Trojan-Dropper.Win32.Delf.efnz (Kaspersky), Gen:Variant.Barys.2143 (B) (Emsisoft), Gen:Variant.Barys.2143 (AdAware), Backdoor.Win32.Fynloski.FD, Trojan.Win32.Iconomon.FD, Trojan.Win32.Sasfis.FD, VirTool.Win32.DelfInject.FD, mzpefinder_pcap_file.YR, BackdoorFynloski.YR, GenericDownloader.YR, GenericInjector.YR, TrojanDownloaderAndromeda.YR (Lavasoft MAS)Behaviour: Trojan-Dropper, Trojan-Downloader, Trojan, Backdoor, VirTool
The description has been automatically generated by Lavasoft Malware Analysis System and it may contain incomplete or inaccurate information.
Summary
MD5: d094375369bf3179856f9e8b1cff2250
SHA1: 79d45891258589aadfcf62d420c85e9635d26f0a
SHA256: 71b75677febbaa0ead9a02dd79e8d4ea58e9bbae71a129e7645541311ef40266
SSDeep: 98304:UoroaJBXxQU7ddZL0lcDeQ/ohEBAlQVF9ZJs AAMztVnLsatrDMRZQNwVHrQU/k:noIBXWQ10ueQAIA8FLC VMztlLssrwro
Size: 6043648 bytes
File type: EXE
Platform: WIN32
Entropy: Packed
PEID: UPolyXv05_v6
Company: WNZXP
Created at: 1992-06-20 01:22:17
Analyzed on: WindowsXP SP3 32-bit
Summary: Trojan-Dropper. Trojan program, intended for stealth installation of other malware into user's system.
Dynamic Analysis
Payload
No specific payload has been found.
Process activity
The Trojan creates the following process(es):
World of Tanks Hack v.6.0.exe:2000
%original file name%.exe:136
shuame_helper.exe:568
shuame_helper.exe:1852
The Trojan injects its code into the following process(es):
World of Tanks Hack.exe:2008
RootGenius.exe:1980
Mutexes
The following mutexes were created/opened:No objects were found.
File activity
The process World of Tanks Hack v.6.0.exe:2000 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\World of Tanks Hack.exe (3748 bytes)
The process %original file name%.exe:136 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\RootGenius.exe (34007 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\World of Tanks Hack v.6.0.exe (7386 bytes)
The process shuame_helper.exe:1852 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\.android\adbkey (1 bytes)
%Documents and Settings%\%current user%\.android\adbkey.pub (732 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\adb.log (38 bytes)
The process World of Tanks Hack.exe:2008 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Application Data\MSDCSC\msdcsc.exe (4545 bytes)
The process RootGenius.exe:1980 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\RootGenius\android_driver\devcon_x64.exe (87 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RootGenius\v (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RootGenius\Data\Bin\rgs (26 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RootGenius\upNew_RootGenius.exe.tmp.fd (256409 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RootGenius\RootGenius.dll (22433 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RootGenius\Superuser.zip (3863 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RootGenius\Data\Bin\busybox (5442 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RootGenius\android_driver\devcon_x86.exe (83 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RootGenius\Superuser\info (63 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RootGenius\Superuser\ddexe (132 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RootGenius\Superuser (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RootGenius\RootGenius.zip (23407 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RootGenius\Superuser\su (80 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RootGenius\RootGeniusEx.zip (166 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RootGenius\Data\Bin\su1 (96 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RootGenius\shuame_helper.exe (3811 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RootGenius\Download\KingUser.tmp.fd (85886 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RootGenius\Superuser\run_daemon (13 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RootGenius\UpdateGenius.exe (79 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\History\History.IE5\desktop.ini (159 bytes)
%Documents and Settings%\%current user%\Application Data\Shuame\.clientid (327 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\8UT3N2QI\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RootGenius\Superuser\Kinguser.apk (7666 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RootGenius\Data\Bin\fakebackup.ab (61 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RootGenius\AdbWinApi.dll (101 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\6SKZNAOD\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\79KZR3GB\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\NE6NOXOX\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RootGenius\AdbWinUsbApi.dll (66 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RootGenius\Superuser\ku.sud (46 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RootGenius\Superuser\install-recovery.sh (85 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RootGenius\Superuser\toolbox (286 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RootGenius\zlib1.dll (187 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RootGenius\Superuser\install (6 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RootGenius\Data\Apk\StayAwake.apk (45 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\RootGenius\v (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RootGenius\Superuser (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RootGenius\RootGenius.zip (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RootGenius\Superuser\su (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RootGenius\RootGeniusEx.zip (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RootGenius\Superuser\ddexe (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RootGenius\Superuser\install-recovery.sh (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RootGenius\Superuser\toolbox (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RootGenius\Superuser\Kinguser.apk (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RootGenius\Superuser\install (0 bytes)
Registry activity
The process World of Tanks Hack v.6.0.exe:2000 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "83 0A A4 A1 A5 95 34 15 8C 6F DC C8 07 67 32 CA"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Documents" = "%Documents and Settings%\All Users\Documents"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Desktop" = "%Documents and Settings%\%current user%\Desktop"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"
[HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache\C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp]
"World of Tanks Hack.exe" = "Remote Service Application"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Desktop" = "%Documents and Settings%\All Users\Desktop"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Personal" = "%Documents and Settings%\%current user%\My Documents"
The Trojan modifies IE settings for security zones to map all urls to the Intranet Zone:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"
The Trojan modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:
"UNCAsIntranet" = "1"
The Trojan modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:
"ProxyBypass" = "1"
The process %original file name%.exe:136 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "A1 48 58 F1 2D 72 F0 18 73 C6 C3 55 A0 24 81 AF"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Documents" = "%Documents and Settings%\All Users\Documents"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Desktop" = "%Documents and Settings%\%current user%\Desktop"
[HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache\C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp]
"RootGenius.exe" = "RootGenius"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"
[HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache\C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp]
"World of Tanks Hack v.6.0.exe" = "Remote Service Application"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Desktop" = "%Documents and Settings%\All Users\Desktop"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Personal" = "%Documents and Settings%\%current user%\My Documents"
The Trojan modifies IE settings for security zones to map all urls to the Intranet Zone:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"
The Trojan modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:
"UNCAsIntranet" = "1"
The Trojan modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:
"ProxyBypass" = "1"
The process shuame_helper.exe:568 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "8A 96 A1 0E 82 AF E8 B6 D9 C0 97 CF 4E 3B 55 33"
The process shuame_helper.exe:1852 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "31 F9 C4 58 3A F2 85 22 F1 E0 CB 8C 76 BA A1 21"
The process World of Tanks Hack.exe:2008 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "5E 77 CF 67 C3 0C 79 49 D0 48 F9 00 75 60 79 A6"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
To automatically run itself each time Windows is booted, the Trojan adds the following link to its file to the system registry autorun key:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
"msdcsc" = "%Documents and Settings%\%current user%\Application Data\MSDCSC\msdcsc.exe"
The Trojan adds the reference to itself to be executed when a user logs on:
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"UserInit" = "%System%\userinit.exe,%Documents and Settings%\%current user%\Application Data\MSDCSC\msdcsc.exe"
The process RootGenius.exe:1980 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65452"
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache4"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65452"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"
"Cookies" = "%Documents and Settings%\%current user%\Cookies"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache2"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"
[HKLM\System\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65452"
[HKCU\Software\RootGenius]
"(Default)" = "C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\RootGenius.exe"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "3C 00 00 00 1B 00 00 00 01 00 00 00 00 00 00 00"
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "A4 AB A9 D3 0F 8B B2 02 BA 70 8E CE 00 4B F9 0F"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache1"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65452"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"MigrateProxy" = "1"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache3"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"
The Trojan modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"
The Trojan modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:
"ProxyBypass" = "1"
Proxy settings are disabled:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"
The Trojan modifies IE settings for security zones to map all urls to the Intranet Zone:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"
The Trojan deletes the following value(s) in system registry:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"
"ProxyServer"
"ProxyOverride"
Dropped PE files
MD5 | File path |
---|---|
a59280211db18ba746eae705d7be1aff | c:\Documents and Settings\"%CurrentUserName%"\Application Data\MSDCSC\msdcsc.exe |
ce042f519c0abab6e3ac30dfd0a28408 | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\RootGenius.exe |
55b2c245718c8612d5b1f45182b3186b | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\RootGenius\AdbWinApi.dll |
58067cfdf27774a97c1bdbf5b9d5bc3e | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\RootGenius\AdbWinUsbApi.dll |
5ab29a0ff73766e497e00594145df0d9 | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\RootGenius\RootGenius.dll |
9b26339dac7d92c1f577052f2d8c5a9d | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\RootGenius\UpdateGenius.exe |
68dd313030ce594585fe5bf6c30fc573 | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\RootGenius\android_driver\devcon_x64.exe |
13468a05c81cb1e83e22ed540d2b378f | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\RootGenius\android_driver\devcon_x86.exe |
a1898660f04107ad073d3edbee2ae2ec | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\RootGenius\shuame_helper.exe |
08eb5b5dc281fe0bf46cb234b4102f94 | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\RootGenius\zlib1.dll |
1773bc61706767ff5944e9730bda7242 | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\World of Tanks Hack v.6.0.exe |
a59280211db18ba746eae705d7be1aff | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\World of Tanks Hack.exe |
HOSTS file anomalies
No changes have been detected.
Rootkit activity
No anomalies have been detected.
Propagation
Removals
Remove it with Ad-Aware
- Click (here) to download and install Ad-Aware Free Antivirus.
- Update the definition files.
- Run a full scan of your computer.
Manual removal*
- Terminate malicious process(es) (How to End a Process With the Task Manager):
World of Tanks Hack v.6.0.exe:2000
%original file name%.exe:136
shuame_helper.exe:568
shuame_helper.exe:1852 - Delete the original Trojan file.
- Delete or disinfect the following files created/modified by the Trojan:
%Documents and Settings%\%current user%\Local Settings\Temp\World of Tanks Hack.exe (3748 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RootGenius.exe (34007 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\World of Tanks Hack v.6.0.exe (7386 bytes)
%Documents and Settings%\%current user%\.android\adbkey (1 bytes)
%Documents and Settings%\%current user%\.android\adbkey.pub (732 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\adb.log (38 bytes)
%Documents and Settings%\%current user%\Application Data\MSDCSC\msdcsc.exe (4545 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RootGenius\android_driver\devcon_x64.exe (87 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RootGenius\v (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RootGenius\Data\Bin\rgs (26 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RootGenius\upNew_RootGenius.exe.tmp.fd (256409 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RootGenius\RootGenius.dll (22433 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RootGenius\Superuser.zip (3863 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RootGenius\Data\Bin\busybox (5442 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RootGenius\android_driver\devcon_x86.exe (83 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RootGenius\Superuser\info (63 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RootGenius\Superuser\ddexe (132 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RootGenius\RootGenius.zip (23407 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RootGenius\Superuser\su (80 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RootGenius\RootGeniusEx.zip (166 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RootGenius\Data\Bin\su1 (96 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RootGenius\shuame_helper.exe (3811 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RootGenius\Download\KingUser.tmp.fd (85886 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RootGenius\Superuser\run_daemon (13 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RootGenius\UpdateGenius.exe (79 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\History\History.IE5\desktop.ini (159 bytes)
%Documents and Settings%\%current user%\Application Data\Shuame\.clientid (327 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\8UT3N2QI\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RootGenius\Superuser\Kinguser.apk (7666 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RootGenius\Data\Bin\fakebackup.ab (61 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RootGenius\AdbWinApi.dll (101 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\6SKZNAOD\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\79KZR3GB\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\NE6NOXOX\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RootGenius\AdbWinUsbApi.dll (66 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RootGenius\Superuser\ku.sud (46 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RootGenius\Superuser\install-recovery.sh (85 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RootGenius\Superuser\toolbox (286 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RootGenius\zlib1.dll (187 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RootGenius\Data\Apk\StayAwake.apk (45 bytes) - Delete the following value(s) in the autorun key (How to Work with System Registry):
[HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
"msdcsc" = "%Documents and Settings%\%current user%\Application Data\MSDCSC\msdcsc.exe" - Remove the references to the Trojan by modifying the following registry value(s) (How to Work with System Registry):
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"UserInit" = "%System%\userinit.exe,%Documents and Settings%\%current user%\Application Data\MSDCSC\msdcsc.exe" - Clean the Temporary Internet Files folder, which may contain infected files (How to clean Temporary Internet Files folder).
- Reboot the computer.
Static Analysis
VersionInfo
No information is available.
No information is available.
PE Sections
Name | Virtual Address | Virtual Size | Raw Size | Entropy | Section MD5 |
---|---|---|---|---|---|
CODE | 4096 | 5048 | 5120 | 4.39524 | e5913936857bed3b3b2fbac53e973471 |
DATA | 12288 | 124 | 512 | 0.77468 | cef89de607e490725490a3cd679af6bb |
BSS | 16384 | 1685 | 0 | 0 | d41d8cd98f00b204e9800998ecf8427e |
.idata | 20480 | 770 | 1024 | 2.41029 | 3d2f2fc4e279cba623217ec9de264c4f |
.tls | 24576 | 4 | 0 | 0 | d41d8cd98f00b204e9800998ecf8427e |
.rdata | 28672 | 24 | 512 | 0.138011 | 467f29e48f3451df774e13adae5aafc2 |
.reloc | 32768 | 456 | 512 | 4.00868 | 9859d413c7408cb699cca05d648c2502 |
.rsrc | 36864 | 6034888 | 6034944 | 5.43911 | 7ac1e95657bb06de64065ecfc5667eb9 |
Dropped from:
Downloaded by:
Similar by SSDeep:
Similar by Lavasoft Polymorphic Checker:
Network Activity
URLs
URL | IP |
---|---|
hxxp://root-lb.gz.1251001058.clb.myqcloud.com/v2/root/cfg?versionName=RootGenius&versionCode=77 | |
hxxp://root-lb.gz.1251001058.clb.myqcloud.com/v2/root/update?versionName=RootGenius&versionCode=77 | |
hxxp://p23.tcdn.qq.com/1251001058/files/superuser/KingUser34-3.4.5.15-default-247334.zip | |
hxxp://down.qq.com/files/RootGenius/2.4.1/RootGenius_2.4.1.exe | |
hxxp://182.118.11.159/dl.shuame.com/files/RootGenius/2.4.1/RootGenius_2.4.1.exe?mkey=55c6868ce7f4ac34&f=8f5d&p=.exe | |
hxxp://42.56.65.16/dl.shuame.com/files/RootGenius/2.4.1/RootGenius_2.4.1.exe?mkey=55c68689e7f4ac34&f=8f5d&p=.exe | |
hxxp://163.177.158.80/dl.shuame.com/files/RootGenius/2.4.1/RootGenius_2.4.1.exe?mkey=55c68688e7f4ac34&f=d488&p=.exe | |
hxxp://153.37.232.46/dl.shuame.com/files/RootGenius/2.4.1/RootGenius_2.4.1.exe?mkey=55c68689e7f4ac34&f=d388&p=.exe | |
hxxp://1251001058.cdn.myqcloud.com/1251001058/files/superuser/KingUser34-3.4.5.15-default-247334.zip | 42.56.65.20 |
hxxp://dl.shuame.com/files/RootGenius/2.4.1/RootGenius_2.4.1.exe | 183.61.46.140 |
hxxp://api1.rootjl.com/v2/root/cfg?versionName=RootGenius&versionCode=77 | 203.195.128.118 |
hxxp://api1.rootjl.com/v2/root/update?versionName=RootGenius&versionCode=77 | 203.195.128.118 |
IDS verdicts (Suricata alerts: Emerging Threats ET ruleset)
Traffic
GET /1251001058/files/superuser/KingUser34-3.4.5.15-default-247334.zip HTTP/1.1
Range: bytes=335269-440211
Pragma: no-cache
Cache-Control: no-cache
Accept: text/html,application/xhtml xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.8888.8888;)
Host: 1251001058.cdn.myqcloud.com
Connection: Close
HTTP/1.1 206 Partial Content
Server: NWS_Appimg_HY
Connection: close
Date: Sun, 09 Aug 2015 00:36:14 GMT
Cache-Control: max-age=6000
Expires: Sun, 09 Aug 2015 02:16:14 GMT
Last-Modified: Mon, 27 Apr 2015 06:40:49 GMT
Content-Range: bytes 335269-440211/880425
Content-Type: application/zip
Content-Length: 104943
X-Cache-Lookup: Hit From Disktank
-.......,./...M.I.6}...._63..P-...Gz..lg.s$.^.s-w..qHU.<.......\.......?.( .u..."....oO.3..v.d....G..D. ...E......}:a...Yf.7.... ;...;..e......C......s....j.. h.,......O.,..-?.UWLrb.a...E.....K*...oJ....>8.".o......fy..C.......D..8..q.K..4..............v.............S[.jE1Z.}....Z{..=f...MR.....f .=G.m^......(x.<...`TW.....Yg.......-..Z_"l].O. ...y...........1.}..."...&V.S...<......1.`.Qe..`e/....l..'..{-\).|}......T..5..&H..E)4...;.w..wL.C0.......j.G.YK...p6McBI..*.......je4.R....QZ........K..)..Sb.f.a]...3..z....8. ."...r.....(DO...e.G..`.4..(..:p..h..Y$n|..|....7..d"#.Bt....pyC..K.. ....fX.c..;.5.)..e..4.L....l.(6.zo.o..Y..av.....C.b.>Y;......S......1.........ro....x.#..4G.i.5$....#.......U....'.o.....y.c.o.-.t#..uD....mX.jpG.....L...T.S...K.t].........ub&WBf.6QY...L....*...'..6....".......k....r..3...1..B...z...qX.h..RZ....3@..4.Q.....q|..N.[...Q....a...v%.....S.`sLC. .&q....W..R...d..%O..tDA..>.Q.<I4.....S.7.b.....\.3.'.D. n.,..R......V..B...'y.H8.r..l.}.9...j.K.... .........h...c....y.8`. w..b.[...........!F.w~~.Hg...^.5..#..}'x..D.c-#..R..o......6.....Z5......e?0....d...v...a....X.-D.<r..w...@...k\f..'......a....tQEW{c.V....K[t......_......{L..t...v......;u.Cc...........e#.`.r..V. ..u..Ks....V. .V.0|.YK..c_.n.|B .}..[o2..............6..r.D.......5.>v\...b.F.z...m..Sc]..#xT...o.}...[N...,........]..?q.g....p.l....E.E....i..X..1.. ....h.J.)..`mF....!.......*.w.D*.-.]..LDQ.9%.._...Yj7....B.....}.I|...<\}=..J....<.M..........I.....6..i......y>B..'[..8..a.......`...n.{..x1.
