Analysis

Category Package Started Completed Duration Options Log
FILE regsvr 2020-05-23 00:51:11 2020-05-23 00:55:25 254 seconds Show Options Show Log
route = inetsim
2020-05-13 09:27:42,896 [root] INFO: Date set to: 20200523T00:51:10, timeout set to: 200
2020-05-23 00:51:10,046 [root] DEBUG: Starting analyzer from: C:\tmpt2nfl3rg
2020-05-23 00:51:10,046 [root] DEBUG: Storing results at: C:\nUvAnNyPfR
2020-05-23 00:51:10,046 [root] DEBUG: Pipe server name: \\.\PIPE\JyVZPXnvbT
2020-05-23 00:51:10,046 [root] DEBUG: Python path: C:\Users\Louise\AppData\Local\Programs\Python\Python38-32
2020-05-23 00:51:10,062 [root] DEBUG: No analysis package specified, trying to detect it automagically.
2020-05-23 00:51:10,062 [root] INFO: Automatically selected analysis package "regsvr"
2020-05-23 00:51:10,062 [root] DEBUG: Trying to import analysis package "regsvr"...
2020-05-23 00:51:10,078 [root] DEBUG: Imported analysis package "regsvr".
2020-05-23 00:51:10,078 [root] DEBUG: Trying to initialize analysis package "regsvr"...
2020-05-23 00:51:10,078 [root] DEBUG: Initialized analysis package "regsvr".
2020-05-23 00:51:10,109 [root] DEBUG: Trying to import auxiliary module "modules.auxiliary.browser"...
2020-05-23 00:51:10,109 [root] DEBUG: Imported auxiliary module "modules.auxiliary.browser".
2020-05-23 00:51:10,109 [root] DEBUG: Trying to import auxiliary module "modules.auxiliary.curtain"...
2020-05-23 00:51:10,156 [root] DEBUG: Imported auxiliary module "modules.auxiliary.curtain".
2020-05-23 00:51:10,156 [root] DEBUG: Trying to import auxiliary module "modules.auxiliary.digisig"...
2020-05-23 00:51:10,171 [root] DEBUG: Imported auxiliary module "modules.auxiliary.digisig".
2020-05-23 00:51:10,171 [root] DEBUG: Trying to import auxiliary module "modules.auxiliary.disguise"...
2020-05-23 00:51:10,187 [root] DEBUG: Imported auxiliary module "modules.auxiliary.disguise".
2020-05-23 00:51:10,187 [root] DEBUG: Trying to import auxiliary module "modules.auxiliary.human"...
2020-05-23 00:51:10,187 [root] DEBUG: Imported auxiliary module "modules.auxiliary.human".
2020-05-23 00:51:10,187 [root] DEBUG: Trying to import auxiliary module "modules.auxiliary.procmon"...
2020-05-23 00:51:10,187 [root] DEBUG: Imported auxiliary module "modules.auxiliary.procmon".
2020-05-23 00:51:10,203 [root] DEBUG: Trying to import auxiliary module "modules.auxiliary.screenshots"...
2020-05-23 00:51:10,203 [modules.auxiliary.screenshots] DEBUG: Importing 'time'
2020-05-23 00:51:10,203 [modules.auxiliary.screenshots] DEBUG: Importing 'StringIO'
2020-05-23 00:51:10,203 [modules.auxiliary.screenshots] DEBUG: Importing 'Thread'
2020-05-23 00:51:10,203 [modules.auxiliary.screenshots] DEBUG: Importing 'Auxiliary'
2020-05-23 00:51:10,203 [modules.auxiliary.screenshots] DEBUG: Importing 'NetlogFile'
2020-05-23 00:51:10,203 [modules.auxiliary.screenshots] DEBUG: Importing 'Screenshot'
2020-05-23 00:51:10,203 [lib.api.screenshot] DEBUG: Importing 'math'
2020-05-23 00:51:10,203 [lib.api.screenshot] DEBUG: Importing 'PIL.ImageChops'
2020-05-23 00:51:10,484 [lib.api.screenshot] DEBUG: Importing 'PIL.ImageGrab'
2020-05-23 00:51:10,484 [lib.api.screenshot] DEBUG: Importing 'PIL.ImageDraw'
2020-05-23 00:51:10,484 [modules.auxiliary.screenshots] DEBUG: Imports OK
2020-05-23 00:51:10,484 [root] DEBUG: Imported auxiliary module "modules.auxiliary.screenshots".
2020-05-23 00:51:10,484 [root] DEBUG: Trying to import auxiliary module "modules.auxiliary.sysmon"...
2020-05-23 00:51:10,500 [root] DEBUG: Imported auxiliary module "modules.auxiliary.sysmon".
2020-05-23 00:51:10,500 [root] DEBUG: Trying to import auxiliary module "modules.auxiliary.usage"...
2020-05-23 00:51:10,500 [root] DEBUG: Imported auxiliary module "modules.auxiliary.usage".
2020-05-23 00:51:10,500 [root] DEBUG: Trying to initialize auxiliary module "Browser"...
2020-05-23 00:51:10,500 [root] DEBUG: Initialized auxiliary module "Browser".
2020-05-23 00:51:10,500 [root] DEBUG: Trying to start auxiliary module "Browser"...
2020-05-23 00:51:10,500 [root] DEBUG: Started auxiliary module Browser
2020-05-23 00:51:10,500 [root] DEBUG: Trying to initialize auxiliary module "Curtain"...
2020-05-23 00:51:10,515 [root] DEBUG: Initialized auxiliary module "Curtain".
2020-05-23 00:51:10,515 [root] DEBUG: Trying to start auxiliary module "Curtain"...
2020-05-23 00:51:10,515 [root] DEBUG: Started auxiliary module Curtain
2020-05-23 00:51:10,515 [root] DEBUG: Trying to initialize auxiliary module "DigiSig"...
2020-05-23 00:51:10,515 [root] DEBUG: Initialized auxiliary module "DigiSig".
2020-05-23 00:51:10,515 [root] DEBUG: Trying to start auxiliary module "DigiSig"...
2020-05-23 00:51:10,515 [modules.auxiliary.digisig] DEBUG: Checking for a digital signature.
2020-05-23 00:51:10,984 [modules.auxiliary.digisig] DEBUG: File is not signed.
2020-05-23 00:51:10,984 [modules.auxiliary.digisig] INFO: Uploading signature results to aux/DigiSig.json
2020-05-23 00:51:10,984 [root] DEBUG: Started auxiliary module DigiSig
2020-05-23 00:51:10,984 [root] DEBUG: Trying to initialize auxiliary module "Disguise"...
2020-05-23 00:51:10,984 [root] DEBUG: Initialized auxiliary module "Disguise".
2020-05-23 00:51:10,984 [root] DEBUG: Trying to start auxiliary module "Disguise"...
2020-05-23 00:51:11,015 [root] DEBUG: Started auxiliary module Disguise
2020-05-23 00:51:11,015 [root] DEBUG: Trying to initialize auxiliary module "Human"...
2020-05-23 00:51:11,015 [root] DEBUG: Initialized auxiliary module "Human".
2020-05-23 00:51:11,015 [root] DEBUG: Trying to start auxiliary module "Human"...
2020-05-23 00:51:11,031 [root] DEBUG: Started auxiliary module Human
2020-05-23 00:51:11,031 [root] DEBUG: Trying to initialize auxiliary module "Procmon"...
2020-05-23 00:51:11,031 [root] DEBUG: Initialized auxiliary module "Procmon".
2020-05-23 00:51:11,031 [root] DEBUG: Trying to start auxiliary module "Procmon"...
2020-05-23 00:51:11,031 [root] DEBUG: Started auxiliary module Procmon
2020-05-23 00:51:11,031 [root] DEBUG: Trying to initialize auxiliary module "Screenshots"...
2020-05-23 00:51:11,031 [root] DEBUG: Initialized auxiliary module "Screenshots".
2020-05-23 00:51:11,031 [root] DEBUG: Trying to start auxiliary module "Screenshots"...
2020-05-23 00:51:11,031 [root] DEBUG: Started auxiliary module Screenshots
2020-05-23 00:51:11,031 [root] DEBUG: Trying to initialize auxiliary module "Sysmon"...
2020-05-23 00:51:11,046 [root] DEBUG: Initialized auxiliary module "Sysmon".
2020-05-23 00:51:11,046 [root] DEBUG: Trying to start auxiliary module "Sysmon"...
2020-05-23 00:51:11,046 [root] DEBUG: Started auxiliary module Sysmon
2020-05-23 00:51:11,046 [root] DEBUG: Trying to initialize auxiliary module "Usage"...
2020-05-23 00:51:11,046 [root] DEBUG: Initialized auxiliary module "Usage".
2020-05-23 00:51:11,046 [root] DEBUG: Trying to start auxiliary module "Usage"...
2020-05-23 00:51:11,046 [root] DEBUG: Started auxiliary module Usage
2020-05-23 00:51:11,046 [root] INFO: Analyzer: Package modules.packages.regsvr does not specify a DLL option
2020-05-23 00:51:11,046 [root] INFO: Analyzer: Package modules.packages.regsvr does not specify a DLL_64 option
2020-05-23 00:51:11,046 [root] INFO: Analyzer: Package modules.packages.regsvr does not specify a loader option
2020-05-23 00:51:11,062 [root] INFO: Analyzer: Package modules.packages.regsvr does not specify a loader_64 option
2020-05-23 00:51:11,265 [lib.api.process] INFO: Successfully executed process from path "C:\Windows\system32\regsvr32.exe" with arguments "C:\Users\Louise\AppData\Local\Temp\13213632.dat.dll" with pid 1972
2020-05-23 00:51:11,265 [lib.api.process] INFO: Monitor config for process 1972: C:\tmpt2nfl3rg\dll\1972.ini
2020-05-23 00:51:11,265 [lib.api.process] INFO: 32-bit DLL to inject is C:\tmpt2nfl3rg\dll\BYLpscw.dll, loader C:\tmpt2nfl3rg\bin\wuvxTQw.exe
2020-05-23 00:51:11,328 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\JyVZPXnvbT.
2020-05-23 00:51:11,328 [root] DEBUG: Loader: Injecting process 1972 (thread 2416) with C:\tmpt2nfl3rg\dll\BYLpscw.dll.
2020-05-23 00:51:11,343 [root] DEBUG: Process image base: 0x00A20000
2020-05-23 00:51:11,343 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\tmpt2nfl3rg\dll\BYLpscw.dll.
2020-05-23 00:51:11,343 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.
2020-05-23 00:51:11,343 [root] DEBUG: Successfully injected DLL C:\tmpt2nfl3rg\dll\BYLpscw.dll.
2020-05-23 00:51:11,359 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 1972
2020-05-23 00:51:13,359 [lib.api.process] INFO: Successfully resumed process with pid 1972
2020-05-23 00:51:13,593 [root] DEBUG: Python path set to 'C:\Users\Louise\AppData\Local\Programs\Python\Python38-32'.
2020-05-23 00:51:13,593 [root] DEBUG: Dropped file limit defaulting to 100.
2020-05-23 00:51:13,593 [root] DEBUG: RestoreHeaders: Restored original import table.
2020-05-23 00:51:13,609 [root] DEBUG: CAPE initialised: 32-bit monitor loaded in process 1972 at 0x70160000, image base 0xa20000, stack from 0x2d6000-0x2e0000
2020-05-23 00:51:13,609 [root] DEBUG: Commandline: C:\Users\Louise\AppData\Local\Temp\"C:\Windows\system32\regsvr32.exe" C:\Users\Louise\AppData\Local\Temp\13213632.dat.dll.
2020-05-23 00:51:13,656 [root] INFO: loaded: b'1972'
2020-05-23 00:51:13,656 [root] INFO: Loaded monitor into process with pid 1972
2020-05-23 00:51:13,656 [root] INFO: Disabling sleep skipping.
2020-05-23 00:51:13,656 [root] INFO: Disabling sleep skipping.
2020-05-23 00:51:13,656 [root] INFO: Disabling sleep skipping.
2020-05-23 00:51:13,671 [root] INFO: Disabling sleep skipping.
2020-05-23 00:51:13,703 [root] DEBUG: Target DLL loaded at 0x6FC90000: C:\Users\Louise\AppData\Local\Temp\13213632.dat.dll (0x1dd000 bytes).
2020-05-23 00:51:13,703 [root] DEBUG: set_caller_info: Adding region at 0x6FC90000 to caller regions list (ntdll::memcpy).
2020-05-23 00:51:13,718 [root] DEBUG: DLL unloaded from 0x75350000.
2020-05-23 00:51:13,718 [root] DEBUG: DLL unloaded from 0x76E00000.
2020-05-23 00:51:13,718 [root] DEBUG: DLL unloaded from 0x75AE0000.
2020-05-23 00:51:13,718 [root] DEBUG: DLL unloaded from 0x75350000.
2020-05-23 00:51:13,718 [root] DEBUG: DLL unloaded from 0x76E00000.
2020-05-23 00:54:33,734 [root] INFO: Analysis timeout hit, terminating analysis.
2020-05-23 00:54:33,734 [lib.api.process] ERROR: Failed to open terminate event for pid 1972
2020-05-23 00:54:33,734 [root] INFO: Terminate event set for process 1972.
2020-05-23 00:54:33,734 [root] INFO: Created shutdown mutex.
2020-05-23 00:54:34,734 [root] INFO: Shutting down package.
2020-05-23 00:54:34,734 [root] INFO: Stopping auxiliary modules.
2020-05-23 00:54:34,890 [lib.common.results] WARNING: File C:\nUvAnNyPfR\bin\procmon.xml doesn't exist anymore
2020-05-23 00:54:34,890 [root] INFO: Finishing auxiliary modules.
2020-05-23 00:54:34,890 [root] INFO: Shutting down pipe server and dumping dropped files.
2020-05-23 00:54:34,890 [root] WARNING: Folder at path "C:\nUvAnNyPfR\debugger" does not exist, skip.
2020-05-23 00:54:34,906 [root] INFO: Analysis completed.

Machine

Name Label Manager Started On Shutdown On
win7x64_2 win7x64_6 KVM 2020-05-23 00:51:12 2020-05-23 00:55:25

File Details

File Name 13213632.dat
File Size 896512 bytes
File Type PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
PE timestamp 2020-05-22 08:35:26
MD5 34356355a617f271fbb8301cfbe86367
SHA1 94e27772dab7041348f4edb73220702d874f3da5
SHA256 4468edc18de42e61b64441c75aedcb15d553410d473e77fc8ae31b358acd506a
SHA512 d8ad7bc6eddff4b7911ad55dfba56f7939f6b11399a266f60f9eb7b0bec0a7abbe3bbd8cb8d7f2cd5ff831b57e1c409e9bd92d17531c52e7d0c326db64014113
CRC32 12DE5B9A
Ssdeep 24576:vrWOeHffIEcSHuTEN9Sn0vdE/OhHLLw8y:zCHffIE7OwNk0vWmJLu
Download Download ZIP Resubmit sample

