Gen:Variant.Mikey.38538 (B) (Emsisoft), Gen:Variant.Mikey.38538 (AdAware), Trojan.Win32.Swrort.3.FD, GenericInjector.YR, GenericPhysicalDrive0.YR (Lavasoft MAS)Behaviour: Trojan
The description has been automatically generated by Lavasoft Malware Analysis System and it may contain incomplete or inaccurate information.
Summary
MD5: 0169e462298b10fd20b22d6d60660c01
SHA1: 7f39009b852fc9c42516f0ddff12ae0ab2d1becc
SHA256: 521043c2701636c535468c8eaae1597c71bafb122b8d843262a72672844b5726
SSDeep: 98304:Vddegn/bR6nVZHQVrsEcTiiAvLa0oYkufXQIP0WyH9XDV:Ug6ZHQVrsEyi80 gAIMWuDV
Size: 6214144 bytes
File type: EXE
Platform: WIN32
Entropy: Not Packed
PEID: UPolyXv05_v6
Company: no certificate found
Created at: 2016-05-31 09:57:48
Analyzed on: WindowsXP SP3 32-bit
Summary: Trojan. A program that appears to do one thing but actually does another (a.k.a. Trojan Horse).
Dynamic Analysis
Payload
No specific payload has been found.
Process activity
The Trojan creates the following process(es):
sc.exe:2312
sc.exe:2216
Browser_V5.6.13381.9_r_4681_(Build1606081220).exe:2156
stats_uploader.exe:2212
stats_uploader.exe:3848
UCBrowser.exe:2756
ADSkip.v1.0.523.2104_Silent.exe:1748
%original file name%.exe:224
UCService.exe:3608
UCService.exe:2804
UCService.exe:3820
netsh.exe:2488
netsh.exe:2588
netsh.exe:320
netsh.exe:476
netsh.exe:2660
netsh.exe:2508
ADSkip.exe:756
ADSkipSvc.exe:2396
ADSkipSvc.exe:1152
setup.exe:2840
MiniTPFw.exe:1012
The Trojan injects its code into the following process(es):
MiniThunderPlatform.exe:1036
UCBrowser.exe:2680
Mutexes
The following mutexes were created/opened:No objects were found.
File activity
The process Browser_V5.6.13381.9_r_4681_(Build1606081220).exe:2156 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir2156_19268\stats_uploader.exe (265 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\CR_E4C92.tmp\setup.exe (17426 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir2156_10848\wow_installer.prefs (235 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\CR_E4C92.tmp\SETUP.EX_ (1709 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\CR_E4C92.tmp\CHROME.PACKED.7Z (359691 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\CR_E4C92.tmp\SETUP.EX_ (0 bytes)
The process UCBrowser.exe:2756 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Application Data\UCBrowser\User Data\Default\Preferences (2 bytes)
%Program Files%\UCBrowser\Application\Share\unconfirmed_config (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\UCBrowser\User Data\1.tmp (837 bytes)
The Trojan deletes the following file(s):
%Program Files%\UCBrowser\Application\Share\unconfirmed_config (0 bytes)
The process ADSkip.v1.0.523.2104_Silent.exe:1748 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%System%\drivers\blNetFilter.sys (601 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\bin\ADSkip\driver\x64\Win7\blNetFilter.sys (1856 bytes)
%Program Files%\ADSKIP\askRules.dll (3361 bytes)
%Program Files%\ADSKIP\CustomRule.txt (2 bytes)
%Program Files%\ADSKIP\res\400.dat (24 bytes)
%Program Files%\ADSKIP\dbghelp.dll (7726 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\bin\ADSkip\driver\x64\Win8\blNetFilter.sys (1856 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\bin\ADSkip\uninst.exe (32824 bytes)
%Program Files%\ADSKIP\driver\Win32\Win7\blNetFilter.sys (43 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\bin\ADSkip\askProtect.sys (7192 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\bin\ADSkip\BugReport.exe (5520 bytes)
%Program Files%\ADSKIP\askComm.dll (8657 bytes)
%Documents and Settings%\%current user%\Start Menu\Programs\AdSkip\Uninstall AdSkip.lnk (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\bin\ADSkip\subscribe1\5983 (10136 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\bin\ADSkip\subscribe1\5982 (5520 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\bin\ADSkip\subscribe1\5981 (7192 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\bin\ADSkip\subscribe1\5980 (8560 bytes)
%Program Files%\ADSKIP\driver\Win32\Win8\blNetFilter.sys (45 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\bin\ADSkip\askComm.dll (38103 bytes)
%Program Files%\ADSKIP\askProtect64.sys (1281 bytes)
%System%\drivers\askProtect.sys (1281 bytes)
%Program Files%\ADSKIP\CheckSum.dat (64 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\bin\ADSkip\Install.xml (2 bytes)
%Documents and Settings%\%current user%\Application Data\ADSKIP\subscribe1\5981 (1281 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\bin\ADSkip\askWfd.dll (12088 bytes)
%Program Files%\ADSKIP\driver\x64\Win8\blNetFilter.sys (54 bytes)
%Program Files%\ADSKIP\askProtect.sys (1281 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\bin\ADSkip\res\400.dat (784 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\bin\ADSkip\subscribe1\2001 (7 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\bin\ADSkip\res (4 bytes)
%Program Files%\ADSKIP\BugReport.exe (673 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\bin\ADSkip\dbghelp.dll (34773 bytes)
%Documents and Settings%\%current user%\Application Data\ADSKIP\subscribe1\5980 (1281 bytes)
%Documents and Settings%\%current user%\Application Data\ADSKIP\subscribe1\5983 (1425 bytes)
%Documents and Settings%\%current user%\Application Data\ADSKIP\subscribe1\5982 (673 bytes)
%Program Files%\ADSKIP\res\000.dat (36 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\bin\ADSkip\ADSkipSvc.exe (4992 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\bin\ADSkip\res\1012.dat (16424 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\bin\ADSkip\subscribe1 (4 bytes)
%Program Files%\ADSKIP\res\0002.dat (4 bytes)
%Documents and Settings%\%current user%\Application Data\ADSKIP\subscribe1\2001 (7 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\bin\ADSkip\res\101.dat (4992 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\bin\ADSkip\CheckSum.dat (64 bytes)
%Program Files%\ADSKIP\zlib1.dll (601 bytes)
%Documents and Settings%\%current user%\Application Data\ADSKIP\CdnRuleOptionEN.dat (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\bin\ADSkip\res\000.dat (1552 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\bin\ADSkip\subscribe1\51004 (8560 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\bin\ADSkip\res\0003.dat (280 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\bin\ADSkip\subscribe1\51000 (20624 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\bin\ADSkip\zlib1.dll (3616 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\bin\ADSkip\subscribe1\51002 (14184 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\bin\ADSkip\subscribe1\51003 (15536 bytes)
%Documents and Settings%\%current user%\Start Menu\Programs\AdSkip\AdSkip.lnk (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\bin\ADSkip\res\se1.dat (6360 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\bin\ADSkip\CdnRuleOptionEN.dat (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\bin\ADSkip\res\09999.dat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\bin\ADSkip\askUpdate.dll (32128 bytes)
%Program Files%\ADSKIP\ADSkip.exe (19686 bytes)
%Program Files%\ADSKIP\res\09999_EN.dat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\bin\ADSkip\ADSkip.exe (86996 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\bin\ADSkip\askProtect64.sys (7192 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\bin\ADSkip\driver\Win32\WinXP\blNetFilter.sys (3616 bytes)
%Documents and Settings%\%current user%\Desktop\AdSkip.lnk (1 bytes)
%Program Files%\ADSKIP\res\300.dat (1281 bytes)
%Program Files%\ADSKIP\CrashHandler.dll (1281 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\bin\ADSkip\askMain.dll (9608 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\bin\ADSkip\res\300.dat (8560 bytes)
%Program Files%\ADSKIP\DuiLib.dll (5441 bytes)
%Program Files%\ADSKIP\res\1012.dat (3073 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\bin\ADSkip (4 bytes)
%Program Files%\ADSKIP\ADSkipSvc.exe (601 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\bin\ADSkip\DuiLib.dll (25112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\bin\ADSkip\res\09999_EN.dat (4 bytes)
%Program Files%\ADSKIP\uninst.exe (7385 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\bin\ADSkip\driver\Win32\Win7\blNetFilter.sys (1552 bytes)
%Program Files%\ADSKIP\driver\Win32\WinXP\blNetFilter.sys (601 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\bin\ADSkip\subscribe1\51001 (15168 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\bin\ADSkip\driver\x64\Win8.1\blNetFilter.sys (1856 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\bin\ADSkip\CrashHandler.dll (8560 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\bin\ADSkip\driver\Win32\Win8.1\blNetFilter.sys (1552 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\bin\ADSafe4.zip (69133 bytes)
%Documents and Settings%\%current user%\Application Data\ADSKIP\subscribe1\5992 (673 bytes)
%Program Files%\ADSKIP\uninstall.xml (3 bytes)
%Documents and Settings%\%current user%\Application Data\ADSKIP\subscribe1\5991 (2321 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\bin\ADSkip\askRules.dll (19096 bytes)
%Documents and Settings%\%current user%\Application Data\ADSKIP\subscribe1\5994 (673 bytes)
%Documents and Settings%\%current user%\Application Data\ADSKIP\subscribe1\5995 (673 bytes)
%Program Files%\ADSKIP\askMain.dll (1425 bytes)
%Program Files%\ADSKIP\driver\Win32\Win8.1\blNetFilter.sys (45 bytes)
%Program Files%\ADSKIP\res\09999.dat (4 bytes)
%System%\drivers\tcpip.sys (2105 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\bin\ADSkip\CdnRuleOption.dat (4 bytes)
%Program Files%\ADSKIP\askWfd.dll (2105 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\bin\ADSkip\subscribe1\5994 (6360 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\bin\ADSkip\subscribe1\5995 (6360 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\bin\ADSkip\subscribe1\5991 (15168 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\bin\ADSkip\subscribe1\5992 (5064 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\bin\ADSkip\CustomRule.txt (2 bytes)
%Program Files%\ADSKIP\res\0003.dat (280 bytes)
%Documents and Settings%\%current user%\Application Data\ADSKIP\CdnRuleOption.dat (4 bytes)
%Program Files%\ADSKIP\driver\x64\Win8.1\blNetFilter.sys (54 bytes)
%Program Files%\ADSKIP\res\se1.dat (673 bytes)
%Program Files%\ADSKIP\driver\x64\Win7\blNetFilter.sys (52 bytes)
%Documents and Settings%\%current user%\Application Data\ADSKIP\subscribe1\51002 (2321 bytes)
%Documents and Settings%\%current user%\Application Data\ADSKIP\subscribe1\51003 (2321 bytes)
%Documents and Settings%\%current user%\Application Data\ADSKIP\subscribe1\51000 (4185 bytes)
%Documents and Settings%\%current user%\Application Data\ADSKIP\subscribe1\51001 (2321 bytes)
%Documents and Settings%\%current user%\Application Data\ADSKIP\subscribe1\51004 (1281 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\bin\ADSkip\CdnJsonconfig.dat (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\bin\ADSkip\res\0002.dat (4 bytes)
%System%\drivers\tcpip.sys_backup (2319 bytes)
%Documents and Settings%\%current user%\Application Data\ADSKIP\CdnJsonconfig.dat (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\bin\ADSkip\driver\Win32\Win8\blNetFilter.sys (1552 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\bin\ADSkip\askMisc.dll (23424 bytes)
%Program Files%\ADSKIP\res\101.dat (601 bytes)
%Documents and Settings%\%current user%\Application Data\Microsoft\Internet Explorer\Quick Launch\AdSkip.lnk (1 bytes)
%Program Files%\ADSKIP\askUpdate.dll (7345 bytes)
%Program Files%\ADSKIP\askMisc.dll (4545 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\bin\ADSkip\askComm.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\bin\ADSkip\subscribe1\51002 (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\bin\ADSkip\res\09999.dat (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\bin\ADSkip\ADSkip.exe (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\bin\ADSkip\askProtect64.sys (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\bin\ADSkip\subscribe1\2001 (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\bin\ADSkip\driver\x64\Win7\blNetFilter.sys (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\bin\ADSkip\CdnRuleOption.dat (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\bin\ADSkip\subscribe1\5995 (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\bin\ADSkip\driver\Win32\WinXP\blNetFilter.sys (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\bin\ADSkip\driver\x64\Win8.1 (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\bin\ADSkip\subscribe1\5991 (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\bin\ADSkip\subscribe1\5992 (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\bin\ADSkip\driver\Win32\WinXP (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\bin\ADSkip\CustomRule.txt (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\bin\ADSkip\uninst.exe (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\bin\ADSkip\driver\x64\Win7 (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\bin\ADSkip\driver\Win32\Win8.1 (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\bin\ADSkip\subscribe1\51003 (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\bin\ADSkip\askProtect.sys (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\bin\ADSkip\zlib1.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\bin\ADSkip\driver\Win32 (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\bin\ADSkip\res\400.dat (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\bin\ADSkip\ADSkipSvc.exe (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\bin\ADSkip\subscribe1\5980 (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\bin\ADSkip\askMain.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\bin\ADSkip (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\bin\ADSkip\subscribe1 (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\bin (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\bin\ADSkip\res\300.dat (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\bin\ADSkip\res (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\bin\ADSkip\res\101.dat (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\bin\ADSkip\BugReport.exe (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\bin\ADSkip\CheckSum.dat (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\bin\ADSkip\driver\x64\Win8 (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\bin\ADSkip\res\1012.dat (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\bin\ADSkip\DuiLib.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\bin\ADSkip\res\09999_EN.dat (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\bin\ADSkip\CdnJsonconfig.dat (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\bin\ADSkip\res\0002.dat (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\bin\ADSkip\driver\x64\Win8\blNetFilter.sys (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\bin\ADSkip\driver (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\bin\ADSkip\driver\x64 (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\bin\ADSkip\dbghelp.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\bin\ADSkip\subscribe1\5983 (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\bin\ADSkip\res\000.dat (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\bin\ADSkip\subscribe1\5981 (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\bin\ADSkip\subscribe1\51001 (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\bin\ADSkip\subscribe1\51004 (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\bin\ADSkip\driver\x64\Win8.1\blNetFilter.sys (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\bin\ADSkip\driver\Win32\Win8 (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\bin\ADSkip\subscribe1\51000 (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\bin\ADSkip\driver\Win32\Win8.1\blNetFilter.sys (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\bin\ADSkip\CrashHandler.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\bin\ADSkip\driver\Win32\Win8\blNetFilter.sys (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\bin\ADSkip\subscribe1\5982 (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\bin\ADSkip\askMisc.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\bin\ADSkip\subscribe1\5994 (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\bin\ADSafe4.zip (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\bin\ADSkip\res\se1.dat (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\bin\ADSkip\CdnRuleOptionEN.dat (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\bin\ADSkip\res\0003.dat (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\bin\ADSkip\driver\Win32\Win7 (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\bin\ADSkip\askRules.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\bin\ADSkip\Install.xml (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\bin\ADSkip\driver\Win32\Win7\blNetFilter.sys (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\bin\ADSkip\askUpdate.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\bin\ADSkip\askWfd.dll (0 bytes)
The process %original file name%.exe:224 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\monitorlist.data (178 bytes)
C:\download\MiniThunderPlatform.exe (746 bytes)
C:\download\msvcr71.dll (1629 bytes)
C:\download\download_engine.dll (24427 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\downlist.data (686 bytes)
C:\download\minizip.dll (784 bytes)
C:\download\ThunderFW.exe (1333 bytes)
C:\download\zlib1.dll (745 bytes)
C:\download\msvcp71.dll (1784 bytes)
C:\download\id.dat (40 bytes)
C:\xldl.dll (1922 bytes)
C:\download\MiniTPFw.exe (745 bytes)
C:\download\atl71.dll (118 bytes)
C:\download\dl_peer_id.dll (314 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Application Data\Microsoft\Internet Explorer\Quick Launch\AdSkip.lnk (0 bytes)
%Documents and Settings%\%current user%\Desktop\AdSkip.lnk (0 bytes)
The process MiniThunderPlatform.exe:1036 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ADSkip.v1.0.523.2104_Silent.exe.td.cfg (14273 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Browser_V5.6.13381.9_r_4681_(Build1606081220).exe.td.cfg (16328 bytes)
%Documents and Settings%\All Users\Application Data\Thunder Network\Mini_downloadlib\ODAwMDAzNjA=\Version_3_2_1_42\Profiles\asyn_frame.dat (2749 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Browser_V5.6.13381.9_r_4681_(Build1606081220).exe.td (111530 bytes)
%Documents and Settings%\All Users\Application Data\Thunder Network\Mini_downloadlib\ODAwMDAzNjA=\Version_3_2_1_42\Profiles\stat.dat (44 bytes)
%Documents and Settings%\All Users\Application Data\Thunder Network\Mini_downloadlib\ODAwMDAzNjA=\200U (447 bytes)
%Documents and Settings%\All Users\Application Data\Thunder Network\Mini_downloadlib\ODAwMDAzNjA=\Version_3_2_1_42\Profiles\error.dat (284 bytes)
%Documents and Settings%\All Users\Application Data\Thunder Network\DownloadLib\pub_store.dat (405 bytes)
%Documents and Settings%\All Users\Application Data\Thunder Network\Mini_downloadlib\ODAwMDAzNjA=\Version_3_2_1_42\Profiles\download.cfg (1007 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ADSkip.v1.0.523.2104_Silent.exe.td (18018 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\ADSkip.v1.0.523.2104_Silent.exe.td.cfg (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Browser_V5.6.13381.9_r_4681_(Build1606081220).exe.td.cfg (0 bytes)
The process UCService.exe:3608 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Program Files%\UCBrowser\Application\ucsvc.log (1461 bytes)
The process UCService.exe:2804 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Program Files%\UCBrowser\Application\ucsvc.log (970 bytes)
The process ADSkip.exe:756 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Application Data\ADSKIP\subscribe1\51001.zip (511 bytes)
%Documents and Settings%\%current user%\Application Data\ADSKIP\cafl.dat (37 bytes)
%Documents and Settings%\%current user%\Application Data\ADSKIP\CdnJsonconfig.dat (3 bytes)
%Documents and Settings%\%current user%\Application Data\ADSKIP\ErrorLog.txt (448 bytes)
%Documents and Settings%\%current user%\Application Data\ADSKIP\subscribe1\51002 (19592 bytes)
%Documents and Settings%\%current user%\Application Data\ADSKIP\subscribe1\51003 (16288 bytes)
%Documents and Settings%\%current user%\Application Data\ADSKIP\subscribe1\51000 (20624 bytes)
%Documents and Settings%\%current user%\Application Data\ADSKIP\subscribe1\51001 (14184 bytes)
%Program Files%\ADSKIP\res\yxx.dat (22192 bytes)
%Documents and Settings%\%current user%\Application Data\ADSKIP\subscribe1\51004 (13584 bytes)
%Documents and Settings%\%current user%\Application Data\ADSKIP\CdnRuleOptionEN.dat (2 bytes)
%Program Files%\ADSKIP\res\txx.dat (8560 bytes)
%Program Files%\ADSKIP\res\txx.dat.zip (628 bytes)
%Documents and Settings%\%current user%\Application Data\ADSKIP\subscribe1\51000.zip (2067 bytes)
%Program Files%\ADSKIP\res\yxx.dat.zip (2812 bytes)
%Documents and Settings%\%current user%\Application Data\ADSKIP\subscribe1\51004.zip (1334 bytes)
%Documents and Settings%\%current user%\Application Data\ADSKIP\config.dat (2359 bytes)
%Documents and Settings%\%current user%\Application Data\ADSKIP\subscribe1\51002.zip (3086 bytes)
%Documents and Settings%\%current user%\Application Data\ADSKIP\subscribe1\51003.zip (1491 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Application Data\ADSKIP\subscribe1\51001.zip (0 bytes)
%Documents and Settings%\%current user%\Application Data\ADSKIP\CdnJsonconfig.dat (0 bytes)
%Documents and Settings%\%current user%\Application Data\ADSKIP\subscribe1\51002 (0 bytes)
%Documents and Settings%\%current user%\Application Data\ADSKIP\subscribe1\51003 (0 bytes)
%Documents and Settings%\%current user%\Application Data\ADSKIP\subscribe1\51000 (0 bytes)
%Documents and Settings%\%current user%\Application Data\ADSKIP\subscribe1\51001 (0 bytes)
%Documents and Settings%\%current user%\Application Data\ADSKIP\subscribe1\51004 (0 bytes)
%Program Files%\ADSKIP\res\txx.dat.zip (0 bytes)
%Documents and Settings%\%current user%\Application Data\ADSKIP\subscribe1\51000.zip (0 bytes)
%Program Files%\ADSKIP\res\yxx.dat.zip (0 bytes)
%Documents and Settings%\%current user%\Application Data\ADSKIP\subscribe1\51004.zip (0 bytes)
%Documents and Settings%\%current user%\Application Data\ADSKIP\subscribe1\51002.zip (0 bytes)
%Documents and Settings%\%current user%\Application Data\ADSKIP\subscribe1\51003.zip (0 bytes)
The process setup.exe:2840 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Program Files%\UCBrowser\Temp\source2840_32441\Chrome-bin\VERSION (11 bytes)
%Program Files%\UCBrowser\Temp\source2840_32441\Chrome-bin\5.6.13381.9\chrome.dll (286042 bytes)
%Program Files%\UCBrowser\Temp\source2840_32441\Chrome-bin\5.6.13381.9\Configs\zh-cn\start.dat (12 bytes)
%Documents and Settings%\%current user%\Application Data\Microsoft\Internet Explorer\Quick Launch\UCæµÂÂ览器.lnk (1 bytes)
%Program Files%\UCBrowser\Temp\source2840_32441\Chrome-bin\Share\config.dat (6408 bytes)
%Program Files%\UCBrowser\Application\Uninstall.exe (18934 bytes)
%Program Files%\UCBrowser\Application\Share\target_locale (5 bytes)
%Program Files%\UCBrowser\Temp\source2840_32441\Chrome-bin\5.6.13381.9\Configs\zh-cn\share.dat (66 bytes)
%Program Files%\UCBrowser\Temp\source2840_32441\Chrome-bin\5.6.13381.9\delegate_execute.exe (3751 bytes)
%Program Files%\UCBrowser\Temp\source2840_32441\Chrome-bin\Share\icons\new_tab_search\google.com.png (521 bytes)
%Program Files%\UCBrowser\Temp\source2840_32441\chrome.7z (1199069 bytes)
%Program Files%\UCBrowser\Temp\source2840_32441\Chrome-bin\5.6.13381.9\Languages\chs.locale (1 bytes)
%Program Files%\UCBrowser\Temp\source2840_32441\Chrome-bin\5.6.13381.9\Drivers\ucguard.sys (72 bytes)
%Program Files%\UCBrowser\Temp\source2840_32441\Chrome-bin\Share\custom.dat (1 bytes)
%Program Files%\UCBrowser\Temp\source2840_32441\Chrome-bin\5.6.13381.9\libEGL.dll (88 bytes)
%Program Files%\UCBrowser\Temp\source2840_32441\Chrome-bin\Share\icons\marketing\1001.ico (192 bytes)
%Program Files%\UCBrowser\Temp\source2840_32441\Chrome-bin\5.6.13381.9\Configs\id\start.dat (7 bytes)
%Program Files%\UCBrowser\Temp\source2840_32441\Chrome-bin\Share\icons\searchbar\12dc664d-0442-4570-a7c8-f3aa22922cec.com.png (252 bytes)
%Program Files%\UCBrowser\Temp\source2840_32441\Chrome-bin\Share\icons\searchbar\baidu.com.png (426 bytes)
%Program Files%\UCBrowser\Temp\source2840_32441\Chrome-bin\Share\icons\new_tab_search\etao.com.png (335 bytes)
%Program Files%\UCBrowser\Application\UCBrowser.exe (7547 bytes)
%Program Files%\UCBrowser\Temp\source2840_32441\Chrome-bin\5.6.13381.9\Configs\es-419\start.dat (7 bytes)
%Program Files%\UCBrowser\Application\master_preferences (235 bytes)
%Program Files%\UCBrowser\Temp\source2840_32441\Chrome-bin\Share\icons\searchbar\google.com.png (457 bytes)
%Program Files%\UCBrowser\Temp\source2840_32441\Chrome-bin\5.6.13381.9\Languages\settings.xml (103 bytes)
%Program Files%\UCBrowser\Temp\source2840_32441\Chrome-bin\5.6.13381.9\Update\InstalledConfig.xml (680 bytes)
%Documents and Settings%\All Users\Start Menu\Programs\UCæµÂÂ览器.lnk (1 bytes)
%Program Files%\UCBrowser\Temp\source2840_32441\Chrome-bin\5.6.13381.9\courgette.dll (281 bytes)
%Program Files%\UCBrowser\Temp\source2840_32441\Chrome-bin\5.6.13381.9\Drivers\ucguard-x64.sys (81 bytes)
%Program Files%\UCBrowser\Temp\source2840_32441\Chrome-bin\Share\start.dat (12 bytes)
%Program Files%\UCBrowser\Application\update_task.exe (2321 bytes)
%Program Files%\UCBrowser\Temp\source2840_32441\Chrome-bin\5.6.13381.9\7z.dll (6361 bytes)
%Program Files%\UCBrowser\Temp\source2840_32441\Chrome-bin\5.6.13381.9\Configs\zh-cn\config.dat (6408 bytes)
%Program Files%\UCBrowser\Temp\source2840_32441\Chrome-bin\5.6.13381.9\Configs\es-419\config.dat (151 bytes)
%Program Files%\UCBrowser\Temp\source2840_32441\Chrome-bin\Share\icons\login_view\qq.png (2 bytes)
%Program Files%\UCBrowser\Temp\source2840_32441\Chrome-bin\Share\icons\searchbar\etaohaitao.com.png (438 bytes)
%Program Files%\UCBrowser\Temp\source2840_32441\Chrome-bin\Share\icons\searchbar\taobao.com.png (290 bytes)
%Program Files%\UCBrowser\Temp\source2840_32441\Chrome-bin\5.6.13381.9\win10.pak (8 bytes)
%Documents and Settings%\All Users\Start Menu\Programs\UCæµÂÂ览器\å¸载UCæµÂÂ览器.lnk (1 bytes)
%Program Files%\UCBrowser\Temp\source2840_32441\Chrome-bin\Share\icons\new_tab_search\bing.com.png (1 bytes)
%Program Files%\UCBrowser\Temp\source2840_32441\Chrome-bin\Share\icons\login_view\alipay.png (2 bytes)
%Program Files%\UCBrowser\Temp\source2840_32441\Chrome-bin\5.6.13381.9\natives_blob.bin (1711 bytes)
%Program Files%\UCBrowser\Temp\source2840_32441\Chrome-bin\5.6.13381.9\stats_uploader.exe (279 bytes)
%Program Files%\UCBrowser\Temp\source2840_32441\Chrome-bin\5.6.13381.9\chrome_100_percent.pak (7386 bytes)
%Program Files%\UCBrowser\Temp\source2840_32441\Chrome-bin\5.6.13381.9\Configs\pt-br\config.dat (151 bytes)
%Program Files%\UCBrowser\Temp\source2840_32441\Chrome-bin\5.6.13381.9\Configs\share.dat (66 bytes)
%Program Files%\UCBrowser\Temp\source2840_32441\Chrome-bin\5.6.13381.9\libexif.dll (317 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\chrome_installer.log (1252 bytes)
%Program Files%\UCBrowser\Temp\source2840_32441\Chrome-bin\5.6.13381.9\Extensions\zh-CN\external_extensions.json (939 bytes)
%Program Files%\UCBrowser\Temp\source2840_32441\Chrome-bin\Share\icons\searchbar\youku.com.png (653 bytes)
%Program Files%\UCBrowser\Temp\source2840_32441\Chrome-bin\5.6.13381.9\Configs\pt-br\share.dat (66 bytes)
%Program Files%\UCBrowser\Temp\source2840_32441\Chrome-bin\UCBrowser.exe (7386 bytes)
%Program Files%\UCBrowser\Temp\source2840_32441\Chrome-bin\update_task.exe (1696 bytes)
%Program Files%\UCBrowser\Temp\source2840_32441\Chrome-bin\Share\icons\bookmarks\taobao.png (389 bytes)
%Program Files%\UCBrowser\Temp\source2840_32441\Chrome-bin\5.6.13381.9\Configs\ru\share.dat (66 bytes)
%Program Files%\UCBrowser\Temp\source2840_32441\Chrome-bin\5.6.13381.9\Configs\en-in\config.dat (166 bytes)
%Program Files%\UCBrowser\Temp\source2840_32441\Chrome-bin\Share\icons\new_tab_search\youku.com.png (764 bytes)
%Program Files%\UCBrowser\Temp\source2840_32441\Chrome-bin\5.6.13381.9\Backup\UCBrowser.exe (7386 bytes)
%Program Files%\UCBrowser\Application\Share\start.dat (12 bytes)
%Program Files%\UCBrowser\Temp\source2840_32441\Chrome-bin\5.6.13381.9\d3dcompiler_47.dll (22433 bytes)
%Program Files%\UCBrowser\Temp\source2840_32441\Chrome-bin\Share\icons\extension\noads.png (4 bytes)
%Program Files%\UCBrowser\Temp\source2840_32441\Chrome-bin\Share\icons\searchbar\bing.com.png (1 bytes)
%Program Files%\UCBrowser\Application\VERSION (11 bytes)
%Program Files%\UCBrowser\Temp\source2840_32441\Chrome-bin\Share\icons\desktop\facebook.ico (131 bytes)
%Program Files%\UCBrowser\Temp\source2840_32441\Chrome-bin\5.6.13381.9\theme_tool.exe (1851 bytes)
%Program Files%\UCBrowser\Temp\source2840_32441\Chrome-bin\5.6.13381.9\UCProxySDK.dll (9606 bytes)
%Program Files%\UCBrowser\Temp\source2840_32441\Chrome-bin\Share\icons\searchbar\sogou.com.png (1 bytes)
%Program Files%\UCBrowser\Application\wow_helper.exe (601 bytes)
%Program Files%\UCBrowser\Temp\source2840_32441\Chrome-bin\5.6.13381.9\Configs\start.dat (7 bytes)
%Program Files%\UCBrowser\Temp\source2840_32441\Chrome-bin\Share\icons\new_tab_search\baidu.com.png (682 bytes)
%Program Files%\UCBrowser\Temp\source2840_32441\Chrome-bin\5.6.13381.9\Configs\ru\config.dat (152 bytes)
%Program Files%\UCBrowser\Temp\source2840_32441\Chrome-bin\Share\icons\searchbar\google.com.hk.png (457 bytes)
%Program Files%\UCBrowser\Temp\source2840_32441\Chrome-bin\molt_tool.exe (1814 bytes)
%Program Files%\UCBrowser\Temp\source2840_32441\Chrome-bin\5.6.13381.9\Update\curl-ca-bundle.crt (260 bytes)
%Program Files%\UCBrowser\Temp\source2840_32441\Chrome-bin\Uninstall.exe (17629 bytes)
%Program Files%\UCBrowser\Temp\source2840_32441\Chrome-bin\Share\icons\bookmarks\baidu.png (1 bytes)
%Program Files%\UCBrowser\Temp\source2840_32441\Chrome-bin\5.6.13381.9\Configs\es-419\share.dat (66 bytes)
%Program Files%\UCBrowser\Temp\source2840_32441\Chrome-bin\Share\icons\new_tab_search\12dc664d-0442-4570-a7c8-f3aa22922cec.com.png (479 bytes)
%Program Files%\UCBrowser\Temp\source2840_32441\Chrome-bin\5.6.13381.9\browsing_data_remover.exe (236 bytes)
%Program Files%\UCBrowser\Temp\source2840_32441\Chrome-bin\Share\icons\bookmarks\amazon.png (507 bytes)
%Program Files%\UCBrowser\Temp\source2840_32441\Chrome-bin\Share\icons\new_tab_search\sogou.com.png (2 bytes)
%Program Files%\UCBrowser\Temp\source2840_32441\Chrome-bin\5.6.13381.9\Configs\en-in\share.dat (66 bytes)
%Program Files%\UCBrowser\Temp\source2840_32441\Chrome-bin\5.6.13381.9\win10_100_percent.pak (1697 bytes)
%Program Files%\UCBrowser\Temp\source2840_32441\Chrome-bin\5.6.13381.9\PepperFlash\manifest.json (2 bytes)
%Program Files%\UCBrowser\Temp\source2840_32441\Chrome-bin\Share\icons\login_view\weibo.png (1 bytes)
%Program Files%\UCBrowser\Temp\source2840_32441\Chrome-bin\5.6.13381.9\libucguard.dll (179 bytes)
%Program Files%\UCBrowser\Temp\source2840_32441\Chrome-bin\Share\icons\searchbar\tmall.com.png (196 bytes)
%Program Files%\UCBrowser\Temp\source2840_32441\Chrome-bin\5.6.13381.9\Configs\en-in\start.dat (7 bytes)
%Program Files%\UCBrowser\Application\5.6.13381.9\Installer\setup.exe (7547 bytes)
%Program Files%\UCBrowser\Temp\source2840_32441\Chrome-bin\5.6.13381.9\Locales\zh-CN.pak (255 bytes)
%Program Files%\UCBrowser\Temp\source2840_32441\Chrome-bin\Share\icons\new_tab_search\tmall.com.png (200 bytes)
%Program Files%\UCBrowser\Temp\source2840_32441\Chrome-bin\Share\icons\searchbar\etao.com.png (252 bytes)
%Program Files%\UCBrowser\Temp\source2840_32441\Chrome-bin\5.6.13381.9\Extensions\id-ID\external_extensions.json (494 bytes)
%Program Files%\UCBrowser\Temp\source2840_32441\Chrome-bin\wow_helper.exe (80 bytes)
%Program Files%\UCBrowser\Application\Share\config.dat (7345 bytes)
%Documents and Settings%\All Users\Start Menu\Programs\UCæµÂÂ览器\UCæµÂÂ览器.lnk (1 bytes)
%Program Files%\UCBrowser\Temp\source2840_32441\Chrome-bin\5.6.13381.9\updater.dll (15021 bytes)
%Program Files%\UCBrowser\Temp\source2840_32441\Chrome-bin\5.6.13381.9\Configs\pt-br\start.dat (7 bytes)
%Program Files%\UCBrowser\Application\Share\share.dat (66 bytes)
%Program Files%\UCBrowser\Temp\source2840_32441\Chrome-bin\5.6.13381.9\libGLESv2.dll (7972 bytes)
%Program Files%\UCBrowser\Temp\source2840_32441\Chrome-bin\5.6.13381.9\Configs\ru\start.dat (7 bytes)
%Program Files%\UCBrowser\Temp\source2840_32441\Chrome-bin\5.6.13381.9\resources.pak (172310 bytes)
%Program Files%\UCBrowser\Temp\source2840_32441\Chrome-bin\Share\icons\bookmarks\pp_helper.png (1 bytes)
%Program Files%\UCBrowser\Application\UCService.exe (6841 bytes)
%Program Files%\UCBrowser\Temp\source2840_32441\Chrome-bin\5.6.13381.9\snapshot_blob.bin (1802 bytes)
%Program Files%\UCBrowser\Temp\source2840_32441\Chrome-bin\5.6.13381.9\icudtl.dat (34008 bytes)
%Program Files%\UCBrowser\Temp\source2840_32441\Chrome-bin\Share\icons\login_view\taobao.png (2 bytes)
%Program Files%\UCBrowser\Temp\source2840_32441\Chrome-bin\UCService.exe (6334 bytes)
%Program Files%\UCBrowser\Temp\source2840_32441\Chrome-bin\Share\icons\bookmarks\uc123.png (1 bytes)
%Program Files%\UCBrowser\Temp\source2840_32441\Chrome-bin\5.6.13381.9\Update\UpdateOption.xml (189 bytes)
%Program Files%\UCBrowser\Temp\source2840_32441\Chrome-bin\Share\icons\new_tab_search\taobao.com.png (304 bytes)
%Program Files%\UCBrowser\Temp\source2840_32441\Chrome-bin\5.6.13381.9\config_updater.dll (7386 bytes)
%Program Files%\UCBrowser\Temp\source2840_32441\Chrome-bin\5.6.13381.9\Extensions\external_extensions.json (494 bytes)
%Documents and Settings%\All Users\Desktop\UCæµÂÂ览器.lnk (1 bytes)
%Program Files%\UCBrowser\Temp\source2840_32441\Chrome-bin\5.6.13381.9\Configs\config.dat (151 bytes)
%Program Files%\UCBrowser\Temp\source2840_32441\Chrome-bin\5.6.13381.9\chrome_watcher.dll (1680 bytes)
%Program Files%\UCBrowser\Temp\source2840_32441\Chrome-bin\Share\icons\desktop\tmall_points.ico (144 bytes)
%Program Files%\UCBrowser\Temp\source2840_32441\Chrome-bin\5.6.13381.9\Configs\id\config.dat (164 bytes)
%Program Files%\UCBrowser\Temp\source2840_32441\Chrome-bin\5.6.13381.9\chrome_elf.dll (201 bytes)
%Program Files%\UCBrowser\Temp\source2840_32441\Chrome-bin\Share\share.dat (66 bytes)
%Program Files%\UCBrowser\Application\molt_tool.exe (3361 bytes)
%System%\drivers\ucguard.sys (601 bytes)
%Program Files%\UCBrowser\Temp\source2840_32441\Chrome-bin\5.6.13381.9\UCAgent.exe (12289 bytes)
%Program Files%\UCBrowser\Temp\source2840_32441\Chrome-bin\5.6.13381.9\5.6.13381.9.manifest (248 bytes)
%Program Files%\UCBrowser\Temp\source2840_32441\Chrome-bin\5.6.13381.9\chrome_200_percent.pak (7972 bytes)
%Program Files%\UCBrowser\Temp\source2840_32441\Chrome-bin\5.6.13381.9\Locales\en-US.pak (258 bytes)
%Program Files%\UCBrowser\Temp\source2840_32441\Chrome-bin\5.6.13381.9\PepperFlash\pepflashplayer.dll (124061 bytes)
%Program Files%\UCBrowser\Temp\source2840_32441\Chrome-bin\5.6.13381.9\Extensions\pt-BR\external_extensions.json (494 bytes)
%Program Files%\UCBrowser\Temp\source2840_32441\Chrome-bin\Share\icons\extension\renren.png (4 bytes)
%Program Files%\UCBrowser\Application\5.6.13381.9\Installer\chrmstp.exe (7547 bytes)
%Program Files%\UCBrowser\Temp\source2840_32441\Chrome-bin\5.6.13381.9\Extensions\en-IN\external_extensions.json (622 bytes)
%Program Files%\UCBrowser\Temp\source2840_32441\Chrome-bin\5.6.13381.9\Configs\id\share.dat (66 bytes)
%Program Files%\UCBrowser\Temp\source2840_32441\Chrome-bin\5.6.13381.9\chrome_child.dll (321430 bytes)
%Program Files%\UCBrowser\Temp\source2840_32441\Chrome-bin\5.6.13381.9\win10_200_percent.pak (1723 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir2840_15169 (0 bytes)
Registry activity
The process sc.exe:2312 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "B1 7D F9 D6 8F B8 4A 91 1E E0 F6 F1 CE 1A 87 1B"
The process sc.exe:2216 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "71 5F F1 EC 4E EC F3 2D 37 2A 85 22 17 A1 DC 95"
The process Browser_V5.6.13381.9_r_4681_(Build1606081220).exe:2156 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "FB E1 5E 83 76 11 C5 91 0E 0B 2A 02 83 7D B3 BA"
[HKCU\Software\UCBrowserPID]
"MachineIDEx" = "c0ed19538daa6d6db815ffd0b1233981v000000253f20c75"
"MachineID" = "d2713585a62dd2677f88d0fff85b3fe7"
[HKLM\SOFTWARE\UCBrowserPID]
"MachineIDEx" = "c0ed19538daa6d6db815ffd0b1233981v000000253f20c75"
"MachineID" = "d2713585a62dd2677f88d0fff85b3fe7"
"FirstBID" = "800"
[HKCU\Software\UCBrowserPID]
"FirstBID" = "800"
The process stats_uploader.exe:2212 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "4C 9B 95 66 77 BE AB 5A 6D 2C 07 13 29 70 80 78"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"
[HKLM\System\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache2"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache1"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65452"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"MigrateProxy" = "1"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65452"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65452"
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache4"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache3"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "3C 00 00 00 1E 00 00 00 01 00 00 00 00 00 00 00"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65452"
Proxy settings are disabled:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"
The Trojan deletes the following value(s) in system registry:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"
"ProxyServer"
"ProxyOverride"
The process stats_uploader.exe:3848 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "0F B9 DB 43 A2 CE 3C 41 2A 4D D6 65 77 22 62 06"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\LocalService\Cookies"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "3C 00 00 00 03 00 00 00 01 00 00 00 00 00 00 00"
[HKLM\System\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\LocalService\Local Settings\Temporary Internet Files\Content.IE5\Cache2"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\LocalService\Local Settings\Temporary Internet Files\Content.IE5\Cache1"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65452"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65452"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\LocalService\Local Settings\Temporary Internet Files\Content.IE5"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\LocalService\Local Settings\History"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65452"
"CachePath" = "%Documents and Settings%\LocalService\Local Settings\Temporary Internet Files\Content.IE5\Cache4"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\LocalService\Local Settings\Temporary Internet Files\Content.IE5\Cache3"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65452"
[HKU\.DEFAULT\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
"ParseAutoexec" = "1"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\LocalService\Local Settings\Temporary Internet Files"
The Trojan modifies IE settings for security zones to map all urls to the Intranet Zone:
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"
The Trojan modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:
"ProxyBypass" = "1"
The Trojan modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:
"UNCAsIntranet" = "1"
Proxy settings are disabled:
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"
The Trojan deletes the following value(s) in system registry:
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyOverride"
"AutoConfigURL"
"ProxyServer"
The process UCBrowser.exe:2756 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Clients\StartMenuInternet\UCBrowser\Capabilities\URLAssociations]
"irc" = "UCHTML"
[HKCU\Software\Classes\UCHTML.AssocFile.HTM\shell\open\command]
"(Default)" = "%Program Files%\UCBrowser\Application\UCBrowser.exe -- %1"
[HKCR\UCHTML.AssocFile.XHT\DefaultIcon]
"(Default)" = "%Program Files%\UCBrowser\Application\UCBrowser.exe,3"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\DiagL2SecCtlGuid]
"Guid" = "2e8d9ec5-a712-48c4-8ce0-631eb0c1cd65"
[HKCU\Software\Classes\UCHTML.AssocFile.MHT\shell\open\command]
"(Default)" = "%Program Files%\UCBrowser\Application\UCBrowser.exe -- %1"
[HKCR\UCHTML.AssocFile.CRX\shell\open\command]
"(Default)" = "%Program Files%\UCBrowser\Application\UCBrowser.exe -- %1"
[HKCR\UCHTML.AssocFile.CRX\DefaultIcon]
"(Default)" = "%Program Files%\UCBrowser\Application\UCBrowser.exe,4"
[HKLM\SOFTWARE\Clients\StartMenuInternet\UCBrowser\InstallInfo]
"ShowIconsCommand" = "%Program Files%\UCBrowser\Application\UCBrowser.exe --show-icons"
[HKLM\SOFTWARE\Clients\StartMenuInternet\UCBrowser\Capabilities]
"ApplicationDescription" = "UCæµÂÂ览器是一款快速ã€ÂÂ安全的通çâ€Â¨æµÂÂ览器,采çâ€Â¨Tridentå’ŒWebKitåŒ渲染引擎,从快速ã€ÂÂ安全多个方é¢进行优化,为广大互èÂÂâ€Â网çâ€Â¨æˆ·æÂÂÂÂ供更好的çâ€Â¨æˆ·æµÂÂ览体验。"
[HKCU\Software\Classes\UCHTML.AssocFile.SHTML\shell\open\command]
"(Default)" = "%Program Files%\UCBrowser\Application\UCBrowser.exe -- %1"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml]
"Progid" = "UCHTML.AssocFile.XHTML"
[HKLM\SOFTWARE\Clients\StartMenuInternet\UCBrowser\Capabilities\URLAssociations]
"webcal" = "UCHTML"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\CtlGuid]
"BitNames" = " DOT11_ASSOCIATE DOT11_ROAMING DOT11_1X DOT11_PNP DOT11_SCAN DOT11_RECEIVE DOT11_SEND DOT11_IOCTL DOT11_OID DOT11_MISC DOT11_UPCALL DOT11_KEYMGR DOT11_PEER DOT11_SOFTAP DOT11_PAM DOT11_REPEATER DOT11_APROUTER DOT11_WME DOT11_CONFIG DOT11_MSM DOT11_MSM_ADAPT DOT11_MSM_SCAN DOT11_MSM_CONNECT DOT11_MSM_SECURITY_PKT DOT11_NOTIFY_OBJECT"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKCR\UCHTML.AssocFile.MHT\shell\open\command]
"(Default)" = "%Program Files%\UCBrowser\Application\UCBrowser.exe -- %1"
[HKCR\UCHTML.AssocFile.WEBP\DefaultIcon]
"(Default)" = "%Program Files%\UCBrowser\Application\UCBrowser.exe,3"
[HKLM\SOFTWARE\Clients\StartMenuInternet\UCBrowser\Capabilities\FileAssociations]
".shtm" = "UCHTML.AssocFile.SHTM"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Desktop" = "%Documents and Settings%\All Users\Desktop"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\ServiceCtlGuid]
"Guid" = "0c5a3172-2248-44fd-b9a6-8389cb1dc56a"
[HKCU\Software\Classes\ftp\shell]
"(Default)" = "open"
[HKCR\UCHTML.AssocFile.SHTM\DefaultIcon]
"(Default)" = "%Program Files%\UCBrowser\Application\UCBrowser.exe,3"
[HKCU\Software\Classes\.webp]
"(Default)" = "UCHTML"
[HKCU\Software\Classes\UCHTML.AssocFile.SHTML\DefaultIcon]
"(Default)" = "%Program Files%\UCBrowser\Application\UCBrowser.exe,3"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtm]
"Progid" = "UCHTML.AssocFile.SHTM"
[HKCU\Software\Classes\UCHTML.AssocFile.XHT\shell\open\command]
"(Default)" = "%Program Files%\UCBrowser\Application\UCBrowser.exe -- %1"
[HKCR\.shtm\OpenWithProgids]
"UCHTML.AssocFile.SHTM" = ""
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.webp]
"Progid" = "UCHTML.AssocFile.WEBP"
[HKCR\UCHTML.AssocFile.XHTML\DefaultIcon]
"(Default)" = "%Program Files%\UCBrowser\Application\UCBrowser.exe,3"
[HKCR\UCHTML.AssocFile.HTM\DefaultIcon]
"(Default)" = "%Program Files%\UCBrowser\Application\UCBrowser.exe,3"
[HKCU\Software\Classes\http\shell\open\ddeexec]
"(Default)" = ""
[HKCU\Software\UCBrowser\Running]
"browser-2756" = "1"
[HKCU\Software\Classes\ftp]
"URL Protocol" = ""
[HKCR\.xhtml\OpenWithProgids]
"UCHTML.AssocFile.XHTML" = ""
[HKLM\SOFTWARE\Clients\StartMenuInternet\UCBrowser\Capabilities\FileAssociations]
".crx" = "UCHTML.AssocFile.CRX"
[HKLM\SOFTWARE\Clients\StartMenuInternet\UCBrowser\InstallInfo]
"HideIconsCommand" = "%Program Files%\UCBrowser\Application\UCBrowser.exe --hide-icons"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing]
"ControlFlags" = "1"
[HKCR\UCHTML.AssocFile.WEBP\shell\open\command]
"(Default)" = "%Program Files%\UCBrowser\Application\UCBrowser.exe -- %1"
[HKCU\Software\Classes\UCHTML.AssocFile.MHT\DefaultIcon]
"(Default)" = "%Program Files%\UCBrowser\Application\UCBrowser.exe,3"
[HKCU\Software\Classes\UCHTML.AssocFile.WEBP\DefaultIcon]
"(Default)" = "%Program Files%\UCBrowser\Application\UCBrowser.exe,3"
[HKLM\SOFTWARE\Clients\StartMenuInternet\UCBrowser\Capabilities]
"ApplicationName" = "UCæµÂÂ览器"
[HKCU\Software\Classes\.html]
"(Default)" = "UCHTML"
[HKLM\SOFTWARE\Clients\StartMenuInternet\UCBrowser\Capabilities\URLAssociations]
"nntp" = "UCHTML"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\WLanDiagCtlGuid]
"BitNames" = " WLANHC_AUTOCONFIG WLANHC_RNWFMSM WLANHC_FATMSM WLANHC_DLLMAIN WLANHC_TEST"
[HKCU\Software\Classes\UCHTML.AssocFile.XHT\DefaultIcon]
"(Default)" = "%Program Files%\UCBrowser\Application\UCBrowser.exe,3"
[HKLM\SOFTWARE\Clients\StartMenuInternet\UCBrowser\Capabilities\URLAssociations]
"https" = "UCHTML"
[HKCR\UCHTML.AssocFile.SHTM\shell\open\command]
"(Default)" = "%Program Files%\UCBrowser\Application\UCBrowser.exe -- %1"
[HKCU\Software\Classes\UCHTML.AssocFile.HTML\shell\open\command]
"(Default)" = "%Program Files%\UCBrowser\Application\UCBrowser.exe -- %1"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm]
"Progid" = "UCHTML.AssocFile.HTM"
[HKLM\SOFTWARE\UCBrowser]
"usagestats" = "0"
[HKCU\Software\Classes\.crx]
"(Default)" = "UCHTML"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtm]
"Progid" = "UCHTML.AssocFile.SHTM"
[HKLM\SOFTWARE\Clients\StartMenuInternet\UCBrowser\Capabilities\URLAssociations]
"mailto" = "UCHTML"
[HKCR\.htm\OpenWithProgids]
"UCHTML.AssocFile.HTM" = ""
[HKLM\SOFTWARE\Clients\StartMenuInternet\UCBrowser\Capabilities]
"ApplicationIcon" = "%Program Files%\UCBrowser\Application\UCBrowser.exe,0"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht]
"Progid" = "UCHTML.AssocFile.XHT"
[HKLM\SOFTWARE\UCBrowser\FirstNotDefault]
"S-1-5-21-1844237615-1960408961-1801674531-1003" = "Type: REG_QWORD, Length: 8"
[HKCU\Software\UCBrowser\StabilityMetrics]
"user_experience_metrics.stability.exited_cleanly" = "1"
[HKCU\Software\Classes\http\DefaultIcon]
"(Default)" = "%Program Files%\UCBrowser\Application\UCBrowser.exe,0"
[HKLM\SOFTWARE\RegisteredApplications]
"UCBrowser" = "Software\Clients\StartMenuInternet\UCBrowser\Capabilities"
[HKCU\Software\Classes\UCHTML.AssocFile.XHTML\shell\open\command]
"(Default)" = "%Program Files%\UCBrowser\Application\UCBrowser.exe -- %1"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\DiagL2SecCtlGuid]
"BitNames" = " SECHC_LOG_FLAG_ASSERT SECHC_LOG_FLAG_INIT SECHC_LOG_FLAG_DIAG SECHC_LOG_FLAG_ONEX_DIAG SECHC_LOG_FLAG_REPAIR SECHC_LOG_FLAG_STATE SECHC_LOG_FLAG_EXT SECHC_LOG_FLAG_EVENT_LOG SECHC_LOG_FLAG_FUNCTION SECHC_LOG_FLAG_MEMORY SECHC_LOG_FLAG_LOCKS"
[HKCR\UCHTML\CLSID]
"(Default)" = ""
[HKCR\UCHTML.AssocFile.XHTML\shell\open\command]
"(Default)" = "%Program Files%\UCBrowser\Application\UCBrowser.exe -- %1"
[HKCU\Software\Classes\UCHTML.AssocFile.SHTM\DefaultIcon]
"(Default)" = "%Program Files%\UCBrowser\Application\UCBrowser.exe,3"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm]
"Progid" = "UCHTML.AssocFile.HTM"
[HKLM\SOFTWARE\Clients\StartMenuInternet\UCBrowser\Capabilities\FileAssociations]
".webp" = "UCHTML.AssocFile.WEBP"
[HKCU\Software\Classes\UCHTML.AssocFile.SHTM\shell\open\command]
"(Default)" = "%Program Files%\UCBrowser\Application\UCBrowser.exe -- %1"
[HKCR\UCHTML\shell\open\command]
"(Default)" = "%Program Files%\UCBrowser\Application\UCBrowser.exe -- %1"
[HKCU\Software\Classes\.xht]
"(Default)" = "UCHTML"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.webp]
"Progid" = "UCHTML.AssocFile.WEBP"
[HKCU\Software\Classes\UCHTML.AssocFile.XHTML\DefaultIcon]
"(Default)" = "%Program Files%\UCBrowser\Application\UCBrowser.exe,3"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.crx]
"Progid" = "UCHTML.AssocFile.CRX"
[HKLM\SOFTWARE\Clients\StartMenuInternet\UCBrowser\Capabilities\FileAssociations]
".htm" = "UCHTML.AssocFile.HTM"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml]
"Progid" = "UCHTML.AssocFile.XHTML"
[HKCU\Software\Classes\UCHTML.AssocFile.CRX\shell\open\command]
"(Default)" = "%Program Files%\UCBrowser\Application\UCBrowser.exe -- %1"
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "E4 6D FC 86 05 0E 1A B3 02 CE CE 3F 37 61 76 49"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mht]
"Progid" = "UCHTML.AssocFile.MHT"
[HKCU\Software\Classes\UCHTML.AssocFile.HTM\DefaultIcon]
"(Default)" = "%Program Files%\UCBrowser\Application\UCBrowser.exe,3"
[HKCU\Software\Classes\https\DefaultIcon]
"(Default)" = "%Program Files%\UCBrowser\Application\UCBrowser.exe,0"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.crx]
"Progid" = "UCHTML.AssocFile.CRX"
[HKCU\Software\Classes\http\shell]
"(Default)" = "open"
[HKCR\UCHTML]
"(Default)" = "UC HTML Document"
[HKCU\Software\Classes\https]
"URL Protocol" = ""
[HKCU\Software\Classes\https\shell]
"(Default)" = "open"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing]
"Active" = "1"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\ServiceCtlGuid]
"BitNames" = " DOT11_AUTOCONF DOT11_AUTOCONF_CLIENT DOT11_AUTOCONF_UI DOT11_FATMSM DOT11_COMMON DOT11_WLANGPA DOT11_CLASS_COINSTALLER"
[HKCU\Software\Classes\ftp\shell\open\ddeexec]
"(Default)" = ""
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\WDiagCoreCtlGuid]
"BitNames" = " WD_LOG_FLAG_INIT WD_LOG_FLAG_RPC WD_LOG_FLAG_EVENT WD_LOG_FLAG_INTERFACE WD_LOG_FLAG_CONNECTION WD_LOG_FLAG_CONTROL WD_LOG_FLAG_LOCKS WD_LOG_FLAG_MEMORY WD_LOG_FLAG_REFERENCES WD_LOG_FLAG_FUNCTION_TRACE WD_LOG_FLAG_ASSERT"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"
[HKLM\SOFTWARE\Clients\StartMenuInternet\UCBrowser\Capabilities\FileAssociations]
".html" = "UCHTML.AssocFile.HTML"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html]
"Progid" = "UCHTML.AssocFile.HTML"
[HKCR\UCHTML\DefaultIcon]
"(Default)" = "%Program Files%\UCBrowser\Application\UCBrowser.exe,1"
[HKCR\.shtml\OpenWithProgids]
"UCHTML.AssocFile.SHTML" = ""
[HKCR\UCHTML.AssocFile.HTM\shell\open\command]
"(Default)" = "%Program Files%\UCBrowser\Application\UCBrowser.exe -- %1"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\UCBrowser.exe]
"(Default)" = "%Program Files%\UCBrowser\Application\UCBrowser.exe"
[HKCU\Software\Classes\UCHTML.AssocFile.WEBP\shell\open\command]
"(Default)" = "%Program Files%\UCBrowser\Application\UCBrowser.exe -- %1"
[HKLM\SOFTWARE\Clients\StartMenuInternet\UCBrowser\Capabilities\FileAssociations]
".mht" = "UCHTML.AssocFile.MHT"
[HKCU\Software\Classes\ftp\DefaultIcon]
"(Default)" = "%Program Files%\UCBrowser\Application\UCBrowser.exe,0"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml]
"Progid" = "UCHTML.AssocFile.SHTML"
[HKCR\UCHTML.AssocFile.MHT\DefaultIcon]
"(Default)" = "%Program Files%\UCBrowser\Application\UCBrowser.exe,3"
[HKCU\Software\Classes\http]
"URL Protocol" = ""
[HKLM\SOFTWARE\Clients\StartMenuInternet\UCBrowser\Capabilities\URLAssociations]
"tel" = "UCHTML"
"news" = "UCHTML"
[HKCR\UCHTML.AssocFile.HTML\shell\open\command]
"(Default)" = "%Program Files%\UCBrowser\Application\UCBrowser.exe -- %1"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\CtlGuid]
"Guid" = "d905ac1c-65e7-4242-99ea-fe66a8355df8"
[HKCU\Software\Classes\.shtml]
"(Default)" = "UCHTML"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\UCBrowser.exe]
"Path" = "%Program Files%\UCBrowser\Application"
[HKCU\Software\Classes\https\shell\open\ddeexec]
"(Default)" = ""
[HKCR\.mht\OpenWithProgids]
"UCHTML.AssocFile.MHT" = ""
[HKCU\Software\Classes\UCHTML]
"(Default)" = "UC HTML Document"
[HKLM\SOFTWARE\Clients\StartMenuInternet\UCBrowser\Capabilities\URLAssociations]
"urn" = "UCHTML"
"ftp" = "UCHTML"
[HKCU\Software\Classes\.htm]
"(Default)" = "UCHTML"
[HKCU\Software\Classes\UCHTML.AssocFile.HTML\DefaultIcon]
"(Default)" = "%Program Files%\UCBrowser\Application\UCBrowser.exe,3"
[HKLM\SOFTWARE\Clients\StartMenuInternet\UCBrowser\Capabilities\FileAssociations]
".shtml" = "UCHTML.AssocFile.SHTML"
".xht" = "UCHTML.AssocFile.XHT"
[HKLM\SOFTWARE\Clients\StartMenuInternet\UCBrowser\Capabilities\URLAssociations]
"mms" = "UCHTML"
[HKCR\.crx\OpenWithProgids]
"UCHTML.AssocFile.CRX" = ""
[HKCU\Software\Classes\.mht]
"(Default)" = "UCHTML"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html]
"Progid" = "UCHTML.AssocFile.HTML"
[HKCR\.webp\OpenWithProgids]
"UCHTML.AssocFile.WEBP" = ""
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\WLanDiagCtlGuid]
"Guid" = "6da4ddca-0901-4bae-9ad4-7e6030bab531"
[HKCU\Software\Classes\UCHTML\shell\open\command]
"(Default)" = "%Program Files%\UCBrowser\Application\UCBrowser.exe -- %1"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\WDiagCoreCtlGuid]
"Guid" = "637a0f36-dff5-4b2f-83dd-b106c1c725e2"
[HKCU\Software\Classes\.shtm]
"(Default)" = "UCHTML"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Desktop" = "%Documents and Settings%\%current user%\Desktop"
[HKLM\SOFTWARE\Clients\StartMenuInternet\UCBrowser\shell\open\command]
"(Default)" = "%Program Files%\UCBrowser\Application\UCBrowser.exe"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mht]
"Progid" = "UCHTML.AssocFile.MHT"
[HKCR\.html\OpenWithProgids]
"UCHTML.AssocFile.HTML" = ""
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKCR\UCHTML.AssocFile.XHT\shell\open\command]
"(Default)" = "%Program Files%\UCBrowser\Application\UCBrowser.exe -- %1"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Local AppData" = "%Documents and Settings%\%current user%\Local Settings\Application Data"
[HKLM\SOFTWARE\Clients\StartMenuInternet\UCBrowser\Capabilities\FileAssociations]
".xhtml" = "UCHTML.AssocFile.XHTML"
[HKCU\Software\Classes\ftp\shell\open\command]
"(Default)" = "%Program Files%\UCBrowser\Application\UCBrowser.exe -- %1"
[HKLM\SOFTWARE\Clients\StartMenuInternet\UCBrowser\Capabilities\URLAssociations]
"smsto" = "UCHTML"
"sms" = "UCHTML"
"http" = "UCHTML"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml]
"Progid" = "UCHTML.AssocFile.SHTML"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing]
"LogSessionName" = "stdout"
[HKLM\SOFTWARE\Clients\StartMenuInternet\UCBrowser\InstallInfo]
"IconsVisible" = "1"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht]
"Progid" = "UCHTML.AssocFile.XHT"
[HKCU\Software\Classes\.xhtml]
"(Default)" = "UCHTML"
[HKLM\SOFTWARE\Clients\StartMenuInternet\UCBrowser]
"(Default)" = "UCæµÂÂ览器"
[HKLM\SOFTWARE\Clients\StartMenuInternet\UCBrowser\DefaultIcon]
"(Default)" = "%Program Files%\UCBrowser\Application\UCBrowser.exe,0"
[HKLM\SOFTWARE\Clients\StartMenuInternet\UCBrowser\Capabilities\Startmenu]
"StartMenuInternet" = "UCBrowser"
[HKCR\UCHTML.AssocFile.SHTML\shell\open\command]
"(Default)" = "%Program Files%\UCBrowser\Application\UCBrowser.exe -- %1"
[HKCR\UCHTML.AssocFile.SHTML\DefaultIcon]
"(Default)" = "%Program Files%\UCBrowser\Application\UCBrowser.exe,3"
[HKLM\SOFTWARE\Clients\StartMenuInternet\UCBrowser\InstallInfo]
"ReinstallCommand" = "%Program Files%\UCBrowser\Application\UCBrowser.exe --make-default-browser"
[HKCU\Software\Classes\UCHTML\CLSID]
"(Default)" = ""
[HKCU\Software\Classes\UCHTML.AssocFile.CRX\DefaultIcon]
"(Default)" = "%Program Files%\UCBrowser\Application\UCBrowser.exe,4"
[HKCR\UCHTML.AssocFile.HTML\DefaultIcon]
"(Default)" = "%Program Files%\UCBrowser\Application\UCBrowser.exe,3"
[HKCU\Software\Clients\StartmenuInternet]
"(Default)" = "UCBrowser"
[HKCU\Software\Classes\https\shell\open\command]
"(Default)" = "%Program Files%\UCBrowser\Application\UCBrowser.exe -- %1"
[HKCU\Software\Classes\http\shell\open\command]
"(Default)" = "%Program Files%\UCBrowser\Application\UCBrowser.exe -- %1"
[HKCR\.xht\OpenWithProgids]
"UCHTML.AssocFile.XHT" = ""
[HKCU\Software\Classes\UCHTML\DefaultIcon]
"(Default)" = "%Program Files%\UCBrowser\Application\UCBrowser.exe,1"
The Trojan deletes the following value(s) in system registry:
[HKCU\Software\UCBrowser\Running]
"browser-2756"
The process ADSkip.v1.0.523.2104_Silent.exe:1748 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ADSKIP]
"URLInfoAbout" = "http://www.adskiper.com/"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ADSKIP]
"DisplayVersion" = "1.0.523.2104"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Start Menu" = "%Documents and Settings%\All Users\Start Menu"
"Common Documents" = "%Documents and Settings%\All Users\Documents"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Personal" = "%Documents and Settings%\%current user%\My Documents"
[HKCU\Software\ADSKIP]
"join_feeling_plan" = "1"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"
[HKCU\Software\ADSKIP]
"InstallTime" = "2016-06-23 02:25"
[HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache\%Program Files%\ADSKIP]
"ADSkip.exe" = "ADSkip 32 Bit Application"
"ADSkipSvc.exe" = "ADSkip 32 Bit Application"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"CommonMusic" = "%Documents and Settings%\All Users\Documents\My Music"
"Common Desktop" = "%Documents and Settings%\All Users\Desktop"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"
[HKCU\Software\ADSKIP]
"InsErr1" = "0"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ADSKIP]
"DisplayIcon" = "%Program Files%\ADSKIP\ADSkip.exe"
[HKCU\Software\ADSKIP]
"InstallType" = "2"
"Version" = "1.0.523.2104"
"CurVer" = "1.0.523.2104"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"My Pictures" = "%Documents and Settings%\%current user%\My Documents\My Pictures"
[HKCU\Software\ADSKIP]
"usercode" = "v1.0.523.2104_Silent"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ADSKIP]
"UninstallString" = "%Program Files%\ADSKIP\uninst.exe"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Start Menu" = "%Documents and Settings%\%current user%\Start Menu"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ADSKIP]
"DisplayName" = "AdSkip"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"CommonVideo" = "%Documents and Settings%\All Users\Documents\My Videos"
"CommonPictures" = "%Documents and Settings%\All Users\Documents\My Pictures"
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "92 18 44 A1 31 97 63 6D 0D 42 AA 3F 96 7D C4 1A"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Desktop" = "%Documents and Settings%\%current user%\Desktop"
[HKCU\Software\ADSKIP]
"InstallCode" = "1c976270104fe22d89b26b49818e10afbd277962612989d8b6a27421f094eff95dc51307ae0431860284b4d16b5fe000c2d33123da83ee5f613984d140444c2f9d609bebdeb55606293878b3273b8a1cc7b1a3fdd1f3f"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Programs" = "%Documents and Settings%\%current user%\Start Menu\Programs"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ADSKIP]
"Publisher" = "Biling Network Technology Co. Ltd."
