Trojan.Win32.Swrort_26c5ad2d27

by malwarelabrobot on July 31st, 2016 in Malware Descriptions.

not-a-virus:Downloader.Win32.Agent.dmdp (Kaspersky), Trojan.Win32.Generic!BT (VIPRE), Artemis!26C5AD2D27B7 (McAfee), SAPE.Heur.EEF53 (Symantec), PUA.WinloadSDA (Ikarus), Generic.9CE (AVG), Trojan.Win32.Swrort.4.FD, TrojanSwrort.YR, BankerGeneric.YR (Lavasoft MAS)
Behaviour: Banker, Trojan

The description has been automatically generated by Lavasoft Malware Analysis System and it may contain incomplete or inaccurate information.

Summary

Dynamic Analysis

Static Analysis

Network Activity

Map

Strings from Dumps

Removals

MD5: 26c5ad2d27b75b42e806ee2de0df16a3
SHA1: 047e2cd12f7b1a2ce5c7769432068b1318676d92
SHA256: 657c5a9d1c77a2a40f916f73a27fe908b5476490b9d0e7d610c95d94945a4f38
SSDeep: 24576:IG/VtGF6m/EADqfWWdk2QxB8X/rQEL7JWVFHbe00vgzhG18WImh8:X/H2MNuDxe/rnL1Ud5KgzhGzDe
Size: 1032856 bytes
File type: EXE
Platform: WIN32
Entropy: Packed
PEID: UPolyXv05_v6
Company: Slimware Utilities Holdings, Inc.
Created at: 2014-09-04 13:17:04
Analyzed on: WindowsXP SP3 32-bit

Summary:

Trojan. A program that appears to do one thing but actually does another (a.k.a. Trojan Horse).

Payload

No specific payload has been found.

Process activity

The Trojan creates the following process(es):
No processes have been created.
The Trojan injects its code into the following process(es):

%original file name%.exe:196

Mutexes

The following mutexes were created/opened:
No objects were found.

File activity

The process %original file name%.exe:196 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\sdaspwn.exe (5662 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\sdapskill.exe (3635 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\sdanircmdc.exe (1960 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\licence.txt (226 bytes)

Registry activity

The process %original file name%.exe:196 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "B8 A7 A2 C7 16 68 3A 68 15 83 63 B5 83 0F 2C 8E"

[HKLM\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication]
"ID" = "1409825824"
"Name" = "%original file name%.exe"

[HKCU\Software\Sysinternals\PsKill]
"EulaAccepted" = "1"

Dropped PE files

MD5	File path
b22171908e066ee0445fce6c8ea30633	c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\sdanircmdc.exe
b5891462c9ca5bddfe63d3bae3c14e0b	c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\sdapskill.exe
932ed26cc9fd6e5f41f32b579df2dbc4	c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\sdaspwn.exe

HOSTS file anomalies

No changes have been detected.

Rootkit activity

No anomalies have been detected.

Propagation

VersionInfo

No information is available.

PE Sections

Name	Virtual Address	Virtual Size	Raw Size	Entropy	Section MD5
UPX0	4096	1957888	0	0	d41d8cd98f00b204e9800998ecf8427e
UPX1	1961984	999424	997888	5.49826	a85780cf0437da441d1649112cabcb8e
.rsrc	2961408	28672	28160	4.10468	3975275c99ad2f24325b8f08deae348a

Dropped from:

Downloaded by:

Similar by SSDeep:

Similar by Lavasoft Polymorphic Checker:

Total found: 8
d98f00cc5c93e0685f4ffc6a0a68734a
e67a0c552d49c39810a81c5c1a575980
d782c13e65be081b6577f2e25e9a893c
e7d617daa615fc4f95ef5f9bda3e61c3
c466bf7aafcf24d5eb3286c06bac9397
268bdfb30633ef3baf6aae14e6b63615
725d1c8367651071fa37e56a0d0a76ad
4238d8b4c1079a830dff65c9fe75efde

URLs

No activity has been detected.

IDS verdicts (Suricata alerts: Emerging Threats ET ruleset)

Traffic

Web Traffic was not found.

The Trojan connects to the servers at the folowing location(s):

%original file name%.exe_196:

`.rsrc

"Z.hh

%u&C9

%u:F9

(:brl.stream.TStream,i,i)i

:brl.bank.TBank

(:brl.bank.TBank):TBankStream

OpenURL

(:brl.stream.TStream):TPixmap

:brl.font.TFont

[]:brl.pixmap.TPixmap

(i,i,i):brl.pixmap.TPixmap

(i,:brl.pixmap.TPixmap)i

:brl.pixmap.TPixmap

(:brl.pixmap.TPixmap,i):TImageFrame

SetViewport

(:brl.pixmap.TPixmap,i,i)i

(i,i,i,i):brl.pixmap.TPixmap

viewport_x

viewport_y

viewport_w

viewport_h

:brl.graphics.TGraphics

(:brl.graphics.TGraphics,:TMax2DDriver):TMax2DGraphics

()[]:brl.graphics.TGraphicsMode

(:brl.graphics.TGraphics)i

:brl.graphics.TGraphicsMode

(:brl.pixmap.TPixmap,i):TGLImageFrame

(i,i):brl.max2d.TMax2DGraphics

(i,i,i,i,i):brl.max2d.TMax2DGraphics

TPipeStream

ReadPipe

(i,i):TPipeStream

pipe

:TPipeStream

:brl.event.TEvent

(f,:brl.event.TEvent):TTimer

TKeyValue

TKeyEnumerator

ValueForKey

Keys

(:brl.stream.TStream,i):TTextStream

(:Object,$,$,i,i):brl.stream.TStream

:brl.map.TMap

(:maxgui.localization.TMaxGUILanguage)i

(i):brl.pixmap.TPixmap

:brl.linkedlist.TList

(:brl.event.TEvent,:Object)i

datakeys

((:brl.event.TEvent,:Object)i,:Object)i

KeysFromList

(:brl.linkedlist.TList)[]$

KeysFromObjectArray

InsertItemFromKey

(:brl.pixmap.TPixmap,i)i

SetHotKey

(i):brl.graphics.TGraphics

():brl.graphics.TGraphics

THotKey

:THotKey

dwWindowStatus

crTextColor

biClrImportant

TWindowsGUIDriver

(i,:TWindowsGadget)i

KeyboardProc

HotkeyEventFromWp

(i):brl.event.TEvent

(i,i,i,i,:maxgui.maxgui.TGadget)i

(i,$,i,i,i,i,:maxgui.maxgui.TGadget,i):maxgui.maxgui.TGadget

():maxgui.maxgui.TGadget

($,i,i):maxgui.maxgui.TGuiFont

($,d,i):maxgui.maxgui.TGuiFont

(i,d,i):maxgui.maxgui.TGuiFont

(:maxgui.maxgui.TGuiFont):maxgui.maxgui.TGuiFont

(:Object):maxgui.maxgui.TIconStrip

TWindowsGadget

_hotkey

:maxgui.maxgui.THotKey

:TWindowsFont

(:maxgui.maxgui.TGuiFont)i

TWindowsDesktop

TWindowsWindow

:TWindowsMenu

(:maxgui.maxgui.TGadget,i):TWindowsWindow

(:maxgui.maxgui.TGadget,:Object)i

TWindowsButton

(:maxgui.maxgui.TGadget,i):TWindowsButton

(:brl.pixmap.TPixmap)i

TWindowsTextField

(:maxgui.maxgui.TGadget,i):TWindowsTextField

TWindowsTextArea

:pub.win32.CHARRANGE

:pub.win32.CHARFORMATW

:pub.win32.GUID

(:maxgui.maxgui.TGadget,i):TWindowsTextArea

TWindowsListBox

:TWindowsIconStrip

(:maxgui.maxgui.TGadget,i):TWindowsListBox

(:maxgui.maxgui.TIconStrip)i

TWindowsComboBox

(:maxgui.maxgui.TGadget,i):TWindowsComboBox

TWindowsToolBar

(:maxgui.maxgui.TGadget,i):TWindowsToolBar

TWindowsTabber

(:maxgui.maxgui.TGadget,i):TWindowsTabber

TWindowsTreeNode

:TWindowsTreeNode

(:TWindowsTreeView):TWindowsTreeNode

($,:maxgui.maxgui.TGadget,i,i,i):TWindowsTreeNode

(i,$,i):maxgui.maxgui.TGadget

TWindowsTreeView

(:maxgui.maxgui.TGadget,i):TWindowsTreeView

TWindowsLabel

(:maxgui.maxgui.TGadget,i):TWindowsLabel

TWindowsSlider

(:maxgui.maxgui.TGadget,i):TWindowsSlider

TWindowsProgressBar

(:maxgui.maxgui.TGadget,i):TWindowsProgressBar

TWindowsPanel

(:maxgui.maxgui.TGadget,i):TWindowsPanel

TWindowsHTMLView

?pub.win32.IWebBrowser2

(:maxgui.maxgui.TGadget,i):TWindowsHTMLView

TWindowsMenu

_hotkeycode

SetNewKey

GetMenuFromKey

(i):TWindowsMenu

($,:maxgui.maxgui.TGadget,i):TWindowsMenu

TWindowsIconStrip

(:Object):TWindowsIconStrip

():TWindowsIconStrip

TWindowsFont

(i):TWindowsFont

(:pub.win32.LOGFONTW,i,d)i

($,d,i):TWindowsFont

(:pub.win32.LOGFONTW,i,i):TWindowsFont

(:maxgui.maxgui.TGuiFont):TWindowsFont

(d,i):TWindowsFont

TWindowsGraphic

(:brl.pixmap.TPixmap,i,i,i)i

[]:maxgui.maxgui.TGadget

:maxgui.maxgui.TGadget

(i,i,i,i,:maxgui.maxgui.TGadget,i):TSplitter

(i):maxgui.maxgui.TGadget

(:brl.pixmap.TPixmap):brl.pixmap.TPixmap

(:brl.pixmap.TPixmap,f):brl.pixmap.TPixmap

pnlViewport

(i,i,i,i,:maxgui.maxgui.TGadget,i):TScrollPanel

FitToViewport

(:maxgui.maxgui.TGadget,:maxgui.maxgui.TGadget)i

($,i,i,i,i,:maxgui.maxgui.TGadget,i,$):THyperlinkGadget

(:brl.event.TEvent):brl.event.TEvent

getExecOpt

TRegExException

(i,$):TRegExException

():brl.linkedlist.TList

(:brl.linkedlist.TList):brl.linkedlist.TList

_localPort

_remotePort

SetTCPNoDelay

LocalPort

RemotePort

CreateUDP

CreateTCP

(:brl.stream.TStream):brl.stream.TStream

:brl.socket.TSocket

():brl.socket.TSocket

(:brl.socket.TSocket,i):TSocketStream

THTTPStreamFactory

(:Object,:brl.reflection.TTypeId):TValue

(:TValue,:brl.reflection.TTypeId):Object

(:brl.reflection.TTypeId):brl.linkedlist.TList

(:TValue,:TValue,:brl.linkedlist.TList,[]:TValue_Selector_Token):brl.linkedlist.TList

(:brl.stream.TStream,$,$)i

($,i,$):brl.ramstream.TRamStream

(i,i,i):brl.ramstream.TRamStream

:brl.stream.TStream

(:brl.stream.TStream,i,i):TZipFileList

():brl.bank.TBank

(:brl.stream.TStream)i

password

(:brl.stream.TStream):brl.pixmap.TPixmap

paint.net 4.0.3

.uy}"

