zgrat | Bkebi[.]rar

resource	yara_rule
static1/unpack001/Bkebi/Bkebi.exe	family_zgrat_v1

resource
unpack001/Bkebi/Bkebi.exe

Bkebi.rar

.rar

Bkebi/Bkebi.exe

.exe windows:5 windows x86 arch:x86

12e12319f1029ec4f8fcbed7e82df162

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

IMAGE_DLLCHARACTERISTICS_GUARD_CF

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\Projects\WinRAR\sfx\build\sfxrar32\Release\sfxrar.pdb

Imports

kernel32

GetLastError

SetLastError

FormatMessageW

GetCurrentProcess

DeviceIoControl

SetFileTime

CloseHandle

CreateDirectoryW

RemoveDirectoryW

CreateFileW

DeleteFileW

CreateHardLinkW

GetShortPathNameW

GetLongPathNameW

MoveFileW

GetFileType

GetStdHandle

WriteFile

ReadFile

FlushFileBuffers

SetEndOfFile

SetFilePointer

SetFileAttributesW

GetFileAttributesW

FindClose

FindFirstFileW

FindNextFileW

InterlockedDecrement

GetVersionExW

GetCurrentDirectoryW

GetFullPathNameW

FoldStringW

GetModuleFileNameW

GetModuleHandleW

FindResourceW

FreeLibrary

GetProcAddress

GetCurrentProcessId

ExitProcess

SetThreadExecutionState

Sleep

LoadLibraryW

GetSystemDirectoryW

CompareStringW

AllocConsole

FreeConsole

AttachConsole

WriteConsoleW

GetProcessAffinityMask

CreateThread

SetThreadPriority

InitializeCriticalSection

EnterCriticalSection

LeaveCriticalSection

DeleteCriticalSection

SetEvent

ResetEvent

ReleaseSemaphore

WaitForSingleObject

CreateEventW

CreateSemaphoreW

GetSystemTime

SystemTimeToTzSpecificLocalTime

TzSpecificLocalTimeToSystemTime

SystemTimeToFileTime

FileTimeToLocalFileTime

LocalFileTimeToFileTime

FileTimeToSystemTime

GetCPInfo

IsDBCSLeadByte

MultiByteToWideChar

WideCharToMultiByte

GlobalAlloc

LockResource

GlobalLock

GlobalUnlock

GlobalFree

LoadResource

SizeofResource

SetCurrentDirectoryW

GetExitCodeProcess

GetLocalTime

GetTickCount

MapViewOfFile

UnmapViewOfFile

CreateFileMappingW

OpenFileMappingW

GetCommandLineW

SetEnvironmentVariableW

ExpandEnvironmentStringsW

GetTempPathW

MoveFileExW

GetLocaleInfoW

GetTimeFormatW

GetDateFormatW

GetNumberFormatW

DecodePointer

SetFilePointerEx

GetConsoleMode

GetConsoleCP

HeapSize

SetStdHandle

GetProcessHeap

FreeEnvironmentStringsW

GetEnvironmentStringsW

GetCommandLineA

GetOEMCP

RaiseException

GetSystemInfo

VirtualProtect

VirtualQuery

LoadLibraryExA

IsProcessorFeaturePresent

IsDebuggerPresent

UnhandledExceptionFilter

SetUnhandledExceptionFilter

GetStartupInfoW

QueryPerformanceCounter

GetCurrentThreadId

GetSystemTimeAsFileTime

InitializeSListHead

TerminateProcess

LocalFree

RtlUnwind

EncodePointer

InitializeCriticalSectionAndSpinCount

TlsAlloc

TlsGetValue

TlsSetValue

TlsFree

LoadLibraryExW

QueryPerformanceFrequency

GetModuleHandleExW

GetModuleFileNameA

GetACP

HeapFree

HeapAlloc

HeapReAlloc

GetStringTypeW

LCMapStringW

FindFirstFileExA

FindNextFileA

IsValidCodePage

oleaut32

SysAllocString

SysFreeString

VariantClear

gdiplus

GdipAlloc

GdipDisposeImage

GdipCloneImage

GdipCreateBitmapFromStream

GdipCreateBitmapFromStreamICM

GdipCreateHBITMAPFromBitmap

GdiplusStartup

GdiplusShutdown

GdipFree

Sections

.text
Size: 199KB - Virtual size: 198KB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

.rdata
Size: 44KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 145KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.didat
Size: 512B - Virtual size: 400B

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.rsrc
Size: 270KB - Virtual size: 270KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_DISCARDABLE

IMAGE_SCN_MEM_READ

Bkebi/api-ms-win-core-profile-l1-1-0.dll

.dll windows:10 windows x64 arch:x64

Code Sign

61:20:4d:b4:00:00:00:00:00:27
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/04/2011, 19:45

Not After

15/04/2021, 19:55

Subject

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

07:5e:3d:18:38:d5:e7:4d:b3:19:ff:23:6f:df:c3:50
Certificate

Issuer

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

16/12/2019, 00:00

Not After

20/12/2022, 12:00

Subject

SERIALNUMBER=4155843,CN=Riot Games\, Inc.,OU=DSS,O=Riot Games\, Inc.,L=Los Angeles,ST=California,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130844656c6177617265,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

18/04/2012, 12:00

Not After

18/04/2027, 12:00

Subject

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

04:cd:3f:85:68:ae:76:c6:1b:b0:fe:71:60:cc:a7:6d
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/10/2019, 00:00

Not After

17/10/2030, 00:00

Subject

CN=TIMESTAMP-SHA256-2019-10-15,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

5d:d9:5e:f0:7e:11:32:ba:d1:c9:68:af:8d:8f:3d:fa:83:89:09:67:06:76:f0:67:33:65:de:2e:88:48:c8:d2
Signer

Actual PE Digest

5d:d9:5e:f0:7e:11:32:ba:d1:c9:68:af:8d:8f:3d:fa:83:89:09:67:06:76:f0:67:33:65:de:2e:88:48:c8:d2

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_LARGE_ADDRESS_AWARE

IMAGE_FILE_DLL

PDB Paths

api-ms-win-core-profile-l1-1-0.pdb

Exports

QueryPerformanceCounter

QueryPerformanceFrequency

Sections

.rdata
Size: 512B - Virtual size: 508B

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1008B

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

Bkebi/api-ms-win-core-rtlsupport-l1-1-0.dll

.dll windows:10 windows x64 arch:x64

Code Sign

61:20:4d:b4:00:00:00:00:00:27
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/04/2011, 19:45

Not After

15/04/2021, 19:55

Subject

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

07:5e:3d:18:38:d5:e7:4d:b3:19:ff:23:6f:df:c3:50
Certificate

Issuer

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

16/12/2019, 00:00

Not After

20/12/2022, 12:00

Subject

SERIALNUMBER=4155843,CN=Riot Games\, Inc.,OU=DSS,O=Riot Games\, Inc.,L=Los Angeles,ST=California,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130844656c6177617265,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

18/04/2012, 12:00

Not After

18/04/2027, 12:00

Subject

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

04:cd:3f:85:68:ae:76:c6:1b:b0:fe:71:60:cc:a7:6d
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/10/2019, 00:00

Not After

17/10/2030, 00:00

Subject

CN=TIMESTAMP-SHA256-2019-10-15,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

82:36:9e:19:85:ff:98:d9:2c:0f:7c:bf:af:34:7c:2d:39:25:ee:72:62:29:b8:69:5a:a2:75:de:0b:e9:76:6d
Signer

Actual PE Digest

82:36:9e:19:85:ff:98:d9:2c:0f:7c:bf:af:34:7c:2d:39:25:ee:72:62:29:b8:69:5a:a2:75:de:0b:e9:76:6d

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_LARGE_ADDRESS_AWARE

IMAGE_FILE_DLL

PDB Paths

api-ms-win-core-rtlsupport-l1-1-0.pdb

Exports

RtlAddFunctionTable

RtlCaptureContext

RtlCaptureStackBackTrace

RtlCompareMemory

RtlDeleteFunctionTable

RtlInstallFunctionTableCallback

RtlLookupFunctionEntry

RtlPcToFileHeader

RtlRaiseException

RtlRestoreContext

RtlUnwind

RtlUnwindEx

RtlVirtualUnwind

Sections

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1008B

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

Bkebi/api-ms-win-core-string-l1-1-0.dll

.dll windows:10 windows x64 arch:x64

Code Sign

61:20:4d:b4:00:00:00:00:00:27
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/04/2011, 19:45

Not After

15/04/2021, 19:55

Subject

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

07:5e:3d:18:38:d5:e7:4d:b3:19:ff:23:6f:df:c3:50
Certificate

Issuer

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

16/12/2019, 00:00

Not After

20/12/2022, 12:00

Subject

SERIALNUMBER=4155843,CN=Riot Games\, Inc.,OU=DSS,O=Riot Games\, Inc.,L=Los Angeles,ST=California,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130844656c6177617265,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

18/04/2012, 12:00

Not After

18/04/2027, 12:00

Subject

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

04:cd:3f:85:68:ae:76:c6:1b:b0:fe:71:60:cc:a7:6d
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/10/2019, 00:00

Not After

17/10/2030, 00:00

Subject

CN=TIMESTAMP-SHA256-2019-10-15,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

6e:31:17:04:0c:5e:92:9f:e0:0a:a9:ca:fb:d0:e1:dc:dc:19:7d:a4:c8:a5:a2:6b:c3:0a:1c:23:71:8f:69:fb
Signer

Actual PE Digest

6e:31:17:04:0c:5e:92:9f:e0:0a:a9:ca:fb:d0:e1:dc:dc:19:7d:a4:c8:a5:a2:6b:c3:0a:1c:23:71:8f:69:fb

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_LARGE_ADDRESS_AWARE

IMAGE_FILE_DLL

PDB Paths

api-ms-win-core-string-l1-1-0.pdb

Exports

CompareStringEx

CompareStringOrdinal

CompareStringW

FoldStringW

GetStringTypeExW

GetStringTypeW

MultiByteToWideChar

WideCharToMultiByte

Sections

.rdata
Size: 1024B - Virtual size: 792B

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1008B

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

Bkebi/api-ms-win-core-synch-l1-1-0.dll

.dll windows:10 windows x64 arch:x64

Code Sign

61:20:4d:b4:00:00:00:00:00:27
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/04/2011, 19:45

Not After

15/04/2021, 19:55

Subject

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

07:5e:3d:18:38:d5:e7:4d:b3:19:ff:23:6f:df:c3:50
Certificate

Issuer

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

16/12/2019, 00:00

Not After

20/12/2022, 12:00

Subject

SERIALNUMBER=4155843,CN=Riot Games\, Inc.,OU=DSS,O=Riot Games\, Inc.,L=Los Angeles,ST=California,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130844656c6177617265,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