Signatures

Creates RWX memory
Dynamic (imported) function loading detected
DynamicLoader: api-ms-win-core-synch-l1-2-0.DLL/InitializeCriticalSectionEx
DynamicLoader: kernel32.dll/FlsAlloc
DynamicLoader: kernel32.dll/FlsSetValue
DynamicLoader: api-ms-win-core-synch-l1-2-0.DLL/InitializeCriticalSectionEx
DynamicLoader: kernel32.dll/FlsAlloc
DynamicLoader: kernel32.dll/FlsGetValue
DynamicLoader: kernel32.dll/FlsSetValue
DynamicLoader: kernel32.dll/LCMapStringEx
DynamicLoader: kernel32.dll/FlsAlloc
DynamicLoader: kernel32.dll/FlsFree
DynamicLoader: kernel32.dll/FlsGetValue
DynamicLoader: kernel32.dll/FlsSetValue
DynamicLoader: kernel32.dll/InitializeCriticalSectionEx
DynamicLoader: kernel32.dll/InitOnceExecuteOnce
DynamicLoader: kernel32.dll/CreateEventExW
DynamicLoader: kernel32.dll/CreateSemaphoreW
DynamicLoader: kernel32.dll/CreateSemaphoreExW
DynamicLoader: kernel32.dll/CreateThreadpoolTimer
DynamicLoader: kernel32.dll/SetThreadpoolTimer
DynamicLoader: kernel32.dll/WaitForThreadpoolTimerCallbacks
DynamicLoader: kernel32.dll/CloseThreadpoolTimer
DynamicLoader: kernel32.dll/CreateThreadpoolWait
DynamicLoader: kernel32.dll/SetThreadpoolWait
DynamicLoader: kernel32.dll/CloseThreadpoolWait
DynamicLoader: kernel32.dll/FlushProcessWriteBuffers
DynamicLoader: kernel32.dll/FreeLibraryWhenCallbackReturns
DynamicLoader: kernel32.dll/GetCurrentProcessorNumber
DynamicLoader: kernel32.dll/CreateSymbolicLinkW
DynamicLoader: kernel32.dll/GetCurrentPackageId
DynamicLoader: kernel32.dll/GetTickCount64
DynamicLoader: kernel32.dll/GetFileInformationByHandleEx
DynamicLoader: kernel32.dll/SetFileInformationByHandle
DynamicLoader: kernel32.dll/GetSystemTimePreciseAsFileTime
DynamicLoader: kernel32.dll/InitializeConditionVariable
DynamicLoader: kernel32.dll/WakeConditionVariable
DynamicLoader: kernel32.dll/WakeAllConditionVariable
DynamicLoader: kernel32.dll/SleepConditionVariableCS
DynamicLoader: kernel32.dll/InitializeSRWLock
DynamicLoader: kernel32.dll/AcquireSRWLockExclusive
DynamicLoader: kernel32.dll/TryAcquireSRWLockExclusive
DynamicLoader: kernel32.dll/ReleaseSRWLockExclusive
DynamicLoader: kernel32.dll/SleepConditionVariableSRW
DynamicLoader: kernel32.dll/CreateThreadpoolWork
DynamicLoader: kernel32.dll/SubmitThreadpoolWork
DynamicLoader: kernel32.dll/CloseThreadpoolWork
DynamicLoader: kernel32.dll/CompareStringEx
DynamicLoader: kernel32.dll/GetLocaleInfoEx
DynamicLoader: kernel32.dll/LCMapStringEx
DynamicLoader: kernel32.dll/InitializeConditionVariable
DynamicLoader: kernel32.dll/SleepConditionVariableCS
DynamicLoader: kernel32.dll/WakeAllConditionVariable
DynamicLoader: kernel32.dll/AreFileApisANSI
DynamicLoader: KERNELBASE.dll/CompareStringEx
DynamicLoader: kernel32.dll/EnumSystemLocalesEx
DynamicLoader: kernel32.dll/GetDateFormatEx
DynamicLoader: kernel32.dll/GetLocaleInfoEx
DynamicLoader: kernel32.dll/GetTimeFormatEx
DynamicLoader: kernel32.dll/GetUserDefaultLocaleName
DynamicLoader: kernel32.dll/IsValidLocaleName
DynamicLoader: kernel32.dll/LCIDToLocaleName
DynamicLoader: kernel32.dll/LocaleNameToLCID
DynamicLoader: kernel32.dll/FlsFree
File has been identified by 2 Antiviruses on VirusTotal as malicious
ESET-NOD32: a variant of Win32/GenKryptik.ELAD
Endgame: malicious (high confidence)
Queries or connects to DNS-Over-HTTPS/DNS-Over-TLS domain or IP address
ip: 1.1.1.1
Queries or connects to DNS-Over-HTTPS/DNS-Over-TLS domain or IP address
ip: 1.1.1.1
The binary contains an unknown PE section name indicative of packing
unknown section: name: .gfids, entropy: 3.81, characteristics: IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ, raw_size: 0x00000a00, virtual_size: 0x000009a8
Authenticode signature is invalid
authenticode error: No signature found. SignTool Error File not valid C\Users\Louise\AppData\Local\Temp\13213632.dat
Network activity detected but not expressed in API logs
Anomalous binary characteristics
anomaly: Actual checksum does not match that reported in PE header

Screenshots


Hosts

Direct IP Country Name
Y 8.8.8.8 [VT] United States
Y 1.1.1.1 [VT] Australia

DNS

No domains contacted.


Summary

C:\Users\Louise\AppData\Local\Temp\13213632.dat.dll
C:\Windows\System32\api-ms-win-core-fibers-l1-1-1.DLL
C:\Windows\System32\api-ms-win-core-localization-l1-2-1.DLL
C:\Windows\System32\api-ms-win-core-datetime-l1-1-1.DLL
C:\Windows\System32\api-ms-win-core-localization-obsolete-l1-2-0.DLL
C:\Users\Louise\AppData\Local\Temp\13213632.dat.dll
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\SideBySide
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\SideBySide\PreferExternalManifest
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\SideBySide\PreferExternalManifest
kernel32.dll.FlsAlloc
kernel32.dll.FlsSetValue
kernel32.dll.FlsGetValue
kernel32.dll.LCMapStringEx
kernel32.dll.FlsFree
kernel32.dll.InitializeCriticalSectionEx
kernel32.dll.InitOnceExecuteOnce
kernel32.dll.CreateEventExW
kernel32.dll.CreateSemaphoreW
kernel32.dll.CreateSemaphoreExW
kernel32.dll.CreateThreadpoolTimer
kernel32.dll.SetThreadpoolTimer
kernel32.dll.WaitForThreadpoolTimerCallbacks
kernel32.dll.CloseThreadpoolTimer
kernel32.dll.CreateThreadpoolWait
kernel32.dll.SetThreadpoolWait
kernel32.dll.CloseThreadpoolWait
kernel32.dll.FlushProcessWriteBuffers
kernel32.dll.FreeLibraryWhenCallbackReturns
kernel32.dll.GetCurrentProcessorNumber
kernel32.dll.CreateSymbolicLinkW
kernel32.dll.GetTickCount64
kernel32.dll.GetFileInformationByHandleEx
kernel32.dll.SetFileInformationByHandle
kernel32.dll.InitializeConditionVariable
kernel32.dll.WakeConditionVariable
kernel32.dll.WakeAllConditionVariable
kernel32.dll.SleepConditionVariableCS
kernel32.dll.InitializeSRWLock
kernel32.dll.AcquireSRWLockExclusive
kernel32.dll.TryAcquireSRWLockExclusive
kernel32.dll.ReleaseSRWLockExclusive
kernel32.dll.SleepConditionVariableSRW
kernel32.dll.CreateThreadpoolWork
kernel32.dll.SubmitThreadpoolWork
kernel32.dll.CloseThreadpoolWork
kernel32.dll.CompareStringEx
kernel32.dll.GetLocaleInfoEx
kernel32.dll.AreFileApisANSI
kernelbase.dll.CompareStringEx
kernel32.dll.EnumSystemLocalesEx
kernel32.dll.GetDateFormatEx
kernel32.dll.GetTimeFormatEx
kernel32.dll.GetUserDefaultLocaleName
kernel32.dll.IsValidLocaleName
kernel32.dll.LCIDToLocaleName
kernel32.dll.LocaleNameToLCID
Every Cry fr

BinGraph Download graph

PE Information

Image Base Entry Point Reported Checksum Actual Checksum Minimum OS Version Compile Time Import Hash Exported DLL Name
0x10000000 0x10045fa0 0x000dbd14 0x000e6a7c 6.0 2020-05-22 08:35:26 4d1dc40f2c189a6ce0335c5f074fa246 main.dll

Sections

Name RAW Address Virtual Address Virtual Size Size of Raw Data Characteristics Entropy
.text 0x00000400 0x00001000 0x0008cdcf 0x0008ce00 IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ 6.33
.rdata 0x0008d200 0x0008e000 0x0004326a 0x00043400 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 5.45
.data 0x000d0600 0x000d2000 0x00101d90 0x00003c00 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE 5.00
.gfids 0x000d4200 0x001d4000 0x000009a8 0x00000a00 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 3.81
.tls 0x000d4c00 0x001d5000 0x00000009 0x00000200 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE 0.02
.rsrc 0x000d4e00 0x001d6000 0x000004c0 0x00000600 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 4.58
.reloc 0x000d5400 0x001d7000 0x000058b8 0x00005a00 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ 6.65

Resources

Name Offset Size Language Sub-language Entropy File type
RT_VERSION 0x001d60a0 0x000002c4 LANG_ENGLISH SUBLANG_ENGLISH_US 3.45 None
RT_MANIFEST 0x001d6364 0x0000015a LANG_ENGLISH SUBLANG_ENGLISH_US 4.80 None

Imports

0x1008e000 VirtualProtect
0x1008e004 GetCurrentDirectoryA
0x1008e008 Sleep
0x1008e00c OpenMutexA
0x1008e010 SetFileAttributesA
0x1008e014 CreateProcessA
0x1008e018 ReadConsoleW
0x1008e01c SetStdHandle
0x1008e028 GetEnvironmentStringsW
0x1008e02c GetCommandLineW
0x1008e030 MultiByteToWideChar
0x1008e034 WideCharToMultiByte
0x1008e038 GetStringTypeW
0x1008e03c EnterCriticalSection
0x1008e040 LeaveCriticalSection
0x1008e044 DeleteCriticalSection
0x1008e048 EncodePointer
0x1008e04c DecodePointer
0x1008e050 SetLastError
0x1008e058 CreateEventW
0x1008e05c TlsAlloc
0x1008e060 TlsGetValue
0x1008e064 TlsSetValue
0x1008e068 TlsFree
0x1008e070 GetModuleHandleW
0x1008e074 GetProcAddress
0x1008e078 CompareStringW
0x1008e07c LCMapStringW
0x1008e080 GetLocaleInfoW
0x1008e084 GetCPInfo
0x1008e088 CloseHandle
0x1008e08c SetEvent
0x1008e090 ResetEvent
0x1008e094 WaitForSingleObjectEx
0x1008e0a0 GetCurrentProcess
0x1008e0a4 TerminateProcess
0x1008e0ac IsDebuggerPresent
0x1008e0b0 GetStartupInfoW
0x1008e0b8 GetCurrentProcessId
0x1008e0bc GetCurrentThreadId
0x1008e0c0 InitializeSListHead
0x1008e0c4 RaiseException
0x1008e0c8 RtlUnwind
0x1008e0cc GetLastError
0x1008e0d0 FreeLibrary
0x1008e0d4 LoadLibraryExW
0x1008e0d8 InterlockedFlushSList
0x1008e0dc HeapAlloc
0x1008e0e0 HeapValidate
0x1008e0e4 GetSystemInfo
0x1008e0e8 GetModuleFileNameW
0x1008e0ec GetModuleHandleExW
0x1008e0f0 ExitProcess
0x1008e0f4 HeapFree
0x1008e0f8 HeapReAlloc
0x1008e0fc HeapSize
0x1008e100 HeapQueryInformation
0x1008e104 GetProcessHeap
0x1008e108 GetStdHandle
0x1008e10c GetFileType
0x1008e110 WriteFile
0x1008e114 OutputDebugStringW
0x1008e118 WriteConsoleW
0x1008e11c GetDateFormatW
0x1008e120 GetTimeFormatW
0x1008e124 IsValidLocale
0x1008e128 GetUserDefaultLCID
0x1008e12c EnumSystemLocalesW
0x1008e130 GetFileSizeEx
0x1008e134 SetFilePointerEx
0x1008e138 FlushFileBuffers
0x1008e13c GetConsoleCP
0x1008e140 GetConsoleMode
0x1008e144 ReadFile
0x1008e148 GetTimeZoneInformation
0x1008e14c FindClose
0x1008e150 FindFirstFileExW
0x1008e154 FindNextFileW
0x1008e158 IsValidCodePage
0x1008e15c GetACP
0x1008e160 GetOEMCP
0x1008e164 GetCommandLineA
0x1008e168 CreateFileW
0x1008e170 OleInitialize
0x1008e174 CoUninitialize
0x1008e178 CoInitialize
0x1008e17c OleUninitialize
0x1008e180 CoRevokeClassObject

