Gen:Variant.Graftor.264320 (B) (Emsisoft), mzpefinder_pcap_file.YR (Lavasoft MAS)Behaviour: Malware
The description has been automatically generated by Lavasoft Malware Analysis System and it may contain incomplete or inaccurate information.
Summary
MD5: ccab389166c2a7b7e6f7b784a8edf3b7
SHA1: 280c07ed68f0fdf2ac1ae0a2f2d1bdacbf64daac
SHA256: 2fb616a2d5c59851a861a889d4349c4b42606e076030a32adb05b5cd02d616ed
SSDeep: 24576: O8OH8F37JqsB9n7KkVj9XCwGA6SWaQaT:QPJh kV5CQ
Size: 823808 bytes
File type: EXE
Platform: WIN32
Entropy: Not Packed
PEID: UPolyXv05_v6
Company: no certificate found
Created at: 2016-01-03 14:34:15
Analyzed on: WindowsXP SP3 32-bit
Summary: Malware. Malware, short for malicious software, is any software used to disrupt computer operation, gather sensitive information, or gain access to private computer systems.
Dynamic Analysis
Payload
No specific payload has been found.
Process activity
The Malware creates the following process(es):
dwwin.exe:1744
uninstallmodule.exe:1392
%original file name%.exe:468
The Malware injects its code into the following process(es):No processes have been created.
Mutexes
The following mutexes were created/opened:No objects were found.
File activity
The process dwwin.exe:1744 makes changes in the file system.
The Malware creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\7FEC0.dmp (74488 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\History\History.IE5\desktop.ini (159 bytes)
The process uninstallmodule.exe:1392 makes changes in the file system.
The Malware creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\fb75_appcompat.txt (1979 bytes)
The Malware deletes the following file(s):
The process %original file name%.exe:468 makes changes in the file system.
The Malware creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\uninstallmodule.exe.tmp (110740 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\_uninsep.bat (180 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\uninstallmodule.exe (6841 bytes)
Registry activity
The process dwwin.exe:1744 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "45 84 73 39 A1 66 9F E3 FD 6E 76 F7 86 7D 6A 28"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"
[HKLM\System\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache2"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache1"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65452"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"MigrateProxy" = "1"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65452"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65452"
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache4"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache3"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "3C 00 00 00 1B 00 00 00 01 00 00 00 00 00 00 00"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65452"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Personal" = "%Documents and Settings%\%current user%\My Documents"
Proxy settings are disabled:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"
The Malware deletes the following value(s) in system registry:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"
"ProxyServer"
"ProxyOverride"
The process uninstallmodule.exe:1392 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "F3 18 9F EB 0B F1 99 09 FF 8D CE 00 38 B0 07 93"
The Malware deletes the following registry key(s):
[HKLM\SOFTWARE\Microsoft\PCHealth\ErrorReporting\DW]
The Malware deletes the following value(s) in system registry:
[HKLM\SOFTWARE\Microsoft\PCHealth\ErrorReporting\DW]
"DWFileTreeRoot"
The process %original file name%.exe:468 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "91 AE 6D 30 7E 98 D7 D2 0E B5 7A CF 1A D6 B5 24"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Documents" = "%Documents and Settings%\All Users\Documents"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Desktop" = "%Documents and Settings%\%current user%\Desktop"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"
[HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache\C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp]
"_uninsep.bat" = "_uninsep"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Desktop" = "%Documents and Settings%\All Users\Desktop"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache\C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp]
"uninstallmodule.exe" = "uninstallmodule"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Personal" = "%Documents and Settings%\%current user%\My Documents"
The Malware modifies IE settings for security zones to map all urls to the Intranet Zone:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"
The Malware modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:
"UNCAsIntranet" = "1"
The Malware modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:
"ProxyBypass" = "1"
The Malware deletes the following value(s) in system registry:
The Malware disables automatic startup of the application by deleting the following autorun value:
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"IDSCPRODUCT"
Dropped PE files
MD5 | File path |
---|---|
ea8c1b5d9f7b766e04ff296758ae02db | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\uninstallmodule.exe |
ea8c1b5d9f7b766e04ff296758ae02db | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\uninstallmodule.exe.tmp |
HOSTS file anomalies
No changes have been detected.
Rootkit activity
No anomalies have been detected.
Propagation
Removals
Remove it with Ad-Aware
- Click (here) to download and install Ad-Aware Free Antivirus.
- Update the definition files.
- Run a full scan of your computer.
Manual removal*
- Terminate malicious process(es) (How to End a Process With the Task Manager):
dwwin.exe:1744
uninstallmodule.exe:1392
%original file name%.exe:468 - Delete the original Malware file.
- Delete or disinfect the following files created/modified by the Malware:
%Documents and Settings%\%current user%\Local Settings\Temp\7FEC0.dmp (74488 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\History\History.IE5\desktop.ini (159 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\fb75_appcompat.txt (1979 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\uninstallmodule.exe.tmp (110740 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\_uninsep.bat (180 bytes) - Clean the Temporary Internet Files folder, which may contain infected files (How to clean Temporary Internet Files folder).
