303bf634d39565a251e352c1086c084f[.]bin

Sharing

Copy URL

Twitter E-mail

General

Target

303bf634d39565a251e352c1086c084f.bin
Size

9.1MB
MD5

303bf634d39565a251e352c1086c084f
SHA1

ebd4b24e4657ec556d7599501ce95338d999cbc9
SHA256

f07bf397abd8b6bed01b838c3f332319c997f810ee5ec5087e761f1ccc39641a
SHA512

5276831361ea21b4f53eda4749a60dd47c4a0cfbf06d7cb9286dd41d979fef6cbd229b2d08e79cd1f52a4f8508ae157a262694f68c04632ca72742156f4c7edd
SSDEEP

196608:E4z+50GHgOyJK3MivnPgo+kSbXrM8I5+MB+OZdg89:EGU0GAY/ToTATnRZdv

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Libs/Extreme.Net.dll

Files

303bf634d39565a251e352c1086c084f.bin
.zip

Password: infected
Libs/Extreme.Net.dll
.dll windows:4 windows x86 arch:x86

Password: infected

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

mscoree

_CorDllMain

Sections

.text
Size: 118KB - Virtual size: 118KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Libs/Injecting.dll
.dll windows:6 windows x64 arch:x64

Password: infected

489e398f49ceeda3418bb4d259205037

Code Sign

04:e1:80:52:e9:b5:5c:1f:0a:83:7a:3e:c2:3b:e7:50
Certificate

Issuer

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

13-01-2020 00:00

Not After

20-01-2021 12:00

Subject

SERIALNUMBER=6543638,CN=Krisp Technologies\, Inc,O=Krisp Technologies\, Inc,L=Berkeley,ST=California,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130844656c6177617265,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

Issuer

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22-10-2014 00:00

Not After

22-10-2024 00:00

Subject

CN=DigiCert Timestamp Responder,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

18-04-2012 12:00

Not After

18-04-2027 12:00

Subject

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10-11-2006 00:00

Not After

10-11-2021 00:00

Subject

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageEmailProtection
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

8a:67:17:5d:b0:0a:7d:67:d4:30:8d:ac:17:2f:87:8b:ad:30:c1:1d:d0:e9:dc:ef:17:89:ba:a3:56:85:f8:bd
Signer

Actual PE Digest

8a:67:17:5d:b0:0a:7d:67:d4:30:8d:ac:17:2f:87:8b:ad:30:c1:1d:d0:e9:dc:ef:17:89:ba:a3:56:85:f8:bd

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

winmm

timeGetTime

kernel32

InitializeSListHead
DebugBreak
GetLastError
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
GetCurrentThreadId
GetStdHandle
WriteFile
IsDebuggerPresent
OutputDebugStringA
FormatMessageA
RaiseException
GetProcAddress
CloseHandle
SetEvent
ResetEvent
SetLastError
WideCharToMultiByte
InitializeCriticalSectionAndSpinCount
CreateEventW
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
GetModuleHandleW
WaitForSingleObjectEx
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetStartupInfoW
RtlPcToFileHeader
RtlUnwindEx
InterlockedFlushSList
EncodePointer
FreeLibrary
LoadLibraryExW
ExitProcess
GetModuleHandleExW
GetModuleFileNameW
HeapAlloc
HeapFree
LCMapStringW
GetFileType
FlushFileBuffers
GetConsoleCP
GetConsoleMode
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
MultiByteToWideChar
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetProcessHeap
SetStdHandle
SetFilePointerEx
GetFileSizeEx
GetStringTypeW
CreateFileW
HeapSize
HeapReAlloc
WriteConsoleW

Exports

Exports

??0AEC@krips_aec@@QEAA@AEBV01@@Z
??0AEC@krips_aec@@QEAA@XZ
??1AEC@krips_aec@@UEAA@XZ
??4AEC@krips_aec@@QEAAAEAV01@AEBV01@@Z
??_7AEC@krips_aec@@6B@
?create@AEC@krips_aec@@SAPEAV12@AEBUConfig@12@@Z
?create@AEC@krips_aec@@SAPEAV12@XZ
?kChunkSizeMs@AEC@krips_aec@@2HB

Sections

.text
Size: 358KB - Virtual size: 358KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 113KB - Virtual size: 113KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Libs/libEGL.dll
.dll windows:6 windows x86 arch:x86

Password: infected

a44c6eed545a636cf24d9bf63188ef0c

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29-04-2021 00:00

Not After

28-04-2036 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:d7:d0:4b:42:84:68:84:7f:bb:6a:50:d3:70:6d:1c
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

02-06-2021 00:00

Not After

06-06-2022 23:59

Subject

SERIALNUMBER=HBA 722586,CN=Avira Operations GmbH & Co. KG,OU=Engineering Services,O=Avira Operations GmbH & Co. KG,L=Tettnang,ST=Baden-Württemberg,C=DE,1.3.6.1.4.1.311.60.2.1.1=#1303556c6d,1.3.6.1.4.1.311.60.2.1.2=#0c12426164656e2d57c3bc727474656d62657267,1.3.6.1.4.1.311.60.2.1.3=#13024445,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

38:63:de:f8
Certificate

Issuer

CN=Entrust.net Certification Authority (2048),OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.)+OU=(c) 1999 Entrust.net Limited,O=Entrust.net

Not Before

24-12-1999 17:50

Not After

24-07-2029 14:15

Subject

CN=Entrust.net Certification Authority (2048),OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.)+OU=(c) 1999 Entrust.net Limited,O=Entrust.net

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

58:da:13:ff:00:00:00:00:51:ce:0d:f7
Certificate

Issuer

CN=Entrust.net Certification Authority (2048),OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.)+OU=(c) 1999 Entrust.net Limited,O=Entrust.net

Not Before

22-07-2015 19:02

Not After

22-06-2029 19:32

Subject

CN=Entrust Timestamping CA - TS1,OU=See www.entrust.net/legal-terms+OU=(c) 2015 Entrust\, Inc. - for authorized use only,O=Entrust\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

8d:ce:15:f3:a7:94:c5:87:00:00:00:00:55:92:33:f4
Certificate

Issuer

CN=Entrust Timestamping CA - TS1,OU=See www.entrust.net/legal-terms+OU=(c) 2015 Entrust\, Inc. - for authorized use only,O=Entrust\, Inc.,C=US

Not Before

22-07-2020 15:33

Not After

29-12-2030 16:29

Subject

CN=Entrust Timestamp Authority - TSA1,O=Entrust\, Inc.,L=Ottawa,ST=Ontario,C=CA

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

24:d0:8c:30:f1:40:a5:a2:e9:c1:1c:32:60:a5:fd:f1:5c:98:8d:d7:02:e0:b2:3e:cb:0a:38:a6:df:c4:87:84
Signer

Actual PE Digest

24:d0:8c:30:f1:40:a5:a2:e9:c1:1c:32:60:a5:fd:f1:5c:98:8d:d7:02:e0:b2:3e:cb:0a:38:a6:df:c4:87:84

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

shlwapi

PathFileExistsW

kernel32

ReadFile
WriteFile
CloseHandle
CreateFileW
PeekNamedPipe
Sleep
GetSystemTime
FlushFileBuffers
HeapSize
GetLastError
SetUnhandledExceptionFilter
WriteConsoleW
GetProcessHeap
SetEnvironmentVariableW
FreeEnvironmentStringsW
WideCharToMultiByte
MultiByteToWideChar
GetStringTypeW
InitializeSRWLock
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
TryEnterCriticalSection
DeleteCriticalSection
GetCurrentThreadId
EncodePointer
DecodePointer
LCMapStringEx
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetModuleHandleW
GetProcAddress
GetCPInfo
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
GetCurrentProcessId
InitializeSListHead
RaiseException
RtlUnwind
InterlockedFlushSList
SetLastError
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
GetFileAttributesExW
SetFileAttributesW
DeleteFileW
MoveFileExW
GetFileType
GetDriveTypeW
GetFileInformationByHandle
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
SetEndOfFile
SetFilePointerEx
GetConsoleMode
ReadConsoleW
GetConsoleCP
ExitProcess
GetModuleHandleExW
GetModuleFileNameW
HeapFree
HeapAlloc
GetStdHandle
GetTimeZoneInformation
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
SetStdHandle
GetCurrentDirectoryW
GetFullPathNameW
HeapReAlloc
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW

crypt32

CryptProtectData
CryptUnprotectData

rpcrt4

UuidCreate
RpcStringFreeW
UuidToStringW

Exports

Exports

AMSWSC_authenticate
AMSWSC_notify_expiration
AMSWSC_prepare_uninstall
AMSWSC_register_remediation
AMSWSC_set_log_callback
AMSWSC_shutdown_protected_service
AMSWSC_unregister_remediation
AMSWSC_update_protection_update_substatus
AMSWSC_update_scan_substatus
AMSWSC_update_settings_substatus
AMSWSC_update_status

Sections

.text
Size: 162KB - Virtual size: 162KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 66KB - Virtual size: 66KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Libs/libgcc_s_dw2-1.dll
.dll windows:6 windows x86 arch:x86

Password: infected

72e2cd9e129b18aa647a30bd6ed95591

Code Sign

01:ee:5f:16:9d:ff:97:35:2b:64:65:d6:6a
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

19-09-2018 00:00

Not After

28-01-2028 12:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

48:1b:6a:07:a9:42:4c:1e:aa:fe:f3:cd:f1:0f
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

15-06-2016 00:00

Not After

15-06-2024 00:00

Subject

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageOCSPSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:29:15:27:00:00:00:00:00:2a
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15-04-2011 19:55

Not After

15-04-2021 20:05

Subject

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

2a:09:50:26:3e:06:49:6a:27:81:f5:50
Certificate

Issuer

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Not Before

11-07-2018 11:33

Not After

11-07-2021 11:33

Subject

SERIALNUMBER=HRA 722586,CN=Avira Operations GmbH & Co. KG,OU=Cloud\, Services and Infrastructure,O=Avira Operations GmbH & Co. KG,STREET=Kaplaneiweg 1,L=Tettnang,ST=Baden-Wuerttemberg,C=DE,1.2.840.113549.1.9.1=#0c0c63614061766972612e636f6d,1.3.6.1.4.1.311.60.2.1.1=#1303556c6d,1.3.6.1.4.1.311.60.2.1.2=#1312426164656e2d577565727474656d62657267,1.3.6.1.4.1.311.60.2.1.3=#13024445,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

11:21:b4:55:35:1e:bb:1a:b2:4f:97:ef:07:fe:2a:b3:0b:8a
Certificate

Issuer

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Not Before

24-05-2016 00:00

Not After

24-06-2027 00:00

Subject

CN=GlobalSign TSA for Standard - G2,O=GMO GlobalSign Pte Ltd,C=SG

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

04:00:00:00:00:01:2f:4e:e1:52:d7
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

13-04-2011 10:00

Not After

28-01-2028 12:00

Subject

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

22:4c:b7:e1:ed:ee:0d:dc:8d:0b:ae:1f:fa:51:6b:56:0e:0d:52:05:ce:94:ae:bb:43:7d:df:bc:60:ec:0c:7b
Signer

Actual PE Digest

22:4c:b7:e1:ed:ee:0d:dc:8d:0b:ae:1f:fa:51:6b:56:0e:0d:52:05:ce:94:ae:bb:43:7d:df:bc:60:ec:0c:7b

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SetProcessWorkingSetSize
VerifyVersionInfoW
DeleteFileW
GetFileSize
SetFileAttributesW
WriteFile
CreateIoCompletionPort
PostQueuedCompletionStatus
GetFileSizeEx
ReadFile
SetFilePointerEx
QueryPerformanceCounter
GetQueuedCompletionStatus
LoadLibraryW
ResetEvent
GetCurrentThread
GetCurrentThreadId
SetThreadPriority
TerminateThread
GetTickCount
VirtualQuery
MapViewOfFile
UnmapViewOfFile
WriteConsoleW
GetProcAddress
GetModuleHandleW
FreeLibrary
GetSystemInfo
OpenProcess
GetCurrentProcessId
GetCurrentProcess
Sleep
QueryPerformanceFrequency
SetErrorMode
VerSetConditionMask
GetModuleFileNameW
CreateEventW
WaitForSingleObject
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
GetOverlappedResult
DeviceIoControl
CreateFileW
SetLastError
GetLastError
CloseHandle
SetEvent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
RtlUnwind
InterlockedFlushSList
RaiseException
EncodePointer
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
CreateThread
ExitThread
FreeLibraryAndExitThread
GetModuleHandleExW
MoveFileExW
HeapValidate
GetConsoleMode
GetFileType
ExitProcess
HeapFree
HeapAlloc
GetStdHandle
LCMapStringW
MultiByteToWideChar
GetProcessHeap
SetStdHandle
GetConsoleOutputCP
HeapReAlloc
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
WideCharToMultiByte
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetStringTypeW
FlushFileBuffers
HeapSize
DecodePointer

advapi32

LookupPrivilegeValueW
AdjustTokenPrivileges
OpenProcessToken
GetTraceEnableFlags
GetTraceEnableLevel
GetTraceLoggerHandle
UnregisterTraceGuids
RegisterTraceGuidsW
SetServiceStatus
TraceMessage
RegSetValueExW
RegQueryValueExW
RegOpenKeyExW
RegCloseKey

Exports

Exports

AVGDLL01
AVGDLL02
AVGDLL03
AVGDLL04
AVGDLL05
AVGDLL06
AVGDLL07
AVGDLL08
AVGDLL09
AVGDLL10
AVGDLL11
AVGDLL12
AVGDLL13
AVGDLL14
AVGDLL15

Sections

.text
Size: 98KB - Virtual size: 98KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 31KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Projects/Manager.cpp
Projects/Source.cpp
concrt140.dll
.dll windows:6 windows x86 arch:x86

Password: infected

f7e155027608db4293a50332363a537b

Code Sign

33:00:00:00:e5:ce:9e:eb:de:4d:48:35:f4:00:00:00:00:00:e5
Certificate

Issuer

CN=Microsoft Windows Third Party Component CA 2013,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

02-02-2023 22:33

Not After

31-01-2024 22:33

Subject

CN=Microsoft Windows Software Compatibility Publisher,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

33:00:00:00:14:9d:fb:c3:1f:1f:63:c3:10:00:00:00:00:00:14
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

01-05-2013 20:44

Not After

01-05-2028 20:54

Subject

CN=Microsoft Windows Third Party Component CA 2013,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:03:3c:2b:0a:49:d9:d2:91:7e:ac:00:00:00:00:03:3c
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16-02-2023 20:10

Not After

31-01-2024 20:10

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08-07-2011 20:59

Not After

08-07-2026 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

f5:15:16:5d:19:92:4b:31:40:6c:9f:ab:d3:1a:c4:94:a2:d2:68:50:df:2f:cc:bf:35:cc:02:5d:2f:4e:46:a7
Signer

Actual PE Digest

f5:15:16:5d:19:92:4b:31:40:6c:9f:ab:d3:1a:c4:94:a2:d2:68:50:df:2f:cc:bf:35:cc:02:5d:2f:4e:46:a7

Digest Algorithm

sha256

PE Digest Matches

false

f5:15:16:5d:19:92:4b:31:40:6c:9f:ab:d3:1a:c4:94:a2:d2:68:50:df:2f:cc:bf:35:cc:02:5d:2f:4e:46:a7
Signer

Actual PE Digest

f5:15:16:5d:19:92:4b:31:40:6c:9f:ab:d3:1a:c4:94:a2:d2:68:50:df:2f:cc:bf:35:cc:02:5d:2f:4e:46:a7

Digest Algorithm

sha256

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcp140

?_Xbad_function_call@std@@YAXXZ
?GetCurrentThreadId@platform@details@Concurrency@@YAJXZ
_Mtx_init_in_situ
_Mtx_destroy_in_situ
_Mtx_lock
_Mtx_unlock
_Cnd_init_in_situ
_Cnd_destroy_in_situ
_Cnd_wait
_Cnd_broadcast
?_Throw_C_error@std@@YAXH@Z
?_Xbad_alloc@std@@YAXXZ
?_Xlength_error@std@@YAXPBD@Z
?_Xout_of_range@std@@YAXPBD@Z
?__ExceptionPtrDestroy@@YAXPAX@Z
?__ExceptionPtrCreate@@YAXPAX@Z
?__ExceptionPtrCopy@@YAXPAXPBX@Z
?__ExceptionPtrCurrentException@@YAXPAX@Z
?__ExceptionPtrRethrow@@YAXPBX@Z

vcruntime140

__CxxFrameHandler3
_purecall
__std_terminate
__std_exception_copy
__std_exception_destroy
_CxxThrowException
memset
__uncaught_exception
memcpy
__std_type_info_destroy_list
_except_handler4_common
__current_exception_context
__current_exception
__RTDynamicCast

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm
_cexit
terminate
_invalid_parameter_noinfo_noreturn
_seh_filter_dll
_configure_narrow_argv
_initialize_narrow_environment
_initialize_onexit_table
_register_onexit_function
_execute_onexit_table
_crt_atexit

api-ms-win-crt-heap-l1-1-0

_callnewh
free
malloc

api-ms-win-crt-math-l1-1-0

_CIsqrt
_CIexp

api-ms-win-crt-string-l1-1-0

wcsncpy_s

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vfwprintf
__stdio_common_vswprintf_s
__acrt_iob_func
fflush

kernel32

WaitForSingleObjectEx
DisableThreadLibraryCalls
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
IsDebuggerPresent
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetModuleHandleA
GetModuleFileNameW
FreeLibraryAndExitThread
FreeLibrary
CloseThreadpoolWait
SetThreadpoolWait
CreateThreadpoolWait
CloseThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CreateThreadpoolTimer
FreeLibraryWhenCallbackReturns
GetThreadTimes
EncodePointer
OutputDebugStringW
LoadLibraryW
LoadLibraryExW
SetLastError
SetThreadpoolTimer
UnregisterWaitEx
CreateSemaphoreExW
ReleaseSemaphore
InitializeSListHead
SetProcessAffinityMask
VirtualFree
VirtualProtect
VirtualAlloc
GetVersionExW
GetCurrentProcessorNumber
FlushProcessWriteBuffers
DeleteCriticalSection
TryEnterCriticalSection
LeaveCriticalSection
EnterCriticalSection
UnregisterWait
RegisterWaitForSingleObject
SetThreadAffinityMask
GetProcessAffinityMask
GetNumaHighestNodeNumber
GetProcAddress
GetModuleHandleW
DeleteTimerQueueTimer
ChangeTimerQueueTimer
CreateTimerQueueTimer
GetLogicalProcessorInformation
GetTickCount64
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InterlockedPopEntrySList
InterlockedPushEntrySList
InterlockedFlushSList
QueryDepthSList
CreateTimerQueue
GetCurrentThread
CloseHandle
DuplicateHandle
GetLastError
SetEvent
SetThreadPriority
GetCurrentProcess
GetCurrentThreadId
InitializeCriticalSectionEx
CreateEventExW
Sleep
SignalObjectAndWait
SwitchToThread
CreateThread
GetThreadPriority

