Trojan.Win32.IEDummy_3ccce9698c
Gen:Variant.Strictor.82398 (B) (Emsisoft), Trojan.Win32.IEDummy.FD, Trojan.Win32.Swrort.3.FD, mzpefinder_pcap_file.YR (Lavasoft MAS)
Behaviour: Trojan
The description has been automatically generated by Lavasoft Malware Analysis System and it may contain incomplete or inaccurate information.
Requires JavaScript enabled! |
---|
MD5: 3ccce9698c52d17b2ebe7292b0cbdab2
SHA1: 43ad42578d34a4e2a62959e8f18b9562fa8169f2
SHA256: 6aede122442abefa82b0c73b74792b1accf26efe43866e11f4756ccfae293bdc
SSDeep: 12288:Ql/NiIoYAbvZO7wNJgHO78VN4zN8EMDOVUjW3Xg8oSABBC:QZjoY4EEyHWqN6KjzbPC
Size: 561984 bytes
File type: EXE
Platform: WIN32
Entropy: Packed
PEID: UPolyXv05_v6
Company: no certificate found
Created at: 2015-03-26 15:49:32
Analyzed on: WindowsXP SP3 32-bit
Summary:
Trojan. A program that appears to do one thing but actually does another (a.k.a. Trojan Horse).
Payload
No specific payload has been found.
Process activity
The Trojan creates the following process(es):
mixvideoplayersetup.exe:700
WPFFontCache_v0400.exe:3624
LTV2.exe:2172
LTV2.exe:3496
LTV2.exe:1936
MixVideoPlayerUpdaterService.exe:2716
The Trojan injects its code into the following process(es):
MixVideoPlayer.exe:2728
%original file name%.exe:1188
BrowserWeb.exe:3488
Mutexes
The following mutexes were created/opened:
No objects were found.
File activity
The process mixvideoplayersetup.exe:700 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Program Files%\MixVideoPlayer\Languages\ChineseT.ini (3 bytes)
%Program Files%\MixVideoPlayer\LTV2.exe (6 bytes)
%Program Files%\MixVideoPlayer\Controls\ifishplayer-icon2.ico (9608 bytes)
%Program Files%\MixVideoPlayer\Languages\Polish.ini (3 bytes)
%Program Files%\MixVideoPlayer\dotNetFx40_Full_setup.exe (30344 bytes)
%Program Files%\MixVideoPlayer\references\taglib-sharp.dll (15536 bytes)
%Program Files%\MixVideoPlayer\Languages\Swedish.ini (3 bytes)
%Program Files%\MixVideoPlayer\Languages\Ukrainian.ini (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsq3.tmp\nsProcess.dll (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsq3.tmp\System.dll (11 bytes)
%Program Files%\MixVideoPlayer\FrameworkControl.exe (12024 bytes)
%Program Files%\MixVideoPlayer\references\Newtonsoft.Json.dll (15536 bytes)
%Program Files%\MixVideoPlayer\policy.2.0.taglib-sharp.dll (3 bytes)
%Program Files%\MixVideoPlayer\Languages\Indonesian.ini (3 bytes)
%Documents and Settings%\All Users\Start Menu\Programs\MixVideoPlayer\Uninstall MixVideoPlayer.lnk (1 bytes)
%Program Files%\MixVideoPlayer\references\ffmpeg.exe (811312 bytes)
%Program Files%\MixVideoPlayer\Languages\Portuguese.ini (3 bytes)
%Program Files%\MixVideoPlayer\LTVNetSdk.dll (14 bytes)
%Program Files%\MixVideoPlayer\Languages\HaitianCreole.ini (3 bytes)
%Program Files%\MixVideoPlayer\Languages\Arabic.ini (4 bytes)
%Program Files%\MixVideoPlayer\Languages\Turkish.ini (3 bytes)
%Program Files%\MixVideoPlayer\Languages\Catalan.ini (3 bytes)
%Documents and Settings%\All Users\Start Menu\Programs\MixVideoPlayer\MixVideoPlayer.lnk (1 bytes)
%Program Files%\MixVideoPlayer\Languages\ChineseS.ini (3 bytes)
%Program Files%\MixVideoPlayer\Languages\Hebrew.ini (4 bytes)
%Program Files%\MixVideoPlayer\Languages\Dutch.ini (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsb2.tmp (636264 bytes)
%Program Files%\MixVideoPlayer\mixvideoplayer.affcode (3 bytes)
%Program Files%\MixVideoPlayer\Windows\Thumbs.db (1856 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsq3.tmp\AccessControl.dll (13 bytes)
%Program Files%\MixVideoPlayer\Languages\Slovak.ini (3 bytes)
%Program Files%\MixVideoPlayer\uninstall.exe (3941 bytes)
%Program Files%\MixVideoPlayer\Languages\Finnish.ini (3 bytes)
%Program Files%\MixVideoPlayer\icon.ico (9608 bytes)
%Program Files%\MixVideoPlayer\mixvideoplayer.uidnum (23 bytes)
%Program Files%\MixVideoPlayer\references\policy.2.0.taglib-sharp.dll (3 bytes)
%Program Files%\MixVideoPlayer\Languages\English.ini (3 bytes)
%Program Files%\MixVideoPlayer\Languages\Latvian.ini (3 bytes)
%Program Files%\MixVideoPlayer\policy.2.0.taglib-sharp.config (377 bytes)
%Program Files%\MixVideoPlayer\Languages\Thai.ini (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsq3.tmp\SimpleSC.dll (1856 bytes)
%Program Files%\MixVideoPlayer\references\folder.png (472 bytes)
%Program Files%\MixVideoPlayer\BrowserWeb.exe (1856 bytes)
%Program Files%\MixVideoPlayer\references\extaudio.png (310 bytes)
%Program Files%\MixVideoPlayer\Languages\Spanish.ini (3 bytes)
%Documents and Settings%\%current user%\Desktop\MixVideoPlayer.lnk (1 bytes)
%Program Files%\MixVideoPlayer\references\policy.2.0.taglib-sharp.config (377 bytes)
%Program Files%\MixVideoPlayer\references\Interop.SHDocVw.dll (5064 bytes)
%Program Files%\MixVideoPlayer\MixVideoPlayerUpdaterService.exe (784 bytes)
%Program Files%\MixVideoPlayer\Languages\Russian.ini (5 bytes)
%Program Files%\MixVideoPlayer\taglib-sharp.dll (15536 bytes)
%Program Files%\MixVideoPlayer\mixUpdater.exe (8 bytes)
%Program Files%\MixVideoPlayer\references\NDde.dll (3616 bytes)
%Program Files%\MixVideoPlayer\Snowplow.Tracker.dll (784 bytes)
%Program Files%\MixVideoPlayer\MixVideoPlayer.exe (70495 bytes)
%Program Files%\MixVideoPlayer\Languages\Slovenian.ini (3 bytes)
%Program Files%\MixVideoPlayer\references\Thumbs.db (5 bytes)
%Program Files%\MixVideoPlayer\references\libreria.png (244 bytes)
%Program Files%\MixVideoPlayer\Languages\Norwegian.ini (3 bytes)
%Program Files%\MixVideoPlayer\Languages\Japanese.ini (4 bytes)
%Program Files%\MixVideoPlayer\Languages\Lithuanian.ini (3 bytes)
%Program Files%\MixVideoPlayer\Languages\Greek.ini (5 bytes)
%Program Files%\MixVideoPlayer\Languages\Danish.ini (3 bytes)
%Program Files%\MixVideoPlayer\Languages\Bulgarian.ini (5 bytes)
%Program Files%\MixVideoPlayer\Languages\Hindi.ini (6 bytes)
%Program Files%\MixVideoPlayer\Languages\German.ini (3 bytes)
%Program Files%\MixVideoPlayer\NLog.dll (14184 bytes)
%Program Files%\MixVideoPlayer\references\PhotoLoader.dll (784 bytes)
%Program Files%\MixVideoPlayer\Languages\Italian.ini (3 bytes)
%Program Files%\MixVideoPlayer\Languages\Korean.ini (3 bytes)
%Program Files%\MixVideoPlayer\PhotoLoader.dll (784 bytes)
%Program Files%\MixVideoPlayer\Languages\Czech.ini (3 bytes)
%Program Files%\MixVideoPlayer\Languages\Romanian.ini (3 bytes)
%Program Files%\MixVideoPlayer\Languages\Hungarian.ini (3 bytes)
%Program Files%\MixVideoPlayer\icon-uninstall.ico (3616 bytes)
%Program Files%\MixVideoPlayer\references\mixChecker.exe (27704 bytes)
%Program Files%\MixVideoPlayer\Sider.dll (5064 bytes)
%Program Files%\MixVideoPlayer\references\extvideo.png (146 bytes)
%Documents and Settings%\All Users\Start Menu\Programs\Startup\WebBrowserMixVideoPlayer.lnk (1 bytes)
%Program Files%\MixVideoPlayer\Languages\French.ini (3 bytes)
%Program Files%\MixVideoPlayer\Languages\Vietnamese.ini (4 bytes)
%Program Files%\MixVideoPlayer\Controls\Thumbs.db (1552 bytes)
%Program Files%\MixVideoPlayer\Newtonsoft.Json.dll (16944 bytes)
%Program Files%\MixVideoPlayer\Languages\Estonian.ini (3 bytes)
%Program Files%\MixVideoPlayer\Windows\logopeq-icon.ico (9608 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\nsq3.tmp\System.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsq3.tmp\AccessControl.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsq3.tmp\nsProcess.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsv1.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsq3.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsq3.tmp\SimpleSC.dll (0 bytes)
The process MixVideoPlayer.exe:2728 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\analytics[1].htm (1 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@www.mixvideoplayer[2].txt (504 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@n149adserv[2].txt (814 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\jquery.min[2].js (3480 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\mixvideoplayer\log.txt (134 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\tmp4.tmp (326 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\ga[1].js (2293 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\MainBanner[1].htm (3 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@n149adserv[1].txt (636 bytes)
%System%\d3d9caps.tmp (1324 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\jquery.min[1].js (3155 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\arw[1].png (342 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\ga[1].js (2102 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\banner[1].htm (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\analytics[1].js (772 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\jquery.min[1].js (3480 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\show_ads[1].js (6 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@mixvideoplayer[2].txt (4178 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\show_ads[1].js (6 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\mixvideoplayer\config\config.ini (252 bytes)
%Documents and Settings%\%current user%\Cookies\index.dat (15900 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\24075905-11927556[1].gif (8 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@mixvideoplayer[1].txt (3706 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\arw[1].png (342 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@www.mixvideoplayer[1].txt (1009 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\jquery.min[1].js (0 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@www.mixvideoplayer[2].txt (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\show_ads[1].js (0 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@mixvideoplayer[2].txt (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\tmp4.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\arw[1].png (0 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@n149adserv[2].txt (0 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@mixvideoplayer[1].txt (0 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@n149adserv[1].txt (0 bytes)
%System%\d3d9caps.dat (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\ga[1].js (0 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@www.mixvideoplayer[1].txt (0 bytes)
The process MixVideoPlayerUpdaterService.exe:2716 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%System%\config (288 bytes)
%System%\config\system (2250 bytes)
%System%\config\SYSTEM.LOG (4889 bytes)
%Program Files%\MixVideoPlayer\MixVideoPlayerUpdaterService.InstallState (149 bytes)
%Program Files%\MixVideoPlayer\MixVideoPlayerUpdaterService.InstallLog (488 bytes)
The process %original file name%.exe:1188 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\loading-install[1].gif (7 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\style[1].css (114 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\648d1f54-b401-4a6e-8521-936173dd108a\mixvideoplayersetup.exe (6656032 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\i-download[1].png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\msjava[1].dll (465777 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\progress-bar[1].png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\style[1].css (3971 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\loadingBar[1].gif (11313 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\bullet-short[1].gif (54 bytes)
%System%\wbem\Logs\wbemprox.log (684 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\MixVideoPlayerSetup[1].exe (6656032 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\3ae380b8c132195482a6661a7e7e28c2b1928bfbfed27b15e7ce686ae859a366f1d14636fe1f8ce62dceafe24a6eb572c02b22ce76332b30[1].txt (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\c7c1988b7f9dd36999a06b6223acf7cbef06e652b39ddf9d51228edb64fa54f1ca2f96cc34437a2b66fff2c56e3c8c852c7a2d88351fd3c5[1].txt (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\5a380f7ad903c923dd62334c2aacabf0d5f20ac86720d77b74d8d7df94e253875dec51f3012a5fdd73d4509f51b898fab05f1524afc542ec[1].txt (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\MixVideoPlayerSetup[1].exe (0 bytes)
Registry activity
The process mixvideoplayersetup.exe:700 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKCR\mixp.flv\shell\Play\command]
"(Default)" = "%Program Files%\MixVideoPlayer\MixVideoPlayer.exe /m %1"
[HKCR\.mp4]
"(Default)" = "mixp.mp4"
[HKCR\mixp.flv\DefaultIcon]
"(Default)" = "%Program Files%\MixVideoPlayer\MixVideoPlayer.exe"
[HKCR\mixp.3gp\DefaultIcon]
"(Default)" = "%Program Files%\MixVideoPlayer\MixVideoPlayer.exe"
[HKCR\.mkv]
"(Default)" = "mixp.mkv"
[HKCR\mixp.aac]
"(Default)" = "mixp media file (.aac)"
[HKCR\.mpeg]
"(Default)" = "mixp.mpeg"
[HKCR\mixp.mkv\shell]
"(Default)" = "Play"
[HKCR\mixp.mkv\DefaultIcon]
"(Default)" = "%Program Files%\MixVideoPlayer\MixVideoPlayer.exe"
[HKCR\mixp.mpeg\shell]
"(Default)" = "Play"
[HKCR\mixp.wmv]
"(Default)" = "mixp media file (.wmv)"
[HKCR\Applications\MixVideoPlayer.exe\SupportedTypes]
".3gp" = ""
[HKCR\.flv]
"(Default)" = "mixp.flv"
[HKCR\.wma]
"mixp.backup" = "WMAFile"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MixVideoPlayer]
"DisplayVersion" = "v1.0.0.16"
[HKCR\.mpg]
"(Default)" = "mixp.mpg"
[HKCR\.mov]
"(Default)" = "mixp.mov"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Desktop" = "%Documents and Settings%\All Users\Desktop"
[HKCR\mixp.wmv\shell]
"(Default)" = "Play"
[HKCR\.avi]
"(Default)" = "mixp.avi"
[HKCR\mixp.mp4\shell]
"(Default)" = "Play"
[HKCR\mixp.3gp\shell]
"(Default)" = "Play"
[HKCR\mixp.mp3\shell\Play\command]
"(Default)" = "%Program Files%\MixVideoPlayer\MixVideoPlayer.exe /m %1"
[HKCR\mixp.mov\shell]
"(Default)" = "Play"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Start Menu" = "%Documents and Settings%\%current user%\Start Menu"
[HKCR\mixp.3gp\shell\Play]
"(Default)" = "Play"
[HKLM\SOFTWARE\MixVideoPlayer\MixVideoPlayer]
"(Default)" = "%Program Files%\MixVideoPlayer\MixVideoPlayer.exe"
[HKCR\mixp.divx]
"(Default)" = "mixp media file (.divx)"
[HKCR\mixp.mkv]
"(Default)" = "mixp media file (.mkv)"
[HKCR\.wma]
"(Default)" = "mixp.wma"
[HKCR\.aif]
"(Default)" = "mixp.aif"
[HKCR\mixp.avi\shell\Play]
"(Default)" = "Play"
[HKCR\.wav]
"mixp.backup" = "soundrec"
[HKCR\mixp.flv\shell]
"(Default)" = "Play"
[HKCR\.aif]
"mixp.backup" = "AIFFFile"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MixVideoPlayer]
"DisplayIcon" = "%Program Files%\MixVideoPlayer\icon.ico"
[HKCR\mixp.mov\shell\Play]
"(Default)" = "Play"
[HKCR\mixp.mpeg\shell\Play]
"(Default)" = "Play"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MixVideoPlayer]
"Publisher" = "SoftForce LLC"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Start Menu" = "%Documents and Settings%\All Users\Start Menu"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MixVideoPlayer]
"DisplayName" = "MixVideoPlayer"
[HKCR\Applications\MixVideoPlayer.exe\SupportedTypes]
".AAC" = ""
[HKCR\mixp.aif\shell\Play]
"(Default)" = "Play"
[HKCR\mixp.divx\DefaultIcon]
"(Default)" = "%Program Files%\MixVideoPlayer\MixVideoPlayer.exe"
[HKCR\mixp.mp4\shell\Play]
"(Default)" = "Play"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Personal" = "%Documents and Settings%\%current user%\My Documents"
[HKCR\Applications\MixVideoPlayer.exe\SupportedTypes]
".mpeg" = ""
[HKCR\mixp.wmv\shell\Play\command]
"(Default)" = "%Program Files%\MixVideoPlayer\MixVideoPlayer.exe /m %1"
[HKCR\mixp.mov]
"(Default)" = "mixp media file (.mov)"
[HKCR\Applications\MixVideoPlayer.exe\SupportedTypes]
".aif" = ""
[HKCR\mixp.3gp]
"(Default)" = "mixp media file (.3gp)"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Startup" = "%Documents and Settings%\All Users\Start Menu\Programs\Startup"
[HKCU\Software\Microsoft\Internet Explorer\Styles]
"MaxScriptStatements" = "4294967295"
[HKCR\mixp.mov\shell\Play\command]
"(Default)" = "%Program Files%\MixVideoPlayer\MixVideoPlayer.exe /m %1"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"CommonVideo" = "%Documents and Settings%\All Users\Documents\My Videos"
[HKCR\mixp.mpg]
"(Default)" = "mixp media file (.mpg)"
[HKCR\mixp.mp4\DefaultIcon]
"(Default)" = "%Program Files%\MixVideoPlayer\MixVideoPlayer.exe"
[HKCR\mixp.mpeg]
"(Default)" = "mixp media file (.mpeg)"
[HKCR\mixp.divx\shell\Play]
"(Default)" = "Play"
[HKCR\.wav]
"(Default)" = "mixp.wav"
[HKCR\Applications\MixVideoPlayer.exe\SupportedTypes]
".flv" = ""
[HKCR\mixp.avi]
"(Default)" = "mixp media file (.avi)"
[HKCR\mixp.wma]
"(Default)" = "mixp media file (.wma)"
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "DA 4B B2 80 49 B0 21 63 8F 6B F4 BD 9B CE 5A 80"
[HKCR\.divx]
"(Default)" = "mixp.divx"
[HKCR\Applications\MixVideoPlayer.exe\SupportedTypes]
".divx" = ""
[HKCR\mixp.mp4\shell\Play\command]
"(Default)" = "%Program Files%\MixVideoPlayer\MixVideoPlayer.exe /m %1"
[HKCR\mixp.avi\DefaultIcon]
"(Default)" = "%Program Files%\MixVideoPlayer\MixVideoPlayer.exe"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKCR\Applications\MixVideoPlayer.exe\SupportedTypes]
".wma" = ""
[HKCR\Applications\MixVideoPlayer.exe]
"FriendlyAppName" = "MixVideoPlayer"
[HKCR\Applications\MixVideoPlayer.exe\SupportedTypes]
".mkv" = ""
".wmv" = ""
[HKCR\mixp.3gp\shell\Play\command]
"(Default)" = "%Program Files%\MixVideoPlayer\MixVideoPlayer.exe /m %1"
[HKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION]
"iexplore.exe" = "11001"
[HKCR\mixp.wav\shell\Play]
"(Default)" = "Play"
[HKCR\mixp.wma\DefaultIcon]
"(Default)" = "%Program Files%\MixVideoPlayer\MixVideoPlayer.exe"
[HKCR\mixp.wmv\DefaultIcon]
"(Default)" = "%Program Files%\MixVideoPlayer\MixVideoPlayer.exe"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MixVideoPlayer]
"EstimatedSize" = "33016"
[HKCR\mixp.wmv\shell\Play]
"(Default)" = "Play"
[HKCR\mixp.aif\shell\Play\command]
"(Default)" = "%Program Files%\MixVideoPlayer\MixVideoPlayer.exe /m %1"
[HKCR\mixp.mpg\shell\Play]
"(Default)" = "Play"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"
[HKCR\mixp.mp3\DefaultIcon]
"(Default)" = "%Program Files%\MixVideoPlayer\MixVideoPlayer.exe"
[HKCR\mixp.avi\shell]
"(Default)" = "Play"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MixVideoPlayer]
"UninstallString" = "%Program Files%\MixVideoPlayer\uninstall.exe"
[HKCR\mixp.mp4]
"(Default)" = "mixp media file (.mp4)"
[HKCR\Applications\MixVideoPlayer.exe]
"(Default)" = ""
[HKCR\mixp.mp3\shell\Play]
"(Default)" = "Play"
[HKCR\mixp.aac\shell\Play]
"(Default)" = "Play"
[HKCR\.aac]
"(Default)" = "mixp.aac"
[HKCR\mixp.aif]
"(Default)" = "mixp media file (.aif)"
[HKCR\mixp.avi\shell\Play\command]
"(Default)" = "%Program Files%\MixVideoPlayer\MixVideoPlayer.exe /m %1"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"CommonMusic" = "%Documents and Settings%\All Users\Documents\My Music"
[HKCR\mixp.mp3]
"(Default)" = "mixp media file (.mp3)"
[HKCR\.mp3]
"mixp.backup" = "mp3file"
[HKCR\Applications\MixVideoPlayer.exe\SupportedTypes]
".avi" = ""
[HKCR\.mpg]
"mixp.backup" = "mpegfile"
[HKCR\mixp.aif\DefaultIcon]
"(Default)" = "%Program Files%\MixVideoPlayer\MixVideoPlayer.exe"
[HKCR\Applications\MixVideoPlayer.exe\shell\Play\command]
"(Default)" = "%Program Files%\MixVideoPlayer\MixVideoPlayer.exe /m %1"
[HKCR\mixp.flv]
"(Default)" = "mixp media file (.flv)"
[HKCR\mixp.divx\shell\Play\command]
"(Default)" = "%Program Files%\MixVideoPlayer\MixVideoPlayer.exe /m %1"
[HKCR\mixp.mkv\shell\Play\command]
"(Default)" = "%Program Files%\MixVideoPlayer\MixVideoPlayer.exe /m %1"
[HKCR\mixp.wav\shell\Play\command]
"(Default)" = "%Program Files%\MixVideoPlayer\MixVideoPlayer.exe /m %1"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Desktop" = "%Documents and Settings%\%current user%\Desktop"
[HKCR\mixp.aac\shell]
"(Default)" = "Play"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"
[HKCR\mixp.aac\DefaultIcon]
"(Default)" = "%Program Files%\MixVideoPlayer\MixVideoPlayer.exe"
[HKCR\mixp.mpg\shell\Play\command]
"(Default)" = "%Program Files%\MixVideoPlayer\MixVideoPlayer.exe /m %1"
[HKCR\mixp.wav\shell]
"(Default)" = "Play"
[HKCR\mixp.wav\DefaultIcon]
"(Default)" = "%Program Files%\MixVideoPlayer\MixVideoPlayer.exe"
[HKCR\mixp.mkv\shell\Play]
"(Default)" = "Play"
[HKCR\Applications\MixVideoPlayer.exe\SupportedTypes]
".mov" = ""
[HKCR\mixp.mpg\DefaultIcon]
"(Default)" = "%Program Files%\MixVideoPlayer\MixVideoPlayer.exe"
[HKCR\mixp.mov\DefaultIcon]
"(Default)" = "%Program Files%\MixVideoPlayer\MixVideoPlayer.exe"
[HKCR\Applications\MixVideoPlayer.exe\SupportedTypes]
".MP3" = ""
[HKLM\SOFTWARE\MixVideoPlayer\MixVideoPlayer]
"InstallDir" = "%Program Files%\MixVideoPlayer"
[HKCR\Applications\MixVideoPlayer.exe\SupportedTypes]
".mp4" = ""
[HKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION]
"BrowserWeb.exe" = "11001"
[HKCR\mixp.mpeg\shell\Play\command]
"(Default)" = "%Program Files%\MixVideoPlayer\MixVideoPlayer.exe /m %1"
[HKCR\mixp.wma\shell]
"(Default)" = "Play"
[HKCR\.wmv]
"mixp.backup" = "WMVFile"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Local AppData" = "%Documents and Settings%\%current user%\Local Settings\Application Data"
[HKCR\mixp.aif\shell]
"(Default)" = "Play"
[HKCR\mixp.aac\shell\Play\command]
"(Default)" = "%Program Files%\MixVideoPlayer\MixVideoPlayer.exe /m %1"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"My Pictures" = "%Documents and Settings%\%current user%\My Documents\My Pictures"
[HKCR\mixp.flv\shell\Play]
"(Default)" = "Play"
[HKCR\.3gp]
"(Default)" = "mixp.3gp"
[HKCR\.avi]
"mixp.backup" = "avifile"
[HKCR\.wmv]
"(Default)" = "mixp.wmv"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Documents" = "%Documents and Settings%\All Users\Documents"
[HKCR\Applications\MixVideoPlayer.exe\SupportedTypes]
".mpg" = ""
[HKCR\mixp.mpg\shell]
"(Default)" = "Play"
[HKCR\mixp.wma\shell\Play\command]
"(Default)" = "%Program Files%\MixVideoPlayer\MixVideoPlayer.exe /m %1"
[HKCR\.mp3]
"(Default)" = "mixp.mp3"
[HKCR\mixp.mpeg\DefaultIcon]
"(Default)" = "%Program Files%\MixVideoPlayer\MixVideoPlayer.exe"
[HKCR\mixp.wav]
"(Default)" = "mixp media file (.wav)"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"CommonPictures" = "%Documents and Settings%\All Users\Documents\My Pictures"
[HKCR\Applications\MixVideoPlayer.exe\SupportedTypes]
".WAV" = ""
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Programs" = "%Documents and Settings%\All Users\Start Menu\Programs"
[HKCR\mixp.divx\shell]
"(Default)" = "Play"
[HKCR\.mpeg]
"mixp.backup" = "mpegfile"
[HKCR\mixp.mp3\shell]
"(Default)" = "Play"
[HKCR\mixp.wma\shell\Play]
"(Default)" = "Play"
The process WPFFontCache_v0400.exe:3624 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "F6 6F D6 EA 93 2E F7 24 54 72 8D 52 6A 09 B4 5F"
[HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Local AppData" = "%Documents and Settings%\LocalService\Local Settings\Application Data"
The process MixVideoPlayer.exe:2728 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy\traceIdentifier]
"Guid" = "5f31090b-d990-4e91-b16d-46121d0255aa"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache2"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E2E2DD38-D088-4134-82B7-F2BA38496583}\iexplore]
"Type" = "4"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil\traceIdentifier]
"Guid" = "8aefce96-4618-42ff-a057-3536aa78233e"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"MigrateProxy" = "1"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E2E2DD38-D088-4134-82B7-F2BA38496583}\iexplore]
"Count" = "17"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65452"
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache4"
[HKLM\System\CurrentControlSet\Services\Eventlog\Application\ESENT]
"EventMessageFile" = "%System%\ESENT.dll"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "3C 00 00 00 21 00 00 00 01 00 00 00 00 00 00 00"
[HKLM\System\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"
[HKLM\System\CurrentControlSet\Services\Eventlog\Application\ESENT]
"CategoryCount" = "16"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FB5F1910-F110-11D2-BB9E-00C04F795683}\iexplore]
"Type" = "4"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"
"Local AppData" = "%Documents and Settings%\%current user%\Local Settings\Application Data"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg\traceIdentifier]
"BitNames" = " Error Unusual Info Debug"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg]
"Active" = "1"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy\traceIdentifier]
"BitNames" = " Error Unusual Info Debug"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E2E2DD38-D088-4134-82B7-F2BA38496583}\iexplore]
"Time" = "DF 07 05 00 01 00 0B 00 01 00 17 00 09 00 31 01"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"
[HKLM\SOFTWARE\Microsoft\ESENT\Process\MixVideoPlayer\DEBUG]
"Trace Level" = ""
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg]
"LogSessionName" = "stdout"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FB5F1910-F110-11D2-BB9E-00C04F795683}\iexplore]
"Count" = "17"
[HKCU\Software\Microsoft\Direct3D\MostRecentApplication]
"Name" = "MixVideoPlayer.exe"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy]
"Active" = "1"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil]
"Active" = "1"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65452"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy]
"LogSessionName" = "stdout"
"ControlFlags" = "1"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg]
"ControlFlags" = "1"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg\traceIdentifier]
"Guid" = "5f31090b-d990-4e91-b16d-46121d0255aa"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FB5F1910-F110-11D2-BB9E-00C04F795683}\iexplore]
"Time" = "DF 07 05 00 01 00 0B 00 01 00 17 00 09 00 41 01"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil\traceIdentifier]
"BitNames" = " Error Unusual Info Debug"
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "14 F0 6A AD 22 33 61 C4 0C 95 37 82 33 4C A5 F3"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache1"
[HKLM\System\CurrentControlSet\Services\Eventlog\Application\ESENT]
"CategoryMessageFile" = "%System%\ESENT.dll"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65452"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65452"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil]
"LogSessionName" = "stdout"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"
[HKLM\System\CurrentControlSet\Services\Eventlog\Application\ESENT]
"TypesSupported" = "7"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache3"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil]
"ControlFlags" = "1"
