Gen:Variant.Application.Bundler.Jaik.5699 (BitDefender), AirInstaller (fs) (VIPRE), Trojan.DownLoader12.14838 (DrWeb), Artemis!A371CD1D3E28 (McAfee), Gen:Variant.Application.Bundler (FSecure), Generic.D52 (AVG), Gen:Variant.Application.Bundler.Jaik.5699 (AdAware)Behaviour: Trojan, Installer
The description has been automatically generated by Lavasoft Malware Analysis System and it may contain incomplete or inaccurate information.
Summary
MD5: a371cd1d3e283d35ca2394f322e56e1c
SHA1: 9603632b93c04cf2bc5debf91565e9ced98e296f
SHA256: 13b8ab9441859a68dfe2e384885ca8f95e5e1b7c5d91b03e9e7f89fbf6c11114
SSDeep: 24576:LbFdxlYmY5Kq2w7R0zUSh8wV1EzwlA5rGnK4S8eciG5/RTjW:LZdabezUSh8wV1EzwlUGnK4S85/Q
Size: 807208 bytes
File type: EXE
Platform: WIN32
Entropy: Packed
PEID: UPolyXv05_v6
Company: Download Manager, LLC
Created at: 2015-01-28 21:30:21
Analyzed on: WindowsXP SP3 32-bit
Summary: Trojan. A program that appears to do one thing but actually does another (a.k.a. Trojan Horse).
Dynamic Analysis
Payload
No specific payload has been found.
Process activity
The Trojan creates the following process(es):
Setup.exe:392
%original file name%.exe:1972
The Trojan injects its code into the following process(es):No processes have been created.
Mutexes
The following mutexes were created/opened:
23f1833664d3b658b5782dd014c9dd98WininetProxyRegistryMutexWininetConnectionMutexWininetStartupMutexc:!documents and settings!adm!local settings!history!history.ie5!c:!documents and settings!adm!cookies!c:!documents and settings!adm!local settings!temporary internet files!content.ie5!_!MSFTHISTORY!_ZonesLockedCacheCounterMutexZonesCacheCounterMutexZonesCounterMutex
File activity
The process %original file name%.exe:1972 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\a2Xdc7Q7nH\Wc6wlCSd\Setup.exe (5873 bytes)
%Documents and Settings%\%current user%\Local Settings\History\History.IE5\desktop.ini (159 bytes)
Registry activity
The process Setup.exe:392 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "3C 39 59 5E C2 EB D4 E8 10 93 A3 8C 89 18 45 D9"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache2"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache1"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65452"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65452"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65452"
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache4"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache3"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"
[HKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SECURITYBAND]
"setup.exe" = "0"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65452"
[HKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_NAVIGATION_SOUNDS]
"setup.exe" = "1"
[HKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN]
"setup.exe" = "0"
The process %original file name%.exe:1972 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "A9 3E 46 83 9A 96 CC E4 AD 4C 6F 09 18 AB 0D F8"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache2"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache1"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65452"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65452"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65452"
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache4"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache3"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65452"
Dropped PE files
There are no dropped PE files.
HOSTS file anomalies
No changes have been detected.
Rootkit activity
No anomalies have been detected.
Propagation
Removals
Remove it with Ad-Aware
- Click (here) to download and install Ad-Aware Free Antivirus.
- Update the definition files.
- Run a full scan of your computer.
Manual removal*
- Terminate malicious process(es) (How to End a Process With the Task Manager):
Setup.exe:392
%original file name%.exe:1972 - Delete the original Trojan file.
- Delete or disinfect the following files created/modified by the Trojan:
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\a2Xdc7Q7nH\Wc6wlCSd\Setup.exe (5873 bytes)
%Documents and Settings%\%current user%\Local Settings\History\History.IE5\desktop.ini (159 bytes)
Static Analysis
VersionInfo
Company Name: Download Manager, LLC
Product Name: MalwareBytes
Product Version: 3.0.0.73
Legal Copyright: (c) Download Manager, LLC
Legal Trademarks:
Original Filename: malwarebytes.exe
Internal Name: malwarebytes.exe
File Version: 3.0.0.73
File Description: MalwareBytes
Comments:
Language: Language Neutral
Company Name: Download Manager, LLCProduct Name: MalwareBytes Product Version: 3.0.0.73Legal Copyright: (c) Download Manager, LLCLegal Trademarks: Original Filename: malwarebytes.exeInternal Name: malwarebytes.exeFile Version: 3.0.0.73File Description: MalwareBytes Comments: Language: Language Neutral
PE Sections
Name | Virtual Address | Virtual Size | Raw Size | Entropy | Section MD5 |
---|---|---|---|---|---|
.text | 4096 | 482304 | 482304 | 4.71958 | 149e63c29ec0099730256a183b8a8192 |
.rdata | 487424 | 139264 | 139264 | 4.24437 | 7215344e9f07d64c89d0d49bd82f18f8 |
.data | 626688 | 53124 | 9216 | 2.8472 | 54b9106d6a0751971f1712f70e4330c4 |
.rsrc | 679936 | 170436 | 170496 | 5.44521 | 99762b78b5313795d5633b65967029fb |
Dropped from:
Downloaded by:
Similar by SSDeep:
Similar by Lavasoft Polymorphic Checker:
Total found: 14
7110d4223f11285cee1bac3fc4254832
ab5b5fde76ae0ce01e5a356371ecaa40
aa040b3d62dc94777a8f66fbe284722d
54965ec29ab51ff912de20ee306eb641
417046fb1a8695cd97dbb7c50acecfc4
204dc6cae13f40143a0c09caa4fb9ac2
7facd8628e317e9eba49af4acff2975c
8099e58a87d7af8ff17f2329c537da66
41dab257a87128e0d85021292c1e5f06
ab3fea929e598e33187ce5c734913bdb
5b9a3fc8049384e760541c830919a748
32ad4003622f045ec4749b2db9ab1209
549854fa805525b65136fad66c11d074
389dfd9a5f54de94beba8a6ab57c9b44
Network Activity
URLs
IDS verdicts (Suricata alerts: Emerging Threats ET ruleset)
Traffic
Map
The Trojan connects to the servers at the folowing location(s):
Strings from Dumps
%original file name%.exe_1972:
.text
.text
`.rdata
`.rdata
@.data
@.data
.rsrc
.rsrc
@.reloc
@.reloc
PSSSSSSh
PSSSSSSh
>.YYu
>.YYu
VWj%S
VWj%S
?%u/F
?%u/F
xSSSh
xSSSh
FTPjKS
FTPjKS
FtPj;S
FtPj;S
C.PjRV
C.PjRV
&&&&6666????
