yQIRHmxCMLdLbqed[.]zip

Resubmissions

14-03-2024 20:30

240314-zagf2age32 3

14-03-2024 20:25

240314-y7a5vaeb91 3

Sharing

Copy URL

Twitter E-mail

General

Target

yQIRHmxCMLdLbqed.zip
Size

8.8MB
MD5

332151defd8642ffc92e73f00e058e6d
SHA1

51128a89d728129195bca083033605faf156ebc2
SHA256

121c30671f2be490dd96313fab1df90799e38ab4a844bee25c19298aee61381a
SHA512

fe6c8df8302308deda536bb256c5346e9e8142c045ee3b882bd369998229bb3d366fd7e93ba142d14a626139b1ecb3e0fa56f486c1fb8ffa0e5d6f2149314dbe
SSDEEP

196608:yESg6okNux/jmoRD9IOhRQJGNna02OBjYkdvHRLDp0uok2:yES6x/isvhna02OukJHRNdP2

Score

3^/10

Malware Config

Signatures

Unsigned PE 4 IoCs

Checks for missing Authenticode signature.

resource
unpack001/yQIRHmxCMLdLbqed/WSCHandler.exe
unpack001/yQIRHmxCMLdLbqed/boost_date_time-vc142-mt-x64-1_72.dll
unpack001/yQIRHmxCMLdLbqed/boost_system_vc140_mt_1_59.dll
unpack001/yQIRHmxCMLdLbqed/boost_thread-vc142-mt-x64-1_72.dll

Files

yQIRHmxCMLdLbqed.zip
.zip
yQIRHmxCMLdLbqed/PayGuard.ico
yQIRHmxCMLdLbqed/Readme.ico
yQIRHmxCMLdLbqed/ShorcutLauncher.exe
.exe windows:6 windows x64 arch:x64

43b6580915f07ded0d4cf8379deb738b

Code Sign

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22-10-2013 12:00

Not After

22-10-2028 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

05:ad:e4:6d:b0:2a:2f:78:46:2a:29:37:27:e8:d8:74
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

12-03-2021 00:00

Not After

08-06-2024 23:59

Subject

CN=Trend Micro\, Inc.,O=Trend Micro\, Inc.,L=Da’an District,ST=Taipei City,C=TW

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21-09-2022 00:00

Not After

21-11-2033 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23-03-2022 00:00

Not After

22-03-2037 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-08-2022 00:00

Not After

09-11-2031 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

e7:2f:40:60:ba:e3:90:10:31:14:4a:23:3d:d9:38:6d:0a:ed:37:4a:fc:9c:e3:d7:db:88:f4:f1:ed:b7:f0:08
Signer

Actual PE Digest

e7:2f:40:60:ba:e3:90:10:31:14:4a:23:3d:d9:38:6d:0a:ed:37:4a:fc:9c:e3:d7:db:88:f4:f1:ed:b7:f0:08

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

D:\actions-runner\_work\Titanium\Titanium\src\build\symbol\Release\x64\ShorcutLauncher.pdb

Imports

kernel32

GetConsoleMode
ConvertFiberToThread
RtlVirtualUnwind
DeleteFiber
GetFileType
GetModuleHandleExW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
SetLastError
LocalAlloc
GetEnvironmentVariableW
WaitForSingleObjectEx
QueryPerformanceFrequency
QueryPerformanceCounter
ReleaseSemaphore
CreateEventA
CreateSemaphoreA
LocalFree
FormatMessageW
GetCurrentThreadId
GetExitCodeProcess
FreeConsole
SetConsoleScreenBufferSize
GetStdHandle
GetConsoleScreenBufferInfo
AttachConsole
OpenProcess
GetTempPathW
GetCurrentProcessId
TerminateProcess
GetFullPathNameW
GetGeoInfoW
ReadConsoleA
IsValidLocale
GetUserDefaultUILanguage
GetPrivateProfileSectionNamesW
GetPrivateProfileSectionW
GetPrivateProfileStringW
GetPrivateProfileIntW
WritePrivateProfileStringW
FindClose
WriteFile
ReadFile
CreateFileW
OpenMutexW
ReleaseMutex
CreateMutexW
GetTimeZoneInformation
GetSystemDefaultLCID
GetVersionExW
GetSystemTime
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
GetUserDefaultLCID
GetSystemTimeAsFileTime
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
FindNextFileW
FindFirstFileW
GetSystemDirectoryW
WideCharToMultiByte
LoadLibraryExA
VirtualQuery
VirtualProtect
GetSystemInfo
ReadConsoleW
LoadLibraryA
ResetEvent
RtlCaptureContext
RtlLookupFunctionEntry
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
InitializeSListHead
CreatePipe
DuplicateHandle
GetTickCount
MultiByteToWideChar
DeleteFileA
GetTempFileNameA
GetTempPathA
lstrlenA
LoadLibraryExW
VerifyVersionInfoW
VerSetConditionMask
InitializeCriticalSectionAndSpinCount
GetModuleHandleW
GlobalFree
WaitForMultipleObjects
GetCurrentProcess
FreeLibrary
GetProcAddress
GetLocalTime
LoadLibraryW
DeleteFileW
SetEvent
CreateEventW
OpenEventW
WaitForSingleObject
Sleep
CreateProcessW
CloseHandle
OutputDebugStringW
GetModuleFileNameW
SetDllDirectoryW
GetProcessHeap
DeleteCriticalSection
HeapDestroy
SetConsoleMode
HeapAlloc
RaiseException
HeapReAlloc
GetLastError
HeapSize
InitializeCriticalSectionEx
GetUserGeoID
HeapFree

user32

FindWindowW
PostMessageW
FindWindowExW
GetSystemMetrics
GetProcessWindowStation
GetShellWindow
EnumChildWindows
MessageBoxW
EnumWindows
GetUserObjectInformationW
GetWindowThreadProcessId
RegisterWindowMessageW
GetClassNameW

advapi32

RegSetValueExW
RegDeleteValueW
RegFlushKey
RegDeleteKeyW
RegEnumKeyExW
CryptDestroyHash
CryptHashData
CryptCreateHash
CryptDecrypt
CryptEncrypt
CryptDestroyKey
CryptDeriveKey
CryptReleaseContext
CryptAcquireContextW
QueryServiceStatus
OpenServiceW
SetTokenInformation
ConvertStringSidToSidW
ReportEventW
RegisterEventSourceW
DeregisterEventSource
DuplicateTokenEx
GetUserNameW
ImpersonateLoggedOnUser
RevertToSelf
CreateProcessAsUserW
InitializeSecurityDescriptor
MakeAbsoluteSD
GetSecurityDescriptorControl
GetSecurityDescriptorLength
MakeSelfRelativeSD
GetSecurityDescriptorSacl
SetSecurityDescriptorDacl
GetSecurityDescriptorDacl
ConvertStringSecurityDescriptorToSecurityDescriptorW
GetTokenInformation
RegOpenKeyExW
StartServiceW
OpenProcessToken
ChangeServiceConfig2W
OpenSCManagerW
CloseServiceHandle
RegCloseKey
CreateServiceW
RegQueryValueExW
GetSecurityDescriptorGroup
GetSecurityDescriptorOwner
GetAclInformation
AddAce
InitializeAcl
IsValidSid
GetLengthSid
CopySid
GetSidSubAuthority
InitializeSid
GetSidLengthRequired
RegOpenCurrentUser
RegEnumValueW
RegCreateKeyExW