Static Analysis
VersionInfo
Company Name: Top Game Installer
Product Name: Top Game Installer
Product Version: 1.0
Legal Copyright: Top Game Installer
Legal Trademarks:
Original Filename: Top Game Installer.exe
Internal Name: Top Game Installer
File Version: 1.0
File Description: Top Game Installer
Comments:
Language: English (United States)
Company Name: Top Game InstallerProduct Name: Top Game InstallerProduct Version: 1.0 Legal Copyright: Top Game InstallerLegal Trademarks: Original Filename: Top Game Installer.exeInternal Name: Top Game InstallerFile Version: 1.0 File Description: Top Game InstallerComments: Language: English (United States)
PE Sections
Name | Virtual Address | Virtual Size | Raw Size | Entropy | Section MD5 |
---|---|---|---|---|---|
.text | 4096 | 702060 | 702464 | 4.26703 | d78403c0efc3bc56a66b7c1d4f9f579c |
.data | 708608 | 23332 | 23552 | 0.100838 | b07224b3acd84b8b6e0fc450410d300f |
.rdata | 733184 | 62252 | 62464 | 3.87274 | dfc49cee6ba28be31b89b2d10c8b3758 |
.bss | 798720 | 4096 | 0 | 0 | d41d8cd98f00b204e9800998ecf8427e |
.edata | 802816 | 1598 | 2048 | 3.09204 | 276a0a5ad20775d1ae9e53aff007ba81 |
.idata | 806912 | 6224 | 6656 | 3.55701 | 8d96631479e9195377a207719f07d8fc |
.CRT | 815104 | 56 | 512 | 0.221488 | 94975933fb719c11f3a8757e452a06ce |
.tls | 819200 | 32 | 512 | 0.14174 | b94bb441a067f954ca855273080a7f2c |
.rsrc | 823296 | 856 | 1024 | 1.8821 | 1a990b6f248f4cf9ed3f54d7b877969d |
.reloc | 827392 | 23424 | 23552 | 4.62336 | d9537cb6f518736060ac13cb67b084c3 |
Dropped from:
Downloaded by:
Similar by SSDeep:
Similar by Lavasoft Polymorphic Checker:
Total found: 79
523c889c97eebcb4632a2c2a2fba0f0e
f4f83840a6d1859382001ffd15cb5f75
4b630f434f37d0dd82d9c702189a54ba
aace3d082e2d3abb2dd8ff674824e3a4
d51159ce3d5965d072808c5974c0e8f9
baa37f901981657ecf6353301f607539
a700f43c176c12d9eb27f6bd6f39df67
3bf59d95006b39e0a61f543cdf5b4d3d
fb1f142c97c84a46c7952867a183fa38
34debcd9f644530815b3b93e61e2337b
8004abd5d7d21dac173445a4409c8f83
8b2bb97fc20c90c613656e5367f630f9
b23769d8486c63d3c17bfd0d4b857bd6
763ef9babac4398a6987a006692ea8bf
d2b15df94bc965205bb0e753f9a97525
83ecadad63580b78bfd8b089766a344e
4ec44303f46fe3666d7d06510dfc5a13
69712554794f4fd160738c0c68966eb4
20b1179c1096e099edfd88ae02572b2c
27ca114a6b68dc4232d04500953e19d0
42d05e9e07dc3fcb1e680ae21bf99445
858021f8683ee6c7e7437979ee25e4ef
2f9c8b2ef7a888f6251f84c7cb0f72cb
97a7b8809e1642ebcf06f620deba3cc4
6f35f508794846a2695fec3d707092af
97628574fd15364a8e2b8b1e0837a49d
Network Activity
URLs
URL | IP |
---|---|
hxxp://agent.wizztrakys.com/csdi/wizzmonetize/buying_uninstaller_{ | 149.202.68.172 |
hxxp://dl.wizzuniquify.com/download/1/wizzuninstallmodule.exe | 149.202.204.67 |
hxxp://agent.wizztrakys.com/csdi/wizzmonetize/buying_uninstaller_{..|...|.."_{..|...|.."_{..|...|.."_wizzuninstallmodule_download_succeed | 149.202.68.172 |
hxxp://agent.wizztrakys.com/csdi/wizzmonetize/buying_uninstaller_{..|...|.."_{..|...|.."_{..|...|.."_wizzuninstallmodule_execute_succeed | 149.202.68.172 |
hxxp://agent.wizztrakys.com/csdi/wizzmonetize/buying_uninstaller_{..|...|.."_{..|...|.."_{..|...|.."_wizzuninstallmodule_download_start | 149.202.68.172 |
hxxp://agent.wizztrakys.com/csdi/wizzmonetize/buying_uninstaller_{..|...|.."_{..|...|.."_{..|...|.."_start | 149.202.68.172 |
hxxp://agent.wizztrakys.com/csdi/wizzmonetize/buying_uninstaller_{..|...|.."_{..|...|.."_{..|...|.."_end | 149.202.68.172 |
www.wizzmonetize.com | 149.202.85.170 |
IDS verdicts (Suricata alerts: Emerging Threats ET ruleset)
Traffic
POST /csdi/wizzmonetize/buying_uninstaller_{..|...|.."_{..|...|.."_{..|...|.."_end HTTP/1.1
Host: agent.wizztrakys.com
Accept: */*
Content-Length: 59
Content-Type: application/x-www-form-urlencoded
user_name=csdi&api_key=e3b93cef-8bd4-11e5-8538-0cc47a47968c
HTTP/1.1 200 OK
Date: Wed, 17 Feb 2016 01:30:17 GMT
Server: Apache/2.4.10 (Debian)
Set-Cookie: PHPSESSID=jsqgg5tln030f7bo1io80u06a4; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Length: 29
Content-Type: text/html; charset=UTF-8
{"message":"Track was added"}..