[HKCU\Software\ADSKIP]
"CheckCode" = "ae0438a1c098bca7797b0762100c291d1ea8e8491c8296261c512df04b4d16b5f8fb9a307d27"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"
The Trojan modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"
The Trojan modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:
"ProxyBypass" = "1"
The Trojan modifies IE settings for security zones to map all urls to the Intranet Zone:
"IntranetName" = "1"
The process %original file name%.exe:224 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "49 F3 27 8C 8B F6 C8 08 0E DD C4 C3 B5 C8 36 52"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"
[HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache\C:\Download]
"MiniTPFw.exe" = "MiniTPFw Application"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Documents" = "%Documents and Settings%\All Users\Documents"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Desktop" = "%Documents and Settings%\%current user%\Desktop"
[HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache\C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp]
"ADSkip.v1.0.523.2104_Silent.exe" = "ADSkip 32 Bit Application"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Desktop" = "%Documents and Settings%\All Users\Desktop"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Personal" = "%Documents and Settings%\%current user%\My Documents"
[HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache\C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp]
"Browser_V5.6.13381.9_r_4681_(Build1606081220).exe" = "UCæµÂÂ览器"
To automatically run itself each time Windows is booted, the Trojan adds the following link to its file to the system registry autorun key:
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"%original file name%.exe -start" = "c:\%original file name%.exe -start"
The Trojan modifies IE settings for security zones to map all urls to the Intranet Zone:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"
The Trojan modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:
"UNCAsIntranet" = "1"
The Trojan modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:
"ProxyBypass" = "1"
The process MiniThunderPlatform.exe:1036 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65452"
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache4"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache2"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65452"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65452"
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "FF 90 44 F8 7D 46 7E 8B AD 9E 2E C8 28 1F F5 57"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache1"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65452"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache3"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"
The Trojan modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"
The Trojan modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:
"ProxyBypass" = "1"
The Trojan modifies IE settings for security zones to map all urls to the Intranet Zone:
"IntranetName" = "1"
The process UCService.exe:3608 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "33 D4 CD 57 3E 3A D7 AE FD 5A 46 54 F7 65 FE FC"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Desktop" = "%Documents and Settings%\All Users\Desktop"
The process UCService.exe:2804 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "7A CB DA 8D 57 AB 27 AE E8 86 C0 55 3F 32 0A AB"
The process UCService.exe:3820 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "A0 C3 A8 B0 62 18 6D 3F C7 F6 6B E9 3D 78 C6 38"
The process netsh.exe:2488 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy\traceIdentifier]
"Guid" = "5f31090b-d990-4e91-b16d-46121d0255aa"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\qagent]
"Active" = "1"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil\traceIdentifier]
"Guid" = "8aefce96-4618-42ff-a057-3536aa78233e"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\NAP\Netsh]
"ControlFlags" = "1"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\qagent]
"ControlFlags" = "1"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\NAP\Netsh]
"Active" = "1"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\NAP\Netsh\Napmontr]
"BitNames" = " NAP_TRACE_BASE NAP_TRACE_NETSH"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy]
"Active" = "1"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg\traceIdentifier]
"BitNames" = " Error Unusual Info Debug"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg]
"Active" = "1"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy\traceIdentifier]
"BitNames" = " Error Unusual Info Debug"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg]
"ControlFlags" = "1"
"LogSessionName" = "stdout"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\NAP\Netsh\Napmontr]
"Guid" = "710adbf0-ce88-40b4-a50d-231ada6593f0"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil]
"Active" = "1"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\qagent\traceIdentifier]
"BitNames" = " Error Unusual Info Debug"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy]
"LogSessionName" = "stdout"
"ControlFlags" = "1"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\qagent\traceIdentifier]
"Guid" = "b0278a28-76f1-4e15-b1df-14b209a12613"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg\traceIdentifier]
"Guid" = "5f31090b-d990-4e91-b16d-46121d0255aa"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil\traceIdentifier]
"BitNames" = " Error Unusual Info Debug"
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "1A DA 44 2C AA 91 90 96 D8 33 13 D0 EE C9 03 66"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\NAP\Netsh]
"LogSessionName" = "stdout"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\qagent]
"LogSessionName" = "stdout"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil]
"LogSessionName" = "stdout"
"ControlFlags" = "1"
The Trojan deletes the following value(s) in system registry:
[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\%Program Files%\UCBrowser\Application]
"UCBrowser.exe"
The process netsh.exe:2588 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy\traceIdentifier]
"Guid" = "5f31090b-d990-4e91-b16d-46121d0255aa"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\qagent]
"Active" = "1"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil\traceIdentifier]
"Guid" = "8aefce96-4618-42ff-a057-3536aa78233e"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\NAP\Netsh]
"ControlFlags" = "1"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\qagent]
"ControlFlags" = "1"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\NAP\Netsh]
"Active" = "1"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\NAP\Netsh\Napmontr]
"BitNames" = " NAP_TRACE_BASE NAP_TRACE_NETSH"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy]
"Active" = "1"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg\traceIdentifier]
"BitNames" = " Error Unusual Info Debug"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg]
"Active" = "1"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy\traceIdentifier]
"BitNames" = " Error Unusual Info Debug"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg]
"ControlFlags" = "1"
"LogSessionName" = "stdout"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\NAP\Netsh\Napmontr]
"Guid" = "710adbf0-ce88-40b4-a50d-231ada6593f0"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil]
"Active" = "1"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\qagent\traceIdentifier]
"BitNames" = " Error Unusual Info Debug"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy]
"LogSessionName" = "stdout"
"ControlFlags" = "1"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\qagent\traceIdentifier]
"Guid" = "b0278a28-76f1-4e15-b1df-14b209a12613"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg\traceIdentifier]
"Guid" = "5f31090b-d990-4e91-b16d-46121d0255aa"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil\traceIdentifier]
"BitNames" = " Error Unusual Info Debug"
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "25 8B FC 95 54 80 7E 9F 7E B8 10 C9 75 82 B7 53"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\NAP\Netsh]
"LogSessionName" = "stdout"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\qagent]
"LogSessionName" = "stdout"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil]
"LogSessionName" = "stdout"
"ControlFlags" = "1"
Adds a rule to the firewall Windows which allows any network activity:
[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\%Program Files%\UCBrowser\Application]
"UCBrowser.exe" = "%Program Files%\UCBrowser\Application\UCBrowser.exe:*:Enabled:UCæµÂÂÂ览器"
The process netsh.exe:320 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy\traceIdentifier]
"Guid" = "5f31090b-d990-4e91-b16d-46121d0255aa"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\qagent]
"Active" = "1"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil\traceIdentifier]
"Guid" = "8aefce96-4618-42ff-a057-3536aa78233e"
[HKLM\SOFTWARE\Microsoft\Tracing\FWCFG]
"MaxFileSize" = "1048576"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\NAP\Netsh]
"ControlFlags" = "1"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\qagent]
"ControlFlags" = "1"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\NAP\Netsh]
"Active" = "1"
[HKLM\SOFTWARE\Microsoft\Tracing\FWCFG]
"ConsoleTracingMask" = "4294901760"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\NAP\Netsh\Napmontr]
"BitNames" = " NAP_TRACE_BASE NAP_TRACE_NETSH"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy]
"Active" = "1"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg\traceIdentifier]
"BitNames" = " Error Unusual Info Debug"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg]
"Active" = "1"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy\traceIdentifier]
"BitNames" = " Error Unusual Info Debug"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg]
"ControlFlags" = "1"
[HKLM\SOFTWARE\Microsoft\Tracing\FWCFG]
"EnableFileTracing" = "0"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg]
"LogSessionName" = "stdout"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\NAP\Netsh\Napmontr]
"Guid" = "710adbf0-ce88-40b4-a50d-231ada6593f0"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil]
"Active" = "1"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy]
"LogSessionName" = "stdout"
"ControlFlags" = "1"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\qagent\traceIdentifier]
"Guid" = "b0278a28-76f1-4e15-b1df-14b209a12613"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg\traceIdentifier]
"Guid" = "5f31090b-d990-4e91-b16d-46121d0255aa"
[HKLM\SOFTWARE\Microsoft\Tracing\FWCFG]
"EnableConsoleTracing" = "0"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil\traceIdentifier]
"BitNames" = " Error Unusual Info Debug"
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "ED 21 FE 47 5E 3D D0 44 C9 E4 9F F3 31 FA 32 DA"
[HKLM\SOFTWARE\Microsoft\Tracing\FWCFG]
"FileDirectory" = "%windir%\tracing"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil]
"LogSessionName" = "stdout"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\qagent]
"LogSessionName" = "stdout"
[HKLM\SOFTWARE\Microsoft\Tracing\FWCFG]
"FileTracingMask" = "4294901760"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\NAP\Netsh]
"LogSessionName" = "stdout"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\qagent\traceIdentifier]
"BitNames" = " Error Unusual Info Debug"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil]
"ControlFlags" = "1"
Adds a rule to the firewall Windows which allows any network activity:
[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\%Program Files%\ADSKIP]
"ADSkip.exe" = "%Program Files%\ADSKIP\ADSkip.exe:*:Enabled:ADSKIP"
The process netsh.exe:476 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy\traceIdentifier]
"Guid" = "5f31090b-d990-4e91-b16d-46121d0255aa"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\qagent]
"Active" = "1"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil\traceIdentifier]
"Guid" = "8aefce96-4618-42ff-a057-3536aa78233e"
[HKLM\SOFTWARE\Microsoft\Tracing\FWCFG]
"MaxFileSize" = "1048576"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\NAP\Netsh]
"ControlFlags" = "1"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\qagent]
"ControlFlags" = "1"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\NAP\Netsh]
"Active" = "1"
[HKLM\SOFTWARE\Microsoft\Tracing\FWCFG]
"ConsoleTracingMask" = "4294901760"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\NAP\Netsh\Napmontr]
"BitNames" = " NAP_TRACE_BASE NAP_TRACE_NETSH"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy]
"Active" = "1"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg\traceIdentifier]
"BitNames" = " Error Unusual Info Debug"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg]
"Active" = "1"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy\traceIdentifier]
"BitNames" = " Error Unusual Info Debug"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg]
"ControlFlags" = "1"
[HKLM\SOFTWARE\Microsoft\Tracing\FWCFG]
"EnableFileTracing" = "0"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg]
"LogSessionName" = "stdout"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\NAP\Netsh\Napmontr]
"Guid" = "710adbf0-ce88-40b4-a50d-231ada6593f0"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil]
"Active" = "1"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy]
"LogSessionName" = "stdout"
"ControlFlags" = "1"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\qagent\traceIdentifier]
"Guid" = "b0278a28-76f1-4e15-b1df-14b209a12613"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg\traceIdentifier]
"Guid" = "5f31090b-d990-4e91-b16d-46121d0255aa"
[HKLM\SOFTWARE\Microsoft\Tracing\FWCFG]
"EnableConsoleTracing" = "0"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil\traceIdentifier]
"BitNames" = " Error Unusual Info Debug"
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "6C 1D 20 F9 07 32 E6 72 4E 71 C7 F0 28 07 67 A0"
[HKLM\SOFTWARE\Microsoft\Tracing\FWCFG]
"FileDirectory" = "%windir%\tracing"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil]
"LogSessionName" = "stdout"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\qagent]
"LogSessionName" = "stdout"
[HKLM\SOFTWARE\Microsoft\Tracing\FWCFG]
"FileTracingMask" = "4294901760"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\NAP\Netsh]
"LogSessionName" = "stdout"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\qagent\traceIdentifier]
"BitNames" = " Error Unusual Info Debug"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil]
"ControlFlags" = "1"
Adds a rule to the firewall Windows which allows any network activity:
[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\%Program Files%\ADSKIP]
"ADSkipSvc.exe" = "%Program Files%\ADSKIP\ADSkipSvc.exe:*:Enabled:ADSkipSvc"
The process netsh.exe:2660 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy\traceIdentifier]
"Guid" = "5f31090b-d990-4e91-b16d-46121d0255aa"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\qagent]
"Active" = "1"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil\traceIdentifier]
"Guid" = "8aefce96-4618-42ff-a057-3536aa78233e"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\NAP\Netsh]
"ControlFlags" = "1"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\qagent]
"ControlFlags" = "1"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\NAP\Netsh]
"Active" = "1"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\NAP\Netsh\Napmontr]
"BitNames" = " NAP_TRACE_BASE NAP_TRACE_NETSH"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy]
"Active" = "1"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg\traceIdentifier]
"BitNames" = " Error Unusual Info Debug"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg]
"Active" = "1"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy\traceIdentifier]
"BitNames" = " Error Unusual Info Debug"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg]
"ControlFlags" = "1"
"LogSessionName" = "stdout"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\NAP\Netsh\Napmontr]
"Guid" = "710adbf0-ce88-40b4-a50d-231ada6593f0"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil]
"Active" = "1"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\qagent\traceIdentifier]
"BitNames" = " Error Unusual Info Debug"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy]
"LogSessionName" = "stdout"
"ControlFlags" = "1"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\qagent\traceIdentifier]
"Guid" = "b0278a28-76f1-4e15-b1df-14b209a12613"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg\traceIdentifier]
"Guid" = "5f31090b-d990-4e91-b16d-46121d0255aa"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil\traceIdentifier]
"BitNames" = " Error Unusual Info Debug"
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "65 B8 B6 DA 7E E6 08 BB 9B B2 8C C1 29 A0 7C EF"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\NAP\Netsh]
"LogSessionName" = "stdout"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\qagent]
"LogSessionName" = "stdout"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil]
"LogSessionName" = "stdout"
"ControlFlags" = "1"
The process netsh.exe:2508 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy\traceIdentifier]
"Guid" = "5f31090b-d990-4e91-b16d-46121d0255aa"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\qagent]
"Active" = "1"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil\traceIdentifier]
"Guid" = "8aefce96-4618-42ff-a057-3536aa78233e"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\NAP\Netsh]
"ControlFlags" = "1"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\qagent]
"ControlFlags" = "1"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\NAP\Netsh]
"Active" = "1"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\NAP\Netsh\Napmontr]
"BitNames" = " NAP_TRACE_BASE NAP_TRACE_NETSH"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy]
"Active" = "1"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg\traceIdentifier]
"BitNames" = " Error Unusual Info Debug"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg]
"Active" = "1"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy\traceIdentifier]
"BitNames" = " Error Unusual Info Debug"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg]
"ControlFlags" = "1"
"LogSessionName" = "stdout"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\NAP\Netsh\Napmontr]
"Guid" = "710adbf0-ce88-40b4-a50d-231ada6593f0"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil]
"Active" = "1"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\qagent\traceIdentifier]
"BitNames" = " Error Unusual Info Debug"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy]
"LogSessionName" = "stdout"
"ControlFlags" = "1"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\qagent\traceIdentifier]
"Guid" = "b0278a28-76f1-4e15-b1df-14b209a12613"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg\traceIdentifier]
"Guid" = "5f31090b-d990-4e91-b16d-46121d0255aa"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil\traceIdentifier]
"BitNames" = " Error Unusual Info Debug"
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "6A 40 CD 91 62 C4 F1 56 5A 88 1E 16 80 9A 53 74"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\NAP\Netsh]
"LogSessionName" = "stdout"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\qagent]
"LogSessionName" = "stdout"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil]
"LogSessionName" = "stdout"
"ControlFlags" = "1"
The process ADSkip.exe:756 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65452"
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache4"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"
[HKCU\Software\ADSKIP]
"join_feeling_plan" = ""
"AutoFlag" = "1"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache2"
[HKCU\Software\ADSKIP]
"InstallCode" = ""
[HKLM]
"Start" = "0"
[HKCU\Software\ADSKIP]
"AutoStart" = "2"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"
[HKCU\Software\ADSKIP]
"InstallType" = "0"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65452"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65452"
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "D6 DE F3 DB 46 71 46 E4 3B DA 1D 5A 0D 9C 07 22"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache1"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65452"
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache3"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"
The following service will be launched automatically at system boot up:
[HKLM\System\CurrentControlSet\Services\ADSkipSvc]
"Start" = "2"
The process ADSkipSvc.exe:2396 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "0A 07 C1 90 9C D1 C1 A6 0C C8 7D 23 E8 03 23 8C"
The process ADSkipSvc.exe:1152 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "95 24 3B ED 0B 9B 46 3D 91 0C 32 3A 3D E6 87 25"
The process setup.exe:2840 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\System\CurrentControlSet\Services\UCGuard\Instances\ucguard]
"Flags" = "0"
[HKLM\System\CurrentControlSet\Services\UCGuard]
"DebugLevel" = "1"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\UCBrowser]
"VersionMajor" = "13381"
[HKLM\System\CurrentControlSet\Services\UCGuard\Instances]
"DefaultInstance" = "ucguard"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\UCBrowser]
"NoRepair" = "1"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"
[HKLM\SOFTWARE\UCBrowser\Commands\on-os-upgrade]
"CommandLine" = "%Program Files%\UCBrowser\Application\5.6.13381.9\Installer\setup.exe --on-os-upgrade --system-level --verbose-logging"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Start Menu" = "%Documents and Settings%\All Users\Start Menu"
[HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{65122CB0-EA0F-47DF-A953-017170ED12F9}]
"IsInstalled" = "1"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Personal" = "%Documents and Settings%\%current user%\My Documents"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\UCBrowser]
"DisplayName" = "UCæµÂÂ览器"
[HKCU\Software\UCBrowser]
"PreDefaultBrowser" = "htmlfile"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\UCBrowser]
"NoModify" = "1"
"DisplayIcon" = "%Program Files%\UCBrowser\Application\UCBrowser.exe,0"
[HKLM\SOFTWARE\UCBrowser]
"InstallerError" = "0"
"InstallTime" = "Type: REG_QWORD, Length: 8"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKLM\SOFTWARE\UCBrowser]
"UninstallArguments" = " --uninstall --system-level"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"CommonMusic" = "%Documents and Settings%\All Users\Documents\My Music"
"Common Desktop" = "%Documents and Settings%\All Users\Desktop"
"CommonVideo" = "%Documents and Settings%\All Users\Documents\My Videos"
[HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{65122CB0-EA0F-47DF-A953-017170ED12F9}]
"StubPath" = "%Program Files%\UCBrowser\Application\5.6.13381.9\Installer\chrmstp.exe --configure-user-settings --verbose-logging --system-level"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\UCBrowser]
"DisplayVersion" = "5.6.13381.9"
[HKLM\System\CurrentControlSet\Services\UCGuard\Instances\ucguard]
"Altitude" = "888999"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\UCBrowser]
"Version" = "5.6.13381.9"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Desktop" = "%Documents and Settings%\%current user%\Desktop"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Documents" = "%Documents and Settings%\All Users\Documents"
[HKLM\SOFTWARE\UCBrowser]
"oopcrashes" = "1"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"My Pictures" = "%Documents and Settings%\%current user%\My Documents\My Pictures"
[HKLM\SOFTWARE\UCBrowser]
"InstallerSuccessLaunchCmdLine" = "%Program Files%\UCBrowser\Application\UCBrowser.exe"
[HKLM\System\CurrentControlSet\Services\UCGuard]
"DependOnService" = "FltMgr"
[HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{65122CB0-EA0F-47DF-A953-017170ED12F9}]
"(Default)" = "UCæµÂÂ览器"
[HKLM\System\CurrentControlSet\Services\UCGuard]
"ImagePath" = "system32\DRIVERS\ucguard.sys"
[HKLM\SOFTWARE\UCBrowser\Commands\on-os-upgrade]
"AutoRunOnOSUpgrade" = "1"
[HKLM\System\CurrentControlSet\Services\UCGuard]
"Group" = "PNP_TDI"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\UCBrowser]
"InstallDate" = "20160623"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Start Menu" = "%Documents and Settings%\%current user%\Start Menu"
[HKLM\SOFTWARE\UCBrowser]
"InstallerExtraCode1" = "9"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"CommonPictures" = "%Documents and Settings%\All Users\Documents\My Pictures"
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "61 15 80 1F F8 8D 7D 6E B6 DE 98 60 46 3C B0 A5"
[HKLM\SOFTWARE\UCBrowser]
"InstallerResult" = "0"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Programs" = "%Documents and Settings%\All Users\Start Menu\Programs"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\UCBrowser]
"VersionMinor" = "9"
[HKLM\System\CurrentControlSet\Services\UCGuard]
"Type" = "1"
[HKLM\SOFTWARE\UCBrowser]
"pv" = "5.6.13381.9"
"Name" = "UCæµÂÂ览器"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKLM\System\CurrentControlSet\Services\UCGuard]
"Tag" = "2"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\UCBrowser]
"Publisher" = "广州市动景计ç®â€â€ÃƒÂ¦Ã…“ºç§‘技有é™ÂÂå…¬å¸"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"
[HKLM\SOFTWARE\UCBrowser]
"UninstallString" = "%Program Files%\UCBrowser\Application\Uninstall.exe"
[HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{65122CB0-EA0F-47DF-A953-017170ED12F9}]
"Version" = "43,0,0,0"
[HKLM\SOFTWARE\UCBrowser]
"ap" = "-stage:refreshing_policy"
[HKCU\Software\UCBrowser]
"Path" = "%Program Files%\UCBrowser\Application"
[HKLM\System\CurrentControlSet\Services\UCGuard]
"ErrorControl" = "1"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\UCBrowser]
"UninstallString" = "%Program Files%\UCBrowser\Application\Uninstall.exe --uninstall --system-level"
"InstallLocation" = "%Program Files%\UCBrowser\Application"
[HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{65122CB0-EA0F-47DF-A953-017170ED12F9}]
"Localized Name" = "UCæµÂÂ览器"
[HKLM\SOFTWARE\UCBrowser]
"installId" = "{C41E48D1-AA46-4E7B-BEE7-150B6602EEA0}"
Adds a rule to the firewall Windows which allows any network activity:
[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\%Program Files%\UCBrowser\Application]
"UCBrowser.exe" = "%Program Files%\UCBrowser\Application\UCBrowser.exe:*:Enabled:UCæµÂÂ览器"
The following driver will be automatically launched by the NT Native code (IoInitSystem method):
[HKLM\System\CurrentControlSet\Services\UCGuard]
"Start" = "1"
The process MiniTPFw.exe:1012 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "4B E3 25 90 FF 02 C0 4B 09 11 3D 5A CB F3 99 0F"
Dropped PE files
MD5 | File path |
---|---|
c4ba8b63923d681bd00deb8fbcd12cca | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\ADSkip.v1.0.523.2104_Silent.exe |
9137ad342e6d77194f8a57d4f9e92bac | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\Browser_V5.6.13381.9_r_4681_(Build1606081220).exe |
a829f040da54dd809731d403ae83caf2 | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\CR_E4C92.tmp\setup.exe |
174d697c06d02aab649bc0f09e70651b | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\scoped_dir2156_19268\stats_uploader.exe |
9c95fe1fb78cd9a16e5bed8d9dfde238 | c:\Program Files\ADSKIP\ADSkip.exe |
1b97af3d24e4bd18952ad3f792402ef6 | c:\Program Files\ADSKIP\ADSkipSvc.exe |
cbc246367ae5153df82e65f2c01ab1bc | c:\Program Files\ADSKIP\BugReport.exe |
75cffcfe3fe8b863e008ff5ba5193c97 | c:\Program Files\ADSKIP\CrashHandler.dll |
9484d30589ba06ccb68271679b6612cb | c:\Program Files\ADSKIP\DuiLib.dll |
d2e3fbc25b8541ade1c345d8c9372511 | c:\Program Files\ADSKIP\askComm.dll |
d1be61ba142f179753fba092c90b327b | c:\Program Files\ADSKIP\askMain.dll |
50f55372196752dedf9de9660ea1e4e1 | c:\Program Files\ADSKIP\askMisc.dll |
34a7f56776f4966fcc48b74b46e47bd3 | c:\Program Files\ADSKIP\askProtect.sys |
e264539144ca3e6f830dd2a97cc04151 | c:\Program Files\ADSKIP\askProtect64.sys |
c6470bdb1b9b048159b948cf196dfb20 | c:\Program Files\ADSKIP\askRules.dll |
0c56193f66766e37984a0d8524a4e05e | c:\Program Files\ADSKIP\askUpdate.dll |
559f14ca8660450893eee0a213273f71 | c:\Program Files\ADSKIP\askWfd.dll |
d073f34aa9677ae56ef037f902232085 | c:\Program Files\ADSKIP\dbghelp.dll |
5a5855ac4c0d0bbb01ba561803e33262 | c:\Program Files\ADSKIP\driver\Win32\Win7\blNetFilter.sys |
55447eef016c5e3186f5996b916c6a45 | c:\Program Files\ADSKIP\driver\Win32\Win8.1\blNetFilter.sys |
36f02429c553f3bd5179fe62d3e245bc | c:\Program Files\ADSKIP\driver\Win32\Win8\blNetFilter.sys |
cfc7dc4719cdb3555721db6b34b74ce0 | c:\Program Files\ADSKIP\driver\Win32\WinXP\blNetFilter.sys |
3406d4f76488bb60f942b17bd6147679 | c:\Program Files\ADSKIP\driver\x64\Win7\blNetFilter.sys |
3e18aa340143b421b356d8240aa7d51c | c:\Program Files\ADSKIP\driver\x64\Win8.1\blNetFilter.sys |
14ef139317c2e3e28c68513f578ce707 | c:\Program Files\ADSKIP\driver\x64\Win8\blNetFilter.sys |
99e3130350cebb997ab37013e4993554 | c:\Program Files\ADSKIP\uninst.exe |
8ac275b39f47cd375de5c582af7bc5df | c:\Program Files\ADSKIP\zlib1.dll |
34a7f56776f4966fcc48b74b46e47bd3 | c:\WINDOWS\system32\drivers\askProtect.sys |
cfc7dc4719cdb3555721db6b34b74ce0 | c:\WINDOWS\system32\drivers\blNetFilter.sys |
14ac2d781326318239b4953b0bbb456c | c:\WINDOWS\system32\drivers\tcpip.sys_backup |
58bb62e88687791ad2ea5d8d6e3fe18b | c:\download\MiniTPFw.exe |
e2e9483568dc53f68be0b80c34fe27fb | c:\download\MiniThunderPlatform.exe |
f0372ff8a6148498b19e04203dbb9e69 | c:\download\ThunderFW.exe |
79cb6457c81ada9eb7f2087ce799aaa7 | c:\download\atl71.dll |
dba9a19752b52943a0850a7e19ac600a | c:\download\dl_peer_id.dll |
1a87ff238df9ea26e76b56f34e18402c | c:\download\download_engine.dll |
7fd4f79aca0b09fd3a60841a47ca96e7 | c:\download\minizip.dll |
a94dc60a90efd7a35c36d971e3ee7470 | c:\download\msvcp71.dll |
ca2f560921b7b8be1cf555a5a18d54c3 | c:\download\msvcr71.dll |
89f6488524eaa3e5a66c5f34f3b92405 | c:\download\zlib1.dll |
208662418974bca6faab5c0ca6f7debf | c:\xldl.dll |
HOSTS file anomalies
No changes have been detected.
Rootkit activity
Using the driver "%System%\drivers\blNetFilter.sys" the Trojan controls creation and closing of processes by installing the process notifier.
Using the driver "%System%\DRIVERS\ucguard.sys" the Trojan controls creation and closing of processes by installing the process notifier.
Using the driver "%System%\DRIVERS\ucguard.sys" the Trojan controls creation and closing of threads by installing the thread notifier.
Using the driver "%System%\DRIVERS\ucguard.sys" the Trojan controls loading executable images into a memory by installing the Load image notifier.
The Trojan installs the following kernel-mode hooks:
ZwTerminateProcess
ZwCreateKey
ZwDeleteKey
ZwDeleteValueKey
ZwLoadKey
ZwLoadKey2
ZwOpenKey
ZwQueryValueKey
ZwRenameKey
ZwReplaceKey
ZwRestoreKey
ZwSetSecurityObject
ZwSetValueKey
Propagation
Removals
Remove it with Ad-Aware
- Click (here) to download and install Ad-Aware Free Antivirus.
- Update the definition files.
- Run a full scan of your computer.
Manual removal*
- Scan a system with an anti-rootkit tool.
- Terminate malicious process(es) (How to End a Process With the Task Manager):
sc.exe:2312
sc.exe:2216
Browser_V5.6.13381.9_r_4681_(Build1606081220).exe:2156
stats_uploader.exe:2212
stats_uploader.exe:3848
UCBrowser.exe:2756
ADSkip.v1.0.523.2104_Silent.exe:1748
%original file name%.exe:224
UCService.exe:3608
UCService.exe:2804
UCService.exe:3820
netsh.exe:2488
netsh.exe:2588
netsh.exe:320
netsh.exe:476
netsh.exe:2660
netsh.exe:2508
ADSkip.exe:756
ADSkipSvc.exe:2396
ADSkipSvc.exe:1152
setup.exe:2840
MiniTPFw.exe:1012 - Delete the original Trojan file.
