Trojan.Win32.Swrort_6701630e9e

by malwarelabrobot on June 10th, 2016 in Malware Descriptions.

Trojan.Win32.Swrort.4.FD, TrojanSwrort.YR, BankerGeneric.YR (Lavasoft MAS)
Behaviour: Banker, Trojan


The description has been automatically generated by Lavasoft Malware Analysis System and it may contain incomplete or inaccurate information.

Requires JavaScript enabled!

Summary
Dynamic Analysis
Static Analysis
Network Activity
Map
Strings from Dumps
Removals

MD5: 6701630e9e30d4dbb203e774b1245ca5
SHA1: 20064f055e4cdb0a318f019e2055eebeedf42c4a
SHA256: de8814cb6526e5cd6c64b8573bcffb1f65169b6ab4c32277a87bdf0663a31f22
SSDeep: 24576:LfHhVqcXpJ5VsmR00HTsuOtQqFRDFlgbzWeqmc:L/hJJ4UJi1RDbgDqr
Size: 1035152 bytes
File type: EXE
Platform: WIN32
Entropy: Packed
PEID: UPolyXv05_v6
Company: no certificate found
Created at: 2014-07-18 18:02:25
Analyzed on: WindowsXP SP3 32-bit


Summary:

Trojan. A program that appears to do one thing but actually does another (a.k.a. Trojan Horse).

Payload

No specific payload has been found.

Process activity

The Trojan creates the following process(es):
No processes have been created.
The Trojan injects its code into the following process(es):

%original file name%.exe:860

Mutexes

The following mutexes were created/opened:
No objects were found.

File activity

The process %original file name%.exe:860 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\sdaspwn.exe (5662 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\sdapskill.exe (3635 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\sdanircmdc.exe (1960 bytes)

Registry activity

The process %original file name%.exe:860 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "F6 EC 08 C1 2D 65 8A BE 22 2C 31 9D 48 35 81 6F"

[HKLM\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication]
"ID" = "1405695745"
"Name" = "%original file name%.exe"

[HKCU\Software\Sysinternals\PsKill]
"EulaAccepted" = "1"

Dropped PE files

MD5 File path
b22171908e066ee0445fce6c8ea30633 c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\sdanircmdc.exe
b5891462c9ca5bddfe63d3bae3c14e0b c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\sdapskill.exe
7f86945096d03786e6b69dc9f186b432 c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\sdaspwn.exe

HOSTS file anomalies

No changes have been detected.

Rootkit activity

No anomalies have been detected.

Propagation

VersionInfo

No information is available.

PE Sections

Name Virtual Address Virtual Size Raw Size Entropy Section MD5
UPX0 4096 1933312 0 0 d41d8cd98f00b204e9800998ecf8427e
UPX1 1937408 999424 998400 5.49817 0874d518475e1612af424277879bfcd7
.rsrc 2936832 28672 28160 4.10505 0bf1ce6f3775b34795bbc800fb86e5f2

Dropped from:

Downloaded by:

Similar by SSDeep:

Similar by Lavasoft Polymorphic Checker:

URLs

URL IP
hxxp://www.giga.de/wp-content/plugins/econa-basic/features/sda-advanced/api/track.php?download_id=4957798&session_id=494655&event_id=1&type_id=2&object_id=0 80.86.80.169
hxxp://www.giga.de/wp-content/plugins/econa-basic/features/sda-advanced/api/track.php?download_id=4957798&session_id=494655&event_id=15&type_id=4&object_id=0 80.86.80.169
hxxp://www.giga.de/wp-content/plugins/econa-basic/features/sda-advanced/api/track.php?download_id=4957798&session_id=494655&event_id=1&type_id=5&object_id=0 80.86.80.169
hxxp://www.giga.de/wp-content/plugins/econa-basic/features/sda-advanced/api/track.php?download_id=4957798&session_id=494655&event_id=3&type_id=5&object_id=0 80.86.80.169
hxxp://www.giga.de/wp-content/plugins/econa-basic/features/sda-advanced/api/config.php?format=json&id=4957798 80.86.80.169
hxxp://www.giga.dehxxp://www.giga.de/wp-content/plugins/econa-basic/features/sda-advanced/api/track.php?download_id=4957798&session_id=494655&event_id=3&type_id=5&object_id=0 80.86.80.169
hxxp://www.giga.dehxxp://www.giga.de/wp-content/plugins/econa-basic/features/sda-advanced/api/track.php?download_id=4957798&session_id=494655&event_id=1&type_id=5&object_id=0 80.86.80.169
hxxp://www.giga.dehxxp://www.giga.de/wp-content/plugins/econa-basic/features/sda-advanced/api/config.php?format=json&id=4957798 80.86.80.169
hxxp://www.giga.dehxxp://www.giga.de/wp-content/plugins/econa-basic/features/sda-advanced/api/track.php?download_id=4957798&session_id=494655&event_id=1&type_id=2&object_id=0 80.86.80.169
hxxp://www.giga.dehxxp://www.giga.de/wp-content/plugins/econa-basic/features/sda-advanced/api/track.php?download_id=4957798&session_id=494655&event_id=15&type_id=4&object_id=0 80.86.80.169


IDS verdicts (Suricata alerts: Emerging Threats ET ruleset)

Traffic

GET hXXp://VVV.giga.de/wp-content/plugins/econa-basic/features/sda-advanced/api/track.php?download_id=4957798&session_id=494655&event_id=1&type_id=2&object_id=0 HTTP/1.1
Host: VVV.giga.de
Connection: close
Accept-Encoding: 
Cache-Control: no-cache, no-store
Pragma: no-cache
User-Agent: econa-sda


HTTP/1.1 200 OK
Server: nginx
Date: Thu, 09 Jun 2016 11:48:45 GMT
Content-Type: text/html; charset=utf-8
Connection: close
X-Powered-By: PHP/5.5.34
Content-Length: 0
Expires: Sat, 09 Jul 2016 11:48:45 GMT
Cache-Control: max-age=2592000
X-Content-Type-Options: nosniff



GET hXXp://VVV.giga.de/wp-content/plugins/econa-basic/features/sda-advanced/api/track.php?download_id=4957798&session_id=494655&event_id=15&type_id=4&object_id=0 HTTP/1.1
Host: VVV.giga.de
Connection: close
Accept-Encoding: 
Cache-Control: no-cache, no-store
Pragma: no-cache
User-Agent: econa-sda


HTTP/1.1 200 OK
Server: nginx
Date: Thu, 09 Jun 2016 11:48:45 GMT
Content-Type: text/html; charset=utf-8
Connection: close
X-Powered-By: PHP/5.5.34
Content-Length: 0
Expires: Sat, 09 Jul 2016 11:48:45 GMT
Cache-Control: max-age=2592000
X-Content-Type-Options: nosniff



GET hXXp://VVV.giga.de/wp-content/plugins/econa-basic/features/sda-advanced/api/config.php?format=json&id=4957798 HTTP/1.1
Host: VVV.giga.de
Connection: close
Accept-Encoding: 
Cache-Control: no-cache, no-store
Pragma: no-cache
User-Agent: econa-sda


HTTP/1.1 200 OK
Server: nginx
Date: Thu, 09 Jun 2016 11:48:45 GMT
Content-Type: text/json; charset=ISO-8859-1
Connection: close
X-Powered-By: PHP/5.5.34
Content-Length: 5
Expires: Sat, 09 Jul 2016 11:48:45 GMT
Cache-Control: max-age=2592000
X-Content-Type-Options: nosniff
false..



GET hXXp://VVV.giga.de/wp-content/plugins/econa-basic/features/sda-advanced/api/track.php?download_id=4957798&session_id=494655&event_id=3&type_id=5&object_id=0 HTTP/1.1
Host: VVV.giga.de
Connection: close
Accept-Encoding: 
Cache-Control: no-cache, no-store
Pragma: no-cache
User-Agent: econa-sda


HTTP/1.1 200 OK
Server: nginx
Date: Thu, 09 Jun 2016 11:48:45 GMT
Content-Type: text/html; charset=utf-8
Connection: close
X-Powered-By: PHP/5.5.34
Content-Length: 0
Expires: Sat, 09 Jul 2016 11:48:45 GMT
Cache-Control: max-age=2592000
X-Content-Type-Options: nosniff



GET hXXp://VVV.giga.de/wp-content/plugins/econa-basic/features/sda-advanced/api/track.php?download_id=4957798&session_id=494655&event_id=1&type_id=5&object_id=0 HTTP/1.1
Host: VVV.giga.de
Connection: close
Accept-Encoding: 
Cache-Control: no-cache, no-store
Pragma: no-cache
User-Agent: econa-sda


HTTP/1.1 200 OK
Server: nginx
Date: Thu, 09 Jun 2016 11:48:45 GMT
Content-Type: text/html; charset=utf-8
Connection: close
X-Powered-By: PHP/5.5.34
Content-Length: 0
Expires: Sat, 09 Jul 2016 11:48:45 GMT
Cache-Control: max-age=2592000
X-Content-Type-Options: nosniff







The Trojan connects to the servers at the folowing location(s):







%original file name%.exe_860:




