Analysis
| Category | Package | Started | Completed | Duration | Options | Log(s) |
|---|---|---|---|---|---|---|
| FILE | exe | 2025-06-10 20:57:53 | 2025-06-10 21:28:38 | 1845 seconds | Show Options | Show Analysis Log |
procmemdump=1
import_reconstruction=1
unpacker=2
norefer=1
no-iat=1
2024-11-25 13:37:15,397 [root] INFO: Date set to: 20250610T18:43:11, timeout set to: 1800 2025-06-10 19:43:11,196 [root] DEBUG: Starting analyzer from: C:\tmp_gell1p8 2025-06-10 19:43:11,196 [root] DEBUG: Storing results at: C:\uyHCokWh 2025-06-10 19:43:11,196 [root] DEBUG: Pipe server name: \\.\PIPE\IpEgLKC 2025-06-10 19:43:11,196 [root] DEBUG: Python path: C:\Users\Packager\AppData\Local\Programs\Python\Python310-32 2025-06-10 19:43:11,212 [root] INFO: analysis running as an admin 2025-06-10 19:43:11,212 [root] INFO: analysis package specified: "exe" 2025-06-10 19:43:11,212 [root] DEBUG: importing analysis package module: "modules.packages.exe"... 2025-06-10 19:43:12,181 [root] DEBUG: imported analysis package "exe" 2025-06-10 19:43:12,181 [root] DEBUG: initializing analysis package "exe"... 2025-06-10 19:43:12,181 [lib.common.common] INFO: wrapping 2025-06-10 19:43:12,181 [lib.core.compound] INFO: C:\Users\Packager\AppData\Local\Temp already exists, skipping creation 2025-06-10 19:43:12,181 [root] DEBUG: New location of moved file: C:\Users\Packager\AppData\Local\Temp\AgentService.exe 2025-06-10 19:43:12,181 [root] INFO: Analyzer: Package modules.packages.exe does not specify a DLL option 2025-06-10 19:43:12,181 [root] INFO: Analyzer: Package modules.packages.exe does not specify a DLL_64 option 2025-06-10 19:43:12,181 [root] INFO: Analyzer: Package modules.packages.exe does not specify a loader option 2025-06-10 19:43:12,181 [root] INFO: Analyzer: Package modules.packages.exe does not specify a loader_64 option 2025-06-10 19:43:12,415 [root] DEBUG: Imported auxiliary module "modules.auxiliary.browser" 2025-06-10 19:43:12,446 [root] DEBUG: Imported auxiliary module "modules.auxiliary.digisig" 2025-06-10 19:43:12,493 [root] DEBUG: Imported auxiliary module "modules.auxiliary.disguise" 2025-06-10 19:43:12,493 [root] DEBUG: Imported auxiliary module "modules.auxiliary.human" 2025-06-10 19:43:12,509 [lib.api.screenshot] DEBUG: Importing 'PIL.ImageChops' 2025-06-10 19:43:12,509 [lib.api.screenshot] ERROR: No module named 'PIL' 2025-06-10 19:43:12,509 [root] DEBUG: Imported auxiliary module "modules.auxiliary.screenshots" 2025-06-10 19:43:12,509 [root] DEBUG: Imported auxiliary module "modules.auxiliary.tlsdump" 2025-06-10 19:43:12,509 [root] DEBUG: Initialized auxiliary module "Browser" 2025-06-10 19:43:12,509 [root] DEBUG: attempting to configure 'Browser' from data 2025-06-10 19:43:12,509 [root] DEBUG: module Browser does not support data configuration, ignoring 2025-06-10 19:43:12,509 [root] DEBUG: Trying to start auxiliary module "modules.auxiliary.browser"... 2025-06-10 19:43:12,509 [root] DEBUG: Started auxiliary module modules.auxiliary.browser 2025-06-10 19:43:12,509 [root] DEBUG: Initialized auxiliary module "DigiSig" 2025-06-10 19:43:12,509 [root] DEBUG: attempting to configure 'DigiSig' from data 2025-06-10 19:43:12,509 [root] DEBUG: module DigiSig does not support data configuration, ignoring 2025-06-10 19:43:12,509 [root] DEBUG: Trying to start auxiliary module "modules.auxiliary.digisig"... 2025-06-10 19:43:12,509 [modules.auxiliary.digisig] DEBUG: Checking for a digital signature 2025-06-10 19:43:12,649 [modules.auxiliary.digisig] DEBUG: File is not signed 2025-06-10 19:43:12,649 [modules.auxiliary.digisig] INFO: Uploading signature results to aux/DigiSig.json 2025-06-10 19:43:12,649 [root] DEBUG: Started auxiliary module modules.auxiliary.digisig 2025-06-10 19:43:12,649 [root] DEBUG: Initialized auxiliary module "Disguise" 2025-06-10 19:43:12,649 [root] DEBUG: attempting to configure 'Disguise' from data 2025-06-10 19:43:12,649 [root] DEBUG: module Disguise does not support data configuration, ignoring 2025-06-10 19:43:12,649 [root] DEBUG: Trying to start auxiliary module "modules.auxiliary.disguise"... 2025-06-10 19:43:12,649 [modules.auxiliary.disguise] INFO: Disguising GUID to 88063f41-cb09-49fe-8433-82e8a31757b9 2025-06-10 19:43:12,649 [root] DEBUG: Started auxiliary module modules.auxiliary.disguise 2025-06-10 19:43:12,649 [root] DEBUG: Initialized auxiliary module "Human" 2025-06-10 19:43:12,649 [root] DEBUG: attempting to configure 'Human' from data 2025-06-10 19:43:12,649 [root] DEBUG: module Human does not support data configuration, ignoring 2025-06-10 19:43:12,649 [root] DEBUG: Trying to start auxiliary module "modules.auxiliary.human"... 2025-06-10 19:43:12,649 [root] DEBUG: Started auxiliary module modules.auxiliary.human 2025-06-10 19:43:12,649 [root] DEBUG: Initialized auxiliary module "Screenshots" 2025-06-10 19:43:12,649 [root] DEBUG: attempting to configure 'Screenshots' from data 2025-06-10 19:43:12,649 [root] DEBUG: module Screenshots does not support data configuration, ignoring 2025-06-10 19:43:12,649 [root] DEBUG: Trying to start auxiliary module "modules.auxiliary.screenshots"... 2025-06-10 19:43:12,649 [modules.auxiliary.screenshots] WARNING: Python Image Library is not installed, screenshots are disabled 2025-06-10 19:43:12,649 [root] DEBUG: Started auxiliary module modules.auxiliary.screenshots 2025-06-10 19:43:12,649 [root] DEBUG: Initialized auxiliary module "TLSDumpMasterSecrets" 2025-06-10 19:43:12,649 [root] DEBUG: attempting to configure 'TLSDumpMasterSecrets' from data 2025-06-10 19:43:12,665 [root] DEBUG: module TLSDumpMasterSecrets does not support data configuration, ignoring 2025-06-10 19:43:12,665 [root] DEBUG: Trying to start auxiliary module "modules.auxiliary.tlsdump"... 2025-06-10 19:43:12,665 [modules.auxiliary.tlsdump] INFO: lsass.exe found, pid 696 2025-06-10 19:43:12,681 [lib.api.process] INFO: Monitor config for <Process 696 lsass.exe>: C:\tmp_gell1p8\dll\696.ini 2025-06-10 19:43:12,681 [lib.api.process] INFO: Option 'procmemdump' with value '1' sent to monitor 2025-06-10 19:43:12,681 [lib.api.process] INFO: Option 'import_reconstruction' with value '1' sent to monitor 2025-06-10 19:43:12,681 [lib.api.process] INFO: Option 'unpacker' with value '2' sent to monitor 2025-06-10 19:43:12,681 [lib.api.process] INFO: Option 'norefer' with value '1' sent to monitor 2025-06-10 19:43:12,681 [lib.api.process] INFO: Option 'no-iat' with value '1' sent to monitor 2025-06-10 19:43:12,681 [lib.api.process] INFO: Option 'tlsdump' with value '1' sent to monitor 2025-06-10 19:43:12,681 [lib.api.process] INFO: 64-bit DLL to inject is C:\tmp_gell1p8\dll\pQxbIz.dll, loader C:\tmp_gell1p8\bin\EPCPTrhb.exe 2025-06-10 19:43:12,759 [root] DEBUG: Loader: IAT patching disabled. 2025-06-10 19:43:12,759 [root] DEBUG: Loader: Injecting process 696 with C:\tmp_gell1p8\dll\pQxbIz.dll. 2025-06-10 19:43:12,775 [root] DEBUG: 696: Python path set to 'C:\Users\Packager\AppData\Local\Programs\Python\Python310-32'. 2025-06-10 19:43:12,775 [root] INFO: Disabling sleep skipping. 2025-06-10 19:43:12,775 [root] DEBUG: 696: Full process memory dumps enabled. 2025-06-10 19:43:12,775 [root] DEBUG: 696: Import reconstruction of process dumps enabled. 2025-06-10 19:43:12,775 [root] DEBUG: 696: Active unpacking of payloads enabled 2025-06-10 19:43:12,775 [root] DEBUG: 696: CAPE debug - unrecognised key norefer. 2025-06-10 19:43:12,790 [root] DEBUG: 696: TLS secret dump mode enabled. 2025-06-10 19:43:12,790 [root] DEBUG: 696: InternalYaraScan: Scanning 0x00007FF84A790000, size 0x1f4542 2025-06-10 19:43:12,805 [root] DEBUG: 696: InternalYaraScan hit: RtlInsertInvertedFunctionTable 2025-06-10 19:43:12,805 [root] DEBUG: 696: RtlInsertInvertedFunctionTable 0x00007FF84A7A090E, LdrpInvertedFunctionTableSRWLock 0x00007FF84A8FB4F0 2025-06-10 19:43:12,805 [root] DEBUG: 696: Monitor initialised: 64-bit capemon loaded in process 696 at 0x00007FF8234D0000, thread 2208, image base 0x00007FF60D500000, stack from 0x0000008EFAA74000-0x0000008EFAA80000 2025-06-10 19:43:12,805 [root] DEBUG: 696: Commandline: C:\Windows\system32\lsass.exe 2025-06-10 19:43:12,821 [root] DEBUG: 696: Hooked 5 out of 5 functions 2025-06-10 19:43:12,821 [root] DEBUG: InjectDllViaThread: Successfully injected Dll into process via RtlCreateUserThread. 2025-06-10 19:43:12,821 [root] DEBUG: Successfully injected DLL C:\tmp_gell1p8\dll\pQxbIz.dll. 2025-06-10 19:43:12,821 [lib.api.process] INFO: Injected into 64-bit <Process 696 lsass.exe> 2025-06-10 19:43:12,821 [root] <truncated>
Machine
| Name | Label | Manager | Started On | Shutdown On | Route |
|---|---|---|---|---|---|
| win10-2 | win10-2 | KVM | 2025-06-10 20:57:53 | 2025-06-10 21:28:18 | none |
File Details
| File Name |
AgentService.exe
|
|---|---|
| File Type | PE32+ executable (GUI) x86-64, for MS Windows |
| File Size | 1180672 bytes |
| MD5 | 05793b87bfd0101369ad01dec810048b |
| SHA1 | 11b44c9c9f5bd7b9aa1df4de18a27bf1353f2cc7 |
| SHA256 | b3d7aab8ad319dcf7050fe8ce67d69c8c59adc0d90c19a144c2d5c1f66c1babf [VT] [MWDB] [Bazaar] |
| SHA3-384 | 0acfff24036cedb5093f8e1df180c0697e56e5281044422930578c5cd9619712fa74fc7960489474a09e13f7d056fa72 |
| CRC32 | 78B1AFA0 |
| TLSH | T1C5457D1A67EC82B8D0B7D2B8C9A6854BE7B274051F3157CF0291961E1F3BDE86D39312 |
| Ssdeep | 24576:qGmIkfKiiw+YwxTNIE5lliEs4s1AzLu3/6x3spsOyNeJdiG2QaFkFhC6:qGmIkfKi11+TNI0jiyAaFkF7 |
| PE | File Strings BinGraph Vba2Graph VirusTotal |
D9'u(H
Local\{C15730E2-145C-4c5e-B005-3BC753F42475}-once-flag
.?AV?$bind_t@_NV?$mf3@_NVConfigUtil@Uev@@W4SettingSource@2@AEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@AEAJ@_mfi@boost@@V?$list4@V?$value@PEAVConfigUtil@Uev@@@_bi@boost@@U?$arg@$00@3@V?$value@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@23@U?$arg@$01@3@@_bi@3@@_bi@boost@@
AgentService.CreateProcNotificationListener::InjectIntoProcessNeeded: Process has been identified as the Shell.
l$ VWATAVAWH
CreateHardLinkW
@.data
L9-:J
A0123456789abcdefghijklmnopqrstuvwxyz
`A_A^A\_^][
>I;<$tYD
.?AV_Generic_error_category@std@@
H9C0w
OverrideMSTemplates
ReleaseMutex
.?AVVdiProfile@Uev@@
f9<Ju
.?AVcodecvt_base@std@@
Cannot expand environment strings
Executable parameter is NULL
Repository::IsRepositoryPathCurrent
t$hH;
WATAUH
error
CreateSemaphoreExW
.?AVios_base@std@@
u*9Q<|%
Microsoft.Windows.AppMan.UEV
Template::GetProfile() - Template is assigned to multiple profiles. Error = %1%.
0123456789abcdefABCDEF
.?AV?$SettingGroup@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Uev@@
D8v)t
fD9DX
A_A^A\_^][
fF94Cu
An error occurred when the TemplateParser initialized COM
L$xE3
no space on device
localeconv
AgentService.Main: Exit
RegSetValueExW
.?AV?$basic_stringstream@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@
Missing maximum attribute.
T$ f9
Repository::SetCurrentRepositoryPath() - Error
.?AV<lambda_41bcd9d1b3391c30bf05fd1f3e157d5e>@@
t$@I;
L$HE3
not a directory
CreateEventA
list<T> too long
Invalid normalization root type
CLSIDFromString
.?AV<lambda_322e366cda6270a61c067d458a193ec3>@@
Unable to enumerate template index subkeys.
