MD5: f2979d6ae1f3a95ee89c031c6dabd621
SHA1: 3ce968f4ced299a417a44048842cea4f72319899
SHA256: 86eb3eddde3ce930811249b34d03d3f8644b2e2f6eb37a1152fb2c635a98a04d
SSDeep: 98304:SZP7U23/HTB1G09HkPWhO0IG09HkPWhO042:OU2PHT9JkPCO0UJkPCO0n
Size: 5388664 bytes
File type: EXE
Platform: WIN32
Entropy: Packed
PEID: ACProtect141, UPolyXv05_v6, MicrosoftWindowsShortcutfile
Company: no certificate found
Created at: 1992-06-20 01:22:17
Analyzed on: Windows7 SP1 32-bit

Summary:

Trojan. A program that appears to do one thing but actually does another (a.k.a. Trojan Horse).

Payload

Process activity

The Trojan creates the following process(es):
No processes have been created.
The Trojan injects its code into the following process(es):

%original file name%.exe:2748

Mutexes

The following mutexes were created/opened:
No objects were found.

File activity

The process %original file name%.exe:2748 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

C:\ProgramData\handyCafe\Client\dump.log (56 bytes)
C:\ProgramData\handyCafe\Client\data\sets.ini (115 bytes)
C:\Language\lng.ini (23 bytes)
C:\ProgramData\handyCafe\Client\win-uk0ffoo83i6_list.dat (13511 bytes)
C:\ProgramData\handyCafe\Client\data\data.dat (208 bytes)

The Trojan deletes the following file(s):

C:\ProgramData\handyCafe\Client\win-uk0ffoo83i6_list.dat (0 bytes)

Registry activity

The process %original file name%.exe:2748 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"AutoDetect" = "1"

[HKLM\SOFTWARE\Microsoft\Tracing\f2979d6ae1f3a95ee89c031c6dabd621_RASMANCS]
"MaxFileSize" = "1048576"

[HKLM\SOFTWARE\Microsoft\Tracing\f2979d6ae1f3a95ee89c031c6dabd621_RASAPI32]
"FileTracingMask" = "4294901760"

[HKLM\SOFTWARE\HandyCafe\Client]
"Path" = "c:\%original file name%.exe"

[HKLM\SOFTWARE\Microsoft\Tracing\f2979d6ae1f3a95ee89c031c6dabd621_RASAPI32]
"EnableFileTracing" = "0"
"EnableConsoleTracing" = "0"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "0"

[HKLM\SOFTWARE\Microsoft\Tracing\f2979d6ae1f3a95ee89c031c6dabd621_RASAPI32]
"MaxFileSize" = "1048576"

[HKCU\Software\HandyCafe\Client\Settings]
"_clnorm" = "0"

[HKLM\SOFTWARE\Microsoft\Tracing\f2979d6ae1f3a95ee89c031c6dabd621_RASMANCS]
"FileDirectory" = "%windir%\tracing"

[HKCU\Software\Microsoft\Internet Explorer\TabbedBrowsing]
"WarnOnCloseAdvanced" = "0"

[HKLM\SOFTWARE\Microsoft\Tracing\f2979d6ae1f3a95ee89c031c6dabd621_RASAPI32]
"ConsoleTracingMask" = "4294901760"

[HKLM\SOFTWARE\Microsoft\Tracing\f2979d6ae1f3a95ee89c031c6dabd621_RASMANCS]
"FileTracingMask" = "4294901760"

[HKCU\Software\HandyCafe\Client]
"Version" = "3.4.14"
"Path" = "c:\%original file name%.exe"

[HKCU\Software\Microsoft\Internet Explorer\TabbedBrowsing]
"OpenAllHomePages" = "0"

[HKLM\SOFTWARE\Microsoft\Tracing\f2979d6ae1f3a95ee89c031c6dabd621_RASMANCS]
"ConsoleTracingMask" = "4294901760"

[HKCU\Software\Microsoft\Internet Explorer\TabbedBrowsing]
"NewTabPageShow" = "1"

[HKLM\SOFTWARE\Microsoft\Tracing\f2979d6ae1f3a95ee89c031c6dabd621_RASMANCS]
"EnableConsoleTracing" = "0"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "46 00 00 00 3C 00 00 00 09 00 00 00 00 00 00 00"

[HKCU\Software\Microsoft\Internet Explorer\TabbedBrowsing]
"WarnOnClose" = "0"

[HKLM\SOFTWARE\Microsoft\Tracing\f2979d6ae1f3a95ee89c031c6dabd621_RASMANCS]
"EnableFileTracing" = "0"

[HKLM\SOFTWARE\Microsoft\Tracing\f2979d6ae1f3a95ee89c031c6dabd621_RASAPI32]
"FileDirectory" = "%windir%\tracing"

[HKLM\SOFTWARE\HandyCafe\Client]
"Version" = "3.4.14"

To automatically run itself each time Windows is booted, the Trojan adds the following link to its file to the system registry autorun key:

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hndclient" = "c:\%original file name%.exe"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

Task Manager is disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableTaskMgr" = "1"

The Trojan deletes the following value(s) in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyOverride"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyServer"
"AutoConfigURL"

Dropped PE files

There are no dropped PE files.

HOSTS file anomalies

No changes have been detected.

Rootkit activity

No anomalies have been detected.

Propagation

VersionInfo

Company Name: Mobilecomp.net
Product Name: HandyCafe Client
Product Version: 3.5.14
Legal Copyright: Novzkie21
Legal Trademarks: Novzkie21
Original Filename: hndclient.exe
Internal Name: HandyClient
File Version: 3.4.1.4
File Description: HandyCafe Client
Comments:
Language: Language Neutral

PE Sections

Dropped from:

Downloaded by:

Similar by SSDeep:

Similar by Lavasoft Polymorphic Checker:

URLs

URL	IP
hxxp://ad.handycafe.com/se/adx.php	139.162.195.159

IDS verdicts (Suricata alerts: Emerging Threats ET ruleset)

ET POLICY Http Client Body contains pass= in cleartext

Traffic

POST /se/adx.php HTTP/1.1

Pragma: no-cache

Cache-Control: no-cache

User-Agent: AtWebPost

Host: ad.handycafe.com

Content-Length: 427

Connection: Keep-Alive

lang=EN&op=get_banner&RndID=375837&Mac=00-50-56-3C-AC-71&Version=3.4.14&LocalIp=192.168.11.134&ProductKey=&ClientID=14827-51792-93377-69728-69364&Serial=&Clients=0&ServerMac=&Screen=1276x846&LngID=1033&LngName=en-US&LngCountry=United States&LngLang=ENU&Lng1=en&Lng2=us&MenuHeight=0&DefBrowser="C:Program FilesGoogleChromeApplicationchrome.exe" -- "%1"&iType=0&Adtry=8&hpass=hcafe&rand_id=80133-375837
HTTP/1.1 404

Server: nginx/1.10.2

Date: Sat, 30 Sep 2017 04:49:25 GMT

Content-Type: text/html

Transfer-Encoding: chunked

Connection: close

Vary: Accept-Encoding

X-Powered-By: PHP/5.4.16
0..