.rsrc

JuAV.CS~

1y.Gh6

vapi32.dllCreateP

irCmd vF71 (Conso

m\\.\

0/222^ /

HKEY_LOCAL_MACH

C.pdb

nv.onm&Va

n"81IKey

KERNEL32.DLL

ADVAPI32.dll

GDI32.dll

msvcrt.dll

ole32.dll

SHELL32.dll

USER32.dll

WINMM.dll

RegCloseKey

ShellExecuteA

.text

`.rdata

@.data

vSSSh

FTPjK

FtPj;

C.PjRV

tGHt.Ht&

ntdll.dll

\b EFFET JURIDIQUE.\b0 Le pr\'e9sent contrat d\'e9crit certains droits juridiques. Vous pourriez avoir d'autres droits pr\'e9vus par les lois de votre pays. Le pr\'e9sent contrat ne modifie pas les droits que vous conf\'e8rent les lois de votre pays si celles-ci ne le permettent pas.\b\par

\pard\sb240\lang1036 Remarque : Ce logiciel \'e9tant distribu\'e9 au Qu\'e9bec, Canada, certaines des clauses dans ce contrat sont fournies ci-dessous en fran\'e7ais.\par

\pard\fi-357\li357\sb120\sa120\tx360\caps\fs20 8.\tab\fs19 Legal Effect.\b0\caps0 This agreement describes certain legal rights. You may have other rights under the laws of your country. You may also have rights with respect to the party from whom you acquired the software. This agreement does not change your rights under the laws of your country if the laws of your country do not permit it to do so.\b\caps\par

\caps\fs20 6.\tab\fs19 Entire Agreement.\b0\caps0 This agreement, and the terms for supplements, updates, Internet-based services and support services that you use, are the entire agreement for the software and support services.\par

\caps\fs20 5.\tab\fs19 SUPPORT SERVICES.\caps0 \b0 Because this software is \ldblquote as is,\rdblquote we may not provide support services for it.\b\par

\caps\fs20 4.\tab\fs19 Export Restrictions\caps0 .\b0 The software is subject to United States export laws and regulations. You must comply with all domestic and international export laws and regulations that apply to the software. These laws include restrictions on destinations, end users and end use. For additional information, see \cf1\ul VVV.microsoft.com/exporting <hXXp://VVV.microsoft.com/exporting>\cf0\ulnone .\b\par

\caps\fs20 2.\tab\fs19 Scope of License\caps0 .\b0 The software is licensed, not sold. This agreement only gives you some rights to use the software. Sysinternals reserves all other rights. Unless applicable law gives you more rights despite this limitation, you may use the software only as expressly permitted in this agreement. In doing so, you must comply with any technical limitations in the software that only allow you to use it in certain ways. You may not\b\par

\'b7\tab support services\par

\pard\sb120\sa120\b0\fs19 These license terms are an agreement between Sysinternals (a wholly owned subsidiary of Microsoft Corporation) and you. Please read them. They apply to the software you are downloading from Systinternals.com, which includes the media on which you received it, if any. The terms also apply to any Sysinternals\par

{\*\generator Msftedit 5.41.21.2506;}\viewkind4\uc1\pard\brdrb\brdrs\brdrw10\brsp20 \sb120\sa120\b\f0\fs24 SYSINTERNALS SOFTWARE LICENSE TERMS\fs28\par

%s License Agreement

Riched32.dll

Software\Sysinternals\%s

Shell32.dll

\\.\%s

netmsg.dll

\\%s\IPC$

\\%s\ADMIN$\%s

%s\%s

Make sure that the default admin$ share is enabled on %s.

Make sure that file and print sharing services are enabled on %s.

Couldn't access %s:

Couldn't install %s service:

Could not start %s service on %s:

%%SystemRoot%%\%s

Starting %s service on %s...

Timeout accessing %s.

Connecting to %s...

Cannot connect to remote registry on %s:

Cannot log on to %s:

Password:

\\%s:

A system error has occurred: %d

Error opening %s:

\StringFileInfo\XX\%s

%s requires Windows NT/2000/XP/2003.

Process %d does not exist on %s.

Process %s does not exist on %s.

Error killing process %d on %s:

Error killing process(es) named %s on %s:

Error communicating with pskill service on %s. The process may

Error communicating with pskill service on %s:

Killing process%s %d on %s...

Error establishing communication with pskill service on %s:

\\%s\pipe\pskllsvc

Connecting with pskill service on %s...

PSKLLSVC.EXE

you will be prompted to enter a hidden password.

-p Specifies optional password for user name. If you omit this

-u Specifies optional user name for login to

Usage: pskill [-t] [\\computer [-u username [-p password]]] <process ID | name>

Process %d killed.

Process %s killed.

%d processes named %s killed.

%d processes descended from and including %d killed.

%d processes named %s and their descendants killed.

Unable to kill process %d:

Unable to kill process %s:

Process %d on %s killed.

Process %s killed on %s.

%d processes named %s killed on %s.

PsKill requires Windows NT or Windows 2000.

Please contact the application's support team for more information.

- Attempt to initialize the CRT more than once.

- CRT not initialized

- floating point support not loaded

ADVAPI32.DLL

GetProcessWindowStation

USER32.DLL

portuguese-brazilian

c:\src\Pstools\pskill\EXE\Release\pskill.pdb

VERSION.dll

NETAPI32.dll

WS2_32.dll

MPR.dll

ConnectNamedPipe

KERNEL32.dll

COMDLG32.dll

RegCreateKeyA

GetCPInfo

GetConsoleOutputCP

GetProcessHeap

\\.\pipe\pskllsvc

%s error: %d

Stopping %s.

%s (0x%x)

OpenSCManager failed - %s

CreateService failed - %s

%s installed.

Unable to install %s - %s

OpenService failed - %s

DeleteService failed - %s

%s removed.

%s failed to stop.

%s stopped.

Debugging %s.

%s -debug <params> to run as a console app for debugging

%s -remove to remove the service

%s -install to install the service

c:\src\Pstools\pskill\SVC\Release\pskllsvc.pdb

CreateNamedPipeA

ReportEventA

<requestedExecutionLevel level="asInvoker" uiAccess="false"></requestedExecutionLevel>

"hXXp://crl.verisign.com/tss-ca.crl0

hXXp://ocsp.verisign.com0

Thawte Certification1

0hXXp://crl.verisign.com/ThawteTimestampingCA.crl0

2Terms of use at hXXps://VVV.verisign.com/rpa (c)09100.

3hXXp://csc3-2009-2-crl.verisign.com/CSC3-2009-2.crl0D

hXXps://VVV.verisign.com/rpa0

hXXp://ocsp.verisign.com0?

3hXXp://csc3-2009-2-aia.verisign.com/CSC3-2009-2.cer0

.Class 3 Public Primary Certification Authority0

hXXps://VVV.verisign.com/cps0*

#hXXp://logo.verisign.com/vslogo.gif0

hXXp://ocsp.verisign.com01

hXXp://crl.verisign.com/pca3.crl0)

EhXXp://crl.microsoft.com/pki/crl/products/MicCodSigPCA_08-31-2010.crl0Z

>hXXp://VVV.microsoft.com/pki/certs/MicCodSigPCA_08-31-2010.crt0

ChXXp://crl.microsoft.com/pki/crl/products/MicrosoftTimeStampPCA.crl0X

<hXXp://VVV.microsoft.com/pki/certs/MicrosoftTimeStampPCA.crt0

$Microsoft Root Certificate Authority0

?hXXp://crl.microsoft.com/pki/crl/products/microsoftrootcert.crl0T

8hXXp://VVV.microsoft.com/pki/certs/MicrosoftRootCert.crt0

$Microsoft Root Certificate Authority

.tq[m

*hXXp://technet.microsoft.com/sysinternals 0

`.data

.rdata

@.bss

.idata

Ph.IO

YtCPV

FTPS

;%u#j

8.uC@9

FTPW

1T?.GT?

U?%1U?GFU?c[U?ypU?

2x?'9x?-@x?.Gx?,Nx?$Ux?

Wp?.np?

(:brl.stream.TStream):TAudioSample

(:brl.audiosample.TAudioSample,i):TSound

D3DVIEWPORT9

D3DVERTEXELEMENT9

DDCOLORKEY

ddckDestColorkeyLo

ddckDestColorkeyHi

ddckSrcColorkeyLo

ddckSrcColorkeyHi

dwCKeyCaps

dwSVBCKeyCaps

dwVSBCKeyCaps

dwSSBCKeyCaps

dwMaxVideoPorts

dwCurrVideoPorts

dwNLVBCKeyCaps

dckDestColorkey

dckSrcColorkey

D3DVIEWPORT7

?pub.directx.IDirectDrawSurface7

?pub.directx.IDirectDrawClipper

():brl.graphics.TGraphicsDriver

():pub.directx.IDirectDrawSurface7

[]:brl.graphics.TGraphicsMode

?pub.directx.IDirectDraw7

?pub.directx.IDirect3D7

?pub.directx.IDirect3DDevice7

():pub.directx.IDirectDraw7

():pub.directx.IDirect3D7

():pub.directx.IDirect3DDevice7

(:pub.directx.DDSURFACEDESC2):pub.directx.IDirectDrawSurface7

(:pub.directx.IDirectDrawSurface7)i

:brl.dxgraphics.TD3D7Graphics

(i,i,i):brl.max2d.TImageFrame

(:brl.pixmap.TPixmap,i):brl.max2d.TImageFrame

(:brl.pixmap.TPixmap):pub.directx.IDirectDrawSurface7

:pub.directx.DDSurfaceDesc2

(i,i):brl.pixmap.TPixmap

:pub.directx.DDSURFACEDESC2

?pub.directx.IDirectSoundBuffer

(:brl.audio.TChannel):TDirectSoundChannel

(:brl.audiosample.TAudioSample,i):TDirectSoundSound

:brl.audio.TSound

?pub.directx.IDirectSound

(:brl.audio.TChannel):TFreeAudioChannel

(i,:brl.audiosample.TAudioSample):TFreeAudioSound

(:brl.audiosample.TAudioSample,i):TFreeAudioSound

():brl.pixmap.TPixmap

:pub.freetype.FTFace

TGNetMsg

():TGNetMsg

(:TGNetMsg)i

CreatedMsg

ClosedMsg

MessageMsg

(i):TGNetMsg

(:TGNetMsg,:TGNetPeer)i

RecvMsg

(*b):TGNetMsg

SendMsg

(:brl.stream.TStream):brl.audiosample.TAudioSample

(:brl.audio.TChannel):TOpenALChannel

(:brl.audiosample.TAudioSample,i):TOpenALSound

1.2.12

%d %s %d d:d:d  0000

libpng version 1.2.12 - June 27, 2006

libpng version 1.2.12 - June 27, 2006 (header)

1.2.3

1.0.6 or earlier

Only compression windows <= 32k supported by PNG

Only compression windows >= 256 supported by PNG

Only compression method 8 is supported by PNG

iTXt chunk not supported.

