MD5: 1075bd193cbe0b5e4729c339d9d11feb
SHA1: 3361bd2d1c00b99bec6419bbaf0b3a2139f59aa7
SHA256: e3c513548be30d77417f1bcc6d0031fd0dee8563f08514de20a37309070227a0
SSDeep: 98304:0g56viysfW5wQwcGeYts 5sBcBw3O4hD22tkAp Mk60CY7MuziB:D5aKfWObcS2Kvw3ORykApE3CUmB
Size: 5830144 bytes
File type: EXE
Platform: WIN32
Entropy: Packed
PEID: UPolyXv05_v6
Company: no certificate found
Created at: 2015-05-14 07:24:15
Analyzed on: WindowsXP SP3 32-bit

Summary:

Trojan. A program that appears to do one thing but actually does another (a.k.a. Trojan Horse).

Payload

No specific payload has been found.

Process activity

The Trojan creates the following process(es):

WPFFontCache_v0400.exe:828
%original file name%.exe:1104
%original file name%.exe:2040
Browser.exe:924
Browser.exe:852

The Trojan injects its code into the following process(es):

TempTwitter_Follower_V4.exe:844
Browser.exe:2000
Browser.exe:408
vbc.exe:1484

Mutexes

The following mutexes were created/opened:
No objects were found.

File activity

The process TempTwitter_Follower_V4.exe:844 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Application Data\UBot Studio\Browser\4.2.16\Awesomium.dll (2032242 bytes)
%Documents and Settings%\%current user%\Application Data\UBot Studio\Browser\4.2.16\vcomp100.dll (2740 bytes)
%Documents and Settings%\%current user%\Application Data\UBot Studio\Browser\4.2.16\avutil-51.dll (4320 bytes)
%Documents and Settings%\%current user%\Application Data\UBot Studio\Browser\4.2.16\sqlite3.dll (34128 bytes)
%Documents and Settings%\%current user%\Application Data\UBot Studio\Browser\4.2.16\avformat-53.dll (5108 bytes)
%Documents and Settings%\%current user%\Application Data\UBot Studio\Browser\4.2.16\opencv_imgproc243.dll (107877 bytes)
%Documents and Settings%\%current user%\Application Data\UBot Studio\Browser\4.2.16\icudt.dll (838173 bytes)
%Documents and Settings%\%current user%\Application Data\UBot Studio\Browser\4.2.16\Browser.exe (38140 bytes)
%Documents and Settings%\%current user%\Application Data\UBot Studio\Browser\4.2.16\inspector.pak (332710 bytes)
%Documents and Settings%\%current user%\Application Data\UBot Studio\Browser\4.2.16\avcodec-53.dll (77981 bytes)
%Documents and Settings%\%current user%\Application Data\UBot Studio\Browser\4.2.16\msvcr100.dll (31138 bytes)
%Documents and Settings%\%current user%\Application Data\UBot Studio\Browser\4.2.16\msvcp100.dll (21720 bytes)
%System%\d3d9caps.tmp (2648 bytes)
%Documents and Settings%\%current user%\Application Data\UBot Studio\Browser\4.2.16\libEGL.dll (4813 bytes)
%Documents and Settings%\%current user%\Application Data\UBot Studio\Browser\4.2.16\xinput9_1_0.dll (2245 bytes)
%Documents and Settings%\%current user%\Application Data\UBot Studio\Browser\4.2.16\opencv_core243.dll (136697 bytes)
%Documents and Settings%\%current user%\Application Data\UBot Studio\Browser\4.2.16\libGLESv2.dll (22024 bytes)

The Trojan deletes the following file(s):

%System%\d3d9caps.dat (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\tmp6.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\tmp5.tmp (0 bytes)

The process %original file name%.exe:2040 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\432347 (16 bytes)
%Documents and Settings%\%current user%\Local Settings\TempTwitter_Follower_V4.exe (39411 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\incl1 (588 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\132184 (1921 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\aut4.tmp (3417 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\incl2 (1281 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\aut3.tmp (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\aut1.tmp (37635 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\aut2.tmp (392 bytes)

The Trojan deletes the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\aut1.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\aut4.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\aut2.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\aut3.tmp (0 bytes)

The process Browser.exe:924 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Application Data\UBot Studio\browser_log.txt (336 bytes)

The process Browser.exe:852 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\tmp5.tmp\Cookies (2217 bytes)
%Documents and Settings%\%current user%\Application Data\Microsoft\CryptnetUrlCache\MetaData\8A574ED5927B3CEC9626151D220C7448 (160 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\tmp5.tmp\Local Storage\https_www.google.com.ua_0.localstorage-journal (532 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\tmp5.tmp\Cache\f_000002 (50 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\tmp5.tmp\Cache\f_000003 (125 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\tmp5.tmp\Cache\f_000001 (44 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\tmp5.tmp\Cache\f_000006 (307 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\tmp5.tmp\Cache\f_000004 (49 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\tmp5.tmp\Cache\f_000005 (29 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\tmp5.tmp\Cache\index (368 bytes)
%Documents and Settings%\%current user%\Application Data\Microsoft\CryptnetUrlCache\Content\8A574ED5927B3CEC9626151D220C7448 (665 bytes)
%Documents and Settings%\%current user%\Application Data\Microsoft\CryptnetUrlCache\Content\D7B4E43171BB9E412497B0377F4343E7 (554 bytes)
%Documents and Settings%\%current user%\Application Data\UBot Studio\browser_log.txt (281 bytes)
%Documents and Settings%\%current user%\Application Data\Microsoft\CryptnetUrlCache\MetaData\D7B4E43171BB9E412497B0377F4343E7 (180 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\tmp5.tmp\Local Storage\https_www.google.com.ua_0.localstorage (149 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\tmp5.tmp\Cache\data_0 (994760 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\tmp5.tmp\Cache\data_1 (26464 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\tmp5.tmp\Cache\data_2 (7984 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\tmp5.tmp\Cache\data_3 (3040 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\tmp5.tmp\Cookies-journal (21744 bytes)
%Documents and Settings%\%current user%\Application Data\Microsoft\CryptnetUrlCache\MetaData\23B523C9E7746F715D33C6527C18EB9D (200 bytes)
%Documents and Settings%\%current user%\Application Data\Microsoft\CryptnetUrlCache\Content\23B523C9E7746F715D33C6527C18EB9D (614 bytes)

The Trojan deletes the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\tmp5.tmp\Cookies-journal (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\tmp5.tmp\Local Storage\https_www.google.com.ua_0.localstorage-journal (0 bytes)

Registry activity

The process TempTwitter_Follower_V4.exe:844 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "9B 1C E3 62 FD 46 12 50 A5 47 E6 B0 5D 05 C1 45"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"

[HKLM\System\CurrentControlSet\Hardware Profiles\0001\System\CurrentControlSet\Control\VIDEO\{6CED940B-3310-4568-885E-22B19ACF6715}\0000]
"Attach.ToDesktop" = "1"

[HKCU\Software\Microsoft\Direct3D\MostRecentApplication]
"Name" = "TempTwitter_Follower_V4.exe"

The process WPFFontCache_v0400.exe:828 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "E7 77 07 14 03 36 2D BD 99 99 B9 DE E9 CF 74 EC"

[HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Local AppData" = "%Documents and Settings%\LocalService\Local Settings\Application Data"

The process %original file name%.exe:1104 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "FF A1 D1 12 59 14 02 96 DA 71 2E 32 86 3E D9 37"

To automatically run itself each time Windows is booted, the Trojan adds the following link to its file to the system registry autorun key:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
"Cmd" = "c:\%original file name%.exe"

The process %original file name%.exe:2040 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "BF 83 42 84 DC 94 00 75 EC B6 37 A2 3C 92 A6 70"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"

[HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache\c:]
"%original file name%.exe" = "1075bd193cbe0b5e4729c339d9d11feb"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Documents" = "%Documents and Settings%\All Users\Documents"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Desktop" = "%Documents and Settings%\%current user%\Desktop"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache\C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1]
"TempTwitter_Follower_V4.exe" = ""

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Desktop" = "%Documents and Settings%\All Users\Desktop"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Personal" = "%Documents and Settings%\%current user%\My Documents"

The Trojan modifies IE settings for security zones to map all urls to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"

The Trojan modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:

"UNCAsIntranet" = "1"

The Trojan modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:

"ProxyBypass" = "1"

The process Browser.exe:2000 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "F1 48 5E DA B0 73 73 42 8A 52 A4 84 32 66 92 92"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\DirectX\XInput\XInputDebugGuid]
"BitNames" = " GXIC_ENUM GXIC_DEVINFO GXIC_DEVLIST GXIC_DRIVERCOMM GXIC_API GXIC_CORE GXIC_HOOKS GXIC_COMMON"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\DirectX\XInput]
"LogSessionName" = "stdout"
"Active" = "1"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\DirectX\XInput\XInputDebugGuid]
"Guid" = "7c830ece-5fb3-417a-a1bd-508f45277356"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\DirectX\XInput]
"ControlFlags" = "1"

The process Browser.exe:924 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "31 4A CD E2 F1 6A 21 12 47 53 FE F6 D3 05 3F B3"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\DirectX\XInput\XInputDebugGuid]
"BitNames" = " GXIC_ENUM GXIC_DEVINFO GXIC_DEVLIST GXIC_DRIVERCOMM GXIC_API GXIC_CORE GXIC_HOOKS GXIC_COMMON"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\DirectX\XInput]
"LogSessionName" = "stdout"
"Active" = "1"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\DirectX\XInput\XInputDebugGuid]
"Guid" = "7c830ece-5fb3-417a-a1bd-508f45277356"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\DirectX\XInput]
"ControlFlags" = "1"

The process Browser.exe:852 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "C7 45 7D 4F 5F F4 E7 5B 29 7F 5A 6F 51 13 60 D5"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\DirectX\XInput\XInputDebugGuid]
"BitNames" = " GXIC_ENUM GXIC_DEVINFO GXIC_DEVLIST GXIC_DRIVERCOMM GXIC_API GXIC_CORE GXIC_HOOKS GXIC_COMMON"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\DirectX\XInput]
"LogSessionName" = "stdout"
"Active" = "1"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\DirectX\XInput\XInputDebugGuid]
"Guid" = "7c830ece-5fb3-417a-a1bd-508f45277356"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\DirectX\XInput]
"ControlFlags" = "1"

The process Browser.exe:408 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "68 6C 4F 36 AB CD D1 35 F7 7A 60 5A BA 74 E1 51"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\DirectX\XInput\XInputDebugGuid]
"BitNames" = " GXIC_ENUM GXIC_DEVINFO GXIC_DEVLIST GXIC_DRIVERCOMM GXIC_API GXIC_CORE GXIC_HOOKS GXIC_COMMON"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\DirectX\XInput]
"LogSessionName" = "stdout"
"Active" = "1"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\DirectX\XInput\XInputDebugGuid]
"Guid" = "7c830ece-5fb3-417a-a1bd-508f45277356"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\DirectX\XInput]
"ControlFlags" = "1"

The process vbc.exe:1484 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "DC 5E 54 20 4A A3 4A 4C 1C C3 FD B0 D3 7D 55 FF"

Dropped PE files

HOSTS file anomalies

No changes have been detected.

Rootkit activity

No anomalies have been detected.

Propagation

VersionInfo

Company Name:
Product Name:
Product Version:
Legal Copyright:
Legal Trademarks:
Original Filename:
Internal Name:
File Version:
File Description:
Comments:
Language: Russian (Russia)

PE Sections

Dropped from:

Downloaded by:

Similar by SSDeep:

Similar by Lavasoft Polymorphic Checker:

URLs

URL	IP
hxxp://www.ubotstudio.com/files/ubot studio/v4.2.16/Awesomium.dll	198.41.189.54
hxxp://www.ubotstudio.com/files/ubot studio/v4.2.16/avcodec-53.dll	198.41.189.54
hxxp://www.ubotstudio.com/files/ubot studio/v4.2.16/avformat-53.dll	198.41.189.54
hxxp://www.ubotstudio.com/files/ubot studio/v4.2.16/avutil-51.dll	198.41.189.54
hxxp://www.ubotstudio.com/files/ubot studio/v4.2.16/icudt.dll	198.41.189.54
hxxp://www.ubotstudio.com/files/ubot studio/v4.2.16/inspector.pak	198.41.189.54
hxxp://www.ubotstudio.com/files/ubot studio/v4.2.16/libEGL.dll	198.41.189.54
hxxp://www.ubotstudio.com/files/ubot studio/v4.2.16/libGLESv2.dll	198.41.189.54
hxxp://www.ubotstudio.com/files/ubot studio/v4.2.16/msvcp100.dll	198.41.189.54
hxxp://www.ubotstudio.com/files/ubot studio/v4.2.16/msvcr100.dll	198.41.189.54
hxxp://www.ubotstudio.com/files/ubot studio/v4.2.16/opencv_core243.dll	198.41.189.54
hxxp://www.ubotstudio.com/files/ubot studio/v4.2.16/opencv_imgproc243.dll	198.41.189.54
hxxp://www.ubotstudio.com/files/ubot studio/v4.2.16/sqlite3.dll	198.41.189.54
hxxp://www.ubotstudio.com/files/ubot studio/v4.2.16/vcomp100.dll	198.41.189.54
hxxp://www.ubotstudio.com/files/ubot studio/v4.2.16/Browser.exe	198.41.189.54
hxxp://www.ubotstudio.com/files/ubot studio/v4.2.16/xinput9_1_0.dll	198.41.189.54
hxxp://www.google.com/	216.58.209.164
hxxp://www.google.com.ua/?gfe_rd=cr&ei=PwR-VZX-Bayt8wf5ioHABw	216.58.209.164
hxxp://e6845.ce.akamaiedge.net/crls/secureca.crl
hxxp://e6845.ce.akamaiedge.net/crls/gtglobal.crl
hxxp://www3.l.google.com/GIAG2.crl
hxxp://g.symcb.com/crls/gtglobal.crl	23.43.133.163
hxxp://crl.geotrust.com/crls/secureca.crl	23.43.133.163
hxxp://pki.google.com/GIAG2.crl	216.58.209.206
www.gstatic.com	216.58.209.163
ssl.gstatic.com	216.58.209.163
apis.google.com	216.58.209.174

IDS verdicts (Suricata alerts: Emerging Threats ET ruleset)

ET SHELLCODE Possible TCP x86 JMP to CALL Shellcode Detected
ET TROJAN VMProtect Packed Binary Inbound via HTTP - Likely Hostile
ET SHELLCODE Possible Call with No Offset TCP Shellcode

Traffic

GET /files/ubot studio/v4.2.16/Awesomium.dll HTTP/1.1

Accept: */*

Host: VVV.ubotstudio.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Date: Sun, 14 Jun 2015 22:45:32 GMT

Content-Type: application/octet-stream

Content-Length: 20655384

Connection: keep-alive

Set-Cookie: __cfduid=d13ff1de1ce783df38400c46dba430a951434321932; expires=Mon, 13-Jun-16 22:45:32 GMT; path=/; domain=.ubotstudio.com; HttpOnly

Last-Modified: Fri, 22 Mar 2013 23:21:09 GMT

X-Frame-Options: SAMEORIGIN

Accept-Ranges: bytes

Server: cloudflare-nginx

CF-RAY: 1f6990ecb36f08bd-FRA
MZ......................@................................... .........
..!..L.!This program cannot be run in DOS mode....$........` ...N...N.
..N...N...N.....2.N..w....N..y....N.&O....N.......N.....S.N..y....N..y
....N...O...N.......N.......N.......N.......N.Rich..N.................
........PE..L.....-Q...........!..........<..............@.........
......................p?......N;...@...........................*.~....
.*......`2...............;......p2......J.......................-*....
.p-*.@[email protected]...,.*.`....................text....-...........
............... ..`[email protected]..............@[email protected]......
... ......d [email protected].........@2.....................@....
unwante.....P2.....................@[email protected]........`2................
.....@[email protected][email protected].....................
......................................................................
......................................................................
...............................................VW...~.W...B..@...u....
...j....._^[email protected].............
....y..t..A(<.t.<.u..y..t.......3.....Q................R......Q.
L$....P.............y..t.VW.9.w...t..O.u............._^..............S
UVW;H.}p.p.;p.}h.2.z.;.}_.j..Z.;.}U;.}Q;p.}L9X.}G;h.}B;.}....|$....r..
H.;.}....O..r..H.;.~....O..R..@.;.~....G._^]..[..._^]2.[..............
.Vj,..j.V..........^.............QVj,..j.V......D$....P...#.....^Y....
...........W......._.......SU.l$...VW;.t`.................E..5.B..
<<< skipped >>>

GET /files/ubot studio/v4.2.16/avcodec-53.dll HTTP/1.1

Accept: */*

Host: VVV.ubotstudio.com

HTTP/1.1 200 OK

Date: Sun, 14 Jun 2015 22:45:51 GMT

Content-Type: application/octet-stream

Content-Length: 1100072

Connection: keep-alive

Set-Cookie: __cfduid=de4b96a645d0e434270182300211c753f1434321951; expires=Mon, 13-Jun-16 22:45:51 GMT; path=/; domain=.ubotstudio.com; HttpOnly

Last-Modified: Fri, 22 Mar 2013 23:21:05 GMT

X-Frame-Options: SAMEORIGIN

Accept-Ranges: bytes

Server: cloudflare-nginx

CF-RAY: 1f699162bd1f08bd-FRA
MZ......................@.............................................
..!..L.!This program cannot be run in DOS mode....$.......PE..L....U.N
...........#...............................e......................... 
.......S....@... .....................................................
............`K........................................................
...........................text...............................`..`.dat
a...............................@.`..rdata............................
[email protected]@.rodata.............................@.`@/4...... ...............
[email protected]..................................`..edata........
[email protected]@[email protected]
.................`[email protected].... ............b............
[email protected]..`[email protected]........................
......................................................................
......................................................................
............................................U......E..D$....e.D$....e.
.$..f............'....U......E..D$....e.D$....e..$..f............&....
U..S........e..t4.....e...9.w.....t........e...9.v...$.=f.......e.....
.$...../f.....[].....'....U....8.]..]..u..u..}..}....tC.|$..\$..4$.c..
......u......e.........E..V....E..]..u..}...]....t&...$......e........
etb..........e.h..e..t..|$..D$......4$................|$..D$......4$..
........u......1.....t&.1..v....Te........1..d..........U.......$`..e.
2f..R..te.D$.s..e..$.%f.......t..D$. ..e..$...e.......e..t1..$...e
<<< skipped >>>

GET /files/ubot studio/v4.2.16/avformat-53.dll HTTP/1.1

Accept: */*

Host: VVV.ubotstudio.com

HTTP/1.1 200 OK

Date: Sun, 14 Jun 2015 22:45:53 GMT

Content-Type: application/octet-stream

Content-Length: 191272

Connection: keep-alive

Set-Cookie: __cfduid=d3698b390fb81e9c066cbcc2671175dd21434321952; expires=Mon, 13-Jun-16 22:45:52 GMT; path=/; domain=.ubotstudio.com; HttpOnly

Last-Modified: Fri, 22 Mar 2013 23:21:05 GMT

X-Frame-Options: SAMEORIGIN

Accept-Ranges: bytes

Server: cloudflare-nginx

CF-RAY: 1f69916dce1a08bd-FRA
MZ......................@.............................................
..!..L.!This program cannot be run in DOS mode....$.......PE..L...-U.N
...........#.........................0.....j.........................0
......^.....@... .................................0...................
......... ..d.........................................................
...........................text...............................`.P`.dat
a....i...0...j..."..............@.`..rdata..`.........................
[email protected]@/[email protected]....................
[email protected]........... [email protected]@.idata..0.....
[email protected][email protected]
.... [email protected].... ....................
[email protected]................................................................
......................................................................
......................................................................
............................................U......E..D$....j.D$....j.
.$...............'....U......E..D$....j.D$....j..$.o.............&....
U..S........j..t4.....j...9.w.....t........j...9.v...$.-........j.....
.$............[].....'....U....8.]..]..u..u..}..}....tC.|$..\$..4$.C..
......u......j.........E..V....E..]..u..}...]....t&...$...............
jtb..........j....j..t..|$..D$......4$......n.........|$..D$......4$..
........u......1.....t&.1..v....D.........1..d..........U.......$.2.j.
....R..te.D$./2.j..$..........t..D$. ..j..$...j.......j..t1..$E2.j
<<< skipped >>>

GET /files/ubot studio/v4.2.16/avutil-51.dll HTTP/1.1

Accept: */*

Host: VVV.ubotstudio.com

HTTP/1.1 200 OK

Date: Sun, 14 Jun 2015 22:45:53 GMT

Content-Type: application/octet-stream

Content-Length: 123688

Connection: keep-alive

Set-Cookie: __cfduid=d49e45fa5164764645e983b0933539acd1434321953; expires=Mon, 13-Jun-16 22:45:53 GMT; path=/; domain=.ubotstudio.com; HttpOnly

