List of suspected clients[.]zip

Sharing

Copy URL

Twitter E-mail

General

Target

List of suspected clients.zip
Size

3.0MB
MD5

ff7debddc5a14ccd782628ac5f3ab9ce
SHA1

dbdba4601c0b3839f50b8c0f058853fe5b49e903
SHA256

f3b1d24ae8b5e245c9806b0c67ff1f7f93f5b86d639f5914a4a2b8dce22484e6
SHA512

a36ae6684bdbcb23ae7f4f150b5e46fb3d476bf424a379687ff3989a5d547443c860d2d4fbaba6d6b8fe90e61f49cf0c0a081f22341fab57d3c3364931f3e5be
SSDEEP

98304:kD1XxrgzYHflm+P8J481dx30uBb+VS9uyRv:WhrWYdm+Ef3L+VQR5

Score

1^/10

Malware Config

Signatures

Files

List of suspected clients.zip
.zip
List of suspected clients/List of suspected clients.lnk
.lnk
List of suspected clients/WCLDll.dll
.dll windows:6 windows x86 arch:x86

09f04b8a77f4345bd6d451987e784d5e

Code Sign

01:99:3e:38:97:0d:e6:08:8d:e6:b6:cb:39:bb:ee:24
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

06-03-2020 00:00

Not After

07-02-2023 12:00

Subject

CN=Cisco WebEx LLC,O=Cisco WebEx LLC,L=San Jose,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22-10-2013 12:00

Not After

22-10-2028 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

Issuer

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22-10-2014 00:00

Not After

22-10-2024 00:00

Subject

CN=DigiCert Timestamp Responder,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10-11-2006 00:00

Not After

10-11-2021 00:00

Subject

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageEmailProtection
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:99:3e:38:97:0d:e6:08:8d:e6:b6:cb:39:bb:ee:24
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

06-03-2020 00:00

Not After

07-02-2023 12:00

Subject

CN=Cisco WebEx LLC,O=Cisco WebEx LLC,L=San Jose,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22-10-2013 12:00

Not After

22-10-2028 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

04:cd:3f:85:68:ae:76:c6:1b:b0:fe:71:60:cc:a7:6d
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-10-2019 00:00

Not After

17-10-2030 00:00

Subject

CN=TIMESTAMP-SHA256-2019-10-15,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07-01-2016 12:00

Not After

07-01-2031 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

78:d3:24:5e:85:3c:4b:c1:8b:37:3d:e5:6a:07:0e:44:4c:3d:b0:3f:96:39:b4:8a:99:d3:56:11:da:07:88:82
Signer

Actual PE Digest

78:d3:24:5e:85:3c:4b:c1:8b:37:3d:e5:6a:07:0e:44:4c:3d:b0:3f:96:39:b4:8a:99:d3:56:11:da:07:88:82

Digest Algorithm

sha256

PE Digest Matches

true

65:d7:26:a4:38:96:f3:87:0e:8a:0d:1d:53:37:42:c0:e3:00:58:47
Signer

Actual PE Digest

65:d7:26:a4:38:96:f3:87:0e:8a:0d:1d:53:37:42:c0:e3:00:58:47

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

O:\webex-wcl\output\maps\release\WCLDll.pdb

Imports

kernel32

SetEvent
OutputDebugStringW
IsDebuggerPresent
LoadLibraryExA
VirtualFree
VirtualAlloc
IsProcessorFeaturePresent
WaitForSingleObjectEx
GlobalUnlock
InterlockedPushEntrySList
InterlockedPopEntrySList
InitializeSListHead
GetProcessHeap
HeapFree
HeapAlloc
EncodePointer
ResetEvent
CreateEventW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
QueryPerformanceCounter
GetSystemTimeAsFileTime
LoadLibraryExW
FlushInstructionCache
GetTickCount
lstrcmpiW
WideCharToMultiByte
FreeLibrary
GetModuleHandleW
GetCurrentProcessId
DeleteCriticalSection
GetFileSize
GlobalLock
MulDiv
GetProcAddress
SetCurrentDirectoryW
DecodePointer
GetCurrentDirectoryW
FindResourceW
LoadResource
RaiseException
CloseHandle
GlobalFree
DeleteFileW
GlobalAlloc
LockResource
DisableThreadLibraryCalls
CreateDirectoryW
GlobalSize
GetLastError
CompareStringA
GetExitCodeThread
MultiByteToWideChar
GetCurrentThreadId
CreateFileW
WaitForSingleObject
FindClose
GetTempPathW
SetFilePointer
InitializeCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
GetModuleFileNameW
RemoveDirectoryW
WriteFile
FindNextFileW
EnterCriticalSection
CompareStringW
FindFirstFileW
SizeofResource
ReadFile
GetCurrentProcess

user32

GetMenuState
GetSystemMenu
DefWindowProcW
GetMenuItemInfoW
RegisterClipboardFormatW
GetMessageW
GetWindowThreadProcessId
GetWindowLongW
GetWindow
DeleteMenu
ScreenToClient
SendMessageW
CallNextHookEx
SetWindowTextW
MsgWaitForMultipleObjects
RegisterClassExW
WindowFromPoint
LoadAcceleratorsW
TrackPopupMenu
LoadStringW
GetSubMenu
GetActiveWindow
ShowWindow
IsWindow
OpenClipboard
GetCapture
DispatchMessageW
GetKeyState
DestroyIcon
GetMonitorInfoW
ClientToScreen
CloseClipboard
SetMenuItemInfoW
DestroyAcceleratorTable
EmptyClipboard
PeekMessageW
IsChild
MapWindowPoints
CreateIconFromResourceEx
TrackMouseEvent
GetKeyboardLayout
DrawFocusRect
GetSysColor
IsWindowEnabled
UnhookWindowsHookEx
DestroyMenu
SetLayeredWindowAttributes
SetFocus
GetMenuStringW
CharNextW
TranslateAcceleratorW
SetPropW
GetUpdateRect
TranslateMessage
GetClipboardData
LoadCursorW
LoadMenuW
SetTimer
PostMessageW
EnableWindow
GetWindowRgn
EndPaint
GetNextDlgTabItem
BeginPaint
GetCursorPos
ReleaseDC
IsIconic
GetDCEx
InvalidateRect
SetForegroundWindow
ReleaseCapture
UpdateWindow
GetWindowRect
GetMenuItemID
GetFocus
DestroyWindow
GetDC
IsWindowVisible
SetWindowPos
GetPropW
MonitorFromRect
GetParent
SystemParametersInfoW
CharLowerBuffW
EnableMenuItem
GetDesktopWindow
KillTimer
DrawIconEx
PostThreadMessageW
DrawTextW
UpdateLayeredWindow
MonitorFromWindow
GetMenuItemCount
ValidateRect
CreateWindowExW
GetClassNameW
SetCapture
GetWindowDC
SetWindowsHookExW
SetClipboardData
SetCursor
SetWindowLongW
GetClientRect
IsZoomed
GetClassLongW
IsClipboardFormatAvailable

gdi32

SetStretchBltMode
SetBkColor
MoveToEx
ExcludeClipRect
CreatePen
LineTo
SetBkMode
SetTextColor
DeleteDC
CreateRectRgn
OffsetRgn
CreatePatternBrush
GetTextMetricsW
RestoreDC
Polyline
SetLayout
StretchDIBits
StretchBlt
SetGraphicsMode
PatBlt
GetTextExtentExPointW
CreateCompatibleDC
GetWorldTransform
CreateDIBSection
SelectObject
ModifyWorldTransform
SaveDC
BitBlt
DeleteObject
CreateBitmap
ExtSelectClipRgn
CreateFontIndirectW
GetObjectType
ExtTextOutW
IntersectClipRect
GetDeviceCaps
GetStockObject
SetWorldTransform

advapi32

RegQueryInfoKeyW
RegDeleteKeyW
RegCreateKeyExW
RegEnumKeyExW
RegSetValueExW
RegOpenKeyExW
RegDeleteValueW
RegCloseKey

shell32

ShellExecuteW
SHAppBarMessage

ole32

CoTaskMemFree
CoTaskMemRealloc
OleDuplicateData
CoInitializeEx
CoLoadLibrary
RegisterDragDrop
ReleaseStgMedium
OleLockRunning
DoDragDrop
CoCreateInstance
CoTaskMemAlloc
CLSIDFromString

oleaut32

VarUI4FromStr

msvcp140

?_Xlength_error@std@@YAXPBD@Z
?_Xout_of_range@std@@YAXPBD@Z

msimg32

AlphaBlend
GradientFill

dwmapi

DwmIsCompositionEnabled
DwmFlush
DwmExtendFrameIntoClientArea

usp10

ScriptLayout
ScriptBreak
ScriptApplyDigitSubstitution
ScriptItemize
ScriptRecordDigitSubstitution

imm32

ImmAssociateContextEx
ImmAssociateContext
ImmGetCompositionStringW
ImmSetCompositionWindow
ImmSetCompositionFontW
ImmReleaseContext
ImmGetContext
ImmGetCompositionFontW
ImmIsIME

vcruntime140

memset
memmove
__std_type_info_destroy_list
__std_exception_copy
__std_exception_destroy
strchr
_except_handler4_common
strstr
memchr
memcmp
memcpy
__CxxFrameHandler3
_purecall
__std_terminate
__std_type_info_name
wcsstr
wcschr
_CxxThrowException

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vswprintf
__stdio_common_vsscanf
__stdio_common_vsprintf

api-ms-win-crt-locale-l1-1-0

setlocale

api-ms-win-crt-time-l1-1-0

_time64
clock

api-ms-win-crt-string-l1-1-0

strncpy
towlower
strncmp
wcsncmp
wcsncpy_s
tolower

api-ms-win-crt-heap-l1-1-0

free
realloc
malloc
_recalloc
_callnewh

api-ms-win-crt-runtime-l1-1-0

_execute_onexit_table
_crt_atexit
_register_onexit_function
_cexit
_initterm
_initterm_e
_beginthreadex
_initialize_onexit_table
_invalid_parameter_noinfo
_errno
_initialize_narrow_environment
_invalid_parameter_noinfo_noreturn
_configure_narrow_argv
_seh_filter_dll
terminate

api-ms-win-crt-utility-l1-1-0

qsort

api-ms-win-crt-convert-l1-1-0

strtoll
strtol

api-ms-win-crt-math-l1-1-0

_CIatan2
_CIfmod
_libm_sse2_acos_precise
_libm_sse2_cos_precise
_libm_sse2_exp_precise
_libm_sse2_pow_precise
_libm_sse2_sin_precise
_libm_sse2_sqrt_precise
_libm_sse2_tan_precise
ceil
floor
_except1
_libm_sse2_log_precise

