Sample: c26859c4a7dce369457b656a5922876e
P3pper Reports - http://www.peppermalware.com.P3pper Twitter - https://twitter.com/P3pperP0tts.
This report has been generated automatically by a set of malware analysis tools.
This work is licensed under a Creative Commons Attribution 4.0 International License. To view a copy of this license visit http://creativecommons.org/licenses/by/4.0/.
Classification: #STEALER #AVEMARIA (based on p3pperp0tts rules)
Analysis date: 2021-01-05 13:40:21 (p3pperp0tts platform's analysis date) Exe timestamp: 2020-12-09 22:47:43 (timestamp of the original sample)
Unpacked mods max timestamp: 2020-12-09 22:47:43 (higher timestamp of all the unpacked modules) VirusTotal analysis date: 2020-12-20 07:21:22 (date of last time that the sample was analyzed at vt)
Index
• Sample
• AV detections
• Virustotal
• Yara matches
• Threads tree
• Most Interesting behavior
• Most Interesting strings
• Hosts
• Dns queries
• Network traffic
• Full strings list
• Threads behaviour
• Network by processes
• Unpacked or injected modules
• Extra Information Recovered
• Configs Recovered
Sample
•md5: c26859c4a7dce369457b656a5922876eAV detections
• Microsoft: Trojan:Win32/AveMaria.AM!MTB • Kaspersky: Trojan-Spy.Win32.AveMaria.dqa • Symantec: Ransom.Wannacry • Malwarebytes: Backdoor.AveMariaVirustotal
• https://virustotal.com/es/file/640fb0d63a59e413c9a916160a9e2dd334f84734a70fc4c8e9c13509e168a0ff/analysisYara matches
The following yara rules have matched injected or unpacked modules's code or data areas.
Threads tree
The following tree represents sample's threads. T<index> is an alias for sample's threads (numeration is done in the order of threads creation). P<index> is an alias for processes owning sample's threads.
Most interesting behavior
The following list it's a collection of the most interesting events captured. This list is ordered by the score assigned to the event. In the section "Threads behavioural information" it's possible to find all the actions performed by each sample's thread ordered chronologically.
Most interesting strings
The following list it's a collection of the most interesting strings found in the sample's modules (unpacked modules too) code or data.
• wcsncpy_s(names->szCodePage, (sizeof(*__countof_helper(names->szCodePage)) + 0), wlocale, len)
• wcsncpy_s(_psetloc_data->_cacheLocaleName, (sizeof(*__countof_helper(_psetloc_data->_cacheLocaleName)) + 0), lpLocaleString, wcslen(lpLocaleString) + 1)
• !This program cannot be run in DOS mode. • .?AVbad_exception@std@@
• __acrt_stdio_char_traits<char>::validate_stream_is_ansi_if_required
• wcsncpy_s(lpOutStr->szCodePage, (sizeof(*__countof_helper(lpOutStr->szCodePage)) + 0), L"utf8", 5) • .?AVbad_alloc@std@@
• <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">
• !"#$%&\'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~
• wcsncpy_s(_psetloc_data->_cacheLocaleName, (sizeof(*__countof_helper(_psetloc_data->_cacheLocaleName)) + 0), localeName, wcslen(localeName) + 1)
• wcsncpy_s(names->szCountry, (sizeof(*__countof_helper(names->szCountry)) + 0), wlocale, len) • <?xml version='1.0' encoding='UTF-8' standalone='yes'?>
• traits::tcscpy_s(program_name, (sizeof(*__countof_helper(program_name)) + 0), get_program_name_unknown_text(Character()))
• <assembly xmlns='urn:schemas-microsoft-com:asm.v1' manifestVersion='1.0'>
• wcsncpy_s(lpOutStr->szLocaleName, (sizeof(*__countof_helper(lpOutStr->szLocaleName)) + 0), _psetloc_data->_cacheLocaleName, wcslen(_psetloc_data->_cacheLocaleName) + 1) • api-ms-win-core-synch-l1-2-0.dll • d:\\agent\\_work\\3\\s\\src\\vctools\\crt\\vcruntime\\src\\eh\\std_exception.cpp • .?AVbad_array_new_length@std@@ • d:\\agent\\_work\\3\\s\\src\\vctools\\crt\\vcruntime\\src\\eh\\std_type_info.cpp • C:\\Users\\p3pp3r\\Downloads\\p3pp3rsamp.exe
• ((destination)) != NULL && ((size_in_elements)) > 0 • Base Class Array'
• For information on how your program can cause an assertion • LocaleNameToLCID
• `copy constructor closure'
• ("Corrupted pointer passed to _freea", 0) • (L"String is not null terminated" && 0) • `managed vector copy constructor iterator' • _CrtSetReportMode
• <requestedExecutionLevel level='asInvoker' uiAccess='false' /> • _itoa_s(nLine, szLineMessage, 4096, 10)
• CoReleaseServerProcess
• minkernel\\crts\\ucrt\\src\\appcrt\\heap\\debug_heap.cpp • ERROR : Unable to initialize critical section in CAtlModule • atlTraceGeneral
• .?AVpairNode@@ • .?AVpDNameNode@@
• `vector copy constructor iterator'
• minkernel\\crts\\ucrt\\src\\appcrt\\misc\\dbgrptt.cpp • .?AVCAtlModule@ATL@@ • api-ms-win-appmodel-runtime-l1-1-2 • SetWindowLongA • template-parameter-• `local vftable' • .?AVCAtlException@ATL@@ • Program: %ls%ls%ls%ls%ls%ls%ls%ls%ls%ls%ls%ls • .?AVtype_info@@
• minkernel\\crts\\ucrt\\src\\appcrt\\startup\\argv_parsing.cpp • QueryPerformanceCounter
• AtlThunk_DataToCode
• __crt_strtox::c_string_character_source<char>::validate
• wcscpy_s(szOutMessage2, 4096, L"_CrtDbgReport: String too long or Invalid characters in String") • abort() has been called
• TerminateProcess
• c:\\program files (x86)\\microsoft visual
studio\\2017\\community\\vc\\tools\\msvc\\14.16.27023\\atlmfc\\include\\atltrace.h • `dynamic initializer for '
• minkernel\\crts\\ucrt\\src\\appcrt\\locale\\locale_refcounting.cpp • .?AVDNameStatusNode@@
• `vector vbase copy constructor iterator' • cached_fp == invalid_function_sentinel() • InterlockedFlushSList • atlTraceString • utput::string_output_adapter<wchar_t>,class __crt_stdio_output::format_validation_base<wchar_t,class __crt_stdio_output::string_output_adapter<wchar_t> > >::type_case_integer • _set_new_mode • ext-ms-win-ntuser-dialogbox-l1-1-0 • cached_handle == INVALID_HANDLE_VALUE • atlTraceControls
• Buffer is too small
• minkernel\\crts\\ucrt\\src\\appcrt\\misc\\errno.cpp • `vector vbase constructor iterator'
• minkernel\\crts\\ucrt\\inc\\corecrt_internal_stdio.h • GetSystemTimeAsFileTime
• ERROR : Unable to initialize critical section in CAtlBaseModule • to->_What == nullptr && to->_DoFree == false
• __crt_strtox::c_string_character_source<wchar_t>::validate • common_message_window
• _p != nullptr • _VCrtDbgReportW
• `eh vector vbase copy constructor iterator'
• minkernel\\crts\\ucrt\\src\\appcrt\\string\\stricmp.cpp • operator co_await
•
`generic-class-parameter-• (ptloci->lc_category[category].locale != nullptr && ptloci->lc_category[category].refcount != nullptr) || (ptloci->lc_category[category].locale == nullptr && ptloci->lc_category[category].refcount == nullptr) • `local static destructor helper'
• strcat_s(szLineMessage, 4096, "\\r") • atlTraceHosting • .?AVcharNode@@ • .?AVDNameNode@@ • GetEnabledXStateFeatures • atlTraceDBProvider • LCMapStringW
• strcpy_s(szLineMessage, 4096, szFormat ? "Assertion failed: " : "Assertion failed!") • `local vftable constructor closure'
• `eh vector vbase constructor iterator' • CreateEventW
• `default constructor closure'
• e = mbstowcs_s(&ret;, szOutMessage2, 4096, szOutMessage, ((size_t)-1)) • HeapValidate
• LocateXStateFeature • atlTraceRegistrar
• `virtual displacement map'
• C:\\Users\\W7H64\\Desktop\\VCSamples-master\\VC2010Samples\\ATL\\General\\AtlCon\\bitcoin coinjoin op.pdb • AppPolicyGetThreadInitializationType
• GetProcAddress
• api-ms-win-security-systemfunctions-l1-1-0 • api-ms-win-core-localization-obsolete-l1-2-0 • common_tcscpy_s
• c:\\program files (x86)\\microsoft visual
studio\\2017\\community\\vc\\tools\\msvc\\14.16.27023\\atlmfc\\include\\atltransactionmanager.h • .?AV?$CAtlExeModuleT@VCATLConModule@@@ATL@@ • (((HRESULT)(hr)) >= 0) • GetCurrentThreadId • GetConsoleMode • stream != nullptr • SetThreadStackGuarantee • GetCurrentProcess • src != nullptr • CreateThread • atlTraceWindowing
• false && "Too many categories defined" • SetConsoleCtrlHandler
• strcat_s(szLineMessage, 4096, "\\n") • 0 && "Use OBJECT_ENTRY_NON_CREATEABLE_EX • common_tcscat_s
• fMode == _CRTDBG_REPORT_MODE || (fMode & ~(_CRTDBG_MODE_FILE | _CRTDBG_MODE_DEBUG | _CRTDBG_MODE_WNDW)) == 0 • d:\\agent\\_work\\3\\s\\src\\vctools\\crt\\vcstartup\\src\\misc\\thread_safe_statics.cpp
• c:\\program files (x86)\\microsoft visual