`.rsrc
"Z.hh
%u&C9
%u:F9
(:brl.stream.TStream,i,i)i
:brl.bank.TBank
(:brl.bank.TBank):TBankStream
OpenURL
(:brl.stream.TStream):TPixmap
:brl.font.TFont
[]:brl.pixmap.TPixmap
(i,i,i):brl.pixmap.TPixmap
(i,:brl.pixmap.TPixmap)i
:brl.pixmap.TPixmap
(:brl.pixmap.TPixmap,i):TImageFrame
SetViewport
(:brl.pixmap.TPixmap,i,i)i
(i,i,i,i):brl.pixmap.TPixmap
viewport_x
viewport_y
viewport_w
viewport_h
:brl.graphics.TGraphics
(:brl.graphics.TGraphics,:TMax2DDriver):TMax2DGraphics
()[]:brl.graphics.TGraphicsMode
(:brl.graphics.TGraphics)i
:brl.graphics.TGraphicsMode
(:brl.pixmap.TPixmap,i):TGLImageFrame
(i,i):brl.max2d.TMax2DGraphics
(i,i,i,i,i):brl.max2d.TMax2DGraphics
TPipeStream
ReadPipe
(i,i):TPipeStream
pipe
:TPipeStream
:brl.event.TEvent
(f,:brl.event.TEvent):TTimer
TKeyValue
TKeyEnumerator
ValueForKey
Keys
(:brl.stream.TStream,i):TTextStream
(:Object,$,$,i,i):brl.stream.TStream
:brl.map.TMap
(:maxgui.localization.TMaxGUILanguage)i
(i):brl.pixmap.TPixmap
:brl.linkedlist.TList
(:brl.event.TEvent,:Object)i
datakeys
((:brl.event.TEvent,:Object)i,:Object)i
KeysFromList
(:brl.linkedlist.TList)[]$
KeysFromObjectArray
InsertItemFromKey
(:brl.pixmap.TPixmap,i)i
SetHotKey
(i):brl.graphics.TGraphics
():brl.graphics.TGraphics
THotKey
:THotKey
dwWindowStatus
crTextColor
biClrImportant
TWindowsGUIDriver
(i,:TWindowsGadget)i
KeyboardProc
HotkeyEventFromWp
(i):brl.event.TEvent
(i,i,i,i,:maxgui.maxgui.TGadget)i
(i,$,i,i,i,i,:maxgui.maxgui.TGadget,i):maxgui.maxgui.TGadget
():maxgui.maxgui.TGadget
($,i,i):maxgui.maxgui.TGuiFont
($,d,i):maxgui.maxgui.TGuiFont
(i,d,i):maxgui.maxgui.TGuiFont
(:maxgui.maxgui.TGuiFont):maxgui.maxgui.TGuiFont
(:Object):maxgui.maxgui.TIconStrip
TWindowsGadget
_hotkey
:maxgui.maxgui.THotKey
:TWindowsFont
(:maxgui.maxgui.TGuiFont)i
TWindowsDesktop
TWindowsWindow
:TWindowsMenu
(:maxgui.maxgui.TGadget,i):TWindowsWindow
(:maxgui.maxgui.TGadget,:Object)i
TWindowsButton
(:maxgui.maxgui.TGadget,i):TWindowsButton
(:brl.pixmap.TPixmap)i
TWindowsTextField
(:maxgui.maxgui.TGadget,i):TWindowsTextField
TWindowsTextArea
:pub.win32.CHARRANGE
:pub.win32.CHARFORMATW
:pub.win32.GUID
(:maxgui.maxgui.TGadget,i):TWindowsTextArea
TWindowsListBox
:TWindowsIconStrip
(:maxgui.maxgui.TGadget,i):TWindowsListBox
(:maxgui.maxgui.TIconStrip)i
TWindowsComboBox
(:maxgui.maxgui.TGadget,i):TWindowsComboBox
TWindowsToolBar
(:maxgui.maxgui.TGadget,i):TWindowsToolBar
TWindowsTabber
(:maxgui.maxgui.TGadget,i):TWindowsTabber
TWindowsTreeNode
:TWindowsTreeNode
(:TWindowsTreeView):TWindowsTreeNode
($,:maxgui.maxgui.TGadget,i,i,i):TWindowsTreeNode
(i,$,i):maxgui.maxgui.TGadget
TWindowsTreeView
(:maxgui.maxgui.TGadget,i):TWindowsTreeView
TWindowsLabel
(:maxgui.maxgui.TGadget,i):TWindowsLabel
TWindowsSlider
(:maxgui.maxgui.TGadget,i):TWindowsSlider
TWindowsProgressBar
(:maxgui.maxgui.TGadget,i):TWindowsProgressBar
TWindowsPanel
(:maxgui.maxgui.TGadget,i):TWindowsPanel
TWindowsHTMLView
?pub.win32.IWebBrowser2
(:maxgui.maxgui.TGadget,i):TWindowsHTMLView
TWindowsMenu
_hotkeycode
SetNewKey
GetMenuFromKey
(i):TWindowsMenu
($,:maxgui.maxgui.TGadget,i):TWindowsMenu
TWindowsIconStrip
(:Object):TWindowsIconStrip
():TWindowsIconStrip
TWindowsFont
(i):TWindowsFont
(:pub.win32.LOGFONTW,i,d)i
($,d,i):TWindowsFont
(:pub.win32.LOGFONTW,i,i):TWindowsFont
(:maxgui.maxgui.TGuiFont):TWindowsFont
(d,i):TWindowsFont
TWindowsGraphic
(:brl.pixmap.TPixmap,i,i,i)i
[]:maxgui.maxgui.TGadget
:maxgui.maxgui.TGadget
(i,i,i,i,:maxgui.maxgui.TGadget,i):TSplitter
(i):maxgui.maxgui.TGadget
(:brl.pixmap.TPixmap):brl.pixmap.TPixmap
(:brl.pixmap.TPixmap,f):brl.pixmap.TPixmap
pnlViewport
(i,i,i,i,:maxgui.maxgui.TGadget,i):TScrollPanel
FitToViewport
(:maxgui.maxgui.TGadget,:maxgui.maxgui.TGadget)i
($,i,i,i,i,:maxgui.maxgui.TGadget,i,$):THyperlinkGadget
(:brl.event.TEvent):brl.event.TEvent
getExecOpt
TRegExException
(i,$):TRegExException
():brl.linkedlist.TList
(:brl.linkedlist.TList):brl.linkedlist.TList
_localPort
_remotePort
SetTCPNoDelay
LocalPort
RemotePort
CreateUDP
CreateTCP
(:brl.stream.TStream):brl.stream.TStream
:brl.socket.TSocket
():brl.socket.TSocket
(:brl.socket.TSocket,i):TSocketStream
THTTPStreamFactory
(:Object,:brl.reflection.TTypeId):TValue
(:TValue,:brl.reflection.TTypeId):Object
(:brl.reflection.TTypeId):brl.linkedlist.TList
(:TValue,:TValue,:brl.linkedlist.TList,[]:TValue_Selector_Token):brl.linkedlist.TList
(:brl.stream.TStream,$,$)i
($,i,$):brl.ramstream.TRamStream
(i,i,i):brl.ramstream.TRamStream
:brl.stream.TStream
(:brl.stream.TStream,i,i):TZipFileList
():brl.bank.TBank
(:brl.stream.TStream)i
password
(:brl.stream.TStream):brl.pixmap.TPixmap
1. Der "Software Download Assistent von giga.de" (nachfolgend SDA) ist ein kostenloser Service der Webseite VVV.giga.de. Dem Kunden wird mit dem Download des SDA ein nicht ausschlie
lich auf das Downloaden der auf der Webseite VVV.giga.de von der GIGA Digital AG angebotenen Software-Programme anderer Anbieter. F
r die mit Hilfe des SDA von der Webseite von GIGA Digital AG heruntergeladene Fremdsoftware (siehe auch Ziffer 1 letzter Satz).
.rsrc
JuAV.CS~
1y.Gh6
vapi32.dllCreateP
irCmd vF71 (Conso
m\\.\
0/222^ /
HKEY_LOCAL_MACH
C.pdb
nv.onm&Va
n"81IKey
KERNEL32.DLL
ADVAPI32.dll
GDI32.dll
msvcrt.dll
ole32.dll
SHELL32.dll
USER32.dll
WINMM.dll
RegCloseKey
ShellExecuteA
.text
`.rdata
@.data
vSSSh
FTPjK
FtPj;
C.PjRV
tGHt.Ht&
ntdll.dll
\b EFFET JURIDIQUE.\b0 Le pr\'e9sent contrat d\'e9crit certains droits juridiques. Vous pourriez avoir d'autres droits pr\'e9vus par les lois de votre pays. Le pr\'e9sent contrat ne modifie pas les droits que vous conf\'e8rent les lois de votre pays si celles-ci ne le permettent pas.\b\par
\pard\sb240\lang1036 Remarque : Ce logiciel \'e9tant distribu\'e9 au Qu\'e9bec, Canada, certaines des clauses dans ce contrat sont fournies ci-dessous en fran\'e7ais.\par
\pard\fi-357\li357\sb120\sa120\tx360\caps\fs20 8.\tab\fs19 Legal Effect.\b0\caps0 This agreement describes certain legal rights. You may have other rights under the laws of your country. You may also have rights with respect to the party from whom you acquired the software. This agreement does not change your rights under the laws of your country if the laws of your country do not permit it to do so.\b\caps\par
\caps\fs20 6.\tab\fs19 Entire Agreement.\b0\caps0 This agreement, and the terms for supplements, updates, Internet-based services and support services that you use, are the entire agreement for the software and support services.\par
\caps\fs20 5.\tab\fs19 SUPPORT SERVICES.\caps0 \b0 Because this software is \ldblquote as is,\rdblquote we may not provide support services for it.\b\par
\caps\fs20 4.\tab\fs19 Export Restrictions\caps0 .\b0 The software is subject to United States export laws and regulations. You must comply with all domestic and international export laws and regulations that apply to the software. These laws include restrictions on destinations, end users and end use. For additional information, see \cf1\ul VVV.microsoft.com/exporting <hXXp://VVV.microsoft.com/exporting>\cf0\ulnone .\b\par
\caps\fs20 2.\tab\fs19 Scope of License\caps0 .\b0 The software is licensed, not sold. This agreement only gives you some rights to use the software. Sysinternals reserves all other rights. Unless applicable law gives you more rights despite this limitation, you may use the software only as expressly permitted in this agreement. In doing so, you must comply with any technical limitations in the software that only allow you to use it in certain ways. You may not\b\par
\'b7\tab support services\par
\pard\sb120\sa120\b0\fs19 These license terms are an agreement between Sysinternals (a wholly owned subsidiary of Microsoft Corporation) and you. Please read them. They apply to the software you are downloading from Systinternals.com, which includes the media on which you received it, if any. The terms also apply to any Sysinternals\par
{\*\generator Msftedit 5.41.21.2506;}\viewkind4\uc1\pard\brdrb\brdrs\brdrw10\brsp20 \sb120\sa120\b\f0\fs24 SYSINTERNALS SOFTWARE LICENSE TERMS\fs28\par
%s License Agreement
Riched32.dll
Software\Sysinternals\%s
Shell32.dll
\\.\%s
netmsg.dll
\\%s\IPC$
\\%s\ADMIN$\%s
%s\%s
Make sure that the default admin$ share is enabled on %s.
Make sure that file and print sharing services are enabled on %s.
Couldn't access %s:
Couldn't install %s service:
Could not start %s service on %s:
%%SystemRoot%%\%s
Starting %s service on %s...
Timeout accessing %s.
Connecting to %s...
Cannot connect to remote registry on %s:
Cannot log on to %s:
Password:
\\%s:
A system error has occurred: %d
Error opening %s:
\StringFileInfo\XX\%s
%s requires Windows NT/2000/XP/2003.
Process %d does not exist on %s.
Process %s does not exist on %s.
Error killing process %d on %s:
Error killing process(es) named %s on %s:
Error communicating with pskill service on %s. The process may
Error communicating with pskill service on %s:
Killing process%s %d on %s...
Error establishing communication with pskill service on %s:
\\%s\pipe\pskllsvc
Connecting with pskill service on %s...
PSKLLSVC.EXE
you will be prompted to enter a hidden password.
-p Specifies optional password for user name. If you omit this
-u Specifies optional user name for login to
Usage: pskill [-t] [\\computer [-u username [-p password]]] <process ID | name>
Process %d killed.
Process %s killed.
%d processes named %s killed.
%d processes descended from and including %d killed.
%d processes named %s and their descendants killed.
Unable to kill process %d:
Unable to kill process %s:
Process %d on %s killed.
Process %s killed on %s.
%d processes named %s killed on %s.
PsKill requires Windows NT or Windows 2000.
Please contact the application's support team for more information.
- Attempt to initialize the CRT more than once.
- CRT not initialized
- floating point support not loaded
ADVAPI32.DLL
GetProcessWindowStation
USER32.DLL
portuguese-brazilian
c:\src\Pstools\pskill\EXE\Release\pskill.pdb
VERSION.dll
NETAPI32.dll
WS2_32.dll
MPR.dll
ConnectNamedPipe
KERNEL32.dll
COMDLG32.dll
RegCreateKeyA
GetCPInfo
GetConsoleOutputCP
GetProcessHeap
\\.\pipe\pskllsvc
%s error: %d
Stopping %s.
%s (0x%x)
OpenSCManager failed - %s
CreateService failed - %s
%s installed.