Malgun Gothic
H;] u
CT$8H
L9d$@r
.?AV?$clone_impl@Ubad_alloc_@exception_detail@boost@@@exception_detail@boost@@
|$0H!]xH
0A_A^A]A\_^[
RunSyncOnTrigger
.?AV?$bind_t@_NV?$mf4@_NVConfigUtil@Uev@@W4SettingSource@2@AEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@AEBV45@AEAJ@_mfi@boost@@V?$list5@V?$value@PEAVConfigUtil@Uev@@@_bi@boost@@U?$arg@$00@3@V?$value@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@23@U?$arg@$01@3@U?$arg@$02@3@@_bi@3@@_bi@boost@@
SelectionNamespaces
VerQueryValueW() returned false; file version information is not available
Could not instantiate log implementation
VWAVH
L$@H+
AgentService.CreateProcNotificationListener::ProcessNotification: Skipping injection for process in isolated session, sessionId = %X
PA_A^A]A\_^[
L$xH3
AgentService.CreateProcNotificationListener::ValidateDigitalSignature: The file '%s' is not signed.
SettingsStoragePath
.?AV_Node_endif@std@@
system
%H : %M
Microsoft Corporation
.?AV?$SettingGroup@_K@Uev@@
E9e ~3H
t$8fD
AgentService.NotificationListener::ListeningThread: Unexpected exception
fD9,Qu
.?AV?$_Node_class@_WV?$regex_traits@_W@std@@@std@@
memcmp
.?AVIPCSender@Uev@@
.?AVerror_category@system@boost@@
U(D8V
d$XL9l$H
.?AV<lambda_8c72e2de8a8da81ccb96b28f1046525e>@@
.?AVProfileConfigurationException@Uev@@
boost::filesystem::create_directories
_XcptFilter
IADsUser::get_HomeDirectory for user DN
PA_A^A]A\_
X\?E/5
_lock
D$pH;
Backup
< t <$
.?AVTemplateFolder@Uev@@
`A^_^][
DebugLogFileName
USVWATAUAVAWH
D9l$@u
Win32
L9t$Hr
@SUVWAVH
CreateSymbolicLinkW
yxxxxxxxH
t$PI;
l$4D8t$1u
Failed to unregister the UE-V event log service for IPC
SWAVH
z8u6H
fF9$Cu
Error closing registry key
.?AVCustomActionPath@Uev@@
d$`E3
LOGLEVEL
resource unavailable try again
_initterm
C H9EPr
.?AVlogic_error@std@@
SetServiceStatus
.idata$5
False
.?AVsystem_error_category@?A0x90fe97d7@system@boost@@
u5H9E
l$8E3
l$PE3
not connected
fsetpos
.?AVSettingBase@Uev@@
.?AV?$num_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@
U8D8f
UncStore::CombinePaths()
protocol_not_supported
.?AV?$basic_ostream@_WU?$char_traits@_W@std@@@std@@
EventName
9C }'L
S~=5p
.pdata
NtQuerySystemInformation
CLSIDFromProgID
fD;|$@t
|$PL9d$@r
t>y#I
LastWriterWins
Microsoft
(D$@L
<%ucH
operation_in_progress
.?AVConfigUtil@Uev@@
D8mot
FixedProfile
fD9,Hu
Application
Microsoft JhengHei UI
E8u(D
A^A\_
_Strftime
StdpFlags
_W_Gettnames
@H;{P
.data$r$brc
A^A]_^]
fgetc
Invalid template XML (couldn't find root node).
L9u0H
8A_A^A]A\_^][
AgentService.CreateProcNotificationListener::LaunchAndWaitForInjectionProcess: Entry
_get_current_locale
host_unreachable
regex_error(error_stack): There was insufficient memory to determine whether the regular expression could match the specified character sequence.
H1PHI
BackupProfile::AreWin8AppsAssociated() - Failed getting Win8 App association for the backup profile. Error = %1%.
ew0hp
SetEvent
connection refused
read only file system
.?AVOpenUserHiveException@Uev@@
RestoreSettingPackageTimestamp
L$XE3
C@HcH
SleepConditionVariableSRW
_exit
AgentService.FilterConnection::SendReplyMessage: Reply message failed, status = 0x%X
AgentService.CreateProcNotificationListener::InjectIntoProcessNeeded: Process has been identified as a monitored program.
:Jan:January:Feb:February:Mar:March:Apr:April:May:May:Jun:June:Jul:July:Aug:August:Sep:September:Oct:October:Nov:November:Dec:December
m]#0D
AgentService.Main: Failed to start service ctrl dispatcher, error = 0x%X
H;\$H
operation would block
w-L9I
0A^_^
AgentService.NotificationListener::Listen: Entry
fwrite
xmlns:r1='http://schemas.microsoft.com/UserExperienceVirtualization/2012/SettingsLocationTemplate' xmlns:r2='http://schemas.microsoft.com/UserExperienceVirtualization/2013/SettingsLocationTemplate' xmlns:r3='http://schemas.microsoft.com/UserExperienceVirtualization/2013A/SettingsLocationTemplate'
SDM9S0tIE9S@~CI
H9t$ t)H
uhM9g
AgentService.pdb
GetFileTime
_Getdays
%hs!%p:
K SVWH
D8d$0t
D8w)t
LocalStore
f4Og|
0A_A^A\_^
\Runtime\TemplateRegistration
Unable to allocate heap memory for security token information
.?AV?$clone_impl@U?$error_info_injector@Vtoo_few_args@io@boost@@@exception_detail@boost@@@exception_detail@boost@@
p WAVAWH
uc8X$t
fB9<Ju
Path is empty.
E`D87
Software\Microsoft\UE-V\test
MissingExternalFileCount
.tls$ZZZ
\system32\Microsoft.Uev.AppAgent.dll
D8uwt
CoCreateInstance
H;}8t(H
AgentService.CreateProcNotificationListener::Constructor: Error creating short-form file name for injected DLL (64-bit)
AgentService.Util::IsLowIntegrityProcess: Entry
.?AVRoamingProfile@Uev@@
GetStringTypeW
t$4D8d$1u
AgentService.FilterConnection::PostReceiveBuffer: Entry
GetFileAttributesW
CT$PH
H;:t2H
.?AV?$Setting@K@Uev@@
ExtFileHash
Yu Gothic UI Semibold
UevCommon
CustomerExperienceImprovementProgram
Failure loading XML document.
.?AVUevHealthEvent@Uev@@
L9u uO
vWL9A
argument out of domain
.rdata$r
f9,Ku
d$xfD
StdpInterval
G I9G
F(H9G(t
.?AV?$_Func_impl@U?$_Callable_obj@V<lambda_ec3c729f0620a7ad549f12b7650ac5e6>@@$0A@@std@@V?$allocator@V?$_Func_class@_NAEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@U_Nil@2@U32@U32@U32@U32@U32@@std@@@2@_NAEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@2@U_Nil@2@U52@U52@U52@U52@U52@@std@@
ExtFileCount
Error closing handle
;(u%H
.CRT$XIA
|$8E#
Unable to add an entry for the UE-V agent service to the App-V 4.x override registry key (error code 0x%X)
Template::GetProfile() - Defaulting to profile %1% for template %2%.
fD93u
.?AVslapiProxy@SlapiWrapper@Shared@AppMan@@
Unexpected error getting the length of the UE-V registry value
hA_A^A]A\_^][
AgentService.CreateProcNotificationListener::ProcessNotification: Failed to open process handle, error = 0x%X
.?AVFileIOException@Uev@@
D8s)t
Microsoft JhengHei UI Bold
AgentService.FilterConnection::SendReplyMessage: Entry
connection_already_in_progress
SettingsStoragePathADAttribute
.?AVbad_function_call@std@@
generic
ResetEvent
x UAVAWH
GetSidSubAuthority
AgentService.Util::OpenUserHive: Entry
D9/u9H
XA_A^A]A\_^][
FileDescription
GpHcP
fA91t A
FileMask
Call to GetFileVersionInfoSize() failed
\$ UVWH
L9uXr
<:u3H
ul%G1
External
.?AV<lambda_8e7616211ec073fd7c9146ede6066575>@@
admin\appman\shared\boost_1_59\boost\property_tree\detail\json_parser_write.hpp
.?AV<lambda_dd354a8f948b07531df5bdc5824e41a6>@@
\$ VWAVH
SOFTWARE\Microsoft\Hvsi\Office
UWATAVAWH
I;<$u
tWinSta0
d$XE3
<xf9>t
.?AV?$bind_t@_NV?$cmf4@_NVConfigUtil@Uev@@W4SettingSource@2@AEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@AEAV?$list@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@V?$allocator@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@2@@5@AEAJ@_mfi@boost@@V?$list5@V?$value@PEAVConfigUtil@Uev@@@_bi@boost@@U?$arg@$00@3@V?$value@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@23@U?$arg@$01@3@U?$arg@$02@3@@_bi@3@@_bi@boost@@
PA^_[
Could not resolve environment variable
bgOne
ManageSuiteOnly
d$hfD
ntdll.dll
Packager
no stream resources
AgentService.FilterConnection::Close: Exit, retStatus = 0x%X
WinVerifyTrust
10.0.17763.1
DeviceIoControl
directory not empty
t$XfD
WakeAllConditionVariable
BL$(A
A_A^A\_^
UVAVH
Failure parsing XML data.
L$hE3
regex_error(error_badrepeat): One of *?+{ was not preceded by a valid regular expression.
SyncProviderPingEnabled
.?AV_com_error@@
network reset
UVWATAWH
|$xHc
.?AVNotImplementedException@Uev@@
_Gettnames
AdjustTokenPrivileges
boost::bad_format_string: format-string is ill-formed
l$0E3
GetFileVersionInfoSizeW
F(H9G(
noconv
.PEAVUevException@Uev@@
wUf90A
Unable to get the security token information
CD$ H
tjH9Z
D$(E3
Minimum
D$h.fD
L$`L;
Template::GetProfile() - Failed to get the list of profiles. Error = %1%.
I;Bhw
no protocol option
.?AV?$bind_t@_NV?$mf4@_NVConfigUtil@Uev@@W4SettingSource@2@AEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@AEAV45@AEAJ@_mfi@boost@@V?$list5@V?$value@PEAVConfigUtil@Uev@@@_bi@boost@@U?$arg@$00@3@U?$arg@$01@3@U?$arg@$02@3@U?$arg@$03@3@@_bi@3@@_bi@boost@@
.?AVruntime_error@std@@
0A_A^_^]
ConvertSidToStringSidW
Failed to get template list
CPHcH
%H : %M : S
.?AV?$basic_streambuf@DU?$char_traits@D@std@@@std@@
upper
H;\$X
f93t4f
RoamingProfile::GetSettingsStoragePath() - The settings storage path has not been configured.
.?AV?$bind_t@_NV?$cmf4@_NVConfigUtil@Uev@@W4SettingSource@2@AEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@AEAKAEAJ@_mfi@boost@@V?$list5@V?$value@PEAVConfigUtil@Uev@@@_bi@boost@@U?$arg@$00@3@V?$value@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@23@U?$arg@$01@3@U?$arg@$02@3@@_bi@3@@_bi@boost@@
boost::filesystem::current_path
.rdata$zETW9
.?AV<lambda_a4173ae974ded2c6bd84f05e06862606>@@
.?AV?$clone_impl@U?$error_info_injector@Vbad_function_call@boost@@@exception_detail@boost@@@exception_detail@boost@@
M(L9}@H
no buffer space
UVWAVAWH
V(H9*t
L$0E3
8\uBI
L$8H3
~O8\$Hu
A_A^A\_]
.?AV?$clone_impl@U?$error_info_injector@Vtoo_many_args@io@boost@@@exception_detail@boost@@@exception_detail@boost@@
GetSidSubAuthorityCount
vector<bool> too long
GetCurrentDirectoryW
.?AVNo_Op@?$basic_oaltstringstream@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@io@boost@@
M D8f
D8t$ptgH
ios_base::badbit set
TerminateProcess
tbL9Cxu
.?AVBackupProfile@Uev@@
OpenEventA
N H9O u
H;^0u
::GetTokenInformation failed: System error code
f9,Au
Path is not a valid UNC network path. Path:
Error obtaining security token information
.?AV<lambda_4f9f7c7cab8fde9672346e43f5cae346>@@
f94ku
.?AVITemplateManager@Uev@@
Failure adding template schema 2013A.
+|$lA3
___mb_cur_max_func
fB9<@u
Unable to access the template index.
)D$pE3
fD9<zu
AHH!|$(H
A_A^A]
UncStore::CreateStore()
SOFTWARE\Microsoft\UEV\Agent\Configuration
Executable parameter points to an empty string
SUVWAVAWH
y|?uV
Successfully fetched 'SettingsStoragePath' from the registry. Value:
bad_address
@A_A^A]A\_^[
SystemParameter
D9a }=L
Unable to allocate %d bytes of memory.
AgentService.FilterConnection::Close: Entry
PA_A^A\_^
fF94Bu
Repository::IsFolderOwnerTheCurrentUser()
.?AV_Node_base@std@@
Unable to open file
FilterConnectCommunicationPort
T$(L+
.text$x
:\uCH
AgentService EXE
not_connected
_wtoi
too many links
SetFileAttributesW
File write error
AgentService
regex_error(error_badbrace): The expression contained an invalid range in a { expression }.
codecvt
)D$pH+
H9Qhv#H
L$(L9d$@L
blank
.xdata$x
L$HH3
A^_^
Failed to create administrator group SID
.?AV<lambda_78691779dcc95ca463c73cb78dcacf29>@@
GetModuleHandleW
Segoe UI
D9%wD
memchr
L$ SVWATAVAWH
inappropriate io control operation
C<A;C@|
L$ E3
.?AVregex_error@std@@
.CRT$XLZ
.giats
kernelbase.dll
>I;<$u
CscChangeManager
D$ H;
SystemTimeToFileTime
t$DE3
connection reset
RestoreSettingPackageType
D9-)-
Author
http://schemas.microsoft.com/UserExperienceVirtualization/2013A/SettingsLocationTemplate
L$8I;
connection aborted
HKEY_CURRENT_USER\SOFTWARE\Microsoft\UEV
0A_A^_
OriginalFilename
AgentService.Util::CheckForMatchingApplicationTemplate: Product name: '%s'
OfflineFiles
fB9<xu
.?AVthread_exception@boost@@
d$0E3
uc8Y$t
sprintf_s
destination_address_required
.?AV<lambda_e32f5da3715b87ddf1de38f167a8436e>@@
BackupProfile::GetSettingsStoragePathForMachine() - Error %1% occurred while getting the settings storage path from the repository.
