Sample details: 62999f624ca152b24c4a426884b7ddd7 --

Hashes
MD5: 62999f624ca152b24c4a426884b7ddd7
SHA1: 50dde90d88a8e2b500f93b64a35bd490d09ab3ff
SHA256: a8dbccf07aee77f19fed98b671b0e57a7a711e427d4063e89c2d481184e50683
SSDEEP: 6144:OX6HSq6r+g2edNFhWU6J2OcbguwuH6oGFfcWJltVSyOdMAsnKTVrt4:U+g2erWJhcsuwuaZEMTVSNGAsKTVrt4
Details
File Type: PE32
Yara Hits
YRP/VC8_Microsoft_Corporation | YRP/Microsoft_Visual_Cpp_8 | YRP/IsPE32 | YRP/IsWindowsGUI | YRP/HasOverlay | YRP/HasDigitalSignature | YRP/HasDebugData | YRP/HasRichSignature | YRP/domain | YRP/IP | YRP/url | YRP/contentis_base64 | YRP/Dropper_Strings | YRP/DebuggerException__SetConsoleCtrl | YRP/anti_dbg | YRP/create_service | YRP/network_tcp_listen | YRP/network_tcp_socket | YRP/escalate_priv | YRP/screenshot | YRP/win_mutex | YRP/win_registry | YRP/win_token | YRP/win_files_operation | YRP/Str_Win32_Winsock2_Library |
Source
http://mdksimon.su/panel/exec/120131015025101862.exe
Strings
          	            !This program cannot be run in DOS mode.
+1Rich]
.rdata
D$T0GC
L$D_^3
SUVWh$
L$\QSShdHC
QSSh\HC
QSShPHC
QSShDHC
QSSh8HC
QSSh(HC
T$$PQRU
T$$PQRU
T$(PQR
L$4h(IC
L$$QWS
D$$PWS
L$,h0JC
D$,PWS
T$ RWS
L$,h0JC
T$,h0JC
L$ _^][3
;D$$tb
RShlLC
PShDLC
L$(QVU
D$(PVU
L$(QVU
D$(PVU
T$(RSSh$
DSSSSh
QSSSSh0
QSSSSh
QSSSSh
PSSSSh<
D$ (SC
l$(VW3
txh@SC
</tW<-tS
PPh(\C
T$(+T$ RPj
u8hPNC
D$(;D$4|
D$,;D$8|
VUVPQj
							
																										
																																	
D$,VW3
D$0`ZC
L$Hj\Q
L$(QSU
L$(QRP
QSUVW3
T$,hPNC
T$,hPNC
						
							
							
L$ QRf
T$0h aC
L$hjXQ
T$hjZR
L$PQRhJ
Q;5lQD
L$ QWV
D$hUPVW
L$X_^][3
L$@9L$
D$ Ph`
L$(Qhd
+T$ RQPWh
T$ RWh
j j h6
t$Ptj-
T$hj\R
D$hj\P
L$hj\Q
D$ j/P
L$ j/Q
D$tPSh-
QSUVWj
t$(_][V
^SSSSS
_VVVVV
W95XyD
HHtXHHt
>If90t
@PVhi4B
WVhi4B
URPQQhTnA
0A@@Ju
0SSSSS
t"SS9]
0WWWWW
<at9<rt,<wt
_VVVVV
^WWWWW
j@j ^V
^F<-uB
<xtX<XtT
jF<-uH
<xtV<XtR
t$<"u	3
>=Yt1j
< tK<	tG
^SSSSS
j"^SSSSS
v	N+D$
tM<it-<ot)<ut%<xt!<Xt
<dty<itu<otq<utm<xti<Xte
HIf98t
HHtYHHt
;t$,v-
UQPXY]Y[
C PjPV
C$PjQV
C*PjTV
C+PjUV
C,PjVV
C-PjWV
C.PjRV
C/PjSV
.;1s(N
HHt4HHt
Ht\Ht,
teHtFHt&Hu
ty<%tA
0SSSSS
PPPPPPPP
0SSSSS
PPPPPPPP
t+WWVPV
_VVVVV
_VVVVV
tGHt.Ht&
^SSSSS
8VVVVV
uL9=8~D
0SSSSS
v	N+D$
_VVVVV
^SSSSS
^SSSSS
>:u8FV
VVVVVQRSSj
^SSSSS
^SSSSS
0SSSSS
u,VVWV
t VV9u
0WWWWW
<+t(<-t$:
+t HHt
^SSSSS
^WWWWW
0SSSSS
8VVVVV
%s\Security
%s\Enum
LogVerbose
ImagePath
System32\Drivers\%s
Dbgv.sys
DeleteFlag
System\CurrentControlSet\Services\Dbgv
DebugView has been configured to buffer kernel debug output at the next boot.
Could not configure DebugView boot log Registry key.
Could not install DebugView driver.
RCDBGSYS
RCDBGSYS64
%s\System32\Drivers\%s
DebugView
Could not resolve SYSTEMROOT environment variable
SYSTEMROOT
Log &Boot
kernel32.dll
_DebugOut
http://www.sysinternals.com
IsWow64Process
 - Not Connected
%sDebugView on \\%s%s
Low Memory Disable - 
 (local)
DebugView - Not Connected
%s: %s
APPICONDISABLED
APPICON
HiCurFilters
HiFilters
ExFilters
InFilters
Recent
Settings
Software\Sysinternals\DbgView
Software\Systems Internals\DbgView
Courier New
%sDBWIN_BUFFER_READY
%sDBWIN_DATA_READY
%sDBWIN_BUFFER
Advapi32.dll
SetSecurityInfo
%sDBWinMutex
Global\
D:(A;;GRGWGX;;;WD)(A;;GA;;;SY)(A;;GA;;;BA)(A;;GRGWGX;;;AN)(A;;GRGWGX;;;RC)(A;;GRGWGX;;;S-1-15-2-1)S:(ML;;NW;;;LW)
Capture &Global Win32
Enable &Verbose Kernel Output
\\%s\ADMIN$
DebugView Login to %s
\\%s\ADMIN$\System32\Dbgv.sys
\\%s\ADMIN$\System32\Dbgvsvc.exe
DBGVSVC
Disconnecting from %s...
%%SystemRoot%%\System32\Dbgvsvc.exe
\\%s\ADMIN$\System32\dbgview.ini
Connecting with %s...
Starting DebugView on %s...
RCDBGSVC
Setting up %s...
DebugView did not locate a client on the target machine.
Please start the DebugView client on the target machine before attempting to connect to it.
%s did not respond within the timeout period.
DebugView could not resolve the IP address of %s.
Searching for DebugView client on %s...
DebugView could not connect with %s %s
DebugView could not start on %s %s
DebugView could not install on %s %s
DebugView could not install itself on %s %s
The DebugView driver currently loaded on the remote system is of an incompatible version.
