Gen.Variant.MSILPerseus.28969_2644b0af71

by malwarelabrobot on July 6th, 2017 in Malware Descriptions.

Gen:Variant.MSILPerseus.28969 (BitDefender), Trojan:MSIL/CoinMiner.C (Microsoft), Trojan.Win32.Generic!BT (VIPRE), Tool.BtcMine.104 (DrWeb), Gen:Variant.MSILPerseus.28969 (B) (Emsisoft), Dropper-FDH (McAfee), SecurityRisk.Gen (Symantec), Trojan.MSIL.CoinMiner (Ikarus), Gen:Variant.MSILPerseus.28969 (FSecure), Win32:Malware-gen (AVG), Win32:Malware-gen (Avast), TROJ_SPNR.0BFI14 (TrendMicro), Gen:Variant.MSILPerseus.28969 (AdAware), PUP.Win32.BitcoinMiner.FD, GenericInjector.YR (Lavasoft MAS)
Behaviour: Trojan, PUP, Malware


The description has been automatically generated by Lavasoft Malware Analysis System and it may contain incomplete or inaccurate information.

Requires JavaScript enabled!

Summary
Dynamic Analysis
Static Analysis
Network Activity
Map
Strings from Dumps
Removals

MD5: 2644b0af71b2deec5fd5aa288d2e72f9
SHA1: 59903f032c8bce56c7820cbe9e7723c70b1fc10a
SHA256: 9d1b4ff1b8c0ff53556c672fc5895d4549bd011aef45033a2cfaff6554e7ef95
SSDeep: 24576:u7qYSB 7SPgeqQiPM4ZeW0RSfYwBaVlnYiv84YgRD9zr6Pyr/JnUEaha CoTxYZW:u7QY7SY3M4ZeWxIznZHD9zdrJnUIoTsK
Size: 1461760 bytes
File type: EXE
Platform: WIN32
Entropy: Packed
PEID: MicrosoftVisualC, NETexecutable, UPolyXv05_v6
Company: no certificate found
Created at: 2013-05-23 23:42:38
Analyzed on: Windows7 SP1 32-bit


Summary:

Trojan. A program that appears to do one thing but actually does another (a.k.a. Trojan Horse).

Payload

No specific payload has been found.

Process activity

The Trojan creates the following process(es):
No processes have been created.
The Trojan injects its code into the following process(es):

vbc.exe:3828
%original file name%.exe:3668

Mutexes

The following mutexes were created/opened:
No objects were found.

File activity

The process %original file name%.exe:3668 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

C:\Users\"%CurrentUserName%"\AppData\Local\Temp\tmpFA26.tmp.exe (1 bytes)

The Trojan deletes the following file(s):

C:\Users\"%CurrentUserName%"\AppData\Local\Temp\tmpFA26.tmp (0 bytes)

Registry activity

The process vbc.exe:3828 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Tracing\vbc_RASMANCS]
"ConsoleTracingMask" = "4294901760"
"EnableConsoleTracing" = "0"
"FileTracingMask" = "4294901760"

[HKLM\SOFTWARE\Microsoft\Tracing\vbc_RASAPI32]
"FileDirectory" = "%windir%\tracing"
"MaxFileSize" = "1048576"

[HKLM\SOFTWARE\Microsoft\Tracing\vbc_RASMANCS]
"MaxFileSize" = "1048576"

[HKLM\SOFTWARE\Microsoft\Tracing\vbc_RASAPI32]
"EnableConsoleTracing" = "0"
"FileTracingMask" = "4294901760"
"ConsoleTracingMask" = "4294901760"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"AutoDetect" = "1"

[HKLM\SOFTWARE\Microsoft\Tracing\vbc_RASMANCS]
"EnableFileTracing" = "0"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "0"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "46 00 00 00 3E 00 00 00 09 00 00 00 00 00 00 00"

[HKLM\SOFTWARE\Microsoft\Tracing\vbc_RASMANCS]
"FileDirectory" = "%windir%\tracing"

[HKLM\SOFTWARE\Microsoft\Tracing\vbc_RASAPI32]
"EnableFileTracing" = "0"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The Trojan deletes the following value(s) in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyOverride"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyServer"
"AutoConfigURL"

The process %original file name%.exe:3668 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Tracing\2644b0af71b2deec5fd5aa288d2e72f9_RASMANCS]
"EnableConsoleTracing" = "0"

[HKLM\SOFTWARE\Microsoft\Tracing\2644b0af71b2deec5fd5aa288d2e72f9_RASAPI32]
"EnableFileTracing" = "0"

"EnableConsoleTracing" = "0"
"MaxFileSize" = "1048576"

[HKLM\SOFTWARE\Microsoft\Tracing\2644b0af71b2deec5fd5aa288d2e72f9_RASMANCS]
"FileTracingMask" = "4294901760"
"MaxFileSize" = "1048576"
"ConsoleTracingMask" = "4294901760"

[HKLM\SOFTWARE\Microsoft\Tracing\2644b0af71b2deec5fd5aa288d2e72f9_RASAPI32]
"FileTracingMask" = "4294901760"

[HKLM\SOFTWARE\Microsoft\Tracing\2644b0af71b2deec5fd5aa288d2e72f9_RASMANCS]
"FileDirectory" = "%windir%\tracing"

[HKLM\SOFTWARE\Microsoft\Tracing\2644b0af71b2deec5fd5aa288d2e72f9_RASAPI32]
"ConsoleTracingMask" = "4294901760"
"FileDirectory" = "%windir%\tracing"

[HKLM\SOFTWARE\Microsoft\Tracing\2644b0af71b2deec5fd5aa288d2e72f9_RASMANCS]
"EnableFileTracing" = "0"

To automatically run itself each time Windows is booted, the Trojan adds the following link to its file to the system registry autorun key:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Live Messenger.exe" = "C:\Users\"%CurrentUserName%"\AppData\Local\Temp\tmpFA26.tmp.exe"

Dropped PE files

There are no dropped PE files.

HOSTS file anomalies

No changes have been detected.

Rootkit activity

No anomalies have been detected.

Propagation

VersionInfo

Company Name:
Product Name: AspNetUp
Product Version: 1.0.0.0
Legal Copyright: Copyright (c) AspNetUp 2013
Legal Trademarks:
Original Filename: AspNetUp.exe
Internal Name: AspNetUp.exe
File Version: 1.0.0.0
File Description: AspNetUp
Comments:
Language: Language Neutral

PE Sections

Name Virtual Address Virtual Size Raw Size Entropy Section MD5
.text 8192 1459130 1459200 5.51601 aa5608eccacae3f464f61ce1daecc51e
.rsrc 1474560 1346 1536 2.74494 50fc6bbbf24be9651aa3f5957eab6595
.reloc 1482752 12 512 0.070639 40415a1f04da6ad5304bf47b89abb8fa

Dropped from:

Downloaded by:

Similar by SSDeep:

Similar by Lavasoft Polymorphic Checker:

Total found: 1
91577c97d236ff910de3fb7172371085

URLs

URL IP
hxxp://edge-block-www-fra.dropbox-dns.com/FileToDownload.exe
hxxp://dl.dropbox.com/FileToDownload.exe 162.125.66.6
mining.eligius.st 107.170.221.41


IDS verdicts (Suricata alerts: Emerging Threats ET ruleset)

Traffic

GET /FileToDownload.exe HTTP/1.1
Host: dl.dropbox.com
Connection: Keep-Alive


HTTP/1.1 404 Not Found
Server: nginx
Date: Wed, 05 Jul 2017 13:33:01 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
X-Dropbox-Request-Id: f152932928b5cfd8a2a9ebb4c9e5370d
X-Robots-Tag: noindex, nofollow, noimageindex
461..<!DOCTYPE html>.<html>.<head><meta http-equi
v="Content-Type" content="text/html; charset=utf-8">.<title>D
ropbox - 404</title>.<link href="hXXps://cfl.dropboxstatic.co
m/static/css/error.css" rel="stylesheet" type="text/css"/>.<link
 rel="shortcut icon" href="hXXps://cfl.dropboxstatic.com/static/images
/favicon.ico"/>..</head>.<body>.<div class="figure"&
gt;.<img src="hXXps://cfl.dropboxstatic.com/static/images/psychobox
.png" alt="Error: 404"/>.</div>.<div id="errorbox">.<
;div class="not-found"> <h1>Error (404)</h1> We can't f
ind the page you're looking for. <div class="not-found--links"> 
Here are a few links that may be helpful: <ul> <li><a h
ref="hXXps://VVV.dropbox.com/home?_tk=fof">Home</a></li>
; <li><a href="hXXps://VVV.dropbox.com/help?_tk=fof">Help 
center</a></li> <li><a href="hXXps://VVV.dropbox.
com/login?_tk=fof">Sign in</a></li> <li><a hre
f="hXXps://VVV.dropbox.com/register?_tk=fof">Get a free account<
/a></li> <li><a href="hXXps://VVV.dropbox.com/plus?_
tk=fof">Dropbox Plus</a></li> <li><a href="htt
ps://VVV.dropbox.com/business?_tk=fof">Dropbox Business</a>&l
t;/li> </ul> </div> </div>.</div>..</bod
y>.</html>...0..HTTP/1.1 404 Not Found..Server: nginx..Date: 
Wed, 05 Jul 2017 13:33:01 GMT..Content-Type: text/html..Transfer-E
<<< skipped >>>

The Trojan connects to the servers at the folowing location(s):

vbc.exe_3828:

.text
`.rdata
@.data
.main
.rsrc
@.bxpck
hXXp://ufasoft.com/coin
hXXp://127.0.0.1:8332
-x type=host:port Use HTTP or SOCKS proxy. Examples: -x http=127.0.0.1:3128, -x socks=127.0.0.1:1080
{-options}
-A user-agent Set custom User-agent string in HTTP header, default: Ufasoft bitcoin miner
-o url in form hXXp://username:password@server.tld:port/path, stratum tcp://server.tld:port, by default hXXp://127.0.0.1:8332
C:\OUT\Release\PDB\coin-miner.pdb
?GetWebClient@BitcoinMiner@Coin@@UAE?AVBitcoinWebClient@2@PAVWorkerThreadBase@2@@Z
?GetWork@BitcoinMiner@Coin@@UAE?AVBitcoinWorkData@2@AAPAVWebClient@Ext@@@Z
?SubmitResult@BitcoinMiner@Coin@@UAE_NAAPAVWebClient@Ext@@ABVBitcoinWorkData@2@@Z
miner.dll
usft_ext.dll
MSVCRT.dll
coin-miner.exe
zcÁ
KERNEL32.DLL
USER32.DLL
EnumChildWindows
kernel32.dll
ntdll.dll
mscoree.dll
.mixcrt
Please contact the application's support team for more information.
- Attempt to initialize the CRT more than once.
- CRT not initialized
- floating point support not loaded
GetProcessWindowStation
operator
KERNEL32.dll
USER32.dll
SHELL32.dll
OLEAUT32.dll
GetProcessHeap
GetCPInfo
GetConsoleOutputCP
EXEPackerHost32.exe
?m_IID@@3RCU_IMAGE_IMPORT_DESCRIPTOR@@C
@.reloc
.\BoxedAppSDK_StaticLib.cpp
BoxedAppSDK_TryCreateProcessForVirtualEXE_AnotherBitnessPartHelper
BoxedAppSDK_AttachMixedBitnessProcessHelper
BoxedAppSDK_EnumVirtualRegKeysA
BoxedAppSDK_EnumVirtualRegKeysW
BoxedAppSDK_ExecuteDotNetApplicationA
BoxedAppSDK_ExecuteDotNetApplicationW
BoxedAppSDK_DeleteVirtualRegKeyByHandle
BoxedAppSDK_DeleteVirtualRegKeyW
BoxedAppSDK_DeleteVirtualRegKeyA
BoxedAppSDK_CreateVirtualRegKeyW
BoxedAppSDK_CreateVirtualRegKeyA
C62E2B35-E4B3-4019-A7C4-F50AC7F78470
Get exe dir...
Get exe dir...done
Get the extension...done
Get current dir...done
Get old args...done
The command line overriding: %s
GetCommandLineW preparing to intercept...done
GetCommandLineA preparing to intercept...done
The embedding BoxedApp into child processes: %s
GetWindowsDirectoryW
RegCreateKeyExW
RegDeleteKeyW
RegCloseKey
ADVAPI32.dll
ole32.dll
EXEPackerStub32.dll
d:\build_area\boxedapp_src\src\boxedappsolution\exepackerstub\!output\exepackerstub32\release_full\EXEPackerStub32.pdb
l$D9.tO
FTPSW
u$D
<p.uH
TryCreateProcessForVirtualEXE, template exe found:
CBoxedAppCore::My_NtDeleteKey, KeyHandle = 0x
CBoxedAppCore::My_NtEnumerateValueKey, KeyHandle = 0x
CBoxedAppCore::My_NtFlushKey, KeyHandle = 0x
CBoxedAppCore::My_NtNotifyChangeKey, KeyHandle = 0x
CBoxedAppCore::My_NtQueryKey, KeyHandle =
CBoxedAppCore::My_NtQueryMultipleValueKey, KeyHandle =
CBoxedAppCore::My_NtSetInformationKey, KeyHandle = 0x
KernelBase.dll
0x%x%x
CBoxedAppCore::My_NtCreateKey, ObjectAttributes = '
CBoxedAppCore::My_NtDeleteValueKey, KeyHandle = 0x
CBoxedAppCore::My_NtLoadKey, DestinationKeyName = '
CBoxedAppCore::My_NtQueryValueKey, KeyHandle = 0x
CBoxedAppCore::My_NtReplaceKey, BackupHiveFileName = '
CBoxedAppCore::My_NtSetValueKey, KeyHandle = 0x
CBoxedAppCore::My_NtUnloadKey, DestinationKeyName = '
CBoxedAppCore::My_NtRenameKey, KeyHandle =
BoxedAppSDK::CBoxedAppCore::TryCreateProcessForVirtualEXE_AnotherBitnessPart
: Can't create process of rundll32.exe, last error =
{4F95F74C-9713-4181-ACDD-8A50195FBC0F}
BoxedAppSDK::CBoxedAppCore::AttachToProcess_WithProcessHelper
BoxedAppSDK::CBoxedAppCore::AttachMixedBitnessProcessHelper
CBoxedAppCore::My_NtLoadKey2, DestinationKeyName = '
CBoxedAppCore::My_NtRestoreKey, KeyHandle = 0x
CBoxedAppCore::My_NtSaveKey, KeyHandle = 0x
:\VirtualDllWithSameImport.dll
:\VirtualDllWithTls.dll
VirtualDllWithTls.dll
VirtualDllWithSameImport.dll
WinExec
advapi32.dll
NtRenameKey
NtUnloadKey
NtSetValueKey
NtSetInformationKey
NtSaveKey
NtRestoreKey
NtReplaceKey
NtQueryValueKey
NtQueryMultipleValueKey
NtQueryKey
NtOpenKeyEx
NtOpenKey
NtNotifyChangeKey
NtLoadKey2
NtLoadKey
NtFlushKey
NtEnumerateValueKey
NtEnumerateKey
NtDeleteValueKey
NtDeleteKey
NtCreateKey
[BOXEDAPP][pid:%d][tid:%d][ %.2d:%.2d:%.2d.%.3d]
FILE_EXECUTE
GENERIC_EXECUTE
KEY_WOW64_64KEY
KEY_WOW64_32KEY
KEY_NOTIFY
KEY_CREATE_LINK
KEY_ENUMERATE_SUB_KEYS
KEY_CREATE_SUB_KEY
KEY_SET_VALUE
KEY_QUERY_VALUE
SECTION_MAP_EXECUTE
PAGE_EXECUTE_WRITECOPY
PAGE_EXECUTE_READWRITE
PAGE_EXECUTE_READ
PAGE_EXECUTE
STATUS_PRIMARY_TRANSPORT_CONNECT_FAILED
STATUS_LOCAL_USER_SESSION_KEY
STATUS_NULL_LM_PASSWORD
STATUS_IMAGE_MACHINE_TYPE_MISMATCH_EXE
STATUS_CARDBUS_NOT_SUPPORTED
STATUS_INVALID_PORT_ATTRIBUTES
STATUS_PORT_MESSAGE_TOO_LONG
STATUS_PORT_DISCONNECTED
STATUS_PORT_CONNECTION_REFUSED
STATUS_INVALID_PORT_HANDLE
STATUS_PORT_ALREADY_SET
STATUS_EAS_NOT_SUPPORTED
STATUS_CTL_FILE_NOT_SUPPORTED
STATUS_WRONG_PASSWORD
STATUS_ILL_FORMED_PASSWORD
STATUS_PASSWORD_RESTRICTION
STATUS_PASSWORD_EXPIRED
STATUS_FLOAT_DENORMAL_OPERAND
STATUS_FLOAT_INVALID_OPERATION
STATUS_PIPE_NOT_AVAILABLE
STATUS_INVALID_PIPE_STATE
STATUS_PIPE_BUSY
STATUS_PIPE_DISCONNECTED
STATUS_PIPE_CLOSING
STATUS_PIPE_CONNECTED
STATUS_PIPE_LISTENING
STATUS_NOT_SUPPORTED
STATUS_PIPE_EMPTY
STATUS_WRONG_PASSWORD_CORE
STATUS_PIPE_BROKEN
STATUS_DISK_OPERATION_FAILED
STATUS_KEY_DELETED
STATUS_KEY_HAS_CHILDREN
STATUS_NO_USER_SESSION_KEY
STATUS_PASSWORD_MUST_CHANGE
STATUS_PORT_UNREACHABLE
STATUS_LOGIN_TIME_RESTRICTION
STATUS_LOGIN_WKSTA_RESTRICTION
STATUS_UNSUPPORTED_COMPRESSION
STATUS_NO_USER_KEYS
STATUS_NOT_EXPORT_FORMAT
STATUS_TRANSPORT_FULL
STATUS_WMI_NOT_SUPPORTED
STATUS_SAM_NEED_BOOTKEY_PASSWORD
STATUS_SAM_NEED_BOOTKEY_FLOPPY
STATUS_STRONG_CRYPTO_NOT_SUPPORTED
STATUS_NOT_SUPPORTED_ON_SBS
STATUS_CSS_KEY_NOT_PRESENT
STATUS_CSS_KEY_NOT_ESTABLISHED
STATUS_NO_KERB_KEY
STATUS_UNSUPPORTED_PREAUTH
STATUS_PORT_NOT_SET
STATUS_INVALID_IMPORT_OF_NON_DLL
STATUS_SMARTCARD_NO_KEY_CONTAINER
STATUS_SMARTCARD_NO_CERTIFICATE
STATUS_SMARTCARD_NO_KEYSET
STATUS_SMARTCARD_CERT_REVOKED
STATUS_SMARTCARD_CERT_EXPIRED
STATUS_SXS_KEY_NOT_FOUND
STATUS_CLUSTER_JOIN_IN_PROGRESS
STATUS_CLUSTER_JOIN_NOT_IN_PROGRESS
RegDeleteKeyExW
NtRequestWaitReplyPort
NtConnectPort
NtReplyPort
NtCompleteConnectPort
NtAcceptConnectPort
NtReplyWaitReceivePort
NtCreateWaitablePort
Imported function,
.data
.idata
It's impossible to create virtual file: parent file is virtual, but passed pBehavior is not NULL
It's impossible to create virtual file: passed pBehavior doesn't support Behavior::IVirtualFileStream
It's impossible to create virtual file: parent node is virtual, but passed pBehavior is not NULL
BoxedAppSDK::Registry::Impl::CRegistry::GetAllChildsKeys
NtEnumerateKey() returned unexpected error, status =
, RegTree::IEnumKeyNode::GetNext() failed, hr =
BoxedAppSDK::Registry::Impl::CRegistry::EnumVirtualRegKeys
, RegTree::IKeyNode::EnumKeys() failed, hr =
: RegTree::IEnumKeyNode::GetNext() failed, hr =
: GetAllChildsKeys() failed, status =
BoxedAppSDK::Registry::Impl::CRegistry::NtQueryKeyInternal
: RegTree::IKeyNode::EnumKeys() failed, hr =
BoxedAppSDK::Registry::Impl::CRegistry::GetFullRegKeyPath
error, IVirtualKeyHandle_GetFullPath() returned
Invalid key information class:
KeySetHandleTagsInformation is not supported for virtual handle
KeySetDebugInformation is not supported for virtual handle
KeySetVirtualizationInformation is not supported for virtual handle
KeyControlFlagsInformation is not supported for virtual handle
KeyWow64FlagsInformation is not supported for virtual handle
We still don't process NtQueryObject / ObjectBasicInformation for virtual key handles
We still don't process NtQueryObject / ObjectTypeInformation for virtual key handles
: IVirtualKeyHandle::Rename() failed, hr =
: RegTree::IKeyNode::Remove() failed, hr =
BoxedAppSDK::Registry::Impl::CRegistry::NtRenameKeyInternal
: RegTree::IKeyNode::AddKey() failed, hr =
: result hkey =
: IVirtualKey::CreateKey() failed, hr =
: we can't create a virtual key with its own behavior under another virtual key
: Handles::CreateVirtualKeyHandle() failed, hr =
: IVirtualKey::OpenKey() failed, hr =
: RegImpl::CreateKeyOnSharedMem() failed, hr =
: GetFullRegKeyPath() failed for the hKey =
: Handles::IVirtualKeyHandle::CreateKey() failed and returned
: passed pBehavior is not NULL, but parent key is virtual, so we can't create a key
BoxedAppSDK::Registry::Impl::CRegistry::CreateVirtualRegKey
: lpSubKey: "
BoxedAppSDK::Registry::Impl::CRegistry::SearchStartingFromRealKey
: Handles::CreateVirtualKeyHandle() failed
BoxedAppSDK::Registry::Impl::CRegistry::NtCreateKeyInternal
: SearchStartingFromRealKey() failed
: RegTree::IKeyNode::FindValue() failed, hr =
BoxedAppSDK::Registry::Impl::CRegistry::NtDeleteValueKeyInternal
: IVirtualKeyHandle::put_Value() failed, hr =
BoxedAppSDK::Registry::Impl::CRegistry::GetRealKeyLastWriteTime
: NtQueryKey() failed, status =
: NtOpenKey() failed, hr =
BoxedAppSDK::Registry::Impl::CRegistry::HasRealKeySubKeys
: NtEnumerateValueKey() failed when we tried to get name of the node, status =
: IKeyNode::EnumValues() failed, hr =
: Behavior::IVirtualKeyHandle::EnumKeys() failed, hr =
: Behavior::IVirtualKeyHandle::EnumValues() failed, hr =
BoxedAppSDK::Registry::Impl::CRegistry::NtEnumerateValueKeyInternal
BoxedAppSDK::Registry::Impl::CRegistry::NtOpenKeyInternal
: invalid KeyInformationClass passed:
: IVirtualKeyHandle_GetFullPath() failed, hr =
: Behavior::IEnumVirtualKey::GetNext() failed, hr =
: IVirtualKeyHandle::EnumValues() failed, hr =
: IVirtualKeyHandle::EnumKeys() failed, hr =
: IVirtualKeyHandle::get_LastWriteTime() failed, hr =
reg:NtQueryMultipleValueKey(
: IKeyNode::FindValue() failed, hr =
: IVirtualKeyHandle::get_Value() failed, hr =
BoxedAppSDK::Registry::Impl::CRegistry::NtQueryValueKeyInternal
: IVirtualKeyHandle::get_ValueType() failed, hr =
reg:NtSetInformationKey(
RegTree::IKeyNode::RemoveValue() failed, hr
BoxedAppSDK::Registry::Impl::CRegistry::NtSetValueKeyInternal
reg:NtRenameKey(
RegTree::IEnumKeyNode::GetNext(), hr =
RegTree::IKeyNode::EnumKeys(), hr =
: IEnumVirtualKey::GetNext() failed, hr =
BoxedAppSDK::Registry::Impl::CRegistry::NtDeleteKeyInternal
reg:NtDeleteValueKey(
: NtEnumerateKey() failed when we tried to get name of the node, status =
, Behavior::IVirtualKeyHandle::get_Prop() failed, hr =
, Behavior::IVirtualKey::OpenKey() failed, hr =
: IKeyNode::EnumKeys() failed, hr =
BoxedAppSDK::Registry::Impl::CRegistry::NtEnumerateKeyInternal
reg:NtEnumerateValueKey(
reg:NtQueryKey(
reg:NtQueryValueKey(
reg:NtSetValueKey(
reg:NtCreateKey(
reg:NtDeleteKey(
reg:NtEnumerateKey(
reg:NtOpenKey(
RegOpenKeyExW
RegOpenKeyW
bxsdk32.dll
d:\build_area\boxedapp_src\src\boxedappsolution\release_full\bxsdk32.pdb
`.rsrc
v2.0.50727
BoxedAppSDK_AppDomainManager.dll
System.Security
.ctor
System.Security.Policy
System.Reflection
System.Runtime.InteropServices
System.Diagnostics
System.Runtime.CompilerServices
System.Collections
System.Security.Permissions
System.IO
DllImportAttribute
shell32.dll
lpCmdLine
1.0.0.0
$87cd9ac9-2a94-4a9b-aee1-8d25d6a19f78
D:\build_area\boxedapp_src\src\BoxedAppSolution\DotNetAppDomainManager\obj\x86\Release_Full\BoxedAppSDK_AppDomainManager.pdb
BoxedAppSDKThunk32.dll
d:\build_area\boxedapp_src\src\boxedappsolution\release_full\BoxedAppSDKThunk32.pdb
.reloc
TLSSupport32.dll
d:\build_area\boxedapp_src\src\boxedappsolution\release_full\TLSSupport32.pdb
9 9$9(9,909
4!40484}4
:$:,:5:::{:
?#?2?9?@?
1 1$1(1,1014181
9$=(=,=0=4=8=<=@=
6 6$6(6,6064686<6@6
1"26233'4
4 40454:4
:":2:7:>;
,1014181
8 8$8(8,8
Why do most humans not understand their shortcomings? The funny thing with the human brain is it makes everyone arrogant at their core. Sure some may fight it more than others but in every brain there is something telling them, HEY YOU ARE THE MOST IMPORTANT PERSON IN THE WORLD. THE CENTER OF THE UNIVERSE. But we can't all be that, can we? Well perhaps we can, introducing GODria, take 2 pills of this daily and you can be like RealSolid, lord of the universe.
C:\OUT\Release\PDB\coinutil.pdb
coinutil.dll
0 0$0(040@0`0
atiadlxy.dll
atiadlxx.dll
opencl.dll
aticalrt.dll
aticalcl.dll
nvcuda.dll
hXXp://
^(hXXp://)?[^/] (/)?
"host":"([^"] )","port":(\d ),"ttr":(\d )
btc-evergreen.il
btc.il
phatk.cl
phatk.ptx
stratum tcp
mining.submit
mining.set_difficulty
mining.notify
mining.subscribe
mining.authorize
OpenCL.dll
C:\OUT\Release\PDB\miner.pdb
?GetPortNames@SerialPort@Ext@@SG?AV?$vector@VString@Ext@@V?$allocator@VString@Ext@@@ExtSTL@@@ExtSTL@@XZ
?Join@String@Ext@@SG?AV12@ABV12@ABV?$vector@VString@Ext@@V?$allocator@VString@Ext@@@ExtSTL@@@ExtSTL@@@Z
WS2_32.dll
?CheckLongPolling@BitcoinMiner@Coin@@QAEXAAVWebClient@Ext@@ABVString@4@1@Z
?GetCurrentUrl@BitcoinMiner@Coin@@AAE?AVString@Ext@@XZ
?SetWebInfo@BitcoinMiner@Coin@@QAEXAAVWebClient@Ext@@@Z
8#8)80878
5 5$5(5,5054585<5@5
9 9$9(9,9094989<9@9
.version 1.4
.target sm_10, map_f64_to_f32
// compiled with C:\DK\CUDA\tk32\v4.0\bin/../open64/lib//be.exe
(Report advisories)
.const .align 4 .b8 K[256] = {152,47,138,66,145,68,55,113,207,251,192,181,165,219,181,233,91,194,86,57,241,17,241,89,164,130,63,146,213,94,28,171,152,170,7,216,1,91,131,18,190,133,49,36,195,125,12,85,116,93,190,114,254,177,222,128,167,6,220,155,116,241,155,193,193,105,155,228,134,71,190,239,198,157,193,15,204,161,12,36,111,44,233,45,170,132,116,74,220,169,176,92,218,136,249,118,82,81,62,152,109,198,49,168,200,39,3,176,199,127,89,191,243,11,224,198,71,145,167,213,81,99,202,6,103,41,41,20,133,10,183,39,56,33,27,46,252,109,44,77,19,13,56,83,84,115,10,101,187,10,106,118,46,201,194,129,133,44,114,146,161,232,191,162,75,102,26,168,112,139,75,194,163,81,108,199,25,232,146,209,36,6,153,214,133,53,14,244,112,160,106,16,22,193,164,25,8,108,55,30,76,119,72,39,181,188,176,52,179,12,28,57,74,170,216,78,79,202,156,91,243,111,46,104,238,130,143,116,111,99,165,120,20,120,200,132,8,2,199,140,250,255,190,144,235,108,80,164,247,163,249,190,242,120,113,198};
