HEUR:Trojan.Win32.Generic (Kaspersky), Trojan.Generic.371304 (B) (Emsisoft), Trojan.Generic.371304 (AdAware), Trojan-Banker.Win32.Banker.FD, Trojan.Win32.Delphi.FD, Trojan.Win32.Iconomon.FD, Trojan.Win32.Sasfis.FD, VirTool.Win32.DelfInject.FD, BankerGeneric.YR (Lavasoft MAS) Behaviour: Banker, Trojan, VirTool
The description has been automatically generated by Lavasoft Malware Analysis System and it may contain incomplete or inaccurate information.
The description has been automatically generated by Lavasoft Malware Analysis System and it may contain incomplete or inaccurate information.
Summary
MD5: bf02b4d4768f157d32c053d7422cf264
SHA1: 1cb58510c2ae4ea6818f0e2ba20656811c857cbf
SHA256: 147226bdc0a1e53af1fc2eaec99b8126c66e6167a732a115c1b9ca0154879a15
SSDeep: 49152:3heSevC2OQCPyHyAnsbEE3Adym0gZviU8JYJGuiGEnqJ9ep8wjIkUtIDQ18/gJ:mvC5Q8ylssyemYdMnw9wFEp /Y
Size: 2913457 bytes
File type: EXE
Platform: WIN32
Entropy: Packed
PEID: UpackV03X, PolyEnE001byLennartHedlund, UPolyXv05_v6
Company: no certificate found
Created at: 1970-01-01 04:08:16
Analyzed on: WindowsXP SP3 32-bit
Summary: Banker. Steals data relating to online banking systems, e-payment systems and credit card systems.
Dynamic Analysis
Payload
No specific payload has been found.
Process activity
The Trojan-Banker creates the following process(es):
net.exe:544
schtasks.exe:3632
The Trojan-Banker injects its code into the following process(es):
%original file name%.exe:2728
File activity
The process schtasks.exe:3632 makes changes in the file system.
The Trojan-Banker creates and/or writes to the following file(s):
%WinDir%\Tasks\startt.job (188 bytes)
The process %original file name%.exe:2728 makes changes in the file system.
The Trojan-Banker creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\desktop.ini (67 bytes)
C:\system.exe (21387 bytes)
%System%\drivers\etc\hosts (18760 bytes)
C:\autoexec.bat (1688 bytes)
C:\net.bat (51 bytes)
%WinDir%\hosts (18760 bytes)
The Trojan-Banker deletes the following file(s):
C:\AUTOEXEC.BAT (0 bytes)
%System%\drivers\etc\hosts (0 bytes)
Registry activity
The process net.exe:544 makes changes in the system registry.
The Trojan-Banker creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "B4 D6 F2 86 AB 9E 9C EC 04 46 0F A6 7F 00 9E 71"
The process schtasks.exe:3632 makes changes in the system registry.
The Trojan-Banker creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "40 F7 7F 00 B4 EB AE BA D4 99 76 00 72 2D 07 A8"
The process %original file name%.exe:2728 makes changes in the system registry.
The Trojan-Banker creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "A3 51 8E 39 D0 1E 10 56 CD 9A C9 86 FB E6 12 F8"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"
"History" = "%Documents and Settings%\%current user%\Local Settings\History"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "46 00 00 00 41 00 00 00 01 00 00 00 00 00 00 00"
To automatically run itself each time Windows is booted, the Trojan-Banker adds the following link to its file to the system registry autorun key:
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
" " = "%WinDir%\lsass.exe"
Proxy settings are disabled:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"
The Trojan-Banker deletes the following value(s) in system registry:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"
"ProxyServer"
"ProxyOverride"
Dropped PE files
There are no dropped PE files.
HOSTS file anomalies
The Trojan-Banker modifies "%System%\drivers\etc\hosts" file which is used to translate DNS entries to IP addresses. The modified file is 5492 bytes in size. The following strings are added to the hosts file listed below:
127.0.0.1 | 204.2.240.24 |
127.0.0.1 | 204.2.240.27 |
127.0.0.1 | 193.86.103.18 |
127.0.0.1 | grisoft.cz |
127.0.0.1 | update.grisoft.cz |
127.0.0.1 | backup.grisoft.cz |
127.0.0.1 | 212.67.88.66 |
127.0.0.1 | backup.grisoft.com |
127.0.0.1 | 212.67.88.83 |
127.0.0.1 | guru.grisoft.com |
127.0.0.1 | guru0.grisoft.cz |
127.0.0.1 | guru1.grisoft.cz |
127.0.0.1 | guru2.grisoft.cz |
127.0.0.1 | guru3.grisoft.cz |
127.0.0.1 | guru4.grisoft.cz |
127.0.0.1 | guru5.grisoft.cz |
127.0.0.1 | 193.86.3.38 |
127.0.0.1 | 193.86.3.36 |
127.0.0.1 | 193.86.3.37 |
127.0.0.1 | 193.86.3.34 |
127.0.0.1 | 193.86.3.36 |
127.0.0.1 | 193.86.3.37 |
127.0.0.1 | 193.86.3.38 |
127.0.0.1 | 212.96.161.241 |
127.0.0.1 | 62.40.67.74 |
127.0.0.1 | 209.62.112.146 |
127.0.0.1 | 67.15.0.83 |
127.0.0.1 | 74.52.154.2 |
127.0.0.1 | 74.53.76.50 |
127.0.0.1 | avast.com |
127.0.0.1 | download.avast.com |
127.0.0.1 | download1.avast.com |
127.0.0.1 | download2.avast.com |
127.0.0.1 | download3.avast.com |
127.0.0.1 | download4.avast.com |
127.0.0.1 | download5.avast.com |
127.0.0.1 | download6.avast.com |
127.0.0.1 | download7.avast.com |
127.0.0.1 | download8.avast.com |
127.0.0.1 | download9.avast.com |
127.0.0.1 | download10.avast.com |
127.0.0.1 | download11.avast.com |
127.0.0.1 | download12.avast.com |
127.0.0.1 | download13.avast.com |
127.0.0.1 | download14.avast.com |
127.0.0.1 | download15.avast.com |
127.0.0.1 | download16.avast.com |
127.0.0.1 | download17.avast.com |
127.0.0.1 | download18.avast.com |
127.0.0.1 | download19.avast.com |
127.0.0.1 | download20.avast.com |
127.0.0.1 | download21.avast.com |
127.0.0.1 | download22.avast.com |
127.0.0.1 | download23.avast.com |
127.0.0.1 | download24.avast.com |
127.0.0.1 | download25.avast.com |
127.0.0.1 | download26.avast.com |
127.0.0.1 | download27.avast.com |
127.0.0.1 | download28.avast.com |
127.0.0.1 | download29.avast.com |
127.0.0.1 | download30.avast.com |
127.0.0.1 | download31.avast.com |
127.0.0.1 | download32.avast.com |
127.0.0.1 | download33.avast.com |
127.0.0.1 | download34.avast.com |
127.0.0.1 | download35.avast.com |
127.0.0.1 | download36.avast.com |
127.0.0.1 | download37.avast.com |
127.0.0.1 | download38.avast.com |
127.0.0.1 | download39.avast.com |
127.0.0.1 | download40.avast.com |
127.0.0.1 | download41.avast.com |
127.0.0.1 | download42.avast.com |
127.0.0.1 | download43.avast.com |
127.0.0.1 | download44.avast.com |
127.0.0.1 | download45.avast.com |
127.0.0.1 | download46.avast.com |
127.0.0.1 | download47.avast.com |
127.0.0.1 | download48.avast.com |
127.0.0.1 | download49.avast.com |
127.0.0.1 | download50.avast.com |
127.0.0.1 | download51.avast.com |
127.0.0.1 | download52.avast.com |
127.0.0.1 | download53.avast.com |
127.0.0.1 | download54.avast.com |
127.0.0.1 | download55.avast.com |
127.0.0.1 | download56.avast.com |
127.0.0.1 | download57.avast.com |
127.0.0.1 | download58.avast.com |
127.0.0.1 | download59.avast.com |
127.0.0.1 | download60.avast.com |
127.0.0.1 | download61.avast.com |
127.0.0.1 | download62.avast.com |
127.0.0.1 | download63.avast.com |
127.0.0.1 | download64.avast.com |
127.0.0.1 | download65.avast.com |
127.0.0.1 | download66.avast.com |
127.0.0.1 | download67.avast.com |
127.0.0.1 | download68.avast.com |
127.0.0.1 | download69.avast.com |
127.0.0.1 | download70.avast.com |
127.0.0.1 | download71.avast.com |
127.0.0.1 | download72.avast.com |
127.0.0.1 | download73.avast.com |
127.0.0.1 | download74.avast.com |
127.0.0.1 | download75.avast.com |
127.0.0.1 | download76.avast.com |
127.0.0.1 | download77.avast.com |
127.0.0.1 | download78.avast.com |
127.0.0.1 | download79.avast.com |
127.0.0.1 | download80.avast.com |
127.0.0.1 | download81.avast.com |
127.0.0.1 | download82.avast.com |
127.0.0.1 | download83.avast.com |
127.0.0.1 | download84.avast.com |
127.0.0.1 | download85.avast.com |
127.0.0.1 | download86.avast.com |
127.0.0.1 | download87.avast.com |
127.0.0.1 | download88.avast.com |
127.0.0.1 | download89.avast.com |
127.0.0.1 | download90.avast.com |
127.0.0.1 | download91.avast.com |
127.0.0.1 | download92.avast.com |
127.0.0.1 | download93.avast.com |
127.0.0.1 | download94.avast.com |
127.0.0.1 | download95.avast.com |
127.0.0.1 | download96.avast.com |
127.0.0.1 | download97.avast.com |
127.0.0.1 | download98.avast.com |
127.0.0.1 | download99.avast.com |
127.0.0.1 | download100.avast.com |
127.0.0.1 | download101.avast.com |
127.0.0.1 | download102.avast.com |
127.0.0.1 | download103.avast.com |
127.0.0.1 | download104.avast.com |
127.0.0.1 | download105.avast.com |
127.0.0.1 | download106.avast.com |
127.0.0.1 | download107.avast.com |
127.0.0.1 | download108.avast.com |
127.0.0.1 | download109.avast.com |
127.0.0.1 | download110.avast.com |
127.0.0.1 | download200.avast.com |
127.0.0.1 | download201.avast.com |
127.0.0.1 | download202.avast.com |
127.0.0.1 | download203.avast.com |
127.0.0.1 | download204.avast.com |
127.0.0.1 | download205.avast.com |
127.0.0.1 | download206.avast.com |
127.0.0.1 | download207.avast.com |
127.0.0.1 | download208.avast.com |
127.0.0.1 | download209.avast.com |
127.0.0.1 | download210.avast.com |
127.0.0.1 | download211.avast.com |
127.0.0.1 | download212.avast.com |
127.0.0.1 | download213.avast.com |
127.0.0.1 | download214.avast.com |
127.0.0.1 | download900.avast.com |
127.0.0.1 | download901.avast.com |
127.0.0.1 | download902.avast.com |
127.0.0.1 | download903.avast.com |
127.0.0.1 | download904.avast.com |
127.0.0.1 | download905.avast.com |
127.0.0.1 | download906.avast.com |
127.0.0.1 | download907.avast.com |
127.0.0.1 | download908.avast.com |
127.0.0.1 | download909.avast.com |
127.0.0.1 | download910.avast.com |
127.0.0.1 | download911.avast.com |
127.0.0.1 | download912.avast.com |
127.0.0.1 | download913.avast.com |
127.0.0.1 | download914.avast.com |
127.0.0.1 | download915.avast.com |
127.0.0.1 | download916.avast.com |
127.0.0.1 | download917.avast.com |
127.0.0.1 | download918.avast.com |
127.0.0.1 | download919.avast.com |
127.0.0.1 | download920.avast.com |
Rootkit activity
No anomalies have been detected.
Propagation
Removals
Remove it with Ad-Aware
- Click (here) to download and install Ad-Aware Free Antivirus.
- Update the definition files.
- Run a full scan of your computer.
Manual removal*
- Terminate malicious process(es) (How to End a Process With the Task Manager):
net.exe:544
schtasks.exe:3632 - Delete the original Trojan-Banker file.
- Delete or disinfect the following files created/modified by the Trojan-Banker:
%WinDir%\Tasks\startt.job (188 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\desktop.ini (67 bytes)
C:\system.exe (21387 bytes)
%System%\drivers\etc\hosts (18760 bytes)
C:\autoexec.bat (1688 bytes)
C:\net.bat (51 bytes)
%WinDir%\hosts (18760 bytes) - Delete the following value(s) in the autorun key (How to Work with System Registry):
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
" " = "%WinDir%\lsass.exe" - Restore the original content of the HOSTS file (%System%\drivers\etc\hosts): 127.0.0.1 localhost
- Clean the Temporary Internet Files folder, which may contain infected files (How to clean Temporary Internet Files folder).
- Reboot the computer.
Static Analysis
VersionInfo
No information is available.
No information is available.