Please reboot the target machine and reconnect to synchronize the driver.
Querying %s...
DebugView is already connected to %s
The specified computer is the local system
The maximum number of supported clients are already active.
DebugView could not resolve %s
Couldn't access device driver
Cannot connect to local system because it is already
connected to another instance of DebugView.
Error loading DebugView driver%s
Make sure that you have the Load Drivers and Debug privileges in order to 
monitor kernel-mode debug prints.
This version of DebugView will not capture kernel debug output for this version of Windows.
Check the Sysinternals site for updates.
File Not Found
Could not extract DebugView driver to %s%s
Kernel debug output capture will be unavailable.
%s\Drivers\%s
%s (local)
Unable to monitor Global Win32 debug output: %s
Unable to monitor Win32 debug output: %s
Unable to hook kernel debug prints. This version of DebugView is not compatible
with this version of Windows.
Check the Sysinternals site for updates.
Could not load device driver.
\\.\DBGDD.VXD
Could not install DebugView VxD
RCDBGVXD
Dbgdd.vxd
Failed to install Win32 OutputDebugString hook.
DebugView has found a previously loaded DebugView driver with a version incompatable with the
user interface. Please reboot the system and restart DebugView to synchronize the interface and driver.
The local computer cannot be selected for remote monitoring.
Select Remote Computer
DllGetVersion
You can direct DebugView to run as an agent that sends output to a
viewer running on another computer with the following command-line syntax:
Agent usage: dbgview [/a [/t] [/s] [/g] [/e] [/k] [/v]]
   /a	Start in agent mode
   /t	Start minimized in the tray
   /g	Capture global Win32 output
   /s	Agent silent mode - no window is displayed
   /e	Agent notifies you when connection to server is broken
   /k	Capture kernel output
   /v	Enable verbose kernel output
The following command-line syntax starts DebugView in viewer mode:
Viewer usage: dbgview [/t] [/f] [/k[n]] [/o[m|n]] [/v[n]] [/l Logfile [/a] [[/m nnn [/w]] ] | [/n [/x]]] [/h nnn] [LogFile]
   /t	Start minimized in the tray
   /f	No filter prompt
   /o	Use clock time (/o), clock time with ms (/om), or elapsed time (/on)
   /l	Log output to the specified file
   /g	Enable global Win32 capture (/g) or disable global Win32 capture (/gn)
   /k	Enable kernel capture (/k) or disable kernel capture (/kn)
   /m	Limit log file to size (in MB)
   /p	Append output to log file if it exists
   /w	Wrap to the start when the log file reaches max
   /n	Create a new log file every day
   /x	Clear display on new log file
   /h	Set history depth to specified size
   /v	Enable verbose kernel capture with /v and disable with /vn (XP and higher)
   Specify a log file to load it.
Command-line options error (/? for usage):
/h specified twice
Command-line options error (/? for usage):
/w specified twice
Command-line options error (/? for usage):
/a specified twice
Command-line options error (/? for usage):
/m specified twice
Command-line options error (/? for usage):
/l specified twice
Command-line options error (/? for usage):
/t specified twice
Invalid argument: %s
Specify /? for usage.
accepteula
/accepteula
-accepteula
dbgviewClass
Connection attempt was terminated
DebugView made a successful connection with %s
CONNECTED
PRINTING
DISCONNECT
WARNING
ALooking up %s...
CONNECT
COMPUTER
LOGFILE
CRASHDUMP
INSERTCOMMENT
Nothing to print.
PRINTRANGE
Capture must be disabled before printing is allowed.
Filter
History
Unable to hook kernel debug prints.
%sdbgview.exe
dbgview.chm
\dbgview.hlp
AboutBox
%10.8f
%s.%03d%s
List not created!
IDB_DISCONN
IDB_UNSELOFF
IDB_UNSELON
IDB_SELOFF
IDB_SELON
Toolbar not created!
comctl32.dll
InitFilter
BALLOON
LISTMENU
commdlg_FindReplace
ACCELERATORS
Kernel32.DLL
ProcessIdToSessionId
Wow64EnableWow64FsRedirection
SeDebugPrivilege
DebugView requires Windows 2000 or higher
DbgView
The connection was terminated by the remote side.
Unable to access driver
Driver error
Unable to communicate with driver
Error communicating with driver
Connected.
No connection
Waiting for connection...
Socket listen failure
Unable to query the port1
Unable to bind socket
Unable to create socket
Unable to initialize Winsock
%s could not be loaded.
DebugView has found a previously loaded DebugView driver with a version incompatable with the
user interface. Please reboot the system and restart DebugView to synchronize the GUI and driver.
Error %d loading DebugView. Make sure that you have the Load Drivers and Debug privileges and
are running DebugView off of a local drive.
Could not extract DebugView driver to %s%s
The DebugView agent is currently connected. Are you sure you want to exit?
