923793b5ebd17ef82d44d152c1f34b0010f366a8ee84a41d86dd7ad4ecf6e153

.rar

wow64_microsoft-windows-b..iagnostic.resources_31bf3856ad364e35_10.0.22621.1_ru-ru_6bf4e51b04300436.manifest

wow64_microsoft-windows-b..iagnostic.resources_31bf3856ad364e35_10.0.22621.1_ru-ru_6bf4e51b04300436_memtest.exe.mui_77b8cbcc

.dll windows x86

Code Sign

33:00:00:03:3c:89:c6:6a:7b:45:bb:1f:bd:00:00:00:00:03:3c
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

02/09/2021, 18:23 UTC

Not After

01/09/2022, 18:23 UTC

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41 UTC

Not After

19/10/2026, 18:51 UTC

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

29:2c:1d:45:ad:1d:a2:e8:dd:c3:7c:ce:4e:38:90:00:91:68:1f:1b:1c:0f:07:33:4d:46:81:13:0b:f5:d0:a3
Signer

Actual PE Digest

29:2c:1d:45:ad:1d:a2:e8:dd:c3:7c:ce:4e:38:90:00:91:68:1f:1b:1c:0f:07:33:4d:46:81:13:0b:f5:d0:a3

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

23/09/2022, 08:23 UTC
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_LARGE_ADDRESS_AWARE

IMAGE_FILE_32BIT_MACHINE

Sections

.rsrc
Size: 35KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

wow64_microsoft-windows-b..iagnostic.resources_31bf3856ad364e35_10.0.22621.1_sv-se_07efcf8ffb590e91.manifest

wow64_microsoft-windows-b..iagnostic.resources_31bf3856ad364e35_10.0.22621.1_sv-se_07efcf8ffb590e91_memtest.exe.mui_77b8cbcc

.dll windows x86

Code Sign

33:00:00:03:3b:65:5f:ae:fa:db:75:e9:d6:00:00:00:00:03:3b
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

02/09/2021, 18:23 UTC

Not After

01/09/2022, 18:23 UTC

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41 UTC

Not After

19/10/2026, 18:51 UTC

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

17:d0:94:2c:29:6c:22:39:fa:6e:03:b4:2c:59:f8:52:eb:68:a5:e5:03:68:c1:08:ed:1b:62:db:ec:8e:5b:0f
Signer

Actual PE Digest

17:d0:94:2c:29:6c:22:39:fa:6e:03:b4:2c:59:f8:52:eb:68:a5:e5:03:68:c1:08:ed:1b:62:db:ec:8e:5b:0f

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

23/09/2022, 08:23 UTC
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_LARGE_ADDRESS_AWARE

IMAGE_FILE_32BIT_MACHINE

Sections

.rsrc
Size: 35KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

wow64_microsoft-windows-b..iagnostic.resources_31bf3856ad364e35_10.0.22621.1_tr-tr_b0fd19d6ea151082.manifest

wow64_microsoft-windows-b..iagnostic.resources_31bf3856ad364e35_10.0.22621.1_tr-tr_b0fd19d6ea151082_memtest.exe.mui_77b8cbcc

.dll windows x86

Code Sign

33:00:00:03:3c:89:c6:6a:7b:45:bb:1f:bd:00:00:00:00:03:3c
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

02/09/2021, 18:23 UTC

Not After

01/09/2022, 18:23 UTC

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41 UTC

Not After

19/10/2026, 18:51 UTC

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

e3:67:3d:fc:3f:b2:9f:2e:74:18:f8:b4:64:a7:73:c3:50:a8:ea:f2:50:ee:0b:30:3c:4c:82:a2:be:7a:ef:6c
Signer

Actual PE Digest

e3:67:3d:fc:3f:b2:9f:2e:74:18:f8:b4:64:a7:73:c3:50:a8:ea:f2:50:ee:0b:30:3c:4c:82:a2:be:7a:ef:6c

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

23/09/2022, 08:23 UTC
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_LARGE_ADDRESS_AWARE

IMAGE_FILE_32BIT_MACHINE

Sections

.rsrc
Size: 35KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

wow64_microsoft-windows-b..iagnostic.resources_31bf3856ad364e35_10.0.22621.1_zh-cn_825a37d49a4ce2a1.manifest

wow64_microsoft-windows-b..iagnostic.resources_31bf3856ad364e35_10.0.22621.1_zh-cn_825a37d49a4ce2a1_memtest.exe.mui_77b8cbcc

.dll windows x86

Code Sign

33:00:00:03:3c:89:c6:6a:7b:45:bb:1f:bd:00:00:00:00:03:3c
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

02/09/2021, 18:23 UTC

Not After

01/09/2022, 18:23 UTC

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41 UTC

Not After

19/10/2026, 18:51 UTC

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

e4:1b:81:b5:de:0f:17:4b:9c:93:30:ce:7c:bb:3d:8b:65:fb:c6:4d:ce:1c:39:56:51:45:aa:42:bf:0f:30:48
Signer

Actual PE Digest

e4:1b:81:b5:de:0f:17:4b:9c:93:30:ce:7c:bb:3d:8b:65:fb:c6:4d:ce:1c:39:56:51:45:aa:42:bf:0f:30:48

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

23/09/2022, 08:23 UTC
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_LARGE_ADDRESS_AWARE

IMAGE_FILE_32BIT_MACHINE

Sections

.rsrc
Size: 32KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

wow64_microsoft-windows-b..iagnostic.resources_31bf3856ad364e35_10.0.22621.1_zh-tw_8656752a97bdbf11.manifest

wow64_microsoft-windows-b..iagnostic.resources_31bf3856ad364e35_10.0.22621.1_zh-tw_8656752a97bdbf11_memtest.exe.mui_77b8cbcc

.dll windows x86

Code Sign

33:00:00:03:3c:89:c6:6a:7b:45:bb:1f:bd:00:00:00:00:03:3c
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

02/09/2021, 18:23 UTC

Not After

01/09/2022, 18:23 UTC

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41 UTC

Not After

19/10/2026, 18:51 UTC

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

3a:da:10:cf:2e:8f:ca:42:70:94:f3:5f:7b:93:d1:df:dd:c5:2c:3c:64:3d:e9:eb:d5:d8:1e:bf:06:07:6d:92
Signer

Actual PE Digest

3a:da:10:cf:2e:8f:ca:42:70:94:f3:5f:7b:93:d1:df:dd:c5:2c:3c:64:3d:e9:eb:d5:d8:1e:bf:06:07:6d:92

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

23/09/2022, 08:23 UTC
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_LARGE_ADDRESS_AWARE

IMAGE_FILE_32BIT_MACHINE

Sections

.rsrc
Size: 32KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

wow64_microsoft-windows-b..re-memorydiagnostic_31bf3856ad364e35_10.0.22621.1_none_441fc4702cbc4cf8.manifest

wow64_microsoft-windows-b..re-memorydiagnostic_31bf3856ad364e35_10.0.22621.1_none_441fc4702cbc4cf8_memtest.exe_01d80391

.exe windows x86

Code Sign

33:00:00:03:3c:89:c6:6a:7b:45:bb:1f:bd:00:00:00:00:03:3c
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

02/09/2021, 18:23 UTC

Not After

01/09/2022, 18:23 UTC

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41 UTC

Not After

19/10/2026, 18:51 UTC

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

02:7e:11:c6:20:11:65:4f:2c:5f:b4:55:f7:d8:5d:35:80:52:41:3b:7d:0f:e4:cb:ff:c9:46:ed:87:fd:a5:56
Signer

Actual PE Digest

02:7e:11:c6:20:11:65:4f:2c:5f:b4:55:f7:d8:5d:35:80:52:41:3b:7d:0f:e4:cb:ff:c9:46:ed:87:fd:a5:56

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

23/09/2022, 08:23 UTC
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 869KB - Virtual size: 868KB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

.rdata
Size: 82KB - Virtual size: 81KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 291KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.rsrc
Size: 35KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.reloc
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_DISCARDABLE

IMAGE_SCN_MEM_READ

wow64_microsoft-windows-bcrypt-primitives-dll_31bf3856ad364e35_10.0.22621.1_none_7e1bef6b3f293f16.manifest

wow64_microsoft-windows-bcrypt-primitives-dll_31bf3856ad364e35_10.0.22621.1_none_7e1bef6b3f293f16_bcryptprimitives.dll_5dcb347c

.dll windows x86

7aec0ed040ad95f9929c42a57026f9f5

Code Sign

33:00:00:03:81:a4:c7:63:e7:ad:c5:b4:ee:00:00:00:00:03:81
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

10/03/2022, 19:24 UTC

Not After

08/03/2023, 19:24 UTC

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41 UTC

Not After

19/10/2026, 18:51 UTC

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

bc:dd:9b:55:fe:91:55:51:38:ce:db:60:68:fc:02:3f:3f:18:6b:67:e1:f1:50:13:a4:e9:65:59:b5:af:17:34
Signer

Actual PE Digest

bc:dd:9b:55:fe:91:55:51:38:ce:db:60:68:fc:02:3f:3f:18:6b:67:e1:f1:50:13:a4:e9:65:59:b5:af:17:34

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

23/09/2022, 08:23 UTC
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_32BIT_MACHINE

Imports

ntdll

RtlGetCurrentProcessorNumberEx

RtlAllocateHeap

NtOpenKey

NtClose

NtQueryValueKey

NtQueryInformationProcess

wcscpy_s

_wcsicmp

RtlImageNtHeader

qsort

RtlUnwind

NtOpenFile

RtlInitUnicodeString

NtTerminateProcess

RtlGetSystemGlobalData

EtwUnregisterTraceGuids

EtwGetTraceEnableFlags

EtwTraceMessage

EtwGetTraceLoggerHandle

EtwRegisterTraceGuidsW

EtwGetTraceEnableLevel

RtlUnhandledExceptionFilter

memmove

RtlFreeHeap

_vsnwprintf

_alloca_probe

memcmp

memcpy

memset

api-ms-win-core-errorhandling-l1-1-0

SetLastError

GetLastError

api-ms-win-core-libraryloader-l1-2-0

GetModuleFileNameW

GetModuleHandleExW

DisableThreadLibraryCalls

api-ms-win-eventing-provider-l1-1-0

EventWriteTransfer

EventRegister

EventSetInformation

EventUnregister

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

QueryPerformanceFrequency

api-ms-win-core-io-l1-1-0

DeviceIoControl

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-synch-l1-1-0

DeleteCriticalSection

InitializeCriticalSection

LeaveCriticalSection

EnterCriticalSection

api-ms-win-core-registry-l1-1-0

RegQueryInfoKeyW

RegEnumKeyExW

RegQueryValueExW

RegOpenKeyExW

RegCloseKey

api-ms-win-core-processthreads-l1-1-0

SetThreadStackGuarantee

GetCurrentProcessId

TerminateProcess

GetCurrentProcess

api-ms-win-core-memory-l1-1-0

VirtualProtect

VirtualAlloc

VirtualQuery

api-ms-win-core-sysinfo-l1-1-0

GetSystemInfo

api-ms-win-core-xstate-l2-1-0

GetEnabledXStateFeatures

Exports

GetAsymmetricEncryptionInterface

GetCipherInterface

GetHashInterface

GetKeyDerivationInterface

GetRngInterface

GetSecretAgreementInterface

GetSignatureInterface

MSCryptConvertRsaPrivateBlobToFullRsaBlob

ProcessPrng

ProcessPrngGuid

Sections

.text
Size: 362KB - Virtual size: 362KB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_DISCARDABLE