The Trojan modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"
The Trojan modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:
"ProxyBypass" = "1"
Proxy settings are disabled:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"
The Trojan modifies IE settings for security zones to map all urls to the Intranet Zone:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"
The Trojan deletes the following value(s) in system registry:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"
[HKLM\SOFTWARE\Microsoft\ESENT\Process\MixVideoPlayer\DEBUG]
"Trace Level"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyOverride"
"ProxyServer"
The process LTV2.exe:2172 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "6E 5F A2 7D CE 51 5A 7B 4D D8 3F A7 A5 1E 9E 28"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy\traceIdentifier]
"Guid" = "5f31090b-d990-4e91-b16d-46121d0255aa"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil\traceIdentifier]
"Guid" = "8aefce96-4618-42ff-a057-3536aa78233e"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy]
"Active" = "1"
[HKLM\System\CurrentControlSet\Services\Eventlog\Application\ESENT]
"CategoryMessageFile" = "%System%\ESENT.dll"
"EventMessageFile" = "%System%\ESENT.dll"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg\traceIdentifier]
"BitNames" = " Error Unusual Info Debug"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg]
"Active" = "1"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil]
"Active" = "1"
"ControlFlags" = "1"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil\traceIdentifier]
"BitNames" = " Error Unusual Info Debug"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy\traceIdentifier]
"BitNames" = " Error Unusual Info Debug"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy]
"LogSessionName" = "stdout"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Local AppData" = "%Documents and Settings%\%current user%\Local Settings\Application Data"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil]
"LogSessionName" = "stdout"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg\traceIdentifier]
"Guid" = "5f31090b-d990-4e91-b16d-46121d0255aa"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg]
"ControlFlags" = "1"
[HKLM\System\CurrentControlSet\Services\Eventlog\Application\ESENT]
"CategoryCount" = "16"
"TypesSupported" = "7"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg]
"LogSessionName" = "stdout"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy]
"ControlFlags" = "1"
The process LTV2.exe:3496 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "A7 B4 BA 21 D7 30 E5 13 72 EB EA 19 DE E0 1B 70"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy\traceIdentifier]
"Guid" = "5f31090b-d990-4e91-b16d-46121d0255aa"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil\traceIdentifier]
"Guid" = "8aefce96-4618-42ff-a057-3536aa78233e"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy]
"Active" = "1"
[HKLM\System\CurrentControlSet\Services\Eventlog\Application\ESENT]
"CategoryMessageFile" = "%System%\ESENT.dll"
"EventMessageFile" = "%System%\ESENT.dll"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg\traceIdentifier]
"BitNames" = " Error Unusual Info Debug"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg]
"Active" = "1"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil]
"Active" = "1"
"ControlFlags" = "1"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil\traceIdentifier]
"BitNames" = " Error Unusual Info Debug"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy\traceIdentifier]
"BitNames" = " Error Unusual Info Debug"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy]
"LogSessionName" = "stdout"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Local AppData" = "%Documents and Settings%\%current user%\Local Settings\Application Data"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil]
"LogSessionName" = "stdout"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg\traceIdentifier]
"Guid" = "5f31090b-d990-4e91-b16d-46121d0255aa"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg]
"ControlFlags" = "1"
[HKLM\System\CurrentControlSet\Services\Eventlog\Application\ESENT]
"CategoryCount" = "16"
"TypesSupported" = "7"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg]
"LogSessionName" = "stdout"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy]
"ControlFlags" = "1"
The process LTV2.exe:1936 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "9E 5C FF F3 26 CE A8 B0 1D 0B 98 BA 77 32 E3 05"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy\traceIdentifier]
"Guid" = "5f31090b-d990-4e91-b16d-46121d0255aa"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil\traceIdentifier]
"Guid" = "8aefce96-4618-42ff-a057-3536aa78233e"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy]
"Active" = "1"
[HKLM\System\CurrentControlSet\Services\Eventlog\Application\ESENT]
"CategoryMessageFile" = "%System%\ESENT.dll"
"EventMessageFile" = "%System%\ESENT.dll"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg\traceIdentifier]
"BitNames" = " Error Unusual Info Debug"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg]
"Active" = "1"
[HKLM\System\CurrentControlSet\Services\Eventlog\Application\ESENT]
"TypesSupported" = "7"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil]
"Active" = "1"
"ControlFlags" = "1"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil\traceIdentifier]
"BitNames" = " Error Unusual Info Debug"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy\traceIdentifier]
"BitNames" = " Error Unusual Info Debug"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy]
"LogSessionName" = "stdout"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil]
"LogSessionName" = "stdout"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg\traceIdentifier]
"Guid" = "5f31090b-d990-4e91-b16d-46121d0255aa"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg]
"ControlFlags" = "1"
[HKLM\System\CurrentControlSet\Services\Eventlog\Application\ESENT]
"CategoryCount" = "16"
[HKLM\SOFTWARE\Microsoft\ESENT\Process\LTV2\DEBUG]
"Trace Level" = ""
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg]
"LogSessionName" = "stdout"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy]
"ControlFlags" = "1"
The Trojan deletes the following value(s) in system registry:
[HKLM\SOFTWARE\Microsoft\ESENT\Process\LTV2\DEBUG]
"Trace Level"
The process MixVideoPlayerUpdaterService.exe:2716 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "A0 FE F7 CF A0 83 C2 37 3F D1 E9 1A CF 68 BD 21"
[HKLM\System\CurrentControlSet\Services\Eventlog\Application\MixVideoPlayerUpdaterService]
"EventMessageFile" = "%WinDir%\Microsoft.NET\Framework\v4.0.30319\EventLogMessages.dll"
[HKLM\System\CurrentControlSet\Services\Eventlog\Application]
"Sources" = "WSH, WMIAdapter, WMI.NET Provider Extension, WmdmPmSN, WinMgmt, Winlogon, Windows Product Activation, Windows 3.1 Migration, WebClient, VSSetup, VSS, VMware Tools, VMUpgradeHelper, vmtools, vmStatsProvider, VBRuntime, Userinit, Userenv, TPVCGateway, Tlntsvr, System.ServiceModel.Install 3.0.0.0, System.ServiceModel 4.0.0.0, System.ServiceModel 3.0.0.0, System.Runtime.Serialization 4.0.0.0, System.Runtime.Serialization 3.0.0.0, System.IO.Log 4.0.0.0, System.IO.Log 3.0.0.0, System.IdentityModel 4.0.0.0, System.IdentityModel 3.0.0.0, SysmonLog, Starter, SpoolerCtrs, Software Restriction Policies, Software Installation, ServiceModel Audit 4.0.0.0, ServiceModel Audit 3.0.0.0, SecurityCenter, SclgNtfy, SceSrv, SceCli, safrslv, SAFrdms, RPC, Remote Assistance, PerlMsg, PerfProc, PerfOS, PerfNet, Perfmon, Perflib, PerfDisk, Perfctrs, Offline Files, Oakley, ntbackup, MSSQLSERVER/MSDE, MSSHA, MsiInstaller, MSDTC Client, MSDTC, mnmsrvc, Microsoft.Transactions.Bridge 4.0.0.0, Microsoft.Transactions.Bridge 3.0.0.0, Microsoft H.323 Telephony Service Provider, Microsoft (R) Visual C# 200$"
The process %original file name%.exe:1188 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65452"
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache4"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65452"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Documents" = "%Documents and Settings%\All Users\Documents"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Personal" = "%Documents and Settings%\%current user%\My Documents"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache2"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Desktop" = "%Documents and Settings%\All Users\Desktop"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"
[HKLM\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication]
"Name" = "%original file name%.exe"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Desktop" = "%Documents and Settings%\%current user%\Desktop"
[HKLM\System\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65452"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "3C 00 00 00 1F 00 00 00 01 00 00 00 00 00 00 00"
[HKLM\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication]
"ID" = "1427377772"
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "6B 57 2E 80 FD DB 26 3B F1 65 21 B5 80 F4 B0 4E"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache1"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65452"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"MigrateProxy" = "1"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache3"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"
[HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache\C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\648d1f54-b401-4a6e-8521-936173dd108a]
"mixvideoplayersetup.exe" = "mixvideoplayersetup"
The Trojan modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"
The Trojan modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:
"ProxyBypass" = "1"
Proxy settings are disabled:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"
The Trojan modifies IE settings for security zones to map all urls to the Intranet Zone:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"
The Trojan deletes the following value(s) in system registry:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"
"ProxyServer"
"ProxyOverride"
The process BrowserWeb.exe:3488 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "68 D8 63 F3 E7 B5 C8 C1 18 5E 72 FC DC 0D BB AE"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Local AppData" = "%Documents and Settings%\%current user%\Local Settings\Application Data"
Dropped PE files
MD5 | File path |
---|---|
e2f4978581965042d006284084b0ee0e | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\648d1f54-b401-4a6e-8521-936173dd108a\mixvideoplayersetup.exe |
9e7d36edcc188e166dee9552017ac94f | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\nsq3.tmp\AccessControl.dll |
d63975ce28f801f236c4aca5af726961 | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\nsq3.tmp\SimpleSC.dll |
faa7f034b38e729a983965c04cc70fc1 | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\nsq3.tmp\nsProcess.dll |
e2f4978581965042d006284084b0ee0e | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\MixVideoPlayerSetup[1].exe |
67986ec074b86590e110a76480f7da99 | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\msjava[1].dll |
db8aaada3dde398a23afc6fee53522c0 | c:\Program Files\MixVideoPlayer\BrowserWeb.exe |
bf1576ea75892ac4a4173a2219ae3685 | c:\Program Files\MixVideoPlayer\FrameworkControl.exe |
52b1e3025e9982013926d8bfa9f63d53 | c:\Program Files\MixVideoPlayer\LTV2.exe |
426cf211fe0f02d46a810ce6d1410e51 | c:\Program Files\MixVideoPlayer\LTVNetSdk.dll |
bcc99c2d6609105cfe8eac99d8dea991 | c:\Program Files\MixVideoPlayer\MixVideoPlayer.exe |
e1408ea0ad04d0487836d04ec739fc7e | c:\Program Files\MixVideoPlayer\MixVideoPlayerUpdaterService.exe |
c1c6c4fdb0ab4f220c7655ffb37624f7 | c:\Program Files\MixVideoPlayer\NLog.dll |
5e02ddaf3b02e43e532fc6a52b04d14b | c:\Program Files\MixVideoPlayer\Newtonsoft.Json.dll |
ad26d090ecf26d18496c9e3f44a7141d | c:\Program Files\MixVideoPlayer\PhotoLoader.dll |
fc7d210f85d5edae1a0d44c86016dcf1 | c:\Program Files\MixVideoPlayer\Sider.dll |
42d33fccae817596da60007a52d8005f | c:\Program Files\MixVideoPlayer\Snowplow.Tracker.dll |
53406e9988306cbd4537677c5336aba4 | c:\Program Files\MixVideoPlayer\dotNetFx40_Full_setup.exe |
17162ea44d12b9bd4e1e8b92815bc872 | c:\Program Files\MixVideoPlayer\mixUpdater.exe |
1910d297328aec93214fbc1cdab6b3cf | c:\Program Files\MixVideoPlayer\policy.2.0.taglib-sharp.dll |
c56aa0c915ded810350bb3873704a6e6 | c:\Program Files\MixVideoPlayer\references\Interop.SHDocVw.dll |
c1c7beb5231bb058c1a669a05b8701ca | c:\Program Files\MixVideoPlayer\references\NDde.dll |
1232f5d749700a818908cc163befed18 | c:\Program Files\MixVideoPlayer\references\Newtonsoft.Json.dll |
ad26d090ecf26d18496c9e3f44a7141d | c:\Program Files\MixVideoPlayer\references\PhotoLoader.dll |
32e6505d917e1ba68e40b5815cc747e9 | c:\Program Files\MixVideoPlayer\references\ffmpeg.exe |
2ce9d6746d60f3f3905dcf15c996a01d | c:\Program Files\MixVideoPlayer\references\mixChecker.exe |
1910d297328aec93214fbc1cdab6b3cf | c:\Program Files\MixVideoPlayer\references\policy.2.0.taglib-sharp.dll |
3fd25de85281f92de0d4e4a6b7bdb03e | c:\Program Files\MixVideoPlayer\references\taglib-sharp.dll |
3fd25de85281f92de0d4e4a6b7bdb03e | c:\Program Files\MixVideoPlayer\taglib-sharp.dll |
HOSTS file anomalies
No changes have been detected.
Rootkit activity
No anomalies have been detected.
Propagation
VersionInfo
No information is available.
PE Sections
Name | Virtual Address | Virtual Size | Raw Size | Entropy | Section MD5 |
---|---|---|---|---|---|
UPX0 | 4096 | 1462272 | 0 | 0 | d41d8cd98f00b204e9800998ecf8427e |
UPX1 | 1466368 | 520192 | 519168 | 5.54468 | 4c0753151f24482528c099c30504caa9 |
.rsrc | 1986560 | 36864 | 36864 | 3.88912 | 04834f22bd35f2435f42d2566e203845 |
Dropped from:
Downloaded by:
Similar by SSDeep:
Similar by Lavasoft Polymorphic Checker:
Total found: 606
d73ac008c2d24f989b873c36182c201e
9e64c957611203d7f25e94aea0a7ed5f
b087e769d07b0e094f5441d8494d8a71
2c92de39e11d9912129eff6a429231ee
6d0fee79962944f209134eb024fcb1dc
8f6b30db9db998df6ad1cb92d539ed55
c6b13db5bec582b84a05ab440395ca1e
7bdc5b3867e241b9c72229362e582e5f
ab4fc9cb2ce5fdd532f05613ef649eb1
1d982ca5832238415cfb30e8d7cefd0f
9407103b649bfeb36a5e7853ca836f17
b73ed0dc079447a38f33cd94846a2e22
3b15ce656e2a3c18bc29abaf4cfc496a
098d1fee827bfef2094bc5f94df95606
958486af84bbe3d654ede9958f447532
26bc36b4e6b29f79dfef22087c1999f3
218a829aae7585ec2d34bc4f76bdafbf
ab21eb1ee1a27fa5d172952c6ac5254b
f3b242e35c563181ee2a2268ad454fb8
76d12f031aac02faa543f880be2b3490
1d5a301d8a23fbf35b859e29e9e08808
c74bb1b7c80463752aefa58a692b1fa8
5a31331fd6f043c9d1afdae2f97c2989
ccff137b570c4fb779e9ef253bc5980a
991b574bdf9f99f4e7ee6d602b5dd058
URLs
URL | IP |
---|---|
hxxp://5.135.246.48/d5/msjava.dll | ![]() |
hxxp://maxirg00.maxisrv.com/5249df9fc7494aef4b71f2edd1cf19f66107cf9d98819c52ddf9e0d290e69663d036c8757b96bdb04e774cd3cac89476d5229dde10e35ad74ed69a98ca081a18f90c7eeb869aa97c981c99bffc2b16807e2387a88a501692 | ![]() |
hxxp://maxirg00.maxisrv.com/c7c1988b7f9dd36999a06b6223acf7cbef06e652b39ddf9d51228edb64fa54f1ca2f96cc34437a2b66fff2c56e3c8c852c7a2d88351fd3c5 | ![]() |
hxxp://maxirg00.maxisrv.com/maxpower-static/templates/2014/11/71be70f4-73cf-11e4-b71d-06a3579b0dab/css/style.css | ![]() |
hxxp://maxirg00.maxisrv.com/__maxpower__/render_template/2014/11/71be70f4-73cf-11e4-b71d-06a3579b0dab?language_code=en | ![]() |
hxxp://maxirg00.maxisrv.com/maxpower-static/apps/34/68794/css/style.css | ![]() |
hxxp://maxirg00.maxisrv.com/__maxpower__/render_screen/2014/11/8b9c3fb4-73d0-11e4-925e-06a3579b0dab/screen_variation=videoUpdater | ![]() |
hxxp://maxirg00.maxisrv.com/maxpower-static/templates/2014/11/71be70f4-73cf-11e4-b71d-06a3579b0dab/css/images/i-download.png | ![]() |
hxxp://maxirg00.maxisrv.com/maxpower-static/templates/2014/11/71be70f4-73cf-11e4-b71d-06a3579b0dab/css/images/loading-install.gif | ![]() |
hxxp://maxirg00.maxisrv.com/maxpower-static/templates/2014/11/71be70f4-73cf-11e4-b71d-06a3579b0dab/css/images/progress-bar.png | ![]() |
hxxp://maxirg00.maxisrv.com/maxpower-static/templates/2014/11/71be70f4-73cf-11e4-b71d-06a3579b0dab/css/images/loadingBar.gif | ![]() |
hxxp://maxirg00.maxisrv.com/84/MixVideoPlayerSetup.exe | ![]() |
hxxp://ww0.maxisrv.com/BesH3gE9/pop-up/ | ![]() |
hxxp://n149adserv.com/ads?key=5d7c4c519bcd79cc1dca058af3cfebbc&width=0&height=0 | ![]() |
hxxp://network.adsmarket.com/click/jGJunWecqZmOZnCXYcp6w4iQa5leonuXiWaYm2SifJuNkGqYX6SDmbdiaZxenX-Z?dp=NTN8NDM3fFVBfDF8MXx8|0612006bafc3521e68edbb931e5ac369-17-48 | ![]() |
hxxp://ads.thrillreel.com/movie_player/index?sub=415891&ref=112315&s2stoken=20WhWz1AAWtmxA4V0Ggk9v1yRCpS4uqb&p1=131995 | ![]() |
hxxp://googleapis.l.google.com/ajax/libs/jquery/1.9.1/jquery.min.js | ![]() |
hxxp://maxirg00.maxisrv.com/3ae380b8c132195482a6661a7e7e28c2b1928bfbfed27b15e7ce686ae859a366f1d14636fe1f8ce62dceafe24a6eb572c02b22ce76332b30 | ![]() |
hxxp://maxirg00.maxisrv.com/__maxpower__/render_screen/2014/11/a888aa68-73d0-11e4-b71d-06a3579b0dab/screen_variation=videoUpdater | ![]() |
hxxp://maxirg00.maxisrv.com/maxpower-static/templates/2014/11/71be70f4-73cf-11e4-b71d-06a3579b0dab/css/images/bullet-short.gif | ![]() |
hxxp://ltv-pre.tguhost.com/ltv/install/?idapp=23&action=install&mac=000C290DDD4A&country=US | ![]() |
hxxp://maxirg00.maxisrv.com/5a380f7ad903c923dd62334c2aacabf0d5f20ac86720d77b74d8d7df94e253875dec51f3012a5fdd73d4509f51b898fab05f1524afc542ec | ![]() |
hxxp://staticrr.tgusrv.com/sdb/1d/MixVideoPlayerUpdate.xml?915c0ea7-c8b6-41a0-814d-86fdcbaae7b2 | ![]() |
hxxp://staticrr.tgusrv.com/sdb/e0/WebBrowser.xml?46429484-969b-4abe-8755-abd87ef536b6 | ![]() |
hxxp://api.getinstallfile.com/maxpower-static/apps/34/68794/css/style.css | ![]() |
hxxp://api.getinstallfile.com/maxpower-static/templates/2014/11/71be70f4-73cf-11e4-b71d-06a3579b0dab/css/images/loadingBar.gif | ![]() |
hxxp://staticrr.mixvideoplayer.com/sdb/e0/WebBrowser.xml?46429484-969b-4abe-8755-abd87ef536b6 | ![]() |
hxxp://ajax.googleapis.com/ajax/libs/jquery/1.9.1/jquery.min.js | ![]() |
hxxp://api.getinstallfile.com/__maxpower__/render_screen/2014/11/8b9c3fb4-73d0-11e4-925e-06a3579b0dab/screen_variation=videoUpdater | ![]() |
hxxp://static.getinstallfile.com/84/MixVideoPlayerSetup.exe | ![]() |
hxxp://api.getinstallfile.com/maxpower-static/templates/2014/11/71be70f4-73cf-11e4-b71d-06a3579b0dab/css/images/loading-install.gif | ![]() |
hxxp://www.getinstallfile.com/BesH3gE9/pop-up/ | ![]() |
hxxp://api.getinstallfile.com/5a380f7ad903c923dd62334c2aacabf0d5f20ac86720d77b74d8d7df94e253875dec51f3012a5fdd73d4509f51b898fab05f1524afc542ec | ![]() |
hxxp://api.getinstallfile.com/5249df9fc7494aef4b71f2edd1cf19f66107cf9d98819c52ddf9e0d290e69663d036c8757b96bdb04e774cd3cac89476d5229dde10e35ad74ed69a98ca081a18f90c7eeb869aa97c981c99bffc2b16807e2387a88a501692 | ![]() |
hxxp://api.getinstallfile.com/maxpower-static/templates/2014/11/71be70f4-73cf-11e4-b71d-06a3579b0dab/css/images/progress-bar.png | ![]() |
hxxp://api.getinstallfile.com/3ae380b8c132195482a6661a7e7e28c2b1928bfbfed27b15e7ce686ae859a366f1d14636fe1f8ce62dceafe24a6eb572c02b22ce76332b30 | ![]() |
hxxp://static.api.getinstallfile.com/d5/msjava.dll | |
hxxp://staticrr.mixvideoplayer.com/sdb/1d/MixVideoPlayerUpdate.xml?4011959b-04e6-4042-954f-6c6c53c9b32c | ![]() |
hxxp://api.getinstallfile.com/maxpower-static/templates/2014/11/71be70f4-73cf-11e4-b71d-06a3579b0dab/css/images/bullet-short.gif | ![]() |
hxxp://staticrr.mixvideoplayer.com/sdb/1d/MixVideoPlayerUpdate.xml?915c0ea7-c8b6-41a0-814d-86fdcbaae7b2 | ![]() |
hxxp://api.getinstallfile.com/__maxpower__/render_screen/2014/11/a888aa68-73d0-11e4-b71d-06a3579b0dab/screen_variation=videoUpdater | ![]() |
hxxp://api.getinstallfile.com/maxpower-static/templates/2014/11/71be70f4-73cf-11e4-b71d-06a3579b0dab/css/images/i-download.png | ![]() |
hxxp://api.getinstallfile.com/c7c1988b7f9dd36999a06b6223acf7cbef06e652b39ddf9d51228edb64fa54f1ca2f96cc34437a2b66fff2c56e3c8c852c7a2d88351fd3c5 | ![]() |
hxxp://api.getinstallfile.com/maxpower-static/templates/2014/11/71be70f4-73cf-11e4-b71d-06a3579b0dab/css/style.css | ![]() |
hxxp://api.getinstallfile.com/__maxpower__/render_template/2014/11/71be70f4-73cf-11e4-b71d-06a3579b0dab?language_code=en | ![]() |
IDS verdicts (Suricata alerts: Emerging Threats ET ruleset)
ET SHELLCODE Possible TCP x86 JMP to CALL Shellcode Detected
ET TROJAN VMProtect Packed Binary Inbound via HTTP - Likely Hostile
SURICATA STREAM ESTABLISHED packet out of window
SURICATA STREAM Packet with invalid ack
SURICATA STREAM ESTABLISHED invalid ack
Traffic
GET /movie_player/index?sub=415891&ref=112315&s2stoken=20WhWz1AAWtmxA4V0Ggk9v1yRCpS4uqb&p1=131995 HTTP/1.1
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/x-ms-application, application/x-ms-xbap, application/vnd.ms-xpsdocument, application/xaml xml, */*
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: ads.thrillreel.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Server: nginx/1.4.7
Date: Mon, 11 May 2015 01:21:57 GMT
Content-Type: text/html; charset=iso-8859-1
Transfer-Encoding: chunked
Connection: close
Set-Cookie: PHPSESSID=ps2hjqcuttf3b6k4gi4n0v6up7; path=/; domain=.thrillreel.com
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: visitidads_security_key=04da27f0a654cc577721ff2b2ff4d9e2; expires=Tue, 12-May-2015 01:21:57 GMT; path=/; domain=.thrillreel.com
Set-Cookie: visitidads=1431307317; expires=Tue, 12-May-2015 01:21:57 GMT; path=/; domain=.thrillreel.com
Set-Cookie: ref_security_key=163baf42ccc522c7dc0209370b3c8b48; expires=Mon, 11-May-2015 02:21:57 GMT; path=/; domain=.thrillreel.com
Set-Cookie: ref=112315; expires=Mon, 11-May-2015 02:21:57 GMT; path=/; domain=.thrillreel.com
Set-Cookie: campaign_id_security_key=986a3dd5f093383628e7032f3558cfa0; expires=Mon, 11-May-2015 02:21:57 GMT; path=/; domain=.thrillreel.com
Set-Cookie: campaign_id=12950; expires=Mon, 11-May-2015 02:21:57 GMT; path=/; domain=.thrillreel.com
Set-Cookie: program_id_security_key=8cfd10305568dd4783293901f44613de; expires=Mon, 11-May-2015 02:21:57 GMT; path=/; domain=.thrillreel.com
Set-Cookie: program_id=138; expires=Mon, 11-May-2015 02:21:57 GMT; path=/; domain=.thrillreel.com
Set-Cookie: affiliate_id_security_key=e4e24bf23ce66c250cb557921cb6d79b; expires=Mon, 11-May-2015 02:21:57 GMT; path=/; domain=.thrillreel.com
Set-Cookie: affiliate_id=5417; expires=Mon, 11-May-2015 02:21:57 GMT; path=/; domain=.thrillreel.com
Set-Cookie: sub_campaign_security_key=34df325b3aca98c3132ec0c0fcd6fcff; expires=Mon, 11-May-2015 02:21:57 GMT; path=/; domain=.thrillreel.com
Set-Cookie: sub_campaign=415891; expires=Mon, 11-May-2015 02:21:57 GMT; path=/; domain=.thrillreel.com
Set-Cookie: ad_domain_security_key=5ff0b5388e94959dd826f8645e683921; expires=Tue, 12-May-2015 01:21:57 GMT; path=/; domain=.thrillreel.com
Set-Cookie: ad_domain=ads.thrillreel.com; expires=Tue, 12-May-2015 01:21:57 GMT; path=/; domain=.thrillreel.com
Set-Cookie: ad_url_security_key=07118fbfecbbe1db2f2e0abe0bfc1623; expires=Tue, 12-May-2015 01:21:57 GMT; path=/; domain=.thrillreel.com
Set-Cookie: ad_url=http://ads.thrillreel.com/movie_player/index?sub=415891&ref=112315&s2stoken=20WhWz1AAWtmxA4V0Ggk9v1yRCpS4uqb&p1=131995; expires=Tue, 12-May-2015 01:21:57 GMT; path=/; domain=.thrillreel.com
Set-Cookie: ad_unit_security_key=e278d9cdf27b1a2ac3be11dc502af927; expires=Tue, 12-May-2015 01:21:57 GMT; path=/; domain=.thrillreel.com
Set-Cookie: ad_unit=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.thrillreel.com
Set-Cookie: ad_path_security_key=1c39fab7f5e6a0404a7b6bfa4f9fb7e8; expires=Tue, 12-May-2015 01:21:57 GMT; path=/; domain=.thrillreel.com
Set-Cookie: ad_path=/movie_player/index; expires=Tue, 12-May-2015 01:21:57 GMT; path=/; domain=.thrillreel.com
Set-Cookie: ad_ref_security_key=dafc91b4b36067883e2713af40d42170; expires=Tue, 12-May-2015 01:21:57 GMT; path=/; domain=.thrillreel.com
Set-Cookie: ad_ref=112315; expires=Tue, 12-May-2015 01:21:57 GMT; path=/; domain=.thrillreel.com
Set-Cookie: 17e86a64422a123478d80a248b6ba1c1_security_key=b2fe407cb09db9033ba20d9ca26049e1; expires=Mon, 11-May-2015 05:21:57 GMT; path=/; domain=.thrillreel.com
Set-Cookie: 17e86a64422a123478d80a248b6ba1c1=1; expires=Mon, 11-May-2015 05:21:57 GMT; path=/; domain=.thrillreel.com
Set-Cookie: track_dimensions_security_key=f4ad1bd0fca0205ec70e29da82ac715c; expires=Tue, 12-May-2015 01:15:17 GMT; path=/; domain=.thrillreel.com
Set-Cookie: track_dimensions=eJxlkkFP4zAQhf/KKndKnDbQuicOHDiAkBDavVnTeJoaEjuy3ZZoxX9nnNppWqRITd83Y783E+Bzxv87znKeSfAoQEqU2ZqUFc+KnJU3eXnD8j8F43lOz4AKnjWgpdK16KDGoFF/+LmjY0wLSk80tuCZxS1atOI3LM6wA7+bIDIActLBlkFwM7+zqmksYjOrTBvI/VCZ2oPz29YcFIqugR7trdISv86Fe618tn4JpYxnFbQdqFoLNeQuecaKVXkKSk46a2oLbaRzovNlMg7brWpUGNuJUtBywe4TdvuNSKfH4SxYuVyx8Ie4cVH9SwbNMd1onDigdcro6Ifwv9dof2PN0aGNtz2/PT0ObeVIpr3k9m52SkKvDsFWO4G6Vhqv9hPZJ/ZHY2UcDln0NmSshO87TDtJoVPMyuy1t72ojMSY7P0hLWLbgNslT6KFD0PeFc+jpwucAE2kg97s/VjJkjIaSd7zcaPDDs71rgXr6XO+kiuL4NUBp3J5+TlfdXTgHEqxgepzlOnWI24Ejfsw7oIEFpfklE+nFMv19w+Yqw3Y; expires=Tue, 12-May-2015 01:15:17 GMT; path=/; domain=.thrillreel.com
Set-Cookie: tc_security_key=fc500e9eee4be276c63afd27fa6c6ca9; expires=Wed, 10-Jun-2015 01:21:57 GMT; path=/; domain=.thrillreel.com
Set-Cookie: tc=112315_0_0_0_138; expires=Wed, 10-Jun-2015 01:21:57 GMT; path=/; domain=.thrillreel.com
Set-Cookie: track_params_security_key=923cf64a15313a211064d05d2769c2c0; expires=Wed, 10-Jun-2015 01:21:57 GMT; path=/; domain=.thrillreel.com
Set-Cookie: track_params=eJxVUM1OxCAQfhceoCn9WVt68rAHDxoTY/RGKIy7xBY20G6zMb67A9Raw4GZ72fmA8Foy748KxiZJOk8owdGKC1KWvM8Hlo2AS8ZcR+o0CyxCFWMiFmrgOVJIf46JIfLP9KmDud1cd+s4r4Gbcpn09npYXAAQybtSFaJC0XOSLjaIOTKjkIb0j0lhfWBwsxv2ii7xIl5gPkVnNfWBKSO9PtzqO8Y6Z1dPMTRmPLx5eEYbfXG7L0Y/JDlUYClB+HkmYM5aQO7bLTauE+4LdapPYk5pZ3N5G5cWgXr417vf9Mu0HNce90yIUDXsF5PwNPPFc06zM89l2K8CH0y6/MrWjcter5/AK0aiiI=; expires=Wed, 10-Jun-2015 01:21:57 GMT; path=/; domain=.thrillreel.com
Set-Cookie: visitflagads_security_key=c6a94cea66511b0a61002fbd095d2c8f; expires=Wed, 10-Jun-2015 01:21:57 GMT; path=/; domain=.thrillreel.com
Set-Cookie: visitflagads=1431307317; expires=Wed, 10-Jun-2015 01:21:57 GMT; path=/; domain=.thrillreel.com
Set-Cookie: 30dadff6c68d13a98b2a162bb05a7bc1_security_key=085299f351a856512eda5d50f8484110; expires=Mon, 11-May-2015 05:21:57 GMT; path=/; domain=.thrillreel.com
Set-Cookie: 30dadff6c68d13a98b2a162bb05a7bc1=1; expires=Mon, 11-May-2015 05:21:57 GMT; path=/; domain=.thrillreel.com
Content-Encoding: gzip500a..............w{...'..~.]..X2)...%.^..3{...$@.. ..j?.._...)...f..}
_....N>.N.....K..h.........?~.....C..[w..]......n8W............-j_"
.%..............w2............I.DR.$. ..w..|I.L,k..........2.>)....