Unable to install %s - %s
OpenService failed - %s
DeleteService failed - %s
%s removed.
%s failed to stop.
%s stopped.
Debugging %s.
%s -debug <params> to run as a console app for debugging
%s -remove to remove the service
%s -install to install the service
c:\src\Pstools\pskill\SVC\Release\pskllsvc.pdb
CreateNamedPipeA
ReportEventA
<requestedExecutionLevel level="asInvoker" uiAccess="false"></requestedExecutionLevel>
"hXXp://crl.verisign.com/tss-ca.crl0
hXXp://ocsp.verisign.com0
Thawte Certification1
0hXXp://crl.verisign.com/ThawteTimestampingCA.crl0
2Terms of use at hXXps://VVV.verisign.com/rpa (c)09100.
3hXXp://csc3-2009-2-crl.verisign.com/CSC3-2009-2.crl0D
hXXps://VVV.verisign.com/rpa0
hXXp://ocsp.verisign.com0?
3hXXp://csc3-2009-2-aia.verisign.com/CSC3-2009-2.cer0
.Class 3 Public Primary Certification Authority0
hXXps://VVV.verisign.com/cps0*
#hXXp://logo.verisign.com/vslogo.gif0
hXXp://ocsp.verisign.com01
hXXp://crl.verisign.com/pca3.crl0)
EhXXp://crl.microsoft.com/pki/crl/products/MicCodSigPCA_08-31-2010.crl0Z
>hXXp://VVV.microsoft.com/pki/certs/MicCodSigPCA_08-31-2010.crt0
ChXXp://crl.microsoft.com/pki/crl/products/MicrosoftTimeStampPCA.crl0X
<hXXp://VVV.microsoft.com/pki/certs/MicrosoftTimeStampPCA.crt0
$Microsoft Root Certificate Authority0
?hXXp://crl.microsoft.com/pki/crl/products/microsoftrootcert.crl0T
8hXXp://VVV.microsoft.com/pki/certs/MicrosoftRootCert.crt0
$Microsoft Root Certificate Authority
.tq[m
*hXXp://technet.microsoft.com/sysinternals 0
`.data
.rdata
@.bss
.idata
Ph.IO
YtCPV
FTPS
;%u#j
8.uC@9
FTPW
1T?.GT?
U?%1U?GFU?c[U?ypU?
2x?'9x?-@x?.Gx?,Nx?$Ux?
Wp?.np?
(:brl.stream.TStream):TAudioSample
(:brl.audiosample.TAudioSample,i):TSound
D3DVIEWPORT9
D3DVERTEXELEMENT9
DDCOLORKEY
ddckDestColorkeyLo
ddckDestColorkeyHi
ddckSrcColorkeyLo
ddckSrcColorkeyHi
dwCKeyCaps
dwSVBCKeyCaps
dwVSBCKeyCaps
dwSSBCKeyCaps
dwMaxVideoPorts
dwCurrVideoPorts
dwNLVBCKeyCaps
dckDestColorkey
dckSrcColorkey
D3DVIEWPORT7
?pub.directx.IDirectDrawSurface7
?pub.directx.IDirectDrawClipper
():brl.graphics.TGraphicsDriver
():pub.directx.IDirectDrawSurface7
[]:brl.graphics.TGraphicsMode
?pub.directx.IDirectDraw7
?pub.directx.IDirect3D7
?pub.directx.IDirect3DDevice7
():pub.directx.IDirectDraw7
():pub.directx.IDirect3D7
():pub.directx.IDirect3DDevice7
(:pub.directx.DDSURFACEDESC2):pub.directx.IDirectDrawSurface7
(:pub.directx.IDirectDrawSurface7)i
:brl.dxgraphics.TD3D7Graphics
(i,i,i):brl.max2d.TImageFrame
(:brl.pixmap.TPixmap,i):brl.max2d.TImageFrame
(:brl.pixmap.TPixmap):pub.directx.IDirectDrawSurface7
:pub.directx.DDSurfaceDesc2
(i,i):brl.pixmap.TPixmap
:pub.directx.DDSURFACEDESC2
?pub.directx.IDirectSoundBuffer
(:brl.audio.TChannel):TDirectSoundChannel
(:brl.audiosample.TAudioSample,i):TDirectSoundSound
:brl.audio.TSound
?pub.directx.IDirectSound
(:brl.audio.TChannel):TFreeAudioChannel
(i,:brl.audiosample.TAudioSample):TFreeAudioSound
(:brl.audiosample.TAudioSample,i):TFreeAudioSound
():brl.pixmap.TPixmap
:pub.freetype.FTFace
TGNetMsg
():TGNetMsg
(:TGNetMsg)i
CreatedMsg
ClosedMsg
MessageMsg
(i):TGNetMsg
(:TGNetMsg,:TGNetPeer)i
RecvMsg
(*b):TGNetMsg
SendMsg
(:brl.stream.TStream):brl.audiosample.TAudioSample
(:brl.audio.TChannel):TOpenALChannel
(:brl.audiosample.TAudioSample,i):TOpenALSound
1.2.12
%d %s %d d:d:d  0000
libpng version 1.2.12 - June 27, 2006
libpng version 1.2.12 - June 27, 2006 (header)
1.2.3
1.0.6 or earlier
Only compression windows <= 32k supported by PNG
Only compression windows >= 256 supported by PNG
Only compression method 8 is supported by PNG
iTXt chunk not supported.
0123456789ABCDEFlibpng warning no. %s: %s
libpng warning: %s
libpng error no. %s: %s
libpng error: %s, offset=%d
libpng error: %s
NULL row buffer for row %ld, pass %d
Buffer error in compressed datastream in %s chunk
Data error in compressed datastream in %s chunk
Incomplete compressed datastream in %s chunk
Unknown zTXt compression type %d
gamma = (%d/100000)
wx=%f, wy=%f, rx=%f, ry=%f
gx=%f, gy=%f, bx=%f, by=%f
incorrect gamma=(%d/100000)
Unknown compression type %d
white_x=%f, white_y=%f
zero length keyword
Out of memory while procesing keyword
invalid keyword character 0xX
trailing spaces removed from keyword
leading spaces removed from keyword
extra interior spaces removed from keyword
Zero length keyword
keyword length must be 1 - 79 characters
Empty keyword in sPLT chunk
Empty keyword in iCCP chunk
Empty keyword in tEXt chunk
Empty keyword in zTXt chunk
OpenAL32.dll
%s_%d.m
Xiph.Org libVorbis I 20050304
%s:%d:
bad argument #%d (%s)
calling '%s' on bad self (%s)
bad argument #%d to '%s' (%s)
%s expected, got %s
stack overflow (%s)
invalid option '%s'
name conflict for module '%s'
cannot %s %s: %s
PANIC: unprotected error in call to Lua API (%s)
$Lua: Lua 5.1.4 Copyright (C) 1994-2008 Lua.org, PUC-Rio $
$URL: VVV.lua.org $
%s:%d: %s
attempt to compare two %s values
attempt to compare %s with %s
attempt to %s %s '%s' (a %s value)
attempt to %s a %s value
in function '%s'
in function <%s:%d>
missing '[' after '%%f' in pattern
^$* ?.([%-
'string.gfind' was renamed to 'string.gmatch'
invalid replacement value (a %s)
invalid option '%%%c' to 'format'
%s: %s
MbP?field '%s' missing in date table
standard %s file is closed
invalid value (%s) at index %d in table for 'concat'
system error %d
'package.%s' must be a string
no file '%s'
error loading module '%s' from file '%s':
luaopen_%s
no module '%s' in file '%s'
'package.preload' must be a table
no field package.preload['%s']
loop or previous error loading module '%s'
'package.loaders' must be a table
module '%s' not found:%s
.\?.lua;!\lua\?.lua;!\lua\?\init.lua;!\?.lua;!\?\init.lua
.\?.dll;!\?.dll;!\loadall.dll
no function environment for tail call at level %d
%s: %p
cannot resume %s coroutine
Yinvalid key to 'next'
char(%d)
%s near '%s'
%s: %s in precompiled chunk
'%s' expected
main function has more than %d %s
function at line %d has more than %d %s
'%s' expected (to close '%s' at line %d)
%ld%c
.AppleDouble/
.resource/
resource.frk/
.notdef
eexec
Windows FNT
.null
 ! % ) - 11
deflate 1.2.3 Copyright 1995-2005 Jean-loup Gailly
inflate 1.2.3 Copyright 1995-2005 Mark Adler
-2147483648
-9223372036854775808
GC ERROR: %s, object=$%p
%s:%u: failed assertion `%s'
RegDeleteKeyA
RegEnumKeyA
RegOpenKeyA
CreatePipe
PeekNamedPipe
glViewport
ShellExecuteW
GetKeyState
MsgWaitForMultipleObjects
SetWindowsHookExA
COMCTL32.DLL
COMDLG32.DLL
OPENGL32.DLL
SHELL32.DLL
WINMM.DLL
WS2_32.DLL
<description>Windows forms common control manifest</description>
<assemblyIdentity type="win32" name="Microsoft.Windows.Common-Controls" version="6.0.0.0" processorArchitecture="x86" publicKeyToken="6595b64144ccf1df" language="*" />
<supportedOS Id="{e2011457-1546-43c5-a5fe-008deee3d3f0}"/>
<!--Kompatibilitat zu Windows 7 -->
<supportedOS Id="{35138b9a-5d96-4fbd-8e2d-a2440225f93a}"/>
<requestedExecutionLevel level="requireAdministrator" uiAccess="false"/>
hXXp://VVV.usertrust.com1
1hXXp://crl.usertrust.com/UTN-USERFirst-Object.crl0t
1hXXp://crt.usertrust.com/UTNAddTrustObject_CA.crt0%
hXXp://ocsp.usertrust.com0
hXXps://secure.comodo.net/CPS0A
0hXXp://crl.comodoca.com/COMODOCodeSigningCA2.crl0r
0hXXp://crt.comodoca.com/COMODOCodeSigningCA2.crt0$
hXXp://ocsp.comodoca.com0
[email protected]
Paint.NET v3.5.100
:b.GH
4.Bn"
1.Bn,
2"&,\45>
*.**)
.uy}"
_windows
:brl.max2d.TImageFont
IconUrl
IconLocalUrl
ImageUrl
ImageLocalUrl
DownloadUrl
FileLocalUrl
LicenceUrl
PolicyUrl
PrivacyUrl
RegistryKeysInstall
RegistryKeysActive
(:twrc.rjson.TObject):Bundle
InstallChromeAddon
InstallExe
(:twrc.rjson.TObject):InstallOption
(:maxgui.maxgui.TGadget,i)i
($,:brl.threads.TThread)i
RegistryKeys
(:twrc.rjson.TObject):ForeignInstallInfo
:brl.socketstream.TSocketStream
(:brl.event.TEvent)i
:maxgui.maxgui.TGuiFont
(:maxgui.maxgui.TGadget,i,i,i,i)[]i
:brl.max2d.TImage
(i,i,i,i,:maxgui.maxgui.TGadget,i,i):TCheckbox
($,i,i,i,i,:maxgui.maxgui.TGadget):TLinkCheckbox
(i,i,i,i,:maxgui.maxgui.TGadget):TSeparator
localurl
winload_url
iconUrl
localIconUrl
(:twrc.rjson.TObject):FileStruct
Reporting
TYPE_WEBSITE
_downloadUrl
:brl.threads.TThread
gotoUrl
Chrome
pathToExe
ChromeExtension
updateUrl
($):ChromeExtension
Firefox
FirefoxExtension
_homepageURL
($):FirefoxExtension
preventExecution
allowExecution
Is64BitOperatingSystem
unzip 1.01 Copyright 1998-2004 Gilles Vollant - hXXp://VVV.winimage.com/zLibDll
zip 1.01 Copyright 1998-2004 Gilles Vollant - hXXp://VVV.winimage.com/zLibDll
3.3.5
SQL logic error or missing database
kernel lacks large file support
%s\sqlite_
2147483647
keyinfo(%d
%s-mjX
sqlite_version
no such collation sequence: %s
SQLite format 3
invalid page number %d
2nd reference to page %d
Failed to read ptrmap key=%d
Bad ptr map entry key=%d expected=(%d,%d) got=(%d,%d)
%d of %d pages missing from overflow list starting at %d
failed to get page %d
freelist leaf count too big on page %d
Page %d:
unable to get the page. error code=%d
initPage() returns error code %d
Multiple uses for byte %d of page %d
On tree page %d cell %d:
On page %d at right child:
Corruption detected in cell %d on page %d
Fragmented space is %d byte reported as %d on page %d
Unable to malloc %d bytes
Page %d is never used
Pointer map page %d is referenced
Outstanding page count goes from %d to %d during this analysis
no such table: %s.%s
no such table: %s
sqlite_temp_master
sqlite_master
sqlite_
object name reserved for internal use: %s
duplicate column name: %s
default value of column [%s] is not constant
CREATE %s %.*s
UPDATE %Q.%s SET type='%s', name=%Q, tbl_name=%Q, rootpage=#0, sql=%Q WHERE rowid=#1
CREATE TABLE %Q.sqlite_sequence(name,seq)
view %s is circularly defined
UPDATE %Q.%s SET rootpage=%d WHERE #0 AND rootpage=#0
foreign key on %s should reference only one column of table %T
number of columns in foreign key does not match the number of columns in the referenced table
unknown column "%s" in foreign key definition
indexed columns are not unique
no such index: %S
index associated with UNIQUE or PRIMARY KEY constraint cannot be dropped
DELETE FROM %Q.%s WHERE name=%Q
table %s may not be indexed
views may not be indexed
index %s already exists
there is already a table named %s
sqlite_autoindex_
CREATE%s INDEX %.*s
INSERT INTO %Q.%s VALUES('index',%Q,%Q,#0,%Q);
