Gen.Variant.Barys.547_d340d14427

HEUR:Trojan-Downloader.Win32.Generic (Kaspersky), Gen:Variant.Barys.547 (B) (Emsisoft), Gen:Variant.Barys.547 (AdAware), Trojan-Banker.Win32.Brasil.FD, Trojan.Win32.Delphi.FD, Trojan.Win32.Sasfis.FD, VirTool.Win32.DelfInject.FD, mzpefinder_pcap_file.YR (Lavasoft MAS)Behaviour: Trojan-Downloader, Banker, Trojan, VirTool

The description has been automatically generated by Lavasoft Malware Analysis System and it may contain incomplete or inaccurate information.

66DDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDD6666/"!

66DDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDD6666/"!

?===>=>)=>(9"/

?===>=>)=>(9"/

'99(999:99770

'99(999:99770

""""3333""""

""""3333""""

fQTv....Rtlb

fQTv....Rtlb

:1 =;;= 1

:1 =;;= 1

===8:] ==;= 1

===8:] ==;= 1

:#==;= 1

:#==;= 1

::';;= 1

::';;= 1

:::'=;= 1

:::'=;= 1

*=== - ==;= 1

*=== - ==;= 1

== .- =;;= 1

== .- =;;= 1

#&'7'61=;= 1

#&'7'61=;= 1

%,./0000/0.-,%

%,./0000/0.-,%

*-....-..--*

*-....-..--*

$),,---.,-,)($

$),,---.,-,)($

%(*)))),)(%

%(*)))),)(%

}?|}?|}?|}?|}?|

}?|}?|}?|}?|}?|

"""!"""@

"""!"""@

3331333@

3331333@

0000000000

0000000000

00000000003

00000000003

60??0000

60??0000

...???0000?

...???0000?

000000000000

000000000000

0?.CPB@@iiggec\\Y@@!BBO 'P***C

0?.CPB@@iiggec\\Y@@!BBO 'P***C

.??0??...

.??0??...

.????0?.CCCC"mgec\\@@!BB 'P*CC'

.????0?.CCCC"mgec\\@@!BB 'P*CC'

.??00000??.Cc\Y@

.??00000??.Cc\Y@

00?.CP\@@BBO 'PC

00?.CP\@@BBO 'PC

C\\@@@!BB 'PP*CC.BO**PP OOOO 'PP**

C\\@@@!BB 'PP*CC.BO**PP OOOO 'PP**

U"""""Ã3333D"""""$

U"""""Ã3333D"""""$

#::""::#

#::""::#

33333330

33333330

%%%###==

%%%###==

=##%%%#/9

=##%%%#/9

%%%####%%####==

%%%####%%####==

]\[ZY/US*(%F

]\[ZY/US*(%F

$&)-/--)))"

$&)-/--)))"

$#$&)--)&&$'

$#$&)--)&&$'

($#$)--)-))&,

($#$)--)-))&,

*)&)-//--)%

*)&)-//--)%

')&)-////--!

')&)-////--!

1'$%'*...**'*"

1'$%'*...**'*"

1%#%'*. *'%%,

1%#%'*. *'%%,

-%#%'***..*'2

-%#%'***..*'2

,*'*..33.*6

,*'*..33.*6

/*'*....**)

/*'*....**)

,&$%&( . ((("

,&$%&( . ((("

,%$%(( ((&%*

,%$%(( ((&%*

*%$%( . (&-

*%$%( . (&-

) ( .... 0

) ( .... 0

,(( .... '

,(( .... '

.dddd

.dddd

3;88558;855//3-

3;88558;855//3-

3

3

#....JaJ,))))#

#....JaJ,))))#

;58;;80008;84 7

;58;;80008;84 7

8511-/0.

8511-/0.