studio\\2017\\community\\vc\\tools\\msvc\\14.16.27023\\atlmfc\\include\\atlconv.h • mode == _crt_argv_expanded_arguments || mode == _crt_argv_unexpanded_arguments
• d:\\agent\\_work\\3\\s\\src\\vctools\\crt\\vcruntime\\src\\internal\\winapi_downlevel.cpp • strcpy_s(szOutMessage, 4096, szLineMessage)
• UnregisterClassA
• failure, see the Visual C++ documentation on asserts. • `local static thread guard'
• UnhandledExceptionFilter • IsValidLocaleName • result != nullptr
• c:\\program files (x86)\\microsoft visual
studio\\2017\\community\\vc\\tools\\msvc\\14.16.27023\\atlmfc\\include\\atlexcept.h • EncodePointer • api-ms-win-core-localization-l1-2-1 • __crt_stdio_output::output_processor<char,class __crt_stdio_output::string_output_adapter<char>,class __crt_stdio_output::format_validation_base<char,class __crt_stdio_output::string_output_adapter<char> > >::state_case_normal_tchar • IsValidCodePage
• ( (_Stream.is_string_backed()) || (fn = _fileno(_Stream.public_stream()), ((_textmode_safe(fn) == __crt_lowio_text_mode::ansi) && !_tm_unicode_safe(fn))))
• __crt_strtox::c_string_character_source<wchar_t>::unget • `vector deleting destructor'
• CorExitProcess • common_configure_argv
• minkernel\\crts\\ucrt\\src\\appcrt\\string\\wcsicmp.cpp • `udt returning'
• `local static guard' • GetCurrentProcessId • __acrt_copy_locale_name
• .?AU_ATL_MODULE70@ATL@@ • `omni callsig' • GetXStateFeaturesMask
• Microsoft Visual C++ Runtime Library • strcat_s(szLineMessage, 4096, szUserMessage) • <program name unknown>
• wcscpy_s(locale, numberOfElements, names->szLanguage)
• .?AU?$CAtlValidateModuleConfiguration@$0A@VCATLConModule@@@ATL@@ • __acrt_get_qualified_locale
• __atl_condVal • GetTimeFormatW
• c:\\program files (x86)\\microsoft visual
studio\\2017\\community\\vc\\tools\\msvc\\14.16.27023\\atlmfc\\include\\atlcomcli.h • Type Descriptor' • `generic-method-parameter-• .?AV?$CAtlModuleT@VCATLConModule@@@ATL@@ • GetUserDefaultLCID • GetDateFormatW • FlushFileBuffers • minkernel\\crts\\ucrt\\inc\\corecrt_internal_strtox.h • AreFileApisANSI • </trustInfo>
• strcpy_s(szOutMessage, 4096, "_CrtDbgReport: String too long or IO Error") • </requestedPrivileges>
• CoAddRefServerProcess • new_hook != nullptr • atlTraceSync
• traits::tcscpy_s(variable.get(), required_count, source_it) • GetUserDefaultLocaleName • _itow_s(nLine, szLineMessage, 4096, 10) • SetUnhandledExceptionFilter • common_set_report_hook • TranslateMessage • MultiByteToWideChar
• `template static data member destructor helper' • c:\\program files (x86)\\microsoft visual
studio\\2017\\community\\vc\\tools\\msvc\\14.16.27023\\atlmfc\\include\\atlalloc.h • GetSystemTimePreciseAsFileTime
• abcdefghijklmnopqrstuvwxyz • _set_controlfp
• `template static data member constructor helper' •
`template-type-parameter-• `anonymous namespace' • dst != nullptr
• String is not null terminated • OutputDebugStringW
• InterlockedPushEntrySList • bad allocation
• GetLocaleNameFromDefault
• wcsncpy_s(localeNameCopy, cch+1, localeName, cch+1) • (Press Retry to debug the application)
• mode == 0 || mode == 1
• strcpy_s(szUserMessage, 4096, "_CrtDbgReport: String too long or IO Error") • __crt_strtox::parse_integer
• `vbase destructor'
• `scalar deleting destructor'
• `eh vector copy constructor iterator'
• minkernel\\crts\\ucrt\\src\\appcrt\\heap\\new_mode.cpp • api-ms-win-core-winrt-l1-1-0
• atlTraceSnapin
• ERROR : Unable to initialize critical section in CAtlComModule • GetTextMetricsA • minkernel\\crts\\ucrt\\inc\\corecrt_internal_string_templates.h • api-ms-win-rtcore-ntuser-window-l1-1-0 • minkernel\\crts\\ucrt\\src\\appcrt\\stdio\\output.cpp • CallWindowProcA • cli::pin_ptr< • _get_doserrno • minkernel\\crts\\ucrt\\src\\appcrt\\misc\\dbgrpt.cpp • .?AUIAtlMemMgr@ATL@@ • minkernel\\crts\\ucrt\\devdiv\\vcruntime\\inc\\internal_shared.h • GetCurrentThread
• base == 0 || (2 <= base && base <= 36) • common_tcsncpy_s • api-ms-win-core-xstate-l2-1-0 • LCIDToLocaleName • api-ms-win-core-synch-l1-2-0 • d:\\agent\\_work\\3\\s\\src\\vctools\\crt\\vcruntime\\src\\internal\\per_thread_data.cpp • minkernel\\crts\\ucrt\\src\\appcrt\\locale\\inittime.cpp
• _controlfp_s(((void *)0), newctrl, mask & ~0x00080000) • GetSystemInfo
• ("Invalid input value", 0)
• __crt_strtox::c_string_character_source<char>::unget • api-ms-win-core-fibers-l1-1-1
• wcscpy_s(message_buffer, 4096, L"_CrtDbgReport: String too long or IO Error") • std::nullptr_t
• .?AVpcharNode@@
• `dynamic atexit destructor for ' • CompareStringW • minkernel\\crts\\ucrt\\src\\appcrt\\tran\\contrlfp.c • `unknown ecsu' • .?AVCWin32Heap@ATL@@ • api-ms-win-core-file-l1-2-2 • DefWindowProcA • api-ms-win-core-sysinfo-l1-2-1
• _CrtDbgReport: String too long or Invalid characters in String • pbstrPath != 0 && ppTypeLib != 0
• bad array new length
• mode == _CRT_RPTHOOK_INSTALL || mode == _CRT_RPTHOOK_REMOVE • Class Hierarchy Descriptor'
• minkernel\\crts\\ucrt\\src\\appcrt\\startup\\onexit.cpp • GetWindowLongA • atlTraceTime • DecodePointer • `non-type-template-parameter • api-ms-win-core-datetime-l1-1-1 • atlTraceUtil • ext-ms-win-ntuser-windowstation-l1-1-0 • .?AUIAtlStringMgr@ATL@@ • Program: %hs%ls%ls%hs%ls%hs%ls%hs%ls%ls%hs%ls • <requestedPrivileges> • `template-parameter • `placement delete closure'
• api-ms-win-core-processthreads-l1-1-2 • .?AVCAtlStringMgr@ATL@@ • api-ms-win-core-string-l1-1-0 • generic-type-• AtlThrow: hr = 0x%x • atlTraceNotImpl • __lc_lctowcs • bad exception
• `eh vector constructor iterator'
• minkernel\\crts\\ucrt\\src\\appcrt\\internal\\winapi_thunks.cpp • InitializeSListHead
• `placement delete[] closure' • .?AVexception@std@@
• (L"Buffer is too small" && 0)
• __crt_stdio_output::output_processor<char,class __crt_stdio_output::string_output_adapter<char>,class __crt_stdio_output::format_validation_base<char,class __crt_stdio_output::string_output_adapter<char> > >::type_case_integer
• `eh vector destructor iterator' • Base Class Descriptor at ( • atlTraceStencil
• InterlockedPopEntrySList
• _CrtDbgReport: String too long or IO Error
• minkernel\\crts\\ucrt\\src\\appcrt\\tran\\i386\\ieee87.c • c:\\program files (x86)\\microsoft visual
studio\\2017\\community\\vc\\tools\\msvc\\14.16.27023\\atlmfc\\include\\atlbase.h • IsDebuggerPresent • WideCharToMultiByte • CoCreateInstance • FlushInstructionCache • VirtualAlloc • FindNextFileW • GetTimeFormatEx • GetConsoleCP • GetLastError • LeaveCriticalSection • GetProcessWindowStation • FindFirstFileExW • GetProcessHeap • VirtualProtect • EnumSystemLocalesEx • GetWindowRect • InitializeConditionVariable • InitializeCriticalSectionEx • GetWindowTextA • GetWindowTextLengthA • SetStdHandle • GetLocaleInfoW • FreeEnvironmentStringsW • DeleteCriticalSection • RegOpenKeyTransactedA • WriteConsoleW • GetModuleHandleW • GetModuleHandleA • RegisterClassExA • GetCommandLineA • GetCommandLineW • WaitForSingleObjectEx
• RegDeleteKeyA • PostThreadMessageA • CreateEventA • IsValidLocale • SleepConditionVariableCS • SetWindowTextA • GetStartupInfoW • WakeAllConditionVariable • VirtualQuery • RegDeleteKeyExA • CreateWindowExA • EnumSystemLocalesW • SetLastError • GetStringTypeW • RegOpenKeyExA • RegQueryInfoKeyA • HeapQueryInformation • GetEnvironmentStringsW • GetFileSizeEx • EnterCriticalSection • SetFilePointerEx • RegDeleteKeyTransactedA • GetModuleFileNameA • GetClassInfoExA • GetModuleFileNameW • GetActiveWindow • DispatchMessageA • InitializeCriticalSectionAndSpinCount • RaiseException • CompareStringEx • LCMapStringEx • GetDateFormatEx • GetLocaleInfoEx • GetLastActivePopup • SystemFunction036 • ReadConsoleW • GetModuleHandleExW • IsProcessorFeaturePresent • SetEnvironmentVariableW • LoadLibraryExW • LoadLibraryExA • GetUserObjectInformationW • GetClientRect • SendMessageA • WaitForSingleObject • GetStdHandle
Hosts
• 192.168.239.1:5353 • 192.168.239.224:49172 • 224.0.0.251:5353 • 72.247.177.183:80
Dns queries
• 255.239.168.192.in-addr.arpa ---> no answers • 2.239.168.192.in-addr.arpa ---> no answers • 1.239.168.192.in-addr.arpa ---> no answers • isatap.localdomain ---> no answers • 250.255.255.239.in-addr.arpa ---> no answersNetwork traffic
This section contains the readable content of the captured network traffic classified by established connections.