Exports

Ordinal Address Name
1 0x10011ad0 DllRegisterServer
2 0x10011e20 DllUnregisterServer
3 0x10011e40 Monthallow
4 0x10011e00 Restdescribe
!This program cannot be run in DOS mode.
/lq6qep
/lq6qlp
/lq6q
/lq6qnp
/lqRich
.text
`.rdata
@.data
.gfids
@.tls
.rsrc
@.reloc
'[vMh
u^S*k;US
[t=CV
Z*T6DW
Mhmib*
)5UwU
KI1'\5
zc:pc3
mZymd
aus/yuv
tFS.~
2$8P8
L `2th(
T\3!5\
|4>!~
|s4|8
)jf1N7
+p{}j-
P0GBC
V/VKW
/<S$//
]Dq!\Nf
/l1O`J
F8F]Q
" K:T`
6jCW'
/Qj'X!
;FbQX
AbKF`
N.7=g
pQIKtWD9
gya}r%-&
@<U0%%
iFS;sn
g>RKx
~xb}/
KG4su
8epwP"
>Cu](
mD=iu
SX~hAG
LT6En
71`+R
p(fi!
nclmh
chedi
ghkdj
jhikS
ldlhf
KuDjG
eVEWH
M]Hue
V;;SA
]8;e*
+D$<i
*D$<,
PQSVW
;E$w5
;E$w5
;E$w5
;E$w5
;E$w5
;E$w5
U$Rj<j
U$Rj<j
M$Qj;j
M$Qj;j
U$Rj<j
M$Qj;j
u#h _
u3h8_
5Genu
t#h`5
PQSVW
t&h(8
t&h|8
t&h 7
t.hL6
URPQQh
SVWUj
;t$,v-
UQPXY]Y[
PPPPPPPP
t&hxI
t&h<J
t&htJ
t&h(D
t1hTO
u&htM
u&h<b
u&h`c
u&hpe
u&hpe
u#h g
u&h j
u&h j
u&h<k
u&h<k
u&h l
u&hxl
u&h l
u&hxl
P$+Q8+U
J$+H8+M
Gu'j
Gu'j
;H8tw
;H8te3
u#hPi
u#hPi
u#hPi
u#hPi
u#hPi
u#hPi
unjWh
u#hPi
###########################
######
YY_^]
SSSSj
r:jph
u?h4g
f9:t!V
tDjfh
WSVPP
SWj=V
jUhl"
jth #
u#hT9
u#hT9
u#h 9
u#h 9
;r&hp
_SjtVh8
vGj"X
_SjyVh8
PPPPPPPP
j0Vhx
Y__^[
bad allocation
false
f:\dd\vctools\crt\crtw32\stdhpp\xlocale
f:\dd\vctools\crt\crtw32\stdcpp\locale.cpp
f:\dd\vctools\crt\crtw32\stdhpp\xutility
0123456789-+Ee
0123456789ABCDEFabcdef-+Xx
0123456789ABCDEFabcdef-+XxPp
Bf:\dd\vctools\crt\crtw32\stdcpp\locale0.cpp
Standard C++ Libraries Out of Range
address family not supported
address in use
address not available
already connected
argument list too long
argument out of domain
bad address
bad file descriptor
bad message
broken pipe
connection aborted
connection already in progress
connection refused
connection reset
cross device link
destination address required
device or resource busy
directory not empty
executable format error
file exists
file too large
filename too long
function not supported
host unreachable
identifier removed
illegal byte sequence
inappropriate io control operation
interrupted
invalid argument
invalid seek
io error
is a directory
message size
network down
network reset
network unreachable
no buffer space
no child process
no link
no lock available
no message available
no message
no protocol option
no space on device
no stream resources
no such device or address
no such device
no such file or directory
no such process
not a directory
not a socket
not a stream
not connected
not enough memory
not supported
operation canceled
operation in progress
operation not permitted
operation not supported
operation would block
owner dead
permission denied
protocol error
protocol not supported
read only file system
resource deadlock would occur
resource unavailable try again
result out of range
state not recoverable
stream timeout
text file busy
timed out
too many files open in system
too many files open
too many links
too many symbolic link levels
value too large
wrong protocol type
unknown error
f:\dd\vctools\crt\crtw32\stdcpp\_tolower.c
:Sun:Sunday:Mon:Monday:Tue:Tuesday:Wed:Wednesday:Thu:Thursday:Fri:Friday:Sat:Saturday
:Jan:January:Feb:February:Mar:March:Apr:April:May:May:Jun:June:Jul:July:Aug:August:Sep:September:Oct:October:Nov:November:Dec:December
f:\dd\vctools\crt\crtw32\stdhpp\xlocnum
%b %d %H : %M : %S %Y
%m / %d / %y
:AM:am:PM:pm
%I : %M : %S %p
%H : %M
%H : %M : %S
%d / %m / %y
0123456789-
%.0Lf
0123456789-
0123456789-
0123456789-+Ee
0123456789ABCDEFabcdef-+Xx
0123456789-
0123456789-+Ee
0123456789ABCDEFabcdef-+Xx
0123456789ABCDEFabcdef-+XxPp
0123456789ABCDEFabcdef-+XxPp
+v$x+v$xv$+xv+$xv$+x+$vx+$vx$v+x+$vx$+vx+v $+v $v $+v +$v $++$ v+$ v$ v++$ v$+ v+xv$+ v$v$ +v+ $v$ ++x$v+ $v$v ++ $v$ +v
Standard C++ Libraries Invalid Argument
raB3G<
0123456789-
0123456789-
0123456789abcdefghijklmnopqrstuvwxyz
0123456789abcdefghijklmnopqrstuvwxyz
f:\dd\vctools\crt\crtw32\misc\stllcmapstringa.cpp
FlsAlloc
FlsFree
FlsGetValue
FlsSetValue
InitializeCriticalSectionEx
InitOnceExecuteOnce
CreateEventExW
CreateSemaphoreW
CreateSemaphoreExW
CreateThreadpoolTimer
SetThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CloseThreadpoolTimer
CreateThreadpoolWait
SetThreadpoolWait
CloseThreadpoolWait
FlushProcessWriteBuffers
FreeLibraryWhenCallbackReturns
GetCurrentProcessorNumber
CreateSymbolicLinkW
GetCurrentPackageId
GetTickCount64
GetFileInformationByHandleEx
SetFileInformationByHandle
GetSystemTimePreciseAsFileTime
InitializeConditionVariable
WakeConditionVariable
WakeAllConditionVariable
SleepConditionVariableCS
InitializeSRWLock
AcquireSRWLockExclusive
TryAcquireSRWLockExclusive
ReleaseSRWLockExclusive
SleepConditionVariableSRW
CreateThreadpoolWork
SubmitThreadpoolWork
CloseThreadpoolWork
CompareStringEx
GetLocaleInfoEx
LCMapStringEx
f:\dd\vctools\crt\crtw32\stdcpp\xstrcoll.c
f:\dd\vctools\crt\crtw32\stdcpp\xwcsxfrm.c
f:\dd\vctools\crt\crtw32\misc\stlcomparestringa.cpp
bad array new length
bad exception
f:\dd\vctools\crt\vcruntime\src\internal\per_thread_data.cpp
__based(
__cdecl
__pascal
__stdcall
__thiscall
__fastcall
__vectorcall
__clrcall
__eabi
__ptr64
__restrict
__unaligned
restrict(
delete
operator
`vftable'
`vbtable'
`vcall'
`typeof'
`local static guard'
`string'
`vbase destructor'
`vector deleting destructor'
`default constructor closure'
`scalar deleting destructor'
`vector constructor iterator'
`vector destructor iterator'
`vector vbase constructor iterator'
`virtual displacement map'
`eh vector constructor iterator'
`eh vector destructor iterator'
`eh vector vbase constructor iterator'
`copy constructor closure'
`udt returning'
`RTTI
`local vftable'
`local vftable constructor closure'
new[]
delete[]
`omni callsig'
`placement delete closure'
`placement delete[] closure'
`managed vector constructor iterator'
`managed vector destructor iterator'
`eh vector copy constructor iterator'
`eh vector vbase copy constructor iterator'
`dynamic initializer for '
`dynamic atexit destructor for '
`vector copy constructor iterator'
`vector vbase copy constructor iterator'
`managed vector copy constructor iterator'
`local static thread guard'
operator ""
Type Descriptor'
Base Class Descriptor at (
Base Class Array'
Class Hierarchy Descriptor'
Complete Object Locator'
Normal
Ignore
Client
Client hook allocation failure at file %hs line %d.
Client hook allocation failure.
Error: memory allocation: bad memory block type.
Client hook re-allocation failure at file %hs line %d.
Client hook re-allocation failure.
Error: memory allocation: bad memory block type.
Memory allocated at %hs(%d).
The Block at 0x%p was allocated by aligned routines, use _aligned_realloc()
Error: possible heap corruption at or near 0x%p
The Block at 0x%p was allocated by aligned routines, use _aligned_free()
Client hook free failure.
HEAP CORRUPTION DETECTED: before %hs block (#%d) at 0x%p.
CRT detected that the application wrote to memory before start of heap buffer.
Memory allocated at %hs(%d).
HEAP CORRUPTION DETECTED: before %hs block (#%d) at 0x%p.
CRT detected that the application wrote to memory before start of heap buffer.
HEAP CORRUPTION DETECTED: after %hs block (#%d) at 0x%p.
CRT detected that the application wrote to memory after end of heap buffer.
Memory allocated at %hs(%d).
HEAP CORRUPTION DETECTED: after %hs block (#%d) at 0x%p.
CRT detected that the application wrote to memory after end of heap buffer.
DAMAGED
HEAP CORRUPTION DETECTED: on top of Free block at 0x%p.
CRT detected that the application wrote to a heap buffer that was freed.
Memory allocated at %hs(%d).
HEAP CORRUPTION DETECTED: on top of Free block at 0x%p.
CRT detected that the application wrote to a heap buffer that was freed.
%hs located at 0x%p is %Iu bytes long.
Memory allocated at %hs(%d).
%hs located at 0x%p is %Iu bytes long.
Cycle in block list detected while processing block located at 0x%p.
Heap validation failed.
Bad memory block found at 0x%p.
Memory allocated at %hs(%d).
Bad memory block found at 0x%p.
%.2X
Data: <%s> %s
Dumping objects ->
#File Error#(%d) :
%hs(%d) :
{%ld}
client block at 0x%p, subtype %x, %Iu bytes long.
normal block at 0x%p, %Iu bytes long.
crt block at 0x%p, subtype %x, %Iu bytes long.
Object dump complete.
Detected memory leaks!
<program name unknown>
[aOni*{
eLK(w
~ $s%r
@b;zO]
iu+-,
obwQ4
v2!L.2
^<V7w
INITY
inity
SNAN)
snan)
IND)ind)e
('8PW
700PP
`h`hhh
xwpwpp
(null)
minkernel\crts\ucrt\inc\corecrt_internal_stdio_output.h
minkernel\crts\ucrt\src\appcrt\locale\setlocale.cpp
minkernel\crts\ucrt\src\appcrt\stdio\_file.cpp
minkernel\crts\ucrt\src\appcrt\stdio\setvbuf.cpp
!"#$%&'()*+,-./0123456789:;<=>[email protected][\]^_`abcdefghijklmnopqrstuvwxyz{|}~
!"#$%&'()*+,-./0123456789:;<=>[email protected][\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~
minkernel\crts\ucrt\src\appcrt\locale\initctype.cpp
minkernel\crts\ucrt\inc\corecrt_internal_win32_buffer.h
minkernel\crts\ucrt\src\appcrt\time\strftime.cpp
minkernel\crts\ucrt\src\appcrt\time\wcsftime.cpp
CorExitProcess
minkernel\crts\ucrt\src\appcrt\startup\argv_parsing.cpp
minkernel\crts\ucrt\src\desktopcrt\env\environment_initialization.cpp
minkernel\crts\ucrt\src\appcrt\startup\onexit.cpp
minkernel\crts\ucrt\src\appcrt\internal\per_thread_data.cpp
!"#$%&'()*+,-./0123456789:;<=>[email protected][\]^_`abcdefghijklmnopqrstuvwxyz{|}~
minkernel\crts\ucrt\src\appcrt\locale\wsetlocale.cpp
Sunday
Monday
Tuesday
Wednesday
Thursday
Friday
Saturday
January
February
March
April
August
September
October
November
December
MM/dd/yy
dddd, MMMM dd, yyyy
HH:mm:ss
Second Chance Assertion Failed: File
<file unknown>
, Line
_CrtDbgReport: String too long or IO Error
Assertion failed:
Assertion failed!
%s(%d) : %s
_CrtDbgReport: String too long or Invalid characters in String
AreFileApisANSI
CompareStringEx
EnumSystemLocalesEx
FlsAlloc
FlsFree
FlsGetValue
FlsSetValue
GetActiveWindow
GetDateFormatEx
GetLastActivePopup
GetLocaleInfoEx
GetProcessWindowStation
GetTimeFormatEx
GetUserDefaultLocaleName
GetUserObjectInformationW
InitializeCriticalSectionEx
IsValidLocaleName
LCMapStringEx
LCIDToLocaleName
LocaleNameToLCID
MessageBoxA
MessageBoxW
AppPolicyGetProcessTerminationMethod
AppPolicyGetShowDeveloperDiagnostic
AppPolicyGetWindowingModel
log10
atan2
floor
ldexp
_cabs
_hypot
frexp
_logb
_nextafter
NAN(SNAN)
nan(snan)
NAN(IND)
nan(ind)
e+000
minkernel\crts\ucrt\src\appcrt\stdio\_sftbuf.cpp
minkernel\crts\ucrt\src\appcrt\stdio\_getbuf.cpp
minkernel\crts\ucrt\src\appcrt\locale\getlocaleinfoa.cpp
minkernel\crts\ucrt\src\appcrt\locale\getstringtypea.cpp
minkernel\crts\ucrt\src\appcrt\locale\lcmapstringa.cpp
minkernel\crts\ucrt\src\appcrt\time\tzset.cpp
minkernel\crts\ucrt\src\appcrt\startup\argv_wildcards.cpp
minkernel\crts\ucrt\src\appcrt\mbstring\mbctype.cpp
minkernel\crts\ucrt\src\desktopcrt\env\get_environment_from_os.cpp
minkernel\crts\ucrt\src\desktopcrt\env\setenv.cpp
minkernel\crts\ucrt\src\appcrt\locale\initmon.cpp
minkernel\crts\ucrt\src\appcrt\locale\initnum.cpp
minkernel\crts\ucrt\src\appcrt\locale\inittime.cpp
?X&eB
?h6_~
?7Tf(
=\uI=
]vQ<)8
|)P!?Ua0
Eb2]A=
hb?O2
2ieO=
|W8A=
np?z
u?^p?o4
Pex?0
y1~?|"
V%A+=
?|I7Z#
>,'1D=
?g)([|X>=
?IT$7
:h"?bC
@H#?43
Ax#?uN}*
r7Yr7=
.K="=
F0$?3=1
H`$?h|
&?~YK|
sU0&?W
:]=O>
CqTR;
AiFC.
<{Q}<
hI{L[
<8bunz8
?(FN\
K<<H!
m1WY$
?#%X.y
F||<##
T~OXu
<@En[vP
1#INF
1#QNAN
1#SNAN
1#IND
minkernel\crts\ucrt\src\appcrt\lowio\osfinfo.cpp
minkernel\crts\ucrt\src\appcrt\lowio\read.cpp
minkernel\crts\ucrt\src\appcrt\locale\comparestringa.cpp
log10
?5Wg4p
BC .=
%S#[k
"B <1=
#.X'=
?Unknown exception
bad cast
bad locale name
C:\Program Files (x86)\Microsoft Visual Studio 14.0\VC\include\xlocale
generic
iostream
iostream stream error
ios_base::badbit set
ios_base::failbit set
ios_base::eofbit set
Every Cry fr
C:\Program Files (x86)\Microsoft Visual Studio 14.0\VC\include\xutility
string too long
invalid string position
XY`TO
=r55%
?9'''
k#/r;
%Myedb
3ZH'}
}T"-S
ooooTTTT
d9kSy
|0xD/xI
+.8L|
9-4c3
+.T$W
hfhfgg
imhic
deefn
m*$Ikj
digcg
mdfgz|
jmgne
tQpdh
gcfhl
fjedf
mdiwn
gfeSA
hggce
flhhnm
54nok
joeof
&Tnoe
mcdng&
ejkfel
no>!F"e
idggmk
effgojkg]
HFlhf
milQ{
fikR)
kdigmkff
nkgckge
mcfkn
hfeee
Dmdgle
dkoHKS
ffkhl
2odgl
`8IMf
jkde"
hlledlhf
mlinm7j
nf^.,
qt[+gfo
)6mkk
mc3VAZ
mljh
fkgkc
ndglm
gdhng
+fkcm
dfkif
.$z|%ah
dhcklj
r#z$gd
lddhgjmh
mhf't
mnkhhg
W&nen
xI!0f_
dgmlki
cohfj
9-{{J
ylcdllhlh
hgkmf
gkgchg
nmhgdYj
khmnlmg
genmcV
fikihek
ghdgh
chgmm
#Z7hf
cikhn
mgknef
hiejn
NHseleekfehn2
Dmmif
v)gjokcemnhm
g``igg
O4hgoe
"?ugn
indchkce
m=~dh
\o$Dlkccg
klkm~h
WM<5Ro
hmdgg
<cnldehc
GTyN2
fifkm
tte<Am
ckfcddT
hmgeh
ilgelhj
g{:,d
legBv
ceeml
lkfcg
kmfdS
mhked|
gkhkg
kfhmgkA
geelm
elcgh:v
fzwDe
+bcfme
HS:p'
sljjmj
h,Rgnd
tkhjknc
hfndgeog
mgfglh
UTs)+CW
klhckc
mihmhdoh
zefgge
KRfkl
elknn
kgkjk
lqIJ:d
@#imee
jedjnrvs
Kfhck
mhkege3#
ffdgnfhf
f6Tmceho
c'H[g
lglmf
dhdknkd+
knmoe
mfmege
igifeh
dhmee
cijkom
nc\;l
fdfj?U>
&gkdmm
kldenX
;gfnm
mgnf.
fmhfo
gkejgf
PBfdnhkf
ohmeg
2gkomkefd
s`eint
cfengfhm
jhkjf
<dclhg
V2cjkdc
\liml
ddhlI
-dS b
]ldfh
gkcmj
ocod<
gdm?E
fljfgghg
cngghmdn
ghemd
l:J=C
cgkg[
lgklf
Y6kAcf
gfmhkla
henfdg
dkklc
h`mgmkde
ifkcl
bqghmh
mgg'Ad
clkkl\5]
jcfghLU
pCi:jgkhenl
mejml
hvBlBdh
nclccmj