18/04/2012, 12:00

Not After

18/04/2027, 12:00

Subject

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

04:cd:3f:85:68:ae:76:c6:1b:b0:fe:71:60:cc:a7:6d
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/10/2019, 00:00

Not After

17/10/2030, 00:00

Subject

CN=TIMESTAMP-SHA256-2019-10-15,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

54:17:cf:9e:26:97:1d:c0:70:9f:88:20:e7:97:2f:d8:4a:7e:ca:c1:17:36:5f:bb:f7:b5:6c:b7:e3:fb:60:af
Signer

Actual PE Digest

54:17:cf:9e:26:97:1d:c0:70:9f:88:20:e7:97:2f:d8:4a:7e:ca:c1:17:36:5f:bb:f7:b5:6c:b7:e3:fb:60:af

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_LARGE_ADDRESS_AWARE

IMAGE_FILE_DLL

PDB Paths

api-ms-win-core-synch-l1-1-0.pdb

Exports

AcquireSRWLockExclusive

AcquireSRWLockShared

CancelWaitableTimer

CreateEventA

CreateEventExA

CreateEventExW

CreateEventW

CreateMutexA

CreateMutexExA

CreateMutexExW

CreateMutexW

CreateSemaphoreExW

CreateWaitableTimerExW

DeleteCriticalSection

EnterCriticalSection

InitializeCriticalSection

InitializeCriticalSectionAndSpinCount

InitializeCriticalSectionEx

InitializeSRWLock

LeaveCriticalSection

OpenEventA

OpenEventW

OpenMutexW

OpenSemaphoreW

OpenWaitableTimerW

ReleaseMutex

ReleaseSRWLockExclusive

ReleaseSRWLockShared

ReleaseSemaphore

ResetEvent

SetCriticalSectionSpinCount

SetEvent

SetWaitableTimer

SetWaitableTimerEx

SleepEx

TryAcquireSRWLockExclusive

TryAcquireSRWLockShared

TryEnterCriticalSection

WaitForMultipleObjectsEx

WaitForSingleObject

WaitForSingleObjectEx

Sections

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1008B

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

Bkebi/api-ms-win-core-util-l1-1-0.dll

.dll windows:10 windows x64 arch:x64

Code Sign

61:20:4d:b4:00:00:00:00:00:27
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/04/2011, 19:45

Not After

15/04/2021, 19:55

Subject

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

07:5e:3d:18:38:d5:e7:4d:b3:19:ff:23:6f:df:c3:50
Certificate

Issuer

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

16/12/2019, 00:00

Not After

20/12/2022, 12:00

Subject

SERIALNUMBER=4155843,CN=Riot Games\, Inc.,OU=DSS,O=Riot Games\, Inc.,L=Los Angeles,ST=California,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130844656c6177617265,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

18/04/2012, 12:00

Not After

18/04/2027, 12:00

Subject

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

04:cd:3f:85:68:ae:76:c6:1b:b0:fe:71:60:cc:a7:6d
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/10/2019, 00:00

Not After

17/10/2030, 00:00

Subject

CN=TIMESTAMP-SHA256-2019-10-15,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

fe:75:98:fe:5b:d6:36:0d:55:c8:e4:26:51:b9:fd:09:92:2b:a1:75:13:f4:c4:4c:97:58:0d:25:57:79:12:08
Signer

Actual PE Digest

fe:75:98:fe:5b:d6:36:0d:55:c8:e4:26:51:b9:fd:09:92:2b:a1:75:13:f4:c4:4c:97:58:0d:25:57:79:12:08

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_LARGE_ADDRESS_AWARE

IMAGE_FILE_DLL

PDB Paths

api-ms-win-core-util-l1-1-0.pdb

Exports

Beep

DecodePointer

DecodeSystemPointer

EncodePointer

EncodeSystemPointer

Sections

.rdata
Size: 1024B - Virtual size: 604B

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1008B

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

Bkebi/api-ms-win-crt-conio-l1-1-0.dll

.dll windows:10 windows x64 arch:x64

Code Sign

61:20:4d:b4:00:00:00:00:00:27
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/04/2011, 19:45

Not After

15/04/2021, 19:55

Subject

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

07:5e:3d:18:38:d5:e7:4d:b3:19:ff:23:6f:df:c3:50
Certificate

Issuer

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

16/12/2019, 00:00

Not After

20/12/2022, 12:00

Subject

SERIALNUMBER=4155843,CN=Riot Games\, Inc.,OU=DSS,O=Riot Games\, Inc.,L=Los Angeles,ST=California,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130844656c6177617265,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

18/04/2012, 12:00

Not After

18/04/2027, 12:00

Subject

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

04:cd:3f:85:68:ae:76:c6:1b:b0:fe:71:60:cc:a7:6d
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/10/2019, 00:00

Not After

17/10/2030, 00:00

Subject

CN=TIMESTAMP-SHA256-2019-10-15,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

ef:03:0c:bf:08:4d:7c:14:06:f8:4c:eb:b2:25:0f:1c:d0:fe:68:94:24:dc:11:9b:69:f8:d0:90:70:0e:80:a7
Signer

Actual PE Digest

ef:03:0c:bf:08:4d:7c:14:06:f8:4c:eb:b2:25:0f:1c:d0:fe:68:94:24:dc:11:9b:69:f8:d0:90:70:0e:80:a7

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_LARGE_ADDRESS_AWARE

IMAGE_FILE_DLL

PDB Paths

api-ms-win-crt-conio-l1-1-0.pdb

Exports

__conio_common_vcprintf

__conio_common_vcprintf_p

__conio_common_vcprintf_s

__conio_common_vcscanf

__conio_common_vcwprintf

__conio_common_vcwprintf_p

__conio_common_vcwprintf_s

__conio_common_vcwscanf

_cgets

_cgets_s

_cgetws

_cgetws_s

_cputs

_cputws

_getch

_getch_nolock

_getche

_getche_nolock

_getwch

_getwch_nolock

_getwche

_getwche_nolock

_putch

_putch_nolock

_putwch

_putwch_nolock

_ungetch

_ungetch_nolock

_ungetwch

_ungetwch_nolock

Sections

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1008B

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

Bkebi/api-ms-win-crt-convert-l1-1-0.dll

.dll windows:10 windows x64 arch:x64

Code Sign

61:20:4d:b4:00:00:00:00:00:27
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/04/2011, 19:45

Not After

15/04/2021, 19:55

Subject

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

07:5e:3d:18:38:d5:e7:4d:b3:19:ff:23:6f:df:c3:50
Certificate

Issuer

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

16/12/2019, 00:00

Not After

20/12/2022, 12:00

Subject

SERIALNUMBER=4155843,CN=Riot Games\, Inc.,OU=DSS,O=Riot Games\, Inc.,L=Los Angeles,ST=California,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130844656c6177617265,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

18/04/2012, 12:00

Not After

18/04/2027, 12:00

Subject

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

04:cd:3f:85:68:ae:76:c6:1b:b0:fe:71:60:cc:a7:6d
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/10/2019, 00:00

Not After

17/10/2030, 00:00

Subject

CN=TIMESTAMP-SHA256-2019-10-15,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

80:62:3d:dc:86:9f:01:a3:46:09:a7:6c:fe:b7:84:a8:86:2b:9c:63:2b:de:f6:8e:d6:1a:50:db:77:3f:08:3b
Signer

Actual PE Digest

80:62:3d:dc:86:9f:01:a3:46:09:a7:6c:fe:b7:84:a8:86:2b:9c:63:2b:de:f6:8e:d6:1a:50:db:77:3f:08:3b

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_LARGE_ADDRESS_AWARE

IMAGE_FILE_DLL

PDB Paths

api-ms-win-crt-convert-l1-1-0.pdb

Exports

__toascii

_atodbl

_atodbl_l

_atof_l

_atoflt

_atoflt_l

_atoi64

_atoi64_l

_atoi_l

_atol_l

_atoldbl

_atoldbl_l

_atoll_l

_ecvt

_ecvt_s

_fcvt

_fcvt_s

_gcvt

_gcvt_s

_i64toa

_i64toa_s

_i64tow

_i64tow_s

_itoa

_itoa_s

_itow

_itow_s

_ltoa

_ltoa_s

_ltow

_ltow_s

_strtod_l

_strtof_l

_strtoi64

_strtoi64_l

_strtoimax_l

_strtol_l

_strtold_l

_strtoll_l

_strtoui64

_strtoui64_l

_strtoul_l

_strtoull_l

_strtoumax_l

_ui64toa

_ui64toa_s

_ui64tow

_ui64tow_s

_ultoa

_ultoa_s

_ultow

_ultow_s

_wcstod_l

_wcstof_l

_wcstoi64

_wcstoi64_l

_wcstoimax_l

_wcstol_l

_wcstold_l

_wcstoll_l

_wcstombs_l

_wcstombs_s_l

_wcstoui64

_wcstoui64_l

_wcstoul_l

_wcstoull_l

_wcstoumax_l

_wctomb_l

_wctomb_s_l

_wtof

_wtof_l

_wtoi

_wtoi64

_wtoi64_l

_wtoi_l

_wtol

_wtol_l

_wtoll

_wtoll_l

atof

atoi

atol

atoll

btowc

c16rtomb

c32rtomb

mbrtoc16

mbrtoc32

mbrtowc

mbsrtowcs

mbsrtowcs_s

mbstowcs

mbstowcs_s

mbtowc

strtod

strtof

strtoimax

strtol

strtold

strtoll

strtoul

strtoull

strtoumax

wcrtomb

wcrtomb_s

wcsrtombs

wcsrtombs_s

wcstod

wcstof

wcstoimax

wcstol

wcstold

wcstoll

wcstombs

wcstombs_s

wcstoul

wcstoull

wcstoumax

wctob

wctomb

wctomb_s

wctrans

Sections

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1008B

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

Bkebi/api-ms-win-crt-environment-l1-1-0.dll

.dll windows:10 windows x64 arch:x64

Code Sign

61:20:4d:b4:00:00:00:00:00:27
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/04/2011, 19:45

Not After

15/04/2021, 19:55

Subject

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

07:5e:3d:18:38:d5:e7:4d:b3:19:ff:23:6f:df:c3:50
Certificate

Issuer

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

16/12/2019, 00:00

Not After

20/12/2022, 12:00

Subject

SERIALNUMBER=4155843,CN=Riot Games\, Inc.,OU=DSS,O=Riot Games\, Inc.,L=Los Angeles,ST=California,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130844656c6177617265,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