SetTokenInformation
L$0fD
L!d$8D
Profile::GetAssociatedTemplateList()
r3:SettingsLocationTemplate
fD94Au
fD9l$pI
strcspn
Failed to fetch unexpanded 'SettingsStoragePath' from the registry.
___lc_handle_func
9{0t*
\$8E3
.?AV?$basic_ostream@DU?$char_traits@D@std@@@std@@
0A_A^A\_^[]
Could not retrieve all files from template folder
fE94Du
fD9$zu
.?AV?$clone_impl@U?$error_info_injector@Vthread_resource_error@boost@@@exception_detail@boost@@@exception_detail@boost@@
d$xE3
AgentService.Util::CheckForMatchingApplicationTemplate: File version: '%s'
UVWATAUAVAWH
Unknown file root type.
CloseHandle
L$8E3
DebugEnableDifferenceLog
I;^0u
Common::IsOnlyCentennialOfficeTemplateRegistered - onlyCentennialOfficeTemplateRegistered = %1%.
fD9l$pt
L9-QE
.?AV?$bind_t@_NV?$cmf4@_NVConfigUtil@Uev@@W4SettingSource@2@AEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@AEA_NAEAJ@_mfi@boost@@V?$list5@V?$value@PEAVConfigUtil@Uev@@@_bi@boost@@U?$arg@$00@3@U?$arg@$01@3@U?$arg@$02@3@U?$arg@$03@3@@_bi@3@@_bi@boost@@
@.reloc
fD9|}
Failed to get the list of profiles
t$xfD
.?AV_Node_if@std@@
Repository::SetCurrentRepositoryPath
HA_A^A]A\_^[]
PreventOverlappingSynchronization
Failure validating XML to schema.
L$x;M
BackupProfile::GetSettingsStoragePathForMachine() - The settings storage path has not been configured.
AgentService.NotificationListener:: Filter connection initialized failed, status = 0x%X
RegisterServiceCtrlHandlerW
_purecall
AgentService.CreateProcNotificationListener::InjectIntoProcess: Failed to get primary token for MavInject, error = 0x%X
timed_out
D9K(t
GetSystemTimeAsFileTime
.?AV?$bind_t@_NV?$cmf4@_NVConfigUtil@Uev@@W4SettingSource@2@AEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@AEAV45@AEAJ@_mfi@boost@@V?$list5@V?$value@PEAVConfigUtil@Uev@@@_bi@boost@@U?$arg@$00@3@V?$value@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@23@U?$arg@$01@3@U?$arg@$02@3@@_bi@3@@_bi@boost@@
3f92u
AgentService.CreateProcNotificationListener::SetupLaunchCmdLine: Exit
.PEAVexception@@
A__^[]
u&@8~P
.E8.tXH
RegEnumValueW
.?AV?$_Ref_count@VConfigUtil@Uev@@@std@@
___lc_codepage_func
Invalid custom action URI format (3): %1%
.?AVTemplateNotFoundException@Uev@@
File creation error
D9%kO
C\$(H
LocalizedNames
(D$ f
.?AV?$bind_t@_NV?$cmf4@_NVConfigUtil@Uev@@W4SettingSource@2@AEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@AEAV45@AEAJ@_mfi@boost@@V?$list5@V?$value@PEAVConfigUtil@Uev@@@_bi@boost@@U?$arg@$00@3@U?$arg@$01@3@U?$arg@$02@3@U?$arg@$03@3@@_bi@3@@_bi@boost@@
0123456789ABCDEFabcdef-+Xx
fD9:u
xv#?H
|$HE3
{|-ufH
D$2M;
??0exception@@QEAA@AEBQEBDH@Z
u+L9}'
Leelawadee UI Bold
SetUnhandledExceptionFilter
ResolveExternals
D$h@t
wcscmp
Invalid custom action URI format (4): %1%
t$ @82u
network down
executable format error
bad exception
Microsoft.Uev.SyncConditions
\$hE3
.?AVtoo_many_args@io@boost@@
d$XL9|$Pr
D$ E3
.text
L9w u
Version
SyncTimeoutInMilliseconds
@UATAUAVAWH
:Sun:Sunday:Mon:Monday:Tue:Tuesday:Wed:Wednesday:Thu:Thursday:Fri:Friday:Sat:Saturday
bad function call
.?AV_Ref_count_base@std@@
.?AU?$error_info_injector@Vtoo_few_args@io@boost@@@exception_detail@boost@@
fputc
Template ID already exists
t$hfB
_wfsopen
T$(Mc
.rdata$brc
.?AV?$basic_iostream@_WU?$char_traits@_W@std@@@std@@
ServiceSpecificExitCode
homeDirectory
AgentService.ControlHandler: Exit
L9-;I
.?AV<lambda_cf9cc47c04952eef614cc5d096004e70>@@
TrayIconEnabled
.?AVInvalidHResultException@Uev@@
L$`E3
ChangeManager
pA^_^
An attempt was made to get the path of the settings storage even though the settings storage was not initialized or failed to initialize. Return = E_FAIL.
L9l$pr
.?AV?$numpunct@_W@std@@
cntrl
VL@8(t
.?AV?$bind_t@_NV?$mf4@_NVConfigUtil@Uev@@W4SettingSource@2@AEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@AEAV?$list@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@V?$allocator@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@2@@5@AEAJ@_mfi@boost@@V?$list5@V?$value@PEAVConfigUtil@Uev@@@_bi@boost@@U?$arg@$00@3@U?$arg@$01@3@U?$arg@$02@3@U?$arg@$03@3@@_bi@3@@_bi@boost@@
L$$H+
isupper
F H9C usH
\$(H;\$0tf
LocalAlloc
AgentService.Util::GetUserSid: %s
uAL9A
Invalid custom action URI format (1): %1%
.idata$4
.?AVAppVServiceInclusion@Uev@@
Unable to create index registry key.
A]A\_
Common::IsOnlyCentennialOfficeTemplateRegistered()
regex_error(error_collate): The expression contained an invalid collating element name.
\$0H;uP
AgentService.CreateProcNotificationListener::Constructor: Error creating short-form file name for injected DLL (32-bit)
MESSAGE
AgentService.CreateProcNotificationListener::ValidateDigitalSignature: The signature present in file '%s' is specifically disallowed.
3fD92u
Unable to open index registry key.
t$0H9]
.?AV?$clone_impl@U?$error_info_injector@Vbad_lexical_cast@boost@@@exception_detail@boost@@@exception_detail@boost@@
.rdata$T$brc
GetTokenInformation
.?AV<lambda_5ca4db076c4b98f72aa789b866898af1>@@
AgentService.FilterConnection::PostReceiveBuffer: Get message failed, status = 0x%X
8\tfM
fF9<B
Microsoft YaHei UI Bold
`A_A^A]A\_^[
__dllonexit
UE-V override entry is already present.
f9{xu
connection_aborted
identifier removed
fclose
VERSION.dll
AgentService.Util::IsProcessTheShell: RegOpenKey passed
toH91uj
RegEnumKeyExW
<:u/H
regex_error(error_range): The expression contained an invalid character range, such as [b-a] in most encodings.
.?AVbad_cast@@
L9d$P
t$hL9|$`r
LastWriterThreshold
F(H9G(u}H
fgetpos
operation not supported
@ fD9
cross device link
Failure reading minimum attribute.
\$ UVWAVH
CL$PH
D9%Sa
fD91t
fD9|$Xu
A_A\_^]
t~H9y
L9|$Pr
L9-tB
\$(Hc
Attempting to assign an already-valid handle.
.?AVProgramCharacteristicsHelperException@Uev@@
fD9,zu
H9|$hr
Invalid LOG format string:
strerror
__C_specific_handler
D$0.fD
Unable to get registry value from
I9V0w
0A_A^A]A\_^]
AgentService.Util::CheckForMatchingApplicationTemplate: File description: '%s'
L9|$pveH;
.?AVsystem_error@system@boost@@
no link
(D$@f
u`D9u
|$@E3
oLW\f
fE9,$u
H;\$Hu
.?AVRepository@Uev@@
AgentService.FilterConnection::SendReplyMessage: Exit, retStatus = 0x%X
|$ AVH
u0tjI
RoamingProfile::AreWin8AppsAssociated()
bad allocation
)|$PH
.text$mn$00
t$ WH
SetLastError
d$pI;
.rsrc$01
CallContext:[%hs]
BackupProfile::GetSettingsStoragePathForMachine() - Path = %1%.
Microsoft JhengHei UI Light
DebugBreak
Failure when getting node name.
t$XuzH
AgentService.ServiceMain: Unexpected exception caught
A_A^A]A\_^[]
RegDeleteValueW
<B:uAL
FilterReplyMessage
]xH;]pt`L
H;D$pr
G@HcP
A_A^A]
8\u1H
t$PE8wHt
.?AV?$bind_t@_NV?$cmf4@_NVConfigUtil@Uev@@W4SettingSource@2@AEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@AEAKAEAJ@_mfi@boost@@V?$list5@V?$value@PEAVConfigUtil@Uev@@@_bi@boost@@U?$arg@$00@3@U?$arg@$01@3@U?$arg@$02@3@U?$arg@$03@3@@_bi@3@@_bi@boost@@
D$PHcU
Software\Microsoft\AppV\Subsystem\VirtualRegistry
L$ SVWATAUAVAWH
9L$hu'D9t$xt
C$9C w"H
<:wuH
permission_denied
D8yDt
deque<T> too long
_CxxThrowException
GetSystemWindowsDirectoryW
.?AVbad_format_string@io@boost@@
GPHcP
.?AV_Node_rep@std@@
.?AV_System_error_category@std@@
H+L$ x<H
$(SQO
L9-%P
settings.bin
.?AV?$_Ref_count_del@VIRemoteStore@Uev@@U?$default_delete@VIRemoteStore@Uev@@@std@@@std@@
RemoteStoreFactory::CreateRemoteStore(String)
|$8fD
LeaveCriticalSection
Unrecognized value for Architecture element.
http://schemas.microsoft.com/UserExperienceVirtualization/2013/SettingsLocationTemplate
resource deadlock would occur
|]uGH
AgentService.Util::EnablePrivilege: LookupPrivilegeValue failed, error = 0x%X
ShellProcess
|$(L9d$hr
too many files open in system
TemplateName
L$ SVWH
AgentService.CreateProcNotificationListener::LaunchAndWaitForInjectionProcess: Error waiting for MavInject to exit, 0x%X
L9|$@H
L$ H3
D$(H;
address not available
Microsoft Corporation. All rights reserved.
AgentService.CreateProcNotificationListener::ProcessNotification: ProcessId = 0x%X
Could not open template folder for search
.?AVexception@@
CustomAction
L$PH3
message size
D$h,fD
Unable to get file size
AgentService.CreateProcNotificationListener::LaunchAndWaitForInjectionProcess: AppAgent succeessfully injected into process %lu
##forwardslash##
.?AVProfile@Uev@@
\WindowsSettings
@A^_^][
.text$yd
Failed to unregister the UE-V event log service for the Agent Service
CreateDirectoryW
bad cast
u!L9A
.u H;
9|$8u
WATAVH
AgentService.Util::EnablePrivilege: Failed to open process token, error = 0x%X
%6Rich
D$xH;
fF9$Bu
.?AVTemplateSetting@Uev@@
PA_A^_^]
LcA<E3
.?AV?$basic_istream@DU?$char_traits@D@std@@@std@@
AgentService.Util::CheckForMatchingApplicationTemplate: UevException: %s
AgentService.CreateProcNotificationListener::ValidateDigitalSignature: The hash in file '%s' representing the subject or the publisher wasn't explicitly trusted by the admin and admin policy has disabled user trust. No signature, publisher or timestamp errors.
u=L9A
.PEAVSystemException@Uev@@
isspace
D8``uQI
L9d$0
(t$pH
(D$`f
AgentService.Util::CheckForMatchingApplicationTemplate: Entry( '%s' )
Registry path for normalized file location may not contain close bracket characters.
@.rsrc
.?AV<lambda_98991ff39ec0e581537b59dea38dd6a0>@@
.?AU?$error_info_injector@Vbad_lexical_cast@boost@@@exception_detail@boost@@
TemplateService
VHH9*t
d$8L9}
AcquireSRWLockExclusive
)D$pH
byjA`
XA_A^A\_^[
`A_A^A]A\_^]
t9L9l$pr2H
setvbuf
l$ E3
L$@fD
protocol not supported
.?AVUevIPC@Uev@@
LegalCopyright
AgentService.FilterConnection::Initialize: Failed to connect, status = 0x%X
application/xml
AgentService.CreateProcNotificationListener::ValidateDigitalSignature: Error 0x%X validating signature for file '%s'.
]pu7H
BackupProfile::GetSettingsStoragePath() - Failed to get the device folder name. Error = %1%.
.?AV?$basic_altstringbuf@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@io@boost@@
xdigit
l$ VWATAUAVAWH
M'f91u
H;FptgA
Failed to read RepositoryOwnerCheckEnabled from registry. Using default value of not enabled.
T$PH;S
Malgun Gothic Semilight
,B>DY
A_A]]
ProfileTemplateList
VdiCollectionName has not been configured
zuWL9
(D$ H
UAUAVH
%I : %M : %S %p
.?AV?$list@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@V?$allocator@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@2@@std@@
f9<Fu
.?AU?$error_info_injector@Vbad_function_call@boost@@@exception_detail@boost@@
Ly^X`
.?AU?$error_info_injector@Vjson_parser_error@json_parser@property_tree@boost@@@exception_detail@boost@@
Unable to query template index.
