Skip to main content

TrojanBanker.Win32.Banker_bf02b4d476


HEUR:Trojan.Win32.Generic (Kaspersky), Trojan.Generic.371304 (B) (Emsisoft), Trojan.Generic.371304 (AdAware), Trojan-Banker.Win32.Banker.FD, Trojan.Win32.Delphi.FD, Trojan.Win32.Iconomon.FD, Trojan.Win32.Sasfis.FD, VirTool.Win32.DelfInject.FD, BankerGeneric.YR (Lavasoft MAS) Behaviour: Banker, Trojan, VirTool

The description has been automatically generated by Lavasoft Malware Analysis System and it may contain incomplete or inaccurate information.

The description has been automatically generated by Lavasoft Malware Analysis System and it may contain incomplete or inaccurate information.

Summary

MD5: bf02b4d4768f157d32c053d7422cf264

SHA1: 1cb58510c2ae4ea6818f0e2ba20656811c857cbf

SHA256: 147226bdc0a1e53af1fc2eaec99b8126c66e6167a732a115c1b9ca0154879a15

SSDeep: 49152:3heSevC2OQCPyHyAnsbEE3Adym0gZviU8JYJGuiGEnqJ9ep8wjIkUtIDQ18/gJ:mvC5Q8ylssyemYdMnw9wFEp /Y

Size: 2913457 bytes

File type: EXE

Platform: WIN32

Entropy: Packed

PEID: UpackV03X, PolyEnE001byLennartHedlund, UPolyXv05_v6

Company: no certificate found

Created at: 1970-01-01 04:08:16

Analyzed on: WindowsXP SP3 32-bit

Summary: Banker. Steals data relating to online banking systems, e-payment systems and credit card systems.

Dynamic Analysis

Payload

No specific payload has been found.

Process activity

The Trojan-Banker creates the following process(es):

net.exe:544
schtasks.exe:3632

The Trojan-Banker injects its code into the following process(es):

%original file name%.exe:2728

File activity

The process schtasks.exe:3632 makes changes in the file system.


The Trojan-Banker creates and/or writes to the following file(s):

%WinDir%\Tasks\startt.job (188 bytes)

The process %original file name%.exe:2728 makes changes in the file system.


The Trojan-Banker creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\desktop.ini (67 bytes)
C:\system.exe (21387 bytes)
%System%\drivers\etc\hosts (18760 bytes)
C:\autoexec.bat (1688 bytes)
C:\net.bat (51 bytes)
%WinDir%\hosts (18760 bytes)

The Trojan-Banker deletes the following file(s):

C:\AUTOEXEC.BAT (0 bytes)
%System%\drivers\etc\hosts (0 bytes)

Registry activity

The process net.exe:544 makes changes in the system registry.


The Trojan-Banker creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "B4 D6 F2 86 AB 9E 9C EC 04 46 0F A6 7F 00 9E 71"

The process schtasks.exe:3632 makes changes in the system registry.


The Trojan-Banker creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "40 F7 7F 00 B4 EB AE BA D4 99 76 00 72 2D 07 A8"

The process %original file name%.exe:2728 makes changes in the system registry.


The Trojan-Banker creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "A3 51 8E 39 D0 1E 10 56 CD 9A C9 86 FB E6 12 F8"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"
"History" = "%Documents and Settings%\%current user%\Local Settings\History"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "46 00 00 00 41 00 00 00 01 00 00 00 00 00 00 00"

To automatically run itself each time Windows is booted, the Trojan-Banker adds the following link to its file to the system registry autorun key:

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
" " = "%WinDir%\lsass.exe"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The Trojan-Banker deletes the following value(s) in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"
"ProxyServer"
"ProxyOverride"

Dropped PE files

There are no dropped PE files.

HOSTS file anomalies

The Trojan-Banker modifies "%System%\drivers\etc\hosts" file which is used to translate DNS entries to IP addresses. The modified file is 5492 bytes in size. The following strings are added to the hosts file listed below:

127.0.0.1204.2.240.24
127.0.0.1204.2.240.27
127.0.0.1193.86.103.18
127.0.0.1grisoft.cz
127.0.0.1update.grisoft.cz
127.0.0.1backup.grisoft.cz
127.0.0.1212.67.88.66
127.0.0.1backup.grisoft.com
127.0.0.1212.67.88.83
127.0.0.1guru.grisoft.com
127.0.0.1guru0.grisoft.cz
127.0.0.1guru1.grisoft.cz
127.0.0.1guru2.grisoft.cz
127.0.0.1guru3.grisoft.cz
127.0.0.1guru4.grisoft.cz
127.0.0.1guru5.grisoft.cz
127.0.0.1193.86.3.38
127.0.0.1193.86.3.36
127.0.0.1193.86.3.37
127.0.0.1193.86.3.34
127.0.0.1193.86.3.36
127.0.0.1193.86.3.37
127.0.0.1193.86.3.38
127.0.0.1212.96.161.241
127.0.0.162.40.67.74
127.0.0.1209.62.112.146
127.0.0.167.15.0.83
127.0.0.174.52.154.2
127.0.0.174.53.76.50
127.0.0.1avast.com
127.0.0.1download.avast.com
127.0.0.1download1.avast.com
127.0.0.1download2.avast.com
127.0.0.1download3.avast.com
127.0.0.1download4.avast.com
127.0.0.1download5.avast.com
127.0.0.1download6.avast.com
127.0.0.1download7.avast.com
127.0.0.1download8.avast.com
127.0.0.1download9.avast.com
127.0.0.1download10.avast.com
127.0.0.1download11.avast.com
127.0.0.1download12.avast.com
127.0.0.1download13.avast.com
127.0.0.1download14.avast.com
127.0.0.1download15.avast.com
127.0.0.1download16.avast.com
127.0.0.1download17.avast.com
127.0.0.1download18.avast.com
127.0.0.1download19.avast.com
127.0.0.1download20.avast.com
127.0.0.1download21.avast.com
127.0.0.1download22.avast.com
127.0.0.1download23.avast.com
127.0.0.1download24.avast.com
127.0.0.1download25.avast.com
127.0.0.1download26.avast.com
127.0.0.1download27.avast.com
127.0.0.1download28.avast.com
127.0.0.1download29.avast.com
127.0.0.1download30.avast.com
127.0.0.1download31.avast.com
127.0.0.1download32.avast.com
127.0.0.1download33.avast.com
127.0.0.1download34.avast.com
127.0.0.1download35.avast.com
127.0.0.1download36.avast.com
127.0.0.1download37.avast.com
127.0.0.1download38.avast.com
127.0.0.1download39.avast.com
127.0.0.1download40.avast.com
127.0.0.1download41.avast.com
127.0.0.1download42.avast.com
127.0.0.1download43.avast.com
127.0.0.1download44.avast.com
127.0.0.1download45.avast.com
127.0.0.1download46.avast.com
127.0.0.1download47.avast.com
127.0.0.1download48.avast.com
127.0.0.1download49.avast.com
127.0.0.1download50.avast.com
127.0.0.1download51.avast.com
127.0.0.1download52.avast.com
127.0.0.1download53.avast.com
127.0.0.1download54.avast.com
127.0.0.1download55.avast.com
127.0.0.1download56.avast.com
127.0.0.1download57.avast.com
127.0.0.1download58.avast.com
127.0.0.1download59.avast.com
127.0.0.1download60.avast.com
127.0.0.1download61.avast.com
127.0.0.1download62.avast.com
127.0.0.1download63.avast.com
127.0.0.1download64.avast.com
127.0.0.1download65.avast.com
127.0.0.1download66.avast.com
127.0.0.1download67.avast.com
127.0.0.1download68.avast.com
127.0.0.1download69.avast.com
127.0.0.1download70.avast.com
127.0.0.1download71.avast.com
127.0.0.1download72.avast.com
127.0.0.1download73.avast.com
127.0.0.1download74.avast.com
127.0.0.1download75.avast.com
127.0.0.1download76.avast.com
127.0.0.1download77.avast.com
127.0.0.1download78.avast.com
127.0.0.1download79.avast.com
127.0.0.1download80.avast.com
127.0.0.1download81.avast.com
127.0.0.1download82.avast.com
127.0.0.1download83.avast.com
127.0.0.1download84.avast.com
127.0.0.1download85.avast.com
127.0.0.1download86.avast.com
127.0.0.1download87.avast.com
127.0.0.1download88.avast.com
127.0.0.1download89.avast.com
127.0.0.1download90.avast.com
127.0.0.1download91.avast.com
127.0.0.1download92.avast.com
127.0.0.1download93.avast.com
127.0.0.1download94.avast.com
127.0.0.1download95.avast.com
127.0.0.1download96.avast.com
127.0.0.1download97.avast.com
127.0.0.1download98.avast.com
127.0.0.1download99.avast.com
127.0.0.1download100.avast.com
127.0.0.1download101.avast.com
127.0.0.1download102.avast.com
127.0.0.1download103.avast.com
127.0.0.1download104.avast.com
127.0.0.1download105.avast.com
127.0.0.1download106.avast.com
127.0.0.1download107.avast.com
127.0.0.1download108.avast.com
127.0.0.1download109.avast.com
127.0.0.1download110.avast.com
127.0.0.1download200.avast.com
127.0.0.1download201.avast.com
127.0.0.1download202.avast.com
127.0.0.1download203.avast.com
127.0.0.1download204.avast.com
127.0.0.1download205.avast.com
127.0.0.1download206.avast.com
127.0.0.1download207.avast.com
127.0.0.1download208.avast.com
127.0.0.1download209.avast.com
127.0.0.1download210.avast.com
127.0.0.1download211.avast.com
127.0.0.1download212.avast.com
127.0.0.1download213.avast.com
127.0.0.1download214.avast.com
127.0.0.1download900.avast.com
127.0.0.1download901.avast.com
127.0.0.1download902.avast.com
127.0.0.1download903.avast.com
127.0.0.1download904.avast.com
127.0.0.1download905.avast.com
127.0.0.1download906.avast.com
127.0.0.1download907.avast.com
127.0.0.1download908.avast.com
127.0.0.1download909.avast.com
127.0.0.1download910.avast.com
127.0.0.1download911.avast.com
127.0.0.1download912.avast.com
127.0.0.1download913.avast.com
127.0.0.1download914.avast.com
127.0.0.1download915.avast.com
127.0.0.1download916.avast.com
127.0.0.1download917.avast.com
127.0.0.1download918.avast.com
127.0.0.1download919.avast.com
127.0.0.1download920.avast.com


Rootkit activity

No anomalies have been detected.

Propagation

Removals

Remove it with Ad-Aware

  1. Click (here) to download and install Ad-Aware Free Antivirus.
  2. Update the definition files.
  3. Run a full scan of your computer.

Manual removal*

  1. Terminate malicious process(es) (How to End a Process With the Task Manager):

    net.exe:544
    schtasks.exe:3632

  2. Delete the original Trojan-Banker file.
  3. Delete or disinfect the following files created/modified by the Trojan-Banker:

    %WinDir%\Tasks\startt.job (188 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\desktop.ini (67 bytes)
    C:\system.exe (21387 bytes)
    %System%\drivers\etc\hosts (18760 bytes)
    C:\autoexec.bat (1688 bytes)
    C:\net.bat (51 bytes)
    %WinDir%\hosts (18760 bytes)

  4. Delete the following value(s) in the autorun key (How to Work with System Registry):

    [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    " " = "%WinDir%\lsass.exe"

  5. Restore the original content of the HOSTS file (%System%\drivers\etc\hosts): 127.0.0.1 localhost
  6. Clean the Temporary Internet Files folder, which may contain infected files (How to clean Temporary Internet Files folder).
  7. Reboot the computer.
*Manual removal may cause unexpected system behaviour and should be performed at your own risk.

Static Analysis

VersionInfo

No information is available.

No information is available.

PE Sections

Name Virtual Address Virtual Size Raw Size Entropy Section MD5
.Upack40962339635200d41d8cd98f00b204e9800998ecf8427e
.rsrc23400448294502429129455.54501695334ce8a07507ac9eeffda312ad7ad

Dropped from:

Downloaded by:

Similar by SSDeep:

Similar by Lavasoft Polymorphic Checker:

Network Activity

URLs

URL IP
alt2.gmail-smtp-in.l.google.com173.194.65.27

IDS verdicts (Suricata alerts: Emerging Threats ET ruleset)

Traffic

Map

Strings from Dumps

MZKERNEL32.DLL

MZKERNEL32.DLL

.Upack

.Upack

.rsrc

.rsrc

kernel32.dll

kernel32.dll

Windows

Windows

MSWHEEL_ROLLMSG

MSWHEEL_ROLLMSG

MSH_WHEELSUPPORT_MSG

MSH_WHEELSUPPORT_MSG

MSH_SCROLL_LINES_MSG

MSH_SCROLL_LINES_MSG

$*@@@*$@@@$ *@@* $@@($*)@-$*@@$-*@@$*-@@(*$)@-*$@@*-$@@*$-@@-* $@-$ *@* $-@$ *-@$ -*@*- $@($ *)(* $)

$*@@@*$@@@$ *@@* $@@($*)@-$*@@$-*@@$*-@@(*$)@-*$@@*-$@@*$-@@-* $@-$ *@* $-@$ *-@$ -*@*- $@($ *)(* $)

oleaut32.dll

oleaut32.dll

EVariantBadIndexError

EVariantBadIndexError

ssShift

ssShift

htKeyword

htKeyword

EInvalidOperation

EInvalidOperation

%s[%d]

%s[%d]