<<< skipped >>>
GET /files/RootGenius/2.4.1/RootGenius_2.4.1.exe HTTP/1.1
Pragma: no-cache
Cache-Control: no-cache
Connection: Close
Accept: text/html,application/xhtml xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.8888.8888;)
Host: dl.shuame.com
HTTP/1.1 302 Found
Server: nws 1.2.15
Connection: close
Date: Sun, 09 Aug 2015 00:36:09 GMT
Expires: Sun, 09 Aug 2015 00:36:09 GMT
Cache-Control: max-age=0
Content-Length: 65
Location: hXXp://182.118.11.159/dl.shuame.com/files/RootGenius/2.4.1/RootGenius_2.4.1.exe?mkey=55c6868ce7f4ac34&f=8f5d&p=.exe
The actual URL is '/files/RootGenius/2.4.1/RootGenius_2.4.1.exe'...
POST /v2/root/cfg?versionName=RootGenius&versionCode=77 HTTP/1.1
Pragma: no-cache
Cache-Control: no-cache
Connection: Close
Accept: text/html,application/xhtml xml,application/xml;q=0.9,*/*;q=0.8
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.8888.8888;)
Host: api1.rootjl.com
Content-Length: 0
HTTP/1.1 200 OK
Server: openresty
Date: Sun, 09 Aug 2015 00:36:06 GMT
Content-Type: text/plain
Content-Length: 703
Connection: close
...I.....F.H.Xw.G?w...9.7Z.La....-.........r....w......x..dEr...r.F.Kb...h.H.3Z...2T...T.j.PE...^.....Cv.e...v~V.:.s..)..'.HQn.NB.Cg. g..g~e>.f.Nj2.#....*FM..-.F..FM.3^-f.y:V.v.Z.S...r..n..3f.G.Z..CF..MlEdS6.*6N....|56EFM.(.n.p.../^...s..^..3N3f.......3'.g'.j.h2E.M.TF....n ..#.A|=rJOL.(.z).F..F..K.Q:l......M9=..$..RbCEF.2E.j..FMl...B.GFBd..3..GO...$.n.#E..jT.N......cS..E........BI.R.FL.BH..J...Q2.6O..$..\5FNM..t.r.#M.=...I.....TtS..C......N.J..z..KPJH.K.....2.6BB\..9..N..H.t.*...E.jl=...R.t....:...q...HRGGK^.B..j..ILl...B.GNv.t.5..6K.C.#.*..M..r.)...S.d.'Ql..h.....N.J.JB.2.KR......dQ>.6*2.c...!J..H...f...O.nl.K.:.T....\S.....t...B..z.*.M6E.M.....J.nZz...#..GFE..c.2.c.h.*..O......d..SF.<...dEr....
GET /dl.shuame.com/files/RootGenius/2.4.1/RootGenius_2.4.1.exe?mkey=55c68689e7f4ac34&f=d388&p=.exe HTTP/1.1
Range: bytes=3367408-5051111
Pragma: no-cache
Cache-Control: no-cache
Host: 153.37.232.46
Accept: text/html,application/xhtml xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.8888.8888;)
Connection: Close
HTTP/1.1 206 Partial Content
Server: 3Gdown_DK
Connection: close
Date: Sun, 09 Aug 2015 00:38:23 GMT
Cache-Control: max-age=2592000
Expires: Tue, 08 Sep 2015 00:38:23 GMT
Last-Modified: Mon, 03 Aug 2015 07:57:55 GMT
Content-Range: bytes 3367408-5051111/6734816
Content-Type: application/octet-stream
Content-Length: 1683704
X-Cache-Lookup: Hit From DiskTank Chunk Forward
.:..2.=. .(.'T.....1....l...W.g?Y..z2pKT.7....`B..t...O\Y...:.u...k$...H. R.......?..[.Y.$....%_...2. .r.$.J..0.P^..".o6...........Ti. F..7.r...>.i.u.g....(.).91......O..O56...k`/v..@7..$...@G a??-..".kS..68S.....$O .Hv...}.].S....4............D.r$..u.E..zm....@.M0.t0.......].tB.....9......7.......S.....^..?......*..Y...EA\.hu....R.-Y.J.f.@c...u...1.v]....K...B....nQL.V...l....v.Y.l..h........G..L..........j{gw.pL.U...N.7...!..u..l.>.........h..,.$........X..'jY.....YJU.?7 .{.-D.Z.J8W..4.7:....}/,.9.b.....t.#..0....>{.A&....x.N..:.K..P......#.....z........x."&..OS....^. ........~... R.-.b.L....n.(..on....D..g=.......p..% ..i.4&.(....a.....E.....0.$.b....1.Z..5.zSJ......*s.l4...Mp.e@..../E~....|...V.i.#\.\.}..S..u.-....:).~`.-.S.A......m..I).G..G....prU....9..G...X=..}d?>.Q....gO[.( ...d....uhV.~==...........&.j..9.......M.S.|3.M........n....)K...3...6..........4.03......_l_....^_.6..g.#....'.\........n*G..q.~TJ.....{o..u...9...F'|x.O.....Oi._.....X..xL.oj.e...aY#..k7..w.P.}............3.#d...!PY.tqj...<A.....$&0w..'...e"...n. ...F#Rl........E.......W.A.8..........y .A..**S.. R..w.U..j.`.>........`.................W......Q.y5K;.9B.|.....o8...D....d......1..K.....`.6.!....u.\f.........Zc.V...:.YE...ljE.P....ChY.._.&$YG....C.;$!.v(........<t...|...........X.....i.\HW...Jb.&.oK........5....(...5:4.../.\...........&...LoV.ab...ze=m.{R$.A.c9.PtoC.a."q_......lX..t.0....-..9y.......7(Q*eB...}..A..)&...W....3...y.G..g.......R.K..a..._WFvw&......[.....|-J<C..K...UC.B..$.k...O..Q....7}.5..It-T.UD..
<<< skipped >>>
GET /dl.shuame.com/files/RootGenius/2.4.1/RootGenius_2.4.1.exe?mkey=55c6868ce7f4ac34&f=8f5d&p=.exe HTTP/1.1
Pragma: no-cache
Cache-Control: no-cache
Accept: text/html,application/xhtml xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.8888.8888;)
Host: 182.118.11.159
Connection: Close
HTTP/1.1 200 OK
Server: 3Gdown_DK
Connection: close
Date: Sun, 09 Aug 2015 00:36:10 GMT
Cache-Control: max-age=2592000, s-maxage=10
Expires: Tue, 08 Sep 2015 00:36:10 GMT
Last-Modified: Mon, 03 Aug 2015 07:57:55 GMT
Content-Type: application/octet-stream
Content-Length: 6734816
X-Cache-Lookup: Hit From DiskTank Chunk Forward
MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........9.!.X.r.X.r.X.rd.yr.X.r..ar.X.r..^r.X.r.!^r.X.r. :r.X.r.._r.X.r. -r.X.r.X.r.Y.rO.[r.X.rO.br.X.r..er.X.r.X)r.X.rO.`r.X.rRich.X.r........................PE..L......U.................v...2b...................@...........................g.......g...@.........................0.....................`...........f.......f..7..................................`h..@.......................`....................text..._u.......v.................. ..`.rdata..2............z..............@..@.data...,@..........................@....rsrc.....`.......`.................@..@.reloc...7....f..8...tf.............@..B.........................................................................................................................................................................................................................................................................................................y....`.D.t..I...t.Q..X.D....U...u.j..q...,.D.].....U...}..t..u.j..q.....D.].....U..3.9E.u..u......!9E.u..u....P.3....u..u.P.q...\.D.].....U...u.j..q...`.D.].....U..V...S....E..t.V.i...Y..^].....U.....M..H...t.D.3..@......H..H.f.H.f.H..@.].....U...E..e...w....v..W...]..M...3.]...U...I...].`.3..A.B.....A.......U...E..V....t.D.t.V.....Y..^].....U...E..M.... .;.s..W...]....M...3.]...U..V.u.W.u........E.VP...V........|6.u..E.j.P..........|!.O..u.......t.N.`...8.@......p...3._^].....U..V.u.W.u........E.VP.......
<<< skipped >>>
GET /files/RootGenius/2.4.1/RootGenius_2.4.1.exe HTTP/1.1
Range: bytes=1683704-3367407
Pragma: no-cache
Cache-Control: no-cache
Accept: text/html,application/xhtml xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.8888.8888;)
Host: dl.shuame.com
Connection: Close
HTTP/1.1 302 Found
Server: nws 1.2.15
Connection: close
Date: Sun, 09 Aug 2015 00:36:12 GMT
Expires: Sun, 09 Aug 2015 00:36:12 GMT
Cache-Control: max-age=0
Content-Length: 65
Location: hXXp://42.56.65.16/dl.shuame.com/files/RootGenius/2.4.1/RootGenius_2.4.1.exe?mkey=55c68689e7f4ac34&f=8f5d&p=.exe
Accept-Ranges: bytes
Content-Range: bytes 0-64/0
The actual URL is '/files/RootGenius/2.4.1/RootGenius_2.4.1.exe'...
GET /1251001058/files/superuser/KingUser34-3.4.5.15-default-247334.zip HTTP/1.1
Range: bytes=660318-880424
Pragma: no-cache
Cache-Control: no-cache
Accept: text/html,application/xhtml xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.8888.8888;)
Host: 1251001058.cdn.myqcloud.com
Connection: Close
HTTP/1.1 206 Partial Content
Server: NWS_Appimg_HY
Connection: close
Date: Sun, 09 Aug 2015 00:36:05 GMT
Cache-Control: max-age=6000
Expires: Sun, 09 Aug 2015 02:16:05 GMT
Last-Modified: Mon, 27 Apr 2015 06:40:49 GMT
Content-Range: bytes 660318-880424/880425
Content-Type: application/zip
Content-Length: 220107
X-Cache-Lookup: Hit From Disktank
(......K.K.`...$[...-.[.....(\.W.Q.O....G..-.n>..a,J...............3...J.Z...h.V.[...s...es.gL....Su...8.*.:..>.0;F.. .....>........b.gP..[....'...8c..KDvrv.*.7..g....Vj..d .{.?...E..=.#..L...5Oe.v".Vq{....k7....Qn.M...C......?S%..aX....J...w....M.4..y..R.\..u).\O...x....'xI..;.pL..m...s...k.|.B.}...B.v{...d...Fy'....h...........~..O.zp..n..&bo.u^'......u.0...u.....;~.......>.p..._..^......!.K.yd.WB.........x_....J.rh..d...q6....2....-..../..h....bc..)7./.:...u....... ..*...L.y.;#.R6;..]..@....K..c..**.@_N.Hu...YN.bX.MQ.K.AH..!`.......N#....N. .q.j>....k[.....u3o...X..BN...6.-.T.9....j[X'K..IT<l0...3._...'....cQ.T..#R...]g3..dQ.@....2..~H..>.Y;..FD..........[U.S....`........w.Y.10......o........E7.'o-R...(.......s.K%*#..o.k.D,......d\?b.....|.>28...._..O...x.........w.zj.......#.....w5.o..... :....3.....c..*"(=...../........`k..@.ZG.g..a<&..t..X1X,.s......iy.8b...^.Lv.K..e".....[....O....G.a.J...a......D...rJ....7.C.D.....r...M...*....I.p.....hg~..i....,l3... .C.w`X..aG$S.E.p.....2........T...D..jztm..........$..R.~.6...*....^.... q{):......./K...E..l:-.Q.%.......wg"N...3.........w.I".*...Ej]-.........T|.mt.j{....( ......7?y.7r.fE...RG.....o......~N.....0y.*@. ....y.....fv..@...f..$..........@PR..B&..Dz...d{..8.1.I.N!r.X....z.mt.f6.....8...c.X|........\z>../...:.~'u..4}...J.`.).L@.3.w.b.i....].<.=....,....K.K...5......V...H.~.Wr..@.. . X2.7._..=dyY.......o5'}`../u..'dlj..jubP.........L.....'...sxX.H0...zcq^..{..D....,.si{.....J....,....<.O......kl....4..U.gb...e:...5i@.=.X.p.
<<< skipped >>>
GET /files/RootGenius/2.4.1/RootGenius_2.4.1.exe HTTP/1.1
Range: bytes=3367408-5051111
Pragma: no-cache
Cache-Control: no-cache
Accept: text/html,application/xhtml xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.8888.8888;)
Host: dl.shuame.com
Connection: Close
HTTP/1.1 302 Found
Server: nws 1.2.15
Connection: close
Date: Sun, 09 Aug 2015 00:36:12 GMT
Expires: Sun, 09 Aug 2015 00:36:12 GMT
Cache-Control: max-age=0
Content-Length: 65
Location: hXXp://153.37.232.46/dl.shuame.com/files/RootGenius/2.4.1/RootGenius_2.4.1.exe?mkey=55c68689e7f4ac34&f=d388&p=.exe
Accept-Ranges: bytes
Content-Range: bytes 0-64/0
The actual URL is '/files/RootGenius/2.4.1/RootGenius_2.4.1.exe'...
GET /1251001058/files/superuser/KingUser34-3.4.5.15-default-247334.zip HTTP/1.1
Range: bytes=440212-660317
Pragma: no-cache
Cache-Control: no-cache
Accept: text/html,application/xhtml xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.8888.8888;)
Host: 1251001058.cdn.myqcloud.com
Connection: Close
HTTP/1.1 206 Partial Content
Server: NWS_Appimg_HY
Connection: close
Date: Sun, 09 Aug 2015 00:36:05 GMT
Cache-Control: max-age=6000
Expires: Sun, 09 Aug 2015 02:16:05 GMT
Last-Modified: Mon, 27 Apr 2015 06:40:49 GMT
Content-Range: bytes 440212-660317/880425
Content-Type: application/zip
Content-Length: 220106
X-Cache-Lookup: Hit From Disktank
l.9..".<w.(.Y.].FQ......#.....$.*@..~.........@..C(...#$.....d<...dV........F.f.....o.%B.5...ref*j....w.c..J.g..........@..]......x..M.4....S...Y.t.W!..P..y't.G.P..V.u..c.u<HATQ.)......Cz.|....0?y.....p0......K.A..0v....w)...T.q....mx...UK=.../t.Z2..<..g...R..x..>..N=....L=.........W.....-..&..8..smII........r.]yoa..<..0..T...B.=...)RW.8.dcH.y......g......9u.*.V...S...J..r..C.:..........g.l..[..i..x.%...M.....c..wD>.-...:.7.3<k......4.....Q.....5*....y4...(..`Zy....-y.g..u... .......V..N.0..GK...h}.V.(".:...y....|.............3__.4z.%....WC..k....(.....%..V/.-..v.....O*..].*......./.e....B.<|......P.x..........7...F....F.(.......O|.U.....F'..E)J.......3M..b....~..a....c(.....SZ@|.vO.|l=.!...7../;M....8].muV..S0.(.'$S..I%...n...}.=.k.U..<......dp2YM.t..1.mw5.m..V......e.ag_..3.!..` ....`.z......lM...........X.L..7n....y...u..R...b... .i..H.\.........O..t./.....]....&...vb.....=...D.=.....q...b...hf.W.#8.vU$D\....}D.B\\3.e...g.M ..`!......6IC.%......:UH0............p'h...w.....k/...a.83..(.....\..Bk.....%.......m/.T~.....!..}...-.n.>h..I...!.....0...x.K.l....!.hYP.....!\H}.c.|....q....C.t.K.cE`...j....s.Q...E.:e..$so....?(S.....M.&%w...1.i]Y0 3.@j..h.UL. .5U......X.2[Vi......5.UF..q8%.S....Jm..w.P?o._........}.K..........Xp..1.....8~.{.{-8.z6.J.`\..ag..z$;_-%...5....@.B9@z=...!i...t0i|...%....UD.(Y.o..uHn.{o............ @.}.H...|...o&jj...D.}K..y...3:c-&...3.vPLD<.T."zQS}...Bu^v.......>......~`....'Wez......y 5t...~.9.?.I.........J15K.-D.f>1...>.......`....kx....c..D.c
<<< skipped >>>
GET /files/RootGenius/2.4.1/RootGenius_2.4.1.exe HTTP/1.1
Range: bytes=5051112-6734815
Pragma: no-cache
Cache-Control: no-cache
Accept: text/html,application/xhtml xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.8888.8888;)
Host: dl.shuame.com
Connection: Close
HTTP/1.1 302 Found
Server: nws 1.2.15
Connection: close
Date: Sun, 09 Aug 2015 00:36:13 GMT
Expires: Sun, 09 Aug 2015 00:36:13 GMT
Cache-Control: max-age=0
Content-Type: application/octet-stream
Content-Length: 0
Location: hXXp://163.177.158.80/dl.shuame.com/files/RootGenius/2.4.1/RootGenius_2.4.1.exe?mkey=55c68688e7f4ac34&f=d488&p=.exe
Accept-Ranges: bytes
Content-Range: bytes 0--1/0
POST /v2/root/update?versionName=RootGenius&versionCode=77 HTTP/1.1
Pragma: no-cache
Cache-Control: no-cache
Connection: Close
Accept: text/html,application/xhtml xml,application/xml;q=0.9,*/*;q=0.8
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.8888.8888;)
Host: api1.rootjl.com
Content-Length: 239
...O..E.........zr.......2...-..K..i..K>.i..x...'..s.....p......J.rPOn..MFdP.S".??K~/..6.._i....#<4IO......S.d...........'.KSF.PZ..Mejc.c.>O.. .nr3.s.9^.vdf........h.N....................M8...C.2P.zI.........2.zl'..f..hH
..ryp..2\...Q...