0123456789ABCDEFlibpng warning no. %s: %s

libpng warning: %s

libpng error no. %s: %s

libpng error: %s, offset=%d

libpng error: %s

NULL row buffer for row %ld, pass %d

Buffer error in compressed datastream in %s chunk

Data error in compressed datastream in %s chunk

Incomplete compressed datastream in %s chunk

Unknown zTXt compression type %d

gamma = (%d/100000)

wx=%f, wy=%f, rx=%f, ry=%f

gx=%f, gy=%f, bx=%f, by=%f

incorrect gamma=(%d/100000)

Unknown compression type %d

white_x=%f, white_y=%f

zero length keyword

Out of memory while procesing keyword

invalid keyword character 0xX

trailing spaces removed from keyword

leading spaces removed from keyword

extra interior spaces removed from keyword

Zero length keyword

keyword length must be 1 - 79 characters

Empty keyword in sPLT chunk

Empty keyword in iCCP chunk

Empty keyword in tEXt chunk

Empty keyword in zTXt chunk

OpenAL32.dll

%s_%d.m

Xiph.Org libVorbis I 20050304

%s:%d:

bad argument #%d (%s)

calling '%s' on bad self (%s)

bad argument #%d to '%s' (%s)

%s expected, got %s

stack overflow (%s)

invalid option '%s'

name conflict for module '%s'

cannot %s %s: %s

PANIC: unprotected error in call to Lua API (%s)

$Lua: Lua 5.1.4 Copyright (C) 1994-2008 Lua.org, PUC-Rio $

$URL: VVV.lua.org $

%s:%d: %s

attempt to compare two %s values

attempt to compare %s with %s

attempt to %s %s '%s' (a %s value)

attempt to %s a %s value

in function '%s'

in function <%s:%d>

missing '[' after '%%f' in pattern

^$* ?.([%-

'string.gfind' was renamed to 'string.gmatch'

invalid replacement value (a %s)

invalid option '%%%c' to 'format'

%s: %s

MbP?field '%s' missing in date table

standard %s file is closed

invalid value (%s) at index %d in table for 'concat'

system error %d

'package.%s' must be a string

no file '%s'

error loading module '%s' from file '%s':

luaopen_%s

no module '%s' in file '%s'

'package.preload' must be a table

no field package.preload['%s']

loop or previous error loading module '%s'

'package.loaders' must be a table

module '%s' not found:%s

.\?.lua;!\lua\?.lua;!\lua\?\init.lua;!\?.lua;!\?\init.lua

.\?.dll;!\?.dll;!\loadall.dll

no function environment for tail call at level %d

%s: %p

cannot resume %s coroutine

Yinvalid key to 'next'

char(%d)

%s near '%s'

%s: %s in precompiled chunk

'%s' expected

main function has more than %d %s

function at line %d has more than %d %s

'%s' expected (to close '%s' at line %d)

%ld%c

.AppleDouble/

.resource/

resource.frk/

.notdef

eexec

Windows FNT

.null

 ! % ) - 11

deflate 1.2.3 Copyright 1995-2005 Jean-loup Gailly

inflate 1.2.3 Copyright 1995-2005 Mark Adler

-2147483648

-9223372036854775808

GC ERROR: %s, object=$%p

%s:%u: failed assertion `%s'

RegDeleteKeyA

RegEnumKeyA

RegOpenKeyA

CreatePipe

PeekNamedPipe

glViewport

ShellExecuteW

GetKeyState

MsgWaitForMultipleObjects

SetWindowsHookExA

COMCTL32.DLL

COMDLG32.DLL

OPENGL32.DLL

SHELL32.DLL

WINMM.DLL

WS2_32.DLL

<description>Windows forms common control manifest</description>

<assemblyIdentity type="win32" name="Microsoft.Windows.Common-Controls" version="6.0.0.0" processorArchitecture="x86" publicKeyToken="6595b64144ccf1df" language="*" />

<supportedOS Id="{e2011457-1546-43c5-a5fe-008deee3d3f0}"/>

<!--Kompatibilitat zu Windows 7 -->

<supportedOS Id="{35138b9a-5d96-4fbd-8e2d-a2440225f93a}"/>

<requestedExecutionLevel level="requireAdministrator" uiAccess="false"/>

GoDaddy.com, Inc.110/

(Go Daddy Root Certificate Authority - G20

GoDaddy.com, Inc.1-0

$hXXp://certs.godaddy.com/repository/1301

*Go Daddy Secure Certificate Authority - G20

hXXp://ocsp.godaddy.com/05

$hXXp://crl.godaddy.com/gdroot-g2.crl0F

%hXXps://certs.godaddy.com/repository/0

$hXXp://crl.godaddy.com/gdig2s5-0.crl0S

 hXXp://certificates.godaddy.com/repository/0v

hXXp://ocsp.godaddy.com/0@

4hXXp://certificates.godaddy.com/repository/gdig2.crt0

*Go Daddy Secure Certificate Authority - G2

%XJ@[

_windows

:brl.max2d.TImageFont

IconUrl

IconLocalUrl

ImageUrl

ImageLocalUrl

DownloadUrl

FileLocalUrl

LicenceUrl

PolicyUrl

PrivacyUrl

RegistryKeysInstall

RegistryKeysActive

(:twrc.rjson.TObject):Bundle

InstallChromeAddon

InstallExe

(:twrc.rjson.TObject):InstallOption

(:maxgui.maxgui.TGadget,i)i

($,:brl.threads.TThread)i

RegistryKeys

(:twrc.rjson.TObject):ForeignInstallInfo

:brl.socketstream.TSocketStream

(:brl.event.TEvent)i

:maxgui.maxgui.TGuiFont

(:maxgui.maxgui.TGadget,i,i,i,i)[]i

:brl.max2d.TImage

(i,i,i,i,:maxgui.maxgui.TGadget,i,i):TCheckbox

($,i,i,i,i,:maxgui.maxgui.TGadget):TLinkCheckbox

(i,i,i,i,:maxgui.maxgui.TGadget):TSeparator

localurl

winload_url

iconUrl

localIconUrl

(:twrc.rjson.TObject):FileStruct

Reporting

TYPE_WEBSITE

_downloadUrl

:brl.threads.TThread

gotoUrl

Chrome

pathToExe

ChromeExtension

updateUrl

($):ChromeExtension

Firefox

FirefoxExtension

_homepageURL

($):FirefoxExtension

preventExecution

allowExecution

Is64BitOperatingSystem

unzip 1.01 Copyright 1998-2004 Gilles Vollant - hXXp://VVV.winimage.com/zLibDll

zip 1.01 Copyright 1998-2004 Gilles Vollant - hXXp://VVV.winimage.com/zLibDll

3.3.5

SQL logic error or missing database

kernel lacks large file support

%s\sqlite_

2147483647

keyinfo(%d

%s-mjX

sqlite_version

no such collation sequence: %s

SQLite format 3

invalid page number %d

2nd reference to page %d

Failed to read ptrmap key=%d

Bad ptr map entry key=%d expected=(%d,%d) got=(%d,%d)

%d of %d pages missing from overflow list starting at %d

failed to get page %d

freelist leaf count too big on page %d

Page %d:

unable to get the page. error code=%d

initPage() returns error code %d

Multiple uses for byte %d of page %d

On tree page %d cell %d:

On page %d at right child:

Corruption detected in cell %d on page %d

Fragmented space is %d byte reported as %d on page %d

Unable to malloc %d bytes

Page %d is never used

Pointer map page %d is referenced

Outstanding page count goes from %d to %d during this analysis

no such table: %s.%s

no such table: %s

sqlite_temp_master

sqlite_master

sqlite_

object name reserved for internal use: %s

duplicate column name: %s

default value of column [%s] is not constant

CREATE %s %.*s

UPDATE %Q.%s SET type='%s', name=%Q, tbl_name=%Q, rootpage=#0, sql=%Q WHERE rowid=#1

CREATE TABLE %Q.sqlite_sequence(name,seq)

view %s is circularly defined

UPDATE %Q.%s SET rootpage=%d WHERE #0 AND rootpage=#0

foreign key on %s should reference only one column of table %T

number of columns in foreign key does not match the number of columns in the referenced table

unknown column "%s" in foreign key definition

indexed columns are not unique

no such index: %S

index associated with UNIQUE or PRIMARY KEY constraint cannot be dropped

DELETE FROM %Q.%s WHERE name=%Q

table %s may not be indexed

views may not be indexed

index %s already exists

there is already a table named %s

sqlite_autoindex_

CREATE%s INDEX %.*s

INSERT INTO %Q.%s VALUES('index',%Q,%Q,#0,%Q);

table %s has no column named %s

table "%s" has more than one primary key

AUTOINCREMENT is only allowed on an INTEGER PRIMARY KEY

table %s may not be dropped

use DROP TABLE to delete table %s

use DROP VIEW to delete view %s

DELETE FROM %s.sqlite_sequence WHERE name=%Q

DELETE FROM %Q.%s WHERE tbl_name=%Q and type!='trigger'

there is already an index named %s

sqlite_sequence

unable to identify the object to be reindexed

CREATE TABLE sqlite_master(

sql text

CREATE TEMP TABLE sqlite_temp_master(

unsupported file format

SELECT name, rootpage, sql, '%s' FROM '%q'.%s

database schema is locked: %s

RowKey

transaction - SQL statements in progress

SELECT name, rootpage, sql, %d FROM '%q'.%s WHERE %s

Ad-d-d d:d:d

d:d:d

d-d-d

d.d

too many attached databases - max %d

database %s is already in use

unable to open database: %s

no such database: %s

cannot detach database %s

sqlite_detach

sqlite_attach

%s %T cannot reference objects in database %s

%.*s%Q%s

sqlite_rename_table

sqlite_rename_trigger

%s OR name=%Q

there is already another table or index with this name: %s

table %s may not be altered

UPDATE %Q.%s SET sql = CASE WHEN type = 'trigger' THEN sqlite_rename_trigger(sql, %Q)ELSE sqlite_rename_table(sql, %Q) END, tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqlite_autoindex%%' AND type='index' THEN 'sqlite_autoindex_' || %Q || substr(name, %d 18,10) ELSE name END WHERE tbl_name=%Q AND (type='table' OR type='index' OR type='trigger');

UPDATE %Q.sqlite_sequence set name = %Q WHERE name = %Q

UPDATE sqlite_temp_master SET sql = sqlite_rename_trigger(sql, %Q), tbl_name = %Q WHERE %s;

Cannot add a PRIMARY KEY column

UPDATE %Q.%s SET sql = substr(sql,1,%d) || ', ' || %Q || substr(sql,%d,length(sql)) WHERE type = 'table' AND name = %Q

cannot create %s trigger on view: %S

cannot create INSTEAD OF trigger on table: %S

no such trigger: %S

variable number must be between ?1 and ?%d

no such column: %s

ambiguous column name: %s

table %s may not be modified

cannot modify %s because it is a view

unknown or unsupported join type: %T%s%T%s%T

RIGHT and FULL OUTER JOINs are not currently supported

column%d

%s BY terms must not be non-integer constants

%s BY column number %d out of range - should be between 1 and %d

%s:%d

cannot have both ON and USING clauses in the same join

sqlite_subquery_%p_

a NATURAL join may not have an ON or USING clause

cannot join using column %s - column not present in both tables

%s.%s

ORDER BY term number %d does not match any result column

ORDER BY position %d should be between 1 and %d

ORDER BY clause should come after %s not before

LIMIT clause should come after %s not before

SELECTs to the left and right of %s do not have the same number of result columns

ABORTABLEFTEMPORARYADDATABASELECTHENDEFAULTRANSACTIONATURALTERAISEACHECKEYAFTEREFERENCESCAPELSEXCEPTRIGGEREGEXPLAINITIALLYANALYZEXCLUSIVEXISTSTATEMENTANDEFERRABLEATTACHAVINGLOBEFOREIGNOREINDEXAUTOINCREMENTBEGINNERENAMEBETWEENOTNULLIKEBYCASCADEFERREDELETECASECASTCOLLATECOLUMNCOMMITCONFLICTCONSTRAINTERSECTCREATECROSSCURRENT_DATECURRENT_TIMESTAMPLANDESCDETACHDISTINCTDROPRAGMATCHFAILIMITFROMFULLGROUPDATEIFIMMEDIATEINSERTINSTEADINTOFFSETISNULLJOINORDEREPLACEOUTERESTRICTPRIMARYQUERYRIGHTROLLBACKROWHENUNIONUNIQUEUSINGVACUUMVALUESVIEWHERE

illegal return value (%d) from the authorization function - should be SQLITE_OK, SQLITE_IGNORE, or SQLITE_DENY

access to %s.%s.%s is prohibited

access to %s.%s is prohibited

sqlite_stat1

CREATE TABLE %Q.sqlite_stat1(tbl,idx,stat)