&&&&6666????
""""****
""""****
2222::::
2222::::
$$$$\\\\
$$$$\\\\
00006666
00006666
####====
####====
function
function
function '%s'
function '%s'
(...tail calls...)
(...tail calls...)
%s:%d:
%s:%d:
%s: %s
%s: %s
stack overflow (%s)
stack overflow (%s)
cannot %s %s: %s
cannot %s %s: %s
%s: %p
%s: %p
name conflict for module '%s'
name conflict for module '%s'
PANIC: unprotected error in call to Lua API (%s)
PANIC: unprotected error in call to Lua API (%s)
version mismatch: app. needs %f, Lua core provides %f
version mismatch: app. needs %f, Lua core provides %f
bad argument #%d to '%s' (%s)
bad argument #%d to '%s' (%s)
calling '%s' on bad self (%s)
calling '%s' on bad self (%s)
bad argument #%d (%s)
bad argument #%d (%s)
%s expected, got %s
%s expected, got %s
@invalid option '%s'
@invalid option '%s'
$LuaVersion: Lua 5.2.3 Copyright (C) 1994-2013 Lua.org, PUC-Rio $$LuaAuthors: R. Ierusalimschy, L. H. de Figueiredo, W. Celes $
$LuaVersion: Lua 5.2.3 Copyright (C) 1994-2013 Lua.org, PUC-Rio $$LuaAuthors: R. Ierusalimschy, L. H. de Figueiredo, W. Celes $
%s:%d: %s
%s:%d: %s
attempt to %s %s '%s' (a %s value)
attempt to %s %s '%s' (a %s value)
attempt to %s a %s value
attempt to %s a %s value
attempt to compare %s with %s
attempt to compare %s with %s
attempt to compare two %s values
attempt to compare two %s values
invalid option '%%%c' to 'lua_pushfstring'
invalid option '%%%c' to 'lua_pushfstring'
attempt to load a %s chunk (mode is '%s')
attempt to load a %s chunk (mode is '%s')
error in __gc metamethod (%s)
error in __gc metamethod (%s)
Ainvalid key to 'next'
Ainvalid key to 'next'
upvaluejoin
upvaluejoin
_HKEY
_HKEY
invalid capture index %%%d
invalid capture index %%%d
missing '[' after '%%f' in pattern
missing '[' after '%%f' in pattern
^$* ?.([%-
^$* ?.([%-
invalid use of '%c' in replacement string
invalid use of '%c' in replacement string
invalid replacement value (a %s)
invalid replacement value (a %s)
\d
\d
invalid option '%%%c' to 'format'
invalid option '%%%c' to 'format'
@field '%s' missing in date table
@field '%s' missing in date table
invalid conversion specifier '%%%s'
invalid conversion specifier '%%%s'
cannot open file '%s' (%s)
cannot open file '%s' (%s)
standard %s file is closed
standard %s file is closed
invalid value (%s) at index %d in table for 'concat'
invalid value (%s) at index %d in table for 'concat'
system error %d
system error %d
no file '%s'
no file '%s'
'package.%s' must be a string
'package.%s' must be a string
error loading module '%s' from file '%s':
error loading module '%s' from file '%s':
luaopen_%s
luaopen_%s
no module '%s' in file '%s'
no module '%s' in file '%s'
no field package.preload['%s']
no field package.preload['%s']
module '%s' not found:%s
module '%s' not found:%s
'package.searchers' must be a table
'package.searchers' must be a table
!\?.dll;!\loadall.dll;.\?.dll
!\?.dll;!\loadall.dll;.\?.dll
!\lua\?.lua;!\lua\?\init.lua;!\?.lua;!\?\init.lua;.\?.lua
!\lua\?.lua;!\lua\?\init.lua;!\?.lua;!\?\init.lua;.\?.lua
too many %s (limit is %d)
too many %s (limit is %d)
char(%d)
char(%d)
%s near %s
%s near %s
%s expected
%s expected
too many %s (limit is %d) in %s
too many %s (limit is %d) in %s
function at line %d
function at line %d
%s expected (to close %s at line %d)
%s expected (to close %s at line %d)
at line %d jumps into the scope of local '%s'
at line %d jumps into the scope of local '%s'
no visible label '%s' for at line %d
no visible label '%s' for at line %d
at line %d not inside a loop
at line %d not inside a loop
label '%s' already defined on line %d
label '%s' already defined on line %d
%s: %s precompiled chunk
%s: %s precompiled chunk
Visual C CRT: Not enough memory to complete call to strerror.