.....*M4u......~Yh.z7...V.^.h5.....UKu...P.. ...w......X....T.{W.. .b.
s.ioh....\h.cdM^G...j...{g,..P....:.^%..B=...B..p.s..U........}l.....Z
...\s1..^..X..'.....xsc9.3.......6.Yw.)...uZ...B.k...]615.....;.......
...Y=....H7. OK..Y....MM........t.t]-../!..K....\..u.k\.K;Z..v.1....J.
....@5....ll.v..#c.|.\-.....[]Z/o.s}.(g..j..?....1.k^uk.4.....o..1..k.
X-q.35..ZY..EL......j,.Ku..jC...-..y.62...zz..W...... .P]...wO|V...$_i
....g.f...|^.......\Y._...j......Q^&.1.X.../.c4.._/...D.....5.........
.>....Q.Mw[.......n.2Z....H_c..Y.......jj..HW.....U....f...`5:}#...
%..>...n.m..`.gkb,.F ..FT..=.....j.....m"......'...k.;...z>.]...
.P. $..D$. ..p.>).B.......G.......YPQ....eXs.......z......(,1.n....
M.`{y....X.lv.....>._..F..sG.x6,un..&.....LL.p9..g..P..I..Xd...I>
;.U../..|e>.......k.B...pEMj6....U.k[*....r.].C.Bx....O^..p.3...[j.
..... ....8.&..=2B...r..x0............G<.m.1.m.e-....@.W$..Y......y
..'R.u.6.v....)...m.#G..~....?...-...^m..X-.)1S&.k/...|.S ............
7k.~~.#~A...E...(....m...........h...;?.a...^.#d.g..Z.`w.9...j.mnl)'..
a.....af.c1.Q..g.. ....T[-).F..........Y.z6).>|C...................
..G.m.nh......m.9Q....'../B.'..t.........\..x.]h...!.$....g;.<.5.z~
....8...V..>....W._P..k.<....cK%..|..%o.........dc(....].]..W;c.
BS#.^.Q.-.*...;.u..TbB..&.2..[j...s....?..........Tz.}...q..q2#MWw<<< skipped >>>
GET /maxpower-static/templates/2014/11/71be70f4-73cf-11e4-b71d-06a3579b0dab/css/images/bullet-short.gif HTTP/1.1
Accept: */*
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: api.getinstallfile.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 11 May 2015 01:22:09 GMT
Content-Type: image/gif
Content-Length: 54
Last-Modified: Fri, 27 Feb 2015 14:06:53 GMT
Connection: keep-alive
ETag: "54f079fd-36"
Accept-Ranges: bytesGIF89a.............!.......,...................P..U..;HTTP/1.1 200 OK.
.Server: nginx..Date: Mon, 11 May 2015 01:22:09 GMT..Content-Type: ima
ge/gif..Content-Length: 54..Last-Modified: Fri, 27 Feb 2015 14:06:53 G
MT..Connection: keep-alive..ETag: "54f079fd-36"..Accept-Ranges: bytes.
.GIF89a.............!.......,...................P..U..;....
POST /5a380f7ad903c923dd62334c2aacabf0d5f20ac86720d77b74d8d7df94e253875dec51f3012a5fdd73d4509f51b898fab05f1524afc542ec HTTP/1.1
User-Agent: dBrowser 3 CallGetResponse:3
Host: api.getinstallfile.com
Content-Length: 4166
Cache-Control: no-cache
cdata=86394263D6DED7AD3ED013DFEF7E64F6FD7F7EB6471F6E1008FAF67D6BFDB01B26EAAA801BC7C09F4151D3761C9F974F6921D434084F69EB0E2262EC981EFAF4B71B6DE53AB1621839F9301B469E85E3DEEA269604ED17849843D57DA5D052460EA403F0E2730A705291EE1BB655062579317F3835A3F1C8D611E8D59DE4E29330C729C3611175A91D6C4B2CA57BF51B8A93E962C0C6C7C6FD68E8538140D7179A18D7BCE232EF1C1C0A61A0FC128EFA35879CE800C42FE7ED6DD7260C2A734FD494B2C250259201C61772E42F1834C5441D06379FFA40F46894C31933E48BDA957A476C0D2DA52AB22D25163CA51C0265C33430C2CCDC2445DB733784FAF2387F2028217CF16B47693BE71A94A31D04FEC270C62AA77F5607A856310D3163700B9358E90F7D346FCC65CFCEB261A852FC730CFC5512A46C99D7521B0CEB0A7AB836EB90C4968390E70FBE66142A024A56DCD1FF2C37F69104A76D9C65E8C995026485C84E02B717CB69E1DEE79A5B7163A85418804D4732B853988DC447F077EDBE26ADDD2D6491B936C16D6FDA0CBE8C32A9E47A43291E06605D7327A003427FA57088F709FEA77EF306CA4BFEF54BDAEDF7E4F54FF66DB4CD09C36F722294E15B4466C6626B87D934840432CEAB2D0F2D5CD256D16454ADD9ACD51EA2376FD7ABDAC2DC20C1CE4FC529377AACD629FFED22A89B2F4422D24E82882AF7AA2C1A16BB81C3838A8D3EB3E18BBEF18D60DC1B234AC6A358521720470391E8CFDF41099A29F798B6EC70E827139413E513DA51D7708F4957B91AC64EBB6FD47BCACAF081BD0D876AEEB0C3A09A3ED5BA4F85EBBC8F97F88B9899F77E1B84AD58BCEBFBA8B236534DAF1C60FCFEF16CB364963AB371E91C1C08792FDC29952F8500
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 11 May 2015 01:22:39 GMT
Content-Type: text/plain
Transfer-Encoding: chunked
Connection: keep-alive7..MAXTHX...0..HTTP/1.1 200 OK..Server: nginx..Date: Mon, 11 May 2015
01:22:39 GMT..Content-Type: text/plain..Transfer-Encoding: chunked..Co
nnection: keep-alive..7..MAXTHX...0..
GET /maxpower-static/templates/2014/11/71be70f4-73cf-11e4-b71d-06a3579b0dab/css/style.css HTTP/1.1
Accept: */*
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: api.getinstallfile.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 11 May 2015 01:21:50 GMT
Content-Type: text/css
Content-Length: 19034
Last-Modified: Tue, 03 Mar 2015 18:13:58 GMT
Connection: keep-alive
ETag: "54f5f9e6-4a5a"
Accept-Ranges: bytes/* Template Template Videoupdater */...article,aside,details,figcaptio
n,figure,.footer,header,hgroup,menu,nav,section {..display:block;.}.p,
h5, h4, h3, h2, h1, span, ul, li, form, input, textarea {..margin:0;.
.padding:0;.}.body {..margin:0 auto;..background-color:#323333;..width
: 555px;..height: 458px;..color:#b5b5b5;..font-family:Arial, Helvetica
, sans-serif;..scrollbar-face-color: #666666;..scrollbar-highlight-col
or: #999999;..scrollbar-3dlight-color: #333333;..scrollbar-shadow-colo
r: #333333;..scrollbar-darkshadow-color: #333333;..scrollbar-arrow-col
or: #CCCCCC;..scrollbar-track-color: #333333;.}...videupdater a, .vide
updater span {..color:#b5b5b5;.}...clear {..clear:both;..height:0px;..
overflow:inherit;..display: none;.}..li {..list-style: none;.}./******
***************//*********************//*********************//*******
**************//********./* estilo para poner los botones del box.html
todos en display none */.._Bnext, .._Bexit, .._Bdecline, .._Bomit {..
/*display:none;*/.}./*************************************************
*/..container {..float:left;..width:555px;..height: 458px;..background
-color:#323333;..margin: 0 auto;.}../*****************Template Win_Lin
k*****************/......minimize {..float: right;..width: 45px;..posi
tion: relative;..margin-right: -45px;..right: 45px;..margin-top: 12px;
..z-index: 9999;.}....minimize ul li {..display: inline;..float: left;
.}...minimize li {....float: left;..} ....minimize .button-min {..col
or: #636363;..text-decoration: none;..border: none;..font-size: 17<<< skipped >>>
GET /__maxpower__/render_screen/2014/11/8b9c3fb4-73d0-11e4-925e-06a3579b0dab/screen_variation=videoUpdater HTTP/1.1
Accept: */*
Proxy-Authorization: Basic
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.153 Safari/537.36
Host: api.getinstallfile.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 11 May 2015 01:21:51 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 961
Connection: keep-alive
Vary: Accept-Language
Content-Language: en
Accept-Ranges: bytes..<!--Intall Videoupdater-->..<div class="install">.. &
lt;h1>Installation Progress</h1>. . <p>This Downl
oad Manager will minimize to your system tray shortly to allow you to
work on other items while your selections install. To restore this win
dow, simply click on the icon in your system tray.</p>. .
<div class="install-loading">. </div>. <div cla
ss="progress-bar">. <div class="_TotalProgressLevel progr
ess-level" ></div> . </div>....<div cl
ass="clear" style="height:10px; display:block;"></div>. &
lt;div class="_ProgressInstallingText" style="display:none; text-align
: center; margin-left: 45px; width: 422px;"><p>Installing ...
</p></div>. . <div class="_ProgressText" style="d
isplay:none; margin-left: 33px;">. <p>Process: <sp
an class="_ProgressTextDownloaded"></span> of <span
class="_ProgressTextTotal"></span> (<span class="_Progress
TextPercentage"></span> %)</p>. </div>.. .
.</div>.....
GET /maxpower-static/templates/2014/11/71be70f4-73cf-11e4-b71d-06a3579b0dab/css/images/loading-install.gif HTTP/1.1
Accept: */*
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: api.getinstallfile.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 11 May 2015 01:21:51 GMT
Content-Type: image/gif
Content-Length: 7928
Last-Modified: Fri, 27 Feb 2015 14:06:59 GMT
Connection: keep-alive
ETag: "54f07a03-1ef8"
Accept-Ranges: bytesGIF89a..........DCD...:::.........qqq............555...zzziii}}}......
.........aaaQQQeee...%%%.........VVV...lll...............,,,...YYY...)
))...uuuJJJNNN!"!...]]]...101.................................\[\.....
....#$#KLK.../0/KKK[\[`_`...GGG'''...???............///......ccc...sss
ddd```...###.........SSS...777...VVV...888...xxx...............{|{{{{g
hg............kmk444XXX......OOOWWW...222...333!..NETSCAPE2.0.....!..X
MP DataXMP<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?>
<x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.3-c01
1 66.145661, 2012/02/06-14:56:27 "> <rdf:RDF xmlns:rdf="h
ttp://VVV.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rd
f:about="" xmlns:xmp="hXXp://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http:
//ns.adobe.com/xap/1.0/mm/" xmlns:stRef="hXXp://ns.adobe.com/xap/1.0/s
Type/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CS6 (Macintosh)" x
mpMM:InstanceID="xmp.iid:C7B15D6E6C0511E4901AB7B77D879212" xmpMM:Docum
entID="xmp.did:C7B15D6F6C0511E4901AB7B77D879212"> <xmpMM:Derived
From stRef:instanceID="xmp.iid:C7B15D6C6C0511E4901AB7B77D879212" stRef
:documentID="xmp.did:C7B15D6D6C0511E4901AB7B77D879212"/> </rdf:D
escription> </rdf:RDF> </x:xmpmeta> <?xpacket end="r
"?>................................................................
..................................................................~}|{
zyxwvutsrqponmlkjihgfedcba`_^]\[ZYXWVUTSRQPONMLKJIHGFEDCBA@?>=<;
:9876543210/.-, *)('&%$#"! .................................!.....<<< skipped >>>
GET /maxpower-static/templates/2014/11/71be70f4-73cf-11e4-b71d-06a3579b0dab/css/images/loadingBar.gif HTTP/1.1
Accept: */*
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: api.getinstallfile.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 11 May 2015 01:21:51 GMT
Content-Type: image/gif
Content-Length: 77170
Last-Modified: Fri, 27 Feb 2015 14:07:01 GMT
Connection: keep-alive
ETag: "54f07a05-12d72"
Accept-Ranges: bytesGIF89a|..............................c........"..y..4.....H.....i.....
/..1..2.....M.....W...........v...........-..u........0..1.. ..... ...
.....*.....!.....*.....,..{........z..s.....5........&.."..(..(..,..2.
.4..8..).. ..u..... ..$.....z..m...........*......../..*.....,........
...4..".....%..'.. ..............%........(../..............!.........
.....8.....&..3.....)..... ../........%..4.....!..NETSCAPE2.0.....!..X
MP DataXMP<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?>
<x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.3-c01
1 66.145661, 2012/02/06-14:56:27 "> <rdf:RDF xmlns:rdf="h
ttp://VVV.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rd
f:about="" xmlns:xmp="hXXp://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http:
//ns.adobe.com/xap/1.0/mm/" xmlns:stRef="hXXp://ns.adobe.com/xap/1.0/s
Type/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CS6 (Macintosh)" x
mpMM:InstanceID="xmp.iid:C7B15D6A6C0511E4901AB7B77D879212" xmpMM:Docum
entID="xmp.did:C7B15D6B6C0511E4901AB7B77D879212"> <xmpMM:Derived
From stRef:instanceID="xmp.iid:C7B15D686C0511E4901AB7B77D879212" stRef
:documentID="xmp.did:C7B15D696C0511E4901AB7B77D879212"/> </rdf:D
escription> </rdf:RDF> </x:xmpmeta> <?xpacket end="r
"?>................................................................
..................................................................~}|{
zyxwvutsrqponmlkjihgfedcba`_^]\[ZYXWVUTSRQPONMLKJIHGFEDCBA@?>=<;
:9876543210/.-, *)('&%$#"! .................................!.....<<< skipped >>>
GET /__maxpower__/render_screen/2014/11/a888aa68-73d0-11e4-b71d-06a3579b0dab/screen_variation=videoUpdater HTTP/1.1
Accept: */*
Proxy-Authorization: Basic
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.153 Safari/537.36
Host: api.getinstallfile.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 11 May 2015 01:22:09 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 814
Connection: keep-alive
Vary: Accept-Language
Content-Language: en
Accept-Ranges: bytes.<!--finish Videoupdater-->....<div class="finish">..<h
1>........Setup Wizard.......</h1>..<p style="margin-top:
15px; font-size: 13px;">You have succesfully installed the software
below and they are ready to be used:</p>....<div class="item
s">...<ul>....<li class="check">%mapp%</li>......
</ul>..</div>....<div class="clear"></div>....
<p>Recommended offers:</p>......<div class="list-toolba
rs" id="alloffers">....<ul class="_FinishOffers">....</ul&
gt;...</div>....<!--...<div class="banner">......<if
rame src="hXXp://n149adserv.com/ads?key=09879bcf6e631312a2c4d02d9cae27
2f&width=300&height=250" frameborder='0' scrolling='no' width='300' he
ight='250'></iframe>...</div> ..-->.........<inpu
t id="_Bexit" class="_Bexit close absol" tabindex="2" type="submit" na
me="nombre" onclick='onExit()' value="Close">....</div>..nt>....
GET /BesH3gE9/pop-up/ HTTP/1.1
Accept: */*
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: VVV.getinstallfile.com
Connection: Keep-Alive
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Mon, 11 May 2015 01:21:54 GMT
Content-Type: text/html
Content-Length: 178
Connection: keep-alive
Location: hXXp://n149adserv.com/ads?key=5d7c4c519bcd79cc1dca058af3cfebbc&width=0&height=0<html>..<head><title>301 Moved Permanently</title
></head>..<body bgcolor="white">..<center><h1&
gt;301 Moved Permanently</h1></center>..<hr><cent
er>nginx</center>..</body>..</html>..HTTP/1.1 301
Moved Permanently..Server: nginx..Date: Mon, 11 May 2015 01:21:54 GMT
..Content-Type: text/html..Content-Length: 178..Connection: keep-alive
..Location: hXXp://n149adserv.com/ads?key=5d7c4c519bcd79cc1dca058af3cf
ebbc&width=0&height=0..<html>..<head><title>301 Move
d Permanently</title></head>..<body bgcolor="white">
..<center><h1>301 Moved Permanently</h1></center&
gt;..<hr><center>nginx</center>..</body>..<
/html>....
GET /sdb/e0/WebBrowser.xml?46429484-969b-4abe-8755-abd87ef536b6 HTTP/1.1
Host: staticrr.mixvideoplayer.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 11 May 2015 01:22:46 GMT
Content-Type: text/xml
Content-Length: 4212
Last-Modified: Thu, 30 Apr 2015 13:10:12 GMT
Connection: keep-alive
ETag: "554229b4-1074"
Accept-Ranges: bytes<Popup>..<Version>1.0.0.10</Version>. <Enabled
>true</Enabled>..<Size height="768" width="1000"/>.
<FrecuencyPerHour>3</FrecuencyPerHour>. <MaxWindows&
gt;4</MaxWindows>. <LaunchDate>07/01/2015</LaunchDat
e>. <Url container="popup">hXXp://VVV.wbredirect.com</U
rl>..<UrlNotAllowedCountries countries="AE,IR,IL,EG,CN,BA,RS,TH,
IN,CZ,ID,VN,PH,PK" container="popup">hXXp://network.adsmarket.com/c
lick/jGJunWecqZmOZnCXYcp6w4iQa5xgn36bi2SYm2Gif5mJkGqXXpt-lbdia5hhn3qX&
lt;/UrlNotAllowedCountries>. <UrlByRegister>...<Url con
tainer="browser" key="HKLM\SOFTWARE" priority="5"><![CDATA[http:
//n149adserv.com/ads?key=8a35d9a5b93c671dcef88419ab81871b&width=0&heig
ht=0]]></Url>...<Url container="browser" key="HKLM\SOFTWAR
E\Microsoft\Windows\CurrentVersion\Uninstall\TeamSpeak 3 Client" prior
ity="5"><![CDATA[hXXp://n149adserv.com/ads?key=0d8448124f556ffce
ee148f60ea374f6&width=0&height=0]]></Url>...<Url container
="browser" key="HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninsta
ll\RaidCall" priority="5"><![CDATA[hXXp://n149adserv.com/ads?key
=0d8448124f556ffceee148f60ea374f6&width=0&height=0]]></Url>..
.<Url container="browser" key="HKLM\SOFTWARE\Microsoft\Windows\Curr
entVersion\Uninstall\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}" priority=
"5"><![CDATA[hXXp://n149adserv.com/ads?key=0d8448124f556ffceee14
8f60ea374f6&width=0&height=0]]></Url>...<Url container<<< skipped >>>
GET /84/MixVideoPlayerSetup.exe HTTP/1.1
Accept: */*
Proxy-Authorization: Basic
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.153 Safari/537.36
Host: static.getinstallfile.com
Connection: Keep-Alive
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 11 May 2015 01:21:55 GMT
Content-Type: application/octet-stream
Content-Length: 13652608
Connection: keep-alive
Last-Modified: Wed, 06 May 2015 08:54:13 GMT
ETag: "5549d6b5-d05280"
Accept-Ranges: bytesMZ......................@.............................................
..!..L.!This program cannot be run in DOS mode....$.......1..:u..iu..i
u..i...iw..iu..i...i...id..i!..i...i...it..iRichu..i..................
......PE..L......K.................^..........^2.......p....@.........
.................@...............................................t....
......................................................................
.............p...............................text....].......^........
.......... ..`.rdata.......p.......b..............@..@.data....\......
.....v..............@....ndata...................................rsrc.
...............z..............@..@....................................
......................................................................
......................................................................
......................................................................
......................................................................
............................................U....\.}..t .}.F.E.u..H...
...B..H.P.u..u..u...Hr@..B...SV.5..B..E.WP.u...Lr@..e...E..E.P.u...Pr@
..}..e....Dp@........FR..VV..U... M.......M....3.....FQ.....NU..M.....
.....VT..U.....FP..E...............E.P.M...Hp@..E...E.P.E.P.u...Tr@..u
....E..9}...w....~X.te.v4..Lp@....E.tU.}.j.W.E......E.......Pp@..vXW..
Tp@..u..5Xp@.W...E..E.h ...Pj.h..B.W..Xr@..u.W...u....E.P.u...\r@._^3.
[.....L$....B...Si.....VW.T.....tO.q.3.;5..B.sB..i......D.......t.G...
..t...O..t .....u...3....3...F.....;5..B.r._^[...U..QQ.U.SV..i....<<< skipped >>>
HEAD /84/MixVideoPlayerSetup.exe HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.153 Safari/537.36
Host: static.getinstallfile.com
Content-Length: 0
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 11 May 2015 01:21:54 GMT
Content-Type: application/octet-stream
Content-Length: 13652608
Connection: keep-alive
Last-Modified: Wed, 06 May 2015 08:54:13 GMT
ETag: "5549d6b5-d05280"
Accept-Ranges: bytes
GET /click/jGJunWecqZmOZnCXYcp6w4iQa5leonuXiWaYm2SifJuNkGqYX6SDmbdiaZxenX-Z?dp=NTN8NDM3fFVBfDF8MXx8|0612006bafc3521e68edbb931e5ac369-17-48 HTTP/1.1
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/x-ms-application, application/x-ms-xbap, application/vnd.ms-xpsdocument, application/xaml xml, */*
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: network.adsmarket.com
Connection: Keep-Alive
HTTP/1.1 302 Moved Temporarily
Server: nginx/1.6.2
Date: Mon, 11 May 2015 01:21:56 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/5.4.38
Set-Cookie: ce-visitor-iWRqnmeg=imGQzYXle6WZiK3Spqx-uoh4oNBn4XvdqnSpuGLgu8Y; expires=Thu, 25-Jun-2015 01:21:56 GMT; path=/; domain=network.adsmarket.com
Set-Cookie: ce-click-iWRxnmCbepe3Z2uZYqSAnIpq=iWRxnmCbepe3Z2uZYqSAnIpq; expires=Mon, 11-May-2015 01:21:56 GMT; path=/; domain=network.adsmarket.com
Location: hXXp://ads.thrillreel.com/movie_player/index?sub=415891&ref=112315&s2stoken=20WhWz1AAWtmxA4V0Ggk9v1yRCpS4uqb&p1=1319950..HTTP/1.1 302 Moved Temporarily..Server: nginx/1.6.2..Date: Mon, 11
May 2015 01:21:56 GMT..Content-Type: text/html..Transfer-Encoding: chu
nked..Connection: keep-alive..X-Powered-By: PHP/5.4.38..Set-Cookie: ce
-visitor-iWRqnmeg=imGQzYXle6WZiK3Spqx-uoh4oNBn4XvdqnSpuGLgu8Y; expires
=Thu, 25-Jun-2015 01:21:56 GMT; path=/; domain=network.adsmarket.com..