DELETE FROM %Q.sqlite_stat1 WHERE tbl=%Q

SELECT idx, stat FROM %Q.sqlite_stat1

PRAGMA vacuum_db.synchronous=OFF

SELECT 'CREATE TABLE vacuum_db.' || substr(sql,14,100000000) FROM sqlite_master WHERE type='table' AND name!='sqlite_sequence'

SELECT 'CREATE INDEX vacuum_db.' || substr(sql,14,100000000) FROM sqlite_master WHERE sql LIKE 'CREATE INDEX %'

SELECT 'CREATE UNIQUE INDEX vacuum_db.' || substr(sql,21,100000000) FROM sqlite_master WHERE sql LIKE 'CREATE UNIQUE INDEX %'

SELECT 'CREATE VIEW vacuum_db.' || substr(sql,13,100000000) FROM sqlite_master WHERE type='view'

SELECT 'INSERT INTO vacuum_db.' || quote(name) || ' SELECT * FROM ' || quote(name) || ';'FROM sqlite_master WHERE type = 'table' AND name!='sqlite_sequence';

SELECT 'DELETE FROM vacuum_db.' || quote(name) || ';' FROM vacuum_db.sqlite_master WHERE name='sqlite_sequence'

SELECT 'INSERT INTO vacuum_db.' || quote(name) || ' SELECT * FROM ' || quote(name) || ';' FROM vacuum_db.sqlite_master WHERE name=='sqlite_sequence';

SELECT 'CREATE TRIGGER vacuum_db.' || substr(sql, 16, 1000000) FROM sqlite_master WHERE type='trigger'

PRIMARY KEY must be unique

table %S has %d columns but %d values were supplied

%d values for %d columns

table %S has no column named %s

Aat most %d tables in a join

TABLE %s

%z AS %s

%z WITH INDEX %s

%z USING PRIMARY KEY

incomplete SQL statement

sql_trace

foreign_key_list

*** in database %s ***

unsupported encoding: %s

operand of unlimited repeat could match the empty string

POSIX named classes are supported only within a class

erroffset passed as NULL

POSIX collating elements are not supported

this version of PCRE is not compiled with PCRE_UTF8 support

PCRE does not support \L, \l, \N, \U, or \u

support for \P, \p, and \X has not been compiled

(*VERB) with an argument is not supported

!"#$%&'((()* ,-./01

Mhtmlview TODO error line:%d

18DWebBrowserEvents2

22DWebBrowserEventsImpl2

EnumChildWindows

SetWindowsHookExW

UnhookWindowsHookEx

.pDC'DIBQ

2"&,\45>

*.**)

MSIMG32.DLL

OLE32.dll

OLEAUT32.DLL

PSAPI.DLL

WSOCK32.DLL

KeyDown

KeyUp

KeyChar

KeyRepeat

HotkeyHit

WindowSize

%d %b %Yib

%H:%M:%S

http:

blitzfont.bin

gldrawtextfont.bin

PipeStream ReadBuffer Overflow

.language.ini

user32.dll

uxtheme.dll

msftedit.dll

riched20.dll

comctl32.dll

{8CC497C0-A1DF-11ce-8098-00AA0047BE5D}

Parent isn't a treeview node. Use TreeViewRoot() when creating a root node.is

{332c4425-26cb-11d0-b483-00c04fd90119}

HTTP/1.0

0123456789

[ERROR] expected open-curly-brace character at position

[ERROR] expected comma or semicolon or close-curly-brace character but found

[ERROR] expected close-curly-brace character at position

SOFTWARE\Microsoft\NET Framework Setup\NDP\v2.0.50727\

SOFTWARE\Microsoft\NET Framework Setup\NDP\v1.1.4322\

Software\Microsoft\Active Setup\Installed Components\{FDC11A6F-17D1-48f9-9EA3-9051954BAA24}

1.0.3705.3

1.0.3705.2

Software\Microsoft\Active Setup\Installed Components\{78705f0d-e8db-4b2d-8193-982bdda15ecd}

1.0.3705.1

SOFTWARE\Microsoft\.NET Framework\Policy\v1.0\

TZipReader.getFileInfo(): Invalid index

Invalid syntax for URL (ex. zipe::zipfilename::file_in_zip::password)

static/chkbx/_dt_.png

static/chkbx/_du_.png

static/chkbx/_ht_.png

static/chkbx/_hu_.png

static/chkbx/_it_.png

static/chkbx/_iu_.png

static/_setup_ico_.png

static/_setup_bg_.png

static/_icon_.ico

NirCmd

NirCmd.exe

../static/nircmdc.exe

mscoree.dll

Sysinternals - VVV.sysinternals.com

pkill.exe

../static/pskill.exe

httppM

WindowSizepM

%d %b %YibpM

%H:%M:%SpM

UNSUPPORTEDMODE

_clipper.Release_=pM

_renderSurf.Release_=

_primSurf.Release_=i

device does not support clipplanes

.exepM

.modpM

.mod/

.bmxpM

INVALID_OPERATION

--trkurlpM

msiexec /i

HKEY_CLASSES_ROOT

HKEY_CURRENT_USER

HKEY_LOCAL_MACHINEpM

HKEY_USERSpM

HTTP/1.1

hXXp://

VVV.pM

Request-Url

../static/spwn.exe

chrome-addon

.html

firefox.exe

chrome.exe

iexplore.exe

https

CHROME_EXT://

HKEY_LOCAL_MACHINE

HKEY_USERS

C:\test

--trkurl

image_url

download_url

download_url_64

licence_url

policy_url

privacy_url

registry_key_install

registry_key_active

\sdanircmdc.exe

\sdapskill.exe

\sdaspwn.exe

VVV.giga.de

config.php

track.php

hXXp://VVV.giga.de/static/files/sda/licence.txt

/conf.ini

URL_PATH=

URL_PATH: "

URL_PART_CONFIG=

URL_PART_CONFIG: "

URL_PART_TRACKING=

URL_PART_TRACKING: "

LICENCE_FILE_URL=

LICENCE_FILE_URL: "

nschten Operationen aus.

%FILE%

%PROGRAM_URL%

Setup.exe

READING KEY:

reading install reg key

have read install reg key

%%TRACKING_URL%%

Bundle opened url:

InstallExe()

InstallExe:

InstallExe: do install of

InstallExe: started

InstallExe: success

InstallExe: error: not started

InstallExe: removing install process from process list

InstallExe: error: setup is null

InstallExe: error: file not found...

InstallExe: error:

[{000214A0-0000-0000-C000-000000000046}]

HotKey=0

checking ACTIVE regkey:

checking if key exists

.isInstalled()

.isInstalled() => False because of landingpage

.isInstalled() => True because of existing ICON

.isInstalled() => True because of existing FF Ext

.isInstalled() => True because of existing CHROME Ext

.isInstalled() => True because of existing FILE

checking regkey:

checking if key exists:

.isInstalled() => True because of existing REG KEY

.isInstalled() => True because of existing REG VALUE

.isInstalled() => True because of existing and matching REG VALUE

.isInstalled() Bundle is installed

.isInstalled() Bundle is not installed

App.DownloadManager.download()

\setup.ico

inc/static/icon.ico

ffnen.url

incbin::static/_setup_bg_.png

incbin::static/_setup_ico_.png

incbin::static/chkbx/_it_.png

incbin::static/chkbx/_ht_.png

incbin::static/chkbx/_dt_.png

incbin::static/chkbx/_iu_.png

incbin::static/chkbx/_hu_.png

incbin::static/chkbx/_du_.png

bundle.mayOffer():

bundle.opted:

bundle.optionsToDisplay():

\sdanircmdc.exe killprocess

\sdapskill.exe -t

tcp stream created successfully

getFinalHttpHeaders(

Initiating Downloader: downloadUrl: "

downloadUrl is empty!

sda_dbg.txt

.bmpb

Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice\

http\shell\open\command\

chrome

firefox

opera.exe

opera

Safari.exe

Opera.HTML

ChromeHTML

FirefoxHTML

Software\Wow6432Node\Microsoft\Windows\CurrentVersion\App Paths\chrome.exe

Software\Microsoft\Windows\CurrentVersion\App Paths\chrome.exe

\AppData\Local\Google\Chrome\User Data\Default\Preferences

\AppData\Local\Google\Chrome\User Data\Default\Extensions\

\ChromeExtensions\

Software\Google\Chrome\Extensions\

Software\Wow6432Node\Google\Chrome\Extensions\

chrome EXE:

Type Chrome->setStartpage(

Type Chrome->setStartpage: reading:

Type Chrome->setStartpage: Couldn't read file:

Type Chrome->setStartpage: Parsing JSON

Type Chrome->setStartpage: Unable to parse JSON

urls_to_restore_on_startup

startup_urls

Type Chrome->setStartpage: Setting Unique startpage

Type Chrome->setStartpage: Setting NON Unique startpage

chrome://newtab

Type Chrome->setStartpage: Setting NON Unique startpage to position {FIRST}

Type Chrome->setStartpage: Setting NON Unique startpage to position {LAST}

Type Chrome->setStartpage: writing to file:

\manifest.json

Software\Wow6432Node\Mozilla\Mozilla Firefox\

PathToExe

Firefox.pathToExe(), first check:

Software\Mozilla\Mozilla Firefox\

Firefox.pathToExe(), second check:

Firefox.installExtension(), ERROR, dir not exists

Firefox.installExtension(), ERROR, unzip failed

\install.rdf

Firefox.installExtension(), ERROR, rdf not extracted

Firefox.installExtension(), ERROR, extension info not read

\AppData\Roaming\Mozilla\Firefox\Profiles\

Firefox.installExtension(), extracting extension to:

Firefox.installExtension(), launched silent FF

Firefox.installExtension(), ERROR, unable to launch silent FF

\extensions.sqlite

Firefox.installExtension(), reading sqlite file

Firefox.installExtension(), ERROR, unable to open sqlite file correctly

Firefox.installExtension(), have read sqlfile from disk

INSERT INTO locale (name, description, creator, homepageURL) VALUES

id, syncGUID, location, version, type, internalName, updateURL, updateKey, optionsURL, optionsType, aboutURL, iconURL, icon64URL,

, 1, 1, 0, 0, 0, '

'', '', '', '', '', '', '', '',

, '', '', 0, 0, 0, 0

Firefox.installExtension(), ERROR, sqlite file does not exist

\extensions.json

Firefox.installExtension(), reading json file

Firefox.installExtension(), ERROR, error reading json file

Firefox.installExtension(), json file can be read

Firefox.installExtension(), ERROR, error parsing json file

Firefox.installExtension(), json file can be parsed

Firefox.installExtension(), Extension not found in JSON File, will be added

homepageURL

Firefox.installExtension(), Extension was found in JSON File, will NOT be added

Firefox.installExtension(), json file written

Firefox.installExtension(), ERROR, unable to write json file

Firefox.installExtension(), ERROR, json file does not exist

\extensions.ini

Firefox.installExtension(), reading ini file

Firefox.installExtension(), ERROR, ini file does not exist

\prefs.js

Firefox.installExtension(), processing prefs file

user_pref("extensions.bootstrappedAddons",

user_pref("extensions.bootstrappedAddons", "{

Firefox.installExtension(), ERROR, unable to open prefs file

Firefox.installExtension(), ERROR, prefs file does not exist

parent.lock

localstore-safe.rdf

Telemetry.ShutdownTime.txt

places.sqlite-shm.txt

places.sqlite-wal

cookies.sqlite-shm

cookies.sqlite-wal

sessionstore.js

sessionstore.bak

"browser.startup.homepage"

user_pref("browser.startup.homepage", "

