phemedrone | Korepi[.]rar

Sharing

Copy URL

Twitter E-mail

General

Target

Korepi.rar
Size

8.3MB
MD5

43c7f5c4214172e5aa95184912871658
SHA1

7df1b4192a6da11a6580db130b0e544f03705288
SHA256

1fda8701361410f4d24d8b4886d114424f07c18bfee78adf64170b87800baa87
SHA512

ae2cf967e289010a29d794fba6d0d9c11398def6319bcedd4145256cdd68c036f4eca347321d3fb20842146ea0c53c3b5c8903bba586f8268564e694ff59b6e5
SSDEEP

196608:6cNyUkbWfZSQfTLlI8hcVKsKe9COZhHTge+axEc2VvqCKA0gBMQJaEf/qJnQrc5K:joWcqOUOXHEyxYQtgBMbEXqOoK

Score

10^/10

phemedrone

Malware Config

Extracted

Family

phemedrone

https://api.telegram.org/bot6678158569:AAGCj_95yYZbARbtI5kniGnlVkd_CTO8lfI/sendMessage?chat_id=6303202637

Signatures

Phemedrone family
phemedrone
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.

Processes:

resource

unpack001/Korepi/Korepi.exe

resource
unpack001/Korepi/Korepi.exe

Files

Korepi.rar
.rar
Korepi/Korepi.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 81KB - Virtual size: 81KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Korepi/concrt140.dll
.dll windows:6 windows x64 arch:x64

5f9b23bd4b0029001f687a1ad625be31

Code Sign

33:00:00:02:55:18:1d:a4:2e:e0:86:fc:15:00:00:00:00:02:55
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

02-09-2021 18:33

Not After

01-09-2022 18:33

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08-07-2011 20:59

Not After

08-07-2026 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

31:15:68:e8:1e:39:ed:07:2b:86:fe:f4:43:e2:2a:19:98:8d:92:89:7f:d3:a8:04:21:cf:e4:aa:63:c8:16:6a
Signer

Actual PE Digest

31:15:68:e8:1e:39:ed:07:2b:86:fe:f4:43:e2:2a:19:98:8d:92:89:7f:d3:a8:04:21:cf:e4:aa:63:c8:16:6a

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

d:\a01\_work\12\s\\binaries\amd64ret\bin\amd64\\concrt140.amd64.pdb

Imports

msvcp140

?_Xbad_function_call@std@@YAXXZ
?GetCurrentThreadId@platform@details@Concurrency@@YAJXZ
_Mtx_init_in_situ
_Mtx_destroy_in_situ
_Mtx_lock
_Mtx_unlock
_Cnd_init_in_situ
_Cnd_destroy_in_situ
_Cnd_wait
_Cnd_broadcast
?_Throw_C_error@std@@YAXH@Z
?_Xbad_alloc@std@@YAXXZ
?_Xlength_error@std@@YAXPEBD@Z
?_Xout_of_range@std@@YAXPEBD@Z
?__ExceptionPtrDestroy@@YAXPEAX@Z
?__ExceptionPtrCreate@@YAXPEAX@Z
?__ExceptionPtrCopy@@YAXPEAXPEBX@Z
?__ExceptionPtrCurrentException@@YAXPEAX@Z
?__ExceptionPtrRethrow@@YAXPEBX@Z

vcruntime140_1

__CxxFrameHandler4

vcruntime140

_purecall
__std_terminate
__std_exception_copy
__std_exception_destroy
_CxxThrowException
memset
__uncaught_exception
memcpy
__C_specific_handler
__RTDynamicCast
__std_type_info_destroy_list
__current_exception_context
__current_exception

api-ms-win-crt-runtime-l1-1-0

_invalid_parameter_noinfo_noreturn
_initterm_e
_initterm
_cexit
terminate
_seh_filter_dll
_configure_narrow_argv
_initialize_narrow_environment
_initialize_onexit_table
_register_onexit_function
_execute_onexit_table
_crt_atexit

api-ms-win-crt-heap-l1-1-0

free
malloc
_callnewh

api-ms-win-crt-math-l1-1-0

exp
sqrt

api-ms-win-crt-string-l1-1-0

wcsncpy_s

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vfwprintf
__stdio_common_vswprintf_s
__acrt_iob_func
fflush

kernel32

GetCurrentProcess
DisableThreadLibraryCalls
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
IsDebuggerPresent
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetModuleHandleA
GetModuleFileNameW
FreeLibraryAndExitThread
FreeLibrary
CloseThreadpoolWait
SetThreadpoolWait
CreateThreadpoolWait
CloseThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CreateThreadpoolTimer
FreeLibraryWhenCallbackReturns
GetThreadTimes
EncodePointer
OutputDebugStringW
LoadLibraryW
LoadLibraryExW
SetLastError
SetThreadpoolTimer
UnregisterWaitEx
CreateSemaphoreExW
ReleaseSemaphore
InitializeSListHead
SetProcessAffinityMask
VirtualFree
VirtualProtect
VirtualAlloc
GetVersionExW
GetCurrentProcessorNumber
FlushProcessWriteBuffers
DeleteCriticalSection
TryEnterCriticalSection
LeaveCriticalSection
EnterCriticalSection
UnregisterWait
RegisterWaitForSingleObject
SetThreadAffinityMask
GetProcessAffinityMask
GetNumaHighestNodeNumber
GetProcAddress
GetModuleHandleW
DeleteTimerQueueTimer
ChangeTimerQueueTimer
CreateTimerQueueTimer
GetLogicalProcessorInformation
GetTickCount64
TlsFree
TlsSetValue
InterlockedPopEntrySList
InterlockedPushEntrySList
InterlockedFlushSList
QueryDepthSList
CreateTimerQueue
GetCurrentThread
CloseHandle
DuplicateHandle
GetLastError
SetEvent
WaitForSingleObjectEx
TlsAlloc
GetCurrentThreadId
InitializeCriticalSectionEx
CreateEventExW
Sleep
SignalObjectAndWait
SwitchToThread
CreateThread
SetThreadPriority
GetThreadPriority
TlsGetValue

Exports

Exports

??0?$_SpinWait@$00@details@Concurrency@@QEAA@P6AXXZ@Z
??0?$_SpinWait@$0A@@details@Concurrency@@QEAA@P6AXXZ@Z
??0SchedulerPolicy@Concurrency@@QEAA@AEBV01@@Z
??0SchedulerPolicy@Concurrency@@QEAA@XZ
??0SchedulerPolicy@Concurrency@@QEAA@_KZZ
??0_Cancellation_beacon@details@Concurrency@@QEAA@XZ
??0_Concurrent_queue_base_v4@details@Concurrency@@IEAA@_K@Z
??0_Concurrent_queue_iterator_base_v4@details@Concurrency@@IEAA@AEBV_Concurrent_queue_base_v4@12@@Z
??0_Condition_variable@details@Concurrency@@QEAA@XZ
??0_Context@details@Concurrency@@QEAA@PEAVContext@2@@Z
??0_NonReentrantBlockingLock@details@Concurrency@@QEAA@XZ
??0_NonReentrantPPLLock@details@Concurrency@@QEAA@XZ
??0_ReaderWriterLock@details@Concurrency@@QEAA@XZ
??0_ReentrantBlockingLock@details@Concurrency@@QEAA@XZ
??0_ReentrantLock@details@Concurrency@@QEAA@XZ
??0_ReentrantPPLLock@details@Concurrency@@QEAA@XZ
??0_Runtime_object@details@Concurrency@@QEAA@H@Z
??0_Runtime_object@details@Concurrency@@QEAA@XZ
??0_Scheduler@details@Concurrency@@QEAA@PEAVScheduler@2@@Z
??0_Scoped_lock@_NonReentrantPPLLock@details@Concurrency@@QEAA@AEAV123@@Z
??0_Scoped_lock@_ReentrantPPLLock@details@Concurrency@@QEAA@AEAV123@@Z
??0_SpinLock@details@Concurrency@@QEAA@AECJ@Z
??0_StructuredTaskCollection@details@Concurrency@@QEAA@PEAV_CancellationTokenState@12@@Z
??0_TaskCollection@details@Concurrency@@QEAA@PEAV_CancellationTokenState@12@@Z
??0_TaskCollection@details@Concurrency@@QEAA@XZ
??0_Timer@details@Concurrency@@IEAA@I_N@Z
??0agent@Concurrency@@QEAA@AEAVScheduleGroup@1@@Z
??0agent@Concurrency@@QEAA@AEAVScheduler@1@@Z
??0agent@Concurrency@@QEAA@XZ
??0bad_target@Concurrency@@QEAA@PEBD@Z
??0bad_target@Concurrency@@QEAA@XZ
??0context_self_unblock@Concurrency@@QEAA@PEBD@Z
??0context_self_unblock@Concurrency@@QEAA@XZ
??0context_unblock_unbalanced@Concurrency@@QEAA@PEBD@Z
??0context_unblock_unbalanced@Concurrency@@QEAA@XZ
??0critical_section@Concurrency@@QEAA@XZ
??0default_scheduler_exists@Concurrency@@QEAA@PEBD@Z
??0default_scheduler_exists@Concurrency@@QEAA@XZ
??0event@Concurrency@@QEAA@XZ
??0improper_lock@Concurrency@@QEAA@PEBD@Z
??0improper_lock@Concurrency@@QEAA@XZ
??0improper_scheduler_attach@Concurrency@@QEAA@PEBD@Z
??0improper_scheduler_attach@Concurrency@@QEAA@XZ
??0improper_scheduler_detach@Concurrency@@QEAA@PEBD@Z
??0improper_scheduler_detach@Concurrency@@QEAA@XZ
??0improper_scheduler_reference@Concurrency@@QEAA@PEBD@Z
??0improper_scheduler_reference@Concurrency@@QEAA@XZ
??0invalid_link_target@Concurrency@@QEAA@PEBD@Z
??0invalid_link_target@Concurrency@@QEAA@XZ
??0invalid_multiple_scheduling@Concurrency@@QEAA@PEBD@Z
??0invalid_multiple_scheduling@Concurrency@@QEAA@XZ
??0invalid_oversubscribe_operation@Concurrency@@QEAA@PEBD@Z
??0invalid_oversubscribe_operation@Concurrency@@QEAA@XZ
??0invalid_scheduler_policy_key@Concurrency@@QEAA@PEBD@Z
??0invalid_scheduler_policy_key@Concurrency@@QEAA@XZ
??0invalid_scheduler_policy_thread_specification@Concurrency@@QEAA@PEBD@Z
??0invalid_scheduler_policy_thread_specification@Concurrency@@QEAA@XZ
??0invalid_scheduler_policy_value@Concurrency@@QEAA@PEBD@Z
??0invalid_scheduler_policy_value@Concurrency@@QEAA@XZ
??0message_not_found@Concurrency@@QEAA@PEBD@Z
??0message_not_found@Concurrency@@QEAA@XZ
??0missing_wait@Concurrency@@QEAA@PEBD@Z
??0missing_wait@Concurrency@@QEAA@XZ
??0nested_scheduler_missing_detach@Concurrency@@QEAA@PEBD@Z
??0nested_scheduler_missing_detach@Concurrency@@QEAA@XZ
??0operation_timed_out@Concurrency@@QEAA@PEBD@Z
??0operation_timed_out@Concurrency@@QEAA@XZ
??0reader_writer_lock@Concurrency@@QEAA@XZ
??0scheduler_not_attached@Concurrency@@QEAA@PEBD@Z
??0scheduler_not_attached@Concurrency@@QEAA@XZ
??0scheduler_resource_allocation_error@Concurrency@@QEAA@J@Z
??0scheduler_resource_allocation_error@Concurrency@@QEAA@PEBDJ@Z
??0scheduler_worker_creation_error@Concurrency@@QEAA@J@Z
??0scheduler_worker_creation_error@Concurrency@@QEAA@PEBDJ@Z
??0scoped_lock@critical_section@Concurrency@@QEAA@AEAV12@@Z
??0scoped_lock@reader_writer_lock@Concurrency@@QEAA@AEAV12@@Z
??0scoped_lock_read@reader_writer_lock@Concurrency@@QEAA@AEAV12@@Z
??0unsupported_os@Concurrency@@QEAA@PEBD@Z
??0unsupported_os@Concurrency@@QEAA@XZ
??1SchedulerPolicy@Concurrency@@QEAA@XZ
??1_Cancellation_beacon@details@Concurrency@@QEAA@XZ
??1_Concurrent_queue_base_v4@details@Concurrency@@MEAA@XZ
??1_Concurrent_queue_iterator_base_v4@details@Concurrency@@IEAA@XZ
??1_Concurrent_vector_base_v4@details@Concurrency@@IEAA@XZ
??1_Condition_variable@details@Concurrency@@QEAA@XZ
??1_NonReentrantBlockingLock@details@Concurrency@@QEAA@XZ
??1_ReentrantBlockingLock@details@Concurrency@@QEAA@XZ
??1_Scoped_lock@_NonReentrantPPLLock@details@Concurrency@@QEAA@XZ
??1_Scoped_lock@_ReentrantPPLLock@details@Concurrency@@QEAA@XZ
??1_SpinLock@details@Concurrency@@QEAA@XZ
??1_StructuredTaskCollection@details@Concurrency@@QEAA@XZ
??1_TaskCollection@details@Concurrency@@QEAA@XZ
??1_Timer@details@Concurrency@@MEAA@XZ
??1agent@Concurrency@@UEAA@XZ
??1critical_section@Concurrency@@QEAA@XZ
??1event@Concurrency@@QEAA@XZ
??1reader_writer_lock@Concurrency@@QEAA@XZ
??1scoped_lock@critical_section@Concurrency@@QEAA@XZ
??1scoped_lock@reader_writer_lock@Concurrency@@QEAA@XZ
??1scoped_lock_read@reader_writer_lock@Concurrency@@QEAA@XZ
??4?$_SpinWait@$00@details@Concurrency@@QEAAAEAV012@$$QEAV012@@Z
??4?$_SpinWait@$00@details@Concurrency@@QEAAAEAV012@AEBV012@@Z
??4?$_SpinWait@$0A@@details@Concurrency@@QEAAAEAV012@$$QEAV012@@Z
??4?$_SpinWait@$0A@@details@Concurrency@@QEAAAEAV012@AEBV012@@Z
??4SchedulerPolicy@Concurrency@@QEAAAEAV01@AEBV01@@Z
??_F?$_SpinWait@$00@details@Concurrency@@QEAAXXZ
??_F?$_SpinWait@$0A@@details@Concurrency@@QEAAXXZ
??_F_Context@details@Concurrency@@QEAAXXZ
??_F_Scheduler@details@Concurrency@@QEAAXXZ
?AgentEventGuid@Concurrency@@3U_GUID@@B
?Alloc@Concurrency@@YAPEAX_K@Z
?Block@Context@Concurrency@@SAXXZ
?ChoreEventGuid@Concurrency@@3U_GUID@@B
?ConcRTEventGuid@Concurrency@@3U_GUID@@B
?ConcRT_ProviderGuid@Concurrency@@3U_GUID@@B
?ContextEventGuid@Concurrency@@3U_GUID@@B
?Create@CurrentScheduler@Concurrency@@SAXAEBVSchedulerPolicy@2@@Z
?Create@Scheduler@Concurrency@@SAPEAV12@AEBVSchedulerPolicy@2@@Z
?CreateResourceManager@Concurrency@@YAPEAUIResourceManager@1@XZ
?CreateScheduleGroup@CurrentScheduler@Concurrency@@SAPEAVScheduleGroup@2@AEAVlocation@2@@Z
?CreateScheduleGroup@CurrentScheduler@Concurrency@@SAPEAVScheduleGroup@2@XZ
?CurrentContext@Context@Concurrency@@SAPEAV12@XZ
?Detach@CurrentScheduler@Concurrency@@SAXXZ
?DisableTracing@Concurrency@@YAJXZ
?EnableTracing@Concurrency@@YAJXZ
?Free@Concurrency@@YAXPEAX@Z
?Get@CurrentScheduler@Concurrency@@SAPEAVScheduler@2@XZ
?GetExecutionContextId@Concurrency@@YAIXZ
?GetNumberOfVirtualProcessors@CurrentScheduler@Concurrency@@SAIXZ
?GetOSVersion@Concurrency@@YA?AW4OSVersion@IResourceManager@1@XZ
?GetPolicy@CurrentScheduler@Concurrency@@SA?AVSchedulerPolicy@2@XZ
?GetPolicyValue@SchedulerPolicy@Concurrency@@QEBAIW4PolicyElementKey@2@@Z
?GetProcessorCount@Concurrency@@YAIXZ
?GetProcessorNodeCount@Concurrency@@YAIXZ
?GetSchedulerId@Concurrency@@YAIXZ
?GetSharedTimerQueue@details@Concurrency@@YAPEAXXZ
?Id@Context@Concurrency@@SAIXZ
?Id@CurrentScheduler@Concurrency@@SAIXZ
?IsAvailableLocation@CurrentScheduler@Concurrency@@SA_NAEBVlocation@2@@Z
?IsCurrentTaskCollectionCanceling@Context@Concurrency@@SA_NXZ
?LockEventGuid@Concurrency@@3U_GUID@@B
?Log2@details@Concurrency@@YAK_K@Z
?NFS_Allocate@details@Concurrency@@YAPEAX_K0PEAX@Z
?NFS_Free@details@Concurrency@@YAXPEAX@Z
?NFS_GetLineSize@details@Concurrency@@YA_KXZ
?Oversubscribe@Context@Concurrency@@SAX_N@Z
?PPLParallelForEventGuid@Concurrency@@3U_GUID@@B
?PPLParallelForeachEventGuid@Concurrency@@3U_GUID@@B
?PPLParallelInvokeEventGuid@Concurrency@@3U_GUID@@B
?RegisterShutdownEvent@CurrentScheduler@Concurrency@@SAXPEAX@Z
?ResetDefaultSchedulerPolicy@Scheduler@Concurrency@@SAXXZ
?ResourceManagerEventGuid@Concurrency@@3U_GUID@@B
?ScheduleGroupEventGuid@Concurrency@@3U_GUID@@B
?ScheduleGroupId@Context@Concurrency@@SAIXZ
?ScheduleTask@CurrentScheduler@Concurrency@@SAXP6AXPEAX@Z0@Z
?ScheduleTask@CurrentScheduler@Concurrency@@SAXP6AXPEAX@Z0AEAVlocation@2@@Z
?SchedulerEventGuid@Concurrency@@3U_GUID@@B
?SetConcurrencyLimits@SchedulerPolicy@Concurrency@@QEAAXII@Z
?SetDefaultSchedulerPolicy@Scheduler@Concurrency@@SAXAEBVSchedulerPolicy@2@@Z
?SetPolicyValue@SchedulerPolicy@Concurrency@@QEAAIW4PolicyElementKey@2@I@Z
?VirtualProcessorEventGuid@Concurrency@@3U_GUID@@B
?VirtualProcessorId@Context@Concurrency@@SAIXZ
?Yield@Context@Concurrency@@SAXXZ
?_Abort@_StructuredTaskCollection@details@Concurrency@@AEAAXXZ
?_Acquire@_NonReentrantBlockingLock@details@Concurrency@@QEAAXXZ
?_Acquire@_NonReentrantPPLLock@details@Concurrency@@QEAAXPEAX@Z
?_Acquire@_ReentrantBlockingLock@details@Concurrency@@QEAAXXZ
?_Acquire@_ReentrantLock@details@Concurrency@@QEAAXXZ
?_Acquire@_ReentrantPPLLock@details@Concurrency@@QEAAXPEAX@Z
?_AcquireRead@_ReaderWriterLock@details@Concurrency@@QEAAXXZ
?_AcquireWrite@_ReaderWriterLock@details@Concurrency@@QEAAXXZ
?_Advance@_Concurrent_queue_iterator_base_v4@details@Concurrency@@IEAAXXZ
?_Assign@_Concurrent_queue_iterator_base_v4@details@Concurrency@@IEAAXAEBV123@@Z
?_Byte_reverse_table@details@Concurrency@@3QBEB
?_Cancel@_StructuredTaskCollection@details@Concurrency@@QEAAXXZ
?_Cancel@_TaskCollection@details@Concurrency@@QEAAXXZ
?_CheckTaskCollection@_UnrealizedChore@details@Concurrency@@IEAAXXZ
?_CleanupToken@_StructuredTaskCollection@details@Concurrency@@AEAAXXZ
?_ConcRT_CoreAssert@details@Concurrency@@YAXPEBD0H@Z
?_ConcRT_Trace@details@Concurrency@@YAXHPEB_WZZ
?_Confirm_cancel@_Cancellation_beacon@details@Concurrency@@QEAA_NXZ
?_CurrentContext@_Context@details@Concurrency@@SA?AV123@XZ
?_Current_node@location@Concurrency@@SA?AV12@XZ
?_Destroy@_AsyncTaskCollection@details@Concurrency@@EEAAXXZ
?_DoYield@?$_SpinWait@$00@details@Concurrency@@IEAAXXZ
?_DoYield@?$_SpinWait@$0A@@details@Concurrency@@IEAAXXZ
?_Get@_CurrentScheduler@details@Concurrency@@SA?AV_Scheduler@23@XZ
?_GetCombinableSize@details@Concurrency@@YA_KXZ
?_GetConcRTTraceInfo@Concurrency@@YAPEBU_CONCRT_TRACE_INFO@details@1@XZ
?_GetConcurrency@details@Concurrency@@YAIXZ
?_GetCurrentInlineDepth@_StackGuard@details@Concurrency@@CAAEA_KXZ
?_GetNumberOfVirtualProcessors@_CurrentScheduler@details@Concurrency@@SAIXZ
?_GetScheduler@_Scheduler@details@Concurrency@@QEAAPEAVScheduler@3@XZ
?_Id@_CurrentScheduler@details@Concurrency@@SAIXZ
?_Internal_assign@_Concurrent_vector_base_v4@details@Concurrency@@IEAAXAEBV123@_KP6AXPEAX1@ZP6AX2PEBX1@Z5@Z
?_Internal_capacity@_Concurrent_vector_base_v4@details@Concurrency@@IEBA_KXZ
?_Internal_clear@_Concurrent_vector_base_v4@details@Concurrency@@IEAA_KP6AXPEAX_K@Z@Z
?_Internal_compact@_Concurrent_vector_base_v4@details@Concurrency@@IEAAPEAX_KPEAXP6AX10@ZP6AX1PEBX0@Z@Z
?_Internal_copy@_Concurrent_vector_base_v4@details@Concurrency@@IEAAXAEBV123@_KP6AXPEAXPEBX1@Z@Z
?_Internal_empty@_Concurrent_queue_base_v4@details@Concurrency@@IEBA_NXZ
?_Internal_finish_clear@_Concurrent_queue_base_v4@details@Concurrency@@IEAAXXZ
?_Internal_grow_by@_Concurrent_vector_base_v4@details@Concurrency@@IEAA_K_K0P6AXPEAXPEBX0@Z2@Z
?_Internal_grow_to_at_least_with_result@_Concurrent_vector_base_v4@details@Concurrency@@IEAA_K_K0P6AXPEAXPEBX0@Z2@Z
?_Internal_move_push@_Concurrent_queue_base_v4@details@Concurrency@@IEAAXPEAX@Z
?_Internal_pop_if_present@_Concurrent_queue_base_v4@details@Concurrency@@IEAA_NPEAX@Z
?_Internal_push@_Concurrent_queue_base_v4@details@Concurrency@@IEAAXPEBX@Z
?_Internal_push_back@_Concurrent_vector_base_v4@details@Concurrency@@IEAAPEAX_KAEA_K@Z
?_Internal_reserve@_Concurrent_vector_base_v4@details@Concurrency@@IEAAX_K00@Z
?_Internal_resize@_Concurrent_vector_base_v4@details@Concurrency@@IEAAX_K00P6AXPEAX0@ZP6AX1PEBX0@Z3@Z
?_Internal_size@_Concurrent_queue_base_v4@details@Concurrency@@IEBA_KXZ
?_Internal_swap@_Concurrent_queue_base_v4@details@Concurrency@@IEAAXAEAV123@@Z
?_Internal_swap@_Concurrent_vector_base_v4@details@Concurrency@@IEAAXAEAV123@@Z
?_Internal_throw_exception@_Concurrent_queue_base_v4@details@Concurrency@@IEBAXXZ
?_Internal_throw_exception@_Concurrent_vector_base_v4@details@Concurrency@@IEBAX_K@Z
?_IsCanceling@_StructuredTaskCollection@details@Concurrency@@QEAA_NXZ
?_IsCanceling@_TaskCollection@details@Concurrency@@QEAA_NXZ
?_IsSynchronouslyBlocked@_Context@details@Concurrency@@QEBA_NXZ
?_NewCollection@_AsyncTaskCollection@details@Concurrency@@SAPEAV123@PEAV_CancellationTokenState@23@@Z
?_NumberOfSpins@?$_SpinWait@$00@details@Concurrency@@IEAAKXZ
?_NumberOfSpins@?$_SpinWait@$0A@@details@Concurrency@@IEAAKXZ
?_Oversubscribe@_Context@details@Concurrency@@SAX_N@Z
?_Reference@_Scheduler@details@Concurrency@@QEAAIXZ
?_Release@_NonReentrantBlockingLock@details@Concurrency@@QEAAXXZ
?_Release@_NonReentrantPPLLock@details@Concurrency@@QEAAXXZ
?_Release@_ReentrantBlockingLock@details@Concurrency@@QEAAXXZ
?_Release@_ReentrantLock@details@Concurrency@@QEAAXXZ
?_Release@_ReentrantPPLLock@details@Concurrency@@QEAAXXZ
?_Release@_Scheduler@details@Concurrency@@QEAAIXZ
?_ReleaseRead@_ReaderWriterLock@details@Concurrency@@QEAAXXZ
?_ReleaseWrite@_ReaderWriterLock@details@Concurrency@@QEAAXXZ
?_Reset@?$_SpinWait@$00@details@Concurrency@@IEAAXXZ
?_Reset@?$_SpinWait@$0A@@details@Concurrency@@IEAAXXZ
?_RunAndWait@_StructuredTaskCollection@details@Concurrency@@QEAA?AW4_TaskCollectionStatus@23@PEAV_UnrealizedChore@23@@Z
?_RunAndWait@_TaskCollection@details@Concurrency@@QEAA?AW4_TaskCollectionStatus@23@PEAV_UnrealizedChore@23@@Z
?_Schedule@_StructuredTaskCollection@details@Concurrency@@QEAAXPEAV_UnrealizedChore@23@@Z
?_Schedule@_StructuredTaskCollection@details@Concurrency@@QEAAXPEAV_UnrealizedChore@23@PEAVlocation@3@@Z
?_Schedule@_TaskCollection@details@Concurrency@@QEAAXPEAV_UnrealizedChore@23@@Z
?_Schedule@_TaskCollection@details@Concurrency@@QEAAXPEAV_UnrealizedChore@23@PEAVlocation@3@@Z
?_ScheduleTask@_CurrentScheduler@details@Concurrency@@SAXP6AXPEAX@Z0@Z
?_Segment_index_of@_Concurrent_vector_base_v4@details@Concurrency@@KA_K_K@Z
?_SetSpinCount@?$_SpinWait@$00@details@Concurrency@@QEAAXI@Z
?_SetSpinCount@?$_SpinWait@$0A@@details@Concurrency@@QEAAXI@Z
?_ShouldSpinAgain@?$_SpinWait@$00@details@Concurrency@@IEAA_NXZ
?_ShouldSpinAgain@?$_SpinWait@$0A@@details@Concurrency@@IEAA_NXZ
?_SpinOnce@?$_SpinWait@$00@details@Concurrency@@QEAA_NXZ
?_SpinOnce@?$_SpinWait@$0A@@details@Concurrency@@QEAA_NXZ
?_SpinYield@Context@Concurrency@@SAXXZ
?_Start@_Timer@details@Concurrency@@IEAAXXZ
?_Stop@_Timer@details@Concurrency@@IEAAXXZ
?_Trace_agents@Concurrency@@YAXW4Agents_EventType@1@_JZZ
?_Trace_ppl_function@Concurrency@@YAXAEBU_GUID@@EW4ConcRT_EventType@1@@Z
?_TryAcquire@_NonReentrantBlockingLock@details@Concurrency@@QEAA_NXZ
?_TryAcquire@_ReentrantBlockingLock@details@Concurrency@@QEAA_NXZ
?_TryAcquire@_ReentrantLock@details@Concurrency@@QEAA_NXZ
?_TryAcquireWrite@_ReaderWriterLock@details@Concurrency@@QEAA_NXZ
?_UnderlyingYield@details@Concurrency@@YAXXZ
?_Value@_SpinCount@details@Concurrency@@SAIXZ
?_Yield@_Context@details@Concurrency@@SAXXZ
?cancel@agent@Concurrency@@QEAA_NXZ
?current@location@Concurrency@@SA?AV12@XZ
?done@agent@Concurrency@@IEAA_NXZ
?from_numa_node@location@Concurrency@@SA?AV12@G@Z
?get_error_code@scheduler_resource_allocation_error@Concurrency@@QEBAJXZ
?is_current_task_group_canceling@Concurrency@@YA_NXZ
?lock@critical_section@Concurrency@@QEAAXXZ
?lock@reader_writer_lock@Concurrency@@QEAAXXZ
?lock_read@reader_writer_lock@Concurrency@@QEAAXXZ
?native_handle@critical_section@Concurrency@@QEAAAEAV12@XZ
?notify_all@_Condition_variable@details@Concurrency@@QEAAXXZ
?notify_one@_Condition_variable@details@Concurrency@@QEAAXXZ
?reset@event@Concurrency@@QEAAXXZ
?set@event@Concurrency@@QEAAXXZ
?set_task_execution_resources@Concurrency@@YAXGPEAU_GROUP_AFFINITY@@@Z
?set_task_execution_resources@Concurrency@@YAX_K@Z
?start@agent@Concurrency@@QEAA_NXZ
?status@agent@Concurrency@@QEAA?AW4agent_status@2@XZ
?status_port@agent@Concurrency@@QEAAPEAV?$ISource@W4agent_status@Concurrency@@@2@XZ
?try_lock@critical_section@Concurrency@@QEAA_NXZ
?try_lock@reader_writer_lock@Concurrency@@QEAA_NXZ
?try_lock_for@critical_section@Concurrency@@QEAA_NI@Z
?try_lock_read@reader_writer_lock@Concurrency@@QEAA_NXZ
?unlock@critical_section@Concurrency@@QEAAXXZ
?unlock@reader_writer_lock@Concurrency@@QEAAXXZ
?wait@Concurrency@@YAXI@Z
?wait@_Condition_variable@details@Concurrency@@QEAAXAEAVcritical_section@3@@Z
?wait@agent@Concurrency@@SA?AW4agent_status@2@PEAV12@I@Z
?wait@event@Concurrency@@QEAA_KI@Z
?wait_for@_Condition_variable@details@Concurrency@@QEAA_NAEAVcritical_section@3@I@Z
?wait_for_all@agent@Concurrency@@SAX_KPEAPEAV12@PEAW4agent_status@2@I@Z
?wait_for_multiple@event@Concurrency@@SA_KPEAPEAV12@_K_NI@Z
?wait_for_one@agent@Concurrency@@SAX_KPEAPEAV12@AEAW4agent_status@2@AEA_KI@Z