Set-Cookie: ce-click-iWRxnmCbepe3Z2uZYqSAnIpq=iWRxnmCbepe3Z2uZYqSAnIpq
; expires=Mon, 11-May-2015 01:21:56 GMT; path=/; domain=network.adsmar
ket.com..Location: hXXp://ads.thrillreel.com/movie_player/index?sub=41
5891&ref=112315&s2stoken=20WhWz1AAWtmxA4V0Ggk9v1yRCpS4uqb&p1=131995..0
..
GET /sdb/1d/MixVideoPlayerUpdate.xml?4011959b-04e6-4042-954f-6c6c53c9b32c HTTP/1.1
Host: staticrr.mixvideoplayer.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 11 May 2015 01:22:49 GMT
Content-Type: text/xml
Content-Length: 667
Last-Modified: Thu, 07 May 2015 08:06:46 GMT
Connection: keep-alive
ETag: "554b1d16-29b"
Accept-Ranges: bytes<?xml version="1.0" encoding="UTF-8"?>..<LastVersion>...&l
t;url>hXXp://staticrr.mixvideoplayer.com/sdb/84/MixVideoPlayerSetup
.exe</url>...<version>1.0.0.16</version>...<Track
Activity>true</TrackActivity>...<TrackErrors>true</T
rackErrors>...<vast active="true">....<adnum>3</adnu
m>....<adurl countries="US,RU,BR,MX,DE,FR,IN,GB,ES,TR,AR,IT,IL,J
P,CA,IR,AU,NL,ID,CO,PK">.....<![CDATA[hXXp://ads.adaptv.advertis
ing.com/a/h/fUUYX443fr3iHLf1b0DAy3MvZmqN m4YhR8Ql84ugxaUwnVer0nkAl4RaF
w4ippAh4iKfLnbLyk=?cb=[CACHE_BREAKER]&pageUrl=apps://mixvideopla
yer.com&eov=eov]]>....</adurl>...</vast>...<Collecto
rLTV>collector-pre.ltv-analytics.com:8080</CollectorLTV>..<
;/LastVersion>HTTP/1.1 200 OK..Server: nginx..Date: Mon, 11 May 201
5 01:22:49 GMT..Content-Type: text/xml..Content-Length: 667..Last-Modi
fied: Thu, 07 May 2015 08:06:46 GMT..Connection: keep-alive..ETag: "55
4b1d16-29b"..Accept-Ranges: bytes..<?xml version="1.0" encoding="UT
F-8"?>..<LastVersion>...<url>hXXp://staticrr.mixvideopl
ayer.com/sdb/84/MixVideoPlayerSetup.exe</url>...<version>1
.0.0.16</version>...<TrackActivity>true</TrackActivity&
gt;...<TrackErrors>true</TrackErrors>...<vast active="t
rue">....<adnum>3</adnum>....<adurl countries="US,RU
,BR,MX,DE,FR,IN,GB,ES,TR,AR,IT,IL,JP,CA,IR,AU,NL,ID,CO,PK">.....<
;![CDATA[hXXp://ads.adaptv.advertising.com/a/h/fUUYX443fr3iHLf1b0D<<< skipped >>>
GET /5249df9fc7494aef4b71f2edd1cf19f66107cf9d98819c52ddf9e0d290e69663d036c8757b96bdb04e774cd3cac89476d5229dde10e35ad74ed69a98ca081a18f90c7eeb869aa97c981c99bffc2b16807e2387a88a501692 HTTP/1.1
Accept: */*
Proxy-Authorization: Basic
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.153 Safari/537.36
Host: api.getinstallfile.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 11 May 2015 01:21:48 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-aliveeec..4cded6c9d2b323d6799ac96a551682f7e19e1b0e018f3e346b49887ce38892d95
9ba2f2380118057312f9c6f883446afe675eb1278d2acd2ff30c002bd904b2f2c740f7
b86ff4475da69bed07d357f02d311f22b763abc5d8ef7f41ba7f81360b34b9ce43342b
ac9d736cc6055236db6fa6981ebe5550d5eae0d160c1b990e91eeced6bac2d1b302acc
944817ed0fc2c415bf5a5cf0087c9876833298b85021fb6f658d19dd9594e090b74e69
b58a1710b34e5c643ea2d1483e0ce460b358590877618af5c1ddf6ffd32e3cbfcb162c
2d2eb79fc8ebf20392bbfee5efd5fe4f0238603e792ee093474d2b1e9dba1a50a2d469
06fdb7f27dcba763999cb89f3a8d6c7d670408f4919fd83778f0bc2ed11b9e43345ff9
5b19a264c82b3c778d16ba8c1d863410bf30c4b2b21509b2a372534c9cae1f4005f147
af6292d444ba7e33f5b616fb1944965b8f4e61115c112aa1bdb806a7ca17f50addfa7a
cf961f44a19de34d0bf0196b69ebe96672032d8341d4e548b90be85e1a97a0acb37510
0f8a2472a0c962a8a6785744b293ae5f27d92064429b13e73dc2c8de5f840d5fdfe60e
f3197789deb3443f2f0e124a42450f16725717d6f1a9a916592788f6af95bebf53eac8
612f565920192ac6a497a97324a2065a95cfc75c49dbbb8a2df33027d5e7d5882c85b0
65001159d6829d87d70f042ba97f4e17f8e9631cab5081869b739c33a26d8c1788eac8
b05e860ab87b638790230e94b8b3a787b125caa8ff8ca5180cb5eb73ac9348a6f7f9aa
5c8841db2ff26b8f0b359cfca8ef609c85302169e9cf5f97c96b31244943cb93227db0
af7ccde48c3b3ee3bf0d9d32d2eab0bd5b0ab65bf8ac9f60b34f577cd062c2dcaa14d5
ec83256e4ff6c379f8d899dfccaaa68b2f3ba8f760b68964ad835cf0246e111520e887
9fa58ef7d361c55c5e7309b0c81fa2f31a10d314bbc2c00567b7a58726f81894e9e3ed
e2e61891ac62c798920371a14e4f6082afb2dabbbf1d0a297ddf2a8067db47728bc273
de22891d4465cee32429bb0491e20b208e55844b98b496a0f09df6bab4a6d2356a<<< skipped >>>
POST /c7c1988b7f9dd36999a06b6223acf7cbef06e652b39ddf9d51228edb64fa54f1ca2f96cc34437a2b66fff2c56e3c8c852c7a2d88351fd3c5 HTTP/1.1
User-Agent: dBrowser 1 CallGetResponse:1
Host: api.getinstallfile.com
Content-Length: 2790
Cache-Control: no-cache
cdata=86394263D6DED7AD3ED013DFEF7E64F6C29F5997166EF97A418F915F82A9AD7FC77F5FC74ED02F99799278738B97993DFA484DED0643C147AF1F76E6047AAC12B04F4D1B9014C49B2B9206253F7B816F613C3C2381141BF9CF3270815E833E217C84153888AF84AD3B25072B7234318ADB6B796AA64B779F2A2FFAABF95EFDC11241AEEFDE629155B76CCA2A4F117755C06DE1498E9C37CD98B521F0FD403F13CB01AF0E4FBF71138F6A88730187FF335D1D49628715144B0C70D3E9EFE7F238A0BD4DC3850AA17491D1411F679F649D153C8BB58D807D75C71D684597E3C53158883877E2B2DF5F9835210215BF8B4E424D54C9DC1B0382804C82DF6DE430D6286F4EC32EFA9C0879E0B5195F873EC93EFD9028384F794BA8001AAD0EFD2F57163951F48C0543140FA71C2CC25B1E684F083496E91153CD0189459D14D516740D975556EED463D549149C64F7817B04107DF3BD3AADB9D05FF4CA61C16FFA52B0B03FC804758BA2BBFE11F6894C15F67736AE213BCEFDF4413BB9970F70654B7C300116460FAB905A38A5DA3C219D77E5831422B475F8B98F771450C586E4A9BF2851B44E0BED68A01EE12CE1D44CBD724C47303C35C3426D1B5B1BD90B4F9DB58CC557F5078AF765702BCCB0DDECD6C7E1F4901B53469771B3828BFDD53D9E9E6549775D3BBDFFFDDC6FCCF99C9B4489A448E9C6E99857BAFAFD699939F4CD9660281AF7D5CFB0FF961426C203A9802FD212D5C5BB9CA3ABCDB3D1C9639C481364F4CB8DD707231B1DC762E1A76D261AFE776B8ABD39EB697A864B9E5AD642DB593C362C13EC78040D1BFF7B90CB228BEBDF01E1BE1A205681870D6CE7F200873F4AA7226424BC6E8BD38FA47FCFA97024BAE9956288AAAE1E629A9AC5FDF2
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 11 May 2015 01:21:50 GMT
Content-Type: text/plain
Transfer-Encoding: chunked
Connection: keep-alive7..MAXTHX...0......
GET /__maxpower__/render_template/2014/11/71be70f4-73cf-11e4-b71d-06a3579b0dab?language_code=en HTTP/1.1
Accept: */*
Proxy-Authorization: Basic
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.153 Safari/537.36
Host: api.getinstallfile.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 11 May 2015 01:21:50 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 2387
Connection: keep-alive
Vary: Accept-Language
Content-Language: en
Accept-Ranges: bytes..<!--Template VideoUpdater-->..<div class="container">.&l
t;div class="videupdater">. <div class="minimize">. <ul&g
t;. <li><span onclick="minimizeWindow();" class="button-mi
n">-</span></li>. <li><span id="_Bexit" onc
lick="onExit()" class="button-min">x</span></li>. <
/ul>.</div>..<div id="_frameContainer" class="content">
.. ..</div>...<!-- buttons -->.<div class="buttons">
;.. <!--botones derecha -->. . <input id="_Bnext" class="_
Bnext grey right" buttonText="Next" tabindex="0" type="submit" value="
Next »" onclick='onAccept();'>. .. <!--botones izquierda
-->.. . <input id="_Bomit" class="_Bomit normal-close leftnow
idth" tabindex="3" type="submit" name="nombre" value="Skip All" onclic
k='onOmit();'>. . . <input id="_Bdecline" class="_Bdecline no
rmal-close leftnowidth" tabindex="1" type="submit" name="nombre" valu
e="Decline" onclick='onDecline();'>. .. <div class="clear">
;</div>.</div>.. ..<div class="contact">. <div
class="contact-in" style="height: 20px;">.. <ul>. <
;li><a target='_blank' class="first _TitPrivacy">Privacy Poli
cy</a></li>. <li><a target='_blank' class="_
TitSetup">Setup info</a></li>. <li><a tar
get='_blank' class="_TitFree">Why is this free?</a></li>
;. <li><a target='_blank' class="_TitHelp">Help&l<<< skipped >>>
GET /maxpower-static/apps/34/68794/css/style.css HTTP/1.1
Accept: */*
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: api.getinstallfile.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 11 May 2015 01:21:51 GMT
Content-Type: text/css
Content-Length: 114
Last-Modified: Mon, 16 Mar 2015 11:21:34 GMT
Connection: keep-alive
ETag: "5506bcbe-72"
Accept-Ranges: bytes/* mapp MixVideoPlayer */....welcome ul {...width:210px;..float: left
; ..}...welcome ul li {..margin-top: 10px;.}HTTP/1.1 200 OK..Server: n
ginx..Date: Mon, 11 May 2015 01:21:51 GMT..Content-Type: text/css..Con
tent-Length: 114..Last-Modified: Mon, 16 Mar 2015 11:21:34 GMT..Connec
tion: keep-alive..ETag: "5506bcbe-72"..Accept-Ranges: bytes../* mapp M
ixVideoPlayer */....welcome ul {...width:210px;..float: left; ..}...w
elcome ul li {..margin-top: 10px;.}....
GET /maxpower-static/templates/2014/11/71be70f4-73cf-11e4-b71d-06a3579b0dab/css/images/i-download.png HTTP/1.1
Accept: */*
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: api.getinstallfile.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 11 May 2015 01:21:51 GMT
Content-Type: image/png
Content-Length: 1433
Last-Modified: Fri, 27 Feb 2015 14:06:57 GMT
Connection: keep-alive
ETag: "54f07a01-599"
Accept-Ranges: bytes.PNG........IHDR...*...*.....J.^.....tEXtSoftware.Adobe ImageReadyq.e&
lt;...$iTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCe
hiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk=
"Adobe XMP Core 5.3-c011 66.145661, 2012/02/06-14:56:27 "> &
lt;rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#">
<rdf:Description rdf:about="" xmlns:xmp="hXXp://ns.adobe.com/xap/1
.0/" xmlns:xmpMM="hXXp://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http:/
/ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photo
shop CS6 (Macintosh)" xmpMM:InstanceID="xmp.iid:24FEED836BEF11E4901AB7
B77D879212" xmpMM:DocumentID="xmp.did:24FEED846BEF11E4901AB7B77D879212
"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:24FEED816BEF11E4
901AB7B77D879212" stRef:documentID="xmp.did:24FEED826BEF11E4901AB7B77D
879212"/> </rdf:Description> </rdf:RDF> </x:xmpmeta&
gt; <?xpacket end="r"?>lW1.....IDATx.b|...0p..?.@....l...#...k..
...!..T?.&..}_......{....`..?....{..z...'..a..C*....'V.....&VV"M...eWT
...{..X...b..\\.M.LHP.:..0.v..9..?.>.W.......ax....X...MM.........~
.xA.d....".nTT............/w..c,...!.....\T..;w.Z.......D.K......O....
G.......E..$X.D...9..../......K..$...JD.CF_............>.......Lc.f
.U.$.7.NqJK...".....|}.<|H.Qd.z...xTU.ll@I....II..^.T.......d.....9
8.>..w RNK.*....C.._.<..q.....mX.)...?..D.l!.{<...7o......\..
......W.....^.|,?..v.;p.B..B..r..d.~B.........X%....b-<..c {9.Im.O.
.........Z?l...v\. ...F.0_B.5....IEND.B`.....<<< skipped >>>
GET /maxpower-static/templates/2014/11/71be70f4-73cf-11e4-b71d-06a3579b0dab/css/images/progress-bar.png HTTP/1.1
Accept: */*
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: api.getinstallfile.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 11 May 2015 01:21:51 GMT
Content-Type: image/png
Content-Length: 1392
Last-Modified: Fri, 27 Feb 2015 14:07:04 GMT
Connection: keep-alive
ETag: "54f07a08-570"
Accept-Ranges: bytes.PNG........IHDR...|.........L.......tEXtSoftware.Adobe ImageReadyq.e&
lt;...$iTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCe
hiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk=
"Adobe XMP Core 5.3-c011 66.145661, 2012/02/06-14:56:27 "> &
lt;rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#">
<rdf:Description rdf:about="" xmlns:xmp="hXXp://ns.adobe.com/xap/1
.0/" xmlns:xmpMM="hXXp://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http:/
/ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photo
shop CS6 (Macintosh)" xmpMM:InstanceID="xmp.iid:15582AE06BF411E4901AB7
B77D879212" xmpMM:DocumentID="xmp.did:15582AE16BF411E4901AB7B77D879212
"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:24FEED896BEF11E4
901AB7B77D879212" stRef:documentID="xmp.did:24FEED8A6BEF11E4901AB7B77D
879212"/> </rdf:Description> </rdf:RDF> </x:xmpmeta&
gt; <?xpacket end="r"?>B.......IDATx...=..@.Ea~:52u.....,.g...e.
.<..l..F...|.E.....G....n..g......V..v.^.C..?... .........k..Bc.Y.V
....._....E.(...T.eR...`yn..i.{t...-{tB..{\5......y..s..4kyn<=\5.KV
:......u..l..QK.)z.n.........c......\....N.=EG..w..^.Xh......~....w...
>..S.dy.H.$5.@.^o..........t...5.N|...>....3..H.....(.3..`Ft....
......y..~8^...1OC..x....it&W@it..."..=^MV..WA.$.....W...D6.....v.y...
....Pis..2.W:..^..........-.lx>P......3$CR...}.<..5*......f,vl]c
.i...k...xN.|>o6......P......z..p8..cv.....o.....&..m.c....IEND.B`.
....<<< skipped >>>
POST /3ae380b8c132195482a6661a7e7e28c2b1928bfbfed27b15e7ce686ae859a366f1d14636fe1f8ce62dceafe24a6eb572c02b22ce76332b30 HTTP/1.1
User-Agent: dBrowser 2 CallGetResponse:2
Host: api.getinstallfile.com
Content-Length: 4166
Cache-Control: no-cache
cdata=86394263D6DED7AD3ED013DFEF7E64F6FD7F7EB6471F6E1008FAF67D6BFDB01B26EAAA801BC7C09F4151D3761C9F974F6921D434084F69EB0E2262EC981EFAF4B71B6DE53AB1621839F9301B469E85E3DEEA269604ED17849843D57DA5D052460EA403F0E2730A705291EE1BB655062579317F3835A3F1C8D611E8D59DE4E29330C729C3611175A91D6C4B2CA57BF51B8A93E962C0C6C7C6FD68E8538140D7179A18D7BCE232EF1C1C0A61A0FC128EFA35879CE800C42FE7ED6DD7260C2A734FD494B2C250259201C61772E42F1834C5441D06379FFA40F46894C31933E48BDA957A476C0D2DA52AB22D25163CA51C0265C33430C2CCDC2445DB733784FAF2387F2028217CF16B47693BE71A94A31D04FEC270C62AA77F5607A856310D3163700B9358E90F7D346FCC65CFCEB261A852FC730CFC5512A46C99D7521B0CEB0A7AB836EB90C4968390E70FBE66142A024A56DCD1FF2C37F69104A76D9C65E8C995026485C84E02B717CB69E1DEE79A5B7163A85418804D4732B853988DC447F077EDBE26ADDD2D6491B936C16D6FDA0CBE8C32A9E47A43291E06605D7327A003427FA57088F709FEA77EF306CA4BFEF54BDAEDF7E4F54FF66DB4CD09C36F722294E15B4466C6626B87D934840432CEAB2D0F2D5CD256D16454ADD9ACD51EA2376FD7ABDAC2DC20C1CE4FC529377AACD629FFED22A89B2F4422D24E82882AF7AA2C1A16BB81C3838A8D3EB3E18BBEF18D60DC1B234AC6A358521720470391E8CFDF41099A29F798B6EC70E827139413E513DA51D7708F4957B91AC64EBB6FD47BCACAF081BD0D876AEEB0C3A09A3ED5BA4F85EBBC8F97F88B9899F77E1B84AD58BCEBFBA8B236534DAF1C60FCFEF16CB364963AB371E91C1C08792FDC29952F8500
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 11 May 2015 01:22:09 GMT
Content-Type: text/plain
Transfer-Encoding: chunked
Connection: keep-alive7..MAXTHX...0..HTTP/1.1 200 OK..Server: nginx..Date: Mon, 11 May 2015
01:22:09 GMT..Content-Type: text/plain..Transfer-Encoding: chunked..Co
nnection: keep-alive..7..MAXTHX...0......
GET /ltv/install/?idapp=23&action=install&mac=000C290DDD4A&country=US HTTP/1.1
Host: ltv-pre.tguhost.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Server: nginx
Content-Type: xml
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/5.3.10-1ubuntu3.7
Cache-Control: no-cache
Date: Mon, 11 May 2015 01:22:36 GMT39..<?xml version="1.0" encoding="utf-8"?>.<result>1</r
esult>..0..HTTP/1.1 200 OK..Server: nginx..Content-Type: xml..Trans
fer-Encoding: chunked..Connection: keep-alive..X-Powered-By: PHP/5.3.1
0-1ubuntu3.7..Cache-Control: no-cache..Date: Mon, 11 May 2015 01:22:36
GMT..39..<?xml version="1.0" encoding="utf-8"?>.<result>1
</result>..0..
GET /sdb/1d/MixVideoPlayerUpdate.xml?915c0ea7-c8b6-41a0-814d-86fdcbaae7b2 HTTP/1.1
Host: staticrr.mixvideoplayer.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 11 May 2015 01:22:39 GMT
Content-Type: text/xml
Content-Length: 667
Last-Modified: Thu, 07 May 2015 08:06:46 GMT
Connection: keep-alive
ETag: "554b1d16-29b"
Accept-Ranges: bytes<?xml version="1.0" encoding="UTF-8"?>..<LastVersion>...&l
t;url>hXXp://staticrr.mixvideoplayer.com/sdb/84/MixVideoPlayerSetup
.exe</url>...<version>1.0.0.16</version>...<Track
Activity>true</TrackActivity>...<TrackErrors>true</T
rackErrors>...<vast active="true">....<adnum>3</adnu
m>....<adurl countries="US,RU,BR,MX,DE,FR,IN,GB,ES,TR,AR,IT,IL,J
P,CA,IR,AU,NL,ID,CO,PK">.....<![CDATA[hXXp://ads.adaptv.advertis
ing.com/a/h/fUUYX443fr3iHLf1b0DAy3MvZmqN m4YhR8Ql84ugxaUwnVer0nkAl4RaF
w4ippAh4iKfLnbLyk=?cb=[CACHE_BREAKER]&pageUrl=apps://mixvideopla
yer.com&eov=eov]]>....</adurl>...</vast>...<Collecto
rLTV>collector-pre.ltv-analytics.com:8080</CollectorLTV>..<
;/LastVersion>HTTP/1.1 200 OK..Server: nginx..Date: Mon, 11 May 201
5 01:22:39 GMT..Content-Type: text/xml..Content-Length: 667..Last-Modi
fied: Thu, 07 May 2015 08:06:46 GMT..Connection: keep-alive..ETag: "55
4b1d16-29b"..Accept-Ranges: bytes..<?xml version="1.0" encoding="UT
F-8"?>..<LastVersion>...<url>hXXp://staticrr.mixvideopl
ayer.com/sdb/84/MixVideoPlayerSetup.exe</url>...<version>1
.0.0.16</version>...<TrackActivity>true</TrackActivity&
gt;...<TrackErrors>true</TrackErrors>...<vast active="t
rue">....<adnum>3</adnum>....<adurl countries="US,RU
,BR,MX,DE,FR,IN,GB,ES,TR,AR,IT,IL,JP,CA,IR,AU,NL,ID,CO,PK">.....<
;![CDATA[hXXp://ads.adaptv.advertising.com/a/h/fUUYX443fr3iHLf1b0D<<< skipped >>>
GET /d5/msjava.dll HTTP/1.1
Accept: */*
Proxy-Authorization: Basic
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.153 Safari/537.36
Host: static.api.getinstallfile.com
Connection: Keep-Alive
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 11 May 2015 01:21:36 GMT
Content-Type: application/octet-stream
Content-Length: 940304
Connection: keep-alive
Last-Modified: Thu, 26 Feb 2015 12:10:04 GMT
ETag: "54ef0d1c-e5910"
Accept-Ranges: bytesMZ......................@.............................................
..!..L.!This program cannot be run in DOS mode....$.......PE..L.....C8
...........#...............................k..........................
......m...............................`#..te..........................
......................................................................
...........................text............................... ..`.dat
a...d"......."..................@....rsrc.............................
..@..@.reloc..............................@..B4.D8@...0[.8M..... 8W...
4.D8a...4.D8l...6.D8y...5.D8............KERNEL32.dll.NTDLL.DLL.GDI32.d
ll.USER32.dll.ADVAPI32.dll.OLEAUT32.dll.ole32.dll.....................
......................................................................
......................................................................
......................................................................
......................................................................
............................................ .........................
......................................................................
......................................................................
......................................................................
......................................................................
......................................................................
......................................................................
..................................................................<<< skipped >>>
GET /ads?key=5d7c4c519bcd79cc1dca058af3cfebbc&width=0&height=0 HTTP/1.1
Accept: */*
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: n149adserv.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Cache-Control: no-cache
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
P3P: CP="CAO PSA OUR"
Set-Cookie: epomUUID=1beb7a60-f77c-11e4-8e73-f8bc125381b8; Domain=.n149adserv.com; Expires=Sun, 06-May-2035 01:21:54 GMT; Path=/
Set-Cookie: ep_5d7c4c519bcd79cc1dca058af3cfebbc=1431307314438|437; Domain=.n149adserv.com; Expires=Tue, 12-May-2015 01:21:54 GMT; Path=/
Content-Type: text/html;charset=UTF-8
Content-Length: 929
Date: Mon, 11 May 2015 01:21:53 GMT<html><head><!--437:53--></head><body leftm
argin='0' topmargin='0' marginwidth='0' marginheight='0' style='backgr
ound-color:transparent; width: 100%; text-align: center;'><meta
http-equiv="refresh" content="0; url=hXXp://network.adsmarket.com/clic
k/jGJunWecqZmOZnCXYcp6w4iQa5leonuXiWaYm2SifJuNkGqYX6SDmbdiaZxenX-Z?dp=
NTN8NDM3fFVBfDF8MXx8|0612006bafc3521e68edbb931e5ac369-17-48" /><
script type="text/javascript">var params = {}; var res = []; if (lo
calStorage!==null && typeof localStorage!==null && typeof localStorage
!= "undefined" && typeof localStorage.epomCookies != "undefined") pa
rams = JSON.parse(localStorage.epomCookies); for (var p in params) res
.push(p "=" params[p]);new Image().src = "hXXp://n149adserv.com" "
/im" "pressi" "on.gif?b=437" "&p=53&ch=&ap=&cps=&c" "=48&l=UA" "&h=7f8
b18a8da178eeb2d4d00379e566c81&t=" new Date().getTime() "&s=99b58176fa2
e6397ce36b0b02c05c719&" res.join('&');</script></body><
/html>HTTP/1.1 200 OK..Server: Apache-Coyote/1.1..Cache-Control: no
-cache..Pragma: no-cache..Expires: Thu, 01 Jan 1970 00:00:00 GMT..P3P:
CP="CAO PSA OUR"..Set-Cookie: epomUUID=1beb7a60-f77c-11e4-8e73-f8bc12
5381b8; Domain=.n149adserv.com; Expires=Sun, 06-May-2035 01:21:54 GMT;
Path=/..Set-Cookie: ep_5d7c4c519bcd79cc1dca058af3cfebbc=1431307314438
|437; Domain=.n149adserv.com; Expires=Tue, 12-May-2015 01:21:54 GMT; P
ath=/..Content-Type: text/html;charset=UTF-8..Content-Length: 929..Dat
e: Mon, 11 May 2015 01:21:53 GMT..<html><head><!--4<<< skipped >>>
GET /ajax/libs/jquery/1.9.1/jquery.min.js HTTP/1.1
Accept: */*
Referer: hXXp://ads.thrillreel.com/movie_player/index?sub=415891&ref=112315&s2stoken=20WhWz1AAWtmxA4V0Ggk9v1yRCpS4uqb&p1=131995
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: ajax.googleapis.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Type: text/javascript; charset=UTF-8
Last-Modified: Fri, 08 Feb 2013 15:35:10 GMT
Date: Wed, 06 May 2015 07:40:42 GMT
Expires: Thu, 05 May 2016 07:40:42 GMT
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
X-Content-Type-Options: nosniff
Server: sffe
Content-Length: 32819
X-XSS-Protection: 1; mode=block
Cache-Control: public, max-age=31536000
Age: 409278
Alternate-Protocol: 80:quic,p=1............{{...7...."........o...v..q.[cg'-E..HPBL....RD....[kf0.Pq.
~.sNZ.....f......._..M...wg.?...vG.<8z2.........E...q...:z..GT.._.f
.....t.de.....uT..b.|.o6iv..._E..:.F.x...O..6..*?QUp....2U.4..6I.<.