Last-Modified: Fri, 22 Mar 2013 23:21:05 GMT

X-Frame-Options: SAMEORIGIN

Accept-Ranges: bytes

Server: cloudflare-nginx

CF-RAY: 1f6991712e6d08bd-FRA
MZ......................@.............................................
..!..L.!This program cannot be run in DOS mode....$.......PE..L....U.N
...........#.....Z.......H...........p.....h.........................p
.......E....@... .........................T....0......................
.........`...............................P............................
...........................text....Y.......Z..................`.P`.dat
a....<...p...>...^..............@.`./4......p...................
[email protected]....@F............................`..edata..T.........
[email protected]@[email protected]....
.....@[email protected].... ....P......................@.
0..reloc.......`[email protected]............................
......................................................................
......................................................................
......................................................................
..................................................U......E..D$....h.D$
....h..$..T............'....U......E..D$....h.D$....h..$..S...........
.&....U..S........h..t4.....h...9.w.....t........h...9.v...$..S.......
h......$......S.....[].....'....U....8.]..]..u..u..}..}....tC.|$..\$..
4$..........u......h.........E..V....E..]..u..}...]....t&...$.....,S..
......htb..........h....h..t..|$..D$......4$................|$..D$....
..4$.%........u......1.....t&.1..v.....R........1..d..........U.......
$.t.h."T..R..te.D$..t.h..$..T.......t..D$. ..h..$...h.......h..t1.
<<< skipped >>>

GET /files/ubot studio/v4.2.16/icudt.dll HTTP/1.1

Accept: */*

Host: VVV.ubotstudio.com

HTTP/1.1 200 OK

Date: Sun, 14 Jun 2015 22:45:54 GMT

Content-Type: application/octet-stream

Content-Length: 9955608

Connection: keep-alive

Set-Cookie: __cfduid=d49e45fa5164764645e983b0933539acd1434321953; expires=Mon, 13-Jun-16 22:45:53 GMT; path=/; domain=.ubotstudio.com; HttpOnly

Last-Modified: Fri, 22 Mar 2013 23:21:12 GMT

X-Frame-Options: SAMEORIGIN

Accept-Ranges: bytes

Server: cloudflare-nginx

CF-RAY: 1f6991744ead08bd-FRA
MZ......................@.............................................
..!..L.!This program cannot be run in DOS mode....$........e..W...W...
W...W...V...^|R.V...^|T.V...^|Q.V...RichW...........PE..L....2.N......
.....!...............................J................................
[email protected].................
......................................................................
.....................rdata..............................@[email protected].
..........................@..@........................................
......................................................................
......................................................................
......................................................................
......................................................................
......................................................................
......................................................................
...............................................'........CmnD........ C
opyright (C) 2010, International Business Machines Corporation and oth
ers. All Rights Reserved. ...............U.......V.......W.......^....
..p...........................%.......5.......N...0...j...P.......P2'.
.....3'.....`3'......3'.....p4'.....05'.......(.9.....*.W.....*.p...P.
*....... ....... ....... .....@S/.....@./.......0. .....0.;...0.0.K...
..0.a...0.1.v.....1.....@.1.......1.......1.....0.1.......1.......1...
.. .1.6...p.1.N.....1.f.....1.~...`.1.......1.......1.....P.1.....
<<< skipped >>>

GET /files/ubot studio/v4.2.16/inspector.pak HTTP/1.1

Accept: */*

Host: VVV.ubotstudio.com

HTTP/1.1 200 OK

Date: Sun, 14 Jun 2015 22:46:03 GMT

Content-Type: application/octet-stream

Content-Length: 4042492

Connection: keep-alive

Set-Cookie: __cfduid=d596fe33cd2139e68f79b6a2bcf90059b1434321963; expires=Mon, 13-Jun-16 22:46:03 GMT; path=/; domain=.ubotstudio.com; HttpOnly

Last-Modified: Fri, 22 Mar 2013 23:21:12 GMT

X-Frame-Options: SAMEORIGIN

Accept-Ranges: bytes

Server: cloudflare-nginx

CF-RAY: 1f6991b013b708bd-FRA
....}............9`....g........................)....oU....&j.....;...
..Q.......................g....U...........,..........................
...(P.....Y.........................................Y........ .....!..
..."..4..#..C..$.(V..%.. ..&.w...'.9...(.C...).....*.T... .6$..,.x...-
.......S.../.....0.....1.M...2..^..3. ...4.....5.5...6.....7.....8.r..
.9.w9..:..q..;.W...<..%..=.h...>[email protected].#...C.H
n..D..q..E.F...F.....G.....H.....I.....J..G..K..4..L.L...M.....N.w%..O
..b..P.....Q.8...R.2...S.p...T.....U.^)..V.....W.....X.9...Y.v...Z....
.[.....\.....]..V..^..d.._..v..`[email protected].=N..f..
...g.....h.A...i.....j..d..k.o...l.R...m.....n.#...o.....p..6..q.....r
.....s.....t..C..u..U..v..r..w.....x.....y.=...z.D...{.....|.?$..}.<
;T..~.......x............8.... .................`.....9......).....p..
..d{....p...../.....y...........L...........@ .....N....P...........g.
....&. ...Y% ....C ...gR ...#o ..... ..... ..... ..... .....!....!!...
B.!.....!...a."....1"...o\"...2.".....".....".....#...N.#...b4#...^s#.
....#.....$.....$...%V%.....&...f.&....('....2'....e'...Uw'...Q.'....4
)....d)....u).....).....)....-*...rX*...0.*...`.*....D ...CW .....,...
..,.....,.....,.....,.....-.....-.........../....9/...gK/...../...../.
...b0....x0.....0...W.0.....1....E1....m1.....1...S52....<2....<
2....=2....>[email protected]
....U2....V2....W2....X2....Y2....Z2....Z2...t[2....[2....\2....]2...@
^2....^2...ga2....b2...je2....g2....g2....i2...;j2....j2....k2....
<<< skipped >>>

GET /files/ubot studio/v4.2.16/libEGL.dll HTTP/1.1

Accept: */*

Host: VVV.ubotstudio.com

HTTP/1.1 200 OK

Date: Sun, 14 Jun 2015 22:46:08 GMT

Content-Type: application/octet-stream

Content-Length: 105240

Connection: keep-alive

Set-Cookie: __cfduid=d3b4bf53de3dcf60077cec732e5fc1a051434321968; expires=Mon, 13-Jun-16 22:46:08 GMT; path=/; domain=.ubotstudio.com; HttpOnly

Last-Modified: Fri, 22 Mar 2013 23:21:13 GMT

X-Frame-Options: SAMEORIGIN

Accept-Ranges: bytes

Server: cloudflare-nginx

CF-RAY: 1f6991cc35f608bd-FRA
MZ......................@.............................................
..!..L.!This program cannot be run in DOS mode....$.......f.^d"c07"c07
"c079..73c079..7uc079..7 c07 ..7$c07M..7&c07..K7!c07"c17Kc079..7.c079.
.7#c079..7#c079..7#c07Rich"c07........PE..L.....,Q...........!........
........e.....................................................@.......
...................b......,Z..x.......................................
[email protected]..@.............
.......text...r........................... ..`.rdata..hV.......X......
............@[email protected][email protected].........
.......b..............@[email protected][email protected]....
......................................................................
......................................................................
......................................................................
......................................................................
.............................................D$....VtrHt#Ht4H.......5.
p....$.....txP.. ....o........p.....u.3..^[email protected].......
..f...f...f.....0...F..0...#.5.p....$.....t.P.. ....5.p........3.@^...
.5.p....$....L$.....5.p....$.......5.p....$....L$..H...5.p....$....@..
[email protected]....$....L$..H...5.p....$....@
[email protected]...;.t
.V..Y.....P.WWWWW..i.._^.3.PPPPP..i....D$..V........t.V..j..Y..^....D$
[email protected].......>.u..A ..P.
<<< skipped >>>

GET /files/ubot studio/v4.2.16/libGLESv2.dll HTTP/1.1

Accept: */*

Host: VVV.ubotstudio.com

HTTP/1.1 200 OK

Date: Sun, 14 Jun 2015 22:46:09 GMT

Content-Type: application/octet-stream

Content-Length: 513816

Connection: keep-alive

Set-Cookie: __cfduid=dc11e39613fa37f5799bfe5292867e7611434321969; expires=Mon, 13-Jun-16 22:46:09 GMT; path=/; domain=.ubotstudio.com; HttpOnly

Last-Modified: Fri, 22 Mar 2013 23:21:13 GMT

X-Frame-Options: SAMEORIGIN

Accept-Ranges: bytes

Server: cloudflare-nginx

CF-RAY: 1f6991d2c67908bd-FRA
MZ......................@.............................................
..!..L.!This program cannot be run in DOS mode....$........s#...M_..M_
..M_D\._..M_..._..M_..._D.M_.j._..M_.@._..M_..6_..M_..L_..M_..._..M_..
._..M_..._..M_..._..M_Rich..M_........................PE..L.....,Q....
.......!.................X............................................
........@.........................`L.......C..d.......4...............
.........B..................................`[email protected].....
.......................text............................... ..`.rdata..
............................@[email protected]...`.......N..............@.
...rsrc...4............h..............@[email protected]......
[email protected]..........................................................
......................................................................
......................................................................
......................................................................
.............................................A...u........py..VW3...;.
t.V..Y.....P.WWWWW..).._^3.PPPPP..).......D$...V5.........#.h....P..*.
.i.....i..A..Y .Y..y...^...U...E......U..E.......;E.u..E.].U..Q.A..A..
.y...,....A$.A$..y...,......]..E...U.....u..u..u..........M..E...}..w.
].U..V.u...V.u..u.......E........;u.u..E.^]..A..T$.V.t$......9P.u.9.u.
.Q....A..I..L.....J..H...9.u.....^[email protected]$......U.
.Q.u.j..u..u..u..u..9........U...U..A......V.0;q.u..u..0.A..M..L...%;u
.u..M....p..6.p.;u.t..A..D.....I...^]...U..Q.u.j..u..u..u..u......
<<< skipped >>>

GET /files/ubot studio/v4.2.16/msvcp100.dll HTTP/1.1

Accept: */*

Host: VVV.ubotstudio.com

HTTP/1.1 200 OK

Date: Sun, 14 Jun 2015 22:46:10 GMT

Content-Type: application/octet-stream

Content-Length: 421200

Connection: keep-alive

Set-Cookie: __cfduid=d004aecbac52d6ad7644888c60052f2b21434321970; expires=Mon, 13-Jun-16 22:46:10 GMT; path=/; domain=.ubotstudio.com; HttpOnly

Last-Modified: Fri, 22 Mar 2013 23:21:13 GMT

X-Frame-Options: SAMEORIGIN

Accept-Ranges: bytes

Server: cloudflare-nginx

CF-RAY: 1f6991d996f608bd-FRA
MZ......................@.............................................
..!..L.!This program cannot be run in DOS mode....$........._d..17..17
..17...7..17...7..17..07 .17(..7..17...7..17...7..17...7..17...7..17..
.7..17...7..17...7..17Rich..17........................PE..L......K....
......"!.................<.............x...........................
...........@.................................`...<.... ............
...V..P....0..H;..p................................/..@...............
p............................text............................... ..`.d
ata...$:.......,[email protected]........ ..................
....@[email protected][email protected]......................
......................................................................
......................................................................
......................................................................
......................................................................
......................................................~...d...H...4...
................................l...Z...D.............................
......|...`[email protected]...|...........
....................................................$...0...@...J...X.
..................................................&...0...H...^...r...
........................J...n...................F...h.................
..*...r...........4...j...............X...............................
.... ...*...N...b...l...z...................................&...&l
<<< skipped >>>

GET /files/ubot studio/v4.2.16/msvcr100.dll HTTP/1.1

Accept: */*

Host: VVV.ubotstudio.com

HTTP/1.1 200 OK

Date: Sun, 14 Jun 2015 22:46:11 GMT

Content-Type: application/octet-stream

Content-Length: 770384

Connection: keep-alive

Set-Cookie: __cfduid=df701626638e30f129ad46855e5343ff21434321971; expires=Mon, 13-Jun-16 22:46:11 GMT; path=/; domain=.ubotstudio.com; HttpOnly

Last-Modified: Fri, 22 Mar 2013 23:21:13 GMT

X-Frame-Options: SAMEORIGIN

Accept-Ranges: bytes

Server: cloudflare-nginx

CF-RAY: 1f6991df577208bd-FRA
MZ......................@.............................................
..!..L.!This program cannot be run in DOS mode....$........ R.HA<.H
A<.HA<.A9..KA<.HA=..A<.'7...@<.'7...A<.'7..|A<.'7
...A<.'7..IA<.'7..IA<.'7..IA<.RichHA<.........PE..L....
..K.........."!................. ....... .....x.......................
[email protected]...(................
.......P....... L..h...8...........................pE..@..............
..............................text............................... ..`.
data...|Z... [email protected].........
.....@[email protected].. L.......N...\[email protected].....................
......................................................................
......................................................................
......................................................................
......................................................................
......................................................................
.............H...X...h...z.......................................,...&
gt;...f...~...........................................6...F...^...r...
................................ [email protected].................
.............. [email protected]...................................
$...:...L...\...j...|...................................0...H...X...t.
..................................,...B...\...l...z...................
................,[email protected]...~.................................
<<< skipped >>>

GET /files/ubot studio/v4.2.16/opencv_core243.dll HTTP/1.1

Accept: */*

Host: VVV.ubotstudio.com

HTTP/1.1 200 OK

Date: Sun, 14 Jun 2015 22:46:12 GMT

Content-Type: application/octet-stream

Content-Length: 2025984

Connection: keep-alive

Set-Cookie: __cfduid=dede422fca272c7e3bc81d235850d3dbe1434321972; expires=Mon, 13-Jun-16 22:46:12 GMT; path=/; domain=.ubotstudio.com; HttpOnly

Last-Modified: Fri, 22 Mar 2013 23:21:14 GMT

X-Frame-Options: SAMEORIGIN

Accept-Ranges: bytes

Server: cloudflare-nginx

CF-RAY: 1f6991e7381808bd-FRA
MZ......................@.............................................
..!..L.!This program cannot be run in DOS mode....$........^...?...?..
.?..#qC..?....E..?....G..?....q..?...GH..?...?...?....p..?....@..?....
F..?..Rich.?..................PE..L......P...........!.....H..........
.x.......`...............................0.......,....@...............
[email protected]..........
........................@............`...............................t
ext....F.......H.................. ..`.rdata...~...`.......L..........
....@[email protected][email protected]........@........
..............@[email protected][email protected]............
......................................................................
......................................................................
......................................................................
......................................................................
.................................................c.............c......
......U..Q.E..]..E...]................U..j.hi}..d.....PQV..&..3.P.E.d.
.......u..E.P...b...E........c...E........M.d......Y^..]........U..j.h
.}..d.....PQ..&..3.P.E.d......M....c...E........b...M.d......Y..].....
....U..j.h.}..d.....PQV..&..3.P.E.d........u....c...E........b...E..t.
V..]........M.d......Y^..]....U...E.].........................U...M..U
.V.u.W...r...;.u.............s...tE.....9 .u1...v6..B...y. .u ...v%..B
...y. .u....v...B...I. ...._...^]._3.^]...........U...E..P...$....
<<< skipped >>>

GET /files/ubot studio/v4.2.16/opencv_imgproc243.dll HTTP/1.1

Accept: */*

Host: VVV.ubotstudio.com

HTTP/1.1 200 OK

Date: Sun, 14 Jun 2015 22:46:14 GMT

Content-Type: application/octet-stream

Content-Length: 1852416

Connection: keep-alive

Set-Cookie: __cfduid=d682b5d9c38fec1df08c24bb76b2f2e331434321974; expires=Mon, 13-Jun-16 22:46:14 GMT; path=/; domain=.ubotstudio.com; HttpOnly

Last-Modified: Fri, 22 Mar 2013 23:21:15 GMT

X-Frame-Options: SAMEORIGIN

Accept-Ranges: bytes

Server: cloudflare-nginx

CF-RAY: 1f6991f5d93108bd-FRA
MZ......................@.............................................
..!..L.!This program cannot be run in DOS mode....$.......R.. ...x...x
...x..Yx...x.._x...x..kx...x..]x...x..Rx...x...x:..x..jx9..x..Zx...x..
\x...xRich...x........................PE..L......P...........!........
.>......._....... ................................%...........@....
.....................`...}.......d.....%.......................%......
$..................................@............ .....................
..........text............................... ..`.rdata...K... ...L...
...............@[email protected][email protected]......
...%.....................@[email protected]........%[email protected].
......................................................................
......................................................................
......................................................................
......................................................................
...............................................U...E...u..E....u.3.]..
..uS.....]....u..E....u......]....u3.....]....u..E....u......]....u...
...]....u.9E.u.]....]..............U..S.].V3.W....,....u...u..M..U..~.
..xk...........\...W...*.......XA..W...*...XI....I....A...\...W...*...
\....XA..W...*...X........A.......;.~..M.;......... ....|o.~..L.......
......W...*...XA....A...\...W...*...XA....A...\...W...*...X.......\...
W...*...XA....A.......;.|..M.;...............<..W...*...X.......@;.
|._^[]..}...........}..U...........M...... ..}.....$.....}..4..<
<<< skipped >>>

GET /files/ubot studio/v4.2.16/sqlite3.dll HTTP/1.1

Accept: */*

Host: VVV.ubotstudio.com

HTTP/1.1 200 OK

Date: Sun, 14 Jun 2015 22:46:17 GMT

Content-Type: application/octet-stream

Content-Length: 600868

Connection: keep-alive

Set-Cookie: __cfduid=d135fea49b82e74237078f81d5b649bdf1434321977; expires=Mon, 13-Jun-16 22:46:17 GMT; path=/; domain=.ubotstudio.com; HttpOnly

Last-Modified: Fri, 22 Mar 2013 23:21:16 GMT

X-Frame-Options: SAMEORIGIN

Accept-Ranges: bytes

Server: cloudflare-nginx

CF-RAY: 1f6992063a5c08bd-FRA
MZ......................@.............................................
..!..L.!This program cannot be run in DOS mode....$.......PE..L.....mP
[email protected].....`..........................
......A......... ...................... ..<....@...................
............p...$...........................`.......................A.
.d............................text....>.......@..................`.
0`.data...<[email protected]....`.......V...
...........@.@@[email protected]..<...
. [email protected]@.idata.......@[email protected]
[email protected].... ....`....... ..........
[email protected]...$...p...&..."[email protected]/4......`............H
..............@.@B/[email protected]/35.....M...
[email protected]/[email protected]/6
3.......... [email protected]/77..........0..................
[email protected]/89..........@[email protected]/102.........P........
[email protected]/113.........`[email protected]/124........
[email protected]..........................................
......................................................................
......................................................................
......................................................................
......................................................................
..................................................................
<<< skipped >>>

GET /files/ubot studio/v4.2.16/vcomp100.dll HTTP/1.1

Accept: */*

Host: VVV.ubotstudio.com

HTTP/1.1 200 OK

Date: Sun, 14 Jun 2015 22:46:18 GMT

Content-Type: application/octet-stream

Content-Length: 51024

Connection: keep-alive

Set-Cookie: __cfduid=d7d96774769f9274441f8928fd39dcd951434321978; expires=Mon, 13-Jun-16 22:46:18 GMT; path=/; domain=.ubotstudio.com; HttpOnly

Last-Modified: Fri, 22 Mar 2013 23:21:19 GMT

X-Frame-Options: SAMEORIGIN

Accept-Ranges: bytes

Server: cloudflare-nginx

CF-RAY: 1f69920f5b0d08bd-FRA
MZ......................@.............................................
..!..L.!This program cannot be run in DOS mode....$.......\}..........
....wjQ.....wje......d\.........'...wj`.....wjT.....wjU.....wjR.....Ri
ch............PE..L......K.........."!................#X.............r
................................".....@...............................
..t...<.......................P.......\............................
[email protected]..........
..................... ..`[email protected]
...............................@[email protected].............................
[email protected].................................................................
......................................................................
......................................................................
......................................................................
......................................................................
......................................................................
.....6...F...\...h...x......................................."...4...J
...V...~...................................$...4...P...j..............
.........................&...6...B...T...j...~.......P...<.........
..............l..........................r.......K........*...........
...r...r................\...\...*...*...............\.......P.A.T.H...
..P.A.T.H.....v.c.o.m.p.1.0.0.u.i...d.l.l.............v.c.o.m.p.1.0.0.
u.i...d.l.l.................O.M.P._.N.U.M._.T.H.R.E.A.D.S...O.M.P.
<<< skipped >>>

GET /files/ubot studio/v4.2.16/Browser.exe HTTP/1.1

Accept: */*

Host: VVV.ubotstudio.com

HTTP/1.1 200 OK

Date: Sun, 14 Jun 2015 22:46:19 GMT

Content-Type: application/octet-stream

Content-Length: 631872

Connection: keep-alive

Set-Cookie: __cfduid=decd10a31103f2ad4f8041341583afbc91434321979; expires=Mon, 13-Jun-16 22:46:19 GMT; path=/; domain=.ubotstudio.com; HttpOnly

Last-Modified: Fri, 22 Mar 2013 23:21:09 GMT

X-Frame-Options: SAMEORIGIN

Accept-Ranges: bytes

Server: cloudflare-nginx

CF-RAY: 1f6992141b6408bd-FRA
MZ......................@.............................................
..!..L.!This program cannot be run in DOS mode....$..........s... ... 
... c.k ... ..m ... ..Y ... ..` ... ..o ... ..X ... .zo ... ... ... ..
\ ... ..i ... ..n ... Rich... ........................PE..L.....LQ....
.............F...D...............`....@...............................
..|.....@.................................,............=..............
@....0..._..`d..................................@............`........
.......................text....D.......F.................. ..`.rdata..
.d...`...f...J..............@[email protected]...|...........................@.
...rsrc....=.......>..................@[email protected]...........
[email protected].......................................................
......................................................................
......................................................................
......................................................................
..................................................dG..%laG.....U..V...
..dG...laG..E..t.V...bG......^]..........U..j.h.'G.d.....P..$.P.H.3..E
.SVP.E.d.....j...3.h..G..M..E......]..].......]..}...E.s..E..M.QP.U.R.
.dcG.....F..E...x..r....N..U.RP.E.QP.....cG..M..]...hcG..}..r..M.Q...b
G.....M.d......Y^[.M.3........]........U...U.V....W.F......F.........x
[email protected]. .PR...>..._..^].........V...~..r...P...bG.....F......F....
....^............x..r.........U..S.].V...M.W.y.;.s.h..G...XaG..E. .;.s
...;.u.j...W.......Sj........_..^[]......v.h$.G...\aG..F.;.s(.F.PW
<<< skipped >>>

