File regiterwindow - Copy.exe

Size 496.5KB Resubmit sample
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 e2b7d8dc01965bca44a62171d7504e15
SHA1 375a4bde5f76ea17354b3b5bf19c768689c15a68
SHA256 684ff3796348584fbcdcfa1666f2172d478a29e3b3f9a9ec849ea9254d70f8de
SHA512
dfcaf63f316f5fbf589710b82def45d2126934b3f7420ead64d26acea4d07724c354bb51ee8e9e297a7f20ded62fde5e238ce511cdb7d93213b92ca7a2fd34e9
CRC32 76054E8A
ssdeep 6144:yBJ5OtbOBYHe9TSVS9ONcKwQA5K/K5krHUeug3hF7J36QJ8NI7qtr4ImUsFISg:CktyBZ9TSWIHtugz1LJ8NRV4Oog
PDB Path D:\education tests\charlz example by me\regiterwindow\Debug\regiterwindow.pdb
Yara
  • IsPE32 -
  • IsWindowsGUI -
  • HasDebugData - DebugData Check
  • HasRichSignature - Rich Signature Check
  • PEiD_00497_dUP_v2_x_Patcher_____www_diablo2oo2_cjb_net_ - [dUP v2.x Patcher --> www.diablo2oo2.cjb.net]
  • PEiD_01004_MASM_TASM___sig1_h__ - [MASM/TASM - sig1(h)]
  • PEiD_01007_MASM_TASM___sig4__h__ - [MASM/TASM - sig4 (h)]
  • PEiD_01070_Microsoft_Visual_C___6_0___8_0_ - [Microsoft Visual C++ 6.0 - 8.0]
  • PEiD_01087_Microsoft_Visual_C___8_0__Debug_ - [Microsoft Visual C++ 8.0 [Debug]
  • PEiD_01088_Microsoft_Visual_C___8_0__Debug__ - [Microsoft Visual C++ 8.0 [Debug]]
  • PEiD_01272_Neolite_v2_0_ - [Neolite v2.0]
  • PEiD_01686_Petite_v2_2____www_un4seen_com_petite_ - [Petite v2.2 -> www.un4seen.com/petite]
  • PEiD_01693_pex_V0_99____params_ - [pex V0.99 -> params]
  • PEiD_02152_StarForce_V3_X_DLL____StarForce_Copy_Protection_System_ - [StarForce V3.X DLL -> StarForce Copy Protection System]
  • PEiD_02161_Stranik_1_3_Modula_C_Pascal_ - [Stranik 1.3 Modula/C/Pascal]
  • Contains_PE_File - Detect a PE file inside a byte sequence
  • DebuggerException__SetConsoleCtrl -
  • Check_OutputDebugStringA_iat -
  • anti_dbg - Checks if being debugged
  • win_files_operation - Affect private profile
  • contentis_base64 - This rule finds for base64 strings
  • Microsoft_Visual_Cpp_V80_Debug -
  • Microsoft_Visual_Cpp_80_Debug_ -
  • Microsoft_Visual_Cpp_80_Debug -
  • maldoc_function_prolog_signature -
  • maldoc_structured_exception_handling -
  • maldoc_suspicious_strings -

Score

This file shows some signs of potential malicious behavior.

The score of this file is 1.4 out of 10.

Please notice: The scoring system is currently still in development and should be considered an alpha feature.

Information on Execution

Category Started Completed Duration Logs
FILE March 4, 2017, 7:02 a.m. March 4, 2017, 7:06 a.m. 257 seconds

Machine

Name Label Started On Shutdown On
winxpsp3x86 winxpsp3x86 2017-03-04 07:02:25 2017-03-04 07:06:42

Analyzer Log

2017-03-04 15:02:24,015 [analyzer] DEBUG: Starting analyzer from: C:\amjibfckoo
2017-03-04 15:02:24,030 [analyzer] DEBUG: Pipe server name: \\.\PIPE\eOdLfMzuKxrXPUHPPPVUcnEMxh
2017-03-04 15:02:24,030 [analyzer] DEBUG: Log pipe server name: \\.\PIPE\bJUivixrYidKfweGvw
2017-03-04 15:02:24,030 [analyzer] DEBUG: No analysis package specified, trying to detect it automagically.
2017-03-04 15:02:24,030 [analyzer] INFO: Automatically selected analysis package "exe"
2017-03-04 15:02:25,717 [analyzer] DEBUG: Started auxiliary module Disguise
2017-03-04 15:02:25,842 [analyzer] WARNING: Unable to find the correct offsets for functions of: 32-bit kernel32.dll (with timestamp 0x4802a12c)
2017-03-04 15:02:25,842 [analyzer] WARNING: Unable to find the correct offsets for functions of: 32-bit kernel32.dll (with timestamp 0x4802a12c)
2017-03-04 15:02:25,905 [analyzer] DEBUG: Loaded monitor into process with pid 700
2017-03-04 15:02:25,905 [analyzer] DEBUG: Started auxiliary module DumpTLSMasterSecrets
2017-03-04 15:02:25,905 [analyzer] DEBUG: Started auxiliary module Human
2017-03-04 15:02:25,905 [analyzer] DEBUG: Started auxiliary module InstallCertificate
2017-03-04 15:02:25,905 [analyzer] DEBUG: Started auxiliary module Reboot
2017-03-04 15:02:26,125 [analyzer] DEBUG: Started auxiliary module RecentFiles
2017-03-04 15:02:26,125 [analyzer] DEBUG: Started auxiliary module Screenshots
2017-03-04 15:02:26,233 [lib.api.process] INFO: Successfully executed process from path u'C:\\DOCUME~1\\zamen\\LOCALS~1\\Temp\\regiterwindow - Copy.exe' with arguments '' and pid 1772
2017-03-04 15:02:26,312 [analyzer] WARNING: Unable to find the correct offsets for functions of: 32-bit kernel32.dll (with timestamp 0x4802a12c)
2017-03-04 15:02:26,312 [analyzer] WARNING: Unable to find the correct offsets for functions of: 32-bit kernel32.dll (with timestamp 0x4802a12c)
2017-03-04 15:02:26,437 [analyzer] DEBUG: Loaded monitor into process with pid 1772
2017-03-04 15:02:26,467 [analyzer] DEBUG: Received request to inject pid=1772, but we are already injected there.
2017-03-04 15:06:25,500 [analyzer] INFO: Analysis timeout hit, terminating analysis.
2017-03-04 15:06:26,280 [lib.api.process] INFO: Memory dump of process with pid 1772 completed
2017-03-04 15:06:26,280 [analyzer] INFO: Terminating remaining processes before shutdown.
2017-03-04 15:06:26,280 [lib.api.process] INFO: Successfully terminated process with pid 1772.
2017-03-04 15:06:26,280 [analyzer] INFO: Analysis completed.