POST /se/adx.php HTTP/1.1

Pragma: no-cache

Cache-Control: no-cache

User-Agent: AtWebPost

Host: ad.handycafe.com

Content-Length: 427

Connection: Keep-Alive

lang=EN&op=get_banner&RndID=360487&Mac=00-50-56-3C-AC-71&Version=3.4.14&LocalIp=192.168.11.134&ProductKey=&ClientID=14827-51792-93377-69728-69364&Serial=&Clients=0&ServerMac=&Screen=1276x846&LngID=1033&LngName=en-US&LngCountry=United States&LngLang=ENU&Lng1=en&Lng2=us&MenuHeight=0&DefBrowser="C:Program FilesGoogleChromeApplicationchrome.exe" -- "%1"&iType=0&Adtry=5&hpass=hcafe&rand_id=70010-360487
HTTP/1.1 404

Server: nginx/1.10.2

Date: Sat, 30 Sep 2017 04:49:10 GMT

Content-Type: text/html

Transfer-Encoding: chunked

Connection: close

Vary: Accept-Encoding

X-Powered-By: PHP/5.4.16
0..

POST /se/adx.php HTTP/1.1

Pragma: no-cache

Cache-Control: no-cache

User-Agent: AtWebPost

Host: ad.handycafe.com

Content-Length: 427

Connection: Keep-Alive

lang=EN&op=get_banner&RndID=339894&Mac=00-50-56-3C-AC-71&Version=3.4.14&LocalIp=192.168.11.134&ProductKey=&ClientID=14827-51792-93377-69728-69364&Serial=&Clients=0&ServerMac=&Screen=1276x846&LngID=1033&LngName=en-US&LngCountry=United States&LngLang=ENU&Lng1=en&Lng2=us&MenuHeight=0&DefBrowser="C:Program FilesGoogleChromeApplicationchrome.exe" -- "%1"&iType=0&Adtry=1&hpass=hcafe&rand_id=41367-339894
HTTP/1.1 404

Server: nginx/1.10.2

Date: Sat, 30 Sep 2017 04:48:49 GMT

Content-Type: text/html

Transfer-Encoding: chunked

Connection: close

Vary: Accept-Encoding

X-Powered-By: PHP/5.4.16
0..

POST /se/adx.php HTTP/1.1

Pragma: no-cache

Cache-Control: no-cache

User-Agent: AtWebPost

Host: ad.handycafe.com

Content-Length: 427

Connection: Keep-Alive

lang=EN&op=get_banner&RndID=370720&Mac=00-50-56-3C-AC-71&Version=3.4.14&LocalIp=192.168.11.134&ProductKey=&ClientID=14827-51792-93377-69728-69364&Serial=&Clients=0&ServerMac=&Screen=1276x846&LngID=1033&LngName=en-US&LngCountry=United States&LngLang=ENU&Lng1=en&Lng2=us&MenuHeight=0&DefBrowser="C:Program FilesGoogleChromeApplicationchrome.exe" -- "%1"&iType=0&Adtry=7&hpass=hcafe&rand_id=99865-370720
HTTP/1.1 404

Server: nginx/1.10.2

Date: Sat, 30 Sep 2017 04:49:20 GMT

Content-Type: text/html

Transfer-Encoding: chunked

Connection: close

Vary: Accept-Encoding

X-Powered-By: PHP/5.4.16
0..

POST /se/adx.php HTTP/1.1

Pragma: no-cache

Cache-Control: no-cache

User-Agent: AtWebPost

Host: ad.handycafe.com

Content-Length: 427

Connection: Keep-Alive

lang=EN&op=get_banner&RndID=365603&Mac=00-50-56-3C-AC-71&Version=3.4.14&LocalIp=192.168.11.134&ProductKey=&ClientID=14827-51792-93377-69728-69364&Serial=&Clients=0&ServerMac=&Screen=1276x846&LngID=1033&LngName=en-US&LngCountry=United States&LngLang=ENU&Lng1=en&Lng2=us&MenuHeight=0&DefBrowser="C:Program FilesGoogleChromeApplicationchrome.exe" -- "%1"&iType=0&Adtry=6&hpass=hcafe&rand_id=83242-365603
HTTP/1.1 404

Server: nginx/1.10.2

Date: Sat, 30 Sep 2017 04:49:15 GMT

Content-Type: text/html

Transfer-Encoding: chunked

Connection: close

Vary: Accept-Encoding

X-Powered-By: PHP/5.4.16
0..

POST /se/adx.php HTTP/1.1

Pragma: no-cache

Cache-Control: no-cache

User-Agent: AtWebPost

Host: ad.handycafe.com

Content-Length: 428

Connection: Keep-Alive

lang=EN&op=get_banner&RndID=386071&Mac=00-50-56-3C-AC-71&Version=3.4.14&LocalIp=192.168.11.134&ProductKey=&ClientID=14827-51792-93377-69728-69364&Serial=&Clients=0&ServerMac=&Screen=1276x846&LngID=1033&LngName=en-US&LngCountry=United States&LngLang=ENU&Lng1=en&Lng2=us&MenuHeight=0&DefBrowser="C:Program FilesGoogleChromeApplicationchrome.exe" -- "%1"&iType=0&Adtry=10&hpass=hcafe&rand_id=44568-386071
HTTP/1.1 404

Server: nginx/1.10.2

Date: Sat, 30 Sep 2017 04:49:35 GMT

Content-Type: text/html

Transfer-Encoding: chunked

Connection: close

Vary: Accept-Encoding

X-Powered-By: PHP/5.4.16
0..

POST /se/adx.php HTTP/1.1

Pragma: no-cache

Cache-Control: no-cache

User-Agent: AtWebPost

Host: ad.handycafe.com

Content-Length: 427

Connection: Keep-Alive

lang=EN&op=get_banner&RndID=380954&Mac=00-50-56-3C-AC-71&Version=3.4.14&LocalIp=192.168.11.134&ProductKey=&ClientID=14827-51792-93377-69728-69364&Serial=&Clients=0&ServerMac=&Screen=1276x846&LngID=1033&LngName=en-US&LngCountry=United States&LngLang=ENU&Lng1=en&Lng2=us&MenuHeight=0&DefBrowser="C:Program FilesGoogleChromeApplicationchrome.exe" -- "%1"&iType=0&Adtry=9&hpass=hcafe&rand_id=16492-380954
HTTP/1.1 404

Server: nginx/1.10.2

Date: Sat, 30 Sep 2017 04:49:30 GMT

Content-Type: text/html

Transfer-Encoding: chunked

Connection: close

Vary: Accept-Encoding

X-Powered-By: PHP/5.4.16
0..

POST /se/adx.php HTTP/1.1

Pragma: no-cache

Cache-Control: no-cache

User-Agent: AtWebPost

Host: ad.handycafe.com

Content-Length: 427

Connection: Keep-Alive

lang=EN&op=get_banner&RndID=345136&Mac=00-50-56-3C-AC-71&Version=3.4.14&LocalIp=192.168.11.134&ProductKey=&ClientID=14827-51792-93377-69728-69364&Serial=&Clients=0&ServerMac=&Screen=1276x846&LngID=1033&LngName=en-US&LngCountry=United States&LngLang=ENU&Lng1=en&Lng2=us&MenuHeight=0&DefBrowser="C:Program FilesGoogleChromeApplicationchrome.exe" -- "%1"&iType=0&Adtry=2&hpass=hcafe&rand_id=93160-345136
HTTP/1.1 404

Server: nginx/1.10.2

Date: Sat, 30 Sep 2017 04:48:55 GMT

Content-Type: text/html

Transfer-Encoding: chunked

Connection: close

Vary: Accept-Encoding

X-Powered-By: PHP/5.4.16
0..

