s (locally resolved)

Failed to resolve "%s" for SOCKS4 connect.

Failed to resolve "%s" for SOCKS4 connect.

SOCKS4%s request granted.

SOCKS4%s request granted.

Can't complete SOCKS4 connection to %d.%d.%d.%d:%d. (%d), request rejected or failed.

Can't complete SOCKS4 connection to %d.%d.%d.%d:%d. (%d), request rejected or failed.

Can't complete SOCKS4 connection to %d.%d.%d.%d:%d. (%d), request rejected because SOCKS server cannot connect to identd on the client.

Can't complete SOCKS4 connection to %d.%d.%d.%d:%d. (%d), request rejected because SOCKS server cannot connect to identd on the client.

Can't complete SOCKS4 connection to %d.%d.%d.%d:%d. (%d), request rejected because the client program and identd report different user-ids.

Can't complete SOCKS4 connection to %d.%d.%d.%d:%d. (%d), request rejected because the client program and identd report different user-ids.

Can't complete SOCKS4 connection to %d.%d.%d.%d:%d. (%d), Unknown.

Can't complete SOCKS4 connection to %d.%d.%d.%d:%d. (%d), Unknown.

User was rejected by the SOCKS5 server (%d %d).

User was rejected by the SOCKS5 server (%d %d).

SOCKS5 GSSAPI per-message authentication is not supported.

SOCKS5 GSSAPI per-message authentication is not supported.

No authentication method was acceptable. (It is quite likely that the SOCKS5 server wanted a username/password, since none was supplied to the server on this connection.)

No authentication method was acceptable. (It is quite likely that the SOCKS5 server wanted a username/password, since none was supplied to the server on this connection.)

Failed to resolve "%s" for SOCKS5 connect.

Failed to resolve "%s" for SOCKS5 connect.

Can't complete SOCKS5 connection to %d.%d.%d.%d:%d. (%d)

Can't complete SOCKS5 connection to %d.%d.%d.%d:%d. (%d)

Can't complete SOCKS5 connection to %s:%d. (%d)

Can't complete SOCKS5 connection to %s:%d. (%d)

Can't complete SOCKS5 connection to xx:xx:xx:xx:xx:xx:xx:xx:%d. (%d)

Can't complete SOCKS5 connection to xx:xx:xx:xx:xx:xx:xx:xx:%d. (%d)

Establish HTTP proxy tunnel to %s:%hu

Establish HTTP proxy tunnel to %s:%hu

%s:%hu

%s:%hu

%s%s%s:%hu

%s%s%s:%hu

Host: %s

Host: %s

CONNECT %s HTTP/%s

CONNECT %s HTTP/%s

%s%s%s%s

%s%s%s%s

HTTP/1.%d %d

HTTP/1.%d %d

TUNNEL_STATE switched to: %d

TUNNEL_STATE switched to: %d

Received HTTP code %d from proxy after CONNECT

Received HTTP code %d from proxy after CONNECT

.jpeg

.jpeg

.html

.html

; filename="%s"

; filename="%s"

%s; boundary=%s

%s; boundary=%s

Content-Type: multipart/mixed; boundary=%s

Content-Type: multipart/mixed; boundary=%s

Content-Type: %s

Content-Type: %s

couldn't open file "%s"

couldn't open file "%s"

--%s--

--%s--

------------------------xx

------------------------xx

%c%c==

%c%c==

%c%c%c=

%c%c%c=

LOGIN

LOGIN

%s/%s

%s/%s

%s xxxxxxxxxxxxxxxx

%s xxxxxxxxxxxxxxxx

00000001

00000001

xxxx

xxxx

username="%s",realm="%s",nonce="%s",cnonce="%s",nc="%s",digest-uri="%s",response=%s,qop=%s

username="%s",realm="%s",nonce="%s",cnonce="%s",nc="%s",digest-uri="%s",response=%s,qop=%s

%s:%s:%s

%s:%s:%s

%s:%s:x:%s:%s:%s

%s:%s:x:%s:%s:%s

username="%s", realm="%s", nonce="%s", uri="%s", cnonce="%s", nc=x, qop=%s, response="%s"

username="%s", realm="%s", nonce="%s", uri="%s", cnonce="%s", nc=x, qop=%s, response="%s"

username="%s", realm="%s", nonce="%s", uri="%s", response="%s"

username="%s", realm="%s", nonce="%s", uri="%s", response="%s"

%s, opaque="%s"

%s, opaque="%s"

%s, algorithm="%s"