Exports

Exports

?RemoveHook@CHookCallWnd@AT@@QAEXXZ
?RemoveHook@CHookCallWndRet@AT@@QAEXXZ
?RemoveHook@CHookCbt@AT@@QAEXXZ
?RemoveHook@CHookForegroundIdle@AT@@QAEXXZ
?RemoveHook@CHookGetMessage@AT@@QAEXXZ
?RemoveHook@CHookGetMessageEx@AT@@QAEXXZ
?RemoveHook@CHookKeyboard@AT@@QAEXXZ
?RemoveHook@CHookKeyboardLL@AT@@QAEXXZ
?RemoveHook@CHookMouse@AT@@QAEXXZ
?RemoveHook@CHookMouseLL@AT@@QAEXXZ
?RemoveHook@CHookMsgFilter@AT@@QAEXXZ
?RemoveHook@CHookShell@AT@@QAEXXZ
?RemoveHook@CHookSysMsgFilter@AT@@QAEXXZ
?SetHook@CHookCallWnd@AT@@QAEXXZ
?SetHook@CHookCallWndRet@AT@@QAEXXZ
?SetHook@CHookCbt@AT@@QAEXXZ
?SetHook@CHookForegroundIdle@AT@@QAEXXZ
?SetHook@CHookGetMessage@AT@@QAEXXZ
?SetHook@CHookGetMessageEx@AT@@QAEXXZ
?SetHook@CHookKeyboard@AT@@QAEXXZ
?SetHook@CHookKeyboardLL@AT@@QAEXXZ
?SetHook@CHookMouse@AT@@QAEXXZ
?SetHook@CHookMouseLL@AT@@QAEXXZ
?SetHook@CHookMsgFilter@AT@@QAEXXZ
?SetHook@CHookShell@AT@@QAEXXZ
?SetHook@CHookSysMsgFilter@AT@@QAEXXZ
AniCreate
AniGetCurrentFrame
AniGetData
AniGetPassed
AniIsRunning
AniKill
AniPause
AniResume
AniSetCurrentFrame
AniSetData
AniSetDelay
EaseCalcProgress
EaseCreateBack
EaseCreateBounce
EaseCreateCircle
EaseCreateElastic
EaseCreateExponential
EaseCreatePower
EaseCreateSine
ImageAddRef
ImageBitBlt
ImageConvertBitCount
ImageConvertColor
ImageConvertForGL
ImageCreateDC
ImageCreateFromFile
ImageCreateFromGDIObject
ImageCreateFromIPicture
ImageCreateFromMem
ImageCreateFromResource
ImageCreateFromStream
ImageCreateIndirect
ImageCreateThumbnail
ImageDeleteDC
ImageFill
ImageGetBitCount
ImageGetBitmap
ImageGetCurrentFrame
ImageGetDelay
ImageGetFrameCount
ImageGetHeight
ImageGetWidth
ImageLockBits
ImageLockRect
ImageReCreate
ImageRelease
ImageSaveFile
ImageSetColorKey
ImageSetCurrentFrame
ImageSharpBlt
ImageStretchBlt
_at_debug_leak_opt
_at_debug_trace_create
_at_debug_trace_set
_gxTextWordBreakProc@16
at_astr_chri
at_astr_converted
at_astr_converted_a
at_astr_converted_a_or_utf
at_astr_len
at_astr_match
at_astr_ncpy
at_astr_split_chr
at_astr_split_chri
at_astr_split_line
at_astr_split_str
at_astr_split_stri
at_astr_stri
at_astr_tod
at_astr_tol
at_call_done
at_call_done1
at_call_donei
at_call_flush
at_call_init
at_call_term
at_clipboard_set_string
at_dib_format_from_mem
at_dib_format_from_stream
at_dom_child_all_count
at_dom_child_count
at_dom_enum
at_dom_is_child
at_dom_level
at_dom_remove_child
at_dom_root
at_dom_set_zorder
at_dom_xml_create
at_dom_xml_parser
at_dom_xml_save
at_drag_add_file_array
at_drag_add_files
at_drag_add_global
at_drag_add_mem
at_drag_add_meta
at_drag_add_stream
at_drag_add_text_a
at_drag_add_text_aw
at_drag_add_text_w
at_drag_close
at_drag_done
at_drag_init
at_drag_set_image
at_drag_show_image
at_drag_stop
at_drop_get_data
at_drop_get_string_a
at_drop_get_string_w
at_fs_find_first
at_fs_mkdirs
at_fs_rmdirs
at_fs_search
at_fs_tmpfile
at_fs_tmppath
at_lzw_decode
at_mem_alloc
at_mem_cmp
at_mem_cpy
at_mem_free
at_mem_realloc
at_mem_set
at_stream_create_from_file
at_stream_create_from_resource
at_stream_create_from_sream
at_stream_create_session_from_sream
at_wstr_chri
at_wstr_converted
at_wstr_len
at_wstr_match
at_wstr_ncpy
at_wstr_split_chr
at_wstr_split_chri
at_wstr_split_line
at_wstr_split_str
at_wstr_split_stri
at_wstr_stri
at_wstr_tod
at_wstr_tol
at_xml_child
at_xml_child_bytoken
at_xml_child_i
at_xml_name
at_xml_node
at_xml_parse_color
at_xml_parser
at_xml_property
at_xml_text_decode
at_xml_text_encode
at_xml_value
ata_urldec
ata_urlenc
gxDrawLine
gxDrawPolyline
gxFontGetDefault
gxGetApp20191127
gxSetDefaultDevices
gxSetNotify
gxTextCreate
wclAnimateWindow
wclCaretGetInfo
wclChangeFrame
wclChildWindowFromPoint
wclClientToScreen
wclClientToScreenI
wclConvertToPic
wclCreateByObjectID
wclDebugIsWindowValid
wclDefRouteProc
wclDefSubclassMgrProc
wclDefSubclassProc
wclDestroyWindow
wclDoDialogBox
wclDoDrag
wclDoMenuPop
wclEnableNotify
wclEnableWindow
wclEndDialog
wclEnumAllChildWindows
wclGetAccText
wclGetApp20191211
wclGetBindState
wclGetClassName
wclGetClientRect
wclGetDPI
wclGetDlgCtrlID
wclGetDlgCtrlObjectID
wclGetDlgItem
wclGetExStyle
wclGetHWND
wclGetHash
wclGetHint
wclGetLayOut
wclGetMenuPop
wclGetModule
wclGetPaddingRect
wclGetParent
wclGetProjectRect
wclGetRichContext
wclGetStyle
wclGetTag
wclGetWindow
wclGetWindowRect
wclGetWindowText
wclInvalidateRect
wclIsChild
wclIsEnableNotify
wclPostMessage
wclScreenToClient
wclScreenToClientI
wclSendBroadcastMessage
wclSendMessage
wclSetDlgCtrlID
wclSetDragImage
wclSetExStyle
wclSetHash
wclSetLayOut
wclSetParent
wclSetStyle
wclSetTag
wclSetWindowPos
wclSortChild
wclSubclassMgr
wclSubclassWindow
wclUnsubclassMgr
wclUnsubclassWindow
wclUpdateWindow

Sections

.text
Size: 400KB - Virtual size: 400KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 115KB - Virtual size: 114KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 22KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 35KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
List of suspected clients/assignat.avi
List of suspected clients/moorefiles.pdf
.pdf
List of suspected clients/msvcp140.dll
.dll windows:6 windows x86 arch:x86

c6ca052e00ae17bd34817e5c66c25980

Code Sign

33:00:00:00:b9:bc:0f:4e:57:e3:66:65:38:00:00:00:00:00:b9
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

07-09-2016 17:58

Not After

07-09-2018 17:58

Subject

CN=Microsoft Time-Stamp Service,OU=AOC+OU=nCipher DSE ESN:6BF6-2D52-92C1,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

33:00:00:01:78:25:5a:b5:cd:23:c6:5f:95:00:01:00:00:01:78
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

11-08-2017 20:11

Not After

11-08-2018 20:11

Subject

CN=Microsoft Corporation,OU=AOC,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:33:26:1a:00:00:00:00:00:31
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

31-08-2010 22:19

Not After

31-08-2020 22:29

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03-04-2007 12:53

Not After

03-04-2021 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:01:52:ed:89:4e:58:52:dd:bc:2f:00:00:00:00:01:52
Certificate

Issuer

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

18-01-2017 17:37

Not After

12-04-2018 17:37

Subject

CN=Microsoft Corporation,OU=AOC,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0c:52:4c:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

06-07-2010 20:40

Not After

06-07-2025 20:50

Subject

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0b:ca:f1:b3:24:c9:2b:a6:a7:10:5d:74:76:60:4b:73:02:19:70:3f:63:d9:2e:00:76:77:35:ac:00:76:3f:b1
Signer

Actual PE Digest

0b:ca:f1:b3:24:c9:2b:a6:a7:10:5d:74:76:60:4b:73:02:19:70:3f:63:d9:2e:00:76:77:35:ac:00:76:3f:b1

Digest Algorithm

sha256

PE Digest Matches

true

b2:9c:71:c6:99:a0:3c:8b:79:f2:1c:fa:3f:fd:51:c9:f8:4f:63:ad
Signer

Actual PE Digest

b2:9c:71:c6:99:a0:3c:8b:79:f2:1c:fa:3f:fd:51:c9:f8:4f:63:ad

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

msvcp140.i386.pdb

Imports

vcruntime140

memchr
memcpy
__std_type_info_destroy_list
_except_handler4_common
memset
_CxxThrowException
memcmp
__CxxFrameHandler3
__std_exception_destroy
__current_exception
__AdjustPointer
__uncaught_exception
__uncaught_exceptions
memmove
__std_exception_copy
_purecall
__std_terminate
__processing_throw

api-ms-win-crt-string-l1-1-0

isspace
islower
wcscpy_s
wcsnlen
__strncnt
_wcsdup
iswctype
strcspn
tolower
isalnum
isxdigit
isdigit
isupper

api-ms-win-crt-heap-l1-1-0

calloc
_calloc_base
free
_realloc_base
_malloc_base
_callnewh
_free_base
malloc

api-ms-win-crt-locale-l1-1-0

_unlock_locales
___lc_codepage_func
_lock_locales
setlocale
localeconv
___lc_collate_cp_func
__pctype_func
___lc_locale_name_func
___mb_cur_max_func

api-ms-win-crt-runtime-l1-1-0

terminate
abort
_seh_filter_dll
_initterm_e
_initterm
_cexit
_crt_atexit
_execute_onexit_table
_register_onexit_function
_initialize_onexit_table
_initialize_narrow_environment
_configure_narrow_argv
_endthreadex
_errno
_beginthreadex
_invalid_parameter_noinfo_noreturn
_invalid_parameter_noinfo
_set_new_handler

api-ms-win-crt-stdio-l1-1-0

fputwc
__stdio_common_vsprintf_s
fputs
_fsopen
fseek
_wfsopen
_get_stream_buffer_pointers
fgetwc
_fseeki64
__acrt_iob_func
fputc
fsetpos
ungetc
setvbuf
fgetpos
fwrite
ungetwc
fgetc
fflush
fclose

api-ms-win-crt-math-l1-1-0

ldexp
_CIpow
frexp
_CIlog

api-ms-win-crt-multibyte-l1-1-0

_ismbblead

api-ms-win-crt-convert-l1-1-0

strtof
btowc
strtod

api-ms-win-crt-time-l1-1-0

_Gettnames
_Getmonths
_Wcsftime
_Strftime
_Getdays
_W_Getdays
_W_Gettnames
_W_Getmonths

api-ms-win-crt-filesystem-l1-1-0

_wchdir
_unlock_file
_wrename
_lock_file
_wrmdir
_wremove

api-ms-win-crt-environment-l1-1-0

_wgetcwd

api-ms-win-crt-utility-l1-1-0

rand_s

kernel32

RtlCaptureStackBackTrace
GetCurrentThread
Sleep
GetExitCodeThread
DuplicateHandle
GetCurrentThreadId
GetCurrentProcess
CloseHandle
GetNativeSystemInfo
QueryPerformanceFrequency
QueryPerformanceCounter
GetStringTypeW
MultiByteToWideChar
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
WideCharToMultiByte
EncodePointer
RaiseException
DecodePointer
GetCPInfo
CompareStringW
GetLocaleInfoW
LCMapStringW
LoadLibraryExA
FreeLibrary
VirtualQuery
VirtualProtect
GetSystemInfo
AreFileApisANSI
InitializeSListHead
CreateDirectoryW
FindFirstFileExW
GetCurrentProcessId
IsDebuggerPresent
TerminateProcess
SetUnhandledExceptionFilter
FindNextFileW
SetFileTime
SetEndOfFile
GetTempPathW
UnhandledExceptionFilter
GetProcAddress
CreateHardLinkW
GetModuleHandleW
FindClose
CreateFileW
GetTickCount
GetSystemTimeAsFileTime
CreateEventW
InitializeCriticalSectionAndSpinCount
SetLastError
QueueUserWorkItem
GetModuleHandleExW
SetFileAttributesW
GetFileInformationByHandle
IsProcessorFeaturePresent
WaitForSingleObjectEx
TryEnterCriticalSection
FormatMessageW
CopyFileW
SetFilePointerEx
GetDiskFreeSpaceExW
GetFileAttributesExW
GetLastError