POST /se/adx.php HTTP/1.1

Pragma: no-cache

Cache-Control: no-cache

User-Agent: AtWebPost

Host: ad.handycafe.com

Content-Length: 427

Connection: Keep-Alive

lang=EN&op=get_banner&RndID=355370&Mac=00-50-56-3C-AC-71&Version=3.4.14&LocalIp=192.168.11.134&ProductKey=&ClientID=14827-51792-93377-69728-69364&Serial=&Clients=0&ServerMac=&Screen=1276x846&LngID=1033&LngName=en-US&LngCountry=United States&LngLang=ENU&Lng1=en&Lng2=us&MenuHeight=0&DefBrowser="C:Program FilesGoogleChromeApplicationchrome.exe" -- "%1"&iType=0&Adtry=4&hpass=hcafe&rand_id=43623-355370
HTTP/1.1 404

Server: nginx/1.10.2

Date: Sat, 30 Sep 2017 04:49:05 GMT

Content-Type: text/html

Transfer-Encoding: chunked

Connection: close

Vary: Accept-Encoding

X-Powered-By: PHP/5.4.16
0..

POST /se/adx.php HTTP/1.1

Pragma: no-cache

Cache-Control: no-cache

User-Agent: AtWebPost

Host: ad.handycafe.com

Content-Length: 427

Connection: Keep-Alive

lang=EN&op=get_banner&RndID=350253&Mac=00-50-56-3C-AC-71&Version=3.4.14&LocalIp=192.168.11.134&ProductKey=&ClientID=14827-51792-93377-69728-69364&Serial=&Clients=0&ServerMac=&Screen=1276x846&LngID=1033&LngName=en-US&LngCountry=United States&LngLang=ENU&Lng1=en&Lng2=us&MenuHeight=0&DefBrowser="C:Program FilesGoogleChromeApplicationchrome.exe" -- "%1"&iType=0&Adtry=3&hpass=hcafe&rand_id=39046-350253
HTTP/1.1 404

Server: nginx/1.10.2

Date: Sat, 30 Sep 2017 04:49:00 GMT

Content-Type: text/html

Transfer-Encoding: chunked

Connection: close

Vary: Accept-Encoding

X-Powered-By: PHP/5.4.16
0..

The Trojan connects to the servers at the folowing location(s):

.idata

.edata

P.tls

.rdata

P.reloc

.rsrc

kernel32.dll

Windows

MSWHEEL_ROLLMSG

MSH_WHEELSUPPORT_MSG

MSH_SCROLL_LINES_MSG

Try to replaced the Memory Manager used with the last FastMM4 Memory Manager (hXXp://fastmm.sourceforge.net).

DELPHI32.EXE

ELeaks.pas unit Error

_com.eurekalog.eleaks.dataclass

$*@@@*$@@@$ *@@* $@@($*)@-$*@@$-*@@$*-@@(*$)@-*$@@*-$@@*$-@@-* $@-$ *@* $-@$ *-@$ -*@*- $@($ *)(* $)

oleaut32.dll

EVariantBadIndexError

ssShift

htKeyword

EInvalidOperation

u%CNu

%s[%d]

%s_%d

.Owner

EMsgsRec

Support message

Login message

Operating System Header

Invalid login

An error has occurred during program execution.

Go to the Support Page

We have created an error report that you can send to us. We will treat this report as confidential and anonymous.

To see what data the error report contains,

&Send Error Report

Operating System

Login...

Contact the program support to obtain an update.

Invalid login request.

Operating System|Type

Operating System|Build #

Operating System|Update

Operating System|Language

Operating System|Charset

_BugReport | Full EurekaLog bug report

_ExceptMsg | Last exception message

SystemDrive | The drive containing the Windows root directory

SystemRoot | The Windows root directory

WinDir | Windows directory

.vshost

shfolder.dll

1111111

eurekalog@email.com

%s (Address: %s)

Critical error at: "%s"

Error: "%s".

ECore.Done

ECore.Init

TELVftPathSymbolInfo

.jdbg

%Program Files% (x86)\EurekaLab\EurekaLog 6\Delphi7\EDebug.pas

wsock32.dll

ws2_32.dll

mswsock.dll

Cannot hook a null procedure ("%s").

Cannot hook the module "%s" located into the shared-area.

Cannot hook the procedure "%s".

EHook.Done

EHook.Init

TEurekaClientSMTP

Cannot close the socket: "%s"

Invalid socket: "%s".

Connection error: "%s"

Connected to %d.%d.%d.%d port %d

Error into "send": "%s"

Error into "recv": "%s"

0.0.0.0

IPHLPAPI.DLL

193.121.171.135

Cannot resolve the "%s" MX record.

ESockets.Done

ESockets.Init

MSVCRT.DLL

MSVCRT20.DLL

1.2.3

THTTPResponse

THTTPConnectionBase

THTTPSendReport

THTTPMantisSendReport

THTTPBugzillaSendReport

THTTPFogBugzSendReport

wininet.dll

HttpOpenRequestA

HttpAddRequestHeadersA

HttpSendRequestA

HttpSendRequestExA

HttpEndRequestA

HttpQueryInfoA

FtpOpenFileA

InternetOpenUrlA

https

Cannot create an HTTP connection with the host: %s

Cannot close the HTTP connection with the host: %s

Content-Type: application/x-www-form-urlencoded

[v%s - 1]: %s (%s)

%s (%s)

login.php

login_select_proj_page.php

password

bug_report_page.php">

my_view_page.php

set_project.php

view_all_set.php?f=3

view_all_bug_page.php

bug_update_page.php?bug_id=

bug_update_advanced_page.php?bug_id=

bug_report_advanced_page.php

bug_report.php

report_stay

bug_report_token

href="view.php?id=

bug_update_page.php

bug_update.php

reporter_id

view.php

enter_bug.cgi

Bugzilla_login

Bugzilla_password

relogin.cgi

index.cgi?logout=1

buglist.cgi

href="query.cgi?

show_bug.cgi?id=

action="post_bug.cgi"

post_bug.cgi

keywords

attachment.cgi

show_bug.cgi

<label for="component" accesskey="

process_bug.cgi

default.asp

sPassword

fRememberPassword

default.asp?pg=pgeditbug

default.asp?pgx=EV&ixBug=

default.asp?pre=preSubmitBug&sActionToken=

default.asp?pre=preSubmitBug

default.asp?pg=pgEditReleaseNotes

%Program Files% (x86)\EurekaLab\EurekaLog 6\Delphi7\EWebTools.pas

Cannot assign a THTTPResponse class to a NIL value.

%c les #Gv , #Mp

%c punpcklbw #Pq , #Qd

%c punpcklwd #Pq , #Qd

%c punpckldq #Pq , #Qd

%c packusdw #Pq , #Qd

%c pcmpgtb #Pq , #Qd

%c pcmpgtw #Pq , #Qd

%c pcmpgtd #Pq , #Qd

%c packsswb #Pq , #Qd

%c punpckhbw #Pq , #Qd

%c punpckhwd #Pq , #Qd

%c punpckhdq #Pq , #Qd

%c packssdw #Pq , #Qd

atSendingWebMessage

atSentWebMessage

eeEmailSMTPError

eeWebHTTPError

eeWebHTTPSError

eeWebFTPError

eeWebTrakerError

TPasswordRequestNotify

Password

TCustomWebFieldsRequestNotify

WebFields

OnPasswordRequestt

OnCustomWebFieldsRequest

THTTPConnection

TActiveXException

You used a 'TEurekaLog' component in module "%s" without activating EurekaLog.