Exports

Exports

??0?$_SpinWait@$00@details@Concurrency@@QAE@P6AXXZ@Z
??0?$_SpinWait@$0A@@details@Concurrency@@QAE@P6AXXZ@Z
??0SchedulerPolicy@Concurrency@@QAA@IZZ
??0SchedulerPolicy@Concurrency@@QAE@ABV01@@Z
??0SchedulerPolicy@Concurrency@@QAE@XZ
??0_Cancellation_beacon@details@Concurrency@@QAE@XZ
??0_Concurrent_queue_base_v4@details@Concurrency@@IAE@I@Z
??0_Concurrent_queue_iterator_base_v4@details@Concurrency@@IAE@ABV_Concurrent_queue_base_v4@12@@Z
??0_Condition_variable@details@Concurrency@@QAE@XZ
??0_Context@details@Concurrency@@QAE@PAVContext@2@@Z
??0_NonReentrantBlockingLock@details@Concurrency@@QAE@XZ
??0_NonReentrantPPLLock@details@Concurrency@@QAE@XZ
??0_ReaderWriterLock@details@Concurrency@@QAE@XZ
??0_ReentrantBlockingLock@details@Concurrency@@QAE@XZ
??0_ReentrantLock@details@Concurrency@@QAE@XZ
??0_ReentrantPPLLock@details@Concurrency@@QAE@XZ
??0_Runtime_object@details@Concurrency@@QAE@H@Z
??0_Runtime_object@details@Concurrency@@QAE@XZ
??0_Scheduler@details@Concurrency@@QAE@PAVScheduler@2@@Z
??0_Scoped_lock@_NonReentrantPPLLock@details@Concurrency@@QAE@AAV123@@Z
??0_Scoped_lock@_ReentrantPPLLock@details@Concurrency@@QAE@AAV123@@Z
??0_SpinLock@details@Concurrency@@QAE@ACJ@Z
??0_StructuredTaskCollection@details@Concurrency@@QAE@PAV_CancellationTokenState@12@@Z
??0_TaskCollection@details@Concurrency@@QAE@PAV_CancellationTokenState@12@@Z
??0_TaskCollection@details@Concurrency@@QAE@XZ
??0_Timer@details@Concurrency@@IAE@I_N@Z
??0agent@Concurrency@@QAE@AAVScheduleGroup@1@@Z
??0agent@Concurrency@@QAE@AAVScheduler@1@@Z
??0agent@Concurrency@@QAE@XZ
??0bad_target@Concurrency@@QAE@PBD@Z
??0bad_target@Concurrency@@QAE@XZ
??0context_self_unblock@Concurrency@@QAE@PBD@Z
??0context_self_unblock@Concurrency@@QAE@XZ
??0context_unblock_unbalanced@Concurrency@@QAE@PBD@Z
??0context_unblock_unbalanced@Concurrency@@QAE@XZ
??0critical_section@Concurrency@@QAE@XZ
??0default_scheduler_exists@Concurrency@@QAE@PBD@Z
??0default_scheduler_exists@Concurrency@@QAE@XZ
??0event@Concurrency@@QAE@XZ
??0improper_lock@Concurrency@@QAE@PBD@Z
??0improper_lock@Concurrency@@QAE@XZ
??0improper_scheduler_attach@Concurrency@@QAE@PBD@Z
??0improper_scheduler_attach@Concurrency@@QAE@XZ
??0improper_scheduler_detach@Concurrency@@QAE@PBD@Z
??0improper_scheduler_detach@Concurrency@@QAE@XZ
??0improper_scheduler_reference@Concurrency@@QAE@PBD@Z
??0improper_scheduler_reference@Concurrency@@QAE@XZ
??0invalid_link_target@Concurrency@@QAE@PBD@Z
??0invalid_link_target@Concurrency@@QAE@XZ
??0invalid_multiple_scheduling@Concurrency@@QAE@PBD@Z
??0invalid_multiple_scheduling@Concurrency@@QAE@XZ
??0invalid_oversubscribe_operation@Concurrency@@QAE@PBD@Z
??0invalid_oversubscribe_operation@Concurrency@@QAE@XZ
??0invalid_scheduler_policy_key@Concurrency@@QAE@PBD@Z
??0invalid_scheduler_policy_key@Concurrency@@QAE@XZ
??0invalid_scheduler_policy_thread_specification@Concurrency@@QAE@PBD@Z
??0invalid_scheduler_policy_thread_specification@Concurrency@@QAE@XZ
??0invalid_scheduler_policy_value@Concurrency@@QAE@PBD@Z
??0invalid_scheduler_policy_value@Concurrency@@QAE@XZ
??0message_not_found@Concurrency@@QAE@PBD@Z
??0message_not_found@Concurrency@@QAE@XZ
??0missing_wait@Concurrency@@QAE@PBD@Z
??0missing_wait@Concurrency@@QAE@XZ
??0nested_scheduler_missing_detach@Concurrency@@QAE@PBD@Z
??0nested_scheduler_missing_detach@Concurrency@@QAE@XZ
??0operation_timed_out@Concurrency@@QAE@PBD@Z
??0operation_timed_out@Concurrency@@QAE@XZ
??0reader_writer_lock@Concurrency@@QAE@XZ
??0scheduler_not_attached@Concurrency@@QAE@PBD@Z
??0scheduler_not_attached@Concurrency@@QAE@XZ
??0scheduler_resource_allocation_error@Concurrency@@QAE@J@Z
??0scheduler_resource_allocation_error@Concurrency@@QAE@PBDJ@Z
??0scheduler_worker_creation_error@Concurrency@@QAE@J@Z
??0scheduler_worker_creation_error@Concurrency@@QAE@PBDJ@Z
??0scoped_lock@critical_section@Concurrency@@QAE@AAV12@@Z
??0scoped_lock@reader_writer_lock@Concurrency@@QAE@AAV12@@Z
??0scoped_lock_read@reader_writer_lock@Concurrency@@QAE@AAV12@@Z
??0unsupported_os@Concurrency@@QAE@PBD@Z
??0unsupported_os@Concurrency@@QAE@XZ
??1SchedulerPolicy@Concurrency@@QAE@XZ
??1_Cancellation_beacon@details@Concurrency@@QAE@XZ
??1_Concurrent_queue_base_v4@details@Concurrency@@MAE@XZ
??1_Concurrent_queue_iterator_base_v4@details@Concurrency@@IAE@XZ
??1_Concurrent_vector_base_v4@details@Concurrency@@IAE@XZ
??1_Condition_variable@details@Concurrency@@QAE@XZ
??1_NonReentrantBlockingLock@details@Concurrency@@QAE@XZ
??1_ReentrantBlockingLock@details@Concurrency@@QAE@XZ
??1_Scoped_lock@_NonReentrantPPLLock@details@Concurrency@@QAE@XZ
??1_Scoped_lock@_ReentrantPPLLock@details@Concurrency@@QAE@XZ
??1_SpinLock@details@Concurrency@@QAE@XZ
??1_StructuredTaskCollection@details@Concurrency@@QAE@XZ
??1_TaskCollection@details@Concurrency@@QAE@XZ
??1_Timer@details@Concurrency@@MAE@XZ
??1agent@Concurrency@@UAE@XZ
??1critical_section@Concurrency@@QAE@XZ
??1event@Concurrency@@QAE@XZ
??1reader_writer_lock@Concurrency@@QAE@XZ
??1scoped_lock@critical_section@Concurrency@@QAE@XZ
??1scoped_lock@reader_writer_lock@Concurrency@@QAE@XZ
??1scoped_lock_read@reader_writer_lock@Concurrency@@QAE@XZ
??4?$_SpinWait@$00@details@Concurrency@@QAEAAV012@$$QAV012@@Z
??4?$_SpinWait@$00@details@Concurrency@@QAEAAV012@ABV012@@Z
??4?$_SpinWait@$0A@@details@Concurrency@@QAEAAV012@$$QAV012@@Z
??4?$_SpinWait@$0A@@details@Concurrency@@QAEAAV012@ABV012@@Z
??4SchedulerPolicy@Concurrency@@QAEAAV01@ABV01@@Z
??_F?$_SpinWait@$00@details@Concurrency@@QAEXXZ
??_F?$_SpinWait@$0A@@details@Concurrency@@QAEXXZ
??_F_Context@details@Concurrency@@QAEXXZ
??_F_Scheduler@details@Concurrency@@QAEXXZ
?AgentEventGuid@Concurrency@@3U_GUID@@B
?Alloc@Concurrency@@YAPAXI@Z
?Block@Context@Concurrency@@SAXXZ
?ChoreEventGuid@Concurrency@@3U_GUID@@B
?ConcRTEventGuid@Concurrency@@3U_GUID@@B
?ConcRT_ProviderGuid@Concurrency@@3U_GUID@@B
?ContextEventGuid@Concurrency@@3U_GUID@@B
?Create@CurrentScheduler@Concurrency@@SAXABVSchedulerPolicy@2@@Z
?Create@Scheduler@Concurrency@@SAPAV12@ABVSchedulerPolicy@2@@Z
?CreateResourceManager@Concurrency@@YAPAUIResourceManager@1@XZ
?CreateScheduleGroup@CurrentScheduler@Concurrency@@SAPAVScheduleGroup@2@AAVlocation@2@@Z
?CreateScheduleGroup@CurrentScheduler@Concurrency@@SAPAVScheduleGroup@2@XZ
?CurrentContext@Context@Concurrency@@SAPAV12@XZ
?Detach@CurrentScheduler@Concurrency@@SAXXZ
?DisableTracing@Concurrency@@YAJXZ
?EnableTracing@Concurrency@@YAJXZ
?Free@Concurrency@@YAXPAX@Z
?Get@CurrentScheduler@Concurrency@@SAPAVScheduler@2@XZ
?GetExecutionContextId@Concurrency@@YAIXZ
?GetNumberOfVirtualProcessors@CurrentScheduler@Concurrency@@SAIXZ
?GetOSVersion@Concurrency@@YA?AW4OSVersion@IResourceManager@1@XZ
?GetPolicy@CurrentScheduler@Concurrency@@SA?AVSchedulerPolicy@2@XZ
?GetPolicyValue@SchedulerPolicy@Concurrency@@QBEIW4PolicyElementKey@2@@Z
?GetProcessorCount@Concurrency@@YAIXZ
?GetProcessorNodeCount@Concurrency@@YAIXZ
?GetSchedulerId@Concurrency@@YAIXZ
?GetSharedTimerQueue@details@Concurrency@@YAPAXXZ
?Id@Context@Concurrency@@SAIXZ
?Id@CurrentScheduler@Concurrency@@SAIXZ
?IsAvailableLocation@CurrentScheduler@Concurrency@@SA_NABVlocation@2@@Z
?IsCurrentTaskCollectionCanceling@Context@Concurrency@@SA_NXZ
?LockEventGuid@Concurrency@@3U_GUID@@B
?Log2@details@Concurrency@@YAKI@Z
?NFS_Allocate@details@Concurrency@@YAPAXIIPAX@Z
?NFS_Free@details@Concurrency@@YAXPAX@Z
?NFS_GetLineSize@details@Concurrency@@YAIXZ
?Oversubscribe@Context@Concurrency@@SAX_N@Z
?PPLParallelForEventGuid@Concurrency@@3U_GUID@@B
?PPLParallelForeachEventGuid@Concurrency@@3U_GUID@@B
?PPLParallelInvokeEventGuid@Concurrency@@3U_GUID@@B
?RegisterShutdownEvent@CurrentScheduler@Concurrency@@SAXPAX@Z
?ResetDefaultSchedulerPolicy@Scheduler@Concurrency@@SAXXZ
?ResourceManagerEventGuid@Concurrency@@3U_GUID@@B
?ScheduleGroupEventGuid@Concurrency@@3U_GUID@@B
?ScheduleGroupId@Context@Concurrency@@SAIXZ
?ScheduleTask@CurrentScheduler@Concurrency@@SAXP6AXPAX@Z0@Z
?ScheduleTask@CurrentScheduler@Concurrency@@SAXP6AXPAX@Z0AAVlocation@2@@Z
?SchedulerEventGuid@Concurrency@@3U_GUID@@B
?SetConcurrencyLimits@SchedulerPolicy@Concurrency@@QAEXII@Z
?SetDefaultSchedulerPolicy@Scheduler@Concurrency@@SAXABVSchedulerPolicy@2@@Z
?SetPolicyValue@SchedulerPolicy@Concurrency@@QAEIW4PolicyElementKey@2@I@Z
?VirtualProcessorEventGuid@Concurrency@@3U_GUID@@B
?VirtualProcessorId@Context@Concurrency@@SAIXZ
?Yield@Context@Concurrency@@SAXXZ
?_Abort@_StructuredTaskCollection@details@Concurrency@@AAEXXZ
?_Acquire@_NonReentrantBlockingLock@details@Concurrency@@QAEXXZ
?_Acquire@_NonReentrantPPLLock@details@Concurrency@@QAEXPAX@Z
?_Acquire@_ReentrantBlockingLock@details@Concurrency@@QAEXXZ
?_Acquire@_ReentrantLock@details@Concurrency@@QAEXXZ
?_Acquire@_ReentrantPPLLock@details@Concurrency@@QAEXPAX@Z
?_AcquireRead@_ReaderWriterLock@details@Concurrency@@QAEXXZ
?_AcquireWrite@_ReaderWriterLock@details@Concurrency@@QAEXXZ
?_Advance@_Concurrent_queue_iterator_base_v4@details@Concurrency@@IAEXXZ
?_Assign@_Concurrent_queue_iterator_base_v4@details@Concurrency@@IAEXABV123@@Z
?_Byte_reverse_table@details@Concurrency@@3QBEB
?_Cancel@_StructuredTaskCollection@details@Concurrency@@QAEXXZ
?_Cancel@_TaskCollection@details@Concurrency@@QAEXXZ
?_CheckTaskCollection@_UnrealizedChore@details@Concurrency@@IAEXXZ
?_CleanupToken@_StructuredTaskCollection@details@Concurrency@@AAEXXZ
?_ConcRT_CoreAssert@details@Concurrency@@YAXPBD0H@Z
?_ConcRT_Trace@details@Concurrency@@YAXHPB_WZZ
?_Confirm_cancel@_Cancellation_beacon@details@Concurrency@@QAE_NXZ
?_CurrentContext@_Context@details@Concurrency@@SA?AV123@XZ
?_Current_node@location@Concurrency@@SA?AV12@XZ
?_Destroy@_AsyncTaskCollection@details@Concurrency@@EAEXXZ
?_DoYield@?$_SpinWait@$00@details@Concurrency@@IAEXXZ
?_DoYield@?$_SpinWait@$0A@@details@Concurrency@@IAEXXZ
?_Get@_CurrentScheduler@details@Concurrency@@SA?AV_Scheduler@23@XZ
?_GetCombinableSize@details@Concurrency@@YAIXZ
?_GetConcRTTraceInfo@Concurrency@@YAPBU_CONCRT_TRACE_INFO@details@1@XZ
?_GetConcurrency@details@Concurrency@@YAIXZ
?_GetCurrentInlineDepth@_StackGuard@details@Concurrency@@CAAAIXZ
?_GetNumberOfVirtualProcessors@_CurrentScheduler@details@Concurrency@@SAIXZ
?_GetScheduler@_Scheduler@details@Concurrency@@QAEPAVScheduler@3@XZ
?_Id@_CurrentScheduler@details@Concurrency@@SAIXZ
?_Internal_assign@_Concurrent_vector_base_v4@details@Concurrency@@IAEXABV123@IP6AXPAXI@ZP6AX1PBXI@Z4@Z
?_Internal_capacity@_Concurrent_vector_base_v4@details@Concurrency@@IBEIXZ
?_Internal_clear@_Concurrent_vector_base_v4@details@Concurrency@@IAEIP6AXPAXI@Z@Z
?_Internal_compact@_Concurrent_vector_base_v4@details@Concurrency@@IAEPAXIPAXP6AX0I@ZP6AX0PBXI@Z@Z
?_Internal_copy@_Concurrent_vector_base_v4@details@Concurrency@@IAEXABV123@IP6AXPAXPBXI@Z@Z
?_Internal_empty@_Concurrent_queue_base_v4@details@Concurrency@@IBE_NXZ
?_Internal_finish_clear@_Concurrent_queue_base_v4@details@Concurrency@@IAEXXZ
?_Internal_grow_by@_Concurrent_vector_base_v4@details@Concurrency@@IAEIIIP6AXPAXPBXI@Z1@Z
?_Internal_grow_to_at_least_with_result@_Concurrent_vector_base_v4@details@Concurrency@@IAEIIIP6AXPAXPBXI@Z1@Z
?_Internal_move_push@_Concurrent_queue_base_v4@details@Concurrency@@IAEXPAX@Z
?_Internal_pop_if_present@_Concurrent_queue_base_v4@details@Concurrency@@IAE_NPAX@Z
?_Internal_push@_Concurrent_queue_base_v4@details@Concurrency@@IAEXPBX@Z
?_Internal_push_back@_Concurrent_vector_base_v4@details@Concurrency@@IAEPAXIAAI@Z
?_Internal_reserve@_Concurrent_vector_base_v4@details@Concurrency@@IAEXIII@Z
?_Internal_resize@_Concurrent_vector_base_v4@details@Concurrency@@IAEXIIIP6AXPAXI@ZP6AX0PBXI@Z2@Z
?_Internal_size@_Concurrent_queue_base_v4@details@Concurrency@@IBEIXZ
?_Internal_swap@_Concurrent_queue_base_v4@details@Concurrency@@IAEXAAV123@@Z
?_Internal_swap@_Concurrent_vector_base_v4@details@Concurrency@@IAEXAAV123@@Z
?_Internal_throw_exception@_Concurrent_queue_base_v4@details@Concurrency@@IBEXXZ
?_Internal_throw_exception@_Concurrent_vector_base_v4@details@Concurrency@@IBEXI@Z
?_IsCanceling@_StructuredTaskCollection@details@Concurrency@@QAE_NXZ
?_IsCanceling@_TaskCollection@details@Concurrency@@QAE_NXZ
?_IsSynchronouslyBlocked@_Context@details@Concurrency@@QBE_NXZ
?_NewCollection@_AsyncTaskCollection@details@Concurrency@@SAPAV123@PAV_CancellationTokenState@23@@Z
?_NumberOfSpins@?$_SpinWait@$00@details@Concurrency@@IAEKXZ
?_NumberOfSpins@?$_SpinWait@$0A@@details@Concurrency@@IAEKXZ
?_Oversubscribe@_Context@details@Concurrency@@SAX_N@Z
?_Reference@_Scheduler@details@Concurrency@@QAEIXZ
?_Release@_NonReentrantBlockingLock@details@Concurrency@@QAEXXZ
?_Release@_NonReentrantPPLLock@details@Concurrency@@QAEXXZ
?_Release@_ReentrantBlockingLock@details@Concurrency@@QAEXXZ
?_Release@_ReentrantLock@details@Concurrency@@QAEXXZ
?_Release@_ReentrantPPLLock@details@Concurrency@@QAEXXZ
?_Release@_Scheduler@details@Concurrency@@QAEIXZ
?_ReleaseRead@_ReaderWriterLock@details@Concurrency@@QAEXXZ
?_ReleaseWrite@_ReaderWriterLock@details@Concurrency@@QAEXXZ
?_Reset@?$_SpinWait@$00@details@Concurrency@@IAEXXZ
?_Reset@?$_SpinWait@$0A@@details@Concurrency@@IAEXXZ
?_RunAndWait@_StructuredTaskCollection@details@Concurrency@@QAG?AW4_TaskCollectionStatus@23@PAV_UnrealizedChore@23@@Z
?_RunAndWait@_TaskCollection@details@Concurrency@@QAG?AW4_TaskCollectionStatus@23@PAV_UnrealizedChore@23@@Z
?_Schedule@_StructuredTaskCollection@details@Concurrency@@QAEXPAV_UnrealizedChore@23@@Z
?_Schedule@_StructuredTaskCollection@details@Concurrency@@QAEXPAV_UnrealizedChore@23@PAVlocation@3@@Z
?_Schedule@_TaskCollection@details@Concurrency@@QAEXPAV_UnrealizedChore@23@@Z
?_Schedule@_TaskCollection@details@Concurrency@@QAEXPAV_UnrealizedChore@23@PAVlocation@3@@Z
?_ScheduleTask@_CurrentScheduler@details@Concurrency@@SAXP6AXPAX@Z0@Z
?_Segment_index_of@_Concurrent_vector_base_v4@details@Concurrency@@KAII@Z
?_SetSpinCount@?$_SpinWait@$00@details@Concurrency@@QAEXI@Z
?_SetSpinCount@?$_SpinWait@$0A@@details@Concurrency@@QAEXI@Z
?_ShouldSpinAgain@?$_SpinWait@$00@details@Concurrency@@IAE_NXZ
?_ShouldSpinAgain@?$_SpinWait@$0A@@details@Concurrency@@IAE_NXZ
?_SpinOnce@?$_SpinWait@$00@details@Concurrency@@QAE_NXZ
?_SpinOnce@?$_SpinWait@$0A@@details@Concurrency@@QAE_NXZ
?_SpinYield@Context@Concurrency@@SAXXZ
?_Start@_Timer@details@Concurrency@@IAEXXZ
?_Stop@_Timer@details@Concurrency@@IAEXXZ
?_Trace_agents@Concurrency@@YAXW4Agents_EventType@1@_JZZ
?_Trace_ppl_function@Concurrency@@YAXABU_GUID@@EW4ConcRT_EventType@1@@Z
?_TryAcquire@_NonReentrantBlockingLock@details@Concurrency@@QAE_NXZ
?_TryAcquire@_ReentrantBlockingLock@details@Concurrency@@QAE_NXZ
?_TryAcquire@_ReentrantLock@details@Concurrency@@QAE_NXZ
?_TryAcquireWrite@_ReaderWriterLock@details@Concurrency@@QAE_NXZ
?_UnderlyingYield@details@Concurrency@@YAXXZ
?_Value@_SpinCount@details@Concurrency@@SAIXZ
?_Yield@_Context@details@Concurrency@@SAXXZ
?cancel@agent@Concurrency@@QAE_NXZ
?current@location@Concurrency@@SA?AV12@XZ
?done@agent@Concurrency@@IAE_NXZ
?from_numa_node@location@Concurrency@@SA?AV12@G@Z
?get_error_code@scheduler_resource_allocation_error@Concurrency@@QBEJXZ
?is_current_task_group_canceling@Concurrency@@YA_NXZ
?lock@critical_section@Concurrency@@QAEXXZ
?lock@reader_writer_lock@Concurrency@@QAEXXZ
?lock_read@reader_writer_lock@Concurrency@@QAEXXZ
?native_handle@critical_section@Concurrency@@QAEAAV12@XZ
?notify_all@_Condition_variable@details@Concurrency@@QAEXXZ
?notify_one@_Condition_variable@details@Concurrency@@QAEXXZ
?reset@event@Concurrency@@QAEXXZ
?set@event@Concurrency@@QAEXXZ
?set_task_execution_resources@Concurrency@@YAXGPAU_GROUP_AFFINITY@@@Z
?set_task_execution_resources@Concurrency@@YAXK@Z
?start@agent@Concurrency@@QAE_NXZ
?status@agent@Concurrency@@QAE?AW4agent_status@2@XZ
?status_port@agent@Concurrency@@QAEPAV?$ISource@W4agent_status@Concurrency@@@2@XZ
?try_lock@critical_section@Concurrency@@QAE_NXZ
?try_lock@reader_writer_lock@Concurrency@@QAE_NXZ
?try_lock_for@critical_section@Concurrency@@QAE_NI@Z
?try_lock_read@reader_writer_lock@Concurrency@@QAE_NXZ
?unlock@critical_section@Concurrency@@QAEXXZ
?unlock@reader_writer_lock@Concurrency@@QAEXXZ
?wait@Concurrency@@YAXI@Z
?wait@_Condition_variable@details@Concurrency@@QAEXAAVcritical_section@3@@Z
?wait@agent@Concurrency@@SA?AW4agent_status@2@PAV12@I@Z
?wait@event@Concurrency@@QAEII@Z
?wait_for@_Condition_variable@details@Concurrency@@QAE_NAAVcritical_section@3@I@Z
?wait_for_all@agent@Concurrency@@SAXIPAPAV12@PAW4agent_status@2@I@Z
?wait_for_multiple@event@Concurrency@@SAIPAPAV12@I_NI@Z
?wait_for_one@agent@Concurrency@@SAXIPAPAV12@AAW4agent_status@2@AAII@Z

Sections

.text
Size: 204KB - Virtual size: 203KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 976B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
cpfe.dll
.dll windows:6 windows x86 arch:x86