18/04/2012, 12:00

Not After

18/04/2027, 12:00

Subject

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

04:cd:3f:85:68:ae:76:c6:1b:b0:fe:71:60:cc:a7:6d
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/10/2019, 00:00

Not After

17/10/2030, 00:00

Subject

CN=TIMESTAMP-SHA256-2019-10-15,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

58:2a:bc:47:3b:ed:d9:0f:bd:7a:41:5e:84:81:cc:f1:e2:dd:6c:2b:3f:60:b2:70:77:a5:e4:ac:88:04:35:25
Signer

Actual PE Digest

58:2a:bc:47:3b:ed:d9:0f:bd:7a:41:5e:84:81:cc:f1:e2:dd:6c:2b:3f:60:b2:70:77:a5:e4:ac:88:04:35:25

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_LARGE_ADDRESS_AWARE

IMAGE_FILE_DLL

PDB Paths

api-ms-win-crt-environment-l1-1-0.pdb

Exports

__p__environ

__p__wenviron

_dupenv_s

_putenv

_putenv_s

_searchenv

_searchenv_s

_wdupenv_s

_wgetcwd

_wgetdcwd

_wgetenv

_wgetenv_s

_wputenv

_wputenv_s

_wsearchenv

_wsearchenv_s

getenv

getenv_s

Sections

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1008B

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

Bkebi/api-ms-win-crt-filesystem-l1-1-0.dll

.dll windows:10 windows x64 arch:x64

Code Sign

61:20:4d:b4:00:00:00:00:00:27
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/04/2011, 19:45

Not After

15/04/2021, 19:55

Subject

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

07:5e:3d:18:38:d5:e7:4d:b3:19:ff:23:6f:df:c3:50
Certificate

Issuer

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

16/12/2019, 00:00

Not After

20/12/2022, 12:00

Subject

SERIALNUMBER=4155843,CN=Riot Games\, Inc.,OU=DSS,O=Riot Games\, Inc.,L=Los Angeles,ST=California,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130844656c6177617265,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

18/04/2012, 12:00

Not After

18/04/2027, 12:00

Subject

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

04:cd:3f:85:68:ae:76:c6:1b:b0:fe:71:60:cc:a7:6d
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/10/2019, 00:00

Not After

17/10/2030, 00:00

Subject

CN=TIMESTAMP-SHA256-2019-10-15,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

bb:c1:54:00:1a:77:0e:6b:55:66:45:0c:15:68:14:cc:ce:4d:46:b5:07:10:9f:8a:8e:f1:2e:c8:e7:6c:b5:78
Signer

Actual PE Digest

bb:c1:54:00:1a:77:0e:6b:55:66:45:0c:15:68:14:cc:ce:4d:46:b5:07:10:9f:8a:8e:f1:2e:c8:e7:6c:b5:78

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_LARGE_ADDRESS_AWARE

IMAGE_FILE_DLL

PDB Paths

api-ms-win-crt-filesystem-l1-1-0.pdb

Exports

_access

_access_s

_chdir

_chdrive

_chmod

_findclose

_findfirst32

_findfirst32i64

_findfirst64

_findfirst64i32

_findnext32

_findnext32i64

_findnext64

_findnext64i32

_fstat32

_fstat32i64

_fstat64

_fstat64i32

_fullpath

_getdiskfree

_getdrive

_getdrives

_lock_file

_makepath

_makepath_s

_mkdir

_rmdir

_splitpath

_splitpath_s

_stat32

_stat32i64

_stat64

_stat64i32

_umask

_umask_s

_unlink

_unlock_file

_waccess

_waccess_s

_wchdir

_wchmod

_wfindfirst32

_wfindfirst32i64

_wfindfirst64

_wfindfirst64i32

_wfindnext32

_wfindnext32i64

_wfindnext64

_wfindnext64i32

_wfullpath

_wmakepath

_wmakepath_s

_wmkdir

_wremove

_wrename

_wrmdir

_wsplitpath

_wsplitpath_s

_wstat32

_wstat32i64

_wstat64

_wstat64i32

_wunlink

remove

rename

Sections

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1008B

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

Bkebi/api-ms-win-crt-heap-l1-1-0.dll

.dll windows:10 windows x64 arch:x64

Code Sign

61:20:4d:b4:00:00:00:00:00:27
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/04/2011, 19:45

Not After

15/04/2021, 19:55

Subject

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

07:5e:3d:18:38:d5:e7:4d:b3:19:ff:23:6f:df:c3:50
Certificate

Issuer

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

16/12/2019, 00:00

Not After

20/12/2022, 12:00

Subject

SERIALNUMBER=4155843,CN=Riot Games\, Inc.,OU=DSS,O=Riot Games\, Inc.,L=Los Angeles,ST=California,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130844656c6177617265,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

18/04/2012, 12:00

Not After

18/04/2027, 12:00

Subject

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

04:cd:3f:85:68:ae:76:c6:1b:b0:fe:71:60:cc:a7:6d
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/10/2019, 00:00

Not After

17/10/2030, 00:00

Subject

CN=TIMESTAMP-SHA256-2019-10-15,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

b4:19:fb:4b:c8:ab:68:db:dc:e7:af:60:56:c4:96:53:2a:af:ff:12:53:54:c2:76:3d:26:cf:c3:1b:cf:9a:9f
Signer

Actual PE Digest

b4:19:fb:4b:c8:ab:68:db:dc:e7:af:60:56:c4:96:53:2a:af:ff:12:53:54:c2:76:3d:26:cf:c3:1b:cf:9a:9f

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_LARGE_ADDRESS_AWARE

IMAGE_FILE_DLL

PDB Paths

api-ms-win-crt-heap-l1-1-0.pdb

Exports

_aligned_free

_aligned_malloc

_aligned_msize

_aligned_offset_malloc

_aligned_offset_realloc

_aligned_offset_recalloc

_aligned_realloc

_aligned_recalloc

_callnewh

_calloc_base

_expand

_free_base

_get_heap_handle

_heapchk

_heapmin

_heapwalk

_malloc_base

_msize

_query_new_handler

_query_new_mode

_realloc_base

_recalloc

_set_new_mode

calloc

free

malloc

realloc

Sections

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1008B

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

Bkebi/api-ms-win-crt-locale-l1-1-0.dll

.dll windows:10 windows x64 arch:x64

Code Sign

61:20:4d:b4:00:00:00:00:00:27
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/04/2011, 19:45

Not After

15/04/2021, 19:55

Subject

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

07:5e:3d:18:38:d5:e7:4d:b3:19:ff:23:6f:df:c3:50
Certificate

Issuer

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

16/12/2019, 00:00

Not After

20/12/2022, 12:00

Subject

SERIALNUMBER=4155843,CN=Riot Games\, Inc.,OU=DSS,O=Riot Games\, Inc.,L=Los Angeles,ST=California,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130844656c6177617265,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

18/04/2012, 12:00

Not After

18/04/2027, 12:00

Subject

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

04:cd:3f:85:68:ae:76:c6:1b:b0:fe:71:60:cc:a7:6d
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/10/2019, 00:00

Not After

17/10/2030, 00:00

Subject

CN=TIMESTAMP-SHA256-2019-10-15,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

f6:f6:af:d0:f4:88:a1:1b:0c:c8:7e:c9:61:65:0b:7f:17:b7:57:1c:00:aa:b9:cf:b3:33:3f:3e:67:e5:b7:80
Signer

Actual PE Digest

f6:f6:af:d0:f4:88:a1:1b:0c:c8:7e:c9:61:65:0b:7f:17:b7:57:1c:00:aa:b9:cf:b3:33:3f:3e:67:e5:b7:80

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_LARGE_ADDRESS_AWARE

IMAGE_FILE_DLL

PDB Paths

api-ms-win-crt-locale-l1-1-0.pdb

Exports

___lc_codepage_func

___lc_collate_cp_func

___lc_locale_name_func

___mb_cur_max_func

___mb_cur_max_l_func

__initialize_lconv_for_unsigned_char

__pctype_func

__pwctype_func

_configthreadlocale

_create_locale

_free_locale

_get_current_locale

_getmbcp

_lock_locales

_setmbcp

_unlock_locales

_wcreate_locale

_wsetlocale

localeconv

setlocale

Sections

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1008B

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

Bkebi/api-ms-win-crt-process-l1-1-0.dll

.dll windows:10 windows x64 arch:x64

Code Sign

61:20:4d:b4:00:00:00:00:00:27
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/04/2011, 19:45

Not After

15/04/2021, 19:55

Subject

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

07:5e:3d:18:38:d5:e7:4d:b3:19:ff:23:6f:df:c3:50
Certificate

Issuer

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

16/12/2019, 00:00

Not After

20/12/2022, 12:00

Subject

SERIALNUMBER=4155843,CN=Riot Games\, Inc.,OU=DSS,O=Riot Games\, Inc.,L=Los Angeles,ST=California,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130844656c6177617265,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

18/04/2012, 12:00

Not After

18/04/2027, 12:00

Subject

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

04:cd:3f:85:68:ae:76:c6:1b:b0:fe:71:60:cc:a7:6d
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/10/2019, 00:00

Not After

17/10/2030, 00:00

Subject

CN=TIMESTAMP-SHA256-2019-10-15,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

16:86:8e:2e:8f:74:f7:94:05:59:0a:50:51:fa:6e:83:fd:14:50:06:26:64:5c:17:a0:73:09:c1:09:4c:ca:a6
Signer

Actual PE Digest

16:86:8e:2e:8f:74:f7:94:05:59:0a:50:51:fa:6e:83:fd:14:50:06:26:64:5c:17:a0:73:09:c1:09:4c:ca:a6

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_LARGE_ADDRESS_AWARE

IMAGE_FILE_DLL

PDB Paths

api-ms-win-crt-process-l1-1-0.pdb

Exports

_beep

_cwait

_execl

_execle

_execlp

_execlpe

_execv

_execve

_execvp

_execvpe

_loaddll

_spawnl

_spawnle

_spawnlp

_spawnlpe

_spawnv

_spawnve

_spawnvp

_spawnvpe

_unloaddll

_wexecl

_wexecle

_wexeclp

_wexeclpe

_wexecv

_wexecve

_wexecvp

_wexecvpe

_wspawnl

_wspawnle

_wspawnlp

_wspawnlpe

_wspawnv

_wspawnve

_wspawnvp

_wspawnvpe

Sections

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1008B

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

Bkebi/concrt140.dll

.dll windows:6 windows x64 arch:x64

5f9b23bd4b0029001f687a1ad625be31

Code Sign

33:00:00:02:55:18:1d:a4:2e:e0:86:fc:15:00:00:00:00:02:55
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

