Analysis
| Category | Package | Started | Completed | Duration | Options | Log(s) |
|---|---|---|---|---|---|---|
| FILE | exe | 2025-06-11 11:50:20 | 2025-06-11 12:08:30 | 1090 seconds | Show Options | Show Analysis Log |
free=yes
procmemdump=1
import_reconstruction=1
unpacker=2
norefer=1
no-iat=1
2024-11-25 13:37:15,038 [root] INFO: Date set to: 20250611T07:34:42, timeout set to: 1000 2025-06-11 08:34:42,348 [root] DEBUG: Starting analyzer from: C:\tmpjeo7jmad 2025-06-11 08:34:42,348 [root] DEBUG: Storing results at: C:\pvZafqQC 2025-06-11 08:34:42,348 [root] DEBUG: Pipe server name: \\.\PIPE\xVrVnxQMgC 2025-06-11 08:34:42,348 [root] DEBUG: Python path: C:\Users\Packager\AppData\Local\Programs\Python\Python310-32 2025-06-11 08:34:42,348 [root] INFO: analysis running as an admin 2025-06-11 08:34:42,348 [root] INFO: analysis package specified: "exe" 2025-06-11 08:34:42,348 [root] DEBUG: importing analysis package module: "modules.packages.exe"... 2025-06-11 08:34:43,160 [root] DEBUG: imported analysis package "exe" 2025-06-11 08:34:43,160 [root] DEBUG: initializing analysis package "exe"... 2025-06-11 08:34:43,160 [lib.common.common] INFO: wrapping 2025-06-11 08:34:43,160 [lib.core.compound] INFO: C:\Users\Packager\AppData\Local\Temp already exists, skipping creation 2025-06-11 08:34:43,160 [root] DEBUG: New location of moved file: C:\Users\Packager\AppData\Local\Temp\quickassist.exe 2025-06-11 08:34:43,160 [root] INFO: Analyzer: Package modules.packages.exe does not specify a DLL option 2025-06-11 08:34:43,160 [root] INFO: Analyzer: Package modules.packages.exe does not specify a DLL_64 option 2025-06-11 08:34:43,160 [root] INFO: Analyzer: Package modules.packages.exe does not specify a loader option 2025-06-11 08:34:43,160 [root] INFO: Analyzer: Package modules.packages.exe does not specify a loader_64 option 2025-06-11 08:34:43,348 [root] DEBUG: Imported auxiliary module "modules.auxiliary.browser" 2025-06-11 08:34:43,441 [root] DEBUG: Imported auxiliary module "modules.auxiliary.digisig" 2025-06-11 08:34:43,473 [root] DEBUG: Imported auxiliary module "modules.auxiliary.disguise" 2025-06-11 08:34:43,488 [root] DEBUG: Imported auxiliary module "modules.auxiliary.human" 2025-06-11 08:34:43,504 [lib.api.screenshot] DEBUG: Importing 'PIL.ImageChops' 2025-06-11 08:34:43,504 [lib.api.screenshot] ERROR: No module named 'PIL' 2025-06-11 08:34:43,504 [root] DEBUG: Imported auxiliary module "modules.auxiliary.screenshots" 2025-06-11 08:34:43,504 [root] DEBUG: Imported auxiliary module "modules.auxiliary.tlsdump" 2025-06-11 08:34:43,504 [root] DEBUG: Initialized auxiliary module "Browser" 2025-06-11 08:34:43,504 [root] DEBUG: attempting to configure 'Browser' from data 2025-06-11 08:34:43,520 [root] DEBUG: module Browser does not support data configuration, ignoring 2025-06-11 08:34:43,520 [root] DEBUG: Trying to start auxiliary module "modules.auxiliary.browser"... 2025-06-11 08:34:43,520 [root] DEBUG: Started auxiliary module modules.auxiliary.browser 2025-06-11 08:34:43,520 [root] DEBUG: Initialized auxiliary module "DigiSig" 2025-06-11 08:34:43,520 [root] DEBUG: attempting to configure 'DigiSig' from data 2025-06-11 08:34:43,520 [root] DEBUG: module DigiSig does not support data configuration, ignoring 2025-06-11 08:34:43,520 [root] DEBUG: Trying to start auxiliary module "modules.auxiliary.digisig"... 2025-06-11 08:34:43,520 [modules.auxiliary.digisig] DEBUG: Checking for a digital signature 2025-06-11 08:34:43,660 [modules.auxiliary.digisig] DEBUG: File is not signed 2025-06-11 08:34:43,676 [modules.auxiliary.digisig] INFO: Uploading signature results to aux/DigiSig.json 2025-06-11 08:34:43,676 [root] DEBUG: Started auxiliary module modules.auxiliary.digisig 2025-06-11 08:34:43,676 [root] DEBUG: Initialized auxiliary module "Disguise" 2025-06-11 08:34:43,676 [root] DEBUG: attempting to configure 'Disguise' from data 2025-06-11 08:34:43,676 [root] DEBUG: module Disguise does not support data configuration, ignoring 2025-06-11 08:34:43,676 [root] DEBUG: Trying to start auxiliary module "modules.auxiliary.disguise"... 2025-06-11 08:34:43,676 [modules.auxiliary.disguise] INFO: Disguising GUID to e814d3e1-5b30-4eac-90d1-5340f2022e3d 2025-06-11 08:34:43,676 [root] DEBUG: Started auxiliary module modules.auxiliary.disguise 2025-06-11 08:34:43,676 [root] DEBUG: Initialized auxiliary module "Human" 2025-06-11 08:34:43,676 [root] DEBUG: attempting to configure 'Human' from data 2025-06-11 08:34:43,676 [root] DEBUG: module Human does not support data configuration, ignoring 2025-06-11 08:34:43,676 [root] DEBUG: Trying to start auxiliary module "modules.auxiliary.human"... 2025-06-11 08:34:43,676 [root] DEBUG: Started auxiliary module modules.auxiliary.human 2025-06-11 08:34:43,676 [root] DEBUG: Initialized auxiliary module "Screenshots" 2025-06-11 08:34:43,676 [root] DEBUG: attempting to configure 'Screenshots' from data 2025-06-11 08:34:43,676 [root] DEBUG: module Screenshots does not support data configuration, ignoring 2025-06-11 08:34:43,676 [root] DEBUG: Trying to start auxiliary module "modules.auxiliary.screenshots"... 2025-06-11 08:34:43,676 [modules.auxiliary.screenshots] WARNING: Python Image Library is not installed, screenshots are disabled 2025-06-11 08:34:43,676 [root] DEBUG: Started auxiliary module modules.auxiliary.screenshots 2025-06-11 08:34:43,676 [root] DEBUG: Initialized auxiliary module "TLSDumpMasterSecrets" 2025-06-11 08:34:43,676 [root] DEBUG: attempting to configure 'TLSDumpMasterSecrets' from data 2025-06-11 08:34:43,676 [root] DEBUG: module TLSDumpMasterSecrets does not support data configuration, ignoring 2025-06-11 08:34:43,676 [root] DEBUG: Trying to start auxiliary module "modules.auxiliary.tlsdump"... 2025-06-11 08:34:43,676 [modules.auxiliary.tlsdump] INFO: lsass.exe found, pid 696 2025-06-11 08:34:43,691 [lib.api.process] INFO: Monitor config for <Process 696 lsass.exe>: C:\tmpjeo7jmad\dll\696.ini 2025-06-11 08:34:43,707 [lib.api.process] INFO: Option 'procmemdump' with value '1' sent to monitor 2025-06-11 08:34:43,707 [lib.api.process] INFO: Option 'import_reconstruction' with value '1' sent to monitor 2025-06-11 08:34:43,707 [lib.api.process] INFO: Option 'unpacker' with value '2' sent to monitor 2025-06-11 08:34:43,707 [lib.api.process] INFO: Option 'norefer' with value '1' sent to monitor 2025-06-11 08:34:43,707 [lib.api.process] INFO: Option 'no-iat' with value '1' sent to monitor 2025-06-11 08:34:43,707 [lib.api.process] INFO: Option 'tlsdump' with value '1' sent to monitor 2025-06-11 08:34:43,707 [lib.api.process] INFO: 64-bit DLL to inject is C:\tmpjeo7jmad\dll\lTUiRm.dll, loader C:\tmpjeo7jmad\bin\uQchymxO.exe 2025-06-11 08:34:43,770 [root] DEBUG: Loader: IAT patching disabled. 2025-06-11 08:34:43,785 [root] DEBUG: Loader: Injecting process 696 with C:\tmpjeo7jmad\dll\lTUiRm.dll. 2025-06-11 08:34:43,801 [root] DEBUG: 696: Python path set to 'C:\Users\Packager\AppData\Local\Programs\Python\Python310-32'. 2025-06-11 08:34:43,801 [root] INFO: Disabling sleep skipping. 2025-06-11 08:34:43,801 [root] DEBUG: 696: Full process memory dumps enabled. 2025-06-11 08:34:43,801 [root] DEBUG: 696: Import reconstruction of process dumps enabled. 2025-06-11 08:34:43,801 [root] DEBUG: 696: Active unpacking of payloads enabled 2025-06-11 08:34:43,801 [root] DEBUG: 696: CAPE debug - unrecognised key norefer. 2025-06-11 08:34:43,801 [root] DEBUG: 696: TLS secret dump mode enabled. 2025-06-11 08:34:43,817 [root] DEBUG: 696: InternalYaraScan: Scanning 0x00007FF84A790000, size 0x1f4542 2025-06-11 08:34:43,832 [root] DEBUG: 696: InternalYaraScan hit: RtlInsertInvertedFunctionTable 2025-06-11 08:34:43,832 [root] DEBUG: 696: RtlInsertInvertedFunctionTable 0x00007FF84A7A090E, LdrpInvertedFunctionTableSRWLock 0x00007FF84A8FB4F0 2025-06-11 08:34:43,832 [root] DEBUG: 696: Monitor initialised: 64-bit capemon loaded in process 696 at 0x00007FF8234D0000, thread 3468, image base 0x00007FF60D500000, stack from 0x0000008EFAA74000-0x0000008EFAA80000 2025-06-11 08:34:43,832 [root] DEBUG: 696: Commandline: C:\Windows\system32\lsass.exe 2025-06-11 08:34:43,848 [root] DEBUG: 696: Hooked 5 out of 5 functions 2025-06-11 08:34:43,848 [root] DEBUG: InjectDllViaThread: Successfully injected Dll into process via RtlCreateUserThread. 2025-06-11 08:34:43,848 [root] DEBUG: Successfully injected DLL C:\tmpjeo7jmad\dll\lTUiRm.dll. 2025-06-11 08:34:43,848 [lib.api.process] INFO: Injected into 64-bit <Process 696 lsass.exe> 2025-06-11 08:34:43,848 [roo <truncated>
Machine
| Name | Label | Manager | Started On | Shutdown On | Route |
|---|---|---|---|---|---|
| win10-2 | win10-2 | KVM | 2025-06-11 11:50:20 | 2025-06-11 12:08:10 | none |
File Details
| File Name |
quickassist.exe
|
|---|---|
| File Type | PE32 executable (GUI) Intel 80386, for MS Windows |
| File Size | 506880 bytes |
| MD5 | d14684e0e3929d2b2010a4be1c9b146c |
| SHA1 | c606bea8b7fa06fdbec25d13b67c90ee7aa162b1 |
| SHA256 | 41b43cdfaba9d453b1cd0258d4fc591b0bbf5bf682449395f3bfb51fc7340ea8 [VT] [MWDB] [Bazaar] |
| SHA3-384 | 9a058a6a357c1e8da48fed41d1650a2a4d11d42b4bffb58712f594348dea373e3051ff8c54ab4f59321e06778fb88a77 |
| CRC32 | 2EF4A715 |
| TLSH | T1E4B4B6219AE8B125E5B327B504BAA13481797C711B2080CBCE35B69DF97EBF1897C317 |
| Ssdeep | 12288:NRgcsO3jIGUPPSGtb9i7aXRBFNSOr82quq2y:9IGU3SGtp7XRBF0Or82jq |
| PE | File Strings BinGraph Vba2Graph |
Full Results
| Engine | Result | Engine | Result | Engine | Result |
|---|
nUnknown command
GetMsaToken
ParentWindow
Get back buffer from DXGI swap chain
Microsoft::RemoteAssistance::MsaManager::DecryptId
WebView
GdipGetImageHeight
DisconnectTimeoutInMilliseconds