BINRES
\\.\Global\%s
\\.\%s
\Registry\Machine\System\CurrentControlSet\Services\%s
RtlFreeUnicodeString
NtLoadDriver
RtlAnsiStringToUnicodeString
ntdll.dll
RtlNtStatusToDosError
\??\%s
ErrorControl
System\CurrentControlSet\Services\%s
SeLoadDriverPrivilege
NtUnloadDriver
\pard\lang1033\b0\fs20\par
\b EFFET JURIDIQUE.\b0   Le pr\'e9sent contrat d\'e9crit certains droits juridiques. Vous pourriez avoir d'autres droits pr\'e9vus par les lois de votre pays.  Le pr\'e9sent contrat ne modifie pas les droits que vous conf\'e8rent les lois de votre pays si celles-ci ne le permettent pas.\b\par
\pard\sb120\sa120 Elle s'applique \'e9galement, m\'eame si Sysinternals connaissait ou devrait conna\'eetre l'\'e9ventualit\'e9 d'un tel dommage.  Si votre pays n'autorise pas l'exclusion ou la limitation de responsabilit\'e9 pour les dommages indirects, accessoires ou de quelque nature que ce soit, il se peut que la limitation ou l'exclusion ci-dessus ne s'appliquera pas \'e0 votre \'e9gard.\par
\pard\fi-363\li720\sb120\sa120\tx720\'b7\tab les r\'e9clamations au titre de violation de contrat ou de garantie, ou au titre de responsabilit\'e9 stricte, de n\'e9gligence ou d'une autre faute dans la limite autoris\'e9e par la loi en vigueur.\par
\pard\keepn\fi-360\li720\sb120\sa120\tx720\lang1036\'b7\tab tout  ce qui est reli\'e9 au logiciel, aux services ou au contenu (y compris le code) figurant sur des sites Internet tiers ou dans des programmes tiers ; et\par
\lang1033 Cette limitation concerne :\par
\pard\keepn\sb120\sa120\b LIMITATION DES DOMMAGES-INT\'c9R\'caTS ET EXCLUSION DE RESPONSABILIT\'c9 POUR LES DOMMAGES.\b0   Vous pouvez obtenir de Sysinternals et de ses fournisseurs une indemnisation en cas de dommages directs uniquement \'e0 hauteur de 5,00 $ US. Vous ne pouvez pr\'e9tendre \'e0 aucune indemnisation pour les autres dommages, y compris les dommages sp\'e9ciaux, indirects ou accessoires et pertes de b\'e9n\'e9fices.\par
\pard\sb120\sa120 EXON\'c9RATION DE GARANTIE.\b0  Le logiciel vis\'e9 par une licence est offert \'ab tel quel \'bb. Toute utilisation de ce logiciel est \'e0 votre seule risque et p\'e9ril. Sysinternals n'accorde aucune autre garantie expresse. Vous pouvez b\'e9n\'e9ficier de droits additionnels en vertu du droit local sur la protection dues consommateurs, que ce contrat ne peut modifier. La ou elles sont permises par le droit locale, les garanties implicites de qualit\'e9 marchande, d'ad\'e9quation \'e0 un usage particulier et d'absence de contrefa\'e7on sont exclues.\par
\pard\sb240\lang1036 Remarque : Ce logiciel \'e9tant distribu\'e9 au Qu\'e9bec, Canada, certaines des clauses dans ce contrat sont fournies ci-dessous en fran\'e7ais.\par
\pard\b Please note: As this software is distributed in Quebec, Canada, some of the clauses in this agreement are provided below in French.\par
\pard\li360\sb120\sa120 It also applies even if Sysinternals knew or should have known about the possibility of the damages.  The above limitation or exclusion may not apply to you because your country may not allow the exclusion or limitation of incidental, consequential or other damages.\par
\pard\fi-363\li720\sb120\sa120\'b7\tab claims for breach of contract, breach of warranty, guarantee or condition, strict liability, negligence, or other tort to the extent permitted by applicable law.\par
\pard\fi-363\li720\sb120\sa120\tx720\'b7\tab anything related to the software, services, content (including code) on third party Internet sites, or third party programs; and\par
\pard\li357\sb120\sa120\b0\caps0 This limitation applies to\par
\pard\fi-360\li360\sb120\sa120\tx360\fs20 10.\tab\fs19 Limitation on and Exclusion of Remedies and Damages.  You can recover from SYSINTERNALS and its suppliers only direct damages up to U.S. $5.00.  You cannot recover any other damages, including consequential, lost profits, special, indirect or incidental damages.\par
\fs20 9.\tab\fs19 Disclaimer of Warranty.\caps0    \caps The software is licensed \ldblquote as-is.\rdblquote   You bear the risk of using it.  SYSINTERNALS gives no express warranties, guarantees or conditions.  You may have additional consumer rights under your local laws which this agreement cannot change.  To the extent permitted under your local laws, SYSINTERNALS excludes the implied warranties of merchantability, fitness for a particular purpose and non-infringement.\par
\pard\fi-357\li357\sb120\sa120\tx360\caps\fs20 8.\tab\fs19 Legal Effect.\b0\caps0   This agreement describes certain legal rights.  You may have other rights under the laws of your country.  You may also have rights with respect to the party from whom you acquired the software.  This agreement does not change your rights under the laws of your country if the laws of your country do not permit it to do so.\b\caps\par
\pard\fi-363\li720\sb120\sa120\fs20 b.\tab\fs19 Outside the United States.\b0   If you acquired the software in any other country, the laws of that country apply.\b\par
\pard\fi-363\li720\sb120\sa120\tx720\cf0\fs20 a.\tab\fs19 United States.\b0   If you acquired the software in the United States, Washington state law governs the interpretation of this agreement and applies to claims for breach of it, regardless of conflict of laws principles.  The laws of the state where you live govern all other claims, including claims under state consumer protection laws, unfair competition laws, and in tort.\b\par
\pard\keepn\fi-360\li360\sb120\sa120\tx360\cf2\b\caps\fs20 7.\tab\fs19 Applicable Law\caps0 .\par
\caps\fs20 6.\tab\fs19 Entire Agreement.\b0\caps0   This agreement, and the terms for supplements, updates, Internet-based services and support services that you use, are the entire agreement for the software and support services.\par
\caps\fs20 5.\tab\fs19 SUPPORT SERVICES.\caps0  \b0 Because this software is \ldblquote as is,\rdblquote  we may not provide support services for it.\b\par
\caps\fs20 4.\tab\fs19 Export Restrictions\caps0 .\b0   The software is subject to United States export laws and regulations.  You must comply with all domestic and international export laws and regulations that apply to the software.  These laws include restrictions on destinations, end users and end use.  For additional information, see \cf1\ul www.microsoft.com/exporting <http://www.microsoft.com/exporting>\cf0\ulnone .\b\par
\pard\fi-357\li357\sb120\sa120\tx360\b\fs20 3.\tab\fs19 DOCUMENTATION.\b0   Any person that has valid access to your computer or internal network may copy and use the documentation for your internal, reference purposes.\b\par
\'b7\tab use the software for commercial software hosting services.\par
\'b7\tab transfer the software or this agreement to any third party; or\par
\'b7\tab rent, lease or lend the software;\par
\'b7\tab publish the software for others to copy;\par
\'b7\tab make more copies of the software than specified in this agreement or allowed by applicable law, despite this limitation;\par
\pard\fi-363\li720\sb120\sa120\'b7\tab reverse engineer, decompile or disassemble the binary versions of the software, except and only to the extent that applicable law expressly permits, despite this limitation;\par
\pard\fi-363\li720\sb120\sa120\tx720\b0\'b7\tab work around any technical limitations in the binary versions of the software;\par
\caps\fs20 2.\tab\fs19 Scope of License\caps0 .\b0   The software is licensed, not sold. This agreement only gives you some rights to use the software.  Sysinternals reserves all other rights.  Unless applicable law gives you more rights despite this limitation, you may use the software only as expressly permitted in this agreement.  In doing so, you must comply with any technical limitations in the software that only allow you to use it in certain ways.    You may not\b\par
\pard\fi-357\li357\sb120\sa120\tx360\fs20 1.\tab\fs19 INSTALLATION AND USE RIGHTS.  \b0 You may install and use any number of copies of the software on your devices.\b\par
\pard\brdrt\brdrs\brdrw10\brsp20 \sb120\sa120 If you comply with these license terms, you have the rights below.\par
\b BY USING THE SOFTWARE, YOU ACCEPT THESE TERMS.  IF YOU DO NOT ACCEPT THEM, DO NOT USE THE SOFTWARE.\par
\pard\sb120\sa120 for this software, unless other terms accompany those items.  If so, those terms apply.\par
\'b7\tab support services\par
\'b7\tab Internet-based services, and \par
\pard\fi-363\li720\sb120\sa120\'b7\tab supplements,\par
\pard\fi-363\li720\sb120\sa120\tx720\'b7\tab updates,\par
\pard\sb120\sa120\b0\fs19 These license terms are an agreement between Sysinternals (a wholly owned subsidiary of Microsoft Corporation) and you.  Please read them.  They apply to the software you are downloading from Systinternals.com, which includes the media on which you received it, if any.  The terms also apply to any Sysinternals\par
{\*\generator Msftedit 5.41.21.2506;}\viewkind4\uc1\pard\brdrb\brdrs\brdrw10\brsp20 \sb120\sa120\b\f0\fs24 SYSINTERNALS SOFTWARE LICENSE TERMS\fs28\par
{\colortbl ;\red0\green0\blue255;\red0\green0\blue0;}
{\rtf1\ansi\ansicpg1252\deff0\deflang1033{\fonttbl{\f0\fswiss\fprq2\fcharset0 Tahoma;}}
Sysinternals License
%s License Agreement
Riched32.dll
EulaAccepted
Software\Sysinternals\%s
Shell32.dll
CommandLineToArgvW
commdlg_SetRGBColor
commdlg_ColorOK
CHOOSECOLORFG
%s%s%s
The file is not a valid DebugView filter definitions file.