Exports

Exports

??$_Getvals@_W@?$time_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@IAEX_WABV_Locinfo@1@@Z
??$_Getvals@_W@?$time_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@IAEX_WABV_Locinfo@1@@Z
??$_Getvals@_W@?$time_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@IAEX_WABV_Locinfo@1@@Z
??0?$_Yarn@D@std@@QAE@ABV01@@Z
??0?$_Yarn@D@std@@QAE@PBD@Z
??0?$_Yarn@D@std@@QAE@XZ
??0?$_Yarn@G@std@@QAE@ABV01@@Z
??0?$_Yarn@G@std@@QAE@PBG@Z
??0?$_Yarn@G@std@@QAE@XZ
??0?$_Yarn@_W@std@@QAE@ABV01@@Z
??0?$_Yarn@_W@std@@QAE@PB_W@Z
??0?$_Yarn@_W@std@@QAE@XZ
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
??0?$basic_ios@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??0?$basic_ios@GU?$char_traits@G@std@@@std@@IAE@XZ
??0?$basic_ios@GU?$char_traits@G@std@@@std@@QAE@PAV?$basic_streambuf@GU?$char_traits@G@std@@@1@@Z
??0?$basic_ios@_WU?$char_traits@_W@std@@@std@@IAE@XZ
??0?$basic_ios@_WU?$char_traits@_W@std@@@std@@QAE@PAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@@Z
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@IAE@$$QAV01@@Z
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??0?$basic_iostream@GU?$char_traits@G@std@@@std@@IAE@$$QAV01@@Z
??0?$basic_iostream@GU?$char_traits@G@std@@@std@@QAE@PAV?$basic_streambuf@GU?$char_traits@G@std@@@1@@Z
??0?$basic_iostream@_WU?$char_traits@_W@std@@@std@@IAE@$$QAV01@@Z
??0?$basic_iostream@_WU?$char_traits@_W@std@@@std@@QAE@PAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@@Z
??0?$basic_istream@DU?$char_traits@D@std@@@std@@IAE@$$QAV01@@Z
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N1@Z
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QAE@W4_Uninitialized@1@@Z
??0?$basic_istream@GU?$char_traits@G@std@@@std@@IAE@$$QAV01@@Z
??0?$basic_istream@GU?$char_traits@G@std@@@std@@QAE@PAV?$basic_streambuf@GU?$char_traits@G@std@@@1@_N1@Z
??0?$basic_istream@GU?$char_traits@G@std@@@std@@QAE@PAV?$basic_streambuf@GU?$char_traits@G@std@@@1@_N@Z
??0?$basic_istream@GU?$char_traits@G@std@@@std@@QAE@W4_Uninitialized@1@@Z
??0?$basic_istream@_WU?$char_traits@_W@std@@@std@@IAE@$$QAV01@@Z
??0?$basic_istream@_WU?$char_traits@_W@std@@@std@@QAE@PAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@_N1@Z
??0?$basic_istream@_WU?$char_traits@_W@std@@@std@@QAE@PAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@_N@Z
??0?$basic_istream@_WU?$char_traits@_W@std@@@std@@QAE@W4_Uninitialized@1@@Z
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@IAE@$$QAV01@@Z
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@W4_Uninitialized@1@_N@Z
??0?$basic_ostream@GU?$char_traits@G@std@@@std@@IAE@$$QAV01@@Z
??0?$basic_ostream@GU?$char_traits@G@std@@@std@@QAE@PAV?$basic_streambuf@GU?$char_traits@G@std@@@1@_N@Z
??0?$basic_ostream@GU?$char_traits@G@std@@@std@@QAE@W4_Uninitialized@1@_N@Z
??0?$basic_ostream@_WU?$char_traits@_W@std@@@std@@IAE@$$QAV01@@Z
??0?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAE@PAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@_N@Z
??0?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAE@W4_Uninitialized@1@_N@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@ABV01@@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@W4_Uninitialized@1@@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
??0?$basic_streambuf@GU?$char_traits@G@std@@@std@@IAE@ABV01@@Z
??0?$basic_streambuf@GU?$char_traits@G@std@@@std@@IAE@W4_Uninitialized@1@@Z
??0?$basic_streambuf@GU?$char_traits@G@std@@@std@@IAE@XZ
??0?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAE@ABV01@@Z
??0?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAE@W4_Uninitialized@1@@Z
??0?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAE@XZ
??0?$codecvt@DDU_Mbstatet@@@std@@QAE@ABV_Locinfo@1@I@Z
??0?$codecvt@DDU_Mbstatet@@@std@@QAE@I@Z
??0?$codecvt@GDU_Mbstatet@@@std@@QAE@ABV_Locinfo@1@I@Z
??0?$codecvt@GDU_Mbstatet@@@std@@QAE@I@Z
??0?$codecvt@_SDU_Mbstatet@@@std@@QAE@ABV_Locinfo@1@I@Z
??0?$codecvt@_SDU_Mbstatet@@@std@@QAE@ABV_Locinfo@1@KW4_Codecvt_mode@1@I@Z
??0?$codecvt@_SDU_Mbstatet@@@std@@QAE@I@Z
??0?$codecvt@_UDU_Mbstatet@@@std@@QAE@ABV_Locinfo@1@I@Z
??0?$codecvt@_UDU_Mbstatet@@@std@@QAE@ABV_Locinfo@1@KW4_Codecvt_mode@1@I@Z
??0?$codecvt@_UDU_Mbstatet@@@std@@QAE@I@Z
??0?$codecvt@_WDU_Mbstatet@@@std@@QAE@ABV_Locinfo@1@I@Z
??0?$codecvt@_WDU_Mbstatet@@@std@@QAE@I@Z
??0?$ctype@D@std@@QAE@ABV_Locinfo@1@I@Z
??0?$ctype@D@std@@QAE@PBF_NI@Z
??0?$ctype@G@std@@QAE@ABV_Locinfo@1@I@Z
??0?$ctype@G@std@@QAE@I@Z
??0?$ctype@_W@std@@QAE@ABV_Locinfo@1@I@Z
??0?$ctype@_W@std@@QAE@I@Z
??0?$num_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QAE@ABV_Locinfo@1@I@Z
??0?$num_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QAE@I@Z
??0?$num_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QAE@ABV_Locinfo@1@I@Z
??0?$num_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QAE@I@Z
??0?$num_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@QAE@ABV_Locinfo@1@I@Z
??0?$num_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@QAE@I@Z
??0?$num_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QAE@ABV_Locinfo@1@I@Z
??0?$num_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QAE@I@Z
??0?$num_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QAE@ABV_Locinfo@1@I@Z
??0?$num_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QAE@I@Z
??0?$num_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@QAE@ABV_Locinfo@1@I@Z
??0?$num_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@QAE@I@Z
??0?$time_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@IAE@PBDI@Z
??0?$time_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QAE@ABV_Locinfo@1@I@Z
??0?$time_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QAE@I@Z
??0?$time_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@IAE@PBDI@Z
??0?$time_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QAE@ABV_Locinfo@1@I@Z
??0?$time_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QAE@I@Z
??0?$time_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@IAE@PBDI@Z
??0?$time_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@QAE@ABV_Locinfo@1@I@Z
??0?$time_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@QAE@I@Z
??0?$time_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QAE@ABV_Locinfo@1@I@Z
??0?$time_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QAE@I@Z
??0?$time_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@IAE@PBDI@Z
??0?$time_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QAE@ABV_Locinfo@1@I@Z
??0?$time_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QAE@I@Z
??0?$time_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@IAE@PBDI@Z
??0?$time_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@QAE@ABV_Locinfo@1@I@Z
??0?$time_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@QAE@I@Z
??0Init@ios_base@std@@QAE@XZ
??0_Facet_base@std@@QAE@ABV01@@Z
??0_Facet_base@std@@QAE@XZ
??0_Init_locks@std@@QAE@XZ
??0_Locimp@locale@std@@AAE@ABV012@@Z
??0_Locimp@locale@std@@AAE@_N@Z
??0_Locinfo@std@@QAE@HPBD@Z
??0_Locinfo@std@@QAE@PBD@Z
??0_Lockit@std@@QAE@H@Z
??0_Lockit@std@@QAE@XZ
??0_Timevec@std@@QAE@ABV01@@Z
??0_Timevec@std@@QAE@PAX@Z
??0_UShinit@std@@QAE@XZ
??0_Winit@std@@QAE@XZ
??0codecvt_base@std@@QAE@I@Z
??0ctype_base@std@@QAE@I@Z
??0facet@locale@std@@IAE@I@Z
??0id@locale@std@@QAE@I@Z
??0ios_base@std@@IAE@XZ
??0task_continuation_context@Concurrency@@AAE@XZ
??0time_base@std@@QAE@I@Z
??1?$_Yarn@D@std@@QAE@XZ
??1?$_Yarn@G@std@@QAE@XZ
??1?$_Yarn@_W@std@@QAE@XZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_ios@GU?$char_traits@G@std@@@std@@UAE@XZ
??1?$basic_ios@_WU?$char_traits@_W@std@@@std@@UAE@XZ
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_iostream@GU?$char_traits@G@std@@@std@@UAE@XZ
??1?$basic_iostream@_WU?$char_traits@_W@std@@@std@@UAE@XZ
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_istream@GU?$char_traits@G@std@@@std@@UAE@XZ
??1?$basic_istream@_WU?$char_traits@_W@std@@@std@@UAE@XZ
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_ostream@GU?$char_traits@G@std@@@std@@UAE@XZ
??1?$basic_ostream@_WU?$char_traits@_W@std@@@std@@UAE@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_streambuf@GU?$char_traits@G@std@@@std@@UAE@XZ
??1?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UAE@XZ
??1?$codecvt@DDU_Mbstatet@@@std@@MAE@XZ
??1?$codecvt@GDU_Mbstatet@@@std@@MAE@XZ
??1?$codecvt@_SDU_Mbstatet@@@std@@MAE@XZ
??1?$codecvt@_UDU_Mbstatet@@@std@@MAE@XZ
??1?$codecvt@_WDU_Mbstatet@@@std@@MAE@XZ
??1?$ctype@D@std@@MAE@XZ
??1?$ctype@G@std@@MAE@XZ
??1?$ctype@_W@std@@MAE@XZ
??1?$num_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@MAE@XZ
??1?$num_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@MAE@XZ
??1?$num_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@MAE@XZ
??1?$num_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@MAE@XZ
??1?$num_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@MAE@XZ
??1?$num_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@MAE@XZ
??1?$time_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@MAE@XZ
??1?$time_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@MAE@XZ
??1?$time_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@MAE@XZ
??1?$time_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@MAE@XZ
??1?$time_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@MAE@XZ
??1?$time_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@MAE@XZ
??1Init@ios_base@std@@QAE@XZ
??1_Facet_base@std@@UAE@XZ
??1_Init_locks@std@@QAE@XZ
??1_Locimp@locale@std@@MAE@XZ
??1_Locinfo@std@@QAE@XZ
??1_Lockit@std@@QAE@XZ
??1_Timevec@std@@QAE@XZ
??1_UShinit@std@@QAE@XZ
??1_Winit@std@@QAE@XZ
??1codecvt_base@std@@UAE@XZ
??1ctype_base@std@@UAE@XZ
??1facet@locale@std@@MAE@XZ
??1ios_base@std@@UAE@XZ
??1time_base@std@@UAE@XZ
??4?$_Iosb@H@std@@QAEAAV01@$$QAV01@@Z
??4?$_Iosb@H@std@@QAEAAV01@ABV01@@Z
??4?$_Yarn@D@std@@QAEAAV01@ABV01@@Z
??4?$_Yarn@D@std@@QAEAAV01@PBD@Z
??4?$_Yarn@G@std@@QAEAAV01@ABV01@@Z
??4?$_Yarn@G@std@@QAEAAV01@PBG@Z
??4?$_Yarn@_W@std@@QAEAAV01@ABV01@@Z
??4?$_Yarn@_W@std@@QAEAAV01@PB_W@Z
??4?$basic_iostream@DU?$char_traits@D@std@@@std@@IAEAAV01@$$QAV01@@Z
??4?$basic_iostream@GU?$char_traits@G@std@@@std@@IAEAAV01@$$QAV01@@Z
??4?$basic_iostream@_WU?$char_traits@_W@std@@@std@@IAEAAV01@$$QAV01@@Z
??4?$basic_istream@DU?$char_traits@D@std@@@std@@IAEAAV01@$$QAV01@@Z
??4?$basic_istream@GU?$char_traits@G@std@@@std@@IAEAAV01@$$QAV01@@Z
??4?$basic_istream@_WU?$char_traits@_W@std@@@std@@IAEAAV01@$$QAV01@@Z
??4?$basic_ostream@DU?$char_traits@D@std@@@std@@IAEAAV01@$$QAV01@@Z
??4?$basic_ostream@GU?$char_traits@G@std@@@std@@IAEAAV01@$$QAV01@@Z
??4?$basic_ostream@_WU?$char_traits@_W@std@@@std@@IAEAAV01@$$QAV01@@Z
??4?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEAAV01@ABV01@@Z
??4?$basic_streambuf@GU?$char_traits@G@std@@@std@@IAEAAV01@ABV01@@Z
??4?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAEAAV01@ABV01@@Z
??4Init@ios_base@std@@QAEAAV012@ABV012@@Z
??4_Crt_new_delete@std@@QAEAAU01@$$QAU01@@Z
??4_Crt_new_delete@std@@QAEAAU01@ABU01@@Z
??4_Facet_base@std@@QAEAAV01@ABV01@@Z
??4_Init_locks@std@@QAEAAV01@ABV01@@Z
??4_Timevec@std@@QAEAAV01@ABV01@@Z
??4_UShinit@std@@QAEAAV01@ABV01@@Z
??4_Winit@std@@QAEAAV01@ABV01@@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AAF@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AAG@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AAH@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AAI@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AAJ@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AAK@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AAM@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AAN@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AAO@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AAPAX@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AA_J@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AA_K@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AA_N@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV?$basic_ios@DU?$char_traits@D@std@@@1@AAV21@@Z@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAVios_base@1@AAV21@@Z@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QAEAAV01@AAF@Z
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QAEAAV01@AAG@Z
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QAEAAV01@AAH@Z
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QAEAAV01@AAI@Z
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QAEAAV01@AAJ@Z
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QAEAAV01@AAK@Z
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QAEAAV01@AAM@Z
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QAEAAV01@AAN@Z
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QAEAAV01@AAO@Z
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QAEAAV01@AAPAX@Z
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QAEAAV01@AA_J@Z
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QAEAAV01@AA_K@Z
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QAEAAV01@AA_N@Z
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QAEAAV01@P6AAAV?$basic_ios@GU?$char_traits@G@std@@@1@AAV21@@Z@Z
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QAEAAV01@P6AAAVios_base@1@AAV21@@Z@Z
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QAEAAV01@PAV?$basic_streambuf@GU?$char_traits@G@std@@@1@@Z
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@AAF@Z
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@AAG@Z
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@AAH@Z
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@AAI@Z
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@AAJ@Z
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@AAK@Z
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@AAM@Z
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@AAN@Z
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@AAO@Z
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@AAPAX@Z
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@AA_J@Z
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@AA_K@Z
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@AA_N@Z
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@P6AAAV?$basic_ios@_WU?$char_traits@_W@std@@@1@AAV21@@Z@Z
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@P6AAAVios_base@1@AAV21@@Z@Z