• tcp 192.168.239.224:49172 ---> 72.247.177.183:80
GET /pki/crl/products/WinPCA.crl HTTP/1.1[...]If-Modified-Since: Wed, 02 Dec 2015 18:30:06 GMT[...]Cache-Control: max-age = 900[...]User-Agent: Microsoft-CryptoAPI/6.1[...]Host: crl.microsoft.com[...]If-None-Match:
"0cb60772f2dd11:0"[...]Connection: Keep-Alive
• tcp 72.247.177.183:80 ---> 192.168.239.224:49172
x-ms-blob-type: BlockBlob[...]Content-Length: 530[...]Content-Type: application/pkix-crl[...]HTTP/1.1 200
OK[...]Date: Tue, 05 Jan 2021 11:50:08 GMT[...]430418080000Z[...]151202080000Z[...]HTTP/1.1 200 OK[...]Content-MD5: Xiddt2GqWiOsZRr49sSgAA==[...]x-ms-lease-status: unlocked[...]x-ms-version: 2009-09-19[...]Last-Modified: Tue, 08 May 2018 21:14:18 GMT[...]x-ms-request-id: f663655e-101e-0084-6eff-691158000000[...]Connection:
Keep-Alive[...]Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0[...]Microsoft Corporation1+0)[...]ETag: 0x8D5B528A905E7D5[...]"Microsoft Windows Verification PCA
• udp 192.168.239.1:5353 ---> 224.0.0.251:5353
Full strings list
The following list it's a collection of all the strings found in the sample's modules (unpacked modules too) code or data.
• wcsncpy_s(names->szCodePage, (sizeof(*__countof_helper(names->szCodePage)) + 0), wlocale, len)
• wcsncpy_s(_psetloc_data->_cacheLocaleName, (sizeof(*__countof_helper(_psetloc_data->_cacheLocaleName)) + 0), lpLocaleString, wcslen(lpLocaleString) + 1)
• !This program cannot be run in DOS mode. • .?AVbad_exception@std@@
• __acrt_stdio_char_traits<char>::validate_stream_is_ansi_if_required
• wcsncpy_s(lpOutStr->szCodePage, (sizeof(*__countof_helper(lpOutStr->szCodePage)) + 0), L"utf8", 5) • .?AVbad_alloc@std@@
• <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">
• !"#$%&\'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~
• wcsncpy_s(_psetloc_data->_cacheLocaleName, (sizeof(*__countof_helper(_psetloc_data->_cacheLocaleName)) + 0), localeName, wcslen(localeName) + 1)
• wcsncpy_s(names->szCountry, (sizeof(*__countof_helper(names->szCountry)) + 0), wlocale, len) • <?xml version='1.0' encoding='UTF-8' standalone='yes'?>
• traits::tcscpy_s(program_name, (sizeof(*__countof_helper(program_name)) + 0), get_program_name_unknown_text(Character()))
• <assembly xmlns='urn:schemas-microsoft-com:asm.v1' manifestVersion='1.0'>
• wcsncpy_s(lpOutStr->szLocaleName, (sizeof(*__countof_helper(lpOutStr->szLocaleName)) + 0), _psetloc_data->_cacheLocaleName, wcslen(_psetloc_data->_cacheLocaleName) + 1) • api-ms-win-core-synch-l1-2-0.dll • d:\\agent\\_work\\3\\s\\src\\vctools\\crt\\vcruntime\\src\\eh\\std_exception.cpp • .?AVbad_array_new_length@std@@ • d:\\agent\\_work\\3\\s\\src\\vctools\\crt\\vcruntime\\src\\eh\\std_type_info.cpp • C:\\Users\\p3pp3r\\Downloads\\p3pp3rsamp.exe
• ((destination)) != NULL && ((size_in_elements)) > 0 • Base Class Array'
• For information on how your program can cause an assertion • LocaleNameToLCID
• `copy constructor closure'
• ("Corrupted pointer passed to _freea", 0) • (L"String is not null terminated" && 0) • `managed vector copy constructor iterator' • _CrtSetReportMode
• <requestedExecutionLevel level='asInvoker' uiAccess='false' /> • _itoa_s(nLine, szLineMessage, 4096, 10)
• CoReleaseServerProcess
• minkernel\\crts\\ucrt\\src\\appcrt\\heap\\debug_heap.cpp • ERROR : Unable to initialize critical section in CAtlModule • atlTraceGeneral
• .?AVpairNode@@ • .?AVpDNameNode@@
• `vector copy constructor iterator'
• minkernel\\crts\\ucrt\\src\\appcrt\\misc\\dbgrptt.cpp • .?AVCAtlModule@ATL@@ • api-ms-win-appmodel-runtime-l1-1-2 • SetWindowLongA • template-parameter-• `local vftable' • .?AVCAtlException@ATL@@ • Program: %ls%ls%ls%ls%ls%ls%ls%ls%ls%ls%ls%ls • .?AVtype_info@@
• minkernel\\crts\\ucrt\\src\\appcrt\\startup\\argv_parsing.cpp • QueryPerformanceCounter
• AtlThunk_DataToCode
• __crt_strtox::c_string_character_source<char>::validate
• wcscpy_s(szOutMessage2, 4096, L"_CrtDbgReport: String too long or Invalid characters in String") • abort() has been called
• TerminateProcess
• c:\\program files (x86)\\microsoft visual
studio\\2017\\community\\vc\\tools\\msvc\\14.16.27023\\atlmfc\\include\\atltrace.h • `dynamic initializer for '
• minkernel\\crts\\ucrt\\src\\appcrt\\locale\\locale_refcounting.cpp • .?AVDNameStatusNode@@
• `vector vbase copy constructor iterator' • cached_fp == invalid_function_sentinel() • InterlockedFlushSList • atlTraceString • utput::string_output_adapter<wchar_t>,class __crt_stdio_output::format_validation_base<wchar_t,class __crt_stdio_output::string_output_adapter<wchar_t> > >::type_case_integer • _set_new_mode • ext-ms-win-ntuser-dialogbox-l1-1-0 • cached_handle == INVALID_HANDLE_VALUE • atlTraceControls
• Buffer is too small
• minkernel\\crts\\ucrt\\src\\appcrt\\misc\\errno.cpp • `vector vbase constructor iterator'
• minkernel\\crts\\ucrt\\inc\\corecrt_internal_stdio.h • GetSystemTimeAsFileTime
• ERROR : Unable to initialize critical section in CAtlBaseModule • to->_What == nullptr && to->_DoFree == false
• __crt_strtox::c_string_character_source<wchar_t>::validate • common_message_window
• _p != nullptr • _VCrtDbgReportW
• `eh vector vbase copy constructor iterator'
• minkernel\\crts\\ucrt\\src\\appcrt\\string\\stricmp.cpp • operator co_await
•
`generic-class-parameter-• (ptloci->lc_category[category].locale != nullptr && ptloci->lc_category[category].refcount != nullptr) || (ptloci->lc_category[category].locale == nullptr && ptloci->lc_category[category].refcount == nullptr) • `local static destructor helper'
• strcat_s(szLineMessage, 4096, "\\r") • atlTraceHosting • .?AVcharNode@@ • .?AVDNameNode@@ • GetEnabledXStateFeatures • atlTraceDBProvider • LCMapStringW
• strcpy_s(szLineMessage, 4096, szFormat ? "Assertion failed: " : "Assertion failed!") • `local vftable constructor closure'
• `eh vector vbase constructor iterator' • CreateEventW
• `default constructor closure'
• e = mbstowcs_s(&ret;, szOutMessage2, 4096, szOutMessage, ((size_t)-1)) • HeapValidate
• LocateXStateFeature • atlTraceRegistrar
• `virtual displacement map'
• C:\\Users\\W7H64\\Desktop\\VCSamples-master\\VC2010Samples\\ATL\\General\\AtlCon\\bitcoin coinjoin op.pdb • AppPolicyGetThreadInitializationType
• GetProcAddress
• api-ms-win-security-systemfunctions-l1-1-0 • api-ms-win-core-localization-obsolete-l1-2-0 • common_tcscpy_s
• c:\\program files (x86)\\microsoft visual
studio\\2017\\community\\vc\\tools\\msvc\\14.16.27023\\atlmfc\\include\\atltransactionmanager.h • .?AV?$CAtlExeModuleT@VCATLConModule@@@ATL@@ • (((HRESULT)(hr)) >= 0) • GetCurrentThreadId • GetConsoleMode • stream != nullptr • SetThreadStackGuarantee • GetCurrentProcess • src != nullptr • CreateThread • atlTraceWindowing
• false && "Too many categories defined" • SetConsoleCtrlHandler
• strcat_s(szLineMessage, 4096, "\\n") • 0 && "Use OBJECT_ENTRY_NON_CREATEABLE_EX • common_tcscat_s
• fMode == _CRTDBG_REPORT_MODE || (fMode & ~(_CRTDBG_MODE_FILE | _CRTDBG_MODE_DEBUG | _CRTDBG_MODE_WNDW)) == 0 • d:\\agent\\_work\\3\\s\\src\\vctools\\crt\\vcstartup\\src\\misc\\thread_safe_statics.cpp
• c:\\program files (x86)\\microsoft visual
studio\\2017\\community\\vc\\tools\\msvc\\14.16.27023\\atlmfc\\include\\atlconv.h • mode == _crt_argv_expanded_arguments || mode == _crt_argv_unexpanded_arguments
• d:\\agent\\_work\\3\\s\\src\\vctools\\crt\\vcruntime\\src\\internal\\winapi_downlevel.cpp • strcpy_s(szOutMessage, 4096, szLineMessage)
• UnregisterClassA
• failure, see the Visual C++ documentation on asserts. • `local static thread guard'
• UnhandledExceptionFilter • IsValidLocaleName • result != nullptr
• c:\\program files (x86)\\microsoft visual
studio\\2017\\community\\vc\\tools\\msvc\\14.16.27023\\atlmfc\\include\\atlexcept.h • EncodePointer • api-ms-win-core-localization-l1-2-1 • __crt_stdio_output::output_processor<char,class __crt_stdio_output::string_output_adapter<char>,class __crt_stdio_output::format_validation_base<char,class __crt_stdio_output::string_output_adapter<char> > >::state_case_normal_tchar • IsValidCodePage
• ( (_Stream.is_string_backed()) || (fn = _fileno(_Stream.public_stream()), ((_textmode_safe(fn) == __crt_lowio_text_mode::ansi) && !_tm_unicode_safe(fn))))
• __crt_strtox::c_string_character_source<wchar_t>::unget • `vector deleting destructor'
