Sample_024d42874d

by malwarelabrobot on March 29th, 2015 in Malware Descriptions.

mzpefinder_pcap_file.YR (Lavasoft MAS)
Behaviour: Malware


The description has been automatically generated by Lavasoft Malware Analysis System and it may contain incomplete or inaccurate information.

Requires JavaScript enabled!

Summary
Dynamic Analysis
Static Analysis
Network Activity
Map
Strings from Dumps
Removals

MD5: 024d42874d7d07ec1c65ed05564ff260
SHA1: 51c76c8e376b93b0a952973885b3fb6963d2230a
SHA256: 540c74f170d7f3e4c54363316372f03233808049b294cd37851ce5b50e2df759
SSDeep: 12288:IEcSfolPh298H4aMVxRnjDMDJlT/rKHy3TNE4z:elGvRnjD8K0q4z
Size: 496208 bytes
File type: EXE
Platform: WIN32
Entropy: Packed
PEID: PECompactV2X, PECompactv20, UPolyXv05_v6
Company: no certificate found
Created at: 2015-02-25 10:45:04
Analyzed on: WindowsXP SP3 32-bit


Summary:

Malware. Malware, short for malicious software, is any software used to disrupt computer operation, gather sensitive information, or gain access to private computer systems.

Payload

No specific payload has been found.

Process activity

The Malware creates the following process(es):

MagnoPlayerUpdaterService.exe:928
magnoplayersetup.exe:1176
WPFFontCache_v0400.exe:1852
LTV2.exe:1852

The Malware injects its code into the following process(es):

MagnoPlayer.exe:1908
%original file name%.exe:460
mgChecker.exe:2524

Mutexes

The following mutexes were created/opened:
No objects were found.

File activity

The process MagnoPlayer.exe:1908 makes changes in the file system.
The Malware creates and/or writes to the following file(s):

%System%\d3d9caps.tmp (2648 bytes)

The Malware deletes the following file(s):

%System%\d3d9caps.dat (0 bytes)

The process MagnoPlayerUpdaterService.exe:928 makes changes in the file system.
The Malware creates and/or writes to the following file(s):

%System%\config (288 bytes)
%System%\config\SYSTEM.LOG (4681 bytes)
%Program Files%\MagnoPlayer\MagnoPlayerUpdaterService.InstallState (149 bytes)
%Program Files%\MagnoPlayer\MagnoPlayerUpdaterService.InstallLog (461 bytes)
%System%\config\system (1719 bytes)

The process %original file name%.exe:460 makes changes in the file system.
The Malware creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\loading-install[1].gif (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\style[1].css (6025 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\progress-level[1].png (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\MagnoPlayerSetup[1].exe (6602552 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\i-download[1].png (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\progress-bar[1].png (3 bytes)
C:\logFile.txt (79455 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\bullet-short[1].gif (54 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\style[1].css (234 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\desktop.ini (67 bytes)
%System%\wbem\Logs\wbemprox.log (684 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\41ee8235-49b4-465c-832b-82fa8a1264d1\magnoplayersetup.exe (6602552 bytes)

The Malware deletes the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\a673e411048d7068139b568b88fd2da972093cac6176e0504b0f25918b13560bd357280399de3813a7bdae830a0eb82f7c81c9e5f4fce065[1].txt (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\e4601c553b415f01000fce752b8c1c183eab83dc3f3b1a33c776d9d39e333d811b5cff34aeb65c0b7600835af9eb2d18b3d25f1b40ec1467[1].txt (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\c91a77706ab837d4d791561d4e1138d722f3431ffa4b0ee25adc0046ac9c65087c94776c678b109be68f6e921cd0434895479a92ed1315ab[1].txt (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\MagnoPlayerSetup[1].exe (0 bytes)

The process magnoplayersetup.exe:1176 makes changes in the file system.
The Malware creates and/or writes to the following file(s):

%Documents and Settings%\All Users\Start Menu\Programs\MagnoPlayer\MagnoPlayer.lnk (1 bytes)
%Program Files%\MagnoPlayer\references\mgChecker.exe (19592 bytes)
%Program Files%\MagnoPlayer\uninstall.exe (4489 bytes)
%Program Files%\MagnoPlayer\LTV2.exe (5 bytes)
%Program Files%\MagnoPlayer\policy.2.0.taglib-sharp.config (377 bytes)
%Program Files%\MagnoPlayer\Languages\Romanian.ini (3 bytes)
%Program Files%\MagnoPlayer\references\policy.2.0.taglib-sharp.config (377 bytes)
%Program Files%\MagnoPlayer\Languages\Hindi.ini (6 bytes)
%Program Files%\MagnoPlayer\references\Thumbs.db (5 bytes)
%Program Files%\MagnoPlayer\Languages\Dutch.ini (3 bytes)
%Documents and Settings%\%current user%\Desktop\MagnoPlayer.lnk (1 bytes)
%Program Files%\MagnoPlayer\Languages\Russian.ini (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsy3.tmp\AccessControl.dll (13 bytes)
%Program Files%\MagnoPlayer\references\policy.2.0.taglib-sharp.dll (3 bytes)
%Program Files%\MagnoPlayer\Languages\English.ini (3 bytes)
%Program Files%\MagnoPlayer\mgpUpdater.exe (13368 bytes)
%Program Files%\MagnoPlayer\Languages\Swedish.ini (3 bytes)
%Program Files%\MagnoPlayer\Languages\Danish.ini (3 bytes)
%Program Files%\MagnoPlayer\Languages\Japanese.ini (4 bytes)
%Program Files%\MagnoPlayer\Languages\Turkish.ini (3 bytes)
%Program Files%\MagnoPlayer\policy.2.0.taglib-sharp.dll (3 bytes)
%Program Files%\MagnoPlayer\magnoplayer.uidnum (23 bytes)
%Program Files%\MagnoPlayer\Languages\Greek.ini (5 bytes)
%Program Files%\MagnoPlayer\Languages\Estonian.ini (3 bytes)
%Documents and Settings%\All Users\Start Menu\Programs\MagnoPlayer\Uninstall MagnoPlayer.lnk (1 bytes)
%Program Files%\MagnoPlayer\Languages\Thai.ini (5 bytes)
%Program Files%\MagnoPlayer\icon-uninstall.ico (12536 bytes)
%Program Files%\MagnoPlayer\Languages\ChineseT.ini (3 bytes)
%Program Files%\MagnoPlayer\references\taglib-sharp.dll (15536 bytes)
%Program Files%\MagnoPlayer\Languages\Polish.ini (3 bytes)
%Program Files%\MagnoPlayer\taglib-sharp.dll (15536 bytes)
%Program Files%\MagnoPlayer\Languages\Slovenian.ini (3 bytes)
%Program Files%\MagnoPlayer\Languages\Catalan.ini (3 bytes)
%Program Files%\MagnoPlayer\Languages\Hungarian.ini (3 bytes)
%Program Files%\MagnoPlayer\Languages\Hebrew.ini (4 bytes)
%Program Files%\MagnoPlayer\magnoplayer.affcode (3 bytes)
%Program Files%\MagnoPlayer\MagnoPlayerUpdaterService.exe (11 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsy3.tmp\nsProcess.dll (4 bytes)
%Program Files%\MagnoPlayer\references\ffmpeg.exe (811312 bytes)
%Program Files%\MagnoPlayer\Languages\Lithuanian.ini (3 bytes)
%Program Files%\MagnoPlayer\Languages\Czech.ini (3 bytes)
%Program Files%\MagnoPlayer\FrameworkControl.exe (12088 bytes)
%Program Files%\MagnoPlayer\Languages\Vietnamese.ini (4 bytes)
%Program Files%\MagnoPlayer\dotNetFx40_Full_setup.exe (30344 bytes)
%Program Files%\MagnoPlayer\references\NDde.dll (3616 bytes)
%Program Files%\MagnoPlayer\Languages\Indonesian.ini (3 bytes)
%Program Files%\MagnoPlayer\Languages\Portuguese.ini (3 bytes)
%Program Files%\MagnoPlayer\Languages\German.ini (3 bytes)
%Program Files%\MagnoPlayer\references\libreria.png (244 bytes)
%Program Files%\MagnoPlayer\Languages\Spanish.ini (3 bytes)
%Program Files%\MagnoPlayer\Languages\ChineseS.ini (3 bytes)
%Program Files%\MagnoPlayer\Languages\Norwegian.ini (3 bytes)
%Program Files%\MagnoPlayer\Languages\Ukrainian.ini (5 bytes)
%Program Files%\MagnoPlayer\Languages\Italian.ini (3 bytes)
%Program Files%\MagnoPlayer\Languages\Arabic.ini (4 bytes)
%Program Files%\MagnoPlayer\Newtonsoft.Json.dll (16424 bytes)
%Program Files%\MagnoPlayer\Languages\Slovak.ini (3 bytes)
%Program Files%\MagnoPlayer\Languages\Latvian.ini (3 bytes)
%Program Files%\MagnoPlayer\references\folder.png (472 bytes)
%Program Files%\MagnoPlayer\references\Interop.SHDocVw.dll (5064 bytes)
%Program Files%\MagnoPlayer\icon.ico (12536 bytes)
%Program Files%\MagnoPlayer\references\extaudio.png (310 bytes)
%Program Files%\MagnoPlayer\Languages\French.ini (3 bytes)
%Program Files%\MagnoPlayer\Languages\Finnish.ini (3 bytes)
%Program Files%\MagnoPlayer\references\extvideo.png (146 bytes)
%Program Files%\MagnoPlayer\Languages\Bulgarian.ini (5 bytes)
%Program Files%\MagnoPlayer\Languages\HaitianCreole.ini (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsi2.tmp (651122 bytes)
%Program Files%\MagnoPlayer\references\Newtonsoft.Json.dll (15536 bytes)
%Program Files%\MagnoPlayer\MagnoPlayer.exe (89498 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsy3.tmp\SimpleSC.dll (1856 bytes)
%Program Files%\MagnoPlayer\Languages\Korean.ini (3 bytes)
%Program Files%\MagnoPlayer\BrowserWeb.exe (3616 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsy3.tmp\System.dll (11 bytes)
%Program Files%\MagnoPlayer\PhotoLoader.dll (784 bytes)
%Program Files%\MagnoPlayer\references\PhotoLoader.dll (784 bytes)

The Malware deletes the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\nsy3.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nst1.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsy3.tmp\System.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsy3.tmp\AccessControl.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsy3.tmp\SimpleSC.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsy3.tmp\nsProcess.dll (0 bytes)

Registry activity

The process MagnoPlayer.exe:1908 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "18 BF 0E C2 53 E3 65 EA 6D D1 18 4C AA BB 16 E2"

[HKCU\Software\Microsoft\Direct3D\MostRecentApplication]
"Name" = "MagnoPlayer.exe"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Local AppData" = "%Documents and Settings%\%current user%\Local Settings\Application Data"

[HKLM\System\CurrentControlSet\Hardware Profiles\0001\System\CurrentControlSet\Control\VIDEO\{1A853C3C-BF1C-405B-B474-49CD7E7ED008}\0000]
"Attach.ToDesktop" = "1"

The process MagnoPlayerUpdaterService.exe:928 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "DC A5 3C 63 FD 4C E4 78 2E 84 83 BC C7 1C 3A 0B"

[HKLM\System\CurrentControlSet\Services\Eventlog\Application\MagnoPlayerUpdaterService]
"EventMessageFile" = "%WinDir%\Microsoft.NET\Framework\v4.0.30319\EventLogMessages.dll"

[HKLM\System\CurrentControlSet\Services\Eventlog\Application]
"Sources" = "WSH, WMIAdapter, WMI.NET Provider Extension, WmdmPmSN, WinMgmt, Winlogon, Windows Product Activation, Windows 3.1 Migration, WebClient, VSSetup, VSS, VMUpgradeHelper, vmtools, vmStatsProvider, VBRuntime, Userinit, Userenv, TPVCGateway, Tlntsvr, System.ServiceModel.Install 3.0.0.0, System.ServiceModel 4.0.0.0, System.ServiceModel 3.0.0.0, System.Runtime.Serialization 4.0.0.0, System.Runtime.Serialization 3.0.0.0, System.IO.Log 4.0.0.0, System.IO.Log 3.0.0.0, System.IdentityModel 4.0.0.0, System.IdentityModel 3.0.0.0, SysmonLog, Starter, SpoolerCtrs, Software Restriction Policies, Software Installation, ServiceModel Audit 4.0.0.0, ServiceModel Audit 3.0.0.0, SecurityCenter, SclgNtfy, SceSrv, SceCli, safrslv, SAFrdms, RPC, Remote Assistance, PerlMsg, PerfProc, PerfOS, PerfNet, Perfmon, Perflib, PerfDisk, Perfctrs, Offline Files, Oakley, ntbackup, MSSQLSERVER/MSDE, MSSHA, MsiInstaller, MSDTC Client, MSDTC, mnmsrvc, Microsoft.Transactions.Bridge 4.0.0.0, Microsoft.Transactions.Bridge 3.0.0.0, Microsoft H.323 Telephony Service Provider, Microsoft (R) Visual C# 2005 Compiler, Lo,"

The process %original file name%.exe:460 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65452"
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache4"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Documents" = "%Documents and Settings%\All Users\Documents"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Personal" = "%Documents and Settings%\%current user%\My Documents"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache2"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Desktop" = "%Documents and Settings%\All Users\Desktop"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"

[HKLM\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication]
"Name" = "%original file name%.exe"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Desktop" = "%Documents and Settings%\%current user%\Desktop"

[HKLM\System\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "3C 00 00 00 1D 00 00 00 01 00 00 00 00 00 00 00"

[HKLM\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication]
"ID" = "1424853904"

[HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache\C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\41ee8235-49b4-465c-832b-82fa8a1264d1]
"magnoplayersetup.exe" = "magnoplayersetup"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "D6 06 D1 4A 98 5C DC 95 46 9F B2 F1 F9 C3 68 3B"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"MigrateProxy" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache3"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"

The Malware modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"

The Malware modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:

"ProxyBypass" = "1"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The Malware modifies IE settings for security zones to map all urls to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"

The Malware deletes the following value(s) in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"
"ProxyServer"
"ProxyOverride"

The process magnoplayersetup.exe:1176 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:

[HKCR\mgp.wmv\shell\Play\command]
"(Default)" = "%Program Files%\MagnoPlayer\MagnoPlayer.exe /m %1"

[HKCR\.mp4]
"(Default)" = "mgp.mp4"

[HKCR\mgp.wmv\DefaultIcon]
"(Default)" = "%Program Files%\MagnoPlayer\MagnoPlayer.exe"

[HKCR\mgp.flv\shell\Play\command]
"(Default)" = "%Program Files%\MagnoPlayer\MagnoPlayer.exe /m %1"

[HKCR\.mpeg]
"mgp.backup" = "mpegfile"

[HKCR\.mkv]
"(Default)" = "mgp.mkv"

[HKCR\mgp.mp3\shell]
"(Default)" = "Play"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Start Menu" = "%Documents and Settings%\All Users\Start Menu"

[HKCR\.mpeg]
"(Default)" = "mgp.mpeg"

[HKCR\Applications\MagnoPlayer.exe\SupportedTypes]
".mpeg" = ""

[HKCR\.flv]
"(Default)" = "mgp.flv"

[HKCR\mgp.mp3\shell\Play\command]
"(Default)" = "%Program Files%\MagnoPlayer\MagnoPlayer.exe /m %1"

[HKCR\mgp.wmv\shell\Play]
"(Default)" = "Play"

[HKCR\mgp.avi]
"(Default)" = "mgp media file (.avi)"

[HKCR\mgp.mpeg\DefaultIcon]
"(Default)" = "%Program Files%\MagnoPlayer\MagnoPlayer.exe"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCR\mgp.mkv\shell\Play\command]
"(Default)" = "%Program Files%\MagnoPlayer\MagnoPlayer.exe /m %1"

[HKCR\.mov]
"(Default)" = "mgp.mov"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MagnoPlayer]
"UninstallString" = "%Program Files%\MagnoPlayer\uninstall.exe"

[HKCR\.wmv]
"mgp.backup" = "WMVFile"

[HKCR\.wma]
"mgp.backup" = "WMAFile"

[HKCR\.avi]
"(Default)" = "mgp.avi"

[HKCR\mgp.aac\shell\Play\command]
"(Default)" = "%Program Files%\MagnoPlayer\MagnoPlayer.exe /m %1"

[HKCR\mgp.mkv\shell]
"(Default)" = "Play"

[HKCR\mgp.mpeg]
"(Default)" = "mgp media file (.mpeg)"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Start Menu" = "%Documents and Settings%\%current user%\Start Menu"

[HKCR\mgp.mp3]
"(Default)" = "mgp media file (.mp3)"

[HKCR\mgp.mkv]
"(Default)" = "mgp media file (.mkv)"

[HKCR\Applications\MagnoPlayer.exe]
"FriendlyAppName" = "MagnoPlayer"

[HKLM\SOFTWARE\MagnoPlayer\MagnoPlayer]
"InstallDir" = "%Program Files%\MagnoPlayer"

[HKCR\.wma]
"(Default)" = "mgp.wma"

[HKCR\.aif]
"(Default)" = "mgp.aif"

[HKCR\mgp.mkv\shell\Play]
"(Default)" = "Play"

[HKCR\mgp.mpg\DefaultIcon]
"(Default)" = "%Program Files%\MagnoPlayer\MagnoPlayer.exe"

[HKCR\mgp.wmv\shell]
"(Default)" = "Play"

[HKCR\mgp.mp4\shell\Play\command]
"(Default)" = "%Program Files%\MagnoPlayer\MagnoPlayer.exe /m %1"

[HKCR\mgp.divx]
"(Default)" = "mgp media file (.divx)"