- Delete or disinfect the following files created/modified by the Trojan:
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir2156_19268\stats_uploader.exe (265 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\CR_E4C92.tmp\setup.exe (17426 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir2156_10848\wow_installer.prefs (235 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\CR_E4C92.tmp\SETUP.EX_ (1709 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\CR_E4C92.tmp\CHROME.PACKED.7Z (359691 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\UCBrowser\User Data\Default\Preferences (2 bytes)
%Program Files%\UCBrowser\Application\Share\unconfirmed_config (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\UCBrowser\User Data\1.tmp (837 bytes)
%System%\drivers\blNetFilter.sys (601 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\bin\ADSkip\driver\x64\Win7\blNetFilter.sys (1856 bytes)
%Program Files%\ADSKIP\askRules.dll (3361 bytes)
%Program Files%\ADSKIP\CustomRule.txt (2 bytes)
%Program Files%\ADSKIP\res\400.dat (24 bytes)
%Program Files%\ADSKIP\dbghelp.dll (7726 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\bin\ADSkip\driver\x64\Win8\blNetFilter.sys (1856 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\bin\ADSkip\uninst.exe (32824 bytes)
%Program Files%\ADSKIP\driver\Win32\Win7\blNetFilter.sys (43 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\bin\ADSkip\askProtect.sys (7192 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\bin\ADSkip\BugReport.exe (5520 bytes)
%Program Files%\ADSKIP\askComm.dll (8657 bytes)
%Documents and Settings%\%current user%\Start Menu\Programs\AdSkip\Uninstall AdSkip.lnk (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\bin\ADSkip\subscribe1\5983 (10136 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\bin\ADSkip\subscribe1\5982 (5520 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\bin\ADSkip\subscribe1\5981 (7192 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\bin\ADSkip\subscribe1\5980 (8560 bytes)
%Program Files%\ADSKIP\driver\Win32\Win8\blNetFilter.sys (45 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\bin\ADSkip\askComm.dll (38103 bytes)
%Program Files%\ADSKIP\askProtect64.sys (1281 bytes)
%System%\drivers\askProtect.sys (1281 bytes)
%Program Files%\ADSKIP\CheckSum.dat (64 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\bin\ADSkip\Install.xml (2 bytes)
%Documents and Settings%\%current user%\Application Data\ADSKIP\subscribe1\5981 (1281 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\bin\ADSkip\askWfd.dll (12088 bytes)
%Program Files%\ADSKIP\driver\x64\Win8\blNetFilter.sys (54 bytes)
%Program Files%\ADSKIP\askProtect.sys (1281 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\bin\ADSkip\res\400.dat (784 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\bin\ADSkip\subscribe1\2001 (7 bytes)
%Program Files%\ADSKIP\BugReport.exe (673 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\bin\ADSkip\dbghelp.dll (34773 bytes)
%Documents and Settings%\%current user%\Application Data\ADSKIP\subscribe1\5980 (1281 bytes)
%Documents and Settings%\%current user%\Application Data\ADSKIP\subscribe1\5983 (1425 bytes)
%Documents and Settings%\%current user%\Application Data\ADSKIP\subscribe1\5982 (673 bytes)
%Program Files%\ADSKIP\res\000.dat (36 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\bin\ADSkip\ADSkipSvc.exe (4992 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\bin\ADSkip\res\1012.dat (16424 bytes)
%Program Files%\ADSKIP\res\0002.dat (4 bytes)
%Documents and Settings%\%current user%\Application Data\ADSKIP\subscribe1\2001 (7 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\bin\ADSkip\res\101.dat (4992 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\bin\ADSkip\CheckSum.dat (64 bytes)
%Program Files%\ADSKIP\zlib1.dll (601 bytes)
%Documents and Settings%\%current user%\Application Data\ADSKIP\CdnRuleOptionEN.dat (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\bin\ADSkip\res\000.dat (1552 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\bin\ADSkip\subscribe1\51004 (8560 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\bin\ADSkip\res\0003.dat (280 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\bin\ADSkip\subscribe1\51000 (20624 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\bin\ADSkip\zlib1.dll (3616 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\bin\ADSkip\subscribe1\51002 (14184 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\bin\ADSkip\subscribe1\51003 (15536 bytes)
%Documents and Settings%\%current user%\Start Menu\Programs\AdSkip\AdSkip.lnk (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\bin\ADSkip\res\se1.dat (6360 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\bin\ADSkip\CdnRuleOptionEN.dat (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\bin\ADSkip\res\09999.dat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\bin\ADSkip\askUpdate.dll (32128 bytes)
%Program Files%\ADSKIP\ADSkip.exe (19686 bytes)
%Program Files%\ADSKIP\res\09999_EN.dat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\bin\ADSkip\ADSkip.exe (86996 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\bin\ADSkip\askProtect64.sys (7192 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\bin\ADSkip\driver\Win32\WinXP\blNetFilter.sys (3616 bytes)
%Documents and Settings%\%current user%\Desktop\AdSkip.lnk (1 bytes)
%Program Files%\ADSKIP\res\300.dat (1281 bytes)
%Program Files%\ADSKIP\CrashHandler.dll (1281 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\bin\ADSkip\askMain.dll (9608 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\bin\ADSkip\res\300.dat (8560 bytes)
%Program Files%\ADSKIP\DuiLib.dll (5441 bytes)
%Program Files%\ADSKIP\res\1012.dat (3073 bytes)
%Program Files%\ADSKIP\ADSkipSvc.exe (601 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\bin\ADSkip\DuiLib.dll (25112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\bin\ADSkip\res\09999_EN.dat (4 bytes)
%Program Files%\ADSKIP\uninst.exe (7385 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\bin\ADSkip\driver\Win32\Win7\blNetFilter.sys (1552 bytes)
%Program Files%\ADSKIP\driver\Win32\WinXP\blNetFilter.sys (601 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\bin\ADSkip\subscribe1\51001 (15168 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\bin\ADSkip\driver\x64\Win8.1\blNetFilter.sys (1856 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\bin\ADSkip\CrashHandler.dll (8560 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\bin\ADSkip\driver\Win32\Win8.1\blNetFilter.sys (1552 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\bin\ADSafe4.zip (69133 bytes)
%Documents and Settings%\%current user%\Application Data\ADSKIP\subscribe1\5992 (673 bytes)
%Program Files%\ADSKIP\uninstall.xml (3 bytes)
%Documents and Settings%\%current user%\Application Data\ADSKIP\subscribe1\5991 (2321 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\bin\ADSkip\askRules.dll (19096 bytes)
%Documents and Settings%\%current user%\Application Data\ADSKIP\subscribe1\5994 (673 bytes)
%Documents and Settings%\%current user%\Application Data\ADSKIP\subscribe1\5995 (673 bytes)
%Program Files%\ADSKIP\askMain.dll (1425 bytes)
%Program Files%\ADSKIP\driver\Win32\Win8.1\blNetFilter.sys (45 bytes)
%Program Files%\ADSKIP\res\09999.dat (4 bytes)
%System%\drivers\tcpip.sys (2105 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\bin\ADSkip\CdnRuleOption.dat (4 bytes)
%Program Files%\ADSKIP\askWfd.dll (2105 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\bin\ADSkip\subscribe1\5994 (6360 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\bin\ADSkip\subscribe1\5995 (6360 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\bin\ADSkip\subscribe1\5991 (15168 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\bin\ADSkip\subscribe1\5992 (5064 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\bin\ADSkip\CustomRule.txt (2 bytes)
%Program Files%\ADSKIP\res\0003.dat (280 bytes)
%Documents and Settings%\%current user%\Application Data\ADSKIP\CdnRuleOption.dat (4 bytes)
%Program Files%\ADSKIP\driver\x64\Win8.1\blNetFilter.sys (54 bytes)
%Program Files%\ADSKIP\res\se1.dat (673 bytes)
%Program Files%\ADSKIP\driver\x64\Win7\blNetFilter.sys (52 bytes)
%Documents and Settings%\%current user%\Application Data\ADSKIP\subscribe1\51002 (2321 bytes)
%Documents and Settings%\%current user%\Application Data\ADSKIP\subscribe1\51003 (2321 bytes)
%Documents and Settings%\%current user%\Application Data\ADSKIP\subscribe1\51000 (4185 bytes)
%Documents and Settings%\%current user%\Application Data\ADSKIP\subscribe1\51001 (2321 bytes)
%Documents and Settings%\%current user%\Application Data\ADSKIP\subscribe1\51004 (1281 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\bin\ADSkip\CdnJsonconfig.dat (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\bin\ADSkip\res\0002.dat (4 bytes)
%System%\drivers\tcpip.sys_backup (2319 bytes)
%Documents and Settings%\%current user%\Application Data\ADSKIP\CdnJsonconfig.dat (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\bin\ADSkip\driver\Win32\Win8\blNetFilter.sys (1552 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\bin\ADSkip\askMisc.dll (23424 bytes)
%Program Files%\ADSKIP\res\101.dat (601 bytes)
%Documents and Settings%\%current user%\Application Data\Microsoft\Internet Explorer\Quick Launch\AdSkip.lnk (1 bytes)
%Program Files%\ADSKIP\askUpdate.dll (7345 bytes)
%Program Files%\ADSKIP\askMisc.dll (4545 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\monitorlist.data (178 bytes)
C:\download\MiniThunderPlatform.exe (746 bytes)
C:\download\msvcr71.dll (1629 bytes)
C:\download\download_engine.dll (24427 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\downlist.data (686 bytes)
C:\download\minizip.dll (784 bytes)
C:\download\ThunderFW.exe (1333 bytes)
C:\download\zlib1.dll (745 bytes)
C:\download\msvcp71.dll (1784 bytes)
C:\download\id.dat (40 bytes)
C:\xldl.dll (1922 bytes)
C:\download\MiniTPFw.exe (745 bytes)
C:\download\atl71.dll (118 bytes)
C:\download\dl_peer_id.dll (314 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ADSkip.v1.0.523.2104_Silent.exe.td.cfg (14273 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Browser_V5.6.13381.9_r_4681_(Build1606081220).exe.td.cfg (16328 bytes)
%Documents and Settings%\All Users\Application Data\Thunder Network\Mini_downloadlib\ODAwMDAzNjA=\Version_3_2_1_42\Profiles\asyn_frame.dat (2749 bytes)
%Documents and Settings%\All Users\Application Data\Thunder Network\Mini_downloadlib\ODAwMDAzNjA=\Version_3_2_1_42\Profiles\stat.dat (44 bytes)
%Documents and Settings%\All Users\Application Data\Thunder Network\Mini_downloadlib\ODAwMDAzNjA=\200U (447 bytes)
%Documents and Settings%\All Users\Application Data\Thunder Network\Mini_downloadlib\ODAwMDAzNjA=\Version_3_2_1_42\Profiles\error.dat (284 bytes)
%Documents and Settings%\All Users\Application Data\Thunder Network\DownloadLib\pub_store.dat (405 bytes)
%Documents and Settings%\All Users\Application Data\Thunder Network\Mini_downloadlib\ODAwMDAzNjA=\Version_3_2_1_42\Profiles\download.cfg (1007 bytes)
%Program Files%\UCBrowser\Application\ucsvc.log (1461 bytes)
%Documents and Settings%\%current user%\Application Data\ADSKIP\subscribe1\51001.zip (511 bytes)
%Documents and Settings%\%current user%\Application Data\ADSKIP\cafl.dat (37 bytes)
%Documents and Settings%\%current user%\Application Data\ADSKIP\ErrorLog.txt (448 bytes)
%Program Files%\ADSKIP\res\yxx.dat (22192 bytes)
%Program Files%\ADSKIP\res\txx.dat (8560 bytes)
%Program Files%\ADSKIP\res\txx.dat.zip (628 bytes)
%Documents and Settings%\%current user%\Application Data\ADSKIP\subscribe1\51000.zip (2067 bytes)
%Program Files%\ADSKIP\res\yxx.dat.zip (2812 bytes)
%Documents and Settings%\%current user%\Application Data\ADSKIP\subscribe1\51004.zip (1334 bytes)
%Documents and Settings%\%current user%\Application Data\ADSKIP\config.dat (2359 bytes)
%Documents and Settings%\%current user%\Application Data\ADSKIP\subscribe1\51002.zip (3086 bytes)
%Documents and Settings%\%current user%\Application Data\ADSKIP\subscribe1\51003.zip (1491 bytes)
%Program Files%\UCBrowser\Temp\source2840_32441\Chrome-bin\VERSION (11 bytes)
%Program Files%\UCBrowser\Temp\source2840_32441\Chrome-bin\5.6.13381.9\chrome.dll (286042 bytes)
%Program Files%\UCBrowser\Temp\source2840_32441\Chrome-bin\5.6.13381.9\Configs\zh-cn\start.dat (12 bytes)
%Documents and Settings%\%current user%\Application Data\Microsoft\Internet Explorer\Quick Launch\UCæµÂÂ览器.lnk (1 bytes)
%Program Files%\UCBrowser\Temp\source2840_32441\Chrome-bin\Share\config.dat (6408 bytes)
%Program Files%\UCBrowser\Application\Uninstall.exe (18934 bytes)
%Program Files%\UCBrowser\Application\Share\target_locale (5 bytes)
%Program Files%\UCBrowser\Temp\source2840_32441\Chrome-bin\5.6.13381.9\Configs\zh-cn\share.dat (66 bytes)
%Program Files%\UCBrowser\Temp\source2840_32441\Chrome-bin\5.6.13381.9\delegate_execute.exe (3751 bytes)
%Program Files%\UCBrowser\Temp\source2840_32441\Chrome-bin\Share\icons\new_tab_search\google.com.png (521 bytes)
%Program Files%\UCBrowser\Temp\source2840_32441\chrome.7z (1199069 bytes)
%Program Files%\UCBrowser\Temp\source2840_32441\Chrome-bin\5.6.13381.9\Languages\chs.locale (1 bytes)
%Program Files%\UCBrowser\Temp\source2840_32441\Chrome-bin\5.6.13381.9\Drivers\ucguard.sys (72 bytes)
%Program Files%\UCBrowser\Temp\source2840_32441\Chrome-bin\Share\custom.dat (1 bytes)
%Program Files%\UCBrowser\Temp\source2840_32441\Chrome-bin\5.6.13381.9\libEGL.dll (88 bytes)
%Program Files%\UCBrowser\Temp\source2840_32441\Chrome-bin\Share\icons\marketing\1001.ico (192 bytes)
%Program Files%\UCBrowser\Temp\source2840_32441\Chrome-bin\5.6.13381.9\Configs\id\start.dat (7 bytes)
%Program Files%\UCBrowser\Temp\source2840_32441\Chrome-bin\Share\icons\searchbar\12dc664d-0442-4570-a7c8-f3aa22922cec.com.png (252 bytes)
%Program Files%\UCBrowser\Temp\source2840_32441\Chrome-bin\Share\icons\searchbar\baidu.com.png (426 bytes)
%Program Files%\UCBrowser\Temp\source2840_32441\Chrome-bin\Share\icons\new_tab_search\etao.com.png (335 bytes)
%Program Files%\UCBrowser\Application\UCBrowser.exe (7547 bytes)
%Program Files%\UCBrowser\Temp\source2840_32441\Chrome-bin\5.6.13381.9\Configs\es-419\start.dat (7 bytes)
%Program Files%\UCBrowser\Application\master_preferences (235 bytes)
%Program Files%\UCBrowser\Temp\source2840_32441\Chrome-bin\Share\icons\searchbar\google.com.png (457 bytes)
%Program Files%\UCBrowser\Temp\source2840_32441\Chrome-bin\5.6.13381.9\Languages\settings.xml (103 bytes)
%Program Files%\UCBrowser\Temp\source2840_32441\Chrome-bin\5.6.13381.9\Update\InstalledConfig.xml (680 bytes)
%Documents and Settings%\All Users\Start Menu\Programs\UCæµÂÂ览器.lnk (1 bytes)
%Program Files%\UCBrowser\Temp\source2840_32441\Chrome-bin\5.6.13381.9\courgette.dll (281 bytes)
%Program Files%\UCBrowser\Temp\source2840_32441\Chrome-bin\5.6.13381.9\Drivers\ucguard-x64.sys (81 bytes)
%Program Files%\UCBrowser\Temp\source2840_32441\Chrome-bin\Share\start.dat (12 bytes)
%Program Files%\UCBrowser\Application\update_task.exe (2321 bytes)
%Program Files%\UCBrowser\Temp\source2840_32441\Chrome-bin\5.6.13381.9\7z.dll (6361 bytes)
%Program Files%\UCBrowser\Temp\source2840_32441\Chrome-bin\5.6.13381.9\Configs\zh-cn\config.dat (6408 bytes)
%Program Files%\UCBrowser\Temp\source2840_32441\Chrome-bin\5.6.13381.9\Configs\es-419\config.dat (151 bytes)
%Program Files%\UCBrowser\Temp\source2840_32441\Chrome-bin\Share\icons\login_view\qq.png (2 bytes)
%Program Files%\UCBrowser\Temp\source2840_32441\Chrome-bin\Share\icons\searchbar\etaohaitao.com.png (438 bytes)
%Program Files%\UCBrowser\Temp\source2840_32441\Chrome-bin\Share\icons\searchbar\taobao.com.png (290 bytes)
%Program Files%\UCBrowser\Temp\source2840_32441\Chrome-bin\5.6.13381.9\win10.pak (8 bytes)
%Documents and Settings%\All Users\Start Menu\Programs\UCæµÂÂ览器\å¸载UCæµÂÂ览器.lnk (1 bytes)
%Program Files%\UCBrowser\Temp\source2840_32441\Chrome-bin\Share\icons\new_tab_search\bing.com.png (1 bytes)
%Program Files%\UCBrowser\Temp\source2840_32441\Chrome-bin\Share\icons\login_view\alipay.png (2 bytes)
%Program Files%\UCBrowser\Temp\source2840_32441\Chrome-bin\5.6.13381.9\natives_blob.bin (1711 bytes)
%Program Files%\UCBrowser\Temp\source2840_32441\Chrome-bin\5.6.13381.9\stats_uploader.exe (279 bytes)
%Program Files%\UCBrowser\Temp\source2840_32441\Chrome-bin\5.6.13381.9\chrome_100_percent.pak (7386 bytes)
%Program Files%\UCBrowser\Temp\source2840_32441\Chrome-bin\5.6.13381.9\Configs\pt-br\config.dat (151 bytes)
%Program Files%\UCBrowser\Temp\source2840_32441\Chrome-bin\5.6.13381.9\Configs\share.dat (66 bytes)
%Program Files%\UCBrowser\Temp\source2840_32441\Chrome-bin\5.6.13381.9\libexif.dll (317 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\chrome_installer.log (1252 bytes)
%Program Files%\UCBrowser\Temp\source2840_32441\Chrome-bin\5.6.13381.9\Extensions\zh-CN\external_extensions.json (939 bytes)
%Program Files%\UCBrowser\Temp\source2840_32441\Chrome-bin\Share\icons\searchbar\youku.com.png (653 bytes)
%Program Files%\UCBrowser\Temp\source2840_32441\Chrome-bin\5.6.13381.9\Configs\pt-br\share.dat (66 bytes)
%Program Files%\UCBrowser\Temp\source2840_32441\Chrome-bin\UCBrowser.exe (7386 bytes)
%Program Files%\UCBrowser\Temp\source2840_32441\Chrome-bin\update_task.exe (1696 bytes)
%Program Files%\UCBrowser\Temp\source2840_32441\Chrome-bin\Share\icons\bookmarks\taobao.png (389 bytes)
%Program Files%\UCBrowser\Temp\source2840_32441\Chrome-bin\5.6.13381.9\Configs\ru\share.dat (66 bytes)
%Program Files%\UCBrowser\Temp\source2840_32441\Chrome-bin\5.6.13381.9\Configs\en-in\config.dat (166 bytes)
%Program Files%\UCBrowser\Temp\source2840_32441\Chrome-bin\Share\icons\new_tab_search\youku.com.png (764 bytes)
%Program Files%\UCBrowser\Temp\source2840_32441\Chrome-bin\5.6.13381.9\Backup\UCBrowser.exe (7386 bytes)
%Program Files%\UCBrowser\Application\Share\start.dat (12 bytes)
%Program Files%\UCBrowser\Temp\source2840_32441\Chrome-bin\5.6.13381.9\d3dcompiler_47.dll (22433 bytes)
%Program Files%\UCBrowser\Temp\source2840_32441\Chrome-bin\Share\icons\extension\noads.png (4 bytes)
%Program Files%\UCBrowser\Temp\source2840_32441\Chrome-bin\Share\icons\searchbar\bing.com.png (1 bytes)
%Program Files%\UCBrowser\Application\VERSION (11 bytes)
%Program Files%\UCBrowser\Temp\source2840_32441\Chrome-bin\Share\icons\desktop\facebook.ico (131 bytes)
%Program Files%\UCBrowser\Temp\source2840_32441\Chrome-bin\5.6.13381.9\theme_tool.exe (1851 bytes)
%Program Files%\UCBrowser\Temp\source2840_32441\Chrome-bin\5.6.13381.9\UCProxySDK.dll (9606 bytes)
%Program Files%\UCBrowser\Temp\source2840_32441\Chrome-bin\Share\icons\searchbar\sogou.com.png (1 bytes)
%Program Files%\UCBrowser\Application\wow_helper.exe (601 bytes)
%Program Files%\UCBrowser\Temp\source2840_32441\Chrome-bin\5.6.13381.9\Configs\start.dat (7 bytes)
%Program Files%\UCBrowser\Temp\source2840_32441\Chrome-bin\Share\icons\new_tab_search\baidu.com.png (682 bytes)
%Program Files%\UCBrowser\Temp\source2840_32441\Chrome-bin\5.6.13381.9\Configs\ru\config.dat (152 bytes)
%Program Files%\UCBrowser\Temp\source2840_32441\Chrome-bin\Share\icons\searchbar\google.com.hk.png (457 bytes)
%Program Files%\UCBrowser\Temp\source2840_32441\Chrome-bin\molt_tool.exe (1814 bytes)
%Program Files%\UCBrowser\Temp\source2840_32441\Chrome-bin\5.6.13381.9\Update\curl-ca-bundle.crt (260 bytes)
%Program Files%\UCBrowser\Temp\source2840_32441\Chrome-bin\Uninstall.exe (17629 bytes)
%Program Files%\UCBrowser\Temp\source2840_32441\Chrome-bin\Share\icons\bookmarks\baidu.png (1 bytes)
%Program Files%\UCBrowser\Temp\source2840_32441\Chrome-bin\5.6.13381.9\Configs\es-419\share.dat (66 bytes)
%Program Files%\UCBrowser\Temp\source2840_32441\Chrome-bin\Share\icons\new_tab_search\12dc664d-0442-4570-a7c8-f3aa22922cec.com.png (479 bytes)
%Program Files%\UCBrowser\Temp\source2840_32441\Chrome-bin\5.6.13381.9\browsing_data_remover.exe (236 bytes)
%Program Files%\UCBrowser\Temp\source2840_32441\Chrome-bin\Share\icons\bookmarks\amazon.png (507 bytes)
%Program Files%\UCBrowser\Temp\source2840_32441\Chrome-bin\Share\icons\new_tab_search\sogou.com.png (2 bytes)
%Program Files%\UCBrowser\Temp\source2840_32441\Chrome-bin\5.6.13381.9\Configs\en-in\share.dat (66 bytes)
%Program Files%\UCBrowser\Temp\source2840_32441\Chrome-bin\5.6.13381.9\win10_100_percent.pak (1697 bytes)
%Program Files%\UCBrowser\Temp\source2840_32441\Chrome-bin\5.6.13381.9\PepperFlash\manifest.json (2 bytes)
%Program Files%\UCBrowser\Temp\source2840_32441\Chrome-bin\Share\icons\login_view\weibo.png (1 bytes)
%Program Files%\UCBrowser\Temp\source2840_32441\Chrome-bin\5.6.13381.9\libucguard.dll (179 bytes)
%Program Files%\UCBrowser\Temp\source2840_32441\Chrome-bin\Share\icons\searchbar\tmall.com.png (196 bytes)
%Program Files%\UCBrowser\Temp\source2840_32441\Chrome-bin\5.6.13381.9\Configs\en-in\start.dat (7 bytes)
%Program Files%\UCBrowser\Application\5.6.13381.9\Installer\setup.exe (7547 bytes)
%Program Files%\UCBrowser\Temp\source2840_32441\Chrome-bin\5.6.13381.9\Locales\zh-CN.pak (255 bytes)
%Program Files%\UCBrowser\Temp\source2840_32441\Chrome-bin\Share\icons\new_tab_search\tmall.com.png (200 bytes)
%Program Files%\UCBrowser\Temp\source2840_32441\Chrome-bin\Share\icons\searchbar\etao.com.png (252 bytes)
%Program Files%\UCBrowser\Temp\source2840_32441\Chrome-bin\5.6.13381.9\Extensions\id-ID\external_extensions.json (494 bytes)
%Program Files%\UCBrowser\Temp\source2840_32441\Chrome-bin\wow_helper.exe (80 bytes)
%Program Files%\UCBrowser\Application\Share\config.dat (7345 bytes)
%Documents and Settings%\All Users\Start Menu\Programs\UCæµÂÂ览器\UCæµÂÂ览器.lnk (1 bytes)
%Program Files%\UCBrowser\Temp\source2840_32441\Chrome-bin\5.6.13381.9\updater.dll (15021 bytes)
%Program Files%\UCBrowser\Temp\source2840_32441\Chrome-bin\5.6.13381.9\Configs\pt-br\start.dat (7 bytes)
%Program Files%\UCBrowser\Application\Share\share.dat (66 bytes)
%Program Files%\UCBrowser\Temp\source2840_32441\Chrome-bin\5.6.13381.9\libGLESv2.dll (7972 bytes)
%Program Files%\UCBrowser\Temp\source2840_32441\Chrome-bin\5.6.13381.9\Configs\ru\start.dat (7 bytes)
%Program Files%\UCBrowser\Temp\source2840_32441\Chrome-bin\5.6.13381.9\resources.pak (172310 bytes)
%Program Files%\UCBrowser\Temp\source2840_32441\Chrome-bin\Share\icons\bookmarks\pp_helper.png (1 bytes)
%Program Files%\UCBrowser\Application\UCService.exe (6841 bytes)
%Program Files%\UCBrowser\Temp\source2840_32441\Chrome-bin\5.6.13381.9\snapshot_blob.bin (1802 bytes)
%Program Files%\UCBrowser\Temp\source2840_32441\Chrome-bin\5.6.13381.9\icudtl.dat (34008 bytes)
%Program Files%\UCBrowser\Temp\source2840_32441\Chrome-bin\Share\icons\login_view\taobao.png (2 bytes)
%Program Files%\UCBrowser\Temp\source2840_32441\Chrome-bin\UCService.exe (6334 bytes)
%Program Files%\UCBrowser\Temp\source2840_32441\Chrome-bin\Share\icons\bookmarks\uc123.png (1 bytes)
%Program Files%\UCBrowser\Temp\source2840_32441\Chrome-bin\5.6.13381.9\Update\UpdateOption.xml (189 bytes)
%Program Files%\UCBrowser\Temp\source2840_32441\Chrome-bin\Share\icons\new_tab_search\taobao.com.png (304 bytes)
%Program Files%\UCBrowser\Temp\source2840_32441\Chrome-bin\5.6.13381.9\config_updater.dll (7386 bytes)
%Program Files%\UCBrowser\Temp\source2840_32441\Chrome-bin\5.6.13381.9\Extensions\external_extensions.json (494 bytes)
%Documents and Settings%\All Users\Desktop\UCæµÂÂ览器.lnk (1 bytes)
%Program Files%\UCBrowser\Temp\source2840_32441\Chrome-bin\5.6.13381.9\Configs\config.dat (151 bytes)
%Program Files%\UCBrowser\Temp\source2840_32441\Chrome-bin\5.6.13381.9\chrome_watcher.dll (1680 bytes)
%Program Files%\UCBrowser\Temp\source2840_32441\Chrome-bin\Share\icons\desktop\tmall_points.ico (144 bytes)
%Program Files%\UCBrowser\Temp\source2840_32441\Chrome-bin\5.6.13381.9\Configs\id\config.dat (164 bytes)
%Program Files%\UCBrowser\Temp\source2840_32441\Chrome-bin\5.6.13381.9\chrome_elf.dll (201 bytes)
%Program Files%\UCBrowser\Temp\source2840_32441\Chrome-bin\Share\share.dat (66 bytes)
%Program Files%\UCBrowser\Application\molt_tool.exe (3361 bytes)
%System%\drivers\ucguard.sys (601 bytes)
%Program Files%\UCBrowser\Temp\source2840_32441\Chrome-bin\5.6.13381.9\UCAgent.exe (12289 bytes)
%Program Files%\UCBrowser\Temp\source2840_32441\Chrome-bin\5.6.13381.9\5.6.13381.9.manifest (248 bytes)
%Program Files%\UCBrowser\Temp\source2840_32441\Chrome-bin\5.6.13381.9\chrome_200_percent.pak (7972 bytes)
%Program Files%\UCBrowser\Temp\source2840_32441\Chrome-bin\5.6.13381.9\Locales\en-US.pak (258 bytes)
%Program Files%\UCBrowser\Temp\source2840_32441\Chrome-bin\5.6.13381.9\PepperFlash\pepflashplayer.dll (124061 bytes)
%Program Files%\UCBrowser\Temp\source2840_32441\Chrome-bin\5.6.13381.9\Extensions\pt-BR\external_extensions.json (494 bytes)
%Program Files%\UCBrowser\Temp\source2840_32441\Chrome-bin\Share\icons\extension\renren.png (4 bytes)
%Program Files%\UCBrowser\Application\5.6.13381.9\Installer\chrmstp.exe (7547 bytes)
%Program Files%\UCBrowser\Temp\source2840_32441\Chrome-bin\5.6.13381.9\Extensions\en-IN\external_extensions.json (622 bytes)
%Program Files%\UCBrowser\Temp\source2840_32441\Chrome-bin\5.6.13381.9\Configs\id\share.dat (66 bytes)
%Program Files%\UCBrowser\Temp\source2840_32441\Chrome-bin\5.6.13381.9\chrome_child.dll (321430 bytes)
%Program Files%\UCBrowser\Temp\source2840_32441\Chrome-bin\5.6.13381.9\win10_200_percent.pak (1723 bytes) - Delete the following value(s) in the autorun key (How to Work with System Registry):
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"%original file name%.exe -start" = "c:\%original file name%.exe -start" - Reboot the computer.
Static Analysis
VersionInfo
Company Name: ???
Product Name: ????
Product Version: 2.0.2.1618
Legal Copyright: Copyright (C) 2007-2013 xiami.com All Rights Reserved.
Legal Trademarks:
Original Filename: ????
Internal Name: ????
File Version: 2.0.2.1618
File Description: ????
Comments:
Language: English (United States)
Company Name: ???Product Name: ????Product Version: 2.0.2.1618Legal Copyright: Copyright (C) 2007-2013 xiami.com All Rights Reserved.Legal Trademarks: Original Filename: ????Internal Name: ????File Version: 2.0.2.1618File Description: ????Comments: Language: English (United States)
PE Sections
Name | Virtual Address | Virtual Size | Raw Size | Entropy | Section MD5 |
---|---|---|---|---|---|
.text | 4096 | 224771 | 225280 | 4.5508 | 172187516d330187b4de5842d93592d1 |
.rdata | 229376 | 76456 | 76800 | 3.73485 | c99e2c0977676d6753c8bd045e645299 |
.data | 307200 | 8356 | 5120 | 2.49539 | 8053a525ee758dbe4ac3e142255d2a47 |
.gfids | 319488 | 604 | 1024 | 1.79363 | 4c83d9a68fbc2a648f05822166b0a8f2 |
.tls | 323584 | 9 | 512 | 0.014135 | 1f354d76203061bfdd5a53dae48d5435 |
.rsrc | 327680 | 5894144 | 5891584 | 4.52167 | 5e4c45cdfa44f136de57cd1649b3bbfd |
.reloc | 6221824 | 12548 | 12800 | 4.55408 | 9ebf1a2b18f86b5b6a810b5fa6a36f9f |
Dropped from:
Downloaded by:
Similar by SSDeep:
Similar by Lavasoft Polymorphic Checker:
Network Activity
URLs
IDS verdicts (Suricata alerts: Emerging Threats ET ruleset)
Traffic
Map
The Trojan connects to the servers at the folowing location(s):
Strings from Dumps
%original file name%.exe_224:
.text
.text
`.rdata
`.rdata
@.data
@.data
.gfids
.gfids
@.tls
@.tls
.rsrc
.rsrc
@.reloc
@.reloc
j.Yf;
j.Yf;
_tcPVj@
_tcPVj@
.PjRW
.PjRW
(D
(D
address family not supported
address family not supported
broken pipe
broken pipe
function not supported
function not supported
inappropriate io control operation
inappropriate io control operation
not supported
not supported
operation canceled
operation canceled
operation in progress
operation in progress
operation not permitted
operation not permitted
operation not supported
operation not supported
operation would block
operation would block
protocol not supported
protocol not supported
InitOnceExecuteOnce
InitOnceExecuteOnce
operator
operator
operator ""
operator ""
?#%X.y
?#%X.y
%S#[k
%S#[k
XL_GetFileSizeWithUrl
XL_GetFileSizeWithUrl
XL_ParseThunderPrivateUrl
XL_ParseThunderPrivateUrl
XL_CreateTaskByURL
XL_CreateTaskByURL
Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; KB974487)
Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; KB974487)
hXXp://VVV.baidu.com
hXXp://VVV.baidu.com
Server-Key
Server-Key
[SDK] result = %s
[SDK] result = %s
[SDK] Serverkey = %s
[SDK] Serverkey = %s
[SDK] Key = %s
[SDK] Key = %s
[SDK] OneDeCrypt= %s
[SDK] OneDeCrypt= %s
[SDK] TwoDeCrypt= %s
[SDK] TwoDeCrypt= %s
hXXp://VVV.api4.pw/api/downlist
hXXp://VVV.api4.pw/api/downlist
downlist.data
downlist.data
[URL]
[URL]
[SDK] url = %s ,process = %s
[SDK] url = %s ,process = %s
hXXp://VVV.api4.pw/api/monitorlist
hXXp://VVV.api4.pw/api/monitorlist
monitorlist.data
monitorlist.data
[SDK] type = %d , value = %s
[SDK] type = %d , value = %s
hXXp://VVV.api4.pw/api/send
hXXp://VVV.api4.pw/api/send
HKEY_CLASSES_ROOT
HKEY_CLASSES_ROOT
HKEY_CURRENT_USER
HKEY_CURRENT_USER
HKEY_LOCAL_MACHINE
HKEY_LOCAL_MACHINE
\\.\PhysicalDrive0
\\.\PhysicalDrive0
Windows 10
Windows 10
Windows Server Technical Preview
Windows Server Technical Preview
Windows Vista
Windows Vista
Windows Server 2008
Windows Server 2008
Windows 7
Windows 7
Windows Server 2008 R2
Windows Server 2008 R2
Windows 8
Windows 8
Windows Server 2012
Windows Server 2012
Windows 8.1
Windows 8.1
Windows Server 2012 R2
Windows Server 2012 R2
Windows XP
Windows XP
Windows Server 2003
Windows Server 2003
Web Server Edition
Web Server Edition
Error %u in WinHttpQueryDataAvailable.
Error %u in WinHttpQueryDataAvailable.
Error %u in WinHttpReadData.
Error %u in WinHttpReadData.
RegDeleteKeyExW
RegDeleteKeyExW
InvokeMainViaCRT
InvokeMainViaCRT
ExitMainViaCRT
ExitMainViaCRT
Microsoft.CRTProvider
Microsoft.CRTProvider
C:\Users\Hooyi\Desktop\
C:\Users\Hooyi\Desktop\
M\CPAV3-1\Release\CpaMain.pdb
M\CPAV3-1\Release\CpaMain.pdb
.text$di
.text$di
.text$mn
.text$mn
.text$x
.text$x
.text$yd
.text$yd
.idata$5
.idata$5
.CRT$XCA
.CRT$XCA
.CRT$XCAA
.CRT$XCAA
.CRT$XCC
.CRT$XCC
.CRT$XCL
.CRT$XCL
.CRT$XCU
.CRT$XCU
.CRT$XCZ
.CRT$XCZ
.CRT$XIA
.CRT$XIA
.CRT$XIAA
.CRT$XIAA
.CRT$XIAC
.CRT$XIAC
.CRT$XIC
.CRT$XIC
.CRT$XIZ
.CRT$XIZ
.CRT$XLA
.CRT$XLA
.CRT$XLZ
.CRT$XLZ
.CRT$XPA
.CRT$XPA
.CRT$XPX
.CRT$XPX
.CRT$XPXA
.CRT$XPXA
.CRT$XPZ
.CRT$XPZ
.CRT$XTA
.CRT$XTA
.CRT$XTZ
.CRT$XTZ
.rdata
.rdata
.rdata$T
.rdata$T
.rdata$r
.rdata$r
.rdata$sxdata
.rdata$sxdata
.rdata$zETW0
.rdata$zETW0
.rdata$zETW1
.rdata$zETW1
.rdata$zETW2
.rdata$zETW2
.rdata$zETW9
.rdata$zETW9
.rdata$zzzdbg
.rdata$zzzdbg
.rtc$IAA
.rtc$IAA
.rtc$IZZ
.rtc$IZZ
.rtc$TAA
.rtc$TAA
.rtc$TZZ
.rtc$TZZ
.xdata$x
.xdata$x
.idata$2
.idata$2
.idata$3
.idata$3
.idata$4
.idata$4
.idata$6
.idata$6
.data
.data
.data$r
.data$r
.gfids$x
.gfids$x
.gfids$y
.gfids$y
.tls$
.tls$
.tls$ZZZ
.tls$ZZZ
.rsrc$01
.rsrc$01
.rsrc$02
.rsrc$02
KERNEL32.dll
KERNEL32.dll
USER32.dll
USER32.dll
ShellExecuteExW
ShellExecuteExW
ShellExecuteW
ShellExecuteW
SHELL32.dll
SHELL32.dll
SHLWAPI.dll
SHLWAPI.dll
GetCPInfo
GetCPInfo
GetProcessHeap
GetProcessHeap
RegOpenKeyExW
RegOpenKeyExW
RegEnumKeyExW
RegEnumKeyExW
RegDeleteKeyW
RegDeleteKeyW
RegCloseKey
RegCloseKey
RegNotifyChangeKeyValue
RegNotifyChangeKeyValue
ADVAPI32.dll
ADVAPI32.dll
WinHttpQueryDataAvailable
WinHttpQueryDataAvailable
WinHttpCrackUrl
WinHttpCrackUrl
WinHttpConnect
WinHttpConnect
WinHttpSetTimeouts
WinHttpSetTimeouts
WinHttpSendRequest
WinHttpSendRequest
WinHttpCloseHandle
WinHttpCloseHandle
WinHttpOpenRequest
WinHttpOpenRequest
WinHttpReadData
WinHttpReadData
WinHttpQueryHeaders
WinHttpQueryHeaders
WinHttpAddRequestHeaders
WinHttpAddRequestHeaders
WinHttpOpen
WinHttpOpen
WinHttpCheckPlatform
WinHttpCheckPlatform
WinHttpReceiveResponse
WinHttpReceiveResponse
WINHTTP.dll
WINHTTP.dll
PSAPI.DLL
PSAPI.DLL
.?AU_Crt_new_delete@std@@
.?AU_Crt_new_delete@std@@
.PA_W
.PA_W
.?AVCWinHttp@@
.?AVCWinHttp@@
c:\%original file name%.exe
c:\%original file name%.exe
:|u%SS3
:|u%SS3
956|&56|
956|&56|
.tgPV
.tgPV
FTPjK
FTPjK
FtPj;
FtPj;
C.PjRVj
C.PjRVj
;|u.VV3
;|u.VV3
msvcr71.pdb
msvcr71.pdb
kernel32.dll
kernel32.dll
6|__MSVCRT_HEAP_SELECT
6|__MSVCRT_HEAP_SELECT
Broken pipe
Broken pipe
Inappropriate I/O control operation
Inappropriate I/O control operation
Operation not permitted
Operation not permitted
MSVCR71.dll
MSVCR71.dll
_CRT_RTC_INIT
_CRT_RTC_INIT
__crtCompareStringA
__crtCompareStringA
__crtCompareStringW
__crtCompareStringW
__crtGetLocaleInfoW
__crtGetLocaleInfoW
__crtGetStringTypeW
__crtGetStringTypeW
__crtLCMapStringA
__crtLCMapStringA
__crtLCMapStringW
__crtLCMapStringW
__p__acmdln
__p__acmdln
__p__wcmdln
__p__wcmdln
_acmdln
_acmdln
_amsg_exit
_amsg_exit
_execl
_execl
_execle
_execle
_execlp
_execlp
_execlpe
_execlpe
_execv
_execv
_execve
_execve
_execvp
_execvp
_execvpe
_execvpe
_pipe
_pipe
_wcmdln
_wcmdln
_wexecl
_wexecl
_wexecle
_wexecle
_wexeclp
_wexeclp
_wexeclpe
_wexeclpe
_wexecv
_wexecv
_wexecve
_wexecve
_wexecvp
_wexecvp
_wexecvpe
_wexecvpe
6|mscoree.dll
6|mscoree.dll
setnewh.cpp
setnewh.cpp
- This application cannot run using the active version of the Microsoft .NET Runtime
- This application cannot run using the active version of the Microsoft .NET Runtime
Please contact the application's support team for more information.
Please contact the application's support team for more information.
GetProcessWindowStation
GetProcessWindowStation
user32.dll
user32.dll
internal state. The program cannot safely continue execution and must
internal state. The program cannot safely continue execution and must
continue execution and must now be terminated.
continue execution and must now be terminated.
portuguese-brazilian
portuguese-brazilian
}7|.com
}7|.com
cmd.exe
cmd.exe
command.com
command.com
GetConsoleOutputCP
GetConsoleOutputCP
PeekNamedPipe
PeekNamedPipe
CreatePipe
CreatePipe
Assertion failed: %s, file %s, line %d
Assertion failed: %s, file %s, line %d
?)9|?)9|
?)9|?)9|
zcÃ
zcÃ
3 3$3(3,3034383
3 3$3(3,3034383
5 5$5(5,5
5 5$5(5,5
=$=1=]={=
=$=1=]={=
: :*:2:=:
: :*:2:=:
6%7s7
6%7s7
?!?0?@?|?
?!?0?@?|?
6 6$6(6,6064686
6 6$6(6,6064686
4(6,686@6
4(6,686@6
0 0$0(0,0
0 0$0(0,0
Can not run Unicode version of ATL71.DLL on Windows 95, Windows98 or Windows Me.
Can not run Unicode version of ATL71.DLL on Windows 95, Windows98 or Windows Me.
ole32.dll
ole32.dll
OLEAUT32.dll
OLEAUT32.dll
GDI32.dll
GDI32.dll
atl71.pdb
atl71.pdb
RegCreateKeyExW
RegCreateKeyExW
RegQueryInfoKeyW
RegQueryInfoKeyW
MsgWaitForMultipleObjects
MsgWaitForMultipleObjects
CreateDialogIndirectParamW
CreateDialogIndirectParamW
CreateDialogIndirectParamA
CreateDialogIndirectParamA
ATL71.DLL
ATL71.DLL
advapi32.dll
advapi32.dll
gdi32.dll
gdi32.dll
oleaut32.dll
oleaut32.dll
CloseWindowStation
CloseWindowStation
EnumDesktopWindows
EnumDesktopWindows
OpenWindowStationA
OpenWindowStationA
SetProcessWindowStation
SetProcessWindowStation
SetViewportExtEx
SetViewportExtEx
SetViewportOrgEx
SetViewportOrgEx
CryptDestroyKey
CryptDestroyKey
CryptExportKey
CryptExportKey
RegCreateKeyA
RegCreateKeyA
RegCreateKeyExA
RegCreateKeyExA
RegCreateKeyW
RegCreateKeyW
RegDeleteKeyA
RegDeleteKeyA
RegEnumKeyA
RegEnumKeyA
RegEnumKeyW
RegEnumKeyW
RegOpenKeyA
RegOpenKeyA
RegOpenKeyExA
RegOpenKeyExA
RegOpenKeyW
RegOpenKeyW
ReportEventW
ReportEventW
stdole2.tlbWWW
stdole2.tlbWWW
hpcmdtReservedWWW
hpcmdtReservedWWW
.ShowUIWW
.ShowUIWW
RbstrGuidCmdGroup
RbstrGuidCmdGroup
nCmdIDWW
nCmdIDWW
uGetOptionKeyPath
uGetOptionKeyPath
dzpbstrKey
dzpbstrKey
5TranslateUrl
5TranslateUrl
bstrURLInWWW
bstrURLInWWW
pbstrURLOutW
pbstrURLOutW
pbMsgReflect
pbMsgReflect
pbstrOptionKeyPathWW,
pbstrOptionKeyPathWW,
Set the option key pathWWW
Set the option key pathWWW
Get the option key pathWWW
Get the option key pathWWW
Created by MIDL version 6.00.0362 at Tue Jul 11 18:07:22 2006
Created by MIDL version 6.00.0362 at Tue Jul 11 18:07:22 2006
SSSSh
SSSSh
c:\windows\temp
c:\windows\temp
7y"HKEY_CURRENT_CONFIG
7y"HKEY_CURRENT_CONFIG
HKEY_DYN_DATA
HKEY_DYN_DATA
HKEY_PERFORMANCE_DATA
HKEY_PERFORMANCE_DATA
HKEY_USERS
HKEY_USERS
Ey".tlb
Ey".tlb
\\.\Scsi0:
\\.\Scsi0:
\\.\IDE21201.VXD
\\.\IDE21201.VXD
101111111111
101111111111
222222222222
222222222222
111111111111
111111111111
000000000000
000000000000
filter%u
filter%u
XXXXXX
XXXXXX
\pub_store.dat
\pub_store.dat
.\UnknownBase.cpp
.\UnknownBase.cpp
e:\xl7\Product Release\dl_peer_id.pdb
e:\xl7\Product Release\dl_peer_id.pdb
iphlpapi.dll
iphlpapi.dll
RegQueryInfoKeyA
RegQueryInfoKeyA
RegEnumKeyExA
RegEnumKeyExA
MSVCP71.dll
MSVCP71.dll
dl_peer_id.DLL
dl_peer_id.DLL
Dl_peer_id.XlPeerId.1 = s 'XlPeerId Class'
Dl_peer_id.XlPeerId.1 = s 'XlPeerId Class'
CLSID = s '{5D72951E-2B86-41B9-835F-464346928269}'
CLSID = s '{5D72951E-2B86-41B9-835F-464346928269}'
Dl_peer_id.XlPeerId = s 'XlPeerId Class'
Dl_peer_id.XlPeerId = s 'XlPeerId Class'
CurVer = s 'Dl_peer_id.XlPeerId.1'
CurVer = s 'Dl_peer_id.XlPeerId.1'
ForceRemove {5D72951E-2B86-41B9-835F-464346928269} = s 'XlPeerId Class'
ForceRemove {5D72951E-2B86-41B9-835F-464346928269} = s 'XlPeerId Class'
ProgID = s 'Dl_peer_id.XlPeerId.1'
ProgID = s 'Dl_peer_id.XlPeerId.1'
VersionIndependentProgID = s 'Dl_peer_id.XlPeerId'
VersionIndependentProgID = s 'Dl_peer_id.XlPeerId'
'TypeLib' = s '{3E618540-AFE5-4DFC-B440-1A760323133B}'
'TypeLib' = s '{3E618540-AFE5-4DFC-B440-1A760323133B}'
Dl_peer_id.DownloadLibPlugin.1 = s 'DownloadLibPlugin Class'
Dl_peer_id.DownloadLibPlugin.1 = s 'DownloadLibPlugin Class'
CLSID = s '{D76D152E-836B-489B-A333-930A7F22A1D4}'
CLSID = s '{D76D152E-836B-489B-A333-930A7F22A1D4}'
Dl_peer_id.DownloadLibPlugin = s 'DownloadLibPlugin Class'
Dl_peer_id.DownloadLibPlugin = s 'DownloadLibPlugin Class'
CurVer = s 'Dl_peer_id.DownloadLibPlugin.1'
CurVer = s 'Dl_peer_id.DownloadLibPlugin.1'
ForceRemove {D76D152E-836B-489B-A333-930A7F22A1D4} = s 'DownloadLibPlugin Class'
ForceRemove {D76D152E-836B-489B-A333-930A7F22A1D4} = s 'DownloadLibPlugin Class'
ProgID = s 'Dl_peer_id.DownloadLibPlugin.1'
ProgID = s 'Dl_peer_id.DownloadLibPlugin.1'
VersionIndependentProgID = s 'Dl_peer_id.DownloadLibPlugin'
VersionIndependentProgID = s 'Dl_peer_id.DownloadLibPlugin'
> >,>0>@>
> >,>0>@>
hXXp://ocsp.verisign.com0
hXXp://ocsp.verisign.com0
"hXXp://crl.verisign.com/tss-ca.crl0
"hXXp://crl.verisign.com/tss-ca.crl0
Thawte Certification1
Thawte Certification1
0hXXp://crl.verisign.com/ThawteTimestampingCA.crl0
0hXXp://crl.verisign.com/ThawteTimestampingCA.crl0
2Terms of use at hXXps://VVV.verisign.com/rpa (c)101.0,
2Terms of use at hXXps://VVV.verisign.com/rpa (c)101.0,
/hXXp://csc3-2010-crl.verisign.com/CSC3-2010.crl0D
/hXXp://csc3-2010-crl.verisign.com/CSC3-2010.crl0D
hXXps://VVV.verisign.com/rpa0
hXXps://VVV.verisign.com/rpa0
hXXp://ocsp.verisign.com0;
hXXp://ocsp.verisign.com0;
/hXXp://csc3-2010-aia.verisign.com/CSC3-2010.cer0
/hXXp://csc3-2010-aia.verisign.com/CSC3-2010.cer0
hXXps://VVV.verisign.com/cps0*
hXXps://VVV.verisign.com/cps0*
#hXXp://logo.verisign.com/vslogo.gif04
#hXXp://logo.verisign.com/vslogo.gif04
#hXXp://crl.verisign.com/pca3-g5.crl04
#hXXp://crl.verisign.com/pca3-g5.crl04
{.Rich
{.Rich
t.SVW
t.SVW
j.Pj.Qj.R
j.Pj.Qj.R
j.Qj.Rj.P
j.Qj.Rj.P
.thMUQ
.thMUQ
SQSSSSSSh
SQSSSSSSh
8^%u;
8^%u;
8X%u*
8X%u*
t%SSj
t%SSj
!"#$%&'()*" ,-./01
!"#$%&'()*" ,-./01
T$8RSSh
T$8RSSh
SSSSSh
SSSSSh
szKey
szKey
SSSh5
SSSh5
3|$
3|$
3|$@3|$,
3|$@3|$,
3|$,3|$$
3|$,3|$$
3|$03|$(
3|$03|$(
3|$43|$(
3|$43|$(
3|$83|$,
3|$83|$,
3|$$3|$(
3|$$3|$(
user_udp_listen_port
user_udp_listen_port
user_tcp_listen_port
user_tcp_listen_port
dl_udp_listen_port
dl_udp_listen_port
dl_tcp_listen_port
dl_tcp_listen_port
dl_udp_default_port
dl_udp_default_port
dl_tcp_default_port
dl_tcp_default_port
0123456789
0123456789
https=
https=
http=
http=
[%I64u,%I64u]%s
[%I64u,%I64u]%s
LANG%x
LANG%x
[%s] overflowed.
[%s] overflowed.
[%s] includes non-numberic character.
[%s] includes non-numberic character.
[%s] is an empty std::string.