PE Sections
Name | Virtual Address | Virtual Size | Raw Size | Entropy | Section MD5 |
---|---|---|---|---|---|
.Upack | 4096 | 23396352 | 0 | 0 | d41d8cd98f00b204e9800998ecf8427e |
.rsrc | 23400448 | 2945024 | 2912945 | 5.54501 | 695334ce8a07507ac9eeffda312ad7ad |
Dropped from:
Downloaded by:
Similar by SSDeep:
Similar by Lavasoft Polymorphic Checker:
Network Activity
URLs
URL | IP |
---|---|
alt2.gmail-smtp-in.l.google.com | 173.194.65.27 |
IDS verdicts (Suricata alerts: Emerging Threats ET ruleset)
Traffic
Map
Strings from Dumps
MZKERNEL32.DLL
MZKERNEL32.DLL
.Upack
.Upack
.rsrc
.rsrc
kernel32.dll
kernel32.dll
Windows
Windows
MSWHEEL_ROLLMSG
MSWHEEL_ROLLMSG
MSH_WHEELSUPPORT_MSG
MSH_WHEELSUPPORT_MSG
MSH_SCROLL_LINES_MSG
MSH_SCROLL_LINES_MSG
$*@@@*$@@@$ *@@* $@@($*)@-$*@@$-*@@$*-@@(*$)@-*$@@*-$@@*$-@@-* $@-$ *@* $-@$ *-@$ -*@*- $@($ *)(* $)
$*@@@*$@@@$ *@@* $@@($*)@-$*@@$-*@@$*-@@(*$)@-*$@@*-$@@*$-@@-* $@-$ *@* $-@$ *-@$ -*@*- $@($ *)(* $)
oleaut32.dll
oleaut32.dll
EVariantBadIndexError
EVariantBadIndexError
ssShift
ssShift
htKeyword
htKeyword
EInvalidOperation
EInvalidOperation
%s[%d]
%s[%d]
%s_%d
%s_%d
USER32.DLL
USER32.DLL
comctl32.dll
comctl32.dll
TaskDialogIndirect
TaskDialogIndirect
EInvalidGraphicOperation
EInvalidGraphicOperation
SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes
SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes
uxtheme.dll
uxtheme.dll
DWMAPI.DLL
DWMAPI.DLL
PasswordCharT6D
PasswordCharT6D
OnKeyDown
OnKeyDown
OnKeyPressl
OnKeyPressl
OnKeyUp
OnKeyUp
ssHorizontal
ssHorizontal
OnKeyUpP
OnKeyUpP
clWebSnow
clWebSnow
clWebFloralWhite
clWebFloralWhite
clWebLavenderBlush
clWebLavenderBlush
clWebOldLace
clWebOldLace
clWebIvory
clWebIvory
clWebCornSilk
clWebCornSilk
clWebBeige
clWebBeige
clWebAntiqueWhite
clWebAntiqueWhite
clWebWheat
clWebWheat
clWebAliceBlue
clWebAliceBlue
clWebGhostWhite
clWebGhostWhite
clWebLavender
clWebLavender
clWebSeashell
clWebSeashell
clWebLightYellow
clWebLightYellow
clWebPapayaWhip
clWebPapayaWhip
clWebNavajoWhite
clWebNavajoWhite
clWebMoccasin
clWebMoccasin
clWebBurlywood
clWebBurlywood
clWebAzure
clWebAzure
clWebMintcream
clWebMintcream
clWebHoneydew
clWebHoneydew
clWebLinen
clWebLinen
clWebLemonChiffon
clWebLemonChiffon
clWebBlanchedAlmond
clWebBlanchedAlmond
clWebBisque
clWebBisque
clWebPeachPuff
clWebPeachPuff
clWebTan
clWebTan
clWebYellow
clWebYellow
clWebDarkOrange
clWebDarkOrange
clWebRed
clWebRed
clWebDarkRed
clWebDarkRed
clWebMaroon
clWebMaroon
clWebIndianRed
clWebIndianRed
clWebSalmon
clWebSalmon
clWebCoral
clWebCoral
clWebGold
clWebGold
clWebTomato
clWebTomato
clWebCrimson
clWebCrimson
clWebBrown
clWebBrown
clWebChocolate
clWebChocolate
clWebSandyBrown
clWebSandyBrown
clWebLightSalmon
clWebLightSalmon
clWebLightCoral
clWebLightCoral
clWebOrange
clWebOrange
clWebOrangeRed
clWebOrangeRed
clWebFirebrick
clWebFirebrick
clWebSaddleBrown
clWebSaddleBrown
clWebSienna
clWebSienna
clWebPeru
clWebPeru
clWebDarkSalmon
clWebDarkSalmon
clWebRosyBrown
clWebRosyBrown
clWebPaleGoldenrod
clWebPaleGoldenrod
clWebLightGoldenrodYellow
clWebLightGoldenrodYellow
clWebOlive
clWebOlive
clWebForestGreen
clWebForestGreen
clWebGreenYellow
clWebGreenYellow
clWebChartreuse
clWebChartreuse
clWebLightGreen
clWebLightGreen
clWebAquamarine
clWebAquamarine
clWebSeaGreen
clWebSeaGreen
clWebGoldenRod
clWebGoldenRod
clWebKhaki
clWebKhaki
clWebOliveDrab
clWebOliveDrab
clWebGreen
clWebGreen
clWebYellowGreen
clWebYellowGreen
clWebLawnGreen
clWebLawnGreen
clWebPaleGreen
clWebPaleGreen
clWebMediumAquamarine
clWebMediumAquamarine
clWebMediumSeaGreen
clWebMediumSeaGreen
clWebDarkGoldenRod
clWebDarkGoldenRod
clWebDarkKhaki
clWebDarkKhaki
clWebDarkOliveGreen
clWebDarkOliveGreen
clWebDarkgreen
clWebDarkgreen
clWebLimeGreen
clWebLimeGreen
clWebLime
clWebLime
clWebSpringGreen
clWebSpringGreen
clWebMediumSpringGreen
clWebMediumSpringGreen
clWebDarkSeaGreen
clWebDarkSeaGreen
clWebLightSeaGreen
clWebLightSeaGreen
clWebPaleTurquoise
clWebPaleTurquoise
clWebLightCyan
clWebLightCyan
clWebLightBlue
clWebLightBlue
clWebLightSkyBlue
clWebLightSkyBlue
clWebCornFlowerBlue
clWebCornFlowerBlue
clWebDarkBlue
clWebDarkBlue
clWebIndigo
clWebIndigo
clWebMediumTurquoise
clWebMediumTurquoise
clWebTurquoise
clWebTurquoise
clWebCyan
clWebCyan
clWebPowderBlue
clWebPowderBlue
clWebSkyBlue
clWebSkyBlue
clWebRoyalBlue
clWebRoyalBlue
clWebMediumBlue
clWebMediumBlue
clWebMidnightBlue
clWebMidnightBlue
clWebDarkTurquoise
clWebDarkTurquoise
clWebCadetBlue
clWebCadetBlue
clWebDarkCyan
clWebDarkCyan
clWebTeal
clWebTeal
clWebDeepskyBlue
clWebDeepskyBlue
clWebDodgerBlue
clWebDodgerBlue
clWebBlue
clWebBlue
clWebNavy
clWebNavy
clWebDarkViolet
clWebDarkViolet
clWebDarkOrchid
clWebDarkOrchid
clWebMagenta
clWebMagenta
clWebDarkMagenta
clWebDarkMagenta
clWebMediumVioletRed
clWebMediumVioletRed
clWebPaleVioletRed
clWebPaleVioletRed
clWebBlueViolet
clWebBlueViolet
clWebMediumOrchid
clWebMediumOrchid
clWebMediumPurple
clWebMediumPurple
clWebPurple
clWebPurple
clWebDeepPink
clWebDeepPink
clWebLightPink
clWebLightPink
clWebViolet
clWebViolet
clWebOrchid
clWebOrchid
clWebPlum
clWebPlum
clWebThistle
clWebThistle
clWebHotPink
clWebHotPink
clWebPink
clWebPink
clWebLightSteelBlue
clWebLightSteelBlue
clWebMediumSlateBlue
clWebMediumSlateBlue
clWebLightSlateGray
clWebLightSlateGray
clWebWhite
clWebWhite
clWebLightgrey
clWebLightgrey
clWebGray
clWebGray
clWebSteelBlue
clWebSteelBlue
clWebSlateBlue
clWebSlateBlue
clWebSlateGray
clWebSlateGray
clWebWhiteSmoke
clWebWhiteSmoke
clWebSilver
clWebSilver
clWebDimGray
clWebDimGray
clWebMistyRose
clWebMistyRose
clWebDarkSlateBlue
clWebDarkSlateBlue
clWebDarkSlategray
clWebDarkSlategray
clWebGainsboro
clWebGainsboro
clWebDarkGray
clWebDarkGray
clWebBlack
clWebBlack
Proportional
Proportional
%s%s%s%s%s%s%s%s%s%s
%s%s%s%s%s%s%s%s%s%s
AutoHotkeysl,D
AutoHotkeysl,D
AutoHotkeys
AutoHotkeys
\SYSTEM\CurrentControlSet\Control\Keyboard Layouts\
\SYSTEM\CurrentControlSet\Control\Keyboard Layouts\
TKeyEvent
TKeyEvent
TKeyPressEvent
TKeyPressEvent
HelpKeyword
HelpKeyword
crSQLWait
crSQLWait
%s (%s)
%s (%s)
imm32.dll
imm32.dll
ssHotTrack
ssHotTrack
TWindowState
TWindowState
poProportional
poProportional
TWMKey
TWMKey
KeyPreview4
KeyPreview4
WindowState
WindowState
GlassFrame.Bottom
GlassFrame.Bottom
GlassFrame.Enabled
GlassFrame.Enabled
GlassFrame.Left
GlassFrame.Left
GlassFrame.Right
GlassFrame.Right
GlassFrame.SheetOfGlass
GlassFrame.SheetOfGlass
GlassFrame.Top
GlassFrame.Top
System\CurrentControlSet\Control\Keyboard Layouts\%.8x
System\CurrentControlSet\Control\Keyboard Layouts\%.8x
User32.dll
User32.dll
%s, %.2d %s %.4d %s %s
%s, %.2d %s %.4d %s %s
%s, %d %s %d %s %s
%s, %d %s %d %s %s
EIdCanNotBindPortInRange
EIdCanNotBindPortInRange
EIdInvalidPortRangeX
EIdInvalidPortRangeX
getservbyport
getservbyport
WSAAsyncGetServByPort
WSAAsyncGetServByPort
WSAJoinLeaf
WSAJoinLeaf
WS2_32.DLL
WS2_32.DLL
Wship6.dll
Wship6.dll
EIdIPVersionUnsupportedU
EIdIPVersionUnsupportedU
TIdSocketListWindows
TIdSocketListWindows
TIdStackWindowsU
TIdStackWindowsU
IdStackWindows
IdStackWindows
127.0.0.1
127.0.0.1
ftpTransfer
ftpTransfer
ftpReady
ftpReady
ftpAborted
ftpAborted
ClientPortMin<
ClientPortMin<
ClientPortMax
ClientPortMax
PortSVW
PortSVW
EIdPortRequired
EIdPortRequired
EIdTCPConnectionError
EIdTCPConnectionError
EIdObjectTypeNotSupported
EIdObjectTypeNotSupported
Port<
Port<
"EIdTransparentProxyUDPNotSupported
"EIdTransparentProxyUDPNotSupported
%EIdSocksUDPNotSupportedBySOCKSVersion
%EIdSocksUDPNotSupportedBySOCKSVersion
saUsernamePassword
saUsernamePassword
Password<
Password<
0.0.0.1
0.0.0.1
0.0.0.0
0.0.0.0
BoundPort<
BoundPort<
DefaultPort<
DefaultPort<
TIdTCPConnection
TIdTCPConnection
IdTCPConnection
IdTCPConnection
TIdTCPClientCustom
TIdTCPClientCustom
TIdTCPClientCustomLHH
TIdTCPClientCustomLHH
IdTCPClient
IdTCPClient
TIdTCPClient
TIdTCPClient
utNoTLSSupport
utNoTLSSupport
ISO_646.irv:1991
ISO_646.irv:1991
ISO_646.basic:1983
ISO_646.basic:1983
ISO_646.irv:1983
ISO_646.irv:1983
csISO16Portuguese
csISO16Portuguese
csISO84Portuguese2
csISO84Portuguese2
windows-936
windows-936
csShiftJIS
csShiftJIS
ISO-8859-1-Windows-3.0-Latin-1
ISO-8859-1-Windows-3.0-Latin-1
csWindows30Latin1
csWindows30Latin1
ISO-8859-1-Windows-3.1-Latin-1
ISO-8859-1-Windows-3.1-Latin-1
csWindows31Latin1
csWindows31Latin1
ISO-8859-2-Windows-Latin-2
ISO-8859-2-Windows-Latin-2
csWindows31Latin2
csWindows31Latin2
ISO-8859-9-Windows-Latin-5
ISO-8859-9-Windows-Latin-5
csWindows31Latin5
csWindows31Latin5
csMicrosoftPublishing
csMicrosoftPublishing
Windows-31J
Windows-31J
csWindows31J
csWindows31J
windows-1250
windows-1250
windows-1251
windows-1251
windows-1252
windows-1252
windows-1253
windows-1253
windows-1254
windows-1254
windows-1255
windows-1255
windows-1256
windows-1256
windows-1257
windows-1257
windows-1258
windows-1258
()[]<>:;.,@\"
()[]<>:;.,@\"
%s <%s>
%s <%s>
=?WINDOWS
=?WINDOWS
%s; CHARSET="%s"
%s; CHARSET="%s"
TIdTCPStream
TIdTCPStream
Block passed to TIdDecoderBinHex4.Decode is missing a starting colon :
Block passed to TIdDecoderBinHex4.Decode is missing a starting colon :
Block passed to TIdDecoderBinHex4.Decode is missing a terminating colon :
Block passed to TIdDecoderBinHex4.Decode is missing a terminating colon :
AMsg
AMsg
TIdSMTPEnhancedCoded
TIdSMTPEnhancedCoded
TIdSMTPEnhancedCode@
TIdSMTPEnhancedCode@
IdReplySMTP
IdReplySMTP
TIdReplySMTP
TIdReplySMTP
EIdSMTPReplyError
EIdSMTPReplyError
EIdSMTPReply
EIdSMTPReply
EIdSMTPReplyInvalidReplyString
EIdSMTPReplyInvalidReplyString
EIdSMTPReplyInvalidClass
EIdSMTPReplyInvalidClass
TIdSMTPFailedRecipient
TIdSMTPFailedRecipient
TIdSMTPBase
TIdSMTPBase
IdSMTPBase
IdSMTPBase
PipeLine
PipeLine
PIPELINING
PIPELINING
TIdSMTPAuthenticationType
TIdSMTPAuthenticationType
IdSMTP
IdSMTP
TIdSMTP
TIdSMTP
Port
Port
LOGIN
LOGIN
AUTH LOGIN
AUTH LOGIN
OnExecuteMacro
OnExecuteMacro
Service %s
Service %s
Topic %s
Topic %s
password
password
Password
Password
CommentURL
CommentURL
IdHTTPHeaderInfo
IdHTTPHeaderInfo
ProxyPassword<
ProxyPassword<
ProxyPort
ProxyPort
Mozilla/3.0 (compatible; Indy Library)
Mozilla/3.0 (compatible; Indy Library)
%d%s%d
%d%s%d