@A_A^A]A\_^]
??8type_info@@QEBAHAEBV0@@Z
SettingsTemplateCatalogPath
L$0H3
.?AVnoncopyable@noncopyable_@boost@@
%LOCALAPPDATA%\Microsoft\UEV\%COMPUTERNAME%
E!)E!i
F H9C u
alpha
Registry
\$hH;
Repository::IsFolderOwnerTheCurrentUser() - GetTokenInformation failed with error
Repository::Repository()
CL$XL9h
.rdata$zzzdbg
_vsnprintf_s
f94Au
DEBUG
WAxK0i
WARNING
.?AV?$sp_counted_impl_pd@PEAV?$basic_altstringbuf@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@io@boost@@VNo_Op@?$basic_oaltstringstream@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@23@@detail@boost@@
WAVAWH
SyncProviderName
.?AV?$sp_counted_impl_p@Um_imp@filesystem_error@filesystem@boost@@@detail@boost@@
fD9 u8E3
_fseeki64
)|$`H
realloc
.rdata
|$XE3
??1type_info@@UEAA@XZ
??0exception@@QEAA@XZ
L9-oP
RoamingProfile::GetSettingsStoragePath()
AgentService.CreateProcNotificationListener::InjectIntoProcessNeeded: UevException occurred: %1%
too many files open
r2:SettingsLocationTemplate
A_A^_^[]
ios_base::failbit set
QueryFullProcessImageNameW
Da6N^
CL$`H
t$pH9\$ u
CD$(f
%UM;%
.?AVSystemParameterPath@Uev@@
.?AV?$_Node_str@_W@std@@
.?AV<lambda_d04d215358dd65911fbb00e34be6f74e>@@
l$hfD
no lock available
\SettingsLocationTemplate2013A.xsd
Failed to get Win8 App association from backup profile
h_^[]
fF9<Bu
IsWow64Process
BackupProfile::GetSettingsStoragePathForMachine()
fD9,Au
AgentService.ServiceMain: Entry
fA9<@u
custom:
WaitForSingleObject
Invalid mavinject
L;Ihs'H
|$xE3
r1:SettingsLocationTemplate
address in use
.?AVPath@Uev@@
Injected successfully
.?AVTemplateParser@Uev@@
tJH;Op
|$ fD9:u
|9D;o
OpenProcessToken
.?AV<lambda_d2ba27ba118ac32b463132b9cd205f7c>@@
.?AV?$basic_stringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@
__crtLCMapStringA
6H9uht
.?AV<lambda_3a8679002c2b7096a8b714ea4552d87f>@@
GetModuleFileNameA
PA_A^A\_^[]
DebugMessage
l$`fD
SOFTWARE\Wow6432Node\Microsoft\SoftGrid\4.5\SystemGuard\Overrides
SVWATAUAVAWH
owner dead
0A_A^A\
.?AV?$Setting@_K@Uev@@
.?AVConfiguration@Uev@@
VdiProfile::AreWin8AppsAssociated() - Failed getting Win8 App association for the VdiState profile. Error = %1%.
M9h t
GPHcH
boost::filesystem::path codecvt to string
ADSMethods::GetADHomeDirectory
print
.?AV?$SettingGroup@V?$list@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@V?$allocator@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@2@@std@@@Uev@@
network unreachable
LocalLock
SHGetKnownFolderPath
.?AV<lambda_ec3c729f0620a7ad549f12b7650ac5e6>@@
'. HRESULT:
H;{(
DeferToOffice365
H+L$(xBH
memcpy
Wkernel32.dll
.idata$3
Common::IsOnlyCentennialOfficeTemplateRegistered - RegCreateKeyEx returned = %1%.
AgentService.Util::GetProcessIntegrityLevel: Error detected, msg = %s, status = 0x%X
@]AtM
.?AV?$num_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@
\SettingsLocationTemplate2013.xsd
AgentService.NotificationListener::Start: Entry
_W_Getmonths
invalid seek
LogOffWaitInterval
L9t$pt
L9-S<
L9d$X
VirtualRegistryPassthroughEx
Filename
.?AVAssociatedTemplateException@Uev@@
is a directory
\$$H+_
SeAssignPrimaryTokenPrivilege
RtlDllShutdownInProgress
.?AU?$error_info_injector@Vthread_resource_error@boost@@@exception_detail@boost@@
punct
ew|>&=4_
L9-L?
Error retrieving HideSettingsPackageFolder from the registry. Defaulting to hidden
fflush
string too long
.?AV<lambda_38955052af1254fc13faf5049e909afb>@@
.?AV?$numpunct@D@std@@
.?AVCustomActionUri@Uev@@
??0bad_cast@@QEAA@PEBD@Z
t$HfD
|$HfD
Invalid normalized file path format (no closing % character found).
_Wcsftime
.?AV?$_Ref_count_obj@VproductionSlapiProxy@SlapiWrapper@Shared@AppMan@@@std@@
.?AVITemplate@Uev@@
Patch
ExpandEnvironmentStringsW
no child process
H9\$@tGM
(_^][
D;} }XI
__setusermatherr
fD9"u
UATAUAVAWH
.?AV?$SettingGroup@K@Uev@@
HeapFree
invalid string position
UWATAUAVH
no message available
Malgun Gothic Bold
GetTickCount
AgentService.CreateProcNotificationListener::ProcessNotification: Failed to get session ID from ProcessId, error = 0x%X
Win64
WaitForSyncTimeoutInMilliseconds
Microsoft YaHei UI Light
Profile::GetAssociatedTemplateList() - Could not find template for template %1%.
L$@E3
<The underlying system error could not be obtained>
.?AVIADSMethods@Uev@@
+D$hD3
RegistryEntry
.CRT$XIY
.?AVUevException@Uev@@
SOFTWARE\Microsoft\UEV
AgentService.CreateProcNotificationListener::LaunchAndWaitForInjectionProcess: Injecting the AppAgent into process %lu
.?AV?$bind_t@_NV?$cmf1@_NVConfigUtil@Uev@@_N@_mfi@boost@@V?$list2@V?$value@PEAVConfigUtil@Uev@@@_bi@boost@@V?$value@_N@23@@_bi@3@@_bi@boost@@
L$@H3
AgentService.CreateProcNotificationListener::LaunchAndWaitForInjectionProcess: Failed to allocate buffer
TemplateNotFoundException
D$XH;
AgentService.Util::IsProcessTheShell: [%s]
fF9,Bu
AgentService.Util::OpenUserHive: %s
fseek
.?AVTemplateVersionException@Uev@@
InitialOsSettingsExportDelay
T$`E3
TimeStamp
UWAVH
regex_error(error_parse)
_W_Getdays
.?AV?$Setting@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Uev@@
MultiByteToWideChar
Software\Microsoft\Windows\CurrentVersion\NetCache\SyncConflictHandling
Repository::LookupADSettingsStoragePath
::ConvertSidToStringSidW failed: System error code
A_A^A\
LkgFrequencyThreshold
Could not retrieve SyncProviderName setting value
@VWAVH
9D$hu"D9t$xt
connection_reset
EventSetInformation
*shell*
AgentService.CreateProcNotificationListener::ValidateDigitalSignature: The file '%s' is signed and the signature was verified.
CurrentSettingsStoragePath
<unspecified file>
??1bad_cast@@UEAA@XZ
UWAUAVAWH
<unknown log level>
e A^_]
.?AVfailure@ios_base@std@@
OutputDebugStringW
\Configuration
.?AVformat_error@io@boost@@
.?AVTemplateReplacedException@Uev@@
L9|$`r
ReturnHr
StartServiceCtrlDispatcherW
Minor
SHELL32.dll
ActionType
WINTRUST.dll
!LogImpl::WriteStringToLogFile() - Failed to write message to local debug log file. Debug logging to the local file will be disabled.
T$XE3
H;\$X
UUUUUUU
The settings storage path was fetched from the Active Directory cached value. Cached value:
t?y&I
AD Home directory is not defined for user DN
L!}pH
VdiProfile::GetSettingsStoragePath()
space
.?AVInvalidTemplateException@Uev@@
A^A\]
|$@f9}
t$0L9e
_ismbblead
fD;|$@@
iAppMan-UEV-Subscription-Active
Unknown error
A^_^[
]hH;]`t=H
.?AUbad_exception_@exception_detail@boost@@
.?AV<lambda_f81527f958abe236855fddd41cd6d93c>@@
ATAUAWH
@8,1u
.?AV<lambda_c39337c8366cf133a460157caa46c3a8>@@
.?AV<lambda_99102b7f2afc28903458869225e01c4f>@@
.?AV<lambda_978454ba9ee03d1ff3686d377636f69f>@@
.?AV?$_Ref_count@VappManSlapiWrapper@SlapiWrapper@Shared@AppMan@@@std@@
WATAUAVAWH
UAUAWH
LcS<HcC@D;
SUVWH
Failure reading maximum attribute.
SyncUnlistedWindows8Apps
)D$@H
}@L9uXH
ProfileFactory::CreateProfile(Type)
LocalUnlock
fD9t]
L$ UH
An unexpected error occurred opening the App-V 4.x product registry key (error code 0x%X)
.?AV?$num_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@
A_A^A]A\_
|$ E3
.CRT$XCAA
\$ UH
MockShell
ADVAPI32.dll
connection already in progress
.?AVParseException@Uev@@
no message
z&u$H
(|$`H
TemplateRegistrationTimestamp
8tTfE
CreateThread
L9{0t#H
.00cfg
\$XH;
.?AV<lambda_59b3547f6dcedc6965ce933819d6f3dd>@@
_wcsicmp
FreeLibrary
CpHcH
@SUVWH
gfffffffI
FailFast
lstrlenA
AgentService.CreateProcNotificationListener::SetupLaunchCmdLine: Failed to allocate buffer
'R{=f
T$dE3
<B:t'I
Recursive
UVWATAVH
AgentService.CreateProcNotificationListener::InjectIntoProcessNeeded: std::exception occurred: %1%
ATAVAWH
9D$huEL
FhH;Fpt|@
H;]8u
.?AV?$_Func_base@_NAEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@U_Nil@2@U32@U32@U32@U32@U32@@std@@
.?AVIRemoteStore@Uev@@
.?AVfacet@locale@std@@
CompanyName
.PEA_W
hgtlCm
invalid map/set<T> iterator
GetCurrentThreadId
@A_A^_
__getmainargs
AgentService.Util::EnablePrivilege: Exit, retStatus = 0x%X
Unable to get known folder path for GUID:
:u$L9A
AgentService.NotificationListener:: Failed to post receive message, status = 0x%X
LookupADSettingsStoragePath failed Coinitialize COM. HRESULT:
u HcA<H
@SVWATAUAVAWH
AgentService.CreateProcNotificationListener::ProcessNotification: Delaying %lu milliseconds before injecting AppAgent
.?AV<lambda_821ea4b9187fcd0e7c545ba9220a66f0>@@
.?AV<lambda_ed7125c122c13cc0b98a24fdf281201c>@@
.?AV?$bind_t@_NV?$mf4@_NVConfigUtil@Uev@@W4SettingSource@2@AEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@AEB_NAEAJ@_mfi@boost@@V?$list5@V?$value@PEAVConfigUtil@Uev@@@_bi@boost@@U?$arg@$00@3@V?$value@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@23@U?$arg@$01@3@U?$arg@$02@3@@_bi@3@@_bi@boost@@
.?AVTemplateSuite@Uev@@
t$89L$Xr(H
SLAPI check failed. The template cannot be added.
calloc
message_size
GetProcessHeap
fD9 u
Sleep
H;] u
pA_A\_^]
GetComputerNameExW
%b %d %H : %M : %S %Y
ProcessIdToSessionId
FileName
WaitForWallpaperOverwriteTime
\$$E3
FirstUseNotificationEnabled
CscTool
z?801i:It6
isalnum
t$ UWATAVAWH
VerQueryValueW() did not return the correct number of bytes for a VS_FIXEDFILEINFO structure
9D$hu!D9u
L9q(vQA
(t$ H
@SUVWAVAWH
Path is missing leading slash after drive specification. Path:
D8\$1u
+D$l3
@89t$H
H;{ r
.?AUbad_alloc_@exception_detail@boost@@
T$0H+
Invalid custom action URI format (duplicate parameter): %1% in URI: %2%
|$ H;
value too large
.?AVSystemException@Uev@@
L9-R=
AgentService.NotificationListener::Listen: Error encountered sending reply, status = 0x%X
Application template section has the same ID as another section.
RegOpenKeyExW
@SVWAUAVAWH
H9_Hs<
ReleaseSemaphore
network_unreachable
F(H9C(uiL9o
AgentService.Util::GetUserSid: Invalid (null) pointer
8/t$f
FindFirstFileW
_wcsnicmp
.?AV?$basic_ofstream@DU?$char_traits@D@std@@@std@@
fD9 u=E3
Failed to get settings storage path from Active Directory cache location
AgentService.CreateProcNotificationListener::ProcessNotification: Failed to open process token, error = 0x%X
Level
\SettingsLocationTemplate.xsd
PA_A^A]A\_^]
s4E3
l$ VWAVH
ApLc@
`A_A^A\_^[]
SCOPE
?what@exception@@UEBAPEBDXZ
The settings storage path has been set to:
D$8H;
l$4E3
A^_^][
L9|$pr
AgentService.ServiceMain: NotificationListener was successfully started.
AgentService.Util::OpenUserHive: Exit
,7H+9H
|$8E3
L$ SUVWH
AgentService.ControlHandler: Entry
class boost::exception_ptr __cdecl boost::exception_detail::get_static_exception_object<struct boost::exception_detail::bad_exception_>(void)
AgentService.Util::IsLowIntegrityProcess: Exit, retVal = 0x%X
.?AVAppV4xServiceInclusion@Uev@@
D$0HcH
Default
|$4D8c
:AM:am:PM:pm
L9-1K
not supported
??0exception@@QEAA@AEBQEBD@Z
New template ID does not match the existing template ID
R$fA;Z*
.?AV?$SettingGroup@_N@Uev@@
.?AV?$bind_t@_NV?$mf4@_NVConfigUtil@Uev@@W4SettingSource@2@AEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@AEB_NAEAJ@_mfi@boost@@V?$list5@V?$value@PEAVConfigUtil@Uev@@@_bi@boost@@U?$arg@$00@3@U?$arg@$01@3@U?$arg@$02@3@U?$arg@$03@3@@_bi@3@@_bi@boost@@
MissingExternalFileTimestamp
L9u u
AppVersionRange
fD9*u
fD9|A
is newer in the currently registered template.