Sections

.text
Size: 183KB - Virtual size: 183KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 84KB - Virtual size: 83KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 14KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1016B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Korepi/dbgeng.dll
.dll windows:6 windows x64 arch:x64

20a4f08af0efbf58e3cff060b868e54b

Code Sign

2e:ab:11:dc:50:ff:5c:9d:cb:c0
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

22-08-2007 22:31

Not After

25-08-2012 07:00

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:06:27:81:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22-10-2008 21:24

Not After

22-01-2010 21:34

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:49:7c:ed:00:00:00:00:00:05
Certificate

Issuer

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16-09-2006 01:55

Not After

16-09-2011 02:05

Subject

CN=Microsoft Timestamping Service,OU=nCipher DSE ESN:10D8-5847-CBF8,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

16-09-2006 01:04

Not After

15-09-2019 07:00

Subject

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

27:c7:5c:14:f1:cf:f9:60:5e:ad:66:35:83:2d:d8:72:e8:20:cf:8c
Signer

Actual PE Digest

27:c7:5c:14:f1:cf:f9:60:5e:ad:66:35:83:2d:d8:72:e8:20:cf:8c

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

dbgeng.pdb

Imports

msvcrt

swscanf
wcsstr
wcsrchr
_wtoi
_wcsdup
ctime
_wcsicmp
time
iswalnum
iswdigit
wcschr
_purecall
towlower
??3@YAXPEAX@Z
??2@YAPEAX_K@Z
_vsnwprintf
_vsnprintf
wcsncmp
free
malloc
memmove
iswspace
_isatty
_write
_lseeki64
_fileno
__pioinfo
__badioinfo
??1type_info@@UEAA@XZ
wctomb
_itoa
_snprintf
_iob
isleadbyte
memset
memcpy
?terminate@@YAXXZ
_onexit
_lock
__dllonexit
_unlock
__C_specific_handler
_amsg_exit
_initterm
_XcptFilter
_errno
__CxxFrameHandler
isspace
fseek
feof
fgetws
ftell
_wcslwr
wcstoul
atol
iswprint
strrchr
printf
_strlwr
towupper
qsort
iswalpha
iswupper
calloc
atoi
getenv
sscanf
strncmp
_wsetlocale
isprint
iswxdigit
_wctime
_strnicmp
realloc
_wcsupr
_wcsnicmp
fprintf
_stricmp
fgets
strchr
fclose
__doserrno
_wgetenv
_wfopen
_strtoui64
strtoul
strstr
_vscwprintf
wcsncpy
_snwprintf
strncat
_spawnlp
frexp
ldexp
_itow
_memicmp
_wtol
memcmp

dbghelp

SymGetModuleInfoW64
SymSearchW
SymSetOptions
ImagehlpApiVersionEx
ImageNtHeader
SymGetLineFromNameW64
SymEnumSymbolsW
SymGetFileLineOffsets64
SymGetSourceFileTokenW
SymAddSymbolW
SymFromAddrW
SymFromIndexW
SymDeleteSymbolW
SymGetTypeInfo
SymLoadModule64
SymGetOptions
SymLoadModuleExW
SymGetSourceVarFromTokenW
SymMatchStringW
SymFromTokenW
SymFunctionTableAccess64
SymGetSourceFileFromTokenW
SymSetSearchPathW
SymGetHomeDirectoryW
SymEnumTypesW
SymSetScopeFromIndex
SymSetScopeFromAddr
SymEnumTypesByNameW
SymEnumSymbolsForAddrW
SymGetLineFromAddrW64
SymNextW
SymPrevW
StackWalk64
SymEnumSourceLinesW
SymEnumLinesW
SymGetUnwindInfo
SymMatchFileNameW
SymCleanup
SymRegisterFunctionEntryCallback64
SymRegisterCallbackW64
SymInitializeW
ImageRvaToVa
ImageDirectoryEntryToDataEx
dbghelp
FindExecutableImageExW
SymFindFileInPathW
SymGetTypeInfoEx
SymUnloadModule64
GetTimestampForLoadedLibrary
SymMatchStringA
SymGetTypeFromNameW
SymFromNameW
DbgHelpCreateUserDump
SymAddSymbol

version

VerQueryValueA
GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

advapi32

SetSecurityDescriptorDacl
CheckTokenMembership
GetUserNameW
RegDeleteValueW
FreeSid
InitializeSecurityDescriptor
AddAccessAllowedAce
AddAccessDeniedAce
InitializeAcl
GetLengthSid
AllocateAndInitializeSid
AdjustTokenPrivileges
OpenProcessToken
RegSetValueExW
RegCreateKeyExW
RegQueryValueExA
RegQueryValueExW
RegOpenKeyExA
RegCloseKey
RegEnumValueW
RegOpenKeyExW
RegConnectRegistryW

kernel32

WaitCommEvent
GetCommTimeouts
QueryPerformanceFrequency
SetCommMask
GetCommMask
CreateDirectoryW
ContinueDebugEvent
WaitForDebugEvent
CreateRemoteThread
GetProcessTimes
GetThreadSelectorEntry
SetThreadContext
VirtualFreeEx
VirtualAllocEx
VirtualProtectEx
WriteProcessMemory
GetExitCodeProcess
SetEnvironmentVariableA
DebugActiveProcess
SetCommTimeouts
SetupComm
SetCommState
GetCommState
GetSystemDirectoryA
OpenEventW
OpenFileMappingW
PeekNamedPipe
WaitNamedPipeW
ConnectNamedPipe
CreateNamedPipeW
OpenProcess
FileTimeToDosDateTime
FindFirstFileA
GetTempFileNameA
GetTempPathA
GetFileTime
GetTempFileNameW
FileTimeToLocalFileTime
CreateEventA
GetModuleHandleA
GetSystemTime
SystemTimeToFileTime
__chkstk
lstrcmpiW
HeapCreate
HeapReAlloc
HeapDestroy
HeapAlloc
VirtualQueryEx
GetThreadTimes
GetThreadPriority
GetThreadContext
ResumeThread
SuspendThread
ReadProcessMemory
CreateFileMappingA
GetVersionExA
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
QueryPerformanceCounter
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
VirtualProtect
CreateThread
CreateProcessW
GetPriorityClass
CreateFileA
CreateNamedPipeA
CancelIo
GetOverlappedResult
WaitForMultipleObjects
GetLocalTime
GetDriveTypeW
DeviceIoControl
GetSystemDirectoryW
LockResource
LoadResource
SizeofResource
FindResourceW
GetPrivateProfileStringW
LocalFree
FileTimeToSystemTime
GetFileAttributesW
GetCommandLineW
MapViewOfFile
CreateFileMappingW
GetFileSize
SwitchToFiber
CreateFiber
ConvertThreadToFiber
DeleteFiber
GetProcessHeap
HeapFree
LoadLibraryW
GetEnvironmentVariableA
FreeLibrary
LoadLibraryExW
SetErrorMode
SearchPathW
RaiseException
SetLastError
DeleteFileA
UnmapViewOfFile
GetModuleFileNameA
DeleteFileW
ResetEvent
GetComputerNameW
CopyFileW
CreateFileW
WriteFile
LoadLibraryA
ClearCommError
GetCommModemStatus
IsBadWritePtr
GetModuleFileNameW
GetProcAddress
GetFullPathNameW
ReadFile
SetFilePointer
GetFileSizeEx
FindClose
FindFirstFileW
GetModuleHandleW
DeleteCriticalSection
InitializeCriticalSection
CreateEventW
GetVersionExW
GetSystemInfo
SetEnvironmentVariableW
GetEnvironmentVariableW
GetCurrentThread
GetCurrentProcess
DuplicateHandle
CreateSemaphoreA
Sleep
GetCurrentProcessId
VirtualFree
VirtualAlloc
IsBadCodePtr
IsBadReadPtr
ReleaseSemaphore
DisableThreadLibraryCalls
OutputDebugStringA
GetTickCount
FormatMessageW
CloseHandle
GetSystemTimeAsFileTime
SleepEx
WaitForSingleObjectEx
QueueUserAPC
SetEvent
WaitForSingleObject
MultiByteToWideChar
LeaveCriticalSection
EnterCriticalSection
GetCurrentThreadId
GetLastError
WideCharToMultiByte
DebugBreak
ExpandEnvironmentStringsW
GetTempPathW
LocalAlloc

ntdll

NtSetTimerResolution

Exports

Exports

DebugConnect
DebugConnectWide
DebugCreate

Sections

.text
Size: 3.8MB - Virtual size: 3.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 104KB - Virtual size: 335KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 97KB - Virtual size: 96KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 91KB - Virtual size: 90KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Korepi/dbghelp.dll
.dll windows:6 windows x64 arch:x64