Microsoft::RemoteAssistance::DesktopSharingSessionEventsSink::UnAdviseRelayEvents
808Z8v8
444A4H4Z4E5R5_5f5m5s5
enduser\remoteassistance\win32app\networkstatusevents.cpp
enduser\remoteassistance\common\visualeffectmanager\visualeffectsettingsmanager.cpp
WindowsCreateStringReference
SSSSSW
?context=
</style>
0C0P0w0
7<7W7
ReleaseMutex
GetStartupInfoW
7.7Z7
5(6]6j6
FrameCaptureIntervalInMilliseconds
0I0l0w0
;*=r=m>
Microsoft::RemoteAssistance::DesktopSharingInterop::OnMouseButtonReceived
CurrentBuildNumber
Microsoft::RemoteAssistance::ParseInputFocusContext
ResumeSharingByAgent
5$6b6
Microsoft::RemoteAssistance::InvalidateMonitors
SetWindowThemeAttribute
Microsoft::RemoteAssistance::BeginSharingHandler
CreateSemaphoreExW
979]9::i:~:
94:E:i:u:
QQSVW
pinternetconnected
Microsoft::RemoteAssistance::DesktopSharingInterop::OnGraphicsStreamResumed
IsMainBrowser
Failed set the prompt complete event
Microsoft::RemoteAssistance::VirtualAnnotationCanvas::EndStroke
Microsoft.RemoteAssistance
9'9J9f9s9
enduser\remoteassistance\common\sharingcore\desktopsharinginteropimpl.cpp
3H3f3s3z3
9,9Q9g9m9
no space on device
CreateWindowExW
OperationName
9N:o:
manufacturer
6"7`7z7
Create the DXGI swap chain
sessionpassword
RegSetValueExW
7-757i7o7
;w(s/
GT(1@
;L;n;
RAWebViewClassName
organizations
not a directory
dependencyName
Microsoft::RemoteAssistance::WebView::GetHeaders
<description>Microsoft Modern Sharing Solution</description>
8#8A8\8
Reset the onDisconnected event
Microsoft::RemoteAssistance::DesktopSharingInterop::PauseSharingDependencies
</security>
:-:C:]:
<style>
??0exception@@QAE@ABQBDH@Z
O,PVS
AnnotationModeStartFinished
Microsoft::RemoteAssistance::DesktopSharingInterop::PauseSharing
5<5H5h5t5
api-ms-win-core-com-l1-1-1.dll
d56d7460-2349-478f-a433-00641eafef37
RelayHostName
showminimize
HookAppWindowClose
Failed to send keyboard input to the Input Sink
Microsoft::RemoteAssistance::Application::CheckIfIsRestartComandLineArg
api-ms-win-core-string-l1-1-0.dll
2(3i3
`.data
Microsoft::RemoteAssistance::DesktopSharingInterop::SharerConnectDirectConnect
Getting group name
SharerDisconnect:UnadviseRelayEvents
system
Ph@TA
7PhhKA
Create swap chain for composition
<0<@<
0$0*0=0F0N0\0
Microsoft Corporation
Microsoft::RemoteAssistance::ParseBeginSharingContext
enduser\remoteassistance\common\screensharingborder\screensharingbordermanager.cpp
SplashScreenWindowClassName
_XcptFilter
7C8>9g9
</script>
9E9`9
303A3`3
_lock
;B;d;v;
__TlgCV__
626q6
framecaptureinterval
connecttimeout
; <=<J<u<
;0;@;Y;
2J2W2d2k2q2
SystemRestart
142F2Q2g2x2
Previous
Create Direct2d device context
AppChatSession
Microsoft::RemoteAssistance::TraceLogging::IncrementCorrelationVector
Pj&hx
SharingMode
monitorinfo
<&<4<;<B<f<
000P0{0
ATL.DLL
Does Default Account Exist
LaunchSessionDetails
resource unavailable try again
_initterm
111W1g1u1
.?AVlogic_error@std@@
4'4F4
Microsoft::RemoteAssistance::KeyboardHook::StartKeyboardCapture
successpath
ErrorHResult
.idata$5
LoadLibraryW
72898p8
FunctionName
ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/M
CreateSolidBrush
>:>\>g>w>
t4HLqE
Check your internet connection
not connected
Microsoft::RemoteAssistance::OffscreenInkedBitmap::AddStrokePoint
protocol_not_supported
processorArchitecture="x86"
>"?C?U?y?
:$:S:c:
647k7
Microsoft::RemoteAssistance::WebView::WindowWndProc
DesktopSharingInterop::SetSharingRect
RelayFailed
internal\sdk\inc\wil\Resource.h
<requestedExecutionLevel level="asInvoker" uiAccess="true" />
Microsoft
SetRestrictedErrorInfo
0+1A1u1
injectViewer
6I6_6l6
>#>.>j>s>
Microsoft.RemoteAssistance.CommandHandlers
Remove OnError from DesktopSharingInterop
operation_in_progress
2)2D2i2
384Y4p4
0#0C0m0x0
SecureDesktopManager::DisableSecureDesktop
GdipDeleteGraphics
FillRect
2)4O4c4s4
ext-ms-win-ntuser-gui-l1-1-0.dll
WindowUpdate
Closing the port, no viewer due to timeout
No context to parse input focus
6E6c6
Context
>`>t>
offline
Application is started after reboot?
The ARGB values in Brush Color Context was not parsed correctly.
.data$r$brc
8&8c8i8o8u8
3X3z3
AnnotationWindow
9):B:O:}:
GetMessageW
646F6L6e6
host_unreachable
474z4
Parsing command message
??0exception@@QAE@ABQBD@Z
bcdedit.exe
j3j4h
d2d1.dll
SetEvent
/deletevalue {current} safeboot
connection refused
read only file system
Microsoft::RemoteAssistance::AnnotationCanvas::CheckedErrorGuard
Remove OnRelayConnectorError from DesktopSharingInterop
Obtaining MSA local provider
_exit
WebView is navigating to url
8A9M9R9b9
2;4S4
PartB_Ms.Qos.OutgoingServiceRequest
6E7w7
>9>I>o>
Microsoft::RemoteAssistance::DesktopSharingInterop::SharerDisconnect
operation would block
?$?7?>?G?c?
annotation
https://autologon.microsoftazuread-sso.com
>9?P?
N#s0j
enduser\remoteassistance\win32app\webview.cpp
<p class="text-body" tabindex="0">%s</p>
enduser\remoteassistance\win32app\applicationsetup.cpp
requestname
7 7$7(787<7@7D7H7L7P7T7X7\7`7d7h7l7p7|7
%hs!%p:
Sharing border manager not registered
0-0`0z0
j$j%hxtA
systemproductname
=,>B>`>
3"3/3Z3g3
uwf;A
2F3s3
#Fl4Z
9B:w:
252L2U2
CoCreateFreeThreadedMarshaler
enduser\remoteassistance\win32app\javascriptbridge.cpp
4]4v4
0(00080@0L0l0x0
7&7]7|7
xL.kC
2D3`3m3t3z3
^4^[3
5)6c6
SupportAppURL
8?8j8
PreferredPasswordLengthInChars
.right-justify {
.tls$ZZZ
RoGetAgileReference
CoCreateInstance
9C9Z9
5(5W5d5
<,<G<]<t<
?-?4?;?Q?_?k?w?
font-size: 15px;
systemsku
8.8<8M8Z8
)9NTu!9~Xt
forwardtoagent
Failed to process a queued stroke command
1(1n1
5S5k5~5
Failed to obtain MSA token
9 9,949h9x9
argument out of domain
1kw#N
=4=A=
5!6.63686@6H6p6
PauseSharingByUser
Windows.Foundation.IAsyncOperation`1<Microsoft.RemoteAssistance.CommandResult>
IsErrorPropagationEnabled
>.?q?
.CRT$XIA
GdipDisposeImage
Number of Collab Key Send failures
405s5|5
2-2:2t2
909k9
=9=I=[=
storedCommandLine.c_str()
userrequest
DispatchMessageW
Windows.Networking.Connectivity.NetworkInformation
t$0PW
4C4T4
connection_already_in_progress
Microsoft::RemoteAssistance::CommandHandlersImpl::ProcessMessageAsync
Setting internal window size and position
showmaximize
generic
ResetEvent
Windows.System.Profile.AnalyticsInfo
7?8Q8\8a8
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
8H9n9~9
FileDescription
4C4n4
margin: 0;
ConnectTimeoutInMilliseconds
Microsoft::RemoteAssistance::DependencyInjectorImpl::Resolve
Failed to process mouse move event from RDP
MonitorRect Right physical pixels
5,6J6
callerIpAddress
>#>+>7>D>T>^>k>u>
CryptProtectData
GX(!@
notifyappclosing
Microsoft::RemoteAssistance::SharingController::WaitForViewerConnect
3.3T3l3
>,>A>q>
DisableSecureDesktop
BeginPaint
<Y<p<
VisualEffectManager ResetAll
VW8K
<+=V=}=
resizable
ntdll.dll
<html>
no stream resources
RenderTargetWidthInPixels
9X$v+
10.0.17763.1
directory not empty
535n5
4%4P4]4
7F8h8u8
O4PSV
Headers
262c2
{
network reset
SetWindowLongW
AdjustTokenPrivileges
<5=s=
=C=v=
capabilities
6;6v6
AppLoaded
productedition
D$$@;D$(j
serviceErrorCode
RenderTargetWidth
1-1P1q1
8 858>8J8R8b8w8
;Q@t4
0"0+020G0s0}0
<4<V<x<
PropertyName
6w6R8
> ?1?:?a?l?
command
546;6
5g6|6
enduser\remoteassistance\common\annotations\virtualannotationcanvas.cpp
message
no protocol option
< =1=Q={=
TotalSettingsCount
RemoteAssistanceWindowClassName
?<?H?h?t?
FrameCaptureIntervalInMs
GetTickCount64
taskmanager
;(;4;T;`;
OnAttendeeConnectedWithRelay
??0exception@@QAE@ABV0@@Z
0%1;1
safebootrestart
ViewModeInputCapture
memmove_s
.rdata$zETW9
1*2j2
<5<x<
isstoredinreg
no buffer space
Try again later
xnjXW
7J7W7s7
Microsoft::RemoteAssistance::DesktopSharingSessionEventsSink::AdviseRdpSessionEvents
0$0,040<0D0L0T0\0d0l0t0|0
Error retrieving phone mobile operator/oem information
<)=G=x=
Microsoft::RemoteAssistance::SharingController::ChangeSharingMode
7PRjI
<M<x<
_itow_s
GetDpiForMonitor
errormode
1B1v1
GroupName
7@7k7
5(565
6+62696o6
Microsoft::RemoteAssistance::SharingController::EndShareInternal
InitiateShutdownW
1J1i1
https://login.windows.local
DllCanUnloadNow
SSSSSSSS
;H;t;
Error resetting visual effect setting
RoOriginateError
TerminateProcess
Sent data over the virtual channel
<F<x<
enduser\remoteassistance\common\commandhandlers\commandrequests.cpp
t+VVj
titletext
responsename
SystemInfo
5#646f6u6
#@ %B
networkquery
313B3n3
7!8>8]8x8
;+;V;
A14>
;7<y<
Xj*Yj
ChangeBrushColor
0=0{0
wP_^[
Lh0,A
s$;s(
Microsoft::RemoteAssistance::AnnotationWindowController::AddMousePoint
ext-ms-win-ntuser-window-l1-1-4
6F6r6{6
Microsoft::RemoteAssistance::SharingController::SetSharingRect
97v=9w
bad_address
Failed to process AddStrokePoint
ErrorUnknown
Windows.Foundation.IAsyncAction
262X2
5 5$5(5,5054585<5@5D5H5L5P5T5X5\5`5d5h5l5p5t5x5|5
Microsoft::RemoteAssistance::WebView::OnDocumentComplete
SetSharingMonitor
Set sharing session property
Wh(EA
Microsoft::RemoteAssistance::DependencyInjectorImpl::CleanUp
DisconnectCode
monitorcount
responseContentType
.text$x
devicefamilyversion
not_connected
707e7n7
7 7T7k7
<&=8=F=R=
too many links
>"?H?
Failed
RenderTargetInfo
KillTimer
727;7b7
1N1i1r1
.xdata$x
;!;.;Z;g;
showondesktop
=L>U>v>
;W;z;
5)535=5D5K5d5|5
GetModuleHandleW
<!=I=w=
inappropriate io control operation
api-ms-win-core-registry-l1-1-0.dll
Invalid command format
.CRT$XLZ
.giats
kernelbase.dll
Revert any visual effect manager settings
requestresponse
ChangeSharingMode
connection reset
ext-ms-win-ntuser-windowclass-l1-1-2.dll
height
Microsoft::RemoteAssistance::Application::HandleCommandLine
4S4p4
Pj(hx}@
ext-ms-win-ntuser-window-l1-1-0
api-ms-win-core-winrt-error-l1-1-0.dll
;Q@tZ
PQSVW
747{7
center
connection aborted
AppLaunched
https://web.vortex.data.microsoft.com
Sharing session explicitly ended before viewer connected. Not sending user request message about success/failure
?F?T?`?