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@PAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@F@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@G@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@H@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@I@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@J@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@K@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@M@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@N@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@O@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV?$basic_ios@DU?$char_traits@D@std@@@1@AAV21@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAVios_base@1@AAV21@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@PBX@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@_J@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@_K@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@_N@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEAAV01@F@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEAAV01@G@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEAAV01@H@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEAAV01@I@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEAAV01@J@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEAAV01@K@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEAAV01@M@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEAAV01@N@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEAAV01@O@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEAAV01@P6AAAV?$basic_ios@GU?$char_traits@G@std@@@1@AAV21@@Z@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEAAV01@P6AAAVios_base@1@AAV21@@Z@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEAAV01@PAV?$basic_streambuf@GU?$char_traits@G@std@@@1@@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEAAV01@PBX@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEAAV01@_J@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEAAV01@_K@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEAAV01@_N@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@F@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@G@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@H@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@I@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@J@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@K@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@M@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@N@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@O@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@P6AAAV?$basic_ios@_WU?$char_traits@_W@std@@@1@AAV21@@Z@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@P6AAAVios_base@1@AAV21@@Z@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@PAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@PBX@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@_J@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@_K@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@_N@Z
??7ios_base@std@@QBE_NXZ
??Bid@locale@std@@QAEIXZ
??Bios_base@std@@QBE_NXZ
??_7?$basic_ios@DU?$char_traits@D@std@@@std@@6B@
??_7?$basic_ios@GU?$char_traits@G@std@@@std@@6B@
??_7?$basic_ios@_WU?$char_traits@_W@std@@@std@@6B@
??_7?$basic_iostream@DU?$char_traits@D@std@@@std@@6B@
??_7?$basic_iostream@GU?$char_traits@G@std@@@std@@6B@
??_7?$basic_iostream@_WU?$char_traits@_W@std@@@std@@6B@
??_7?$basic_istream@DU?$char_traits@D@std@@@std@@6B@
??_7?$basic_istream@GU?$char_traits@G@std@@@std@@6B@
??_7?$basic_istream@_WU?$char_traits@_W@std@@@std@@6B@
??_7?$basic_ostream@DU?$char_traits@D@std@@@std@@6B@
??_7?$basic_ostream@GU?$char_traits@G@std@@@std@@6B@
??_7?$basic_ostream@_WU?$char_traits@_W@std@@@std@@6B@
??_7?$basic_streambuf@DU?$char_traits@D@std@@@std@@6B@
??_7?$basic_streambuf@GU?$char_traits@G@std@@@std@@6B@
??_7?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@6B@
??_7?$codecvt@DDU_Mbstatet@@@std@@6B@
??_7?$codecvt@GDU_Mbstatet@@@std@@6B@
??_7?$codecvt@_SDU_Mbstatet@@@std@@6B@
??_7?$codecvt@_UDU_Mbstatet@@@std@@6B@
??_7?$codecvt@_WDU_Mbstatet@@@std@@6B@
??_7?$ctype@D@std@@6B@
??_7?$ctype@G@std@@6B@
??_7?$ctype@_W@std@@6B@
??_7?$num_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@6B@
??_7?$num_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@6B@
??_7?$num_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@6B@
??_7?$num_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@6B@
??_7?$num_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@6B@
??_7?$num_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@6B@
??_7?$time_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@6B@
??_7?$time_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@6B@
??_7?$time_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@6B@
??_7?$time_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@6B@
??_7?$time_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@6B@
??_7?$time_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@6B@
??_7_Facet_base@std@@6B@
??_7_Locimp@locale@std@@6B@
??_7codecvt_base@std@@6B@
??_7ctype_base@std@@6B@
??_7facet@locale@std@@6B@
??_7ios_base@std@@6B@
??_7time_base@std@@6B@
??_8?$basic_iostream@DU?$char_traits@D@std@@@std@@7B?$basic_istream@DU?$char_traits@D@std@@@1@@
??_8?$basic_iostream@DU?$char_traits@D@std@@@std@@7B?$basic_ostream@DU?$char_traits@D@std@@@1@@
??_8?$basic_iostream@GU?$char_traits@G@std@@@std@@7B?$basic_istream@GU?$char_traits@G@std@@@1@@
??_8?$basic_iostream@GU?$char_traits@G@std@@@std@@7B?$basic_ostream@GU?$char_traits@G@std@@@1@@
??_8?$basic_iostream@_WU?$char_traits@_W@std@@@std@@7B?$basic_istream@_WU?$char_traits@_W@std@@@1@@
??_8?$basic_iostream@_WU?$char_traits@_W@std@@@std@@7B?$basic_ostream@_WU?$char_traits@_W@std@@@1@@
??_8?$basic_istream@DU?$char_traits@D@std@@@std@@7B@
??_8?$basic_istream@GU?$char_traits@G@std@@@std@@7B@
??_8?$basic_istream@_WU?$char_traits@_W@std@@@std@@7B@
??_8?$basic_ostream@DU?$char_traits@D@std@@@std@@7B@
??_8?$basic_ostream@GU?$char_traits@G@std@@@std@@7B@
??_8?$basic_ostream@_WU?$char_traits@_W@std@@@std@@7B@
??_D?$basic_iostream@DU?$char_traits@D@std@@@std@@QAEXXZ
??_D?$basic_iostream@GU?$char_traits@G@std@@@std@@QAEXXZ
??_D?$basic_iostream@_WU?$char_traits@_W@std@@@std@@QAEXXZ
??_D?$basic_istream@DU?$char_traits@D@std@@@std@@QAEXXZ
??_D?$basic_istream@GU?$char_traits@G@std@@@std@@QAEXXZ
??_D?$basic_istream@_WU?$char_traits@_W@std@@@std@@QAEXXZ
??_D?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
??_D?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEXXZ
??_D?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEXXZ
??_F?$codecvt@DDU_Mbstatet@@@std@@QAEXXZ
??_F?$codecvt@GDU_Mbstatet@@@std@@QAEXXZ
??_F?$codecvt@_SDU_Mbstatet@@@std@@QAEXXZ
??_F?$codecvt@_UDU_Mbstatet@@@std@@QAEXXZ
??_F?$codecvt@_WDU_Mbstatet@@@std@@QAEXXZ
??_F?$ctype@D@std@@QAEXXZ
??_F?$ctype@G@std@@QAEXXZ
??_F?$ctype@_W@std@@QAEXXZ
??_F?$num_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QAEXXZ
??_F?$num_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QAEXXZ
??_F?$num_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@QAEXXZ
??_F?$num_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QAEXXZ
??_F?$num_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QAEXXZ
??_F?$num_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@QAEXXZ
??_F?$time_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QAEXXZ
??_F?$time_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QAEXXZ
??_F?$time_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@QAEXXZ
??_F?$time_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QAEXXZ
??_F?$time_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QAEXXZ
??_F?$time_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@QAEXXZ
??_F_Locinfo@std@@QAEXXZ
??_F_Timevec@std@@QAEXXZ
??_Fcodecvt_base@std@@QAEXXZ
??_Fctype_base@std@@QAEXXZ
??_Ffacet@locale@std@@QAEXXZ
??_Fid@locale@std@@QAEXXZ
??_Ftime_base@std@@QAEXXZ
?CaptureCallstack@platform@details@Concurrency@@YAIPAPAXII@Z
?GetCurrentThreadId@platform@details@Concurrency@@YAJXZ
?GetNextAsyncId@platform@details@Concurrency@@YAIXZ
?ReportUnhandledError@_ExceptionHolder@details@Concurrency@@AAEXXZ
?_Addcats@_Locinfo@std@@QAEAAV12@HPBD@Z
?_Addfac@_Locimp@locale@std@@AAEXPAVfacet@23@I@Z
?_Addstd@ios_base@std@@SAXPAV12@@Z
?_Assign@_ContextCallback@details@Concurrency@@AAEXPAX@Z
?_Atexit@@YAXP6AXXZ@Z
?_BADOFF@std@@3_JB
?_C_str@?$_Yarn@D@std@@QBEPBDXZ
?_C_str@?$_Yarn@G@std@@QBEPBGXZ
?_C_str@?$_Yarn@_W@std@@QBEPB_WXZ
?_CallInContext@_ContextCallback@details@Concurrency@@QBEXV?$function@$$A6AXXZ@std@@_N@Z
?_Callfns@ios_base@std@@AAEXW4event@12@@Z
?_Capture@_ContextCallback@details@Concurrency@@AAEXXZ
?_Clocptr@_Locimp@locale@std@@0PAV123@A
?_Decref@facet@locale@std@@UAEPAV_Facet_base@3@XZ
?_Donarrow@?$ctype@G@std@@IBEDGD@Z
?_Donarrow@?$ctype@_W@std@@IBED_WD@Z
?_Dowiden@?$ctype@G@std@@IBEGD@Z
?_Dowiden@?$ctype@_W@std@@IBE_WD@Z
?_Empty@?$_Yarn@D@std@@QBE_NXZ
?_Empty@?$_Yarn@G@std@@QBE_NXZ
?_Empty@?$_Yarn@_W@std@@QBE_NXZ
?_Execute_once@std@@YAHAAUonce_flag@1@P6GHPAX1PAPAX@Z1@Z
?_Ffmt@?$num_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@ABAPADPADDH@Z
?_Ffmt@?$num_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@ABAPADPADDH@Z
?_Ffmt@?$num_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@ABAPADPADDH@Z
?_Findarr@ios_base@std@@AAEAAU_Iosarray@12@H@Z
?_Fiopen@std@@YAPAU_iobuf@@PBDHH@Z
?_Fiopen@std@@YAPAU_iobuf@@PBGHH@Z
?_Fiopen@std@@YAPAU_iobuf@@PB_WHH@Z
?_Fput@?$num_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@ABA?AV?$ostreambuf_iterator@DU?$char_traits@D@std@@@2@V32@AAVios_base@2@DPBDI@Z
?_Fput@?$num_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@ABA?AV?$ostreambuf_iterator@GU?$char_traits@G@std@@@2@V32@AAVios_base@2@GPBDI@Z
?_Fput@?$num_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@ABA?AV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@2@V32@AAVios_base@2@_WPBDI@Z
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?_Getcat@?$codecvt@GDU_Mbstatet@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?_Getcat@?$codecvt@_SDU_Mbstatet@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?_Getcat@?$codecvt@_UDU_Mbstatet@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?_Getcat@?$codecvt@_WDU_Mbstatet@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?_Getcat@?$ctype@D@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?_Getcat@?$ctype@G@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?_Getcat@?$ctype@_W@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?_Getcat@?$num_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?_Getcat@?$num_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?_Getcat@?$num_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?_Getcat@?$num_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?_Getcat@?$num_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?_Getcat@?$num_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?_Getcat@?$time_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?_Getcat@?$time_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?_Getcat@?$time_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?_Getcat@?$time_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?_Getcat@?$time_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?_Getcat@?$time_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?_Getcat@facet@locale@std@@SAIPAPBV123@PBV23@@Z
?_Getcoll@_Locinfo@std@@QBE?AU_Collvec@@XZ
?_Getctype@_Locinfo@std@@QBE?AU_Ctypevec@@XZ
?_Getcvt@_Locinfo@std@@QBE?AU_Cvtvec@@XZ
?_Getdateorder@_Locinfo@std@@QBEHXZ
?_Getdays@_Locinfo@std@@QBEPBDXZ
?_Getfalse@_Locinfo@std@@QBEPBDXZ
?_Getffld@?$num_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@ABAHPADAAV?$istreambuf_iterator@DU?$char_traits@D@std@@@2@1AAVios_base@2@PAH@Z
?_Getffld@?$num_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@ABAHPADAAV?$istreambuf_iterator@GU?$char_traits@G@std@@@2@1AAVios_base@2@PAH@Z
?_Getffld@?$num_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@ABAHPADAAV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@2@1AAVios_base@2@PAH@Z
?_Getffldx@?$num_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@ABAHPADAAV?$istreambuf_iterator@DU?$char_traits@D@std@@@2@1AAVios_base@2@PAH@Z
?_Getffldx@?$num_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@ABAHPADAAV?$istreambuf_iterator@GU?$char_traits@G@std@@@2@1AAVios_base@2@PAH@Z
?_Getffldx@?$num_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@ABAHPADAAV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@2@1AAVios_base@2@PAH@Z
?_Getfmt@?$time_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@IBE?AV?$istreambuf_iterator@DU?$char_traits@D@std@@@2@V32@0AAVios_base@2@AAHPAUtm@@PBD@Z
?_Getfmt@?$time_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@IBE?AV?$istreambuf_iterator@GU?$char_traits@G@std@@@2@V32@0AAVios_base@2@AAHPAUtm@@PBD@Z
?_Getfmt@?$time_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@IBE?AV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@2@V32@0AAVios_base@2@AAHPAUtm@@PBD@Z
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ
?_Getifld@?$num_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@ABAHPADAAV?$istreambuf_iterator@DU?$char_traits@D@std@@@2@1HABVlocale@2@@Z
?_Getifld@?$num_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@ABAHPADAAV?$istreambuf_iterator@GU?$char_traits@G@std@@@2@1HABVlocale@2@@Z
?_Getifld@?$num_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@ABAHPADAAV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@2@1HABVlocale@2@@Z
?_Getint@?$time_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@ABAHAAV?$istreambuf_iterator@DU?$char_traits@D@std@@@2@0HHAAHABV?$ctype@D@2@@Z
?_Getint@?$time_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@ABAHAAV?$istreambuf_iterator@GU?$char_traits@G@std@@@2@0HHAAHABV?$ctype@G@2@@Z
?_Getint@?$time_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@ABAHAAV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@2@0HHAAHABV?$ctype@_W@2@@Z
?_Getlconv@_Locinfo@std@@QBEPBUlconv@@XZ
?_Getmonths@_Locinfo@std@@QBEPBDXZ
?_Getname@_Locinfo@std@@QBEPBDXZ
?_Getptr@_Timevec@std@@QBEPAXXZ
?_Gettnames@_Locinfo@std@@QBE?AV_Timevec@2@XZ
?_Gettrue@_Locinfo@std@@QBEPBDXZ
?_Gnavail@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBE_JXZ
?_Gnavail@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IBE_JXZ
?_Gnavail@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IBE_JXZ
?_Gndec@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
?_Gndec@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IAEPAGXZ
?_Gndec@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAEPA_WXZ
?_Gninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
?_Gninc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IAEPAGXZ
?_Gninc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAEPA_WXZ
?_Gnpreinc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
?_Gnpreinc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IAEPAGXZ
?_Gnpreinc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAEPA_WXZ
?_Id_cnt@id@locale@std@@0HA
?_Ifmt@?$num_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@ABAPADPADPBDH@Z
?_Ifmt@?$num_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@ABAPADPADPBDH@Z
?_Ifmt@?$num_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@ABAPADPADPBDH@Z
?_Incref@facet@locale@std@@UAEXXZ
?_Index@ios_base@std@@0HA