UATAVH
"%s" %u "%s"
.?AVSlapiDisabledException@Uev@@
VolatilePooledVdiMode
.?AV?$bind_t@_NV?$cmf1@_NVConfigUtil@Uev@@AEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@_mfi@boost@@V?$list2@V?$value@PEAVConfigUtil@Uev@@@_bi@boost@@U?$arg@$00@3@@_bi@3@@_bi@boost@@
D$PE3
The PackageManager component has thrown an exception:
r^H+B
::QueryFullProcessImageNameW() failed in util::GetFullProcessImageName()
Invalid custom action URI format (Missing value name: %1% in URI: %2%
d$xL9|$pr
t$HE3
.?AV_Root_node@std@@
.?AV<lambda_82deee1100d6b67a8ec6cf30992558ec>@@
network_down
AgentService.CreateProcNotificationListener::Constructor: Error creating short-form file name for injected DLL (32-bit): %s
CA^_^]
XA_A^A]_^[
memmove
AgentService.CreateProcNotificationListener::InjectIntoProcess: System exception caught, msg = %s
|$PL9e
AgentService.Util::GetProcessIntegrityLevel: Entry
(caller: %p)
AgentService.CreateProcNotificationListener::GetInjectionExePaths: x86 executables
AgentService.ServiceMain: Failed to start listening for notifications, status = 0x%X
strchr
interrupted
Unable to open the user hive: An error occurred while getting the SID from the user token
_callnewh
.?AV<lambda_eb7ae9d94fe9fa73929a60aad28c6ab0>@@
OpenProcess
lower
M(knN
VHH;U
CD$0H
fD92u
Repository::GetLocalStagingFolderPath()
__set_app_type
AgentService.CreateProcNotificationListener::InjectIntoProcessNeeded: Entry
AgentService.Util::GetUserSid: Exit ['%s']
D$@H;E@t,H
\Applications
.?AV?$_Ref_count@VIPCSender@Uev@@@std@@
unsigned long
.?AV?$basic_iostream@DU?$char_traits@D@std@@@std@@
Undefined template validation error reason
.?AVwindows_file_codecvt@@
f3EZf
040904B0
.rdata$zETW2
regex_error(error_space): There was insufficient memory to convert the expression into a finite state machine.
@USVWAVH
wrong_protocol_type
fB94su
L$0L9l$HL
XML parse was unsuccessful but no failure was given.
(D$@H
H;E`u
too many symbolic link levels
not enough memory
lstrcmpiW
Invalid remote store
I9v0w
swprintf_s
\$pE3
QH3PH
.?AV?$basic_stringbuf@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@
HcA<H
__crtLCMapStringW
D9%Bd
.?AVbad_alloc@std@@
A_A^A]A\_^]
unsigned __int64
Failure when selecting node.
@A__^[]
A_A^]
boost::too_few_args: format-string referred to more arguments than were passed
AgentService.NotificationListener:: Failed to create thread, status = 0x%X
JHcH<
u@HcD$H
fD9$qt
D$(fD
filename_too_long
Repository::IsFolderOwnerTheCurrentUser() - isOwner = %1%.
call to empty boost::function
fD9 u<E3
.?AV?$Setting@_N@Uev@@
\StringFileInfo\
ERROR
u#H9\$Xv
L9Ihv'H
H;]`u
uUL9}
@USVWAWH
AppAgent
.?AV?$ctype@D@std@@
.?AVTemplate@Uev@@
.?AVSystemParameterSetting@Uev@@
ReadFile
yxxxxxxxI
operation_would_block
WideCharToMultiByte
RegQueryValueExW
ProfileTemplateAssociation
D$0H;Ep
@SVWH
t$(E3
VWAUAVAWH
A_A^_^[
.?AV<lambda_0ee24aa830694d5ddd61c70d8c12c717>@@
.?AV?$basic_filebuf@DU?$char_traits@D@std@@@std@@
%TEMP%\Microsoft\UEV\LocalSyncFolder\SettingsPackages
VarFileInfo
LHcH<
_fmode
HRESULT
Repository::GetCurrentRepositoryPath
.?AV<lambda_b7a2c2cb75abc3b10818f45f6c8ee7d5>@@
no such file or directory
OptimalMinExternalFileSizeInBytes
.?AVTemplateManager@Uev@@
AgentService.CreateProcNotificationListener::InjectIntoProcess: Exit
UHL9}`H
\u&M;
Missing minimum attribute.
Failed to initialize the repository
.?AV?$bind_t@_NV?$mf3@_NVConfigUtil@Uev@@W4SettingSource@2@AEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@AEAJ@_mfi@boost@@V?$list4@V?$value@PEAVConfigUtil@Uev@@@_bi@boost@@U?$arg@$00@3@U?$arg@$01@3@U?$arg@$02@3@@_bi@3@@_bi@boost@@
TUUUUUU
VWAWH
()$^.*+?[]|\-{},:=!
ptree contains data that cannot be represented in JSON format
raB3G
AgentService.ServiceMain: Initialization failed: Returning service-specific error code = 0x%X
AgentService.CreateProcNotificationListener::InjectIntoProcessNeeded: Failed to read syncEnabled from registry. Defaulting to enabled. Error code: %1%
AgentService.CreateProcNotificationListener::LaunchAndWaitForInjectionProcess: Exit
Settings storage path has not been configured
GetFileVersionInfoW
_vsnwprintf
Configuration
8\u)H
_ I;_(
+v$x+v$xv$+xv+$xv$+x+$vx+$vx$v+x+$vx$+vx+v $+v $v $+v +$v $++$ v+$ v$ v++$ v$+ v+xv$+ v$v$ +v+ $v$ ++x$v+ $v$v ++ $v$ +v
Major
GpHcH
_Getmonths
d$pfD
RegDeleteTreeW
CreateFileW
.?AV<lambda_d9f037ece577aaa4f329e8e4410ffe3b>@@
Processes
.?AV<lambda_6703167a49a83608125fba016a6af536>@@
fB94Au
L9~8H
AgentService.Util::IsProcessTheShell: RegOpenKey failed: [%ul]
L$XL9l$pH
L9|$@r
Local\SM0:%d:%d:%hs
H;E u
Template ID does not exist
AgentService.NotificationListener::Stop: Exit
address family not supported
)D$p3
RegGetValueW
\$xI;
SUVWAVH
A^_^][
.?AV<lambda_69a3547dde0cd8105e13b6de5feb1779>@@
Repository::ClearCurrentRepositoryPath
stream timeout
SettingsImportNotifyEnabled
tIM;3u5
A^A]]
occurred while settings the current settings storage path.
FormatMessageW
regex_error(error_complexity): The complexity of an attempted match against a regular expression exceeded a pre-set level.
L9~(H
u#H9|$Hv
|$pL9d$@r
CoUninitialize
A_A^A]A\_
.?AV_Node_back@std@@
t$PfD
D$@fD
10.0.17763.1 (WinBuild.160101.0800)
L9l$Hr
L9u(r
A^A\_^[
Y(H;Y0tK@
D9&tZA
sQPI[5T
DeleteCriticalSection
A^A]A\
GetQueuedCompletionStatus
.?AV?$bind_t@_NV?$mf4@_NVConfigUtil@Uev@@W4SettingSource@2@AEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@AEBKAEAJ@_mfi@boost@@V?$list5@V?$value@PEAVConfigUtil@Uev@@@_bi@boost@@U?$arg@$00@3@V?$value@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@23@U?$arg@$01@3@U?$arg@$02@3@@_bi@3@@_bi@boost@@
D$`M;
AgentService.CreateProcNotificationListener::InjectIntoProcess: Entry
RtlCaptureContext
CL$8H
\$ f9
0123456789abcdefghijklmnopqrstuvwxyz
d$8E3
x ATAVAWH
gfffffffH
regex_error(error_syntax)
io error
CreateProcessAsUserW
l$PA_A^A]A\_^
t{HcL$ HcD$$H
d|BNeU
.CRT$XLA
|$PuKH
l$ VWAWH
GetFileSize
L9k tDH
AgentService.Util::CheckForMatchingApplicationTemplate: File name: '%s'
operation canceled
files
RoamingProfile::GetSettingsStoragePath() - Path = %1%.
EqualSid
Software\Microsoft\Uev\Agent\Runtime\TemplateRegistration
Unable to create MSXML document object.
AgentService.CreateProcNotificationListener::ValidateDigitalSignature: An unknown error occurred trying to verify the signature of the '%s' file.
.?AV<lambda_1e50b596ae2ef1683dc39a4eaa52e032>@@
.pkgx
fD9$xu
` UAVAWH
L9l$0
PassThroughPaths
!E;` }WH
(D$pL
.?AVthread_resource_error@boost@@
Failed to clear Active Directory settings storage path cache
application/octet-stream
L9k u
CT$`A
L9}8r
A_A^_
f#D$@H
CD$HfD
boost::thread_resource_error
Y08AHt
d$HfD
L9t$hr
WriteFile
regex_error(error_backref): The expression contained an invalid back reference.
Unable to set the enabled state for template ID
ContactITUrl
.?AV?$clone_impl@U?$error_info_injector@Vbad_format_string@io@boost@@@exception_detail@boost@@@exception_detail@boost@@
A_A^A\
WaitForSyncOnApplicationStart
AgentService.Util::GetProcessIntegrityLevel: Exit
H;]Pu
AgentService.NotificationListener::ListeningThread: Entry
D$ I;
AgentService.ControlHandler: Stop
ServiceStopped
AgentService.NotificationListener::ListeningThread: Exit, completionStatus = 0x%X
D$0H;
invalid_argument
.?AVRegistrySetting@Uev@@
AgentService.Util::EnablePrivilege: Entry
Roaming
AgentService.CreateProcNotificationListener::InjectIntoProcessNeeded: Exit, retVal = 0x%X
x AUAVAWH
M9S0tAHi
BackupProfile::GetSettingsStoragePath() - The settings storage path has not been configured.
z%u#H
HcF<HcV@;
Rollback
@USVWATAVAWH
>I;<$t0I
.?AV?$Setting@V?$list@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@V?$allocator@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@2@@std@@@Uev@@
AgentService.CreateProcNotificationListener::ProcessNotification: Exit
T$(E3
t$`fD
L$0L;
D$0,fD
^BNQ,^
|$`A;
G@HcH
AgentService.CreateProcNotificationListener::LaunchAndWaitForInjectionProcess: CreateProcess command line = %s
.?AV?$bind_t@_NV?$mf4@_NVConfigUtil@Uev@@W4SettingSource@2@AEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@AEBKAEAJ@_mfi@boost@@V?$list5@V?$value@PEAVConfigUtil@Uev@@@_bi@boost@@U?$arg@$00@3@U?$arg@$01@3@U?$arg@$02@3@U?$arg@$03@3@@_bi@3@@_bi@boost@@
u%A8h
@8t$pt:H
.EnvironmentVariable
write error
t;H;2u'L
Unable to set XML document 'async' property.
A_A^A]_^
ReleaseSRWLockExclusive
CL$ L
Architecture
AgentService.Util::GetNameOfMockShellProgram: Mock shell program is '%s'
I9w v
RtlLookupFunctionEntry
Unable to get file timestamp
AgentService.FilterConnection::Initialize: Entry
internal\sdk\inc\wil\resource.h
[%hs(%hs)]
.?AV?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@
QueryPerformanceCounter
regex_error(error_ctype): The expression contained an invalid character class name.
H;]`u
admin\appman\shared\boost_1_59\boost\exception\detail\exception_ptr.hpp
.?AV?$basic_oaltstringstream@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@io@boost@@
t$0E3
?u=I;
TemplateID
Failed to get the device folder name
.?AVCustomActionSetting@Uev@@
\Runtime\Recovery\
<}wdI
VdiProfile::GetSettingsStoragePath() - Unable to get the VDI collection name for a template using the VDI profile.
tFD;S@}@H
AgentService.CreateProcNotificationListener::ProcessNotification: Unexpected notification type, 0x%X
msvcrt.dll
Msxml2.XMLSchemaCache.6.0
VY$[X
\$ UVWATAUAVAWH
ungetc
StringFileInfo
RepositoryOwnerCheckEnabled
{|?uuH
<}wWI
t$ WAVAWH
::GetShortPathName failed
t$HL9}
SyncConditionsAssemblyName
0A_A^A]A\_
(D$pH
ole32.dll
l$ <0u
.?AVIMessageSender@Uev@@
Microsoft YaHei UI
D$hH;
gxI3!'