OriginalFilename
G0;A@t(
8:9W9w9
Microsoft::RemoteAssistance::DesktopSharingInterop::ResumeSharingDependencies
141@1`1l1
C0Ph(
sprintf_s
Obtained MSA token
:!;L;\;j;
destination_address_required
Microsoft::RemoteAssistance::DesktopSharingSessionEventsSink::UnAdvise
:&:?:[:i:
OnConnectionCompleted
EndSharingReceived
969T9b9
Manufacturer
enduser\remoteassistance\common\commandhandlers\commandhandlersimpl.cpp
SVWj2j3
EnumDisplayMonitors
SendSAS
4)4E4X4
?/?f?}?
3?3N3
PartB_Ms.Qos.IncomingServiceRequest
>^?x?
=9=F=k=
<H<Q<`<
7::\:
8$8,848<8D8L8T8\8d8l8t8|8
Received data over the virtual channel
=,=4=@=`=h=p=x=
Microsoft::RemoteAssistance::MsaManager::ExtractTokenFromResult
S _^[
2.2;2j2z2
;-;M;
PreviousExecutionState
OnAttendeeConnected
Invalid frame capture interval. Frame capture interval must be in range of UINT16
Microsoft::RemoteAssistance::SharingController::SendChannelMessage
252<2C2f2t2{2
EndShareInternal finished waiting for the viewer to disconnect. See hr for result.
7#7)7<7P7Y7w7
5?6H6Z6
Y__^[
.0;0b0
4<5C5m5
ConnectionString
CloseHandle
Unknown Event
2q2|2
<!DOCTYPE html>
@.reloc
Create Direct3d 11 hardware device
>??w?
424C4i4
width
LoadResource
_purecall
Microsoft::RemoteAssistance::AnnotationScreen::SetupRenderLoop::<lambda_3f483fead0d4e6af6c4c896431faddf8>::operator ()
timed_out
GetSystemTimeAsFileTime
3V3d3|3
222G2Y2g2t2
Microsoft::RemoteAssistance::RestartManager::Register
;6;J;Q;X;_;
2H2a2w2
__p__fmode
SeShutdownPrivilege
2hH,A
?L?Y?
.Wx>^
20363B3R3j3
tA9_ t!
QSVWh
SOFTWARE\Microsoft\QuickAssist
Microsoft::RemoteAssistance::OffscreenInkedBitmap::Clear
body .text-body {
0$1O1
document.body.className = "right-justify"
8L8|8
enduser\remoteassistance\common\securedesktopmanager\securedesktopmanagerimpl.cpp
Microsoft::RemoteAssistance::MsaManager::GetDefaultProviderAndPromptUser
607;7X7c7
IsNewSession
<><K<g<
7*7F7
SystemProductName
Microsoft::RemoteAssistance::VirtualAnnotationCanvas::BeginStroke
Command field is malformed or missing
7$7O7
Microsoft::RemoteAssistance::DesktopSharingInterop::OnChannelDataReceived
0*01080>0Q0Z0e0l0s0
SetUnhandledExceptionFilter
Failed to post message to window
Windows.Foundation.Collections.IVectorView`1<Microsoft.RemoteAssistance.IAnnotationScreen>
</body>
404;4a4q4
8(9G9R9c9
network down
|IDATx
executable format error
>(>H>P>X>d>
Windows.Foundation.Collections.IVector`1<Microsoft.RemoteAssistance.IMonitorInfo>
2D3N3k3x3
.text
SystemVersion
9G:b:
ProcessReceivedCommand
systemfamily
ext-ms-win-ole32-bindctx-l1-1-0.dll
.rdata$brc
SetWindowPos
5-595@5G5Z5a5
Microsoft::RemoteAssistance::AnnotationWindowController::StopAnnotationMode
7?7P7
7<7M7c7
9@:F:^:
Failed to send app close
6A6d6m6w6
8 8E8\8x8
Blocking navigate to url
5 5.565a5
minheight
Microsoft::RemoteAssistance::DesktopSharingSessionEventsSink::Advise
Sending agent desktop height and width
Microsoft::RemoteAssistance::WebView::RenderUnexpectedErrorPage
MsaManager
AppSharingSession
Annotations
enduser\remoteassistance\common\annotations\annotationscreen.cpp
_L_^[
No context to parse sharing mode
Getting session password
7$7,787X7d7
:P:i:
4&424>4
=L=|=
:2:_:z:
PhdtA
2,3L3
.idata$4
80888D8d8l8x8
4+4T4b4
=.=N=
1$1,141<1D1L1T1\1d1l1t1|1
Called ParseBeginSharingContext
WebViewWindowEventHandler
.rdata$T$brc
GetTokenInformation
Microsoft::RemoteAssistance::DesktopSharingInterop::OnPasteFromClipboard
__dllonexit
operationName
<D<[<h<
8!909Y9j9
connection_aborted
identifier removed
PVVVVV
DependencyInjectorImpl::Resolve
=.=5=<=J=]=h=~=
WQh8+A
Attendee
:&:2:i:
Signaling OnEndSharing event in CleanupSharingEvents because the sharing session is being torn down
AgentMode
>R>q>
operation not supported
api-ms-win-core-com-l1-1-0.dll
cross device link
Invalid relay information. All relay fields must be provided
<#<*<1<D<O<e<{<
protocol
< <,<L<X<x<
3&3\3
type="win32" />
enduser\remoteassistance\common\commandhandlers\msatokenhandler.cpp
Attempting to reconnect to the remote computer. Please make sure you're connected to the internet.
<i<z<
9$9w9
Unexpected result from WaitForMultipleObjectsEx
};
7:7q7
r+pss
9):\:
??_V@YAXPAX@Z
AnnotationCanvas CheckedErrorGuard given failed HR.
SplashScreenWindow
Invalid connect timeout. Connect timeout must be in range of UINT32
4*5@5
IsMainWebBrowser
Microsoft::RemoteAssistance::MsaManager::PromptUser::<lambda_c17c9ca616e9cd2aadd5ab22b30f9b2c>::operator ()
no link
x,SSh`
=6>S>
CallStack
GdipDrawImageI
https://remoteassistance.support.services.microsoft.com
;)<6<v<
Render unexpected error page failed
CoGetObject
DevMode
0%0-050=0I0R0W0]0g0q0
697b7
6=6L6
bad allocation
CoCreateInstanceFromApp
DeleteObject
MonitorRect Left physical pixels
;';=;T;o;
using clipboard to paste
SetLastError
productbuildnumber
.rsrc$01
5#676B6_6d6
CallContext:[%hs]
ClearCanvas
~(_^]
DebugBreak
:F:r:
Power manager is not registered with DependencyInjector. Continuing without power manager.
Microsoft::RemoteAssistance::ParseShowErrorContext
9*939
.idata
;&;E;
DependencyInjectorImpl::Register
Windows.Foundation.IAsyncAction Microsoft.RemoteAssistance.WaitForViewerConnectedAsync
>F>X>f>r>
isvisible
Completed navigation to url
5#6^6
Windows.Foundation.Collections.IIterator`1<Microsoft.RemoteAssistance.IAnnotationScreen>
RemoveKeyboardHook
:E;i;
Microsoft::RemoteAssistance::MsaManager::PromptAccountsSettings::<lambda_5a133da9fc2d09c33cd26b1e5b6f3ccf>::operator ()
GetWindowRect
<-<6<H<O<v<
Command text is not valid json
Microsoft.RemoteAssistance.AnnotationWindowController
5_6h6z6
permission_denied
2K2v2
Getting connection string
deque<T> too long
<?=H=Z=
_CxxThrowException
Quick Assist
T$0RP
8k8z8
x!CEP
EndPaint
<<<I<e<
:5:P:z:
GdipGetPropertyItem
isactivexfocused
InitializeSRWLock
Attempted to send a channel message without an active RDP channel
7PhXKA
Windows.UI.ApplicationSettings.WebAccountProviderCommand
D$HSV
>2>?>y>
BytesSent
S$_^[
Fatal Canvas Error has been reported to AnnotationWindowController
resource deadlock would occur
;B;|;
777Z7}7
sharingsessiondisconnected
4V5d5m5
<><K<w<
</html>
too many files open in system
ParseCommandRequest
=C>x>
'#:K!
???D?K?Q?Z?c?n?
EndKeyboardCapture
manufacturerapplink
1$1^1k1
address not available
j8Yj7Zj
Microsoft Corporation. All rights reserved.
:&;3;@;S;k;~;
GetMonitors
.?AVexception@@
ext-ms-win-ntuser-window-l1-1-3
message size
;3;D;
>4?=?V?
Microsoft::RemoteAssistance::MakeIsStoredInRegCommandField
<meta http-equiv="X-UA-Compatible" content="IE=10" />
ext-ms-win-ntuser-window-l1-1-1.dll
7H8g8y8
Microsoft::RemoteAssistance::OffscreenInkedBitmap::CreateSizeDependentResources
_controlfp
717Y7
.text$yd
4+4@4R4d4v4
OnListenCompleted
0&0\0l0z0
T$ ;\$
api-ms-win-core-localization-l1-2-0.dll
Signaling the onViewerDisconnected event
?3?X?l?
?=?J?f?
ChangeBrushSize
?9?o?
C4Ph)
ext-ms-win-com-ole32-l1-1-0.dll
Command message received
SjD[Sj
6 6$6(6,6064686<6@6D6H6L6P6T6X6\6`6d6h6l6p6t6x6|6
?'?G?T?~?
314v4
Failed to free encrypted data
correlationid
api-ms-win-core-winrt-l1-1-0.dll
7^7v7
@.rsrc
868H8V8
Microsoft.RemoteAssistance.DesktopSharingInterop
GdipImageGetFrameDimensionsList
;T<h<w<
Microsoft::RemoteAssistance::DesktopSharingInterop::OnChannelDataSent
Microsoft::RemoteAssistance::VisualEffectSettingsManager::AlterAll
Microsoft::RemoteAssistance::AppWindow::WindowWndProc
restart
;$<T<d<r<
AcquireSRWLockExclusive
VIEWER
:(:4:<:p:
protocol not supported
1s1~1
Microsoft::RemoteAssistance::OffscreenInkedBitmap::BeginStroke
LegalCopyright
9~XuU
:L:\:
6&61686Y6a6j6u6{6
enduser\remoteassistance\common\commandhandlers\showerrorhandler.cpp
Microsoft.RemoteAssistance.AnnotationRenderer
;><D<l<
var disableSplashScreenCommand =
AppSuspended
5:5e5
=;=G=W=d=
GdipImageGetFrameDimensionsCount
D$<+D$4
<:=y=
585f5z5
api-ms-win-ntuser-sysparams-l1-1-0.dll
No restartContext passed
=*===_=j=|=
;8;@;H;P;\;d;
Windows.Foundation.Collections.IVector`1<Microsoft.RemoteAssistance.IAnnotationScreen>
Remove OnConnectionFailed from DesktopSharingInterop
Cannot create TraceLoggingCorrelationVector object
6!666?6T6]6g6
4B4X4x4
DisableEncryption
:3:L:e:~:
1(1H1P1X1d1
Error rendering annotation surface
enduser\remoteassistance\common\networkstatus\networkstatusmanagerimpl.cpp
InitOnceExecuteOnce
SSBorder #num
R``^@
3$3E3g3t3
UnadviseRelayEvents
MonitorRect Bottom physical pixels
MSA scope
@p,&K`
D$,PQh
Setting up AccountsSettingsPane commands
HResultSetEvent
Microsoft.RemoteAssistance.NetworkStatusManager
6$6,646<6H6h6p6|6
.rdata$zzzdbg
_vsnprintf_s
9&:D:s:
Microsoft.RemoteAssistance.TraceLogging
989E9j9
LoadStringW
C`|0@
ext-ms-win-ntuser-menu-l1-1-0.dll
0>0o0
realloc
.rdata
;_;o;};
api-ms-win-core-errorhandling-l1-1-0.dll
MS-CV:%s
too many files open
SendChannelMessage
SettingName
context:
;IoUfv
EditionID
Created and initialized annotation window
InputSink
HARDWARE\DESCRIPTION\System\BIOS
3Z4e4
0#0N0U0p0
:_:l:
no lock available
<title>%s</title></head>
Microsoft::RemoteAssistance::SharingController::ResumeSharingWithToken
api-ms-win-rtcore-ntuser-window-l1-1-0.dll
<assemblyIdentity
OnError
Microsoft::RemoteAssistance::KeyboardHook::EndKeyboardCapture
GetClassLongW
<,<O<j<
4F4y4
Failed to determine if cmdline argument means start after reboot:
GdiplusStartup
CoGetApartmentType
DragWindowVisualEffectSetting
9(959A9M9p9
>0><>\>d>l>t>|>
S _^3
WaitForSingleObject
position: relative;
</body>
80:H:N:h:t:
address in use
VW9KTtc3
=I=}=
3H3U3
Microsoft::RemoteAssistance::DesktopSharingInterop::OnMouseMoveReceived
ext-ms-win-gdi-devcaps-l1-1-0.dll
5h6u6
>)>3>
OpenProcessToken
command:"setsplashscreen",
Create back buffer bitmap from DXGI surface
SAS.dll
$xC J
GetModuleFileNameA
9$909P9X9d9
SystemParametersInfoW
admin
owner dead
Failed to clean cmdLine from registery
6d6k6
:&:f:|:
6$6P6]6
network unreachable
api-ms-win-core-sysinfo-l1-1-0.dll
RdpRelayConnector
memcpy
.idata$3
:6:\:e:
4(595_5
WindowsIsStringEmpty
3>3E3K3g3
1C2^2v2
_ftol2
invalid seek
4 4$4(4,4044484<4@4D4H4L4P4T4X4\4`4d4h4l4p4t4x4|4
is a directory
newsizedip
Processing command message
RtlDllShutdownInProgress
=$=0=P=X=`=h=p=x=
FontSmoothingVisualEffectSetting
94:k:~:
:n;|;
Parsing sharing mode from context
0H0p0x0
SetLayeredWindowAttributes
string too long
font-family: Segoe UI Regular,sans-serif;
>0?h?
