5aa317d3682ff127e1e92d2016c08f94be60937a1b8a210876d931d072386336[.]zip

Sharing

Copy URL

Twitter E-mail

General

Target

5aa317d3682ff127e1e92d2016c08f94be60937a1b8a210876d931d072386336.zip
Size

4.5MB
MD5

7b0100c1ecf96b4a13f5cbccd8829117
SHA1

882f6bb80d2a3aeb721614748ece69745c6e4810
SHA256

5aa317d3682ff127e1e92d2016c08f94be60937a1b8a210876d931d072386336
SHA512

58835498769ae65f463dafdadd0e0041c1509e726cfaac2e23f1d805d8015a3e78fa7437457a496ff97799ad3b1f4ae75ae5641036cdc1c91f484d522677b6dc
SSDEEP

98304:80LUwkpKdk09peb1mH9ckhoXZ+fVYkHnps:86qp6Pebg9BhoIVYkG

Score

10^/10

Malware Config

Signatures

Detects executables manipulated with Fody 1 IoCs

Processes:

resource	yara_rule
static1/unpack001/Job Interview/essential.dat	INDICATOR_EXE_Packed_Fody

Unsigned PE 3 IoCs

Checks for missing Authenticode signature.

Processes:

resource
unpack001/Job Interview/CoreUIComponent.dll
unpack001/Job Interview/essential.dat
unpack001/Job Interview/secur32.dll

Files

5aa317d3682ff127e1e92d2016c08f94be60937a1b8a210876d931d072386336.zip
.zip
Job Interview/CoreUIComponent.dll
.dll windows:6 windows x86 arch:x86

b2f39d39d5cfb3df2afa8e86204f4dc9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

HeapSize
GetLastError
HeapReAlloc
HeapAlloc
HeapDestroy
DeleteCriticalSection
GetProcessHeap
TerminateProcess
OpenProcess
CreateToolhelp32Snapshot
Sleep
Process32NextW
Process32FirstW
CloseHandle
SetFileInformationByHandle
GetFileAttributesExW
FindNextFileW
FindFirstFileExW
FindFirstFileW
FindClose
CreateDirectoryW
GetLocaleInfoEx
FormatMessageA
LocalFree
WideCharToMultiByte
FindResourceW
LoadResource
InitializeCriticalSectionEx
LockResource
MultiByteToWideChar
GetComputerNameExW
GetVersionExW
CreateFileW
OpenFile
GetProcessId
GetModuleFileNameW
WriteFile
SizeofResource
ReadFile
GetProcAddress
LoadLibraryW
GetSystemDirectoryW
GetFileInformationByHandleEx
IsDebuggerPresent
OutputDebugStringW
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
SetEvent
ResetEvent
WaitForSingleObjectEx
CreateEventW
GetModuleHandleW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
FindResourceExW
HeapFree
AreFileApisANSI

shell32

ord680
ShellExecuteExW

msvcp140

??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
?in@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z
?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@PBD_J@Z
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UAE@XZ
?seekg@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@_JH@Z
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UAE@XZ
?always_noconv@codecvt_base@std@@QBE_NXZ
??Bid@locale@std@@QAEIXZ
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?_Throw_Cpp_error@std@@YAXH@Z
?_Xbad_alloc@std@@YAXXZ
?_Throw_C_error@std@@YAXH@Z
?_Xlength_error@std@@YAXPBD@Z
_Cnd_do_broadcast_at_thread_exit
_Thrd_detach
?_Xinvalid_argument@std@@YAXPBD@Z
?_Xout_of_range@std@@YAXPBD@Z
?_Winerror_map@std@@YAHH@Z
?_Syserror_map@std@@YAPBDH@Z
?uncaught_exception@std@@YA_NXZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AAN@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXXZ
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PAD1AAPAD@Z
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QBE?AVlocale@2@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?_Fiopen@std@@YAPAU_iobuf@@PBDHH@Z
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ
??0_Lockit@std@@QAE@H@Z
??1_Lockit@std@@QAE@XZ
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEXABVlocale@2@@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEPAV12@PAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ

vcruntime140

__std_exception_destroy
__CxxFrameHandler3
__std_exception_copy
_local_unwind4
__std_terminate
memchr
memcpy
_purecall
memmove
__std_type_info_destroy_list
_CxxThrowException
_except_handler4_common
__current_exception_context
__current_exception
memset

api-ms-win-crt-heap-l1-1-0

_callnewh
free
malloc

api-ms-win-crt-runtime-l1-1-0

_cexit
_crt_atexit
_execute_onexit_table
_register_onexit_function
_initialize_onexit_table
_initialize_narrow_environment
_configure_narrow_argv
_seh_filter_dll
_initterm_e
_initterm
_errno
_invalid_parameter_noinfo_noreturn
terminate
_invalid_parameter_noinfo
_beginthreadex

api-ms-win-crt-convert-l1-1-0

strtol

api-ms-win-crt-utility-l1-1-0

rand

api-ms-win-crt-math-l1-1-0

modf
_finite
_isnan
_dclass

api-ms-win-crt-stdio-l1-1-0

fgetpos
setvbuf
fgetc
fclose
fflush
fputc
fsetpos
fread
_fseeki64
_get_stream_buffer_pointers
__stdio_common_vsprintf
ungetc
fwrite

api-ms-win-crt-string-l1-1-0

wmemcpy_s

api-ms-win-crt-filesystem-l1-1-0

_unlock_file
_lock_file

api-ms-win-crt-locale-l1-1-0

___lc_codepage_func

advapi32

GetUserNameW

ole32

CoCreateGuid
CoInitialize
CoCreateInstance
CoUninitialize

oleaut32

SysAllocStringLen

Exports

Exports

AcceptSecurityContext
AcquireCredentialsHandleA
AcquireCredentialsHandleW
AddCredentialsA
AddCredentialsW
AddSecurityPackageA
ApplyControlToken
ChangeAccountPasswordA
ChangeAccountPasswordW
CloseLsaPerformanceData
CollectLsaPerformanceData
CompleteAuthToken
CredMarshalTargetInfo
CredUnmarshalTargetInfo
DecryptMessage
DeleteSecurityContext
DeleteSecurityPackageA
DeleteSecurityPackageW
EncryptMessage
EnumerateSecurityPackagesA
EnumerateSecurityPackagesW
ExportSecurityContext
FreeContextBuffer
FreeCredentialsHandle
GetComputerObjectNameA
GetComputerObjectNameW
GetSecurityUserInfo
GetUserNameExA
GetUserNameExW
ImpersonateSecurityContext
ImportSecurityContextA
ImportSecurityContextW
InitSecurityInterfaceA
InitSecurityInterfaceW
InitializeSecurityContextA
InitializeSecurityContextW
LsaCallAuthenticationPackage
LsaConnectUntrusted
LsaDeregisterLogonProcess
LsaEnumerateLogonSessions
LsaFreeReturnBuffer
LsaGetLogonSessionData
LsaLogonUser
LsaLookupAuthenticationPackage
LsaRegisterLogonProcess
LsaRegisterPolicyChangeNotification
LsaUnregisterPolicyChangeNotification
MakeSignature
OpenLsaPerformanceData
QueryContextAttributesA
QueryContextAttributesW
QueryCredentialsAttributesA
QueryCredentialsAttributesW
QuerySecurityContextToken
QuerySecurityPackageInfoA
QuerySecurityPackageInfoW
RevertSecurityContext
SaslAcceptSecurityContext
SaslEnumerateProfilesA
SaslEnumerateProfilesW
SaslGetContextOption
SaslGetProfilePackageA
SaslGetProfilePackageW
SaslIdentifyPackageA
SaslIdentifyPackageW
SaslInitializeSecurityContextA
SaslInitializeSecurityContextW
SaslSetContextOption
SealMessage
SeciAllocateAndSetCallFlags
SeciAllocateAndSetIPAddress
SeciFreeCallContext
SecpFreeMemory
SecpTranslateName
SecpTranslateNameEx
SetContextAttributesA
SetContextAttributesW
SetCredentialsAttributesA
SetCredentialsAttributesW
SspiCompareAuthIdentities
SspiCopyAuthIdentity
SspiDecryptAuthIdentity
SspiEncodeAuthIdentityAsStrings
SspiEncodeStringsAsAuthIdentity
SspiEncryptAuthIdentity
SspiExcludePackage
SspiFreeAuthIdentity
SspiGetTargetHostName
SspiIsAuthIdentityEncrypted
SspiLocalFree
SspiMarshalAuthIdentity
SspiPrepareForCredRead
SspiPrepareForCredWrite
SspiUnmarshalAuthIdentity
SspiValidateAuthIdentity
SspiZeroAuthIdentity
TranslateNameA
TranslateNameW
UnsealMessage
VerifySignature

Sections

.text
Size: 103KB - Virtual size: 103KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 33KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Job Interview/Interview.exe
.exe windows:6 windows x86 arch:x86

d89e012bb90c3e56ea22733716ecc3f1

Code Sign

33:00:00:03:f1:62:06:e3:e7:ef:da:8a:be:00:00:00:00:03:f1
Certificate

Issuer

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15-12-2020 21:24

Not After

02-12-2021 21:24

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0c:52:4c:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

06-07-2010 20:40

Not After

06-07-2025 20:50

Subject

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

1d:db:77:07:94:e2:4e:81:c1:63:71:50:db:4d:99:c3:ce:c2:a5:dd:a6:24:92:41:43:01:90:d8:4b:06:a8:c1
Signer

Actual PE Digest

1d:db:77:07:94:e2:4e:81:c1:63:71:50:db:4d:99:c3:ce:c2:a5:dd:a6:24:92:41:43:01:90:d8:4b:06:a8:c1

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\dbs\sh\odct\0629_224505_0\client\onedrive\Product\FileCoAuth\Desktop\exe\obj\i386\FileCoAuth.pdb

Imports

loggingplatform

?LoggingWriteStructuredEvent@@YGXABUStructuredEvent@@QAUStructuredEventParameter@@@Z
?LoggingRotateIfNeeded@@YGXXZ
??0StructuredEvent@@QAE@PBDH0ABU_GUID@@IIII@Z
?GetActiveHydrationsCount@QoS@@YAIXZ
?LoggingSetCommonDatapointUserId@@YGXPB_WW4UserIdType@@@Z
?GuidToString@@YG?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@ABU_GUID@@@Z
?StripPrivateInfoFromString@@YG?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@PB_W@Z
?LoggingUninitializeForExternalComponent@@YGXXZ
?GetEmptyTelemetryUsageExperimentVector@@YG?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@XZ
?LoggingSendTelemetryEvent@@YGXAAUTelemetryEvent@@QAUStructuredEventParameter@@@Z
??1TelemetryEvent@@QAE@XZ
??0TelemetryEvent@@QAE@PBD0ABU_GUID@@II00II@Z
?LoggingInitializeForExternalComponent@@YGJPB_W0_NG11W4TelemetryTransportType@@0K1@Z
?LoggingSetCommonDatapoint@@YGXPB_W0@Z
?LoggingRecordAssert@@YGXPB_W00I0_NI1@Z
?IsAnyLibraryIrmEnabled@QoS@@YA_NXZ

updateringsettings

?GetUpdateRingSettingsManager@@YGPAVIUpdateRingSettingsManager@@XZ

propsys

PropVariantToStringAlloc
PropVariantToUInt32

ntdll

NtQueryDirectoryFile
VerSetConditionMask
RtlNtStatusToDosError

kernel32

FindNextFileW
CreateEventExW
GetLongPathNameW
VerifyVersionInfoW
PostQueuedCompletionStatus
GetQueuedCompletionStatus
ReadDirectoryChangesW
CreateIoCompletionPort
CreateFileW
OpenFileById
GetFinalPathNameByHandleW
GetFileInformationByHandle
GetFileInformationByHandleEx
SetFileInformationByHandle
GetExitCodeProcess
ExpandEnvironmentStringsW
FindFirstVolumeW
FindNextVolumeW
FindVolumeClose
DeviceIoControl
GetFileSizeEx
ReadFile
GetEnvironmentVariableW
SetDllDirectoryW
GetCurrentThread
RegisterApplicationRestart
SetFilePointer
GetFileSize
GetFileType
LoadLibraryExW
GetSystemTimes
GetProcessTimes
IsDebuggerPresent
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
SetLastError
DebugBreak
SetFileAttributesW
GetFileAttributesW
CompareStringOrdinal
GetDiskFreeSpaceExW
MultiByteToWideChar
WideCharToMultiByte
SystemTimeToFileTime
CopyFileW
QueueUserWorkItem
MoveFileWithProgressW
GlobalLock
GlobalUnlock
GlobalFree
GlobalAlloc
GetDateFormatW
OpenEventW
GetLocaleInfoW
OpenMutexW
SystemTimeToTzSpecificLocalTime
UnregisterApplicationRestart
GetFileAttributesExW
DuplicateHandle
WaitForMultipleObjects
GetSystemTime
DeleteFileW
FindClose
FindFirstFileW
FreeLibrary
LoadLibraryW
GetComputerNameW
GetUserDefaultLocaleName
GetProductInfo
LCIDToLocaleName
CreateProcessW
CreateMutexW
GetSystemTimeAsFileTime
GetCurrentProcessId
TerminateProcess
MoveFileW
K32GetModuleFileNameExW
OpenProcess
GetVersionExW
LocalFree
QueryFullProcessImageNameW
GetCurrentProcess
IsWow64Process
LeaveCriticalSection
EnterCriticalSection
GetCurrentThreadId
GetModuleHandleW
GetProcessHeap
DeleteCriticalSection
GetProcAddress
DecodePointer
HeapAlloc
CreateThread
RaiseException
CloseHandle
SetEvent
GetLastError
Sleep
CreateEventW
WaitForSingleObject
InitializeCriticalSectionEx
GetModuleFileNameW
GetCommandLineW
HeapFree
FormatMessageW
InitializeSListHead
GetCurrentDirectoryW
InterlockedPushEntrySList
QueryPerformanceCounter
GetStartupInfoW
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
WaitForSingleObjectEx
ResetEvent
InitializeCriticalSectionAndSpinCount
InitOnceBeginInitialize
InitOnceComplete
OutputDebugStringW
ReleaseMutex
GetVolumeInformationW
GetDriveTypeW
GetLogicalDrives
RemoveDirectoryW
GetComputerNameExW
GetTickCount64
WerRegisterFile