Sections

.text
Size: 383KB - Virtual size: 383KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 52B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1016B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
List of suspected clients/ptMgr.dll
.dll windows:6 windows x86 arch:x86

37b4b73bad2a803a7fcbbe9cde204fe0

Code Sign

01:99:3e:38:97:0d:e6:08:8d:e6:b6:cb:39:bb:ee:24
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

06-03-2020 00:00

Not After

07-02-2023 12:00

Subject

CN=Cisco WebEx LLC,O=Cisco WebEx LLC,L=San Jose,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22-10-2013 12:00

Not After

22-10-2028 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

Issuer

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22-10-2014 00:00

Not After

22-10-2024 00:00

Subject

CN=DigiCert Timestamp Responder,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10-11-2006 00:00

Not After

10-11-2021 00:00

Subject

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageEmailProtection
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:99:3e:38:97:0d:e6:08:8d:e6:b6:cb:39:bb:ee:24
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

06-03-2020 00:00

Not After

07-02-2023 12:00

Subject

CN=Cisco WebEx LLC,O=Cisco WebEx LLC,L=San Jose,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22-10-2013 12:00

Not After

22-10-2028 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

04:cd:3f:85:68:ae:76:c6:1b:b0:fe:71:60:cc:a7:6d
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-10-2019 00:00

Not After

17-10-2030 00:00

Subject

CN=TIMESTAMP-SHA256-2019-10-15,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07-01-2016 12:00

Not After

07-01-2031 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

fe:a6:d7:76:39:0f:f4:c7:e6:03:35:6d:a3:86:5d:43:68:d7:52:ed:ec:a6:ab:2d:fc:94:37:23:33:d9:30:46
Signer

Actual PE Digest

fe:a6:d7:76:39:0f:f4:c7:e6:03:35:6d:a3:86:5d:43:68:d7:52:ed:ec:a6:ab:2d:fc:94:37:23:33:d9:30:46

Digest Algorithm

sha256

PE Digest Matches

true

ff:d5:6f:45:d7:9c:03:91:86:60:10:20:81:8b:67:e3:08:e2:24:a4
Signer

Actual PE Digest

ff:d5:6f:45:d7:9c:03:91:86:60:10:20:81:8b:67:e3:08:e2:24:a4

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

O:\webex-productivitytools\output\maps\release\pt\ptMgr.pdb

Imports

wcldll

wclGetHWND
gxGetApp20191127
wclScreenToClientI
wclClientToScreenI
wclGetWindowText
gxTextCreate
wclSubclassMgr
wclUpdateWindow
wclDoDialogBox
wclGetDlgItem
wclGetDlgCtrlObjectID
wclGetParent
at_mem_cpy
wclUnsubclassWindow
wclSubclassWindow
wclSetWindowPos
wclGetStyle
wclGetWindowRect
wclEnableWindow
wclSendMessage
wclGetApp20191211
wclUnsubclassMgr
wclEndDialog
at_wstr_len

comctl32

ord17

wininet

HttpSendRequestA
InternetSetOptionA
InternetQueryOptionA
InternetReadFileExW
InternetReadFileExA
InternetCrackUrlW
InternetErrorDlg
InternetConnectA
HttpQueryInfoW
HttpSendRequestW
HttpOpenRequestW
InternetQueryOptionW
InternetReadFile
InternetOpenA
InternetConnectW
InternetCloseHandle
InternetOpenW
InternetCrackUrlA
InternetSetOptionW
HttpQueryInfoA
HttpOpenRequestA

version

VerQueryValueA
GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

crypt32

CertFreeCertificateContext
CryptVerifyMessageSignature
CryptUnprotectData
CryptProtectData
CertVerifyCertificateChainPolicy
CertFreeCertificateChain
CertGetCertificateChain
CertGetNameStringW
CertComparePublicKeyInfo

imagehlp

ImageEnumerateCertificates
ImageGetCertificateHeader
ImageGetCertificateData

kernel32

SetEnvironmentVariableW
CreateThread
TerminateThread
DeleteFileW
GetWindowsDirectoryW
CopyFileW
GetDriveTypeW
GetFileAttributesExW
SetFileAttributesW
GetCurrentThread
lstrcmpiW
MoveFileExW
RemoveDirectoryW
DebugBreak
MoveFileW
InitializeCriticalSection
lstrcatW
SetProcessWorkingSetSize
GetLongPathNameW
GetPrivateProfileStringW
GetModuleHandleA
SetEvent
ResetEvent
CreateEventW
WaitForMultipleObjects
GlobalUnlock
GlobalLock
lstrcmpW
GlobalHandle
DecodePointer
DisableThreadLibraryCalls
SetThreadUILanguage
GetFileTime
GetFullPathNameW
SystemTimeToTzSpecificLocalTime
WritePrivateProfileStringW
IsDBCSLeadByteEx
ReleaseMutex
CreateMutexW
Sleep
FreeLibraryAndExitThread
GetTempPathW
ExpandEnvironmentStringsW
GetTickCount64
TzSpecificLocalTimeToSystemTime
GetLogicalDriveStringsW
QueryDosDeviceW
SetEndOfFile
QueryPerformanceCounter
QueryPerformanceFrequency
OpenEventW
CreateFileMappingW
OpenFileMappingW
MapViewOfFile
FlushViewOfFile
UnmapViewOfFile
OpenFile
GetOEMCP
LoadLibraryA
lstrcpyA
lstrcatA
GetWindowsDirectoryA
GetPrivateProfileIntW
ResumeThread
CreateEventA
GetSystemTimes
K32GetProcessMemoryInfo
GetDiskFreeSpaceExW
GlobalMemoryStatusEx
CreateFileMappingA
OpenFileMappingA
CompareFileTime
GetProfileIntW
IsProcessInJob
CancelSynchronousIo
CreatePipe
SetHandleInformation
GetFileInformationByHandle
CreateHardLinkW
CreateDirectoryExW
DeviceIoControl
AreFileApisANSI
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
GetCurrentThreadId
WaitForSingleObjectEx
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
EncodePointer
HeapAlloc
HeapFree
GetProcessHeap
InterlockedPopEntrySList
InterlockedPushEntrySList
FlushInstructionCache
VirtualAlloc
VirtualFree
LoadLibraryExA
GetTempFileNameW
GetCommandLineA
GetCommandLineW
CreateDirectoryA
CreateFileA
DeleteFileA
FindFirstFileA
FindNextFileA
GetFileAttributesA
SetFileAttributesA
SetFilePointerEx
GetTempPathA
GetTempFileNameA
OpenEventA
GetVersionExA
GetPrivateProfileIntA
GetPrivateProfileStringA
WritePrivateProfileStringA
CopyFileA
MoveFileExA
EnumSystemGeoID
GetUserGeoID
GetProcessId
ReadProcessMemory
GetGeoInfoW
FormatMessageW
FileTimeToLocalFileTime
FindFirstFileExW
GetCurrentDirectoryW
SetCurrentDirectoryW
DeleteCriticalSection
GetTickCount
GetEnvironmentVariableW
OutputDebugStringA
OutputDebugStringW
VirtualQuery
FreeLibrary
GetModuleFileNameA
GetModuleFileNameW
GetModuleHandleW
GetProcAddress
LoadLibraryExW
IsBadReadPtr
GetLastError
LocalFree
lstrlenA
MultiByteToWideChar
WideCharToMultiByte
CreateFileW
GetFileSize
ReadFile
SetFilePointer
WriteFile
CloseHandle
lstrcmpiA
FindClose
FindFirstFileW
GetShortPathNameW
WaitForSingleObject
TerminateProcess
GetExitCodeProcess
CreateProcessW
ProcessIdToSessionId
OpenProcess
GetSystemDirectoryW
LoadLibraryW
GlobalAlloc
GlobalFree
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
Module32FirstW
GetSystemTime
InitializeCriticalSectionEx
LeaveCriticalSection
EnterCriticalSection
SetLastError
GetUserDefaultLCID
GetLocaleInfoW
GetTimeFormatW
GetDateFormatW
GetTimeZoneInformation
SystemTimeToFileTime
FileTimeToSystemTime
GetLocalTime
GetSystemTimeAsFileTime
RaiseException
FindResourceW
SizeofResource
InitializeCriticalSectionAndSpinCount
LockResource
LoadResource
lstrcpynW
LocalAlloc
GetCurrentProcess
lstrlenW
lstrcpyW
GetFileAttributesW
FindNextFileW
CreateDirectoryW
MulDiv
GetVersionExW
GetCurrentProcessId
SetFileTime

user32

ReleaseCapture
GetFocus
MoveWindow
IsChild
FindWindowExW
SendMessageTimeoutW
RegisterWindowMessageW
SetCursor
IsWindowEnabled
FindWindowW
CharNextW
wvsprintfW
wsprintfW
GetMonitorInfoW
MonitorFromWindow
LoadImageW
CreateAcceleratorTableW
DestroyAcceleratorTable
SetForegroundWindow
InvalidateRgn
RedrawWindow
GetWindowTextLengthW
SetWindowContextHelpId
IsWindowVisible
ClientToScreen
FillRect
GetDesktopWindow
GetClassNameW
MapDialogRect
DialogBoxIndirectParamW
MonitorFromPoint
GetMessageW
AttachThreadInput
BringWindowToTop
DialogBoxParamW
GetActiveWindow
GetForegroundWindow
GetWindowThreadProcessId
SetActiveWindow
SetWindowsHookExW
UnhookWindowsHookEx
SendMessageA
LoadIconW
GetWindow
GetParent
GetSysColor
MapWindowPoints
GetWindowRect
CallNextHookEx
IsDialogMessageW
CharUpperW
RegisterClassW
MessageBoxW
GetShellWindow
FindWindowExA
GetPropW
GetPropA
ScreenToClient
TranslateMessage
DispatchMessageW
PeekMessageW
PostQuitMessage
MsgWaitForMultipleObjects
GetDC
ReleaseDC
SendMessageW
IsWindow
DefWindowProcW
CallWindowProcW
UnregisterClassW
RegisterClassExW
GetClassInfoExW
CreateWindowExW
DestroyWindow
SetTimer
KillTimer
GetWindowLongW
SetWindowLongW
GetClientRect
GetWindowTextW
SetWindowTextW
InvalidateRect
EndPaint
BeginPaint
UpdateWindow
DrawTextW
GetSystemMetrics
EnableWindow
SetCapture
GetCapture
SetFocus
GetDlgItemTextW
SetDlgItemTextW
GetDlgItem
EndDialog
SetWindowPos
ShowWindow
PostMessageW
LoadStringW
LoadCursorW

gdi32

CreateCompatibleDC
CreateCompatibleBitmap
BitBlt
GetObjectW
CreateFontIndirectW
GetTextExtentPoint32W
SetTextColor
SetBkMode
SetBkColor
SelectObject
DeleteObject
DeleteDC
CreateSolidBrush
CreatePen
CreateFontW
GetDeviceCaps
GetStockObject

advapi32

OpenThreadToken
RegOpenKeyW
RegOpenKeyExW
RegQueryValueW
CreateProcessAsUserW
RegCreateKeyA
RegCreateKeyW
RegCreateKeyExA
RegDeleteKeyA
RegDeleteValueA
OpenProcessToken
DuplicateTokenEx
GetTokenInformation
LookupAccountSidW
GetUserNameW
CreateProcessWithTokenW
RegEnumKeyExA
RegEnumValueA
RegFlushKey
RegOpenKeyA
RegOpenKeyExA
RegQueryInfoKeyA
RegQueryValueA
RegQueryValueExA
RegDeleteKeyW
CryptAcquireContextW
CryptReleaseContext
CryptDeriveKey
ConvertStringSecurityDescriptorToSecurityDescriptorW
SetTokenInformation
GetLengthSid
RegDeleteTreeW
CryptGetHashParam
CryptCreateHash
CryptHashData
CryptDestroyHash
RegDeleteTreeA
RegSetValueExA
RegSetValueW
CryptDecrypt
RegSetValueA
CryptEncrypt
CryptImportKey
CryptExportKey
CryptGetUserKey
CryptDestroyKey
CryptGenKey
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
GetSecurityDescriptorSacl
RegCopyTreeW
SetFileSecurityW
RevertToSelf
ImpersonateSelf
GetSidSubAuthorityCount
GetSidSubAuthority
GetFileSecurityW
AccessCheck
SetNamedSecurityInfoW
GetNamedSecurityInfoW
SetEntriesInAclW
RegSetValueExW
RegQueryValueExW
RegQueryInfoKeyW
RegEnumValueW
RegEnumKeyExW
RegDeleteValueW
RegCreateKeyExW
LookupPrivilegeValueW
MapGenericMask
GetSecurityDescriptorDacl
FreeSid
EqualSid
DuplicateToken
AllocateAndInitializeSid
AdjustTokenPrivileges
RegCloseKey

shell32

SHGetMalloc
SHGetPathFromIDListA
SHGetSpecialFolderLocation
SHGetPathFromIDListW
ShellExecuteExW
SHFileOperationW
ShellExecuteW
ShellExecuteExA
CommandLineToArgvW
SHGetSpecialFolderPathW

ole32

CLSIDFromProgID
CoCreateInstance
CoTaskMemAlloc
OleInitialize
CLSIDFromString
OleLockRunning
CoTaskMemRealloc
CoCreateGuid
CoSetProxyBlanket
CoGetClassObject
CoInitialize
CreateStreamOnHGlobal
CoUninitialize
CoTaskMemFree
OleUninitialize
OleRun
StringFromGUID2

oleaut32

VarUI4FromStr
OleCreateFontIndirect
LoadRegTypeLi
LoadTypeLi
SafeArrayCreateVector
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayDestroy
VariantTimeToSystemTime
SystemTimeToVariantTime
VarBstrCmp
VariantChangeType
VariantCopy
VariantClear
VariantInit
SysAllocStringByteLen
SysStringByteLen
SysStringLen
SysAllocStringLen
SafeArrayUnlock
SysAllocString
GetErrorInfo
SetErrorInfo
CreateErrorInfo
SafeArrayLock
SysFreeString