Cuckoo Log

2017-03-04 07:02:25,474 [lib.cuckoo.core.scheduler] INFO: Task #3: acquired machine winxpsp3x86 (label=winxpsp3x86)
2017-03-04 07:02:25,485 [modules.auxiliary.sniffer] INFO: Started sniffer with PID 13045 (interface=eth2, host=192.168.128.101, pcap=/opt/cuckoo/storage/analyses/3/dump.pcap)
2017-03-04 07:02:31,670 [lib.cuckoo.core.guest] INFO: Starting analysis on guest (id=winxpsp3x86, ip=192.168.128.101)
2017-03-04 07:06:42,271 [lib.cuckoo.core.guest] INFO: winxpsp3x86: analysis completed successfully
2017-03-04 07:06:45,655 [lib.cuckoo.core.plugins] WARNING: The processing module "Suricata" returned the following error: Unable to locate Suricata binary
2017-03-04 07:06:47,172 [elasticsearch] WARNING: HEAD http://127.0.0.1:9200/_template/cuckoo_template [status:N/A request:0.001s]
Traceback (most recent call last):
  File "/usr/local/lib/python2.7/dist-packages/elasticsearch/connection/http_urllib3.py", line 94, in perform_request
    response = self.pool.urlopen(method, url, body, retries=False, headers=self.headers, **kw)
  File "/usr/local/lib/python2.7/dist-packages/urllib3/connectionpool.py", line 643, in urlopen
    _stacktrace=sys.exc_info()[2])
  File "/usr/local/lib/python2.7/dist-packages/urllib3/util/retry.py", line 251, in increment
    raise six.reraise(type(error), error, _stacktrace)
  File "/usr/local/lib/python2.7/dist-packages/urllib3/connectionpool.py", line 594, in urlopen
    chunked=chunked)
  File "/usr/local/lib/python2.7/dist-packages/urllib3/connectionpool.py", line 361, in _make_request
    conn.request(method, url, **httplib_request_kw)
  File "/usr/lib/python2.7/httplib.py", line 1017, in request
    self._send_request(method, url, body, headers)
  File "/usr/lib/python2.7/httplib.py", line 1051, in _send_request
    self.endheaders(body)
  File "/usr/lib/python2.7/httplib.py", line 1013, in endheaders
    self._send_output(message_body)
  File "/usr/lib/python2.7/httplib.py", line 864, in _send_output
    self.send(msg)
  File "/usr/lib/python2.7/httplib.py", line 826, in send
    self.connect()
  File "/usr/local/lib/python2.7/dist-packages/urllib3/connection.py", line 163, in connect
    conn = self._new_conn()
  File "/usr/local/lib/python2.7/dist-packages/urllib3/connection.py", line 147, in _new_conn
    self, "Failed to establish a new connection: %s" % e)
NewConnectionError: <urllib3.connection.HTTPConnection object at 0x7ff076175a50>: Failed to establish a new connection: [Errno 111] Connection refused
2017-03-04 07:06:47,173 [elasticsearch] WARNING: HEAD http://127.0.0.1:9200/_template/cuckoo_template [status:N/A request:0.000s]
Traceback (most recent call last):
  File "/usr/local/lib/python2.7/dist-packages/elasticsearch/connection/http_urllib3.py", line 94, in perform_request
    response = self.pool.urlopen(method, url, body, retries=False, headers=self.headers, **kw)
  File "/usr/local/lib/python2.7/dist-packages/urllib3/connectionpool.py", line 643, in urlopen
    _stacktrace=sys.exc_info()[2])
  File "/usr/local/lib/python2.7/dist-packages/urllib3/util/retry.py", line 251, in increment
    raise six.reraise(type(error), error, _stacktrace)
  File "/usr/local/lib/python2.7/dist-packages/urllib3/connectionpool.py", line 594, in urlopen
    chunked=chunked)
  File "/usr/local/lib/python2.7/dist-packages/urllib3/connectionpool.py", line 361, in _make_request
    conn.request(method, url, **httplib_request_kw)
  File "/usr/lib/python2.7/httplib.py", line 1017, in request
    self._send_request(method, url, body, headers)
  File "/usr/lib/python2.7/httplib.py", line 1051, in _send_request
    self.endheaders(body)
  File "/usr/lib/python2.7/httplib.py", line 1013, in endheaders
    self._send_output(message_body)
  File "/usr/lib/python2.7/httplib.py", line 864, in _send_output
    self.send(msg)
  File "/usr/lib/python2.7/httplib.py", line 826, in send
    self.connect()
  File "/usr/local/lib/python2.7/dist-packages/urllib3/connection.py", line 163, in connect
    conn = self._new_conn()
  File "/usr/local/lib/python2.7/dist-packages/urllib3/connection.py", line 147, in _new_conn
    self, "Failed to establish a new connection: %s" % e)
NewConnectionError: <urllib3.connection.HTTPConnection object at 0x7ff076175990>: Failed to establish a new connection: [Errno 111] Connection refused
2017-03-04 07:06:47,174 [elasticsearch] WARNING: HEAD http://127.0.0.1:9200/_template/cuckoo_template [status:N/A request:0.000s]
Traceback (most recent call last):
  File "/usr/local/lib/python2.7/dist-packages/elasticsearch/connection/http_urllib3.py", line 94, in perform_request
    response = self.pool.urlopen(method, url, body, retries=False, headers=self.headers, **kw)
  File "/usr/local/lib/python2.7/dist-packages/urllib3/connectionpool.py", line 643, in urlopen
    _stacktrace=sys.exc_info()[2])
  File "/usr/local/lib/python2.7/dist-packages/urllib3/util/retry.py", line 251, in increment
    raise six.reraise(type(error), error, _stacktrace)
  File "/usr/local/lib/python2.7/dist-packages/urllib3/connectionpool.py", line 594, in urlopen
    chunked=chunked)
  File "/usr/local/lib/python2.7/dist-packages/urllib3/connectionpool.py", line 361, in _make_request
    conn.request(method, url, **httplib_request_kw)
  File "/usr/lib/python2.7/httplib.py", line 1017, in request
    self._send_request(method, url, body, headers)
  File "/usr/lib/python2.7/httplib.py", line 1051, in _send_request
    self.endheaders(body)
  File "/usr/lib/python2.7/httplib.py", line 1013, in endheaders
    self._send_output(message_body)
  File "/usr/lib/python2.7/httplib.py", line 864, in _send_output
    self.send(msg)
  File "/usr/lib/python2.7/httplib.py", line 826, in send
    self.connect()
  File "/usr/local/lib/python2.7/dist-packages/urllib3/connection.py", line 163, in connect
    conn = self._new_conn()
  File "/usr/local/lib/python2.7/dist-packages/urllib3/connection.py", line 147, in _new_conn
    self, "Failed to establish a new connection: %s" % e)
NewConnectionError: <urllib3.connection.HTTPConnection object at 0x7ff076175650>: Failed to establish a new connection: [Errno 111] Connection refused
2017-03-04 07:06:47,175 [elasticsearch] WARNING: HEAD http://127.0.0.1:9200/_template/cuckoo_template [status:N/A request:0.000s]
Traceback (most recent call last):
  File "/usr/local/lib/python2.7/dist-packages/elasticsearch/connection/http_urllib3.py", line 94, in perform_request
    response = self.pool.urlopen(method, url, body, retries=False, headers=self.headers, **kw)
  File "/usr/local/lib/python2.7/dist-packages/urllib3/connectionpool.py", line 643, in urlopen
    _stacktrace=sys.exc_info()[2])
  File "/usr/local/lib/python2.7/dist-packages/urllib3/util/retry.py", line 251, in increment
    raise six.reraise(type(error), error, _stacktrace)
  File "/usr/local/lib/python2.7/dist-packages/urllib3/connectionpool.py", line 594, in urlopen
    chunked=chunked)
  File "/usr/local/lib/python2.7/dist-packages/urllib3/connectionpool.py", line 361, in _make_request
    conn.request(method, url, **httplib_request_kw)
  File "/usr/lib/python2.7/httplib.py", line 1017, in request
    self._send_request(method, url, body, headers)
  File "/usr/lib/python2.7/httplib.py", line 1051, in _send_request
    self.endheaders(body)
  File "/usr/lib/python2.7/httplib.py", line 1013, in endheaders
    self._send_output(message_body)
  File "/usr/lib/python2.7/httplib.py", line 864, in _send_output
    self.send(msg)
  File "/usr/lib/python2.7/httplib.py", line 826, in send
    self.connect()
  File "/usr/local/lib/python2.7/dist-packages/urllib3/connection.py", line 163, in connect
    conn = self._new_conn()
  File "/usr/local/lib/python2.7/dist-packages/urllib3/connection.py", line 147, in _new_conn
    self, "Failed to establish a new connection: %s" % e)
NewConnectionError: <urllib3.connection.HTTPConnection object at 0x7ff076175f90>: Failed to establish a new connection: [Errno 111] Connection refused
2017-03-04 07:06:47,175 [lib.cuckoo.core.plugins] ERROR: Failed to run the reporting module "ElasticSearch":
Traceback (most recent call last):
  File "/opt/cuckoo/lib/cuckoo/core/plugins.py", line 533, in process
    current.run(self.results)
  File "/opt/cuckoo/modules/reporting/elasticsearch.py", line 196, in run
    self.connect()
  File "/opt/cuckoo/modules/reporting/elasticsearch.py", line 79, in connect
    if not self.es.indices.exists_template("cuckoo_template"):
  File "/usr/local/lib/python2.7/dist-packages/elasticsearch/client/utils.py", line 69, in _wrapped
    return func(*args, params=params, **kwargs)
  File "/usr/local/lib/python2.7/dist-packages/elasticsearch/client/indices.py", line 491, in exists_template
    name), params=params)
  File "/usr/local/lib/python2.7/dist-packages/elasticsearch/transport.py", line 327, in perform_request
    status, headers, data = connection.perform_request(method, url, params, body, ignore=ignore, timeout=timeout)
  File "/usr/local/lib/python2.7/dist-packages/elasticsearch/connection/http_urllib3.py", line 105, in perform_request
    raise ConnectionError('N/A', str(e), e)
ConnectionError: ConnectionError(<urllib3.connection.HTTPConnection object at 0x7ff076175f90>: Failed to establish a new connection: [Errno 111] Connection refused) caused by: NewConnectionError(<urllib3.connection.HTTPConnection object at 0x7ff076175f90>: Failed to establish a new connection: [Errno 111] Connection refused)

Signatures

This executable has a PDB path (1 event)
pdb_path D:\education tests\charlz example by me\regiterwindow\Debug\regiterwindow.pdb
The executable has PE anomalies (could be a false positive) (1 event)
section .textbss
Connects to an IP address that is no longer responding to requests (legitimate services will remain up-and-running usually) (1 event)
dead_host 192.158.197.132:3460

Screenshots

Network

DNS

Name Response Post-Analysis Lookup
time.windows.com

Summary

Process regiterwindow - Copy.exe (1772)

Process regiterwindow - Copy.exe (1772)

  • Registry keys opened

    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\SystemShared\
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\ThemeManager
    • HKEY_CURRENT_USER\SOFTWARE\Microsoft\CTF\LangBarAddIn\
    • HKEY_CURRENT_USER\Keyboard Layout\Toggle
    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\Compatibility\regiterwindow - Copy.exe
    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\
    • HKEY_CURRENT_USER\Control Panel\Desktop
    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\LangBarAddIn\
  • Registry keys read

    • HKEY_CURRENT_USER\Keyboard Layout\Toggle\Language Hotkey
    • HKEY_CURRENT_USER\Keyboard Layout\Toggle\Hotkey
    • HKEY_CURRENT_USER\Keyboard Layout\Toggle\Layout Hotkey
    • HKEY_CURRENT_USER\Control Panel\Desktop\LameButtonText
    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\EnableAnchorContext
    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\SystemShared\CUAS
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\ThemeManager\Compositing

Process regiterwindow - Copy.exe (1772)

  • Mutexes accessed

    • CTF.TimListCache.FMPDefaultS-1-5-21-1844237615-1935655697-725345543-1003MUTEX.DefaultS-1-5-21-1844237615-1935655697-725345543-1003
    • CTF.LBES.MutexDefaultS-1-5-21-1844237615-1935655697-725345543-1003
    • MSCTF.Shared.MUTEX.MMG
    • CTF.Layouts.MutexDefaultS-1-5-21-1844237615-1935655697-725345543-1003
    • CTF.TMD.MutexDefaultS-1-5-21-1844237615-1935655697-725345543-1003
    • CTF.Compart.MutexDefaultS-1-5-21-1844237615-1935655697-725345543-1003
    • CTF.Asm.MutexDefaultS-1-5-21-1844237615-1935655697-725345543-1003