IMAGE_SCN_MEM_READ

wow64_microsoft-windows-kernelbase_31bf3856ad364e35_10.0.22621.1_none_92ecee59dcb302d4.manifest

wow64_microsoft-windows-kernelbase_31bf3856ad364e35_10.0.22621.1_none_92ecee59dcb302d4_kernelbase.dll_7f3dc5f6

.dll windows x86

abf5d64388aca7d1e563955b014929d6

Code Sign

33:00:00:03:81:a4:c7:63:e7:ad:c5:b4:ee:00:00:00:00:03:81
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

10/03/2022, 19:24 UTC

Not After

08/03/2023, 19:24 UTC

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41 UTC

Not After

19/10/2026, 18:51 UTC

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

05:70:29:45:47:e6:a8:bc:15:cb:d6:93:3a:5f:61:74:b0:99:d0:8a:f9:f5:25:f3:a2:5f:2c:59:8f:da:1e:2d
Signer

Actual PE Digest

05:70:29:45:47:e6:a8:bc:15:cb:d6:93:3a:5f:61:74:b0:99:d0:8a:f9:f5:25:f3:a2:5f:2c:59:8f:da:1e:2d

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

23/09/2022, 08:23 UTC
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_32BIT_MACHINE

Imports

ntdll

NtCreatePrivateNamespace

NtDeletePrivateNamespace

NtOpenPrivateNamespace

RtlAddSIDToBoundaryDescriptor

RtlFreeAnsiString

RtlAnsiStringToUnicodeString

RtlInitializeSid

NlsMbCodePageTag

RtlSubAuthoritySid

RtlDosPathNameToRelativeNtPathName_U

RtlFreeUnicodeString

RtlInitUnicodeString

RtlGetOwnerSecurityDescriptor

RtlReleaseRelativeName

RtlLengthRequiredSid

RtlUnicodeStringToAnsiString

RtlInitAnsiString

LdrResRelease

NtQueryInformationFile

RtlEqualSid

SbSelectProcedure

LdrResSearchResource

NtQuerySecurityObject

NtOpenFile

_wcsicmp

RtlDecodeSystemPointer

RtlUnicodeToMultiByteN

RtlMultiByteToUnicodeN

RtlDeleteCriticalSection

RtlUpcaseUnicodeChar

RtlEnterCriticalSection

RtlInitializeCriticalSection

RtlLeaveCriticalSection

RtlSubscribeWnfStateChangeNotification

NtQueryWnfStateData

RtlUnsubscribeWnfNotificationWaitForCompletion

RtlIsThreadWithinLoaderCallout

NtSetInformationFile

RtlDosPathNameToNtPathName_U

wcscpy_s

wcscat_s

swprintf_s

NtFsControlFile

NtQueryVolumeInformationFile

NtCreateFile

RtlSetLastWin32Error

NtWaitForSingleObject

NtNotifyChangeDirectoryFileEx

RtlSetCurrentTransaction

NtCopyFileChunk

RtlEqualUnicodeString

NtQuerySystemInformation

TpSetWait

RtlReleasePrivilege

NtOpenKey

TpReleaseWait

ZwQueryWnfStateData

RtlDosPathNameToNtPathName_U_WithStatus

RtlGetAce

RtlQueryInformationAcl

RtlVerifyVersionInfo

NtQueryEaFile

RtlAcquirePrivilege

RtlGetCurrentTransaction

NtFlushBuffersFile

RtlGetLastNtStatus

NtCreateEvent

RtlGetLastWin32Error

RtlpMergeSecurityAttributeInformation

VerSetConditionMask

_wcsnicmp

RtlNtStatusToDosError

TpWaitForWait

wcsrchr

RtlFindAceByType

NtQueryValueKey

NtOpenMutant

_vsnwprintf

RtlIsDosDeviceName_U

NtReleaseMutant

RtlIsStateSeparationEnabled

NtCreateKeyTransacted

RtlDetermineDosPathNameType_U

NtCreateKey

NtSetValueKey

RtlUnicodeStringToOemString

RtlGetUserInfoHeap

RtlIsValidHandle

RtlAllocateHandle

RtlReAllocateHeap

RtlFreeHandle

RtlSizeHeap

RtlSetUserValueHeap

RtlUnlockHeap

RtlLockHeap

NtQueryDirectoryFile

RtlInitUnicodeStringEx

RtlGetExtendedFeaturesMask

RtlGetEnabledExtendedFeatures

RtlLocateLegacyContext

RtlCopyContext

RtlSetExtendedFeaturesMask

RtlSetLastWin32ErrorAndNtStatusFromNtStatus

RtlInitializeExtendedContext2

RtlGetExtendedContextLength2

RtlLocateExtendedFeature

RtlIsApiSetImplemented

wcspbrk

iswalpha

wcschr

wcsncmp

RtlNtStatusToDosErrorNoTeb

TpSetTimer

RtlDllShutdownInProgress

memcpy_s

TpWaitForTimer

TpReleaseTimer

RtlInitializeCriticalSectionEx

memmove_s

_vsnprintf

NtCreateIoRing

NtSubmitIoRing

NtSetInformationIoRing

NtQueryIoRingCapabilities

NtTerminateProcess

RtlCaptureContext

RtlUnhandledExceptionFilter

_aullshr

RtlGetLocaleFileMappingAddress

NtEnumerateKey

NtGetNlsSectionPtr

RtlNormalizeString

RtlPublishWnfStateData

NtSetDefaultLocale

_wtoi

_itow_s

NtDeleteValueKey

RtlUnicodeStringToInteger

RtlLocaleNameToLcid

RtlIsMultiSessionSku

RtlLcidToLocaleName

RtlpLoadUserUIByPolicy

RtlpLoadMachineUIByPolicy

RtlpGetLCIDFromLangInfoNode

NtEnumerateValueKey

qsort

RtlpCreateProcessRegistryInfo

RtlLCIDToCultureName

RtlpGetNameFromLangInfoNode

NtQueryInstallUILanguage

RtlpMuiFreeLangRegistryInfo

RtlpInitializeLangRegistryInfo

RtlpIsQualifiedLanguage

RtlCultureNameToLCID

_ui64tow_s

LdrFindResourceEx_U

RtlGetThreadPreferredUILanguages

RtlSetProcessPreferredUILanguages

RtlGetUILanguageInfo

RtlGetUserPreferredUILanguages

RtlGetSystemPreferredUILanguages

RtlpQueryDefaultUILanguage

RtlGetProcessPreferredUILanguages

RtlSetThreadPreferredUILanguages

RtlSetThreadPreferredUILanguages2

RtlGetFileMUIPath

RtlRestoreThreadPreferredUILanguages

RtlpGetSystemDefaultUILanguage

LdrAccessResource

RtlIdnToNameprepUnicode

RtlIsNormalizedString

RtlIdnToAscii

RtlIdnToUnicode

NtDeleteKey

RtlAppendUnicodeStringToString

RtlLoadString

RtlAppendUnicodeToString

RtlCopyUnicodeString

RtlExpandEnvironmentStrings_U

NtCreateSection

RtlOpenCurrentUser

NtMapViewOfSection

NtQueryDefaultLocale

NtNotifyChangeKey

NtQueryInformationToken

RtlTimeFieldsToTime

RtlUTF8ToUnicodeN

RtlUnicodeToUTF8N

_wcslwr

NtQueryLicenseValue

_wtol

RtlIntegerToUnicodeString

RtlRunOnceExecuteOnce

DbgPrint

memmove

RtlUnwind

NtClose

RtlReleaseSRWLockShared

RtlPrefixUnicodeString

RtlAcquireSRWLockShared

RtlAcquireSRWLockExclusive

RtlReleaseSRWLockExclusive

RtlDeleteBoundaryDescriptor

NtQueryInformationProcess

RtlCreateBoundaryDescriptor

RtlCompareUnicodeString

RtlFreeHeap

RtlQueryPerformanceCounter

RtlGetPersistedStateLocation

RtlAllocateHeap

RtlQueryWnfStateData

RtlSetProtectedPolicy

NtOpenSymbolicLinkObject

NtQuerySymbolicLinkObject

RtlUnicodeToMultiByteSize

RtlQueryInformationActivationContext

DbgPrintEx

RtlReleaseActivationContext

RtlInitAnsiStringEx

TpAllocTimer

TpAllocIoCompletion

TpAllocWork

TpCallbackMayRunLong

TpAllocCleanupGroup

TpSimpleTryPost

TpQueryPoolStackInformation

TpAllocPool

TpSetPoolMinThreads

TpSetPoolStackInformation

TpAllocWait

RtlConvertSidToUnicodeString

RtlSubAuthorityCountSid

ZwQueryInformationToken

RtlIsMultiUsersInSessionSku

ZwQueryValueKey

ZwClose

ZwOpenKey

NtQueryMultipleValueKey

wcsncpy_s

RtlExitUserProcess

RtlInitializeCriticalSectionAndSpinCount

vswprintf_s

RtlDecodePointer

RtlEncodePointer

isalpha

_strnicmp

RtlRunOnceInitialize

NtDuplicateObject

RtlFormatCurrentUserKeyPath

NtResetEvent

RtlCheckTokenMembershipEx

RtlDeriveCapabilitySidsFromName

NtQueryEvent

RtlCapabilityCheck

NtSetInformationProcess

RtlCreateUnicodeStringFromAsciiz

NtQueryKey

RtlCreateUnicodeString

RtlValidSecurityDescriptor

RtlRandomEx

RtlStringFromGUID

NtLoadKeyEx

RtlLengthSecurityDescriptor

RtlMakeSelfRelativeSD

LdrGetProcedureAddress

LdrGetDllHandle

RtlInitString

strncat

_strlwr

RtlRaiseException

PssNtCaptureSnapshot

PssNtValidateDescriptor

PssNtFreeSnapshot

PssNtFreeRemoteSnapshot

PssNtQuerySnapshot

PssNtWalkSnapshot

PssNtDuplicateSnapshot

PssNtFreeWalkMarker

ApiSetQueryApiSetPresence

NtQueryVirtualMemory

NtOpenProcessTokenEx

RtlGUIDFromString

RtlQueryPackageIdentityEx

RtlStringFromGUIDEx

EtwEventUnregister

EtwEventRegister

EtwEventEnabled

EtwEventWrite

NtCreateWnfStateName

NtDeleteWnfStateName

RtlFreeSid

RtlInitializeSRWLock

WinSqmIncrementDWORD

WinSqmSetDWORD

WinSqmSetString

RtlGetDaclSecurityDescriptor

RtlCreateAcl

RtlAddAccessAllowedAceEx

RtlAddAce

RtlCreateSecurityDescriptor

RtlSetDaclSecurityDescriptor

RtlGetControlSecurityDescriptor

RtlSetControlSecurityDescriptor

NtSetSecurityObject

RtlDowncaseUnicodeString

RtlUpcaseUnicodeString

RtlAllocateAndInitializeSid

wcsspn

NtUnmapViewOfSection

RtlQueryPackageClaims

RtlGetDeviceFamilyInfoEnum

wcsstr

LdrUpdatePackageSearchPath

strncmp

RtlInsertElementGenericTableAvl

RtlInitializeGenericTableAvl

RtlDeleteElementGenericTableAvl

RtlLookupElementGenericTableAvl

RtlValidSid

RtlLengthSid

RtlGetAppContainerSidType

RtlCopySid

RtlExpandEnvironmentStrings

RtlGetAppContainerParent

NtQuerySecurityAttributesToken

RtlIsParentOfChildAppContainer

WinSqmIsOptedIn

WinSqmStartSession

WinSqmAddToStreamEx

WinSqmEndSession

TpReleaseWork