186bdce03a6f21a10c15ba86219196a5

Code Sign

2e:ab:11:dc:50:ff:5c:9d:cb:c0
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

22-08-2007 22:31

Not After

25-08-2012 07:00

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:06:27:81:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22-10-2008 21:24

Not After

22-01-2010 21:34

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:49:7c:ed:00:00:00:00:00:05
Certificate

Issuer

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16-09-2006 01:55

Not After

16-09-2011 02:05

Subject

CN=Microsoft Timestamping Service,OU=nCipher DSE ESN:10D8-5847-CBF8,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

16-09-2006 01:04

Not After

15-09-2019 07:00

Subject

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

f8:6b:8d:7b:e1:22:da:43:1d:27:44:ae:aa:de:48:08:de:01:71:40
Signer

Actual PE Digest

f8:6b:8d:7b:e1:22:da:43:1d:27:44:ae:aa:de:48:08:de:01:71:40

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

dbghelp.pdb

Imports

msvcrt

_isatty
_write
_lseeki64
_fileno
_read
__pioinfo
__badioinfo
??1type_info@@UEAA@XZ
ferror
wctomb
_snprintf
_iob
isleadbyte
__mb_cur_max
mbtowc
_onexit
_lock
__dllonexit
_unlock
_CxxThrowException
memset
memcpy
_ismbblead
__C_specific_handler
_amsg_exit
_initterm
_XcptFilter
memmove
_errno
__CxxFrameHandler
iswspace
calloc
_itoa
_wcsdup
towlower
tolower
_wcslwr
_wctime
time
??_V@YAXPEAX@Z
_ltoa
_wcsnicmp
_purecall
ctime
malloc
strncmp
isspace
_stricmp
free
_strlwr
wcsrchr
strstr
_wcsicmp
qsort
iswxdigit
wcsncmp
_vsnwprintf
iswprint
atol
fclose
__unDName
iswdigit
memcmp
bsearch
_wfsopen
fread
fseek
wcstol
strchr
??_U@YAPEAX_K@Z
_time64
_wfullpath
_get_osfhandle
_chsize
_close
_open_osfhandle
ftell
_memicmp
_mbscmp
_wgetenv
wcsstr
wcschr
??3@YAXPEAX@Z
??2@YAPEAX_K@Z
_wsopen

kernel32

MoveFileW
CreateFileW
DeleteFileW
CreateDirectoryW
FlushViewOfFile
MapViewOfFileEx
GetCurrentDirectoryW
InitializeCriticalSectionAndSpinCount
GetFileType
DeviceIoControl
SetFileAttributesW
__chkstk
CreateFileMappingW
LCMapStringW
LocalFree
GetVersion
FormatMessageW
DelayLoadFailureHook
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetTickCount
QueryPerformanceCounter
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
VirtualQueryEx
GetThreadTimes
GetThreadPriority
GetPriorityClass
GetThreadContext
ResumeThread
SuspendThread
GetCurrentThreadId
IsProcessorFeaturePresent
GetSystemInfo
GetSystemTimeAsFileTime
lstrcmpiW
Sleep
LoadLibraryExA
ReadProcessMemory
GetProcessHeap
LoadLibraryW
GetSystemDirectoryW
GetFileAttributesA
SetErrorMode
GetVersionExW
OutputDebugStringW
OutputDebugStringA
WriteFile
VirtualFree
OpenProcess
GetCurrentProcessId
GetModuleHandleA
MapViewOfFile
CreateFileMappingA
UnmapViewOfFile
GetCurrentProcess
DuplicateHandle
VirtualProtect
VirtualAlloc
CreateDirectoryA
GetFileAttributesW
GetFullPathNameW
WideCharToMultiByte
MultiByteToWideChar
ExpandEnvironmentStringsW
GetModuleFileNameW
SetLastError
FindFirstFileW
FindClose
FindNextFileW
LocalAlloc
EnterCriticalSection
LeaveCriticalSection
CreateFileA
GetFileSize
ReadFile
CloseHandle
GetLastError
TlsGetValue
TlsSetValue
LoadLibraryA
GetProcAddress
FreeLibrary
TlsAlloc
TlsFree
GetVersionExA
InitializeCriticalSection
HeapCreate
HeapDestroy
DeleteCriticalSection
HeapReAlloc
HeapAlloc
HeapFree
IsDBCSLeadByte
GetEnvironmentVariableW
CopyFileW
SetFilePointer

Exports

Exports

DbgHelpCreateUserDump
DbgHelpCreateUserDumpW
EnumDirTree
EnumDirTreeW
EnumerateLoadedModules
EnumerateLoadedModules64
EnumerateLoadedModulesEx
EnumerateLoadedModulesExW
EnumerateLoadedModulesW64
ExtensionApiVersion
FindDebugInfoFile
FindDebugInfoFileEx
FindDebugInfoFileExW
FindExecutableImage
FindExecutableImageEx
FindExecutableImageExW
FindFileInPath
FindFileInSearchPath
GetTimestampForLoadedLibrary
ImageDirectoryEntryToData
ImageDirectoryEntryToDataEx
ImageNtHeader
ImageRvaToSection
ImageRvaToVa
ImagehlpApiVersion
ImagehlpApiVersionEx
MakeSureDirectoryPathExists
MiniDumpReadDumpStream
MiniDumpWriteDump
SearchTreeForFile
SearchTreeForFileW
StackWalk
StackWalk64
SymAddSourceStream
SymAddSourceStreamA
SymAddSourceStreamW
SymAddSymbol
SymAddSymbolW
SymCleanup
SymDeleteSymbol
SymDeleteSymbolW
SymEnumLines
SymEnumLinesW
SymEnumProcesses
SymEnumSourceFileTokens
SymEnumSourceFiles
SymEnumSourceFilesW
SymEnumSourceLines
SymEnumSourceLinesW
SymEnumSym
SymEnumSymbols
SymEnumSymbolsForAddr
SymEnumSymbolsForAddrW
SymEnumSymbolsW
SymEnumTypes
SymEnumTypesByName
SymEnumTypesByNameW
SymEnumTypesW
SymEnumerateModules
SymEnumerateModules64
SymEnumerateModulesW64
SymEnumerateSymbols
SymEnumerateSymbols64
SymEnumerateSymbolsW
SymEnumerateSymbolsW64
SymFindDebugInfoFile
SymFindDebugInfoFileW
SymFindExecutableImage
SymFindExecutableImageW
SymFindFileInPath
SymFindFileInPathW
SymFromAddr
SymFromAddrW
SymFromIndex
SymFromIndexW
SymFromName
SymFromNameW
SymFromToken
SymFromTokenW
SymFunctionTableAccess
SymFunctionTableAccess64
SymGetFileLineOffsets64
SymGetHomeDirectory
SymGetHomeDirectoryW
SymGetLineFromAddr
SymGetLineFromAddr64
SymGetLineFromAddrW64
SymGetLineFromName
SymGetLineFromName64
SymGetLineFromNameW64
SymGetLineNext
SymGetLineNext64
SymGetLineNextW64
SymGetLinePrev
SymGetLinePrev64
SymGetLinePrevW64
SymGetModuleBase
SymGetModuleBase64
SymGetModuleInfo
SymGetModuleInfo64
SymGetModuleInfoW
SymGetModuleInfoW64
SymGetOmapBlockBase
SymGetOmaps
SymGetOptions
SymGetScope
SymGetScopeW
SymGetSearchPath
SymGetSearchPathW
SymGetSourceFile
SymGetSourceFileFromToken
SymGetSourceFileFromTokenW
SymGetSourceFileToken
SymGetSourceFileTokenW
SymGetSourceFileW
SymGetSourceVarFromToken
SymGetSourceVarFromTokenW
SymGetSymFromAddr
SymGetSymFromAddr64
SymGetSymFromName
SymGetSymFromName64
SymGetSymNext
SymGetSymNext64
SymGetSymPrev
SymGetSymPrev64
SymGetSymbolFile
SymGetSymbolFileW
SymGetTypeFromName
SymGetTypeFromNameW
SymGetTypeInfo
SymGetTypeInfoEx
SymGetUnwindInfo
SymInitialize
SymInitializeW
SymLoadModule
SymLoadModule64
SymLoadModuleEx
SymLoadModuleExW
SymMatchFileName
SymMatchFileNameW
SymMatchString
SymMatchStringA
SymMatchStringW
SymNext
SymNextW
SymPrev
SymPrevW
SymRefreshModuleList
SymRegisterCallback
SymRegisterCallback64
SymRegisterCallbackW64
SymRegisterFunctionEntryCallback
SymRegisterFunctionEntryCallback64
SymSearch
SymSearchW
SymSetContext
SymSetHomeDirectory
SymSetHomeDirectoryW
SymSetOptions
SymSetParentWindow
SymSetScopeFromAddr
SymSetScopeFromIndex
SymSetSearchPath
SymSetSearchPathW
SymSrvDeltaName
SymSrvDeltaNameW
SymSrvGetFileIndexInfo
SymSrvGetFileIndexInfoW
SymSrvGetFileIndexString
SymSrvGetFileIndexStringW
SymSrvGetFileIndexes
SymSrvGetFileIndexesW
SymSrvGetSupplement
SymSrvGetSupplementW
SymSrvIsStore
SymSrvIsStoreW
SymSrvStoreFile
SymSrvStoreFileW
SymSrvStoreSupplement
SymSrvStoreSupplementW
SymUnDName
SymUnDName64
SymUnloadModule
SymUnloadModule64
UnDecorateSymbolName
UnDecorateSymbolNameW
WinDbgExtensionDllInit
block
chksym
dbghelp
dh
fptr
homedir
itoldyouso
lmi
lminfo
omap
srcfiles
stack_force_ebp
stackdbg
sym
symsrv
vc7fpo

Sections

.text
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 23KB - Virtual size: 120KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 41KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1008B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Korepi/dll/vccorlib140.dll
.dll windows:6 windows x64 arch:x64

d5ec94ca50152cc1e7188b825074fef2

Code Sign

33:00:00:02:55:18:1d:a4:2e:e0:86:fc:15:00:00:00:00:02:55
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

02-09-2021 18:33

Not After

01-09-2022 18:33

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08-07-2011 20:59

Not After

08-07-2026 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

f3:c7:90:24:11:b8:dd:e6:f0:db:5c:4c:7f:ac:48:fa:e6:25:2b:72:7e:b8:bf:e4:9e:fd:33:2d:48:60:dc:e5
Signer

Actual PE Digest

f3:c7:90:24:11:b8:dd:e6:f0:db:5c:4c:7f:ac:48:fa:e6:25:2b:72:7e:b8:bf:e4:9e:fd:33:2d:48:60:dc:e5

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

d:\a01\_work\12\s\\binaries\amd64ret\bin\amd64\vccorlib140.amd64.pdb

Imports

kernel32

RaiseException
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
ReleaseSRWLockShared
AcquireSRWLockShared
FormatMessageW
GetProcAddress
LoadLibraryExW
HeapFree
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
GetLastError
OutputDebugStringW
HeapAlloc
DeleteCriticalSection
GetProcessHeap
CreateEventExW
WaitForMultipleObjectsEx
SetEvent
CloseHandle
DecodePointer
InitializeSRWLock
TryAcquireSRWLockShared
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
DisableThreadLibraryCalls
InitializeSListHead

vcruntime140_1

__CxxFrameHandler4

vcruntime140

memset
_CxxThrowException
__C_specific_handler
memmove
__std_type_info_destroy_list
_purecall
__current_exception_context
__current_exception
_SetWinRTOutOfMemoryExceptionCallback
__GetPlatformExceptionInfo
__std_exception_copy
__std_exception_destroy
__std_terminate
memcpy

api-ms-win-crt-stdio-l1-1-0

__acrt_iob_func
__stdio_common_vfprintf
__stdio_common_vswprintf_s

api-ms-win-crt-runtime-l1-1-0

_invoke_watson
__p___wargv
__p___argc
_invalid_parameter_noinfo_noreturn
terminate
_seh_filter_dll
_configure_narrow_argv
_initialize_narrow_environment
_initialize_onexit_table
_configure_wide_argv
_register_onexit_function
_execute_onexit_table
_initterm_e
_initterm
_cexit
_crt_atexit

api-ms-win-crt-heap-l1-1-0

_aligned_offset_malloc
_aligned_free
free
_callnewh
malloc

api-ms-win-crt-string-l1-1-0

wcscpy_s

msvcp140

?_Xlength_error@std@@YAXPEBD@Z

ole32

CoTaskMemAlloc
CoGetApartmentType
CoMarshalInterThreadInterfaceInStream
CoAddRefServerProcess
CoGetContextToken
CoGetInterfaceAndReleaseStream
CoCreateFreeThreadedMarshaler
CoTaskMemFree
CoReleaseServerProcess
CoGetObjectContext

oleaut32

SysAllocStringLen
SysFreeString

api-ms-win-core-winrt-string-l1-1-0

WindowsGetStringLen
WindowsGetStringRawBuffer
WindowsCreateStringReference
WindowsDeleteString
WindowsCompareStringOrdinal
WindowsIsStringEmpty
WindowsDuplicateString
WindowsStringHasEmbeddedNull
WindowsCreateString

api-ms-win-core-winrt-error-l1-1-0

SetRestrictedErrorInfo
RoOriginateError
GetRestrictedErrorInfo
RoTransformError

api-ms-win-core-winrt-l1-1-0

RoRegisterForApartmentShutdown
RoGetActivationFactory
RoUnregisterForApartmentShutdown
RoGetApartmentIdentifier
RoInitialize
RoUninitialize
RoRevokeActivationFactories
RoRegisterActivationFactories