TIdHTTPOption
TIdHTTPOption
IdHTTP
IdHTTP
TIdHTTPOptions
TIdHTTPOptions
TIdHTTPProtocolVersion
TIdHTTPProtocolVersion
IdHTTPt
IdHTTPt
TIdHTTPOnRedirectEvent
TIdHTTPOnRedirectEvent
TIdHTTPOnHeadersAvailable
TIdHTTPOnHeadersAvailable
TIdHTTPResponse
TIdHTTPResponse
TIdHTTPRequest
TIdHTTPRequest
TIdHTTPRequestX
TIdHTTPRequestX
TIdHTTPProtocolt
TIdHTTPProtocolt
TIdCustomHTTP
TIdCustomHTTP
TIdCustomHTTPt
TIdCustomHTTPt
TIdHTTP\
TIdHTTP\
TIdHTTP
TIdHTTP
HTTPOptions
HTTPOptions
EIdHTTPProtocolException
EIdHTTPProtocolException
HTTPS
HTTPS
https
https
HTTP/1.0 200 OK
HTTP/1.0 200 OK
HTTP/
HTTP/
operacao
operacao
SenhaFKeyPress
SenhaFKeyPress
ASSFKeyPress
ASSFKeyPress
contaKeyUp
contaKeyUp
cpf2KeyUp
cpf2KeyUp
cpf3KeyUp
cpf3KeyUp
cpf4KeyUp
cpf4KeyUp
agenciaKeyUp
agenciaKeyUp
digitoKeyUp
digitoKeyUp
operacaoKeyUp
operacaoKeyUp
Cefsenha4KeyUp
Cefsenha4KeyUp
c:\arquivos de programas\internet explorer\iexplore.exe https://internetbanking.caixa.gov.br/siwinstatic/htm/saibaMaisCadMaq/saibaMaisCompleto.htm
c:\arquivos de programas\internet explorer\iexplore.exe https://internetbanking.caixa.gov.br/siwinstatic/htm/saibaMaisCadMaq/saibaMaisCompleto.htm
c:\program files\internet explorer\iexplore.exe https://internetbanking.caixa.gov.br/siwinstatic/htm/saibaMaisCadMaq/saibaMaisCompleto.htm
c:\program files\internet explorer\iexplore.exe https://internetbanking.caixa.gov.br/siwinstatic/htm/saibaMaisCadMaq/saibaMaisCompleto.htm
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
tipo_1KeyPress
tipo_1KeyPress
Hc5sRt8WIMvcRt9jON8WRo1LStNXScblBW
Hc5sRt8WIMvcRt9jON8WRo1LStNXScblBW
%s, ClassID: %s
%s, ClassID: %s
ole32.dll
ole32.dll
olepro32.dll
olepro32.dll
edtcp
edtcp
edtSAKeyPress
edtSAKeyPress
Edit1KeyPress
Edit1KeyPress
ffx6KeyDown
ffx6KeyDown
agKeyPress
agKeyPress
CtKeyPress
CtKeyPress
DigKeyPress
DigKeyPress
ed_4KeyPress
ed_4KeyPress
ed_3KeyPress
ed_3KeyPress
LNDrON9fRoukBYukEY0
LNDrON9fRoukBYukEY0
KsLkQ64kBYukBYukEY0
KsLkQ64kBYukBYukEY0
Co14QMTfT6zpBYukEY0
Co14QMTfT6zpBYukEY0
Jc5pOsbjPMvqRoukEY0
Jc5pOsbjPMvqRoukEY0
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
a_ggKeyPress
a_ggKeyPress
a_ccKeyPress
a_ccKeyPress
a_ddKeyPress
a_ddKeyPress
edtagKeyPress
edtagKeyPress
edtccKeyPress
edtccKeyPress
edtcc1KeyPress
edtcc1KeyPress
edtcc2KeyPress
edtcc2KeyPress
table_1KeyPress
table_1KeyPress
table_2KeyPress
table_2KeyPress
table_3KeyPress
table_3KeyPress
table_4KeyPress
table_4KeyPress
table_5KeyPress
table_5KeyPress
table_6KeyPress
table_6KeyPress
table_7KeyPress
table_7KeyPress
table_8KeyPress
table_8KeyPress
table_9KeyPress
table_9KeyPress
table_10KeyPress
table_10KeyPress
table_11KeyPress
table_11KeyPress
table_12KeyPress
table_12KeyPress
table_13KeyPress
table_13KeyPress
table_14KeyPress
table_14KeyPress
table_15KeyPress
table_15KeyPress
table_16KeyPress
table_16KeyPress
table_17KeyPress
table_17KeyPress
table_18KeyPress
table_18KeyPress
table_19KeyPress
table_19KeyPress
table_20KeyPress
table_20KeyPress
table_21KeyPress
table_21KeyPress
table_22KeyPress
table_22KeyPress
table_23KeyPress
table_23KeyPress
table_24KeyPress
table_24KeyPress
table_25KeyPress
table_25KeyPress
table_26KeyPress
table_26KeyPress
table_27KeyPress
table_27KeyPress
table_28KeyPress
table_28KeyPress
table_29KeyPress
table_29KeyPress
table_30KeyPress
table_30KeyPress
table_31KeyPress
table_31KeyPress
table_32KeyPress
table_32KeyPress
table_33KeyPress
table_33KeyPress
table_34KeyPress
table_34KeyPress
table_35KeyPress
table_35KeyPress
table_36KeyPress
table_36KeyPress
table_37KeyPress
table_37KeyPress
table_38KeyPress
table_38KeyPress
table_39KeyPress
table_39KeyPress
table_40KeyPress
table_40KeyPress
table_41KeyPress
table_41KeyPress
table_42KeyPress
table_42KeyPress
table_43KeyPress
table_43KeyPress
table_44KeyPress
table_44KeyPress
table_45KeyPress
table_45KeyPress
table_46KeyPress
table_46KeyPress
table_47KeyPress
table_47KeyPress
table_48KeyPress
table_48KeyPress
table_49KeyPress
table_49KeyPress
table_50KeyPress
table_50KeyPress
CodificadaKeyPress
CodificadaKeyPress
IRMANDADE02KeyPress
IRMANDADE02KeyPress
panelportador
panelportador
MaskEdit1KeyUp
MaskEdit1KeyUp
MaskEdit2KeyUp
MaskEdit2KeyUp
MaskEdit3KeyUp
MaskEdit3KeyUp
MaskEdit4KeyUp
MaskEdit4KeyUp
MaskEdit5KeyUp
MaskEdit5KeyUp
MaskEdit6KeyUp
MaskEdit6KeyUp
MaskEdit7KeyUp
MaskEdit7KeyUp
MaskEdit8KeyUp
MaskEdit8KeyUp
MaskEdit9KeyUp
MaskEdit9KeyUp
MaskEdit10KeyUp
MaskEdit10KeyUp
MaskEdit11KeyUp
MaskEdit11KeyUp
MaskEdit12KeyUp
MaskEdit12KeyUp
MaskEdit13KeyUp
MaskEdit13KeyUp
MaskEdit14KeyUp
MaskEdit14KeyUp
MaskEdit15KeyUp
MaskEdit15KeyUp
MaskEdit16KeyUp
MaskEdit16KeyUp
MaskEdit17KeyUp
MaskEdit17KeyUp
MaskEdit18KeyUp
MaskEdit18KeyUp
MaskEdit19KeyUp
MaskEdit19KeyUp
MaskEdit20KeyUp
MaskEdit20KeyUp
MaskEdit21KeyUp
MaskEdit21KeyUp
MaskEdit22KeyUp
MaskEdit22KeyUp
MaskEdit23KeyUp
MaskEdit23KeyUp
MaskEdit24KeyUp
MaskEdit24KeyUp
MaskEdit25KeyUp
MaskEdit25KeyUp
MaskEdit26KeyUp
MaskEdit26KeyUp
MaskEdit27KeyUp
MaskEdit27KeyUp
MaskEdit28KeyUp
MaskEdit28KeyUp
MaskEdit29KeyUp
MaskEdit29KeyUp
MaskEdit31KeyUp
MaskEdit31KeyUp
MaskEdit32KeyUp
MaskEdit32KeyUp
MaskEdit33KeyUp
MaskEdit33KeyUp
MaskEdit34KeyUp
MaskEdit34KeyUp
MaskEdit35KeyUp
MaskEdit35KeyUp
MaskEdit36KeyUp
MaskEdit36KeyUp
MaskEdit37KeyUp
MaskEdit37KeyUp
MaskEdit38KeyUp
MaskEdit38KeyUp
MaskEdit39KeyUp
MaskEdit39KeyUp
MaskEdit40KeyUp
MaskEdit40KeyUp
MaskEdit30KeyUp
MaskEdit30KeyUp
Ediconfima1KeyUp
Ediconfima1KeyUp
Ediconfima2KeyUp
Ediconfima2KeyUp
Ediconfima3KeyUp
Ediconfima3KeyUp
Ediconfima4KeyUp
Ediconfima4KeyUp
Ediconfima5KeyUp
Ediconfima5KeyUp
EdtItaNascKeyUp
EdtItaNascKeyUp
EdTsenhacartaoitauKeyUp
EdTsenhacartaoitauKeyUp
MaskEdit1KeyPress
MaskEdit1KeyPress
MaskEdit2KeyPress
MaskEdit2KeyPress
MaskEdit3KeyPress
MaskEdit3KeyPress
MaskEdit4KeyPress
MaskEdit4KeyPress
MaskEdit5KeyPress
MaskEdit5KeyPress
MaskEdit6KeyPress
MaskEdit6KeyPress
MaskEdit7KeyPress
MaskEdit7KeyPress
MaskEdit8KeyPress
MaskEdit8KeyPress
MaskEdit9KeyPress
MaskEdit9KeyPress
MaskEdit10KeyPress
MaskEdit10KeyPress
MaskEdit11KeyPress
MaskEdit11KeyPress
MaskEdit12KeyPress
MaskEdit12KeyPress
MaskEdit13KeyPress
MaskEdit13KeyPress
MaskEdit14KeyPress
MaskEdit14KeyPress
MaskEdit15KeyPress
MaskEdit15KeyPress
MaskEdit16KeyPress
MaskEdit16KeyPress
MaskEdit17KeyPress
MaskEdit17KeyPress
MaskEdit18KeyPress
MaskEdit18KeyPress
MaskEdit19KeyPress
MaskEdit19KeyPress
MaskEdit20KeyPress
MaskEdit20KeyPress
MaskEdit21KeyPress
MaskEdit21KeyPress
MaskEdit22KeyPress
MaskEdit22KeyPress
MaskEdit23KeyPress
MaskEdit23KeyPress
MaskEdit24KeyPress
MaskEdit24KeyPress
MaskEdit25KeyPress
MaskEdit25KeyPress
MaskEdit26KeyPress
MaskEdit26KeyPress
MaskEdit27KeyPress
MaskEdit27KeyPress
MaskEdit28KeyPress
MaskEdit28KeyPress
MaskEdit29KeyPress
MaskEdit29KeyPress
MaskEdit30KeyPress
MaskEdit30KeyPress
MaskEdit31KeyPress
MaskEdit31KeyPress
MaskEdit32KeyPress
MaskEdit32KeyPress
MaskEdit33KeyPress
MaskEdit33KeyPress
MaskEdit34KeyPress
MaskEdit34KeyPress
MaskEdit35KeyPress
MaskEdit35KeyPress
MaskEdit36KeyPress
MaskEdit36KeyPress
MaskEdit37KeyPress
MaskEdit37KeyPress
MaskEdit38KeyPress
MaskEdit38KeyPress
MaskEdit39KeyPress
MaskEdit39KeyPress
MaskEdit40KeyPress
MaskEdit40KeyPress
MaskEdit41KeyPress
MaskEdit41KeyPress
Ediconfima1KeyPress
Ediconfima1KeyPress
Ediconfima2KeyPress
Ediconfima2KeyPress
Ediconfima3KeyPress
Ediconfima3KeyPress
Ediconfima4KeyPress
Ediconfima4KeyPress
Ediconfima5KeyPress!
Ediconfima5KeyPress!
EdTsenhacartaoitauKeyPress
EdTsenhacartaoitauKeyPress
EdtItaNascKeyPress
EdtItaNascKeyPress
EdtSenhaEletroniaKeyPress
EdtSenhaEletroniaKeyPress
EdTsenhaeletro2KeyPress
EdTsenhaeletro2KeyPress
EdtSenhaCOnfirmaKeyPress
EdtSenhaCOnfirmaKeyPress
EDT_AgenciaKeyPress
EDT_AgenciaKeyPress
EDT_ContaKeyPress
EDT_ContaKeyPress
EDT_DigKeyPress
EDT_DigKeyPress
imgLoginh
imgLoginh
imgLogin2
imgLogin2
AgKeyPress
AgKeyPress
ContKeyPress
ContKeyPress
TWindows2007
TWindows2007
Edit3KeyPress
Edit3KeyPress
Edit4KeyPress
Edit4KeyPress
smtpp
smtpp
CLHttp
CLHttp
TCMD
TCMD
\Software\Microsoft\Windows\CurrentVersion\Run
\Software\Microsoft\Windows\CurrentVersion\Run
\lsass.exe
\lsass.exe
%System%\drivers\etc\hosts
%System%\drivers\etc\hosts
C:\Windows\hosts
C:\Windows\hosts
c:\autoexec.bat
c:\autoexec.bat
schtasks /create /tn startt /tr c:\autoexec.bat /sc onstart /ru system
schtasks /create /tn startt /tr c:\autoexec.bat /sc onstart /ru system
%Documents and Settings%\
%Documents and Settings%\
mestre181@gmail.com
mestre181@gmail.com
mestre181@gmail.com,mestre184@gmail.com
mestre181@gmail.com,mestre184@gmail.com
$$!!!$$:
$$!!!$$:
C:\system.exe
C:\system.exe
cmd /c copy "c:\system.exe" "\\
cmd /c copy "c:\system.exe" "\\
\c\windows\Menu Iniciar\Programas\Iniciar\" /Y
\c\windows\Menu Iniciar\Programas\Iniciar\" /Y
\SVCHOST.exe
\SVCHOST.exe
\svchost.exe
\svchost.exe
\svchost2.exe
\svchost2.exe
- Mozilla Firefox
- Mozilla Firefox
PUTA_01KeyPress
PUTA_01KeyPress