.const .align 4 .b8 H[32] = {103,230,9,106,133,174,103,187,114,243,110,60,127,82,14,81,140,104,5,155,171,217,131,31,77,136,8,252,19,205,159,236};
.const .align 4 .b8 L[4] = {162,226,199,152};
.entry _Z6searchjjjjjjjjjjjjjjjjjjjjPj (
.param .u32 __cudaparm__Z6searchjjjjjjjjjjjjjjjjjjjjPj_state0,
.param .u32 __cudaparm__Z6searchjjjjjjjjjjjjjjjjjjjjPj_state1,
.param .u32 __cudaparm__Z6searchjjjjjjjjjjjjjjjjjjjjPj_state2,
.param .u32 __cudaparm__Z6searchjjjjjjjjjjjjjjjjjjjjPj_state3,
.param .u32 __cudaparm__Z6searchjjjjjjjjjjjjjjjjjjjjPj_state4,
.param .u32 __cudaparm__Z6searchjjjjjjjjjjjjjjjjjjjjPj_state5,
.param .u32 __cudaparm__Z6searchjjjjjjjjjjjjjjjjjjjjPj_state6,
.param .u32 __cudaparm__Z6searchjjjjjjjjjjjjjjjjjjjjPj_state7,
.param .u32 __cudaparm__Z6searchjjjjjjjjjjjjjjjjjjjjPj_B1,
.param .u32 __cudaparm__Z6searchjjjjjjjjjjjjjjjjjjjjPj_C1,
.param .u32 __cudaparm__Z6searchjjjjjjjjjjjjjjjjjjjjPj_D1,
.param .u32 __cudaparm__Z6searchjjjjjjjjjjjjjjjjjjjjPj_F1,
.param .u32 __cudaparm__Z6searchjjjjjjjjjjjjjjjjjjjjPj_G1,
.param .u32 __cudaparm__Z6searchjjjjjjjjjjjjjjjjjjjjPj_H1,
.param .u32 __cudaparm__Z6searchjjjjjjjjjjjjjjjjjjjjPj_base,
.param .u32 __cudaparm__Z6searchjjjjjjjjjjjjjjjjjjjjPj_W2,
.param .u32 __cudaparm__Z6searchjjjjjjjjjjjjjjjjjjjjPj_W16,
.param .u32 __cudaparm__Z6searchjjjjjjjjjjjjjjjjjjjjPj_W17,
.param .u32 __cudaparm__Z6searchjjjjjjjjjjjjjjjjjjjjPj_PreVal4,
.param .u32 __cudaparm__Z6searchjjjjjjjjjjjjjjjjjjjjPj_T1,
.param .u32 __cudaparm__Z6searchjjjjjjjjjjjjjjjjjjjjPj_output)
.reg .u16 %rh<4>;
.reg .u32 %r<6303>;
.reg .pred %p<3>;
ld.param.u32
%rh1, %ctaid.x;
mul.wide.u16
ld.const.u32
setp.ne.u32
mul.lo.u32
st.global.u32
u.PPP
t.Ht&Ht
j%Xf;
9whv%S
BUG Report
support@ufasoft.com
SMTP:
.dmp.gz
Do you want to send bug report to development team?
%Y-%m-%d %H:%M:%SZ
%3s %d %d
HTTP/1.1
%4x d:d:d.d
A%%%s.%sI64%c
%%I64%c
^\\\\\?\\([A-Za-z]:.*)
Windows 9x
Windows NT
Windows CE
Windows Native NT
!'()*-._
([^=] )=(.*)
/.cache
TCMALLOC_LARGE_ALLOC_REPORT_THRESHOLD
S:\foreign\tcmalloc\tcmalloc.cc
class = [ %8Iu bytes ] : %8I64u objs; %5.1f MiB; %5.1f cum MiB
PageHeap: %d sizes; %6.1f MiB free; %6.1f MiB unmapped
%6u pages * %6u spans ~ %6.1f MiB; %6.1f MiB cum; unmapped: %6.1f MiB; %6.1f MiB cum
>255 large * %6u spans ~ %6.1f MiB; %6.1f MiB cum; unmapped: %6.1f MiB; %6.1f MiB cum
generic.current_allocated_bytes
generic.heap_size
tcmalloc.slack_bytes
tcmalloc.pageheap_free_bytes
tcmalloc.pageheap_unmapped_bytes
tcmalloc.max_total_thread_cache_bytes
tcmalloc.current_total_thread_cache_bytes
tcmalloc.central
tcmalloc.transfer
tcmalloc.thread
tcmalloc.page
tcmalloc.page_unmapped
tcmalloc.large
tcmalloc.large_unmapped
Windows doesn't implement sbrk!
Check failed: mmap_replacement_.empty(): Only one MMapReplacement is allowed.
Check failed: munmap_replacement_.empty(): Only one MunmapReplacement is allowed.
This malloc implementation does not support sampling.
As of 2005/01/26, only tcmalloc supports sampling, and
heap_v2/%d
This malloc implementation does not support ReadHeapGrowthStackTraces().
As of 2005/09/27, only tcmalloc supports this, and you
S:\foreign\tcmalloc\central_freelist.cc
S:\foreign\tcmalloc\page_heap.cc
S:\foreign\tcmalloc\common.cc
S:\foreign\tcmalloc\stack_trace_table.cc
I64x-I64x %c%c%c%c I64x x:x %-11I64d %s
s:\foreign\tcmalloc\page_heap_allocator.h
%%.%d%c
%d.%d.%d.%d
https
hXXp://host/q?
HTTP/
hXXp://host
^\{.rtf
CCmdTarget
psapi.dll
hXXp://ufasoft.com/
hXXp://ufasoft.com/forum//
ufasoft.com
hXXp://ufasoft.com/cgi-bin/notify.cgi
RegUrl0
RICHED20.DLL
hXXp://ufasoft.com/trac/newticket
hXXp://ufasoft.com
1.2.5
NTDLL.DLL
%s: illegal option -- %c
%s: option requires an argument -- %c
%s: option `%s' is ambiguous
%s: option `--%s' doesn't allow an argument
%s: option `%c%s' doesn't allow an argument
%s: option `%s' requires an argument
%s: unrecognized option `--%s'
%s: unrecognized option `%c%s'
%s: invalid option -- %c
%s: option `-W %s' is ambiguous
%s: option `-W %s' doesn't allow an argument
http=
(socks|http)=([^:] ):(\d )
*.lng
CMDIFrameWnd
CMDIChildWnd
mapi32.dll
COMCTL32.DLL
Afx:%p:%x
Afx:%p:%x:%p:%p:%p
WININET.dll
PSAPI.DLL
VERSION.dll
COMDLG32.dll
COMCTL32.dll
CLSID\{ADB880A6-D8FF-11CF-9377-00AA003B7A11}\InprocServer32
hhctrl.ocx
operand of unlimited repeat could match the empty string
POSIX named classes are supported only within a class
erroffset passed as NULL
POSIX collating elements are not supported
this version of PCRE is compiled without UTF support
PCRE does not support \L, \l, \N{name}, \U, or \u
support for \P, \p, and \X has not been compiled
this version of PCRE is not compiled with Unicode property support
\N is not supported in a class
Error text not found (please report)
%s near '%s'
%s near end of file
unable to decode byte 0x%x
control character 0x%x
invalid Unicode '\uX\uX'
invalid Unicode '\uX'
duplicate object key
unable to open %s: %s
\ux
\ux\ux
deflate 1.2.5 Copyright 1995-2010 Jean-loup Gailly and Mark Adler
inflate 1.2.5 Copyright 1995-2010 Mark Adler
dbghelp.dll
C:\OUT\Release\PDB\usft_ext.pdb
InternetCrackUrlW
HttpOpenRequestW
HttpSendRequestExW
HttpEndRequestW
HttpQueryInfoW
RegEnumKeyExW
RegFlushKey
RegQueryInfoKeyW
ShellExecuteW
RegOpenKeyExA
_pipe
SetWindowsHookExW
UnhookWindowsHookEx
EnumWindows
GetKeyState
CreateDialogIndirectParamW
MsgWaitForMultipleObjects
GetViewportExtEx
GDI32.dll
SHLWAPI.dll
MSVFW32.dll
CreatePipe
ConnectNamedPipe
CreateNamedPipeW
??0CHttpHeader@Ext@@QAE@ABV01@@Z
??0CHttpHeader@Ext@@QAE@XZ
??0CHttpRequest@Ext@@QAE@ABV01@@Z
??0CHttpRequest@Ext@@QAE@XZ
??0CHttpResponse@Ext@@QAE@ABV01@@Z
??0CHttpResponse@Ext@@QAE@XZ
??1CHttpHeader@Ext@@UAE@XZ
??1CHttpRequest@Ext@@UAE@XZ
??1CHttpResponse@Ext@@UAE@XZ
??4CHttpHeader@Ext@@QAEAAV01@ABV01@@Z
??4CHttpRequest@Ext@@QAEAAV01@ABV01@@Z
??4CHttpResponse@Ext@@QAEAAV01@ABV01@@Z
??_7CHttpHeader@Ext@@6B@
??_7CHttpRequest@Ext@@6B@
??_7CHttpResponse@Ext@@6B@
?DefWindowProcW@CWnd@Ext@@MAEJABUtagMSG@@@Z
?FLAGS_tcmalloc_large_alloc_report_threshold@FLAG__namespace_do_not_use_directly_use_DECLARE_int64_instead@@3_JA
?GetAutoURLDetect@CRichEditCtrl@Ext@@QAE_NXZ
?GetEncoding@CHttpHeader@Ext@@QAEPAVEncoding@2@XZ
?GetMessageMap@CAppFrameWnd@Ext@@MBEPBUAFX_MSGMAP@2@XZ
?GetMessageMap@CFrameApp@Ext@@MBEPBUAFX_MSGMAP@2@XZ
?GetMessageMap@CRichEditCtrl@Ext@@MBEPBUAFX_MSGMAP@2@XZ
?GetNotifyURL@CUpgradeBase@Ext@@UAE?AVString@2@XZ
?GetRandomBaseHttp@CUpgradeBase@Ext@@QAE?AVString@2@XZ
?GetSubKeyNames@RegistryKey@Ext@@QAE?AV?$vector@VString@Ext@@V?$allocator@VString@Ext@@@ExtSTL@@@ExtSTL@@XZ
?GetThisMessageMap@CAppFrameWnd@Ext@@KGPBUAFX_MSGMAP@2@XZ
?GetThisMessageMap@CFrameApp@Ext@@KGPBUAFX_MSGMAP@2@XZ
?GetThisMessageMap@CRichEditCtrl@Ext@@KGPBUAFX_MSGMAP@2@XZ
?Http@CUpgradeBase@Ext@@UAE?AVString@2@XZ
?NotifyRelURL@CUpgradeBase@Ext@@QAEXABVString@2@@Z
?NotifyURL@CUpgradeBase@Ext@@UAEXABVString@2@@Z
?OnBugReport@CFrameApp@Ext@@AAEXXZ
?OnUpdateCmdUI@CStatusBar@Ext@@UAEXPAVCFrameWnd@2@H@Z
?OnUpdateCmdUI@CToolBar@Ext@@UAEXPAVCFrameWnd@2@H@Z
?Parse@CHttpHeader@Ext@@UAEXABV?$vector@VString@Ext@@V?$allocator@VString@Ext@@@ExtSTL@@@ExtSTL@@@Z
?Parse@CHttpRequest@Ext@@UAEXABV?$vector@VString@Ext@@V?$allocator@VString@Ext@@@ExtSTL@@@ExtSTL@@@Z
?Parse@CHttpResponse@Ext@@UAEXABV?$vector@VString@Ext@@V?$allocator@VString@Ext@@@ExtSTL@@@ExtSTL@@@Z
?ParseHeader@CHttpHeader@Ext@@QAE?AVString@2@ABV?$vector@VString@Ext@@V?$allocator@VString@Ext@@@ExtSTL@@@ExtSTL@@_N1@Z
?ParseParams@CHttpRequest@Ext@@IAEXABVString@2@@Z
?PrintFirstLine@CHttpHeader@Ext@@UBEXAAV?$basic_ostream@DU?$char_traits@D@ExtSTL@@@ExtSTL@@@Z
?PrintFirstLine@CHttpRequest@Ext@@UBEXAAV?$basic_ostream@DU?$char_traits@D@ExtSTL@@@ExtSTL@@@Z
?PrintFirstLine@CHttpResponse@Ext@@UBEXAAV?$basic_ostream@DU?$char_traits@D@ExtSTL@@@ExtSTL@@@Z
?QueryDosDeviceW@COperatingSystem@Ext@@SG?AV?$vector@VString@Ext@@V?$allocator@VString@Ext@@@ExtSTL@@@ExtSTL@@ABVString@2@@Z
?ReadHttpHeader@Ext@@YG?AV?$vector@VString@Ext@@V?$allocator@VString@Ext@@@ExtSTL@@@ExtSTL@@ABVStream@1@PAV41@@Z
?SetAutoUrlDetect@CRichEditCtrl@Ext@@QAEX_N@Z
?get_Content@CHttpHeader@Ext@@QAE?AVString@2@XZ
?get_LogicalDriveStrings@COperatingSystem@Ext@@SG?AV?$vector@VString@Ext@@V?$allocator@VString@Ext@@@ExtSTL@@@ExtSTL@@XZ
?get_Params@CHttpRequest@Ext@@QAEAAVNameValueCollection@2@XZ
?get_Version@COperatingSystem@Ext@@SG?AU_OSVERSIONINFOEXW@@XZ
my__report_gsfailure
.?AVRegexExc@Ext@@
.?AVWebExc@Ext@@
3%3U3g3
2!3&3[3`3
8"909[9{9
1"1&1*1_1
0 0$0(0,0004080<0@0
2 2(202<2`2
4 5$5@5`5
This EXE is created by the demo version of BoxedApp Packer
Visit our web-site at: hXXp://boxedapp.com/boxedapppacker/order.html
WBoxedAppLog_%d.txt
BoxedAppVar:ExeFileName
BoxedAppVar:ExeFileExtension
BoxedAppVar:ExeFileNameWithoutExtension
BoxedAppVar:ExeFullPath
BoxedAppVar:OldCmdLine
HKEY_CLASSES_ROOT
HKEY_CURRENT_USER
HKEY_LOCAL_MACHINE
HKEY_CURRENT_CONFIG
HKEY_USERS
%s\%s
%s\winsxs\tempBxDir\virtualAsm
:\tempManifest.manifest
%s_%.8x_%.8x_%.8x
\KernelBase.dll
\.NETFramework\assembly\GAC\BoxedAppSDK_AppDomainManager\1.0.0.0__ef07ce3257ee81c1\BoxedAppSDK_AppDomainManager.dll
\assembly\GAC\BoxedAppSDK_AppDomainManager\1.0.0.0__ef07ce3257ee81c1\BoxedAppSDK_AppDomainManager.dll
%d-%d-%p
:\TLSSupport310D39B571B74d36B95451DD240D8758
",BoxedAppSDK_TryCreateProcessForVirtualEXE_AnotherBitnessPartHelper
\rundll32.exe"
DotNetAppDomainManager.CManagedHost
BoxedAppSDK_AppDomainManager, Version=1.0.0.0, Culture=neutral, PublicKeyToken=ef07ce3257ee81c1
DotNetAppDomainManager.CAppDomainManager
.config
.manifest
",BoxedAppSDK_AttachMixedBitnessProcessHelper
Attempt to launch not executable file:
Unable to find appropriate template exe
comdlg32.dll
\dllhost.exe
hh.exe
find.exe
help.exe
winver.exe
regsvr32.exe
dllhost.exe
ntvdm.exe
tcpsvcs.exe
mpr.dll
Wadvapi32.dll
sxs.dll
Obtain a full version, purchase a license at hXXp://boxedapp.com/boxedappsdk/order.html
%s_%.8x_%.8x
%s_%.8x
boxedapp_msg_process
boxedapp_event_newmsg
boxedapp_msg_global
bxsdk64.dll
:\{9019ACD6-BC11-4308-8C49-92E0601DF38D}\temp\
\DosDevices\pipe\
\Device\NamedPipe\
\??\pipe\
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Ports
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\NetworkCards
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Gre_Initialize
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Fonts
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontMapper
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontDpi
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Console
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Telephony\Locations
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\PreviewHandlers
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\KindMap
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\DriveIcons
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Control Panel\Cursors\Schemes
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths
\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates
\REGISTRY\MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates
publicKeyToken
Software\Microsoft\Windows\CurrentVersion\SideBySide\Winners\
!"#$%&'()* ,-./0123456789:;<=>?@
3, 3, 5, 0
BoxedApp, BoxedApp SDK, BoxedApp Packer, BoxedApp.com and some others are trademarks (some of them are registered) of Virtualization Technologies Ltd.
BoxedAppSDK.dll
7.0.13047.0
<BoxedAppVar:OldCmdLine>
<ExeDir>
<ExeDir>\coinutil.dll
File coin-chains.xml not Found or corrupted
<ExeDir>\miner.dll
<ExeDir>\phatk.ptx
<ExeDir>\usft_ext.dll
?DbgHelp.dll
urlmon.dll
wininet.dll
{lX-X-X-XX-XXXXXX}
File%d
NTDLL.dll
789:;<=>?
Operation now in progress
Operation already in progress
Socket operation on non-socket
Protocol not supported
Socket type not supported
Operation not supported
Protocol family not supported
Address family not supported by protocol family
WS2_32.DLL version out of range
HTTP error code
VarType not supported
Invalid type for this operation
Unsupported variant type
Name of application key is empty
Encoding not supported
New Unsupported Protocol Verion used
Cannot insert Duplicate Key into Database
Invalid Version Number (only V4 & V5 are supported)
Request rejected because the client program and identd report different user-ids
Server's authentication method does not supported by client
Bad SOCKS Username or Password
SOCKS Method not supported
Invalid HTTP request
SOCKS command not supported
AddressTypeNotSupported
All Files (*.*)
No error message is available.#Attempted an unsupported operation.$A required resource was unavailable.
Command failed.)Insufficient memory to perform operation.PSystem registry entries have been removed and the INI file (if any) was deleted.BNot all of the system registry entries (or INI file) were removed.FThis program requires the file %s, which was not found on this system.tThis program is linked to the missing export %s in the file %s. This machine may have an incompatible version of %s.
6The file is not supported by a Document Object server.A%1
Destination disk drive is full.5Unable to read from %1, it is opened by someone else.AUnable to write to %1, it is read-only or opened by someone else.1Encountered an unexpected error while reading %1.1Encountered an unexpected error while writing %1.
Linked %s
#Unable to load mail system support.
Note that if you choose to recover the auto-saved documents, you must explicitly save them to overwrite the original documents. If you choose to not recover the auto-saved versions, they will be deleted.fRecover the auto-saved documents
%s [Recovered]