`111/--/*

`111/--/*

7141----*

7141----*

8144----,'

8144----,'

66666666

66666666

..vEeeei4

..vEeeei4

2"""22%2"2"2"2"

2"""22%2"2"2"2"

555555555

555555555

3333""""#

3333""""#

B"""$DDDDDDD"""""""""""""""""""""""""%UUUUUUU""""Va

B"""$DDDDDDD"""""""""""""""""""""""""%UUUUUUU""""Va

fffffR"""%UUUUUUU""""(

fffffR"""%UUUUUUU""""(

11111111111

11111111111

000000000

000000000

7755555555555555

7755555555555555

1:

1:

KWindows

KWindows

UrlMon

UrlMon

rSqlTimSt

rSqlTimSt

0IdHTTPHeaderInfo

0IdHTTPHeaderInfo

IdTCPServer

IdTCPServer

IdTCPStream

IdTCPStream

.MaskEdEx

.MaskEdEx

Font.Charset

Font.Charset

Font.Color

Font.Color

Font.Height

Font.Height

Font.Name

Font.Name

Font.Style

Font.Style

Picture.Data

Picture.Data

.hs(9

.hs(9

.DT@i

.DT@i

.Xwwr

.Xwwr

T.NBQ

T.NBQ

l.EdV5N

l.EdV5N

>WH(BJ%s,

>WH(BJ%s,

Wm#&>9%UV

Wm#&>9%UV

L%US\

L%US\

.MxTw

.MxTw

d)q %xR

d)q %xR

$'%X6

$'%X6

-j}XT

-j}XT

%SpmM

%SpmM

\}-3}7

\}-3}7

%SqZ$S

%SqZ$S

q>.HX

q>.HX

}.iVsg;o

}.iVsg;o

Dw4.rm

Dw4.rm

`.ybr|

`.ybr|

UjV.kE

UjV.kE

>6Tm.rF

>6Tm.rF

i}%uV5/

i}%uV5/

'.xB

'.xB

z.YS^y

z.YS^y

.mj 6>

.mj 6>

ey.gZF

ey.gZF

cBEQ=.VL

cBEQ=.VL

544444444

544444444

b..N3gL%UJ

b..N3gL%UJ

.wa!!

.wa!!

!_%UY

!_%UY

T.Ct:R(@

T.Ct:R(@

]vM%U2X

]vM%U2X

.Sr]m

.Sr]m

L[;;;.Sj

L[;;;.Sj

.TYURV

.TYURV

Se|.Em(,

Se|.Em(,

dH6\%S

dH6\%S

4 [[[3

4 [[[3

?.FUd

?.FUd

...NII9

...NII9

Ai%SR#

Ai%SR#

q:\u~Mr

q:\u~Mr

%S

%S

I{.QP

I{.QP

W...Nh

W...Nh

rk.nFt

rk.nFt

yU%fo

yU%fo

D\>%f

D\>%f

.hmk^]

.hmk^]

Hg8%C

Hg8%C

,X`f%msg

,X`f%msg

dkeYe[Sc

dkeYe[Sc

JJJ%U

JJJ%U

JJJ%UO`

JJJ%UO`

%D|=*9P`

%D|=*9P`

Appearance.BackGroundColor

Appearance.BackGroundColor

Appearance.BorderColor

Appearance.BorderColor

Appearance.ActiveSegmentColor

Appearance.ActiveSegmentColor

Appearance.InActiveSegmentColor

Appearance.InActiveSegmentColor

clSilver!Appearance.TransitionSegmentColor

clSilver!Appearance.TransitionSegmentColor

Appearance.ProgressSegmentColor

Appearance.ProgressSegmentColor

O.kF{

O.kF{

WL^%U

WL^%U

QS-D}

QS-D}

29.Qm

29.Qm

1.2.0.1

1.2.0.1

X!%Ci

X!%Ci

Fu".VX1

Fu".VX1

m.HHHHl-

m.HHHHl-

p>KeY=

p>KeY=

`m.FD:D

`m.FD:D

n7g.oBn~a[

n7g.oBn~a[

.rN"X

.rN"X

!Appearance.TransitionSegmentColor

!Appearance.TransitionSegmentColor

/zv%s

/zv%s

(-joe}9

(-joe}9

!,*d-.Uag

!,*d-.Uag

.Vixb

.Vixb

.LScZ

.LScZ

.nK$j

.nK$j

?E.rxq

?E.rxq

%U$Zfn

%U$Zfn

,e)=

,e)=

B.

B.

h.Ug|

h.Ug|

KeYQ

KeYQ

X.MLj

X.MLj

}.PbgK

}.PbgK

keyv

keyv

K[%CS

K[%CS

Y-.UTi

Y-.UTi

Cu.Fud

Cu.Fud

.WQdm

.WQdm

#c&kEY

#c&kEY

MS.rk

MS.rk

.cJ%%:I

.cJ%%:I

u.oNX

u.oNX

1.2.0.0

1.2.0.0

y.VMM

y.VMM

G/.ZCw

G/.ZCw

=zx%uu

=zx%uu

.QY6k

.QY6k

A(..Faa!