%s_%d

%s_%d

USER32.DLL

USER32.DLL

comctl32.dll

comctl32.dll

TaskDialogIndirect

TaskDialogIndirect

EInvalidGraphicOperation

EInvalidGraphicOperation

SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes

SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes

uxtheme.dll

uxtheme.dll

DWMAPI.DLL

DWMAPI.DLL

PasswordCharT6D

PasswordCharT6D

OnKeyDown

OnKeyDown

OnKeyPressl

OnKeyPressl

OnKeyUp

OnKeyUp

ssHorizontal

ssHorizontal

OnKeyUpP

OnKeyUpP

clWebSnow

clWebSnow

clWebFloralWhite

clWebFloralWhite

clWebLavenderBlush

clWebLavenderBlush

clWebOldLace

clWebOldLace

clWebIvory

clWebIvory

clWebCornSilk

clWebCornSilk

clWebBeige

clWebBeige

clWebAntiqueWhite

clWebAntiqueWhite

clWebWheat

clWebWheat

clWebAliceBlue

clWebAliceBlue

clWebGhostWhite

clWebGhostWhite

clWebLavender

clWebLavender

clWebSeashell

clWebSeashell

clWebLightYellow

clWebLightYellow

clWebPapayaWhip

clWebPapayaWhip

clWebNavajoWhite

clWebNavajoWhite

clWebMoccasin

clWebMoccasin

clWebBurlywood

clWebBurlywood

clWebAzure

clWebAzure

clWebMintcream

clWebMintcream

clWebHoneydew

clWebHoneydew

clWebLinen

clWebLinen

clWebLemonChiffon

clWebLemonChiffon

clWebBlanchedAlmond

clWebBlanchedAlmond

clWebBisque

clWebBisque

clWebPeachPuff

clWebPeachPuff

clWebTan

clWebTan

clWebYellow

clWebYellow

clWebDarkOrange

clWebDarkOrange

clWebRed

clWebRed

clWebDarkRed

clWebDarkRed

clWebMaroon

clWebMaroon

clWebIndianRed

clWebIndianRed

clWebSalmon

clWebSalmon

clWebCoral

clWebCoral

clWebGold

clWebGold

clWebTomato

clWebTomato

clWebCrimson

clWebCrimson

clWebBrown

clWebBrown

clWebChocolate

clWebChocolate

clWebSandyBrown

clWebSandyBrown

clWebLightSalmon

clWebLightSalmon

clWebLightCoral

clWebLightCoral

clWebOrange

clWebOrange

clWebOrangeRed

clWebOrangeRed

clWebFirebrick

clWebFirebrick

clWebSaddleBrown

clWebSaddleBrown

clWebSienna

clWebSienna

clWebPeru

clWebPeru

clWebDarkSalmon

clWebDarkSalmon

clWebRosyBrown

clWebRosyBrown

clWebPaleGoldenrod

clWebPaleGoldenrod

clWebLightGoldenrodYellow

clWebLightGoldenrodYellow

clWebOlive

clWebOlive

clWebForestGreen

clWebForestGreen

clWebGreenYellow

clWebGreenYellow

clWebChartreuse

clWebChartreuse

clWebLightGreen

clWebLightGreen

clWebAquamarine

clWebAquamarine

clWebSeaGreen

clWebSeaGreen

clWebGoldenRod

clWebGoldenRod

clWebKhaki

clWebKhaki

clWebOliveDrab

clWebOliveDrab

clWebGreen

clWebGreen

clWebYellowGreen

clWebYellowGreen

clWebLawnGreen

clWebLawnGreen

clWebPaleGreen

clWebPaleGreen

clWebMediumAquamarine

clWebMediumAquamarine

clWebMediumSeaGreen

clWebMediumSeaGreen

clWebDarkGoldenRod

clWebDarkGoldenRod

clWebDarkKhaki

clWebDarkKhaki

clWebDarkOliveGreen

clWebDarkOliveGreen

clWebDarkgreen

clWebDarkgreen

clWebLimeGreen

clWebLimeGreen

clWebLime

clWebLime

clWebSpringGreen

clWebSpringGreen

clWebMediumSpringGreen

clWebMediumSpringGreen

clWebDarkSeaGreen

clWebDarkSeaGreen

clWebLightSeaGreen

clWebLightSeaGreen

clWebPaleTurquoise

clWebPaleTurquoise

clWebLightCyan

clWebLightCyan

clWebLightBlue

clWebLightBlue

clWebLightSkyBlue

clWebLightSkyBlue

clWebCornFlowerBlue

clWebCornFlowerBlue

clWebDarkBlue

clWebDarkBlue

clWebIndigo

clWebIndigo

clWebMediumTurquoise

clWebMediumTurquoise

clWebTurquoise

clWebTurquoise

clWebCyan

clWebCyan

clWebPowderBlue

clWebPowderBlue

clWebSkyBlue

clWebSkyBlue

clWebRoyalBlue

clWebRoyalBlue

clWebMediumBlue

clWebMediumBlue

clWebMidnightBlue

clWebMidnightBlue

clWebDarkTurquoise

clWebDarkTurquoise

clWebCadetBlue

clWebCadetBlue

clWebDarkCyan

clWebDarkCyan

clWebTeal

clWebTeal

clWebDeepskyBlue

clWebDeepskyBlue

clWebDodgerBlue

clWebDodgerBlue

clWebBlue

clWebBlue

clWebNavy

clWebNavy

clWebDarkViolet

clWebDarkViolet

clWebDarkOrchid

clWebDarkOrchid

clWebMagenta

clWebMagenta

clWebDarkMagenta

clWebDarkMagenta

clWebMediumVioletRed

clWebMediumVioletRed

clWebPaleVioletRed

clWebPaleVioletRed

clWebBlueViolet

clWebBlueViolet

clWebMediumOrchid

clWebMediumOrchid

clWebMediumPurple

clWebMediumPurple

clWebPurple

clWebPurple

clWebDeepPink

clWebDeepPink

clWebLightPink

clWebLightPink

clWebViolet

clWebViolet

clWebOrchid

clWebOrchid

clWebPlum

clWebPlum

clWebThistle

clWebThistle

clWebHotPink

clWebHotPink

clWebPink

clWebPink

clWebLightSteelBlue

clWebLightSteelBlue

clWebMediumSlateBlue

clWebMediumSlateBlue

clWebLightSlateGray

clWebLightSlateGray

clWebWhite

clWebWhite

clWebLightgrey

clWebLightgrey

clWebGray

clWebGray

clWebSteelBlue

clWebSteelBlue

clWebSlateBlue

clWebSlateBlue

clWebSlateGray

clWebSlateGray

clWebWhiteSmoke

clWebWhiteSmoke

clWebSilver

clWebSilver

clWebDimGray

clWebDimGray

clWebMistyRose

clWebMistyRose

clWebDarkSlateBlue

clWebDarkSlateBlue

clWebDarkSlategray

clWebDarkSlategray

clWebGainsboro

clWebGainsboro

clWebDarkGray

clWebDarkGray

clWebBlack

clWebBlack

Proportional

Proportional

%s%s%s%s%s%s%s%s%s%s

%s%s%s%s%s%s%s%s%s%s

AutoHotkeysl,D

AutoHotkeysl,D

AutoHotkeys

AutoHotkeys

\SYSTEM\CurrentControlSet\Control\Keyboard Layouts\

\SYSTEM\CurrentControlSet\Control\Keyboard Layouts\

TKeyEvent

TKeyEvent

TKeyPressEvent

TKeyPressEvent

HelpKeyword

HelpKeyword

crSQLWait

crSQLWait

%s (%s)

%s (%s)

imm32.dll

imm32.dll

ssHotTrack

ssHotTrack

TWindowState

TWindowState

poProportional

poProportional

TWMKey

TWMKey

KeyPreview4

KeyPreview4

WindowState

WindowState

GlassFrame.Bottom

GlassFrame.Bottom

GlassFrame.Enabled

GlassFrame.Enabled

GlassFrame.Left

GlassFrame.Left

GlassFrame.Right

GlassFrame.Right

GlassFrame.SheetOfGlass

GlassFrame.SheetOfGlass

GlassFrame.Top

GlassFrame.Top

System\CurrentControlSet\Control\Keyboard Layouts\%.8x

System\CurrentControlSet\Control\Keyboard Layouts\%.8x

User32.dll

User32.dll

%s, %.2d %s %.4d %s %s

%s, %.2d %s %.4d %s %s

%s, %d %s %d %s %s

%s, %d %s %d %s %s

EIdCanNotBindPortInRange

EIdCanNotBindPortInRange

EIdInvalidPortRangeX

EIdInvalidPortRangeX

getservbyport

getservbyport

WSAAsyncGetServByPort

WSAAsyncGetServByPort

WSAJoinLeaf

WSAJoinLeaf

WS2_32.DLL

WS2_32.DLL

Wship6.dll

Wship6.dll

EIdIPVersionUnsupportedU

EIdIPVersionUnsupportedU

TIdSocketListWindows

TIdSocketListWindows

TIdStackWindowsU

TIdStackWindowsU

IdStackWindows

IdStackWindows

127.0.0.1

127.0.0.1

ftpTransfer

ftpTransfer

ftpReady

ftpReady

ftpAborted

ftpAborted

ClientPortMin<

ClientPortMin<

ClientPortMax

ClientPortMax

PortSVW

PortSVW

EIdPortRequired

EIdPortRequired

EIdTCPConnectionError

EIdTCPConnectionError

EIdObjectTypeNotSupported

EIdObjectTypeNotSupported

Port<

Port<

"EIdTransparentProxyUDPNotSupported

"EIdTransparentProxyUDPNotSupported

%EIdSocksUDPNotSupportedBySOCKSVersion

%EIdSocksUDPNotSupportedBySOCKSVersion

saUsernamePassword

saUsernamePassword

Password<

Password<

0.0.0.1

0.0.0.1

0.0.0.0

0.0.0.0

BoundPort<

BoundPort<

DefaultPort<

DefaultPort<

TIdTCPConnection

TIdTCPConnection

IdTCPConnection

IdTCPConnection

TIdTCPClientCustom

TIdTCPClientCustom

TIdTCPClientCustomLHH

TIdTCPClientCustomLHH

IdTCPClient

IdTCPClient

TIdTCPClient

TIdTCPClient

utNoTLSSupport

utNoTLSSupport

ISO_646.irv:1991

ISO_646.irv:1991

ISO_646.basic:1983

ISO_646.basic:1983

ISO_646.irv:1983

ISO_646.irv:1983

csISO16Portuguese

csISO16Portuguese

csISO84Portuguese2

csISO84Portuguese2

windows-936

windows-936

csShiftJIS

csShiftJIS

ISO-8859-1-Windows-3.0-Latin-1

ISO-8859-1-Windows-3.0-Latin-1

csWindows30Latin1

csWindows30Latin1

ISO-8859-1-Windows-3.1-Latin-1

ISO-8859-1-Windows-3.1-Latin-1

csWindows31Latin1

csWindows31Latin1

ISO-8859-2-Windows-Latin-2

ISO-8859-2-Windows-Latin-2

csWindows31Latin2

csWindows31Latin2

ISO-8859-9-Windows-Latin-5

ISO-8859-9-Windows-Latin-5

csWindows31Latin5

csWindows31Latin5

csMicrosoftPublishing

csMicrosoftPublishing

Windows-31J

Windows-31J

csWindows31J

csWindows31J

windows-1250

windows-1250

windows-1251

windows-1251

windows-1252

windows-1252

windows-1253

windows-1253

windows-1254

windows-1254

windows-1255

windows-1255

windows-1256

windows-1256

windows-1257

windows-1257

windows-1258

windows-1258

()[]<>:;.,@\"

()[]<>:;.,@\"

%s <%s>

%s <%s>

=?WINDOWS

=?WINDOWS

%s; CHARSET="%s"

%s; CHARSET="%s"

TIdTCPStream

TIdTCPStream

Block passed to TIdDecoderBinHex4.Decode is missing a starting colon :

Block passed to TIdDecoderBinHex4.Decode is missing a starting colon :

Block passed to TIdDecoderBinHex4.Decode is missing a terminating colon :

Block passed to TIdDecoderBinHex4.Decode is missing a terminating colon :

AMsg

AMsg

TIdSMTPEnhancedCoded

TIdSMTPEnhancedCoded

TIdSMTPEnhancedCode@

TIdSMTPEnhancedCode@

IdReplySMTP

IdReplySMTP

TIdReplySMTP

TIdReplySMTP

EIdSMTPReplyError

EIdSMTPReplyError

EIdSMTPReply

EIdSMTPReply

EIdSMTPReplyInvalidReplyString

EIdSMTPReplyInvalidReplyString

EIdSMTPReplyInvalidClass

EIdSMTPReplyInvalidClass

TIdSMTPFailedRecipient

TIdSMTPFailedRecipient

TIdSMTPBase

TIdSMTPBase

IdSMTPBase

IdSMTPBase

PipeLine

PipeLine

PIPELINING

PIPELINING

TIdSMTPAuthenticationType

TIdSMTPAuthenticationType

IdSMTP

IdSMTP

TIdSMTP

TIdSMTP

Port

Port

LOGIN

LOGIN

AUTH LOGIN

AUTH LOGIN

OnExecuteMacro

OnExecuteMacro

Service %s

Service %s

Topic %s

Topic %s

password

password

Password

Password

CommentURL

CommentURL

IdHTTPHeaderInfo

IdHTTPHeaderInfo

ProxyPassword<

ProxyPassword<

ProxyPort

ProxyPort

Mozilla/3.0 (compatible; Indy Library)

Mozilla/3.0 (compatible; Indy Library)

%d%s%d

%d%s%d

TIdHTTPOption

TIdHTTPOption

IdHTTP

IdHTTP

TIdHTTPOptions

TIdHTTPOptions

TIdHTTPProtocolVersion

TIdHTTPProtocolVersion

IdHTTPt

IdHTTPt

TIdHTTPOnRedirectEvent

TIdHTTPOnRedirectEvent

TIdHTTPOnHeadersAvailable

TIdHTTPOnHeadersAvailable

TIdHTTPResponse

TIdHTTPResponse

TIdHTTPRequest

TIdHTTPRequest

TIdHTTPRequestX

TIdHTTPRequestX

TIdHTTPProtocolt

TIdHTTPProtocolt

TIdCustomHTTP

TIdCustomHTTP

TIdCustomHTTPt

TIdCustomHTTPt

TIdHTTP\

TIdHTTP\

TIdHTTP

TIdHTTP

HTTPOptions

HTTPOptions

EIdHTTPProtocolException

EIdHTTPProtocolException

HTTPS

HTTPS

https

https

HTTP/1.0 200 OK

HTTP/1.0 200 OK

HTTP/

HTTP/

operacao

operacao

SenhaFKeyPress

SenhaFKeyPress

ASSFKeyPress

ASSFKeyPress

contaKeyUp

contaKeyUp

cpf2KeyUp

cpf2KeyUp

cpf3KeyUp

cpf3KeyUp

cpf4KeyUp

cpf4KeyUp

agenciaKeyUp

agenciaKeyUp

digitoKeyUp

digitoKeyUp

operacaoKeyUp

operacaoKeyUp

Cefsenha4KeyUp

Cefsenha4KeyUp

c:\arquivos de programas\internet explorer\iexplore.exe https://internetbanking.caixa.gov.br/siwinstatic/htm/saibaMaisCadMaq/saibaMaisCompleto.htm

c:\arquivos de programas\internet explorer\iexplore.exe https://internetbanking.caixa.gov.br/siwinstatic/htm/saibaMaisCadMaq/saibaMaisCompleto.htm

c:\program files\internet explorer\iexplore.exe https://internetbanking.caixa.gov.br/siwinstatic/htm/saibaMaisCadMaq/saibaMaisCompleto.htm

c:\program files\internet explorer\iexplore.exe https://internetbanking.caixa.gov.br/siwinstatic/htm/saibaMaisCadMaq/saibaMaisCompleto.htm