Visual C CRT: Not enough memory to complete call to strerror.
cmd.exe
cmd.exe
Broken pipe
Broken pipe
Inappropriate I/O control operation
Inappropriate I/O control operation
Operation not permitted
Operation not permitted
?#%X.y
?#%X.y
%S#[k
%S#[k
portuguese-brazilian
portuguese-brazilian
GetProcessWindowStation
GetProcessWindowStation
operator
operator
?456789:;
?456789:;
!"#$%&'()* ,-./0123
!"#$%&'()* ,-./0123
bit library self-test failed (%s)
bit library self-test failed (%s)
crash report crypt failed
crash report crypt failed
) on url:
) on url:
CoInternetParseUrl failed (
CoInternetParseUrl failed (
unsupported
unsupported
Unsupported data type
Unsupported data type
POWRPROF.dll
POWRPROF.dll
CoInternetParseUrl
CoInternetParseUrl
URLDownloadToFileW
URLDownloadToFileW
urlmon.dll
urlmon.dll
IPHLPAPI.DLL
IPHLPAPI.DLL
dbghelp.dll
dbghelp.dll
VERSION.dll
VERSION.dll
SHFileOperationW
SHFileOperationW
ShellExecuteExW
ShellExecuteExW
SHELL32.dll
SHELL32.dll
SHDeleteKeyW
SHDeleteKeyW
SHLWAPI.dll
SHLWAPI.dll
KERNEL32.dll
KERNEL32.dll
GetKeyState
GetKeyState
USER32.dll
USER32.dll
GDI32.dll
GDI32.dll
RegOpenKeyExA
RegOpenKeyExA
RegCloseKey
RegCloseKey
RegCreateKeyExW
RegCreateKeyExW
RegQueryInfoKeyW
RegQueryInfoKeyW
RegOpenKeyExW
RegOpenKeyExW
RegEnumKeyExW
RegEnumKeyExW
ADVAPI32.dll
ADVAPI32.dll
ole32.dll
ole32.dll
OLEAUT32.dll
OLEAUT32.dll
HttpQueryInfoA
HttpQueryInfoA
InternetCrackUrlW
InternetCrackUrlW
HttpSendRequestW
HttpSendRequestW
HttpAddRequestHeadersW
HttpAddRequestHeadersW
HttpOpenRequestW
HttpOpenRequestW
WININET.dll
WININET.dll
GetCPInfo
GetCPInfo
CreatePipe
CreatePipe
GetProcessHeap
GetProcessHeap
zcÃ
zcÃ
.?AVlast_error_t@stl@http@@
.?AVlast_error_t@stl@http@@
c:\%original file name%.exe
c:\%original file name%.exe
io.stdout:setvbuf('no')
io.stdout:setvbuf('no')
package.path = ''
package.path = ''
local s, r = xpcall(function() return require('%M').main(__args) end, debug.traceback)
local s, r = xpcall(function() return require('%M').main(__args) end, debug.traceback)
package.path=''
package.path=''
local s,r,e = xpcall(function() return require('%M').%F(%A) end, debug.traceback)
local s,r,e = xpcall(function() return require('%M').%F(%A) end, debug.traceback)
if r ~= nil then r = ml.tstring(r) end
if r ~= nil then r = ml.tstring(r) end
foundation.encoding
foundation.encoding
foundation._http
foundation._http
foundation.logic
foundation.logic
foundation.misc
foundation.misc
foundation.zip
foundation.zip
join
join
key_exists
key_exists
create_key
create_key
enumerate_subkeys
enumerate_subkeys
enumerate_subkeys_next
enumerate_subkeys_next
enumerate_subkeys_close
enumerate_subkeys_close
shell_execute_ex
shell_execute_ex
load_exe_resource
load_exe_resource
y.XDMo
y.XDMo
.Pg213
.Pg213
.FS5A
.FS5A
"
"
%0So?r
%0So?r
}.Zmy
}.Zmy
.tY]Z
.tY]Z
yw%sN
yw%sN
.iK=
.iK=
F%xudn3
F%xudn3
nTcP^)
nTcP^)
S"CMD
S"CMD
mscoree.dll
mscoree.dll
- Attempt to initialize the CRT more than once.
- Attempt to initialize the CRT more than once.
- CRT not initialized
- CRT not initialized
- floating point support not loaded
- floating point support not loaded
nKERNEL32.DLL
nKERNEL32.DLL
WUSER32.DLL
WUSER32.DLL
IDispatch error #%d
IDispatch error #%d
" --crash_report="
" --crash_report="
crash_report
crash_report
errorUrl
errorUrl
HKEY_LOCAL_MACHINE
HKEY_LOCAL_MACHINE
HKEY_CURRENT_USER
HKEY_CURRENT_USER
HKEY_USERS
HKEY_USERS
HKEY_CURRENT_CONFIG
HKEY_CURRENT_CONFIG
HKEY_CLASSES_ROOT
HKEY_CLASSES_ROOT
3.0.0.73
3.0.0.73
malwarebytes.exe
malwarebytes.exe
Setup.exe_392:
.text
.text
`.rdata
`.rdata
@.data
@.data
.rsrc
.rsrc
@.reloc
@.reloc
PSSSSSSh
PSSSSSSh
>.YYu
>.YYu
VWj%S
VWj%S
?%u/F
?%u/F
xSSSh
xSSSh
FTPjKS
FTPjKS
FtPj;S
FtPj;S
C.PjRV
C.PjRV
&&&&6666????
&&&&6666????
""""****
""""****
2222::::
2222::::
$$$$\\\\
$$$$\\\\
00006666
00006666
####====
####====
function
function
function '%s'
function '%s'
(...tail calls...)
(...tail calls...)