msvcp140

?pbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXH@Z
?_Pnavail@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBE_JXZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXXZ
?_Fiopen@std@@YAPAU_iobuf@@PBDHH@Z
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?tie@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEPAV?$basic_ostream@DU?$char_traits@D@std@@@2@XZ
?pbase@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAD0@Z
?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEPAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ
?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDXZ
?eback@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?egptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAD00@Z
?epptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAD00@Z
?rdstate@ios_base@std@@QBEHXZ
_Strxfrm
?_Xregex_error@std@@YAXW4error_type@regex_constants@1@@Z
?id@?$ctype@D@std@@2V0locale@2@A
?id@?$collate@D@std@@2V0locale@2@A
_Strcoll
?c_str@?$_Yarn@D@std@@QBEPBDXZ
?_Getcat@?$ctype@D@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?tolower@?$ctype@D@std@@QBEPBDPADPBD@Z
?tolower@?$ctype@D@std@@QBEDD@Z
?is@?$ctype@D@std@@QBE_NFD@Z
??1facet@locale@std@@MAE@XZ
??0facet@locale@std@@IAE@I@Z
?_Decref@facet@locale@std@@UAEPAV_Facet_base@3@XZ
?_Incref@facet@locale@std@@UAEXXZ
?_Getmonths@_Locinfo@std@@QBEPBDXZ
?_Gnavail@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBE_JXZ
?_Getcoll@_Locinfo@std@@QBE?AU_Collvec@@XZ
??0_Locinfo@std@@QAE@PBD@Z
_Xtime_get_ticks
?_Fiopen@std@@YAPAU_iobuf@@PBGHH@Z
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAPAD0PAH001@Z
?get@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEHXZ
?peek@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEHXZ
_Cnd_register_at_thread_exit
_Cnd_unregister_at_thread_exit
?_Gndec@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QBE?AVlocale@2@XZ
??7ios_base@std@@QBE_NXZ
??Bios_base@std@@QBE_NXZ
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PAD1AAPAD@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z
?in@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z
?always_noconv@codecvt_base@std@@QBE_NXZ
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AAN@Z
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QAE_N_N@Z
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UAE@XZ
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
?_Winerror_message@std@@YAKKPADK@Z
?_Winerror_map@std@@YAHH@Z
?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@PBD_J@Z
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?_Throw_future_error@std@@YAXABVerror_code@1@@Z
?_Rethrow_future_exception@std@@YAXVexception_ptr@1@@Z
?__ExceptionPtrCopyException@@YAXPAXPBX1@Z
?_Getdays@_Locinfo@std@@QBEPBDXZ
?_Gninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
_Thrd_detach
?_Xinvalid_argument@std@@YAXPBD@Z
?_XGetLastError@std@@YAXXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?__ExceptionPtrRethrow@@YAXPBX@Z
?__ExceptionPtrCurrentException@@YAXPAX@Z
?__ExceptionPtrToBool@@YA_NPBX@Z
?__ExceptionPtrAssign@@YAXPAXPBX@Z
?__ExceptionPtrCopy@@YAXPAXPBX@Z
?__ExceptionPtrDestroy@@YAXPAX@Z
?__ExceptionPtrCreate@@YAXPAX@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@_N@Z
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?_Syserror_map@std@@YAPBDH@Z
?_Execute_once@std@@YAHAAUonce_flag@1@P6GHPAX1PAPAX@Z1@Z
?_Throw_Cpp_error@std@@YAXH@Z
?_Throw_C_error@std@@YAXH@Z
_Cnd_do_broadcast_at_thread_exit
_Cnd_signal
_Cnd_broadcast
_Cnd_wait
_Cnd_destroy_in_situ
_Cnd_init_in_situ
_Cnd_destroy
_Cnd_init
_Mtx_unlock
_Mtx_lock
?_Xlength_error@std@@YAXPBD@Z
?id@?$codecvt@GDU_Mbstatet@@@std@@2V0locale@2@A
??0_Lockit@std@@QAE@H@Z
??1_Lockit@std@@QAE@XZ
?uncaught_exception@std@@YA_NXZ
?_Xbad_alloc@std@@YAXXZ
?_Xout_of_range@std@@YAXPBD@Z
?_Xruntime_error@std@@YAXPBD@Z
_Mbrtowc
??0_Locinfo@std@@QAE@HPBD@Z
??1_Locinfo@std@@QAE@XZ
?_Getcvt@_Locinfo@std@@QBE?AU_Cvtvec@@XZ
?_W_Getdays@_Locinfo@std@@QBEPBGXZ
?_W_Getmonths@_Locinfo@std@@QBEPBGXZ
??4?$_Yarn@D@std@@QAEAAV01@PBD@Z
??Bid@locale@std@@QAEIXZ
?_New_Locimp@_Locimp@locale@std@@CAPAV123@_N@Z
?_Makeloc@_Locimp@locale@std@@CAPAV123@ABV_Locinfo@3@HPAV123@PBV23@@Z
?_Init@locale@std@@CAPAV_Locimp@12@_N@Z
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ
?_Getcat@?$codecvt@GDU_Mbstatet@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UAE@XZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEXABVlocale@2@@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEPAV12@PAD_J@Z
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
_Mtx_destroy_in_situ
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
?good@ios_base@std@@QBE_NXZ
?flags@ios_base@std@@QBEHXZ
?setf@ios_base@std@@QAEHH@Z
?setf@ios_base@std@@QAEHHH@Z
?width@ios_base@std@@QBE_JXZ
?width@ios_base@std@@QAE_J_J@Z
?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?gbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXH@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAVios_base@1@AAV21@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@G@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@H@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@I@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@J@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@K@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@_J@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@_K@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@N@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@PBX@Z
?setiosflags@std@@YA?AU?$_Smanip@H@1@H@Z
?setprecision@std@@YA?AU?$_Smanip@_J@1@_J@Z
?setw@std@@YA?AU?$_Smanip@_J@1@_J@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAVios_base@1@AAV21@@Z@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AAK@Z
?_Xbad_function_call@std@@YAXXZ
_Thrd_start
_Thrd_join
_Thrd_id
_Mtx_init
_Mtx_destroy
_Mtx_init_in_situ

shlwapi

PathFileExistsA
SHDeleteKeyA
StrChrA
PathAppendW
StrCmpNW
StrStrIA
StrTrimA
StrRChrW
PathRemoveBackslashW
PathIsDirectoryW
PathAddBackslashW
SHDeleteKeyW
StrStrW
PathGetDriveNumberW
PathBuildRootW
StrCmpIW
StrCmpW
wnsprintfW
PathFindFileNameW
PathRemoveFileSpecW
PathQuoteSpacesW
StrCpyW
PathFileExistsW
PathCombineW
StrChrW

msi

ord205

wtsapi32

WTSQuerySessionInformationW
WTSEnumerateSessionsW
WTSFreeMemory
WTSQueryUserToken

psapi

GetModuleFileNameExW
EnumProcesses

netapi32

NetWkstaGetInfo
NetApiBufferFree

rpcrt4

UuidCreateSequential

sensapi

IsNetworkAlive

vcruntime140

_except_handler4_common
strstr
strchr
__std_type_info_compare
wcsstr
wcsrchr
wcschr
__std_type_info_name
__std_exception_destroy
__std_exception_copy
memchr
__std_terminate
memcmp
memset
_purecall
_CxxThrowException
__CxxFrameHandler3
memmove
memcpy
__std_type_info_destroy_list
__RTDynamicCast

api-ms-win-crt-runtime-l1-1-0

_invalid_parameter_noinfo
_initterm_e
_execute_onexit_table
_beginthreadex
_seh_filter_dll
_invalid_parameter_noinfo_noreturn
_crt_atexit
_crt_at_quick_exit
_errno
_register_onexit_function
_initialize_narrow_environment
_cexit
_initialize_onexit_table
_initterm
terminate
_configure_narrow_argv

api-ms-win-crt-string-l1-1-0

wcslen
strnlen
strcmp
tolower
iswspace
isspace
wcsncpy_s
wcsnlen
strpbrk
strcat
_wcsicmp
toupper
strncmp
_wcsnicmp
isalnum
wcscat_s
wcscpy_s
iswdigit
_wcsrev
_wcslwr
wcstok_s
_wcsupr
towlower
isalpha
isdigit
_strnicmp
towupper
strlen
strncpy_s

api-ms-win-crt-convert-l1-1-0

wcstol
_itow
atoi
_atoi64
atof
atol
_wtoi
_i64tow
wcstoul
_wtol
_wtoi64
_wtoll

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vswprintf
__stdio_common_vfprintf
_wfopen
__stdio_common_vswprintf_s
fclose
_get_stream_buffer_pointers
fflush
fgetc
fseek
fwrite
fread
__stdio_common_vswscanf
ungetc
__stdio_common_vsprintf_s
fgetpos
fputc
__stdio_common_vsnprintf_s
__stdio_common_vsprintf
fsetpos
_fseeki64
_wfopen_s
fopen_s
ferror
setvbuf
__stdio_common_vsnwprintf_s
ftell
__acrt_iob_func
__stdio_common_vsscanf

api-ms-win-crt-heap-l1-1-0

_callnewh
calloc
_recalloc
realloc
free
malloc

api-ms-win-crt-filesystem-l1-1-0

_unlock_file
_waccess
_wrename
_wmakepath
_wsplitpath_s
_lock_file
_wsplitpath
_access

api-ms-win-crt-time-l1-1-0

_gmtime64_s
_localtime64_s
_tzset
__timezone
_localtime64
_time64
__daylight
_ftime64
wcsftime
clock
_difftime64
strftime
asctime_s
_mktime64

api-ms-win-crt-utility-l1-1-0

srand
abs
labs
qsort
rand

api-ms-win-crt-math-l1-1-0

_except1
_dtest
modf

api-ms-win-crt-locale-l1-1-0

___lc_codepage_func
localeconv

api-ms-win-crt-environment-l1-1-0

getenv
_dupenv_s
_wgetenv

wintrust

WinVerifyTrust

urlmon

ObtainUserAgentString

authz

AuthzFreeResourceManager
AuthzInitializeResourceManager
AuthzInitializeContextFromToken
AuthzFreeContext
AuthzAccessCheck

Exports

Exports

AddMetricValueLong
AddMetricValueString
CreatePTMgr
DestroyMeetingServiceFactory
GetMeetingServiceFactory
GetMetricsID
InitTelemetry
RetrieveTelemetryInfo
SendMetrics
UnInitTelemetry

Sections

.text
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 610KB - Virtual size: 610KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 44KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 116KB - Virtual size: 115KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
List of suspected clients/ptSrv.exe
.exe windows:6 windows x86 arch:x86

47bd48aad101666476039d5dc021c38d

Code Sign

01:99:3e:38:97:0d:e6:08:8d:e6:b6:cb:39:bb:ee:24
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

06-03-2020 00:00

Not After

07-02-2023 12:00

Subject

CN=Cisco WebEx LLC,O=Cisco WebEx LLC,L=San Jose,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22-10-2013 12:00

Not After

22-10-2028 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

Issuer

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22-10-2014 00:00

Not After

22-10-2024 00:00

Subject

CN=DigiCert Timestamp Responder,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10-11-2006 00:00

Not After

10-11-2021 00:00

Subject

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageEmailProtection
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:99:3e:38:97:0d:e6:08:8d:e6:b6:cb:39:bb:ee:24
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

06-03-2020 00:00

Not After

07-02-2023 12:00

Subject

CN=Cisco WebEx LLC,O=Cisco WebEx LLC,L=San Jose,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22-10-2013 12:00

Not After

22-10-2028 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

04:cd:3f:85:68:ae:76:c6:1b:b0:fe:71:60:cc:a7:6d
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-10-2019 00:00

Not After

17-10-2030 00:00

Subject

CN=TIMESTAMP-SHA256-2019-10-15,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07-01-2016 12:00

Not After

07-01-2031 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

71:af:36:f9:e9:ea:16:a6:35:24:8c:6c:f8:a0:c3:5f:04:5e:fd:95:7d:f4:ed:f6:fb:33:1b:c5:69:85:ff:00
Signer

Actual PE Digest

71:af:36:f9:e9:ea:16:a6:35:24:8c:6c:f8:a0:c3:5f:04:5e:fd:95:7d:f4:ed:f6:fb:33:1b:c5:69:85:ff:00