POST /csdi/wizzmonetize/buying_uninstaller_{..|...|.."_{..|...|.."_{..|...|.."_wizzuninstallmodule_execute_succeed HTTP/1.1
Host: agent.wizztrakys.com
Accept: */*
Content-Length: 59
Content-Type: application/x-www-form-urlencoded
user_name=csdi&api_key=e3b93cef-8bd4-11e5-8538-0cc47a47968c
HTTP/1.1 200 OK
Date: Wed, 17 Feb 2016 01:30:17 GMT
Server: Apache/2.4.10 (Debian)
Set-Cookie: PHPSESSID=7tnaotcd8nv758ikfg0hkroib3; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Length: 29
Content-Type: text/html; charset=UTF-8
{"message":"Track was added"}..
POST /csdi/wizzmonetize/buying_uninstaller_{..|...|.."_{..|...|.."_{..|...|.."_wizzuninstallmodule_download_succeed HTTP/1.1
Host: agent.wizztrakys.com
Accept: */*
Content-Length: 59
Content-Type: application/x-www-form-urlencoded
user_name=csdi&api_key=e3b93cef-8bd4-11e5-8538-0cc47a47968c
HTTP/1.1 200 OK
Date: Wed, 17 Feb 2016 01:30:16 GMT
Server: Apache/2.4.10 (Debian)
Set-Cookie: PHPSESSID=7go2qor580ga8bs5e6a8juks16; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Length: 29
Content-Type: text/html; charset=UTF-8
{"message":"Track was added"}..
GET /download/1/wizzuninstallmodule.exe HTTP/1.1
Host: dl.wizzuniquify.com
Accept: */*
HTTP/1.1 200 OK
Date: Wed, 17 Feb 2016 01:30:13 GMT
Server: Apache/2.4.10 (Debian)
Cache-Control: no-cache
Set-Cookie: laravel_session=eyJpdiI6InRQaVYyUHdRUHZlY29cL0JJbnpQbURnPT0iLCJ2YWx1ZSI6ImtsOXF2RGdjMVBtS3ZKbnpBejVtb0h5ZVo3Q0JaQ3hya2ZkVGtBTnBTSURyWXA1N3dXdXFDVHdSZ1lBYUtKWW1lTTNVTWxwZkFLYmIxajNxVlpJcXF3PT0iLCJtYWMiOiI3ZjQ0NmRmM2IzYmE1NzhiZmI1Y2QyZThiYTc3YjdhMzEyMjg4MjFjNzJlMjliMWJmNjBlMjQwY2Q0NTJjMGFiIn0=; expires=Wed, 17-Feb-2016 03:30:13 GMT; Max-Age=7200; path=/; httponly
Transfer-Encoding: chunked
Content-Type: application/x-msdownload
df600..MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L............................................ ....@..........................P................ .........................<.......................................0f......................................................D............................text...............................`.P`.data...d[... ...\..................@.p..rdata...............l..............@.p@.bss..................................p..edata..<............l..............@.0@.idata...............t..............@.0..CRT....8...........................@.0..tls.... ...........................@.0..reloc..0f.......h..................@.0B....................................................................................................................................................................................................................................................................................................&......'.......1.f.=..@.MZ..l.M.......h.M.......d.M.......t.M.....th...M..x.M...tJ..$.....n'....$.....2'....|.M....M....M..@.M.....)...=. L..tm1.......&......$.....$'....f...<.@.....@.PE......@.u...Q.f....t?f......j............].........1.......K....v...$.:D...)..1......yt...,.........1...........f...,...M..D$...M..D$...M..D$...M...$..M....M....M..D$..n&.....M...,.........'....U1........WV.U.S....|...0.25..)..D$...........@......@......@......@......@......@......@.........5x.M.........d
<<< skipped >>>
POST /csdi/wizzmonetize/buying_uninstaller_{..|...|.."_{..|...|.."_{..|...|.."_start HTTP/1.1
Host: agent.wizztrakys.com
Accept: */*
Content-Length: 59
Content-Type: application/x-www-form-urlencoded
user_name=csdi&api_key=e3b93cef-8bd4-11e5-8538-0cc47a47968c
HTTP/1.1 200 OK
Date: Wed, 17 Feb 2016 01:30:14 GMT
Server: Apache/2.4.10 (Debian)
Set-Cookie: PHPSESSID=hfidjnmjpek1nk79p0rs8p6k16; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Length: 29
Content-Type: text/html; charset=UTF-8
{"message":"Track was added"}..
POST /csdi/wizzmonetize/buying_uninstaller_{..|...|.."_{..|...|.."_{..|...|.."_wizzuninstallmodule_download_start HTTP/1.1
Host: agent.wizztrakys.com
Accept: */*
Content-Length: 59
Content-Type: application/x-www-form-urlencoded
user_name=csdi&api_key=e3b93cef-8bd4-11e5-8538-0cc47a47968c
HTTP/1.1 200 OK
Date: Wed, 17 Feb 2016 01:30:14 GMT
Server: Apache/2.4.10 (Debian)
Set-Cookie: PHPSESSID=vpk092hgu3dj7jgsu46ge098o6; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Length: 29
Content-Type: text/html; charset=UTF-8
{"message":"Track was added"}..