T.%.E>....R1....4^..tIm...ZE.{5..3..<.....|4.3.D-.r.-o..]......4
[$....:Z...UUP_...........|....z.mF.r...f......Q..?..-3.0..F..^.F....l
.O........\..f.|1..t..NG2U.}tz.jxz.^G.o......./^\.>......#*........
../.../........|zp2{...N.3*....~.\../O'...g...g.;.~.M.Tx..,g.....).y..
w*@...i.^...]........2 ..n;.\.'..'/f....*.4:..oP...f..]Ul..2^.....V...
.....V.P.N....z......o3z.........aC..,.....K.\p...x......WiY%YR.v.*..^
.......<_oVI..a>*.xq....$8>....u%......n ..V?.Q.:..4....o.~.g
..Q...S_..Y.....G)..T.".......<......&...*..Z.t%..s@it5..y.c.....p.
h...X.*/. .H.....){4U.y...I`..&-.. y.....L.O....Lf..X<..1M.w.xD;;..
...3zgn...'S.....g.~3Jn.9-..... .....3..A..e#.....".-i.S..].9..3..=GE.
.,..R*.gs..j.M..0.._'.u......E.|.....K.Q'FY.H^..'.(.OK.\.-.T...8...Q..
..v||5J..Vq.}{.K2..K..z.R....o_..G..t.L....NF.W.}....."{.NLP|.T_......
..j..,P..q.Q..o..<.x...Q..t=..$nJ.%:S...,..N...*.......d.`....M...)
....T.7....|$...[......E..h.......`b.......iQ.w...-n>.=OIw..*......
..H...r.....h..V.Aj..&t..9M..is.j.t]~../...ik......l.p.....mT.=[E..7v.
...n./$...y=T.X.s...J......j.w.W.|.x..F..*..:....>K...d....f.......
...&...7./.2-..P......j.?X.p.....9u.Ae.0...D.....~f.......&...l6..3...
...i}.(.. m.Je.x...p5.:..d...gWz...G..@.*\.2/*..............>...g..
`...w....f.....\.D...#D...E.%.......G..s`K.*.WI...NI.......LeO...&<<< skipped >>>
The Trojan connects to the servers at the folowing location(s):
`.rsrc
J!"#$J%J&'()*J ,JJJJJJJJ-J.JJ/0J1JJJJJJJJJJJJJJJJJJ23JJ4567JJ8JJJJJ9:;JJJJJ<=JJJJJJJJJJJ>?JJJJJJJJ@JJJJJJAJJJJJBJJCJJJJJJJJJJJDEJJJJJJJFJGJJJJJJJJJJJJHJI
j.hTwV
j.hHzV
%Program Files% (x86)\Microsoft Visual Studio 9.0\VC\atlmfc\include\atlexcept.h
%Program Files% (x86)\Microsoft Visual Studio 9.0\VC\include\xdebug
FJN[[[[[_mx$.6>ACINSU]etuv",,:EP_cjs{|*./;DLV_gjy{ -3>>DP^kp FDKWany
%Program Files% (x86)\Microsoft Visual Studio 9.0\VC\include\streambuf
%Program Files% (x86)\Microsoft Visual Studio 9.0\VC\include\xlocnum
%Program Files% (x86)\Microsoft Visual Studio 9.0\VC\include\xlocale
%Program Files% (x86)\Microsoft Visual Studio 9.0\VC\include\xiosbase
%Program Files% (x86)\Microsoft Visual Studio 9.0\VC\atlmfc\include\cstringt.h
EQW]]]]]ett{'*02?CCRTam||%-9::HQT]alq"(-1??JSU^ekyy"#$$.=JYgkpt|}#')1=KZ[]]^ksy')6?AGN]`nox'.05=AP^fq{}--68ETW]cqv|}$,79GP]lov'(--;EMVYaly#&'4@FGS\eooq *-03AJQ\]]hllz'
GHIIIIIIKSbqvw(.46BCHPTUXYfr{LKOQ]huw|
BQS`````ln|&-7;DMO[ddrtv'5CGGLTWfu!#' 3<<KZbo{{FRWYamx&2?M\ffoz$(6CGP
IT[_____gvCN]ffqv%,7@LNSW]an|*AMSVXbp{!#034<ACLVXdkr .1=@OT`cky')),
GMQ\\\\\defghno{(-6CRaeix}"&-;EMT`ky|'-1
LX^hhhhhmuxz"$/>HJQVV[\dqx#' 8GHQ]ju%% 9:>?KNVeop| '(39>@ITcpx$%*67CGGUW
N\cmmmmmp{{} 0?CDGMXaht (.<=?ILWZiwyz$/49;DHKMSWdsy(56DGS`mv!LR^eghkxy
NX]fffffjkxzCJXamny|".3:GUbkm| -59ESW
CHKQQQQQVao|#-;IT]iip|)0=DQTZbiiov}ICF
GHIIIIIIKW`oxx %89COO^eenop{$*08FLOPUa
()$^.* ?[]|\-{},:=!
GMQ\\\\\]ijkqqu!)-448AAFHUWZant}.69GMU_fnnwz',,6>?NRajy!/4:FOOT]^apvy"&0
invalid _N_type: %d
%Program Files% (x86)\Microsoft Visual Studio 9.0\VC\include\locale
CHKQQQQQ[dps##%'*./25@JSYekrz>BNZblr! 3?HKZ]hp|)4BPTcrt '5;JJY[iijjx)19FUaoo|*.28;;COXgv%,.<AMOXcdivv
AIP[[[[[^hmns "" 0=>LZiqt!07BGQ[gt"$' 57BEFLXfn|-<DMY`hnv *1;GQYer#;FRY[chlnr{}#.:=FJY]lx)*3AEHW]lt#.<FLRT[_fqt"1>LY^aijw"LKT\^divz'58DLYYY\\_nvz&,9GOPYhkx)15@FST__nu$019>KXguz!#'0456:FS`cr{)888FKR[_mu %,:;JNSVaahhvw!,4>>AAIP\`cklquz!% 2ALST\cqx{ 5BFISSZemox')7<DIOSV^cipv}"08>BKX^_n{#&17?@KKKUdmmq}.7@EOTVZgjv|,6@BJPW\_bir".044<IQ_`hv&47<DNVckq|*038EFQ\
NSTTTTTT_ghhs$1@KN[^dr{)-:IU\kuuw%,49ADGHS_ahqwx$.69FKN]bkz| 1;DEQT\jx$%-1=BGLWcp|-9EIX\ktz"#-8?IP\`bfjmmt (/:EQ]dkns})2>FO^eglqz|"(4:FTU[inpy|#014?@MZhrs"(2:DMZgghpz}&/48=CCOXbo (-02:>HWeq{*-<FKUU[cqx"&'28<EKR_cko{$$:;;?KTcpty"*37;;=DEIT`blw{#0>BFKQZ[hrwx| 0;E
IsWindowsServer
CHKQQQQQZcgmmmmt!),2=FMOZfq}#()3>>>HINXgmw %*7CMZ`kw CELPYcosy),1=HJX`hu&2@@MY]agjjr )8GT[]kp| )45:GG
GHIIIIIIJMX__loruz{&,01@CRT[cpyy!,;;DOP]cmmx'''0>BJXgv%(23@NQW[[`hox'.22
LX^hhhhhou'FGQQYcfhs#&19<BFJVakq %,2@G
GetExternal.cpp
AIP[[[[[abgqrs#(.9GNV[^ggjltx%'456<>CKVWX^hot#)39CFFRTcp $,:GIMNRU]iruuy
GHIIIIIIMVXgu%2<>EFIUdpy)5@JMSS[ioo|$2>K
GHIIIIIIWdlty678CNY\``ehu$3:EM[^ls|%/7:IR`nvv'(,9;DQVelw?EEQSVboy'-2:@OSX]er!#08DPTWakv|(07:HQSVcr
AIP[[[[[abbly"0:GVZ]diw'69GLYZ\dm|'/<=ADP]ggjryz#,9:AIX]_hq (*6?BBGPU_jmn}& 4=DSS\crt!",,,377;DEJKWbiw{"
DSSbbbbbm{!.066;JXbcrt%4:IKNWao{$3?L[[^_
helpJavaScript.cpp
BQS`````cr!(-68GRVWetux ,-9>BCCRT^dmw&5CCMNVajx'5<@EFTZ[fo|,,27<?HST`efqv!(-19EIJV`mxx%&(/3;AEO]fs|(7<BP
GHIIIIIIX_`mmtw! --8BCKUVVep}'6;>GLNT^`dfhtv$ ./49ENYdeory555:IWfss %,
NetBase.cpp
GMQ\\\\\ems#179=?IWbijt} .:APPRTWWes .9FQWeho}$6DO]gkuwz!>BIUYfu#&118AHT\krrz{* .4<DNZ`krx}!!&09DLZ
ERV]]]]]bffo{'./23BLOP[ao{{*66@DMNZeft(DFT__ilxx"),06ABCMZ`cgsz|'/0=HS[emp!!"#$(,59;DJMYdejn{(-4ALUdpzz|$'*9<BDHUciily).7:GQZacfhptw!&./;HWfly)/0<GGS[dhnwx'1?MN[`ffsy
NX]fffffkww".5>MXanooqx!'/8@NP_kx))7?DRacqy!!/0>BESW\^djmx!%*6@KTbbqz$28AFLPSXcrt4=LMVX]hu{,5@BHQ\dls
PictureEx.cpp
c:\logFile.txt
Error opening key.
Key not found.
CheckRegistryKeyExistance
SetStringKey
"exeId":"
inflate 1.1.3 Copyright 1995-1998 Mark Adler
1.1.3
CWebBrowser2
mb_00000000-0000-0000-0807-060504030201
mb_09F005AE-AC9D-4FC1-AB7A-24004F6C043A
mb_01010101-0101-0101-0101-010101010101
mb_58585858-5858-5858-5858-585858585858
mb_4c4c4544-0000-2010-8020-80c04f202020
mb_11111111-2222-3333-4444-555555555555
mb_11111111-1111-1111-1111-111111111111
mb_00020003-0004-0005-0006-000700080009
mb_890E2D14-CACD-45D1-AE66-BC80E8BFEB0F
mb_8E275844-178F-44A8-ACEB-A7D7E5178C63
mb_52309712-FFFF-FFFF-FFFF-FFFFFFFFFFFF
mb_DC698397-FA54-4CF2-82C8-B1B5307A6A7F
mb_61F39712-FFFF-FFFF-FFFF-FFFFFFFFFFFF
mb_50FB9712-FFFF-FFFF-FFFF-FFFFFFFFFFFF
mb_93309712-FFFF-FFFF-FFFF-FFFFFFFFFFFF
mb_56F49712-FFFF-FFFF-FFFF-FFFFFFFFFFFF
mb_07090201-0103-0301-0807-060504030201
mb_03000200-0400-0500-0006-000700080009
mb_FEFEFEFE-FEFE-FEFE-FEFE-FEFEFEFEFEFE
mb_FFFFFFFF-FFFF-FFFF-FFFF-FFFFFFFFFFFF
mb_00000000-0000-0000-0000-000000000000
0.0.0.0
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\olemisc.cpp
CNotSupportedException
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\except.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\include\afxtls_.h
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\strcore.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\include\afxtempl.h
f:\dd\vctools\vc7libs\ship\atlmfc\include\afx.inl
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\winstr.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\appcore.cpp
m_msgCur = {
m_pszExeName =
m_nCmdShow =
m_lpCmdLine =
f:\dd\vctools\vc7libs\ship\atlmfc\include\afxadv.h
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\winfrm.cpp
Warning: no message line prompt for ID 0xX.
Warning: OnUpdateKeyIndicator - unknown indicator 0xX.
Warning: scroll bars in frame windows may cause unusual behaviour.
f:\dd\vctools\vc7libs\ship\atlmfc\include\afxpriv.h
f:\dd\vctools\vc7libs\ship\atlmfc\include\afxcoll.inl
CCmdTarget
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\cmdtarg.cpp
SENDING control notification %d from control id 0xX to %hs window.
SENDING command id 0xX to %hs target.
No handler for command ID 0xX, disabling it.
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\thrdcore.cpp
m_nMsgLast =
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\appui2.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\appui.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\appui1.cpp
Error: failed to load message box prompt string 0xx.
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\wincore.cpp
Warning: unknown WM_MEASUREITEM for menu item 0xX.
hhctrl.ocx
Implementation Warning: control notification = $%X.
Warning: not executing disabled command %d
hWnd = $X (nIDC=$X) is not a %hs.
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\afximpl.h
f:\dd\vctools\vc7libs\ship\atlmfc\include\afxwin2.inl
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\winocc.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\include\afxwin1.inl
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\afxtls.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\occmgr.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\occdlg.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\occsite.cpp
IOleInPlaceObject not supported on OLE control (dialog ID %d).
Persistence not supported on OLE control %ls.
%d. Column ordinal %d: Binding as native data type
%d. Column ordinal %d: Binding a COM object
%d. Column ordinal %d: Binding as an IStream object
%d. Column ordinal %d: Binding as an ISequentialStream object
neither ISequentialStream nor IStream are supported!
IStream is supported
FISequentialStream is supported
Testing streams support...
%d. Column ordinal %d: Binding by reference in provider allocated, consumer owned memory
%d. Column ordinal %d: Binding length and status ONLY
Number of columns: %d
f:\dd\vctools\vc7libs\ship\atlmfc\include\atldbcli.h
Unsupported DBTYPE (%d) in column %d
$@Column %d not bound
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\winctrl1.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\dlgcore.cpp
IGNORING command id 0xX sent to %hs dialog.
Routing command id 0xX to app.
Routing command id 0xX to owner window.
Warning: Creating dialog from within a COleControlModule application is not a supported scenario.
Warning: ExecuteDlgInit failed during dialog init.
ERROR: Dialog with IDD 0xX must have the child style.
ERROR: Dialog with IDD 0xX must be invisible.
ERROR: Cannot find dialog template with IDD 0xX.
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\occcont.cpp
Error: no data exchange control with ID 0xX.
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\dlgdata.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\oleunk.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\include\afxole.inl
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\wingdi.cpp
m_ps.rcPaint =
m_ps.fErase =
m_ps.hdc =
lgpn.lopnColor =
lgpn.lopnWidth.x (width) =
lgpn.lopnStyle =
lb.lbColor =
lb.lbHatch =
lb.lbStyle =
lf.lfFaceName =
lf.lfPitchAndFamily =
lf.lfQuality =
lf.lfClipPrecision =
lf.lfOutPrecision =
lf.lfCharSet =
lf.lfStrikeOut =
lf.lfUnderline =
lf.lfItalic =
lf.lfWeight =
lf.lfOrientation =
lf.lfEscapement =
lf.lfWidth =
lf.lfHeight =
bm.bmBitsPixel =
bm.bmPlanes =
bm.bmWidthBytes =
bm.bmWidth =
bm.bmHeight =
bm.bmType =
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\afxstate.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\array_s.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\elements.h
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\arcobj.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\arccore.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\objcore.cpp
CHttpConnection
CHttpFile
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\inet.cpp
Unknown status: %d
Internet ctxt=%d:
Warning: throwing CInternetException for error %d
Warning: Extended error reported with no response info
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\filecore.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\filex.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\appinit.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\auxdata.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\olevar.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\arcex.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\appui3.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\olelock.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\winutil.cpp
Warning: Shrinking safety pool from %d to %d to satisfy request of %d bytes.
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\dumpcont.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\list_p.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\winmenu.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\wingdix.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\bartool.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\array_o.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\include\afxcmn2.inl
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\winctrl2.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\include\afxcmn.inl
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\plex.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\array_b.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\array_w.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\array_d.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\array_p.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\map_pp.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\map_wo.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\map_so.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\map_ss.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\dlgcomm.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\afxcrit.cpp
WM_HOTKEY
WM_SETHOTKEY
WM_IDLEUPDATECMDUI
WM_DDE_EXECUTE
WM_KEYLAST
WM_SYSKEYUP
WM_SYSKEYDOWN
WM_KEYUP
WM_KEYDOWN
WM_VKEYTOITEM
WM_CTLCOLORMSGBOX
WM_USER 0xX
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\afxtrace.cpp
Warning: Unable to unpack WM_DDE_EXECUTE lParam lX.
Warning: failed to reclaim %d bytes for memory safety pool.
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\winhand.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\occevent.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\filemem.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\oledisp2.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\oleinit.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\arcstrm.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\dlgtempl.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\oleenum.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\apphelp.cpp
Error: failed to load AfxFormatString string 0xx.
Error: illegal string index requested %d.
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\filetxt.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\include\afxmt.inl
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\filest.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\dumpout.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\fixalloc.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\oledisp1.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\olecnvrt.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\olemsgf.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\occlock.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\olefact.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\oledobj2.cpp
a %hs object at $%p, %u bytes long
an invalid object at $%p, %u bytes long
faulted while dumping object at $%p, %u bytes long
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\dumpinit.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\oledlgs2.cpp
m_bz.hTask =
m_bz.hResource =
m_bz.lpszTemplate =
m_bz.hInstance =
m_bz.lCustData =
m_bz.lpszCaption =
m_bz.hWndOwner =
m_bz.dwFlags =
m_bz.cbStruct =
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\oledoc1.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\list_o.cpp
f:\dd\vctools\crt_bld\self_x86\crt\src\xmutex.cpp
f:\dd\vctools\crt_bld\self_x86\crt\src\locale0.cpp
f:\dd\vctools\crt_bld\self_x86\crt\src\_tolower.c
f:\dd\vctools\crt_bld\self_x86\crt\src\streambuf
f:\dd\vctools\crt_bld\self_x86\crt\src\xlocale
f:\dd\vctools\crt_bld\self_x86\crt\src\xmbtowc.c
%s_%0x
%s(%d) :
f:\dd\vctools\vc7libs\ship\atlmfc\src\atl\atls\atlbase.cpp
f:\dd\vctools\crt_bld\self_x86\crt\src\dbgrpt.c
f:\dd\vctools\crt_bld\self_x86\crt\src\onexit.c
Client hook allocation failure at file %hs line %d.
Memory allocated at %hs(%d).
Client hook re-allocation failure at file %hs line %d.
HEAP CORRUPTION DETECTED: after %hs block (#%d) at 0x%p.
CRT detected that the application wrote to memory after end of heap buffer.
HEAP CORRUPTION DETECTED: before %hs block (#%d) at 0x%p.
CRT detected that the application wrote to memory before start of heap buffer.
CRT detected that the application wrote to a heap buffer that was freed.
crt block at 0x%p, subtype %x, %Iu bytes long.
client block at 0x%p, subtype %x, %Iu bytes long.
%hs(%d) :
#File Error#(%d) :
Data: <%s> %s
f:\dd\vctools\crt_bld\self_x86\crt\src\setvbuf.c
f:\dd\vctools\crt_bld\self_x86\crt\src\threadex.c
_CrtDbgReport: String too long or IO Error
Debug %s!
Program: %s%s%s%s%s%s%s%s%s%s%s%s
f:\dd\vctools\crt_bld\self_x86\crt\src\osfinfo.c
%s(%d) : %s
_CrtDbgReport: String too long or Invalid characters in String
f:\dd\vctools\crt_bld\self_x86\crt\src\_file.c
f:\dd\vctools\crt_bld\self_x86\crt\src\setlocal.c
f:\dd\vctools\crt_bld\self_x86\crt\src\initctyp.c
f:\dd\vctools\crt_bld\self_x86\crt\src\stdenvp.c
f:\dd\vctools\crt_bld\self_x86\crt\src\stdargv.c
f:\dd\vctools\crt_bld\self_x86\crt\src\w_env.c
f:\dd\vctools\crt_bld\self_x86\crt\src\ioinit.c
f:\dd\vctools\crt_bld\self_x86\crt\src\tidtable.c
This is an unsupported way to load Visual C DLLs. You need to modify your application to build with a manifest.
- Attempt to initialize the CRT more than once.
- CRT not initialized
Please contact the application's support team for more information.
- floating point support not loaded
f:\dd\vctools\crt_bld\self_x86\crt\src\mlock.c
GetProcessWindowStation
f:\dd\vctools\crt_bld\self_x86\crt\src\output.c
f:\dd\vctools\crt_bld\self_x86\crt\src\mbctype.c
f:\dd\vctools\crt_bld\self_x86\crt\src\drive.c
f:\dd\vctools\crt_bld\self_x86\crt\src\_sftbuf.c
ADVAPI32.DLL
f:\dd\vctools\crt_bld\self_x86\crt\src\inithelp.c
f:\dd\vctools\crt_bld\self_x86\crt\src\read.c
f:\dd\vctools\crt_bld\self_x86\crt\src\stream.c
f:\dd\vctools\crt_bld\self_x86\crt\src\tzset.c
f:\dd\vctools\crt_bld\self_x86\crt\src\gmtime.c
f:\dd\vctools\crt_bld\self_x86\crt\src\_getbuf.c
USER32.DLL
f:\dd\vctools\crt_bld\self_x86\crt\src\inittime.c
f:\dd\vctools\crt_bld\self_x86\crt\src\initnum.c
f:\dd\vctools\crt_bld\self_x86\crt\src\initmon.c
portuguese-brazilian
f:\dd\vctools\crt_bld\self_x86\crt\src\convrtcp.c
operator
Run-Time Check Failure #%d - %s
%s%s%s%s
%s%s%p%s%ld%s%d%s
user32.dll
f:\dd\vctools\crt_bld\self_x86\crt\src\wtombenv.c
MSPDB80.DLL
RegCloseKey
RegOpenKeyExA
f:\dd\vctools\crt_bld\self_x86\crt\src\setenv.c
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\appmodul.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\winmain.cpp
MaxCore.cpp
.?AVCCmdTarget@@
MaxCoreDlg.cpp
.?AVCWebBrowser2@@
.?AVExecuteBase@@
.?AVExecuteFacade@@
Idispimp.cpp
.PAVCInternetException@@
.PAVCFileException@@
Text.cpp
.PAVCOleException@@
.PAVCException@@
.PAVCObject@@
.PAVCMemoryException@@
.PAVCSimpleException@@
.PAVCNotSupportedException@@
.PAVCInvalidArgException@@
.?AVCNotSupportedException@@
.?AVCCmdUI@@
.?AVCTestCmdUI@@
.PAVCUserException@@
.PAVCResourceException@@
.PAVCArchiveException@@
.?AVCHttpConnection@@
.?AVCHttpFile@@
.?AV?$CFixedStringT@V?$CStringT@_WV?$StrTraitMFC@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@$0BAA@@ATL@@
.?AV?$CStringT@_WV?$StrTraitMFC@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@
.PAVCOleDispatchException@@
zcÁ
R<u.pr
kC-O}
z%CMH
]%uce
o?.DCtO
Ñj\
[.NQ#
NpB0%xm
zcMD
GetCPInfo
GetConsoleOutputCP
GetProcessHeap
RegOpenKeyExW
RegCreateKeyExW
RegOpenKeyW
RegEnumKeyW
RegCreateKeyW
RegDeleteKeyW
RegQueryInfoKeyW
RegEnumKeyExW
GetViewportExtEx
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
ShellExecuteW
ShellExecuteExW
UrlUnescapeW
URLDownloadToFileW
GetKeyState
CreateDialogIndirectParamW
UnhookWindowsHookEx
SetWindowsHookExW
HttpQueryInfoW
HttpSendRequestW
HttpOpenRequestW
InternetOpenUrlW
InternetCanonicalizeUrlW
InternetCrackUrlW
(.fFb#
1')3-=#3=') '#
hs.SS
<5"95"95"90
;$.:'.:$&:)
(08(03`-035(F*(.RK-
1>" (0:1
(($40 ,( 0 ,4$,0 0 ,
.text
`.rdata
@.data
.rsrc
@.reloc
M\.EW
ghgH%u3
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0"><trustInfo xmlns="urn:schemas-microsoft-com:asm.v3"><security><requestedPrivileges><requestedExecutionLevel level="requireAdministrator" uiAccess="false"></requestedExecutionLevel></requestedPrivileges></security></trustInfo></assembly>PAD
KERNEL32.DLL
ADVAPI32.dll
COMDLG32.dll
dbghelp.dll
GDI32.dll
IPHLPAPI.DLL
ole32.dll
OLEACC.dll
OLEAUT32.dll
oledlg.dll
RPCRT4.dll
SHELL32.dll
SHLWAPI.dll
urlmon.dll
USER32.dll
WININET.dll
WINSPOOL.DRV
%Program Files% (x86)\Microsoft Visual Studio 9.0\VC\include\xutility
%Program Files% (x86)\Microsoft Visual Studio 9.0\VC\atlmfc\include\atlsimpstr.h
AtlThrow: hr = 0x%x
std::_Vector_const_iterator<unsigned int,class std::allocator<unsigned int> >::operator *
%Program Files% (x86)\Microsoft Visual Studio 9.0\VC\include\vector
std::_Vector_const_iterator<unsigned int,class std::allocator<unsigned int> >::operator =
%Program Files% (x86)\Microsoft Visual Studio 9.0\VC\include\xstring
std::_Vector_const_iterator<struct offerStruct *,class std::allocator<struct offerStruct *> >::operator *
std::_Vector_const_iterator<class std::vector<unsigned int,class std::allocator<unsigned int> > *,class std::allocator<class std::vector<unsigned int,class std::allocator<unsigned int> > *> >::operator *
std::_Vector_const_iterator<struct offerStruct *,class std::allocator<struct offerStruct *> >::operator =
std::_Vector_const_iterator<class std::vector<unsigned int,class std::allocator<unsigned int> > *,class std::allocator<class std::vector<unsigned int,class std::allocator<unsigned int> > *> >::operator =
Id: = index: = score: ] %c
%Program Files% (x86)\Microsoft Visual Studio 9.0\VC\include\memory
Total list score: d
std::_Vector_const_iterator<unsigned char,class std::allocator<unsigned char> >::operator *
std::_Vector_const_iterator<unsigned char,class std::allocator<unsigned char> >::operator =
%Program Files% (x86)\Microsoft Visual Studio 9.0\VC\include\ostream
std::_String_const_iterator<char,struct std::char_traits<char>,class std::allocator<char> >::operator *
std::_String_const_iterator<char,struct std::char_traits<char>,class std::allocator<char> >::operator
std::_Vector_const_iterator<class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> >,class std::allocator<class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> > > >::operator =
std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> >::operator []
std::_Vector_const_iterator<class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> >,class std::allocator<class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> > > >::operator *
std::_Vector_const_iterator<class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> >,class std::allocator<class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> > > >::operator
hWarning: implicit LoadString(%u) failed
std::_String_const_iterator<char,struct std::char_traits<char>,class std::allocator<char> >::operator =
%Program Files% (x86)\Microsoft Visual Studio 9.0\VC\atlmfc\include\atlconv.h
%Program Files% (x86)\Microsoft Visual Studio 9.0\VC\include\xtree
std::_Tree<class std::_Tmap_traits<int,wchar_t const *,struct std::less<int>,class std::allocator<struct std::pair<int const ,wchar_t const *> >,0> >::const_iterator::operator ==
std::_Tree<class std::_Tmap_traits<int,wchar_t const *,struct std::less<int>,class std::allocator<struct std::pair<int const ,wchar_t const *> >,0> >::const_iterator::operator *
invalid operator<
std::_Tree<class std::_Tmap_traits<class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > >,unsigned long,struct std::less<class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > > >,class std::allocator<struct std::pair<class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > > const ,unsigned long> >,0> >::const_iterator::operator ==
std::_Tree<class std::_Tmap_traits<class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > >,class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > >,struct std::less<class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > > >,class std::allocator<struct std::pair<class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > > const ,class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > > > >,0> >::const_iterator::operator ==
std::_Tree<class std::_Tmap_traits<class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > >,unsigned long,struct std::less<class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > > >,class std::allocator<struct std::pair<class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > > const ,unsigned long> >,0> >::const_iterator::operator *
std::_Tree<class std::_Tmap_traits<class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > >,class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > >,struct std::less<class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > > >,class std::allocator<struct std::pair<class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > > const ,class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > > > >,0> >::const_iterator::operator *
std::_Tree<class std::_Tmap_traits<class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > >,class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > >,struct std::less<class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > > >,class std::allocator<struct std::pair<class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > > const ,class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > > > >,0> >::const_iterator::_Inc
std::_Tree<class std::_Tmap_traits<class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > >,unsigned long,struct std::less<class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > > >,class std::allocator<struct std::pair<class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > > const ,unsigned long> >,0> >::const_iterator::_Dec
std::_Tree<class std::_Tmap_traits<class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > >,unsigned long,struct std::less<class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > > >,class std::allocator<struct std::pair<class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > > const ,unsigned long> >,0> >::const_iterator::_Inc
std::_Tree<class std::_Tmap_traits<class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > >,class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > >,struct std::less<class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > > >,class std::allocator<struct std::pair<class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > > const ,class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > > > >,0> >::const_iterator::_Dec
ExtractIcon.cpp
std::vector<class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> >,class std::allocator<class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> > > >::operator []
%Program Files% (x86)\Microsoft Visual Studio 9.0\VC\include\list
std::list<class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> >,class std::allocator<class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> > > >::_Const_iterator<1>::operator *
std::list<class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> >,class std::allocator<class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> > > >::_Const_iterator<1>::operator
%Program Files% (x86)\Microsoft Visual Studio 9.0\VC\include\regex
%Program Files% (x86)\Microsoft Visual Studio 9.0\VC\include\algorithm
std::list<class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> >,class std::allocator<class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> > > >::_Const_iterator<1>::operator --
std::_String_const_iterator<char,struct std::char_traits<char>,class std::allocator<char> >::operator --
std::_String_const_iterator<wchar_t,struct std::char_traits<wchar_t>,class std::allocator<wchar_t> >::operator *
std::_String_const_iterator<wchar_t,struct std::char_traits<wchar_t>,class std::allocator<wchar_t> >::operator
std::vector<class std::tr1::sub_match<char const *>,class std::allocator<class std::tr1::sub_match<char const *> > >::operator []
std::_Vector_const_iterator<class std::tr1::sub_match<char const *>,class std::allocator<class std::tr1::sub_match<char const *> > >::operator =
_std::_Vector_const_iterator<char,class std::allocator<char> >::operator *
%Program Files% (x86)\Microsoft Visual Studio 9.0\VC\atlmfc\include\atlcomcli.h
std::vector<wchar_t,class std::allocator<wchar_t> >::operator []
std::_Vector_const_iterator<wchar_t,class std::allocator<wchar_t> >::operator =
std::_Vector_const_iterator<wchar_t,class std::allocator<wchar_t> >::operator *
std::_Vector_const_iterator<wchar_t,class std::allocator<wchar_t> >::operator
std::vector<class argument,class std::allocator<class argument> >::operator []
std::_Vector_const_iterator<class argument,class std::allocator<class argument> >::operator =
std::_Vector_const_iterator<class argument,class std::allocator<class argument> >::operator *
std::_Vector_const_iterator<class argument,class std::allocator<class argument> >::operator
start.gif
std::vector<struct CPictureEx::TFrame,class std::allocator<struct CPictureEx::TFrame> >::operator []
std::_Vector_const_iterator<struct CPictureEx::TFrame,class std::allocator<struct CPictureEx::TFrame> >::operator *
std::_Vector_const_iterator<struct CPictureEx::TFrame,class std::allocator<struct CPictureEx::TFrame> >::operator
std::_Vector_const_iterator<struct CPictureEx::TFrame,class std::allocator<struct CPictureEx::TFrame> >::operator =
HKEY_USERS
HKEY_LOCAL_MACHINE
HKEY_CURRENT_USER
HKEY_CLASSES_ROOT
Gstd::_Tree<class std::_Tmap_traits<unsigned int,class CTrayIcon *,struct std::less<unsigned int>,class std::allocator<struct std::pair<unsigned int const ,class CTrayIcon *> >,0> >::const_iterator::operator ==
std::_Tree<class std::_Tmap_traits<unsigned int,class CTrayIcon *,struct std::less<unsigned int>,class std::allocator<struct std::pair<unsigned int const ,class CTrayIcon *> >,0> >::const_iterator::operator *
%s%s%s
HX
_hd_%S
0mb_%S
SELECT * FROM Win32_OperatingSystem
CACHE_S_FORMATETC_NOTSUPPORTED
CO_E_SERVER_EXEC_FAILURE
MK_E_INTERMEDIATEINTERFACENOTSUPPORTED
OLE_E_ADVISENOTSUPPORTED
REGDB_E_KEYMISSING
UCACHE_E_FIRST...CACHE_E_LAST
CACHE_S_FIRST...CACHE_S_LAST
CLASSFACTORY_E_FIRST...CLASSFACTORY_E_LAST
CLASSFACTORY_S_FIRST...CLASSFACTORY_S_LAST
CLIENTSITE_E_FIRST...CLIENTSITE_E_LAST
CLIENTSITE_S_FIRST...CLIENTSITE_S_LAST
CLIPBRD_E_FIRST...CLIPBRD_E_LAST
CLIPBRD_S_FIRST...CLIPBRD_S_LAST
CONVERT10_E_FIRST...CONVERT10_E_LAST
CONVERT10_S_FIRST...CONVERT10_S_LAST
CO_E_FIRST...CO_E_LAST
CO_S_FIRST...CO_S_LAST
DATA_E_FIRST...DATA_E_LAST
DATA_S_FIRST...DATA_S_LAST
DRAGDROP_E_FIRST...DRAGDROP_E_LAST
DRAGDROP_S_FIRST...DRAGDROP_S_LAST
ENUM_E_FIRST...ENUM_E_LAST
ENUM_S_FIRST...ENUM_S_LAST
INPLACE_E_FIRST...INPLACE_E_LAST
INPLACE_S_FIRST...INPLACE_S_LAST
MARSHAL_E_FIRST...MARSHAL_E_LAST
MARSHAL_S_FIRST...MARSHAL_S_LAST
MK_E_FIRST...MK_E_LAST
MK_S_FIRST...MK_S_LAST
OLEOBJ_E_FIRST...OLEOBJ_E_LAST
OLEOBJ_S_FIRST...OLEOBJ_S_LAST
OLE_E_FIRST...OLE_E_LAST
OLE_S_FIRST...OLE_S_LAST
REGDB_E_FIRST...REGDB_E_LAST
REGDB_S_FIRST...REGDB_S_LAST
VIEW_E_FIRST...VIEW_E_LAST
VIEW_S_FIRST...VIEW_S_LAST
FACILITY_WINDOWS
severity: %s, facility: %s ($lX)
range: %s ($lX)
%s ($lX)
Warning: constructing COleException, scode = %s.