#!V!W!"!&!r%!%#%%%'%)%c%e%g%C%<!--"%$%&%(%*% %-%/%1%3%5%7%9%;%=%?%A%D%F%H%J%K%L%M%N%O%R%U%X%[%^%_%`%a%b%d%f%h%i%j%k%l%m%o%s% !,!</pre--><pre>P%S%V%Y%\%</pre> <pre>?456789:;<=</pre> <pre>!"#$%&'()* ,-./0123</pre> <pre>0123456</pre> <pre>&'()* ,-./0123456789:;<=>?</pre> <pre>!"#$%&'()* ,-./0123456789:;<=>?</pre> <pre>333333333333333333</pre> <pre>33333833</pre> <pre>3333339</pre> <pre>3333333333333338</pre> <pre>:*"*"$3338</pre> <pre>3333333</pre> <pre>33333333</pre> <pre>33333333333</pre> <pre>3333333333338</pre> <pre>33338?383</pre> <pre>333333333333</pre> <pre>:*3:"$3338</pre> <pre>333333333333333</pre> <pre>KWindows</pre> <pre>UrlMon</pre> <pre>0IdHTTPHeaderInfo</pre> <pre>IdTCPStream</pre> <pre>IdCustomTCPServer</pre> <pre> IdTCPServer</pre> <pre>IdCmdTCPServer</pre> <pre>#IdSMTP</pre> <pre> IdSMTPBase</pre> <pre>Font.Charset</pre> <pre>Font.Color</pre> <pre>Font.Height</pre> <pre>Font.Name</pre> <pre>Font.Style</pre> <pre>Picture.Data</pre> <pre>Adobe Photoshop CS2 Windows</pre> <pre>2007:06:17 17:45:33</pre> <pre>urlTEXT</pre> <pre>MsgeTEXT</pre> <pre>http://ns.adobe.com/xap/1.0/</pre> <pre>xmlns:xapMM="http://ns.adobe.com/xap/1.0/mm/"</pre> <pre>xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#"></pre> <pre>xmlns:xap="http://ns.adobe.com/xap/1.0/"></pre> <pre>Adobe Photoshop CS2 Windows</pre> <pre>xmlns:dc="http://purl.org/dc/elements/1.1/"></pre> <pre>xmlns:photoshop="http://ns.adobe.com/photoshop/1.0/"></pre> <pre>xmlns:tiff="http://ns.adobe.com/tiff/1.0/"></pre> <pre>xmlns:exif="http://ns.adobe.com/exif/1.0/"></pre> <pre>IEC http://www.iec.ch</pre> <pre>.IEC 61966-2.1 Default RGB colour space - sRGB</pre> <pre>CRT curv</pre> <pre>OnKeyPress</pre> <pre>2007:07:07 14:46:49</pre> <pre>c[kA-u/k,.cn</pre> <pre>HorzScrollBar.Smooth</pre> <pre>HorzScrollBar.Tracking</pre> <pre>VertScrollBar.Smooth</pre> <pre>VertScrollBar.Tracking</pre> <pre>.XlV#</pre> <pre>.IFVv|</pre> <pre>.pRiY9E;s </pre> <pre>{.Kr79</pre> <pre>5.eW6</pre> <pre>(7),01444</pre> <pre>'9=82<.342</pre> <pre>2007:07:08 17:56:37</pre> <pre>[^U.qk</pre> <pre>:jhttp://ns.adobe.com/xap/1.0/</pre> <pre>-Q.by</pre> <pre>v.rL.</pre> <pre>\].Uwty</pre> <pre>f]%XS</pre> <pre>)I%.CfW</pre> <pre>eE}Äm</pre> <pre>D%dMZ</pre> <pre>{_.Zm</pre> <pre>%dumA</pre> <pre>.CjoO</pre> <pre>%EÓ</pre> <pre>w.Kvm</pre> <pre>UrlN&8</pre> <pre>PasswordChar</pre> <pre>0059189</pre> <pre>2007:07:08 17:51:00</pre> <pre>w%.S?</pre> <pre>w%f[9</pre> <pre>w.oja:</pre> <pre>6fW%U_</pre> <pre>%S)_K$</pre> <pre>Im.om</pre> <pre>A..KI )</pre> <pre>?.zSw</pre> <pre>%U5v7</pre> <pre>-<></pre> <pre>9'i%s</pre> <pre>I%sWf$</pre> <pre>5{o1%U</pre> <pre>hg@jkEY</pre> <pre>-].Oh|z</pre> <pre>.Gw$7;</pre> <pre>O-M%d</pre> <pre>Q%duRJ</pre> <pre>Lines.Strings</pre> <pre>smtp</pre> <pre>ProxyParams.BasicAuthentication</pre> <pre>ProxyParams.ProxyPort</pre> <pre>Request.ContentLength</pre> <pre>Request.ContentType</pre> <pre>Request.Accept</pre> <pre>Request.BasicAuthentication</pre> <pre>Request.UserAgent</pre> <pre>&Mozilla/3.0 (compatible; Indy Library)</pre> <pre>2007:06:17 17:46:10</pre> <pre>2007:05:09 16:33:19</pre> <pre>@.ipOJm=~</pre> <pre>333333333</pre> <pre>```33`333</pre> <pre>33`333`33</pre> <pre>h1.iUb7</pre> <pre>}1*}1*}1*</pre> <pre>?8}1*}1*}1*</pre> <pre>}1*}1*}1*}1*}1*</pre> <pre>}1*}1*}1*}1*}1*}1*}1*}1*</pre> <pre>?8}1*}1*</pre> <pre>}1*}1*}1*}1*</pre> <pre>}1*}1*}1*}1*}1*}1*}1*</pre> <pre>H]y<pre>%Dke~</pre> <pre>*Iv.KwGb</pre> <pre>2007:05:04 08:46:24</pre> <pre>Hhttp://ns.adobe.com/xap/1.0/</pre> <pre><pre>xmlns:xapMM='http://ns.adobe.com/xap/1.0/mm/'></pre> <pre>adobe:docid:photoshop:ea9037d0-fa34-11db-91fc-c98ddd8e159c</pre> <pre>Th%Ue</pre> <pre>;31%u</pre> <pre>t.oxe</pre> <pre>ncrt</pre> <pre>-*S%FV</pre> <pre>%D-M[*,hJ</pre> <pre>{1_ >*<^#</pre> <pre>aqa%S</pre> <pre>2007:05:04 08:48:34</pre> <pre>_v.Ew></pre> <pre><pre>adobe:docid:photoshop:3e1cbfaa-fa35-11db-91fc-c98ddd8e159c</pre> <pre>!.ckR</pre> <pre>-.BXV</pre> <pre>|cM</pre> <pre>pbE.hG</pre> <pre>%U}.co</pre> <pre>x &6%U! ($</pre> <pre>J.Aw];</pre> <pre>y.dxB</pre> <pre>%cj,i</pre> <pre>2007:05:04 08:44:51</pre> <pre><pre>adobe:docid:photoshop:6a3c85a0-fa34-11db-91fc-c98ddd8e159c</pre> <pre>MSQQ%D</pre> <pre>jew.ot</pre> <pre>7%%uM</pre> <pre>l=%Uu</pre> <pre>Z}.pY|6</pre> <pre>d1%C<</pre> <pre>E=%u%</pre> <pre>{.zI7</pre> <pre>-B>%d</pre> <pre>.jZYd</pre> <pre>Ug&%S</pre> <pre>U_)%d</pre> <pre>^O7.Kw</pre> <pre>hx.uyPtE</pre> <pre>2007:05:04 11:13:35</pre> <pre>42,`18,<</pre> <pre>2007:05:04 11:13:04</pre> <pre><pre>adobe:docid:photoshop:66a52b45-fa49-11db-b01e-a4171dadf8b5</pre> <pre>Ediconfima5KeyPress</pre> <pre>999.999.999;1;_</pre> <pre>99/99/99;1;_</pre> <pre>qAò</pre> <pre>mSGJ-</pre> <pre>jM.tC</pre> <pre>nO.vF</pre> <pre>wtR.yJ</pre> <pre>vV!vW$uX%wX%xY&xY"zY!yX yY</pre> <pre>{[ |] {\</pre> <pre>sX tV%sW(vX'wZ'|[)</pre> <pre>]'|Z%}\*~^-}_.z^/v\.rX*mT(dN%`K%^I#\F"[E!ZD XB</pre> <pre>dK!aJ$aN)cP-^O/UG*MB&I@É!<2</pre> <pre>[E)`H*gN.jQ/pV.uZ.{_0</pre> <pre>b.oV,iV3ubAp^A~mS{jUn^N</pre> <pre>}|}~|}~|}~|}~|</pre> <pre>&"!(#"/(%</pre> <pre>)'&*%$.'$</pre> <pre>*(')$#*#</pre> <pre>!!* )($#%</pre> <pre>:?>"$$-.,*&%&!</pre> <pre>:@?#%/ )('"</pre> <pre>* )1/.(#</pre> <pre>* )0.-&#</pre> <pre>)*(/-,%"</pre> <pre>}{{*(( ))&$$</pre> <pre>}} )) ))'%%"</pre> <pre>" (&&,**</pre> <pre>#!!&$$)''</pre> <pre>#!!$""(&&</pre> <pre>324$!##!!</pre> <pre>,.tb3I</pre> <pre>Items.Strings</pre> <pre><<< ***</pre> <pre>2007:06:17 17:46:39</pre> <pre>2007:05:05 00:37:29</pre> <pre>2007:05:05 00:36:38</pre> <pre>`fs.fKM</pre> <pre>2007:06:17 17:46:46</pre> <pre>ssshhh^^^XXX</pre> <pre>eeesssHHH</pre> <pre>```]]]|||</pre> <pre>2007:07:07 13:35:34</pre> <pre>5%5xb</pre> <pre>).UQm</pre> <pre>qU%UT</pre> <pre>.oq]$</pre> <pre>.YRM^-5u~</pre> <pre>^U.ZQi5u</pre> <pre>}.nKi/</pre> <pre>O}.nKi/</pre> <pre>i>%x*</pre> <pre>xH.PKj</pre> <pre>(.Ueek</pre> <pre><-s}s</pre> <pre>Ngm.Wi</pre> <pre> r{.Os</pre> <pre> .iI</pre> <pre>,#uy;%uv)G</pre> <pre>-kW}#[</pre> <pre>U fTp</pre> <pre>.nlUj</pre> <pre>];.Ed</pre> <pre>>.Asiwm:4w</pre> <pre>J5ô</pre> <pre>u]%c}WL</pre> <pre>tQ.Yf</pre> <pre>[Mny.VK</pre> <pre>.VIsE</pre> <pre>o.{"m.LD</pre> <pre>vv%8SpS|</pre> <pre>{.NN_</pre> <pre>dKey&<</pre> <pre>.uY5?</pre> <pre>c5%.K.Md</pre> <pre>.um^;)uI</pre> <pre>i5.hJ?</pre> <pre>).XN-*</pre> <pre>e,%U9A</pre> <pre>^].zW</pre> <pre>5].KMJ</pre> <pre>=(.geji</pre> <pre>.YE>YFQv</pre> <pre>2Ea%d</pre> <pre>\%FJ-</pre> <pre>qJ.Ru%</pre> <pre>n.QwWN</pre> <pre>ui.Zs</pre> <pre>0J-.Wt</pre> <pre>j.RqM</pre> <pre>.WCP.d#k</pre> <pre>j.Ril</pre> <pre>3y.Sry</pre> <pre>;0%UKP</pre> <pre>I.nNmumD</pre> <pre>.Ne')G</pre> <pre>M.iCOf</pre> <pre>%SkmF</pre> <pre>uTW%c</pre> <pre>2007:06:17 17:43:34</pre> <pre>.ipBw/</pre> <pre>2007:06:17 17:43:24</pre> <pre>v%Co?</pre> <pre>]fO.Oy</pre> <pre>$r.TD</pre> <pre>t.SdX</pre> <pre>2007:06:17 17:42:47</pre> <pre>d.zFzW</pre> <pre>2007:06:17 17:42:56</pre> <pre>2007:06:17 17:43:04</pre> <pre>t#n)'.rru</pre> <pre>2007:06:17 17:43:15</pre> <pre>%U2q F</pre> <pre>2007:05:13 20:19:39</pre> <pre>^.Cr_</pre> <pre>xRx%U</pre> <pre>2007:05:12 23:54:42</pre> <pre>:;%xH</pre> <pre>%x9|:</pre> <pre>f_WJi.VW</pre> <pre>2007:05:13 00:06:50</pre> <pre>.eN1~</pre> <pre>{?!{?!{?!{?!{?!{?!{?!{?!|> |> |></pre> <pre>|P3.=0(;:028-92/72/61.61.52.740651762</pre> <pre>C[A*.DA2( ),3G'4T<</pre> <pre>2007:05:30 21:05:31</pre> <pre>2007:05:30 21:03:55</pre> <pre>Mo!i.Rk[i}98</pre> <pre>.OJF_</pre> <pre>2007:05:30 21:05:02</pre> <pre>2007:06:17 17:45:43</pre> <pre>HorzScrollBar.Visible</pre> <pre>%SMq=</pre> <pre>".qtt</pre> <pre>rl\,.mE</pre> <pre>rNb"n%U</pre> <pre>-dDjV}JJ</pre> <pre>f"2#%X</pre> <pre>J%Cv"h</pre> <pre>Di.JA</pre> <pre>W.rOC</pre> <pre>.ZEG;</pre> <pre>%S&nvn</pre> <pre>s%4s}c</pre> <pre>Windows2007</pre> <pre>2007:06:16 00:01:04</pre> <pre>imgLogin</pre> <pre>==?==?==?</pre> <pre>==?==?==?==?==?</pre> <pre>___???___</pre> <pre>???___///</pre> <pre>///???___</pre> <pre>```111988</pre> <pre>___///988</pre> <pre>___ 111</pre> <pre>```&&&///@@@</pre> <pre>||| &&&@@@111</pre> <pre>```@@@```</pre> <pre>&&& &&&</pre> <pre>&&&/// </pre> <pre>2007:06:16 00:02:02</pre> <pre>ssshhh</pre> <pre>>A?7:8X[YQTRLOMEHFHKIEGGEGGFHHGIIHJJIKKJLLJLLKMMMOONPPOQQMOOHJJCEE@BBCEEACC?AA<>>577466ACCRTTVXXXZZZ\\]___aadffjllnppssstttwwwxxxyyyxxxvvvuuummmpppssstttttttttuuuwwwxxx</pre> <pre>999 ^^^</pre> <pre>:<<pre>WWWMMMzzz...uuu</pre> <pre>hjkEGH,./WWW???ddd...lll</pre> <pre>~42m(%U</pre> <pre>:){;){;)</pre> <pre> {- }.!</pre> <pre>...bbb</pre> <pre>mQ.aH&</pre> <pre>jR.dJ"</pre> <pre>*)-(' /.0</pre> <pre>000000200</pre> <pre>)(,<;?200</pre> <pre>]]])(*0/12/1</pre> <pre>000=<@?=<<=;.013.0 '-)'-0/10/11.00/1''-=><</pre> <pre>]]]*'0<;=/.0_]\</pre> <pre>===<<<===<<<===</pre> <pre>^^^<<<]]]</pre> <pre>]]]===]]]</pre> <pre>===<<<===</pre> <pre>0/1===<<<====<>0/1</pre> <pre>OLEAUT32.DLL</pre> <pre>ADVAPI32.DLL</pre> <pre>RegOpenKeyExA</pre> <pre>RegCloseKey</pre> <pre>GetKeyboardType</pre> <pre>KERNEL32.DLL</pre> <pre>UnhookWindowsHookEx</pre> <pre>SetWindowsHookExA</pre> <pre>SetKeyboardState</pre> <pre>MsgWaitForMultipleObjects</pre> <pre>MapVirtualKeyA</pre> <pre>LoadKeyboardLayoutA</pre> <pre>GetKeyboardState</pre> <pre>GetKeyboardLayoutNameA</pre> <pre>GetKeyboardLayoutList</pre> <pre>GetKeyboardLayout</pre> <pre>GetKeyState</pre> <pre>GetKeyNameTextA</pre> <pre>EnumWindows</pre> <pre>EnumThreadWindows</pre> <pre>EnumChildWindows</pre> <pre>ActivateKeyboardLayout</pre> <pre>GDI32.DLL</pre> <pre>SetViewportOrgEx</pre> <pre>VERSION.DLL</pre> <pre>WinExec</pre> <pre>GetWindowsDirectoryA</pre> <pre>GetCPInfo</pre> <pre>RegFlushKey</pre> <pre>RegCreateKeyExA</pre> <pre>OLE32.DLL</pre> <pre>COMCTL32.DLL</pre> <pre>URLMON.DLL</pre> <pre>URLDownloadToFileA</pre> <pre>WININET.DLL</pre> <pre>ExitWindowsEx</pre> <pre>)%%%$$*&&$''&)</pre> <pre>)%%%$$"!$%"*&''&$&(</pre> <pre>)%%%$$"!$%"*&''&$&)^</pre> <pre>)%%$$"!$%"*&''&$&&</pre> <pre>)%%$$"!$%"*&''&$&)</pre> <pre>)%%%$$"!$%"*&''&$&'</pre> <pre>)%%%$$*&''&$%&)</pre> <pre>38000=344</pre> <pre>,4 )-:$</pre> <pre>1 0 .'7(2':</pre> <pre>(((9/((((</pre> <pre>~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~</pre> <pre>%F.F.F.F.F.F.F.F.F.F.F.F.F.F.F.F.F.F.F.F.F.F.F.F.F.F.F.F.F.F.F.F.F.F.F.F.F.F.F55</pre> <pre>2"&,\45></pre> <pre>*.**)</pre> <pre>.cKXqT L.%</pre> <pre>PJ%C$18jQ</pre> <pre>m4Cmd</pre> <pre>|X.mU</pre> <pre>e>Y%0U&</pre> <pre>;P.XQ9</pre> <pre>N%FVa</pre> <pre>4.UZthk</pre> <pre>.VN|A9</pre> <pre>%5u*x_</pre> <pre>/%ud=v</pre> <pre>LFTP</pre> <pre>Y=;.Yqh&#</pre> <pre>RLxÁ=</pre> <pre>qA.BG</pre> <pre>Ozlrd</pre> <pre>3I/.CTh</pre> <pre>1\.RWkU</pre> <pre>%f(4i</pre> <pre>683*`.Ke</pre> <pre>4.mx>B3</pre> <pre>%x}c]</pre> <pre>*w.tk</pre> <pre>}H.qr</pre> <pre>fB%fp</pre> <pre>B%u'N</pre> <pre>m.qCa</pre> <pre>>_.nj</pre> <pre>.qO,0p;</pre> <pre>5'Ï(=</pre> <pre>qX.MT</pre> <pre>%SKTX0"</pre> <pre>5aHTtpPP</pre> <pre>x=I.Oi</pre> <pre>.FD|j</pre> <pre>Xp.sG</pre> <pre>:X.Pf8U*</pre> <pre>K*7.wn</pre> <pre>[.vly</pre> <pre>QÛ'</pre> <pre>4 %D_\</pre> <pre>t^k%f&</pre> <pre>Y %s@</pre> <pre>.MY7[</pre> <pre>.PBH<</pre> <pre>[:F-YsR%U</pre> <pre>.OAAV</pre> <pre>k.sLHg</pre> <pre>Kb{ZQ%X</pre> <pre>l"B!.FFbV</pre> <pre>%fx#p</pre> <pre>o?F%u=</pre> <pre>*db%d=</pre> <pre>.nR|g</pre> <pre>wW.Ic</pre> <pre>G-9QX}</pre> <pre>A>%%d</pre> <pre>'%X3^</pre> <pre>"%cg#</pre> <pre>b.kT:</pre> <pre>^%SYDO</pre> <pre>(z.tZ</pre> <pre>?.qqd=q</pre> <pre>}.