user32

GetLastActivePopup
SetFocus
AllowSetForegroundWindow
GetWindowRect
PeekMessageW
MessageBoxW
TrackPopupMenu
GetSubMenu
GetDoubleClickTime
SetMenuDefaultItem
EnableMenuItem
GetMenuStringW
GetMenuItemCount
RemoveMenu
DeleteMenu
PostQuitMessage
AppendMenuW
AdjustWindowRectEx
ModifyMenuW
SendMessageTimeoutW
LoadImageW
GetIconInfo
EndDialog
IsWindow
SetForegroundWindow
FindWindowW
SendMessageW
RegisterClassW
PostThreadMessageW
CreateWindowExW
TranslateMessage
ShowWindow
CharNextW
DispatchMessageW
DestroyWindow
SetWindowPos
CharUpperW
GetMessageW
SetTimer
KillTimer
GetClassNameW
GetWindowThreadProcessId
PostMessageW
EnumWindows
GetLastInputInfo
GetProcessDefaultLayout
IsHungAppWindow
MapWindowPoints
GetWindowLongW
CloseClipboard
OpenClipboard
GetClipboardData
SetClipboardData
EmptyClipboard
SystemParametersInfoW

advapi32

SetNamedSecurityInfoW
InitializeAcl
GetAce
RegDeleteKeyExW
RegDeleteTreeW
ConvertStringSecurityDescriptorToSecurityDescriptorW
FreeSid
GetAclInformation
StartServiceW
QueryServiceConfigW
CreateWellKnownSid
ControlService
QueryServiceStatusEx
QueryServiceStatus
DeleteService
AllocateAndInitializeSid
CreateProcessAsUserW
DuplicateTokenEx
ConvertSidToStringSidW
OpenServiceW
ConvertStringSidToSidW
SetServiceStatus
RegisterServiceCtrlHandlerW
StartServiceCtrlDispatcherW
CloseServiceHandle
ChangeServiceConfig2W
ChangeServiceConfigW
CreateServiceW
OpenSCManagerW
RegUnLoadKeyW
RegLoadKeyW
RegEnumKeyW
RegCreateKeyTransactedW
SetFileSecurityW
AccessCheck
MapGenericMask
DuplicateToken
OpenThreadToken
IsValidAcl
GetNamedSecurityInfoW
AddAce
SetEntriesInAclW
AdjustTokenPrivileges
LookupPrivilegeValueW
CryptHashData
CryptReleaseContext
CryptDestroyHash
CryptGetHashParam
CryptCreateHash
CryptAcquireContextW
RegEnumValueW
CopySid
GetLengthSid
IsValidSid
GetTokenInformation
OpenProcessToken
RegDeleteValueW
RegSetValueExW
RegEnumKeyExW
RegGetValueW
RegSetKeyValueW
RegCreateKeyExW
RegQueryValueExW
RegCloseKey
RegQueryInfoKeyW
RegDeleteKeyW
RegOpenKeyExW
RegCopyTreeW
RegNotifyChangeKeyValue
GetUserNameW
CheckTokenMembership
DeleteAce

shell32

AssocCreateForClasses
SHBrowseForFolderW
SHGetPathFromIDListW
SHAppBarMessage
CommandLineToArgvW
ShellExecuteExW
ord526
SHGetFolderPathAndSubDirW
SHGetFolderPathW
SHCreateDirectoryExW
SHSetKnownFolderPath
ShellExecuteW
Shell_NotifyIconW
SHParseDisplayName
SHGetSpecialFolderPathW
SHGetKnownFolderPath
SHFileOperationW
SHCreateItemFromParsingName
SHChangeNotify

ole32

CoGetObject
CoAllowSetForegroundWindow
CoTaskMemFree
CoTaskMemAlloc
CoCreateFreeThreadedMarshaler
CoReleaseServerProcess
CoAddRefServerProcess
CoInitializeEx
CoRevokeClassObject
CoInitializeSecurity
CoRegisterClassObject
CoCreateInstance
GetRunningObjectTable
PropVariantClear
CoImpersonateClient
CoGetCallContext
CoRevertToSelf
CoUninitialize
CoCreateGuid
CoSetProxyBlanket
CoWaitForMultipleHandles
CLSIDFromString
StringFromCLSID
CoResumeClassObjects
CreateItemMoniker
CreateBindCtx
StringFromGUID2

oleaut32

LoadTypeLi
UnRegisterTypeLi
LoadRegTypeLi
GetRecordInfoFromTypeInfo
SysAllocStringByteLen
SysStringByteLen
RegisterTypeLi
SysAllocString
SysStringLen
SetErrorInfo
SafeArrayAccessData
SafeArrayUnaccessData
GetErrorInfo
SysFreeString

crypt32

CryptStringToBinaryW
CryptBinaryToStringW

rpcrt4

RpcServerUseProtseqW
UuidToStringW
RpcServerRegisterIfEx
RpcStringFreeW
RpcServerInqBindings
RpcEpRegisterW
RpcBindingVectorFree
RpcEpUnregister
RpcServerUnregisterIf
RpcServerInqCallAttributesW
RpcBindingFree
RpcBindingSetAuthInfoExW
RpcBindingFromStringBindingW
RpcStringBindingComposeW

secur32

GetUserNameExW

shlwapi

PathFileExistsW
SHCreateStreamOnFileW
SHCreateStreamOnFileEx
PathFindFileNameW
SHStrDupW
SHDeleteKeyW
SHRegCreateUSKeyW
SHGetValueW
SHRegGetUSValueW
PathStripPathW
PathStripToRootW
SHRegCloseUSKey
SHRegSetUSValueW
SHDeleteValueW
PathIsDirectoryW
PathIsDirectoryEmptyW
PathIsPrefixW
AssocCreate
PathRemoveFileSpecW
StrStrIW
UrlEscapeW
UrlCreateFromPathW
SHRegGetValueW
SHRegGetBoolUSValueW

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

wininet

InternetCheckConnectionW
InternetGetConnectedState

wtsapi32

WTSQuerySessionInformationW
WTSQueryUserToken
WTSFreeMemory
WTSEnumerateSessionsW

msvcp140

_Xtime_get_ticks
?in@?$codecvt@GDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAG3AAPAG@Z
?out@?$codecvt@GDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBG1AAPBGPAD3AAPAD@Z
??1?$codecvt@GDU_Mbstatet@@@std@@MAE@XZ
?id@?$codecvt@GDU_Mbstatet@@@std@@2V0locale@2@A
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@N@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@_J@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@H@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@P6AAAVios_base@1@AAV21@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@H@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAVios_base@1@AAV21@@Z@Z
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0?$codecvt@GDU_Mbstatet@@@std@@QAE@I@Z
?snextc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAEGXZ
?_Ipfx@?$basic_istream@_WU?$char_traits@_W@std@@@std@@QAE_N_N@Z
?sbumpc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAEGXZ
?sgetc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAEGXZ
?id@?$codecvt@_WDU_Mbstatet@@@std@@2V0locale@2@A
?_Addfac@_Locimp@locale@std@@AAEXPAVfacet@23@I@Z
?_New_Locimp@_Locimp@locale@std@@CAPAV123@ABV123@@Z
?out@?$codecvt@_WDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PB_W1AAPB_WPAD3AAPAD@Z
??0?$codecvt@_WDU_Mbstatet@@@std@@QAE@I@Z
??1?$codecvt@_WDU_Mbstatet@@@std@@MAE@XZ
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ
??4?$_Yarn@D@std@@QAEAAV01@PBD@Z
?setw@std@@YA?AU?$_Smanip@_J@1@_J@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@K@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@J@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@I@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@G@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@_N@Z
?clear@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QAEXH_N@Z
??0?$basic_iostream@_WU?$char_traits@_W@std@@@std@@QAE@PAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@@Z
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??0?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAE@PAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@_N@Z
??0?$basic_ios@_WU?$char_traits@_W@std@@@std@@IAE@XZ
?setstate@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QAEXH_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
?_Xbad_alloc@std@@YAXXZ
?_Xlength_error@std@@YAXPBD@Z
?_Xbad_function_call@std@@YAXXZ
?_Xout_of_range@std@@YAXPBD@Z
_Mtx_destroy_in_situ
_Mtx_init_in_situ
_Cnd_init_in_situ
_Cnd_destroy_in_situ
_Mtx_lock
?_Throw_C_error@std@@YAXH@Z
_Mtx_unlock
_Cnd_wait
_Cnd_broadcast
_Cnd_unregister_at_thread_exit
?__ExceptionPtrDestroy@@YAXPAX@Z
_Cnd_register_at_thread_exit
?__ExceptionPtrCopy@@YAXPAXPBX@Z
?_Rethrow_future_exception@std@@YAXVexception_ptr@1@@Z
?__ExceptionPtrToBool@@YA_NPBX@Z
?_Syserror_map@std@@YAPBDH@Z
?_Throw_future_error@std@@YAXABVerror_code@1@@Z
?__ExceptionPtrRethrow@@YAXPBX@Z
?__ExceptionPtrCurrentException@@YAXPAX@Z
?__ExceptionPtrCreate@@YAXPAX@Z
?_ReportUnobservedException@details@Concurrency@@YAXXZ
?ReportUnhandledError@_ExceptionHolder@details@Concurrency@@AAEXXZ
?__ExceptionPtrAssign@@YAXPAXPBX@Z
?_Reset@_ContextCallback@details@Concurrency@@AAEXXZ
??0task_continuation_context@Concurrency@@AAE@XZ
?GetCurrentThreadId@platform@details@Concurrency@@YAJXZ
?_Release_chore@details@Concurrency@@YAXPAU_Threadpool_chore@12@@Z
?_Schedule_chore@details@Concurrency@@YAHPAU_Threadpool_chore@12@@Z
?_CallInContext@_ContextCallback@details@Concurrency@@QBEXV?$function@$$A6AXXZ@std@@_N@Z
?_Capture@_ContextCallback@details@Concurrency@@AAEXXZ
?_LogScheduleTask@_TaskEventLogger@details@Concurrency@@QAEX_N@Z
?_LogCancelTask@_TaskEventLogger@details@Concurrency@@QAEXXZ
?_LogTaskExecutionCompleted@_TaskEventLogger@details@Concurrency@@QAEXXZ
?_LogTaskCompleted@_TaskEventLogger@details@Concurrency@@QAEXXZ
?_LogWorkItemStarted@_TaskEventLogger@details@Concurrency@@QAEXXZ
?_LogWorkItemCompleted@_TaskEventLogger@details@Concurrency@@QAEXXZ
??1?$basic_ios@_WU?$char_traits@_W@std@@@std@@UAE@XZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
?_Decref@facet@locale@std@@UAEPAV_Facet_base@3@XZ
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_ostream@_WU?$char_traits@_W@std@@@std@@UAE@XZ
?gbump@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAEXH@Z
?_Pninc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAEPA_WXZ
??1?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UAE@XZ
??1?$basic_iostream@_WU?$char_traits@_W@std@@@std@@UAE@XZ
?getloc@ios_base@std@@QBE?AVlocale@2@XZ
?_Incref@facet@locale@std@@UAEXXZ
?uncaught_exception@std@@YA_NXZ
?_Init@locale@std@@CAPAV_Locimp@12@_N@Z
?sputc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAEG_W@Z
??1_Lockit@std@@QAE@XZ
??0_Lockit@std@@QAE@H@Z
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ
??Bid@locale@std@@QAEIXZ
?_Getcat@?$ctype@_W@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?id@?$ctype@_W@std@@2V0locale@2@A
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?_Unlock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UAEXXZ
?_Lock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UAEXXZ
?widen@?$ctype@_W@std@@QBE_WD@Z
?sync@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEHXZ
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?xsputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAE_JPB_W_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEPAV12@PAD_J@Z
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEXABVlocale@2@@Z
?showmanyc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAE_JXZ
?uflow@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEGXZ
?xsgetn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAE_JPA_W_J@Z
?setbuf@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEPAV12@PA_W_J@Z
?imbue@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEXABVlocale@2@@Z
?sputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAE_JPB_W_J@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
??0?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAE@XZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?_Osfx@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEXXZ
?flush@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV12@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z

userenv

GetDefaultUserProfileDirectoryW
CreateEnvironmentBlock

vcruntime140

__current_exception
memset
memmove
wcsstr
__current_exception_context
__std_exception_copy
__std_terminate
_purecall
__CxxFrameHandler3
memcpy
_CxxThrowException
__std_exception_destroy
__std_type_info_compare
_except_handler4_common
memcmp

api-ms-win-crt-heap-l1-1-0

_callnewh
malloc
_set_new_mode
free

api-ms-win-crt-string-l1-1-0

towupper
wcscat_s
wcscpy_s
isxdigit
wcscspn
_wcsicmp
wcsncpy_s
wcstok_s
iswxdigit
iswspace
isalnum
towlower
strncmp
_wcsdup
_strnicmp

api-ms-win-crt-runtime-l1-1-0

_invalid_parameter_noinfo_noreturn
_initialize_onexit_table
abort
terminate
_register_onexit_function
_errno
_initterm_e
_crt_atexit
_cexit
_controlfp_s
_seh_filter_exe
_register_thread_local_exe_atexit_callback
_c_exit
_set_app_type
_exit
exit
_initterm
_get_wide_winmain_command_line
_initialize_wide_environment
_configure_wide_argv

api-ms-win-crt-time-l1-1-0

_time64
_localtime64_s

api-ms-win-crt-convert-l1-1-0

atof
strtoull
atol
strtoll
_strtod_l
_wtoi

api-ms-win-crt-locale-l1-1-0

_configthreadlocale
_free_locale
_create_locale

api-ms-win-crt-stdio-l1-1-0

fclose
__p__commode
_set_fmode
__stdio_common_vswprintf
_wfopen_s

api-ms-win-crt-math-l1-1-0

ceil
__setusermatherr

gdi32

GetObjectW

Sections

.text
Size: 323KB - Virtual size: 322KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 136KB - Virtual size: 136KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 26KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 58KB - Virtual size: 58KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 29KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Job Interview/LoggingPlatform.dll
.dll windows:6 windows x86 arch:x86

c4217bcf28c427e746fd876322b449a0

Code Sign

33:00:00:03:f1:62:06:e3:e7:ef:da:8a:be:00:00:00:00:03:f1
Certificate

Issuer

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15-12-2020 21:24

Not After

02-12-2021 21:24

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0c:52:4c:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

06-07-2010 20:40

Not After

06-07-2025 20:50

Subject

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

c2:9c:91:65:1e:e1:a8:d6:29:28:cd:54:80:41:ea:9c:ea:58:31:eb:6c:2c:e0:b9:b8:6e:74:64:1a:bb:38:a3
Signer

Actual PE Digest

c2:9c:91:65:1e:e1:a8:d6:29:28:cd:54:80:41:ea:9c:ea:58:31:eb:6c:2c:e0:b9:b8:6e:74:64:1a:bb:38:a3

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\dbs\sh\odct\0629_224505_0\client\onedrive\Product\Logging\dll\obj\i386\LoggingPlatform.pdb