f:\dd\vctools\vc7libs\ship\atlmfc\include\atlalloc.h
f:\dd\vctools\vc7libs\ship\atlmfc\include\atlcomcli.h
f:\dd\vctools\vc7libs\ship\atlmfc\include\atlsimpstr.h
f:\dd\vctools\vc7libs\ship\atlmfc\include\cstringt.h
f:\dd\vctools\vc7libs\ship\atlmfc\include\atlconv.h
ntdll.dll
kernel32.dll
Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
Software\Microsoft\Windows\CurrentVersion\Policies\Network
Software\Microsoft\Windows\CurrentVersion\Policies\Comdlg32
%s%s.dll
%s (%s:%d)
Hf:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\winfrm.cpp
Error: failed to execute DDE command '%s'.
Warning: DDE command '%s' ignored because window is disabled.
pMRU: open file (%d) '%s'.
Can't register window class named %s
Afx:%p:%x:%p:%p:%p
Afx:%p:%x
WinHelp: pszHelpFile = '%s', dwData: $%lx, fuCommand: %d.
HtmlHelp: pszHelpFile = '%s', dwData: $%lx, fuCommand: %d.
accKeyboardShortcut
f:\dd\vctools\vc7libs\ship\atlmfc\include\atlcom.h
commctrl_DragListMsg
Kf:\dd\vctools\vc7libs\ship\atlmfc\include\afxwin2.inl
Binding entry %d failed. Status: %d
f:\dd\vctools\vc7libs\ship\atlmfc\include\atlbase.h
GetData failed - HRESULT = 0x%X
m_pColumnInfo[nColumn].ulColumnSize == sizeof(ctype)
ERROR: Dialog named '%s' must have the child style.
ERROR: Dialog named '%s' must be invisible.
ERROR: Cannot find dialog template named '%s'.
CLSID\%s
Interface\%s
mfcm90ud.dll
QueryInterface(%s) failed
QueryInterface(%s) succeeded
Kcomctl32.dll
Kcomdlg32.dll
Kshell32.dll
Kf:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\array_s.cpp
hXXp://
connecting to socket address '%s'
resolved name for %s!
resolving name for %s
Warning: destroying an open %s with handle %8.8X
Warning: Disconnecting %s handle %8.8X in context %8.8X at destruction.
LHTTP/1.0
WININET.DLL
Warning: could not get volume information '%s'.
Warning: could not parse the path '%s'. Path is too long.
Warning: could not parse the path '%s'.
CFile exception: %hs, File %s, OS error information = %ld.
AppMsg
WinMsg
CmdRouting
0xx
%s: hwnd=0xX, msg = 0xX (0xX, 0xX)
%s: hwnd=0xX, msg = %hs (0xX, 0xX)
%s: Advise item='%s', Format='%s', Ack=%d, Defer Update= %d
%s: Execute '%s'.
Warning: OleInitialize returned scode = %s.
mscoree.dll
nf:\dd\vctools\crt_bld\self_x86\crt\src\xstring
Nf:\dd\vctools\crt_bld\self_x86\crt\src\xmbtowc.c
f:\dd\vctools\vc7libs\ship\atlmfc\src\atl\atls\atldebugapi.cpp
%S(%d) :
ppCategory && pfnCrtDbgReport
f:\dd\vctools\vc7libs\ship\atlmfc\include\atlmem.h
f:\dd\vctools\vc7libs\ship\atlmfc\include\atltime.inl
f:\dd\vctools\vc7libs\ship\atlmfc\include\atlbase.inl
f:\dd\vctools\vc7libs\ship\atlmfc\include\atlcomtime.inl
f:\dd\vctools\vc7libs\ship\atlmfc\include\atlcore.h
f:\dd\vctools\vc7libs\ship\atlmfc\src\atl\atls\allocate.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\atl\atls\atltracemodulemanager.h
mode == _CRT_RPTHOOK_INSTALL || mode == _CRT_RPTHOOK_REMOVE
wcscpy_s(szOutMessage, 4096, L"_CrtDbgReport: String too long or IO Error")
memcpy_s(szShortProgName, sizeof(TCHAR) * (260 - (szShortProgName - szExeName)), dotdotdot, sizeof(TCHAR) * 3)
wcscpy_s(szExeName, 260, L"<program name unknown>")
__crtMessageWindowW
f:\dd\vctools\crt_bld\self_x86\crt\src\vswprint.c
f:\dd\vctools\crt_bld\self_x86\crt\src\memcpy_s.c
f:\dd\vctools\crt_bld\self_x86\crt\src\memmove_s.c
f:\dd\vctools\crt_bld\self_x86\crt\src\tcscat_s.inl
f:\dd\vctools\crt_bld\self_x86\crt\src\wcstombs.c
f:\dd\vctools\crt_bld\self_x86\crt\src\tsplitpath_s.inl
f:\dd\vctools\crt_bld\self_x86\crt\src\tmakepath_s.inl
f:\dd\vctools\crt_bld\self_x86\crt\src\stat64.c
f:\dd\vctools\crt_bld\self_x86\crt\src\wcsicmp.c
f:\dd\vctools\crt_bld\self_x86\crt\src\printf.c
f:\dd\vctools\crt_bld\self_x86\crt\src\strtol.c
f:\dd\vctools\crt_bld\self_x86\crt\src\dbgheap.c
_CrtCheckMemory()
_CrtIsValidHeapPointer(pUserData)
_CrtSetDbgFlag
(fNewBits==_CRTDBG_REPORT_FLAG) || ((fNewBits & 0x0ffff & ~(_CRTDBG_ALLOC_MEM_DF | _CRTDBG_DELAY_FREE_MEM_DF | _CRTDBG_CHECK_ALWAYS_DF | _CRTDBG_CHECK_CRT_DF | _CRTDBG_LEAK_CHECK_DF) ) == 0)
_CrtMemCheckpoint
f:\dd\vctools\crt_bld\self_x86\crt\src\fclose.c
f:\dd\vctools\crt_bld\self_x86\crt\src\fread.c
f:\dd\vctools\crt_bld\self_x86\crt\src\rewind.c
f:\dd\vctools\crt_bld\self_x86\crt\src\ftell.c
f:\dd\vctools\crt_bld\self_x86\crt\src\fseek.c
f:\dd\vctools\crt_bld\self_x86\crt\src\fopen.c
f:\dd\vctools\crt_bld\self_x86\crt\src\fprintf.c
f:\dd\vctools\crt_bld\self_x86\crt\src\wprintf.c
nf:\dd\vctools\crt_bld\self_x86\crt\src\strftime.c
("Invalid MBCS character sequence passed to strftime",0)
("Invalid MBCS character sequence passed into strftime",0)
f:\dd\vctools\crt_bld\self_x86\crt\src\malloc.h
("Corrupted pointer passed to _freea", 0)
f:\dd\vctools\crt_bld\self_x86\crt\src\loctim64.c
f:\dd\vctools\crt_bld\self_x86\crt\src\fwrite.c
f:\dd\vctools\crt_bld\self_x86\crt\src\ungetc.c
f:\dd\vctools\crt_bld\self_x86\crt\src\ungetc_nolock.inl
f:\dd\vctools\crt_bld\self_x86\crt\src\fgetc.c
f:\dd\vctools\crt_bld\self_x86\crt\src\fgetpos.c
f:\dd\vctools\crt_bld\self_x86\crt\src\fsetpos.c
f:\dd\vctools\crt_bld\self_x86\crt\src\fputc.c
f:\dd\vctools\crt_bld\self_x86\crt\src\atof.c
f:\dd\vctools\crt_bld\self_x86\crt\src\wtof.c
f:\dd\vctools\crt_bld\self_x86\crt\src\mktime64.c
f:\dd\vctools\crt_bld\self_x86\crt\src\wcslwr.c
f:\dd\vctools\crt_bld\self_x86\crt\src\tcscpy_s.inl
f:\dd\vctools\crt_bld\self_x86\crt\src\wcstol.c
f:\dd\vctools\crt_bld\self_x86\crt\src\mbsinc.c
f:\dd\vctools\crt_bld\self_x86\crt\src\mbsstr.c
f:\dd\vctools\crt_bld\self_x86\crt\src\mbschr.c
f:\dd\vctools\crt_bld\self_x86\crt\src\tcsncpy_s.inl
f:\dd\vctools\crt_bld\self_x86\crt\src\wcsdup.c
f:\dd\vctools\crt_bld\self_x86\crt\src\xtoa.c
W_CrtSetReportHook2
strcpy_s(szOutMessage, 4096, "_CrtDbgReport: String too long or IO Error")
strcpy_s(szExeName, 260, "<program name unknown>")
__crtMessageWindowA
f:\dd\vctools\crt_bld\self_x86\crt\src\fullpath.c
f:\dd\vctools\crt_bld\self_x86\crt\src\fileno.c
f:\dd\vctools\crt_bld\self_x86\crt\src\fdopen.c
f:\dd\vctools\crt_bld\self_x86\crt\src\feoferr.c
f:\dd\vctools\crt_bld\self_x86\crt\src\fputws.c
f:\dd\vctools\crt_bld\self_x86\crt\src\fgets.c
f:\dd\vctools\crt_bld\self_x86\crt\src\clearerr.c
fMode == _CRTDBG_REPORT_MODE || (fMode & ~(_CRTDBG_MODE_FILE | _CRTDBG_MODE_DEBUG | _CRTDBG_MODE_WNDW)) == 0
_CrtSetReportMode
f:\dd\vctools\crt_bld\self_x86\crt\src\dbgrptt.c
nRptType >= 0 && nRptType < _CRT_ERRCNT
wcscpy_s(szOutMessage2, 4096, L"_CrtDbgReport: String too long or Invalid characters in String")
strcpy_s(szUserMessage, 4096, "_CrtDbgReport: String too long or IO Error")
_VCrtDbgReportA
strcpy_s(szOutMessage2, 4096, "_CrtDbgReport: String too long or Invalid characters in String")
wcscpy_s(szUserMessage, 4096, L"_CrtDbgReport: String too long or IO Error")
_VCrtDbgReportW
((ptloci->lc_category[category].wlocale != NULL) && (ptloci->lc_category[category].wrefcount != NULL)) || ((ptloci->lc_category[category].wlocale == NULL) && (ptloci->lc_category[category].wrefcount == NULL))
f:\dd\vctools\crt_bld\self_x86\crt\src\fputwc.c
f:\dd\vctools\crt_bld\self_x86\crt\src\ungetwc.c
f:\dd\vctools\crt_bld\self_x86\crt\src\fgetwc.c
f:\dd\vctools\crt_bld\self_x86\crt\src\mbstowcs.c
f:\dd\vctools\crt_bld\self_x86\crt\src\a_cmp.c
f:\dd\vctools\crt_bld\self_x86\crt\src\strtod.c
f:\dd\vctools\crt_bld\self_x86\crt\src\vsprintf.c
f:\dd\vctools\crt_bld\self_x86\crt\src\gmtime64.c
strcat_s(outmsg, (sizeof(outmsg) / sizeof(outmsg[0])), rterrs[tblindx].rterrtxt)
strcat_s(outmsg, (sizeof(outmsg) / sizeof(outmsg[0])), "\n\n")
strcpy_s(outmsg, (sizeof(outmsg) / sizeof(outmsg[0])), "Runtime Error!\n\nProgram: ")
_NMSG_WRITE
f:\dd\vctools\crt_bld\self_x86\crt\src\crt0msg.c
f:\dd\vctools\crt_bld\self_x86\crt\src\winsig.c
WUSER32.DLL
f:\dd\vctools\crt_bld\self_x86\crt\prebuild\eh\typname.cpp
f:\dd\vctools\crt_bld\self_x86\crt\src\_flsbuf.c
f:\dd\vctools\crt_bld\self_x86\crt\src\intel\fp8.c
f:\dd\vctools\crt_bld\self_x86\crt\prebuild\conv\cvt.c
f:\dd\vctools\crt_bld\self_x86\crt\src\isctype.c
f:\dd\vctools\crt_bld\self_x86\crt\src\dtoxtm64.c
f:\dd\vctools\crt_bld\self_x86\crt\src\expand.c
f:\dd\vctools\crt_bld\self_x86\crt\src\close.c
f:\dd\vctools\crt_bld\self_x86\crt\src\_freebuf.c
f:\dd\vctools\crt_bld\self_x86\crt\src\_filbuf.c
f:\dd\vctools\crt_bld\self_x86\crt\src\lseek.c
f:\dd\vctools\crt_bld\self_x86\crt\src\_open.c
f:\dd\vctools\crt_bld\self_x86\crt\src\timeset.c
f:\dd\vctools\crt_bld\self_x86\crt\src\stricmp.c
f:\dd\vctools\crt_bld\self_x86\crt\src\write.c
f:\dd\vctools\crt_bld\self_x86\crt\src\ftelli64.c
f:\dd\vctools\crt_bld\self_x86\crt\src\fseeki64.c
f:\dd\vctools\crt_bld\self_x86\crt\src\commit.c
f:\dd\vctools\crt_bld\self_x86\crt\prebuild\include\strgtold12.inl
f:\dd\vctools\crt_bld\self_x86\crt\src\getcwd.c
strcpy_s(resultstr, resultsize, autofos.man)
f:\dd\vctools\crt_bld\self_x86\crt\prebuild\conv\cfout.c
f:\dd\vctools\crt_bld\self_x86\crt\src\getqloc.c
f:\dd\vctools\crt_bld\self_x86\crt\src\wctomb.c
f:\dd\vctools\crt_bld\self_x86\crt\src\mbtowc.c
_loc_update.GetLocaleT()->locinfo->mb_cur_max == 1 || _loc_update.GetLocaleT()->locinfo->mb_cur_max == 2
f:\dd\vctools\crt_bld\self_x86\crt\src\errmode.c
f:\dd\vctools\crt_bld\self_x86\crt\src\lseeki64.c
f:\dd\vctools\crt_bld\self_x86\crt\src\isatty.c
f:\dd\vctools\crt_bld\self_x86\crt\prebuild\tran\contrlfp.c
f:\dd\vctools\crt_bld\self_x86\crt\src\_fptostr.c
f:\dd\vctools\crt_bld\self_x86\crt\src\open.c
0 && "Only UTF-16 little endian & UTF-8 is supported for reads"
f:\dd\vctools\crt_bld\self_x86\crt\src\mbsnbicm.c
f:\dd\vctools\crt_bld\self_x86\crt\src\mbsnbcmp.c
f:\dd\vctools\crt_bld\self_x86\crt\src\getenv.c
f:\dd\vctools\crt_bld\self_x86\crt\prebuild\conv\x10fout.c
f:\dd\vctools\crt_bld\self_x86\crt\src\strnicmp.c
f:\dd\vctools\crt_bld\self_x86\crt\src\wcsnicmp.c
f:\dd\vctools\crt_bld\self_x86\crt\src\setmode.c
f:\dd\vctools\crt_bld\self_x86\crt\src\mbsnbico.c
f:\dd\vctools\crt_bld\self_x86\crt\src\strnicol.c
("CRT Logic error during setenv",0)
__crtsetenv
c:\%original file name%.exe
{8856F961-340A-11D0-A96B-00C04FD705A2}
All Files (*.*)
No error message is available.#Attempted an unsupported operation.$A required resource was unavailable.
Command failed.)Insufficient memory to perform operation.PSystem registry entries have been removed and the INI file (if any) was deleted.BNot all of the system registry entries (or INI file) were removed.FThis program requires the file %s, which was not found on this system.tThis program is linked to the missing export %s in the file %s. This machine may have an incompatible version of %s.
Destination disk drive is full.5Unable to read from %1, it is opened by someone else.AUnable to write to %1, it is read-only or opened by someone else.1Encountered an unexpected error while reading %1.1Encountered an unexpected error while writing %1.
#Unable to load mail system support.
%original file name%.exe_1188_rwx_00401000_001E2000:
J!"#$J%J&'()*J ,JJJJJJJJ-J.JJ/0J1JJJJJJJJJJJJJJJJJJ23JJ4567JJ8JJJJJ9:;JJJJJ<=JJJJJJJJJJJ>?JJJJJJJJ@JJJJJJAJJJJJBJJCJJJJJJJJJJJDEJJJJJJJFJGJJJJJJJJJJJJHJI
j.hTwV
j.hHzV
%Program Files% (x86)\Microsoft Visual Studio 9.0\VC\atlmfc\include\atlexcept.h
%Program Files% (x86)\Microsoft Visual Studio 9.0\VC\include\xdebug
FJN[[[[[_mx$.6>ACINSU]etuv",,:EP_cjs{|*./;DLV_gjy{ -3>>DP^kp FDKWany
%Program Files% (x86)\Microsoft Visual Studio 9.0\VC\include\streambuf
%Program Files% (x86)\Microsoft Visual Studio 9.0\VC\include\xlocnum
%Program Files% (x86)\Microsoft Visual Studio 9.0\VC\include\xlocale
%Program Files% (x86)\Microsoft Visual Studio 9.0\VC\include\xiosbase
%Program Files% (x86)\Microsoft Visual Studio 9.0\VC\atlmfc\include\cstringt.h
EQW]]]]]ett{'*02?CCRTam||%-9::HQT]alq"(-1??JSU^ekyy"#$$.=JYgkpt|}#')1=KZ[]]^ksy')6?AGN]`nox'.05=AP^fq{}--68ETW]cqv|}$,79GP]lov'(--;EMVYaly#&'4@FGS\eooq *-03AJQ\]]hllz'
GHIIIIIIKSbqvw(.46BCHPTUXYfr{LKOQ]huw|
BQS`````ln|&-7;DMO[ddrtv'5CGGLTWfu!#' 3<<KZbo{{FRWYamx&2?M\ffoz$(6CGP
IT[_____gvCN]ffqv%,7@LNSW]an|*AMSVXbp{!#034<ACLVXdkr .1=@OT`cky')),
GMQ\\\\\defghno{(-6CRaeix}"&-;EMT`ky|'-1
LX^hhhhhmuxz"$/>HJQVV[\dqx#' 8GHQ]ju%% 9:>?KNVeop| '(39>@ITcpx$%*67CGGUW
N\cmmmmmp{{} 0?CDGMXaht (.<=?ILWZiwyz$/49;DHKMSWdsy(56DGS`mv!LR^eghkxy
NX]fffffjkxzCJXamny|".3:GUbkm| -59ESW
CHKQQQQQVao|#-;IT]iip|)0=DQTZbiiov}ICF
GHIIIIIIKW`oxx %89COO^eenop{$*08FLOPUa
()$^.* ?[]|\-{},:=!
GMQ\\\\\]ijkqqu!)-448AAFHUWZant}.69GMU_fnnwz',,6>?NRajy!/4:FOOT]^apvy"&0
invalid _N_type: %d
%Program Files% (x86)\Microsoft Visual Studio 9.0\VC\include\locale
CHKQQQQQ[dps##%'*./25@JSYekrz>BNZblr! 3?HKZ]hp|)4BPTcrt '5;JJY[iijjx)19FUaoo|*.28;;COXgv%,.<AMOXcdivv
AIP[[[[[^hmns "" 0=>LZiqt!07BGQ[gt"$' 57BEFLXfn|-<DMY`hnv *1;GQYer#;FRY[chlnr{}#.:=FJY]lx)*3AEHW]lt#.<FLRT[_fqt"1>LY^aijw"LKT\^divz'58DLYYY\\_nvz&,9GOPYhkx)15@FST__nu$019>KXguz!#'0456:FS`cr{)888FKR[_mu %,:;JNSVaahhvw!,4>>AAIP\`cklquz!% 2ALST\cqx{ 5BFISSZemox')7<DIOSV^cipv}"08>BKX^_n{#&17?@KKKUdmmq}.7@EOTVZgjv|,6@BJPW\_bir".044<IQ_`hv&47<DNVckq|*038EFQ\
NSTTTTTT_ghhs$1@KN[^dr{)-:IU\kuuw%,49ADGHS_ahqwx$.69FKN]bkz| 1;DEQT\jx$%-1=BGLWcp|-9EIX\ktz"#-8?IP\`bfjmmt (/:EQ]dkns})2>FO^eglqz|"(4:FTU[inpy|#014?@MZhrs"(2:DMZgghpz}&/48=CCOXbo (-02:>HWeq{*-<FKUU[cqx"&'28<EKR_cko{$$:;;?KTcpty"*37;;=DEIT`blw{#0>BFKQZ[hrwx| 0;E
IsWindowsServer
CHKQQQQQZcgmmmmt!),2=FMOZfq}#()3>>>HINXgmw %*7CMZ`kw CELPYcosy),1=HJX`hu&2@@MY]agjjr )8GT[]kp| )45:GG
GHIIIIIIJMX__loruz{&,01@CRT[cpyy!,;;DOP]cmmx'''0>BJXgv%(23@NQW[[`hox'.22
LX^hhhhhou'FGQQYcfhs#&19<BFJVakq %,2@G
GetExternal.cpp
AIP[[[[[abgqrs#(.9GNV[^ggjltx%'456<>CKVWX^hot#)39CFFRTcp $,:GIMNRU]iruuy
GHIIIIIIMVXgu%2<>EFIUdpy)5@JMSS[ioo|$2>K
GHIIIIIIWdlty678CNY\``ehu$3:EM[^ls|%/7:IR`nvv'(,9;DQVelw?EEQSVboy'-2:@OSX]er!#08DPTWakv|(07:HQSVcr
AIP[[[[[abbly"0:GVZ]diw'69GLYZ\dm|'/<=ADP]ggjryz#,9:AIX]_hq (*6?BBGPU_jmn}& 4=DSS\crt!",,,377;DEJKWbiw{"
DSSbbbbbm{!.066;JXbcrt%4:IKNWao{$3?L[[^_
helpJavaScript.cpp
BQS`````cr!(-68GRVWetux ,-9>BCCRT^dmw&5CCMNVajx'5<@EFTZ[fo|,,27<?HST`efqv!(-19EIJV`mxx%&(/3;AEO]fs|(7<BP
GHIIIIIIX_`mmtw! --8BCKUVVep}'6;>GLNT^`dfhtv$ ./49ENYdeory555:IWfss %,
NetBase.cpp
GMQ\\\\\ems#179=?IWbijt} .:APPRTWWes .9FQWeho}$6DO]gkuwz!>BIUYfu#&118AHT\krrz{* .4<DNZ`krx}!!&09DLZ
ERV]]]]]bffo{'./23BLOP[ao{{*66@DMNZeft(DFT__ilxx"),06ABCMZ`cgsz|'/0=HS[emp!!"#$(,59;DJMYdejn{(-4ALUdpzz|$'*9<BDHUciily).7:GQZacfhptw!&./;HWfly)/0<GGS[dhnwx'1?MN[`ffsy
NX]fffffkww".5>MXanooqx!'/8@NP_kx))7?DRacqy!!/0>BESW\^djmx!%*6@KTbbqz$28AFLPSXcrt4=LMVX]hu{,5@BHQ\dls
PictureEx.cpp
c:\logFile.txt
Error opening key.