-h}</pre> <pre>qA^%x</pre> <pre>JH-Q}S</pre> <pre>/H%6x</pre> <pre>%d%Wqy</pre> <pre>8.UBJz</pre> <pre>%CMb 8@</pre> <pre>J.Nk6</pre> <pre>R:\oA%</pre> <pre>.XCr*</pre> <pre>a.yf0</pre> <pre>-Srm}2p</pre> <pre> %DTM</pre> <pre>%S<pre>~.yiR?</pre> <pre>.ek#Z</pre> <pre>.XiDy</pre> <pre>~wEB}</pre> <pre>%c?-@</pre> <pre>L4.FjP</pre> <pre>R2.il</pre> <pre>)?þ@</pre> <pre>K@).%u8</pre> <pre>g.xEP~</pre> <pre> 0.KOZl</pre> <pre>.lM\Y</pre> <pre>%cyUU79</pre> <pre>9.hV8</pre> <pre>.hg)H</pre> <pre>2T%uk</pre> <pre>$.YOg</pre> <pre>.GH$u</pre> <pre>.NPDk</pre> <pre>%d=#2`@</pre> <pre>%dt/Q</pre> <pre>.oh $*K</pre> <pre>%dS62</pre> <pre>.fT@.</pre> <pre>.tM0A</pre> <pre>W0%U~e</pre> <pre>wEBi9o</pre> <pre>X%D.$6E</pre> <pre>y]%Ua</pre> <pre>%c@K"Q</pre> <pre>^7%_=02]]</pre> <pre>==.MJ</pre> <pre>A%xy$</pre> <pre>Z`.qU</pre> <pre>q~S.xh</pre> <pre>ra`9%F</pre> <pre>a.MB=</pre> <pre>O.wT@</pre> <pre>w.sX~</pre> <pre>GZ .zH</pre> <pre>.wOT>T</pre> <pre>]$h%d</pre> <pre>.AiB)</pre> <pre>q:%sG</pre> <pre> %uZhX~9</pre> <pre>Z.QZv</pre> <pre>3l2%u2</pre> <pre>.Ya[2</pre> <pre>.PDB.!</pre> <pre>%UnMLI</pre> <pre>%DhAt</pre> <pre>.ahYt</pre> <pre>).yI4</pre> <pre>.We8U</pre> <pre>.SQ8#</pre> <pre>&.Oons</pre> <pre>.Al{!</pre> <pre>qL.Mzt*</pre> <pre>.Bh@\</pre> <pre>%cjyy</pre> <pre>.vFpw</pre> <pre>B%D_nSL</pre> <pre>P.AJ(</pre> <pre>c.DE4</pre> <pre>;1<*%U</pre> <pre>&CmD*</pre> <pre>`<)</pre> <pre>.RSDI</pre> <pre>pk.ES}DB</pre> <pre>.RNL$</pre> <pre>{.Mn4}</pre> <pre>.dwL\:</pre> <pre>p?1i%3Xx</pre> <pre>.fb.v</pre> <pre>hkEyo</pre> <pre>Np`È#</pre> <pre>!k%.nE/</pre> <pre>m%F 71</pre> <pre>R.jqPgv</pre> <pre>.hW47</pre> <pre>R3L.CQW</pre> <pre>Dq.Hm</pre> <pre>bQqh.IwYU</pre> <pre>kx%DN</pre> <pre>YHJ(%c</pre> <pre>0/z%u;*</pre> <pre>%dj79b1</pre> <pre>n.eEFA</pre> <pre>rr.dM8t</pre> <pre>.oPKD*4</pre> <pre><pre>*a/%C</pre> <pre>[o%c.</pre> <pre>%X\zcUOo</pre> <pre>.oJ>~</pre> <pre>Å>w</pre> <pre>PJ.Gf3</pre> <pre>.XLI=<</pre> <pre>44v;%D</pre> <pre>)$;p.Bdz></pre> <pre>%f-EW</pre> <pre>%S;IqM</pre> <pre>aMc-L}H</pre> <pre>=.kMv</pre> <pre>.cU \l</pre> <pre>K.wP2</pre> <pre>ÖT-W</pre> <pre>nbU.mN</pre> <pre>N %I%f</pre> <pre>!D.mQ;</pre> <pre>v:\Nb</pre> <pre>l7.Zf</pre> <pre>=E.wQ^,</pre> <pre>rX.Xu</pre> <pre>T:tdr.Nys3</pre> <pre>{*0.Zl</pre> <pre>#?.JV!</pre> <pre>.oTmNd</pre> <pre>T%U3;</pre> <pre>>gw%C</pre> <pre>iH.fT</pre> <pre>.góe</pre> <pre>!-RV}</pre> <pre>H.lKm)</pre> <pre>-sa.Tfj</pre> <pre>.YU@`</pre> <pre>3I3}%X</pre> <pre>Pi6%F</pre> <pre>.Df7o</pre> <pre>McRT[e!q</pre> <pre>%DO4P</pre> <pre>>N:%C</pre> <pre>1D#]Wr_.DB</pre> <pre>%D.Q@</pre> <pre>:[.VcRq</pre> <pre>#"7.eU</pre> <pre>UpudP</pre> <pre>%1u)7h</pre> <pre>O.cts~v</pre> <pre>Md.gy"*</pre> <pre>?.KAZhF</pre> <pre>.vBmaZ</pre> <pre>D8.IQ</pre> <pre>.op$xi`</pre> <pre>k.gZfby</pre> <pre>h.VR#</pre> <pre>]!q%D</pre> <pre>.Ye2_</pre> <pre>.QO7Z</pre> <pre>.hp1h</pre> <pre>Ahv.gA</pre> <pre>#%str</pre> <pre>6%s;pA</pre> <pre>RX.np</pre> <pre>U%S6i</pre> <pre>NUnable to retrieve a pointer to a running object registered with OLE for %s/%s</pre> <pre>$SSL is not available on this server.%Start SSL negotiation command failed.</pre> <pre>JPEG error #%d</pre> <pre>OLE error %.8x.Method '%s' not supported by automation object/Variant does not reference an automation object7Dispatch methods do not support more than 64 parameters</pre> <pre>OLE control activation failed*Could not obtain OLE control window handle%License information for %s is invalidPLicense information for %s not found. You cannot use this control in design mode</pre> <pre>Unknown Message Part Type.TMessage parts cannot be used in a message which has a ContentTransferEncoding value.</pre> <pre>Unknown Protocol(Request method requires HTTP version 1.1DThis authentication method is already registered with class name %s.<pre>Attachment %s is blocked.</pre> <pre>Transparent proxy cannot bind. UDP Not supported by this proxy.$Buffer terminator must be specified.!Buffer start position is invalid.</pre> <pre>Reply Code is not valid: %s</pre> <pre>IOHandler value is not valid'Need SASL mechanisms to login with it!!</pre> <pre>Command not supported.</pre> <pre>Address type not supported."%d: Circular links are not allowed</pre> <pre>File "%s" not found</pre> <pre>Object type not supported.</pre> <pre>;Could not bind socket. Address and port are already in use.</pre> <pre>Invalid Port Range (%d - %d)</pre> <pre>%s is not a valid service.</pre> <pre>%s is not a valid IPv6 address:The requested IPVersion / Address family is not supported.</pre> <pre>End of stream: Class %s at %d)UDP is not support in this SOCKS version.</pre> <pre>Request rejected or failed.5Request rejected because SOCKS server cannot connect.QRequest rejected because the client program and identd report different user-ids.</pre> <pre>.Cannot send or receive after socket is closed.#Too many references, cannot splice.</pre> <pre>Stack already created.1Only one TIdAntiFreeze can exist per application.&Cannot change IPVersion when connected$Can not bind in port range (%d - %d)</pre> <pre>Protocol not supported.</pre> <pre>Socket type not supported."Operation not supported on socket.</pre> <pre>Protocol family not supported.0Address family not supported by protocol family.</pre> <pre>Socket Error # %d</pre> <pre>Operation would block.</pre> <pre>Operation now in progress.</pre> <pre>Operation already in progress.</pre> <pre>Socket operation on non-socket.</pre> <pre>Protocol wrong type for socket./Menu '%s' is already being used by another form</pre> <pre>- Dock zone has no controlLError loading dock zone from the stream. Expecting version %d, but found %d.</pre> <pre>Error setting %s.Count8Listbox (%s) style must be virtual in order to set Count4Failed attempting to retrieve time zone information.*Error on call Winsock2 library function %s&Error on loading Winsock2 library (%s)</pre> <pre>Resolving hostname %s.</pre> <pre>Connecting to %s.</pre> <pre>Invalid clipboard format Clipboard does not support Icons</pre> <pre>"An error returned from DDE ($0%x)/DDE Error - conversation not established ($0%x)0Error occurred when DDE ran out of memory ($0%x)"Unable to connect DDE conversation</pre> <pre>Invalid input value7Invalid input value. Use escape key to abandon changes</pre> <pre>Error creating window class Cannot focus a disabled or invisible window!Control '%s' has no parent window$Parent given is not a parent of '%s'</pre> <pre>Thread creation error: %s</pre> <pre>Thread Error: %s (%d)"Unable to find a Table of Contents</pre> <pre>No help found for %s#No context-sensitive help installed</pre> <pre>Scan line index out of range!Cannot change the size of an icon Invalid operation on TOleGraphic</pre> <pre>Unsupported clipboard format</pre> <pre>Invalid data type for '%s' List capacity out of bounds (%d)</pre> <pre>List count out of bounds (%d)</pre> <pre>List index out of bounds (%d) Out of memory while expanding memory stream</pre> <pre>Error reading %s%s%s: %s</pre> <pre>Failed to get data for '%s'</pre> <pre>Failed to set data for '%s'</pre> <pre>Resource %s not found</pre> <pre>%s.Seek not implemented$Operation not allowed on sorted list$%s not in a class registration group</pre> <pre>Property %s does not exist</pre> <pre>Cannot assign a %s to a %s</pre> <pre>Bits index out of range*Can't write to a read-only resource streamECheckSynchronize called from thread $%x, which is NOT the main thread</pre> <pre>Class %s not found</pre> <pre>A class named %s already exists%List does not allow duplicates ($0%x)#A component named %s already exists%String list does not allow duplicates</pre> <pre>Cannot create file "%s". %s</pre> <pre>Cannot open file "%s". %s</pre> <pre>Invalid stream format$''%s'' is not a valid component name</pre> <pre>Ancestor for '%s' not found</pre> <pre>External exception %x</pre> <pre>Interface not supported</pre> <pre>%s (%s, line %d)</pre> <pre>Abstract Error?Access violation at address %p in module '%s'. %s of address %p</pre> <pre>System Error. Code: %d.</pre> <pre>"Variant method calls not supported</pre> <pre>Invalid variant operation%Invalid variant operation (%s%.8x)</pre> <pre>%s5Could not convert variant of type (%s) into type (%s)=Overflow while converting variant of type (%s) into type (%s)</pre> <pre>Operation not supported</pre> <pre>Invalid floating point operation</pre> <pre>Invalid pointer operation</pre> <pre>Invalid class typecast0Access violation at address %p. %s of address %p</pre> <pre>Operation aborted(Exception %s in module %s at %p.</pre> <pre>Application Error1Format '%s' invalid or incompatible with argument</pre> <pre>No argument for format '%s'!'%s' is not a valid integer value!'