GET /files/ubot studio/v4.2.16/xinput9_1_0.dll HTTP/1.1

Accept: */*

Host: VVV.ubotstudio.com

HTTP/1.1 200 OK

Date: Sun, 14 Jun 2015 22:46:21 GMT

Content-Type: application/octet-stream

Content-Length: 61136

Connection: keep-alive

Set-Cookie: __cfduid=d0b18f641016662acb4339e81b9fee0fb1434321980; expires=Mon, 13-Jun-16 22:46:20 GMT; path=/; domain=.ubotstudio.com; HttpOnly

Last-Modified: Fri, 22 Mar 2013 23:21:19 GMT

X-Frame-Options: SAMEORIGIN

Accept-Ranges: bytes

Server: cloudflare-nginx

CF-RAY: 1f69921ccc0b08bd-FRA
MZ......................@.............................................
..!..L.!This program cannot be run in DOS mode....$........s,...B...B.
..B...C...B.w.....B.w.M...B.w.....B.w.....B.w."...B.w.....B.w.....B.Ri
ch..B.................PE..L......C...........!.........6......E]......
......@.......................... ....................................
..............d.......................................................
............p [email protected].
.......................... ..`.data...|#..........................@...
.rsrc...............................@[email protected]........................
[email protected]............................................................
......................................................................
......................................................................
......................................................................
......................................................................
............................................................x...f...X.
.............."[email protected]...`...p...~...............................
0...N...`...l...|.......................................".......>..
.X...p...........................................&...4...D...T...f...v
.......................................&...6.......................~..
.0...........t.......2...P.......h............Z@[email protected][email protected].@..
[email protected][email protected]........(.... .........|._zA..P.E's
V0.1.2.3.4.5.6.7.8.9.a.b.c.d.e.f.....B.i.t.N.a.m.e.s.....G.u.i.d..
<<< skipped >>>

GET /crls/gtglobal.crl HTTP/1.1

Accept: */*

User-Agent: Microsoft-CryptoAPI/5.131.2600.5512

Host: g.symcb.com

Connection: Keep-Alive

Cache-Control: no-cache

Pragma: no-cache

HTTP/1.1 200 OK

Server: Apache

ETag: "f3b8f1885d83563fa59df43797ab8c94:1432174867"

Last-Modified: Thu, 21 May 2015 02:21:07 GMT

Date: Sun, 14 Jun 2015 22:46:23 GMT

Content-Length: 554

Connection: keep-alive

Content-Type: application/pkix-crl
0..&0...0...*.H........0B1.0...U....US1.0...U....GeoTrust Inc.1.0...U.
...GeoTrust Global CA..150312115301Z..150630115301Z0..0....4...0310111
41952Z0....5...060809140549Z0....4]..020522080843Z0....5Y..05072212592
6Z0....4\..020522080900Z0....6k..070711055050Z0....4Z..020521134804Z0.
..*.H.............L%..b..D.c.....if.....q..K....[......{.q.]Kwt.6.p...
.............. .....o....uf.5.U..e..Ng.......k.l..g5.HJ....<....3.D
.<.;8.....E6.G;..f.r...e..]..S&.&W.d%..w.[|....N....p..U...^...%$..
..ea......H#.6.z....P...^.........wO....<<G.x.....0.A....4....Y.
b."j}.HTTP/1.1 200 OK..Server: Apache..ETag: "f3b8f1885d83563fa59df437
97ab8c94:1432174867"..Last-Modified: Thu, 21 May 2015 02:21:07 GMT..Da
te: Sun, 14 Jun 2015 22:46:23 GMT..Content-Length: 554..Connection: ke
ep-alive..Content-Type: application/pkix-crl..0..&0...0...*.H........0
B1.0...U....US1.0...U....GeoTrust Inc.1.0...U....GeoTrust Global CA..1
50312115301Z..150630115301Z0..0....4...031011141952Z0....5...060809140
549Z0....4]..020522080843Z0....5Y..050722125926Z0....4\..020522080900Z
0....6k..070711055050Z0....4Z..020521134804Z0...*.H.............L%..b.
.D.c.....if.....q..K....[......{.q.]Kwt.6.p................. .....o...
.uf.5.U..e..Ng.......k.l..g5.HJ....<....3.D.<.;8.....E6.G;..f.r.
..e..]..S&.&W.d%..w.[|....N....p..U...^...%$....ea......H#.6.z....P...
^.........wO....<<G.x.....0.A....4....Y.b."j}...
<<< skipped >>>

GET /?gfe_rd=cr&ei=PwR-VZX-Bayt8wf5ioHABw HTTP/1.1

Host: VVV.google.com.ua

Connection: keep-alive

User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.1 (KHTML, like Gecko) Chrome/21.0.1180.83 Safari/537.1

Accept: text/html,application/xhtml xml,application/xml;q=0.9,*/*;q=0.8

Accept-Encoding: gzip,deflate

Accept-Language: en-us,en

Accept-Charset: iso-8859-1,*,utf-8

HTTP/1.1 302 Found

Location: hXXps://VVV.google.com.ua/?gfe_rd=cr&ei=PwR-VZX-Bayt8wf5ioHABw&gws_rd=ssl

Cache-Control: private

Content-Type: text/html; charset=UTF-8

Set-Cookie: PREF=ID=e7fef5a2452aa473:FF=0:TM=1434321983:LM=1434321983:S=zLrUkAeBF09aMS93; expires=Tue, 13-Jun-2017 22:46:23 GMT; path=/; domain=.google.com.ua

Set-Cookie: NID=68=k8MqV-tv-HlahTzVfzE30Uk6iRaZsjRioUPoO1wJnpeSzwNVTMTGMQequE1YEmOhkyT-p89rY2zL2hPZWWnS_q8KW4nIVt8vk7VjhaWFis8Nn3tNC8eYzDfYRNs1xO7t; expires=Mon, 14-Dec-2015 22:46:23 GMT; path=/; domain=.google.com.ua; HttpOnly

P3P: CP="This is not a P3P policy! See hXXp://VVV.google.com/support/accounts/bin/answer.py?hl=en&answer=151657 for more info."

Date: Sun, 14 Jun 2015 22:46:23 GMT

Server: gws

Content-Length: 278

X-XSS-Protection: 1; mode=block

X-Frame-Options: SAMEORIGIN

Alternate-Protocol: 80:quic,p=0
<HTML><HEAD><meta http-equiv="content-type" content="te
xt/html;charset=utf-8">.<TITLE>302 Moved</TITLE></HE
AD><BODY>.<H1>302 Moved</H1>.The document has mov
ed.<A HREF="hXXps://VVV.google.com.ua/?gfe_rd=cr&ei=PwR-VZX-Bay
t8wf5ioHABw&gws_rd=ssl">here</A>...</BODY></HTML
>..HTTP/1.1 302 Found..Location: hXXps://VVV.google.com.ua/?gfe_rd=
cr&ei=PwR-VZX-Bayt8wf5ioHABw&gws_rd=ssl..Cache-Control: private..Conte
nt-Type: text/html; charset=UTF-8..Set-Cookie: PREF=ID=e7fef5a2452aa47
3:FF=0:TM=1434321983:LM=1434321983:S=zLrUkAeBF09aMS93; expires=Tue, 13
-Jun-2017 22:46:23 GMT; path=/; domain=.google.com.ua..Set-Cookie: NID
=68=k8MqV-tv-HlahTzVfzE30Uk6iRaZsjRioUPoO1wJnpeSzwNVTMTGMQequE1YEmOhky
T-p89rY2zL2hPZWWnS_q8KW4nIVt8vk7VjhaWFis8Nn3tNC8eYzDfYRNs1xO7t; expire
s=Mon, 14-Dec-2015 22:46:23 GMT; path=/; domain=.google.com.ua; HttpOn
ly..P3P: CP="This is not a P3P policy! See hXXp://VVV.google.com/suppo
rt/accounts/bin/answer.py?hl=en&answer=151657 for more info."..Date: S
un, 14 Jun 2015 22:46:23 GMT..Server: gws..Content-Length: 278..X-XSS-
Protection: 1; mode=block..X-Frame-Options: SAMEORIGIN..Alternate-Prot
ocol: 80:quic,p=0..<HTML><HEAD><meta http-equiv="conten
t-type" content="text/html;charset=utf-8">.<TITLE>302 Moved&l
t;/TITLE></HEAD><BODY>.<H1>302 Moved</H1>.T
he document has moved.<A HREF="hXXps://VVV.google.com.ua/?gfe_rd=cr
&ei=PwR-VZX-Bayt8wf5ioHABw&gws_rd=ssl">here</A>..
<<< skipped >>>

GET / HTTP/1.1

Host: VVV.google.com

Connection: keep-alive

User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.1 (KHTML, like Gecko) Chrome/21.0.1180.83 Safari/537.1

Accept: text/html,application/xhtml xml,application/xml;q=0.9,*/*;q=0.8

Accept-Encoding: gzip,deflate

Accept-Language: en-us,en

Accept-Charset: iso-8859-1,*,utf-8

HTTP/1.1 302 Found

Cache-Control: private

Content-Type: text/html; charset=UTF-8

Location: hXXp://VVV.google.com.ua/?gfe_rd=cr&ei=PwR-VZX-Bayt8wf5ioHABw

Content-Length: 262

Date: Sun, 14 Jun 2015 22:46:23 GMT

Server: GFE/2.0

Alternate-Protocol: 80:quic,p=0
<HTML><HEAD><meta http-equiv="content-type" content="te
xt/html;charset=utf-8">.<TITLE>302 Moved</TITLE></HE
AD><BODY>.<H1>302 Moved</H1>.The document has mov
ed.<A HREF="hXXp://VVV.google.com.ua/?gfe_rd=cr&ei=PwR-VZX-Bayt
8wf5ioHABw">here</A>...</BODY></HTML>..HTTP/1.1 3
02 Found..Cache-Control: private..Content-Type: text/html; charset=UTF
-8..Location: hXXp://VVV.google.com.ua/?gfe_rd=cr&ei=PwR-VZX-Bayt8wf5i
oHABw..Content-Length: 262..Date: Sun, 14 Jun 2015 22:46:23 GMT..Serve
r: GFE/2.0..Alternate-Protocol: 80:quic,p=0..<HTML><HEAD>&
lt;meta http-equiv="content-type" content="text/html;charset=utf-8">
;.<TITLE>302 Moved</TITLE></HEAD><BODY>.<H1
>302 Moved</H1>.The document has moved.<A HREF="hXXp://www
.google.com.ua/?gfe_rd=cr&ei=PwR-VZX-Bayt8wf5ioHABw">here</A
>...</BODY></HTML>....

GET /crls/secureca.crl HTTP/1.1

Accept: */*

User-Agent: Microsoft-CryptoAPI/5.131.2600.5512

Host: crl.geotrust.com

Connection: Keep-Alive

Cache-Control: no-cache

Pragma: no-cache

HTTP/1.1 200 OK

Server: Apache

ETag: "6290333eb42b4d339740f87d34a324b9:1434318922"

Last-Modified: Sun, 14 Jun 2015 21:55:22 GMT

Date: Sun, 14 Jun 2015 22:46:23 GMT

Content-Length: 614

Connection: keep-alive

Content-Type: application/pkix-crl
0..b0...0...*.H........0N1.0...U....US1.0...U....Equifax1-0 ..U...$Equ
ifax Secure Certificate Authority..150614214300Z..150624214300Z0..J0..
..v...140618150003Z0........140709194633Z0........140416233935Z0....Bf
..120627171053Z0.....3..020515130611Z0........100729164439Z0....%...02
0514181157Z0........140725020038Z0....M\..140430000442Z0........100729
164732Z0....uU..150118022133Z0........120627171025Z0........1406181432
56Z0.....>..140711125531Z0....j...140226123519Z0...*.H............%
..... ._...QGQ.R..b...K.....x... .c.... t..f...~u...R.mg..m..l^i..epd.
] 0..'w....k.E....N.1r.9.d#..q.....E.....s.._l.{.4..G..r.HTTP/1.1 200 
OK..Server: Apache..ETag: "6290333eb42b4d339740f87d34a324b9:1434318922
"..Last-Modified: Sun, 14 Jun 2015 21:55:22 GMT..Date: Sun, 14 Jun 201
5 22:46:23 GMT..Content-Length: 614..Connection: keep-alive..Content-T
ype: application/pkix-crl..0..b0...0...*.H........0N1.0...U....US1.0..
.U....Equifax1-0 ..U...$Equifax Secure Certificate Authority..15061421
4300Z..150624214300Z0..J0....v...140618150003Z0........140709194633Z0.
.......140416233935Z0....Bf..120627171053Z0.....3..020515130611Z0.....
...100729164439Z0....%...020514181157Z0........140725020038Z0....M\..1
40430000442Z0........100729164732Z0....uU..150118022133Z0........12062
7171025Z0........140618143256Z0.....>..140711125531Z0....j...140226
123519Z0...*.H............%..... ._...QGQ.R..b...K.....x... .c.... t..
f...~u...R.mg..m..l^i..epd.] 0..'w....k.E....N.1r.9.d#..q.....E.....s.
._l.{.4..G..r...
<<< skipped >>>

GET /GIAG2.crl HTTP/1.1

Accept: */*

User-Agent: Microsoft-CryptoAPI/5.131.2600.5512

Host: pki.google.com

Connection: Keep-Alive

Cache-Control: no-cache

Pragma: no-cache

HTTP/1.1 200 OK

Vary: Accept-Encoding

Content-Type: application/pkix-crl

Last-Modified: Sun, 14 Jun 2015 02:15:00 GMT

Date: Sun, 14 Jun 2015 22:44:15 GMT

Expires: Sun, 14 Jun 2015 23:44:15 GMT

X-Content-Type-Options: nosniff

Server: sffe

X-XSS-Protection: 1; mode=block

Cache-Control: public, max-age=3600

Age: 128

Alternate-Protocol: 80:quic,p=0

Accept-Ranges: none

Transfer-Encoding: chunked
299..0...0..}...0...*.H........0I1.0...U....US1.0...U....Google Inc1%0
#..U....Google Internet Authority G2..150614010003Z..150624010003Z0..0
'..Fv.....L..150325190542Z0.0...U.......0'..\5T.o..o..141029095402Z0.0
...U.......0'...;. .@_...150212102446Z0.0...U.......0'...&g...Qw..1503
18095112Z0.0...U.......0'............140908141839Z0.0...U........00.0.
..U.#..0...J......h.v....b..Z./0...U........0...*.H.............#.<
....ku]..K..V.qa./...J....[.k/......!...FJ.Z.........;[email protected]
...a..1^......M`.\...J9hG.c.Q.K.......@.*FR...~...w..m0.7....o-<N.m
c......4....A........L.........`.....K..p....H.U...LZ.._.w....H.2...&.
..dg [email protected].&YI...<Bu..Nx..e.......,..c......!. ..0..HTTP/1.1 200 OK.
.Vary: Accept-Encoding..Content-Type: application/pkix-crl..Last-Modif
ied: Sun, 14 Jun 2015 02:15:00 GMT..Date: Sun, 14 Jun 2015 22:44:15 GM
T..Expires: Sun, 14 Jun 2015 23:44:15 GMT..X-Content-Type-Options: nos
niff..Server: sffe..X-XSS-Protection: 1; mode=block..Cache-Control: pu
blic, max-age=3600..Age: 128..Alternate-Protocol: 80:quic,p=0..Accept-
Ranges: none..Transfer-Encoding: chunked..299..0...0..}...0...*.H.....
...0I1.0...U....US1.0...U....Google Inc1%0#..U....Google Internet Auth
ority G2..150614010003Z..150624010003Z0..0'..Fv.....L..150325190542Z0.
0...U.......0'..\5T.o..o..141029095402Z0.0...U.......0'...;. .@_...150
212102446Z0.0...U.......0'...&g...Qw..150318095112Z0.0...U.......0'...
.........140908141839Z0.0...U........00.0...U.#..0...J......h.v....b..
Z./0...U........0...*.H.............#.<....ku]..K..V.qa./...J..
<<< skipped >>>

The Trojan connects to the servers at the folowing location(s):

s.Vx^

c.Vx^

S.Vx^

C.Vx^

vbc.exe_1484:

.text

`.reloc

B.rsrc

/.ffefefeeffe

lSystem.Resources.ResourceReader, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet

sÞUK

v2.0.50727

NanoCore Client.exe

Microsoft.VisualBasic

System.Windows.Forms

System.Drawing

kernel32.dll

psapi.dll

advapi32.dll

ntdll.dll

dnsapi.dll

ClientLoaderForm.resources

Microsoft.VisualBasic.ApplicationServices

Microsoft.VisualBasic.CompilerServices

Operators

Microsoft.VisualBasic.Devices

Microsoft.Win32

RegistryKey

NanoCore.ClientPlugin

NanoCore.ClientPluginHost

System.CodeDom.Compiler

System.Collections.Generic

KeyValuePair`2

System.Collections

System.ComponentModel

System.Diagnostics

ProcessWindowStyle

InvalidOperationException

System.IO

System.IO.Compression

System.Net

System.Net.Sockets

SocketAsyncOperation

OperatingSystem

System.Reflection

System.Runtime.CompilerServices

System.Runtime.InteropServices

System.Security.AccessControl

System.Security.Cryptography

System.Security.Principal

WindowsBuiltInRole

WindowsIdentity

WindowsPrincipal

System.Text

System.Threading

FormWindowState

#=qmLTtz8OEDrkzFTzYkI_Dg1dvKwiGw9blNcZSU_QqMsg=

.cctor

.ctor

ClosePipe

PipeExists

#=qNn8WS2rooUJUoMsG84mQ7PkK4IQF8$E42cyDjfL7Kqc=

#=qwSqLSPEuM8lJy4sOeuH92YjPodcLquqdG$OodozwC60=

#=qiY1B9yU2oVkPHxhn$y67SFTP8x1Jb0botGqdUGkdpQg=

CreatePipe

PipeCreated

#=q85afbI_HcqBFOZnC0iAqsNghLb3LsuyjFtpLEYYoPX8=

#=q$fGRvwQxjFKeY$SH10p0pyPTU$R77VMKr3CcLFQeQ2Y=

#=q6wR5WMLGkL9afTpqmWsw9g==

SetThreadExecutionState

RegOpenKeyEx

RegCloseKey

ContainsKey

PipeClosed

get_Key

GetExecutingAssembly

set_Key

get_ExecutablePath

OpenSubKey

set_UseShellExecute

set_WindowStyle

GetPublicKeyToken

get_Port

get_LastOperation

set_WindowState

8.0.0.0

System.Windows.Forms.Form

My.MyProject.Forms

4System.Web.Services.Protocols.SoapHttpClientProtocol

$994c8143-1aef-4fd7-8af3-df9fb7717866

1.2.2.0

_CorExeMain

mscoree.dll

(<I1%S$

psEd%Uf

T7.wjB

.jKMl

Y#-Ul}

KcrT

@%U-V

.oo59 

VmsG

SMO1;%xP>

TempTwitter_Follower_V4.exe_844_rwx_03270000_00010000:

{ad908e82-5d27-4d2f-94a4-78e68181094f}

DW20.EXE_644:

.text

`.data

.cdata

.rsrc

watson.microsoft.com

.mdmp

%s?szAppName=%S&szAppVer=%S&szAppStamp=%S&szModName=%S&szModVer=%S&szModStamp=%S&fDebug=%S&offset=%S

/dw/stagetwo.asp

%s/%S/%S/%S/%S/%S/%S/%S/%S.htm

Failed to fill report params from generic params

Not offering reporting

%s Mode

Failed to get a reporting destination

Nothing to report from queue

No reports left to send. Removing queue triggers and bailing.

Failed to plug UI; LCID=%u

Ignoring %S due to unknown queue version

Reporting is disabled

SignOff queue reporting is disabled

Queued Reporting Mode called but still want to report to the queue

Bad queue type to report from

No reports for given queue mask - %u

Invalid queue mask - %u

Suspending: Force cancel to queued reporting

Suspending: Force cancel to network reporting

CreateWindowExA failed with %d.