api-ms-win-crt-math-l1-1-0

ceilf

Exports

Exports

?<Dispose>@Exception@Platform@@UE$AAAXXZ
?<Dispose>@String@Platform@@UE$AAAXXZ
?<Dispose>@Type@Platform@@UE$AAAXXZ
??0AccessDeniedException@Platform@@QE$AAA@PE$AAVString@1@@Z
??0AccessDeniedException@Platform@@QE$AAA@XZ
??0Attribute@Metadata@Platform@@QE$AAA@XZ
??0Boolean@Platform@@QEAA@_N@Z
??0COMException@Platform@@QE$AAA@H@Z
??0COMException@Platform@@QE$AAA@HPE$AAVString@1@@Z
??0ChangedStateException@Platform@@QE$AAA@PE$AAVString@1@@Z
??0ChangedStateException@Platform@@QE$AAA@XZ
??0ClassNotRegisteredException@Platform@@QE$AAA@PE$AAVString@1@@Z
??0ClassNotRegisteredException@Platform@@QE$AAA@XZ
??0Delegate@Platform@@QE$AAA@XZ
??0DisconnectedException@Platform@@QE$AAA@PE$AAVString@1@@Z
??0DisconnectedException@Platform@@QE$AAA@XZ
??0Enum@Platform@@QE$AAA@XZ
??0Exception@Platform@@QE$AAA@H@Z
??0Exception@Platform@@QE$AAA@HPE$AAVString@1@@Z
??0FailureException@Platform@@QE$AAA@PE$AAVString@1@@Z
??0FailureException@Platform@@QE$AAA@XZ
??0GridLength@Xaml@UI@Windows@@QEAA@NW4GridUnitType@123@@Z
??0IntPtr@Platform@@QEAA@H@Z
??0IntPtr@Platform@@QEAA@PEAX@Z
??0InvalidArgumentException@Platform@@QE$AAA@PE$AAVString@1@@Z
??0InvalidArgumentException@Platform@@QE$AAA@XZ
??0InvalidCastException@Platform@@QE$AAA@PE$AAVString@1@@Z
??0InvalidCastException@Platform@@QE$AAA@XZ
??0MTAThreadAttribute@Platform@@QE$AAA@XZ
??0NotImplementedException@Platform@@QE$AAA@PE$AAVString@1@@Z
??0NotImplementedException@Platform@@QE$AAA@XZ
??0NullReferenceException@Platform@@QE$AAA@PE$AAVString@1@@Z
??0NullReferenceException@Platform@@QE$AAA@XZ
??0Object@Platform@@QE$AAA@XZ
??0ObjectDisposedException@Platform@@QE$AAA@PE$AAVString@1@@Z
??0ObjectDisposedException@Platform@@QE$AAA@XZ
??0OnePhaseConstructedAttribute@CompilerServices@Runtime@Platform@@QE$AAA@XZ
??0OperationCanceledException@Platform@@QE$AAA@PE$AAVString@1@@Z
??0OperationCanceledException@Platform@@QE$AAA@XZ
??0OutOfBoundsException@Platform@@QE$AAA@PE$AAVString@1@@Z
??0OutOfBoundsException@Platform@@QE$AAA@XZ
??0OutOfMemoryException@Platform@@QE$AAA@PE$AAVString@1@@Z
??0OutOfMemoryException@Platform@@QE$AAA@XZ
??0Rect@Foundation@Windows@@QEAA@VPoint@12@0@Z
??0Rect@Foundation@Windows@@QEAA@VPoint@12@VSize@12@@Z
??0RepeatBehavior@Animation@Media@Xaml@UI@Windows@@QEAA@N@Z
??0STAThreadAttribute@Platform@@QE$AAA@XZ
??0SizeT@Platform@@QEAA@H@Z
??0SizeT@Platform@@QEAA@PEAX@Z
??0Type@Platform@@QE$AAA@PE$AAVObject@1@@Z
??0Type@Platform@@QE$AAA@VIntPtr@1@@Z
??0Type@Platform@@QE$AAA@VTypeName@Interop@Xaml@UI@Windows@@@Z
??0ValueType@Platform@@QE$AAA@XZ
??0WrongThreadException@Platform@@QE$AAA@PE$AAVString@1@@Z
??0WrongThreadException@Platform@@QE$AAA@XZ
??0char16@default@@QEAA@_W@Z
??0float32@default@@QEAA@M@Z
??0float64@default@@QEAA@N@Z
??0int16@default@@QEAA@F@Z
??0int32@default@@QEAA@H@Z
??0int64@default@@QEAA@_J@Z
??0int8@default@@QEAA@C@Z
??0uint16@default@@QEAA@G@Z
??0uint32@default@@QEAA@I@Z
??0uint64@default@@QEAA@_K@Z
??0uint8@default@@QEAA@E@Z
??BIntPtr@Platform@@SA?AV01@H@Z
??BIntPtr@Platform@@SA?AV01@PEAX@Z
??BIntPtr@Platform@@SAPEAXV01@@Z
??BType@Platform@@SA?AVTypeName@Interop@Xaml@UI@Windows@@PE$AAV01@@Z
??BType@Platform@@SAPE$AAV01@VTypeName@Interop@Xaml@UI@Windows@@@Z
??DMatrix3D@Media3D@Media@Xaml@UI@Windows@@SA?AV012345@V012345@0@Z
??GDuration@Xaml@UI@Windows@@SA?AV0123@V0123@0@Z
??HDuration@Xaml@UI@Windows@@SA?AV0123@V0123@0@Z
??MDuration@Xaml@UI@Windows@@SA_NV0123@0@Z
??NDuration@Xaml@UI@Windows@@SA_NV0123@0@Z
??ODuration@Xaml@UI@Windows@@SA_NV0123@0@Z
??PDuration@Xaml@UI@Windows@@SA_NV0123@0@Z
?AlignedAllocate@Heap@Details@Platform@@SAPEAX_K00@Z
?AlignedAllocate@Heap@Details@Platform@@SAPEAX_K0@Z
?AlignedAllocateException@Heap@Details@Platform@@SAPEAX_K00@Z
?AlignedAllocateException@Heap@Details@Platform@@SAPEAX_K0@Z
?AlignedFree@Heap@Details@Platform@@SAXPEAX@Z
?AlignedFreeException@Heap@Details@Platform@@SAXPEAX@Z
?Allocate@Heap@Details@Platform@@SAPEAX_K0@Z
?Allocate@Heap@Details@Platform@@SAPEAX_K@Z
?AllocateException@Heap@Details@Platform@@SAPEAX_K0@Z
?AllocateException@Heap@Details@Platform@@SAPEAX_K@Z
?Compare@Duration@Xaml@UI@Windows@@SAHV1234@0@Z
?Contains@Rect@Foundation@Windows@@QEAA_NVPoint@23@@Z
?CreateException@Exception@Platform@@SAPE$AAV12@H@Z
?CreateException@Exception@Platform@@SAPE$AAV12@HPE$AAVString@2@@Z
?CreateValue@Details@Platform@@YAPE$AAVObject@2@W4TypeCode@2@PEBX@Z
?EnableFactoryCache@@YAXXZ
?EnumerateAllocatedObjects@Heap@Details@Platform@@SAXPE$AAVHeapEntryHandler@23@@Z
?Equals@Attribute@Metadata@Platform@@QE$AAA_NPE$AAVObject@3@@Z
?Equals@Boolean@Platform@@QEAA_NPE$AAVObject@2@@Z
?Equals@Delegate@Platform@@QE$AAA_NPE$AAVObject@2@@Z
?Equals@Enum@Platform@@QE$AAA_NPE$AAVObject@2@@Z
?Equals@Exception@Platform@@UE$AAA_NPE$AAVObject@2@@Z
?Equals@MTAThreadAttribute@Platform@@QE$AAA_NPE$AAVObject@2@@Z
?Equals@Object@Platform@@QE$AAA_NPE$AAV12@@Z
?Equals@OnePhaseConstructedAttribute@CompilerServices@Runtime@Platform@@QE$AAA_NPE$AAVObject@4@@Z
?Equals@STAThreadAttribute@Platform@@QE$AAA_NPE$AAVObject@2@@Z
?Equals@Type@Platform@@UE$AAA_NPE$AAVObject@2@@Z
?Equals@ValueType@Platform@@QE$AAA_NPE$AAVObject@2@@Z
?Equals@char16@default@@QEAA_NPE$AAVObject@Platform@@@Z
?Equals@float32@default@@QEAA_NPE$AAVObject@Platform@@@Z
?Equals@float64@default@@QEAA_NPE$AAVObject@Platform@@@Z
?Equals@int16@default@@QEAA_NPE$AAVObject@Platform@@@Z
?Equals@int32@default@@QEAA_NPE$AAVObject@Platform@@@Z
?Equals@int64@default@@QEAA_NPE$AAVObject@Platform@@@Z
?Equals@int8@default@@QEAA_NPE$AAVObject@Platform@@@Z
?Equals@uint16@default@@QEAA_NPE$AAVObject@Platform@@@Z
?Equals@uint32@default@@QEAA_NPE$AAVObject@Platform@@@Z
?Equals@uint64@default@@QEAA_NPE$AAVObject@Platform@@@Z
?Equals@uint8@default@@QEAA_NPE$AAVObject@Platform@@@Z
?EventSourceAdd@Details@Platform@@YA?AVEventRegistrationToken@Foundation@Windows@@PEAPEAXPEAUEventLock@12@PE$AAVDelegate@2@@Z
?EventSourceGetTargetArray@Details@Platform@@YAPEAXPEAXPEAUEventLock@12@@Z
?EventSourceGetTargetArrayEvent@Details@Platform@@YAPEAXPEAXIPEBXPEA_J@Z
?EventSourceGetTargetArraySize@Details@Platform@@YAIPEAX@Z
?EventSourceInitialize@Details@Platform@@YAXPEAPEAX@Z
?EventSourceRemove@Details@Platform@@YAXPEAPEAXPEAUEventLock@12@VEventRegistrationToken@Foundation@Windows@@@Z
?EventSourceUninitialize@Details@Platform@@YAXPEAPEAX@Z
?FlushFactoryCache@@YAXXZ
?Free@Heap@Details@Platform@@SAXPEAX@Z
?FreeException@Heap@Details@Platform@@SAXPEAX@Z
?GetActivationFactory@Details@Platform@@YAJPEAVModuleBase@1WRL@Microsoft@@PEAUHSTRING__@@PEAPEAUIActivationFactory@@@Z
?GetActivationFactoryByPCWSTR@@YAJPEAXAEAVGuid@Platform@@PEAPEAX@Z
?GetCmdArguments@Details@Platform@@YAPEAPEA_WPEAH@Z
?GetHashCode@Attribute@Metadata@Platform@@QE$AAAHXZ
?GetHashCode@Boolean@Platform@@QEAAHXZ
?GetHashCode@Delegate@Platform@@QE$AAAHXZ
?GetHashCode@Enum@Platform@@QE$AAAHXZ
?GetHashCode@Exception@Platform@@UE$AAAHXZ
?GetHashCode@Guid@Platform@@QEAAHXZ
?GetHashCode@MTAThreadAttribute@Platform@@QE$AAAHXZ
?GetHashCode@Object@Platform@@QE$AAAHXZ
?GetHashCode@OnePhaseConstructedAttribute@CompilerServices@Runtime@Platform@@QE$AAAHXZ
?GetHashCode@STAThreadAttribute@Platform@@QE$AAAHXZ
?GetHashCode@Type@Platform@@UE$AAAHXZ
?GetHashCode@ValueType@Platform@@QE$AAAHXZ
?GetHashCode@char16@default@@QEAAHXZ
?GetHashCode@float32@default@@QEAAHXZ
?GetHashCode@float64@default@@QEAAHXZ
?GetHashCode@int16@default@@QEAAHXZ
?GetHashCode@int32@default@@QEAAHXZ
?GetHashCode@int64@default@@QEAAHXZ
?GetHashCode@int8@default@@QEAAHXZ
?GetHashCode@uint16@default@@QEAAHXZ
?GetHashCode@uint32@default@@QEAAHXZ
?GetHashCode@uint64@default@@QEAAHXZ
?GetHashCode@uint8@default@@QEAAHXZ
?GetIBoxArrayVtable@Details@Platform@@YAPEAXPEAX@Z
?GetIBoxVtable@Details@Platform@@YAPEAXPEAX@Z
?GetIidsFn@@YAJHPEAKPEBU__s_GUID@@PEAPEAVGuid@Platform@@@Z
?GetObjectContext@Details@Platform@@YAPEAUIUnknown@@XZ
?GetProxyImpl@Details@Platform@@YAJPEAUIUnknown@@AEBU_GUID@@0PEAPEAU3@@Z
?GetType@Boolean@Platform@@QEAAPE$AAVType@2@XZ
?GetType@Guid@Platform@@QEAAPE$AAVType@2@XZ
?GetType@Object@Platform@@QE$AAAPE$AAVType@2@XZ
?GetType@char16@default@@QEAAPE$AAVType@Platform@@XZ
?GetType@float32@default@@QEAAPE$AAVType@Platform@@XZ
?GetType@float64@default@@QEAAPE$AAVType@Platform@@XZ
?GetType@int16@default@@QEAAPE$AAVType@Platform@@XZ
?GetType@int32@default@@QEAAPE$AAVType@Platform@@XZ
?GetType@int64@default@@QEAAPE$AAVType@Platform@@XZ
?GetType@int8@default@@QEAAPE$AAVType@Platform@@XZ
?GetType@uint16@default@@QEAAPE$AAVType@Platform@@XZ
?GetType@uint32@default@@QEAAPE$AAVType@Platform@@XZ
?GetType@uint64@default@@QEAAPE$AAVType@Platform@@XZ
?GetType@uint8@default@@QEAAPE$AAVType@Platform@@XZ
?GetTypeCode@Type@Platform@@SA?AW4TypeCode@2@PE$AAV12@@Z
?GetWeakReference@Details@Platform@@YAPEAU__abi_IUnknown@@QE$ADVObject@2@@Z
?InitControlBlock@ControlBlock@Details@Platform@@AEAAXPEAX_N11@Z
?InitializeData@Details@Platform@@YAJH@Z
?Intersect@Rect@Foundation@Windows@@QEAAXV123@@Z
?IntersectsWith@Rect@Foundation@Windows@@QEAA_NV123@@Z
?Invert@Matrix3D@Media3D@Media@Xaml@UI@Windows@@QEAAXXZ
?ReCreateException@Exception@Platform@@SAPE$AAV12@H@Z
?ReferenceEquals@Object@Platform@@SA_NPE$AAV12@0@Z
?ReferenceEquals@Object@Platform@@SA_NPE$AAVString@2@0@Z
?RegisterFactories@Details@Platform@@YAPE$AAVObject@2@PEAPEAVModuleBase@1WRL@Microsoft@@PEAPEAU__abi_Module@@P6AXXZ@Z
?ReleaseInContextImpl@Details@Platform@@YAJPEAUIUnknown@@0@Z
?ReleaseTarget@ControlBlock@Details@Platform@@AEAAXXZ
?ResolveWeakReference@Details@Platform@@YAPE$AAVObject@2@AEBU_GUID@@PEAPEAU__abi_IUnknown@@@Z
?RunApplicationServer@Details@Platform@@YAXPEAPEAVModuleBase@1WRL@Microsoft@@PEAPEAU__abi_Module@@PEB_W@Z
?RunServer@Details@Platform@@YAXPEAPEAVModuleBase@1WRL@Microsoft@@PEAPEAU__abi_Module@@PEB_W@Z
?TerminateModule@Details@Platform@@YA_NPEAVModuleBase@1WRL@Microsoft@@@Z
?ToInt32@IntPtr@Platform@@QEAAHXZ
?ToString@Attribute@Metadata@Platform@@QE$AAAPE$AAVString@3@XZ
?ToString@Boolean@Platform@@QEAAPE$AAVString@2@XZ
?ToString@Delegate@Platform@@QE$AAAPE$AAVString@2@XZ
?ToString@Enum@Platform@@QE$AAAPE$AAVString@2@XZ
?ToString@Exception@Platform@@UE$AAAPE$AAVString@2@XZ
?ToString@Guid@Platform@@QEAAPE$AAVString@2@XZ
?ToString@MTAThreadAttribute@Platform@@QE$AAAPE$AAVString@2@XZ
?ToString@OnePhaseConstructedAttribute@CompilerServices@Runtime@Platform@@QE$AAAPE$AAVString@4@XZ
?ToString@STAThreadAttribute@Platform@@QE$AAAPE$AAVString@2@XZ
?ToString@Type@Platform@@UE$AAAPE$AAVString@2@XZ
?ToString@ValueType@Platform@@QE$AAAPE$AAVString@2@XZ
?ToString@char16@default@@QEAAPE$AAVString@Platform@@XZ
?ToString@float32@default@@QEAAPE$AAVString@Platform@@XZ
?ToString@float64@default@@QEAAPE$AAVString@Platform@@XZ
?ToString@int16@default@@QEAAPE$AAVString@Platform@@XZ
?ToString@int32@default@@QEAAPE$AAVString@Platform@@XZ
?ToString@int64@default@@QEAAPE$AAVString@Platform@@XZ
?ToString@int8@default@@QEAAPE$AAVString@Platform@@XZ
?ToString@uint16@default@@QEAAPE$AAVString@Platform@@XZ
?ToString@uint32@default@@QEAAPE$AAVString@Platform@@XZ
?ToString@uint64@default@@QEAAPE$AAVString@Platform@@XZ
?ToString@uint8@default@@QEAAPE$AAVString@Platform@@XZ
?UninitializeData@Details@Platform@@YAXH@Z
?Union@Rect@Foundation@Windows@@QEAAXV123@@Z
?Union@Rect@Foundation@Windows@@QEAAXVPoint@23@@Z
?WriteLine@Console@Details@Platform@@SAXPE$AAVObject@3@@Z
?WriteLine@Console@Details@Platform@@SAXPE$AAVString@3@@Z
?WriteLine@Console@Details@Platform@@SAXXZ
?__abi_FailFast@@YAXXZ
?__abi_ObjectToString@__abi_details@@YAPE$AAVString@Platform@@PE$AAVObject@3@_N@Z
?__abi_Resolve@ControlBlock@Details@Platform@@UEAAJAEAVGuid@3@PEAPEAU__abi_IInspectable@@@Z
?__abi_WinRTraiseAccessDeniedException@@YAXXZ
?__abi_WinRTraiseCOMException@@YAXJ@Z
?__abi_WinRTraiseChangedStateException@@YAXXZ
?__abi_WinRTraiseClassNotRegisteredException@@YAXXZ
?__abi_WinRTraiseDisconnectedException@@YAXXZ
?__abi_WinRTraiseFailureException@@YAXXZ
?__abi_WinRTraiseInvalidArgumentException@@YAXXZ
?__abi_WinRTraiseInvalidCastException@@YAXXZ
?__abi_WinRTraiseNotImplementedException@@YAXXZ
?__abi_WinRTraiseNullReferenceException@@YAXXZ
?__abi_WinRTraiseObjectDisposedException@@YAXXZ
?__abi_WinRTraiseOperationCanceledException@@YAXXZ
?__abi_WinRTraiseOutOfBoundsException@@YAXXZ
?__abi_WinRTraiseOutOfMemoryException@@YAXXZ
?__abi_WinRTraiseWrongThreadException@@YAXXZ
?__abi_cast_Object_to_String@__abi_details@@YAPE$AAVString@Platform@@_NPE$AAVObject@3@@Z
?__abi_cast_String_to_Object@__abi_details@@YAPE$AAVObject@Platform@@PE$AAVString@3@@Z
?__abi_make_type_id@@YAPE$AAVType@Platform@@AEBU__abi_type_descriptor@@@Z
?__abi_translateCurrentException@@YAJ_N@Z
?__getActivationFactoryByHSTRING@@YAJPEAUHSTRING__@@AEAVGuid@Platform@@PEAPEAX@Z
?get@Bottom@Rect@Foundation@Windows@@QEAAMXZ
?get@BreakOnAllocationId@Heap@Details@Platform@@SAHXZ
?get@BreakOnFreeId@Heap@Details@Platform@@SAHXZ
?get@CurrentAllocationId@Heap@Details@Platform@@SAHXZ
?get@Empty@Rect@Foundation@Windows@@SA?AV234@XZ
?get@Empty@Size@Foundation@Windows@@SA?AV234@XZ
?get@FullName@Type@Platform@@QE$AAAPE$AAVString@3@XZ
?get@HasInverse@Matrix3D@Media3D@Media@Xaml@UI@Windows@@QEAA_NXZ
?get@Message@Exception@Platform@@QE$AAAPE$AAVString@3@XZ
?get@ObjectCount@Heap@Details@Platform@@SAHXZ
?get@Right@Rect@Foundation@Windows@@QEAAMXZ
?get@TrackingLevel@Heap@Details@Platform@@SA?AW4HeapAllocationTrackingLevel@34@XZ
?set@BreakOnAllocationId@Heap@Details@Platform@@SAXH@Z
?set@BreakOnFreeId@Heap@Details@Platform@@SAXH@Z
?set@TrackingLevel@Heap@Details@Platform@@SAXW4HeapAllocationTrackingLevel@34@@Z

Sections

.text
Size: 160KB - Virtual size: 160KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 99KB - Virtual size: 98KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 41KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Korepi/dll/vcruntime140.dll
.dll windows:6 windows x64 arch:x64

44c3854843f7a3fccdf8ddbbea66f302

Code Sign

33:00:00:02:56:06:f5:9e:81:98:70:24:97:00:00:00:00:02:56
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

02-09-2021 18:33

Not After

01-09-2022 18:33

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08-07-2011 20:59

Not After

08-07-2026 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

98:09:a8:dc:f7:00:df:75:b8:22:1d:1b:72:13:c7:66:4d:39:3e:2f:22:5c:f6:71:64:6a:1d:be:96:bf:00:56
Signer

Actual PE Digest

98:09:a8:dc:f7:00:df:75:b8:22:1d:1b:72:13:c7:66:4d:39:3e:2f:22:5c:f6:71:64:6a:1d:be:96:bf:00:56

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

d:\a01\_work\12\s\\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdb

Imports

api-ms-win-crt-runtime-l1-1-0

terminate
abort

api-ms-win-crt-heap-l1-1-0

calloc
malloc
free

api-ms-win-crt-string-l1-1-0

strcpy_s
strncmp
wcsncmp

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vsprintf_s

api-ms-win-crt-convert-l1-1-0

atol

kernel32

SetLastError
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlCaptureContext
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
RtlLookupFunctionEntry
RtlUnwindEx
GetModuleHandleW
RtlUnwind
EncodePointer
RaiseException
RtlPcToFileHeader
InterlockedPushEntrySList
InterlockedFlushSList
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
GetLastError
LoadLibraryExW
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetProcAddress
GetModuleFileNameW

Exports

Exports

_CreateFrameInfo
_CxxThrowException
_FindAndUnlinkFrame
_IsExceptionObjectToBeDestroyed
_SetWinRTOutOfMemoryExceptionCallback
__AdjustPointer
__BuildCatchObject
__BuildCatchObjectHelper
__C_specific_handler
__C_specific_handler_noexcept
__CxxDetectRethrow
__CxxExceptionFilter
__CxxFrameHandler
__CxxFrameHandler2
__CxxFrameHandler3
__CxxQueryExceptionSize
__CxxRegisterExceptionObject
__CxxUnregisterExceptionObject
__DestructExceptionObject
__FrameUnwindFilter
__GetPlatformExceptionInfo
__NLG_Dispatch2
__NLG_Return2
__RTCastToVoid
__RTDynamicCast
__RTtypeid
__TypeMatch
__current_exception
__current_exception_context
__intrinsic_setjmp
__intrinsic_setjmpex
__processing_throw
__report_gsfailure
__std_exception_copy
__std_exception_destroy
__std_terminate
__std_type_info_compare
__std_type_info_destroy_list
__std_type_info_hash
__std_type_info_name
__telemetry_main_invoke_trigger
__telemetry_main_return_trigger
__unDName
__unDNameEx
__uncaught_exception
__uncaught_exceptions
__vcrt_GetModuleFileNameW
__vcrt_GetModuleHandleW
__vcrt_InitializeCriticalSectionEx
__vcrt_LoadLibraryExW
_get_purecall_handler
_get_unexpected
_is_exception_typeof
_local_unwind
_purecall
_set_purecall_handler
_set_se_translator
longjmp
memchr
memcmp
memcpy
memmove
memset
set_unexpected
strchr
strrchr
strstr
unexpected
wcschr
wcsrchr
wcsstr

Sections

.text
Size: 62KB - Virtual size: 62KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 244B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1016B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 416B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Korepi/dll/vcruntime140_1.dll
.dll windows:6 windows x64 arch:x64

ae0bde6314fa2027b54ce04898f6ab69

Code Sign

33:00:00:02:56:06:f5:9e:81:98:70:24:97:00:00:00:00:02:56
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

02-09-2021 18:33

Not After

01-09-2022 18:33

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08-07-2011 20:59

Not After

08-07-2026 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

28:44:26:42:67:e0:b4:89:6c:d5:54:8b:d2:f4:58:54:d9:4e:e1:23:26:47:6c:be:70:a3:51:36:12:22:0b:9c
Signer