A(..Faa!

.oK[n

.oK[n

Z.qd"

Z.qd"

.XQ^~

.XQ^~

.vvv)))w

.vvv)))w

J){.Vq

J){.Vq

%0U_~

%0U_~

U*.cx

U*.cx

!%%4

!%%4

/,,411155

/,,411155

2.Cslv

2.Cslv

~%ChwhX

~%ChwhX

q.cJ7

q.cJ7

:h

.mOY~

rssh7&

,%%%%u(

~p-w}O[

.GmHII

;s5%:1)%C

a\3d%f

5"%%u

.RNd6|>?

!%%%%%uh

aDv3#qb%F

.IDATx

7o.).NII

.Jh8g

3>41 5==#5

.jZwA

";.BZV

=7\.ig-V

`.My}4

%C X%

Ð^6&vY

P:\R~

iC'%%d

}:I%.TH

6-hW}s

7.SW]

%U(rP

.CePD"

 ((022266

ó6-

.dhRA

j-#)1%d

<.ky>
.xoPG
.hZ
/E\.nPW
X%DtH
C%F"0
$,C5.JK
%Sxc%
6*-===44
5J.xdw
iU
J.nit
mB.MV
UW]%S
.jB{=Y
%xBg&
.in;t
.WkCM
.eh=t
sg.sc
LoginDialog
Database Login
&Password:
PasswordDialog
Enter password
1.7.1.4
.trRa
"%.xL\
Y%FQ555Y
4>>.FT
oM.dA
K.gzw
t$W`.nq%
%C$BN
uuq%D
&%u
/.Xqb
%D`;*Z
%xrFZ
a}p%Du}mI
sSHQU
"!%%CT
version="1.0.0.0"
name="Microsoft.Windows.Common-Controls"
version="6.0.0.0"
publicKeyToken="6595b64144ccf1df"
MSGDLG
TMSGRPC
TMSGRPCD
TMSGRPCH
TMSGRPG
TMSGRPGD
TMSGRPGH
TMSGRPU
TMSGRPUD
TMSGRPUH
TSUIPASSWORDDIALOG
TSUIURLLABEL
TLOGINDIALOG
TPASSWORDDIALOG
Unsupported PixelFormat
Invalid stream operation
Invalid extension introducerúiled to allocate memory for GIF DIB
Invalid Image trailerAInternal error: Extension Instance does not match Extension Label,Unsupported Application Extension block size
Unknown GIF block type'Object type not supported for operation
Remote Login
Unsupported GIF version
cThis "Portable Network Graphics" image uses an unknown interlace scheme which could not be decoded.-The chunks must be compatible to be assigned.jThis "Portable Network Graphics" image is invalid because the decoder found an unexpected end of the file.8This "Portable Network Graphics" image contains no data.oSome operation could not be performed because the system is out of resources. Close some windows and try again.OThis operation is not valid because the current image contains no valid header.4The new size provided for image resizing is invalid.
%s is not a valid BCD value$Could not parse SQL TimeStamp string
Invalid SQL date/time values
OLE error %.8x.Method '%s' not supported by automation object/Variant does not reference an automation object7Dispatch methods do not support more than 64 parameters
SSL status: "%s"
Host field is emptyjThis "Portable Network Graphics" image is not valid because it contains invalid pieces of data (crc error)yThe "Portable Network Graphics" image could not be loaded because one of its main piece of data (ihdr) might be corruptedUThis "Portable Network Graphics" image is invalid because it has missing image parts.[Could not decompress the image because it contains invalid compressed data.
Description: BThe "Portable Network Graphics" image contains an invalid palette.
The file being readed is not a valid "Portable Network Graphics" image because it contains an invalid header. This file may be corruped, try obtaining it again.nThis "Portable Network Graphics" image is not supported or it might be invalid.
This "Portable Network Graphics" image is not supported because either it's width or height exceeds the maximum size, which is 65535 pixels length.
There is no such palette entry.dThis "Portable Network Graphics" image contains an unknown critical part which could not be decoded.pThis "Portable Network Graphics" image is encoded with an unknown compression scheme which could not be decoded.
Command not supported.
Address type not supported.$Error accepting connection with SSL.
Error creating SSL context. Could not load root certificate.
Could not load certificate.#Could not load key, check password.
Request rejected or failed.5Request rejected because SOCKS server cannot connect.QRequest rejected because the client program and identd report different user-ids.
Protocol family not supported.0Address family not supported by protocol family.
Socket is not connected..Cannot send or receive after socket is closed.#Too many references, cannot splice.
Operation would block.