Digest Algorithm

sha256

PE Digest Matches

true

fa:a9:97:e2:3e:1a:96:65:a6:36:26:5f:d4:47:92:f1:db:f0:11:fd
Signer

Actual PE Digest

fa:a9:97:e2:3e:1a:96:65:a6:36:26:5f:d4:47:92:f1:db:f0:11:fd

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

O:\webex-productivitytools\output\maps\release\pt\ptSrv.pdb

Imports

kernel32

GetModuleFileNameW
GetModuleHandleW
GetProcAddress
LoadLibraryExW
LoadResource
LockResource
SizeofResource
FindResourceW
LoadLibraryA
LoadLibraryW
LocalAlloc
LocalFree
lstrcmpiW
lstrcpynW
lstrlenA
lstrlenW
IsBadReadPtr
MultiByteToWideChar
DeleteFileW
GetTempPathW
SetUnhandledExceptionFilter
HeapAlloc
HeapFree
GetModuleFileNameA
GetCurrentProcessId
ExitProcess
GetCurrentThread
GetSystemTime
SetLastError
InitializeCriticalSection
FreeLibrary
GetSystemTimeAsFileTime
QueryPerformanceCounter
GetStartupInfoW
TerminateProcess
UnhandledExceptionFilter
WaitForSingleObjectEx
ResetEvent
WideCharToMultiByte
LoadLibraryExA
VirtualFree
VirtualAlloc
IsProcessorFeaturePresent
FlushInstructionCache
InterlockedPushEntrySList
InterlockedPopEntrySList
InitializeSListHead
EncodePointer
IsDebuggerPresent
VirtualQuery
GetVersionExW
GetSystemDirectoryW
OpenProcess
ProcessIdToSessionId
GetCurrentThreadId
CreateThread
GetCurrentProcess
Sleep
CreateEventW
WaitForSingleObject
SetEvent
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
GetLastError
RaiseException
CloseHandle
DecodePointer
OutputDebugStringW
OutputDebugStringA
WriteFile
ReadFile
GetFileSize
CreateFileW
GetEnvironmentVariableW
GetProcessHeap
GetCommandLineW

user32

IsWindowVisible
GetMessageW
TranslateMessage
DestroyWindow
LoadCursorW
GetClassNameW
FindWindowW
SetWindowLongW
GetWindowLongW
GetWindowTextW
CreateWindowExW
GetClassInfoExW
DispatchMessageW
SendMessageW
PostThreadMessageW
MessageBoxW
EnumThreadWindows
IsWindow
wvsprintfW
UnregisterClassW
PostMessageW
DefWindowProcW
PostQuitMessage
CallWindowProcW
CharNextW
RegisterClassExW

advapi32

RegOpenKeyExW
RegEnumValueW
RegEnumKeyExW
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
RegCloseKey
GetUserNameW
LookupPrivilegeValueW
MapGenericMask
GetTokenInformation
GetSecurityDescriptorDacl
FreeSid
EqualSid
DuplicateToken
AllocateAndInitializeSid
AdjustTokenPrivileges
AccessCheck
OpenProcessToken
RegQueryInfoKeyW
RegQueryValueExW
RegSetValueExW
SetEntriesInAclW
GetNamedSecurityInfoW
SetNamedSecurityInfoW
OpenThreadToken
GetFileSecurityW
ImpersonateSelf
RevertToSelf

ole32

CoTaskMemRealloc
CoTaskMemAlloc
StringFromGUID2
CoCreateInstance
CoUninitialize
CoRegisterClassObject
CoTaskMemFree
CoInitialize
CoRevokeClassObject

oleaut32

GetErrorInfo
VariantChangeType
SetErrorInfo
SysAllocString
SysFreeString
SysStringLen
SysStringByteLen
SysAllocStringByteLen
GetActiveObject
RevokeActiveObject
RegisterActiveObject
UnRegisterTypeLi
RegisterTypeLi
LoadRegTypeLi
LoadTypeLi
VarUI4FromStr
VariantClear
VariantInit
CreateErrorInfo

shlwapi

PathCombineW
StrRChrW
PathFindFileNameW
PathRemoveFileSpecW
PathAppendW
wnsprintfW
PathFileExistsW

msvcp140

?_Osfx@?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEXXZ
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
?fill@?$basic_ios@GU?$char_traits@G@std@@@std@@QBEGXZ
?flush@?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEAAV12@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@D@Z
?put@?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEAAV12@G@Z
?widen@?$basic_ios@GU?$char_traits@G@std@@@std@@QBEGD@Z
?rdbuf@?$basic_ios@GU?$char_traits@G@std@@@std@@QBEPAV?$basic_streambuf@GU?$char_traits@G@std@@@2@XZ
?tie@?$basic_ios@GU?$char_traits@G@std@@@std@@QBEPAV?$basic_ostream@GU?$char_traits@G@std@@@2@XZ
?setstate@?$basic_ios@GU?$char_traits@G@std@@@std@@QAEXH_N@Z
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDD@Z
?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDXZ
?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEPAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ
?tie@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEPAV?$basic_ostream@DU?$char_traits@D@std@@@2@XZ
?sputn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QAE_JPBG_J@Z
?sputc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QAEGG@Z
?wcout@std@@3V?$basic_ostream@GU?$char_traits@G@std@@@1@A
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEPAV12@PAD_J@Z
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEXABVlocale@2@@Z
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?setw@std@@YA?AU?$_Smanip@_J@1@_J@Z
?setprecision@std@@YA?AU?$_Smanip@_J@1@_J@Z
?setiosflags@std@@YA?AU?$_Smanip@H@1@H@Z
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UAE@XZ
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@PBX@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@N@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@_K@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@_J@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@K@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@J@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@I@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@H@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@G@Z
?uncaught_exception@std@@YA_NXZ
?_Xbad_alloc@std@@YAXXZ
?_Xlength_error@std@@YAXPBD@Z
?_Xout_of_range@std@@YAXPBD@Z
_Mbrtowc
?_Getcvt@_Locinfo@std@@QBE?AU_Cvtvec@@XZ
?_W_Getdays@_Locinfo@std@@QBEPBGXZ
?_W_Getmonths@_Locinfo@std@@QBEPBGXZ
?good@ios_base@std@@QBE_NXZ
?flags@ios_base@std@@QBEHXZ
?setf@ios_base@std@@QAEHH@Z
?setf@ios_base@std@@QAEHHH@Z
?width@ios_base@std@@QBE_JXZ
?width@ios_base@std@@QAE_J_J@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z
?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?gbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXH@Z
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAVios_base@1@AAV21@@Z@Z

psapi

EnumProcesses

wtsapi32

WTSFreeMemory
WTSQuerySessionInformationW

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

vcruntime140

memset
wcsstr
_CxxThrowException
__CxxFrameHandler3
_except_handler4_common
__std_exception_copy
__std_exception_destroy
__std_type_info_destroy_list
memmove
memcpy
__std_terminate
_purecall
memcmp

api-ms-win-crt-runtime-l1-1-0

_configure_narrow_argv
_initialize_narrow_environment
_initialize_onexit_table
_register_onexit_function
_execute_onexit_table
_seh_filter_dll
_crt_at_quick_exit
_cexit
_seh_filter_exe
_set_app_type
terminate
_configure_wide_argv
_initialize_wide_environment
_get_wide_winmain_command_line
_initterm
_initterm_e
exit
_exit
_invalid_parameter_noinfo
_c_exit
_register_thread_local_exe_atexit_callback
_invalid_parameter_noinfo_noreturn
_errno
_crt_atexit
_controlfp_s
_resetstkoflw

api-ms-win-crt-heap-l1-1-0

free
calloc
_callnewh
malloc
_recalloc
_set_new_mode

api-ms-win-crt-convert-l1-1-0

_wtoi

api-ms-win-crt-filesystem-l1-1-0

_wsplitpath

api-ms-win-crt-string-l1-1-0

iswdigit
strlen
_wcsupr
_wcslwr
_wcsrev
wcslen
wcsncpy_s
wcscpy_s
wcscat_s
tolower
iswspace

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vswprintf_s
__stdio_common_vsprintf_s
__stdio_common_vswprintf
_set_fmode
__p__commode

api-ms-win-crt-math-l1-1-0

__setusermatherr

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 93KB - Virtual size: 92KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 57KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
List of suspected clients/ptusredt.dll
.dll regsvr32 windows:6 windows x86 arch:x86

9c892fc79d438f0bdaf725d5688d03ae

Code Sign

01:99:3e:38:97:0d:e6:08:8d:e6:b6:cb:39:bb:ee:24
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

06-03-2020 00:00

Not After

07-02-2023 12:00

Subject

CN=Cisco WebEx LLC,O=Cisco WebEx LLC,L=San Jose,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22-10-2013 12:00

Not After

22-10-2028 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

Issuer

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22-10-2014 00:00

Not After

22-10-2024 00:00

Subject

CN=DigiCert Timestamp Responder,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10-11-2006 00:00

Not After

10-11-2021 00:00

Subject

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageEmailProtection
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:99:3e:38:97:0d:e6:08:8d:e6:b6:cb:39:bb:ee:24
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

06-03-2020 00:00

Not After

07-02-2023 12:00

Subject

CN=Cisco WebEx LLC,O=Cisco WebEx LLC,L=San Jose,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22-10-2013 12:00

Not After

22-10-2028 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

04:cd:3f:85:68:ae:76:c6:1b:b0:fe:71:60:cc:a7:6d
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-10-2019 00:00

Not After

17-10-2030 00:00

Subject

CN=TIMESTAMP-SHA256-2019-10-15,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07-01-2016 12:00

Not After

07-01-2031 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

72:ce:6f:81:ca:4e:f0:e6:92:41:37:bf:bd:06:9d:a7:96:14:8a:cc:1b:0a:04:18:4d:36:ac:0b:ad:b3:80:22
Signer

Actual PE Digest

72:ce:6f:81:ca:4e:f0:e6:92:41:37:bf:bd:06:9d:a7:96:14:8a:cc:1b:0a:04:18:4d:36:ac:0b:ad:b3:80:22

Digest Algorithm

sha256

PE Digest Matches

true

61:1f:d3:b4:ca:37:fd:b0:b4:04:3c:28:dc:39:c2:d3:19:ae:8e:41
Signer

Actual PE Digest

61:1f:d3:b4:ca:37:fd:b0:b4:04:3c:28:dc:39:c2:d3:19:ae:8e:41

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

O:\webex-productivitytools\output\maps\release\pt\ptusredt.pdb

Imports

wininet

InternetSetOptionW
InternetErrorDlg
InternetQueryOptionW

kernel32

GetCurrentProcess
GetLastError
FreeLibrary
SetLastError
LocalFree
InitializeCriticalSectionAndSpinCount
RaiseException
DecodePointer
MulDiv
GetModuleHandleW
lstrcmpiW
MultiByteToWideChar
SizeofResource
LoadResource
OutputDebugStringA
GetModuleFileNameW
lstrlenW
DisableThreadLibraryCalls
EncodePointer
GetConsoleMode
GetConsoleCP
WriteFile
FlushFileBuffers
SetStdHandle
GetStringTypeW
GetProcessHeap
GetProcAddress
LoadLibraryA
FindResourceW
GetCurrentThreadId
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
SetFilePointerEx
WriteConsoleW
CloseHandle
CreateFileW
LoadLibraryExW
LCMapStringW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
FindNextFileA
FindFirstFileExA
FindClose
HeapReAlloc
HeapSize
GetFileType
GetCommandLineA
GetCPInfo
GetOEMCP
IsDebuggerPresent
OutputDebugStringW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
GetStartupInfoW
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
InitializeSListHead
RtlUnwind
InterlockedFlushSList
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
ExitProcess
GetModuleHandleExW
GetModuleFileNameA
WideCharToMultiByte
HeapFree
HeapAlloc
GetACP
GetStdHandle
IsValidCodePage

user32

DrawTextW
GetDesktopWindow
GetWindowDC
ReleaseDC
GetDC
CharNextW

gdi32

GetTextExtentPointW
SelectObject
DeleteObject
GetDeviceCaps
CreateFontW

advapi32

RegDeleteValueW
RegCreateKeyExW
RegOpenKeyExW
RegEnumKeyExW
RegQueryInfoKeyW
RegCloseKey
RegDeleteKeyW
RegSetValueExW

ole32

OleRegGetUserType
CoTaskMemAlloc
CreateOleAdviseHolder
CoCreateInstance
StringFromGUID2
CoTaskMemRealloc
OleRegGetMiscStatus
OleRegEnumVerbs
CoTaskMemFree

oleaut32

SysStringLen
RegisterTypeLi
VarUI4FromStr
SysFreeString
SysAllocString
LoadTypeLi
UnRegisterTypeLi

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
HandleCaError
cannotContinueInternetCertError
hideInternetErrDlgProcOKBtn
hookInternetErrDlgProc
insertTrustCert
isTrustCert
needProcInternetCertError

Sections

.text
Size: 93KB - Virtual size: 92KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 42KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
List of suspected clients/ruffian.dbf
List of suspected clients/vcruntime140.dll
.dll windows:6 windows x86 arch:x86

fa315c9bc46ab41d4bc4e3f94023067f

Code Sign

33:00:00:00:c4:6e:76:d0:4d:3d:fe:a9:65:00:00:00:00:00:c4
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

07-09-2016 17:58

Not After

07-09-2018 17:58

Subject

CN=Microsoft Time-Stamp Service,OU=AOC+OU=nCipher DSE ESN:2137-37A0-4AAA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

33:00:00:01:78:25:5a:b5:cd:23:c6:5f:95:00:01:00:00:01:78
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

11-08-2017 20:11

Not After

11-08-2018 20:11

Subject

CN=Microsoft Corporation,OU=AOC,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:33:26:1a:00:00:00:00:00:31
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

31-08-2010 22:19

Not After

31-08-2020 22:29

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03-04-2007 12:53

Not After

03-04-2021 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:01:52:ed:89:4e:58:52:dd:bc:2f:00:00:00:00:01:52
Certificate

Issuer

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

18-01-2017 17:37

Not After

12-04-2018 17:37

Subject

CN=Microsoft Corporation,OU=AOC,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0c:52:4c:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

06-07-2010 20:40

Not After

06-07-2025 20:50

Subject

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

5f:b5:fc:55:e0:f5:b6:04:dd:eb:52:26:40:72:c9:53:d8:ca:66:21:25:8c:fa:bc:d4:5d:f7:02:8e:80:80:69
Signer

Actual PE Digest

5f:b5:fc:55:e0:f5:b6:04:dd:eb:52:26:40:72:c9:53:d8:ca:66:21:25:8c:fa:bc:d4:5d:f7:02:8e:80:80:69

Digest Algorithm

sha256

PE Digest Matches

true

48:e1:67:31:b7:50:da:f0:3c:61:10:13:0c:c4:8f:23:b6:28:e8:2a
Signer

Actual PE Digest

48:e1:67:31:b7:50:da:f0:3c:61:10:13:0c:c4:8f:23:b6:28:e8:2a

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

vcruntime140.i386.pdb

Imports

api-ms-win-crt-runtime-l1-1-0

abort
terminate

api-ms-win-crt-string-l1-1-0

strcpy_s
wcsncmp

api-ms-win-crt-heap-l1-1-0

malloc
_free_base
free
_malloc_base
_calloc_base

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vsprintf_s

api-ms-win-crt-convert-l1-1-0

atol

kernel32

LeaveCriticalSection
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
GetModuleHandleW
GetModuleFileNameW
LoadLibraryExW
TlsFree
TlsGetValue
FreeLibrary
RtlUnwind
VirtualQuery
EncodePointer
InterlockedFlushSList
InterlockedPushEntrySList
RaiseException
EnterCriticalSection
DeleteCriticalSection
SetLastError
GetLastError
TlsSetValue
InitializeCriticalSectionAndSpinCount
TlsAlloc
GetProcAddress