shell32

SHGetPathFromIDListW
SHGetSpecialFolderPathW
ShellExecuteExW
SHLoadNonloadedIconOverlayIdentifiers
SHCreateDirectoryExW
SHGetSpecialFolderLocation
ShellExecuteW
SHGetMalloc

ws2_32

getaddrinfo
WSASetLastError
closesocket
recv
WSACleanup
WSAStartup
inet_addr
WSAGetLastError
freeaddrinfo
getnameinfo
gethostname
send

wtsapi32

WTSQueryUserToken

wintrust

CryptCATAdminReleaseCatalogContext
CryptCATAdminReleaseContext
CryptCATAdminAcquireContext
CryptCATAdminCalcHashFromFileHandle
CryptCATCatalogInfoFromContext
WTHelperProvDataFromStateData
WinVerifyTrust
WTHelperGetProvSignerFromChain
CryptCATAdminEnumCatalogFromHash

msvcp140

?sync_with_stdio@ios_base@std@@SA_N_N@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@G@Z
_Mbrtowc
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?uncaught_exception@std@@YA_NXZ
?_Xbad_alloc@std@@YAXXZ
?_Xlength_error@std@@YAXPEBD@Z
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
?_Getcvt@_Locinfo@std@@QEBA?AU_Cvtvec@@XZ
?_Xbad_function_call@std@@YAXXZ
_Mtx_destroy_in_situ
_Cnd_destroy_in_situ
?_Xinvalid_argument@std@@YAXPEBD@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@I@Z
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@_J@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@I@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
?_Xout_of_range@std@@YAXPEBD@Z
??1_Lockit@std@@QEAA@XZ
??0_Lockit@std@@QEAA@H@Z
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
?_Init@locale@std@@CAPEAV_Locimp@12@_N@Z
?classic@locale@std@@SAAEBV12@XZ
?id@?$numpunct@_W@std@@2V0locale@2@A
??1facet@locale@std@@MEAA@XZ
??0facet@locale@std@@IEAA@_K@Z
?_Decref@facet@locale@std@@UEAAPEAV_Facet_base@3@XZ
?_Incref@facet@locale@std@@UEAAXXZ
??Bid@locale@std@@QEAA_KXZ
?_Gettrue@_Locinfo@std@@QEBAPEBDXZ
?_Getfalse@_Locinfo@std@@QEBAPEBDXZ
?_Getlconv@_Locinfo@std@@QEBAPEBUlconv@@XZ
??1_Locinfo@std@@QEAA@XZ
??0_Locinfo@std@@QEAA@PEBD@Z
_Query_perf_frequency
_Thrd_sleep
_Query_perf_counter
_Xtime_get_ticks
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
?id@?$ctype@_W@std@@2V0locale@2@A
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@AEAH@Z
?_Ipfx@?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAA_N_N@Z
?snextc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAAGXZ
?sgetc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAAGXZ
??0?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAA@XZ
?eback@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEBAPEA_WXZ
?gptr@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEBAPEA_WXZ
?pptr@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEBAPEA_WXZ
?egptr@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEBAPEA_WXZ
?_Pninc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAAPEA_WXZ
?setstate@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEAAXH_N@Z
??0?$basic_ios@_WU?$char_traits@_W@std@@@std@@IEAA@XZ
??0?$basic_iostream@_WU?$char_traits@_W@std@@@std@@QEAA@PEAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@@Z
??1?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
?_Lock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UEAAXXZ
?_Unlock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UEAAXXZ
?showmanyc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAA_JXZ
?uflow@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAGXZ
?xsgetn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAA_JPEA_W_J@Z
?xsputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAA_JPEB_W_J@Z
?setbuf@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAPEAV12@PEA_W_J@Z
?sync@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAHXZ
?imbue@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAXAEBVlocale@2@@Z
?tellg@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA?AV?$fpos@U_Mbstatet@@@2@XZ
?seekg@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@_JH@Z
?read@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEAD_J@Z
??1?$basic_ios@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@H@Z
??1?$basic_iostream@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
?getloc@ios_base@std@@QEBA?AVlocale@2@XZ
?_Getcat@?$ctype@_W@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?is@?$ctype@_W@std@@QEBA_NF_W@Z
_Cnd_signal
_Mtx_current_owns
_Cnd_init_in_situ
?_Throw_Cpp_error@std@@YAXH@Z
?_Throw_C_error@std@@YAXH@Z
_Cnd_timedwait
??1?$codecvt@_WDU_Mbstatet@@@std@@MEAA@XZ
??0?$codecvt@_WDU_Mbstatet@@@std@@QEAA@_K@Z
_Mtx_lock
_Mtx_init_in_situ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA_N_N@Z
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
_Mtx_unlock
?_Osfx@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAXXZ
?flush@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV12@XZ
?sputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAA_JPEB_W_J@Z
?sputc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAAG_W@Z
?pbase@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEBAPEA_WXZ
?setw@std@@YA?AU?$_Smanip@_J@1@_J@Z
??0?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAA@PEAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@_N@Z
??1?$basic_ostream@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@K@Z
?_Fiopen@std@@YAPEAU_iobuf@@PEB_WHH@Z
?id@?$codecvt@_WDU_Mbstatet@@@std@@2V0locale@2@A
?_Getcat@?$codecvt@_WDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@_K@Z
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?out@?$codecvt@_WDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEB_W1AEAPEB_WPEAD3AEAPEAD@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAPEAD0PEAH001@Z
?in@?$codecvt@_WDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEA_W3AEAPEA_W@Z
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?always_noconv@codecvt_base@std@@QEBA_NXZ
?widen@?$ctype@_W@std@@QEBA_WD@Z
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A

shlwapi

PathFindFileNameA
PathFileExistsW

userenv

CreateEnvironmentBlock
DestroyEnvironmentBlock
LoadUserProfileW
UnloadUserProfile

rpcrt4

RpcBindingSetAuthInfoW
RpcStringBindingComposeW
RpcStringFreeA
RpcServerRegisterAuthInfoW
NdrServerCall2
RpcServerUseProtseqEpW
UuidToStringW
UuidToStringA
RpcServerUnregisterIf
RpcStringFreeW
RpcServerRegisterIfEx
NdrClientCall2
RpcBindingFromStringBindingW