%s:%d:
%s:%d:
%s: %s
%s: %s
stack overflow (%s)
stack overflow (%s)
cannot %s %s: %s
cannot %s %s: %s
%s: %p
%s: %p
name conflict for module '%s'
name conflict for module '%s'
PANIC: unprotected error in call to Lua API (%s)
PANIC: unprotected error in call to Lua API (%s)
version mismatch: app. needs %f, Lua core provides %f
version mismatch: app. needs %f, Lua core provides %f
bad argument #%d to '%s' (%s)
bad argument #%d to '%s' (%s)
calling '%s' on bad self (%s)
calling '%s' on bad self (%s)
bad argument #%d (%s)
bad argument #%d (%s)
%s expected, got %s
%s expected, got %s
@invalid option '%s'
@invalid option '%s'
$LuaVersion: Lua 5.2.3 Copyright (C) 1994-2013 Lua.org, PUC-Rio $$LuaAuthors: R. Ierusalimschy, L. H. de Figueiredo, W. Celes $
$LuaVersion: Lua 5.2.3 Copyright (C) 1994-2013 Lua.org, PUC-Rio $$LuaAuthors: R. Ierusalimschy, L. H. de Figueiredo, W. Celes $
%s:%d: %s
%s:%d: %s
attempt to %s %s '%s' (a %s value)
attempt to %s %s '%s' (a %s value)
attempt to %s a %s value
attempt to %s a %s value
attempt to compare %s with %s
attempt to compare %s with %s
attempt to compare two %s values
attempt to compare two %s values
invalid option '%%%c' to 'lua_pushfstring'
invalid option '%%%c' to 'lua_pushfstring'
attempt to load a %s chunk (mode is '%s')
attempt to load a %s chunk (mode is '%s')
error in __gc metamethod (%s)
error in __gc metamethod (%s)
Ainvalid key to 'next'
Ainvalid key to 'next'
upvaluejoin
upvaluejoin
_HKEY
_HKEY
invalid capture index %%%d
invalid capture index %%%d
missing '[' after '%%f' in pattern
missing '[' after '%%f' in pattern
^$* ?.([%-
^$* ?.([%-
invalid use of '%c' in replacement string
invalid use of '%c' in replacement string
invalid replacement value (a %s)
invalid replacement value (a %s)
\d
\d
invalid option '%%%c' to 'format'
invalid option '%%%c' to 'format'
@field '%s' missing in date table
@field '%s' missing in date table
invalid conversion specifier '%%%s'
invalid conversion specifier '%%%s'
cannot open file '%s' (%s)
cannot open file '%s' (%s)
standard %s file is closed
standard %s file is closed
invalid value (%s) at index %d in table for 'concat'
invalid value (%s) at index %d in table for 'concat'
system error %d
system error %d
no file '%s'
no file '%s'
'package.%s' must be a string
'package.%s' must be a string
error loading module '%s' from file '%s':
error loading module '%s' from file '%s':
luaopen_%s
luaopen_%s
no module '%s' in file '%s'
no module '%s' in file '%s'
no field package.preload['%s']
no field package.preload['%s']
module '%s' not found:%s
module '%s' not found:%s
'package.searchers' must be a table
'package.searchers' must be a table
!\?.dll;!\loadall.dll;.\?.dll
!\?.dll;!\loadall.dll;.\?.dll
!\lua\?.lua;!\lua\?\init.lua;!\?.lua;!\?\init.lua;.\?.lua
!\lua\?.lua;!\lua\?\init.lua;!\?.lua;!\?\init.lua;.\?.lua
too many %s (limit is %d)
too many %s (limit is %d)
char(%d)
char(%d)
%s near %s
%s near %s
%s expected
%s expected
too many %s (limit is %d) in %s
too many %s (limit is %d) in %s
function at line %d
function at line %d
%s expected (to close %s at line %d)
%s expected (to close %s at line %d)
at line %d jumps into the scope of local '%s'
at line %d jumps into the scope of local '%s'
no visible label '%s' for at line %d
no visible label '%s' for at line %d
at line %d not inside a loop
at line %d not inside a loop
label '%s' already defined on line %d
label '%s' already defined on line %d
%s: %s precompiled chunk
%s: %s precompiled chunk
Visual C CRT: Not enough memory to complete call to strerror.
Visual C CRT: Not enough memory to complete call to strerror.
cmd.exe
cmd.exe
Broken pipe
Broken pipe
Inappropriate I/O control operation
Inappropriate I/O control operation
Operation not permitted
Operation not permitted
?#%X.y
?#%X.y
%S#[k
%S#[k
portuguese-brazilian
portuguese-brazilian
GetProcessWindowStation
GetProcessWindowStation
operator
operator
?456789:;
?456789:;
!"#$%&'()* ,-./0123
!"#$%&'()* ,-./0123
bit library self-test failed (%s)
bit library self-test failed (%s)
crash report crypt failed
crash report crypt failed
) on url:
) on url:
CoInternetParseUrl failed (
CoInternetParseUrl failed (
unsupported
unsupported
Unsupported data type
Unsupported data type
POWRPROF.dll
POWRPROF.dll
CoInternetParseUrl
CoInternetParseUrl
URLDownloadToFileW
URLDownloadToFileW
urlmon.dll
urlmon.dll
IPHLPAPI.DLL
IPHLPAPI.DLL
dbghelp.dll
dbghelp.dll
VERSION.dll
VERSION.dll
SHFileOperationW
SHFileOperationW
ShellExecuteExW
ShellExecuteExW
SHELL32.dll
SHELL32.dll
SHDeleteKeyW
SHDeleteKeyW
SHLWAPI.dll
SHLWAPI.dll
KERNEL32.dll
KERNEL32.dll
GetKeyState
GetKeyState
USER32.dll
USER32.dll
GDI32.dll
GDI32.dll
RegOpenKeyExA
RegOpenKeyExA