Key not found.
CheckRegistryKeyExistance
SetStringKey
"exeId":"
inflate 1.1.3 Copyright 1995-1998 Mark Adler
1.1.3
CWebBrowser2
mb_00000000-0000-0000-0807-060504030201
mb_09F005AE-AC9D-4FC1-AB7A-24004F6C043A
mb_01010101-0101-0101-0101-010101010101
mb_58585858-5858-5858-5858-585858585858
mb_4c4c4544-0000-2010-8020-80c04f202020
mb_11111111-2222-3333-4444-555555555555
mb_11111111-1111-1111-1111-111111111111
mb_00020003-0004-0005-0006-000700080009
mb_890E2D14-CACD-45D1-AE66-BC80E8BFEB0F
mb_8E275844-178F-44A8-ACEB-A7D7E5178C63
mb_52309712-FFFF-FFFF-FFFF-FFFFFFFFFFFF
mb_DC698397-FA54-4CF2-82C8-B1B5307A6A7F
mb_61F39712-FFFF-FFFF-FFFF-FFFFFFFFFFFF
mb_50FB9712-FFFF-FFFF-FFFF-FFFFFFFFFFFF
mb_93309712-FFFF-FFFF-FFFF-FFFFFFFFFFFF
mb_56F49712-FFFF-FFFF-FFFF-FFFFFFFFFFFF
mb_07090201-0103-0301-0807-060504030201
mb_03000200-0400-0500-0006-000700080009
mb_FEFEFEFE-FEFE-FEFE-FEFE-FEFEFEFEFEFE
mb_FFFFFFFF-FFFF-FFFF-FFFF-FFFFFFFFFFFF
mb_00000000-0000-0000-0000-000000000000
0.0.0.0
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\olemisc.cpp
CNotSupportedException
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\except.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\include\afxtls_.h
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\strcore.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\include\afxtempl.h
f:\dd\vctools\vc7libs\ship\atlmfc\include\afx.inl
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\winstr.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\appcore.cpp
m_msgCur = {
m_pszExeName =
m_nCmdShow =
m_lpCmdLine =
f:\dd\vctools\vc7libs\ship\atlmfc\include\afxadv.h
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\winfrm.cpp
Warning: no message line prompt for ID 0xX.
Warning: OnUpdateKeyIndicator - unknown indicator 0xX.
Warning: scroll bars in frame windows may cause unusual behaviour.
f:\dd\vctools\vc7libs\ship\atlmfc\include\afxpriv.h
f:\dd\vctools\vc7libs\ship\atlmfc\include\afxcoll.inl
CCmdTarget
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\cmdtarg.cpp
SENDING control notification %d from control id 0xX to %hs window.
SENDING command id 0xX to %hs target.
No handler for command ID 0xX, disabling it.
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\thrdcore.cpp
m_nMsgLast =
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\appui2.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\appui.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\appui1.cpp
Error: failed to load message box prompt string 0xx.
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\wincore.cpp
Warning: unknown WM_MEASUREITEM for menu item 0xX.
hhctrl.ocx
Implementation Warning: control notification = $%X.
Warning: not executing disabled command %d
hWnd = $X (nIDC=$X) is not a %hs.
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\afximpl.h
f:\dd\vctools\vc7libs\ship\atlmfc\include\afxwin2.inl
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\winocc.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\include\afxwin1.inl
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\afxtls.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\occmgr.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\occdlg.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\occsite.cpp
IOleInPlaceObject not supported on OLE control (dialog ID %d).
Persistence not supported on OLE control %ls.
%d. Column ordinal %d: Binding as native data type
%d. Column ordinal %d: Binding a COM object
%d. Column ordinal %d: Binding as an IStream object
%d. Column ordinal %d: Binding as an ISequentialStream object
neither ISequentialStream nor IStream are supported!
IStream is supported
FISequentialStream is supported
Testing streams support...
%d. Column ordinal %d: Binding by reference in provider allocated, consumer owned memory
%d. Column ordinal %d: Binding length and status ONLY
Number of columns: %d
f:\dd\vctools\vc7libs\ship\atlmfc\include\atldbcli.h
Unsupported DBTYPE (%d) in column %d
$@Column %d not bound
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\winctrl1.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\dlgcore.cpp
IGNORING command id 0xX sent to %hs dialog.
Routing command id 0xX to app.
Routing command id 0xX to owner window.
Warning: Creating dialog from within a COleControlModule application is not a supported scenario.
Warning: ExecuteDlgInit failed during dialog init.
ERROR: Dialog with IDD 0xX must have the child style.
ERROR: Dialog with IDD 0xX must be invisible.
ERROR: Cannot find dialog template with IDD 0xX.
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\occcont.cpp
Error: no data exchange control with ID 0xX.
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\dlgdata.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\oleunk.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\include\afxole.inl
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\wingdi.cpp
m_ps.rcPaint =
m_ps.fErase =
m_ps.hdc =
lgpn.lopnColor =
lgpn.lopnWidth.x (width) =
lgpn.lopnStyle =
lb.lbColor =
lb.lbHatch =
lb.lbStyle =
lf.lfFaceName =
lf.lfPitchAndFamily =
lf.lfQuality =
lf.lfClipPrecision =
lf.lfOutPrecision =
lf.lfCharSet =
lf.lfStrikeOut =
lf.lfUnderline =
lf.lfItalic =
lf.lfWeight =
lf.lfOrientation =
lf.lfEscapement =
lf.lfWidth =
lf.lfHeight =
bm.bmBitsPixel =
bm.bmPlanes =
bm.bmWidthBytes =
bm.bmWidth =
bm.bmHeight =
bm.bmType =
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\afxstate.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\array_s.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\elements.h
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\arcobj.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\arccore.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\objcore.cpp
CHttpConnection
CHttpFile
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\inet.cpp
Unknown status: %d
Internet ctxt=%d:
Warning: throwing CInternetException for error %d
Warning: Extended error reported with no response info
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\filecore.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\filex.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\appinit.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\auxdata.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\olevar.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\arcex.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\appui3.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\olelock.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\winutil.cpp
Warning: Shrinking safety pool from %d to %d to satisfy request of %d bytes.
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\dumpcont.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\list_p.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\winmenu.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\wingdix.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\bartool.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\array_o.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\include\afxcmn2.inl
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\winctrl2.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\include\afxcmn.inl
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\plex.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\array_b.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\array_w.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\array_d.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\array_p.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\map_pp.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\map_wo.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\map_so.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\map_ss.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\dlgcomm.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\afxcrit.cpp
WM_HOTKEY
WM_SETHOTKEY
WM_IDLEUPDATECMDUI
WM_DDE_EXECUTE
WM_KEYLAST
WM_SYSKEYUP
WM_SYSKEYDOWN
WM_KEYUP
WM_KEYDOWN
WM_VKEYTOITEM
WM_CTLCOLORMSGBOX
WM_USER 0xX
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\afxtrace.cpp
Warning: Unable to unpack WM_DDE_EXECUTE lParam lX.
Warning: failed to reclaim %d bytes for memory safety pool.
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\winhand.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\occevent.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\filemem.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\oledisp2.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\oleinit.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\arcstrm.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\dlgtempl.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\oleenum.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\apphelp.cpp
Error: failed to load AfxFormatString string 0xx.
Error: illegal string index requested %d.
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\filetxt.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\include\afxmt.inl
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\filest.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\dumpout.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\fixalloc.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\oledisp1.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\olecnvrt.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\olemsgf.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\occlock.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\olefact.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\oledobj2.cpp
a %hs object at $%p, %u bytes long
an invalid object at $%p, %u bytes long
faulted while dumping object at $%p, %u bytes long
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\dumpinit.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\oledlgs2.cpp
m_bz.hTask =
m_bz.hResource =
m_bz.lpszTemplate =
m_bz.hInstance =
m_bz.lCustData =
m_bz.lpszCaption =
m_bz.hWndOwner =
m_bz.dwFlags =
m_bz.cbStruct =
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\oledoc1.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\list_o.cpp
f:\dd\vctools\crt_bld\self_x86\crt\src\xmutex.cpp
f:\dd\vctools\crt_bld\self_x86\crt\src\locale0.cpp
f:\dd\vctools\crt_bld\self_x86\crt\src\_tolower.c
f:\dd\vctools\crt_bld\self_x86\crt\src\streambuf
f:\dd\vctools\crt_bld\self_x86\crt\src\xlocale
f:\dd\vctools\crt_bld\self_x86\crt\src\xmbtowc.c
%s_%0x
%s(%d) :
f:\dd\vctools\vc7libs\ship\atlmfc\src\atl\atls\atlbase.cpp
f:\dd\vctools\crt_bld\self_x86\crt\src\dbgrpt.c
f:\dd\vctools\crt_bld\self_x86\crt\src\onexit.c
Client hook allocation failure at file %hs line %d.
Memory allocated at %hs(%d).
Client hook re-allocation failure at file %hs line %d.
HEAP CORRUPTION DETECTED: after %hs block (#%d) at 0x%p.
CRT detected that the application wrote to memory after end of heap buffer.
HEAP CORRUPTION DETECTED: before %hs block (#%d) at 0x%p.
CRT detected that the application wrote to memory before start of heap buffer.
CRT detected that the application wrote to a heap buffer that was freed.
crt block at 0x%p, subtype %x, %Iu bytes long.
client block at 0x%p, subtype %x, %Iu bytes long.
%hs(%d) :
#File Error#(%d) :
Data: <%s> %s
f:\dd\vctools\crt_bld\self_x86\crt\src\setvbuf.c
f:\dd\vctools\crt_bld\self_x86\crt\src\threadex.c
_CrtDbgReport: String too long or IO Error
Debug %s!
Program: %s%s%s%s%s%s%s%s%s%s%s%s
f:\dd\vctools\crt_bld\self_x86\crt\src\osfinfo.c
%s(%d) : %s
_CrtDbgReport: String too long or Invalid characters in String
f:\dd\vctools\crt_bld\self_x86\crt\src\_file.c
f:\dd\vctools\crt_bld\self_x86\crt\src\setlocal.c
f:\dd\vctools\crt_bld\self_x86\crt\src\initctyp.c
f:\dd\vctools\crt_bld\self_x86\crt\src\stdenvp.c
f:\dd\vctools\crt_bld\self_x86\crt\src\stdargv.c
f:\dd\vctools\crt_bld\self_x86\crt\src\w_env.c
f:\dd\vctools\crt_bld\self_x86\crt\src\ioinit.c
f:\dd\vctools\crt_bld\self_x86\crt\src\tidtable.c
This is an unsupported way to load Visual C DLLs. You need to modify your application to build with a manifest.
- Attempt to initialize the CRT more than once.
- CRT not initialized
Please contact the application's support team for more information.
- floating point support not loaded
f:\dd\vctools\crt_bld\self_x86\crt\src\mlock.c
GetProcessWindowStation
f:\dd\vctools\crt_bld\self_x86\crt\src\output.c
f:\dd\vctools\crt_bld\self_x86\crt\src\mbctype.c
f:\dd\vctools\crt_bld\self_x86\crt\src\drive.c
f:\dd\vctools\crt_bld\self_x86\crt\src\_sftbuf.c
ADVAPI32.DLL
f:\dd\vctools\crt_bld\self_x86\crt\src\inithelp.c
f:\dd\vctools\crt_bld\self_x86\crt\src\read.c
f:\dd\vctools\crt_bld\self_x86\crt\src\stream.c
f:\dd\vctools\crt_bld\self_x86\crt\src\tzset.c
f:\dd\vctools\crt_bld\self_x86\crt\src\gmtime.c
f:\dd\vctools\crt_bld\self_x86\crt\src\_getbuf.c
USER32.DLL
f:\dd\vctools\crt_bld\self_x86\crt\src\inittime.c
f:\dd\vctools\crt_bld\self_x86\crt\src\initnum.c
f:\dd\vctools\crt_bld\self_x86\crt\src\initmon.c
portuguese-brazilian
f:\dd\vctools\crt_bld\self_x86\crt\src\convrtcp.c
operator
Run-Time Check Failure #%d - %s
%s%s%s%s
%s%s%p%s%ld%s%d%s
user32.dll
f:\dd\vctools\crt_bld\self_x86\crt\src\wtombenv.c
MSPDB80.DLL
RegCloseKey
RegOpenKeyExA
f:\dd\vctools\crt_bld\self_x86\crt\src\setenv.c
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\appmodul.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\winmain.cpp
MaxCore.cpp
.?AVCCmdTarget@@
MaxCoreDlg.cpp
.?AVCWebBrowser2@@
.?AVExecuteBase@@
.?AVExecuteFacade@@
Idispimp.cpp
.PAVCInternetException@@
.PAVCFileException@@
Text.cpp
.PAVCOleException@@
.PAVCException@@
.PAVCObject@@
.PAVCMemoryException@@
.PAVCSimpleException@@
.PAVCNotSupportedException@@
.PAVCInvalidArgException@@
.?AVCNotSupportedException@@
.?AVCCmdUI@@
.?AVCTestCmdUI@@
.PAVCUserException@@
.PAVCResourceException@@
.PAVCArchiveException@@
.?AVCHttpConnection@@
.?AVCHttpFile@@
.?AV?$CFixedStringT@V?$CStringT@_WV?$StrTraitMFC@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@$0BAA@@ATL@@
.?AV?$CStringT@_WV?$StrTraitMFC@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@
.PAVCOleDispatchException@@
zcÁ
R<u.pr
kC-O}
z%CMH
]%uce
o?.DCtO
Ñj\
[.NQ#
NpB0%xm
zcMD
GetCPInfo
GetConsoleOutputCP
GetProcessHeap
RegOpenKeyExW
RegCreateKeyExW
RegOpenKeyW
RegEnumKeyW
RegCreateKeyW
RegDeleteKeyW
RegQueryInfoKeyW
RegEnumKeyExW
GetViewportExtEx
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
ShellExecuteW
ShellExecuteExW
UrlUnescapeW
URLDownloadToFileW
GetKeyState
CreateDialogIndirectParamW
UnhookWindowsHookEx
SetWindowsHookExW
HttpQueryInfoW
HttpSendRequestW
HttpOpenRequestW
InternetOpenUrlW
InternetCanonicalizeUrlW
InternetCrackUrlW
(.fFb#
1')3-=#3=') '#
hs.SS
<5"95"95"90
;$.:'.:$&:)
(08(03`-035(F*(.RK-
1>" (0:1
(($40 ,( 0 ,4$,0 0 ,
.text
`.rdata
@.data
.rsrc
@.reloc
%Program Files% (x86)\Microsoft Visual Studio 9.0\VC\include\xutility
%Program Files% (x86)\Microsoft Visual Studio 9.0\VC\atlmfc\include\atlsimpstr.h
AtlThrow: hr = 0x%x
std::_Vector_const_iterator<unsigned int,class std::allocator<unsigned int> >::operator *
%Program Files% (x86)\Microsoft Visual Studio 9.0\VC\include\vector
std::_Vector_const_iterator<unsigned int,class std::allocator<unsigned int> >::operator =
%Program Files% (x86)\Microsoft Visual Studio 9.0\VC\include\xstring
std::_Vector_const_iterator<struct offerStruct *,class std::allocator<struct offerStruct *> >::operator *
std::_Vector_const_iterator<class std::vector<unsigned int,class std::allocator<unsigned int> > *,class std::allocator<class std::vector<unsigned int,class std::allocator<unsigned int> > *> >::operator *
std::_Vector_const_iterator<struct offerStruct *,class std::allocator<struct offerStruct *> >::operator =
std::_Vector_const_iterator<class std::vector<unsigned int,class std::allocator<unsigned int> > *,class std::allocator<class std::vector<unsigned int,class std::allocator<unsigned int> > *> >::operator =
Id: = index: = score: ] %c
%Program Files% (x86)\Microsoft Visual Studio 9.0\VC\include\memory
Total list score: d
std::_Vector_const_iterator<unsigned char,class std::allocator<unsigned char> >::operator *
std::_Vector_const_iterator<unsigned char,class std::allocator<unsigned char> >::operator =
%Program Files% (x86)\Microsoft Visual Studio 9.0\VC\include\ostream
std::_String_const_iterator<char,struct std::char_traits<char>,class std::allocator<char> >::operator *
std::_String_const_iterator<char,struct std::char_traits<char>,class std::allocator<char> >::operator
std::_Vector_const_iterator<class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> >,class std::allocator<class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> > > >::operator =
std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> >::operator []
std::_Vector_const_iterator<class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> >,class std::allocator<class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> > > >::operator *
std::_Vector_const_iterator<class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> >,class std::allocator<class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> > > >::operator
hWarning: implicit LoadString(%u) failed
std::_String_const_iterator<char,struct std::char_traits<char>,class std::allocator<char> >::operator =
%Program Files% (x86)\Microsoft Visual Studio 9.0\VC\atlmfc\include\atlconv.h
%Program Files% (x86)\Microsoft Visual Studio 9.0\VC\include\xtree
std::_Tree<class std::_Tmap_traits<int,wchar_t const *,struct std::less<int>,class std::allocator<struct std::pair<int const ,wchar_t const *> >,0> >::const_iterator::operator ==
std::_Tree<class std::_Tmap_traits<int,wchar_t const *,struct std::less<int>,class std::allocator<struct std::pair<int const ,wchar_t const *> >,0> >::const_iterator::operator *
invalid operator<
std::_Tree<class std::_Tmap_traits<class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > >,unsigned long,struct std::less<class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > > >,class std::allocator<struct std::pair<class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > > const ,unsigned long> >,0> >::const_iterator::operator ==
std::_Tree<class std::_Tmap_traits<class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > >,class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > >,struct std::less<class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > > >,class std::allocator<struct std::pair<class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > > const ,class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > > > >,0> >::const_iterator::operator ==
std::_Tree<class std::_Tmap_traits<class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > >,unsigned long,struct std::less<class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > > >,class std::allocator<struct std::pair<class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > > const ,unsigned long> >,0> >::const_iterator::operator *
std::_Tree<class std::_Tmap_traits<class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > >,class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > >,struct std::less<class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > > >,class std::allocator<struct std::pair<class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > > const ,class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > > > >,0> >::const_iterator::operator *
std::_Tree<class std::_Tmap_traits<class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > >,class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > >,struct std::less<class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > > >,class std::allocator<struct std::pair<class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > > const ,class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > > > >,0> >::const_iterator::_Inc
std::_Tree<class std::_Tmap_traits<class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > >,unsigned long,struct std::less<class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > > >,class std::allocator<struct std::pair<class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > > const ,unsigned long> >,0> >::const_iterator::_Dec
std::_Tree<class std::_Tmap_traits<class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > >,unsigned long,struct std::less<class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > > >,class std::allocator<struct std::pair<class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > > const ,unsigned long> >,0> >::const_iterator::_Inc
std::_Tree<class std::_Tmap_traits<class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > >,class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > >,struct std::less<class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > > >,class std::allocator<struct std::pair<class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > > const ,class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > > > >,0> >::const_iterator::_Dec
ExtractIcon.cpp
std::vector<class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> >,class std::allocator<class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> > > >::operator []
%Program Files% (x86)\Microsoft Visual Studio 9.0\VC\include\list
std::list<class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> >,class std::allocator<class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> > > >::_Const_iterator<1>::operator *
std::list<class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> >,class std::allocator<class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> > > >::_Const_iterator<1>::operator
%Program Files% (x86)\Microsoft Visual Studio 9.0\VC\include\regex
%Program Files% (x86)\Microsoft Visual Studio 9.0\VC\include\algorithm
std::list<class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> >,class std::allocator<class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> > > >::_Const_iterator<1>::operator --
std::_String_const_iterator<char,struct std::char_traits<char>,class std::allocator<char> >::operator --
std::_String_const_iterator<wchar_t,struct std::char_traits<wchar_t>,class std::allocator<wchar_t> >::operator *
std::_String_const_iterator<wchar_t,struct std::char_traits<wchar_t>,class std::allocator<wchar_t> >::operator
std::vector<class std::tr1::sub_match<char const *>,class std::allocator<class std::tr1::sub_match<char const *> > >::operator []
std::_Vector_const_iterator<class std::tr1::sub_match<char const *>,class std::allocator<class std::tr1::sub_match<char const *> > >::operator =
_std::_Vector_const_iterator<char,class std::allocator<char> >::operator *
%Program Files% (x86)\Microsoft Visual Studio 9.0\VC\atlmfc\include\atlcomcli.h
std::vector<wchar_t,class std::allocator<wchar_t> >::operator []
std::_Vector_const_iterator<wchar_t,class std::allocator<wchar_t> >::operator =
std::_Vector_const_iterator<wchar_t,class std::allocator<wchar_t> >::operator *
std::_Vector_const_iterator<wchar_t,class std::allocator<wchar_t> >::operator
std::vector<class argument,class std::allocator<class argument> >::operator []
std::_Vector_const_iterator<class argument,class std::allocator<class argument> >::operator =
std::_Vector_const_iterator<class argument,class std::allocator<class argument> >::operator *
std::_Vector_const_iterator<class argument,class std::allocator<class argument> >::operator
start.gif
std::vector<struct CPictureEx::TFrame,class std::allocator<struct CPictureEx::TFrame> >::operator []
std::_Vector_const_iterator<struct CPictureEx::TFrame,class std::allocator<struct CPictureEx::TFrame> >::operator *
std::_Vector_const_iterator<struct CPictureEx::TFrame,class std::allocator<struct CPictureEx::TFrame> >::operator
std::_Vector_const_iterator<struct CPictureEx::TFrame,class std::allocator<struct CPictureEx::TFrame> >::operator =
HKEY_USERS
HKEY_LOCAL_MACHINE
HKEY_CURRENT_USER
HKEY_CLASSES_ROOT
Gstd::_Tree<class std::_Tmap_traits<unsigned int,class CTrayIcon *,struct std::less<unsigned int>,class std::allocator<struct std::pair<unsigned int const ,class CTrayIcon *> >,0> >::const_iterator::operator ==
std::_Tree<class std::_Tmap_traits<unsigned int,class CTrayIcon *,struct std::less<unsigned int>,class std::allocator<struct std::pair<unsigned int const ,class CTrayIcon *> >,0> >::const_iterator::operator *
%s%s%s
HX
_hd_%S
0mb_%S
SELECT * FROM Win32_OperatingSystem
CACHE_S_FORMATETC_NOTSUPPORTED
CO_E_SERVER_EXEC_FAILURE
MK_E_INTERMEDIATEINTERFACENOTSUPPORTED
OLE_E_ADVISENOTSUPPORTED
REGDB_E_KEYMISSING
UCACHE_E_FIRST...CACHE_E_LAST
CACHE_S_FIRST...CACHE_S_LAST
CLASSFACTORY_E_FIRST...CLASSFACTORY_E_LAST
CLASSFACTORY_S_FIRST...CLASSFACTORY_S_LAST
CLIENTSITE_E_FIRST...CLIENTSITE_E_LAST
CLIENTSITE_S_FIRST...CLIENTSITE_S_LAST
CLIPBRD_E_FIRST...CLIPBRD_E_LAST
CLIPBRD_S_FIRST...CLIPBRD_S_LAST
CONVERT10_E_FIRST...CONVERT10_E_LAST
CONVERT10_S_FIRST...CONVERT10_S_LAST
CO_E_FIRST...CO_E_LAST
CO_S_FIRST...CO_S_LAST
DATA_E_FIRST...DATA_E_LAST
DATA_S_FIRST...DATA_S_LAST
DRAGDROP_E_FIRST...DRAGDROP_E_LAST
DRAGDROP_S_FIRST...DRAGDROP_S_LAST
ENUM_E_FIRST...ENUM_E_LAST
ENUM_S_FIRST...ENUM_S_LAST
INPLACE_E_FIRST...INPLACE_E_LAST
INPLACE_S_FIRST...INPLACE_S_LAST
MARSHAL_E_FIRST...MARSHAL_E_LAST
MARSHAL_S_FIRST...MARSHAL_S_LAST
MK_E_FIRST...MK_E_LAST
MK_S_FIRST...MK_S_LAST
OLEOBJ_E_FIRST...OLEOBJ_E_LAST
OLEOBJ_S_FIRST...OLEOBJ_S_LAST
OLE_E_FIRST...OLE_E_LAST
OLE_S_FIRST...OLE_S_LAST
REGDB_E_FIRST...REGDB_E_LAST
REGDB_S_FIRST...REGDB_S_LAST
VIEW_E_FIRST...VIEW_E_LAST
VIEW_S_FIRST...VIEW_S_LAST
FACILITY_WINDOWS
severity: %s, facility: %s ($lX)
range: %s ($lX)
%s ($lX)
Warning: constructing COleException, scode = %s.
f:\dd\vctools\vc7libs\ship\atlmfc\include\atlalloc.h
f:\dd\vctools\vc7libs\ship\atlmfc\include\atlcomcli.h
f:\dd\vctools\vc7libs\ship\atlmfc\include\atlsimpstr.h
f:\dd\vctools\vc7libs\ship\atlmfc\include\cstringt.h
f:\dd\vctools\vc7libs\ship\atlmfc\include\atlconv.h
ntdll.dll
kernel32.dll
Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
Software\Microsoft\Windows\CurrentVersion\Policies\Network
Software\Microsoft\Windows\CurrentVersion\Policies\Comdlg32
%s%s.dll
%s (%s:%d)
Hf:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\winfrm.cpp
Error: failed to execute DDE command '%s'.
Warning: DDE command '%s' ignored because window is disabled.
pMRU: open file (%d) '%s'.
Can't register window class named %s
Afx:%p:%x:%p:%p:%p
Afx:%p:%x
WinHelp: pszHelpFile = '%s', dwData: $%lx, fuCommand: %d.
HtmlHelp: pszHelpFile = '%s', dwData: $%lx, fuCommand: %d.
accKeyboardShortcut
f:\dd\vctools\vc7libs\ship\atlmfc\include\atlcom.h
commctrl_DragListMsg
Kf:\dd\vctools\vc7libs\ship\atlmfc\include\afxwin2.inl
Binding entry %d failed. Status: %d
f:\dd\vctools\vc7libs\ship\atlmfc\include\atlbase.h
GetData failed - HRESULT = 0x%X
m_pColumnInfo[nColumn].ulColumnSize == sizeof(ctype)
ERROR: Dialog named '%s' must have the child style.