Map
The Malware connects to the servers at the folowing location(s):
Strings from Dumps
uninstallmodule.exe_1392:
.text
.text
P`.data
P`.data
.rdata
.rdata
p@.bss
p@.bss
.edata
.edata
0@.idata
0@.idata
.reloc
.reloc
-0123456789
-0123456789
XMLDocument error id=%d '%s' str1=%s str2=%s
XMLDocument error id=%d '%s' str1=%s str2=%s
%s>
%s>
%s?>
%s?>
config.cfg
config.cfg
%s: __pos (which is %zu) > this->size() (which is %zu)
%s: __pos (which is %zu) > this->size() (which is %zu)
&api_key=
&api_key=
CFG: Can only have unique key names!
CFG: Can only have unique key names!
workXML.xml
workXML.xml
hXXp://VVV.wizzmonetize.com/remotes_xml_sections.php
hXXp://VVV.wizzmonetize.com/remotes_xml_sections.php
getpeername() failed with errno %d: %s
getpeername() failed with errno %d: %s
getsockname() failed with errno %d: %s
getsockname() failed with errno %d: %s
ssrem inet_ntop() failed with errno %d: %s
ssrem inet_ntop() failed with errno %d: %s
ssloc inet_ntop() failed with errno %d: %s
ssloc inet_ntop() failed with errno %d: %s
sa_addr inet_ntop() failed with errno %d: %s
sa_addr inet_ntop() failed with errno %d: %s
Trying %s...
Trying %s...
Could not set TCP_NODELAY: %s
Could not set TCP_NODELAY: %s
TCP_NODELAY set
TCP_NODELAY set
Failed to set SO_KEEPALIVE on fd %d
Failed to set SO_KEEPALIVE on fd %d
Failed to set SIO_KEEPALIVE_VALS on fd %d: %d
Failed to set SIO_KEEPALIVE_VALS on fd %d: %d
Local Interface %s is ip %s using address family %i
Local Interface %s is ip %s using address family %i
Name '%s' family %i resolved to '%s' family %i
Name '%s' family %i resolved to '%s' family %i
Local port: %hu
Local port: %hu
Bind to local port %hu failed, trying next
Bind to local port %hu failed, trying next
bind failed with errno %d: %s
bind failed with errno %d: %s
Immediate connect fail for %s: %s
Immediate connect fail for %s: %s
Couldn't bind to '%s'
Couldn't bind to '%s'
Couldn't bind to interface '%s'
Couldn't bind to interface '%s'
connect to %s port %ld failed: %s
connect to %s port %ld failed: %s
Failed to connect to %s port %ld: %s
Failed to connect to %s port %ld: %s
[%s %s %s]
[%s %s %s]
Send failure: %s
Send failure: %s
Recv failure: %s
Recv failure: %s
Write callback asked for PAUSE when not supported!
Write callback asked for PAUSE when not supported!
Could not resolve %s: %s
Could not resolve %s: %s
%s:%d
%s:%d
Hostname %s was found in DNS cache
Hostname %s was found in DNS cache
%5[^:]:%d
%5[^:]:%d
Couldn't parse CURLOPT_RESOLVE removal entry '%s'!
Couldn't parse CURLOPT_RESOLVE removal entry '%s'!
%5[^:]:%d:%5s
%5[^:]:%d:%5s
Couldn't parse CURLOPT_RESOLVE entry '%s'!
Couldn't parse CURLOPT_RESOLVE entry '%s'!
Address in '%s' found illegal!
Address in '%s' found illegal!
Added %s:%d:%s to DNS cache
Added %s:%d:%s to DNS cache
IDN support not present, can't parse Unicode domains
IDN support not present, can't parse Unicode domains
CURLOPT_SSL_VERIFYHOST no longer supports 1 as value!
CURLOPT_SSL_VERIFYHOST no longer supports 1 as value!
Connected to %s (%s) port %ld (#%ld)
Connected to %s (%s) port %ld (#%ld)
User-Agent: %s
User-Agent: %s
smtp
smtp
Illegal characters found in URL
Illegal characters found in URL
[^:]:%[^
[^:]:%[^
:]://%[^
:]://%[^
malformed
malformed
SMTP.
SMTP.
Rebuilt URL to: %s
Rebuilt URL to: %s
Please URL encode %% as %%, see RFC 6874.
Please URL encode %% as %%, see RFC 6874.
Protocol "%s" not supported or disabled in libcurl
Protocol "%s" not supported or disabled in libcurl
%s://%s
%s://%s
http_proxy
http_proxy
[%*45[0123456789abcdefABCDEF:.]%c
[%*45[0123456789abcdefABCDEF:.]%c
;type=%c
;type=%c
%s://%s%s%s:%hu%s%s%s
%s://%s%s%s:%hu%s%s%s
Port number out of range
Port number out of range
Couldn't find host %s in the _netrc file; using defaults
Couldn't find host %s in the _netrc file; using defaults
PTF@example.com
PTF@example.com
Found bundle for host %s: %p
Found bundle for host %s: %p
Server doesn't support multi-use yet, wait
Server doesn't support multi-use yet, wait
Server doesn't support multi-use (yet)
Server doesn't support multi-use (yet)
Pipe is full, skip (%zu)
Pipe is full, skip (%zu)
Multiplexed connection found!
Multiplexed connection found!