[%s] is an empty std::string.
download_interface.dll
download_interface.dll
Version_%d_%d_%d_%d\
Version_%d_%d_%d_%d\
GetCurrentExeFullPath
GetCurrentExeFullPath
Bad IUnknown:0xX
Bad IUnknown:0xX
%s[%d.%d.%d.%d]:0xX[%X]
%s[%d.%d.%d.%d]:0xX[%X]
download.cfg
download.cfg
.\DownloadLib.cpp
.\DownloadLib.cpp
xl_stat.dll
xl_stat.dll
down_dispatcher.dll
down_dispatcher.dll
ptl.dll
ptl.dll
p2p.dll
p2p.dll
backend_agent.dll
backend_agent.dll
p2p_local_res.dll
p2p_local_res.dll
p2p_upload.dll
p2p_upload.dll
p2sp.dll
p2sp.dll
fs.dll
fs.dll
dl_peer_id.dll
dl_peer_id.dll
{A091AD25-4931-4569-9EC2-14FF003DE671}
{A091AD25-4931-4569-9EC2-14FF003DE671}
asyn_frame.dll
asyn_frame.dll
prop.txt
prop.txt
va.dll
va.dll
p2p_session_com.dll
p2p_session_com.dll
al.dll
al.dll
member_stat.dll
member_stat.dll
task_report.dll
task_report.dll
xl_mole.dll
xl_mole.dll
module_downloader.dll
module_downloader.dll
media_data.dll
media_data.dll
addinmanager.dll
addinmanager.dll
p2p_network_com.dll
p2p_network_com.dll
xlpfmc.dll
xlpfmc.dll
emule_id.dll
emule_id.dll
stream.dll
stream.dll
p2sp_pd.dll
p2sp_pd.dll
{D76D152E-836B-489B-A333-930A7F22A1D4}
{D76D152E-836B-489B-A333-930A7F22A1D4}
{174583A8-CA6D-4d16-96EC-7B9C03B86956}
{174583A8-CA6D-4d16-96EC-7B9C03B86956}
{6F4EE6C4-55B7-4ff3-8670-03E0BD595D74}
{6F4EE6C4-55B7-4ff3-8670-03E0BD595D74}
bt_kernel.dll
bt_kernel.dll
{34B2E147-6B19-47ba-99C8-0755C2AFD066}
{34B2E147-6B19-47ba-99C8-0755C2AFD066}
emule_kernel.dll
emule_kernel.dll
{12CF75BA-3FFD-4ea0-AEEA-6C5E113DAA82}
{12CF75BA-3FFD-4ea0-AEEA-6C5E113DAA82}
{790987D5-8ACC-4383-9005-E35F0B59F9FD}
{790987D5-8ACC-4383-9005-E35F0B59F9FD}
{C4CEDAFD-E96F-4221-A8FA-CB1B350C4152}
{C4CEDAFD-E96F-4221-A8FA-CB1B350C4152}
{EF165A54-C96A-4fcd-9EB8-CC9DCC08FB5C}
{EF165A54-C96A-4fcd-9EB8-CC9DCC08FB5C}
{0D61278E-CF63-4B97-94D4-62E8DE662F31}
{0D61278E-CF63-4B97-94D4-62E8DE662F31}
dphubt.dll
dphubt.dll
{D38016AB-AC47-483a-BD4B-812CCDCD4236}
{D38016AB-AC47-483a-BD4B-812CCDCD4236}
{69281D18-CC2D-4d02-825B-B77B176BDBEC}
{69281D18-CC2D-4d02-825B-B77B176BDBEC}
{DCEE4103-3E9E-4a3e-9BD8-E432B5CA7A25}
{DCEE4103-3E9E-4a3e-9BD8-E432B5CA7A25}
{D49969FF-0395-4E56-BA6A-39D2FDE49144}
{D49969FF-0395-4E56-BA6A-39D2FDE49144}
stat.dat
stat.dat
HKEY_CURRENT_CONFIG
HKEY_CURRENT_CONFIG
\/:*?"|
\/:*?"|
ftps://
ftps://
hXXps://
hXXps://
PTF://
PTF://
hXXp://
hXXp://
index.html
index.html
.rmvb
.rmvb
.mpga
.mpga
.mpeg
.mpeg
.\AsynFrame.cpp
.\AsynFrame.cpp
.\asyn_io_manager.cpp
.\asyn_io_manager.cpp
operation_type_none == _connecting_queue[event_handle]._opt_type
operation_type_none == _connecting_queue[event_handle]._opt_type
0 == _connecting_queue[event_handle]._ip_addresses.size()
0 == _connecting_queue[event_handle]._ip_addresses.size()
_connecting_queue.count(event_handle)
_connecting_queue.count(event_handle)
.\connect_manager.cpp
.\connect_manager.cpp
_connecting_queue[event_handle]._ip_addresses.size()
_connecting_queue[event_handle]._ip_addresses.size()
_socket2event_map.count(socket_handle)
_socket2event_map.count(socket_handle)
_socket2event_map.count(info._operation_ptr->operate_handle())
_socket2event_map.count(info._operation_ptr->operate_handle())
operation_ptr->operate_handle()
operation_ptr->operate_handle()
operation_ptr->is_pending()
operation_ptr->is_pending()
operation_ptr
operation_ptr
_connecting_queue[event_handle]._opt_type == operation_type_connect
_connecting_queue[event_handle]._opt_type == operation_type_connect
.\asyn_io_operation.cpp
.\asyn_io_operation.cpp
operation_ptr->is_pending() == false
operation_ptr->is_pending() == false
.\asyn_file_device.cpp
.\asyn_file_device.cpp
result == _io_operation
result == _io_operation
.\socks_proxy_verifier.cpp
.\socks_proxy_verifier.cpp
Referer: hXXp://VVV.xunlei.com/
Referer: hXXp://VVV.xunlei.com/
Host: VVV.xunlei.com
Host: VVV.xunlei.com
User-Agent: Mozilla/5.0 (compatible; MSIE 6.0; Windows NT 5.0)
User-Agent: Mozilla/5.0 (compatible; MSIE 6.0; Windows NT 5.0)
HTTP/1.1
HTTP/1.1
hXXp://VVV.xunlei.com/
hXXp://VVV.xunlei.com/
127.0.0.1
127.0.0.1
0.0.0.0
0.0.0.0
SCHANNEL.DLL
SCHANNEL.DLL
_operation_ptr == NULL
_operation_ptr == NULL
.\AsynSSLSocket.cpp
.\AsynSSLSocket.cpp
bytes_transfered == _data_operate_bytes
bytes_transfered == _data_operate_bytes
_operation_ptr != NULL
_operation_ptr != NULL
.\AsynSpeedLimitSocket.cpp
.\AsynSpeedLimitSocket.cpp
buffer_pos expected_bytes buffer_len()
buffer_pos expected_bytes buffer_len()
.\asyn_socket_device_imp.cpp
.\asyn_socket_device_imp.cpp
operation_ptr != NULL
operation_ptr != NULL
.\file_asyn_io_helper.cpp
.\file_asyn_io_helper.cpp
enable_fcrt
enable_fcrt
.\asyn_io_handler.cpp
.\asyn_io_handler.cpp
operation_ptr->handdler_ptr() == this
operation_ptr->handdler_ptr() == this
.\timer_manager.cpp
.\timer_manager.cpp
.\wait_objects_thread.cpp
.\wait_objects_thread.cpp
.\asyn_socks_socket_device.cpp
.\asyn_socks_socket_device.cpp
.\socks_asyn_server_socket.cpp
.\socks_asyn_server_socket.cpp
.\asyn_udp_device.cpp
.\asyn_udp_device.cpp
.\asyn_icmp_device.cpp
.\asyn_icmp_device.cpp
.\socks_wrapper.cpp
.\socks_wrapper.cpp
sock5: unsupport authenticate method:
sock5: unsupport authenticate method:
sock5: no acceptable method to login proxy server
sock5: no acceptable method to login proxy server
unsupported socks ver no:
unsupported socks ver no:
sock5 not support passord of length exceed 255
sock5 not support passord of length exceed 255
sock5 not support user name of length exceed 255
sock5 not support user name of length exceed 255
no set user name,can't login socks5 proxy server
no set user name,can't login socks5 proxy server
socks5 server user name and password authenticate not passed
socks5 server user name and password authenticate not passed
exceed 255, sock5 not support this
exceed 255, sock5 not support this
not support ipv6 address
not support ipv6 address
sock5 server : address type not supported
sock5 server : address type not supported
sock5 server : command not supported
sock5 server : command not supported
asyn_frame.dat
asyn_frame.dat
.sandai.net
.sandai.net
error.dat
error.dat
.\dl_plugin_fs.cpp
.\dl_plugin_fs.cpp
(id is_free == false)
(id is_free == false)
.\file_io_unit.cpp
.\file_io_unit.cpp
id
id
map_it != _data_map.end()
map_it != _data_map.end()
map_it != _reading_ranges_array.end()
map_it != _reading_ranges_array.end()
.\cache_strategy.cpp
.\cache_strategy.cpp
.\rest_range_read_manager.cpp
.\rest_range_read_manager.cpp
it_done != _file_rest_queue_done.end()
it_done != _file_rest_queue_done.end()
j
j
.\io_manager.cpp
.\io_manager.cpp
p2s_idx_hub_port
p2s_idx_hub_port
hub5idx.shub.hz.sandai.net
hub5idx.shub.hz.sandai.net
p2s_res_hub_port
p2s_res_hub_port
hub5sr.shub.hz.sandai.net
hub5sr.shub.hz.sandai.net
p2s_hub_port
p2s_hub_port
port
port
imhub5t.hz.sandai.net
imhub5t.hz.sandai.net
.td.cfg
.td.cfg
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)
cmd_report_abnormal_response
cmd_report_abnormal_response
d:\minidownloadlib\branches\branch_wbf\p2sp\sim_class\../com_class/CCommand.h
d:\minidownloadlib\branches\branch_wbf\p2sp\sim_class\../com_class/CCommand.h
g;CP2spSubTask_url
g;CP2spSubTask_url
d:\minidownloadlib\branches\branch_wbf\p2sp\sim_class\download_plugin.h
d:\minidownloadlib\branches\branch_wbf\p2sp\sim_class\download_plugin.h
.unknow
.unknow
0 != _need_calc_blocknos.size()
0 != _need_calc_blocknos.size()
.\xunlei_bcid_calculator.cpp
.\xunlei_bcid_calculator.cpp
.\bcids_info.cpp
.\bcids_info.cpp
cfgfile error version: %d
cfgfile error version: %d
("execute_cmd
("execute_cmd
\MiniDownloadLib\branches\branch_wbf\p2sp\protocol\cmd_tcp_handler.cpp
\MiniDownloadLib\branches\branch_wbf\p2sp\protocol\cmd_tcp_handler.cpp
invalid_cmd
invalid_cmd
tcp_connect_error
tcp_connect_error
report_time
report_time
TCPH_Failed
TCPH_Failed
TCPH_NetError
TCPH_NetError
TCPH_BothRes
TCPH_BothRes
TCPH_OnlySeedRes
TCPH_OnlySeedRes
TCPH_OnlyNonSeedRes
TCPH_OnlyNonSeedRes
TCPH_NoRes
TCPH_NoRes
cmd_query_hub
cmd_query_hub
cmd_query_res_info_hub
cmd_query_res_info_hub
cmd_query_server_res
cmd_query_server_res
\MiniDownloadLib\branches\branch_wbf\p2sp\protocol\command.cpp
\MiniDownloadLib\branches\branch_wbf\p2sp\protocol\command.cpp
cmd_report_fetch_hint_error
cmd_report_fetch_hint_error
cmd_report_fetch_hint_error_response
cmd_report_fetch_hint_error_response
!_gcid.empty() && _sub_task_file_size != 0
!_gcid.empty() && _sub_task_file_size != 0
.\p2sp_sub_task_imp.cpp
.\p2sp_sub_task_imp.cpp
.\resource_info_ex.cpp
.\resource_info_ex.cpp
HTTP/1.1
HTTP/1.1
httpresponse_header don't have field: Content-Length
httpresponse_header don't have field: Content-Length
httpresponse_header don't have field: Content-Range
httpresponse_header don't have field: Content-Range
httpresponse header don't have field: Content-Range
httpresponse header don't have field: Content-Range
httpresponse_header don't have field: Content-Disposition
httpresponse_header don't have field: Content-Disposition
Httponly
Httponly
HttpOnly
HttpOnly
httponly
httponly
IDataPipe
IDataPipe
dupsock_chunked_http_data_pipe
dupsock_chunked_http_data_pipe
dupsock_data_pipe
dupsock_data_pipe
_data_operation == NULL
_data_operation == NULL
.\ftp_data_pipe.cpp
.\ftp_data_pipe.cpp
operation_ptr == _data_operation
operation_ptr == _data_operation
data_len
data_len
PASS ******
PASS ******
does not surpport this type of ftp proxy
does not surpport this type of ftp proxy
_asyn_io_operation == NULL
_asyn_io_operation == NULL
_data_operation != NULL
_data_operation != NULL
_assigned_range.pos()
_assigned_range.pos()
_encode_filename_count<_all_encoded_filename.size>
_encode_filename_count<_all_encoded_filename.size>
_all_encoded_filename.size()>0
_all_encoded_filename.size()>0
ftp_min_expected_sum_length
ftp_min_expected_sum_length
ftp_data_pipe
ftp_data_pipe
PROT failed, server may not support ssl
PROT failed, server may not support ssl
PBSZ failed, server may not support ssl
PBSZ failed, server may not support ssl
_encode_filename_count
_encode_filename_count
port command exec failure
port command exec failure
login failure at cwd
login failure at cwd
login failure at PASS
login failure at PASS
login failure at USER
login failure at USER
PORT
PORT
OP_SOCK_BIND == operation_ptr->operation_type()
OP_SOCK_BIND == operation_ptr->operation_type()
OP_SOCK_CONNECT == operation_ptr->operation_type()
OP_SOCK_CONNECT == operation_ptr->operation_type()
_ssl_explicit && operation_ptr == _asyn_io_operation
_ssl_explicit && operation_ptr == _asyn_io_operation
operation_ptr == _asyn_io_operation
operation_ptr == _asyn_io_operation
_is_ssl && operation_ptr == _data_operation
_is_ssl && operation_ptr == _data_operation
http request return error, can't get entity_length
http request return error, can't get entity_length
operation_ptr->operation_type() == OP_SOCK_CONNECT
operation_ptr->operation_type() == OP_SOCK_CONNECT
operation_ptr == _ayso_io_operation
operation_ptr == _ayso_io_operation
.\http_data_pipe.cpp
.\http_data_pipe.cpp
not send request,can't get redirect_url
not send request,can't get redirect_url
yahoo.com
yahoo.com
_cur_process_path_pos
_cur_process_path_pos
(unsigned)_small_file_pos
(unsigned)_small_file_pos
Shlwapi.dll
Shlwapi.dll
http_min_expected_sum_length
http_min_expected_sum_length
cur_proxy.proxy_type == HTTP_PROXY
cur_proxy.proxy_type == HTTP_PROXY
http_data_pipe
http_data_pipe
.xunlei.com
.xunlei.com
6to23.com
6to23.com
_process_full_paths.push_back has logical error
_process_full_paths.push_back has logical error
encode_mode _http_full_paths.size()
encode_mode _http_full_paths.size()
.\http_url_range_pipe.cpp
.\http_url_range_pipe.cpp
_server_resource_ptr->range_type() == VSU_RANGE_URL
_server_resource_ptr->range_type() == VSU_RANGE_URL
.\p2s_task_event_handler.cpp
.\p2s_task_event_handler.cpp
1 == resources.size()
1 == resources.size()
.\server_res_store.cpp
.\server_res_store.cpp
cmd_query_hub_response
cmd_query_hub_response
cmd_query_res_info_response
cmd_query_res_info_response
cmd_query_server_res_response
cmd_query_server_res_response
.\p2s_res_searcher.cpp
.\p2s_res_searcher.cpp
d..\p2s_sub_task.cpp
d..\p2s_sub_task.cpp
max_url_length
max_url_length
cmd_report_change_ex
cmd_report_change_ex
cmd_insert_server
cmd_insert_server
.movie
.movie
video/vnd.mpegurl
video/vnd.mpegurl
.wmls
.wmls
text/vnd.wap.wmlscript
text/vnd.wap.wmlscript
text/vnd.wap.wml
text/vnd.wap.wml
.html
.html
image/x-portable-pixmap
image/x-portable-pixmap
image/x-portable-graymap
image/x-portable-graymap
image/x-portable-bitmap
image/x-portable-bitmap
image/x-portable-anymap
image/x-portable-anymap
.wbmp
.wbmp
image/vnd.wap.wbmp
image/vnd.wap.wbmp
image/vnd.djvu
image/vnd.djvu
.tiff
.tiff
.arpm
.arpm
audio/x-mpegurl
audio/x-mpegurl
.midi
.midi
.xhtml
.xhtml
.ustar
.ustar
.texi
.texi
.sv4crc
.sv4crc
.sv4cpio
.sv4cpio
.shar
.shar
.latex
.latex
.gtar
.gtar
.cpio
.cpio
.bcpio
.bcpio
.wmlsc
.wmlsc
application/vnd.wap.wmlscriptc
application/vnd.wap.wmlscriptc
.wmlc
.wmlc
application/vnd.wap.wmlc
application/vnd.wap.wmlc
.wbxml
.wbxml
application/vnd.wap.wbxml
application/vnd.wap.wbxml
application/vnd.ms-powerpoint
application/vnd.ms-powerpoint
application/vnd.ms-excel
application/vnd.ms-excel
application/vnd.mif
application/vnd.mif
_dispatch_info.offset
_dispatch_info.offset
.\p2sp_data_pipe.cpp
.\p2sp_data_pipe.cpp
.\limit_asyn_socket_device.cpp
.\limit_asyn_socket_device.cpp
_client_cur_len _dispatch_info.offset == _dispatch_info.expected_pos
_client_cur_len _dispatch_info.offset == _dispatch_info.expected_pos
1 == range_q.size()
1 == range_q.size()
.\ftp_data_reader.cpp
.\ftp_data_reader.cpp
.\server_data_pipe.cpp
.\server_data_pipe.cpp
read notify failure, and not support range, exit
read notify failure, and not support range, exit
support keep alive and socket is not pending , reopen
support keep alive and socket is not pending , reopen
pipe reading, pos != cur pos, cur pos:
pipe reading, pos != cur pos, cur pos:
support keep alive but pipe is not connected
support keep alive but pipe is not connected
pipe reading, pos == cur pos, do read direct
pipe reading, pos == cur pos, do read direct
change ranges while state is opening, support keep alive ! pos != old_range_pos reconnect
change ranges while state is opening, support keep alive ! pos != old_range_pos reconnect
pipe opening, pos != old pos , old pos:
pipe opening, pos != old pos , old pos:
pipe opening, pos == old pos
pipe opening, pos == old pos
change zero range while state is opening. close this pipe.
change zero range while state is opening. close this pipe.
change zero range while state is connecting. close this pipe.
change zero range while state is connecting. close this pipe.
pipe idle, pos != cur pos, not support range reconnect
pipe idle, pos != cur pos, not support range reconnect
pipe idle, pos != cur pos, connect again, cur pos:
pipe idle, pos != cur pos, connect again, cur pos:
pipe idle, pos != cur pos, not support keep alive, so reconnect
pipe idle, pos != cur pos, not support keep alive, so reconnect
pipe idle, pos == cur pos, support keep alive, so do sub open
pipe idle, pos == cur pos, support keep alive, so do sub open
change_ranges at state: idle but not support range , do read direct
change_ranges at state: idle but not support range , do read direct
change zero range while state is idle. close this pipe.
change zero range while state is idle. close this pipe.
change ranges while retry waiting! and is zero range. so close pipe.
change ranges while retry waiting! and is zero range. so close pipe.
, but not support range, range pos:
, but not support range, range pos:
occur exception: redirect but schema not support, no retry
occur exception: redirect but schema not support, no retry
occur exception: redirect but self redirect url, no retry
occur exception: redirect but self redirect url, no retry
occur exception: redirect but no redirect url, no retry
occur exception: redirect but no redirect url, no retry
occur exception: redirect but wrong redirect port, no retry
occur exception: redirect but wrong redirect port, no retry
io_complete, handle_open_notify return not support range, is html:
io_complete, handle_open_notify return not support range, is html:
cmd_report_notstable_response
cmd_report_notstable_response
cmd_report_notstable
cmd_report_notstable
_cfgdata_info._bcid_calculator.get_bcids().block_size() != 0
_cfgdata_info._bcid_calculator.get_bcids().block_size() != 0
\MiniDownloadLib\branches\branch_wbf\p2sp\datamanagement_imp\data_file_handler.cpp
\MiniDownloadLib\branches\branch_wbf\p2sp\datamanagement_imp\data_file_handler.cpp
0 !=_data_receiver_list.size()
0 !=_data_receiver_list.size()
.td.decprs
.td.decprs
.\data_file_manager.cpp
.\data_file_manager.cpp
_asyn_file_op_ptr == operation_ptr
_asyn_file_op_ptr == operation_ptr
cmd_report_new_task
cmd_report_new_task
cmd_report_new_task_response
cmd_report_new_task_response
cmd_report_task_life_cycle
cmd_report_task_life_cycle
cmd_report_task_life_cycle_resp
cmd_report_task_life_cycle_resp
cmd_report_change_ex_response
cmd_report_change_ex_response
cmd_insert_server_response
cmd_insert_server_response
.\simple_data_receiver.cpp
.\simple_data_receiver.cpp
cmd_report_dwstat
cmd_report_dwstat
cmd_report_dwstat_resp
cmd_report_dwstat_resp
cmd_report_download_failure
cmd_report_download_failure
cmd_vote_urlinfo
cmd_vote_urlinfo
cmd_report_abnormal
cmd_report_abnormal
cmd_report_correction_resp
cmd_report_correction_resp
cmd_report_correction
cmd_report_correction
1.2.3
1.2.3
%c%c%c%c%c%c
%c%c%c%c%c%c
%c%c%c%c%c%c%c%c%c
%c%c%c%c%c%c%c%c%c
%c%c%c%c%c%c%c
%c%c%c%c%c%c%c
%c%c%c%c%c
%c%c%c%c%c
%c%c%c%c
%c%c%c%c
%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c
%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c
%c%c%c
%c%c%c
.\data_receiver.cpp
.\data_receiver.cpp
cmd_report_download_failure_response
cmd_report_download_failure_response
cmd_vote_urlinfo_resp
cmd_vote_urlinfo_resp
pipe_base_socre
pipe_base_socre
simu_max_alternate_pipes
simu_max_alternate_pipes
simu_pipes_per_task
simu_pipes_per_task
simu_max_simultaneity_pipes
simu_max_simultaneity_pipes
simu_min_simultaneity_pipes
simu_min_simultaneity_pipes
random_unchoke_pipe_num
random_unchoke_pipe_num
optimistic_unchoke_pipe_num
optimistic_unchoke_pipe_num
pure_upload_pipe_max
pure_upload_pipe_max
cid_store_server_port
cid_store_server_port
hubciddata.hz.sandai.net
hubciddata.hz.sandai.net
\cid_store.dat
\cid_store.dat
hubstat_port
hubstat_port
hubstat.hz.sandai.net
hubstat.hz.sandai.net
imhubstat.hz.sandai.net
imhubstat.hz.sandai.net
pmap_port
pmap_port
pmap.hz.sandai.net
pmap.hz.sandai.net
udp_recv_speed_max
udp_recv_speed_max
udp_send_speed_max
udp_send_speed_max
diff_nat_tcp_recv_speed_max
diff_nat_tcp_recv_speed_max
diff_nat_tcp_send_speed_max
diff_nat_tcp_send_speed_max
same_nat_tcp_recv_speed_max
same_nat_tcp_recv_speed_max
same_nat_tcp_send_speed_max
same_nat_tcp_send_speed_max
udp_recv_bytes
udp_recv_bytes
udp_send_bytes
udp_send_bytes
udp_recv_times
udp_recv_times
udp_send_times
udp_send_times
diff_nat_tcp_recv_bytes
diff_nat_tcp_recv_bytes
diff_nat_tcp_send_bytes
diff_nat_tcp_send_bytes
diff_nat_tcp_recv_times
diff_nat_tcp_recv_times
diff_nat_tcp_send_times
diff_nat_tcp_send_times
same_nat_tcp_recv_bytes
same_nat_tcp_recv_bytes
same_nat_tcp_send_bytes
same_nat_tcp_send_bytes
same_nat_tcp_recv_times
same_nat_tcp_recv_times
same_nat_tcp_send_times
same_nat_tcp_send_times
cmd_retry_interval
cmd_retry_interval
cmd_enroll
cmd_enroll
passive_report_period
passive_report_period
cmd_enroll_resp
cmd_enroll_resp
config_port
config_port
hub5c.hz.sandai.net
hub5c.hz.sandai.net
cmd_reportcrack_resp
cmd_reportcrack_resp
cmd_report_change_dir_for_ids_resp
cmd_report_change_dir_for_ids_resp
cmd_report_del_uncomp_task_response
cmd_report_del_uncomp_task_response
cmd_query_resstat_resp
cmd_query_resstat_resp
new asyn_io_operation failed.
new asyn_io_operation failed.
POST / HTTP/1.1
POST / HTTP/1.1
/ HTTP/1.1
/ HTTP/1.1
POST hXXp://
POST hXXp://
udp_retry_times
udp_retry_times
command [%s] encode length [%lu] is greater than udp packet max length [%lu].
command [%s] encode length [%lu] is greater than udp packet max length [%lu].
udp_recv_timeout_interval
udp_recv_timeout_interval
wrap_with_http
wrap_with_http
cmd_query_base_conf
cmd_query_base_conf
cmd_query_base_conf_resp
cmd_query_base_conf_resp
%d.%d.%d.%d
%d.%d.%d.%d
cmd_report_change_dir_for_ids
cmd_report_change_dir_for_ids
cmd_report_del_uncomp_task
cmd_report_del_uncomp_task
cmd_query_resstat
cmd_query_resstat
cmd_reportcrack
cmd_reportcrack
cmd_getconfig
cmd_getconfig
cmd_getconfig_resp
cmd_getconfig_resp
default_udp_port
default_udp_port
dl_port
dl_port
default_tcp_port
default_tcp_port
broker_tcp_conn_succ
broker_tcp_conn_succ
broker_tcp_connection
broker_tcp_connection
direct_tcp_conn_succ
direct_tcp_conn_succ
direct_tcp_connection
direct_tcp_connection
PS_PORT_ALLOC
PS_PORT_ALLOC
AS_PORT_ALLOC
AS_PORT_ALLOC
CONE_PORT_ALLOC
CONE_PORT_ALLOC
UNKNOWN_PORT_ALLOC
UNKNOWN_PORT_ALLOC
DELTA_PORT_OTHER
DELTA_PORT_OTHER
DELTA_PORT_0
DELTA_PORT_0
DELTA_PORT_4
DELTA_PORT_4
DELTA_PORT_3
DELTA_PORT_3
DELTA_PORT_2
DELTA_PORT_2
DELTA_PORT_1
DELTA_PORT_1
UNKNOWN_DELTA_PORT
UNKNOWN_DELTA_PORT
255.255.255.0
255.255.255.0
bind port failed.
bind port failed.
http_wrapper_enable
http_wrapper_enable
p2p_cmd_reportp2pstatresp
p2p_cmd_reportp2pstatresp
report_time_obj
report_time_obj
cmd_reportp2pobjstatresp
cmd_reportp2pobjstatresp
d:\minidownloadlib\branches\branch_wbf\ptl\back_agent\../com_class/CCommand.h
d:\minidownloadlib\branches\branch_wbf\ptl\back_agent\../com_class/CCommand.h
ReportP2PTraverseStatEvents
ReportP2PTraverseStatEvents
NAT_SERVER_PORT_LIST
NAT_SERVER_PORT_LIST
8000,4000,3076,4004,5004
8000,4000,3076,4004,5004
nat_check_port
nat_check_port
BROKERCMD
BROKERCMD
path_stat_server_port
path_stat_server_port
relay.phub.hz.sandai.net
relay.phub.hz.sandai.net
P2P_UPDATE_EX_PORT_FACTOR
P2P_UPDATE_EX_PORT_FACTOR
P2P_UPDATE_EX_PORT_INTERVAL
P2P_UPDATE_EX_PORT_INTERVAL
P2P_BIND_PORT_MAX_RETRY
P2P_BIND_PORT_MAX_RETRY
hub5pnc.hz.sandai.net
hub5pnc.hz.sandai.net
TRACKER_PORT
TRACKER_PORT
hub5pn.hz.sandai.net
hub5pn.hz.sandai.net
ping_server_port
ping_server_port
hub5u.hz.sandai.net
hub5u.hz.sandai.net
P2P_NAT_CHECK_UDP_MAX_RETRY
P2P_NAT_CHECK_UDP_MAX_RETRY
P2P_NAT_CHECK_UDP_TIMEOUT
P2P_NAT_CHECK_UDP_TIMEOUT
P2P_DEFAULT_LISTEN_DUMMY_PORT
P2P_DEFAULT_LISTEN_DUMMY_PORT
relay.hz.sandai.net
relay.hz.sandai.net
_dest_dummy_port:
_dest_dummy_port:
_source_dummy_port:
_source_dummy_port:
p2p_cmd_old::decode should decode
p2p_cmd_old::decode should decode
but decode cmd =[
but decode cmd =[
UNKNOWNCMD
UNKNOWNCMD
p2p_cmd_tcp::decode bodylen[
p2p_cmd_tcp::decode bodylen[
p2p_cmd_tcp::decode buff_size
p2p_cmd_tcp::decode buff_size
HTTP/1.1 200 OK
HTTP/1.1 200 OK
asyn_http_socket
asyn_http_socket
asyn_http_socket_device
asyn_http_socket_device
p2p_cmd_statistic
p2p_cmd_statistic
cmd_reportp2pobjstat
cmd_reportp2pobjstat
enable_tcp_mode
enable_tcp_mode
No second port.
No second port.
No source port.
No source port.
No mapped port.
No mapped port.
external_port
external_port
upnp.exe
upnp.exe
describe_url
describe_url
send udp data error
send udp data error
UDP send_to() is commanded to stop!
UDP send_to() is commanded to stop!
%u.%u.%u.%u
%u.%u.%u.%u
_local_port
_local_port
_delta_port
_delta_port
_latest_ex_port
_latest_ex_port
_local_dummy_port
_local_dummy_port
_remote_port
_remote_port
port :
port :
p2p_cmd_udp::decode buff_size
p2p_cmd_udp::decode buff_size
_guess_ex_port
_guess_ex_port
_remote_dummy_port
_remote_dummy_port
_dest_dummy_port
_dest_dummy_port
_source_dummy_port
_source_dummy_port
obj_dummy_port :
obj_dummy_port :
src_dummy_port :
src_dummy_port :
_my_dummy_port
_my_dummy_port
port:
port:
no next_report_day
no next_report_day
AddPortMapping
AddPortMapping
%u
%u
%s
%s
%u
%u
%s
%s
Thunder5
Thunder5
POST %s HTTP/1.1
POST %s HTTP/1.1
HOST: %s:%u
HOST: %s:%u
Content-Length: %d
Content-Length: %d
SOAPACTION: "%s#%s"
SOAPACTION: "%s#%s"
xmlns:s="hXXp://schemas.xmlsoap.org/soap/envelope/"
xmlns:s="hXXp://schemas.xmlsoap.org/soap/envelope/"
s:encodingStyle="hXXp://schemas.xmlsoap.org/soap/encoding/">
s:encodingStyle="hXXp://schemas.xmlsoap.org/soap/encoding/">
%s %s>
%s %s>
GET %s HTTP/1.1
GET %s HTTP/1.1
Host: %s:%d
Host: %s:%d
controlURL
controlURL
URLBase
URLBase
cmd_report_upnp
cmd_report_upnp
cmd_report_upnp_response
cmd_report_upnp_response
239.255.255.250
239.255.255.250
M-SEARCH * HTTP/1.1
M-SEARCH * HTTP/1.1
HOST:239.255.255.250:1900
HOST:239.255.255.250:1900
unknown escape character: '&%s'
unknown escape character: '&%s'
{D69684C8-7381-478C-A595-9FFBD8EA3506}
{D69684C8-7381-478C-A595-9FFBD8EA3506}
coisp_cdn.dat
coisp_cdn.dat
coisp_ipsec.dat
coisp_ipsec.dat
recv_all_cmd_bytes
recv_all_cmd_bytes
recv_all_cmd_count
recv_all_cmd_count
send_all_cmd_bytes
send_all_cmd_bytes
send_all_cmd_count
send_all_cmd_count
pus_report_interval
pus_report_interval
p2p_hub_port
p2p_hub_port
imhub5pr.hz.sandai.net
imhub5pr.hz.sandai.net
tracker_port
tracker_port
hub5p.hz.sandai.net
hub5p.hz.sandai.net
hub5pr.hz.sandai.net
hub5pr.hz.sandai.net
score_port
score_port
score.phub.hz.sandai.net
score.phub.hz.sandai.net
zero_cdn_port
zero_cdn_port
thunder7.zhub.sandai.net
thunder7.zhub.sandai.net
_read_buffer2ref_count.count(data_input_ptr)
_read_buffer2ref_count.count(data_input_ptr)
.\p2pres_repository.cpp
.\p2pres_repository.cpp
pipe_min_retry_time
pipe_min_retry_time
check_pipe_alive_limit
check_pipe_alive_limit
check_pipe_alive_interval
check_pipe_alive_interval
udp_valid
udp_valid
tcp_valid
tcp_valid
peer://%s@%s:%hu/%s
peer://%s@%s:%hu/%s
d:\minidownloadlib\branches\branch_wbf\p2p\dl_plugin\back_agent\../com_class/CCommand.h
d:\minidownloadlib\branches\branch_wbf\p2p\dl_plugin\back_agent\../com_class/CCommand.h
cmd_retry_isrconline_interval
cmd_retry_isrconline_interval
cmd_relogin_interval
cmd_relogin_interval
_command_queue.size()
_command_queue.size()
.\hub_protocol\p2phub_tcp_handler.cpp
.\hub_protocol\p2phub_tcp_handler.cpp
force_report_p2p_res
force_report_p2p_res
cmd_p2perrorstatresp
cmd_p2perrorstatresp
cmd_report_invalid_peer
cmd_report_invalid_peer
.\p2p_pipe_base.cpp
.\p2p_pipe_base.cpp
(tcp)
(tcp)
(udp)
(udp)
remove choke pipe:
remove choke pipe:
pipe deleted.
pipe deleted.
insert choke pipe:
insert choke pipe:
pipe already closed and deleted!
pipe already closed and deleted!
]. pipe didn't send or recv for [
]. pipe didn't send or recv for [
INVALID_CMD
INVALID_CMD
send UNKNOWNCMD failed. error_code=[
send UNKNOWNCMD failed. error_code=[
recv UNKNOWNCMD failed. error_code=[
recv UNKNOWNCMD failed. error_code=[
new asyn_io_operation == NULL!!
new asyn_io_operation == NULL!!
an operation need illegal [
an operation need illegal [
encode cmd exception =
encode cmd exception =
impossible _pipe_type =
impossible _pipe_type =
0000000000000000
0000000000000000
cmd_old_head->encode caused exception:
cmd_old_head->encode caused exception:
read_buffer notify error. post an operation simulant send GETRESP(failed).
read_buffer notify error. post an operation simulant send GETRESP(failed).
recv opt_unknown_recv_cmd_old_header failed! error_code=[
recv opt_unknown_recv_cmd_old_header failed! error_code=[
opt_unknown_recv_cmd_old failed! error_code=[
opt_unknown_recv_cmd_old failed! error_code=[
old p2p command decode get unknown cmd_name =
old p2p command decode get unknown cmd_name =
PIPE
PIPE
add_accepted_p2p_pipe failed!
add_accepted_p2p_pipe failed!
accepted with TCP connection.
accepted with TCP connection.
illegal pipe_open_type =
illegal pipe_open_type =
broker_open: impossible PIPE_TYPE =
broker_open: impossible PIPE_TYPE =
incorrect pipe_open_type =
incorrect pipe_open_type =
Unknown operation types =
Unknown operation types =
range_to_save.pos()[
range_to_save.pos()[
cmd_requestresp data_len
cmd_requestresp data_len
Unknown operation=
Unknown operation=
recv cmd tcp header failed! error_code=[
recv cmd tcp header failed! error_code=[
decode cmd tcp header exception =
decode cmd tcp header exception =
cmd name is unknown. header data: protocol version[
cmd name is unknown. header data: protocol version[
] cmd_name[
] cmd_name[
Unknown _pipe_type =
Unknown _pipe_type =
p2p_data_pipe
p2p_data_pipe
cmd_report_upload_statistic_resp
cmd_report_upload_statistic_resp
cmd_report_upload_statistic
cmd_report_upload_statistic
.\peer_res_store.cpp
.\peer_res_store.cpp
.\download_task\resource_info_ex.cpp
.\download_task\resource_info_ex.cpp
.\command.cpp
.\command.cpp
cmd_is_src_online
cmd_is_src_online
cmd_insert_rc
cmd_insert_rc
cmd_delete_rc
cmd_delete_rc
cmd_delete_rc_resp
cmd_delete_rc_resp
cmd_report_rclist
cmd_report_rclist
cmd_p2perrorstat
cmd_p2perrorstat
.\cmd_tcp_handler.cpp
.\cmd_tcp_handler.cpp
cmd_query_self_p2p_score
cmd_query_self_p2p_score
cmd_query_self_p2p_score_resp
cmd_query_self_p2p_score_resp
.\cmd_udp_handler.cpp
.\cmd_udp_handler.cpp
p2p_cmd_old::encode Empty command name to encode!
p2p_cmd_old::encode Empty command name to encode!
p2p_cmd_old::decode cmd name should =[
p2p_cmd_old::decode cmd name should =[
]. but decode cmd =[
]. but decode cmd =[
p2p_cmd_old::decode buff_size [
p2p_cmd_old::decode buff_size [
cmd_query_p2phub
cmd_query_p2phub
cmd_query_p2phub_resp
cmd_query_p2phub_resp
cmd_query_tracker
cmd_query_tracker
.\hub_protocol\cmd_query_tracker.cpp
.\hub_protocol\cmd_query_tracker.cpp
cmd_query_tracker_resp
cmd_query_tracker_resp
tracker_cmd_delete
tracker_cmd_delete
tracker_cmd_delete_resp
tracker_cmd_delete_resp
cmd_is_src_online_resp
cmd_is_src_online_resp
cmd_insert_rc_resp
cmd_insert_rc_resp
cmd_report_rclist_resp
cmd_report_rclist_resp
user_global_tcp_connection_limit
user_global_tcp_connection_limit
.\DispatcherMain.cpp
.\DispatcherMain.cpp
.\dispatcher.cpp
.\dispatcher.cpp
%d.txt
%d.txt
hyper_speed_mode_pipe_limit
hyper_speed_mode_pipe_limit
task_url
task_url
max_non_p2sp_pipes_count
max_non_p2sp_pipes_count
max_recv_data_internal_http
max_recv_data_internal_http
max_recv_data_internal_ftp
max_recv_data_internal_ftp
max_pipe_on_same_host
max_pipe_on_same_host
max_pipe_count
max_pipe_count
calc_speed_pipe_score_fator
calc_speed_pipe_score_fator
open a pipe
open a pipe
find a pipe by substring in res_id
find a pipe by substring in res_id
show pipe information
show pipe information
list all pipes
list all pipes
net_stat_recovery_mode_reserve_pipe_num
net_stat_recovery_mode_reserve_pipe_num
max_reserved_pipe_count_base
max_reserved_pipe_count_base
not_support_range_pipe_reopen_interval
not_support_range_pipe_reopen_interval
max_normal_pipe_reopen_interval
max_normal_pipe_reopen_interval
normal_pipe_reopen_interval
normal_pipe_reopen_interval
new_pipe_count_base_dec_delta_slow
new_pipe_count_base_dec_delta_slow
new_pipe_count_base_dec_delta_fast
new_pipe_count_base_dec_delta_fast
new_pipe_count_base_inc_delta_slow
new_pipe_count_base_inc_delta_slow
new_pipe_count_base_inc_delta_fast
new_pipe_count_base_inc_delta_fast
default_open_pipe_count_on_task_start
default_open_pipe_count_on_task_start
?to_open_count >= pipes_created_once
?to_open_count >= pipes_created_once
.\normal_connect_dispatch.cpp
.\normal_connect_dispatch.cpp
succ open pipe :
succ open pipe :
usage: open pipe_ptr
usage: open pipe_ptr
succ close pipe :
succ close pipe :
usage: close pipe_ptr
usage: close pipe_ptr
pipe_history_max_speed:
pipe_history_max_speed:
pipe_recent_max_speed:
pipe_recent_max_speed:
pipe_speed:
pipe_speed:
pipe:
pipe:
not found pipe:
not found pipe:
usage: info pipe_ptr
usage: info pipe_ptr
pipe:
pipe:
lixian.vip.xunlei.com
lixian.vip.xunlei.com
is_in(pipe_wrapper_ptr)
is_in(pipe_wrapper_ptr)
.\resource_wrapper.cpp
.\resource_wrapper.cpp
pipe_list
pipe_list
idle_cause >= PIPE_IDLE_INIT && idle_cause
idle_cause >= PIPE_IDLE_INIT && idle_cause
.\data_pipe_wrapper.cpp
.\data_pipe_wrapper.cpp
d:\minidownloadlib\branches\branch_wbf\down_dispatcher\dispatcher\data_pipe_wrapper.h
d:\minidownloadlib\branches\branch_wbf\down_dispatcher\dispatcher\data_pipe_wrapper.h
data_pipe_wrapper
data_pipe_wrapper
max_dispatch_p2p_pipe_count
max_dispatch_p2p_pipe_count
max_dispatch_server_pipe_count
max_dispatch_server_pipe_count
max_overlap_p2p_pipes
max_overlap_p2p_pipes
max_overlap_server_pipes
max_overlap_server_pipes
.\normal_dispatcher_imp_new.cpp
.\normal_dispatcher_imp_new.cpp
next_it != _cur_map.end()
next_it != _cur_map.end()
next_it != _cur_map.begin()
next_it != _cur_map.begin()
end_of_range != _cur_map.end()
end_of_range != _cur_map.end()
end_of_range != _cur_map.begin()
end_of_range != _cur_map.begin()
i->first == r_r.pos()
i->first == r_r.pos()
_cur_map.size() >= 2
_cur_map.size() >= 2
.\normal_dispatcher_imp_opt.cpp
.\normal_dispatcher_imp_opt.cpp
_cur_map.size() > 0
_cur_map.size() > 0
_cur_map.size() > 1
_cur_map.size() > 1
pipe_ptr->get_connect_time() != UINT_MAX
pipe_ptr->get_connect_time() != UINT_MAX
enable_pipeline
enable_pipeline
max_pipeline_count
max_pipeline_count
block_range.length() > cut_len
block_range.length() > cut_len
.\small_file_dispatcher_v2.cpp
.\small_file_dispatcher_v2.cpp
.\dispatch_range_queue.cpp
.\dispatch_range_queue.cpp
range_pos->r.is_contain(assign_range) || assign_range.is_full_range()
range_pos->r.is_contain(assign_range) || assign_range.is_full_range()
can_download_ranges().ranges().size() == 1
can_download_ranges().ranges().size() == 1
ranges.size()==1
ranges.size()==1
can_download_ranges().ranges().size() != 0
can_download_ranges().ranges().size() != 0
current_queue.all_range_length() == current_all_length
current_queue.all_range_length() == current_all_length
.\peer_data_pipe.cpp
.\peer_data_pipe.cpp
.\density_calculator.cpp
.\density_calculator.cpp
m_queue->m_allocate_begin_pos != m_queue->m_ranges_info.begin()
m_queue->m_allocate_begin_pos != m_queue->m_ranges_info.begin()
.\sequential_range_iterator.cpp
.\sequential_range_iterator.cpp
.\allocate_iterator.cpp
.\allocate_iterator.cpp
hubstat.sandai.net
hubstat.sandai.net
last_passive_report
last_passive_report
P:passive_report_delay
P:passive_report_delay
Tlast_report_time
Tlast_report_time
report_period
report_period
cmd_report_statistic
cmd_report_statistic
cmd_report_statistic_resp
cmd_report_statistic_resp
d:\minidownloadlib\branches\branch_wbf\xl_stat\back_agent\shub_command.cpp
d:\minidownloadlib\branches\branch_wbf\xl_stat\back_agent\shub_command.cpp
Kernel32.dll
Kernel32.dll
Run-Time Check Failure #%d - %s
Run-Time Check Failure #%d - %s
MSPDB71.DLL
MSPDB71.DLL
IMAGEHLP.DLL
IMAGEHLP.DLL
KERNEL32.DLL
KERNEL32.DLL
ADVAPI32.DLL
ADVAPI32.DLL
dl_crt
dl_crt
not_support_p2p_acc
not_support_p2p_acc
support_p2p_acc
support_p2p_acc
not_support_mhxy_v1
not_support_mhxy_v1
support_mhxy_v1
support_mhxy_v1
not_forced_tcp_mode
not_forced_tcp_mode
forced_tcp_mode
forced_tcp_mode
RSA part of OpenSSL 0.9.8b 04 May 2006
RSA part of OpenSSL 0.9.8b 04 May 2006
passed a null parameter
passed a null parameter
DSO support routines
DSO support routines
x509 certificate routines
x509 certificate routines
Big Number part of OpenSSL 0.9.8b 04 May 2006
Big Number part of OpenSSL 0.9.8b 04 May 2006
ssl_sess_cert
ssl_sess_cert
ssl_cert
ssl_cert
evp_pkey
evp_pkey
x509_pkey
x509_pkey
%s(%d): OpenSSL internal error, assertion failed: %s
%s(%d): OpenSSL internal error, assertion failed: %s
lhash part of OpenSSL 0.9.8b 04 May 2006
lhash part of OpenSSL 0.9.8b 04 May 2006
Stack part of OpenSSL 0.9.8b 04 May 2006
Stack part of OpenSSL 0.9.8b 04 May 2006
RAND part of OpenSSL 0.9.8b 04 May 2006
RAND part of OpenSSL 0.9.8b 04 May 2006
You need to read the OpenSSL FAQ, hXXp://VVV.openssl.org/support/faq.html
You need to read the OpenSSL FAQ, hXXp://VVV.openssl.org/support/faq.html
ASN.1 part of OpenSSL 0.9.8b 04 May 2006
ASN.1 part of OpenSSL 0.9.8b 04 May 2006
certicom-arc
certicom-arc
Proxy Certificate Information
Proxy Certificate Information
proxyCertInfo
proxyCertInfo
Microsoft Smartcardlogin
Microsoft Smartcardlogin
msSmartcardLogin
msSmartcardLogin
joint-iso-itu-t
joint-iso-itu-t
JOINT-ISO-ITU-T
JOINT-ISO-ITU-T
set-rootKeyThumb
set-rootKeyThumb
setAttr-Cert
setAttr-Cert
setCext-cCertRequired
setCext-cCertRequired
setCext-certType
setCext-certType
setct-CertResTBE
setct-CertResTBE
setct-CertReqTBEX
setct-CertReqTBEX
setct-CertReqTBE
setct-CertReqTBE
setct-AcqCardCodeMsgTBE
setct-AcqCardCodeMsgTBE
setct-CertInqReqTBS
setct-CertInqReqTBS
setct-CertResData
setct-CertResData
setct-CertReqTBS
setct-CertReqTBS
setct-CertReqData
setct-CertReqData
setct-PCertResTBS
setct-PCertResTBS
setct-PCertReqData
setct-PCertReqData
setct-AcqCardCodeMsg
setct-AcqCardCodeMsg
certificate extensions
certificate extensions
set-certExt
set-certExt
set-msgExt
set-msgExt
id-ecPublicKey
id-ecPublicKey
id-cmc-confirmCertAcceptance
id-cmc-confirmCertAcceptance
id-cmc-getCert