[HKCR\mgp.mov\shell\Play\command]
"(Default)" = "%Program Files%\MagnoPlayer\MagnoPlayer.exe /m %1"

[HKCR\mgp.mov\shell]
"(Default)" = "Play"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MagnoPlayer]
"DisplayName" = "MagnoPlayer"

[HKCR\mgp.aac]
"(Default)" = "mgp media file (.aac)"

[HKCR\mgp.wma\shell\Play]
"(Default)" = "Play"

[HKCR\Applications\MagnoPlayer.exe\SupportedTypes]
".wmv" = ""
".wma" = ""

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Personal" = "%Documents and Settings%\%current user%\My Documents"

[HKCR\mgp.aac\shell\Play]
"(Default)" = "Play"

[HKCR\mgp.divx\shell\Play\command]
"(Default)" = "%Program Files%\MagnoPlayer\MagnoPlayer.exe /m %1"

[HKCR\mgp.mov]
"(Default)" = "mgp media file (.mov)"

[HKCR\Applications\MagnoPlayer.exe\SupportedTypes]
".mpg" = ""

[HKCR\mgp.wav\DefaultIcon]
"(Default)" = "%Program Files%\MagnoPlayer\MagnoPlayer.exe"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Desktop" = "%Documents and Settings%\All Users\Desktop"

[HKCR\mgp.mpg\shell]
"(Default)" = "Play"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MagnoPlayer]
"Publisher" = "SoftForce LLC"

[HKCR\Applications\MagnoPlayer.exe\SupportedTypes]
".avi" = ""
".divx" = ""

[HKCR\mgp.wav\shell]
"(Default)" = "Play"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"CommonVideo" = "%Documents and Settings%\All Users\Documents\My Videos"

[HKCR\mgp.mp4]
"(Default)" = "mgp media file (.mp4)"

[HKCR\.wav]
"(Default)" = "mgp.wav"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "80 67 0E 4C 54 67 0A 7C 27 39 49 29 42 2E 58 EB"

[HKCR\.divx]
"(Default)" = "mgp.divx"

[HKCR\Applications\MagnoPlayer.exe\SupportedTypes]
".mov" = ""

[HKCR\.mpg]
"mgp.backup" = "mpegfile"

[HKCR\mgp.mov\DefaultIcon]
"(Default)" = "%Program Files%\MagnoPlayer\MagnoPlayer.exe"

[HKCR\mgp.3gp\shell]
"(Default)" = "Play"

[HKCR\mgp.mpeg\shell\Play\command]
"(Default)" = "%Program Files%\MagnoPlayer\MagnoPlayer.exe /m %1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCR\mgp.divx\DefaultIcon]
"(Default)" = "%Program Files%\MagnoPlayer\MagnoPlayer.exe"

[HKCR\Applications\MagnoPlayer.exe\SupportedTypes]
".flv" = ""

[HKCR\mgp.mp4\shell\Play]
"(Default)" = "Play"

[HKCR\mgp.avi\shell\Play]
"(Default)" = "Play"

[HKCR\mgp.avi\shell\Play\command]
"(Default)" = "%Program Files%\MagnoPlayer\MagnoPlayer.exe /m %1"

[HKCR\.wav]
"mgp.backup" = "soundrec"

[HKCR\Applications\MagnoPlayer.exe\SupportedTypes]
".MP3" = ""

[HKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION]
"iexplore.exe" = "11001"

[HKCR\Applications\MagnoPlayer.exe\SupportedTypes]
".mp4" = ""

[HKCR\mgp.avi\shell]
"(Default)" = "Play"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"

[HKCR\mgp.wma]
"(Default)" = "mgp media file (.wma)"

[HKCR\mgp.wma\shell\Play\command]
"(Default)" = "%Program Files%\MagnoPlayer\MagnoPlayer.exe /m %1"

[HKCR\mgp.aif\shell]
"(Default)" = "Play"

[HKCR\mgp.mpg\shell\Play]
"(Default)" = "Play"

[HKCR\mgp.wav]
"(Default)" = "mgp media file (.wav)"

[HKCR\mgp.mp4\DefaultIcon]
"(Default)" = "%Program Files%\MagnoPlayer\MagnoPlayer.exe"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MagnoPlayer]
"DisplayIcon" = "%Program Files%\MagnoPlayer\icon.ico"

[HKCR\Applications\MagnoPlayer.exe\SupportedTypes]
".aif" = ""

[HKCR\Applications\MagnoPlayer.exe]
"(Default)" = ""

[HKCR\.mpg]
"(Default)" = "mgp.mpg"

[HKCR\Applications\MagnoPlayer.exe\SupportedTypes]
".AAC" = ""
".3gp" = ""

[HKCU\Software\Microsoft\Internet Explorer\Styles]
"MaxScriptStatements" = "4294967295"

[HKCR\.aac]
"(Default)" = "mgp.aac"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"CommonMusic" = "%Documents and Settings%\All Users\Documents\My Music"

[HKCR\mgp.wma\DefaultIcon]
"(Default)" = "%Program Files%\MagnoPlayer\MagnoPlayer.exe"

[HKCR\mgp.avi\DefaultIcon]
"(Default)" = "%Program Files%\MagnoPlayer\MagnoPlayer.exe"

[HKCR\mgp.3gp\shell\Play\command]
"(Default)" = "%Program Files%\MagnoPlayer\MagnoPlayer.exe /m %1"

[HKCR\mgp.mpg\shell\Play\command]
"(Default)" = "%Program Files%\MagnoPlayer\MagnoPlayer.exe /m %1"

[HKCR\mgp.wmv]
"(Default)" = "mgp media file (.wmv)"

[HKCR\mgp.aif\DefaultIcon]
"(Default)" = "%Program Files%\MagnoPlayer\MagnoPlayer.exe"

[HKCR\mgp.mkv\DefaultIcon]
"(Default)" = "%Program Files%\MagnoPlayer\MagnoPlayer.exe"

[HKCR\mgp.flv\shell]
"(Default)" = "Play"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Desktop" = "%Documents and Settings%\%current user%\Desktop"

[HKCR\mgp.mp4\shell]
"(Default)" = "Play"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"

[HKCR\mgp.mpeg\shell\Play]
"(Default)" = "Play"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MagnoPlayer]
"EstimatedSize" = "32883"

[HKCR\mgp.aif\shell\Play\command]
"(Default)" = "%Program Files%\MagnoPlayer\MagnoPlayer.exe /m %1"

[HKCR\mgp.3gp]
"(Default)" = "mgp media file (.3gp)"

[HKCR\mgp.mp3\shell\Play]
"(Default)" = "Play"

[HKCR\mgp.aac\DefaultIcon]
"(Default)" = "%Program Files%\MagnoPlayer\MagnoPlayer.exe"

[HKCR\.avi]
"mgp.backup" = "avifile"

[HKCR\mgp.3gp\DefaultIcon]
"(Default)" = "%Program Files%\MagnoPlayer\MagnoPlayer.exe"

[HKCR\mgp.flv\DefaultIcon]
"(Default)" = "%Program Files%\MagnoPlayer\MagnoPlayer.exe"

[HKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION]
"BrowserWeb.exe" = "11001"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCR\mgp.wma\shell]
"(Default)" = "Play"

[HKCR\mgp.divx\shell]
"(Default)" = "Play"

[HKCR\mgp.mpeg\shell]
"(Default)" = "Play"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"

[HKCR\mgp.wav\shell\Play\command]
"(Default)" = "%Program Files%\MagnoPlayer\MagnoPlayer.exe /m %1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"My Pictures" = "%Documents and Settings%\%current user%\My Documents\My Pictures"

[HKCR\mgp.aif]
"(Default)" = "mgp media file (.aif)"

[HKCR\mgp.divx\shell\Play]
"(Default)" = "Play"

[HKCR\.3gp]
"(Default)" = "mgp.3gp"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MagnoPlayer]
"DisplayVersion" = "v2.1.2.13"

[HKCR\mgp.aac\shell]
"(Default)" = "Play"

[HKCR\.wmv]
"(Default)" = "mgp.wmv"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Documents" = "%Documents and Settings%\All Users\Documents"

[HKCR\mgp.flv\shell\Play]
"(Default)" = "Play"

[HKCR\mgp.3gp\shell\Play]
"(Default)" = "Play"

[HKCR\.mp3]
"(Default)" = "mgp.mp3"

[HKCR\Applications\MagnoPlayer.exe\shell\Play\command]
"(Default)" = "%Program Files%\MagnoPlayer\MagnoPlayer.exe /m %1"

[HKCR\.aif]
"mgp.backup" = "AIFFFile"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"CommonPictures" = "%Documents and Settings%\All Users\Documents\My Pictures"

[HKCR\.mp3]
"mgp.backup" = "mp3file"

[HKCR\mgp.mov\shell\Play]
"(Default)" = "Play"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Programs" = "%Documents and Settings%\All Users\Start Menu\Programs"

[HKCR\mgp.aif\shell\Play]
"(Default)" = "Play"

[HKCR\mgp.flv]
"(Default)" = "mgp media file (.flv)"

[HKCR\mgp.mpg]
"(Default)" = "mgp media file (.mpg)"

[HKCR\Applications\MagnoPlayer.exe\SupportedTypes]
".WAV" = ""

[HKCR\mgp.wav\shell\Play]
"(Default)" = "Play"

[HKCR\Applications\MagnoPlayer.exe\SupportedTypes]
".mkv" = ""

[HKCR\mgp.mp3\DefaultIcon]
"(Default)" = "%Program Files%\MagnoPlayer\MagnoPlayer.exe"

[HKLM\SOFTWARE\MagnoPlayer\MagnoPlayer]
"(Default)" = "%Program Files%\MagnoPlayer\MagnoPlayer.exe"

The process WPFFontCache_v0400.exe:1852 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "41 34 1F 32 38 29 CB 86 88 7F 7E BC C4 92 8F 30"

[HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Local AppData" = "%Documents and Settings%\LocalService\Local Settings\Application Data"

The process LTV2.exe:1852 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy\traceIdentifier]
"Guid" = "5f31090b-d990-4e91-b16d-46121d0255aa"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil\traceIdentifier]
"Guid" = "8aefce96-4618-42ff-a057-3536aa78233e"

[HKLM\System\CurrentControlSet\Services\Eventlog\Application\ESENT]
"EventMessageFile" = "%System%\ESENT.dll"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"

[HKLM\System\CurrentControlSet\Services\Eventlog\Application\ESENT]
"CategoryCount" = "16"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy]
"Active" = "1"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg\traceIdentifier]
"BitNames" = " Error Unusual Info Debug"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg]
"Active" = "1"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy\traceIdentifier]
"BitNames" = " Error Unusual Info Debug"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg]
"ControlFlags" = "1"
"LogSessionName" = "stdout"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil]
"Active" = "1"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy]
"LogSessionName" = "stdout"
"ControlFlags" = "1"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg\traceIdentifier]
"Guid" = "5f31090b-d990-4e91-b16d-46121d0255aa"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil\traceIdentifier]
"BitNames" = " Error Unusual Info Debug"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "F6 E3 A4 01 B3 96 DD 52 31 05 BB DA 05 A3 FA F3"

[HKLM\System\CurrentControlSet\Services\Eventlog\Application\ESENT]
"CategoryMessageFile" = "%System%\ESENT.dll"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil]
"LogSessionName" = "stdout"

[HKLM\System\CurrentControlSet\Services\Eventlog\Application\ESENT]
"TypesSupported" = "7"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil]
"ControlFlags" = "1"

[HKLM\SOFTWARE\Microsoft\ESENT\Process\LTV2\DEBUG]
"Trace Level" = ""

The Malware deletes the following value(s) in system registry:

[HKLM\SOFTWARE\Microsoft\ESENT\Process\LTV2\DEBUG]
"Trace Level"

Dropped PE files

MD5 File path
2e66cf61ffe705bea1da0124aae01743 c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\41ee8235-49b4-465c-832b-82fa8a1264d1\magnoplayersetup.exe
d63975ce28f801f236c4aca5af726961 c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\nsy3.tmp\SimpleSC.dll
faa7f034b38e729a983965c04cc70fc1 c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\nsy3.tmp\nsProcess.dll
2e66cf61ffe705bea1da0124aae01743 c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\MagnoPlayerSetup[1].exe

HOSTS file anomalies

No changes have been detected.

Rootkit activity

No anomalies have been detected.

Propagation

VersionInfo

No information is available.

PE Sections

Name Virtual Address Virtual Size Raw Size Entropy Section MD5
.text 4096 1585152 449024 5.5448 44c52e63a7be3c314ffb52fe8c642ac8
.rsrc 1589248 40960 39424 4.14308 c94d2f53992569554ae904dd13d55854
.reloc 1630208 512 512 0.149863 0d8b73a4652efe0f9fb99b163dc549b4

Dropped from:

Downloaded by:

Similar by SSDeep:

Similar by Lavasoft Polymorphic Checker:

URLs

URL IP
hxxp://69.4.238.159/7d/MagnoPlayerSetup.exe
hxxp://ww0.maxisrv.com/BesH3gE9/pop-up/
hxxp://n149adserv.com/ads?key=5d7c4c519bcd79cc1dca058af3cfebbc&width=0&height=0 204.155.152.38
hxxp://n149adserv.com/no-impression.gif?p=53&ch=&l=UA&h=5f708ed214bd313fa65d2cbc65139900&t=1427499060511&s=54d5df6b2809aac1fdca2aa3d48dd510 204.155.152.38
hxxp://5.196.157.0/c91a77706ab837d4d791561d4e1138d722f3431ffa4b0ee25adc0046ac9c65087c94776c678b109be68f6e921cd0434895479a92ed1315ab
hxxp://5.196.157.0/__maxpower__/render_screen/2014/10/e8150ca4-4ae4-11e4-be98-06a3579b0dab/screen_variation=f_link
hxxp://5.196.157.0/maxpower-static/templates/2014/09/8bc54d8e-3fdf-11e4-8f9b-06a3579b0dab/css/images/bullet-short.gif
hxxp://5.196.157.0/e4601c553b415f01000fce752b8c1c183eab83dc3f3b1a33c776d9d39e333d811b5cff34aeb65c0b7600835af9eb2d18b3d25f1b40ec1467
hxxp://static.f1v476z.com/7d/MagnoPlayerSetup.exe
hxxp://mtbyb1.f1v476z.com/__maxpower__/render_screen/2014/10/e8150ca4-4ae4-11e4-be98-06a3579b0dab/screen_variation=f_link
hxxp://mtbyb1.f1v476z.com/c91a77706ab837d4d791561d4e1138d722f3431ffa4b0ee25adc0046ac9c65087c94776c678b109be68f6e921cd0434895479a92ed1315ab
hxxp://www.f1v476z.com/BesH3gE9/pop-up/ 5.196.157.1
hxxp://mtbyb1.f1v476z.com/maxpower-static/templates/2014/09/8bc54d8e-3fdf-11e4-8f9b-06a3579b0dab/css/images/bullet-short.gif


IDS verdicts (Suricata alerts: Emerging Threats ET ruleset)

Traffic

GET /BesH3gE9/pop-up/ HTTP/1.1
Accept: */*
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: VVV.f1v476z.com
Connection: Keep-Alive


HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Fri, 27 Mar 2015 23:31:18 GMT
Content-Type: text/html
Content-Length: 178
Connection: keep-alive
Location: hXXp://n149adserv.com/ads?key=5d7c4c519bcd79cc1dca058af3cfebbc&width=0&height=0
<html>..<head><title>301 Moved Permanently</title
></head>..<body bgcolor="white">..<center><h1&
gt;301 Moved Permanently</h1></center>..<hr><cent
er>nginx</center>..</body>..</html>....



GET /maxpower-static/templates/2014/09/8bc54d8e-3fdf-11e4-8f9b-06a3579b0dab/css/images/bullet-short.gif HTTP/1.1
Accept: */*
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: mtbyb1.f1v476z.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Server: nginx
Date: Fri, 27 Mar 2015 23:32:02 GMT
Content-Type: image/gif
Content-Length: 54
Last-Modified: Mon, 09 Mar 2015 16:09:15 GMT
Connection: keep-alive
ETag: "54fdc5ab-36"
Accept-Ranges: bytes
GIF89a.............!.......,...................P..U..;....



GET /ads?key=5d7c4c519bcd79cc1dca058af3cfebbc&width=0&height=0 HTTP/1.1
Accept: */*
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: n149adserv.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Cache-Control: no-cache
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
P3P: CP="CAO PSA OUR"
Set-Cookie: epomUUID=5e0bf070-d4d9-11e4-9f76-f8bc125381b8; Domain=.n149adserv.com; Expires=Thu, 22-Mar-2035 23:31:17 GMT; Path=/
Content-Type: text/html;charset=UTF-8
Content-Length: 418
Date: Fri, 27 Mar 2015 23:31:17 GMT
<html><head><title>Empty</title><script typ
e="text/javascript">new Image().src = "hXXp://n149adserv.com" "/no-
im" "pressi" "on.gif?p=53&ch=" "&l=UA" "&h=5f708ed214bd313fa65d2cbc651
39900&t=" new Date().getTime() "&s=54d5df6b2809aac1fdca2aa3d48dd510";&
lt;/script></head><body leftmargin='0' topmargin='0' margi
nwidth='0' marginheight='0' style='background-color:transparent; width
: 100%; text-align: center;'></body></html>....