• CorExitProcess • common_configure_argv
• minkernel\\crts\\ucrt\\src\\appcrt\\string\\wcsicmp.cpp • `udt returning'
• `local static guard' • GetCurrentProcessId • __acrt_copy_locale_name
• .?AU_ATL_MODULE70@ATL@@ • `omni callsig' • GetXStateFeaturesMask
• Microsoft Visual C++ Runtime Library • strcat_s(szLineMessage, 4096, szUserMessage) • <program name unknown>
• wcscpy_s(locale, numberOfElements, names->szLanguage)
• .?AU?$CAtlValidateModuleConfiguration@$0A@VCATLConModule@@@ATL@@ • __acrt_get_qualified_locale
• __atl_condVal • GetTimeFormatW
• c:\\program files (x86)\\microsoft visual
studio\\2017\\community\\vc\\tools\\msvc\\14.16.27023\\atlmfc\\include\\atlcomcli.h • Type Descriptor' • `generic-method-parameter-• .?AV?$CAtlModuleT@VCATLConModule@@@ATL@@ • GetUserDefaultLCID • GetDateFormatW • FlushFileBuffers • minkernel\\crts\\ucrt\\inc\\corecrt_internal_strtox.h • AreFileApisANSI • </trustInfo>
• strcpy_s(szOutMessage, 4096, "_CrtDbgReport: String too long or IO Error") • </requestedPrivileges>
• CoAddRefServerProcess • new_hook != nullptr • atlTraceSync
• traits::tcscpy_s(variable.get(), required_count, source_it) • GetUserDefaultLocaleName • _itow_s(nLine, szLineMessage, 4096, 10) • SetUnhandledExceptionFilter • common_set_report_hook • TranslateMessage • MultiByteToWideChar
• `template static data member destructor helper' • c:\\program files (x86)\\microsoft visual
studio\\2017\\community\\vc\\tools\\msvc\\14.16.27023\\atlmfc\\include\\atlalloc.h • GetSystemTimePreciseAsFileTime
• abcdefghijklmnopqrstuvwxyz • _set_controlfp
• `template static data member constructor helper' •
`template-type-parameter-• `anonymous namespace' • dst != nullptr
• String is not null terminated • OutputDebugStringW
• InterlockedPushEntrySList • bad allocation
• GetLocaleNameFromDefault
• wcsncpy_s(localeNameCopy, cch+1, localeName, cch+1) • (Press Retry to debug the application)
• mode == 0 || mode == 1
• strcpy_s(szUserMessage, 4096, "_CrtDbgReport: String too long or IO Error") • __crt_strtox::parse_integer
• `vbase destructor'
• `scalar deleting destructor'
• `eh vector copy constructor iterator'
• minkernel\\crts\\ucrt\\src\\appcrt\\heap\\new_mode.cpp • api-ms-win-core-winrt-l1-1-0
• atlTraceSnapin
• ERROR : Unable to initialize critical section in CAtlComModule • GetTextMetricsA • minkernel\\crts\\ucrt\\inc\\corecrt_internal_string_templates.h • api-ms-win-rtcore-ntuser-window-l1-1-0 • minkernel\\crts\\ucrt\\src\\appcrt\\stdio\\output.cpp • CallWindowProcA • cli::pin_ptr< • _get_doserrno • minkernel\\crts\\ucrt\\src\\appcrt\\misc\\dbgrpt.cpp • .?AUIAtlMemMgr@ATL@@ • minkernel\\crts\\ucrt\\devdiv\\vcruntime\\inc\\internal_shared.h • GetCurrentThread
• base == 0 || (2 <= base && base <= 36) • common_tcsncpy_s • api-ms-win-core-xstate-l2-1-0 • LCIDToLocaleName • api-ms-win-core-synch-l1-2-0 • d:\\agent\\_work\\3\\s\\src\\vctools\\crt\\vcruntime\\src\\internal\\per_thread_data.cpp • minkernel\\crts\\ucrt\\src\\appcrt\\locale\\inittime.cpp
• _controlfp_s(((void *)0), newctrl, mask & ~0x00080000) • GetSystemInfo
• ("Invalid input value", 0)
• __crt_strtox::c_string_character_source<char>::unget • api-ms-win-core-fibers-l1-1-1
• wcscpy_s(message_buffer, 4096, L"_CrtDbgReport: String too long or IO Error") • std::nullptr_t
• .?AVpcharNode@@
• `dynamic atexit destructor for ' • CompareStringW • minkernel\\crts\\ucrt\\src\\appcrt\\tran\\contrlfp.c • `unknown ecsu' • .?AVCWin32Heap@ATL@@ • api-ms-win-core-file-l1-2-2 • DefWindowProcA • api-ms-win-core-sysinfo-l1-2-1
• _CrtDbgReport: String too long or Invalid characters in String • pbstrPath != 0 && ppTypeLib != 0
• bad array new length
• mode == _CRT_RPTHOOK_INSTALL || mode == _CRT_RPTHOOK_REMOVE • Class Hierarchy Descriptor'
• minkernel\\crts\\ucrt\\src\\appcrt\\startup\\onexit.cpp • GetWindowLongA • atlTraceTime • DecodePointer • `non-type-template-parameter • api-ms-win-core-datetime-l1-1-1 • atlTraceUtil • ext-ms-win-ntuser-windowstation-l1-1-0 • .?AUIAtlStringMgr@ATL@@ • Program: %hs%ls%ls%hs%ls%hs%ls%hs%ls%ls%hs%ls • <requestedPrivileges> • `template-parameter • `placement delete closure'
• api-ms-win-core-processthreads-l1-1-2 • .?AVCAtlStringMgr@ATL@@ • api-ms-win-core-string-l1-1-0 • generic-type-• AtlThrow: hr = 0x%x • atlTraceNotImpl • __lc_lctowcs • bad exception
• `eh vector constructor iterator'
• minkernel\\crts\\ucrt\\src\\appcrt\\internal\\winapi_thunks.cpp • InitializeSListHead
• `placement delete[] closure' • .?AVexception@std@@
• (L"Buffer is too small" && 0)
• __crt_stdio_output::output_processor<char,class __crt_stdio_output::string_output_adapter<char>,class __crt_stdio_output::format_validation_base<char,class __crt_stdio_output::string_output_adapter<char> > >::type_case_integer
• `eh vector destructor iterator' • Base Class Descriptor at ( • atlTraceStencil
• InterlockedPopEntrySList
• _CrtDbgReport: String too long or IO Error
• minkernel\\crts\\ucrt\\src\\appcrt\\tran\\i386\\ieee87.c • c:\\program files (x86)\\microsoft visual
studio\\2017\\community\\vc\\tools\\msvc\\14.16.27023\\atlmfc\\include\\atlbase.h • IsDebuggerPresent • WideCharToMultiByte • CoCreateInstance • FlushInstructionCache • VirtualAlloc • FindNextFileW • GetTimeFormatEx • GetConsoleCP • GetLastError • LeaveCriticalSection • GetProcessWindowStation • FindFirstFileExW • GetProcessHeap • VirtualProtect • EnumSystemLocalesEx • GetWindowRect • InitializeConditionVariable • InitializeCriticalSectionEx • GetWindowTextA • GetWindowTextLengthA • SetStdHandle • GetLocaleInfoW • FreeEnvironmentStringsW • DeleteCriticalSection • RegOpenKeyTransactedA • WriteConsoleW • GetModuleHandleW • GetModuleHandleA • RegisterClassExA • GetCommandLineA • GetCommandLineW • WaitForSingleObjectEx
• RegDeleteKeyA • PostThreadMessageA • CreateEventA • IsValidLocale • SleepConditionVariableCS • SetWindowTextA • GetStartupInfoW • WakeAllConditionVariable • VirtualQuery • RegDeleteKeyExA • CreateWindowExA • EnumSystemLocalesW • SetLastError • GetStringTypeW • RegOpenKeyExA • RegQueryInfoKeyA • HeapQueryInformation • GetEnvironmentStringsW • GetFileSizeEx • EnterCriticalSection • SetFilePointerEx • RegDeleteKeyTransactedA • GetModuleFileNameA • GetClassInfoExA • GetModuleFileNameW • GetActiveWindow • DispatchMessageA • InitializeCriticalSectionAndSpinCount • RaiseException • CompareStringEx • LCMapStringEx • GetDateFormatEx • GetLocaleInfoEx • GetLastActivePopup • SystemFunction036 • ReadConsoleW • GetModuleHandleExW • IsProcessorFeaturePresent • SetEnvironmentVariableW • LoadLibraryExW • LoadLibraryExA • GetUserObjectInformationW • GetClientRect • SendMessageA • WaitForSingleObject • GetStdHandle • RoUninitialize • hKeyParent != 0 • `vtordispex{ • _CrtSetReportFile • Assertion failed
• `managed vector constructor iterator' • create_environment
• AppPolicyGetShowDeveloperDiagnostic • RoInitialize
• CoRevokeClassObject • CoUninitialize
• oleaut32.dll • AppPolicyGetWindowingModel • (((source))) != NULL • cached_handle == new_handle • CoResumeClassObjects • AtlThunk_AllocateData • File
• Complete Object Locator' • kernel32.dll • minkernel\\crts\\ucrt\\src\\desktopcrt\\env\\environment_initialization.cpp • hInstTypeLib != 0 • SelectObject • wlocale, len) • CoInitialize
• `managed vector destructor iterator' • _pAtlModule == 0 • minkernel\\crts\\ucrt\\src\\appcrt\\locale\\getstringtypea.cpp • LangCountryEnumProcEx • atlTraceAllocation • _VCrtDbgReportA • atlTraceCache • Assertion failed: • atlTraceSecurity • AppPolicyGetProcessTerminationMethod • AtlThunk_FreeData • Unknown exception • atlTraceException • .?AVCATLConModule@@ • AtlThunk_InitData • advapi32.dll
• `vector constructor iterator' • atlTraceRefcount
• atlTraceISAPI • LanguageEnumProcEx
• `vector destructor iterator' • CoRegisterClassObject • StringFromGUID2 • __vectorcall • <file unknown> • atlTraceDBClient • hAdvAPI32 != 0 • Assertion failed! • @atlTraceISAPI • _controlfp_s • c == '\\0' || *_p == c • _CrtCheckMemory() • cached_fp == new_fp • atlthunk.dll
Threads behaviour
In this section it's possible to find information about sample's threads, such as the actions performed by each sample's thread ordered chronologically.