%d %s,

%d %s

{\rtf1\ansi\ansicpg1252\deff0\deflang1040{\fonttbl{\f0\fmodern\fprq1\fcharset%d %s;}}

Microsoft Windows

\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION

\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION

%s, %d %s %d %0.2d:%0.2d:%0.2d %s

- %s - %s - %s - %s[%s]

%s $%8.8x - [%8.8x] %s %s

$%8.8x - [%8.8x] %s - %s - %s - %s - %s[%s]

[ERROR] - Section: %s - Address: %s - Message: "%s"

6.1.04

Version : %s

Date : %s

OS : %s

RAD : %s

Dump : %s

Section : %s

LastExcept: %s

Address : %s

Exception : %s

Message : %s

Call Stack: %s

Error: '%s'

EurekaLog 6.1.04 critical bug.

support@eurekalog.com

Send manually the "%s" file to the support@eurekalog.com email address, after click on OK button to close this box.

[WARNING] - Code: %s - Address: %s - Message: "%s"

[%s] %s

General '%s' error.

PSAPI.DLL

PSAPI.dll

Kernel32.dll

%Program Files% (x86)\EurekaLab\EurekaLog 6\Delphi7\ExceptionLog.pas

HttpExtensionProc

Content-Length: %d

<title>%s</title>

<!-- EurekaLog ID: %s -->

<br><input type=button value="Ok" OnClick="history.go(-1)" style="width:75;height:25;z-index:100;font-style:normal;font-size:10pt;text-decoration:none;">

EurekaLog_IWShowMessage.html

IntraWeb: Cannot show the error page.

IntraWeb: Cannot create the "%s" template.

IntraWeb

IntraWeb: IntraWebApplication e/o IntraWebServerController are set to nil.

Screenshot.png

BugReport.zip

LastHTMLPage.html

EurekaLog_CustomWebFieldsRequestEvent

EurekaLog_PasswordRequestEventEx

EurekaLog_PasswordRequestEvent

%s=%d; %s=%s

; %s=%s

%s: %s=%s; %s=%d; %s=%d

user32.dll

EurekaLog.ini

WindowsState

\\.\mailslot\

RICHED20.DLL

mapi32.dll

SMTP:

%s %d/%d:

AUTH LOGIN

@localhost.com>

SMTP

\*.zip

- Cannot find the "%s" library.

%s error code: %d%s

HTTPS

Error Code: %d

Error Message: "%s"

%d x %d, %d bit

000.000.000.000

iphlpapi.dll

HardwareInformation.MemorySize

HardwareInformation.AdapterString

windows

winspool.drv

EurekaLog 6.1.04

EAX: %s EDI: %s

EBX: %s ESI: %s

ECX: %s ESP: %s

EDX: %s EIP: %s

%s%s:

|%s|%s|%s|%s|%s|%s|

|%s|%s|%s|%s|%s|%s|%s|

|%s|%s|%s|%s|%s|%s|%s|%s|

_ExceptMsg

_BugReport

Cannot use 'CurrentEurekaLogOptions' function in module "%s" without activate EurekaLog.

5.0.0

7.2.32

%s: %s=%d - %s=%d

Intraweb_

VCL70.BPL

VISUALCLX70.BPL

INDY70.BPL

INDYCORE70.BPL

57E8411D-873A-4B87-921F-B8A95569244B6.1.04 Professional

ExceptionLog.Done

ExceptionLog.Init

EInvalidGraphicOperation

%s%s (*.%s)|*.%2:s

%s*.%s

%s (%s)|%1:s|%s

comctl32.dll

USER32.DLL

uxtheme.dll

%s%s%s%s%s%s%s%s%s%s

Proportional

PasswordChar

OnKeyDown

OnKeyPress

OnKeyUp

MAPI32.DLL

vsReport

Uh.VJ

TComboBoxExEnumerator

ole32.dll

ssHorizontal

IE(AL("%s",4),"AL(\"%0:s\",3)","JK(\"%1:s\",\"%0:s\")")

JumpID("","%s")

ssHotTrack

TWindowState

poProportional

TWMKey

KeyPreview

WindowState

tagMSG

System\CurrentControlSet\Control\Keyboard Layouts\%.8x

vcltest3.dll

User32.dll

TKeyEvent

TKeyPressEvent

HelpKeyword`

crSQLWait

imm32.dll

AutoHotkeys

EInvalidGridOperation

Software\Microsoft\Windows\CurrentVersion\Internet Settings\

cmLoginRequest

cmLogin

cmUrl

cmWeb

cmChangePass

cmClearVisitedWeb

cmRequestForLogin

cmWebCamReq

TCafeKey

#,##0.00

#,##0.00

#,##0.00

acc.bat

TOnUDPDataEvent

FromPort

TAtUdp

untudp

LocalPortT

RemotePort0

1.0.5

127.0.0.1

%d.%d.%d.%d

getservbyport

WSAAsyncGetServByPort

WSAJoinLeaf

WS2_32.DLL

TIdSocketListWindows

TIdStackWindowsU

IdStackWindows

WindowsDirectory0

Windows 3.1

Windows 95/98

Windows XP

Windows NT

_list.dat

EXPLORER.EXE

HNDSERVER.EXE

_GUARD.EXE

IPCLN.EXE

CLNFW.EXE

IPLSRV.EXE

IPSRV.EXE

IPLCLN.EXE

IEXPLORE.EXE

ccpxysvc.exe

Invalid ZStream operation!

Port0

Certificates

CertifPers

CertifSite

CertPub

FormSuggest Passwords

ResetWebSettings

NoBrowserSaveWebComplete

NoChangeKeyboardNavigationIndicators

NoWindowsSetupPage

NoSupportInfo

{20D04FE0-3AEA-1069-A2D8-08002B30309D}

{645FF040-5081-101B-9F08-00AA002F954E}

{450D8FBA-AD25-11D0-98A8-0800361B1103}

NoWindowsUpdate

NoFileUrl

Disable the Full Screen view option and F11 key

Disable Certificates & Publishers buttons

Prevent changing Certificate options

Remove the Personal tab from Certificate manager

Prevent Prompt me to save password from being displayed

Disable the Reset web Setting button

Disable Save As Web Page Complete from File>Save As

Remove Windows update from Start Menu|Settings. and IEs Tools menu

Disable the "Windows and buttons" style control (Windows XP)

Disable the "Color scheme" control (Windows XP)

Disable the "Font size" control (Windows XP)

Hide the Themes tag which prevents the user from selecting an alternate theme (Windows XP)

Disable the "Hide keyboard navigation indicators until I use the ALT key" option in the Display Control Panel (Windows 2000/XP)

Prevent users from selecting the option to animate the movement of windows and menus (Windows 2000/XP)

Prevent users from accessing the Change Passwords page (Windows 95/98/Me)

Disable access to the Passwords icon on the control panel (Windows 95/98/Me)

Disable The user profile page controls (Windows 95/98/Me)

Stop users from being able to change the remote administration settings for the computer (Windows 95/98/Me)

Hide the Virtual Memory button from the System icon on the Control Panel (Windows 95/98/Me)

Hide the File System button from the System icon on the Control Panel (Windows 95/98/Me)

Hide the Hardware Profiles page from the System icon on the Control Panel (Windows 95/98/Me)

Disable Device Manager under Control Panel (Windows 95/98/Me)

Disable Task Manager (Windows XP)

Remove access to the Access Control Page (Windows 95/98/Me)

Disable access to the Network ID page (Windows 95/98/Me)

Hide the file and printer sharing controls, stopping users from disabling or creating new file or printer shares (Windows 95/98/Me)