Application Error Reporting %d

WatsonQueuedReportingInstanceVerification

riched20.dll

qMicrosoft\PCHealth\ErrorReporting\DW

msaccess.exe

hXXp://watson.microsoft.com/dw/dcp.asp

hXXp://watson.microsoft.com/dw/watsoninfo.asp

dwintl20.dll

Launching lightweight browser with URL

mshtml.dll

Not reporting

Reporting

DWBypassQueue

DWExplainerURL

DWNoSignOffQueueReporting

DWAlwaysReport

DWReporteeName

DWURLLaunch

DWNoExternalURL

DWStressReport

ole32.dll

imm32.dll

BTLog.dll

Microsoft\PCHealth\ErrorReporting\DW

HKLM\Software\Microsoft\Windows NT\CurrentVersion\AeDebug\Debugger

hXXp://

hXXps://

Software\Microsoft\PCHealth\ErrorReporting\DW\Debug

%s\%s

https

DwBTLog.log

Failed to get minidump for %S!

szAppName=%s

szAppVer=%d.%d.%d.%d

szAppStamp=x

szModName=%s

szModVer=%d.%d.%d.%d

szModStamp=x

fDebug=%s

offset=x

microsoft.com

.msn.com

.microsoft.com

d:d:d d-d-d

/dw/generictwo.asp

kernel32.dll

psapi.dll

mso.dll

MsoDWRecover%x

MsoDWHang%x

Launching browser with URL

shell32.dll

%d.%d.%d.%d

%d.%d.%d.%d.x.%d.%d

shfolder.dll

unknown.sig

%s dw20.exe %d.%d.%d.%d

RegKey=

ResponseURL=

URLLaunch=

NoExternalURL=

%s:(%s) XX

%s:(%s) X

%s:(%s)

%s:(%s) %s

registry.txt

wql.txt

Windows NT Version %d.%d Build: %d

Stage 1 server response: %s

Stage 2 server response: %s

Stage 4 server response: %s

StatusCode: %d

Opening server: %s

HttpOpen failed.

Opening %s Request:

HTTPS

HttpSend Failed.

HttpWrite Failed, GLE=%d.

HttpEndReq failed.

Count filename length greater than MAX_PATH, can't report.

Filesystem reporting: count file updated

FReportToQueue: GetLastError=%u

FReportToQueue: File Tree Root does not exist: %S

Failed to add heap file to cab: %S

memory.dmp

mdmpmem.hdmp

version.txt

Network reporting complete.

Network reporting failed.

Application Error Reporting Transfer %d

Filesystem reporting complete

Filesystem reporting: cab successfully written

Filesystem reporting: could not find/create directory for cab/count

Filesystem reporting: redirection failure, too many redirects

Filesystem reporting: redirection failure, no previous roots

Filesystem reporting: improper file tree root

Filesystem reporting cancelled

Filesystem reporting: file tree root is too long

Record: 0xxx

Address: 0xxx

Code: 0xx

Flags: 0xx

x:x

(%d.%d:%d.%d)

Checksum: 0xx

Time Stamp: 0xx

Image Base: 0xx

Image Size: 0xx

Module %d

Windows NT %d.%d Build: %d

CPU AMD Feature Code: X

CPU Version: X CPU Feature Code: X

CPU Vendor Code: X - X - X

0xx:

0xx: x x x x

EFlags: 0xx ESP: 0xx SegSs: 0xx

EIP: 0xx EBP: 0xx SegCs: 0xx

EBX: 0xx ECX: 0xx EDX: 0xx

EDI: 0xx ESI: 0xx EAX: 0xx

Thread ID: 0xx

Thread %d

Memory Range %d

Software\Microsoft\PCHealth\ErrorReporting\DW

OkToReportFromTheseQueues

SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Failed to obtain queue mutex. GetLastError=%u

FGetQueueMutex: WaitForSingleObject returned %u

Failed to open or create queue mutex. GetLastError=%u

Failed queued reporting pester check

Failed to create run reg key

Persistent run key is set.

CoInitializeEx() returned 0x%x.

Reporting to Admin Queue

Reporting to Regular Queue

Reporting to SignOff Queue

Reporting to Headless Queue

Reporting from Regular Queue

Reporting from SignOff Queue

Reporting from Headless Queue

OOM Failed to alloc QueuedReportData

FAllocSD: GetLastError=%u

%s%s%s

FEnsureQueueDirW: GetLastError=%u

Failed to write snt. GLE: %u

Failed to create snt. GLE: %u

Failed to set info; bad queue type: %u

Failed to open reg key for queue

Failed to get windows folder path for queue: %u

Failed to move instr file from queue A to queue B - %u

Failed to move cab file from queue A to queue B - %u

Did not move any reports from admin q to user q

Did not move any reports from user q to headless q

Queue types that have reports: %u

Setting triggerAtConnectionMade to: %u

Setting triggerAtLogon to: %u

Setting the queue trigger based upon: %u

SUCCESS adding report to queue

Launched (%S)

Failed to store the SensSubscription. hr: %d

failed to allocate PROGID string: %S

Failed putting SubscriberInterface. hr: %d

Failed putting PerUser. hr: %d

Failed putting Enabled. hr: %d

Failed putting MachineName. hr: %d

Failed putting OwnerSID. hr: %d

Failed putting Description. hr: %d

Failed putting InterfaceID. hr: %d

Failed putting EventClassID. hr: %d

Failed putting MethodName. hr: %d

Failed putting SubscriptionName. hr: %d

Failed putting PublisherID. hr: %d

Failed putting SubscriberCLSID. hr: %d

Failed putting SubscriptionID. hr: %d

Failed CoCreateInstance on EventSubscription. hr: %d

Failed to remove the SensSubscription. hr: %d

failed to allocate query string: %S

Failed CoCreateInstance on EventSystem. hr: %d

SENS: StringFromIID() returned <%x>

DWSHARED: SysAllocString(%s) failed!

Failed to subscribe subscription %u. hr: %d

Failed to get data for subscription %u. hr: %d

Failed to query install reg key

Failed to open install reg key

Software\Microsoft\PCHealth\ErrorReporting\DW\Installed

HKEY_USERS\

HKEY_CURRENT_CONFIG\

HKEY_CLASSES_ROOT\

HKEY_LOCAL_MACHINE\

HKEY_CURRENT_USER\

initing CDwAccessible: hwnd %x, idc %d, m_pDefAcc %x, cRef %d

freeing CDwAccessible: hwnd %x, idc %d, m_pDefAcc %x, cRef %d

0addref CDwAccessible: hwnd %x, idc %d, m_pDefAcc %x, cRef %d

QIing CDwAccessible: hwnd %x, idc %d, m_pDefAcc %x, cRef %d

releasing CDwAccessible: hwnd %x, idc %d, m_pDefAcc %x, cRef %d

deleting CDwAccessible: hwnd %x, idc %d, m_pDefAcc %x, cRef %d

creating CDwAccessible: hwnd %x, idc %d

WriteAtOffset.Write(0x%x) failed, 0xx

WriteAtOffset.Seek(0x%x) failed, 0xx

WriteMemoryFromProcess.Read(0x%I64x, 0x%x) failed, 0xx

WriteStringToPool.Write(0x%x) failed, 0xx

WriteFunctionTable.RawEntries.Write(0x%x) failed, 0xx

WriteFunctionTable.RawTable.Write(0x%x) failed, 0xx

WriteFunctionTableList.DumpTable.Write(0x%x) failed, 0xx

WriteFunctionTableList.Seek(0x%x) failed, 0xx

WriteDirectoryEntry.Write(0x%x) failed, 0xx

Thread(0x%x) callback returned FALSE

WriteSystemInfo.GetOsCsdString failed, 0xx

WriteSystemInfo.GetCpuInfo failed, 0xx

CalculateSizeForSystemInfo.GetOsCsdString failed, 0xx

WriteHeader.GetCurrentTimeDate failed, 0xx

WriteDirectoryTable.Seek(0x%x) failed, 0xx

WriteMemoryInfo.Write(0x%x) failed, 0xx

WriteMemoryInfo.QueryVirtual(0x%I64x) failed, 0xx

WriteFullMemory virtual memory layout changed, retries %d, 0x%I64x (0x%I64x:0x%I64x) vs. 0x%I64x (0x%I64x:0x%I64x)

WriteFullMemory.Memory.Write(0x%x) failed, 0xx

WriteFullMemory.Memory.Read(0x%I64x, 0x%x) failed, retries %d, 0xx

WriteFullMemory.QueryVirtual(0x%I64x) for data failed, 0xx

WriteFullMemory.Desc.Write(0x%x) failed, 0xx

WriteFullMemory.QueryVirtual(0x%I64x) for info failed, 0xx

Kernel minidump write failed, 0xx

MarshalExceptionPointers.CxRecord.Read(0x%I64x, 0x%x) failed, 0xx

MarshalExceptionPointers.ExRecord.Read(0x%I64x, 0x%x) failed, 0xx

Invalid exception record parameter count (0x%x)

Invalid exception record size (0x%x)

Invalid CPU type (0x%x)

Invalid function table size (0x%x)

GetSystemType.GetOsInfo failed, 0xx

GetSystemType.GetCpuType failed, 0xx

Write.Start failed, 0xx

Dump type requires streaming but output provider does not support streaming

Invalid dump type 0x%x

dbghelp.dll

Alloc(0x%x) failed

Thread(0x%x) will not be included

GenGetImageSections.Section.Read(0x%I64x, 0x%x) failed, 0xx

GenGetImageSections.GenImageNtHeader(0x%I64x) failed

GenGetImageSections.Read(0x%I64x, 0x%x) failed, 0xx

0GenAllocateThreadObject.GetTebInfo(0x%x) failed, 0xx

GenAllocateThreadObject.GetContext(0x%x) failed, 0xx

GenAllocateThreadObject.Open(0x%x) failed, 0xx

GenReadTlsDirectory.Index(0x%I64x, %ws) failed, 0xx

GenReadTlsDirectory(0x%I64x, %ws) unknown machine 0x%x

GenReadTlsDirectory.Read(0x%I64x, %ws) failed, 0xx

GenAllocateModuleObject.GenDebugRecord(0x%I64x, %ws) failed, 0xx

GenAllocateModuleObject.GenImageNtHeader(0x%I64x, %ws) failed, 0xx

GenAllocateModuleObject.GetImageHeaderInfo(0x%I64x, %ws) failed, 0xx

GenAllocateModuleObject.GetVersion(0x%I64x, %ws) failed, 0xx

GenAllocateProcessObject.GetPeb(0x%x) failed, 0xx

GenIncludeUnwindInfoMemory.Enum(0x%I64x, 0x%x) failed, 0xx

GenGenTebMemory.TLS(0x%I64x) failed, 0xx

GenScanAddressSpace.QueryVirtual(0x%I64x) failed, 0xx

0GenGetAuxMemory(%ws) failed, 0xx

GenGetProcessInfo.EnumUnloadedModules(0x%x) failed, 0xx

GenGetProcessInfo.EnumUnloadedModules(0x%x) looped

GenGetProcessInfo.EnumFunctionTableEntries(0x%I64x, 0x%x) failed, 0xx

GenGetProcessInfo.EnumFunctionTables(0x%x) failed, 0xx

GenGetProcessInfo.EnumFunctionTables(0x%x) looped

GenGetProcessInfo.EnumModules(0x%x) failed, 0xx

GenGetProcessInfo.EnumModules(0x%x) looped

GenGetProcessInfo.EnumThreads(0x%x) failed, 0xx

GenGetProcessInfo.EnumThreads(0x%x) looped

GenGetProcessInfo.Start(0x%x) failed, 0xx

GenWriteHandleData.Desc.Write(0x%x) failed, 0xx

GenWriteHandleData.Header.Write(0x%x) failed, 0xx

GenWriteHandleData.ObjectName.Write(0x%x) failed, 0xx

GenWriteHandleData.ObjectNameLen.Write(0x%x) failed, 0xx

GenWriteHandleData.TypeName.Write(0x%x) failed, 0xx

GenWriteHandleData.TypeNameLen.Write(0x%x) failed, 0xx

GenWriteHandleData.Start(0x%x) failed, 0xx

GenWriteHandleData.Seek(0x%x) failed, 0xx

Software\Microsoft\Windows NT\CurrentVersion\MiniDumpAuxiliaryDlls

Software\Microsoft\Windows NT\CurrentVersion\KnownManagedDebuggingDlls

version.dll

ntdll.dll

%$%,%4%<%

S%T%U%V%W%X%Y%Z%[%\%]%^%_%`%a%

b%c%d%e%f%g%h%i%j%k%l%

!"#$%&'()* ,-./0123456789:;<=

!!!!2222

%%%f||||

!!!!2222||||

!"#$%&'(

'()* ,-./0

&'()* ,-./

&'()* ,-./012345

3456789

.ASex

!"#$%&'()* ,-./012

!"#$%&'()

?msodatad.dat

msodatalast.dat

Unicows.dll

Kernel32.dll

SHLWAPI.DLL

GDI32.DLL

wintrust.dll

1108160

0u.hN

0SSh 

t.WWWj

PSSh07

t5SSh(

PSSSSSSh

0SSSSh

ADVAPI32.dll

COMCTL32.dll

GDI32.dll

KERNEL32.dll

OLEACC.dll

OLEAUT32.dll

MSVCRT.dll

RPCRT4.dll

SHELL32.dll

SHLWAPI.dll

urlmon.dll

USER32.dll

VERSION.dll

WININET.dll

RegCloseKey

RegOpenKeyExA

RegCreateKeyExA

ReportEventA

ReportEventW

RegEnumKeyExA

RegQueryInfoKeyA

RegQueryInfoKeyW

GetProcessHeap

GetSystemWindowsDirectoryW

_amsg_exit

_acmdln

ShellExecuteExA

UrlGetPartA

CreateURLMoniker

CreateDialogIndirectParamA

EnumWindows

HttpQueryInfoA

HttpSendRequestExA

HttpOpenRequestA

InternetCanonicalizeUrlA

InternetCrackUrlA

HttpEndRequestA

dw20.pdb

\devsplab1\otools\BBT_TEMP\DW20O.pdb

winword.exe

wwordlt.exe

excel.exe

excellt.exe

mspub.exe

frontpg.exe

outlook.exe

powerpnt.exe

powpntlt.exe

onenote.exe

infopath.exe

winproj.exe

ois.exe

visio.exe

`!`'`)` `

e%f-f|3 f'f/f

]!^"^#^ ^$^

t.uGuHu

x4x7x%x-x x

h&h(h.hMh:h%h h,k/k-k1k4kmk

k%lzmcmdmvm

^Q]Q~NzP}P\PGPCPLPZPIPePvPNPUPuPtPwPOP

]8^6^3^7^

ichczc]eVeQeYeWe_UOeXeUeTe

{1{ {-{/{2{8{

r6s%s4s)s:t*t3t"t%t5t6t4t/t

t&t(t%u&ukuju

WHX%X

`IaJa aEa6a2a.aFa/aOa)a@a bh

d@d%d'd

duewexei

kCpDpJpHpIpEpFp

S$S%S&S'S(S)S S,S.S2S3S5S6S8S:S;SBSFSKSNSOSPSUSVSXSYS[S]S_SbSdSeSgShSiSjSkSmStSvSzS}S~S

U U!U"U#U$U%U(U)U U:U=U?UBUGUIULUSUTUXUYUZU[U]U`UgUhUiUkUlUmUnUoUpUqUrUsUtUxUyUzU

c c!c"c#c$c%c&c'c.c0c1c5c7c?cRcSc[c\c]c^c_c`cacbcccdcfcjclcsctcyc~c

m!m#m$m&mCmDmEmFmGmHmImJmKmLmMmNmOmPmQmRmSmTmUmVmWm[m\m]mkmqmrmsm

nRsSsh

evg%f

m.tRa

gtr%x

Q%SKg

f.ebp>QI

y.yxT

fn:q%uN

aw.Toiz

RMeXe

S#S$S%S;ScSdSrSsStSuS

`!`"`&`'`)`*` `,`-`.`/`0`2`3`4`5`6`:`=`>`?`

^ ^!^"^#^$^%^&^'^.^}^

c c!c"c#c$c%c&c'c*c7c:c;cSc[c1e?e@eAeBeCeDeEe

f f!f"f#f$f%f&f'f(f)f*f f,f-f

m m!m"m#m$m%m&m'm(m)m*m m,m-m.m1m2m3m4m5m6m7m8m9m:m;m<m=m>m?m@mBmCmDmGmHmImJmKmLmMmNmOmPmQmRmSmTmUm

u u-u.uFuGuHuIuJuKuLuMuNuOuPuQuRuSu

U U!U"U#U$U%U&U'U(U4UJU

](^)^*^ ^,^-^/^0^1^

m/mAmFmVmWmXmYmZm[m\m]m^m_m`mambmcmdmemfmgmhmimjmkmlmmmnmompmqmrmsmtmumvmwmxmymzm{m|m}m~m

x x!x"x#x$x%x'x(x)x*x x,x.x/x0x1x2x3x4x5x6x7x8x9x:x;x<x=x>x?x@xAxXy_yaycydyeygyiyjykylynyoy

} }!}"}#}$}%}&}'}

] ]!]"]#]$]%]&]'](])]*] ],]-].]/]0]

]2^3^4^5^6^7^8^9^:^;^<^>^

cMeNeOePeQeReSeTeUeWeXeYeZe[e]ebe

X X!X"X#X$X%X&X'X(X)X*X X,X-X.X/X0X1X3X4X6X7X8X9X:X;X<X>X?X@XAXBXCXDXEXFXGXHXJXTX_X`XfXmX

d%d-d0d=dRdad2e\e^e_e`eaecedeeefegeheiejele

s"s#s$s%s&s(s)s,s-s/s0s1s2s3s4s5s6s8s9s>s@sGs

u$u%u&u/ujukulumunuouqurusutu

duewexeyeze{e

~ ~!~"~#~$~%~&~'~(~*~ ~-~8~:~0

| |!|"|#|$|%|&|(|)|*|-|.|/|0|1|2|6|

{3~3}3|3

eZl%u

Q.YeY

R:\Sg|p5rL

e$e#e e4e5e7e6e8eKuHeVeUeMeXe^e]erexei

s4s/s)s%s>sNsOs

s&t*t)t.tbt

2%2.bx

{ | }9},

d6exe9j

]%sOu4](n

m.t.zB}

w%xIyWy

^vcÓv

%f?iCt

U>_.lE

f.ebp

.nrR=

{fn:q%uN

vbc.exe

name="Microsoft.Windows.ErrorReporter"

version="5.1.0.0"

publicKeyToken="6595b64144ccf1df" />

<description>Windows Error Reporting</description>

name="Microsoft.Windows.Common-Controls"

version="6.0.0.0"

publicKeyToken="6595b64144ccf1df"

1%s\%s\%s\%s\%s\%s\%s\%s

AppName: %s AppVer: %s AppStamp:%s

ModName: %s ModVer: %s ModStamp:%s

fDebug: %s Offset: %s

Main_AlwaysReportBtn=

Main_NoReportBtn=

Main_ReportBtn=

General_Reportee=

CheckBoxRegKey=

ReportingFlags=

Stage1URL=

Stage2URL=

%General_Reportee%

%u %s

%u.%u %s

%s %s %s %s in %s %s %s fDebug %s at offset %s

Bucket: d

BucketTable %d

%s, %s, %s, %s, %s, %s, %s, %s, %s, %s %s

\dw.log

policy.txt

crash.log

status.txt

hits.log

count.txt

%s\%s\%s

%s\%s\%s\%s

eDWQueuedReporting

DWPersistentQueuedReporting

"%s\%s" -%c

dwtrig20.exe

ReportSize=

\*.cab

dwq.snt

"%s" -%c %u

SEventSystem.EventSubscription

SubscriptionID=%s

#$%&%&'(

Comctl32.dll

C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\CCA5A.dmp

C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp

.NET Runtime 4.0 Error Reporting

C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\dw.log

Microsoft Application Error Reporting

11.0.8160

Windows

DW20.Exe

TempTwitter_Follower_V4.exe_844_rwx_03780000_00010000:

PresentationFramework.classic

Browser.exe_852:

.text

`.rdata

@.data

.rsrc

@.reloc

8.uKj

8.uwS

V%SRj

libprotobuf %s %s:%d] %s

%d.%d.%d

..\src\google\protobuf\stubs\common.cc

..\src\google\protobuf\message_lite.cc

CHECK failed: !coded_out.HadError():

CHECK failed: (from.GetDescriptor()) == (descriptor):

..\src\google\protobuf\message.cc

: Tried to copy from a message with a different type.to:

..\src\google\protobuf\descriptor.cc

". To use it here, please add the necessary import.

", which is not imported by "

.PLACEHOLDER_VALUE

.placeholder.proto

map key must name a scalar or string field.

map_key must not name a repeated field.

Files that do not use optimize_for = LITE_RUNTIME cannot import files which do use this option. This file is not lite, but it imports "

$0$1 = $2

.dummy

FieldDescriptorProto.extendee set for non-extension field.

FieldDescriptorProto.extendee not set for extension field.

$0$1 $2 $3 = $4

CHECK failed: dynamic.get() != NULL:

.foo = value".

CHECK failed: !out.HadError():

" is repeated. Repeated options are not supported.

Import "

Missing field: FileDescriptorProto.name.