HTTP/1.1 200 OK
Server: openresty
Date: Sun, 09 Aug 2015 00:36:06 GMT
Content-Type: text/plain
Content-Length: 788
Connection: close
..<...bSc#Z$F....~..M2.B..d&..Uu...w..\z#....Fj...j.w...Q.n...p.LSl#..d.d.J.....\..FKQ...L.c#-H2.#O....&5c...F.rH.j.......jc..$d.......Qc.....|....N..y*...t'!I..-..#.mB!....Z*2h.G.t....H......d.nt...:..j.C.lr..dZ.S.'.f......d-..p..n.pY../7#..'..5..s.z.....>.vs..f.f..4J.V8...2N.i>..$dp.hs..Nc..\Z!d8..ZFbE.j.(...8.....44.r.#.T.R.tr$J.....dCJ..b.d.c4iK2.UF.cAL3.3:..7?;../..A....b....#......%.d&*#j..Ql...J..b.d.c(%.Y.._.2.n7u3... ....;..w}.yg....32~x.%..&Q#.6(J.V8.dT>M..2.l(.c'..\..q4.v7.....? ...n.t%....B...'$..vs.v.... .C..r.d.2E..6.d.c4iK2.UF.c.^G.tY..;3K..f..'....#3.^ta...4#T.Sc.2.6.T....2E..6.d.c(%.Y....'.6z3g...?73..?.255.y./..>.2vx.#.|...#jc...Y..T>...j.........=fr.7vz.'3..'f/f.j...3....3..'w..\...4...G#^..R...BI..Z9.#4k!Hq.5.....7.s:...BB..j.......7t.....x.....q.c..C.|s.\....
GET /dl.shuame.com/files/RootGenius/2.4.1/RootGenius_2.4.1.exe?mkey=55c68688e7f4ac34&f=d488&p=.exe HTTP/1.1
Range: bytes=5051112-6734815
Pragma: no-cache
Cache-Control: no-cache
Host: 163.177.158.80
Accept: text/html,application/xhtml xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.8888.8888;)
Connection: Close
HTTP/1.1 206 Partial Content
Server: 3Gdown_DK
Connection: close
Date: Sun, 09 Aug 2015 00:36:13 GMT
Cache-Control: max-age=0, s-maxage=10
Last-Modified: Mon, 03 Aug 2015 07:57:55 GMT
Content-Range: bytes 5051112-6734815/6734816
Content-Type: application/octet-stream
Content-Length: 1683704
X-Cache-Lookup: Hit From Disktank
M.a....]..~.g..^...K.|....z........v.....Q..i.....*Y.T..|..U0V.E[c..._]H..... 7..\....b......4......s._........u5E..^.....b~&.U...a.<....,1...T......iL.....\..V...M..="..:.y.6.[.....E......'`E..U!....x.....wy:..R'..j...S.^....Y..Dm7...A..>A....*.TA..r.Cv?W~.0.q.'c,W.{.NW.....H.>H............&.B..m..?..{9A.a3..n0..S.m,..........}..=0...5..Ft.....X.-....DzE...g.....'.. ..h6....n..........fjk.Jt(4.]L.,...2....6.u...Y;:FGWA.k...g.....]...=s..E.:G`*.b.T.:.V.t..7t.....&x.].C."..... ......rh.(....Tp......%......Jh..O.>3UE..`$..:._.`t.W..3.........V@..a.D.....X.|t..&.>........f.w:..b8...D.. ..M..,.f.........e.n2Uj}.l.~a.{...x..{....b.....dr <...[.8gC.C...D`D...e..Js.....^.r...E.....)....S...K.....bb~..!.p...V....SC..7b.r..Vd .w...8....2?...{^..../-\Z..{....|..=..[....-.....y.........H...w. ^u...G...d<....][Y......>y..3._~yG..Qv...8....$\#ia.C9.......w~.@.03xb....N.ut,%4.S.\ZT4.^.....,&;....m..lkI.&L=.. .n...>?.C.....S..R.8.VWN..'}(.u...}L.......8./..3..Y.........V)..;.i.P/...{o...:%.{>.O......AM.*..i..W,.m..KT.v..k.|{,..y...o..>....\.3........C..........L..^y_._.....$M%I..T.0....(.........iF.KLe&.<.7xL..g..5Y..R..cy.(....C.n..K*..aP..2....x9....g........:..R.O.b^..m?.......k.e.2.O ......F..T`..k.[g 0.....,.-.....=..X.=q...v.r...2..3...CF.4Bo..E...!.2..........[Bj...m..,D.'....[....Q........=.g<7....\...l...*.2........ Ah.......L._:.U..W...u.$=7.%.Q@..u..E..7.R?BO...z....73r.P._.]B.P......-.....e>.a. .P'.............K.C.Ho.J.b.3;.rB.........W..:..Dxw....d?......k.b..._B...b....d
<<< skipped >>>
GET /1251001058/files/superuser/KingUser34-3.4.5.15-default-247334.zip HTTP/1.1
Range: bytes=220106-440211
Pragma: no-cache
Cache-Control: no-cache
Accept: text/html,application/xhtml xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.8888.8888;)
Host: 1251001058.cdn.myqcloud.com
Connection: Close
HTTP/1.1 206 Partial Content
Server: NWS_Appimg_HY
Connection: close
Date: Sun, 09 Aug 2015 00:36:05 GMT
Cache-Control: max-age=6000
Expires: Sun, 09 Aug 2015 02:16:05 GMT
Last-Modified: Mon, 27 Apr 2015 06:40:49 GMT
Content-Range: bytes 220106-440211/880425
Content-Type: application/zip
Content-Length: 220106
X-Cache-Lookup: Hit From Disktank
@......t...D...lc...u...W.)..T;?.....{....m)......"........'.. .........g. ;s.......nq.!........%%.[.J.J......Z.7..$.w.E3N......_.G..8.d.!*r..-..|.R........;..`B...W...".......([.O.\';..j....".au~.3...f..w.Cnm...b8.........]..n9......=.....;......}.Ah.....2.7.z<.....v.BW... .UHT....\..|.....w........h...E9d..;...Sb...Wn:.8.*LY#.].....e..'.N5.X......O..pS.0`..U2. 8...D.v.>....OL9.........7.YJ...R........h...zfj......)yx.6.....d.....:..,`......r.y.\...z.3......p.g..k..P..x*..P..$M..........%A....X ..b.1.V..&X..*,B...?.o..~O..>..I<A(.......#8.Z...dt..).H.s.;d..k..iDz>jL\.o[.2........s.?...3#D.28...C...6...0.8...J....=...h...'.>.].[... .8.=..........X|..K...L..UK.wS....9...I..C?..O.....s..Ut=..4..~sf...^D..P.....)....p.s....k)..rM.....k....@ ...........PW}.:5.p..M..w..k....N....{.ts.O.._..NQ;.......:|s].......s8B....w....,.M\..m@.Y.z....L..v.H....}.V.........M....Z.......rx..U.q...........F.dN...2..e......a.i...Q M.....,Z.B.(.?P.`U..{_..h..3...Kb.Q.j....R.}Y7....w...j.;H5.$../....T?...I'G..~"xgL^AV.^...~..N(..dH...*......l]ud.....W.\........B...j..l.Qe4V..0..n./.....*l.= [.,.=......y.o.S...]........b.....r.....M;M)D!.......U.>......v.)2T.0......4s.\%.j$<2. ...}......\...Df..w.I...G.^WY.......].">.....a......t...(E..~.P.F...|w#..,...oi.]..;......R.A....N........E..s....Ng...d@..n.D...%.T...Y..$'Q....J...........`f..Y.s....I.........^...T..O.6P..Zi...y.....r...5....Q.,t.......\.6..D.!C0U..w.ye.m.H9.k.W.0\....rX...~Y.........;o...`..&$...W.1q9J..x......._..'. ........aE....._#..q\....L.@..
<<< skipped >>>
GET /1251001058/files/superuser/KingUser34-3.4.5.15-default-247334.zip HTTP/1.1
Range: bytes=795191-880424
Pragma: no-cache
Cache-Control: no-cache
Accept: text/html,application/xhtml xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.8888.8888;)
Host: 1251001058.cdn.myqcloud.com
Connection: Close
HTTP/1.1 206 Partial Content
Server: NWS_Appimg_HY
Connection: close
Date: Sun, 09 Aug 2015 00:36:15 GMT
Cache-Control: max-age=6000
Expires: Sun, 09 Aug 2015 02:16:15 GMT
Last-Modified: Mon, 27 Apr 2015 06:40:49 GMT
Content-Range: bytes 795191-880424/880425
Content-Type: application/zip
Content-Length: 85234
X-Cache-Lookup: Hit From Disktank
.....VLFa.......!..W.JY0...~.D..F......|/q......g.v264YB[..|......X....}..D:..t."...\.?/......N.wO.`.F....Z....T*8M:6\N..Bj.y/.....y..k ....w7..fpDw]...dK.:d#w!.......D..u.......)..o...G1.m=n...<i.Xa......~.^./0%M.......A....6...A.o....a...R....6Ta.A..}.....}0 %.u~m...!.\....q@.o7SC/..!b.fF...]....RFi...m..A.....).!.....O.D2R..q..X.<....W!^...lW.C.R:...e..e..).3.....{.VX..7..!.R91..dnZ....@..q.j.......D...I2.:....X.....*..4.WGD....w..P*.......?.SR...C.j....Xg....!.. .........].e...L.=......].z....T~.... ....`E.f.... {...."H........!....${......|....Y..(..}Q.B_.~.3s.....B=.r......].9...[......b......../...,..V)...G^.E..j........g..............u.....l....?.S-...s.N.p.jv.......X...b......e......J..e....Yu[pO.`=EO5..B.....w...%.-t.q...WP...8...>J.....&.#($.\y.......J.s.....X.!..8#..6..c=1'>.D.B..C....X.....].z....(.............jy...F@i.3i..;P...X.Uh..`..=.CH....d..&....A....Vgd[.c.&..`.OC.3.o.7...;..~....v.2S6....dV?.2A...\t.. .)....3BlM..C...<.B.v......y....]3F.....d4..G.w=.I#,(.L.n..0..%........2.. En.G..K^ i......a'...W.$...N..:t.N\w$.e.jP.....=. .k....5k............x....=.l.SX.....N..JQ5G%.^...^.I..K4H....@.18.n..b.....Y.AG...>.I...B......03...v<......j...........g.\n@.<.l.4..5.....u...n..Y,..VpX..>.=..)..eA..4.h...P..8...Y.A.>.Q|..,.....E.....~)...C.....g1D........"....ÿ..m..(......x-."~.VM...e..!......(..oH....rR,?g.=.[............?/.C...S.Z2.8.3..fM&..p...M..")...i...cC.>_....E).$.."1...j|.\....(^.\.H..QNL..M:M...Ofr.......Bj...N_....5........"........zW..x..a..3)0<.....
<<< skipped >>>
GET /dl.shuame.com/files/RootGenius/2.4.1/RootGenius_2.4.1.exe?mkey=55c68689e7f4ac34&f=8f5d&p=.exe HTTP/1.1
Range: bytes=1683704-3367407
Pragma: no-cache
Cache-Control: no-cache
Host: 42.56.65.16
Accept: text/html,application/xhtml xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.8888.8888;)
Connection: Close
HTTP/1.1 206 Partial Content
Server: 3Gdown_DK
Connection: close
Date: Sun, 09 Aug 2015 00:36:12 GMT
Cache-Control: max-age=0
Last-Modified: Mon, 03 Aug 2015 07:57:55 GMT
Content-Range: bytes 1683704-3367407/6734816
Content-Type: application/octet-stream
Content-Length: 1683704
X-Cache-Lookup: Hit From Disktank
.gfTD.J.Y....b.Q....a.... .eE.m7q...C....o. ..-....?..~.%^..U/..q............w.D.`*O.n..........2.s.....Y_Yo[.X..].t8....\.,.\../.g,..C.....w.u_....X.D.g...7.v.I.....&]!.%....Z.h.9.....=...W.^,.Z|M ... ....8.KY@wS...=..........I7;...o!..m..c..Ez.t...........vd......F...#!$...-..H..4.y...F....F._.C..B{.......%nT..U.B.#...#%mG........fob..ho. ..~..M..vIPY.....R.{....X%..J...f.H... dt....Y)..>.....v...t@.:.<.........P..6.=...........E.Dp....M.`k.....:....bbH0........Q.......tL.l-M.zd6#. ..9....J...Q...ek.,.^.J.^..7..).p...Q..>i..1.z...).:.S8..&u.o7........a......S....>......@......:.1........9.>8.@U..!._.... ..MR.z.0.$S.g...8..... .;f.:.FB>....X...x..*....Me..7g.;.........3......oP..Rt....... .....\.......O..]..gvp...I.TaD/.g...P.MvP.[..W.D...)&q..'...3o..._..3...I.)V;.h.....J-U....&v..8.U.D:.........2mW.._ZT.s.8....D..@..s..R..X.Vq....,.. ...@.>....l..=......./....G}.x.A..o.z..,D..1..I...1.(5o!....j:....o.....V...t...........Y....k.=.~..x.\..5U.8.....,.-.qI7..h.U.6...<....u|.)6..w....4.....y....,..A@4.(e....[G....n.......$"0...n..}G..A..^..d|O*..`..K.40..}J..7.\\.~.ChMF.i.Hn..6.......`...N.d11.Eb6....#.g..Ir.b....>.cp .VjU.......5.&l....Q..n..dR.lH.%...EC..&...P.........Yy6f....(...q..@......G..cs....._.,y.\...i..m....K\Y,..v.........'....}.]....'%....)Lr..liDp..........K..o|..p.'.....%1Sg7...'.^...........q;.e..........&..;.4D...=z=U.z.o...4.....I..T.....9.k.`..o}..........[.^..#%...|......../..#....Q/X...'"..c.H..?4..'..f...{.....|mU.l.vK...N...(p.iT^....>...........?Y........1...n
<<< skipped >>>
GET /1251001058/files/superuser/KingUser34-3.4.5.15-default-247334.zip HTTP/1.1
Pragma: no-cache
Cache-Control: no-cache
Connection: Close
Accept: text/html,application/xhtml xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.8888.8888;)
Host: 1251001058.cdn.myqcloud.com
HTTP/1.1 200 OK
Server: NWS_Appimg_HY
Connection: close
Date: Sun, 09 Aug 2015 00:36:04 GMT
Cache-Control: max-age=6000
Expires: Sun, 09 Aug 2015 02:16:04 GMT
Last-Modified: Mon, 27 Apr 2015 06:40:49 GMT
Content-Type: application/zip
Content-Length: 880425
X-Daa-Tunnel: hop_count=1
X-Cache-Lookup: Hit From Upstream
X-Cache-Lookup: Hit From Disktank
PK........Bx.D..JuG...B.......ddexe......N..>......(.i.......E.Z.z../....Z.m6/..'#.B%.....H...9-....&$..:.PK.........q.F....K...?.......infozM...!..L...h.5..P.k...j.....0..=..B[........... ..1W...f.].>d=.j(..R......PK..........IF.../............install .I..4%H.......v..>.M.6..~3IJ63......S.._YX..a{|...E..>.[q.p.m{........NH'..FT...L.:r.f.6.D.....,..*.'...M.EC.4Oj_.i...b._!"*tq0I.N..=..@..R9........4..i....N.<.].?P-1..}...(.... .....o...~....K*..DO.K....~...i..a....K.......}.8.9........s.2.../KnL.j.1...MRx......C.....>*!.....xvH n..N]8..t}[.....~nU.h..\.......f.N........emD..Af.....=.f.f1.|....O..9....%}7h..>2.k. . ...~ .T|.........O.T...V........0.!.q.i'.....|..C...........q...g;..f.....k..-.G.E1.Ql..f.P...$H...*G=.f%.}.....C...2HD..5^..P..r,.A.4...M.b.b..}..S1;y.o@).au5....$... .D....B.].h.=)jB..dk.....t..y...QD.o.......b...K..Lg.'....H...k.k..M&:..uGv...P..M<...?c..Yx%.;....2...=OI.$.....]@..u.r...8.. PK........H~:E....7... .......install-recovery.sh..I.=..$.$....5=.P..*R:SJ<...dE.jK.zK.]..,L).....XD....PK........w.TER...............Kinguser.apk.Xm=...I....Z........u...sy. ......... ........0....l..KG.......|.U..L...2.V.{.j..m>....).4.....B..c_.Pm.`.b..c.517.....8..L....J........@....O..u$V.T.Po.9.!.nX.V.L....3.sc.. ..d....J... ../........o"PQ].?.wGja.e.y._#...XK.9..k.5E......L..\.......?.....l.$#M..{8.5.~b.p.1$..Z..Y..u?...S.....=_..s.u...R.Y.V..{..'.F.;p....G...7.F.........h..;..-'.Y.Q..G&.\#.......d9rtx.....H..-.#su.Bh..T.P$}V....lHy...1....X.{.\_....g.(...u...HP.n....c....?..
<<< skipped >>>
Map
The Trojan connects to the servers at the folowing location(s):
Strings from Dumps
RootGenius.exe_1980:
.text
.text
`.rdata
`.rdata
@.data
@.data
.rsrc
.rsrc
@.reloc
@.reloc
zlib1.dll
zlib1.dll
RootGenius.dll
RootGenius.dll
Please contact the application's support team for more information.
Please contact the application's support team for more information.