hehiden
gedjfjk<-
fgdjndlyDIn
nddihhgna[Dl
glfhl
feicl
Qcmfc
(omhmo/
mmkmj
ge8vUi
hk}k0
&lnek
hgneh
gekcd"
cF%\
ikcmol
kcmf.!M#
n u\7
nd=zA
oficl
gdnkc{
chgign
lggmkd
.jSejj
eefehg
shdeledlme
HWjcngo
nkekd
mdjj['
jgcce=
ghgnco
gllmjm
flnmk
jeemlc
mkcdh(
V5Fs]
kihig
hgmhmhdl
*cimk
fgclfh
jcefm
ehhcnh
Amkgg
T}peh
fdmfdg
~xjdjf
7dndi
awngf
gmeflmh
'Hnchcecm
fdhhnt$
%>.fgeoemg
Gmeimf
kehi?
MXQ=z
hlgldgkn
dmhlC
onmfg
kmmjg
ndghc
ngnfh
hjndk
kcegx$g
fggmgg$
ogdfgk
fj.Kt
fdhgcj:.kfngk6
hgnjRx
ggefm
a-;me
dnmmlcK"
fgklkk
gecfdmh
kiemnr
skfflh
cljho
c/LCv
ekgkgngm\
ifhef
dlk%:
hnemd
eneodhj
rVkkd
jcdnm
odnmr
kh$JY
on'A(
scdgj
5q^&m
!gjoc
Djhnkcm
kmgcf
hkhhggm
dhhfc
lihjjcBBd
ifgne
memie
immlo
mefdhdgO`US|jk
dmmek
oddkli
3;$Wih
fhlhcj
$ehhkf
dolkc
fmdlkk
fmmgn
Q-595deg
iieh4
gx jm
lijmke
ggggl
WqcfmgemgmG4}k
mnlle
hkkcmkkc
&vPoR
hjngm
iokkcg
Tr\Kc
kmnmn
hlejf
xjohf
mnhdh
5gmdddk
gccmg
hechj
hfdee
dxdel
kkhcof
jnje_
s5Jmhil
dmkcI
ggkef
lcdkg
lholm!^v+
hfjgdd
fgkoBa;
ollp*
ckllegk
kglgo
mkjko
dfhXP
kgfj~
cmnol
mhkhO
khde?5
takhl
gincn{4
hnldce
hhnZ+8-
gidke
^cAii_
ikjfci
eF_nfeneB
)dfmhnj
gfggm
lnfngg.Z
Jgclg
fjmdnmo
kgiog
demvk
gedfgkl
ieJ8p
jcedw
cgnecgh
cmigfl
amhkfi
cdrec
jklogcmgcT
:Oklf
khegf
fdg9R&
Memdlklm
cglkh
cggkf
S-kgf
-&W3O
hchm]
Bkngml
gcjfj
H(zeo
digmm
cmn j
.tS&ce
jdj?q
gfgkdc
fhgfmh!
mlcimk
0yi^|
koogh
olhgd
gglglk
gelhj
wiolge
Zdkgk
N%0tVP
hgnck
Qidcf
dheggff
eemhh
GPcdf
cnelmk
llgk2
kkmhn
_kegmh
ekgiglg
rmfihl
%[7~mh
%'mgidkG
xBd2w
gmmgfd
fnicg
g=">X-k
)0F"f
oced8C
3mmef
fchlc
ekdlefgn
jeggkk
ghcgchki)
@6ief
keloCd&')
4|sfd
mgnKH
kmedz
lkhmjc
s,yjh
(hlcg
;@|ce
?j7vw
fhdnomgR
l0jggf
gef"g
kokhg
mhhlofh
cjmnn
dccic
ciNl'MB
?&-/-q
igcgj
gjhidf
ecj9%lkkgec
T,Y&n
jdj3O+Jg
gcggkgh
2njoh
Xhmfck
cgfeg
[nolm
kkkhmfme
mlllASh
&0gXhlc
nhkflke
hnodo
ggdm]
cegfj
mkjenHu5
hg.2Dj
fljfd
nfcmd
kUs'dch
iemkcgZ
LPVfjjdlig
jgngh
k"0L\t
hgjcc
fkcie
~highgm
modLa
dlgmdfJ
$qfcd
gAN;mg
f#Zdj
ndimo
kpv-D
j/hho
hfgmlkikdmf
#legmh
lc'EUmh
Pjnfkio
[Rcgccn
a'8+4
mkjek
hckikf
gleomf
wiYKH
jfckk
hkghg
t\fldehf
kigme
`fM:E<
jQ3M$T
ejcenmglk
` J}@x
gwX\(eh
fmkd#*
Hedkjh
2pdhmdc
fkc}S
mdfjgn
hneckj
zujBg
gnokeh
m#yE.`kccke
lY=eg
nhegh
Sjdfj
g~zchecfQ
i2=kc
*aV:~]
ldf2S
09mgejg
dk^ug
kmhcgmc e
khlcm
gigjgnh
cl?Hdjhh
!dfdocn
glcSwm
yvdHYc
ehklm
lhlfC
h}dfg
ghfhjc
gjdjej
Kjmlgedjg
ce2yZgh
gefmmehf
ikkik
iigjh
nfhnf
djdck
Hefffg
ljffjj
&*gmekeel
, glk
|,tL:
knhgm
mhmc[
ondik*
gkmkO
cnhlc
VWTULMfmldm
^YX[%Z[
Idoen
icnnhg
fcmfl
jeeng
okogg
FGDEcmf
hhiic
~}|rP
^mkfg
kgjdk
neeX$
YS$xE
nhjjj
aakmgc
5e_2V
enI*hg
Pmcgf
Tighlgcfe
fdfnm
ledgc
kBgAkfi
f[nfX
dkgkpd
nhigg
kichj
fgD~Sh
|tsgnf
cmkkc
mhenj
'9fegd
hlelgf
ncefnD
!cdnhk
gdkchg
gXfZgh
ymlmnm
mgiod
fdfg\
efedoe
gheC+
Bgjmk
nhehg
hmklC
nhkgc
egdme
jknek
dkhgk
EikgimH
gckm.
{+jOL&
kkQ?n
1ddhj
llcgfGP
fmggd
Theeh
)hlemj
cgmdlc6
kokghc
;jnok
kcchg1
lfcc`ub[
L9U;A
egmlSX#
Qefjg
dnggn
jeggm6
)kghle
qp]jhd
nnmfh
ngdmf
Zekgem\
hicn?
mijghm^
kmhod
leid>
Weemgejml
jmmiF2
elhhgI
hekfd
ffogifin
klfkfe
p&ja[Xd
dghek
Kjmhhm
_nhghgdc
dx-dckgf
H-&keo
~Deecgde
lkmegcc
gkkcmv
kmccd
foknmh|
!>dinl
nY'im
mozic
fOnl|
lmhghl
Xgmch
cjfkmc>
ifggfj
vnemo
gokkfe
hgkmfmhf
edknN
gmmnih
lcghcm
negjU
fmkeff
mnhgdje
kkilc
mghgkdkg
o*0O<
mdc-RO
lhegj
dgckga
mhmjgn
jch#]
{\kgo
egd2r~H
Zy-hkc
KQg-480
kegjrf4
gdge*
demcp
fmgokr
.Jmcg
hghgnD`
"?lngd
eegfc
ggkolhi
8otkh
vhgkh
*lkoeioif
}cjhel
mgkk>
mfnei
oocdlfni
2(injmg
MRemgdo
fkkidh
mekddn
cdcgn
ggkmkc
mkigff
UtQggh
hkdim
dkggkmmq
nmgnr#
3V o*
}-6_mgnejd
hmkfd
elmngklf
6gdfk
fnhnlmg
1(wDl
ddegf
/Jnke
jJ$1f
hdmhmeEe
nnhemh
tEM-(
aigh
Vcndgl
lgfmcQ(
liexO
ogcmchn
ckkleld
HPGL[YAu
dikgco
giged
gfddnl
cnfk5
Temgm
gdgjgi
~Tocgfcgfk
ndggcmf
gffde
lmdgX
loecnmk
ocnP^lhc
Qiedne
gmkmQ
&90lmd
fleldh
(kglcf
lhggm
mmfmg
Bklhh
gnnjn
-~Yhh
HZ68R
lnlgnm
emdeh
/jKcc
`kfcc
hd#B?
Jc0dl
ofjhx
hkmdnuQ
k3Ezi
hnfkg
_lcnm
nfn.a
fkdgnn
a4memf
fngeg
jjmQ]
dmfdkligk
4N%gd
[\glk
cceCv
dgdjd
jjdfek
kgkck
)oWuq}
cO^N!)
gfdfgkh
djccd
ghdnfg
ldlfJ
enncdonn
kenmj
b'gmc
[Xhddf
Afkfiecm
;6mcc
defddl
flgcc
!efgdg
0k03hgfkk
fenCV
kckig
ccjdl
trfng
,jhfldf
eegig
cjdlf
d0AD,N
|Nr}cl
klnkgldfkgq_ghh
omdkgkhK
gclemc
hlgeh
nme4h
gjolcS
jlffn
ggjnc
nmgdh
%'fjhi
emhgcg
cdQ`fkemkincg
~`5&@
ecmfk
lfggo
gljhc
fwo~C#
ffcnclg?
ghiek
ogehi
ghch/
egjnek
hd%r$h
#glgghj
cZ. 8
?3uKhl
iddmk
/-zfk
jgdghm
hlcfn
dgnncg]
nijhced
OK^)@}d
comdl
mmkhehgo
vmell
QVSkk
hink6?gg
Mlmlc
doegm
nc2-:.
mlnnic
kasok
nhgmg
o`@y)+z
gkfdihmgg
dighc.
gh,mcnm
/=mlo
&ehlc
mgcjg
*8nhhkmg
[feengfd
emkgk
Qcmfh
k/nchnn
gknhg
Z/eoc
edeHBI
klgnglhD
(ygmi
fkhee
l~Mf&}
gihgkj
Hgghjmo
hlfcenf
chihhge
kflgoD
ncckj
djjjll
hhn\w
i{ikg
s(bE~
ckgf'2co5
klinM
eklll
llhchiadf
cmfll
cif5z
ammedfikk
.ggehi
cidilv
ghcfken
nhcch
juhiko
_fgci
hHuigjhlM&$g
dcfih
ikkmdi
jdeln
nefnl
molcS
fheek
mjkfkgi
dkgnk
gggndj
cHY*q
gedod
OIfkhg
gnjggf
jk<$:
hfifc
hfdeellm
x+gooemn
njc72j
xkijeii
ejmecig
hflefhi)
fkedc
&chohgVy
idjelj
ATfjn
Nmfgcm
YEcfdghhd
fggkmmfk
ckiyt
jhnjjn.
6omlggkcn
S*djided
kncccg
eeggl
'gkege
3&gng
ec9tmMgen
lkfkc
fmdfd
m5>,G
yGxKLz,dm
vnemf
mk(J7lh
gdhlg
echgi
.N.^R
SQ2gdhjhjokfa0
-kjje
":hig
hgndin
mH`8`
`PPPES
,b\bg
)L/|7v9
jeffmj
khgjcoh
idwCw
fmgko
khffu
M&}&_
fdkfe
kdlgk
hmkmmv
dmkchhem
lnngg
o klg
cedcee
dfmggc
kmehcg
i,`<m
j`3_#_84(4
gVwje
"lfnd
V)Fcnmn
mneldokc
2enhl
l)M/W
gckhv
deged
dmgj}
cgc20d6^
LhEcg
ffkiicmZ
kF2ggeg
$w&mml
ggjgm
WAmegh
fhnmhL
?T;x?
jdg'j
.mchon
:Fmdhg
dfkli
hiigc
fngndgi
+;B=a{
G9ggk
k$jef
dfgmk
mnlFXBo
Clnomh
aQXX=
kkegg
ko-Ei
fnkvV
:dIEG
fehff
eeenmk
cjemh
ddlcd
gdnflh
mfnij
gh4#`Uqecc
)+!9=')
GS"">
fdloc
nnkIUS
keclxg
iguyw
~hjek
"Ohhkjng
kgjfl
kc&SZW
8TV(fce
n<rgn
]Zo9u
laV}n
0lgia
2K#Ql
C!eeC
/AYtt
Contains
Cast+^
Castk\
RSDSk
c:\swim\collect\Warm\Farm\Hair\free\RootAnd.pdb
.text$di
.text$mn
.text$x
.text$yd
.idata$5
.00cfg
.CRT$XCA
.CRT$XCC
.CRT$XCL
.CRT$XCU
.CRT$XCZ
.CRT$XIA
.CRT$XIC
.CRT$XIZ
.CRT$XLA
.CRT$XLZ
.CRT$XPA
.CRT$XPX
.CRT$XPXA
.CRT$XPZ
.CRT$XTA
.CRT$XTZ
.rdata
.rdata$T
.rdata$r
.rdata$zzzdbg
.rtc$IAA
.rtc$IZZ
.rtc$TAA
.rtc$TZZ
.xdata$x
.edata
.idata$2
.idata$3
.idata$4
.idata$6
.data
.data$r
.gfids$y
.tls$
.tls$ZZZ
.rsrc$01
.rsrc$02
main.dll
DllRegisterServer
DllUnregisterServer
Monthallow
Restdescribe
VirtualProtect
GetCurrentDirectoryA
Sleep
OpenMutexA
SetFileAttributesA
CreateProcessA
KERNEL32.dll
OleUninitialize
CoInitialize
CoUninitialize
OleInitialize
CoRevokeClassObject
ole32.dll
MultiByteToWideChar
WideCharToMultiByte
GetStringTypeW
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
EncodePointer
DecodePointer
SetLastError
InitializeCriticalSectionAndSpinCount
CreateEventW
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
GetModuleHandleW
GetProcAddress
CompareStringW
LCMapStringW
GetLocaleInfoW
GetCPInfo
CloseHandle
SetEvent
ResetEvent
WaitForSingleObjectEx
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
InitializeSListHead
RaiseException
RtlUnwind
GetLastError
FreeLibrary
LoadLibraryExW
InterlockedFlushSList
HeapAlloc
HeapValidate
GetSystemInfo
GetModuleFileNameW
GetModuleHandleExW
ExitProcess
HeapFree
HeapReAlloc
HeapSize
HeapQueryInformation
GetProcessHeap
GetStdHandle
GetFileType
WriteFile
OutputDebugStringW
WriteConsoleW
GetDateFormatW
GetTimeFormatW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetFileSizeEx
SetFilePointerEx
FlushFileBuffers
GetConsoleCP
GetConsoleMode
ReadFile
GetTimeZoneInformation
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
SetStdHandle
ReadConsoleW
CreateFileW
Copyright (c) by P.J. Plauger, licensed by Dinkumware, Ltd. ALL RIGHTS RESERVED.
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
elggrI
fnhnj
gelg6
gcelU
fedkiim
95jhc
cehgem
dllnhhgk!
mgkjejl
PPdkj
kd1<dmk
cclkd
hjcgkg
&i&mM
X'X#kg
ikcgdg
os}w}
JQjoll
Fimim
=Vclkho1
mcnhgj
uknffkkk
Omdhgc
x)z)~
Q|inicj
ancnjfgmg
kofg+
kgngke
fkiic
e{S{nn
gnkkni
hi/l7q"ql
6Kuvw|o|
jcnhnejgM
glhkdH
dgmck
mkdck
jmkekJP
qimiggi
kcmmif
cnfjeicky
xK`mmn
kenK[b/
jffnm
rgkcdd
igcf7
jT{kkmg
3P;PN
,o$kfh
agdhh
d|\JFdf
jjcjdd
QbYjdoim
YGfcj
gielhm
|kgmmlc
Irggmi
nljkk
fglhgkmf:B
gioejk
mmkkm(
Ta`t0
Ec _i
bicVF
OtXRia
Wa
.$.taCn0
$l_ct
Sptau
a 3d4
sh4otx
4p4T$
oe2 S3
0.$_V
EPx8_
sd_nt
P2P sT
tej_%
lt djsl\
zyld7l
tly`t.
_t.yu
05Ei0
i b_9P
s$do
asip$
c$eA.
4oe6_
t_nat
Pfd 2
i_lt.e
b4i0&
hPrd7
dbt2P
aai60`
66yyfb
p mt
7 _t0
tPd$j
_bPts_
lo_6o
ic d4
selti
"0A0.0oh
2u _t
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
<trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">
<security>
<requestedPrivileges>
<requestedExecutionLevel level="asInvoker" uiAccess="false"></requestedExecutionLevel>
</requestedPrivileges>
</security>
</trustInfo>
</assembly>PAPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDING
0&0F0f0
1&1D1f1p1
1&2F2f2
3&3F3f3
4&4F4f4
5&5F5f5
7f8t8s9x9
:$:=:B:G:X:]:f:
;F;V;};
;6<C<c<
0.1V1b1
162C2X2h2
4"4f4u4H5
566C6X6h6x6
7+787H7
768F8]8m8}8
959e9
:&:+:A:F:_:d:
;o;t;
;Q<V<l<q<
<!=&=<=A=W=\=&>+>A>F>\>a>y>~>
1b1z1
4&545V5
6&737S7q7
8F8S8o8
869D9f9
: :>:
;$;F;
<#<0<I<V<
<&=5=U=s=
>C>U>`>t>z>
?"?(?.?:?I?O?`?o?u?
0#0.040C0R0X0_0h0n0~0
1"111
4!4P4
5+525:5P5^5b5t5y5
5,666K6
828}8
:!:):/:E:O:X:a:f:k:u:z:
;,;1;6;E;Q;b;j;o;u;{;
=,=;=A=K=Z=b=t=z=
>">6>A>G>O>T>]>b>
&070F1W1
162F2
4f4v4|5
5V6^7h7r7
9&:3:v:
161C1[1c1t1
1&282H4
6E6L6
7$7J7T7
7+8g8
969D9
=l=x=
0 1E1
2H2x2
869E9g9o9
96:E:g:o:
:6;E;g;o;
;6<E<g<o<
<6=E=g=o=
=6>C>
?#?N?
0.0f0s0
1\1v1
2+2\2\3a3
3%4*467H7b7
7)8V<e<F=U=6>E>&?5?
1(1?2M2
;?=*>
2F3X3
0)1d2
3+3~3
3N4g4
536L6
>%>A>
1*2?2z3
6%6A6
:7:M=
2'3E3
3F4X4u4
>F?V?
60C0[0
2D2V2e2
465E5
5_6m6
8'8/8~8
9#9J9
<$<|<
=7=n=
=6>C>[>'?,?9?F?K?T?m?r?w?
1F2X265E5a7j7W8
:6;E;O<i<
'09063H3
:(;/;
7%7v7
9V9i9s:
:N<a<
<X=|=
0G273
;$<T=
=4>6?E?
366E6
;/<n>
2%2F4U4w4
4F5U5w5
5F6U6w6
6F7U7w7
7F8U8w8
8F9U9w9
9F:U:w:
:F;U;w;
;F<U<w<
<F=U=w=
=F>U>w>
>F?U?w?
F0U0w0
0F1U1w1
1F2U2w2
2F3U3w3
3F4U4w4
4F5U5w5
5F6U6w6
6F7U7w7
7F8U8w8
8F9U9w9
9F:U:w:
:F;U;w;
;f<s<
=F>S>
?V?c?
061C1
2.2f2s2
3F3S3~3
3&434^4
5>5v5
7#7N7
8.8f8s8
9F9S9~9
9&:3:^:
;#;N;
<8<v<
<\=|=
=,>L>l>
?,?L?l?
060C0[0
0,1\1
2V4e4
6\8a8
8Z9_9l9y9~9
9J:O:\:i:n:w:
:(;-;x;};
<1<6<;<
<5=:=u=z=
0#1(151B1G1S1o1t1y1C2H2U2b2g2s2
?#?(?4?P?U?Z?
2K3T3
8k8t8
>6?E?
f0u0V1e1F2U263E3&454
>f?u?
V0e0F1U162E2&353
=F>X>o?}?
8D;^<
2Z3i3
<&=5=
0K1Y1K4
2*313,:
0&181b1
2J3Q3L:
4`5v5
5}607F7
768I8
:l:&;
;:<v<
<6=E=
617J7
;^<z<
=U>q>
?V?h?
0#1<1
5^6z6
m0t0t2{2
9==D=D?K?
h5l5p5t5x5|5
8'9x9
0V1c1\2s2
5&757F8U8
9F;U;q;
>%>A>Z?o?
2F3U3q3
6!667H7g7&:5:Q:
;F=U=q=
1/1j2
3&555Q5f6u6
:";);
1 1$1(1,1014181<[email protected]
1"2)2
8 8$8(8,8084888<[email protected]
4?5a5
; <Z=
3S4b4
676J6
9G;a;
;F<U<
9&:8:U:
=f>u>
1&252V2
3'595-6
163E3J:
=F?U?w?
F0U0w0
0F1U1w1
1F2U2w2
2F3U3w3
3F4U4w4
4F5U5w5
5F6U6w6
6F7S7~7
7V8c8
869C9n9
93:c:v:
;f;s;
<,<L<l<
<F=U=
?)?.?7?P?U?Z?
f0u0z1
14595F5S5X5d5
<f=u='?
&181b1
2J3Q3G:
3F3Y3
5P6i6
778P8
:\>c>
9&:5:
>>?{?
2 2$2(2,20242
8&959N9p9
=3>B>
0'0:0v1
1&353V3
96;E;h?
5U5d5l5v5|5
;b<g<s<
=)=.=8=>=L=Q=[=a=o=t=~=
>#>->3>A>F>P>V>d>i>s>y>
?"?(?6?;?E?K?Y?^?h?n?|?
0+000:[email protected]]0c0q0v0
1 1%1/151C1H1R1X1f1k1u1{1
20262h2
9 :&:
<4<9<B<
1(1J1[1k1p1v1
192A2J2Q2`2
32393?3F3T3Z3h3t3y3
8*838<8V8[8m8
;l;p;t;x;
<-<2<S<X<f<
=2=>=F=[=p=
W0a0l0s0
1#1-171I1[1m1v1
2!2,21272A2K2`2e2
454Z4
575D5M5U5
6#7+7I7R7Z7
7&8f8q8~8
9%949:9D9d9
:&:*:Z;_;h;
?[?`?d?h?l?
252C2
4T7g7
9a:~:
:f<z<
0:0K0
063F3
3!3L3t3y3
4)4K4j4o4{4
5)6}6
8f9n9
:);o;
<(<I<
=0=^=
>E>M>\>
0'0.040=0e0q0
1!2-2
2l3b4p4}4
475D5
:F;{;
?B?\?h?w?|?
0P1V1
3)3(4-4?4p4y4
4,5{5
5?6J6S6[6e6n6s6y6
9 :%:*:u:
;(;P;\;y;
>$>->6>>>E>K>Q>Y>_>
?X?b?g?s?
080=0O0d0q0z0
1/1C1m1v1
2 2)2.2
2`3g3
43484=4c4
4K5l5
596>6x6}6
7/74797F7f7
8x:}:
;O;T;`;
?&?N?q?}?
0F0e0q0
0C1H1M1
4%4M4p4|4
5E5d5p5
5B6G6L6
7W7&868F8V8
:%;U;
< <&</<J<Q<
5=6B6N6~6
7W7\7h7
8>8C8H8
<&<D>H>L>
1%1P1U1
3+404<4\4`4d4h4l4p4t4x4|4
6O6T6`6<8
:5:::F:m:r:w:
:*;g;,<
%3*363
3M4R4^4
5#5(5p5u5
;6<G=
1#1y1~1
4I5N5Z5
5u7z7
8>9C9O9
="=n=s=
1I1N1S1
:+;0;5;b;
< <~<
>j?q?
0!0h0l0p0t0x0|0
0+10151
13383D3q3v3{3
5+606<6i6n6s6
6X8\8`8d8h8l8p8t8x8|8l9q9}9
:9:>:C:y:
:(<,<0<4<8<<<@<D<H<L<
00151A1n1s1x1
4L6P6T6X6\6`6d6h6
7#7(7i7
:(:,:0:4:8:<:@:D:
?#?(?p?u?
0H0M0R0
9E9J9O9
9~:V;[;`;
=(=1=<=F=d=r=
>:>m>
>)?.?3?
0k1w1
253:3C3m3r3w3y4
5h6m6
9r<~<
=#=M=R=W=P>U>^>
>X?]?o?
0(1-1?1
30858>8h8m8r8(9-9?9
9J:V:
;$<)<2<\<a<f<
=T=Y=b=
?L?Q?V?
184=4O4
6!6K6P6U6
7B7G7L7
7L8Q8Z8
; ;h;m;
=(>->2>u>z>
'030d0i0r0
0(2-2?2u2z2
6;7k7
8%<1<
?7?T?
5p5u5z5
6(7-727
889=9I9v9{9
:Z:_:k:
?&?S?X?]?
0y0~0
0+101<1i1n1s1
3"4'434`4e4j4
5.53585
7J8O8[8
8,919=9j9o9t9(:-:9:f:k:p:
;4;9;>;
;)<.<3<
4V5[5g5
5x7}7
7j8o8{8
8]9b9n9
:":R:W:\:
;:<P<T<X<\<`<d<h<l<p<t<x<|<
u0)202O2
6r7w7|7
;]<b<g<
>!?&?+?
=0B0G0
2s3x3}3<4A4F4
4w5|5
878<8A8
8o9t9
;8;=;B;
>'>4>
>)?.?3?
1<1A1F1
2E2h2m2
415b5|5
7+7>7l7z7
;);v;
<J<d<
6<6W6s6x6
6h7m7
<f=k=
1/1h1
9"9.9[9`9e9
4(545y5
5'6/6;6Y6
788=8F8
8F:s:}:
:d;k;
<@<G<u<|<
=3=V=
=(>->?>
1!1&1
1n2w2=3
4a4f4k4F5q5v5{5
6"6'6j6
7 7%7
7'8,818
=J>O>T>
>9?>?C?
001:1b1g1l1q1
2m2y2>3J3
3\4 5
5=6B6G6
=)?;?
)0`2d2h2l2
2&3+303`3e3j3
4N4S4X4_4
5"5'5.5W5\5a5F6Y6^6l6q6
8 818G8
9F9R9^9c9h9
:$:):.:
;9;>;C;
='>.>8>S>
>/?h?m?
90N0S0X0
0c1h1m1
272<2A2u2
2*3^3c3h3
4c4h4m4r4
4&5U5
6$666^6q6
8R8W8\8
::;}<
> >$>(>,>0>4>
?$?H?M?_?
0(0U0Z0_0
283=3O3
454J4
5 565;[email protected][5`5v5{5
6 666;[email protected][6`6v6{6
7 767;[email protected][7`7v7{7
9>9f9k9w9