.?AV?$clone_impl@Ubad_exception_@exception_detail@boost@@@exception_detail@boost@@
already_connected
.?AV?$bind_t@_NV?$cmf4@_NVConfigUtil@Uev@@W4SettingSource@2@AEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@AEA_NAEAJ@_mfi@boost@@V?$list5@V?$value@PEAVConfigUtil@Uev@@@_bi@boost@@U?$arg@$00@3@V?$value@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@23@U?$arg@$01@3@U?$arg@$02@3@@_bi@3@@_bi@boost@@
\UevConnectCreateNotifyPort
H;\$0u
\syswow64\Microsoft.Uev.AppAgent.dll
DefaultVdiCollection
Vving1
H;}8t H
u{D8c
.?AV_Iostream_error_category@std@@
Repository::CreateRepositoryPath()
$>b~t
7T})gW
@A_A^A]
.text$mn
l$ VWAUAVAWH
{HH;{P
broken pipe
SVWATAVH
D$XE3
RegSetKeyValueW
;M$|DI
\$@L+
@8t$ptw@8t$qt
.?AVexception@boost@@
tdH;B
@bad locale name
setlocale
AgentService.Util::GetProcessIntegrityLevel: Error detected, msg = %s
boost::format_error: format generic failure
.?AV?$sp_counted_impl_p@V?$clone_impl@Ubad_alloc_@exception_detail@boost@@@exception_detail@boost@@@detail@boost@@
x ATAUAVH
protocol error
.?AVfile_parser_error@property_tree@boost@@
Timestamp
|$@fD
UevAgentService
(t$PH
|$pL9e
.?AVADSMethods@Uev@@
SUVWATAUAVAWH
ApHcP
text file busy
CXLc0H
.?AV?$ctype@_W@std@@
t$@fD
H;t$Hs
Maximum
@UWAVH
DecodePointer
D8t$pt8L
EventWriteTransfer
void __cdecl boost::property_tree::json_parser::write_json_internal<class boost::property_tree::basic_ptree<class std::basic_string<wchar_t,struct std::char_traits<wchar_t>,class std::allocator<wchar_t> >,class std::basic_string<wchar_t,struct std::char_traits<wchar_t>,class std::allocator<wchar_t> >,struct std::less<class std::basic_string<wchar_t,struct std::char_traits<wchar_t>,class std::allocator<wchar_t> > > >>(class std::basic_ostream<wchar_t,struct std::char_traits<wchar_t> > &,const class boost::property_tree::basic_ptree<class std::basic_string<wchar_t,struct std::char_traits<wchar_t>,class std::allocator<wchar_t> >,class std::basic_string<wchar_t,struct std::char_traits<wchar_t>,class std::allocator<wchar_t> >,struct std::less<class std::basic_string<wchar_t,struct std::char_traits<wchar_t>,class std::allocator<wchar_t> > > > &,const class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> > &,bool)
AgentService.CreateProcNotificationListener::Constructor: Error creating short-form file name for injected DLL (64-bit): %s
M94$t
hwp1p0
L9-4L
.?AV?$bind_t@_NV?$mf4@_NVConfigUtil@Uev@@W4SettingSource@2@AEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@KAEAJ@_mfi@boost@@V?$list5@V?$value@PEAVConfigUtil@Uev@@@_bi@boost@@U?$arg@$00@3@U?$arg@$01@3@U?$arg@$02@3@U?$arg@$03@3@@_bi@3@@_bi@boost@@
Template manager is null
shD8wht
.?AU?$default_delete@VProfile@Uev@@@std@@
.?AVDuplicateTemplateException@Uev@@
0123456789-+Ee
LkgStableExportsThreshold
x_^][
L9|$`
T$@E3
)D$pM
.?AV?$bind_t@_NV?$mf4@_NVConfigUtil@Uev@@W4SettingSource@2@AEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@_KAEAJ@_mfi@boost@@V?$list5@V?$value@PEAVConfigUtil@Uev@@@_bi@boost@@U?$arg@$00@3@U?$arg@$01@3@U?$arg@$02@3@U?$arg@$03@3@@_bi@3@@_bi@boost@@
L$`H3
address_family_not_supported
%d / %m / %y
D$@E3
I;<$t
D,(<
|$`fD
AgentService.CreateProcNotificationListener::ProcessNotification: Entry
AgentService.Util::EnablePrivilege: AdjustTokenPrivileges failed, error = 0x%X
%LOCALAPPDATA%\Microsoft\UEV\LocalSyncFolder\SettingsPackages
Offline Timestamp
w,H9Q
0123456789ABCDEFabcdef-+XxPp
fD9dp
AgentService.CreateProcNotificationListener::InjectIntoProcess: Failed to set session id in token, error = 0x%X
OHcP<
.?AVfilesystem_error@filesystem@boost@@
}XH;}PtSH
%.0Lf
AgentService.ServiceMain: The service was successfully initialized
fB9<Au
__mb_cur_max
t$lIc
D9%&Z
(< t6<$t,<+t"<vt
TargetType
ReplacedTemplates
4I;_(
timed out
AgentService.NotificationListener:: Failed to open completion port, status = 0x%X
8A^_^[
http://schemas.microsoft.com/opc/2011/relationships/pkgx/settings
IsDebuggerPresent
VdiProfile::GetSettingsStoragePath() - Error %1% occurred while getting the settings storage path from the repository.
I9Bhs
tAy&H
CT$`H
I9G0w
.rdata$zETW1
.?AV<lambda_8afb2e461a5463415d9aabbfb7946fb8>@@
](H;] t=H
AgentService.Util::GetNameOfMockShellProgram: Entry
.?AVGetUserSidException@Uev@@
A^A\_^]
??1exception@@UEAA@XZ
@A_A^A\
L9d$hr
permission denied
TemplateEnabled
D$0HcP
RtlVirtualUnwind
D$PfD
GetModuleFileNameW
D$pHcH
??3@YAXPEAX@Z
pA_A^_^]
RaiseFailFastException
state not recoverable
Template ID
+dBVY
XH;] u
A_A^A]_^
Invalid normalized file path format (no closing } character found).
failed. HRESULT:
regex_error(error_escape): The expression contained an invalid escaped character, or a trailing escape.
AgentService.Util::GetDwordConfigValue: Failed to open configuration key, status = 0x%X
w*H9Q
fD94Ou
,pD8l$xtqH
9D$hu$D9u
F(H9C(
Invalid custom action URI format (5): %1%
islower
8/tlf
.CRT$XCA
w9X!P/
.PEAX
SOFTWARE\POLICIES\Microsoft\UEV\
.?AU?$error_info_injector@Vtoo_many_args@io@boost@@@exception_detail@boost@@
KERNEL32.dll
.?AV?$bind_t@_NV?$mf3@_NVConfigUtil@Uev@@W4SettingSource@2@AEAV?$list@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@V?$allocator@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@2@@std@@AEAJ@_mfi@boost@@V?$list4@V?$value@PEAVConfigUtil@Uev@@@_bi@boost@@U?$arg@$00@3@U?$arg@$01@3@U?$arg@$02@3@@_bi@3@@_bi@boost@@
A^A]A\_]
E8wHt\M
<xuG@
L9} r
\$PH;\$X
C@HcP
invalid hash_map<K, T> key
.?AV?$bind_t@_NV?$cmf5@_NVConfigUtil@Uev@@W4SettingSource@2@AEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@AEAV45@AEAJ_N@_mfi@boost@@V?$list6@V?$value@PEAVConfigUtil@Uev@@@_bi@boost@@U?$arg@$00@3@V?$value@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@23@U?$arg@$01@3@U?$arg@$02@3@V?$value@_N@23@@_bi@3@@_bi@boost@@
~H9O u
T$8H!\$8
_PH9G
FWph?r
UnhandledExceptionFilter
\system32\mavinject.exe
http://schemas.microsoft.com/opc/2011/relationships/pkgx/settingFile
operation in progress
EventUnregister
v:fD;
@SUVWATAUAVAWH
No repository path found
.?AV?$_Ref_count_del@VITemplate@Uev@@U?$default_delete@VITemplate@Uev@@@std@@@std@@
_free_locale
H;EPu
D$0L;
VS_VERSION_INFO
CreateWellKnownSid
\$xH;
0123456789-
.?AV?$_Ref_count@VConfiguration@Uev@@@std@@
class std::basic_string
abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789_
x UATAUAVAWH
Common::IsOnlyCentennialOfficeTemplateRegistered() - Entering.
Repository::Repository() - Error no repository path was configured.
A_A^_^]
filename too long
.CRT$XCZ
Unable to set XML schema cache.
HideSettingsPackagesFolder
digit
Invalid custom action URI format (2): %1%
AgentService.CreateProcNotificationListener::ValidateDigitalSignature: The signature present in file '%s' is not trusted.
.?AV<lambda_88a22f8744ea05a72eadfb477985de3b>@@
map/set<T> too long
Exception
FilterGetMessage
CL$(L
BackupProfile::AreWin8AppsAssociated()
. HRESULT: E_FAIL
too_many_files_open
;D$0t
false
.data
L9}@r
L$pH;
RestoreCount
t)L9}8r
Common::IsOnlyCentennialOfficeTemplateRegistered - RegQueryInfoKey returned = %1%. cValues = %2%
^(I;^0tO@
device or resource busy
Segoe UI SemiBold
H;u@u
d$XL9}
Win32ErrorCode
.?AV?$bind_t@_NV?$cmf4@_NVConfigUtil@Uev@@W4SettingSource@2@AEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@AEA_KAEAJ@_mfi@boost@@V?$list5@V?$value@PEAVConfigUtil@Uev@@@_bi@boost@@U?$arg@$00@3@U?$arg@$01@3@U?$arg@$02@3@U?$arg@$03@3@@_bi@3@@_bi@boost@@
memset
AgentService.NotificationListener::Start: Exit, retStatus = 0x%X
[%hs]
@8s)t
0A_A^A\_^][
unknown error
ldexp
L9-UU
t$HfD92u
boost::filesystem::create_directory
ProhibitDTD
|$hfD
H9|$Hr
AgentService.ServiceMain: Service control handler registration failed, error = 0x%X
result out of range
L9u u8
d$`fD
\$ UVWAVAWH
GetProcAddress
Unable to add an entry for the UE-V agent service to the App-V 4.x ServiceInclusions registry key (error code 0x%X)
AgentService.NotificationListener::Stop: Timed out waiting for threads to exit
OptimalMaxNumExternalFiles
.?AV?$basic_ostringstream@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@
AgentService.CreateProcNotificationListener::GetInjectionExePaths: Exit
l6s+o
MicrosoftCentennialOfficeWin64
ProductName
An invalid formatted log message was thrown away
TlsGetValue
l$@fD
DuplicateTokenEx
M9n(u2I
SyncProvider
Common
.?AU?$default_delete@VIRemoteStore@Uev@@@std@@
File read error
H;\$(u
.idata$6
D$`E3
L;t$xt
DontSyncWindows8AppSettings
no such process
L;L$(A
.?AV?$sp_counted_impl_p@V?$clone_impl@Ubad_exception_@exception_detail@boost@@@exception_detail@boost@@@detail@boost@@
LocalizedDescriptions
Unable to set XML document 'ResolveExternals' property.
TemplateProfile
AgentService.Util::IsProcessTheShell: Exit [%s]
.?AVptree_error@property_tree@boost@@
AlwaysApplySettings
.?AV<lambda_e075ded2ec621c65fab697b6e7de25b4>@@
t^@8=
@A_A^_^]
D$HE3
)t$0H
CT$xH
@8q t
not_a_socket
.CRT$XCC
bad_file_descriptor
z:u8H
__pctype_func
w,H9S
Unable to set XML schema 'ProhibitDTD' property.
AgentService.NotificationListener::Listen: Un-expected exception
A@H90t4L
t$ UWAVH
kHE8n
H;\$pu
Unable to set XML document 'ValidateOnParse' property.
H;}8t
FileVersion
AgentService.CreateProcNotificationListener::GetInjectionExePaths: Entry
class boost::exception_ptr __cdecl boost::exception_detail::get_static_exception_object<struct boost::exception_detail::bad_alloc_>(void)
Common::IsOnlyCentennialOfficeTemplateRegistered - RegEnumValue returned = %1%. valueName = %2%
tolower
|$hA;
L$hH3
AgentService.ServiceMain: Unexpected exception caught, msg = %s
.?AVlength_error@std@@
.?AV<lambda_89f58b90eaf3e9de9e3071b779af0368>@@
SVWAVH
p AWH
.?AV<lambda_4308d5e239f546dfa9c027a43d96d5e2>@@
TlsAlloc
.?AVsystem_error@std@@
The template has been previously replaced
Locale
Email
regex_error(error_brace): The expression contained mismatched { and }.
CL$HH
rY&'K
Count
t$ E3
ContactITDescription
M;a0u
D9d$huhD
.?AV?$_Ref_count_del@VProfile@Uev@@U?$default_delete@VProfile@Uev@@@std@@@std@@
H;0u2H
L;|$Ht
@8l$(t
bad address
@W=7A=
GetProcessMitigationPolicy
.?AV_Node_assert@std@@
fA9Z*v$A
UAVAWH
A_A^_
uD8\$Hu
memcpy_s
operation not permitted
Segoe UI Light
HHtfH
xf9Dz
8-uGH
USVWATAVAWH
u(L9}`r
.?AV<lambda_206c5f021f2311a4615fd7810822368e>@@
)D$pH+_
<Error accessing system message>
File open error
OptimalMaxPackageSizeInBytes
.?AV?$bind_t@_NV?$mf4@_NVConfigUtil@Uev@@W4SettingSource@2@AEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@AEB_KAEAJ@_mfi@boost@@V?$list5@V?$value@PEAVConfigUtil@Uev@@@_bi@boost@@U?$arg@$00@3@U?$arg@$01@3@U?$arg@$02@3@U?$arg@$03@3@@_bi@3@@_bi@boost@@
D$`H;
>I;<$r
0A_A^_^[
f9|$`u
: System error code
.?AV?$_Iosb@H@std@@
H;]@u
.?AV?$base_from_member@V?$shared_ptr@V?$basic_altstringbuf@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@io@boost@@@boost@@$0A@@boost@@
Repository path found
SyncOverMeteredNetwork
\$0HcH
Failed to get Win8 App association from roaming profile
xA_A^A]A\_^[]
NotImplementedException
D8q@uZA
|$(L9e
|$8tQE
RoamingProfile::GetSettingsStoragePath() - Error %1% occurred while getting the settings storage path from the repository.
vxH;C
mbstowcs_s
VerQueryValueW
.?AVtoo_few_args@io@boost@@
fF9$@u
.?AVclone_base@exception_detail@boost@@
Initial
@UVWATAUAVAWH
boost::filesystem::status
CreateMutexExW
AgentService.FilterConnection::Initialize: Exit, retStatus = 0x%X
.?AVerror_category@std@@
L$XL+
EventRegister
DeleteIfNotFound
8-uKH
Invalid known folder GUID:
_wcsdup
.?AV?$bind_t@_NV?$mf4@_NVConfigUtil@Uev@@W4SettingSource@2@AEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@AEBV45@AEAJ@_mfi@boost@@V?$list5@V?$value@PEAVConfigUtil@Uev@@@_bi@boost@@U?$arg@$00@3@U?$arg@$01@3@U?$arg@$02@3@U?$arg@$03@3@@_bi@3@@_bi@boost@@
.?AVPackageManagerException@Uev@@
@UVWH
Asynchronous
A_A^_^]
u(H;u0
DeleteFileW
CoInitializeEx
v9L9A
Template file could not be deleted
?name@type_info@@QEBAPEBDXZ
__crtCompareStringA
.?AV?$basic_stringbuf@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@
.?AVout_of_range@std@@
ios_base::eofbit set
.?AVbad_lexical_cast@boost@@
HcEPH
HeapAlloc
A_A^A\_^
InvalidXmlException
OfficeWDAGEnabledOnHost
MaxPackageSizeInBytes
u)f9+u
destination address required
D9t$xt
AgentService.CreateProcNotificationListener::ProcessNotification: Invalid parameter
SettingsPackages
MicrosoftCentennialOfficeWin32
SVWAVAWH
l$HfD
Repository::IsFolderOwnerTheCurrentUser() - GetNamedSecurityInfo failed with error
AgentService.FilterConnection::PostReceiveBuffer: Exit, retStatus = 0x%X
H;\$(u
.data$brc
file exists
L$pH3
Description
AgentService.CreateProcNotificationListener::LaunchAndWaitForInjectionProcess: CreateProcess failed, error = 0x%X
.?AV?$bind_t@_NV?$mf4@_NVConfigUtil@Uev@@W4SettingSource@2@AEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@AEB_KAEAJ@_mfi@boost@@V?$list5@V?$value@PEAVConfigUtil@Uev@@@_bi@boost@@U?$arg@$00@3@V?$value@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@23@U?$arg@$01@3@U?$arg@$02@3@@_bi@3@@_bi@boost@@
H3E H3E
InternalName
<x\uBH
SOFTWARE\Microsoft\UEV\Agent\Processes
\$0f;
WaitForSyncOnLogon
malloc
L9|$@
}@L9u
L9-'@
FilterSendMsgTimeout
C@H98t
|$xfD
.rsrc$02
{ L+|$PL
Current
_unlock
L9-kG
H;{@u
iostream
.?AV?$collate@_W@std@@
wrong protocol type
L9uHr
CL$(H
en-US
(t$0H
FindNextFileW
TlsSetValue
OLEAUT32.dll
s(D8f
SyncMethod
.text$di
@8yht6H
Template::GetProfile() - Found profile %1% for template %2%.