table %s has no column named %s
table "%s" has more than one primary key
AUTOINCREMENT is only allowed on an INTEGER PRIMARY KEY
table %s may not be dropped
use DROP TABLE to delete table %s
use DROP VIEW to delete view %s
DELETE FROM %s.sqlite_sequence WHERE name=%Q
DELETE FROM %Q.%s WHERE tbl_name=%Q and type!='trigger'
there is already an index named %s
sqlite_sequence
unable to identify the object to be reindexed
CREATE TABLE sqlite_master(
sql text
CREATE TEMP TABLE sqlite_temp_master(
unsupported file format
SELECT name, rootpage, sql, '%s' FROM '%q'.%s
database schema is locked: %s
RowKey
transaction - SQL statements in progress
SELECT name, rootpage, sql, %d FROM '%q'.%s WHERE %s
Ad-d-d d:d:d
d:d:d
d-d-d
d.d
too many attached databases - max %d
database %s is already in use
unable to open database: %s
no such database: %s
cannot detach database %s
sqlite_detach
sqlite_attach
%s %T cannot reference objects in database %s
%.*s%Q%s
sqlite_rename_table
sqlite_rename_trigger
%s OR name=%Q
there is already another table or index with this name: %s
table %s may not be altered
UPDATE %Q.%s SET sql = CASE WHEN type = 'trigger' THEN sqlite_rename_trigger(sql, %Q)ELSE sqlite_rename_table(sql, %Q) END, tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqlite_autoindex%%' AND type='index' THEN 'sqlite_autoindex_' || %Q || substr(name, %d 18,10) ELSE name END WHERE tbl_name=%Q AND (type='table' OR type='index' OR type='trigger');
UPDATE %Q.sqlite_sequence set name = %Q WHERE name = %Q
UPDATE sqlite_temp_master SET sql = sqlite_rename_trigger(sql, %Q), tbl_name = %Q WHERE %s;
Cannot add a PRIMARY KEY column
UPDATE %Q.%s SET sql = substr(sql,1,%d) || ', ' || %Q || substr(sql,%d,length(sql)) WHERE type = 'table' AND name = %Q
cannot create %s trigger on view: %S
cannot create INSTEAD OF trigger on table: %S
no such trigger: %S
variable number must be between ?1 and ?%d
no such column: %s
ambiguous column name: %s
table %s may not be modified
cannot modify %s because it is a view
unknown or unsupported join type: %T%s%T%s%T
RIGHT and FULL OUTER JOINs are not currently supported
column%d
%s BY terms must not be non-integer constants
%s BY column number %d out of range - should be between 1 and %d
%s:%d
cannot have both ON and USING clauses in the same join
sqlite_subquery_%p_
a NATURAL join may not have an ON or USING clause
cannot join using column %s - column not present in both tables
%s.%s
ORDER BY term number %d does not match any result column
ORDER BY position %d should be between 1 and %d
ORDER BY clause should come after %s not before
LIMIT clause should come after %s not before
SELECTs to the left and right of %s do not have the same number of result columns
ABORTABLEFTEMPORARYADDATABASELECTHENDEFAULTRANSACTIONATURALTERAISEACHECKEYAFTEREFERENCESCAPELSEXCEPTRIGGEREGEXPLAINITIALLYANALYZEXCLUSIVEXISTSTATEMENTANDEFERRABLEATTACHAVINGLOBEFOREIGNOREINDEXAUTOINCREMENTBEGINNERENAMEBETWEENOTNULLIKEBYCASCADEFERREDELETECASECASTCOLLATECOLUMNCOMMITCONFLICTCONSTRAINTERSECTCREATECROSSCURRENT_DATECURRENT_TIMESTAMPLANDESCDETACHDISTINCTDROPRAGMATCHFAILIMITFROMFULLGROUPDATEIFIMMEDIATEINSERTINSTEADINTOFFSETISNULLJOINORDEREPLACEOUTERESTRICTPRIMARYQUERYRIGHTROLLBACKROWHENUNIONUNIQUEUSINGVACUUMVALUESVIEWHERE
illegal return value (%d) from the authorization function - should be SQLITE_OK, SQLITE_IGNORE, or SQLITE_DENY
access to %s.%s.%s is prohibited
access to %s.%s is prohibited
sqlite_stat1
CREATE TABLE %Q.sqlite_stat1(tbl,idx,stat)
DELETE FROM %Q.sqlite_stat1 WHERE tbl=%Q
SELECT idx, stat FROM %Q.sqlite_stat1
PRAGMA vacuum_db.synchronous=OFF
SELECT 'CREATE TABLE vacuum_db.' || substr(sql,14,100000000) FROM sqlite_master WHERE type='table' AND name!='sqlite_sequence'
SELECT 'CREATE INDEX vacuum_db.' || substr(sql,14,100000000) FROM sqlite_master WHERE sql LIKE 'CREATE INDEX %'
SELECT 'CREATE UNIQUE INDEX vacuum_db.' || substr(sql,21,100000000) FROM sqlite_master WHERE sql LIKE 'CREATE UNIQUE INDEX %'
SELECT 'CREATE VIEW vacuum_db.' || substr(sql,13,100000000) FROM sqlite_master WHERE type='view'
SELECT 'INSERT INTO vacuum_db.' || quote(name) || ' SELECT * FROM ' || quote(name) || ';'FROM sqlite_master WHERE type = 'table' AND name!='sqlite_sequence';
SELECT 'DELETE FROM vacuum_db.' || quote(name) || ';' FROM vacuum_db.sqlite_master WHERE name='sqlite_sequence'
SELECT 'INSERT INTO vacuum_db.' || quote(name) || ' SELECT * FROM ' || quote(name) || ';' FROM vacuum_db.sqlite_master WHERE name=='sqlite_sequence';
SELECT 'CREATE TRIGGER vacuum_db.' || substr(sql, 16, 1000000) FROM sqlite_master WHERE type='trigger'
PRIMARY KEY must be unique
table %S has %d columns but %d values were supplied
%d values for %d columns
table %S has no column named %s
Aat most %d tables in a join
TABLE %s
%z AS %s
%z WITH INDEX %s
%z USING PRIMARY KEY
incomplete SQL statement
sql_trace
foreign_key_list
*** in database %s ***
unsupported encoding: %s
operand of unlimited repeat could match the empty string
POSIX named classes are supported only within a class
erroffset passed as NULL
POSIX collating elements are not supported
this version of PCRE is not compiled with PCRE_UTF8 support
PCRE does not support \L, \l, \N, \U, or \u
support for \P, \p, and \X has not been compiled
(*VERB) with an argument is not supported
!"#$%&'((()* ,-./01
Mhtmlview TODO error line:%d
18DWebBrowserEvents2
22DWebBrowserEventsImpl2
EnumChildWindows
SetWindowsHookExW
UnhookWindowsHookEx
Wr%S< 8J^
MSIMG32.DLL
OLE32.dll
OLEAUT32.DLL
PSAPI.DLL
WSOCK32.DLL
KeyDown
KeyUp
KeyChar
KeyRepeat
HotkeyHit
WindowSize
%d %b %Yib
%H:%M:%S
http:
blitzfont.bin
gldrawtextfont.bin
PipeStream ReadBuffer Overflow
.language.ini
user32.dll
uxtheme.dll
msftedit.dll
riched20.dll
comctl32.dll
{8CC497C0-A1DF-11ce-8098-00AA0047BE5D}
Parent isn't a treeview node. Use TreeViewRoot() when creating a root node.is
{332c4425-26cb-11d0-b483-00c04fd90119}
HTTP/1.0
0123456789
[ERROR] expected open-curly-brace character at position
[ERROR] expected comma or semicolon or close-curly-brace character but found
[ERROR] expected close-curly-brace character at position
SOFTWARE\Microsoft\NET Framework Setup\NDP\v2.0.50727\
SOFTWARE\Microsoft\NET Framework Setup\NDP\v1.1.4322\
Software\Microsoft\Active Setup\Installed Components\{FDC11A6F-17D1-48f9-9EA3-9051954BAA24}
1.0.3705.3
1.0.3705.2
Software\Microsoft\Active Setup\Installed Components\{78705f0d-e8db-4b2d-8193-982bdda15ecd}
1.0.3705.1
SOFTWARE\Microsoft\.NET Framework\Policy\v1.0\
TZipReader.getFileInfo(): Invalid index
Invalid syntax for URL (ex. zipe::zipfilename::file_in_zip::password)
../static/licence.txt
NirCmd
NirCmd.exe
../static/nircmdc.exe
mscoree.dll
Sysinternals - VVV.sysinternals.com
pkill.exe
../static/pskill.exe
httppM
WindowSizepM
%d %b %YibpM
%H:%M:%SpM
UNSUPPORTEDMODE
_clipper.Release_=pM
_renderSurf.Release_=
_primSurf.Release_=i
device does not support clipplanes
.exepM
.modpM
.mod/
.bmxpM
INVALID_OPERATION
--trkurlpM
msiexec /i
HKEY_CLASSES_ROOT
HKEY_CURRENT_USER
HKEY_LOCAL_MACHINEpM
HKEY_USERSpM
HTTP/1.1
hXXp://
VVV.pM
Request-Url
../static/spwn.exe
inc/static/checkbox/deactivated-ticked.png
inc/static/checkbox/deactivated-unticked.png
inc/static/checkbox/hover-ticked.png
inc/static/checkbox/hover-unticked.png
inc/static/checkbox/idle-ticked.png
inc/static/checkbox/idle-unticked.png
inc/static/setupicon.png
inc/static/setupbg.png
inc/static/icon.ico
chrome-addon
.html
firefox.exe
chrome.exe
iexplore.exe
https
CHROME_EXT://
HKEY_LOCAL_MACHINE
HKEY_USERS
C:\test
--trkurl
image_url
download_url
download_url_64
licence_url
policy_url
privacy_url
registry_key_install
registry_key_active
\sdanircmdc.exe
\sdapskill.exe
\sdaspwn.exe
VVV.giga.de
config.php
subscribe.php
track.php
staging.giga.de
fmostaging.giga.de
local.giga.de
incbin::../static/licence.txt
nschten Operationen aus.
%FILE%
%PROGRAM_URL%
Setup.exe
%%TRACKING_URL%%
[{000214A0-0000-0000-C000-000000000046}]
HotKey=0
\setup.ico
ffnen.url
incbin::inc/static/setupbg.png
incbin::inc/static/setupicon.png
incbin::inc/static/checkbox/idle-ticked.png
incbin::inc/static/checkbox/hover-ticked.png
incbin::inc/static/checkbox/deactivated-ticked.png
incbin::inc/static/checkbox/idle-unticked.png
incbin::inc/static/checkbox/hover-unticked.png
incbin::inc/static/checkbox/deactivated-unticked.png
\sdanircmdc.exe killprocess
\sdapskill.exe -t
Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice\
http\shell\open\command\
chrome
firefox
opera.exe
opera
Safari.exe
Opera.HTML
ChromeHTML
FirefoxHTML
Software\Wow6432Node\Microsoft\Windows\CurrentVersion\App Paths\chrome.exe
Software\Microsoft\Windows\CurrentVersion\App Paths\chrome.exe
\AppData\Local\Google\Chrome\User Data\Default\Preferences
\AppData\Local\Google\Chrome\User Data\Default\Extensions\
\ChromeExtensions\
Software\Google\Chrome\Extensions\
Software\Wow6432Node\Google\Chrome\Extensions\
chrome EXE:
urls_to_restore_on_startup
startup_urls
chrome://newtab
\manifest.json
Software\Wow6432Node\Mozilla\Mozilla Firefox\
PathToExe
Software\Mozilla\Mozilla Firefox\
\install.rdf
\AppData\Roaming\Mozilla\Firefox\Profiles\
\extensions.sqlite
INSERT INTO locale (name, description, creator, homepageURL) VALUES
id, syncGUID, location, version, type, internalName, updateURL, updateKey, optionsURL, optionsType, aboutURL, iconURL, icon64URL,
, 1, 1, 0, 0, 0, '
'', '', '', '', '', '', '', '',
, '', '', 0, 0, 0, 0
\extensions.json
homepageURL
\extensions.ini
\prefs.js
user_pref("extensions.bootstrappedAddons",
user_pref("extensions.bootstrappedAddons", "{
parent.lock
localstore-safe.rdf
Telemetry.ShutdownTime.txt
places.sqlite-shm.txt
places.sqlite-wal
cookies.sqlite-shm
cookies.sqlite-wal
sessionstore.js
sessionstore.bak
"browser.startup.homepage"
user_pref("browser.startup.homepage", "
"browser.startup.homepage", "([^"] )"
"browser.startup.homepage", "
"browser.startup.homepage", "\1|
user_pref("browser.startup.homepage", "about:home|
em:homepageURL
RUNDLL32.EXE USER32.DLL,UpdatePerUserSystemParameters ,1 ,True
Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun
Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\
.----/01/01/01
{|{|{|{|{|{|{|{|{|{|{|{|{|{|{|{|{|{|{|{|{|{|{|{|{|{|{|
{|{|{|{|{|{|{|
Web View
Web Host