:+:M:l:q:}:
;#;:;X;
;+<a<
>I>\>
>!?D?
0M0`0
5Z6g6w6
8L8U8`8
9#9,959
:2:y:
<O<W<
=+>2>
1;2h2p2}2
"272L2
6'6,656Z6_6h6O8T8]8
;8;=;B;X=j=
>!>->Z>_>d>
?#?/?\?a?f?
6*7[7
8Y9^9g9
03080=0
0A1F1O1y1~1
9#9(9m:r:~:
:8;=;O;
<e=j=s=
=\?h?
%0*030]0b0g0-2920555>5 7%7.7:9?9H9
1*1/181m1r1w1
2X3]3o3D4e4s4
5/545=5g5l5q5
6I6d6
>6>x>
0Y1c102:2)3
4 5;5_6i6 7;7l8v809K9
;1<T<Y<b<
=5=:=?=
=,>e>j>v>
>&?+?7?o?t?y?
2x2}2
4+5j5\6a6j6
:5;v;
?7?<?E?z?
0 0%0o0
0=1B1K1
1C1H1M1
4#4M4v4
5 5)5S5X5]5q5
6[6`6i6
697s7
7&8+808Q8V8[8v8
9%9J9O9T9
<'<2<<<J<T<d<j<
1g1r1
1M2R2W2^2
3)3|3
44494B4k6
6[7`7l7
:<;C<
2w3X5]5o5
8=8M8W8u8
9t=>>
0'0,090>0k0
6+707;7h7m7x7
8"808;8G8L8W8
9I9h9
:9:m:
=9=i=
283=3O3|3
4X5w5
616P6o6
<'=E=d=
9a:f:o:
:O;x;};
0#0[1
4)4V4[4`4
;<<A<F<
<f=k=p=
>d?i?n?
4F5c5
9>:D:
;g=|?
232<2d2
3p4y4
536X6v7{7
9G9L9Q9
9#:(:-:f:k:t:
:R;W;`;
=.=3=8=
>#>(>g>l>u>
5H6g6
2*3y3
3=9n9
:#:p:
:<;n;
1%1Z1b1i1u1
262a2
3G3r3
434c4
555e5
6'6<6g6
;a;f;o;k<p<y<
=#=(=
>=>B>G>\?l?q?z?
6D8I8N8S8
9I9N9S9X9
:K:n:s:|:
='>0>W>`>
030^0c0o0
3F3f3
3H4|4J5x5
696W6&7_778w8
:&:\:
:6;\;
;h<m<
<-=2=7=]=
>&>^>c>h>
0B0G0S0
1"1N1
2y2~2
3+40454
4/5\5
626s6
7R7h7
8Z9_9k9
:!<J<O<[<
>M?R?Z?|?
0?0D0I0
1(171
3 3,3\3a3f3
5/6|6/7
7)9.949X9w9}9
;\;a;j;
<$<)<
>6?;?D?n?s?x?
#0(0-0f0k0t0
6:7S7
; ;';7;E;V;n;t;
;K<P<Y<
=D=I=R=|=
>3>8>=>v>{>
?,?1?6?
6I6Q6Y6a6i6
7)7I7
;V<[<m<
011N1
6J6z6
9B9z9
:$;R;
<"=Z=
=">b>
>,?R?
0*1b1
2B2j2
2*3Z3
797\7
7.8b8
:2:Z:
;:;j;
<U<r<
0L0|0
1"1J1
<2<R<r<
=*=T=d=t=
2 2$2(2,2024282<[email protected]\2`2d2h2l2p2
2T3X3\3`3d3h3|3
4 4$4(4,4
5 5$5(5,5054585<[email protected]\5`5d5h5l5p5t5x5t8x8|8
9 9$9(9,9094989<[email protected]\9`9d9h9l9p9t9x9|9
: :$:(:,:0:4:8:<:@:D:H:L:P:T:X:\:`:d:h:l:p:t:x:|:
?$?,?4?<?D?L?T?\?d?l?t?|?
0$0,040<0D0L0T0\0d0l0t0|0
: :$:(:,:0:4:8:<:@:D:H:L:P:T:X:\:`:d:h:l:p:t:x:
; ;$;(;,;0;4;8;<;@;D;H;L;P;T;X;\;`;d;h;l;p;t;x;|;
< <$<(<,<0<4<8<<<@<D<H<L<P<T<X<\<`<d<h<l<p<t<x<|<
= =$=(=,=0=4=8=<[email protected]=D=H=L=P=T=X=\=`=d=h=l=p=t=x=|=
> >$>(>,>0>4>8><>@>D>H>L>P>T>X>\>`>d>h>l>p>t>x>|>
: :$:(:,:0:4:8:<:@:D:H:L:P:T:X:\:`:d:h:l:p:t:x:|:
3$3,343<3D3L3T3\3d3l3t3|3
4$4,444<4D4L4T4\4d4l4t4|4
5$5,545<5D5L5T5\5d5l5t5|5
6$6,646<6D6L6T6\6d6l6t6|6
7$7,747<7D7L7T7\7d7l7t7|7
8$8,848<8D8L8T8\8d8l8t8|8
9$9,949<9D9L9T9\9d9l9t9|9
: :(:0:8:@:H:P:X:`:h:p:x:
; ;(;0;8;@;H;P;X;`;h;p;x;
< <(<0<8<@<H<P<X<`<h<p<x<
= =([email protected]=H=P=X=`=h=p=x=
> >(>0>8>@>H>P>X>`>h>p>x>
? ?([email protected]?H?P?X?`?h?p?x?
0 0([email protected]`0h0p0x0
9 9$9(9,9094989<[email protected]\9`9d9h9l9p9t9x9|9
: :$:(:,:0:4:8:<:@:D:H:L:P:T:X:\:`:d:h:l:p:t:x:|:
h0l0p0t0x0l?p?t?
P<X<`<d<h<l<p<t<x<|<
<(?0?4?8?<[email protected]?D?H?L?P?T?X?\?`?d?h?l?
7 7$7(7,707<[email protected]\7`7d7h7l7p7t7x7|7
`9d9h9l9p9t9x9|9
4$4,444<4D4L4T4
; ;$;
6$606<6H6T6`6l6x6
7 7,787D7P7\7h7t7
8 8,888D8P8\8h8t8
:$:,:4:<:D:L:T:\:d:l:t:|:
;$;,;4;<;D;L;T;\;d;l;t;|;
<$<,<4<<<D<L<T<\<d<l<t<|<
=$=,=4=<=D=L=T=\=d=l=t=|=
>$>,>4><>D>L>T>\>d>l>t>|>
?$?,?4?<?D?L?T?\?d?l?t?|?
0$0,040<0D0L0T0\0d0l0t0|0
; ;(;0;8;@;H;P;X;`;h;p;x;
< <(<0<8<@<H<P<X<`<h<p<x<
= =([email protected]=H=P=X=`=h=p=x=
> >(>0>8>@>H>P>X>`>h>p>x>
? ?([email protected]?H?P?X?`?h?p?x?
0 0([email protected]`0h0p0x0
1 1([email protected]`1h1p1x1
1z;~;
[email protected]=T=X=\=`=x=|=
>$>(>,>0>8>P>`>d>t>x>|>
? ?$?(?,?4?L?\?`?p?t?x?|?
0 0$0(000H0X0\0l0p0t0x0|0
1 1([email protected]\1l1p1x1
2(2,2D2H2`2d2|2
4$44484H4L4P4T4X4`4x4
5 50545D5H5L5P5T5\5t5
8 8$84888<[email protected]|8
9(9,9<[email protected]\9`9h9
:(:8:<:L:P:T:X:\:d:|:
;(;8;<;L;P;T;X;\;d;|;
<,<0<@<D<H<L<P<T<X<`<x<
=$=4=8=H=L=\=`=d=h=l=t=
> >8>H>L>\>`>d>h>l>t>
? ?$?(?<[email protected]?P?T?X?\?`?d?h?p?
040D0H0X0\0l0p0x0
2 20242L2P2T2X2`2x2|2
3$3(3,343H3L3P3h3x3|3
4$44484<4D4\4l4|4
5 5$5(5<[email protected]\5`5h5
:0:<:\:h:
; ;P;p;|;
<(<0<8<D<d<p<
=,=4=<=H=h=p=x=
>$>,>4><>D>L>T>`>
?$?0?P?X?`?h?p?x?
0(0H0T0t0
1<1D1L1T1`1
2$2D2L2X2x2
3 3,3L3T3\3d3p3
4 4,4L4T4\4h4
5(585H5T5t5|5
7H7X7d7
8$8,848<[email protected]`8h8t8
9<9\9d9l9t9|9
:(:0:8:@:L:l:t:
;0;T;`;h;
<0<8<D<d<l<x<
=4=<=D=L=T=\=h=
><>L>x>
? ?([email protected]?H?P?X?`?h?p?x?
0,080X0d0
1 1H1l1x1
3$3,3D3P3p3|3
505T5`5h5
6 6([email protected]`6h6p6x6
7 8D8P8X8p8|8
9(949X9x9
:$:,:4:@:`:l:
; ;(;0;8;@;H;P;X;`;h;p;x;
<4<<<D<L<T<\<d<l<t<|<
=8=\=h=p=
> >t>x>
?0?8?<?X?`?d?|?
0 0(00040<0P0p0
101L1P1p1
202P2p2
303P3l3p3
484X4x4
686X6x6
787X7x7
8,848H8P8T8\8`8d8h8l8t8|8
8=T=t=
?(?D?|?
9$9H9h9
:H:d:
jjjjj
jjjjj
jjjjj
ploc->_Mbcurmax == 1 || ploc->_Mbcurmax == 2
f:\dd\vctools\crt\crtw32\stdcpp\xmbtowc.c
f:\dd\vctools\crt\crtw32\stdhpp\xlocale
f:\dd\vctools\crt\crtw32\stdhpp\xlocnum
f:\dd\vctools\crt\crtw32\stdhpp\xstring
string subscript out of range
f:\dd\vctools\crt\crtw32\stdhpp\streambuf
istreambuf_iterator is not incrementable
istreambuf_iterator is not dereferencable
f:\dd\vctools\crt\crtw32\stdhpp\xutility
ITERATOR LIST CORRUPTED!
string iterator not dereferencable
"Standard C++ Libraries Out of Range" && 0
std::_String_const_iterator<class std::_String_val<struct std::_Simple_types<char> > >::operator *
"out of range"
:Sun:Sunday:Mon:Monday:Tue:Tuesday:Wed:Wednesday:Thu:Thursday:Fri:Friday:Sat:Saturday
:Jan:January:Feb:February:Mar:March:Apr:April:May:May:Jun:June:Jul:July:Aug:August:Sep:September:Oct:October:Nov:November:Dec:December
f:\dd\vctools\crt\crtw32\stdhpp\xloctime
f:\dd\vctools\crt\crtw32\stdhpp\locale
f:\dd\vctools\crt\crtw32\stdhpp\xlocmon
string iterator not incrementable
std::_String_const_iterator<class std::_String_val<struct std::_Simple_types<unsigned short> > >::operator ++
std::_String_const_iterator<class std::_String_val<struct std::_Simple_types<unsigned short> > >::operator *
:AM:am:PM:pm
std::_String_const_iterator<class std::_String_val<struct std::_Simple_types<wchar_t> > >::operator ++
std::_String_const_iterator<class std::_String_val<struct std::_Simple_types<wchar_t> > >::operator *
string iterators incompatible
t"Standard C++ Libraries Invalid Argument" && 0
std::_String_const_iterator<class std::_String_val<struct std::_Simple_types<unsigned short> > >::_Compat
string iterator + offset out of range
std::_String_const_iterator<class std::_String_val<struct std::_Simple_types<unsigned short> > >::operator +=
std::_String_const_iterator<class std::_String_val<struct std::_Simple_types<wchar_t> > >::_Compat
std::_String_const_iterator<class std::_String_val<struct std::_Simple_types<wchar_t> > >::operator +=
std::_String_const_iterator<class std::_String_val<struct std::_Simple_types<char> > >::operator ++
std::_String_const_iterator<class std::_String_val<struct std::_Simple_types<char> > >::_Compat
std::_String_const_iterator<class std::_String_val<struct std::_Simple_types<char> > >::operator +=
("Corrupted pointer passed to _freea", 0)
f:\dd\vctools\crt\vcruntime\inc\internal_shared.h
kernel32.dll
zh-CHS
ar-SA
bg-BG
ca-ES
zh-TW
cs-CZ
da-DK
de-DE
el-GR
en-US
fi-FI
fr-FR
he-IL
hu-HU
is-IS
it-IT
ja-JP
ko-KR
nl-NL
nb-NO
pl-PL
pt-BR
ro-RO
ru-RU
hr-HR
sk-SK
sq-AL
sv-SE
th-TH
tr-TR
ur-PK
id-ID
uk-UA
be-BY
sl-SI
et-EE
lv-LV
lt-LT
fa-IR
vi-VN
hy-AM
az-AZ-Latn
eu-ES
mk-MK
tn-ZA
xh-ZA
zu-ZA
af-ZA
ka-GE
fo-FO
hi-IN
mt-MT
se-NO
ms-MY
kk-KZ
ky-KG
sw-KE
uz-UZ-Latn
tt-RU
bn-IN
pa-IN
gu-IN
ta-IN
te-IN
kn-IN
ml-IN
mr-IN
sa-IN
mn-MN
cy-GB
gl-ES
kok-IN
syr-SY
div-MV
quz-BO
ns-ZA
mi-NZ
ar-IQ
zh-CN
de-CH
en-GB
es-MX
fr-BE
it-CH
nl-BE
nn-NO
pt-PT
sr-SP-Latn
sv-FI
az-AZ-Cyrl
se-SE
ms-BN
uz-UZ-Cyrl
quz-EC
ar-EG
zh-HK
de-AT
en-AU
es-ES
fr-CA
sr-SP-Cyrl
se-FI
quz-PE
ar-LY
zh-SG
de-LU
en-CA
es-GT
fr-CH
hr-BA
smj-NO
ar-DZ
zh-MO
de-LI
en-NZ
es-CR
fr-LU
bs-BA-Latn
smj-SE
ar-MA
en-IE
es-PA
fr-MC
sr-BA-Latn
sma-NO
ar-TN
en-ZA
es-DO
sr-BA-Cyrl
sma-SE
ar-OM
en-JM
es-VE
sms-FI
ar-YE
en-CB
es-CO
smn-FI
ar-SY
en-BZ
es-PE
ar-JO
en-TT
es-AR
ar-LB
en-ZW
es-EC
ar-KW
en-PH
es-CL
ar-AE
es-UY
ar-BH
es-PY
ar-QA
es-BO
es-SV
es-HN
es-NI
es-PR
zh-CHT
af-za
ar-ae
ar-bh
ar-dz
ar-eg
ar-iq
ar-jo
ar-kw
ar-lb
ar-ly
ar-ma
ar-om
ar-qa
ar-sa
ar-sy
ar-tn
ar-ye
az-az-cyrl
az-az-latn
be-by
bg-bg
bn-in
bs-ba-latn
ca-es
cs-cz
cy-gb
da-dk
de-at
de-ch
de-de
de-li
de-lu
div-mv
el-gr
en-au
en-bz
en-ca
en-cb
en-gb
en-ie
en-jm
en-nz
en-ph
en-tt
en-us
en-za
en-zw
es-ar
es-bo
es-cl
es-co
es-cr
es-do
es-ec
es-es
es-gt
es-hn
es-mx
es-ni
es-pa
es-pe
es-pr
es-py
es-sv
es-uy
es-ve
et-ee
eu-es
fa-ir
fi-fi
fo-fo
fr-be
fr-ca
fr-ch
fr-fr
fr-lu
fr-mc
gl-es
gu-in
he-il
hi-in
hr-ba
hr-hr
hu-hu
hy-am
id-id
is-is
it-ch
it-it
ja-jp
ka-ge
kk-kz
kn-in
ko-kr
kok-in
ky-kg
lt-lt
lv-lv
mi-nz
mk-mk
ml-in
mn-mn
mr-in
ms-bn
ms-my
mt-mt
nb-no
nl-be
nl-nl
nn-no
ns-za
pa-in
pl-pl
pt-br
pt-pt
quz-bo
quz-ec
quz-pe
ro-ro
ru-ru
sa-in
se-fi
se-no
se-se
sk-sk
sl-si
sma-no
sma-se
smj-no
smj-se
smn-fi
sms-fi
sq-al
sr-ba-cyrl
sr-ba-latn
sr-sp-cyrl
sr-sp-latn
sv-fi
sv-se
sw-ke
syr-sy
ta-in
te-in
th-th
tn-za
tr-tr
tt-ru
uk-ua
ur-pk
uz-uz-cyrl
uz-uz-latn
vi-vn
xh-za
zh-chs
zh-cht
zh-cn
zh-hk
zh-mo
zh-sg
zh-tw
zu-za
cchCount1==0 && cchCount2==1 || cchCount1==1 && cchCount2==0
f:\dd\vctools\crt\crtw32\misc\stlcomparestringa.cpp
f:\dd\vctools\crt\vcstartup\src\misc\thread_safe_statics.cpp
to->_What == nullptr && to->_DoFree == false
f:\dd\vctools\crt\vcruntime\src\eh\std_exception.cpp
advapi32
api-ms-win-core-fibers-l1-1-1
api-ms-win-core-synch-l1-2-0
kernel32
cached_handle == INVALID_HANDLE_VALUE
f:\dd\vctools\crt\vcruntime\src\internal\winapi_downlevel.cpp
cached_handle == new_handle
cached_fp == invalid_function_sentinel()
cached_fp == new_fp
_CrtCheckMemory()
minkernel\crts\ucrt\src\appcrt\heap\debug_heap.cpp
)_CrtIsValidHeapPointer(block)
old_head->_line_number == line_number_for_ignore_blocks && old_head->_request_number == request_number_for_ignore_blocks
reallocation_is_allowed || (!reallocation_is_allowed && new_head == old_head)
__acrt_last_block == old_head
__acrt_first_block == old_head
block != nullptr
is_block_type_valid(header->_block_use)
header->_line_number == line_number_for_ignore_blocks && header->_request_number == request_number_for_ignore_blocks
header->_block_use == block_use || header->_block_use == _CRT_BLOCK && block_use == _NORMAL_BLOCK
__acrt_last_block == header
__acrt_first_block == header
_msize_dbg
new_bits == _CRTDBG_REPORT_FLAG || new_bits_have_only_valid_flags
_CrtSetDbgFlag
state != nullptr
_CrtMemCheckpoint
print_block_data
(*_errno())
Warning
Error
Assertion Failed
For information on how your program can cause an assertion
failure, see the Visual C++ documentation on asserts.
Debug %ls!
Program: %hs%ls%ls%hs%ls%hs%ls%hs%ls%ls%hs%ls
(Press Retry to debug the application)
Debug %ls!
Program: %ls%ls%ls%ls%ls%ls%ls%ls%ls%ls%ls%ls
(Press Retry to debug the application)
<program name unknown>
minkernel\crts\ucrt\src\appcrt\misc\dbgrpt.cpp
common_message_window
traits::tcscpy_s(program_name, (sizeof(*__countof_helper(program_name)) + 0), get_program_name_unknown_text(Character()))
Expression:
Line:
File:
Module:
wcscpy_s(message_buffer, 4096, L"_CrtDbgReport: String too long or IO Error")
_CrtDbgReport: String too long or IO Error
Microsoft Visual C++ Runtime Library
result != nullptr
("Division by zero", false)
minkernel\crts\ucrt\inc\corecrt_internal_big_integer.h
value != nullptr
minkernel\crts\ucrt\inc\corecrt_internal_strtox.h
(_is_double)
__crt_strtox::floating_point_value::as_double
_is_double
(!_is_double)
__crt_strtox::floating_point_value::as_float
!_is_double
("unexpected rounding mode", false)
string != nullptr
minkernel\crts\ucrt\src\appcrt\convert\strtod.cpp
common_strtod_l
__crt_strtox::parse_floating_point
locale != nullptr
false
c == '\0' || *_p == c
__crt_strtox::c_string_character_source<wchar_t>::unget
_p != nullptr
__crt_strtox::c_string_character_source<wchar_t>::validate
__crt_strtox::c_string_character_source<char>::unget
__crt_strtox::c_string_character_source<char>::validate
expptr != NULL
minkernel\crts\ucrt\src\appcrt\tran\frexp.c
frexp
( (_Stream.is_string_backed()) || (fn = _fileno(_Stream.public_stream()), ((_textmode_safe(fn) == __crt_lowio_text_mode::ansi) && !_tm_unicode_safe(fn))))
stream != nullptr
minkernel\crts\ucrt\src\appcrt\stdio\output.cpp
format != nullptr
common_vsprintf
buffer_count == 0 || buffer != nullptr
common_vsprintf_s
buffer != nullptr && buffer_count > 0
("Buffer too small", 0)
common_vsnprintf_s
_format_it != nullptr
minkernel\crts\ucrt\inc\corecrt_internal_stdio_output.h
("Incorrect format specifier", 0)
("N length modifier not specifier", false)
_length == length_modifier::none
state_case_normal_common()
_context != nullptr
__crt_stdio_output::string_output_adapter<wchar_t>::validate
__crt_stdio_output::string_output_adapter<char>::validate
_state == state::normal || _state == state::type
__crt_stdio_output::format_validation_base<wchar_t,class __crt_stdio_output::string_output_adapter<wchar_t> >::validate_and_update_state_at_end_of_format_string
("'n' format specifier disabled", 0)
("Invalid integer length modifier", 0)
__crt_stdio_output::format_validation_base<char,class __crt_stdio_output::string_output_adapter<char> >::validate_and_update_state_at_end_of_format_string
(null)
_format_char != '\0'