boost_date_time-vc142-mt-x64-1_72

??0greg_month@gregorian@boost@@QEAA@G@Z

winhttp

WinHttpWriteData
WinHttpAddRequestHeaders
WinHttpGetIEProxyConfigForCurrentUser
WinHttpSetTimeouts
WinHttpSetOption
WinHttpGetProxyForUrl
WinHttpCloseHandle
WinHttpQueryAuthSchemes
WinHttpSetStatusCallback
WinHttpReadData
WinHttpQueryHeaders
WinHttpReceiveResponse
WinHttpSendRequest
WinHttpSetCredentials
WinHttpCrackUrl
WinHttpConnect
WinHttpOpenRequest
WinHttpOpen

urlmon

URLDownloadToFileA

crypt32

CertFreeCertificateContext
CertGetNameStringW
CertFindCertificateInStore
CryptMsgGetParam
CertCloseStore
CryptMsgClose
CryptQueryObject

bcrypt

BCryptGenRandom

vcruntime140_1

__CxxFrameHandler4

vcruntime140

__std_exception_destroy
__std_exception_copy
_purecall
__std_terminate
__std_type_info_compare
wcsstr
strchr
strstr
__RTDynamicCast
memcpy
memmove
memset
memcmp
memchr
strrchr
__CxxFrameHandler3
_CxxThrowException
__C_specific_handler
__current_exception
__current_exception_context

api-ms-win-crt-heap-l1-1-0

_set_new_mode
realloc
free
malloc
_callnewh
_recalloc
calloc

api-ms-win-crt-runtime-l1-1-0

strerror
strerror_s
_exit
_invalid_parameter_noinfo
signal
_errno
_invalid_parameter_noinfo_noreturn
_initialize_onexit_table
raise
_register_onexit_function
_crt_atexit
_cexit
_seh_filter_exe
_set_app_type
_getpid
_configure_wide_argv
_initialize_wide_environment
_register_thread_local_exe_atexit_callback
_c_exit
_get_wide_winmain_command_line
exit
_initterm_e
_initterm
terminate

api-ms-win-crt-time-l1-1-0

_gmtime64_s
_time64
_gmtime64

api-ms-win-crt-stdio-l1-1-0

setvbuf
_dup2
_close
__stdio_common_vsprintf_s
fflush
ungetc
fgetc
__stdio_common_vsnwprintf_s
fsetpos
_fseeki64
fputs
fgetpos
fopen
__stdio_common_vsscanf
fwrite
__stdio_common_vswprintf
__p__commode
_setmode
fgets
ferror
feof
_get_stream_buffer_pointers
__acrt_iob_func
fclose
fputc
_wfopen_s
fread
_wfopen
__stdio_common_vfprintf
__stdio_common_vsnprintf_s
__stdio_common_vswprintf_s
__stdio_common_vsprintf
__stdio_common_vfwprintf_s
fseek
ftell
__stdio_common_vswscanf
freopen
_dup
_fileno
_set_fmode

api-ms-win-crt-convert-l1-1-0

_strtoui64
_wtoi
atof
wcstoull
_itow_s
wcstod
atoi
strtoul
wcstol
wcstoul
wcstoll
strtol

api-ms-win-crt-string-l1-1-0

isdigit
isalnum
_wcslwr_s
_wcsupr_s
wcsnlen
wcsncmp
isalpha
wcscat_s
_wcsicmp
wcsncpy_s
wcsncpy
strcpy_s
strncpy
isspace
toupper
wcspbrk
strncpy_s
strcspn
strncmp
strspn
strcmp
wcscpy_s
_strnicmp
_stricmp
ispunct
tolower
_wcsnicmp

api-ms-win-crt-math-l1-1-0

modf
ceil
ceilf
__setusermatherr
floor

api-ms-win-crt-filesystem-l1-1-0

_waccess
_wsplitpath
_stat64i32
_lock_file
_wstat64i32
_wsplitpath_s
_unlock_file

api-ms-win-crt-utility-l1-1-0

qsort

api-ms-win-crt-environment-l1-1-0

getenv

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

ole32

CoCreateGuid
CoCreateInstance
CoInitializeSecurity
CoInitializeEx
StringFromGUID2
CoUninitialize

oleaut32

VariantClear
VariantInit
SysAllocString
SysFreeString

Sections

.text
Size: 2.0MB - Virtual size: 2.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 722KB - Virtual size: 721KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 45KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 79KB - Virtual size: 79KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
yQIRHmxCMLdLbqed/Support.ico
yQIRHmxCMLdLbqed/TiMiniService.exe
.exe windows:6 windows x64 arch:x64

d8b33b2494c7e7a4654601b80e6e4ce5

Code Sign

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22-10-2013 12:00

Not After

22-10-2028 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

05:ad:e4:6d:b0:2a:2f:78:46:2a:29:37:27:e8:d8:74
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

12-03-2021 00:00

Not After

08-06-2024 23:59

Subject

CN=Trend Micro\, Inc.,O=Trend Micro\, Inc.,L=Da’an District,ST=Taipei City,C=TW

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21-09-2022 00:00

Not After

21-11-2033 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23-03-2022 00:00

Not After

22-03-2037 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-08-2022 00:00

Not After

09-11-2031 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

f4:34:37:d6:78:83:b7:1b:dc:a6:92:f1:b2:2e:e6:b9:25:f5:3d:99:ef:d2:01:96:32:81:c0:ca:cf:d0:b7:e6
Signer

Actual PE Digest

f4:34:37:d6:78:83:b7:1b:dc:a6:92:f1:b2:2e:e6:b9:25:f5:3d:99:ef:d2:01:96:32:81:c0:ca:cf:d0:b7:e6

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

D:\Jenkins\workspace\Titanium\Titanium_17.7\src\build\symbol\Release\x64\TiMiniService.pdb