vbc.exe_3828_rwx_00400000_00245000:

.text
`.rdata
@.data
.main
.rsrc
@.bxpck
hXXp://ufasoft.com/coin
hXXp://127.0.0.1:8332
-x type=host:port Use HTTP or SOCKS proxy. Examples: -x http=127.0.0.1:3128, -x socks=127.0.0.1:1080
{-options}
-A user-agent Set custom User-agent string in HTTP header, default: Ufasoft bitcoin miner
-o url in form hXXp://username:password@server.tld:port/path, stratum tcp://server.tld:port, by default hXXp://127.0.0.1:8332
C:\OUT\Release\PDB\coin-miner.pdb
?GetWebClient@BitcoinMiner@Coin@@UAE?AVBitcoinWebClient@2@PAVWorkerThreadBase@2@@Z
?GetWork@BitcoinMiner@Coin@@UAE?AVBitcoinWorkData@2@AAPAVWebClient@Ext@@@Z
?SubmitResult@BitcoinMiner@Coin@@UAE_NAAPAVWebClient@Ext@@ABVBitcoinWorkData@2@@Z
miner.dll
usft_ext.dll
MSVCRT.dll
coin-miner.exe
zcÁ
KERNEL32.DLL
USER32.DLL
EnumChildWindows
kernel32.dll
ntdll.dll
mscoree.dll
.mixcrt
Please contact the application's support team for more information.
- Attempt to initialize the CRT more than once.
- CRT not initialized
- floating point support not loaded
GetProcessWindowStation
operator
KERNEL32.dll
USER32.dll
SHELL32.dll
OLEAUT32.dll
GetProcessHeap
GetCPInfo
GetConsoleOutputCP
EXEPackerHost32.exe
?m_IID@@3RCU_IMAGE_IMPORT_DESCRIPTOR@@C
@.reloc
.\BoxedAppSDK_StaticLib.cpp
BoxedAppSDK_TryCreateProcessForVirtualEXE_AnotherBitnessPartHelper
BoxedAppSDK_AttachMixedBitnessProcessHelper
BoxedAppSDK_EnumVirtualRegKeysA
BoxedAppSDK_EnumVirtualRegKeysW
BoxedAppSDK_ExecuteDotNetApplicationA
BoxedAppSDK_ExecuteDotNetApplicationW
BoxedAppSDK_DeleteVirtualRegKeyByHandle
BoxedAppSDK_DeleteVirtualRegKeyW
BoxedAppSDK_DeleteVirtualRegKeyA
BoxedAppSDK_CreateVirtualRegKeyW
BoxedAppSDK_CreateVirtualRegKeyA
C62E2B35-E4B3-4019-A7C4-F50AC7F78470
Get exe dir...
Get exe dir...done
Get the extension...done
Get current dir...done
Get old args...done
The command line overriding: %s
GetCommandLineW preparing to intercept...done
GetCommandLineA preparing to intercept...done
The embedding BoxedApp into child processes: %s
GetWindowsDirectoryW
RegCreateKeyExW
RegDeleteKeyW
RegCloseKey
ADVAPI32.dll
ole32.dll
EXEPackerStub32.dll
d:\build_area\boxedapp_src\src\boxedappsolution\exepackerstub\!output\exepackerstub32\release_full\EXEPackerStub32.pdb
l$D9.tO
FTPSW
u$D
<p.uH
TryCreateProcessForVirtualEXE, template exe found:
CBoxedAppCore::My_NtDeleteKey, KeyHandle = 0x
CBoxedAppCore::My_NtEnumerateValueKey, KeyHandle = 0x
CBoxedAppCore::My_NtFlushKey, KeyHandle = 0x
CBoxedAppCore::My_NtNotifyChangeKey, KeyHandle = 0x
CBoxedAppCore::My_NtQueryKey, KeyHandle =
CBoxedAppCore::My_NtQueryMultipleValueKey, KeyHandle =
CBoxedAppCore::My_NtSetInformationKey, KeyHandle = 0x
KernelBase.dll
0x%x%x
CBoxedAppCore::My_NtCreateKey, ObjectAttributes = '
CBoxedAppCore::My_NtDeleteValueKey, KeyHandle = 0x
CBoxedAppCore::My_NtLoadKey, DestinationKeyName = '
CBoxedAppCore::My_NtQueryValueKey, KeyHandle = 0x
CBoxedAppCore::My_NtReplaceKey, BackupHiveFileName = '
CBoxedAppCore::My_NtSetValueKey, KeyHandle = 0x
CBoxedAppCore::My_NtUnloadKey, DestinationKeyName = '
CBoxedAppCore::My_NtRenameKey, KeyHandle =
BoxedAppSDK::CBoxedAppCore::TryCreateProcessForVirtualEXE_AnotherBitnessPart
: Can't create process of rundll32.exe, last error =
{4F95F74C-9713-4181-ACDD-8A50195FBC0F}
BoxedAppSDK::CBoxedAppCore::AttachToProcess_WithProcessHelper
BoxedAppSDK::CBoxedAppCore::AttachMixedBitnessProcessHelper
CBoxedAppCore::My_NtLoadKey2, DestinationKeyName = '
CBoxedAppCore::My_NtRestoreKey, KeyHandle = 0x
CBoxedAppCore::My_NtSaveKey, KeyHandle = 0x
:\VirtualDllWithSameImport.dll
:\VirtualDllWithTls.dll
VirtualDllWithTls.dll
VirtualDllWithSameImport.dll
WinExec
advapi32.dll
NtRenameKey
NtUnloadKey
NtSetValueKey
NtSetInformationKey
NtSaveKey
NtRestoreKey
NtReplaceKey
NtQueryValueKey
NtQueryMultipleValueKey
NtQueryKey
NtOpenKeyEx
NtOpenKey
NtNotifyChangeKey
NtLoadKey2
NtLoadKey
NtFlushKey
NtEnumerateValueKey
NtEnumerateKey
NtDeleteValueKey
NtDeleteKey
NtCreateKey
[BOXEDAPP][pid:%d][tid:%d][ %.2d:%.2d:%.2d.%.3d]
FILE_EXECUTE
GENERIC_EXECUTE
KEY_WOW64_64KEY
KEY_WOW64_32KEY
KEY_NOTIFY
KEY_CREATE_LINK
KEY_ENUMERATE_SUB_KEYS
KEY_CREATE_SUB_KEY
KEY_SET_VALUE
KEY_QUERY_VALUE
SECTION_MAP_EXECUTE
PAGE_EXECUTE_WRITECOPY
PAGE_EXECUTE_READWRITE
PAGE_EXECUTE_READ
PAGE_EXECUTE
STATUS_PRIMARY_TRANSPORT_CONNECT_FAILED
STATUS_LOCAL_USER_SESSION_KEY
STATUS_NULL_LM_PASSWORD
STATUS_IMAGE_MACHINE_TYPE_MISMATCH_EXE
STATUS_CARDBUS_NOT_SUPPORTED
STATUS_INVALID_PORT_ATTRIBUTES
STATUS_PORT_MESSAGE_TOO_LONG
STATUS_PORT_DISCONNECTED
STATUS_PORT_CONNECTION_REFUSED
STATUS_INVALID_PORT_HANDLE
STATUS_PORT_ALREADY_SET
STATUS_EAS_NOT_SUPPORTED
STATUS_CTL_FILE_NOT_SUPPORTED
STATUS_WRONG_PASSWORD
STATUS_ILL_FORMED_PASSWORD
STATUS_PASSWORD_RESTRICTION
STATUS_PASSWORD_EXPIRED
STATUS_FLOAT_DENORMAL_OPERAND
STATUS_FLOAT_INVALID_OPERATION
STATUS_PIPE_NOT_AVAILABLE
STATUS_INVALID_PIPE_STATE
STATUS_PIPE_BUSY
STATUS_PIPE_DISCONNECTED
STATUS_PIPE_CLOSING
STATUS_PIPE_CONNECTED
STATUS_PIPE_LISTENING
STATUS_NOT_SUPPORTED
STATUS_PIPE_EMPTY
STATUS_WRONG_PASSWORD_CORE
STATUS_PIPE_BROKEN
STATUS_DISK_OPERATION_FAILED
STATUS_KEY_DELETED
STATUS_KEY_HAS_CHILDREN
STATUS_NO_USER_SESSION_KEY
STATUS_PASSWORD_MUST_CHANGE
STATUS_PORT_UNREACHABLE
STATUS_LOGIN_TIME_RESTRICTION
STATUS_LOGIN_WKSTA_RESTRICTION
STATUS_UNSUPPORTED_COMPRESSION
STATUS_NO_USER_KEYS
STATUS_NOT_EXPORT_FORMAT
STATUS_TRANSPORT_FULL
STATUS_WMI_NOT_SUPPORTED
STATUS_SAM_NEED_BOOTKEY_PASSWORD
STATUS_SAM_NEED_BOOTKEY_FLOPPY
STATUS_STRONG_CRYPTO_NOT_SUPPORTED
STATUS_NOT_SUPPORTED_ON_SBS
STATUS_CSS_KEY_NOT_PRESENT
STATUS_CSS_KEY_NOT_ESTABLISHED
STATUS_NO_KERB_KEY
STATUS_UNSUPPORTED_PREAUTH
STATUS_PORT_NOT_SET
STATUS_INVALID_IMPORT_OF_NON_DLL
STATUS_SMARTCARD_NO_KEY_CONTAINER
STATUS_SMARTCARD_NO_CERTIFICATE
STATUS_SMARTCARD_NO_KEYSET
STATUS_SMARTCARD_CERT_REVOKED
STATUS_SMARTCARD_CERT_EXPIRED
STATUS_SXS_KEY_NOT_FOUND
STATUS_CLUSTER_JOIN_IN_PROGRESS
STATUS_CLUSTER_JOIN_NOT_IN_PROGRESS
RegDeleteKeyExW
NtRequestWaitReplyPort
NtConnectPort
NtReplyPort
NtCompleteConnectPort
NtAcceptConnectPort
NtReplyWaitReceivePort
NtCreateWaitablePort
Imported function,
.data
.idata
It's impossible to create virtual file: parent file is virtual, but passed pBehavior is not NULL
It's impossible to create virtual file: passed pBehavior doesn't support Behavior::IVirtualFileStream
It's impossible to create virtual file: parent node is virtual, but passed pBehavior is not NULL
BoxedAppSDK::Registry::Impl::CRegistry::GetAllChildsKeys
NtEnumerateKey() returned unexpected error, status =
, RegTree::IEnumKeyNode::GetNext() failed, hr =
BoxedAppSDK::Registry::Impl::CRegistry::EnumVirtualRegKeys
, RegTree::IKeyNode::EnumKeys() failed, hr =
: RegTree::IEnumKeyNode::GetNext() failed, hr =
: GetAllChildsKeys() failed, status =
BoxedAppSDK::Registry::Impl::CRegistry::NtQueryKeyInternal
: RegTree::IKeyNode::EnumKeys() failed, hr =
BoxedAppSDK::Registry::Impl::CRegistry::GetFullRegKeyPath
error, IVirtualKeyHandle_GetFullPath() returned
Invalid key information class:
KeySetHandleTagsInformation is not supported for virtual handle
KeySetDebugInformation is not supported for virtual handle
KeySetVirtualizationInformation is not supported for virtual handle
KeyControlFlagsInformation is not supported for virtual handle
KeyWow64FlagsInformation is not supported for virtual handle
We still don't process NtQueryObject / ObjectBasicInformation for virtual key handles
We still don't process NtQueryObject / ObjectTypeInformation for virtual key handles
: IVirtualKeyHandle::Rename() failed, hr =
: RegTree::IKeyNode::Remove() failed, hr =
BoxedAppSDK::Registry::Impl::CRegistry::NtRenameKeyInternal
: RegTree::IKeyNode::AddKey() failed, hr =
: result hkey =
: IVirtualKey::CreateKey() failed, hr =
: we can't create a virtual key with its own behavior under another virtual key
: Handles::CreateVirtualKeyHandle() failed, hr =
: IVirtualKey::OpenKey() failed, hr =
: RegImpl::CreateKeyOnSharedMem() failed, hr =
: GetFullRegKeyPath() failed for the hKey =
: Handles::IVirtualKeyHandle::CreateKey() failed and returned
: passed pBehavior is not NULL, but parent key is virtual, so we can't create a key
BoxedAppSDK::Registry::Impl::CRegistry::CreateVirtualRegKey
: lpSubKey: "
BoxedAppSDK::Registry::Impl::CRegistry::SearchStartingFromRealKey
: Handles::CreateVirtualKeyHandle() failed
BoxedAppSDK::Registry::Impl::CRegistry::NtCreateKeyInternal
: SearchStartingFromRealKey() failed
: RegTree::IKeyNode::FindValue() failed, hr =
BoxedAppSDK::Registry::Impl::CRegistry::NtDeleteValueKeyInternal
: IVirtualKeyHandle::put_Value() failed, hr =
BoxedAppSDK::Registry::Impl::CRegistry::GetRealKeyLastWriteTime
: NtQueryKey() failed, status =
: NtOpenKey() failed, hr =
BoxedAppSDK::Registry::Impl::CRegistry::HasRealKeySubKeys
: NtEnumerateValueKey() failed when we tried to get name of the node, status =
: IKeyNode::EnumValues() failed, hr =
: Behavior::IVirtualKeyHandle::EnumKeys() failed, hr =
: Behavior::IVirtualKeyHandle::EnumValues() failed, hr =
BoxedAppSDK::Registry::Impl::CRegistry::NtEnumerateValueKeyInternal
BoxedAppSDK::Registry::Impl::CRegistry::NtOpenKeyInternal