TpPostWork

RtlSetSaclSecurityDescriptor

NtGetCachedSigningLevel

NtCompareSigningLevels

ZwCreateKey

ZwSetValueKey

NtDeviceIoControlFile

EtwEventWriteTransfer

TpCancelAsyncIoOperation

TpWaitForIoCompletion

TpReleaseIoCompletion

RtlEnumerateGenericTableAvl

TpStartAsyncIoOperation

RtlCompareUnicodeStrings

strchr

NtReadFile

RtlRaiseStatus

RtlTryAcquirePebLock

RtlReleasePebLock

wcscspn

RtlGetNtSystemRoot

NtWaitForMultipleObjects

RtlImageNtHeader

NtSetSystemInformation

RtlWow64EnableFsRedirectionEx

RtlExitUserThread

NtYieldExecution

strtoul

_errno

RtlQueryPerformanceFrequency

RtlTryAcquireSRWLockExclusive

RtlGetCurrentDirectory_U

RtlGetSearchPath

RtlDosSearchPath_Ustr

RtlReleasePath

RtlQueryActivationContextApplicationSettings

RtlQueryEnvironmentVariable_U

RtlGetFullPathName_U

RtlIntegerToChar

RtlAnsiCharToUnicodeChar

RtlSetThreadErrorMode

NtDuplicateToken

NtAllocateLocallyUniqueId

NtAccessCheck

NtAccessCheckByType

NtAccessCheckByTypeResultList

NtOpenProcessToken

NtOpenThreadToken

NtSetInformationToken

NtAdjustPrivilegesToken

NtAdjustGroupsToken

NtPrivilegeCheck

NtAccessCheckAndAuditAlarm

NtAccessCheckByTypeAndAuditAlarm

NtAccessCheckByTypeResultListAndAuditAlarm

NtAccessCheckByTypeResultListAndAuditAlarmByHandle

NtOpenObjectAuditAlarm

NtPrivilegeObjectAuditAlarm

NtCloseObjectAuditAlarm

NtDeleteObjectAuditAlarm

NtPrivilegedServiceAuditAlarm

RtlEqualPrefixSid

RtlIdentifierAuthoritySid

RtlAreAllAccessesGranted

RtlAreAnyAccessesGranted

RtlMapGenericMask

RtlValidAcl

RtlSetInformationAcl

RtlDeleteAce

RtlAddAccessAllowedAce

RtlAddMandatoryAce

RtlAddResourceAttributeAce

RtlAddScopedPolicyIDAce

RtlAddAccessDeniedAce

RtlAddAccessDeniedAceEx

RtlAddAuditAccessAce

RtlAddAuditAccessAceEx

RtlAddAccessAllowedObjectAce

RtlAddAccessDeniedObjectAce

RtlAddAuditAccessObjectAce

RtlFirstFreeAce

RtlValidRelativeSecurityDescriptor

RtlGetSaclSecurityDescriptor

RtlSetOwnerSecurityDescriptor

RtlSetGroupSecurityDescriptor

RtlGetGroupSecurityDescriptor

RtlNewSecurityObject

RtlConvertToAutoInheritSecurityObject

RtlNewSecurityObjectEx

RtlNewSecurityObjectWithMultipleInheritance

RtlSetSecurityObject

RtlSetSecurityObjectEx

RtlQuerySecurityObject

RtlDeleteSecurityObject

RtlAbsoluteToSelfRelativeSD

RtlSelfRelativeToAbsoluteSD

RtlImpersonateSelf

NtSetInformationThread

NtImpersonateAnonymousToken

EtwEventWriteNoRegistration

NtFilterToken

RtlCheckTokenCapability

RtlSelfRelativeToAbsoluteSD2

RtlGetSecurityDescriptorRMControl

RtlSetSecurityDescriptorRMControl

RtlIsPackageSid

RtlIsCapabilitySid

NtSetCachedSigningLevel

RtlDosApplyFileIsolationRedirection_Ustr

LdrGetDllHandleByName

RtlImageNtHeaderEx

LdrGetDllHandleByMapping

RtlGetActiveActivationContext

LdrAddLoadAsDataTable

_stricmp

strncat_s

LdrGetDllPath

LdrLoadDll

LdrRemoveLoadAsDataTable

LdrUnloadAlternateResourceModule

LdrUnloadDll

LdrDisableThreadCalloutsForDll

LdrGetDllFullName

RtlPcToFileHeader

LdrAddRefDll

LdrGetProcedureAddressForCaller

LdrAddDllDirectory

LdrRemoveDllDirectory

LdrSetDefaultDllDirectories

LdrResolveDelayLoadedAPI

LdrResolveDelayLoadsFromDll

LdrQueryOptionalDelayLoadedAPI

RtlGetProductInfo

RtlGetVersion

LdrFindResource_U

LdrResGetRCConfig

LdrpResGetResourceDirectory

RtlImageDirectoryEntryToData

LdrResFindResourceDirectory

LdrResFindResource

LdrGetFileNameFromLoadAsDataTable

LdrLoadAlternateResourceModule

LdrRscIsTypeExist

LdrLoadAlternateResourceModuleEx

LdrpResGetMappingSize

wcstoul

NtLockVirtualMemory

NtUnlockVirtualMemory

NtReadVirtualMemory

NtProtectVirtualMemory

NtWriteVirtualMemory

NtFlushInstructionCache

NtAllocateVirtualMemory

NtAllocateVirtualMemoryEx

NtFreeVirtualMemory

RtlFlushSecureMemoryCache

NtOpenEvent

NtGetWriteWatch

NtResetWriteWatch

NtSetInformationVirtualMemory

NtAllocateUserPhysicalPages

NtAllocateUserPhysicalPagesEx

NtFreeUserPhysicalPages

NtMapUserPhysicalPages

RtlUnsubscribeWnfStateChangeNotification

NtManagePartition

RtlxAnsiStringToUnicodeSize

RtlxOemStringToUnicodeSize

RtlxUnicodeStringToOemSize

api-ms-win-eventing-provider-l1-1-0

EventUnregister

EventRegister

EventWriteTransfer

EventActivityIdControl

EventSetInformation

Exports

AccessCheck

AccessCheckAndAuditAlarmW

AccessCheckByType

AccessCheckByTypeAndAuditAlarmW

AccessCheckByTypeResultList

AccessCheckByTypeResultListAndAuditAlarmByHandleW

AccessCheckByTypeResultListAndAuditAlarmW

AcquireSRWLockExclusive

AcquireSRWLockShared

AcquireStateLock

ActivateActCtx

AddAccessAllowedAce

AddAccessAllowedAceEx

AddAccessAllowedObjectAce

AddAccessDeniedAce

AddAccessDeniedAceEx

AddAccessDeniedObjectAce

AddAce

AddAuditAccessAce

AddAuditAccessAceEx

AddAuditAccessObjectAce

AddConsoleAliasA

AddConsoleAliasW

AddDependencyToProcessPackageGraph

AddDllDirectory

AddExtensionProgId

AddMandatoryAce

AddPackageDependency

AddRefActCtx

AddResourceAttributeAce

AddSIDToBoundaryDescriptor

AddScopedPolicyIDAce

AddVectoredContinueHandler

AddVectoredExceptionHandler

AdjustTokenGroups

AdjustTokenPrivileges

AllocConsole

AllocateAndInitializeSid

AllocateLocallyUniqueId

AllocateUserPhysicalPages

AllocateUserPhysicalPages2

AllocateUserPhysicalPagesNuma

AppContainerDeriveSidFromMoniker

AppContainerFreeMemory

AppContainerLookupDisplayNameMrtReference

AppContainerLookupMoniker

AppContainerRegisterSid

AppContainerUnregisterSid

AppPolicyGetClrCompat

AppPolicyGetCreateFileAccess

AppPolicyGetLifecycleManagement

AppPolicyGetMediaFoundationCodecLoading

AppPolicyGetProcessTerminationMethod

AppPolicyGetShowDeveloperDiagnostic

AppPolicyGetThreadInitializationType

AppPolicyGetWindowingModel

AppXFreeMemory

AppXGetApplicationData

AppXGetDevelopmentMode

AppXGetOSMaxVersionTested

AppXGetOSMinVersion

AppXGetPackageCapabilities

AppXGetPackageSid

AppXLookupDisplayName

AppXLookupMoniker

AppXPostSuccessExtension

AppXPreCreationExtension

AppXReleaseAppXContext

AppXUpdatePackageCapabilities

ApplicationUserModelIdFromProductId

AreAllAccessesGranted

AreAnyAccessesGranted

AreFileApisANSI

AreShortNamesEnabled

AreThereVisibleLogoffScriptsInternal

AreThereVisibleShutdownScriptsInternal

ArmFeatureUsageSubscriberFlushNotification

AttachConsole

BaseCheckAppcompatCache

BaseCheckAppcompatCacheEx

BaseCleanupAppcompatCacheSupport

BaseDllFreeResourceId

BaseDllMapResourceIdW

BaseDumpAppcompatCache

BaseFlushAppcompatCache

BaseFormatObjectAttributes

BaseFreeAppCompatDataForProcess

BaseGetConsoleReference

BaseGetNamedObjectDirectory

BaseInitAppcompatCacheSupport

BaseIsAppcompatInfrastructureDisabled

BaseMarkFileForDelete

BaseReadAppCompatDataForProcess

BaseUpdateAppcompatCache

BasepAdjustObjectAttributesForPrivateNamespace

BasepCopyFileCallback

BasepCopyFileExW

BasepNotifyTrackingService

Beep

BuildIoRingCancelRequest

BuildIoRingFlushFile

BuildIoRingReadFile

BuildIoRingRegisterBuffers

BuildIoRingRegisterFileHandles

BuildIoRingWriteFile

CLOSE_LOCAL_HANDLE_INTERNAL

CallEnclave

CallNamedPipeW

CallbackMayRunLong

CancelIo

CancelIoEx

CancelSynchronousIo

CancelThreadpoolIo

CancelWaitableTimer

CeipIsOptedIn

ChangeTimerQueueTimer

CharLowerA

CharLowerBuffA

CharLowerBuffW

CharLowerW

CharNextA

CharNextExA

CharNextW

CharPrevA

CharPrevExA

CharPrevW

CharUpperA

CharUpperBuffA

CharUpperBuffW

CharUpperW

CheckAllowDecryptedRemoteDestinationPolicy

CheckGroupPolicyEnabled

CheckIfStateChangeNotificationExists

CheckIsMSIXPackage

CheckRemoteDebuggerPresent

CheckTokenCapability

CheckTokenMembership

CheckTokenMembershipEx

ChrCmpIA

ChrCmpIW

ClearCommBreak

ClearCommError

CloseHandle

CloseIoRing

ClosePackageInfo

ClosePrivateNamespace

ClosePseudoConsole

CloseState

CloseStateAtom

CloseStateChangeNotification

CloseStateContainer

CloseStateLock

CloseThreadpool

CloseThreadpoolCleanupGroup

CloseThreadpoolCleanupGroupMembers

CloseThreadpoolIo

CloseThreadpoolTimer

CloseThreadpoolWait

CloseThreadpoolWork

CommandLineToArgvW

CommitStateAtom

CompareFileTime

CompareObjectHandles

CompareStringA

CompareStringEx

CompareStringOrdinal

CompareStringW

ConnectNamedPipe

ContinueDebugEvent

ConvertAuxiliaryCounterToPerformanceCounter