Imports

kernel32

MultiByteToWideChar
EnterCriticalSection
LeaveCriticalSection
GetLocalTime
GetVersionExW
GetModuleHandleW
CreateFileW
FindFirstFileW
WriteFile
FlushFileBuffers
FindClose
FindNextFileW
WritePrivateProfileStringW
GetPrivateProfileIntW
GetPrivateProfileSectionW
GetPrivateProfileSectionNamesW
GetCurrentProcessId
ResumeThread
LoadLibraryExW
FreeLibrary
WideCharToMultiByte
LocalAlloc
LocalFree
GetCurrentProcess
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
InitializeCriticalSectionAndSpinCount
SetEvent
ResetEvent
WaitForSingleObjectEx
CreateEventW
IsDebuggerPresent
GetStartupInfoW
QueryPerformanceCounter
GetSystemTimeAsFileTime
InitializeSListHead
GetStringTypeW
EncodePointer
SetLastError
SwitchToThread
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
CompareStringW
LCMapStringW
GetLocaleInfoW
GetCPInfo
RtlUnwindEx
RtlPcToFileHeader
ExitThread
FreeLibraryAndExitThread
GetModuleHandleExW
ExitProcess
GetStdHandle
GetCommandLineA
GetCommandLineW
GetFileType
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
FindFirstFileExW
IsValidCodePage
GetACP
GetOEMCP
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetStdHandle
GetFileSizeEx
SetFilePointerEx
GetConsoleCP
GetConsoleMode
WriteConsoleW
SetEnvironmentVariableW
OutputDebugStringW
GetExitCodeProcess
GetPrivateProfileStringW
Sleep
CreateProcessW
TerminateProcess
GetProcessHeap
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
HeapDestroy
GetCurrentThreadId
GetModuleFileNameW
WaitForSingleObject
CreateThread
CloseHandle
LoadLibraryW
DecodePointer
GetProcAddress
InitializeCriticalSectionEx
GetLastError
RaiseException
DeleteCriticalSection
InitializeCriticalSection

user32

PostThreadMessageW
GetUserObjectInformationW
GetThreadDesktop

advapi32

GetAclInformation
InitializeAcl
IsValidSid
GetLengthSid
CopySid
GetSidSubAuthority
InitializeSid
GetSidLengthRequired
RegEnumValueW
RegSetValueExW
RegQueryValueExW
RegEnumKeyExW
RegFlushKey
RegCloseKey
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
RegOpenKeyExW
GetSecurityDescriptorOwner
GetSecurityDescriptorGroup
GetSecurityDescriptorDacl
SetSecurityDescriptorDacl
GetSecurityDescriptorSacl
InitializeSecurityDescriptor
MakeAbsoluteSD
LogonUserW
CreateProcessAsUserW
OpenSCManagerW
OpenServiceW
ControlService
CloseServiceHandle
StartServiceW
RegisterServiceCtrlHandlerExW
SetServiceStatus
DeleteService
CreateServiceW
ChangeServiceConfig2W
StartServiceCtrlDispatcherW
AddAce
GetSecurityDescriptorControl
GetSecurityDescriptorLength
MakeSelfRelativeSD

shlwapi

wnsprintfW
PathFindFileNameA

Sections

.text
Size: 246KB - Virtual size: 246KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 108KB - Virtual size: 108KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 148B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
yQIRHmxCMLdLbqed/TiPreAU.exe
.exe windows:6 windows x64 arch:x64

cbe729f868591b3fb56c5d4c12f76287

Code Sign

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22-10-2013 12:00

Not After

22-10-2028 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

05:ad:e4:6d:b0:2a:2f:78:46:2a:29:37:27:e8:d8:74
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

12-03-2021 00:00

Not After

08-06-2024 23:59

Subject

CN=Trend Micro\, Inc.,O=Trend Micro\, Inc.,L=Da’an District,ST=Taipei City,C=TW

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21-09-2022 00:00

Not After

21-11-2033 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23-03-2022 00:00

Not After

22-03-2037 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-08-2022 00:00

Not After

09-11-2031 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

66:00:81:07:0e:e9:c1:0f:21:ef:7a:a2:79:44:be:99:11:2e:d2:58:e5:68:86:42:50:c3:b5:86:4d:03:f5:68
Signer

Actual PE Digest

66:00:81:07:0e:e9:c1:0f:21:ef:7a:a2:79:44:be:99:11:2e:d2:58:e5:68:86:42:50:c3:b5:86:4d:03:f5:68

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

D:\Jenkins\workspace\Titanium\Titanium_17.7\src\build\symbol\Release\x64\TiPreAU.pdb

Imports

winhttp

WinHttpReadData
WinHttpWriteData
WinHttpAddRequestHeaders
WinHttpSetTimeouts
WinHttpSetStatusCallback
WinHttpGetIEProxyConfigForCurrentUser
WinHttpGetProxyForUrl
WinHttpQueryHeaders
WinHttpReceiveResponse
WinHttpSendRequest
WinHttpSetOption
WinHttpOpenRequest
WinHttpConnect
WinHttpCrackUrl
WinHttpCloseHandle
WinHttpOpen

ws2_32

WSAStartup
inet_addr
gethostname
getnameinfo
getaddrinfo
freeaddrinfo

urlmon

URLDownloadToFileA

kernel32

OutputDebugStringW
SetCurrentDirectoryW
MoveFileW
RemoveDirectoryW
GetWindowsDirectoryW
GetModuleFileNameW
GetCommandLineW
FreeLibrary
LoadLibraryW
LocalFree
GetProcessHeap
DeleteCriticalSection
HeapDestroy
DecodePointer
HeapAlloc
RaiseException
HeapReAlloc
HeapSize
InitializeCriticalSectionEx
HeapFree
WideCharToMultiByte
MultiByteToWideChar
GlobalFree
DeleteFileA
GetTempFileNameA
WriteConsoleW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetOEMCP
GetACP
IsValidCodePage
SetStdHandle
GetFileSizeEx
GetConsoleCP
GetTempPathA
GetProcAddress
LoadLibraryA
GetLastError
lstrlenA
SetFileAttributesW
GetCurrentThreadId
WaitForSingleObject
CloseHandle
GetExitCodeProcess
GetModuleHandleW
FindFirstFileW
GetFileAttributesW
FindNextFileW
GetSystemTimeAsFileTime
GetUserDefaultLCID
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetLocalTime
GetUserDefaultUILanguage
IsValidLocale
CreateSemaphoreA
CreateEventA
GetCurrentProcess
DuplicateHandle
ReleaseSemaphore
QueryPerformanceCounter
QueryPerformanceFrequency
WaitForSingleObjectEx
SetEvent
GetVersionExW
CreateFileW
DeleteFileW
GetFileSize
ReadFile
WriteFile
FlushFileBuffers
SetEndOfFile
FindClose
MoveFileExW
GetCurrentProcessId
CreateProcessW
GetEnvironmentVariableW
CreateMutexW
ReleaseMutex
Sleep
WritePrivateProfileStringW
GetPrivateProfileIntW
GetPrivateProfileStringW
GetPrivateProfileSectionW
GetPrivateProfileSectionNamesW
LoadLibraryExW
TerminateProcess
GetStdHandle
SetThreadPriority
LocalAlloc
IsDebuggerPresent
GetStringTypeW
TryEnterCriticalSection
FindFirstFileExW
SetFilePointerEx
SetLastError
EncodePointer
InitializeCriticalSectionAndSpinCount
CreateEventW
SwitchToThread
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetTickCount
GetCPInfo
LCMapStringW
GetLocaleInfoW
ResetEvent
WaitForMultipleObjectsEx
OpenEventA
SetWaitableTimer
GetLogicalProcessorInformation
GetModuleHandleA
CreateWaitableTimerA
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
GetStartupInfoW
InitializeSListHead
CreatePipe
CreateTimerQueue
SignalObjectAndWait
CreateThread
GetThreadPriority
CreateTimerQueueTimer
ChangeTimerQueueTimer
DeleteTimerQueueTimer
GetNumaHighestNodeNumber
GetProcessAffinityMask
SetThreadAffinityMask
RegisterWaitForSingleObject
UnregisterWait
GetCurrentThread
GetThreadTimes
FreeLibraryAndExitThread
VirtualAlloc
VirtualProtect
VirtualFree
InterlockedPopEntrySList
InterlockedPushEntrySList
InterlockedFlushSList
QueryDepthSList
UnregisterWaitEx
RtlUnwindEx
RtlPcToFileHeader
ExitProcess
GetModuleHandleExW
GetFileType
EnumSystemLocalesW
GetConsoleMode
ReadConsoleW