Imports

kernel32

GetFileInformationByHandle
GetFileInformationByHandleEx
SetFileInformationByHandle
CompareStringOrdinal
GetFileAttributesW
GetExitCodeProcess
ExpandEnvironmentStringsW
FindFirstVolumeW
FindNextVolumeW
FindVolumeClose
GetFileSizeEx
ReadFile
GetEnvironmentVariableW
GetCommandLineW
CopyFileW
SetDllDirectoryW
ReleaseMutex
RegisterApplicationRestart
SetFilePointer
GetFileSize
GetFileType
LoadLibraryExW
GetFinalPathNameByHandleW
GetProcessTimes
IsDebuggerPresent
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
SetLastError
OpenFileById
InterlockedPushEntrySList
OutputDebugStringW
InitializeSListHead
DisableThreadLibraryCalls
QueryPerformanceCounter
CreateEventW
WaitForSingleObjectEx
ResetEvent
SetEvent
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
CreateIoCompletionPort
ReadDirectoryChangesW
GetQueuedCompletionStatus
PostQueuedCompletionStatus
GetDiskFreeSpaceExW
VerifyVersionInfoW
VerSetConditionMask
DeleteCriticalSection
InitializeCriticalSectionEx
MultiByteToWideChar
WideCharToMultiByte
IsWow64Process
CreateProcessW
CreateMutexW
GetProcessHeap
HeapAlloc
HeapFree
GetModuleFileNameW
GetModuleHandleW
GetCurrentProcess
GetSystemTimeAsFileTime
WaitForSingleObject
TerminateProcess
Sleep
MoveFileW
K32GetModuleFileNameExW
OpenProcess
LocalFree
FreeLibrary
GetProcAddress
LoadLibraryW
FindClose
FindNextFileW
FindFirstFileW
DeviceIoControl
CompareFileTime
DeleteFileW
CreateDirectoryW
WerUnregisterFile
WerRegisterFile
WriteFile
CloseHandle
SetFileTime
SystemTimeToFileTime
GetSystemTime
GetLastError
CreateFileW
GetCurrentThreadId
UnhandledExceptionFilter
GetSystemTimes
GetCurrentProcessId

user32

SendMessageTimeoutW
DestroyWindow
DispatchMessageW
TranslateMessage
ShowWindow
GetMessageW
CreateWindowExW
GetClassNameW
EnumWindows
RegisterClassW
PostMessageW
GetWindowThreadProcessId

advapi32

RegEnumKeyW
CryptAcquireContextW
RegDeleteKeyExW
RegDeleteTreeW
ConvertStringSecurityDescriptorToSecurityDescriptorW
FreeSid
GetAclInformation
StartServiceW
QueryServiceConfigW
CreateWellKnownSid
ControlService
QueryServiceStatusEx
QueryServiceStatus
DeleteService
SetNamedSecurityInfoW
SetEntriesInAclW
AllocateAndInitializeSid
GetNamedSecurityInfoW
CreateProcessAsUserW
DuplicateTokenEx
ConvertSidToStringSidW
OpenServiceW
SetServiceStatus
RegisterServiceCtrlHandlerW
StartServiceCtrlDispatcherW
CloseServiceHandle
ChangeServiceConfig2W
ChangeServiceConfigW
CreateServiceW
OpenSCManagerW
RegUnLoadKeyW
RegLoadKeyW
CryptDestroyHash
RegCreateKeyTransactedW
SetFileSecurityW
AdjustTokenPrivileges
LookupPrivilegeValueW
RegEnumValueW
GetTokenInformation
OpenProcessToken
RegDeleteValueW
RegQueryValueExW
RegSetValueExW
RegEnumKeyExW
RegQueryInfoKeyW
RegOpenKeyExW
RegGetValueW
RegCloseKey
RegSetKeyValueW
RegCreateKeyExW
CryptGetHashParam
CryptHashData
CryptCreateHash
CryptReleaseContext

shell32

SHCreateDirectoryExW
SHGetKnownFolderPath
SHGetSpecialFolderPathW
SHFileOperationW
SHChangeNotify
CommandLineToArgvW
SHCreateItemFromParsingName
SHGetFolderPathW
SHGetFolderPathAndSubDirW
ord526
ShellExecuteExW

ole32

CoCreateInstance
CoCreateGuid
CoCreateFreeThreadedMarshaler
StringFromGUID2
CoSetProxyBlanket
CoInitializeEx
CoUninitialize
CoTaskMemFree
StringFromCLSID

oleaut32

SysAllocStringByteLen
SysStringByteLen
SysAllocString
GetRecordInfoFromTypeInfo
LoadRegTypeLi
LoadTypeLi
SysFreeString
SetErrorInfo
SysStringLen
GetErrorInfo

crypt32

CryptBinaryToStringW
CryptStringToBinaryW

rpcrt4

RpcBindingSetAuthInfoExW
RpcBindingFromStringBindingW
RpcStringBindingComposeW
RpcBindingFree
RpcServerInqCallAttributesW
RpcServerUnregisterIf
RpcEpUnregister
RpcBindingVectorFree
RpcEpRegisterW
RpcServerInqBindings
RpcServerUseProtseqW
RpcStringFreeW
UuidToStringW
UuidCreate
RpcServerRegisterIfEx

secur32

GetUserNameExW

shlwapi

PathIsRelativeW
PathFileExistsW
PathIsDirectoryW
SHGetValueW
PathStripPathW
SHRegGetBoolUSValueW
SHRegGetValueW
SHCreateStreamOnFileW
PathIsPrefixW

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

wininet

InternetCheckConnectionW

ws2_32

accept
send
setsockopt
bind
htonl
WSAGetLastError
htons
socket
WSAStartup
closesocket
listen

wtsapi32

WTSQuerySessionInformationW
WTSQueryUserToken
WTSEnumerateSessionsW
WTSFreeMemory

msvcp140

??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@P6AAAVios_base@1@AAV21@@Z@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@K@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@J@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@_N@Z
?in@?$codecvt@GDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAG3AAPAG@Z
?out@?$codecvt@GDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBG1AAPBGPAD3AAPAD@Z
??0?$codecvt@GDU_Mbstatet@@@std@@QAE@I@Z
??1?$codecvt@GDU_Mbstatet@@@std@@MAE@XZ
?id@?$codecvt@GDU_Mbstatet@@@std@@2V0locale@2@A
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@N@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@_J@Z
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QAE_N_N@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@K@Z
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEXABVlocale@2@@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEPAV12@PAD_J@Z
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UAE@XZ
_Query_perf_frequency
_Query_perf_counter
?_Random_device@std@@YAIXZ
_Cnd_wait
_Cnd_do_broadcast_at_thread_exit
_Mtx_current_owns
_Cnd_timedwait
_Thrd_id
_Thrd_join
?_Throw_Cpp_error@std@@YAXH@Z
_Cnd_broadcast
_Cnd_destroy_in_situ
_Cnd_init_in_situ
?put@?$time_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@QBE?AV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@2@V32@AAVios_base@2@_WPBUtm@@PB_W4@Z
?_Getcat@?$time_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?id@?$time_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@2V0locale@2@A
?widen@?$ctype@_W@std@@QBE_WD@Z
?getloc@ios_base@std@@QBE?AVlocale@2@XZ
?id@?$ctype@_W@std@@2V0locale@2@A
?_Getcat@?$ctype@_W@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?_Xinvalid_argument@std@@YAXPBD@Z
_Mtx_trylock
?_Xbad_function_call@std@@YAXXZ
?seekg@?$basic_istream@_WU?$char_traits@_W@std@@@std@@QAEAAV12@_JH@Z
??0?$basic_istream@_WU?$char_traits@_W@std@@@std@@QAE@PAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@_N@Z
??0?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAE@PAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@_N@Z
?clear@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QAEXH_N@Z
?_Gndec@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAEPA_WXZ
?_Init@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAEXXZ
?_Xlength_error@std@@YAXPBD@Z
_Xtime_get_ticks
?out@?$codecvt@_WDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PB_W1AAPB_WPAD3AAPAD@Z
?_Xbad_alloc@std@@YAXXZ
_Mtx_destroy_in_situ
_Mtx_init_in_situ
_Mtx_unlock
_Mtx_lock
?_Throw_C_error@std@@YAXH@Z
??1?$codecvt@_WDU_Mbstatet@@@std@@MAE@XZ
?_Decref@facet@locale@std@@UAEPAV_Facet_base@3@XZ
?_Init@locale@std@@CAPAV_Locimp@12@_N@Z
?_Incref@facet@locale@std@@UAEXXZ
??Bid@locale@std@@QAEIXZ
??0?$codecvt@_WDU_Mbstatet@@@std@@QAE@I@Z
?_Xout_of_range@std@@YAXPBD@Z
??4?$_Yarn@D@std@@QAEAAV01@PBD@Z
?_New_Locimp@_Locimp@locale@std@@CAPAV123@ABV123@@Z
?_Addfac@_Locimp@locale@std@@AAEXPAVfacet@23@I@Z
?id@?$codecvt@_WDU_Mbstatet@@@std@@2V0locale@2@A
?uncaught_exception@std@@YA_NXZ
?sputc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAEG_W@Z
?sgetc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAEGXZ
?sbumpc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAEGXZ
?sputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAE_JPB_W_J@Z
?widen@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QBE_WD@Z
?put@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV12@_W@Z
?snextc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAEGXZ
?_Osfx@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEXXZ
?flush@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV12@XZ
?_Ipfx@?$basic_istream@_WU?$char_traits@_W@std@@@std@@QAE_N_N@Z
?setstate@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QAEXH_N@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@H@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@I@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@_J@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@M@Z
?seekg@?$basic_istream@_WU?$char_traits@_W@std@@@std@@QAEAAV12@V?$fpos@U_Mbstatet@@@2@@Z
?tellg@?$basic_istream@_WU?$char_traits@_W@std@@@std@@QAE?AV?$fpos@U_Mbstatet@@@2@XZ
??1?$basic_ios@_WU?$char_traits@_W@std@@@std@@UAE@XZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UAE@XZ
?gbump@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAEXH@Z
?_Pninc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAEPA_WXZ
??1?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UAE@XZ
??1?$basic_iostream@_WU?$char_traits@_W@std@@@std@@UAE@XZ
??1_Lockit@std@@QAE@XZ
??0_Lockit@std@@QAE@H@Z
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ
?uflow@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEGXZ
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?always_noconv@codecvt_base@std@@QBE_NXZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?_Fiopen@std@@YAPAU_iobuf@@PBDHH@Z
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?_Unlock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UAEXXZ
?_Lock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UAEXXZ
?sync@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEHXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
?showmanyc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAE_JXZ
?xsgetn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAE_JPA_W_J@Z
?xsputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAE_JPB_W_J@Z
?setbuf@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEPAV12@PA_W_J@Z
?imbue@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEXABVlocale@2@@Z
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QBE?AVlocale@2@XZ
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PAD1AAPAD@Z
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXXZ
??0?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAE@XZ
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?in@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z
?_Gndec@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
??0?$basic_ios@_WU?$char_traits@_W@std@@@std@@IAE@XZ
??0?$basic_iostream@_WU?$char_traits@_W@std@@@std@@QAE@PAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@@Z
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@P6AAAVios_base@1@AAV21@@Z@Z
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@AAM@Z
??1?$basic_ostream@_WU?$char_traits@_W@std@@@std@@UAE@XZ
?in@?$codecvt@_WDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPA_W3AAPA_W@Z
??1?$basic_istream@_WU?$char_traits@_W@std@@@std@@UAE@XZ
?unshift@?$codecvt@_WDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PAD1AAPAD@Z
?_Getcat@?$codecvt@_WDU_Mbstatet@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?_Fiopen@std@@YAPAU_iobuf@@PB_WHH@Z
?getloc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QBE?AVlocale@2@XZ

userenv

GetDefaultUserProfileDirectoryW
CreateEnvironmentBlock

vcruntime140

__std_type_info_destroy_list
memset
__std_exception_destroy
_CxxThrowException
_except_handler4_common
__current_exception_context
__current_exception
wcsstr
wcsrchr
strrchr
memmove
__RTDynamicCast
memcmp
memcpy
__CxxFrameHandler3
__std_terminate
__std_exception_copy
_purecall

api-ms-win-crt-runtime-l1-1-0

_invalid_parameter_noinfo_noreturn
_invalid_parameter_noinfo
terminate
_beginthreadex
_initterm_e
_initterm
_errno
_cexit
_crt_atexit
_execute_onexit_table
_register_onexit_function
_initialize_onexit_table
_initialize_narrow_environment
_configure_narrow_argv
_seh_filter_dll

api-ms-win-crt-stdio-l1-1-0

setvbuf
__stdio_common_vsprintf_s
fsetpos
fgetwc
__stdio_common_vswscanf
_wfopen_s
fgetc
fclose
fputwc
fputc
ungetc
_fseeki64
fflush
ungetwc
fwrite
__stdio_common_vswprintf
__stdio_common_vswprintf_s
fread
fgetpos
_get_stream_buffer_pointers