Exports

Exports

_CreateFrameInfo
_CxxThrowException
_EH_prolog
_FindAndUnlinkFrame
_IsExceptionObjectToBeDestroyed
_NLG_Dispatch2
_NLG_Return
_NLG_Return2
_SetWinRTOutOfMemoryExceptionCallback
__AdjustPointer
__BuildCatchObject
__BuildCatchObjectHelper
__CxxDetectRethrow
__CxxExceptionFilter
__CxxFrameHandler
__CxxFrameHandler2
__CxxFrameHandler3
__CxxLongjmpUnwind
__CxxQueryExceptionSize
__CxxRegisterExceptionObject
__CxxUnregisterExceptionObject
__DestructExceptionObject
__FrameUnwindFilter
__GetPlatformExceptionInfo
__RTCastToVoid
__RTDynamicCast
__RTtypeid
__TypeMatch
__current_exception
__current_exception_context
__intrinsic_setjmp
__processing_throw
__report_gsfailure
__std_exception_copy
__std_exception_destroy
__std_terminate
__std_type_info_compare
__std_type_info_destroy_list
__std_type_info_hash
__std_type_info_name
__telemetry_main_invoke_trigger
__telemetry_main_return_trigger
__unDName
__unDNameEx
__uncaught_exception
__uncaught_exceptions
__vcrt_GetModuleFileNameW
__vcrt_GetModuleHandleW
__vcrt_InitializeCriticalSectionEx
__vcrt_LoadLibraryExW
_chkesp
_except_handler2
_except_handler3
_except_handler4_common
_get_purecall_handler
_get_unexpected
_global_unwind2
_is_exception_typeof
_local_unwind2
_local_unwind4
_longjmpex
_purecall
_seh_longjmp_unwind
_seh_longjmp_unwind4
_set_purecall_handler
_set_se_translator
_setjmp3
longjmp
memchr
memcmp
memcpy
memmove
memset
set_unexpected
strchr
strrchr
strstr
unexpected
wcschr
wcsrchr
wcsstr

Sections

.text
Size: 58KB - Virtual size: 58KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
List of suspected clients/wbxtrace.dll
.dll windows:6 windows x86 arch:x86

540b0d6d53da0c8c146ee3251a675907

Code Sign

01:99:3e:38:97:0d:e6:08:8d:e6:b6:cb:39:bb:ee:24
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

06-03-2020 00:00

Not After

07-02-2023 12:00

Subject

CN=Cisco WebEx LLC,O=Cisco WebEx LLC,L=San Jose,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22-10-2013 12:00

Not After

22-10-2028 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

Issuer

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22-10-2014 00:00

Not After

22-10-2024 00:00

Subject

CN=DigiCert Timestamp Responder,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10-11-2006 00:00

Not After

10-11-2021 00:00

Subject

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageEmailProtection
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:99:3e:38:97:0d:e6:08:8d:e6:b6:cb:39:bb:ee:24
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

06-03-2020 00:00

Not After

07-02-2023 12:00

Subject

CN=Cisco WebEx LLC,O=Cisco WebEx LLC,L=San Jose,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22-10-2013 12:00

Not After

22-10-2028 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

04:cd:3f:85:68:ae:76:c6:1b:b0:fe:71:60:cc:a7:6d
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-10-2019 00:00

Not After

17-10-2030 00:00

Subject

CN=TIMESTAMP-SHA256-2019-10-15,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07-01-2016 12:00

Not After

07-01-2031 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

93:56:c2:54:b2:f0:e3:b7:30:82:46:90:44:04:7a:df:8b:a7:2b:35:52:f1:a5:2e:bc:4a:0b:9d:38:73:c2:ac
Signer

Actual PE Digest

93:56:c2:54:b2:f0:e3:b7:30:82:46:90:44:04:7a:df:8b:a7:2b:35:52:f1:a5:2e:bc:4a:0b:9d:38:73:c2:ac

Digest Algorithm

sha256

PE Digest Matches

false

dc:d3:1b:3c:52:87:65:aa:c0:2d:ac:7a:ca:d8:81:7e:d0:f5:93:5f
Signer

Actual PE Digest

dc:d3:1b:3c:52:87:65:aa:c0:2d:ac:7a:ca:d8:81:7e:d0:f5:93:5f

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

O:\webex-utils\output\maps\release\wbxtrace.pdb

Imports

kernel32

OutputDebugStringW
CloseHandle
GetLastError
QueryPerformanceCounter
QueryPerformanceFrequency
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
SetEvent
ReleaseMutex
WaitForSingleObject
CreateMutexW
OpenEventW
Sleep
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
GetCurrentThreadId
CreateProcessW
GetSystemTime
GetLocalTime
GetTickCount
GetSystemDirectoryW
GetVersionExW
GetTempPathW
CreateFileMappingW
OpenFileMappingW
MapViewOfFile
FlushViewOfFile
UnmapViewOfFile
FreeLibrary
GetModuleFileNameA
GetModuleFileNameW
GetModuleHandleW
GetProcAddress
LoadLibraryW
LocalFree
lstrcmpiW
lstrlenA
lstrlenW
OpenFile
WritePrivateProfileStringW
CopyFileW
IsBadReadPtr
MultiByteToWideChar
WideCharToMultiByte
GetOEMCP
IsDebuggerPresent
InitializeSListHead
GetSystemTimeAsFileTime
WriteFile
SetFilePointer
SetEndOfFile
ReadFile
QueryDosDeviceW
GetLogicalDriveStringsW
GetFileAttributesW
FindNextFileW
FindFirstFileW
CreateDirectoryW
FindClose
DeleteFileW
CreateFileW
VirtualQuery
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetStartupInfoW

user32

wsprintfW

advapi32

RegCloseKey
SetNamedSecurityInfoW
RegQueryValueExW
RegOpenKeyExW
SetSecurityDescriptorDacl
RevertToSelf
MapGenericMask
InitializeSecurityDescriptor
ImpersonateSelf
GetSecurityDescriptorSacl
GetFileSecurityW
AccessCheck
OpenThreadToken

shlwapi

PathAppendW
PathFileExistsW
PathFindFileNameW
PathRemoveExtensionW
PathRemoveFileSpecW

vcruntime140

__std_exception_copy
__std_exception_destroy
_except_handler4_common
__std_type_info_destroy_list
_CxxThrowException
memcpy
memset

api-ms-win-crt-runtime-l1-1-0

_execute_onexit_table
_register_onexit_function
_crt_atexit
_crt_at_quick_exit
_cexit
terminate
_initialize_onexit_table
_invalid_parameter_noinfo
_initialize_narrow_environment
_configure_narrow_argv
_initterm_e
_errno
_initterm
_seh_filter_dll

api-ms-win-crt-string-l1-1-0

wcsnlen
_wcsnicmp
wcscpy_s
strnlen
wcscat_s

api-ms-win-crt-heap-l1-1-0

malloc
free
_callnewh

api-ms-win-crt-utility-l1-1-0

rand
srand
qsort

api-ms-win-crt-convert-l1-1-0

_wtoi

api-ms-win-crt-filesystem-l1-1-0

_waccess

api-ms-win-crt-stdio-l1-1-0

_fseeki64
fread
ferror
__stdio_common_vsnprintf_s
__stdio_common_vsprintf
fwrite
fclose
__stdio_common_vswprintf
_ftelli64
_wfopen
fopen

api-ms-win-crt-time-l1-1-0

_ftime64
_time64

Exports

Exports

CopyLogFile2
WBXDEBUG
WBXDEBUGA
WBXDumpFileClose
WBXDumptoFile
WBXERROR
WBXERRORA
WBXINFO
WBXINFOA
WBXIsDebugMode
WBXJMF_UPLOAD_INTERNAL
WBXTELEMETRY_DATA
WBXTELEMETRY_INIT
WBXTELEMETRY_TICK
WBXTELEMETRY_UNINIT
WBXTELEMETRY_UPLOAD
WBXTRACE
WBXTRACEA
WBXTRACEADLLNAME_RESIDENT
WBXTRACEA_RESIDENT
WBXTRACERAW
WBXTRACERAWA
WBXTRACERAWADLLNAME_RESIDENT
WBXTRACERAWA_RESIDENT
WBXTRACERAW_RESIDENT
WBXTRACE_GETFILENAME
WBXTRACE_GETMAPFILE
WBXTRACE_GETTRACEROOTPATH
WBXTRACE_RESIDENT
WBXTRACE_SETFILESIZE
WBXTRACE_SETSUBFOLDERNAME
WBXTRACKING_INTERNAL
WBXTRACKING_UPLOAD_INTERNAL
WBXWARN
WBXWARNA
WBXZIPFILE
WBXZIP_PROCESS
WBXZipTrace
WbxTrace_ResetLog

Sections

.text
Size: 56KB - Virtual size: 56KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

09f04b8a77f4345bd6d451987e784d5e

Code Sign

01:99:3e:38:97:0d:e6:08:8d:e6:b6:cb:39:bb:ee:24Certificate

Extended Key Usages

Key Usages

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08Certificate

Extended Key Usages

Key Usages

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66Certificate

Extended Key Usages

Key Usages

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1bCertificate

Extended Key Usages

Key Usages

01:99:3e:38:97:0d:e6:08:8d:e6:b6:cb:39:bb:ee:24Certificate

Extended Key Usages

Key Usages

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08Certificate

Extended Key Usages

Key Usages

04:cd:3f:85:68:ae:76:c6:1b:b0:fe:71:60:cc:a7:6dCertificate

Extended Key Usages

Key Usages

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15Certificate

Extended Key Usages

Key Usages

78:d3:24:5e:85:3c:4b:c1:8b:37:3d:e5:6a:07:0e:44:4c:3d:b0:3f:96:39:b4:8a:99:d3:56:11:da:07:88:82Signer

65:d7:26:a4:38:96:f3:87:0e:8a:0d:1d:53:37:42:c0:e3:00:58:47Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

msvcp140

msimg32

dwmapi

usp10

imm32

vcruntime140

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-math-l1-1-0

Exports

Exports

Sections

.text Size: 400KB - Virtual size: 400KB

.rdata Size: 115KB - Virtual size: 114KB

.data Size: 22KB - Virtual size: 26KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 35KB - Virtual size: 35KB

c6ca052e00ae17bd34817e5c66c25980

Code Sign

33:00:00:00:b9:bc:0f:4e:57:e3:66:65:38:00:00:00:00:00:b9Certificate

Extended Key Usages

33:00:00:01:78:25:5a:b5:cd:23:c6:5f:95:00:01:00:00:01:78Certificate

Extended Key Usages

61:33:26:1a:00:00:00:00:00:31Certificate

Key Usages

61:16:68:34:00:00:00:00:00:1cCertificate

Extended Key Usages

Key Usages

33:00:00:01:52:ed:89:4e:58:52:dd:bc:2f:00:00:00:00:01:52Certificate

01:99:3e:38:97:0d:e6:08:8d:e6:b6:cb:39:bb:ee:24
Certificate

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

01:99:3e:38:97:0d:e6:08:8d:e6:b6:cb:39:bb:ee:24
Certificate

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

04:cd:3f:85:68:ae:76:c6:1b:b0:fe:71:60:cc:a7:6d
Certificate

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

78:d3:24:5e:85:3c:4b:c1:8b:37:3d:e5:6a:07:0e:44:4c:3d:b0:3f:96:39:b4:8a:99:d3:56:11:da:07:88:82
Signer

65:d7:26:a4:38:96:f3:87:0e:8a:0d:1d:53:37:42:c0:e3:00:58:47
Signer

.text
Size: 400KB - Virtual size: 400KB

.rdata
Size: 115KB - Virtual size: 114KB

.data
Size: 22KB - Virtual size: 26KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 35KB - Virtual size: 35KB

33:00:00:00:b9:bc:0f:4e:57:e3:66:65:38:00:00:00:00:00:b9
Certificate

33:00:00:01:78:25:5a:b5:cd:23:c6:5f:95:00:01:00:00:01:78
Certificate

61:33:26:1a:00:00:00:00:00:31
Certificate

61:16:68:34:00:00:00:00:00:1c
Certificate

33:00:00:01:52:ed:89:4e:58:52:dd:bc:2f:00:00:00:00:01:52
Certificate

61:0c:52:4c:00:00:00:00:00:03
Certificate

0b:ca:f1:b3:24:c9:2b:a6:a7:10:5d:74:76:60:4b:73:02:19:70:3f:63:d9:2e:00:76:77:35:ac:00:76:3f:b1
Signer

b2:9c:71:c6:99:a0:3c:8b:79:f2:1c:fa:3f:fd:51:c9:f8:4f:63:ad
Signer

.text
Size: 383KB - Virtual size: 383KB

.data
Size: 6KB - Virtual size: 10KB

.idata
Size: 5KB - Virtual size: 5KB

.didat
Size: 512B - Virtual size: 52B

.rsrc
Size: 1024B - Virtual size: 1016B

.reloc
Size: 14KB - Virtual size: 14KB

01:99:3e:38:97:0d:e6:08:8d:e6:b6:cb:39:bb:ee:24
Certificate

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

01:99:3e:38:97:0d:e6:08:8d:e6:b6:cb:39:bb:ee:24
Certificate

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

04:cd:3f:85:68:ae:76:c6:1b:b0:fe:71:60:cc:a7:6d
Certificate

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

fe:a6:d7:76:39:0f:f4:c7:e6:03:35:6d:a3:86:5d:43:68:d7:52:ed:ec:a6:ab:2d:fc:94:37:23:33:d9:30:46
Signer

ff:d5:6f:45:d7:9c:03:91:86:60:10:20:81:8b:67:e3:08:e2:24:a4
Signer