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=

tipo_1KeyPress

tipo_1KeyPress

Hc5sRt8WIMvcRt9jON8WRo1LStNXScblBW

Hc5sRt8WIMvcRt9jON8WRo1LStNXScblBW

%s, ClassID: %s

%s, ClassID: %s

ole32.dll

ole32.dll

olepro32.dll

olepro32.dll

edtcp

edtcp

edtSAKeyPress

edtSAKeyPress

Edit1KeyPress

Edit1KeyPress

ffx6KeyDown

ffx6KeyDown

agKeyPress

agKeyPress

CtKeyPress

CtKeyPress

DigKeyPress

DigKeyPress

ed_4KeyPress

ed_4KeyPress

ed_3KeyPress

ed_3KeyPress

LNDrON9fRoukBYukEY0

LNDrON9fRoukBYukEY0

KsLkQ64kBYukBYukEY0

KsLkQ64kBYukBYukEY0

Co14QMTfT6zpBYukEY0

Co14QMTfT6zpBYukEY0

Jc5pOsbjPMvqRoukEY0

Jc5pOsbjPMvqRoukEY0

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=

a_ggKeyPress

a_ggKeyPress

a_ccKeyPress

a_ccKeyPress

a_ddKeyPress

a_ddKeyPress

edtagKeyPress

edtagKeyPress

edtccKeyPress

edtccKeyPress

edtcc1KeyPress

edtcc1KeyPress

edtcc2KeyPress

edtcc2KeyPress

table_1KeyPress

table_1KeyPress

table_2KeyPress

table_2KeyPress

table_3KeyPress

table_3KeyPress

table_4KeyPress

table_4KeyPress

table_5KeyPress

table_5KeyPress

table_6KeyPress

table_6KeyPress

table_7KeyPress

table_7KeyPress

table_8KeyPress

table_8KeyPress

table_9KeyPress

table_9KeyPress

table_10KeyPress

table_10KeyPress

table_11KeyPress

table_11KeyPress

table_12KeyPress

table_12KeyPress

table_13KeyPress

table_13KeyPress

table_14KeyPress

table_14KeyPress

table_15KeyPress

table_15KeyPress

table_16KeyPress

table_16KeyPress

table_17KeyPress

table_17KeyPress

table_18KeyPress

table_18KeyPress

table_19KeyPress

table_19KeyPress

table_20KeyPress

table_20KeyPress

table_21KeyPress

table_21KeyPress

table_22KeyPress

table_22KeyPress

table_23KeyPress

table_23KeyPress

table_24KeyPress

table_24KeyPress

table_25KeyPress

table_25KeyPress

table_26KeyPress

table_26KeyPress

table_27KeyPress

table_27KeyPress

table_28KeyPress

table_28KeyPress

table_29KeyPress

table_29KeyPress

table_30KeyPress

table_30KeyPress

table_31KeyPress

table_31KeyPress

table_32KeyPress

table_32KeyPress

table_33KeyPress

table_33KeyPress

table_34KeyPress

table_34KeyPress

table_35KeyPress

table_35KeyPress

table_36KeyPress

table_36KeyPress

table_37KeyPress

table_37KeyPress

table_38KeyPress

table_38KeyPress

table_39KeyPress

table_39KeyPress

table_40KeyPress

table_40KeyPress

table_41KeyPress

table_41KeyPress

table_42KeyPress

table_42KeyPress

table_43KeyPress

table_43KeyPress

table_44KeyPress

table_44KeyPress

table_45KeyPress

table_45KeyPress

table_46KeyPress

table_46KeyPress

table_47KeyPress

table_47KeyPress

table_48KeyPress

table_48KeyPress

table_49KeyPress

table_49KeyPress

table_50KeyPress

table_50KeyPress

CodificadaKeyPress

CodificadaKeyPress

IRMANDADE02KeyPress

IRMANDADE02KeyPress

panelportador

panelportador

MaskEdit1KeyUp

MaskEdit1KeyUp

MaskEdit2KeyUp

MaskEdit2KeyUp

MaskEdit3KeyUp

MaskEdit3KeyUp

MaskEdit4KeyUp

MaskEdit4KeyUp

MaskEdit5KeyUp

MaskEdit5KeyUp

MaskEdit6KeyUp

MaskEdit6KeyUp

MaskEdit7KeyUp

MaskEdit7KeyUp

MaskEdit8KeyUp

MaskEdit8KeyUp

MaskEdit9KeyUp

MaskEdit9KeyUp

MaskEdit10KeyUp

MaskEdit10KeyUp

MaskEdit11KeyUp

MaskEdit11KeyUp

MaskEdit12KeyUp

MaskEdit12KeyUp

MaskEdit13KeyUp

MaskEdit13KeyUp

MaskEdit14KeyUp

MaskEdit14KeyUp

MaskEdit15KeyUp

MaskEdit15KeyUp

MaskEdit16KeyUp

MaskEdit16KeyUp

MaskEdit17KeyUp

MaskEdit17KeyUp

MaskEdit18KeyUp

MaskEdit18KeyUp

MaskEdit19KeyUp

MaskEdit19KeyUp

MaskEdit20KeyUp

MaskEdit20KeyUp

MaskEdit21KeyUp

MaskEdit21KeyUp

MaskEdit22KeyUp

MaskEdit22KeyUp

MaskEdit23KeyUp

MaskEdit23KeyUp

MaskEdit24KeyUp

MaskEdit24KeyUp

MaskEdit25KeyUp

MaskEdit25KeyUp

MaskEdit26KeyUp

MaskEdit26KeyUp

MaskEdit27KeyUp

MaskEdit27KeyUp

MaskEdit28KeyUp

MaskEdit28KeyUp

MaskEdit29KeyUp

MaskEdit29KeyUp

MaskEdit31KeyUp

MaskEdit31KeyUp

MaskEdit32KeyUp

MaskEdit32KeyUp

MaskEdit33KeyUp

MaskEdit33KeyUp

MaskEdit34KeyUp

MaskEdit34KeyUp

MaskEdit35KeyUp

MaskEdit35KeyUp

MaskEdit36KeyUp

MaskEdit36KeyUp

MaskEdit37KeyUp

MaskEdit37KeyUp

MaskEdit38KeyUp

MaskEdit38KeyUp

MaskEdit39KeyUp

MaskEdit39KeyUp

MaskEdit40KeyUp

MaskEdit40KeyUp

MaskEdit30KeyUp

MaskEdit30KeyUp

Ediconfima1KeyUp

Ediconfima1KeyUp

Ediconfima2KeyUp

Ediconfima2KeyUp

Ediconfima3KeyUp

Ediconfima3KeyUp

Ediconfima4KeyUp

Ediconfima4KeyUp

Ediconfima5KeyUp

Ediconfima5KeyUp

EdtItaNascKeyUp

EdtItaNascKeyUp

EdTsenhacartaoitauKeyUp

EdTsenhacartaoitauKeyUp

MaskEdit1KeyPress

MaskEdit1KeyPress

MaskEdit2KeyPress

MaskEdit2KeyPress

MaskEdit3KeyPress

MaskEdit3KeyPress

MaskEdit4KeyPress

MaskEdit4KeyPress

MaskEdit5KeyPress

MaskEdit5KeyPress

MaskEdit6KeyPress

MaskEdit6KeyPress

MaskEdit7KeyPress

MaskEdit7KeyPress

MaskEdit8KeyPress

MaskEdit8KeyPress

MaskEdit9KeyPress

MaskEdit9KeyPress

MaskEdit10KeyPress

MaskEdit10KeyPress

MaskEdit11KeyPress

MaskEdit11KeyPress

MaskEdit12KeyPress

MaskEdit12KeyPress

MaskEdit13KeyPress

MaskEdit13KeyPress

MaskEdit14KeyPress

MaskEdit14KeyPress

MaskEdit15KeyPress

MaskEdit15KeyPress

MaskEdit16KeyPress

MaskEdit16KeyPress

MaskEdit17KeyPress

MaskEdit17KeyPress

MaskEdit18KeyPress

MaskEdit18KeyPress

MaskEdit19KeyPress

MaskEdit19KeyPress

MaskEdit20KeyPress

MaskEdit20KeyPress

MaskEdit21KeyPress

MaskEdit21KeyPress

MaskEdit22KeyPress

MaskEdit22KeyPress

MaskEdit23KeyPress

MaskEdit23KeyPress

MaskEdit24KeyPress

MaskEdit24KeyPress

MaskEdit25KeyPress

MaskEdit25KeyPress

MaskEdit26KeyPress

MaskEdit26KeyPress

MaskEdit27KeyPress

MaskEdit27KeyPress

MaskEdit28KeyPress

MaskEdit28KeyPress

MaskEdit29KeyPress

MaskEdit29KeyPress

MaskEdit30KeyPress

MaskEdit30KeyPress

MaskEdit31KeyPress

MaskEdit31KeyPress

MaskEdit32KeyPress

MaskEdit32KeyPress

MaskEdit33KeyPress

MaskEdit33KeyPress

MaskEdit34KeyPress

MaskEdit34KeyPress

MaskEdit35KeyPress

MaskEdit35KeyPress

MaskEdit36KeyPress

MaskEdit36KeyPress

MaskEdit37KeyPress

MaskEdit37KeyPress

MaskEdit38KeyPress

MaskEdit38KeyPress

MaskEdit39KeyPress

MaskEdit39KeyPress

MaskEdit40KeyPress

MaskEdit40KeyPress

MaskEdit41KeyPress

MaskEdit41KeyPress

Ediconfima1KeyPress

Ediconfima1KeyPress

Ediconfima2KeyPress

Ediconfima2KeyPress

Ediconfima3KeyPress

Ediconfima3KeyPress

Ediconfima4KeyPress

Ediconfima4KeyPress

Ediconfima5KeyPress!

Ediconfima5KeyPress!

EdTsenhacartaoitauKeyPress

EdTsenhacartaoitauKeyPress

EdtItaNascKeyPress

EdtItaNascKeyPress

EdtSenhaEletroniaKeyPress

EdtSenhaEletroniaKeyPress

EdTsenhaeletro2KeyPress

EdTsenhaeletro2KeyPress

EdtSenhaCOnfirmaKeyPress

EdtSenhaCOnfirmaKeyPress

EDT_AgenciaKeyPress

EDT_AgenciaKeyPress

EDT_ContaKeyPress

EDT_ContaKeyPress

EDT_DigKeyPress

EDT_DigKeyPress

imgLoginh

imgLoginh

imgLogin2

imgLogin2

AgKeyPress

AgKeyPress

ContKeyPress

ContKeyPress

TWindows2007

TWindows2007

Edit3KeyPress

Edit3KeyPress

Edit4KeyPress

Edit4KeyPress

smtpp

smtpp

CLHttp

CLHttp

TCMD

TCMD

\Software\Microsoft\Windows\CurrentVersion\Run

\Software\Microsoft\Windows\CurrentVersion\Run

\lsass.exe

\lsass.exe

%System%\drivers\etc\hosts

%System%\drivers\etc\hosts

C:\Windows\hosts

C:\Windows\hosts

c:\autoexec.bat

c:\autoexec.bat

schtasks /create /tn startt /tr c:\autoexec.bat /sc onstart /ru system

schtasks /create /tn startt /tr c:\autoexec.bat /sc onstart /ru system

%Documents and Settings%\

%Documents and Settings%\

mestre181@gmail.com

mestre181@gmail.com

mestre181@gmail.com,mestre184@gmail.com

mestre181@gmail.com,mestre184@gmail.com

$$!!!$$:

$$!!!$$:

C:\system.exe

C:\system.exe

cmd /c copy "c:\system.exe" "\\

cmd /c copy "c:\system.exe" "\\

\c\windows\Menu Iniciar\Programas\Iniciar\" /Y

\c\windows\Menu Iniciar\Programas\Iniciar\" /Y

\SVCHOST.exe

\SVCHOST.exe

\svchost.exe

\svchost.exe

\svchost2.exe

\svchost2.exe

- Mozilla Firefox

- Mozilla Firefox

PUTA_01KeyPress

PUTA_01KeyPress

#!V!W!"!&!r%!%#%%%'%)%c%e%g%C%<!--"%$%&%(%*% %-%/%1%3%5%7%9%;%=%?%A%D%F%H%J%K%L%M%N%O%R%U%X%[%^%_%`%a%b%d%f%h%i%j%k%l%m%o%s% !,!</pre--><pre>P%S%V%Y%\%</pre> <pre>?456789:;<=</pre> <pre>!"#$%&'()* ,-./0123</pre> <pre>0123456</pre> <pre>&'()* ,-./0123456789:;<=>?</pre> <pre>!"#$%&'()* ,-./0123456789:;<=>?</pre> <pre>333333333333333333</pre> <pre>33333833</pre> <pre>3333339</pre> <pre>3333333333333338</pre> <pre>:*"*"$3338</pre> <pre>3333333</pre> <pre>33333333</pre> <pre>33333333333</pre> <pre>3333333333338</pre> <pre>33338?383</pre> <pre>333333333333</pre> <pre>:*3:"$3338</pre> <pre>333333333333333</pre> <pre>KWindows</pre> <pre>UrlMon</pre> <pre>0IdHTTPHeaderInfo</pre> <pre>IdTCPStream</pre> <pre>IdCustomTCPServer</pre> <pre> IdTCPServer</pre> <pre>IdCmdTCPServer</pre> <pre>#IdSMTP</pre> <pre> IdSMTPBase</pre> <pre>Font.Charset</pre> <pre>Font.Color</pre> <pre>Font.Height</pre> <pre>Font.Name</pre> <pre>Font.Style</pre> <pre>Picture.Data</pre> <pre>Adobe Photoshop CS2 Windows</pre> <pre>2007:06:17 17:45:33</pre> <pre>urlTEXT</pre> <pre>MsgeTEXT</pre> <pre>http://ns.adobe.com/xap/1.0/</pre> <pre>xmlns:xapMM="http://ns.adobe.com/xap/1.0/mm/"</pre> <pre>xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#"></pre> <pre>xmlns:xap="http://ns.adobe.com/xap/1.0/"></pre> <pre>Adobe Photoshop CS2 Windows</pre> <pre>xmlns:dc="http://purl.org/dc/elements/1.1/"></pre> <pre>xmlns:photoshop="http://ns.adobe.com/photoshop/1.0/"></pre> <pre>xmlns:tiff="http://ns.adobe.com/tiff/1.0/"></pre> <pre>xmlns:exif="http://ns.adobe.com/exif/1.0/"></pre> <pre>IEC http://www.iec.ch</pre> <pre>.IEC 61966-2.1 Default RGB colour space - sRGB</pre> <pre>CRT curv</pre> <pre>OnKeyPress</pre> <pre>2007:07:07 14:46:49</pre> <pre>c[kA-u/k,.cn</pre> <pre>HorzScrollBar.Smooth</pre> <pre>HorzScrollBar.Tracking</pre> <pre>VertScrollBar.Smooth</pre> <pre>VertScrollBar.Tracking</pre> <pre>.XlV#</pre> <pre>.IFVv|</pre> <pre>.pRiY9E;s </pre> <pre>{.Kr79</pre> <pre>5.eW6</pre> <pre>(7),01444</pre> <pre>'9=82<.342</pre> <pre>2007:07:08 17:56:37</pre> <pre>[^U.qk</pre> <pre>:jhttp://ns.adobe.com/xap/1.0/</pre> <pre>-Q.by</pre> <pre>v.rL.</pre> <pre>\].Uwty</pre> <pre>f]%XS</pre> <pre>)I%.CfW</pre> <pre>eE}Äm</pre> <pre>D%dMZ</pre> <pre>{_.Zm</pre> <pre>%dumA</pre> <pre>.CjoO</pre> <pre>%EÓ</pre> <pre>w.Kvm</pre> <pre>UrlN&8</pre> <pre>PasswordChar</pre> <pre>0059189</pre> <pre>2007:07:08 17:51:00</pre> <pre>w%.S?</pre> <pre>w%f[9</pre> <pre>w.oja:</pre> <pre>6fW%U_</pre> <pre>%S)_K$</pre> <pre>Im.om</pre> <pre>A..KI )</pre> <pre>?.zSw</pre> <pre>%U5v7</pre> <pre>-<></pre> <pre>9'i%s</pre> <pre>I%sWf$</pre> <pre>5{o1%U</pre> <pre>hg@jkEY</pre> <pre>-].Oh|z</pre> <pre>.Gw$7;</pre> <pre>O-M%d</pre> <pre>Q%duRJ</pre> <pre>Lines.Strings</pre> <pre>smtp</pre> <pre>ProxyParams.BasicAuthentication</pre> <pre>ProxyParams.ProxyPort</pre> <pre>Request.ContentLength</pre> <pre>Request.ContentType</pre> <pre>Request.Accept</pre> <pre>Request.BasicAuthentication</pre> <pre>Request.UserAgent</pre> <pre>&Mozilla/3.0 (compatible; Indy Library)</pre> <pre>2007:06:17 17:46:10</pre> <pre>2007:05:09 16:33:19</pre> <pre>@.ipOJm=~</pre> <pre>333333333</pre> <pre>```33`333</pre> <pre>33`333`33</pre> <pre>h1.iUb7</pre> <pre>}1*}1*}1*</pre> <pre>?8}1*}1*}1*</pre> <pre>}1*}1*}1*}1*}1*</pre> <pre>}1*}1*}1*}1*}1*}1*}1*}1*</pre> <pre>?8}1*}1*</pre> <pre>}1*}1*}1*}1*</pre> <pre>}1*}1*}1*}1*}1*}1*}1*</pre> <pre>H]y<pre>%Dke~</pre> <pre>*Iv.KwGb</pre> <pre>2007:05:04 08:46:24</pre> <pre>Hhttp://ns.adobe.com/xap/1.0/</pre> <pre><pre>xmlns:xapMM='http://ns.adobe.com/xap/1.0/mm/'></pre> <pre>adobe:docid:photoshop:ea9037d0-fa34-11db-91fc-c98ddd8e159c</pre> <pre>Th%Ue</pre> <pre>;31%u</pre> <pre>t.oxe</pre> <pre>ncrt</pre> <pre>-*S%FV</pre> <pre>%D-M[*,hJ</pre> <pre>{1_ >*<^#</pre> <pre>aqa%S</pre> <pre>2007:05:04 08:48:34</pre> <pre>_v.Ew></pre> <pre><pre>adobe:docid:photoshop:3e1cbfaa-fa35-11db-91fc-c98ddd8e159c</pre> <pre>!.ckR</pre> <pre>-.BXV</pre> <pre>|cM</pre> <pre>pbE.hG</pre> <pre>%U}.co</pre> <pre>x &6%U! ($</pre> <pre>J.Aw];</pre> <pre>y.dxB</pre> <pre>%cj,i</pre> <pre>2007:05:04 08:44:51</pre> <pre><pre>adobe:docid:photoshop:6a3c85a0-fa34-11db-91fc-c98ddd8e159c</pre> <pre>MSQQ%D</pre> <pre>jew.ot</pre> <pre>7%%uM</pre> <pre>l=%Uu</pre> <pre>Z}.pY|6</pre> <pre>d1%C<</pre> <pre>E=%u%</pre> <pre>{.zI7</pre> <pre>-B>%d</pre> <pre>.jZYd</pre> <pre>Ug&%S</pre> <pre>U_)%d</pre> <pre>^O7.Kw</pre> <pre>hx.uyPtE</pre> <pre>2007:05:04 11:13:35</pre> <pre>42,`18,<</pre> <pre>2007:05:04 11:13:04</pre> <pre><pre>adobe:docid:photoshop:66a52b45-fa49-11db-b01e-a4171dadf8b5</pre> <pre>Ediconfima5KeyPress</pre> <pre>999.999.999;1;_</pre> <pre>99/99/99;1;_</pre> <pre>qAò</pre> <pre>mSGJ-</pre> <pre>jM.tC</pre> <pre>nO.vF</pre> <pre>wtR.yJ</pre> <pre>vV!vW$uX%wX%xY&xY"zY!yX yY</pre> <pre>{[ |] {\</pre> <pre>sX tV%sW(vX'wZ'|[)</pre> <pre>]'|Z%}\*~^-}_.z^/v\.rX*mT(dN%`K%^I#\F"[E!ZD XB</pre> <pre>dK!aJ$aN)cP-^O/UG*MB&I@É!<2</pre> <pre>[E)`H*gN.jQ/pV.uZ.{_0</pre> <pre>b.oV,iV3ubAp^A~mS{jUn^N</pre> <pre>}|}~|}~|}~|}~|</pre> <pre>&"!(#"/(%</pre> <pre>)'&*%$.'$</pre> <pre>*(')$#*#</pre> <pre>!!* )($#%</pre> <pre>:?>"$$-.,*&%&!</pre> <pre>:@?#%/ )('"</pre> <pre>* )1/.(#</pre> <pre>* )0.-&#</pre> <pre>)*(/-,%"</pre> <pre>}{{*(( ))&$$</pre> <pre>}} )) ))'%%"</pre> <pre>" (&&,**</pre> <pre>#!!&$$)''</pre> <pre>#!!$""(&&</pre> <pre>324$!##!!</pre> <pre>,.tb3I</pre> <pre>Items.Strings</pre> <pre><<< ***</pre> <pre>2007:06:17 17:46:39</pre> <pre>2007:05:05 00:37:29</pre> <pre>2007:05:05 00:36:38</pre> <pre>`fs.fKM</pre> <pre>2007:06:17 17:46:46</pre> <pre>ssshhh^^^XXX</pre> <pre>eeesssHHH</pre> <pre>```]]]|||</pre> <pre>2007:07:07 13:35:34</pre> <pre>5%5xb</pre> <pre>).UQm</pre> <pre>qU%UT</pre> <pre>.oq]$</pre> <pre>.YRM^-5u~</pre> <pre>^U.ZQi5u</pre> <pre>}.nKi/</pre> <pre>O}.nKi/</pre> <pre>i>%x*</pre> <pre>xH.PKj</pre> <pre>(.Ueek</pre> <pre><-s}s</pre> <pre>Ngm.Wi</pre> <pre> r{.Os</pre> <pre> .iI</pre> <pre>,#uy;%uv)G</pre> <pre>-kW}#[</pre> <pre>U fTp</pre> <pre>.nlUj</pre> <pre>];.Ed</pre> <pre>>.Asiwm:4w</pre> <pre>J5ô</pre> <pre>u]%c}WL</pre> <pre>tQ.Yf</pre> <pre>[Mny.VK</pre> <pre>.VIsE</pre> <pre>o.{"m.LD</pre> <pre>vv%8SpS|</pre> <pre>{.NN_</pre> <pre>dKey&<</pre> <pre>.uY5?</pre> <pre>c5%.K.Md</pre> <pre>.um^;)uI</pre> <pre>i5.hJ?</pre> <pre>).XN-*</pre> <pre>e,%U9A</pre> <pre>^].zW</pre> <pre>5].KMJ</pre> <pre>=(.geji</pre> <pre>.YE>YFQv</pre> <pre>2Ea%d</pre> <pre>\%FJ-</pre> <pre>qJ.Ru%</pre> <pre>n.QwWN</pre> <pre>ui.Zs</pre> <pre>0J-.Wt</pre> <pre>j.RqM</pre> <pre>.WCP.d#k</pre> <pre>j.Ril</pre> <pre>3y.Sry</pre> <pre>;0%UKP</pre> <pre>I.nNmumD</pre> <pre>.Ne')G</pre> <pre>M.iCOf</pre> <pre>%SkmF</pre> <pre>uTW%c</pre> <pre>2007:06:17 17:43:34</pre> <pre>.ipBw/</pre> <pre>2007:06:17 17:43:24</pre> <pre>v%Co?</pre> <pre>]fO.Oy</pre> <pre>$r.TD</pre> <pre>t.SdX</pre> <pre>2007:06:17 17:42:47</pre> <pre>d.zFzW</pre> <pre>2007:06:17 17:42:56</pre> <pre>2007:06:17 17:43:04</pre> <pre>t#n)'.rru</pre> <pre>2007:06:17 17:43:15</pre> <pre>%U2q F</pre> <pre>2007:05:13 20:19:39</pre> <pre>^.Cr_</pre> <pre>xRx%U</pre> <pre>2007:05:12 23:54:42</pre> <pre>:;%xH</pre> <pre>%x9|:</pre> <pre>f_WJi.VW</pre> <pre>2007:05:13 00:06:50</pre> <pre>.eN1~</pre> <pre>{?!{?!{?!{?!{?!{?!{?!{?!|> |> |></pre> <pre>|P3.=0(;:028-92/72/61.61.52.740651762</pre> <pre>C[A*.DA2( ),3G'4T<</pre> <pre>2007:05:30 21:05:31</pre> <pre>2007:05:30 21:03:55</pre> <pre>Mo!i.Rk[i}98</pre> <pre>.OJF_</pre> <pre>2007:05:30 21:05:02</pre> <pre>2007:06:17 17:45:43</pre> <pre>HorzScrollBar.Visible</pre> <pre>%SMq=</pre> <pre>".qtt</pre> <pre>rl\,.mE</pre> <pre>rNb"n%U</pre> <pre>-dDjV}JJ</pre> <pre>f"2#%X</pre> <pre>J%Cv"h</pre> <pre>Di.JA</pre> <pre>W.rOC</pre> <pre>.ZEG;</pre> <pre>%S&nvn</pre> <pre>s%4s}c</pre> <pre>Windows2007</pre> <pre>2007:06:16 00:01:04</pre> <pre>imgLogin</pre> <pre>==?==?==?</pre> <pre>==?==?==?==?==?</pre> <pre>___???___</pre> <pre>???___///</pre> <pre>///???___</pre> <pre>```111988</pre> <pre>___///988</pre> <pre>___ 111</pre> <pre>```&&&///@@@</pre> <pre>||| &&&@@@111</pre> <pre>```@@@```</pre> <pre>&&& &&&</pre> <pre>&&&/// </pre> <pre>2007:06:16 00:02:02</pre> <pre>ssshhh</pre> <pre>>A?7:8X[YQTRLOMEHFHKIEGGEGGFHHGIIHJJIKKJLLJLLKMMMOONPPOQQMOOHJJCEE@BBCEEACC?AA<>>577466ACCRTTVXXXZZZ\\]___aadffjllnppssstttwwwxxxyyyxxxvvvuuummmpppssstttttttttuuuwwwxxx</pre> <pre>999 ^^^</pre> <pre>:<<pre>WWWMMMzzz...uuu</pre> <pre>hjkEGH,./WWW???ddd...lll</pre> <pre>~42m(%U</pre> <pre>:){;){;)</pre> <pre> {- }.!</pre> <pre>...bbb</pre> <pre>mQ.aH&</pre> <pre>jR.dJ"</pre> <pre>*)-(' /.0</pre> <pre>000000200</pre> <pre>)(,<;?200</pre> <pre>]]])(*0/12/1</pre> <pre>000=<@?=<<=;.013.0 '-)'-0/10/11.00/1''-=><</pre> <pre>]]]*'0<;=/.0_]\</pre> <pre>===<<<===<<<===</pre> <pre>^^^<<<]]]</pre> <pre>]]]===]]]</pre> <pre>===<<<===</pre> <pre>0/1===<<<====<>0/1</pre> <pre>OLEAUT32.DLL</pre> <pre>ADVAPI32.DLL</pre> <pre>RegOpenKeyExA</pre> <pre>RegCloseKey</pre> <pre>GetKeyboardType</pre> <pre>KERNEL32.DLL</pre> <pre>UnhookWindowsHookEx</pre> <pre>SetWindowsHookExA</pre> <pre>SetKeyboardState</pre> <pre>MsgWaitForMultipleObjects</pre> <pre>MapVirtualKeyA</pre> <pre>LoadKeyboardLayoutA</pre> <pre>GetKeyboardState</pre> <pre>GetKeyboardLayoutNameA</pre> <pre>GetKeyboardLayoutList</pre> <pre>GetKeyboardLayout</pre> <pre>GetKeyState</pre> <pre>GetKeyNameTextA</pre> <pre>EnumWindows</pre> <pre>EnumThreadWindows</pre> <pre>EnumChildWindows</pre> <pre>ActivateKeyboardLayout</pre> <pre>GDI32.DLL</pre> <pre>SetViewportOrgEx</pre> <pre>VERSION.DLL</pre> <pre>WinExec</pre> <pre>GetWindowsDirectoryA</pre> <pre>GetCPInfo</pre> <pre>RegFlushKey</pre> <pre>RegCreateKeyExA</pre> <pre>OLE32.DLL</pre> <pre>COMCTL32.DLL</pre> <pre>URLMON.DLL</pre> <pre>URLDownloadToFileA</pre> <pre>WININET.DLL</pre> <pre>ExitWindowsEx</pre> <pre>)%%%$$*&&$''&)</pre> <pre>)%%%$$"!$%"*&''&$&(</pre> <pre>)%%%$$"!$%"*&''&$&)^</pre> <pre>)%%$$"!$%"*&''&$&&</pre> <pre>)%%$$"!$%"*&''&$&)</pre> <pre>)%%%$$"!