- Attempt to initialize the CRT more than once.
- Attempt to initialize the CRT more than once.
- CRT not initialized
- CRT not initialized
- floating point support not loaded
- floating point support not loaded
operator
operator
GetProcessWindowStation
GetProcessWindowStation
USER32.DLL
USER32.DLL
KERNEL32.dll
KERNEL32.dll
USER32.dll
USER32.dll
SHLWAPI.dll
SHLWAPI.dll
dbghelp.dll
dbghelp.dll
GetProcessHeap
GetProcessHeap
GetCPInfo
GetCPInfo
RootGeniusCaller.exe
RootGeniusCaller.exe
zcÃ
zcÃ
tGHt.Ht&
tGHt.Ht&
Visual C CRT: Not enough memory to complete call to strerror.
Visual C CRT: Not enough memory to complete call to strerror.
Broken pipe
Broken pipe
Inappropriate I/O control operation
Inappropriate I/O control operation
Operation not permitted
Operation not permitted
1.2.5
1.2.5
zip 1.01 Copyright 1998-2004 Gilles Vollant - hXXp://VVV.winimage.com/zLibDll
zip 1.01 Copyright 1998-2004 Gilles Vollant - hXXp://VVV.winimage.com/zLibDll
unzip 1.01 Copyright 1998-2004 Gilles Vollant - hXXp://VVV.winimage.com/zLibDll
unzip 1.01 Copyright 1998-2004 Gilles Vollant - hXXp://VVV.winimage.com/zLibDll
inflate 1.2.5 Copyright 1995-2010 Mark Adler
inflate 1.2.5 Copyright 1995-2010 Mark Adler
deflate 1.2.5 Copyright 1995-2010 Jean-loup Gailly and Mark Adler
deflate 1.2.5 Copyright 1995-2010 Jean-loup Gailly and Mark Adler
GetConsoleOutputCP
GetConsoleOutputCP
unzOpenCurrentFilePassword
unzOpenCurrentFilePassword
? ?$?(?,?0?4?~?
? ?$?(?,?0?4?~?
1 1$1(1,1
1 1$1(1,1
8"8'818?8
8"8'818?8
; ;
; ;
ddexe,
ddexe,
install-recovery.sh
install-recovery.sh
Kinguser.apk
Kinguser.apk
.Gw5ZU
.Gw5ZU
.XV0:
.XV0:
.YN.l
.YN.l
.Xe2>
.Xe2>
.KC4bE
.KC4bE
O_v6&.HM
O_v6&.HM
yL3^r.jn
yL3^r.jn
.Cj3U
.Cj3U
.UW}33
.UW}33
^%uD[U
^%uD[U
Gn%S_
Gn%S_
%d`}b
%d`}b
:z-%C)
:z-%C)
.UrL$e
.UrL$e
n2sQL
n2sQL
aP.Nj
aP.Nj
.~.MP
.~.MP
q1.ki(
q1.ki(
.nR]E
.nR]E
nGB%cY
nGB%cY
kK.mh*
kK.mh*
.wBo9LL
.wBo9LL
6.MDF
6.MDF
A3%C=
A3%C=
.RfJpP
.RfJpP
4.NOX4
4.NOX4
%\.XG
%\.XG
~%xIB 6
~%xIB 6
u.Bjz
u.Bjz
Do.Is
Do.Is
X.aXAf
X.aXAf
}\.GKNV,n
}\.GKNV,n
R4ø
R4ø
.arfJ
.arfJ
tMSG
tMSG
d.gvs,
d.gvs,
(%s$9
(%s$9
,%dQXQg
,%dQXQg
-d-Q.Mv
-d-Q.Mv
JB.BB
JB.BB
tcP "X
tcP "X
}:.XC
}:.XC
Q%u\k
Q%u\k
s941@%X
s941@%X
J.LC5B
J.LC5B
%u|ty
%u|ty
,Aq.oH
,Aq.oH
K-.SV
K-.SV
a-t}10
a-t}10
V.nwa
V.nwa
.aW\;$d_R
.aW\;$d_R
F.Bwu
F.Bwu
:-Os}g
:-Os}g
X.xb1
X.xb1
\\Ê
\\Ê
]B/.eL %
]B/.eL %
&~KEy
&~KEy
Ad%u}
Ad%u}
`>.js
`>.js
,.XKr
,.XKr
ooY.XU9
ooY.XU9
!C)%sJ
!C)%sJ
.mAx[
.mAx[
P.fy2
P.fy2
8|%x>
8|%x>
\%Xe'\L
\%Xe'\L
U'.mn
U'.mn
NE^%x
NE^%x
j.BM_
j.BM_
p.BQ}_
p.BQ}_
H.Idsb~
H.Idsb~
A.gS-
A.gS-
.pA5i
.pA5i
u2V#%U
u2V#%U
v}.nJ
v}.nJ
=B%xt
=B%xt
.asI T
.asI T
%dG>vE
%dG>vE
ddexe
ddexe
AdbWinApi.dll.
AdbWinApi.dll.
#%5^!
#%5^!
5(Ãz
5(Ãz
'.rpI
'.rpI
64B`U%2S
64B`U%2S
AdbWinUsbApi.dllG
AdbWinUsbApi.dllG
\ftPK6
\ftPK6
android_driver/devcon_x64.exe
android_driver/devcon_x64.exe
R.Rgv
R.Rgv
n.knG
n.knG
@.UDl
@.UDl
2sÃ
2sÃ
%c!coC
%c!coC
android_driver/devcon_x86.exe
android_driver/devcon_x86.exe
Data/Apk/StayAwake.apk
Data/Apk/StayAwake.apk
B3?0sN%s
B3?0sN%s
.kK%
.kK%
keYWb
keYWb
J%XfQ
J%XfQ
q.Lvf
q.Lvf
K%STX
K%STX
|h.Yh
|h.Yh
`yb{%d
`yb{%d
%S8G-
%S8G-
s.iUb
s.iUb
%CM#:
%CM#:
.Gh-BS
.Gh-BS
&%sZ{
&%sZ{
N.JZu
N.JZu
DL6
DL6
.QY"T_
.QY"T_
6j%s-
6j%s-
/P%dm
/P%dm
~G%s6
~G%s6
O%Ug{I
O%Ug{I
%c>D1
%c>D1
*%5UT
*%5UT
'=2 %S[N5
'=2 %S[N5
ib.eb
ib.eb
%uDa'
%uDa'
eHt%U
eHt%U
.hOW{}~j
.hOW{}~j
.Cx/P
.Cx/P
LU.LqJ
LU.LqJ
al["x%s
al["x%s
B%c~`)
B%c~`)
g{.IX
g{.IX
-6pk}*f
-6pk}*f
t[t%U
t[t%U
oW%d>/g
oW%d>/g
"$.Vs
"$.Vs
i__%F
i__%F
QR.gv
QR.gv
.wA q
.wA q
%B.Fs
%B.Fs
AgWeB
AgWeB
.JcT[
.JcT[
>O,.fr
>O,.fr
_.bHh
_.bHh
%0xcB
%0xcB
o.pT4
o.pT4
Qk)Ü
Qk)Ü
;.UgK
;.UgK
d.fBsp5
d.fBsp5
).Bmd
).Bmd
.oXDn
.oXDn
4.tfw
4.tfw
"mSg\v=f
"mSg\v=f
|
|
P%f?#;7
P%f?#;7
-9}fW
-9}fW
%u-1.
%u-1.
1Q%dn6
1Q%dn6
]mJ.HKf-
]mJ.HKf-
jlÿ
jlÿ
Mz"%f
Mz"%f
.hk`feN
.hk`feN
.jMLm
.jMLm
u.QiV
u.QiV
%sk&yu
%sk&yu
91.Rg
91.Rg
n0.Uq
n0.Uq
`m.PSF
`m.PSF
?T.IEu
?T.IEu
f"%S\
f"%S\
Data/Bin/fakebackup.abspU
Data/Bin/fakebackup.abspU
J%un}
J%un}
.lHvO
.lHvO
.pN\oL
.pN\oL
bO/.pks
bO/.pks
2%CSBW
2%CSBW
x=m%c
x=m%c
&,.jN
&,.jN
%sM\5
%sM\5
ßr
ßr
&;*$;77,
&;*$;77,
%u8!{
%u8!{
t.Qz[
t.Qz[
.GYf]P
.GYf]P
D6.Os
D6.Os
(}G%c
(}G%c
.HFxT
.HFxT
.CvV]>2
.CvV]>2
6%f)(
6%f)(
fe>.xG
fe>.xG
Ed-r6}
Ed-r6}
PC.JT
PC.JT
.lp0.
.lp0.
w.dRj
w.dRj
.xsG33/
.xsG33/
u1bNv9c/%U
u1bNv9c/%U
6/%U{;
6/%U{;
k.no^J
k.no^J
.cUqD6p
.cUqD6p
G?6.ju
G?6.ju
M$.sf
M$.sf
S%U(Sk
S%U(Sk
.vG3n}\
.vG3n}\
}L%c%
}L%c%
K.JH}
K.JH}
66.pWN
66.pWN
E.cMz>
E.cMz>
xK]
xK]
Q@.bFw
Q@.bFw
9.%5x
9.%5x
.laX9
.laX9
g7f-g}}
g7f-g}}
VO.HG
VO.HG
DI`.kfJ
DI`.kfJ
ZGd.Ff
ZGd.Ff
4y~#.QG
4y~#.QG
&.Oa#
&.Oa#
/iW.oM
/iW.oM
UA.ln~,
UA.ln~,
6%FQl
6%FQl
Ir4.sSHD/
Ir4.sSHD/
B.uZa
B.uZa
P[V%F
P[V%F
4.ZW75o
4.ZW75o
k.Kk(
k.Kk(
=%u#T
=%u#T
;:7%U
;:7%U
&Q.gL
&Q.gL
J%UGO
J%UGO
m.TgL1
m.TgL1
%fqN!
%fqN!
F.Dfu
F.Dfu
y.JlLqOU
y.JlLqOU
}F%6sq^l
}F%6sq^l
P.Znb[
P.Znb[
v.JYd
v.JYd
WtcP
WtcP
.zTLoe
.zTLoe
-.bca
-.bca
%USpo
%USpo
i^.Vz-
i^.Vz-
DXR61.nx0
DXR61.nx0
.gFC^
.gFC^
~T.cBF
~T.cBF
ý ~]
ý ~]
K5.KO@
K5.KO@
DM.AbF'3
DM.AbF'3
:<.oy>
:<.oy>
.aCmL]
.aCmL]
.nhos"
.nhos"
.GD=}#;[
.GD=}#;[
;A^?%C;g
;A^?%C;g
v|8%x~
v|8%x~
N.lJV$
N.lJV$
.Wx{,
.Wx{,
:MSgCJ
:MSgCJ
]wY%S*
]wY%S*
y.xnc`-
y.xnc`-
PB3Ñ
PB3Ñ
z-P}@
z-P}@
Tq.eM
Tq.eM
%DPI>oR
%DPI>oR
.ib:\
.ib:\
.yVm-Y3O
.yVm-Y3O
u.SRTk)B
u.SRTk)B
j.Amo
j.Amo
tPa.gFL
tPa.gFL
-%dVDq
-%dVDq
t.ZbkW
t.ZbkW
ix.qQ
ix.qQ
@yz.NSj6>
@yz.NSj6>
jVN~bÀ
jVN~bÀ
E.vIWW
E.vIWW
o.Ha/i
o.Ha/i
^J4Z|.kn*
^J4Z|.kn*
=?bot%S
=?bot%S
E_%sj
E_%sj
`1.cj
`1.cj
)Je.gh
)Je.gh
MI.Ci
MI.Ci
i.IqH
i.IqH
CC%xY
CC%xY
9.mA
9.mA
%uz!S
%uz!S
(=hr.AY
(=hr.AY
#%fWm
#%fWm
k:\KEe
k:\KEe
NcsN%s
NcsN%s
Q[%9xv
Q[%9xv
Z.ZM9
Z.ZM9
*%8uXl
*%8uXl
x.fuRX
x.fuRX
^.lp-M
^.lp-M
=.XJ^q
=.XJ^q
%fTkI
%fTkI
.uxD8
.uxD8
/Ÿs
/Ÿs
Ü,[ST
Ü,[ST
>.peG!|
>.peG!|
hnHS.oU
hnHS.oU
Gg.ma
Gg.ma
.vqV`
.vqV`
K2uJ.oG
K2uJ.oG
.SGV-
.SGV-
A %C]
A %C]
Tsi.JE^$
Tsi.JE^$
.tI!w
.tI!w
ul.EB=%1
ul.EB=%1
%UNEwm
%UNEwm
e:$.FW
e:$.FW
vN-I}
vN-I}
.Gf!wx
.Gf!wx
j{%Ul
j{%Ul
k)%sL
k)%sL
b~5O@%D^7
b~5O@%D^7
D.Ye0
D.Ye0
0^*%U
0^*%U
s.bIl
s.bIl
2W.AZ
2W.AZ
.GH|1
.GH|1
.NTL ZCg
.NTL ZCg
M=.sJ
M=.sJ
.Rzy/
.Rzy/
aZ.fJ
aZ.fJ
ZC/;%FT
ZC/;%FT
O%S},
O%S},
| N%fq
| N%fq
%dN9
%dN9
.cLXK
.cLXK
L.Tjq{:
L.Tjq{:
,RÚ
,RÚ
P(-K}
P(-K}
N .YI
N .YI
R.EK)#
R.EK)#
mSG2;
mSG2;
Enh%x
Enh%x
t1Y%U
t1Y%U
.DRdK
.DRdK
.rp![
.rp![
aD.Wy
aD.Wy
.vB 05q7
.vB 05q7
E.yRse
E.yRse
7.vp.
7.vp.
9.TafI
9.TafI
q.Vh1
q.Vh1
%UT,2
%UT,2
Nh.NU
Nh.NU
R.JSp
R.JSp
Y2rU%D
Y2rU%D
=b.jbRo
=b.jbRo
6s.sH
6s.sH
g.Tn1
g.Tn1
4~E.mA[
4~E.mA[
`u.Js
`u.Js
5%DsnZ
5%DsnZ
Dm%s7E4
Dm%s7E4
j.pSfU
j.pSfU
.uJQs
.uJQs
};z5.zC)Q
};z5.zC)Q
mI.zm
mI.zm
JF.bb
JF.bb
%%s0}fH
%%s0}fH
]\.Mg
]\.Mg
J(.BPN
J(.BPN
C$X%FJ
C$X%FJ
Ül:
Ül:
.Nt=R
.Nt=R
l\.lKG
l\.lKG
i
i
Z%CnZ9
Z%CnZ9
%UPDdr
%UPDdr
Ml.dO j
Ml.dO j
).tD~
).tD~
8h.Gd)
8h.Gd)
[.Eq_
[.Eq_
Gl.TZ
Gl.TZ
Gq.Bqo{
Gq.Bqo{
shuame_helper.exe
shuame_helper.exe
.He b
.He b
sqlH
sqlH
2gh=L.jPM
2gh=L.jPM
T.Qh:x
T.Qh:x
l.Km5Xv
l.Km5Xv
6.zV;
6.zV;
.nhV'o
.nhV'o
&.mAX
&.mAX
bTX#.DtREE"
bTX#.DtREE"
q5%X^
q5%X^
.Xa1U.
.Xa1U.