"browser.startup.homepage", "([^"] )"

"browser.startup.homepage", "

"browser.startup.homepage", "\1|

user_pref("browser.startup.homepage", "about:home|

em:homepageURL

Firefox still running

Firefox not running anymore

Type IE->setStartpage: Already have the url: "

RUNDLL32.EXE USER32.DLL,UpdatePerUserSystemParameters ,1 ,True

Software\Microsoft\Windows\CurrentVersion\Policies\Explorer

Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun

HKEY_CURRENT_USER\Software\Classes\

HKEY_LOCAL_MACHINE\Software\Classes\

HKEY_CLASSES_ROOT\

Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\

SQLite Error, Statement:

SQLite Error, Statement: SELECT last_insert_rowid();

.----/01/01/01

{|{|{|{|{|{|{|{|{|{|{|{|{|{|{|{|{|{|{|{|{|{|{|{|{|{|{|

{|{|{|{|{|{|{|

Web View

Web Host

%original file name%.exe_196_rwx_00401000_002D1000:

%u&C9

%u:F9

(:brl.stream.TStream,i,i)i

:brl.bank.TBank

(:brl.bank.TBank):TBankStream

OpenURL

(:brl.stream.TStream):TPixmap

:brl.font.TFont

[]:brl.pixmap.TPixmap

(i,i,i):brl.pixmap.TPixmap

(i,:brl.pixmap.TPixmap)i

:brl.pixmap.TPixmap

(:brl.pixmap.TPixmap,i):TImageFrame

SetViewport

(:brl.pixmap.TPixmap,i,i)i

(i,i,i,i):brl.pixmap.TPixmap

viewport_x

viewport_y

viewport_w

viewport_h

:brl.graphics.TGraphics

(:brl.graphics.TGraphics,:TMax2DDriver):TMax2DGraphics

()[]:brl.graphics.TGraphicsMode

(:brl.graphics.TGraphics)i

:brl.graphics.TGraphicsMode

(:brl.pixmap.TPixmap,i):TGLImageFrame

(i,i):brl.max2d.TMax2DGraphics

(i,i,i,i,i):brl.max2d.TMax2DGraphics

TPipeStream

ReadPipe

(i,i):TPipeStream

pipe

:TPipeStream

:brl.event.TEvent

(f,:brl.event.TEvent):TTimer

TKeyValue

TKeyEnumerator

ValueForKey

Keys

(:brl.stream.TStream,i):TTextStream

(:Object,$,$,i,i):brl.stream.TStream

:brl.map.TMap

(:maxgui.localization.TMaxGUILanguage)i

(i):brl.pixmap.TPixmap

:brl.linkedlist.TList

(:brl.event.TEvent,:Object)i

datakeys

((:brl.event.TEvent,:Object)i,:Object)i

KeysFromList

(:brl.linkedlist.TList)[]$

KeysFromObjectArray

InsertItemFromKey

(:brl.pixmap.TPixmap,i)i

SetHotKey

(i):brl.graphics.TGraphics

():brl.graphics.TGraphics

THotKey

:THotKey

dwWindowStatus

crTextColor

biClrImportant

TWindowsGUIDriver

(i,:TWindowsGadget)i

KeyboardProc

HotkeyEventFromWp

(i):brl.event.TEvent

(i,i,i,i,:maxgui.maxgui.TGadget)i

(i,$,i,i,i,i,:maxgui.maxgui.TGadget,i):maxgui.maxgui.TGadget

():maxgui.maxgui.TGadget

($,i,i):maxgui.maxgui.TGuiFont

($,d,i):maxgui.maxgui.TGuiFont

(i,d,i):maxgui.maxgui.TGuiFont

(:maxgui.maxgui.TGuiFont):maxgui.maxgui.TGuiFont

(:Object):maxgui.maxgui.TIconStrip

TWindowsGadget

_hotkey

:maxgui.maxgui.THotKey

:TWindowsFont

(:maxgui.maxgui.TGuiFont)i

TWindowsDesktop

TWindowsWindow

:TWindowsMenu

(:maxgui.maxgui.TGadget,i):TWindowsWindow

(:maxgui.maxgui.TGadget,:Object)i

TWindowsButton

(:maxgui.maxgui.TGadget,i):TWindowsButton

(:brl.pixmap.TPixmap)i

TWindowsTextField

(:maxgui.maxgui.TGadget,i):TWindowsTextField

TWindowsTextArea

:pub.win32.CHARRANGE

:pub.win32.CHARFORMATW

:pub.win32.GUID

(:maxgui.maxgui.TGadget,i):TWindowsTextArea

TWindowsListBox

:TWindowsIconStrip

(:maxgui.maxgui.TGadget,i):TWindowsListBox

(:maxgui.maxgui.TIconStrip)i

TWindowsComboBox

(:maxgui.maxgui.TGadget,i):TWindowsComboBox

TWindowsToolBar

(:maxgui.maxgui.TGadget,i):TWindowsToolBar

TWindowsTabber

(:maxgui.maxgui.TGadget,i):TWindowsTabber

TWindowsTreeNode

:TWindowsTreeNode

(:TWindowsTreeView):TWindowsTreeNode

($,:maxgui.maxgui.TGadget,i,i,i):TWindowsTreeNode

(i,$,i):maxgui.maxgui.TGadget

TWindowsTreeView

(:maxgui.maxgui.TGadget,i):TWindowsTreeView

TWindowsLabel

(:maxgui.maxgui.TGadget,i):TWindowsLabel

TWindowsSlider

(:maxgui.maxgui.TGadget,i):TWindowsSlider

TWindowsProgressBar

(:maxgui.maxgui.TGadget,i):TWindowsProgressBar

TWindowsPanel

(:maxgui.maxgui.TGadget,i):TWindowsPanel

TWindowsHTMLView

?pub.win32.IWebBrowser2

(:maxgui.maxgui.TGadget,i):TWindowsHTMLView

TWindowsMenu

_hotkeycode

SetNewKey

GetMenuFromKey

(i):TWindowsMenu

($,:maxgui.maxgui.TGadget,i):TWindowsMenu

TWindowsIconStrip

(:Object):TWindowsIconStrip

():TWindowsIconStrip

TWindowsFont

(i):TWindowsFont

(:pub.win32.LOGFONTW,i,d)i

($,d,i):TWindowsFont

(:pub.win32.LOGFONTW,i,i):TWindowsFont

(:maxgui.maxgui.TGuiFont):TWindowsFont

(d,i):TWindowsFont

TWindowsGraphic

(:brl.pixmap.TPixmap,i,i,i)i

[]:maxgui.maxgui.TGadget

:maxgui.maxgui.TGadget

(i,i,i,i,:maxgui.maxgui.TGadget,i):TSplitter

(i):maxgui.maxgui.TGadget

(:brl.pixmap.TPixmap):brl.pixmap.TPixmap

(:brl.pixmap.TPixmap,f):brl.pixmap.TPixmap

pnlViewport

(i,i,i,i,:maxgui.maxgui.TGadget,i):TScrollPanel

FitToViewport

(:maxgui.maxgui.TGadget,:maxgui.maxgui.TGadget)i

($,i,i,i,i,:maxgui.maxgui.TGadget,i,$):THyperlinkGadget

(:brl.event.TEvent):brl.event.TEvent

getExecOpt

TRegExException

(i,$):TRegExException

():brl.linkedlist.TList

(:brl.linkedlist.TList):brl.linkedlist.TList

_localPort

_remotePort

SetTCPNoDelay

LocalPort

RemotePort

CreateUDP

CreateTCP

(:brl.stream.TStream):brl.stream.TStream

:brl.socket.TSocket

():brl.socket.TSocket

(:brl.socket.TSocket,i):TSocketStream

THTTPStreamFactory

(:Object,:brl.reflection.TTypeId):TValue

(:TValue,:brl.reflection.TTypeId):Object

(:brl.reflection.TTypeId):brl.linkedlist.TList

(:TValue,:TValue,:brl.linkedlist.TList,[]:TValue_Selector_Token):brl.linkedlist.TList

(:brl.stream.TStream,$,$)i

($,i,$):brl.ramstream.TRamStream

(i,i,i):brl.ramstream.TRamStream

:brl.stream.TStream

(:brl.stream.TStream,i,i):TZipFileList

():brl.bank.TBank

(:brl.stream.TStream)i

password

(:brl.stream.TStream):brl.pixmap.TPixmap

paint.net 4.0.3

.uy}"

.rsrc

JuAV.CS~

1y.Gh6

vapi32.dllCreateP

irCmd vF71 (Conso

m\\.\

0/222^ /

HKEY_LOCAL_MACH

C.pdb

nv.onm&Va

n"81IKey

KERNEL32.DLL

ADVAPI32.dll

GDI32.dll

msvcrt.dll

ole32.dll

SHELL32.dll

USER32.dll

WINMM.dll

RegCloseKey

ShellExecuteA

.text

`.rdata

@.data

vSSSh

FTPjK

FtPj;

C.PjRV

tGHt.Ht&

ntdll.dll

\b EFFET JURIDIQUE.\b0 Le pr\'e9sent contrat d\'e9crit certains droits juridiques. Vous pourriez avoir d'autres droits pr\'e9vus par les lois de votre pays. Le pr\'e9sent contrat ne modifie pas les droits que vous conf\'e8rent les lois de votre pays si celles-ci ne le permettent pas.\b\par

\pard\sb240\lang1036 Remarque : Ce logiciel \'e9tant distribu\'e9 au Qu\'e9bec, Canada, certaines des clauses dans ce contrat sont fournies ci-dessous en fran\'e7ais.\par

\pard\fi-357\li357\sb120\sa120\tx360\caps\fs20 8.\tab\fs19 Legal Effect.\b0\caps0 This agreement describes certain legal rights. You may have other rights under the laws of your country. You may also have rights with respect to the party from whom you acquired the software. This agreement does not change your rights under the laws of your country if the laws of your country do not permit it to do so.\b\caps\par

\caps\fs20 6.\tab\fs19 Entire Agreement.\b0\caps0 This agreement, and the terms for supplements, updates, Internet-based services and support services that you use, are the entire agreement for the software and support services.\par

\caps\fs20 5.\tab\fs19 SUPPORT SERVICES.\caps0 \b0 Because this software is \ldblquote as is,\rdblquote we may not provide support services for it.\b\par

\caps\fs20 4.\tab\fs19 Export Restrictions\caps0 .\b0 The software is subject to United States export laws and regulations. You must comply with all domestic and international export laws and regulations that apply to the software. These laws include restrictions on destinations, end users and end use. For additional information, see \cf1\ul VVV.microsoft.com/exporting <hXXp://VVV.microsoft.com/exporting>\cf0\ulnone .\b\par

\caps\fs20 2.\tab\fs19 Scope of License\caps0 .\b0 The software is licensed, not sold. This agreement only gives you some rights to use the software. Sysinternals reserves all other rights. Unless applicable law gives you more rights despite this limitation, you may use the software only as expressly permitted in this agreement. In doing so, you must comply with any technical limitations in the software that only allow you to use it in certain ways. You may not\b\par

\'b7\tab support services\par

\pard\sb120\sa120\b0\fs19 These license terms are an agreement between Sysinternals (a wholly owned subsidiary of Microsoft Corporation) and you. Please read them. They apply to the software you are downloading from Systinternals.com, which includes the media on which you received it, if any. The terms also apply to any Sysinternals\par

{\*\generator Msftedit 5.41.21.2506;}\viewkind4\uc1\pard\brdrb\brdrs\brdrw10\brsp20 \sb120\sa120\b\f0\fs24 SYSINTERNALS SOFTWARE LICENSE TERMS\fs28\par

%s License Agreement

Riched32.dll

Software\Sysinternals\%s

Shell32.dll

\\.\%s

netmsg.dll

\\%s\IPC$

\\%s\ADMIN$\%s

%s\%s

Make sure that the default admin$ share is enabled on %s.