id-cmc-getCert
id-regInfo-certReq
id-regInfo-certReq
id-regCtrl-protocolEncrKey
id-regCtrl-protocolEncrKey
id-regCtrl-oldCertID
id-regCtrl-oldCertID
id-it-revPassphrase
id-it-revPassphrase
id-it-keyPairParamRep
id-it-keyPairParamRep
id-it-keyPairParamReq
id-it-keyPairParamReq
id-it-unsupportedOIDs
id-it-unsupportedOIDs
id-it-caKeyUpdateInfo
id-it-caKeyUpdateInfo
id-it-encKeyPairTypes
id-it-encKeyPairTypes
id-it-signKeyPairTypes
id-it-signKeyPairTypes
id-it-caProtEncCert
id-it-caProtEncCert
id-mod-attribute-cert
id-mod-attribute-cert
id-mod-qualified-cert-93
id-mod-qualified-cert-93
id-mod-qualified-cert-88
id-mod-qualified-cert-88
id-smime-aa-ets-certCRLTimestamp
id-smime-aa-ets-certCRLTimestamp
id-smime-aa-ets-certValues
id-smime-aa-ets-certValues
id-smime-aa-ets-CertificateRefs
id-smime-aa-ets-CertificateRefs
id-smime-aa-ets-otherSigCert
id-smime-aa-ets-otherSigCert
id-smime-aa-smimeEncryptCerts
id-smime-aa-smimeEncryptCerts
id-smime-aa-signingCertificate
id-smime-aa-signingCertificate
id-smime-aa-encrypKeyPref
id-smime-aa-encrypKeyPref
id-smime-aa-msgSigDigest
id-smime-aa-msgSigDigest
id-smime-ct-publishCert
id-smime-ct-publishCert
id-smime-mod-msg-v3
id-smime-mod-msg-v3
sdsiCertificate
sdsiCertificate
x509Certificate
x509Certificate
localKeyID
localKeyID
certBag
certBag
pkcs8ShroudedKeyBag
pkcs8ShroudedKeyBag
keyBag
keyBag
pbeWithSHA1And2-KeyTripleDES-CBC
pbeWithSHA1And2-KeyTripleDES-CBC
pbeWithSHA1And3-KeyTripleDES-CBC
pbeWithSHA1And3-KeyTripleDES-CBC
TLS Web Client Authentication
TLS Web Client Authentication
TLS Web Server Authentication
TLS Web Server Authentication
X509v3 Extended Key Usage
X509v3 Extended Key Usage
extendedKeyUsage
extendedKeyUsage
X509v3 Authority Key Identifier
X509v3 Authority Key Identifier
authorityKeyIdentifier
authorityKeyIdentifier
X509v3 Certificate Policies
X509v3 Certificate Policies
certificatePolicies
certificatePolicies
X509v3 Private Key Usage Period
X509v3 Private Key Usage Period
privateKeyUsagePeriod
privateKeyUsagePeriod
X509v3 Key Usage
X509v3 Key Usage
keyUsage
keyUsage
X509v3 Subject Key Identifier
X509v3 Subject Key Identifier
subjectKeyIdentifier
subjectKeyIdentifier
Netscape Certificate Sequence
Netscape Certificate Sequence
nsCertSequence
nsCertSequence
Netscape CA Policy Url
Netscape CA Policy Url
nsCaPolicyUrl
nsCaPolicyUrl
Netscape Renewal Url
Netscape Renewal Url
nsRenewalUrl
nsRenewalUrl
Netscape CA Revocation Url
Netscape CA Revocation Url
nsCaRevocationUrl
nsCaRevocationUrl
Netscape Revocation Url
Netscape Revocation Url
nsRevocationUrl
nsRevocationUrl
Netscape Base Url
Netscape Base Url
nsBaseUrl
nsBaseUrl
Netscape Cert Type
Netscape Cert Type
nsCertType
nsCertType
Netscape Certificate Extension
Netscape Certificate Extension
nsCertExt
nsCertExt
extendedCertificateAttributes
extendedCertificateAttributes
challengePassword
challengePassword
dhKeyAgreement
dhKeyAgreement
USER32.DLL
USER32.DLL
NETAPI32.DLL
NETAPI32.DLL
SHA1 part of OpenSSL 0.9.8b 04 May 2006
SHA1 part of OpenSSL 0.9.8b 04 May 2006
SHA-256 part of OpenSSL 0.9.8b 04 May 2006
SHA-256 part of OpenSSL 0.9.8b 04 May 2006
DlSHA-512 part of OpenSSL 0.9.8b 04 May 2006
DlSHA-512 part of OpenSSL 0.9.8b 04 May 2006
port error
port error
d:\MiniDownloadLib\branches\bin\Product Release\download_engine.pdb
d:\MiniDownloadLib\branches\bin\Product Release\download_engine.pdb
WS2_32.dll
WS2_32.dll
WININET.dll
WININET.dll
USERENV.dll
USERENV.dll
VERSION.dll
VERSION.dll
CreateIoCompletionPort
CreateIoCompletionPort
GetWindowsDirectoryA
GetWindowsDirectoryA
zlib1.dll
zlib1.dll
MSWSOCK.dll
MSWSOCK.dll
NETAPI32.dll
NETAPI32.dll
ReportEventA
ReportEventA
download_engine.dll
download_engine.dll
get_default_listen_port
get_default_listen_port
get_http_request_header
get_http_request_header
get_http_request_method
get_http_request_method
get_listen_port
get_listen_port
get_task_url
get_task_url
get_url_str
get_url_str
is_support_dispatch_strategy
is_support_dispatch_strategy
is_support_schema
is_support_schema
parse_url
parse_url
report_crack
report_crack
report_crack_cancel
report_crack_cancel
report_file_to_phub
report_file_to_phub
set_http_request_header
set_http_request_header
set_http_request_method
set_http_request_method
set_listen_port
set_listen_port
set_report_strategy
set_report_strategy
set_stat_ref_url
set_stat_ref_url
url_info_to_str
url_info_to_str
.?AUIAsynIoOperationEvents@@
.?AUIAsynIoOperationEvents@@
.?AV?$singleton_ex@Vmsg_pool@@@@
.?AV?$singleton_ex@Vmsg_pool@@@@
.?AVmsg_pool@@
.?AVmsg_pool@@
.?AVCAsynIoOperationLayer@@
.?AVCAsynIoOperationLayer@@
.?AUIAsynTcpListener@@
.?AUIAsynTcpListener@@
.?AUIAsynTcpListener2@@
.?AUIAsynTcpListener2@@
.?AVCAsynTcpListener@@
.?AVCAsynTcpListener@@
.?AV?$CComObject@VCAsynTcpListener@@@ATL@@
.?AV?$CComObject@VCAsynTcpListener@@@ATL@@
.?AVCAsynSock5TcpListener@@
.?AVCAsynSock5TcpListener@@
.?AV?$CComObject@VCAsynSock5TcpListener@@@ATL@@
.?AV?$CComObject@VCAsynSock5TcpListener@@@ATL@@
.?AUIAsynUdpSocket2@@
.?AUIAsynUdpSocket2@@
.?AUIAsynUdpSocket@@
.?AUIAsynUdpSocket@@
.?AVCAsynUdpSocket@@
.?AVCAsynUdpSocket@@
.?AV?$CComObject@VCAsynUdpSocket@@@ATL@@
.?AV?$CComObject@VCAsynUdpSocket@@@ATL@@
.?AUIAsynTcpSocket@@
.?AUIAsynTcpSocket@@
.?AVCAsynTcpSocket@@
.?AVCAsynTcpSocket@@
.?AV?$CComObject@VCAsynTcpSocket@@@ATL@@
.?AV?$CComObject@VCAsynTcpSocket@@@ATL@@
.?AVCAsynSock5UdpSocket@@
.?AVCAsynSock5UdpSocket@@
.?AV?$CComObject@VCAsynSock5UdpSocket@@@ATL@@
.?AV?$CComObject@VCAsynSock5UdpSocket@@@ATL@@
.?AUIAsynIoOperationObject@@
.?AUIAsynIoOperationObject@@
.?AUIAsynIoOperation@@
.?AUIAsynIoOperation@@
.?AUIAsynFileScatterOperation@@
.?AUIAsynFileScatterOperation@@
.?AVCAsynIoOperation@@
.?AVCAsynIoOperation@@
.?AV?$CComObject@VCAsynIoOperation@@@ATL@@
.?AV?$CComObject@VCAsynIoOperation@@@ATL@@
.?AUIAsynProxyTcpSocket@@
.?AUIAsynProxyTcpSocket@@
.?AVCAsynSock5TcpSocket@@
.?AVCAsynSock5TcpSocket@@
.?AV?$CComObject@VCAsynSock5TcpSocket@@@ATL@@
.?AV?$CComObject@VCAsynSock5TcpSocket@@@ATL@@
.?AVasyn_io_operation@@
.?AVasyn_io_operation@@
.?AVCAsynIoOperationObjects@@
.?AVCAsynIoOperationObjects@@
.?AVftp_proxy_verifier@@
.?AVftp_proxy_verifier@@
.?AVhttp_proxy_verifier@@
.?AVhttp_proxy_verifier@@
.?AVwait_objects_thread_operation_list@@
.?AVwait_objects_thread_operation_list@@
.?AVasyn_udp_device@@
.?AVasyn_udp_device@@
.?AVcmd_tcp_handler@ns_p2sp@@
.?AVcmd_tcp_handler@ns_p2sp@@
.?AVhub_cmd_tcp_handler@ns_p2sp@@
.?AVhub_cmd_tcp_handler@ns_p2sp@@
.?AVstatistic_report_handler@ns_p2sp@@
.?AVstatistic_report_handler@ns_p2sp@@
.?AUIHttpResource@@
.?AUIHttpResource@@
.?AUIHttpResource2@@
.?AUIHttpResource2@@
.?AUIHttpResource3@@
.?AUIHttpResource3@@
.?AUIHttpResource4@@
.?AUIHttpResource4@@
.?AVp2sp_data_pipe@ns_p2sp@@
.?AVp2sp_data_pipe@ns_p2sp@@
.?AUIServerDataPipe@@
.?AUIServerDataPipe@@
.?AUIDataPipe@@
.?AUIDataPipe@@
.?AVcmd_query@ns_p2sp@@
.?AVcmd_query@ns_p2sp@@
.?AVcmd_query_res_info@ns_p2sp@@
.?AVcmd_query_res_info@ns_p2sp@@
.?AVcmd_query_server_res@ns_p2sp@@
.?AVcmd_query_server_res@ns_p2sp@@
.?AVcmd_report_fetch_hint_error@ns_p2sp@@
.?AVcmd_report_fetch_hint_error@ns_p2sp@@
.?AVcmd_report_fetch_hint_error_response@ns_p2sp@@
.?AVcmd_report_fetch_hint_error_response@ns_p2sp@@
.?AVhttpresponse_header@@
.?AVhttpresponse_header@@
.?AVserver_pipe_manager@ns_p2sp@@
.?AVserver_pipe_manager@ns_p2sp@@
.?AV?$CEventsRaiser@UIDataPipeEvents@@$0PPPPPPPP@@@
.?AV?$CEventsRaiser@UIDataPipeEvents@@$0PPPPPPPP@@@
.?AVpipe_events_raiser@ns_p2sp@@
.?AVpipe_events_raiser@ns_p2sp@@
.?AV?$CServerDataPipeRoot@UIServerDataPipe@@@@
.?AV?$CServerDataPipeRoot@UIServerDataPipe@@@@
.?AVdupsock_chunked_http_data_pipe@ns_p2sp@@
.?AVdupsock_chunked_http_data_pipe@ns_p2sp@@
.?AVdupsock_data_pipe@ns_p2sp@@
.?AVdupsock_data_pipe@ns_p2sp@@
.?AVserver_data_pipe@ns_p2sp@@
.?AVserver_data_pipe@ns_p2sp@@
.?AVftp_data_pipe@ns_p2sp@@
.?AVftp_data_pipe@ns_p2sp@@
.?AUIHttpDataPipe@@
.?AUIHttpDataPipe@@
.?AUIHttpDataPipe2@@
.?AUIHttpDataPipe2@@
.?AV?$CServerDataPipeRoot@UIHttpDataPipe2@@@@
.?AV?$CServerDataPipeRoot@UIHttpDataPipe2@@@@
.?AVhttp_data_pipe@ns_p2sp@@
.?AVhttp_data_pipe@ns_p2sp@@
.?AVhttp_url_range_pipe@ns_p2sp@@
.?AVhttp_url_range_pipe@ns_p2sp@@
.?AVasyn_io_operation@ns_p2sp@@
.?AVasyn_io_operation@ns_p2sp@@
.?AVp2p_cmd_exception@ns_p2sp@@
.?AVp2p_cmd_exception@ns_p2sp@@
.?AVp2p_cmd_exception_insufficient_write@ns_p2sp@@
.?AVp2p_cmd_exception_insufficient_write@ns_p2sp@@
.?AVp2p_cmd_exception_insufficient_read@ns_p2sp@@
.?AVp2p_cmd_exception_insufficient_read@ns_p2sp@@
.?AVcmd_query_response@ns_p2sp@@
.?AVcmd_query_response@ns_p2sp@@
.?AVcmd_query_res_info_response@ns_p2sp@@
.?AVcmd_query_res_info_response@ns_p2sp@@
.?AVcmd_query_server_res_response@ns_p2sp@@
.?AVcmd_query_server_res_response@ns_p2sp@@
.?AVcmd_report_change_ex@ns_p2sp@@
.?AVcmd_report_change_ex@ns_p2sp@@
.?AVcmd_insert_server@ns_p2sp@@
.?AVcmd_insert_server@ns_p2sp@@
.?AVCAsynIoOperationEvents@ns_p2sp@@
.?AVCAsynIoOperationEvents@ns_p2sp@@
.?AV?$CComObject@VCAsynIoOperationEvents@ns_p2sp@@@ATL@@
.?AV?$CComObject@VCAsynIoOperationEvents@ns_p2sp@@@ATL@@
.?AVftp_data_reader@ns_p2sp@@
.?AVftp_data_reader@ns_p2sp@@
.?AVhttpresponse_data@ns_p2sp@@
.?AVhttpresponse_data@ns_p2sp@@
.?AVcmd_report_notstable_response@ns_p2sp@@
.?AVcmd_report_notstable_response@ns_p2sp@@
.?AVcmd_report_notstable@ns_p2sp@@
.?AVcmd_report_notstable@ns_p2sp@@
.?AVhttp_response@ns_p2sp@@
.?AVhttp_response@ns_p2sp@@
.?AVhttpresponse_stream_data@ns_p2sp@@
.?AVhttpresponse_stream_data@ns_p2sp@@
.?AVhttpresponse_chunked_data@ns_p2sp@@
.?AVhttpresponse_chunked_data@ns_p2sp@@
.?AVfile_create_operation@@
.?AVfile_create_operation@@
.?AVcmd_report_new_task@ns_p2sp@@
.?AVcmd_report_new_task@ns_p2sp@@
.?AVcmd_report_new_task_response@ns_p2sp@@
.?AVcmd_report_new_task_response@ns_p2sp@@
.?AVcmd_report_task_life_cycle@ns_p2sp@@
.?AVcmd_report_task_life_cycle@ns_p2sp@@
.?AVcmd_report_task_life_cycle_resp@ns_p2sp@@
.?AVcmd_report_task_life_cycle_resp@ns_p2sp@@
.?AVcmd_report_change_ex_response@ns_p2sp@@
.?AVcmd_report_change_ex_response@ns_p2sp@@
.?AVcmd_insert_server_response@ns_p2sp@@
.?AVcmd_insert_server_response@ns_p2sp@@
.?AVcmd_report_dwstat@ns_p2sp@@
.?AVcmd_report_dwstat@ns_p2sp@@
.?AVcmd_report_dwstat_resp@ns_p2sp@@
.?AVcmd_report_dwstat_resp@ns_p2sp@@
.?AVcmd_report_download_failure@ns_p2sp@@
.?AVcmd_report_download_failure@ns_p2sp@@
.?AVcmd_vote_urlinfo@ns_p2sp@@
.?AVcmd_vote_urlinfo@ns_p2sp@@
.?AVcmd_report_abnormal_response@ns_p2sp@@
.?AVcmd_report_abnormal_response@ns_p2sp@@
.?AVcmd_report_abnormal@ns_p2sp@@
.?AVcmd_report_abnormal@ns_p2sp@@
.?AVcmd_report_correction_resp@ns_p2sp@@
.?AVcmd_report_correction_resp@ns_p2sp@@
.?AVcmd_report_correction@ns_p2sp@@
.?AVcmd_report_correction@ns_p2sp@@
.?AVcmd_report_download_failure_response@ns_p2sp@@
.?AVcmd_report_download_failure_response@ns_p2sp@@
.?AVcmd_vote_urlinfo_resp@ns_p2sp@@
.?AVcmd_vote_urlinfo_resp@ns_p2sp@@
.?AVcmd_handler@ns_back_agent@@
.?AVcmd_handler@ns_back_agent@@
.?AVcmd_tcp_handler@ns_back_agent@@
.?AVcmd_tcp_handler@ns_back_agent@@
.?AV?$CCommandSender@Vcmd_tcp_handler@ns_back_agent@@UIShubCommand@@VCShubCommand@2@@ns_back_agent@@
.?AV?$CCommandSender@Vcmd_tcp_handler@ns_back_agent@@UIShubCommand@@VCShubCommand@2@@ns_back_agent@@
.?AV?$CCommandSender@Vcmd_tcp_handler@ns_back_agent@@UIPhubCommand@@VCPhubCommand@2@@ns_back_agent@@
.?AV?$CCommandSender@Vcmd_tcp_handler@ns_back_agent@@UIPhubCommand@@VCPhubCommand@2@@ns_back_agent@@
.?AVcmd_udp_handler@ns_back_agent@@
.?AVcmd_udp_handler@ns_back_agent@@
.?AV?$CCommandSender@Vcmd_udp_handler@ns_back_agent@@UIPhubCommand@@VCPhubCommand@2@@ns_back_agent@@
.?AV?$CCommandSender@Vcmd_udp_handler@ns_back_agent@@UIPhubCommand@@VCPhubCommand@2@@ns_back_agent@@
.?AV?$CCommandSender@Vcmd_tcp_handler@ns_back_agent@@UICommand@@VCCommandEx@2@@ns_back_agent@@
.?AV?$CCommandSender@Vcmd_tcp_handler@ns_back_agent@@UICommand@@VCCommandEx@2@@ns_back_agent@@
.?AV?$CCommandSender@Vcmd_udp_handler@ns_back_agent@@UICommand@@VCCommandEx@2@@ns_back_agent@@
.?AV?$CCommandSender@Vcmd_udp_handler@ns_back_agent@@UICommand@@VCCommandEx@2@@ns_back_agent@@
.?AVcmd_tcp_encrypted_handler@ns_back_agent@@
.?AVcmd_tcp_encrypted_handler@ns_back_agent@@
.?AV?$CCommandSender@Vcmd_tcp_encrypted_handler@ns_back_agent@@UIShubCommand@@VCShubCommand@2@@ns_back_agent@@
.?AV?$CCommandSender@Vcmd_tcp_encrypted_handler@ns_back_agent@@UIShubCommand@@VCShubCommand@2@@ns_back_agent@@
.?AV?$CCommandSender@Vcmd_tcp_encrypted_handler@ns_back_agent@@UIPhubCommand@@VCPhubCommand@2@@ns_back_agent@@
.?AV?$CCommandSender@Vcmd_tcp_encrypted_handler@ns_back_agent@@UIPhubCommand@@VCPhubCommand@2@@ns_back_agent@@
.?AV?$CCommandSender@Vcmd_tcp_encrypted_handler@ns_back_agent@@UICommand@@VCCommandEx@2@@ns_back_agent@@
.?AV?$CCommandSender@Vcmd_tcp_encrypted_handler@ns_back_agent@@UICommand@@VCCommandEx@2@@ns_back_agent@@
.?AV?$CComObject@V?$CCommandSender@Vcmd_tcp_handler@ns_back_agent@@UIShubCommand@@VCShubCommand@2@@ns_back_agent@@@ATL@@
.?AV?$CComObject@V?$CCommandSender@Vcmd_tcp_handler@ns_back_agent@@UIShubCommand@@VCShubCommand@2@@ns_back_agent@@@ATL@@
.?AV?$CComObject@V?$CCommandSender@Vcmd_tcp_handler@ns_back_agent@@UIPhubCommand@@VCPhubCommand@2@@ns_back_agent@@@ATL@@
.?AV?$CComObject@V?$CCommandSender@Vcmd_tcp_handler@ns_back_agent@@UIPhubCommand@@VCPhubCommand@2@@ns_back_agent@@@ATL@@
.?AV?$CComObject@V?$CCommandSender@Vcmd_udp_handler@ns_back_agent@@UIPhubCommand@@VCPhubCommand@2@@ns_back_agent@@@ATL@@
.?AV?$CComObject@V?$CCommandSender@Vcmd_udp_handler@ns_back_agent@@UIPhubCommand@@VCPhubCommand@2@@ns_back_agent@@@ATL@@
.?AV?$CComObject@V?$CCommandSender@Vcmd_tcp_handler@ns_back_agent@@UICommand@@VCCommandEx@2@@ns_back_agent@@@ATL@@
.?AV?$CComObject@V?$CCommandSender@Vcmd_tcp_handler@ns_back_agent@@UICommand@@VCCommandEx@2@@ns_back_agent@@@ATL@@
.?AV?$CComObject@V?$CCommandSender@Vcmd_udp_handler@ns_back_agent@@UICommand@@VCCommandEx@2@@ns_back_agent@@@ATL@@
.?AV?$CComObject@V?$CCommandSender@Vcmd_udp_handler@ns_back_agent@@UICommand@@VCCommandEx@2@@ns_back_agent@@@ATL@@
.?AV?$CComObject@V?$CCommandSender@Vcmd_tcp_encrypted_handler@ns_back_agent@@UIShubCommand@@VCShubCommand@2@@ns_back_agent@@@ATL@@
.?AV?$CComObject@V?$CCommandSender@Vcmd_tcp_encrypted_handler@ns_back_agent@@UIShubCommand@@VCShubCommand@2@@ns_back_agent@@@ATL@@
.?AV?$CComObject@V?$CCommandSender@Vcmd_tcp_encrypted_handler@ns_back_agent@@UIPhubCommand@@VCPhubCommand@2@@ns_back_agent@@@ATL@@
.?AV?$CComObject@V?$CCommandSender@Vcmd_tcp_encrypted_handler@ns_back_agent@@UIPhubCommand@@VCPhubCommand@2@@ns_back_agent@@@ATL@@
.?AV?$CComObject@V?$CCommandSender@Vcmd_tcp_encrypted_handler@ns_back_agent@@UICommand@@VCCommandEx@2@@ns_back_agent@@@ATL@@
.?AV?$CComObject@V?$CCommandSender@Vcmd_tcp_encrypted_handler@ns_back_agent@@UICommand@@VCCommandEx@2@@ns_back_agent@@@ATL@@
.?AVconfig_hub_tcp_handler@ns_back_agent@@
.?AVconfig_hub_tcp_handler@ns_back_agent@@
.?AVstatistic_report_handler@ns_back_agent@@
.?AVstatistic_report_handler@ns_back_agent@@
.?AVthunderS_enroll_tcp_handler@ns_back_agent@@
.?AVthunderS_enroll_tcp_handler@ns_back_agent@@
.?AVcmd_enroll_resp@ns_back_agent@@
.?AVcmd_enroll_resp@ns_back_agent@@
.?AVpmap_tcp_handler@ns_back_agent@@
.?AVpmap_tcp_handler@ns_back_agent@@
.?AVcmd_query_base_conf@ns_back_agent@@
.?AVcmd_query_base_conf@ns_back_agent@@
.?AVcmd_query_base_conf_resp@ns_back_agent@@
.?AVcmd_query_base_conf_resp@ns_back_agent@@
.?AVcmd_enroll@ns_back_agent@@
.?AVcmd_enroll@ns_back_agent@@
.?AVcmd_report_change_dir_for_ids@ns_back_agent@@
.?AVcmd_report_change_dir_for_ids@ns_back_agent@@
.?AVcmd_report_change_dir_for_ids_resp@ns_back_agent@@
.?AVcmd_report_change_dir_for_ids_resp@ns_back_agent@@
.?AVcmd_report_del_uncomp_task@ns_back_agent@@
.?AVcmd_report_del_uncomp_task@ns_back_agent@@
.?AVcmd_report_del_uncomp_task_response@ns_back_agent@@
.?AVcmd_report_del_uncomp_task_response@ns_back_agent@@
.?AVcmd_query_resstat@ns_back_agent@@
.?AVcmd_query_resstat@ns_back_agent@@
.?AVcmd_reportcrack@ns_back_agent@@
.?AVcmd_reportcrack@ns_back_agent@@
.?AVcmd_getconfig@ns_back_agent@@
.?AVcmd_getconfig@ns_back_agent@@
.?AVcmd_getconfig_resp@ns_back_agent@@
.?AVcmd_getconfig_resp@ns_back_agent@@
.?AVcmd_query_resstat_resp@ns_back_agent@@
.?AVcmd_query_resstat_resp@ns_back_agent@@
.?AVcmd_reportcrack_resp@ns_back_agent@@
.?AVcmd_reportcrack_resp@ns_back_agent@@
.?AVp2p_intranet_cmd@ns_ptl@@
.?AVp2p_intranet_cmd@ns_ptl@@
.?AVp2p_cmd_keepalive@ns_ptl@@
.?AVp2p_cmd_keepalive@ns_ptl@@
.?AVasyn_io_operation@nssc@@
.?AVasyn_io_operation@nssc@@
.?AVbroker_io_operation@ns_ptl@@
.?AVbroker_io_operation@ns_ptl@@
.?AVall_udt_accept_operation@ns_ptl@@
.?AVall_udt_accept_operation@ns_ptl@@
.?AVpassive_peek_operation@ns_ptl@@
.?AVpassive_peek_operation@ns_ptl@@
.?AVpassive_connection_dispatcher@ns_ptl@@
.?AVpassive_connection_dispatcher@ns_ptl@@
.?AVstatistic_report_handler@ns_ptl@@
.?AVstatistic_report_handler@ns_ptl@@
.?AVReportP2PTraverseStatEvents@ns_ptl@@
.?AVReportP2PTraverseStatEvents@ns_ptl@@
.?AVudp_socket_portal@ns_ptl@@
.?AVudp_socket_portal@ns_ptl@@
.?AVudp_data_handler_imp@ns_ptl@@
.?AVudp_data_handler_imp@ns_ptl@@
.?AVp2p_cmd_exception@ns_ptl@@
.?AVp2p_cmd_exception@ns_ptl@@
.?AVudp_make_peer_reachable_event_handler@ns_ptl@@
.?AVudp_make_peer_reachable_event_handler@ns_ptl@@
.?AVudp_make_peer_reachable_strategy@ns_ptl@@
.?AVudp_make_peer_reachable_strategy@ns_ptl@@
.?AVudp_passive_punch_hole_strategy@ns_ptl@@
.?AVudp_passive_punch_hole_strategy@ns_ptl@@
.?AVudp_punch_hole_strategy@ns_ptl@@
.?AVudp_punch_hole_strategy@ns_ptl@@
.?AVudp_direct_connect_strategy@ns_ptl@@
.?AVudp_direct_connect_strategy@ns_ptl@@
.?AVudp_passive_direct_connect_strategy@ns_ptl@@
.?AVudp_passive_direct_connect_strategy@ns_ptl@@
.?AVincoming_udp_broker_connection_handler@ns_ptl@@
.?AVincoming_udp_broker_connection_handler@ns_ptl@@
.?AVudp_broker_cmd_handler@ns_ptl@@
.?AVudp_broker_cmd_handler@ns_ptl@@
.?AVudp_passive_broker_strategy@ns_ptl@@
.?AVudp_passive_broker_strategy@ns_ptl@@
.?AVp2p_cmd_p2psyn@ns_ptl@@
.?AVp2p_cmd_p2psyn@ns_ptl@@
.?AVudp_broker_strategy@ns_ptl@@
.?AVudp_broker_strategy@ns_ptl@@
.?AVudp_relay_strategy@ns_ptl@@
.?AVudp_relay_strategy@ns_ptl@@
.?AVptl_tcp_socket@ns_ptl@@
.?AVptl_tcp_socket@ns_ptl@@
.?AVp2p_cmd_p2preset@ns_ptl@@
.?AVp2p_cmd_p2preset@ns_ptl@@
.?AVp2p_cmd_getpeersn@ns_ptl@@
.?AVp2p_cmd_getpeersn@ns_ptl@@
.?AVcmd_brokerreq@ns_ptl@@
.?AVcmd_brokerreq@ns_ptl@@
.?AVcmd_brokerreq2@ns_ptl@@
.?AVcmd_brokerreq2@ns_ptl@@
.?AVp2p_cmd_base@ns_ptl@@
.?AVp2p_cmd_base@ns_ptl@@
.?AVp2p_cmd_tcp@ns_ptl@@
.?AVp2p_cmd_tcp@ns_ptl@@
.?AVcmd_transferlayercontrolresp@ns_ptl@@
.?AVcmd_transferlayercontrolresp@ns_ptl@@
.?AVp2p_cmd_exception_insufficient_read@ns_ptl@@
.?AVp2p_cmd_exception_insufficient_read@ns_ptl@@
.?AVcmd_transferlayercontrol@ns_ptl@@
.?AVcmd_transferlayercontrol@ns_ptl@@
.?AVasyn_http_socket_device@ns_ptl@@
.?AVasyn_http_socket_device@ns_ptl@@
.?AVp2p_cmd_statistic@ns_ptl@@
.?AVp2p_cmd_statistic@ns_ptl@@
.?AVcmd_reportp2pobjstat@ns_ptl@@
.?AVcmd_reportp2pobjstat@ns_ptl@@
.?AVp2p_cmd_binding_response@ns_ptl@@
.?AVp2p_cmd_binding_response@ns_ptl@@
.?AVp2p_cmd_binding_request@ns_ptl@@
.?AVp2p_cmd_binding_request@ns_ptl@@
.?AVudp_socket@ns_ptl@@
.?AVudp_socket@ns_ptl@@
.?AVudp_socket_imp@ns_ptl@@
.?AVudp_socket_imp@ns_ptl@@
.?AVp2p_cmd_nn2snlogout@ns_ptl@@
.?AVp2p_cmd_nn2snlogout@ns_ptl@@
.?AVp2p_cmd_getmysn@ns_ptl@@
.?AVp2p_cmd_getmysn@ns_ptl@@
.?AVp2p_cmd_pingsn@ns_ptl@@
.?AVp2p_cmd_pingsn@ns_ptl@@
.?AVcmd_query_relay_peer_resp@ns_ptl@@
.?AVcmd_query_relay_peer_resp@ns_ptl@@
.?AVp2p_cmd_RelayRequestResp@ns_ptl@@
.?AVp2p_cmd_RelayRequestResp@ns_ptl@@
.?AVp2p_cmd_RelayRequest@ns_ptl@@
.?AVp2p_cmd_RelayRequest@ns_ptl@@
.?AVcmd_brokercmd2@ns_ptl@@
.?AVcmd_brokercmd2@ns_ptl@@
.?AVp2p_cmd_getmysnres@ns_ptl@@
.?AVp2p_cmd_getmysnres@ns_ptl@@
.?AVcmd_udp_broker_cmd@ns_ptl@@
.?AVcmd_udp_broker_cmd@ns_ptl@@
.?AVp2p_cmd_udp@ns_ptl@@
.?AVp2p_cmd_udp@ns_ptl@@
.?AVp2p_cmd_brokercmd@ns_ptl@@
.?AVp2p_cmd_brokercmd@ns_ptl@@
.?AVp2p_cmd_someonecallu@ns_ptl@@
.?AVp2p_cmd_someonecallu@ns_ptl@@
.?AVp2p_cmd_punchhole@ns_ptl@@
.?AVp2p_cmd_punchhole@ns_ptl@@
.?AVp2p_cmd_pingsnres@ns_ptl@@
.?AVp2p_cmd_pingsnres@ns_ptl@@
.?AVp2p_cmd_icallsomeoneres@ns_ptl@@
.?AVp2p_cmd_icallsomeoneres@ns_ptl@@
.?AVp2p_cmd_getpeersnres@ns_ptl@@
.?AVp2p_cmd_getpeersnres@ns_ptl@@
.?AVp2p_cmd_advanced_ack@ns_ptl@@
.?AVp2p_cmd_advanced_ack@ns_ptl@@
.?AVcmd_brokercmd@ns_ptl@@
.?AVcmd_brokercmd@ns_ptl@@
.?AVp2p_cmd_icallsomeone@ns_ptl@@
.?AVp2p_cmd_icallsomeone@ns_ptl@@
.?AVcmd_udp_broker_req@ns_ptl@@
.?AVcmd_udp_broker_req@ns_ptl@@
.?AVcmd_query_relay_peer@ns_ptl@@
.?AVcmd_query_relay_peer@ns_ptl@@
.?AVp2p_cmd_brokerreq@ns_ptl@@
.?AVp2p_cmd_brokerreq@ns_ptl@@
.?AVp2p_cmd_exception_insufficient_write@ns_ptl@@
.?AVp2p_cmd_exception_insufficient_write@ns_ptl@@
.?AVp2p_cmd_reportp2pstatresp@ns_ptl@@
.?AVp2p_cmd_reportp2pstatresp@ns_ptl@@
.?AVcmd_reportp2pobjstatresp@ns_ptl@@
.?AVcmd_reportp2pobjstatresp@ns_ptl@@
.?AVp2p_cmd_logout@ns_ptl@@
.?AVp2p_cmd_logout@ns_ptl@@
.?AVcmd_ping@ns_ptl@@
.?AVcmd_ping@ns_ptl@@
.?AVasyn_tcp_handler@ns_ptl@@
.?AVasyn_tcp_handler@ns_ptl@@
.?AVcmd_report_upnp@ns_ptl@@
.?AVcmd_report_upnp@ns_ptl@@
.?AVcmd_report_upnp_response@ns_ptl@@
.?AVcmd_report_upnp_response@ns_ptl@@
.?AVasyn_udp_handler@ns_ptl@@
.?AVasyn_udp_handler@ns_ptl@@
.?AV?$msg_base@Vp2pres_repository@ns_p2p@@@ns_p2p@@
.?AV?$msg_base@Vp2pres_repository@ns_p2p@@@ns_p2p@@
.?AVresource_upload_control_msg@ns_p2p@@
.?AVresource_upload_control_msg@ns_p2p@@
.?AVp2p_data_pipe@ns_p2p@@
.?AVp2p_data_pipe@ns_p2p@@
.?AVp2p_pipe_base@ns_p2p@@
.?AVp2p_pipe_base@ns_p2p@@
.?AVbroker_pipe_record@ns_p2p@@
.?AVbroker_pipe_record@ns_p2p@@
.?AVupload_p2p_pipes@ns_p2p@@
.?AVupload_p2p_pipes@ns_p2p@@
.?AVpending_p2p_pipes@ns_p2p@@
.?AVpending_p2p_pipes@ns_p2p@@
.?AVmsg@p2p_sub_task@ns_p2p@@
.?AVmsg@p2p_sub_task@ns_p2p@@
.?AVasyn_notify_msg@p2p_sub_task@ns_p2p@@
.?AVasyn_notify_msg@p2p_sub_task@ns_p2p@@
.?AVmsg@p2phub_tcp_handler@ns_p2p@@
.?AVmsg@p2phub_tcp_handler@ns_p2p@@
.?AVremove_single_msg@p2phub_tcp_handler@ns_p2p@@
.?AVremove_single_msg@p2phub_tcp_handler@ns_p2p@@
.?AVupdate_single_msg@p2phub_tcp_handler@ns_p2p@@
.?AVupdate_single_msg@p2phub_tcp_handler@ns_p2p@@
.?AVp2phub_tcp_handler@ns_p2p@@
.?AVp2phub_tcp_handler@ns_p2p@@
.?AVstatistic_report_handler@ns_p2p@@
.?AVstatistic_report_handler@ns_p2p@@
.?AVp2p_acc_cert_verifier@ns_p2p@@
.?AVp2p_acc_cert_verifier@ns_p2p@@
.?AVcmd_tcp_handler@ns_p2p@@
.?AVcmd_tcp_handler@ns_p2p@@
.?AVquery_p2p_score_tcp_handler@ns_p2p@@
.?AVquery_p2p_score_tcp_handler@ns_p2p@@
.?AVcmd_udp_handler@ns_p2p@@
.?AVcmd_udp_handler@ns_p2p@@
.?AVp2phub_udp_handler@ns_p2p@@
.?AVp2phub_udp_handler@ns_p2p@@
.?AVcmd_report_invalid_peer@ns_p2p@@
.?AVcmd_report_invalid_peer@ns_p2p@@
.?AVp2p_pipe_speed_caculator@ns_p2p@@
.?AVp2p_pipe_speed_caculator@ns_p2p@@
.?AVp2p_cmd_base@ns_p2p@@
.?AVp2p_cmd_base@ns_p2p@@
.?AVp2p_cmd_old@ns_p2p@@
.?AVp2p_cmd_old@ns_p2p@@
.?AVp2p_cmd_tcp@ns_p2p@@
.?AVp2p_cmd_tcp@ns_p2p@@
.?AVp2p_cmd_old_get@ns_p2p@@
.?AVp2p_cmd_old_get@ns_p2p@@
.?AVp2p_cmd_request@ns_p2p@@
.?AVp2p_cmd_request@ns_p2p@@
.?AUIChokePipeUploadScore@@
.?AUIChokePipeUploadScore@@
.?AUIExtraDataPipe@@
.?AUIExtraDataPipe@@
.?AUIChokePipe@@
.?AUIChokePipe@@
.?AUIP2pDataPipe@@
.?AUIP2pDataPipe@@
.?AUIP2pDataPipe2@@
.?AUIP2pDataPipe2@@
.?AVcmd_report_upload_statistic_resp@ns_p2p@@
.?AVcmd_report_upload_statistic_resp@ns_p2p@@
.?AVcmd_report_upload_statistic@ns_p2p@@
.?AVcmd_report_upload_statistic@ns_p2p@@
.?AVcmd_tracker_delete_resp@ns_p2p@@
.?AVcmd_tracker_delete_resp@ns_p2p@@
.?AVtracker_udp_handler@ns_p2p@@
.?AVtracker_udp_handler@ns_p2p@@
.?AVasyn_tcp_device@ns_p2p@@
.?AVasyn_tcp_device@ns_p2p@@
.?AVp2p_pipe_manager@ns_p2p@@
.?AVp2p_pipe_manager@ns_p2p@@
.?AVcmd_is_src_online@ns_p2p@@
.?AVcmd_is_src_online@ns_p2p@@
.?AVcmd_insert_rc@ns_p2p@@
.?AVcmd_insert_rc@ns_p2p@@
.?AVcmd_delete_rc@ns_p2p@@
.?AVcmd_delete_rc@ns_p2p@@
.?AVcmd_delete_rc_resp@ns_p2p@@
.?AVcmd_delete_rc_resp@ns_p2p@@
.?AVcmd_report_rclist@ns_p2p@@
.?AVcmd_report_rclist@ns_p2p@@
.?AVcmd_p2perrorstat@ns_p2p@@
.?AVcmd_p2perrorstat@ns_p2p@@
.?AVcmd_p2perrorstatresp@ns_p2p@@
.?AVcmd_p2perrorstatresp@ns_p2p@@
.?AVcmd_query_self_p2p_score@ns_p2p@@
.?AVcmd_query_self_p2p_score@ns_p2p@@
.?AVcmd_query_self_p2p_score_resp@ns_p2p@@
.?AVcmd_query_self_p2p_score_resp@ns_p2p@@
.?AVp2p_cmd_exception@ns_p2p@@
.?AVp2p_cmd_exception@ns_p2p@@
.?AVp2p_cmd_exception_insufficient_write@ns_p2p@@
.?AVp2p_cmd_exception_insufficient_write@ns_p2p@@
.?AVp2p_cmd_exception_insufficient_read@ns_p2p@@
.?AVp2p_cmd_exception_insufficient_read@ns_p2p@@
.?AVp2p_cmd_requestresp@ns_p2p@@
.?AVp2p_cmd_requestresp@ns_p2p@@
.?AVp2p_cmd_old_resp@ns_p2p@@
.?AVp2p_cmd_old_resp@ns_p2p@@
.?AVp2p_cmd_exception_protocol_ver_too_high@ns_p2p@@
.?AVp2p_cmd_exception_protocol_ver_too_high@ns_p2p@@
.?AVp2p_cmd_old_connect@ns_p2p@@
.?AVp2p_cmd_old_connect@ns_p2p@@
.?AVp2p_cmd_old_connectresp@ns_p2p@@
.?AVp2p_cmd_old_connectresp@ns_p2p@@
.?AVp2p_cmd_old_getresp@ns_p2p@@
.?AVp2p_cmd_old_getresp@ns_p2p@@
.?AVp2p_cmd_handshake@ns_p2p@@
.?AVp2p_cmd_handshake@ns_p2p@@
.?AVp2p_cmd_handshakeresp@ns_p2p@@
.?AVp2p_cmd_handshakeresp@ns_p2p@@
.?AVp2p_cmd_interested@ns_p2p@@
.?AVp2p_cmd_interested@ns_p2p@@
.?AVp2p_cmd_notinterested@ns_p2p@@
.?AVp2p_cmd_notinterested@ns_p2p@@
.?AVp2p_cmd_interestedresp@ns_p2p@@
.?AVp2p_cmd_interestedresp@ns_p2p@@
.?AVp2p_cmd_extradata@ns_p2p@@
.?AVp2p_cmd_extradata@ns_p2p@@
.?AVp2p_cmd_extradataresp@ns_p2p@@
.?AVp2p_cmd_extradataresp@ns_p2p@@
.?AVp2p_cmd_cancel@ns_p2p@@
.?AVp2p_cmd_cancel@ns_p2p@@
.?AVp2p_cmd_cancelresp@ns_p2p@@
.?AVp2p_cmd_cancelresp@ns_p2p@@
.?AVp2p_cmd_fin@ns_p2p@@
.?AVp2p_cmd_fin@ns_p2p@@
.?AVp2p_cmd_finresp@ns_p2p@@
.?AVp2p_cmd_finresp@ns_p2p@@
.?AVp2p_cmd_keepalive1@ns_p2p@@
.?AVp2p_cmd_keepalive1@ns_p2p@@
.?AVp2p_cmd_unknowncmd@ns_p2p@@
.?AVp2p_cmd_unknowncmd@ns_p2p@@
.?AVp2p_cmd_choke@ns_p2p@@
.?AVp2p_cmd_choke@ns_p2p@@
.?AVp2p_cmd_unchoke@ns_p2p@@
.?AVp2p_cmd_unchoke@ns_p2p@@
.?AVcmd_query_p2phub@ns_p2p@@
.?AVcmd_query_p2phub@ns_p2p@@
.?AVcmd_query_p2phub_resp@ns_p2p@@
.?AVcmd_query_p2phub_resp@ns_p2p@@
.?AVcmd_query_tracker@ns_p2p@@
.?AVcmd_query_tracker@ns_p2p@@
.?AUpeer_res2@cmd_query_tracker_resp@ns_p2p@@
.?AUpeer_res2@cmd_query_tracker_resp@ns_p2p@@
.?AVcmd_query_tracker_resp@ns_p2p@@
.?AVcmd_query_tracker_resp@ns_p2p@@
.?AVcmd_tracker_delete@ns_p2p@@
.?AVcmd_tracker_delete@ns_p2p@@
.?AVcmd_is_src_online_resp@ns_p2p@@
.?AVcmd_is_src_online_resp@ns_p2p@@
.?AVcmd_insert_rc_resp@ns_p2p@@
.?AVcmd_insert_rc_resp@ns_p2p@@
.?AVcmd_report_rclist_resp@ns_p2p@@
.?AVcmd_report_rclist_resp@ns_p2p@@
.?AUIDataPipeEvents@@
.?AUIDataPipeEvents@@
.?AVdata_pipe_wrapper@ns_down_dispatcher@@
.?AVdata_pipe_wrapper@ns_down_dispatcher@@
.?AVserver_data_pipe@ns_down_dispatcher@@
.?AVserver_data_pipe@ns_down_dispatcher@@
.?AVpeer_data_pipe@ns_down_dispatcher@@
.?AVpeer_data_pipe@ns_down_dispatcher@@
.?AVcmd_tcp_handler@ns_xl_data@@
.?AVcmd_tcp_handler@ns_xl_data@@
.?AVreport_handler@ns_xl_data@@
.?AVreport_handler@ns_xl_data@@
.?AVcmd_report_statistic_resp@ns_xl_data@@
.?AVcmd_report_statistic_resp@ns_xl_data@@
.?AVcmd_report_statistic@ns_xl_data@@
.?AVcmd_report_statistic@ns_xl_data@@
.?AVCAsynIoOperationEvents@nssc@@
.?AVCAsynIoOperationEvents@nssc@@
.?AV?$CComObject@VCAsynIoOperationEvents@nssc@@@ATL@@
.?AV?$CComObject@VCAsynIoOperationEvents@nssc@@@ATL@@
.?AVasyn_tcp_device_imp@nssc@@
.?AVasyn_tcp_device_imp@nssc@@
.?AVasyn_udp_device@nssc@@
.?AVasyn_udp_device@nssc@@
'0:0`0{0
'0:0`0{0
4I4F4S4`4
4I4F4S4`4
8%8S8u8
8%8S8u8
= =,=2=8=>=
= =,=2=8=>=
6r7S7o7t7
6r7S7o7t7
4T5U5d5
4T5U5d5
3#393]3}3
3#393]3}3
9Ÿ9i9
9Ÿ9i9
4 4$4(4,494
4 4$4(4,494
5 5$5(5,505{5
5 5$5(5,505{5
9"9(919?9
9"9(919?9
6%7,727]7
6%7,727]7
0%0/090|0
0%0/090|0
6m6Q6d6v6
6m6Q6d6v6
9'9-989A9F9S9Y9s9}9
9'9-989A9F9S9Y9s9}9
4]5
4]5
8Å’8^8n8t879K9
8Å’8^8n8t879K9
00F0
00F0
1%1S1o1
1%1S1o1
5371979
5371979
:.:3:8:&;
:.:3:8:&;
4090>0`0
4090>0`0
&1?164#8
&1?164#8
8Â8W8
8Â8W8
2(3-383>3
2(3-383>3
3!3&333^3
3!3&333^3
3$3 34494>4
3$3 34494>4
9(;-;2;"?
9(;-;2;"?
4 5Y5U5^5c5u5~5
4 5Y5U5^5c5u5~5
?(?1?:???
?(?1?:???
6d6C6R6a6p6u6
6d6C6R6a6p6u6
:$;(;,;0;4;8;
:$;(;,;0;4;8;
9(9,9094989
9(9,9094989
5 5$5(5,50545|5
5 5$5(5,50545|5
3 3$3(3,3034383
3 3$3(3,3034383
: :$:(:,:0:4:
: :$:(:,:0:4:
; ;$;(;,;0;
; ;$;(;,;0;
$0(0,0004080
$0(0,0004080
7(8,8084888
7(8,8084888
= =$=0=4=8=`=|=
= =$=0=4=8=`=|=
4 4(4,4044484
4 4(4,4044484
hXXp://ocsp.thawte.com0
hXXp://ocsp.thawte.com0
.hXXp://crl.thawte.com/ThawteTimestampingCA.crl0
.hXXp://crl.thawte.com/ThawteTimestampingCA.crl0
hXXp://ts-ocsp.ws.symantec.com07
hXXp://ts-ocsp.ws.symantec.com07
hXXp://ts-aia.ws.symantec.com/tss-ca-g2.cer0
hXXp://ts-aia.ws.symantec.com/tss-ca-g2.cer0
hXXp://ts-crl.ws.symantec.com/tss-ca-g2.crl0(
hXXp://ts-crl.ws.symantec.com/tss-ca-g2.crl0(
Operate1604
Operate1604
ver = 3.2.1.42
ver = 3.2.1.42
.textbss1U
.textbss1U
.idata
.idata
httpsProxy
httpsProxy
ftpProxy
ftpProxy
httpProxy
httpProxy
dwTcpSpeedLimit
dwTcpSpeedLimit
ref_url_length
ref_url_length
ref_url
ref_url
url_length
url_length
udp_port
udp_port
tcp_port
tcp_port
strCurrentExeFullPath
strCurrentExeFullPath
strExeFullPath
strExeFullPath
bug_report_dir
bug_report_dir
ShExecInfo
ShExecInfo
cmd_line
cmd_line
hKey
hKey
CertInfo
CertInfo
hMsg
hMsg
XLBugReport_path
XLBugReport_path
hXXp://store.paycenter.uc.cn
hXXp://store.paycenter.uc.cn
mail-attachment.googleusercontent.com
mail-attachment.googleusercontent.com
d:\minitp\src\minithunderplatform\src\minithunderplatform\downloadenginemanager.cpp
d:\minitp\src\minithunderplatform\src\minithunderplatform\downloadenginemanager.cpp
80000055
80000055
d:\minitp\src\minithunderplatform\src\dl_common\common\utility.cpp
d:\minitp\src\minithunderplatform\src\dl_common\common\utility.cpp
_XL_SetAlwaysSendReport@4
_XL_SetAlwaysSendReport@4
_XL_SetReportShowMode@4
_XL_SetReportShowMode@4
_XL_SetBugReportRootDir@4
_XL_SetBugReportRootDir@4
unknown SDParameterType: %d when SDParameter::encode_data
unknown SDParameterType: %d when SDParameter::encode_data
unknown SDParameterType: %d when SDParameter::decode_data
unknown SDParameterType: %d when SDParameter::decode_data
d:\MiniTP\Src\MiniThunderPlatform\pdb\ProductForCommon\MiniThunderPlatform.pdb
d:\MiniTP\Src\MiniThunderPlatform\pdb\ProductForCommon\MiniThunderPlatform.pdb
RASAPI32.dll
RASAPI32.dll
CryptMsgClose
CryptMsgClose
CertCloseStore
CertCloseStore
CertFreeCertificateContext
CertFreeCertificateContext
CertGetNameStringW
CertGetNameStringW
CertFindCertificateInStore
CertFindCertificateInStore
CryptMsgGetParam
CryptMsgGetParam
CRYPT32.dll
CRYPT32.dll
- Attempt to initialize the CRT more than once.
- Attempt to initialize the CRT more than once.
- CRT not initialized
- CRT not initialized
- floating point support not loaded
- floating point support not loaded
d:\Project\MiniTPFw\MiniTPFw\Release\MiniTPFw.pdb
d:\Project\MiniTPFw\MiniTPFw\Release\MiniTPFw.pdb
Yv4SSSSh
Yv4SSSSh
unzip 1.01 Copyright 1998-2004 Gilles Vollant - hXXp://VVV.winimage.com/zLibDll
unzip 1.01 Copyright 1998-2004 Gilles Vollant - hXXp://VVV.winimage.com/zLibDll
zip 1.01 Copyright 1998-2004 Gilles Vollant - hXXp://VVV.winimage.com/zLibDll
zip 1.01 Copyright 1998-2004 Gilles Vollant - hXXp://VVV.winimage.com/zLibDll
e:\code_svn\xl_framework\xl_component\minizip\Release\minizip.pdb
e:\code_svn\xl_framework\xl_component\minizip\Release\minizip.pdb
minizip.dll
minizip.dll
unzOpenCurrentFilePassword
unzOpenCurrentFilePassword
msvcp71.pdb
msvcp71.pdb
C?|!%x
C?|!%x
\9?|49?|
\9?|49?|
\|4|
\|4|
_Wcrtomb
_Wcrtomb
__Wcrtomb_lk
__Wcrtomb_lk
wcrtomb
wcrtomb
0 00C0R0b0k0~0
0 00C0R0b0k0~0
0-1}1@2
0-1}1@2
2 2(202@2`2
2 2(202@2`2
HNetCfg.FwMgr
HNetCfg.FwMgr
HNetCfg.FwAuthorizedApplication
HNetCfg.FwAuthorizedApplication
HNetCfg.FwOpenPort
HNetCfg.FwOpenPort
d:\workspace\xlframework\win32_component\ThunderFW\Release\ThunderFW.pdb
d:\workspace\xlframework\win32_component\ThunderFW\Release\ThunderFW.pdb
9$9,92979=9
9$9,92979=9
;.
;.
$1014181
$1014181
> >@>`>
> >@>`>
deflate 1.2.3 Copyright 1995-2005 Jean-loup Gailly
deflate 1.2.3 Copyright 1995-2005 Jean-loup Gailly
,[!1.2.3
,[!1.2.3
%c%c%c%c%c%c%c%c%c%c
%c%c%c%c%c%c%c%c%c%c
inflate 1.2.3 Copyright 1995-2005 Mark Adler
inflate 1.2.3 Copyright 1995-2005 Mark Adler
FTpl
FTpl
u.VV3
u.VV3
codepage:%d
codepage:%d
:?\/*|"
:?\/*|"
?456789:;
?456789:;
!"#$%&'()* ,-./0123
!"#$%&'()* ,-./0123
mscoree.dll
mscoree.dll
d:\MiniTP\Src\MiniThunderPlatform\pdb\ProductForCommon\xldl.pdb
d:\MiniTP\Src\MiniThunderPlatform\pdb\ProductForCommon\xldl.pdb
InternetCrackUrlW
InternetCrackUrlW
HttpQueryInfoW
HttpQueryInfoW
HttpSendRequestW
HttpSendRequestW
HttpOpenRequestW
HttpOpenRequestW
XLDownloadEngine.dll
XLDownloadEngine.dll
2"2.272@2`2
2"2.272@2`2
4 4$4(4,4044484
4 4$4(4,4044484
5"6(6,60646>7
5"6(6,60646>7
7084888
7084888
:$:8:<:>
:$:8:<:>
3!5 5 656?6
3!5 5 656?6
7-8}8
7-8}8
3 3$3,3@3`3
3 3$3,3@3`3
ext-ms-win-ntuser-windowstation-l1-1-0
ext-ms-win-ntuser-windowstation-l1-1-0
\xldl.dll
\xldl.dll
\download\atl71.dll
\download\atl71.dll
\download\dl_peer_id.dll
\download\dl_peer_id.dll
\download\download_engine.dll
\download\download_engine.dll
\download\id.dat
\download\id.dat
\download\MiniThunderPlatform.exe
\download\MiniThunderPlatform.exe
\download\MiniTPFw.exe
\download\MiniTPFw.exe
\download\minizip.dll
\download\minizip.dll
\download\msvcp71.dll
\download\msvcp71.dll
\download\msvcr71.dll
\download\msvcr71.dll
\download\zlib1.dll
\download\zlib1.dll
\download\ThunderFW.exe
\download\ThunderFW.exe
xldl.dll
xldl.dll
[SDK] Load xl down dll pat : %s
[SDK] Load xl down dll pat : %s
\MiniTPFw.exe
\MiniTPFw.exe
MiniTPFw.exe
MiniTPFw.exe
[SDK] colse xl firewall tips %s %s
[SDK] colse xl firewall tips %s %s
@can not load xldl.dll
@can not load xldl.dll
[SDK] Close_XL_Firewall_Tips result = %s
[SDK] Close_XL_Firewall_Tips result = %s
@[SDK] CMonitorFolder delete file path %s
@[SDK] CMonitorFolder delete file path %s
[SDK] MonitorProcessCallBack hide window ok proccess : %s
[SDK] MonitorProcessCallBack hide window ok proccess : %s
[SDK] MonitorReportCallBack callback %d %s
[SDK] MonitorReportCallBack callback %d %s
[SDK] Upload Report, PID: %d,Name: %s
[SDK] Upload Report, PID: %d,Name: %s
[SDK] Stop Upload Report
[SDK] Stop Upload Report
[DOWN FILE] FileName = %s ,Progress = %.2f%%
[DOWN FILE] FileName = %s ,Progress = %.2f%%
[DOWN FILE] Error FileName = %s
[DOWN FILE] Error FileName = %s
[DOWN FILE] success FileName = %s
[DOWN FILE] success FileName = %s
[RUN FILE] success File = %s
[RUN FILE] success File = %s
ntdll.dll
ntdll.dll
Software\Microsoft\Windows\CurrentVersion\Run
Software\Microsoft\Windows\CurrentVersion\Run
[SDK] CMonitorFolder DoFirstRemove %s
[SDK] CMonitorFolder DoFirstRemove %s
[SDK] CMonitorFolder DoFirstRemove Delete File %s
[SDK] CMonitorFolder DoFirstRemove Delete File %s
[SDK] CMonitorFolder Thread Run %s
[SDK] CMonitorFolder Thread Run %s
[SDK] CMonitorRegistry Delete Reg %s
[SDK] CMonitorRegistry Delete Reg %s
[SDK] CMonitorTrayIcon hide tray icon %s ok !
[SDK] CMonitorTrayIcon hide tray icon %s ok !
AAdvapi32.dll
AAdvapi32.dll
7.10.6030.0
7.10.6030.0
MSVCR71.DLL
MSVCR71.DLL
Visual Studio .NET
Visual Studio .NET
!"754$#8
!"754$#8
ATL Module for Windows (Unicode)
ATL Module for Windows (Unicode)
3, 2, 2, 16
3, 2, 2, 16
shell32.dll
shell32.dll
auto_test.cfg
auto_test.cfg
5,0,2,288
5,0,2,288
id.dat
id.dat
dc.ini
dc.ini
MINITP\BugReport\
MINITP\BugReport\
{C6B7F4D9-8D15-4a48-A722-B54C3D6FCE70}
{C6B7F4D9-8D15-4a48-A722-B54C3D6FCE70}
_67960FC3-A819-4fca-B939-F2B110716584_
_67960FC3-A819-4fca-B939-F2B110716584_
{16C9DF46-AAF4-485d-AABE-4FE09E17E524}
{16C9DF46-AAF4-485d-AABE-4FE09E17E524}
%s=%s
%s=%s
%hu%c%hu%c%hu%c%hu
%hu%c%hu%c%hu%c%hu
http redirect loop for 5 times
http redirect loop for 5 times
http redirect url is invalid
http redirect url is invalid
http header is invalid
http header is invalid
xml no key
xml no key
invalid rsa public key
invalid rsa public key
invalid aes key
invalid aes key
\*.dll
\*.dll
XLBugReport.exe
XLBugReport.exe
XLBugHandler.dll
XLBugHandler.dll
%sThumbs.db
%sThumbs.db
Thumbs.db
Thumbs.db
%s*.*
%s*.*
3.2.1.42
3.2.1.42
M-%.2d-%.2d%.2d:%.2d:%.2d
M-%.2d-%.2d%.2d:%.2d:%.2d
\MiniThunderPlatform.exe"
\MiniThunderPlatform.exe"
ThunderFW.exe
ThunderFW.exe
1, 0, 0, 1
1, 0, 0, 1
MSVCP71.DLL
MSVCP71.DLL
2, 0, 0, 4
2, 0, 0, 4
!"#$%&'()* ,-./012
!"#$%&'()* ,-./012
DLL support by Alessandro Iacopetti & Gilles Vollant
DLL support by Alessandro Iacopetti & Gilles Vollant
download\MiniThunderPlatform.exe
download\MiniThunderPlatform.exe
nkernel32.dll
nkernel32.dll
Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)
Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)
2.0.2.1618
2.0.2.1618
Copyright (C) 2007-2013 xiami.com All Rights Reserved.
Copyright (C) 2007-2013 xiami.com All Rights Reserved.