api-ms-win-crt-heap-l1-1-0

_callnewh
free
malloc

api-ms-win-crt-string-l1-1-0

isxdigit
_wcsicmp
tolower
iswspace
_wcsdup
towupper

api-ms-win-crt-time-l1-1-0

_localtime64_s
_gmtime64_s
_time64

api-ms-win-crt-filesystem-l1-1-0

_wrename
_lock_file
_wstat64
_unlock_file
_wremove

api-ms-win-crt-convert-l1-1-0

_strtod_l
atof
atol
wcstoll
wcstol
strtoll
_wtoi

api-ms-win-crt-math-l1-1-0

log2
ceil

api-ms-win-crt-locale-l1-1-0

_create_locale
_free_locale

Exports

Exports

??0IScenario@ScenarioTracking@@QAE@ABV01@@Z
??0IScenario@ScenarioTracking@@QAE@XZ
??0ScenarioBase@ScenarioTracking@@QAE@ABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z
??0Scope@ScenarioTracking@@QAE@V?$shared_ptr@VIScenario@ScenarioTracking@@@std@@@Z
??0StructuredEvent@@QAE@PBDH0ABU_GUID@@IIII@Z
??0SuppressTransferScope@ScenarioTracking@@QAE@XZ
??0TelemetryEvent@@QAE@PBD0ABU_GUID@@II00II@Z
??0TransferScope@ScenarioTracking@@QAE@QBVITrace@1@@Z
??0TransferScope@ScenarioTracking@@QAE@V?$unique_ptr@VITrace@ScenarioTracking@@U?$default_delete@VITrace@ScenarioTracking@@@std@@@std@@@Z
??1IScenario@ScenarioTracking@@UAE@XZ
??1ScenarioBase@ScenarioTracking@@UAE@XZ
??1Scope@ScenarioTracking@@QAE@XZ
??1SuppressTransferScope@ScenarioTracking@@QAE@XZ
??1TelemetryEvent@@QAE@XZ
??1TransferScope@ScenarioTracking@@QAE@XZ
??4IScenario@ScenarioTracking@@QAEAAV01@ABV01@@Z
??_7IScenario@ScenarioTracking@@6B@
?ApplyScenarioImplicitParameters@ScenarioTracking@@YGXPB_WABV?$function@$$A6GXPBDV?$variant@PBDPB_WHI_J_K_N@std@@@Z@std@@@Z
?ApplyScenarioTracking@ScenarioTracking@@YGXABV?$function@$$A6GXPBDV?$variant@PBDPB_WHI_J_K_N@std@@@Z@std@@@Z
?AssignLoggingSession@@YGXABV?$shared_ptr@VILoggingSession@@@std@@_N@Z
?CaptureTrace@ScenarioTracking@@YG?AV?$unique_ptr@VITrace@ScenarioTracking@@U?$default_delete@VITrace@ScenarioTracking@@@std@@@std@@XZ
?ClassifyScenarioOutcome@FailuresClassification@@YG?AW4Outcome@QoS@@PB_WW423@K@Z
?ClearLoggingSession@@YGXXZ
?ConvertOutcomeToResultType@QoS@@YGPB_WW4Outcome@1@@Z
?ConvertResultTypeToOutcome@QoS@@YG?AW4Outcome@1@PB_W@Z
?CreateBinaryLoggingSession@@YGPAVILoggingSession@@XZ
?CreateRemoteDebugServer@@YGPAVIRemoteDebugServer@@_NG@Z
?DecrementActiveHydrationsCount@QoS@@YAXXZ
?FlushObfuscationTableToDisk@@YGXXZ
?GetActiveHydrationsCount@QoS@@YAIXZ
?GetApplicationPropertyId@QoS@@YA?AW4Id@PropertyId@TelemetryConstants@@XZ
?GetCurrentTraceId@ScenarioTracking@@YGIXZ
?GetDefaultLoggingPath@@YGJAAV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@ABV12@@Z
?GetDuration@ScenarioBase@ScenarioTracking@@UAE?AV?$duration@_JU?$ratio@$00$0DOI@@std@@@chrono@std@@XZ
?GetEmptyTelemetryUsageExperimentVector@@YG?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@XZ
?GetErrorType@QoS@@YG?AW4Type@ErrorType@TelemetryConstants@@JI@Z
?GetErrorType@QoS@@YG?AW4Type@ErrorType@TelemetryConstants@@JIABV?$set@IU?$less@I@std@@V?$allocator@I@2@@std@@@Z
?GetId@ScenarioBase@ScenarioTracking@@UAE?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@XZ
?GetInstance@Telemetry@@CGPAV1@XZ
?GetLoggingSession@@YG?AV?$shared_ptr@VILoggingSession@@@std@@XZ
?GetName@ScenarioBase@ScenarioTracking@@UAE?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@XZ
?GetResultType@QoS@@YAPB_WJI@Z
?GetResultType@QoS@@YAPB_WW4Type@ErrorType@TelemetryConstants@@@Z
?GetTelemetryUsageExperimentVector@@YG?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@W4ExperimentType@@PB_W11@Z
?GetValueTranslation@TelemetryEvent@@QAEP6G?AV?$variant@Umonostate@std@@PBDH@std@@ABTStructuredEventData@@@ZI@Z
?GuidToString@@YG?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@ABU_GUID@@@Z
?IncrementActiveHydrationsCount@QoS@@YAXXZ
?InsertIntoIrmEnabledLibrarySet@QoS@@YAXABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z
?IsAnyLibraryIrmEnabled@QoS@@YA_NXZ
?IsRecorded@ScenarioBase@ScenarioTracking@@UAE_NXZ
?LoggingAddToMultiValueCommonDatapoint@@YGXPB_W0@Z
?LoggingGetCallbackCount@@YGIXZ
?LoggingInitializeForExternalComponent@@YGJPB_W0_NG11W4TelemetryTransportType@@0K1@Z
?LoggingReconfigure@@YGXPAVIUpdateRingSettingsManager@@@Z
?LoggingRecordAssert@@YGXPB_W000I0_NI1@Z
?LoggingRecordAssert@@YGXPB_W00I0_NI1@Z
?LoggingRecordUnexpectedCrash@@YGXABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@0K@Z
?LoggingRegisterCallback@@YG_KP6GXPAXPBDI1ABU_GUID@@IIIQAUStructuredEventParameter@@@Z0@Z
?LoggingRemoveFromMultiValueCommonDatapoint@@YGXPB_W0@Z
?LoggingResetAccountSpecificCommonDatapoints@@YGXXZ
?LoggingResetTelemetryLevelsToDefault@@YGXXZ
?LoggingRotate@@YGXXZ
?LoggingRotateIfNeeded@@YGXXZ
?LoggingSanitizeFilename@@YG?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@PBD@Z
?LoggingSendTelemetryEvent@@YGXAAUTelemetryEvent@@QAUStructuredEventParameter@@@Z
?LoggingSetCommonDatapoint@@YGXPB_W0@Z
?LoggingSetCommonDatapointUserId@@YGXPB_WW4UserIdType@@@Z
?LoggingSetExperimentSetupData@@YGXPBDIQAUExperimentSetupData@@I1@Z
?LoggingSetLoggingPrivacyLevel@@YGXW4LoggingPrivacyLevel@@@Z
?LoggingSetTelemetryLevelEnabled@@YGXI_N@Z
?LoggingShouldSample@@YG_NN@Z
?LoggingSwitchTelemetryPipeline@@YGXW4TelemetryTransportType@@_N@Z
?LoggingUninitializeForExternalComponent@@YGXXZ
?LoggingUnregisterCallback@@YGX_K@Z
?LoggingWriteDebugString@@YAXHPBDI0_NPB_WZZ
?LoggingWriteDeviceFailureDatagramEntry@@YGXPB_W0@Z
?LoggingWriteFormatString@@YAXHPBDI0_NPB_WZZ
?LoggingWriteFormatStringEx@@YGXHHPBDI0_NPB_WPAD@Z
?LoggingWriteStructuredEvent@@YGXABUStructuredEvent@@QAUStructuredEventParameter@@@Z
?LoggingWriteStructuredEvent@@YGXPBDI0ABU_GUID@@IIIQAUStructuredEventParameter@@@Z
?MarkScenarioReported@ScenarioTracking@@YGXPB_W@Z
?NarrowStringToWideString@@YG?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@PBD@Z
?ObserveTrace@ScenarioTracking@@YGPAVITrace@1@XZ
?OneDriveAssertWorker@@YAXPB_WW4OneDriveAssertType@@0I000ZZ
?OutcomeToTelemetryValue@QoS@@YG?AV?$variant@Umonostate@std@@PBDH@std@@ABTStructuredEventData@@@Z
?OverrideAsserts@@YGXP6GXPB_W000I0_N@Z@Z
?Record@ScenarioBase@ScenarioTracking@@UAEXXZ
?Register@FailuresClassification@@YGX$$QAV?$function@$$A6G?AW4Outcome@QoS@@PB_WW412@K@Z@std@@@Z
?RegisterSensitiveRootPath@@YGXPB_W0@Z
?RemoveFromIrmEnabledLibrarySet@QoS@@YAXABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z
?RemovePrivateInfo@@YGXAAV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z
?ReportExternalAssert@@YGXPB_W_N0I0@Z
?ReportUnrecordedScenario@ScenarioTracking@@YGXAAVIScenario@1@@Z
?Reset@FailuresClassification@@YGXXZ
?SetApplicationId@QoS@@YAXI@Z
?SetValueTranslation@TelemetryEvent@@SGXPAU1@IP6G?AV?$variant@Umonostate@std@@PBDH@std@@ABTStructuredEventData@@@Z@Z
?SizeUnknown@QoS@@YGIXZ
?StartScenario@ScenarioTracking@@YG?AV?$shared_ptr@VIScenario@ScenarioTracking@@@std@@ABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@3@@Z
?StripPrivateInfoFromString@@YG?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@PB_W@Z
?UnregisterSensitiveRootPath@@YGXPB_W@Z
?UpdateExperimentalAriaRampAPI@@YGX_N@Z
?UpdateOfficePrivacyRamp@@YGX_N@Z
?UpdateTelemetryTransmissionProfile@@YGXPBD_N@Z
?WideStringToNarrowString@@YG?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@PB_W@Z
?g_ODHasFatallyAsserted@@3_NA
?g_assertLogger@@3P6GXPB_W000I0_N@ZA
?g_catchAssertCallbackInvoked@@3HA
?initAssertLogger@@YGXP6GXPB_W000I0_N@Z@Z
InitLogging
UninitLogging
_TestInitLogging@4
_TestInitLoggingEx@20
_TestUninitLogging@0

Sections

.text
Size: 289KB - Virtual size: 288KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 115KB - Virtual size: 115KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Job Interview/Pane Icons/grid-b.png
.png
Job Interview/Pane Icons/grid-w.png
.png
Job Interview/Pane Icons/logout-b.png
.png
Job Interview/Pane Icons/logout-w.png
.png
Job Interview/Pane Icons/phone-b.png
.png
Job Interview/Pane Icons/phone-w.png
.png
Job Interview/Pane Icons/question-b.png
.png
Job Interview/Pane Icons/question-w.png
.png
Job Interview/UpdateRingSettings.dll
.dll windows:6 windows x86 arch:x86

8f4151e2b47c8157fda35112fe040b85

Code Sign

33:00:00:03:f1:62:06:e3:e7:ef:da:8a:be:00:00:00:00:03:f1
Certificate

Issuer

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15-12-2020 21:24

Not After

02-12-2021 21:24

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0c:52:4c:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

06-07-2010 20:40

Not After

06-07-2025 20:50

Subject

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

dd:e0:ef:0f:e2:09:fe:09:e6:90:7b:58:a6:dc:ca:a9:ea:1b:cd:23:9d:5c:bd:b2:11:06:58:88:e2:9d:e4:6c
Signer

Actual PE Digest

dd:e0:ef:0f:e2:09:fe:09:e6:90:7b:58:a6:dc:ca:a9:ea:1b:cd:23:9d:5c:bd:b2:11:06:58:88:e2:9d:e4:6c

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\dbs\sh\odct\0629_224505_0\client\onedrive\Product\UpdateRingSettings\dll\obj\i386\UpdateRingSettings.pdb

Imports

loggingplatform

?LoggingWriteStructuredEvent@@YGXABUStructuredEvent@@QAUStructuredEventParameter@@@Z
?LoggingSetCommonDatapoint@@YGXPB_W0@Z
?WideStringToNarrowString@@YG?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@PB_W@Z
?NarrowStringToWideString@@YG?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@PBD@Z
??0TelemetryEvent@@QAE@PBD0ABU_GUID@@II00II@Z
??1TelemetryEvent@@QAE@XZ
?LoggingSendTelemetryEvent@@YGXAAUTelemetryEvent@@QAUStructuredEventParameter@@@Z
?LoggingSetExperimentSetupData@@YGXPBDIQAUExperimentSetupData@@I1@Z
??0StructuredEvent@@QAE@PBDH0ABU_GUID@@IIII@Z
?LoggingRotateIfNeeded@@YGXXZ

kernel32

FindNextVolumeW
FindVolumeClose
DeviceIoControl
GetFileSizeEx
ReadFile
GetEnvironmentVariableW
GetCommandLineW
CopyFileW
SetDllDirectoryW
ReleaseMutex
RegisterApplicationRestart
SetFilePointer
GetFileSize
GetFileType
LoadLibraryExW
GetSystemTimes
GetProcessTimes
IsDebuggerPresent
FindFirstVolumeW
DeleteCriticalSection
VerSetConditionMask
VerifyVersionInfoW
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
GetLongPathNameW
SetLastError
ExpandEnvironmentStringsW
InterlockedPushEntrySList
OutputDebugStringW
InitializeSListHead
DisableThreadLibraryCalls
GetCurrentThreadId
QueryPerformanceCounter
CreateEventW
WaitForSingleObjectEx
ResetEvent
SetEvent
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
IsProcessorFeaturePresent
GetExitCodeProcess
GetFileAttributesW
CompareStringOrdinal
SetFileInformationByHandle
GetFileInformationByHandleEx
GetFileInformationByHandle
GetFinalPathNameByHandleW
OpenFileById
CreateFileW
CreateIoCompletionPort
ReadDirectoryChangesW
GetQueuedCompletionStatus
PostQueuedCompletionStatus
GetDiskFreeSpaceExW
MultiByteToWideChar
WideCharToMultiByte
GetSystemTime
DeleteFileW
FindClose
FindFirstFileW
FreeLibrary
LoadLibraryW
IsWow64Process
CreateProcessW
CreateMutexW
GetProcessHeap
HeapAlloc
HeapFree
GetModuleFileNameW
GetModuleHandleW
GetProcAddress
GetCurrentProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
WaitForSingleObject
TerminateProcess
Sleep
GetLastError
MoveFileW
CloseHandle
K32GetModuleFileNameExW
OpenProcess
LocalFree
InitializeCriticalSectionEx
SetUnhandledExceptionFilter
UnhandledExceptionFilter
AcquireSRWLockShared
AcquireSRWLockExclusive
ReleaseSRWLockShared
ReleaseSRWLockExclusive

user32

GetClassNameW
GetWindowThreadProcessId
PostMessageW
SendMessageTimeoutW
ShowWindow
GetMessageW
CreateWindowExW
DestroyWindow
EnumWindows
DispatchMessageW
TranslateMessage
RegisterClassW

advapi32

RegCreateKeyExW
RegSetKeyValueW
RegDeleteKeyExW
RegDeleteTreeW
ConvertStringSecurityDescriptorToSecurityDescriptorW
FreeSid
GetAclInformation
StartServiceW
QueryServiceConfigW
CreateWellKnownSid
ControlService
QueryServiceStatusEx
QueryServiceStatus
DeleteService
SetNamedSecurityInfoW
SetEntriesInAclW
AllocateAndInitializeSid
GetNamedSecurityInfoW
CreateProcessAsUserW
DuplicateTokenEx
ConvertSidToStringSidW
OpenServiceW
SetServiceStatus
RegisterServiceCtrlHandlerW
StartServiceCtrlDispatcherW
CloseServiceHandle
ChangeServiceConfig2W
ChangeServiceConfigW
CreateServiceW
OpenSCManagerW
RegUnLoadKeyW
RegLoadKeyW
RegEnumKeyW
RegCreateKeyTransactedW
SetFileSecurityW
AdjustTokenPrivileges
LookupPrivilegeValueW
CryptHashData
CryptReleaseContext
CryptDestroyHash
CryptGetHashParam
CryptCreateHash
CryptAcquireContextW
RegEnumValueW
GetTokenInformation
OpenProcessToken
RegDeleteValueW
RegQueryValueExW
RegSetValueExW
RegEnumKeyExW
RegQueryInfoKeyW
RegOpenKeyExW
RegGetValueW
RegCloseKey

shell32

SHGetFolderPathAndSubDirW
ShellExecuteExW
SHChangeNotify
SHGetFolderPathW
SHGetSpecialFolderPathW
SHGetKnownFolderPath
SHFileOperationW
ord526
SHCreateItemFromParsingName
SHCreateDirectoryExW
CommandLineToArgvW

ole32

CoCreateInstance
CoTaskMemFree
StringFromCLSID
CoCreateFreeThreadedMarshaler
StringFromGUID2
CLSIDFromString
CoSetProxyBlanket
CoInitializeEx
CoUninitialize
CoCreateGuid

oleaut32

GetErrorInfo
SysStringLen
SetErrorInfo
LoadTypeLi
LoadRegTypeLi
GetRecordInfoFromTypeInfo
SysFreeString
SysAllocString
SysAllocStringByteLen
SysStringByteLen

crypt32

CryptStringToBinaryW
CryptBinaryToStringW

rpcrt4

RpcServerRegisterIfEx
RpcServerUseProtseqW
RpcServerInqBindings
RpcEpRegisterW
RpcBindingVectorFree
RpcEpUnregister
RpcServerUnregisterIf
RpcServerInqCallAttributesW
RpcBindingFree
RpcStringBindingComposeW
RpcBindingFromStringBindingW
RpcStringFreeW
RpcBindingSetAuthInfoExW

secur32

GetUserNameExW

shlwapi

SHRegGetValueW
PathRemoveFileSpecW
StrStrIW
SHRegGetBoolUSValueW
PathStripPathW
SHGetValueW
SHCreateStreamOnFileW
PathFileExistsW
PathIsPrefixW