.SKZl
.SKZl
:(1.du
:(1.du
.GJ6}O
.GJ6}O
HLd!.tR
HLd!.tR
g~.JW
g~.JW
$d%SU(
$d%SU(
.Tdx$
.Tdx$
H.RqX
H.RqX
.wYtk
.wYtk
Q.lc4t7
Q.lc4t7
%xJp]
%xJp]
.iu77
.iu77
xTM%S
xTM%S
Uev%F
Uev%F
}mu.JI
}mu.JI
Z,6C%c
Z,6C%c
r.rhF`
r.rhF`
.Jt4K
.Jt4K
1E.NV
1E.NV
F$/.yPxx
F$/.yPxx
-u.sw
-u.sw
)>.Rj
)>.Rj
UpdateGenius.exe
UpdateGenius.exe
bBM%U{v
bBM%U{v
AdbWinApi.dll
AdbWinApi.dll
AdbWinUsbApi.dll
AdbWinUsbApi.dll
Data/Bin/fakebackup.ab
Data/Bin/fakebackup.ab
RootGenius.dllPK
RootGenius.dllPK
RootGeniusEx.txtPK
RootGeniusEx.txtPK
RootGeniusEx.txt
RootGeniusEx.txt
/4%X)
/4%X)
'H%Sx
'H%Sx
`)I%S
`)I%S
2%2*292`2
2%2*292`2
0 0$0(0,000
0 0$0(0,000
KERNEL32.DLL
KERNEL32.DLL
mscoree.dll
mscoree.dll
RootGenius.zip
RootGenius.zip
RootGeniusEx.zip
RootGeniusEx.zip
C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\RootGenius.exe
C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\RootGenius.exe
zlib.dll
zlib.dll
ZLib.DLL
ZLib.DLL
DLL support by Alessandro Iacopetti & Gilles Vollant
DLL support by Alessandro Iacopetti & Gilles Vollant
RootGenius.exe
RootGenius.exe
World of Tanks Hack.exe_2008:
.text
.text
`.itext
`.itext
`.data
`.data
.idata
.idata
.rdata
.rdata
@.reloc
@.reloc
B.rsrc
B.rsrc
kernel32.dll
kernel32.dll
Windows
Windows
MSWHEEL_ROLLMSG
MSWHEEL_ROLLMSG
MSH_WHEELSUPPORT_MSG
MSH_WHEELSUPPORT_MSG
MSH_SCROLL_LINES_MSG
MSH_SCROLL_LINES_MSG
$*@@@*$@@@$ *@@* $@@($*)@-$*@@$-*@@$*-@@(*$)@-*$@@*-$@@*$-@@-* $@-$ *@* $-@$ *-@$ -*@*- $@($ *)(* $)
$*@@@*$@@@$ *@@* $@@($*)@-$*@@$-*@@$*-@@(*$)@-*$@@*-$@@*$-@@-* $@-$ *@* $-@$ *-@$ -*@*- $@($ *)(* $)
oleaut32.dll
oleaut32.dll
EVariantBadIndexError
EVariantBadIndexError
ssShift
ssShift
htKeyword
htKeyword
EInvalidOperation
EInvalidOperation
%s_%d
%s_%d
EInvalidGraphicOperation
EInvalidGraphicOperation
SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes
SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes
%s, ClassID: %s
%s, ClassID: %s
%s, ProgID: "%s"
%s, ProgID: "%s"
ole32.dll
ole32.dll
USER32.DLL
USER32.DLL
uxtheme.dll
uxtheme.dll
DWMAPI.DLL
DWMAPI.DLL
clWebSnow
clWebSnow
clWebFloralWhite
clWebFloralWhite
clWebLavenderBlush
clWebLavenderBlush
clWebOldLace
clWebOldLace
clWebIvory
clWebIvory
clWebCornSilk
clWebCornSilk
clWebBeige
clWebBeige
clWebAntiqueWhite
clWebAntiqueWhite
clWebWheat
clWebWheat
clWebAliceBlue
clWebAliceBlue
clWebGhostWhite
clWebGhostWhite
clWebLavender
clWebLavender
clWebSeashell
clWebSeashell
clWebLightYellow
clWebLightYellow
clWebPapayaWhip
clWebPapayaWhip
clWebNavajoWhite
clWebNavajoWhite
clWebMoccasin
clWebMoccasin
clWebBurlywood
clWebBurlywood
clWebAzure
clWebAzure
clWebMintcream
clWebMintcream
clWebHoneydew
clWebHoneydew
clWebLinen
clWebLinen
clWebLemonChiffon
clWebLemonChiffon
clWebBlanchedAlmond
clWebBlanchedAlmond
clWebBisque
clWebBisque
clWebPeachPuff
clWebPeachPuff
clWebTan
clWebTan
clWebYellow
clWebYellow
clWebDarkOrange
clWebDarkOrange
clWebRed
clWebRed
clWebDarkRed
clWebDarkRed
clWebMaroon
clWebMaroon
clWebIndianRed
clWebIndianRed
clWebSalmon
clWebSalmon
clWebCoral
clWebCoral
clWebGold
clWebGold
clWebTomato
clWebTomato
clWebCrimson
clWebCrimson
clWebBrown
clWebBrown
clWebChocolate
clWebChocolate
clWebSandyBrown
clWebSandyBrown
clWebLightSalmon
clWebLightSalmon
clWebLightCoral
clWebLightCoral
clWebOrange
clWebOrange
clWebOrangeRed
clWebOrangeRed
clWebFirebrick
clWebFirebrick
clWebSaddleBrown
clWebSaddleBrown
clWebSienna
clWebSienna
clWebPeru
clWebPeru
clWebDarkSalmon
clWebDarkSalmon
clWebRosyBrown
clWebRosyBrown
clWebPaleGoldenrod
clWebPaleGoldenrod
clWebLightGoldenrodYellow
clWebLightGoldenrodYellow
clWebOlive
clWebOlive
clWebForestGreen
clWebForestGreen
clWebGreenYellow
clWebGreenYellow
clWebChartreuse
clWebChartreuse
clWebLightGreen
clWebLightGreen
clWebAquamarine
clWebAquamarine
clWebSeaGreen
clWebSeaGreen
clWebGoldenRod
clWebGoldenRod
clWebKhaki
clWebKhaki
clWebOliveDrab
clWebOliveDrab
clWebGreen
clWebGreen
clWebYellowGreen
clWebYellowGreen
clWebLawnGreen
clWebLawnGreen
clWebPaleGreen
clWebPaleGreen
clWebMediumAquamarine
clWebMediumAquamarine
clWebMediumSeaGreen
clWebMediumSeaGreen
clWebDarkGoldenRod
clWebDarkGoldenRod
clWebDarkKhaki
clWebDarkKhaki
clWebDarkOliveGreen
clWebDarkOliveGreen
clWebDarkgreen
clWebDarkgreen
clWebLimeGreen
clWebLimeGreen
clWebLime
clWebLime
clWebSpringGreen
clWebSpringGreen
clWebMediumSpringGreen
clWebMediumSpringGreen
clWebDarkSeaGreen
clWebDarkSeaGreen
clWebLightSeaGreen
clWebLightSeaGreen
clWebPaleTurquoise
clWebPaleTurquoise
clWebLightCyan
clWebLightCyan
clWebLightBlue
clWebLightBlue
clWebLightSkyBlue
clWebLightSkyBlue
clWebCornFlowerBlue
clWebCornFlowerBlue
clWebDarkBlue
clWebDarkBlue
clWebIndigo
clWebIndigo
clWebMediumTurquoise
clWebMediumTurquoise
clWebTurquoise
clWebTurquoise
clWebCyan
clWebCyan
clWebPowderBlue
clWebPowderBlue
clWebSkyBlue
clWebSkyBlue
clWebRoyalBlue
clWebRoyalBlue
clWebMediumBlue
clWebMediumBlue
clWebMidnightBlue
clWebMidnightBlue
clWebDarkTurquoise
clWebDarkTurquoise
clWebCadetBlue
clWebCadetBlue
clWebDarkCyan
clWebDarkCyan
clWebTeal
clWebTeal
clWebDeepskyBlue
clWebDeepskyBlue
clWebDodgerBlue
clWebDodgerBlue
clWebBlue
clWebBlue
clWebNavy
clWebNavy
clWebDarkViolet
clWebDarkViolet
clWebDarkOrchid
clWebDarkOrchid
clWebMagenta
clWebMagenta
clWebDarkMagenta
clWebDarkMagenta
clWebMediumVioletRed
clWebMediumVioletRed
clWebPaleVioletRed
clWebPaleVioletRed
clWebBlueViolet
clWebBlueViolet
clWebMediumOrchid
clWebMediumOrchid
clWebMediumPurple
clWebMediumPurple
clWebPurple
clWebPurple
clWebDeepPink
clWebDeepPink
clWebLightPink
clWebLightPink
clWebViolet
clWebViolet
clWebOrchid
clWebOrchid
clWebPlum
clWebPlum
clWebThistle
clWebThistle
clWebHotPink
clWebHotPink
clWebPink
clWebPink
clWebLightSteelBlue
clWebLightSteelBlue
clWebMediumSlateBlue
clWebMediumSlateBlue
clWebLightSlateGray
clWebLightSlateGray
clWebWhite
clWebWhite
clWebLightgrey
clWebLightgrey
clWebGray
clWebGray
clWebSteelBlue
clWebSteelBlue
clWebSlateBlue
clWebSlateBlue
clWebSlateGray
clWebSlateGray
clWebWhiteSmoke
clWebWhiteSmoke
clWebSilver
clWebSilver
clWebDimGray
clWebDimGray
clWebMistyRose
clWebMistyRose
clWebDarkSlateBlue
clWebDarkSlateBlue
clWebDarkSlategray
clWebDarkSlategray
clWebGainsboro
clWebGainsboro
clWebDarkGray
clWebDarkGray
clWebBlack
clWebBlack
comctl32.dll
comctl32.dll
AutoHotkeysd-C
AutoHotkeysd-C
AutoHotkeys
AutoHotkeys
\SYSTEM\CurrentControlSet\Control\Keyboard Layouts\
\SYSTEM\CurrentControlSet\Control\Keyboard Layouts\
ssHotTrack
ssHotTrack
TWindowState
TWindowState
poProportional
poProportional
TWMKey
TWMKey
KeyPreview
KeyPreview
WindowState
WindowState
OnKeyDownL
OnKeyDownL
OnKeyPress
OnKeyPress
OnKeyUpH
OnKeyUpH
GlassFrame.Bottom
GlassFrame.Bottom
GlassFrame.Enabled
GlassFrame.Enabled
GlassFrame.Left
GlassFrame.Left
GlassFrame.Right
GlassFrame.Right
GlassFrame.SheetOfGlass
GlassFrame.SheetOfGlass
GlassFrame.Top
GlassFrame.Top
System\CurrentControlSet\Control\Keyboard Layouts\%.8x
System\CurrentControlSet\Control\Keyboard Layouts\%.8x
Uh.ID
Uh.ID
User32.dll
User32.dll
TKeyEvent
TKeyEvent
TKeyPressEvent
TKeyPressEvent
HelpKeyword nA
HelpKeyword nA
crSQLWait
crSQLWait
%s (%s)
%s (%s)
imm32.dll
imm32.dll
TSocketPort
TSocketPort
%d.%d.%d.%d
%d.%d.%d.%d
0.0.0.0
0.0.0.0
PSAPI.dll
PSAPI.dll
TDCWebCam
TDCWebCam
127.0.0.1
127.0.0.1
BuildImportTable: can't load library:
BuildImportTable: can't load library:
BuildImportTable: ReallocMemory failed
BuildImportTable: ReallocMemory failed
BuildImportTable: GetProcAddress failed
BuildImportTable: GetProcAddress failed
BTMemoryLoadLibary: BuildImportTable failed
BTMemoryLoadLibary: BuildImportTable failed
BTMemoryGetProcAddress: no export table found
BTMemoryGetProcAddress: no export table found
BTMemoryGetProcAddress: DLL doesn't export anything
BTMemoryGetProcAddress: DLL doesn't export anything
BTMemoryGetProcAddress: exported symbol not found
BTMemoryGetProcAddress: exported symbol not found
1.2.3
1.2.3
127.0.0.1:1604
127.0.0.1:1604
#KCMDDC51#-
#KCMDDC51#-
5.3.0
5.3.0
cmd.exe
cmd.exe
SOFTWARE\Microsoft\Windows\CurrentVersion\Run
SOFTWARE\Microsoft\Windows\CurrentVersion\Run
hkey
hkey
\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
*.torrent
*.torrent
\Internet Explorer\iexplore.exe
\Internet Explorer\iexplore.exe
explorer.exe
explorer.exe
wlanapi.dll
wlanapi.dll
80211_SHARED_KEY
80211_SHARED_KEY
user32.dll
user32.dll
TUploadFTP
TUploadFTP
notepad.exe
notepad.exe
KEYNAME
KEYNAME
%ShortCut#
%ShortCut#
RELATEDCMD
RELATEDCMD
ping 127.0.0.1 -n 4 > NUL && "
ping 127.0.0.1 -n 4 > NUL && "
DRKey
DRKey
CRKey
CRKey
DelMSKey
DelMSKey
InstallHKEY
InstallHKEY
ActiveOnlineKeylogger
ActiveOnlineKeylogger
UnActiveOnlineKeylogger
UnActiveOnlineKeylogger
KeylogOn
KeylogOn
ActiveOfflineKeylogger
ActiveOfflineKeylogger
UnActiveOfflineKeylogger
UnActiveOfflineKeylogger
ActiveOnlineKeyStrokes
ActiveOnlineKeyStrokes
UnActiveOnlineKeyStrokes
UnActiveOnlineKeyStrokes
OpenWebPage
OpenWebPage
tmpprint.txt
tmpprint.txt
URLUpdate
URLUpdate
MSGBOX
MSGBOX
#BOT#VisitUrl
#BOT#VisitUrl
#BOT#OpenUrl
#BOT#OpenUrl
HTTP://
HTTP://
hXXp://
hXXp://
BTRESULTOpen URL|
BTRESULTOpen URL|
Command successfully executed!|
Command successfully executed!|
#BOT#URLUpdate
#BOT#URLUpdate
BTERRORUpdate from URL| Error on downloading file check if you type the correct url...|
BTERRORUpdate from URL| Error on downloading file check if you type the correct url...|
BTRESULTUpdate from URL|Update : File Downloaded , Executing new one in temp dir...|
BTRESULTUpdate from URL|Update : File Downloaded , Executing new one in temp dir...|
#BOT#URLDownload
#BOT#URLDownload
GetActivePorts
GetActivePorts
out.txt
out.txt
tmp.txt
tmp.txt
DDOSHTTPFLOOD
DDOSHTTPFLOOD
DDOSUDPFLOOD
DDOSUDPFLOOD
%IPPORTSCAN
%IPPORTSCAN
SAPI.SpVoice
SAPI.SpVoice
WEBCAMLIVE
WEBCAMLIVE
WEBCAMSTOP
WEBCAMSTOP
PASSWORD
PASSWORD
FTPFILEUPLOAD
FTPFILEUPLOAD
URLDOWNLOADTOFILE
URLDOWNLOADTOFILE
UPLOADEXEC
UPLOADEXEC
UPANDEXEC
UPANDEXEC
FTPPORT
FTPPORT
FTPPASS
FTPPASS
FTPUSER
FTPUSER
FTPHOST
FTPHOST
FTPROOT
FTPROOT
FTPUPLOADK
FTPUPLOADK
FTPSIZE
FTPSIZE
BTRESULTUDP Flood|UDP Flood task finished!|
BTRESULTUDP Flood|UDP Flood task finished!|
PortScanAdd
PortScanAdd
BTRESULTVisit URL|finished to visit
BTRESULTVisit URL|finished to visit
BTERRORVisit URL|An exception occured in the thread|
BTERRORVisit URL|An exception occured in the thread|
POST /index.php/1.0
POST /index.php/1.0
BTRESULTHTTP Flood|Http Flood task finished!|
BTRESULTHTTP Flood|Http Flood task finished!|
Mozilla
Mozilla
BTRESULTDownload File|Mass Download : File Downloaded , Executing new one in temp dir...|
BTRESULTDownload File|Mass Download : File Downloaded , Executing new one in temp dir...|
BTERRORDownload File| Error on downloading file check if you type the correct url...|
BTERRORDownload File| Error on downloading file check if you type the correct url...|
Software\Microsoft\Windows\CurrentVersion\Run
Software\Microsoft\Windows\CurrentVersion\Run
Software\Microsoft\Windows NT\CurrentVersion\Winlogon
Software\Microsoft\Windows NT\CurrentVersion\Winlogon
ERR|Cannot listen to port, try another one..|
ERR|Cannot listen to port, try another one..|
TCaptureWebcam
TCaptureWebcam
taskmgr.exe
taskmgr.exe
\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\
\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\
DC3_FEXEC
DC3_FEXEC
Windows NT 4.0
Windows NT 4.0
Windows 2000
Windows 2000
Windows XP
Windows XP
Windows Server 2003
Windows Server 2003
Windows Vista
Windows Vista
Windows 7
Windows 7
Windows 95
Windows 95
Windows 98
Windows 98
Windows Me
Windows Me
S-%u-
S-%u-
FAKEMSG
FAKEMSG
MSGICON
MSGICON
MSGTITLE
MSGTITLE
MSGCORE
MSGCORE
deflate 1.2.3 Copyright 1995-2005 Jean-loup Gailly
deflate 1.2.3 Copyright 1995-2005 Jean-loup Gailly
inflate 1.2.3 Copyright 1995-2005 Mark Adler
inflate 1.2.3 Copyright 1995-2005 Mark Adler
advapi32.dll
advapi32.dll
RegOpenKeyExA
RegOpenKeyExA
RegCloseKey
RegCloseKey
GetKeyboardType
GetKeyboardType
keybd_event
keybd_event
VkKeyScanA
VkKeyScanA
UnhookWindowsHookEx
UnhookWindowsHookEx
SetWindowsHookExA
SetWindowsHookExA
MsgWaitForMultipleObjectsEx
MsgWaitForMultipleObjectsEx
MsgWaitForMultipleObjects
MsgWaitForMultipleObjects
MapVirtualKeyA
MapVirtualKeyA
LoadKeyboardLayoutA
LoadKeyboardLayoutA
GetKeyboardState
GetKeyboardState
GetKeyboardLayoutNameA
GetKeyboardLayoutNameA
GetKeyboardLayoutList
GetKeyboardLayoutList
GetKeyboardLayout
GetKeyboardLayout
GetKeyState
GetKeyState
GetKeyNameTextA
GetKeyNameTextA
ExitWindowsEx
ExitWindowsEx
EnumWindows
EnumWindows
EnumThreadWindows
EnumThreadWindows
EnumChildWindows
EnumChildWindows
ActivateKeyboardLayout
ActivateKeyboardLayout
gdi32.dll
gdi32.dll
SetViewportOrgEx
SetViewportOrgEx
version.dll
version.dll
WinExec
WinExec
PeekNamedPipe
PeekNamedPipe
GetWindowsDirectoryA
GetWindowsDirectoryA
GetProcessHeap
GetProcessHeap
GetCPInfo
GetCPInfo
CreatePipe
CreatePipe
RegQueryInfoKeyA
RegQueryInfoKeyA
RegOpenKeyA
RegOpenKeyA
RegFlushKey
RegFlushKey
RegEnumKeyExA
RegEnumKeyExA
RegDeleteKeyA
RegDeleteKeyA
RegCreateKeyExA
RegCreateKeyExA
RegCreateKeyA
RegCreateKeyA
wsock32.dll
wsock32.dll
shell32.dll
shell32.dll
ShellExecuteExA
ShellExecuteExA
ShellExecuteA
ShellExecuteA
SHFileOperationA
SHFileOperationA
URLMON.DLL
URLMON.DLL
URLDownloadToFileA
URLDownloadToFileA
wininet.dll
wininet.dll
InternetOpenUrlA
InternetOpenUrlA
HttpQueryInfoA
HttpQueryInfoA
FtpPutFileA
FtpPutFileA
winmm.dll
winmm.dll
netapi32.dll
netapi32.dll
gdiplus.dll
gdiplus.dll
GdiplusShutdown
GdiplusShutdown
msacm32.dll
msacm32.dll
ntdll.dll
ntdll.dll
WS2_32.DLL
WS2_32.DLL
SHFolder.dll
SHFolder.dll
SHELL32.DLL
SHELL32.DLL
AVICAP32.DLL
AVICAP32.DLL
1!1,1=1|1
1!1,1=1|1
6 6$6(6,606
6 6$6(6,606
=!=$=)=-=1=
=!=$=)=-=1=
01m1
01m1
0 0$0(0,0004080
0 0$0(0,0004080
;"<_>
;"<_>
; ;$;(;,;0;4;8;
; ;$;(;,;0;4;8;
7 8$888
7 8$888
= =$=(=,=0=4=8=
= =$=(=,=0=4=8=
UntKeylogger
UntKeylogger
KWindows
KWindows
UntActivePorts
UntActivePorts
UntControlKey
UntControlKey
UntCaptureWebcam
UntCaptureWebcam
UntWebCam
UntWebCam
UrlMon
UrlMon
(UntUploadFTPThread
(UntUploadFTPThread
UntFTP
UntFTP
_UntUDPFlood
_UntUDPFlood
YUntScanPorts
YUntScanPorts
0UntPasswordAndData
0UntPasswordAndData
XUntHTTPFlood
XUntHTTPFlood
UntCPU
UntCPU
66006666
66006666
No help found for %s#No context-sensitive help installed
No help found for %s#No context-sensitive help installed
No help found for context$No topic-based help system installedNUnable to retrieve a pointer to a running object registered with OLE for %s/%s
No help found for context$No topic-based help system installedNUnable to retrieve a pointer to a running object registered with OLE for %s/%s
Invalid clipboard format Clipboard does not support Icons
Invalid clipboard format Clipboard does not support Icons
Cannot open clipboard/Menu '%s' is already being used by another form
Cannot open clipboard/Menu '%s' is already being used by another form
- Dock zone has no controlLError loading dock zone from the stream. Expecting version %d, but found %d.