Disable access to the Network Control Panel icon (Windows 95/98/Me)

Hide the printer details and general printer information pages (Windows 95/98/Me)

Remove the Security tab from Windows explorer (Windows XP)

Remove the hardware tab from applicable items in the Control Panel and from the local drive properties (Windows 2000/XP)

Hide the Search Button on the Explorer Toolbar (Windows 2000/XP)

Remove Properties from My Computer (Windows XP)

Remove My Documents from the Start Menu (Windows 2000/Me/XP)

Disable Add/Remove Programs (Windows 2000/XP)

Disable Change and Remove Programs (Windows 2000/XP)

Disable Add Programs (Windows 2000/XP)

Disable Windows Components Wizard (Windows 2000/XP)

Hide "Add a program from CD-ROM or disk" option (Windows 2000/XP)

Hide "Add programs from Microsoft" option (Windows 2000/XP)

Hide "Add programs from your network" option (Windows 2000/XP)

Go directly to Windows Components Wizard (Windows 2000/XP)

Disable Support Information (Windows 2000/XP)

TCPRestrictions@

TCPRestrictions

Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\

Software\Microsoft\Windows\CurrentVersion\Policies\System\

Software\Microsoft\Windows\CurrentVersion\Policies\Network\

Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\

Software\Microsoft\Windows\CurrentVersion\Policies\Uninstall\

Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\

Software\Microsoft\Windows\CurrentVersion\Policies\NonEnum\

Software\Microsoft\Windows\CurrentVersion\Explorer\Desktop\NameSpace\

Software\Microsoft\Windows\CurrentVersion\Policies\Explorer

Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\RestrictRun

hndclient.exe

_hndguard.exe

FtPj

SetPort

00-00-00-00-00-00

tmpdownload_update.tmp

updatecln.exe

tmpdownload_file.tmp

tmpdownload_cafe.tmp

tmpdownload_rules.tmp

tmpdownload_rest.tmp

TClientWeb

Port

RemotePort0zP

AdminPass0

OnUrl

OnAdminLogin

OnLogin

OnWeb FR

PASSWORD

3.4.14

hXXp://VVV.handycafe.com

data\data.dat

data\fw.dat

data\fwx.dat

_hcfon.dat

Create:UDPCreate

UDPSocketCreateEvent

Error:UDPSocketCreateEvent

230.4.4.46

hremoteserver.dll

brserver.dll

UDPData:Stream

UDPData:Stream2

UDPData:SafeData

UDPData:Exit

%d-%d-%d-%d-%d

LocalPort

RemotePort

RFBPort

BRPort

AdminPass

NoMsg

OnLastMsg

OnLoginFile

OnLoginSound

handyCafe - hXXp://VVV.handycafe.com

PingServer::GetExeName

%d bits, %d x %d - %d

SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\

Software\Microsoft\Internet Explorer\TypedURLs

iphcln.exe

%s %d %s %s true

%s %d %s %s false

Software\Microsoft\Windows\CurrentVersion\Run

_hndguard.exe -runguard

Software\Microsoft\Windows\CurrentVersion\RunServices

dump.log

\Mozilla\Firefox\

profiles.ini

\user.js

"browser.startup.homepage"

"browser.startup.page"

"general.useragent.extra.handycafe.client"

hXXp://

\Google\Chrome\User Data\Default\

-%SS%-

"startup_urls":

"urls_to_restore_on_startup":

user_pref("browser.startup.homepage", "

user_pref("browser.startup.page", 1);

user_pref("general.useragent.extra.handycafe.client", "handyCafeCln/

\prefs.js

Uhn%S

SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform

Uh%4S

_mr.dt

c:\program files (x86)\borland\delphi7\Source\vcl\OleServer.pas

olepro32.dll

TSQLTimeStampVariantType

TSQLTimeStampData

SqlTimSt

c:\program files (x86)\borland\delphi7\Source\vcl\SqlTimSt.pas

SQLTimeStamp

%s: %s

Password

TLoginDialog

TPasswordDialog

TPasswordDialogH

lng.ini

OnActionExecute

IWebBrowser(

IWebBrowserApp

IWebBrowser2

TWebBrowserStatusTextChange

TWebBrowserProgressChange

TWebBrowserCommandStateChange

TWebBrowserTitleChange

TWebBrowserPropertyChange

TWebBrowserBeforeNavigate2

TWebBrowserNewWindow2

TWebBrowserNavigateComplete2

TWebBrowserDocumentComplete

TWebBrowserOnVisible

TWebBrowserOnToolBar

TWebBrowserOnMenuBar

TWebBrowserOnStatusBar

TWebBrowserOnFullScreen

TWebBrowserOnTheaterMode

TWebBrowser

http/1.

AtTCPComp

TAtTCPClient

PortT

Content-Length: %SIZE%

ÚTATYPE% ¬TION% HTTP/1.0

ÚTATYPE%

AtWebPost

%SIZE%

Host, Action and Port must set!

hc%d%d.tmp

atwebpost

TWebpostEvent

TAtWebPost

HTTPS ^T

OnThreadExecute

TAtWebpostThread

hXXps://

%s?%s

HTTP/1.1

Range: bytes=-%d

FilterGraph %p pid %x

($%x).

vpDoNotRenderColorKeyAndBorder

Operation

TOnDVDCMD

CmdID

OnDVDCMDStart$

OnDVDCMDEnd

OnDVDWarningFormatNotSupported

Portable Network Graphics

$URL: hXXps://jcl.svn.sourceforge.net/svnroot/jcl/tags/JCL-2.4-Build4571/jcl/source/common/JclResources.pas $

JclBase$URL: hXXps://jcl.svn.sourceforge.net/svnroot/jcl/tags/JCL-2.4-Build4571/jcl/source/common/JclBase.pas $

$URL: hXXps://jcl.svn.sourceforge.net/svnroot/jcl/tags/JCL-2.4-Build4571/jcl/source/windows/JclWin32.pas $

JCL\source\windows

$URL: hXXps://jcl.svn.sourceforge.net/svnroot/jcl/tags/JCL-2.4-Build4571/jcl/source/common/JclLogic.pas $

$URL: hXXps://jcl.svn.sourceforge.net/svnroot/jcl/tags/JCL-2.4-Build4571/jcl/source/common/JclStringConversions.pas $

windows-1256

windows-1257

windows-1250

windows-1251

windows-1253

windows-1255

csShiftJIS

csWindows31J

windows-874

windows-1254

ISO_646.irv:1991

windows-1258

Windows-1252

$URL: hXXps://jcl.svn.sourceforge.net/svnroot/jcl/tags/JCL-2.4-Build4571/jcl/source/common/JclCharsets.pas $

$URL: hXXps://jcl.svn.sourceforge.net/svnroot/jcl/tags/JCL-2.4-Build4571/jcl/source/common/Jcl8087.pas $

$URL: hXXps://jcl.svn.sourceforge.net/svnroot/jcl/tags/JCL-2.4-Build4571/jcl/source/common/JclMath.pas $

$URL: hXXps://jcl.svn.sourceforge.net/svnroot/jcl/tags/JCL-2.4-Build4571/jcl/source/windows/Snmp.pas $

$URL: hXXps://jcl.svn.sourceforge.net/svnroot/jcl/tags/JCL-2.4-Build4571/jcl/source/common/JclIniFiles.pas $