Password: infected

4e4b0d2bf4bf5220417826ef4b4d596a

Code Sign

33:00:00:03:4d:4e:91:a6:1a:28:b0:78:8f:00:00:00:00:03:4d
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16-03-2023 18:43

Not After

14-03-2024 18:43

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08-07-2011 20:59

Not After

08-07-2026 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

36:2a:68:a8:5e:a4:1d:92:5e:73:bb:15:f4:57:30:f8:0b:10:83:19:2e:95:91:59:95:a3:01:4f:aa:db:61:e9
Signer

Actual PE Digest

36:2a:68:a8:5e:a4:1d:92:5e:73:bb:15:f4:57:30:f8:0b:10:83:19:2e:95:91:59:95:a3:01:4f:aa:db:61:e9

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ole32

CoCreateInstance
CoUninitialize
CoInitializeEx
CLSIDFromString

oleaut32

QueryPathOfRegTypeLi
GetErrorInfo
SysFreeString

shell32

SHGetFolderPathW
SHCreateDirectoryExW

user32

CharUpperBuffW
CharLowerBuffW

msvcp140

?in@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z
?_Gndec@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
_Mtx_destroy_in_situ
_Mtx_init_in_situ
_Mtx_lock
?_Throw_C_error@std@@YAXH@Z
_Mtx_unlock
_Cnd_broadcast
_Cnd_init_in_situ
_Cnd_destroy_in_situ
_Cnd_wait
?_Syserror_map@std@@YAPBDH@Z
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
_Cnd_signal
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDD@Z
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@D@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@H@Z
?_Decref@facet@locale@std@@UAEPAV_Facet_base@3@XZ
?_Incref@facet@locale@std@@UAEXXZ
?_Getcat@?$ctype@D@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
??1_Locinfo@std@@QAE@XZ
?c_str@?$_Yarn@D@std@@QBEPBDXZ
??0_Locinfo@std@@QAE@PBD@Z
??1facet@locale@std@@MAE@XZ
??0facet@locale@std@@IAE@I@Z
?id@?$ctype@D@std@@2V0locale@2@A
?id@?$collate@D@std@@2V0locale@2@A
_Strxfrm
_Strcoll
?_Getcoll@_Locinfo@std@@QBE?AU_Collvec@@XZ
?_Xregex_error@std@@YAXW4error_type@regex_constants@1@@Z
?is@?$ctype@D@std@@QBE_NFD@Z
?tolower@?$ctype@D@std@@QBEDD@Z
?tolower@?$ctype@D@std@@QBEPBDPADPBD@Z
?bad@ios_base@std@@QBE_NXZ
?sgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPAD_J@Z
?set_rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXPAV?$basic_streambuf@DU?$char_traits@D@std@@@2@@Z
?fill@?$basic_ios@GU?$char_traits@G@std@@@std@@QBEGXZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXXZ
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PAD1AAPAD@Z
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QBE?AVlocale@2@XZ
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?_Fiopen@std@@YAPAU_iobuf@@PBDHH@Z
?always_noconv@codecvt_base@std@@QBE_NXZ
?rdbuf@?$basic_ios@GU?$char_traits@G@std@@@std@@QBEPAV?$basic_streambuf@GU?$char_traits@G@std@@@2@XZ
?sputc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QAEGG@Z
?_Gnavail@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBE_JXZ
?_Gninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
?_Pnavail@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBE_JXZ
?pbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXH@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@I@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAVios_base@1@AAV21@@Z@Z
?put@?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEAAV12@G@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEAAV01@_K@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEAAV01@_J@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEAAV01@I@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEAAV01@H@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEAAV01@P6AAAVios_base@1@AAV21@@Z@Z
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0?$basic_ostream@GU?$char_traits@G@std@@@std@@QAE@PAV?$basic_streambuf@GU?$char_traits@G@std@@@1@_N@Z
??0?$basic_ios@GU?$char_traits@G@std@@@std@@IAE@XZ
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDXZ
?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEPAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?setp@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IAEXPAG00@Z
?epptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IBEPAGXZ
?setg@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IAEXPAG00@Z
?egptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IBEPAGXZ
?eback@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IBEPAGXZ
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAD00@Z
?epptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAD00@Z
?egptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?eback@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?tie@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEPAV?$basic_ostream@DU?$char_traits@D@std@@@2@XZ
?setp@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IAEXPAG0@Z
??0?$basic_streambuf@GU?$char_traits@G@std@@@std@@IAE@XZ
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAD0@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
?pbase@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IBEPAGXZ
?pbase@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?fill@?$basic_ios@GU?$char_traits@G@std@@@std@@QAEGG@Z
?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEDD@Z
?sputn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QAE_JPBG_J@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z
?imbue@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MAEXABVlocale@2@@Z
?setbuf@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MAEPAV12@PAG_J@Z
?xsgetn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MAE_JPAG_J@Z
?uflow@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MAEGXZ
?showmanyc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MAE_JXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEXABVlocale@2@@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEPAV12@PAD_J@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
?xsputn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MAE_JPBG_J@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?widen@?$ctype@G@std@@QBEGD@Z
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?_Xout_of_range@std@@YAXPBD@Z
?getloc@ios_base@std@@QBE?AVlocale@2@XZ
??1?$basic_ostream@GU?$char_traits@G@std@@@std@@UAE@XZ
??1?$basic_streambuf@GU?$char_traits@G@std@@@std@@UAE@XZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAPAD0PAH001@Z
?gbump@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IAEXH@Z
?pptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IBEPAGXZ
?_Pninc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IAEPAGXZ
?gptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IBEPAGXZ
?flags@ios_base@std@@QBEHXZ
?setstate@?$basic_ios@GU?$char_traits@G@std@@@std@@QAEXH_N@Z
?_Xlength_error@std@@YAXPBD@Z
_Query_perf_counter
_Query_perf_frequency
?fail@ios_base@std@@QBE_NXZ
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UAE@XZ
?_Fiopen@std@@YAPAU_iobuf@@PBGHH@Z
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?read@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@PAD_J@Z
?seekg@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@_JH@Z
?tellg@?$basic_istream@DU?$char_traits@D@std@@@std@@QAE?AV?$fpos@U_Mbstatet@@@2@XZ
?cerr@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?width@ios_base@std@@QBE_JXZ
?_Osfx@?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEXXZ
?sync@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MAEHXZ
?good@ios_base@std@@QBE_NXZ
?uncaught_exception@std@@YA_NXZ
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
?_Unlock@?$basic_streambuf@GU?$char_traits@G@std@@@std@@UAEXXZ
?gbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXH@Z
?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
??Bid@locale@std@@QAEIXZ
?id@?$ctype@G@std@@2V0locale@2@A
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ
??0_Lockit@std@@QAE@H@Z
??1_Lockit@std@@QAE@XZ
?_Getcat@?$ctype@G@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?widen@?$ctype@G@std@@QBEPBDPBD0PAG@Z
?_Init@locale@std@@CAPAV_Locimp@12@_N@Z
?setf@ios_base@std@@QAEHHH@Z
?setw@std@@YA?AU?$_Smanip@_J@1@_J@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_ios@GU?$char_traits@G@std@@@std@@UAE@XZ
?_Lock@?$basic_streambuf@GU?$char_traits@G@std@@@std@@UAEXXZ
?tie@?$basic_ios@GU?$char_traits@G@std@@@std@@QBEPAV?$basic_ostream@GU?$char_traits@G@std@@@2@XZ
?_Xbad_alloc@std@@YAXXZ
?flush@?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEAAV12@XZ
?width@ios_base@std@@QAE_J_J@Z

concrt140

?_CheckTaskCollection@_UnrealizedChore@details@Concurrency@@IAEXXZ
?_RunAndWait@_StructuredTaskCollection@details@Concurrency@@QAG?AW4_TaskCollectionStatus@23@PAV_UnrealizedChore@23@@Z
?_GetNumberOfVirtualProcessors@_CurrentScheduler@details@Concurrency@@SAIXZ
??1_StructuredTaskCollection@details@Concurrency@@QAE@XZ
?_Schedule@_StructuredTaskCollection@details@Concurrency@@QAEXPAV_UnrealizedChore@23@@Z
?Free@Concurrency@@YAXPAX@Z

mscoree

CLRCreateInstance

kernel32

SetHandleInformation
CompareStringEx
FindFirstFileExW
FindNextFileW
GetLocaleInfoA
IsValidCodePage
MultiByteToWideChar
LoadLibraryExW
GetThreadPreferredUILanguages
SizeofResource
LockResource
FindResourceExW
FindResourceW
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
GetFullPathNameW
GetCurrentDirectoryW
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
CreateEventW
WaitForSingleObjectEx
ResetEvent
SetEvent
InitializeCriticalSectionAndSpinCount
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
LeaveCriticalSection
EnterCriticalSection
OutputDebugStringW
IsDebuggerPresent
GetProcessHeap
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
HeapDestroy
FindResourceA
LoadResource
AllocConsole
GetCurrentProcess
VirtualQueryEx
GetSystemInfo
GetModuleHandleExW
DeleteCriticalSection
RaiseException
FreeLibrary
GetModuleFileNameW
LoadLibraryW
InitializeCriticalSectionEx
GetProcAddress
GetModuleHandleW
UnmapViewOfFile
VirtualFree
MapViewOfFileEx
WriteFile
SetFilePointerEx
VirtualAlloc
CreateFileMappingA
GetTempFileNameW
GetTempPathW
GetLastError
FormatMessageA
CreateFileA
SetConsoleMode
GetConsoleMode
GetStdHandle
GetFileAttributesA
GetFileAttributesW
SetFileTime
CloseHandle
SystemTimeToFileTime
GetSystemTime
CreateFileW
FindClose
GetEnvironmentVariableW

advapi32

RegEnumKeyExA
RegOpenKeyExA
RegCloseKey

vcruntime140

__std_exception_destroy
strstr
wcschr
wcsstr
memmove
__current_exception
__current_exception_context
_except_handler4_common
_CxxThrowException
strchr
_purecall
__std_type_info_destroy_list
memcpy
__CxxFrameHandler3
memset
memcmp
memchr
wcsrchr
__RTDynamicCast
__std_exception_copy
__std_terminate

api-ms-win-crt-stdio-l1-1-0

fputc
_get_stream_buffer_pointers
fgetpos
fsetpos
setvbuf
__stdio_common_vfprintf_s
fgetc
__stdio_common_vfprintf
_wsopen_s
_get_osfhandle
_wfopen_s
putc
__stdio_common_vswprintf
_fread_nolock
__acrt_iob_func
ftell
fwrite
fputs
fread
fseek
fflush
__stdio_common_vsprintf
_fseeki64
_ftelli64
__stdio_common_vsscanf
_getcwd
_fileno
_isatty
getc
_wfsopen
freopen_s
__stdio_common_vswprintf_s
ungetc
ferror
fclose
fopen
_fsopen
_wfopen

api-ms-win-crt-string-l1-1-0

isalnum
strcpy_s
isspace
islower
isxdigit
strncmp
strncpy
isprint
wcscpy_s
wcsnlen
iswspace
tolower
isalpha
iscntrl
wcscat_s
_wcsicmp
wcsncmp
_strnicmp
_stricmp
isdigit
isupper
wmemcpy_s

api-ms-win-crt-convert-l1-1-0

strtol
strtoul
mbstowcs_s
_wtoi
wcstoul

api-ms-win-crt-heap-l1-1-0

malloc
realloc
free
_callnewh

api-ms-win-crt-runtime-l1-1-0

exit
_beginthreadex
signal
strerror
_invalid_parameter_noinfo_noreturn
_initterm_e
_initterm
_cexit
_crt_atexit
_execute_onexit_table
_register_onexit_function
_initialize_onexit_table
_initialize_narrow_environment
_configure_narrow_argv
_seh_filter_dll
_errno
_getpid
_invalid_parameter_noinfo
terminate

api-ms-win-crt-environment-l1-1-0

getenv_s
getenv

api-ms-win-crt-utility-l1-1-0

qsort
bsearch

api-ms-win-crt-time-l1-1-0

_time64
_ctime64
clock
_difftime64
asctime
_localtime64

api-ms-win-crt-filesystem-l1-1-0

_wsplitpath_s
_lock_file
_waccess_s
_wstat64
_unlock_file
_stat64i32
_wremove
remove
_wchdir
_chdir
_fstat64i32
_findfirst64i32
_wstat64i32
_findnext64i32
_findclose