- Dock zone has no controlLError loading dock zone from the stream. Expecting version %d, but found %d.
OLE error %.8x.Method '%s' not supported by automation object/Variant does not reference an automation object7Dispatch methods do not support more than 64 parameters
OLE error %.8x.Method '%s' not supported by automation object/Variant does not reference an automation object7Dispatch methods do not support more than 64 parameters
Error creating window class Cannot focus a disabled or invisible window!Control '%s' has no parent window
Error creating window class Cannot focus a disabled or invisible window!Control '%s' has no parent window
Not enough timers available@GroupIndex cannot be less than a previous menu item's GroupIndex5Cannot create form. No MDI forms are currently active$%s not in a class registration group
Not enough timers available@GroupIndex cannot be less than a previous menu item's GroupIndex5Cannot create form. No MDI forms are currently active$%s not in a class registration group
Property %s does not exist
Property %s does not exist
Thread creation error: %s
Thread creation error: %s
Thread Error: %s (%d)
Thread Error: %s (%d)
Unsupported clipboard format
Unsupported clipboard format
Invalid data type for '%s' List capacity out of bounds (%d)
Invalid data type for '%s' List capacity out of bounds (%d)
List count out of bounds (%d)
List count out of bounds (%d)
List index out of bounds (%d) Out of memory while expanding memory stream
List index out of bounds (%d) Out of memory while expanding memory stream
Error reading %s%s%s: %s
Error reading %s%s%s: %s
Failed to create key %s
Failed to create key %s
Failed to get data for '%s'
Failed to get data for '%s'
Failed to set data for '%s'
Failed to set data for '%s'
Resource %s not found
Resource %s not found
%s.Seek not implemented$Operation not allowed on sorted list
%s.Seek not implemented$Operation not allowed on sorted list
Ancestor for '%s' not found
Ancestor for '%s' not found
Cannot assign a %s to a %s
Cannot assign a %s to a %s
Bits index out of range*Can't write to a read-only resource streamECheckSynchronize called from thread $%x, which is NOT the main thread
Bits index out of range*Can't write to a read-only resource streamECheckSynchronize called from thread $%x, which is NOT the main thread
Class %s not found
Class %s not found
A class named %s already exists%List does not allow duplicates ($0%x)#A component named %s already exists%String list does not allow duplicates
A class named %s already exists%List does not allow duplicates ($0%x)#A component named %s already exists%String list does not allow duplicates
Cannot create file "%s". %s
Cannot create file "%s". %s
Cannot open file "%s". %s
Cannot open file "%s". %s
Invalid stream format$''%s'' is not a valid component name
Invalid stream format$''%s'' is not a valid component name
External exception %x
External exception %x
Interface not supported
Interface not supported
%s (%s, line %d)
%s (%s, line %d)
Abstract Error?Access violation at address %p in module '%s'. %s of address %p
Abstract Error?Access violation at address %p in module '%s'. %s of address %p
System Error. Code: %d.
System Error. Code: %d.
No argument for format '%s'"Variant method calls not supported
No argument for format '%s'"Variant method calls not supported
Invalid variant operation%Invalid variant operation (%s%.8x)
Invalid variant operation%Invalid variant operation (%s%.8x)
%s5Could not convert variant of type (%s) into type (%s)=Overflow while converting variant of type (%s) into type (%s)
%s5Could not convert variant of type (%s) into type (%s)=Overflow while converting variant of type (%s) into type (%s)
Operation not supported
Operation not supported
Integer overflow Invalid floating point operation
Integer overflow Invalid floating point operation
Invalid pointer operation
Invalid pointer operation
Invalid class typecast0Access violation at address %p. %s of address %p
Invalid class typecast0Access violation at address %p. %s of address %p
Privileged instruction(Exception %s in module %s at %p.
Privileged instruction(Exception %s in module %s at %p.
Application Error1Format '%s' invalid or incompatible with argument
Application Error1Format '%s' invalid or incompatible with argument
!'%s' is not a valid integer value('%s' is not a valid floating point value!'%s' is not a valid date and time
!'%s' is not a valid integer value('%s' is not a valid floating point value!'%s' is not a valid date and time
'%s' is not a valid GUID value
'%s' is not a valid GUID value
I/O error %d
I/O error %d
1, 0, 0, 1
1, 0, 0, 1
MSRSAAP.EXE
MSRSAAP.EXE
4, 0, 0, 0
4, 0, 0, 0
shuame_helper.exe_1852:
.text
.text
`.rdata
`.rdata
@.data
@.data
.rsrc
.rsrc
@.reloc
@.reloc
|$@3|$
|$@3|$
3|$
3|$
FtPS
FtPS
tGHt.Ht&
tGHt.Ht&
Big Number part of OpenSSL 1.0.0d 8 Feb 2011
Big Number part of OpenSSL 1.0.0d 8 Feb 2011
RSA part of OpenSSL 1.0.0d 8 Feb 2011
RSA part of OpenSSL 1.0.0d 8 Feb 2011
.\crypto\pem\pem_pkey.c
.\crypto\pem\pem_pkey.c
ENCRYPTED PRIVATE KEY
ENCRYPTED PRIVATE KEY
PRIVATE KEY
PRIVATE KEY
ANY PRIVATE KEY
ANY PRIVATE KEY
%s PRIVATE KEY
%s PRIVATE KEY
CERTIFICATE REQUEST
CERTIFICATE REQUEST
NEW CERTIFICATE REQUEST
NEW CERTIFICATE REQUEST
CERTIFICATE
CERTIFICATE
passed a null parameter
passed a null parameter
DSO support routines
DSO support routines
x509 certificate routines
x509 certificate routines
error:lX:%s:%s:%s
error:lX:%s:%s:%s
ssl_sess_cert
ssl_sess_cert
ssl_cert
ssl_cert
evp_pkey
evp_pkey
x509_pkey
x509_pkey
%s(%d): OpenSSL internal error, assertion failed: %s
%s(%d): OpenSSL internal error, assertion failed: %s
%'%1$=%C%K%O%s%
%'%1$=%C%K%O%s%
.%.-.3.7.9.?.W.[.o.y.
.%.-.3.7.9.?.W.[.o.y.
C%C'C3C7C9COCWCiC
C%C'C3C7C9COCWCiC
PEM part of OpenSSL 1.0.0d 8 Feb 2011
PEM part of OpenSSL 1.0.0d 8 Feb 2011
phrase is too short, needs to be at least %d chars
phrase is too short, needs to be at least %d chars
Enter PEM pass phrase:
Enter PEM pass phrase:
TRUSTED CERTIFICATE
TRUSTED CERTIFICATE
X509 CERTIFICATE
X509 CERTIFICATE
PKCS8_PRIV_KEY_INFO
PKCS8_PRIV_KEY_INFO
pkey
pkey
pkeyalg
pkeyalg
.\crypto\evp\evp_pkey.c
.\crypto\evp\evp_pkey.c
pubkey
pubkey
enc_key
enc_key
key_enc_algor
key_enc_algor
cert
cert
d.encrypted
d.encrypted
d.digest
d.digest
d.signed_and_enveloped
d.signed_and_enveloped
d.enveloped
d.enveloped
d.sign
d.sign
d.data
d.data
d.other
d.other
NETSCAPE_CERT_SEQUENCE
NETSCAPE_CERT_SEQUENCE
certs
certs
X509_PUBKEY
X509_PUBKEY
public_key
public_key
.\crypto\asn1\x_pubkey.c
.\crypto\asn1\x_pubkey.c
DSA part of OpenSSL 1.0.0d 8 Feb 2011
DSA part of OpenSSL 1.0.0d 8 Feb 2011
priv_key
priv_key
pub_key
pub_key
.\crypto\ec\ec_key.c
.\crypto\ec\ec_key.c
EC_PRIVATEKEY
EC_PRIVATEKEY
publicKey
publicKey
privateKey
privateKey
value.implicitlyCA
value.implicitlyCA
value.parameters
value.parameters
value.named_curve
value.named_curve
p.char_two
p.char_two
p.prime
p.prime
p.ppBasis
p.ppBasis
p.tpBasis
p.tpBasis
p.onBasis
p.onBasis
p.other
p.other
Diffie-Hellman part of OpenSSL 1.0.0d 8 Feb 2011
Diffie-Hellman part of OpenSSL 1.0.0d 8 Feb 2011
supportedAlgorithms
supportedAlgorithms
crossCertificatePair
crossCertificatePair
certificateRevocationList
certificateRevocationList
cACertificate
cACertificate
userCertificate
userCertificate
userPassword
userPassword
supportedApplicationContext
supportedApplicationContext
Microsoft Local Key set
Microsoft Local Key set
LocalKeySet
LocalKeySet
id-Gost28147-89-None-KeyMeshing
id-Gost28147-89-None-KeyMeshing
id-Gost28147-89-CryptoPro-KeyMeshing
id-Gost28147-89-CryptoPro-KeyMeshing
password based MAC
password based MAC
id-PasswordBasedMAC
id-PasswordBasedMAC
X509v3 Certificate Issuer
X509v3 Certificate Issuer
certificateIssuer
certificateIssuer
certicom-arc
certicom-arc
Proxy Certificate Information
Proxy Certificate Information
proxyCertInfo
proxyCertInfo
Microsoft Smartcardlogin
Microsoft Smartcardlogin
msSmartcardLogin
msSmartcardLogin
joint-iso-itu-t
joint-iso-itu-t
JOINT-ISO-ITU-T
JOINT-ISO-ITU-T
set-rootKeyThumb
set-rootKeyThumb
setAttr-Cert
setAttr-Cert
setCext-cCertRequired
setCext-cCertRequired
setCext-certType
setCext-certType
setct-CertResTBE
setct-CertResTBE
setct-CertReqTBEX
setct-CertReqTBEX
setct-CertReqTBE
setct-CertReqTBE
setct-AcqCardCodeMsgTBE
setct-AcqCardCodeMsgTBE
setct-CertInqReqTBS
setct-CertInqReqTBS
setct-CertResData
setct-CertResData
setct-CertReqTBS
setct-CertReqTBS
setct-CertReqData
setct-CertReqData
setct-PCertResTBS
setct-PCertResTBS
setct-PCertReqData
setct-PCertReqData
setct-AcqCardCodeMsg
setct-AcqCardCodeMsg
certificate extensions
certificate extensions
set-certExt
set-certExt
set-msgExt
set-msgExt
id-ecPublicKey
id-ecPublicKey
id-cmc-confirmCertAcceptance
id-cmc-confirmCertAcceptance
id-cmc-getCert
id-cmc-getCert
id-regInfo-certReq
id-regInfo-certReq
id-regCtrl-protocolEncrKey
id-regCtrl-protocolEncrKey
id-regCtrl-oldCertID
id-regCtrl-oldCertID
id-it-revPassphrase
id-it-revPassphrase
id-it-keyPairParamRep
id-it-keyPairParamRep
id-it-keyPairParamReq
id-it-keyPairParamReq
id-it-unsupportedOIDs
id-it-unsupportedOIDs
id-it-caKeyUpdateInfo
id-it-caKeyUpdateInfo
id-it-encKeyPairTypes
id-it-encKeyPairTypes
id-it-signKeyPairTypes
id-it-signKeyPairTypes
id-it-caProtEncCert
id-it-caProtEncCert
id-mod-attribute-cert
id-mod-attribute-cert
id-mod-qualified-cert-93
id-mod-qualified-cert-93
id-mod-qualified-cert-88
id-mod-qualified-cert-88
id-smime-aa-ets-certCRLTimestamp
id-smime-aa-ets-certCRLTimestamp
id-smime-aa-ets-certValues
id-smime-aa-ets-certValues
id-smime-aa-ets-CertificateRefs
id-smime-aa-ets-CertificateRefs
id-smime-aa-ets-otherSigCert
id-smime-aa-ets-otherSigCert
id-smime-aa-smimeEncryptCerts
id-smime-aa-smimeEncryptCerts
id-smime-aa-signingCertificate
id-smime-aa-signingCertificate
id-smime-aa-encrypKeyPref
id-smime-aa-encrypKeyPref
id-smime-aa-msgSigDigest
id-smime-aa-msgSigDigest
id-smime-ct-publishCert
id-smime-ct-publishCert
id-smime-mod-msg-v3
id-smime-mod-msg-v3
sdsiCertificate
sdsiCertificate
x509Certificate
x509Certificate
localKeyID
localKeyID
certBag
certBag
pkcs8ShroudedKeyBag
pkcs8ShroudedKeyBag
keyBag
keyBag
pbeWithSHA1And2-KeyTripleDES-CBC
pbeWithSHA1And2-KeyTripleDES-CBC
pbeWithSHA1And3-KeyTripleDES-CBC
pbeWithSHA1And3-KeyTripleDES-CBC
TLS Web Client Authentication
TLS Web Client Authentication
TLS Web Server Authentication
TLS Web Server Authentication
X509v3 Extended Key Usage
X509v3 Extended Key Usage
extendedKeyUsage
extendedKeyUsage
X509v3 Authority Key Identifier
X509v3 Authority Key Identifier
authorityKeyIdentifier
authorityKeyIdentifier
X509v3 Certificate Policies
X509v3 Certificate Policies
certificatePolicies
certificatePolicies
X509v3 Private Key Usage Period
X509v3 Private Key Usage Period
privateKeyUsagePeriod
privateKeyUsagePeriod
X509v3 Key Usage
X509v3 Key Usage
keyUsage
keyUsage
X509v3 Subject Key Identifier
X509v3 Subject Key Identifier
subjectKeyIdentifier
subjectKeyIdentifier
Netscape Certificate Sequence
Netscape Certificate Sequence
nsCertSequence
nsCertSequence
Netscape CA Policy Url
Netscape CA Policy Url
nsCaPolicyUrl
nsCaPolicyUrl
Netscape Renewal Url
Netscape Renewal Url
nsRenewalUrl
nsRenewalUrl
Netscape CA Revocation Url
Netscape CA Revocation Url
nsCaRevocationUrl
nsCaRevocationUrl
Netscape Revocation Url
Netscape Revocation Url
nsRevocationUrl
nsRevocationUrl
Netscape Base Url
Netscape Base Url
nsBaseUrl
nsBaseUrl
Netscape Cert Type
Netscape Cert Type
nsCertType
nsCertType
Netscape Certificate Extension
Netscape Certificate Extension
nsCertExt
nsCertExt
extendedCertificateAttributes
extendedCertificateAttributes
challengePassword
challengePassword
dhKeyAgreement
dhKeyAgreement
Stack part of OpenSSL 1.0.0d 8 Feb 2011
Stack part of OpenSSL 1.0.0d 8 Feb 2011
value.single
value.single
value.set
value.set
?456789:;
?456789:;
!"#$%&'()* ,-./0123
!"#$%&'()* ,-./0123
lhash part of OpenSSL 1.0.0d 8 Feb 2011
lhash part of OpenSSL 1.0.0d 8 Feb 2011
RAND part of OpenSSL 1.0.0d 8 Feb 2011
RAND part of OpenSSL 1.0.0d 8 Feb 2011
You need to read the OpenSSL FAQ, hXXp://VVV.openssl.org/support/faq.html
You need to read the OpenSSL FAQ, hXXp://VVV.openssl.org/support/faq.html
%s: (%d bit)
%s: (%d bit)
Public-Key
Public-Key
Private-Key
Private-Key
recommended-private-length: %d bits
recommended-private-length: %d bits
public-key:
public-key:
private-key:
private-key:
PKCS#3 DH Public-Key
PKCS#3 DH Public-Key
PKCS#3 DH Private-Key
PKCS#3 DH Private-Key
Public-Key: (%d bit)
Public-Key: (%d bit)
Private-Key: (%d bit)
Private-Key: (%d bit)
.\crypto\evp\evp_key.c
.\crypto\evp\evp_key.c
nkey
nkey
EVP part of OpenSSL 1.0.0d 8 Feb 2011
EVP part of OpenSSL 1.0.0d 8 Feb 2011
name.relativename
name.relativename
name.fullname
name.fullname
certificateHold
certificateHold
Certificate Hold
Certificate Hold
cessationOfOperation
cessationOfOperation
Cessation Of Operation
Cessation Of Operation
keyCompromise
keyCompromise
Key Compromise
Key Compromise
%*s%s:
%*s%s:
%*sOnly Attribute Certificates
%*sOnly Attribute Certificates
%*sOnly CA Certificates
%*sOnly CA Certificates
%*sOnly User Certificates
%*sOnly User Certificates
ASN.1 part of OpenSSL 1.0.0d 8 Feb 2011
ASN.1 part of OpenSSL 1.0.0d 8 Feb 2011
d.registeredID
d.registeredID
d.iPAddress
d.iPAddress
d.uniformResourceIdentifier
d.uniformResourceIdentifier
d.ediPartyName
d.ediPartyName
d.directoryName
d.directoryName
d.dNSName
d.dNSName
d.rfc822Name
d.rfc822Name
d.otherName
d.otherName
AUTHORITY_KEYID
AUTHORITY_KEYID
keyid
keyid
cert_info
cert_info
EC part of OpenSSL 1.0.0d 8 Feb 2011
EC part of OpenSSL 1.0.0d 8 Feb 2011
.\crypto\dh\dh_key.c
.\crypto\dh\dh_key.c
USER32.DLL
USER32.DLL
NETAPI32.DLL
NETAPI32.DLL
KERNEL32.DLL
KERNEL32.DLL
ADVAPI32.DLL
ADVAPI32.DLL
ECDSA part of OpenSSL 1.0.0d 8 Feb 2011
ECDSA part of OpenSSL 1.0.0d 8 Feb 2011
x%s
x%s
Basis Type: %s
Basis Type: %s
Field Type: %s
Field Type: %s
ASN1 OID: %s
ASN1 OID: %s
%s %s%lu (%s0x%lx)
%s %s%lu (%s0x%lx)
MD5 part of OpenSSL 1.0.0d 8 Feb 2011
MD5 part of OpenSSL 1.0.0d 8 Feb 2011
keylength
keylength
keyfunc