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

wininet

InternetCheckConnectionW

wtsapi32

WTSQueryUserToken
WTSQuerySessionInformationW
WTSFreeMemory
WTSEnumerateSessionsW

msvcp140

??1?$codecvt@GDU_Mbstatet@@@std@@MAE@XZ
?id@?$codecvt@GDU_Mbstatet@@@std@@2V0locale@2@A
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@N@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@_J@Z
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?out@?$codecvt@GDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBG1AAPBGPAD3AAPAD@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@P6AAAVios_base@1@AAV21@@Z@Z
?_Addfac@_Locimp@locale@std@@AAEXPAVfacet@23@I@Z
?_New_Locimp@_Locimp@locale@std@@CAPAV123@ABV123@@Z
?in@?$codecvt@GDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAG3AAPAG@Z
??0?$codecvt@GDU_Mbstatet@@@std@@QAE@I@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@H@Z
??4?$_Yarn@D@std@@QAEAAV01@PBD@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@K@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@J@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@I@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@G@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@_N@Z
?clear@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QAEXH_N@Z
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UAE@XZ
?_Xbad_function_call@std@@YAXXZ
??0?$basic_istream@_WU?$char_traits@_W@std@@@std@@QAE@PAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@_N@Z
?snextc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAEGXZ
?_Ipfx@?$basic_istream@_WU?$char_traits@_W@std@@@std@@QAE_N_N@Z
?sbumpc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAEGXZ
?sgetc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAEGXZ
??1?$basic_istream@_WU?$char_traits@_W@std@@@std@@UAE@XZ
_Query_perf_frequency
_Query_perf_counter
??0?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAE@PAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@_N@Z
??1?$basic_ostream@_WU?$char_traits@_W@std@@@std@@UAE@XZ
_Mtx_unlock
??0facet@locale@std@@IAE@I@Z
??1facet@locale@std@@MAE@XZ
?_Xlength_error@std@@YAXPBD@Z
??1?$basic_ios@_WU?$char_traits@_W@std@@@std@@UAE@XZ
?_Xout_of_range@std@@YAXPBD@Z
?_Xinvalid_argument@std@@YAXPBD@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
?_Decref@facet@locale@std@@UAEPAV_Facet_base@3@XZ
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UAE@XZ
?gbump@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAEXH@Z
?_Pninc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAEPA_WXZ
??1?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UAE@XZ
??1?$basic_iostream@_WU?$char_traits@_W@std@@@std@@UAE@XZ
_Strxfrm
_Strcoll
?_Incref@facet@locale@std@@UAEXXZ
?_Getcat@?$ctype@_W@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
??1_Locinfo@std@@QAE@XZ
??1_Lockit@std@@QAE@XZ
??0_Locinfo@std@@QAE@PBD@Z
??0_Lockit@std@@QAE@H@Z
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ
?id@?$ctype@_W@std@@2V0locale@2@A
??Bid@locale@std@@QAEIXZ
?getloc@ios_base@std@@QBE?AVlocale@2@XZ
?uflow@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEGXZ
?_Init@locale@std@@CAPAV_Locimp@12@_N@Z
?_Getcat@?$ctype@D@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?id@?$ctype@D@std@@2V0locale@2@A
?tolower@?$ctype@D@std@@QBEDD@Z
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?widen@?$ctype@_W@std@@QBE_WD@Z
?sputc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAEG_W@Z
?_Xbad_alloc@std@@YAXXZ
?id@?$collate@D@std@@2V0locale@2@A
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?uncaught_exception@std@@YA_NXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?_Unlock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UAEXXZ
?_Lock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UAEXXZ
?_Getcoll@_Locinfo@std@@QBE?AU_Collvec@@XZ
?sync@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEHXZ
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?id@?$time_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@2V0locale@2@A
?xsputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAE_JPB_W_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
?_Xregex_error@std@@YAXW4error_type@regex_constants@1@@Z
?tolower@?$ctype@D@std@@QBEPBDPADPBD@Z
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEPAV12@PAD_J@Z
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEXABVlocale@2@@Z
?showmanyc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAE_JXZ
?xsgetn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAE_JPA_W_J@Z
?setbuf@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEPAV12@PA_W_J@Z
?imbue@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEXABVlocale@2@@Z
?sputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAE_JPB_W_J@Z
?_Getcat@?$time_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?_Osfx@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEXXZ
?flush@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV12@XZ
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QAE_N_N@Z
?get@?$time_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QBE?AV?$istreambuf_iterator@DU?$char_traits@D@std@@@2@V32@0AAVios_base@2@AAHPAUtm@@PBD4@Z
?setstate@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QAEXH_N@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
??0?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAE@XZ
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
??0?$basic_ios@_WU?$char_traits@_W@std@@@std@@IAE@XZ
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0?$basic_iostream@_WU?$char_traits@_W@std@@@std@@QAE@PAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@@Z
_Mtx_destroy_in_situ
_Mtx_init_in_situ
_Mtx_lock
?_Throw_C_error@std@@YAXH@Z

userenv

GetDefaultUserProfileDirectoryW
CreateEnvironmentBlock

vcruntime140

__std_exception_copy
strchr
_purecall
wcsstr
__std_terminate
__current_exception
__current_exception_context
_CxxThrowException
memset
__std_type_info_destroy_list
memmove
memcpy
__CxxFrameHandler3
__std_exception_destroy
_except_handler4_common
memchr
memcmp

api-ms-win-crt-runtime-l1-1-0

_initterm
terminate
_cexit
_initterm_e
_invalid_parameter_noinfo_noreturn
_seh_filter_dll
_configure_narrow_argv
_initialize_narrow_environment
_initialize_onexit_table
_register_onexit_function
_execute_onexit_table
_crt_atexit
_errno

api-ms-win-crt-convert-l1-1-0

wcstol
_strtod_l
wcstoul
wcstod
strtoul
atof
atol
strtoll
_wtoi
strtol

api-ms-win-crt-time-l1-1-0

_time64
_mkgmtime64
strftime
_gmtime64_s
_difftime64
_localtime64_s

api-ms-win-crt-heap-l1-1-0

malloc
free
_callnewh
realloc

api-ms-win-crt-stdio-l1-1-0

fclose
__stdio_common_vsprintf_s
_wfopen_s
__stdio_common_vswprintf_s
__stdio_common_vswprintf
__stdio_common_vsprintf

api-ms-win-crt-math-l1-1-0

round
ceil

api-ms-win-crt-string-l1-1-0

isxdigit
_wcsdup
towupper
iswspace
wcstok_s

api-ms-win-crt-locale-l1-1-0

_create_locale
_free_locale

Exports

Exports

?GetECSConfigurationManager@@YGPAVIECSConfigurationManager@@XZ
?GetFeatureSupport@@YGPAVIFeatureSupport@@XZ
?GetUpdateRingSettingsManager@@YGPAVIUpdateRingSettingsManager@@XZ
?OverrideECSConfigurationManager@@YGXPAVIECSConfigurationManager@@@Z
?OverrideFeatureSupport@@YGXPAVIFeatureSupport@@@Z
?OverrideUpdateRingSettingsManager@@YGXPAVIUpdateRingSettingsManager@@@Z
?ResetECSConfigurationManager@@YGXXZ
?ResetFeatureSupport@@YGXXZ
?ResetUpdateRingSettingsManager@@YGXXZ

Sections

.text
Size: 240KB - Virtual size: 240KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 96KB - Virtual size: 95KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Job Interview/essential.dat
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Users\Administrator\source\repos\Quizora\Quizora-MBTI\obj\Release\Quizora.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 4.7MB - Virtual size: 4.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Job Interview/msvcp140.dll
.dll windows:6 windows x86 arch:x86

6dbd7763e94344402d4206b7bab40e1f

Code Sign

33:00:00:01:0c:6c:23:05:0b:07:99:1e:cd:00:00:00:00:01:0c
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23-08-2018 20:20

Not After

23-11-2019 20:20

Subject

CN=Microsoft Time-Stamp service,OU=Microsoft Ireland Operations Limited+OU=Thales TSS ESN:FC41-4BD4-D220,O=Microsoft Corporation,L=Redmond,ST=WA,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

33:00:00:01:b1:dd:ed:ba:54:e9:65:b8:5f:00:01:00:00:01:b1
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

12-07-2018 20:11

Not After

26-07-2019 20:11

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:33:26:1a:00:00:00:00:00:31
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

31-08-2010 22:19

Not After

31-08-2020 22:29

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03-04-2007 12:53

Not After

03-04-2021 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:02:3b:10:df:65:17:47:51:70:ff:00:00:00:00:02:3b
Certificate

Issuer

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

12-07-2018 20:07

Not After

08-08-2019 20:07

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0c:52:4c:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

06-07-2010 20:40

Not After

06-07-2025 20:50

Subject

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

52:10:da:22:0d:a5:13:d1:15:42:f3:81:b9:b7:fd:51:49:e7:ed:ae:02:29:2e:ad:81:b7:c2:b1:1e:b7:45:5d
Signer

Actual PE Digest

52:10:da:22:0d:a5:13:d1:15:42:f3:81:b9:b7:fd:51:49:e7:ed:ae:02:29:2e:ad:81:b7:c2:b1:1e:b7:45:5d

Digest Algorithm

sha256

PE Digest Matches

true

11:97:14:5a:0a:50:e7:57:e3:ec:f6:60:3b:cf:a9:e5:7e:b3:02:8b
Signer

Actual PE Digest

11:97:14:5a:0a:50:e7:57:e3:ec:f6:60:3b:cf:a9:e5:7e:b3:02:8b

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\agent\_work\2\s\binaries\x86ret\bin\i386\\msvcp140.i386.pdb

Imports

vcruntime140

_except_handler4_common
__uncaught_exceptions
__uncaught_exception
memmove
__std_terminate
_purecall
__CxxFrameHandler3
_CxxThrowException
__AdjustPointer
__processing_throw
__current_exception
__std_exception_destroy
__std_exception_copy
memset
memcmp
memchr
__std_type_info_destroy_list
memcpy

api-ms-win-crt-heap-l1-1-0

_callnewh
free
calloc
malloc
realloc

api-ms-win-crt-locale-l1-1-0

___mb_cur_max_func
___lc_locale_name_func
___lc_collate_cp_func
localeconv
___lc_codepage_func
_lock_locales
_unlock_locales
setlocale
__pctype_func

api-ms-win-crt-string-l1-1-0

__strncnt
tolower
isalnum
isxdigit
isspace
wcsnlen
isdigit
wcscpy_s
_wcsdup
islower
isupper
iswctype
strcspn

api-ms-win-crt-runtime-l1-1-0

_cexit
_execute_onexit_table
_register_onexit_function
_set_new_handler
terminate
_crt_atexit
_invalid_parameter_noinfo_noreturn
_initialize_narrow_environment
_configure_narrow_argv
_seh_filter_dll
abort
_initterm
_initterm_e
_initialize_onexit_table
_beginthreadex
_endthreadex
_errno

api-ms-win-crt-stdio-l1-1-0

fputwc
ungetc
setvbuf
fwrite
_fseeki64
fsetpos
fread
fputs
fgetc
fflush
fclose
_get_stream_buffer_pointers
_wfsopen
_fsopen
__acrt_iob_func
fgetpos
fseek
fputc
__stdio_common_vsprintf_s
fgetwc
ungetwc

api-ms-win-crt-math-l1-1-0

ldexp
_CIpow
_CIlog
frexp

api-ms-win-crt-convert-l1-1-0

btowc
strtod
strtof

api-ms-win-crt-filesystem-l1-1-0

_wchdir
_wrmdir
_unlock_file
_wremove
_lock_file
_wrename

api-ms-win-crt-time-l1-1-0

_W_Getdays
_Getmonths
_Strftime
_Wcsftime
_Getdays
_Gettnames
_W_Gettnames
_W_Getmonths

api-ms-win-crt-environment-l1-1-0

_wgetcwd

api-ms-win-crt-utility-l1-1-0

rand_s

kernel32

RtlCaptureStackBackTrace
DuplicateHandle
WaitForSingleObjectEx
Sleep
GetCurrentProcess
SwitchToThread
GetCurrentThread
GetCurrentThreadId
GetExitCodeThread
GetNativeSystemInfo
QueryPerformanceCounter
QueryPerformanceFrequency
GetStringTypeW
MultiByteToWideChar
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
WideCharToMultiByte
LoadLibraryExA
FreeLibrary
VirtualQuery
VirtualProtect
GetSystemInfo
InitializeSListHead
GetCurrentProcessId
IsDebuggerPresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetProcAddress
GetModuleHandleW
GetTickCount
GetSystemTimeAsFileTime
CreateEventW
InitializeCriticalSectionAndSpinCount
SetLastError
GetModuleHandleExW
QueueUserWorkItem
IsProcessorFeaturePresent
CloseHandle
TryEnterCriticalSection
FormatMessageW
CreateHardLinkW
CopyFileW
GetLastError
AreFileApisANSI
GetTempPathW
SetFileTime
SetFilePointerEx
SetFileAttributesW
SetEndOfFile
GetFileInformationByHandle
GetFileAttributesExW
GetDiskFreeSpaceExW
FindNextFileW
FindFirstFileExW
FindClose
CreateFileW
CreateDirectoryW
GetLocaleInfoW
LCMapStringW
CompareStringW
GetCPInfo
RaiseException
DecodePointer
EncodePointer