monitors
GIF89aX
ErrorMessage
NetworkQuery
QuickAssist.pdb
2A2v2
api-ms-win-core-shutdown-l1-1-1.dll
9G9z9
no child process
PRESENTER
RelayConnect-Connect
Microsoft::RemoteAssistance::CommandRequests::SendCommand
enduser\remoteassistance\common\annotations\annotationcanvas.cpp
0F2T2
495\5v5
ResumeSharing
Failed to process mouse button event from RDP
8M8c8
; ;h;
SystemSKU
__setusermatherr
DCompositionCreateDevice2
??0exception@@QAE@XZ
>I?`?
HeapFree
invalid string position
body {
no message available
_except_handler4_common
Microsoft.RemoteAssistance.SystemInfo
;-<L<
2Local\SM0:%d:%d:%hs
GetTickCount
2:3D3Q3
callerName
70797v7
;?<P<
=>>Q>^>
:*:V:~:
131D1`1q1
?(?:?
S@_^[
1!1(1/151A1L1Q1V1\1f1p1
8<8I8e8
.CRT$XIY
api-ms-win-shcore-scaling-l1-1-1.dll
Z9_,tZ
PostMessageW
EventDescription
0 0H0d0v0
requestSizeBytes
GdiplusShutdown
dependencyType
?&?,?O?X?
Failed to get the token from the cache
t,;:u
?&?X?e?
Rx(,G1
Failed to get the ID from the cache
SystemFamily
CommandRequests
monitorindex
G`|0@
G``6@
SharingCore
7A7Y7s7
MultiByteToWideChar
=3=]=
283S3
argv[1]
Could not start sharing. See ErrorCode for more details
GTD!@
PjShpWA
connection_reset
EventSetInformation
Microsoft::RemoteAssistance::DesktopSharingInteropBase::GenerateGroupNameAndPassword
<%<m<
GdipCloneImage
QueryCommand
K$9C$s
H0U0.1B1\1i1
User.Read
Invalid error mode. Error mode must be Offline or Unexpected
viewing
<E=\=
PhXjA
;2;H;
OutputDebugStringW
3$303P3X3
= =$=(=,=0=4=8=<=@=D=H=L=P=T=X=\=`=d=h=l=p=t=x=|=
495P5
SHCreateMemStream
ReturnHr
Could determine if RemoteAssistance dev url should be used; defaulting to prod
:E:O:~:
pKeyboardHook
2 2E2O2n2
9&9:9A9z9
444@4H4t4x4
?8?n?
4+484d4q4
9/969^9p9
9&9-939E9O9v9
<!=+=Y=c=
Failed to render offline error page
0L0b0
Microsoft.RemoteAssistance.AnnotationCanvas
VQPWV
Microsoft::RemoteAssistance::WebBrowserEvents::Advise
.rdata$sxdata
api-ms-win-core-libraryloader-l1-2-1.dll
isvisible: false
;-<F<S<
;3;q;{;
Unadvise failed
consumers
7hTfA
sharingsessionconnected
Windows.Foundation.Diagnostics.AsyncCausalityTracer
>.>=>U>b>i>p>
>]>g>m>w>
ApiSetQueryApiSetPresence
778I8X8`8
>0>]>l>
Windows.UI.ApplicationSettings.AccountsSettingsPane
Microsoft::RemoteAssistance::AnnotationCanvas::CreateDeviceAndContextD3D
6!6W6h6
Windows.Networking.NetworkOperators.MobileBroadbandModem
=_>t>
ShellExecuteW
8&8v8
Microsoft::RemoteAssistance::DesktopSharingSessionEventsSink::UnAdviseRdpSessionEvents
systemmanufacturer
UnhookWindowsHookEx
4/4@4Q4b4s4
7#7U7_7
3(4y4
Windows.Foundation.AsyncOperationCompletedHandler`1<Microsoft.RemoteAssistance.CommandResult>
SetWindowsHookExW
api-ms-win-security-base-l1-1-0.dll
:,;5;y;
.CRT$XCAA
CoGetInterfaceAndReleaseStream
2,3f3r3
W/<_B
ReleaseSRWLockShared
PQPQh
connection already in progress
Remove OnAttendeeDisconnected from DesktopSharingInterop
556g6z6
4(5_5
=">B>
D$@+D$8
no message
DependencyInjectorImpl::CleanUp
CreateThread
:>:]:
.00cfg
_wcsicmp
7 7@7H7T7t7|7
Microsoft::RemoteAssistance::MsaManager::GetTokenFromLocalSystem
0)0L0`0
FreeLibrary
Microsoft::RemoteAssistance::SharingController::PauseSharingWithToken
BE4A7234-40FC-45EE-92FC-165881767397
Microsoft::RemoteAssistance::DependencyInjectorImpl::Register
FailFast
7f7t7{7
Microsoft::RemoteAssistance::MsaManager::GetLiveProvider
718C8Q8V8w8
enduser\remoteassistance\common\commandhandlers\annotationshandler.cpp
0"090W0
QhdzA
<&=I=v=
=)>0>G>r>y>
GetKeyState
111Y1i1w1
(00% /
021-2v2
CompanyName
invalid map/set<T> iterator
<<=S=s=
Microsoft::RemoteAssistance::WebView::IsMainWebBrowser
enduser\remoteassistance\common\screensharingborder\monitortopology.cpp
GetCurrentThreadId
909i9
<H<U<w<~<
<<=o=
8)8^8
WaitForThreadpoolTimerCallbacks
OnNavigateError
Failed to write to the cache
SetSharingMode
464N4
;$;.;4;V;
1L1W1e1
Channel
858i8s8
Error applying visual effect setting
CompositionScaleX
Sent user request about sharing session established/failed
>+>;>I>w>
>'>G>R>_>f>m>t>
}
Microsoft::RemoteAssistance::MonitorTopology::AddMonitor
Command
IsAllowed
https://login.microsoft.com
message_size
GetProcessHeap
,k9eS
Sleep
Microsoft::RemoteAssistance::DesktopSharingInterop::OnGraphicsStreamPaused
Microsoft::RemoteAssistance::ParseMoveWindow
Microsoft::RemoteAssistance::WebView::OnBeforeNavigate2
UsingRelay
0O0X0
enduser\remoteassistance\common\annotations\annotationwindowcontroller.cpp
FileName
j8j9h {A
SecureDesktopManager
?-?P?d?
SOFTWARE\Microsoft\Windows NT\CurrentVersion
>)>G>S>^>h>z>
SharingBorder
4SVWj03
;$;0;P;\;|;
Remove SendCommandRequested
ViewerConnect
? ?$?(?,?0?4?8?<?@?D?H?L?P?T?X?\?`?d?h?l?p?t?x?|?
PauseSharing
requestMethod
RenderTargetHeight
restart
4>5N5\5
dependencyOperationVersion
GdipGetImageWidth
:&:1:<:B:e:
Microsoft.RemoteAssistance.VirtualAnnotationCanvas
Failed to set cmdLine to registery
value too large
7%7b7g7m7
UNKNOWN
App_Event
WindowsGetStringLen
RegOpenKeyExW
9Z9a9
=4=<=D=P=p=x=
box-sizing: border-box;
ReleaseSemaphore
enduser\remoteassistance\common\inputhandler\keyboardhook.cpp
network_unreachable
deviceform
595Q5o5
CreateEventExW
:E;s;
csvchnl
Microsoft::RemoteAssistance::ScreenSharingBorderManager::CreateScreenSharingBordersOnEachMonitor
;S<N=w=
_wcsnicmp
:E:h:
Cannot increment TraceLoggingCorrelationVector object
>0><>\>d>p>
ShowError
LockResource
1?1Q1
html, body {
StartKeyboardCapture
232n2
4_5h5z5
Failed to register viewer input sink
061L1S1Z1a1o1|1
Created Size Dependent Resources
ApplicationLanguage
InitialSharingMode
manufacturerhelplink
2+2P2d2s2
CloseThreadpoolTimer
KeyboardHook
enduser\remoteassistance\common\dependencyinjector\dependencyinjectorimpl.cpp
CallbackMayRunLong
0.0D0V0y0
productminorversion
<(<H<T<t<
AppOutgoingQoS
?.?F?N?X?
d3d11.dll
<&=D=W=
Rendering offline & timeout page
t$pVQ
1#2M2u2
9VTup
safeviewer
566D6M6
RegisterClassExW
_ftol2_sse
https://login.microsoftonline.com
5.5Z5g5
not supported
promptuser
;";/;8;T;u;
5#5^5
CheckTokenMembership
1"1.1Y1p1
MouseTrailsVisualEffectSetting
SessionPassword
2=2a2y2
858m8
1<1P1[1y1
7M7u7
t$XPW
SharingController::SetSharingRect
8*959R9p9
2Y2b2i2
3,3034383<3@3D3H3L3P3T3X3\3`3d3~3
It looks like you're not connected. Please close Quick Assist and check your Internet connection. Then try Quick Assist again.
network_down
memmove
=5=L=g=}=
ErrorCode
ViewerTimedOut
(caller: %p)
Model
interrupted
>4>q>
PowerManager
_callnewh
4I4`4
RPCRT4.dll
StringFromGUID2
__set_app_type
Invalid error mode
Width
RestartManager
:,:V:
CreateSwapChainForComposition
5F5\5]7f9v9{9
2.282C2P2W2^2e2w2
LoadIconW
body .text-header {
XPQSh
ParseBeginShareContext
HResult
0A0l0
>'>W>]>c>x>
ParseShowErrorContext
2B2Y2k2
777D7~7
u$WSQ
.rdata$zETW2
4:4N4X4n4x4
Microsoft::RemoteAssistance::AnnotationCanvas::Resume
SizeofResource
2'242:2M2V2^2l2
MonitorTopology
wrong_protocol_type
5:5]5i5
Microsoft::RemoteAssistance::AnnotationScreen::CreateRuntimeObjects
6 6$6(6,6064686<6@6D6H6L6P6T6X6\6`6d6h6l6p6
VisualEffectManager AlterAll
too many symbolic link levels
not enough memory
WindowsDeleteString
AcquireSRWLockShared
ReleaseDC
No context to parse input shortcut
CurrentMinorVersionNumber
.?AVbad_alloc@std@@
Microsoft::RemoteAssistance::WebView::Exec
: :<:w:
:6:R:n:
2(2H2P2X2`2h2p2x2
KHPVQ
context
AppProviderId
8"9;9\9
7)878[8
5&6>6O6`6q6
1E1V1
3'3.343G3R3Y3_3
0'0?0]0o0y0
TranslateMessage
;4<;<y<
filename_too_long
4$4,444<4D4L4T4\4d4l4t4|4
2.3?3
5"5,5G5R5d5s5
GetClientRect
Microsoft::RemoteAssistance::AnnotationRenderer::RenderSurface
G081@
ERROR
Windows.Foundation.Collections.IVector`1<Microsoft.RemoteAssistance.IVisualEffectSetting>
;7;B;I;_;
j$j%h
Microsoft::RemoteAssistance::SharingController::CleanupSharingEvents
unexpected
EnableNetworkDetection
RemoteAssistanceSharingBorderClass
^mSK.
JavaScript error occured
operation_would_block
WideCharToMultiByte
Microsoft::RemoteAssistance::DesktopSharingInterop::SetSharingRect
?3?q?