File recursively imports itself:

..\src\google\protobuf\generated_message_reflection.cc

..\src\google\protobuf\wire_format.cc

..\src\google\protobuf\reflection_ops.cc

..\src\google\protobuf\io\coded_stream.cc

..\src\google\protobuf\io\zero_copy_stream_impl_lite.cc

\xx

..\src\google\protobuf\stubs\strutil.cc

?..\src\google\protobuf\descriptor.pb.cc

google/protobuf/descriptor.proto

google/protobuf/descriptor.proto

google.protobuf"G

2$.google.protobuf.FileDescriptorProto"

2 .google.protobuf.DescriptorProto

2$.google.protobuf.EnumDescriptorProto

2'.google.protobuf.ServiceDescriptorProto

2%.google.protobuf.FieldDescriptorProto

.google.protobuf.FileOptions

.google.protobuf.SourceCodeInfo"

2/.google.protobuf.DescriptorProto.ExtensionRange

.google.protobuf.MessageOptions

2 .google.protobuf.FieldDescriptorProto.Label

2*.google.protobuf.FieldDescriptorProto.Type

.google.protobuf.FieldOptions"

2).google.protobuf.EnumValueDescriptorProto

.google.protobuf.EnumOptions"l

2!.google.protobuf.EnumValueOptions"

2&.google.protobuf.MethodDescriptorProto

.google.protobuf.ServiceOptions"

.google.protobuf.MethodOptions"

2).google.protobuf.FileOptions.OptimizeMode:

2$.google.protobuf.UninterpretedOption":

2$.google.protobuf.UninterpretedOption*

2#.google.protobuf.FieldOptions.CType:

experimental_map_key

2$.google.protobuf.UninterpretedOption"/

2-.google.protobuf.UninterpretedOption.NamePart

2(.google.protobuf.SourceCodeInfo.Location

com.google.protobufB

Tokenizer::ParseInteger() passed text that could not have been tokenized as an integer:

..\src\google\protobuf\io\tokenizer.cc

Tokenizer::ParseFloat() passed text that could not have been tokenized as a float:

Tokenizer::ParseStringAppend() passed text that could not have been tokenized as a string:

..\src\google\protobuf\dynamic_message.cc

..\src\google\protobuf\text_format.cc

..\src\google\protobuf\stubs\substitute.cc

..\src\google\protobuf\descriptor_database.cc

Invalid file descriptor data passed to EncodedDescriptorDatabase::Add().

..\src\google\protobuf\extension_set.cc

CHECK failed: iter != extensions_.end():

..\src\google\protobuf\extension_set_heavy.cc

Setting website credentials

uscript.continueType();

window.scroll(

uscript.continueClick();

uscript.continueMouseOver();

sendKeys

.JPEG

key_down

key_up

key_press

set_website_credentials

add_webview

remove_webview

host_key

Configuring WebCore

Initializing WebCore

Shutting down webview

No Webviews

awe_webcore_shutdown

C:\Users\Eddie\Projects\UBot-Studio\UBotBrowser\include\google/protobuf/repeated_field.h

command.proto

command.pb.cc

command.proto"8

An asynchronous IO operation is not yet complete.

An operation was aborted.

An operation timed out.

The operation failed because of unimplemented functionality.

There were not enough resources to complete the operation.

The IP address or port number is invalid.

SSL_CLIENT_AUTH_CERT_NEEDED

The server requested a client certificate for SSL client authentication.

The client and server don't support a common SSL protocol version or cipher suite.

PROXY_AUTH_UNSUPPORTED

The proxy requested authentication with an unsupported method.

CERT_ERROR_IN_SSL_RENEGOTIATION

The server sent a certificate with an error.

BAD_SSL_CLIENT_AUTH_CERT

The SSL handshake failed because of a bad or missing client certificate.

Winsock reported more data written than passed.

SSL_WEAK_SERVER_EPHEMERAL_DH_KEY

The SSL server attempted to use a weak ephemeral Diffie-Hellman key.

SSL_CLIENT_AUTH_PRIVATE_KEY_ACCESS_DENIED

The permission to use the SSL client certificate's private key was denied.

SSL_CLIENT_AUTH_CERT_NO_PRIVATE_KEY

The SSL client certificate has no private key.

PROXY_CERTIFICATE_INVALID

The certificate presented by the HTTPS Proxy was invalid.

HTTPS_PROXY_TUNNEL_RESPONSE

A request to create an SSL tunnel connection through the HTTPS proxy received a non-200 (OK) and non-407 (Proxy Auth) response.

We were unable to sign the CertificateVerify data of an SSL client auth handshake with the client certificate's private key.

MSG_TOO_BIG

The message was too large for the transport.

An operation failed because the SSL handshake has not completed.

SSL_BAD_PEER_PUBLIC_KEY

SSL peer's public key is invalid.

SSL_PINNED_KEY_NOT_IN_CERT_CHAIN

The certificate didn't match the built-in public key pins for the host name.

CLIENT_AUTH_CERT_TYPE_UNSUPPORTED

Server request for client certificate did not contain any types we support.

ORIGIN_BOUND_CERT_GENERATION_TYPE_MISMATCH

Server requested one type of cert, then requested a different type while the first was still being generated.

CERT_COMMON_NAME_INVALID

The server responded with a certificate whose common name did not match the host name. This could mean:

CERT_DATE_INVALID

The server responded with a certificate that appears to either not yet be valid or to have expired.

CERT_AUTHORITY_INVALID

server responded with a certificate that is signed by an authority we don't trust.

CERT_CONTAINS_ERRORS

The server responded with a certificate that contains errors.

CERT_NO_REVOCATION_MECHANISM

The certificate has no mechanism for determining if it is revoked.

CERT_UNABLE_TO_CHECK_REVOCATION

Revocation information for the security certificate for this site is not available.

CERT_REVOKED

The server responded with a certificate has been revoked.

CERT_INVALID

The server responded with a certificate that is invalid.

CERT_WEAK_SIGNATURE_ALGORITHM

The server responded with a certificate that is signed using a weak signature algorithm.

CERT_NON_UNIQUE_NAME

The host name specified in the certificate is not unique.

CERT_WEAK_KEY

The server responded with a certificate that contains a weak key.

CERT_END

The value immediately past the last certificate error code.

INVALID_URL

The URL is invalid.

DISALLOWED_URL_SCHEME

The scheme of the URL is disallowed.

UNKNOWN_URL_SCHEME

The scheme of the URL is unknown.

Attempting to load a URL resulted in too many redirects.

Attempting to load a URL resulted in an unsafe redirect.

UNSAFE_PORT

Attempting to load a URL with an unsafe port number.

METHOD_NOT_SUPPORTED

The server did not support the request method.

The PAC requested by HTTP did not have a valid status code.

An operation could not be completed because all network IO is suspended.

UNRECOGNIZED_FTP_DIRECTORY_LISTING_FORMAT

The server sent an FTP directory listing in a format we do not understand.

NO_SUPPORTED_PROXIES

There are no supported proxies in the provided list.

Credentials could not be established during HTTP Authentication.

UNSUPPORTED_AUTH_SCHEME

An HTTP Authentication scheme was tried which is not supported on this machine.

No Kerberos credentials were available during HTTP Authentication.

The HTTP response was too big to drain.

The HTTP response contained multiple distinct Content-Length headers.

No PAC URL configuration could be retrieved from DHCP.

The HTTP response contained multiple Content-Disposition headers.

The HTTP response contained multiple Location headers.

PIPELINE_EVICTION

The request couldn't be completed on an HTTP pipeline.

The HTTP response body transferred fewer bytes than were advertised by the Content-Length header when the connection is closed.

The HTTP response body is transferred with Chunked-Encoding, but the terminating zero-length chunk was never sent when the connection is closed.

CACHE_OPERATION_NOT_SUPPORTED

The operation is not supported for this entry.

NO_PRIVATE_KEY_FOR_CERT

The server responded to a <keygen> with a generated client cert that we don't have the matching private key for.

ADD_USER_CERT_FAILED

An error adding to the OS certificate database (e.g. OS X Keychain).

FTP_FAILED

A generic error for failed FTP control connection command.

FTP_SERVICE_UNAVAILABLE

FTP_TRANSFER_ABORTED

FTP_FILE_BUSY

FTP_SYNTAX_ERROR

FTP_COMMAND_NOT_SUPPORTED

Server does not support the command we issued.

FTP_BAD_COMMAND_SEQUENCE

PKCS12_IMPORT_BAD_PASSWORD

PKCS #12 import failed due to incorrect password.

PKCS12_IMPORT_FAILED

PKCS #12 import failed due to other error.

IMPORT_CA_CERT_NOT_CA

CA import failed - not a CA cert.

IMPORT_CERT_ALREADY_EXISTS

Import failed - certificate already exists in database.

IMPORT_CA_CERT_FAILED

CA import failed due to some other error.

IMPORT_SERVER_CERT_FAILED

Server certificate import failed due to some internal error.

PKCS12_IMPORT_INVALID_MAC

PKCS #12 import failed due to invalid MAC.

PKCS12_IMPORT_INVALID_FILE

PKCS #12 import failed due to invalid/corrupt file.

PKCS12_IMPORT_UNSUPPORTED

PKCS #12 import failed due to unsupported features.

KEY_GENERATION_FAILED

Key generation failed.

ORIGIN_BOUND_CERT_GENERATION_FAILED

Server-bound certificate generation failed.

PRIVATE_KEY_EXPORT_FAILED

Failure to export private key.

DNS_SERVER_REQUIRES_TCP

DNS server requires TCP

chrome://chromewebdata/

document.documentElement.innerHTML = ' <head>

<title>Webpage Crashed</title>

<h3>Something went wrong while displaying this webpage.</h3>

\browser_log.txt

%Y-%m-%d %H:%M:%S

document.body.scrollHeight;

document.body.scrollWidth;

window.scrollX;

window.scrollY;

uscript.setAllowPopups(false)

uscript.foundImage(

uscript.findImageFailed()

uscript.getChosenBoundingRects()

uscript.setHighlighting(

C:\Users\Eddie\Projects\UBot-Studio\UBotBrowser\bin\Release\Browser.pdb

?SendResponse@DataSource@Awesomium@@QAEXHIPAEABVWebString@2@@Z

?CreateFromUTF8@WebString@Awesomium@@SA?AV12@PBDI@Z

??1WebString@Awesomium@@QAE@XZ

??0WebString@Awesomium@@QAE@ABV01@@Z

?spec@WebURL@Awesomium@@QBE?AVWebString@2@XZ

??_7InputMethodEditor@WebViewListener@Awesomium@@6B@

?ToString@JSValue@Awesomium@@QBE?AVWebString@2@XZ

?length@WebString@Awesomium@@QBEIXZ

?data@WebString@Awesomium@@QBEPBGXZ

??_7Menu@WebViewListener@Awesomium@@6B@

??AWebMenuItemArray@Awesomium@@QBEABUWebMenuItem@1@I@Z

?size@WebMenuItemArray@Awesomium@@QBEIXZ

??_7Print@WebViewListener@Awesomium@@6B@

??1WebURL@Awesomium@@QAE@XZ

??_7Download@WebViewListener@Awesomium@@6B@

??_7Dialog@WebViewListener@Awesomium@@6B@

??0WebPreferences@Awesomium@@QAE@XZ

??0WebConfig@Awesomium@@QAE@XZ

?ToUTF8@WebString@Awesomium@@QBEIPADI@Z

??4WebString@Awesomium@@QAEAAV01@ABV01@@Z

?Shutdown@WebCore@Awesomium@@SAXXZ

?Initialize@WebCore@Awesomium@@SAPAV12@ABUWebConfig@2@@Z

??1WebPreferences@Awesomium@@QAE@XZ

??1WebConfig@Awesomium@@QAE@XZ

?OnWillDownload@ResourceInterceptor@Awesomium@@UAEXHHABVWebURL@2@@Z

?OnFilterNavigation@ResourceInterceptor@Awesomium@@UAE_NHHABVWebString@2@ABVWebURL@2@_N@Z

??_7Load@WebViewListener@Awesomium@@6B@

?SetCustomMethod@JSObject@Awesomium@@QAEXABVWebString@2@_N@Z

??1Load@WebViewListener@Awesomium@@MAE@XZ

??_7Process@WebViewListener@Awesomium@@6B@

??_7View@WebViewListener@Awesomium@@6B@

?Push@WebStringArray@Awesomium@@QAEXABVWebString@2@@Z

??1WebStringArray@Awesomium@@QAE@XZ

??0WebStringArray@Awesomium@@QAE@XZ

??0WebKeyboardEvent@Awesomium@@QAE@XZ

??0WebURL@Awesomium@@QAE@ABVWebString@1@@Z

?GetKeyIdentifierFromVirtualKeyCode@Awesomium@@YAXHPAPAD@Z

??0WebString@Awesomium@@QAE@XZ

awesomium.dll

opencv_core243.dll

opencv_imgproc243.dll

sqlite3_free

sqlite3_close

sqlite3_exec

sqlite3_open

sqlite3_errmsg

sqlite3.dll

KERNEL32.dll

GetKeyboardLayout

VkKeyScanExW

keybd_event

USER32.dll

SHELL32.dll

MSVCP100.dll

MSVCR100.dll

_amsg_exit

_acmdln

_crt_debugger_hook

VCOMP100.DLL

.?AVInputMethodEditor@WebViewListener@Awesomium@@

.?AVMenu@WebViewListener@Awesomium@@

.?AVPrint@WebViewListener@Awesomium@@

.?AV?$sp_counted_impl_p@VUBotWebView@@@detail@boost@@

.?AVLoad@WebViewListener@Awesomium@@

.?AVProcess@WebViewListener@Awesomium@@

.?AVDownload@WebViewListener@Awesomium@@

.?AVDialog@WebViewListener@Awesomium@@

.?AVView@WebViewListener@Awesomium@@

<requestedExecutionLevel level="asInvoker" uiAccess="false"></requestedExecutionLevel>

9‘9F9V9

4]5

393D3T3a3k3p3}3

;7< =&=0=6=

1!1(1/161

9%:6:[:~:

64787<7@7

3%3u3

6m6c6j6{6

8-9}9

0$0-0A0l0r0}0

2)2d2j2u2

= =$=(=,=

: :0:<:`:

0 1<1@1`1|1

0 0$0(0,000`0

sC:\boost\boost\boost/smart_ptr/shared_ptr.hpp

Browser.exe_924:

.text

`.rdata

@.data

.rsrc

@.reloc

8.uKj

8.uwS

V%SRj

libprotobuf %s %s:%d] %s

%d.%d.%d

..\src\google\protobuf\stubs\common.cc

..\src\google\protobuf\message_lite.cc

CHECK failed: !coded_out.HadError():

CHECK failed: (from.GetDescriptor()) == (descriptor):

..\src\google\protobuf\message.cc

: Tried to copy from a message with a different type.to:

..\src\google\protobuf\descriptor.cc

". To use it here, please add the necessary import.

", which is not imported by "

.PLACEHOLDER_VALUE

.placeholder.proto

map key must name a scalar or string field.

map_key must not name a repeated field.

Files that do not use optimize_for = LITE_RUNTIME cannot import files which do use this option. This file is not lite, but it imports "

$0$1 = $2

.dummy

FieldDescriptorProto.extendee set for non-extension field.

FieldDescriptorProto.extendee not set for extension field.

$0$1 $2 $3 = $4

CHECK failed: dynamic.get() != NULL:

.foo = value".

CHECK failed: !out.HadError():

" is repeated. Repeated options are not supported.

Import "

Missing field: FileDescriptorProto.name.

File recursively imports itself:

..\src\google\protobuf\generated_message_reflection.cc

..\src\google\protobuf\wire_format.cc

..\src\google\protobuf\reflection_ops.cc

..\src\google\protobuf\io\coded_stream.cc

..\src\google\protobuf\io\zero_copy_stream_impl_lite.cc

\xx

..\src\google\protobuf\stubs\strutil.cc

?..\src\google\protobuf\descriptor.pb.cc

google/protobuf/descriptor.proto

google/protobuf/descriptor.proto

google.protobuf"G

2$.google.protobuf.FileDescriptorProto"

2 .google.protobuf.DescriptorProto

2$.google.protobuf.EnumDescriptorProto

2'.google.protobuf.ServiceDescriptorProto

2%.google.protobuf.FieldDescriptorProto

.google.protobuf.FileOptions

.google.protobuf.SourceCodeInfo"

2/.google.protobuf.DescriptorProto.ExtensionRange

.google.protobuf.MessageOptions

2 .google.protobuf.FieldDescriptorProto.Label

2*.google.protobuf.FieldDescriptorProto.Type

.google.protobuf.FieldOptions"

2).google.protobuf.EnumValueDescriptorProto

.google.protobuf.EnumOptions"l

2!.google.protobuf.EnumValueOptions"

2&.google.protobuf.MethodDescriptorProto

.google.protobuf.ServiceOptions"

.google.protobuf.MethodOptions"

2).google.protobuf.FileOptions.OptimizeMode:

2$.google.protobuf.UninterpretedOption":

2$.google.protobuf.UninterpretedOption*

2#.google.protobuf.FieldOptions.CType:

experimental_map_key

2$.google.protobuf.UninterpretedOption"/

2-.google.protobuf.UninterpretedOption.NamePart

2(.google.protobuf.SourceCodeInfo.Location

com.google.protobufB

Tokenizer::ParseInteger() passed text that could not have been tokenized as an integer:

..\src\google\protobuf\io\tokenizer.cc

Tokenizer::ParseFloat() passed text that could not have been tokenized as a float:

Tokenizer::ParseStringAppend() passed text that could not have been tokenized as a string:

..\src\google\protobuf\dynamic_message.cc

..\src\google\protobuf\text_format.cc

..\src\google\protobuf\stubs\substitute.cc

..\src\google\protobuf\descriptor_database.cc

Invalid file descriptor data passed to EncodedDescriptorDatabase::Add().

..\src\google\protobuf\extension_set.cc

CHECK failed: iter != extensions_.end():

..\src\google\protobuf\extension_set_heavy.cc

Setting website credentials

uscript.continueType();

window.scroll(

uscript.continueClick();

uscript.continueMouseOver();

sendKeys

.JPEG

key_down

key_up

key_press

set_website_credentials

add_webview

remove_webview

host_key

Configuring WebCore

Initializing WebCore

Shutting down webview

No Webviews

awe_webcore_shutdown

C:\Users\Eddie\Projects\UBot-Studio\UBotBrowser\include\google/protobuf/repeated_field.h

command.proto

command.pb.cc

command.proto"8

An asynchronous IO operation is not yet complete.

An operation was aborted.

An operation timed out.

The operation failed because of unimplemented functionality.

There were not enough resources to complete the operation.

The IP address or port number is invalid.

SSL_CLIENT_AUTH_CERT_NEEDED

The server requested a client certificate for SSL client authentication.

The client and server don't support a common SSL protocol version or cipher suite.

PROXY_AUTH_UNSUPPORTED

The proxy requested authentication with an unsupported method.

CERT_ERROR_IN_SSL_RENEGOTIATION

The server sent a certificate with an error.

BAD_SSL_CLIENT_AUTH_CERT

The SSL handshake failed because of a bad or missing client certificate.

Winsock reported more data written than passed.

SSL_WEAK_SERVER_EPHEMERAL_DH_KEY

The SSL server attempted to use a weak ephemeral Diffie-Hellman key.

SSL_CLIENT_AUTH_PRIVATE_KEY_ACCESS_DENIED

The permission to use the SSL client certificate's private key was denied.

SSL_CLIENT_AUTH_CERT_NO_PRIVATE_KEY

The SSL client certificate has no private key.

PROXY_CERTIFICATE_INVALID

The certificate presented by the HTTPS Proxy was invalid.

HTTPS_PROXY_TUNNEL_RESPONSE

A request to create an SSL tunnel connection through the HTTPS proxy received a non-200 (OK) and non-407 (Proxy Auth) response.

We were unable to sign the CertificateVerify data of an SSL client auth handshake with the client certificate's private key.

MSG_TOO_BIG

The message was too large for the transport.

An operation failed because the SSL handshake has not completed.

SSL_BAD_PEER_PUBLIC_KEY

SSL peer's public key is invalid.

SSL_PINNED_KEY_NOT_IN_CERT_CHAIN

The certificate didn't match the built-in public key pins for the host name.

CLIENT_AUTH_CERT_TYPE_UNSUPPORTED

Server request for client certificate did not contain any types we support.

ORIGIN_BOUND_CERT_GENERATION_TYPE_MISMATCH

Server requested one type of cert, then requested a different type while the first was still being generated.

CERT_COMMON_NAME_INVALID

The server responded with a certificate whose common name did not match the host name. This could mean:

CERT_DATE_INVALID

The server responded with a certificate that appears to either not yet be valid or to have expired.

CERT_AUTHORITY_INVALID

server responded with a certificate that is signed by an authority we don't trust.

CERT_CONTAINS_ERRORS

The server responded with a certificate that contains errors.

CERT_NO_REVOCATION_MECHANISM

The certificate has no mechanism for determining if it is revoked.

CERT_UNABLE_TO_CHECK_REVOCATION

Revocation information for the security certificate for this site is not available.

CERT_REVOKED

The server responded with a certificate has been revoked.

CERT_INVALID

The server responded with a certificate that is invalid.

CERT_WEAK_SIGNATURE_ALGORITHM

The server responded with a certificate that is signed using a weak signature algorithm.

CERT_NON_UNIQUE_NAME

The host name specified in the certificate is not unique.

CERT_WEAK_KEY

The server responded with a certificate that contains a weak key.

CERT_END

The value immediately past the last certificate error code.

INVALID_URL

The URL is invalid.

DISALLOWED_URL_SCHEME

The scheme of the URL is disallowed.

UNKNOWN_URL_SCHEME

The scheme of the URL is unknown.

Attempting to load a URL resulted in too many redirects.

Attempting to load a URL resulted in an unsafe redirect.

UNSAFE_PORT

Attempting to load a URL with an unsafe port number.

METHOD_NOT_SUPPORTED

The server did not support the request method.

The PAC requested by HTTP did not have a valid status code.

An operation could not be completed because all network IO is suspended.

UNRECOGNIZED_FTP_DIRECTORY_LISTING_FORMAT

The server sent an FTP directory listing in a format we do not understand.

NO_SUPPORTED_PROXIES

There are no supported proxies in the provided list.

Credentials could not be established during HTTP Authentication.

UNSUPPORTED_AUTH_SCHEME

An HTTP Authentication scheme was tried which is not supported on this machine.

No Kerberos credentials were available during HTTP Authentication.