The filter definitions in this file are corrupt and have been only partially processed.
DebugView Filter Definition File v1.0
Error opening log file.
Open Error
Open DebugView Filters File...
DebugView Filters (*.INI)
All (*.*)
Create File Failed.
Save Error
Save DebugView Filters to File...
Filter %d
Debug Print
Cannot find string "%s"
No items to search
Unable to create Find dialog
No items to search.
balloon
SysListView32
Invalid History Depth.
Filter Error
DBGVIEWCLEAR
[\\%s]
DebugView Error
Error adding item %d to list view
Specify DebugView Log File...
DebugView Log (*.LOG)
All (*.*)
dbgview.log
The log file is full.
Error opening log file %s: %s
%s-%s.%s
Open crash dump...
DebugView Dump (*.dmp)
All (*.*)
No DebugView output was found in the crash dump file
%08d	%s	%s	
Specify DebugView Crash Log File...
Invalid range: range must be %d-%d.
Error in Printer EndDoc.
Error in Printer EndPage.
Printing page %d...
DebugView on \\%s - Page %d
DebugView Output
Printing...
Error setting up AbortProc
Save DebugView Output to File...
DebugView Data (*.LOG)
All (*.*)
The file contains invalid log entries and will not be fully processed.
Log File Open Error
Error opening %s.
Open DebugView Log File...
Continuing will cause the current entries to be deleted.
Continue?
The connection with %s was broken
hhctrl.ocx
CLSID\{ADB880A6-D8FF-11CF-9377-00AA003B7A11}\InprocServer32
(null)
`h````
xpxxxx
LC_TIME
LC_NUMERIC
LC_MONETARY
LC_CTYPE
LC_COLLATE
LC_ALL
 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
EncodePointer
DecodePointer
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
CorExitProcess
runtime error 
TLOSS error
SING error
DOMAIN error
An application has made an attempt to load the C runtime library incorrectly.
Please contact the application's support team for more information.
- Attempt to use MSIL code from this assembly during native code initialization
This indicates a bug in your application. It is most likely the result of calling an MSIL-compiled (/clr) function from a native constructor or from DllMain.
- not enough space for locale information
- Attempt to initialize the CRT more than once.
This indicates a bug in your application.
- CRT not initialized
- unable to initialize heap
- not enough space for lowio initialization
- not enough space for stdio initialization
- pure virtual function call
- not enough space for _onexit/atexit table
- unable to open console device
- unexpected heap error
- unexpected multithread lock error
- not enough space for thread data
This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.
- not enough space for environment
- not enough space for arguments
- floating point support not loaded
Microsoft Visual C++ Runtime Library
<program name unknown>
Runtime Error!
Program: 
UTF-16LE
UNICODE
GAIsProcessorFeaturePresent
KERNEL32
`h`hhh
xppwpp
 !"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~
HH:mm:ss
dddd, MMMM dd, yyyy
MM/dd/yy
December
November
October
September
August
February
January
Saturday
Friday
Thursday
Wednesday
Tuesday
Monday
Sunday
united-states
united-kingdom
trinidad & tobago
south-korea
south-africa
south korea
south africa
slovak
puerto-rico
pr-china
pr china
new-zealand
hong-kong
holland
great britain
england
britain
america
swedish-finland
spanish-venezuela
spanish-uruguay
spanish-puerto rico
spanish-peru
spanish-paraguay
spanish-panama
spanish-nicaragua
spanish-modern
spanish-mexican
spanish-honduras
spanish-guatemala
spanish-el salvador
spanish-ecuador
spanish-dominican republic
spanish-costa rica
spanish-colombia
spanish-chile
spanish-bolivia
spanish-argentina
portuguese-brazilian
norwegian-nynorsk
norwegian-bokmal
norwegian
italian-swiss
irish-english
german-swiss
german-luxembourg
german-lichtenstein
german-austrian
french-swiss
french-luxembourg
french-canadian
french-belgian
english-usa
english-us
english-uk
english-trinidad y tobago
english-south africa
english-nz
english-jamaica
english-ire
english-caribbean
english-can
english-belize
english-aus
english-american
dutch-belgian
chinese-traditional
chinese-singapore
chinese-simplified
chinese-hongkong
chinese
canadian
belgian
australian
american-english
american english
american
Norwegian-Nynorsk
SystemFunction036
ADVAPI32.DLL
GetProcessWindowStation
GetUserObjectInformationA
GetLastActivePopup
GetActiveWindow
MessageBoxA
USER32.DLL
SunMonTueWedThuFriSat
JanFebMarAprMayJunJulAugSepOctNovDec
1#QNAN
1#SNAN
CONIN$
CONOUT$
c:\src\DbgView\Exe\Release\Dbgview.pdb
WS2_32.dll
WNetCancelConnection2A
WNetAddConnection2A
MPR.dll
CreateToolbarEx
COMCTL32.dll
DeleteFileA
GetEnvironmentVariableA
GetProcAddress
GetModuleHandleA
GetCurrentProcess
LocalFree
FormatMessageA
GetLastError
lstrcpynA
CloseHandle
InterlockedIncrement
SetEvent
QueryPerformanceCounter
SystemTimeToFileTime
GetSystemTime
UnmapViewOfFile
CreateEventA
MapViewOfFile
CreateFileMappingA
CreateMutexA
OpenMutexA
LeaveCriticalSection
EnterCriticalSection
SetLastError
TerminateThread
WaitForSingleObject
GetCurrentThreadId
DeviceIoControl
GetSystemDirectoryA
GetCurrentDirectoryA
QueryPerformanceFrequency
CreateFileA
FreeLibrary
LoadLibraryA
GlobalMemoryStatus
FindClose
SearchPathA
FindFirstFileA
lstrlenA
GetTimeFormatA
InitializeCriticalSection
GetCurrentProcessId
GetComputerNameA
GetFullPathNameA
GetModuleFileNameA
GetCommandLineA
GetVersion
GetCommandLineW