ConvertDefaultLocale

ConvertFiberToThread

ConvertPerformanceCounterToAuxiliaryCounter

ConvertThreadToFiber

ConvertThreadToFiberEx

ConvertToAutoInheritPrivateObjectSecurity

CopyContext

CopyFile2

CopyFileExW

CopyFileFromAppW

CopyFileW

CopySid

CouldMultiUserAppsBehaviorBePossibleForPackage

CreateActCtxW

CreateAppContainerToken

CreateBoundaryDescriptorW

CreateConsoleScreenBuffer

CreateDirectoryA

CreateDirectoryExW

CreateDirectoryFromAppW

CreateDirectoryW

CreateEnclave

CreateEventA

CreateEventExA

CreateEventExW

CreateEventW

CreateFiber

CreateFiberEx

CreateFile2

CreateFile2FromAppW

CreateFileA

CreateFileFromAppW

CreateFileMapping2

CreateFileMappingFromApp

CreateFileMappingNumaW

CreateFileMappingW

CreateFileW

CreateHardLinkA

CreateHardLinkW

CreateIoCompletionPort

CreateIoRing

CreateMemoryResourceNotification

CreateMutexA

CreateMutexExA

CreateMutexExW

CreateMutexW

CreateNamedPipeW

CreatePipe

CreatePrivateNamespaceW

CreatePrivateObjectSecurity

CreatePrivateObjectSecurityEx

CreatePrivateObjectSecurityWithMultipleInheritance

CreateProcessA

CreateProcessAsUserA

CreateProcessAsUserW

CreateProcessInternalA

CreateProcessInternalW

CreateProcessW

CreatePseudoConsole

CreatePseudoConsoleAsUser

CreateRemoteThread

CreateRemoteThreadEx

CreateRestrictedToken

CreateSemaphoreExW

CreateSemaphoreW

CreateStateAtom

CreateStateChangeNotification

CreateStateContainer

CreateStateLock

CreateStateSubcontainer

CreateSymbolicLinkW

CreateThread

CreateThreadpool

CreateThreadpoolCleanupGroup

CreateThreadpoolIo

CreateThreadpoolTimer

CreateThreadpoolWait

CreateThreadpoolWork

CreateTimerQueue

CreateTimerQueueTimer

CreateWaitableTimerExW

CreateWaitableTimerW

CreateWellKnownSid

CtrlRoutine

CveEventWrite

DeactivateActCtx

DebugActiveProcess

DebugActiveProcessStop

DebugBreak

DecodePointer

DecodeRemotePointer

DecodeSystemPointer

DefineDosDeviceW

DelayLoadFailureHook

DelayLoadFailureHookLookup

DeleteAce

DeleteBoundaryDescriptor

DeleteCriticalSection

DeleteEnclave

DeleteFiber

DeleteFileA

DeleteFileFromAppW

DeleteFileW

DeletePackageDependency

DeleteProcThreadAttributeList

DeleteStateAtomValue

DeleteStateContainer

DeleteStateContainerValue

DeleteSynchronizationBarrier

DeleteTimerQueue

DeleteTimerQueueEx

DeleteTimerQueueTimer

DeleteVolumeMountPointW

DeriveCapabilitySidsFromName

DestroyPrivateObjectSecurity

DeviceIoControl

DisablePredefinedHandleTableInternal

DisableThreadLibraryCalls

DisassociateCurrentThreadFromCallback

DiscardVirtualMemory

DisconnectNamedPipe

DnsHostnameToComputerNameExW

DsBindWithSpnExW

DsCrackNamesW

DsFreeDomainControllerInfoW

DsFreeNameResultW

DsFreeNgcKey

DsFreePasswordCredentials

DsGetDomainControllerInfoW

DsMakePasswordCredentialsW

DsReadNgcKeyW

DsUnBindW

DsWriteNgcKeyW

DuplicateHandle

DuplicateStateContainerHandle

DuplicateToken

DuplicateTokenEx

EmptyWorkingSet

EnableProcessOptionalXStateFeatures

EncodePointer

EncodeRemotePointer

EncodeSystemPointer

EnterCriticalPolicySectionInternal

EnterCriticalSection

EnterSynchronizationBarrier

EnumCalendarInfoExEx

EnumCalendarInfoExW

EnumCalendarInfoW

EnumDateFormatsExEx

EnumDateFormatsExW

EnumDateFormatsW

EnumDeviceDrivers

EnumDynamicTimeZoneInformation

EnumLanguageGroupLocalesW

EnumPageFilesA

EnumPageFilesW

EnumProcessModules

EnumProcessModulesEx

EnumProcesses

EnumResourceLanguagesExA

EnumResourceLanguagesExW

EnumResourceNamesA

EnumResourceNamesExA

EnumResourceNamesExW

EnumResourceNamesW

EnumResourceTypesExA

EnumResourceTypesExW

EnumSystemCodePagesW

EnumSystemFirmwareTables

EnumSystemGeoID

EnumSystemGeoNames

EnumSystemLanguageGroupsW

EnumSystemLocalesA

EnumSystemLocalesEx

EnumSystemLocalesW

EnumTimeFormatsEx

EnumTimeFormatsW

EnumUILanguagesW

EnumerateExtensionNames

EnumerateStateAtomValues

EnumerateStateContainerItems

EqualDomainSid

EqualPrefixSid

EqualSid

EscapeCommFunction

EventActivityIdControl

EventEnabled

EventProviderEnabled

EventRegister

EventSetInformation

EventUnregister

EventWrite

EventWriteEx

EventWriteString

EventWriteTransfer

ExitProcess

ExitThread

ExpandEnvironmentStringsA

ExpandEnvironmentStringsW

ExpungeConsoleCommandHistoryA

ExpungeConsoleCommandHistoryW

ExtensionProgIdExists

FatalAppExitA

FatalAppExitW

FileTimeToLocalFileTime

FileTimeToSystemTime

FillConsoleOutputAttribute

FillConsoleOutputCharacterA

FillConsoleOutputCharacterW

FindActCtxSectionGuid

FindActCtxSectionStringW

FindClose

FindCloseChangeNotification

FindFirstChangeNotificationA

FindFirstChangeNotificationW

FindFirstFileA

FindFirstFileExA

FindFirstFileExFromAppW

FindFirstFileExW

FindFirstFileNameW

FindFirstFileW

FindFirstFreeAce

FindFirstStreamW

FindFirstVolumeW

FindNLSString

FindNLSStringEx

FindNextChangeNotification

FindNextFileA

FindNextFileNameW

FindNextFileW

FindNextStreamW

FindNextVolumeW

FindPackagesByPackageFamily

FindResourceExW

FindResourceW

FindStringOrdinal

FindVolumeClose

FlsAlloc

FlsFree

FlsGetValue

FlsSetValue

FlushConsoleInputBuffer

FlushFileBuffers

FlushInstructionCache

FlushProcessWriteBuffers

FlushViewOfFile

FoldStringW

ForceSyncFgPolicyInternal

FormatApplicationUserModelId

FormatApplicationUserModelIdA

FormatMessageA

FormatMessageW

FreeConsole

FreeEnvironmentStringsA

FreeEnvironmentStringsW

FreeGPOListInternalA

FreeGPOListInternalW

FreeLibrary

FreeLibraryAndExitThread

FreeLibraryWhenCallbackReturns

FreeResource

FreeSid

FreeUserPhysicalPages

GenerateConsoleCtrlEvent

GenerateGPNotificationInternal

GetACP

GetAcceptLanguagesA

GetAcceptLanguagesW

GetAce

GetAclInformation

GetAdjustObjectAttributesForPrivateNamespaceRoutine

GetAlternatePackageRoots

GetAppContainerAce

GetAppContainerNamedObjectPath

GetAppDataFolder

GetAppModelVersion

GetApplicationRecoveryCallback

GetApplicationRestartSettings

GetApplicationUserModelId

GetApplicationUserModelIdFromToken

GetAppliedGPOListInternalA

GetAppliedGPOListInternalW

GetCPFileNameFromRegistry

GetCPHashNode

GetCPInfo

GetCPInfoExW

GetCachedSigningLevel

GetCalendar

GetCalendarInfoEx

GetCalendarInfoW

GetCommConfig

GetCommMask

GetCommModemStatus

GetCommPorts

GetCommProperties

GetCommState

GetCommTimeouts

GetCommandLineA

GetCommandLineW

GetCompressedFileSizeA

GetCompressedFileSizeW

GetComputerNameExA

GetComputerNameExW

GetConsoleAliasA

GetConsoleAliasExesA

GetConsoleAliasExesLengthA

GetConsoleAliasExesLengthW

GetConsoleAliasExesW

GetConsoleAliasW

GetConsoleAliasesA

GetConsoleAliasesLengthA

GetConsoleAliasesLengthW

GetConsoleAliasesW

GetConsoleCP

GetConsoleCommandHistoryA

GetConsoleCommandHistoryLengthA

GetConsoleCommandHistoryLengthW

GetConsoleCommandHistoryW

GetConsoleCursorInfo

GetConsoleDisplayMode

GetConsoleFontSize

GetConsoleHistoryInfo

GetConsoleInputExeNameA

GetConsoleInputExeNameW

GetConsoleMode

GetConsoleOriginalTitleA

GetConsoleOriginalTitleW

GetConsoleOutputCP

GetConsoleProcessList

GetConsoleScreenBufferInfo

Sections

.text
Size: 2.1MB - Virtual size: 2.1MB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.idata
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.didat
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.reloc
Size: 224KB - Virtual size: 223KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_DISCARDABLE

IMAGE_SCN_MEM_READ

wow64_microsoft-windows-msvcp110_31bf3856ad364e35_10.0.22621.1_none_59a0c10b9934ff9d.manifest

wow64_microsoft-windows-msvcp110_31bf3856ad364e35_10.0.22621.1_none_59a0c10b9934ff9d_msvcp110_win.dll_397cf9b6

.dll windows x86

85f3304f6f3c053f4627806b89adabb8

Code Sign

33:00:00:03:81:a4:c7:63:e7:ad:c5:b4:ee:00:00:00:00:03:81
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

10/03/2022, 19:24 UTC

Not After

08/03/2023, 19:24 UTC

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41 UTC

Not After

19/10/2026, 18:51 UTC

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

c7:10:73:65:21:b7:50:9e:bb:af:cd:c7:6a:85:0b:5a:ff:00:28:a9:81:24:e6:1a:44:ea:c1:d7:1f:bd:52:67
Signer

Actual PE Digest

c7:10:73:65:21:b7:50:9e:bb:af:cd:c7:6a:85:0b:5a:ff:00:28:a9:81:24:e6:1a:44:ea:c1:d7:1f:bd:52:67