Found connection %ld, with requests in the pipe (%zu)
Found connection %ld, with requests in the pipe (%zu)
Re-using existing connection! (#%ld) with %s %s
Re-using existing connection! (#%ld) with %s %s
No more connections allowed to host: %d
No more connections allowed to host: %d
Couldn't resolve host '%s'
Couldn't resolve host '%s'
Couldn't resolve proxy '%s'
Couldn't resolve proxy '%s'
Connection #%ld to host %s left intact
Connection #%ld to host %s left intact
Curl_poll(%d ds, %d ms)
Curl_poll(%d ds, %d ms)
Internal error clearing splay node = %d
Internal error clearing splay node = %d
Internal error removing splay node = %d
Internal error removing splay node = %d
Pipe broke: handle %p, url = %s
Pipe broke: handle %p, url = %s
In state %d with no easy_conn, bail out!
In state %d with no easy_conn, bail out!
Operation timed out after %ld milliseconds with %I64d out of %I64d bytes received
Operation timed out after %ld milliseconds with %I64d out of %I64d bytes received
Operation timed out after %ld milliseconds with %I64d bytes received
Operation timed out after %ld milliseconds with %I64d bytes received
#HttpOnly_
#HttpOnly_
%s%s%s
%s%s%s
23[^;
23[^;
=] =I99[^;
=] =I99[^;
httponly
httponly
skipped cookie with bad tailmatch domain: %s
skipped cookie with bad tailmatch domain: %s
%s cookie %s="%s" for domain %s, path %s, expire %I64d
%s cookie %s="%s" for domain %s, path %s, expire %I64d
ignoring failed cookie_init for %s
ignoring failed cookie_init for %s
# Netscape HTTP Cookie File
# Netscape HTTP Cookie File
# hXXp://curl.haxx.se/docs/http-cookies.html
# hXXp://curl.haxx.se/docs/http-cookies.html
# This file was generated by libcurl! Edit at your own risk.
# This file was generated by libcurl! Edit at your own risk.
# Fatal libcurl error
# Fatal libcurl error
WARNING: failed to save cookies in %s
WARNING: failed to save cookies in %s
%d.%d.%d.%d
%d.%d.%d.%d
CURLSHcode unknown
CURLSHcode unknown
Protocol option is unsupported
Protocol option is unsupported
Protocol is unsupported
Protocol is unsupported
Socket is unsupported
Socket is unsupported
Operation not supported
Operation not supported
Address family not supported
Address family not supported
Protocol family not supported
Protocol family not supported
Winsock version not supported
Winsock version not supported
Unknown error %d (%#x)
Unknown error %d (%#x)
Please call curl_multi_perform() soon
Please call curl_multi_perform() soon
Unsupported protocol
Unsupported protocol
URL using bad/illegal format or missing URL
URL using bad/illegal format or missing URL
A requested feature, protocol or option was not found built-in in this libcurl due to a build-time decision.
A requested feature, protocol or option was not found built-in in this libcurl due to a build-time decision.
FTP: weird server reply
FTP: weird server reply
FTP: The server failed to connect to data port
FTP: The server failed to connect to data port
FTP: unknown PASS reply
FTP: unknown PASS reply
FTP: Accepting server connect has timed out
FTP: Accepting server connect has timed out
FTP: unknown PASV reply
FTP: unknown PASV reply
FTP: unknown 227 response format
FTP: unknown 227 response format
FTP: can't figure out the host in the PASV response
FTP: can't figure out the host in the PASV response
Error in the HTTP2 framing layer
Error in the HTTP2 framing layer
FTP: couldn't set file type
FTP: couldn't set file type
FTP: couldn't retrieve (RETR failed) the specified file
FTP: couldn't retrieve (RETR failed) the specified file
HTTP response code said error
HTTP response code said error
FTP: command PORT failed
FTP: command PORT failed
FTP: command REST failed
FTP: command REST failed
Operation was aborted by an application callback
Operation was aborted by an application callback
A libcurl function was given a bad argument
A libcurl function was given a bad argument
An unknown option was passed in to libcurl
An unknown option was passed in to libcurl
SSL peer certificate or SSH remote key was not OK
SSL peer certificate or SSH remote key was not OK
Problem with the local SSL certificate
Problem with the local SSL certificate
Peer certificate cannot be authenticated with given CA certificates
Peer certificate cannot be authenticated with given CA certificates
Unrecognized or bad HTTP Content or Transfer-Encoding
Unrecognized or bad HTTP Content or Transfer-Encoding
Invalid LDAP URL
Invalid LDAP URL
Login denied
Login denied
TFTP: File Not Found
TFTP: File Not Found
TFTP: Access Violation
TFTP: Access Violation
TFTP: Illegal operation
TFTP: Illegal operation
TFTP: Unknown transfer ID
TFTP: Unknown transfer ID
TFTP: No such user
TFTP: No such user
Caller must register CURLOPT_CONV_ callback options
Caller must register CURLOPT_CONV_ callback options
Problem with the SSL CA cert (path? access rights?)
Problem with the SSL CA cert (path? access rights?)
Error in the SSH layer
Error in the SSH layer
Issuer check against peer certificate failed
Issuer check against peer certificate failed
FTP: The server did not accept the PRET command.
FTP: The server did not accept the PRET command.
Unable to parse FTP file list
Unable to parse FTP file list
SSL public key does not match pinned public key
SSL public key does not match pinned public key
SSL server certificate status verification FAILED
SSL server certificate status verification FAILED
0123456789
0123456789
%3I64d %s %3I64d %s %3I64d %s %s %s %s %s %s %s
%3I64d %s %3I64d %s %3I64d %s %s %s %s %s %s %s
HTTP/
HTTP/
Avoided giant realloc for header (max is %d)!