RegCloseKey
RegCloseKey
RegCreateKeyExW
RegCreateKeyExW
RegQueryInfoKeyW
RegQueryInfoKeyW
RegOpenKeyExW
RegOpenKeyExW
RegEnumKeyExW
RegEnumKeyExW
ADVAPI32.dll
ADVAPI32.dll
ole32.dll
ole32.dll
OLEAUT32.dll
OLEAUT32.dll
HttpQueryInfoA
HttpQueryInfoA
InternetCrackUrlW
InternetCrackUrlW
HttpSendRequestW
HttpSendRequestW
HttpAddRequestHeadersW
HttpAddRequestHeadersW
HttpOpenRequestW
HttpOpenRequestW
WININET.dll
WININET.dll
GetCPInfo
GetCPInfo
CreatePipe
CreatePipe
GetProcessHeap
GetProcessHeap
zcÃ
zcÃ
.?AVlast_error_t@stl@http@@
.?AVlast_error_t@stl@http@@
C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\a2Xdc7Q7nH\Wc6wlCSd\Setup.exe
C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\a2Xdc7Q7nH\Wc6wlCSd\Setup.exe
io.stdout:setvbuf('no')
io.stdout:setvbuf('no')
package.path = ''
package.path = ''
local s, r = xpcall(function() return require('%M').main(__args) end, debug.traceback)
local s, r = xpcall(function() return require('%M').main(__args) end, debug.traceback)
package.path=''
package.path=''
local s,r,e = xpcall(function() return require('%M').%F(%A) end, debug.traceback)
local s,r,e = xpcall(function() return require('%M').%F(%A) end, debug.traceback)
if r ~= nil then r = ml.tstring(r) end
if r ~= nil then r = ml.tstring(r) end
foundation.encoding
foundation.encoding
foundation._http
foundation._http
foundation.logic
foundation.logic
foundation.misc
foundation.misc
foundation.zip
foundation.zip
join
join
key_exists
key_exists
create_key
create_key
enumerate_subkeys
enumerate_subkeys
enumerate_subkeys_next
enumerate_subkeys_next
enumerate_subkeys_close
enumerate_subkeys_close
shell_execute_ex
shell_execute_ex
load_exe_resource
load_exe_resource
y.XDMo
y.XDMo
.Pg213
.Pg213
.FS5A
.FS5A
"
"
%0So?r
%0So?r
}.Zmy
}.Zmy
.tY]Z
.tY]Z
yw%sN
yw%sN
.iK=
.iK=
F%xudn3
F%xudn3
nTcP^)
nTcP^)
S"CMD
S"CMD
mscoree.dll
mscoree.dll
- Attempt to initialize the CRT more than once.
- Attempt to initialize the CRT more than once.
- CRT not initialized
- CRT not initialized
- floating point support not loaded
- floating point support not loaded
nKERNEL32.DLL
nKERNEL32.DLL
WUSER32.DLL
WUSER32.DLL
IDispatch error #%d
IDispatch error #%d
" --crash_report="
" --crash_report="
crash_report
crash_report
errorUrl
errorUrl
HKEY_LOCAL_MACHINE
HKEY_LOCAL_MACHINE
HKEY_CURRENT_USER
HKEY_CURRENT_USER
HKEY_USERS
HKEY_USERS
HKEY_CURRENT_CONFIG
HKEY_CURRENT_CONFIG
HKEY_CLASSES_ROOT
HKEY_CLASSES_ROOT
3.0.0.73
3.0.0.73
malwarebytes.exe
malwarebytes.exe
%original file name%.exe_1644:
.text
.text
`.rdata
`.rdata
@.data
@.data
.rsrc
.rsrc
@.reloc
@.reloc
PSSSSSSh
PSSSSSSh
>.YYu
>.YYu
VWj%S
VWj%S
?%u/F
?%u/F
xSSSh
xSSSh
FTPjKS
FTPjKS
FtPj;S
FtPj;S
C.PjRV
C.PjRV
&&&&6666????
&&&&6666????
""""****
""""****
2222::::
2222::::
$$$$\\\\
$$$$\\\\
00006666
00006666
####====
####====
function
function
function '%s'
function '%s'
(...tail calls...)
(...tail calls...)
%s:%d:
%s:%d:
%s: %s
%s: %s
stack overflow (%s)
stack overflow (%s)
cannot %s %s: %s
cannot %s %s: %s
%s: %p
%s: %p
name conflict for module '%s'
name conflict for module '%s'
PANIC: unprotected error in call to Lua API (%s)
PANIC: unprotected error in call to Lua API (%s)
version mismatch: app. needs %f, Lua core provides %f
version mismatch: app. needs %f, Lua core provides %f
bad argument #%d to '%s' (%s)
bad argument #%d to '%s' (%s)
calling '%s' on bad self (%s)
calling '%s' on bad self (%s)
bad argument #%d (%s)
bad argument #%d (%s)
%s expected, got %s
%s expected, got %s
@invalid option '%s'
@invalid option '%s'
$LuaVersion: Lua 5.2.3 Copyright (C) 1994-2013 Lua.org, PUC-Rio $$LuaAuthors: R. Ierusalimschy, L. H. de Figueiredo, W. Celes $
$LuaVersion: Lua 5.2.3 Copyright (C) 1994-2013 Lua.org, PUC-Rio $$LuaAuthors: R. Ierusalimschy, L. H. de Figueiredo, W. Celes $
%s:%d: %s
%s:%d: %s
attempt to %s %s '%s' (a %s value)
attempt to %s %s '%s' (a %s value)
attempt to %s a %s value
attempt to %s a %s value
attempt to compare %s with %s
attempt to compare %s with %s
attempt to compare two %s values
attempt to compare two %s values
invalid option '%%%c' to 'lua_pushfstring'
invalid option '%%%c' to 'lua_pushfstring'
attempt to load a %s chunk (mode is '%s')
attempt to load a %s chunk (mode is '%s')
error in __gc metamethod (%s)
error in __gc metamethod (%s)
Ainvalid key to 'next'
Ainvalid key to 'next'
upvaluejoin
upvaluejoin
_HKEY
_HKEY
invalid capture index %%%d
invalid capture index %%%d
missing '[' after '%%f' in pattern
missing '[' after '%%f' in pattern
^$* ?.([%-
^$* ?.([%-
invalid use of '%c' in replacement string
invalid use of '%c' in replacement string
invalid replacement value (a %s)
invalid replacement value (a %s)
\d
\d
invalid option '%%%c' to 'format'