Network by processes
The analysis environment tries to capture and collect network actions performed by sample's threads.
Unpacked or injected modules
In this section it's possible to find information about sample's modules, such as the rich signatures and strings
• Module 1 (probably unpacked / injected by the sample)
• Module 1 rich signatures
• 44616e53000000000000000000000000656603010d000000656605019700000052680401120000005268030115000000526805012f0000006 566040114000000656601010d000000000001009c0000009b690501030000009b69ff00010000009b690201
• Module 1 strings
• Module 1 most interesting strings
• wcsncpy_s(names->szCodePage, (sizeof(*__countof_helper(names->szCodePage)) + 0), wlocale, len)
• wcsncpy_s(_psetloc_data->_cacheLocaleName, (sizeof(*__countof_helper(_psetloc_data->_cacheLocaleName)) + 0), lpLocaleString, wcslen(lpLocaleString) + 1)
• !This program cannot be run in DOS mode. • .?AVbad_exception@std@@
• __acrt_stdio_char_traits<char>::validate_stream_is_ansi_if_required
• wcsncpy_s(lpOutStr->szCodePage, (sizeof(*__countof_helper(lpOutStr->szCodePage)) + 0), L"utf8", 5) • .?AVbad_alloc@std@@
• <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">
• !"#$%&\'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~
• wcsncpy_s(_psetloc_data->_cacheLocaleName, (sizeof(*__countof_helper(_psetloc_data->_cacheLocaleName)) + 0), localeName, wcslen(localeName) + 1)
• wcsncpy_s(names->szCountry, (sizeof(*__countof_helper(names->szCountry)) + 0), wlocale, len) • <?xml version='1.0' encoding='UTF-8' standalone='yes'?>
• traits::tcscpy_s(program_name, (sizeof(*__countof_helper(program_name)) + 0), get_program_name_unknown_text(Character()))
• <assembly xmlns='urn:schemas-microsoft-com:asm.v1' manifestVersion='1.0'>
• wcsncpy_s(lpOutStr->szLocaleName, (sizeof(*__countof_helper(lpOutStr->szLocaleName)) + 0), _psetloc_data->_cacheLocaleName, wcslen(_psetloc_data->_cacheLocaleName) + 1) • api-ms-win-core-synch-l1-2-0.dll • d:\\agent\\_work\\3\\s\\src\\vctools\\crt\\vcruntime\\src\\eh\\std_exception.cpp • .?AVbad_array_new_length@std@@ • d:\\agent\\_work\\3\\s\\src\\vctools\\crt\\vcruntime\\src\\eh\\std_type_info.cpp
• ((destination)) != NULL && ((size_in_elements)) > 0 • Base Class Array'
• For information on how your program can cause an assertion • LocaleNameToLCID
• `copy constructor closure'
• ("Corrupted pointer passed to _freea", 0) • (L"String is not null terminated" && 0) • `managed vector copy constructor iterator' • _CrtSetReportMode
• <requestedExecutionLevel level='asInvoker' uiAccess='false' /> • _itoa_s(nLine, szLineMessage, 4096, 10)
• CoReleaseServerProcess
• minkernel\\crts\\ucrt\\src\\appcrt\\heap\\debug_heap.cpp • ERROR : Unable to initialize critical section in CAtlModule • atlTraceGeneral
• .?AVpairNode@@ • .?AVpDNameNode@@
• `vector copy constructor iterator' • minkernel\\crts\\ucrt\\src\\appcrt\\misc\\dbgrptt.cpp • .?AVCAtlModule@ATL@@ • api-ms-win-appmodel-runtime-l1-1-2 • SetWindowLongA • template-parameter-• `local vftable' • .?AVCAtlException@ATL@@ • Program: %ls%ls%ls%ls%ls%ls%ls%ls%ls%ls%ls%ls • .?AVtype_info@@ • minkernel\\crts\\ucrt\\src\\appcrt\\startup\\argv_parsing.cpp • QueryPerformanceCounter • AtlThunk_DataToCode • __crt_strtox::c_string_character_source<char>::validate
• wcscpy_s(szOutMessage2, 4096, L"_CrtDbgReport: String too long or Invalid characters in String") • abort() has been called
• TerminateProcess
• c:\\program files (x86)\\microsoft visual
studio\\2017\\community\\vc\\tools\\msvc\\14.16.27023\\atlmfc\\include\\atltrace.h • `dynamic initializer for '
• minkernel\\crts\\ucrt\\src\\appcrt\\locale\\locale_refcounting.cpp • .?AVDNameStatusNode@@
• `vector vbase copy constructor iterator' • cached_fp == invalid_function_sentinel() • InterlockedFlushSList • atlTraceString • utput::string_output_adapter<wchar_t>,class __crt_stdio_output::format_validation_base<wchar_t,class __crt_stdio_output::string_output_adapter<wchar_t> > >::type_case_integer • _set_new_mode • ext-ms-win-ntuser-dialogbox-l1-1-0 • cached_handle == INVALID_HANDLE_VALUE • atlTraceControls
• Buffer is too small
• minkernel\\crts\\ucrt\\src\\appcrt\\misc\\errno.cpp • `vector vbase constructor iterator'
• minkernel\\crts\\ucrt\\inc\\corecrt_internal_stdio.h • GetSystemTimeAsFileTime
• ERROR : Unable to initialize critical section in CAtlBaseModule • to->_What == nullptr && to->_DoFree == false
• __crt_strtox::c_string_character_source<wchar_t>::validate • common_message_window
• _p != nullptr • _VCrtDbgReportW
• `eh vector vbase copy constructor iterator'
• minkernel\\crts\\ucrt\\src\\appcrt\\string\\stricmp.cpp • operator co_await
•
`generic-class-parameter-• (ptloci->lc_category[category].locale != nullptr && ptloci->lc_category[category].refcount != nullptr) || (ptloci->lc_category[category].locale == nullptr && ptloci->lc_category[category].refcount == nullptr) • `local static destructor helper'
• strcat_s(szLineMessage, 4096, "\\r") • atlTraceHosting • .?AVcharNode@@ • .?AVDNameNode@@ • GetEnabledXStateFeatures • atlTraceDBProvider • LCMapStringW
• strcpy_s(szLineMessage, 4096, szFormat ? "Assertion failed: " : "Assertion failed!") • `local vftable constructor closure'
• `eh vector vbase constructor iterator' • CreateEventW
• `default constructor closure'
• e = mbstowcs_s(&ret;, szOutMessage2, 4096, szOutMessage, ((size_t)-1)) • HeapValidate
• LocateXStateFeature • atlTraceRegistrar
• ("The hook function is not in the list!", 0) • `virtual displacement map'
• C:\\Users\\W7H64\\Desktop\\VCSamples-master\\VC2010Samples\\ATL\\General\\AtlCon\\bitcoin coinjoin op.pdb • AppPolicyGetThreadInitializationType
• GetProcAddress
• api-ms-win-security-systemfunctions-l1-1-0 • api-ms-win-core-localization-obsolete-l1-2-0 • common_tcscpy_s
• c:\\program files (x86)\\microsoft visual
studio\\2017\\community\\vc\\tools\\msvc\\14.16.27023\\atlmfc\\include\\atltransactionmanager.h • .?AV?$CAtlExeModuleT@VCATLConModule@@@ATL@@ • (((HRESULT)(hr)) >= 0) • GetCurrentThreadId • GetConsoleMode • stream != nullptr • SetThreadStackGuarantee • GetCurrentProcess • src != nullptr • CreateThread • atlTraceWindowing
• false && "Too many categories defined" • SetConsoleCtrlHandler
• strcat_s(szLineMessage, 4096, "\\n") • 0 && "Use OBJECT_ENTRY_NON_CREATEABLE_EX • common_tcscat_s
• fMode == _CRTDBG_REPORT_MODE || (fMode & ~(_CRTDBG_MODE_FILE | _CRTDBG_MODE_DEBUG | _CRTDBG_MODE_WNDW)) == 0 • d:\\agent\\_work\\3\\s\\src\\vctools\\crt\\vcstartup\\src\\misc\\thread_safe_statics.cpp
• c:\\program files (x86)\\microsoft visual
studio\\2017\\community\\vc\\tools\\msvc\\14.16.27023\\atlmfc\\include\\atlconv.h • mode == _crt_argv_expanded_arguments || mode == _crt_argv_unexpanded_arguments
• d:\\agent\\_work\\3\\s\\src\\vctools\\crt\\vcruntime\\src\\internal\\winapi_downlevel.cpp • strcpy_s(szOutMessage, 4096, szLineMessage)
• UnregisterClassA
• failure, see the Visual C++ documentation on asserts. • `local static thread guard'
• UnhandledExceptionFilter • IsValidLocaleName • result != nullptr
• c:\\program files (x86)\\microsoft visual
studio\\2017\\community\\vc\\tools\\msvc\\14.16.27023\\atlmfc\\include\\atlexcept.h • EncodePointer • api-ms-win-core-localization-l1-2-1 • __crt_stdio_output::output_processor<char,class __crt_stdio_output::string_output_adapter<char>,class __crt_stdio_output::format_validation_base<char,class __crt_stdio_output::string_output_adapter<char> > >::state_case_normal_tchar • IsValidCodePage
• ( (_Stream.is_string_backed()) || (fn = _fileno(_Stream.public_stream()), ((_textmode_safe(fn) == __crt_lowio_text_mode::ansi) && !_tm_unicode_safe(fn))))
• __crt_strtox::c_string_character_source<wchar_t>::unget • `vector deleting destructor'
• CorExitProcess • common_configure_argv
• minkernel\\crts\\ucrt\\src\\appcrt\\string\\wcsicmp.cpp • `udt returning'