Exports

Exports

??$_Getvals@_W@?$time_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@IAEX_WABV_Locinfo@1@@Z
??$_Getvals@_W@?$time_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@IAEX_WABV_Locinfo@1@@Z
??$_Getvals@_W@?$time_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@IAEX_WABV_Locinfo@1@@Z
??0?$_Yarn@D@std@@QAE@ABV01@@Z
??0?$_Yarn@D@std@@QAE@PBD@Z
??0?$_Yarn@D@std@@QAE@XZ
??0?$_Yarn@G@std@@QAE@ABV01@@Z
??0?$_Yarn@G@std@@QAE@PBG@Z
??0?$_Yarn@G@std@@QAE@XZ
??0?$_Yarn@_W@std@@QAE@ABV01@@Z
??0?$_Yarn@_W@std@@QAE@PB_W@Z
??0?$_Yarn@_W@std@@QAE@XZ
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
??0?$basic_ios@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??0?$basic_ios@GU?$char_traits@G@std@@@std@@IAE@XZ
??0?$basic_ios@GU?$char_traits@G@std@@@std@@QAE@PAV?$basic_streambuf@GU?$char_traits@G@std@@@1@@Z
??0?$basic_ios@_WU?$char_traits@_W@std@@@std@@IAE@XZ
??0?$basic_ios@_WU?$char_traits@_W@std@@@std@@QAE@PAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@@Z
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@IAE@$$QAV01@@Z
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??0?$basic_iostream@GU?$char_traits@G@std@@@std@@IAE@$$QAV01@@Z
??0?$basic_iostream@GU?$char_traits@G@std@@@std@@QAE@PAV?$basic_streambuf@GU?$char_traits@G@std@@@1@@Z
??0?$basic_iostream@_WU?$char_traits@_W@std@@@std@@IAE@$$QAV01@@Z
??0?$basic_iostream@_WU?$char_traits@_W@std@@@std@@QAE@PAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@@Z
??0?$basic_istream@DU?$char_traits@D@std@@@std@@IAE@$$QAV01@@Z
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N1@Z
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QAE@W4_Uninitialized@1@@Z
??0?$basic_istream@GU?$char_traits@G@std@@@std@@IAE@$$QAV01@@Z
??0?$basic_istream@GU?$char_traits@G@std@@@std@@QAE@PAV?$basic_streambuf@GU?$char_traits@G@std@@@1@_N1@Z
??0?$basic_istream@GU?$char_traits@G@std@@@std@@QAE@PAV?$basic_streambuf@GU?$char_traits@G@std@@@1@_N@Z
??0?$basic_istream@GU?$char_traits@G@std@@@std@@QAE@W4_Uninitialized@1@@Z
??0?$basic_istream@_WU?$char_traits@_W@std@@@std@@IAE@$$QAV01@@Z
??0?$basic_istream@_WU?$char_traits@_W@std@@@std@@QAE@PAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@_N1@Z
??0?$basic_istream@_WU?$char_traits@_W@std@@@std@@QAE@PAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@_N@Z
??0?$basic_istream@_WU?$char_traits@_W@std@@@std@@QAE@W4_Uninitialized@1@@Z
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@IAE@$$QAV01@@Z
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@W4_Uninitialized@1@_N@Z
??0?$basic_ostream@GU?$char_traits@G@std@@@std@@IAE@$$QAV01@@Z
??0?$basic_ostream@GU?$char_traits@G@std@@@std@@QAE@PAV?$basic_streambuf@GU?$char_traits@G@std@@@1@_N@Z
??0?$basic_ostream@GU?$char_traits@G@std@@@std@@QAE@W4_Uninitialized@1@_N@Z
??0?$basic_ostream@_WU?$char_traits@_W@std@@@std@@IAE@$$QAV01@@Z
??0?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAE@PAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@_N@Z
??0?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAE@W4_Uninitialized@1@_N@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@ABV01@@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@W4_Uninitialized@1@@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
??0?$basic_streambuf@GU?$char_traits@G@std@@@std@@IAE@ABV01@@Z
??0?$basic_streambuf@GU?$char_traits@G@std@@@std@@IAE@W4_Uninitialized@1@@Z
??0?$basic_streambuf@GU?$char_traits@G@std@@@std@@IAE@XZ
??0?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAE@ABV01@@Z
??0?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAE@W4_Uninitialized@1@@Z
??0?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAE@XZ
??0?$codecvt@DDU_Mbstatet@@@std@@QAE@ABV_Locinfo@1@I@Z
??0?$codecvt@DDU_Mbstatet@@@std@@QAE@I@Z
??0?$codecvt@GDU_Mbstatet@@@std@@QAE@ABV_Locinfo@1@I@Z
??0?$codecvt@GDU_Mbstatet@@@std@@QAE@I@Z
??0?$codecvt@_SDU_Mbstatet@@@std@@QAE@ABV_Locinfo@1@I@Z
??0?$codecvt@_SDU_Mbstatet@@@std@@QAE@ABV_Locinfo@1@KW4_Codecvt_mode@1@I@Z
??0?$codecvt@_SDU_Mbstatet@@@std@@QAE@I@Z
??0?$codecvt@_UDU_Mbstatet@@@std@@QAE@ABV_Locinfo@1@I@Z
??0?$codecvt@_UDU_Mbstatet@@@std@@QAE@ABV_Locinfo@1@KW4_Codecvt_mode@1@I@Z
??0?$codecvt@_UDU_Mbstatet@@@std@@QAE@I@Z
??0?$codecvt@_WDU_Mbstatet@@@std@@QAE@ABV_Locinfo@1@I@Z
??0?$codecvt@_WDU_Mbstatet@@@std@@QAE@I@Z
??0?$ctype@D@std@@QAE@ABV_Locinfo@1@I@Z
??0?$ctype@D@std@@QAE@PBF_NI@Z
??0?$ctype@G@std@@QAE@ABV_Locinfo@1@I@Z
??0?$ctype@G@std@@QAE@I@Z
??0?$ctype@_W@std@@QAE@ABV_Locinfo@1@I@Z
??0?$ctype@_W@std@@QAE@I@Z
??0?$num_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QAE@ABV_Locinfo@1@I@Z
??0?$num_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QAE@I@Z
??0?$num_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QAE@ABV_Locinfo@1@I@Z
??0?$num_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QAE@I@Z
??0?$num_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@QAE@ABV_Locinfo@1@I@Z
??0?$num_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@QAE@I@Z
??0?$num_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QAE@ABV_Locinfo@1@I@Z
??0?$num_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QAE@I@Z
??0?$num_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QAE@ABV_Locinfo@1@I@Z
??0?$num_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QAE@I@Z
??0?$num_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@QAE@ABV_Locinfo@1@I@Z
??0?$num_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@QAE@I@Z
??0?$time_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@IAE@PBDI@Z
??0?$time_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QAE@ABV_Locinfo@1@I@Z
??0?$time_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QAE@I@Z
??0?$time_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@IAE@PBDI@Z
??0?$time_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QAE@ABV_Locinfo@1@I@Z
??0?$time_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QAE@I@Z
??0?$time_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@IAE@PBDI@Z
??0?$time_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@QAE@ABV_Locinfo@1@I@Z
??0?$time_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@QAE@I@Z
??0?$time_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QAE@ABV_Locinfo@1@I@Z
??0?$time_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QAE@I@Z
??0?$time_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@IAE@PBDI@Z
??0?$time_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QAE@ABV_Locinfo@1@I@Z
??0?$time_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QAE@I@Z
??0?$time_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@IAE@PBDI@Z
??0?$time_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@QAE@ABV_Locinfo@1@I@Z
??0?$time_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@QAE@I@Z
??0Init@ios_base@std@@QAE@XZ
??0_Facet_base@std@@QAE@ABV01@@Z
??0_Facet_base@std@@QAE@XZ
??0_Init_locks@std@@QAE@XZ
??0_Locimp@locale@std@@AAE@ABV012@@Z
??0_Locimp@locale@std@@AAE@_N@Z
??0_Locinfo@std@@QAE@HPBD@Z
??0_Locinfo@std@@QAE@PBD@Z
??0_Lockit@std@@QAE@H@Z
??0_Lockit@std@@QAE@XZ
??0_Timevec@std@@QAE@ABV01@@Z
??0_Timevec@std@@QAE@PAX@Z
??0_UShinit@std@@QAE@XZ
??0_Winit@std@@QAE@XZ
??0codecvt_base@std@@QAE@I@Z
??0ctype_base@std@@QAE@I@Z
??0facet@locale@std@@IAE@I@Z
??0id@locale@std@@QAE@I@Z
??0ios_base@std@@IAE@XZ
??0task_continuation_context@Concurrency@@AAE@XZ
??0time_base@std@@QAE@I@Z
??1?$_Yarn@D@std@@QAE@XZ
??1?$_Yarn@G@std@@QAE@XZ
??1?$_Yarn@_W@std@@QAE@XZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_ios@GU?$char_traits@G@std@@@std@@UAE@XZ
??1?$basic_ios@_WU?$char_traits@_W@std@@@std@@UAE@XZ
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_iostream@GU?$char_traits@G@std@@@std@@UAE@XZ
??1?$basic_iostream@_WU?$char_traits@_W@std@@@std@@UAE@XZ
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_istream@GU?$char_traits@G@std@@@std@@UAE@XZ
??1?$basic_istream@_WU?$char_traits@_W@std@@@std@@UAE@XZ
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_ostream@GU?$char_traits@G@std@@@std@@UAE@XZ
??1?$basic_ostream@_WU?$char_traits@_W@std@@@std@@UAE@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_streambuf@GU?$char_traits@G@std@@@std@@UAE@XZ
??1?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UAE@XZ
??1?$codecvt@DDU_Mbstatet@@@std@@MAE@XZ
??1?$codecvt@GDU_Mbstatet@@@std@@MAE@XZ
??1?$codecvt@_SDU_Mbstatet@@@std@@MAE@XZ
??1?$codecvt@_UDU_Mbstatet@@@std@@MAE@XZ
??1?$codecvt@_WDU_Mbstatet@@@std@@MAE@XZ
??1?$ctype@D@std@@MAE@XZ
??1?$ctype@G@std@@MAE@XZ
??1?$ctype@_W@std@@MAE@XZ
??1?$num_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@MAE@XZ
??1?$num_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@MAE@XZ
??1?$num_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@MAE@XZ
??1?$num_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@MAE@XZ
??1?$num_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@MAE@XZ
??1?$num_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@MAE@XZ
??1?$time_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@MAE@XZ
??1?$time_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@MAE@XZ
??1?$time_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@MAE@XZ
??1?$time_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@MAE@XZ
??1?$time_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@MAE@XZ
??1?$time_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@MAE@XZ
??1Init@ios_base@std@@QAE@XZ
??1_Facet_base@std@@UAE@XZ
??1_Init_locks@std@@QAE@XZ
??1_Locimp@locale@std@@MAE@XZ
??1_Locinfo@std@@QAE@XZ
??1_Lockit@std@@QAE@XZ
??1_Timevec@std@@QAE@XZ
??1_UShinit@std@@QAE@XZ
??1_Winit@std@@QAE@XZ
??1codecvt_base@std@@UAE@XZ
??1ctype_base@std@@UAE@XZ
??1facet@locale@std@@MAE@XZ
??1ios_base@std@@UAE@XZ
??1time_base@std@@UAE@XZ
??4?$_Iosb@H@std@@QAEAAV01@$$QAV01@@Z
??4?$_Iosb@H@std@@QAEAAV01@ABV01@@Z
??4?$_Yarn@D@std@@QAEAAV01@ABV01@@Z
??4?$_Yarn@D@std@@QAEAAV01@PBD@Z
??4?$_Yarn@G@std@@QAEAAV01@ABV01@@Z
??4?$_Yarn@G@std@@QAEAAV01@PBG@Z
??4?$_Yarn@_W@std@@QAEAAV01@ABV01@@Z
??4?$_Yarn@_W@std@@QAEAAV01@PB_W@Z
??4?$basic_iostream@DU?$char_traits@D@std@@@std@@IAEAAV01@$$QAV01@@Z
??4?$basic_iostream@GU?$char_traits@G@std@@@std@@IAEAAV01@$$QAV01@@Z
??4?$basic_iostream@_WU?$char_traits@_W@std@@@std@@IAEAAV01@$$QAV01@@Z
??4?$basic_istream@DU?$char_traits@D@std@@@std@@IAEAAV01@$$QAV01@@Z
??4?$basic_istream@GU?$char_traits@G@std@@@std@@IAEAAV01@$$QAV01@@Z
??4?$basic_istream@_WU?$char_traits@_W@std@@@std@@IAEAAV01@$$QAV01@@Z
??4?$basic_ostream@DU?$char_traits@D@std@@@std@@IAEAAV01@$$QAV01@@Z
??4?$basic_ostream@GU?$char_traits@G@std@@@std@@IAEAAV01@$$QAV01@@Z
??4?$basic_ostream@_WU?$char_traits@_W@std@@@std@@IAEAAV01@$$QAV01@@Z
??4?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEAAV01@ABV01@@Z
??4?$basic_streambuf@GU?$char_traits@G@std@@@std@@IAEAAV01@ABV01@@Z
??4?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAEAAV01@ABV01@@Z
??4Init@ios_base@std@@QAEAAV012@ABV012@@Z
??4_Crt_new_delete@std@@QAEAAU01@$$QAU01@@Z
??4_Crt_new_delete@std@@QAEAAU01@ABU01@@Z
??4_Facet_base@std@@QAEAAV01@ABV01@@Z
??4_Init_locks@std@@QAEAAV01@ABV01@@Z
??4_Timevec@std@@QAEAAV01@ABV01@@Z
??4_UShinit@std@@QAEAAV01@ABV01@@Z
??4_Winit@std@@QAEAAV01@ABV01@@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AAF@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AAG@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AAH@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AAI@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AAJ@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AAK@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AAM@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AAN@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AAO@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AAPAX@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AA_J@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AA_K@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AA_N@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV?$basic_ios@DU?$char_traits@D@std@@@1@AAV21@@Z@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAVios_base@1@AAV21@@Z@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QAEAAV01@AAF@Z
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QAEAAV01@AAG@Z
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QAEAAV01@AAH@Z
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QAEAAV01@AAI@Z
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QAEAAV01@AAJ@Z
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QAEAAV01@AAK@Z
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QAEAAV01@AAM@Z
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QAEAAV01@AAN@Z
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QAEAAV01@AAO@Z
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QAEAAV01@AAPAX@Z
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QAEAAV01@AA_J@Z
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QAEAAV01@AA_K@Z
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QAEAAV01@AA_N@Z
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QAEAAV01@P6AAAV?$basic_ios@GU?$char_traits@G@std@@@1@AAV21@@Z@Z
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QAEAAV01@P6AAAVios_base@1@AAV21@@Z@Z
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QAEAAV01@PAV?$basic_streambuf@GU?$char_traits@G@std@@@1@@Z
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@AAF@Z
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@AAG@Z
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@AAH@Z
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@AAI@Z
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@AAJ@Z
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@AAK@Z
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@AAM@Z
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@AAN@Z
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@AAO@Z
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@AAPAX@Z
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@AA_J@Z
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@AA_K@Z
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@AA_N@Z
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@P6AAAV?$basic_ios@_WU?$char_traits@_W@std@@@1@AAV21@@Z@Z
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@P6AAAVios_base@1@AAV21@@Z@Z