Make sure that file and print sharing services are enabled on %s.

Couldn't access %s:

Couldn't install %s service:

Could not start %s service on %s:

%%SystemRoot%%\%s

Starting %s service on %s...

Timeout accessing %s.

Connecting to %s...

Cannot connect to remote registry on %s:

Cannot log on to %s:

Password:

\\%s:

A system error has occurred: %d

Error opening %s:

\StringFileInfo\XX\%s

%s requires Windows NT/2000/XP/2003.

Process %d does not exist on %s.

Process %s does not exist on %s.

Error killing process %d on %s:

Error killing process(es) named %s on %s:

Error communicating with pskill service on %s. The process may

Error communicating with pskill service on %s:

Killing process%s %d on %s...

Error establishing communication with pskill service on %s:

\\%s\pipe\pskllsvc

Connecting with pskill service on %s...

PSKLLSVC.EXE

you will be prompted to enter a hidden password.

-p Specifies optional password for user name. If you omit this

-u Specifies optional user name for login to

Usage: pskill [-t] [\\computer [-u username [-p password]]] <process ID | name>

Process %d killed.

Process %s killed.

%d processes named %s killed.

%d processes descended from and including %d killed.

%d processes named %s and their descendants killed.

Unable to kill process %d:

Unable to kill process %s:

Process %d on %s killed.

Process %s killed on %s.

%d processes named %s killed on %s.

PsKill requires Windows NT or Windows 2000.

Please contact the application's support team for more information.

- Attempt to initialize the CRT more than once.

- CRT not initialized

- floating point support not loaded

ADVAPI32.DLL

GetProcessWindowStation

USER32.DLL

portuguese-brazilian

c:\src\Pstools\pskill\EXE\Release\pskill.pdb

VERSION.dll

NETAPI32.dll

WS2_32.dll

MPR.dll

ConnectNamedPipe

KERNEL32.dll

COMDLG32.dll

RegCreateKeyA

GetCPInfo

GetConsoleOutputCP

GetProcessHeap

\\.\pipe\pskllsvc

%s error: %d

Stopping %s.

%s (0x%x)

OpenSCManager failed - %s

CreateService failed - %s

%s installed.

Unable to install %s - %s

OpenService failed - %s

DeleteService failed - %s

%s removed.

%s failed to stop.

%s stopped.

Debugging %s.

%s -debug <params> to run as a console app for debugging

%s -remove to remove the service

%s -install to install the service

c:\src\Pstools\pskill\SVC\Release\pskllsvc.pdb

CreateNamedPipeA

ReportEventA

<requestedExecutionLevel level="asInvoker" uiAccess="false"></requestedExecutionLevel>

"hXXp://crl.verisign.com/tss-ca.crl0

hXXp://ocsp.verisign.com0

Thawte Certification1

0hXXp://crl.verisign.com/ThawteTimestampingCA.crl0

2Terms of use at hXXps://VVV.verisign.com/rpa (c)09100.

3hXXp://csc3-2009-2-crl.verisign.com/CSC3-2009-2.crl0D

hXXps://VVV.verisign.com/rpa0

hXXp://ocsp.verisign.com0?

3hXXp://csc3-2009-2-aia.verisign.com/CSC3-2009-2.cer0

.Class 3 Public Primary Certification Authority0

hXXps://VVV.verisign.com/cps0*

#hXXp://logo.verisign.com/vslogo.gif0

hXXp://ocsp.verisign.com01

hXXp://crl.verisign.com/pca3.crl0)

EhXXp://crl.microsoft.com/pki/crl/products/MicCodSigPCA_08-31-2010.crl0Z

>hXXp://VVV.microsoft.com/pki/certs/MicCodSigPCA_08-31-2010.crt0

ChXXp://crl.microsoft.com/pki/crl/products/MicrosoftTimeStampPCA.crl0X

<hXXp://VVV.microsoft.com/pki/certs/MicrosoftTimeStampPCA.crt0

$Microsoft Root Certificate Authority0

?hXXp://crl.microsoft.com/pki/crl/products/microsoftrootcert.crl0T

8hXXp://VVV.microsoft.com/pki/certs/MicrosoftRootCert.crt0

$Microsoft Root Certificate Authority

.tq[m

*hXXp://technet.microsoft.com/sysinternals 0

`.data

.rdata

@.bss

.idata

Ph.IO

YtCPV

FTPS

;%u#j

8.uC@9

FTPW

1T?.GT?

U?%1U?GFU?c[U?ypU?

2x?'9x?-@x?.Gx?,Nx?$Ux?

Wp?.np?

(:brl.stream.TStream):TAudioSample

(:brl.audiosample.TAudioSample,i):TSound

D3DVIEWPORT9

D3DVERTEXELEMENT9

DDCOLORKEY

ddckDestColorkeyLo

ddckDestColorkeyHi

ddckSrcColorkeyLo

ddckSrcColorkeyHi

dwCKeyCaps

dwSVBCKeyCaps

dwVSBCKeyCaps

dwSSBCKeyCaps

dwMaxVideoPorts

dwCurrVideoPorts

dwNLVBCKeyCaps

dckDestColorkey

dckSrcColorkey

D3DVIEWPORT7

?pub.directx.IDirectDrawSurface7

?pub.directx.IDirectDrawClipper

():brl.graphics.TGraphicsDriver

():pub.directx.IDirectDrawSurface7

[]:brl.graphics.TGraphicsMode

?pub.directx.IDirectDraw7

?pub.directx.IDirect3D7

?pub.directx.IDirect3DDevice7

():pub.directx.IDirectDraw7

():pub.directx.IDirect3D7

():pub.directx.IDirect3DDevice7

(:pub.directx.DDSURFACEDESC2):pub.directx.IDirectDrawSurface7

(:pub.directx.IDirectDrawSurface7)i

:brl.dxgraphics.TD3D7Graphics

(i,i,i):brl.max2d.TImageFrame

(:brl.pixmap.TPixmap,i):brl.max2d.TImageFrame

(:brl.pixmap.TPixmap):pub.directx.IDirectDrawSurface7

:pub.directx.DDSurfaceDesc2

(i,i):brl.pixmap.TPixmap

:pub.directx.DDSURFACEDESC2

?pub.directx.IDirectSoundBuffer

(:brl.audio.TChannel):TDirectSoundChannel

(:brl.audiosample.TAudioSample,i):TDirectSoundSound

:brl.audio.TSound

?pub.directx.IDirectSound

(:brl.audio.TChannel):TFreeAudioChannel

(i,:brl.audiosample.TAudioSample):TFreeAudioSound

(:brl.audiosample.TAudioSample,i):TFreeAudioSound

():brl.pixmap.TPixmap

:pub.freetype.FTFace

TGNetMsg

():TGNetMsg

(:TGNetMsg)i

CreatedMsg

ClosedMsg

MessageMsg

(i):TGNetMsg

(:TGNetMsg,:TGNetPeer)i

RecvMsg

(*b):TGNetMsg

SendMsg

(:brl.stream.TStream):brl.audiosample.TAudioSample

(:brl.audio.TChannel):TOpenALChannel

(:brl.audiosample.TAudioSample,i):TOpenALSound

1.2.12

%d %s %d d:d:d  0000

libpng version 1.2.12 - June 27, 2006

libpng version 1.2.12 - June 27, 2006 (header)

1.2.3

1.0.6 or earlier

Only compression windows <= 32k supported by PNG

Only compression windows >= 256 supported by PNG

Only compression method 8 is supported by PNG

iTXt chunk not supported.

0123456789ABCDEFlibpng warning no. %s: %s

libpng warning: %s

libpng error no. %s: %s

libpng error: %s, offset=%d

libpng error: %s

NULL row buffer for row %ld, pass %d

Buffer error in compressed datastream in %s chunk

Data error in compressed datastream in %s chunk

Incomplete compressed datastream in %s chunk

Unknown zTXt compression type %d

gamma = (%d/100000)

wx=%f, wy=%f, rx=%f, ry=%f

gx=%f, gy=%f, bx=%f, by=%f

incorrect gamma=(%d/100000)

Unknown compression type %d

white_x=%f, white_y=%f

zero length keyword

Out of memory while procesing keyword

invalid keyword character 0xX

trailing spaces removed from keyword

leading spaces removed from keyword

extra interior spaces removed from keyword

Zero length keyword

keyword length must be 1 - 79 characters

Empty keyword in sPLT chunk

Empty keyword in iCCP chunk

Empty keyword in tEXt chunk

Empty keyword in zTXt chunk

OpenAL32.dll

%s_%d.m

Xiph.Org libVorbis I 20050304

%s:%d:

bad argument #%d (%s)

calling '%s' on bad self (%s)

bad argument #%d to '%s' (%s)

%s expected, got %s

stack overflow (%s)

invalid option '%s'

name conflict for module '%s'

cannot %s %s: %s

PANIC: unprotected error in call to Lua API (%s)

$Lua: Lua 5.1.4 Copyright (C) 1994-2008 Lua.org, PUC-Rio $

$URL: VVV.lua.org $

%s:%d: %s

attempt to compare two %s values

attempt to compare %s with %s

attempt to %s %s '%s' (a %s value)

attempt to %s a %s value

in function '%s'

in function <%s:%d>

missing '[' after '%%f' in pattern

^$* ?.([%-

'string.gfind' was renamed to 'string.gmatch'

invalid replacement value (a %s)

invalid option '%%%c' to 'format'

%s: %s

MbP?field '%s' missing in date table

standard %s file is closed

invalid value (%s) at index %d in table for 'concat'

system error %d

'package.%s' must be a string

no file '%s'

error loading module '%s' from file '%s':

luaopen_%s

no module '%s' in file '%s'

'package.preload' must be a table

no field package.preload['%s']

loop or previous error loading module '%s'

'package.loaders' must be a table

module '%s' not found:%s

.\?.lua;!\lua\?.lua;!\lua\?\init.lua;!\?.lua;!\?\init.lua

.\?.dll;!\?.dll;!\loadall.dll

no function environment for tail call at level %d

%s: %p

cannot resume %s coroutine

Yinvalid key to 'next'

char(%d)

%s near '%s'

%s: %s in precompiled chunk

'%s' expected

main function has more than %d %s

function at line %d has more than %d %s

'%s' expected (to close '%s' at line %d)

%ld%c

.AppleDouble/

.resource/

resource.frk/

.notdef

eexec

Windows FNT

.null

 ! % ) - 11

deflate 1.2.3 Copyright 1995-2005 Jean-loup Gailly

inflate 1.2.3 Copyright 1995-2005 Mark Adler

-2147483648

-9223372036854775808

GC ERROR: %s, object=$%p

%s:%u: failed assertion `%s'