A7"@fI!2J
Microsoft::RemoteAssistance::AnnotationWindowController::AddScreen
VarFileInfo
Resume
;A;\;e;
Microsoft::RemoteAssistance::DesktopSharingInterop::ChangeSharingMode
0$0D0L0T0\0h0
C,VPQQ
no such file or directory
Obtaining desktop full rect
5"5/5_5o5
7/7U7f7s7
6$6D6L6T6\6d6l6x6
=L=d=
1%1.1
839p9
9m9w9
?&?T?j?
?C?L?[?
81868[8y8
: :':.:S:
9'9W9p9
Microsoft.RemoteAssistance.KeyboardHook
= >P>W>]>j>
_vsnwprintf
Obtain IDXGIFactoryMedia interface
api-ms-win-core-libraryloader-l1-2-0.dll
M QRSP
Windows.Data.Json.JsonObject
AttendeeId
10P0|0
353F3
7$7,747@7`7h7t7
PjVhx
2P3]3
Annotation window controller not registered
;#;G;W;e;
Invalid sharing mode. SharingMode must be FullControl, Annotation, View, or None
enduser\remoteassistance\common\commandhandlers\inputhandlers.cpp
Microsoft::RemoteAssistance::WebView::NavigateToRelativePath
595P5
~,9~0t
<@<M<i<
No context to parse for window positon
enduser\remoteassistance\common\sharingcore\desktopsharingsessioneventssink.cpp
Getting default provider and prompting the user
Decrypted buffer is of insufficent size to null terminate
address family not supported
RegGetValueW
Signaling ChannelMessageReceived
3*4f4
>??U?b?i?p?
wH_^[
mobileoperatorname
UxTheme.dll
stream timeout
RoOriginateErrorW
5?5p5
2(2H2h2
api-ms-win-core-winrt-string-l1-1-0.dll
FormatMessageW
AgentViewer
version="5.1.0.0"
9P9`9
@z<^#
??3@YAXPAX@Z
? ?,?L?T?`?
<security>
3$3,343@3`3h3p3|3
relay
Microsoft::RemoteAssistance::MonitorTopology::GetDesktopFullResolution
6Q6b6
MonitorRect Top physical pixels
CoUninitialize
;2;9;@;G;z;
brushsize
<!-- Copyright (c) Microsoft Corporation -->
Creating and initializing annotation renderer
RdpRelayTransport.dll
ExitThread
444A4W4d4
10.0.17763.1 (WinBuild.160101.0800)
GdipDrawImageRectI
GdipGraphicsClear
1/1c1
Failed to paint the splash screen
0 0$0(0,0004080<0@0D0H0L0P0T0X0\0`0d0h0l0p0t0x0|0
4)4i4
5I5Y5
v(hTx@
Retrieve the Token by prompting user because user interaction is required
<(<c<z<
NavigateEvent
<E<x<
DeleteCriticalSection
responseSizeBytes
RaiseException
GetWindowLongW
GdD6@
0(1>1b1
;U<`<r<
api-ms-win-shcore-obsolete-l1-1-0.dll
No context to parse system restart
https://msft.sts.microsoft.com
success
<><L<S<
AgentSessionGuid
8(8D8c8w8
Obtaining MSA live provider
ext-ms-win-ntuser-window-l1-1-2
3 3$3(3,3034383<3@3D3H3L3P3T3X3\3`3d3h3l3p3t3x3|3
3<3F3U3
ClearTypeVisualEffectSetting
Microsoft::RemoteAssistance::ParseSizeData
io error
;2;=;S;i;
height: 100%;
2f4x4
.CRT$XLA
AdviseRdpSessionEvents
5)6S6
AO4$1
ResponseText
545E5k5
9+979D9p9}9
4$404P4X4`4l4
Windows.Data.Json.JsonValue
enduser\remoteassistance\win32app\appwindow.cpp
shortcut
:1;H<y<
operation canceled
SupportURL
4.5N5
0,151X1l1x1
QuickAssist.exe
Microsoft::RemoteAssistance::VisualEffectSettingsManager::AddSetting
CanvasError HResult
3K4=5t5
InputFocusChanged
5.575z5
var headerString = document.getElementById("headerText").innerHTML;
GetDeviceCaps
ext-ms-win-shell-shell32-l1-2-0.dll
9 9$9(9,9094989<9@9D9H9L9P9T9X9\9`9d9h9l9p9t9x9|9
SplashScreen
;K@t(
topcenter
;$;0;b;i;
:$:D:P:p:x:
Ignoring EndShare request because the request ids do not match
>:?U?b?
808A8g8
;";0;V;
CommandText
virtual desktop is Null
: :$:(:,:0:4:8:<:@:D:H:L:P:T:X:\:`:d:h:l:p:t:x:|:
enduser\remoteassistance\common\restartmanager\restartmanagerimpl.cpp
AllowedUrlManger
6,636:6A6O6d6y6
3<4E4
5B6P6r6
232Z2k2
8$8D8L8X8x8
4(5T5f5
enduser\remoteassistance\common\allowedurlmanager\allowedurlmanagerimpl.cpp
Finished parsing command line:
UnregisterClassW
:$:,:4:<:D:L:X:|:
839D9z9
AddStrokePoint:D2DERR_RECREATE_TARGET
Using headers
enduser\remoteassistance\common\commandhandlers\windowupdatehandler.cpp
7$8/8E8c8|8
Activating the annotation windows
3$3,343<3D3L3T3\3d3l3t3|3
Failed to get current window.
ShowToast
Phd*A
>"><>
2*2Y2i2
SetProcessDpiAwareness
?_?j?
0i1q1
DestroyWindow
2+2O2a2
7%7F7X7f7
= =*=a=
invalid_argument
?*?j?
000x0
api-ms-win-core-threadpool-l1-2-0.dll
api-ms-win-core-heap-l2-1-0.dll
api-ms-win-core-processthreads-l1-1-0.dll
9Z,tg
< <&<Y<x<~<
Microsoft::RemoteAssistance::Application::CleanUp
SetWindowTextW
WebView resize failed
>'>H>c>{>
2F2V2{2
6$6+62696@6G6Y6r6y6
AdviseRelayEvents
=,=9=s=
font-family: Segoe UI Semilight, sans-serif;
=H=v=
OnAttendeeDisconnected
4>4N4
=@=a=
< <,<L<T<`<
Pj*h }@
GdipAlloc
5H5s5
SendAppClose
ext-ms-win-ntuser-keyboard-l1-1-0.dll
An unexpected error occured while processing this message
2)3B3b3o3
0*000C0L0T0q0~0
5>5K5X5_5e5x5
2 2$2(2,2024282<2@2D2H2L2P2T2X2\2`2d2h2l2p2t2x2|2
__wgetmainargs
ReleaseSRWLockExclusive
{
EnableMenuItem
uNPPV
close
SVWj@3
productname
JTk_S/
8+888T8f8s8
aspectratio
Actual
Failed to create Annotation Screens on application's UI thread.
PQRWQ
A0;B@t
7E7O7}7
8L8U8
6G6_6l6
;K@t<
[%hs(%hs)]
EndShareBeforeconnect
Remove OnAttendeeConnected from DesktopSharingInterop
QueryPerformanceCounter
RoReportFailedDelegate
Notify power manager that remote assistance is shutting down
Microsoft::RemoteAssistance::AnnotationWindowController::StartAnnotationMode
041b1
Microsoft::RemoteAssistance::DesktopSharingInterop::RelayConnect
Reason
2'2V2o2
1!2M2l2
<]<j<s<
010?0_0
?)???K?W?^?q?
msvcrt.dll
WindowAnimationVisualEffectSetting
StringFileInfo
Windows.Data.Json.JsonArray
>&>3>F>i>
gdiplus.dll
:3;d;
GIF89a
4@4_4q4
api-ms-win-core-handle-l1-1-0.dll
1&2;2K2V2y2
:,:T:d:r:
AnnotationWindowClassName
?G?u?}?
Microsoft.RemoteAssistance.RestartManager
already_connected
666H6V6
Failed set the accounts control ui complete event
3+3O3
movewindow
padding: 0;
O0X0j0
9':k:
.text$mn
devicemodel
RegSetKeyValueW
broken pipe
050c0{0
6J6t6
Failed to create screen sharing border
CmdLine
Rendering unexpected error page
SOFTWARE\Microsoft\Windows\CurrentVersion\OemInformation
Microsoft::RemoteAssistance::JavascriptBridge::UninjectViewer
3$3,343@3`3h3p3x3
commandavaliable
=M=s=
protocol error
jst Z
TimeoutInMilliseconds
9(:::v:
7 7d7
Invalid preferred password length. Password lengths must be in range of UINT16
;&;B;};
Microsoft::RemoteAssistance::WebView::RenderOfflineTimeoutErrorPage
1 1$1(1,1014181<1@1D1H1L1P1T1X1\1`1d1h1l1p1t1x1|1
? ?-?3?F?O?W?t?
101P1p1
restartmode
width: 100%;
text file busy
<@<V<|<
919V9
Microsoft::RemoteAssistance::AnnotationCanvas::CreateSwapChain
GetRestrictedErrorInfo
EventWriteTransfer
4,4c4{4
Cleaning up desktop sharing interop events
=$=S=`=|=
Prompt User From JS
K4PVQ
;/<C<r<
Deactivate the annotation window
3/4I4[4v4
GdipLoadImageFromStream
No context to parse change brush color command.
document.getElementById('headerText').focus();
address_family_not_supported
CryptUnprotectData
Failed to create keyboard hook on the UI thread
Obtain IDXGIAdapter interface
=.=i=
Microsoft::RemoteAssistance::TraceLogging::WriteEventTelemetryWithAdditionalData
UpdateWindow
4 4(40484D4d4l4t4|4
Gh46@
<!<b<j<y<
latencyMs
Microsoft.RemoteAssistance.CommandResult
ext-ms-win-ntuser-windowclass-l1-1-1.dll
9<9H9j9
WindowsGetStringRawBuffer
<%=,=\=
Annotation
0*272
;&;G;b;};
RoTransformError
t$<WP
Microsoft::RemoteAssistance::DesktopSharingInterop::SetProperty
1d1k1
;H@t&
Microsoft.RemoteAssistance.CommandRequests
timed out
ext-ms-win-kernel32-windowserrorreporting-l1-1-1.dll
Annotation screen has been destroyed. Ignoring Render call
UuidCreate
=.>6>
030^0
IsDebuggerPresent
Found a token
2%2,222S2u2z2
.rdata$zETW1
?"?G?T?]?}?
8 8{8
0E0U0c0
1/1O1p1
CoCreateGuid
permission denied
Microsoft::RemoteAssistance::VisualEffectSettingsManager::ResetAll
_wcmdln
agentmode
;p(uY
>5>>>Q>q>
8:9f9s9z9
Microsoft::RemoteAssistance::DesktopSharingInterop::InitializeRelay
<(<8<Q<n<
4*4L4n4
RaiseFailFastException
state not recoverable
OfflineErrorPage
Number of null sink errors
Microsoft::RemoteAssistance::AnnotationCanvas::CreateSizeDependentResources
SetTimer
Microsoft::RemoteAssistance::CommandHandlersImpl::ProcessMessage
3$3(3,343H3P3X3`3d3h3p3
SetClassLongW
resource
UrlEscapeW
7#7V7
AppIncomingQoS
<4<d<m<N=k=
.CRT$XCA
Cannot remotely resume a session that has been paused by the user
RoGetActivationFactory
;$<C<Z<i<
OleInitialize
9 9'9A9f9{9
PauseSharingByAgent
242F2S2~2
2Q5o5}5
1,141@1`1h1t1
SetThreadpoolTimer
<#=+=:=f=s=
Disconnect the Session .. making the session null
6W7~7
??1type_info@@UAE@XZ
UnhandledExceptionFilter
operationVersion
about:blank
<script type="text/javascript">
FindResourceW
0@0^0k0
operation in progress
DefWindowProcW
EventUnregister
=0=k=
3$3:3
2"2)20272>2Q2
enduser\remoteassistance\common\commandhandlers\restarthandler.cpp
030u0~0
;A;P;
Rendering offline error page
000=0l0|0
3!4B4T4q4
SharerDisconnect:Closing the session
ext-ms-win-ntuser-draw-l1-1-0.dll
res://ieframe.dll/navcancl.htm
030=0H0U0\0c0j0|0
1'1.1=1D1
xDj$Z
0)1H1g1
VS_VERSION_INFO
_ Ku2V
CreateWellKnownSid
enduser\remoteassistance\win32app\splashscreen.cpp
api-ms-win-core-synch-l1-2-0.dll
AdditionalInfo
Microsoft::RemoteAssistance::Application::GetRemoteAssistanceEndpoint
safeboot
filename too long
Microsoft::RemoteAssistance::SplashScreen::WindowWndProc
.CRT$XCZ
yOSSV
/set {current} safeboot network
Remove ChannelMessageReceived from DesktopSharingInterop
Microsoft::RemoteAssistance::MsaManager::PromptAccountsSettings::<lambda_dcd8f975c8a87b53a1408dff14924324>::operator ()
PostQuitMessage
Setting document handler
Windows.Foundation.Collections.IVectorView`1<Microsoft.RemoteAssistance.IMonitorInfo>
map/set<T> too long
1U1f1
<body>
Exception
Sharing is resumed from from RDP level (OnGraphicsStreamResumed)
Microsoft::RemoteAssistance::AnnotationCanvas::RuntimeClassInitialize
929m9
5"5.5O5c5z5
too_many_files_open
api-ms-win-shcore-stream-l1-1-0.dll
RegistryAccess
WaitForMultipleObjectsEx
Creating and initializing annotation canvas
.data
788C8s8
6L6g6~6
*, *:before, *:after {
:3:@:G:M:`:l:t:z:
CRYPT32.dll
3"4M4x4
=2=?=d=
Microsoft::RemoteAssistance::AnnotationCanvas::Suspend
Sending channel command
=F>u>
device or resource busy
;D;Q;s;
CreateKeyboardHook
;";);6;=;D;K;R;Y;`;r;
6'666
80C0c0
2<2T2c2
VisualEffectManager called AlterAll.
memset
devicefamily
enduser\remoteassistance\common\msamanager\msamanagerimpl.cpp
[%hs]
unknown error
=*=R=b=p=
result out of range
>M>Z>
Failed to process EndStroke
Signaling the onConnected event
UnadviseRdpSessionEvents
?.?O?]?