api-ms-win-crt-locale-l1-1-0

setlocale

api-ms-win-crt-math-l1-1-0

_fdopen
ceil

Exports

Exports

??0a_canonicalized_file_name@@QAE@$$T@Z
??0a_canonicalized_file_name@@QAE@ABU0@@Z
??0a_canonicalized_file_name@@QAE@PBD@Z
??0a_find_all_refs_operation@edge@@QAE@$$QAV01@@Z
??0a_find_all_refs_operation@edge@@QAE@PAUallocator@1@PBUintermediate_symbol@1@PAVtranslation_unit@1@W4find_all_refs_filter_mode_e@1@@Z
??0a_find_def_operation@edge@@QAE@PAUallocator@1@@Z
??0a_get_symbol_operation@edge@@QAE@PAUallocator@1@ABUfile_line_column@1@@Z
??0array_type@edge@@QAE@$$QAV01@@Z
??0array_type@edge@@QAE@ABV01@@Z
??0array_type@edge@@QAE@PAUa_type@@@Z
??0base_class@edge@@QAE@PAUa_base_class@@@Z
??0block_statement_entry@edge@@QAE@$$QAV01@@Z
??0block_statement_entry@edge@@QAE@ABV01@@Z
??0block_statement_entry@edge@@QAE@PAUa_statement@@@Z
??0braced_init_list_expr_node_entry@edge@@QAE@$$QAV01@@Z
??0braced_init_list_expr_node_entry@edge@@QAE@ABV01@@Z
??0braced_init_list_expr_node_entry@edge@@QAE@PAUan_expr_node@@@Z
??0branch_statement_entry@edge@@QAE@$$QAV01@@Z
??0branch_statement_entry@edge@@QAE@ABV01@@Z
??0branch_statement_entry@edge@@QAE@PAUa_statement@@@Z
??0builtin_operation_expr_node_entry@edge@@QAE@$$QAV01@@Z
??0builtin_operation_expr_node_entry@edge@@QAE@ABV01@@Z
??0builtin_operation_expr_node_entry@edge@@QAE@PAUan_expr_node@@@Z
??0call_operation_expr_node_entry@edge@@QAE@PAUan_expr_node@@@Z
??0capt_var_expr_node_entry@edge@@QAE@$$QAV01@@Z
??0capt_var_expr_node_entry@edge@@QAE@ABV01@@Z
??0capt_var_expr_node_entry@edge@@QAE@PAUan_expr_node@@@Z
??0case_statement_entry@edge@@QAE@$$QAV01@@Z
??0case_statement_entry@edge@@QAE@ABV01@@Z
??0case_statement_entry@edge@@QAE@PAUa_statement@@@Z
??0class_struct_type@edge@@QAE@$$QAV01@@Z
??0class_struct_type@edge@@QAE@ABV01@@Z
??0class_struct_type@edge@@QAE@PAUa_type@@@Z
??0compound_req_expr_node_entry@edge@@QAE@$$QAV01@@Z
??0compound_req_expr_node_entry@edge@@QAE@ABV01@@Z
??0compound_req_expr_node_entry@edge@@QAE@PAUan_expr_node@@@Z
??0concept_expr_node_entry@edge@@QAE@$$QAV01@@Z
??0concept_expr_node_entry@edge@@QAE@ABV01@@Z
??0concept_expr_node_entry@edge@@QAE@PAUan_expr_node@@@Z
??0condition_expr_node_entry@edge@@QAE@$$QAV01@@Z
??0condition_expr_node_entry@edge@@QAE@ABV01@@Z
??0condition_expr_node_entry@edge@@QAE@PAUan_expr_node@@@Z
??0constant@edge@@QAE@PAUa_constant@@@Z
??0constant_entry@edge@@QAE@$$QAV01@@Z
??0constant_entry@edge@@QAE@ABV01@@Z
??0constant_entry@edge@@QAE@PAUa_constant@@@Z
??0constant_expr_node_entry@edge@@QAE@$$QAV01@@Z
??0constant_expr_node_entry@edge@@QAE@ABV01@@Z
??0constant_expr_node_entry@edge@@QAE@PAUan_expr_node@@@Z
??0decl_init_statement_entry@edge@@QAE@$$QAV01@@Z
??0decl_init_statement_entry@edge@@QAE@ABV01@@Z
??0decl_init_statement_entry@edge@@QAE@PAUa_statement@@@Z
??0decl_statement_entry@edge@@QAE@$$QAV01@@Z
??0decl_statement_entry@edge@@QAE@ABV01@@Z
??0decl_statement_entry@edge@@QAE@PAUa_statement@@@Z
??0derivation@edge@@QAE@PAUa_base_class_derivation@@@Z
??0enum_type@edge@@QAE@$$QAV01@@Z
??0enum_type@edge@@QAE@ABV01@@Z
??0enum_type@edge@@QAE@PAUa_type@@@Z
??0event_descr@edge@@QAE@PAUa_property_or_event_descr@@@Z
??0exception_specification@edge@@QAE@PAUan_exception_specification@@@Z
??0expr_node_entry@edge@@QAE@$$QAV01@@Z
??0expr_node_entry@edge@@QAE@ABV01@@Z
??0expr_node_entry@edge@@QAE@PAUan_expr_node@@@Z
??0expr_statement_entry@edge@@QAE@$$QAV01@@Z
??0expr_statement_entry@edge@@QAE@ABV01@@Z
??0expr_statement_entry@edge@@QAE@PAUa_statement@@@Z
??0field_entry@edge@@QAE@$$QAV01@@Z
??0field_entry@edge@@QAE@ABV01@@Z
??0field_entry@edge@@QAE@PAUa_field@@@Z
??0field_expr_node_entry@edge@@QAE@$$QAV01@@Z
??0field_expr_node_entry@edge@@QAE@ABV01@@Z
??0field_expr_node_entry@edge@@QAE@PAUan_expr_node@@@Z
??0file_buffer@edge@@IAE@$$QAV01@@Z
??0file_buffer@edge@@IAE@XZ
??0file_line_column@edge@@QAE@Ua_canonicalized_file_name@@U?$strong_typedef_t@Uline1_traits@msvc@@@msvc@@U?$strong_typedef_t@Ucolumn1_traits@msvc@@@4@@Z
??0file_line_column@edge@@QAE@XZ
??0file_position@edge@@QAE@Ua_canonicalized_file_name@@U?$strong_typedef_t@Uoffset_traits@msvc@@@msvc@@@Z
??0file_position@edge@@QAE@XZ
??0file_range@edge@@QAE@Ufile_position@1@0@Z
??0file_range@edge@@QAE@Ufile_position@1@H@Z
??0file_range@edge@@QAE@XZ
??0float_type@edge@@QAE@$$QAV01@@Z
??0float_type@edge@@QAE@ABV01@@Z
??0float_type@edge@@QAE@PAUa_type@@@Z
??0fold_expr_node_entry@edge@@QAE@$$QAV01@@Z
??0fold_expr_node_entry@edge@@QAE@ABV01@@Z
??0fold_expr_node_entry@edge@@QAE@PAUan_expr_node@@@Z
??0for_each_loop_statement_entry@edge@@QAE@$$QAV01@@Z
??0for_each_loop_statement_entry@edge@@QAE@ABV01@@Z
??0for_each_loop_statement_entry@edge@@QAE@PAUa_statement@@@Z
??0for_loop_statement_entry@edge@@QAE@$$QAV01@@Z
??0for_loop_statement_entry@edge@@QAE@ABV01@@Z
??0for_loop_statement_entry@edge@@QAE@PAUa_statement@@@Z
??0function_entry@edge@@QAE@$$QAV01@@Z
??0function_entry@edge@@QAE@ABV01@@Z
??0function_entry@edge@@QAE@PAUa_routine@@@Z
??0function_expr_node_entry@edge@@QAE@$$QAV01@@Z
??0function_expr_node_entry@edge@@QAE@ABV01@@Z
??0function_expr_node_entry@edge@@QAE@PAUan_expr_node@@@Z
??0function_type@edge@@QAE@$$QAV01@@Z
??0function_type@edge@@QAE@ABV01@@Z
??0function_type@edge@@QAE@PAUa_type@@@Z
??0handler_entry@edge@@QAE@$$QAV01@@Z
??0handler_entry@edge@@QAE@ABV01@@Z
??0handler_entry@edge@@QAE@PAUa_handler@@@Z
??0if_statement_entry@edge@@QAE@$$QAV01@@Z
??0if_statement_entry@edge@@QAE@ABV01@@Z
??0if_statement_entry@edge@@QAE@PAUa_statement@@@Z
??0il_entry@edge@@IAE@$$TW4il_entry_kind@1@@Z
??0il_entry@edge@@IAE@PAXW4il_entry_kind@1@@Z
??0il_entry@edge@@QAE@$$QAV01@@Z
??0il_entry@edge@@QAE@ABV01@@Z
??0integer_type@edge@@QAE@$$QAV01@@Z
??0integer_type@edge@@QAE@ABV01@@Z
??0integer_type@edge@@QAE@PAUa_type@@@Z
??0intellisense_operation@edge@@QAE@PAUallocator@1@PAVtranslation_unit@1@Usnapshot_session_t@snapshot@@ABUfile_position@1@V?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@U?$strong_typedef_t@Uoffset_traits@msvc@@@msvc@@_N@Z
??0intellisense_operation@edge@@QAE@PAUallocator@1@PAVtranslation_unit@1@Usnapshot_session_t@snapshot@@ABUfile_position@1@_N@Z
??0label_entry@edge@@QAE@$$QAV01@@Z
??0label_entry@edge@@QAE@ABV01@@Z
??0label_entry@edge@@QAE@PAUa_label@@@Z
??0label_statement_entry@edge@@QAE@$$QAV01@@Z
??0label_statement_entry@edge@@QAE@ABV01@@Z
??0label_statement_entry@edge@@QAE@PAUa_statement@@@Z
??0microsoft_try_statement_entry@edge@@QAE@$$QAV01@@Z
??0microsoft_try_statement_entry@edge@@QAE@ABV01@@Z
??0microsoft_try_statement_entry@edge@@QAE@PAUa_statement@@@Z
??0nested_req_expr_node_entry@edge@@QAE@$$QAV01@@Z
??0nested_req_expr_node_entry@edge@@QAE@ABV01@@Z
??0nested_req_expr_node_entry@edge@@QAE@PAUan_expr_node@@@Z
??0new_delete_expr_node_entry@edge@@QAE@$$QAV01@@Z
??0new_delete_expr_node_entry@edge@@QAE@ABV01@@Z
??0new_delete_expr_node_entry@edge@@QAE@PAUan_expr_node@@@Z
??0operation_expr_node_entry@edge@@QAE@$$QAV01@@Z
??0operation_expr_node_entry@edge@@QAE@ABV01@@Z
??0operation_expr_node_entry@edge@@QAE@PAUan_expr_node@@@Z
??0param_ref_expr_node_entry@edge@@QAE@$$QAV01@@Z
??0param_ref_expr_node_entry@edge@@QAE@ABV01@@Z
??0param_ref_expr_node_entry@edge@@QAE@PAUan_expr_node@@@Z
??0param_type_entry@edge@@QAE@$$QAV01@@Z
??0param_type_entry@edge@@QAE@ABV01@@Z
??0param_type_entry@edge@@QAE@PAUa_param_type@@@Z
??0pointer_to_member_type@edge@@QAE@$$QAV01@@Z
??0pointer_to_member_type@edge@@QAE@ABV01@@Z
??0pointer_to_member_type@edge@@QAE@PAUa_type@@@Z
??0pointer_type@edge@@QAE@$$QAV01@@Z
??0pointer_type@edge@@QAE@ABV01@@Z
??0pointer_type@edge@@QAE@PAUa_type@@@Z
??0property_descr@edge@@QAE@PAUa_property_or_event_descr@@@Z
??0property_or_event_descr@edge@@QAE@PAUa_property_or_event_descr@@@Z
??0query_action_data@edge@@QAE@$$QAV01@@Z
??0query_action_data@edge@@QAE@XZ
??0range_based_for_loop_statement_entry@edge@@QAE@$$QAV01@@Z
??0range_based_for_loop_statement_entry@edge@@QAE@ABV01@@Z
??0range_based_for_loop_statement_entry@edge@@QAE@PAUa_statement@@@Z
??0requires_expr_node_entry@edge@@QAE@$$QAV01@@Z
??0requires_expr_node_entry@edge@@QAE@ABV01@@Z
??0requires_expr_node_entry@edge@@QAE@PAUan_expr_node@@@Z
??0return_statement_entry@edge@@QAE@$$QAV01@@Z
??0return_statement_entry@edge@@QAE@ABV01@@Z
??0return_statement_entry@edge@@QAE@PAUa_statement@@@Z
??0scoped_query_manager@edge@@QAE@PAUallocator@1@PAVtranslation_unit@1@Usnapshot_session_t@snapshot@@ABUfile_position@1@V?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@_N@Z
??0scoped_query_manager@edge@@QAE@PAUallocator@1@PAVtranslation_unit@1@Usnapshot_session_t@snapshot@@_N@Z
??0sizeof_expr_node_entry@edge@@QAE@$$QAV01@@Z
??0sizeof_expr_node_entry@edge@@QAE@ABV01@@Z
??0sizeof_expr_node_entry@edge@@QAE@PAUan_expr_node@@@Z
??0source_file@edge@@QAE@PAUa_source_file@@@Z
??0source_file_entry@edge@@QAE@$$QAV01@@Z
??0source_file_entry@edge@@QAE@ABV01@@Z
??0source_file_entry@edge@@QAE@PAUa_source_file@@@Z
??0source_position@edge@@QAE@ABUa_source_position@@@Z
??0statement_entry@edge@@QAE@$$QAV01@@Z
??0statement_entry@edge@@QAE@ABV01@@Z
??0statement_entry@edge@@QAE@PAUa_statement@@@Z
??0switch_statement_entry@edge@@QAE@$$QAV01@@Z
??0switch_statement_entry@edge@@QAE@ABV01@@Z
??0switch_statement_entry@edge@@QAE@PAUa_statement@@@Z
??0temp_init_expr_node_entry@edge@@QAE@$$QAV01@@Z
??0temp_init_expr_node_entry@edge@@QAE@ABV01@@Z
??0temp_init_expr_node_entry@edge@@QAE@PAUan_expr_node@@@Z
??0template_parameter@edge@@QAE@PAUa_template_param@@PAUa_template_parameter@@@Z
??0template_parameter_type@edge@@QAE@$$QAV01@@Z
??0template_parameter_type@edge@@QAE@ABV01@@Z
??0template_parameter_type@edge@@QAE@PAUa_type@@@Z
??0throw_expr_node_entry@edge@@QAE@$$QAV01@@Z
??0throw_expr_node_entry@edge@@QAE@ABV01@@Z
??0throw_expr_node_entry@edge@@QAE@PAUan_expr_node@@@Z
??0translation_unit@edge@@QAE@XZ
??0tree_query_result_builder@edge@@QAE@$$QAV01@@Z
??0tree_query_result_builder@edge@@QAE@ABV01@@Z
??0tree_query_result_builder@edge@@QAE@XZ
??0try_statement_entry@edge@@QAE@$$QAV01@@Z
??0try_statement_entry@edge@@QAE@ABV01@@Z
??0try_statement_entry@edge@@QAE@PAUa_statement@@@Z
??0type@edge@@QAE@$$QAV01@@Z
??0type@edge@@QAE@ABV01@@Z
??0type@edge@@QAE@PAUa_type@@@Z
??0type_entry@edge@@QAE@$$QAV01@@Z
??0type_entry@edge@@QAE@ABV01@@Z
??0type_entry@edge@@QAE@PAUa_type@@@Z
??0type_expr_node_entry@edge@@QAE@$$QAV01@@Z
??0type_expr_node_entry@edge@@QAE@ABV01@@Z
??0type_expr_node_entry@edge@@QAE@PAUan_expr_node@@@Z
??0typeid_expr_node_entry@edge@@QAE@$$QAV01@@Z
??0typeid_expr_node_entry@edge@@QAE@ABV01@@Z
??0typeid_expr_node_entry@edge@@QAE@PAUan_expr_node@@@Z
??0typeref_type@edge@@QAE@$$QAV01@@Z
??0typeref_type@edge@@QAE@ABV01@@Z
??0typeref_type@edge@@QAE@PAUa_type@@@Z
??0union_type@edge@@QAE@$$QAV01@@Z
??0union_type@edge@@QAE@ABV01@@Z
??0union_type@edge@@QAE@PAUa_type@@@Z
??0unknown_expr_node_entry@edge@@QAE@$$QAV01@@Z
??0unknown_expr_node_entry@edge@@QAE@ABV01@@Z
??0unknown_expr_node_entry@edge@@QAE@PAUan_expr_node@@@Z
??0variable_entry@edge@@QAE@$$QAV01@@Z
??0variable_entry@edge@@QAE@ABV01@@Z
??0variable_entry@edge@@QAE@PAUa_variable@@@Z
??0variable_expr_node_entry@edge@@IAE@Uderived_tag@01@PAUan_expr_node@@@Z
??0variable_expr_node_entry@edge@@QAE@$$QAV01@@Z
??0variable_expr_node_entry@edge@@QAE@ABV01@@Z
??0variable_expr_node_entry@edge@@QAE@PAUan_expr_node@@@Z
??0vector_type@edge@@QAE@$$QAV01@@Z
??0vector_type@edge@@QAE@ABV01@@Z
??0vector_type@edge@@QAE@PAUa_type@@@Z
??0while_statement_entry@edge@@QAE@$$QAV01@@Z
??0while_statement_entry@edge@@QAE@ABV01@@Z
??0while_statement_entry@edge@@QAE@PAUa_statement@@@Z
??1a_find_all_refs_operation@edge@@QAE@XZ
??1a_find_def_operation@edge@@QAE@XZ
??1a_get_symbol_operation@edge@@QAE@XZ
??1file_buffer@edge@@MAE@XZ
??1intellisense_operation@edge@@QAE@XZ
??1query_action_data@edge@@QAE@XZ
??1scoped_query_manager@edge@@QAE@XZ
??1translation_unit@edge@@QAE@XZ
??4a_canonicalized_file_name@@QAEAAU0@ABU0@@Z
??4a_find_def_operation@edge@@QAEAAV01@ABV01@@Z
??4array_type@edge@@QAEAAV01@$$QAV01@@Z
??4array_type@edge@@QAEAAV01@ABV01@@Z
??4base_class@edge@@QAEAAV01@$$QAV01@@Z
??4base_class@edge@@QAEAAV01@ABV01@@Z
??4block_statement_entry@edge@@QAEAAV01@$$QAV01@@Z
??4block_statement_entry@edge@@QAEAAV01@ABV01@@Z
??4braced_init_list_expr_node_entry@edge@@QAEAAV01@$$QAV01@@Z
??4braced_init_list_expr_node_entry@edge@@QAEAAV01@ABV01@@Z
??4branch_statement_entry@edge@@QAEAAV01@$$QAV01@@Z
??4branch_statement_entry@edge@@QAEAAV01@ABV01@@Z
??4builtin_operation_expr_node_entry@edge@@QAEAAV01@$$QAV01@@Z
??4builtin_operation_expr_node_entry@edge@@QAEAAV01@ABV01@@Z
??4capt_var_expr_node_entry@edge@@QAEAAV01@$$QAV01@@Z
??4capt_var_expr_node_entry@edge@@QAEAAV01@ABV01@@Z
??4case_statement_entry@edge@@QAEAAV01@$$QAV01@@Z
??4case_statement_entry@edge@@QAEAAV01@ABV01@@Z
??4class_struct_type@edge@@QAEAAV01@$$QAV01@@Z
??4class_struct_type@edge@@QAEAAV01@ABV01@@Z
??4compound_req_expr_node_entry@edge@@QAEAAV01@$$QAV01@@Z
??4compound_req_expr_node_entry@edge@@QAEAAV01@ABV01@@Z
??4concept_expr_node_entry@edge@@QAEAAV01@$$QAV01@@Z
??4concept_expr_node_entry@edge@@QAEAAV01@ABV01@@Z
??4condition_expr_node_entry@edge@@QAEAAV01@$$QAV01@@Z
??4condition_expr_node_entry@edge@@QAEAAV01@ABV01@@Z
??4constant@edge@@QAEAAV01@$$QAV01@@Z
??4constant@edge@@QAEAAV01@ABV01@@Z
??4constant_entry@edge@@QAEAAV01@$$QAV01@@Z
??4constant_entry@edge@@QAEAAV01@ABV01@@Z
??4constant_expr_node_entry@edge@@QAEAAV01@$$QAV01@@Z
??4constant_expr_node_entry@edge@@QAEAAV01@ABV01@@Z
??4decl_init_statement_entry@edge@@QAEAAV01@$$QAV01@@Z
??4decl_init_statement_entry@edge@@QAEAAV01@ABV01@@Z
??4decl_statement_entry@edge@@QAEAAV01@$$QAV01@@Z
??4decl_statement_entry@edge@@QAEAAV01@ABV01@@Z
??4derivation@edge@@QAEAAV01@$$QAV01@@Z
??4derivation@edge@@QAEAAV01@ABV01@@Z
??4enum_type@edge@@QAEAAV01@$$QAV01@@Z
??4enum_type@edge@@QAEAAV01@ABV01@@Z
??4event_descr@edge@@QAEAAV01@$$QAV01@@Z
??4event_descr@edge@@QAEAAV01@ABV01@@Z
??4exception_specification@edge@@QAEAAV01@$$QAV01@@Z
??4exception_specification@edge@@QAEAAV01@ABV01@@Z
??4expr_node_entry@edge@@QAEAAV01@$$QAV01@@Z
??4expr_node_entry@edge@@QAEAAV01@ABV01@@Z
??4expr_statement_entry@edge@@QAEAAV01@$$QAV01@@Z
??4expr_statement_entry@edge@@QAEAAV01@ABV01@@Z
??4field_entry@edge@@QAEAAV01@$$QAV01@@Z
??4field_entry@edge@@QAEAAV01@ABV01@@Z
??4field_expr_node_entry@edge@@QAEAAV01@$$QAV01@@Z
??4field_expr_node_entry@edge@@QAEAAV01@ABV01@@Z
??4file_buffer@edge@@IAEAAV01@$$QAV01@@Z
??4file_line_column@edge@@QAEAAU01@$$QAU01@@Z
??4file_line_column@edge@@QAEAAU01@ABU01@@Z
??4file_position@edge@@QAEAAU01@$$QAU01@@Z
??4file_position@edge@@QAEAAU01@ABU01@@Z
??4file_range@edge@@QAEAAU01@$$QAU01@@Z
??4file_range@edge@@QAEAAU01@ABU01@@Z
??4float_type@edge@@QAEAAV01@$$QAV01@@Z
??4float_type@edge@@QAEAAV01@ABV01@@Z
??4fold_expr_node_entry@edge@@QAEAAV01@$$QAV01@@Z
??4fold_expr_node_entry@edge@@QAEAAV01@ABV01@@Z
??4for_each_loop_statement_entry@edge@@QAEAAV01@$$QAV01@@Z
??4for_each_loop_statement_entry@edge@@QAEAAV01@ABV01@@Z
??4for_loop_statement_entry@edge@@QAEAAV01@$$QAV01@@Z
??4for_loop_statement_entry@edge@@QAEAAV01@ABV01@@Z
??4function_entry@edge@@QAEAAV01@$$QAV01@@Z
??4function_entry@edge@@QAEAAV01@ABV01@@Z
??4function_expr_node_entry@edge@@QAEAAV01@$$QAV01@@Z
??4function_expr_node_entry@edge@@QAEAAV01@ABV01@@Z
??4function_type@edge@@QAEAAV01@$$QAV01@@Z
??4function_type@edge@@QAEAAV01@ABV01@@Z
??4handler_entry@edge@@QAEAAV01@$$QAV01@@Z
??4handler_entry@edge@@QAEAAV01@ABV01@@Z
??4if_statement_entry@edge@@QAEAAV01@$$QAV01@@Z
??4if_statement_entry@edge@@QAEAAV01@ABV01@@Z
??4il_entry@edge@@QAEAAV01@$$QAV01@@Z
??4il_entry@edge@@QAEAAV01@ABV01@@Z
??4integer_type@edge@@QAEAAV01@$$QAV01@@Z
??4integer_type@edge@@QAEAAV01@ABV01@@Z
??4label_entry@edge@@QAEAAV01@$$QAV01@@Z
??4label_entry@edge@@QAEAAV01@ABV01@@Z
??4label_statement_entry@edge@@QAEAAV01@$$QAV01@@Z
??4label_statement_entry@edge@@QAEAAV01@ABV01@@Z
??4microsoft_try_statement_entry@edge@@QAEAAV01@$$QAV01@@Z
??4microsoft_try_statement_entry@edge@@QAEAAV01@ABV01@@Z
??4nested_req_expr_node_entry@edge@@QAEAAV01@$$QAV01@@Z
??4nested_req_expr_node_entry@edge@@QAEAAV01@ABV01@@Z
??4new_delete_expr_node_entry@edge@@QAEAAV01@$$QAV01@@Z
??4new_delete_expr_node_entry@edge@@QAEAAV01@ABV01@@Z
??4operation_expr_node_entry@edge@@QAEAAV01@$$QAV01@@Z
??4operation_expr_node_entry@edge@@QAEAAV01@ABV01@@Z
??4param_ref_expr_node_entry@edge@@QAEAAV01@$$QAV01@@Z
??4param_ref_expr_node_entry@edge@@QAEAAV01@ABV01@@Z
??4param_type_entry@edge@@QAEAAV01@$$QAV01@@Z
??4param_type_entry@edge@@QAEAAV01@ABV01@@Z
??4pointer_to_member_type@edge@@QAEAAV01@$$QAV01@@Z
??4pointer_to_member_type@edge@@QAEAAV01@ABV01@@Z
??4pointer_type@edge@@QAEAAV01@$$QAV01@@Z
??4pointer_type@edge@@QAEAAV01@ABV01@@Z
??4property_descr@edge@@QAEAAV01@$$QAV01@@Z
??4property_descr@edge@@QAEAAV01@ABV01@@Z
??4property_or_event_descr@edge@@QAEAAV01@$$QAV01@@Z
??4property_or_event_descr@edge@@QAEAAV01@ABV01@@Z
??4range_based_for_loop_statement_entry@edge@@QAEAAV01@$$QAV01@@Z
??4range_based_for_loop_statement_entry@edge@@QAEAAV01@ABV01@@Z
??4requires_expr_node_entry@edge@@QAEAAV01@$$QAV01@@Z
??4requires_expr_node_entry@edge@@QAEAAV01@ABV01@@Z
??4return_statement_entry@edge@@QAEAAV01@$$QAV01@@Z
??4return_statement_entry@edge@@QAEAAV01@ABV01@@Z
??4sizeof_expr_node_entry@edge@@QAEAAV01@$$QAV01@@Z
??4sizeof_expr_node_entry@edge@@QAEAAV01@ABV01@@Z
??4source_file@edge@@QAEAAU01@$$QAU01@@Z
??4source_file@edge@@QAEAAU01@ABU01@@Z
??4source_file_entry@edge@@QAEAAV01@$$QAV01@@Z
??4source_file_entry@edge@@QAEAAV01@ABV01@@Z
??4source_position@edge@@QAEAAV01@$$QAV01@@Z
??4source_position@edge@@QAEAAV01@ABV01@@Z
??4statement_entry@edge@@QAEAAV01@$$QAV01@@Z
??4statement_entry@edge@@QAEAAV01@ABV01@@Z
??4switch_statement_entry@edge@@QAEAAV01@$$QAV01@@Z
??4switch_statement_entry@edge@@QAEAAV01@ABV01@@Z
??4temp_init_expr_node_entry@edge@@QAEAAV01@$$QAV01@@Z
??4temp_init_expr_node_entry@edge@@QAEAAV01@ABV01@@Z
??4template_parameter@edge@@QAEAAV01@$$QAV01@@Z
??4template_parameter@edge@@QAEAAV01@ABV01@@Z
??4template_parameter_type@edge@@QAEAAV01@$$QAV01@@Z
??4template_parameter_type@edge@@QAEAAV01@ABV01@@Z
??4test@translation_unit@edge@@QAEAAU012@$$QAU012@@Z
??4test@translation_unit@edge@@QAEAAU012@ABU012@@Z
??4throw_expr_node_entry@edge@@QAEAAV01@$$QAV01@@Z
??4throw_expr_node_entry@edge@@QAEAAV01@ABV01@@Z
??4tree_query_result_builder@edge@@QAEAAV01@$$QAV01@@Z
??4tree_query_result_builder@edge@@QAEAAV01@ABV01@@Z
??4try_statement_entry@edge@@QAEAAV01@$$QAV01@@Z
??4try_statement_entry@edge@@QAEAAV01@ABV01@@Z
??4type@edge@@QAEAAV01@$$QAV01@@Z
??4type@edge@@QAEAAV01@ABV01@@Z
??4type_entry@edge@@QAEAAV01@$$QAV01@@Z
??4type_entry@edge@@QAEAAV01@ABV01@@Z
??4type_expr_node_entry@edge@@QAEAAV01@$$QAV01@@Z
??4type_expr_node_entry@edge@@QAEAAV01@ABV01@@Z
??4typeid_expr_node_entry@edge@@QAEAAV01@$$QAV01@@Z
??4typeid_expr_node_entry@edge@@QAEAAV01@ABV01@@Z
??4typeref_type@edge@@QAEAAV01@$$QAV01@@Z
??4typeref_type@edge@@QAEAAV01@ABV01@@Z
??4union_type@edge@@QAEAAV01@$$QAV01@@Z
??4union_type@edge@@QAEAAV01@ABV01@@Z
??4unknown_expr_node_entry@edge@@QAEAAV01@$$QAV01@@Z
??4unknown_expr_node_entry@edge@@QAEAAV01@ABV01@@Z
??4variable_entry@edge@@QAEAAV01@$$QAV01@@Z
??4variable_entry@edge@@QAEAAV01@ABV01@@Z
??4variable_expr_node_entry@edge@@QAEAAV01@$$QAV01@@Z
??4variable_expr_node_entry@edge@@QAEAAV01@ABV01@@Z
??4vector_type@edge@@QAEAAV01@$$QAV01@@Z
??4vector_type@edge@@QAEAAV01@ABV01@@Z
??4while_statement_entry@edge@@QAEAAV01@$$QAV01@@Z
??4while_statement_entry@edge@@QAEAAV01@ABV01@@Z
??8edge@@YA_NABUfile_position@0@0@Z
??9edge@@YA_NABUfile_position@0@0@Z
??Ba_canonicalized_file_name@@QAEPBDXZ
??_7array_type@edge@@6B@
??_7block_statement_entry@edge@@6B@
??_7braced_init_list_expr_node_entry@edge@@6B@
??_7branch_statement_entry@edge@@6B@
??_7builtin_operation_expr_node_entry@edge@@6B@
??_7capt_var_expr_node_entry@edge@@6B@
??_7case_statement_entry@edge@@6B@
??_7class_struct_type@edge@@6B@
??_7compound_req_expr_node_entry@edge@@6B@
??_7concept_expr_node_entry@edge@@6B@
??_7condition_expr_node_entry@edge@@6B@
??_7constant_entry@edge@@6B@
??_7constant_expr_node_entry@edge@@6B@
??_7decl_init_statement_entry@edge@@6B@
??_7decl_statement_entry@edge@@6B@
??_7enum_type@edge@@6B@
??_7expr_node_entry@edge@@6B@
??_7expr_statement_entry@edge@@6B@
??_7field_entry@edge@@6B@
??_7field_expr_node_entry@edge@@6B@
??_7file_buffer@edge@@6B@
??_7float_type@edge@@6B@
??_7fold_expr_node_entry@edge@@6B@
??_7for_each_loop_statement_entry@edge@@6B@
??_7for_loop_statement_entry@edge@@6B@
??_7function_entry@edge@@6B@
??_7function_expr_node_entry@edge@@6B@
??_7function_type@edge@@6B@
??_7handler_entry@edge@@6B@
??_7if_statement_entry@edge@@6B@
??_7il_entry@edge@@6B@
??_7integer_type@edge@@6B@
??_7label_entry@edge@@6B@
??_7label_statement_entry@edge@@6B@
??_7microsoft_try_statement_entry@edge@@6B@
??_7nested_req_expr_node_entry@edge@@6B@
??_7new_delete_expr_node_entry@edge@@6B@
??_7operation_expr_node_entry@edge@@6B@
??_7param_ref_expr_node_entry@edge@@6B@
??_7param_type_entry@edge@@6B@
??_7pointer_to_member_type@edge@@6B@
??_7pointer_type@edge@@6B@
??_7range_based_for_loop_statement_entry@edge@@6B@
??_7requires_expr_node_entry@edge@@6B@
??_7return_statement_entry@edge@@6B@
??_7sizeof_expr_node_entry@edge@@6B@
??_7source_file_entry@edge@@6B@
??_7statement_entry@edge@@6B@
??_7switch_statement_entry@edge@@6B@
??_7temp_init_expr_node_entry@edge@@6B@
??_7template_parameter_type@edge@@6B@
??_7throw_expr_node_entry@edge@@6B@
??_7tree_query_result_builder@edge@@6B@
??_7try_statement_entry@edge@@6B@
??_7type@edge@@6B@
??_7type_entry@edge@@6B@
??_7type_expr_node_entry@edge@@6B@
??_7typeid_expr_node_entry@edge@@6B@
??_7typeref_type@edge@@6B@
??_7union_type@edge@@6B@
??_7unknown_expr_node_entry@edge@@6B@
??_7variable_entry@edge@@6B@
??_7variable_expr_node_entry@edge@@6B@
??_7vector_type@edge@@6B@
??_7while_statement_entry@edge@@6B@
?access@derivation@edge@@QBE?AW4access_specifier_e@2@XZ
?activate@file_buffer@edge@@QAEXXZ
?antlr_parse@@YA_NHPAPBDPBDW4parse_lang_e@edge@@AAVa_scout_parser_interface@@@Z
?append_primary@tree_query_result_builder@edge@@UAEXPAVil_entry@2@@Z
?append_primary@tree_query_result_builder@edge@@UAEXPAVil_entry@2@ABUfile_position@2@1@Z
?arg_list_for_call_site@intellisense_operation@edge@@QAE_NPAU?$strong_typedef_t@Uoffset_traits@msvc@@@msvc@@0@Z
?arg_list_kind@argument_list_entry@edge@@QBE?AW4arg_list_entry_kind@2@XZ
?arity@operation_expr_node_entry@edge@@QBE?AW4operator_arity@2@XZ
?as_file_position@file_line_column@edge@@QBE?AUfile_position@2@XZ
?base_class@base_class_entry@edge@@QBEPAV02@XZ
?batch_preprocess_file@@YAXV?$span_t@V?$basic_string_view@DU?$char_traits@D@std@@@std@@@msvc@@0V?$basic_string_view@DU?$char_traits@D@std@@@std@@AAUbatch_preprocess_events@@Usnapshot_session_t@snapshot@@@Z
?batch_restore_macro@@YAXV?$basic_string_view@DU?$char_traits@D@std@@@std@@0@Z
?batch_restore_pragma_once@@YAXPBD@Z
?body@for_each_loop_statement_entry@edge@@QBEPAVstatement_entry@2@XZ
?body@for_loop_statement_entry@edge@@QBEPAVstatement_entry@2@XZ
?body@function_entry@edge@@QBEPAVstatement_entry@2@XZ
?body@function_scope_entry@edge@@QBEPAVstatement_entry@2@XZ
?body@handler_entry@edge@@QBEPAVstatement_entry@2@XZ
?body@microsoft_try_statement_entry@edge@@QBEPAVstatement_entry@2@XZ
?body@range_based_for_loop_statement_entry@edge@@QBEPAVstatement_entry@2@XZ
?body@switch_statement_entry@edge@@QBEPAVstatement_entry@2@XZ
?body@try_statement_entry@edge@@QBEPAVstatement_entry@2@XZ
?body@while_statement_entry@edge@@QBEPAVstatement_entry@2@XZ
?call_sites_in_enclosing_function_scope@intellisense_operation@edge@@QAEXPAU?$list@Ucall_site@edge@@@2@@Z
?calling_convention@function_type@edge@@QBE?AW4calling_convention_kind@2@XZ
?canonicalize@edge@@YA?AUa_canonicalized_file_name@@PBD@Z
?canonicalize@edge@@YA?AUa_canonicalized_file_name@@PBG@Z
?check_and_compile@scoped_query_manager@edge@@AAEXABUfile_position@2@00_N11@Z
?check_and_compile@scoped_query_manager@edge@@AAEXABUfile_position@2@_N11@Z
?check_and_compile_for_file_scope@scoped_query_manager@edge@@AAEXABUfile_position@2@@Z
?class_type@pointer_to_member_type@edge@@QBEPAVclass_struct_type@2@XZ
?cleanup@microsoft_try_statement_entry@edge@@QBEPAVstatement_entry@2@XZ
?clear_canonicalizer_cache@edge@@YAXXZ
?close@file_buffer@edge@@QAEXXZ
?collection@for_each_loop_statement_entry@edge@@QBEPAVexpr_node_entry@2@XZ
?compare_name@type@edge@@QBEHV?$basic_string_view@DU?$char_traits@D@std@@@std@@@Z
?concept_@concept_expr_node_entry@edge@@QBEPAVtemplate_entry@2@XZ