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

23/09/2022, 08:23 UTC
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

_fsopen

fclose

fseek

_wfsopen

??0exception@@QAE@ABQBD@Z

??0exception@@QAE@ABV0@@Z

??1exception@@UAE@XZ

?what@exception@@UBEPBDXZ

??0bad_cast@@QAE@PBD@Z

??0bad_cast@@QAE@ABV0@@Z

??1bad_cast@@UAE@XZ

_Getdays

_Getmonths

_Gettnames

_W_Getdays

_W_Getmonths

_W_Gettnames

_CxxThrowException

__CxxFrameHandler3

memmove

sprintf_s

strcspn

_Strftime

_Wcsftime

abort

realloc

setlocale

?_set_new_handler@@YAP6AHI@ZP6AHI@Z@Z

__uncaught_exception

memcpy_s

_CIlog

_lock

_purecall

__iob_func

fputc

fputs

rand_s

??0exception@@QAE@XZ

??0exception@@QAE@ABQBDH@Z

_wcsdup

__crtCompareStringW

__crtCompareStringA

__crtLCMapStringW

__crtLCMapStringA

_wsetlocale

fflush

fgetc

fgetpos

fsetpos

_fseeki64

fwrite

setvbuf

ungetc

fgetwc

fputwc

ungetwc

_callnewh

_XcptFilter

_amsg_exit

_initterm

?terminate@@YAXXZ

__dllonexit

_onexit

??1type_info@@UAE@XZ

_except_handler4_common

malloc

memset

_ismbblead

free

___mb_cur_max_func

memcmp

___lc_collate_cp_func

islower

calloc

___lc_codepage_func

___lc_handle_func

isupper

__pctype_func

btowc

iswctype

memchr

tolower

isalnum

isspace

localeconv

isdigit

memcpy

_CIsqrt

ldexp

_ftol2_sse

_errno

towlower

_unlock

towupper

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter

UnhandledExceptionFilter

api-ms-win-core-localization-l1-2-0

GetLocaleInfoW

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcessId

GetCurrentThreadId

GetCurrentProcess

TerminateProcess

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-string-l1-1-0

WideCharToMultiByte

MultiByteToWideChar

GetStringTypeW

api-ms-win-core-synch-l1-1-0

EnterCriticalSection

LeaveCriticalSection

DeleteCriticalSection

InitializeCriticalSectionEx

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-sysinfo-l1-1-0

GetTickCount

GetSystemTimeAsFileTime

api-ms-win-core-util-l1-1-0

EncodePointer

DecodePointer

Exports

??$_Getvals@_W@?$time_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@IAEX_WABV_Locinfo@1@@Z

??$_Getvals@_W@?$time_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@IAEX_WABV_Locinfo@1@@Z

??$_Getvals@_W@?$time_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@IAEX_WABV_Locinfo@1@@Z

??0?$_Yarn@D@std@@QAE@ABV01@@Z

??0?$_Yarn@D@std@@QAE@PBD@Z

??0?$_Yarn@D@std@@QAE@XZ

??0?$_Yarn@_W@std@@QAE@XZ

??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ

??0?$basic_ios@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z

??0?$basic_ios@GU?$char_traits@G@std@@@std@@IAE@XZ

??0?$basic_ios@GU?$char_traits@G@std@@@std@@QAE@PAV?$basic_streambuf@GU?$char_traits@G@std@@@1@@Z

??0?$basic_ios@_WU?$char_traits@_W@std@@@std@@IAE@XZ

??0?$basic_ios@_WU?$char_traits@_W@std@@@std@@QAE@PAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@@Z

??0?$basic_iostream@DU?$char_traits@D@std@@@std@@IAE@$$QAV01@@Z

??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z

??0?$basic_iostream@GU?$char_traits@G@std@@@std@@IAE@$$QAV01@@Z

??0?$basic_iostream@GU?$char_traits@G@std@@@std@@QAE@PAV?$basic_streambuf@GU?$char_traits@G@std@@@1@@Z

??0?$basic_iostream@_WU?$char_traits@_W@std@@@std@@IAE@$$QAV01@@Z

??0?$basic_iostream@_WU?$char_traits@_W@std@@@std@@QAE@PAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@@Z

??0?$basic_istream@DU?$char_traits@D@std@@@std@@IAE@$$QAV01@@Z

??0?$basic_istream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N1@Z

??0?$basic_istream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z

??0?$basic_istream@DU?$char_traits@D@std@@@std@@QAE@W4_Uninitialized@1@@Z

??0?$basic_istream@GU?$char_traits@G@std@@@std@@IAE@$$QAV01@@Z

??0?$basic_istream@GU?$char_traits@G@std@@@std@@QAE@PAV?$basic_streambuf@GU?$char_traits@G@std@@@1@_N1@Z

??0?$basic_istream@GU?$char_traits@G@std@@@std@@QAE@PAV?$basic_streambuf@GU?$char_traits@G@std@@@1@_N@Z

??0?$basic_istream@GU?$char_traits@G@std@@@std@@QAE@W4_Uninitialized@1@@Z

??0?$basic_istream@_WU?$char_traits@_W@std@@@std@@IAE@$$QAV01@@Z

??0?$basic_istream@_WU?$char_traits@_W@std@@@std@@QAE@PAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@_N1@Z

??0?$basic_istream@_WU?$char_traits@_W@std@@@std@@QAE@PAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@_N@Z

??0?$basic_istream@_WU?$char_traits@_W@std@@@std@@QAE@W4_Uninitialized@1@@Z

??0?$basic_ostream@DU?$char_traits@D@std@@@std@@IAE@$$QAV01@@Z

??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z

??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@W4_Uninitialized@1@_N@Z

??0?$basic_ostream@GU?$char_traits@G@std@@@std@@IAE@$$QAV01@@Z

??0?$basic_ostream@GU?$char_traits@G@std@@@std@@QAE@PAV?$basic_streambuf@GU?$char_traits@G@std@@@1@_N@Z

??0?$basic_ostream@GU?$char_traits@G@std@@@std@@QAE@W4_Uninitialized@1@_N@Z

??0?$basic_ostream@_WU?$char_traits@_W@std@@@std@@IAE@$$QAV01@@Z

??0?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAE@PAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@_N@Z

??0?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAE@W4_Uninitialized@1@_N@Z

??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@ABV01@@Z

??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@W4_Uninitialized@1@@Z

??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ

??0?$basic_streambuf@GU?$char_traits@G@std@@@std@@IAE@ABV01@@Z

??0?$basic_streambuf@GU?$char_traits@G@std@@@std@@IAE@W4_Uninitialized@1@@Z

??0?$basic_streambuf@GU?$char_traits@G@std@@@std@@IAE@XZ

??0?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAE@ABV01@@Z

??0?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAE@W4_Uninitialized@1@@Z

??0?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAE@XZ

??0?$codecvt@DDH@std@@QAE@ABV_Locinfo@1@I@Z

??0?$codecvt@DDH@std@@QAE@I@Z

??0?$codecvt@GDH@std@@QAE@ABV_Locinfo@1@I@Z

??0?$codecvt@GDH@std@@QAE@I@Z

??0?$codecvt@_SDH@std@@QAE@ABV_Locinfo@1@I@Z

??0?$codecvt@_SDH@std@@QAE@ABV_Locinfo@1@KW4_Codecvt_mode@1@I@Z

??0?$codecvt@_SDH@std@@QAE@I@Z

??0?$codecvt@_UDH@std@@QAE@ABV_Locinfo@1@I@Z

??0?$codecvt@_UDH@std@@QAE@ABV_Locinfo@1@KW4_Codecvt_mode@1@I@Z

??0?$codecvt@_UDH@std@@QAE@I@Z

??0?$codecvt@_WDH@std@@QAE@ABV_Locinfo@1@I@Z

??0?$codecvt@_WDH@std@@QAE@I@Z

??0?$ctype@D@std@@QAE@ABV_Locinfo@1@I@Z

??0?$ctype@D@std@@QAE@PBF_NI@Z

??0?$ctype@G@std@@QAE@ABV_Locinfo@1@I@Z

??0?$ctype@G@std@@QAE@I@Z

??0?$ctype@_W@std@@QAE@ABV_Locinfo@1@I@Z

??0?$ctype@_W@std@@QAE@I@Z

??0?$num_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QAE@ABV_Locinfo@1@I@Z

??0?$num_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QAE@I@Z

??0?$num_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QAE@ABV_Locinfo@1@I@Z

??0?$num_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QAE@I@Z

??0?$num_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@QAE@ABV_Locinfo@1@I@Z

??0?$num_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@QAE@I@Z

??0?$num_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QAE@ABV_Locinfo@1@I@Z

??0?$num_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QAE@I@Z

??0?$num_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QAE@ABV_Locinfo@1@I@Z

??0?$num_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QAE@I@Z

??0?$num_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@QAE@ABV_Locinfo@1@I@Z

??0?$num_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@QAE@I@Z

??0?$time_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@IAE@PBDI@Z

??0?$time_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QAE@ABV_Locinfo@1@I@Z

??0?$time_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QAE@I@Z

??0?$time_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@IAE@PBDI@Z

??0?$time_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QAE@ABV_Locinfo@1@I@Z

??0?$time_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QAE@I@Z

??0?$time_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@IAE@PBDI@Z

??0?$time_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@QAE@ABV_Locinfo@1@I@Z

??0?$time_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@QAE@I@Z

??0?$time_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QAE@ABV_Locinfo@1@I@Z

??0?$time_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QAE@I@Z

??0?$time_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@IAE@PBDI@Z

??0?$time_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QAE@ABV_Locinfo@1@I@Z

??0?$time_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QAE@I@Z

??0?$time_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@IAE@PBDI@Z

??0?$time_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@QAE@ABV_Locinfo@1@I@Z