7 7$7(7,7074787<7@7D7H7L7P7T7X7\7`7d7h7l7p7t7x7|7
~$9~(t
T$DRP
RoGetMatchingRestrictedErrorInfo
GetProcAddress
333T3_3f3
GdipGetPropertyItemSize
?(?N?z?
9+9A9W9d9q9~9
</trustInfo>
0 0@0L0l0t0
monitortopologychanged
ProductName
$1Y0Cm*
TimeSinceLastSuspendInMilliseconds
1%1,131:1F1L1
142O2Y2h2
?)?Q?
connectionid
6$6,6I6V6\6o6x6
c14b24ee-081a-407c-a89a-ff5aa60a6223
4"5<5`5
8,8E8N8i8
UpdateLayeredWindow
0 0,0L0X0x0
7,717o7
msaauth
Failed to NotifyJavascript of command
j3j4h@y@
.idata$6
preferredpasswordlength
3 4(4@4
;?;L;
api-ms-win-core-heap-l1-1-0.dll
no such process
=8>M>|>
/080J0d0
0d0o0
service::%s::%s
GetParent
>S>m>
GdipFree
10P0]0n0
text-align: right
window.external.notify(JSON.stringify(disableSplashScreenCommand));
~(9~,t
notify
not_a_socket
<head>
.CRT$XCC
https://login.live.com
bad_file_descriptor
6-6N6^6
<(=5=Q=
CallNextHookEx
RelayConnectionId
K0PVW
=9=F=^=
7o8x8
api-ms-win-ntuser-ie-message-l1-1-0.dll
7G7]7|7
:3:Q:b:
20282@2L2l2t2|2
FileVersion
8.8<8N8{8
424B4P4~4
>$>?>U>l>
.?AVlength_error@std@@
Microsoft::RemoteAssistance::MsaManager::PutIdInCache
9f;:u
8M9a9
hostname
InitialChangeSharingModeFailed
6@6M6
D3D11CreateDevice
Microsoft::RemoteAssistance::SecureDesktopManager::DisableSecureDesktop
3V3h3v3
Render offline error page failed
Value
Height
7%7=7f7
060{0
Failed to remove the keyboard hook
2%3;3_3q3
t)9wH|$
>]?h?
SSSRW
bad address
topmost
Failed to get the token from the local system
memcpy_s
>#>2>S>
< <$<(<,<0<4<8<<<@<D<H<L<P<T<X<\<`<d<h<l<p<t<x<|<
495Q5W5`5g5
operation not permitted
NewHeightInPixels
5H6[6
9J9s9
7(7;7L7Y7
: :4:C:d:}:
<requestedPrivileges>
8!8j8
Microsoft::RemoteAssistance::WebView::RenderOfflineErrorPage
productmajorversion
LineNumber
enduser\remoteassistance\common\telemetry\tracelogging.cpp
closetype
jEjFh
RenderTargetHeightInPixels
2$2,242<2D2L2\2d2l2t2|2
9#909
5(5:5~5
9+9E9
809W9n9
Microsoft::RemoteAssistance::AnnotationWindowController::RemoveScreens
failpath
Requested
Getting application language
t.;:u
132Z2
3%3_3~3
1,1X1j1w1
7h8s8
Retrieve the Token by prompting user
4B4P4{4
GdipCreateBitmapFromScan0
Microsoft::RemoteAssistance::AnnotationScreen::SetCurrentScreenSize
Failed to read command line registry value
H0]0}0
9)90969I9T9^9d9
WindowsCreateString
QQSVWh
</<l<
Microsoft::RemoteAssistance::SharingController::BeginSharing
9-9:9l9
;#<Z<k<
CoTaskMemAlloc
20282D2d2p2
;&<-<Z<
=1=B=F=R=V=b=f=q=
CreateMutexExW
K(PWV
Called SharingCore->BeginShare
GdipCreateFromHDC
>.>M>m>{>
?(?4?T?`?
1?1b1}1
SVWQQ3
EventRegister
1L1a1
OnRelayConnectorError
6+686d6q6
minwidth
enduser\remoteassistance\common\commandhandlers\networkqueryhandler.cpp
5.5x5
~h_^]
CoInitializeEx
?+?V?
Microsoft::RemoteAssistance::SharingController::BeginSharing::<lambda_2a79c83ec1de0320704c93710c37e9b2>::operator ()
sharingmode
Microsoft::RemoteAssistance::ParseBrushColorContext
Microsoft::RemoteAssistance::DesktopSharingInterop::ResumeSharing
BeginSharing failed. Cleaning up any existing sharing sessions.
Microsoft::RemoteAssistance::SharingController::BeginSharing::<lambda_7c463f11422206dd851829de88abe95b>::operator ()
.?AVout_of_range@std@@
InvalidateRect
Authority available
Something went wrong on our end. We're working on it.
5:5]5
Windows.Security.Authentication.Web.Core.WebTokenRequest
HeapAlloc
=3=8===E=P=V={=
enduser\remoteassistance\common\annotations\annotationrenderer.cpp
connectionstring
=2>;>M>
j8j9h
https://c1.microsoft.com
Failed to invalidate the monitors
Visual effects settings manager factory is not registered with DependencyInjector. Continuing without visual effects settings manager factory.
PQQQQQV
destination address required
?,?>?P?p?
SetSplashScreen
GdipGetImageGraphicsContext
4(5N5a5
<*=@=Y=e=
W`_^[
dcomp.dll
243l3
Microsoft::RemoteAssistance::MsaManager::InitializeToken
Clear:D2DERR_RECREATE_TARGET
Description
file exists
.data$brc
4C4[4n4
showtitlebar
8 8$8(8,8084888<8@8D8H8L8P8T8X8\8`8d8h8l8p8t8x8|8
InternalName
6;7L7T7e7
enduser\remoteassistance\common\sharingcore\sharingcontroller.cpp
NoInternet
malloc
2T2a2
QSVW3
Windows.Foundation.Collections.IVectorView`1<Microsoft.RemoteAssistance.IVisualEffectSetting>
<%=/=^=
5K5j5
>N>t>
Present
ext-ms-win-rtcore-gdi-object-l1-1-0.dll
<trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">
api-ms-win-core-profile-l1-1-0.dll
:":+:1:V:m:t:{:
https://remoteassistancedev.support.services.microsoft.com
Collab input sink was null.
.rsrc$02
GdipImageSelectActiveFrame
808x8
Vh0{@
Current
_unlock
iostream
showclose
0'1N1l1
9~(s2Wj
7hTeA
GetDC
TimeElapsed
wrong protocol type
DependencyInjector clear
9&9=9`9
Failed to process BeginStroke
RegisterApplicationRestart
runas
en-US
OLEAUT32.dll
4 4,484b4
ext-ms-win-gdi-draw-l1-1-0.dll
Attempting to initialize MSA token
userlevel
.text$di
BringWindowToTop
// 0x200f is a special right to left Unicode character that will be present if RTL is needed
=_>g>x>
WaitForViewerConnect completed
t"9qPu
api-ms-win-core-url-l1-1-0.dll
</requestedPrivileges>
000004B0
;H@t-
ext-ms-win-ntuser-window-l1-1-0.dll
bad message
1C1P1l1
Invalid relay port. Relay ports must be in range of UINT16
Microsoft::RemoteAssistance::SharingController::CheckIfDesktopInteropExistsThenDelete
GetCurrentProcessId
=&>d>
3!494Y4
target
6S6u6
Failed to resize the splash screen
RegCreateKeyExW
9$:B:H:N:v:
>%>V>
systemversion
ext-ms-win-ntuser-dc-access-ext-l1-1-0.dll
?M?a?
.rdata$zETW0
OnConnectionFailed
argument list too long
CreateThreadpoolTimer
Microsoft::RemoteAssistance::JavascriptBridge::InjectViewer
host unreachable
DCompositionCreateSurfaceHandle
NewWidthInPixels
SendShortcut
272h2
Windows.Foundation.Collections.IIterator`1<Microsoft.RemoteAssistance.IVisualEffectSetting>
AppTrace
<#<-<5<<<N<w<
6-646;6F6U6[6p6
Microsoft::RemoteAssistance::ParseInputShortcutContext
Microsoft::RemoteAssistance::VirtualAnnotationCanvas::AddStrokePoint
network_reset
overflow: hidden;
WaitForSingleObjectEx
iostream stream error
565H5V5
>&>8>F>
;&;3;^;k;
=6>J>X>m>t>{>
6=6J6r6
?U?t?
555U5
SessionTimeoutInMilliseconds
5,5G5a5r5
GetSystemMetrics
6#6/6Z6g6
AppLoad
C8Qh@
:(:6:
bad file descriptor
WindowsDuplicateString
CwZ,^
>3>X>}>
An error occured when calling Annotation component.
WaitForViewerConnectedAsync finsihed waiting for the connected/relay error event event. See hr for result.
:.:;:u:
050f0x0
no such device or address
Microsoft::RemoteAssistance::MsaManager::PromptAccountsSettings::<lambda_a9997656cca38853beff6fb9adce79b7>::operator ()
;F<]<
091f1
Turning off sharing borders
CoTaskMemFree
5 5(505<5\5d5l5x5
?"?A?a?x?
sharing
j$j%h0uA
8<8~8
Adding visual effect setting
CompositionScaleY
.CRT$XIZ
address_in_use
NETSCAPE2.0
5 5(545T5`5
:):J:
6*6M6
Creating and initializing annotation screen
6h6m6
AppError
InitializeCriticalSectionEx
;";>;y;
9 9\9u9
40484D4d4l4t4
DllGetClassObject
!This program cannot be run in DOS mode.
Msg:[%ws]
Microsoft::RemoteAssistance::ParseWindowUpdateContext
8@8b8
?K?c?y?
Pj[h0_A
DXGISwapChainResize
already connected
2$3W3~3
8`8j8
627g7
api-ms-win-eventing-provider-l1-1-0.dll
9 9'999C9M9T9[9t9
Microsoft::RemoteAssistance::AnnotationCanvas::CreateDeviceIndependentResources
2!2<2f2
1,2Q2Y2h2
BeginStroke:D2DERR_RECREATE_TARGET
0)030=0G0Q0[0e0o0y0
4*4V4h4v4
<p id="headerText" class="text-header" tabindex="0">%s</p>
Failed to resolve the dependency for the Keyboard Hook.
4S4a4k4q4
?0?`?