MiniThunderPlatform.exe_1036:
.textbss1U
.textbss1U
.text
.text
`.rdata
`.rdata
@.data
@.data
.idata
.idata
.rsrc
.rsrc
httpsProxy
httpsProxy
ftpProxy
ftpProxy
httpProxy
httpProxy
dwTcpSpeedLimit
dwTcpSpeedLimit
ref_url_length
ref_url_length
ref_url
ref_url
url_length
url_length
udp_port
udp_port
tcp_port
tcp_port
strCurrentExeFullPath
strCurrentExeFullPath
strExeFullPath
strExeFullPath
bug_report_dir
bug_report_dir
ShExecInfo
ShExecInfo
cmd_line
cmd_line
hKey
hKey
CertInfo
CertInfo
hMsg
hMsg
XLBugReport_path
XLBugReport_path
SSSh5
SSSh5
hXXp://store.paycenter.uc.cn
hXXp://store.paycenter.uc.cn
mail-attachment.googleusercontent.com
mail-attachment.googleusercontent.com
d:\minitp\src\minithunderplatform\src\minithunderplatform\downloadenginemanager.cpp
d:\minitp\src\minithunderplatform\src\minithunderplatform\downloadenginemanager.cpp
80000055
80000055
\/:*?"|
\/:*?"|
d:\minitp\src\minithunderplatform\src\dl_common\common\utility.cpp
d:\minitp\src\minithunderplatform\src\dl_common\common\utility.cpp
_XL_SetAlwaysSendReport@4
_XL_SetAlwaysSendReport@4
_XL_SetReportShowMode@4
_XL_SetReportShowMode@4
_XL_SetBugReportRootDir@4
_XL_SetBugReportRootDir@4
unknown SDParameterType: %d when SDParameter::encode_data
unknown SDParameterType: %d when SDParameter::encode_data
unknown SDParameterType: %d when SDParameter::decode_data
unknown SDParameterType: %d when SDParameter::decode_data
Kernel32.dll
Kernel32.dll
Run-Time Check Failure #%d - %s
Run-Time Check Failure #%d - %s
MSPDB71.DLL
MSPDB71.DLL
PSAPI.DLL
PSAPI.DLL
IMAGEHLP.DLL
IMAGEHLP.DLL
KERNEL32.DLL
KERNEL32.DLL
RegCloseKey
RegCloseKey
RegOpenKeyExA
RegOpenKeyExA
ADVAPI32.DLL
ADVAPI32.DLL
d:\MiniTP\Src\MiniThunderPlatform\pdb\ProductForCommon\MiniThunderPlatform.pdb
d:\MiniTP\Src\MiniThunderPlatform\pdb\ProductForCommon\MiniThunderPlatform.pdb
||80000360
||80000360
VERSION.dll
VERSION.dll
RASAPI32.dll
RASAPI32.dll
KERNEL32.dll
KERNEL32.dll
USER32.dll
USER32.dll
RegCreateKeyExW
RegCreateKeyExW
ADVAPI32.dll
ADVAPI32.dll
ShellExecuteExW
ShellExecuteExW
SHELL32.dll
SHELL32.dll
ole32.dll
ole32.dll
OLEAUT32.dll
OLEAUT32.dll
MSVCP71.dll
MSVCP71.dll
SHLWAPI.dll
SHLWAPI.dll
MSVCR71.dll
MSVCR71.dll
_CRT_RTC_INIT
_CRT_RTC_INIT
_wcmdln
_wcmdln
_amsg_exit
_amsg_exit
CryptMsgClose
CryptMsgClose
CertCloseStore
CertCloseStore
CertFreeCertificateContext
CertFreeCertificateContext
CertGetNameStringW
CertGetNameStringW
CertFindCertificateInStore
CertFindCertificateInStore
CryptMsgGetParam
CryptMsgGetParam
CRYPT32.dll
CRYPT32.dll
GetProcessHeap
GetProcessHeap
id.dat
id.dat
dl_peer_id.dll
dl_peer_id.dll
dc.ini
dc.ini
download_engine.dll
download_engine.dll
MINITP\BugReport\
MINITP\BugReport\
{C6B7F4D9-8D15-4a48-A722-B54C3D6FCE70}
{C6B7F4D9-8D15-4a48-A722-B54C3D6FCE70}
_67960FC3-A819-4fca-B939-F2B110716584_
_67960FC3-A819-4fca-B939-F2B110716584_
{16C9DF46-AAF4-485d-AABE-4FE09E17E524}
{16C9DF46-AAF4-485d-AABE-4FE09E17E524}
%s=%s
%s=%s
%hu%c%hu%c%hu%c%hu
%hu%c%hu%c%hu%c%hu
http redirect loop for 5 times
http redirect loop for 5 times
http redirect url is invalid
http redirect url is invalid
http header is invalid
http header is invalid
xml no key
xml no key
invalid rsa public key
invalid rsa public key
invalid aes key
invalid aes key
shell32.dll
shell32.dll
\*.dll
\*.dll
XLBugReport.exe
XLBugReport.exe
XLBugHandler.dll
XLBugHandler.dll
%sThumbs.db
%sThumbs.db
Thumbs.db
Thumbs.db
%s*.*
%s*.*
3.2.1.42
3.2.1.42
ADSkip.exe_756:
.text
.text
`.rdata
`.rdata
@.data
@.data
.rsrc
.rsrc
@.reloc
@.reloc
w%s(
w%s(
.FAy-
.FAy-
-5-5--678
-5-5--678
-[\]^_-7
-[\]^_-7
|$L.uV
|$L.uV
.tD8E
.tD8E
%uU9t$Xu?
%uU9t$Xu?
|$X.uHj
|$X.uHj
22222222
22222222
22222222222222222
22222222222222222
|$H%uk
|$H%uk
|$H%u'
|$H%u'
|$H.uH
|$H.uH
%ur9T$
%ur9T$
|$H%u
|$H%u
|$L%u
|$L%u
|$T%u-9L$(V
|$T%u-9L$(V
|$D.uZ
|$D.uZ
~8.uq
~8.uq
~8.uG
~8.uG
<.ta>
<.ta>
j.Yf;
j.Yf;
_tcPVj@
_tcPVj@
.PjRW
.PjRW
broken pipe
broken pipe
inappropriate io control operation
inappropriate io control operation
not supported
not supported
operation in progress
operation in progress
operation not permitted
operation not permitted
operation not supported
operation not supported
operation would block
operation would block
protocol not supported
protocol not supported
function not supported
function not supported
operation canceled
operation canceled
address_family_not_supported
address_family_not_supported
operation_in_progress
operation_in_progress
operation_not_supported
operation_not_supported
protocol_not_supported
protocol_not_supported
operation_would_block
operation_would_block
address family not supported
address family not supported
deflate 1.2.8 Copyright 1995-2013 Jean-loup Gailly and Mark Adler
deflate 1.2.8 Copyright 1995-2013 Jean-loup Gailly and Mark Adler
1.2.8
1.2.8
inflate 1.2.8 Copyright 1995-2013 Mark Adler
inflate 1.2.8 Copyright 1995-2013 Mark Adler
GetProcessWindowStation
GetProcessWindowStation
MaxPolicyElementKey
MaxPolicyElementKey
pExecutionResource
pExecutionResource
X;
X;
%s>
%s>
%s="%s"
%s="%s"
%s='%s'
%s='%s'
version="%s"
version="%s"
encoding="%s"
encoding="%s"
standalone="%s"
standalone="%s"
BDMNetMon.sys
BDMNetMon.sys
kisknl.sys
kisknl.sys
ksapi.sys
ksapi.sys
kisnetmxp.sys
kisnetmxp.sys
{C27B22E3-B783-438a-9A89-FB540D1C83FF}
{C27B22E3-B783-438a-9A89-FB540D1C83FF}
{23D0387D-2353-4DA0-B3F2-BA7F67359928}
{23D0387D-2353-4DA0-B3F2-BA7F67359928}
{ADCA0512-6548-4D8B-A17C-DC8421EE3109}
{ADCA0512-6548-4D8B-A17C-DC8421EE3109}
{FC25C1A5-ADDF-45E3-A380-C9C1A032AB38}
{FC25C1A5-ADDF-45E3-A380-C9C1A032AB38}
{DB44A98E-BC3B-4308-810D-9A73D87F7FD1}
{DB44A98E-BC3B-4308-810D-9A73D87F7FD1}
SQLite format 3
SQLite format 3
REINDEXEDESCAPEACHECKEYBEFOREIGNOREGEXPLAINSTEADDATABASELECTABLEFTHENDEFERRABLELSEXCEPTRANSACTIONATURALTERAISEXCLUSIVEXISTSAVEPOINTERSECTRIGGEREFERENCESCONSTRAINTOFFSETEMPORARYUNIQUERYWITHOUTERELEASEATTACHAVINGROUPDATEBEGINNERECURSIVEBETWEENOTNULLIKECASCADELETECASECOLLATECREATECURRENT_DATEDETACHIMMEDIATEJOINSERTMATCHPLANALYZEPRAGMABORTVALUESVIRTUALIMITWHENWHERENAMEAFTEREPLACEANDEFAULTAUTOINCREMENTCASTCOLUMNCOMMITCONFLICTCROSSCURRENT_TIMESTAMPRIMARYDEFERREDISTINCTDROPFAILFROMFULLGLOBYIFISNULLORDERESTRICTRIGHTROLLBACKROWUNIONUSINGVACUUMVIEWINITIALLY
REINDEXEDESCAPEACHECKEYBEFOREIGNOREGEXPLAINSTEADDATABASELECTABLEFTHENDEFERRABLELSEXCEPTRANSACTIONATURALTERAISEXCLUSIVEXISTSAVEPOINTERSECTRIGGEREFERENCESCONSTRAINTOFFSETEMPORARYUNIQUERYWITHOUTERELEASEATTACHAVINGROUPDATEBEGINNERECURSIVEBETWEENOTNULLIKECASCADELETECASECOLLATECREATECURRENT_DATEDETACHIMMEDIATEJOINSERTMATCHPLANALYZEPRAGMABORTVALUESVIRTUALIMITWHENWHERENAMEAFTEREPLACEANDEFAULTAUTOINCREMENTCASTCOLUMNCOMMITCONFLICTCROSSCURRENT_TIMESTAMPRIMARYDEFERREDISTINCTDROPFAILFROMFULLGLOBYIFISNULLORDERESTRICTRIGHTROLLBACKROWUNIONUSINGVACUUMVIEWINITIALLY
!!""##$$%%&&''(())** ,,--..//00112233445566778899
!!""##$$%%&&''(())** ,,--..//00112233445566778899
CREATE TABLE sqlite_master(
CREATE TABLE sqlite_master(
sql text
sql text
3.10.0
3.10.0
CREATE TEMP TABLE sqlite_temp_master(
CREATE TEMP TABLE sqlite_temp_master(
Shell32.dll
Shell32.dll
%d.%d.%d
%d.%d.%d
6.0.6
6.0.6
Internet Explorer\iexplore.exe
Internet Explorer\iexplore.exe
%d.%d.%d.%d
%d.%d.%d.%d
PathFileExists err %d
PathFileExists err %d
pid = %d
pid = %d
DeleteFile %ws, err = %d
DeleteFile %ws, err = %d
Could not open file (error %d)
Could not open file (error %d)
Could not create file mapping object (%d).
Could not create file mapping object (%d).
Could not map view of file (%d).
Could not map view of file (%d).
SELECT * FROM WINDOWS_FILES WHERE PATH LIKE '%Local State'
SELECT * FROM WINDOWS_FILES WHERE PATH LIKE '%Local State'
Show ads on a webpage
Show ads on a webpage
Block an ad by its URL
Block an ad by its URL
blink.pzz
blink.pzz
cafl.dat
cafl.dat
hXXp://bbs.adskiper.com/showthread.php?tid=2
hXXp://bbs.adskiper.com/showthread.php?tid=2
SQLITE_
SQLITE_
d-d-d d:d:d
d-d-d d:d:d
d:d:d
d:d:d
d-d-d
d-d-d
failed to allocate %u bytes of memory
failed to allocate %u bytes of memory
failed memory resize %u to %u bytes
failed memory resize %u to %u bytes
922337203685477580
922337203685477580
API call with %s database connection pointer
API call with %s database connection pointer
RowKey
RowKey
GetProcessHeap
GetProcessHeap
os_win.c:%d: (%lu) %s(%s) - %s
os_win.c:%d: (%lu) %s(%s) - %s
delayed %dms for lock/sharing conflict at line %d
delayed %dms for lock/sharing conflict at line %d
%s-shm
%s-shm
%s%c%s
%s%c%s
recovered %d pages from %s
recovered %d pages from %s
recovered %d frames from WAL file %s
recovered %d frames from WAL file %s
cannot limit WAL size: %s
cannot limit WAL size: %s
invalid page number %d
invalid page number %d
2nd reference to page %d
2nd reference to page %d
Failed to read ptrmap key=%d
Failed to read ptrmap key=%d
Bad ptr map entry key=%d expected=(%d,%d) got=(%d,%d)
Bad ptr map entry key=%d expected=(%d,%d) got=(%d,%d)
%d of %d pages missing from overflow list starting at %d
%d of %d pages missing from overflow list starting at %d
failed to get page %d
failed to get page %d
freelist leaf count too big on page %d
freelist leaf count too big on page %d
Page %d:
Page %d:
unable to get the page. error code=%d
unable to get the page. error code=%d
btreeInitPage() returns error code %d
btreeInitPage() returns error code %d
On tree page %d cell %d:
On tree page %d cell %d:
On page %d at right child:
On page %d at right child:
Offset %d out of range %d..%d
Offset %d out of range %d..%d
Multiple uses for byte %u of page %d
Multiple uses for byte %u of page %d
Fragmentation of %d bytes reported as %d on page %d
Fragmentation of %d bytes reported as %d on page %d
Page %d is never used
Page %d is never used
Pointer map page %d is referenced
Pointer map page %d is referenced
unknown database %s
unknown database %s
%s(%d)
%s(%d)
%s-mjXXXXXX9XXz
%s-mjXXXXXX9XXz
MJ delete: %s
MJ delete: %s
MJ collide: %s
MJ collide: %s
-mjX9X
-mjX9X
FOREIGN KEY constraint failed
FOREIGN KEY constraint failed
unable to use function %s in the requested context
unable to use function %s in the requested context
bind on a busy prepared statement: [%s]
bind on a busy prepared statement: [%s]
zeroblob(%d)
zeroblob(%d)
FOREIGN KEY
FOREIGN KEY
abort at %d in [%s]: %s
abort at %d in [%s]: %s
%s constraint failed: %s
%s constraint failed: %s
%s constraint failed
%s constraint failed
cannot open savepoint - SQL statements in progress
cannot open savepoint - SQL statements in progress
no such savepoint: %s
no such savepoint: %s
cannot release savepoint - SQL statements in progress
cannot release savepoint - SQL statements in progress
cannot commit transaction - SQL statements in progress
cannot commit transaction - SQL statements in progress
sqlite_temp_master
sqlite_temp_master
sqlite_master
sqlite_master
SELECT name, rootpage, sql FROM '%q'.%s WHERE %s ORDER BY rowid
SELECT name, rootpage, sql FROM '%q'.%s WHERE %s ORDER BY rowid
cannot change %s wal mode from within a transaction
cannot change %s wal mode from within a transaction
database table is locked: %s
database table is locked: %s
statement aborts at %d: [%s] %s
statement aborts at %d: [%s] %s
cannot open value of type %s
cannot open value of type %s
cannot open virtual table: %s
cannot open virtual table: %s
cannot open table without rowid: %s
cannot open table without rowid: %s
cannot open view: %s
cannot open view: %s
no such column: "%s"
no such column: "%s"
foreign key
foreign key
indexed
indexed
cannot open %s column for writing
cannot open %s column for writing
misuse of aliased aggregate %s
misuse of aliased aggregate %s
%s: %s.%s.%s
%s: %s.%s.%s
%s: %s.%s
%s: %s.%s
%s: %s
%s: %s
%s prohibited in %s
%s prohibited in %s
the "." operator
the "." operator
not authorized to use function: %s
not authorized to use function: %s
%r %s BY term out of range - should be between 1 and %d
%r %s BY term out of range - should be between 1 and %d
too many terms in %s BY clause
too many terms in %s BY clause
Expression tree is too large (maximum depth %d)
Expression tree is too large (maximum depth %d)
variable number must be between ?1 and ?%d
variable number must be between ?1 and ?%d
too many SQL variables
too many SQL variables
too many columns in %s
too many columns in %s
EXECUTE %s%s SUBQUERY %d
EXECUTE %s%s SUBQUERY %d
hex literal too big: %s
hex literal too big: %s
misuse of aggregate: %s()
misuse of aggregate: %s()
%.*s"%w"%s
%.*s"%w"%s
%s%.*s"%w"
%s%.*s"%w"
sqlite_rename_table
sqlite_rename_table
sqlite_rename_trigger
sqlite_rename_trigger
sqlite_rename_parent
sqlite_rename_parent
%s OR name=%Q
%s OR name=%Q
type='trigger' AND (%s)
type='trigger' AND (%s)
sqlite_
sqlite_
table %s may not be altered
table %s may not be altered
there is already another table or index with this name: %s
there is already another table or index with this name: %s
view %s may not be altered
view %s may not be altered
UPDATE "%w".%s SET sql = sqlite_rename_parent(sql, %Q, %Q) WHERE %s;
UPDATE "%w".%s SET sql = sqlite_rename_parent(sql, %Q, %Q) WHERE %s;
UPDATE %Q.%s SET sql = CASE WHEN type = 'trigger' THEN sqlite_rename_trigger(sql, %Q)ELSE sqlite_rename_table(sql, %Q) END, tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqlite_autoindex%%' AND type='index' THEN 'sqlite_autoindex_' || %Q || substr(name,%d 18) ELSE name END WHERE tbl_name=%Q COLLATE nocase AND (type='table' OR type='index' OR type='trigger');
UPDATE %Q.%s SET sql = CASE WHEN type = 'trigger' THEN sqlite_rename_trigger(sql, %Q)ELSE sqlite_rename_table(sql, %Q) END, tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqlite_autoindex%%' AND type='index' THEN 'sqlite_autoindex_' || %Q || substr(name,%d 18) ELSE name END WHERE tbl_name=%Q COLLATE nocase AND (type='table' OR type='index' OR type='trigger');
sqlite_sequence
sqlite_sequence
UPDATE "%w".sqlite_sequence set name = %Q WHERE name = %Q
UPDATE "%w".sqlite_sequence set name = %Q WHERE name = %Q
UPDATE sqlite_temp_master SET sql = sqlite_rename_trigger(sql, %Q), tbl_name = %Q WHERE %s;
UPDATE sqlite_temp_master SET sql = sqlite_rename_trigger(sql, %Q), tbl_name = %Q WHERE %s;
Cannot add a PRIMARY KEY column
Cannot add a PRIMARY KEY column
UPDATE "%w".%s SET sql = substr(sql,1,%d) || ', ' || %Q || substr(sql,%d) WHERE type = 'table' AND name = %Q
UPDATE "%w".%s SET sql = substr(sql,1,%d) || ', ' || %Q || substr(sql,%d) WHERE type = 'table' AND name = %Q
sqlite_altertab_%s
sqlite_altertab_%s
sqlite_stat1
sqlite_stat1
sqlite_stat3
sqlite_stat3
sqlite_stat4
sqlite_stat4
CREATE TABLE %Q.%s(%s)
CREATE TABLE %Q.%s(%s)
DELETE FROM %Q.%s WHERE %s=%Q
DELETE FROM %Q.%s WHERE %s=%Q
sqlite_%
sqlite_%
SELECT tbl,idx,stat FROM %Q.sqlite_stat1
SELECT tbl,idx,stat FROM %Q.sqlite_stat1
too many attached databases - max %d
too many attached databases - max %d
database %s is already in use
database %s is already in use
unable to open database: %s
unable to open database: %s
no such database: %s
no such database: %s
cannot detach database %s
cannot detach database %s
database %s is locked
database %s is locked
sqlite_detach
sqlite_detach
sqlite_attach
sqlite_attach
%s %T cannot reference objects in database %s
%s %T cannot reference objects in database %s
%s cannot use variables
%s cannot use variables
access to %s.%s.%s is prohibited
access to %s.%s.%s is prohibited
access to %s.%s is prohibited
access to %s.%s is prohibited
object name reserved for internal use: %s
object name reserved for internal use: %s
there is already an index named %s
there is already an index named %s
too many columns on %s
too many columns on %s
duplicate column name: %s
duplicate column name: %s
default value of column [%s] is not constant
default value of column [%s] is not constant
table "%s" has more than one primary key
table "%s" has more than one primary key
AUTOINCREMENT is only allowed on an INTEGER PRIMARY KEY
AUTOINCREMENT is only allowed on an INTEGER PRIMARY KEY
PRIMARY KEY missing on table %s
PRIMARY KEY missing on table %s
CREATE %s %.*s
CREATE %s %.*s
UPDATE %Q.%s SET type='%s', name=%Q, tbl_name=%Q, rootpage=#%d, sql=%Q WHERE rowid=#%d
UPDATE %Q.%s SET type='%s', name=%Q, tbl_name=%Q, rootpage=#%d, sql=%Q WHERE rowid=#%d
CREATE TABLE %Q.sqlite_sequence(name,seq)
CREATE TABLE %Q.sqlite_sequence(name,seq)
view %s is circularly defined
view %s is circularly defined
UPDATE %Q.%s SET rootpage=%d WHERE #%d AND rootpage=#%d
UPDATE %Q.%s SET rootpage=%d WHERE #%d AND rootpage=#%d
sqlite_stat%d
sqlite_stat%d
DELETE FROM %Q.sqlite_sequence WHERE name=%Q
DELETE FROM %Q.sqlite_sequence WHERE name=%Q
DELETE FROM %Q.%s WHERE tbl_name=%Q and type!='trigger'
DELETE FROM %Q.%s WHERE tbl_name=%Q and type!='trigger'
sqlite_stat
sqlite_stat
table %s may not be dropped
table %s may not be dropped
use DROP TABLE to delete table %s
use DROP TABLE to delete table %s
use DROP VIEW to delete view %s
use DROP VIEW to delete view %s
foreign key on %s should reference only one column of table %T
foreign key on %s should reference only one column of table %T
number of columns in foreign key does not match the number of columns in the referenced table
number of columns in foreign key does not match the number of columns in the referenced table
unknown column "%s" in foreign key definition
unknown column "%s" in foreign key definition
cannot create a TEMP index on non-TEMP table "%s"
cannot create a TEMP index on non-TEMP table "%s"
table %s may not be indexed
table %s may not be indexed
views may not be indexed
views may not be indexed
virtual tables may not be indexed
virtual tables may not be indexed
there is already a table named %s
there is already a table named %s
index %s already exists
index %s already exists
sqlite_autoindex_%s_%d
sqlite_autoindex_%s_%d
expressions prohibited in PRIMARY KEY and UNIQUE constraints
expressions prohibited in PRIMARY KEY and UNIQUE constraints
CREATE%s INDEX %.*s
CREATE%s INDEX %.*s
INSERT INTO %Q.%s VALUES('index',%Q,%Q,#%d,%Q);
INSERT INTO %Q.%s VALUES('index',%Q,%Q,#%d,%Q);
no such index: %S
no such index: %S
index associated with UNIQUE or PRIMARY KEY constraint cannot be dropped
index associated with UNIQUE or PRIMARY KEY constraint cannot be dropped
DELETE FROM %Q.%s WHERE name=%Q AND type='index'
DELETE FROM %Q.%s WHERE name=%Q AND type='index'
a JOIN clause is required before %s
a JOIN clause is required before %s
%s.%s
%s.%s
%s.rowid
%s.rowid
unable to identify the object to be reindexed
unable to identify the object to be reindexed
duplicate WITH table name: %s
duplicate WITH table name: %s
no such collation sequence: %s
no such collation sequence: %s
table %s may not be modified
table %s may not be modified
cannot modify %s because it is a view
cannot modify %s because it is a view
sqlite_version
sqlite_version
sqlite_source_id
sqlite_source_id
sqlite_log
sqlite_log
sqlite_compileoption_used
sqlite_compileoption_used
sqlite_compileoption_get
sqlite_compileoption_get
foreign key mismatch - "%w" referencing "%w"
foreign key mismatch - "%w" referencing "%w"
table %S has no column named %s
table %S has no column named %s
table %S has %d columns but %d values were supplied
table %S has %d columns but %d values were supplied
%d values for %d columns
%d values for %d columns
sqlite3_extension_init
sqlite3_extension_init
unable to open shared library [%s]
unable to open shared library [%s]
sqlite3_
sqlite3_
no entry point [%s] in shared library [%s]
no entry point [%s] in shared library [%s]
error during initialization: %s
error during initialization: %s
automatic extension loading failed: %s
automatic extension loading failed: %s
defer_foreign_keys
defer_foreign_keys
foreign_key_check
foreign_key_check
foreign_key_list
foreign_key_list
foreign_keys
foreign_keys
*** in database %s ***
*** in database %s ***
NULL value in %s.%s
NULL value in %s.%s
unsupported encoding: %s
unsupported encoding: %s
malformed database schema (%s)
malformed database schema (%s)
%z - %s
%z - %s
unsupported file format
unsupported file format
SELECT name, rootpage, sql FROM '%q'.%s ORDER BY rowid
SELECT name, rootpage, sql FROM '%q'.%s ORDER BY rowid
database schema is locked: %s
database schema is locked: %s
unknown or unsupported join type: %T %T%s%T
unknown or unsupported join type: %T %T%s%T
RIGHT and FULL OUTER JOINs are not currently supported
RIGHT and FULL OUTER JOINs are not currently supported
a NATURAL join may not have an ON or USING clause
a NATURAL join may not have an ON or USING clause
cannot have both ON and USING clauses in the same join
cannot have both ON and USING clauses in the same join
cannot join using column %s - column not present in both tables
cannot join using column %s - column not present in both tables
USE TEMP B-TREE FOR %s
USE TEMP B-TREE FOR %s
COMPOUND SUBQUERIES %d AND %d %s(%s)
COMPOUND SUBQUERIES %d AND %d %s(%s)
column%d
column%d
%.*z:%u
%.*z:%u
recursive aggregate queries not supported
recursive aggregate queries not supported
ORDER BY clause should come after %s not before
ORDER BY clause should come after %s not before
LIMIT clause should come after %s not before
LIMIT clause should come after %s not before
SELECTs to the left and right of %s do not have the same number of result columns
SELECTs to the left and right of %s do not have the same number of result columns
no such index: %s
no such index: %s
'%s' is not a function
'%s' is not a function
multiple references to recursive table: %s
multiple references to recursive table: %s
circular reference: %s
circular reference: %s
table %s has %d values for %d columns
table %s has %d values for %d columns
multiple recursive references: %s
multiple recursive references: %s
recursive reference in a subquery: %s
recursive reference in a subquery: %s
sqlite_sq_%p
sqlite_sq_%p
too many references to "%s": max 65535
too many references to "%s": max 65535
%s.%s.%s
%s.%s.%s
no such table: %s
no such table: %s
SCAN TABLE %s%s%s
SCAN TABLE %s%s%s
expected %d columns for '%s' but got %d
expected %d columns for '%s' but got %d
sqlite3_get_table() called with two or more incompatible queries
sqlite3_get_table() called with two or more incompatible queries
cannot create %s trigger on view: %S
cannot create %s trigger on view: %S
cannot create INSTEAD OF trigger on table: %S
cannot create INSTEAD OF trigger on table: %S
INSERT INTO %Q.%s VALUES('trigger',%Q,%Q,0,'CREATE TRIGGER %q')
INSERT INTO %Q.%s VALUES('trigger',%Q,%Q,0,'CREATE TRIGGER %q')
no such trigger: %S
no such trigger: %S
DELETE FROM %Q.%s WHERE name=%Q AND type='trigger'
DELETE FROM %Q.%s WHERE name=%Q AND type='trigger'
-- TRIGGER %s
-- TRIGGER %s
no such column: %s
no such column: %s
cannot VACUUM - SQL statements in progress
cannot VACUUM - SQL statements in progress
PRAGMA vacuum_db.synchronous=OFF
PRAGMA vacuum_db.synchronous=OFF
SELECT 'CREATE TABLE vacuum_db.' || substr(sql,14) FROM sqlite_master WHERE type='table' AND name!='sqlite_sequence' AND coalesce(rootpage,1)>0
SELECT 'CREATE TABLE vacuum_db.' || substr(sql,14) FROM sqlite_master WHERE type='table' AND name!='sqlite_sequence' AND coalesce(rootpage,1)>0
SELECT 'CREATE INDEX vacuum_db.' || substr(sql,14) FROM sqlite_master WHERE sql LIKE 'CREATE INDEX %'
SELECT 'CREATE INDEX vacuum_db.' || substr(sql,14) FROM sqlite_master WHERE sql LIKE 'CREATE INDEX %'
SELECT 'CREATE UNIQUE INDEX vacuum_db.' || substr(sql,21) FROM sqlite_master WHERE sql LIKE 'CREATE UNIQUE INDEX %'
SELECT 'CREATE UNIQUE INDEX vacuum_db.' || substr(sql,21) FROM sqlite_master WHERE sql LIKE 'CREATE UNIQUE INDEX %'
SELECT 'INSERT INTO vacuum_db.' || quote(name) || ' SELECT * FROM main.' || quote(name) || ';'FROM main.sqlite_master WHERE type = 'table' AND name!='sqlite_sequence' AND coalesce(rootpage,1)>0
SELECT 'INSERT INTO vacuum_db.' || quote(name) || ' SELECT * FROM main.' || quote(name) || ';'FROM main.sqlite_master WHERE type = 'table' AND name!='sqlite_sequence' AND coalesce(rootpage,1)>0
SELECT 'DELETE FROM vacuum_db.' || quote(name) || ';' FROM vacuum_db.sqlite_master WHERE name='sqlite_sequence'
SELECT 'DELETE FROM vacuum_db.' || quote(name) || ';' FROM vacuum_db.sqlite_master WHERE name='sqlite_sequence'
SELECT 'INSERT INTO vacuum_db.' || quote(name) || ' SELECT * FROM main.' || quote(name) || ';' FROM vacuum_db.sqlite_master WHERE name=='sqlite_sequence';
SELECT 'INSERT INTO vacuum_db.' || quote(name) || ' SELECT * FROM main.' || quote(name) || ';' FROM vacuum_db.sqlite_master WHERE name=='sqlite_sequence';
INSERT INTO vacuum_db.sqlite_master SELECT type, name, tbl_name, rootpage, sql FROM main.sqlite_master WHERE type='view' OR type='trigger' OR (type='table' AND rootpage=0)
INSERT INTO vacuum_db.sqlite_master SELECT type, name, tbl_name, rootpage, sql FROM main.sqlite_master WHERE type='view' OR type='trigger' OR (type='table' AND rootpage=0)
UPDATE %Q.%s SET type='table', name=%Q, tbl_name=%Q, rootpage=0, sql=%Q WHERE rowid=#%d
UPDATE %Q.%s SET type='table', name=%Q, tbl_name=%Q, rootpage=0, sql=%Q WHERE rowid=#%d
vtable constructor called recursively: %s
vtable constructor called recursively: %s
vtable constructor failed: %s
vtable constructor failed: %s
vtable constructor did not declare schema: %s
vtable constructor did not declare schema: %s
no such module: %s
no such module: %s
ANY(%s)
ANY(%s)
SUBQUERY %d
SUBQUERY %d
TABLE %s
TABLE %s
AS %s
AS %s
PRIMARY KEY
PRIMARY KEY
COVERING INDEX %s
COVERING INDEX %s
INDEX %s
INDEX %s
USING INTEGER PRIMARY KEY (rowid%s?)
USING INTEGER PRIMARY KEY (rowid%s?)
VIRTUAL TABLE INDEX %d:%s
VIRTUAL TABLE INDEX %d:%s
too many arguments on %s() - max %d
too many arguments on %s() - max %d
automatic index on %s(%s)
automatic index on %s(%s)
table %s: xBestIndex returned an invalid plan
table %s: xBestIndex returned an invalid plan
%s.xBestIndex() malfunction
%s.xBestIndex() malfunction
at most %d tables in a join
at most %d tables in a join
the INDEXED BY clause is not allowed on UPDATE or DELETE statements within triggers
the INDEXED BY clause is not allowed on UPDATE or DELETE statements within triggers
the NOT INDEXED clause is not allowed on UPDATE or DELETE statements within triggers
the NOT INDEXED clause is not allowed on UPDATE or DELETE statements within triggers
SQL logic error or missing database
SQL logic error or missing database
unknown operation
unknown operation
large file support is disabled
large file support is disabled
unknown database: %s
unknown database: %s
no such %s mode: %s
no such %s mode: %s
%s mode not allowed: %s
%s mode not allowed: %s
no such vfs: %s
no such vfs: %s
database corruption at line %d of [%.10s]
database corruption at line %d of [%.10s]
misuse at line %d of [%.10s]
misuse at line %d of [%.10s]
cannot open file at line %d of [%.10s]
cannot open file at line %d of [%.10s]
no such table column: %s.%s
no such table column: %s.%s
GetLexerCount
GetLexerCount
GetLexerName
GetLexerName
GetLexerFactory
GetLexerFactory
%c%c X X
%c%c X X
JOIN
JOIN
REPORT
REPORT
Clarion Keywords
Clarion Keywords
fold.at.else
fold.at.else
0123456789
0123456789
01234567
01234567
Primary keywords and identifiers
Primary keywords and identifiers
Secondary keywords and identifiers
Secondary keywords and identifiers
Documentation comment keywords
Documentation comment keywords
Task marker and error marker keywords
Task marker and error marker keywords
styling.within.preprocessor
styling.within.preprocessor
Set to 0 to disallow the '$' character in identifiers with the cpp lexer.
Set to 0 to disallow the '$' character in identifiers with the cpp lexer.
lexer.cpp.allow.dollars
lexer.cpp.allow.dollars
lexer.cpp.track.preprocessor
lexer.cpp.track.preprocessor
lexer.cpp.update.preprocessor
lexer.cpp.update.preprocessor
lexer.cpp.verbatim.strings.allow.escapes
lexer.cpp.verbatim.strings.allow.escapes
lexer.cpp.triplequoted.strings
lexer.cpp.triplequoted.strings
lexer.cpp.hashquoted.strings
lexer.cpp.hashquoted.strings
lexer.cpp.backquoted.strings
lexer.cpp.backquoted.strings
lexer.cpp.escape.sequence
lexer.cpp.escape.sequence
fold.cpp.syntax.based
fold.cpp.syntax.based
This option enables folding multi-line comments and explicit fold points when using the C lexer. Explicit fold points allows adding extra folding by placing a //{ comment at the start and a //} at the end of a section that should fold.
This option enables folding multi-line comments and explicit fold points when using the C lexer. Explicit fold points allows adding extra folding by placing a //{ comment at the start and a //} at the end of a section that should fold.
fold.comment
fold.comment
Set this property to 0 to disable folding multi-line comments when fold.comment=1.
Set this property to 0 to disable folding multi-line comments when fold.comment=1.
fold.cpp.comment.multiline
fold.cpp.comment.multiline
Set this property to 0 to disable folding explicit fold points when fold.comment=1.
Set this property to 0 to disable folding explicit fold points when fold.comment=1.
fold.cpp.comment.explicit
fold.cpp.comment.explicit
fold.cpp.explicit.start
fold.cpp.explicit.start
fold.cpp.explicit.end
fold.cpp.explicit.end
fold.cpp.explicit.anywhere
fold.cpp.explicit.anywhere
This option enables folding preprocessor directives when using the C lexer. Includes C#'s explicit #region and #endregion folding directives.
This option enables folding preprocessor directives when using the C lexer. Includes C#'s explicit #region and #endregion folding directives.
fold.preprocessor
fold.preprocessor
fold.compact
fold.compact
([{=,:;!%^&*|?~ -
([{=,:;!%^&*|?~ -
$@\&#{}[]
$@\&#{}[]
lexer.css.scss.language
lexer.css.scss.language
lexer.css.less.language
lexer.css.less.language
lexer.css.hss.language
lexer.css.hss.language
important
important
Operators
Operators
mssql
mssql
msgid
msgid
msgstr
msgstr
msgctxt
msgctxt
ps.level
ps.level
PS Level 1 operators
PS Level 1 operators
PS Level 2 operators
PS Level 2 operators
PS Level 3 operators
PS Level 3 operators
RIP-specific operators
RIP-specific operators
User-defined operators
User-defined operators
Keywords
Keywords
tab.timmy.whinge.level
tab.timmy.whinge.level
lexer.python.literals.binary
lexer.python.literals.binary
lexer.python.strings.u
lexer.python.strings.u
lexer.python.strings.b
lexer.python.strings.b
lexer.python.strings.over.newline
lexer.python.strings.over.newline
When enabled, it will not style keywords2 items that are used as a sub-identifier. Example: when set, will not highlight "foo.open" when "open" is a keywords2 item.
When enabled, it will not style keywords2 items that are used as a sub-identifier. Example: when set, will not highlight "foo.open" when "open" is a keywords2 item.
lexer.python.keywords2.no.sub.identifiers
lexer.python.keywords2.no.sub.identifiers
This option enables folding multi-line quoted strings when using the Python lexer.
This option enables folding multi-line quoted strings when using the Python lexer.
fold.quotes.python
fold.quotes.python
import
import
cimport
cimport
TCL Keywords
TCL Keywords
TK Keywords
TK Keywords
iTCL Keywords
iTCL Keywords
Directive operands
Directive operands
lexer.asm.comment.delimiter
lexer.asm.comment.delimiter
fold.asm.syntax.based
fold.asm.syntax.based
fold.asm.comment.multiline
fold.asm.comment.multiline
This option enables folding explicit fold points when using the Asm lexer. Explicit fold points allows adding extra folding by placing a ;{ comment at the start and a ;} at the end of a section that should fold.
This option enables folding explicit fold points when using the Asm lexer. Explicit fold points allows adding extra folding by placing a ;{ comment at the start and a ;} at the end of a section that should fold.
fold.asm.comment.explicit
fold.asm.comment.explicit
fold.asm.explicit.start
fold.asm.explicit.start
fold.asm.explicit.end
fold.asm.explicit.end
fold.asm.explicit.anywhere
fold.asm.explicit.anywhere
Reserved operators
Reserved operators
Set to 0 to disallow the '#' character at the end of identifiers and literals with the haskell lexer (GHC -XMagicHash extension)
Set to 0 to disallow the '#' character at the end of identifiers and literals with the haskell lexer (GHC -XMagicHash extension)
lexer.haskell.allow.hash
lexer.haskell.allow.hash
lexer.haskell.allow.quotes
lexer.haskell.allow.quotes
Set to 1 to allow the '?' character at the start of identifiers with the haskell lexer (GHC & Hugs -XImplicitParams extension)
Set to 1 to allow the '?' character at the start of identifiers with the haskell lexer (GHC & Hugs -XImplicitParams extension)
lexer.haskell.allow.questionmark
lexer.haskell.allow.questionmark
Set to 0 to disallow "safe" keyword in imports (GHC -XSafe, -XTrustworthy, -XUnsafe extensions)
Set to 0 to disallow "safe" keyword in imports (GHC -XSafe, -XTrustworthy, -XUnsafe extensions)
lexer.haskell.import.safe
lexer.haskell.import.safe
lexer.haskell.cpp
lexer.haskell.cpp
Set to 1 to enable folding of import declarations
Set to 1 to enable folding of import declarations
fold.haskell.imports
fold.haskell.imports
()[]{}:=;-\/&%$! |^?,.*~@
()[]{}:=;-\/&%$! |^?,.*~@
fold.comment.nimrod
fold.comment.nimrod
fold.quotes.nimrod
fold.quotes.nimrod
area base basefont br col command embed frame hr img input isindex keygen link meta param source track wbr
area base basefont br col command embed frame hr img input isindex keygen link meta param source track wbr
asp.default.language
asp.default.language
fold.html
fold.html
fold.html.preprocessor
fold.html.preprocessor
fold.hypertext.comment
fold.hypertext.comment
fold.hypertext.heredoc
fold.hypertext.heredoc
html.tags.case.sensitive
html.tags.case.sensitive
lexer.xml.allow.scripts
lexer.xml.allow.scripts
lexer.html.mako
lexer.html.mako
lexer.html.django
lexer.html.django
([{=,:;!%^&*|?~
([{=,:;!%^&*|?~
.xXabcdefABCDEF
.xXabcdefABCDEF
JavaScript keywords
JavaScript keywords
VBScript keywords
VBScript keywords
Python keywords
Python keywords
PHP keywords
PHP keywords
SGML and DTD keywords
SGML and DTD keywords
%D \module
%D \module
lexer.metapost.comment.process
lexer.metapost.comment.process
lexer.metapost.interface.default
lexer.metapost.interface.default
Set to 0 to disable folding Pod blocks when using the Perl lexer.
Set to 0 to disable folding Pod blocks when using the Perl lexer.
fold.perl.pod
fold.perl.pod
Set to 0 to disable folding packages when using the Perl lexer.
Set to 0 to disable folding packages when using the Perl lexer.
fold.perl.package
fold.perl.package
fold.perl.comment.explicit
fold.perl.comment.explicit
fold.perl.at.else
fold.perl.at.else
"$;&`' ,./\%:=~!?@[]
"$;&`' ,./\%:=~!?@[]
^&\()- =|{}[]:;>,?!.~
^&\()- =|{}[]:;>,?!.~
\[$@%&* ];
\[$@%&* ];
Language Keywords
Language Keywords
lexer.caml.magic
lexer.caml.magic
!~=@^ -*/()[];,:.#
!~=@^ -*/()[];,:.#
)]};,'"`#
)]};,'"`#
!$%&* -./:?@^|~
!$%&* -./:?@^|~
Keywords2
Keywords2
Keywords3
Keywords3
Sequence keywords and identifiers
Sequence keywords and identifiers
User defined keywords and identifiers
User defined keywords and identifiers
SQL*Plus
SQL*Plus
User Keywords 1
User Keywords 1
User Keywords 2
User Keywords 2
User Keywords 3
User Keywords 3
User Keywords 4
User Keywords 4
This option enables SQL folding on a "ELSE" and "ELSIF" line of an IF statement.
This option enables SQL folding on a "ELSE" and "ELSIF" line of an IF statement.
fold.sql.at.else
fold.sql.at.else
fold.sql.only.begin
fold.sql.only.begin
lexer.sql.backticks.identifier
lexer.sql.backticks.identifier
If "lexer.sql.numbersign.comment" property is set to 0 a line beginning with '#' will not be a comment.
If "lexer.sql.numbersign.comment" property is set to 0 a line beginning with '#' will not be a comment.
lexer.sql.numbersign.comment
lexer.sql.numbersign.comment
Enables backslash as an escape character in SQL.
Enables backslash as an escape character in SQL.
sql.backslash.escapes
sql.backslash.escapes
Set to 1 to colourise recognized words with dots (recommended for Oracle PL/SQL objects).
Set to 1 to colourise recognized words with dots (recommended for Oracle PL/SQL objects).
lexer.sql.allow.dotted.word
lexer.sql.allow.dotted.word
This option enables folding multi-line comments when using the Verilog lexer.
This option enables folding multi-line comments when using the Verilog lexer.
This option enables folding preprocessor directives when using the Verilog lexer.
This option enables folding preprocessor directives when using the Verilog lexer.
fold.verilog.flags
fold.verilog.flags
lexer.verilog.track.preprocessor
lexer.verilog.track.preprocessor
lexer.verilog.update.preprocessor
lexer.verilog.update.preprocessor
Set to 1 to style input, output, and inout ports differently from regular keywords.
Set to 1 to style input, output, and inout ports differently from regular keywords.
lexer.verilog.portstyling
lexer.verilog.portstyling
Set to 1 to style identifiers that are all uppercase as documentation keyword.
Set to 1 to style identifiers that are all uppercase as documentation keyword.
lexer.verilog.allupperkeywords
lexer.verilog.allupperkeywords
lexer.verilog.fold.preprocessor.else
lexer.verilog.fold.preprocessor.else
join
join
join_any
join_any
join_none
join_none
| || |& & && ; ;; ( ) { }
| || |& & && ; ;; ( ) { }
^&%()- =|{}[]:;>,*/!.~@
^&%()- =|{}[]:;>,*/!.~@
Keywords 1
Keywords 1
Keywords 2
Keywords 2
Keywords 3 (unused)
Keywords 3 (unused)
Keywords 4 (unused)
Keywords 4 (unused)
ReservedKeywords
ReservedKeywords
PragmaKeyswords
PragmaKeyswords
DoxygeneKeywords
DoxygeneKeywords
Major Keywords
Major Keywords
Procedure keywords
Procedure keywords
mysql
mysql
Cmdlets
Cmdlets
-,.=:\@()
-,.=:\@()
lexer.tex.comment.process
lexer.tex.comment.process
lexer.tex.auto.if
lexer.tex.auto.if
lexer.tex.use.keywords
lexer.tex.use.keywords
lexer.tex.interface.default
lexer.tex.interface.default
Unsupported DMIS Minor Words
Unsupported DMIS Minor Words
Unsupported DMIS Major Words
Unsupported DMIS Major Words
Corresponding keywords for code folding end
Corresponding keywords for code folding end
Keywords for code folding start
Keywords for code folding start
control keywords
control keywords
keywords
keywords
string definition keywords
string definition keywords
User defined keywords
User defined keywords
Pascal keywords
Pascal keywords
Predefined keywords
Predefined keywords
Section keywords and Forth words
Section keywords and Forth words
nnCrontab keywords
nnCrontab keywords
exports
exports
lexer.pascal.smart.highlighting
lexer.pascal.smart.highlighting
#$&'()* ,-./:;@[]^{}
#$&'()* ,-./:;@[]^{}
operator
operator
,. -*/:;[]()%&
,. -*/:;[]()%&
fold.at.Parenthese
fold.at.Parenthese
fold.at.Begin
fold.at.Begin
Keywords 6
Keywords 6
Keywords 5
Keywords 5
fold.d.syntax.based
fold.d.syntax.based
Keywords 7
Keywords 7
fold.d.comment.explicit
fold.d.comment.explicit
fold.d.comment.multiline
fold.d.comment.multiline
fold.d.explicit.end
fold.d.explicit.end
fold.d.explicit.start
fold.d.explicit.start
fold.d.explicit.anywhere
fold.d.explicit.anywhere
lexer.d.fold.at.else
lexer.d.fold.at.else
nsis.ignorecase
nsis.ignorecase
nsis.uservars
nsis.uservars
PageExEnd
PageExEnd
nsis.foldutilcmd
nsis.foldutilcmd
Keyword list 2
Keyword list 2
Keyword list 1
Keyword list 1
Keyword list 4
Keyword list 4
Keyword list 3
Keyword list 3
Minor keywords (if, then, try, ...)
Minor keywords (if, then, try, ...)
Major keywords (class, predicates, ...)
Major keywords (class, predicates, ...)
Documentation keywords without the '@' (short, detail, ...)
Documentation keywords without the '@' (short, detail, ...)
Directive keywords without the '#' (include, requires, ...)
Directive keywords without the '#' (include, requires, ...)
BlitzBasic Keywords
BlitzBasic Keywords
PureBasic PreProcessor Keywords
PureBasic PreProcessor Keywords
PureBasic Keywords
PureBasic Keywords
FreeBasic PreProcessor Keywords
FreeBasic PreProcessor Keywords
FreeBasic Keywords
FreeBasic Keywords
This option enables folding explicit fold points when using the Basic lexer. Explicit fold points allows adding extra folding by placing a ;{ (BB/PB) or '{ (FB) comment at the start and a ;} (BB/PB) or '} (FB) at the end of a section that should be folded.
This option enables folding explicit fold points when using the Basic lexer. Explicit fold points allows adding extra folding by placing a ;{ (BB/PB) or '{ (FB) comment at the start and a ;} (BB/PB) or '} (FB) at the end of a section that should be folded.
fold.basic.syntax.based
fold.basic.syntax.based
fold.basic.comment.explicit
fold.basic.comment.explicit
fold.basic.explicit.start
fold.basic.explicit.start
fold.basic.explicit.anywhere
fold.basic.explicit.anywhere
fold.basic.explicit.end
fold.basic.explicit.end
B Keywords
B Keywords
A Keywords
A Keywords
Extended Keywords
Extended Keywords
lexer.flagship.styling.within.preprocessor
lexer.flagship.styling.within.preprocessor
.and.
.and.
.not.
.not.