user32

MsgWaitForMultipleObjects
TranslateMessage
PeekMessageW
DispatchMessageW

shell32

CommandLineToArgvW

ole32

CoUninitialize
CoInitializeEx
StringFromGUID2
CoCreateGuid

wintrust

WTHelperProvDataFromStateData
WTHelperGetProvSignerFromChain
WinVerifyTrust

shlwapi

PathFindFileNameA

crypt32

CertGetNameStringW
CertFreeCertificateContext
CertFindCertificateInStore
CertCloseStore
CryptMsgGetParam
CryptQueryObject
CryptMsgClose

advapi32

GetSecurityDescriptorOwner
AddAce
InitializeAcl
SetTokenInformation
ConvertStringSidToSidW
DuplicateTokenEx
OpenProcessToken
InitializeSecurityDescriptor
MakeAbsoluteSD
GetSecurityDescriptorControl
GetSecurityDescriptorLength
MakeSelfRelativeSD
GetSecurityDescriptorSacl
SetSecurityDescriptorDacl
GetSecurityDescriptorDacl
GetSecurityDescriptorGroup
IsValidSid
GetLengthSid
CopySid
GetAclInformation
GetSidSubAuthority
RegOpenKeyExW
RegCreateKeyExW
RegDeleteKeyW
RegDeleteValueW
RegCloseKey
RegFlushKey
RegEnumKeyExW
RegQueryValueExW
RegSetValueExW
RegEnumValueW
CreateProcessAsUserW
GetSidLengthRequired
InitializeSid

rpcrt4

NdrServerCall2

Exports

Exports

CheckConnection
GetIEProxySetting
SentHttp

Sections

.text
Size: 594KB - Virtual size: 593KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 208KB - Virtual size: 208KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 17KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 31KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 148B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
yQIRHmxCMLdLbqed/TmDbgLog.dll
.dll windows:6 windows x64 arch:x64

f8561414f8de9b4677267b8a592a4336

Code Sign

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22-10-2013 12:00

Not After

22-10-2028 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

05:ad:e4:6d:b0:2a:2f:78:46:2a:29:37:27:e8:d8:74
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

12-03-2021 00:00

Not After

08-06-2024 23:59

Subject

CN=Trend Micro\, Inc.,O=Trend Micro\, Inc.,L=Da’an District,ST=Taipei City,C=TW

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21-09-2022 00:00

Not After

21-11-2033 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23-03-2022 00:00

Not After

22-03-2037 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-08-2022 00:00

Not After

09-11-2031 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

a4:2c:b5:6b:b2:f3:b5:f3:a6:eb:2c:c8:01:90:c8:b4:32:36:6a:27:76:33:f0:e0:8e:d0:eb:b2:7e:87:d5:5e
Signer

Actual PE Digest

a4:2c:b5:6b:b2:f3:b5:f3:a6:eb:2c:c8:01:90:c8:b4:32:36:6a:27:76:33:f0:e0:8e:d0:eb:b2:7e:87:d5:5e

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

D:\Jenkins\workspace\Titanium\Titanium_17.7\src\build\symbol\Release\x64\TmDbgLog.pdb

Imports

kernel32

SetFilePointer
WriteFile
FlushFileBuffers
FindClose
FindNextFileW
WaitForSingleObject
CreateMutexW
ReleaseMutex
GetVersionExW
GetModuleHandleW
GetProcAddress
LoadLibraryExW
LoadLibraryW
FreeLibrary
GetStringTypeW
EnterCriticalSection
LeaveCriticalSection
EncodePointer
SetLastError
InitializeCriticalSectionAndSpinCount
CreateEventW
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
GetCPInfo
IsDebuggerPresent
SetEvent
ResetEvent
WaitForSingleObjectEx
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
GetStartupInfoW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
InitializeSListHead
RtlUnwindEx
InterlockedFlushSList
RtlPcToFileHeader
ExitProcess
GetModuleHandleExW
GetModuleFileNameW
SetFilePointerEx
GetStdHandle
GetFileType
GetConsoleMode
GetConsoleCP
FindFirstFileExW
IsValidCodePage
GetACP
GetOEMCP
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetStdHandle
WriteConsoleW
CreateFileW
CloseHandle
WideCharToMultiByte
MultiByteToWideChar
ReadFile
DisableThreadLibraryCalls
GetFileAttributesW
CreateDirectoryW
OutputDebugStringW
GetWindowsDirectoryW
GetProcessHeap
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
HeapDestroy
DecodePointer
DeleteCriticalSection
InitializeCriticalSectionEx
GetLastError
RaiseException
LCMapStringW
LocalFree

advapi32

RegEnumKeyExW
RegCloseKey
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
RegOpenKeyExW
InitializeSecurityDescriptor
MakeAbsoluteSD
GetSecurityDescriptorControl
GetSecurityDescriptorLength
MakeSelfRelativeSD
GetSecurityDescriptorSacl
SetSecurityDescriptorDacl
GetSecurityDescriptorDacl
GetSecurityDescriptorGroup
GetSecurityDescriptorOwner
GetAclInformation
RegEnumValueW
CopySid
LookupAccountNameW
ConvertSidToStringSidW
GetUserNameW
AddAce
RegSetValueExW
InitializeAcl
IsValidSid
GetLengthSid
GetSidSubAuthority
InitializeSid
GetSidLengthRequired
RegQueryValueExW
RegFlushKey

shell32

SHGetSpecialFolderPathW

Exports

Exports

TmDbgInitialize
TmDbgTrace
TmDbgUninitialize

Sections

.text
Size: 129KB - Virtual size: 128KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 79KB - Virtual size: 79KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 148B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
yQIRHmxCMLdLbqed/TmVizorShortCut_W8.dll
.dll windows:6 windows x64 arch:x64

52a1cbb9fa9b1fa8a89f75162908fd3c

Code Sign

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22-10-2013 12:00

Not After

22-10-2028 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

05:ad:e4:6d:b0:2a:2f:78:46:2a:29:37:27:e8:d8:74
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