02/09/2021, 18:33

Not After

01/09/2022, 18:33

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08/07/2011, 20:59

Not After

08/07/2026, 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

31:15:68:e8:1e:39:ed:07:2b:86:fe:f4:43:e2:2a:19:98:8d:92:89:7f:d3:a8:04:21:cf:e4:aa:63:c8:16:6a
Signer

Actual PE Digest

31:15:68:e8:1e:39:ed:07:2b:86:fe:f4:43:e2:2a:19:98:8d:92:89:7f:d3:a8:04:21:cf:e4:aa:63:c8:16:6a

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_LARGE_ADDRESS_AWARE

IMAGE_FILE_DLL

PDB Paths

d:\a01\_work\12\s\\binaries\amd64ret\bin\amd64\\concrt140.amd64.pdb

Imports

msvcp140

?_Xbad_function_call@std@@YAXXZ

?GetCurrentThreadId@platform@details@Concurrency@@YAJXZ

_Mtx_init_in_situ

_Mtx_destroy_in_situ

_Mtx_lock

_Mtx_unlock

_Cnd_init_in_situ

_Cnd_destroy_in_situ

_Cnd_wait

_Cnd_broadcast

?_Throw_C_error@std@@YAXH@Z

?_Xbad_alloc@std@@YAXXZ

?_Xlength_error@std@@YAXPEBD@Z

?_Xout_of_range@std@@YAXPEBD@Z

?__ExceptionPtrDestroy@@YAXPEAX@Z

?__ExceptionPtrCreate@@YAXPEAX@Z

?__ExceptionPtrCopy@@YAXPEAXPEBX@Z

?__ExceptionPtrCurrentException@@YAXPEAX@Z

?__ExceptionPtrRethrow@@YAXPEBX@Z

vcruntime140_1

__CxxFrameHandler4

vcruntime140

_purecall

__std_terminate

__std_exception_copy

__std_exception_destroy

_CxxThrowException

memset

__uncaught_exception

memcpy

__C_specific_handler

__RTDynamicCast

__std_type_info_destroy_list

__current_exception_context

__current_exception

api-ms-win-crt-runtime-l1-1-0

_invalid_parameter_noinfo_noreturn

_initterm_e

_initterm

_cexit

terminate

_seh_filter_dll

_configure_narrow_argv

_initialize_narrow_environment

_initialize_onexit_table

_register_onexit_function

_execute_onexit_table

_crt_atexit

api-ms-win-crt-heap-l1-1-0

free

malloc

_callnewh

api-ms-win-crt-math-l1-1-0

exp

sqrt

api-ms-win-crt-string-l1-1-0

wcsncpy_s

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vfwprintf

__stdio_common_vswprintf_s

__acrt_iob_func

fflush

kernel32

GetCurrentProcess

DisableThreadLibraryCalls

GetSystemTimeAsFileTime

GetCurrentProcessId

QueryPerformanceCounter

IsDebuggerPresent

IsProcessorFeaturePresent

TerminateProcess

SetUnhandledExceptionFilter

UnhandledExceptionFilter

RtlVirtualUnwind

RtlLookupFunctionEntry

RtlCaptureContext

GetModuleHandleA

GetModuleFileNameW

FreeLibraryAndExitThread

FreeLibrary

CloseThreadpoolWait

SetThreadpoolWait

CreateThreadpoolWait

CloseThreadpoolTimer

WaitForThreadpoolTimerCallbacks

CreateThreadpoolTimer

FreeLibraryWhenCallbackReturns

GetThreadTimes

EncodePointer

OutputDebugStringW

LoadLibraryW

LoadLibraryExW

SetLastError

SetThreadpoolTimer

UnregisterWaitEx

CreateSemaphoreExW

ReleaseSemaphore

InitializeSListHead

SetProcessAffinityMask

VirtualFree

VirtualProtect

VirtualAlloc

GetVersionExW

GetCurrentProcessorNumber

FlushProcessWriteBuffers

DeleteCriticalSection

TryEnterCriticalSection

LeaveCriticalSection

EnterCriticalSection

UnregisterWait

RegisterWaitForSingleObject

SetThreadAffinityMask

GetProcessAffinityMask

GetNumaHighestNodeNumber

GetProcAddress

GetModuleHandleW

DeleteTimerQueueTimer

ChangeTimerQueueTimer

CreateTimerQueueTimer

GetLogicalProcessorInformation

GetTickCount64

TlsFree

TlsSetValue

InterlockedPopEntrySList

InterlockedPushEntrySList

InterlockedFlushSList

QueryDepthSList

CreateTimerQueue

GetCurrentThread

CloseHandle

DuplicateHandle

GetLastError

SetEvent

WaitForSingleObjectEx

TlsAlloc

GetCurrentThreadId

InitializeCriticalSectionEx

CreateEventExW

Sleep

SignalObjectAndWait

SwitchToThread

CreateThread

SetThreadPriority

GetThreadPriority

TlsGetValue

Exports

??0?$_SpinWait@$00@details@Concurrency@@QEAA@P6AXXZ@Z

??0?$_SpinWait@$0A@@details@Concurrency@@QEAA@P6AXXZ@Z

??0SchedulerPolicy@Concurrency@@QEAA@AEBV01@@Z

??0SchedulerPolicy@Concurrency@@QEAA@XZ

??0SchedulerPolicy@Concurrency@@QEAA@_KZZ

??0_Cancellation_beacon@details@Concurrency@@QEAA@XZ

??0_Concurrent_queue_base_v4@details@Concurrency@@IEAA@_K@Z

??0_Concurrent_queue_iterator_base_v4@details@Concurrency@@IEAA@AEBV_Concurrent_queue_base_v4@12@@Z

??0_Condition_variable@details@Concurrency@@QEAA@XZ

??0_Context@details@Concurrency@@QEAA@PEAVContext@2@@Z

??0_NonReentrantBlockingLock@details@Concurrency@@QEAA@XZ

??0_NonReentrantPPLLock@details@Concurrency@@QEAA@XZ

??0_ReaderWriterLock@details@Concurrency@@QEAA@XZ

??0_ReentrantBlockingLock@details@Concurrency@@QEAA@XZ

??0_ReentrantLock@details@Concurrency@@QEAA@XZ

??0_ReentrantPPLLock@details@Concurrency@@QEAA@XZ

??0_Runtime_object@details@Concurrency@@QEAA@H@Z

??0_Runtime_object@details@Concurrency@@QEAA@XZ

??0_Scheduler@details@Concurrency@@QEAA@PEAVScheduler@2@@Z

??0_Scoped_lock@_NonReentrantPPLLock@details@Concurrency@@QEAA@AEAV123@@Z

??0_Scoped_lock@_ReentrantPPLLock@details@Concurrency@@QEAA@AEAV123@@Z

??0_SpinLock@details@Concurrency@@QEAA@AECJ@Z

??0_StructuredTaskCollection@details@Concurrency@@QEAA@PEAV_CancellationTokenState@12@@Z