__crt_stdio_output::output_processor<wchar_t,class __crt_stdio_output::string_output_adapter<wchar_t>,class __crt_stdio_output::format_validation_base<wchar_t,class __crt_stdio_output::string_output_adapter<wchar_t> > >::process
__crt_stdio_output::output_processor<char,class __crt_stdio_output::string_output_adapter<char>,class __crt_stdio_output::format_validation_base<char,class __crt_stdio_output::string_output_adapter<char> > >::process
__crt_stdio_output::output_processor<wchar_t,class __crt_stdio_output::string_output_adapter<wchar_t>,class __crt_stdio_output::format_validation_base<wchar_t,class __crt_stdio_output::string_output_adapter<wchar_t> > >::state_case_size
__crt_stdio_output::output_processor<wchar_t,class __crt_stdio_output::string_output_adapter<wchar_t>,class __crt_stdio_output::format_validation_base<wchar_t,class __crt_stdio_output::string_output_adapter<wchar_t> > >::state_case_normal
__crt_stdio_output::output_processor<char,class __crt_stdio_output::string_output_adapter<char>,class __crt_stdio_output::format_validation_base<char,class __crt_stdio_output::string_output_adapter<char> > >::state_case_size
__crt_stdio_output::output_processor<char,class __crt_stdio_output::string_output_adapter<char>,class __crt_stdio_output::format_validation_base<char,class __crt_stdio_output::string_output_adapter<char> > >::state_case_normal
__crt_stdio_output::output_processor<wchar_t,class __crt_stdio_output::string_output_adapter<wchar_t>,class __crt_stdio_output::format_validation_base<wchar_t,class __crt_stdio_output::string_output_adapter<wchar_t> > >::type_case_n
__crt_stdio_output::output_processor<char,class __crt_stdio_output::string_output_adapter<char>,class __crt_stdio_output::format_validation_base<char,class __crt_stdio_output::string_output_adapter<char> > >::type_case_n
__crt_stdio_output::output_processor<wchar_t,class __crt_stdio_output::string_output_adapter<wchar_t>,class __crt_stdio_output::format_validation_base<wchar_t,class __crt_stdio_output::string_output_adapter<wchar_t> > >::type_case_integer
__crt_stdio_output::output_processor<char,class __crt_stdio_output::string_output_adapter<char>,class __crt_stdio_output::format_validation_base<char,class __crt_stdio_output::string_output_adapter<char> > >::type_case_integer
__crt_stdio_output::output_processor<char,class __crt_stdio_output::string_output_adapter<char>,class __crt_stdio_output::format_validation_base<char,class __crt_stdio_output::string_output_adapter<char> > >::state_case_normal_tchar
minkernel\crts\ucrt\src\appcrt\locale\setlocale.cpp
call_wsetlocale
mbstowcs_s(&size, nullptr, 0, narrow_locale, 2147483647)
pmbstowcs_s(nullptr, wide_locale.get(), size, narrow_locale, ((size_t)-1))
setlocale::<lambda_179d17cea25c0342823dce52e200f12f>::operator ()
_wcstombs_s_l(&size, nullptr, 0, outwlocale, 0, &locale)
_wcstombs_s_l(nullptr, outlocale, size, outwlocale, ((size_t)-1), &locale)
(ptloci->lc_category[_category].locale != nullptr && ptloci->lc_category[_category].refcount != nullptr) || (ptloci->lc_category[_category].locale == nullptr && ptloci->lc_category[_category].refcount == nullptr)
public_stream != nullptr
minkernel\crts\ucrt\src\appcrt\stdio\_file.cpp
_get_stream_buffer_pointers
minkernel\crts\ucrt\src\appcrt\stdio\fgetwc.cpp
fgetwc
minkernel\crts\ucrt\src\appcrt\stdio\fputwc.cpp
fputwc
minkernel\crts\ucrt\src\appcrt\stdio\ungetwc.cpp
ungetwc
stream.valid()
minkernel\crts\ucrt\src\appcrt\stdio\fclose.cpp
fclose
_fclose_nolock
minkernel\crts\ucrt\src\appcrt\stdio\fgetc.cpp
_fgetc_nolock
fgetc
minkernel\crts\ucrt\src\appcrt\stdio\fgetpos.cpp
fgetpos
position != nullptr
minkernel\crts\ucrt\src\appcrt\stdio\fsetpos.cpp
fsetpos
minkernel\crts\ucrt\src\appcrt\stdio\fseek.cpp
common_fseek
whence == SEEK_SET || whence == SEEK_CUR || whence == SEEK_END
minkernel\crts\ucrt\src\appcrt\stdio\fwrite.cpp
fwrite
_fwrite_nolock
buffer != nullptr
element_count <= (SIZE_MAX / element_size)
("Inconsistent Stream Count. Flush between consecutive read and write", stream->_cnt >= 0)
("Flush between consecutive read and write.", !stream.has_any_of(_IOREAD))
minkernel\crts\ucrt\src\appcrt\stdio\setvbuf.cpp
setvbuf
type == _IONBF || type == _IOFBF || type == _IOLBF
2 <= buffer_size_in_bytes && buffer_size_in_bytes <= INT_MAX
minkernel\crts\ucrt\src\appcrt\stdio\ungetc.cpp
ungetc
_ungetc_nolock
minkernel\crts\ucrt\src\appcrt\string\wcsdup.cpp
_wcsdup_dbg
wcscpy_s(memory, size_in_elements, string)
((((( H
((((( H
(
pminkernel\crts\ucrt\src\appcrt\locale\initctype.cpp
ploci->ctype1_refcount > 0
minkernel\crts\ucrt\src\appcrt\time\strftime.cpp
_Getdays_l
strcpy_s(it, (length + 1) - (it - buffer.get()), time_data->wday_abbr[n])
strcpy_s(it, (length + 1) - (it - buffer.get()), time_data->wday[n])
_Getmonths_l
strcpy_s(it, (length + 1) - (it - buffer.get()), time_data->month_abbr[n])
strcpy_s(it, (length + 1) - (it - buffer.get()), time_data->month[n])
_Strftime_l
maxsize != 0
timeptr != nullptr
minkernel\crts\ucrt\src\appcrt\time\wcsftime.cpp
_W_Getdays
wcscpy_s(it, (length + 1) - (it - buffer.get()), time_data->_W_wday_abbr[n])
wcscpy_s(it, (length + 1) - (it - buffer.get()), time_data->_W_wday[n])
_W_Getmonths
wcscpy_s(it, (length + 1) - (it - buffer.get()), time_data->_W_month_abbr[n])
wcscpy_s(it, (length + 1) - (it - buffer.get()), time_data->_W_month[n])
_W_Gettnames
strcpy_s(dest->wday_abbr[idx], (total_bytes - bytes) / sizeof(char), src->wday_abbr[idx])
strcpy_s(dest->wday[idx], (total_bytes - bytes) / sizeof(char), src->wday[idx])
strcpy_s(dest->month_abbr[idx], (total_bytes - bytes) / sizeof(char), src->month_abbr[idx])
strcpy_s(dest->month[idx], (total_bytes - bytes) / sizeof(char), src->month[idx])
strcpy_s(dest->ampm[idx], (total_bytes - bytes) / sizeof(char), src->ampm[idx])
strcpy_s(dest->ww_sdatefmt, (total_bytes - bytes) / sizeof(char), src->ww_sdatefmt)
strcpy_s(dest->ww_ldatefmt, (total_bytes - bytes) / sizeof(char), src->ww_ldatefmt)
strcpy_s(dest->ww_timefmt, (total_bytes - bytes) / sizeof(char), src->ww_timefmt)
wcscpy_s(dest->_W_wday_abbr[idx], (total_bytes - bytes) / sizeof(wchar_t), src->_W_wday_abbr[idx])
wcscpy_s(dest->_W_wday[idx], (total_bytes - bytes) / sizeof(wchar_t), src->_W_wday[idx])
wcscpy_s(dest->_W_month_abbr[idx], (total_bytes - bytes) / sizeof(wchar_t), src->_W_month_abbr[idx])
wcscpy_s(dest->_W_month[idx], (total_bytes - bytes) / sizeof(wchar_t), src->_W_month[idx])
wcscpy_s(dest->_W_ampm[idx], (total_bytes - bytes) / sizeof(wchar_t), src->_W_ampm[idx])
wcscpy_s(dest->_W_ww_sdatefmt, (total_bytes - bytes) / sizeof(wchar_t), src->_W_ww_sdatefmt)
wcscpy_s(dest->_W_ww_ldatefmt, (total_bytes - bytes) / sizeof(wchar_t), src->_W_ww_ldatefmt)
wcscpy_s(dest->_W_ww_timefmt, (total_bytes - bytes) / sizeof(wchar_t), src->_W_ww_timefmt)
wcscpy_s(dest->_W_ww_locale_name, (total_bytes - bytes) / sizeof(wchar_t), src->_W_ww_locale_name)
am/pm
timeptr->tm_wday >= 0 && timeptr->tm_wday <= 6
expand_time
timeptr->tm_mon >= 0 && timeptr->tm_mon <= 11
timeptr->tm_year >= -1900 && timeptr->tm_year <= 8099
timeptr->tm_mday >= 1 && timeptr->tm_mday <= 31
timeptr->tm_hour >= 0 && timeptr->tm_hour <= 23
timeptr->tm_yday >= 0 && timeptr->tm_yday <= 365
timeptr->tm_min >= 0 && timeptr->tm_min <= 59
timeptr->tm_sec >= 0 && timeptr->tm_sec <= 60
_get_timezone(&offset) == 0
_get_dstbias(&dst_bias) == 0
_mbstowcs_s_l(&wnum, *string, *left, tz_name, ((size_t)-1), locale)
_Wcsftime_l
max_size != 0
abort() has been called
((destination)) != NULL && ((size_in_elements)) > 0
minkernel\crts\ucrt\inc\corecrt_internal_string_templates.h
common_tcscpy_s
(((source))) != NULL
Buffer is too small
(L"Buffer is too small" && 0)
mscoree.dll
mode == _crt_argv_expanded_arguments || mode == _crt_argv_unexpanded_arguments
minkernel\crts\ucrt\src\appcrt\startup\argv_parsing.cpp
common_configure_argv
minkernel\crts\ucrt\src\desktopcrt\env\environment_initialization.cpp
create_environment
traits::tcscpy_s(variable.get(), required_count, source_it)
base == 0 || (2 <= base && base <= 36)
__crt_strtox::parse_integer
pc >= -1 && c <= 255
minkernel\crts\ucrt\src\appcrt\convert\isctype.cpp
minkernel\crts\ucrt\src\appcrt\heap\expand.cpp
_expand_base
LC_ALL
LC_COLLATE
LC_CTYPE
LC_MONETARY
LC_NUMERIC
LC_TIME
minkernel\crts\ucrt\src\appcrt\locale\wsetlocale.cpp
LC_MIN <= _category && _category <= LC_MAX
_wsetlocale
_wsetlocale_nolock
wcsncpy_s(lctemp, (sizeof(*__countof_helper(lctemp)) + 0), s, len)
_wsetlocale_set_cat
wcscpy_s(pch_cat_locale, cch, lctemp)
_wsetlocale_get_all
wcscat_s(pch, cch, L";")
parse_bcp47_language
wcsncpy_s(names->szLanguage, (sizeof(*__countof_helper(names->szLanguage)) + 0), section.ptr, section.length)
wcsncpy_s(names->szLocaleName, (sizeof(*__countof_helper(names->szLocaleName)) + 0), section.ptr, section.length)
parse_bcp47_script
wcsncat_s(names->szLocaleName, (sizeof(*__countof_helper(names->szLocaleName)) + 0), L"-", 1)
wcsncat_s(names->szLocaleName, (sizeof(*__countof_helper(names->szLocaleName)) + 0), section.ptr, section.length)
parse_bcp47_region
wcsncpy_s(names->szCountry, (sizeof(*__countof_helper(names->szCountry)) + 0), section.ptr, section.length)
parse_bcp47_code_page
wcsncpy_s(names->szCodePage, (sizeof(*__countof_helper(names->szCodePage)) + 0), section.ptr, section.length)
_expandlocale_locale_name_cache::_expandlocale_locale_name_cache
wcsncpy_s(localeNameOutput, localeNameSizeInChars, psetloc_data->_cacheLocaleName, (sizeof(*__countof_helper(psetloc_data->_cacheLocaleName)) + 0))
_expandlocale_locale_name_cache::~_expandlocale_locale_name_cache
wcsncpy_s(_psetloc_data->_cacheLocaleName, (sizeof(*__countof_helper(_psetloc_data->_cacheLocaleName)) + 0), _localeNameOutput, _localeNameSizeInChars)
_expandlocale_locale_name_cache::commit_locale_name
wcsncpy_s(_psetloc_data->_cacheLocaleName, (sizeof(*__countof_helper(_psetloc_data->_cacheLocaleName)) + 0), new_locale_name, new_locale_name_length)
_expandlocale_locale_name_cache::commit_locale_name_cache_already_updated
wcsncpy_s(_localeNameOutput, _localeNameSizeInChars, new_locale_name, new_locale_name_length)
_expandlocale
wcscpy_s(output, sizeInChars, L"C")
wcsncpy_s(cacheout, cacheoutLen, expr, charactersInExpression + 1)
wcsncpy_s(cachein, cacheinLen, expr, charactersInExpression + 1)
wcscpy_s(output, sizeInChars, cacheout)
_wcscats
wcscat_s(outstr, numberOfElements, (*(wchar_t **)((substr += ((sizeof(wchar_t *) + sizeof(int) - 1) & ~(sizeof(int) - 1))) - ((sizeof(wchar_t *) + sizeof(int) - 1) & ~(sizeof(int) - 1)))))
__lc_wcstolc
wcsncpy_s(names->szCodePage, (sizeof(*__countof_helper(names->szCodePage)) + 0), &wlocale[1], 16-1)
wcsncpy_s(names->szLanguage, (sizeof(*__countof_helper(names->szLanguage)) + 0), wlocale, len)
wcsncpy_s(names->szCountry, (sizeof(*__countof_helper(names->szCountry)) + 0), wlocale, len)
wcsncpy_s(names->szCodePage, (sizeof(*__countof_helper(names->szCodePage)) + 0), wlocale, len)
__lc_lctowcs
wcscpy_s(locale, numberOfElements, names->szLanguage)
__acrt_copy_locale_name
wcsncpy_s(localeNameCopy, cch+1, localeName, cch+1)
Sunday
Monday
Tuesday
Wednesday
Thursday
Friday
Saturday
January
February
March
April
August
September
October
November
December
MM/dd/yy
dddd, MMMM dd, yyyy
HH:mm:ss
en-US
minkernel\crts\ucrt\src\appcrt\misc\dbgrptt.cpp
_VCrtDbgReportA
_itoa_s(nLine, szLineMessage, 4096, 10)
strcpy_s(szUserMessage, 4096, "_CrtDbgReport: String too long or IO Error")
strcpy_s(szLineMessage, 4096, szFormat ? "Assertion failed: " : "Assertion failed!")
strcat_s(szLineMessage, 4096, szUserMessage)
strcat_s(szLineMessage, 4096, "\r")
strcat_s(szLineMessage, 4096, "\n")
strcpy_s(szOutMessage, 4096, "_CrtDbgReport: String too long or IO Error")
strcpy_s(szOutMessage, 4096, szLineMessage)
e = mbstowcs_s(&ret, szOutMessage2, 4096, szOutMessage, ((size_t)-1))
wcscpy_s(szOutMessage2, 4096, L"_CrtDbgReport: String too long or Invalid characters in String")
_CrtDbgReport: String too long or Invalid characters in String
_VCrtDbgReportW
_itow_s(nLine, szLineMessage, 4096, 10)
Second Chance Assertion Failed: File
<file unknown>
, Line
wcscpy_s(szUserMessage, 4096, L"_CrtDbgReport: String too long or IO Error")
wcscpy_s(szLineMessage, 4096, szFormat ? L"Assertion failed: " : L"Assertion failed!")
Assertion failed:
Assertion failed!
wcscat_s(szLineMessage, 4096, szUserMessage)
wcscat_s(szLineMessage, 4096, L"\r")
wcscat_s(szLineMessage, 4096, L"\n")
%ls(%d) : %ls
wcscpy_s(szOutMessage, 4096, L"_CrtDbgReport: String too long or IO Error")
wcscpy_s(szOutMessage, 4096, szLineMessage)
wcstombs_s(nullptr, szOutMessage2, 4096, szOutMessage, ((size_t)-1))
strcpy_s(szOutMessage2, 4096, "_CrtDbgReport: String too long or Invalid characters in String")
wcstombs_s(&ret, szaOutMessage, 4096, szOutMessage, ((size_t)-1))
local_action != nullptr
minkernel\crts\ucrt\src\appcrt\misc\signal.cpp
raise
("Invalid signal or error", 0)
api-ms-win-core-datetime-l1-1-1
api-ms-win-core-fibers-l1-1-1
api-ms-win-core-file-l1-2-2
api-ms-win-core-localization-l1-2-1
api-ms-win-core-localization-obsolete-l1-2-0
api-ms-win-core-processthreads-l1-1-2
api-ms-win-core-string-l1-1-0
api-ms-win-core-synch-l1-2-0
api-ms-win-core-sysinfo-l1-2-1
api-ms-win-core-winrt-l1-1-0
api-ms-win-core-xstate-l2-1-0
api-ms-win-rtcore-ntuser-window-l1-1-0
api-ms-win-security-systemfunctions-l1-1-0