Actual PE Digest

28:44:26:42:67:e0:b4:89:6c:d5:54:8b:d2:f4:58:54:d9:4e:e1:23:26:47:6c:be:70:a3:51:36:12:22:0b:9c

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

d:\a01\_work\12\s\\binaries\amd64ret\bin\amd64\\vcruntime140_1.amd64.pdb

Imports

api-ms-win-crt-runtime-l1-1-0

terminate
abort

api-ms-win-crt-heap-l1-1-0

malloc
calloc
free

api-ms-win-crt-string-l1-1-0

strcpy_s
wcsncmp

vcruntime140

__processing_throw
__C_specific_handler
memmove
__current_exception

kernel32

IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlCaptureContext
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
RtlUnwindEx
RtlLookupFunctionEntry
LoadLibraryExW
GetProcAddress
FreeLibrary
TlsFree
TlsSetValue
TlsGetValue
EncodePointer
RaiseException
RtlPcToFileHeader
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
GetLastError
SetLastError
TlsAlloc

Exports

Exports

__CxxFrameHandler4
__NLG_Dispatch2
__NLG_Return2

Sections

.text
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1024B - Virtual size: 1020B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 316B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Korepi/dll/vivoxsdk.dll
.dll windows:6 windows x64 arch:x64

d226ec7151a759ca2700b13d20e2d327

Code Sign

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22-10-2013 12:00

Not After

22-10-2028 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:21:fb:74:05:03:b1:53:74:37:73:13:d1:2b:8c:bf
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

27-08-2020 00:00

Not After

31-08-2023 12:00

Subject

CN=Unity Technologies ApS,OU=Unity Cloud,O=Unity Technologies ApS,L=Copenhagen,C=DK

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02-05-2019 00:00

Not After

18-01-2038 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

90:39:7f:9a:d2:4a:3a:13:f2:bd:91:5f:08:38:a9:43
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

11-05-2022 00:00

Not After

10-08-2033 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #3,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

5c:3f:c1:2e:1c:c0:f4:78:12:5b:19:27:22:e1:58:69:87:85:a8:d3
Signer

Actual PE Digest

5c:3f:c1:2e:1c:c0:f4:78:12:5b:19:27:22:e1:58:69:87:85:a8:d3

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\build\output\unity\vivox-sdk\artifacts\vivoxsdk\release_Win64_VS2017_nonlump\vivoxsdk.pdb

Imports

shell32

SHGetSpecialFolderPathW

sensapi

IsNetworkAlive

winmm

waveOutPrepareHeader
waveOutWrite
waveOutGetNumDevs
waveOutGetDevCapsA
waveOutMessage
waveInGetNumDevs
waveInGetDevCapsA
waveInMessage
waveInStart
waveOutClose
waveOutOpen
waveInAddBuffer
waveOutReset
waveInPrepareHeader
waveInClose
waveInOpen
waveInReset

crypt32

CryptDecodeObjectEx
CryptImportPublicKeyInfo

kernel32

ReadConsoleW
HeapReAlloc
GetConsoleMode
SetFilePointerEx
GetFileSizeEx
SetStdHandle
VerSetConditionMask
GetEnvironmentVariableA
VerifyVersionInfoW
GetSystemTimeAsFileTime
GetLocalTime
Sleep
GetTickCount64
FreeLibrary
GetProcAddress
LoadLibraryA
GetTickCount
FormatMessageA
CloseHandle
RaiseException
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
SetEvent
WaitForSingleObject
CreateEventA
GetCurrentThreadId
GetSystemTime
GetLastError
GetVersionExA
LocalFree
FormatMessageW
WideCharToMultiByte
CreateThread
GetModuleHandleA
LocalAlloc
MultiByteToWideChar
GetACP
CreateDirectoryA
CreateFileA
FindClose
FindFirstFileA
FindNextFileA
GetFileAttributesA
GetFileAttributesExA
GetTempPathA
IsDebuggerPresent
OutputDebugStringA
ResetEvent
GetCurrentProcessId
GetCurrentThread
OpenThread
SetThreadPriority
GetModuleFileNameA
HeapAlloc
HeapFree
GetProcessHeap
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
SystemTimeToFileTime
GetDateFormatA
GetTimeFormatA
GlobalMemoryStatusEx
GetNativeSystemInfo
GetCurrentProcess
MoveFileExW
QueryPerformanceCounter
GetConsoleCP
WriteFile
FlushFileBuffers
GetStdHandle
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetTimeFormatW
GetDateFormatW
GetCurrentDirectoryW
SetEnvironmentVariableW
PeekNamedPipe
GetFileType
GetFileInformationByHandle
CreateFileW
ReadFile
ExitProcess
GetModuleHandleExW
RtlPcToFileHeader
RtlUnwindEx
LoadLibraryW
UnregisterWaitEx
QueryDepthSList
InterlockedFlushSList
InterlockedPushEntrySList
InterlockedPopEntrySList
ReleaseSemaphore
DuplicateHandle
VirtualFree
VirtualProtect
VirtualAlloc
GetVersionExW
LoadLibraryExW
GetModuleFileNameW
FreeLibraryAndExitThread
GetThreadTimes
UnregisterWait
RegisterWaitForSingleObject
SetThreadAffinityMask
GetProcessAffinityMask
GetNumaHighestNodeNumber
DeleteTimerQueueTimer
ChangeTimerQueueTimer
CreateTimerQueueTimer
GetLogicalProcessorInformation
GetThreadPriority
DeleteFileW
RtlUnwind
HeapSize
GetTimeZoneInformation
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetOEMCP
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SignalObjectAndWait
CreateTimerQueue
InitializeSListHead
GetStartupInfoW
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
WaitForSingleObjectEx
GetCPInfo
GetLocaleInfoW
LCMapStringW
CompareStringW
WriteConsoleW
SetEndOfFile
TerminateThread
GetStringTypeW
DecodePointer
EncodePointer
GetModuleHandleW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
SwitchToThread
CreateEventW
CreateMutexW
TryEnterCriticalSection
QueryPerformanceFrequency
SetLastError
InitializeCriticalSectionAndSpinCount

ole32

CoInitializeEx
CoCreateInstance
StringFromGUID2
PropVariantClear
CoInitialize
CoUninitialize
CoTaskMemFree

ws2_32

WSAIoctl
WSAGetLastError
WSACleanup
WSAStartup
send
freeaddrinfo
getpeername
ioctlsocket
connect
closesocket
select
__WSAFDIsSet
socket
htons
recvfrom
sendto
bind
htonl
ntohl
setsockopt
getnameinfo
getaddrinfo
ntohs
gethostname
inet_addr
WSAResetEvent
recv
inet_pton

user32

RegisterDeviceNotificationA
PostThreadMessageA
UnregisterClassA
RegisterClassExA
CreateWindowExA
DefWindowProcA
UnregisterDeviceNotification
GetMessageA
DispatchMessageA
TranslateMessage
RegisterWindowMessageA
DestroyWindow

advapi32

RegOpenKeyExA
RegCloseKey
RegEnumKeyExA
RegQueryInfoKeyA
RegQueryValueExA
CryptDecrypt
CryptEncrypt
CryptImportKey
CryptGenRandom
CryptSetKeyParam
CryptDestroyKey
CryptReleaseContext
CryptAcquireContextA

shlwapi

PathCombineA
PathStripPathA

rpcrt4

RpcStringFreeA
UuidToStringA
UuidCreate

bcrypt

BCryptDestroyHash
BCryptOpenAlgorithmProvider
BCryptGetProperty
BCryptFinishHash
BCryptHashData
BCryptCreateHash

iphlpapi

GetAdaptersInfo
GetBestInterface

winhttp

WinHttpQueryHeaders
WinHttpReceiveResponse
WinHttpSendRequest
WinHttpOpenRequest
WinHttpConnect
WinHttpSetOption
WinHttpReadData
WinHttpOpen
WinHttpCloseHandle

Exports

Exports

destroy_evt
destroy_req
destroy_resp
flite_lang_list
flite_lang_list_length
flite_voice_list
vx_account_create
vx_account_free
vx_alloc_spurs_jobqueue_handle
vx_allocate
vx_allocate_aligned
vx_android_set_mic_mute
vx_apply_font_to_file
vx_apply_font_to_file_return_energy_ratio
vx_apply_font_to_vxz_file_return_energy_ratio
vx_auto_accept_rule_create
vx_auto_accept_rule_free
vx_auto_accept_rules_create
vx_auto_accept_rules_free
vx_block_rule_create
vx_block_rule_free
vx_block_rules_create
vx_block_rules_free
vx_buddy_create
vx_buddy_free
vx_buddy_list_create
vx_buddy_list_free
vx_calloc
vx_channel_create
vx_channel_free
vx_channel_list_create
vx_channel_list_free
vx_check_wav_file
vx_clear_stats
vx_connectivity_test_result_create
vx_connectivity_test_result_free
vx_connectivity_test_results_create
vx_connectivity_test_results_free
vx_cookie_create
vx_cookie_free
vx_copy_audioBuffer
vx_cpumonitor_start
vx_cpumonitor_start_eater
vx_cpumonitor_stop
vx_cpumonitor_stop_eater
vx_crash_test
vx_create_account
vx_create_resp
vx_debug_call
vx_debug_generate_token
vx_delete_crash_dump
vx_destroy_message
vx_device_create
vx_device_free
vx_devices_create
vx_devices_free
vx_event_to_xml
vx_evt_account_login_state_change_free
vx_evt_aux_audio_properties_create
vx_evt_aux_audio_properties_free
vx_evt_buddy_and_group_list_changed_create
vx_evt_buddy_and_group_list_changed_free
vx_evt_buddy_changed_create
vx_evt_buddy_changed_free
vx_evt_buddy_group_changed_create
vx_evt_buddy_group_changed_free
vx_evt_buddy_presence_create
vx_evt_buddy_presence_free
vx_evt_idle_state_changed_create
vx_evt_idle_state_changed_free
vx_evt_keyboard_mouse_create
vx_evt_keyboard_mouse_free
vx_evt_media_completion_create
vx_evt_media_completion_free
vx_evt_media_stream_updated_create
vx_evt_media_stream_updated_free
vx_evt_message_create
vx_evt_message_free
vx_evt_participant_added_create
vx_evt_participant_added_free
vx_evt_participant_removed_create
vx_evt_participant_removed_free
vx_evt_participant_updated_create
vx_evt_participant_updated_free
vx_evt_server_app_data_create
vx_evt_server_app_data_free
vx_evt_session_added_create
vx_evt_session_added_free
vx_evt_session_notification_create
vx_evt_session_notification_free
vx_evt_session_removed_create
vx_evt_session_removed_free
vx_evt_session_updated_create
vx_evt_session_updated_free
vx_evt_sessiongroup_added_create
vx_evt_sessiongroup_added_free
vx_evt_sessiongroup_playback_frame_played_captured_create
vx_evt_sessiongroup_playback_frame_played_free
vx_evt_sessiongroup_removed_create
vx_evt_sessiongroup_removed_free
vx_evt_sessiongroup_updated_create
vx_evt_sessiongroup_updated_free
vx_evt_subscription_create
vx_evt_subscription_free
vx_evt_text_stream_updated_create
vx_evt_text_stream_updated_free
vx_evt_user_app_data_create
vx_evt_user_app_data_free
vx_evt_voice_service_connection_state_changed_create
vx_export_audioBuffer_to_memory
vx_export_audioBuffer_to_pcm
vx_export_audioBuffer_to_wav_file
vx_free
vx_free_audioBuffer
vx_free_http
vx_free_spurs_jobqueue_handle
vx_get_agc_enabled
vx_get_audioBuffer_duration
vx_get_audioBuffer_sample_rate
vx_get_audio_device_hot_swap_type_string
vx_get_available_codecs_mask
vx_get_channel_rolloff_curve_type_string
vx_get_connection_state_string
vx_get_crash_dump_count
vx_get_crash_dump_generation
vx_get_crash_dump_timestamp
vx_get_default_codecs_mask
vx_get_default_config3
vx_get_dump_memory_interval
vx_get_dynamic_voice_processing_switching_enabled
vx_get_echo_channel_uri
vx_get_error_string
vx_get_event_type_string
vx_get_general_channel_uri
vx_get_http
vx_get_int_var
vx_get_log_file_path
vx_get_log_level_string
vx_get_login_state_string
vx_get_media_completion_type_string
vx_get_message
vx_get_message_type
vx_get_notification_type_string
vx_get_participant_removed_reason_string
vx_get_path
vx_get_platform_aec_enabled
vx_get_positional_channel_uri
vx_get_presence_state_string
vx_get_random_channel_uri
vx_get_random_channel_uri_ex
vx_get_random_user_id
vx_get_random_user_id_ex
vx_get_random_value
vx_get_report_issue_document
vx_get_request_type_string
vx_get_response_for
vx_get_response_type_string
vx_get_rtp_enabled_inbound
vx_get_rtp_enabled_outbound
vx_get_sdk_version_info
vx_get_sdk_version_info_ex
vx_get_session_media_state_string
vx_get_session_text_state_string
vx_get_stats
vx_get_system_stats
vx_get_time_micro_seconds
vx_get_time_milli_seconds
vx_get_time_ms
vx_get_tts_dest_string
vx_get_tts_status_string
vx_get_user_uri
vx_get_vivox_aec_enabled
vx_group_create
vx_group_free
vx_group_list_create
vx_group_list_free
vx_initialize
vx_initialize3
vx_internal_disable_debug_mode_enable_strict_checks
vx_internal_enable_debug_mode_disable_strict_checks
vx_is_access_token_well_formed
vx_is_initialized
vx_issue_request
vx_issue_request2
vx_issue_request3
vx_name_value_pair_create
vx_name_value_pair_free
vx_name_value_pairs_create
vx_name_value_pairs_free
vx_on_application_exit
vx_opus_get_bandwidth
vx_opus_get_bit_rate
vx_opus_get_complexity
vx_opus_get_vbr_mode
vx_opus_set_bandwidth
vx_opus_set_bit_rate
vx_opus_set_complexity
vx_opus_set_vbr_mode
vx_participant_create
vx_participant_free
vx_participant_list_create
vx_participant_list_free
vx_print_env
vx_queue_job_async
vx_queue_job_sync
vx_read_crash_dump
vx_read_wav_file
vx_reallocate
vx_register_all_requests
vx_register_logging_initialization
vx_register_message_notification_handler
vx_render_audio_from_this_thread
vx_req_account_anonymous_login_create
vx_req_account_archive_query_create
vx_req_account_authtoken_login_create
vx_req_account_buddy_delete_create
vx_req_account_buddy_set_create
vx_req_account_channel_add_acl_create
vx_req_account_channel_change_owner_create
vx_req_account_channel_get_acl_create
vx_req_account_channel_remove_acl_create
vx_req_account_chat_history_get_last_read_create
vx_req_account_chat_history_query_create
vx_req_account_control_communications_create
vx_req_account_create_auto_accept_rule_create
vx_req_account_create_block_rule_create
vx_req_account_delete_auto_accept_rule_create
vx_req_account_delete_block_rule_create
vx_req_account_get_account_create
vx_req_account_get_session_fonts_create
vx_req_account_get_template_fonts_create
vx_req_account_list_auto_accept_rules_create
vx_req_account_list_block_rules_create
vx_req_account_list_buddies_and_groups_create
vx_req_account_login_create
vx_req_account_logout_create
vx_req_account_post_crash_dump_create
vx_req_account_send_message_create
vx_req_account_send_sms_create
vx_req_account_send_subscription_reply_create
vx_req_account_send_user_app_data_create
vx_req_account_set_login_properties_create
vx_req_account_set_presence_create
vx_req_account_update_account_create
vx_req_account_web_call_create
vx_req_aux_capture_audio_start_create
vx_req_aux_capture_audio_stop_create
vx_req_aux_connectivity_info_create
vx_req_aux_create_account_create
vx_req_aux_deactivate_account_create
vx_req_aux_diagnostic_state_dump_create
vx_req_aux_get_capture_devices_create
vx_req_aux_get_derumbler_properties_create
vx_req_aux_get_mic_level_create
vx_req_aux_get_render_devices_create
vx_req_aux_get_speaker_level_create
vx_req_aux_get_vad_properties_create
vx_req_aux_global_monitor_keyboard_mouse_create
vx_req_aux_notify_application_state_change_create
vx_req_aux_play_audio_buffer_create
vx_req_aux_reactivate_account_create
vx_req_aux_render_audio_modify_create
vx_req_aux_render_audio_start_create
vx_req_aux_render_audio_stop_create
vx_req_aux_reset_password_create
vx_req_aux_set_capture_device_create
vx_req_aux_set_derumbler_properties_create
vx_req_aux_set_idle_timeout_create
vx_req_aux_set_mic_level_create
vx_req_aux_set_render_device_create
vx_req_aux_set_speaker_level_create
vx_req_aux_set_vad_properties_create
vx_req_aux_start_buffer_capture_create
vx_req_channel_ban_user_create
vx_req_channel_get_banned_users_create
vx_req_channel_kick_user_create
vx_req_channel_mute_all_users_create
vx_req_channel_mute_user_create
vx_req_channel_set_lock_mode_create
vx_req_connector_create_create
vx_req_connector_get_local_audio_info_create
vx_req_connector_initiate_shutdown_create
vx_req_connector_mute_local_mic_create
vx_req_connector_mute_local_speaker_create
vx_req_connector_set_local_mic_volume_create
vx_req_connector_set_local_speaker_volume_create
vx_req_session_archive_query_create
vx_req_session_channel_invite_user_create
vx_req_session_chat_history_query_create
vx_req_session_create_create
vx_req_session_media_connect_create
vx_req_session_media_disconnect_create
vx_req_session_mute_local_speaker_create
vx_req_session_send_dtmf_create
vx_req_session_send_message_create
vx_req_session_send_notification_create
vx_req_session_set_3d_position_create
vx_req_session_set_local_render_volume_create
vx_req_session_set_local_speaker_volume_create
vx_req_session_set_participant_mute_for_me_create
vx_req_session_set_participant_volume_for_me_create
vx_req_session_set_voice_font_create
vx_req_session_terminate_create
vx_req_session_text_connect_create
vx_req_session_text_disconnect_create
vx_req_session_transcription_control_create
vx_req_sessiongroup_add_session_create
vx_req_sessiongroup_control_audio_injection_create
vx_req_sessiongroup_create_create
vx_req_sessiongroup_get_stats_create
vx_req_sessiongroup_remove_session_create
vx_req_sessiongroup_reset_focus_create
vx_req_sessiongroup_set_focus_create
vx_req_sessiongroup_set_session_3d_position_create
vx_req_sessiongroup_set_tx_all_sessions_create
vx_req_sessiongroup_set_tx_no_session_create
vx_req_sessiongroup_set_tx_session_create
vx_req_sessiongroup_terminate_create
vx_req_sessiongroup_unset_focus_create
vx_request_to_xml
vx_resp_account_anonymous_login_free
vx_resp_account_authtoken_login_free
vx_resp_account_buddy_delete_free
vx_resp_account_buddy_set_free
vx_resp_account_channel_add_acl_free
vx_resp_account_channel_change_owner_free
vx_resp_account_channel_get_acl_free
vx_resp_account_channel_remove_acl_free
vx_resp_account_create_auto_accept_rule_free
vx_resp_account_create_block_rule_free
vx_resp_account_delete_auto_accept_rule_free
vx_resp_account_delete_block_rule_free
vx_resp_account_get_account_free
vx_resp_account_get_session_fonts_free
vx_resp_account_get_template_fonts_free
vx_resp_account_list_auto_accept_rules_free
vx_resp_account_list_block_rules_free
vx_resp_account_list_buddies_and_groups_free
vx_resp_account_login_free
vx_resp_account_logout_free
vx_resp_account_post_crash_dump_free
vx_resp_account_send_sms_free
vx_resp_account_send_subscription_reply_free
vx_resp_account_send_user_app_data_free
vx_resp_account_set_login_properties_free
vx_resp_account_set_presence_free
vx_resp_account_update_account_free
vx_resp_aux_capture_audio_start_free
vx_resp_aux_capture_audio_stop_free
vx_resp_aux_connectivity_info_free
vx_resp_aux_create_account_free
vx_resp_aux_deactivate_account_free
vx_resp_aux_diagnostic_state_dump_free
vx_resp_aux_get_capture_devices_free
vx_resp_aux_get_derumbler_properties_free
vx_resp_aux_get_mic_level_free
vx_resp_aux_get_render_devices_free
vx_resp_aux_get_speaker_level_free
vx_resp_aux_get_vad_properties_free
vx_resp_aux_global_monitor_keyboard_mouse_free
vx_resp_aux_play_audio_buffer_free
vx_resp_aux_reactivate_account_free
vx_resp_aux_render_audio_modify_free
vx_resp_aux_render_audio_start_free
vx_resp_aux_render_audio_stop_free
vx_resp_aux_reset_password_free
vx_resp_aux_set_capture_device_free
vx_resp_aux_set_derumbler_properties_free
vx_resp_aux_set_idle_timeout_free
vx_resp_aux_set_mic_level_free
vx_resp_aux_set_render_device_free
vx_resp_aux_set_speaker_level_free
vx_resp_aux_set_vad_properties_free
vx_resp_aux_start_buffer_capture_free
vx_resp_channel_ban_user_free
vx_resp_channel_get_banned_users_free
vx_resp_channel_kick_user_free
vx_resp_channel_mute_all_users_free
vx_resp_channel_mute_user_free
vx_resp_channel_set_lock_mode_free
vx_resp_connector_create_free
vx_resp_connector_get_local_audio_info_free
vx_resp_connector_initiate_shutdown_free
vx_resp_connector_mute_local_mic_free
vx_resp_connector_mute_local_speaker_free
vx_resp_connector_set_local_mic_volume_free
vx_resp_connector_set_local_speaker_volume_free
vx_resp_session_channel_invite_user_free
vx_resp_session_create_free
vx_resp_session_media_connect_free
vx_resp_session_media_disconnect_free
vx_resp_session_mute_local_speaker_free
vx_resp_session_send_dtmf_free
vx_resp_session_send_message_free
vx_resp_session_send_notification_free
vx_resp_session_set_3d_position_free
vx_resp_session_set_local_render_volume_free
vx_resp_session_set_local_speaker_volume_free
vx_resp_session_set_participant_mute_for_me_free
vx_resp_session_set_participant_volume_for_me_free
vx_resp_session_set_voice_font_free
vx_resp_session_terminate_free
vx_resp_session_text_connect_free
vx_resp_session_text_disconnect_free
vx_resp_session_transcription_control_free
vx_resp_sessiongroup_add_session_free
vx_resp_sessiongroup_create_free
vx_resp_sessiongroup_get_stats_free
vx_resp_sessiongroup_remove_session_free
vx_resp_sessiongroup_reset_focus_free
vx_resp_sessiongroup_set_focus_free
vx_resp_sessiongroup_set_session_3d_position_free
vx_resp_sessiongroup_set_tx_all_sessions_free
vx_resp_sessiongroup_set_tx_no_session_free
vx_resp_sessiongroup_set_tx_session_free
vx_resp_sessiongroup_terminate_free
vx_resp_sessiongroup_unset_focus_free
vx_response_to_xml
vx_safe_invoke
vx_set_advanced_agc_enabled
vx_set_agc_enabled
vx_set_application_crash_data
vx_set_capture_derumbler_enabled
vx_set_crash_dump_generation_enabled
vx_set_default_message_rate_params
vx_set_dynamic_voice_processing_switching_enabled
vx_set_int_var
vx_set_message_rate_params
vx_set_out_of_process_server_address
vx_set_platform_aec_enabled
vx_set_rtp_enabled
vx_set_vad_enabled
vx_set_vivox_aec_enabled
vx_sleep_milli_seconds
vx_state_account_create
vx_state_account_free
vx_state_account_list_create
vx_state_account_list_free
vx_state_buddy_contact_create
vx_state_buddy_contact_free
vx_state_buddy_contact_list_create
vx_state_buddy_contact_list_free
vx_state_buddy_create
vx_state_buddy_free
vx_state_buddy_group_create
vx_state_buddy_group_free
vx_state_buddy_group_list_create
vx_state_buddy_group_list_free
vx_state_buddy_list_create
vx_state_buddy_list_free
vx_state_connector_create
vx_state_connector_free
vx_state_connector_list_create
vx_state_connector_list_free
vx_state_participant_create
vx_state_participant_free
vx_state_participant_list_create
vx_state_participant_list_free
vx_state_session_create
vx_state_session_free
vx_state_session_list_create
vx_state_session_list_free
vx_state_sessiongroup_create
vx_state_sessiongroup_free
vx_state_sessiongroup_list_create
vx_state_sessiongroup_list_free
vx_stop_render_audio_from_this_thread
vx_strdup
vx_string_list_create
vx_string_list_free
vx_tts_cancel_all
vx_tts_cancel_all_in_dest
vx_tts_cancel_utterance
vx_tts_destroy_utterance
vx_tts_get_voices
vx_tts_initialize
vx_tts_shutdown
vx_tts_speak
vx_tts_speak_to_buffer
vx_unallocate
vx_unallocate_aligned
vx_uninitialize
vx_unregister_logging_handler
vx_unregister_message_notification_handler
vx_uri_to_string
vx_user_channel_create
vx_user_channel_free
vx_user_channels_create
vx_user_channels_free
vx_voice_font_create
vx_voice_font_free
vx_voice_font_list_create
vx_voice_font_list_free
vx_vxd_destroy
vx_vxd_recv
vx_vxd_send
vx_wait_for_message
vx_write_wav_file
vx_xml_to_event
vx_xml_to_request