GetOverlappedResult
WriteFile
ResetEvent
WaitForMultipleObjects
ReadFile
LockResource
SizeofResource
LoadResource
FindResourceA
LocalAlloc
RaiseException
GetTickCount
GlobalReAlloc
GlobalUnlock
GlobalLock
GlobalAlloc
lstrcpyA
lstrcatA
HeapFree
HeapAlloc
GetProcessHeap
GetDateFormatA
DosDateTimeToFileTime
FileTimeToSystemTime
FileTimeToLocalFileTime
GetFileSize
GlobalFree
WriteFileEx
QueueUserAPC
SleepEx
ExpandEnvironmentStringsA
KERNEL32.dll
CheckMenuItem
GetMenu
MessageBoxA
InsertMenuItemA
GetMenuItemCount
GetSubMenu
SetCursor
InvalidateRect
ChildWindowFromPoint
GetSysColor
GetSysColorBrush
LoadCursorA
GetDlgItem
EndDialog
SetWindowTextA
PostQuitMessage
ReleaseDC
GetMenuCheckMarkDimensions
ShowWindow
GetWindowTextA
LoadIconA
GetSystemMetrics
SendMessageA
IsZoomed
IsIconic
GetWindowRect
DeleteMenu
EnableMenuItem
ReleaseCapture
SetCapture
GetDlgItemTextA
SetFocus
DialogBoxParamA
SetMenuItemBitmaps
AppendMenuA
AttachThreadInput
SendDlgItemMessageA
SetDlgItemTextA
SetWindowPos
UpdateWindow
CreateWindowExA
TrackPopupMenu
SetForegroundWindow
DestroyWindow
GetCursorPos
CreateDialogParamA
InvalidateRgn
GetClientRect
KillTimer
DefWindowProcA
MoveWindow
LoadStringA
SetTimer
LoadBitmapA
RegisterClassA
GetMessageA
DispatchMessageA
TranslateMessage
IsDialogMessageA
IsWindow
TranslateAcceleratorA
PeekMessageA
MsgWaitForMultipleObjects
RegisterWindowMessageA
LoadAcceleratorsA
FindWindowA
RegisterClassExA
InflateRect
DialogBoxIndirectParamA
CheckRadioButton
PostMessageA
IsDlgButtonChecked
GetParent
DrawFocusRect
GetDialogBaseUnits
ScreenToClient
ClientToScreen
GetFocus
EndPaint
DrawTextA
BeginPaint
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
CallWindowProcA
GetWindowThreadProcessId
SetWindowLongA
EnableWindow
CheckDlgButton
USER32.dll
SelectObject
SetTextColor
SetBkMode
CreateFontIndirectA
GetObjectA
GetStockObject
DeleteDC
StretchBlt
CreateCompatibleBitmap
CreateCompatibleDC
CreateSolidBrush
DeleteObject
GetTextMetricsA
EndDoc
EndPage
StartPage
StartDocA
SetMapMode
GetDeviceCaps
SetBkColor
ExtTextOutA
GetTextExtentPoint32A
AbortDoc
TextOutA
GetTextExtentPointA
CreateFontA
SetAbortProc
GDI32.dll
ChooseFontA
PrintDlgA
ChooseColorA
GetOpenFileNameA
GetSaveFileNameA
FindTextA
COMDLG32.dll
RegDeleteKeyA
RegCloseKey
RegSetValueExA
RegDeleteValueA
RegCreateKeyA
RegQueryValueExA
RegOpenKeyA
InitializeSecurityDescriptor
ConvertStringSecurityDescriptorToSecurityDescriptorA
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
CloseServiceHandle
CreateServiceA
QueryServiceStatus
StartServiceA
OpenServiceA
ControlService
DeleteService
OpenSCManagerA
RegOpenKeyExA
ADVAPI32.dll
ShellExecuteA
Shell_NotifyIconA
SHBrowseForFolderA
SHGetSpecialFolderLocation
SHGetMalloc
ShellExecuteExA
CommandLineToArgvW
SHELL32.dll
ExitThread
ResumeThread
CreateThread
GetStartupInfoA
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlUnwind
GetCPInfo
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
GetModuleHandleW
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
GetCurrentThread
LCMapStringA
WideCharToMultiByte
MultiByteToWideChar
LCMapStringW
HeapCreate
HeapDestroy
VirtualFree
DeleteCriticalSection
FatalAppExitA
VirtualAlloc
HeapReAlloc
ExitProcess
GetStdHandle
GetConsoleCP
GetConsoleMode
SetHandleCount
GetFileType
FlushFileBuffers
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetSystemTimeAsFileTime
SetFilePointer
GetStringTypeA
GetStringTypeW
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
InitializeCriticalSectionAndSpinCount
SetConsoleCtrlHandler
InterlockedExchange
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetTimeZoneInformation
HeapSize
GetLocaleInfoW
SetEndOfFile
CompareStringA
CompareStringW
SetEnvironmentVariableA
System Bus Extender
memory.dmp
DBGVCLNT
Filters.ini
                          
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
                          
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
!This program cannot be run in DOS mode.
`.rdata
@.data
L$(RPQ
9|$$v~
L$,QVS
|$(;|$$r
RSSSSh
T$xRSS
T$l8D$
						
							
							
L$ QWV
</uhAQh
_VVVVV
HHtXHHt
>If90t
<at9<rt,<wt
URPQQh
_VVVVV
_VVVVV
0A@@Ju
>=Yt1j
< tK<	tG
j@j ^V
0SSSSS
0SSSSS
0SSSSS
^SSSSS
j"^SSSSS
v	N+D$
tM<it-<ot)<ut%<xt!<Xt
<dty<itu<otq<utm<xti<Xte
HIf98t
HHtYHHt
tGHt.Ht&
^SSSSS
8VVVVV
;t$,v-
UQPXY]Y[
u,VVWV
t VV9u
t"SS9]
C PjPV
C$PjQV
C*PjTV
C+PjUV
C,PjVV
C-PjWV
C.PjRV
C/PjSV
.;1s(N
HHt4HHt
Ht\Ht,
teHtFHt&Hu
ty<%tA
PPPPPPPP
PPPPPPPP
uL9=0%B
0WWWWW
t+WWVPV
^SSSSS
^SSSSS
0Wh$*B
>:u8FV
Pf95d*B
VVVVVQRSSj
^SSSSS
^SSSSS
0SSSSS
^SSSSS
^WWWWW
0SSSSS
8VVVVV
DBWIN_BUFFER_READY
DBWIN_DATA_READY
DBWIN_BUFFER
D:(A;;GRGWGX;;;WD)(A;;GA;;;SY)(A;;GA;;;BA)(A;;GRGWGX;;AN)(A;;GRGWGX;;RC)(A;;GRGWGX;;S-1-15-2-1)S:(ML;;NW;;LW)
Wait for connection time out
Unable to communicate with driver
No connection
Socket listen failure
Unable to dump port
dbgview.ini
Unable to query the port1
Unable to bind socket
Unable to create socket
Unable to initialize Winsock
Couldn't access device driver
Unable to start DebugView driver
Dbgv.sys
BINRES
\\.\Global\%s
\\.\%s
%s\Security
%s\Enum
\Registry\Machine\System\CurrentControlSet\Services\%s
RtlFreeUnicodeString
NtLoadDriver
RtlAnsiStringToUnicodeString
ntdll.dll
RtlNtStatusToDosError
ImagePath
\??\%s
ErrorControl
System\CurrentControlSet\Services\%s
SeLoadDriverPrivilege
NtUnloadDriver
%s error: %d
DebugViewService
Stopping %s.