12-03-2021 00:00

Not After

08-06-2024 23:59

Subject

CN=Trend Micro\, Inc.,O=Trend Micro\, Inc.,L=Da’an District,ST=Taipei City,C=TW

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21-09-2022 00:00

Not After

21-11-2033 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23-03-2022 00:00

Not After

22-03-2037 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-08-2022 00:00

Not After

09-11-2031 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

80:be:c0:c0:a1:90:b4:47:2a:8e:0a:53:8d:51:9e:cc:8b:8d:6c:70:35:53:fe:89:2d:fe:dd:11:e2:57:a8:db
Signer

Actual PE Digest

80:be:c0:c0:a1:90:b4:47:2a:8e:0a:53:8d:51:9e:cc:8b:8d:6c:70:35:53:fe:89:2d:fe:dd:11:e2:57:a8:db

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

D:\Jenkins\workspace\Titanium\Titanium_17.7\src\build\symbol\Release\x64\TmVizorShortCut_W8.pdb

Imports

rpcrt4

UuidFromStringW

kernel32

GetModuleHandleExW
WriteConsoleW
GetLastError
OutputDebugStringW
LoadLibraryW
GetProcAddress
FreeLibrary
CloseHandle
CreateFileW
SetFilePointerEx
GetConsoleMode
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
RtlUnwindEx
InterlockedFlushSList
SetLastError
RaiseException
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
ExitProcess
GetModuleFileNameW
HeapAlloc
HeapFree
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
MultiByteToWideChar
WideCharToMultiByte
GetEnvironmentStringsW
FreeEnvironmentStringsW
LCMapStringW
GetProcessHeap
GetStdHandle
GetFileType
GetStringTypeW
HeapSize
HeapReAlloc
SetStdHandle
FlushFileBuffers
WriteFile
GetConsoleCP

ole32

PropVariantClear
CoInitialize
CoTaskMemAlloc
CoUninitialize
CoCreateInstance

Exports

Exports

CreateShortcutForWin10
SetPinPropertyForWin8

Sections

.text
Size: 44KB - Virtual size: 44KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 148B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
yQIRHmxCMLdLbqed/TmWin8SdkUtility.dll
.dll windows:6 windows x64 arch:x64

8c633f60638336c413a8faf4f657d784

Code Sign

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22-10-2013 12:00

Not After

22-10-2028 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

05:ad:e4:6d:b0:2a:2f:78:46:2a:29:37:27:e8:d8:74
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

12-03-2021 00:00

Not After

08-06-2024 23:59

Subject

CN=Trend Micro\, Inc.,O=Trend Micro\, Inc.,L=Da’an District,ST=Taipei City,C=TW

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21-09-2022 00:00

Not After

21-11-2033 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23-03-2022 00:00

Not After

22-03-2037 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-08-2022 00:00

Not After

09-11-2031 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

85:1b:62:8f:03:fe:71:4b:e2:08:53:ac:1b:ce:2b:dd:aa:66:6f:07:93:39:10:f3:71:95:07:15:31:c2:e5:64
Signer

Actual PE Digest

85:1b:62:8f:03:fe:71:4b:e2:08:53:ac:1b:ce:2b:dd:aa:66:6f:07:93:39:10:f3:71:95:07:15:31:c2:e5:64

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

D:\Jenkins\workspace\Titanium\Titanium_17.7\src\build\symbol\Release\x64\TmWin8SdkUtility.pdb

Imports

kernel32

WritePrivateProfileStringW
GetPrivateProfileIntW
GetPrivateProfileStringW
GetPrivateProfileSectionW
GetPrivateProfileSectionNamesW
GetCurrentThreadId
GetVersionExW
LocalAlloc
LocalFree
GetCurrentProcess
GetStringTypeW
EncodePointer
SetLastError
InitializeCriticalSectionAndSpinCount
CreateEventW
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
LCMapStringW
GetCPInfo
SetEvent
ResetEvent
WaitForSingleObjectEx
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
OutputDebugStringW
RtlUnwindEx
InterlockedFlushSList
RtlPcToFileHeader
GetModuleHandleExW
ExitProcess
GetStdHandle
GetFileType
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetFilePointerEx
SetStdHandle
FlushFileBuffers
WriteFile
GetConsoleCP
GetConsoleMode
CreateFileW
WriteConsoleW
GetCurrentProcessId
CloseHandle
FreeLibrary
LoadLibraryW
LoadLibraryExW
GetProcAddress
WideCharToMultiByte
GetLocalTime
GetProcessHeap
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
HeapDestroy
DecodePointer
InitializeCriticalSectionEx
GetLastError
RaiseException
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
MultiByteToWideChar
GetModuleHandleW
GetModuleFileNameW
UnregisterWaitUntilOOBECompleted
RegisterWaitUntilOOBECompleted
SetUnhandledExceptionFilter
OOBEComplete

shlwapi

PathFindFileNameA

advapi32

GetSecurityDescriptorSacl
GetSecurityDescriptorDacl
GetSecurityDescriptorGroup
GetSecurityDescriptorOwner
GetAclInformation
AddAce
InitializeAcl
IsValidSid
GetLengthSid
CopySid
GetSidSubAuthority
InitializeSid
GetSidLengthRequired
RegEnumValueW
RegSetValueExW
RegQueryValueExW
RegEnumKeyExW
RegFlushKey
RegCloseKey
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
RegOpenKeyExW
MakeSelfRelativeSD
GetSecurityDescriptorLength
GetSecurityDescriptorControl
MakeAbsoluteSD
InitializeSecurityDescriptor
SetSecurityDescriptorDacl

Exports

Exports

IsOobeComplete
RegisterOOBECompleted
UnregisterOOBECompleted

Sections

.text
Size: 152KB - Virtual size: 151KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 84KB - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 148B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
yQIRHmxCMLdLbqed/WSCHandler.exe
.exe windows:6 windows x64 arch:x64

e4bf0d4fbf8a4617244a401458d72e9f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

D:\Jenkins\workspace\Titanium\Titanium_17.7\src\build\symbol\Release\x64\WSCHandler.pdb