%s, algorithm="%s"

user=%s

user=%s

auth=Bearer %s

auth=Bearer %s

Unsupported SASL authentication mechanism

Unsupported SASL authentication mechanism

0123456789-

0123456789-

NTLMSSP%c

NTLMSSP%c

%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%s%s

%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%s%s

%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c

%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c

1.2.8

1.2.8

deflate 1.2.8 Copyright 1995-2013 Jean-loup Gailly and Mark Adler

deflate 1.2.8 Copyright 1995-2013 Jean-loup Gailly and Mark Adler

inflate 1.2.8 Copyright 1995-2013 Mark Adler

inflate 1.2.8 Copyright 1995-2013 Mark Adler

function not supported

function not supported

operation canceled

operation canceled

address_family_not_supported

address_family_not_supported

operation_in_progress

operation_in_progress

operation_not_supported

operation_not_supported

protocol_not_supported

protocol_not_supported

operation_would_block

operation_would_block

address family not supported

address family not supported

broken pipe

broken pipe

inappropriate io control operation

inappropriate io control operation

not supported

not supported

operation in progress

operation in progress

operation not permitted

operation not permitted

operation not supported

operation not supported

operation would block

operation would block

protocol not supported

protocol not supported

Visual C CRT: Not enough memory to complete call to strerror.

Visual C CRT: Not enough memory to complete call to strerror.

Operation not permitted

Operation not permitted

Inappropriate I/O control operation

Inappropriate I/O control operation

Broken pipe

Broken pipe

operator

operator

GetProcessWindowStation

GetProcessWindowStation

curl_global_init failed: %d

curl_global_init failed: %d

Microsoft Windows NT 4.0

Microsoft Windows NT 4.0

Microsoft Windows 95

Microsoft Windows 95

Microsoft Windows 98

Microsoft Windows 98

Microsoft Windows Me

Microsoft Windows Me

Microsoft Windows 2000

Microsoft Windows 2000

Microsoft Windows XP

Microsoft Windows XP

Microsoft Windows XP Professional x64 Edition

Microsoft Windows XP Professional x64 Edition

Microsoft Windows Server 2003 Web Edition

Microsoft Windows Server 2003 Web Edition

Microsoft Windows Server 2003 Compute Cluster Edition

Microsoft Windows Server 2003 Compute Cluster Edition

Microsoft Windows Server 2003 Storage Server

Microsoft Windows Server 2003 Storage Server

Microsoft Windows Server 2003 Datacenter Edition

Microsoft Windows Server 2003 Datacenter Edition

Microsoft Windows Server 2003 Enterprise Edition

Microsoft Windows Server 2003 Enterprise Edition

Microsoft Windows Server 2003 R2 Storage Server

Microsoft Windows Server 2003 R2 Storage Server

Microsoft Windows Vista

Microsoft Windows Vista

Microsoft Windows Server 2008

Microsoft Windows Server 2008

Microsoft Windows 7

Microsoft Windows 7

Microsoft Windows Server 2008 R2

Microsoft Windows Server 2008 R2

EEDTFJDVCLHQJLBOJLDUCLFDJIDVIWCWDUDPCHERBBHHHYDTIPGSFTFVGKCTAYDQIWAFHHERFPGKAYENGPEKHBHICG

EEDTFJDVCLHQJLBOJLDUCLFDJIDVIWCWDUDPCHERBBHHHYDTIPGSFTFVGKCTAYDQIWAFHHERFPGKAYENGPEKHBHICG

EEDTFJDVCLHQJLCHDMGWJUGGEEGNGQFNGYFBFKCNFLITFTBKBMDRIJGYFYIJAUHNIJEBATDIJJIBBECXHOGPJTEKHXJJJOIYJHGJIPBQBOHLFSDNEXEYIRADGREOBVAX

EEDTFJDVCLHQJLCHDMGWJUGGEEGNGQFNGYFBFKCNFLITFTBKBMDRIJGYFYIJAUHNIJEBATDIJJIBBECXHOGPJTEKHXJJJOIYJHGJIPBQBOHLFSDNEXEYIRADGREOBVAX

EEDTFJDVCLHQJLCBBIIFHBAEGYDJJIHOGOCVIREVDXJRDHDDCGGSDLDRGQBGHOCIGKBJASICIVGWEBFRHIBGCCCNHSCGAF

EEDTFJDVCLHQJLCBBIIFHBAEGYDJJIHOGOCVIREVDXJRDHDDCGGSDLDRGQBGHOCIGKBJASICIVGWEBFRHIBGCCCNHSCGAF

EEDTFJDVCLHQJLCHDMGXGUJLCWACAAFYBDJGEICOFTIAHMJGJKGJCVFNIUJGGHAWAIEZBCCOFEAOATEWJHDFAUCTBXIMFODUIXHKDODHIGBLHFGCERIOJUEUDPFEEGHK