invalid option '%%%c' to 'format'
@field '%s' missing in date table
@field '%s' missing in date table
invalid conversion specifier '%%%s'
invalid conversion specifier '%%%s'
cannot open file '%s' (%s)
cannot open file '%s' (%s)
standard %s file is closed
standard %s file is closed
invalid value (%s) at index %d in table for 'concat'
invalid value (%s) at index %d in table for 'concat'
system error %d
system error %d
no file '%s'
no file '%s'
'package.%s' must be a string
'package.%s' must be a string
error loading module '%s' from file '%s':
error loading module '%s' from file '%s':
luaopen_%s
luaopen_%s
no module '%s' in file '%s'
no module '%s' in file '%s'
no field package.preload['%s']
no field package.preload['%s']
module '%s' not found:%s
module '%s' not found:%s
'package.searchers' must be a table
'package.searchers' must be a table
!\?.dll;!\loadall.dll;.\?.dll
!\?.dll;!\loadall.dll;.\?.dll
!\lua\?.lua;!\lua\?\init.lua;!\?.lua;!\?\init.lua;.\?.lua
!\lua\?.lua;!\lua\?\init.lua;!\?.lua;!\?\init.lua;.\?.lua
too many %s (limit is %d)
too many %s (limit is %d)
char(%d)
char(%d)
%s near %s
%s near %s
%s expected
%s expected
too many %s (limit is %d) in %s
too many %s (limit is %d) in %s
function at line %d
function at line %d
%s expected (to close %s at line %d)
%s expected (to close %s at line %d)
at line %d jumps into the scope of local '%s'
at line %d jumps into the scope of local '%s'
no visible label '%s' for at line %d
no visible label '%s' for at line %d
at line %d not inside a loop
at line %d not inside a loop
label '%s' already defined on line %d
label '%s' already defined on line %d
%s: %s precompiled chunk
%s: %s precompiled chunk
Visual C CRT: Not enough memory to complete call to strerror.
Visual C CRT: Not enough memory to complete call to strerror.
cmd.exe
cmd.exe
Broken pipe
Broken pipe
Inappropriate I/O control operation
Inappropriate I/O control operation
Operation not permitted
Operation not permitted
?#%X.y
?#%X.y
%S#[k
%S#[k
portuguese-brazilian
portuguese-brazilian
GetProcessWindowStation
GetProcessWindowStation
operator
operator
?456789:;
?456789:;
!"#$%&'()* ,-./0123
!"#$%&'()* ,-./0123
bit library self-test failed (%s)
bit library self-test failed (%s)
crash report crypt failed
crash report crypt failed
) on url:
) on url:
CoInternetParseUrl failed (
CoInternetParseUrl failed (
unsupported
unsupported
Unsupported data type
Unsupported data type
POWRPROF.dll
POWRPROF.dll
CoInternetParseUrl
CoInternetParseUrl
URLDownloadToFileW
URLDownloadToFileW
urlmon.dll
urlmon.dll
IPHLPAPI.DLL
IPHLPAPI.DLL
dbghelp.dll
dbghelp.dll
VERSION.dll
VERSION.dll
SHFileOperationW
SHFileOperationW
ShellExecuteExW
ShellExecuteExW
SHELL32.dll
SHELL32.dll
SHDeleteKeyW
SHDeleteKeyW
SHLWAPI.dll
SHLWAPI.dll
KERNEL32.dll
KERNEL32.dll
GetKeyState
GetKeyState
USER32.dll
USER32.dll
GDI32.dll
GDI32.dll
RegOpenKeyExA
RegOpenKeyExA
RegCloseKey
RegCloseKey
RegCreateKeyExW
RegCreateKeyExW
RegQueryInfoKeyW
RegQueryInfoKeyW
RegOpenKeyExW
RegOpenKeyExW
RegEnumKeyExW
RegEnumKeyExW
ADVAPI32.dll
ADVAPI32.dll
ole32.dll
ole32.dll
OLEAUT32.dll
OLEAUT32.dll
HttpQueryInfoA
HttpQueryInfoA
InternetCrackUrlW
InternetCrackUrlW
HttpSendRequestW
HttpSendRequestW
HttpAddRequestHeadersW
HttpAddRequestHeadersW
HttpOpenRequestW
HttpOpenRequestW
WININET.dll
WININET.dll
GetCPInfo
GetCPInfo
CreatePipe
CreatePipe
GetProcessHeap
GetProcessHeap
zcÃ
zcÃ
.?AVlast_error_t@stl@http@@
.?AVlast_error_t@stl@http@@
c:\%original file name%.exe
c:\%original file name%.exe
io.stdout:setvbuf('no')
io.stdout:setvbuf('no')
package.path = ''
package.path = ''
local s, r = xpcall(function() return require('%M').main(__args) end, debug.traceback)
local s, r = xpcall(function() return require('%M').main(__args) end, debug.traceback)
package.path=''
package.path=''
local s,r,e = xpcall(function() return require('%M').%F(%A) end, debug.traceback)
local s,r,e = xpcall(function() return require('%M').%F(%A) end, debug.traceback)
if r ~= nil then r = ml.tstring(r) end
if r ~= nil then r = ml.tstring(r) end
foundation.encoding
foundation.encoding
foundation._http
foundation._http
foundation.logic
foundation.logic
foundation.misc
foundation.misc
foundation.zip
foundation.zip
join
join
key_exists
key_exists
create_key
create_key
enumerate_subkeys
enumerate_subkeys
enumerate_subkeys_next
enumerate_subkeys_next
enumerate_subkeys_close
enumerate_subkeys_close
shell_execute_ex
shell_execute_ex
load_exe_resource
load_exe_resource
y.XDMo
y.XDMo
.Pg213
.Pg213
.FS5A
.FS5A
"
"
%0So?r
%0So?r
}.Zmy
}.Zmy
.tY]Z
.tY]Z
yw%sN
yw%sN
.iK=
.iK=
F%xudn3
F%xudn3
nTcP^)
nTcP^)
S"CMD
S"CMD
mscoree.dll
mscoree.dll
- Attempt to initialize the CRT more than once.