$URL: hXXps://jcl.svn.sourceforge.net/svnroot/jcl/tags/JCL-2.4-Build4571/jcl/source/common/JclSysInfo.pas $

ccIDSBinaryOperator

ccIDSTrinaryOperator

ccJoinControl

Mathematical Operators

Supplemental Mathematical Operators

Transport And Map Symbols

$URL: hXXps://jcl.svn.sourceforge.net/svnroot/jcl/tags/JCL-2.4-Build4571/jcl/source/common/JclUnicode.pas $

$URL: hXXps://jcl.svn.sourceforge.net/svnroot/jcl/tags/JCL-2.4-Build4571/jcl/source/common/JclWideStrings.pas $

$URL: hXXps://jcl.svn.sourceforge.net/svnroot/jcl/tags/JCL-2.4-Build4571/jcl/source/windows/JclShell.pas $

$URL: hXXps://jcl.svn.sourceforge.net/svnroot/jcl/tags/JCL-2.4-Build4571/jcl/source/windows/JclSecurity.pas $

$URL: hXXps://jcl.svn.sourceforge.net/svnroot/jcl/tags/JCL-2.4-Build4571/jcl/source/common/JclDateTime.pas $

$URL: hXXps://jcl.svn.sourceforge.net/svnroot/jcl/tags/JCL-2.4-Build4571/jcl/source/common/JclFileUtils.pas $

$URL: hXXps://jcl.svn.sourceforge.net/svnroot/jcl/tags/JCL-2.4-Build4571/jcl/source/windows/JclConsole.pas $

$URL: hXXps://jcl.svn.sourceforge.net/svnroot/jcl/tags/JCL-2.4-Build4571/jcl/source/common/JclStreams.pas $

$URL: hXXps://jcl.svn.sourceforge.net/svnroot/jcl/tags/JCL-2.4-Build4571/jcl/source/common/JclAnsiStrings.pas $

$URL: hXXps://jcl.svn.sourceforge.net/svnroot/jcl/tags/JCL-2.4-Build4571/jcl/source/common/JclStrings.pas $

TRootKey

HKEY_CLASSES_ROOT

HKEY_CURRENT_USER

HKEY_LOCAL_MACHINE

HKEY_USERS

HKEY_PERFORMANCE_DATA

HKEY_CURRENT_CONFIG

HKEY_DYN_DATA

$URL: hXXps://jcl.svn.sourceforge.net/svnroot/jcl/tags/JCL-2.4-Build4571/jcl/source/windows/JclRegistry.pas $

EJclMutexError

$URL: hXXps://jcl.svn.sourceforge.net/svnroot/jcl/tags/JCL-2.4-Build4571/jcl/source/common/JclSynch.pas $

TUnitVersioning$URL: hXXps://jcl.svn.sourceforge.net/svnroot/jcl/tags/JCL-2.4-Build4571/jcl/source/common/JclUnitVersioning.pas $

TJclIntfCriticalSection$URL: hXXps://jcl.svn.sourceforge.net/svnroot/jcl/tags/JCL-2.4-Build4571/jcl/source/common/JclSysUtils.pas $

$URL: hXXps://jcl.svn.sourceforge.net/svnroot/jcl/tags/JCL-2.4-Build4571/jcl/source/common/JclRTTI.pas $

$URL: hXXps://jcl.svn.sourceforge.net/svnroot/jcl/tags/JCL-2.4-Build4571/jcl/source/common/JclMime.pas $

Edit1KeyPress

Edit2KeyPress

TfrmLogin

Login

default.swf

C:\handyCafe\lvcomp\AtComps\UNulContainer.pas

Browser's Default interface does not support IOleObject

Version: 3.4.14

Admin Password

%s "%s"

*.ini

Passwords do not match.

TfrmChangePass

Change Password

WebBrowser1

ChangePassword1

UrlTimer2$

UrlTimer1(

webRefreshTimer<

WebWBD

ChangePassword1Click

UrlTimer1Timer

UrlTimer2Timer

FormKeyPress

webRefreshTimerTimer

WebWBBeforeNavigate2

WebBrowser1NewWindow2

WebBrowser1BeforeNavigate2$

WebBrowser1CommandStateChange"

WebBrowser1DocumentComplete

WebBrowser1DownloadBegin"

WebBrowser1DownloadComplete#

WebBrowser1NavigateComplete2

hXXp://search.handycafe.com/?

%SERVER%

InternetExplorer.Application

%s;-%s

SpinEdit1KeyUp

WebBrowser1DocumentComplete

Uh}%X

AtWebPost12$

AtWebPost1&

ClientLogin

ClientUrl

ClientAdminLogin

ClientWeb

AtWebPost2ThreadExecute

AtWebPost12DownloadCompleted

AtWebPost1ThreadExecute

ClientLogout::Keyex

ClientLogout::Key

ClientLogout::MSGClose

ClientLogout::ChangePassClose

SYSKeys

Software\Microsoft\Windows\CurrentVersion\Policies\System

SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains

handycafe.com

_wreq.exe

lgn.ini

lgo.ini

Banners\shbanner.htm

CmdGet =

CmdSent =

Error.log

.mpeg

ClientLogoutRequest::HookKeys

/index.htm?RndID=

_hndguard.exe -rungrd

%s - %sVersion: %sHost: %sError Type: %sError Message: %sOS: %sCmdGet: %sCmdSent: %sProc: %s----%s

http\shell\open\command

%dx%d

&ProductKey=

&hpass=hcafe

/se/adx.php

ad.handycafe.com

URL_2

CHROME_START_PAGE

WEB_SIZE

&webY=

Content-type: application/x-www-form-urlencoded

HNetCfg.FwMgr

HNetCfg.FwAuthorizedApplication

data\sets.ini

zip 1.01 Copyright 1998-2004 Gilles Vollant - hXXp://VVV.winimage.com/zLibDll

deflate 1.2.3 Copyright 1995-2005 Jean-loup Gailly

inflate 1.2.3 Copyright 1995-2005 Mark Adler

?456789:;<=

!"#$%&'()* ,-./0123

12005 The URL is invalid.

A12006 The URL scheme could not be recognized or is not supported.

I12012 The Win32 Internet function support is being shut down or unloaded.

12014 Password is incorrect.

)12016 The requested operation is invalid.

!12017 The operation was canceled.

B12018 The type of handle supplied is incorrect for this operation.

l12019 The requested operation cannot be carried out because the handle supplied is not in the correct state.

]12026 The required operation could not be completed because one or more requests are pending.

>12037 SSL certificate date is bad. The certificate is expired.

A12038 SSL certificate common name (host name field) is incorrect.

h12045 The function is unfamiliar with the Certificate Authority that generated the server's certificate.

*12055 The SSL certificate contains errors.

s12110 The requested operation cannot be made on the FTP session handle because an operation is already in progress.

12111 FTP session aborted.

212112 Passive mode is not available on the server.

@12135 The type of the locator is not correct for this operation.

~12136 The requested operation can be made only against a Gopher  server, or with a locator that specifies a Gopher  operation.

312154 The request made to HttpQueryInfo is invalid.

12156 The redirection failed because either the scheme changed (for example, HTTP to FTP) or all attempts made to redirect failed (default is five attempts).

*12160 The HTTP request was not redirected.

,12161 The HTTP cookie requires confirmation.

112162 The HTTP cookie was declined by the server.

612164 The Web site or server indicated is unreachable.

!12169 SSL certificate is invalid.

"12170 SSL certificate was revoked.