Avoided giant realloc for header (max is %d)!
%s:%s
%s:%s
%sAuthorization: Basic %s
%sAuthorization: Basic %s
%s auth using %s with user '%s'
%s auth using %s with user '%s'
The requested URL returned error: %d
The requested URL returned error: %d
%s, d %s M d:d:d GMT
%s, d %s M d:d:d GMT
If-Modified-Since: %s
If-Modified-Since: %s
If-Unmodified-Since: %s
If-Unmodified-Since: %s
Last-Modified: %s
Last-Modified: %s
Referer: %s
Referer: %s
Accept-Encoding: %s
Accept-Encoding: %s
Host: %s%s%s
Host: %s%s%s
Host: %s%s%s:%hu
Host: %s%s%s:%hu
PTF://
PTF://
Range: bytes=%s
Range: bytes=%s
Content-Range: bytes %s%I64d/%I64d
Content-Range: bytes %s%I64d/%I64d
Content-Range: bytes %s/%I64d
Content-Range: bytes %s/%I64d
PTF://%s:%s@%s
PTF://%s:%s@%s
%s HTTP/%s
%s HTTP/%s
%s%s%s%s%s%s%s%s%s%s%s
%s%s%s%s%s%s%s%s%s%s%s
%s%s=%s
%s%s=%s
Internal HTTP POST error!
Internal HTTP POST error!
Content-Type: application/x-www-form-urlencoded
Content-Type: application/x-www-form-urlencoded
Failed sending HTTP POST request
Failed sending HTTP POST request
Failed sending HTTP request
Failed sending HTTP request
Chunky upload is not supported by HTTP 1.0
Chunky upload is not supported by HTTP 1.0
Connection closure while negotiating auth (HTTP 1.0?)
Connection closure while negotiating auth (HTTP 1.0?)
HTTP error before end of send, stop sending
HTTP error before end of send, stop sending
HTTP/%d.%d %d
HTTP/%d.%d %d
Lying server, not serving HTTP/2
Lying server, not serving HTTP/2
HTTP =
HTTP =
RTSP/%d.%d =
RTSP/%d.%d =
The requested URL returned error: %s
The requested URL returned error: %s
HTTP 1.0, assume close after body
HTTP 1.0, assume close after body
HTTP/1.0 proxy connection set to keep alive!
HTTP/1.0 proxy connection set to keep alive!
HTTP/1.1 proxy connection set close!
HTTP/1.1 proxy connection set close!
HTTP/1.0 connection set to keep alive!
HTTP/1.0 connection set to keep alive!
%%X
%%X
%sAuthorization: Digest %s
%sAuthorization: Digest %s
%sAuthorization: NTLM %s
%sAuthorization: NTLM %s
Conn: %ld (%p) Receive pipe weight: (%I64d/%zu), penalized: %s
Conn: %ld (%p) Receive pipe weight: (%I64d/%zu), penalized: %s
Site %s:%d is pipeline blacklisted
Site %s:%d is pipeline blacklisted
Server %s is blacklisted
Server %s is blacklisted
SOCKS4 communication to %s:%d
SOCKS4 communication to %s:%d
SOCKS4 connect to %s (locally resolved)
SOCKS4 connect to %s (locally resolved)
Failed to resolve "%s" for SOCKS4 connect.
Failed to resolve "%s" for SOCKS4 connect.
SOCKS4%s request granted.
SOCKS4%s request granted.
Can't complete SOCKS4 connection to %d.%d.%d.%d:%d. (%d), request rejected or failed.
Can't complete SOCKS4 connection to %d.%d.%d.%d:%d. (%d), request rejected or failed.
Can't complete SOCKS4 connection to %d.%d.%d.%d:%d. (%d), request rejected because SOCKS server cannot connect to identd on the client.
Can't complete SOCKS4 connection to %d.%d.%d.%d:%d. (%d), request rejected because SOCKS server cannot connect to identd on the client.
Can't complete SOCKS4 connection to %d.%d.%d.%d:%d. (%d), request rejected because the client program and identd report different user-ids.
Can't complete SOCKS4 connection to %d.%d.%d.%d:%d. (%d), request rejected because the client program and identd report different user-ids.
Can't complete SOCKS4 connection to %d.%d.%d.%d:%d. (%d), Unknown.
Can't complete SOCKS4 connection to %d.%d.%d.%d:%d. (%d), Unknown.
User was rejected by the SOCKS5 server (%d %d).
User was rejected by the SOCKS5 server (%d %d).
SOCKS5 GSSAPI per-message authentication is not supported.
SOCKS5 GSSAPI per-message authentication is not supported.
No authentication method was acceptable. (It is quite likely that the SOCKS5 server wanted a username/password, since none was supplied to the server on this connection.)
No authentication method was acceptable. (It is quite likely that the SOCKS5 server wanted a username/password, since none was supplied to the server on this connection.)
Failed to resolve "%s" for SOCKS5 connect.
Failed to resolve "%s" for SOCKS5 connect.