Imports

kernel32

WideCharToMultiByte
CreateFileW
LoadLibraryW
MultiByteToWideChar
SetDllDirectoryW
OutputDebugStringW
K32GetModuleFileNameExW
GetCurrentProcessId
FreeLibrary
VirtualQuery
VirtualProtect
GetSystemInfo
GetFullPathNameW
WaitForSingleObject
LoadLibraryExA
OpenProcess
GetModuleFileNameW
CloseHandle
GetProcessHeap
GetProcAddress
GetModuleHandleW
LoadLibraryExW
Sleep
LocalAlloc
LocalFree
GetCurrentProcess
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetCurrentThreadId
SetLastError
InitializeCriticalSectionAndSpinCount
SetEvent
ResetEvent
WaitForSingleObjectEx
CreateEventW
QueryPerformanceCounter
GetSystemTimeAsFileTime
InitializeSListHead
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
IsProcessorFeaturePresent
TerminateProcess
FormatMessageW
CreateEventA
OpenEventW
GetTickCount
GetTempPathW
GetSystemDirectoryW
DeleteCriticalSection
HeapDestroy
HeapAlloc
RaiseException
HeapReAlloc
GetLastError
HeapSize
InitializeCriticalSectionEx
HeapFree

user32

RegisterWindowMessageW
FindWindowW
PostMessageW

shell32

ShellExecuteW

ole32

CoUninitialize
CoInitialize

wintrust

WinVerifyTrust
CryptCATCatalogInfoFromContext
CryptCATAdminCalcHashFromFileHandle
CryptCATAdminEnumCatalogFromHash
CryptCATAdminReleaseCatalogContext
WTHelperGetProvSignerFromChain
CryptCATAdminReleaseContext
WTHelperProvDataFromStateData
CryptCATAdminAcquireContext

mfc140u

ord7920
ord2370
ord2212
ord1491
ord265
ord266
ord8409
ord4511
ord1489
ord8084
ord12544
ord8023
ord5183
ord2439
ord12222
ord12223
ord14210
ord7650
ord14216
ord9089
ord4011
ord3949
ord12625
ord7668
ord2011
ord11664
ord11665
ord14088
ord12212
ord7719
ord14288
ord6121
ord14290
ord6123
ord14289
ord6122
ord3731
ord5706
ord11921
ord11929
ord8167
ord10124
ord11933
ord11901
ord5080
ord5363
ord5552
ord9041
ord5339
ord5555
ord5083
ord5229
ord5062
ord7460
ord7461
ord7450
ord5227
ord7922
ord9941
ord8900
ord6614
ord12606
ord4445
ord2178
ord2273
ord7716
ord1450
ord983
ord7393
ord286
ord280
ord1033

comctl32

InitCommonControlsEx

rpcrt4

UuidToStringA
RpcStringFreeA

msvcp140

??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
?read@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEAD_J@Z
?seekg@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@_JH@Z
?tellg@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA?AV?$fpos@U_Mbstatet@@@2@XZ
?_Xlength_error@std@@YAXPEBD@Z
?_Xout_of_range@std@@YAXPEBD@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
??Bid@locale@std@@QEAA_KXZ
?always_noconv@codecvt_base@std@@QEBA_NXZ
?_Fiopen@std@@YAPEAU_iobuf@@PEB_WHH@Z
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
??1_Lockit@std@@QEAA@XZ
??0_Lockit@std@@QEAA@H@Z
_Mtx_unlock
?_Throw_C_error@std@@YAXH@Z
_Mtx_init_in_situ
_Mtx_destroy_in_situ
_Mtx_lock

vcruntime140_1

__CxxFrameHandler4

vcruntime140

__std_terminate
__std_exception_copy
__std_exception_destroy
_purecall
wcsstr
__std_type_info_compare
memset
__C_specific_handler
__CxxFrameHandler3
__current_exception
__current_exception_context
memmove
strstr
strchr
memcpy
_CxxThrowException

api-ms-win-crt-heap-l1-1-0

free
_set_new_mode
malloc
calloc
_recalloc

api-ms-win-crt-runtime-l1-1-0

_set_app_type
_invalid_parameter_noinfo
_seh_filter_exe
_configure_wide_argv
_initialize_wide_environment
_get_wide_winmain_command_line
_initterm
_initterm_e
exit
_invalid_parameter_noinfo_noreturn
_cexit
_c_exit
_register_thread_local_exe_atexit_callback
_initialize_onexit_table
_register_onexit_function
_crt_atexit
terminate
strerror
_exit
_errno

api-ms-win-crt-convert-l1-1-0

atoi
_itow_s
_wtoi
atof

api-ms-win-crt-stdio-l1-1-0

fflush
__stdio_common_vsnprintf_s
__stdio_common_vfprintf
ungetc
fgetc
setvbuf
fsetpos
_fseeki64
__stdio_common_vswprintf_s
_set_fmode
__stdio_common_vsprintf
fgetpos
fwrite
_get_stream_buffer_pointers
fclose
fputc
fread
__p__commode
__acrt_iob_func

api-ms-win-crt-string-l1-1-0

wcscat_s
wcspbrk
strncpy
toupper
isdigit
wcsnlen
isalpha
tolower
strcmp
wcscpy_s
strncmp
wcsncpy
wcsncpy_s
isspace
isalnum
_wcslwr_s
strncpy_s

api-ms-win-crt-math-l1-1-0

__setusermatherr
ceil
ceilf
floor

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

api-ms-win-crt-filesystem-l1-1-0

_lock_file
_wsplitpath
_unlock_file
_waccess

api-ms-win-crt-utility-l1-1-0

qsort

crypt32

CryptMsgGetParam
CertCloseStore
CryptMsgClose
CertGetNameStringW
CertFreeCertificateContext
CertFindCertificateInStore
CryptQueryObject

advapi32

RegSetValueExW
RegQueryValueExW
RegEnumKeyExW
RegFlushKey
RegCloseKey
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
RegOpenKeyExW
RegEnumValueW
GetSidLengthRequired
InitializeSid
GetSidSubAuthority
CopySid
GetLengthSid
IsValidSid
InitializeAcl
AddAce
GetAclInformation
GetSecurityDescriptorOwner
GetSecurityDescriptorGroup
GetSecurityDescriptorDacl
SetSecurityDescriptorDacl
GetSecurityDescriptorSacl
MakeSelfRelativeSD
GetSecurityDescriptorLength
GetSecurityDescriptorControl
MakeAbsoluteSD
InitializeSecurityDescriptor
ConvertStringSecurityDescriptorToSecurityDescriptorW
OpenSCManagerW
CloseServiceHandle
OpenServiceW
StartServiceW
QueryServiceStatus
CryptDestroyHash
CryptHashData
CryptCreateHash
CryptDecrypt
CryptEncrypt
CryptDestroyKey
CryptDeriveKey
CryptReleaseContext
CryptAcquireContextW

Sections

.text
Size: 211KB - Virtual size: 211KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 74KB - Virtual size: 73KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 390KB - Virtual size: 390KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
yQIRHmxCMLdLbqed/api-ms-win-crt-convert-l1-1-0.dll
.dll windows:10 windows x64 arch:x64

Code Sign

33:00:00:02:32:41:fb:59:99:6d:cc:4d:ff:00:00:00:00:02:32
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