Process regiterwindow - Copy.exe (1772)

Process regiterwindow - Copy.exe (1772)

  • DLLs Loaded

    • C:\WINDOWS\system32\MSCTF.dll
    • uxtheme.dll
    • C:\WINDOWS\system32\uxtheme.dll

PE Compile Time

2015-03-03 04:45:04

PDB Path

D:\education tests\charlz example by me\regiterwindow\Debug\regiterwindow.pdb

PEiD Signatures

Microsoft Visual C++ V8.0 (Debug)

Sections

Name Virtual Address Virtual Size Size of Raw Data Entropy
.textbss 0x00001000 0x0002df95 0x00000000 0.0
.text 0x0002f000 0x000604bb 0x00060600 5.56743756541
.rdata 0x00090000 0x00014044 0x00014200 3.49566676964
.data 0x000a5000 0x00003e54 0x00001a00 2.80786134079
.idata 0x000a9000 0x00000ea4 0x00001000 4.32577112462
.rsrc 0x000aa000 0x0000043c 0x00000600 2.13982344257
.reloc 0x000ab000 0x000044ad 0x00004600 6.20084388136

Imports

Library WINMM.dll:
0x4a9264 PlaySoundW
Library KERNEL32.dll:
0x4a9030 GetProcAddress
0x4a9034 GetCurrentProcess
0x4a9038 ExitProcess
0x4a903c ReadProcessMemory
0x4a9040 GetModuleHandleW
0x4a9044 SetStdHandle
0x4a9048 SetFilePointerEx
0x4a904c GetConsoleMode
0x4a9050 GetConsoleCP
0x4a9054 FlushFileBuffers
0x4a9058 CloseHandle
0x4a905c GetStringTypeW
0x4a9060 RtlUnwind
0x4a9064 EnumSystemLocalesW
0x4a9068 GetUserDefaultLCID
0x4a906c IsValidLocale
0x4a9070 GetLocaleInfoW
0x4a9074 LCMapStringW
0x4a9078 CompareStringW
0x4a907c GetTimeFormatW
0x4a9080 GetDateFormatW
0x4a9084 HeapAlloc
0x4a9088 VirtualQuery
0x4a908c GetTickCount
0x4a9090 EncodePointer
0x4a9094 DecodePointer
0x4a9098 GetLastError
0x4a909c GetModuleHandleExW
0x4a90a0 AreFileApisANSI
0x4a90a4 MultiByteToWideChar
0x4a90a8 WideCharToMultiByte
0x4a90ac GetCommandLineA
0x4a90b0 IsDebuggerPresent
0x4a90c4 FatalAppExitA
0x4a90d0 SetLastError
0x4a90d8 CreateEventW
0x4a90dc Sleep
0x4a90e0 TerminateProcess
0x4a90e4 TlsAlloc
0x4a90e8 TlsGetValue
0x4a90ec TlsSetValue
0x4a90f0 TlsFree
0x4a90f4 GetStartupInfoW
0x4a90f8 CreateFileW
0x4a90fc CreateSemaphoreW
0x4a9100 GetStdHandle
0x4a9104 WriteFile
0x4a9108 GetModuleFileNameW
0x4a910c HeapValidate
0x4a9110 GetSystemInfo
0x4a9118 FreeLibrary
0x4a911c LoadLibraryExW
0x4a9120 IsValidCodePage
0x4a9124 GetACP
0x4a9128 GetOEMCP
0x4a912c GetCPInfo
0x4a9130 RaiseException
0x4a9134 GetCurrentThread
0x4a9138 GetCurrentThreadId
0x4a913c GetProcessHeap
0x4a9140 GetFileType
0x4a9144 GetModuleFileNameA
0x4a914c GetCurrentProcessId
0x4a915c OutputDebugStringW
0x4a9164 CreateThread
0x4a9168 OutputDebugStringA
0x4a916c WriteConsoleW
0x4a9170 HeapFree
0x4a9174 HeapReAlloc
0x4a9178 HeapSize
Library USER32.dll:
0x4a91ec LoadIconW
0x4a91f0 LoadCursorW
0x4a91f4 MessageBoxW
0x4a91f8 GetClientRect
0x4a91fc EndPaint
0x4a9200 BeginPaint
0x4a9204 UpdateWindow
0x4a9208 DrawTextW
0x4a920c ShowWindow
0x4a9210 CreateWindowExW
0x4a9214 RegisterClassW
0x4a9218 PostQuitMessage
0x4a921c DefWindowProcW
0x4a9220 DispatchMessageW
0x4a9224 TranslateMessage
0x4a9228 GetMessageW
Library GDI32.dll:
0x4a9000 GetStockObject