??0_TaskCollection@details@Concurrency@@QEAA@PEAV_CancellationTokenState@12@@Z

??0_TaskCollection@details@Concurrency@@QEAA@XZ

??0_Timer@details@Concurrency@@IEAA@I_N@Z

??0agent@Concurrency@@QEAA@AEAVScheduleGroup@1@@Z

??0agent@Concurrency@@QEAA@AEAVScheduler@1@@Z

??0agent@Concurrency@@QEAA@XZ

??0bad_target@Concurrency@@QEAA@PEBD@Z

??0bad_target@Concurrency@@QEAA@XZ

??0context_self_unblock@Concurrency@@QEAA@PEBD@Z

??0context_self_unblock@Concurrency@@QEAA@XZ

??0context_unblock_unbalanced@Concurrency@@QEAA@PEBD@Z

??0context_unblock_unbalanced@Concurrency@@QEAA@XZ

??0critical_section@Concurrency@@QEAA@XZ

??0default_scheduler_exists@Concurrency@@QEAA@PEBD@Z

??0default_scheduler_exists@Concurrency@@QEAA@XZ

??0event@Concurrency@@QEAA@XZ

??0improper_lock@Concurrency@@QEAA@PEBD@Z

??0improper_lock@Concurrency@@QEAA@XZ

??0improper_scheduler_attach@Concurrency@@QEAA@PEBD@Z

??0improper_scheduler_attach@Concurrency@@QEAA@XZ

??0improper_scheduler_detach@Concurrency@@QEAA@PEBD@Z

??0improper_scheduler_detach@Concurrency@@QEAA@XZ

??0improper_scheduler_reference@Concurrency@@QEAA@PEBD@Z

??0improper_scheduler_reference@Concurrency@@QEAA@XZ

??0invalid_link_target@Concurrency@@QEAA@PEBD@Z

??0invalid_link_target@Concurrency@@QEAA@XZ

??0invalid_multiple_scheduling@Concurrency@@QEAA@PEBD@Z

??0invalid_multiple_scheduling@Concurrency@@QEAA@XZ

??0invalid_oversubscribe_operation@Concurrency@@QEAA@PEBD@Z

??0invalid_oversubscribe_operation@Concurrency@@QEAA@XZ

??0invalid_scheduler_policy_key@Concurrency@@QEAA@PEBD@Z

??0invalid_scheduler_policy_key@Concurrency@@QEAA@XZ

??0invalid_scheduler_policy_thread_specification@Concurrency@@QEAA@PEBD@Z

??0invalid_scheduler_policy_thread_specification@Concurrency@@QEAA@XZ

??0invalid_scheduler_policy_value@Concurrency@@QEAA@PEBD@Z

??0invalid_scheduler_policy_value@Concurrency@@QEAA@XZ

??0message_not_found@Concurrency@@QEAA@PEBD@Z

??0message_not_found@Concurrency@@QEAA@XZ

??0missing_wait@Concurrency@@QEAA@PEBD@Z

??0missing_wait@Concurrency@@QEAA@XZ

??0nested_scheduler_missing_detach@Concurrency@@QEAA@PEBD@Z

??0nested_scheduler_missing_detach@Concurrency@@QEAA@XZ

??0operation_timed_out@Concurrency@@QEAA@PEBD@Z

??0operation_timed_out@Concurrency@@QEAA@XZ

??0reader_writer_lock@Concurrency@@QEAA@XZ

??0scheduler_not_attached@Concurrency@@QEAA@PEBD@Z

??0scheduler_not_attached@Concurrency@@QEAA@XZ

??0scheduler_resource_allocation_error@Concurrency@@QEAA@J@Z

??0scheduler_resource_allocation_error@Concurrency@@QEAA@PEBDJ@Z

??0scheduler_worker_creation_error@Concurrency@@QEAA@J@Z

??0scheduler_worker_creation_error@Concurrency@@QEAA@PEBDJ@Z

??0scoped_lock@critical_section@Concurrency@@QEAA@AEAV12@@Z

??0scoped_lock@reader_writer_lock@Concurrency@@QEAA@AEAV12@@Z

??0scoped_lock_read@reader_writer_lock@Concurrency@@QEAA@AEAV12@@Z

??0unsupported_os@Concurrency@@QEAA@PEBD@Z

??0unsupported_os@Concurrency@@QEAA@XZ

??1SchedulerPolicy@Concurrency@@QEAA@XZ

??1_Cancellation_beacon@details@Concurrency@@QEAA@XZ

??1_Concurrent_queue_base_v4@details@Concurrency@@MEAA@XZ

??1_Concurrent_queue_iterator_base_v4@details@Concurrency@@IEAA@XZ

??1_Concurrent_vector_base_v4@details@Concurrency@@IEAA@XZ

??1_Condition_variable@details@Concurrency@@QEAA@XZ

??1_NonReentrantBlockingLock@details@Concurrency@@QEAA@XZ

??1_ReentrantBlockingLock@details@Concurrency@@QEAA@XZ

??1_Scoped_lock@_NonReentrantPPLLock@details@Concurrency@@QEAA@XZ

??1_Scoped_lock@_ReentrantPPLLock@details@Concurrency@@QEAA@XZ

??1_SpinLock@details@Concurrency@@QEAA@XZ

??1_StructuredTaskCollection@details@Concurrency@@QEAA@XZ

??1_TaskCollection@details@Concurrency@@QEAA@XZ

??1_Timer@details@Concurrency@@MEAA@XZ

??1agent@Concurrency@@UEAA@XZ

??1critical_section@Concurrency@@QEAA@XZ

??1event@Concurrency@@QEAA@XZ

??1reader_writer_lock@Concurrency@@QEAA@XZ

??1scoped_lock@critical_section@Concurrency@@QEAA@XZ

??1scoped_lock@reader_writer_lock@Concurrency@@QEAA@XZ

??1scoped_lock_read@reader_writer_lock@Concurrency@@QEAA@XZ

??4?$_SpinWait@$00@details@Concurrency@@QEAAAEAV012@$$QEAV012@@Z

??4?$_SpinWait@$00@details@Concurrency@@QEAAAEAV012@AEBV012@@Z

??4?$_SpinWait@$0A@@details@Concurrency@@QEAAAEAV012@$$QEAV012@@Z

??4?$_SpinWait@$0A@@details@Concurrency@@QEAAAEAV012@AEBV012@@Z

??4SchedulerPolicy@Concurrency@@QEAAAEAV01@AEBV01@@Z

??_F?$_SpinWait@$00@details@Concurrency@@QEAAXXZ

??_F?$_SpinWait@$0A@@details@Concurrency@@QEAAXXZ

??_F_Context@details@Concurrency@@QEAAXXZ

??_F_Scheduler@details@Concurrency@@QEAAXXZ

?AgentEventGuid@Concurrency@@3U_GUID@@B

?Alloc@Concurrency@@YAPEAX_K@Z

?Block@Context@Concurrency@@SAXXZ

?ChoreEventGuid@Concurrency@@3U_GUID@@B

?ConcRTEventGuid@Concurrency@@3U_GUID@@B

?ConcRT_ProviderGuid@Concurrency@@3U_GUID@@B

?ContextEventGuid@Concurrency@@3U_GUID@@B

?Create@CurrentScheduler@Concurrency@@SAXAEBVSchedulerPolicy@2@@Z

?Create@Scheduler@Concurrency@@SAPEAV12@AEBVSchedulerPolicy@2@@Z

?CreateResourceManager@Concurrency@@YAPEAUIResourceManager@1@XZ

?CreateScheduleGroup@CurrentScheduler@Concurrency@@SAPEAVScheduleGroup@2@AEAVlocation@2@@Z

?CreateScheduleGroup@CurrentScheduler@Concurrency@@SAPEAVScheduleGroup@2@XZ

?CurrentContext@Context@Concurrency@@SAPEAV12@XZ

?Detach@CurrentScheduler@Concurrency@@SAXXZ

?DisableTracing@Concurrency@@YAJXZ

?EnableTracing@Concurrency@@YAJXZ

?Free@Concurrency@@YAXPEAX@Z

?Get@CurrentScheduler@Concurrency@@SAPEAVScheduler@2@XZ

?GetExecutionContextId@Concurrency@@YAIXZ

?GetNumberOfVirtualProcessors@CurrentScheduler@Concurrency@@SAIXZ

?GetOSVersion@Concurrency@@YA?AW4OSVersion@IResourceManager@1@XZ

?GetPolicy@CurrentScheduler@Concurrency@@SA?AVSchedulerPolicy@2@XZ

?GetPolicyValue@SchedulerPolicy@Concurrency@@QEBAIW4PolicyElementKey@2@@Z

?GetProcessorCount@Concurrency@@YAIXZ

?GetProcessorNodeCount@Concurrency@@YAIXZ

?GetSchedulerId@Concurrency@@YAIXZ

?GetSharedTimerQueue@details@Concurrency@@YAPEAXXZ

?Id@Context@Concurrency@@SAIXZ

?Id@CurrentScheduler@Concurrency@@SAIXZ

?IsAvailableLocation@CurrentScheduler@Concurrency@@SA_NAEBVlocation@2@@Z

?IsCurrentTaskCollectionCanceling@Context@Concurrency@@SA_NXZ

?LockEventGuid@Concurrency@@3U_GUID@@B

?Log2@details@Concurrency@@YAK_K@Z

?NFS_Allocate@details@Concurrency@@YAPEAX_K0PEAX@Z

?NFS_Free@details@Concurrency@@YAXPEAX@Z

?NFS_GetLineSize@details@Concurrency@@YA_KXZ

?Oversubscribe@Context@Concurrency@@SAX_N@Z

?PPLParallelForEventGuid@Concurrency@@3U_GUID@@B

?PPLParallelForeachEventGuid@Concurrency@@3U_GUID@@B

?PPLParallelInvokeEventGuid@Concurrency@@3U_GUID@@B

?RegisterShutdownEvent@CurrentScheduler@Concurrency@@SAXPEAX@Z

?ResetDefaultSchedulerPolicy@Scheduler@Concurrency@@SAXXZ

?ResourceManagerEventGuid@Concurrency@@3U_GUID@@B

?ScheduleGroupEventGuid@Concurrency@@3U_GUID@@B

?ScheduleGroupId@Context@Concurrency@@SAIXZ

?ScheduleTask@CurrentScheduler@Concurrency@@SAXP6AXPEAX@Z0@Z

?ScheduleTask@CurrentScheduler@Concurrency@@SAXP6AXPEAX@Z0AEAVlocation@2@@Z

?SchedulerEventGuid@Concurrency@@3U_GUID@@B

?SetConcurrencyLimits@SchedulerPolicy@Concurrency@@QEAAXII@Z

?SetDefaultSchedulerPolicy@Scheduler@Concurrency@@SAXAEBVSchedulerPolicy@2@@Z

?SetPolicyValue@SchedulerPolicy@Concurrency@@QEAAIW4PolicyElementKey@2@I@Z

?VirtualProcessorEventGuid@Concurrency@@3U_GUID@@B

?VirtualProcessorId@Context@Concurrency@@SAIXZ

?Yield@Context@Concurrency@@SAXXZ

?_Abort@_StructuredTaskCollection@details@Concurrency@@AEAAXXZ

?_Acquire@_NonReentrantBlockingLock@details@Concurrency@@QEAAXXZ

?_Acquire@_NonReentrantPPLLock@details@Concurrency@@QEAAXPEAX@Z

?_Acquire@_ReentrantBlockingLock@details@Concurrency@@QEAAXXZ

?_Acquire@_ReentrantLock@details@Concurrency@@QEAAXXZ

?_Acquire@_ReentrantPPLLock@details@Concurrency@@QEAAXPEAX@Z

?_AcquireRead@_ReaderWriterLock@details@Concurrency@@QEAAXXZ

?_AcquireWrite@_ReaderWriterLock@details@Concurrency@@QEAAXXZ

?_Advance@_Concurrent_queue_iterator_base_v4@details@Concurrency@@IEAAXXZ

?_Assign@_Concurrent_queue_iterator_base_v4@details@Concurrency@@IEAAXAEBV123@@Z

?_Byte_reverse_table@details@Concurrency@@3QBEB

?_Cancel@_StructuredTaskCollection@details@Concurrency@@QEAAXXZ

?_Cancel@_TaskCollection@details@Concurrency@@QEAAXXZ

?_CheckTaskCollection@_UnrealizedChore@details@Concurrency@@IEAAXXZ

?_CleanupToken@_StructuredTaskCollection@details@Concurrency@@AEAAXXZ

?_ConcRT_CoreAssert@details@Concurrency@@YAXPEBD0H@Z

?_ConcRT_Trace@details@Concurrency@@YAXHPEB_WZZ

?_Confirm_cancel@_Cancellation_beacon@details@Concurrency@@QEAA_NXZ

?_CurrentContext@_Context@details@Concurrency@@SA?AV123@XZ

?_Current_node@location@Concurrency@@SA?AV12@XZ

?_Destroy@_AsyncTaskCollection@details@Concurrency@@EEAAXXZ

?_DoYield@?$_SpinWait@$00@details@Concurrency@@IEAAXXZ

?_DoYield@?$_SpinWait@$0A@@details@Concurrency@@IEAAXXZ

?_Get@_CurrentScheduler@details@Concurrency@@SA?AV_Scheduler@23@XZ

?_GetCombinableSize@details@Concurrency@@YA_KXZ

?_GetConcRTTraceInfo@Concurrency@@YAPEBU_CONCRT_TRACE_INFO@details@1@XZ

?_GetConcurrency@details@Concurrency@@YAIXZ

?_GetCurrentInlineDepth@_StackGuard@details@Concurrency@@CAAEA_KXZ

?_GetNumberOfVirtualProcessors@_CurrentScheduler@details@Concurrency@@SAIXZ

?_GetScheduler@_Scheduler@details@Concurrency@@QEAAPEAVScheduler@3@XZ

?_Id@_CurrentScheduler@details@Concurrency@@SAIXZ

?_Internal_assign@_Concurrent_vector_base_v4@details@Concurrency@@IEAAXAEBV123@_KP6AXPEAX1@ZP6AX2PEBX1@Z5@Z