9<9H9h9t9
;(;2;<;F;P;Z;d;n;x;
QueryPerformanceFrequency
5=5k5|5
<-=L=_=|=
; ;2;D;Q;X;k;x;
Adding annotation screen to virtual desktop
*outIsStartAfterReboot
:C:[:
networkstatuschanged
brushcolor
Microsoft::RemoteAssistance::GetMsaTokenHandler
CommandHandlers
api-ms-win-core-synch-l1-1-0.dll
Signaling the onDisconnected event
Success
https://account.live.com
api-ms-win-core-registry-l1-1-1.dll
111;1E1L1S1l1
OpenSemaphoreW
2f3z3
No context to parse window update command
6&6p6
file too large
< <[<n<x<
UIEffectsVisualEffectSetting
Windows.Foundation.Collections.IIterator`1<Microsoft.RemoteAssistance.IMonitorInfo>
1L1d1s1
dependencyOperationName
not a socket
Microsoft.RemoteAssistance.ProductInfo
8-8Y8~8
6m6x6
.CRT$XCU
<!<,<w<
uninjectViewer
0 010A0R0V0\0`0f0j0q0
RemoteAssistance
:#;B;
j8j9h
:-:I:i:
2K3]3
314S4
;,;3;:;\;
WebId
Sharing is paused from RDP level (OnGraphicsStreamPaused)
Windows.Security.Authentication.Web.Core.WebAuthenticationCoreManager
5 5h5
%hs(%d) tid(%x) %08X %ws
6&787F758q8
70S0y0
Microsoft::RemoteAssistance::SharingController::BeginSharing::<lambda_4b4bf1e3b19e28f8eba159bba12e5d58>::operator ()
2,242@2`2h2p2x2
6&686F6R6
GetCurrentProcess
7B7O7
AppAnnotation
8B8^8
Suspend
Resetting the onConnected event
5'5;5X5m5
TrySubmitThreadpoolCallback
>J>}>
102Q2X2
AllowedUrlManager::CheckUrl
QhtzA
VhpJA
CurrentMajorVersionNumber
Failed to parse RCC command request
0p?P\
O0b0l0
Create Direct2d device
not a stream
LocalFree
enduser\remoteassistance\common\commandhandlers\sharinghandlers.cpp
:";X;m;z;
.?AVResultException@wil@@
</assembly>
GetDesktopResolution
7-7>7g7w7
>2>D>V>h>
4#4*4
0,0L0R0Z0g0
=*>7>q>
Translation
groupname
AnnotationRenderLoop
Pj5h
>(>6>S>a>
Microsoft::RemoteAssistance::AnnotationCanvas::CreateDeviceAndContextD2D
OleUninitialize
Microsoft::RemoteAssistance::DesktopSharingInterop::OnRelayConnected
EndSharing
434v4
operation_not_supported
WilError_02
8G8Q8p8z8
354K4|4
2p/d(
SendInput
address_not_available
2*373c3
<,=H=U=
Y_^[]
> >$>(>,>0>4>8><>@>D>H>L>P>T>X>\>`>d>h>l>p>t>x>|>
OnControlLevelChangeRequest
Failed to clear input sink entry
414H4j4
ProductVersion
restartcontext
<$<+<I<x<
363H3V3
Microsoft::RemoteAssistance::WebView::OnMessageFromJavascript
InternetReconnected
__p__commode
3%3i3v3}3
TraceMsg
Failed to end keyboard capture
j;Yj:
Microsoft::RemoteAssistance::MsaManager::GetLocalProvider
Reconnecting...
;H<R<W<|<
__CxxFrameHandler3
<&<-<4<;<B<I<P<W<^<e<l<v<
9E:`:r:
ShowWindow
5@5e5z5
connection_refused
_onexit
4\5e5
Microsoft::RemoteAssistance::DesktopSharingInterop::InitializeDependencies
Invalid session id during registration process
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" xmlns:asmv3="urn:schemas-microsoft-com:asm.v3" manifestVersion="1.0">
enduser\remoteassistance\win32app\webbrowserevents.cpp
>L>Y>x>
.CRT$XIAA
OriginalMessage
no_protocol_option
8'848:8M8V8_8|8
>&?9?@?G?P?]?
5;5h5y5
?8?G?
8/9:9m9
Windows
function not supported
Microsoft::RemoteAssistance::DesktopSharingSessionEventsSink::AdviseRelayEvents
NetworkStatusManager
Microsoft::RemoteAssistance::DesktopSharingInterop::Initialize
9?9L9q9
?%?+?8?R?]?g?r?
WaitResult
GdipImageGetFrameCount
invalid argument
031Y1l1
4#5Y5
5J5\5i5
WebViewWindow
if (headerString[0] === '\u200f') {
api-ms-win-core-apiquery-l1-1-0.dll
D$$9D$(
no such device
.idata$2
7%828N8
;L=U=
api-ms-win-core-debug-l1-1-0.dll
9=9j9
name="QuickAssist"
illegal byte sequence
Microsoft::RemoteAssistance::WebView::OnNavigateComplete2
?what@exception@@UBEPBDXZ
ResumeSharingByUser
Microsoft::RemoteAssistance::MonitorTopology::SendScreenResolutionToAgent
.tls$
var remoteAssistCmd = '%s'; var remoteAssistContext = %s; window.remoteAssistanceWeb.receiveCommand(remoteAssistCmd, remoteAssistContext);
G0Z0m0
1J1Q1
2?2L2h2
Created Creating size dependent resources for the offscreen inked bitmap and created the offscreen bitmap
Microsoft::RemoteAssistance::AllowedUrlManager::CheckUrl
:#:):1:V:
LookupPrivilegeValueW
Sa1L:s
Microsoft.RemoteAssistance.AnnotationScreen
;#;N;[;w;
8L9U9
8@8x8
.gfids
enduser\remoteassistance\common\annotations\offscreeninkedbitmap.cpp
9 :L:U:
:#;5;U;
7C7j7
9C9R9s9
Attempted
An Illegal State Change occured in Annotations
commandname
6'6u6
%hs(%d)\%hs!%p:
Operating System
RoActivateInstance
; ;$;(;,;0;4;8;<;@;D;H;L;P;T;X;\;`;d;h;l;p;t;x;|;
=3=F>X>f>
9(9F9g9
vector<T> too long
0>0\0x0
Failed to handle message from JavaScript
Microsoft::RemoteAssistance::ParseSetSharingModeContext
?'?F?
RelayCorrelationId
GetModuleHandleExW
Microsoft::RemoteAssistance::ParseRestartContext
3'353e3r3
padding: 24px;
api-ms-win-ntuser-ie-window-l1-1-0.dll
2/2A2f2|2
;o;x;
_cexit
Create multi-threaded Direct2d factory object
FullControl
https://signup.live.com
Microsoft::RemoteAssistance::GetBeginSharingAdditionalResponseFields
Microsoft::RemoteAssistance::AnnotationRenderer::ExecuteQueuedDrawCommands
6/6@6
errorcode
9?9X9a9p9
GetLastError
font-size: 24px;
Get Token from Local System
>b>s>x>~>
LogHr
_amsg_exit
BeginSharing
Microsoft::RemoteAssistance::BeginSharingHandler::<lambda_7a10744392c65c1e2b64a2de2c81067f>::operator ()
?terminate@@YAXXZ
Failed to get the web token request result
878R8d8
succeeded
1!1+1A1J1P1U1
targetUri
CommandLineToArgvW
RequestedSharingMode
8F9X9f9
8(8S8
1 1,1L1T1\1h1
9{Ht!
p {
ResponseName
Unknown
api-ms-win-security-lsalookup-l2-1-0.dll
Elevation:Administrator!new:%s
policy
mobileequipmentid
Adding monitor to MonitorTopology
no_buffer_space
AdditionalDetails
<'=8=^=
666C6J6Q6c6p6w6~6
SystemManufacturer
}
?<?D?P?p?x?
sharingsessionconnectionfailed
1Y1{1
api-ms-win-core-winrt-error-l1-1-1.dll
727D7^7
??1exception@@UAE@XZ
GetSystemInfo
9':h:
383B3W3d3
6$6,686X6`6h6t6
1'141_1l1
VisualEffectSettingsManagerFactory
2)303G3r3y3
RelayPort
;N<d<m<}<
?E?N?`?
margin: 0 0 32px 0;
RegCloseKey
='=4=a=n=
GetSystemMenu
323T3
protocolStatusCode
ext-ms-win-ntuser-window-l1-1-1
Microsoft::RemoteAssistance::TraceLogging::InitializeCorrelationVector
SSSSSSSSW
Obtaining web account provider
Microsoft::RemoteAssistance::TraceLogging::RuntimeClassInitialize
6-6;6H6t6
ServiceError
Xf;B
2#3D3U3q3
4R5o5u5{5
7-7f7w7
PE Information
| Image Base | Entry Point | Reported Checksum | Actual Checksum | Minimum OS Version | PDB Path | Compile Time | Import Hash | Icon | Icon Exact Hash | Icon Similarity Hash | Icon DHash |
|---|---|---|---|---|---|---|---|---|---|---|---|
| 0x00400000 | 0x0005ff80 | 0x00082ea0 | 0x00082ea0 | 10.0 | QuickAssist.pdb | 2014-07-22 17:51:42 | 0c0b0ac561e4b744ed9cea645ee4043f |  |
5f2be0574fe669a593e60216c3479f1e | 1cb8290d4e79c26fed3b4826038e0e31 | d3a86a43d3da3959 |
Version Infos
| CompanyName | Microsoft Corporation |
|---|---|
| FileDescription | Quick Assist |
| FileVersion | 10.0.17763.1 (WinBuild.160101.0800) |
| InternalName | QuickAssist.exe |
| LegalCopyright | รยฉ Microsoft Corporation. All rights reserved. |
| OriginalFilename | QuickAssist.exe |
| ProductName | Microsoftรยฎ Windowsรยฎ Operating System |
| ProductVersion | 10.0.17763.1 |
| Translation | 0x0000 0x04b0 |
Sections
| Name | RAW Address | Virtual Address | Virtual Size | Size of Raw Data | Characteristics | Entropy |
|---|---|---|---|---|---|---|
| .text | 0x00000400 | 0x00001000 | 0x00066510 | 0x00066600 | IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ | 6.29 |
| .data | 0x00066a00 | 0x00068000 | 0x000008f8 | 0x00000400 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE | 3.89 |
| .idata | 0x00066e00 | 0x00069000 | 0x00002998 | 0x00002a00 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ | 5.36 |
| .rsrc | 0x00069800 | 0x0006c000 | 0x0000b728 | 0x0000b800 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ | 4.18 |
| .reloc | 0x00075000 | 0x00078000 | 0x00006abc | 0x00006c00 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ | 6.66 |
| Name | Offset | Size | Language | Sub-language | Entropy | File type |
|---|---|---|---|---|---|---|
| MUI | 0x00077650 | 0x000000d8 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 2.72 | None |
| RT_ICON | 0x0006c988 | 0x00000aca | LANG_ENGLISH | SUBLANG_ENGLISH_US | 7.34 | None |
| RT_ICON | 0x0006d458 | 0x00003228 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 2.14 | None |
| RT_ICON | 0x00070680 | 0x00001ca8 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 2.17 | None |
| RT_ICON | 0x00072328 | 0x00001428 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 2.16 | None |
| RT_ICON | 0x00073750 | 0x00000ca8 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 2.17 | None |
| RT_ICON | 0x000743f8 | 0x00000748 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 2.17 | None |
| RT_ICON | 0x00074b40 | 0x00000528 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 2.27 | None |
| RT_ICON | 0x00075068 | 0x00000368 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 2.21 | None |
| RT_GROUP_ICON | 0x000753d0 | 0x00000076 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 2.90 | None |
| RT_VERSION | 0x0006c5f0 | 0x00000398 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 3.44 | None |
| RT_MANIFEST | 0x0006c350 | 0x0000029d | LANG_ENGLISH | SUBLANG_ENGLISH_US | 5.01 | None |
| None | 0x00075448 | 0x000001a1 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 7.46 | None |
| None | 0x000755f0 | 0x0000205f | LANG_ENGLISH | SUBLANG_ENGLISH_US | 6.82 | None |
Imports
| Name | Address |
|---|---|
| GetModuleHandleExW | 0x4690e0 |
| SizeofResource | 0x4690e4 |
| FreeLibrary | 0x4690e8 |
| GetModuleHandleW | 0x4690ec |
| GetProcAddress | 0x4690f0 |
| GetModuleFileNameA | 0x4690f4 |
| LockResource | 0x4690f8 |
| LoadResource | 0x4690fc |
| LoadStringW | 0x469100 |
| Name | Address |
|---|---|