??0?$time_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@QAE@I@Z

??0Init@ios_base@std@@QAE@XZ

??0_Container_base12@std@@QAE@ABU01@@Z

??0_Container_base12@std@@QAE@XZ

??0_Facet_base@std@@QAE@ABV01@@Z

??0_Facet_base@std@@QAE@XZ

??0_Init_locks@std@@QAE@XZ

??0_Locimp@locale@std@@AAE@ABV012@@Z

??0_Locimp@locale@std@@AAE@_N@Z

??0_Locinfo@std@@QAE@HPBD@Z

??0_Locinfo@std@@QAE@PBD@Z

??0_Lockit@std@@QAE@H@Z

??0_Lockit@std@@QAE@XZ

??0_Pad@std@@QAE@ABV01@@Z

??0_Timevec@std@@QAE@ABV01@@Z

??0_Timevec@std@@QAE@PAX@Z

??0_UShinit@std@@QAE@XZ

??0_Winit@std@@QAE@XZ

??0codecvt_base@std@@QAE@I@Z

??0ctype_base@std@@QAE@I@Z

??0facet@locale@std@@IAE@I@Z

??0id@locale@std@@QAE@I@Z

??0ios_base@std@@IAE@XZ

??0time_base@std@@QAE@I@Z

??1?$_Yarn@D@std@@QAE@XZ

??1?$_Yarn@_W@std@@QAE@XZ

??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ

??1?$basic_ios@GU?$char_traits@G@std@@@std@@UAE@XZ

??1?$basic_ios@_WU?$char_traits@_W@std@@@std@@UAE@XZ

??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UAE@XZ

??1?$basic_iostream@GU?$char_traits@G@std@@@std@@UAE@XZ

??1?$basic_iostream@_WU?$char_traits@_W@std@@@std@@UAE@XZ

??1?$basic_istream@DU?$char_traits@D@std@@@std@@UAE@XZ

??1?$basic_istream@GU?$char_traits@G@std@@@std@@UAE@XZ

??1?$basic_istream@_WU?$char_traits@_W@std@@@std@@UAE@XZ

??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ

??1?$basic_ostream@GU?$char_traits@G@std@@@std@@UAE@XZ

??1?$basic_ostream@_WU?$char_traits@_W@std@@@std@@UAE@XZ

??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ

??1?$basic_streambuf@GU?$char_traits@G@std@@@std@@UAE@XZ

??1?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UAE@XZ

??1?$codecvt@DDH@std@@MAE@XZ

??1?$codecvt@GDH@std@@MAE@XZ

??1?$codecvt@_SDH@std@@MAE@XZ

??1?$codecvt@_UDH@std@@MAE@XZ

??1?$codecvt@_WDH@std@@MAE@XZ

??1?$ctype@D@std@@MAE@XZ

??1?$ctype@G@std@@MAE@XZ

??1?$ctype@_W@std@@MAE@XZ

??1?$num_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@MAE@XZ

??1?$num_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@MAE@XZ

??1?$num_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@MAE@XZ

??1?$num_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@MAE@XZ

??1?$num_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@MAE@XZ

??1?$num_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@MAE@XZ

??1?$time_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@MAE@XZ

??1?$time_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@MAE@XZ

??1?$time_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@MAE@XZ

??1?$time_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@MAE@XZ

??1?$time_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@MAE@XZ

??1?$time_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@MAE@XZ

??1Init@ios_base@std@@QAE@XZ

??1_Container_base12@std@@QAE@XZ

??1_Facet_base@std@@UAE@XZ

??1_Init_locks@std@@QAE@XZ

??1_Locimp@locale@std@@MAE@XZ

??1_Locinfo@std@@QAE@XZ

??1_Lockit@std@@QAE@XZ

??1_Timevec@std@@QAE@XZ

??1_UShinit@std@@QAE@XZ

??1_Winit@std@@QAE@XZ

??1codecvt_base@std@@UAE@XZ

??1ctype_base@std@@UAE@XZ

??1facet@locale@std@@MAE@XZ

??1ios_base@std@@UAE@XZ

??1time_base@std@@UAE@XZ

??4?$_Iosb@H@std@@QAEAAV01@$$QAV01@@Z

??4?$_Iosb@H@std@@QAEAAV01@ABV01@@Z

??4?$_Yarn@D@std@@QAEAAV01@ABV01@@Z

??4?$_Yarn@D@std@@QAEAAV01@PBD@Z

??4?$_Yarn@_W@std@@QAEAAV01@PB_W@Z

??4?$basic_iostream@DU?$char_traits@D@std@@@std@@IAEAAV01@$$QAV01@@Z

??4?$basic_iostream@GU?$char_traits@G@std@@@std@@IAEAAV01@$$QAV01@@Z

??4?$basic_iostream@_WU?$char_traits@_W@std@@@std@@IAEAAV01@$$QAV01@@Z

??4?$basic_istream@DU?$char_traits@D@std@@@std@@IAEAAV01@$$QAV01@@Z

??4?$basic_istream@GU?$char_traits@G@std@@@std@@IAEAAV01@$$QAV01@@Z

??4?$basic_istream@_WU?$char_traits@_W@std@@@std@@IAEAAV01@$$QAV01@@Z

??4?$basic_ostream@DU?$char_traits@D@std@@@std@@IAEAAV01@$$QAV01@@Z

??4?$basic_ostream@GU?$char_traits@G@std@@@std@@IAEAAV01@$$QAV01@@Z

??4?$basic_ostream@_WU?$char_traits@_W@std@@@std@@IAEAAV01@$$QAV01@@Z

??4?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEAAV01@ABV01@@Z

??4?$basic_streambuf@GU?$char_traits@G@std@@@std@@IAEAAV01@ABV01@@Z

??4?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAEAAV01@ABV01@@Z

??4Init@ios_base@std@@QAEAAV012@ABV012@@Z

??4_Container_base0@std@@QAEAAU01@$$QAU01@@Z

??4_Container_base0@std@@QAEAAU01@ABU01@@Z

??4_Container_base12@std@@QAEAAU01@ABU01@@Z

??4_Facet_base@std@@QAEAAV01@ABV01@@Z

??4_Init_locks@std@@QAEAAV01@ABV01@@Z

??4_Pad@std@@QAEAAV01@ABV01@@Z

??4_Timevec@std@@QAEAAV01@ABV01@@Z

??4_UShinit@std@@QAEAAV01@ABV01@@Z

??4_Winit@std@@QAEAAV01@ABV01@@Z

??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AAF@Z

??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AAG@Z

??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AAH@Z

??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AAI@Z

??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AAJ@Z

??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AAK@Z

??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AAM@Z

??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AAN@Z

??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AAO@Z

??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AAPAX@Z

??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AA_J@Z

??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AA_K@Z

??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AA_N@Z

??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z

??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV?$basic_ios@DU?$char_traits@D@std@@@1@AAV21@@Z@Z

??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAVios_base@1@AAV21@@Z@Z

??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z

??5?$basic_istream@GU?$char_traits@G@std@@@std@@QAEAAV01@AAF@Z

??5?$basic_istream@GU?$char_traits@G@std@@@std@@QAEAAV01@AAG@Z

??5?$basic_istream@GU?$char_traits@G@std@@@std@@QAEAAV01@AAH@Z

??5?$basic_istream@GU?$char_traits@G@std@@@std@@QAEAAV01@AAI@Z

??5?$basic_istream@GU?$char_traits@G@std@@@std@@QAEAAV01@AAJ@Z

??5?$basic_istream@GU?$char_traits@G@std@@@std@@QAEAAV01@AAK@Z

??5?$basic_istream@GU?$char_traits@G@std@@@std@@QAEAAV01@AAM@Z

??5?$basic_istream@GU?$char_traits@G@std@@@std@@QAEAAV01@AAN@Z

??5?$basic_istream@GU?$char_traits@G@std@@@std@@QAEAAV01@AAO@Z

??5?$basic_istream@GU?$char_traits@G@std@@@std@@QAEAAV01@AAPAX@Z

??5?$basic_istream@GU?$char_traits@G@std@@@std@@QAEAAV01@AA_J@Z

??5?$basic_istream@GU?$char_traits@G@std@@@std@@QAEAAV01@AA_K@Z

??5?$basic_istream@GU?$char_traits@G@std@@@std@@QAEAAV01@AA_N@Z

??5?$basic_istream@GU?$char_traits@G@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z

??5?$basic_istream@GU?$char_traits@G@std@@@std@@QAEAAV01@P6AAAV?$basic_ios@GU?$char_traits@G@std@@@1@AAV21@@Z@Z

??5?$basic_istream@GU?$char_traits@G@std@@@std@@QAEAAV01@P6AAAVios_base@1@AAV21@@Z@Z

??5?$basic_istream@GU?$char_traits@G@std@@@std@@QAEAAV01@PAV?$basic_streambuf@GU?$char_traits@G@std@@@1@@Z

??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@AAF@Z

??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@AAG@Z

??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@AAH@Z

??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@AAI@Z

??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@AAJ@Z

??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@AAK@Z

??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@AAM@Z

??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@AAN@Z

??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@AAO@Z

??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@AAPAX@Z

??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@AA_J@Z

??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@AA_K@Z

??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@AA_N@Z

??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z

??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@P6AAAV?$basic_ios@_WU?$char_traits@_W@std@@@1@AAV21@@Z@Z

??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@P6AAAVios_base@1@AAV21@@Z@Z

??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@PAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@@Z

??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@F@Z

??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@G@Z

??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@H@Z

??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@I@Z

??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@J@Z

??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@K@Z

??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@M@Z

??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@N@Z

??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@O@Z

??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z

??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV?$basic_ios@DU?$char_traits@D@std@@@1@AAV21@@Z@Z

??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAVios_base@1@AAV21@@Z@Z

??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z

??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@PBX@Z

??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@_J@Z

??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@_K@Z

??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@_N@Z

??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEAAV01@F@Z

??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEAAV01@G@Z

??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEAAV01@H@Z

??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEAAV01@I@Z

??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEAAV01@J@Z

??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEAAV01@K@Z

??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEAAV01@M@Z

??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEAAV01@N@Z

??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEAAV01@O@Z

??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z

??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEAAV01@P6AAAV?$basic_ios@GU?$char_traits@G@std@@@1@AAV21@@Z@Z

??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEAAV01@P6AAAVios_base@1@AAV21@@Z@Z

??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEAAV01@PAV?$basic_streambuf@GU?$char_traits@G@std@@@1@@Z

??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEAAV01@PBX@Z

??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEAAV01@_J@Z

??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEAAV01@_K@Z

??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEAAV01@_N@Z

??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@F@Z

??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@G@Z

??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@H@Z

??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@I@Z

??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@J@Z

??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@K@Z

??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@M@Z

??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@N@Z

??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@O@Z

??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z

??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@P6AAAV?$basic_ios@_WU?$char_traits@_W@std@@@1@AAV21@@Z@Z

??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@P6AAAVios_base@1@AAV21@@Z@Z

??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@PAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@@Z

??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@PBX@Z

??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@_J@Z

??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@_K@Z

??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@_N@Z

??7ios_base@std@@QBE_NXZ

??Bid@locale@std@@QAEIXZ

??Bios_base@std@@QBEPAXXZ

??_7?$basic_ios@DU?$char_traits@D@std@@@std@@6B@

??_7?$basic_ios@GU?$char_traits@G@std@@@std@@6B@

??_7?$basic_ios@_WU?$char_traits@_W@std@@@std@@6B@

??_7?$basic_iostream@DU?$char_traits@D@std@@@std@@6B@

??_7?$basic_iostream@GU?$char_traits@G@std@@@std@@6B@

??_7?$basic_iostream@_WU?$char_traits@_W@std@@@std@@6B@

??_7?$basic_istream@DU?$char_traits@D@std@@@std@@6B@

??_7?$basic_istream@GU?$char_traits@G@std@@@std@@6B@

??_7?$basic_istream@_WU?$char_traits@_W@std@@@std@@6B@

??_7?$basic_ostream@DU?$char_traits@D@std@@@std@@6B@

??_7?$basic_ostream@GU?$char_traits@G@std@@@std@@6B@

??_7?$basic_ostream@_WU?$char_traits@_W@std@@@std@@6B@

??_7?$basic_streambuf@DU?$char_traits@D@std@@@std@@6B@

??_7?$basic_streambuf@GU?$char_traits@G@std@@@std@@6B@

??_7?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@6B@

??_7?$codecvt@DDH@std@@6B@

??_7?$codecvt@GDH@std@@6B@

??_7?$codecvt@_SDH@std@@6B@

??_7?$codecvt@_UDH@std@@6B@

??_7?$codecvt@_WDH@std@@6B@

??_7?$ctype@D@std@@6B@

??_7?$ctype@G@std@@6B@

??_7?$ctype@_W@std@@6B@

??_7?$num_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@6B@

??_7?$num_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@6B@

??_7?$num_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@6B@

??_7?$num_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@6B@

??_7?$num_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@6B@

??_7?$num_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@6B@

??_7?$time_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@6B@

??_7?$time_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@6B@

??_7?$time_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@6B@

??_7?$time_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@6B@

??_7?$time_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@6B@

??_7?$time_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@6B@

??_7_Facet_base@std@@6B@

??_7_Locimp@locale@std@@6B@

??_7_Pad@std@@6B@

??_7codecvt_base@std@@6B@

??_7ctype_base@std@@6B@

??_7facet@locale@std@@6B@

??_7ios_base@std@@6B@

??_7time_base@std@@6B@

??_8?$basic_iostream@DU?$char_traits@D@std@@@std@@7B?$basic_istream@DU?$char_traits@D@std@@@1@@

??_8?$basic_iostream@DU?$char_traits@D@std@@@std@@7B?$basic_ostream@DU?$char_traits@D@std@@@1@@

??_8?$basic_iostream@GU?$char_traits@G@std@@@std@@7B?$basic_istream@GU?$char_traits@G@std@@@1@@

??_8?$basic_iostream@GU?$char_traits@G@std@@@std@@7B?$basic_ostream@GU?$char_traits@G@std@@@1@@

??_8?$basic_iostream@_WU?$char_traits@_W@std@@@std@@7B?$basic_istream@_WU?$char_traits@_W@std@@@1@@