keyfunc
\X
\X
ddddddZ
ddddddZ
ddddddZ
ddddddZ
%d.%d.%d.%d
%d.%d.%d.%d
IP Address:%d.%d.%d.%d
IP Address:%d.%d.%d.%d
URI:%s
URI:%s
DNS:%s
DNS:%s
email:%s
email:%s
EdiPartyName:
EdiPartyName:
X400Name:
X400Name:
othername:
othername:
SHA1 part of OpenSSL 1.0.0d 8 Feb 2011
SHA1 part of OpenSSL 1.0.0d 8 Feb 2011
SHA-256 part of OpenSSL 1.0.0d 8 Feb 2011
SHA-256 part of OpenSSL 1.0.0d 8 Feb 2011
SHA-512 part of OpenSSL 1.0.0d 8 Feb 2011
SHA-512 part of OpenSSL 1.0.0d 8 Feb 2011
%d.%d.%d.%d/%d.%d.%d.%d
%d.%d.%d.%d/%d.%d.%d.%d
X509_CERT_PAIR
X509_CERT_PAIR
X509_CERT_AUX
X509_CERT_AUX
X.509 part of OpenSSL 1.0.0d 8 Feb 2011
X.509 part of OpenSSL 1.0.0d 8 Feb 2011
%s - d:d:d%.*s %d%s
%s - d:d:d%.*s %d%s
keylen
keylen
EVP_CIPHER_key_length(cipher)
EVP_CIPHER_key_length(cipher)
d.receiptList
d.receiptList
d.allOrFirstTier
d.allOrFirstTier
d.compressedData
d.compressedData
d.authenticatedData
d.authenticatedData
d.encryptedData
d.encryptedData
d.digestedData
d.digestedData
d.envelopedData
d.envelopedData
d.signedData
d.signedData
d.ori
d.ori
d.pwri
d.pwri
d.kekri
d.kekri
d.kari
d.kari
d.ktri
d.ktri
CMS_PasswordRecipientInfo
CMS_PasswordRecipientInfo
keyDerivationAlgorithm
keyDerivationAlgorithm
keyIdentifier
keyIdentifier
CMS_KeyAgreeRecipientInfo
CMS_KeyAgreeRecipientInfo
recipientEncryptedKeys
recipientEncryptedKeys
CMS_OriginatorIdentifierOrKey
CMS_OriginatorIdentifierOrKey
d.originatorKey
d.originatorKey
CMS_OriginatorPublicKey
CMS_OriginatorPublicKey
CMS_RecipientEncryptedKey
CMS_RecipientEncryptedKey
CMS_KeyAgreeRecipientIdentifier
CMS_KeyAgreeRecipientIdentifier
d.rKeyId
d.rKeyId
CMS_RecipientKeyIdentifier
CMS_RecipientKeyIdentifier
CMS_OtherKeyAttribute
CMS_OtherKeyAttribute
keyAttr
keyAttr
keyAttrId
keyAttrId
CMS_KeyTransRecipientInfo
CMS_KeyTransRecipientInfo
encryptedKey
encryptedKey
keyEncryptionAlgorithm
keyEncryptionAlgorithm
certificates
certificates
d.crl
d.crl
d.subjectKeyIdentifier
d.subjectKeyIdentifier
d.issuerAndSerialNumber
d.issuerAndSerialNumber
CMS_CertificateChoices
CMS_CertificateChoices
d.v2AttrCert
d.v2AttrCert
d.v1AttrCert
d.v1AttrCert
d.extendedCertificate
d.extendedCertificate
d.certificate
d.certificate
CMS_OtherCertificateFormat
CMS_OtherCertificateFormat
otherCert
otherCert
otherCertFormat
otherCertFormat
6%lu:%s:%s:%d:%s
6%lu:%s:%s:%d:%s
Verifying - %s
Verifying - %s
'() ,-./:=?
'() ,-./:=?
%*sPolicy Text: %s
%*sPolicy Text: %s
%*scrlUrl:
%*scrlUrl:
EXTENDED_KEY_USAGE
EXTENDED_KEY_USAGE
%*sZone: %s, User:
%*sZone: %s, User:
.\crypto\x509v3\v3_akey.c
.\crypto\x509v3\v3_akey.c
d.usernotice
d.usernotice
d.cpsuri
d.cpsuri
CERTIFICATEPOLICIES
CERTIFICATEPOLICIES
%*sExplicit Text: %s
%*sExplicit Text: %s
%*sNumber%s:
%*sNumber%s:
%*sOrganization: %s
%*sOrganization: %s
%*sCPS: %s
%*sCPS: %s
PKEY_USAGE_PERIOD
PKEY_USAGE_PERIOD
keyCertSign
keyCertSign
Certificate Sign
Certificate Sign
keyAgreement
keyAgreement
Key Agreement
Key Agreement
keyEncipherment
keyEncipherment
Key Encipherment
Key Encipherment
.\crypto\x509v3\v3_skey.c
.\crypto\x509v3\v3_skey.c
CONF part of OpenSSL 1.0.0d 8 Feb 2011
CONF part of OpenSSL 1.0.0d 8 Feb 2011
PROXY_CERT_INFO_EXTENSION
PROXY_CERT_INFO_EXTENSION
hexkey
hexkey
rsa_keygen_pubexp
rsa_keygen_pubexp
rsa_keygen_bits
rsa_keygen_bits
len>=0 && lenkey)
len>=0 && lenkey)
j key)
j key)
.\crypto\pkcs12\p12_key.c
.\crypto\pkcs12\p12_key.c
crlUrl
crlUrl
certStatus
certStatus
certId
certId
OCSP_CERTSTATUS
OCSP_CERTSTATUS
value.unknown
value.unknown
value.revoked
value.revoked
value.good
value.good
value.byKey
value.byKey
value.byName
value.byName
reqCert
reqCert
OCSP_CERTID
OCSP_CERTID
issuerKeyHash
issuerKeyHash
CONF_def part of OpenSSL 1.0.0d 8 Feb 2011
CONF_def part of OpenSSL 1.0.0d 8 Feb 2011
[[%s]]
[[%s]]
[%s] %s=%s
[%s] %s=%s
ECDH part of OpenSSL 1.0.0d 8 Feb 2011
ECDH part of OpenSSL 1.0.0d 8 Feb 2011
value.bag
value.bag
value.safes
value.safes
value.shkeybag
value.shkeybag
value.keybag
value.keybag
value.sdsicert
value.sdsicert
value.x509cert
value.x509cert
value.other
value.other
%s.dll
%s.dll
Visual C CRT: Not enough memory to complete call to strerror.
Visual C CRT: Not enough memory to complete call to strerror.
Please contact the application's support team for more information.
Please contact the application's support team for more information.
- Attempt to initialize the CRT more than once.
- Attempt to initialize the CRT more than once.
- CRT not initialized
- CRT not initialized
- floating point support not loaded
- floating point support not loaded
Broken pipe
Broken pipe
Inappropriate I/O control operation
Inappropriate I/O control operation
Operation not permitted
Operation not permitted
GetProcessWindowStation
GetProcessWindowStation
operator
operator
transport
transport
error: %s:
error: %s:
.\adb.cpp
.\adb.cpp
%s::%s():
%s::%s():
Error generating token ret=%d
Error generating token ret=%d
send_auth_publickey
send_auth_publickey
Calling send_auth_publickey
Calling send_auth_publickey
Failed to get user public key
Failed to get user public key
parse_banner: %s
parse_banner: %s
ro.product.name
ro.product.name
ro.product.model
ro.product.model
ro.product.device
ro.product.device
handle_packet() %c%c%c%c
handle_packet() %c%c%c%c
handle_packet: what is x?!
handle_packet: what is x?!
unknown local portname '%s'
unknown local portname '%s'
cannot bind '%s'
cannot bind '%s'
adb.log
adb.log
--- adb starting (pid %d) ---
--- adb starting (pid %d) ---
CreatePipe() failure, error %ld
CreatePipe() failure, error %ld
tcp:%d
tcp:%d
bad host name %s
bad host name %s
bad port number %s
bad port number %s
%s:%d
%s:%d
already connected to %s
already connected to %s
unable to connect to %s:%d
unable to connect to %s:%d
client: connected on remote on fd %d
client: connected on remote on fd %d
connected to %s
connected to %s
unable to parse '%s' as ,
unable to parse '%s' as ,
Invalid port numbers: Expected positive numbers, got '%s'
Invalid port numbers: Expected positive numbers, got '%s'
Emulator on port %d already registered.
Emulator on port %d already registered.
Connected to emulator on ports %d,%d
Connected to emulator on ports %d,%d
Could not connect to emulator on ports %d,%d
Could not connect to emulator on ports %d,%d
transport-usb
transport-usb
transport-local
transport-local
transport-any
transport-any
transport:
transport:
OKAYx%s
OKAYx%s
%s:5555
%s:5555
No such device %s
No such device %s
%s@%s
%s@%s
%s.pub
%s.pub
write_public_keyfile
write_public_keyfile
.\adb_auth_host.cpp
.\adb_auth_host.cpp
Failed to convert to publickey
Failed to convert to publickey
Failed to open '%s'
Failed to open '%s'
Writing public key to '%s'
Writing public key to '%s'
generate_key
generate_key
generate_key '%s'
generate_key '%s'
Failed to allocate key
Failed to allocate key
Failed to write key
Failed to write key
Failed to write public key
Failed to write public key
read_key
read_key
read_key '%s'
read_key '%s'
Failed to alloc key
Failed to alloc key
Failed to read key
Failed to read key
%s\%s
%s\%s
get_user_keyfilepath
get_user_keyfilepath
home '%s'
home '%s'
.android
.android
Cannot mkdir '%s'
Cannot mkdir '%s'
adbkey
adbkey
get_user_key
get_user_key
Error getting user key filename
Error getting user key filename
user key '%s'
user key '%s'
Failed to generate new key
Failed to generate new key
ADB_VENDOR_KEYS
ADB_VENDOR_KEYS
get_vendor_keys
get_vendor_keys
Reading: '%s'
Reading: '%s'
Can't read '%s'
Can't read '%s'
Failed to read '%s'
Failed to read '%s'
adb_auth_sign len=%d
adb_auth_sign len=%d
adb_auth_get_userkey
adb_auth_get_userkey
Can't load '%s'
Can't load '%s'
%s: Content too large ret=%d
%s: Content too large ret=%d
Failed to get user key
Failed to get user key
host:transport:%s
host:transport:%s
host:%s
host:%s
switch_socket_transport
switch_socket_transport
.\adb_client.cpp
.\adb_client.cpp
Switch transport in progress
Switch transport in progress
Switch transport failed
Switch transport failed
Switch transport success
Switch transport success
protocol fault (status x x x x?!)
protocol fault (status x x x x?!)
_adb_connect: %s
_adb_connect: %s
_adb_connect: return fd %d
_adb_connect: return fd %d
adb_connect: service %s
adb_connect: service %s
* daemon not running. starting it now on port %d *
* daemon not running. starting it now on port %d *
adb_connect: return fd %d
adb_connect: return fd %d
adb_query: %s
adb_query: %s
error: %s
error: %s
/sdcard/tmp/%s
/sdcard/tmp/%s
/data/local/tmp/%s
/data/local/tmp/%s
Android Debug Bridge version %d.%d.%d
Android Debug Bridge version %d.%d.%d
connect [:] - connect to a device via TCP/IP
connect [:] - connect to a device via TCP/IP
Port 5555 is used by default if no port number is specified.
Port 5555 is used by default if no port number is specified.
disconnect [[:]] - disconnect from a TCP/IP device.
disconnect [[:]] - disconnect from a TCP/IP device.
will disconnect from all connected TCP/IP devices.
will disconnect from all connected TCP/IP devices.
tcp:
tcp:
adb jdwp - list PIDs of processes hosting a JDWP transport
adb jdwp - list PIDs of processes hosting a JDWP transport
adb install [-l] [-r] [-s] [--algo --key --iv ]
adb install [-l] [-r] [-s] [--algo --key --iv ]
('--algo', '--key', and '--iv' mean the file is encrypted already)
('--algo', '--key', and '--iv' mean the file is encrypted already)
adb bugreport - return all information from the device
adb bugreport - return all information from the device
that should be included in a bug report.
that should be included in a bug report.
to "backup.ab" in the current directory.
to "backup.ab" in the current directory.
(-apk|-noapk enable/disable backup of the .apks themselves
(-apk|-noapk enable/disable backup of the .apks themselves
the -all or -shared flags are passed, then the package
the -all or -shared flags are passed, then the package
adb tcpip - restarts the adbd daemon listening on TCP on the specified port
adb tcpip - restarts the adbd daemon listening on TCP on the specified port
1 or all, adb, sockets, packets, rwx, usb, sync, sysdeps, transport, jdwp
1 or all, adb, sockets, packets, rwx, usb, sync, sysdeps, transport, jdwp
.\commandline.cpp
.\commandline.cpp
read_and_dump(): pre adb_read(fd=%d)
read_and_dump(): pre adb_read(fd=%d)
read_and_dump(): post adb_read(fd=%d): len=%d
read_and_dump(): post adb_read(fd=%d): len=%d
copy_to_file(%d -> %d)
copy_to_file(%d -> %d)
copy_to_file() : error %d
copy_to_file() : error %d
stdin_read_thread(): pre unix_read(fdi=%d,...)
stdin_read_thread(): pre unix_read(fdi=%d,...)
stdin_read_thread(): post unix_read(fdi=%d,...)
stdin_read_thread(): post unix_read(fdi=%d,...)
host-serial:%s:%s
host-serial:%s:%s
%s:%s
%s:%s
* failed to write data '%s' *
* failed to write data '%s' *
sending: '%s' M%%
sending: '%s' M%%
* error response '%s' *
* error response '%s' *
* cannot read '%s' *
* cannot read '%s' *
%c[2J%c[2H
%c[2J%c[2H
State: %s
State: %s
error: adb %s not implemented on Win32
error: adb %s not implemented on Win32
shell:export ANDROID_LOG_TAGS="%s" ; exec logcat
shell:export ANDROID_LOG_TAGS="%s" ; exec logcat
./backup.ab
./backup.ab
adb: -f passed with no filename
adb: -f passed with no filename
adb: unable to open file %s
adb: unable to open file %s
backup. filename=%s buf=%s
backup. filename=%s buf=%s
Now unlock your device and confirm the backup operation.
Now unlock your device and confirm the backup operation.
Now unlock your device and confirm the restore operation.
Now unlock your device and confirm the restore operation.
%s\config\envsetup.make
%s\config\envsetup.make
adb: bad ANDROID_BUILD_TOP value "%s"
adb: bad ANDROID_BUILD_TOP value "%s"
adb: bad TOP value "%s"
adb: bad TOP value "%s"
adb: Couldn't get CWD: %s
adb: Couldn't get CWD: %s
%s\out\target\product\%s
%s\out\target\product\%s
adb: Couldn't find a product dir based on "-p %s"; "%s" doesn't exist
adb: Couldn't find a product dir based on "-p %s"; "%s" doesn't exist
ANDROID_ADB_SERVER_PORT
ANDROID_ADB_SERVER_PORT
adb: Env var ANDROID_ADB_SERVER_PORT must be a positive number. Got "%s"
adb: Env var ANDROID_ADB_SERVER_PORT must be a positive number. Got "%s"
adb: could not resolve "-p %s"
adb: could not resolve "-p %s"
host:%s%s
host:%s%s
Usage: adb connect [:]
Usage: adb connect [:]
host:connect:%s
host:connect:%s
Usage: adb disconnect [[:]]
Usage: adb disconnect [[:]]
host:disconnect:%s
host:disconnect:%s
shell:%s
shell:%s
interactive shell loop. buff=%s
interactive shell loop. buff=%s
about to read_and_dump(fd=%d)
about to read_and_dump(fd=%d)
interactive shell loop. return r=%d
interactive shell loop. return r=%d
tcpip
tcpip
bugreport
bugreport
failure: %s *
failure: %s *
host-serial:%s:forward:%s;%s
host-serial:%s:forward:%s;%s
host-usb:forward:%s;%s
host-usb:forward:%s;%s
host-local:forward:%s;%s
host-local:forward:%s;%s
host:forward:%s;%s
host:forward:%s;%s
If you truly wish to continue, execute 'adb shell pm uninstall -k %s'
If you truly wish to continue, execute 'adb shell pm uninstall -k %s'
can't find '%s' to install
can't find '%s' to install
can't install '%s' because it's not a file
can't install '%s' because it's not a file
--key
--key
error: could not connect to TCP port %d
error: could not connect to TCP port %d
cannot open '%s': %s
cannot open '%s': %s
cannot read '%s': %s
cannot read '%s': %s
error seeking in file '%s'
error seeking in file '%s'
could not allocate buffer for '%s'
could not allocate buffer for '%s'
error reading from file: '%s'
error reading from file: '%s'
file '%s' is not a valid zip file
file '%s' is not a valid zip file
AndroidManifest.xml
AndroidManifest.xml
file '%s' does not contain AndroidManifest.xml
file '%s' does not contain AndroidManifest.xml
failed to copy '%s' to '%s': %s
failed to copy '%s' to '%s': %s
cannot create '%s': %s
cannot create '%s': %s
cannot write '%s': %s
cannot write '%s': %s
x x x %s
x x x %s
%s%s/
%s%s/
cannot stat '%s': %s
cannot stat '%s': %s
skipping special file '%s'
skipping special file '%s'
%spush: %s -> %s
%spush: %s -> %s
%d file%s pushed. %d file%s skipped.