Operation now in progress.
Operation already in progress.
Socket operation on non-socket.
Protocol not supported.
Socket type not supported."Operation not supported on socket.
Max line length exceeded.*Error on call Winsock2 library function %s&Error on loading Winsock2 library (%s)
Resolving hostname %s.
Connecting to %s.
Chunk StartedDThis authentication method is already registered with class name %s.
%s is not a valid service.
Socket Error # %d
Connection Closed Gracefully.;Could not bind socket. Address and port are already in use.4Failed attempting to retrieve time zone information.
File "%s" not found1Only one TIdAntiFreeze can exist per application.
No data to read.$Can not bind in port range (%d - %d)
Invalid Port Range (%d - %d)
Window Text=This control requires version 4.70 or greater of COMCTL32.DLL
Date exceeds maximum of %s
Date is less than minimum of %s4You must be in ShowCheckbox mode to set to this date#Failed to set calendar date or timeúiled to set maximum selection range$Failed to set calendar min/max rangeúiled to set calendar selected range
No help keyword specified.&Cannot change the size of a JPEG image
JPEG error #%d
No help found for %s#No context-sensitive help installed$No topic-based help system installed
Value must be between %d and %d
Invalid clipboard format Clipboard does not support Icons
Text exceeds memo capacity/Menu '%s' is already being used by another form
Error creating window class Cannot focus a disabled or invisible window!Control '%s' has no parent window
%s property out of range
Failed to set data for '%s'
Resource %s not found
%s.Seek not implemented$Operation not allowed on sorted list$%s not in a class registration group
Property %s does not exist
Thread creation error: %s
Thread Error: %s (%d)
Unsupported clipboard format
Invalid stream format$''%s'' is not a valid component name
Invalid property element: %s
Invalid property type: %s
Invalid data type for '%s' List capacity out of bounds (%d)
List count out of bounds (%d)
List index out of bounds (%d) Out of memory while expanding memory stream
Error reading %s%s%s: %s
Failed to get data for '%s'
Ancestor for '%s' not found
Cannot assign a %s to a %s
Bits index out of range*Can't write to a read-only resource streamECheckSynchronize called from thread $%x, which is NOT the main thread
Class %s not found
A class named %s already exists%List does not allow duplicates ($0%x)#A component named %s already exists%String list does not allow duplicates
Cannot create file "%s". %s
Cannot open file "%s". %s
Operation not supported
External exception %x
Interface not supported
%s (%s, line %d)
Abstract Error?Access violation at address %p in module '%s'. %s of address %p
System Error. Code: %d.
No argument for format '%s'"Variant method calls not supported
Invalid variant operation%Invalid variant operation (%s%.8x)
%s,Custom variant type (%s%.4x) is out of range/Custom variant type (%s%.4x) already used by %s*Custom variant type (%s%.4x) is not usable2Too many custom variant types have been registered5Could not convert variant of type (%s) into type (%s)=Overflow while converting variant of type (%s) into type (%s)
Integer overflow Invalid floating point operation
Invalid pointer operation
Invalid class typecast0Access violation at address %p. %s of address %p
Privileged instruction(Exception %s in module %s at %p.
Application Error1Format '%s' invalid or incompatible with argument
!'%s' is not a valid integer value('%s' is not a valid floating point value!'%s' is not a valid date and time
'%s' is not a valid GUID value
I/O error %d
2.3.4.5
1.0.0.1
AvastK.exe_1520:
.idata
.rdata
P.reloc
P.rsrc
kernel32.dll
Windows
MSWHEEL_ROLLMSG
MSH_WHEELSUPPORT_MSG
MSH_SCROLL_LINES_MSG
$*@@@*$@@@$ *@@* $@@($*)@-$*@@$-*@@$*-@@(*$)@-*$@@*-$@@*$-@@-* $@-$ *@* $-@$ *-@$ -*@*- $@($ *)(* $)
oleaut32.dll
EVariantBadIndexError
ssShift
htKeyword
EInvalidOperation
u%CNu
%s[%d]