: invalid KeyInformationClass passed:
: IVirtualKeyHandle_GetFullPath() failed, hr =
: Behavior::IEnumVirtualKey::GetNext() failed, hr =
: IVirtualKeyHandle::EnumValues() failed, hr =
: IVirtualKeyHandle::EnumKeys() failed, hr =
: IVirtualKeyHandle::get_LastWriteTime() failed, hr =
reg:NtQueryMultipleValueKey(
: IKeyNode::FindValue() failed, hr =
: IVirtualKeyHandle::get_Value() failed, hr =
BoxedAppSDK::Registry::Impl::CRegistry::NtQueryValueKeyInternal
: IVirtualKeyHandle::get_ValueType() failed, hr =
reg:NtSetInformationKey(
RegTree::IKeyNode::RemoveValue() failed, hr
BoxedAppSDK::Registry::Impl::CRegistry::NtSetValueKeyInternal
reg:NtRenameKey(
RegTree::IEnumKeyNode::GetNext(), hr =
RegTree::IKeyNode::EnumKeys(), hr =
: IEnumVirtualKey::GetNext() failed, hr =
BoxedAppSDK::Registry::Impl::CRegistry::NtDeleteKeyInternal
reg:NtDeleteValueKey(
: NtEnumerateKey() failed when we tried to get name of the node, status =
, Behavior::IVirtualKeyHandle::get_Prop() failed, hr =
, Behavior::IVirtualKey::OpenKey() failed, hr =
: IKeyNode::EnumKeys() failed, hr =
BoxedAppSDK::Registry::Impl::CRegistry::NtEnumerateKeyInternal
reg:NtEnumerateValueKey(
reg:NtQueryKey(
reg:NtQueryValueKey(
reg:NtSetValueKey(
reg:NtCreateKey(
reg:NtDeleteKey(
reg:NtEnumerateKey(
reg:NtOpenKey(
RegOpenKeyExW
RegOpenKeyW
bxsdk32.dll
d:\build_area\boxedapp_src\src\boxedappsolution\release_full\bxsdk32.pdb
`.rsrc
v2.0.50727
BoxedAppSDK_AppDomainManager.dll
System.Security
.ctor
System.Security.Policy
System.Reflection
System.Runtime.InteropServices
System.Diagnostics
System.Runtime.CompilerServices
System.Collections
System.Security.Permissions
System.IO
DllImportAttribute
shell32.dll
lpCmdLine
1.0.0.0
$87cd9ac9-2a94-4a9b-aee1-8d25d6a19f78
D:\build_area\boxedapp_src\src\BoxedAppSolution\DotNetAppDomainManager\obj\x86\Release_Full\BoxedAppSDK_AppDomainManager.pdb
BoxedAppSDKThunk32.dll
d:\build_area\boxedapp_src\src\boxedappsolution\release_full\BoxedAppSDKThunk32.pdb
.reloc
TLSSupport32.dll
d:\build_area\boxedapp_src\src\boxedappsolution\release_full\TLSSupport32.pdb
9 9$9(9,909
4!40484}4
:$:,:5:::{:
?#?2?9?@?
1 1$1(1,1014181
9$=(=,=0=4=8=<=@=
6 6$6(6,6064686<6@6
1"26233'4
4 40454:4
:":2:7:>;
,1014181
8 8$8(8,8
Why do most humans not understand their shortcomings? The funny thing with the human brain is it makes everyone arrogant at their core. Sure some may fight it more than others but in every brain there is something telling them, HEY YOU ARE THE MOST IMPORTANT PERSON IN THE WORLD. THE CENTER OF THE UNIVERSE. But we can't all be that, can we? Well perhaps we can, introducing GODria, take 2 pills of this daily and you can be like RealSolid, lord of the universe.
C:\OUT\Release\PDB\coinutil.pdb
coinutil.dll
0 0$0(040@0`0
atiadlxy.dll
atiadlxx.dll
opencl.dll
aticalrt.dll
aticalcl.dll
nvcuda.dll
hXXp://
^(hXXp://)?[^/] (/)?
"host":"([^"] )","port":(\d ),"ttr":(\d )
btc-evergreen.il
btc.il
phatk.cl
phatk.ptx
stratum tcp
mining.submit
mining.set_difficulty
mining.notify
mining.subscribe
mining.authorize
OpenCL.dll
C:\OUT\Release\PDB\miner.pdb
?GetPortNames@SerialPort@Ext@@SG?AV?$vector@VString@Ext@@V?$allocator@VString@Ext@@@ExtSTL@@@ExtSTL@@XZ
?Join@String@Ext@@SG?AV12@ABV12@ABV?$vector@VString@Ext@@V?$allocator@VString@Ext@@@ExtSTL@@@ExtSTL@@@Z
WS2_32.dll
?CheckLongPolling@BitcoinMiner@Coin@@QAEXAAVWebClient@Ext@@ABVString@4@1@Z
?GetCurrentUrl@BitcoinMiner@Coin@@AAE?AVString@Ext@@XZ
?SetWebInfo@BitcoinMiner@Coin@@QAEXAAVWebClient@Ext@@@Z
8#8)80878
5 5$5(5,5054585<5@5
9 9$9(9,9094989<9@9
.version 1.4
.target sm_10, map_f64_to_f32
// compiled with C:\DK\CUDA\tk32\v4.0\bin/../open64/lib//be.exe
(Report advisories)
.const .align 4 .b8 K[256] = {152,47,138,66,145,68,55,113,207,251,192,181,165,219,181,233,91,194,86,57,241,17,241,89,164,130,63,146,213,94,28,171,152,170,7,216,1,91,131,18,190,133,49,36,195,125,12,85,116,93,190,114,254,177,222,128,167,6,220,155,116,241,155,193,193,105,155,228,134,71,190,239,198,157,193,15,204,161,12,36,111,44,233,45,170,132,116,74,220,169,176,92,218,136,249,118,82,81,62,152,109,198,49,168,200,39,3,176,199,127,89,191,243,11,224,198,71,145,167,213,81,99,202,6,103,41,41,20,133,10,183,39,56,33,27,46,252,109,44,77,19,13,56,83,84,115,10,101,187,10,106,118,46,201,194,129,133,44,114,146,161,232,191,162,75,102,26,168,112,139,75,194,163,81,108,199,25,232,146,209,36,6,153,214,133,53,14,244,112,160,106,16,22,193,164,25,8,108,55,30,76,119,72,39,181,188,176,52,179,12,28,57,74,170,216,78,79,202,156,91,243,111,46,104,238,130,143,116,111,99,165,120,20,120,200,132,8,2,199,140,250,255,190,144,235,108,80,164,247,163,249,190,242,120,113,198};
.const .align 4 .b8 H[32] = {103,230,9,106,133,174,103,187,114,243,110,60,127,82,14,81,140,104,5,155,171,217,131,31,77,136,8,252,19,205,159,236};
.const .align 4 .b8 L[4] = {162,226,199,152};
.entry _Z6searchjjjjjjjjjjjjjjjjjjjjPj (
.param .u32 __cudaparm__Z6searchjjjjjjjjjjjjjjjjjjjjPj_state0,
.param .u32 __cudaparm__Z6searchjjjjjjjjjjjjjjjjjjjjPj_state1,
.param .u32 __cudaparm__Z6searchjjjjjjjjjjjjjjjjjjjjPj_state2,
.param .u32 __cudaparm__Z6searchjjjjjjjjjjjjjjjjjjjjPj_state3,
.param .u32 __cudaparm__Z6searchjjjjjjjjjjjjjjjjjjjjPj_state4,
.param .u32 __cudaparm__Z6searchjjjjjjjjjjjjjjjjjjjjPj_state5,
.param .u32 __cudaparm__Z6searchjjjjjjjjjjjjjjjjjjjjPj_state6,
.param .u32 __cudaparm__Z6searchjjjjjjjjjjjjjjjjjjjjPj_state7,
.param .u32 __cudaparm__Z6searchjjjjjjjjjjjjjjjjjjjjPj_B1,
.param .u32 __cudaparm__Z6searchjjjjjjjjjjjjjjjjjjjjPj_C1,
.param .u32 __cudaparm__Z6searchjjjjjjjjjjjjjjjjjjjjPj_D1,
.param .u32 __cudaparm__Z6searchjjjjjjjjjjjjjjjjjjjjPj_F1,
.param .u32 __cudaparm__Z6searchjjjjjjjjjjjjjjjjjjjjPj_G1,
.param .u32 __cudaparm__Z6searchjjjjjjjjjjjjjjjjjjjjPj_H1,
.param .u32 __cudaparm__Z6searchjjjjjjjjjjjjjjjjjjjjPj_base,
.param .u32 __cudaparm__Z6searchjjjjjjjjjjjjjjjjjjjjPj_W2,
.param .u32 __cudaparm__Z6searchjjjjjjjjjjjjjjjjjjjjPj_W16,
.param .u32 __cudaparm__Z6searchjjjjjjjjjjjjjjjjjjjjPj_W17,
.param .u32 __cudaparm__Z6searchjjjjjjjjjjjjjjjjjjjjPj_PreVal4,
.param .u32 __cudaparm__Z6searchjjjjjjjjjjjjjjjjjjjjPj_T1,
.param .u32 __cudaparm__Z6searchjjjjjjjjjjjjjjjjjjjjPj_output)
.reg .u16 %rh<4>;
.reg .u32 %r<6303>;
.reg .pred %p<3>;
ld.param.u32
%rh1, %ctaid.x;
mul.wide.u16
ld.const.u32
setp.ne.u32
mul.lo.u32
st.global.u32
u.PPP
t.Ht&Ht
j%Xf;
9whv%S
BUG Report
support@ufasoft.com
SMTP:
.dmp.gz
Do you want to send bug report to development team?
%Y-%m-%d %H:%M:%SZ
%3s %d %d
HTTP/1.1
%4x d:d:d.d
A%%%s.%sI64%c
%%I64%c
^\\\\\?\\([A-Za-z]:.*)
Windows 9x
Windows NT
Windows CE
Windows Native NT
!'()*-._
([^=] )=(.*)
/.cache
TCMALLOC_LARGE_ALLOC_REPORT_THRESHOLD
S:\foreign\tcmalloc\tcmalloc.cc
class = [ %8Iu bytes ] : %8I64u objs; %5.1f MiB; %5.1f cum MiB
PageHeap: %d sizes; %6.1f MiB free; %6.1f MiB unmapped
%6u pages * %6u spans ~ %6.1f MiB; %6.1f MiB cum; unmapped: %6.1f MiB; %6.1f MiB cum
>255 large * %6u spans ~ %6.1f MiB; %6.1f MiB cum; unmapped: %6.1f MiB; %6.1f MiB cum
generic.current_allocated_bytes
generic.heap_size
tcmalloc.slack_bytes
tcmalloc.pageheap_free_bytes
tcmalloc.pageheap_unmapped_bytes
tcmalloc.max_total_thread_cache_bytes
tcmalloc.current_total_thread_cache_bytes
tcmalloc.central
tcmalloc.transfer
tcmalloc.thread
tcmalloc.page
tcmalloc.page_unmapped
tcmalloc.large
tcmalloc.large_unmapped
Windows doesn't implement sbrk!
Check failed: mmap_replacement_.empty(): Only one MMapReplacement is allowed.
Check failed: munmap_replacement_.empty(): Only one MunmapReplacement is allowed.
This malloc implementation does not support sampling.
As of 2005/01/26, only tcmalloc supports sampling, and
heap_v2/%d
This malloc implementation does not support ReadHeapGrowthStackTraces().
As of 2005/09/27, only tcmalloc supports this, and you
S:\foreign\tcmalloc\central_freelist.cc
S:\foreign\tcmalloc\page_heap.cc
S:\foreign\tcmalloc\common.cc
S:\foreign\tcmalloc\stack_trace_table.cc
I64x-I64x %c%c%c%c I64x x:x %-11I64d %s
s:\foreign\tcmalloc\page_heap_allocator.h
%%.%d%c
%d.%d.%d.%d
https
hXXp://host/q?
HTTP/
hXXp://host
^\{.rtf
CCmdTarget
psapi.dll
hXXp://ufasoft.com/
hXXp://ufasoft.com/forum//
ufasoft.com
hXXp://ufasoft.com/cgi-bin/notify.cgi
RegUrl0
RICHED20.DLL
hXXp://ufasoft.com/trac/newticket
hXXp://ufasoft.com
1.2.5
NTDLL.DLL
%s: illegal option -- %c
%s: option requires an argument -- %c
%s: option `%s' is ambiguous
%s: option `--%s' doesn't allow an argument
%s: option `%c%s' doesn't allow an argument
%s: option `%s' requires an argument
%s: unrecognized option `--%s'
%s: unrecognized option `%c%s'
%s: invalid option -- %c
%s: option `-W %s' is ambiguous
%s: option `-W %s' doesn't allow an argument
http=
(socks|http)=([^:] ):(\d )
*.lng
CMDIFrameWnd
CMDIChildWnd
mapi32.dll
COMCTL32.DLL
Afx:%p:%x
Afx:%p:%x:%p:%p:%p
WININET.dll
PSAPI.DLL
VERSION.dll
COMDLG32.dll
COMCTL32.dll
CLSID\{ADB880A6-D8FF-11CF-9377-00AA003B7A11}\InprocServer32
hhctrl.ocx
operand of unlimited repeat could match the empty string
POSIX named classes are supported only within a class
erroffset passed as NULL
POSIX collating elements are not supported