FirstTimeLogon
FindClose
9Ct|cD
H!|$(
H;]pu
USVWAVAWH
.?AVTemplateIndexException@Uev@@
DebugTraceLogFilter
.?AV_Facet_base@std@@
TemplateGeneratorVersion
ValidateOnParse
VATAUAVAWH
H9D$Pt
VWATAVAWH
D8"u3H
l$0H;
AgentService.ServiceMain: Failed to set necessary privilege, status = 0x%X
bad message
BackupProfile::GetDeviceFolderName()
AgentService.Util::GetNameOfMockShellProgram: ::RegGetValueW() [2] returned system error code 0x%lX
L$(H3
|$`E3
SettingsImportNotifyDelayInSeconds
L9-C:
GetCurrentProcessId
fB9,Cu
L$XH3
RegCreateKeyExW
WindowsSettings
PERFORMANCE
fG9,Du
.rdata$zETW0
\Runtime\Restore\
argument list too long
host unreachable
/A8vQH
Failure adding template schema 2013.
d$8L9|$pr
.?AV_Node_capture@std@@
network_reset
IcF$I
TemplateVersion
.?AU?$default_delete@VITemplate@Uev@@@std@@
L9-DO
boost::too_many_args: format-string referred to fewer arguments than were passed
WaitForSingleObjectEx
regex_error
ExcludedFileTypes
iostream stream error
BackupProfile::GetSettingsStoragePath()
|$`H+
UTCReplace_AppSessionGuid
VdiProfile::GetSettingsStoragePath() - The settings storage path has not been configured.
.?AVjson_parser_error@json_parser@property_tree@boost@@
<:w@H
I9~0w
.?AVcodecvt_error_cat@?A0xed6c1cf5@@
Repository::IsFolderOwnerTheCurrentUser() - OpenProcessToken failed with error
bad file descriptor
\syswow64\mavinject.exe
H;]Pu
regex_error(error_paren): The expression contained mismatched ( and ).
.?AVNotificationListener@Uev@@
Microsoft.Uev.SmbSyncProvider
no such device or address
Call to HeapAlloc() returned 0
.?AVFileSetting@Uev@@
Profile::GetProfileFromTemplate()
@USVWH
CoTaskMemFree
L!d$(D!d$ L
Profiles
Msxml2.DOMDocument.6.0
.?AUctype_base@std@@
H;k(r
.CRT$XIZ
address_in_use
.?AV?$codecvt@DDH@std@@
I92u)A8h
H91u~
ProfileFactory::CreateProfile(String)
abort
profileType
GetShortPathNameW
InitializeCriticalSectionEx
EncodePointer
!This program cannot be run in DOS mode.
ADsGetObject failed for LDAP path: '
HH9J(u
H9Ahs
TemplateAction
Msg:[%ws]
A@HcP
@A^_^
Failed to register the UE-V event log service for IPC
yxxxxxxxMi
already connected
|$`I;
L9l$P
AreFileApisANSI
SOFTWARE\Wow6432Node\Microsoft\SoftGrid\4.5\Client\AppFS\ServiceInclusions
Exclude
AgentService.Util::IsProcessTheShell: An error occurred while testing whether the current process is the Shell: %s
A_A^A]A\_^[
GetLocaleInfoW
ACTIVEDS.dll
.?AVbad_exception@std@@
H09O0v
8\$Hu
\VarFileInfo\Translation
A^_^[]
@A^A\_
\$ Lc
%m / %d / %y
.?AV<lambda_d8153584035bfcbca7732d8f3fea2a1d>@@
S<D;S@|
Failed to register the UE-V event log service for Agent Service
.?AV<lambda_a232c356c75f3be5a2b68b7625a9142e>@@
__crtCompareStringW
|$`H;
Invalid normalized file path format (no closing ] character found).
Yu Gothic UI Light
{(H;~
ProfileList
d$XfD
.?AVSmartHandleException@Uev@@
D$ fD
Success
<}wYI
L9u u^
.?AV?$basic_ios@_WU?$char_traits@_W@std@@@std@@
f3E^f
L9{@u
OpenSemaphoreW
VdiCollectionName
GetCurrentUserDN failed for userDN:
XH;]Pu
file too large
SOFTWARE\Microsoft\UEV\Agent\ShellProcesses\
AgentService.CreateProcNotificationListener::InjectIntoProcessNeeded: Unrecognized exception occurred
not a socket
A_A^A]A\^
f9H\u
EnterCriticalSection
AgentService.CreateProcNotificationListener::SetupLaunchCmdLine: Entry
.CRT$XCU
___lc_collate_cp_func
RegDeleteKeyExW
xvH9]
)D$@L
_errno
.?AV<lambda_61fa8b24d8be1bbe80a7aacac63655b7>@@
SyncOverMeteredNetworkWhenRoaming
AgentService.Util::CheckForMatchingApplicationTemplate: Product version: '%s'
AgentService.NotificationListener::Stop: Filter connection close failed, status = 0x%X
SyncEnabled
AgentService.CreateProcNotificationListener::ProcessNotification: Injecting AppAgent into process (PID %lu)
t$0fD
H#L$0H
LogImpl::LogImpl() - An error occurred while opening the local debug log file. Debug logging to the local file will be disabled.
H9V0w
(|$PH
CD$(H
B84:u
graph
.?AV?$bind_t@_NV?$mf4@_NVConfigUtil@Uev@@W4SettingSource@2@AEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@AEBV?$list@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@V?$allocator@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@2@@5@AEAJ@_mfi@boost@@V?$list5@V?$value@PEAVConfigUtil@Uev@@@_bi@boost@@U?$arg@$00@3@V?$value@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@23@U?$arg@$01@3@U?$arg@$02@3@@_bi@3@@_bi@boost@@
%hs(%d) tid(%x) %08X %ws
AgentService.Util::IsProcessTheShell: This process is recognized as the mock shell
2333333
AgentService.Util::CheckForMatchingApplicationTemplate: Exit( '%s' )
.?AV<lambda_0aa0567311d44fa95716334b11b9545a>@@
`A_A^_^]
isdigit
9C s!H
KnownFolder
GetCurrentProcess
usA8]
t$4@2
Leelawadee UI Semilight
9D$huFH
.?AVTemplateIndex@Uev@@
Unable to open the hive for user
;T$xr
d$ E3
AgentService.Util::GetNameOfMockShellProgram: ::RegGetValueW() [1] returned system error code 0x%lX
Required node is missing.
class std::list
fD9#u
L;L$(t
__uncaught_exception
Repository::Repository() - CreateWellKnownSid() returned error
not a stream
LocalFree
.?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@
fD90u=E3
D$8E3
L9o@t
.?AVResultException@wil@@
.?AVUncStore@Uev@@
Agent
H;uPt
AgentService.Util::GetUserSid: Entry
A_A^_^][
.?AVUnresolvableEnvironmentVariableException@Uev@@
XH;|$xu
.?AV?$clone_impl@U?$error_info_injector@Vjson_parser_error@json_parser@property_tree@boost@@@exception_detail@boost@@@exception_detail@boost@@
Translation
.?AVScopeTracker@Uev@@
A_A^A]A\_^]
.?AV_Node_end_group@std@@
.?AVInvalidArgumentException@Uev@@
fD9D$ t
fA98u
alnum
M+<$I
operation_not_supported
FLTLIB.DLL
WilError_02
.?AVAppV5xServiceInclusion@Uev@@
AgentService.Util::GetNameOfMockShellProgram: Exit ['%s']
??_V@YAXPEAX@Z
.?AV?$basic_istream@_WU?$char_traits@_W@std@@@std@@
GetNamedSecurityInfoW
6f93t
address_not_available
VdiProfile::GetSettingsStoragePath() - Path = %1%.
L9-I>
AgentService.ServiceMain: Exit
AgentService.Util::GetNameOfMockShellProgram: No mock shell program has been defined
.?AV<lambda_51e7cf26dc38d816c907af23792d461c>@@
APHcP
Attempting to use an invalid handle.
D;o }*E
L$0H;
ProductVersion
t$ I;
|$0fD
d$@fD
http://schemas.microsoft.com/UserExperienceVirtualization/2012/SettingsLocationTemplate
|$4E3
.?AV?$codecvt@_WDH@std@@
AgentService.NotificationListener::Listen: Exit
t$PE3
L9C(u
yxxxxxxxH+
InstancePackageLog::InstancePackageLog() - Value logging is enabled =
__CxxFrameHandler3
connection_refused
_onexit
MaxPackageSettingSizeInBytes
L9F0w
.CRT$XIAA
.?AV?$bind_t@_NV?$cmf4@_NVConfigUtil@Uev@@W4SettingSource@2@AEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@AEA_KAEAJ@_mfi@boost@@V?$list5@V?$value@PEAVConfigUtil@Uev@@@_bi@boost@@U?$arg@$00@3@V?$value@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@23@U?$arg@$01@3@U?$arg@$02@3@@_bi@3@@_bi@boost@@
Failed to fetch 'SettingsStoragePath' from the registry.
/F8vTH
bad lexical cast: source type value could not be interpreted as target
no_protocol_option
TimeToWaitBeforeInject
InstallTimestamp
Build
1o?-XfF
A_A^A\_^[]
VdiProfile::AreWin8AppsAssociated()
Windows
yxxxxxxxI+
function not supported
Health
Applications
Template administrator is null
SUVWATAVAWH
M;AHM
.?AV?$basic_ios@DU?$char_traits@D@std@@@std@@
Call to GetProcessHeap() returned 0
Unable to create MSXML schema cache object.
E;a }1H
8\$8u
H;u0
Unable to create a template index subkey.
ProfileWin8AppAssociation
.?AV?$_Ref_count@VADSMethods@Uev@@@std@@
.?AVsp_counted_base@detail@boost@@
invalid argument
.?AVbad_function_call@boost@@
.?AV<lambda_74741e88e9e32d376f98dd7c4a7d3575>@@
@8|$4t(A
AgentService.CreateProcNotificationListener::GetInjectionExePaths: Failed to determine if process is running under WoW64
M;Y0u
no such device
.idata$2
.?AVInvalidXmlException@Uev@@
x AVH
@8{pt
AgentService.exe
.CRT$XCL
Yu Gothic UI
illegal byte sequence
t,L9k
Unable to set XMLDomDocument 'SelectionNamespaces' property.
AppAgentCommon
L$dE3
Invalid (null) pointer
AgentService.NotificationListener::Listen: Un-expected receive message size
.tls$
FormatMessageA
+D$h3
D$ L;
CreateIoCompletionPort
LookupPrivilegeValueW
L$0I;
@VWATAVAWH
D8t$pt^H
.xdata
0A__^[]
.gfids
} fD9:u
AgentService.NotificationListener::Stop: Entry
Segoe Pseudo
ServiceStarted
uK8L$Hu
L9L$(D
H;>tFH
f90u)M
??0exception@@QEAA@AEBV0@@Z
%hs(%d)\%hs!%p:
Operating System
.?AVITemplateAdministrator@Uev@@
AgentService.Main: Entry
GetSidSubAuthority() failed
Orchestrator
LcExH
.?AV_Node_end_rep@std@@
GetSidSubAuthorityCount() failed
DeferToMSAccount
vector<T> too long
RoamingProfile::AreWin8AppsAssociated() - Failed getting Win8 App association for the roaming profile. Error = %1%.
LDAP://
Unable to set template registration timestamp
GetModuleHandleExW
Unable to read App-V 4.x virtual environment override entry. (error code 0x%X)
_cexit
partial
<%ufH
UevAgentService1
GetLocalTime
g\Microsoft\UEV\Templates
E,D8f
VG2/iI
|$0E3
pA_A^A\_^[]
UVWAUAVH
OleRun
.?AVgeneric_error_category@?A0x90fe97d7@system@boost@@
t$ WATAUAVAWH
.?AVRegistryPath@Uev@@
.?AVCreateProcNotificationListener@Uev@@
Settings
GetLastError
@USVWATAUAVAWH
UWAWH
_commode
<xt"E3
GetTokenInformation() should have failed and returned a buffer length value
LogHr
fffffff
_amsg_exit
??0bad_cast@@QEAA@AEBV0@@Z
?terminate@@YAXXZ
AUAVAWH
D$8H!t$8H
AgentService.CreateProcNotificationListener::GetInjectionExePaths: x64 executables
Invalid normalized file path format (no root delimiter found).
Profile
0123456789ABCDEF
Path is not a local file path or UNC network path. Path:
HA_A^_^][
fD94Hu
D;|$xr
Unknown
fD94Gu
AgentService.Util::GetDwordConfigValue: Unexpected value type, type = 0x%X
A_A]A\
_stricmp
no_buffer_space
t_H;}
pA_A^A]A\_^]
Failure adding template schema 2012.
File creation error (sharing violation)
.?AVproductionSlapiProxy@SlapiWrapper@Shared@AppMan@@
CL$0L
uzD8c
Leelawadee UI
D$HL;`x
A_A^A]A\]
A_A^A]_]
)t$pH
<vth<x
(D$@3
GetSystemInfo
t"D8='
L9u0r
!!Error occurred while converting string from Unicode to MultiByte. Log message has been lost!!
`.rdata
t$0H9}
.?AVTemplateAdministrator@Uev@@
AgentService.NotificationListener::Listen: Un-expected error obtaining queued completion status, status = 0x%X
Reason:
bWti^
RegQueryInfoKeyW
D9t$x
|'D;?
.?AVFilePath@Uev@@
RegCloseKey
|$`I+
|$ UATAUAVAWH
regex_error(error_brack): The expression contained mismatched [ and ].