- Attempt to initialize the CRT more than once.
- CRT not initialized
- CRT not initialized
- floating point support not loaded
- floating point support not loaded
nKERNEL32.DLL
nKERNEL32.DLL
WUSER32.DLL
WUSER32.DLL
IDispatch error #%d
IDispatch error #%d
" --crash_report="
" --crash_report="
crash_report
crash_report
errorUrl
errorUrl
HKEY_LOCAL_MACHINE
HKEY_LOCAL_MACHINE
HKEY_CURRENT_USER
HKEY_CURRENT_USER
HKEY_USERS
HKEY_USERS
HKEY_CURRENT_CONFIG
HKEY_CURRENT_CONFIG
HKEY_CLASSES_ROOT
HKEY_CLASSES_ROOT
3.0.0.73
3.0.0.73
malwarebytes.exe
malwarebytes.exe
Setup.exe_640:
.text
.text
`.rdata
`.rdata
@.data
@.data
.rsrc
.rsrc
@.reloc
@.reloc
PSSSSSSh
PSSSSSSh
>.YYu
>.YYu
VWj%S
VWj%S
?%u/F
?%u/F
xSSSh
xSSSh
FTPjKS
FTPjKS
FtPj;S
FtPj;S
C.PjRV
C.PjRV
&&&&6666????
&&&&6666????
""""****
""""****
2222::::
2222::::
$$$$\\\\
$$$$\\\\
00006666
00006666
####====
####====
function
function
function '%s'
function '%s'
(...tail calls...)
(...tail calls...)
%s:%d:
%s:%d:
%s: %s
%s: %s
stack overflow (%s)
stack overflow (%s)
cannot %s %s: %s
cannot %s %s: %s
%s: %p
%s: %p
name conflict for module '%s'
name conflict for module '%s'
PANIC: unprotected error in call to Lua API (%s)
PANIC: unprotected error in call to Lua API (%s)
version mismatch: app. needs %f, Lua core provides %f
version mismatch: app. needs %f, Lua core provides %f
bad argument #%d to '%s' (%s)
bad argument #%d to '%s' (%s)
calling '%s' on bad self (%s)
calling '%s' on bad self (%s)
bad argument #%d (%s)
bad argument #%d (%s)
%s expected, got %s
%s expected, got %s
@invalid option '%s'
@invalid option '%s'
$LuaVersion: Lua 5.2.3 Copyright (C) 1994-2013 Lua.org, PUC-Rio $$LuaAuthors: R. Ierusalimschy, L. H. de Figueiredo, W. Celes $
$LuaVersion: Lua 5.2.3 Copyright (C) 1994-2013 Lua.org, PUC-Rio $$LuaAuthors: R. Ierusalimschy, L. H. de Figueiredo, W. Celes $
%s:%d: %s
%s:%d: %s
attempt to %s %s '%s' (a %s value)
attempt to %s %s '%s' (a %s value)
attempt to %s a %s value
attempt to %s a %s value
attempt to compare %s with %s
attempt to compare %s with %s
attempt to compare two %s values
attempt to compare two %s values
invalid option '%%%c' to 'lua_pushfstring'
invalid option '%%%c' to 'lua_pushfstring'
attempt to load a %s chunk (mode is '%s')
attempt to load a %s chunk (mode is '%s')
error in __gc metamethod (%s)
error in __gc metamethod (%s)
Ainvalid key to 'next'
Ainvalid key to 'next'
upvaluejoin
upvaluejoin
_HKEY
_HKEY
invalid capture index %%%d
invalid capture index %%%d
missing '[' after '%%f' in pattern
missing '[' after '%%f' in pattern
^$* ?.([%-
^$* ?.([%-
invalid use of '%c' in replacement string
invalid use of '%c' in replacement string
invalid replacement value (a %s)
invalid replacement value (a %s)
\d
\d
invalid option '%%%c' to 'format'
invalid option '%%%c' to 'format'
@field '%s' missing in date table
@field '%s' missing in date table
invalid conversion specifier '%%%s'
invalid conversion specifier '%%%s'
cannot open file '%s' (%s)
cannot open file '%s' (%s)
standard %s file is closed
standard %s file is closed
invalid value (%s) at index %d in table for 'concat'
invalid value (%s) at index %d in table for 'concat'
system error %d
system error %d
no file '%s'
no file '%s'
'package.%s' must be a string
'package.%s' must be a string
error loading module '%s' from file '%s':
error loading module '%s' from file '%s':
luaopen_%s
luaopen_%s
no module '%s' in file '%s'
no module '%s' in file '%s'
no field package.preload['%s']
no field package.preload['%s']
module '%s' not found:%s
module '%s' not found:%s
'package.searchers' must be a table
'package.searchers' must be a table
!\?.dll;!\loadall.dll;.\?.dll
!\?.dll;!\loadall.dll;.\?.dll
!\lua\?.lua;!\lua\?\init.lua;!\?.lua;!\?\init.lua;.\?.lua
!\lua\?.lua;!\lua\?\init.lua;!\?.lua;!\?\init.lua;.\?.lua
too many %s (limit is %d)
too many %s (limit is %d)
char(%d)
char(%d)
%s near %s
%s near %s
%s expected
%s expected
too many %s (limit is %d) in %s
too many %s (limit is %d) in %s
function at line %d
function at line %d
%s expected (to close %s at line %d)
%s expected (to close %s at line %d)
at line %d jumps into the scope of local '%s'
at line %d jumps into the scope of local '%s'
no visible label '%s' for at line %d
no visible label '%s' for at line %d
at line %d not inside a loop
at line %d not inside a loop
label '%s' already defined on line %d
label '%s' already defined on line %d
%s: %s precompiled chunk
%s: %s precompiled chunk
Visual C CRT: Not enough memory to complete call to strerror.