EEDTFJDVCLHQJLCHDMGXGUJLCWACAAFYBDJGEICOFTIAHMJGJKGJCVFNIUJGGHAWAIEZBCCOFEAOATEWJHDFAUCTBXIMFODUIXHKDODHIGBLHFGCERIOJUEUDPFEEGHK

EEDTFJDVCLHQJLCFIRCYIVDOGJJGAYENHBASDPCAJMIIIQBKAACHEIJTASGJDKBXIOICEBAMESEEDTFJDVCLHQJLBOJLDUCLFDJIDVIWCWDUDPCHERBBHHHYDTIPGSFTFVGKCTAYDQIWAFHHERFPGKAYENGPEKHBHICG

EEDTFJDVCLHQJLCFIRCYIVDOGJJGAYENHBASDPCAJMIIIQBKAACHEIJTASGJDKBXIOICEBAMESEEDTFJDVCLHQJLBOJLDUCLFDJIDVIWCWDUDPCHERBBHHHYDTIPGSFTFVGKCTAYDQIWAFHHERFPGKAYENGPEKHBHICG

SELECT * FROM Win32_OperatingSystem

SELECT * FROM Win32_OperatingSystem

InternetOpenUrlW

InternetOpenUrlW

HttpQueryInfoW

HttpQueryInfoW

HttpOpenRequestW

HttpOpenRequestW

HttpSendRequestW

HttpSendRequestW

URLDownloadToFileW

URLDownloadToFileW

ShellExecuteW

ShellExecuteW

C:\Users\Administrator\Desktop\Q

C:\Users\Administrator\Desktop\Q

\Release\nmjh.pdb

\Release\nmjh.pdb

WLDAP32.dll

WLDAP32.dll

WS2_32.dll

WS2_32.dll

PeekNamedPipe

PeekNamedPipe

KERNEL32.dll

KERNEL32.dll

USER32.dll

USER32.dll

RegOpenKeyExW

RegOpenKeyExW

RegEnumKeyExW

RegEnumKeyExW

RegCloseKey

RegCloseKey

CryptDestroyKey

CryptDestroyKey

CryptImportKey

CryptImportKey

ADVAPI32.dll

ADVAPI32.dll

ole32.dll

ole32.dll

OLEAUT32.dll

OLEAUT32.dll

IPHLPAPI.DLL

IPHLPAPI.DLL

GetCPInfo

GetCPInfo

GetProcessHeap

GetProcessHeap

zcÁ

zcÁ

];:6,,((()

];:6,,((()

c.CHauy

c.CHauy

v:\OC

v:\OC

w.Rd&

w.Rd&

.Yxp6g

.Yxp6g

.Xui2\y

.Xui2\y

.Vr{4Yu

.Vr{4Yu

3a~D.Yv

3a~D.Yv

.Cv?f

.Cv?f

.UvUAf

.UvUAf

.UvUBh

.UvUBh

.VwUAi

.VwUAi

.YyUAq

.YyUAq

.YuAO

.YuAO

/F.En

/F.En

.Wx&O|

.Wx&O|

&Qs

&Qs

.Vraz

.Vraz

.Xv

.Xv

6 6$6(6,6064686

6 6$6(6,6064686

5 5$5(5,505

5 5$5(5,505

8@8%9U9Z9

8@8%9U9Z9

0 0$0(0,000

0 0$0(0,000

combase.dll

combase.dll

mscoree.dll

mscoree.dll

- floating point support not loaded

- floating point support not loaded

- CRT not initialized

- CRT not initialized

- Attempt to initialize the CRT more than once.

- Attempt to initialize the CRT more than once.

portuguese-brazilian

portuguese-brazilian

USER32.DLL

USER32.DLL

2.cmd

2.cmd

kernel32.dll

kernel32.dll

Gateway:0.0.0.0

Gateway:0.0.0.0

c:\Program Files\

c:\Program Files\

#{ad498944-762f-11d0-8dcb-00c04fc3358c}

#{ad498944-762f-11d0-8dcb-00c04fc3358c}

wininet.dll

wininet.dll

Mozilla/4.0 (compatible)

Mozilla/4.0 (compatible)

urlmon.dll

urlmon.dll

s.tianyuanjyh.com

s.tianyuanjyh.com

shell32.dll

shell32.dll

VVV.yytv8.com

VVV.yytv8.com

%d-%d-%d

%d-%d-%d

%d-%d-%d-%d-%d-%d

%d-%d-%d-%d-%d-%d

C:\uuuyunbo_53_1248.exe

C:\uuuyunbo_53_1248.exe

1.0.0.1

1.0.0.1

YunBOWin.exe

YunBOWin.exe