Keywords Commands
Keywords Commands
Doxygen keywords
Doxygen keywords
Other keywords
Other keywords
fold.rust.syntax.based
fold.rust.syntax.based
Keywords 4
Keywords 4
fold.rust.comment.explicit
fold.rust.comment.explicit
fold.rust.comment.multiline
fold.rust.comment.multiline
fold.rust.explicit.end
fold.rust.explicit.end
fold.rust.explicit.start
fold.rust.explicit.start
fold.rust.explicit.anywhere
fold.rust.explicit.anywhere
lexer.rust.fold.at.else
lexer.rust.fold.at.else
function_keywords
function_keywords
.java:
.java:
lexer.errorlist.value.separate
lexer.errorlist.value.separate
lexer.errorlist.escape.sequences
lexer.errorlist.escape.sequences
Operation Codes
Operation Codes
!?~=@^|& -*/$%()[]{};,:.#
!?~=@^|& -*/$%()[]{};,:.#
)]};,'"#
)]};,'"#
Secondary keywords
Secondary keywords
fold.coffeescript.comment
fold.coffeescript.comment
User keywords
User keywords
escript.case.sensitive
escript.case.sensitive
Functions and special operators
Functions and special operators
fold.directive
fold.directive
#autoit keywords
#autoit keywords
#autoit Sent keys
#autoit Sent keys
*/- ()={}~[];,.^%:#
*/- ()={}~[];,.^%:#
lexer.props.allow.initial.spaces
lexer.props.allow.initial.spaces
%[^.|&=\/]
%[^.|&=\/]
23456789*#$
23456789*#$
tcmd
tcmd
fold.comment.yaml
fold.comment.yaml
PASSED
PASSED
TADS3 Keywords
TADS3 Keywords
%^&*()- ={}[]:;,/?!.~|\
%^&*()- ={}[]:;,/?!.~|\
Keywords and reserved words
Keywords and reserved words
Literal operators
Literal operators
[*!~ -*/$=&^|
[*!~ -*/$=&^|
_~*$?!@/\;,.=:"&`'
_~*$?!@/\;,.=:"&`'
E:\4.0
E:\4.0
\trunk\ADSafe4.0_new\OutPutFile\Release\ADSafe.pdb
\trunk\ADSafe4.0_new\OutPutFile\Release\ADSafe.pdb
ADSafe.exe
ADSafe.exe
KERNEL32.dll
KERNEL32.dll
ExitWindowsEx
ExitWindowsEx
GetKeyState
GetKeyState
USER32.dll
USER32.dll
GDI32.dll
GDI32.dll
RegCreateKeyExW
RegCreateKeyExW
RegQueryInfoKeyW
RegQueryInfoKeyW
RegOpenKeyExW
RegOpenKeyExW
RegEnumKeyExW
RegEnumKeyExW
RegCloseKey
RegCloseKey
ADVAPI32.dll
ADVAPI32.dll
SHELL32.dll
SHELL32.dll
ole32.dll
ole32.dll
OLEAUT32.dll
OLEAUT32.dll
SHDeleteKeyW
SHDeleteKeyW
SHLWAPI.dll
SHLWAPI.dll
PSAPI.DLL
PSAPI.DLL
gdiplus.dll
gdiplus.dll
?ResponseDefaultKeyEvent@WindowImplBase@DuiLib@@MAEJI@Z
?ResponseDefaultKeyEvent@WindowImplBase@DuiLib@@MAEJI@Z
?OnKeyDown@WindowImplBase@DuiLib@@UAEJIIJAAH@Z
?OnKeyDown@WindowImplBase@DuiLib@@UAEJIIJAAH@Z
?GetMessageMap@WindowImplBase@DuiLib@@MBEPBUDUI_MSGMAP@2@XZ
?GetMessageMap@WindowImplBase@DuiLib@@MBEPBUDUI_MSGMAP@2@XZ
?messageMap@CNotifyPump@DuiLib@@1UDUI_MSGMAP@2@B
?messageMap@CNotifyPump@DuiLib@@1UDUI_MSGMAP@2@B
?IsKeyboardEnabled@CControlUI@DuiLib@@UBE_NXZ
?IsKeyboardEnabled@CControlUI@DuiLib@@UBE_NXZ
?SetKeyboardEnabled@CControlUI@DuiLib@@UAEX_N@Z
?SetKeyboardEnabled@CControlUI@DuiLib@@UAEX_N@Z
DuiLib.dll
DuiLib.dll
RPCRT4.dll
RPCRT4.dll
WTSAPI32.dll
WTSAPI32.dll
VERSION.dll
VERSION.dll
FindFirstUrlCacheEntryW
FindFirstUrlCacheEntryW
DeleteUrlCacheEntryW
DeleteUrlCacheEntryW
FindNextUrlCacheEntryW
FindNextUrlCacheEntryW
FindCloseUrlCache
FindCloseUrlCache
WININET.dll
WININET.dll
IMM32.dll
IMM32.dll
GetCPInfo
GetCPInfo
GetKeyboardLayout
GetKeyboardLayout
MsgWaitForMultipleObjects
MsgWaitForMultipleObjects
zcÃ
zcÃ
1.0.523.2104
1.0.523.2104
.?AVunsupported_os@Concurrency@@
.?AVunsupported_os@Concurrency@@
.?AVinvalid_scheduler_policy_key@Concurrency@@
.?AVinvalid_scheduler_policy_key@Concurrency@@
.?AVinvalid_oversubscribe_operation@Concurrency@@
.?AVinvalid_oversubscribe_operation@Concurrency@@
.?AUITopologyExecutionResource@Concurrency@@
.?AUITopologyExecutionResource@Concurrency@@
.?AUIExecutionContext@Concurrency@@
.?AUIExecutionContext@Concurrency@@
.?AVExecutionResource@details@Concurrency@@
.?AVExecutionResource@details@Concurrency@@
.?AUIExecutionResource@Concurrency@@
.?AUIExecutionResource@Concurrency@@
.?AV?$_Func_impl@U?$_Callable_obj@V@@$0A@@std@@V?$allocator@V?$_Func_class@XW4MsgBoxRet@@@std@@@2@XW4MsgBoxRet@@@std@@
.?AV?$_Func_impl@U?$_Callable_obj@V@@$0A@@std@@V?$allocator@V?$_Func_class@XW4MsgBoxRet@@@std@@@2@XW4MsgBoxRet@@@std@@
.?AV?$_Func_base@XW4MsgBoxRet@@@std@@
.?AV?$_Func_base@XW4MsgBoxRet@@@std@@
.?AVCMsgBox@@
.?AVCMsgBox@@
.?AVCMsgDelayHandle@@
.?AVCMsgDelayHandle@@
.?AVinvalid_operation@Concurrency@@
.?AVinvalid_operation@Concurrency@@
.?AURegexError@@
.?AURegexError@@
.?AVDocumentIndexer@?A0x6a166ef8@@
.?AVDocumentIndexer@?A0x6a166ef8@@
.?AVCharacterIndexer@@
.?AVCharacterIndexer@@
.?AVExternalLexerModule@@
.?AVExternalLexerModule@@
.?AVLexerModule@@
.?AVLexerModule@@
.?AVILexerWithSubStyles@@
.?AVILexerWithSubStyles@@
.?AVLexerCPP@@
.?AVLexerCPP@@
.?AUOptionSetCPP@?A0x8efaeb54@@
.?AUOptionSetCPP@?A0x8efaeb54@@
.?AVILexer@@
.?AVILexer@@
.?AVLexerPython@@
.?AVLexerPython@@
.?AVLexerAsm@@
.?AVLexerAsm@@
.?AVLexerHaskell@@
.?AVLexerHaskell@@
.?AVLexerPerl@@
.?AVLexerPerl@@
.?AUOptionSetSQL@@
.?AUOptionSetSQL@@
.?AVLexerSQL@@
.?AVLexerSQL@@
.?AV?$OptionSet@UOptionsSQL@@@@
.?AV?$OptionSet@UOptionsSQL@@@@
.?AVLexerVerilog@@
.?AVLexerVerilog@@
.?AVLexerRegistry@@
.?AVLexerRegistry@@
.?AVLexerDMIS@@
.?AVLexerDMIS@@
.?AVLexerD@@
.?AVLexerD@@
.?AVLexerVisualProlog@@
.?AVLexerVisualProlog@@
.?AVLexerBasic@@
.?AVLexerBasic@@
.?AVLexerRust@@
.?AVLexerRust@@
.?AVLexerLaTeX@@
.?AVLexerLaTeX@@
.?AVLexerBase@@
.?AVLexerBase@@
.?AVLexerSimple@@
.?AVLexerSimple@@
about.png}RY
about.png}RY
about_back.png
about_back.png
add_rules_top.png
add_rules_top.png
bkimage.png
bkimage.png
w.xb?
w.xb?
bottom_layout.png
bottom_layout.png
btn_add.png
btn_add.png
btn_add_filter.png}T
btn_add_filter.png}T
%5xDf
%5xDf
btn_cancel.png}V{XRw
btn_cancel.png}V{XRw
btn_cancle.png}S[h
btn_cancle.png}S[h
btn_close.png}R{
btn_close.png}R{
btn_filterlist_add.pngM
btn_filterlist_add.pngM
btn_filter_cancel.png}Tk8
btn_filter_cancel.png}Tk8
btn_filter_update.png}R
btn_filter_update.png}R
btn_main.png}R
btn_main.png}R
btn_send.png
btn_send.png
btn_submit.png}T{
btn_submit.png}T{
btn_update_code.png}R
btn_update_code.png}R
btn_version_click.png
btn_version_click.png
btn_version_normal.png
btn_version_normal.png
checkbox.png}R
checkbox.png}R
code_enter.png
code_enter.png
customize.png
customize.png
DlgAbout.xml
DlgAbout.xml
DlgAddRules.xml
DlgAddRules.xml
DlgFilterAdd.xml
DlgFilterAdd.xml
DlgMsgBox_Skip.xml
DlgMsgBox_Skip.xml
dlgset_btn.png
dlgset_btn.png
DlgSkip.xml
DlgSkip.xml
DlgUpdate_Skip.xml
DlgUpdate_Skip.xml
email.png
email.png
Filterlists.png}R
Filterlists.png}R
filter_inner_bck.png
filter_inner_bck.png
filter_top.png
filter_top.png
filter_type.png}V{8
filter_type.png}V{8
font.xml
font.xml
green_filter_type.png
green_filter_type.png
headtext_customize.png
headtext_customize.png
h.xO7
h.xO7
headtext_filters.png
headtext_filters.png
headtext_settings.png
headtext_settings.png
hint.png
hint.png
input.png
input.png
layout_bk_left.png
layout_bk_left.png
:(%s~
:(%s~
<.udn>
<.udn>
t,R!G.cH
t,R!G.cH
list_arrow.png
list_arrow.png
list_CustomRule.xml
list_CustomRule.xml
list_custom_close.png}S[H
list_custom_close.png}S[H
list_custom_line.png
list_custom_line.png
list_delete.png}Rw
list_delete.png}Rw
tI3%U
tI3%U
list_filter.xmlm
list_filter.xmlm
list_rulekind.xml
list_rulekind.xml
logo.png
logo.png
main_left_logo.png
main_left_logo.png
main_left_opt_selected.png
main_left_opt_selected.png
main_line.png
main_line.png
menu/bk_top.png
menu/bk_top.png
Ã*m52
Ã*m52
menu/check.png}VgXSg
menu/check.png}VgXSg
menu/help.png}TwXSw
menu/help.png}TwXSw
menu/open.png}Vy8
menu/open.png}Vy8
menu/quit.png}Ty8TQ
menu/quit.png}Ty8TQ
menu_adskip_tray.xml
menu_adskip_tray.xml
Çzc
Çzc
message_box.png
message_box.png
opt.png
opt.png
opt_ok.png
opt_ok.png
progressb.png
progressb.png
progressf.png
progressf.png
refresh.png
refresh.png
scrollbar/scrollbar.xml
scrollbar/scrollbar.xml
scrollbar/scrollbar_bk.png
scrollbar/scrollbar_bk.png
scrollbar/scrollbar_thumb.png
scrollbar/scrollbar_thumb.png
select_line.png
select_line.png
Settings.png
Settings.png
subject_hot.png
subject_hot.png
subject_normal.png
subject_normal.png
Support.png}R
Support.png}R
tab_customize.xml
tab_customize.xml
tab_filterlist.xml
tab_filterlist.xml
tab_settings.xml
tab_settings.xml
tab_support.xml
tab_support.xml
text_filter_type.png}S}
text_filter_type.png}S}
title_customize.png
title_customize.png
a9Ù
a9Ù
4;9%dm
4;9%dm
nI%D
nI%D
title_filterlist.png
title_filterlist.png
title_settings.png
title_settings.png
DHN%U
DHN%U
UN%Ufr
UN%Ufr
Ss7wEb~_
Ss7wEb~_
L%Ud[d
L%Ud[d
a;9L2
a;9L2
Tm.jR
Tm.jR
title_support.png
title_support.png
top.png
top.png
top_about.png
top_about.png
%uI4Z
%uI4Z
triangle.png}SMh
triangle.png}SMh
update_complete.png
update_complete.png
update_failed.png
update_failed.png
verification_code.png
verification_code.png
white_filter_type.png}TwTSw
white_filter_type.png}TwTSw
about.png
about.png
btn_add_filter.png
btn_add_filter.png
btn_cancel.png
btn_cancel.png
btn_cancle.png
btn_cancle.png
btn_close.png
btn_close.png
btn_filterlist_add.png
btn_filterlist_add.png
btn_filter_cancel.png
btn_filter_cancel.png
btn_filter_update.png
btn_filter_update.png
btn_main.png
btn_main.png
btn_submit.png
btn_submit.png
btn_update_code.png
btn_update_code.png
checkbox.png
checkbox.png
Filterlists.png
Filterlists.png
filter_type.png
filter_type.png
list_custom_close.png
list_custom_close.png
list_delete.png
list_delete.png
list_filter.xml
list_filter.xml
menu/check.png
menu/check.png
menu/help.png
menu/help.png
menu/open.png
menu/open.png
menu/quit.png
menu/quit.png
Support.png
Support.png
text_filter_type.png
text_filter_type.png
triangle.png
triangle.png
white_filter_type.png
white_filter_type.png
7%7S7
7%7S7
7#7*71787?7^7
7#7*71787?7^7
6h6D6U6a6r6~6
6h6D6U6a6r6~6
=&>0>)?3?
=&>0>)?3?
3'41464?4
3'41464?4
1(2,20242
1(2,20242
5#5*5/5=5^5
5#5*5/5=5^5
:!:&:4:=:
:!:&:4:=:
:$:):7:@:
:$:):7:@:
9 9$9(9,9
9 9$9(9,9
1 1$1(1,1014181
1 1$1(1,1014181
45
45
0 0$0(0,0
0 0$0(0,0
949'>2>:>
949'>2>:>
= =$=(=,=
= =$=(=,=
.04080
.04080
0"1/181\1
0"1/181\1
? ?$?(?,?0?4?8?
? ?$?(?,?0?4?8?
1$1(1,10173
1$1(1,10173
1$1=1`1}1
1$1=1`1}1
1 1$1(1,101
1 1$1(1,101
:$;(;,;0;4;8;
:$;(;,;0;4;8;
8 8$8(8,80848
8 8$8(8,80848
7 7$7(7,7074787
7 7$7(7,7074787
4 4$4(4,4
4 4$4(4,4
> >$>(>,>0>4>8>
> >$>(>,>0>4>8>
3 3$3(3,3@3`3
3 3$3(3,3@3`3
> >@>\>`>
> >@>\>`>
3$3,343
3$3,343
combase.dll
combase.dll
mscoree.dll
mscoree.dll
- floating point support not loaded
- floating point support not loaded
- CRT not initialized
- CRT not initialized
- Attempt to initialize the CRT more than once.
- Attempt to initialize the CRT more than once.
advapi32.dll
advapi32.dll
portuguese-brazilian
portuguese-brazilian
USER32.DLL
USER32.DLL
nWebPageADCount
nWebPageADCount
iWebPageADTime
iWebPageADTime
YssShare
YssShare
HeapSetInformation Fail ERR=(%d)
HeapSetInformation Fail ERR=(%d)
%u:0xx
%u:0xx
g:0xx
g:0xx
Private_%u_
Private_%u_
CShareObject init osver=%d %d
CShareObject init osver=%d %d
%sMAP_%s
%sMAP_%s
CreateFileMapping %s Fail err=%d...
CreateFileMapping %s Fail err=%d...
initWin7 %s obj=%s Ok
initWin7 %s obj=%s Ok
%sMUTEX_%s
%sMUTEX_%s
CreateMutex %s Fail...
CreateMutex %s Fail...
initWin7 obj=%s ok
initWin7 obj=%s ok
Advapi32.dll
Advapi32.dll
kernel32.dll
kernel32.dll
askProtect64.sys
askProtect64.sys
askProtect.sys
askProtect.sys
\\.\askProtect
\\.\askProtect
adb.exe
adb.exe
askComm.dll
askComm.dll
The Key Components of ADSKIP Updated Successfully. Please Restart your PC.
The Key Components of ADSKIP Updated Successfully. Please Restart your PC.
askUpdate.dll
askUpdate.dll
{904D6AEE-646A-44E6-ABCE-6BAC8CEA45A2}
{904D6AEE-646A-44E6-ABCE-6BAC8CEA45A2}
Global\%s
Global\%s
Key files missing, please reinstall Adskip!
Key files missing, please reinstall Adskip!
action.txt
action.txt
00050000
00050000
00020127
00020127
ADSkipSvc.exe
ADSkipSvc.exe
%s\%s\
%s\%s\
0explorer.exe
0explorer.exe
%s\%s
%s\%s
http\shell\open\command
http\shell\open\command
oWin81_%d
oWin81_%d
Win2012_%d
Win2012_%d
Win8_%d
Win8_%d
Win10_%d
Win10_%d
Win7_%d
Win7_%d
Win2008_%d
Win2008_%d
WinVista_%d
WinVista_%d
Win2003_%d
Win2003_%d
WinXP_%d
WinXP_%d
Win2000_%d
Win2000_%d
ADSkip.exe
ADSkip.exe
Baidu\BaiduBrowser\user_data\default\chrome_profile\Cache
Baidu\BaiduBrowser\user_data\default\chrome_profile\Cache
Google\Chrome\User Data\Default\Cache
Google\Chrome\User Data\Default\Cache
Temp\Maxthon3Cache\Temp\Webkit\Cache
Temp\Maxthon3Cache\Temp\Webkit\Cache
Tencent\QQBrowser\ChromeTab\User Data\Default\Cache
Tencent\QQBrowser\ChromeTab\User Data\Default\Cache
SogouExplorer\Webkit\Default\Cache
SogouExplorer\Webkit\Default\Cache
Opera Software\Opera Stable\Cache
Opera Software\Opera Stable\Cache
360Chrome\Chrome\User Data\Default\Cache
360Chrome\Chrome\User Data\Default\Cache
115Chrome\User Data\Default\Cache
115Chrome\User Data\Default\Cache
2345explorer.exe
2345explorer.exe
360se.exe
360se.exe
360chrome.exe
360chrome.exe
ucbrowser.exe
ucbrowser.exe
baidubrowser.exe
baidubrowser.exe
chrome.exe
chrome.exe
firefox.exe
firefox.exe
sogouexplorer.exe
sogouexplorer.exe
qqbrowser.exe
qqbrowser.exe
maxthon.exe
maxthon.exe
liebao.exe
liebao.exe
opera.exe
opera.exe
theworld.exe
theworld.exe
115chrome.exe
115chrome.exe
taobrowser.exe
taobrowser.exe
YDlgAbout.xml
YDlgAbout.xml
AhXXp://VVV.adskiper.com/license.html#license
AhXXp://VVV.adskiper.com/license.html#license
bbs.adskiper.com
bbs.adskiper.com
VVV.adskiper.com
VVV.adskiper.com
@DlgAddRules.xml
@DlgAddRules.xml
\CustomRule.txt
\CustomRule.txt
@DlgBackUpWait.xml
@DlgBackUpWait.xml
2345Explorer.exe
2345Explorer.exe
Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
Application Data\360Chrome\Chrome\User Data\Default\CacheIE
Application Data\360Chrome\Chrome\User Data\Default\CacheIE
UCBrowser.exe
UCBrowser.exe
\Baidu\BaiduBrowser\user_data\default\settings\user_setting.db
\Baidu\BaiduBrowser\user_data\default\settings\user_setting.db
\Mozilla\Firefox\Profiles
\Mozilla\Firefox\Profiles
*.default*
*.default*
SogouExplorer.exe
SogouExplorer.exe
\SogouExplorer\commcfg.xml
\SogouExplorer\commcfg.xml
Opera
Opera
TheWorld.exe
TheWorld.exe
115Chrome.exe
115Chrome.exe
yyexplorer.exe
yyexplorer.exe
\YYExplorer\User Data\resource.db
\YYExplorer\User Data\resource.db
Software\Microsoft\Windows\CurrentVersion\Uninstall
Software\Microsoft\Windows\CurrentVersion\Uninstall
SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall
SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall
pd.user_setting_cache_dir
pd.user_setting_cache_dir
BCMsgBox
BCMsgBox
DlgMsgBox
DlgMsgBox
Last updated at %s
Last updated at %s
opt_support
opt_support
hXXps://
hXXps://
hXXp://
hXXp://
00020129
00020129
%s%d%s
%s%d%s
hack.ini
hack.ini
%H:%M:%S %m/%d/%Y
%H:%M:%S %m/%d/%Y
szReport_log
szReport_log
max.aquadzign@mail.com
max.aquadzign@mail.com
@5FA7598D-51CD-4B56-84CB-7A996C28CE51.png
@5FA7598D-51CD-4B56-84CB-7A996C28CE51.png
Xblue\optimize_center.png
Xblue\optimize_center.png
blue\optimize_outside.png
blue\optimize_outside.png
msimg32.dll
msimg32.dll
file='right.png' dest='364,2,376,14'
file='right.png' dest='364,2,376,14'
file='right.png' dest='368,16,381,29'
file='right.png' dest='368,16,381,29'
file='right.png' dest='372,26,387,42'
file='right.png' dest='372,26,387,42'
file='right.png' dest='380,40,397,57'
file='right.png' dest='380,40,397,57'
Cblue/Windmill_leaf.png
Cblue/Windmill_leaf.png
CCrashHandler.dll
CCrashHandler.dll
askMisc.dll
askMisc.dll
askWfd.dll
askWfd.dll
askMain.dll
askMain.dll
askRules.dll
askRules.dll
user32.dll
user32.dll
Shlwapi.dll
Shlwapi.dll
Id:%d
Id:%d
shell32.dll
shell32.dll
sShell_TrayWnd
sShell_TrayWnd
VisualStudioEditorOperationsLineCutCopyClipboardTag
VisualStudioEditorOperationsLineCutCopyClipboardTag
rcomctl32.dll
rcomctl32.dll
LD2D1.DLL
LD2D1.DLL
DWRITE.DLL
DWRITE.DLL
Nmshjdic.hanjadic
Nmshjdic.hanjadic
%Program Files%\ADSKIP\ADSkip.exe
%Program Files%\ADSKIP\ADSkip.exe
bfile='right.png' dest='364,2,376,14'
bfile='right.png' dest='364,2,376,14'
bfile='right.png' dest='368,16,381,29'
bfile='right.png' dest='368,16,381,29'
bfile='right.png' dest='372,26,387,42'
bfile='right.png' dest='372,26,387,42'
bfile='right.png' dest='380,40,397,57'
bfile='right.png' dest='380,40,397,57'
ADSkipSvc.exe_2396:
.text
.text
`.rdata
`.rdata
@.data
@.data
.rsrc
.rsrc
@.reloc
@.reloc
broken pipe
broken pipe
inappropriate io control operation
inappropriate io control operation
not supported
not supported
operation in progress
operation in progress
operation not permitted
operation not permitted
operation not supported
operation not supported
operation would block
operation would block
protocol not supported
protocol not supported
function not supported
function not supported
operation canceled
operation canceled
address_family_not_supported
address_family_not_supported
operation_in_progress
operation_in_progress
operation_not_supported
operation_not_supported
protocol_not_supported
protocol_not_supported
operation_would_block
operation_would_block
address family not supported
address family not supported
GetProcessWindowStation
GetProcessWindowStation
operator
operator
E:\4.0
E:\4.0
\trunk\ADSafe4.0_new\OutPutFile\Release\ADSafeSvc.pdb
\trunk\ADSafe4.0_new\OutPutFile\Release\ADSafeSvc.pdb
GetProcessHeap
GetProcessHeap
KERNEL32.dll
KERNEL32.dll
ReportEventW
ReportEventW
ADVAPI32.dll
ADVAPI32.dll
SHELL32.dll
SHELL32.dll
SHLWAPI.dll
SHLWAPI.dll
WTSAPI32.dll
WTSAPI32.dll
USERENV.dll
USERENV.dll
Secur32.dll
Secur32.dll
GetCPInfo
GetCPInfo
zcÃ
zcÃ
9 9$9(9,90949~9
9 9$9(9,90949~9
6%6S6f6
6%6S6f6
3 3-363/4
3 3-363/4
0 0$0(0,000
0 0$0(0,000
mscoree.dll
mscoree.dll
- floating point support not loaded
- floating point support not loaded
- CRT not initialized
- CRT not initialized
- Attempt to initialize the CRT more than once.
- Attempt to initialize the CRT more than once.
USER32.DLL
USER32.DLL
explorer.exe
explorer.exe
nkernel32.dll
nkernel32.dll
%s failed with %d
%s failed with %d
{DB44A98E-BC3B-4308-810D-9A73D87F7FD1}
{DB44A98E-BC3B-4308-810D-9A73D87F7FD1}
Global\ADSafe%s%s
Global\ADSafe%s%s
winlogon.exe
winlogon.exe
%s\%s
%s\%s
"%s" %s
"%s" %s
ADSafe.exe
ADSafe.exe
{904D6AEE-646A-44E6-ABCE-6BAC8CEA45A2}
{904D6AEE-646A-44E6-ABCE-6BAC8CEA45A2}
Global\%s
Global\%s
ADSkip.exe
ADSkip.exe
%Program Files%\ADSKIP\ADSkipSvc.exe
%Program Files%\ADSKIP\ADSkipSvc.exe
1.0.511.2101
1.0.511.2101
UCService.exe_3608:
.text
.text
`.rdata
`.rdata
@.data
@.data
.rsrc
.rsrc
@.reloc
@.reloc
9passZ
9passZ
PSSSSSSh
PSSSSSSh
SSSSh
SSSSh
j.Xf9
j.Xf9
8j.Xf;
8j.Xf;
j.Yf;
j.Yf;
_tcPVj@
_tcPVj@
.PjRW
.PjRW
stats-url
stats-url
os=%d.%d.%d(sp%d.%d)
os=%d.%d.%d(sp%d.%d)
5.6.13381.9
5.6.13381.9
module_code=%d.%d&error_code=%d&customized_data=%s
module_code=%d.%d&error_code=%d&customized_data=%s
bluesky.1.19.1.1.6
bluesky.1.19.1.1.6
hXXps://mmstat.ucweb.com/bluesky.
hXXps://mmstat.ucweb.com/bluesky.
>4%8$81#
>4%8$81#
'';>46#>89
'';>46#>89
90$81#
90$81#
{]wwwwwwu2!6;"6#>89umwu6;#2%u{]wwwwwwu#6#umwu
{]wwwwwwu2!6;"6#>89umwu6;#2%u{]wwwwwwu#6#umwu
$$84>6#>89$
$$84>6#>89$
iu{]wwwwwwu64#8%umwuu]wwww*{]wwww,]wwwwwwu64#>89umwu
iu{]wwwwwwu64#8%umwuu]wwww*{]wwww,]wwwwwwu64#>89umwu
02#!6;u{]wwwwwwu2!6;"6#>89umwu6;#2%u{]wwwwwwu#6#umwu
02#!6;u{]wwwwwwu2!6;"6#>89umwu6;#2%u{]wwwwwwu#6#umwu
u{]wwwwwwu64#8%umwuu]wwww*{]wwww,]wwwwwwu64#>89umwu
u{]wwwwwwu64#8%umwuu]wwww*{]wwww,]wwwwwwu64#>89umwu
u{]wwwwwwu64#8%umwuu]wwww*]ww
u{]wwwwwwu64#8%umwuu]wwww*]ww
5%8 $2%umw
5%8 $2%umw
4u{]wwwwwwu2!6;"6#>89umwu&"2%.u{]wwwwwwu#6#umwu}
4u{]wwwwwwu2!6;"6#>89umwu&"2%.u{]wwwwwwu#6#umwu}
edcb2/';8%2%y2/2}u{]wwwwwwu64#8%umwuu]wwww*{]wwww,]wwwwwwu64#>89umwu
edcb2/';8%2%y2/2}u{]wwwwwwu64#8%umwuu]wwww*{]wwww,]wwwwwwu64#>89umwu
;>2568y2/2}u{]wwwwwwu64#8%umwuu]wwww*{]wwww,]wwwwwwu64#>89umwu
;>2568y2/2}u{]wwwwwwu64#8%umwuu]wwww*{]wwww,]wwwwwwu64#>89umwu
56>3"5%8 $2%y2/2}u{]wwwwwwu64#8%umwuu]wwww*{]wwww,]wwwwwwu64#>89umwu
56>3"5%8 $2%y2/2}u{]wwwwwwu64#8%umwuu]wwww*{]wwww,]wwwwwwu64#>89umwu
$808"2/';8%2%y2/2}u{]wwwwwwu64#8%umwuu]wwww*{]wwww,]wwwwwwu64#>89umwu
$808"2/';8%2%y2/2}u{]wwwwwwu64#8%umwuu]wwww*{]wwww,]wwwwwwu64#>89umwu
dag$2y2/2}u{]wwwwwwu64#8%umwuu]wwww*{]wwww,]wwwwwwu64#>89umwu
dag$2y2/2}u{]wwwwwwu64#8%umwuu]wwww*{]wwww,]wwwwwwu64#>89umwu
dag4?%8:2y2/2}u{]wwwwwwu64#8%umwuu]wwww*]ww
dag4?%8:2y2/2}u{]wwwwwwu64#8%umwuu]wwww*]ww
{]wwwwwwu2!6;"6#>89umwu&"2%.u{]wwwwwwu#6#umwur
{]wwwwwwu2!6;"6#>89umwu&"2%.u{]wwwwwwu#6#umwur
ru{]wwwwwwu64#8%umwuu]wwww*{]wwww,]wwwwwwu64#>89umwu
ru{]wwwwwwu64#8%umwuu]wwww*{]wwww,]wwwwwwu64#>89umwu
#%"946#2u{]wwwwwwu2!6;"6#>89umwu&"2%.u{]wwwwwwu#6#umwur
#%"946#2u{]wwwwwwu2!6;"6#>89umwu&"2%.u{]wwwwwwu#6#umwur
ru{]wwwwwwu64#8%umwuu{]wwwwwwu8'#>89$umw,]wwwwwwwwu'%8:'#
ru{]wwwwwwu64#8%umwuu{]wwwwwwu8'#>89$umw,]wwwwwwwwu'%8:'#
%2:8!2u{]wwwwwwu2!6;"6#>89umwu&"2%.u{]wwwwwwu#6#umwur
%2:8!2u{]wwwwwwu2!6;"6#>89umwu&"2%.u{]wwwwwwu#6#umwur
d:\webapps\b\build\slave\repo\build\src\wow\tools\service\durex\wow_durex_default_browser_pretender.cc
d:\webapps\b\build\slave\repo\build\src\wow\tools\service\durex\wow_durex_default_browser_pretender.cc
https
https
explorer.exe
explorer.exe
d:\webapps\b\build\slave\repo\build\src\wow\tools\service\durex\wow_force_default_browser_enabler.cc
d:\webapps\b\build\slave\repo\build\src\wow\tools\service\durex\wow_force_default_browser_enabler.cc
libucguard.dll
libucguard.dll
d:\webapps\b\build\slave\repo\build\src\wow\tools\service\durex\wow_huorong_api_wrapper.cc
d:\webapps\b\build\slave\repo\build\src\wow\tools\service\durex\wow_huorong_api_wrapper.cc
ucsvc_config.dat
ucsvc_config.dat
d:\webapps\b\build\slave\repo\build\src\wow\tools\service\durex\wow_persistent_store.cc
d:\webapps\b\build\slave\repo\build\src\wow\tools\service\durex\wow_persistent_store.cc
Loading config. msg:
Loading config. msg:
guarder_option.policy_version
guarder_option.policy_version
d:\webapps\b\build\slave\repo\build\src\wow\tools\service\durex\wow_proxy_delegate.cc
d:\webapps\b\build\slave\repo\build\src\wow\tools\service\durex\wow_proxy_delegate.cc
d:\webapps\b\build\slave\repo\build\src\wow\tools\service\durex\wow_security_driver_controller.cc
d:\webapps\b\build\slave\repo\build\src\wow\tools\service\durex\wow_security_driver_controller.cc
REG_openkey
REG_openkey
REG_mkkey
REG_mkkey
REG_rmkey
REG_rmkey
REG_mvkey
REG_mvkey
REG_rstrkey
REG_rstrkey
\\.\Pipe\TerminalServer\SystemExecSrvr\%d
\\.\Pipe\TerminalServer\SystemExecSrvr\%d
d:\webapps\b\build\slave\repo\build\src\wow\tools\service\public\wow_launch_process_with_token.cc
d:\webapps\b\build\slave\repo\build\src\wow\tools\service\public\wow_launch_process_with_token.cc
check-product-exe-interval
check-product-exe-interval
d:\webapps\b\build\slave\repo\build\src\wow\tools\service\wow_elevated_process_delegate.cc
d:\webapps\b\build\slave\repo\build\src\wow\tools\service\wow_elevated_process_delegate.cc
d:\webapps\b\build\slave\repo\build\src\wow\tools\service\wow_nt_service.cc
d:\webapps\b\build\slave\repo\build\src\wow\tools\service\wow_nt_service.cc
d:\webapps\b\build\slave\repo\build\src\wow\tools\service\wow_nt_service_impl.cc
d:\webapps\b\build\slave\repo\build\src\wow\tools\service\wow_nt_service_impl.cc
Current process is windows service.
Current process is windows service.
Cannot create CommandExecutionDelegate.
Cannot create CommandExecutionDelegate.
&cmd=
&cmd=
d:\webapps\b\build\slave\repo\build\src\wow\tools\service\wow_process_restrictions.cc
d:\webapps\b\build\slave\repo\build\src\wow\tools\service\wow_process_restrictions.cc
d:\webapps\b\build\slave\repo\build\src\wow\tools\service\wow_proxy_process_delegate.cc
d:\webapps\b\build\slave\repo\build\src\wow\tools\service\wow_proxy_process_delegate.cc
Global\UCSvc.{1BF734CB-9BDA-4074-A109-3B2A6707B336}
Global\UCSvc.{1BF734CB-9BDA-4074-A109-3B2A6707B336}
Global\DHCPServer.{1BF734CB-9BDA-4074-A109-3B2A6707B336}
Global\DHCPServer.{1BF734CB-9BDA-4074-A109-3B2A6707B336}
d:\webapps\b\build\slave\repo\build\src\wow\tools\service\wow_service_process_delegate.cc
d:\webapps\b\build\slave\repo\build\src\wow\tools\service\wow_service_process_delegate.cc
Failed to reply message. execution result:
Failed to reply message. execution result:
Failed to get the dir of current exe.
Failed to get the dir of current exe.
0123456789
0123456789
0123456789:
0123456789:
d:\webapps\b\build\slave\repo\build\src\wow\base\stats\wow_stats_helper.cc
d:\webapps\b\build\slave\repo\build\src\wow\base\stats\wow_stats_helper.cc
1.19.1.2.1_SysEvent
1.19.1.2.1_SysEvent
1.19.1.3.1_SysEvent
1.19.1.3.1_SysEvent
1.19.1.3.2_SysEvent
1.19.1.3.2_SysEvent
4.1.4.1.6_SysEvent
4.1.4.1.6_SysEvent
10.1.1.1.1_SysEvent
10.1.1.1.1_SysEvent
d:\webapps\b\build\slave\repo\build\src\wow\base\wow_shared_memory_ipc_channel.cc
d:\webapps\b\build\slave\repo\build\src\wow\base\wow_shared_memory_ipc_channel.cc
.read
.read
.write
.write
d:\webapps\b\build\slave\repo\build\src\wow\base\win\wow_priviledge_utils.cc
d:\webapps\b\build\slave\repo\build\src\wow\base\win\wow_priviledge_utils.cc
d:\webapps\b\build\slave\repo\build\src\wow\base\win\wow_machine_info_utils_win.cc
d:\webapps\b\build\slave\repo\build\src\wow\base\win\wow_machine_info_utils_win.cc
wow wow_base::MachineInfoUtils::GetCPUBrand
wow wow_base::MachineInfoUtils::GetCPUBrand
\\.\PhysicalDrive%d
\\.\PhysicalDrive%d
\\.\Scsi%d:
\\.\Scsi%d:
Drive%dModelNumber
Drive%dModelNumber
Drive%dSerialNumber
Drive%dSerialNumber
DriveÜontrollerRevisionNumber
DriveÜontrollerRevisionNumber
DriveÜontrollerBufferSize
DriveÜontrollerBufferSize
Drive%dType
Drive%dType
windowsZones
windowsZones
?#%X.y
?#%X.y
GetProcessWindowStation
GetProcessWindowStation
operator
operator
function not supported
function not supported
operation canceled
operation canceled
address_family_not_supported
address_family_not_supported
operation_in_progress
operation_in_progress
operation_not_supported
operation_not_supported
protocol_not_supported
protocol_not_supported
operation_would_block
operation_would_block
address family not supported
address family not supported
broken pipe
broken pipe
inappropriate io control operation
inappropriate io control operation
not supported
not supported
operation in progress
operation in progress
operation not permitted
operation not permitted
operation not supported
operation not supported
operation would block
operation would block
protocol not supported
protocol not supported
d:\webapps\b\build\slave\repo\build\src\base\process\process_win.cc
d:\webapps\b\build\slave\repo\build\src\base\process\process_win.cc
(0x%X)
(0x%X)
Error (0x%X) while retrieving error. (0x%X)
Error (0x%X) while retrieving error. (0x%X)
Dictionary keys must be quoted.
Dictionary keys must be quoted.
Unsupported encoding. JSON must be UTF-8.
Unsupported encoding. JSON must be UTF-8.
icudtl.dat is not exists!
icudtl.dat is not exists!
d:\webapps\b\build\slave\repo\build\src\base\files\memory_mapped_file.cc
d:\webapps\b\build\slave\repo\build\src\base\files\memory_mapped_file.cc
icudtl.dat exists, but Initialize failed.
icudtl.dat exists, but Initialize failed.
ICU.Initialize
ICU.Initialize
MsgLoop:
MsgLoop:
d:\webapps\b\build\slave\repo\build\src\base\win\shortcut.cc
d:\webapps\b\build\slave\repo\build\src\base\win\shortcut.cc
PlatformFile.UnknownErrors.Windows
PlatformFile.UnknownErrors.Windows
\uX
\uX
Line: %i, column: %i, %s
Line: %i, column: %i, %s
d:\webapps\b\build\slave\repo\build\src\base\threading\thread_local_win.cc
d:\webapps\b\build\slave\repo\build\src\base\threading\thread_local_win.cc
d:\webapps\b\build\slave\repo\build\src\base\trace_event\trace_log.cc
d:\webapps\b\build\slave\repo\build\src\base\trace_event\trace_log.cc
tracing/thread_%d
tracing/thread_%d
[0;3%dm
[0;3%dm
Chrome.MessageLoopProblem
Chrome.MessageLoopProblem
KeyDown
KeyDown
Chrome_WidgetWin
Chrome_WidgetWin
Chrome_RenderWidgetHostHWND
Chrome_RenderWidgetHostHWND
Histogram.InconsistentCountHigh
Histogram.InconsistentCountHigh
Histogram.InconsistentCountLow
Histogram.InconsistentCountLow
Histogram: %s recorded %d samples
Histogram: %s recorded %d samples
(flags = 0x%x)
(flags = 0x%x)
disabled-by-default-toplevel.flow
disabled-by-default-toplevel.flow
(%d = %3.1f%%)
(%d = %3.1f%%)
WorkerThread-%d
WorkerThread-%d
.syzygy
.syzygy
.thunks
.thunks
"%d":
"%d":
d:\webapps\b\build\slave\repo\build\src\base\trace_event\trace_buffer.cc
d:\webapps\b\build\slave\repo\build\src\base\trace_event\trace_buffer.cc
renderer.scheduler
renderer.scheduler
disabled-by-default-cc.debug.picture
disabled-by-default-cc.debug.picture
disabled-by-default-cc.debug
disabled-by-default-cc.debug
d:\webapps\b\build\slave\repo\build\src\base\trace_event\memory_dump_manager.cc
d:\webapps\b\build\slave\repo\build\src\base\trace_event\memory_dump_manager.cc
%s/%s
%s/%s
d:\webapps\b\build\slave\repo\build\src\base\threading\thread.cc
d:\webapps\b\build\slave\repo\build\src\base\threading\thread.cc
%d:%s
%d:%s
D:\webapps\b\build\slave\repo\build\src\out\Release\UCService.exe.pdb
D:\webapps\b\build\slave\repo\build\src\out\Release\UCService.exe.pdb
UCService.exe
UCService.exe
USERENV.dll
USERENV.dll
WINTRUST.dll
WINTRUST.dll
WTSAPI32.dll
WTSAPI32.dll
InternetOpenUrlW
InternetOpenUrlW
WININET.dll
WININET.dll
VERSION.dll
VERSION.dll
PSAPI.DLL
PSAPI.DLL
WINMM.dll
WINMM.dll
SHLWAPI.dll
SHLWAPI.dll
RegCreateKeyExW
RegCreateKeyExW
RegOpenKeyExW
RegOpenKeyExW
RegCloseKey
RegCloseKey
ADVAPI32.dll
ADVAPI32.dll
WaitNamedPipeW
WaitNamedPipeW
GetWindowsDirectoryW
GetWindowsDirectoryW
CreateIoCompletionPort
CreateIoCompletionPort
GetProcessHeap
GetProcessHeap
KERNEL32.dll
KERNEL32.dll
SHELL32.dll
SHELL32.dll
ole32.dll
ole32.dll
OLEAUT32.dll
OLEAUT32.dll
EnumDesktopWindows
EnumDesktopWindows
OpenWindowStationA
OpenWindowStationA
EnumWindowStationsA
EnumWindowStationsA
CloseWindowStation
CloseWindowStation
MsgWaitForMultipleObjectsEx
MsgWaitForMultipleObjectsEx
CallMsgFilterW
CallMsgFilterW
USER32.dll
USER32.dll
NETAPI32.dll
NETAPI32.dll
GetCPInfo
GetCPInfo
zcÃ
zcÃ
&ka=&kb=d2713585a62dd2677f88d0fff85b3fe7&kc=c0ed19538daa6d6db815ffd0b1233981v000000253f20c75&firstpid=0501&bid=800&ver=5.6.13381.9
&ka=&kb=d2713585a62dd2677f88d0fff85b3fe7&kc=c0ed19538daa6d6db815ffd0b1233981v000000253f20c75&firstpid=0501&bid=800&ver=5.6.13381.9
%Program Files%\UCBrowser\Application\UCService.exe
%Program Files%\UCBrowser\Application\UCService.exe
;";';.;~;
;";';.;~;
2 262@2
2 262@2
2.34383
2.34383
%0U0r0
%0U0r0
333D3J3P3W3f3
333D3J3P3W3f3
0 0$0(0,0004080
0 0$0(0,0004080
3 3$3(3,303
3 3$3(3,303
*2.22262
*2.22262
2 2$2(2,2024282034383
2 2$2(2,2024282034383
7 7$7(7,7
7 7$7(7,7
stats_uploader.exe
stats_uploader.exe
.ProgId
.ProgId
UCBrowser.exe
UCBrowser.exe
.Hash
.Hash
\https\
\https\
\http\
\http\
%s%s%s%s
%s%s%s%s
@EXEC_create
@EXEC_create
bqqurlmgr.exe
bqqurlmgr.exe
qq.exe
qq.exe
services.exe
services.exe
UC_BROWSER_EXE
UC_BROWSER_EXE
\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
new_UCService.exe
new_UCService.exe
old_UCService.exe
old_UCService.exe
UCAgent.exe
UCAgent.exe
Aucsvc.log
Aucsvc.log
resources.pak
resources.pak
chrome_100_percent.pak
chrome_100_percent.pak
chrome_200_percent.pak
chrome_200_percent.pak
hXXp://testenv.ucbrowser-dWNicm93c2Vy.local
hXXp://testenv.ucbrowser-dWNicm93c2Vy.local
molt.log
molt.log
setup.exe
setup.exe
.\\.\X:
.\\.\X:
000000000003
000000000003
Fmscoree.dll
Fmscoree.dll
- floating point support not loaded
- floating point support not loaded
- CRT not initialized
- CRT not initialized
- Attempt to initialize the CRT more than once.
- Attempt to initialize the CRT more than once.
USER32.DLL
USER32.DLL
portuguese-brazilian
portuguese-brazilian
kernel32.dll
kernel32.dll
Ndebug.log
Ndebug.log
ntdll.dll
ntdll.dll
icudtl.dat
icudtl.dat
\StringFileInfo\xx\%ls
\StringFileInfo\xx\%ls
shell32.dll
shell32.dll
BChrome_MessagePumpWindow_%p
BChrome_MessagePumpWindow_%p
ASOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System
ASOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System
Advapi32.dll
Advapi32.dll
UCWeb Inc.
UCWeb Inc.
1.0.0.0
1.0.0.0
Copyright 2008-2014 UCWeb Inc. All rights reserved.
Copyright 2008-2014 UCWeb Inc. All rights reserved.
UCBrowser.exe_328:
.text
.text
`.rdata
`.rdata
@.data
@.data
@.rsrc
@.rsrc
@.reloc
@.reloc
SHA256 block transform for x86, CRYPTOGAMS by
SHA256 block transform for x86, CRYPTOGAMS by
HtdHtHHHt.HH
HtdHtHHHt.HH
j.Yf;
j.Yf;
_tcPVj@
_tcPVj@
.PjRW
.PjRW
d:\webapps\b\build\slave\repo\build\src\chrome\app\chrome_exe_main_win.cc
d:\webapps\b\build\slave\repo\build\src\chrome\app\chrome_exe_main_win.cc
d:\webapps\b\build\slave\repo\build\src\chrome\app\main_dll_loader_win.cc
d:\webapps\b\build\slave\repo\build\src\chrome\app\main_dll_loader_win.cc
Failed to load Chrome DLL from
Failed to load Chrome DLL from
ChromeMain
ChromeMain
RelaunchChromeBrowserWithNewCommandLineIfNeeded
RelaunchChromeBrowserWithNewCommandLineIfNeeded
RelaunchChromeBrowserWithNewCommandLineIfNeeded from
RelaunchChromeBrowserWithNewCommandLineIfNeeded from
Could not find exported function
Could not find exported function
MetricsReportingEnabled
MetricsReportingEnabled
1.3.21.115
1.3.21.115
Chrome
Chrome
0.0.0.0-devel
0.0.0.0-devel
font_key_name
font_key_name
url-chunk
url-chunk
subresource_url
subresource_url
%s-%x
%s-%x
CHROME_MAIN_TICKS
CHROME_MAIN_TICKS
d:\webapps\b\build\slave\repo\build\src\chrome\installer\util\module_util_win.cc
d:\webapps\b\build\slave\repo\build\src\chrome\installer\util\module_util_win.cc
No valid Chrome version found
No valid Chrome version found
chrome-sxs
chrome-sxs
Cannot initialize AppCommands from an invalid key.
Cannot initialize AppCommands from an invalid key.
d:\webapps\b\build\slave\repo\build\src\chrome\installer\util\app_commands.cc
d:\webapps\b\build\slave\repo\build\src\chrome\installer\util\app_commands.cc
Failed to open key "
Failed to open key "
Skipping over key "
Skipping over key "
d:\webapps\b\build\slave\repo\build\src\chrome\installer\util\language_selector.cc
d:\webapps\b\build\slave\repo\build\src\chrome\installer\util\language_selector.cc
Cannot initialize an AppCommand from an invalid key.
Cannot initialize an AppCommand from an invalid key.
d:\webapps\b\build\slave\repo\build\src\chrome\installer\util\app_command.cc
d:\webapps\b\build\slave\repo\build\src\chrome\installer\util\app_command.cc
kernel32.dll
kernel32.dll
d:\webapps\b\build\slave\repo\build\src\sandbox\win\src\sandbox_policy_base.cc
d:\webapps\b\build\slave\repo\build\src\sandbox\win\src\sandbox_policy_base.cc
CreateNamedPipeW
CreateNamedPipeW
NtCreateKey
NtCreateKey
NtOpenKey
NtOpenKey
NtOpenKeyEx
NtOpenKeyEx
CHROME_VERSION
CHROME_VERSION
CHROME_METRO_CONNECTED
CHROME_METRO_CONNECTED
CHROME_CRASHED
CHROME_CRASHED
CHROME_RESTART
CHROME_RESTART
CHROME_BREAKPAD_PIPE_NAME
CHROME_BREAKPAD_PIPE_NAME
d:\webapps\b\build\slave\repo\build\src\components\crash\content\app\breakpad_win.cc
d:\webapps\b\build\slave\repo\build\src\components\crash\content\app\breakpad_win.cc
stats-url-exit
stats-url-exit
stats-url-browser-hang
stats-url-browser-hang
stats-url
stats-url
\UCBrowser\User Data\chrome_debug.log
\UCBrowser\User Data\chrome_debug.log
origin breakpad::SetCrashKeyValueImpl
origin breakpad::SetCrashKeyValueImpl
NTDLL.DLL
NTDLL.DLL
dbghelp.dll
dbghelp.dll
SHELL32.dll
SHELL32.dll
ole32.dll
ole32.dll
function not supported
function not supported
operation canceled
operation canceled
address_family_not_supported
address_family_not_supported
operation_in_progress
operation_in_progress
operation_not_supported
operation_not_supported
protocol_not_supported
protocol_not_supported
operation_would_block
operation_would_block
address family not supported
address family not supported
broken pipe
broken pipe
inappropriate io control operation
inappropriate io control operation
not supported
not supported
operation in progress
operation in progress
operation not permitted
operation not permitted
operation not supported
operation not supported
operation would block
operation would block
protocol not supported
protocol not supported
?#%X.y
?#%X.y
GetProcessWindowStation
GetProcessWindowStation
operator
operator
@-@-@-@-
@-@-@-@-
@-@-@-@-@-@-@-@-
@-@-@-@-@-@-@-@-
(0x%X)
(0x%X)
Error (0x%X) while retrieving error. (0x%X)
Error (0x%X) while retrieving error. (0x%X)
d:\webapps\b\build\slave\repo\build\src\base\trace_event\trace_log.cc
d:\webapps\b\build\slave\repo\build\src\base\trace_event\trace_log.cc
tracing/thread_%d
tracing/thread_%d
[0;3%dm
[0;3%dm
d:\webapps\b\build\slave\repo\build\src\base\process\process_win.cc
d:\webapps\b\build\slave\repo\build\src\base\process\process_win.cc
%s-%Iu
%s-%Iu
(%d = %3.1f%%)
(%d = %3.1f%%)
Histogram.InconsistentCountHigh
Histogram.InconsistentCountHigh
Histogram.InconsistentCountLow
Histogram.InconsistentCountLow
Histogram: %s recorded %d samples
Histogram: %s recorded %d samples
(flags = 0x%x)
(flags = 0x%x)
PlatformFile.UnknownErrors.Windows
PlatformFile.UnknownErrors.Windows
user32.dll
user32.dll
WorkerThread-%d
WorkerThread-%d
.thunks
.thunks
.syzygy
.syzygy
d:\webapps\b\build\slave\repo\build\src\base\threading\thread_local_win.cc
d:\webapps\b\build\slave\repo\build\src\base\threading\thread_local_win.cc
"%d":
"%d":
d:\webapps\b\build\slave\repo\build\src\base\trace_event\trace_buffer.cc
d:\webapps\b\build\slave\repo\build\src\base\trace_event\trace_buffer.cc
renderer.scheduler
renderer.scheduler
disabled-by-default-cc.debug.picture
disabled-by-default-cc.debug.picture
disabled-by-default-cc.debug
disabled-by-default-cc.debug
disabled-by-default-toplevel.flow
disabled-by-default-toplevel.flow
d:\webapps\b\build\slave\repo\build\src\base\trace_event\memory_dump_manager.cc
d:\webapps\b\build\slave\repo\build\src\base\trace_event\memory_dump_manager.cc
%s/%s
%s/%s
MsgLoop:
MsgLoop:
\uX
\uX
d:\webapps\b\build\slave\repo\build\src\base\threading\thread.cc
d:\webapps\b\build\slave\repo\build\src\base\threading\thread.cc
%d:%s
%d:%s
Chrome.MessageLoopProblem
Chrome.MessageLoopProblem
KeyDown
KeyDown
Chrome_WidgetWin
Chrome_WidgetWin
Chrome_RenderWidgetHostHWND
Chrome_RenderWidgetHostHWND
full-memory-crash-report
full-memory-crash-report
D:\webapps\b\build\slave\repo\build\src\out\Release\initialexe\chrome.exe.pdb
D:\webapps\b\build\slave\repo\build\src\out\Release\initialexe\chrome.exe.pdb
chrome.exe
chrome.exe
ClearBreakpadPipeEnvironmentVariable
ClearBreakpadPipeEnvironmentVariable
ClearCrashKeyValueImpl
ClearCrashKeyValueImpl
SetCrashKeyValueImpl
SetCrashKeyValueImpl
SignalChromeElf
SignalChromeElf
chrome_elf.dll
chrome_elf.dll
VERSION.dll
VERSION.dll
WINMM.dll
WINMM.dll
RegCreateKeyExW
RegCreateKeyExW
RegQueryInfoKeyW
RegQueryInfoKeyW
RegOpenKeyExW
RegOpenKeyExW
RegEnumKeyExW
RegEnumKeyExW
RegCloseKey
RegCloseKey
ADVAPI32.dll
ADVAPI32.dll
MsgWaitForMultipleObjectsEx
MsgWaitForMultipleObjectsEx
CallMsgFilterW
CallMsgFilterW
CloseWindowStation
CloseWindowStation
CreateWindowStationW
CreateWindowStationW
SetProcessWindowStation
SetProcessWindowStation
USER32.dll
USER32.dll
GetProcessHeap
GetProcessHeap
GetWindowsDirectoryW
GetWindowsDirectoryW
CreateIoCompletionPort
CreateIoCompletionPort
GetProcessHandleCount
GetProcessHandleCount
KERNEL32.dll
KERNEL32.dll
USERENV.dll
USERENV.dll
GetCPInfo
GetCPInfo
SetNamedPipeHandleState
SetNamedPipeHandleState
TransactNamedPipe
TransactNamedPipe
WaitNamedPipeW
WaitNamedPipeW
zcÃ
zcÃ
UUVQcrtw
UUVQcrtw
r%s @
r%s @
nq.af
nq.af
444444444444
444444444444
474747474747
474747474747
777777777777
777777777777
777//6()/777
777//6()/777
.mmm,Y
.mmm,Y
0000000000000000000
0000000000000000000
11
11
z.sa;
z.sa;
.gaB|s
.gaB|s
D[%1x
D[%1x
>EÂu
>EÂu
.vXZZ
.vXZZ
.lecIS
.lecIS
?(.Ul
?(.Ul
.WbqfL
.WbqfL
8 8'868=8
8 8'868=8
1*11181`2
1*11181`2
>$?=?]?}?
>$?=?]?}?
?%?0?9?@?
?%?0?9?@?