The HTTP response was too big to drain.

The HTTP response contained multiple distinct Content-Length headers.

No PAC URL configuration could be retrieved from DHCP.

The HTTP response contained multiple Content-Disposition headers.

The HTTP response contained multiple Location headers.

PIPELINE_EVICTION

The request couldn't be completed on an HTTP pipeline.

The HTTP response body transferred fewer bytes than were advertised by the Content-Length header when the connection is closed.

The HTTP response body is transferred with Chunked-Encoding, but the terminating zero-length chunk was never sent when the connection is closed.

CACHE_OPERATION_NOT_SUPPORTED

The operation is not supported for this entry.

NO_PRIVATE_KEY_FOR_CERT

The server responded to a <keygen> with a generated client cert that we don't have the matching private key for.

ADD_USER_CERT_FAILED

An error adding to the OS certificate database (e.g. OS X Keychain).

FTP_FAILED

A generic error for failed FTP control connection command.

FTP_SERVICE_UNAVAILABLE

FTP_TRANSFER_ABORTED

FTP_FILE_BUSY

FTP_SYNTAX_ERROR

FTP_COMMAND_NOT_SUPPORTED

Server does not support the command we issued.

FTP_BAD_COMMAND_SEQUENCE

PKCS12_IMPORT_BAD_PASSWORD

PKCS #12 import failed due to incorrect password.

PKCS12_IMPORT_FAILED

PKCS #12 import failed due to other error.

IMPORT_CA_CERT_NOT_CA

CA import failed - not a CA cert.

IMPORT_CERT_ALREADY_EXISTS

Import failed - certificate already exists in database.

IMPORT_CA_CERT_FAILED

CA import failed due to some other error.

IMPORT_SERVER_CERT_FAILED

Server certificate import failed due to some internal error.

PKCS12_IMPORT_INVALID_MAC

PKCS #12 import failed due to invalid MAC.

PKCS12_IMPORT_INVALID_FILE

PKCS #12 import failed due to invalid/corrupt file.

PKCS12_IMPORT_UNSUPPORTED

PKCS #12 import failed due to unsupported features.

KEY_GENERATION_FAILED

Key generation failed.

ORIGIN_BOUND_CERT_GENERATION_FAILED

Server-bound certificate generation failed.

PRIVATE_KEY_EXPORT_FAILED

Failure to export private key.

DNS_SERVER_REQUIRES_TCP

DNS server requires TCP

chrome://chromewebdata/

document.documentElement.innerHTML = ' <head>

<title>Webpage Crashed</title>

<h3>Something went wrong while displaying this webpage.</h3>

\browser_log.txt

%Y-%m-%d %H:%M:%S

document.body.scrollHeight;

document.body.scrollWidth;

window.scrollX;

window.scrollY;

uscript.setAllowPopups(false)

uscript.foundImage(

uscript.findImageFailed()

uscript.getChosenBoundingRects()

uscript.setHighlighting(

C:\Users\Eddie\Projects\UBot-Studio\UBotBrowser\bin\Release\Browser.pdb

?SendResponse@DataSource@Awesomium@@QAEXHIPAEABVWebString@2@@Z

?CreateFromUTF8@WebString@Awesomium@@SA?AV12@PBDI@Z

??1WebString@Awesomium@@QAE@XZ

??0WebString@Awesomium@@QAE@ABV01@@Z

?spec@WebURL@Awesomium@@QBE?AVWebString@2@XZ

??_7InputMethodEditor@WebViewListener@Awesomium@@6B@

?ToString@JSValue@Awesomium@@QBE?AVWebString@2@XZ

?length@WebString@Awesomium@@QBEIXZ

?data@WebString@Awesomium@@QBEPBGXZ

??_7Menu@WebViewListener@Awesomium@@6B@

??AWebMenuItemArray@Awesomium@@QBEABUWebMenuItem@1@I@Z

?size@WebMenuItemArray@Awesomium@@QBEIXZ

??_7Print@WebViewListener@Awesomium@@6B@

??1WebURL@Awesomium@@QAE@XZ

??_7Download@WebViewListener@Awesomium@@6B@

??_7Dialog@WebViewListener@Awesomium@@6B@

??0WebPreferences@Awesomium@@QAE@XZ

??0WebConfig@Awesomium@@QAE@XZ

?ToUTF8@WebString@Awesomium@@QBEIPADI@Z

??4WebString@Awesomium@@QAEAAV01@ABV01@@Z

?Shutdown@WebCore@Awesomium@@SAXXZ

?Initialize@WebCore@Awesomium@@SAPAV12@ABUWebConfig@2@@Z

??1WebPreferences@Awesomium@@QAE@XZ

??1WebConfig@Awesomium@@QAE@XZ

?OnWillDownload@ResourceInterceptor@Awesomium@@UAEXHHABVWebURL@2@@Z

?OnFilterNavigation@ResourceInterceptor@Awesomium@@UAE_NHHABVWebString@2@ABVWebURL@2@_N@Z

??_7Load@WebViewListener@Awesomium@@6B@

?SetCustomMethod@JSObject@Awesomium@@QAEXABVWebString@2@_N@Z

??1Load@WebViewListener@Awesomium@@MAE@XZ

??_7Process@WebViewListener@Awesomium@@6B@

??_7View@WebViewListener@Awesomium@@6B@

?Push@WebStringArray@Awesomium@@QAEXABVWebString@2@@Z

??1WebStringArray@Awesomium@@QAE@XZ

??0WebStringArray@Awesomium@@QAE@XZ

??0WebKeyboardEvent@Awesomium@@QAE@XZ

??0WebURL@Awesomium@@QAE@ABVWebString@1@@Z

?GetKeyIdentifierFromVirtualKeyCode@Awesomium@@YAXHPAPAD@Z

??0WebString@Awesomium@@QAE@XZ

awesomium.dll

opencv_core243.dll

opencv_imgproc243.dll

sqlite3_free

sqlite3_close

sqlite3_exec

sqlite3_open

sqlite3_errmsg

sqlite3.dll

KERNEL32.dll

GetKeyboardLayout

VkKeyScanExW

keybd_event

USER32.dll

SHELL32.dll

MSVCP100.dll

MSVCR100.dll

_amsg_exit

_acmdln

_crt_debugger_hook

VCOMP100.DLL

.?AVInputMethodEditor@WebViewListener@Awesomium@@

.?AVMenu@WebViewListener@Awesomium@@

.?AVPrint@WebViewListener@Awesomium@@

.?AV?$sp_counted_impl_p@VUBotWebView@@@detail@boost@@

.?AVLoad@WebViewListener@Awesomium@@

.?AVProcess@WebViewListener@Awesomium@@

.?AVDownload@WebViewListener@Awesomium@@

.?AVDialog@WebViewListener@Awesomium@@

.?AVView@WebViewListener@Awesomium@@

<requestedExecutionLevel level="asInvoker" uiAccess="false"></requestedExecutionLevel>

9‘9F9V9

4]5

393D3T3a3k3p3}3

;7< =&=0=6=

1!1(1/161

9%:6:[:~:

64787<7@7

3%3u3

6m6c6j6{6

8-9}9

0$0-0A0l0r0}0

2)2d2j2u2

= =$=(=,=

: :0:<:`:

0 1<1@1`1|1

0 0$0(0,000`0

sC:\boost\boost\boost/smart_ptr/shared_ptr.hpp

Browser.exe_2000:

.text

`.rdata

@.data

.rsrc

@.reloc

8.uKj

8.uwS

V%SRj

libprotobuf %s %s:%d] %s

%d.%d.%d

..\src\google\protobuf\stubs\common.cc

..\src\google\protobuf\message_lite.cc

CHECK failed: !coded_out.HadError():

CHECK failed: (from.GetDescriptor()) == (descriptor):

..\src\google\protobuf\message.cc

: Tried to copy from a message with a different type.to:

..\src\google\protobuf\descriptor.cc

". To use it here, please add the necessary import.

", which is not imported by "

.PLACEHOLDER_VALUE

.placeholder.proto

map key must name a scalar or string field.

map_key must not name a repeated field.

Files that do not use optimize_for = LITE_RUNTIME cannot import files which do use this option. This file is not lite, but it imports "

$0$1 = $2

.dummy

FieldDescriptorProto.extendee set for non-extension field.

FieldDescriptorProto.extendee not set for extension field.

$0$1 $2 $3 = $4

CHECK failed: dynamic.get() != NULL:

.foo = value".

CHECK failed: !out.HadError():

" is repeated. Repeated options are not supported.

Import "

Missing field: FileDescriptorProto.name.

File recursively imports itself:

..\src\google\protobuf\generated_message_reflection.cc

..\src\google\protobuf\wire_format.cc

..\src\google\protobuf\reflection_ops.cc

..\src\google\protobuf\io\coded_stream.cc

..\src\google\protobuf\io\zero_copy_stream_impl_lite.cc

\xx

..\src\google\protobuf\stubs\strutil.cc

?..\src\google\protobuf\descriptor.pb.cc

google/protobuf/descriptor.proto

google/protobuf/descriptor.proto

google.protobuf"G

2$.google.protobuf.FileDescriptorProto"

2 .google.protobuf.DescriptorProto

2$.google.protobuf.EnumDescriptorProto

2'.google.protobuf.ServiceDescriptorProto

2%.google.protobuf.FieldDescriptorProto

.google.protobuf.FileOptions

.google.protobuf.SourceCodeInfo"

2/.google.protobuf.DescriptorProto.ExtensionRange

.google.protobuf.MessageOptions

2 .google.protobuf.FieldDescriptorProto.Label

2*.google.protobuf.FieldDescriptorProto.Type

.google.protobuf.FieldOptions"

2).google.protobuf.EnumValueDescriptorProto

.google.protobuf.EnumOptions"l

2!.google.protobuf.EnumValueOptions"

2&.google.protobuf.MethodDescriptorProto

.google.protobuf.ServiceOptions"

.google.protobuf.MethodOptions"

2).google.protobuf.FileOptions.OptimizeMode:

2$.google.protobuf.UninterpretedOption":

2$.google.protobuf.UninterpretedOption*

2#.google.protobuf.FieldOptions.CType:

experimental_map_key

2$.google.protobuf.UninterpretedOption"/

2-.google.protobuf.UninterpretedOption.NamePart

2(.google.protobuf.SourceCodeInfo.Location

com.google.protobufB

Tokenizer::ParseInteger() passed text that could not have been tokenized as an integer:

..\src\google\protobuf\io\tokenizer.cc

Tokenizer::ParseFloat() passed text that could not have been tokenized as a float:

Tokenizer::ParseStringAppend() passed text that could not have been tokenized as a string:

..\src\google\protobuf\dynamic_message.cc

..\src\google\protobuf\text_format.cc

..\src\google\protobuf\stubs\substitute.cc

..\src\google\protobuf\descriptor_database.cc

Invalid file descriptor data passed to EncodedDescriptorDatabase::Add().

..\src\google\protobuf\extension_set.cc

CHECK failed: iter != extensions_.end():

..\src\google\protobuf\extension_set_heavy.cc

Setting website credentials

uscript.continueType();

window.scroll(

uscript.continueClick();

uscript.continueMouseOver();

sendKeys

.JPEG

key_down

key_up

key_press

set_website_credentials

add_webview

remove_webview

host_key

Configuring WebCore

Initializing WebCore

Shutting down webview

No Webviews

awe_webcore_shutdown

C:\Users\Eddie\Projects\UBot-Studio\UBotBrowser\include\google/protobuf/repeated_field.h

command.proto

command.pb.cc

command.proto"8

An asynchronous IO operation is not yet complete.

An operation was aborted.

An operation timed out.

The operation failed because of unimplemented functionality.

There were not enough resources to complete the operation.

The IP address or port number is invalid.

SSL_CLIENT_AUTH_CERT_NEEDED

The server requested a client certificate for SSL client authentication.

The client and server don't support a common SSL protocol version or cipher suite.

PROXY_AUTH_UNSUPPORTED

The proxy requested authentication with an unsupported method.

CERT_ERROR_IN_SSL_RENEGOTIATION

The server sent a certificate with an error.

BAD_SSL_CLIENT_AUTH_CERT

The SSL handshake failed because of a bad or missing client certificate.

Winsock reported more data written than passed.

SSL_WEAK_SERVER_EPHEMERAL_DH_KEY

The SSL server attempted to use a weak ephemeral Diffie-Hellman key.

SSL_CLIENT_AUTH_PRIVATE_KEY_ACCESS_DENIED

The permission to use the SSL client certificate's private key was denied.

SSL_CLIENT_AUTH_CERT_NO_PRIVATE_KEY

The SSL client certificate has no private key.

PROXY_CERTIFICATE_INVALID

The certificate presented by the HTTPS Proxy was invalid.

HTTPS_PROXY_TUNNEL_RESPONSE

A request to create an SSL tunnel connection through the HTTPS proxy received a non-200 (OK) and non-407 (Proxy Auth) response.

We were unable to sign the CertificateVerify data of an SSL client auth handshake with the client certificate's private key.

MSG_TOO_BIG

The message was too large for the transport.

An operation failed because the SSL handshake has not completed.

SSL_BAD_PEER_PUBLIC_KEY

SSL peer's public key is invalid.

SSL_PINNED_KEY_NOT_IN_CERT_CHAIN

The certificate didn't match the built-in public key pins for the host name.

CLIENT_AUTH_CERT_TYPE_UNSUPPORTED

Server request for client certificate did not contain any types we support.

ORIGIN_BOUND_CERT_GENERATION_TYPE_MISMATCH

Server requested one type of cert, then requested a different type while the first was still being generated.

CERT_COMMON_NAME_INVALID

The server responded with a certificate whose common name did not match the host name. This could mean:

CERT_DATE_INVALID

The server responded with a certificate that appears to either not yet be valid or to have expired.

CERT_AUTHORITY_INVALID

server responded with a certificate that is signed by an authority we don't trust.

CERT_CONTAINS_ERRORS

The server responded with a certificate that contains errors.

CERT_NO_REVOCATION_MECHANISM

The certificate has no mechanism for determining if it is revoked.

CERT_UNABLE_TO_CHECK_REVOCATION

Revocation information for the security certificate for this site is not available.

CERT_REVOKED

The server responded with a certificate has been revoked.

CERT_INVALID

The server responded with a certificate that is invalid.

CERT_WEAK_SIGNATURE_ALGORITHM

The server responded with a certificate that is signed using a weak signature algorithm.

CERT_NON_UNIQUE_NAME

The host name specified in the certificate is not unique.

CERT_WEAK_KEY

The server responded with a certificate that contains a weak key.

CERT_END

The value immediately past the last certificate error code.

INVALID_URL

The URL is invalid.

DISALLOWED_URL_SCHEME

The scheme of the URL is disallowed.

UNKNOWN_URL_SCHEME

The scheme of the URL is unknown.

Attempting to load a URL resulted in too many redirects.

Attempting to load a URL resulted in an unsafe redirect.

UNSAFE_PORT

Attempting to load a URL with an unsafe port number.

METHOD_NOT_SUPPORTED

The server did not support the request method.

The PAC requested by HTTP did not have a valid status code.

An operation could not be completed because all network IO is suspended.

UNRECOGNIZED_FTP_DIRECTORY_LISTING_FORMAT

The server sent an FTP directory listing in a format we do not understand.

NO_SUPPORTED_PROXIES

There are no supported proxies in the provided list.

Credentials could not be established during HTTP Authentication.

UNSUPPORTED_AUTH_SCHEME

An HTTP Authentication scheme was tried which is not supported on this machine.

No Kerberos credentials were available during HTTP Authentication.

The HTTP response was too big to drain.

The HTTP response contained multiple distinct Content-Length headers.

No PAC URL configuration could be retrieved from DHCP.

The HTTP response contained multiple Content-Disposition headers.

The HTTP response contained multiple Location headers.

PIPELINE_EVICTION

The request couldn't be completed on an HTTP pipeline.

The HTTP response body transferred fewer bytes than were advertised by the Content-Length header when the connection is closed.

The HTTP response body is transferred with Chunked-Encoding, but the terminating zero-length chunk was never sent when the connection is closed.

CACHE_OPERATION_NOT_SUPPORTED

The operation is not supported for this entry.

NO_PRIVATE_KEY_FOR_CERT

The server responded to a <keygen> with a generated client cert that we don't have the matching private key for.

ADD_USER_CERT_FAILED

An error adding to the OS certificate database (e.g. OS X Keychain).

FTP_FAILED

A generic error for failed FTP control connection command.

FTP_SERVICE_UNAVAILABLE

FTP_TRANSFER_ABORTED

FTP_FILE_BUSY

FTP_SYNTAX_ERROR

FTP_COMMAND_NOT_SUPPORTED

Server does not support the command we issued.

FTP_BAD_COMMAND_SEQUENCE

PKCS12_IMPORT_BAD_PASSWORD

PKCS #12 import failed due to incorrect password.

PKCS12_IMPORT_FAILED

PKCS #12 import failed due to other error.

IMPORT_CA_CERT_NOT_CA

CA import failed - not a CA cert.

IMPORT_CERT_ALREADY_EXISTS

Import failed - certificate already exists in database.

IMPORT_CA_CERT_FAILED

CA import failed due to some other error.

IMPORT_SERVER_CERT_FAILED

Server certificate import failed due to some internal error.

PKCS12_IMPORT_INVALID_MAC

PKCS #12 import failed due to invalid MAC.

PKCS12_IMPORT_INVALID_FILE

PKCS #12 import failed due to invalid/corrupt file.

PKCS12_IMPORT_UNSUPPORTED

PKCS #12 import failed due to unsupported features.

KEY_GENERATION_FAILED

Key generation failed.

ORIGIN_BOUND_CERT_GENERATION_FAILED

Server-bound certificate generation failed.

PRIVATE_KEY_EXPORT_FAILED

Failure to export private key.

DNS_SERVER_REQUIRES_TCP

DNS server requires TCP

chrome://chromewebdata/

document.documentElement.innerHTML = ' <head>

<title>Webpage Crashed</title>

<h3>Something went wrong while displaying this webpage.</h3>

\browser_log.txt

%Y-%m-%d %H:%M:%S

document.body.scrollHeight;

document.body.scrollWidth;

window.scrollX;

window.scrollY;

uscript.setAllowPopups(false)

uscript.foundImage(

uscript.findImageFailed()

uscript.getChosenBoundingRects()

uscript.setHighlighting(

C:\Users\Eddie\Projects\UBot-Studio\UBotBrowser\bin\Release\Browser.pdb

?SendResponse@DataSource@Awesomium@@QAEXHIPAEABVWebString@2@@Z

?CreateFromUTF8@WebString@Awesomium@@SA?AV12@PBDI@Z

??1WebString@Awesomium@@QAE@XZ

??0WebString@Awesomium@@QAE@ABV01@@Z

?spec@WebURL@Awesomium@@QBE?AVWebString@2@XZ

??_7InputMethodEditor@WebViewListener@Awesomium@@6B@

?ToString@JSValue@Awesomium@@QBE?AVWebString@2@XZ

?length@WebString@Awesomium@@QBEIXZ

?data@WebString@Awesomium@@QBEPBGXZ

??_7Menu@WebViewListener@Awesomium@@6B@

??AWebMenuItemArray@Awesomium@@QBEABUWebMenuItem@1@I@Z

?size@WebMenuItemArray@Awesomium@@QBEIXZ

??_7Print@WebViewListener@Awesomium@@6B@

??1WebURL@Awesomium@@QAE@XZ

??_7Download@WebViewListener@Awesomium@@6B@

??_7Dialog@WebViewListener@Awesomium@@6B@

??0WebPreferences@Awesomium@@QAE@XZ

??0WebConfig@Awesomium@@QAE@XZ

?ToUTF8@WebString@Awesomium@@QBEIPADI@Z

??4WebString@Awesomium@@QAEAAV01@ABV01@@Z

?Shutdown@WebCore@Awesomium@@SAXXZ

?Initialize@WebCore@Awesomium@@SAPAV12@ABUWebConfig@2@@Z

??1WebPreferences@Awesomium@@QAE@XZ

??1WebConfig@Awesomium@@QAE@XZ

?OnWillDownload@ResourceInterceptor@Awesomium@@UAEXHHABVWebURL@2@@Z

?OnFilterNavigation@ResourceInterceptor@Awesomium@@UAE_NHHABVWebString@2@ABVWebURL@2@_N@Z

??_7Load@WebViewListener@Awesomium@@6B@

?SetCustomMethod@JSObject@Awesomium@@QAEXABVWebString@2@_N@Z

??1Load@WebViewListener@Awesomium@@MAE@XZ

??_7Process@WebViewListener@Awesomium@@6B@

??_7View@WebViewListener@Awesomium@@6B@

?Push@WebStringArray@Awesomium@@QAEXABVWebString@2@@Z

??1WebStringArray@Awesomium@@QAE@XZ

??0WebStringArray@Awesomium@@QAE@XZ

??0WebKeyboardEvent@Awesomium@@QAE@XZ

??0WebURL@Awesomium@@QAE@ABVWebString@1@@Z

?GetKeyIdentifierFromVirtualKeyCode@Awesomium@@YAXHPAPAD@Z

??0WebString@Awesomium@@QAE@XZ

awesomium.dll

opencv_core243.dll

opencv_imgproc243.dll

sqlite3_free

sqlite3_close

sqlite3_exec

sqlite3_open

sqlite3_errmsg

sqlite3.dll

KERNEL32.dll

GetKeyboardLayout

VkKeyScanExW

keybd_event

USER32.dll

SHELL32.dll

MSVCP100.dll

MSVCR100.dll

_amsg_exit

_acmdln

_crt_debugger_hook

VCOMP100.DLL

.?AVInputMethodEditor@WebViewListener@Awesomium@@

.?AVMenu@WebViewListener@Awesomium@@

.?AVPrint@WebViewListener@Awesomium@@

.?AV?$sp_counted_impl_p@VUBotWebView@@@detail@boost@@

.?AVLoad@WebViewListener@Awesomium@@

.?AVProcess@WebViewListener@Awesomium@@

.?AVDownload@WebViewListener@Awesomium@@

.?AVDialog@WebViewListener@Awesomium@@

.?AVView@WebViewListener@Awesomium@@

<requestedExecutionLevel level="asInvoker" uiAccess="false"></requestedExecutionLevel>

9‘9F9V9

4]5

393D3T3a3k3p3}3

;7< =&=0=6=

1!1(1/161

9%:6:[:~:

64787<7@7

3%3u3

6m6c6j6{6

8-9}9

0$0-0A0l0r0}0

2)2d2j2u2

= =$=(=,=

: :0:<:`:

0 1<1@1`1|1

0 0$0(0,000`0

sC:\boost\boost\boost/smart_ptr/shared_ptr.hpp

TempTwitter_Follower_V4.exe_844_rwx_053A0000_00010000:

.yH91

Browser.exe_408:

.text

`.rdata

@.data

.rsrc

@.reloc

8.uKj

8.uwS

V%SRj

libprotobuf %s %s:%d] %s

%d.%d.%d

..\src\google\protobuf\stubs\common.cc

..\src\google\protobuf\message_lite.cc

CHECK failed: !coded_out.HadError():

CHECK failed: (from.GetDescriptor()) == (descriptor):

..\src\google\protobuf\message.cc

: Tried to copy from a message with a different type.to:

..\src\google\protobuf\descriptor.cc

". To use it here, please add the necessary import.