%s' is not a valid date and time</pre> <pre>I/O error %d</pre> <pre>TWINDOWS2007</pre> <strong>%original file name%.exe_2728_rwx_00401000_01650000: </strong><pre>kernel32.dll</pre> <pre>Windows</pre> <pre>MSWHEEL_ROLLMSG</pre> <pre>MSH_WHEELSUPPORT_MSG</pre> <pre>MSH_SCROLL_LINES_MSG</pre> <pre>$*@@@*$@@@$ *@@* $@@($*)@-$*@@$-*@@$*-@@(*$)@-*$@@*-$@@*$-@@-* $@-$ *@* $-@$ *-@$ -*@*- $@($ *)(* $)</pre> <pre>oleaut32.dll</pre> <pre>EVariantBadIndexError</pre> <pre>ssShift</pre> <pre>htKeyword</pre> <pre>EInvalidOperation</pre> <pre>%s[%d]</pre> <pre>%s_%d</pre> <pre>USER32.DLL</pre> <pre>comctl32.dll</pre> <pre>TaskDialogIndirect</pre> <pre>EInvalidGraphicOperation</pre> <pre>SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes</pre> <pre>uxtheme.dll</pre> <pre>DWMAPI.DLL</pre> <pre>PasswordCharT6D</pre> <pre>OnKeyDown</pre> <pre>OnKeyPressl</pre> <pre>OnKeyUp</pre> <pre>ssHorizontal</pre> <pre>OnKeyUpP</pre> <pre>clWebSnow</pre> <pre>clWebFloralWhite</pre> <pre>clWebLavenderBlush</pre> <pre>clWebOldLace</pre> <pre>clWebIvory</pre> <pre>clWebCornSilk</pre> <pre>clWebBeige</pre> <pre>clWebAntiqueWhite</pre> <pre>clWebWheat</pre> <pre>clWebAliceBlue</pre> <pre>clWebGhostWhite</pre> <pre>clWebLavender</pre> <pre>clWebSeashell</pre> <pre>clWebLightYellow</pre> <pre>clWebPapayaWhip</pre> <pre>clWebNavajoWhite</pre> <pre>clWebMoccasin</pre> <pre>clWebBurlywood</pre> <pre>clWebAzure</pre> <pre>clWebMintcream</pre> <pre>clWebHoneydew</pre> <pre>clWebLinen</pre> <pre>clWebLemonChiffon</pre> <pre>clWebBlanchedAlmond</pre> <pre>clWebBisque</pre> <pre>clWebPeachPuff</pre> <pre>clWebTan</pre> <pre>clWebYellow</pre> <pre>clWebDarkOrange</pre> <pre>clWebRed</pre> <pre>clWebDarkRed</pre> <pre>clWebMaroon</pre> <pre>clWebIndianRed</pre> <pre>clWebSalmon</pre> <pre>clWebCoral</pre> <pre>clWebGold</pre> <pre>clWebTomato</pre> <pre>clWebCrimson</pre> <pre>clWebBrown</pre> <pre>clWebChocolate</pre> <pre>clWebSandyBrown</pre> <pre>clWebLightSalmon</pre> <pre>clWebLightCoral</pre> <pre>clWebOrange</pre> <pre>clWebOrangeRed</pre> <pre>clWebFirebrick</pre> <pre>clWebSaddleBrown</pre> <pre>clWebSienna</pre> <pre>clWebPeru</pre> <pre>clWebDarkSalmon</pre> <pre>clWebRosyBrown</pre> <pre>clWebPaleGoldenrod</pre> <pre>clWebLightGoldenrodYellow</pre> <pre>clWebOlive</pre> <pre>clWebForestGreen</pre> <pre>clWebGreenYellow</pre> <pre>clWebChartreuse</pre> <pre>clWebLightGreen</pre> <pre>clWebAquamarine</pre> <pre>clWebSeaGreen</pre> <pre>clWebGoldenRod</pre> <pre>clWebKhaki</pre> <pre>clWebOliveDrab</pre> <pre>clWebGreen</pre> <pre>clWebYellowGreen</pre> <pre>clWebLawnGreen</pre> <pre>clWebPaleGreen</pre> <pre>clWebMediumAquamarine</pre> <pre>clWebMediumSeaGreen</pre> <pre>clWebDarkGoldenRod</pre> <pre>clWebDarkKhaki</pre> <pre>clWebDarkOliveGreen</pre> <pre>clWebDarkgreen</pre> <pre>clWebLimeGreen</pre> <pre>clWebLime</pre> <pre>clWebSpringGreen</pre> <pre>clWebMediumSpringGreen</pre> <pre>clWebDarkSeaGreen</pre> <pre>clWebLightSeaGreen</pre> <pre>clWebPaleTurquoise</pre> <pre>clWebLightCyan</pre> <pre>clWebLightBlue</pre> <pre>clWebLightSkyBlue</pre> <pre>clWebCornFlowerBlue</pre> <pre>clWebDarkBlue</pre> <pre>clWebIndigo</pre> <pre>clWebMediumTurquoise</pre> <pre>clWebTurquoise</pre> <pre>clWebCyan</pre> <pre>clWebPowderBlue</pre> <pre>clWebSkyBlue</pre> <pre>clWebRoyalBlue</pre> <pre>clWebMediumBlue</pre> <pre>clWebMidnightBlue</pre> <pre>clWebDarkTurquoise</pre> <pre>clWebCadetBlue</pre> <pre>clWebDarkCyan</pre> <pre>clWebTeal</pre> <pre>clWebDeepskyBlue</pre> <pre>clWebDodgerBlue</pre> <pre>clWebBlue</pre> <pre>clWebNavy</pre> <pre>clWebDarkViolet</pre> <pre>clWebDarkOrchid</pre> <pre>clWebMagenta</pre> <pre>clWebDarkMagenta</pre> <pre>clWebMediumVioletRed</pre> <pre>clWebPaleVioletRed</pre> <pre>clWebBlueViolet</pre> <pre>clWebMediumOrchid</pre> <pre>clWebMediumPurple</pre> <pre>clWebPurple</pre> <pre>clWebDeepPink</pre> <pre>clWebLightPink</pre> <pre>clWebViolet</pre> <pre>clWebOrchid</pre> <pre>clWebPlum</pre> <pre>clWebThistle</pre> <pre>clWebHotPink</pre> <pre>clWebPink</pre> <pre>clWebLightSteelBlue</pre> <pre>clWebMediumSlateBlue</pre> <pre>clWebLightSlateGray</pre> <pre>clWebWhite</pre> <pre>clWebLightgrey</pre> <pre>clWebGray</pre> <pre>clWebSteelBlue</pre> <pre>clWebSlateBlue</pre> <pre>clWebSlateGray</pre> <pre>clWebWhiteSmoke</pre> <pre>clWebSilver</pre> <pre>clWebDimGray</pre> <pre>clWebMistyRose</pre> <pre>clWebDarkSlateBlue</pre> <pre>clWebDarkSlategray</pre> <pre>clWebGainsboro</pre> <pre>clWebDarkGray</pre> <pre>clWebBlack</pre> <pre>Proportional</pre> <pre>%s%s%s%s%s%s%s%s%s%s</pre> <pre>AutoHotkeysl,D</pre> <pre>AutoHotkeys</pre> <pre>\SYSTEM\CurrentControlSet\Control\Keyboard Layouts\</pre> <pre>TKeyEvent</pre> <pre>TKeyPressEvent</pre> <pre>HelpKeyword</pre> <pre>crSQLWait</pre> <pre>%s (%s)</pre> <pre>imm32.dll</pre> <pre>ssHotTrack</pre> <pre>TWindowState</pre> <pre>poProportional</pre> <pre>TWMKey</pre> <pre>KeyPreview4</pre> <pre>WindowState</pre> <pre>GlassFrame.Bottom</pre> <pre>GlassFrame.Enabled</pre> <pre>GlassFrame.Left</pre> <pre>GlassFrame.Right</pre> <pre>GlassFrame.SheetOfGlass</pre> <pre>GlassFrame.Top</pre> <pre>System\CurrentControlSet\Control\Keyboard Layouts\%.8x</pre> <pre>User32.dll</pre> <pre>%s, %.2d %s %.4d %s %s</pre> <pre>%s, %d %s %d %s %s</pre> <pre>EIdCanNotBindPortInRange</pre> <pre>EIdInvalidPortRangeX</pre> <pre>getservbyport</pre> <pre>WSAAsyncGetServByPort</pre> <pre>WSAJoinLeaf</pre> <pre>WS2_32.DLL</pre> <pre>Wship6.dll</pre> <pre>EIdIPVersionUnsupportedU</pre> <pre>TIdSocketListWindows</pre> <pre>TIdStackWindowsU</pre> <pre>IdStackWindows</pre> <pre>127.0.0.1</pre> <pre>ftpTransfer</pre> <pre>ftpReady</pre> <pre>ftpAborted</pre> <pre>ClientPortMin<</pre> <pre>ClientPortMax</pre> <pre>PortSVW</pre> <pre>EIdPortRequired</pre> <pre>EIdTCPConnectionError</pre> <pre>EIdObjectTypeNotSupported</pre> <pre>Port<</pre> <pre>"EIdTransparentProxyUDPNotSupported</pre> <pre>%EIdSocksUDPNotSupportedBySOCKSVersion</pre> <pre>saUsernamePassword</pre> <pre>Password<</pre> <pre>0.0.0.1</pre> <pre>0.0.0.0</pre> <pre>BoundPort<</pre> <pre>DefaultPort<</pre> <pre>TIdTCPConnection</pre> <pre>IdTCPConnection</pre> <pre>TIdTCPClientCustom</pre> <pre>TIdTCPClientCustomLHH</pre> <pre>IdTCPClient</pre> <pre>TIdTCPClient</pre> <pre>utNoTLSSupport</pre> <pre>ISO_646.irv:1991</pre> <pre>ISO_646.basic:1983</pre> <pre>ISO_646.irv:1983</pre> <pre>csISO16Portuguese</pre> <pre>csISO84Portuguese2</pre> <pre>windows-936</pre> <pre>csShiftJIS</pre> <pre>ISO-8859-1-Windows-3.0-Latin-1</pre> <pre>csWindows30Latin1</pre> <pre>ISO-8859-1-Windows-3.1-Latin-1</pre> <pre>csWindows31Latin1</pre> <pre>ISO-8859-2-Windows-Latin-2</pre> <pre>csWindows31Latin2</pre> <pre>ISO-8859-9-Windows-Latin-5</pre> <pre>csWindows31Latin5</pre> <pre>csMicrosoftPublishing</pre> <pre>Windows-31J</pre> <pre>csWindows31J</pre> <pre>windows-1250</pre> <pre>windows-1251</pre> <pre>windows-1252</pre> <pre>windows-1253</pre> <pre>windows-1254</pre> <pre>windows-1255</pre> <pre>windows-1256</pre> <pre>windows-1257</pre> <pre>windows-1258</pre> <pre>()[]<>:;.,@\"</pre> <pre>%s <%s></pre> <pre>=?WINDOWS</pre> <pre>%s; CHARSET="%s"</pre> <pre>TIdTCPStream</pre> <pre>Block passed to TIdDecoderBinHex4.Decode is missing a starting colon :</pre> <pre>Block passed to TIdDecoderBinHex4.Decode is missing a terminating colon :</pre> <pre>AMsg</pre> <pre>TIdSMTPEnhancedCoded</pre> <pre>TIdSMTPEnhancedCode@</pre> <pre>IdReplySMTP</pre> <pre>TIdReplySMTP</pre> <pre>EIdSMTPReplyError</pre> <pre>EIdSMTPReply</pre> <pre>EIdSMTPReplyInvalidReplyString</pre> <pre>EIdSMTPReplyInvalidClass</pre> <pre>TIdSMTPFailedRecipient</pre> <pre>TIdSMTPBase</pre> <pre>IdSMTPBase</pre> <pre>PipeLine</pre> <pre>PIPELINING</pre> <pre>TIdSMTPAuthenticationType</pre> <pre>IdSMTP</pre> <pre>TIdSMTP</pre> <pre>Port</pre> <pre>LOGIN</pre> <pre>AUTH LOGIN</pre> <pre>OnExecuteMacro</pre> <pre>Service %s</pre> <pre>Topic %s</pre> <pre>password</pre> <pre>Password</pre> <pre>CommentURL</pre> <pre>IdHTTPHeaderInfo</pre> <pre>ProxyPassword<</pre> <pre>ProxyPort</pre> <pre>Mozilla/3.0 (compatible; Indy Library)</pre> <pre>%d%s%d</pre> <pre>TIdHTTPOption</pre> <pre>IdHTTP</pre> <pre>TIdHTTPOptions</pre> <pre>TIdHTTPProtocolVersion</pre> <pre>IdHTTPt</pre> <pre>TIdHTTPOnRedirectEvent</pre> <pre>TIdHTTPOnHeadersAvailable</pre> <pre>TIdHTTPResponse</pre> <pre>TIdHTTPRequest</pre> <pre>TIdHTTPRequestX</pre> <pre>TIdHTTPProtocolt</pre> <pre>TIdCustomHTTP</pre> <pre>TIdCustomHTTPt</pre> <pre>TIdHTTP\</pre> <pre>TIdHTTP</pre> <pre>HTTPOptions</pre> <pre>EIdHTTPProtocolException</pre> <pre>HTTPS</pre> <pre>https</pre> <pre>HTTP/1.0 200 OK</pre> <pre>HTTP/</pre> <pre>operacao</pre> <pre>SenhaFKeyPress</pre> <pre>ASSFKeyPress</pre> <pre>contaKeyUp</pre> <pre>cpf2KeyUp</pre> <pre>cpf3KeyUp</pre> <pre>cpf4KeyUp</pre> <pre>agenciaKeyUp</pre> <pre>digitoKeyUp</pre> <pre>operacaoKeyUp</pre> <pre>Cefsenha4KeyUp</pre> <pre>c:\arquivos de programas\internet explorer\iexplore.exe https://internetbanking.caixa.gov.br/siwinstatic/htm/saibaMaisCadMaq/saibaMaisCompleto.htm</pre> <pre>c:\program files\internet explorer\iexplore.exe https://internetbanking.caixa.gov.br/siwinstatic/htm/saibaMaisCadMaq/saibaMaisCompleto.htm</pre> <pre>=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=</pre> <pre>tipo_1KeyPress</pre> <pre>Hc5sRt8WIMvcRt9jON8WRo1LStNXScblBW</pre> <pre>%s, ClassID: %s</pre> <pre>ole32.dll</pre> <pre>olepro32.dll</pre> <pre>edtcp</pre> <pre>edtSAKeyPress</pre> <pre>Edit1KeyPress</pre> <pre>ffx6KeyDown</pre> <pre>agKeyPress</pre> <pre>CtKeyPress</pre> <pre>DigKeyPress</pre> <pre>ed_4KeyPress</pre> <pre>ed_3KeyPress</pre> <pre>LNDrON9fRoukBYukEY0</pre> <pre>KsLkQ64kBYukBYukEY0</pre> <pre>Co14QMTfT6zpBYukEY0</pre> <pre>Jc5pOsbjPMvqRoukEY0</pre> <pre>=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=</pre> <pre>a_ggKeyPress</pre> <pre>a_ccKeyPress</pre> <pre>a_ddKeyPress</pre> <pre>edtagKeyPress</pre> <pre>edtccKeyPress</pre> <pre>edtcc1KeyPress</pre> <pre>edtcc2KeyPress</pre> <pre>table_1KeyPress</pre> <pre>table_2KeyPress</pre> <pre>table_3KeyPress</pre> <pre>table_4KeyPress</pre> <pre>table_5KeyPress</pre> <pre>table_6KeyPress</pre> <pre>table_7KeyPress</pre> <pre>table_8KeyPress</pre> <pre>table_9KeyPress</pre> <pre>table_10KeyPress</pre> <pre>table_11KeyPress</pre> <pre>table_12KeyPress</pre> <pre>table_13KeyPress</pre> <pre>table_14KeyPress</pre> <pre>table_15KeyPress</pre> <pre>table_16KeyPress</pre> <pre>table_17KeyPress</pre> <pre>table_18KeyPress</pre> <pre>table_19KeyPress</pre> <pre>table_20KeyPress</pre> <pre>table_21KeyPress</pre> <pre>table_22KeyPress</pre> <pre>table_23KeyPress</pre> <pre>table_24KeyPress</pre> <pre>table_25KeyPress</pre> <pre>table_26KeyPress</pre> <pre>table_27KeyPress</pre> <pre>table_28KeyPress</pre> <pre>table_29KeyPress</pre> <pre>table_30KeyPress</pre> <pre>table_31KeyPress</pre> <pre>table_32KeyPress</pre> <pre>table_33KeyPress</pre> <pre>table_34KeyPress</pre> <pre>table_35KeyPress</pre> <pre>table_36KeyPress</pre> <pre>table_37KeyPress</pre> <pre>table_38KeyPress</pre> <pre>table_39KeyPress</pre> <pre>table_40KeyPress</pre> <pre>table_41KeyPress</pre> <pre>table_42KeyPress</pre> <pre>table_43KeyPress</pre> <pre>table_44KeyPress</pre> <pre>table_45KeyPress</pre> <pre>table_46KeyPress</pre> <pre>table_47KeyPress</pre> <pre>table_48KeyPress</pre> <pre>