>(>2>9>~>
>(>2>9>~>
=">(>,>0>4>
=">(>,>0>4>
5!5%5)5-51555
5!5%5)5-51555
7,858@8{8
7,858@8{8
9 9(90989@9
9 9(90989@9
5 5$5(5,5054585
5 5$5(5,5054585
: :$:(:,:0:4:
: :$:(:,:0:4:
config_updater.dll
config_updater.dll
updater.dll
updater.dll
chrome_watcher.dll
chrome_watcher.dll
chrome.dll
chrome.dll
chrome_child.dll
chrome_child.dll
UCBrowser.exe
UCBrowser.exe
metro_driver.dll
metro_driver.dll
{7D2B3E1D-D096-4594-9D8F-A6667F12E0AC}
{7D2B3E1D-D096-4594-9D8F-A6667F12E0AC}
{A2DF06F9-A21A-44A8-8A99-8B9C84F29160}
{A2DF06F9-A21A-44A8-8A99-8B9C84F29160}
Browse the web
Browse the web
Software\Microsoft\Windows\CurrentVersion\Uninstall\Chromium
Software\Microsoft\Windows\CurrentVersion\Uninstall\Chromium
Software\Microsoft\Windows\CurrentVersion\Uninstall\
Software\Microsoft\Windows\CurrentVersion\Uninstall\
-chrome
-chrome
-chromeframe
-chromeframe
WebAccessible
WebAccessible
E{65122CB0-EA0F-47DF-A953-017170ED12F9}
E{65122CB0-EA0F-47DF-A953-017170ED12F9}
WebKit
WebKit
Software\Microsoft\Windows\CurrentVersion\Uninstall\UCBrowser
Software\Microsoft\Windows\CurrentVersion\Uninstall\UCBrowser
HKEY_CLASSES_ROOT
HKEY_CLASSES_ROOT
HKEY_CURRENT_USER
HKEY_CURRENT_USER
HKEY_LOCAL_MACHINE
HKEY_LOCAL_MACHINE
HKEY_USERS
HKEY_USERS
HKEY_PERFORMANCE_DATA
HKEY_PERFORMANCE_DATA
HKEY_PERFORMANCE_TEXT
HKEY_PERFORMANCE_TEXT
HKEY_PERFORMANCE_NLSTEXT
HKEY_PERFORMANCE_NLSTEXT
HKEY_CURRENT_CONFIG
HKEY_CURRENT_CONFIG
HKEY_DYN_DATA
HKEY_DYN_DATA
ntdll.dll
ntdll.dll
pipe\
pipe\
Ekernel32.dll
Ekernel32.dll
kernelbase.dll
kernelbase.dll
\Sessions\%d\AppContainerNamedObjects\%ls
\Sessions\%d\AppContainerNamedObjects\%ls
ALPC Port
ALPC Port
eKey
eKey
Fkernel32.dll
Fkernel32.dll
gdi32.dll
gdi32.dll
xntdll.dll
xntdll.dll
wow_helper.exe"
wow_helper.exe"
Crash Reports
Crash Reports
script.log
script.log
resources.pak
resources.pak
chrome
chrome
pepflashplayer.dll
pepflashplayer.dll
\\.\pipe\GoogleCrashServices\
\\.\pipe\GoogleCrashServices\
\\.\pipe\UCBrowserCrashServices
\\.\pipe\UCBrowserCrashServices
error %u
error %u
%d.%d.%d.%d
%d.%d.%d.%d
unspecified-crash-key
unspecified-crash-key
stats_uploader.exe
stats_uploader.exe
Gmscoree.dll
Gmscoree.dll
- floating point support not loaded
- floating point support not loaded
- CRT not initialized
- CRT not initialized
- Attempt to initialize the CRT more than once.
- Attempt to initialize the CRT more than once.
portuguese-brazilian
portuguese-brazilian
USER32.DLL
USER32.DLL
rpcrt4.dll
rpcrt4.dll
%s\%s.dmp
%s\%s.dmp
x-x-x-xx-xxxxxx
x-x-x-xx-xxxxxx
mshtml.dll
mshtml.dll
\uninstall.exe
\uninstall.exe
SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\360
SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\360
SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Kingsoft Internet Security
SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Kingsoft Internet Security
SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\QQPCMgr
SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\QQPCMgr
SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\HuorongSysdiag
SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\HuorongSysdiag
SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\
SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\
SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\360SD
SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\360SD
Ndebug.log
Ndebug.log
BCmdLine
BCmdLine
\StringFileInfo\xx\%ls
\StringFileInfo\xx\%ls
Chrome_MessageWindow
Chrome_MessageWindow
Ntdll.dll
Ntdll.dll
Advapi32.dll
Advapi32.dll
shell32.dll
shell32.dll
DChrome_MessagePumpWindow_%p
DChrome_MessagePumpWindow_%p
Chrome Frame
Chrome Frame
{49AE23F3-CF25-4041-9387-DC9D1B578555}
{49AE23F3-CF25-4041-9387-DC9D1B578555}
{EE1C56C8-D145-437E-A83F-74406D742719}
{EE1C56C8-D145-437E-A83F-74406D742719}
%Program Files%\UCBrowser\Application\UCBrowser.exe
%Program Files%\UCBrowser\Application\UCBrowser.exe
UCWeb Inc.
UCWeb Inc.
5.6.13381.9
5.6.13381.9
chrome_exe
chrome_exe
Copyright 2008-2016 UCWeb Inc. All rights reserved.
Copyright 2008-2016 UCWeb Inc. All rights reserved.
UCBrowser.exe_2132:
.text
.text
`.rdata
`.rdata
@.data
@.data
@.rsrc
@.rsrc
@.reloc
@.reloc
SHA256 block transform for x86, CRYPTOGAMS by
SHA256 block transform for x86, CRYPTOGAMS by
HtdHtHHHt.HH
HtdHtHHHt.HH
j.Yf;
j.Yf;
_tcPVj@
_tcPVj@
.PjRW
.PjRW
d:\webapps\b\build\slave\repo\build\src\chrome\app\chrome_exe_main_win.cc
d:\webapps\b\build\slave\repo\build\src\chrome\app\chrome_exe_main_win.cc
d:\webapps\b\build\slave\repo\build\src\chrome\app\main_dll_loader_win.cc
d:\webapps\b\build\slave\repo\build\src\chrome\app\main_dll_loader_win.cc
Failed to load Chrome DLL from
Failed to load Chrome DLL from
ChromeMain
ChromeMain
RelaunchChromeBrowserWithNewCommandLineIfNeeded
RelaunchChromeBrowserWithNewCommandLineIfNeeded
RelaunchChromeBrowserWithNewCommandLineIfNeeded from
RelaunchChromeBrowserWithNewCommandLineIfNeeded from
Could not find exported function
Could not find exported function
MetricsReportingEnabled
MetricsReportingEnabled
1.3.21.115
1.3.21.115
Chrome
Chrome
0.0.0.0-devel
0.0.0.0-devel
font_key_name
font_key_name
url-chunk
url-chunk
subresource_url
subresource_url
%s-%x
%s-%x
CHROME_MAIN_TICKS
CHROME_MAIN_TICKS
d:\webapps\b\build\slave\repo\build\src\chrome\installer\util\module_util_win.cc
d:\webapps\b\build\slave\repo\build\src\chrome\installer\util\module_util_win.cc
No valid Chrome version found
No valid Chrome version found
chrome-sxs
chrome-sxs
Cannot initialize AppCommands from an invalid key.
Cannot initialize AppCommands from an invalid key.
d:\webapps\b\build\slave\repo\build\src\chrome\installer\util\app_commands.cc
d:\webapps\b\build\slave\repo\build\src\chrome\installer\util\app_commands.cc
Failed to open key "
Failed to open key "
Skipping over key "
Skipping over key "
d:\webapps\b\build\slave\repo\build\src\chrome\installer\util\language_selector.cc
d:\webapps\b\build\slave\repo\build\src\chrome\installer\util\language_selector.cc
Cannot initialize an AppCommand from an invalid key.
Cannot initialize an AppCommand from an invalid key.
d:\webapps\b\build\slave\repo\build\src\chrome\installer\util\app_command.cc
d:\webapps\b\build\slave\repo\build\src\chrome\installer\util\app_command.cc
kernel32.dll
kernel32.dll
d:\webapps\b\build\slave\repo\build\src\sandbox\win\src\sandbox_policy_base.cc
d:\webapps\b\build\slave\repo\build\src\sandbox\win\src\sandbox_policy_base.cc
CreateNamedPipeW
CreateNamedPipeW
NtCreateKey
NtCreateKey
NtOpenKey
NtOpenKey
NtOpenKeyEx
NtOpenKeyEx
CHROME_VERSION
CHROME_VERSION
CHROME_METRO_CONNECTED
CHROME_METRO_CONNECTED
CHROME_CRASHED
CHROME_CRASHED
CHROME_RESTART
CHROME_RESTART
CHROME_BREAKPAD_PIPE_NAME
CHROME_BREAKPAD_PIPE_NAME
d:\webapps\b\build\slave\repo\build\src\components\crash\content\app\breakpad_win.cc
d:\webapps\b\build\slave\repo\build\src\components\crash\content\app\breakpad_win.cc
stats-url-exit
stats-url-exit
stats-url-browser-hang
stats-url-browser-hang
stats-url
stats-url
\UCBrowser\User Data\chrome_debug.log
\UCBrowser\User Data\chrome_debug.log
origin breakpad::SetCrashKeyValueImpl
origin breakpad::SetCrashKeyValueImpl
NTDLL.DLL
NTDLL.DLL
dbghelp.dll
dbghelp.dll
SHELL32.dll
SHELL32.dll
ole32.dll
ole32.dll
function not supported
function not supported
operation canceled
operation canceled
address_family_not_supported
address_family_not_supported
operation_in_progress
operation_in_progress
operation_not_supported
operation_not_supported
protocol_not_supported
protocol_not_supported
operation_would_block
operation_would_block
address family not supported
address family not supported
broken pipe
broken pipe
inappropriate io control operation
inappropriate io control operation
not supported
not supported
operation in progress
operation in progress
operation not permitted
operation not permitted
operation not supported
operation not supported
operation would block
operation would block
protocol not supported
protocol not supported
?#%X.y
?#%X.y
GetProcessWindowStation
GetProcessWindowStation
operator
operator
@-@-@-@-
@-@-@-@-
@-@-@-@-@-@-@-@-
@-@-@-@-@-@-@-@-
(0x%X)
(0x%X)
Error (0x%X) while retrieving error. (0x%X)
Error (0x%X) while retrieving error. (0x%X)
d:\webapps\b\build\slave\repo\build\src\base\trace_event\trace_log.cc
d:\webapps\b\build\slave\repo\build\src\base\trace_event\trace_log.cc
tracing/thread_%d
tracing/thread_%d
[0;3%dm
[0;3%dm
d:\webapps\b\build\slave\repo\build\src\base\process\process_win.cc
d:\webapps\b\build\slave\repo\build\src\base\process\process_win.cc
%s-%Iu
%s-%Iu
(%d = %3.1f%%)
(%d = %3.1f%%)
Histogram.InconsistentCountHigh
Histogram.InconsistentCountHigh
Histogram.InconsistentCountLow
Histogram.InconsistentCountLow
Histogram: %s recorded %d samples
Histogram: %s recorded %d samples
(flags = 0x%x)
(flags = 0x%x)
PlatformFile.UnknownErrors.Windows
PlatformFile.UnknownErrors.Windows
user32.dll
user32.dll
WorkerThread-%d
WorkerThread-%d
.thunks
.thunks
.syzygy
.syzygy
d:\webapps\b\build\slave\repo\build\src\base\threading\thread_local_win.cc
d:\webapps\b\build\slave\repo\build\src\base\threading\thread_local_win.cc
"%d":
"%d":
d:\webapps\b\build\slave\repo\build\src\base\trace_event\trace_buffer.cc
d:\webapps\b\build\slave\repo\build\src\base\trace_event\trace_buffer.cc
renderer.scheduler
renderer.scheduler
disabled-by-default-cc.debug.picture
disabled-by-default-cc.debug.picture
disabled-by-default-cc.debug
disabled-by-default-cc.debug
disabled-by-default-toplevel.flow
disabled-by-default-toplevel.flow
d:\webapps\b\build\slave\repo\build\src\base\trace_event\memory_dump_manager.cc
d:\webapps\b\build\slave\repo\build\src\base\trace_event\memory_dump_manager.cc
%s/%s
%s/%s
MsgLoop:
MsgLoop:
\uX
\uX
d:\webapps\b\build\slave\repo\build\src\base\threading\thread.cc
d:\webapps\b\build\slave\repo\build\src\base\threading\thread.cc
%d:%s
%d:%s
Chrome.MessageLoopProblem
Chrome.MessageLoopProblem
KeyDown
KeyDown
Chrome_WidgetWin
Chrome_WidgetWin
Chrome_RenderWidgetHostHWND
Chrome_RenderWidgetHostHWND
full-memory-crash-report
full-memory-crash-report
D:\webapps\b\build\slave\repo\build\src\out\Release\initialexe\chrome.exe.pdb
D:\webapps\b\build\slave\repo\build\src\out\Release\initialexe\chrome.exe.pdb
chrome.exe
chrome.exe
ClearBreakpadPipeEnvironmentVariable
ClearBreakpadPipeEnvironmentVariable
ClearCrashKeyValueImpl
ClearCrashKeyValueImpl
SetCrashKeyValueImpl
SetCrashKeyValueImpl
SignalChromeElf
SignalChromeElf
chrome_elf.dll
chrome_elf.dll
VERSION.dll
VERSION.dll
WINMM.dll
WINMM.dll
RegCreateKeyExW
RegCreateKeyExW
RegQueryInfoKeyW
RegQueryInfoKeyW
RegOpenKeyExW
RegOpenKeyExW
RegEnumKeyExW
RegEnumKeyExW
RegCloseKey
RegCloseKey
ADVAPI32.dll
ADVAPI32.dll
MsgWaitForMultipleObjectsEx
MsgWaitForMultipleObjectsEx
CallMsgFilterW
CallMsgFilterW
CloseWindowStation
CloseWindowStation
CreateWindowStationW
CreateWindowStationW
SetProcessWindowStation
SetProcessWindowStation
USER32.dll
USER32.dll
GetProcessHeap
GetProcessHeap
GetWindowsDirectoryW
GetWindowsDirectoryW
CreateIoCompletionPort
CreateIoCompletionPort
GetProcessHandleCount
GetProcessHandleCount
KERNEL32.dll
KERNEL32.dll
USERENV.dll
USERENV.dll
GetCPInfo
GetCPInfo
SetNamedPipeHandleState
SetNamedPipeHandleState
TransactNamedPipe
TransactNamedPipe
WaitNamedPipeW
WaitNamedPipeW
zcÃ
zcÃ
UUVQcrtw
UUVQcrtw
r%s @
r%s @
nq.af
nq.af
444444444444
444444444444
474747474747
474747474747
777777777777
777777777777
777//6()/777
777//6()/777
.mmm,Y
.mmm,Y
0000000000000000000
0000000000000000000
11
11
z.sa;
z.sa;
.gaB|s
.gaB|s
D[%1x
D[%1x
>EÂu
>EÂu
.vXZZ
.vXZZ
.lecIS
.lecIS
?(.Ul
?(.Ul
.WbqfL
.WbqfL
8 8'868=8
8 8'868=8
1*11181`2
1*11181`2
>$?=?]?}?
>$?=?]?}?
?%?0?9?@?
?%?0?9?@?
>(>2>9>~>
>(>2>9>~>
=">(>,>0>4>
=">(>,>0>4>
5!5%5)5-51555
5!5%5)5-51555
7,858@8{8
7,858@8{8
9 9(90989@9
9 9(90989@9
5 5$5(5,5054585
5 5$5(5,5054585
: :$:(:,:0:4:
: :$:(:,:0:4:
config_updater.dll
config_updater.dll
updater.dll
updater.dll
chrome_watcher.dll
chrome_watcher.dll
chrome.dll
chrome.dll
chrome_child.dll
chrome_child.dll
UCBrowser.exe
UCBrowser.exe
metro_driver.dll
metro_driver.dll
{7D2B3E1D-D096-4594-9D8F-A6667F12E0AC}
{7D2B3E1D-D096-4594-9D8F-A6667F12E0AC}
{A2DF06F9-A21A-44A8-8A99-8B9C84F29160}
{A2DF06F9-A21A-44A8-8A99-8B9C84F29160}
Browse the web
Browse the web
Software\Microsoft\Windows\CurrentVersion\Uninstall\Chromium
Software\Microsoft\Windows\CurrentVersion\Uninstall\Chromium
Software\Microsoft\Windows\CurrentVersion\Uninstall\
Software\Microsoft\Windows\CurrentVersion\Uninstall\
-chrome
-chrome
-chromeframe
-chromeframe
WebAccessible
WebAccessible
E{65122CB0-EA0F-47DF-A953-017170ED12F9}
E{65122CB0-EA0F-47DF-A953-017170ED12F9}
WebKit
WebKit
Software\Microsoft\Windows\CurrentVersion\Uninstall\UCBrowser
Software\Microsoft\Windows\CurrentVersion\Uninstall\UCBrowser
HKEY_CLASSES_ROOT
HKEY_CLASSES_ROOT
HKEY_CURRENT_USER
HKEY_CURRENT_USER
HKEY_LOCAL_MACHINE
HKEY_LOCAL_MACHINE
HKEY_USERS
HKEY_USERS
HKEY_PERFORMANCE_DATA
HKEY_PERFORMANCE_DATA
HKEY_PERFORMANCE_TEXT
HKEY_PERFORMANCE_TEXT
HKEY_PERFORMANCE_NLSTEXT
HKEY_PERFORMANCE_NLSTEXT
HKEY_CURRENT_CONFIG
HKEY_CURRENT_CONFIG
HKEY_DYN_DATA
HKEY_DYN_DATA
ntdll.dll
ntdll.dll
pipe\
pipe\
Ekernel32.dll
Ekernel32.dll
kernelbase.dll
kernelbase.dll
\Sessions\%d\AppContainerNamedObjects\%ls
\Sessions\%d\AppContainerNamedObjects\%ls
ALPC Port
ALPC Port
eKey
eKey
Fkernel32.dll
Fkernel32.dll
gdi32.dll
gdi32.dll
xntdll.dll
xntdll.dll
wow_helper.exe"
wow_helper.exe"
Crash Reports
Crash Reports
script.log
script.log
resources.pak
resources.pak
chrome
chrome
pepflashplayer.dll
pepflashplayer.dll
\\.\pipe\GoogleCrashServices\
\\.\pipe\GoogleCrashServices\
\\.\pipe\UCBrowserCrashServices
\\.\pipe\UCBrowserCrashServices
error %u
error %u
%d.%d.%d.%d
%d.%d.%d.%d
unspecified-crash-key
unspecified-crash-key
stats_uploader.exe
stats_uploader.exe
Gmscoree.dll
Gmscoree.dll
- floating point support not loaded
- floating point support not loaded
- CRT not initialized
- CRT not initialized
- Attempt to initialize the CRT more than once.
- Attempt to initialize the CRT more than once.
portuguese-brazilian
portuguese-brazilian
USER32.DLL
USER32.DLL
rpcrt4.dll
rpcrt4.dll
%s\%s.dmp
%s\%s.dmp
x-x-x-xx-xxxxxx
x-x-x-xx-xxxxxx
mshtml.dll
mshtml.dll
\uninstall.exe
\uninstall.exe
SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\360
SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\360
SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Kingsoft Internet Security
SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Kingsoft Internet Security
SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\QQPCMgr
SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\QQPCMgr
SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\HuorongSysdiag
SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\HuorongSysdiag
SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\
SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\
SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\360SD
SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\360SD
Ndebug.log
Ndebug.log
BCmdLine
BCmdLine
\StringFileInfo\xx\%ls
\StringFileInfo\xx\%ls
Chrome_MessageWindow
Chrome_MessageWindow
Ntdll.dll
Ntdll.dll
Advapi32.dll
Advapi32.dll
shell32.dll
shell32.dll
DChrome_MessagePumpWindow_%p
DChrome_MessagePumpWindow_%p
Chrome Frame
Chrome Frame
{49AE23F3-CF25-4041-9387-DC9D1B578555}
{49AE23F3-CF25-4041-9387-DC9D1B578555}
{EE1C56C8-D145-437E-A83F-74406D742719}
{EE1C56C8-D145-437E-A83F-74406D742719}
%Program Files%\UCBrowser\Application\UCBrowser.exe
%Program Files%\UCBrowser\Application\UCBrowser.exe
UCWeb Inc.
UCWeb Inc.
5.6.13381.9
5.6.13381.9
chrome_exe
chrome_exe
Copyright 2008-2016 UCWeb Inc. All rights reserved.
Copyright 2008-2016 UCWeb Inc. All rights reserved.
UCBrowser.exe_2680:
.text
.text
`.rdata
`.rdata
@.data
@.data
@.rsrc
@.rsrc
@.reloc
@.reloc
SHA256 block transform for x86, CRYPTOGAMS by
SHA256 block transform for x86, CRYPTOGAMS by
HtdHtHHHt.HH
HtdHtHHHt.HH
j.Yf;
j.Yf;
_tcPVj@
_tcPVj@
.PjRW
.PjRW
d:\webapps\b\build\slave\repo\build\src\chrome\app\chrome_exe_main_win.cc
d:\webapps\b\build\slave\repo\build\src\chrome\app\chrome_exe_main_win.cc
d:\webapps\b\build\slave\repo\build\src\chrome\app\main_dll_loader_win.cc
d:\webapps\b\build\slave\repo\build\src\chrome\app\main_dll_loader_win.cc
Failed to load Chrome DLL from
Failed to load Chrome DLL from
ChromeMain
ChromeMain
RelaunchChromeBrowserWithNewCommandLineIfNeeded
RelaunchChromeBrowserWithNewCommandLineIfNeeded
RelaunchChromeBrowserWithNewCommandLineIfNeeded from
RelaunchChromeBrowserWithNewCommandLineIfNeeded from
Could not find exported function
Could not find exported function
MetricsReportingEnabled
MetricsReportingEnabled
1.3.21.115
1.3.21.115
Chrome
Chrome
0.0.0.0-devel
0.0.0.0-devel
font_key_name
font_key_name
url-chunk
url-chunk
subresource_url
subresource_url
%s-%x
%s-%x
CHROME_MAIN_TICKS
CHROME_MAIN_TICKS
d:\webapps\b\build\slave\repo\build\src\chrome\installer\util\module_util_win.cc
d:\webapps\b\build\slave\repo\build\src\chrome\installer\util\module_util_win.cc
No valid Chrome version found
No valid Chrome version found
chrome-sxs
chrome-sxs
Cannot initialize AppCommands from an invalid key.
Cannot initialize AppCommands from an invalid key.
d:\webapps\b\build\slave\repo\build\src\chrome\installer\util\app_commands.cc
d:\webapps\b\build\slave\repo\build\src\chrome\installer\util\app_commands.cc
Failed to open key "
Failed to open key "
Skipping over key "
Skipping over key "
d:\webapps\b\build\slave\repo\build\src\chrome\installer\util\language_selector.cc
d:\webapps\b\build\slave\repo\build\src\chrome\installer\util\language_selector.cc
Cannot initialize an AppCommand from an invalid key.
Cannot initialize an AppCommand from an invalid key.
d:\webapps\b\build\slave\repo\build\src\chrome\installer\util\app_command.cc
d:\webapps\b\build\slave\repo\build\src\chrome\installer\util\app_command.cc
kernel32.dll
kernel32.dll
d:\webapps\b\build\slave\repo\build\src\sandbox\win\src\sandbox_policy_base.cc
d:\webapps\b\build\slave\repo\build\src\sandbox\win\src\sandbox_policy_base.cc
CreateNamedPipeW
CreateNamedPipeW
NtCreateKey
NtCreateKey
NtOpenKey
NtOpenKey
NtOpenKeyEx
NtOpenKeyEx
CHROME_VERSION
CHROME_VERSION
CHROME_METRO_CONNECTED
CHROME_METRO_CONNECTED
CHROME_CRASHED
CHROME_CRASHED
CHROME_RESTART
CHROME_RESTART
CHROME_BREAKPAD_PIPE_NAME
CHROME_BREAKPAD_PIPE_NAME
d:\webapps\b\build\slave\repo\build\src\components\crash\content\app\breakpad_win.cc
d:\webapps\b\build\slave\repo\build\src\components\crash\content\app\breakpad_win.cc
stats-url-exit
stats-url-exit
stats-url-browser-hang
stats-url-browser-hang
stats-url
stats-url
\UCBrowser\User Data\chrome_debug.log
\UCBrowser\User Data\chrome_debug.log
origin breakpad::SetCrashKeyValueImpl
origin breakpad::SetCrashKeyValueImpl
NTDLL.DLL
NTDLL.DLL
dbghelp.dll
dbghelp.dll
SHELL32.dll
SHELL32.dll
ole32.dll
ole32.dll
function not supported
function not supported
operation canceled
operation canceled
address_family_not_supported
address_family_not_supported
operation_in_progress
operation_in_progress
operation_not_supported
operation_not_supported
protocol_not_supported
protocol_not_supported
operation_would_block
operation_would_block
address family not supported
address family not supported
broken pipe
broken pipe
inappropriate io control operation
inappropriate io control operation
not supported
not supported
operation in progress
operation in progress
operation not permitted
operation not permitted
operation not supported
operation not supported
operation would block
operation would block
protocol not supported
protocol not supported
?#%X.y
?#%X.y
GetProcessWindowStation
GetProcessWindowStation
operator
operator
@-@-@-@-
@-@-@-@-
@-@-@-@-@-@-@-@-
@-@-@-@-@-@-@-@-
(0x%X)
(0x%X)
Error (0x%X) while retrieving error. (0x%X)
Error (0x%X) while retrieving error. (0x%X)
d:\webapps\b\build\slave\repo\build\src\base\trace_event\trace_log.cc
d:\webapps\b\build\slave\repo\build\src\base\trace_event\trace_log.cc
tracing/thread_%d
tracing/thread_%d
[0;3%dm
[0;3%dm
d:\webapps\b\build\slave\repo\build\src\base\process\process_win.cc
d:\webapps\b\build\slave\repo\build\src\base\process\process_win.cc
%s-%Iu
%s-%Iu
(%d = %3.1f%%)
(%d = %3.1f%%)
Histogram.InconsistentCountHigh
Histogram.InconsistentCountHigh
Histogram.InconsistentCountLow
Histogram.InconsistentCountLow
Histogram: %s recorded %d samples
Histogram: %s recorded %d samples
(flags = 0x%x)
(flags = 0x%x)
PlatformFile.UnknownErrors.Windows
PlatformFile.UnknownErrors.Windows
user32.dll
user32.dll
WorkerThread-%d
WorkerThread-%d
.thunks
.thunks
.syzygy
.syzygy
d:\webapps\b\build\slave\repo\build\src\base\threading\thread_local_win.cc
d:\webapps\b\build\slave\repo\build\src\base\threading\thread_local_win.cc
"%d":
"%d":
d:\webapps\b\build\slave\repo\build\src\base\trace_event\trace_buffer.cc
d:\webapps\b\build\slave\repo\build\src\base\trace_event\trace_buffer.cc
renderer.scheduler
renderer.scheduler
disabled-by-default-cc.debug.picture
disabled-by-default-cc.debug.picture
disabled-by-default-cc.debug
disabled-by-default-cc.debug
disabled-by-default-toplevel.flow
disabled-by-default-toplevel.flow
d:\webapps\b\build\slave\repo\build\src\base\trace_event\memory_dump_manager.cc
d:\webapps\b\build\slave\repo\build\src\base\trace_event\memory_dump_manager.cc
%s/%s
%s/%s
MsgLoop:
MsgLoop:
\uX
\uX
d:\webapps\b\build\slave\repo\build\src\base\threading\thread.cc
d:\webapps\b\build\slave\repo\build\src\base\threading\thread.cc
%d:%s
%d:%s
Chrome.MessageLoopProblem
Chrome.MessageLoopProblem
KeyDown
KeyDown
Chrome_WidgetWin
Chrome_WidgetWin
Chrome_RenderWidgetHostHWND
Chrome_RenderWidgetHostHWND
full-memory-crash-report
full-memory-crash-report
D:\webapps\b\build\slave\repo\build\src\out\Release\initialexe\chrome.exe.pdb
D:\webapps\b\build\slave\repo\build\src\out\Release\initialexe\chrome.exe.pdb
chrome.exe
chrome.exe
ClearBreakpadPipeEnvironmentVariable
ClearBreakpadPipeEnvironmentVariable
ClearCrashKeyValueImpl
ClearCrashKeyValueImpl
SetCrashKeyValueImpl
SetCrashKeyValueImpl
SignalChromeElf
SignalChromeElf
chrome_elf.dll
chrome_elf.dll
VERSION.dll
VERSION.dll
WINMM.dll
WINMM.dll
RegCreateKeyExW
RegCreateKeyExW
RegQueryInfoKeyW
RegQueryInfoKeyW
RegOpenKeyExW
RegOpenKeyExW
RegEnumKeyExW
RegEnumKeyExW
RegCloseKey
RegCloseKey
ADVAPI32.dll
ADVAPI32.dll
MsgWaitForMultipleObjectsEx
MsgWaitForMultipleObjectsEx
CallMsgFilterW
CallMsgFilterW
CloseWindowStation
CloseWindowStation
CreateWindowStationW
CreateWindowStationW
SetProcessWindowStation
SetProcessWindowStation
USER32.dll
USER32.dll
GetProcessHeap
GetProcessHeap
GetWindowsDirectoryW
GetWindowsDirectoryW
CreateIoCompletionPort
CreateIoCompletionPort
GetProcessHandleCount
GetProcessHandleCount
KERNEL32.dll
KERNEL32.dll
USERENV.dll
USERENV.dll
GetCPInfo
GetCPInfo
SetNamedPipeHandleState
SetNamedPipeHandleState
TransactNamedPipe
TransactNamedPipe
WaitNamedPipeW
WaitNamedPipeW
zcÃ
zcÃ
UUVQcrtw
UUVQcrtw
r%s @
r%s @
nq.af
nq.af
444444444444
444444444444
474747474747
474747474747
777777777777
777777777777
777//6()/777
777//6()/777
.mmm,Y
.mmm,Y
0000000000000000000
0000000000000000000
11
11
z.sa;
z.sa;
.gaB|s
.gaB|s
D[%1x
D[%1x
>EÂu
>EÂu
.vXZZ
.vXZZ
.lecIS
.lecIS
?(.Ul
?(.Ul
.WbqfL
.WbqfL
8 8'868=8
8 8'868=8
1*11181`2
1*11181`2
>$?=?]?}?
>$?=?]?}?
?%?0?9?@?
?%?0?9?@?
>(>2>9>~>
>(>2>9>~>
=">(>,>0>4>
=">(>,>0>4>
5!5%5)5-51555
5!5%5)5-51555
7,858@8{8
7,858@8{8
9 9(90989@9
9 9(90989@9
5 5$5(5,5054585
5 5$5(5,5054585
: :$:(:,:0:4:
: :$:(:,:0:4:
config_updater.dll
config_updater.dll
updater.dll
updater.dll
chrome_watcher.dll
chrome_watcher.dll
chrome.dll
chrome.dll
chrome_child.dll
chrome_child.dll
UCBrowser.exe
UCBrowser.exe
metro_driver.dll
metro_driver.dll
{7D2B3E1D-D096-4594-9D8F-A6667F12E0AC}
{7D2B3E1D-D096-4594-9D8F-A6667F12E0AC}
{A2DF06F9-A21A-44A8-8A99-8B9C84F29160}
{A2DF06F9-A21A-44A8-8A99-8B9C84F29160}
Browse the web
Browse the web
Software\Microsoft\Windows\CurrentVersion\Uninstall\Chromium
Software\Microsoft\Windows\CurrentVersion\Uninstall\Chromium
Software\Microsoft\Windows\CurrentVersion\Uninstall\
Software\Microsoft\Windows\CurrentVersion\Uninstall\
-chrome
-chrome
-chromeframe
-chromeframe
WebAccessible
WebAccessible
E{65122CB0-EA0F-47DF-A953-017170ED12F9}
E{65122CB0-EA0F-47DF-A953-017170ED12F9}
WebKit
WebKit
Software\Microsoft\Windows\CurrentVersion\Uninstall\UCBrowser
Software\Microsoft\Windows\CurrentVersion\Uninstall\UCBrowser
HKEY_CLASSES_ROOT
HKEY_CLASSES_ROOT
HKEY_CURRENT_USER
HKEY_CURRENT_USER
HKEY_LOCAL_MACHINE
HKEY_LOCAL_MACHINE
HKEY_USERS
HKEY_USERS
HKEY_PERFORMANCE_DATA
HKEY_PERFORMANCE_DATA
HKEY_PERFORMANCE_TEXT
HKEY_PERFORMANCE_TEXT
HKEY_PERFORMANCE_NLSTEXT
HKEY_PERFORMANCE_NLSTEXT
HKEY_CURRENT_CONFIG
HKEY_CURRENT_CONFIG
HKEY_DYN_DATA
HKEY_DYN_DATA
ntdll.dll
ntdll.dll
pipe\
pipe\
Ekernel32.dll
Ekernel32.dll
kernelbase.dll
kernelbase.dll
\Sessions\%d\AppContainerNamedObjects\%ls
\Sessions\%d\AppContainerNamedObjects\%ls
ALPC Port
ALPC Port
eKey
eKey
Fkernel32.dll
Fkernel32.dll
gdi32.dll
gdi32.dll
xntdll.dll
xntdll.dll
wow_helper.exe"
wow_helper.exe"
Crash Reports
Crash Reports
script.log
script.log
resources.pak
resources.pak
chrome
chrome
pepflashplayer.dll
pepflashplayer.dll
\\.\pipe\GoogleCrashServices\
\\.\pipe\GoogleCrashServices\
\\.\pipe\UCBrowserCrashServices
\\.\pipe\UCBrowserCrashServices
error %u
error %u
%d.%d.%d.%d
%d.%d.%d.%d
unspecified-crash-key
unspecified-crash-key
stats_uploader.exe
stats_uploader.exe
Gmscoree.dll
Gmscoree.dll
- floating point support not loaded
- floating point support not loaded
- CRT not initialized
- CRT not initialized
- Attempt to initialize the CRT more than once.
- Attempt to initialize the CRT more than once.
portuguese-brazilian
portuguese-brazilian
USER32.DLL
USER32.DLL
rpcrt4.dll
rpcrt4.dll
%s\%s.dmp
%s\%s.dmp
x-x-x-xx-xxxxxx
x-x-x-xx-xxxxxx
mshtml.dll
mshtml.dll
\uninstall.exe
\uninstall.exe
SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\360
SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\360
SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Kingsoft Internet Security
SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Kingsoft Internet Security
SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\QQPCMgr
SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\QQPCMgr
SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\HuorongSysdiag
SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\HuorongSysdiag
SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\
SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\
SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\360SD
SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\360SD
Ndebug.log
Ndebug.log
BCmdLine
BCmdLine
\StringFileInfo\xx\%ls
\StringFileInfo\xx\%ls
Chrome_MessageWindow
Chrome_MessageWindow
Ntdll.dll
Ntdll.dll
Advapi32.dll
Advapi32.dll
shell32.dll
shell32.dll
DChrome_MessagePumpWindow_%p
DChrome_MessagePumpWindow_%p
Chrome Frame
Chrome Frame
{49AE23F3-CF25-4041-9387-DC9D1B578555}
{49AE23F3-CF25-4041-9387-DC9D1B578555}
{EE1C56C8-D145-437E-A83F-74406D742719}
{EE1C56C8-D145-437E-A83F-74406D742719}
%Program Files%\UCBrowser\Application\UCBrowser.exe
%Program Files%\UCBrowser\Application\UCBrowser.exe
UCWeb Inc.
UCWeb Inc.
5.6.13381.9
5.6.13381.9
chrome_exe
chrome_exe
Copyright 2008-2016 UCWeb Inc. All rights reserved.
Copyright 2008-2016 UCWeb Inc. All rights reserved.
UCBrowser.exe_3468:
.text
.text
`.rdata
`.rdata
@.data
@.data
@.rsrc
@.rsrc
@.reloc
@.reloc
SHA256 block transform for x86, CRYPTOGAMS by
SHA256 block transform for x86, CRYPTOGAMS by
HtdHtHHHt.HH
HtdHtHHHt.HH
j.Yf;
j.Yf;
_tcPVj@
_tcPVj@
.PjRW
.PjRW
d:\webapps\b\build\slave\repo\build\src\chrome\app\chrome_exe_main_win.cc
d:\webapps\b\build\slave\repo\build\src\chrome\app\chrome_exe_main_win.cc
d:\webapps\b\build\slave\repo\build\src\chrome\app\main_dll_loader_win.cc
d:\webapps\b\build\slave\repo\build\src\chrome\app\main_dll_loader_win.cc
Failed to load Chrome DLL from
Failed to load Chrome DLL from
ChromeMain
ChromeMain
RelaunchChromeBrowserWithNewCommandLineIfNeeded
RelaunchChromeBrowserWithNewCommandLineIfNeeded
RelaunchChromeBrowserWithNewCommandLineIfNeeded from
RelaunchChromeBrowserWithNewCommandLineIfNeeded from
Could not find exported function
Could not find exported function
MetricsReportingEnabled
MetricsReportingEnabled
1.3.21.115
1.3.21.115
Chrome
Chrome
0.0.0.0-devel
0.0.0.0-devel
font_key_name
font_key_name
url-chunk
url-chunk
subresource_url
subresource_url
%s-%x
%s-%x
CHROME_MAIN_TICKS
CHROME_MAIN_TICKS
d:\webapps\b\build\slave\repo\build\src\chrome\installer\util\module_util_win.cc
d:\webapps\b\build\slave\repo\build\src\chrome\installer\util\module_util_win.cc
No valid Chrome version found
No valid Chrome version found
chrome-sxs
chrome-sxs
Cannot initialize AppCommands from an invalid key.
Cannot initialize AppCommands from an invalid key.
d:\webapps\b\build\slave\repo\build\src\chrome\installer\util\app_commands.cc
d:\webapps\b\build\slave\repo\build\src\chrome\installer\util\app_commands.cc
Failed to open key "
Failed to open key "
Skipping over key "
Skipping over key "
d:\webapps\b\build\slave\repo\build\src\chrome\installer\util\language_selector.cc
d:\webapps\b\build\slave\repo\build\src\chrome\installer\util\language_selector.cc
Cannot initialize an AppCommand from an invalid key.
Cannot initialize an AppCommand from an invalid key.
d:\webapps\b\build\slave\repo\build\src\chrome\installer\util\app_command.cc
d:\webapps\b\build\slave\repo\build\src\chrome\installer\util\app_command.cc
kernel32.dll
kernel32.dll
d:\webapps\b\build\slave\repo\build\src\sandbox\win\src\sandbox_policy_base.cc
d:\webapps\b\build\slave\repo\build\src\sandbox\win\src\sandbox_policy_base.cc
CreateNamedPipeW
CreateNamedPipeW
NtCreateKey
NtCreateKey
NtOpenKey
NtOpenKey
NtOpenKeyEx
NtOpenKeyEx
CHROME_VERSION
CHROME_VERSION
CHROME_METRO_CONNECTED
CHROME_METRO_CONNECTED
CHROME_CRASHED
CHROME_CRASHED
CHROME_RESTART
CHROME_RESTART
CHROME_BREAKPAD_PIPE_NAME
CHROME_BREAKPAD_PIPE_NAME
d:\webapps\b\build\slave\repo\build\src\components\crash\content\app\breakpad_win.cc
d:\webapps\b\build\slave\repo\build\src\components\crash\content\app\breakpad_win.cc
stats-url-exit
stats-url-exit
stats-url-browser-hang
stats-url-browser-hang
stats-url
stats-url
\UCBrowser\User Data\chrome_debug.log
\UCBrowser\User Data\chrome_debug.log
origin breakpad::SetCrashKeyValueImpl
origin breakpad::SetCrashKeyValueImpl
NTDLL.DLL
NTDLL.DLL
dbghelp.dll
dbghelp.dll
SHELL32.dll
SHELL32.dll
ole32.dll
ole32.dll
function not supported
function not supported
operation canceled
operation canceled
address_family_not_supported
address_family_not_supported
operation_in_progress
operation_in_progress
operation_not_supported
operation_not_supported
protocol_not_supported
protocol_not_supported
operation_would_block
operation_would_block
address family not supported
address family not supported
broken pipe
broken pipe
inappropriate io control operation
inappropriate io control operation
not supported
not supported
operation in progress
operation in progress
operation not permitted
operation not permitted
operation not supported
operation not supported
operation would block
operation would block
protocol not supported
protocol not supported
?#%X.y
?#%X.y
GetProcessWindowStation
GetProcessWindowStation
operator
operator
@-@-@-@-
@-@-@-@-
@-@-@-@-@-@-@-@-
@-@-@-@-@-@-@-@-
(0x%X)
(0x%X)
Error (0x%X) while retrieving error. (0x%X)
Error (0x%X) while retrieving error. (0x%X)
d:\webapps\b\build\slave\repo\build\src\base\trace_event\trace_log.cc
d:\webapps\b\build\slave\repo\build\src\base\trace_event\trace_log.cc
tracing/thread_%d
tracing/thread_%d
[0;3%dm
[0;3%dm
d:\webapps\b\build\slave\repo\build\src\base\process\process_win.cc
d:\webapps\b\build\slave\repo\build\src\base\process\process_win.cc
%s-%Iu
%s-%Iu
(%d = %3.1f%%)
(%d = %3.1f%%)
Histogram.InconsistentCountHigh
Histogram.InconsistentCountHigh
Histogram.InconsistentCountLow
Histogram.InconsistentCountLow
Histogram: %s recorded %d samples
Histogram: %s recorded %d samples
(flags = 0x%x)
(flags = 0x%x)
PlatformFile.UnknownErrors.Windows
PlatformFile.UnknownErrors.Windows
user32.dll
user32.dll
WorkerThread-%d
WorkerThread-%d
.thunks
.thunks
.syzygy
.syzygy
d:\webapps\b\build\slave\repo\build\src\base\threading\thread_local_win.cc
d:\webapps\b\build\slave\repo\build\src\base\threading\thread_local_win.cc
"%d":
"%d":
d:\webapps\b\build\slave\repo\build\src\base\trace_event\trace_buffer.cc
d:\webapps\b\build\slave\repo\build\src\base\trace_event\trace_buffer.cc
renderer.scheduler
renderer.scheduler
disabled-by-default-cc.debug.picture
disabled-by-default-cc.debug.picture
disabled-by-default-cc.debug
disabled-by-default-cc.debug
disabled-by-default-toplevel.flow
disabled-by-default-toplevel.flow
d:\webapps\b\build\slave\repo\build\src\base\trace_event\memory_dump_manager.cc
d:\webapps\b\build\slave\repo\build\src\base\trace_event\memory_dump_manager.cc
%s/%s
%s/%s
MsgLoop:
MsgLoop:
\uX
\uX
d:\webapps\b\build\slave\repo\build\src\base\threading\thread.cc
d:\webapps\b\build\slave\repo\build\src\base\threading\thread.cc
%d:%s
%d:%s
Chrome.MessageLoopProblem
Chrome.MessageLoopProblem
KeyDown
KeyDown
Chrome_WidgetWin
Chrome_WidgetWin
Chrome_RenderWidgetHostHWND
Chrome_RenderWidgetHostHWND
full-memory-crash-report
full-memory-crash-report
D:\webapps\b\build\slave\repo\build\src\out\Release\initialexe\chrome.exe.pdb
D:\webapps\b\build\slave\repo\build\src\out\Release\initialexe\chrome.exe.pdb
chrome.exe
chrome.exe
ClearBreakpadPipeEnvironmentVariable
ClearBreakpadPipeEnvironmentVariable
ClearCrashKeyValueImpl
ClearCrashKeyValueImpl
SetCrashKeyValueImpl
SetCrashKeyValueImpl
SignalChromeElf
SignalChromeElf
chrome_elf.dll
chrome_elf.dll
VERSION.dll
VERSION.dll
WINMM.dll
WINMM.dll
RegCreateKeyExW
RegCreateKeyExW
RegQueryInfoKeyW
RegQueryInfoKeyW
RegOpenKeyExW
RegOpenKeyExW
RegEnumKeyExW
RegEnumKeyExW
RegCloseKey
RegCloseKey
ADVAPI32.dll
ADVAPI32.dll
MsgWaitForMultipleObjectsEx
MsgWaitForMultipleObjectsEx
CallMsgFilterW
CallMsgFilterW
CloseWindowStation
CloseWindowStation
CreateWindowStationW
CreateWindowStationW
SetProcessWindowStation
SetProcessWindowStation
USER32.dll
USER32.dll
GetProcessHeap
GetProcessHeap
GetWindowsDirectoryW
GetWindowsDirectoryW
CreateIoCompletionPort
CreateIoCompletionPort
GetProcessHandleCount
GetProcessHandleCount
KERNEL32.dll
KERNEL32.dll
USERENV.dll
USERENV.dll
GetCPInfo
GetCPInfo
SetNamedPipeHandleState
SetNamedPipeHandleState
TransactNamedPipe
TransactNamedPipe
WaitNamedPipeW
WaitNamedPipeW
zcÃ
zcÃ
UUVQcrtw
UUVQcrtw
r%s @
r%s @
nq.af
nq.af
444444444444
444444444444
474747474747
474747474747
777777777777
777777777777
777//6()/777
777//6()/777
.mmm,Y
.mmm,Y
0000000000000000000
0000000000000000000
11
11
z.sa;
z.sa;
.gaB|s
.gaB|s
D[%1x
D[%1x
>EÂu
>EÂu
.vXZZ
.vXZZ
.lecIS
.lecIS
?(.Ul
?(.Ul
.WbqfL
.WbqfL
8 8'868=8
8 8'868=8
1*11181`2
1*11181`2
>$?=?]?}?
>$?=?]?}?
?%?0?9?@?
?%?0?9?@?
>(>2>9>~>
>(>2>9>~>
=">(>,>0>4>
=">(>,>0>4>
5!5%5)5-51555
5!5%5)5-51555
7,858@8{8
7,858@8{8
9 9(90989@9
9 9(90989@9
5 5$5(5,5054585
5 5$5(5,5054585
: :$:(:,:0:4:
: :$:(:,:0:4:
config_updater.dll
config_updater.dll
updater.dll
updater.dll
chrome_watcher.dll
chrome_watcher.dll
chrome.dll
chrome.dll
chrome_child.dll
chrome_child.dll
UCBrowser.exe
UCBrowser.exe
metro_driver.dll
metro_driver.dll
{7D2B3E1D-D096-4594-9D8F-A6667F12E0AC}
{7D2B3E1D-D096-4594-9D8F-A6667F12E0AC}
{A2DF06F9-A21A-44A8-8A99-8B9C84F29160}
{A2DF06F9-A21A-44A8-8A99-8B9C84F29160}
Browse the web
Browse the web
Software\Microsoft\Windows\CurrentVersion\Uninstall\Chromium
Software\Microsoft\Windows\CurrentVersion\Uninstall\Chromium
Software\Microsoft\Windows\CurrentVersion\Uninstall\
Software\Microsoft\Windows\CurrentVersion\Uninstall\
-chrome
-chrome
-chromeframe
-chromeframe
WebAccessible
WebAccessible
E{65122CB0-EA0F-47DF-A953-017170ED12F9}
E{65122CB0-EA0F-47DF-A953-017170ED12F9}
WebKit
WebKit
Software\Microsoft\Windows\CurrentVersion\Uninstall\UCBrowser
Software\Microsoft\Windows\CurrentVersion\Uninstall\UCBrowser
HKEY_CLASSES_ROOT
HKEY_CLASSES_ROOT
HKEY_CURRENT_USER
HKEY_CURRENT_USER
HKEY_LOCAL_MACHINE
HKEY_LOCAL_MACHINE
HKEY_USERS
HKEY_USERS
HKEY_PERFORMANCE_DATA
HKEY_PERFORMANCE_DATA
HKEY_PERFORMANCE_TEXT
HKEY_PERFORMANCE_TEXT
HKEY_PERFORMANCE_NLSTEXT
HKEY_PERFORMANCE_NLSTEXT
HKEY_CURRENT_CONFIG
HKEY_CURRENT_CONFIG
HKEY_DYN_DATA
HKEY_DYN_DATA
ntdll.dll
ntdll.dll
pipe\
pipe\
Ekernel32.dll
Ekernel32.dll
kernelbase.dll
kernelbase.dll
\Sessions\%d\AppContainerNamedObjects\%ls
\Sessions\%d\AppContainerNamedObjects\%ls
ALPC Port
ALPC Port
eKey
eKey
Fkernel32.dll
Fkernel32.dll
gdi32.dll
gdi32.dll
xntdll.dll
xntdll.dll
wow_helper.exe"
wow_helper.exe"
Crash Reports
Crash Reports
script.log
script.log
resources.pak
resources.pak
chrome
chrome
pepflashplayer.dll
pepflashplayer.dll
\\.\pipe\GoogleCrashServices\
\\.\pipe\GoogleCrashServices\
\\.\pipe\UCBrowserCrashServices
\\.\pipe\UCBrowserCrashServices
error %u
error %u
%d.%d.%d.%d
%d.%d.%d.%d
unspecified-crash-key
unspecified-crash-key
stats_uploader.exe
stats_uploader.exe
Gmscoree.dll
Gmscoree.dll
- floating point support not loaded
- floating point support not loaded
- CRT not initialized
- CRT not initialized
- Attempt to initialize the CRT more than once.
- Attempt to initialize the CRT more than once.
portuguese-brazilian
portuguese-brazilian
USER32.DLL
USER32.DLL
rpcrt4.dll
rpcrt4.dll
%s\%s.dmp
%s\%s.dmp
x-x-x-xx-xxxxxx
x-x-x-xx-xxxxxx
mshtml.dll
mshtml.dll
\uninstall.exe
\uninstall.exe
SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\360
SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\360
SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Kingsoft Internet Security
SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Kingsoft Internet Security
SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\QQPCMgr
SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\QQPCMgr
SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\HuorongSysdiag
SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\HuorongSysdiag
SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\
SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\
SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\360SD
SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\360SD
Ndebug.log
Ndebug.log
BCmdLine
BCmdLine
\StringFileInfo\xx\%ls
\StringFileInfo\xx\%ls
Chrome_MessageWindow
Chrome_MessageWindow
Ntdll.dll
Ntdll.dll
Advapi32.dll
Advapi32.dll
shell32.dll
shell32.dll
DChrome_MessagePumpWindow_%p
DChrome_MessagePumpWindow_%p
Chrome Frame
Chrome Frame
{49AE23F3-CF25-4041-9387-DC9D1B578555}
{49AE23F3-CF25-4041-9387-DC9D1B578555}
{EE1C56C8-D145-437E-A83F-74406D742719}
{EE1C56C8-D145-437E-A83F-74406D742719}
%Program Files%\UCBrowser\Application\UCBrowser.exe
%Program Files%\UCBrowser\Application\UCBrowser.exe
UCWeb Inc.
UCWeb Inc.
5.6.13381.9
5.6.13381.9
chrome_exe
chrome_exe
Copyright 2008-2016 UCWeb Inc. All rights reserved.
Copyright 2008-2016 UCWeb Inc. All rights reserved.
UCBrowser.exe_2680_rwx_0730A000_000F5000:
jJh%u
jJh%u