Sections

.text
Size: 3.0MB - Virtual size: 3.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8.3MB - Virtual size: 8.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 341KB - Virtual size: 951KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 128KB - Virtual size: 128KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 984B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 115KB - Virtual size: 114KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Korepi/msvcp140.dll
.dll windows:6 windows x64 arch:x64

2ba11fd5a511c8a409e705e9ab6b5dc1

Code Sign

33:00:00:02:56:06:f5:9e:81:98:70:24:97:00:00:00:00:02:56
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

02-09-2021 18:33

Not After

01-09-2022 18:33

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08-07-2011 20:59

Not After

08-07-2026 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

18:67:30:15:ed:b1:3a:f0:82:18:b0:d9:26:25:09:bb:ed:24:fd:a9:78:e1:e6:7e:7f:ff:79:d0:05:98:45:c7
Signer

Actual PE Digest

18:67:30:15:ed:b1:3a:f0:82:18:b0:d9:26:25:09:bb:ed:24:fd:a9:78:e1:e6:7e:7f:ff:79:d0:05:98:45:c7

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

d:\a01\_work\12\s\\binaries\amd64ret\bin\amd64\\msvcp140.amd64.pdb

Imports

vcruntime140

__current_exception_context
__C_specific_handler
memcmp
__uncaught_exceptions
__uncaught_exception
memchr
memmove
__std_terminate
_purecall
memset
memcpy
_CxxThrowException
__AdjustPointer
__current_exception
__std_exception_destroy
__std_type_info_destroy_list
__std_exception_copy

vcruntime140_1

__CxxFrameHandler4

api-ms-win-crt-heap-l1-1-0

_callnewh
realloc
calloc
free
malloc

api-ms-win-crt-runtime-l1-1-0

_seh_filter_dll
_configure_narrow_argv
abort
_initterm_e
_initialize_narrow_environment
_execute_onexit_table
_endthreadex
_beginthreadex
terminate
_set_new_handler
_invalid_parameter_noinfo_noreturn
_register_onexit_function
_initialize_onexit_table
_initterm
_crt_atexit
_cexit
_errno

api-ms-win-crt-string-l1-1-0

isdigit
isspace
isxdigit
iswxdigit
__strncnt
wcsnlen
iswspace
isupper
wcscpy_s
iswalnum
iswdigit
isalnum
islower
_wcsdup
tolower
strcspn

api-ms-win-crt-locale-l1-1-0

_lock_locales
__pctype_func
___lc_locale_name_func
setlocale
___lc_codepage_func
___mb_cur_max_func
___lc_collate_cp_func
_unlock_locales
localeconv

api-ms-win-crt-stdio-l1-1-0

fputs
fgetwc
fseek
_fsopen
_wfsopen
fputwc
ungetwc
__stdio_common_vsprintf_s
__acrt_iob_func
_get_stream_buffer_pointers
fclose
fflush
fgetc
fgetpos
fputc
fread
fsetpos
_fseeki64
fwrite
setvbuf
ungetc

api-ms-win-crt-filesystem-l1-1-0

_unlock_file
_lock_file
_wrmdir
_wrename
_wchdir
_wremove

api-ms-win-crt-time-l1-1-0

_W_Getmonths
_W_Getdays
_Gettnames
_Getmonths
_W_Gettnames
_Wcsftime
_Getdays
_Strftime

api-ms-win-crt-environment-l1-1-0

_wgetcwd

api-ms-win-crt-math-l1-1-0

pow
powf
ldexp
frexp
logf
log

api-ms-win-crt-convert-l1-1-0

btowc
strtod
strtof

api-ms-win-crt-utility-l1-1-0

rand_s

kernel32

SubmitThreadpoolWork
RaiseException
CompareStringEx
MultiByteToWideChar
GetCPInfo
InitializeSListHead
WideCharToMultiByte
LCMapStringEx
GetLocaleInfoEx
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
CreateDirectoryW
CreateFileW
FindClose
FindFirstFileExW
FindNextFileW
GetDiskFreeSpaceExW
GetFileAttributesExW
GetCurrentProcessId
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetFileInformationByHandleEx
GetProcAddress
GetModuleHandleW
CloseThreadpoolWait
SetThreadpoolWait
CreateThreadpoolWait
CloseThreadpoolTimer
WaitForThreadpoolTimerCallbacks
SetThreadpoolTimer
CreateThreadpoolTimer
GetTickCount64
GetSystemTimeAsFileTime
GetCurrentProcessorNumber
FlushProcessWriteBuffers
CreateSemaphoreExW
CreateEventExW
SetFileInformationByHandle
InitOnceExecuteOnce
GetStringTypeW
QueryPerformanceFrequency
QueryPerformanceCounter
GetModuleHandleExW
CloseThreadpoolWork
RtlPcToFileHeader
CreateThreadpoolWork
FreeLibraryWhenCallbackReturns
IsProcessorFeaturePresent
RtlCaptureStackBackTrace
DeleteCriticalSection
TryEnterCriticalSection
InitializeCriticalSectionEx
LeaveCriticalSection
EnterCriticalSection
InitializeSRWLock
GetNativeSystemInfo
GetExitCodeThread
GetCurrentThreadId
SwitchToThread
Sleep
WaitForSingleObjectEx
SleepConditionVariableSRW
SleepConditionVariableCS
WakeAllConditionVariable
WakeConditionVariable
InitializeConditionVariable
FormatMessageA
LocalFree
DecodePointer
EncodePointer
CreateSymbolicLinkW
CreateHardLinkW
CopyFileW
GetLastError
CloseHandle
AreFileApisANSI
GetTempPathW
SetFileTime
SetFilePointerEx
SetFileAttributesW
SetEndOfFile
GetFileInformationByHandle