ext-ms-win-ntuser-dialogbox-l1-1-0
ext-ms-win-ntuser-windowstation-l1-1-0
advapi32
kernel32
ntdll
api-ms-win-appmodel-runtime-l1-1-2
user32
api-ms-
ext-ms-
cached_handle == INVALID_HANDLE_VALUE
minkernel\crts\ucrt\src\appcrt\internal\winapi_thunks.cpp
cached_handle == new_handle
cached_fp == invalid_function_sentinel()
cached_fp == new_fp
_loc_update.GetLocaleT()->locinfo->_public._locale_mb_cur_max == 1 || _loc_update.GetLocaleT()->locinfo->_public._locale_mb_cur_max == 2
minkernel\crts\ucrt\src\appcrt\convert\mbtowc.cpp
UTF-8 isn't supported in this _mbtowc_l function yet!!!
_loc_update.GetLocaleT()->locinfo->_public._locale_lc_codepage != CP_UTF8 && L"UTF-8 isn't supported in this _mbtowc_l function yet!!!"
_loc_update.GetLocaleT()->locinfo->_public._locale_mb_cur_max > 1
destination_count <= INT_MAX
minkernel\crts\ucrt\src\appcrt\convert\wctomb.cpp
_wctomb_s_l
destination_count > 0
minkernel\crts\ucrt\src\appcrt\convert\cvt.cpp
fp_format_nan_or_infinity
strcpy_s( result_buffer, result_buffer_count, strings[row][column + !long_string_will_fit])
result_buffer_count > static_cast<size_t>(3 + (precision > 0 ? precision : 0) + 5 + 1)
fp_format_e_internal
strcpy_s( p, result_buffer_count == (static_cast<size_t>(-1)) ? result_buffer_count : result_buffer_count - (p - result_buffer), "e+000")
result_buffer_count > static_cast<size_t>(1 + 4 + precision + 6)
fp_format_a
result_buffer != nullptr
__acrt_fp_format
result_buffer_count > 0
scratch_buffer != nullptr
scratch_buffer_count > 0
("Unsupported format specifier", 0)
minkernel\crts\ucrt\src\appcrt\stdio\fileno.cpp
_fileno
minkernel\crts\ucrt\src\appcrt\stdio\_sftbuf.cpp
s != nullptr
minkernel\crts\ucrt\src\appcrt\convert\mbstowcs.cpp
_mbstowcs_l_helper
(pwcs == nullptr && sizeInWords == 0) || (pwcs != nullptr && sizeInWords > 0)
_mbstowcs_s_l
bufferSize <= INT_MAX
retsize <= sizeInWords
pwcs != nullptr
minkernel\crts\ucrt\src\appcrt\convert\wcstombs.cpp
_wcstombs_l_helper
(dst != nullptr && sizeInBytes > 0) || (dst == nullptr && sizeInBytes == 0)
_wcstombs_s_l
sizeInBytes > retsize
minkernel\crts\ucrt\src\appcrt\stdio\_freebuf.cpp
minkernel\crts\ucrt\src\appcrt\stdio\_filbuf.cpp
common_refill_and_read_nolock
minkernel\crts\ucrt\src\appcrt\stdio\_flsbuf.cpp
("inconsistent IOB fields", stream->_ptr - stream->_base >= 0)
minkernel\crts\ucrt\src\appcrt\stdio\_getbuf.cpp
("Invalid file descriptor. File possibly closed by a different thread",0)
minkernel\crts\ucrt\src\appcrt\lowio\close.cpp
(fh >= 0 && (unsigned)fh < (unsigned)_nhandle)
_close
(_osfile(fh) & FOPEN)
minkernel\crts\ucrt\src\appcrt\lowio\commit.cpp
_commit
minkernel\crts\ucrt\src\appcrt\lowio\write.cpp
_write
!_dbcsBufferUsed(fh)
1 < mb_len && mb_buf_used < mb_len
mb_buf_used + bytes_to_add < mb_buf_size
available_bytes <= sizeof(_mbBuffer(fh))
isleadbyte(_dbcsBuffer(fh))
_write_nolock
buffer_size % 2 == 0
stream.public_stream()
minkernel\crts\ucrt\src\appcrt\stdio\ftell.cpp
common_ftell_nolock
(buffer_last - buffer_first) % sizeof(Character) == 0
common_ftell
fh >= 0 && (unsigned)fh < (unsigned)_nhandle
minkernel\crts\ucrt\src\appcrt\lowio\lseek.cpp
common_lseek
_osfile(fh) & FOPEN
("Invalid file descriptor",0)
minkernel\crts\ucrt\src\appcrt\locale\getlocaleinfoa.cpp
__acrt_GetLocaleInfoA
strncpy_s(*char_result, local_length, local_buffer, local_length - 1)
lhs != nullptr
minkernel\crts\ucrt\src\appcrt\string\wcsicmp.cpp
_wcsicmp_l
rhs != nullptr
_wcsicmp
minkernel\crts\ucrt\src\appcrt\time\timeset.cpp
_get_daylight
_get_dstbias
_get_timezone
minkernel\crts\ucrt\src\appcrt\time\tzset.cpp
tzset_from_system_nolock
_get_timezone(&timezone)
_get_daylight(&daylight)
_get_dstbias (&dstbias )
tzset_from_environment_nolock
strcpy_s(last_tz, strlen(tz_env) + 1, tz_env)
strncpy_s(tzname[0], 64, tz_env, tz_name_length)
strncpy_s(tzname[1], 64, tz_env, 3)
minkernel\crts\ucrt\src\appcrt\internal\report_runtime_error.cpp
__acrt_report_runtime_error
wcscpy_s(outmsg, (sizeof(*__countof_helper(outmsg)) + 0), L"Runtime Error!\n\nProgram: ")
Runtime Error!
Program:
wcscpy_s(progname, progname_size, L"<program name unknown>")
wcsncpy_s(pch, progname_size - (pch - progname), L"...", 3)
wcscat_s(outmsg, (sizeof(*__countof_helper(outmsg)) + 0), L"\n\n")
wcscat_s(outmsg, (sizeof(*__countof_helper(outmsg)) + 0), message)
cached_state == static_cast<long>(policyValue)
minkernel\crts\ucrt\src\appcrt\internal\win_policies.cpp
minkernel\crts\ucrt\src\appcrt\startup\argv_wildcards.cpp
common_expand_argv_wildcards
traits::tcsncpy_s( character_it, character_count - (character_it - character_first), *it, count)
copy_and_add_argument_to_buffer
traits::tcsncpy_s(argument_buffer.get(), required_count, directory, directory_length)
traits::tcsncpy_s( argument_buffer.get() + directory_length, required_count - directory_length, file_name, file_name_count)
ja-JP
zh-CN
ko-KR
zh-TW
equal_sign - option < _MAX_ENV
minkernel\crts\ucrt\src\desktopcrt\env\setenv.cpp
traits::tcsnlen(equal_sign + 1, _MAX_ENV) < _MAX_ENV
("CRT logic error in setenv", 0)
common_set_variable_in_environment_nolock
traits::tcscpy_s(name, count, option)
copy_environment
traits::tcscpy_s(*new_it, required_count, *old_it)
(ptloci->lc_category[category].locale != nullptr && ptloci->lc_category[category].refcount != nullptr) || (ptloci->lc_category[category].locale == nullptr && ptloci->lc_category[category].refcount == nullptr)
minkernel\crts\ucrt\src\appcrt\locale\locale_refcounting.cpp
ploci->lconv_mon_refcount > 0
minkernel\crts\ucrt\src\appcrt\locale\initmon.cpp
ploci->lconv_num_refcount > 0
minkernel\crts\ucrt\src\appcrt\locale\initnum.cpp
("lc_time_curr unexpectedly has no remaining references", 0)
minkernel\crts\ucrt\src\appcrt\locale\inittime.cpp
common_tcscat_s
String is not null terminated
(L"String is not null terminated" && 0)
common_tcsncat_s
common_tcsncpy_s
american
american english
american-english
australian
belgian
canadian
chinese
chinese-hongkong
chinese-simplified
chinese-singapore
chinese-traditional
dutch-belgian
english-american
english-aus
english-belize
english-can
english-caribbean
english-ire
english-jamaica
english-nz
english-south africa
english-trinidad y tobago
english-uk
english-us
english-usa
french-belgian
french-canadian
french-luxembourg
french-swiss
german-austrian
german-lichtenstein
german-luxembourg
german-swiss
irish-english
italian-swiss
norwegian
norwegian-bokmal
norwegian-nynorsk
portuguese-brazilian
spanish-argentina
spanish-bolivia
spanish-chile
spanish-colombia
spanish-costa rica
spanish-dominican republic
spanish-ecuador
spanish-el salvador
spanish-guatemala
spanish-honduras
spanish-mexican
spanish-modern
spanish-nicaragua
spanish-panama
spanish-paraguay
spanish-peru
spanish-puerto rico
spanish-uruguay
spanish-venezuela
swedish-finland
swiss
america
britain
china
czech
england
great britain
holland
hong-kong
new-zealand
pr china
pr-china
puerto-rico
slovak
south africa
south korea
south-africa
south-korea
trinidad & tobago
united-kingdom
united-states
minkernel\crts\ucrt\src\appcrt\locale\get_qualified_locale.cpp
__acrt_get_qualified_locale
wcsncpy_s(lpOutStr->szLocaleName, (sizeof(*__countof_helper(lpOutStr->szLocaleName)) + 0), _psetloc_data->_cacheLocaleName, wcslen(_psetloc_data->_cacheLocaleName) + 1)
wcsncpy_s(lpOutStr->szCodePage, (sizeof(*__countof_helper(lpOutStr->szCodePage)) + 0), L"utf8", 5)
LangCountryEnumProcEx
wcsncpy_s(_psetloc_data->_cacheLocaleName, (sizeof(*__countof_helper(_psetloc_data->_cacheLocaleName)) + 0), lpLocaleString, wcslen(lpLocaleString) + 1)
LanguageEnumProcEx
GetLocaleNameFromDefault
wcsncpy_s(_psetloc_data->_cacheLocaleName, (sizeof(*__countof_helper(_psetloc_data->_cacheLocaleName)) + 0), localeName, wcslen(localeName) + 1)
utf-8
minkernel\crts\ucrt\src\appcrt\convert\xtoa.cpp
common_xtox_s
buffer_count > 0
buffer_count > static_cast<size_t>(is_negative ? 2 : 1)
2 <= radix && radix <= 36
length < buffer_count
common_xtox
zh-CHS
ar-SA
bg-BG
ca-ES
cs-CZ
da-DK
de-DE
el-GR
fi-FI
fr-FR
he-IL
hu-HU
is-IS
it-IT
nl-NL
nb-NO
pl-PL
pt-BR
ro-RO
ru-RU
hr-HR
sk-SK
sq-AL
sv-SE
th-TH
tr-TR
ur-PK
id-ID
uk-UA
be-BY
sl-SI
et-EE
lv-LV
lt-LT
fa-IR
vi-VN
hy-AM
az-AZ-Latn
eu-ES
mk-MK
tn-ZA
xh-ZA
zu-ZA
af-ZA
ka-GE
fo-FO
hi-IN
mt-MT
se-NO
ms-MY
kk-KZ
ky-KG
sw-KE
uz-UZ-Latn
tt-RU
bn-IN
pa-IN
gu-IN
ta-IN
te-IN
kn-IN
ml-IN
mr-IN
sa-IN
mn-MN
cy-GB
gl-ES
kok-IN
syr-SY
div-MV
quz-BO
ns-ZA
mi-NZ
ar-IQ
de-CH
en-GB
es-MX
fr-BE
it-CH
nl-BE
nn-NO
pt-PT
sr-SP-Latn
sv-FI
az-AZ-Cyrl
se-SE
ms-BN
uz-UZ-Cyrl
quz-EC
ar-EG
zh-HK
de-AT
en-AU
es-ES
fr-CA
sr-SP-Cyrl
se-FI
quz-PE
ar-LY
zh-SG
de-LU
en-CA
es-GT
fr-CH
hr-BA
smj-NO
ar-DZ
zh-MO
de-LI
en-NZ
es-CR
fr-LU
bs-BA-Latn
smj-SE
ar-MA
en-IE
es-PA
fr-MC
sr-BA-Latn
sma-NO
ar-TN
en-ZA
es-DO
sr-BA-Cyrl
sma-SE
ar-OM
en-JM
es-VE
sms-FI
ar-YE
en-CB
es-CO
smn-FI
ar-SY
en-BZ
es-PE
ar-JO
en-TT
es-AR
ar-LB
en-ZW
es-EC
ar-KW
en-PH
es-CL
ar-AE
es-UY
ar-BH
es-PY
ar-QA
es-BO
es-SV
es-HN
es-NI
es-PR
zh-CHT
af-za
ar-ae
ar-bh
ar-dz
ar-eg
ar-iq
ar-jo
ar-kw
ar-lb
ar-ly
ar-ma
ar-om
ar-qa
ar-sa
ar-sy
ar-tn
ar-ye
az-az-cyrl
az-az-latn
be-by
bg-bg
bn-in
bs-ba-latn
ca-es
cs-cz
cy-gb
da-dk
de-at
de-ch
de-de
de-li
de-lu
div-mv
el-gr
en-au
en-bz
en-ca
en-cb
en-gb
en-ie
en-jm
en-nz
en-ph
en-tt
en-us
en-za
en-zw
es-ar
es-bo
es-cl
es-co
es-cr
es-do
es-ec
es-es
es-gt
es-hn
es-mx
es-ni
es-pa
es-pe
es-pr
es-py
es-sv
es-uy
es-ve
et-ee
eu-es
fa-ir
fi-fi
fo-fo
fr-be
fr-ca
fr-ch
fr-fr
fr-lu
fr-mc
gl-es
gu-in
he-il
hi-in
hr-ba
hr-hr
hu-hu
hy-am
id-id
is-is
it-ch
it-it
ja-jp
ka-ge
kk-kz
kn-in
kok-in
ko-kr
ky-kg
lt-lt
lv-lv
mi-nz
mk-mk
ml-in
mn-mn
mr-in
ms-bn
ms-my
mt-mt
nb-no
nl-be
nl-nl
nn-no
ns-za
pa-in
pl-pl
pt-br
pt-pt
quz-bo
quz-ec
quz-pe
ro-ro
ru-ru
sa-in
se-fi
se-no
se-se
sk-sk
sl-si
sma-no
sma-se
smj-no
smj-se
smn-fi
sms-fi
sq-al
sr-ba-cyrl
sr-ba-latn
sr-sp-cyrl
sr-sp-latn
sv-fi
sv-se
sw-ke
syr-sy
ta-in
te-in
th-th
tn-za
tr-tr
tt-ru
uk-ua
ur-pk
uz-uz-cyrl
uz-uz-latn
vi-vn
xh-za
zh-chs
zh-cht
zh-cn
zh-hk
zh-mo
zh-sg
zh-tw
zu-za
minkernel\crts\ucrt\src\appcrt\locale\lcidtoname_downlevel.cpp
__acrt_DownlevelLCIDToLocaleName
wcscpy_s(outLocaleName, cchLocaleName, buffer)
minkernel\crts\ucrt\src\appcrt\convert\mbrtowc.cpp
retval != __crt_mbstring::INCOMPLETE
1 <= trail_bytes && trail_bytes <= 3
minkernel\crts\ucrt\src\appcrt\convert\c32rtomb.cpp
c32 < (1u << (7 - trail_bytes))
minkernel\crts\ucrt\src\appcrt\convert\_fptostr.cpp
__acrt_fp_strflt_to_string
buffer_count > static_cast<size_t>((digits > 0 ? digits : 0) + 1)
pflt != nullptr
minkernel\crts\ucrt\src\appcrt\convert\cfout.cpp
__acrt_fltout
strcpy_s(result, result_count, "0")
strcpy_s(result, result_count, "1#INF" )
strcpy_s(result, result_count, "1#QNAN")
strcpy_s(result, result_count, "1#SNAN")
strcpy_s(result, result_count, "1#IND" )
mantissa_buffer_count > 0
("unexpected input value; log10 failed", 0)
quotient < digits_per_iteration_multiplier
minkernel\crts\ucrt\src\appcrt\lowio\isatty.cpp
_isatty
static_cast<unsigned>(fh) < _NHANDLE_
minkernel\crts\ucrt\src\appcrt\lowio\osfinfo.cpp
__acrt_lowio_ensure_fh_exists
_get_osfhandle
minkernel\crts\ucrt\src\appcrt\lowio\read.cpp
_read
buffer_size <= INT_MAX
_read_nolock
result_buffer_size <= INT_MAX
result_buffer_size % 2 == 0
(result_buffer_size % 2) == 0
minkernel\crts\ucrt\src\desktopcrt\env\getenv.cpp
traits::tcsnlen(*current + name_length + 1, _MAX_ENV) < _MAX_ENV
required_count != nullptr
common_getenv_s_nolock
(buffer != nullptr && buffer_count > 0) || (buffer == nullptr && buffer_count == 0)
traits::tcscpy_s(buffer, buffer_count, value)
("Invalid error_mode", 0)
minkernel\crts\ucrt\src\appcrt\misc\set_error_mode.cpp
_set_error_mode
base != nullptr || num == 0
minkernel\crts\ucrt\src\appcrt\stdlib\qsort.cpp
qsort
width > 0
comp != nullptr
minkernel\crts\ucrt\src\desktopcrt\mbstring\mbsdec.cpp
_mbsdec_l
current != nullptr
_string1 != nullptr
_string2 != nullptr
count <= INT_MAX
minkernel\crts\ucrt\src\appcrt\string\strnicol.cpp
_strnicoll_l
minkernel\crts\ucrt\src\appcrt\string\wcsnicmp.cpp
_wcsnicmp_l
_wcsnicmp
CONOUT$
minkernel\crts\ucrt\src\appcrt\string\strnicmp.cpp
_strnicmp_l
_strnicmp
cchCount1==0 && cchCount2==1 || cchCount1==1 && cchCount2==0
minkernel\crts\ucrt\src\appcrt\locale\comparestringa.cpp
C:\Program Files (x86)\Microsoft Visual Studio 14.0\VC\include\xmemory0
"invalid argument"
"_Count <= (size_t)(-1) / _Sz" && 0
std::_Deallocate
"(_Ptr_user & (_BIG_ALLOCATION_ALIGNMENT - 1)) == 0" && 0
"reinterpret_cast<uintptr_t *>(_Ptr_ptr)[-1] == _BIG_ALLOCATION_SENTINEL" && 0
"_Ptr_container < _Ptr_user" && 0
"2 * sizeof(void *) <= _Ptr_user - _Ptr_container" && 0
"_Ptr_user - _Ptr_container <= _NON_USER_SIZE" && 0
C:\Program Files (x86)\Microsoft Visual Studio 14.0\VC\include\xlocale
yC:\Program Files (x86)\Microsoft Visual Studio 14.0\VC\include\xstring
ninvalid null pointer
invalid iterator range
ljkfh
nekck
kddfn
ae_te
e`V0_
VS_VERSION_INFO
StringFileInfo
040904E4
CompanyName
Always Magnetstu Say
ProductName
Die Lift
FileDescription
Die Lift
FileVersion
3.0.2.723
ProductVersion
3.0.2.723
LegalCopyright
Copyright
Always Magnetstu Say 1994-2016
OriginalFilename
SpeechPa.dll
VarFileInfo
Translation