!This program cannot be run in DOS mode.
.textbss
`.rdata
@.data
.idata
@.rsrc
@.reloc
bBuffering
93~AW3
u#hh%I
PhH>I
Rh@8I
u&ht<I
u&ht<I
u&hd=I
u&ht<I
u&h(:I
u&h@@I
u&h@@I
t&hx1I
t#hLBI
jWhhBI
u&hDDI
u&hDDI
j>hHEI
j>hHEI
jVhHEI
jVhHEI
j\hHEI
j\hHEI
u\j[hlGI
PRSVWh
j h UI
j h UI
j*h UI
j*h UI
jh`WI
jh`WI
r#hpVI
j+h`WI
j>h`WI
j>h`WI
u#hpXI
u#h,YI
u&h`YI
u*h0ZI
u'h0ZI
u'h [I
~#hDmI
j8hxmI
~#hDmI
jDhxmI
u#hh%I
u#h`YI
jihxpI
jihxpI
jnhxpI
jnhxpI
jh`WI
jh`WI
r#hpVI
j+h`WI
j>h`WI
j>h`WI
u&hpuI
URPQQh
u&h`YI
u&h`YI
u&h`YI
u&h`YI
j h UI
j h UI
j*h UI
j*h UI
u#h`YI
trj@h0
thhZJ
u&h`YI
u#h`YI
u&h`YI
;t$,v-
UQPXY]Y[
u&h`YI
u&h`YI
u#h`YI
u&h`YI
u&h`YI
u#h`YI
u#hpXI
u#hpXI
jPh@yJ
CreateProcessA
CorExitProcess
f:\dd\vctools\crt\crtw32\startup\crt0dat.c
f:\dd\vctools\crt\crtw32\startup\mlock.c
FlsAlloc
FlsFree
FlsGetValue
FlsSetValue
InitializeCriticalSectionEx
CreateEventExW
CreateSemaphoreExW
SetThreadStackGuarantee
CreateThreadpoolTimer
SetThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CloseThreadpoolTimer
CreateThreadpoolWait
SetThreadpoolWait
CloseThreadpoolWait
FlushProcessWriteBuffers
FreeLibraryWhenCallbackReturns
GetCurrentProcessorNumber
GetLogicalProcessorInformation
CreateSymbolicLinkW
SetDefaultDllDirectories
EnumSystemLocalesEx
CompareStringEx
GetDateFormatEx
GetLocaleInfoEx
GetTimeFormatEx
GetUserDefaultLocaleName
IsValidLocaleName
LCMapStringEx
GetCurrentPackageId
GetTickCount64
GetFileInformationByHandleExW
SetFileInformationByHandleW
f:\dd\vctools\crt\crtw32\misc\dbgrpt.c
Normal
Ignore
Client
Client hook allocation failure at file %hs line %d.
Client hook allocation failure.
Invalid allocation size: %Iu bytes.
Error: memory allocation: bad memory block type.
Client hook re-allocation failure at file %hs line %d.
Client hook re-allocation failure.
Invalid allocation size: %Iu bytes.
Memory allocated at %hs(%d).
Error: memory allocation: bad memory block type.
Memory allocated at %hs(%d).
The Block at 0x%p was allocated by aligned routines, use _aligned_realloc()
Error: possible heap corruption at or near 0x%p
The Block at 0x%p was allocated by aligned routines, use _aligned_free()
Client hook free failure.
HEAP CORRUPTION DETECTED: before %hs block (#%d) at 0x%p.
CRT detected that the application wrote to memory before start of heap buffer.
Memory allocated at %hs(%d).
HEAP CORRUPTION DETECTED: before %hs block (#%d) at 0x%p.
CRT detected that the application wrote to memory before start of heap buffer.
HEAP CORRUPTION DETECTED: after %hs block (#%d) at 0x%p.
CRT detected that the application wrote to memory after end of heap buffer.
Memory allocated at %hs(%d).
HEAP CORRUPTION DETECTED: after %hs block (#%d) at 0x%p.
CRT detected that the application wrote to memory after end of heap buffer.
_heapchk fails with _HEAPBADBEGIN.
_heapchk fails with _HEAPBADNODE.
_heapchk fails with _HEAPBADEND.
_heapchk fails with _HEAPBADPTR.
_heapchk fails with unknown return value!
DAMAGED
HEAP CORRUPTION DETECTED: on top of Free block at 0x%p.
CRT detected that the application wrote to a heap buffer that was freed.
Memory allocated at %hs(%d).
HEAP CORRUPTION DETECTED: on top of Free block at 0x%p.
CRT detected that the application wrote to a heap buffer that was freed.
%hs located at 0x%p is %Iu bytes long.
Memory allocated at %hs(%d).
%hs located at 0x%p is %Iu bytes long.
Bad memory block found at 0x%p.
Memory allocated at %hs(%d).
Bad memory block found at 0x%p.
Data: <%s> %s
Dumping objects ->
#File Error#(%d) :
%hs(%d) :
{%ld}
client block at 0x%p, subtype %x, %Iu bytes long.
normal block at 0x%p, %Iu bytes long.
crt block at 0x%p, subtype %x, %Iu bytes long.
Object dump complete.
Detected memory leaks!
%Id bytes in %Id %hs Blocks.
Largest number used: %Id bytes.
Total allocations: %Id bytes.
The block at 0x%p was not allocated by _aligned routines, use realloc()
Damage before 0x%p which was allocated by aligned routine
The block at 0x%p was not allocated by _aligned routines, use free()
f:\dd\vctools\crt\crtw32\misc\onexit.c
f:\dd\vctools\crt\crtw32\misc\inithelp.c
f:\dd\vctools\crt\crtw32\misc\winsig.c
SystemFunction036
f:\dd\vctools\crt\crtw32\mbstring\mbctype.c
f:\dd\vctools\crt\crtw32\stdio\_sftbuf.c
Stack around the variable '
' was corrupted.
The variable '
' is being used without being initialized.
The value of ESP was not properly saved across a function call. This is usually a result of calling a function declared with one calling convention with a function pointer declared with a different calling convention.
A cast to a smaller data type has caused a loss of data. If this was intentional, you should mask the source of the cast with the appropriate bitmask. For example:
char c = (i & 0xFF);
Changing the code in this way will not affect the quality of the resulting optimized code.
Stack memory was corrupted
A local variable was used before it was initialized
Stack memory around _alloca was corrupted
Unknown Runtime Check Error
Unknown Filename
Unknown Module Name
Run-Time Check Failure #%d - %s
Stack corrupted near unknown variable
wsprintfA
Stack area around _alloca memory reserved by this function is corrupted
Data: <
Allocation number within this function:
Size:
Address: 0x
Stack area around _alloca memory reserved by this function is corrupted
%s%s%p%s%ld%s%d%s
%s%s%s%s
A variable is being used without being initialized.
Stack pointer corruption
Cast to smaller type causing loss of data
Stack memory corruption
Local variable used before initialization
Stack around _alloca corrupted
The value of ESP was not properly saved across a function call. This is usually a result of calling a function declared with one calling convention with a function pointer declared with a different calling convention.
f:\dd\vctools\crt\crtw32\misc\i386\chkesp.c
f:\dd\vctools\crt\crtw32\startup\tidtable.c
f:\dd\vctools\crt\crtw32\lowio\ioinit.c
f:\dd\vctools\crt\crtw32\startup\stdargv.c
f:\dd\vctools\crt\crtw32\startup\stdenvp.c
f:\dd\vctools\crt\crtw32\misc\a_env.c
MessageBoxW
GetActiveWindow
GetLastActivePopup
GetUserObjectInformationW
GetProcessWindowStation
Second Chance Assertion Failed: File
<file unknown>
, Line
_CrtDbgReport: String too long or IO Error
Assertion failed:
Assertion failed!
%s(%d) : %s
_CrtDbgReport: String too long or Invalid characters in String
<program name unknown>
Sunday
Monday
Tuesday
Wednesday
Thursday
Friday
Saturday
January
February
August
September
October
November
December
MM/dd/yy
dddd, MMMM dd, yyyy
HH:mm:ss
f:\dd\vctools\crt\crtw32\stdio\_file.c
RegOpenKeyExW
RegQueryValueExW
RegCloseKey
PDBOpenValidate5
f:\dd\vctools\crt\crtw32\stdio\output.c
f:\dd\vctools\crt\crtw32\misc\initmon.c
f:\dd\vctools\crt\crtw32\misc\initnum.c
f:\dd\vctools\crt\crtw32\misc\inittime.c
 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
f:\dd\vctools\crt\crtw32\misc\wsetloca.c
(null)
`h````
xpxxxx
 !"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~
bad exception
f:\dd\vctools\crt\crtw32\stdio\_getbuf.c
`h`hhh
xppwpp
f:\dd\vctools\crt\crtw32\misc\initctyp.c
Unknown exception
f:\dd\vctools\crt\crtw32\lowio\osfinfo.c
f:\dd\vctools\crt\crtw32\convert\wcstoq.c