?_Internal_capacity@_Concurrent_vector_base_v4@details@Concurrency@@IEBA_KXZ

?_Internal_clear@_Concurrent_vector_base_v4@details@Concurrency@@IEAA_KP6AXPEAX_K@Z@Z

?_Internal_compact@_Concurrent_vector_base_v4@details@Concurrency@@IEAAPEAX_KPEAXP6AX10@ZP6AX1PEBX0@Z@Z

?_Internal_copy@_Concurrent_vector_base_v4@details@Concurrency@@IEAAXAEBV123@_KP6AXPEAXPEBX1@Z@Z

?_Internal_empty@_Concurrent_queue_base_v4@details@Concurrency@@IEBA_NXZ

?_Internal_finish_clear@_Concurrent_queue_base_v4@details@Concurrency@@IEAAXXZ

?_Internal_grow_by@_Concurrent_vector_base_v4@details@Concurrency@@IEAA_K_K0P6AXPEAXPEBX0@Z2@Z

?_Internal_grow_to_at_least_with_result@_Concurrent_vector_base_v4@details@Concurrency@@IEAA_K_K0P6AXPEAXPEBX0@Z2@Z

?_Internal_move_push@_Concurrent_queue_base_v4@details@Concurrency@@IEAAXPEAX@Z

?_Internal_pop_if_present@_Concurrent_queue_base_v4@details@Concurrency@@IEAA_NPEAX@Z

?_Internal_push@_Concurrent_queue_base_v4@details@Concurrency@@IEAAXPEBX@Z

?_Internal_push_back@_Concurrent_vector_base_v4@details@Concurrency@@IEAAPEAX_KAEA_K@Z

?_Internal_reserve@_Concurrent_vector_base_v4@details@Concurrency@@IEAAX_K00@Z

?_Internal_resize@_Concurrent_vector_base_v4@details@Concurrency@@IEAAX_K00P6AXPEAX0@ZP6AX1PEBX0@Z3@Z

?_Internal_size@_Concurrent_queue_base_v4@details@Concurrency@@IEBA_KXZ

?_Internal_swap@_Concurrent_queue_base_v4@details@Concurrency@@IEAAXAEAV123@@Z

?_Internal_swap@_Concurrent_vector_base_v4@details@Concurrency@@IEAAXAEAV123@@Z

?_Internal_throw_exception@_Concurrent_queue_base_v4@details@Concurrency@@IEBAXXZ

?_Internal_throw_exception@_Concurrent_vector_base_v4@details@Concurrency@@IEBAX_K@Z

?_IsCanceling@_StructuredTaskCollection@details@Concurrency@@QEAA_NXZ

?_IsCanceling@_TaskCollection@details@Concurrency@@QEAA_NXZ

?_IsSynchronouslyBlocked@_Context@details@Concurrency@@QEBA_NXZ

?_NewCollection@_AsyncTaskCollection@details@Concurrency@@SAPEAV123@PEAV_CancellationTokenState@23@@Z

?_NumberOfSpins@?$_SpinWait@$00@details@Concurrency@@IEAAKXZ

?_NumberOfSpins@?$_SpinWait@$0A@@details@Concurrency@@IEAAKXZ

?_Oversubscribe@_Context@details@Concurrency@@SAX_N@Z

?_Reference@_Scheduler@details@Concurrency@@QEAAIXZ

?_Release@_NonReentrantBlockingLock@details@Concurrency@@QEAAXXZ

?_Release@_NonReentrantPPLLock@details@Concurrency@@QEAAXXZ

?_Release@_ReentrantBlockingLock@details@Concurrency@@QEAAXXZ

?_Release@_ReentrantLock@details@Concurrency@@QEAAXXZ

?_Release@_ReentrantPPLLock@details@Concurrency@@QEAAXXZ

?_Release@_Scheduler@details@Concurrency@@QEAAIXZ

?_ReleaseRead@_ReaderWriterLock@details@Concurrency@@QEAAXXZ

?_ReleaseWrite@_ReaderWriterLock@details@Concurrency@@QEAAXXZ

?_Reset@?$_SpinWait@$00@details@Concurrency@@IEAAXXZ

?_Reset@?$_SpinWait@$0A@@details@Concurrency@@IEAAXXZ

?_RunAndWait@_StructuredTaskCollection@details@Concurrency@@QEAA?AW4_TaskCollectionStatus@23@PEAV_UnrealizedChore@23@@Z

?_RunAndWait@_TaskCollection@details@Concurrency@@QEAA?AW4_TaskCollectionStatus@23@PEAV_UnrealizedChore@23@@Z

?_Schedule@_StructuredTaskCollection@details@Concurrency@@QEAAXPEAV_UnrealizedChore@23@@Z

?_Schedule@_StructuredTaskCollection@details@Concurrency@@QEAAXPEAV_UnrealizedChore@23@PEAVlocation@3@@Z

?_Schedule@_TaskCollection@details@Concurrency@@QEAAXPEAV_UnrealizedChore@23@@Z

?_Schedule@_TaskCollection@details@Concurrency@@QEAAXPEAV_UnrealizedChore@23@PEAVlocation@3@@Z

?_ScheduleTask@_CurrentScheduler@details@Concurrency@@SAXP6AXPEAX@Z0@Z

?_Segment_index_of@_Concurrent_vector_base_v4@details@Concurrency@@KA_K_K@Z

?_SetSpinCount@?$_SpinWait@$00@details@Concurrency@@QEAAXI@Z

?_SetSpinCount@?$_SpinWait@$0A@@details@Concurrency@@QEAAXI@Z

?_ShouldSpinAgain@?$_SpinWait@$00@details@Concurrency@@IEAA_NXZ

?_ShouldSpinAgain@?$_SpinWait@$0A@@details@Concurrency@@IEAA_NXZ

?_SpinOnce@?$_SpinWait@$00@details@Concurrency@@QEAA_NXZ

?_SpinOnce@?$_SpinWait@$0A@@details@Concurrency@@QEAA_NXZ

?_SpinYield@Context@Concurrency@@SAXXZ

?_Start@_Timer@details@Concurrency@@IEAAXXZ

?_Stop@_Timer@details@Concurrency@@IEAAXXZ

?_Trace_agents@Concurrency@@YAXW4Agents_EventType@1@_JZZ

?_Trace_ppl_function@Concurrency@@YAXAEBU_GUID@@EW4ConcRT_EventType@1@@Z

?_TryAcquire@_NonReentrantBlockingLock@details@Concurrency@@QEAA_NXZ

?_TryAcquire@_ReentrantBlockingLock@details@Concurrency@@QEAA_NXZ

?_TryAcquire@_ReentrantLock@details@Concurrency@@QEAA_NXZ

?_TryAcquireWrite@_ReaderWriterLock@details@Concurrency@@QEAA_NXZ

?_UnderlyingYield@details@Concurrency@@YAXXZ

?_Value@_SpinCount@details@Concurrency@@SAIXZ

?_Yield@_Context@details@Concurrency@@SAXXZ

?cancel@agent@Concurrency@@QEAA_NXZ

?current@location@Concurrency@@SA?AV12@XZ

?done@agent@Concurrency@@IEAA_NXZ

?from_numa_node@location@Concurrency@@SA?AV12@G@Z

?get_error_code@scheduler_resource_allocation_error@Concurrency@@QEBAJXZ

?is_current_task_group_canceling@Concurrency@@YA_NXZ

?lock@critical_section@Concurrency@@QEAAXXZ

?lock@reader_writer_lock@Concurrency@@QEAAXXZ

?lock_read@reader_writer_lock@Concurrency@@QEAAXXZ

?native_handle@critical_section@Concurrency@@QEAAAEAV12@XZ

?notify_all@_Condition_variable@details@Concurrency@@QEAAXXZ

?notify_one@_Condition_variable@details@Concurrency@@QEAAXXZ

?reset@event@Concurrency@@QEAAXXZ

?set@event@Concurrency@@QEAAXXZ

?set_task_execution_resources@Concurrency@@YAXGPEAU_GROUP_AFFINITY@@@Z

?set_task_execution_resources@Concurrency@@YAX_K@Z

?start@agent@Concurrency@@QEAA_NXZ

?status@agent@Concurrency@@QEAA?AW4agent_status@2@XZ

?status_port@agent@Concurrency@@QEAAPEAV?$ISource@W4agent_status@Concurrency@@@2@XZ

?try_lock@critical_section@Concurrency@@QEAA_NXZ

?try_lock@reader_writer_lock@Concurrency@@QEAA_NXZ

?try_lock_for@critical_section@Concurrency@@QEAA_NI@Z

?try_lock_read@reader_writer_lock@Concurrency@@QEAA_NXZ

?unlock@critical_section@Concurrency@@QEAAXXZ

?unlock@reader_writer_lock@Concurrency@@QEAAXXZ

?wait@Concurrency@@YAXI@Z

?wait@_Condition_variable@details@Concurrency@@QEAAXAEAVcritical_section@3@@Z

?wait@agent@Concurrency@@SA?AW4agent_status@2@PEAV12@I@Z

?wait@event@Concurrency@@QEAA_KI@Z

?wait_for@_Condition_variable@details@Concurrency@@QEAA_NAEAVcritical_section@3@I@Z

?wait_for_all@agent@Concurrency@@SAX_KPEAPEAV12@PEAW4agent_status@2@I@Z

?wait_for_multiple@event@Concurrency@@SA_KPEAPEAV12@_K_NI@Z

?wait_for_one@agent@Concurrency@@SAX_KPEAPEAV12@AEAW4agent_status@2@AEA_KI@Z

Sections

.text
Size: 183KB - Virtual size: 183KB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

.rdata
Size: 84KB - Virtual size: 83KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.data
Size: 14KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.pdata
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1016B

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_DISCARDABLE

IMAGE_SCN_MEM_READ

Bkebi/dbgeng.dll

.dll windows:6 windows x64 arch:x64

20a4f08af0efbf58e3cff060b868e54b

Code Sign

2e:ab:11:dc:50:ff:5c:9d:cb:c0
Certificate

Issuer

Not Before

22/08/2007, 22:31

Not After

25/08/2012, 07:00

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

61:06:27:81:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/10/2008, 21:24

Not After

22/01/2010, 21:34

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:49:7c:ed:00:00:00:00:00:05
Certificate

Issuer

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/09/2006, 01:55

Not After

16/09/2011, 02:05

Subject

CN=Microsoft Timestamping Service,OU=nCipher DSE ESN:10D8-5847-CBF8,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