Visual C CRT: Not enough memory to complete call to strerror.
cmd.exe
cmd.exe
Broken pipe
Broken pipe
Inappropriate I/O control operation
Inappropriate I/O control operation
Operation not permitted
Operation not permitted
?#%X.y
?#%X.y
%S#[k
%S#[k
portuguese-brazilian
portuguese-brazilian
GetProcessWindowStation
GetProcessWindowStation
operator
operator
?456789:;
?456789:;
!"#$%&'()* ,-./0123
!"#$%&'()* ,-./0123
bit library self-test failed (%s)
bit library self-test failed (%s)
crash report crypt failed
crash report crypt failed
) on url:
) on url:
CoInternetParseUrl failed (
CoInternetParseUrl failed (
unsupported
unsupported
Unsupported data type
Unsupported data type
POWRPROF.dll
POWRPROF.dll
CoInternetParseUrl
CoInternetParseUrl
URLDownloadToFileW
URLDownloadToFileW
urlmon.dll
urlmon.dll
IPHLPAPI.DLL
IPHLPAPI.DLL
dbghelp.dll
dbghelp.dll
VERSION.dll
VERSION.dll
SHFileOperationW
SHFileOperationW
ShellExecuteExW
ShellExecuteExW
SHELL32.dll
SHELL32.dll
SHDeleteKeyW
SHDeleteKeyW
SHLWAPI.dll
SHLWAPI.dll
KERNEL32.dll
KERNEL32.dll
GetKeyState
GetKeyState
USER32.dll
USER32.dll
GDI32.dll
GDI32.dll
RegOpenKeyExA
RegOpenKeyExA
RegCloseKey
RegCloseKey
RegCreateKeyExW
RegCreateKeyExW
RegQueryInfoKeyW
RegQueryInfoKeyW
RegOpenKeyExW
RegOpenKeyExW
RegEnumKeyExW
RegEnumKeyExW
ADVAPI32.dll
ADVAPI32.dll
ole32.dll
ole32.dll
OLEAUT32.dll
OLEAUT32.dll
HttpQueryInfoA
HttpQueryInfoA
InternetCrackUrlW
InternetCrackUrlW
HttpSendRequestW
HttpSendRequestW
HttpAddRequestHeadersW
HttpAddRequestHeadersW
HttpOpenRequestW
HttpOpenRequestW
WININET.dll
WININET.dll
GetCPInfo
GetCPInfo
CreatePipe
CreatePipe
GetProcessHeap
GetProcessHeap
zcÃ
zcÃ
.?AVlast_error_t@stl@http@@
.?AVlast_error_t@stl@http@@
C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\a2QU3nBENE\abPp62aH\Setup.exe
C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\a2QU3nBENE\abPp62aH\Setup.exe
io.stdout:setvbuf('no')
io.stdout:setvbuf('no')
package.path = ''
package.path = ''
local s, r = xpcall(function() return require('%M').main(__args) end, debug.traceback)
local s, r = xpcall(function() return require('%M').main(__args) end, debug.traceback)
package.path=''
package.path=''
local s,r,e = xpcall(function() return require('%M').%F(%A) end, debug.traceback)
local s,r,e = xpcall(function() return require('%M').%F(%A) end, debug.traceback)
if r ~= nil then r = ml.tstring(r) end
if r ~= nil then r = ml.tstring(r) end
foundation.encoding
foundation.encoding
foundation._http
foundation._http
foundation.logic
foundation.logic
foundation.misc
foundation.misc
foundation.zip
foundation.zip
join
join
key_exists
key_exists
create_key
create_key
enumerate_subkeys
enumerate_subkeys
enumerate_subkeys_next
enumerate_subkeys_next
enumerate_subkeys_close
enumerate_subkeys_close
shell_execute_ex
shell_execute_ex
load_exe_resource
load_exe_resource
y.XDMo
y.XDMo
.Pg213
.Pg213
.FS5A
.FS5A
"
"
%0So?r
%0So?r
}.Zmy
}.Zmy
.tY]Z
.tY]Z
yw%sN
yw%sN
.iK=
.iK=
F%xudn3
F%xudn3
nTcP^)
nTcP^)
S"CMD
S"CMD
mscoree.dll
mscoree.dll
- Attempt to initialize the CRT more than once.
- Attempt to initialize the CRT more than once.
- CRT not initialized
- CRT not initialized
- floating point support not loaded
- floating point support not loaded
nKERNEL32.DLL
nKERNEL32.DLL
WUSER32.DLL
WUSER32.DLL
IDispatch error #%d
IDispatch error #%d
" --crash_report="
" --crash_report="
crash_report
crash_report
errorUrl
errorUrl
HKEY_LOCAL_MACHINE
HKEY_LOCAL_MACHINE
HKEY_CURRENT_USER
HKEY_CURRENT_USER
HKEY_USERS
HKEY_USERS
HKEY_CURRENT_CONFIG
HKEY_CURRENT_CONFIG
HKEY_CLASSES_ROOT
HKEY_CLASSES_ROOT
3.0.0.73
3.0.0.73
malwarebytes.exe
malwarebytes.exe