??_8?$basic_iostream@_WU?$char_traits@_W@std@@@std@@7B?$basic_ostream@_WU?$char_traits@_W@std@@@1@@

??_8?$basic_istream@DU?$char_traits@D@std@@@std@@7B@

??_8?$basic_istream@GU?$char_traits@G@std@@@std@@7B@

??_8?$basic_istream@_WU?$char_traits@_W@std@@@std@@7B@

??_8?$basic_ostream@DU?$char_traits@D@std@@@std@@7B@

??_8?$basic_ostream@GU?$char_traits@G@std@@@std@@7B@

??_8?$basic_ostream@_WU?$char_traits@_W@std@@@std@@7B@

??_D?$basic_iostream@DU?$char_traits@D@std@@@std@@QAEXXZ

??_D?$basic_iostream@GU?$char_traits@G@std@@@std@@QAEXXZ

??_D?$basic_iostream@_WU?$char_traits@_W@std@@@std@@QAEXXZ

??_D?$basic_istream@DU?$char_traits@D@std@@@std@@QAEXXZ

??_D?$basic_istream@GU?$char_traits@G@std@@@std@@QAEXXZ

??_D?$basic_istream@_WU?$char_traits@_W@std@@@std@@QAEXXZ

??_D?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ

??_D?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEXXZ

??_D?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEXXZ

??_F?$codecvt@DDH@std@@QAEXXZ

??_F?$codecvt@GDH@std@@QAEXXZ

??_F?$codecvt@_SDH@std@@QAEXXZ

??_F?$codecvt@_UDH@std@@QAEXXZ

??_F?$codecvt@_WDH@std@@QAEXXZ

??_F?$ctype@D@std@@QAEXXZ

??_F?$ctype@G@std@@QAEXXZ

??_F?$ctype@_W@std@@QAEXXZ

??_F?$num_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QAEXXZ

??_F?$num_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QAEXXZ

??_F?$num_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@QAEXXZ

??_F?$num_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QAEXXZ

??_F?$num_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QAEXXZ

??_F?$num_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@QAEXXZ

??_F?$time_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QAEXXZ

??_F?$time_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QAEXXZ

??_F?$time_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@QAEXXZ

??_F?$time_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QAEXXZ

??_F?$time_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QAEXXZ

??_F?$time_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@QAEXXZ

??_F_Locinfo@std@@QAEXXZ

??_F_Timevec@std@@QAEXXZ

??_Fcodecvt_base@std@@QAEXXZ

??_Fctype_base@std@@QAEXXZ

??_Ffacet@locale@std@@QAEXXZ

??_Fid@locale@std@@QAEXXZ

??_Ftime_base@std@@QAEXXZ

?_10@placeholders@std@@3V?$_Ph@$09@2@A

?_11@placeholders@std@@3V?$_Ph@$0L@@2@A

?_12@placeholders@std@@3V?$_Ph@$0M@@2@A

?_13@placeholders@std@@3V?$_Ph@$0N@@2@A

?_14@placeholders@std@@3V?$_Ph@$0O@@2@A

?_15@placeholders@std@@3V?$_Ph@$0P@@2@A

?_16@placeholders@std@@3V?$_Ph@$0BA@@2@A

?_17@placeholders@std@@3V?$_Ph@$0BB@@2@A

?_18@placeholders@std@@3V?$_Ph@$0BC@@2@A

?_19@placeholders@std@@3V?$_Ph@$0BD@@2@A

?_1@placeholders@std@@3V?$_Ph@$00@2@A

?_20@placeholders@std@@3V?$_Ph@$0BE@@2@A

?_2@placeholders@std@@3V?$_Ph@$01@2@A

?_3@placeholders@std@@3V?$_Ph@$02@2@A

?_4@placeholders@std@@3V?$_Ph@$03@2@A

?_5@placeholders@std@@3V?$_Ph@$04@2@A

?_6@placeholders@std@@3V?$_Ph@$05@2@A

?_7@placeholders@std@@3V?$_Ph@$06@2@A

?_8@placeholders@std@@3V?$_Ph@$07@2@A

?_9@placeholders@std@@3V?$_Ph@$08@2@A

?_Add_vtordisp1@?$basic_ios@DU?$char_traits@D@std@@@std@@UAEXXZ

?_Add_vtordisp1@?$basic_ios@GU?$char_traits@G@std@@@std@@UAEXXZ

?_Add_vtordisp1@?$basic_ios@_WU?$char_traits@_W@std@@@std@@UAEXXZ

?_Add_vtordisp1@?$basic_istream@DU?$char_traits@D@std@@@std@@UAEXXZ

?_Add_vtordisp1@?$basic_istream@GU?$char_traits@G@std@@@std@@UAEXXZ

?_Add_vtordisp1@?$basic_istream@_WU?$char_traits@_W@std@@@std@@UAEXXZ

?_Add_vtordisp2@?$basic_ios@DU?$char_traits@D@std@@@std@@UAEXXZ

?_Add_vtordisp2@?$basic_ios@GU?$char_traits@G@std@@@std@@UAEXXZ

?_Add_vtordisp2@?$basic_ios@_WU?$char_traits@_W@std@@@std@@UAEXXZ

?_Add_vtordisp2@?$basic_ostream@DU?$char_traits@D@std@@@std@@UAEXXZ

?_Add_vtordisp2@?$basic_ostream@GU?$char_traits@G@std@@@std@@UAEXXZ

?_Add_vtordisp2@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@UAEXXZ

?_Addcats@_Locinfo@std@@QAEAAV12@HPBD@Z

?_Addfac@_Locimp@locale@std@@AAEXPAVfacet@23@I@Z

?_Addstd@ios_base@std@@SAXPAV12@@Z

?_Atexit@@YAXP6AXXZ@Z

?_BADOFF@std@@3_JB

?_C_str@?$_Yarn@D@std@@QBEPBDXZ

?_C_str@?$_Yarn@_W@std@@QBEPB_WXZ

?_Callfns@ios_base@std@@AAEXW4event@12@@Z

?_Clocptr@_Locimp@locale@std@@0PAV123@A

?_Decref@facet@locale@std@@UAEPAV_Facet_base@3@XZ

?_Donarrow@?$ctype@G@std@@IBEDGD@Z

?_Donarrow@?$ctype@_W@std@@IBED_WD@Z

?_Dowiden@?$ctype@G@std@@IBEGD@Z

?_Dowiden@?$ctype@_W@std@@IBE_WD@Z

?_Empty@?$_Yarn@D@std@@QBE_NXZ

?_Empty@?$_Yarn@_W@std@@QBE_NXZ

?_Ffmt@?$num_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@ABAPADPADDH@Z

?_Ffmt@?$num_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@ABAPADPADDH@Z

?_Ffmt@?$num_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@ABAPADPADDH@Z

?_Findarr@ios_base@std@@AAEAAU_Iosarray@12@H@Z

?_Fiopen@std@@YAPAU_iobuf@@PBDHH@Z

?_Fiopen@std@@YAPAU_iobuf@@PBGHH@Z

?_Fiopen@std@@YAPAU_iobuf@@PB_WHH@Z

?_Fput@?$num_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@ABA?AV?$ostreambuf_iterator@DU?$char_traits@D@std@@@2@V32@AAVios_base@2@DPBDIIII@Z

?_Fput@?$num_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@ABA?AV?$ostreambuf_iterator@GU?$char_traits@G@std@@@2@V32@AAVios_base@2@GPBDIIII@Z

?_Fput@?$num_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@ABA?AV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@2@V32@AAVios_base@2@_WPBDIIII@Z

?_Getcat@?$codecvt@DDH@std@@SAIPAPBVfacet@locale@2@PBV42@@Z

?_Getcat@?$codecvt@GDH@std@@SAIPAPBVfacet@locale@2@PBV42@@Z

?_Getcat@?$codecvt@_SDH@std@@SAIPAPBVfacet@locale@2@PBV42@@Z

?_Getcat@?$codecvt@_UDH@std@@SAIPAPBVfacet@locale@2@PBV42@@Z

?_Getcat@?$codecvt@_WDH@std@@SAIPAPBVfacet@locale@2@PBV42@@Z

?_Getcat@?$ctype@D@std@@SAIPAPBVfacet@locale@2@PBV42@@Z

?_Getcat@?$ctype@G@std@@SAIPAPBVfacet@locale@2@PBV42@@Z

?_Getcat@?$ctype@_W@std@@SAIPAPBVfacet@locale@2@PBV42@@Z

?_Getcat@?$num_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z

?_Getcat@?$num_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z

?_Getcat@?$num_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z

?_Getcat@?$num_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z

?_Getcat@?$num_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z

?_Getcat@?$num_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z

?_Getcat@?$time_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z

?_Getcat@?$time_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z

?_Getcat@?$time_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z

?_Getcat@?$time_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z

?_Getcat@?$time_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z

?_Getcat@?$time_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z

?_Getcat@facet@locale@std@@SAIPAPBV123@PBV23@@Z

?_Getcoll@_Locinfo@std@@QBE?AU_Collvec@@XZ

?_Getctype@_Locinfo@std@@QBE?AU_Ctypevec@@XZ

?_Getcvt@_Locinfo@std@@QBE?AU_Cvtvec@@XZ

?_Getdateorder@_Locinfo@std@@QBEHXZ

?_Getdays@_Locinfo@std@@QBEPBDXZ

?_Getfalse@_Locinfo@std@@QBEPBDXZ

?_Getffld@?$num_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@ABAHPADAAV?$istreambuf_iterator@DU?$char_traits@D@std@@@2@1AAVios_base@2@PAH@Z

?_Getffld@?$num_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@ABAHPADAAV?$istreambuf_iterator@GU?$char_traits@G@std@@@2@1AAVios_base@2@PAH@Z

?_Getffld@?$num_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@ABAHPADAAV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@2@1AAVios_base@2@PAH@Z

?_Getffldx@?$num_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@ABAHPADAAV?$istreambuf_iterator@DU?$char_traits@D@std@@@2@1AAVios_base@2@PAH@Z

?_Getffldx@?$num_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@ABAHPADAAV?$istreambuf_iterator@GU?$char_traits@G@std@@@2@1AAVios_base@2@PAH@Z

?_Getffldx@?$num_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@ABAHPADAAV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@2@1AAVios_base@2@PAH@Z

?_Getfmt@?$time_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@IBE?AV?$istreambuf_iterator@DU?$char_traits@D@std@@@2@V32@0AAVios_base@2@AAHPAUtm@@PBD@Z

?_Getfmt@?$time_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@IBE?AV?$istreambuf_iterator@GU?$char_traits@G@std@@@2@V32@0AAVios_base@2@AAHPAUtm@@PBD@Z

?_Getfmt@?$time_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@IBE?AV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@2@V32@0AAVios_base@2@AAHPAUtm@@PBD@Z

?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ

?_Getifld@?$num_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@ABAHPADAAV?$istreambuf_iterator@DU?$char_traits@D@std@@@2@1HABVlocale@2@@Z

?_Getifld@?$num_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@ABAHPADAAV?$istreambuf_iterator@GU?$char_traits@G@std@@@2@1HABVlocale@2@@Z

?_Getifld@?$num_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@ABAHPADAAV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@2@1HABVlocale@2@@Z

?_Getint@?$time_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@ABAHAAV?$istreambuf_iterator@DU?$char_traits@D@std@@@2@0HHAAHABV?$ctype@D@2@@Z

?_Getint@?$time_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@ABAHAAV?$istreambuf_iterator@GU?$char_traits@G@std@@@2@0HHAAHABV?$ctype@G@2@@Z