KeyUsageContentCommitment

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2
Certificate

Issuer

Not Before

16/09/2006, 01:04

Not After

15/09/2019, 07:00

Subject

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

27:c7:5c:14:f1:cf:f9:60:5e:ad:66:35:83:2d:d8:72:e8:20:cf:8c
Signer

Actual PE Digest

27:c7:5c:14:f1:cf:f9:60:5e:ad:66:35:83:2d:d8:72:e8:20:cf:8c

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_LARGE_ADDRESS_AWARE

IMAGE_FILE_DLL

PDB Paths

dbgeng.pdb

Imports

msvcrt

swscanf

wcsstr

wcsrchr

_wtoi

_wcsdup

ctime

_wcsicmp

time

iswalnum

iswdigit

wcschr

_purecall

towlower

??3@YAXPEAX@Z

??2@YAPEAX_K@Z

_vsnwprintf

_vsnprintf

wcsncmp

free

malloc

memmove

iswspace

_isatty

_write

_lseeki64

_fileno

__pioinfo

__badioinfo

??1type_info@@UEAA@XZ

wctomb

_itoa

_snprintf

_iob

isleadbyte

memset

memcpy

?terminate@@YAXXZ

_onexit

_lock

__dllonexit

_unlock

__C_specific_handler

_amsg_exit

_initterm

_XcptFilter

_errno

__CxxFrameHandler

isspace

fseek

feof

fgetws

ftell

_wcslwr

wcstoul

atol

iswprint

strrchr

printf

_strlwr

towupper

qsort

iswalpha

iswupper

calloc

atoi

getenv

sscanf

strncmp

_wsetlocale

isprint

iswxdigit

_wctime

_strnicmp

realloc

_wcsupr

_wcsnicmp

fprintf

_stricmp

fgets

strchr

fclose

__doserrno

_wgetenv

_wfopen

_strtoui64

strtoul

strstr

_vscwprintf

wcsncpy

_snwprintf

strncat

_spawnlp

frexp

ldexp

_itow

_memicmp

_wtol

memcmp

dbghelp

SymGetModuleInfoW64

SymSearchW

SymSetOptions

ImagehlpApiVersionEx

ImageNtHeader

SymGetLineFromNameW64

SymEnumSymbolsW

SymGetFileLineOffsets64

SymGetSourceFileTokenW

SymAddSymbolW

SymFromAddrW

SymFromIndexW

SymDeleteSymbolW

SymGetTypeInfo

SymLoadModule64

SymGetOptions

SymLoadModuleExW

SymGetSourceVarFromTokenW

SymMatchStringW

SymFromTokenW

SymFunctionTableAccess64

SymGetSourceFileFromTokenW

SymSetSearchPathW

SymGetHomeDirectoryW

SymEnumTypesW

SymSetScopeFromIndex

SymSetScopeFromAddr

SymEnumTypesByNameW

SymEnumSymbolsForAddrW

SymGetLineFromAddrW64

SymNextW

SymPrevW

StackWalk64

SymEnumSourceLinesW

SymEnumLinesW

SymGetUnwindInfo

SymMatchFileNameW

SymCleanup

SymRegisterFunctionEntryCallback64

SymRegisterCallbackW64

SymInitializeW

ImageRvaToVa

ImageDirectoryEntryToDataEx

dbghelp

FindExecutableImageExW

SymFindFileInPathW

SymGetTypeInfoEx

SymUnloadModule64

GetTimestampForLoadedLibrary

SymMatchStringA

SymGetTypeFromNameW

SymFromNameW

DbgHelpCreateUserDump

SymAddSymbol

version

VerQueryValueA

GetFileVersionInfoSizeW

GetFileVersionInfoW

VerQueryValueW

advapi32

SetSecurityDescriptorDacl

CheckTokenMembership

GetUserNameW

RegDeleteValueW

FreeSid

InitializeSecurityDescriptor

AddAccessAllowedAce

AddAccessDeniedAce

InitializeAcl

GetLengthSid

AllocateAndInitializeSid

AdjustTokenPrivileges

OpenProcessToken

RegSetValueExW

RegCreateKeyExW

RegQueryValueExA

RegQueryValueExW

RegOpenKeyExA

RegCloseKey

RegEnumValueW

RegOpenKeyExW

RegConnectRegistryW

kernel32

WaitCommEvent

GetCommTimeouts

QueryPerformanceFrequency

SetCommMask

GetCommMask

CreateDirectoryW

ContinueDebugEvent

WaitForDebugEvent

CreateRemoteThread

GetProcessTimes

GetThreadSelectorEntry

SetThreadContext

VirtualFreeEx

VirtualAllocEx

VirtualProtectEx

WriteProcessMemory

GetExitCodeProcess

SetEnvironmentVariableA

DebugActiveProcess

SetCommTimeouts

SetupComm

SetCommState

GetCommState

GetSystemDirectoryA

OpenEventW

OpenFileMappingW

PeekNamedPipe

WaitNamedPipeW

ConnectNamedPipe

CreateNamedPipeW

OpenProcess

FileTimeToDosDateTime

FindFirstFileA

GetTempFileNameA

GetTempPathA

GetFileTime

GetTempFileNameW

FileTimeToLocalFileTime

CreateEventA

GetModuleHandleA

GetSystemTime

SystemTimeToFileTime

__chkstk

lstrcmpiW

HeapCreate

HeapReAlloc

HeapDestroy

HeapAlloc

VirtualQueryEx

GetThreadTimes

GetThreadPriority

GetThreadContext

ResumeThread

SuspendThread

ReadProcessMemory

CreateFileMappingA

GetVersionExA

IsProcessorFeaturePresent

SetUnhandledExceptionFilter

UnhandledExceptionFilter

TerminateProcess

QueryPerformanceCounter

RtlCaptureContext

RtlLookupFunctionEntry

RtlVirtualUnwind

VirtualProtect

CreateThread

CreateProcessW

GetPriorityClass

CreateFileA

CreateNamedPipeA

CancelIo

GetOverlappedResult

WaitForMultipleObjects

GetLocalTime

GetDriveTypeW

DeviceIoControl

GetSystemDirectoryW

LockResource

LoadResource

SizeofResource

FindResourceW

GetPrivateProfileStringW

LocalFree

FileTimeToSystemTime

GetFileAttributesW

GetCommandLineW

MapViewOfFile

CreateFileMappingW

GetFileSize

SwitchToFiber

CreateFiber

ConvertThreadToFiber

DeleteFiber

GetProcessHeap

HeapFree

LoadLibraryW

GetEnvironmentVariableA

FreeLibrary

LoadLibraryExW

SetErrorMode

SearchPathW

RaiseException

SetLastError

DeleteFileA

UnmapViewOfFile

GetModuleFileNameA

DeleteFileW

ResetEvent

GetComputerNameW

CopyFileW

CreateFileW

WriteFile

LoadLibraryA

ClearCommError

GetCommModemStatus

IsBadWritePtr

GetModuleFileNameW

GetProcAddress

GetFullPathNameW

ReadFile

SetFilePointer

GetFileSizeEx

FindClose

FindFirstFileW

GetModuleHandleW

DeleteCriticalSection

InitializeCriticalSection

CreateEventW

GetVersionExW

GetSystemInfo

SetEnvironmentVariableW

GetEnvironmentVariableW

GetCurrentThread

GetCurrentProcess

DuplicateHandle

CreateSemaphoreA

Sleep

GetCurrentProcessId

VirtualFree

VirtualAlloc

IsBadCodePtr

IsBadReadPtr

ReleaseSemaphore

DisableThreadLibraryCalls

OutputDebugStringA

GetTickCount

FormatMessageW

CloseHandle

GetSystemTimeAsFileTime

SleepEx

WaitForSingleObjectEx

QueueUserAPC

SetEvent

WaitForSingleObject

MultiByteToWideChar

LeaveCriticalSection

EnterCriticalSection

GetCurrentThreadId

GetLastError

WideCharToMultiByte

DebugBreak

ExpandEnvironmentStringsW

GetTempPathW

LocalAlloc

ntdll

NtSetTimerResolution

Exports

DebugConnect

DebugConnectWide

DebugCreate

Sections

.text
Size: 3.8MB - Virtual size: 3.8MB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

.data
Size: 104KB - Virtual size: 335KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.pdata
Size: 97KB - Virtual size: 96KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.reloc
Size: 91KB - Virtual size: 90KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_DISCARDABLE

IMAGE_SCN_MEM_READ

Bkebi/dbghelp.dll

.dll windows:6 windows x64 arch:x64

186bdce03a6f21a10c15ba86219196a5

Code Sign

2e:ab:11:dc:50:ff:5c:9d:cb:c0
Certificate

Issuer

Not Before

22/08/2007, 22:31

Not After

25/08/2012, 07:00

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

61:06:27:81:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/10/2008, 21:24

Not After

22/01/2010, 21:34

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:49:7c:ed:00:00:00:00:00:05
Certificate

Issuer

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/09/2006, 01:55

Not After

16/09/2011, 02:05

Subject

CN=Microsoft Timestamping Service,OU=nCipher DSE ESN:10D8-5847-CBF8,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