%original file name%.exe_860_rwx_00401000_002CB000:




%u&C9
%u:F9
(:brl.stream.TStream,i,i)i
:brl.bank.TBank
(:brl.bank.TBank):TBankStream
OpenURL
(:brl.stream.TStream):TPixmap
:brl.font.TFont
[]:brl.pixmap.TPixmap
(i,i,i):brl.pixmap.TPixmap
(i,:brl.pixmap.TPixmap)i
:brl.pixmap.TPixmap
(:brl.pixmap.TPixmap,i):TImageFrame
SetViewport
(:brl.pixmap.TPixmap,i,i)i
(i,i,i,i):brl.pixmap.TPixmap
viewport_x
viewport_y
viewport_w
viewport_h
:brl.graphics.TGraphics
(:brl.graphics.TGraphics,:TMax2DDriver):TMax2DGraphics
()[]:brl.graphics.TGraphicsMode
(:brl.graphics.TGraphics)i
:brl.graphics.TGraphicsMode
(:brl.pixmap.TPixmap,i):TGLImageFrame
(i,i):brl.max2d.TMax2DGraphics
(i,i,i,i,i):brl.max2d.TMax2DGraphics
TPipeStream
ReadPipe
(i,i):TPipeStream
pipe
:TPipeStream
:brl.event.TEvent
(f,:brl.event.TEvent):TTimer
TKeyValue
TKeyEnumerator
ValueForKey
Keys
(:brl.stream.TStream,i):TTextStream
(:Object,$,$,i,i):brl.stream.TStream
:brl.map.TMap
(:maxgui.localization.TMaxGUILanguage)i
(i):brl.pixmap.TPixmap
:brl.linkedlist.TList
(:brl.event.TEvent,:Object)i
datakeys
((:brl.event.TEvent,:Object)i,:Object)i
KeysFromList
(:brl.linkedlist.TList)[]$
KeysFromObjectArray
InsertItemFromKey
(:brl.pixmap.TPixmap,i)i
SetHotKey
(i):brl.graphics.TGraphics
():brl.graphics.TGraphics
THotKey
:THotKey
dwWindowStatus
crTextColor
biClrImportant
TWindowsGUIDriver
(i,:TWindowsGadget)i
KeyboardProc
HotkeyEventFromWp
(i):brl.event.TEvent
(i,i,i,i,:maxgui.maxgui.TGadget)i
(i,$,i,i,i,i,:maxgui.maxgui.TGadget,i):maxgui.maxgui.TGadget
():maxgui.maxgui.TGadget
($,i,i):maxgui.maxgui.TGuiFont
($,d,i):maxgui.maxgui.TGuiFont
(i,d,i):maxgui.maxgui.TGuiFont
(:maxgui.maxgui.TGuiFont):maxgui.maxgui.TGuiFont
(:Object):maxgui.maxgui.TIconStrip
TWindowsGadget
_hotkey
:maxgui.maxgui.THotKey
:TWindowsFont
(:maxgui.maxgui.TGuiFont)i
TWindowsDesktop
TWindowsWindow
:TWindowsMenu
(:maxgui.maxgui.TGadget,i):TWindowsWindow
(:maxgui.maxgui.TGadget,:Object)i
TWindowsButton
(:maxgui.maxgui.TGadget,i):TWindowsButton
(:brl.pixmap.TPixmap)i
TWindowsTextField
(:maxgui.maxgui.TGadget,i):TWindowsTextField
TWindowsTextArea
:pub.win32.CHARRANGE
:pub.win32.CHARFORMATW
:pub.win32.GUID
(:maxgui.maxgui.TGadget,i):TWindowsTextArea
TWindowsListBox
:TWindowsIconStrip
(:maxgui.maxgui.TGadget,i):TWindowsListBox
(:maxgui.maxgui.TIconStrip)i
TWindowsComboBox
(:maxgui.maxgui.TGadget,i):TWindowsComboBox
TWindowsToolBar
(:maxgui.maxgui.TGadget,i):TWindowsToolBar
TWindowsTabber
(:maxgui.maxgui.TGadget,i):TWindowsTabber
TWindowsTreeNode
:TWindowsTreeNode
(:TWindowsTreeView):TWindowsTreeNode
($,:maxgui.maxgui.TGadget,i,i,i):TWindowsTreeNode
(i,$,i):maxgui.maxgui.TGadget
TWindowsTreeView
(:maxgui.maxgui.TGadget,i):TWindowsTreeView
TWindowsLabel
(:maxgui.maxgui.TGadget,i):TWindowsLabel
TWindowsSlider
(:maxgui.maxgui.TGadget,i):TWindowsSlider
TWindowsProgressBar
(:maxgui.maxgui.TGadget,i):TWindowsProgressBar
TWindowsPanel
(:maxgui.maxgui.TGadget,i):TWindowsPanel
TWindowsHTMLView
?pub.win32.IWebBrowser2
(:maxgui.maxgui.TGadget,i):TWindowsHTMLView
TWindowsMenu
_hotkeycode
SetNewKey
GetMenuFromKey
(i):TWindowsMenu
($,:maxgui.maxgui.TGadget,i):TWindowsMenu
TWindowsIconStrip
(:Object):TWindowsIconStrip
():TWindowsIconStrip
TWindowsFont
(i):TWindowsFont
(:pub.win32.LOGFONTW,i,d)i
($,d,i):TWindowsFont
(:pub.win32.LOGFONTW,i,i):TWindowsFont
(:maxgui.maxgui.TGuiFont):TWindowsFont
(d,i):TWindowsFont
TWindowsGraphic
(:brl.pixmap.TPixmap,i,i,i)i
[]:maxgui.maxgui.TGadget
:maxgui.maxgui.TGadget
(i,i,i,i,:maxgui.maxgui.TGadget,i):TSplitter
(i):maxgui.maxgui.TGadget
(:brl.pixmap.TPixmap):brl.pixmap.TPixmap
(:brl.pixmap.TPixmap,f):brl.pixmap.TPixmap
pnlViewport
(i,i,i,i,:maxgui.maxgui.TGadget,i):TScrollPanel
FitToViewport
(:maxgui.maxgui.TGadget,:maxgui.maxgui.TGadget)i
($,i,i,i,i,:maxgui.maxgui.TGadget,i,$):THyperlinkGadget
(:brl.event.TEvent):brl.event.TEvent
getExecOpt
TRegExException
(i,$):TRegExException
():brl.linkedlist.TList
(:brl.linkedlist.TList):brl.linkedlist.TList
_localPort
_remotePort
SetTCPNoDelay
LocalPort
RemotePort
CreateUDP
CreateTCP
(:brl.stream.TStream):brl.stream.TStream
:brl.socket.TSocket
():brl.socket.TSocket
(:brl.socket.TSocket,i):TSocketStream
THTTPStreamFactory
(:Object,:brl.reflection.TTypeId):TValue
(:TValue,:brl.reflection.TTypeId):Object
(:brl.reflection.TTypeId):brl.linkedlist.TList
(:TValue,:TValue,:brl.linkedlist.TList,[]:TValue_Selector_Token):brl.linkedlist.TList
(:brl.stream.TStream,$,$)i
($,i,$):brl.ramstream.TRamStream
(i,i,i):brl.ramstream.TRamStream
:brl.stream.TStream
(:brl.stream.TStream,i,i):TZipFileList
():brl.bank.TBank
(:brl.stream.TStream)i
password
(:brl.stream.TStream):brl.pixmap.TPixmap
1. Der "Software Download Assistent von giga.de" (nachfolgend SDA) ist ein kostenloser Service der Webseite VVV.giga.de. Dem Kunden wird mit dem Download des SDA ein nicht ausschlie
lich auf das Downloaden der auf der Webseite VVV.giga.de von der GIGA Digital AG angebotenen Software-Programme anderer Anbieter. F
r die mit Hilfe des SDA von der Webseite von GIGA Digital AG heruntergeladene Fremdsoftware (siehe auch Ziffer 1 letzter Satz).
.rsrc
JuAV.CS~
1y.Gh6
vapi32.dllCreateP
irCmd vF71 (Conso
m\\.\
0/222^ /
HKEY_LOCAL_MACH
C.pdb
nv.onm&Va
n"81IKey
KERNEL32.DLL
ADVAPI32.dll
GDI32.dll
msvcrt.dll
ole32.dll
SHELL32.dll
USER32.dll
WINMM.dll
RegCloseKey
ShellExecuteA
.text
`.rdata
@.data
vSSSh
FTPjK
FtPj;
C.PjRV
tGHt.Ht&
ntdll.dll
\b EFFET JURIDIQUE.\b0 Le pr\'e9sent contrat d\'e9crit certains droits juridiques. Vous pourriez avoir d'autres droits pr\'e9vus par les lois de votre pays. Le pr\'e9sent contrat ne modifie pas les droits que vous conf\'e8rent les lois de votre pays si celles-ci ne le permettent pas.\b\par
\pard\sb240\lang1036 Remarque : Ce logiciel \'e9tant distribu\'e9 au Qu\'e9bec, Canada, certaines des clauses dans ce contrat sont fournies ci-dessous en fran\'e7ais.\par
\pard\fi-357\li357\sb120\sa120\tx360\caps\fs20 8.\tab\fs19 Legal Effect.\b0\caps0 This agreement describes certain legal rights. You may have other rights under the laws of your country. You may also have rights with respect to the party from whom you acquired the software. This agreement does not change your rights under the laws of your country if the laws of your country do not permit it to do so.\b\caps\par
\caps\fs20 6.\tab\fs19 Entire Agreement.\b0\caps0 This agreement, and the terms for supplements, updates, Internet-based services and support services that you use, are the entire agreement for the software and support services.\par
\caps\fs20 5.\tab\fs19 SUPPORT SERVICES.\caps0 \b0 Because this software is \ldblquote as is,\rdblquote we may not provide support services for it.\b\par
\caps\fs20 4.\tab\fs19 Export Restrictions\caps0 .\b0 The software is subject to United States export laws and regulations. You must comply with all domestic and international export laws and regulations that apply to the software. These laws include restrictions on destinations, end users and end use. For additional information, see \cf1\ul VVV.microsoft.com/exporting <hXXp://VVV.microsoft.com/exporting>\cf0\ulnone .\b\par
\caps\fs20 2.\tab\fs19 Scope of License\caps0 .\b0 The software is licensed, not sold. This agreement only gives you some rights to use the software. Sysinternals reserves all other rights. Unless applicable law gives you more rights despite this limitation, you may use the software only as expressly permitted in this agreement. In doing so, you must comply with any technical limitations in the software that only allow you to use it in certain ways. You may not\b\par
\'b7\tab support services\par
\pard\sb120\sa120\b0\fs19 These license terms are an agreement between Sysinternals (a wholly owned subsidiary of Microsoft Corporation) and you. Please read them. They apply to the software you are downloading from Systinternals.com, which includes the media on which you received it, if any. The terms also apply to any Sysinternals\par
{\*\generator Msftedit 5.41.21.2506;}\viewkind4\uc1\pard\brdrb\brdrs\brdrw10\brsp20 \sb120\sa120\b\f0\fs24 SYSINTERNALS SOFTWARE LICENSE TERMS\fs28\par
%s License Agreement
Riched32.dll
Software\Sysinternals\%s
Shell32.dll
\\.\%s
netmsg.dll
\\%s\IPC$
\\%s\ADMIN$\%s
%s\%s
Make sure that the default admin$ share is enabled on %s.
Make sure that file and print sharing services are enabled on %s.
Couldn't access %s:
Couldn't install %s service:
Could not start %s service on %s:
%%SystemRoot%%\%s
Starting %s service on %s...
Timeout accessing %s.
Connecting to %s...
Cannot connect to remote registry on %s:
Cannot log on to %s:
Password:
\\%s:
A system error has occurred: %d
Error opening %s:
\StringFileInfo\XX\%s
%s requires Windows NT/2000/XP/2003.
Process %d does not exist on %s.
Process %s does not exist on %s.
Error killing process %d on %s:
Error killing process(es) named %s on %s:
Error communicating with pskill service on %s. The process may
Error communicating with pskill service on %s:
Killing process%s %d on %s...
Error establishing communication with pskill service on %s:
\\%s\pipe\pskllsvc
Connecting with pskill service on %s...
PSKLLSVC.EXE
you will be prompted to enter a hidden password.
-p Specifies optional password for user name. If you omit this
-u Specifies optional user name for login to
Usage: pskill [-t] [\\computer [-u username [-p password]]] <process ID | name>
Process %d killed.
Process %s killed.
%d processes named %s killed.
%d processes descended from and including %d killed.
%d processes named %s and their descendants killed.
Unable to kill process %d:
Unable to kill process %s:
Process %d on %s killed.
Process %s killed on %s.
%d processes named %s killed on %s.
PsKill requires Windows NT or Windows 2000.
Please contact the application's support team for more information.
- Attempt to initialize the CRT more than once.
- CRT not initialized
- floating point support not loaded
ADVAPI32.DLL
GetProcessWindowStation
USER32.DLL
portuguese-brazilian
c:\src\Pstools\pskill\EXE\Release\pskill.pdb
VERSION.dll
NETAPI32.dll
WS2_32.dll
MPR.dll
ConnectNamedPipe
KERNEL32.dll
COMDLG32.dll
RegCreateKeyA
GetCPInfo
GetConsoleOutputCP
GetProcessHeap
\\.\pipe\pskllsvc
%s error: %d
Stopping %s.
%s (0x%x)
OpenSCManager failed - %s