Full Results

Engine Signature Engine Signature Engine Signature
Bkav Clean MicroWorld-eScan Clean CMC Clean
CAT-QuickHeal Clean ALYac Clean Malwarebytes Clean
Zillya Clean Sangfor Clean CrowdStrike Clean
Alibaba Clean K7GW Clean K7AntiVirus Clean
Invincea Clean BitDefenderTheta Clean F-Prot Clean
Symantec Clean ESET-NOD32 a variant of Win32/GenKryptik.ELAD Baidu Clean
APEX Clean Paloalto Clean ClamAV Clean
Kaspersky Clean BitDefender Clean NANO-Antivirus Clean
ViRobot Clean SUPERAntiSpyware Clean Avast Clean
Rising Clean Ad-Aware Clean Sophos Clean
Comodo Clean F-Secure Clean DrWeb Clean
VIPRE Clean TrendMicro Clean McAfee-GW-Edition Clean
Trapmine Clean FireEye Clean Emsisoft Clean
SentinelOne Clean Cyren Clean Jiangmin Clean
Webroot Clean Avira Clean MAX Clean
Antiy-AVL Clean Kingsoft Clean Microsoft Clean
Endgame malicious (high confidence) Arcabit Clean AegisLab Clean
ZoneAlarm Clean Avast-Mobile Clean GData Clean
AhnLab-V3 Clean Acronis Clean McAfee Clean
TACHYON Clean VBA32 Clean Cylance Clean
Zoner Clean TrendMicro-HouseCall Clean Tencent Clean
Yandex Clean Ikarus Clean eGambit Clean
Fortinet Clean MaxSecure Clean AVG Clean
Panda Clean Qihoo-360 Clean
Sorry! No behavior.

Hosts

Direct IP Country Name
Y 8.8.8.8 [VT] United States
Y 1.1.1.1 [VT] Australia

TCP

No TCP connections recorded.

UDP

Source Source Port Destination Destination Port
192.168.1.7 55169 1.1.1.1 53
192.168.1.7 56221 1.1.1.1 53
192.168.1.7 57251 1.1.1.1 53
192.168.1.7 61313 1.1.1.1 53
192.168.1.7 62371 1.1.1.1 53
192.168.1.7 64247 1.1.1.1 53
192.168.1.7 65119 1.1.1.1 53
192.168.1.7 137 192.168.1.255 137
192.168.1.7 55169 8.8.8.8 53
192.168.1.7 56221 8.8.8.8 53
192.168.1.7 57251 8.8.8.8 53
192.168.1.7 61313 8.8.8.8 53
192.168.1.7 62371 8.8.8.8 53
192.168.1.7 64247 8.8.8.8 53
192.168.1.7 65119 8.8.8.8 53

DNS

No domains contacted.

HTTP Requests

No HTTP requests performed.

SMTP traffic

No SMTP traffic performed.

IRC traffic

No IRC requests performed.

ICMP traffic

Source Destination ICMP Type Data
1.1.1.1 192.168.1.7 3
1.1.1.1 192.168.1.7 3
1.1.1.1 192.168.1.7 3
1.1.1.1 192.168.1.7 3
1.1.1.1 192.168.1.7 3
1.1.1.1 192.168.1.7 3
1.1.1.1 192.168.1.7 3
1.1.1.1 192.168.1.7 3
1.1.1.1 192.168.1.7 3
1.1.1.1 192.168.1.7 3
1.1.1.1 192.168.1.7 3
8.8.8.8 192.168.1.7 3
8.8.8.8 192.168.1.7 3
8.8.8.8 192.168.1.7 3
8.8.8.8 192.168.1.7 3
8.8.8.8 192.168.1.7 3
8.8.8.8 192.168.1.7 3
8.8.8.8 192.168.1.7 3
8.8.8.8 192.168.1.7 3
8.8.8.8 192.168.1.7 3
8.8.8.8 192.168.1.7 3
8.8.8.8 192.168.1.7 3
8.8.8.8 192.168.1.7 3
8.8.8.8 192.168.1.7 3
8.8.8.8 192.168.1.7 3
8.8.8.8 192.168.1.7 3
8.8.8.8 192.168.1.7 3
8.8.8.8 192.168.1.7 3
8.8.8.8 192.168.1.7 3
8.8.8.8 192.168.1.7 3
8.8.8.8 192.168.1.7 3
8.8.8.8 192.168.1.7 3
8.8.8.8 192.168.1.7 3
8.8.8.8 192.168.1.7 3
8.8.8.8 192.168.1.7 3

CIF Results

No CIF Results

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Suricata HTTP

No Suricata HTTP

Sorry! No dropped Suricata Extracted files.

JA3

No JA3 hashes found.

Sorry! No dropped files.
Sorry! No CAPE files.
Sorry! No process dumps.
Defense Evasion
  • T1116 - Code Signing
    • Signature - invalid_authenticode_signature
  • T1045 - Software Packing
    • Signature - packer_unknown_pe_section_name

    Processing ( 11.040999999999999 seconds )

    • 5.241 Suricata
    • 2.555 VirusTotal
    • 1.636 Static
    • 0.581 NetworkAnalysis
    • 0.578 peid
    • 0.266 CAPE
    • 0.081 TargetInfo
    • 0.033 Deduplicate
    • 0.024 BehaviorAnalysis
    • 0.023 Strings
    • 0.019 AnalysisInfo
    • 0.004 Debug

    Signatures ( 0.06800000000000002 seconds )

    • 0.01 ransomware_files
    • 0.008 antiav_detectreg
    • 0.006 antiav_detectfile
    • 0.006 ransomware_extensions
    • 0.004 antianalysis_detectfile
    • 0.004 infostealer_bitcoin
    • 0.004 infostealer_ftp
    • 0.004 territorial_disputes_sigs
    • 0.003 persistence_autorun
    • 0.003 infostealer_im
    • 0.003 masquerade_process_name
    • 0.002 antivm_vbox_files
    • 0.002 infostealer_mail
    • 0.001 betabot_behavior
    • 0.001 kibex_behavior
    • 0.001 tinba_behavior
    • 0.001 antianalysis_detectreg
    • 0.001 antivm_vbox_keys
    • 0.001 geodo_banking_trojan
    • 0.001 browser_security
    • 0.001 disables_browser_warn
    • 0.001 revil_mutexes

    Reporting ( 1.903 seconds )

    • 1.859 BinGraph
    • 0.038 MITRE_TTPS
    • 0.006 PCAP2CERT