• `local static guard' • GetCurrentProcessId • __acrt_copy_locale_name
• ("lc_time_curr unexpectedly has no remaining references", 0) • .?AU_ATL_MODULE70@ATL@@
• `omni callsig' • GetXStateFeaturesMask
• Microsoft Visual C++ Runtime Library • strcat_s(szLineMessage, 4096, szUserMessage) • <program name unknown>
• wcscpy_s(locale, numberOfElements, names->szLanguage)
• .?AU?$CAtlValidateModuleConfiguration@$0A@VCATLConModule@@@ATL@@ • __acrt_get_qualified_locale
• __atl_condVal • GetTimeFormatW
• c:\\program files (x86)\\microsoft visual
studio\\2017\\community\\vc\\tools\\msvc\\14.16.27023\\atlmfc\\include\\atlcomcli.h • Type Descriptor' • `generic-method-parameter-• .?AV?$CAtlModuleT@VCATLConModule@@@ATL@@ • GetUserDefaultLCID • GetDateFormatW • FlushFileBuffers • minkernel\\crts\\ucrt\\inc\\corecrt_internal_strtox.h • AreFileApisANSI • </trustInfo>
• strcpy_s(szOutMessage, 4096, "_CrtDbgReport: String too long or IO Error") • </requestedPrivileges>
• CoAddRefServerProcess • new_hook != nullptr • atlTraceSync
• traits::tcscpy_s(variable.get(), required_count, source_it) • GetUserDefaultLocaleName • _itow_s(nLine, szLineMessage, 4096, 10) • SetUnhandledExceptionFilter • common_set_report_hook • TranslateMessage • MultiByteToWideChar
• `template static data member destructor helper' • c:\\program files (x86)\\microsoft visual
studio\\2017\\community\\vc\\tools\\msvc\\14.16.27023\\atlmfc\\include\\atlalloc.h • GetSystemTimePreciseAsFileTime
• abcdefghijklmnopqrstuvwxyz • _set_controlfp
• `template static data member constructor helper' •
`template-type-parameter-• `anonymous namespace' • dst != nullptr
• String is not null terminated • OutputDebugStringW
• bad allocation
• GetLocaleNameFromDefault
• wcsncpy_s(localeNameCopy, cch+1, localeName, cch+1) • (Press Retry to debug the application)
• mode == 0 || mode == 1
• strcpy_s(szUserMessage, 4096, "_CrtDbgReport: String too long or IO Error") • __crt_strtox::parse_integer
• `vbase destructor'
• `scalar deleting destructor'
• nRptType >= 0 && nRptType < _CRT_ERRCNT • `eh vector copy constructor iterator'
• minkernel\\crts\\ucrt\\src\\appcrt\\heap\\new_mode.cpp • api-ms-win-core-winrt-l1-1-0
• atlTraceSnapin
• ERROR : Unable to initialize critical section in CAtlComModule • GetTextMetricsA • minkernel\\crts\\ucrt\\inc\\corecrt_internal_string_templates.h • api-ms-win-rtcore-ntuser-window-l1-1-0 • minkernel\\crts\\ucrt\\src\\appcrt\\stdio\\output.cpp • CallWindowProcA • cli::pin_ptr< • _get_doserrno • minkernel\\crts\\ucrt\\src\\appcrt\\misc\\dbgrpt.cpp • .?AUIAtlMemMgr@ATL@@ • minkernel\\crts\\ucrt\\devdiv\\vcruntime\\inc\\internal_shared.h • GetCurrentThread
• base == 0 || (2 <= base && base <= 36) • common_tcsncpy_s • api-ms-win-core-xstate-l2-1-0 • LCIDToLocaleName • api-ms-win-core-synch-l1-2-0 • d:\\agent\\_work\\3\\s\\src\\vctools\\crt\\vcruntime\\src\\internal\\per_thread_data.cpp • minkernel\\crts\\ucrt\\src\\appcrt\\locale\\inittime.cpp
• _controlfp_s(((void *)0), newctrl, mask & ~0x00080000) • GetSystemInfo
• ("Invalid input value", 0)
• __crt_strtox::c_string_character_source<char>::unget • api-ms-win-core-fibers-l1-1-1
• wcscpy_s(message_buffer, 4096, L"_CrtDbgReport: String too long or IO Error") • std::nullptr_t
• .?AVpcharNode@@
• `dynamic atexit destructor for ' • CompareStringW • minkernel\\crts\\ucrt\\src\\appcrt\\tran\\contrlfp.c • `unknown ecsu' • .?AVCWin32Heap@ATL@@ • api-ms-win-core-file-l1-2-2 • DefWindowProcA • api-ms-win-core-sysinfo-l1-2-1
• _CrtDbgReport: String too long or Invalid characters in String • pbstrPath != 0 && ppTypeLib != 0
• bad array new length
• mode == _CRT_RPTHOOK_INSTALL || mode == _CRT_RPTHOOK_REMOVE • Class Hierarchy Descriptor'
• minkernel\\crts\\ucrt\\src\\appcrt\\startup\\onexit.cpp • GetWindowLongA
• DecodePointer • `non-type-template-parameter • api-ms-win-core-datetime-l1-1-1 • atlTraceUtil • ext-ms-win-ntuser-windowstation-l1-1-0 • .?AUIAtlStringMgr@ATL@@ • Program: %hs%ls%ls%hs%ls%hs%ls%hs%ls%ls%hs%ls • <requestedPrivileges> • `template-parameter • `placement delete closure'
• api-ms-win-core-processthreads-l1-1-2 • .?AVCAtlStringMgr@ATL@@ • api-ms-win-core-string-l1-1-0 • generic-type-• AtlThrow: hr = 0x%x • atlTraceNotImpl • __lc_lctowcs • bad exception
• `eh vector constructor iterator'
• minkernel\\crts\\ucrt\\src\\appcrt\\internal\\winapi_thunks.cpp • InitializeSListHead
• `placement delete[] closure' • .?AVexception@std@@
• (L"Buffer is too small" && 0)
• __crt_stdio_output::output_processor<char,class __crt_stdio_output::string_output_adapter<char>,class __crt_stdio_output::format_validation_base<char,class __crt_stdio_output::string_output_adapter<char> > >::type_case_integer
• `eh vector destructor iterator' • Base Class Descriptor at ( • atlTraceStencil
• InterlockedPopEntrySList
• _CrtDbgReport: String too long or IO Error
• minkernel\\crts\\ucrt\\src\\appcrt\\tran\\i386\\ieee87.c • c:\\program files (x86)\\microsoft visual
studio\\2017\\community\\vc\\tools\\msvc\\14.16.27023\\atlmfc\\include\\atlbase.h • IsDebuggerPresent • WideCharToMultiByte • CoCreateInstance • FlushInstructionCache • VirtualAlloc • FindNextFileW • GetTimeFormatEx • GetConsoleCP • GetLastError • LeaveCriticalSection • GetProcessWindowStation • FindFirstFileExW • GetProcessHeap • VirtualProtect • EnumSystemLocalesEx • GetWindowRect • InitializeConditionVariable • InitializeCriticalSectionEx • GetWindowTextA • GetWindowTextLengthA • SetStdHandle • GetLocaleInfoW
• FreeEnvironmentStringsW • DeleteCriticalSection • RegOpenKeyTransactedA • WriteConsoleW • GetModuleHandleW • GetModuleHandleA • RegisterClassExA • GetCommandLineA • GetCommandLineW • WaitForSingleObjectEx • RegDeleteKeyA • PostThreadMessageA • CreateEventA • IsValidLocale • SleepConditionVariableCS • SetWindowTextA • GetStartupInfoW • WakeAllConditionVariable • VirtualQuery • RegDeleteKeyExA • CreateWindowExA • EnumSystemLocalesW • SetLastError • GetStringTypeW • RegOpenKeyExA • RegQueryInfoKeyA • HeapQueryInformation • GetEnvironmentStringsW • GetFileSizeEx • EnterCriticalSection • SetFilePointerEx • RegDeleteKeyTransactedA • GetModuleFileNameA • GetClassInfoExA • GetModuleFileNameW • GetActiveWindow • DispatchMessageA • InitializeCriticalSectionAndSpinCount • RaiseException • CompareStringEx • LCMapStringEx • GetDateFormatEx • GetLocaleInfoEx • GetLastActivePopup • SystemFunction036 • ReadConsoleW • GetModuleHandleExW • IsProcessorFeaturePresent • SetEnvironmentVariableW • LoadLibraryExW • LoadLibraryExA • GetUserObjectInformationW • GetClientRect • SendMessageA • WaitForSingleObject • GetStdHandle
• Module 1 other strings • RoUninitialize • hKeyParent != 0 • `vtordispex{ • _CrtSetReportFile • Assertion failed
• `managed vector constructor iterator' • create_environment • AppPolicyGetShowDeveloperDiagnostic • RoInitialize • CoRevokeClassObject • CoUninitialize • oleaut32.dll • AppPolicyGetWindowingModel • (((source))) != NULL • cached_handle == new_handle • CoResumeClassObjects • AtlThunk_AllocateData • File
• Complete Object Locator' • kernel32.dll • minkernel\\crts\\ucrt\\src\\desktopcrt\\env\\environment_initialization.cpp • hInstTypeLib != 0 • SelectObject • wlocale, len) • CoInitialize
• `managed vector destructor iterator' • _pAtlModule == 0 • minkernel\\crts\\ucrt\\src\\appcrt\\locale\\getstringtypea.cpp • LangCountryEnumProcEx • atlTraceAllocation • _VCrtDbgReportA • atlTraceCache • • atlTraceSecurity • AppPolicyGetProcessTerminationMethod • AtlThunk_FreeData • Unknown exception • atlTraceException • .?AVCATLConModule@@ • AtlThunk_InitData • advapi32.dll
• `vector constructor iterator' • atlTraceRefcount
• atlTraceISAPI • LanguageEnumProcEx
• `vector destructor iterator' • CoRegisterClassObject • StringFromGUID2 • __vectorcall • <file unknown> • atlTraceDBClient • hAdvAPI32 != 0 • Assertion failed!