__based(
__cdecl
__pascal
__stdcall
__thiscall
__fastcall
__vectorcall
__clrcall
__eabi
__ptr64
__restrict
__unaligned
restrict(
delete
operator
`vftable'
`vbtable'
`vcall'
`typeof'
`local static guard'
`string'
`vbase destructor'
`vector deleting destructor'
`default constructor closure'
`scalar deleting destructor'
`vector constructor iterator'
`vector destructor iterator'
`vector vbase constructor iterator'
`virtual displacement map'
`eh vector constructor iterator'
`eh vector destructor iterator'
`eh vector vbase constructor iterator'
`copy constructor closure'
`udt returning'
`local vftable'
`local vftable constructor closure'
new[]
delete[]
`omni callsig'
`placement delete closure'
`placement delete[] closure'
`managed vector constructor iterator'
`managed vector destructor iterator'
`eh vector copy constructor iterator'
`eh vector vbase copy constructor iterator'
`dynamic initializer for '
`dynamic atexit destructor for '
`vector copy constructor iterator'
`vector vbase copy constructor iterator'
`managed vector copy constructor iterator'
`local static thread guard'
Type Descriptor'
Base Class Descriptor at (
Base Class Array'
Class Hierarchy Descriptor'
Complete Object Locator'
template-parameter-
generic-type-
`anonymous namespace'
`non-type-template-parameter
`template-parameter
`vtordispex{
`vtordisp{
`adjustor{
`local static destructor helper'
`template static data member constructor helper'
`template static data member destructor helper'
static
virtual
private:
protected:
public:
[thunk]:
extern "C"
short
unsigned
volatile
std::nullptr_t
<ellipsis>
,<ellipsis>
throw(
double
__int8
__int16
__int32
__int64
__int128
<unknown>
wchar_t
__w64
UNKNOWN
signed
volatile
`unknown ecsu'
union
struct
class
coclass
cointerface
volatile
const
cli::array<
cli::pin_ptr<
{flat}
1#SNAN
1#QNAN
D:\education tests\charlz example by me\regiterwindow\Debug\regiterwindow.pdb
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
.?AVbad_exception@std@@
.?AVexception@std@@
.?AVtype_info@@
.?AVbad_cast@std@@
.?AVbad_typeid@std@@
.?AV__non_rtti_object@std@@
.?AVDNameNode@@
.?AVcharNode@@
.?AVpcharNode@@
.?AVpDNameNode@@
.?AVDNameStatusNode@@
.?AVpairNode@@
PlaySoundW
WINMM.dll
GetProcAddress
GetCurrentProcess
ExitProcess
ReadProcessMemory
GetModuleHandleW
KERNEL32.dll
GetMessageW
TranslateMessage
DispatchMessageW
DefWindowProcW
PostQuitMessage
RegisterClassW
CreateWindowExW
ShowWindow
DrawTextW
UpdateWindow
BeginPaint
EndPaint
GetClientRect
MessageBoxW
LoadCursorW
LoadIconW
USER32.dll
GetStockObject
GDI32.dll
EncodePointer
DecodePointer
GetLastError
GetModuleHandleExW
AreFileApisANSI
MultiByteToWideChar
WideCharToMultiByte
GetCommandLineA
IsDebuggerPresent
IsProcessorFeaturePresent
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
FatalAppExitA
UnhandledExceptionFilter
SetUnhandledExceptionFilter
SetLastError
InitializeCriticalSectionAndSpinCount
CreateEventW
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetStartupInfoW
GetTickCount
CreateSemaphoreW
GetStdHandle
WriteFile
GetModuleFileNameW
HeapValidate
GetSystemInfo
SetConsoleCtrlHandler
FreeLibrary
LoadLibraryExW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
RaiseException
GetCurrentThread
GetCurrentThreadId
GetProcessHeap
GetFileType
GetModuleFileNameA
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetEnvironmentStringsW
FreeEnvironmentStringsW
OutputDebugStringW
WaitForSingleObjectEx
CreateThread
OutputDebugStringA
WriteConsoleW
HeapFree
HeapReAlloc
HeapSize
HeapQueryInformation
HeapAlloc
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
RtlUnwind
GetStringTypeW
VirtualQuery
FlushFileBuffers
GetConsoleCP
GetConsoleMode
SetFilePointerEx
SetStdHandle
CloseHandle
CreateFileW
<?xml version='1.0' encoding='UTF-8' standalone='yes'?>
<assembly xmlns='urn:schemas-microsoft-com:asm.v1' manifestVersion='1.0'>
<trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">
<security>
<requestedPrivileges>
<requestedExecutionLevel level='asInvoker' uiAccess='false' />
</requestedPrivileges>
</security>
</trustInfo>
</assembly>
a;h;n;|;
=1=D=c=t=
?#?[?`?h?
0@0L0X0
1$1*10161<1B1H1N1T1Z1`1f1l1r1x1
11262B2o2t2y2
4!4N4S4X4
4(575N5
5[6c6l6v6
7+757j7y7
8'8:8Q8Z8j8n8x8
;=;B;N;{;
<*<W<\<a<y<
3S4X4b4
:2:9:M:i:
;+;C;k;x;
>$>n>t>
>*?^?d?
0$0n0t0
1M1S1k1
2,3n3t3
4U4[4c4m4s4
5!5/545>5D5R5W5a5g5u5z5
6$6)63696G6L6V6\6j6o6y6
7(7.7<7A7K7Q7_7d7n7t7
8#81868@8F8T8Y8c8i8w8|8
:$:F:n:t:
;9;Y;y;
0%0@0E0
192>2J2l2q2v2
6"6Y6^6g6
6P7i7n7z7
8&8a8j8s8
9O:_:d:i:n:
<)<5<P<`<l<
<C=I=}=
000A061;1M1y1~1
:$;(;,;0;V<[<m<
1-1c1h1t1
4?4D4I4
5;5@5E5
597>7J7w7|7
9%9F9K9]9
9f:k:}:
;7;N;d;j;w;
<,>1>=>j>o>t>
4090E0r0w0|0/1W2t2
3B3G3L3
9J9O9[9
9f:k:}:
;';,;8;N;Z;c;};
;%<*<6<
=O=U=t=
>H>M>Y>z>
?&?+?7?R?o?y?~?
2A2I2R2b2g2s2
4#5,5E5d5
7Z7_7k7
8<8A8M8
=-?6???O?T?`?v?
1(1e1j1v1
3"3G3c3
4%4@4]4g4l4x4
9 9&9f9k9}9
<&<+<=<T<[<
=?>F>S>X>
090>0C0
3&3+3=3x3
3f4k4}4
6\7`7d7h7l7p7
8g9q9w9
:":5:::B:I:\:a:
<4<8<<<@<D<`<d<w=
=,>2>A>O>U>
?&?B?]?b?g?u?
2+2y253H3
364E4q4
;9;U;n;w;
1?3a4f4r4
9'9-93989C9f9l9{9
>B>p>*?4?r?
U0Z0v0
1#1+131?1H1M1S1]1g1y1
1*20262<2B2H2O2V2]2d2k2r2y2
2:3@3F3L3R3X3_3f3m3t3{3
5#5N5X5t5
5d673797O9`9
;q;z;U<c<w<
<"=C=s=
>_?l?r?
%0-0<0e0m0r0{0
5D7Q7i7
8>8I8Q8V8d8l8y8
?,?1?6?j?y?
090E0L0v0{0
1!1.161E1Z1f1v1
4?6D6M6w6|6
7"7+7U7Z7_7
82878@8j8o8t8
8'9P9U9^9
9O;T;];
;-<2<;<e<j<o<
=.=W=\=e=
1G2O2|2
565;5@5J5Q5V5[5e5l5q5v5
586B6`6y6
7+767=7U7\7
:::?:D:
<,=1===j=o=t=
$0_0d0p0
2T2Y2b2
263;3T3
4;4@4E4m4s4
4:5?5D5z5
6L6]6b6g6l6
757:7?7u7z7
7'8,818Y8^8c8h8
9*:9:f:m:w:
?"?/?4?:?G?L?R?
0F0R0^0c0h0
01$1)1.1
292>2C2}2
595>5C5
6'6s6x6}6
f0k0}0
2U3a3s5
8 8$8(8,8084888
9 9'9,90949U9
:$:(:,:0:L=S=b=
=&>7>d>
?2?7?<?x?
I0P061;1M1
2A2F2K2r2
4#4K4^5
7)7Q7t7
8I8h8t8
8(9-929h9m9r9w9
=%>*>/>f>k>t>
1h2m2v2
3]4b4k4
5H5q5v5
;-<_<d<i<
=-=W=]=}=
=>N>T>
?>?D?d?
&0/0;0D0R0[0i0o0x0
0+1<1K1t1
1%2F2V2u2
2)3.373a3f3k3
44494>4`4F6K6]6
8+8Z8*959N9b9h9n9
;%;7;T;j;
;,<8<D<P<\<h<t<
>&?/?<?F?N?S?Z?
6'7,717t7|7
8&9+909p9w9
=!=n=v=
j0o0{0
3K3P3U3
5;5@5E5|5
7U8Z8f8
<]=b=n=
= >%>*>
1!1N1S1X1
2*313J4
5D5I5N5
79&9~:
> >,>\>a>f>o?
!0(0e0l0
8P8T8X8\8`8d8h8l8p8t8x8|8
0$0-0W0\0a0
11161;1
2A2F2K2
2!3&3/3Y3^3c3
35$505]5b5g5
7%7R7W7\7t8y8
<T<Y<b<
<;=@=I=s=x=}=
>(?-?2?
1%1O1T1Y1(2P2M3
7<8A8M8z8
;W;\;e;
3$4)454b4g4l46$606]6b6g6
8*8W8\8a8
<!=&=+=d=i=r=
=P>U>^>
0F0K0P0
3L3Q3Z3
3g5l5x5
6C6H6M6
8#8P8U8Z8
;U;Z;f;
<`<e<q<
>5>T>s>
?-?L?k?
;:;?;K;
f2k2}2
2$343t3
3k4p4u4
6M6R6W6
; ;%;*;
<=@=E=J=
>m>r>w>
f0k0}0
5&6+6=6
>&?@?i?
:M;R;^;
=E=J=O=
$0)0.0
1`1e1q1
2J2O2T2
4L4Q4V4!5(5{6
9c:!;&;2;b;g;l;t<'=.=j=q=
5P5T5X5\5`5d5h5l5p5t5x5|5
0(2X2|2
2V3[3m3
65;5M5
7#7,7V7[7`7
7,8I8S8
:<:A:F:l:
;f;k;t;^<
=#=(=N=
0M3U3M4U4a5h5
7X7]7i7
9P:s:x:
;";W;\;a;
= =)=[=e=
>!>*>7>
3V4[4g4
5+6I7N7Z7
768;8G8w8|8
<"<.<^<c<h<
>,?1?=?m?r?w?
1;2@2L2|2
3B5G5S5
6:7l8q8}8
;<$<)<
='=W=\=a=
>=>B>G>4?9?E?u?z?
_0d0p0
2M2R2W2
20373t3{3
3R5W5c5
8-92979$:):5:e:j:o:\;a;m;
>?$?)?
0'0W0\0a01161B1r1w1|1i2n2z2
2R8W8c8
8K9c:h:t:
; ;$;(;,;0;4;8;<;@;X;\;`;d;h;
< <$<(<
=$=T=Y=^=
>D?I?U?
1C3J3y4y5
6!7&7+748
8*919q9x9
081<1@1D1H1L1P1T1X1\1`1d1h1l1
2u9~9w:
::;?;H;r;w;|;
0!1&1+1e2j2s2P3
6$7)7.7
8`8e8q8
9J9O9T9
45&5e5l5
<(=,=0=4=8=<=@=D=H=L=P=T=X=\=t=x=|=
:6M7R7^7
;F;d<i<u<
<Q=V=b=
1 1%172<2H2x2}2
3(4-424D5I5U5