this version of PCRE is compiled without UTF support
PCRE does not support \L, \l, \N{name}, \U, or \u
support for \P, \p, and \X has not been compiled
this version of PCRE is not compiled with Unicode property support
\N is not supported in a class
Error text not found (please report)
%s near '%s'
%s near end of file
unable to decode byte 0x%x
control character 0x%x
invalid Unicode '\uX\uX'
invalid Unicode '\uX'
duplicate object key
unable to open %s: %s
\ux
\ux\ux
deflate 1.2.5 Copyright 1995-2010 Jean-loup Gailly and Mark Adler
inflate 1.2.5 Copyright 1995-2010 Mark Adler
dbghelp.dll
C:\OUT\Release\PDB\usft_ext.pdb
InternetCrackUrlW
HttpOpenRequestW
HttpSendRequestExW
HttpEndRequestW
HttpQueryInfoW
RegEnumKeyExW
RegFlushKey
RegQueryInfoKeyW
ShellExecuteW
RegOpenKeyExA
_pipe
SetWindowsHookExW
UnhookWindowsHookEx
EnumWindows
GetKeyState
CreateDialogIndirectParamW
MsgWaitForMultipleObjects
GetViewportExtEx
GDI32.dll
SHLWAPI.dll
MSVFW32.dll
CreatePipe
ConnectNamedPipe
CreateNamedPipeW
??0CHttpHeader@Ext@@QAE@ABV01@@Z
??0CHttpHeader@Ext@@QAE@XZ
??0CHttpRequest@Ext@@QAE@ABV01@@Z
??0CHttpRequest@Ext@@QAE@XZ
??0CHttpResponse@Ext@@QAE@ABV01@@Z
??0CHttpResponse@Ext@@QAE@XZ
??1CHttpHeader@Ext@@UAE@XZ
??1CHttpRequest@Ext@@UAE@XZ
??1CHttpResponse@Ext@@UAE@XZ
??4CHttpHeader@Ext@@QAEAAV01@ABV01@@Z
??4CHttpRequest@Ext@@QAEAAV01@ABV01@@Z
??4CHttpResponse@Ext@@QAEAAV01@ABV01@@Z
??_7CHttpHeader@Ext@@6B@
??_7CHttpRequest@Ext@@6B@
??_7CHttpResponse@Ext@@6B@
?DefWindowProcW@CWnd@Ext@@MAEJABUtagMSG@@@Z
?FLAGS_tcmalloc_large_alloc_report_threshold@FLAG__namespace_do_not_use_directly_use_DECLARE_int64_instead@@3_JA
?GetAutoURLDetect@CRichEditCtrl@Ext@@QAE_NXZ
?GetEncoding@CHttpHeader@Ext@@QAEPAVEncoding@2@XZ
?GetMessageMap@CAppFrameWnd@Ext@@MBEPBUAFX_MSGMAP@2@XZ
?GetMessageMap@CFrameApp@Ext@@MBEPBUAFX_MSGMAP@2@XZ
?GetMessageMap@CRichEditCtrl@Ext@@MBEPBUAFX_MSGMAP@2@XZ
?GetNotifyURL@CUpgradeBase@Ext@@UAE?AVString@2@XZ
?GetRandomBaseHttp@CUpgradeBase@Ext@@QAE?AVString@2@XZ
?GetSubKeyNames@RegistryKey@Ext@@QAE?AV?$vector@VString@Ext@@V?$allocator@VString@Ext@@@ExtSTL@@@ExtSTL@@XZ
?GetThisMessageMap@CAppFrameWnd@Ext@@KGPBUAFX_MSGMAP@2@XZ
?GetThisMessageMap@CFrameApp@Ext@@KGPBUAFX_MSGMAP@2@XZ
?GetThisMessageMap@CRichEditCtrl@Ext@@KGPBUAFX_MSGMAP@2@XZ
?Http@CUpgradeBase@Ext@@UAE?AVString@2@XZ
?NotifyRelURL@CUpgradeBase@Ext@@QAEXABVString@2@@Z
?NotifyURL@CUpgradeBase@Ext@@UAEXABVString@2@@Z
?OnBugReport@CFrameApp@Ext@@AAEXXZ
?OnUpdateCmdUI@CStatusBar@Ext@@UAEXPAVCFrameWnd@2@H@Z
?OnUpdateCmdUI@CToolBar@Ext@@UAEXPAVCFrameWnd@2@H@Z
?Parse@CHttpHeader@Ext@@UAEXABV?$vector@VString@Ext@@V?$allocator@VString@Ext@@@ExtSTL@@@ExtSTL@@@Z
?Parse@CHttpRequest@Ext@@UAEXABV?$vector@VString@Ext@@V?$allocator@VString@Ext@@@ExtSTL@@@ExtSTL@@@Z
?Parse@CHttpResponse@Ext@@UAEXABV?$vector@VString@Ext@@V?$allocator@VString@Ext@@@ExtSTL@@@ExtSTL@@@Z
?ParseHeader@CHttpHeader@Ext@@QAE?AVString@2@ABV?$vector@VString@Ext@@V?$allocator@VString@Ext@@@ExtSTL@@@ExtSTL@@_N1@Z
?ParseParams@CHttpRequest@Ext@@IAEXABVString@2@@Z
?PrintFirstLine@CHttpHeader@Ext@@UBEXAAV?$basic_ostream@DU?$char_traits@D@ExtSTL@@@ExtSTL@@@Z
?PrintFirstLine@CHttpRequest@Ext@@UBEXAAV?$basic_ostream@DU?$char_traits@D@ExtSTL@@@ExtSTL@@@Z
?PrintFirstLine@CHttpResponse@Ext@@UBEXAAV?$basic_ostream@DU?$char_traits@D@ExtSTL@@@ExtSTL@@@Z
?QueryDosDeviceW@COperatingSystem@Ext@@SG?AV?$vector@VString@Ext@@V?$allocator@VString@Ext@@@ExtSTL@@@ExtSTL@@ABVString@2@@Z
?ReadHttpHeader@Ext@@YG?AV?$vector@VString@Ext@@V?$allocator@VString@Ext@@@ExtSTL@@@ExtSTL@@ABVStream@1@PAV41@@Z
?SetAutoUrlDetect@CRichEditCtrl@Ext@@QAEX_N@Z
?get_Content@CHttpHeader@Ext@@QAE?AVString@2@XZ
?get_LogicalDriveStrings@COperatingSystem@Ext@@SG?AV?$vector@VString@Ext@@V?$allocator@VString@Ext@@@ExtSTL@@@ExtSTL@@XZ
?get_Params@CHttpRequest@Ext@@QAEAAVNameValueCollection@2@XZ
?get_Version@COperatingSystem@Ext@@SG?AU_OSVERSIONINFOEXW@@XZ
my__report_gsfailure
.?AVRegexExc@Ext@@
.?AVWebExc@Ext@@
3%3U3g3
2!3&3[3`3
8"909[9{9
1"1&1*1_1
0 0$0(0,0004080<0@0
2 2(202<2`2
4 5$5@5`5
This EXE is created by the demo version of BoxedApp Packer
Visit our web-site at: hXXp://boxedapp.com/boxedapppacker/order.html
WBoxedAppLog_%d.txt
BoxedAppVar:ExeFileName
BoxedAppVar:ExeFileExtension
BoxedAppVar:ExeFileNameWithoutExtension
BoxedAppVar:ExeFullPath
BoxedAppVar:OldCmdLine
HKEY_CLASSES_ROOT
HKEY_CURRENT_USER
HKEY_LOCAL_MACHINE
HKEY_CURRENT_CONFIG
HKEY_USERS
%s\%s
%s\winsxs\tempBxDir\virtualAsm
:\tempManifest.manifest
%s_%.8x_%.8x_%.8x
\KernelBase.dll
\.NETFramework\assembly\GAC\BoxedAppSDK_AppDomainManager\1.0.0.0__ef07ce3257ee81c1\BoxedAppSDK_AppDomainManager.dll
\assembly\GAC\BoxedAppSDK_AppDomainManager\1.0.0.0__ef07ce3257ee81c1\BoxedAppSDK_AppDomainManager.dll
%d-%d-%p
:\TLSSupport310D39B571B74d36B95451DD240D8758
",BoxedAppSDK_TryCreateProcessForVirtualEXE_AnotherBitnessPartHelper
\rundll32.exe"
DotNetAppDomainManager.CManagedHost
BoxedAppSDK_AppDomainManager, Version=1.0.0.0, Culture=neutral, PublicKeyToken=ef07ce3257ee81c1
DotNetAppDomainManager.CAppDomainManager
.config
.manifest
",BoxedAppSDK_AttachMixedBitnessProcessHelper
Attempt to launch not executable file:
Unable to find appropriate template exe
comdlg32.dll
\dllhost.exe
hh.exe
find.exe
help.exe
winver.exe
regsvr32.exe
dllhost.exe
ntvdm.exe
tcpsvcs.exe
mpr.dll
Wadvapi32.dll
sxs.dll
Obtain a full version, purchase a license at hXXp://boxedapp.com/boxedappsdk/order.html
%s_%.8x_%.8x
%s_%.8x
boxedapp_msg_process
boxedapp_event_newmsg
boxedapp_msg_global
bxsdk64.dll
:\{9019ACD6-BC11-4308-8C49-92E0601DF38D}\temp\
\DosDevices\pipe\
\Device\NamedPipe\
\??\pipe\
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Ports
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\NetworkCards
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Gre_Initialize
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Fonts
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontMapper
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontDpi
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Console
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Telephony\Locations
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\PreviewHandlers
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\KindMap
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\DriveIcons
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Control Panel\Cursors\Schemes
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths
\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates
\REGISTRY\MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates
publicKeyToken
Software\Microsoft\Windows\CurrentVersion\SideBySide\Winners\
!"#$%&'()* ,-./0123456789:;<=>?@
3, 3, 5, 0
BoxedApp, BoxedApp SDK, BoxedApp Packer, BoxedApp.com and some others are trademarks (some of them are registered) of Virtualization Technologies Ltd.
BoxedAppSDK.dll
7.0.13047.0
<BoxedAppVar:OldCmdLine>
<ExeDir>
<ExeDir>\coinutil.dll
File coin-chains.xml not Found or corrupted
<ExeDir>\miner.dll
<ExeDir>\phatk.ptx
<ExeDir>\usft_ext.dll
?DbgHelp.dll
urlmon.dll
wininet.dll
{lX-X-X-XX-XXXXXX}
File%d
NTDLL.dll
789:;<=>?
Operation now in progress
Operation already in progress
Socket operation on non-socket
Protocol not supported
Socket type not supported
Operation not supported
Protocol family not supported
Address family not supported by protocol family
WS2_32.DLL version out of range
HTTP error code
VarType not supported
Invalid type for this operation
Unsupported variant type
Name of application key is empty
Encoding not supported
New Unsupported Protocol Verion used
Cannot insert Duplicate Key into Database
Invalid Version Number (only V4 & V5 are supported)
Request rejected because the client program and identd report different user-ids
Server's authentication method does not supported by client
Bad SOCKS Username or Password
SOCKS Method not supported
Invalid HTTP request
SOCKS command not supported
AddressTypeNotSupported
All Files (*.*)
No error message is available.#Attempted an unsupported operation.$A required resource was unavailable.
Command failed.)Insufficient memory to perform operation.PSystem registry entries have been removed and the INI file (if any) was deleted.BNot all of the system registry entries (or INI file) were removed.FThis program requires the file %s, which was not found on this system.tThis program is linked to the missing export %s in the file %s. This machine may have an incompatible version of %s.
6The file is not supported by a Document Object server.A%1
Destination disk drive is full.5Unable to read from %1, it is opened by someone else.AUnable to write to %1, it is read-only or opened by someone else.1Encountered an unexpected error while reading %1.1Encountered an unexpected error while writing %1.
Linked %s
#Unable to load mail system support.
Note that if you choose to recover the auto-saved documents, you must explicitly save them to overwrite the original documents. If you choose to not recover the auto-saved versions, they will be deleted.fRecover the auto-saved documents
%s [Recovered]