RegDeleteKeyA

RegEnumKeyA

RegOpenKeyA

CreatePipe

PeekNamedPipe

glViewport

ShellExecuteW

GetKeyState

MsgWaitForMultipleObjects

SetWindowsHookExA

COMCTL32.DLL

COMDLG32.DLL

OPENGL32.DLL

SHELL32.DLL

WINMM.DLL

WS2_32.DLL

<description>Windows forms common control manifest</description>

<assemblyIdentity type="win32" name="Microsoft.Windows.Common-Controls" version="6.0.0.0" processorArchitecture="x86" publicKeyToken="6595b64144ccf1df" language="*" />

<supportedOS Id="{e2011457-1546-43c5-a5fe-008deee3d3f0}"/>

<!--Kompatibilitat zu Windows 7 -->

<supportedOS Id="{35138b9a-5d96-4fbd-8e2d-a2440225f93a}"/>

<requestedExecutionLevel level="requireAdministrator" uiAccess="false"/>

GoDaddy.com, Inc.110/

(Go Daddy Root Certificate Authority - G20

GoDaddy.com, Inc.1-0

$hXXp://certs.godaddy.com/repository/1301

*Go Daddy Secure Certificate Authority - G20

hXXp://ocsp.godaddy.com/05

$hXXp://crl.godaddy.com/gdroot-g2.crl0F

%hXXps://certs.godaddy.com/repository/0

$hXXp://crl.godaddy.com/gdig2s5-0.crl0S

 hXXp://certificates.godaddy.com/repository/0v

hXXp://ocsp.godaddy.com/0@

4hXXp://certificates.godaddy.com/repository/gdig2.crt0

*Go Daddy Secure Certificate Authority - G2

%XJ@[

_windows

:brl.max2d.TImageFont

IconUrl

IconLocalUrl

ImageUrl

ImageLocalUrl

DownloadUrl

FileLocalUrl

LicenceUrl

PolicyUrl

PrivacyUrl

RegistryKeysInstall

RegistryKeysActive

(:twrc.rjson.TObject):Bundle

InstallChromeAddon

InstallExe

(:twrc.rjson.TObject):InstallOption

(:maxgui.maxgui.TGadget,i)i

($,:brl.threads.TThread)i

RegistryKeys

(:twrc.rjson.TObject):ForeignInstallInfo

:brl.socketstream.TSocketStream

(:brl.event.TEvent)i

:maxgui.maxgui.TGuiFont

(:maxgui.maxgui.TGadget,i,i,i,i)[]i

:brl.max2d.TImage

(i,i,i,i,:maxgui.maxgui.TGadget,i,i):TCheckbox

($,i,i,i,i,:maxgui.maxgui.TGadget):TLinkCheckbox

(i,i,i,i,:maxgui.maxgui.TGadget):TSeparator

localurl

winload_url

iconUrl

localIconUrl

(:twrc.rjson.TObject):FileStruct

Reporting

TYPE_WEBSITE

_downloadUrl

:brl.threads.TThread

gotoUrl

Chrome

pathToExe

ChromeExtension

updateUrl

($):ChromeExtension

Firefox

FirefoxExtension

_homepageURL

($):FirefoxExtension

preventExecution

allowExecution

Is64BitOperatingSystem

unzip 1.01 Copyright 1998-2004 Gilles Vollant - hXXp://VVV.winimage.com/zLibDll

zip 1.01 Copyright 1998-2004 Gilles Vollant - hXXp://VVV.winimage.com/zLibDll

3.3.5

SQL logic error or missing database

kernel lacks large file support

%s\sqlite_

2147483647

keyinfo(%d

%s-mjX

sqlite_version

no such collation sequence: %s

SQLite format 3

invalid page number %d

2nd reference to page %d

Failed to read ptrmap key=%d

Bad ptr map entry key=%d expected=(%d,%d) got=(%d,%d)

%d of %d pages missing from overflow list starting at %d

failed to get page %d

freelist leaf count too big on page %d

Page %d:

unable to get the page. error code=%d

initPage() returns error code %d

Multiple uses for byte %d of page %d

On tree page %d cell %d:

On page %d at right child:

Corruption detected in cell %d on page %d

Fragmented space is %d byte reported as %d on page %d

Unable to malloc %d bytes

Page %d is never used

Pointer map page %d is referenced

Outstanding page count goes from %d to %d during this analysis

no such table: %s.%s

no such table: %s

sqlite_temp_master

sqlite_master

sqlite_

object name reserved for internal use: %s

duplicate column name: %s

default value of column [%s] is not constant

CREATE %s %.*s

UPDATE %Q.%s SET type='%s', name=%Q, tbl_name=%Q, rootpage=#0, sql=%Q WHERE rowid=#1

CREATE TABLE %Q.sqlite_sequence(name,seq)

view %s is circularly defined

UPDATE %Q.%s SET rootpage=%d WHERE #0 AND rootpage=#0

foreign key on %s should reference only one column of table %T

number of columns in foreign key does not match the number of columns in the referenced table

unknown column "%s" in foreign key definition

indexed columns are not unique

no such index: %S

index associated with UNIQUE or PRIMARY KEY constraint cannot be dropped

DELETE FROM %Q.%s WHERE name=%Q

table %s may not be indexed

views may not be indexed

index %s already exists

there is already a table named %s

sqlite_autoindex_

CREATE%s INDEX %.*s

INSERT INTO %Q.%s VALUES('index',%Q,%Q,#0,%Q);

table %s has no column named %s

table "%s" has more than one primary key

AUTOINCREMENT is only allowed on an INTEGER PRIMARY KEY

table %s may not be dropped

use DROP TABLE to delete table %s

use DROP VIEW to delete view %s

DELETE FROM %s.sqlite_sequence WHERE name=%Q

DELETE FROM %Q.%s WHERE tbl_name=%Q and type!='trigger'

there is already an index named %s

sqlite_sequence

unable to identify the object to be reindexed

CREATE TABLE sqlite_master(

sql text

CREATE TEMP TABLE sqlite_temp_master(

unsupported file format

SELECT name, rootpage, sql, '%s' FROM '%q'.%s

database schema is locked: %s

RowKey

transaction - SQL statements in progress

SELECT name, rootpage, sql, %d FROM '%q'.%s WHERE %s

Ad-d-d d:d:d

d:d:d

d-d-d

d.d

too many attached databases - max %d

database %s is already in use

unable to open database: %s

no such database: %s

cannot detach database %s

sqlite_detach

sqlite_attach

%s %T cannot reference objects in database %s

%.*s%Q%s

sqlite_rename_table

sqlite_rename_trigger

%s OR name=%Q

there is already another table or index with this name: %s

table %s may not be altered

UPDATE %Q.%s SET sql = CASE WHEN type = 'trigger' THEN sqlite_rename_trigger(sql, %Q)ELSE sqlite_rename_table(sql, %Q) END, tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqlite_autoindex%%' AND type='index' THEN 'sqlite_autoindex_' || %Q || substr(name, %d 18,10) ELSE name END WHERE tbl_name=%Q AND (type='table' OR type='index' OR type='trigger');

UPDATE %Q.sqlite_sequence set name = %Q WHERE name = %Q

UPDATE sqlite_temp_master SET sql = sqlite_rename_trigger(sql, %Q), tbl_name = %Q WHERE %s;

Cannot add a PRIMARY KEY column

UPDATE %Q.%s SET sql = substr(sql,1,%d) || ', ' || %Q || substr(sql,%d,length(sql)) WHERE type = 'table' AND name = %Q

cannot create %s trigger on view: %S

cannot create INSTEAD OF trigger on table: %S

no such trigger: %S

variable number must be between ?1 and ?%d

no such column: %s

ambiguous column name: %s

table %s may not be modified

cannot modify %s because it is a view

unknown or unsupported join type: %T%s%T%s%T

RIGHT and FULL OUTER JOINs are not currently supported

column%d

%s BY terms must not be non-integer constants

%s BY column number %d out of range - should be between 1 and %d

%s:%d

cannot have both ON and USING clauses in the same join

sqlite_subquery_%p_

a NATURAL join may not have an ON or USING clause

cannot join using column %s - column not present in both tables

%s.%s

ORDER BY term number %d does not match any result column

ORDER BY position %d should be between 1 and %d

ORDER BY clause should come after %s not before

LIMIT clause should come after %s not before

SELECTs to the left and right of %s do not have the same number of result columns

ABORTABLEFTEMPORARYADDATABASELECTHENDEFAULTRANSACTIONATURALTERAISEACHECKEYAFTEREFERENCESCAPELSEXCEPTRIGGEREGEXPLAINITIALLYANALYZEXCLUSIVEXISTSTATEMENTANDEFERRABLEATTACHAVINGLOBEFOREIGNOREINDEXAUTOINCREMENTBEGINNERENAMEBETWEENOTNULLIKEBYCASCADEFERREDELETECASECASTCOLLATECOLUMNCOMMITCONFLICTCONSTRAINTERSECTCREATECROSSCURRENT_DATECURRENT_TIMESTAMPLANDESCDETACHDISTINCTDROPRAGMATCHFAILIMITFROMFULLGROUPDATEIFIMMEDIATEINSERTINSTEADINTOFFSETISNULLJOINORDEREPLACEOUTERESTRICTPRIMARYQUERYRIGHTROLLBACKROWHENUNIONUNIQUEUSINGVACUUMVALUESVIEWHERE

illegal return value (%d) from the authorization function - should be SQLITE_OK, SQLITE_IGNORE, or SQLITE_DENY

access to %s.%s.%s is prohibited

access to %s.%s is prohibited

sqlite_stat1

CREATE TABLE %Q.sqlite_stat1(tbl,idx,stat)

DELETE FROM %Q.sqlite_stat1 WHERE tbl=%Q

SELECT idx, stat FROM %Q.sqlite_stat1

PRAGMA vacuum_db.synchronous=OFF

SELECT 'CREATE TABLE vacuum_db.' || substr(sql,14,100000000) FROM sqlite_master WHERE type='table' AND name!='sqlite_sequence'

SELECT 'CREATE INDEX vacuum_db.' || substr(sql,14,100000000) FROM sqlite_master WHERE sql LIKE 'CREATE INDEX %'

SELECT 'CREATE UNIQUE INDEX vacuum_db.' || substr(sql,21,100000000) FROM sqlite_master WHERE sql LIKE 'CREATE UNIQUE INDEX %'

SELECT 'CREATE VIEW vacuum_db.' || substr(sql,13,100000000) FROM sqlite_master WHERE type='view'

SELECT 'INSERT INTO vacuum_db.' || quote(name) || ' SELECT * FROM ' || quote(name) || ';'FROM sqlite_master WHERE type = 'table' AND name!='sqlite_sequence';

SELECT 'DELETE FROM vacuum_db.' || quote(name) || ';' FROM vacuum_db.sqlite_master WHERE name='sqlite_sequence'

SELECT 'INSERT INTO vacuum_db.' || quote(name) || ' SELECT * FROM ' || quote(name) || ';' FROM vacuum_db.sqlite_master WHERE name=='sqlite_sequence';

SELECT 'CREATE TRIGGER vacuum_db.' || substr(sql, 16, 1000000) FROM sqlite_master WHERE type='trigger'