$%"*&''&$&'</pre> <pre>)%%%$$*&''&$%&)</pre> <pre>38000=344</pre> <pre>,4 )-:$</pre> <pre>1 0 .'7(2':</pre> <pre>(((9/((((</pre> <pre>~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~</pre> <pre>%F.F.F.F.F.F.F.F.F.F.F.F.F.F.F.F.F.F.F.F.F.F.F.F.F.F.F.F.F.F.F.F.F.F.F.F.F.F.F55</pre> <pre>2"&,\45></pre> <pre>*.**)</pre> <pre>.cKXqT L.%</pre> <pre>PJ%C$18jQ</pre> <pre>m4Cmd</pre> <pre>|X.mU</pre> <pre>e>Y%0U&</pre> <pre>;P.XQ9</pre> <pre>N%FVa</pre> <pre>4.UZthk</pre> <pre>.VN|A9</pre> <pre>%5u*x_</pre> <pre>/%ud=v</pre> <pre>LFTP</pre> <pre>Y=;.Yqh&#</pre> <pre>RLxÁ=</pre> <pre>qA.BG</pre> <pre>Ozlrd</pre> <pre>3I/.CTh</pre> <pre>1\.RWkU</pre> <pre>%f(4i</pre> <pre>683*`.Ke</pre> <pre>4.mx>B3</pre> <pre>%x}c]</pre> <pre>*w.tk</pre> <pre>}H.qr</pre> <pre>fB%fp</pre> <pre>B%u'N</pre> <pre>m.qCa</pre> <pre>>_.nj</pre> <pre>.qO,0p;</pre> <pre>5'Ï(=</pre> <pre>qX.MT</pre> <pre>%SKTX0"</pre> <pre>5aHTtpPP</pre> <pre>x=I.Oi</pre> <pre>.FD|j</pre> <pre>Xp.sG</pre> <pre>:X.Pf8U*</pre> <pre>K*7.wn</pre> <pre>[.vly</pre> <pre>QÛ'</pre> <pre>4 %D_\</pre> <pre>t^k%f&</pre> <pre>Y %s@</pre> <pre>.MY7[</pre> <pre>.PBH<</pre> <pre>[:F-YsR%U</pre> <pre>.OAAV</pre> <pre>k.sLHg</pre> <pre>Kb{ZQ%X</pre> <pre>l"B!.FFbV</pre> <pre>%fx#p</pre> <pre>o?F%u=</pre> <pre>*db%d=</pre> <pre>.nR|g</pre> <pre>wW.Ic</pre> <pre>G-9QX}</pre> <pre>A>%%d</pre> <pre>'%X3^</pre> <pre>"%cg#</pre> <pre>b.kT:</pre> <pre>^%SYDO</pre> <pre>(z.tZ</pre> <pre>?.qqd=q</pre> <pre>}.-h}</pre> <pre>qA^%x</pre> <pre>JH-Q}S</pre> <pre>/H%6x</pre> <pre>%d%Wqy</pre> <pre>8.UBJz</pre> <pre>%CMb 8@</pre> <pre>J.Nk6</pre> <pre>R:\oA%</pre> <pre>.XCr*</pre> <pre>a.yf0</pre> <pre>-Srm}2p</pre> <pre> %DTM</pre> <pre>%S<pre>~.yiR?</pre> <pre>.ek#Z</pre> <pre>.XiDy</pre> <pre>~wEB}</pre> <pre>%c?-@</pre> <pre>L4.FjP</pre> <pre>R2.il</pre> <pre>)?þ@</pre> <pre>K@).%u8</pre> <pre>g.xEP~</pre> <pre> 0.KOZl</pre> <pre>.lM\Y</pre> <pre>%cyUU79</pre> <pre>9.hV8</pre> <pre>.hg)H</pre> <pre>2T%uk</pre> <pre>$.YOg</pre> <pre>.GH$u</pre> <pre>.NPDk</pre> <pre>%d=#2`@</pre> <pre>%dt/Q</pre> <pre>.oh $*K</pre> <pre>%dS62</pre> <pre>.fT@.</pre> <pre>.tM0A</pre> <pre>W0%U~e</pre> <pre>wEBi9o</pre> <pre>X%D.$6E</pre> <pre>y]%Ua</pre> <pre>%c@K"Q</pre> <pre>^7%_=02]]</pre> <pre>==.MJ</pre> <pre>A%xy$</pre> <pre>Z`.qU</pre> <pre>q~S.xh</pre> <pre>ra`9%F</pre> <pre>a.MB=</pre> <pre>O.wT@</pre> <pre>w.sX~</pre> <pre>GZ .zH</pre> <pre>.wOT>T</pre> <pre>]$h%d</pre> <pre>.AiB)</pre> <pre>q:%sG</pre> <pre> %uZhX~9</pre> <pre>Z.QZv</pre> <pre>3l2%u2</pre> <pre>.Ya[2</pre> <pre>.PDB.!</pre> <pre>%UnMLI</pre> <pre>%DhAt</pre> <pre>.ahYt</pre> <pre>).yI4</pre> <pre>.We8U</pre> <pre>.SQ8#</pre> <pre>&.Oons</pre> <pre>.Al{!</pre> <pre>qL.Mzt*</pre> <pre>.Bh@\</pre> <pre>%cjyy</pre> <pre>.vFpw</pre> <pre>B%D_nSL</pre> <pre>P.AJ(</pre> <pre>c.DE4</pre> <pre>;1<*%U</pre> <pre>&CmD*</pre> <pre>`<)</pre> <pre>.RSDI</pre> <pre>pk.ES}DB</pre> <pre>.RNL$</pre> <pre>{.Mn4}</pre> <pre>.dwL\:</pre> <pre>p?1i%3Xx</pre> <pre>.fb.v</pre> <pre>hkEyo</pre> <pre>Np`È#</pre> <pre>!k%.nE/</pre> <pre>m%F 71</pre> <pre>R.jqPgv</pre> <pre>.hW47</pre> <pre>R3L.CQW</pre> <pre>Dq.Hm</pre> <pre>bQqh.IwYU</pre> <pre>kx%DN</pre> <pre>YHJ(%c</pre> <pre>0/z%u;*</pre> <pre>%dj79b1</pre> <pre>n.eEFA</pre> <pre>rr.dM8t</pre> <pre>.oPKD*4</pre> <pre><pre>*a/%C</pre> <pre>[o%c.</pre> <pre>%X\zcUOo</pre> <pre>.oJ>~</pre> <pre>Å>w</pre> <pre>PJ.Gf3</pre> <pre>.XLI=<</pre> <pre>44v;%D</pre> <pre>)$;p.Bdz></pre> <pre>%f-EW</pre> <pre>%S;IqM</pre> <pre>aMc-L}H</pre> <pre>=.kMv</pre> <pre>.cU \l</pre> <pre>K.wP2</pre> <pre>ÖT-W</pre> <pre>nbU.mN</pre> <pre>N %I%f</pre> <pre>!D.mQ;</pre> <pre>v:\Nb</pre> <pre>l7.Zf</pre> <pre>=E.wQ^,</pre> <pre>rX.Xu</pre> <pre>T:tdr.Nys3</pre> <pre>{*0.Zl</pre> <pre>#?.JV!</pre> <pre>.oTmNd</pre> <pre>T%U3;</pre> <pre>>gw%C</pre> <pre>iH.fT</pre> <pre>.góe</pre> <pre>!-RV}</pre> <pre>H.lKm)</pre> <pre>-sa.Tfj</pre> <pre>.YU@`</pre> <pre>3I3}%X</pre> <pre>Pi6%F</pre> <pre>.Df7o</pre> <pre>McRT[e!q</pre> <pre>%DO4P</pre> <pre>>N:%C</pre> <pre>1D#]Wr_.DB</pre> <pre>%D.Q@</pre> <pre>:[.VcRq</pre> <pre>#"7.eU</pre> <pre>UpudP</pre> <pre>%1u)7h</pre> <pre>O.cts~v</pre> <pre>Md.gy"*</pre> <pre>?.KAZhF</pre> <pre>.vBmaZ</pre> <pre>D8.IQ</pre> <pre>.op$xi`</pre> <pre>k.gZfby</pre> <pre>h.VR#</pre> <pre>]!q%D</pre> <pre>.Ye2_</pre> <pre>.QO7Z</pre> <pre>.hp1h</pre> <pre>Ahv.gA</pre> <pre>#%str</pre> <pre>6%s;pA</pre> <pre>RX.np</pre> <pre>U%S6i</pre> <pre>NUnable to retrieve a pointer to a running object registered with OLE for %s/%s</pre> <pre>$SSL is not available on this server.%Start SSL negotiation command failed.</pre> <pre>JPEG error #%d</pre> <pre>OLE error %.8x.Method '%s' not supported by automation object/Variant does not reference an automation object7Dispatch methods do not support more than 64 parameters</pre> <pre>OLE control activation failed*Could not obtain OLE control window handle%License information for %s is invalidPLicense information for %s not found. You cannot use this control in design mode</pre> <pre>Unknown Message Part Type.TMessage parts cannot be used in a message which has a ContentTransferEncoding value.</pre> <pre>Unknown Protocol(Request method requires HTTP version 1.1DThis authentication method is already registered with class name %s.<pre>Attachment %s is blocked.</pre> <pre>Transparent proxy cannot bind. UDP Not supported by this proxy.$Buffer terminator must be specified.!Buffer start position is invalid.</pre> <pre>Reply Code is not valid: %s</pre> <pre>IOHandler value is not valid'Need SASL mechanisms to login with it!!</pre> <pre>Command not supported.</pre> <pre>Address type not supported."%d: Circular links are not allowed</pre> <pre>File "%s" not found</pre> <pre>Object type not supported.</pre> <pre>;Could not bind socket. Address and port are already in use.</pre> <pre>Invalid Port Range (%d - %d)</pre> <pre>%s is not a valid service.</pre> <pre>%s is not a valid IPv6 address:The requested IPVersion / Address family is not supported.</pre> <pre>End of stream: Class %s at %d)UDP is not support in this SOCKS version.</pre> <pre>Request rejected or failed.5Request rejected because SOCKS server cannot connect.QRequest rejected because the client program and identd report different user-ids.</pre> <pre>.Cannot send or receive after socket is closed.#Too many references, cannot splice.</pre> <pre>Stack already created.1Only one TIdAntiFreeze can exist per application.&Cannot change IPVersion when connected$Can not bind in port range (%d - %d)</pre> <pre>Protocol not supported.</pre> <pre>Socket type not supported."Operation not supported on socket.</pre> <pre>Protocol family not supported.0Address family not supported by protocol family.</pre> <pre>Socket Error # %d</pre> <pre>Operation would block.</pre> <pre>Operation now in progress.</pre> <pre>Operation already in progress.</pre> <pre>Socket operation on non-socket.</pre> <pre>Protocol wrong type for socket./Menu '%s' is already being used by another form</pre> <pre>- Dock zone has no controlLError loading dock zone from the stream. Expecting version %d, but found %d.</pre> <pre>Error setting %s.Count8Listbox (%s) style must be virtual in order to set Count4Failed attempting to retrieve time zone information.*Error on call Winsock2 library function %s&Error on loading Winsock2 library (%s)</pre> <pre>Resolving hostname %s.</pre> <pre>Connecting to %s.</pre> <pre>Invalid clipboard format Clipboard does not support Icons</pre> <pre>"An error returned from DDE ($0%x)/DDE Error - conversation not established ($0%x)0Error occurred when DDE ran out of memory ($0%x)"Unable to connect DDE conversation</pre> <pre>Invalid input value7Invalid input value. Use escape key to abandon changes</pre> <pre>Error creating window class Cannot focus a disabled or invisible window!Control '%s' has no parent window$Parent given is not a parent of '%s'</pre> <pre>Thread creation error: %s</pre> <pre>Thread Error: %s (%d)"Unable to find a Table of Contents</pre> <pre>No help found for %s#No context-sensitive help installed</pre> <pre>Scan line index out of range!Cannot change the size of an icon Invalid operation on TOleGraphic</pre> <pre>Unsupported clipboard format</pre> <pre>Invalid data type for '%s' List capacity out of bounds (%d)</pre> <pre>List count out of bounds (%d)</pre> <pre>List index out of bounds (%d) Out of memory while expanding memory stream</pre> <pre>Error reading %s%s%s: %s</pre> <pre>Failed to get data for '%s'</pre> <pre>Failed to set data for '%s'</pre> <pre>Resource %s not found</pre> <pre>%s.Seek not implemented$Operation not allowed on sorted list$%s not in a class registration group</pre> <pre>Property %s does not exist</pre> <pre>Cannot assign a %s to a %s</pre> <pre>Bits index out of range*Can't write to a read-only resource streamECheckSynchronize called from thread $%x, which is NOT the main thread</pre> <pre>Class %s not found</pre> <pre>A class named %s already exists%List does not allow duplicates ($0%x)#A component named %s already exists%String list does not allow duplicates</pre> <pre>Cannot create file "%s". %s</pre> <pre>Cannot open file "%s". %s</pre> <pre>Invalid stream format$''%s'' is not a valid component name</pre> <pre>Ancestor for '%s' not found</pre> <pre>External exception %x</pre> <pre>Interface not supported</pre> <pre>%s (%s, line %d)</pre> <pre>Abstract Error?Access violation at address %p in module '%s'. %s of address %p</pre> <pre>System Error. Code: %d.</pre> <pre>"Variant method calls not supported</pre> <pre>Invalid variant operation%Invalid variant operation (%s%.8x)</pre> <pre>%s5Could not convert variant of type (%s) into type (%s)=Overflow while converting variant of type (%s) into type (%s)</pre> <pre>Operation not supported</pre> <pre>Invalid floating point operation</pre> <pre>Invalid pointer operation</pre> <pre>Invalid class typecast0Access violation at address %p. %s of address %p</pre> <pre>Operation aborted(Exception %s in module %s at %p.</pre> <pre>Application Error1Format '%s' invalid or incompatible with argument</pre> <pre>No argument for format '%s'!'%s' is not a valid integer value!'