DebugView Service
%s (0x%x)
SetServiceStatus
OpenSCManager failed - %s
CreateService failed - %s
%s installed.
Unable to install %s - %s
OpenService failed - %s
DeleteService failed - %s
%s removed.
%s failed to stop.
%s stopped.
Stopping %s.
Debugging %s.
StartServiceCtrlDispatcher failed.
This may take several seconds.  Please wait.
StartServiceCtrlDispatcher being called.
%s -debug <params>   to run as a console app for debugging
%s -remove           to remove the service
%s -install          to install the service
DbgvSvc
remove
install
CorExitProcess
runtime error 
TLOSS error
SING error
DOMAIN error
An application has made an attempt to load the C runtime library incorrectly.
Please contact the application's support team for more information.
- Attempt to use MSIL code from this assembly during native code initialization
This indicates a bug in your application. It is most likely the result of calling an MSIL-compiled (/clr) function from a native constructor or from DllMain.
- not enough space for locale information
- Attempt to initialize the CRT more than once.
This indicates a bug in your application.
- CRT not initialized
- unable to initialize heap
- not enough space for lowio initialization
- not enough space for stdio initialization
- pure virtual function call
- not enough space for _onexit/atexit table
- unable to open console device
- unexpected heap error
- unexpected multithread lock error
- not enough space for thread data
This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.
- not enough space for environment
- not enough space for arguments
- floating point support not loaded
Microsoft Visual C++ Runtime Library
<program name unknown>
Runtime Error!
Program: 
(null)
`h````
xpxxxx
UTF-16LE
UNICODE
EncodePointer
DecodePointer
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
SystemFunction036
ADVAPI32.DLL
LC_TIME
LC_NUMERIC
LC_MONETARY
LC_CTYPE
LC_COLLATE
LC_ALL
 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
GetProcessWindowStation
GetUserObjectInformationA
GetLastActivePopup
GetActiveWindow
MessageBoxA
USER32.DLL
`h`hhh
xppwpp
 !"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~
HH:mm:ss
dddd, MMMM dd, yyyy
MM/dd/yy
December
November
October
September
August
February
January
Saturday
Friday
Thursday
Wednesday
Tuesday
Monday
Sunday
united-states
united-kingdom
trinidad & tobago
south-korea
south-africa
south korea
south africa
slovak
puerto-rico
pr-china
pr china
new-zealand
hong-kong
holland
great britain
england
britain
america
swedish-finland
spanish-venezuela
spanish-uruguay
spanish-puerto rico
spanish-peru
spanish-paraguay
spanish-panama
spanish-nicaragua
spanish-modern
spanish-mexican
spanish-honduras
spanish-guatemala
spanish-el salvador
spanish-ecuador
spanish-dominican republic
spanish-costa rica
spanish-colombia
spanish-chile
spanish-bolivia
spanish-argentina
portuguese-brazilian
norwegian-nynorsk
norwegian-bokmal
norwegian
italian-swiss
irish-english
german-swiss
german-luxembourg
german-lichtenstein
german-austrian
french-swiss
french-luxembourg
french-canadian
french-belgian
english-usa
english-us
english-uk
english-trinidad y tobago
english-south africa
english-nz
english-jamaica
english-ire
english-caribbean
english-can
english-belize
english-aus
english-american
dutch-belgian
chinese-traditional
chinese-singapore
chinese-simplified
chinese-hongkong
chinese
canadian
belgian
australian
american-english
american english
american
Norwegian-Nynorsk
CONIN$
CONOUT$
SunMonTueWedThuFriSat
JanFebMarAprMayJunJulAugSepOctNovDec
RSDS,c
c:\src\DbgView\Svc\Release\dbgvsvc.pdb
WS2_32.dll
InterlockedIncrement
SetEvent
QueryPerformanceCounter
SystemTimeToFileTime
GetSystemTime
CloseHandle
UnmapViewOfFile
CreateEventA
MapViewOfFile
LocalFree
CreateFileMappingA
GetOverlappedResult
WaitForMultipleObjects
GetLastError
WriteFile
ResetEvent
QueryPerformanceFrequency
ReadFile
SetWaitableTimer
CreateWaitableTimerA
GetComputerNameA
DeviceIoControl
lstrlenA
GetCurrentDirectoryA
GetCurrentProcess
LockResource
SizeofResource
LoadResource
FindResourceA
CreateFileA
GetProcAddress
GetModuleHandleA
SetLastError
GetTickCount
FormatMessageA
GetModuleFileNameA
SetConsoleCtrlHandler
KERNEL32.dll
ConvertStringSecurityDescriptorToSecurityDescriptorA
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
RegDeleteKeyA
RegCloseKey
RegSetValueExA
RegCreateKeyA
CloseServiceHandle
CreateServiceA
QueryServiceStatus
StartServiceA
OpenServiceA
ControlService
DeleteService
OpenSCManagerA
DeregisterEventSource
ReportEventA
RegisterEventSourceA
SetServiceStatus
RegisterServiceCtrlHandlerA
StartServiceCtrlDispatcherA
ADVAPI32.dll
HeapAlloc
HeapFree
GetModuleHandleW
ExitProcess
GetCommandLineA
DeleteCriticalSection
LeaveCriticalSection
FatalAppExitA
EnterCriticalSection
VirtualFree
VirtualAlloc
HeapReAlloc
HeapCreate
HeapDestroy
GetStdHandle
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
WideCharToMultiByte
GetConsoleCP
GetConsoleMode
RtlUnwind
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
GetCurrentThreadId
InterlockedDecrement
GetCurrentThread
FreeLibrary
InterlockedExchange
LoadLibraryA
InitializeCriticalSectionAndSpinCount
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
GetStartupInfoA
GetCurrentProcessId
GetSystemTimeAsFileTime
SetFilePointer
SetStdHandle
FlushFileBuffers
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
MultiByteToWideChar
HeapSize
GetLocaleInfoW
GetLocaleInfoA
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetTimeFormatA
GetDateFormatA
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
SetEndOfFile
GetProcessHeap
GetTimeZoneInformation
CompareStringA
CompareStringW
SetEnvironmentVariableA
                          
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
                          
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
  <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">
    <security>
      <requestedPrivileges>
        <requestedExecutionLevel level="asInvoker" uiAccess="false"></requestedExecutionLevel>
      </requestedPrivileges>
    </security>
  </trustInfo>
</assembly>PAPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADp
VeriSign, Inc.1+0)
"VeriSign Time Stamping Services CA0
120501000000Z
121231235959Z0b1
Symantec Corporation1402
+Symantec Time Stamping Services Signer - G30
3nfZ^R7
"http://crl.verisign.com/tss-ca.crl0
http://ocsp.verisign.com0
TSA1-30
Western Cape1
Durbanville1
Thawte1
Thawte Certification1
Thawte Timestamping CA0
031204000000Z
131203235959Z0S1
VeriSign, Inc.1+0)
"VeriSign Time Stamping Services CA0
http://ocsp.verisign.com0
0http://crl.verisign.com/ThawteTimestampingCA.crl0
TSA2048-1-530
?7!Op1
VeriSign, Inc.1
VeriSign Trust Network1;09
2Terms of use at https://www.verisign.com/rpa (c)09100.