Can't complete SOCKS5 connection to %d.%d.%d.%d:%d. (%d)
Can't complete SOCKS5 connection to %d.%d.%d.%d:%d. (%d)
Can't complete SOCKS5 connection to %s:%d. (%d)
Can't complete SOCKS5 connection to %s:%d. (%d)
Can't complete SOCKS5 connection to xx:xx:xx:xx:xx:xx:xx:xx:%d. (%d)
Can't complete SOCKS5 connection to xx:xx:xx:xx:xx:xx:xx:xx:%d. (%d)
Establish HTTP proxy tunnel to %s:%hu
Establish HTTP proxy tunnel to %s:%hu
%s:%hu
%s:%hu
%s%s%s:%hu
%s%s%s:%hu
Host: %s
Host: %s
CONNECT %s HTTP/%s
CONNECT %s HTTP/%s
%s%s%s%s
%s%s%s%s
HTTP/1.%d %d
HTTP/1.%d %d
TUNNEL_STATE switched to: %d
TUNNEL_STATE switched to: %d
Received HTTP code %d from proxy after CONNECT
Received HTTP code %d from proxy after CONNECT
Operation too slow. Less than %ld bytes/sec transferred the last %ld seconds
Operation too slow. Less than %ld bytes/sec transferred the last %ld seconds
login
login
password
password
operation aborted by callback
operation aborted by callback
Read callback asked for PAUSE when not supported!
Read callback asked for PAUSE when not supported!
seek callback returned error %d
seek callback returned error %d
the ioctl callback returned %d
the ioctl callback returned %d
ioctl callback returned error %d
ioctl callback returned error %d
Rewinding stream by : %zd bytes on url %s (zero-length body)
Rewinding stream by : %zd bytes on url %s (zero-length body)
Excess found in a non pipelined read: excess = %zd url = %s (zero-length body)
Excess found in a non pipelined read: excess = %zd url = %s (zero-length body)
HTTP server doesn't seem to support byte ranges. Cannot resume.
HTTP server doesn't seem to support byte ranges. Cannot resume.
Simulate a HTTP 304 response!
Simulate a HTTP 304 response!
%s in chunked-encoding
%s in chunked-encoding
Rewinding stream by : %zu bytes on url %s (size = %I64d, maxdownload = %I64d, bytecount = %I64d, nread = %zd)
Rewinding stream by : %zu bytes on url %s (size = %I64d, maxdownload = %I64d, bytecount = %I64d, nread = %zd)
Excess found in a non pipelined read: excess = %zu, size = %I64d, maxdownload = %I64d, bytecount = %I64d
Excess found in a non pipelined read: excess = %zu, size = %I64d, maxdownload = %I64d, bytecount = %I64d
No URL set!
No URL set!
[^?&/:]://%c
[^?&/:]://%c
Issue another request to this URL: '%s'
Issue another request to this URL: '%s'
Disables POST, goes with %s
Disables POST, goes with %s
d:d:d
d:d:d
d:d
d:d
------------------------xx
------------------------xx
; filename="%s"
; filename="%s"
%s; boundary=%s
%s; boundary=%s
Content-Type: multipart/mixed; boundary=%s
Content-Type: multipart/mixed; boundary=%s
Content-Type: %s
Content-Type: %s
couldn't open file "%s"
couldn't open file "%s"
--%s--
--%s--
.jpeg
.jpeg
.html
.html
%c%c==
%c%c==
%c%c%c=
%c%c%c=
%c%c%c%c
%c%c%c%c
user=%s
user=%s
auth=Bearer %s
auth=Bearer %s
%s/%s
%s/%s
xxxx
xxxx
username="%s",realm="%s",nonce="%s",cnonce="%s",nc="%s",digest-uri="%s",response=%s,qop=%s
username="%s",realm="%s",nonce="%s",cnonce="%s",nc="%s",digest-uri="%s",response=%s,qop=%s
%s:%s:%s
%s:%s:%s
%s:%s:x:%s:%s:%s
%s:%s:x:%s:%s:%s
username="%s", realm="%s", nonce="%s", uri="%s", cnonce="%s", nc=x, qop=%s, response="%s"
username="%s", realm="%s", nonce="%s", uri="%s", cnonce="%s", nc=x, qop=%s, response="%s"
username="%s", realm="%s", nonce="%s", uri="%s", response="%s"
username="%s", realm="%s", nonce="%s", uri="%s", response="%s"
%s, opaque="%s"
%s, opaque="%s"
%s, algorithm="%s"
%s, algorithm="%s"
LOGIN
LOGIN
%s xxxxxxxxxxxxxxxx
%s xxxxxxxxxxxxxxxx
Unsupported SASL authentication mechanism
Unsupported SASL authentication mechanism
NTLMSSP%c
NTLMSSP%c
%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%s%s
%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%s%s
%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c
%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c
not enough space for format expansion (Please submit full bug report at hXXp://gcc.gnu.org/bugs.html):
not enough space for format expansion (Please submit full bug report at hXXp://gcc.gnu.org/bugs.html):
%m/%d/%y
%m/%d/%y
%H:%M:%S
%H:%M:%S
operator
operator
operator
operator
global constructors keyed to
global constructors keyed to
global destructors keyed to
global destructors keyed to
operator""
operator""
_matherr(): %s in %s(%g, %g) (retval=%g)
_matherr(): %s in %s(%g, %g) (retval=%g)
VirtualQuery failed for %d bytes at address %p
VirtualQuery failed for %d bytes at address %p
VirtualProtect failed with code 0x%x
VirtualProtect failed with code 0x%x
Unknown pseudo relocation protocol version %d.
Unknown pseudo relocation protocol version %d.