GET /no-impression.gif?p=53&ch=&l=UA&h=5f708ed214bd313fa65d2cbc65139900&t=1427499060511&s=54d5df6b2809aac1fdca2aa3d48dd510 HTTP/1.1


Accept: */*
Referer: hXXp://n149adserv.com/ads?key=5d7c4c519bcd79cc1dca058af3cfebbc&width=0&height=0
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: n149adserv.com
Connection: Keep-Alive
Cookie: epomUUID=5e0bf070-d4d9-11e4-9f76-f8bc125381b8


HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Cache-Control: no-cache
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
P3P: CP="CAO PSA OUR"
Accept-Ranges: bytes
ETag: W/"49-1424190054000"
Last-Modified: Tue, 17 Feb 2015 16:20:54 GMT
Content-Type: image/gif
Content-Length: 49
Date: Fri, 27 Mar 2015 23:31:17 GMT
GIF89a...................!.......,...........T..;..



GET /7d/MagnoPlayerSetup.exe HTTP/1.1
Accept: */*
Proxy-Authorization: Basic 
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.153 Safari/537.36
Host: static.f1v476z.com
Connection: Keep-Alive
Cache-Control: no-cache


HTTP/1.1 200 OK
Server: nginx
Date: Fri, 27 Mar 2015 23:31:18 GMT
Content-Type: application/octet-stream
Content-Length: 13564263
Last-Modified: Tue, 24 Mar 2015 12:06:50 GMT
Connection: keep-alive
ETag: "5511535a-cef967"
Accept-Ranges: bytes
MZ......................@.............................................
..!..L.!This program cannot be run in DOS mode....$.......1..:u..iu..i
u..i...iw..iu..i...i...id..i!..i...i...it..iRichu..i..................
......PE..L......K.................^..........^2.......p....@.........
.................P...............................................t....
......8...............................................................
.............p...............................text....].......^........
.......... ..`.rdata.......p.......b..............@[email protected]....\......
.....v..............@....ndata...................................rsrc.
..8............z..............@..@....................................
......................................................................
......................................................................
......................................................................
......................................................................
............................................U....\.}..t .}.F.E.u..H...
[email protected]@..e...E..E.P.u...Pr@
..}[email protected]... M.......M....3.....FQ.....NU..M.....
.....VT..U.....FP..E...............E.P.M...Hp@[email protected]
....E..9}[email protected].}[email protected]..
[email protected]@.W...E..E.h [email protected]...\r@._^3.
[.....L$....B...Si.....VW.T.....tO.q.3.;5..B.sB..i......D.......t.G...
..t...O..t .....u...3....3...F.....;5..B.r._^[...U..QQ.U.SV..i....
<<< skipped >>>


GET /__maxpower__/render_screen/2014/10/e8150ca4-4ae4-11e4-be98-06a3579b0dab/screen_variation=f_link HTTP/1.1
Accept: */*
Proxy-Authorization: Basic 
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.153 Safari/537.36
Host: mtbyb1.f1v476z.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Server: nginx
Date: Fri, 27 Mar 2015 23:32:02 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 600
Connection: keep-alive
Vary: Accept-Language
Content-Language: en
Accept-Ranges: bytes
.<!--finish Link-->....<div class="finish">..<h1>...
.....%mapp% Setup Wizard.......</h1>..<p style="margin-top: 1
5px; font-size: 13px;">You have succesfully installed the software 
below and they are ready to be used:</p>....<div class="items
">...<ul>....<li class="check">%mapp%</li>......&
lt;/ul>..</div>....<div class="clear"></div>....&
lt;p>Recommended offers:</p>......<div class="list-toolbar
s" id="alloffers">....<ul class="_FinishOffers">....</ul&g
t;...</div>...........<input id="_Bexit" class="_Bexit close 
absol" tabindex="2" type="submit" name="nombre" onclick='onExit()' val
ue="Close">....</div>......


GET /maxpower-static/templates/2014/09/8bc54d8e-3fdf-11e4-8f9b-06a3579b0dab/css/images/bullet-short.gif HTTP/1.1


Accept: */*
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: mtbyb1.f1v476z.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Server: nginx
Date: Fri, 27 Mar 2015 23:32:02 GMT
Content-Type: image/gif
Content-Length: 54
Last-Modified: Mon, 09 Mar 2015 16:09:15 GMT
Connection: keep-alive
ETag: "54fdc5ab-36"
Accept-Ranges: bytes
GIF89a.............!.......,...................P..U..;..



POST /c91a77706ab837d4d791561d4e1138d722f3431ffa4b0ee25adc0046ac9c65087c94776c678b109be68f6e921cd0434895479a92ed1315ab HTTP/1.1
User-Agent: dBrowser 2 CallGetResponse:2
Host: mtbyb1.f1v476z.com
Content-Length: 2758
Cache-Control: no-cache

cdata=86394263D6DED7AD3ED013DFEF7E64F6FD7F7EB6471F6E1008FAF67D6BFDB01B26EAAA801BC7C09F4151D3761C9F974F6921D434084F69EB0E2262EC981EFAF4B71B6DE53AB1621839F9301B469E85E3DEEA269604ED17849843D57DA5D052460EA403F0E2730A705291EE1BB655062579317F3835A3F1C8D611E8D59DE4E29330C729C3611175A91D6C4B2CA57BF51BAC814A3437D798368DC1B691456E3200C73B5938273C609A4EED13DE213D416F3F76EC515EEC42060E1E15C90253102E203108CE4EB06F9BF324553DCD771AB695594EFE20CAF88CA7C8061DF14729F264C45A7C00F97C25FC0ACF98FD62E9B343D6B4A0344003DB53B5CA4ED7643926F83938088B8239DEC7C5A52CEE31B369D3E92E8DF0C0AED381A0E74654D4C0ABCDD2DD6B2D3EA789769BBA15F3714BEDEB30538EFDE81A6B0A0616288681D844D02444AA39D106F3DD840553FB2E12BFDFB1D48D51FAB6CFDFBAC8BFED3A4960FD76DFD23553DBE5B3A6313D19F1C36A1CBA6717CC889FA898AC67C64B482682943AADB2B7F4E3ADEFA8FE0FFF5D20671051B2F53BE9172CA5FDA443F5C6A92F7627AE63545AF535FC3456629067E6E43B2E1C8587674AB52182412566F7A4452485BE0C24F27B5D08D75950BCCE11149430D472AB22A1A07D6948A05DF3C886A7E75AFF1761D41864984B6DF004B9EF1FE71DFFD42AA56D9638922313B49AB6B735CD0A50758EA7D05A44E8D566D600A984A5CF1ED8319A7A1BAE5F4A36E6DB20079757AD46E6C3B8883BC940692126565CAC9B2277538ABAB6CE6072691496189B44EF44D2F34A71B0205D7A8E5331AC124FFE602225B7917008731CD77481138FE6AAFD97E950EFB0CC5B03D3EF8BAB37D9A9E7A09BAB4C178B50A4C08EBBF6F1
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 27 Mar 2015 23:32:02 GMT
Content-Type: text/plain
Transfer-Encoding: chunked
Connection: keep-alive
7..MAXTHX...0......


GET /maxpower-static/templates/2014/09/8bc54d8e-3fdf-11e4-8f9b-06a3579b0dab/css/images/bullet-short.gif HTTP/1.1


Accept: */*
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: mtbyb1.f1v476z.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Server: nginx
Date: Fri, 27 Mar 2015 23:32:02 GMT
Content-Type: image/gif
Content-Length: 54
Last-Modified: Mon, 09 Mar 2015 16:09:15 GMT
Connection: keep-alive
ETag: "54fdc5ab-36"
Accept-Ranges: bytes
GIF89a.............!.......,...................P..U..;..



HEAD /7d/MagnoPlayerSetup.exe HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.153 Safari/537.36
Host: static.f1v476z.com
Content-Length: 0
Cache-Control: no-cache


HTTP/1.1 200 OK
Server: nginx
Date: Fri, 27 Mar 2015 23:31:18 GMT
Content-Type: application/octet-stream
Content-Length: 13564263
Last-Modified: Tue, 24 Mar 2015 12:06:50 GMT
Connection: keep-alive
ETag: "5511535a-cef967"
Accept-Ranges: bytes







The Malware connects to the servers at the folowing location(s):







%original file name%.exe_460:




.text
`.rsrc
.reloc
SSh8PO
NSSh/
FV<.tN<[tJ<\tF<*tB<|t><^t:<$t6
u%Sh0/P
u%Sh`1P
@t-9}
hTcP
J!"#$J%J&'()*J ,JJJJJJJJ-J.JJ/0J1JJJJJJJJJJJJJJJJJJ23JJ4567JJ8JJJJJ9:;JJJJJ<=JJJJJJJJJJJ>?JJJJJJJJ@JJJJJJAJJJJJBJJCJJJJJJJJJJJDEJJJJJJJFJGJJJJJJJJJJJJHJI
j.hhVQ
j.hP-R
%Program Files% (x86)\Microsoft Visual Studio 9.0\VC\atlmfc\include\atlexcept.h
%Program Files% (x86)\Microsoft Visual Studio 9.0\VC\include\xdebug
%Program Files% (x86)\Microsoft Visual Studio 9.0\VC\include\streambuf
%Program Files% (x86)\Microsoft Visual Studio 9.0\VC\include\xlocale
%Program Files% (x86)\Microsoft Visual Studio 9.0\VC\include\xiosbase
%Program Files% (x86)\Microsoft Visual Studio 9.0\VC\include\xlocnum
%Program Files% (x86)\Microsoft Visual Studio 9.0\VC\atlmfc\include\cstringt.h
EXCEPTION_EXECUTE_HANDLER
BeforeScriptExecuteExplorer1
ThirdPartyUrlBlockedExplorer1
()$^.* ?[]|\-{},:=!
WINDOWS
%H:%M:%S
GetPathExe
%Program Files% (x86)\Microsoft Visual Studio 9.0\VC\include\locale
invalid _N_type: %d
IsWindowsServer
openUrlOnDefaultBrowser
reportException
NetBase.cpp
CMyInternetSession::OnStatusCallback: %s
Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.153 Safari/537.36
URL EMPTY
"url":"
/Setup.application
hXXp://
PictureEx.cpp
c:\logFile.txt
Error opening key.
Key not found.
CheckRegistryKeyExistance
SetStringKey
"exeId":"
inflate 1.1.3 Copyright 1995-1998 Mark Adler
CWebBrowser2
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\olemisc.cpp
CNotSupportedException
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\except.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\include\afxtls_.h
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\strcore.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\include\afxtempl.h
f:\dd\vctools\vc7libs\ship\atlmfc\include\afx.inl
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\winstr.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\appcore.cpp
m_msgCur = {
m_pszExeName =
m_nCmdShow =
m_lpCmdLine =
f:\dd\vctools\vc7libs\ship\atlmfc\include\afxadv.h
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\winfrm.cpp
Warning: no message line prompt for ID 0xX.
Warning: OnUpdateKeyIndicator - unknown indicator 0xX.
Warning: scroll bars in frame windows may cause unusual behaviour.
f:\dd\vctools\vc7libs\ship\atlmfc\include\afxpriv.h
f:\dd\vctools\vc7libs\ship\atlmfc\include\afxcoll.inl
CCmdTarget
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\cmdtarg.cpp
SENDING control notification %d from control id 0xX to %hs window.
SENDING command id 0xX to %hs target.
No handler for command ID 0xX, disabling it.
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\thrdcore.cpp
m_nMsgLast =
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\appui2.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\appui.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\appui1.cpp
Error: failed to load message box prompt string 0xx.
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\wincore.cpp
Warning: unknown WM_MEASUREITEM for menu item 0xX.
hhctrl.ocx
Implementation Warning: control notification = $%X.
Warning: not executing disabled command %d
hWnd = $X (nIDC=$X) is not a %hs.
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\afximpl.h
f:\dd\vctools\vc7libs\ship\atlmfc\include\afxwin2.inl
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\winocc.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\afxtls.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\occmgr.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\occdlg.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\occsite.cpp
IOleInPlaceObject not supported on OLE control (dialog ID %d).
Persistence not supported on OLE control %ls.
%d. Column ordinal %d: Binding as native data type
%d. Column ordinal %d: Binding a COM object
%d. Column ordinal %d: Binding as an IStream object
%d. Column ordinal %d: Binding as an ISequentialStream object
neither ISequentialStream nor IStream are supported!
IStream is supported
FISequentialStream is supported
Testing streams support...
%d. Column ordinal %d: Binding by reference in provider allocated, consumer owned memory
%d. Column ordinal %d: Binding length and status ONLY
Number of columns: %d
f:\dd\vctools\vc7libs\ship\atlmfc\include\atldbcli.h
Unsupported DBTYPE (%d) in column %d
$@Column %d not bound
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\occcont.cpp
Error: no data exchange control with ID 0xX.
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\dlgdata.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\include\afxwin1.inl
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\dlgcore.cpp
IGNORING command id 0xX sent to %hs dialog.
Routing command id 0xX to app.
Routing command id 0xX to owner window.
Warning: Creating dialog from within a COleControlModule application is not a supported scenario.
Warning: ExecuteDlgInit failed during dialog init.
ERROR: Dialog with IDD 0xX must have the child style.
ERROR: Dialog with IDD 0xX must be invisible.
ERROR: Cannot find dialog template with IDD 0xX.
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\wingdi.cpp
m_ps.rcPaint =
m_ps.fErase =
m_ps.hdc =
lgpn.lopnColor =
lgpn.lopnWidth.x (width) =
lgpn.lopnStyle =
lb.lbColor =
lb.lbHatch =
lb.lbStyle =
lf.lfFaceName =
lf.lfPitchAndFamily =
lf.lfQuality =
lf.lfClipPrecision =
lf.lfOutPrecision =
lf.lfCharSet =
lf.lfStrikeOut =
lf.lfUnderline =
lf.lfItalic =
lf.lfWeight =
lf.lfOrientation =
lf.lfEscapement =
lf.lfWidth =
lf.lfHeight =
bm.bmBitsPixel =
bm.bmPlanes =
bm.bmWidthBytes =
bm.bmWidth =
bm.bmHeight =
bm.bmType =
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\winctrl1.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\oleunk.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\include\afxole.inl
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\afxstate.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\array_s.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\elements.h
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\arcobj.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\objcore.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\arccore.cpp
CHttpConnection
CHttpFile
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\inet.cpp
Unknown status: %d
Internet ctxt=%d:
Warning: throwing CInternetException for error %d
Warning: Extended error reported with no response info
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\filecore.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\filex.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\appinit.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\auxdata.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\olevar.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\arcex.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\appui3.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\olelock.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\winutil.cpp
Warning: Shrinking safety pool from %d to %d to satisfy request of %d bytes.
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\dumpcont.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\list_p.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\winmenu.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\wingdix.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\bartool.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\array_o.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\include\afxcmn2.inl
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\winctrl2.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\include\afxcmn.inl
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\plex.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\array_b.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\array_w.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\array_d.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\array_p.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\map_pp.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\map_wo.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\map_so.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\map_ss.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\dlgcomm.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\afxcrit.cpp
WM_HOTKEY
WM_SETHOTKEY
WM_IDLEUPDATECMDUI
WM_DDE_EXECUTE
WM_KEYLAST
WM_SYSKEYUP
WM_SYSKEYDOWN
WM_KEYUP
WM_KEYDOWN
WM_VKEYTOITEM
WM_CTLCOLORMSGBOX
WM_USER 0xX
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\afxtrace.cpp
Warning: Unable to unpack WM_DDE_EXECUTE lParam lX.
Warning: failed to reclaim %d bytes for memory safety pool.
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\winhand.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\occevent.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\filemem.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\oledisp2.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\oleinit.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\arcstrm.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\oleenum.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\apphelp.cpp
Error: failed to load AfxFormatString string 0xx.
Error: illegal string index requested %d.
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\dlgtempl.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\filetxt.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\include\afxmt.inl
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\filest.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\dumpout.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\fixalloc.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\oledisp1.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\olecnvrt.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\olemsgf.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\occlock.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\olefact.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\oledobj2.cpp
a %hs object at $%p, %u bytes long
an invalid object at $%p, %u bytes long
faulted while dumping object at $%p, %u bytes long
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\dumpinit.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\oledlgs2.cpp
m_bz.hTask =
m_bz.hResource =
m_bz.lpszTemplate =
m_bz.hInstance =
m_bz.lCustData =
m_bz.lpszCaption =
m_bz.hWndOwner =
m_bz.dwFlags =
m_bz.cbStruct =
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\oledoc1.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\list_o.cpp
f:\dd\vctools\crt_bld\self_x86\crt\src\_tolower.c
f:\dd\vctools\crt_bld\self_x86\crt\src\locale0.cpp
f:\dd\vctools\crt_bld\self_x86\crt\src\xmutex.cpp
%s(%d) :
%s_%0x
f:\dd\vctools\vc7libs\ship\atlmfc\src\atl\atls\atlbase.cpp
f:\dd\vctools\crt_bld\self_x86\crt\src\dbgrpt.c
f:\dd\vctools\crt_bld\self_x86\crt\src\onexit.c
Client hook allocation failure at file %hs line %d.
Memory allocated at %hs(%d).
Client hook re-allocation failure at file %hs line %d.
HEAP CORRUPTION DETECTED: after %hs block (#%d) at 0x%p.
CRT detected that the application wrote to memory after end of heap buffer.
HEAP CORRUPTION DETECTED: before %hs block (#%d) at 0x%p.
CRT detected that the application wrote to memory before start of heap buffer.
CRT detected that the application wrote to a heap buffer that was freed.
crt block at 0x%p, subtype %x, %Iu bytes long.
client block at 0x%p, subtype %x, %Iu bytes long.
%hs(%d) :
#File Error#(%d) :
Data: <%s> %s
f:\dd\vctools\crt_bld\self_x86\crt\src\setvbuf.c
f:\dd\vctools\crt_bld\self_x86\crt\src\threadex.c
_CrtDbgReport: String too long or IO Error
Debug %s!
Program: %s%s%s%s%s%s%s%s%s%s%s%s
f:\dd\vctools\crt_bld\self_x86\crt\src\osfinfo.c
%s(%d) : %s
_CrtDbgReport: String too long or Invalid characters in String
f:\dd\vctools\crt_bld\self_x86\crt\src\_file.c
f:\dd\vctools\crt_bld\self_x86\crt\src\initctyp.c
f:\dd\vctools\crt_bld\self_x86\crt\src\setlocal.c
f:\dd\vctools\crt_bld\self_x86\crt\src\stdenvp.c
f:\dd\vctools\crt_bld\self_x86\crt\src\stdargv.c
f:\dd\vctools\crt_bld\self_x86\crt\src\w_env.c
f:\dd\vctools\crt_bld\self_x86\crt\src\ioinit.c
f:\dd\vctools\crt_bld\self_x86\crt\src\tidtable.c
This is an unsupported way to load Visual C   DLLs. You need to modify your application to build with a manifest.
- Attempt to initialize the CRT more than once.
- CRT not initialized
Please contact the application's support team for more information.
- floating point support not loaded
f:\dd\vctools\crt_bld\self_x86\crt\src\mlock.c
GetProcessWindowStation
f:\dd\vctools\crt_bld\self_x86\crt\src\output.c
f:\dd\vctools\crt_bld\self_x86\crt\src\mbctype.c
f:\dd\vctools\crt_bld\self_x86\crt\src\_sftbuf.c
f:\dd\vctools\crt_bld\self_x86\crt\src\drive.c
ADVAPI32.DLL
f:\dd\vctools\crt_bld\self_x86\crt\src\inithelp.c
f:\dd\vctools\crt_bld\self_x86\crt\src\tzset.c
f:\dd\vctools\crt_bld\self_x86\crt\src\gmtime.c
f:\dd\vctools\crt_bld\self_x86\crt\src\_getbuf.c
f:\dd\vctools\crt_bld\self_x86\crt\src\read.c
f:\dd\vctools\crt_bld\self_x86\crt\src\stream.c
USER32.DLL
f:\dd\vctools\crt_bld\self_x86\crt\src\convrtcp.c
f:\dd\vctools\crt_bld\self_x86\crt\src\inittime.c
f:\dd\vctools\crt_bld\self_x86\crt\src\initnum.c
f:\dd\vctools\crt_bld\self_x86\crt\src\initmon.c
portuguese-brazilian
operator
f:\dd\vctools\crt_bld\self_x86\crt\src\wtombenv.c
Run-Time Check Failure #%d - %s
f:\dd\vctools\crt_bld\self_x86\crt\src\setenv.c
MSPDB80.DLL
RegCloseKey
RegOpenKeyExA
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\appmodul.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\winmain.cpp
GetProcessHeap
KERNEL32.dll
GetKeyState
SetWindowsHookExW
UnhookWindowsHookEx
CreateDialogIndirectParamW
USER32.dll
RegOpenKeyExW
RegEnumKeyExW
RegDeleteKeyW
RegQueryInfoKeyW
RegCreateKeyW
RegEnumKeyW
RegOpenKeyW
RegCreateKeyExW
ADVAPI32.dll
ole32.dll
ShellExecuteExW
ShellExecuteW
SHELL32.dll
OLEAUT32.dll
UrlUnescapeW
SHLWAPI.dll
GetViewportExtEx
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
GDI32.dll
COMDLG32.dll
WINSPOOL.DRV
oledlg.dll
URLDownloadToFileW
urlmon.dll
dbghelp.dll
RPCRT4.dll
OLEACC.dll
InternetCrackUrlW
InternetCanonicalizeUrlW
InternetOpenUrlW
HttpOpenRequestW
HttpSendRequestW
HttpQueryInfoW
WININET.dll
GetCPInfo
GetConsoleOutputCP
MaxCore.cpp
.?AVCCmdTarget@@
MaxCoreDlg.cpp
.?AVCWebBrowser2@@
.?AVExecuteBase@@
.?AVExecuteFacade@@
Idispimp.cpp
.PAVCFileException@@
.PAVCInternetException@@
Text.cpp
.PAVCOleException@@
.PAVCException@@
.PAVCObject@@
.PAVCMemoryException@@
.PAVCSimpleException@@
.PAVCNotSupportedException@@
.PAVCInvalidArgException@@
.?AVCNotSupportedException@@
.?AVCCmdUI@@
.?AVCTestCmdUI@@
.PAVCUserException@@
.PAVCResourceException@@
.PAVCArchiveException@@
.?AVCHttpConnection@@
.?AVCHttpFile@@
.?AV?$CFixedStringT@V?$CStringT@_WV?$StrTraitMFC@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@$0BAA@@ATL@@
.?AV?$CStringT@_WV?$StrTraitMFC@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@
.PAVCOleDispatchException@@
zcÁ
Created with ajaxload.info
!e%X1
A%S1|
|Gq.bg
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0"><trustInfo xmlns="urn:schemas-microsoft-com:asm.v3"><security><requestedPrivileges><requestedExecutionLevel level="requireAdministrator" uiAccess="false"></requestedExecutionLevel></requestedPrivileges></security></trustInfo></assembly>
kernel32.dll
%Program Files% (x86)\Microsoft Visual Studio 9.0\VC\include\xutility
AtlThrow: hr = 0x%x
%Program Files% (x86)\Microsoft Visual Studio 9.0\VC\atlmfc\include\atlsimpstr.h
std::_Vector_const_iterator<unsigned int,class std::allocator<unsigned int> >::operator *
%Program Files% (x86)\Microsoft Visual Studio 9.0\VC\include\vector
std::_Vector_const_iterator<unsigned int,class std::allocator<unsigned int> >::operator  =
std::_Vector_const_iterator<struct offerStruct *,class std::allocator<struct offerStruct *> >::operator *
std::_Vector_const_iterator<class std::vector<unsigned int,class std::allocator<unsigned int> > *,class std::allocator<class std::vector<unsigned int,class std::allocator<unsigned int> > *> >::operator *
std::_Vector_const_iterator<struct offerStruct *,class std::allocator<struct offerStruct *> >::operator  =
std::_Vector_const_iterator<class std::vector<unsigned int,class std::allocator<unsigned int> > *,class std::allocator<class std::vector<unsigned int,class std::allocator<unsigned int> > *> >::operator  =
Id: = index: = score: ] %c
%Program Files% (x86)\Microsoft Visual Studio 9.0\VC\include\memory
Total list score: d
Score: %d
std::_Vector_const_iterator<unsigned char,class std::allocator<unsigned char> >::operator *
std::_Vector_const_iterator<unsigned char,class std::allocator<unsigned char> >::operator  =
std::_Vector_const_iterator<class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> >,class std::allocator<class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> > > >::operator *
%Program Files% (x86)\Microsoft Visual Studio 9.0\VC\include\ostream
std::_String_const_iterator<char,struct std::char_traits<char>,class std::allocator<char> >::operator *
std::_String_const_iterator<char,struct std::char_traits<char>,class std::allocator<char> >::operator   
std::_Vector_const_iterator<class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> >,class std::allocator<class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> > > >::operator  =
std::_Vector_const_iterator<class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> >,class std::allocator<class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> > > >::operator   
std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> >::operator []
hWarning: implicit LoadString(%u) failed
%Program Files% (x86)\Microsoft Visual Studio 9.0\VC\atlmfc\include\atlconv.h
std::_String_const_iterator<char,struct std::char_traits<char>,class std::allocator<char> >::operator  =
%s\%s__Mdd_ddd.dmp
addLog..Tracked
HKEY_CURRENT_USER
Windows
2.0.27
HKEY_LOCAL_MACHINE
1std::_Tree<class std::_Tmap_traits<int,wchar_t const *,struct std::less<int>,class std::allocator<struct std::pair<int const ,wchar_t const *> >,0> >::const_iterator::operator ==
%Program Files% (x86)\Microsoft Visual Studio 9.0\VC\include\xtree
std::_Tree<class std::_Tmap_traits<int,wchar_t const *,struct std::less<int>,class std::allocator<struct std::pair<int const ,wchar_t const *> >,0> >::const_iterator::operator *
Ainvalid operator<
Url different :
ur.IsEmpty
6nu2bfmath.mrzp97cmg3.com
XDocHostUIHandler::GetOptionKeyPath
XDocHostUIHandler::TranslateUrl
errorUrl
XOleCommandTarget::Exec
std::_Tree<class std::_Tmap_traits<class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > >,unsigned long,struct std::less<class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > > >,class std::allocator<struct std::pair<class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > > const ,unsigned long> >,0> >::const_iterator::operator ==