7f8k8w8
:';,;1;
<!<-<]<b<g<T=Y=e=
5?5D5I5
5%6*6/6
7 7,7\7a7f7D8I8U8
:2:7:<:r:w:
;0=5=A=q=v={=f>k>w>
2?2D2I24393E3u3z3
3R4W4c4
7+80858
9F9K9P9;:@:L:|:
%0*060f0k0p0
1Z2_2k2
3 3$3(3,3034383P3T3X3\3`3
5t7x7|7
8!8&8V9[9`9 :%:*:
<Z=_=h=
111W1u1|1
3 3$3(3,30343~3
3,7L7x9
1J1O1X1
1V2[2m2
525Z5`5i5~5
6#7/7V7b7n7
7%8H8M8Y8
859:9?9b9
;.;H;d;
???D?I?
565;5M5
;A;F;K;
5>5C5H5
5E7J7S7}7
:W:\:e:
<%=*=3=]=b=g=v?{?
4S4X4a4
5f6k6}6Z7_7
8'8\8a8f8
9=9s9x9
;5<><F<M<s<y<~<
0#1(1-1
1A7P7j7
;!;);3;C;L;T;];c;
;3G3\3k3t3
404G4]4
5*505?5
8^:8;^;k;g>
6&787c7s7
9;9m9u9
<*=7=C=L=k=
>#>,>c>j>o>
?-?4?E?W?i?{?
,0F0O0`0o0~0
1P1W1`1
1.2C2Z2
3W5h5w5
7O9X9f9
:B;c;|;
2)2:2B2O2e2
323<3\3
34,4:4F4N4
6+6B6U6^6
7*7I7s7{7
7%929@9M9\9e9j9r9x9
98:C:K:e:l:r:{:
:P;T;X;\;`;d;h;l;o<
=%=,=5=t=x=|=
>Y>o>u>~>
><?T?e?n?
2"2.2:2I2R2
2W3d3q3y3
;#;+;3;>;F;
>>:>E>i>t>
0#0+0N0
2!2e2q2z2
3)323Q3
4p4t4x4|4
7898@8_8
8#9,929L9S9X9`9}9
9 :(:/:W:`:w:
:0;4;8;<;@;D;H;L;P;
='>8>F>S>
'080J0S0Y0h0q0
1F2W2j2u2
3)303=3R3a3j3
4D4U4s4
=#=.=6=T=]=
>G?^?t?
0%080A0H0W0`0j0x0
0'1F1S1v1
1"252*343?3H3l3s3
6;7D7t7x7|7
?!?'?A?H?
0&0/050C0P0Y0b0
2"3k5y5
5L6P6T6X6\6
9#:P:^:g:
;';D;U;
=/=T=`=i=u=~=
?$?C?V?
7&8+8=8
1 1.121
1<2C2P2U2
94=T=w=
6a7f7o7
788Q9X9
0<1@1D1S6X6d6
6(7-727
0*1/1;1h1m1r1
2$3)3.333(4w5
6S6X6d6
8/949@9m9r9w9
<@<E<J<
>7?<?H?u?z?
H5M5R5
63686=6
6E<[<U=k=
a0f0o0
0:1T2[2
:P:T:X:G>
(1-161`1e1j1
1G2L2U2
>_?d?i?n?
0!0W0\0a0f0
667<7B7H7N7T7Z7`7f7l7r7x7~7
8 8&8,82888>8D8J8P8V8\8b8h8n8t8z8
3*4A4I4`4
3 4,70788
\4d4l4t4|4
d6h6l6p6
1 1(10181@1H1P1X1`1h1p1x1
2 2(20282@2H2P2X2`2h2p2x2
3 3(30383@3H3P3X3`3h3p3x3
4 4(40484@4H4P4X4`4h4p4x4
5 5(50585@5H5P5X5`5h5p5x5
6 6(60686@6H6P6X6`6h6p6x6
7 7(70787@7H7P7X7`7h7p7x7
8$8,848<8D8L8T8\8d8l8t8|8
9$9,949<9D9L9T9\9d9l9t9|9
:$:,:4:<:D:L:T:\:d:l:t:|:
;$;,;4;<;D;L;T;\;d;l;t;|;
<$<,<4<<<D<L<T<\<d<l<t<|<
=$=,=4=<=D=L=T=\=d=l=t=|=
>$>,>4><>D>L>T>\>d>l>t>|>
?$?,?4?<?
(0004080<0@0D0H0L0P0T0X0\0`0d0h0l0
`1d1h1l1
5(545@5L5X5d5p5|5
6$606<6H6T6`6l6x6
7 7,787D7P7\7h7t7
2 2,282D2P2\2h2t2
6 6$6(6,6064686<6@6D6H6L6P6T6X6\6`6d6h6l6p6t6x6|6
7 7$7(7,7074787<7@7D7H7L7P7T7X7\7`7d7h7l7p7t7x7|7
\2`2d2h2p2t2x2|2
L0\7`7t7|7
8 888P8T8h8l8
9 9$989@9D9H9P9h9
:4:8:L:T:X:`:x:
;0;H;L;`;h;l;t;
3(3H3h3
4(4H4h4
5(5D5H5d5h5
6 6T6X6t6x6
7$7H7T7x7
788D8h8t8
9(90949T9X9t9x9
:(:<:H:\:
; ;@;`;
=P=p=|=
D3`3d3h3l3p3t3x3|3
7$:`:p:t:x:|:
;$;(;,;0;4;8;<;@;D;H;L;P;T;X;\;`;d;h;l;p;t;x;|;
<D<T<d<t<
0 0$0(0,0004080<0@0D0P0T0X0\0`0d0h0l0
646T6x6
win 32 guided tour
call to register class faild
window caption
Win32 Guided Tour
Call to CreateWindow failed!
hellowin.wav
Hello, World!
KERNEL32.dll
mscoree.dll
pValue != NULL
f:\dd\vctools\crt\crtw32\startup\crt0dat.c
_get_wpgmptr
_wpgmptr != NULL
_get_pgmptr
_pgmptr != NULL
path != NULL
__copy_path_to_wide_string
outPath != NULL
inString != NULL
__copy_to_char
outString != NULL
kernel32.dll
- floating point support not loaded
- not enough space for arguments
- not enough space for environment
- abort() has been called
- not enough space for thread data
- unexpected multithread lock error
- unexpected heap error
- unable to open console device
- not enough space for _onexit/atexit table
- pure virtual function call
- not enough space for stdio initialization
- not enough space for lowio initialization
- unable to initialize heap
- CRT not initialized
- Attempt to initialize the CRT more than once.
This indicates a bug in your application.
- not enough space for locale information
- Attempt to use MSIL code from this assembly during native code initialization
This indicates a bug in your application. It is most likely the result of calling an MSIL-compiled (/clr) function from a native constructor or from DllMain.
- inconsistent onexit begin-end variables
DOMAIN error
SING error
TLOSS error
runtime error
f:\dd\vctools\crt\crtw32\startup\crt0msg.c
_NMSG_WRITE
wcscpy_s(outmsg, (sizeof(outmsg) / sizeof(outmsg[0])), L"Runtime Error!\n\nProgram: ")
Runtime Error!
Program:
wcscpy_s(progname, progname_size, L"<program name unknown>")
<program name unknown>
wcsncpy_s(pch, progname_size - (pch - progname), L"...", 3)
wcscat_s(outmsg, (sizeof(outmsg) / sizeof(outmsg[0])), L"\n\n")
wcscat_s(outmsg, (sizeof(outmsg) / sizeof(outmsg[0])), error_text)
Microsoft Visual C++ Runtime Library
f:\dd\vctools\crt\crtw32\dos\dosmap.c
_get_errno
_get_doserrno
Warning
Assertion Failed
mode == _CRT_RPTHOOK_INSTALL || mode == _CRT_RPTHOOK_REMOVE
f:\dd\vctools\crt\crtw32\misc\dbgrpt.c
_CrtSetReportHookW2
pfnNewHook != NULL
("The hook function is not in the list!",0)
__crtMessageWindowW
wcscpy_s(szExeName, 260, L"<program name unknown>")
memcpy_s(szShortProgName, sizeof(TCHAR) * (260 - (szShortProgName - szExeName)), dotdotdot, sizeof(TCHAR) * 3)
For information on how your program can cause an assertion
failure, see the Visual C++ documentation on asserts.
Expression:
Line:
File:
Module:
Debug %s!
Program: %s%s%s%s%s%s%s%s%s%s%s%s
(Press Retry to debug the application)
(*_errno())
wcscpy_s(szOutMessage, 4096, L"_CrtDbgReport: String too long or IO Error")
_CrtDbgReport: String too long or IO Error
_CrtCheckMemory()
f:\dd\vctools\crt\crtw32\misc\dbgheap.c
_CrtIsValidHeapPointer(pUserData)
pOldBlock->nLine == IGNORE_LINE && pOldBlock->lRequest == IGNORE_REQ
fRealloc || (!fRealloc && pNewBlock == pOldBlock)
_pLastBlock == pOldBlock
_pFirstBlock == pOldBlock
pUserData != NULL
_expand_dbg
_BLOCK_TYPE_IS_VALID(pHead->nBlockUse)
pHead->nLine == IGNORE_LINE && pHead->lRequest == IGNORE_REQ
pHead->nBlockUse == nBlockUse
_pLastBlock == pHead
_pFirstBlock == pHead
_msize_dbg
(fNewBits==_CRTDBG_REPORT_FLAG) || ((fNewBits & 0x0ffff & ~(_CRTDBG_ALLOC_MEM_DF | _CRTDBG_DELAY_FREE_MEM_DF | _CRTDBG_CHECK_ALWAYS_DF | _CRTDBG_CHECK_CRT_DF | _CRTDBG_LEAK_CHECK_DF) ) == 0)
_CrtSetDbgFlag
pfn != NULL
_CrtDoForAllClientObjects
state != NULL
_CrtMemCheckpoint
_CrtMemDifference
oldState != NULL
newState != NULL
_printMemBlockData
_CrtMemDumpStatistics
IS_2_POW_N(align)
_aligned_offset_malloc_dbg
offset == 0 || offset < size
_aligned_offset_realloc_dbg
memblock != NULL
_aligned_msize_dbg
pnh == 0
f:\dd\vctools\crt\crtw32\heap\handler.cpp
f:\dd\vctools\crt\crtw32\misc\inithelp.c
__getlocaleinfo
strncpy_s(*straddress, outsize, pcbuffer, outsize - 1)
("Invalid signal or error", 0)
f:\dd\vctools\crt\crtw32\misc\winsig.c
signal
_RandomValue != NULL
f:\dd\vctools\crt\crtw32\misc\rand_s.c
rand_s
ADVAPI32.DLL
("rand_s is not available on this platform", 0)
str != NULL
f:\dd\vctools\crt\crtw32\stdio\_sftbuf.c
flag == 0 || flag == 1
Runtime Check Error.
Unable to display RTC Message.
Run-Time Check Failure #%d - %s
user32.dll
_crtheap
f:\dd\vctools\crt\crtw32\heap\heapinit.c
f:\dd\vctools\crt\crtw32\startup\stdenvp.c
_setenvp
strcpy_s(*env, cchars, p)
("Invalid error_mode", 0)
f:\dd\vctools\crt\crtw32\misc\errmode.c
_set_error_mode
((_Dst)) != NULL && ((_SizeInWords)) > 0
f:\dd\vctools\crt\crtw32\h\tcscat_s.inl
wcscat_s
(((_Src))) != NULL
String is not null terminated
(L"String is not null terminated" && 0)
Buffer is too small
(L"Buffer is too small" && 0)
f:\dd\vctools\crt\crtw32\h\tcscpy_s.inl
wcscpy_s
f:\dd\vctools\crt\crtw32\h\tcsncpy_s.inl
wcsncpy_s
USER32.DLL
dst != NULL