%s_%d
EInvalidGraphicOperation
USER32.DLL
comctl32.dll
uxtheme.dll
Proportional
MAPI32.DLL
PasswordChar(
OnKeyDown
OnKeyPressD
OnKeyUph
ssHorizontal
OnKeyUpH
IE(AL("%s",4),"AL(\"%0:s\",3)","JK(\"%1:s\",\"%0:s\")")
JumpID("","%s")
TKeyEvent
TKeyPressEvent
HelpKeyword
crSQLWait
%s (%s)
imm32.dll
AutoHotkeysH
AutoHotkeys
ssHotTrack
TWindowState
poProportional
TWMKey
KeyPreview
WindowStatet
tagMSG
System\CurrentControlSet\Control\Keyboard Layouts\%.8x
vcltest3.dll
User32.dll
OnExecuteMacro
Service %s
Topic %s
OnActionExecutel
getservbyport
WSAAsyncGetServByPort
WSAJoinLeaf
WS2_32.DLL
127.0.0.1
TIdSocketListWindows
TIdStackWindowsU
IdStackWindows
%s, %d %s %d %s %s
ftpTransfer
ftpReady
ftpAborted
ClientPortMinT
ClientPortMax
Port
EIdCanNotBindPortInRange
EIdInvalidPortRangeSVW
saUsernamePassword
PasswordT
Port
0.0.0.1
TIdTCPConnection
TIdTCPConnection`
IdTCPConnection
EIdTCPConnectionError
TIdTCPClient
TIdTCPClient0
IdTCPClient
BoundPort
PortU
password
Password
IdHTTPHeaderInfo
ProxyPasswordT
ProxyPort
Mozilla/3.0 (compatible; Indy Library)
libeay32.dll
ssleay32.dll
SSL_CTX_use_PrivateKey_file
SSL_CTX_use_certificate_file
SSL_get_peer_certificate
SSL_CTX_set_default_passwd_cb
SSL_CTX_set_default_passwd_cb_userdata
SSL_CTX_check_private_key
X509_STORE_CTX_get_current_cert
des_set_key
sslvrfFailIfNoPeerCert
TPasswordEvent
Certificate
RootCertFile
CertFile
KeyFile
OnGetPasswordh'G
EIdOSSLLoadingRootCertError
EIdOSSLLoadingCertError
EIdOSSLLoadingKeyError
CommentURL
TIdHTTPMethod
IdHTTP
TIdHTTPOption
TIdHTTPOptions
TIdHTTPProtocolVersion
TIdHTTPOnRedirectEvent
TIdHTTPResponse
TIdHTTPResponsetqG
TIdHTTPRequest
TIdHTTPRequest,rG
TIdHTTPProtocol@sG
TIdCustomHTTP
TIdCustomHTTP@sG
TIdHTTP(uG
TIdHTTPptG
HTTPOptions
PortHeG
EIdHTTPProtocolException
application/x-www-form-urlencoded
HTTPS
https
This request method is supported in HTTP 1.1
HTTP/1.0 200 OK
HTTP/
msoe@microsoft.com
*.dbx
C:\Windows\winx.log
*.wab
*.mbx
*.mai
*.eml
*.tbb
*.mbox
1.2.3
Portable Network Graphics
c:\program files\borland\delphi7\Lib\AdvEdDD.pas
etPassword
TURLClickEvent
ShowURL
URLColor
PasswordChar
OnURLClick
COMCTL32.DLL
\EMBUTIR1.exe
cmd.exe /c "
EMBUTIR1.exe /stext
\senha.txt"
\winhelp32.txt
\h4714log.txt
\senha.txt
\autostart.bat
deflate 1.2.3 Copyright 1995-2005 Jean-loup Gailly
inflate 1.2.3 Copyright 1995-2005 Mark Adler
?456789:;
!"#$%&'()* ,-./0123
user32.dll
GetKeyboardType
advapi32.dll
RegOpenKeyExA
RegCloseKey
RegFlushKey
RegCreateKeyExA
WinExec
GetCPInfo
version.dll
gdi32.dll
SetViewportOrgEx
UnhookWindowsHookEx
SetWindowsHookExA
MsgWaitForMultipleObjects
MapVirtualKeyA
LoadKeyboardLayoutA
GetKeyboardState
GetKeyboardLayoutList
GetKeyboardLayout
GetKeyState
GetKeyNameTextA
EnumWindows
EnumThreadWindows
ActivateKeyboardLayout
ole32.dll
shell32.dll
ShellExecuteA
9!9%9)9-919
: :$:(:,:0:4:8:<:>
2%2 272>2
= =$=(=,=0=4=
8-858M8U8q8y8}8
6 6$6(6,6064686
515@5\5|5
3 3$3(3,3034383
2 2$282^2
1 1$1(1,1014181
!0%0)0-01080
5"5&5*5.52565
9.92969:9
5&545]5|5
.text
`.rdata
@.data
.rsrc
t{SSh
v%SSW
Mail PassView
Mozilla\Profiles
Software\Mozilla\Mozilla Thunderbird
%s\Main
sqlite3.dll
nss3.dll
%programfiles%\Mozilla Thunderbird
AddExportHeaderLine
%s %s %s
HTTPMail User Name
SMTP USer Name
HTTPMail Server
SMTP Server
POP3 Password2
IMAP Password2
HTTPMail Password2
SMTP Password2
POP3 Port
IMAP Port
HTTPMail Port
SMTP Port
HTTPMail Secure Connection
SMTP Secure Connection
SMTP Display Name
SMTP Email Address
POP3 Password
IMAP Password
HTTP Password
SMTP Password
HTTP User
SMTP User
HTTP Server URL
HTTP Port
HTTPMail Use SSL
SMTP Use SSL
%s\%s
PopPort
PopPassword
SMTPAccount
SMTPServer
SMTPPort
SMTPLogSecure
SMTPPassword
%s\Accounts
LoginName
SavePasswordText
ESMTPUsername
ESMTPPassword
POP3Password
fb.dat
%s@gmail.com
%s@yahoo.com
"Account","Login Name","Password","Web Site","Comments"
Software\Microsoft\Windows Messaging Subsystem\Profiles
Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles

%s %s
smtp
*.ini
netmsg.dll
Error %d: %s
menu_%d
dialog_%d
TranslatorURL
_lng.ini
%-18s: %s
%%-%d.%ds
%s
%s
%s%s
bgcolor="%s"
%s
%s%s>
%s>
report.html
*.txt
*.htm;*.html
*.xml
*.csv
Software\NirSoft\MailPassView
MailPassView
/skeepass
/deleteregkey
Failed to load the executable file !
mail.account.account
mail.server
port
mail.identity
signon.signonfilename
mailbox://%s@%s
imap://%s@%s
SELECT id, hostname, httpRealm, formSubmitURL, usernameField, passwordField, encryptedUsername, encryptedPassword FROM moz_logins
mailbox://%s
imap://%s
smtp://%s
signons.txt
signons.sqlite
prefs.js
Password.NET Messenger Service
User.NET Messenger Service
Passport.Net\*
ps:password
windowslive:name=
Exception %8.8X at address %8.8X in module %s
Stack Data: %s
Code Data: %s
mozsqlite3.dll
PK11_GetInternalKeySlot
PK11_CheckUserPassword
psapi.dll
pstorec.dll
5e7e8100-9138-11d1-945a-00c04fc308ff
00000000-0000-0000-0000-000000000000
220D5CD0-853A-11D0-84BC-00C04FD43F8F
220D5CD1-853A-11D0-84BC-00C04FD43F8F
220D5CC1-853A-11D0-84BC-00C04FD43F8F
417E2D75-84BD-11D0-84BB-00C04FD43F8F
Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
shlwapi.dll
%s%s
%s 
%s
size="%d"
color="#%s"
width="%s"
%s%s%s
SOFTWARE\Mozilla
mozilla
%s\bin
PathToExe
\sqlite3.dll
\mozsqlite3.dll
sqlite3_open
sqlite3_prepare
sqlite3_step
sqlite3_column_text
sqlite3_column_int
sqlite3_column_int64
sqlite3_finalize
sqlite3_close
sqlite3_exec
Software\Microsoft\Windows Mail
Software\Microsoft\Windows Live Mail
SMTP_Server
SMTP_User_Name
POP3_Password2
IMAP_Password2
NNTP_Password2
SMTP_Password2
SMTP_Email_Address
SMTP_Port
NNTP_Port
IMAP_Port
POP3_Port
SMTP_Secure_Connection
*.oeaccount
\Microsoft\Windows Mail
\Microsoft\Windows Live Mail
f:\Projects\VS2005\mailpv\Release\mailpv.pdb
msvcrt.dll
_acmdln
COMCTL32.dll
RPCRT4.dll
GetWindowsDirectoryA
KERNEL32.dll
EnumChildWindows
USER32.dll
GDI32.dll
comdlg32.dll
RegDeleteKeyA
RegEnumKeyA
RegEnumKeyExA
ADVAPI32.dll
SHELL32.dll
NirSoftPADPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDING`
hXXp://VVV.usertrust.com1
3hXXp://crl.usertrust.com/AddTrustExternalCARoot.crl05
hXXp://ocsp.usertrust.com0
1hXXp://crl.usertrust.com/UTN-USERFirst-Object.crl05
1hXXp://crl.usertrust.com/UTN-USERFirst-Object.crl0t
1hXXp://crt.usertrust.com/UTNAddTrustObject_CA.crt0%
hXXps://secure.comodo.net/CPS0A
0hXXp://crl.comodoca.com/COMODOCodeSigningCA2.crl0r
0hXXp://crt.comodoca.com/COMODOCodeSigningCA2.crt0$
hXXp://ocsp.comodoca.com0
support@nirsoft.net0
333333333333333333
33333833
3333339
3333333333333338
:*"*"$3338
3333333
33333333
33333333333
3333333333338
33338?383
333333333333
:*3:"$3338
333333333333333
KWindows
UrlMon
0IdHTTPHeaderInfo
 IdTCPServer
IdTCPStream
Font.Charset
Font.Color
Font.Height
Font.Name
Font.Style
Login
Picture.Data
-gGrgZ9}
Icon.Data
33333333333333333
%#%#%#%#%#%#%#%#%#%#%
.FoO'Z
%cj@3
ib&%s
.UNk%#r
 D.BCn
haz$.kI
tNG%s3
H.dKe
"j4W%u
is.Qfe
.dci,
PM%0x
ZX.kG
%s js \HB
=.FmK
X.Hl^2
.VY2U
%S>VV
3V.Kb
l%SFW[
6,%U@
RY.yAo2
uFÏ
.cJotqYm
L.bfQ
)b2Í
LabelFont.Charset
LabelFont.Color
LabelFont.Height
LabelFont.Name
LabelFont.Style
Lookup.Separator
2.9.1.4
G%sXj~z
%SSXt
.xak[`9
.mUIWJH
GN .SA
~cBMmSg'cemv
Equipe do Outlook.com
TIdHTTP
ProxyParams.BasicAuthentication