std::_Tree<class std::_Tmap_traits<class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > >,class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > >,struct std::less<class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > > >,class std::allocator<struct std::pair<class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > > const ,class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > > > >,0> >::const_iterator::operator ==
std::_Tree<class std::_Tmap_traits<class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > >,unsigned long,struct std::less<class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > > >,class std::allocator<struct std::pair<class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > > const ,unsigned long> >,0> >::const_iterator::operator *
std::_Tree<class std::_Tmap_traits<class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > >,class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > >,struct std::less<class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > > >,class std::allocator<struct std::pair<class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > > const ,class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > > > >,0> >::const_iterator::operator *
std::_Tree<class std::_Tmap_traits<class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > >,class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > >,struct std::less<class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > > >,class std::allocator<struct std::pair<class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > > const ,class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > > > >,0> >::const_iterator::_Inc
std::_Tree<class std::_Tmap_traits<class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > >,unsigned long,struct std::less<class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > > >,class std::allocator<struct std::pair<class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > > const ,unsigned long> >,0> >::const_iterator::_Dec
std::_Tree<class std::_Tmap_traits<class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > >,unsigned long,struct std::less<class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > > >,class std::allocator<struct std::pair<class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > > const ,unsigned long> >,0> >::const_iterator::_Inc
std::_Tree<class std::_Tmap_traits<class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > >,class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > >,struct std::less<class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > > >,class std::allocator<struct std::pair<class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > > const ,class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > > > >,0> >::const_iterator::_Dec
","codeErrorMsg":"
","url":"
{"msg":"
addLog..onExit
api-JSON.parse
{"msg":";
Error internal ShellExecuteEx
ExtractIcon.cpp
std::list<class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> >,class std::allocator<class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> > > >::_Const_iterator<1>::operator   
%Program Files% (x86)\Microsoft Visual Studio 9.0\VC\include\list
std::list<class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> >,class std::allocator<class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> > > >::_Const_iterator<1>::operator --
std::_String_const_iterator<wchar_t,struct std::char_traits<wchar_t>,class std::allocator<wchar_t> >::operator *
%Program Files% (x86)\Microsoft Visual Studio 9.0\VC\include\regex
std::_Vector_const_iterator<char,class std::allocator<char> >::operator *
std::vector<class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> >,class std::allocator<class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> > > >::operator []
Astd::list<class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> >,class std::allocator<class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> > > >::_Const_iterator<1>::operator *
std::_String_const_iterator<char,struct std::char_traits<char>,class std::allocator<char> >::operator --
std::_String_const_iterator<wchar_t,struct std::char_traits<wchar_t>,class std::allocator<wchar_t> >::operator   
std::vector<class std::tr1::sub_match<char const *>,class std::allocator<class std::tr1::sub_match<char const *> > >::operator []
std::_Vector_const_iterator<class std::tr1::sub_match<char const *>,class std::allocator<class std::tr1::sub_match<char const *> > >::operator  =
%Program Files% (x86)\Microsoft Visual Studio 9.0\VC\include\algorithm
attempting to write on %s with result %d
data.exe
IsWindowsServer,
ropenUrlOnDefaultBrowser
checkRegkKey
safari.exe
opera.exe
firefox.exe
iexplore.exe
chrome.exe
SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\
nreportException
reportTrace
mxp.min.js
%Program Files% (x86)\Microsoft Visual Studio 9.0\VC\atlmfc\include\atlcomcli.h
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<META HTTP-EQUIV="Pragma" CONTENT="no-cache" />
<meta http-equiv="X-UA-Compatible" content="IE=Edge">
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "hXXp://VVV.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="hXXp://VVV.w3.org/1999/xhtml">
helpJavaScript.cpp
openUrlOnBrowser
checkRegKey
std::_Vector_const_iterator<wchar_t,class std::allocator<wchar_t> >::operator *
std::vector<wchar_t,class std::allocator<wchar_t> >::operator []
std::_Vector_const_iterator<wchar_t,class std::allocator<wchar_t> >::operator  =
std::_Vector_const_iterator<wchar_t,class std::allocator<wchar_t> >::operator   
Resolving name %s
Name resolved %s
WinINet.dll
http:
CInternet error %d
Invalid URL
E_OUTOFMEMORY FAIL URLDownloadToFile
INET_E_DOWNLOAD_FAILURE FAIL URLDownloadToFile
SUCCEEDED URLDownloadToFile
SUCCEEDED default URLDownloadToFile
default URLDownloadToFile
hXXps://
std::vector<class argument,class std::allocator<class argument> >::operator []
std::_Vector_const_iterator<class argument,class std::allocator<class argument> >::operator *
std::_Vector_const_iterator<class argument,class std::allocator<class argument> >::operator  =
std::_Vector_const_iterator<class argument,class std::allocator<class argument> >::operator   
std::vector<struct CPictureEx::TFrame,class std::allocator<struct CPictureEx::TFrame> >::operator []
std::_Vector_const_iterator<struct CPictureEx::TFrame,class std::allocator<struct CPictureEx::TFrame> >::operator *
std::_Vector_const_iterator<struct CPictureEx::TFrame,class std::allocator<struct CPictureEx::TFrame> >::operator   
std::_Vector_const_iterator<struct CPictureEx::TFrame,class std::allocator<struct CPictureEx::TFrame> >::operator  =
Load (resource): Error loading resource %s
CHKEY_USERS
HKEY_CLASSES_ROOT
std::_Tree<class std::_Tmap_traits<unsigned int,class CTrayIcon *,struct std::less<unsigned int>,class std::allocator<struct std::pair<unsigned int const ,class CTrayIcon *> >,0> >::const_iterator::operator ==
std::_Tree<class std::_Tmap_traits<unsigned int,class CTrayIcon *,struct std::less<unsigned int>,class std::allocator<struct std::pair<unsigned int const ,class CTrayIcon *> >,0> >::const_iterator::operator *
%s%s%s
SELECT * FROM Win32_OperatingSystem
CACHE_S_FORMATETC_NOTSUPPORTED
CO_E_SERVER_EXEC_FAILURE
MK_E_INTERMEDIATEINTERFACENOTSUPPORTED
OLE_E_ADVISENOTSUPPORTED
REGDB_E_KEYMISSING
PCACHE_E_FIRST...CACHE_E_LAST
CACHE_S_FIRST...CACHE_S_LAST
CLASSFACTORY_E_FIRST...CLASSFACTORY_E_LAST
CLASSFACTORY_S_FIRST...CLASSFACTORY_S_LAST
CLIENTSITE_E_FIRST...CLIENTSITE_E_LAST
CLIENTSITE_S_FIRST...CLIENTSITE_S_LAST
CLIPBRD_E_FIRST...CLIPBRD_E_LAST
CLIPBRD_S_FIRST...CLIPBRD_S_LAST
CONVERT10_E_FIRST...CONVERT10_E_LAST
CONVERT10_S_FIRST...CONVERT10_S_LAST
CO_E_FIRST...CO_E_LAST
CO_S_FIRST...CO_S_LAST
DATA_E_FIRST...DATA_E_LAST
DATA_S_FIRST...DATA_S_LAST
DRAGDROP_E_FIRST...DRAGDROP_E_LAST
DRAGDROP_S_FIRST...DRAGDROP_S_LAST
ENUM_E_FIRST...ENUM_E_LAST
ENUM_S_FIRST...ENUM_S_LAST
INPLACE_E_FIRST...INPLACE_E_LAST
INPLACE_S_FIRST...INPLACE_S_LAST
MARSHAL_E_FIRST...MARSHAL_E_LAST
MARSHAL_S_FIRST...MARSHAL_S_LAST
MK_E_FIRST...MK_E_LAST
MK_S_FIRST...MK_S_LAST
OLEOBJ_E_FIRST...OLEOBJ_E_LAST
OLEOBJ_S_FIRST...OLEOBJ_S_LAST
OLE_E_FIRST...OLE_E_LAST
OLE_S_FIRST...OLE_S_LAST
REGDB_E_FIRST...REGDB_E_LAST
REGDB_S_FIRST...REGDB_S_LAST
VIEW_E_FIRST...VIEW_E_LAST
VIEW_S_FIRST...VIEW_S_LAST
FACILITY_WINDOWS
severity: %s, facility: %s ($lX)
range: %s ($lX)
%s ($lX)
Warning: constructing COleException, scode = %s.
f:\dd\vctools\vc7libs\ship\atlmfc\include\atlalloc.h
f:\dd\vctools\vc7libs\ship\atlmfc\include\atlcomcli.h
f:\dd\vctools\vc7libs\ship\atlmfc\include\atlsimpstr.h
f:\dd\vctools\vc7libs\ship\atlmfc\include\cstringt.h
f:\dd\vctools\vc7libs\ship\atlmfc\include\atlconv.h
ntdll.dll
Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
Software\Microsoft\Windows\CurrentVersion\Policies\Network
Software\Microsoft\Windows\CurrentVersion\Policies\Comdlg32
%s%s.dll
%s (%s:%d)
Ef:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\winfrm.cpp
Error: failed to execute DDE command '%s'.
Warning: DDE command '%s' ignored because window is disabled.
pMRU: open file (%d) '%s'.
Can't register window class named %s
Afx:%p:%x:%p:%p:%p
Afx:%p:%x
WinHelp: pszHelpFile = '%s', dwData: $%lx, fuCommand: %d.
HtmlHelp: pszHelpFile = '%s', dwData: $%lx, fuCommand: %d.
accKeyboardShortcut
f:\dd\vctools\vc7libs\ship\atlmfc\include\atlcom.h
commctrl_DragListMsg
Gf:\dd\vctools\vc7libs\ship\atlmfc\include\afxwin2.inl
Binding entry %d failed. Status: %d
f:\dd\vctools\vc7libs\ship\atlmfc\include\atlbase.h
GetData failed - HRESULT = 0x%X
m_pColumnInfo[nColumn].ulColumnSize == sizeof(ctype)
Gf:\dd\vctools\vc7libs\ship\atlmfc\include\afxwin1.inl
ERROR: Dialog named '%s' must have the child style.
ERROR: Dialog named '%s' must be invisible.
ERROR: Cannot find dialog template named '%s'.
CLSID\%s
Interface\%s
mfcm90ud.dll
QueryInterface(%s) failed
QueryInterface(%s) succeeded
Gcomctl32.dll
Gcomdlg32.dll
Gshell32.dll
Hf:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\array_s.cpp
connecting to socket address '%s'
resolved name for %s!
resolving name for %s
Warning: destroying an open %s with handle %8.8X
Warning: Disconnecting %s handle %8.8X in context %8.8X at destruction.
HHTTP/1.0
WININET.DLL
Warning: could not get volume information '%s'.
Warning: could not parse the path '%s'. Path is too long.
Warning: could not parse the path '%s'.
CFile exception: %hs, File %s, OS error information = %ld.
user32.dll
AppMsg
WinMsg
CmdRouting
0xx
%s: hwnd=0xX, msg = 0xX (0xX, 0xX)
%s: hwnd=0xX, msg = %hs (0xX, 0xX)
%s: Advise item='%s', Format='%s', Ack=%d, Defer Update= %d
%s: Execute '%s'.
Warning: OleInitialize returned scode = %s.
mscoree.dll
nf:\dd\vctools\crt_bld\self_x86\crt\src\xstring
f:\dd\vctools\vc7libs\ship\atlmfc\src\atl\atls\atldebugapi.cpp
%S(%d) :
ppCategory && pfnCrtDbgReport
f:\dd\vctools\vc7libs\ship\atlmfc\include\atlmem.h
f:\dd\vctools\vc7libs\ship\atlmfc\include\atltime.inl
f:\dd\vctools\vc7libs\ship\atlmfc\include\atlbase.inl
f:\dd\vctools\vc7libs\ship\atlmfc\include\atlcomtime.inl
f:\dd\vctools\vc7libs\ship\atlmfc\include\atlcore.h
f:\dd\vctools\vc7libs\ship\atlmfc\src\atl\atls\allocate.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\atl\atls\atltracemodulemanager.h
f:\dd\vctools\crt_bld\self_x86\crt\src\memcpy_s.c
f:\dd\vctools\crt_bld\self_x86\crt\src\memmove_s.c
mode == _CRT_RPTHOOK_INSTALL || mode == _CRT_RPTHOOK_REMOVE
wcscpy_s(szOutMessage, 4096, L"_CrtDbgReport: String too long or IO Error")
memcpy_s(szShortProgName, sizeof(TCHAR) * (260 - (szShortProgName - szExeName)), dotdotdot, sizeof(TCHAR) * 3)
wcscpy_s(szExeName, 260, L"<program name unknown>")
__crtMessageWindowW
f:\dd\vctools\crt_bld\self_x86\crt\src\vswprint.c
f:\dd\vctools\crt_bld\self_x86\crt\src\tcscat_s.inl
f:\dd\vctools\crt_bld\self_x86\crt\src\printf.c
f:\dd\vctools\crt_bld\self_x86\crt\src\stat64.c
f:\dd\vctools\crt_bld\self_x86\crt\src\wcsicmp.c
f:\dd\vctools\crt_bld\self_x86\crt\src\tmakepath_s.inl
f:\dd\vctools\crt_bld\self_x86\crt\src\wcstombs.c
f:\dd\vctools\crt_bld\self_x86\crt\src\tsplitpath_s.inl
f:\dd\vctools\crt_bld\self_x86\crt\src\dbgheap.c
_CrtCheckMemory()
_CrtIsValidHeapPointer(pUserData)
_CrtSetDbgFlag
(fNewBits==_CRTDBG_REPORT_FLAG) || ((fNewBits & 0x0ffff & ~(_CRTDBG_ALLOC_MEM_DF | _CRTDBG_DELAY_FREE_MEM_DF | _CRTDBG_CHECK_ALWAYS_DF | _CRTDBG_CHECK_CRT_DF | _CRTDBG_LEAK_CHECK_DF) ) == 0)
_CrtMemCheckpoint
f:\dd\vctools\crt_bld\self_x86\crt\src\strtol.c
f:\dd\vctools\crt_bld\self_x86\crt\src\loctim64.c
f:\dd\vctools\crt_bld\self_x86\crt\src\wprintf.c
f:\dd\vctools\crt_bld\self_x86\crt\src\fgetc.c
f:\dd\vctools\crt_bld\self_x86\crt\src\fputc.c
f:\dd\vctools\crt_bld\self_x86\crt\src\ungetc.c
f:\dd\vctools\crt_bld\self_x86\crt\src\ungetc_nolock.inl
f:\dd\vctools\crt_bld\self_x86\crt\src\fwrite.c
f:\dd\vctools\crt_bld\self_x86\crt\src\fgetpos.c
f:\dd\vctools\crt_bld\self_x86\crt\src\fseek.c
f:\dd\vctools\crt_bld\self_x86\crt\src\fsetpos.c
f:\dd\vctools\crt_bld\self_x86\crt\src\fclose.c
f:\dd\vctools\crt_bld\self_x86\crt\src\fread.c
f:\dd\vctools\crt_bld\self_x86\crt\src\rewind.c
f:\dd\vctools\crt_bld\self_x86\crt\src\ftell.c
f:\dd\vctools\crt_bld\self_x86\crt\src\fopen.c
f:\dd\vctools\crt_bld\self_x86\crt\src\strftime.c
("Invalid MBCS character sequence passed to strftime",0)
("Invalid MBCS character sequence passed into strftime",0)
f:\dd\vctools\crt_bld\self_x86\crt\src\malloc.h
("Corrupted pointer passed to _freea", 0)
f:\dd\vctools\crt_bld\self_x86\crt\src\fprintf.c
f:\dd\vctools\crt_bld\self_x86\crt\src\mktime64.c
f:\dd\vctools\crt_bld\self_x86\crt\src\wcslwr.c
f:\dd\vctools\crt_bld\self_x86\crt\src\atof.c
f:\dd\vctools\crt_bld\self_x86\crt\src\wtof.c
f:\dd\vctools\crt_bld\self_x86\crt\src\tcscpy_s.inl
f:\dd\vctools\crt_bld\self_x86\crt\src\wcstol.c
f:\dd\vctools\crt_bld\self_x86\crt\src\mbsinc.c
f:\dd\vctools\crt_bld\self_x86\crt\src\mbsstr.c
f:\dd\vctools\crt_bld\self_x86\crt\src\mbschr.c
f:\dd\vctools\crt_bld\self_x86\crt\src\tcsncpy_s.inl
f:\dd\vctools\crt_bld\self_x86\crt\src\wcsdup.c
f:\dd\vctools\crt_bld\self_x86\crt\src\xtoa.c
Q_CrtSetReportHook2
strcpy_s(szOutMessage, 4096, "_CrtDbgReport: String too long or IO Error")
strcpy_s(szExeName, 260, "<program name unknown>")
__crtMessageWindowA
f:\dd\vctools\crt_bld\self_x86\crt\src\fullpath.c
f:\dd\vctools\crt_bld\self_x86\crt\src\fileno.c
f:\dd\vctools\crt_bld\self_x86\crt\src\fdopen.c
f:\dd\vctools\crt_bld\self_x86\crt\src\feoferr.c
f:\dd\vctools\crt_bld\self_x86\crt\src\fputws.c
f:\dd\vctools\crt_bld\self_x86\crt\src\fgets.c
f:\dd\vctools\crt_bld\self_x86\crt\src\clearerr.c
fMode == _CRTDBG_REPORT_MODE || (fMode & ~(_CRTDBG_MODE_FILE | _CRTDBG_MODE_DEBUG | _CRTDBG_MODE_WNDW)) == 0
_CrtSetReportMode
f:\dd\vctools\crt_bld\self_x86\crt\src\dbgrptt.c
nRptType >= 0 && nRptType < _CRT_ERRCNT
wcscpy_s(szOutMessage2, 4096, L"_CrtDbgReport: String too long or Invalid characters in String")
strcpy_s(szUserMessage, 4096, "_CrtDbgReport: String too long or IO Error")
_VCrtDbgReportA
strcpy_s(szOutMessage2, 4096, "_CrtDbgReport: String too long or Invalid characters in String")
wcscpy_s(szUserMessage, 4096, L"_CrtDbgReport: String too long or IO Error")
_VCrtDbgReportW
((ptloci->lc_category[category].wlocale != NULL) && (ptloci->lc_category[category].wrefcount != NULL)) || ((ptloci->lc_category[category].wlocale == NULL) && (ptloci->lc_category[category].wrefcount == NULL))
Jf:\dd\vctools\crt_bld\self_x86\crt\src\a_cmp.c
f:\dd\vctools\crt_bld\self_x86\crt\src\mbstowcs.c
f:\dd\vctools\crt_bld\self_x86\crt\src\strtod.c
f:\dd\vctools\crt_bld\self_x86\crt\src\vsprintf.c
f:\dd\vctools\crt_bld\self_x86\crt\src\gmtime64.c
KERNEL32.DLL
strcat_s(outmsg, (sizeof(outmsg) / sizeof(outmsg[0])), rterrs[tblindx].rterrtxt)
strcat_s(outmsg, (sizeof(outmsg) / sizeof(outmsg[0])), "\n\n")
strcpy_s(outmsg, (sizeof(outmsg) / sizeof(outmsg[0])), "Runtime Error!\n\nProgram: ")
_NMSG_WRITE
f:\dd\vctools\crt_bld\self_x86\crt\src\crt0msg.c
f:\dd\vctools\crt_bld\self_x86\crt\prebuild\eh\typname.cpp
f:\dd\vctools\crt_bld\self_x86\crt\src\winsig.c
WUSER32.DLL
f:\dd\vctools\crt_bld\self_x86\crt\src\_flsbuf.c
f:\dd\vctools\crt_bld\self_x86\crt\src\intel\fp8.c
f:\dd\vctools\crt_bld\self_x86\crt\prebuild\conv\cvt.c
f:\dd\vctools\crt_bld\self_x86\crt\src\isctype.c
f:\dd\vctools\crt_bld\self_x86\crt\src\dtoxtm64.c
f:\dd\vctools\crt_bld\self_x86\crt\src\expand.c
f:\dd\vctools\crt_bld\self_x86\crt\src\timeset.c
f:\dd\vctools\crt_bld\self_x86\crt\src\_filbuf.c
f:\dd\vctools\crt_bld\self_x86\crt\src\commit.c
f:\dd\vctools\crt_bld\self_x86\crt\src\write.c
f:\dd\vctools\crt_bld\self_x86\crt\src\_freebuf.c
f:\dd\vctools\crt_bld\self_x86\crt\src\ftelli64.c
f:\dd\vctools\crt_bld\self_x86\crt\src\lseek.c
f:\dd\vctools\crt_bld\self_x86\crt\src\fseeki64.c
f:\dd\vctools\crt_bld\self_x86\crt\src\close.c
f:\dd\vctools\crt_bld\self_x86\crt\src\_open.c
f:\dd\vctools\crt_bld\self_x86\crt\src\stricmp.c
f:\dd\vctools\crt_bld\self_x86\crt\src\getenv.c
f:\dd\vctools\crt_bld\self_x86\crt\prebuild\include\strgtold12.inl
f:\dd\vctools\crt_bld\self_x86\crt\src\getcwd.c
strcpy_s(resultstr, resultsize, autofos.man)
f:\dd\vctools\crt_bld\self_x86\crt\prebuild\conv\cfout.c
f:\dd\vctools\crt_bld\self_x86\crt\src\getqloc.c
f:\dd\vctools\crt_bld\self_x86\crt\src\errmode.c
f:\dd\vctools\crt_bld\self_x86\crt\src\lseeki64.c
f:\dd\vctools\crt_bld\self_x86\crt\src\isatty.c
f:\dd\vctools\crt_bld\self_x86\crt\src\mbtowc.c
_loc_update.GetLocaleT()->locinfo->mb_cur_max == 1 || _loc_update.GetLocaleT()->locinfo->mb_cur_max == 2
f:\dd\vctools\crt_bld\self_x86\crt\prebuild\tran\contrlfp.c
f:\dd\vctools\crt_bld\self_x86\crt\src\_fptostr.c
f:\dd\vctools\crt_bld\self_x86\crt\src\wctomb.c
f:\dd\vctools\crt_bld\self_x86\crt\src\open.c
0 && "Only UTF-16 little endian & UTF-8 is supported for reads"
f:\dd\vctools\crt_bld\self_x86\crt\src\mbsnbicm.c
f:\dd\vctools\crt_bld\self_x86\crt\src\mbsnbcmp.c
f:\dd\vctools\crt_bld\self_x86\crt\src\mbsnbico.c
f:\dd\vctools\crt_bld\self_x86\crt\prebuild\conv\x10fout.c
f:\dd\vctools\crt_bld\self_x86\crt\src\strnicmp.c
f:\dd\vctools\crt_bld\self_x86\crt\src\wcsnicmp.c
$f:\dd\vctools\crt_bld\self_x86\crt\src\setmode.c
f:\dd\vctools\crt_bld\self_x86\crt\src\strnicol.c
("CRT Logic error during setenv",0)
__crtsetenv
c:\%original file name%.exe
{8856F961-340A-11D0-A96B-00C04FD705A2}
All Files (*.*)
No error message is available.#Attempted an unsupported operation.$A required resource was unavailable.
Command failed.)Insufficient memory to perform operation.PSystem registry entries have been removed and the INI file (if any) was deleted.BNot all of the system registry entries (or INI file) were removed.FThis program requires the file %s, which was not found on this system.tThis program is linked to the missing export %s in the file %s. This machine may have an incompatible version of %s.
Destination disk drive is full.5Unable to read from %1, it is opened by someone else.AUnable to write to %1, it is read-only or opened by someone else.1Encountered an unexpected error while reading %1.1Encountered an unexpected error while writing %1.
#Unable to load mail system support.
(.fFb#
1')3-=#3=') '#
<5"95"95"90
;$.:'.:$&:)
.#<  %d##S#%
nDuT\;Ctt#tKtKtK#####.zK#
 3#.#%/%&./#4
#;43;;;#^##3<
# 00(0(0((0(
(($40 ,( 0 ,4$,0 0 ,