", which is not imported by "

.PLACEHOLDER_VALUE

.placeholder.proto

map key must name a scalar or string field.

map_key must not name a repeated field.

Files that do not use optimize_for = LITE_RUNTIME cannot import files which do use this option. This file is not lite, but it imports "

$0$1 = $2

.dummy

FieldDescriptorProto.extendee set for non-extension field.

FieldDescriptorProto.extendee not set for extension field.

$0$1 $2 $3 = $4

CHECK failed: dynamic.get() != NULL:

.foo = value".

CHECK failed: !out.HadError():

" is repeated. Repeated options are not supported.

Import "

Missing field: FileDescriptorProto.name.

File recursively imports itself:

..\src\google\protobuf\generated_message_reflection.cc

..\src\google\protobuf\wire_format.cc

..\src\google\protobuf\reflection_ops.cc

..\src\google\protobuf\io\coded_stream.cc

..\src\google\protobuf\io\zero_copy_stream_impl_lite.cc

\xx

..\src\google\protobuf\stubs\strutil.cc

?..\src\google\protobuf\descriptor.pb.cc

google/protobuf/descriptor.proto

google/protobuf/descriptor.proto

google.protobuf"G

2$.google.protobuf.FileDescriptorProto"

2 .google.protobuf.DescriptorProto

2$.google.protobuf.EnumDescriptorProto

2'.google.protobuf.ServiceDescriptorProto

2%.google.protobuf.FieldDescriptorProto

.google.protobuf.FileOptions

.google.protobuf.SourceCodeInfo"

2/.google.protobuf.DescriptorProto.ExtensionRange

.google.protobuf.MessageOptions

2 .google.protobuf.FieldDescriptorProto.Label

2*.google.protobuf.FieldDescriptorProto.Type

.google.protobuf.FieldOptions"

2).google.protobuf.EnumValueDescriptorProto

.google.protobuf.EnumOptions"l

2!.google.protobuf.EnumValueOptions"

2&.google.protobuf.MethodDescriptorProto

.google.protobuf.ServiceOptions"

.google.protobuf.MethodOptions"

2).google.protobuf.FileOptions.OptimizeMode:

2$.google.protobuf.UninterpretedOption":

2$.google.protobuf.UninterpretedOption*

2#.google.protobuf.FieldOptions.CType:

experimental_map_key

2$.google.protobuf.UninterpretedOption"/

2-.google.protobuf.UninterpretedOption.NamePart

2(.google.protobuf.SourceCodeInfo.Location

com.google.protobufB

Tokenizer::ParseInteger() passed text that could not have been tokenized as an integer:

..\src\google\protobuf\io\tokenizer.cc

Tokenizer::ParseFloat() passed text that could not have been tokenized as a float:

Tokenizer::ParseStringAppend() passed text that could not have been tokenized as a string:

..\src\google\protobuf\dynamic_message.cc

..\src\google\protobuf\text_format.cc

..\src\google\protobuf\stubs\substitute.cc

..\src\google\protobuf\descriptor_database.cc

Invalid file descriptor data passed to EncodedDescriptorDatabase::Add().

..\src\google\protobuf\extension_set.cc

CHECK failed: iter != extensions_.end():

..\src\google\protobuf\extension_set_heavy.cc

Setting website credentials

uscript.continueType();

window.scroll(

uscript.continueClick();

uscript.continueMouseOver();

sendKeys

.JPEG

key_down

key_up

key_press

set_website_credentials

add_webview

remove_webview

host_key

Configuring WebCore

Initializing WebCore

Shutting down webview

No Webviews

awe_webcore_shutdown

C:\Users\Eddie\Projects\UBot-Studio\UBotBrowser\include\google/protobuf/repeated_field.h

command.proto

command.pb.cc

command.proto"8

An asynchronous IO operation is not yet complete.

An operation was aborted.

An operation timed out.

The operation failed because of unimplemented functionality.

There were not enough resources to complete the operation.

The IP address or port number is invalid.

SSL_CLIENT_AUTH_CERT_NEEDED

The server requested a client certificate for SSL client authentication.

The client and server don't support a common SSL protocol version or cipher suite.

PROXY_AUTH_UNSUPPORTED

The proxy requested authentication with an unsupported method.

CERT_ERROR_IN_SSL_RENEGOTIATION

The server sent a certificate with an error.

BAD_SSL_CLIENT_AUTH_CERT

The SSL handshake failed because of a bad or missing client certificate.

Winsock reported more data written than passed.

SSL_WEAK_SERVER_EPHEMERAL_DH_KEY

The SSL server attempted to use a weak ephemeral Diffie-Hellman key.

SSL_CLIENT_AUTH_PRIVATE_KEY_ACCESS_DENIED

The permission to use the SSL client certificate's private key was denied.

SSL_CLIENT_AUTH_CERT_NO_PRIVATE_KEY

The SSL client certificate has no private key.

PROXY_CERTIFICATE_INVALID

The certificate presented by the HTTPS Proxy was invalid.

HTTPS_PROXY_TUNNEL_RESPONSE

A request to create an SSL tunnel connection through the HTTPS proxy received a non-200 (OK) and non-407 (Proxy Auth) response.

We were unable to sign the CertificateVerify data of an SSL client auth handshake with the client certificate's private key.

MSG_TOO_BIG

The message was too large for the transport.

An operation failed because the SSL handshake has not completed.

SSL_BAD_PEER_PUBLIC_KEY

SSL peer's public key is invalid.

SSL_PINNED_KEY_NOT_IN_CERT_CHAIN

The certificate didn't match the built-in public key pins for the host name.

CLIENT_AUTH_CERT_TYPE_UNSUPPORTED

Server request for client certificate did not contain any types we support.

ORIGIN_BOUND_CERT_GENERATION_TYPE_MISMATCH

Server requested one type of cert, then requested a different type while the first was still being generated.

CERT_COMMON_NAME_INVALID

The server responded with a certificate whose common name did not match the host name. This could mean:

CERT_DATE_INVALID

The server responded with a certificate that appears to either not yet be valid or to have expired.

CERT_AUTHORITY_INVALID

server responded with a certificate that is signed by an authority we don't trust.

CERT_CONTAINS_ERRORS

The server responded with a certificate that contains errors.

CERT_NO_REVOCATION_MECHANISM

The certificate has no mechanism for determining if it is revoked.

CERT_UNABLE_TO_CHECK_REVOCATION

Revocation information for the security certificate for this site is not available.

CERT_REVOKED

The server responded with a certificate has been revoked.

CERT_INVALID

The server responded with a certificate that is invalid.

CERT_WEAK_SIGNATURE_ALGORITHM

The server responded with a certificate that is signed using a weak signature algorithm.

CERT_NON_UNIQUE_NAME

The host name specified in the certificate is not unique.

CERT_WEAK_KEY

The server responded with a certificate that contains a weak key.

CERT_END

The value immediately past the last certificate error code.

INVALID_URL

The URL is invalid.

DISALLOWED_URL_SCHEME

The scheme of the URL is disallowed.

UNKNOWN_URL_SCHEME

The scheme of the URL is unknown.

Attempting to load a URL resulted in too many redirects.

Attempting to load a URL resulted in an unsafe redirect.

UNSAFE_PORT

Attempting to load a URL with an unsafe port number.

METHOD_NOT_SUPPORTED

The server did not support the request method.

The PAC requested by HTTP did not have a valid status code.

An operation could not be completed because all network IO is suspended.

UNRECOGNIZED_FTP_DIRECTORY_LISTING_FORMAT

The server sent an FTP directory listing in a format we do not understand.

NO_SUPPORTED_PROXIES

There are no supported proxies in the provided list.

Credentials could not be established during HTTP Authentication.

UNSUPPORTED_AUTH_SCHEME

An HTTP Authentication scheme was tried which is not supported on this machine.

No Kerberos credentials were available during HTTP Authentication.

The HTTP response was too big to drain.

The HTTP response contained multiple distinct Content-Length headers.

No PAC URL configuration could be retrieved from DHCP.

The HTTP response contained multiple Content-Disposition headers.

The HTTP response contained multiple Location headers.

PIPELINE_EVICTION

The request couldn't be completed on an HTTP pipeline.

The HTTP response body transferred fewer bytes than were advertised by the Content-Length header when the connection is closed.

The HTTP response body is transferred with Chunked-Encoding, but the terminating zero-length chunk was never sent when the connection is closed.

CACHE_OPERATION_NOT_SUPPORTED

The operation is not supported for this entry.

NO_PRIVATE_KEY_FOR_CERT

The server responded to a <keygen> with a generated client cert that we don't have the matching private key for.

ADD_USER_CERT_FAILED

An error adding to the OS certificate database (e.g. OS X Keychain).

FTP_FAILED

A generic error for failed FTP control connection command.

FTP_SERVICE_UNAVAILABLE

FTP_TRANSFER_ABORTED

FTP_FILE_BUSY

FTP_SYNTAX_ERROR

FTP_COMMAND_NOT_SUPPORTED

Server does not support the command we issued.

FTP_BAD_COMMAND_SEQUENCE

PKCS12_IMPORT_BAD_PASSWORD

PKCS #12 import failed due to incorrect password.

PKCS12_IMPORT_FAILED

PKCS #12 import failed due to other error.

IMPORT_CA_CERT_NOT_CA

CA import failed - not a CA cert.

IMPORT_CERT_ALREADY_EXISTS

Import failed - certificate already exists in database.

IMPORT_CA_CERT_FAILED

CA import failed due to some other error.

IMPORT_SERVER_CERT_FAILED

Server certificate import failed due to some internal error.

PKCS12_IMPORT_INVALID_MAC

PKCS #12 import failed due to invalid MAC.

PKCS12_IMPORT_INVALID_FILE

PKCS #12 import failed due to invalid/corrupt file.

PKCS12_IMPORT_UNSUPPORTED

PKCS #12 import failed due to unsupported features.

KEY_GENERATION_FAILED

Key generation failed.

ORIGIN_BOUND_CERT_GENERATION_FAILED

Server-bound certificate generation failed.

PRIVATE_KEY_EXPORT_FAILED

Failure to export private key.

DNS_SERVER_REQUIRES_TCP

DNS server requires TCP

chrome://chromewebdata/

document.documentElement.innerHTML = ' <head>

<title>Webpage Crashed</title>

<h3>Something went wrong while displaying this webpage.</h3>

\browser_log.txt

%Y-%m-%d %H:%M:%S

document.body.scrollHeight;

document.body.scrollWidth;

window.scrollX;

window.scrollY;

uscript.setAllowPopups(false)

uscript.foundImage(

uscript.findImageFailed()

uscript.getChosenBoundingRects()

uscript.setHighlighting(

C:\Users\Eddie\Projects\UBot-Studio\UBotBrowser\bin\Release\Browser.pdb

?SendResponse@DataSource@Awesomium@@QAEXHIPAEABVWebString@2@@Z

?CreateFromUTF8@WebString@Awesomium@@SA?AV12@PBDI@Z

??1WebString@Awesomium@@QAE@XZ

??0WebString@Awesomium@@QAE@ABV01@@Z

?spec@WebURL@Awesomium@@QBE?AVWebString@2@XZ

??_7InputMethodEditor@WebViewListener@Awesomium@@6B@

?ToString@JSValue@Awesomium@@QBE?AVWebString@2@XZ

?length@WebString@Awesomium@@QBEIXZ

?data@WebString@Awesomium@@QBEPBGXZ

??_7Menu@WebViewListener@Awesomium@@6B@

??AWebMenuItemArray@Awesomium@@QBEABUWebMenuItem@1@I@Z

?size@WebMenuItemArray@Awesomium@@QBEIXZ

??_7Print@WebViewListener@Awesomium@@6B@

??1WebURL@Awesomium@@QAE@XZ

??_7Download@WebViewListener@Awesomium@@6B@

??_7Dialog@WebViewListener@Awesomium@@6B@

??0WebPreferences@Awesomium@@QAE@XZ

??0WebConfig@Awesomium@@QAE@XZ

?ToUTF8@WebString@Awesomium@@QBEIPADI@Z

??4WebString@Awesomium@@QAEAAV01@ABV01@@Z

?Shutdown@WebCore@Awesomium@@SAXXZ

?Initialize@WebCore@Awesomium@@SAPAV12@ABUWebConfig@2@@Z

??1WebPreferences@Awesomium@@QAE@XZ

??1WebConfig@Awesomium@@QAE@XZ

?OnWillDownload@ResourceInterceptor@Awesomium@@UAEXHHABVWebURL@2@@Z

?OnFilterNavigation@ResourceInterceptor@Awesomium@@UAE_NHHABVWebString@2@ABVWebURL@2@_N@Z

??_7Load@WebViewListener@Awesomium@@6B@

?SetCustomMethod@JSObject@Awesomium@@QAEXABVWebString@2@_N@Z

??1Load@WebViewListener@Awesomium@@MAE@XZ

??_7Process@WebViewListener@Awesomium@@6B@

??_7View@WebViewListener@Awesomium@@6B@

?Push@WebStringArray@Awesomium@@QAEXABVWebString@2@@Z

??1WebStringArray@Awesomium@@QAE@XZ

??0WebStringArray@Awesomium@@QAE@XZ

??0WebKeyboardEvent@Awesomium@@QAE@XZ

??0WebURL@Awesomium@@QAE@ABVWebString@1@@Z

?GetKeyIdentifierFromVirtualKeyCode@Awesomium@@YAXHPAPAD@Z

??0WebString@Awesomium@@QAE@XZ

awesomium.dll

opencv_core243.dll

opencv_imgproc243.dll

sqlite3_free

sqlite3_close

sqlite3_exec

sqlite3_open

sqlite3_errmsg

sqlite3.dll

KERNEL32.dll

GetKeyboardLayout

VkKeyScanExW

keybd_event

USER32.dll

SHELL32.dll

MSVCP100.dll

MSVCR100.dll

_amsg_exit

_acmdln

_crt_debugger_hook

VCOMP100.DLL

.?AVInputMethodEditor@WebViewListener@Awesomium@@

.?AVMenu@WebViewListener@Awesomium@@

.?AVPrint@WebViewListener@Awesomium@@

.?AV?$sp_counted_impl_p@VUBotWebView@@@detail@boost@@

.?AVLoad@WebViewListener@Awesomium@@

.?AVProcess@WebViewListener@Awesomium@@

.?AVDownload@WebViewListener@Awesomium@@

.?AVDialog@WebViewListener@Awesomium@@

.?AVView@WebViewListener@Awesomium@@

<requestedExecutionLevel level="asInvoker" uiAccess="false"></requestedExecutionLevel>

9‘9F9V9

4]5

393D3T3a3k3p3}3

;7< =&=0=6=

1!1(1/161

9%:6:[:~:

64787<7@7

3%3u3

6m6c6j6{6

8-9}9

0$0-0A0l0r0}0

2)2d2j2u2

= =$=(=,=

: :0:<:`:

0 1<1@1`1|1

0 0$0(0,000`0

sC:\boost\boost\boost/smart_ptr/shared_ptr.hpp

%original file name%.exe_1104:

.text

`.rdata

@.data

.rsrc

@.reloc

SSh8*K

.hP6K

PSSSSSSh

Gt.Ht$

t.jGZf;

PSSShl

PVSShl

j.Zf;

;K|s%f

?#%X.y

GetProcessWindowStation

operator

kernel32.dll

oleaut32.dll

RegDeleteKeyExW

advapi32.dll

Error text not found (please report)