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@PAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@F@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@G@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@H@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@I@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@J@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@K@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@M@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@N@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@O@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV?$basic_ios@DU?$char_traits@D@std@@@1@AAV21@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAVios_base@1@AAV21@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@PBX@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@_J@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@_K@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@_N@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEAAV01@F@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEAAV01@G@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEAAV01@H@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEAAV01@I@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEAAV01@J@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEAAV01@K@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEAAV01@M@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEAAV01@N@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEAAV01@O@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEAAV01@P6AAAV?$basic_ios@GU?$char_traits@G@std@@@1@AAV21@@Z@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEAAV01@P6AAAVios_base@1@AAV21@@Z@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEAAV01@PAV?$basic_streambuf@GU?$char_traits@G@std@@@1@@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEAAV01@PBX@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEAAV01@_J@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEAAV01@_K@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEAAV01@_N@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@F@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@G@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@H@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@I@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@J@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@K@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@M@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@N@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@O@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@P6AAAV?$basic_ios@_WU?$char_traits@_W@std@@@1@AAV21@@Z@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@P6AAAVios_base@1@AAV21@@Z@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@PAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@PBX@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@_J@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@_K@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@_N@Z
??7ios_base@std@@QBE_NXZ
??Bid@locale@std@@QAEIXZ
??Bios_base@std@@QBE_NXZ
??_7?$basic_ios@DU?$char_traits@D@std@@@std@@6B@
??_7?$basic_ios@GU?$char_traits@G@std@@@std@@6B@
??_7?$basic_ios@_WU?$char_traits@_W@std@@@std@@6B@
??_7?$basic_iostream@DU?$char_traits@D@std@@@std@@6B@
??_7?$basic_iostream@GU?$char_traits@G@std@@@std@@6B@
??_7?$basic_iostream@_WU?$char_traits@_W@std@@@std@@6B@
??_7?$basic_istream@DU?$char_traits@D@std@@@std@@6B@
??_7?$basic_istream@GU?$char_traits@G@std@@@std@@6B@
??_7?$basic_istream@_WU?$char_traits@_W@std@@@std@@6B@
??_7?$basic_ostream@DU?$char_traits@D@std@@@std@@6B@
??_7?$basic_ostream@GU?$char_traits@G@std@@@std@@6B@
??_7?$basic_ostream@_WU?$char_traits@_W@std@@@std@@6B@
??_7?$basic_streambuf@DU?$char_traits@D@std@@@std@@6B@
??_7?$basic_streambuf@GU?$char_traits@G@std@@@std@@6B@
??_7?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@6B@
??_7?$codecvt@DDU_Mbstatet@@@std@@6B@
??_7?$codecvt@GDU_Mbstatet@@@std@@6B@
??_7?$codecvt@_SDU_Mbstatet@@@std@@6B@
??_7?$codecvt@_UDU_Mbstatet@@@std@@6B@
??_7?$codecvt@_WDU_Mbstatet@@@std@@6B@
??_7?$ctype@D@std@@6B@
??_7?$ctype@G@std@@6B@
??_7?$ctype@_W@std@@6B@
??_7?$num_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@6B@
??_7?$num_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@6B@
??_7?$num_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@6B@
??_7?$num_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@6B@
??_7?$num_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@6B@
??_7?$num_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@6B@
??_7?$time_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@6B@
??_7?$time_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@6B@
??_7?$time_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@6B@
??_7?$time_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@6B@
??_7?$time_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@6B@
??_7?$time_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@6B@
??_7_Facet_base@std@@6B@
??_7_Locimp@locale@std@@6B@
??_7codecvt_base@std@@6B@
??_7ctype_base@std@@6B@
??_7facet@locale@std@@6B@
??_7ios_base@std@@6B@
??_7time_base@std@@6B@
??_8?$basic_iostream@DU?$char_traits@D@std@@@std@@7B?$basic_istream@DU?$char_traits@D@std@@@1@@
??_8?$basic_iostream@DU?$char_traits@D@std@@@std@@7B?$basic_ostream@DU?$char_traits@D@std@@@1@@
??_8?$basic_iostream@GU?$char_traits@G@std@@@std@@7B?$basic_istream@GU?$char_traits@G@std@@@1@@
??_8?$basic_iostream@GU?$char_traits@G@std@@@std@@7B?$basic_ostream@GU?$char_traits@G@std@@@1@@
??_8?$basic_iostream@_WU?$char_traits@_W@std@@@std@@7B?$basic_istream@_WU?$char_traits@_W@std@@@1@@
??_8?$basic_iostream@_WU?$char_traits@_W@std@@@std@@7B?$basic_ostream@_WU?$char_traits@_W@std@@@1@@
??_8?$basic_istream@DU?$char_traits@D@std@@@std@@7B@
??_8?$basic_istream@GU?$char_traits@G@std@@@std@@7B@
??_8?$basic_istream@_WU?$char_traits@_W@std@@@std@@7B@
??_8?$basic_ostream@DU?$char_traits@D@std@@@std@@7B@
??_8?$basic_ostream@GU?$char_traits@G@std@@@std@@7B@
??_8?$basic_ostream@_WU?$char_traits@_W@std@@@std@@7B@
??_D?$basic_iostream@DU?$char_traits@D@std@@@std@@QAEXXZ
??_D?$basic_iostream@GU?$char_traits@G@std@@@std@@QAEXXZ
??_D?$basic_iostream@_WU?$char_traits@_W@std@@@std@@QAEXXZ
??_D?$basic_istream@DU?$char_traits@D@std@@@std@@QAEXXZ
??_D?$basic_istream@GU?$char_traits@G@std@@@std@@QAEXXZ
??_D?$basic_istream@_WU?$char_traits@_W@std@@@std@@QAEXXZ
??_D?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
??_D?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEXXZ
??_D?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEXXZ
??_F?$codecvt@DDU_Mbstatet@@@std@@QAEXXZ
??_F?$codecvt@GDU_Mbstatet@@@std@@QAEXXZ
??_F?$codecvt@_SDU_Mbstatet@@@std@@QAEXXZ
??_F?$codecvt@_UDU_Mbstatet@@@std@@QAEXXZ
??_F?$codecvt@_WDU_Mbstatet@@@std@@QAEXXZ
??_F?$ctype@D@std@@QAEXXZ
??_F?$ctype@G@std@@QAEXXZ
??_F?$ctype@_W@std@@QAEXXZ
??_F?$num_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QAEXXZ
??_F?$num_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QAEXXZ
??_F?$num_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@QAEXXZ
??_F?$num_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QAEXXZ
??_F?$num_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QAEXXZ
??_F?$num_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@QAEXXZ
??_F?$time_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QAEXXZ
??_F?$time_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QAEXXZ
??_F?$time_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@QAEXXZ
??_F?$time_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QAEXXZ
??_F?$time_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QAEXXZ
??_F?$time_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@QAEXXZ
??_F_Locinfo@std@@QAEXXZ
??_F_Timevec@std@@QAEXXZ
??_Fcodecvt_base@std@@QAEXXZ
??_Fctype_base@std@@QAEXXZ
??_Ffacet@locale@std@@QAEXXZ
??_Fid@locale@std@@QAEXXZ
??_Ftime_base@std@@QAEXXZ
?CaptureCallstack@platform@details@Concurrency@@YAIPAPAXII@Z
?GetCurrentThreadId@platform@details@Concurrency@@YAJXZ
?GetNextAsyncId@platform@details@Concurrency@@YAIXZ
?ReportUnhandledError@_ExceptionHolder@details@Concurrency@@AAEXXZ
?_Addcats@_Locinfo@std@@QAEAAV12@HPBD@Z
?_Addfac@_Locimp@locale@std@@AAEXPAVfacet@23@I@Z
?_Addstd@ios_base@std@@SAXPAV12@@Z
?_Assign@_ContextCallback@details@Concurrency@@AAEXPAX@Z
?_Atexit@@YAXP6AXXZ@Z
?_BADOFF@std@@3_JB
?_C_str@?$_Yarn@D@std@@QBEPBDXZ
?_C_str@?$_Yarn@G@std@@QBEPBGXZ
?_C_str@?$_Yarn@_W@std@@QBEPB_WXZ
?_CallInContext@_ContextCallback@details@Concurrency@@QBEXV?$function@$$A6AXXZ@std@@_N@Z
?_Callfns@ios_base@std@@AAEXW4event@12@@Z
?_Capture@_ContextCallback@details@Concurrency@@AAEXXZ
?_Clocptr@_Locimp@locale@std@@0PAV123@A
?_Decref@facet@locale@std@@UAEPAV_Facet_base@3@XZ
?_Donarrow@?$ctype@G@std@@IBEDGD@Z
?_Donarrow@?$ctype@_W@std@@IBED_WD@Z
?_Dowiden@?$ctype@G@std@@IBEGD@Z
?_Dowiden@?$ctype@_W@std@@IBE_WD@Z
?_Empty@?$_Yarn@D@std@@QBE_NXZ
?_Empty@?$_Yarn@G@std@@QBE_NXZ
?_Empty@?$_Yarn@_W@std@@QBE_NXZ
?_Execute_once@std@@YAHAAUonce_flag@1@P6GHPAX1PAPAX@Z1@Z
?_Ffmt@?$num_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@ABAPADPADDH@Z
?_Ffmt@?$num_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@ABAPADPADDH@Z
?_Ffmt@?$num_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@ABAPADPADDH@Z
?_Findarr@ios_base@std@@AAEAAU_Iosarray@12@H@Z
?_Fiopen@std@@YAPAU_iobuf@@PBDHH@Z
?_Fiopen@std@@YAPAU_iobuf@@PBGHH@Z
?_Fiopen@std@@YAPAU_iobuf@@PB_WHH@Z
?_Fput@?$num_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@ABA?AV?$ostreambuf_iterator@DU?$char_traits@D@std@@@2@V32@AAVios_base@2@DPBDI@Z
?_Fput@?$num_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@ABA?AV?$ostreambuf_iterator@GU?$char_traits@G@std@@@2@V32@AAVios_base@2@GPBDI@Z
?_Fput@?$num_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@ABA?AV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@2@V32@AAVios_base@2@_WPBDI@Z
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?_Getcat@?$codecvt@GDU_Mbstatet@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?_Getcat@?$codecvt@_SDU_Mbstatet@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?_Getcat@?$codecvt@_UDU_Mbstatet@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?_Getcat@?$codecvt@_WDU_Mbstatet@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?_Getcat@?$ctype@D@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?_Getcat@?$ctype@G@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?_Getcat@?$ctype@_W@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?_Getcat@?$num_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?_Getcat@?$num_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?_Getcat@?$num_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?_Getcat@?$num_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?_Getcat@?$num_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?_Getcat@?$num_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?_Getcat@?$time_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?_Getcat@?$time_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?_Getcat@?$time_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?_Getcat@?$time_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?_Getcat@?$time_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?_Getcat@?$time_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?_Getcat@facet@locale@std@@SAIPAPBV123@PBV23@@Z
?_Getcoll@_Locinfo@std@@QBE?AU_Collvec@@XZ
?_Getctype@_Locinfo@std@@QBE?AU_Ctypevec@@XZ
?_Getcvt@_Locinfo@std@@QBE?AU_Cvtvec@@XZ
?_Getdateorder@_Locinfo@std@@QBEHXZ
?_Getdays@_Locinfo@std@@QBEPBDXZ
?_Getfalse@_Locinfo@std@@QBEPBDXZ
?_Getffld@?$num_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@ABAHPADAAV?$istreambuf_iterator@DU?$char_traits@D@std@@@2@1AAVios_base@2@PAH@Z
?_Getffld@?$num_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@ABAHPADAAV?$istreambuf_iterator@GU?$char_traits@G@std@@@2@1AAVios_base@2@PAH@Z
?_Getffld@?$num_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@ABAHPADAAV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@2@1AAVios_base@2@PAH@Z
?_Getffldx@?$num_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@ABAHPADAAV?$istreambuf_iterator@DU?$char_traits@D@std@@@2@1AAVios_base@2@PAH@Z
?_Getffldx@?$num_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@ABAHPADAAV?$istreambuf_iterator@GU?$char_traits@G@std@@@2@1AAVios_base@2@PAH@Z
?_Getffldx@?$num_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@ABAHPADAAV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@2@1AAVios_base@2@PAH@Z
?_Getfmt@?$time_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@IBE?AV?$istreambuf_iterator@DU?$char_traits@D@std@@@2@V32@0AAVios_base@2@AAHPAUtm@@PBD@Z
?_Getfmt@?$time_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@IBE?AV?$istreambuf_iterator@GU?$char_traits@G@std@@@2@V32@0AAVios_base@2@AAHPAUtm@@PBD@Z
?_Getfmt@?$time_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@IBE?AV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@2@V32@0AAVios_base@2@AAHPAUtm@@PBD@Z
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ
?_Getifld@?$num_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@ABAHPADAAV?$istreambuf_iterator@DU?$char_traits@D@std@@@2@1HABVlocale@2@@Z
?_Getifld@?$num_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@ABAHPADAAV?$istreambuf_iterator@GU?$char_traits@G@std@@@2@1HABVlocale@2@@Z
?_Getifld@?$num_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@ABAHPADAAV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@2@1HABVlocale@2@@Z
?_Getint@?$time_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@ABAHAAV?$istreambuf_iterator@DU?$char_traits@D@std@@@2@0HHAAHABV?$ctype@D@2@@Z
?_Getint@?$time_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@ABAHAAV?$istreambuf_iterator@GU?$char_traits@G@std@@@2@0HHAAHABV?$ctype@G@2@@Z
?_Getint@?$time_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@ABAHAAV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@2@0HHAAHABV?$ctype@_W@2@@Z
?_Getlconv@_Locinfo@std@@QBEPBUlconv@@XZ
?_Getmonths@_Locinfo@std@@QBEPBDXZ
?_Getname@_Locinfo@std@@QBEPBDXZ
?_Getptr@_Timevec@std@@QBEPAXXZ
?_Gettnames@_Locinfo@std@@QBE?AV_Timevec@2@XZ
?_Gettrue@_Locinfo@std@@QBEPBDXZ
?_Gnavail@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBE_JXZ
?_Gnavail@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IBE_JXZ
?_Gnavail@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IBE_JXZ
?_Gndec@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
?_Gndec@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IAEPAGXZ
?_Gndec@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAEPA_WXZ
?_Gninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
?_Gninc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IAEPAGXZ
?_Gninc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAEPA_WXZ
?_Gnpreinc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
?_Gnpreinc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IAEPAGXZ
?_Gnpreinc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAEPA_WXZ
?_Id_cnt@id@locale@std@@0HA
?_Ifmt@?$num_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@ABAPADPADPBDH@Z
?_Ifmt@?$num_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@ABAPADPADPBDH@Z
?_Ifmt@?$num_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@ABAPADPADPBDH@Z
?_Incref@facet@locale@std@@UAEXXZ
?_Index@ios_base@std@@0HA