%original file name%.exe_460_rwx_00340000_00003000:




The procedure %s could not be located in the DLL %s.
The ordinal %d could not be located in the DLL %s.

%original file name%.exe_460_rwx_00401000_00183000:




SSh8PO
NSSh/
FV<.tN<[tJ<\tF<*tB<|t><^t:<$t6
u%Sh0/P
u%Sh`1P
@t-9}
hTcP
J!"#$J%J&'()*J ,JJJJJJJJ-J.JJ/0J1JJJJJJJJJJJJJJJJJJ23JJ4567JJ8JJJJJ9:;JJJJJ<=JJJJJJJJJJJ>?JJJJJJJJ@JJJJJJAJJJJJBJJCJJJJJJJJJJJDEJJJJJJJFJGJJJJJJJJJJJJHJI
j.hhVQ
j.hP-R
%Program Files% (x86)\Microsoft Visual Studio 9.0\VC\atlmfc\include\atlexcept.h
%Program Files% (x86)\Microsoft Visual Studio 9.0\VC\include\xdebug
%Program Files% (x86)\Microsoft Visual Studio 9.0\VC\include\streambuf
%Program Files% (x86)\Microsoft Visual Studio 9.0\VC\include\xlocale
%Program Files% (x86)\Microsoft Visual Studio 9.0\VC\include\xiosbase
%Program Files% (x86)\Microsoft Visual Studio 9.0\VC\include\xlocnum
%Program Files% (x86)\Microsoft Visual Studio 9.0\VC\atlmfc\include\cstringt.h
EXCEPTION_EXECUTE_HANDLER
BeforeScriptExecuteExplorer1
ThirdPartyUrlBlockedExplorer1
()$^.* ?[]|\-{},:=!
WINDOWS
%H:%M:%S
GetPathExe
%Program Files% (x86)\Microsoft Visual Studio 9.0\VC\include\locale
invalid _N_type: %d
IsWindowsServer
openUrlOnDefaultBrowser
reportException
NetBase.cpp
CMyInternetSession::OnStatusCallback: %s
Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.153 Safari/537.36
URL EMPTY
"url":"
/Setup.application
hXXp://
PictureEx.cpp
c:\logFile.txt
Error opening key.
Key not found.
CheckRegistryKeyExistance
SetStringKey
"exeId":"
inflate 1.1.3 Copyright 1995-1998 Mark Adler
CWebBrowser2
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\olemisc.cpp
CNotSupportedException
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\except.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\include\afxtls_.h
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\strcore.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\include\afxtempl.h
f:\dd\vctools\vc7libs\ship\atlmfc\include\afx.inl
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\winstr.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\appcore.cpp
m_msgCur = {
m_pszExeName =
m_nCmdShow =
m_lpCmdLine =
f:\dd\vctools\vc7libs\ship\atlmfc\include\afxadv.h
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\winfrm.cpp
Warning: no message line prompt for ID 0xX.
Warning: OnUpdateKeyIndicator - unknown indicator 0xX.
Warning: scroll bars in frame windows may cause unusual behaviour.
f:\dd\vctools\vc7libs\ship\atlmfc\include\afxpriv.h
f:\dd\vctools\vc7libs\ship\atlmfc\include\afxcoll.inl
CCmdTarget
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\cmdtarg.cpp
SENDING control notification %d from control id 0xX to %hs window.
SENDING command id 0xX to %hs target.
No handler for command ID 0xX, disabling it.
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\thrdcore.cpp
m_nMsgLast =
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\appui2.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\appui.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\appui1.cpp
Error: failed to load message box prompt string 0xx.
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\wincore.cpp
Warning: unknown WM_MEASUREITEM for menu item 0xX.
hhctrl.ocx
Implementation Warning: control notification = $%X.
Warning: not executing disabled command %d
hWnd = $X (nIDC=$X) is not a %hs.
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\afximpl.h
f:\dd\vctools\vc7libs\ship\atlmfc\include\afxwin2.inl
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\winocc.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\afxtls.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\occmgr.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\occdlg.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\occsite.cpp
IOleInPlaceObject not supported on OLE control (dialog ID %d).
Persistence not supported on OLE control %ls.
%d. Column ordinal %d: Binding as native data type
%d. Column ordinal %d: Binding a COM object
%d. Column ordinal %d: Binding as an IStream object
%d. Column ordinal %d: Binding as an ISequentialStream object
neither ISequentialStream nor IStream are supported!
IStream is supported
FISequentialStream is supported
Testing streams support...
%d. Column ordinal %d: Binding by reference in provider allocated, consumer owned memory
%d. Column ordinal %d: Binding length and status ONLY
Number of columns: %d
f:\dd\vctools\vc7libs\ship\atlmfc\include\atldbcli.h
Unsupported DBTYPE (%d) in column %d
$@Column %d not bound
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\occcont.cpp
Error: no data exchange control with ID 0xX.
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\dlgdata.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\include\afxwin1.inl
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\dlgcore.cpp
IGNORING command id 0xX sent to %hs dialog.
Routing command id 0xX to app.
Routing command id 0xX to owner window.
Warning: Creating dialog from within a COleControlModule application is not a supported scenario.
Warning: ExecuteDlgInit failed during dialog init.
ERROR: Dialog with IDD 0xX must have the child style.
ERROR: Dialog with IDD 0xX must be invisible.
ERROR: Cannot find dialog template with IDD 0xX.
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\wingdi.cpp
m_ps.rcPaint =
m_ps.fErase =
m_ps.hdc =
lgpn.lopnColor =
lgpn.lopnWidth.x (width) =
lgpn.lopnStyle =
lb.lbColor =
lb.lbHatch =
lb.lbStyle =
lf.lfFaceName =
lf.lfPitchAndFamily =
lf.lfQuality =
lf.lfClipPrecision =
lf.lfOutPrecision =
lf.lfCharSet =
lf.lfStrikeOut =
lf.lfUnderline =
lf.lfItalic =
lf.lfWeight =
lf.lfOrientation =
lf.lfEscapement =
lf.lfWidth =
lf.lfHeight =
bm.bmBitsPixel =
bm.bmPlanes =
bm.bmWidthBytes =
bm.bmWidth =
bm.bmHeight =
bm.bmType =
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\winctrl1.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\oleunk.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\include\afxole.inl
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\afxstate.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\array_s.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\elements.h
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\arcobj.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\objcore.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\arccore.cpp
CHttpConnection
CHttpFile
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\inet.cpp
Unknown status: %d
Internet ctxt=%d:
Warning: throwing CInternetException for error %d
Warning: Extended error reported with no response info
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\filecore.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\filex.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\appinit.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\auxdata.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\olevar.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\arcex.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\appui3.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\olelock.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\winutil.cpp
Warning: Shrinking safety pool from %d to %d to satisfy request of %d bytes.
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\dumpcont.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\list_p.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\winmenu.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\wingdix.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\bartool.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\array_o.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\include\afxcmn2.inl
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\winctrl2.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\include\afxcmn.inl
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\plex.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\array_b.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\array_w.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\array_d.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\array_p.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\map_pp.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\map_wo.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\map_so.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\map_ss.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\dlgcomm.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\afxcrit.cpp
WM_HOTKEY
WM_SETHOTKEY
WM_IDLEUPDATECMDUI
WM_DDE_EXECUTE
WM_KEYLAST
WM_SYSKEYUP
WM_SYSKEYDOWN
WM_KEYUP
WM_KEYDOWN
WM_VKEYTOITEM
WM_CTLCOLORMSGBOX
WM_USER 0xX
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\afxtrace.cpp
Warning: Unable to unpack WM_DDE_EXECUTE lParam lX.
Warning: failed to reclaim %d bytes for memory safety pool.
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\winhand.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\occevent.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\filemem.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\oledisp2.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\oleinit.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\arcstrm.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\oleenum.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\apphelp.cpp
Error: failed to load AfxFormatString string 0xx.
Error: illegal string index requested %d.
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\dlgtempl.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\filetxt.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\include\afxmt.inl
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\filest.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\dumpout.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\fixalloc.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\oledisp1.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\olecnvrt.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\olemsgf.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\occlock.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\olefact.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\oledobj2.cpp
a %hs object at $%p, %u bytes long
an invalid object at $%p, %u bytes long
faulted while dumping object at $%p, %u bytes long
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\dumpinit.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\oledlgs2.cpp
m_bz.hTask =
m_bz.hResource =
m_bz.lpszTemplate =
m_bz.hInstance =
m_bz.lCustData =
m_bz.lpszCaption =
m_bz.hWndOwner =
m_bz.dwFlags =
m_bz.cbStruct =
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\oledoc1.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\list_o.cpp
f:\dd\vctools\crt_bld\self_x86\crt\src\_tolower.c
f:\dd\vctools\crt_bld\self_x86\crt\src\locale0.cpp
f:\dd\vctools\crt_bld\self_x86\crt\src\xmutex.cpp
%s(%d) :
%s_%0x
f:\dd\vctools\vc7libs\ship\atlmfc\src\atl\atls\atlbase.cpp
f:\dd\vctools\crt_bld\self_x86\crt\src\dbgrpt.c
f:\dd\vctools\crt_bld\self_x86\crt\src\onexit.c
Client hook allocation failure at file %hs line %d.
Memory allocated at %hs(%d).
Client hook re-allocation failure at file %hs line %d.
HEAP CORRUPTION DETECTED: after %hs block (#%d) at 0x%p.
CRT detected that the application wrote to memory after end of heap buffer.
HEAP CORRUPTION DETECTED: before %hs block (#%d) at 0x%p.
CRT detected that the application wrote to memory before start of heap buffer.
CRT detected that the application wrote to a heap buffer that was freed.
crt block at 0x%p, subtype %x, %Iu bytes long.
client block at 0x%p, subtype %x, %Iu bytes long.
%hs(%d) :
#File Error#(%d) :
Data: <%s> %s
f:\dd\vctools\crt_bld\self_x86\crt\src\setvbuf.c
f:\dd\vctools\crt_bld\self_x86\crt\src\threadex.c
_CrtDbgReport: String too long or IO Error
Debug %s!
Program: %s%s%s%s%s%s%s%s%s%s%s%s
f:\dd\vctools\crt_bld\self_x86\crt\src\osfinfo.c
%s(%d) : %s
_CrtDbgReport: String too long or Invalid characters in String
f:\dd\vctools\crt_bld\self_x86\crt\src\_file.c
f:\dd\vctools\crt_bld\self_x86\crt\src\initctyp.c
f:\dd\vctools\crt_bld\self_x86\crt\src\setlocal.c
f:\dd\vctools\crt_bld\self_x86\crt\src\stdenvp.c
f:\dd\vctools\crt_bld\self_x86\crt\src\stdargv.c
f:\dd\vctools\crt_bld\self_x86\crt\src\w_env.c
f:\dd\vctools\crt_bld\self_x86\crt\src\ioinit.c
f:\dd\vctools\crt_bld\self_x86\crt\src\tidtable.c
This is an unsupported way to load Visual C   DLLs. You need to modify your application to build with a manifest.
- Attempt to initialize the CRT more than once.
- CRT not initialized
Please contact the application's support team for more information.
- floating point support not loaded
f:\dd\vctools\crt_bld\self_x86\crt\src\mlock.c
GetProcessWindowStation
f:\dd\vctools\crt_bld\self_x86\crt\src\output.c
f:\dd\vctools\crt_bld\self_x86\crt\src\mbctype.c
f:\dd\vctools\crt_bld\self_x86\crt\src\_sftbuf.c
f:\dd\vctools\crt_bld\self_x86\crt\src\drive.c
ADVAPI32.DLL
f:\dd\vctools\crt_bld\self_x86\crt\src\inithelp.c
f:\dd\vctools\crt_bld\self_x86\crt\src\tzset.c
f:\dd\vctools\crt_bld\self_x86\crt\src\gmtime.c
f:\dd\vctools\crt_bld\self_x86\crt\src\_getbuf.c
f:\dd\vctools\crt_bld\self_x86\crt\src\read.c
f:\dd\vctools\crt_bld\self_x86\crt\src\stream.c
USER32.DLL
f:\dd\vctools\crt_bld\self_x86\crt\src\convrtcp.c
f:\dd\vctools\crt_bld\self_x86\crt\src\inittime.c
f:\dd\vctools\crt_bld\self_x86\crt\src\initnum.c
f:\dd\vctools\crt_bld\self_x86\crt\src\initmon.c
portuguese-brazilian
operator
f:\dd\vctools\crt_bld\self_x86\crt\src\wtombenv.c
Run-Time Check Failure #%d - %s
f:\dd\vctools\crt_bld\self_x86\crt\src\setenv.c
MSPDB80.DLL
RegCloseKey
RegOpenKeyExA
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\appmodul.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\winmain.cpp
GetProcessHeap
KERNEL32.dll
GetKeyState
SetWindowsHookExW
UnhookWindowsHookEx
CreateDialogIndirectParamW
USER32.dll
RegOpenKeyExW
RegEnumKeyExW
RegDeleteKeyW
RegQueryInfoKeyW
RegCreateKeyW
RegEnumKeyW
RegOpenKeyW
RegCreateKeyExW
ADVAPI32.dll
ole32.dll
ShellExecuteExW
ShellExecuteW
SHELL32.dll
OLEAUT32.dll
UrlUnescapeW
SHLWAPI.dll
GetViewportExtEx
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
GDI32.dll
COMDLG32.dll
WINSPOOL.DRV
oledlg.dll
URLDownloadToFileW
urlmon.dll
dbghelp.dll
RPCRT4.dll
OLEACC.dll
InternetCrackUrlW
InternetCanonicalizeUrlW
InternetOpenUrlW
HttpOpenRequestW
HttpSendRequestW
HttpQueryInfoW
WININET.dll
GetCPInfo
GetConsoleOutputCP
MaxCore.cpp
.?AVCCmdTarget@@
MaxCoreDlg.cpp
.?AVCWebBrowser2@@
.?AVExecuteBase@@
.?AVExecuteFacade@@
Idispimp.cpp
.PAVCFileException@@
.PAVCInternetException@@
Text.cpp
.PAVCOleException@@
.PAVCException@@
.PAVCObject@@
.PAVCMemoryException@@
.PAVCSimpleException@@
.PAVCNotSupportedException@@
.PAVCInvalidArgException@@
.?AVCNotSupportedException@@
.?AVCCmdUI@@
.?AVCTestCmdUI@@
.PAVCUserException@@
.PAVCResourceException@@
.PAVCArchiveException@@
.?AVCHttpConnection@@
.?AVCHttpFile@@
.?AV?$CFixedStringT@V?$CStringT@_WV?$StrTraitMFC@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@$0BAA@@ATL@@
.?AV?$CStringT@_WV?$StrTraitMFC@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@
.PAVCOleDispatchException@@
zcÁ
Created with ajaxload.info
!e%X1
A%S1|
|Gq.bg
%Program Files% (x86)\Microsoft Visual Studio 9.0\VC\include\xutility
AtlThrow: hr = 0x%x
%Program Files% (x86)\Microsoft Visual Studio 9.0\VC\atlmfc\include\atlsimpstr.h
std::_Vector_const_iterator<unsigned int,class std::allocator<unsigned int> >::operator *
%Program Files% (x86)\Microsoft Visual Studio 9.0\VC\include\vector
std::_Vector_const_iterator<unsigned int,class std::allocator<unsigned int> >::operator  =
std::_Vector_const_iterator<struct offerStruct *,class std::allocator<struct offerStruct *> >::operator *
std::_Vector_const_iterator<class std::vector<unsigned int,class std::allocator<unsigned int> > *,class std::allocator<class std::vector<unsigned int,class std::allocator<unsigned int> > *> >::operator *
std::_Vector_const_iterator<struct offerStruct *,class std::allocator<struct offerStruct *> >::operator  =
std::_Vector_const_iterator<class std::vector<unsigned int,class std::allocator<unsigned int> > *,class std::allocator<class std::vector<unsigned int,class std::allocator<unsigned int> > *> >::operator  =
Id: = index: = score: ] %c
%Program Files% (x86)\Microsoft Visual Studio 9.0\VC\include\memory
Total list score: d
Score: %d
std::_Vector_const_iterator<unsigned char,class std::allocator<unsigned char> >::operator *
std::_Vector_const_iterator<unsigned char,class std::allocator<unsigned char> >::operator  =
std::_Vector_const_iterator<class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> >,class std::allocator<class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> > > >::operator *
%Program Files% (x86)\Microsoft Visual Studio 9.0\VC\include\ostream
std::_String_const_iterator<char,struct std::char_traits<char>,class std::allocator<char> >::operator *
std::_String_const_iterator<char,struct std::char_traits<char>,class std::allocator<char> >::operator   
std::_Vector_const_iterator<class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> >,class std::allocator<class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> > > >::operator  =
std::_Vector_const_iterator<class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> >,class std::allocator<class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> > > >::operator   
std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> >::operator []
hWarning: implicit LoadString(%u) failed
%Program Files% (x86)\Microsoft Visual Studio 9.0\VC\atlmfc\include\atlconv.h
std::_String_const_iterator<char,struct std::char_traits<char>,class std::allocator<char> >::operator  =
%s\%s__Mdd_ddd.dmp
addLog..Tracked
HKEY_CURRENT_USER
Windows
2.0.27
HKEY_LOCAL_MACHINE
1std::_Tree<class std::_Tmap_traits<int,wchar_t const *,struct std::less<int>,class std::allocator<struct std::pair<int const ,wchar_t const *> >,0> >::const_iterator::operator ==
%Program Files% (x86)\Microsoft Visual Studio 9.0\VC\include\xtree
std::_Tree<class std::_Tmap_traits<int,wchar_t const *,struct std::less<int>,class std::allocator<struct std::pair<int const ,wchar_t const *> >,0> >::const_iterator::operator *
Ainvalid operator<
Url different :
ur.IsEmpty
6nu2bfmath.mrzp97cmg3.com
XDocHostUIHandler::GetOptionKeyPath
XDocHostUIHandler::TranslateUrl
errorUrl
XOleCommandTarget::Exec
std::_Tree<class std::_Tmap_traits<class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > >,unsigned long,struct std::less<class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > > >,class std::allocator<struct std::pair<class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > > const ,unsigned long> >,0> >::const_iterator::operator ==
std::_Tree<class std::_Tmap_traits<class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > >,class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > >,struct std::less<class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > > >,class std::allocator<struct std::pair<class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > > const ,class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > > > >,0> >::const_iterator::operator ==