operand of unlimited repeat could match the empty string

POSIX named classes are supported only within a class

erroffset passed as NULL

POSIX collating elements are not supported

this version of PCRE is compiled without UTF support

PCRE does not support \L, \l, \N{name}, \U, or \u

support for \P, \p, and \X has not been compiled

this version of PCRE is not compiled with Unicode property support

\N is not supported in a class

WSOCK32.dll

VERSION.dll

WINMM.dll

COMCTL32.dll

MPR.dll

InternetCrackUrlW

HttpQueryInfoW

HttpOpenRequestW

HttpSendRequestW

FtpOpenFileW

FtpGetFileSize

InternetOpenUrlW

WININET.dll

PSAPI.DLL

IPHLPAPI.DLL

USERENV.dll

UxTheme.dll

GetProcessHeap

CreatePipe

GetWindowsDirectoryW

KERNEL32.dll

OpenWindowStationW

SetProcessWindowStation

CloseWindowStation

MapVirtualKeyW

EnumChildWindows

EnumWindows

VkKeyScanW

GetKeyState

GetKeyboardState

SetKeyboardState

GetAsyncKeyState

keybd_event

EnumThreadWindows

ExitWindowsEx

UnregisterHotKey

RegisterHotKey

GetKeyboardLayoutNameW

USER32.dll

SetViewportOrgEx

GDI32.dll

COMDLG32.dll

RegOpenKeyExW

RegCloseKey

RegCreateKeyExW

RegEnumKeyExW

RegDeleteKeyW

ADVAPI32.dll

ShellExecuteW

SHFileOperationW

ShellExecuteExW

SHELL32.dll

ole32.dll

OLEAUT32.dll

GetCPInfo

zcÁ

n..GGHHH

n...GGHHH

n ....HGHHHH

n  ....G.HHH

~~~~{~{{{{

n!! ....HGHHHH

n!!  .....HHHHHH

!!!  ....GGHHH

!!"".....HHHHnv

"""...-.nv

bJ.TD

Y/.DR

X%C$/

KYO.jSy

SbLd.vJ0

-ezj}

Rif?%f^%

Nkr#.vE

ta"%S

FO.fM

.eL8},

%Xa$P

k9W%d

8]C

gr.ERB

4.Qp'

n7%F"]

!O$.ULfr

8aV.AJ

y0.IA{Xd

!ua.TlK

0~A/%D

 p.fO

cRtv2

.Ix ~

.PNJe\J

DD.AH

2%seB

!.zS!Yf

OzaT.nO

9_.iV

%5x]$OM $

Cmdk

,@r%C

%uLx>1/

:%SAAT

M{y%cm

.ncl~

8=b.hH

%D'HB

%cVMl'

.fGhb

^l.fPT

_K<]%F

-_SS_

R7%6S

LL".HO\

KX%SS_

fF.WQ

0I.Zo

msGY;?

}B?0.IwwV

@HS.%U

K*0'%S

5]g.gy

7kySQL

0Co%s$

^m%xx

%d~ymv

FsC~uDp

z .DV

.AOTo

G6.Qc

x.RQ9o_

:39.QM:

.Vx?f

.UR_]

z;%XVi

%FU2q

.eF5T

qy.Lsa

.>.Zy

rV-%Fw

VG_%d

4.eV c

%s<?pOjJ"

m|k,%s

,.XvC

xg>ò Z

.Ot5]

%.tx:;

i_U.Mn9

,r.TQI

O4%S'

Xq.fh

AI%S:

z.Sk[ 

}.rNYD

.Qb.[

-Z.ab

.rk8v

%f%4voa

.xRGsN

huDph_

2.DCJ

%UP*"

%fK!Q

;jW.Tc

&@%9x

G%s*k

.Ml:)

.Lj9|

8.oukv4l@F?U

1!%xg

Q%F:v^g

BA yuf%f

%f]@0

5%xP/e7

.rt,EAI

yi.cf~

@(lù

%ulH5

.ZXO;

.rDjf)x/%

>[email protected]

J'W%sN

%cM96

>.lB1

h.exoVw

.UI2G <

{~(1%UZ

m.gNr

.lk#)

1"%2XC

-L}g~

U.Mc|w

{pta.Sk

.TfMa

HQQ)%S\c

Ï.g

fe=%D'

^.iS1

.).bTa

P.we@

a4.fmJ

3ôk

.HZ'5

T.FD,

(oa}.Pe

 U.BM

".hO`

_.PA*n

\.Kh9#

NUrl

Keybt

.zz6 

.Iieq

VÂT

m.FbdA

7%Xl;2b

-n.gc{

\.Rk6

Î7${w#

.pgRHf(

H.uyE

%Fh?0

5;.Rm

Nx.DA

.xC"8

/_A%c

.QKmzw

&.oeZ

$P.es

.RdZ$

79  ]('7^

.Etox

]""%d

4V*.gg

B|.WH

X%UpA`

%S4Afr

_* %D

q,w_.odl66

%UpFI

RF})%sg

?v2I1 N%s

%Sv-N&_

tuRL

SP.dz\

IJU%su

.kvnb

.dOCe

Z%.xk

5w.Fm

c&%D 

Tpnm1.LEM

V`E%D.

p%D.A

|yn].Sh

%u?Tt

65%dw%

S.sss

;.yjo

%cO>s0

0st.VG

a.Ix/

FTPO

%Ssf%

.DZ,T

\.Dj^

\N%fm

%u: T

CmdnI

%dwPX

& .vX

:u%uS

.PX|6

_m%cI

i$%X`

$%dwm

$.sX\

2.Iw\

#%fH(m

.AOamW"

Aj.Yw*]A

\<|%0s

%svzJ

D%X,,

[.MjEt

/\]X.mne

Y%dnT

\.LW$H

%c|7I

0.kmI

h%Uq0

%Uf4\

os.CA;<N

msG!U

p.rtPn"o2

.Sr5mW

.tNl!j

.LW:a

^y|%F

pw.OCv\

URLr

.GyDV

Y(%X"

?`).bC

.oVq(

O?.cwU

<"Y<%f

3%SeoU

6!eU%d

c%s[Xlv

%SWSEr

j..Zv

%uCLN

("8.Sax

LGkc.Pk%`

t:\3B

gjY%f

.ZeqH

I.lg\

Bl@2 %X

ks.bL

YL.Ud

7d%.C

aJ;.CG

.Ee4K8

X.ddR

KO%FQ

qy%F}

6.IXd

.THq46;_

&v.aF

3I.LI{

Rh

{Nc.Nr

{x.BU

Of.RC

.eko@

k  5.EM^"-

 N.EQ8

Z.hxa

~}.JaRR&

D.MD<

X:;$%D

_.Ca8

YM.as

.JMrO

j%D`T

e.nA>

w%SEz

 .VE(

L0.PT

nP.OS~c

k=U%X

;È6

Q.QFvP

3&%X?|

.Sh|`

%F(#<

`%CqH

;O%d)vr1%

t%fik

E.Qg1

C3u%fz1

-qYM}

{d.rLO

-c}.X

.eHIe

PE.jnI

%srVv

;|Ý

4.Fnm

.pH jz}wI]Z

;w%uZ

-J6}K

eK.XK

a%fhhiP

v‘x

rA%X7

<n.xU8

F%U`l

%S9o5

(.eL5P

O'3.vL

.Bk A

N&.ZL1

.QaZc

fmB%X

!%s2Q

>C.xr

.eQ=T

%Dv'U

.ET]#

8Ub%Uw|

j*;%S:Z@

-Lr}p

ZIË

iM6%s

9L`.Brr

.sKoC

5.kKM

<WeB/

A2%DyXm

A5-4} 

A7.Rd3

W$[%Xv

vO7.wO

bGX.wD

n.uc*

.Yh<U&w

.TUQt

TH.xZ4

%.Qd3

v.wWW&

(Y|wM.qr6

LB.tG9#

%fQf\

j)4q%f

 >.Xr/

%xrSd

4b$.WP

x=]A^A%SG:

dE#u%S

/iL%C

OnE%C

T.HW[

`).ZB|

$.rtc&

%dU Z

.iMV B

:.Iz*>

QU\&%u

.wu-=t

%uLVc

5.zU;6

m%1xj

X4.HYD

LF.om

>@*.Xmeg

u.wO8

x.Wn6=

>H-B}

$ZZ%C

7.Dz)M

:wg%0u

 8?%d

4*j:-7}

rt.IL

.mlL@>

<%spo

W8.Mv

.YG42

(%F(wc

.YgU5

.ptM 

l1b.vC

JICmD

\_.xf

W.bI 

B.XzM

! uRL

.WWl)

V8.Fo

J%CUO

0e>Z%D

S.Jn8

.GdSiH

{vEn.HB3

;.iJX

R.gP4

bKeY

.qz.}

^\.wY

J.kq=]

zw0%X\E

`.FYn

n%x@},

N%u^%H0P

Gx%uF

.zM]!

6.XZj

TSnZ.ZM

&%FqCQ

.IlWP

<@%%u

(Ya%X

v0.Kod

k%uG1-

8SP|4<%u

V%Fsd

\@U%X.

%Chn|

?a1%XD

~t%Xr\

<assemblyIdentity type="win32" name="Microsoft.Windows.Common-Controls" version="6.0.0.0" language="*" processorArchitecture="*" publicKeyToken="6595b64144ccf1df"/>

<requestedExecutionLevel level="asInvoker" uiAccess="false"/>

<supportedOS Id="{e2011457-1546-43c5-a5fe-008deee3d3f0}"/>

<supportedOS Id="{35138b9a-5d96-4fbd-8e2d-a2440225f93a}"/>

<supportedOS Id="{4a2f28e3-53b9-4441-ba9c-d69d4a4a6e38}"/>

<supportedOS Id="{1f676c76-80e1-4239-95bb-83d0f6d0da78}"/>

> >$>(>=>

5o6q6

6!6%6)6-616

343C3n3v3}3

:&:*:.:2:

4#4'4 4/43474;4

<$<,<4<<<\=

mscoree.dll

combase.dll

- CRT not initialized

- Attempt to initialize the CRT more than once.

- floating point support not loaded

USER32.DLL

>>>AUTOIT NO CMDEXECUTE<<<

CMDLINERAW

CMDLINE

/AutoIt3ExecuteLine

/AutoIt3ExecuteScript

APPSKEY

789:;<=>?

FTPSETPROXY

GUICTRLRECVMSG

GUICTRLSENDMSG

GUIGETMSG

GUIREGISTERMSG

HOTKEYSET

HTTPSETPROXY

HTTPSETUSERAGENT

ISKEYWORD

MSGBOX

REGENUMKEY

SHELLEXECUTE

SHELLEXECUTEWAIT

TCPACCEPT

TCPCLOSESOCKET

TCPCONNECT

TCPLISTEN

TCPNAMETOIP

TCPRECV

TCPSEND

TCPSHUTDOWN

TCPSTARTUP

TRAYGETMSG

UDPBIND

UDPCLOSESOCKET

UDPOPEN

UDPRECV

UDPSEND

UDPSHUTDOWN

UDPSTARTUP

SendKeyDelay

SendKeyDownDelay

TCPTimeout

WINDOWSDIR

AUTOITEXE

HOTKEYPRESSED

%s (%d) : ==> %s.:

Line %d:

Line %d (File "%s"):

%s (%d) : ==> %s:

AutoIt script files (*.au3, *.a3x)

*.au3;*.a3x

All files (*.*)

04090000

%u.%u.%u.%u

0.0.0.0

Mddddd

"%s" (%d) : ==> %s:

\??\%s

GUI_RUNDEFMSG

AUTOITCALLVARIABLE%d

255.255.255.255

Keyword

AUTOIT.ERROR

Null Object assignment in FOR..IN loop

Incorrect Object type in FOR..IN loop

3, 3, 12, 0

HKEY_LOCAL_MACHINE

HKEY_CLASSES_ROOT

HKEY_CURRENT_CONFIG

HKEY_CURRENT_USER

HKEY_USERS

%d/d/d

c:\%original file name%.exe

AutoIt supports the __stdcall (WINAPI) and __cdecl calling conventions. The __stdcall (WINAPI) convention is used by default but __cdecl can be used instead. See the DllCall() documentation for details on changing the calling convention.

Missing operator in expression."Unbalanced brackets in expression.

Error parsing function call.0Incorrect number of parameters in function call.'"ReDim" used without an array variable.>Illegal text at the end of statement (one statement per line).1"If" statement has no matching "EndIf" statement.1"Else" statement with no matching "If" statement.2"EndIf" statement with no matching "If" statement.7Too many "Else" statements for matching "If" statement.3"While" statement has no matching "Wend" statement.4"Wend" statement with no matching "While" statement.%Variable used without being declared.XArray variable has incorrect number of subscripts or subscript dimension range exceeded.#Variable subscript badly formatted.*Subscript used on non-accessible variable.&Too many subscripts used for an array.0Missing subscript dimensions in "Dim" statement.NNo variable given for "Dim", "Local", "Global", "Struct" or "Const" statement.

0Expected a "=" operator in assignment statement.*Invalid keyword at the start of this line.

Invalid element in a DllStruct.*Unknown option or bad parameter specified.&Unable to load the internet libraries./"Struct" statement has no matching "EndStruct".HUnable to open file, the maximum number of open files has been exceeded.K"ContinueLoop" statement with no matching "While", "Do" or "For" statement.

Invalid file filter given.*Expected a variable in user function call.1"Do" statement has no matching "Until" statement.2"Until" statement with no matching "Do" statement.#"For" statement is badly formatted.2"Next" statement with no matching "For" statement.N"ExitLoop/ContinueLoop" statements only valid from inside a For/Do/While loop.1"For" statement has no matching "Next" statement.@"Case" statement with no matching "Select"or "Switch" statement.:"EndSelect" statement with no matching "Select" statement.ORecursion level has been exceeded - AutoIt will quit to prevent stack overflow.&Cannot make existing variables static.4Cannot make static variables into regular variables.

3This keyword cannot be used after a "Then" keyword.>"Select" statement is missing "EndSelect" or "Case" statement. "If" statements must have a "Then" keyword. Badly formated Struct statement."Cannot assign values to constants..Cannot make existing variables into constants.9Only Object-type variables allowed in a "With" statement.v"long_ptr", "int_ptr" and "short_ptr" DllCall() types have been deprecated. Use "long*", "int*" and "short*" instead.-Object referenced outside a "With" statement.)Nested "With" statements are not allowed."Variable must be of type "Object".1The requested action with this object has failed.8Variable appears more than once in function declaration.2ReDim array can not be initialized in this manner.1An array variable can not be used in this manner.

Can not redeclare a constant.5Can not redeclare a parameter inside a user function.HCan pass constants by reference only to parameters with "Const" keyword.*Can not initialize a variable with itself.$Incorrect way to use this parameter.:"EndSwitch" statement with no matching "Switch" statement.>"Switch" statement is missing "EndSwitch" or "Case" statement.H"ContinueCase" statement with no matching "Select"or "Switch" statement.

String missing closing quote.!Badly formated variable or macro.*Missing separator character after keyword.

WPFFontCache_v0400.exe_828:

.text

`.data

@.rsrc

@.reloc

t1Ht.Ht

Ht.Ht

8Y%u(

Ht.Ht$Ht

tGHt;Ht.Ht$Ht

!!"$%%&$%%&())*

%s %s line %d

SHELL32.dll

RPCRT4.dll

MSVCR100_CLR0400.dll

KERNEL32.dll

ADVAPI32.dll

RegNotifyChangeKeyValue

RegCloseKey

RegQueryInfoKeyW

RegOpenKeyExW

GetSystemWindowsDirectoryW

_crt_debugger_hook

_amsg_exit

wpffontcache_v0400.pdb

.?AVMalformedKeyException@@

.?AVNotSupportedException@@

6666666666666666

666666666666

6666666

8888888

!"#$%&'()* ,-./

0000000000000

#@$@$@$@$

@:@$@$@$@$@$@$@$@$@$@$

!"#$%&'()* ,-./0

%&'(gggg)* ,..........................................................................................MMMM..

4444444444444

#$%&'()* 

!!!!"#$%&'()* ,-./0123456789:;<=

KEYW

<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0"><assemblyIdentity version="1.0.0.0" processorArchitecture="X86" name="wpffontcache_v0400" type="win32"></assemblyIdentity><trustInfo xmlns="urn:schemas-microsoft-com:asm.v3"><security><requestedPrivileges><requestedExecutionLevel level="asInvoker" uiAccess="false"></requestedExecutionLevel></requestedPrivileges></security></trustInfo></assembly>PADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPAD

4 4}455<5

:":&:*:.:2:

0!0&0,03090?0

1 1$1(1,1014181

>0>8>`>~>

1$1@1\1|1

Software\Microsoft\Avalon.Graphics

kernel32.dll

SOFTWARE\Microsoft\Windows NT\CurrentVersion\Fonts

MARLETT.TTF

E\\?\

\WPFFontCache_v0400-System.dat

{2da8dded-086f-4cb9-a77f-b974b9cb0186}

\\?\UNC\

{00000000-0000-0000-0000-000000000000}

\\?\Volume

yKERNEL32.DLL

KeySize

ElementMalformedKeyTask

CacheMissReportReceivedTask

wpffontcache_v0400.exe

4.0.30319.1 built by: RTMRel

.NET Framework

4.0.30319.1

vbc.exe_1484_rwx_00150000_0003A000:

.text

`.reloc

B.rsrc

/.ffefefeeffe

lSystem.Resources.ResourceReader, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet

sÞUK

v2.0.50727

NanoCore Client.exe

Microsoft.VisualBasic

System.Windows.Forms

System.Drawing

kernel32.dll

psapi.dll

advapi32.dll

ntdll.dll

dnsapi.dll

ClientLoaderForm.resources

Microsoft.VisualBasic.ApplicationServices

Microsoft.VisualBasic.CompilerServices

Operators

Microsoft.VisualBasic.Devices

Microsoft.Win32

RegistryKey

NanoCore.ClientPlugin

NanoCore.ClientPluginHost

System.CodeDom.Compiler

System.Collections.Generic

KeyValuePair`2

System.Collections

System.ComponentModel

System.Diagnostics

ProcessWindowStyle

InvalidOperationException

System.IO

System.IO.Compression

System.Net

System.Net.Sockets

SocketAsyncOperation

OperatingSystem

System.Reflection

System.Runtime.CompilerServices

System.Runtime.InteropServices

System.Security.AccessControl

System.Security.Cryptography

System.Security.Principal

WindowsBuiltInRole

WindowsIdentity

WindowsPrincipal

System.Text

System.Threading

FormWindowState

#=qmLTtz8OEDrkzFTzYkI_Dg1dvKwiGw9blNcZSU_QqMsg=

.cctor

.ctor

ClosePipe

PipeExists

#=qNn8WS2rooUJUoMsG84mQ7PkK4IQF8$E42cyDjfL7Kqc=

#=qwSqLSPEuM8lJy4sOeuH92YjPodcLquqdG$OodozwC60=

#=qiY1B9yU2oVkPHxhn$y67SFTP8x1Jb0botGqdUGkdpQg=

CreatePipe

PipeCreated

#=q85afbI_HcqBFOZnC0iAqsNghLb3LsuyjFtpLEYYoPX8=

#=q$fGRvwQxjFKeY$SH10p0pyPTU$R77VMKr3CcLFQeQ2Y=

#=q6wR5WMLGkL9afTpqmWsw9g==

SetThreadExecutionState

RegOpenKeyEx

RegCloseKey

ContainsKey

PipeClosed

get_Key

GetExecutingAssembly

set_Key

get_ExecutablePath

OpenSubKey

set_UseShellExecute

set_WindowStyle

GetPublicKeyToken

get_Port

get_LastOperation

set_WindowState

8.0.0.0

System.Windows.Forms.Form

My.MyProject.Forms

4System.Web.Services.Protocols.SoapHttpClientProtocol

$994c8143-1aef-4fd7-8af3-df9fb7717866

1.2.2.0

_CorExeMain

mscoree.dll

(<I1%S$

psEd%Uf

T7.wjB

.jKMl

Y#-Ul}

KcrT

@%U-V

.oo59 

VmsG

SMO1;%xP>

Browser.exe_2000_rwx_03100000_00100000:

Qj.hQ

Browser.exe_2000_rwx_03D00000_00100000:

Qj.hM

=.goo

Browser.exe_2000_rwx_04800000_00100000:

Vh%S]

j.hy"

Browser.exe_408_rwx_03100000_00100000:

PVh%d

Remove it with Ad-Aware

1. Click (here) to download and install Ad-Aware Free Antivirus.
2. Update the definition files.
3. Run a full scan of your computer.

Manual removal*

1. Terminate malicious process(es) (How to End a Process With the Task Manager):
   

   WPFFontCache_v0400.exe:828
   %original file name%.exe:1104
   %original file name%.exe:2040
   Browser.exe:924
   Browser.exe:852
   

2. Delete the original Trojan file.
   
3. Delete or disinfect the following files created/modified by the Trojan:
   

   %Documents and Settings%\%current user%\Application Data\UBot Studio\Browser\4.2.16\Awesomium.dll (2032242 bytes)
   %Documents and Settings%\%current user%\Application Data\UBot Studio\Browser\4.2.16\vcomp100.dll (2740 bytes)
   %Documents and Settings%\%current user%\Application Data\UBot Studio\Browser\4.2.16\avutil-51.dll (4320 bytes)
   %Documents and Settings%\%current user%\Application Data\UBot Studio\Browser\4.2.16\sqlite3.dll (34128 bytes)
   %Documents and Settings%\%current user%\Application Data\UBot Studio\Browser\4.2.16\avformat-53.dll (5108 bytes)
   %Documents and Settings%\%current user%\Application Data\UBot Studio\Browser\4.2.16\opencv_imgproc243.dll (107877 bytes)
   %Documents and Settings%\%current user%\Application Data\UBot Studio\Browser\4.2.16\icudt.dll (838173 bytes)
   %Documents and Settings%\%current user%\Application Data\UBot Studio\Browser\4.2.16\Browser.exe (38140 bytes)
   %Documents and Settings%\%current user%\Application Data\UBot Studio\Browser\4.2.16\inspector.pak (332710 bytes)
   %Documents and Settings%\%current user%\Application Data\UBot Studio\Browser\4.2.16\avcodec-53.dll (77981 bytes)
   %Documents and Settings%\%current user%\Application Data\UBot Studio\Browser\4.2.16\msvcr100.dll (31138 bytes)
   %Documents and Settings%\%current user%\Application Data\UBot Studio\Browser\4.2.16\msvcp100.dll (21720 bytes)
   %System%\d3d9caps.tmp (2648 bytes)
   %Documents and Settings%\%current user%\Application Data\UBot Studio\Browser\4.2.16\libEGL.dll (4813 bytes)
   %Documents and Settings%\%current user%\Application Data\UBot Studio\Browser\4.2.16\xinput9_1_0.dll (2245 bytes)
   %Documents and Settings%\%current user%\Application Data\UBot Studio\Browser\4.2.16\opencv_core243.dll (136697 bytes)
   %Documents and Settings%\%current user%\Application Data\UBot Studio\Browser\4.2.16\libGLESv2.dll (22024 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\432347 (16 bytes)
   %Documents and Settings%\%current user%\Local Settings\TempTwitter_Follower_V4.exe (39411 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\incl1 (588 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\132184 (1921 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\aut4.tmp (3417 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\incl2 (1281 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\aut3.tmp (3 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\aut1.tmp (37635 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\aut2.tmp (392 bytes)
   %Documents and Settings%\%current user%\Application Data\UBot Studio\browser_log.txt (336 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\tmp5.tmp\Cookies (2217 bytes)
   %Documents and Settings%\%current user%\Application Data\Microsoft\CryptnetUrlCache\MetaData\8A574ED5927B3CEC9626151D220C7448 (160 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\tmp5.tmp\Local Storage\https_www.google.com.ua_0.localstorage-journal (532 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\tmp5.tmp\Cache\f_000002 (50 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\tmp5.tmp\Cache\f_000003 (125 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\tmp5.tmp\Cache\f_000001 (44 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\tmp5.tmp\Cache\f_000006 (307 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\tmp5.tmp\Cache\f_000004 (49 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\tmp5.tmp\Cache\f_000005 (29 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\tmp5.tmp\Cache\index (368 bytes)
   %Documents and Settings%\%current user%\Application Data\Microsoft\CryptnetUrlCache\Content\8A574ED5927B3CEC9626151D220C7448 (665 bytes)
   %Documents and Settings%\%current user%\Application Data\Microsoft\CryptnetUrlCache\Content\D7B4E43171BB9E412497B0377F4343E7 (554 bytes)
   %Documents and Settings%\%current user%\Application Data\Microsoft\CryptnetUrlCache\MetaData\D7B4E43171BB9E412497B0377F4343E7 (180 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\tmp5.tmp\Cache\data_0 (994760 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\tmp5.tmp\Cache\data_1 (26464 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\tmp5.tmp\Cache\data_2 (7984 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\tmp5.tmp\Cache\data_3 (3040 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\tmp5.tmp\Cookies-journal (21744 bytes)
   %Documents and Settings%\%current user%\Application Data\Microsoft\CryptnetUrlCache\MetaData\23B523C9E7746F715D33C6527C18EB9D (200 bytes)
   %Documents and Settings%\%current user%\Application Data\Microsoft\CryptnetUrlCache\Content\23B523C9E7746F715D33C6527C18EB9D (614 bytes)

4. Delete the following value(s) in the autorun key (How to Work with System Registry):
   

   [HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
   "Cmd" = "c:\%original file name%.exe"

5. Clean the Temporary Internet Files folder, which may contain infected files (How to clean Temporary Internet Files folder).
   
6. Reboot the computer.
   

*Manual removal may cause unexpected system behaviour and should be performed at your own risk.