KeyUsageContentCommitment

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2
Certificate

Issuer

Not Before

16/09/2006, 01:04

Not After

15/09/2019, 07:00

Subject

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

f8:6b:8d:7b:e1:22:da:43:1d:27:44:ae:aa:de:48:08:de:01:71:40
Signer

Actual PE Digest

f8:6b:8d:7b:e1:22:da:43:1d:27:44:ae:aa:de:48:08:de:01:71:40

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_LARGE_ADDRESS_AWARE

IMAGE_FILE_DLL

PDB Paths

dbghelp.pdb

Imports

msvcrt

_isatty

_write

_lseeki64

_fileno

_read

__pioinfo

__badioinfo

??1type_info@@UEAA@XZ

ferror

wctomb

_snprintf

_iob

isleadbyte

__mb_cur_max

mbtowc

_onexit

_lock

__dllonexit

_unlock

_CxxThrowException

memset

memcpy

_ismbblead

__C_specific_handler

_amsg_exit

_initterm

_XcptFilter

memmove

_errno

__CxxFrameHandler

iswspace

calloc

_itoa

_wcsdup

towlower

tolower

_wcslwr

_wctime

time

??_V@YAXPEAX@Z

_ltoa

_wcsnicmp

_purecall

ctime

malloc

strncmp

isspace

_stricmp

free

_strlwr

wcsrchr

strstr

_wcsicmp

qsort

iswxdigit

wcsncmp

_vsnwprintf

iswprint

atol

fclose

__unDName

iswdigit

memcmp

bsearch

_wfsopen

fread

fseek

wcstol

strchr

??_U@YAPEAX_K@Z

_time64

_wfullpath

_get_osfhandle

_chsize

_close

_open_osfhandle

ftell

_memicmp

_mbscmp

_wgetenv

wcsstr

wcschr

??3@YAXPEAX@Z

??2@YAPEAX_K@Z

_wsopen

kernel32

MoveFileW

CreateFileW

DeleteFileW

CreateDirectoryW

FlushViewOfFile

MapViewOfFileEx

GetCurrentDirectoryW

InitializeCriticalSectionAndSpinCount

GetFileType

DeviceIoControl

SetFileAttributesW

__chkstk

CreateFileMappingW

LCMapStringW

LocalFree

GetVersion

FormatMessageW

DelayLoadFailureHook

SetUnhandledExceptionFilter

UnhandledExceptionFilter

TerminateProcess

GetTickCount

QueryPerformanceCounter

RtlCaptureContext

RtlLookupFunctionEntry

RtlVirtualUnwind

VirtualQueryEx

GetThreadTimes

GetThreadPriority

GetPriorityClass

GetThreadContext

ResumeThread

SuspendThread

GetCurrentThreadId

IsProcessorFeaturePresent

GetSystemInfo

GetSystemTimeAsFileTime

lstrcmpiW

Sleep

LoadLibraryExA

ReadProcessMemory

GetProcessHeap

LoadLibraryW

GetSystemDirectoryW

GetFileAttributesA

SetErrorMode

GetVersionExW

OutputDebugStringW

OutputDebugStringA

WriteFile

VirtualFree

OpenProcess

GetCurrentProcessId

GetModuleHandleA

MapViewOfFile

CreateFileMappingA

UnmapViewOfFile

GetCurrentProcess

DuplicateHandle

VirtualProtect

VirtualAlloc

CreateDirectoryA

GetFileAttributesW

GetFullPathNameW

WideCharToMultiByte

MultiByteToWideChar

ExpandEnvironmentStringsW

GetModuleFileNameW

SetLastError

FindFirstFileW

FindClose

FindNextFileW

LocalAlloc

EnterCriticalSection

LeaveCriticalSection

CreateFileA

GetFileSize

ReadFile

CloseHandle

GetLastError

TlsGetValue

TlsSetValue

LoadLibraryA

GetProcAddress

FreeLibrary

TlsAlloc

TlsFree

GetVersionExA

InitializeCriticalSection

HeapCreate

HeapDestroy

DeleteCriticalSection

HeapReAlloc

HeapAlloc

HeapFree

IsDBCSLeadByte

GetEnvironmentVariableW

CopyFileW

SetFilePointer

Exports

DbgHelpCreateUserDump

DbgHelpCreateUserDumpW

EnumDirTree

EnumDirTreeW

EnumerateLoadedModules

EnumerateLoadedModules64

EnumerateLoadedModulesEx

EnumerateLoadedModulesExW

EnumerateLoadedModulesW64

ExtensionApiVersion

FindDebugInfoFile

FindDebugInfoFileEx

FindDebugInfoFileExW

FindExecutableImage

FindExecutableImageEx

FindExecutableImageExW

FindFileInPath

FindFileInSearchPath

GetTimestampForLoadedLibrary

ImageDirectoryEntryToData

ImageDirectoryEntryToDataEx

ImageNtHeader

ImageRvaToSection

ImageRvaToVa

ImagehlpApiVersion

ImagehlpApiVersionEx

MakeSureDirectoryPathExists

MiniDumpReadDumpStream

MiniDumpWriteDump

SearchTreeForFile

SearchTreeForFileW

StackWalk

StackWalk64

SymAddSourceStream

SymAddSourceStreamA

SymAddSourceStreamW

SymAddSymbol

SymAddSymbolW

SymCleanup

SymDeleteSymbol

SymDeleteSymbolW

SymEnumLines

SymEnumLinesW

SymEnumProcesses

SymEnumSourceFileTokens

SymEnumSourceFiles

SymEnumSourceFilesW

SymEnumSourceLines

SymEnumSourceLinesW

SymEnumSym

SymEnumSymbols

SymEnumSymbolsForAddr

SymEnumSymbolsForAddrW

SymEnumSymbolsW

SymEnumTypes

SymEnumTypesByName

SymEnumTypesByNameW

SymEnumTypesW

SymEnumerateModules

SymEnumerateModules64

SymEnumerateModulesW64

SymEnumerateSymbols

SymEnumerateSymbols64

SymEnumerateSymbolsW

SymEnumerateSymbolsW64

SymFindDebugInfoFile

SymFindDebugInfoFileW

SymFindExecutableImage

SymFindExecutableImageW

SymFindFileInPath

SymFindFileInPathW

SymFromAddr

SymFromAddrW

SymFromIndex

SymFromIndexW

SymFromName

SymFromNameW

SymFromToken

SymFromTokenW

SymFunctionTableAccess

SymFunctionTableAccess64

SymGetFileLineOffsets64

SymGetHomeDirectory

SymGetHomeDirectoryW

SymGetLineFromAddr

SymGetLineFromAddr64

SymGetLineFromAddrW64

SymGetLineFromName

SymGetLineFromName64

SymGetLineFromNameW64

SymGetLineNext

SymGetLineNext64

SymGetLineNextW64

SymGetLinePrev

SymGetLinePrev64

SymGetLinePrevW64

SymGetModuleBase

SymGetModuleBase64

SymGetModuleInfo

SymGetModuleInfo64

SymGetModuleInfoW

SymGetModuleInfoW64

SymGetOmapBlockBase

SymGetOmaps

SymGetOptions

SymGetScope

SymGetScopeW

SymGetSearchPath

SymGetSearchPathW

SymGetSourceFile

SymGetSourceFileFromToken

SymGetSourceFileFromTokenW

SymGetSourceFileToken

SymGetSourceFileTokenW

SymGetSourceFileW

SymGetSourceVarFromToken

SymGetSourceVarFromTokenW

SymGetSymFromAddr

SymGetSymFromAddr64

SymGetSymFromName

SymGetSymFromName64

SymGetSymNext

SymGetSymNext64

SymGetSymPrev

SymGetSymPrev64

SymGetSymbolFile

SymGetSymbolFileW

SymGetTypeFromName

SymGetTypeFromNameW

SymGetTypeInfo

SymGetTypeInfoEx

SymGetUnwindInfo

SymInitialize

SymInitializeW

SymLoadModule

SymLoadModule64

SymLoadModuleEx

SymLoadModuleExW

SymMatchFileName

SymMatchFileNameW

SymMatchString

SymMatchStringA

SymMatchStringW

SymNext

SymNextW

SymPrev

SymPrevW

SymRefreshModuleList

SymRegisterCallback

SymRegisterCallback64

SymRegisterCallbackW64

SymRegisterFunctionEntryCallback

SymRegisterFunctionEntryCallback64

SymSearch

SymSearchW

SymSetContext

SymSetHomeDirectory

SymSetHomeDirectoryW

SymSetOptions

SymSetParentWindow

SymSetScopeFromAddr

SymSetScopeFromIndex

SymSetSearchPath

SymSetSearchPathW

SymSrvDeltaName

SymSrvDeltaNameW

SymSrvGetFileIndexInfo

SymSrvGetFileIndexInfoW

SymSrvGetFileIndexString

SymSrvGetFileIndexStringW

SymSrvGetFileIndexes

SymSrvGetFileIndexesW

SymSrvGetSupplement

SymSrvGetSupplementW

SymSrvIsStore

SymSrvIsStoreW

SymSrvStoreFile

SymSrvStoreFileW

SymSrvStoreSupplement

SymSrvStoreSupplementW

SymUnDName

SymUnDName64

SymUnloadModule

SymUnloadModule64

UnDecorateSymbolName

UnDecorateSymbolNameW

WinDbgExtensionDllInit

block

chksym

dbghelp

dh

fptr

homedir

itoldyouso

lmi

lminfo

omap

srcfiles

stack_force_ebp

stackdbg

sym

symsrv

vc7fpo

Sections

.text
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

.data
Size: 23KB - Virtual size: 120KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.pdata
Size: 41KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1008B

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.reloc
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_DISCARDABLE

IMAGE_SCN_MEM_READ

Bkebi/dll/api-ms-win-crt-process-l1-1-0.dll

.dll windows:10 windows x64 arch:x64

Code Sign

61:20:4d:b4:00:00:00:00:00:27
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/04/2011, 19:45

Not After

15/04/2021, 19:55

Subject

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

07:5e:3d:18:38:d5:e7:4d:b3:19:ff:23:6f:df:c3:50
Certificate

Issuer

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

16/12/2019, 00:00

Not After

20/12/2022, 12:00

Subject

SERIALNUMBER=4155843,CN=Riot Games\, Inc.,OU=DSS,O=Riot Games\, Inc.,L=Los Angeles,ST=California,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130844656c6177617265,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

18/04/2012, 12:00

Not After

18/04/2027, 12:00

Subject

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

04:cd:3f:85:68:ae:76:c6:1b:b0:fe:71:60:cc:a7:6d
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/10/2019, 00:00

Not After

17/10/2030, 00:00

Subject

CN=TIMESTAMP-SHA256-2019-10-15,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

16:86:8e:2e:8f:74:f7:94:05:59:0a:50:51:fa:6e:83:fd:14:50:06:26:64:5c:17:a0:73:09:c1:09:4c:ca:a6
Signer

Actual PE Digest

16:86:8e:2e:8f:74:f7:94:05:59:0a:50:51:fa:6e:83:fd:14:50:06:26:64:5c:17:a0:73:09:c1:09:4c:ca:a6

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_LARGE_ADDRESS_AWARE

IMAGE_FILE_DLL

PDB Paths

api-ms-win-crt-process-l1-1-0.pdb

Exports

_beep

_cwait

_execl

_execle

_execlp

_execlpe

_execv

_execve

_execvp

_execvpe

_loaddll

_spawnl

_spawnle

_spawnlp

_spawnlpe

_spawnv

_spawnve

_spawnvp

_spawnvpe

_unloaddll

_wexecl

_wexecle

_wexeclp

_wexeclpe

_wexecv

_wexecve

_wexecvp

_wexecvpe

_wspawnl

_wspawnle

_wspawnlp

_wspawnlpe

_wspawnv

_wspawnve

_wspawnvp

_wspawnvpe

Sections

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1008B

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

Bkebi/dll/concrt140.dll