std::_Tree<class std::_Tmap_traits<class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > >,unsigned long,struct std::less<class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > > >,class std::allocator<struct std::pair<class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > > const ,unsigned long> >,0> >::const_iterator::operator *
std::_Tree<class std::_Tmap_traits<class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > >,class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > >,struct std::less<class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > > >,class std::allocator<struct std::pair<class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > > const ,class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > > > >,0> >::const_iterator::operator *
std::_Tree<class std::_Tmap_traits<class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > >,class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > >,struct std::less<class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > > >,class std::allocator<struct std::pair<class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > > const ,class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > > > >,0> >::const_iterator::_Inc
std::_Tree<class std::_Tmap_traits<class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > >,unsigned long,struct std::less<class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > > >,class std::allocator<struct std::pair<class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > > const ,unsigned long> >,0> >::const_iterator::_Dec
std::_Tree<class std::_Tmap_traits<class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > >,unsigned long,struct std::less<class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > > >,class std::allocator<struct std::pair<class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > > const ,unsigned long> >,0> >::const_iterator::_Inc
std::_Tree<class std::_Tmap_traits<class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > >,class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > >,struct std::less<class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > > >,class std::allocator<struct std::pair<class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > > const ,class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > > > >,0> >::const_iterator::_Dec
","codeErrorMsg":"
","url":"
{"msg":"
addLog..onExit
api-JSON.parse
{"msg":";
Error internal ShellExecuteEx
ExtractIcon.cpp
std::list<class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> >,class std::allocator<class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> > > >::_Const_iterator<1>::operator   
%Program Files% (x86)\Microsoft Visual Studio 9.0\VC\include\list
std::list<class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> >,class std::allocator<class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> > > >::_Const_iterator<1>::operator --
std::_String_const_iterator<wchar_t,struct std::char_traits<wchar_t>,class std::allocator<wchar_t> >::operator *
%Program Files% (x86)\Microsoft Visual Studio 9.0\VC\include\regex
std::_Vector_const_iterator<char,class std::allocator<char> >::operator *
std::vector<class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> >,class std::allocator<class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> > > >::operator []
Astd::list<class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> >,class std::allocator<class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> > > >::_Const_iterator<1>::operator *
std::_String_const_iterator<char,struct std::char_traits<char>,class std::allocator<char> >::operator --
std::_String_const_iterator<wchar_t,struct std::char_traits<wchar_t>,class std::allocator<wchar_t> >::operator   
std::vector<class std::tr1::sub_match<char const *>,class std::allocator<class std::tr1::sub_match<char const *> > >::operator []
std::_Vector_const_iterator<class std::tr1::sub_match<char const *>,class std::allocator<class std::tr1::sub_match<char const *> > >::operator  =
%Program Files% (x86)\Microsoft Visual Studio 9.0\VC\include\algorithm
attempting to write on %s with result %d
data.exe
IsWindowsServer,
ropenUrlOnDefaultBrowser
checkRegkKey
safari.exe
opera.exe
firefox.exe
iexplore.exe
chrome.exe
SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\
nreportException
reportTrace
mxp.min.js
%Program Files% (x86)\Microsoft Visual Studio 9.0\VC\atlmfc\include\atlcomcli.h
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<META HTTP-EQUIV="Pragma" CONTENT="no-cache" />
<meta http-equiv="X-UA-Compatible" content="IE=Edge">
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "hXXp://VVV.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="hXXp://VVV.w3.org/1999/xhtml">
helpJavaScript.cpp
openUrlOnBrowser
checkRegKey
std::_Vector_const_iterator<wchar_t,class std::allocator<wchar_t> >::operator *
std::vector<wchar_t,class std::allocator<wchar_t> >::operator []
std::_Vector_const_iterator<wchar_t,class std::allocator<wchar_t> >::operator  =
std::_Vector_const_iterator<wchar_t,class std::allocator<wchar_t> >::operator   
Resolving name %s
Name resolved %s
WinINet.dll
http:
CInternet error %d
Invalid URL
E_OUTOFMEMORY FAIL URLDownloadToFile
INET_E_DOWNLOAD_FAILURE FAIL URLDownloadToFile
SUCCEEDED URLDownloadToFile
SUCCEEDED default URLDownloadToFile
default URLDownloadToFile
hXXps://
std::vector<class argument,class std::allocator<class argument> >::operator []
std::_Vector_const_iterator<class argument,class std::allocator<class argument> >::operator *
std::_Vector_const_iterator<class argument,class std::allocator<class argument> >::operator  =
std::_Vector_const_iterator<class argument,class std::allocator<class argument> >::operator   
std::vector<struct CPictureEx::TFrame,class std::allocator<struct CPictureEx::TFrame> >::operator []
std::_Vector_const_iterator<struct CPictureEx::TFrame,class std::allocator<struct CPictureEx::TFrame> >::operator *
std::_Vector_const_iterator<struct CPictureEx::TFrame,class std::allocator<struct CPictureEx::TFrame> >::operator   
std::_Vector_const_iterator<struct CPictureEx::TFrame,class std::allocator<struct CPictureEx::TFrame> >::operator  =
Load (resource): Error loading resource %s
CHKEY_USERS
HKEY_CLASSES_ROOT
std::_Tree<class std::_Tmap_traits<unsigned int,class CTrayIcon *,struct std::less<unsigned int>,class std::allocator<struct std::pair<unsigned int const ,class CTrayIcon *> >,0> >::const_iterator::operator ==
std::_Tree<class std::_Tmap_traits<unsigned int,class CTrayIcon *,struct std::less<unsigned int>,class std::allocator<struct std::pair<unsigned int const ,class CTrayIcon *> >,0> >::const_iterator::operator *
%s%s%s
SELECT * FROM Win32_OperatingSystem
CACHE_S_FORMATETC_NOTSUPPORTED
CO_E_SERVER_EXEC_FAILURE
MK_E_INTERMEDIATEINTERFACENOTSUPPORTED
OLE_E_ADVISENOTSUPPORTED
REGDB_E_KEYMISSING
PCACHE_E_FIRST...CACHE_E_LAST
CACHE_S_FIRST...CACHE_S_LAST
CLASSFACTORY_E_FIRST...CLASSFACTORY_E_LAST
CLASSFACTORY_S_FIRST...CLASSFACTORY_S_LAST
CLIENTSITE_E_FIRST...CLIENTSITE_E_LAST
CLIENTSITE_S_FIRST...CLIENTSITE_S_LAST
CLIPBRD_E_FIRST...CLIPBRD_E_LAST
CLIPBRD_S_FIRST...CLIPBRD_S_LAST
CONVERT10_E_FIRST...CONVERT10_E_LAST
CONVERT10_S_FIRST...CONVERT10_S_LAST
CO_E_FIRST...CO_E_LAST
CO_S_FIRST...CO_S_LAST
DATA_E_FIRST...DATA_E_LAST
DATA_S_FIRST...DATA_S_LAST
DRAGDROP_E_FIRST...DRAGDROP_E_LAST
DRAGDROP_S_FIRST...DRAGDROP_S_LAST
ENUM_E_FIRST...ENUM_E_LAST
ENUM_S_FIRST...ENUM_S_LAST
INPLACE_E_FIRST...INPLACE_E_LAST
INPLACE_S_FIRST...INPLACE_S_LAST
MARSHAL_E_FIRST...MARSHAL_E_LAST
MARSHAL_S_FIRST...MARSHAL_S_LAST
MK_E_FIRST...MK_E_LAST
MK_S_FIRST...MK_S_LAST
OLEOBJ_E_FIRST...OLEOBJ_E_LAST
OLEOBJ_S_FIRST...OLEOBJ_S_LAST
OLE_E_FIRST...OLE_E_LAST
OLE_S_FIRST...OLE_S_LAST
REGDB_E_FIRST...REGDB_E_LAST
REGDB_S_FIRST...REGDB_S_LAST
VIEW_E_FIRST...VIEW_E_LAST
VIEW_S_FIRST...VIEW_S_LAST
FACILITY_WINDOWS
severity: %s, facility: %s ($lX)
range: %s ($lX)
%s ($lX)
Warning: constructing COleException, scode = %s.
f:\dd\vctools\vc7libs\ship\atlmfc\include\atlalloc.h
f:\dd\vctools\vc7libs\ship\atlmfc\include\atlcomcli.h
f:\dd\vctools\vc7libs\ship\atlmfc\include\atlsimpstr.h
f:\dd\vctools\vc7libs\ship\atlmfc\include\cstringt.h
f:\dd\vctools\vc7libs\ship\atlmfc\include\atlconv.h
ntdll.dll
kernel32.dll
Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
Software\Microsoft\Windows\CurrentVersion\Policies\Network
Software\Microsoft\Windows\CurrentVersion\Policies\Comdlg32
%s%s.dll
%s (%s:%d)
Ef:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\winfrm.cpp
Error: failed to execute DDE command '%s'.
Warning: DDE command '%s' ignored because window is disabled.
pMRU: open file (%d) '%s'.
Can't register window class named %s
Afx:%p:%x:%p:%p:%p
Afx:%p:%x
WinHelp: pszHelpFile = '%s', dwData: $%lx, fuCommand: %d.
HtmlHelp: pszHelpFile = '%s', dwData: $%lx, fuCommand: %d.
accKeyboardShortcut
f:\dd\vctools\vc7libs\ship\atlmfc\include\atlcom.h
commctrl_DragListMsg
Gf:\dd\vctools\vc7libs\ship\atlmfc\include\afxwin2.inl
Binding entry %d failed. Status: %d
f:\dd\vctools\vc7libs\ship\atlmfc\include\atlbase.h
GetData failed - HRESULT = 0x%X
m_pColumnInfo[nColumn].ulColumnSize == sizeof(ctype)
Gf:\dd\vctools\vc7libs\ship\atlmfc\include\afxwin1.inl
ERROR: Dialog named '%s' must have the child style.
ERROR: Dialog named '%s' must be invisible.
ERROR: Cannot find dialog template named '%s'.
CLSID\%s
Interface\%s
mfcm90ud.dll
QueryInterface(%s) failed
QueryInterface(%s) succeeded
Gcomctl32.dll
Gcomdlg32.dll
Gshell32.dll
Hf:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\array_s.cpp
connecting to socket address '%s'
resolved name for %s!
resolving name for %s
Warning: destroying an open %s with handle %8.8X
Warning: Disconnecting %s handle %8.8X in context %8.8X at destruction.
HHTTP/1.0
WININET.DLL
Warning: could not get volume information '%s'.
Warning: could not parse the path '%s'. Path is too long.
Warning: could not parse the path '%s'.
CFile exception: %hs, File %s, OS error information = %ld.
user32.dll
AppMsg
WinMsg
CmdRouting
0xx
%s: hwnd=0xX, msg = 0xX (0xX, 0xX)
%s: hwnd=0xX, msg = %hs (0xX, 0xX)
%s: Advise item='%s', Format='%s', Ack=%d, Defer Update= %d
%s: Execute '%s'.
Warning: OleInitialize returned scode = %s.
mscoree.dll
nf:\dd\vctools\crt_bld\self_x86\crt\src\xstring
f:\dd\vctools\vc7libs\ship\atlmfc\src\atl\atls\atldebugapi.cpp
%S(%d) :
ppCategory && pfnCrtDbgReport
f:\dd\vctools\vc7libs\ship\atlmfc\include\atlmem.h
f:\dd\vctools\vc7libs\ship\atlmfc\include\atltime.inl
f:\dd\vctools\vc7libs\ship\atlmfc\include\atlbase.inl
f:\dd\vctools\vc7libs\ship\atlmfc\include\atlcomtime.inl
f:\dd\vctools\vc7libs\ship\atlmfc\include\atlcore.h
f:\dd\vctools\vc7libs\ship\atlmfc\src\atl\atls\allocate.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\atl\atls\atltracemodulemanager.h
f:\dd\vctools\crt_bld\self_x86\crt\src\memcpy_s.c
f:\dd\vctools\crt_bld\self_x86\crt\src\memmove_s.c
mode == _CRT_RPTHOOK_INSTALL || mode == _CRT_RPTHOOK_REMOVE
wcscpy_s(szOutMessage, 4096, L"_CrtDbgReport: String too long or IO Error")
memcpy_s(szShortProgName, sizeof(TCHAR) * (260 - (szShortProgName - szExeName)), dotdotdot, sizeof(TCHAR) * 3)
wcscpy_s(szExeName, 260, L"<program name unknown>")
__crtMessageWindowW
f:\dd\vctools\crt_bld\self_x86\crt\src\vswprint.c
f:\dd\vctools\crt_bld\self_x86\crt\src\tcscat_s.inl
f:\dd\vctools\crt_bld\self_x86\crt\src\printf.c
f:\dd\vctools\crt_bld\self_x86\crt\src\stat64.c
f:\dd\vctools\crt_bld\self_x86\crt\src\wcsicmp.c
f:\dd\vctools\crt_bld\self_x86\crt\src\tmakepath_s.inl
f:\dd\vctools\crt_bld\self_x86\crt\src\wcstombs.c
f:\dd\vctools\crt_bld\self_x86\crt\src\tsplitpath_s.inl
f:\dd\vctools\crt_bld\self_x86\crt\src\dbgheap.c
_CrtCheckMemory()
_CrtIsValidHeapPointer(pUserData)
_CrtSetDbgFlag
(fNewBits==_CRTDBG_REPORT_FLAG) || ((fNewBits & 0x0ffff & ~(_CRTDBG_ALLOC_MEM_DF | _CRTDBG_DELAY_FREE_MEM_DF | _CRTDBG_CHECK_ALWAYS_DF | _CRTDBG_CHECK_CRT_DF | _CRTDBG_LEAK_CHECK_DF) ) == 0)
_CrtMemCheckpoint
f:\dd\vctools\crt_bld\self_x86\crt\src\strtol.c
f:\dd\vctools\crt_bld\self_x86\crt\src\loctim64.c
f:\dd\vctools\crt_bld\self_x86\crt\src\wprintf.c
f:\dd\vctools\crt_bld\self_x86\crt\src\fgetc.c
f:\dd\vctools\crt_bld\self_x86\crt\src\fputc.c
f:\dd\vctools\crt_bld\self_x86\crt\src\ungetc.c
f:\dd\vctools\crt_bld\self_x86\crt\src\ungetc_nolock.inl
f:\dd\vctools\crt_bld\self_x86\crt\src\fwrite.c
f:\dd\vctools\crt_bld\self_x86\crt\src\fgetpos.c
f:\dd\vctools\crt_bld\self_x86\crt\src\fseek.c
f:\dd\vctools\crt_bld\self_x86\crt\src\fsetpos.c
f:\dd\vctools\crt_bld\self_x86\crt\src\fclose.c
f:\dd\vctools\crt_bld\self_x86\crt\src\fread.c
f:\dd\vctools\crt_bld\self_x86\crt\src\rewind.c
f:\dd\vctools\crt_bld\self_x86\crt\src\ftell.c
f:\dd\vctools\crt_bld\self_x86\crt\src\fopen.c
f:\dd\vctools\crt_bld\self_x86\crt\src\strftime.c
("Invalid MBCS character sequence passed to strftime",0)
("Invalid MBCS character sequence passed into strftime",0)
f:\dd\vctools\crt_bld\self_x86\crt\src\malloc.h
("Corrupted pointer passed to _freea", 0)
f:\dd\vctools\crt_bld\self_x86\crt\src\fprintf.c
f:\dd\vctools\crt_bld\self_x86\crt\src\mktime64.c
f:\dd\vctools\crt_bld\self_x86\crt\src\wcslwr.c
f:\dd\vctools\crt_bld\self_x86\crt\src\atof.c
f:\dd\vctools\crt_bld\self_x86\crt\src\wtof.c
f:\dd\vctools\crt_bld\self_x86\crt\src\tcscpy_s.inl
f:\dd\vctools\crt_bld\self_x86\crt\src\wcstol.c
f:\dd\vctools\crt_bld\self_x86\crt\src\mbsinc.c
f:\dd\vctools\crt_bld\self_x86\crt\src\mbsstr.c
f:\dd\vctools\crt_bld\self_x86\crt\src\mbschr.c
f:\dd\vctools\crt_bld\self_x86\crt\src\tcsncpy_s.inl
f:\dd\vctools\crt_bld\self_x86\crt\src\wcsdup.c
f:\dd\vctools\crt_bld\self_x86\crt\src\xtoa.c
Q_CrtSetReportHook2
strcpy_s(szOutMessage, 4096, "_CrtDbgReport: String too long or IO Error")
strcpy_s(szExeName, 260, "<program name unknown>")
__crtMessageWindowA
f:\dd\vctools\crt_bld\self_x86\crt\src\fullpath.c
f:\dd\vctools\crt_bld\self_x86\crt\src\fileno.c
f:\dd\vctools\crt_bld\self_x86\crt\src\fdopen.c
f:\dd\vctools\crt_bld\self_x86\crt\src\feoferr.c
f:\dd\vctools\crt_bld\self_x86\crt\src\fputws.c
f:\dd\vctools\crt_bld\self_x86\crt\src\fgets.c
f:\dd\vctools\crt_bld\self_x86\crt\src\clearerr.c
fMode == _CRTDBG_REPORT_MODE || (fMode & ~(_CRTDBG_MODE_FILE | _CRTDBG_MODE_DEBUG | _CRTDBG_MODE_WNDW)) == 0
_CrtSetReportMode
f:\dd\vctools\crt_bld\self_x86\crt\src\dbgrptt.c
nRptType >= 0 && nRptType < _CRT_ERRCNT
wcscpy_s(szOutMessage2, 4096, L"_CrtDbgReport: String too long or Invalid characters in String")
strcpy_s(szUserMessage, 4096, "_CrtDbgReport: String too long or IO Error")
_VCrtDbgReportA
strcpy_s(szOutMessage2, 4096, "_CrtDbgReport: String too long or Invalid characters in String")
wcscpy_s(szUserMessage, 4096, L"_CrtDbgReport: String too long or IO Error")
_VCrtDbgReportW
((ptloci->lc_category[category].wlocale != NULL) && (ptloci->lc_category[category].wrefcount != NULL)) || ((ptloci->lc_category[category].wlocale == NULL) && (ptloci->lc_category[category].wrefcount == NULL))
Jf:\dd\vctools\crt_bld\self_x86\crt\src\a_cmp.c
f:\dd\vctools\crt_bld\self_x86\crt\src\mbstowcs.c
f:\dd\vctools\crt_bld\self_x86\crt\src\strtod.c
f:\dd\vctools\crt_bld\self_x86\crt\src\vsprintf.c
f:\dd\vctools\crt_bld\self_x86\crt\src\gmtime64.c
KERNEL32.DLL
strcat_s(outmsg, (sizeof(outmsg) / sizeof(outmsg[0])), rterrs[tblindx].rterrtxt)
strcat_s(outmsg, (sizeof(outmsg) / sizeof(outmsg[0])), "\n\n")
strcpy_s(outmsg, (sizeof(outmsg) / sizeof(outmsg[0])), "Runtime Error!\n\nProgram: ")
_NMSG_WRITE
f:\dd\vctools\crt_bld\self_x86\crt\src\crt0msg.c
f:\dd\vctools\crt_bld\self_x86\crt\prebuild\eh\typname.cpp
f:\dd\vctools\crt_bld\self_x86\crt\src\winsig.c
WUSER32.DLL
f:\dd\vctools\crt_bld\self_x86\crt\src\_flsbuf.c
f:\dd\vctools\crt_bld\self_x86\crt\src\intel\fp8.c
f:\dd\vctools\crt_bld\self_x86\crt\prebuild\conv\cvt.c
f:\dd\vctools\crt_bld\self_x86\crt\src\isctype.c
f:\dd\vctools\crt_bld\self_x86\crt\src\dtoxtm64.c
f:\dd\vctools\crt_bld\self_x86\crt\src\expand.c
f:\dd\vctools\crt_bld\self_x86\crt\src\timeset.c
f:\dd\vctools\crt_bld\self_x86\crt\src\_filbuf.c
f:\dd\vctools\crt_bld\self_x86\crt\src\commit.c
f:\dd\vctools\crt_bld\self_x86\crt\src\write.c
f:\dd\vctools\crt_bld\self_x86\crt\src\_freebuf.c
f:\dd\vctools\crt_bld\self_x86\crt\src\ftelli64.c
f:\dd\vctools\crt_bld\self_x86\crt\src\lseek.c
f:\dd\vctools\crt_bld\self_x86\crt\src\fseeki64.c
f:\dd\vctools\crt_bld\self_x86\crt\src\close.c
f:\dd\vctools\crt_bld\self_x86\crt\src\_open.c
f:\dd\vctools\crt_bld\self_x86\crt\src\stricmp.c
f:\dd\vctools\crt_bld\self_x86\crt\src\getenv.c
f:\dd\vctools\crt_bld\self_x86\crt\prebuild\include\strgtold12.inl
f:\dd\vctools\crt_bld\self_x86\crt\src\getcwd.c
strcpy_s(resultstr, resultsize, autofos.man)
f:\dd\vctools\crt_bld\self_x86\crt\prebuild\conv\cfout.c
f:\dd\vctools\crt_bld\self_x86\crt\src\getqloc.c
f:\dd\vctools\crt_bld\self_x86\crt\src\errmode.c
f:\dd\vctools\crt_bld\self_x86\crt\src\lseeki64.c
f:\dd\vctools\crt_bld\self_x86\crt\src\isatty.c
f:\dd\vctools\crt_bld\self_x86\crt\src\mbtowc.c
_loc_update.GetLocaleT()->locinfo->mb_cur_max == 1 || _loc_update.GetLocaleT()->locinfo->mb_cur_max == 2
f:\dd\vctools\crt_bld\self_x86\crt\prebuild\tran\contrlfp.c
f:\dd\vctools\crt_bld\self_x86\crt\src\_fptostr.c
f:\dd\vctools\crt_bld\self_x86\crt\src\wctomb.c
f:\dd\vctools\crt_bld\self_x86\crt\src\open.c
0 && "Only UTF-16 little endian & UTF-8 is supported for reads"
f:\dd\vctools\crt_bld\self_x86\crt\src\mbsnbicm.c
f:\dd\vctools\crt_bld\self_x86\crt\src\mbsnbcmp.c
f:\dd\vctools\crt_bld\self_x86\crt\src\mbsnbico.c
f:\dd\vctools\crt_bld\self_x86\crt\prebuild\conv\x10fout.c
f:\dd\vctools\crt_bld\self_x86\crt\src\strnicmp.c
f:\dd\vctools\crt_bld\self_x86\crt\src\wcsnicmp.c
$f:\dd\vctools\crt_bld\self_x86\crt\src\setmode.c
f:\dd\vctools\crt_bld\self_x86\crt\src\strnicol.c
("CRT Logic error during setenv",0)
__crtsetenv
c:\%original file name%.exe
{8856F961-340A-11D0-A96B-00C04FD705A2}
All Files (*.*)
No error message is available.#Attempted an unsupported operation.$A required resource was unavailable.
Command failed.)Insufficient memory to perform operation.PSystem registry entries have been removed and the INI file (if any) was deleted.BNot all of the system registry entries (or INI file) were removed.FThis program requires the file %s, which was not found on this system.tThis program is linked to the missing export %s in the file %s. This machine may have an incompatible version of %s.
Destination disk drive is full.5Unable to read from %1, it is opened by someone else.AUnable to write to %1, it is read-only or opened by someone else.1Encountered an unexpected error while reading %1.1Encountered an unexpected error while writing %1.
#Unable to load mail system support.
(.fFb#
1')3-=#3=') '#
<5"95"95"90
;$.:'.:$&:)
.#<  %d##S#%
nDuT\;Ctt#tKtKtK#####.zK#
 3#.#%/%&./#4
#;43;;;#^##3<
# 00(0(0((0(
(($40 ,( 0 ,4$,0 0 ,