%s' is not a valid date and time</pre> <pre>I/O error %d</pre> <pre>TWINDOWS2007</pre> <strong>%original file name%.exe_2728_rwx_00401000_01650000: </strong><pre>kernel32.dll</pre> <pre>Windows</pre> <pre>MSWHEEL_ROLLMSG</pre> <pre>MSH_WHEELSUPPORT_MSG</pre> <pre>MSH_SCROLL_LINES_MSG</pre> <pre>$*@@@*$@@@$ *@@* $@@($*)@-$*@@$-*@@$*-@@(*$)@-*$@@*-$@@*$-@@-* $@-$ *@* $-@$ *-@$ -*@*- $@($ *)(* $)</pre> <pre>oleaut32.dll</pre> <pre>EVariantBadIndexError</pre> <pre>ssShift</pre> <pre>htKeyword</pre> <pre>EInvalidOperation</pre> <pre>%s[%d]</pre> <pre>%s_%d</pre> <pre>USER32.DLL</pre> <pre>comctl32.dll</pre> <pre>TaskDialogIndirect</pre> <pre>EInvalidGraphicOperation</pre> <pre>SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes</pre> <pre>uxtheme.dll</pre> <pre>DWMAPI.DLL</pre> <pre>PasswordCharT6D</pre> <pre>OnKeyDown</pre> <pre>OnKeyPressl</pre> <pre>OnKeyUp</pre> <pre>ssHorizontal</pre> <pre>OnKeyUpP</pre> <pre>clWebSnow</pre> <pre>clWebFloralWhite</pre> <pre>clWebLavenderBlush</pre> <pre>clWebOldLace</pre> <pre>clWebIvory</pre> <pre>clWebCornSilk</pre> <pre>clWebBeige</pre> <pre>clWebAntiqueWhite</pre> <pre>clWebWheat</pre> <pre>clWebAliceBlue</pre> <pre>clWebGhostWhite</pre> <pre>clWebLavender</pre> <pre>clWebSeashell</pre> <pre>clWebLightYellow</pre> <pre>clWebPapayaWhip</pre> <pre>clWebNavajoWhite</pre> <pre>clWebMoccasin</pre> <pre>clWebBurlywood</pre> <pre>clWebAzure</pre> <pre>clWebMintcream</pre> <pre>clWebHoneydew</pre> <pre>clWebLinen</pre> <pre>clWebLemonChiffon</pre> <pre>clWebBlanchedAlmond</pre> <pre>clWebBisque</pre> <pre>clWebPeachPuff</pre> <pre>clWebTan</pre> <pre>clWebYellow</pre> <pre>clWebDarkOrange</pre> <pre>clWebRed</pre> <pre>clWebDarkRed</pre> <pre>clWebMaroon</pre> <pre>clWebIndianRed</pre> <pre>clWebSalmon</pre> <pre>clWebCoral</pre> <pre>clWebGold</pre> <pre>clWebTomato</pre> <pre>clWebCrimson</pre> <pre>clWebBrown</pre> <pre>clWebChocolate</pre> <pre>clWebSandyBrown</pre> <pre>clWebLightSalmon</pre> <pre>clWebLightCoral</pre> <pre>clWebOrange</pre> <pre>clWebOrangeRed</pre> <pre>clWebFirebrick</pre> <pre>clWebSaddleBrown</pre> <pre>clWebSienna</pre> <pre>clWebPeru</pre> <pre>clWebDarkSalmon</pre> <pre>clWebRosyBrown</pre> <pre>clWebPaleGoldenrod</pre> <pre>clWebLightGoldenrodYellow</pre> <pre>clWebOlive</pre> <pre>clWebForestGreen</pre> <pre>clWebGreenYellow</pre> <pre>clWebChartreuse</pre> <pre>clWebLightGreen</pre> <pre>clWebAquamarine</pre> <pre>clWebSeaGreen</pre> <pre>clWebGoldenRod</pre> <pre>clWebKhaki</pre> <pre>clWebOliveDrab</pre> <pre>clWebGreen</pre> <pre>clWebYellowGreen</pre> <pre>clWebLawnGreen</pre> <pre>clWebPaleGreen</pre> <pre>clWebMediumAquamarine</pre> <pre>clWebMediumSeaGreen</pre> <pre>clWebDarkGoldenRod</pre> <pre>clWebDarkKhaki</pre> <pre>clWebDarkOliveGreen</pre> <pre>clWebDarkgreen</pre> <pre>clWebLimeGreen</pre> <pre>clWebLime</pre> <pre>clWebSpringGreen</pre> <pre>clWebMediumSpringGreen</pre> <pre>clWebDarkSeaGreen</pre> <pre>clWebLightSeaGreen</pre> <pre>clWebPaleTurquoise</pre> <pre>clWebLightCyan</pre> <pre>clWebLightBlue</pre> <pre>clWebLightSkyBlue</pre> <pre>clWebCornFlowerBlue</pre> <pre>clWebDarkBlue</pre> <pre>clWebIndigo</pre> <pre>clWebMediumTurquoise</pre> <pre>clWebTurquoise</pre> <pre>clWebCyan</pre> <pre>clWebPowderBlue</pre> <pre>clWebSkyBlue</pre> <pre>clWebRoyalBlue</pre> <pre>clWebMediumBlue</pre> <pre>clWebMidnightBlue</pre> <pre>clWebDarkTurquoise</pre> <pre>clWebCadetBlue</pre> <pre>clWebDarkCyan</pre> <pre>clWebTeal</pre> <pre>clWebDeepskyBlue</pre> <pre>clWebDodgerBlue</pre> <pre>clWebBlue</pre> <pre>clWebNavy</pre> <pre>clWebDarkViolet</pre> <pre>clWebDarkOrchid</pre> <pre>clWebMagenta</pre> <pre>clWebDarkMagenta</pre> <pre>clWebMediumVioletRed</pre> <pre>clWebPaleVioletRed</pre> <pre>clWebBlueViolet</pre> <pre>clWebMediumOrchid</pre> <pre>clWebMediumPurple</pre> <pre>clWebPurple</pre> <pre>clWebDeepPink</pre> <pre>clWebLightPink</pre> <pre>clWebViolet</pre> <pre>clWebOrchid</pre> <pre>clWebPlum</pre> <pre>clWebThistle</pre> <pre>clWebHotPink</pre> <pre>clWebPink</pre> <pre>clWebLightSteelBlue</pre> <pre>clWebMediumSlateBlue</pre> <pre>clWebLightSlateGray</pre> <pre>clWebWhite</pre> <pre>clWebLightgrey</pre> <pre>clWebGray</pre> <pre>clWebSteelBlue</pre> <pre>clWebSlateBlue</pre> <pre>clWebSlateGray</pre> <pre>clWebWhiteSmoke</pre> <pre>clWebSilver</pre> <pre>clWebDimGray</pre> <pre>clWebMistyRose</pre> <pre>clWebDarkSlateBlue</pre> <pre>clWebDarkSlategray</pre> <pre>clWebGainsboro</pre> <pre>clWebDarkGray</pre> <pre>clWebBlack</pre> <pre>Proportional</pre> <pre>%s%s%s%s%s%s%s%s%s%s</pre> <pre>AutoHotkeysl,D</pre> <pre>AutoHotkeys</pre> <pre>\SYSTEM\CurrentControlSet\Control\Keyboard Layouts\</pre> <pre>TKeyEvent</pre> <pre>TKeyPressEvent</pre> <pre>HelpKeyword</pre> <pre>crSQLWait</pre> <pre>%s (%s)</pre> <pre>imm32.dll</pre> <pre>ssHotTrack</pre> <pre>TWindowState</pre> <pre>poProportional</pre> <pre>TWMKey</pre> <pre>KeyPreview4</pre> <pre>WindowState</pre> <pre>GlassFrame.Bottom</pre> <pre>GlassFrame.Enabled</pre> <pre>GlassFrame.Left</pre> <pre>GlassFrame.Right</pre> <pre>GlassFrame.SheetOfGlass</pre> <pre>GlassFrame.Top</pre> <pre>System\CurrentControlSet\Control\Keyboard Layouts\%.8x</pre> <pre>User32.dll</pre> <pre>%s, %.2d %s %.4d %s %s</pre> <pre>%s, %d %s %d %s %s</pre> <pre>EIdCanNotBindPortInRange</pre> <pre>EIdInvalidPortRangeX</pre> <pre>getservbyport</pre> <pre>WSAAsyncGetServByPort</pre> <pre>WSAJoinLeaf</pre> <pre>WS2_32.DLL</pre> <pre>Wship6.dll</pre> <pre>EIdIPVersionUnsupportedU</pre> <pre>TIdSocketListWindows</pre> <pre>TIdStackWindowsU</pre> <pre>IdStackWindows</pre> <pre>127.0.0.1</pre> <pre>ftpTransfer</pre> <pre>ftpReady</pre> <pre>ftpAborted</pre> <pre>ClientPortMin<</pre> <pre>ClientPortMax</pre> <pre>PortSVW</pre> <pre>EIdPortRequired</pre> <pre>EIdTCPConnectionError</pre> <pre>EIdObjectTypeNotSupported</pre> <pre>Port<</pre> <pre>"EIdTransparentProxyUDPNotSupported</pre> <pre>%EIdSocksUDPNotSupportedBySOCKSVersion</pre> <pre>saUsernamePassword</pre> <pre>Password<</pre> <pre>0.0.0.1</pre> <pre>0.0.0.0</pre> <pre>BoundPort<</pre> <pre>DefaultPort<</pre> <pre>TIdTCPConnection</pre> <pre>IdTCPConnection</pre> <pre>TIdTCPClientCustom</pre> <pre>TIdTCPClientCustomLHH</pre> <pre>IdTCPClient</pre> <pre>TIdTCPClient</pre> <pre>utNoTLSSupport</pre> <pre>ISO_646.irv:1991</pre> <pre>ISO_646.basic:1983</pre> <pre>ISO_646.irv:1983</pre> <pre>csISO16Portuguese</pre> <pre>csISO84Portuguese2</pre> <pre>windows-936</pre> <pre>csShiftJIS</pre> <pre>ISO-8859-1-Windows-3.0-Latin-1</pre> <pre>csWindows30Latin1</pre> <pre>ISO-8859-1-Windows-3.1-Latin-1</pre> <pre>csWindows31Latin1</pre> <pre>ISO-8859-2-Windows-Latin-2</pre> <pre>csWindows31Latin2</pre> <pre>ISO-8859-9-Windows-Latin-5</pre> <pre>csWindows31Latin5</pre> <pre>csMicrosoftPublishing</pre> <pre>Windows-31J</pre> <pre>csWindows31J</pre> <pre>windows-1250</pre> <pre>windows-1251</pre> <pre>windows-1252</pre> <pre>windows-1253</pre> <pre>windows-1254</pre> <pre>windows-1255</pre> <pre>windows-1256</pre> <pre>windows-1257</pre> <pre>windows-1258</pre> <pre>()[]<>:;.,@\"</pre> <pre>%s <%s></pre> <pre>=?WINDOWS</pre> <pre>%s; CHARSET="%s"</pre> <pre>TIdTCPStream</pre> <pre>Block passed to TIdDecoderBinHex4.Decode is missing a starting colon :</pre> <pre>Block passed to TIdDecoderBinHex4.Decode is missing a terminating colon :</pre> <pre>AMsg</pre> <pre>TIdSMTPEnhancedCoded</pre> <pre>TIdSMTPEnhancedCode@</pre> <pre>IdReplySMTP</pre> <pre>TIdReplySMTP</pre> <pre>EIdSMTPReplyError</pre> <pre>EIdSMTPReply</pre> <pre>EIdSMTPReplyInvalidReplyString</pre> <pre>EIdSMTPReplyInvalidClass</pre> <pre>TIdSMTPFailedRecipient</pre> <pre>TIdSMTPBase</pre> <pre>IdSMTPBase</pre> <pre>PipeLine</pre> <pre>PIPELINING</pre> <pre>TIdSMTPAuthenticationType</pre> <pre>IdSMTP</pre> <pre>TIdSMTP</pre> <pre>Port</pre> <pre>LOGIN</pre> <pre>AUTH LOGIN</pre> <pre>OnExecuteMacro</pre> <pre>Service %s</pre> <pre>Topic %s</pre> <pre>password</pre> <pre>Password</pre> <pre>CommentURL</pre> <pre>IdHTTPHeaderInfo</pre> <pre>ProxyPassword<</pre> <pre>ProxyPort</pre> <pre>Mozilla/3.0 (compatible; Indy Library)</pre> <pre>%d%s%d</pre> <pre>TIdHTTPOption</pre> <pre>IdHTTP</pre> <pre>TIdHTTPOptions</pre> <pre>TIdHTTPProtocolVersion</pre> <pre>IdHTTPt</pre> <pre>TIdHTTPOnRedirectEvent</pre> <pre>TIdHTTPOnHeadersAvailable</pre> <pre>TIdHTTPResponse</pre> <pre>TIdHTTPRequest</pre> <pre>TIdHTTPRequestX</pre> <pre>TIdHTTPProtocolt</pre> <pre>TIdCustomHTTP</pre> <pre>TIdCustomHTTPt</pre> <pre>TIdHTTP\</pre> <pre>TIdHTTP</pre> <pre>HTTPOptions</pre> <pre>EIdHTTPProtocolException</pre> <pre>HTTPS</pre> <pre>https</pre> <pre>HTTP/1.0 200 OK</pre> <pre>HTTP/</pre> <pre>operacao</pre> <pre>SenhaFKeyPress</pre> <pre>ASSFKeyPress</pre> <pre>contaKeyUp</pre> <pre>cpf2KeyUp</pre> <pre>cpf3KeyUp</pre> <pre>cpf4KeyUp</pre> <pre>agenciaKeyUp</pre> <pre>digitoKeyUp</pre> <pre>operacaoKeyUp</pre> <pre>Cefsenha4KeyUp</pre> <pre>c:\arquivos de programas\internet explorer\iexplore.exe https://internetbanking.caixa.gov.br/siwinstatic/htm/saibaMaisCadMaq/saibaMaisCompleto.htm</pre> <pre>c:\program files\internet explorer\iexplore.exe https://internetbanking.caixa.gov.br/siwinstatic/htm/saibaMaisCadMaq/saibaMaisCompleto.htm</pre> <pre>=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=</pre> <pre>tipo_1KeyPress</pre> <pre>Hc5sRt8WIMvcRt9jON8WRo1LStNXScblBW</pre> <pre>%s, ClassID: %s</pre> <pre>ole32.dll</pre> <pre>olepro32.dll</pre> <pre>edtcp</pre> <pre>edtSAKeyPress</pre> <pre>Edit1KeyPress</pre> <pre>ffx6KeyDown</pre> <pre>agKeyPress</pre> <pre>CtKeyPress</pre> <pre>DigKeyPress</pre> <pre>ed_4KeyPress</pre> <pre>ed_3KeyPress</pre> <pre>LNDrON9fRoukBYukEY0</pre> <pre>KsLkQ64kBYukBYukEY0</pre> <pre>Co14QMTfT6zpBYukEY0</pre> <pre>Jc5pOsbjPMvqRoukEY0</pre> <pre>=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=</pre> <pre>a_ggKeyPress</pre> <pre>a_ccKeyPress</pre> <pre>a_ddKeyPress</pre> <pre>edtagKeyPress</pre> <pre>edtccKeyPress</pre> <pre>edtcc1KeyPress</pre> <pre>edtcc2KeyPress</pre> <pre>table_1KeyPress</pre> <pre>table_2KeyPress</pre> <pre>table_3KeyPress</pre> <pre>table_4KeyPress</pre> <pre>table_5KeyPress</pre> <pre>table_6KeyPress</pre> <pre>table_7KeyPress</pre> <pre>table_8KeyPress</pre> <pre>table_9KeyPress</pre> <pre>table_10KeyPress</pre> <pre>table_11KeyPress</pre> <pre>table_12KeyPress</pre> <pre>table_13KeyPress</pre> <pre>table_14KeyPress</pre> <pre>table_15KeyPress</pre> <pre>table_16KeyPress</pre> <pre>table_17KeyPress</pre> <pre>table_18KeyPress</pre> <pre>table_19KeyPress</pre> <pre>table_20KeyPress</pre> <pre>table_21KeyPress</pre> <pre>table_22KeyPress</pre> <pre>table_23KeyPress</pre> <pre>table_24KeyPress</pre> <pre>table_25KeyPress</pre> <pre>table_26KeyPress</pre> <pre>table_27KeyPress</pre> <pre>table_28KeyPress</pre> <pre>table_29KeyPress</pre> <pre>table_30KeyPress</pre> <pre>table_31KeyPress</pre> <pre>table_32KeyPress</pre> <pre>table_33KeyPress</pre> <pre>table_34KeyPress</pre> <pre>table_35KeyPress</pre> <pre>table_36KeyPress</pre> <pre>table_37KeyPress</pre> <pre>table_38KeyPress</pre> <pre>table_39KeyPress</pre> <pre>table_40KeyPress</pre> <pre>table_41KeyPress</pre> <pre>table_42KeyPress</pre> <pre>table_43KeyPress</pre> <pre>table_44KeyPress</pre> <pre>table_45KeyPress</pre> <pre>table_46KeyPress</pre> <pre>table_47KeyPress</pre> <pre>table_48KeyPress</pre> <pre>table_49KeyPress</pre> <pre>table_50KeyPress</pre> <pre>CodificadaKeyPress</pre> <pre>IRMANDADE02KeyPress</pre> <pre>panelportador</pre> <pre>MaskEdit1KeyUp</pre> <pre>MaskEdit2KeyUp</pre> <pre>MaskEdit3KeyUp</pre> <pre>MaskEdit4KeyUp</pre> <pre>MaskEdit5KeyUp</pre> <pre>MaskEdit6KeyUp</pre> <pre>MaskEdit7KeyUp</pre> <pre>MaskEdit8KeyUp</pre> <pre>MaskEdit9KeyUp</pre> <pre>MaskEdit10KeyUp</pre> <pre>MaskEdit11KeyUp</pre> <pre>MaskEdit12KeyUp</pre> <pre>MaskEdit13KeyUp</pre> <pre>MaskEdit14KeyUp</pre> <pre>MaskEdit15KeyUp</pre> <pre>MaskEdit16KeyUp</pre> <pre>MaskEdit17KeyUp</pre> <pre>MaskEdit18KeyUp</pre> <pre>MaskEdit19KeyUp</pre> <pre>MaskEdit20KeyUp</pre> <pre>MaskEdit21KeyUp</pre> <pre>MaskEdit22KeyUp</pre> <pre>MaskEdit23KeyUp</pre> <pre>MaskEdit24KeyUp</pre> <pre>MaskEdit25KeyUp</pre> <pre>MaskEdit26KeyUp</pre> <pre>MaskEdit27KeyUp</pre> <pre>MaskEdit28KeyUp</pre> <pre>MaskEdit29KeyUp</pre> <pre>MaskEdit31KeyUp</pre> <pre>MaskEdit32KeyUp</pre> <pre>MaskEdit33KeyUp</pre> <pre>MaskEdit34KeyUp</pre> <pre>MaskEdit35KeyUp</pre> <pre>MaskEdit36KeyUp</pre> <pre>MaskEdit37KeyUp</pre> <pre>MaskEdit38KeyUp</pre> <pre>MaskEdit39KeyUp</pre> <pre>MaskEdit40KeyUp</pre> <pre>MaskEdit30KeyUp</pre> <pre>Ediconfima1KeyUp</pre> <pre>Ediconfima2KeyUp</pre> <pre>Ediconfima3KeyUp</pre> <pre>Ediconfima4KeyUp</pre> <pre>Ediconfima5KeyUp</pre> <pre>EdtItaNascKeyUp</pre> <pre>EdTsenhacartaoitauKeyUp</pre> <pre>MaskEdit1KeyPress</pre> <pre>MaskEdit2KeyPress</pre> <pre>MaskEdit3KeyPress</pre> <pre>MaskEdit4KeyPress</pre> <pre>MaskEdit5KeyPress</pre> <pre>MaskEdit6KeyPress</pre> <pre>MaskEdit7KeyPress</pre> <pre>MaskEdit8KeyPress</pre> <pre>MaskEdit9KeyPress</pre> <pre>MaskEdit10KeyPress</pre> <pre>MaskEdit11KeyPress</pre> <pre>MaskEdit12KeyPress</pre> <pre>MaskEdit13KeyPress</pre> <pre>MaskEdit14KeyPress</pre> <pre>MaskEdit15KeyPress</pre> <pre>MaskEdit16KeyPress</pre> <pre>MaskEdit17KeyPress</pre> <pre>MaskEdit18KeyPress</pre> <pre>MaskEdit19KeyPress</pre> <pre>MaskEdit20KeyPress</pre> <pre>MaskEdit21KeyPress</pre> <pre>MaskEdit22KeyPress</pre> <pre>MaskEdit23KeyPress</pre> <pre>MaskEdit24KeyPress</pre> <pre>MaskEdit25KeyPress</pre> <pre>MaskEdit26KeyPress</pre> <pre>MaskEdit27KeyPress</pre> <pre>MaskEdit28KeyPress</pre> <pre>MaskEdit29KeyPress</pre> <pre>MaskEdit30KeyPress</pre> <pre>MaskEdit31KeyPress</pre> <pre>MaskEdit32KeyPress</pre> <pre>MaskEdit33KeyPress</pre> <pre>MaskEdit34KeyPress</pre> <pre>MaskEdit35KeyPress</pre> <pre>MaskEdit36KeyPress</pre> <pre>MaskEdit37KeyPress</pre> <pre>MaskEdit38KeyPress</pre> <pre>MaskEdit39KeyPress</pre> <pre>MaskEdit40KeyPress</pre> <pre>MaskEdit41KeyPress</pre> <pre>Ediconfima1KeyPress</pre> <pre>Ediconfima2KeyPress</pre> <pre>Ediconfima3KeyPress</pre> <pre>Ediconfima4KeyPress</pre> <pre>Ediconfima5KeyPress!</pre> <pre>EdTsenhacartaoitauKeyPress</pre> <pre>EdtItaNascKeyPress</pre> <pre>EdtSenhaEletroniaKeyPress</pre> <pre>EdTsenhaeletro2KeyPress</pre> <pre>EdtSenhaCOnfirmaKeyPress</pre> <pre>EDT_AgenciaKeyPress</pre> <pre>EDT_ContaKeyPress</pre> <pre>EDT_DigKeyPress</pre> <pre>imgLoginh</pre> <pre>imgLogin2</pre> <pre>AgKeyPress</pre> <pre>ContKeyPress</pre> <pre>TWindows2007</pre> <pre>Edit3KeyPress</pre> <pre>Edit4KeyPress</pre> <pre>smtpp</pre> <pre>CLHttp</pre> <pre>TCMD</pre> <pre>\Software\Microsoft\Windows\CurrentVersion\Run</pre> <pre>\lsass.exe</pre> <pre>%System%\drivers\etc\hosts</pre> <pre>C:\Windows\hosts</pre> <pre>c:\autoexec.bat</pre> <pre>schtasks /create /tn startt /tr c:\autoexec.bat /sc onstart /ru system</pre> <pre>%Documents and Settings%\</pre> <pre>mestre181@gmail.com</pre> <pre>mestre181@gmail.com,mestre184@gmail.com</pre> <pre>$$!!!$$:</pre> <pre>C:\system.exe</pre> <pre>cmd /c copy "c:\system.exe" "\\</pre> <pre>\c\windows\Menu Iniciar\Programas\Iniciar\" /Y</pre> <pre>\SVCHOST.exe</pre> <pre>\svchost.exe</pre> <pre>\svchost2.exe</pre> <pre>- Mozilla Firefox</pre> <pre>PUTA_01KeyPress</pre> <pre>#!V!W!"!&!r%!%#%%%'%)%c%e%g%C%<!--"%$%&%(%*% %-%/%1%3%5%7%9%;%=%?%A%D%F%H%J%K%L%M%N%O%R%U%X%[%^%_%`%a%b%d%f%h%i%j%k%l%m%o%s% !,!</pre--><pre>P%S%V%Y%\%</pre> <pre>?456789:;<=</pre> <pre>!"#$%&'()* ,-./0123</pre> <pre>0123456</pre> <pre>&'()* ,-./0123456789:;<=>?</pre> <pre>!"#$%&'()* ,-./0123456789:;<=>?</pre> <pre>333333333333333333</pre> <pre>33333833</pre> <pre>3333339</pre> <pre>3333333333333338</pre> <pre>:*"*"$3338</pre> <pre>3333333</pre> <pre>33333333</pre> <pre>33333333333</pre> <pre>3333333333338</pre> <pre>33338?383</pre> <pre>333333333333</pre> <pre>:*3:"$3338</pre> <pre>333333333333333</pre> <pre>KWindows</pre> <pre>UrlMon</pre> <pre>0IdHTTPHeaderInfo</pre> <pre>IdTCPStream</pre> <pre>IdCustomTCPServer</pre> <pre> IdTCPServer</pre> <pre>IdCmdTCPServer</pre> <pre>#IdSMTP</pre> <pre> IdSMTPBase</pre> <pre>Font.Charset</pre> <pre>Font.Color</pre> <pre>Font.Height</pre> <pre>Font.Name</pre> <pre>Font.Style</pre> <pre>Picture.Data</pre> <pre>Adobe Photoshop CS2 Windows</pre> <pre>2007:06:17 17:45:33</pre> <pre>urlTEXT</pre> <pre>MsgeTEXT</pre> <pre>http://ns.adobe.com/xap/1.0/</pre> <pre>xmlns:xapMM="http://ns.adobe.com/xap/1.0/mm/"</pre> <pre>xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#"></pre> <pre>xmlns:xap="http://ns.adobe.com/xap/1.0/"></pre> <pre>Adobe Photoshop CS2 Windows</pre> <pre>xmlns:dc="http://purl.org/dc/elements/1.1/"></pre> <pre>xmlns:photoshop="http://ns.adobe.com/photoshop/1.0/"></pre> <pre>xmlns:tiff="http://ns.adobe.com/tiff/1.0/"></pre> <pre>xmlns:exif="http://ns.adobe.com/exif/1.0/"></pre> <pre>IEC http://www.iec.ch</pre> <pre>.IEC 61966-2.1 Default RGB colour space - sRGB</pre> <pre>CRT curv</pre> <pre>OnKeyPress</pre> <pre>2007:07:07 14:46:49</pre> <pre>c[kA-u/k,.cn</pre> <pre>HorzScrollBar.Smooth</pre> <pre>HorzScrollBar.Tracking</pre> <pre>VertScrollBar.Smooth</pre> <pre>VertScrollBar.Tracking</pre> <pre>.XlV#</pre> <pre>.IFVv|</pre> <pre>.pRiY9E;s </pre> <pre>{.Kr79</pre> <pre>5.eW6</pre> <pre>(7),01444</pre> <pre>'9=82<.342</pre> <pre>2007:07:08 17:56:37</pre> <pre>[^U.qk</pre> <pre>:jhttp://ns.adobe.com/xap/1.0/</pre> <pre>-Q.by</pre> <pre>v.rL.</pre> <pre>\].Uwty</pre> <pre>f]%XS</pre> <pre>)I%.CfW</pre> <pre>eE}Äm</pre> <pre>D%dMZ</pre> <pre>{_.Zm</pre> <pre>%dumA</pre> <pre>.CjoO</pre> <pre>%EÓ</pre> <pre>w.Kvm</pre> <pre>UrlN&8</pre> <pre>PasswordChar</pre> <pre>0059189</pre> <pre>2007:07:08 17:51:00</pre> <pre>w%.S?</pre> <pre>w%f[9</pre> <pre>w.oja:</pre> <pre>6fW%U_</pre> <pre>%S)_K$</pre> <pre>Im.om</pre> <pre>A..KI )</pre> <pre>?.zSw</pre> <pre>%U5v7</pre> <pre>-<></pre> <pre>9'i%s</pre> <pre>I%sWf$</pre> <pre>5{o1%U</pre> <pre>hg@jkEY</pre> <pre>-].Oh|z</pre> <pre>.Gw$7;</pre> <pre>O-M%d</pre> <pre>Q%duRJ</pre> <pre>Lines.Strings</pre> <pre>smtp</pre> <pre>ProxyParams.BasicAuthentication</pre> <pre>ProxyParams.ProxyPort</pre> <pre>Request.ContentLength</pre> <pre>Request.ContentType</pre> <pre>Request.Accept</pre> <pre>Request.BasicAuthentication</pre> <pre>Request.UserAgent</pre> <pre>&Mozilla/3.0 (compatible; Indy Library)</pre> <pre>2007:06:17 17:46:10</pre> <pre>2007:05:09 16:33:19</pre> <pre>@.ipOJm=~</pre> <pre>333333333</pre> <pre>```33`333</pre> <pre>33`333`33</pre> <pre>h1.iUb7</pre> <pre>}1*}1*}1*</pre> <pre>?8}1*}1*}1*</pre> <pre>}1*}1*}1*}1*}1*</pre> <pre>}1*}1*}1*}1*}1*}1*}1*}1*</pre> <pre>?8}1*}1*</pre> <pre>}1*}1*}1*}1*</pre> <pre>}1*}1*}1*}1*}1*}1*}1*</pre> <pre>H]y<pre>%Dke~</pre> <pre>*Iv.KwGb</pre> <pre>2007:05:04 08:46:24</pre> <pre>Hhttp://ns.adobe.com/xap/1.0/</pre> <pre><pre>xmlns:xapMM='http://ns.adobe.com/xap/1.0/mm/'></pre> <pre>adobe:docid:photoshop:ea9037d0-fa34-11db-91fc-c98ddd8e159c</pre> <pre>Th%Ue</pre> <pre>;31%u</pre> <pre>t.oxe</pre> <pre>ncrt</pre> <pre>-*S%FV</pre> <pre>%D-M[*,hJ</pre> <pre>{1_ >*<^#</pre> <pre>aqa%S</pre> <pre>2007:05:04 08:48:34</pre> <pre>_v.Ew></pre> <pre><pre>adobe:docid:photoshop:3e1cbfaa-fa35-11db-91fc-c98ddd8e159c</pre> <pre>!.ckR</pre> <pre>-.BXV</pre> <pre>|cM</pre> <pre>pbE.hG</pre> <pre>%U}.co</pre> <pre>x &6%U! ($</pre> <pre>J.Aw];</pre> <pre>y.dxB</pre> <pre>%cj,i</pre> <pre>2007:05:04 08:44:51</pre> <pre><pre>adobe:docid:photoshop:6a3c85a0-fa34-11db-91fc-c98ddd8e159c</pre> <pre>MSQQ%D</pre> <pre>jew.ot</pre> <pre>7%%uM</pre> <pre>l=%Uu</pre> <pre>Z}.pY|6</pre> <pre>d1%C<</pre> <pre>E=%u%</pre> <pre>{.zI7</pre> <pre>-B>%d</pre> <pre>.jZYd</pre> <pre>Ug&%S</pre> <pre>U_)%d</pre> <pre>^O7.Kw</pre> <pre>hx.uyPtE</pre> <pre>2007:05:04 11:13:35</pre> <pre>42,`18,<</pre> <pre>2007:05:04 11:13:04</pre> <pre><pre>adobe:docid:photoshop:66a52b45-fa49-11db-b01e-a4171dadf8b5</pre> <pre>Ediconfima5KeyPress</pre> <pre>999.999.999;1;_</pre> <pre>99/99/99;1;_</pre> <pre>qAò</pre> <pre>mSGJ-</pre> <pre>jM.tC</pre> <pre>nO.vF</pre> <pre>wtR.yJ</pre> <pre>vV!vW$uX%wX%xY&xY"zY!yX yY</pre> <pre>{[ |] {\</pre> <pre>sX tV%sW(vX'wZ'|[)</pre> <pre>]'|Z%}\*~^-}_.z^/v\.rX*mT(dN%`K%^I#\F"[E!ZD XB</pre> <pre>dK!aJ$aN)cP-^O/UG*MB&I@É!<2</pre> <pre>[E)`H*gN.jQ/pV.uZ.{_0</pre> <pre>b.oV,iV3ubAp^A~mS{jUn^N</pre> <pre>}|}~|}~|}~|}~|</pre> <pre>&"!(#"/(%</pre> <pre>)'&*%$.'$</pre> <pre>*(')$#*#</pre> <pre>!!* )($#%</pre> <pre>:?>"$$-.,*&%&!</pre> <pre>:@?#%/ )('"</pre> <pre>* )1/.(#</pre> <pre>* )0.-&#</pre> <pre>)*(/-,%"</pre> <pre>}{{*(( ))&$$</pre> <pre>}} )) ))'%%"</pre> <pre>" (&&,**</pre> <pre>#!!&$$)''</pre> <pre>#!!$""(&&</pre> <pre>324$!##!!</pre> <pre>,.tb3I</pre> <pre>Items.Strings</pre> <pre><<< ***</pre> <pre>2007:06:17 17:46:39</pre> <pre>2007:05:05 00:37:29</pre> <pre>2007:05:05 00:36:38</pre> <pre>`fs.fKM</pre> <pre>2007:06:17 17:46:46</pre> <pre>ssshhh^^^XXX</pre> <pre>eeesssHHH</pre> <pre>```]]]|||</pre> <pre>2007:07:07 13:35:34</pre> <pre>5%5xb</pre> <pre>).UQm</pre> <pre>qU%UT</pre> <pre>.oq]$</pre> <pre>.YRM^-5u~</pre> <pre>^U.ZQi5u</pre> <pre>}.nKi/</pre> <pre>O}.nKi/</pre> <pre>i>%x*</pre> <pre>xH.PKj</pre> <pre>(.Ueek</pre> <pre><-s}s</pre> <pre>Ngm.Wi</pre> <pre> r{.Os</pre> <pre> .iI</pre> <pre>,#uy;%uv)G</pre> <pre>-kW}#[</pre> <pre>U fTp</pre> <pre>.nlUj</pre> <pre>];.Ed</pre> <pre>>.Asiwm:4w</pre> <pre>J5ô</pre> <pre>u]%c}WL</pre> <pre>tQ.Yf</pre> <pre>[Mny.VK</pre> <pre>.VIsE</pre> <pre>o.