Sections

.text
Size: 4.5MB - Virtual size: 4.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 215KB - Virtual size: 1.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1000B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 229KB - Virtual size: 229KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
kopje.rtf
lnstall.exe
.exe windows:6 windows x86 arch:x86

Password: infected

fff1c8e0502974754be376b6f0be2392

Code Sign

33:00:00:03:4d:4e:91:a6:1a:28:b0:78:8f:00:00:00:00:03:4d
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16-03-2023 18:43

Not After

14-03-2024 18:43

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08-07-2011 20:59

Not After

08-07-2026 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

ff:fb:f8:b9:5c:c0:ef:b7:38:fc:78:e4:5d:30:6c:e1:49:e7:3c:46:77:ff:99:0b:42:19:99:04:ab:e6:d7:cc
Signer

Actual PE Digest

ff:fb:f8:b9:5c:c0:ef:b7:38:fc:78:e4:5d:30:6c:e1:49:e7:3c:46:77:ff:99:0b:42:19:99:04:ab:e6:d7:cc

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

ole32

CoTaskMemFree
CoCreateGuid

user32

IsCharUpperW
TranslateMessage
DispatchMessageA
GetMessageA
GetSystemMetrics
CharUpperBuffW
IsCharLowerW
CharLowerBuffW
MessageBoxW
LoadStringW
MapVirtualKeyW

oleaut32

SysStringLen
SysFreeString

concrt140

?_RunAndWait@_StructuredTaskCollection@details@Concurrency@@QAG?AW4_TaskCollectionStatus@23@PAV_UnrealizedChore@23@@Z
?_CheckTaskCollection@_UnrealizedChore@details@Concurrency@@IAEXXZ
?_Schedule@_StructuredTaskCollection@details@Concurrency@@QAEXPAV_UnrealizedChore@23@@Z
??1_StructuredTaskCollection@details@Concurrency@@QAE@XZ
?Free@Concurrency@@YAXPAX@Z
?_GetNumberOfVirtualProcessors@_CurrentScheduler@details@Concurrency@@SAIXZ

msvcp140

??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@_J@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@I@Z
_Cnd_signal
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UAE@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@H@Z
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEXABVlocale@2@@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEPAV12@PAD_J@Z
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAD00@Z
?pbase@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
?epptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?egptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?eback@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAD00@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAD0@Z
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?good@ios_base@std@@QBE_NXZ
?flags@ios_base@std@@QBEHXZ
?width@ios_base@std@@QBE_JXZ
?width@ios_base@std@@QAE_J_J@Z
?getloc@ios_base@std@@QBE?AVlocale@2@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@D@Z
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDD@Z
?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDXZ
?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEPAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QAE_N_N@Z
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?tie@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEPAV?$basic_ostream@DU?$char_traits@D@std@@@2@XZ
_Xtime_get_ticks
_Cnd_timedwait
?cin@std@@3V?$basic_istream@DU?$char_traits@D@std@@@1@A
?uncaught_exception@std@@YA_NXZ
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
??0_Locinfo@std@@QAE@PBD@Z
??1_Locinfo@std@@QAE@XZ
?_Getcoll@_Locinfo@std@@QBE?AU_Collvec@@XZ
??Bid@locale@std@@QAEIXZ
?_Incref@facet@locale@std@@UAEXXZ
?_Decref@facet@locale@std@@UAEPAV_Facet_base@3@XZ
??0facet@locale@std@@IAE@I@Z
??1facet@locale@std@@MAE@XZ
?is@?$ctype@D@std@@QBE_NFD@Z
?tolower@?$ctype@D@std@@QBEDD@Z
?tolower@?$ctype@D@std@@QBEPBDPADPBD@Z
?_Getcat@?$ctype@D@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?c_str@?$_Yarn@D@std@@QBEPBDXZ
_Strcoll
_Cnd_register_at_thread_exit
?__ExceptionPtrRethrow@@YAXPBX@Z
?__ExceptionPtrDestroy@@YAXPAX@Z
?__ExceptionPtrToBool@@YA_NPBX@Z
?id@?$collate@D@std@@2V0locale@2@A
?id@?$ctype@D@std@@2V0locale@2@A
?_Xregex_error@std@@YAXW4error_type@regex_constants@1@@Z
?_Init@locale@std@@CAPAV_Locimp@12@_N@Z
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ
??0_Lockit@std@@QAE@H@Z
??1_Lockit@std@@QAE@XZ
?__ExceptionPtrCopy@@YAXPAXPBX@Z
_Strxfrm
?__ExceptionPtrCopyException@@YAXPAXPBX1@Z
?__ExceptionPtrCreate@@YAXPAX@Z
_Cnd_unregister_at_thread_exit
?__ExceptionPtrAssign@@YAXPAXPBX@Z
?_Xbad_function_call@std@@YAXXZ
?_Xout_of_range@std@@YAXPBD@Z
_Query_perf_counter
_Query_perf_frequency
_Cnd_destroy_in_situ
_Cnd_broadcast
_Mtx_unlock
_Cnd_wait
_Mtx_init_in_situ
_Mtx_lock
_Mtx_destroy_in_situ
?_Syserror_map@std@@YAPBDH@Z
?_Xlength_error@std@@YAXPBD@Z
?_Throw_C_error@std@@YAXH@Z
?_Xbad_alloc@std@@YAXXZ
_Cnd_init_in_situ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?gbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXH@Z
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ

kernel32

FindNextFileW
GetModuleFileNameW
GetLocaleInfoA
WaitForSingleObject
DuplicateHandle
CreateNamedPipeW
CreateFileW
ResumeThread
WriteFile
ReadFile
CancelIoEx
CreateEventA
GetExitCodeProcess
GetErrorMode
SetErrorMode
WriteConsoleW
WideCharToMultiByte
LoadLibraryExW
GetThreadPreferredUILanguages
SizeofResource
LockResource
LoadResource
FindResourceExW
FindResourceW
AreFileApisANSI
TryEnterCriticalSection
HeapCreate
GetDiskFreeSpaceW
OutputDebugStringA
LockFile
InitializeCriticalSection
SetFilePointer
GetFullPathNameA
SetEndOfFile
UnlockFileEx
GetTempPathW
CreateMutexW
HeapValidate
Sleep
GetTempPathA
FormatMessageW
GetDiskFreeSpaceA
GetFileAttributesA
FlushViewOfFile
FindFirstFileExW
LoadLibraryA
DeleteFileA
DeleteFileW
HeapCompact
UnlockFile
GetCurrentProcessId
SetUnhandledExceptionFilter
HeapFree
InitializeCriticalSectionEx
HeapSize
MultiByteToWideChar
GetLastError
HeapReAlloc
HeapAlloc
HeapDestroy
MapViewOfFile
DeleteCriticalSection
UnmapViewOfFile
FreeLibrary
SetConsoleTitleW
GetCurrentProcess
TerminateProcess
GetProcessId
OpenProcess
CloseHandle
LoadLibraryW
AllocConsole
CheckRemoteDebuggerPresent
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
SetEvent
ResetEvent
WaitForSingleObjectEx
CreateEventW
GetModuleHandleW
QueryPerformanceCounter
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
UnhandledExceptionFilter
IsProcessorFeaturePresent
ReleaseSRWLockExclusive
ReleaseSRWLockShared
AcquireSRWLockExclusive
AcquireSRWLockShared
TryAcquireSRWLockExclusive
OutputDebugStringW
CreateFileMappingA
CompareStringEx
SetHandleInformation
GetFileAttributesExW
FindClose
LocalFree
LockFileEx
GetFileSize
SystemTimeToFileTime
GetSystemTime
FormatMessageA
GetTickCount
CreateFileA
CreateFileMappingW
FlushFileBuffers
GetQueuedCompletionStatus
PostQueuedCompletionStatus
CreateIoCompletionPort
SetNamedPipeHandleState
RegisterWaitForSingleObject
GetCPInfo
GetACP
UnregisterWait
PeekNamedPipe
QueueUserWorkItem
CancelSynchronousIo
GetNamedPipeHandleStateA
GetCurrentThread
SwitchToThread
WaitNamedPipeW
ConnectNamedPipe
SetConsoleCtrlHandler
GetConsoleScreenBufferInfo
SetConsoleTextAttribute
GetConsoleCursorInfo
SetConsoleCursorInfo
FillConsoleOutputCharacterW
ReadConsoleInputW
ReadConsoleW
GetProcessHeap
GetFileAttributesW
GetFullPathNameW
GetCurrentDirectoryW
GetEnvironmentVariableW
WriteConsoleInputW
GetSystemInfo
FillConsoleOutputAttribute
GetProcAddress
TlsSetValue
GetNumberOfConsoleInputEvents
GetModuleHandleA
LoadLibraryExA
DebugBreak
CancelIo
UnregisterWaitEx
ReadDirectoryChangesW
GetLongPathNameW
QueryPerformanceFrequency
CreateSemaphoreA
GetNativeSystemInfo
TlsAlloc
InitializeConditionVariable
WakeConditionVariable
ReleaseSemaphore
SetConsoleCursorPosition
SleepConditionVariableCS

advapi32

EventWrite
EventRegister
EventUnregister

vcruntime140

__current_exception
strchr
_purecall
__std_terminate
__current_exception_context
__std_exception_copy
__std_exception_destroy
__CxxFrameHandler3
strrchr
wcsrchr
memchr
__RTDynamicCast
memcmp
memmove
_CxxThrowException
_except_handler4_common
memset
memcpy

api-ms-win-crt-runtime-l1-1-0

_invalid_parameter_noinfo_noreturn
_endthreadex
_seh_filter_exe
_set_app_type
_beginthreadex
_configure_wide_argv
_initialize_wide_environment
_get_initial_wide_environment
_initterm
_initterm_e
exit
_exit
__p___argc
_set_invalid_parameter_handler
_cexit
_c_exit
_register_thread_local_exe_atexit_callback
terminate
_initialize_onexit_table
_register_onexit_function
_crt_atexit
_controlfp_s
_invalid_parameter_noinfo
_errno
__p___wargv
abort

api-ms-win-crt-heap-l1-1-0

calloc
realloc
free
_callnewh
malloc
_set_new_mode

api-ms-win-crt-string-l1-1-0

isalnum
strncmp
wmemcpy_s
_wcsnicmp
wcsncpy
strcspn
iswspace
wcsnlen
strncpy_s
wcsncmp

api-ms-win-crt-stdio-l1-1-0

ftell
feof
fseek
__stdio_common_vsnprintf_s
__acrt_iob_func
__stdio_common_vfprintf
freopen_s
__stdio_common_vswprintf_s
__stdio_common_vsprintf
_close
_set_fmode
_wsopen_s
_wfsopen
__stdio_common_vswprintf
fread
fclose
__p__commode
_ungetc_nolock
_getc_nolock