f:\dd\vctools\crt\crtw32\string\memcpy_s.c
memcpy_s
src != NULL
sizeInBytes >= count
(format != NULL)
f:\dd\vctools\crt\crtw32\stdio\swprintf.c
_swprintf
(string != NULL)
nRptType >= 0 && nRptType < _CRT_ERRCNT
f:\dd\vctools\crt\crtw32\misc\dbgrptt.c
_CrtSetReportMode
fMode == _CRTDBG_REPORT_MODE || (fMode & ~(_CRTDBG_MODE_FILE | _CRTDBG_MODE_DEBUG | _CRTDBG_MODE_WNDW)) == 0
_CrtSetReportFile
_VCrtDbgReportA
_itoa_s(nLine, szLineMessage, 4096, 10)
strcpy_s(szUserMessage, 4096, "_CrtDbgReport: String too long or IO Error")
strcpy_s(szLineMessage, 4096, szFormat ? "Assertion failed: " : "Assertion failed!")
strcat_s(szLineMessage, 4096, szUserMessage)
strcat_s(szLineMessage, 4096, "\r")
strcat_s(szLineMessage, 4096, "\n")
strcpy_s(szOutMessage, 4096, "_CrtDbgReport: String too long or IO Error")
strcpy_s(szOutMessage, 4096, szLineMessage)
e = mbstowcs_s(&ret, szOutMessage2, 4096, szOutMessage, ((size_t)-1))
wcscpy_s(szOutMessage2, 4096, L"_CrtDbgReport: String too long or Invalid characters in String")
_CrtDbgReport: String too long or Invalid characters in String
_VCrtDbgReportW
_itow_s(nLine, szLineMessage, 4096, 10)
Second Chance Assertion Failed: File
<file unknown>
, Line
wcscpy_s(szUserMessage, 4096, L"_CrtDbgReport: String too long or IO Error")
wcscpy_s(szLineMessage, 4096, szFormat ? L"Assertion failed: " : L"Assertion failed!")
Assertion failed:
Assertion failed!
wcscat_s(szLineMessage, 4096, szUserMessage)
wcscat_s(szLineMessage, 4096, L"\r")
wcscat_s(szLineMessage, 4096, L"\n")
%s(%d) : %s
wcscpy_s(szOutMessage, 4096, szLineMessage)
wcstombs_s(((void *)0), szOutMessage2, 4096, szOutMessage, ((size_t)-1))
strcpy_s(szOutMessage2, 4096, "_CrtDbgReport: String too long or Invalid characters in String")
wcstombs_s(&ret, szaOutMessage, 4096, szOutMessage, ((size_t)-1))
((ptloci->lc_category[category].locale != NULL) && (ptloci->lc_category[category].refcount != NULL)) || ((ptloci->lc_category[category].locale == NULL) && (ptloci->lc_category[category].refcount == NULL))
f:\dd\vctools\crt\crtw32\misc\localref.c
c >= -1 && c <= 255
f:\dd\vctools\crt\crtw32\convert\isctype.c
pBlock != NULL
f:\dd\vctools\crt\crtw32\heap\expand.c
_expand_base
_CrtSetReportHook2
__crtMessageWindowA
strcpy_s(szExeName, 260, "<program name unknown>")
Debug %s!
Program: %hs%s%s%hs%s%hs%s%hs%s%s%hs%s
(Press Retry to debug the application)
f:\dd\vctools\crt\crtw32\stdio\sprintf.c
sprintf
Sunday
Monday
Tuesday
Wednesday
Thursday
Friday
Saturday
January
February
August
September
October
November
December
MM/dd/yy
dddd, MMMM dd, yyyy
HH:mm:ss
((_Dst)) != NULL && ((_SizeInBytes)) > 0
strncpy_s
("Corrupted pointer passed to _freea", 0)
f:\dd\vctools\crt\crtw32\h\malloc.h
az-AZ-Latn
uz-UZ-Latn
kok-IN
syr-SY
div-MV
quz-BO
sr-SP-Latn
az-AZ-Cyrl
uz-UZ-Cyrl
quz-EC
sr-SP-Cyrl
quz-PE
smj-NO
bs-BA-Latn
smj-SE
sr-BA-Latn
sma-NO
sr-BA-Cyrl
sma-SE
sms-FI
smn-FI
zh-CHT
az-az-cyrl
az-az-latn
bs-ba-latn
div-mv
kok-in
quz-bo
quz-ec
quz-pe
sma-no
sma-se
smj-no
smj-se
smn-fi
sms-fi
sr-ba-cyrl
sr-ba-latn
sr-sp-cyrl
sr-sp-latn
syr-sy
uz-uz-cyrl
uz-uz-latn
zh-chs
zh-cht
zh-CHS
f:\dd\vctools\crt\crtw32\misc\winapinls.c
__crtDownlevelLCIDToLocaleName
wcscpy_s(outLocaleName, cchLocaleName, buffer)
(stream != NULL)
f:\dd\vctools\crt\crtw32\stdio\fileno.c
_fileno
(fh >= 0 && (unsigned)fh < (unsigned)_nhandle)
f:\dd\vctools\crt\crtw32\lowio\isatty.c
_isatty
bin\MSPDB120.DLL
MSVCR120D.dll
SOFTWARE\Microsoft\VisualStudio\12.0\Setup\VC
ProductDir
MSPDB120
MSPDB120
strcpy_s
f:\dd\vctools\crt\crtw32\stdio\_flsbuf.c
("inconsistent IOB fields", stream->_ptr - stream->_base >= 0)
f:\dd\vctools\crt\crtw32\stdio\vswprint.c
_vswprintf_l
_vscwprintf_helper
_vswprintf_helper
(count == 0) || (string != NULL)
format != NULL
_vswprintf_s_l
string != NULL && sizeInWords > 0
("Buffer too small", 0)
_vsnwprintf_s_l
f:\dd\vctools\crt\crtw32\stdio\output.c
_woutput_l
("'n' format specifier disabled", 0)
strcat_s
buf != NULL
f:\dd\vctools\crt\crtw32\convert\xtoa.c
xtoa_s
sizeInTChars > 0
sizeInTChars > (size_t)(is_neg ? 2 : 1)
2 <= radix && radix <= 36
length < sizeInTChars
x64toa_s
s != NULL
f:\dd\vctools\crt\crtw32\convert\mbstowcs.c
_mbstowcs_l_helper
(pwcs == NULL && sizeInWords == 0) || (pwcs != NULL && sizeInWords > 0)
_mbstowcs_s_l
bufferSize <= INT_MAX
retsize <= sizeInWords
pwcs != NULL
f:\dd\vctools\crt\crtw32\convert\wcstombs.c
_wcstombs_l_helper
(dst != NULL && sizeInBytes > 0) || (dst == NULL && sizeInBytes == 0)
_wcstombs_s_l
sizeInBytes > retsize
xtow_s
x64tow_s
f:\dd\vctools\crt\crtw32\stdio\vsprintf.c
_vsnprintf_helper
_vsprintf_s_l
string != NULL && sizeInBytes > 0
_vsnprintf_s_l
ploci->lconv_mon_refcount > 0
f:\dd\vctools\crt\crtw32\misc\initmon.c
ploci->lconv_num_refcount > 0
f:\dd\vctools\crt\crtw32\misc\initnum.c
ploci->lc_time_curr->refcount > 0
f:\dd\vctools\crt\crtw32\misc\inittime.c
LC_ALL
LC_COLLATE
LC_CTYPE
LC_MONETARY
LC_NUMERIC
LC_TIME
("Invalid parameter for _configthreadlocale",0)
f:\dd\vctools\crt\crtw32\misc\wsetloca.c
_configthreadlocale
LC_MIN <= _category && _category <= LC_MAX
_wsetlocale
_wsetlocale_nolock
wcsncpy_s(lctemp, (sizeof(lctemp) / sizeof(lctemp[0])), s, len)
_wsetlocale_set_cat
wcscpy_s(pch_cat_locale, cch, lctemp)
_wsetlocale_get_all
wcscat_s(pch, cch, L";")
_expandlocale
wcsncpy_s(localeNameOutput, localeNameSizeInChars,_psetloc_data->_cacheLocaleName, (sizeof(_psetloc_data->_cacheLocaleName) / sizeof(_psetloc_data->_cacheLocaleName[0])))
wcscpy_s(output, sizeInChars, L"C")
wcsncpy_s(localeNameOutput, localeNameSizeInChars, names.szLocaleName, wcslen(names.szLocaleName) + 1)
wcsncpy_s(cacheout, cacheoutLen, expr, charactersInExpression + 1)
wcsncpy_s(localeNameOutput, localeNameSizeInChars, expr, charactersInExpression + 1)
wcsncpy_s(_psetloc_data->_cacheLocaleName, (sizeof(_psetloc_data->_cacheLocaleName) / sizeof(_psetloc_data->_cacheLocaleName[0])), expr, charactersInExpression + 1)
wcsncpy_s(_psetloc_data->_cacheLocaleName, (sizeof(_psetloc_data->_cacheLocaleName) / sizeof(_psetloc_data->_cacheLocaleName[0])), localeNameOutput, wcslen(localeNameOutput) + 1)
wcsncpy_s(cachein, cacheinLen, expr, charactersInExpression + 1)
wcscpy_s(output, sizeInChars, cacheout)
_wcscats
wcscat_s(outstr, numberOfElements, ( *(wchar_t * *)((substr += ( (sizeof(wchar_t *) + sizeof(int) - 1) & ~(sizeof(int) - 1) )) - ( (sizeof(wchar_t *) + sizeof(int) - 1) & ~(sizeof(int) - 1) )) ))
__lc_wcstolc
wcsncpy_s(names->szCodePage, (sizeof(names->szCodePage) / sizeof(names->szCodePage[0])), &wlocale[1], 16-1)
wcsncpy_s(names->szLanguage, (sizeof(names->szLanguage) / sizeof(names->szLanguage[0])), wlocale, len)
wcsncpy_s(names->szCountry, (sizeof(names->szCountry) / sizeof(names->szCountry[0])), wlocale, len)
wcsncpy_s(names->szCodePage, (sizeof(names->szCodePage) / sizeof(names->szCodePage[0])), wlocale, len)
__lc_lctowcs
wcscpy_s(locale, numberOfElements, names->szLanguage)
__copy_locale_name
wcsncpy_s(localeNameCopy, cch+1, localeName, cch+1)
_vsprintf_l
_vscprintf_helper
(null)
_output_l
( (_Stream->_flag & _IOSTRG) || ( fn = _fileno(_Stream), ( (_textmode_safe(fn) == __IOINFO_TM_ANSI) && !_tm_unicode_safe(fn))))
(ch != _T('\0'))
((((( H
((((( H