CreateService failed - %s
%s installed.
Unable to install %s - %s
OpenService failed - %s
DeleteService failed - %s
%s removed.
%s failed to stop.
%s stopped.
Debugging %s.
%s -debug <params> to run as a console app for debugging
%s -remove to remove the service
%s -install to install the service
c:\src\Pstools\pskill\SVC\Release\pskllsvc.pdb
CreateNamedPipeA
ReportEventA
<requestedExecutionLevel level="asInvoker" uiAccess="false"></requestedExecutionLevel>
"hXXp://crl.verisign.com/tss-ca.crl0
hXXp://ocsp.verisign.com0
Thawte Certification1
0hXXp://crl.verisign.com/ThawteTimestampingCA.crl0
2Terms of use at hXXps://VVV.verisign.com/rpa (c)09100.
3hXXp://csc3-2009-2-crl.verisign.com/CSC3-2009-2.crl0D
hXXps://VVV.verisign.com/rpa0
hXXp://ocsp.verisign.com0?
3hXXp://csc3-2009-2-aia.verisign.com/CSC3-2009-2.cer0
.Class 3 Public Primary Certification Authority0
hXXps://VVV.verisign.com/cps0*
#hXXp://logo.verisign.com/vslogo.gif0
hXXp://ocsp.verisign.com01
hXXp://crl.verisign.com/pca3.crl0)
EhXXp://crl.microsoft.com/pki/crl/products/MicCodSigPCA_08-31-2010.crl0Z
>hXXp://VVV.microsoft.com/pki/certs/MicCodSigPCA_08-31-2010.crt0
ChXXp://crl.microsoft.com/pki/crl/products/MicrosoftTimeStampPCA.crl0X
<hXXp://VVV.microsoft.com/pki/certs/MicrosoftTimeStampPCA.crt0
$Microsoft Root Certificate Authority0
?hXXp://crl.microsoft.com/pki/crl/products/microsoftrootcert.crl0T
8hXXp://VVV.microsoft.com/pki/certs/MicrosoftRootCert.crt0
$Microsoft Root Certificate Authority
.tq[m
*hXXp://technet.microsoft.com/sysinternals 0
`.data
.rdata
@.bss
.idata
Ph.IO
YtCPV
FTPS
;%u#j
8.uC@9
FTPW
1T?.GT?
U?%1U?GFU?c[U?ypU?
2x?'9x?-@x?.Gx?,Nx?$Ux?
Wp?.np?
(:brl.stream.TStream):TAudioSample
(:brl.audiosample.TAudioSample,i):TSound
D3DVIEWPORT9
D3DVERTEXELEMENT9
DDCOLORKEY
ddckDestColorkeyLo
ddckDestColorkeyHi
ddckSrcColorkeyLo
ddckSrcColorkeyHi
dwCKeyCaps
dwSVBCKeyCaps
dwVSBCKeyCaps
dwSSBCKeyCaps
dwMaxVideoPorts
dwCurrVideoPorts
dwNLVBCKeyCaps
dckDestColorkey
dckSrcColorkey
D3DVIEWPORT7
?pub.directx.IDirectDrawSurface7
?pub.directx.IDirectDrawClipper
():brl.graphics.TGraphicsDriver
():pub.directx.IDirectDrawSurface7
[]:brl.graphics.TGraphicsMode
?pub.directx.IDirectDraw7
?pub.directx.IDirect3D7
?pub.directx.IDirect3DDevice7
():pub.directx.IDirectDraw7
():pub.directx.IDirect3D7
():pub.directx.IDirect3DDevice7
(:pub.directx.DDSURFACEDESC2):pub.directx.IDirectDrawSurface7
(:pub.directx.IDirectDrawSurface7)i
:brl.dxgraphics.TD3D7Graphics
(i,i,i):brl.max2d.TImageFrame
(:brl.pixmap.TPixmap,i):brl.max2d.TImageFrame
(:brl.pixmap.TPixmap):pub.directx.IDirectDrawSurface7
:pub.directx.DDSurfaceDesc2
(i,i):brl.pixmap.TPixmap
:pub.directx.DDSURFACEDESC2
?pub.directx.IDirectSoundBuffer
(:brl.audio.TChannel):TDirectSoundChannel
(:brl.audiosample.TAudioSample,i):TDirectSoundSound
:brl.audio.TSound
?pub.directx.IDirectSound
(:brl.audio.TChannel):TFreeAudioChannel
(i,:brl.audiosample.TAudioSample):TFreeAudioSound
(:brl.audiosample.TAudioSample,i):TFreeAudioSound
():brl.pixmap.TPixmap
:pub.freetype.FTFace
TGNetMsg
():TGNetMsg
(:TGNetMsg)i
CreatedMsg
ClosedMsg
MessageMsg
(i):TGNetMsg
(:TGNetMsg,:TGNetPeer)i
RecvMsg
(*b):TGNetMsg
SendMsg
(:brl.stream.TStream):brl.audiosample.TAudioSample
(:brl.audio.TChannel):TOpenALChannel
(:brl.audiosample.TAudioSample,i):TOpenALSound
1.2.12
%d %s %d d:d:d  0000
libpng version 1.2.12 - June 27, 2006
libpng version 1.2.12 - June 27, 2006 (header)
1.2.3
1.0.6 or earlier
Only compression windows <= 32k supported by PNG
Only compression windows >= 256 supported by PNG
Only compression method 8 is supported by PNG
iTXt chunk not supported.
0123456789ABCDEFlibpng warning no. %s: %s
libpng warning: %s
libpng error no. %s: %s
libpng error: %s, offset=%d
libpng error: %s
NULL row buffer for row %ld, pass %d
Buffer error in compressed datastream in %s chunk
Data error in compressed datastream in %s chunk
Incomplete compressed datastream in %s chunk
Unknown zTXt compression type %d
gamma = (%d/100000)
wx=%f, wy=%f, rx=%f, ry=%f
gx=%f, gy=%f, bx=%f, by=%f
incorrect gamma=(%d/100000)
Unknown compression type %d
white_x=%f, white_y=%f
zero length keyword
Out of memory while procesing keyword
invalid keyword character 0xX
trailing spaces removed from keyword
leading spaces removed from keyword
extra interior spaces removed from keyword
Zero length keyword
keyword length must be 1 - 79 characters
Empty keyword in sPLT chunk
Empty keyword in iCCP chunk
Empty keyword in tEXt chunk
Empty keyword in zTXt chunk
OpenAL32.dll
%s_%d.m
Xiph.Org libVorbis I 20050304
%s:%d:
bad argument #%d (%s)
calling '%s' on bad self (%s)
bad argument #%d to '%s' (%s)
%s expected, got %s
stack overflow (%s)
invalid option '%s'
name conflict for module '%s'
cannot %s %s: %s
PANIC: unprotected error in call to Lua API (%s)
$Lua: Lua 5.1.4 Copyright (C) 1994-2008 Lua.org, PUC-Rio $
$URL: VVV.lua.org $
%s:%d: %s
attempt to compare two %s values
attempt to compare %s with %s
attempt to %s %s '%s' (a %s value)
attempt to %s a %s value
in function '%s'
in function <%s:%d>
missing '[' after '%%f' in pattern
^$* ?.([%-
'string.gfind' was renamed to 'string.gmatch'
invalid replacement value (a %s)
invalid option '%%%c' to 'format'
%s: %s
MbP?field '%s' missing in date table
standard %s file is closed
invalid value (%s) at index %d in table for 'concat'
system error %d
'package.%s' must be a string
no file '%s'
error loading module '%s' from file '%s':
luaopen_%s
no module '%s' in file '%s'
'package.preload' must be a table
no field package.preload['%s']
loop or previous error loading module '%s'
'package.loaders' must be a table
module '%s' not found:%s
.\?.lua;!\lua\?.lua;!\lua\?\init.lua;!\?.lua;!\?\init.lua
.\?.dll;!\?.dll;!\loadall.dll
no function environment for tail call at level %d
%s: %p
cannot resume %s coroutine
Yinvalid key to 'next'
char(%d)
%s near '%s'
%s: %s in precompiled chunk
'%s' expected
main function has more than %d %s
function at line %d has more than %d %s
'%s' expected (to close '%s' at line %d)
%ld%c
.AppleDouble/
.resource/
resource.frk/
.notdef
eexec
Windows FNT
.null
 ! % ) - 11
deflate 1.2.3 Copyright 1995-2005 Jean-loup Gailly
inflate 1.2.3 Copyright 1995-2005 Mark Adler
-2147483648
-9223372036854775808
GC ERROR: %s, object=$%p
%s:%u: failed assertion `%s'
RegDeleteKeyA
RegEnumKeyA
RegOpenKeyA
CreatePipe
PeekNamedPipe
glViewport
ShellExecuteW
GetKeyState
MsgWaitForMultipleObjects
SetWindowsHookExA
COMCTL32.DLL
COMDLG32.DLL
OPENGL32.DLL
SHELL32.DLL
WINMM.DLL
WS2_32.DLL
<description>Windows forms common control manifest</description>
<assemblyIdentity type="win32" name="Microsoft.Windows.Common-Controls" version="6.0.0.0" processorArchitecture="x86" publicKeyToken="6595b64144ccf1df" language="*" />
<supportedOS Id="{e2011457-1546-43c5-a5fe-008deee3d3f0}"/>
<!--Kompatibilitat zu Windows 7 -->
<supportedOS Id="{35138b9a-5d96-4fbd-8e2d-a2440225f93a}"/>
<requestedExecutionLevel level="requireAdministrator" uiAccess="false"/>
hXXp://VVV.usertrust.com1
1hXXp://crl.usertrust.com/UTN-USERFirst-Object.crl0t
1hXXp://crt.usertrust.com/UTNAddTrustObject_CA.crt0%
hXXp://ocsp.usertrust.com0
hXXps://secure.comodo.net/CPS0A
0hXXp://crl.comodoca.com/COMODOCodeSigningCA2.crl0r
0hXXp://crt.comodoca.com/COMODOCodeSigningCA2.crt0$
hXXp://ocsp.comodoca.com0
[email protected]
Paint.NET v3.5.100
:b.GH
4.Bn"
1.Bn,
2"&,\45>
*.**)
.uy}"
_windows
:brl.max2d.TImageFont
IconUrl
IconLocalUrl
ImageUrl
ImageLocalUrl
DownloadUrl
FileLocalUrl
LicenceUrl
PolicyUrl
PrivacyUrl
RegistryKeysInstall
RegistryKeysActive
(:twrc.rjson.TObject):Bundle
InstallChromeAddon
InstallExe
(:twrc.rjson.TObject):InstallOption
(:maxgui.maxgui.TGadget,i)i
($,:brl.threads.TThread)i
RegistryKeys
(:twrc.rjson.TObject):ForeignInstallInfo
:brl.socketstream.TSocketStream
(:brl.event.TEvent)i
:maxgui.maxgui.TGuiFont
(:maxgui.maxgui.TGadget,i,i,i,i)[]i
:brl.max2d.TImage
(i,i,i,i,:maxgui.maxgui.TGadget,i,i):TCheckbox
($,i,i,i,i,:maxgui.maxgui.TGadget):TLinkCheckbox
(i,i,i,i,:maxgui.maxgui.TGadget):TSeparator
localurl
winload_url
iconUrl
localIconUrl
(:twrc.rjson.TObject):FileStruct
Reporting
TYPE_WEBSITE
_downloadUrl
:brl.threads.TThread
gotoUrl
Chrome
pathToExe
ChromeExtension
updateUrl
($):ChromeExtension
Firefox
FirefoxExtension
_homepageURL
($):FirefoxExtension
preventExecution
allowExecution
Is64BitOperatingSystem
unzip 1.01 Copyright 1998-2004 Gilles Vollant - hXXp://VVV.winimage.com/zLibDll
zip 1.01 Copyright 1998-2004 Gilles Vollant - hXXp://VVV.winimage.com/zLibDll
3.3.5
SQL logic error or missing database
kernel lacks large file support
%s\sqlite_
2147483647
keyinfo(%d
%s-mjX
sqlite_version
no such collation sequence: %s
SQLite format 3
invalid page number %d
2nd reference to page %d
Failed to read ptrmap key=%d
Bad ptr map entry key=%d expected=(%d,%d) got=(%d,%d)
%d of %d pages missing from overflow list starting at %d
failed to get page %d
freelist leaf count too big on page %d
Page %d:
unable to get the page. error code=%d
initPage() returns error code %d
Multiple uses for byte %d of page %d
On tree page %d cell %d:
On page %d at right child:
Corruption detected in cell %d on page %d
Fragmented space is %d byte reported as %d on page %d
Unable to malloc %d bytes
Page %d is never used
Pointer map page %d is referenced
Outstanding page count goes from %d to %d during this analysis
no such table: %s.%s
no such table: %s
sqlite_temp_master
sqlite_master
sqlite_
object name reserved for internal use: %s
duplicate column name: %s
default value of column [%s] is not constant
CREATE %s %.*s
UPDATE %Q.%s SET type='%s', name=%Q, tbl_name=%Q, rootpage=#0, sql=%Q WHERE rowid=#1
CREATE TABLE %Q.sqlite_sequence(name,seq)
view %s is circularly defined
UPDATE %Q.%s SET rootpage=%d WHERE #0 AND rootpage=#0
foreign key on %s should reference only one column of table %T
number of columns in foreign key does not match the number of columns in the referenced table
unknown column "%s" in foreign key definition
indexed columns are not unique
no such index: %S
index associated with UNIQUE or PRIMARY KEY constraint cannot be dropped
DELETE FROM %Q.%s WHERE name=%Q
table %s may not be indexed
views may not be indexed
index %s already exists
there is already a table named %s
sqlite_autoindex_