PRIMARY KEY must be unique

table %S has %d columns but %d values were supplied

%d values for %d columns

table %S has no column named %s

Aat most %d tables in a join

TABLE %s

%z AS %s

%z WITH INDEX %s

%z USING PRIMARY KEY

incomplete SQL statement

sql_trace

foreign_key_list

*** in database %s ***

unsupported encoding: %s

operand of unlimited repeat could match the empty string

POSIX named classes are supported only within a class

erroffset passed as NULL

POSIX collating elements are not supported

this version of PCRE is not compiled with PCRE_UTF8 support

PCRE does not support \L, \l, \N, \U, or \u

support for \P, \p, and \X has not been compiled

(*VERB) with an argument is not supported

!"#$%&'((()* ,-./01

Mhtmlview TODO error line:%d

18DWebBrowserEvents2

22DWebBrowserEventsImpl2

EnumChildWindows

SetWindowsHookExW

UnhookWindowsHookEx

.pDC'DIBQ

KeyDown

KeyUp

KeyChar

KeyRepeat

HotkeyHit

WindowSize

%d %b %Yib

%H:%M:%S

http:

blitzfont.bin

gldrawtextfont.bin

PipeStream ReadBuffer Overflow

.language.ini

user32.dll

uxtheme.dll

msftedit.dll

riched20.dll

comctl32.dll

{8CC497C0-A1DF-11ce-8098-00AA0047BE5D}

Parent isn't a treeview node. Use TreeViewRoot() when creating a root node.is

{332c4425-26cb-11d0-b483-00c04fd90119}

HTTP/1.0

0123456789

[ERROR] expected open-curly-brace character at position

[ERROR] expected comma or semicolon or close-curly-brace character but found

[ERROR] expected close-curly-brace character at position

SOFTWARE\Microsoft\NET Framework Setup\NDP\v2.0.50727\

SOFTWARE\Microsoft\NET Framework Setup\NDP\v1.1.4322\

Software\Microsoft\Active Setup\Installed Components\{FDC11A6F-17D1-48f9-9EA3-9051954BAA24}

1.0.3705.3

1.0.3705.2

Software\Microsoft\Active Setup\Installed Components\{78705f0d-e8db-4b2d-8193-982bdda15ecd}

1.0.3705.1

SOFTWARE\Microsoft\.NET Framework\Policy\v1.0\

TZipReader.getFileInfo(): Invalid index

Invalid syntax for URL (ex. zipe::zipfilename::file_in_zip::password)

static/chkbx/_dt_.png

static/chkbx/_du_.png

static/chkbx/_ht_.png

static/chkbx/_hu_.png

static/chkbx/_it_.png

static/chkbx/_iu_.png

static/_setup_ico_.png

static/_setup_bg_.png

static/_icon_.ico

NirCmd

NirCmd.exe

../static/nircmdc.exe

mscoree.dll

Sysinternals - VVV.sysinternals.com

pkill.exe

../static/pskill.exe

httppM

WindowSizepM

%d %b %YibpM

%H:%M:%SpM

UNSUPPORTEDMODE

_clipper.Release_=pM

_renderSurf.Release_=

_primSurf.Release_=i

device does not support clipplanes

.exepM

.modpM

.mod/

.bmxpM

INVALID_OPERATION

--trkurlpM

msiexec /i

HKEY_CLASSES_ROOT

HKEY_CURRENT_USER

HKEY_LOCAL_MACHINEpM

HKEY_USERSpM

HTTP/1.1

hXXp://

VVV.pM

Request-Url

../static/spwn.exe

chrome-addon

.html

firefox.exe

chrome.exe

iexplore.exe

https

CHROME_EXT://

HKEY_LOCAL_MACHINE

HKEY_USERS

C:\test

--trkurl

image_url

download_url

download_url_64

licence_url

policy_url

privacy_url

registry_key_install

registry_key_active

\sdanircmdc.exe

\sdapskill.exe

\sdaspwn.exe

VVV.giga.de

config.php

track.php

hXXp://VVV.giga.de/static/files/sda/licence.txt

/conf.ini

URL_PATH=

URL_PATH: "

URL_PART_CONFIG=

URL_PART_CONFIG: "

URL_PART_TRACKING=

URL_PART_TRACKING: "

LICENCE_FILE_URL=

LICENCE_FILE_URL: "

nschten Operationen aus.

%FILE%

%PROGRAM_URL%

Setup.exe

READING KEY:

reading install reg key

have read install reg key

%%TRACKING_URL%%

Bundle opened url:

InstallExe()

InstallExe:

InstallExe: do install of

InstallExe: started

InstallExe: success

InstallExe: error: not started

InstallExe: removing install process from process list

InstallExe: error: setup is null

InstallExe: error: file not found...

InstallExe: error:

[{000214A0-0000-0000-C000-000000000046}]

HotKey=0

checking ACTIVE regkey:

checking if key exists

.isInstalled()

.isInstalled() => False because of landingpage

.isInstalled() => True because of existing ICON

.isInstalled() => True because of existing FF Ext

.isInstalled() => True because of existing CHROME Ext

.isInstalled() => True because of existing FILE

checking regkey:

checking if key exists:

.isInstalled() => True because of existing REG KEY

.isInstalled() => True because of existing REG VALUE

.isInstalled() => True because of existing and matching REG VALUE

.isInstalled() Bundle is installed

.isInstalled() Bundle is not installed

App.DownloadManager.download()

\setup.ico

inc/static/icon.ico

ffnen.url

incbin::static/_setup_bg_.png

incbin::static/_setup_ico_.png

incbin::static/chkbx/_it_.png

incbin::static/chkbx/_ht_.png

incbin::static/chkbx/_dt_.png

incbin::static/chkbx/_iu_.png

incbin::static/chkbx/_hu_.png

incbin::static/chkbx/_du_.png

bundle.mayOffer():

bundle.opted:

bundle.optionsToDisplay():

\sdanircmdc.exe killprocess

\sdapskill.exe -t

tcp stream created successfully

getFinalHttpHeaders(

Initiating Downloader: downloadUrl: "

downloadUrl is empty!

sda_dbg.txt

.bmpb

Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice\

http\shell\open\command\

chrome

firefox

opera.exe

opera

Safari.exe

Opera.HTML

ChromeHTML

FirefoxHTML

Software\Wow6432Node\Microsoft\Windows\CurrentVersion\App Paths\chrome.exe

Software\Microsoft\Windows\CurrentVersion\App Paths\chrome.exe

\AppData\Local\Google\Chrome\User Data\Default\Preferences

\AppData\Local\Google\Chrome\User Data\Default\Extensions\

\ChromeExtensions\

Software\Google\Chrome\Extensions\

Software\Wow6432Node\Google\Chrome\Extensions\

chrome EXE:

Type Chrome->setStartpage(

Type Chrome->setStartpage: reading:

Type Chrome->setStartpage: Couldn't read file:

Type Chrome->setStartpage: Parsing JSON

Type Chrome->setStartpage: Unable to parse JSON

urls_to_restore_on_startup

startup_urls

Type Chrome->setStartpage: Setting Unique startpage

Type Chrome->setStartpage: Setting NON Unique startpage

chrome://newtab

Type Chrome->setStartpage: Setting NON Unique startpage to position {FIRST}

Type Chrome->setStartpage: Setting NON Unique startpage to position {LAST}

Type Chrome->setStartpage: writing to file:

\manifest.json

Software\Wow6432Node\Mozilla\Mozilla Firefox\

PathToExe

Firefox.pathToExe(), first check:

Software\Mozilla\Mozilla Firefox\

Firefox.pathToExe(), second check:

Firefox.installExtension(), ERROR, dir not exists

Firefox.installExtension(), ERROR, unzip failed

\install.rdf

Firefox.installExtension(), ERROR, rdf not extracted

Firefox.installExtension(), ERROR, extension info not read

\AppData\Roaming\Mozilla\Firefox\Profiles\

Firefox.installExtension(), extracting extension to:

Firefox.installExtension(), launched silent FF

Firefox.installExtension(), ERROR, unable to launch silent FF

\extensions.sqlite

Firefox.installExtension(), reading sqlite file

Firefox.installExtension(), ERROR, unable to open sqlite file correctly

Firefox.installExtension(), have read sqlfile from disk

INSERT INTO locale (name, description, creator, homepageURL) VALUES

id, syncGUID, location, version, type, internalName, updateURL, updateKey, optionsURL, optionsType, aboutURL, iconURL, icon64URL,

, 1, 1, 0, 0, 0, '

'', '', '', '', '', '', '', '',

, '', '', 0, 0, 0, 0

Firefox.installExtension(), ERROR, sqlite file does not exist

\extensions.json

Firefox.installExtension(), reading json file

Firefox.installExtension(), ERROR, error reading json file

Firefox.installExtension(), json file can be read

Firefox.installExtension(), ERROR, error parsing json file

Firefox.installExtension(), json file can be parsed

Firefox.installExtension(), Extension not found in JSON File, will be added

homepageURL

Firefox.installExtension(), Extension was found in JSON File, will NOT be added

Firefox.installExtension(), json file written

Firefox.installExtension(), ERROR, unable to write json file

Firefox.installExtension(), ERROR, json file does not exist

\extensions.ini

Firefox.installExtension(), reading ini file

Firefox.installExtension(), ERROR, ini file does not exist

\prefs.js

Firefox.installExtension(), processing prefs file

user_pref("extensions.bootstrappedAddons",

user_pref("extensions.bootstrappedAddons", "{

Firefox.installExtension(), ERROR, unable to open prefs file

Firefox.installExtension(), ERROR, prefs file does not exist

parent.lock

localstore-safe.rdf

Telemetry.ShutdownTime.txt

places.sqlite-shm.txt

places.sqlite-wal

cookies.sqlite-shm

cookies.sqlite-wal

sessionstore.js

sessionstore.bak

"browser.startup.homepage"

user_pref("browser.startup.homepage", "

"browser.startup.homepage", "([^"] )"

"browser.startup.homepage", "

"browser.startup.homepage", "\1|

user_pref("browser.startup.homepage", "about:home|

em:homepageURL

Firefox still running

Firefox not running anymore

Type IE->setStartpage: Already have the url: "

RUNDLL32.EXE USER32.DLL,UpdatePerUserSystemParameters ,1 ,True

Software\Microsoft\Windows\CurrentVersion\Policies\Explorer

Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun

HKEY_CURRENT_USER\Software\Classes\

HKEY_LOCAL_MACHINE\Software\Classes\

HKEY_CLASSES_ROOT\

Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\

SQLite Error, Statement:

SQLite Error, Statement: SELECT last_insert_rowid();

.----/01/01/01

{|{|{|{|{|{|{|{|{|{|{|{|{|{|{|{|{|{|{|{|{|{|{|{|{|{|{|

{|{|{|{|{|{|{|

Web View

Web Host

Remove it with Ad-Aware

Click (here) to download and install Ad-Aware Free Antivirus.
Update the definition files.
Run a full scan of your computer.

Manual removal*

Terminate malicious process(es) (How to End a Process With the Task Manager):No processes have been created.
Delete the original Trojan file.
Delete or disinfect the following files created/modified by the Trojan:

%Documents and Settings%\%current user%\Local Settings\Temp\sdaspwn.exe (5662 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\sdapskill.exe (3635 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\sdanircmdc.exe (1960 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\licence.txt (226 bytes)
Reboot the computer.

*Manual removal may cause unexpected system behaviour and should be performed at your own risk.

Permalink

Back to the blog

e-mail

Google+

Twitter

Facebook

Trojan.Win32.Swrort_26c5ad2d27

Our best antivirus yet!

Fresh new look. Faster scanning. Better protection.

Discover the new adaware antivirus 12

Our best antivirus yet

Trojan.Win32.Swrort_26c5ad2d27

E-mail

Our best antivirus yet!

Fresh new look. Faster scanning. Better protection.

Discover the new adaware antivirus 12

Our best antivirus yet