api-ms-win-crt-convert-l1-1-0

atoi
wcstoul
strtoul

api-ms-win-crt-math-l1-1-0

_fdopen
__setusermatherr
ceil
floor

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

cpfe

?mark_telemetry_consumed@query_action_data@edge@@QAEXXZ
?symbol_at_cursor@intellisense_operation@edge@@QAEPAUsymbol@2@XZ
??1a_find_all_refs_operation@edge@@QAE@XZ
??0translation_unit@edge@@QAE@XZ
??0a_find_all_refs_operation@edge@@QAE@PAUallocator@1@PBUintermediate_symbol@1@PAVtranslation_unit@1@W4find_all_refs_filter_mode_e@1@@Z
?resolve_candidate@a_find_all_refs_operation@edge@@QAE?AUa_far_resolution@2@Usnapshot_session_t@snapshot@@ABUfile_position@2@PAU?$strong_typedef_t@Uoffset_traits@msvc@@@msvc@@222PAV?$basic_buffer@D@8@@Z
?release_query_action_data@a_find_all_refs_operation@edge@@QAE?AVquery_action_data@2@XZ
??1translation_unit@edge@@QAE@XZ
?initialize@translation_unit@edge@@QAE_NABV?$shared_ptr@Umodule_loader@edge@@@std@@HQAPBDPBD2_N2Usnapshot_session_t@snapshot@@AAVquery_action_data@2@@Z
?set_instantiation_args@translation_unit@edge@@QAEXABUfile_position@2@PBD@Z
?preparse_successful@translation_unit@edge@@QBE_NXZ
?get_preparse_snapshot_session@translation_unit@edge@@QBE?AUsnapshot_session_t@snapshot@@XZ
?depends_on_file@translation_unit@edge@@QBE_NUa_canonicalized_file_name@@@Z
?contains_source_file@translation_unit@edge@@QBE_NUa_canonicalized_file_name@@@Z
?uses_pch_file@translation_unit@edge@@QBE_NUa_canonicalized_file_name@@@Z
?get_errors_for_tu@translation_unit@edge@@QBEXPAUallocator@2@Usnapshot_session_t@snapshot@@PAUisense_error_array@2@@Z
?get_errors_for_file@translation_unit@edge@@QBEXPAUallocator@2@Usnapshot_session_t@snapshot@@Ua_canonicalized_file_name@@PAUisense_error_array@2@@Z
?get_instantiation_errors_for_file@translation_unit@edge@@QBEXPAUallocator@2@Usnapshot_session_t@snapshot@@Ua_canonicalized_file_name@@PAUinstantiation_error_array@2@@Z
?update_range@translation_unit@edge@@QAEXPAUallocator@2@Usnapshot_session_t@snapshot@@Ufile_position@2@2ABUupdate_range_options@2@2PAU?$strong_typedef_t@Uoffset_traits@msvc@@@msvc@@4ABV?$an_array_list@PAUupdate_range_action@edge@@V?$allocator@PAUupdate_range_action@edge@@@std@@@@AAVquery_action_data@2@@Z
?get_semantic_tokens_for_fragments_in_view@translation_unit@edge@@QBE_NPAUallocator@2@Usnapshot_session_t@snapshot@@Ua_canonicalized_file_name@@PAUsemantic_token_array@2@@Z
?get_file_include_data@translation_unit@edge@@QBE_NPAUallocator@2@Usnapshot_session_t@snapshot@@Ua_canonicalized_file_name@@PAUfile_include_data@2@@Z
?get_macro_tokens_for_fragments_in_view@translation_unit@edge@@QBE_NPAUallocator@2@Usnapshot_session_t@snapshot@@Ua_canonicalized_file_name@@PAUmacro_token_array@2@@Z
?get_reference_highlights@translation_unit@edge@@QBE_NPAUallocator@2@Usnapshot_session_t@snapshot@@Ua_canonicalized_file_name@@PAUreference_highlight_array@2@@Z
?get_inline_hints@translation_unit@edge@@QBE_NPAUallocator@2@Usnapshot_session_t@snapshot@@Ua_canonicalized_file_name@@PAUinline_hint_result@2@@Z
?get_spell_check_decls@translation_unit@edge@@QBE_NPAUallocator@2@Usnapshot_session_t@snapshot@@Ua_canonicalized_file_name@@PAUspell_check_result@2@@Z
?get_inactive_regions_for_file@translation_unit@edge@@QBEXPAUallocator@2@Usnapshot_session_t@snapshot@@Ua_canonicalized_file_name@@_NPAUinactive_region_array@2@@Z
?get_instantiation_args_pos_for_file@translation_unit@edge@@QBEXPAUallocator@2@Usnapshot_session_t@snapshot@@Ua_canonicalized_file_name@@_NPAUinstantiation_args_pos_array@2@@Z
?type_pointed_to@pointer_type@edge@@QBEPAVtype@2@XZ
?extract_overloads@symbol@edge@@QAE_NPAU?$list@PAUsymbol@edge@@@2@@Z
?to_string@type@edge@@UBEXPAU?$buffer@D@msvc@@I@Z
?to_string@type@edge@@QBEXPAU?$buffer@D@msvc@@@Z
?symbol@type@edge@@QBEPAU02@XZ
?get_parameters@function_type@edge@@QBEXPAU?$list@PAVparam_type_entry@edge@@@2@@Z
?has_ellipsis@function_type@edge@@QBE_NXZ
?this_class@function_type@edge@@QBEPAVtype@2@XZ
?form_restrict_specifier@function_type@edge@@QBEXPAU?$buffer@D@msvc@@AAPBD@Z
??0a_get_symbol_operation@edge@@QAE@PAUallocator@1@ABUfile_line_column@1@@Z
??1a_get_symbol_operation@edge@@QAE@XZ
?get_intermediate_symbols@a_get_symbol_operation@edge@@QBE?AW4an_error_code@12@PAVtranslation_unit@2@Usnapshot_session_t@snapshot@@W4symbol_filter_e@2@W4simplify_symbol_options_e@2@W4intermediate_symbol_options_e@2@_NPAW4error_code@intellisense_operation@2@PAU?$list@PAUsymbol@edge@@@2@@Z
?release_query_action_data@a_get_symbol_operation@edge@@QAE?AVquery_action_data@2@XZ
?name@source_file@edge@@QBEPBDXZ
?full_name@source_file@edge@@QBEPBDXZ
?type@param_type_entry@edge@@QBEPAV02@XZ
?name@param_type_entry@edge@@QBEPBDPAU?$buffer@D@msvc@@_N@Z
?is_parameter_pack@param_type_entry@edge@@QBE_NXZ
?form_declaration@param_type_entry@edge@@QBEXPAU?$buffer@D@msvc@@I@Z
?physical_position@source_position@edge@@QBE?AUfile_position@2@XZ
?is_null_position@source_position@edge@@QBE_NXZ
?source_file@source_position@edge@@QBEPAU02@_N@Z
?is_position_in_assembly@source_position@edge@@QBE_NXZ
?fill_in_intermediate@edge@@YAXPAUintermediate_symbol@1@PBUsymbol@1@W4intermediate_symbol_options_e@1@@Z
?is_class_scope@scope_entry@edge@@QBE_NXZ
?is_namespace_scope@scope_entry@edge@@QBE_NXZ
?get_cli_class_type_kind@class_struct_type@edge@@QBE?AW4cli_class_type_kind@2@XZ
?is_delegate_type@class_struct_type@edge@@QBE_NXZ
??0intellisense_operation@edge@@QAE@PAUallocator@1@PAVtranslation_unit@1@Usnapshot_session_t@snapshot@@ABUfile_position@1@V?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@U?$strong_typedef_t@Uoffset_traits@msvc@@@msvc@@_N@Z
??0intellisense_operation@edge@@QAE@PAUallocator@1@PAVtranslation_unit@1@Usnapshot_session_t@snapshot@@ABUfile_position@1@_N@Z
??1intellisense_operation@edge@@QAE@XZ
?symbol_at_cursor@intellisense_operation@edge@@QAEPAUsymbol@2@_NPAUmacro_invocation_info@2@@Z
?get_derived_and_base_at_cursor@intellisense_operation@edge@@QAEXPAPAUsymbol@2@0@Z
?scope_at_cursor@intellisense_operation@edge@@QAEPAVscope_entry@2@PAPAVmember_selection_entry@2@_N1@Z
?function_scope_enclosing_cursor@intellisense_operation@edge@@QAEPAUfunction_symbol@2@XZ
?condition@condition_expr_node_entry@edge@@QBEPAVexpr_node_entry@2@XZ
?get_auto_complete_members@intellisense_operation@edge@@QAEXAAPAVmember_selection_entry@2@AAPAVscope_entry@2@PAU?$list@PAUsymbol@edge@@@2@222PAV?$map@PAUsymbol@edge@@IU?$less@PAUsymbol@edge@@@std@@V?$allocator@U?$pair@QAUsymbol@edge@@I@std@@@4@@std@@W4member_list_kind@12@@Z
?get_auto_complete_members@intellisense_operation@edge@@QAEXAAPAVmember_selection_entry@2@AAPAVscope_entry@2@PAU?$list@PAUsymbol@edge@@@2@222W4member_list_kind@12@_NAA_N55PAV?$map@PAUsymbol@edge@@IU?$less@PAUsymbol@edge@@@std@@V?$allocator@U?$pair@QAUsymbol@edge@@I@std@@@4@@std@@@Z
?get_param_help_overloads@intellisense_operation@edge@@QAEPAUsymbol@2@PAU?$list@PAUsymbol@edge@@@2@PAW4arg_list_entry_kind@2@PA_N2PAUfile_position@2@333@Z
?release_query_action_data@intellisense_operation@edge@@QAE?AVquery_action_data@2@XZ
?is_scope_context_active@intellisense_operation@edge@@QAE_NXZ
?get_type_expected_at_position@intellisense_operation@edge@@QAEPAVtype@2@D_N0@Z
?set_compilation_and_indexing_hints@intellisense_operation@edge@@QAEX_NH@Z
??0a_find_def_operation@edge@@QAE@PAUallocator@1@@Z
??1a_find_def_operation@edge@@QAE@XZ
?find_definition@a_find_def_operation@edge@@QAE?AW4an_error_code@12@PBUintermediate_symbol@2@PAU42@PAVtranslation_unit@2@Usnapshot_session_t@snapshot@@@Z
?pgo_sweep@edge@@YAXPBD@Z
?canonicalize@edge@@YA?AUa_canonicalized_file_name@@PBD@Z
?get_delegate_symbol@event_descr@edge@@QBEPAUclass_struct_symbol@2@XZ
?delegate_invocation_type@event_descr@edge@@QBEPAVfunction_type@2@XZ
?to_string@template_arg_entry@edge@@QBEXPAU?$buffer@D@msvc@@I@Z
?length@file_range@edge@@QBEHXZ
?is_enum@integer_type@edge@@QBE_NXZ
?class_type@pointer_to_member_type@edge@@QBEPAVclass_struct_type@2@XZ
?member_type@pointer_to_member_type@edge@@QBEPAVtype@2@XZ
?is_stub_host@edge@@YA_NXZ
??0scoped_query_manager@edge@@QAE@PAUallocator@1@PAVtranslation_unit@1@Usnapshot_session_t@snapshot@@_N@Z
??1scoped_query_manager@edge@@QAE@XZ
?symbol@template_parameter@edge@@QBEPAU02@XZ
?to_string@template_parameter@edge@@QBEXPAU?$buffer@D@msvc@@I@Z
?is_colon_colon@member_selection_entry@edge@@QBE_NXZ
?selector_expr@member_selection_entry@edge@@QBEPAVexpr_node_entry@2@XZ
install_host
?tag_parse@@YA_NIPAPBDPBD1W4parse_lang_e@edge@@Usnapshot_session_t@snapshot@@PAVa_scout_parser_interface@@@Z
?tag_parse_invalidate_cache@@YAXXZ
?tag_parse_metadata@@YA_NPBDPAVa_scout_parser_interface@@@Z
?get_pch_size_in_bytes@query_action_data@edge@@QBE_KXZ
??0file_position@edge@@QAE@XZ
?is_null_position@file_position@edge@@QBE_NXZ
?symbol@scope_entry@edge@@QBEPAU02@XZ
?get_query_manager@intellisense_operation@edge@@QAEABVscoped_query_manager@2@XZ
?type@expr_node_entry@edge@@QBEPAV02@XZ
?is_lvalue@expr_node_entry@edge@@QBE_NXZ
?is_parenthesized@expr_node_entry@edge@@QBE_NXZ
?get_translation_unit_language@translation_unit@edge@@QBE?AW4translation_unit_language_e@2@XZ
?is_inside_inactive_region@translation_unit@edge@@QBE_NABUfile_position@2@@Z
?type@constant@edge@@QBEPAV02@XZ
?symbol@constant@edge@@QBEPAU02@XZ
?to_string_with_refs@type@edge@@QBEIPAU?$buffer@D@msvc@@IPBD@Z
?is_const@type@edge@@QBE_NXZ
?position@source_position@edge@@QBE?AUfile_position@2@XZ
?last_error_code@intellisense_operation@edge@@QBE?AW4error_code@12@XZ
?get_trees_in_enclosing_function_scope@intellisense_operation@edge@@QAE_NPAU?$list@PAVil_entry@edge@@@2@PAU?$list@Ufile_position@edge@@@2@1@Z
?get_symbol_from_il_entry@intellisense_operation@edge@@QAEPAUsymbol@2@PAVil_entry@2@_N@Z
?constant@constant_entry@edge@@QBEPAV02@XZ
?target_of_branch@branch_statement_entry@edge@@QBEPAVstatement_entry@2@XZ
?is_end_reachable@statement_entry@edge@@QBE_NXZ
?source_range@statement_entry@edge@@QBEXPAUfile_position@2@0@Z
?switch_of_case@case_statement_entry@edge@@QBEPAVstatement_entry@2@XZ
?is_toplevel_case@case_statement_entry@edge@@QBE_NXZ
?kind@il_entry@edge@@QBE?AW4il_entry_kind@2@XZ
?has_syntax_errors_in_range@scoped_query_manager@edge@@QBE_NABUfile_position@2@0@Z
?symbol@macro_invocation_entry@edge@@QBEPAUmacro_symbol@2@XZ
?type_referenced@pointer_type@edge@@QBEPAVtype@2@XZ
?is_reference@pointer_type@edge@@QBE_NXZ
?kind@type@edge@@QBE?AW4type_kind@2@XZ
?is_equal_to@type@edge@@QBE_NPBV12@H@Z
?skip_all_typerefs@typeref_type@edge@@QBEPAVtype@2@XZ
?return_type@function_type@edge@@QBEPAVtype@2@XZ
?expr_operand@typeid_expr_node_entry@edge@@QBEPAVexpr_node_entry@2@XZ
?get_last_preparse_pch_action@query_action_data@edge@@QBE?AW4pch_action_tag_e@2@XZ
?get_num_preparses_done@query_action_data@edge@@QBEHXZ
?get_function_scopes_overlapping_span@scoped_query_manager@edge@@QAEXABUfile_position@2@0PAU?$list@PAVfunction_scope_entry@edge@@@2@@Z
?expr_operand@sizeof_expr_node_entry@edge@@QBEPAVexpr_node_entry@2@XZ
?get_elements@braced_init_list_expr_node_entry@edge@@QBEXPAU?$list@PAVexpr_node_entry@edge@@@2@@Z
?get_operands@fold_expr_node_entry@edge@@QBEXPAU?$list@PAVexpr_node_entry@edge@@@2@@Z
?get_requirements@requires_expr_node_entry@edge@@QBEXPAU?$list@PAVexpr_node_entry@edge@@@2@@Z
?expression@compound_req_expr_node_entry@edge@@QBEPAVexpr_node_entry@2@XZ
?constraint@compound_req_expr_node_entry@edge@@QBEPAVconcept_expr_node_entry@2@XZ
?constant@constant_dynamic_init_entry@edge@@QBEPAV02@XZ
?expression@expression_dynamic_init_entry@edge@@QBEPAVexpr_node_entry@2@XZ
?append_primary@tree_query_result_builder@edge@@UAEXPAVil_entry@2@ABUfile_position@2@1@Z
??0tree_query_result_builder@edge@@QAE@XZ
?symbol@base_class@edge@@QBEPAUclass_struct_symbol@2@XZ
?type@type_entry@edge@@QBEPAV02@XZ
?body@function_scope_entry@edge@@QBEPAVstatement_entry@2@XZ
?get_declarations_overlapping_span@scoped_query_manager@edge@@QAEXABUfile_position@2@0PAVtree_query_result_builder@2@@Z
?expression@expr_statement_entry@edge@@QBEPAVexpr_node_entry@2@XZ
?condition@if_statement_entry@edge@@QBEPAVexpr_node_entry@2@XZ
??1query_action_data@edge@@QAE@XZ
??0query_action_data@edge@@QAE@$$QAV01@@Z
?then_statement@if_statement_entry@edge@@QBEPAVstatement_entry@2@XZ
?else_statement@if_statement_entry@edge@@QBEPAVstatement_entry@2@XZ
?is_do_while@while_statement_entry@edge@@QBE_NXZ
?body@while_statement_entry@edge@@QBEPAVstatement_entry@2@XZ
?condition@while_statement_entry@edge@@QBEPAVexpr_node_entry@2@XZ
?expression@return_statement_entry@edge@@QBEPAVexpr_node_entry@2@XZ
?get_children@block_statement_entry@edge@@QBEXPAU?$list@PAVstatement_entry@edge@@@2@@Z
?initialization@for_loop_statement_entry@edge@@QBEPAVstatement_entry@2@XZ
?symbol@function_entry@edge@@QBEPAUfunction_symbol@2@XZ
?symbol@namespace_entry@edge@@QBEPAUnamespace_symbol@2@XZ
?condition@for_loop_statement_entry@edge@@QBEPAVexpr_node_entry@2@XZ
?increment@for_loop_statement_entry@edge@@QBEPAVexpr_node_entry@2@XZ
?symbol@variable_entry@edge@@QBEPAUvariable_symbol@2@XZ
?body@for_loop_statement_entry@edge@@QBEPAVstatement_entry@2@XZ
?range_expr@range_based_for_loop_statement_entry@edge@@QBEPAVexpr_node_entry@2@XZ
?body@range_based_for_loop_statement_entry@edge@@QBEPAVstatement_entry@2@XZ
?collection@for_each_loop_statement_entry@edge@@QBEPAVexpr_node_entry@2@XZ
?body@for_each_loop_statement_entry@edge@@QBEPAVstatement_entry@2@XZ
?symbol@field_entry@edge@@QBEPAUfield_symbol@2@XZ
?symbol@template_entry@edge@@QBEPAUtemplate_symbol@2@XZ
?body@switch_statement_entry@edge@@QBEPAVstatement_entry@2@XZ
?is_bool@integer_type@edge@@QBE_NXZ
?initialization@decl_init_statement_entry@edge@@QBEPAVdynamic_init_entry@2@XZ
?entities@decl_statement_entry@edge@@QBEXPAU?$list@PAVil_entry@edge@@@2@@Z
?is_call@operation_expr_node_entry@edge@@QBE_NXZ
?operator_name@operation_expr_node_entry@edge@@QBE?AW4expr_operator_kind@2@XZ
??0file_range@edge@@QAE@XZ
?is_empty_class@type@edge@@QBE_NXZ
?symbol@dynamic_init_entry@edge@@QBEPAUvariable_symbol@2@XZ
??0query_action_data@edge@@QAE@XZ
?is_copy_for_initialization@constructor_dynamic_init_entry@edge@@QBE_NXZ
?scope@member_selection_entry@edge@@QBEPAVscope_entry@2@XZ
?body@try_statement_entry@edge@@QBEPAVstatement_entry@2@XZ
?is_in_function@scope_entry@edge@@QBE_NXZ
?is_in_class_member_function@scope_entry@edge@@QBE_NXZ
?iterator@range_based_for_loop_statement_entry@edge@@QBEPAUvariable_symbol@2@XZ
??0file_line_column@edge@@QAE@Ua_canonicalized_file_name@@U?$strong_typedef_t@Uline1_traits@msvc@@@msvc@@U?$strong_typedef_t@Ucolumn1_traits@msvc@@@4@@Z
??0file_position@edge@@QAE@Ua_canonicalized_file_name@@U?$strong_typedef_t@Uoffset_traits@msvc@@@msvc@@@Z
?get_handlers@try_statement_entry@edge@@QBEXPAU?$list@PAVhandler_entry@edge@@@2@@Z
?operation_flags@operation_expr_node_entry@edge@@QBE?AUflags@12@XZ
?original_expression@constant@edge@@QBEPAVexpr_node_entry@2@XZ
?raw@a_canonicalized_file_name@@QBEPBDXZ
?get_host@edge@@YAPAUhost@1@XZ
??0file_buffer@edge@@IAE@XZ
?body@handler_entry@edge@@QBEPAVstatement_entry@2@XZ
?body@microsoft_try_statement_entry@edge@@QBEPAVstatement_entry@2@XZ
?filter@microsoft_try_statement_entry@edge@@QBEPAVexpr_node_entry@2@XZ
?source_position@expr_node_entry@edge@@QBE_NPAUfile_position@2@@Z
?cleanup@microsoft_try_statement_entry@edge@@QBEPAVstatement_entry@2@XZ
??1file_buffer@edge@@MAE@XZ
?init_kind@dynamic_init_entry@edge@@QBE?AW4dynamic_init_kind@2@XZ
?get_operands@operation_expr_node_entry@edge@@QBEXPAU?$list@PAVexpr_node_entry@edge@@@2@@Z
?constant@constant_expr_node_entry@edge@@QBEPAV02@XZ
?update@file_buffer@edge@@IAEXU?$strong_typedef_t@Uoffset_traits@msvc@@@msvc@@0H@Z
?opened_in_editor@file_buffer@edge@@IAEXXZ
?source_range@expr_node_entry@edge@@QBE_NPAUfile_position@2@0@Z
?dynamic_init@temp_init_expr_node_entry@edge@@QBEPAVdynamic_init_entry@2@XZ
??0file_range@edge@@QAE@Ufile_position@1@0@Z
??0file_range@edge@@QAE@Ufile_position@1@H@Z
?is_valid@file_range@edge@@QBE_NXZ
?is_part_of_macro_expansion@edge@@YA_NABUfile_position@1@@Z
?tag_parse_shutdown@@YAXXZ
?file@file_range@edge@@QBE?AUa_canonicalized_file_name@@XZ
?size@type@edge@@QBEIXZ
?compare_name@type@edge@@QBEHV?$basic_string_view@DU?$char_traits@D@std@@@std@@@Z
?dynamic_init@new_delete_expr_node_entry@edge@@QBEPAVdynamic_init_entry@2@XZ
?dynamic_init@throw_expr_node_entry@edge@@QBEPAVdynamic_init_entry@2@XZ
?dynamic_init@condition_expr_node_entry@edge@@QBEPAVdynamic_init_entry@2@XZ
?expression_range@statement_entry@edge@@QBE_NPAUfile_position@2@0@Z
?initialization@condition_expr_node_entry@edge@@QBEPAVstatement_entry@2@XZ
?corresponding_fundamental_type@type@edge@@QBEPAV12@XZ
?call_sites_in_enclosing_function_scope@intellisense_operation@edge@@QAEXPAU?$list@Ucall_site@edge@@@2@@Z
?constraint@nested_req_expr_node_entry@edge@@QBEPAVexpr_node_entry@2@XZ

shlwapi

PathAppendW
PathRemoveFileSpecW

ws2_32

WSASetLastError
WSAStartup
WSARecvFrom
select
WSAIoctl
WSASend
shutdown
socket
WSAGetLastError
setsockopt
getsockopt
closesocket
htons
WSASocketW
WSARecv

psapi

GetProcessMemoryInfo

api-ms-win-crt-time-l1-1-0

_time64
_localtime64_s

api-ms-win-crt-filesystem-l1-1-0

_wstat64
_wunlink
_waccess_s

api-ms-win-crt-environment-l1-1-0

getenv

api-ms-win-crt-multibyte-l1-1-0

_ismbblead

Sections

.text
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 55KB - Virtual size: 2.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 33KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1016B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
msvcp140.dll
.dll windows:6 windows x86 arch:x86

Password: infected

24216706a255de110587649ff38455df

Code Sign

33:00:00:00:e5:ce:9e:eb:de:4d:48:35:f4:00:00:00:00:00:e5
Certificate

Issuer

CN=Microsoft Windows Third Party Component CA 2013,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

02-02-2023 22:33

Not After

31-01-2024 22:33

Subject

CN=Microsoft Windows Software Compatibility Publisher,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

33:00:00:00:14:9d:fb:c3:1f:1f:63:c3:10:00:00:00:00:00:14
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

01-05-2013 20:44

Not After

01-05-2028 20:54

Subject

CN=Microsoft Windows Third Party Component CA 2013,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:03:3c:2b:0a:49:d9:d2:91:7e:ac:00:00:00:00:03:3c
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16-02-2023 20:10

Not After

31-01-2024 20:10

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08-07-2011 20:59

Not After

08-07-2026 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

cd:45:24:8b:67:70:0a:4a:28:96:86:75:3b:da:5a:31:5b:2c:39:43:8d:50:46:0a:4d:50:f9:02:dc:11:6a:33
Signer

Actual PE Digest

cd:45:24:8b:67:70:0a:4a:28:96:86:75:3b:da:5a:31:5b:2c:39:43:8d:50:46:0a:4d:50:f9:02:dc:11:6a:33

Digest Algorithm

sha256

PE Digest Matches

true

cd:45:24:8b:67:70:0a:4a:28:96:86:75:3b:da:5a:31:5b:2c:39:43:8d:50:46:0a:4d:50:f9:02:dc:11:6a:33
Signer

Actual PE Digest

cd:45:24:8b:67:70:0a:4a:28:96:86:75:3b:da:5a:31:5b:2c:39:43:8d:50:46:0a:4d:50:f9:02:dc:11:6a:33