%d file%s pushed. %d file%s skipped.
%s/%s
%s/%s
pull: %s -> %s
pull: %s -> %s
%d file%s pulled. %d file%s skipped.
%d file%s pulled. %d file%s skipped.
remote object '%s' does not exist
remote object '%s' does not exist
remote object '%s' not a file or directory
remote object '%s' not a file or directory
syncing %s...
syncing %s...
.\services.cpp
.\services.cpp
service thread started, %d:%d
service thread started, %d:%d
wait_for_state %d
wait_for_state %d
FAILx
FAILx
.\sockets.cpp
.\sockets.cpp
LS(%d): enqueue %d
LS(%d): enqueue %d
LS(%d): not ready, errno=%d: %s
LS(%d): not ready, errno=%d: %s
LS(%d): destroying fde.fd=%d
LS(%d): destroying fde.fd=%d
LS(%d): discarding %d bytes
LS(%d): discarding %d bytes
entered. LS(%d) fd=%d
entered. LS(%d) fd=%d
LS(%d): closing peer. peer->id=%d peer->fd=%d
LS(%d): closing peer. peer->id=%d peer->fd=%d
LS(%d): closed
LS(%d): closed
LS(%d): closing
LS(%d): closing
LS(%d): put on socket_closing_list fd=%d
LS(%d): put on socket_closing_list fd=%d
LS(%d): event_func(fd=%d(==%d), ev=x)
LS(%d): event_func(fd=%d(==%d), ev=x)
closing after write because r=%d and errno is %d
closing after write because r=%d and errno is %d
LS(%d): post adb_read(fd=%d,...) r=%d (errno=%d) avail=%d
LS(%d): post adb_read(fd=%d,...) r=%d (errno=%d) avail=%d
LS(%d): fd=%d post avail loop. r=%d is_eof=%d forced_eof=%d
LS(%d): fd=%d post avail loop. r=%d is_eof=%d forced_eof=%d
LS(%d): fd=%d post peer->enqueue(). r=%d
LS(%d): fd=%d post peer->enqueue(). r=%d
closing because is_eof=%d r=%d s->fde.force_eof=%d
closing because is_eof=%d r=%d s->fde.force_eof=%d
LS(%d): FDE_ERROR (fd=%d)
LS(%d): FDE_ERROR (fd=%d)
LS(%d): created (fd=%d)
LS(%d): created (fd=%d)
LS(%d): bound to '%s' via %d
LS(%d): bound to '%s' via %d
LS(%d) bound to '%s'
LS(%d) bound to '%s'
entered remote_socket_enqueue RS(%d) WRITE fd=%d peer.fd=%d
entered remote_socket_enqueue RS(%d) WRITE fd=%d peer.fd=%d
entered remote_socket_ready RS(%d) OKAY fd=%d peer.fd=%d
entered remote_socket_ready RS(%d) OKAY fd=%d peer.fd=%d
entered remote_socket_close RS(%d) CLOSE fd=%d peer->fd=%d
entered remote_socket_close RS(%d) CLOSE fd=%d peer->fd=%d
RS(%d) peer->close()ing peer->id=%d peer->fd=%d
RS(%d) peer->close()ing peer->id=%d peer->fd=%d
RS(%d): closed
RS(%d): closed
remote_socket_disconnect RS(%d)
remote_socket_disconnect RS(%d)
RS(%d): created
RS(%d): created
Connect_to_remote call RS(%d) fd=%d
Connect_to_remote call RS(%d) fd=%d
LS(%d): connect('%s')
LS(%d): connect('%s')
SS(%d): enqueue %d
SS(%d): enqueue %d
SS(%d): overflow
SS(%d): overflow
SS(%d): bad size (%d)
SS(%d): bad size (%d)
SS(%d): len is %d
SS(%d): len is %d
SS(%d): waiting for %d more bytes
SS(%d): waiting for %d more bytes
SS(%d): '%s'
SS(%d): '%s'
SS(%d): handled host service '%s'
SS(%d): handled host service '%s'
SS(%d): okay transport
SS(%d): okay transport
SS(%d): couldn't create host service '%s'
SS(%d): couldn't create host service '%s'
SS(%d): okay
SS(%d): okay
SS(%d): ready
SS(%d): ready
SS(%d): closed
SS(%d): closed
SS(%d): created %p
SS(%d): created %p
.\sysdeps_win32.cpp
.\sysdeps_win32.cpp
load_file: could not read %ld bytes from '%s'
load_file: could not read %ld bytes from '%s'
_fh_from_int: invalid fd %d
_fh_from_int: invalid fd %d
adb_read: could not read %d bytes from %s
adb_read: could not read %d bytes from %s
adb_file_write: could not write %d bytes from %s
adb_file_write: could not write %d bytes from %s
adb_open: could not open '%s':
adb_open: could not open '%s':
%d(%s)
%d(%s)
adb_open: '%s' => fd %d
adb_open: '%s' => fd %d
adb_creat: could not open '%s':
adb_creat: could not open '%s':
adb_creat: '%s' => fd %d
adb_creat: '%s' => fd %d
adb_shutdown: %s
adb_shutdown: %s
adb_close: %s
adb_close: %s
_socket_set_errno: unhandled value %d
_socket_set_errno: unhandled value %d
socket_loopback_client: could not connect to %s:%d
socket_loopback_client: could not connect to %s:%d
%d(lo-client:%s%d)
%d(lo-client:%s%d)
socket_loopback_client: port %d type %s => fd %d
socket_loopback_client: port %d type %s => fd %d
%d(lo-server:%s%d)
%d(lo-server:%s%d)
socket_loopback_server: port %d type %s => fd %d
socket_loopback_server: port %d type %s => fd %d
%d(net-client:%s%d)
%d(net-client:%s%d)
socket_network_client: host '%s' port %d type %s => fd %d
socket_network_client: host '%s' port %d type %s => fd %d
%d(any-server:%s%d)
%d(any-server:%s%d)
socket_inaddr_server: port %d type %s => fd %d
socket_inaddr_server: port %d type %s => fd %d
adb_socket_accept: invalid fd %d
adb_socket_accept: invalid fd %d
adb_socket_accept: accept on fd %d return error %ld
adb_socket_accept: accept on fd %d return error %ld
%d(accept:%s)
%d(accept:%s)
adb_socket_accept on fd %d returns fd %d
adb_socket_accept on fd %d returns fd %d
bip_buffer_write: error %d->%d WaitForSingleObject returned %d, error %ld
bip_buffer_write: error %d->%d WaitForSingleObject returned %d, error %ld
assertion failed '%s' on %s:%ld
assertion failed '%s' on %s:%ld
bip_buffer_read: error %d->%d WaitForSingleObject returned %d, error %ld
bip_buffer_read: error %d->%d WaitForSingleObject returned %d, error %ld
adb_socketpair: not enough memory to allocate pipes
adb_socketpair: not enough memory to allocate pipes
%d(pair:%d)
%d(pair:%d)
adb_socketpair: returns (%d, %d)
adb_socketpair: returns (%d, %d)
event_looper_hook: invalid fd=%d
event_looper_hook: invalid fd=%d
event_looper_hook: call hook for %d (new=%x, old=%x)
event_looper_hook: call hook for %d (new=%x, old=%x)
event_looper_hook: ignoring events %x for %d wanted=%x)
event_looper_hook: ignoring events %x for %d wanted=%x)
event_looper_unhook: events %x not registered for fd %d
event_looper_unhook: events %x not registered for fd %d
Unable to allocate thread array for %d handles.
Unable to allocate thread array for %d handles.
Unable to create main event. Error: %d
Unable to create main event. Error: %d
Unable to create a waiting thread %d of %d. errno=%d
Unable to create a waiting thread %d of %d. errno=%d
fdevent_update: remove %x from %d
fdevent_update: remove %x from %d
fdevent_update: add %x to %d
fdevent_update: add %x to %d
adb_win32: waiting for %d events
adb_win32: waiting for %d events
handle count %d exceeds MAXIMUM_WAIT_OBJECTS.
handle count %d exceeds MAXIMUM_WAIT_OBJECTS.
adb_win32: got one (index %d)
adb_win32: got one (index %d)
adb_win32: signaling %s for %x
adb_win32: signaling %s for %x
bogus negative fd (%d)
bogus negative fd (%d)
bogus huuuuge fd (%d)
bogus huuuuge fd (%d)
could not expand fd_table to %d entries
could not expand fd_table to %d entries
fd out of range (%d)
fd out of range (%d)
_event_socket_start: no event for %s
_event_socket_start: no event for %s
_event_socket_start: hooking %s for %x (flags %ld)
_event_socket_start: hooking %s for %x (flags %ld)
_event_socket_start: WSAEventSelect() for %s failed, error %d
_event_socket_start: WSAEventSelect() for %s failed, error %d
_event_socket_check %s returns %d
_event_socket_check %s returns %d
_event_socketpair_start: hook %s for %x wanted=%x
_event_socketpair_start: hook %s for %x wanted=%x
run_transport_disconnects
run_transport_disconnects
.\transport.cpp
.\transport.cpp
%s: run_transport_disconnects
%s: run_transport_disconnects
%s: %s: [%s] arg0=%s arg1=%s (len=%d)
%s: %s: [%s] arg0=%s arg1=%s (len=%d)
fd=%d
fd=%d
%s: read_packet (fd=%d), error ret=%d errno=%d: %s
%s: read_packet (fd=%d), error ret=%d errno=%d: %s
%s: write_packet (fd=%d) error ret=%d errno=%d: %s
%s: write_packet (fd=%d) error ret=%d errno=%d: %s
transport_socket_events
transport_socket_events
transport_socket_events(fd=%d, events=x,...)
transport_socket_events(fd=%d, events=x,...)
%s: failed to read packet from transport socket on fd %d
%s: failed to read packet from transport socket on fd %d
Transport is null
Transport is null
Transport is null
Transport is null
cannot enqueue packet on transport socket
cannot enqueue packet on transport socket
%s: starting transport output thread on fd %d, SYNC online (%d)
%s: starting transport output thread on fd %d, SYNC online (%d)
%s: failed to write SYNC packet
%s: failed to write SYNC packet
%s: data pump started
%s: data pump started
%s: received remote packet, sending to transport
%s: received remote packet, sending to transport
%s: failed to write apacket to transport
%s: failed to write apacket to transport
%s: remote read failed for transport
%s: remote read failed for transport
%s: SYNC offline for transport
%s: SYNC offline for transport
%s: failed to write SYNC apacket to transport
%s: failed to write SYNC apacket to transport
%s: transport output thread is exiting
%s: transport output thread is exiting
%s: starting transport input thread, reading from fd %d
%s: starting transport input thread, reading from fd %d
%s: failed to read apacket from transport on fd %d
%s: failed to read apacket from transport on fd %d
%s: transport SYNC offline
%s: transport SYNC offline
%s: transport SYNC online
%s: transport SYNC online
%s: transport ignoring SYNC %d != %d
%s: transport ignoring SYNC %d != %d
%s: transport got packet, sending to remote
%s: transport got packet, sending to remote
%s: transport ignoring packet while offline
%s: transport ignoring packet while offline
%s: transport input thread is exiting, fd %d
%s: transport input thread is exiting, fd %d
transport_read_action
transport_read_action
transport_read_action: on fd %d, error %d: %s
transport_read_action: on fd %d, error %d: %s
transport_write_action
transport_write_action
transport_write_action: on fd %d, error %d: %s
transport_write_action: on fd %d, error %d: %s
cannot read transport registration socket
cannot read transport registration socket
transport_registration_func
transport_registration_func
transport: %s removing and free'ing %d
transport: %s removing and free'ing %d
cannot open transport socketpair
cannot open transport socketpair
transport: %s (%d,%d) starting
transport: %s (%d,%d) starting
cannot open transport registration socketpair
cannot open transport registration socketpair
register_transport
register_transport
transport: %s registered
transport: %s registered
cannot write transport registration socket
cannot write transport registration socket
remove_transport
remove_transport
transport: %s removed
transport: %s removed
transport_unref_locked
transport_unref_locked
transport: %s unref (kicking and closing)
transport: %s unref (kicking and closing)
transport: %s unref (count=%d)
transport: %s unref (count=%d)
%s%n%s
%s%n%s
%-22s %s
%-22s %s
register_socket_transport
register_socket_transport
transport: %s init'ing for socket %d, on port %d
transport: %s init'ing for socket %d, on port %d
register_usb_transport
register_usb_transport
transport: %p init'ing for usb_handle %p (sn='%s')
transport: %p init'ing for usb_handle %p (sn='%s')
readx: fd=%d wanted=%d
readx: fd=%d wanted=%d
readx: fd=%d error %d: %s
readx: fd=%d error %d: %s
readx: fd=%d disconnected
readx: fd=%d disconnected
readx: fd=%d wanted=%d got=%d
readx: fd=%d wanted=%d got=%d
writex: fd=%d len=%d:
writex: fd=%d len=%d:
writex: fd=%d error %d: %s
writex: fd=%d error %d: %s
writex: fd=%d disconnected
writex: fd=%d disconnected
check_header(): %d > MAX_PAYLOAD
check_header(): %d > MAX_PAYLOAD
.\transport_local.cpp
.\transport_local.cpp
local_connect_arbitrary_ports
local_connect_arbitrary_ports
transport: client_socket_thread() starting
transport: client_socket_thread() starting
transport: server_socket_thread() starting
transport: server_socket_thread() starting
server: trying to get new connection from %d
server: trying to get new connection from %d
server: new connection on fd %d
server: new connection on fd %d
transport: local %s init
transport: local %s init
cannot create local socket %s thread
cannot create local socket %s thread
init_socket_transport
init_socket_transport
local transport for port %d already registered (%p)?
local transport for port %d already registered (%p)?
cannot register more emulators. Maximum is %d
cannot register more emulators. Maximum is %d
.\transport_usb.cpp
.\transport_usb.cpp
init_usb_transport
init_usb_transport
transport: usb
transport: usb
adb_usb.ini
adb_usb.ini
Invalid content in %s. Quitting.
Invalid content in %s. Quitting.
%s\%s\%s
%s\%s\%s
.\usb_windows.cpp
.\usb_windows.cpp
usb_write %d
usb_write %d
usb_write got: %ld, expected: %d
usb_write got: %ld, expected: %d
usb_write failed: %d
usb_write failed: %d
usb_read %d
usb_read %d
usb_write got: %ld, expected: %d, errno: %d
usb_write got: %ld, expected: %d, errno: %d
usb_read failed: %d
usb_read failed: %d
adding a new device %s
adding a new device %s
register_new_device failed for %s
register_new_device failed for %s
1.3.6.1.4.1.311.2.1.12
1.3.6.1.4.1.311.2.1.12
Zip EOCD: expected >= %d bytes, found %d
Zip EOCD: expected >= %d bytes, found %d
EOCD(%d) comment(%d) exceeds len (%d)
EOCD(%d) comment(%d) exceeds len (%d)
Length is %d -- too small
Length is %d -- too small
Archive spanning not supported
Archive spanning not supported
WS2_32.dll
WS2_32.dll
AdbWinApi.DLL
AdbWinApi.DLL
CreatePipe
CreatePipe
KERNEL32.dll
KERNEL32.dll
USER32.dll
USER32.dll
ReportEventA
ReportEventA
ADVAPI32.dll
ADVAPI32.dll
SHELL32.dll
SHELL32.dll
CryptMsgClose
CryptMsgClose
CertGetNameStringW
CertGetNameStringW
CertFreeCertificateContext
CertFreeCertificateContext
CertFindCertificateInStore
CertFindCertificateInStore
CertCloseStore
CertCloseStore
CertGetNameStringA
CertGetNameStringA
CryptMsgGetParam
CryptMsgGetParam
CRYPT32.dll
CRYPT32.dll
GetCPInfo
GetCPInfo
GetConsoleOutputCP
GetConsoleOutputCP
GetProcessHeap
GetProcessHeap
zcÃ
zcÃ
C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\RootGenius\shuame_helper.exe
C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\RootGenius\shuame_helper.exe
>">)>.>3>8>^>
>">)>.>3>8>^>
5.53585=5
5.53585=5
;/;4;9;];
;/;4;9;];
-0@0`0|0
-0@0`0|0
0 0$0(0,0
0 0$0(0,0
:"=0=4=8=
:"=0=4=8=
> >$>(>,>0>4>8>
> >$>(>,>0>4>8>
00L0~0
00L0~0
6 6@6`6|6
6 6@6`6|6
7 7
7 7
mscoree.dll
mscoree.dll