'VeriSign Class 3 Code Signing 2009-2 CA0
100304000000Z
130418235959Z0
Texas1
Austin1
Sysinternals1>0<
5Digital ID Class 3 - Microsoft Software Validation v21
Headquarters1
Sysinternals0
3http://csc3-2009-2-crl.verisign.com/CSC3-2009-2.crl0D
https://www.verisign.com/rpa0
http://ocsp.verisign.com0?
3http://csc3-2009-2-aia.verisign.com/CSC3-2009-2.cer0
'o )]!2
VeriSign, Inc.1705
.Class 3 Public Primary Certification Authority0
090521000000Z
190520235959Z0
VeriSign, Inc.1
VeriSign Trust Network1;09
2Terms of use at https://www.verisign.com/rpa (c)09100.
'VeriSign Class 3 Code Signing 2009-2 CA0
'tag'Mj
https://www.verisign.com/cps0*
https://www.verisign.com/rpa0
[0Y0W0U
	image/gif0!0
#http://logo.verisign.com/vslogo.gif0
http://ocsp.verisign.com01
 http://crl.verisign.com/pca3.crl0)
Class3CA2048-1-550
VeriSign, Inc.1
VeriSign Trust Network1;09
2Terms of use at https://www.verisign.com/rpa (c)09100.
'VeriSign Class 3 Code Signing 2009-2 CA
VeriSign, Inc.1+0)
"VeriSign Time Stamping Services CA
121110235251Z0#
!This program cannot be run in DOS mode.
h.rdata
H.data
B.reloc
tjIIt9
URPQQh
c:\winddk\7600.16385.0\obj\i386\dbgv.pdb
MmMapLockedPagesSpecifyCache
MmBuildMdlForNonPagedPool
MmCreateMdl
ExFreePoolWithTag
MmUnmapLockedPages
NtBuildNumber
KiAcquireSpinLock
KiReleaseSpinLock
ExAllocatePool
KeQuerySystemTime
memcpy
vsprintf
DbgPrint
KeInsertQueueDpc
KeSetTargetProcessorDpc
KeSetImportanceDpc
KeInitializeDpc
KeSetAffinityThread
KeGetCurrentThread
KeNumberProcessors
ProbeForWrite
IofCompleteRequest
SeReleaseSubjectContext
SePrivilegeCheck
SeCaptureSubjectContext
IoDeleteDevice
RtlInitUnicodeString
ZwDisplayString
IoCreateSymbolicLink
IoCreateDevice
ZwClose
ZwSetValueKey
ZwOpenKey
RtlQueryRegistryValues
memmove
MmGetSystemRoutineAddress
PsGetVersion
memset
KeTickCount
KeBugCheckEx
ntoskrnl.exe
KfRaiseIrql
KfLowerIrql
KeQueryPerformanceCounter
HAL.dll
RtlUnwind
5%5/5@5\5y5~5
5(6.646:6H6M6\6d6l6v6~6
727@7F7K7T7Y7a7j7q7y7
9;9D9U9b9
99:A:V:a:
;6;>;F;o;v;|;
<3<q<y<
=$=0=;=^=e=v=
>(>3>>>H>Q>a>
Q0Y0k0
2$2H2P2Z2o2u2
3)373D3J3X3]3j3x3}3
5!5,5C5^5r5
626R6X6f6r6~6
2$2-242
VeriSign, Inc.1
VeriSign Trust Network1;09
2Terms of use at https://www.verisign.com/rpa (c)09100.
'VeriSign Class 3 Code Signing 2009-2 CA0
100304000000Z
130418235959Z0
Texas1
Austin1
Sysinternals1>0<
5Digital ID Class 3 - Microsoft Software Validation v21
Headquarters1
Sysinternals0
3http://csc3-2009-2-crl.verisign.com/CSC3-2009-2.crl0D
https://www.verisign.com/rpa0
http://ocsp.verisign.com0?
3http://csc3-2009-2-aia.verisign.com/CSC3-2009-2.cer0
'o )]!2
VeriSign, Inc.1705
.Class 3 Public Primary Certification Authority0
090521000000Z
190520235959Z0
VeriSign, Inc.1
VeriSign Trust Network1;09
2Terms of use at https://www.verisign.com/rpa (c)09100.
'VeriSign Class 3 Code Signing 2009-2 CA0
'tag'Mj
https://www.verisign.com/cps0*
https://www.verisign.com/rpa0
[0Y0W0U
	image/gif0!0
#http://logo.verisign.com/vslogo.gif0
http://ocsp.verisign.com01
 http://crl.verisign.com/pca3.crl0)
Class3CA2048-1-550
Washington1
Redmond1
Microsoft Corporation1)0'
 Microsoft Code Verification Root0
060523170129Z
160523171129Z0_1
VeriSign, Inc.1705
.Class 3 Public Primary Certification Authority0
Dhttp://crl.microsoft.com/pki/crl/products/MicrosoftCodeVerifRoot.crl0
n.aAHu
g.Q{49
uN1+gc
VeriSign, Inc.1
VeriSign Trust Network1;09
2Terms of use at https://www.verisign.com/rpa (c)09100.