CREATE%s INDEX %.*s
INSERT INTO %Q.%s VALUES('index',%Q,%Q,#0,%Q);
table %s has no column named %s
table "%s" has more than one primary key
AUTOINCREMENT is only allowed on an INTEGER PRIMARY KEY
table %s may not be dropped
use DROP TABLE to delete table %s
use DROP VIEW to delete view %s
DELETE FROM %s.sqlite_sequence WHERE name=%Q
DELETE FROM %Q.%s WHERE tbl_name=%Q and type!='trigger'
there is already an index named %s
sqlite_sequence
unable to identify the object to be reindexed
CREATE TABLE sqlite_master(
sql text
CREATE TEMP TABLE sqlite_temp_master(
unsupported file format
SELECT name, rootpage, sql, '%s' FROM '%q'.%s
database schema is locked: %s
RowKey
transaction - SQL statements in progress
SELECT name, rootpage, sql, %d FROM '%q'.%s WHERE %s
Ad-d-d d:d:d
d:d:d
d-d-d
d.d
too many attached databases - max %d
database %s is already in use
unable to open database: %s
no such database: %s
cannot detach database %s
sqlite_detach
sqlite_attach
%s %T cannot reference objects in database %s
%.*s%Q%s
sqlite_rename_table
sqlite_rename_trigger
%s OR name=%Q
there is already another table or index with this name: %s
table %s may not be altered
UPDATE %Q.%s SET sql = CASE WHEN type = 'trigger' THEN sqlite_rename_trigger(sql, %Q)ELSE sqlite_rename_table(sql, %Q) END, tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqlite_autoindex%%' AND type='index' THEN 'sqlite_autoindex_' || %Q || substr(name, %d 18,10) ELSE name END WHERE tbl_name=%Q AND (type='table' OR type='index' OR type='trigger');
UPDATE %Q.sqlite_sequence set name = %Q WHERE name = %Q
UPDATE sqlite_temp_master SET sql = sqlite_rename_trigger(sql, %Q), tbl_name = %Q WHERE %s;
Cannot add a PRIMARY KEY column
UPDATE %Q.%s SET sql = substr(sql,1,%d) || ', ' || %Q || substr(sql,%d,length(sql)) WHERE type = 'table' AND name = %Q
cannot create %s trigger on view: %S
cannot create INSTEAD OF trigger on table: %S
no such trigger: %S
variable number must be between ?1 and ?%d
no such column: %s
ambiguous column name: %s
table %s may not be modified
cannot modify %s because it is a view
unknown or unsupported join type: %T%s%T%s%T
RIGHT and FULL OUTER JOINs are not currently supported
column%d
%s BY terms must not be non-integer constants
%s BY column number %d out of range - should be between 1 and %d
%s:%d
cannot have both ON and USING clauses in the same join
sqlite_subquery_%p_
a NATURAL join may not have an ON or USING clause
cannot join using column %s - column not present in both tables
%s.%s
ORDER BY term number %d does not match any result column
ORDER BY position %d should be between 1 and %d
ORDER BY clause should come after %s not before
LIMIT clause should come after %s not before
SELECTs to the left and right of %s do not have the same number of result columns
ABORTABLEFTEMPORARYADDATABASELECTHENDEFAULTRANSACTIONATURALTERAISEACHECKEYAFTEREFERENCESCAPELSEXCEPTRIGGEREGEXPLAINITIALLYANALYZEXCLUSIVEXISTSTATEMENTANDEFERRABLEATTACHAVINGLOBEFOREIGNOREINDEXAUTOINCREMENTBEGINNERENAMEBETWEENOTNULLIKEBYCASCADEFERREDELETECASECASTCOLLATECOLUMNCOMMITCONFLICTCONSTRAINTERSECTCREATECROSSCURRENT_DATECURRENT_TIMESTAMPLANDESCDETACHDISTINCTDROPRAGMATCHFAILIMITFROMFULLGROUPDATEIFIMMEDIATEINSERTINSTEADINTOFFSETISNULLJOINORDEREPLACEOUTERESTRICTPRIMARYQUERYRIGHTROLLBACKROWHENUNIONUNIQUEUSINGVACUUMVALUESVIEWHERE
illegal return value (%d) from the authorization function - should be SQLITE_OK, SQLITE_IGNORE, or SQLITE_DENY
access to %s.%s.%s is prohibited
access to %s.%s is prohibited
sqlite_stat1
CREATE TABLE %Q.sqlite_stat1(tbl,idx,stat)
DELETE FROM %Q.sqlite_stat1 WHERE tbl=%Q
SELECT idx, stat FROM %Q.sqlite_stat1
PRAGMA vacuum_db.synchronous=OFF
SELECT 'CREATE TABLE vacuum_db.' || substr(sql,14,100000000) FROM sqlite_master WHERE type='table' AND name!='sqlite_sequence'
SELECT 'CREATE INDEX vacuum_db.' || substr(sql,14,100000000) FROM sqlite_master WHERE sql LIKE 'CREATE INDEX %'
SELECT 'CREATE UNIQUE INDEX vacuum_db.' || substr(sql,21,100000000) FROM sqlite_master WHERE sql LIKE 'CREATE UNIQUE INDEX %'
SELECT 'CREATE VIEW vacuum_db.' || substr(sql,13,100000000) FROM sqlite_master WHERE type='view'
SELECT 'INSERT INTO vacuum_db.' || quote(name) || ' SELECT * FROM ' || quote(name) || ';'FROM sqlite_master WHERE type = 'table' AND name!='sqlite_sequence';
SELECT 'DELETE FROM vacuum_db.' || quote(name) || ';' FROM vacuum_db.sqlite_master WHERE name='sqlite_sequence'
SELECT 'INSERT INTO vacuum_db.' || quote(name) || ' SELECT * FROM ' || quote(name) || ';' FROM vacuum_db.sqlite_master WHERE name=='sqlite_sequence';
SELECT 'CREATE TRIGGER vacuum_db.' || substr(sql, 16, 1000000) FROM sqlite_master WHERE type='trigger'
PRIMARY KEY must be unique
table %S has %d columns but %d values were supplied
%d values for %d columns
table %S has no column named %s
Aat most %d tables in a join
TABLE %s
%z AS %s
%z WITH INDEX %s
%z USING PRIMARY KEY
incomplete SQL statement
sql_trace
foreign_key_list
*** in database %s ***
unsupported encoding: %s
operand of unlimited repeat could match the empty string
POSIX named classes are supported only within a class
erroffset passed as NULL
POSIX collating elements are not supported
this version of PCRE is not compiled with PCRE_UTF8 support
PCRE does not support \L, \l, \N, \U, or \u
support for \P, \p, and \X has not been compiled
(*VERB) with an argument is not supported
!"#$%&'((()* ,-./01
Mhtmlview TODO error line:%d
18DWebBrowserEvents2
22DWebBrowserEventsImpl2
EnumChildWindows
SetWindowsHookExW
UnhookWindowsHookEx
Wr%S< 8J^
KeyDown
KeyUp
KeyChar
KeyRepeat
HotkeyHit
WindowSize
%d %b %Yib
%H:%M:%S
http:
blitzfont.bin
gldrawtextfont.bin
PipeStream ReadBuffer Overflow
.language.ini
user32.dll
uxtheme.dll
msftedit.dll
riched20.dll
comctl32.dll
{8CC497C0-A1DF-11ce-8098-00AA0047BE5D}
Parent isn't a treeview node. Use TreeViewRoot() when creating a root node.is
{332c4425-26cb-11d0-b483-00c04fd90119}
HTTP/1.0
0123456789
[ERROR] expected open-curly-brace character at position
[ERROR] expected comma or semicolon or close-curly-brace character but found
[ERROR] expected close-curly-brace character at position
SOFTWARE\Microsoft\NET Framework Setup\NDP\v2.0.50727\
SOFTWARE\Microsoft\NET Framework Setup\NDP\v1.1.4322\
Software\Microsoft\Active Setup\Installed Components\{FDC11A6F-17D1-48f9-9EA3-9051954BAA24}
1.0.3705.3
1.0.3705.2
Software\Microsoft\Active Setup\Installed Components\{78705f0d-e8db-4b2d-8193-982bdda15ecd}
1.0.3705.1
SOFTWARE\Microsoft\.NET Framework\Policy\v1.0\
TZipReader.getFileInfo(): Invalid index
Invalid syntax for URL (ex. zipe::zipfilename::file_in_zip::password)
../static/licence.txt
NirCmd
NirCmd.exe
../static/nircmdc.exe
mscoree.dll
Sysinternals - VVV.sysinternals.com
pkill.exe
../static/pskill.exe
httppM
WindowSizepM
%d %b %YibpM
%H:%M:%SpM
UNSUPPORTEDMODE
_clipper.Release_=pM
_renderSurf.Release_=
_primSurf.Release_=i
device does not support clipplanes
.exepM
.modpM
.mod/
.bmxpM
INVALID_OPERATION
--trkurlpM
msiexec /i
HKEY_CLASSES_ROOT
HKEY_CURRENT_USER
HKEY_LOCAL_MACHINEpM
HKEY_USERSpM
HTTP/1.1
hXXp://
VVV.pM
Request-Url
../static/spwn.exe
inc/static/checkbox/deactivated-ticked.png
inc/static/checkbox/deactivated-unticked.png
inc/static/checkbox/hover-ticked.png
inc/static/checkbox/hover-unticked.png
inc/static/checkbox/idle-ticked.png
inc/static/checkbox/idle-unticked.png
inc/static/setupicon.png
inc/static/setupbg.png
inc/static/icon.ico
chrome-addon
.html
firefox.exe
chrome.exe
iexplore.exe
https
CHROME_EXT://
HKEY_LOCAL_MACHINE
HKEY_USERS
C:\test
--trkurl
image_url
download_url
download_url_64
licence_url
policy_url
privacy_url
registry_key_install
registry_key_active
\sdanircmdc.exe
\sdapskill.exe
\sdaspwn.exe
VVV.giga.de
config.php
subscribe.php
track.php
staging.giga.de
fmostaging.giga.de
local.giga.de
incbin::../static/licence.txt
nschten Operationen aus.
%FILE%
%PROGRAM_URL%
Setup.exe
%%TRACKING_URL%%
[{000214A0-0000-0000-C000-000000000046}]
HotKey=0
\setup.ico
ffnen.url
incbin::inc/static/setupbg.png
incbin::inc/static/setupicon.png
incbin::inc/static/checkbox/idle-ticked.png
incbin::inc/static/checkbox/hover-ticked.png
incbin::inc/static/checkbox/deactivated-ticked.png
incbin::inc/static/checkbox/idle-unticked.png
incbin::inc/static/checkbox/hover-unticked.png
incbin::inc/static/checkbox/deactivated-unticked.png
\sdanircmdc.exe killprocess
\sdapskill.exe -t
Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice\
http\shell\open\command\
chrome
firefox
opera.exe
opera
Safari.exe
Opera.HTML
ChromeHTML
FirefoxHTML
Software\Wow6432Node\Microsoft\Windows\CurrentVersion\App Paths\chrome.exe
Software\Microsoft\Windows\CurrentVersion\App Paths\chrome.exe
\AppData\Local\Google\Chrome\User Data\Default\Preferences
\AppData\Local\Google\Chrome\User Data\Default\Extensions\
\ChromeExtensions\
Software\Google\Chrome\Extensions\
Software\Wow6432Node\Google\Chrome\Extensions\
chrome EXE:
urls_to_restore_on_startup
startup_urls
chrome://newtab
\manifest.json
Software\Wow6432Node\Mozilla\Mozilla Firefox\
PathToExe
Software\Mozilla\Mozilla Firefox\
\install.rdf
\AppData\Roaming\Mozilla\Firefox\Profiles\
\extensions.sqlite
INSERT INTO locale (name, description, creator, homepageURL) VALUES
id, syncGUID, location, version, type, internalName, updateURL, updateKey, optionsURL, optionsType, aboutURL, iconURL, icon64URL,
, 1, 1, 0, 0, 0, '
'', '', '', '', '', '', '', '',
, '', '', 0, 0, 0, 0
\extensions.json
homepageURL
\extensions.ini
\prefs.js
user_pref("extensions.bootstrappedAddons",
user_pref("extensions.bootstrappedAddons", "{
parent.lock
localstore-safe.rdf
Telemetry.ShutdownTime.txt
places.sqlite-shm.txt
places.sqlite-wal
cookies.sqlite-shm
cookies.sqlite-wal
sessionstore.js
sessionstore.bak
"browser.startup.homepage"
user_pref("browser.startup.homepage", "
"browser.startup.homepage", "([^"] )"
"browser.startup.homepage", "
"browser.startup.homepage", "\1|
user_pref("browser.startup.homepage", "about:home|
em:homepageURL
RUNDLL32.EXE USER32.DLL,UpdatePerUserSystemParameters ,1 ,True
Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun
Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\
.----/01/01/01
{|{|{|{|{|{|{|{|{|{|{|{|{|{|{|{|{|{|{|{|{|{|{|{|{|{|{|
{|{|{|{|{|{|{|
Web View
Web Host