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

vcruntime140

_except_handler4_common
__current_exception_context
memcmp
__uncaught_exceptions
__uncaught_exception
memchr
memmove
__std_terminate
_purecall
memset
memcpy
__CxxFrameHandler3
_CxxThrowException
__AdjustPointer
__current_exception
__std_exception_destroy
__std_type_info_destroy_list
__std_exception_copy

api-ms-win-crt-heap-l1-1-0

malloc
realloc
free
_callnewh
calloc

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initialize_onexit_table
_initialize_narrow_environment
_configure_narrow_argv
_initterm
_invalid_parameter_noinfo_noreturn
_seh_filter_dll
_cexit
_errno
_endthreadex
_beginthreadex
terminate
_set_new_handler
abort
_crt_atexit
_execute_onexit_table
_register_onexit_function

api-ms-win-crt-string-l1-1-0

isxdigit
isalnum
tolower
__strncnt
wcsnlen
isupper
iswxdigit
iswspace
wcscpy_s
isspace
isdigit
iswalnum
_wcsdup
iswdigit
islower
strcspn

api-ms-win-crt-locale-l1-1-0

_lock_locales
___lc_locale_name_func
___lc_codepage_func
localeconv
__pctype_func
setlocale
_unlock_locales
___mb_cur_max_func
___lc_collate_cp_func

api-ms-win-crt-stdio-l1-1-0

fputs
fgetwc
fputwc
ungetwc
fseek
_fsopen
_wfsopen
__stdio_common_vsprintf_s
__acrt_iob_func
_get_stream_buffer_pointers
fclose
fflush
fgetc
fgetpos
fputc
fread
fsetpos
_fseeki64
fwrite
setvbuf
ungetc

api-ms-win-crt-filesystem-l1-1-0

_wrename
_unlock_file
_wrmdir
_wremove
_wchdir
_lock_file

api-ms-win-crt-time-l1-1-0

_W_Getmonths
_W_Getdays
_W_Gettnames
_Wcsftime
_Gettnames
_Getmonths
_Getdays
_Strftime

api-ms-win-crt-environment-l1-1-0

_wgetcwd

api-ms-win-crt-math-l1-1-0

copysign
copysignf
_CIlog
ldexp
frexp
_CIpow

api-ms-win-crt-convert-l1-1-0

btowc
strtof
strtod

api-ms-win-crt-utility-l1-1-0

rand_s

kernel32

LeaveCriticalSection
CompareStringEx
MultiByteToWideChar
GetCPInfo
WideCharToMultiByte
LCMapStringEx
GetLocaleInfoEx
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
CreateDirectoryW
CreateFileW
FindClose
FindFirstFileExW
FindNextFileW
GetDiskFreeSpaceExW
GetFileAttributesExW
GetFileInformationByHandle
SetFileAttributesW
InitializeSListHead
GetCurrentProcessId
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsDebuggerPresent
GetFileInformationByHandleEx
GetProcAddress
GetModuleHandleW
CloseThreadpoolWait
SetThreadpoolWait
CreateThreadpoolWait
CloseThreadpoolTimer
WaitForThreadpoolTimerCallbacks
SetThreadpoolTimer
CreateThreadpoolTimer
GetTickCount64
GetSystemTimeAsFileTime
GetCurrentProcessorNumber
FlushProcessWriteBuffers
CreateSemaphoreExW
CreateEventExW
GetTempPathW
InitOnceExecuteOnce
GetStringTypeW
DeleteCriticalSection
InitializeCriticalSectionEx
RaiseException
EnterCriticalSection
QueryPerformanceFrequency
QueryPerformanceCounter
GetModuleHandleExW
CloseThreadpoolWork
SubmitThreadpoolWork
CreateThreadpoolWork
FreeLibraryWhenCallbackReturns
IsProcessorFeaturePresent
RtlCaptureStackBackTrace
TryAcquireSRWLockExclusive
InitializeSRWLock
GetNativeSystemInfo
GetExitCodeThread
GetCurrentThreadId
SwitchToThread
Sleep
WaitForSingleObjectEx
SleepConditionVariableSRW
WakeAllConditionVariable
WakeConditionVariable
InitializeConditionVariable
FormatMessageA
LocalFree
DecodePointer
EncodePointer
CreateSymbolicLinkW
CreateHardLinkW
CopyFileW
GetLastError
CloseHandle
AreFileApisANSI
SetFileTime
SetFileInformationByHandle

Exports

Exports

??$_Getvals@_W@?$time_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@IAEX_WABV_Locinfo@1@@Z
??$_Getvals@_W@?$time_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@IAEX_WABV_Locinfo@1@@Z
??$_Getvals@_W@?$time_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@IAEX_WABV_Locinfo@1@@Z
??0?$_Yarn@D@std@@QAE@ABV01@@Z
??0?$_Yarn@D@std@@QAE@PBD@Z
??0?$_Yarn@D@std@@QAE@XZ
??0?$_Yarn@G@std@@QAE@ABV01@@Z
??0?$_Yarn@G@std@@QAE@PBG@Z
??0?$_Yarn@G@std@@QAE@XZ
??0?$_Yarn@_W@std@@QAE@ABV01@@Z
??0?$_Yarn@_W@std@@QAE@PB_W@Z
??0?$_Yarn@_W@std@@QAE@XZ
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
??0?$basic_ios@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??0?$basic_ios@GU?$char_traits@G@std@@@std@@IAE@XZ
??0?$basic_ios@GU?$char_traits@G@std@@@std@@QAE@PAV?$basic_streambuf@GU?$char_traits@G@std@@@1@@Z
??0?$basic_ios@_WU?$char_traits@_W@std@@@std@@IAE@XZ
??0?$basic_ios@_WU?$char_traits@_W@std@@@std@@QAE@PAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@@Z
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@IAE@$$QAV01@@Z
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??0?$basic_iostream@GU?$char_traits@G@std@@@std@@IAE@$$QAV01@@Z
??0?$basic_iostream@GU?$char_traits@G@std@@@std@@QAE@PAV?$basic_streambuf@GU?$char_traits@G@std@@@1@@Z
??0?$basic_iostream@_WU?$char_traits@_W@std@@@std@@IAE@$$QAV01@@Z
??0?$basic_iostream@_WU?$char_traits@_W@std@@@std@@QAE@PAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@@Z
??0?$basic_istream@DU?$char_traits@D@std@@@std@@IAE@$$QAV01@@Z
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N1@Z
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QAE@W4_Uninitialized@1@@Z
??0?$basic_istream@GU?$char_traits@G@std@@@std@@IAE@$$QAV01@@Z
??0?$basic_istream@GU?$char_traits@G@std@@@std@@QAE@PAV?$basic_streambuf@GU?$char_traits@G@std@@@1@_N1@Z
??0?$basic_istream@GU?$char_traits@G@std@@@std@@QAE@PAV?$basic_streambuf@GU?$char_traits@G@std@@@1@_N@Z
??0?$basic_istream@GU?$char_traits@G@std@@@std@@QAE@W4_Uninitialized@1@@Z
??0?$basic_istream@_WU?$char_traits@_W@std@@@std@@IAE@$$QAV01@@Z
??0?$basic_istream@_WU?$char_traits@_W@std@@@std@@QAE@PAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@_N1@Z
??0?$basic_istream@_WU?$char_traits@_W@std@@@std@@QAE@PAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@_N@Z
??0?$basic_istream@_WU?$char_traits@_W@std@@@std@@QAE@W4_Uninitialized@1@@Z
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@IAE@$$QAV01@@Z
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@W4_Uninitialized@1@_N@Z
??0?$basic_ostream@GU?$char_traits@G@std@@@std@@IAE@$$QAV01@@Z
??0?$basic_ostream@GU?$char_traits@G@std@@@std@@QAE@PAV?$basic_streambuf@GU?$char_traits@G@std@@@1@_N@Z
??0?$basic_ostream@GU?$char_traits@G@std@@@std@@QAE@W4_Uninitialized@1@_N@Z
??0?$basic_ostream@_WU?$char_traits@_W@std@@@std@@IAE@$$QAV01@@Z
??0?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAE@PAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@_N@Z
??0?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAE@W4_Uninitialized@1@_N@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@ABV01@@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@W4_Uninitialized@1@@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
??0?$basic_streambuf@GU?$char_traits@G@std@@@std@@IAE@ABV01@@Z
??0?$basic_streambuf@GU?$char_traits@G@std@@@std@@IAE@W4_Uninitialized@1@@Z
??0?$basic_streambuf@GU?$char_traits@G@std@@@std@@IAE@XZ
??0?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAE@ABV01@@Z
??0?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAE@W4_Uninitialized@1@@Z
??0?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAE@XZ
??0?$codecvt@DDU_Mbstatet@@@std@@QAE@ABV_Locinfo@1@I@Z
??0?$codecvt@DDU_Mbstatet@@@std@@QAE@I@Z
??0?$codecvt@GDU_Mbstatet@@@std@@QAE@ABV_Locinfo@1@I@Z
??0?$codecvt@GDU_Mbstatet@@@std@@QAE@I@Z
??0?$codecvt@_SDU_Mbstatet@@@std@@QAE@ABV_Locinfo@1@I@Z
??0?$codecvt@_SDU_Mbstatet@@@std@@QAE@ABV_Locinfo@1@KW4_Codecvt_mode@1@I@Z
??0?$codecvt@_SDU_Mbstatet@@@std@@QAE@I@Z
??0?$codecvt@_UDU_Mbstatet@@@std@@QAE@ABV_Locinfo@1@I@Z
??0?$codecvt@_UDU_Mbstatet@@@std@@QAE@ABV_Locinfo@1@KW4_Codecvt_mode@1@I@Z
??0?$codecvt@_UDU_Mbstatet@@@std@@QAE@I@Z
??0?$codecvt@_WDU_Mbstatet@@@std@@QAE@ABV_Locinfo@1@I@Z
??0?$codecvt@_WDU_Mbstatet@@@std@@QAE@I@Z
??0?$ctype@D@std@@QAE@ABV_Locinfo@1@I@Z
??0?$ctype@D@std@@QAE@PBF_NI@Z
??0?$ctype@G@std@@QAE@ABV_Locinfo@1@I@Z
??0?$ctype@G@std@@QAE@I@Z
??0?$ctype@_W@std@@QAE@ABV_Locinfo@1@I@Z
??0?$ctype@_W@std@@QAE@I@Z
??0?$num_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QAE@ABV_Locinfo@1@I@Z
??0?$num_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QAE@I@Z
??0?$num_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QAE@ABV_Locinfo@1@I@Z
??0?$num_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QAE@I@Z
??0?$num_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@QAE@ABV_Locinfo@1@I@Z
??0?$num_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@QAE@I@Z
??0?$num_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QAE@ABV_Locinfo@1@I@Z
??0?$num_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QAE@I@Z
??0?$num_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QAE@ABV_Locinfo@1@I@Z
??0?$num_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QAE@I@Z
??0?$num_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@QAE@ABV_Locinfo@1@I@Z
??0?$num_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@QAE@I@Z
??0?$time_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@IAE@PBDI@Z
??0?$time_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QAE@ABV_Locinfo@1@I@Z
??0?$time_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QAE@I@Z
??0?$time_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@IAE@PBDI@Z
??0?$time_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QAE@ABV_Locinfo@1@I@Z
??0?$time_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QAE@I@Z
??0?$time_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@IAE@PBDI@Z
??0?$time_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@QAE@ABV_Locinfo@1@I@Z
??0?$time_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@QAE@I@Z
??0?$time_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QAE@ABV_Locinfo@1@I@Z
??0?$time_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QAE@I@Z
??0?$time_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@IAE@PBDI@Z
??0?$time_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QAE@ABV_Locinfo@1@I@Z
??0?$time_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QAE@I@Z
??0?$time_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@IAE@PBDI@Z
??0?$time_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@QAE@ABV_Locinfo@1@I@Z
??0?$time_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@QAE@I@Z
??0Init@ios_base@std@@QAE@XZ
??0_Facet_base@std@@QAE@ABV01@@Z
??0_Facet_base@std@@QAE@XZ
??0_Init_locks@std@@QAE@XZ
??0_Locimp@locale@std@@AAE@ABV012@@Z
??0_Locimp@locale@std@@AAE@_N@Z
??0_Locinfo@std@@QAE@HPBD@Z
??0_Locinfo@std@@QAE@PBD@Z
??0_Lockit@std@@QAE@H@Z
??0_Lockit@std@@QAE@XZ
??0_Timevec@std@@QAE@ABV01@@Z
??0_Timevec@std@@QAE@PAX@Z
??0_UShinit@std@@QAE@XZ
??0_Winit@std@@QAE@XZ
??0codecvt_base@std@@QAE@I@Z
??0ctype_base@std@@QAE@I@Z
??0facet@locale@std@@IAE@I@Z
??0id@locale@std@@QAE@I@Z
??0ios_base@std@@IAE@XZ
??0task_continuation_context@Concurrency@@AAE@XZ
??0time_base@std@@QAE@I@Z
??1?$_Yarn@D@std@@QAE@XZ
??1?$_Yarn@G@std@@QAE@XZ
??1?$_Yarn@_W@std@@QAE@XZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_ios@GU?$char_traits@G@std@@@std@@UAE@XZ
??1?$basic_ios@_WU?$char_traits@_W@std@@@std@@UAE@XZ
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_iostream@GU?$char_traits@G@std@@@std@@UAE@XZ
??1?$basic_iostream@_WU?$char_traits@_W@std@@@std@@UAE@XZ
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_istream@GU?$char_traits@G@std@@@std@@UAE@XZ
??1?$basic_istream@_WU?$char_traits@_W@std@@@std@@UAE@XZ
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_ostream@GU?$char_traits@G@std@@@std@@UAE@XZ
??1?$basic_ostream@_WU?$char_traits@_W@std@@@std@@UAE@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_streambuf@GU?$char_traits@G@std@@@std@@UAE@XZ
??1?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UAE@XZ
??1?$codecvt@DDU_Mbstatet@@@std@@MAE@XZ
??1?$codecvt@GDU_Mbstatet@@@std@@MAE@XZ
??1?$codecvt@_SDU_Mbstatet@@@std@@MAE@XZ
??1?$codecvt@_UDU_Mbstatet@@@std@@MAE@XZ
??1?$codecvt@_WDU_Mbstatet@@@std@@MAE@XZ
??1?$ctype@D@std@@MAE@XZ
??1?$ctype@G@std@@MAE@XZ
??1?$ctype@_W@std@@MAE@XZ
??1?$num_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@MAE@XZ
??1?$num_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@MAE@XZ
??1?$num_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@MAE@XZ
??1?$num_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@MAE@XZ
??1?$num_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@MAE@XZ
??1?$num_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@MAE@XZ
??1?$time_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@MAE@XZ
??1?$time_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@MAE@XZ
??1?$time_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@MAE@XZ
??1?$time_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@MAE@XZ
??1?$time_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@MAE@XZ
??1?$time_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@MAE@XZ
??1Init@ios_base@std@@QAE@XZ
??1_Facet_base@std@@UAE@XZ
??1_Init_locks@std@@QAE@XZ
??1_Locimp@locale@std@@MAE@XZ
??1_Locinfo@std@@QAE@XZ
??1_Lockit@std@@QAE@XZ
??1_Timevec@std@@QAE@XZ
??1_UShinit@std@@QAE@XZ
??1_Winit@std@@QAE@XZ
??1codecvt_base@std@@UAE@XZ
??1ctype_base@std@@UAE@XZ
??1facet@locale@std@@MAE@XZ
??1ios_base@std@@UAE@XZ
??1time_base@std@@UAE@XZ
??4?$_Iosb@H@std@@QAEAAV01@$$QAV01@@Z
??4?$_Iosb@H@std@@QAEAAV01@ABV01@@Z
??4?$_Yarn@D@std@@QAEAAV01@ABV01@@Z
??4?$_Yarn@D@std@@QAEAAV01@PBD@Z
??4?$_Yarn@G@std@@QAEAAV01@ABV01@@Z
??4?$_Yarn@G@std@@QAEAAV01@PBG@Z
??4?$_Yarn@_W@std@@QAEAAV01@ABV01@@Z
??4?$_Yarn@_W@std@@QAEAAV01@PB_W@Z
??4?$basic_iostream@DU?$char_traits@D@std@@@std@@IAEAAV01@$$QAV01@@Z
??4?$basic_iostream@GU?$char_traits@G@std@@@std@@IAEAAV01@$$QAV01@@Z
??4?$basic_iostream@_WU?$char_traits@_W@std@@@std@@IAEAAV01@$$QAV01@@Z
??4?$basic_istream@DU?$char_traits@D@std@@@std@@IAEAAV01@$$QAV01@@Z
??4?$basic_istream@GU?$char_traits@G@std@@@std@@IAEAAV01@$$QAV01@@Z
??4?$basic_istream@_WU?$char_traits@_W@std@@@std@@IAEAAV01@$$QAV01@@Z
??4?$basic_ostream@DU?$char_traits@D@std@@@std@@IAEAAV01@$$QAV01@@Z
??4?$basic_ostream@GU?$char_traits@G@std@@@std@@IAEAAV01@$$QAV01@@Z
??4?$basic_ostream@_WU?$char_traits@_W@std@@@std@@IAEAAV01@$$QAV01@@Z
??4?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEAAV01@ABV01@@Z
??4?$basic_streambuf@GU?$char_traits@G@std@@@std@@IAEAAV01@ABV01@@Z
??4?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAEAAV01@ABV01@@Z
??4Init@ios_base@std@@QAEAAV012@ABV012@@Z
??4_Crt_new_delete@std@@QAEAAU01@$$QAU01@@Z
??4_Crt_new_delete@std@@QAEAAU01@ABU01@@Z
??4_Facet_base@std@@QAEAAV01@ABV01@@Z
??4_Init_locks@std@@QAEAAV01@ABV01@@Z
??4_Timevec@std@@QAEAAV01@ABV01@@Z
??4_UShinit@std@@QAEAAV01@ABV01@@Z
??4_Winit@std@@QAEAAV01@ABV01@@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AAF@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AAG@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AAH@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AAI@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AAJ@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AAK@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AAM@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AAN@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AAO@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AAPAX@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AA_J@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AA_K@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AA_N@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV?$basic_ios@DU?$char_traits@D@std@@@1@AAV21@@Z@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAVios_base@1@AAV21@@Z@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QAEAAV01@AAF@Z
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QAEAAV01@AAG@Z
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QAEAAV01@AAH@Z
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QAEAAV01@AAI@Z
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QAEAAV01@AAJ@Z
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QAEAAV01@AAK@Z
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QAEAAV01@AAM@Z
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QAEAAV01@AAN@Z
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QAEAAV01@AAO@Z
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QAEAAV01@AAPAX@Z
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QAEAAV01@AA_J@Z
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QAEAAV01@AA_K@Z
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QAEAAV01@AA_N@Z
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QAEAAV01@P6AAAV?$basic_ios@GU?$char_traits@G@std@@@1@AAV21@@Z@Z
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QAEAAV01@P6AAAVios_base@1@AAV21@@Z@Z
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QAEAAV01@PAV?$basic_streambuf@GU?$char_traits@G@std@@@1@@Z
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@AAF@Z
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@AAG@Z
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@AAH@Z
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@AAI@Z
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@AAJ@Z
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@AAK@Z
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@AAM@Z
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@AAN@Z
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@AAO@Z
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@AAPAX@Z
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@AA_J@Z
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@AA_K@Z
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@AA_N@Z
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@P6AAAV?$basic_ios@_WU?$char_traits@_W@std@@@1@AAV21@@Z@Z
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@P6AAAVios_base@1@AAV21@@Z@Z
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@PAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@F@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@G@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@H@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@I@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@J@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@K@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@M@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@N@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@O@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV?$basic_ios@DU?$char_traits@D@std@@@1@AAV21@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAVios_base@1@AAV21@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@PBX@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@_J@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@_K@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@_N@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEAAV01@F@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEAAV01@G@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEAAV01@H@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEAAV01@I@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEAAV01@J@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEAAV01@K@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEAAV01@M@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEAAV01@N@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEAAV01@O@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEAAV01@P6AAAV?$basic_ios@GU?$char_traits@G@std@@@1@AAV21@@Z@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEAAV01@P6AAAVios_base@1@AAV21@@Z@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEAAV01@PAV?$basic_streambuf@GU?$char_traits@G@std@@@1@@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEAAV01@PBX@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEAAV01@_J@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEAAV01@_K@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEAAV01@_N@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@F@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@G@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@H@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@I@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@J@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@K@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@M@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@N@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@O@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@P6AAAV?$basic_ios@_WU?$char_traits@_W@std@@@1@AAV21@@Z@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@P6AAAVios_base@1@AAV21@@Z@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@PAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@PBX@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@_J@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@_K@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@_N@Z
??7ios_base@std@@QBE_NXZ
??Bid@locale@std@@QAEIXZ
??Bios_base@std@@QBE_NXZ
??_7?$basic_ios@DU?$char_traits@D@std@@@std@@6B@
??_7?$basic_ios@GU?$char_traits@G@std@@@std@@6B@
??_7?$basic_ios@_WU?$char_traits@_W@std@@@std@@6B@
??_7?$basic_iostream@DU?$char_traits@D@std@@@std@@6B@
??_7?$basic_iostream@GU?$char_traits@G@std@@@std@@6B@
??_7?$basic_iostream@_WU?$char_traits@_W@std@@@std@@6B@
??_7?$basic_istream@DU?$char_traits@D@std@@@std@@6B@
??_7?$basic_istream@GU?$char_traits@G@std@@@std@@6B@
??_7?$basic_istream@_WU?$char_traits@_W@std@@@std@@6B@
??_7?$basic_ostream@DU?$char_traits@D@std@@@std@@6B@
??_7?$basic_ostream@GU?$char_traits@G@std@@@std@@6B@
??_7?$basic_ostream@_WU?$char_traits@_W@std@@@std@@6B@
??_7?$basic_streambuf@DU?$char_traits@D@std@@@std@@6B@
??_7?$basic_streambuf@GU?$char_traits@G@std@@@std@@6B@
??_7?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@6B@
??_7?$codecvt@DDU_Mbstatet@@@std@@6B@
??_7?$codecvt@GDU_Mbstatet@@@std@@6B@
??_7?$codecvt@_SDU_Mbstatet@@@std@@6B@
??_7?$codecvt@_UDU_Mbstatet@@@std@@6B@
??_7?$codecvt@_WDU_Mbstatet@@@std@@6B@
??_7?$ctype@D@std@@6B@
??_7?$ctype@G@std@@6B@
??_7?$ctype@_W@std@@6B@
??_7?$num_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@6B@
??_7?$num_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@6B@
??_7?$num_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@6B@
??_7?$num_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@6B@
??_7?$num_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@6B@
??_7?$num_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@6B@
??_7?$time_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@6B@
??_7?$time_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@6B@
??_7?$time_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@6B@
??_7?$time_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@6B@
??_7?$time_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@6B@
??_7?$time_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@6B@
??_7_Facet_base@std@@6B@
??_7_Locimp@locale@std@@6B@
??_7codecvt_base@std@@6B@
??_7ctype_base@std@@6B@
??_7facet@locale@std@@6B@
??_7ios_base@std@@6B@
??_7time_base@std@@6B@
??_8?$basic_iostream@DU?$char_traits@D@std@@@std@@7B?$basic_istream@DU?$char_traits@D@std@@@1@@
??_8?$basic_iostream@DU?$char_traits@D@std@@@std@@7B?$basic_ostream@DU?$char_traits@D@std@@@1@@
??_8?$basic_iostream@GU?$char_traits@G@std@@@std@@7B?$basic_istream@GU?$char_traits@G@std@@@1@@
??_8?$basic_iostream@GU?$char_traits@G@std@@@std@@7B?$basic_ostream@GU?$char_traits@G@std@@@1@@
??_8?$basic_iostream@_WU?$char_traits@_W@std@@@std@@7B?$basic_istream@_WU?$char_traits@_W@std@@@1@@
??_8?$basic_iostream@_WU?$char_traits@_W@std@@@std@@7B?$basic_ostream@_WU?$char_traits@_W@std@@@1@@
??_8?$basic_istream@DU?$char_traits@D@std@@@std@@7B@
??_8?$basic_istream@GU?$char_traits@G@std@@@std@@7B@
??_8?$basic_istream@_WU?$char_traits@_W@std@@@std@@7B@
??_8?$basic_ostream@DU?$char_traits@D@std@@@std@@7B@
??_8?$basic_ostream@GU?$char_traits@G@std@@@std@@7B@
??_8?$basic_ostream@_WU?$char_traits@_W@std@@@std@@7B@
??_D?$basic_iostream@DU?$char_traits@D@std@@@std@@QAEXXZ
??_D?$basic_iostream@GU?$char_traits@G@std@@@std@@QAEXXZ
??_D?$basic_iostream@_WU?$char_traits@_W@std@@@std@@QAEXXZ
??_D?$basic_istream@DU?$char_traits@D@std@@@std@@QAEXXZ
??_D?$basic_istream@GU?$char_traits@G@std@@@std@@QAEXXZ
??_D?$basic_istream@_WU?$char_traits@_W@std@@@std@@QAEXXZ
??_D?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
??_D?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEXXZ
??_D?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEXXZ
??_F?$codecvt@DDU_Mbstatet@@@std@@QAEXXZ
??_F?$codecvt@GDU_Mbstatet@@@std@@QAEXXZ
??_F?$codecvt@_SDU_Mbstatet@@@std@@QAEXXZ
??_F?$codecvt@_UDU_Mbstatet@@@std@@QAEXXZ
??_F?$codecvt@_WDU_Mbstatet@@@std@@QAEXXZ
??_F?$ctype@D@std@@QAEXXZ
??_F?$ctype@G@std@@QAEXXZ
??_F?$ctype@_W@std@@QAEXXZ
??_F?$num_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QAEXXZ
??_F?$num_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QAEXXZ
??_F?$num_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@QAEXXZ
??_F?$num_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QAEXXZ
??_F?$num_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QAEXXZ
??_F?$num_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@QAEXXZ
??_F?$time_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QAEXXZ
??_F?$time_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QAEXXZ
??_F?$time_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@QAEXXZ
??_F?$time_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QAEXXZ
??_F?$time_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QAEXXZ
??_F?$time_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@QAEXXZ
??_F_Locinfo@std@@QAEXXZ
??_F_Timevec@std@@QAEXXZ
??_Fcodecvt_base@std@@QAEXXZ
??_Fctype_base@std@@QAEXXZ
??_Ffacet@locale@std@@QAEXXZ
??_Fid@locale@std@@QAEXXZ
??_Ftime_base@std@@QAEXXZ
?CaptureCallstack@platform@details@Concurrency@@YAIPAPAXII@Z
?GetCurrentThreadId@platform@details@Concurrency@@YAJXZ
?GetNextAsyncId@platform@details@Concurrency@@YAIXZ
?ReportUnhandledError@_ExceptionHolder@details@Concurrency@@AAEXXZ
?_Addcats@_Locinfo@std@@QAEAAV12@HPBD@Z
?_Addfac@_Locimp@locale@std@@AAEXPAVfacet@23@I@Z
?_Addstd@ios_base@std@@SAXPAV12@@Z
?_Assign@_ContextCallback@details@Concurrency@@AAEXPAX@Z
?_Atexit@@YAXP6AXXZ@Z
?_BADOFF@std@@3_JB
?_C_str@?$_Yarn@D@std@@QBEPBDXZ
?_C_str@?$_Yarn@G@std@@QBEPBGXZ
?_C_str@?$_Yarn@_W@std@@QBEPB_WXZ
?_CallInContext@_ContextCallback@details@Concurrency@@QBEXV?$function@$$A6AXXZ@std@@_N@Z
?_Callfns@ios_base@std@@AAEXW4event@12@@Z
?_Capture@_ContextCallback@details@Concurrency@@AAEXXZ
?_Clocptr@_Locimp@locale@std@@0PAV123@A
?_Decref@facet@locale@std@@UAEPAV_Facet_base@3@XZ
?_Donarrow@?$ctype@G@std@@IBEDGD@Z
?_Donarrow@?$ctype@_W@std@@IBED_WD@Z
?_Dowiden@?$ctype@G@std@@IBEGD@Z
?_Dowiden@?$ctype@_W@std@@IBE_WD@Z
?_Empty@?$_Yarn@D@std@@QBE_NXZ
?_Empty@?$_Yarn@G@std@@QBE_NXZ
?_Empty@?$_Yarn@_W@std@@QBE_NXZ
?_Execute_once@std@@YAHAAUonce_flag@1@P6GHPAX1PAPAX@Z1@Z
?_Ffmt@?$num_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@ABAPADPADDH@Z
?_Ffmt@?$num_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@ABAPADPADDH@Z
?_Ffmt@?$num_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@ABAPADPADDH@Z
?_Findarr@ios_base@std@@AAEAAU_Iosarray@12@H@Z
?_Fiopen@std@@YAPAU_iobuf@@PBDHH@Z
?_Fiopen@std@@YAPAU_iobuf@@PBGHH@Z
?_Fiopen@std@@YAPAU_iobuf@@PB_WHH@Z
?_Fput@?$num_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@ABA?AV?$ostreambuf_iterator@DU?$char_traits@D@std@@@2@V32@AAVios_base@2@DPBDI@Z
?_Fput@?$num_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@ABA?AV?$ostreambuf_iterator@GU?$char_traits@G@std@@@2@V32@AAVios_base@2@GPBDI@Z
?_Fput@?$num_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@ABA?AV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@2@V32@AAVios_base@2@_WPBDI@Z
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?_Getcat@?$codecvt@GDU_Mbstatet@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?_Getcat@?$codecvt@_SDU_Mbstatet@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?_Getcat@?$codecvt@_UDU_Mbstatet@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?_Getcat@?$codecvt@_WDU_Mbstatet@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?_Getcat@?$ctype@D@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?_Getcat@?$ctype@G@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?_Getcat@?$ctype@_W@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?_Getcat@?$num_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?_Getcat@?$num_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?_Getcat@?$num_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?_Getcat@?$num_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?_Getcat@?$num_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?_Getcat@?$num_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?_Getcat@?$time_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?_Getcat@?$time_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?_Getcat@?$time_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?_Getcat@?$time_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?_Getcat@?$time_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?_Getcat@?$time_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?_Getcat@facet@locale@std@@SAIPAPBV123@PBV23@@Z
?_Getcoll@_Locinfo@std@@QBE?AU_Collvec@@XZ
?_Getctype@_Locinfo@std@@QBE?AU_Ctypevec@@XZ
?_Getcvt@_Locinfo@std@@QBE?AU_Cvtvec@@XZ
?_Getdateorder@_Locinfo@std@@QBEHXZ
?_Getdays@_Locinfo@std@@QBEPBDXZ
?_Getfalse@_Locinfo@std@@QBEPBDXZ
?_Getffld@?$num_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@ABAHPADAAV?$istreambuf_iterator@DU?$char_traits@D@std@@@2@1AAVios_base@2@PAH@Z
?_Getffld@?$num_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@ABAHPADAAV?$istreambuf_iterator@GU?$char_traits@G@std@@@2@1AAVios_base@2@PAH@Z
?_Getffld@?$num_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@ABAHPADAAV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@2@1AAVios_base@2@PAH@Z
?_Getffldx@?$num_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@ABAHPADAAV?$istreambuf_iterator@DU?$char_traits@D@std@@@2@1AAVios_base@2@PAH@Z
?_Getffldx@?$num_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@ABAHPADAAV?$istreambuf_iterator@GU?$char_traits@G@std@@@2@1AAVios_base@2@PAH@Z
?_Getffldx@?$num_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@ABAHPADAAV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@2@1AAVios_base@2@PAH@Z
?_Getfmt@?$time_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@IBE?AV?$istreambuf_iterator@DU?$char_traits@D@std@@@2@V32@0AAVios_base@2@AAHPAUtm@@PBD@Z
?_Getfmt@?$time_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@IBE?AV?$istreambuf_iterator@GU?$char_traits@G@std@@@2@V32@0AAVios_base@2@AAHPAUtm@@PBD@Z
?_Getfmt@?$time_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@IBE?AV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@2@V32@0AAVios_base@2@AAHPAUtm@@PBD@Z
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ
?_Getifld@?$num_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@ABAHPADAAV?$istreambuf_iterator@DU?$char_traits@D@std@@@2@1HABVlocale@2@@Z
?_Getifld@?$num_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@ABAHPADAAV?$istreambuf_iterator@GU?$char_traits@G@std@@@2@1HABVlocale@2@@Z
?_Getifld@?$num_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@ABAHPADAAV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@2@1HABVlocale@2@@Z
?_Getint@?$time_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@ABAHAAV?$istreambuf_iterator@DU?$char_traits@D@std@@@2@0HHAAHABV?$ctype@D@2@@Z
?_Getint@?$time_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@ABAHAAV?$istreambuf_iterator@GU?$char_traits@G@std@@@2@0HHAAHABV?$ctype@G@2@@Z
?_Getint@?$time_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@ABAHAAV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@2@0HHAAHABV?$ctype@_W@2@@Z
?_Getlconv@_Locinfo@std@@QBEPBUlconv@@XZ
?_Getmonths@_Locinfo@std@@QBEPBDXZ
?_Getname@_Locinfo@std@@QBEPBDXZ
?_Getptr@_Timevec@std@@QBEPAXXZ
?_Gettnames@_Locinfo@std@@QBE?AV_Timevec@2@XZ
?_Gettrue@_Locinfo@std@@QBEPBDXZ
?_Gnavail@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBE_JXZ
?_Gnavail@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IBE_JXZ
?_Gnavail@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IBE_JXZ
?_Gndec@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
?_Gndec@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IAEPAGXZ
?_Gndec@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAEPA_WXZ
?_Gninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
?_Gninc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IAEPAGXZ
?_Gninc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAEPA_WXZ
?_Gnpreinc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
?_Gnpreinc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IAEPAGXZ
?_Gnpreinc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAEPA_WXZ
?_Id_cnt@id@locale@std@@0HA
?_Ifmt@?$num_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@ABAPADPADPBDH@Z
?_Ifmt@?$num_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@ABAPADPADPBDH@Z
?_Ifmt@?$num_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@ABAPADPADPBDH@Z
?_Incref@facet@locale@std@@UAEXXZ
?_Index@ios_base@std@@0HA