• _controlfp_s
• c == '\\0' || *_p == c • _CrtCheckMemory() • cached_fp == new_fp • atlthunk.dll
• Module 2 (probably unpacked / injected by the sample)
• Module 2 rich signatures
• 44616e53000000000000000000000000656603010d000000656605019700000052680401120000005268030115000000526805012f0000006 566040114000000656601010d000000000001009c0000009b690501030000009b69ff00010000009b690201
• Module 2 strings
• Module 2 most interesting strings
• wcsncpy_s(names->szCodePage, (sizeof(*__countof_helper(names->szCodePage)) + 0), wlocale, len)
• wcsncpy_s(_psetloc_data->_cacheLocaleName, (sizeof(*__countof_helper(_psetloc_data->_cacheLocaleName)) + 0), lpLocaleString, wcslen(lpLocaleString) + 1)
• !This program cannot be run in DOS mode. • .?AVbad_exception@std@@
• __acrt_stdio_char_traits<char>::validate_stream_is_ansi_if_required • C:\\Users\\p3pp3r\\Downloads\\p3pp3rsamp.exe
• wcsncpy_s(lpOutStr->szCodePage, (sizeof(*__countof_helper(lpOutStr->szCodePage)) + 0), L"utf8", 5) • .?AVbad_alloc@std@@
• <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">
• !"#$%&\'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~
• wcsncpy_s(_psetloc_data->_cacheLocaleName, (sizeof(*__countof_helper(_psetloc_data->_cacheLocaleName)) + 0), localeName, wcslen(localeName) + 1)
• wcsncpy_s(names->szCountry, (sizeof(*__countof_helper(names->szCountry)) + 0), wlocale, len) • <?xml version='1.0' encoding='UTF-8' standalone='yes'?>
• traits::tcscpy_s(program_name, (sizeof(*__countof_helper(program_name)) + 0), get_program_name_unknown_text(Character()))
• <assembly xmlns='urn:schemas-microsoft-com:asm.v1' manifestVersion='1.0'>
• wcsncpy_s(lpOutStr->szLocaleName, (sizeof(*__countof_helper(lpOutStr->szLocaleName)) + 0), _psetloc_data->_cacheLocaleName, wcslen(_psetloc_data->_cacheLocaleName) + 1) • api-ms-win-core-synch-l1-2-0.dll • d:\\agent\\_work\\3\\s\\src\\vctools\\crt\\vcruntime\\src\\eh\\std_exception.cpp • .?AVbad_array_new_length@std@@ • d:\\agent\\_work\\3\\s\\src\\vctools\\crt\\vcruntime\\src\\eh\\std_type_info.cpp
• ((destination)) != NULL && ((size_in_elements)) > 0 • Base Class Array'
• For information on how your program can cause an assertion • LocaleNameToLCID
• `copy constructor closure'
• ("Corrupted pointer passed to _freea", 0) • (L"String is not null terminated" && 0) • `managed vector copy constructor iterator' • _CrtSetReportMode
• <requestedExecutionLevel level='asInvoker' uiAccess='false' /> • _itoa_s(nLine, szLineMessage, 4096, 10)
• CoReleaseServerProcess
• minkernel\\crts\\ucrt\\src\\appcrt\\heap\\debug_heap.cpp • ERROR : Unable to initialize critical section in CAtlModule
• atlTraceGeneral • .?AVpairNode@@ • .?AVpDNameNode@@
• `vector copy constructor iterator'
• minkernel\\crts\\ucrt\\src\\appcrt\\misc\\dbgrptt.cpp • .?AVCAtlModule@ATL@@ • api-ms-win-appmodel-runtime-l1-1-2 • SetWindowLongA • template-parameter-• `local vftable' • .?AVCAtlException@ATL@@ • Program: %ls%ls%ls%ls%ls%ls%ls%ls%ls%ls%ls%ls • .?AVtype_info@@ • minkernel\\crts\\ucrt\\src\\appcrt\\startup\\argv_parsing.cpp • QueryPerformanceCounter • AtlThunk_DataToCode • __crt_strtox::c_string_character_source<char>::validate
• wcscpy_s(szOutMessage2, 4096, L"_CrtDbgReport: String too long or Invalid characters in String") • abort() has been called
• TerminateProcess
• c:\\program files (x86)\\microsoft visual
studio\\2017\\community\\vc\\tools\\msvc\\14.16.27023\\atlmfc\\include\\atltrace.h • `dynamic initializer for '
• minkernel\\crts\\ucrt\\src\\appcrt\\locale\\locale_refcounting.cpp • .?AVDNameStatusNode@@
• `vector vbase copy constructor iterator' • cached_fp == invalid_function_sentinel() • InterlockedFlushSList • atlTraceString • utput::string_output_adapter<wchar_t>,class __crt_stdio_output::format_validation_base<wchar_t,class __crt_stdio_output::string_output_adapter<wchar_t> > >::type_case_integer • _set_new_mode • ext-ms-win-ntuser-dialogbox-l1-1-0 • cached_handle == INVALID_HANDLE_VALUE • atlTraceControls
• Buffer is too small
• minkernel\\crts\\ucrt\\src\\appcrt\\misc\\errno.cpp • `vector vbase constructor iterator'
• minkernel\\crts\\ucrt\\inc\\corecrt_internal_stdio.h • GetSystemTimeAsFileTime
• ERROR : Unable to initialize critical section in CAtlBaseModule • to->_What == nullptr && to->_DoFree == false
• __crt_strtox::c_string_character_source<wchar_t>::validate • common_message_window
• _p != nullptr • _VCrtDbgReportW
• `eh vector vbase copy constructor iterator'
• minkernel\\crts\\ucrt\\src\\appcrt\\string\\stricmp.cpp • operator co_await
•
`generic-class-parameter-• (ptloci->lc_category[category].locale != nullptr && ptloci->lc_category[category].refcount != nullptr) || (ptloci->lc_category[category].locale == nullptr && ptloci->lc_category[category].refcount == nullptr) • `local static destructor helper'
• strcat_s(szLineMessage, 4096, "\\r") • atlTraceHosting
• .?AVcharNode@@ • .?AVDNameNode@@
• GetEnabledXStateFeatures • atlTraceDBProvider • LCMapStringW
• strcpy_s(szLineMessage, 4096, szFormat ? "Assertion failed: " : "Assertion failed!") • `local vftable constructor closure'
• `eh vector vbase constructor iterator' • CreateEventW
• `default constructor closure'
• e = mbstowcs_s(&ret;, szOutMessage2, 4096, szOutMessage, ((size_t)-1)) • HeapValidate
• LocateXStateFeature • atlTraceRegistrar
• ("The hook function is not in the list!", 0) • `virtual displacement map'
• C:\\Users\\W7H64\\Desktop\\VCSamples-master\\VC2010Samples\\ATL\\General\\AtlCon\\bitcoin coinjoin op.pdb • AppPolicyGetThreadInitializationType
• GetProcAddress
• api-ms-win-security-systemfunctions-l1-1-0 • api-ms-win-core-localization-obsolete-l1-2-0 • common_tcscpy_s
• c:\\program files (x86)\\microsoft visual
studio\\2017\\community\\vc\\tools\\msvc\\14.16.27023\\atlmfc\\include\\atltransactionmanager.h • .?AV?$CAtlExeModuleT@VCATLConModule@@@ATL@@ • (((HRESULT)(hr)) >= 0) • GetCurrentThreadId • GetConsoleMode • stream != nullptr • SetThreadStackGuarantee • GetCurrentProcess • src != nullptr • CreateThread • atlTraceWindowing
• false && "Too many categories defined" • SetConsoleCtrlHandler
• strcat_s(szLineMessage, 4096, "\\n") • 0 && "Use OBJECT_ENTRY_NON_CREATEABLE_EX • common_tcscat_s
• fMode == _CRTDBG_REPORT_MODE || (fMode & ~(_CRTDBG_MODE_FILE | _CRTDBG_MODE_DEBUG | _CRTDBG_MODE_WNDW)) == 0 • d:\\agent\\_work\\3\\s\\src\\vctools\\crt\\vcstartup\\src\\misc\\thread_safe_statics.cpp
• c:\\program files (x86)\\microsoft visual
studio\\2017\\community\\vc\\tools\\msvc\\14.16.27023\\atlmfc\\include\\atlconv.h • mode == _crt_argv_expanded_arguments || mode == _crt_argv_unexpanded_arguments
• d:\\agent\\_work\\3\\s\\src\\vctools\\crt\\vcruntime\\src\\internal\\winapi_downlevel.cpp • strcpy_s(szOutMessage, 4096, szLineMessage)
• UnregisterClassA
• failure, see the Visual C++ documentation on asserts. • `local static thread guard'
• UnhandledExceptionFilter • IsValidLocaleName • result != nullptr
• c:\\program files (x86)\\microsoft visual
studio\\2017\\community\\vc\\tools\\msvc\\14.16.27023\\atlmfc\\include\\atlexcept.h • EncodePointer • api-ms-win-core-localization-l1-2-1 • __crt_stdio_output::output_processor<char,class __crt_stdio_output::string_output_adapter<char>,class __crt_stdio_output::format_validation_base<char,class __crt_stdio_output::string_output_adapter<char> > >::state_case_normal_tchar
• IsValidCodePage
• ( (_Stream.is_string_backed()) || (fn = _fileno(_Stream.public_stream()), ((_textmode_safe(fn) == __crt_lowio_text_mode::ansi) && !_tm_unicode_safe(fn))))
• __crt_strtox::c_string_character_source<wchar_t>::unget • `vector deleting destructor'
• CorExitProcess • common_configure_argv
• minkernel\\crts\\ucrt\\src\\appcrt\\string\\wcsicmp.cpp • `udt returning'
• `local static guard' • GetCurrentProcessId • __acrt_copy_locale_name
• ("lc_time_curr unexpectedly has no remaining references", 0) • .?AU_ATL_MODULE70@ATL@@