ERROR: Dialog named '%s' must be invisible.
ERROR: Cannot find dialog template named '%s'.
CLSID\%s
Interface\%s
mfcm90ud.dll
QueryInterface(%s) failed
QueryInterface(%s) succeeded
Kcomctl32.dll
Kcomdlg32.dll
Kshell32.dll
Kf:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\array_s.cpp
hXXp://
connecting to socket address '%s'
resolved name for %s!
resolving name for %s
Warning: destroying an open %s with handle %8.8X
Warning: Disconnecting %s handle %8.8X in context %8.8X at destruction.
LHTTP/1.0
WININET.DLL
Warning: could not get volume information '%s'.
Warning: could not parse the path '%s'. Path is too long.
Warning: could not parse the path '%s'.
CFile exception: %hs, File %s, OS error information = %ld.
AppMsg
WinMsg
CmdRouting
0xx
%s: hwnd=0xX, msg = 0xX (0xX, 0xX)
%s: hwnd=0xX, msg = %hs (0xX, 0xX)
%s: Advise item='%s', Format='%s', Ack=%d, Defer Update= %d
%s: Execute '%s'.
Warning: OleInitialize returned scode = %s.
ole32.dll
mscoree.dll
nf:\dd\vctools\crt_bld\self_x86\crt\src\xstring
Nf:\dd\vctools\crt_bld\self_x86\crt\src\xmbtowc.c
f:\dd\vctools\vc7libs\ship\atlmfc\src\atl\atls\atldebugapi.cpp
%S(%d) :
ppCategory && pfnCrtDbgReport
f:\dd\vctools\vc7libs\ship\atlmfc\include\atlmem.h
f:\dd\vctools\vc7libs\ship\atlmfc\include\atltime.inl
f:\dd\vctools\vc7libs\ship\atlmfc\include\atlbase.inl
f:\dd\vctools\vc7libs\ship\atlmfc\include\atlcomtime.inl
f:\dd\vctools\vc7libs\ship\atlmfc\include\atlcore.h
f:\dd\vctools\vc7libs\ship\atlmfc\src\atl\atls\allocate.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\atl\atls\atltracemodulemanager.h
mode == _CRT_RPTHOOK_INSTALL || mode == _CRT_RPTHOOK_REMOVE
wcscpy_s(szOutMessage, 4096, L"_CrtDbgReport: String too long or IO Error")
memcpy_s(szShortProgName, sizeof(TCHAR) * (260 - (szShortProgName - szExeName)), dotdotdot, sizeof(TCHAR) * 3)
wcscpy_s(szExeName, 260, L"<program name unknown>")
__crtMessageWindowW
f:\dd\vctools\crt_bld\self_x86\crt\src\vswprint.c
f:\dd\vctools\crt_bld\self_x86\crt\src\memcpy_s.c
f:\dd\vctools\crt_bld\self_x86\crt\src\memmove_s.c
f:\dd\vctools\crt_bld\self_x86\crt\src\tcscat_s.inl
f:\dd\vctools\crt_bld\self_x86\crt\src\wcstombs.c
f:\dd\vctools\crt_bld\self_x86\crt\src\tsplitpath_s.inl
f:\dd\vctools\crt_bld\self_x86\crt\src\tmakepath_s.inl
f:\dd\vctools\crt_bld\self_x86\crt\src\stat64.c
f:\dd\vctools\crt_bld\self_x86\crt\src\wcsicmp.c
f:\dd\vctools\crt_bld\self_x86\crt\src\printf.c
f:\dd\vctools\crt_bld\self_x86\crt\src\strtol.c
f:\dd\vctools\crt_bld\self_x86\crt\src\dbgheap.c
_CrtCheckMemory()
_CrtIsValidHeapPointer(pUserData)
_CrtSetDbgFlag
(fNewBits==_CRTDBG_REPORT_FLAG) || ((fNewBits & 0x0ffff & ~(_CRTDBG_ALLOC_MEM_DF | _CRTDBG_DELAY_FREE_MEM_DF | _CRTDBG_CHECK_ALWAYS_DF | _CRTDBG_CHECK_CRT_DF | _CRTDBG_LEAK_CHECK_DF) ) == 0)
_CrtMemCheckpoint
f:\dd\vctools\crt_bld\self_x86\crt\src\fclose.c
f:\dd\vctools\crt_bld\self_x86\crt\src\fread.c
f:\dd\vctools\crt_bld\self_x86\crt\src\rewind.c
f:\dd\vctools\crt_bld\self_x86\crt\src\ftell.c
f:\dd\vctools\crt_bld\self_x86\crt\src\fseek.c
f:\dd\vctools\crt_bld\self_x86\crt\src\fopen.c
f:\dd\vctools\crt_bld\self_x86\crt\src\fprintf.c
f:\dd\vctools\crt_bld\self_x86\crt\src\wprintf.c
nf:\dd\vctools\crt_bld\self_x86\crt\src\strftime.c
("Invalid MBCS character sequence passed to strftime",0)
("Invalid MBCS character sequence passed into strftime",0)
f:\dd\vctools\crt_bld\self_x86\crt\src\malloc.h
("Corrupted pointer passed to _freea", 0)
f:\dd\vctools\crt_bld\self_x86\crt\src\loctim64.c
f:\dd\vctools\crt_bld\self_x86\crt\src\fwrite.c
f:\dd\vctools\crt_bld\self_x86\crt\src\ungetc.c
f:\dd\vctools\crt_bld\self_x86\crt\src\ungetc_nolock.inl
f:\dd\vctools\crt_bld\self_x86\crt\src\fgetc.c
f:\dd\vctools\crt_bld\self_x86\crt\src\fgetpos.c
f:\dd\vctools\crt_bld\self_x86\crt\src\fsetpos.c
f:\dd\vctools\crt_bld\self_x86\crt\src\fputc.c
f:\dd\vctools\crt_bld\self_x86\crt\src\atof.c
f:\dd\vctools\crt_bld\self_x86\crt\src\wtof.c
f:\dd\vctools\crt_bld\self_x86\crt\src\mktime64.c
f:\dd\vctools\crt_bld\self_x86\crt\src\wcslwr.c
f:\dd\vctools\crt_bld\self_x86\crt\src\tcscpy_s.inl
f:\dd\vctools\crt_bld\self_x86\crt\src\wcstol.c
f:\dd\vctools\crt_bld\self_x86\crt\src\mbsinc.c
f:\dd\vctools\crt_bld\self_x86\crt\src\mbsstr.c
f:\dd\vctools\crt_bld\self_x86\crt\src\mbschr.c
f:\dd\vctools\crt_bld\self_x86\crt\src\tcsncpy_s.inl
f:\dd\vctools\crt_bld\self_x86\crt\src\wcsdup.c
f:\dd\vctools\crt_bld\self_x86\crt\src\xtoa.c
W_CrtSetReportHook2
strcpy_s(szOutMessage, 4096, "_CrtDbgReport: String too long or IO Error")
strcpy_s(szExeName, 260, "<program name unknown>")
__crtMessageWindowA
f:\dd\vctools\crt_bld\self_x86\crt\src\fullpath.c
f:\dd\vctools\crt_bld\self_x86\crt\src\fileno.c
f:\dd\vctools\crt_bld\self_x86\crt\src\fdopen.c
f:\dd\vctools\crt_bld\self_x86\crt\src\feoferr.c
f:\dd\vctools\crt_bld\self_x86\crt\src\fputws.c
f:\dd\vctools\crt_bld\self_x86\crt\src\fgets.c
f:\dd\vctools\crt_bld\self_x86\crt\src\clearerr.c
fMode == _CRTDBG_REPORT_MODE || (fMode & ~(_CRTDBG_MODE_FILE | _CRTDBG_MODE_DEBUG | _CRTDBG_MODE_WNDW)) == 0
_CrtSetReportMode
f:\dd\vctools\crt_bld\self_x86\crt\src\dbgrptt.c
nRptType >= 0 && nRptType < _CRT_ERRCNT
wcscpy_s(szOutMessage2, 4096, L"_CrtDbgReport: String too long or Invalid characters in String")
strcpy_s(szUserMessage, 4096, "_CrtDbgReport: String too long or IO Error")
_VCrtDbgReportA
strcpy_s(szOutMessage2, 4096, "_CrtDbgReport: String too long or Invalid characters in String")
wcscpy_s(szUserMessage, 4096, L"_CrtDbgReport: String too long or IO Error")
_VCrtDbgReportW
((ptloci->lc_category[category].wlocale != NULL) && (ptloci->lc_category[category].wrefcount != NULL)) || ((ptloci->lc_category[category].wlocale == NULL) && (ptloci->lc_category[category].wrefcount == NULL))
f:\dd\vctools\crt_bld\self_x86\crt\src\fputwc.c
f:\dd\vctools\crt_bld\self_x86\crt\src\ungetwc.c
f:\dd\vctools\crt_bld\self_x86\crt\src\fgetwc.c
f:\dd\vctools\crt_bld\self_x86\crt\src\mbstowcs.c
f:\dd\vctools\crt_bld\self_x86\crt\src\a_cmp.c
f:\dd\vctools\crt_bld\self_x86\crt\src\strtod.c
f:\dd\vctools\crt_bld\self_x86\crt\src\vsprintf.c
f:\dd\vctools\crt_bld\self_x86\crt\src\gmtime64.c
KERNEL32.DLL
strcat_s(outmsg, (sizeof(outmsg) / sizeof(outmsg[0])), rterrs[tblindx].rterrtxt)
strcat_s(outmsg, (sizeof(outmsg) / sizeof(outmsg[0])), "\n\n")
strcpy_s(outmsg, (sizeof(outmsg) / sizeof(outmsg[0])), "Runtime Error!\n\nProgram: ")
_NMSG_WRITE
f:\dd\vctools\crt_bld\self_x86\crt\src\crt0msg.c
f:\dd\vctools\crt_bld\self_x86\crt\src\winsig.c
WUSER32.DLL
f:\dd\vctools\crt_bld\self_x86\crt\prebuild\eh\typname.cpp
f:\dd\vctools\crt_bld\self_x86\crt\src\_flsbuf.c
f:\dd\vctools\crt_bld\self_x86\crt\src\intel\fp8.c
f:\dd\vctools\crt_bld\self_x86\crt\prebuild\conv\cvt.c
f:\dd\vctools\crt_bld\self_x86\crt\src\isctype.c
f:\dd\vctools\crt_bld\self_x86\crt\src\dtoxtm64.c
f:\dd\vctools\crt_bld\self_x86\crt\src\expand.c
f:\dd\vctools\crt_bld\self_x86\crt\src\close.c
f:\dd\vctools\crt_bld\self_x86\crt\src\_freebuf.c
f:\dd\vctools\crt_bld\self_x86\crt\src\_filbuf.c
f:\dd\vctools\crt_bld\self_x86\crt\src\lseek.c
f:\dd\vctools\crt_bld\self_x86\crt\src\_open.c
f:\dd\vctools\crt_bld\self_x86\crt\src\timeset.c
f:\dd\vctools\crt_bld\self_x86\crt\src\stricmp.c
f:\dd\vctools\crt_bld\self_x86\crt\src\write.c
f:\dd\vctools\crt_bld\self_x86\crt\src\ftelli64.c
f:\dd\vctools\crt_bld\self_x86\crt\src\fseeki64.c
f:\dd\vctools\crt_bld\self_x86\crt\src\commit.c
f:\dd\vctools\crt_bld\self_x86\crt\prebuild\include\strgtold12.inl
f:\dd\vctools\crt_bld\self_x86\crt\src\getcwd.c
strcpy_s(resultstr, resultsize, autofos.man)
f:\dd\vctools\crt_bld\self_x86\crt\prebuild\conv\cfout.c
f:\dd\vctools\crt_bld\self_x86\crt\src\getqloc.c
f:\dd\vctools\crt_bld\self_x86\crt\src\wctomb.c
f:\dd\vctools\crt_bld\self_x86\crt\src\mbtowc.c
_loc_update.GetLocaleT()->locinfo->mb_cur_max == 1 || _loc_update.GetLocaleT()->locinfo->mb_cur_max == 2
f:\dd\vctools\crt_bld\self_x86\crt\src\errmode.c
f:\dd\vctools\crt_bld\self_x86\crt\src\lseeki64.c
f:\dd\vctools\crt_bld\self_x86\crt\src\isatty.c
f:\dd\vctools\crt_bld\self_x86\crt\prebuild\tran\contrlfp.c
f:\dd\vctools\crt_bld\self_x86\crt\src\_fptostr.c
f:\dd\vctools\crt_bld\self_x86\crt\src\open.c
0 && "Only UTF-16 little endian & UTF-8 is supported for reads"
f:\dd\vctools\crt_bld\self_x86\crt\src\mbsnbicm.c
f:\dd\vctools\crt_bld\self_x86\crt\src\mbsnbcmp.c
f:\dd\vctools\crt_bld\self_x86\crt\src\getenv.c
f:\dd\vctools\crt_bld\self_x86\crt\prebuild\conv\x10fout.c
f:\dd\vctools\crt_bld\self_x86\crt\src\strnicmp.c
f:\dd\vctools\crt_bld\self_x86\crt\src\wcsnicmp.c
f:\dd\vctools\crt_bld\self_x86\crt\src\setmode.c
f:\dd\vctools\crt_bld\self_x86\crt\src\mbsnbico.c
f:\dd\vctools\crt_bld\self_x86\crt\src\strnicol.c
("CRT Logic error during setenv",0)
__crtsetenv
c:\%original file name%.exe
{8856F961-340A-11D0-A96B-00C04FD705A2}
All Files (*.*)
No error message is available.#Attempted an unsupported operation.$A required resource was unavailable.
Command failed.)Insufficient memory to perform operation.PSystem registry entries have been removed and the INI file (if any) was deleted.BNot all of the system registry entries (or INI file) were removed.FThis program requires the file %s, which was not found on this system.tThis program is linked to the missing export %s in the file %s. This machine may have an incompatible version of %s.
Destination disk drive is full.5Unable to read from %1, it is opened by someone else.AUnable to write to %1, it is read-only or opened by someone else.1Encountered an unexpected error while reading %1.1Encountered an unexpected error while writing %1.
#Unable to load mail system support.
iexplore.exe_1240:
%?9-*09,*19}*09
.text
`.data
.rsrc
msvcrt.dll
KERNEL32.dll
NTDLL.DLL
USER32.dll
SHLWAPI.dll
SHDOCVW.dll
Software\Microsoft\Windows\CurrentVersion\Explorer\BrowseNewProcess
IE-X-X
rsabase.dll
System\CurrentControlSet\Control\Windows
dw15 -x -s %u
watson.microsoft.com
IEWatsonURL
%s -h %u
iedw.exe
Iexplore.XPExceptionFilter
jscript.DLL
mshtml.dll
mlang.dll
urlmon.dll
wininet.dll
shdocvw.DLL
browseui.DLL
comctl32.DLL
IEXPLORE.EXE
iexplore.pdb
ADVAPI32.dll
MsgWaitForMultipleObjects
IExplorer.EXE
IIIIIB(II<.Fg
7?_____ZZSSH%
)z.UUUUUUUU
,....Qym
````2```
{.QLQIIIKGKGKGKGKGKG
;33;33;0
8888880
8887080
browseui.dll
shdocvw.dll
6.00.2900.5512 (xpsp.080413-2105)
Windows
Operating System
6.00.2900.5512
WPFFontCache_v0400.exe_3624:
.text
`.data
@.rsrc
@.reloc
t1Ht.Ht
Ht.Ht
8Y%u(
Ht.Ht$Ht
tGHt;Ht.Ht$Ht
!!"$%%&$%%&())*
%s %s line %d
SHELL32.dll
RPCRT4.dll
MSVCR100_CLR0400.dll
KERNEL32.dll
ADVAPI32.dll
RegNotifyChangeKeyValue
RegCloseKey
RegQueryInfoKeyW
RegOpenKeyExW
GetSystemWindowsDirectoryW
_crt_debugger_hook
_amsg_exit
wpffontcache_v0400.pdb
.?AVMalformedKeyException@@
.?AVNotSupportedException@@
6666666666666666
666666666666
6666666
8888888
!"#$%&'()* ,-./
0000000000000
#@$@$@$@$
@:@$@$@$@$@$@$@$@$@$@$
!"#$%&'()* ,-./0
%&'(gggg)* ,..........................................................................................MMMM..
4444444444444
#$%&'()*
!!!!"#$%&'()* ,-./0123456789:;<=
KEYW
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0"><assemblyIdentity version="1.0.0.0" processorArchitecture="X86" name="wpffontcache_v0400" type="win32"></assemblyIdentity><trustInfo xmlns="urn:schemas-microsoft-com:asm.v3"><security><requestedPrivileges><requestedExecutionLevel level="asInvoker" uiAccess="false"></requestedExecutionLevel></requestedPrivileges></security></trustInfo></assembly>PADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPAD
4 4}455<5
:":&:*:.:2:
0!0&0,03090?0
1 1$1(1,1014181
>0>8>`>~>
1$1@1\1|1
Software\Microsoft\Avalon.Graphics
kernel32.dll
SOFTWARE\Microsoft\Windows NT\CurrentVersion\Fonts
MARLETT.TTF
E\\?\
\WPFFontCache_v0400-System.dat
{2da8dded-086f-4cb9-a77f-b974b9cb0186}
\\?\UNC\
{00000000-0000-0000-0000-000000000000}
\\?\Volume
yKERNEL32.DLL
KeySize
ElementMalformedKeyTask
CacheMissReportReceivedTask
wpffontcache_v0400.exe
4.0.30319.1 built by: RTMRel
.NET Framework
4.0.30319.1
MixVideoPlayer.exe_2728_rwx_03CC0000_00010000:
PresentationFramework.classic
PresentationFramework.Aero
MixVideoPlayer.exe_2728_rwx_04910000_00009000:
WindowsFormsIntegration
Remove it with Ad-Aware
- Click (here) to download and install Ad-Aware Free Antivirus.
- Update the definition files.
- Run a full scan of your computer.
Manual removal*
- Terminate malicious process(es) (How to End a Process With the Task Manager):
mixvideoplayersetup.exe:700
WPFFontCache_v0400.exe:3624
LTV2.exe:2172
LTV2.exe:3496
LTV2.exe:1936
MixVideoPlayerUpdaterService.exe:2716 - Delete the original Trojan file.
- Delete or disinfect the following files created/modified by the Trojan:
%Program Files%\MixVideoPlayer\Languages\ChineseT.ini (3 bytes)
%Program Files%\MixVideoPlayer\LTV2.exe (6 bytes)
%Program Files%\MixVideoPlayer\Controls\ifishplayer-icon2.ico (9608 bytes)
%Program Files%\MixVideoPlayer\Languages\Polish.ini (3 bytes)
%Program Files%\MixVideoPlayer\dotNetFx40_Full_setup.exe (30344 bytes)
%Program Files%\MixVideoPlayer\references\taglib-sharp.dll (15536 bytes)
%Program Files%\MixVideoPlayer\Languages\Swedish.ini (3 bytes)
%Program Files%\MixVideoPlayer\Languages\Ukrainian.ini (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsq3.tmp\nsProcess.dll (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsq3.tmp\System.dll (11 bytes)
%Program Files%\MixVideoPlayer\FrameworkControl.exe (12024 bytes)
%Program Files%\MixVideoPlayer\references\Newtonsoft.Json.dll (15536 bytes)
%Program Files%\MixVideoPlayer\policy.2.0.taglib-sharp.dll (3 bytes)
%Program Files%\MixVideoPlayer\Languages\Indonesian.ini (3 bytes)
%Documents and Settings%\All Users\Start Menu\Programs\MixVideoPlayer\Uninstall MixVideoPlayer.lnk (1 bytes)
%Program Files%\MixVideoPlayer\references\ffmpeg.exe (811312 bytes)
%Program Files%\MixVideoPlayer\Languages\Portuguese.ini (3 bytes)
%Program Files%\MixVideoPlayer\LTVNetSdk.dll (14 bytes)
%Program Files%\MixVideoPlayer\Languages\HaitianCreole.ini (3 bytes)
%Program Files%\MixVideoPlayer\Languages\Arabic.ini (4 bytes)
%Program Files%\MixVideoPlayer\Languages\Turkish.ini (3 bytes)
%Program Files%\MixVideoPlayer\Languages\Catalan.ini (3 bytes)
%Documents and Settings%\All Users\Start Menu\Programs\MixVideoPlayer\MixVideoPlayer.lnk (1 bytes)
%Program Files%\MixVideoPlayer\Languages\ChineseS.ini (3 bytes)
%Program Files%\MixVideoPlayer\Languages\Hebrew.ini (4 bytes)
%Program Files%\MixVideoPlayer\Languages\Dutch.ini (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsb2.tmp (636264 bytes)
%Program Files%\MixVideoPlayer\mixvideoplayer.affcode (3 bytes)
%Program Files%\MixVideoPlayer\Windows\Thumbs.db (1856 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsq3.tmp\AccessControl.dll (13 bytes)
%Program Files%\MixVideoPlayer\Languages\Slovak.ini (3 bytes)
%Program Files%\MixVideoPlayer\uninstall.exe (3941 bytes)
%Program Files%\MixVideoPlayer\Languages\Finnish.ini (3 bytes)
%Program Files%\MixVideoPlayer\icon.ico (9608 bytes)
%Program Files%\MixVideoPlayer\mixvideoplayer.uidnum (23 bytes)
%Program Files%\MixVideoPlayer\references\policy.2.0.taglib-sharp.dll (3 bytes)
%Program Files%\MixVideoPlayer\Languages\English.ini (3 bytes)
%Program Files%\MixVideoPlayer\Languages\Latvian.ini (3 bytes)
%Program Files%\MixVideoPlayer\policy.2.0.taglib-sharp.config (377 bytes)
%Program Files%\MixVideoPlayer\Languages\Thai.ini (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsq3.tmp\SimpleSC.dll (1856 bytes)
%Program Files%\MixVideoPlayer\references\folder.png (472 bytes)
%Program Files%\MixVideoPlayer\BrowserWeb.exe (1856 bytes)
%Program Files%\MixVideoPlayer\references\extaudio.png (310 bytes)
%Program Files%\MixVideoPlayer\Languages\Spanish.ini (3 bytes)
%Documents and Settings%\%current user%\Desktop\MixVideoPlayer.lnk (1 bytes)
%Program Files%\MixVideoPlayer\references\policy.2.0.taglib-sharp.config (377 bytes)
%Program Files%\MixVideoPlayer\references\Interop.SHDocVw.dll (5064 bytes)
%Program Files%\MixVideoPlayer\MixVideoPlayerUpdaterService.exe (784 bytes)
%Program Files%\MixVideoPlayer\Languages\Russian.ini (5 bytes)
%Program Files%\MixVideoPlayer\taglib-sharp.dll (15536 bytes)
%Program Files%\MixVideoPlayer\mixUpdater.exe (8 bytes)
%Program Files%\MixVideoPlayer\references\NDde.dll (3616 bytes)
%Program Files%\MixVideoPlayer\Snowplow.Tracker.dll (784 bytes)
%Program Files%\MixVideoPlayer\MixVideoPlayer.exe (70495 bytes)
%Program Files%\MixVideoPlayer\Languages\Slovenian.ini (3 bytes)
%Program Files%\MixVideoPlayer\references\Thumbs.db (5 bytes)
%Program Files%\MixVideoPlayer\references\libreria.png (244 bytes)
%Program Files%\MixVideoPlayer\Languages\Norwegian.ini (3 bytes)
%Program Files%\MixVideoPlayer\Languages\Japanese.ini (4 bytes)
%Program Files%\MixVideoPlayer\Languages\Lithuanian.ini (3 bytes)
%Program Files%\MixVideoPlayer\Languages\Greek.ini (5 bytes)
%Program Files%\MixVideoPlayer\Languages\Danish.ini (3 bytes)
%Program Files%\MixVideoPlayer\Languages\Bulgarian.ini (5 bytes)
%Program Files%\MixVideoPlayer\Languages\Hindi.ini (6 bytes)
%Program Files%\MixVideoPlayer\Languages\German.ini (3 bytes)
%Program Files%\MixVideoPlayer\NLog.dll (14184 bytes)
%Program Files%\MixVideoPlayer\references\PhotoLoader.dll (784 bytes)
%Program Files%\MixVideoPlayer\Languages\Italian.ini (3 bytes)
%Program Files%\MixVideoPlayer\Languages\Korean.ini (3 bytes)
%Program Files%\MixVideoPlayer\PhotoLoader.dll (784 bytes)
%Program Files%\MixVideoPlayer\Languages\Czech.ini (3 bytes)
%Program Files%\MixVideoPlayer\Languages\Romanian.ini (3 bytes)
%Program Files%\MixVideoPlayer\Languages\Hungarian.ini (3 bytes)
%Program Files%\MixVideoPlayer\icon-uninstall.ico (3616 bytes)
%Program Files%\MixVideoPlayer\references\mixChecker.exe (27704 bytes)
%Program Files%\MixVideoPlayer\Sider.dll (5064 bytes)
%Program Files%\MixVideoPlayer\references\extvideo.png (146 bytes)
%Documents and Settings%\All Users\Start Menu\Programs\Startup\WebBrowserMixVideoPlayer.lnk (1 bytes)
%Program Files%\MixVideoPlayer\Languages\French.ini (3 bytes)
%Program Files%\MixVideoPlayer\Languages\Vietnamese.ini (4 bytes)
%Program Files%\MixVideoPlayer\Controls\Thumbs.db (1552 bytes)
%Program Files%\MixVideoPlayer\Newtonsoft.Json.dll (16944 bytes)
%Program Files%\MixVideoPlayer\Languages\Estonian.ini (3 bytes)
%Program Files%\MixVideoPlayer\Windows\logopeq-icon.ico (9608 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\analytics[1].htm (1 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@www.mixvideoplayer[2].txt (504 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@n149adserv[2].txt (814 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\jquery.min[2].js (3480 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\mixvideoplayer\log.txt (134 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\tmp4.tmp (326 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\ga[1].js (2293 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\MainBanner[1].htm (3 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@n149adserv[1].txt (636 bytes)
%System%\d3d9caps.tmp (1324 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\jquery.min[1].js (3155 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\arw[1].png (342 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\ga[1].js (2102 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\banner[1].htm (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\analytics[1].js (772 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\jquery.min[1].js (3480 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\show_ads[1].js (6 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@mixvideoplayer[2].txt (4178 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\show_ads[1].js (6 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\mixvideoplayer\config\config.ini (252 bytes)
%Documents and Settings%\%current user%\Cookies\index.dat (15900 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\24075905-11927556[1].gif (8 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@mixvideoplayer[1].txt (3706 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\arw[1].png (342 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@www.mixvideoplayer[1].txt (1009 bytes)
%System%\config (288 bytes)
%System%\config\system (2250 bytes)
%System%\config\SYSTEM.LOG (4889 bytes)
%Program Files%\MixVideoPlayer\MixVideoPlayerUpdaterService.InstallState (149 bytes)
%Program Files%\MixVideoPlayer\MixVideoPlayerUpdaterService.InstallLog (488 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\loading-install[1].gif (7 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\style[1].css (114 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\648d1f54-b401-4a6e-8521-936173dd108a\mixvideoplayersetup.exe (6656032 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\i-download[1].png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\msjava[1].dll (465777 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\progress-bar[1].png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\style[1].css (3971 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\loadingBar[1].gif (11313 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\bullet-short[1].gif (54 bytes)
%System%\wbem\Logs\wbemprox.log (684 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\MixVideoPlayerSetup[1].exe (6656032 bytes) - Clean the Temporary Internet Files folder, which may contain infected files (How to clean Temporary Internet Files folder).
- Reboot the computer.
*Manual removal may cause unexpected system behaviour and should be performed at your own risk.