%original file name%.exe_3668_rwx_00670000_00004000:

.hP9)h

vbc.exe_3828_rwx_01450000_000AE000:

.text
`.rdata
@.data
.rsrc
@.reloc
l$D9.tO
FTPSW
u$D
<p.uH
TryCreateProcessForVirtualEXE, template exe found:
CBoxedAppCore::My_NtDeleteKey, KeyHandle = 0x
CBoxedAppCore::My_NtEnumerateValueKey, KeyHandle = 0x
CBoxedAppCore::My_NtFlushKey, KeyHandle = 0x
CBoxedAppCore::My_NtNotifyChangeKey, KeyHandle = 0x
CBoxedAppCore::My_NtQueryKey, KeyHandle =
CBoxedAppCore::My_NtQueryMultipleValueKey, KeyHandle =
CBoxedAppCore::My_NtSetInformationKey, KeyHandle = 0x
KernelBase.dll
kernel32.dll
0x%x%x
CBoxedAppCore::My_NtCreateKey, ObjectAttributes = '
CBoxedAppCore::My_NtDeleteValueKey, KeyHandle = 0x
C62E2B35-E4B3-4019-A7C4-F50AC7F78470
CBoxedAppCore::My_NtLoadKey, DestinationKeyName = '
CBoxedAppCore::My_NtQueryValueKey, KeyHandle = 0x
CBoxedAppCore::My_NtReplaceKey, BackupHiveFileName = '
CBoxedAppCore::My_NtSetValueKey, KeyHandle = 0x
CBoxedAppCore::My_NtUnloadKey, DestinationKeyName = '
CBoxedAppCore::My_NtRenameKey, KeyHandle =
BoxedAppSDK::CBoxedAppCore::TryCreateProcessForVirtualEXE_AnotherBitnessPart
: Can't create process of rundll32.exe, last error =
BoxedAppSDK_TryCreateProcessForVirtualEXE_AnotherBitnessPartHelper
BoxedAppSDK_AttachMixedBitnessProcessHelper
BoxedAppSDK_EnumVirtualRegKeysA
BoxedAppSDK_EnumVirtualRegKeysW
BoxedAppSDK_ExecuteDotNetApplicationA
BoxedAppSDK_ExecuteDotNetApplicationW
BoxedAppSDK_DeleteVirtualRegKeyByHandle
BoxedAppSDK_DeleteVirtualRegKeyW
BoxedAppSDK_DeleteVirtualRegKeyA
BoxedAppSDK_CreateVirtualRegKeyW
BoxedAppSDK_CreateVirtualRegKeyA
{4F95F74C-9713-4181-ACDD-8A50195FBC0F}
BoxedAppSDK::CBoxedAppCore::AttachToProcess_WithProcessHelper
BoxedAppSDK::CBoxedAppCore::AttachMixedBitnessProcessHelper
CBoxedAppCore::My_NtLoadKey2, DestinationKeyName = '
CBoxedAppCore::My_NtRestoreKey, KeyHandle = 0x
CBoxedAppCore::My_NtSaveKey, KeyHandle = 0x
:\VirtualDllWithSameImport.dll
:\VirtualDllWithTls.dll
VirtualDllWithTls.dll
VirtualDllWithSameImport.dll
ole32.dll
WinExec
advapi32.dll
NtRenameKey
NtUnloadKey
NtSetValueKey
NtSetInformationKey
NtSaveKey
NtRestoreKey
NtReplaceKey
NtQueryValueKey
NtQueryMultipleValueKey
NtQueryKey
NtOpenKeyEx
NtOpenKey
NtNotifyChangeKey
NtLoadKey2
NtLoadKey
NtFlushKey
NtEnumerateValueKey
NtEnumerateKey
NtDeleteValueKey
NtDeleteKey
NtCreateKey
ntdll.dll
[BOXEDAPP][pid:%d][tid:%d][ %.2d:%.2d:%.2d.%.3d]
FILE_EXECUTE
GENERIC_EXECUTE
KEY_WOW64_64KEY
KEY_WOW64_32KEY
KEY_NOTIFY
KEY_CREATE_LINK
KEY_ENUMERATE_SUB_KEYS
KEY_CREATE_SUB_KEY
KEY_SET_VALUE
KEY_QUERY_VALUE
SECTION_MAP_EXECUTE
PAGE_EXECUTE_WRITECOPY
PAGE_EXECUTE_READWRITE
PAGE_EXECUTE_READ
PAGE_EXECUTE
STATUS_PRIMARY_TRANSPORT_CONNECT_FAILED
STATUS_LOCAL_USER_SESSION_KEY
STATUS_NULL_LM_PASSWORD
STATUS_IMAGE_MACHINE_TYPE_MISMATCH_EXE
STATUS_CARDBUS_NOT_SUPPORTED
STATUS_INVALID_PORT_ATTRIBUTES
STATUS_PORT_MESSAGE_TOO_LONG
STATUS_PORT_DISCONNECTED
STATUS_PORT_CONNECTION_REFUSED
STATUS_INVALID_PORT_HANDLE
STATUS_PORT_ALREADY_SET
STATUS_EAS_NOT_SUPPORTED
STATUS_CTL_FILE_NOT_SUPPORTED
STATUS_WRONG_PASSWORD
STATUS_ILL_FORMED_PASSWORD
STATUS_PASSWORD_RESTRICTION
STATUS_PASSWORD_EXPIRED
STATUS_FLOAT_DENORMAL_OPERAND
STATUS_FLOAT_INVALID_OPERATION
STATUS_PIPE_NOT_AVAILABLE
STATUS_INVALID_PIPE_STATE
STATUS_PIPE_BUSY
STATUS_PIPE_DISCONNECTED
STATUS_PIPE_CLOSING
STATUS_PIPE_CONNECTED
STATUS_PIPE_LISTENING
STATUS_NOT_SUPPORTED
STATUS_PIPE_EMPTY
STATUS_WRONG_PASSWORD_CORE
STATUS_PIPE_BROKEN
STATUS_DISK_OPERATION_FAILED
STATUS_KEY_DELETED
STATUS_KEY_HAS_CHILDREN
STATUS_NO_USER_SESSION_KEY
STATUS_PASSWORD_MUST_CHANGE
STATUS_PORT_UNREACHABLE
STATUS_LOGIN_TIME_RESTRICTION
STATUS_LOGIN_WKSTA_RESTRICTION
STATUS_UNSUPPORTED_COMPRESSION
STATUS_NO_USER_KEYS
STATUS_NOT_EXPORT_FORMAT
STATUS_TRANSPORT_FULL
STATUS_WMI_NOT_SUPPORTED
STATUS_SAM_NEED_BOOTKEY_PASSWORD
STATUS_SAM_NEED_BOOTKEY_FLOPPY
STATUS_STRONG_CRYPTO_NOT_SUPPORTED
STATUS_NOT_SUPPORTED_ON_SBS
STATUS_CSS_KEY_NOT_PRESENT
STATUS_CSS_KEY_NOT_ESTABLISHED
STATUS_NO_KERB_KEY
STATUS_UNSUPPORTED_PREAUTH
STATUS_PORT_NOT_SET
STATUS_INVALID_IMPORT_OF_NON_DLL
STATUS_SMARTCARD_NO_KEY_CONTAINER
STATUS_SMARTCARD_NO_CERTIFICATE
STATUS_SMARTCARD_NO_KEYSET
STATUS_SMARTCARD_CERT_REVOKED
STATUS_SMARTCARD_CERT_EXPIRED
STATUS_SXS_KEY_NOT_FOUND
STATUS_CLUSTER_JOIN_IN_PROGRESS
STATUS_CLUSTER_JOIN_NOT_IN_PROGRESS
RegDeleteKeyExW
NtRequestWaitReplyPort
NtConnectPort
NtReplyPort
NtCompleteConnectPort
NtAcceptConnectPort
NtReplyWaitReceivePort
NtCreateWaitablePort
Imported function,
.data
.idata
It's impossible to create virtual file: parent file is virtual, but passed pBehavior is not NULL
It's impossible to create virtual file: passed pBehavior doesn't support Behavior::IVirtualFileStream
It's impossible to create virtual file: parent node is virtual, but passed pBehavior is not NULL
BoxedAppSDK::Registry::Impl::CRegistry::GetAllChildsKeys
NtEnumerateKey() returned unexpected error, status =
, RegTree::IEnumKeyNode::GetNext() failed, hr =
BoxedAppSDK::Registry::Impl::CRegistry::EnumVirtualRegKeys
, RegTree::IKeyNode::EnumKeys() failed, hr =
: RegTree::IEnumKeyNode::GetNext() failed, hr =
: GetAllChildsKeys() failed, status =
BoxedAppSDK::Registry::Impl::CRegistry::NtQueryKeyInternal
: RegTree::IKeyNode::EnumKeys() failed, hr =
BoxedAppSDK::Registry::Impl::CRegistry::GetFullRegKeyPath
error, IVirtualKeyHandle_GetFullPath() returned
Invalid key information class:
KeySetHandleTagsInformation is not supported for virtual handle
KeySetDebugInformation is not supported for virtual handle
KeySetVirtualizationInformation is not supported for virtual handle
KeyControlFlagsInformation is not supported for virtual handle
KeyWow64FlagsInformation is not supported for virtual handle
We still don't process NtQueryObject / ObjectBasicInformation for virtual key handles
We still don't process NtQueryObject / ObjectTypeInformation for virtual key handles
: IVirtualKeyHandle::Rename() failed, hr =
: RegTree::IKeyNode::Remove() failed, hr =
BoxedAppSDK::Registry::Impl::CRegistry::NtRenameKeyInternal
: RegTree::IKeyNode::AddKey() failed, hr =
: result hkey =
: IVirtualKey::CreateKey() failed, hr =
: we can't create a virtual key with its own behavior under another virtual key
: Handles::CreateVirtualKeyHandle() failed, hr =
: IVirtualKey::OpenKey() failed, hr =
: RegImpl::CreateKeyOnSharedMem() failed, hr =
: GetFullRegKeyPath() failed for the hKey =
: Handles::IVirtualKeyHandle::CreateKey() failed and returned
: passed pBehavior is not NULL, but parent key is virtual, so we can't create a key
BoxedAppSDK::Registry::Impl::CRegistry::CreateVirtualRegKey
: lpSubKey: "
BoxedAppSDK::Registry::Impl::CRegistry::SearchStartingFromRealKey
: Handles::CreateVirtualKeyHandle() failed
BoxedAppSDK::Registry::Impl::CRegistry::NtCreateKeyInternal
: SearchStartingFromRealKey() failed
: RegTree::IKeyNode::FindValue() failed, hr =
BoxedAppSDK::Registry::Impl::CRegistry::NtDeleteValueKeyInternal
: IVirtualKeyHandle::put_Value() failed, hr =
BoxedAppSDK::Registry::Impl::CRegistry::GetRealKeyLastWriteTime
: NtQueryKey() failed, status =
: NtOpenKey() failed, hr =
BoxedAppSDK::Registry::Impl::CRegistry::HasRealKeySubKeys
: NtEnumerateValueKey() failed when we tried to get name of the node, status =
: IKeyNode::EnumValues() failed, hr =
: Behavior::IVirtualKeyHandle::EnumKeys() failed, hr =
: Behavior::IVirtualKeyHandle::EnumValues() failed, hr =
BoxedAppSDK::Registry::Impl::CRegistry::NtEnumerateValueKeyInternal
BoxedAppSDK::Registry::Impl::CRegistry::NtOpenKeyInternal
: invalid KeyInformationClass passed:
: IVirtualKeyHandle_GetFullPath() failed, hr =
: Behavior::IEnumVirtualKey::GetNext() failed, hr =
: IVirtualKeyHandle::EnumValues() failed, hr =
: IVirtualKeyHandle::EnumKeys() failed, hr =
: IVirtualKeyHandle::get_LastWriteTime() failed, hr =
reg:NtQueryMultipleValueKey(
: IKeyNode::FindValue() failed, hr =
: IVirtualKeyHandle::get_Value() failed, hr =
BoxedAppSDK::Registry::Impl::CRegistry::NtQueryValueKeyInternal
: IVirtualKeyHandle::get_ValueType() failed, hr =
reg:NtSetInformationKey(
RegTree::IKeyNode::RemoveValue() failed, hr
BoxedAppSDK::Registry::Impl::CRegistry::NtSetValueKeyInternal
reg:NtRenameKey(
RegTree::IEnumKeyNode::GetNext(), hr =
RegTree::IKeyNode::EnumKeys(), hr =
: IEnumVirtualKey::GetNext() failed, hr =
BoxedAppSDK::Registry::Impl::CRegistry::NtDeleteKeyInternal
reg:NtDeleteValueKey(
: NtEnumerateKey() failed when we tried to get name of the node, status =
, Behavior::IVirtualKeyHandle::get_Prop() failed, hr =
, Behavior::IVirtualKey::OpenKey() failed, hr =
: IKeyNode::EnumKeys() failed, hr =
BoxedAppSDK::Registry::Impl::CRegistry::NtEnumerateKeyInternal
reg:NtEnumerateValueKey(
reg:NtQueryKey(
reg:NtQueryValueKey(
reg:NtSetValueKey(
reg:NtCreateKey(
reg:NtDeleteKey(
reg:NtEnumerateKey(
reg:NtOpenKey(
GetProcessHeap
GetWindowsDirectoryW
KERNEL32.dll
USER32.dll
RegCloseKey
RegOpenKeyExW
RegDeleteKeyW
RegOpenKeyW
ADVAPI32.dll
OLEAUT32.dll
bxsdk32.dll
d:\build_area\boxedapp_src\src\boxedappsolution\release_full\bxsdk32.pdb
`.rsrc
v2.0.50727
BoxedAppSDK_AppDomainManager.dll
System.Security
.ctor
System.Security.Policy
System.Reflection
System.Runtime.InteropServices
System.Diagnostics
System.Runtime.CompilerServices
System.Collections
System.Security.Permissions
System.IO
DllImportAttribute
shell32.dll
lpCmdLine
1.0.0.0
$87cd9ac9-2a94-4a9b-aee1-8d25d6a19f78
D:\build_area\boxedapp_src\src\BoxedAppSolution\DotNetAppDomainManager\obj\x86\Release_Full\BoxedAppSDK_AppDomainManager.pdb
mscoree.dll
BoxedAppSDKThunk32.dll
d:\build_area\boxedapp_src\src\boxedappsolution\release_full\BoxedAppSDKThunk32.pdb
.reloc
TLSSupport32.dll
d:\build_area\boxedapp_src\src\boxedappsolution\release_full\TLSSupport32.pdb
9 9$9(9,909
4!40484}4
:$:,:5:::{:
?#?2?9?@?
1 1$1(1,1014181
9$=(=,=0=4=8=<=@=
6 6$6(6,6064686<6@6
1"26233'4
4 40454:4
:":2:7:>;
,1014181
8 8$8(8,8
%s_%.8x_%.8x_%.8x
\KernelBase.dll
\.NETFramework\assembly\GAC\BoxedAppSDK_AppDomainManager\1.0.0.0__ef07ce3257ee81c1\BoxedAppSDK_AppDomainManager.dll
\assembly\GAC\BoxedAppSDK_AppDomainManager\1.0.0.0__ef07ce3257ee81c1\BoxedAppSDK_AppDomainManager.dll
%d-%d-%p
:\TLSSupport310D39B571B74d36B95451DD240D8758
",BoxedAppSDK_TryCreateProcessForVirtualEXE_AnotherBitnessPartHelper
\rundll32.exe"
DotNetAppDomainManager.CManagedHost
BoxedAppSDK_AppDomainManager, Version=1.0.0.0, Culture=neutral, PublicKeyToken=ef07ce3257ee81c1
DotNetAppDomainManager.CAppDomainManager
.config
.manifest
",BoxedAppSDK_AttachMixedBitnessProcessHelper
Attempt to launch not executable file:
Unable to find appropriate template exe
comdlg32.dll
\dllhost.exe
hh.exe
find.exe
help.exe
winver.exe
regsvr32.exe
dllhost.exe
ntvdm.exe
tcpsvcs.exe
mpr.dll
Wadvapi32.dll
sxs.dll
Obtain a full version, purchase a license at hXXp://boxedapp.com/boxedappsdk/order.html
%s_%.8x_%.8x
%s_%.8x
boxedapp_msg_process
boxedapp_event_newmsg
boxedapp_msg_global
bxsdk64.dll
:\{9019ACD6-BC11-4308-8C49-92E0601DF38D}\temp\
\DosDevices\pipe\
\Device\NamedPipe\
\??\pipe\
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Ports
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\NetworkCards
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Gre_Initialize
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Fonts
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontMapper
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontDpi
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Console
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Telephony\Locations
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\PreviewHandlers
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\KindMap
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\DriveIcons
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Control Panel\Cursors\Schemes
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths
\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates
\REGISTRY\MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates
publicKeyToken
Software\Microsoft\Windows\CurrentVersion\SideBySide\Winners\
!"#$%&'()* ,-./0123456789:;<=>?@
3, 3, 5, 0
BoxedApp, BoxedApp SDK, BoxedApp Packer, BoxedApp.com and some others are trademarks (some of them are registered) of Virtualization Technologies Ltd.
BoxedAppSDK.dll