Unknown pseudo relocation bit size %d.
Unknown pseudo relocation bit size %d.
use_fc_key
use_fc_key
fc_key
fc_key
Assertion failed: (%s), file %s, line %d
Assertion failed: (%s), file %s, line %d
M%p %d %s
M%p %d %s
M%p %d V=%0X B=%d t=%d o=%d C=%d R=%d H=%p %s
M%p %d V=%0X B=%d t=%d o=%d C=%d R=%d H=%p %s
once %p is %d
once %p is %d
_pthread_key_dest_shmem
_pthread_key_dest_shmem
_pthread_key_lock_shmem
_pthread_key_lock_shmem
_pthread_key_max_shmem
_pthread_key_max_shmem
_pthread_key_sch_shmem
_pthread_key_sch_shmem
T%p %d %s
T%p %d %s
T%p %d V=%0X H=%p %s
T%p %d V=%0X H=%p %s
C%p %d %s
C%p %d %s
C%p %d V=%0X w=%ld %s
C%p %d V=%0X w=%ld %s
RWL%p %d %s
RWL%p %d %s
RWL%p %d V=%0X B=%d r=%ld w=%ld L=%p %s
RWL%p %d V=%0X B=%d r=%ld w=%ld L=%p %s
GCC: (GNU) 4.9.2
GCC: (GNU) 4.9.2
GCC: (tdm64-1) 4.9.2
GCC: (tdm64-1) 4.9.2
wizzuninstallmodule.exe
wizzuninstallmodule.exe
curl_easy_cleanup
curl_easy_cleanup
curl_easy_duphandle
curl_easy_duphandle
curl_easy_escape
curl_easy_escape
curl_easy_getinfo
curl_easy_getinfo
curl_easy_init
curl_easy_init
curl_easy_pause
curl_easy_pause
curl_easy_perform
curl_easy_perform
curl_easy_recv
curl_easy_recv
curl_easy_reset
curl_easy_reset
curl_easy_send
curl_easy_send
curl_easy_setopt
curl_easy_setopt
curl_easy_strerror
curl_easy_strerror
curl_easy_unescape
curl_easy_unescape
curl_escape
curl_escape
curl_formadd
curl_formadd
curl_formfree
curl_formfree
curl_formget
curl_formget
curl_free
curl_free
curl_getdate
curl_getdate
curl_getenv
curl_getenv
curl_global_cleanup
curl_global_cleanup
curl_global_init
curl_global_init
curl_global_init_mem
curl_global_init_mem
curl_maprintf
curl_maprintf
curl_mfprintf
curl_mfprintf
curl_mprintf
curl_mprintf
curl_msnprintf
curl_msnprintf
curl_msprintf
curl_msprintf
curl_multi_add_handle
curl_multi_add_handle
curl_multi_assign
curl_multi_assign
curl_multi_cleanup
curl_multi_cleanup
curl_multi_fdset
curl_multi_fdset
curl_multi_info_read
curl_multi_info_read
curl_multi_init
curl_multi_init
curl_multi_perform
curl_multi_perform
curl_multi_remove_handle
curl_multi_remove_handle
curl_multi_setopt
curl_multi_setopt
curl_multi_socket
curl_multi_socket
curl_multi_socket_action
curl_multi_socket_action
curl_multi_socket_all
curl_multi_socket_all
curl_multi_strerror
curl_multi_strerror
curl_multi_timeout
curl_multi_timeout
curl_multi_wait
curl_multi_wait
curl_mvaprintf
curl_mvaprintf
curl_mvfprintf
curl_mvfprintf
curl_mvprintf
curl_mvprintf
curl_mvsnprintf
curl_mvsnprintf
curl_mvsprintf
curl_mvsprintf
curl_share_cleanup
curl_share_cleanup
curl_share_init
curl_share_init
curl_share_setopt
curl_share_setopt
curl_share_strerror
curl_share_strerror
curl_slist_append
curl_slist_append
curl_slist_free_all
curl_slist_free_all
curl_strequal
curl_strequal
curl_strnequal
curl_strnequal
curl_unescape
curl_unescape
CryptDestroyKey
CryptDestroyKey
CryptImportKey
CryptImportKey
RegCloseKey
RegCloseKey
RegCreateKeyExA
RegCreateKeyExA
RegOpenKeyA
RegOpenKeyA
RegOpenKeyExA
RegOpenKeyExA
_acmdln
_acmdln
_amsg_exit
_amsg_exit
ShellExecuteExA
ShellExecuteExA
ADVAPI32.dll
ADVAPI32.dll
KERNEL32.dll
KERNEL32.dll
msvcrt.dll
msvcrt.dll
SHELL32.DLL
SHELL32.DLL
WS2_32.dll
WS2_32.dll
WSOCK32.DLL
WSOCK32.DLL
2%2C2L2b2
2%2C2L2b2
2.282>2^2
2.282>2^2
3/464=4}4
3/464=4}4
7 80878 90979
7 80878 90979
8 9(909\9
8 9(909\9
=0>8>@>^>
=0>8>@>^>
> >$>0>4>8>
> >$>0>4>8>
: :$:(:,:0:4:8:
: :$:(:,:0:4:8:
;$;(;,;0;4;8;
;$;(;,;0;4;8;
c%m/%d/%y
c%m/%d/%y
emsvcrt.dll
emsvcrt.dll
!"#$%&'()* ,-./012345678
!"#$%&'()* ,-./012345678