'VeriSign Class 3 Code Signing 2009-2 CA
O_dNq]
!This program cannot be run in DOS mode.
h.rdata
H.data
.pdata
x ATAVAWH
 A_A^A\
l$ VWATAUAWH
 A_A]A\_^
s WATAVH
c:\winddk\7600.16385.0\obj\amd64\dbgv.pdb
MmUnmapLockedPages
ZwDisplayString
KeSetImportanceDpc
KeSetTargetProcessorDpc
ExFreePoolWithTag
RtlInitUnicodeString
IoDeleteDevice
ProbeForWrite
MmGetSystemRoutineAddress
RtlQueryRegistryValues
ZwSetValueKey
KeInitializeDpc
KeReleaseSpinLock
MmBuildMdlForNonPagedPool
SeReleaseSubjectContext
MmMapLockedPagesSpecifyCache
DbgBreakPoint
ExAllocatePool
SeCaptureSubjectContext
KeInsertQueueDpc
ZwClose
IofCompleteRequest
MmCreateMdl
PsGetVersion
KeAcquireSpinLockRaiseToSynch
IoCreateSymbolicLink
IoCreateDevice
KeNumberProcessors
KeSetAffinityThread
SePrivilegeCheck
ZwOpenKey
KeBugCheckEx
ntoskrnl.exe
KeQueryPerformanceCounter
HAL.dll
__C_specific_handler
VeriSign, Inc.1
VeriSign Trust Network1;09
2Terms of use at https://www.verisign.com/rpa (c)09100.
'VeriSign Class 3 Code Signing 2009-2 CA0
100304000000Z
130418235959Z0
Texas1
Austin1
Sysinternals1>0<
5Digital ID Class 3 - Microsoft Software Validation v21
Headquarters1
Sysinternals0
3http://csc3-2009-2-crl.verisign.com/CSC3-2009-2.crl0D
https://www.verisign.com/rpa0
http://ocsp.verisign.com0?
3http://csc3-2009-2-aia.verisign.com/CSC3-2009-2.cer0
'o )]!2
VeriSign, Inc.1705
.Class 3 Public Primary Certification Authority0
090521000000Z
190520235959Z0
VeriSign, Inc.1
VeriSign Trust Network1;09
2Terms of use at https://www.verisign.com/rpa (c)09100.
'VeriSign Class 3 Code Signing 2009-2 CA0
'tag'Mj
https://www.verisign.com/cps0*
https://www.verisign.com/rpa0
[0Y0W0U
	image/gif0!0
#http://logo.verisign.com/vslogo.gif0
http://ocsp.verisign.com01
 http://crl.verisign.com/pca3.crl0)
Class3CA2048-1-550
Washington1
Redmond1
Microsoft Corporation1)0'
 Microsoft Code Verification Root0
060523170129Z
160523171129Z0_1
VeriSign, Inc.1705
.Class 3 Public Primary Certification Authority0
Dhttp://crl.microsoft.com/pki/crl/products/MicrosoftCodeVerifRoot.crl0
n.aAHu
g.Q{49
uN1+gc
VeriSign, Inc.1
VeriSign Trust Network1;09
2Terms of use at https://www.verisign.com/rpa (c)09100.
'VeriSign Class 3 Code Signing 2009-2 CA
!This program cannot be run in DOS mode.
Rich&4C
OutputDebugString
krnl386.exe
<bad format character>
<float format not supported>
DBGDD   
P               
       
      
9D$@uj
L$@9L$Dt
QWVRSP
L$X<%t
T$\wM3
<ht	<lu
l$,<-u
|$$f97t
\$TBHu
L$X_^][
L$$SVW
T$ RWVS
D$ VSPW
L$(WVUQ
T$ RSWV
D$0_^[
D$ WVSP
D$(_][
FFHSTL-B
Copyright (c) 1994-1997 by Compuware Corporation3
VxD DBGDD (VtoolsD)
_The_DDB
VS_VERSION_INFO
StringFileInfo
040904E4
ProductVersion
Version 4.10
ProductName
DebugView
OriginalFilename
dbgdd.vxd
LegalCopyright
Copyright 
 1999-2001, Mark Russinovich
InternalName
FileVersion
Version 4.10
FileDescription
DebugView Win9x Driver
CompanyName
Sysinternals
VarFileInfo
Translation
333333
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0"><assemblyIdentity name="DebugView" processorArchitecture="x86" version="4.20.0.0" type="win32"></assemblyIdentity><description>File System Monitor</description><dependency><dependentAssembly><assemblyIdentity type="win32" name="Microsoft.Windows.Common-Controls" version="6.0.0.0" processorArchitecture="x86" publicKeyToken="6595b64144ccf1df" language="*"></assemblyIdentity></dependentAssembly></dependency><trustInfo xmlns="urn:schemas-microsoft-com:asm.v3"><security><requestedPrivileges><requestedExecutionLevel level="asInvoker" uiAccess="false"></requestedExecutionLevel></requestedPrivileges></security></trustInfo></assembly>PAPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDX
Washington1
Redmond1
Microsoft Corporation1#0!
Microsoft Code Signing PCA0
120904214209Z
130304214209Z0
Washington1
Redmond1
Microsoft Corporation1
Microsoft Corporation0
Ehttp://crl.microsoft.com/pki/crl/products/MicCodSigPCA_08-31-2010.crl0Z
>http://www.microsoft.com/pki/certs/MicCodSigPCA_08-31-2010.crt0
Washington1
Redmond1
Microsoft Corporation1!0
Microsoft Time-Stamp PCA0
120109222558Z
130409222558Z0
Washington1
Redmond1
Microsoft Corporation1
MOPR1'0%
nCipher DSE ESN:F528-3777-8A761%0#
Microsoft Time-Stamp Service0
Chttp://crl.microsoft.com/pki/crl/products/MicrosoftTimeStampPCA.crl0X
<http://www.microsoft.com/pki/certs/MicrosoftTimeStampPCA.crt0
	microsoft1-0+
$Microsoft Root Certificate Authority0
100831221932Z
200831222932Z0y1
Washington1
Redmond1
Microsoft Corporation1#0!
Microsoft Code Signing PCA0
?http://crl.microsoft.com/pki/crl/products/microsoftrootcert.crl0T
8http://www.microsoft.com/pki/certs/MicrosoftRootCert.crt0
`Ge`@N
	microsoft1-0+
$Microsoft Root Certificate Authority0
070403125309Z
210403130309Z0w1
Washington1
Redmond1
Microsoft Corporation1!0
Microsoft Time-Stamp PCA0
	microsoft1-0+
$Microsoft Root Certificate Authority
?http://crl.microsoft.com/pki/crl/products/microsoftrootcert.crl0T
8http://www.microsoft.com/pki/certs/MicrosoftRootCert.crt0
1Jv1=+r
L&*H$_Z
Washington1
Redmond1
Microsoft Corporation1#0!
Microsoft Code Signing PCA
*http://technet.microsoft.com/sysinternals 0
Washington1
Redmond1
Microsoft Corporation1!0
Microsoft Time-Stamp PCA
121203180959Z0#