.?AU?$error_info_injector@Vbad_format_string@io@boost@@@exception_detail@boost@@
ADSettingsStoragePath
SessionId
AgentService.Util::CheckForMatchingApplicationTemplate: Template Manager is NULL.
D$8fD
fB94Bu
PE Information
| Image Base | Entry Point | Reported Checksum | Actual Checksum | Minimum OS Version | PDB Path | Compile Time | Import Hash |
|---|---|---|---|---|---|---|---|
| 0x140000000 | 0x000b6210 | 0x00126e43 | 0x00126e43 | 10.0 | AgentService.pdb | 2021-08-11 11:57:23 | 26726e2f78645ad9c311f13886afe185 |
Version Infos
| CompanyName | Microsoft Corporation |
|---|---|
| FileDescription | AgentService EXE |
| FileVersion | 10.0.17763.1 (WinBuild.160101.0800) |
| InternalName | AgentService EXE |
| LegalCopyright | รยฉ Microsoft Corporation. All rights reserved. |
| OriginalFilename | AgentService.exe |
| ProductName | Microsoftรยฎ Windowsรยฎ Operating System |
| ProductVersion | 10.0.17763.1 |
| Translation | 0x0409 0x04b0 |
Sections
| Name | RAW Address | Virtual Address | Virtual Size | Size of Raw Data | Characteristics | Entropy |
|---|---|---|---|---|---|---|
| .text | 0x00000400 | 0x00001000 | 0x000c366c | 0x000c3800 | IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ | 6.36 |
| .rdata | 0x000c3c00 | 0x000c5000 | 0x0004c3ba | 0x0004c400 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ | 4.56 |
| .data | 0x00110000 | 0x00112000 | 0x00008dd8 | 0x00007200 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE | 4.76 |
| .pdata | 0x00117200 | 0x0011b000 | 0x00007830 | 0x00007a00 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ | 5.92 |
| .rsrc | 0x0011ec00 | 0x00123000 | 0x00000520 | 0x00000600 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ | 2.94 |
| .reloc | 0x0011f200 | 0x00124000 | 0x00001168 | 0x00001200 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ | 5.41 |
| Name | Offset | Size | Language | Sub-language | Entropy | File type |
|---|---|---|---|---|---|---|
| MUI | 0x00123458 | 0x000000c8 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 2.67 | None |
| RT_VERSION | 0x001230b0 | 0x000003a8 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 3.44 | None |
Imports
| Name | Address |
|---|---|
| __set_app_type | 0x1400c8e30 |
| __getmainargs | 0x1400c8e38 |
| _amsg_exit | 0x1400c8e40 |
| _XcptFilter | 0x1400c8e48 |
| isdigit | 0x1400c8e50 |
| isalnum | 0x1400c8e58 |
| memcmp | 0x1400c8e60 |
| ___lc_collate_cp_func | 0x1400c8e68 |
| memchr | 0x1400c8e70 |
| tolower | 0x1400c8e78 |
| isspace | 0x1400c8e80 |
| _Strftime | 0x1400c8e88 |
| _Gettnames | 0x1400c8e90 |
| __mb_cur_max | 0x1400c8e98 |
| _Wcsftime | 0x1400c8ea0 |
| _W_Gettnames | 0x1400c8ea8 |
| _W_Getmonths | 0x1400c8eb0 |
| _W_Getdays | 0x1400c8eb8 |
| _Getmonths | 0x1400c8ec0 |
| _Getdays | 0x1400c8ec8 |
| memcpy_s | 0x1400c8ed0 |
| ldexp | 0x1400c8ed8 |
| realloc | 0x1400c8ee0 |
| abort | 0x1400c8ee8 |
| _free_locale | 0x1400c8ef0 |
| _get_current_locale | 0x1400c8ef8 |
| __crtLCMapStringA | 0x1400c8f00 |
| __crtLCMapStringW | 0x1400c8f08 |
| __crtCompareStringA | 0x1400c8f10 |
| __crtCompareStringW | 0x1400c8f18 |
| ??8type_info@@QEBAHAEBV0@@Z | 0x1400c8f20 |
| _wcsdup | 0x1400c8f28 |
| __uncaught_exception | 0x1400c8f30 |
| islower | 0x1400c8f38 |
| memset | 0x1400c8f40 |
| _ismbblead | 0x1400c8f48 |
| ___mb_cur_max_func | 0x1400c8f50 |
| calloc | 0x1400c8f58 |
| ___lc_codepage_func | 0x1400c8f60 |
| ___lc_handle_func | 0x1400c8f68 |
| isupper | 0x1400c8f70 |
| exit | 0x1400c8f78 |
| setlocale | 0x1400c8f80 |
| _unlock | 0x1400c8f88 |
| _lock | 0x1400c8f90 |
| _errno | 0x1400c8f98 |
| memmove | 0x1400c8fa0 |
| memcpy | 0x1400c8fa8 |
| _CxxThrowException | 0x1400c8fb0 |
| ??0exception@@QEAA@AEBQEBDH@Z | 0x1400c8fb8 |
| _callnewh | 0x1400c8fc0 |
| malloc | 0x1400c8fc8 |
| sprintf_s | 0x1400c8fd0 |
| localeconv | 0x1400c8fd8 |
| ?name@type_info@@QEBAPEBDXZ | 0x1400c8fe0 |
| ??0exception@@QEAA@XZ | 0x1400c8fe8 |
| strcspn | 0x1400c8ff0 |
| free | 0x1400c8ff8 |
| _vsnwprintf | 0x1400c9000 |
| _vsnprintf_s | 0x1400c9008 |
| fputc | 0x1400c9010 |
| fflush | 0x1400c9018 |
| fclose | 0x1400c9020 |
| fgetc | 0x1400c9028 |
| fwrite | 0x1400c9030 |
| fgetpos | 0x1400c9038 |
| setvbuf | 0x1400c9040 |
| ungetc | 0x1400c9048 |
| fsetpos | 0x1400c9050 |
| _fseeki64 | 0x1400c9058 |
| _wcsicmp | 0x1400c9060 |
| _wtoi | 0x1400c9068 |
| strchr | 0x1400c9070 |
| ldiv | 0x1400c9078 |
| time | 0x1400c9080 |
| _wcsnicmp | 0x1400c9088 |
| _stricmp | 0x1400c9090 |
| strerror | 0x1400c9098 |
| fseek | 0x1400c90a0 |
| _wfsopen | 0x1400c90a8 |
| mbstowcs_s | 0x1400c90b0 |
| __CxxFrameHandler3 | 0x1400c90b8 |
| ??_V@YAXPEAX@Z | 0x1400c90c0 |
| _purecall | 0x1400c90c8 |
| swprintf_s | 0x1400c90d0 |
| _exit | 0x1400c90d8 |
| _cexit | 0x1400c90e0 |
| __setusermatherr | 0x1400c90e8 |
| _initterm | 0x1400c90f0 |
| __C_specific_handler | 0x1400c90f8 |
| _fmode | 0x1400c9100 |
| _commode | 0x1400c9108 |
| ?terminate@@YAXXZ | 0x1400c9110 |
| __dllonexit | 0x1400c9118 |
| _onexit | 0x1400c9120 |
| ??1type_info@@UEAA@XZ | 0x1400c9128 |
| ??3@YAXPEAX@Z | 0x1400c9130 |
| __pctype_func | 0x1400c9138 |
| ??0exception@@QEAA@AEBV0@@Z | 0x1400c9140 |
| ??0exception@@QEAA@AEBQEBD@Z | 0x1400c9148 |
| ??1exception@@UEAA@XZ | 0x1400c9150 |
| ?what@exception@@UEBAPEBDXZ | 0x1400c9158 |
| ??0bad_cast@@QEAA@AEBV0@@Z | 0x1400c9160 |
| ??0bad_cast@@QEAA@PEBD@Z | 0x1400c9168 |
| ??1bad_cast@@UEAA@XZ | 0x1400c9170 |
| wcscmp | 0x1400c9178 |
| Name | Address |
|---|---|
| RtlCaptureContext | 0x1400c9188 |
| RtlLookupFunctionEntry | 0x1400c9190 |
| RtlVirtualUnwind | 0x1400c9198 |
| Name | Address |
|---|---|
| CoInitializeEx | 0x1400c91a8 |
| CoTaskMemFree | 0x1400c91b0 |
| CLSIDFromProgID | 0x1400c91b8 |
| OleRun | 0x1400c91c0 |
| CoUninitialize | 0x1400c91c8 |
| CoCreateInstance | 0x1400c91d0 |
| CLSIDFromString | 0x1400c91d8 |
| Name | Address |
|---|---|
| SysStringLen | 0x1400c8dc0 |
| SysFreeString | 0x1400c8dc8 |
| SysAllocString | 0x1400c8dd0 |
| SysAllocStringByteLen | 0x1400c8dd8 |
| VariantClear | 0x1400c8de0 |
| Name | Address |
|---|---|
| WinVerifyTrust | 0x1400c8e20 |
| Name | Address |
|---|---|
| FilterReplyMessage | 0x1400c8ac0 |
| FilterGetMessage | 0x1400c8ac8 |
| FilterConnectCommunicationPort | 0x1400c8ad0 |
| Name | Address |
|---|---|
| SHGetKnownFolderPath | 0x1400c8df0 |
| Name | Address |
|---|---|
| GetFileVersionInfoW | 0x1400c8e00 |
| VerQueryValueW | 0x1400c8e08 |
| GetFileVersionInfoSizeW | 0x1400c8e10 |
Usage
Processing ( 11.30 seconds )
- 10.303 ProcessMemory
- 0.982 CAPE
- 0.01 BehaviorAnalysis
- 0.006 AnalysisInfo
- 0.001 Debug
Signatures ( 0.06 seconds )
- 0.008 ransomware_files
- 0.006 antiav_detectreg
- 0.005 antianalysis_detectfile
- 0.005 ransomware_extensions
- 0.003 ursnif_behavior
- 0.002 antiav_detectfile
- 0.002 infostealer_ftp
- 0.002 infostealer_im
- 0.002 poullight_files
- 0.002 territorial_disputes_sigs
- 0.001 bot_drive
- 0.001 bot_drive2
- 0.001 antianalysis_detectreg
- 0.001 antivm_vbox_files
- 0.001 antivm_vbox_keys
- 0.001 geodo_banking_trojan
- 0.001 browser_security
- 0.001 disables_backups
- 0.001 disables_browser_warn
- 0.001 disables_power_options
- 0.001 azorult_mutexes
- 0.001 infostealer_bitcoin
- 0.001 cryptbot_files
- 0.001 echelon_files
- 0.001 infostealer_mail
- 0.001 masquerade_process_name
- 0.001 revil_mutexes
- 0.001 modirat_behavior
Reporting ( 0.01 seconds )
- 0.005 CAPASummary
- 0.001 JsonDump
Signatures
The PE file contains a PDB path
pdbpath: AgentService.pdb
SetUnhandledExceptionFilter detected (possible anti-debug)
Possible date expiration check, exits too soon after checking local time
process: AgentService.exe, PID 188
Yara detections observed in process dumps, payloads or dropped files
Hit: PID 188 triggered the Yara rule 'shellcode_get_eip' with data '['{ E8 00 00 00 00 59 }']'
Anomalous binary characteristics
anomaly: Entrypoint of binary is located outside of any mapped sections
Screenshots
No screenshots available.Hosts
No hosts contacted.
DNS
No domains contacted.
Summary
HKEY_CURRENT_USER\SOFTWARE\POLICIES\Microsoft\UEV\Agent\Configuration
HKEY_LOCAL_MACHINE\SOFTWARE\POLICIES\Microsoft\UEV\Agent\Configuration
HKEY_CURRENT_USER\SOFTWARE\Microsoft\UEV\Agent\Configuration
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\UEV\Agent\Configuration
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\UEV\Agent\Configuration\DebugTraceLogFilter
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\UEV\Agent\Configuration\DebugLogFileName
HKEY_LOCAL_MACHINE\Software\Microsoft\Uev\Agent\Runtime\TemplateRegistration
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\UEV\Agent\Configuration\DebugEnableDifferenceLog
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\UevAgentService
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\UevAgentService\Alias
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\GRE_Initialize
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize\DisableMetaFiles
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize\DisableUmpdBufferSizeCheck
HKEY_LOCAL_MACHINE\SOFTWARE\POLICIES\Microsoft\UEV\Agent\Configuration
HKEY_CURRENT_USER\SOFTWARE\Microsoft\UEV\Agent\Configuration
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\UEV\Agent\Configuration
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\UEV\Agent\Configuration\DebugTraceLogFilter
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\UEV\Agent\Configuration\DebugLogFileName
HKEY_LOCAL_MACHINE\Software\Microsoft\Uev\Agent\Runtime\TemplateRegistration
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\UEV\Agent\Configuration\DebugEnableDifferenceLog
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\UevAgentService
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\UevAgentService\Alias
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\GRE_Initialize
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize\DisableMetaFiles
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize\DisableUmpdBufferSizeCheck
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\UEV\Agent\Configuration\DebugTraceLogFilter
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\UEV\Agent\Configuration\DebugLogFileName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\UEV\Agent\Configuration\DebugEnableDifferenceLog
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\UevAgentService\Alias
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize\DisableMetaFiles
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize\DisableUmpdBufferSizeCheck
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\UEV\Agent\Configuration\DebugLogFileName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\UEV\Agent\Configuration\DebugEnableDifferenceLog
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\UevAgentService\Alias
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize\DisableMetaFiles
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize\DisableUmpdBufferSizeCheck
HKEY_LOCAL_MACHINE\Software\Microsoft\Uev\Agent\Runtime\TemplateRegistration
Sorry! No behavior.
Sorry! No strace.
Sorry! No tracee.
No hosts contacted.
No TCP connections recorded.
No UDP connections recorded.
No domains contacted.
HTTP Requests
No HTTP(s) requests performed.
SMTP traffic
No SMTP traffic performed.
IRC traffic
No IRC requests performed.
No ICMP traffic performed.
CIF Results
No CIF Results
Suricata Alerts
No Suricata Alerts
Suricata TLS
No Suricata TLS
Suricata HTTP
No Suricata HTTP
Sorry! No Suricata Extracted files.
Sorry! No dropped files.
Sorry! No process dumps.
Sorry! No process dumps.