Exports

Exports

??$_Getvals@_W@?$time_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@IEAAX_WAEBV_Locinfo@1@@Z
??$_Getvals@_W@?$time_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@IEAAX_WAEBV_Locinfo@1@@Z
??$_Getvals@_W@?$time_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@IEAAX_WAEBV_Locinfo@1@@Z
??0?$_Yarn@D@std@@QEAA@AEBV01@@Z
??0?$_Yarn@D@std@@QEAA@PEBD@Z
??0?$_Yarn@D@std@@QEAA@XZ
??0?$_Yarn@G@std@@QEAA@AEBV01@@Z
??0?$_Yarn@G@std@@QEAA@PEBG@Z
??0?$_Yarn@G@std@@QEAA@XZ
??0?$_Yarn@_W@std@@QEAA@AEBV01@@Z
??0?$_Yarn@_W@std@@QEAA@PEB_W@Z
??0?$_Yarn@_W@std@@QEAA@XZ
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
??0?$basic_ios@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??0?$basic_ios@GU?$char_traits@G@std@@@std@@IEAA@XZ
??0?$basic_ios@GU?$char_traits@G@std@@@std@@QEAA@PEAV?$basic_streambuf@GU?$char_traits@G@std@@@1@@Z
??0?$basic_ios@_WU?$char_traits@_W@std@@@std@@IEAA@XZ
??0?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEAA@PEAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@@Z
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@IEAA@$$QEAV01@@Z
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??0?$basic_iostream@GU?$char_traits@G@std@@@std@@IEAA@$$QEAV01@@Z
??0?$basic_iostream@GU?$char_traits@G@std@@@std@@QEAA@PEAV?$basic_streambuf@GU?$char_traits@G@std@@@1@@Z
??0?$basic_iostream@_WU?$char_traits@_W@std@@@std@@IEAA@$$QEAV01@@Z
??0?$basic_iostream@_WU?$char_traits@_W@std@@@std@@QEAA@PEAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@@Z
??0?$basic_istream@DU?$char_traits@D@std@@@std@@IEAA@$$QEAV01@@Z
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N1@Z
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@W4_Uninitialized@1@@Z
??0?$basic_istream@GU?$char_traits@G@std@@@std@@IEAA@$$QEAV01@@Z
??0?$basic_istream@GU?$char_traits@G@std@@@std@@QEAA@PEAV?$basic_streambuf@GU?$char_traits@G@std@@@1@_N1@Z
??0?$basic_istream@GU?$char_traits@G@std@@@std@@QEAA@PEAV?$basic_streambuf@GU?$char_traits@G@std@@@1@_N@Z
??0?$basic_istream@GU?$char_traits@G@std@@@std@@QEAA@W4_Uninitialized@1@@Z
??0?$basic_istream@_WU?$char_traits@_W@std@@@std@@IEAA@$$QEAV01@@Z
??0?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAA@PEAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@_N1@Z
??0?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAA@PEAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@_N@Z
??0?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAA@W4_Uninitialized@1@@Z
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@IEAA@$$QEAV01@@Z
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@W4_Uninitialized@1@_N@Z
??0?$basic_ostream@GU?$char_traits@G@std@@@std@@IEAA@$$QEAV01@@Z
??0?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAA@PEAV?$basic_streambuf@GU?$char_traits@G@std@@@1@_N@Z
??0?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAA@W4_Uninitialized@1@_N@Z
??0?$basic_ostream@_WU?$char_traits@_W@std@@@std@@IEAA@$$QEAV01@@Z
??0?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAA@PEAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@_N@Z
??0?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAA@W4_Uninitialized@1@_N@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@AEBV01@@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@W4_Uninitialized@1@@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
??0?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAA@AEBV01@@Z
??0?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAA@W4_Uninitialized@1@@Z
??0?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAA@XZ
??0?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAA@AEBV01@@Z
??0?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAA@W4_Uninitialized@1@@Z
??0?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAA@XZ
??0?$codecvt@DDU_Mbstatet@@@std@@QEAA@AEBV_Locinfo@1@_K@Z
??0?$codecvt@DDU_Mbstatet@@@std@@QEAA@_K@Z
??0?$codecvt@GDU_Mbstatet@@@std@@QEAA@AEBV_Locinfo@1@_K@Z
??0?$codecvt@GDU_Mbstatet@@@std@@QEAA@_K@Z
??0?$codecvt@_SDU_Mbstatet@@@std@@QEAA@AEBV_Locinfo@1@KW4_Codecvt_mode@1@_K@Z
??0?$codecvt@_SDU_Mbstatet@@@std@@QEAA@AEBV_Locinfo@1@_K@Z
??0?$codecvt@_SDU_Mbstatet@@@std@@QEAA@_K@Z
??0?$codecvt@_UDU_Mbstatet@@@std@@QEAA@AEBV_Locinfo@1@KW4_Codecvt_mode@1@_K@Z
??0?$codecvt@_UDU_Mbstatet@@@std@@QEAA@AEBV_Locinfo@1@_K@Z
??0?$codecvt@_UDU_Mbstatet@@@std@@QEAA@_K@Z
??0?$codecvt@_WDU_Mbstatet@@@std@@QEAA@AEBV_Locinfo@1@_K@Z
??0?$codecvt@_WDU_Mbstatet@@@std@@QEAA@_K@Z
??0?$ctype@D@std@@QEAA@AEBV_Locinfo@1@_K@Z
??0?$ctype@D@std@@QEAA@PEBF_N_K@Z
??0?$ctype@G@std@@QEAA@AEBV_Locinfo@1@_K@Z
??0?$ctype@G@std@@QEAA@_K@Z
??0?$ctype@_W@std@@QEAA@AEBV_Locinfo@1@_K@Z
??0?$ctype@_W@std@@QEAA@_K@Z
??0?$num_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QEAA@AEBV_Locinfo@1@_K@Z
??0?$num_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QEAA@_K@Z
??0?$num_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QEAA@AEBV_Locinfo@1@_K@Z
??0?$num_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QEAA@_K@Z
??0?$num_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@QEAA@AEBV_Locinfo@1@_K@Z
??0?$num_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@QEAA@_K@Z
??0?$num_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QEAA@AEBV_Locinfo@1@_K@Z
??0?$num_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QEAA@_K@Z
??0?$num_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QEAA@AEBV_Locinfo@1@_K@Z
??0?$num_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QEAA@_K@Z
??0?$num_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@QEAA@AEBV_Locinfo@1@_K@Z
??0?$num_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@QEAA@_K@Z
??0?$time_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@IEAA@PEBD_K@Z
??0?$time_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QEAA@AEBV_Locinfo@1@_K@Z
??0?$time_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QEAA@_K@Z
??0?$time_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@IEAA@PEBD_K@Z
??0?$time_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QEAA@AEBV_Locinfo@1@_K@Z
??0?$time_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QEAA@_K@Z
??0?$time_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@IEAA@PEBD_K@Z
??0?$time_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@QEAA@AEBV_Locinfo@1@_K@Z
??0?$time_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@QEAA@_K@Z
??0?$time_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QEAA@AEBV_Locinfo@1@_K@Z
??0?$time_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QEAA@_K@Z
??0?$time_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@IEAA@PEBD_K@Z
??0?$time_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QEAA@AEBV_Locinfo@1@_K@Z
??0?$time_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QEAA@_K@Z
??0?$time_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@IEAA@PEBD_K@Z
??0?$time_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@QEAA@AEBV_Locinfo@1@_K@Z
??0?$time_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@QEAA@_K@Z
??0Init@ios_base@std@@QEAA@XZ
??0_Facet_base@std@@QEAA@AEBV01@@Z
??0_Facet_base@std@@QEAA@XZ
??0_Init_locks@std@@QEAA@XZ
??0_Locimp@locale@std@@AEAA@AEBV012@@Z
??0_Locimp@locale@std@@AEAA@_N@Z
??0_Locinfo@std@@QEAA@HPEBD@Z
??0_Locinfo@std@@QEAA@PEBD@Z
??0_Lockit@std@@QEAA@H@Z
??0_Lockit@std@@QEAA@XZ
??0_Timevec@std@@QEAA@AEBV01@@Z
??0_Timevec@std@@QEAA@PEAX@Z
??0_UShinit@std@@QEAA@XZ
??0_Winit@std@@QEAA@XZ
??0codecvt_base@std@@QEAA@_K@Z
??0ctype_base@std@@QEAA@_K@Z
??0facet@locale@std@@IEAA@_K@Z
??0id@locale@std@@QEAA@_K@Z
??0ios_base@std@@IEAA@XZ
??0task_continuation_context@Concurrency@@AEAA@XZ
??0time_base@std@@QEAA@_K@Z
??1?$_Yarn@D@std@@QEAA@XZ
??1?$_Yarn@G@std@@QEAA@XZ
??1?$_Yarn@_W@std@@QEAA@XZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1?$basic_ios@GU?$char_traits@G@std@@@std@@UEAA@XZ
??1?$basic_ios@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1?$basic_iostream@GU?$char_traits@G@std@@@std@@UEAA@XZ
??1?$basic_iostream@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1?$basic_istream@GU?$char_traits@G@std@@@std@@UEAA@XZ
??1?$basic_istream@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1?$basic_ostream@GU?$char_traits@G@std@@@std@@UEAA@XZ
??1?$basic_ostream@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAA@XZ
??1?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
??1?$codecvt@DDU_Mbstatet@@@std@@MEAA@XZ
??1?$codecvt@GDU_Mbstatet@@@std@@MEAA@XZ
??1?$codecvt@_SDU_Mbstatet@@@std@@MEAA@XZ
??1?$codecvt@_UDU_Mbstatet@@@std@@MEAA@XZ
??1?$codecvt@_WDU_Mbstatet@@@std@@MEAA@XZ
??1?$ctype@D@std@@MEAA@XZ
??1?$ctype@G@std@@MEAA@XZ
??1?$ctype@_W@std@@MEAA@XZ
??1?$num_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@MEAA@XZ
??1?$num_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@MEAA@XZ
??1?$num_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@MEAA@XZ
??1?$num_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@MEAA@XZ
??1?$num_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@MEAA@XZ
??1?$num_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@MEAA@XZ
??1?$time_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@MEAA@XZ
??1?$time_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@MEAA@XZ
??1?$time_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@MEAA@XZ
??1?$time_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@MEAA@XZ
??1?$time_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@MEAA@XZ
??1?$time_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@MEAA@XZ
??1Init@ios_base@std@@QEAA@XZ
??1_Facet_base@std@@UEAA@XZ
??1_Init_locks@std@@QEAA@XZ
??1_Locimp@locale@std@@MEAA@XZ
??1_Locinfo@std@@QEAA@XZ
??1_Lockit@std@@QEAA@XZ
??1_Timevec@std@@QEAA@XZ
??1_UShinit@std@@QEAA@XZ
??1_Winit@std@@QEAA@XZ
??1codecvt_base@std@@UEAA@XZ
??1ctype_base@std@@UEAA@XZ
??1facet@locale@std@@MEAA@XZ
??1ios_base@std@@UEAA@XZ
??1time_base@std@@UEAA@XZ
??4?$_Iosb@H@std@@QEAAAEAV01@$$QEAV01@@Z
??4?$_Iosb@H@std@@QEAAAEAV01@AEBV01@@Z
??4?$_Yarn@D@std@@QEAAAEAV01@AEBV01@@Z
??4?$_Yarn@D@std@@QEAAAEAV01@PEBD@Z
??4?$_Yarn@G@std@@QEAAAEAV01@AEBV01@@Z
??4?$_Yarn@G@std@@QEAAAEAV01@PEBG@Z
??4?$_Yarn@_W@std@@QEAAAEAV01@AEBV01@@Z
??4?$_Yarn@_W@std@@QEAAAEAV01@PEB_W@Z
??4?$basic_iostream@DU?$char_traits@D@std@@@std@@IEAAAEAV01@$$QEAV01@@Z
??4?$basic_iostream@GU?$char_traits@G@std@@@std@@IEAAAEAV01@$$QEAV01@@Z
??4?$basic_iostream@_WU?$char_traits@_W@std@@@std@@IEAAAEAV01@$$QEAV01@@Z
??4?$basic_istream@DU?$char_traits@D@std@@@std@@IEAAAEAV01@$$QEAV01@@Z
??4?$basic_istream@GU?$char_traits@G@std@@@std@@IEAAAEAV01@$$QEAV01@@Z
??4?$basic_istream@_WU?$char_traits@_W@std@@@std@@IEAAAEAV01@$$QEAV01@@Z
??4?$basic_ostream@DU?$char_traits@D@std@@@std@@IEAAAEAV01@$$QEAV01@@Z
??4?$basic_ostream@GU?$char_traits@G@std@@@std@@IEAAAEAV01@$$QEAV01@@Z
??4?$basic_ostream@_WU?$char_traits@_W@std@@@std@@IEAAAEAV01@$$QEAV01@@Z
??4?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAAEAV01@AEBV01@@Z
??4?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAAEAV01@AEBV01@@Z
??4?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAAAEAV01@AEBV01@@Z
??4Init@ios_base@std@@QEAAAEAV012@AEBV012@@Z
??4_Crt_new_delete@std@@QEAAAEAU01@$$QEAU01@@Z
??4_Crt_new_delete@std@@QEAAAEAU01@AEBU01@@Z
??4_Facet_base@std@@QEAAAEAV01@AEBV01@@Z
??4_Init_locks@std@@QEAAAEAV01@AEBV01@@Z
??4_Timevec@std@@QEAAAEAV01@AEBV01@@Z
??4_UShinit@std@@QEAAAEAV01@AEBV01@@Z
??4_Winit@std@@QEAAAEAV01@AEBV01@@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEAF@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEAG@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEAH@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEAI@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEAJ@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEAK@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEAM@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEAN@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEAO@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEAPEAX@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEA_J@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEA_K@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEA_N@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV?$basic_ios@DU?$char_traits@D@std@@@1@AEAV21@@Z@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@AEAF@Z
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@AEAG@Z
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@AEAH@Z
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@AEAI@Z
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@AEAJ@Z
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@AEAK@Z
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@AEAM@Z
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@AEAN@Z
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@AEAO@Z
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@AEAPEAX@Z
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@AEA_J@Z
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@AEA_K@Z
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@AEA_N@Z
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@P6AAEAV?$basic_ios@GU?$char_traits@G@std@@@1@AEAV21@@Z@Z
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@PEAV?$basic_streambuf@GU?$char_traits@G@std@@@1@@Z
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@AEAF@Z
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@AEAG@Z
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@AEAH@Z
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@AEAI@Z
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@AEAJ@Z
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@AEAK@Z
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@AEAM@Z
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@AEAN@Z
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@AEAO@Z
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@AEAPEAX@Z
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@AEA_J@Z
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@AEA_K@Z
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@AEA_N@Z
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@P6AAEAV?$basic_ios@_WU?$char_traits@_W@std@@@1@AEAV21@@Z@Z
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@PEAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@F@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@G@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@H@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@I@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@J@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@K@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@M@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@N@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@O@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV?$basic_ios@DU?$char_traits@D@std@@@1@AEAV21@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@PEBX@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@_J@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@_K@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@_N@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@F@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@G@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@H@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@I@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@J@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@K@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@M@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@N@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@O@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@P6AAEAV?$basic_ios@GU?$char_traits@G@std@@@1@AEAV21@@Z@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@PEAV?$basic_streambuf@GU?$char_traits@G@std@@@1@@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@PEBX@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@_J@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@_K@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@_N@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@F@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@G@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@H@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@I@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@J@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@K@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@M@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@N@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@O@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@P6AAEAV?$basic_ios@_WU?$char_traits@_W@std@@@1@AEAV21@@Z@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@PEAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@PEBX@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@_J@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@_K@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@_N@Z
??7ios_base@std@@QEBA_NXZ
??Bid@locale@std@@QEAA_KXZ
??Bios_base@std@@QEBA_NXZ
??_7?$basic_ios@DU?$char_traits@D@std@@@std@@6B@
??_7?$basic_ios@GU?$char_traits@G@std@@@std@@6B@
??_7?$basic_ios@_WU?$char_traits@_W@std@@@std@@6B@
??_7?$basic_iostream@DU?$char_traits@D@std@@@std@@6B@
??_7?$basic_iostream@GU?$char_traits@G@std@@@std@@6B@
??_7?$basic_iostream@_WU?$char_traits@_W@std@@@std@@6B@
??_7?$basic_istream@DU?$char_traits@D@std@@@std@@6B@
??_7?$basic_istream@GU?$char_traits@G@std@@@std@@6B@
??_7?$basic_istream@_WU?$char_traits@_W@std@@@std@@6B@
??_7?$basic_ostream@DU?$char_traits@D@std@@@std@@6B@
??_7?$basic_ostream@GU?$char_traits@G@std@@@std@@6B@
??_7?$basic_ostream@_WU?$char_traits@_W@std@@@std@@6B@
??_7?$basic_streambuf@DU?$char_traits@D@std@@@std@@6B@
??_7?$basic_streambuf@GU?$char_traits@G@std@@@std@@6B@
??_7?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@6B@
??_7?$codecvt@DDU_Mbstatet@@@std@@6B@
??_7?$codecvt@GDU_Mbstatet@@@std@@6B@
??_7?$codecvt@_SDU_Mbstatet@@@std@@6B@
??_7?$codecvt@_UDU_Mbstatet@@@std@@6B@
??_7?$codecvt@_WDU_Mbstatet@@@std@@6B@
??_7?$ctype@D@std@@6B@
??_7?$ctype@G@std@@6B@
??_7?$ctype@_W@std@@6B@
??_7?$num_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@6B@
??_7?$num_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@6B@
??_7?$num_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@6B@
??_7?$num_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@6B@
??_7?$num_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@6B@
??_7?$num_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@6B@
??_7?$time_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@6B@
??_7?$time_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@6B@
??_7?$time_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@6B@
??_7?$time_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@6B@
??_7?$time_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@6B@
??_7?$time_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@6B@
??_7_Facet_base@std@@6B@
??_7_Locimp@locale@std@@6B@
??_7codecvt_base@std@@6B@
??_7ctype_base@std@@6B@
??_7facet@locale@std@@6B@
??_7ios_base@std@@6B@
??_7time_base@std@@6B@
??_8?$basic_iostream@DU?$char_traits@D@std@@@std@@7B?$basic_istream@DU?$char_traits@D@std@@@1@@
??_8?$basic_iostream@DU?$char_traits@D@std@@@std@@7B?$basic_ostream@DU?$char_traits@D@std@@@1@@
??_8?$basic_iostream@GU?$char_traits@G@std@@@std@@7B?$basic_istream@GU?$char_traits@G@std@@@1@@
??_8?$basic_iostream@GU?$char_traits@G@std@@@std@@7B?$basic_ostream@GU?$char_traits@G@std@@@1@@
??_8?$basic_iostream@_WU?$char_traits@_W@std@@@std@@7B?$basic_istream@_WU?$char_traits@_W@std@@@1@@
??_8?$basic_iostream@_WU?$char_traits@_W@std@@@std@@7B?$basic_ostream@_WU?$char_traits@_W@std@@@1@@
??_8?$basic_istream@DU?$char_traits@D@std@@@std@@7B@
??_8?$basic_istream@GU?$char_traits@G@std@@@std@@7B@
??_8?$basic_istream@_WU?$char_traits@_W@std@@@std@@7B@
??_8?$basic_ostream@DU?$char_traits@D@std@@@std@@7B@
??_8?$basic_ostream@GU?$char_traits@G@std@@@std@@7B@
??_8?$basic_ostream@_WU?$char_traits@_W@std@@@std@@7B@
??_D?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
??_D?$basic_iostream@GU?$char_traits@G@std@@@std@@QEAAXXZ
??_D?$basic_iostream@_WU?$char_traits@_W@std@@@std@@QEAAXXZ
??_D?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAXXZ
??_D?$basic_istream@GU?$char_traits@G@std@@@std@@QEAAXXZ
??_D?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAAXXZ
??_D?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
??_D?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAXXZ
??_D?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAXXZ
??_F?$codecvt@DDU_Mbstatet@@@std@@QEAAXXZ
??_F?$codecvt@GDU_Mbstatet@@@std@@QEAAXXZ
??_F?$codecvt@_SDU_Mbstatet@@@std@@QEAAXXZ
??_F?$codecvt@_UDU_Mbstatet@@@std@@QEAAXXZ
??_F?$codecvt@_WDU_Mbstatet@@@std@@QEAAXXZ
??_F?$ctype@D@std@@QEAAXXZ
??_F?$ctype@G@std@@QEAAXXZ
??_F?$ctype@_W@std@@QEAAXXZ
??_F?$num_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QEAAXXZ
??_F?$num_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QEAAXXZ
??_F?$num_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@QEAAXXZ
??_F?$num_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QEAAXXZ
??_F?$num_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QEAAXXZ
??_F?$num_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@QEAAXXZ
??_F?$time_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QEAAXXZ
??_F?$time_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QEAAXXZ
??_F?$time_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@QEAAXXZ
??_F?$time_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QEAAXXZ
??_F?$time_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QEAAXXZ
??_F?$time_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@QEAAXXZ
??_F_Locinfo@std@@QEAAXXZ
??_F_Timevec@std@@QEAAXXZ
??_Fcodecvt_base@std@@QEAAXXZ
??_Fctype_base@std@@QEAAXXZ
??_Ffacet@locale@std@@QEAAXXZ
??_Fid@locale@std@@QEAAXXZ
??_Ftime_base@std@@QEAAXXZ
?CaptureCallstack@platform@details@Concurrency@@YA_KPEAPEAX_K1@Z
?GetCurrentThreadId@platform@details@Concurrency@@YAJXZ
?GetNextAsyncId@platform@details@Concurrency@@YAIXZ
?ReportUnhandledError@_ExceptionHolder@details@Concurrency@@AEAAXXZ
?_Addcats@_Locinfo@std@@QEAAAEAV12@HPEBD@Z
?_Addfac@_Locimp@locale@std@@AEAAXPEAVfacet@23@_K@Z
?_Addstd@ios_base@std@@SAXPEAV12@@Z
?_Assign@_ContextCallback@details@Concurrency@@AEAAXPEAX@Z
?_Atexit@@YAXP6AXXZ@Z
?_BADOFF@std@@3_JB
?_C_str@?$_Yarn@D@std@@QEBAPEBDXZ
?_C_str@?$_Yarn@G@std@@QEBAPEBGXZ
?_C_str@?$_Yarn@_W@std@@QEBAPEB_WXZ
?_CallInContext@_ContextCallback@details@Concurrency@@QEBAXV?$function@$$A6AXXZ@std@@_N@Z
?_Callfns@ios_base@std@@AEAAXW4event@12@@Z
?_Capture@_ContextCallback@details@Concurrency@@AEAAXXZ
?_Clocptr@_Locimp@locale@std@@0PEAV123@EA
?_Decref@facet@locale@std@@UEAAPEAV_Facet_base@3@XZ
?_Donarrow@?$ctype@G@std@@IEBADGD@Z
?_Donarrow@?$ctype@_W@std@@IEBAD_WD@Z
?_Dowiden@?$ctype@G@std@@IEBAGD@Z
?_Dowiden@?$ctype@_W@std@@IEBA_WD@Z
?_Empty@?$_Yarn@D@std@@QEBA_NXZ
?_Empty@?$_Yarn@G@std@@QEBA_NXZ
?_Empty@?$_Yarn@_W@std@@QEBA_NXZ
?_Execute_once@std@@YAHAEAUonce_flag@1@P6AHPEAX1PEAPEAX@Z1@Z
?_Ffmt@?$num_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@AEBAPEADPEADDH@Z
?_Ffmt@?$num_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@AEBAPEADPEADDH@Z
?_Ffmt@?$num_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@AEBAPEADPEADDH@Z
?_Findarr@ios_base@std@@AEAAAEAU_Iosarray@12@H@Z
?_Fiopen@std@@YAPEAU_iobuf@@PEBDHH@Z
?_Fiopen@std@@YAPEAU_iobuf@@PEBGHH@Z
?_Fiopen@std@@YAPEAU_iobuf@@PEB_WHH@Z
?_Fput@?$num_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@AEBA?AV?$ostreambuf_iterator@DU?$char_traits@D@std@@@2@V32@AEAVios_base@2@DPEBD_K@Z
?_Fput@?$num_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@AEBA?AV?$ostreambuf_iterator@GU?$char_traits@G@std@@@2@V32@AEAVios_base@2@GPEBD_K@Z
?_Fput@?$num_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@AEBA?AV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@2@V32@AEAVios_base@2@_WPEBD_K@Z
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?_Getcat@?$codecvt@GDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?_Getcat@?$codecvt@_SDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?_Getcat@?$codecvt@_UDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?_Getcat@?$codecvt@_WDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?_Getcat@?$ctype@D@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?_Getcat@?$ctype@G@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?_Getcat@?$ctype@_W@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?_Getcat@?$num_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?_Getcat@?$num_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?_Getcat@?$num_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?_Getcat@?$num_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?_Getcat@?$num_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?_Getcat@?$num_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?_Getcat@?$time_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?_Getcat@?$time_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?_Getcat@?$time_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?_Getcat@?$time_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?_Getcat@?$time_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?_Getcat@?$time_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?_Getcat@facet@locale@std@@SA_KPEAPEBV123@PEBV23@@Z
?_Getcoll@_Locinfo@std@@QEBA?AU_Collvec@@XZ
?_Getctype@_Locinfo@std@@QEBA?AU_Ctypevec@@XZ
?_Getcvt@_Locinfo@std@@QEBA?AU_Cvtvec@@XZ
?_Getdateorder@_Locinfo@std@@QEBAHXZ
?_Getdays@_Locinfo@std@@QEBAPEBDXZ
?_Getfalse@_Locinfo@std@@QEBAPEBDXZ
?_Getffld@?$num_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@AEBAHPEADAEAV?$istreambuf_iterator@DU?$char_traits@D@std@@@2@1AEAVios_base@2@PEAH@Z
?_Getffld@?$num_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@AEBAHPEADAEAV?$istreambuf_iterator@GU?$char_traits@G@std@@@2@1AEAVios_base@2@PEAH@Z
?_Getffld@?$num_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@AEBAHPEADAEAV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@2@1AEAVios_base@2@PEAH@Z
?_Getffldx@?$num_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@AEBAHPEADAEAV?$istreambuf_iterator@DU?$char_traits@D@std@@@2@1AEAVios_base@2@PEAH@Z
?_Getffldx@?$num_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@AEBAHPEADAEAV?$istreambuf_iterator@GU?$char_traits@G@std@@@2@1AEAVios_base@2@PEAH@Z
?_Getffldx@?$num_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@AEBAHPEADAEAV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@2@1AEAVios_base@2@PEAH@Z
?_Getfmt@?$time_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@IEBA?AV?$istreambuf_iterator@DU?$char_traits@D@std@@@2@V32@0AEAVios_base@2@AEAHPEAUtm@@PEBD@Z
?_Getfmt@?$time_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@IEBA?AV?$istreambuf_iterator@GU?$char_traits@G@std@@@2@V32@0AEAVios_base@2@AEAHPEAUtm@@PEBD@Z
?_Getfmt@?$time_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@IEBA?AV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@2@V32@0AEAVios_base@2@AEAHPEAUtm@@PEBD@Z
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
?_Getifld@?$num_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@AEBAHPEADAEAV?$istreambuf_iterator@DU?$char_traits@D@std@@@2@1HAEBVlocale@2@@Z
?_Getifld@?$num_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@AEBAHPEADAEAV?$istreambuf_iterator@GU?$char_traits@G@std@@@2@1HAEBVlocale@2@@Z
?_Getifld@?$num_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@AEBAHPEADAEAV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@2@1HAEBVlocale@2@@Z
?_Getint@?$time_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@AEBAHAEAV?$istreambuf_iterator@DU?$char_traits@D@std@@@2@0HHAEAHAEBV?$ctype@D@2@@Z
?_Getint@?$time_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@AEBAHAEAV?$istreambuf_iterator@GU?$char_traits@G@std@@@2@0HHAEAHAEBV?$ctype@G@2@@Z
?_Getint@?$time_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@AEBAHAEAV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@2@0HHAEAHAEBV?$ctype@_W@2@@Z
?_Getlconv@_Locinfo@std@@QEBAPEBUlconv@@XZ
?_Getmonths@_Locinfo@std@@QEBAPEBDXZ
?_Getname@_Locinfo@std@@QEBAPEBDXZ
?_Getptr@_Timevec@std@@QEBAPEAXXZ
?_Gettnames@_Locinfo@std@@QEBA?AV_Timevec@2@XZ
?_Gettrue@_Locinfo@std@@QEBAPEBDXZ
?_Gnavail@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBA_JXZ
?_Gnavail@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBA_JXZ
?_Gnavail@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEBA_JXZ
?_Gndec@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?_Gndec@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAPEAGXZ
?_Gndec@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAAPEA_WXZ
?_Gninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?_Gninc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAPEAGXZ
?_Gninc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAAPEA_WXZ
?_Gnpreinc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?_Gnpreinc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAPEAGXZ
?_Gnpreinc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAAPEA_WXZ
?_Id_cnt@id@locale@std@@0HA
?_Ifmt@?$num_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@AEBAPEADPEADPEBDH@Z
?_Ifmt@?$num_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@AEBAPEADPEADPEBDH@Z
?_Ifmt@?$num_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@AEBAPEADPEADPEBDH@Z
?_Incref@facet@locale@std@@UEAAXXZ
?_Index@ios_base@std@@0HA