%original file name%.exe_460_rwx_0058C000_00002000:




<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0"><trustInfo xmlns="urn:schemas-microsoft-com:asm.v3"><security><requestedPrivileges><requestedExecutionLevel level="requireAdministrator" uiAccess="false"></requestedExecutionLevel></requestedPrivileges></security></trustInfo></assembly>
kernel32.dll

iexplore.exe_876:




%?9-*09,*19}*09
.text
`.data
.rsrc
msvcrt.dll
KERNEL32.dll
NTDLL.DLL
USER32.dll
SHLWAPI.dll
SHDOCVW.dll
Software\Microsoft\Windows\CurrentVersion\Explorer\BrowseNewProcess
IE-X-X
rsabase.dll
System\CurrentControlSet\Control\Windows
dw15 -x -s %u
watson.microsoft.com
IEWatsonURL
%s -h %u
iedw.exe
Iexplore.XPExceptionFilter
jscript.DLL
mshtml.dll
mlang.dll
urlmon.dll
wininet.dll
shdocvw.DLL
browseui.DLL
comctl32.DLL
IEXPLORE.EXE
iexplore.pdb
ADVAPI32.dll
MsgWaitForMultipleObjects
IExplorer.EXE
IIIIIB(II<.Fg
7?_____ZZSSH%
)z.UUUUUUUU
,....Qym
````2```
{.QLQIIIKGKGKGKGKGKG
;33;33;0
8888880
8887080
browseui.dll
shdocvw.dll
6.00.2900.5512 (xpsp.080413-2105)
Windows
Operating System
6.00.2900.5512

MagnoPlayer.exe_1908_rwx_00C96000_0000A000:




Zh.Md

MagnoPlayer.exe_1908_rwx_03D40000_00010000:




PresentationFramework.classic
PresentationFramework.Aero

MagnoPlayer.exe_1908_rwx_049B0000_00005000:




.yt^_

MagnoPlayer.exe_1908_rwx_04E80000_00004000:




WindowsFormsIntegration

WPFFontCache_v0400.exe_1852:




.text
`.data
@.rsrc
@.reloc
t1Ht.Ht
Ht.Ht
8Y%u(
Ht.Ht$Ht
tGHt;Ht.Ht$Ht
!!"$%%&$%%&())*
%s %s line %d
SHELL32.dll
RPCRT4.dll
MSVCR100_CLR0400.dll
KERNEL32.dll
ADVAPI32.dll
RegNotifyChangeKeyValue
RegCloseKey
RegQueryInfoKeyW
RegOpenKeyExW
GetSystemWindowsDirectoryW
_crt_debugger_hook
_amsg_exit
wpffontcache_v0400.pdb
.?AVMalformedKeyException@@
.?AVNotSupportedException@@
6666666666666666
666666666666
6666666
8888888
!"#$%&'()* ,-./
0000000000000
#@$@$@$@$
@:@$@$@$@$@$@$@$@$@$@$
!"#$%&'()* ,-./0
%&'(gggg)* ,..........................................................................................MMMM..
4444444444444
#$%&'()* 
!!!!"#$%&'()* ,-./0123456789:;<=
KEYW
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0"><assemblyIdentity version="1.0.0.0" processorArchitecture="X86" name="wpffontcache_v0400" type="win32"></assemblyIdentity><trustInfo xmlns="urn:schemas-microsoft-com:asm.v3"><security><requestedPrivileges><requestedExecutionLevel level="asInvoker" uiAccess="false"></requestedExecutionLevel></requestedPrivileges></security></trustInfo></assembly>PADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPAD
4 4}455<5
:":&:*:.:2:
0!0&0,03090?0
1 1$1(1,1014181
>0>8>`>~>
1$1@1\1|1
Software\Microsoft\Avalon.Graphics
kernel32.dll
SOFTWARE\Microsoft\Windows NT\CurrentVersion\Fonts
MARLETT.TTF
E\\?\
\WPFFontCache_v0400-System.dat
{2da8dded-086f-4cb9-a77f-b974b9cb0186}
\\?\UNC\
{00000000-0000-0000-0000-000000000000}
\\?\Volume
yKERNEL32.DLL
KeySize
ElementMalformedKeyTask
CacheMissReportReceivedTask
wpffontcache_v0400.exe
4.0.30319.1 built by: RTMRel
.NET Framework
4.0.30319.1

mgChecker.exe_2524_rwx_03170000_00004000:




System.Runtime.InteropServices.CustomMarshalers.EnumeratorToEnumVariantMarshaler, CustomMarshalers, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a






Remove it with Ad-Aware




    

  1. Click (here) to download and install Ad-Aware Free Antivirus.
    2. 

  2. Update the definition files.
    3. 

  3. Run a full scan of your computer.
    4. 





Manual removal*




    

  1. Terminate malicious process(es) (How to End a Process With the Task Manager):
    

    MagnoPlayerUpdaterService.exe:928
    magnoplayersetup.exe:1176
    WPFFontCache_v0400.exe:1852
    LTV2.exe:1852
    

    2. 

  2. Delete the original Malware file.
    3. 

  3. Delete or disinfect the following files created/modified by the Malware:
    

    %System%\d3d9caps.tmp (2648 bytes)
    %System%\config (288 bytes)
    %System%\config\SYSTEM.LOG (4681 bytes)
    %Program Files%\MagnoPlayer\MagnoPlayerUpdaterService.InstallState (149 bytes)
    %Program Files%\MagnoPlayer\MagnoPlayerUpdaterService.InstallLog (461 bytes)
    %System%\config\system (1719 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\loading-install[1].gif (5 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\style[1].css (6025 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\progress-level[1].png (4 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\desktop.ini (67 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\MagnoPlayerSetup[1].exe (6602552 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\i-download[1].png (3 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\desktop.ini (67 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\progress-bar[1].png (3 bytes)
    C:\logFile.txt (79455 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\bullet-short[1].gif (54 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\desktop.ini (67 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\desktop.ini (67 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\style[1].css (234 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\desktop.ini (67 bytes)
    %System%\wbem\Logs\wbemprox.log (684 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\41ee8235-49b4-465c-832b-82fa8a1264d1\magnoplayersetup.exe (6602552 bytes)
    %Documents and Settings%\All Users\Start Menu\Programs\MagnoPlayer\MagnoPlayer.lnk (1 bytes)
    %Program Files%\MagnoPlayer\references\mgChecker.exe (19592 bytes)
    %Program Files%\MagnoPlayer\uninstall.exe (4489 bytes)
    %Program Files%\MagnoPlayer\LTV2.exe (5 bytes)
    %Program Files%\MagnoPlayer\policy.2.0.taglib-sharp.config (377 bytes)
    %Program Files%\MagnoPlayer\Languages\Romanian.ini (3 bytes)
    %Program Files%\MagnoPlayer\references\policy.2.0.taglib-sharp.config (377 bytes)
    %Program Files%\MagnoPlayer\Languages\Hindi.ini (6 bytes)
    %Program Files%\MagnoPlayer\references\Thumbs.db (5 bytes)
    %Program Files%\MagnoPlayer\Languages\Dutch.ini (3 bytes)
    %Documents and Settings%\%current user%\Desktop\MagnoPlayer.lnk (1 bytes)
    %Program Files%\MagnoPlayer\Languages\Russian.ini (5 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\nsy3.tmp\AccessControl.dll (13 bytes)
    %Program Files%\MagnoPlayer\references\policy.2.0.taglib-sharp.dll (3 bytes)
    %Program Files%\MagnoPlayer\Languages\English.ini (3 bytes)
    %Program Files%\MagnoPlayer\mgpUpdater.exe (13368 bytes)
    %Program Files%\MagnoPlayer\Languages\Swedish.ini (3 bytes)
    %Program Files%\MagnoPlayer\Languages\Danish.ini (3 bytes)
    %Program Files%\MagnoPlayer\Languages\Japanese.ini (4 bytes)
    %Program Files%\MagnoPlayer\Languages\Turkish.ini (3 bytes)
    %Program Files%\MagnoPlayer\policy.2.0.taglib-sharp.dll (3 bytes)
    %Program Files%\MagnoPlayer\magnoplayer.uidnum (23 bytes)
    %Program Files%\MagnoPlayer\Languages\Greek.ini (5 bytes)
    %Program Files%\MagnoPlayer\Languages\Estonian.ini (3 bytes)
    %Documents and Settings%\All Users\Start Menu\Programs\MagnoPlayer\Uninstall MagnoPlayer.lnk (1 bytes)
    %Program Files%\MagnoPlayer\Languages\Thai.ini (5 bytes)
    %Program Files%\MagnoPlayer\icon-uninstall.ico (12536 bytes)
    %Program Files%\MagnoPlayer\Languages\ChineseT.ini (3 bytes)
    %Program Files%\MagnoPlayer\references\taglib-sharp.dll (15536 bytes)
    %Program Files%\MagnoPlayer\Languages\Polish.ini (3 bytes)
    %Program Files%\MagnoPlayer\taglib-sharp.dll (15536 bytes)
    %Program Files%\MagnoPlayer\Languages\Slovenian.ini (3 bytes)
    %Program Files%\MagnoPlayer\Languages\Catalan.ini (3 bytes)
    %Program Files%\MagnoPlayer\Languages\Hungarian.ini (3 bytes)
    %Program Files%\MagnoPlayer\Languages\Hebrew.ini (4 bytes)
    %Program Files%\MagnoPlayer\magnoplayer.affcode (3 bytes)
    %Program Files%\MagnoPlayer\MagnoPlayerUpdaterService.exe (11 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\nsy3.tmp\nsProcess.dll (4 bytes)
    %Program Files%\MagnoPlayer\references\ffmpeg.exe (811312 bytes)
    %Program Files%\MagnoPlayer\Languages\Lithuanian.ini (3 bytes)
    %Program Files%\MagnoPlayer\Languages\Czech.ini (3 bytes)
    %Program Files%\MagnoPlayer\FrameworkControl.exe (12088 bytes)
    %Program Files%\MagnoPlayer\Languages\Vietnamese.ini (4 bytes)
    %Program Files%\MagnoPlayer\dotNetFx40_Full_setup.exe (30344 bytes)
    %Program Files%\MagnoPlayer\references\NDde.dll (3616 bytes)
    %Program Files%\MagnoPlayer\Languages\Indonesian.ini (3 bytes)
    %Program Files%\MagnoPlayer\Languages\Portuguese.ini (3 bytes)
    %Program Files%\MagnoPlayer\Languages\German.ini (3 bytes)
    %Program Files%\MagnoPlayer\references\libreria.png (244 bytes)
    %Program Files%\MagnoPlayer\Languages\Spanish.ini (3 bytes)
    %Program Files%\MagnoPlayer\Languages\ChineseS.ini (3 bytes)
    %Program Files%\MagnoPlayer\Languages\Norwegian.ini (3 bytes)
    %Program Files%\MagnoPlayer\Languages\Ukrainian.ini (5 bytes)
    %Program Files%\MagnoPlayer\Languages\Italian.ini (3 bytes)
    %Program Files%\MagnoPlayer\Languages\Arabic.ini (4 bytes)
    %Program Files%\MagnoPlayer\Newtonsoft.Json.dll (16424 bytes)
    %Program Files%\MagnoPlayer\Languages\Slovak.ini (3 bytes)
    %Program Files%\MagnoPlayer\Languages\Latvian.ini (3 bytes)
    %Program Files%\MagnoPlayer\references\folder.png (472 bytes)
    %Program Files%\MagnoPlayer\references\Interop.SHDocVw.dll (5064 bytes)
    %Program Files%\MagnoPlayer\icon.ico (12536 bytes)
    %Program Files%\MagnoPlayer\references\extaudio.png (310 bytes)
    %Program Files%\MagnoPlayer\Languages\French.ini (3 bytes)
    %Program Files%\MagnoPlayer\Languages\Finnish.ini (3 bytes)
    %Program Files%\MagnoPlayer\references\extvideo.png (146 bytes)
    %Program Files%\MagnoPlayer\Languages\Bulgarian.ini (5 bytes)
    %Program Files%\MagnoPlayer\Languages\HaitianCreole.ini (3 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\nsi2.tmp (651122 bytes)
    %Program Files%\MagnoPlayer\references\Newtonsoft.Json.dll (15536 bytes)
    %Program Files%\MagnoPlayer\MagnoPlayer.exe (89498 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\nsy3.tmp\SimpleSC.dll (1856 bytes)
    %Program Files%\MagnoPlayer\Languages\Korean.ini (3 bytes)
    %Program Files%\MagnoPlayer\BrowserWeb.exe (3616 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\nsy3.tmp\System.dll (11 bytes)
    %Program Files%\MagnoPlayer\PhotoLoader.dll (784 bytes)
    %Program Files%\MagnoPlayer\references\PhotoLoader.dll (784 bytes)
    

    4. 

  4. Clean the Temporary Internet Files folder, which may contain infected files (How to clean Temporary Internet Files folder).
    5. 

  5. Reboot the computer.
    6. 



*Manual removal may cause unexpected system behaviour and should be performed at your own risk.












 
 




 
No votes yet












				


							


			

				
					  
							

		

		


					
							

	

	
	        


	

        
      
 

      
      

      
    
 

    
  
 

		


		

		
			

			

				

					Lavasoft is the maker of Ad-Aware,
					the world's most popular anti-malware 
					software with over 450 million 
					downloads.
				

				

					© 2026 Lavasoft. All rights reserved.

					Terms Of Use |   Privacy Policy
					


								

			


		

		


	

	
	

	

		x
		
Our best antivirus yet!

		
Fresh new look. Faster scanning. Better protection.

		

			
Enjoy unique new features, lightning fast scans and a simple yet beautiful new look in our best antivirus yet!

			
For a quicker, lighter and more secure experience, download the all new adaware antivirus 12 now!

			
			Download adaware antivirus 12
		

		No thanks, continue to lavasoft.com
	

	

		

			close x
			
Discover the new adaware antivirus 12

			
Our best antivirus yet

			Download Now