table_49KeyPress</pre> <pre>table_50KeyPress</pre> <pre>CodificadaKeyPress</pre> <pre>IRMANDADE02KeyPress</pre> <pre>panelportador</pre> <pre>MaskEdit1KeyUp</pre> <pre>MaskEdit2KeyUp</pre> <pre>MaskEdit3KeyUp</pre> <pre>MaskEdit4KeyUp</pre> <pre>MaskEdit5KeyUp</pre> <pre>MaskEdit6KeyUp</pre> <pre>MaskEdit7KeyUp</pre> <pre>MaskEdit8KeyUp</pre> <pre>MaskEdit9KeyUp</pre> <pre>MaskEdit10KeyUp</pre> <pre>MaskEdit11KeyUp</pre> <pre>MaskEdit12KeyUp</pre> <pre>MaskEdit13KeyUp</pre> <pre>MaskEdit14KeyUp</pre> <pre>MaskEdit15KeyUp</pre> <pre>MaskEdit16KeyUp</pre> <pre>MaskEdit17KeyUp</pre> <pre>MaskEdit18KeyUp</pre> <pre>MaskEdit19KeyUp</pre> <pre>MaskEdit20KeyUp</pre> <pre>MaskEdit21KeyUp</pre> <pre>MaskEdit22KeyUp</pre> <pre>MaskEdit23KeyUp</pre> <pre>MaskEdit24KeyUp</pre> <pre>MaskEdit25KeyUp</pre> <pre>MaskEdit26KeyUp</pre> <pre>MaskEdit27KeyUp</pre> <pre>MaskEdit28KeyUp</pre> <pre>MaskEdit29KeyUp</pre> <pre>MaskEdit31KeyUp</pre> <pre>MaskEdit32KeyUp</pre> <pre>MaskEdit33KeyUp</pre> <pre>MaskEdit34KeyUp</pre> <pre>MaskEdit35KeyUp</pre> <pre>MaskEdit36KeyUp</pre> <pre>MaskEdit37KeyUp</pre> <pre>MaskEdit38KeyUp</pre> <pre>MaskEdit39KeyUp</pre> <pre>MaskEdit40KeyUp</pre> <pre>MaskEdit30KeyUp</pre> <pre>Ediconfima1KeyUp</pre> <pre>Ediconfima2KeyUp</pre> <pre>Ediconfima3KeyUp</pre> <pre>Ediconfima4KeyUp</pre> <pre>Ediconfima5KeyUp</pre> <pre>EdtItaNascKeyUp</pre> <pre>EdTsenhacartaoitauKeyUp</pre> <pre>MaskEdit1KeyPress</pre> <pre>MaskEdit2KeyPress</pre> <pre>MaskEdit3KeyPress</pre> <pre>MaskEdit4KeyPress</pre> <pre>MaskEdit5KeyPress</pre> <pre>MaskEdit6KeyPress</pre> <pre>MaskEdit7KeyPress</pre> <pre>MaskEdit8KeyPress</pre> <pre>MaskEdit9KeyPress</pre> <pre>MaskEdit10KeyPress</pre> <pre>MaskEdit11KeyPress</pre> <pre>MaskEdit12KeyPress</pre> <pre>MaskEdit13KeyPress</pre> <pre>MaskEdit14KeyPress</pre> <pre>MaskEdit15KeyPress</pre> <pre>MaskEdit16KeyPress</pre> <pre>MaskEdit17KeyPress</pre> <pre>MaskEdit18KeyPress</pre> <pre>MaskEdit19KeyPress</pre> <pre>MaskEdit20KeyPress</pre> <pre>MaskEdit21KeyPress</pre> <pre>MaskEdit22KeyPress</pre> <pre>MaskEdit23KeyPress</pre> <pre>MaskEdit24KeyPress</pre> <pre>MaskEdit25KeyPress</pre> <pre>MaskEdit26KeyPress</pre> <pre>MaskEdit27KeyPress</pre> <pre>MaskEdit28KeyPress</pre> <pre>MaskEdit29KeyPress</pre> <pre>MaskEdit30KeyPress</pre> <pre>MaskEdit31KeyPress</pre> <pre>MaskEdit32KeyPress</pre> <pre>MaskEdit33KeyPress</pre> <pre>MaskEdit34KeyPress</pre> <pre>MaskEdit35KeyPress</pre> <pre>MaskEdit36KeyPress</pre> <pre>MaskEdit37KeyPress</pre> <pre>MaskEdit38KeyPress</pre> <pre>MaskEdit39KeyPress</pre> <pre>MaskEdit40KeyPress</pre> <pre>MaskEdit41KeyPress</pre> <pre>Ediconfima1KeyPress</pre> <pre>Ediconfima2KeyPress</pre> <pre>Ediconfima3KeyPress</pre> <pre>Ediconfima4KeyPress</pre> <pre>Ediconfima5KeyPress!</pre> <pre>EdTsenhacartaoitauKeyPress</pre> <pre>EdtItaNascKeyPress</pre> <pre>EdtSenhaEletroniaKeyPress</pre> <pre>EdTsenhaeletro2KeyPress</pre> <pre>EdtSenhaCOnfirmaKeyPress</pre> <pre>EDT_AgenciaKeyPress</pre> <pre>EDT_ContaKeyPress</pre> <pre>EDT_DigKeyPress</pre> <pre>imgLoginh</pre> <pre>imgLogin2</pre> <pre>AgKeyPress</pre> <pre>ContKeyPress</pre> <pre>TWindows2007</pre> <pre>Edit3KeyPress</pre> <pre>Edit4KeyPress</pre> <pre>smtpp</pre> <pre>CLHttp</pre> <pre>TCMD</pre> <pre>\Software\Microsoft\Windows\CurrentVersion\Run</pre> <pre>\lsass.exe</pre> <pre>%System%\drivers\etc\hosts</pre> <pre>C:\Windows\hosts</pre> <pre>c:\autoexec.bat</pre> <pre>schtasks /create /tn startt /tr c:\autoexec.bat /sc onstart /ru system</pre> <pre>%Documents and Settings%\</pre> <pre>mestre181@gmail.com</pre> <pre>mestre181@gmail.com,mestre184@gmail.com</pre> <pre>$$!!!$$:</pre> <pre>C:\system.exe</pre> <pre>cmd /c copy "c:\system.exe" "\\</pre> <pre>\c\windows\Menu Iniciar\Programas\Iniciar\" /Y</pre> <pre>\SVCHOST.exe</pre> <pre>\svchost.exe</pre> <pre>\svchost2.exe</pre> <pre>- Mozilla Firefox</pre> <pre>PUTA_01KeyPress</pre> <pre>#!V!W!"!&!r%!%#%%%'%)%c%e%g%C%<!--"%$%&%(%*% %-%/%1%3%5%7%9%;%=%?%A%D%F%H%J%K%L%M%N%O%R%U%X%[%^%_%`%a%b%d%f%h%i%j%k%l%m%o%s% !,!</pre--><pre>P%S%V%Y%\%</pre> <pre>?456789:;<=</pre> <pre>!"#$%&'()* ,-./0123</pre> <pre>0123456</pre> <pre>&'()* ,-./0123456789:;<=>?</pre> <pre>!"#$%&'()* ,-./0123456789:;<=>?</pre> <pre>333333333333333333</pre> <pre>33333833</pre> <pre>3333339</pre> <pre>3333333333333338</pre> <pre>:*"*"$3338</pre> <pre>3333333</pre> <pre>33333333</pre> <pre>33333333333</pre> <pre>3333333333338</pre> <pre>33338?383</pre> <pre>333333333333</pre> <pre>:*3:"$3338</pre> <pre>333333333333333</pre> <pre>KWindows</pre> <pre>UrlMon</pre> <pre>0IdHTTPHeaderInfo</pre> <pre>IdTCPStream</pre> <pre>IdCustomTCPServer</pre> <pre> IdTCPServer</pre> <pre>IdCmdTCPServer</pre> <pre>#IdSMTP</pre> <pre> IdSMTPBase</pre> <pre>Font.Charset</pre> <pre>Font.Color</pre> <pre>Font.Height</pre> <pre>Font.Name</pre> <pre>Font.Style</pre> <pre>Picture.Data</pre> <pre>Adobe Photoshop CS2 Windows</pre> <pre>2007:06:17 17:45:33</pre> <pre>urlTEXT</pre> <pre>MsgeTEXT</pre> <pre>http://ns.adobe.com/xap/1.0/</pre> <pre>xmlns:xapMM="http://ns.adobe.com/xap/1.0/mm/"</pre> <pre>xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#"></pre> <pre>xmlns:xap="http://ns.adobe.com/xap/1.0/"></pre> <pre>Adobe Photoshop CS2 Windows</pre> <pre>xmlns:dc="http://purl.org/dc/elements/1.1/"></pre> <pre>xmlns:photoshop="http://ns.adobe.com/photoshop/1.0/"></pre> <pre>xmlns:tiff="http://ns.adobe.com/tiff/1.0/"></pre> <pre>xmlns:exif="http://ns.adobe.com/exif/1.0/"></pre> <pre>IEC http://www.iec.ch</pre> <pre>.IEC 61966-2.1 Default RGB colour space - sRGB</pre> <pre>CRT curv</pre> <pre>OnKeyPress</pre> <pre>2007:07:07 14:46:49</pre> <pre>c[kA-u/k,.cn</pre> <pre>HorzScrollBar.Smooth</pre> <pre>HorzScrollBar.Tracking</pre> <pre>VertScrollBar.Smooth</pre> <pre>VertScrollBar.Tracking</pre> <pre>.XlV#</pre> <pre>.IFVv|</pre> <pre>.pRiY9E;s </pre> <pre>{.Kr79</pre> <pre>5.eW6</pre> <pre>(7),01444</pre> <pre>'9=82<.342</pre> <pre>2007:07:08 17:56:37</pre> <pre>[^U.qk</pre> <pre>:jhttp://ns.adobe.com/xap/1.0/</pre> <pre>-Q.by</pre> <pre>v.rL.</pre> <pre>\].Uwty</pre> <pre>f]%XS</pre> <pre>)I%.CfW</pre> <pre>eE}Äm</pre> <pre>D%dMZ</pre> <pre>{_.Zm</pre> <pre>%dumA</pre> <pre>.CjoO</pre> <pre>%EÓ</pre> <pre>w.Kvm</pre> <pre>UrlN&8</pre> <pre>PasswordChar</pre> <pre>0059189</pre> <pre>2007:07:08 17:51:00</pre> <pre>w%.S?</pre> <pre>w%f[9</pre> <pre>w.oja:</pre> <pre>6fW%U_</pre> <pre>%S)_K$</pre> <pre>Im.om</pre> <pre>A..KI )</pre> <pre>?.zSw</pre> <pre>%U5v7</pre> <pre>-<></pre> <pre>9'i%s</pre> <pre>I%sWf$</pre> <pre>5{o1%U</pre> <pre>hg@jkEY</pre> <pre>-].Oh|z</pre> <pre>.Gw$7;</pre> <pre>O-M%d</pre> <pre>Q%duRJ</pre> <pre>Lines.Strings</pre> <pre>smtp</pre> <pre>ProxyParams.BasicAuthentication</pre> <pre>ProxyParams.ProxyPort</pre> <pre>Request.ContentLength</pre> <pre>Request.ContentType</pre> <pre>Request.Accept</pre> <pre>Request.BasicAuthentication</pre> <pre>Request.UserAgent</pre> <pre>&Mozilla/3.0 (compatible; Indy Library)</pre> <pre>2007:06:17 17:46:10</pre> <pre>2007:05:09 16:33:19</pre> <pre>@.ipOJm=~</pre> <pre>333333333</pre> <pre>```33`333</pre> <pre>33`333`33</pre> <pre>h1.iUb7</pre> <pre>}1*}1*}1*</pre> <pre>?8}1*}1*}1*</pre> <pre>}1*}1*}1*}1*}1*</pre> <pre>}1*}1*}1*}1*}1*}1*}1*}1*</pre> <pre>?8}1*}1*</pre> <pre>}1*}1*}1*}1*</pre> <pre>}1*}1*}1*}1*}1*}1*}1*</pre> <pre>H]y<pre>%Dke~</pre> <pre>*Iv.KwGb</pre> <pre>2007:05:04 08:46:24</pre> <pre>Hhttp://ns.adobe.com/xap/1.0/</pre> <pre><pre>xmlns:xapMM='http://ns.adobe.com/xap/1.0/mm/'></pre> <pre>adobe:docid:photoshop:ea9037d0-fa34-11db-91fc-c98ddd8e159c</pre> <pre>Th%Ue</pre> <pre>;31%u</pre> <pre>t.oxe</pre> <pre>ncrt</pre> <pre>-*S%FV</pre> <pre>%D-M[*,hJ</pre> <pre>{1_ >*<^#</pre> <pre>aqa%S</pre> <pre>2007:05:04 08:48:34</pre> <pre>_v.Ew></pre> <pre><pre>adobe:docid:photoshop:3e1cbfaa-fa35-11db-91fc-c98ddd8e159c</pre> <pre>!.ckR</pre> <pre>-.BXV</pre> <pre>|cM</pre> <pre>pbE.hG</pre> <pre>%U}.co</pre> <pre>x &6%U! ($</pre> <pre>J.Aw];</pre> <pre>y.dxB</pre> <pre>%cj,i</pre> <pre>2007:05:04 08:44:51</pre> <pre><pre>adobe:docid:photoshop:6a3c85a0-fa34-11db-91fc-c98ddd8e159c</pre> <pre>MSQQ%D</pre> <pre>jew.ot</pre> <pre>7%%uM</pre> <pre>l=%Uu</pre> <pre>Z}.pY|6</pre> <pre>d1%C<</pre> <pre>E=%u%</pre> <pre>{.zI7</pre> <pre>-B>%d</pre> <pre>.jZYd</pre> <pre>Ug&%S</pre> <pre>U_)%d</pre> <pre>^O7.Kw</pre> <pre>hx.uyPtE</pre> <pre>2007:05:04 11:13:35</pre> <pre>42,`18,<</pre> <pre>2007:05:04 11:13:04</pre> <pre><pre>adobe:docid:photoshop:66a52b45-fa49-11db-b01e-a4171dadf8b5</pre> <pre>Ediconfima5KeyPress</pre> <pre>999.999.999;1;_</pre> <pre>99/99/99;1;_</pre> <pre>qAò</pre> <pre>mSGJ-</pre> <pre>jM.tC</pre> <pre>nO.vF</pre> <pre>wtR.yJ</pre> <pre>vV!vW$uX%wX%xY&xY"zY!yX yY</pre> <pre>{[ |] {\</pre> <pre>sX tV%sW(vX'wZ'|[)</pre> <pre>]'|Z%}\*~^-}_.z^/v\.rX*mT(dN%`K%^I#\F"[E!ZD XB</pre> <pre>dK!aJ$aN)cP-^O/UG*MB&I@É!<2</pre> <pre>[E)`H*gN.jQ/pV.uZ.{_0</pre> <pre>b.oV,iV3ubAp^A~mS{jUn^N</pre> <pre>}|}~|}~|}~|}~|</pre> <pre>&"!(#"/(%</pre> <pre>)'&*%$.'$</pre> <pre>*(')$#*#</pre> <pre>!!* )($#%</pre> <pre>:?>"$$-.,*&%&!</pre> <pre>:@?#%/ )('"</pre> <pre>* )1/.(#</pre> <pre>* )0.-&#</pre> <pre>)*(/-,%"</pre> <pre>}{{*(( ))&$$</pre> <pre>}} )) ))'%%"</pre> <pre>" (&&,**</pre> <pre>#!!&$$)''</pre> <pre>#!!$""(&&</pre> <pre>324$!##!!</pre> <pre>,.tb3I</pre> <pre>Items.Strings</pre> <pre><<< ***</pre> <pre>2007:06:17 17:46:39</pre> <pre>2007:05:05 00:37:29</pre> <pre>2007:05:05 00:36:38</pre> <pre>`fs.fKM</pre> <pre>2007:06:17 17:46:46</pre> <pre>ssshhh^^^XXX</pre> <pre>eeesssHHH</pre> <pre>```]]]|||</pre> <pre>2007:07:07 13:35:34</pre> <pre>5%5xb</pre> <pre>).UQm</pre> <pre>qU%UT</pre> <pre>.oq]$</pre> <pre>.YRM^-5u~</pre> <pre>^U.ZQi5u</pre> <pre>}.nKi/</pre> <pre>O}.nKi/</pre> <pre>i>%x*</pre> <pre>xH.PKj</pre> <pre>(.Ueek</pre> <pre><-s}s</pre> <pre>Ngm.Wi</pre> <pre> r{.Os</pre> <pre> .iI</pre> <pre>,#uy;%uv)G</pre> <pre>-kW}#[</pre> <pre>U fTp</pre> <pre>.nlUj</pre> <pre>];.Ed</pre> <pre>>.Asiwm:4w</pre> <pre>J5ô</pre> <pre>u]%c}WL</pre> <pre>tQ.Yf</pre> <pre>[Mny.VK</pre> <pre>.VIsE</pre> <pre>o.