conhost.exe_3584:

.text
`.data
.rsrc
@.reloc
GDI32.dll
USER32.dll
msvcrt.dll
ntdll.dll
API-MS-Win-Core-LocalRegistry-L1-1-0.dll
KERNEL32.dll
IMM32.dll
ole32.dll
OLEAUT32.dll
PutInputInBuffer: EventsWritten != 1 (0x%x), 1 expected
Invalid message 0x%x
InitExtendedEditKeys: Unsupported version number(%d)
Console init failed with status 0x%x
CreateWindowsWindow failed with status 0x%x, gle = 0x%x
InitWindowsStuff failed with status 0x%x (gle = 0x%x)
InitSideBySide failed create an activation context. Error: %d
GetModuleFileNameW requires more than ScratchBufferSize(%d) - 1.
GetModuleFileNameW failed %d.
Invalid EventType: 0x%x
Dup handle failed for %d of %d (Status = 0x%x)
Couldn't grow input buffer, Status == 0x%x
InitializeScrollBuffer failed, Status = 0x%x
CreateWindow failed with gle = 0x%x
Opening Font file failed with error 0x%x
\ega.cpi
NtReplyWaitReceivePort failed with Status 0x%x
ConsoleOpenWaitEvent failed with Status 0x%x
NtCreatePort failed with Status 0x%x
GetCharWidth32 failed with error 0x%x
GetTextMetricsW failed with error 0x%x
GetSystemEUDCRangeW: RegOpenKeyExW(%ws) failed, error = 0x%x
RtlStringCchCopy failed with Status 0x%x
Cannot allocate 0n%d bytes
|%SWj
O.fBf;
ReCreateDbcsScreenBuffer failed. Restoring to CP=%d
Invalid Parameter: 0x%x, 0x%x, 0x%x
ConsoleKeyInfo buffer is full
Invalid screen buffer size (0x%x, 0x%x)
SetROMFontCodePage: failed to memory allocation %d bytes
FONT.NT
Failed to set font image. wc=x, sz=(%x,%x)
Failed to set font image. wc=x sz=(%x, %x).
Failed to set font image. wc=x sz=(%x,%x)
FullscreenControlSetColors failed - Status = 0x%x
FullscreenControlSetPalette failed - Status = 0x%x
WriteCharsFromInput failed 0x%x
WriteCharsFromInput failed %x
RtlStringCchCopyW failed with Status 0x%x
CreateFontCache failed with Status 0x%x
FTPh
\>.Sj
GetKeyboardLayout
MapVirtualKeyW
VkKeyScanW
GetKeyboardState
UnhookWindowsHookEx
SetWindowsHookExW
GetKeyState
ActivateKeyboardLayout
GetKeyboardLayoutNameA
GetKeyboardLayoutNameW
_amsg_exit
_acmdln
ShipAssert
NtReplyWaitReceivePort
NtCreatePort
NtEnumerateValueKey
NtQueryValueKey
NtOpenKey
NtAcceptConnectPort
NtReplyPort
SetProcessShutdownParameters
GetCPInfo
conhost.pdb
%$%a%b%V%U%c%Q%W%]%\%[%
%<%^%_%Z%T%i%f%`%P%l%g%h%d%e%Y%X%R%S%k%j%
version="5.1.0.0"
name="Microsoft.Windows.ConsoleHost"
<requestedExecutionLevel
name="Microsoft.Windows.ConsoleHost.SystemDefault"
publicKeyToken="6595b64144ccf1df"
name="Microsoft.Windows.SystemCompatible"
version="6.0.0.0"
publicKeyToken="6595b64144ccf1df"
< =$>:>@>
2%2X2
%SystemRoot%
\Registry\Machine\Software\Microsoft\Windows NT\CurrentVersion\Console\TrueTypeFont
\Registry\Machine\Software\Microsoft\Windows NT\CurrentVersion\Console\FullScreen
WindowSize
ColorTableu
ExtendedEditkeyCustom
ExtendedEditKey
Software\Microsoft\Windows\CurrentVersion
\ !:=/.<>;|&
%d/%d
cmd.exe
desktop.ini
\console.dll
%d/%d
6.1.7601.17641 (win7sp1_gdr.110623-1503)
CONHOST.EXE
Windows
Operating System
6.1.7601.17641

vbc.exe_3828_rwx_10000000_00001000:

.text
`.rdata
@.reloc

vbc.exe_3828_rwx_11000000_00001000:

.text
`.rdata
@.data
.rsrc
@.reloc

vbc.exe_3828_rwx_13800000_00001000:

.text
`.rdata
@.data
.rsrc
@.reloc

vbc.exe_3828_rwx_13900000_00001000:

.text
`.rdata
@.data
.rsrc
@.reloc


Remove it with Ad-Aware

  1. Click (here) to download and install Ad-Aware Free Antivirus.
  2. Update the definition files.
  3. Run a full scan of your computer.


Manual removal*

  1. Terminate malicious process(es) (How to End a Process With the Task Manager):No processes have been created.
  2. Delete the original Trojan file.
  3. Delete or disinfect the following files created/modified by the Trojan:

    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\tmpFA26.tmp.exe (1 bytes)

  4. Delete the following value(s) in the autorun key (How to Work with System Registry):

    [HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
    "Windows Live Messenger.exe" = "C:\Users\"%CurrentUserName%"\AppData\Local\Temp\tmpFA26.tmp.exe"

  5. Clean the Temporary Internet Files folder, which may contain infected files (How to clean Temporary Internet Files folder).
  6. Reboot the computer.

*Manual removal may cause unexpected system behaviour and should be performed at your own risk.

No votes yet


Lavasoft is the maker of Ad-Aware, the world's most popular anti-malware software with over 450 million downloads.
© 2025 Lavasoft. All rights reserved.
Terms Of Use |   Privacy Policy


x

Our best antivirus yet!

Fresh new look. Faster scanning. Better protection.

Enjoy unique new features, lightning fast scans and a simple yet beautiful new look in our best antivirus yet!

For a quicker, lighter and more secure experience, download the all new adaware antivirus 12 now!

Download adaware antivirus 12
No thanks, continue to lavasoft.com
close x

Discover the new adaware antivirus 12

Our best antivirus yet

Download Now