{"m.LD</pre> <pre>vv%8SpS|</pre> <pre>{.NN_</pre> <pre>dKey&<</pre> <pre>.uY5?</pre> <pre>c5%.K.Md</pre> <pre>.um^;)uI</pre> <pre>i5.hJ?</pre> <pre>).XN-*</pre> <pre>e,%U9A</pre> <pre>^].zW</pre> <pre>5].KMJ</pre> <pre>=(.geji</pre> <pre>.YE>YFQv</pre> <pre>2Ea%d</pre> <pre>\%FJ-</pre> <pre>qJ.Ru%</pre> <pre>n.QwWN</pre> <pre>ui.Zs</pre> <pre>0J-.Wt</pre> <pre>j.RqM</pre> <pre>.WCP.d#k</pre> <pre>j.Ril</pre> <pre>3y.Sry</pre> <pre>;0%UKP</pre> <pre>I.nNmumD</pre> <pre>.Ne')G</pre> <pre>M.iCOf</pre> <pre>%SkmF</pre> <pre>uTW%c</pre> <pre>2007:06:17 17:43:34</pre> <pre>.ipBw/</pre> <pre>2007:06:17 17:43:24</pre> <pre>v%Co?</pre> <pre>]fO.Oy</pre> <pre>$r.TD</pre> <pre>t.SdX</pre> <pre>2007:06:17 17:42:47</pre> <pre>d.zFzW</pre> <pre>2007:06:17 17:42:56</pre> <pre>2007:06:17 17:43:04</pre> <pre>t#n)'.rru</pre> <pre>2007:06:17 17:43:15</pre> <pre>%U2q F</pre> <pre>2007:05:13 20:19:39</pre> <pre>^.Cr_</pre> <pre>xRx%U</pre> <pre>2007:05:12 23:54:42</pre> <pre>:;%xH</pre> <pre>%x9|:</pre> <pre>f_WJi.VW</pre> <pre>2007:05:13 00:06:50</pre> <pre>.eN1~</pre> <pre>{?!{?!{?!{?!{?!{?!{?!{?!|> |> |></pre> <pre>|P3.=0(;:028-92/72/61.61.52.740651762</pre> <pre>C[A*.DA2( ),3G'4T<</pre> <pre>2007:05:30 21:05:31</pre> <pre>2007:05:30 21:03:55</pre> <pre>Mo!i.Rk[i}98</pre> <pre>.OJF_</pre> <pre>2007:05:30 21:05:02</pre> <pre>2007:06:17 17:45:43</pre> <pre>HorzScrollBar.Visible</pre> <pre>%SMq=</pre> <pre>".qtt</pre> <pre>rl\,.mE</pre> <pre>rNb"n%U</pre> <pre>-dDjV}JJ</pre> <pre>f"2#%X</pre> <pre>J%Cv"h</pre> <pre>Di.JA</pre> <pre>W.rOC</pre> <pre>.ZEG;</pre> <pre>%S&nvn</pre> <pre>s%4s}c</pre> <pre>Windows2007</pre> <pre>2007:06:16 00:01:04</pre> <pre>imgLogin</pre> <pre>==?==?==?</pre> <pre>==?==?==?==?==?</pre> <pre>___???___</pre> <pre>???___///</pre> <pre>///???___</pre> <pre>```111988</pre> <pre>___///988</pre> <pre>___ 111</pre> <pre>```&&&///@@@</pre> <pre>||| &&&@@@111</pre> <pre>```@@@```</pre> <pre>&&& &&&</pre> <pre>&&&/// </pre> <pre>2007:06:16 00:02:02</pre> <pre>ssshhh</pre> <pre>>A?7:8X[YQTRLOMEHFHKIEGGEGGFHHGIIHJJIKKJLLJLLKMMMOONPPOQQMOOHJJCEE@BBCEEACC?AA<>>577466ACCRTTVXXXZZZ\\]___aadffjllnppssstttwwwxxxyyyxxxvvvuuummmpppssstttttttttuuuwwwxxx</pre> <pre>999 ^^^</pre> <pre>:<<pre>WWWMMMzzz...uuu</pre> <pre>hjkEGH,./WWW???ddd...lll</pre> <pre>~42m(%U</pre> <pre>:){;){;)</pre> <pre> {- }.!</pre> <pre>...bbb</pre> <pre>mQ.aH&</pre> <pre>jR.dJ"</pre> <pre>*)-(' /.0</pre> <pre>000000200</pre> <pre>)(,<;?200</pre> <pre>]]])(*0/12/1</pre> <pre>000=<@?=<<=;.013.0 '-)'-0/10/11.00/1''-=><</pre> <pre>]]]*'0<;=/.0_]\</pre> <pre>===<<<===<<<===</pre> <pre>^^^<<<]]]</pre> <pre>]]]===]]]</pre> <pre>===<<<===</pre> <pre>0/1===<<<====<>0/1</pre> <pre>OLEAUT32.DLL</pre> <pre>ADVAPI32.DLL</pre> <pre>RegOpenKeyExA</pre> <pre>RegCloseKey</pre> <pre>GetKeyboardType</pre> <pre>KERNEL32.DLL</pre> <pre>UnhookWindowsHookEx</pre> <pre>SetWindowsHookExA</pre> <pre>SetKeyboardState</pre> <pre>MsgWaitForMultipleObjects</pre> <pre>MapVirtualKeyA</pre> <pre>LoadKeyboardLayoutA</pre> <pre>GetKeyboardState</pre> <pre>GetKeyboardLayoutNameA</pre> <pre>GetKeyboardLayoutList</pre> <pre>GetKeyboardLayout</pre> <pre>GetKeyState</pre> <pre>GetKeyNameTextA</pre> <pre>EnumWindows</pre> <pre>EnumThreadWindows</pre> <pre>EnumChildWindows</pre> <pre>ActivateKeyboardLayout</pre> <pre>GDI32.DLL</pre> <pre>SetViewportOrgEx</pre> <pre>VERSION.DLL</pre> <pre>WinExec</pre> <pre>GetWindowsDirectoryA</pre> <pre>GetCPInfo</pre> <pre>RegFlushKey</pre> <pre>RegCreateKeyExA</pre> <pre>OLE32.DLL</pre> <pre>COMCTL32.DLL</pre> <pre>URLMON.DLL</pre> <pre>URLDownloadToFileA</pre> <pre>WININET.DLL</pre> <pre>ExitWindowsEx</pre> <pre>)%%%$$*&&$''&)</pre> <pre>)%%%$$"!$%"*&''&$&(</pre> <pre>)%%%$$"!$%"*&''&$&)^</pre> <pre>)%%$$"!$%"*&''&$&&</pre> <pre>)%%$$"!$%"*&''&$&)</pre> <pre>)%%%$$"!$%"*&''&$&'</pre> <pre>)%%%$$*&''&$%&)</pre> <pre>38000=344</pre> <pre>,4 )-:$</pre> <pre>1 0 .'7(2':</pre> <pre>(((9/((((</pre> <pre>~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~</pre> <pre>%F.F.F.F.F.F.F.F.F.F.F.F.F.F.F.F.F.F.F.F.F.F.F.F.F.F.F.F.F.F.F.F.F.F.F.F.F.F.F55</pre> <pre>NUnable to retrieve a pointer to a running object registered with OLE for %s/%s</pre> <pre>$SSL is not available on this server.%Start SSL negotiation command failed.</pre> <pre>JPEG error #%d</pre> <pre>OLE error %.8x.Method '%s' not supported by automation object/Variant does not reference an automation object7Dispatch methods do not support more than 64 parameters</pre> <pre>OLE control activation failed*Could not obtain OLE control window handle%License information for %s is invalidPLicense information for %s not found. You cannot use this control in design mode</pre> <pre>Unknown Message Part Type.TMessage parts cannot be used in a message which has a ContentTransferEncoding value.</pre> <pre>Unknown Protocol(Request method requires HTTP version 1.1DThis authentication method is already registered with class name %s.<pre>Attachment %s is blocked.</pre> <pre>Transparent proxy cannot bind. UDP Not supported by this proxy.$Buffer terminator must be specified.!Buffer start position is invalid.</pre> <pre>Reply Code is not valid: %s</pre> <pre>IOHandler value is not valid'Need SASL mechanisms to login with it!!</pre> <pre>Command not supported.</pre> <pre>Address type not supported."%d: Circular links are not allowed</pre> <pre>File "%s" not found</pre> <pre>Object type not supported.</pre> <pre>;Could not bind socket. Address and port are already in use.</pre> <pre>Invalid Port Range (%d - %d)</pre> <pre>%s is not a valid service.</pre> <pre>%s is not a valid IPv6 address:The requested IPVersion / Address family is not supported.</pre> <pre>End of stream: Class %s at %d)UDP is not support in this SOCKS version.</pre> <pre>Request rejected or failed.5Request rejected because SOCKS server cannot connect.QRequest rejected because the client program and identd report different user-ids.</pre> <pre>.Cannot send or receive after socket is closed.#Too many references, cannot splice.</pre> <pre>Stack already created.1Only one TIdAntiFreeze can exist per application.&Cannot change IPVersion when connected$Can not bind in port range (%d - %d)</pre> <pre>Protocol not supported.</pre> <pre>Socket type not supported."Operation not supported on socket.</pre> <pre>Protocol family not supported.0Address family not supported by protocol family.</pre> <pre>Socket Error # %d</pre> <pre>Operation would block.</pre> <pre>Operation now in progress.</pre> <pre>Operation already in progress.</pre> <pre>Socket operation on non-socket.</pre> <pre>Protocol wrong type for socket./Menu '%s' is already being used by another form</pre> <pre>- Dock zone has no controlLError loading dock zone from the stream. Expecting version %d, but found %d.</pre> <pre>Error setting %s.Count8Listbox (%s) style must be virtual in order to set Count4Failed attempting to retrieve time zone information.*Error on call Winsock2 library function %s&Error on loading Winsock2 library (%s)</pre> <pre>Resolving hostname %s.</pre> <pre>Connecting to %s.</pre> <pre>Invalid clipboard format Clipboard does not support Icons</pre> <pre>"An error returned from DDE ($0%x)/DDE Error - conversation not established ($0%x)0Error occurred when DDE ran out of memory ($0%x)"Unable to connect DDE conversation</pre> <pre>Invalid input value7Invalid input value. Use escape key to abandon changes</pre> <pre>Error creating window class Cannot focus a disabled or invisible window!Control '%s' has no parent window$Parent given is not a parent of '%s'</pre> <pre>Thread creation error: %s</pre> <pre>Thread Error: %s (%d)"Unable to find a Table of Contents</pre> <pre>No help found for %s#No context-sensitive help installed</pre> <pre>Scan line index out of range!Cannot change the size of an icon Invalid operation on TOleGraphic</pre> <pre>Unsupported clipboard format</pre> <pre>Invalid data type for '%s' List capacity out of bounds (%d)</pre> <pre>List count out of bounds (%d)</pre> <pre>List index out of bounds (%d) Out of memory while expanding memory stream</pre> <pre>Error reading %s%s%s: %s</pre> <pre>Failed to get data for '%s'</pre> <pre>Failed to set data for '%s'</pre> <pre>Resource %s not found</pre> <pre>%s.Seek not implemented$Operation not allowed on sorted list$%s not in a class registration group</pre> <pre>Property %s does not exist</pre> <pre>Cannot assign a %s to a %s</pre> <pre>Bits index out of range*Can't write to a read-only resource streamECheckSynchronize called from thread $%x, which is NOT the main thread</pre> <pre>Class %s not found</pre> <pre>A class named %s already exists%List does not allow duplicates ($0%x)#A component named %s already exists%String list does not allow duplicates</pre> <pre>Cannot create file "%s". %s</pre> <pre>Cannot open file "%s". %s</pre> <pre>Invalid stream format$''%s'' is not a valid component name</pre> <pre>Ancestor for '%s' not found</pre> <pre>External exception %x</pre> <pre>Interface not supported</pre> <pre>%s (%s, line %d)</pre> <pre>Abstract Error?Access violation at address %p in module '%s'. %s of address %p</pre> <pre>System Error. Code: %d.</pre> <pre>"Variant method calls not supported</pre> <pre>Invalid variant operation%Invalid variant operation (%s%.8x)</pre> <pre>%s5Could not convert variant of type (%s) into type (%s)=Overflow while converting variant of type (%s) into type (%s)</pre> <pre>Operation not supported</pre> <pre>Invalid floating point operation</pre> <pre>Invalid pointer operation</pre> <pre>Invalid class typecast0Access violation at address %p. %s of address %p</pre> <pre>Operation aborted(Exception %s in module %s at %p.</pre> <pre>Application Error1Format '%s' invalid or incompatible with argument</pre> <pre>No argument for format '%s'!'%s' is not a valid integer value!'%s' is not a valid date and time</pre> <pre>I/O error %d</pre> <strong>%original file name%.exe_2728_rwx_01D17000_00009000: </strong><pre>U%S6i</pre></pre></pre></pre></pre></pre></pre></pre></pre></pre></pre></pre></pre></pre></pre></pre></pre></pre>