Sections

.text
Size: 335KB - Virtual size: 334KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 182KB - Virtual size: 181KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1000B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Korepi/msvcp140_1.dll
.dll windows:6 windows x64 arch:x64

c1687527a3d5b7532fa653f66eba12e1

Code Sign

33:00:00:02:55:18:1d:a4:2e:e0:86:fc:15:00:00:00:00:02:55
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

02-09-2021 18:33

Not After

01-09-2022 18:33

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08-07-2011 20:59

Not After

08-07-2026 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

5b:5a:56:32:c7:98:c8:6b:99:41:7e:ed:04:42:a8:09:fc:2a:b2:1c:ca:9e:af:9c:a8:c0:e5:e9:6c:af:71:28
Signer

Actual PE Digest

5b:5a:56:32:c7:98:c8:6b:99:41:7e:ed:04:42:a8:09:fc:2a:b2:1c:ca:9e:af:9c:a8:c0:e5:e9:6c:af:71:28

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

d:\a01\_work\12\s\\binaries\amd64ret\bin\amd64\\msvcp140_1.amd64.pdb

Imports

msvcp140

?_Xbad_alloc@std@@YAXXZ

vcruntime140

__std_exception_copy
__std_exception_destroy
_CxxThrowException
__std_type_info_destroy_list
__C_specific_handler
memset

api-ms-win-crt-heap-l1-1-0

malloc
free
_callnewh
_aligned_free
_aligned_malloc

api-ms-win-crt-runtime-l1-1-0

_initterm
_cexit
_initialize_onexit_table
_initialize_narrow_environment
_configure_narrow_argv
_seh_filter_dll
_initterm_e
_execute_onexit_table

kernel32

RtlLookupFunctionEntry
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
DisableThreadLibraryCalls
RtlCaptureContext
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter

Exports

Exports

_Aligned_get_default_resource
_Aligned_new_delete_resource
_Aligned_set_default_resource
_Unaligned_get_default_resource
_Unaligned_new_delete_resource
_Unaligned_set_default_resource
null_memory_resource

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 760B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1024B - Virtual size: 540B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1008B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 124B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Korepi/msvcp140_2.dll
.dll windows:6 windows x64 arch:x64

2f8a18fefaba28c3707dae8605d51b60

Code Sign

33:00:00:02:55:18:1d:a4:2e:e0:86:fc:15:00:00:00:00:02:55
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

02-09-2021 18:33

Not After

01-09-2022 18:33

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08-07-2011 20:59

Not After

08-07-2026 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

74:f2:4b:1e:a2:37:fb:64:40:72:3c:bf:3a:ff:72:62:fd:8d:08:7b:2f:0a:d3:e3:16:77:18:ac:cd:e8:ef:51
Signer

Actual PE Digest

74:f2:4b:1e:a2:37:fb:64:40:72:3c:bf:3a:ff:72:62:fd:8d:08:7b:2f:0a:d3:e3:16:77:18:ac:cd:e8:ef:51

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

d:\a01\_work\12\s\\binaries\amd64ret\bin\amd64\\msvcp140_2.amd64.pdb

Imports

msvcp140

?widen@?$ctype@D@std@@QEBAPEBDPEBD0PEAD@Z
?_Getcat@?$ctype@D@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?clear@ios_base@std@@QEAAXH_N@Z
?getloc@ios_base@std@@QEBA?AVlocale@2@XZ
??1ios_base@std@@UEAA@XZ
?_Addstd@ios_base@std@@SAXPEAV12@@Z
?widen@?$ctype@D@std@@QEBADD@Z
?_Init@ios_base@std@@IEAAXXZ
?setprecision@std@@YA?AU?$_Smanip@_J@1@_J@Z
?_Decref@facet@locale@std@@UEAAPEAV_Facet_base@3@XZ
?_Incref@facet@locale@std@@UEAAXXZ
?id@?$ctype@D@std@@2V0locale@2@A
?id@?$numpunct@D@std@@2V0locale@2@A
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
?_Init@locale@std@@CAPEAV_Locimp@12@_N@Z
??1facet@locale@std@@MEAA@XZ
??0facet@locale@std@@IEAA@_K@Z
??Bid@locale@std@@QEAA_KXZ
?c_str@?$_Yarn@D@std@@QEBAPEBDXZ
?_Gettrue@_Locinfo@std@@QEBAPEBDXZ
?_Getfalse@_Locinfo@std@@QEBAPEBDXZ
?_Getcvt@_Locinfo@std@@QEBA?AU_Cvtvec@@XZ
??1_Locinfo@std@@QEAA@XZ
??0_Locinfo@std@@QEAA@PEBD@Z
?uncaught_exceptions@std@@YAHXZ
?_Xout_of_range@std@@YAXPEBD@Z
?_Xlength_error@std@@YAXPEBD@Z
?_Xbad_alloc@std@@YAXXZ
??1_Lockit@std@@QEAA@XZ
??0ios_base@std@@IEAA@XZ
??0_Lockit@std@@QEAA@H@Z

vcruntime140

memchr
memcmp
memcpy
memmove
memset
__C_specific_handler
__std_type_info_destroy_list
__std_exception_destroy
__std_exception_copy
__std_terminate
_purecall
_CxxThrowException

vcruntime140_1

__CxxFrameHandler4

api-ms-win-crt-runtime-l1-1-0

_cexit
_crt_atexit
_register_onexit_function
_initialize_onexit_table
_initialize_narrow_environment
_configure_narrow_argv
_seh_filter_dll
_initterm_e
_errno
_execute_onexit_table
_initterm
_invalid_parameter_noinfo_noreturn

api-ms-win-crt-math-l1-1-0

sqrtf
tan
sin
pow
log
expm1
sqrt
ldexp
log1p
fmod
floor
cos
exp
frexp
cosh
sinh
atan
ceil

api-ms-win-crt-heap-l1-1-0

calloc
_callnewh
malloc
free

api-ms-win-crt-string-l1-1-0

strcspn

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vsprintf_s

api-ms-win-crt-locale-l1-1-0

localeconv

kernel32

DisableThreadLibraryCalls
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent

Exports

Exports

__std_smf_assoc_laguerre
__std_smf_assoc_laguerref
__std_smf_assoc_legendre
__std_smf_assoc_legendref
__std_smf_beta
__std_smf_betaf
__std_smf_comp_ellint_1
__std_smf_comp_ellint_1f
__std_smf_comp_ellint_2
__std_smf_comp_ellint_2f
__std_smf_comp_ellint_3
__std_smf_comp_ellint_3f
__std_smf_cyl_bessel_i
__std_smf_cyl_bessel_if
__std_smf_cyl_bessel_j
__std_smf_cyl_bessel_jf
__std_smf_cyl_bessel_k
__std_smf_cyl_bessel_kf
__std_smf_cyl_neumann
__std_smf_cyl_neumannf
__std_smf_ellint_1
__std_smf_ellint_1f
__std_smf_ellint_2
__std_smf_ellint_2f
__std_smf_ellint_3
__std_smf_ellint_3f
__std_smf_expint
__std_smf_expintf
__std_smf_hermite
__std_smf_hermitef
__std_smf_hypot3
__std_smf_hypot3f
__std_smf_laguerre
__std_smf_laguerref
__std_smf_legendre
__std_smf_legendref
__std_smf_riemann_zeta
__std_smf_riemann_zetaf
__std_smf_sph_bessel
__std_smf_sph_besself
__std_smf_sph_legendre
__std_smf_sph_legendref
__std_smf_sph_neumann
__std_smf_sph_neumannf

Sections

.text
Size: 124KB - Virtual size: 123KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 38KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1008B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 464B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Korepi/msvcp140_atomic_wait.dll
.dll windows:6 windows x64 arch:x64

c1dfd2e42294117ca33d3c6b21826f93

Code Sign

33:00:00:02:56:06:f5:9e:81:98:70:24:97:00:00:00:00:02:56
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

02-09-2021 18:33

Not After

01-09-2022 18:33

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08-07-2011 20:59

Not After

08-07-2026 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

68:56:4b:01:fa:1e:9b:4d:c8:c7:40:81:f9:6d:3e:aa:69:53:db:cf:3a:91:9d:85:f9:af:c8:5e:a4:11:14:91
Signer

Actual PE Digest

68:56:4b:01:fa:1e:9b:4d:c8:c7:40:81:f9:6d:3e:aa:69:53:db:cf:3a:91:9d:85:f9:af:c8:5e:a4:11:14:91

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

d:\a01\_work\12\s\\binaries\amd64ret\bin\amd64\\msvcp140_atomic_wait.amd64.pdb

Imports

msvcp140

??0_Init_locks@std@@QEAA@XZ
??1_Init_locks@std@@QEAA@XZ
?_Xlength_error@std@@YAXPEBD@Z
?_Xbad_alloc@std@@YAXXZ
_Thrd_hardware_concurrency

vcruntime140_1

__CxxFrameHandler4

vcruntime140

_CxxThrowException
__std_exception_destroy
__std_terminate
memset
__C_specific_handler
__std_type_info_destroy_list
__std_exception_copy

api-ms-win-crt-runtime-l1-1-0

_seh_filter_dll
_configure_narrow_argv
_initialize_narrow_environment
_initialize_onexit_table
_execute_onexit_table
_crt_atexit
_cexit
_initterm
_initterm_e
_register_onexit_function
abort

api-ms-win-crt-heap-l1-1-0

calloc
free
_callnewh
malloc

api-ms-win-crt-locale-l1-1-0

___lc_codepage_func

advapi32

RegOpenKeyExW
RegCloseKey
RegQueryValueExW

kernel32

GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
WideCharToMultiByte
MultiByteToWideChar
InitializeSListHead
AreFileApisANSI
GetCurrentProcess
TerminateProcess
CloseThreadpoolWork
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
WakeAllConditionVariable
SleepConditionVariableSRW
IsProcessorFeaturePresent
GetTickCount64
GetModuleHandleW
GetProcAddress
CreateThreadpoolWork
SubmitThreadpoolWork
WaitForThreadpoolWorkCallbacks
GetLastError
SetLastError
LoadLibraryExW
DisableThreadLibraryCalls

Exports

Exports

__std_acquire_shared_mutex_for_instance
__std_atomic_compare_exchange_128
__std_atomic_get_mutex
__std_atomic_has_cmpxchg16b
__std_atomic_notify_all_direct
__std_atomic_notify_all_indirect
__std_atomic_notify_one_direct
__std_atomic_notify_one_indirect
__std_atomic_set_api_level
__std_atomic_wait_direct
__std_atomic_wait_get_deadline
__std_atomic_wait_get_remaining_timeout
__std_atomic_wait_indirect
__std_bulk_submit_threadpool_work
__std_calloc_crt
__std_close_threadpool_work
__std_create_threadpool_work
__std_execution_wait_on_uchar
__std_execution_wake_by_address_all
__std_free_crt
__std_parallel_algorithms_hw_threads
__std_release_shared_mutex_for_instance
__std_submit_threadpool_work
__std_tzdb_delete_current_zone
__std_tzdb_delete_leap_seconds
__std_tzdb_delete_sys_info
__std_tzdb_delete_time_zones
__std_tzdb_get_current_zone
__std_tzdb_get_leap_seconds
__std_tzdb_get_sys_info
__std_tzdb_get_time_zones
__std_wait_for_threadpool_work_callbacks

Sections

.text
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Korepi/msvcp140_codecvt_ids.dll
.dll windows:6 windows x64 arch:x64

536e29dae203b5f7347030aec0cba513

Code Sign

33:00:00:02:56:06:f5:9e:81:98:70:24:97:00:00:00:00:02:56
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

02-09-2021 18:33

Not After

01-09-2022 18:33

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08-07-2011 20:59

Not After

08-07-2026 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

85:80:42:9f:34:53:2a:76:b8:95:6f:b2:27:cb:09:67:dd:1a:7a:82:0a:f1:5e:ac:df:15:93:0f:d0:41:39:a7
Signer

Actual PE Digest

85:80:42:9f:34:53:2a:76:b8:95:6f:b2:27:cb:09:67:dd:1a:7a:82:0a:f1:5e:ac:df:15:93:0f:d0:41:39:a7

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

d:\a01\_work\12\s\\binaries\amd64ret\bin\amd64\\msvcp140_codecvt_ids.amd64.pdb

Imports

vcruntime140

__C_specific_handler
__std_type_info_destroy_list
memset

api-ms-win-crt-runtime-l1-1-0

_cexit
_execute_onexit_table
_initialize_onexit_table
_configure_narrow_argv
_seh_filter_dll
_initterm_e
_initterm
_initialize_narrow_environment

kernel32

IsDebuggerPresent
DisableThreadLibraryCalls
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
QueryPerformanceCounter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
InitializeSListHead

Exports

Exports

?id@?$codecvt@_SDU_Mbstatet@@@std@@2V0locale@2@A
?id@?$codecvt@_S_QU_Mbstatet@@@std@@2V0locale@2@A
?id@?$codecvt@_UDU_Mbstatet@@@std@@2V0locale@2@A
?id@?$codecvt@_U_QU_Mbstatet@@@std@@2V0locale@2@A

Sections

.text
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 248B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 384B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 40B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 81KB - Virtual size: 81KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 12B

5f9b23bd4b0029001f687a1ad625be31

Code Sign

33:00:00:02:55:18:1d:a4:2e:e0:86:fc:15:00:00:00:00:02:55Certificate

Extended Key Usages

61:0e:90:d2:00:00:00:00:00:03Certificate

Key Usages

31:15:68:e8:1e:39:ed:07:2b:86:fe:f4:43:e2:2a:19:98:8d:92:89:7f:d3:a8:04:21:cf:e4:aa:63:c8:16:6aSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcp140

vcruntime140_1

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-stdio-l1-1-0

kernel32

Exports

Exports

Sections

.text Size: 183KB - Virtual size: 183KB

.rdata Size: 84KB - Virtual size: 83KB

.data Size: 14KB - Virtual size: 15KB

.pdata Size: 14KB - Virtual size: 13KB

.rsrc Size: 1024B - Virtual size: 1016B

.reloc Size: 3KB - Virtual size: 2KB

20a4f08af0efbf58e3cff060b868e54b

Code Sign

2e:ab:11:dc:50:ff:5c:9d:cb:c0Certificate

Extended Key Usages

Key Usages

61:06:27:81:00:00:00:00:00:08Certificate

Extended Key Usages

Key Usages

61:49:7c:ed:00:00:00:00:00:05Certificate

Extended Key Usages

Key Usages

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2Certificate

Extended Key Usages

Key Usages

27:c7:5c:14:f1:cf:f9:60:5e:ad:66:35:83:2d:d8:72:e8:20:cf:8cSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

dbghelp

version

advapi32

kernel32

ntdll

Exports

Exports

Sections

.text Size: 3.8MB - Virtual size: 3.8MB

.data Size: 104KB - Virtual size: 335KB

.pdata Size: 97KB - Virtual size: 96KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 91KB - Virtual size: 90KB

.text
Size: 81KB - Virtual size: 81KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B

33:00:00:02:55:18:1d:a4:2e:e0:86:fc:15:00:00:00:00:02:55
Certificate

61:0e:90:d2:00:00:00:00:00:03
Certificate

31:15:68:e8:1e:39:ed:07:2b:86:fe:f4:43:e2:2a:19:98:8d:92:89:7f:d3:a8:04:21:cf:e4:aa:63:c8:16:6a
Signer

.text
Size: 183KB - Virtual size: 183KB

.rdata
Size: 84KB - Virtual size: 83KB

.data
Size: 14KB - Virtual size: 15KB

.pdata
Size: 14KB - Virtual size: 13KB

.rsrc
Size: 1024B - Virtual size: 1016B

.reloc
Size: 3KB - Virtual size: 2KB

2e:ab:11:dc:50:ff:5c:9d:cb:c0
Certificate

61:06:27:81:00:00:00:00:00:08
Certificate

61:49:7c:ed:00:00:00:00:00:05
Certificate

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2
Certificate

27:c7:5c:14:f1:cf:f9:60:5e:ad:66:35:83:2d:d8:72:e8:20:cf:8c
Signer

.text
Size: 3.8MB - Virtual size: 3.8MB

.data
Size: 104KB - Virtual size: 335KB

.pdata
Size: 97KB - Virtual size: 96KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 91KB - Virtual size: 90KB

2e:ab:11:dc:50:ff:5c:9d:cb:c0
Certificate

61:06:27:81:00:00:00:00:00:08
Certificate

61:49:7c:ed:00:00:00:00:00:05
Certificate

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2
Certificate

f8:6b:8d:7b:e1:22:da:43:1d:27:44:ae:aa:de:48:08:de:01:71:40
Signer

.text
Size: 1.2MB - Virtual size: 1.2MB

.data
Size: 23KB - Virtual size: 120KB

.pdata
Size: 41KB - Virtual size: 40KB

.rsrc
Size: 1024B - Virtual size: 1008B

.reloc
Size: 23KB - Virtual size: 23KB

33:00:00:02:55:18:1d:a4:2e:e0:86:fc:15:00:00:00:00:02:55
Certificate

61:0e:90:d2:00:00:00:00:00:03
Certificate

f3:c7:90:24:11:b8:dd:e6:f0:db:5c:4c:7f:ac:48:fa:e6:25:2b:72:7e:b8:bf:e4:9e:fd:33:2d:48:60:dc:e5
Signer

.text
Size: 160KB - Virtual size: 160KB

.rdata
Size: 99KB - Virtual size: 98KB

.data
Size: 41KB - Virtual size: 42KB

.pdata
Size: 8KB - Virtual size: 8KB

.rsrc
Size: 1024B - Virtual size: 1024B

.reloc
Size: 7KB - Virtual size: 6KB

33:00:00:02:56:06:f5:9e:81:98:70:24:97:00:00:00:00:02:56
Certificate

61:0e:90:d2:00:00:00:00:00:03
Certificate