| DeleteCriticalSection | 0x469180 |
| ReleaseSemaphore | 0x469184 |
| InitializeCriticalSectionEx | 0x469188 |
| CreateSemaphoreExW | 0x46918c |
| ReleaseSRWLockShared | 0x469190 |
| AcquireSRWLockShared | 0x469194 |
| WaitForSingleObject | 0x469198 |
| WaitForMultipleObjectsEx | 0x46919c |
| CreateEventExW | 0x4691a0 |
| ReleaseMutex | 0x4691a4 |
| InitializeSRWLock | 0x4691a8 |
| WaitForSingleObjectEx | 0x4691ac |
| OpenSemaphoreW | 0x4691b0 |
| SetEvent | 0x4691b4 |
| CreateMutexExW | 0x4691b8 |
| ResetEvent | 0x4691bc |
| AcquireSRWLockExclusive | 0x4691c0 |
| ReleaseSRWLockExclusive | 0x4691c4 |
| Name | Address |
|---|---|
| HeapAlloc | 0x4690c8 |
| HeapFree | 0x4690cc |
| GetProcessHeap | 0x4690d0 |
| Name | Address |
|---|---|
| SetLastError | 0x4690a8 |
| UnhandledExceptionFilter | 0x4690ac |
| GetLastError | 0x4690b0 |
| SetUnhandledExceptionFilter | 0x4690b4 |
| RaiseException | 0x4690b8 |
| Name | Address |
|---|---|
| OpenProcessToken | 0x46911c |
| GetCurrentProcess | 0x469120 |
| GetCurrentProcessId | 0x469124 |
| GetStartupInfoW | 0x469128 |
| ExitThread | 0x46912c |
| TerminateProcess | 0x469130 |
| CreateThread | 0x469134 |
| GetCurrentThreadId | 0x469138 |
| Name | Address |
|---|---|
| FormatMessageW | 0x469114 |
| Name | Address |
|---|---|
| IsDebuggerPresent | 0x469098 |
| DebugBreak | 0x46909c |
| OutputDebugStringW | 0x4690a0 |
| Name | Address |
|---|---|
| CloseHandle | 0x4690c0 |
| Name | Address |
|---|---|
| MultiByteToWideChar | 0x469174 |
| WideCharToMultiByte | 0x469178 |
| Name | Address |
|---|---|
| GetSystemTimeAsFileTime | 0x4691d8 |
| GetTickCount64 | 0x4691dc |
| GetTickCount | 0x4691e0 |
| Name | Address |
|---|---|
| CoCreateGuid | 0x469060 |
| CoCreateInstance | 0x469064 |
| StringFromGUID2 | 0x469068 |
| CoGetApartmentType | 0x46906c |
| CoCreateFreeThreadedMarshaler | 0x469070 |
| CoTaskMemAlloc | 0x469074 |
| CoUninitialize | 0x469078 |
| CoGetInterfaceAndReleaseStream | 0x46907c |
| CoTaskMemFree | 0x469080 |
| CoCreateInstanceFromApp | 0x469084 |
| CoInitializeEx | 0x469088 |
| Name | Address |
|---|---|
| SysStringLen | 0x469018 |
| SafeArrayUnaccessData | 0x46901c |
| SysAllocString | 0x469020 |
| SafeArrayDestroy | 0x469024 |
| SysFreeString | 0x469028 |
| SafeArrayCreate | 0x46902c |
| SafeArrayAccessData | 0x469030 |
| VariantChangeType | 0x469034 |
| VariantInit | 0x469038 |
| Name | Address |
|---|---|
| RegOpenKeyExW | 0x46914c |
| RegGetValueW | 0x469150 |
| RegCloseKey | 0x469154 |
| RegSetValueExW | 0x469158 |
| RegCreateKeyExW | 0x46915c |
| Name | Address |
|---|---|
| FindResourceW | 0x469108 |
| LoadLibraryW | 0x46910c |
| Name | Address |
|---|---|
| GetTokenInformation | 0x4692c8 |
| CreateWellKnownSid | 0x4692cc |
| CheckTokenMembership | 0x4692d0 |
| AdjustTokenPrivileges | 0x4692d4 |
| Name | Address |
|---|---|
| LookupPrivilegeValueW | 0x4692dc |
| Name | Address |
|---|---|
| WindowsDeleteString | 0x469240 |
| WindowsCreateString | 0x469244 |
| WindowsGetStringLen | 0x469248 |
| WindowsDuplicateString | 0x46924c |
| WindowsGetStringRawBuffer | 0x469250 |
| WindowsCreateStringReference | 0x469254 |
| WindowsIsStringEmpty | 0x469258 |
| Name | Address |
|---|---|
| EventUnregister | 0x469260 |
| EventSetInformation | 0x469264 |
| EventRegister | 0x469268 |
| EventWriteTransfer | 0x46926c |
| Name | Address |
|---|---|
| RoOriginateError | 0x46920c |
| SetRestrictedErrorInfo | 0x469210 |
| RoOriginateErrorW | 0x469214 |
| GetRestrictedErrorInfo | 0x469218 |
| RoTransformError | 0x46921c |
| Name | Address |
|---|---|
| RoActivateInstance | 0x469234 |
| RoGetActivationFactory | 0x469238 |
| Name | Address |
|---|---|
| SystemParametersInfoW | 0x4692a4 |
| GetSystemMetrics | 0x4692a8 |
| EnumDisplayMonitors | 0x4692ac |
| Name | Address |
|---|---|
| GetDpiForMonitor | 0x4692ec |
| SetProcessDpiAwareness | 0x4692f0 |
| Name | Address |
|---|---|
| CommandLineToArgvW | 0x4692e4 |
| Name | Address |
|---|---|
| LocalFree | 0x4690d8 |
| Name | Address |
|---|---|
| RoGetMatchingRestrictedErrorInfo | 0x469224 |
| RoReportFailedDelegate | 0x469228 |
| IsErrorPropagationEnabled | 0x46922c |
| Name | Address |
|---|---|
| SHCreateMemStream | 0x4692f8 |
| Name | Address |
|---|---|
| Sleep | 0x4691cc |
| InitOnceExecuteOnce | 0x4691d0 |
| Name | Address |
|---|---|
| QueryPerformanceFrequency | 0x469140 |
| QueryPerformanceCounter | 0x469144 |
| Name | Address |
|---|---|
| SetWindowThemeAttribute | 0x469050 |
| Name | Address |
|---|---|
| GdiplusStartup | 0x4693e4 |
| GdiplusShutdown | 0x4693e8 |
| GdipCreateBitmapFromScan0 | 0x4693ec |
| GdipLoadImageFromStream | 0x4693f0 |
| GdipDisposeImage | 0x4693f4 |
| GdipCreateFromHDC | 0x4693f8 |
| GdipGetImageWidth | 0x4693fc |
| GdipGetPropertyItem | 0x469400 |
| GdipGetPropertyItemSize | 0x469404 |
| GdipImageSelectActiveFrame | 0x469408 |
| GdipFree | 0x46940c |
| GdipGetImageGraphicsContext | 0x469410 |
| GdipDeleteGraphics | 0x469414 |
| GdipGraphicsClear | 0x469418 |
| GdipAlloc | 0x46941c |
| GdipDrawImageI | 0x469420 |
| GdipDrawImageRectI | 0x469424 |
| GdipImageGetFrameDimensionsList | 0x469428 |
| GdipImageGetFrameCount | 0x46942c |
| GdipImageGetFrameDimensionsCount | 0x469430 |
| GdipGetImageHeight | 0x469434 |
| GdipCloneImage | 0x469438 |
| Name | Address |
|---|---|
| OleUninitialize | 0x46931c |
| OleInitialize | 0x469320 |
| Name | Address |
|---|---|
| BeginPaint | 0x46934c |
| EndPaint | 0x469350 |
| InvalidateRect | 0x469354 |
| UpdateWindow | 0x469358 |
| Name | Address |
|---|---|
| GetClientRect | 0x469384 |
| BringWindowToTop | 0x469388 |
| SetWindowTextW | 0x46938c |
| GetWindowRect | 0x469390 |
| DefWindowProcW | 0x469394 |
| UnhookWindowsHookEx | 0x469398 |
| SetWindowsHookExW | 0x46939c |
| CallNextHookEx | 0x4693a0 |
| ShowWindow | 0x4693a4 |
| DestroyWindow | 0x4693a8 |
| Name | Address |
|---|---|
| GetWindowLongW | 0x46928c |
| SetTimer | 0x469290 |
| KillTimer | 0x469294 |
| SetWindowLongW | 0x469298 |
| UnregisterClassW | 0x46929c |
| Name | Address |
|---|---|
| PostMessageW | 0x469274 |
| PostQuitMessage | 0x469278 |
| DispatchMessageW | 0x46927c |
| GetMessageW | 0x469280 |
| TranslateMessage | 0x469284 |
| Name | Address |
|---|---|
| UuidCreate | 0x469040 |
| Name | Address |
|---|---|
| SendInput | 0x46936c |
| GetKeyState | 0x469370 |
| Name | Address |
|---|---|
| GetDeviceCaps | 0x469328 |
| Name | Address |
|---|---|
| ShellExecuteW | 0x4693dc |
| Name | Address |
|---|---|
| RoGetAgileReference | 0x469090 |
| Name | Address |
|---|---|
| RegisterClassExW | 0x4692b4 |
| CreateWindowExW | 0x4692b8 |
| GetParent | 0x4692bc |
| SetWindowPos | 0x4692c0 |
| Name | Address |
|---|---|
| D3D11CreateDevice | 0x469308 |
| Name | Address |
|---|---|
| CloseThreadpoolTimer | 0x4691e8 |
| TrySubmitThreadpoolCallback | 0x4691ec |
| CallbackMayRunLong | 0x4691f0 |
| CreateThreadpoolTimer | 0x4691f4 |
| SetThreadpoolTimer | 0x4691f8 |
| WaitForThreadpoolTimerCallbacks | 0x4691fc |
| Name | Address |
|---|---|
| UrlEscapeW | 0x469204 |
| Name | Address |
|---|---|
| InitiateShutdownW | 0x46916c |
| Name | Address |
|---|---|
| RegSetKeyValueW | 0x469164 |
| Name | Address |
|---|---|
| CryptUnprotectData | 0x46900c |
| CryptProtectData | 0x469010 |
| Name | Address |
|---|---|
| DCompositionCreateSurfaceHandle | 0x469310 |
| DCompositionCreateDevice2 | 0x469314 |
| Name | Address |
|---|---|
| SendSAS | 0x469048 |
| Name | Address |
|---|---|
| UpdateLayeredWindow | 0x4693b0 |
| SetLayeredWindowAttributes | 0x4693b4 |
| Name | Address |
|---|---|
| ApiSetQueryApiSetPresence | 0x469058 |
| Name | Address |
|---|---|
| CoGetObject | 0x4693cc |
| Name | Address |
|---|---|
| CreateSolidBrush | 0x469330 |
| Name | Address |
|---|---|
| DeleteObject | 0x4693d4 |
| Name | Address |
|---|---|
| GetClassLongW | 0x4693bc |
| Name | Address |
|---|---|
| SetClassLongW | 0x4693c4 |
| Name | Address |
|---|---|
| RegisterApplicationRestart | 0x469338 |
Usage
Processing ( 0.68 seconds )
- 0.672 CAPE
- 0.007 AnalysisInfo
- 0.001 Debug
Signatures ( 0.06 seconds )
- 0.01 antianalysis_detectfile
- 0.008 ransomware_files
- 0.005 antiav_detectreg
- 0.005 ransomware_extensions
- 0.003 ursnif_behavior
- 0.002 antiav_detectfile
- 0.002 infostealer_ftp
- 0.002 infostealer_im
- 0.002 poullight_files
- 0.002 territorial_disputes_sigs
- 0.001 banker_zeus_p2p
- 0.001 bot_drive
- 0.001 bot_drive2
- 0.001 antianalysis_detectreg
- 0.001 antivm_vbox_files
- 0.001 antivm_vbox_keys
- 0.001 geodo_banking_trojan
- 0.001 browser_security
- 0.001 disables_backups
- 0.001 disables_browser_warn
- 0.001 disables_power_options
- 0.001 azorult_mutexes
- 0.001 infostealer_bitcoin
- 0.001 cryptbot_files
- 0.001 echelon_files
- 0.001 infostealer_mail
- 0.001 masquerade_process_name
- 0.001 revil_mutexes
- 0.001 modirat_behavior
Reporting ( 0.00 seconds )
- 0.001 CAPASummary
- 0.001 JsonDump
Signatures
The PE file contains a PDB path
pdbpath: QuickAssist.pdb
Anomalous binary characteristics
anomaly: Entrypoint of binary is located outside of any mapped sections
Screenshots
No screenshots available.Hosts
No hosts contacted.
DNS
No domains contacted.
Summary
Sorry! No behavior.
Sorry! No strace.
Sorry! No tracee.
No hosts contacted.
No TCP connections recorded.
No UDP connections recorded.
No domains contacted.
HTTP Requests
No HTTP(s) requests performed.
SMTP traffic
No SMTP traffic performed.
IRC traffic
No IRC requests performed.
No ICMP traffic performed.
CIF Results
No CIF Results
Suricata Alerts
No Suricata Alerts
Suricata TLS
No Suricata TLS
Suricata HTTP
No Suricata HTTP
Sorry! No Suricata Extracted files.
Sorry! No dropped files.
Sorry! No process dumps.