Remove it with Ad-Aware




    

  1. Click (here) to download and install Ad-Aware Free Antivirus.
    2. 

  2. Update the definition files.
    3. 

  3. Run a full scan of your computer.
    4. 





Manual removal*




    

  1. Terminate malicious process(es) (How to End a Process With the Task Manager):No processes have been created.
    2. 

  2. Delete the original Trojan file.
    3. 

  3. Delete or disinfect the following files created/modified by the Trojan:
    

    %Documents and Settings%\%current user%\Local Settings\Temp\sdaspwn.exe (5662 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\sdapskill.exe (3635 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\sdanircmdc.exe (1960 bytes)
    

    4. 

  4. Clean the Temporary Internet Files folder, which may contain infected files (How to clean Temporary Internet Files folder).
    5. 

  5. Reboot the computer.
    6. 



*Manual removal may cause unexpected system behaviour and should be performed at your own risk.












 
 




 
No votes yet












				


							


			

				
					  
							

		

		


					
							

	

	
	        


	

        
      
 

      
      

      
    
 

    
  
 

		


		

		
			

			

				

					Lavasoft is the maker of Ad-Aware,
					the world's most popular anti-malware 
					software with over 450 million 
					downloads.
				

				

					© 2026 Lavasoft. All rights reserved.

					Terms Of Use |   Privacy Policy
					


								

			


		

		


	

	
	

	

		x
		
Our best antivirus yet!

		
Fresh new look. Faster scanning. Better protection.

		

			
Enjoy unique new features, lightning fast scans and a simple yet beautiful new look in our best antivirus yet!

			
For a quicker, lighter and more secure experience, download the all new adaware antivirus 12 now!

			
			Download adaware antivirus 12
		

		No thanks, continue to lavasoft.com
	

	

		

			close x
			
Discover the new adaware antivirus 12

			
Our best antivirus yet

			Download Now