Sections

.text
Size: 390KB - Virtual size: 390KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 960B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
vcruntime140.dll
.dll windows:6 windows x86 arch:x86

2262054530b5f8bbeb0c4e3a111a37eb

Code Sign

33:00:00:00:e5:ce:9e:eb:de:4d:48:35:f4:00:00:00:00:00:e5
Certificate

Issuer

CN=Microsoft Windows Third Party Component CA 2013,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

02-02-2023 22:33

Not After

31-01-2024 22:33

Subject

CN=Microsoft Windows Software Compatibility Publisher,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

33:00:00:00:14:9d:fb:c3:1f:1f:63:c3:10:00:00:00:00:00:14
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

01-05-2013 20:44

Not After

01-05-2028 20:54

Subject

CN=Microsoft Windows Third Party Component CA 2013,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:03:3c:2b:0a:49:d9:d2:91:7e:ac:00:00:00:00:03:3c
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16-02-2023 20:10

Not After

31-01-2024 20:10

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08-07-2011 20:59

Not After

08-07-2026 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

57:9f:e4:21:b8:c6:d8:b4:2f:67:93:16:5a:44:7a:0e:0f:92:3b:62:4e:44:d2:ff:e9:16:74:72:cf:19:2b:d4
Signer

Actual PE Digest

57:9f:e4:21:b8:c6:d8:b4:2f:67:93:16:5a:44:7a:0e:0f:92:3b:62:4e:44:d2:ff:e9:16:74:72:cf:19:2b:d4

Digest Algorithm

sha256

PE Digest Matches

true

57:9f:e4:21:b8:c6:d8:b4:2f:67:93:16:5a:44:7a:0e:0f:92:3b:62:4e:44:d2:ff:e9:16:74:72:cf:19:2b:d4
Signer

Actual PE Digest

57:9f:e4:21:b8:c6:d8:b4:2f:67:93:16:5a:44:7a:0e:0f:92:3b:62:4e:44:d2:ff:e9:16:74:72:cf:19:2b:d4

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

api-ms-win-crt-runtime-l1-1-0

terminate
abort

api-ms-win-crt-heap-l1-1-0

calloc
malloc
free

api-ms-win-crt-string-l1-1-0

strcpy_s
strncmp
wcsncmp

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vsprintf
__stdio_common_vsprintf_s

api-ms-win-crt-convert-l1-1-0

atol

kernel32

LeaveCriticalSection
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
GetModuleHandleW
GetModuleFileNameW
LoadLibraryExW
GetProcAddress
FreeLibrary
TlsFree
RtlUnwind
VirtualQuery
EncodePointer
InterlockedPushEntrySList
InterlockedFlushSList
RaiseException
EnterCriticalSection
TlsGetValue
DeleteCriticalSection
GetLastError
SetLastError
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsSetValue

Exports

Exports

_CreateFrameInfo
_CxxThrowException
_EH_prolog
_FindAndUnlinkFrame
_IsExceptionObjectToBeDestroyed
_NLG_Dispatch2
_NLG_Return
_NLG_Return2
_SetWinRTOutOfMemoryExceptionCallback
__AdjustPointer
__BuildCatchObject
__BuildCatchObjectHelper
__CxxDetectRethrow
__CxxExceptionFilter
__CxxFrameHandler
__CxxFrameHandler2
__CxxFrameHandler3
__CxxLongjmpUnwind
__CxxQueryExceptionSize
__CxxRegisterExceptionObject
__CxxUnregisterExceptionObject
__DestructExceptionObject
__FrameUnwindFilter
__GetPlatformExceptionInfo
__RTCastToVoid
__RTDynamicCast
__RTtypeid
__TypeMatch
__current_exception
__current_exception_context
__intrinsic_setjmp
__processing_throw
__report_gsfailure
__std_exception_copy
__std_exception_destroy
__std_terminate
__std_type_info_compare
__std_type_info_destroy_list
__std_type_info_hash
__std_type_info_name
__telemetry_main_invoke_trigger
__telemetry_main_return_trigger
__unDName
__unDNameEx
__uncaught_exception
__uncaught_exceptions
__vcrt_GetModuleFileNameW
__vcrt_GetModuleHandleW
__vcrt_InitializeCriticalSectionEx
__vcrt_LoadLibraryExW
_chkesp
_except_handler2
_except_handler3
_except_handler4_common
_get_purecall_handler
_get_unexpected
_global_unwind2
_is_exception_typeof
_local_unwind2
_local_unwind4
_longjmpex
_purecall
_seh_longjmp_unwind
_seh_longjmp_unwind4
_set_purecall_handler
_set_se_translator
_setjmp3
longjmp
memchr
memcmp
memcpy
memmove
memset
set_unexpected
strchr
strrchr
strstr
unexpected
wcschr
wcsrchr
wcsstr

Sections

.text
Size: 61KB - Virtual size: 61KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 976B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 118KB - Virtual size: 118KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 12B

Password: infected

489e398f49ceeda3418bb4d259205037

Code Sign

04:e1:80:52:e9:b5:5c:1f:0a:83:7a:3e:c2:3b:e7:50Certificate

Extended Key Usages

Key Usages

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66Certificate

Extended Key Usages

Key Usages

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5cCertificate

Extended Key Usages

Key Usages

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1bCertificate

Extended Key Usages

Key Usages

8a:67:17:5d:b0:0a:7d:67:d4:30:8d:ac:17:2f:87:8b:ad:30:c1:1d:d0:e9:dc:ef:17:89:ba:a3:56:85:f8:bdSigner

Headers

DLL Characteristics

File Characteristics

Imports

winmm

kernel32

Exports

Exports

Sections

.text Size: 358KB - Virtual size: 358KB

.rdata Size: 113KB - Virtual size: 113KB

.data Size: 5KB - Virtual size: 10KB

.pdata Size: 18KB - Virtual size: 17KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 2KB - Virtual size: 2KB

Password: infected

a44c6eed545a636cf24d9bf63188ef0c

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

0e:d7:d0:4b:42:84:68:84:7f:bb:6a:50:d3:70:6d:1cCertificate

Extended Key Usages

Key Usages

38:63:de:f8Certificate

Key Usages

58:da:13:ff:00:00:00:00:51:ce:0d:f7Certificate

Extended Key Usages

Key Usages

8d:ce:15:f3:a7:94:c5:87:00:00:00:00:55:92:33:f4Certificate

Extended Key Usages

Key Usages

24:d0:8c:30:f1:40:a5:a2:e9:c1:1c:32:60:a5:fd:f1:5c:98:8d:d7:02:e0:b2:3e:cb:0a:38:a6:df:c4:87:84Signer

Headers

DLL Characteristics

File Characteristics

Imports

shlwapi

kernel32

crypt32

rpcrt4

Exports

Exports

Sections

.text Size: 162KB - Virtual size: 162KB

.rdata Size: 66KB - Virtual size: 66KB

.data Size: 5KB - Virtual size: 8KB

.text
Size: 118KB - Virtual size: 118KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B

04:e1:80:52:e9:b5:5c:1f:0a:83:7a:3e:c2:3b:e7:50
Certificate

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

8a:67:17:5d:b0:0a:7d:67:d4:30:8d:ac:17:2f:87:8b:ad:30:c1:1d:d0:e9:dc:ef:17:89:ba:a3:56:85:f8:bd
Signer

.text
Size: 358KB - Virtual size: 358KB

.rdata
Size: 113KB - Virtual size: 113KB

.data
Size: 5KB - Virtual size: 10KB

.pdata
Size: 18KB - Virtual size: 17KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 2KB - Virtual size: 2KB

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

0e:d7:d0:4b:42:84:68:84:7f:bb:6a:50:d3:70:6d:1c
Certificate

38:63:de:f8
Certificate

58:da:13:ff:00:00:00:00:51:ce:0d:f7
Certificate

8d:ce:15:f3:a7:94:c5:87:00:00:00:00:55:92:33:f4
Certificate

24:d0:8c:30:f1:40:a5:a2:e9:c1:1c:32:60:a5:fd:f1:5c:98:8d:d7:02:e0:b2:3e:cb:0a:38:a6:df:c4:87:84
Signer

.text
Size: 162KB - Virtual size: 162KB

.rdata
Size: 66KB - Virtual size: 66KB

.data
Size: 5KB - Virtual size: 8KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 8KB - Virtual size: 8KB

01:ee:5f:16:9d:ff:97:35:2b:64:65:d6:6a
Certificate

48:1b:6a:07:a9:42:4c:1e:aa:fe:f3:cd:f1:0f
Certificate

61:29:15:27:00:00:00:00:00:2a
Certificate

2a:09:50:26:3e:06:49:6a:27:81:f5:50
Certificate

11:21:b4:55:35:1e:bb:1a:b2:4f:97:ef:07:fe:2a:b3:0b:8a
Certificate

04:00:00:00:00:01:2f:4e:e1:52:d7
Certificate

22:4c:b7:e1:ed:ee:0d:dc:8d:0b:ae:1f:fa:51:6b:56:0e:0d:52:05:ce:94:ae:bb:43:7d:df:bc:60:ec:0c:7b
Signer

.text
Size: 98KB - Virtual size: 98KB

.rdata
Size: 31KB - Virtual size: 30KB

.data
Size: 4KB - Virtual size: 10KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 6KB - Virtual size: 5KB

33:00:00:00:e5:ce:9e:eb:de:4d:48:35:f4:00:00:00:00:00:e5
Certificate

33:00:00:00:14:9d:fb:c3:1f:1f:63:c3:10:00:00:00:00:00:14
Certificate

33:00:00:03:3c:2b:0a:49:d9:d2:91:7e:ac:00:00:00:00:03:3c
Certificate

61:0e:90:d2:00:00:00:00:00:03
Certificate

f5:15:16:5d:19:92:4b:31:40:6c:9f:ab:d3:1a:c4:94:a2:d2:68:50:df:2f:cc:bf:35:cc:02:5d:2f:4e:46:a7
Signer

f5:15:16:5d:19:92:4b:31:40:6c:9f:ab:d3:1a:c4:94:a2:d2:68:50:df:2f:cc:bf:35:cc:02:5d:2f:4e:46:a7
Signer

.text
Size: 204KB - Virtual size: 203KB

.data
Size: 12KB - Virtual size: 13KB

.idata
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 1024B - Virtual size: 976B

.reloc
Size: 11KB - Virtual size: 10KB