EAbout.pas

EBase64.pas

EBaseModule.pas

EBorlandDebug.pas

ECheck.pas

ECmdLine.pas

ECommon.pas

EConsts.pas

ECore.pas

ECrc32.pas

EDebug.pas

EDesign.pas

EDisAsm.pas

EEncrypt.pas

EHash.pas

EHook.pas

EIDEOptions.pas

ELang.pas

ELeaks.pas

EListView.pas

ELogManager.pas

EMain.pas

EMessages.pas

ENagScreen.pas

EOption.pas

EParser.pas

EResource.pas

ESockets.pas

EToolsAPI.pas

EToolServices.pas

ETypes.pas

EVariables.pas

EWait.pas

EWebTools.pas

EWinSock.pas

ExceptionLog.pas

EXMLBuilder.pas

EZip.pas

EZlib.pas

1iu2.iuB

GetKeyboardType

advapi32.dll

RegOpenKeyExA

RegCloseKey

RegQueryInfoKeyA

RegFlushKey

RegEnumKeyExA

RegDeleteKeyA

RegCreateKeyExA

GetWindowsDirectoryA

GetCPInfo

version.dll

gdi32.dll

SetViewportOrgEx

keybd_event

UnhookWindowsHookEx

SetWindowsHookExA

SetKeyboardState

MsgWaitForMultipleObjects

MapVirtualKeyA

LoadKeyboardLayoutA

GetKeyboardState

GetKeyboardLayoutList

GetKeyboardLayout

GetKeyState

GetKeyNameTextA

ExitWindowsEx

EnumWindows

EnumThreadWindows

ActivateKeyboardLayout

shell32.dll

ShellExecuteA

SHFileOperationA

FindNextUrlCacheEntryA

FindFirstUrlCacheEntryA

FindCloseUrlCache

DeleteUrlCacheEntry

comdlg32.dll

ADVAPI32.DLL

GetUdpStatistics

GetTcpStatistics

GetUdpTable

GetTcpTable

winmm.dll

quartz.dll

urlmon.dll

333333333333333333

33333833

3333339

3333333333333338

:*"*"$3338

3333333

33333333

33333333333

3333333333338

33338?383

333333333333

:*3:"$3338

333333333333333

33333333330

3333338

3333333330

3333833330

3333330

333333330

3333333333

33333333333333

337373?3

333373?33

33333337

3733333

3337333

3333373

3737333

373333?3

333333333

333?33?333

333373?3

338333?330

33383?3330

3833830

<<9876$8

>=<9887$8

hg<1)ú

E(.Fcn

&U%cg^

%/%S$^gN

.yOax

yuRlX

U.xSF

%So_^-.rN

2.DJY

..JM4

"n.YQ;

.ba&J

K.BQR

7.QLx

8 .zs

.rtL!

'%D#QO

`ML%D@=a*

-6}\G

.Ps?2%

Z{.Zv

Cf.NO

k}W1.Mz

.Ag|f

cK).oS

K%X'W

;,.sE

.ug1"

,.zg9

.Wdg3

*[.ls

-%U}Rd

%%aR.jm2

8ð@

.Ht#4

n-9Rap}!

\.pz2

\.qvv

E.qdR

0_.ca`

Z.quq

.IuQA

CU.QUkh

\.qtt

tcPV%

\.qxx

CK.sW

Wv.agg

.Erz?S

k$tcP

\.cWB

4ÛL

\-9}t

mY.VLg

.CXr(

_V%s3

Œp&

9JNY.mOZ

3...bA

JBeSl6U.QH??

#%xoS|

.MSq<w

.Xk|d

ktURU%U$

S6

DudP

777Wb^.rn

L4%U\

CEF%c

Ae.bA

`1.Fh

HJ.mmSW

K%4x8i

dTi.mm

?hE%u

.BalwRQJ

S]<[.vu

u]%d.

\.qzz

$#5@\>Ã

^.WGD

.Dv}{?

HL.vl`

Bhb%S

5...pyy

aZ-v}

ad.jL2T

!%u-yP;J3C

Rl.HJ

 CR%u

.qmIw$

W5Ú

.dS?O

c.iNcuF

).AN0

(&p.wn

_?~.kn

.cb!I

%sQIc

,(%4UZ

 =.yh

/.wxq

i.lZ)

.PG&I

Wc8%xzz

#.pNZ

w5.oB

...fl

\.qyy

%U0u1

X.Wh7

[Ë"

%6sqY

E%CytJd

xlP%S

_.ykjxwR

3nM'.xl

kCMD

S"%c@

9,.fU

j6~.ATA

=%UsG

r.:sSH{

v%~.EgX

C.smMy

yuu%uk

X%s0l

Fyj{%S

7}%xm

%d*H$\

.fXK!$

%u&D$

W:T.nW.

z>/\pY.xY

8%X ra=

!9%uom

hh.rU

r.Tr<T

[Ue"%dkXf

.PtwR

~.cO(

*8%u8

$=B@.wi

n>%%u

%cT@()

k%DMI

]<j$.ZF;

.NV#x

h%uSWf

K1%s#

J\%.Ju

cq%Xx

7y.vJ

.TP8W

f5#.kD

#PD.sM

R7.ml

>||z.OK

&.yS uEy#

%uuj.o

.sN5x

FjI%u

P%s\<

.PPuE

pJ,%2u

oK%S~nX

%6XQm

KWindows

UrlMon

JvExExtCtrls

?HTTPApp

>WebConst

rSqlTimSt

.ScktComp

fJwaIpExport

IdUDPClient

IdUDPBase

EWebTools

Font.Charset

Font.Color

Font.Height

Font.Name

Font.Style

Glyph.Data

IconOptions.AutoArrange

frmChangePass

New Password

Re-type Password

frmLogin

Icon.Data

Login Request

3.4.11

OnWeb

AtWebPost12

AtWebPost1

Picture.Data

WebWB

UrlTimer2

UrlTimer2Timer

UrlTimer1

webRefreshTimer

webpop

webpopTitleChange

EditLabel.Width

EditLabel.Height

EditLabel.Caption

Admin Password (Re-type)

Disable "Login Request"

On Login

Items.Strings

Client UDP Port

Server UDP Port

IMPORTANT: Please do not change these settings. If you are having troubles please kindly contact us. Our support team will assist to solve your problems. Server / Client Password is not your admin password.

Server / Client Password

#Bitmap Files|*.bmp|Jpeg Files|*.jpg

All files|*.*

%%%c,,,

4###`###

VMROptions.Mode

LoginDialog

Database Login

&Password:

PasswordDialog

Enter password

version="1.0.0.0"

name="Microsoft.Windows.Common-Controls"

version="6.0.0.0"

publicKeyToken="6595b64144ccf1df"

TFRMCHANGEPASS

TFRMLOGIN

TLOGINDIALOG

TPASSWORDDIALOG

To see what data this error report contains,

Send Error Report

No GIF Data to writeÊnnot change the Size of a GIF image

Could not load '%s' libraryLFile specified is not an executable file, dynamic-link library, or icon file

All files (*.*)|*.*

Win32 error: %s (%u)%s%s

128-Byte PrefetchingeCPUID leaf 2 does not report cache descriptor information, use CPUID leaf 4 to query cache parameters

Invalid MMF name "%s"*The MMF named "%s" cannot be created empty

-The chunks must be compatible to be assigned.jThis "Portable Network Graphics" image is invalid because the decoder found an unexpected end of the file.8This "Portable Network Graphics" image contains no data.7The png image could not be loaded from the resource ID.oSome operation could not be performed because the system is out of resources. Close some windows and try again.OThis operation is not valid because the current image contains no valid header.4The new size provided for image resizing is invalid.