ProxyParams.ProxyPort
Request.ContentLength
Request.ContentRangeEnd
Request.ContentRangeStart
Request.ContentType
Request.Accept
Request.BasicAuthentication
Request.UserAgent
&Mozilla/3.0 (compatible; Indy Library)
VVV.google.com/Please log in to your Gmail account
VVV.google.com:443/Please log in to your Gmail account
VVV.google.com/Please log in to your Google Account
VVV.google.com:443/Please log in to your Google Account
VVV.google.com
dWindowsLive:name=*
abe2869f-9b47-4cd9-a358-c22904dba7f7
82BD0E67-9FEA-4748-8672-D5EFE5B779B0
Copy Password
&HTML Report - All Items
HTML R&eport - Selected Items
HTML Report - All Items
HTML Report - Selected Items
%d items
, %d Selected
Select Eudora.ini filename/Select the location of Thunderbird installation
Loading... %d
KeePass csv file
Eudora.ini file
SMTP
Windows Mail
Windows Live Mail
Server Port
Password Strength
SMTP Server Port
Mail Password Recovery
Mail PassView
This "Portable Network Graphics" image is not supported because either it's width or height exceeds the maximum size, which is 65535 pixels length.
There is no such palette entry.dThis "Portable Network Graphics" image contains an unknown critical part which could not be decoded.pThis "Portable Network Graphics" image is encoded with an unknown compression scheme which could not be decoded.cThis "Portable Network Graphics" image uses an unknown interlace scheme which could not be decoded.-The chunks must be compatible to be assigned.jThis "Portable Network Graphics" image is invalid because the decoder found an unexpected end of the file.8This "Portable Network Graphics" image contains no data.oSome operation could not be performed because the system is out of resources. Close some windows and try again.OThis operation is not valid because the current image contains no valid header.4The new size provided for image resizing is invalid.
SSL status: "%s"
Host field is emptyjThis "Portable Network Graphics" image is not valid because it contains invalid pieces of data (crc error)yThe "Portable Network Graphics" image could not be loaded because one of its main piece of data (ihdr) might be corruptedUThis "Portable Network Graphics" image is invalid because it has missing image parts.[Could not decompress the image because it contains invalid compressed data.
Description: BThe "Portable Network Graphics" image contains an invalid palette.
The file being readed is not a valid "Portable Network Graphics" image because it contains an invalid header. This file may be corruped, try obtaining it again.nThis "Portable Network Graphics" image is not supported or it might be invalid.
Command not supported.
Address type not supported.$Error accepting connection with SSL.
Error creating SSL context. Could not load root certificate.
Could not load certificate.#Could not load key, check password.
.Cannot send or receive after socket is closed.#Too many references, cannot splice.
Request rejected or failed.5Request rejected because SOCKS server cannot connect.QRequest rejected because the client program and identd report different user-ids.
Protocol not supported.
Socket type not supported."Operation not supported on socket.
Protocol family not supported.0Address family not supported by protocol family.