• `omni callsig' • GetXStateFeaturesMask
• Microsoft Visual C++ Runtime Library • strcat_s(szLineMessage, 4096, szUserMessage) • <program name unknown>
• wcscpy_s(locale, numberOfElements, names->szLanguage)
• .?AU?$CAtlValidateModuleConfiguration@$0A@VCATLConModule@@@ATL@@ • __acrt_get_qualified_locale
• __atl_condVal • GetTimeFormatW
• c:\\program files (x86)\\microsoft visual
studio\\2017\\community\\vc\\tools\\msvc\\14.16.27023\\atlmfc\\include\\atlcomcli.h • Type Descriptor' • `generic-method-parameter-• .?AV?$CAtlModuleT@VCATLConModule@@@ATL@@ • GetUserDefaultLCID • GetDateFormatW • FlushFileBuffers • minkernel\\crts\\ucrt\\inc\\corecrt_internal_strtox.h • AreFileApisANSI • </trustInfo>
• strcpy_s(szOutMessage, 4096, "_CrtDbgReport: String too long or IO Error") • </requestedPrivileges>
• CoAddRefServerProcess • new_hook != nullptr • atlTraceSync
• traits::tcscpy_s(variable.get(), required_count, source_it) • GetUserDefaultLocaleName • _itow_s(nLine, szLineMessage, 4096, 10) • SetUnhandledExceptionFilter • common_set_report_hook • TranslateMessage • MultiByteToWideChar
• `template static data member destructor helper' • c:\\program files (x86)\\microsoft visual
studio\\2017\\community\\vc\\tools\\msvc\\14.16.27023\\atlmfc\\include\\atlalloc.h • GetSystemTimePreciseAsFileTime
• abcdefghijklmnopqrstuvwxyz • _set_controlfp
• `template static data member constructor helper' •
`template-type-parameter-• `anonymous namespace' • dst != nullptr
• String is not null terminated • OutputDebugStringW • InterlockedPushEntrySList • bad allocation • GetLocaleNameFromDefault • wcsncpy_s(localeNameCopy, cch+1, localeName, cch+1) • (Press Retry to debug the application)
• mode == 0 || mode == 1
• strcpy_s(szUserMessage, 4096, "_CrtDbgReport: String too long or IO Error") • __crt_strtox::parse_integer
• `vbase destructor'
• `scalar deleting destructor'
• nRptType >= 0 && nRptType < _CRT_ERRCNT • `eh vector copy constructor iterator'
• minkernel\\crts\\ucrt\\src\\appcrt\\heap\\new_mode.cpp • api-ms-win-core-winrt-l1-1-0
• atlTraceSnapin
• ERROR : Unable to initialize critical section in CAtlComModule • GetTextMetricsA • minkernel\\crts\\ucrt\\inc\\corecrt_internal_string_templates.h • api-ms-win-rtcore-ntuser-window-l1-1-0 • minkernel\\crts\\ucrt\\src\\appcrt\\stdio\\output.cpp • CallWindowProcA • cli::pin_ptr< • _get_doserrno • minkernel\\crts\\ucrt\\src\\appcrt\\misc\\dbgrpt.cpp • .?AUIAtlMemMgr@ATL@@ • minkernel\\crts\\ucrt\\devdiv\\vcruntime\\inc\\internal_shared.h • GetCurrentThread
• base == 0 || (2 <= base && base <= 36) • common_tcsncpy_s • api-ms-win-core-xstate-l2-1-0 • LCIDToLocaleName • api-ms-win-core-synch-l1-2-0 • d:\\agent\\_work\\3\\s\\src\\vctools\\crt\\vcruntime\\src\\internal\\per_thread_data.cpp • minkernel\\crts\\ucrt\\src\\appcrt\\locale\\inittime.cpp
• _controlfp_s(((void *)0), newctrl, mask & ~0x00080000) • GetSystemInfo
• ("Invalid input value", 0)
• __crt_strtox::c_string_character_source<char>::unget • api-ms-win-core-fibers-l1-1-1
• wcscpy_s(message_buffer, 4096, L"_CrtDbgReport: String too long or IO Error") • std::nullptr_t
• .?AVpcharNode@@
• `dynamic atexit destructor for ' • CompareStringW • minkernel\\crts\\ucrt\\src\\appcrt\\tran\\contrlfp.c • `unknown ecsu' • .?AVCWin32Heap@ATL@@ • api-ms-win-core-file-l1-2-2 • DefWindowProcA • api-ms-win-core-sysinfo-l1-2-1
• _CrtDbgReport: String too long or Invalid characters in String • pbstrPath != 0 && ppTypeLib != 0
• bad array new length
• mode == _CRT_RPTHOOK_INSTALL || mode == _CRT_RPTHOOK_REMOVE • Class Hierarchy Descriptor'
• minkernel\\crts\\ucrt\\src\\appcrt\\startup\\onexit.cpp • GetWindowLongA • atlTraceTime • DecodePointer • `non-type-template-parameter • api-ms-win-core-datetime-l1-1-1 • atlTraceUtil • ext-ms-win-ntuser-windowstation-l1-1-0 • .?AUIAtlStringMgr@ATL@@ • Program: %hs%ls%ls%hs%ls%hs%ls%hs%ls%ls%hs%ls • <requestedPrivileges> • `template-parameter • `placement delete closure'
• api-ms-win-core-processthreads-l1-1-2 • .?AVCAtlStringMgr@ATL@@ • api-ms-win-core-string-l1-1-0 • generic-type-• AtlThrow: hr = 0x%x • atlTraceNotImpl • __lc_lctowcs • bad exception
• `eh vector constructor iterator'
• minkernel\\crts\\ucrt\\src\\appcrt\\internal\\winapi_thunks.cpp • InitializeSListHead
• `placement delete[] closure' • .?AVexception@std@@
• (L"Buffer is too small" && 0)
• __crt_stdio_output::output_processor<char,class __crt_stdio_output::string_output_adapter<char>,class __crt_stdio_output::format_validation_base<char,class __crt_stdio_output::string_output_adapter<char> > >::type_case_integer
• `eh vector destructor iterator' • Base Class Descriptor at ( • atlTraceStencil
• InterlockedPopEntrySList
• _CrtDbgReport: String too long or IO Error
• minkernel\\crts\\ucrt\\src\\appcrt\\tran\\i386\\ieee87.c • c:\\program files (x86)\\microsoft visual
studio\\2017\\community\\vc\\tools\\msvc\\14.16.27023\\atlmfc\\include\\atlbase.h • IsDebuggerPresent • WideCharToMultiByte • CoCreateInstance • FlushInstructionCache • VirtualAlloc • FindNextFileW • GetTimeFormatEx • GetConsoleCP • GetLastError • LeaveCriticalSection • GetProcessWindowStation • FindFirstFileExW • GetProcessHeap • VirtualProtect • EnumSystemLocalesEx • GetWindowRect • InitializeConditionVariable • InitializeCriticalSectionEx • GetWindowTextA
• GetWindowTextLengthA • SetStdHandle • GetLocaleInfoW • FreeEnvironmentStringsW • DeleteCriticalSection • RegOpenKeyTransactedA • WriteConsoleW • GetModuleHandleW • GetModuleHandleA • RegisterClassExA • GetCommandLineA • GetCommandLineW • WaitForSingleObjectEx • RegDeleteKeyA • PostThreadMessageA • CreateEventA • IsValidLocale • SleepConditionVariableCS • SetWindowTextA • GetStartupInfoW • WakeAllConditionVariable • VirtualQuery • RegDeleteKeyExA • CreateWindowExA • EnumSystemLocalesW • SetLastError • GetStringTypeW • RegOpenKeyExA • RegQueryInfoKeyA • HeapQueryInformation • GetEnvironmentStringsW • GetFileSizeEx • EnterCriticalSection • SetFilePointerEx • RegDeleteKeyTransactedA • GetModuleFileNameA • GetClassInfoExA • GetModuleFileNameW • GetActiveWindow • DispatchMessageA • InitializeCriticalSectionAndSpinCount • RaiseException • CompareStringEx • LCMapStringEx • GetDateFormatEx • GetLocaleInfoEx • GetLastActivePopup • SystemFunction036 • ReadConsoleW • GetModuleHandleExW • IsProcessorFeaturePresent • SetEnvironmentVariableW • LoadLibraryExW • LoadLibraryExA • GetUserObjectInformationW • GetClientRect • SendMessageA
• WaitForSingleObject • GetStdHandle
• Module 2 other strings
• RoUninitialize • hKeyParent != 0 • `vtordispex{ • _CrtSetReportFile • Assertion failed
• `managed vector constructor iterator' • create_environment • @atlTraceISAPI • AppPolicyGetShowDeveloperDiagnostic • RoInitialize • CoRevokeClassObject • CoUninitialize • oleaut32.dll • AppPolicyGetWindowingModel • (((source))) != NULL • cached_handle == new_handle • CoResumeClassObjects • AtlThunk_AllocateData • File
• Complete Object Locator' • kernel32.dll • minkernel\\crts\\ucrt\\src\\desktopcrt\\env\\environment_initialization.cpp • hInstTypeLib != 0 • SelectObject • wlocale, len) • CoInitialize
• `managed vector destructor iterator' • _pAtlModule == 0 • minkernel\\crts\\ucrt\\src\\appcrt\\locale\\getstringtypea.cpp • LangCountryEnumProcEx • atlTraceAllocation • _VCrtDbgReportA • atlTraceCache • • atlTraceSecurity • AppPolicyGetProcessTerminationMethod • AtlThunk_FreeData • Unknown exception • atlTraceException • .?AVCATLConModule@@ • AtlThunk_InitData • advapi32.dll
• `vector constructor iterator' • atlTraceRefcount
• atlTraceISAPI • LanguageEnumProcEx
• `vector destructor iterator' • CoRegisterClassObject • StringFromGUID2 • __vectorcall • <file unknown>
• atlTraceDBClient • hAdvAPI32 != 0 • Assertion failed! • _controlfp_s • c == '\\0' || *_p == c • _CrtCheckMemory() • cached_fp == new_fp • atlthunk.dll