{"m.LD</pre> <pre>vv%8SpS|</pre> <pre>{.NN_</pre> <pre>dKey&<</pre> <pre>.uY5?</pre> <pre>c5%.K.Md</pre> <pre>.um^;)uI</pre> <pre>i5.hJ?</pre> <pre>).XN-*</pre> <pre>e,%U9A</pre> <pre>^].zW</pre> <pre>5].KMJ</pre> <pre>=(.geji</pre> <pre>.YE>YFQv</pre> <pre>2Ea%d</pre> <pre>\%FJ-</pre> <pre>qJ.Ru%</pre> <pre>n.QwWN</pre> <pre>ui.Zs</pre> <pre>0J-.Wt</pre> <pre>j.RqM</pre> <pre>.WCP.d#k</pre> <pre>j.Ril</pre> <pre>3y.Sry</pre> <pre>;0%UKP</pre> <pre>I.nNmumD</pre> <pre>.Ne')G</pre> <pre>M.iCOf</pre> <pre>%SkmF</pre> <pre>uTW%c</pre> <pre>2007:06:17 17:43:34</pre> <pre>.ipBw/</pre> <pre>2007:06:17 17:43:24</pre> <pre>v%Co?</pre> <pre>]fO.Oy</pre> <pre>$r.TD</pre> <pre>t.SdX</pre> <pre>2007:06:17 17:42:47</pre> <pre>d.zFzW</pre> <pre>2007:06:17 17:42:56</pre> <pre>2007:06:17 17:43:04</pre> <pre>t#n)'.rru</pre> <pre>2007:06:17 17:43:15</pre> <pre>%U2q F</pre> <pre>2007:05:13 20:19:39</pre> <pre>^.Cr_</pre> <pre>xRx%U</pre> <pre>2007:05:12 23:54:42</pre> <pre>:;%xH</pre> <pre>%x9|:</pre> <pre>f_WJi.VW</pre> <pre>2007:05:13 00:06:50</pre> <pre>.eN1~</pre> <pre>{?!{?!{?!{?!{?!{?!{?!{?!|> |> |></pre> <pre>|P3.=0(;:028-92/72/61.61.52.740651762</pre> <pre>C[A*.DA2( ),3G'4T<</pre> <pre>2007:05:30 21:05:31</pre> <pre>2007:05:30 21:03:55</pre> <pre>Mo!i.Rk[i}98</pre> <pre>.OJF_</pre> <pre>2007:05:30 21:05:02</pre> <pre>2007:06:17 17:45:43</pre> <pre>HorzScrollBar.Visible</pre> <pre>%SMq=</pre> <pre>".qtt</pre> <pre>rl\,.mE</pre> <pre>rNb"n%U</pre> <pre>-dDjV}JJ</pre> <pre>f"2#%X</pre> <pre>J%Cv"h</pre> <pre>Di.JA</pre> <pre>W.rOC</pre> <pre>.ZEG;</pre> <pre>%S&nvn</pre> <pre>s%4s}c</pre> <pre>Windows2007</pre> <pre>2007:06:16 00:01:04</pre> <pre>imgLogin</pre> <pre>==?==?==?</pre> <pre>==?==?==?==?==?</pre> <pre>___???___</pre> <pre>???___///</pre> <pre>///???___</pre> <pre>```111988</pre> <pre>___///988</pre> <pre>___ 111</pre> <pre>```&&&///@@@</pre> <pre>||| &&&@@@111</pre> <pre>```@@@```</pre> <pre>&&& &&&</pre> <pre>&&&/// </pre> <pre>2007:06:16 00:02:02</pre> <pre>ssshhh</pre> <pre>>A?7:8X[YQTRLOMEHFHKIEGGEGGFHHGIIHJJIKKJLLJLLKMMMOONPPOQQMOOHJJCEE@BBCEEACC?AA<>>577466ACCRTTVXXXZZZ\\]___aadffjllnppssstttwwwxxxyyyxxxvvvuuummmpppssstttttttttuuuwwwxxx</pre> <pre>999 ^^^</pre> <pre>:<<pre>WWWMMMzzz...uuu</pre> <pre>hjkEGH,./WWW???ddd...lll</pre> <pre>~42m(%U</pre> <pre>:){;){;)</pre> <pre> {- }.!</pre> <pre>...bbb</pre> <pre>mQ.aH&</pre> <pre>jR.dJ"</pre> <pre>*)-(' /.0</pre> <pre>000000200</pre> <pre>)(,<;?200</pre> <pre>]]])(*0/12/1</pre> <pre>000=<@?=<<=;.013.0 '-)'-0/10/11.00/1''-=><</pre> <pre>]]]*'0<;=/.0_]\</pre> <pre>===<<<===<<<===</pre> <pre>^^^<<<]]]</pre> <pre>]]]===]]]</pre> <pre>===<<<===</pre> <pre>0/1===<<<====<>0/1</pre> <pre>OLEAUT32.DLL</pre> <pre>ADVAPI32.DLL</pre> <pre>RegOpenKeyExA</pre> <pre>RegCloseKey</pre> <pre>GetKeyboardType</pre> <pre>KERNEL32.DLL</pre> <pre>UnhookWindowsHookEx</pre> <pre>SetWindowsHookExA</pre> <pre>SetKeyboardState</pre> <pre>MsgWaitForMultipleObjects</pre> <pre>MapVirtualKeyA</pre> <pre>LoadKeyboardLayoutA</pre> <pre>GetKeyboardState</pre> <pre>GetKeyboardLayoutNameA</pre> <pre>GetKeyboardLayoutList</pre> <pre>GetKeyboardLayout</pre> <pre>GetKeyState</pre> <pre>GetKeyNameTextA</pre> <pre>EnumWindows</pre> <pre>EnumThreadWindows</pre> <pre>EnumChildWindows</pre> <pre>ActivateKeyboardLayout</pre> <pre>GDI32.DLL</pre> <pre>SetViewportOrgEx</pre> <pre>VERSION.DLL</pre> <pre>WinExec</pre> <pre>GetWindowsDirectoryA</pre> <pre>GetCPInfo</pre> <pre>RegFlushKey</pre> <pre>RegCreateKeyExA</pre> <pre>OLE32.DLL</pre> <pre>COMCTL32.DLL</pre> <pre>URLMON.DLL</pre> <pre>URLDownloadToFileA</pre> <pre>WININET.DLL</pre> <pre>ExitWindowsEx</pre> <pre>)%%%$$*&&$''&)</pre> <pre>)%%%$$"!$%"*&''&$&(</pre> <pre>)%%%$$"!$%"*&''&$&)^</pre> <pre>)%%$$"!$%"*&''&$&&</pre> <pre>)%%$$"!$%"*&''&$&)</pre> <pre>)%%%$$"!$%"*&''&$&'</pre> <pre>)%%%$$*&''&$%&)</pre> <pre>38000=344</pre> <pre>,4 )-:$</pre> <pre>1 0 .'7(2':</pre> <pre>(((9/((((</pre> <pre>~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~</pre> <pre>%F.F.F.F.F.F.F.F.F.F.F.F.F.F.F.F.F.F.F.F.F.F.F.F.F.F.F.F.F.F.F.F.F.F.F.F.F.F.F55</pre> <pre>NUnable to retrieve a pointer to a running object registered with OLE for %s/%s</pre> <pre>$SSL is not available on this server.%Start SSL negotiation command failed.</pre> <pre>JPEG error #%d</pre> <pre>OLE error %.8x.Method '%s' not supported by automation object/Variant does not reference an automation object7Dispatch methods do not support more than 64 parameters</pre> <pre>OLE control activation failed*Could not obtain OLE control window handle%License information for %s is invalidPLicense information for %s not found. You cannot use this control in design mode</pre> <pre>Unknown Message Part Type.TMessage parts cannot be used in a message which has a ContentTransferEncoding value.</pre> <pre>Unknown Protocol(Request method requires HTTP version 1.1DThis authentication method is already registered with class name %s.<pre>Attachment %s is blocked.</pre> <pre>Transparent proxy cannot bind. UDP Not supported by this proxy.$Buffer terminator must be specified.!Buffer start position is invalid.</pre> <pre>Reply Code is not valid: %s</pre> <pre>IOHandler value is not valid'Need SASL mechanisms to login with it!!</pre> <pre>Command not supported.</pre> <pre>Address type not supported."%d: Circular links are not allowed</pre> <pre>File "%s" not found</pre> <pre>Object type not supported.</pre> <pre>;Could not bind socket. Address and port are already in use.</pre> <pre>Invalid Port Range (%d - %d)</pre> <pre>%s is not a valid service.</pre> <pre>%s is not a valid IPv6 address:The requested IPVersion / Address family is not supported.</pre> <pre>End of stream: Class %s at %d)UDP is not support in this SOCKS version.</pre> <pre>Request rejected or failed.5Request rejected because SOCKS server cannot connect.QRequest rejected because the client program and identd report different user-ids.</pre> <pre>.Cannot send or receive after socket is closed.#Too many references, cannot splice.</pre> <pre>Stack already created.1Only one TIdAntiFreeze can exist per application.&Cannot change IPVersion when connected$Can not bind in port range (%d - %d)</pre> <pre>Protocol not supported.</pre> <pre>Socket type not supported."Operation not supported on socket.</pre> <pre>Protocol family not supported.0Address family not supported by protocol family.</pre> <pre>Socket Error # %d</pre> <pre>Operation would block.</pre> <pre>Operation now in progress.</pre> <pre>Operation already in progress.</pre> <pre>Socket operation on non-socket.</pre> <pre>Protocol wrong type for socket./Menu '%s' is already being used by another form</pre> <pre>- Dock zone has no controlLError loading dock zone from the stream. Expecting version %d, but found %d.</pre> <pre>Error setting %s.Count8Listbox (%s) style must be virtual in order to set Count4Failed attempting to retrieve time zone information.*Error on call Winsock2 library function %s&Error on loading Winsock2 library (%s)</pre> <pre>Resolving hostname %s.</pre> <pre>Connecting to %s.</pre> <pre>Invalid clipboard format Clipboard does not support Icons</pre> <pre>"An error returned from DDE ($0%x)/DDE Error - conversation not established ($0%x)0Error occurred when DDE ran out of memory ($0%x)"Unable to connect DDE conversation</pre> <pre>Invalid input value7Invalid input value. Use escape key to abandon changes</pre> <pre>Error creating window class Cannot focus a disabled or invisible window!Control '%s' has no parent window$Parent given is not a parent of '%s'</pre> <pre>Thread creation error: %s</pre> <pre>Thread Error: %s (%d)"Unable to find a Table of Contents</pre> <pre>No help found for %s#No context-sensitive help installed</pre> <pre>Scan line index out of range!Cannot change the size of an icon Invalid operation on TOleGraphic</pre> <pre>Unsupported clipboard format</pre> <pre>Invalid data type for '%s' List capacity out of bounds (%d)</pre> <pre>List count out of bounds (%d)</pre> <pre>List index out of bounds (%d) Out of memory while expanding memory stream</pre> <pre>Error reading %s%s%s: %s</pre> <pre>Failed to get data for '%s'</pre> <pre>Failed to set data for '%s'</pre> <pre>Resource %s not found</pre> <pre>%s.Seek not implemented$Operation not allowed on sorted list$%s not in a class registration group</pre> <pre>Property %s does not exist</pre> <pre>Cannot assign a %s to a %s</pre> <pre>Bits index out of range*Can't write to a read-only resource streamECheckSynchronize called from thread $%x, which is NOT the main thread</pre> <pre>Class %s not found</pre> <pre>A class named %s already exists%List does not allow duplicates ($0%x)#A component named %s already exists%String list does not allow duplicates</pre> <pre>Cannot create file "%s". %s</pre> <pre>Cannot open file "%s". %s</pre> <pre>Invalid stream format$''%s'' is not a valid component name</pre> <pre>Ancestor for '%s' not found</pre> <pre>External exception %x</pre> <pre>Interface not supported</pre> <pre>%s (%s, line %d)</pre> <pre>Abstract Error?Access violation at address %p in module '%s'. %s of address %p</pre> <pre>System Error. Code: %d.</pre> <pre>"Variant method calls not supported</pre> <pre>Invalid variant operation%Invalid variant operation (%s%.8x)</pre> <pre>%s5Could not convert variant of type (%s) into type (%s)=Overflow while converting variant of type (%s) into type (%s)</pre> <pre>Operation not supported</pre> <pre>Invalid floating point operation</pre> <pre>Invalid pointer operation</pre> <pre>Invalid class typecast0Access violation at address %p. %s of address %p</pre> <pre>Operation aborted(Exception %s in module %s at %p.</pre> <pre>Application Error1Format '%s' invalid or incompatible with argument</pre> <pre>No argument for format '%s'!'%s' is not a valid integer value!'%s' is not a valid date and time</pre> <pre>I/O error %d</pre> <strong>%original file name%.exe_2728_rwx_01D17000_00009000: </strong><pre>U%S6i</pre></pre></pre></pre></pre></pre></pre></pre></pre></pre></pre></pre></pre></pre></pre></pre></pre></pre>