(filedes >= 0 && (unsigned)filedes < (unsigned)_nhandle)
f:\dd\vctools\crt\crtw32\lowio\commit.c
_commit
(_osfile(filedes) & FOPEN)
("Invalid file descriptor. File possibly closed by a different thread",0)
f:\dd\vctools\crt\crtw32\lowio\write.c
_write
(_osfile(fh) & FOPEN)
(buf != NULL)
_write_nolock
((cnt & 1) == 0)
isleadbyte(_dbcsBuffer(fh))
f:\dd\vctools\crt\crtw32\h\tmakepath_s.inl
_wmakepath_s
(((_Path))) != NULL
f:\dd\vctools\crt\crtw32\h\tsplitpath_s.inl
_wsplitpath_s
(L"Invalid parameter", 0)
f:\dd\vctools\crt\crtw32\lowio\lseeki64.c
_lseeki64
f:\dd\vctools\crt\crtw32\stdio\_getbuf.c
_woutput_p_l
((type_pos >= 0) && (*end_pos == POSITION_CHAR) && (type_pos < _ARGMAX))
("Incorrect format specifier", 0)
((width_pos >= 0) && (*end_pos == POSITION_CHAR) && (type_pos < _ARGMAX))
_tvalidate_param_reuse(&pos_value[width_pos], e_int_arg, ch, flags)
((precis_pos >= 0) && (*end_pos == POSITION_CHAR) && (type_pos < _ARGMAX))
_tvalidate_param_reuse(&pos_value[precis_pos], e_int_arg, ch, flags)
((type_pos>=0) && (type_pos<_ARGMAX))
_tvalidate_param_reuse(&pos_value[type_pos], e_int_arg, ch, flags)
_tvalidate_param_reuse(&pos_value[type_pos], e_ptr_arg, ch, flags)
_tvalidate_param_reuse(&pos_value[type_pos], e_double_arg, ch, flags)
pass == FORMAT_OUTPUT_PASS
_tvalidate_param_reuse(&pos_value[type_pos], e_int64_arg, ch, flags)
_tvalidate_param_reuse(&pos_value[type_pos], e_long_long_arg, ch, flags)
((state == ST_NORMAL) || (state == ST_TYPE))
("Missing position in the format string", 0)
_woutput_s_l
f:\dd\vctools\crt\crtw32\stdio\printf.c
printf
(str != NULL)
f:\dd\vctools\crt\crtw32\stdio\fputwc.c
fputwc
_loc_update.GetLocaleT()->locinfo->mb_cur_max == 1 || _loc_update.GetLocaleT()->locinfo->mb_cur_max == 2
f:\dd\vctools\crt\crtw32\convert\mbtowc.c
_output_s_l
_output_p_l
_tvalidate_param_reuse(&pos_value[type_pos], e_short_arg, ch, flags)
f:\dd\vctools\crt\crtw32\misc\initctyp.c
ploci->ctype1_refcount > 0
american
american english
american-english
australian
belgian
canadian
chinese
chinese-hongkong
chinese-simplified
chinese-singapore
chinese-traditional
dutch-belgian
english-american
english-aus
english-belize
english-can
english-caribbean
english-ire
english-jamaica
english-nz
english-south africa
english-trinidad y tobago
english-uk
english-us
english-usa
french-belgian
french-canadian
french-luxembourg
french-swiss
german-austrian
german-lichtenstein
german-luxembourg
german-swiss
irish-english
italian-swiss
norwegian
norwegian-bokmal
norwegian-nynorsk
portuguese-brazilian
spanish-argentina
spanish-bolivia
spanish-chile
spanish-colombia
spanish-costa rica
spanish-dominican republic
spanish-ecuador
spanish-el salvador
spanish-guatemala
spanish-honduras
spanish-mexican
spanish-modern
spanish-nicaragua
spanish-panama
spanish-paraguay
spanish-peru
spanish-puerto rico
spanish-uruguay
spanish-venezuela
swedish-finland
america
britain
england
great britain
holland
hong-kong
new-zealand
pr china
pr-china
puerto-rico
slovak
south africa
south korea
south-africa
south-korea
trinidad & tobago
united-kingdom
united-states
f:\dd\vctools\crt\crtw32\misc\getqloc.c
__get_qualified_locale
wcsncpy_s(lpOutStr->szLocaleName, (sizeof(lpOutStr->szLocaleName) / sizeof(lpOutStr->szLocaleName[0])), _psetloc_data->_cacheLocaleName, wcslen(_psetloc_data->_cacheLocaleName) + 1)
LangCountryEnumProcEx
wcsncpy_s(_psetloc_data->_cacheLocaleName, (sizeof(_psetloc_data->_cacheLocaleName) / sizeof(_psetloc_data->_cacheLocaleName[0])), lpLocaleString, wcslen(lpLocaleString) + 1)
LanguageEnumProcEx
GetLocaleNameFromDefault
wcsncpy_s(_psetloc_data->_cacheLocaleName, (sizeof(_psetloc_data->_cacheLocaleName) / sizeof(_psetloc_data->_cacheLocaleName[0])), localeName, wcslen(localeName) + 1)
sizeInBytes <= INT_MAX
f:\dd\vctools\crt\crtw32\convert\wctomb.c
_wctomb_s_l
sizeInBytes > 0
f:\dd\vctools\crt\crtw32\misc\dbgdel.cpp
f:\dd\vctools\crt\crtw32\stdio\fclose.c
fclose
_fclose_nolock
f:\dd\vctools\crt\crtw32\lowio\osfinfo.c
_get_osfhandle
nptr != NULL
f:\dd\vctools\crt\crtw32\convert\wcstol.c
wcstoxl
ibase == 0 || (2 <= ibase && ibase <= 36)
f:\dd\vctools\crt\crtw32\stdio\vprintf.c
vprintf_helper
f:\dd\vctools\crt\crtw32\convert\strtol.c
strtoxl
f:\dd\vctools\crt\crtw32\string\wcsicmp.c
_wcsicmp_l
_wcsicmp
first != NULL
f:\dd\vctools\crt\crtw32\string\wcsnicmp.c
_wcsnicmp_l
last != NULL
_wcsnicmp
pNode->_Next != NULL
f:\dd\vctools\crt\crtw32\eh\typname.cpp
type_info::_Name_base
strcpy_s ((char *)((type_info *)_This)->_M_data, len+2, (char *)pTmpUndName)
type_info::_Name_base_internal
strcpy_s (pTmpTypeName, len+2, (char *)pTmpUndName)
f:\dd\vctools\crt\crtw32\lowio\close.c
_close
stream != NULL
f:\dd\vctools\crt\crtw32\stdio\_freebuf.c
CONOUT$
f:\dd\vctools\crt\crtw32\convert\wcstoq.c
wcstoxq
f:\dd\vctools\crt\crtw32\convert\wcstod.c
_wcstod_l
B_Locale != NULL
f:\dd\vctools\crt\fpw32\include\strgtold12.inl
__strgtold12_l
f:\dd\vctools\crt\fpw32\conv\cvt.c
_cftoe2_l
sizeInBytes > (size_t)(3 + (ndec > 0 ? ndec : 0) + 5 + 1)
strcpy_s(p, (sizeInBytes == (size_t)-1 ? sizeInBytes : sizeInBytes - (p - buf)), "e+000")
_cftoe_l
_cftoa_l
sizeInBytes > (size_t)(1 + 4 + ndec + 6)
_cftof2_l
_cftof_l
_cftog_l
f:\dd\vctools\crt\crtw32\startup\i386\fp8.c
_setdefaultprecision
_controlfp_s(((void *)0), 0x00010000, 0x00030000)
f:\dd\vctools\crt\crtw32\convert\strtoq.c
strtoxq
__wstrgtold12_l
f:\dd\vctools\crt\crtw32\convert\_fptostr.c
_fptostr
sizeInBytes > (size_t)((digits > 0 ? digits : 0) + 1)
pflt != NULL
f:\dd\vctools\crt\fpw32\conv\cfout.c
_fltout2
strcpy_s(resultstr, resultsize, autofos.man)
(options & ~_TWO_DIGIT_EXPONENT) == 0
f:\dd\vctools\crt\crtw32\stdio\outputformat.c
_set_output_format
("Invalid input value", 0)
f:\dd\vctools\crt\fpw32\tran\contrlfp.c
_controlfp_s
f:\dd\vctools\crt\crtw32\convert\strtod.c
_strtod_l
f:\dd\vctools\crt\fpw32\conv\x10fout.c
$I10_OUTPUT
strcpy_s(fos->man, 21+1, "1#SNAN")
strcpy_s(fos->man, 21+1, "1#IND")
strcpy_s(fos->man, 21+1, "1#INF")
strcpy_s(fos->man, 21+1, "1#QNAN")
f:\dd\vctools\crt\fpw32\tran\i386\ieee87.c
_set_controlfp
_controlfp_s(((void *)0), newctrl, mask & ~0x00080000)
HelloWindow
No antivirus signatures available.

Process Tree


regiterwindow - Copy.exe, PID: 1772, Parent PID: 1596

default registry file network process services synchronisation iexplore office pdf

Deprecation note: While processing this analysis you did not have the httpreplay Python library installed. Installing this library (i.e., pip install httpreplay) will allow Cuckoo to do more proper PCAP analysis including but not limited to showing full HTTP and HTTPS (!) requests and responses. It is recommended that you install this library and possibly reprocess any interesting analysis tasks.

DNS

Name Response Post-Analysis Lookup
time.windows.com

TCP

No TCP connections recorded.

UDP

Source Source Port Destination Destination Port
192.168.128.101 1025 192.168.128.111 53
192.168.128.101 137 192.168.128.255 137
192.168.128.101 138 192.168.128.255 138
192.168.128.101 1036 239.255.255.250 1900

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.
Task ID 3
Mongo ID 58baadd711d30832c4483182
Cuckoo release 2.0-dev