?_Getint@?$time_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@ABAHAAV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@2@0HHAAHABV?$ctype@_W@2@@Z

?_Getlconv@_Locinfo@std@@QBEPBUlconv@@XZ

?_Getmonths@_Locinfo@std@@QBEPBDXZ

?_Getname@_Locinfo@std@@QBEPBDXZ

?_Getpfirst@_Container_base12@std@@QBEPAPAU_Iterator_base12@2@XZ

?_Getptr@_Timevec@std@@QBEPAXXZ

Sections

.text
Size: 372KB - Virtual size: 371KB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_DISCARDABLE

IMAGE_SCN_MEM_READ

wow64_microsoft-windows-s..ertificates-utility_31bf3856ad364e35_10.0.22621.1_none_f4e8223852c8cdb8.manifest

wow64_microsoft-windows-s..ertificates-utility_31bf3856ad364e35_10.0.22621.1_none_f4e8223852c8cdb8_fvecerts.dll_cca35228

.dll windows x86

57716a8496262b71ab5a784925eba939

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

_XcptFilter

memcpy

memcmp

_except_handler4_common

_initterm

malloc

free

_amsg_exit

memset

crypt32

CertFindCertificateInStore

CryptMsgClose

CryptMsgGetParam

CryptMsgUpdate

CryptMsgOpenToEncode

CertSetCertificateContextProperty

CertCreateSelfSignCertificate

CertStrToNameW

CertFreeCertificateChainList

CertAddCertificateLinkToStore

CryptImportPublicKeyInfoEx2

CertSelectCertificateChains

CertFreeCertificateChain

CryptAcquireCertificatePrivateKey

CertGetCertificateChain

CertGetIntendedKeyUsage

CertGetCertificateContextProperty

CryptStringToBinaryW

CryptQueryObject

PFXExportCertStoreEx

CertAddCertificateContextToStore

CertOpenStore

CertCloseStore

PFXIsPFXBlob

PFXImportCertStore

CertEnumCertificatesInStore

CertFreeCertificateContext

api-ms-win-core-errorhandling-l1-1-0

GetLastError

SetUnhandledExceptionFilter

UnhandledExceptionFilter

api-ms-win-core-registry-l1-1-0

RegGetValueW

RegGetValueA

api-ms-win-core-string-l1-1-0

WideCharToMultiByte

api-ms-win-core-heap-l1-1-0

HeapSize

HeapAlloc

GetProcessHeap

HeapFree

api-ms-win-core-file-l1-1-0

CreateFileW

SetFileAttributesW

ReadFile

GetFileType

GetFileSizeEx

WriteFile

CreateDirectoryW

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-processthreads-l1-1-0

GetCurrentThreadId

TerminateProcess

GetCurrentProcessId

GetCurrentProcess

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime

GetTickCount

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

FveCertCanCertificateBeAdded

FveCertCreateCertInfo

FveCertCreateSelfSignedCertificate

FveCertFilterForValidCertificates

FveCertFindValidCertificates

FveCertFreeCertInfo

FveCertGetCertContextFromCert

FveCertGetCertContextFromPfx

FveCertGetCertHashFromCertContext

FveCertGetPrivateKeyHandle

FveCertGetPublicKeyHandle

FveCertIsAlternateCert

FveCertIsValidCertInfo

FveCertSignData

FveCertWritePfxFromCertContext

Sections

.text
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 992B

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 72B

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 844B

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_DISCARDABLE

IMAGE_SCN_MEM_READ

wow64_microsoft-windows-s..ty-kerbclientshared_31bf3856ad364e35_10.0.22621.1_none_4de328b5e40e3f59.manifest

Sharing

General

Malware Config

Signatures

Files

Code Sign

33:00:00:03:3c:89:c6:6a:7b:45:bb:1f:bd:00:00:00:00:03:3cCertificate

Extended Key Usages

61:07:76:56:00:00:00:00:00:08Certificate

Key Usages

29:2c:1d:45:ad:1d:a2:e8:dd:c3:7c:ce:4e:38:90:00:91:68:1f:1b:1c:0f:07:33:4d:46:81:13:0b:f5:d0:a3Signer

Signature Validations

Verification

23/09/2022, 08:23 UTC Valid: false

Headers

DLL Characteristics

File Characteristics

Sections

.rsrc Size: 35KB - Virtual size: 36KB

Code Sign

33:00:00:03:3b:65:5f:ae:fa:db:75:e9:d6:00:00:00:00:03:3bCertificate

Extended Key Usages

61:07:76:56:00:00:00:00:00:08Certificate

Key Usages

17:d0:94:2c:29:6c:22:39:fa:6e:03:b4:2c:59:f8:52:eb:68:a5:e5:03:68:c1:08:ed:1b:62:db:ec:8e:5b:0fSigner

Signature Validations

Verification

23/09/2022, 08:23 UTC Valid: false

Headers

DLL Characteristics

File Characteristics

Sections

.rsrc Size: 35KB - Virtual size: 36KB

Code Sign

33:00:00:03:3c:89:c6:6a:7b:45:bb:1f:bd:00:00:00:00:03:3cCertificate

Extended Key Usages

61:07:76:56:00:00:00:00:00:08Certificate

Key Usages

e3:67:3d:fc:3f:b2:9f:2e:74:18:f8:b4:64:a7:73:c3:50:a8:ea:f2:50:ee:0b:30:3c:4c:82:a2:be:7a:ef:6cSigner

Signature Validations

Verification

23/09/2022, 08:23 UTC Valid: false

Headers

DLL Characteristics

File Characteristics

Sections

.rsrc Size: 35KB - Virtual size: 36KB

Code Sign

33:00:00:03:3c:89:c6:6a:7b:45:bb:1f:bd:00:00:00:00:03:3cCertificate

Extended Key Usages

61:07:76:56:00:00:00:00:00:08Certificate

Key Usages

e4:1b:81:b5:de:0f:17:4b:9c:93:30:ce:7c:bb:3d:8b:65:fb:c6:4d:ce:1c:39:56:51:45:aa:42:bf:0f:30:48Signer

Signature Validations

Verification

23/09/2022, 08:23 UTC Valid: false

Headers

DLL Characteristics

File Characteristics

Sections

.rsrc Size: 32KB - Virtual size: 36KB

Code Sign

33:00:00:03:3c:89:c6:6a:7b:45:bb:1f:bd:00:00:00:00:03:3cCertificate

Extended Key Usages

61:07:76:56:00:00:00:00:00:08Certificate

Key Usages

3a:da:10:cf:2e:8f:ca:42:70:94:f3:5f:7b:93:d1:df:dd:c5:2c:3c:64:3d:e9:eb:d5:d8:1e:bf:06:07:6d:92Signer

Signature Validations

Verification

23/09/2022, 08:23 UTC Valid: false

Headers

DLL Characteristics

File Characteristics

Sections

.rsrc Size: 32KB - Virtual size: 36KB

Code Sign

33:00:00:03:3c:89:c6:6a:7b:45:bb:1f:bd:00:00:00:00:03:3cCertificate

Extended Key Usages

61:07:76:56:00:00:00:00:00:08Certificate

Key Usages

33:00:00:03:3c:89:c6:6a:7b:45:bb:1f:bd:00:00:00:00:03:3c
Certificate

61:07:76:56:00:00:00:00:00:08
Certificate

29:2c:1d:45:ad:1d:a2:e8:dd:c3:7c:ce:4e:38:90:00:91:68:1f:1b:1c:0f:07:33:4d:46:81:13:0b:f5:d0:a3
Signer

23/09/2022, 08:23 UTC
Valid: false

.rsrc
Size: 35KB - Virtual size: 36KB

33:00:00:03:3b:65:5f:ae:fa:db:75:e9:d6:00:00:00:00:03:3b
Certificate

61:07:76:56:00:00:00:00:00:08
Certificate

17:d0:94:2c:29:6c:22:39:fa:6e:03:b4:2c:59:f8:52:eb:68:a5:e5:03:68:c1:08:ed:1b:62:db:ec:8e:5b:0f
Signer

23/09/2022, 08:23 UTC
Valid: false

.rsrc
Size: 35KB - Virtual size: 36KB

33:00:00:03:3c:89:c6:6a:7b:45:bb:1f:bd:00:00:00:00:03:3c
Certificate

61:07:76:56:00:00:00:00:00:08
Certificate

e3:67:3d:fc:3f:b2:9f:2e:74:18:f8:b4:64:a7:73:c3:50:a8:ea:f2:50:ee:0b:30:3c:4c:82:a2:be:7a:ef:6c
Signer

23/09/2022, 08:23 UTC
Valid: false

.rsrc
Size: 35KB - Virtual size: 36KB

33:00:00:03:3c:89:c6:6a:7b:45:bb:1f:bd:00:00:00:00:03:3c
Certificate

61:07:76:56:00:00:00:00:00:08
Certificate

e4:1b:81:b5:de:0f:17:4b:9c:93:30:ce:7c:bb:3d:8b:65:fb:c6:4d:ce:1c:39:56:51:45:aa:42:bf:0f:30:48
Signer

23/09/2022, 08:23 UTC
Valid: false

.rsrc
Size: 32KB - Virtual size: 36KB

33:00:00:03:3c:89:c6:6a:7b:45:bb:1f:bd:00:00:00:00:03:3c
Certificate

61:07:76:56:00:00:00:00:00:08
Certificate

3a:da:10:cf:2e:8f:ca:42:70:94:f3:5f:7b:93:d1:df:dd:c5:2c:3c:64:3d:e9:eb:d5:d8:1e:bf:06:07:6d:92
Signer

23/09/2022, 08:23 UTC
Valid: false

.rsrc
Size: 32KB - Virtual size: 36KB

33:00:00:03:3c:89:c6:6a:7b:45:bb:1f:bd:00:00:00:00:03:3c
Certificate

61:07:76:56:00:00:00:00:00:08
Certificate

02:7e:11:c6:20:11:65:4f:2c:5f:b4:55:f7:d8:5d:35:80:52:41:3b:7d:0f:e4:cb:ff:c9:46:ed:87:fd:a5:56
Signer

23/09/2022, 08:23 UTC
Valid: false

.text
Size: 869KB - Virtual size: 868KB

.rdata
Size: 82KB - Virtual size: 81KB

.data
Size: 5KB - Virtual size: 291KB

.rsrc
Size: 35KB - Virtual size: 35KB

.reloc
Size: 25KB - Virtual size: 25KB

33:00:00:03:81:a4:c7:63:e7:ad:c5:b4:ee:00:00:00:00:03:81
Certificate

61:07:76:56:00:00:00:00:00:08
Certificate

bc:dd:9b:55:fe:91:55:51:38:ce:db:60:68:fc:02:3f:3f:18:6b:67:e1:f1:50:13:a4:e9:65:59:b5:af:17:34
Signer

23/09/2022, 08:23 UTC
Valid: false

.text
Size: 362KB - Virtual size: 362KB

.data
Size: 512B - Virtual size: 1KB

.idata
Size: 2KB - Virtual size: 2KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 8KB - Virtual size: 8KB

33:00:00:03:81:a4:c7:63:e7:ad:c5:b4:ee:00:00:00:00:03:81
Certificate

61:07:76:56:00:00:00:00:00:08
Certificate

05:70:29:45:47:e6:a8:bc:15:cb:d6:93:3a:5f:61:74:b0:99:d0:8a:f9:f5:25:f3:a2:5f:2c:59:8f:da:1e:2d
Signer

23/09/2022, 08:23 UTC
Valid: false