CompuServe GIF ImageÊnnot change the Size of a GIF image

Remote LoginjThis "Portable Network Graphics" image is not valid because it contains invalid pieces of data (crc error)yThe "Portable Network Graphics" image could not be loaded because one of its main piece of data (ihdr) might be corruptedUThis "Portable Network Graphics" image is invalid because it has missing image parts.[Could not decompress the image because it contains invalid compressed data.

Description: BThe "Portable Network Graphics" image contains an invalid palette.

The file being readed is not a valid "Portable Network Graphics" image because it contains an invalid header. This file may be corruped, try obtaining it again.nThis "Portable Network Graphics" image is not supported or it might be invalid.

This "Portable Network Graphics" image is not supported because either it's width or height exceeds the maximum size, which is 65535 pixels length.

There is no such palette entry.dThis "Portable Network Graphics" image contains an unknown critical part which could not be decoded.pThis "Portable Network Graphics" image is encoded with an unknown compression scheme which could not be decoded.cThis "Portable Network Graphics" image uses an unknown interlace scheme which could not be decoded.

*Could not obtain OLE control window handle%License information for %s is invalidPLicense information for %s not found. You cannot use this control in design modeNUnable to retrieve a pointer to a running object registered with OLE for %s/%s

Field '%s' not found

%s is not a valid BCD value$Could not parse SQL TimeStamp string

Invalid SQL date/time values

RCode NO Error%DNS Server Reports Query Format Error%DNS Server Reports Query Server Error#DNS Server Reports Query Name Error.DNS Server Reports Query Not Implemented Error&DNS Server Reports Query Refused Error

Protocol not supported.

Socket type not supported."Operation not supported on socket.

Protocol family not supported.0Address family not supported by protocol family.

Socket is not connected..Cannot send or receive after socket is closed.

%s is not a valid service.

Socket Error # %d

Operation would block.

Operation now in progress.

Operation already in progress.

Socket operation on non-socket.

/Variant does not reference an automation object7Dispatch methods do not support more than 64 parameters

JPEG error #%d

Set Size Exceeded.*Error on call Winsock2 library function %s&Error on loading Winsock2 library (%s)

Resolving hostname %s.

Connecting to %s.

Failed to clear tab control Failed to delete tab at index %d"Failed to retrieve tab at index %d Failed to get object at index %d"Failed to set tab "%s" at index %d Failed to set object at index %d<MultiLine must be True when TabPosition is tpLeft or tpRight

Invalid ownerE%d is an invalid PageIndex value. PageIndex must be between 0 and %d=This control requires version 4.70 or greater of COMCTL32.DLL

No help keyword specified.

OLE error %.8x.Method '%s' not supported by automation object

No help found for %s#No context-sensitive help installed$No topic-based help system installed

Invalid clipboard format Clipboard does not support Icons

Text exceeds memo capacity/Menu '%s' is already being used by another form

(%dx%d)

Error setting %s.Count8Listbox (%s) style must be virtual in order to set Count#No OnGetItem event handler assigned

Value must be between %d and %d

Invalid input value7Invalid input value. Use escape key to abandon changes

%s property out of range

Invalid operation on TOleGraphic$Unknown picture file extension (.%s)

Unsupported clipboard format

Error creating window class Cannot focus a disabled or invisible window!Control '%s' has no parent window$Parent given is not a parent of '%s'

*Windows socket error: %s (%d), on API '%s'

Asynchronous socket error %d

List count out of bounds (%d)

List index out of bounds (%d) Out of memory while expanding memory stream

Error reading %s%s%s: %s

Failed to get data for '%s'

Failed to set data for '%s'

Resource %s not found

%s.Seek not implemented$Operation not allowed on sorted list$%s not in a class registration group

Property %s does not exist

Thread creation error: %s

Thread Error: %s (%d)

%List does not allow duplicates ($0%x)#A component named %s already exists%String list does not allow duplicates

Cannot create file "%s". %s

Cannot open file "%s". %s

Unable to write to %s

Invalid stream format$''%s'' is not a valid component name

Invalid property element: %s

Invalid property type: %s

Invalid data type for '%s'&Cannot insert or delete rows from grid List capacity out of bounds (%d)

Ancestor for '%s' not found

Cannot assign a %s to a %s

Bits index out of range*Can't write to a read-only resource streamECheckSynchronize called from thread $%x, which is NOT the main thread

Class %s not found

A class named %s already exists

System Error. Code: %d.

*Custom variant type (%s%.4x) is not usable2Too many custom variant types have been registered5Could not convert variant of type (%s) into type (%s)=Overflow while converting variant of type (%s) into type (%s)

Operation not supported

External exception %x

Interface not supported

%s (%s, line %d)

Abstract Error?Access violation at address %p in module '%s'. %s of address %p

Application Error1Format '%s' invalid or incompatible with argument

No argument for format '%s'"Variant method calls not supported

Invalid variant operation

Invalid NULL variant operation%Invalid variant operation (%s%.8x)

%s,Custom variant type (%s%.4x) is out of range/Custom variant type (%s%.4x) already used by %s

Integer overflow Invalid floating point operation

Invalid pointer operation

Invalid class typecast0Access violation at address %p. %s of address %p

Operation aborted(Exception %s in module %s at %p.

!'%s' is not a valid integer value('%s' is not a valid floating point value

'%s' is not a valid date

'%s' is not a valid time!'%s' is not a valid date and time

I/O error %d

Mobilecomp.net

3.4.1.4

3.5.14

%original file name%.exe_2748_rwx_016CB000_00001000:

g@email.com

EAbout.pas

ECmdLine.pas

EBase64.pas

EBaseModule.pas

EBorlandDebug.pas

ECheck.pas

ECrc32.pas

EDebug.pas

ECommon.pas

EConsts.pas

ECore.pas

EEncrypt.pas

EHash.pas

EHook.pas

ELang.pas

EDesign.pas

EDisAsm.pas

EToolServices.pas

ETypes.pas

EVariables.pas

EWait.pas

EWebTools.pas

EWinSock.pas

ExceptionLog.pas

EXMLBuilder.pas

EIDEOptions.pas

ELeaks.pas

EListView.pas

ELogManager.pas

EMain.pas

EMessages.pas

ENagScreen.pas

EOption.pas

EParser.pas

EResource.pas

ESockets.pas

EToolsAPI.pas

EZip.pas

EZlib.pas

DNS Server Reports Query Server Error

kernel32.dll

DNS Server Reports Query Refused Error

Remove it with Ad-Aware

1. Click (here) to download and install Ad-Aware Free Antivirus.
2. Update the definition files.
3. Run a full scan of your computer.

Manual removal*

1. Terminate malicious process(es) (How to End a Process With the Task Manager):No processes have been created.
2. Delete the original Trojan file.
   
3. Delete or disinfect the following files created/modified by the Trojan:
   

   C:\ProgramData\handyCafe\Client\dump.log (56 bytes)
   C:\ProgramData\handyCafe\Client\data\sets.ini (115 bytes)
   C:\Language\lng.ini (23 bytes)
   C:\ProgramData\handyCafe\Client\win-uk0ffoo83i6_list.dat (13511 bytes)
   C:\ProgramData\handyCafe\Client\data\data.dat (208 bytes)

4. Delete the following value(s) in the autorun key (How to Work with System Registry):
   

   [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
   "hndclient" = "c:\%original file name%.exe"

5. Clean the Temporary Internet Files folder, which may contain infected files (How to clean Temporary Internet Files folder).
   
6. Reboot the computer.
   

*Manual removal may cause unexpected system behaviour and should be performed at your own risk.