Sections

.text
Size: 394KB - Virtual size: 393KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 52B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1008B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Job Interview/secur32.dll
.dll windows:6 windows x86 arch:x86

580b32aebb5f47963867d746773cf6a1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

ExitProcess
GetModuleHandleW
GetModuleFileNameW
WideCharToMultiByte
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
SetFileInformationByHandle
CloseHandle
GetFileAttributesExW
FindNextFileW
FindFirstFileExW
FindFirstFileW
FindClose
GetCurrentProcessId
TerminateProcess
OpenProcess
CopyFileA
Sleep
CreateFileW
CreateDirectoryW
AreFileApisANSI
GetLastError
GetFileInformationByHandleEx
MultiByteToWideChar
LocalFree
FormatMessageA
GetLocaleInfoEx
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent

user32

GetClientRect
GetDesktopWindow
CreateWindowExA
DefWindowProcA
SetWindowTextA
ShowWindow
GetMessageA
RegisterClassExA
MessageBoxA
GetWindowLongW
SendMessageA
DispatchMessageW

gdi32

CreateFontA

advapi32

RegSetValueExA
RegOpenKeyExA
RegCloseKey

shell32

SHGetSpecialFolderPathW
ShellExecuteExW
SHGetKnownFolderPath

ole32

CoTaskMemFree

msvcp140

?_Throw_Cpp_error@std@@YAXH@Z
_Thrd_detach
?_Throw_C_error@std@@YAXH@Z
?_Xlength_error@std@@YAXPBD@Z
_Cnd_do_broadcast_at_thread_exit
?_Xout_of_range@std@@YAXPBD@Z
?_Syserror_map@std@@YAPBDH@Z
?_Winerror_map@std@@YAHH@Z

vcruntime140

memcpy
_except_handler4_common
__std_type_info_destroy_list
_CxxThrowException
memmove
__std_exception_destroy
__std_exception_copy
__std_terminate
__CxxFrameHandler3
memset

api-ms-win-crt-runtime-l1-1-0

_initialize_onexit_table
_execute_onexit_table
_configure_narrow_argv
_seh_filter_dll
_initterm_e
_initterm
_cexit
_invalid_parameter_noinfo_noreturn
_initialize_narrow_environment
terminate
_beginthreadex

api-ms-win-crt-heap-l1-1-0

malloc
_callnewh
free

api-ms-win-crt-locale-l1-1-0

___lc_codepage_func

Exports

Exports

AcceptSecurityContext
AcquireCredentialsHandleA
AcquireCredentialsHandleW
AddCredentialsA
AddCredentialsW
AddSecurityPackageA
ApplyControlToken
ChangeAccountPasswordA
ChangeAccountPasswordW
CloseLsaPerformanceData
CollectLsaPerformanceData
CompleteAuthToken
CredMarshalTargetInfo
CredUnmarshalTargetInfo
DecryptMessage
DeleteSecurityContext
DeleteSecurityPackageA
DeleteSecurityPackageW
EncryptMessage
EnumerateSecurityPackagesA
EnumerateSecurityPackagesW
ExportSecurityContext
FreeContextBuffer
FreeCredentialsHandle
GetComputerObjectNameA
GetComputerObjectNameW
GetSecurityUserInfo
GetUserNameExA
GetUserNameExW
ImpersonateSecurityContext
ImportSecurityContextA
ImportSecurityContextW
InitSecurityInterfaceA
InitSecurityInterfaceW
InitializeSecurityContextA
InitializeSecurityContextW
LsaCallAuthenticationPackage
LsaConnectUntrusted
LsaDeregisterLogonProcess
LsaEnumerateLogonSessions
LsaFreeReturnBuffer
LsaGetLogonSessionData
LsaLogonUser
LsaLookupAuthenticationPackage
LsaRegisterLogonProcess
LsaRegisterPolicyChangeNotification
LsaUnregisterPolicyChangeNotification
MakeSignature
OpenLsaPerformanceData
QueryContextAttributesA
QueryContextAttributesW
QueryCredentialsAttributesA
QueryCredentialsAttributesW
QuerySecurityContextToken
QuerySecurityPackageInfoA
QuerySecurityPackageInfoW
RevertSecurityContext
SaslAcceptSecurityContext
SaslEnumerateProfilesA
SaslEnumerateProfilesW
SaslGetContextOption
SaslGetProfilePackageA
SaslGetProfilePackageW
SaslIdentifyPackageA
SaslIdentifyPackageW
SaslInitializeSecurityContextA
SaslInitializeSecurityContextW
SaslSetContextOption
SealMessage
SeciAllocateAndSetCallFlags
SeciAllocateAndSetIPAddress
SeciFreeCallContext
SecpFreeMemory
SecpTranslateName
SecpTranslateNameEx
SetContextAttributesA
SetContextAttributesW
SetCredentialsAttributesA
SetCredentialsAttributesW
SspiCompareAuthIdentities
SspiCopyAuthIdentity
SspiDecryptAuthIdentity
SspiEncodeAuthIdentityAsStrings
SspiEncodeStringsAsAuthIdentity
SspiEncryptAuthIdentity
SspiExcludePackage
SspiFreeAuthIdentity
SspiGetTargetHostName
SspiIsAuthIdentityEncrypted
SspiLocalFree
SspiMarshalAuthIdentity
SspiPrepareForCredRead
SspiPrepareForCredWrite
SspiUnmarshalAuthIdentity
SspiValidateAuthIdentity
SspiZeroAuthIdentity
TranslateNameA
TranslateNameW
UnsealMessage
VerifySignature

Sections

.text
Size: 31KB - Virtual size: 31KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Job Interview/vcruntime140.dll
.dll windows:6 windows x86 arch:x86

6a84b7445ccacd5d29ac27de2745f356

Code Sign

33:00:00:01:07:63:a5:19:2a:11:27:e5:d9:00:00:00:00:01:07
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23-08-2018 20:20

Not After

23-11-2019 20:20

Subject

CN=Microsoft Time-Stamp service,OU=Microsoft Ireland Operations Limited+OU=Thales TSS ESN:AB41-4B27-F026,O=Microsoft Corporation,L=Redmond,ST=WA,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

33:00:00:01:b1:dd:ed:ba:54:e9:65:b8:5f:00:01:00:00:01:b1
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

12-07-2018 20:11

Not After

26-07-2019 20:11

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:33:26:1a:00:00:00:00:00:31
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

31-08-2010 22:19

Not After

31-08-2020 22:29

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03-04-2007 12:53

Not After

03-04-2021 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:02:3b:10:df:65:17:47:51:70:ff:00:00:00:00:02:3b
Certificate

Issuer

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

12-07-2018 20:07

Not After

08-08-2019 20:07

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0c:52:4c:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

06-07-2010 20:40

Not After

06-07-2025 20:50

Subject

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

7c:83:07:f2:ab:ac:ee:45:72:8a:94:b8:52:1c:71:d9:cf:2a:02:0f:3d:2a:40:23:c8:ae:be:94:e0:2b:de:b2
Signer

Actual PE Digest

7c:83:07:f2:ab:ac:ee:45:72:8a:94:b8:52:1c:71:d9:cf:2a:02:0f:3d:2a:40:23:c8:ae:be:94:e0:2b:de:b2

Digest Algorithm

sha256

PE Digest Matches

true

69:f0:3a:b3:d3:e2:76:74:1b:68:d7:40:21:2e:c8:f1:01:72:80:8a
Signer

Actual PE Digest

69:f0:3a:b3:d3:e2:76:74:1b:68:d7:40:21:2e:c8:f1:01:72:80:8a

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\agent\_work\2\s\binaries\x86ret\bin\i386\\vcruntime140.i386.pdb

Imports

api-ms-win-crt-runtime-l1-1-0

abort
terminate

api-ms-win-crt-heap-l1-1-0

calloc
malloc
free

api-ms-win-crt-string-l1-1-0

strcpy_s
wcsncmp

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vsprintf_s

api-ms-win-crt-convert-l1-1-0

atol

kernel32

DeleteCriticalSection
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
GetModuleHandleW
GetModuleFileNameW
LoadLibraryExW
GetProcAddress
FreeLibrary
RtlUnwind
VirtualQuery
EncodePointer
InterlockedPushEntrySList
InterlockedFlushSList
RaiseException
EnterCriticalSection
LeaveCriticalSection
TlsSetValue
GetLastError
SetLastError
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsFree

Exports

Exports

_CreateFrameInfo
_CxxThrowException
_EH_prolog
_FindAndUnlinkFrame
_IsExceptionObjectToBeDestroyed
_NLG_Dispatch2
_NLG_Return
_NLG_Return2
_SetWinRTOutOfMemoryExceptionCallback
__AdjustPointer
__BuildCatchObject
__BuildCatchObjectHelper
__CxxDetectRethrow
__CxxExceptionFilter
__CxxFrameHandler
__CxxFrameHandler2
__CxxFrameHandler3
__CxxLongjmpUnwind
__CxxQueryExceptionSize
__CxxRegisterExceptionObject
__CxxUnregisterExceptionObject
__DestructExceptionObject
__FrameUnwindFilter
__GetPlatformExceptionInfo
__RTCastToVoid
__RTDynamicCast
__RTtypeid
__TypeMatch
__current_exception
__current_exception_context
__intrinsic_setjmp
__processing_throw
__report_gsfailure
__std_exception_copy
__std_exception_destroy
__std_terminate
__std_type_info_compare
__std_type_info_destroy_list
__std_type_info_hash
__std_type_info_name
__telemetry_main_invoke_trigger
__telemetry_main_return_trigger
__unDName
__unDNameEx
__uncaught_exception
__uncaught_exceptions
__vcrt_GetModuleFileNameW
__vcrt_GetModuleHandleW
__vcrt_InitializeCriticalSectionEx
__vcrt_LoadLibraryExW
_chkesp
_except_handler2
_except_handler3
_except_handler4_common
_get_purecall_handler
_get_unexpected
_global_unwind2
_is_exception_typeof
_local_unwind2
_local_unwind4
_longjmpex
_purecall
_seh_longjmp_unwind
_seh_longjmp_unwind4
_set_purecall_handler
_set_se_translator
_setjmp3
longjmp
memchr
memcmp
memcpy
memmove
memset
set_unexpected
strchr
strrchr
strstr
unexpected
wcschr
wcsrchr
wcsstr

Sections

.text
Size: 55KB - Virtual size: 55KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b2f39d39d5cfb3df2afa8e86204f4dc9

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

shell32

msvcp140

vcruntime140

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-locale-l1-1-0

advapi32

ole32

oleaut32

Exports

Exports

Sections

.text Size: 103KB - Virtual size: 103KB

.rdata Size: 33KB - Virtual size: 32KB

.data Size: 2KB - Virtual size: 3KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 6KB - Virtual size: 6KB

d89e012bb90c3e56ea22733716ecc3f1

Code Sign

33:00:00:03:f1:62:06:e3:e7:ef:da:8a:be:00:00:00:00:03:f1Certificate

Extended Key Usages

61:0c:52:4c:00:00:00:00:00:03Certificate

Key Usages

1d:db:77:07:94:e2:4e:81:c1:63:71:50:db:4d:99:c3:ce:c2:a5:dd:a6:24:92:41:43:01:90:d8:4b:06:a8:c1Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

loggingplatform

updateringsettings

propsys

ntdll

kernel32

user32

advapi32

shell32

ole32

oleaut32

crypt32

rpcrt4

secur32

shlwapi

version

wininet

wtsapi32

msvcp140

userenv

vcruntime140

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-math-l1-1-0

gdi32

Sections

.text Size: 323KB - Virtual size: 322KB

.rdata Size: 136KB - Virtual size: 136KB

.data Size: 26KB - Virtual size: 28KB

.rsrc Size: 58KB - Virtual size: 58KB

.text
Size: 103KB - Virtual size: 103KB

.rdata
Size: 33KB - Virtual size: 32KB

.data
Size: 2KB - Virtual size: 3KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 6KB - Virtual size: 6KB

33:00:00:03:f1:62:06:e3:e7:ef:da:8a:be:00:00:00:00:03:f1
Certificate

61:0c:52:4c:00:00:00:00:00:03
Certificate

1d:db:77:07:94:e2:4e:81:c1:63:71:50:db:4d:99:c3:ce:c2:a5:dd:a6:24:92:41:43:01:90:d8:4b:06:a8:c1
Signer

.text
Size: 323KB - Virtual size: 322KB

.rdata
Size: 136KB - Virtual size: 136KB

.data
Size: 26KB - Virtual size: 28KB

.rsrc
Size: 58KB - Virtual size: 58KB

.reloc
Size: 29KB - Virtual size: 28KB

33:00:00:03:f1:62:06:e3:e7:ef:da:8a:be:00:00:00:00:03:f1
Certificate

61:0c:52:4c:00:00:00:00:00:03
Certificate

c2:9c:91:65:1e:e1:a8:d6:29:28:cd:54:80:41:ea:9c:ea:58:31:eb:6c:2c:e0:b9:b8:6e:74:64:1a:bb:38:a3
Signer

.text
Size: 289KB - Virtual size: 288KB

.rdata
Size: 115KB - Virtual size: 115KB

.data
Size: 13KB - Virtual size: 14KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 22KB - Virtual size: 22KB

33:00:00:03:f1:62:06:e3:e7:ef:da:8a:be:00:00:00:00:03:f1
Certificate

61:0c:52:4c:00:00:00:00:00:03
Certificate

dd:e0:ef:0f:e2:09:fe:09:e6:90:7b:58:a6:dc:ca:a9:ea:1b:cd:23:9d:5c:bd:b2:11:06:58:88:e2:9d:e4:6c
Signer