DThis authentication method is already registered with class name %s.
%s is not a valid service.
Socket Error # %d
Operation would block.
Operation now in progress.
Operation already in progress.
Socket operation on non-socket.
No data to read.$Can not bind in port range (%d - %d)
Invalid Port Range (%d - %d)
Max line length exceeded.*Error on call Winsock2 library function %s&Error on loading Winsock2 library (%s)
Resolving hostname %s.
Connecting to %s.
No help keyword specified.
Connection Closed Gracefully.;Could not bind socket. Address and port are already in use.4Failed attempting to retrieve time zone information.
File "%s" not found1Only one TIdAntiFreeze can exist per application.
8Listbox (%s) style must be virtual in order to set Count"Unable to find a Table of Contents
No help found for %s#No context-sensitive help installed$No topic-based help system installed
Invalid clipboard format Clipboard does not support Icons
Text exceeds memo capacity/Menu '%s' is already being used by another form
Error setting %s.Count
Cannot drag a form"An error returned from DDE ($0%x)/DDE Error - conversation not established ($0%x)0Error occurred when DDE ran out of memory ($0%x)"Unable to connect DDE conversation
Error creating window class Cannot focus a disabled or invisible window!Control '%s' has no parent window
$Operation not allowed on sorted list$%s not in a class registration group
Property %s does not exist
Thread creation error: %s
Thread Error: %s (%d)
Unsupported clipboard format
Invalid data type for '%s' List capacity out of bounds (%d)
List count out of bounds (%d)
List index out of bounds (%d) Out of memory while expanding memory stream
Error reading %s%s%s: %s
Failed to create key %s
Failed to get data for '%s'
Failed to set data for '%s'
Resource %s not found
%s.Seek not implemented
Ancestor for '%s' not found
Cannot assign a %s to a %s
Bits index out of range*Can't write to a read-only resource streamECheckSynchronize called from thread $%x, which is NOT the main thread
Class %s not found
A class named %s already exists%List does not allow duplicates ($0%x)#A component named %s already exists%String list does not allow duplicates
Cannot create file "%s". %s
Cannot open file "%s". %s
Unable to write to %s
Invalid stream format$''%s'' is not a valid component name
Operation not supported
External exception %x
Interface not supported
%s (%s, line %d)
Abstract Error?Access violation at address %p in module '%s'. %s of address %p
System Error. Code: %d.
1Format '%s' invalid or incompatible with argument
No argument for format '%s'"Variant method calls not supported
Invalid variant operation%Invalid variant operation (%s%.8x)
%s5Could not convert variant of type (%s) into type (%s)=Overflow while converting variant of type (%s) into type (%s)
Integer overflow Invalid floating point operation
Invalid pointer operation
Invalid class typecast0Access violation at address %p. %s of address %p
Privileged instruction(Exception %s in module %s at %p.
!'%s' is not a valid integer value('%s' is not a valid floating point value
'%s' is not a valid date
'%s' is not a valid time!'%s' is not a valid date and time
I/O error %d
1.5.4.3
1.0.0.0