02-05-2019 21:24

Not After

02-05-2020 21:24

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19-10-2011 18:41

Not After

19-10-2026 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

80:62:3d:dc:86:9f:01:a3:46:09:a7:6c:fe:b7:84:a8:86:2b:9c:63:2b:de:f6:8e:d6:1a:50:db:77:3f:08:3b
Signer

Actual PE Digest

80:62:3d:dc:86:9f:01:a3:46:09:a7:6c:fe:b7:84:a8:86:2b:9c:63:2b:de:f6:8e:d6:1a:50:db:77:3f:08:3b

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

api-ms-win-crt-convert-l1-1-0.pdb

Exports

Exports

__toascii
_atodbl
_atodbl_l
_atof_l
_atoflt
_atoflt_l
_atoi64
_atoi64_l
_atoi_l
_atol_l
_atoldbl
_atoldbl_l
_atoll_l
_ecvt
_ecvt_s
_fcvt
_fcvt_s
_gcvt
_gcvt_s
_i64toa
_i64toa_s
_i64tow
_i64tow_s
_itoa
_itoa_s
_itow
_itow_s
_ltoa
_ltoa_s
_ltow
_ltow_s
_strtod_l
_strtof_l
_strtoi64
_strtoi64_l
_strtoimax_l
_strtol_l
_strtold_l
_strtoll_l
_strtoui64
_strtoui64_l
_strtoul_l
_strtoull_l
_strtoumax_l
_ui64toa
_ui64toa_s
_ui64tow
_ui64tow_s
_ultoa
_ultoa_s
_ultow
_ultow_s
_wcstod_l
_wcstof_l
_wcstoi64
_wcstoi64_l
_wcstoimax_l
_wcstol_l
_wcstold_l
_wcstoll_l
_wcstombs_l
_wcstombs_s_l
_wcstoui64
_wcstoui64_l
_wcstoul_l
_wcstoull_l
_wcstoumax_l
_wctomb_l
_wctomb_s_l
_wtof
_wtof_l
_wtoi
_wtoi64
_wtoi64_l
_wtoi_l
_wtol
_wtol_l
_wtoll
_wtoll_l
atof
atoi
atol
atoll
btowc
c16rtomb
c32rtomb
mbrtoc16
mbrtoc32
mbrtowc
mbsrtowcs
mbsrtowcs_s
mbstowcs
mbstowcs_s
mbtowc
strtod
strtof
strtoimax
strtol
strtold
strtoll
strtoul
strtoull
strtoumax
wcrtomb
wcrtomb_s
wcsrtombs
wcsrtombs_s
wcstod
wcstof
wcstoimax
wcstol
wcstold
wcstoll
wcstombs
wcstombs_s
wcstoul
wcstoull
wcstoumax
wctob
wctomb
wctomb_s
wctrans

Sections

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1008B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
yQIRHmxCMLdLbqed/api-ms-win-crt-environment-l1-1-0.dll
.dll windows:10 windows x64 arch:x64

Code Sign

33:00:00:02:32:41:fb:59:99:6d:cc:4d:ff:00:00:00:00:02:32
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

02-05-2019 21:24

Not After

02-05-2020 21:24

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19-10-2011 18:41

Not After

19-10-2026 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

58:2a:bc:47:3b:ed:d9:0f:bd:7a:41:5e:84:81:cc:f1:e2:dd:6c:2b:3f:60:b2:70:77:a5:e4:ac:88:04:35:25
Signer

Actual PE Digest

58:2a:bc:47:3b:ed:d9:0f:bd:7a:41:5e:84:81:cc:f1:e2:dd:6c:2b:3f:60:b2:70:77:a5:e4:ac:88:04:35:25

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

api-ms-win-crt-environment-l1-1-0.pdb

Exports

Exports

__p__environ
__p__wenviron
_dupenv_s
_putenv
_putenv_s
_searchenv
_searchenv_s
_wdupenv_s
_wgetcwd
_wgetdcwd
_wgetenv
_wgetenv_s
_wputenv
_wputenv_s
_wsearchenv
_wsearchenv_s
getenv
getenv_s

Sections

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1008B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
yQIRHmxCMLdLbqed/api-ms-win-crt-filesystem-l1-1-0.dll
.dll windows:10 windows x64 arch:x64

Code Sign

33:00:00:02:32:41:fb:59:99:6d:cc:4d:ff:00:00:00:00:02:32
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

02-05-2019 21:24

Not After

02-05-2020 21:24

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19-10-2011 18:41

Not After

19-10-2026 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

bb:c1:54:00:1a:77:0e:6b:55:66:45:0c:15:68:14:cc:ce:4d:46:b5:07:10:9f:8a:8e:f1:2e:c8:e7:6c:b5:78
Signer

Actual PE Digest

bb:c1:54:00:1a:77:0e:6b:55:66:45:0c:15:68:14:cc:ce:4d:46:b5:07:10:9f:8a:8e:f1:2e:c8:e7:6c:b5:78

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

api-ms-win-crt-filesystem-l1-1-0.pdb

Exports

Exports

_access
_access_s
_chdir
_chdrive
_chmod
_findclose
_findfirst32
_findfirst32i64
_findfirst64
_findfirst64i32
_findnext32
_findnext32i64
_findnext64
_findnext64i32
_fstat32
_fstat32i64
_fstat64
_fstat64i32
_fullpath
_getdiskfree
_getdrive
_getdrives
_lock_file
_makepath
_makepath_s
_mkdir
_rmdir
_splitpath
_splitpath_s
_stat32
_stat32i64
_stat64
_stat64i32
_umask
_umask_s
_unlink
_unlock_file
_waccess
_waccess_s
_wchdir
_wchmod
_wfindfirst32
_wfindfirst32i64
_wfindfirst64
_wfindfirst64i32
_wfindnext32
_wfindnext32i64
_wfindnext64
_wfindnext64i32
_wfullpath
_wmakepath
_wmakepath_s
_wmkdir
_wremove
_wrename
_wrmdir
_wsplitpath
_wsplitpath_s
_wstat32
_wstat32i64
_wstat64
_wstat64i32
_wunlink
remove
rename

Sections

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1008B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
yQIRHmxCMLdLbqed/api-ms-win-crt-heap-l1-1-0.dll
.dll windows:10 windows x64 arch:x64

Code Sign

33:00:00:02:32:41:fb:59:99:6d:cc:4d:ff:00:00:00:00:02:32
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

02-05-2019 21:24

Not After

02-05-2020 21:24

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19-10-2011 18:41

Not After

19-10-2026 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

b4:19:fb:4b:c8:ab:68:db:dc:e7:af:60:56:c4:96:53:2a:af:ff:12:53:54:c2:76:3d:26:cf:c3:1b:cf:9a:9f
Signer

Actual PE Digest

b4:19:fb:4b:c8:ab:68:db:dc:e7:af:60:56:c4:96:53:2a:af:ff:12:53:54:c2:76:3d:26:cf:c3:1b:cf:9a:9f

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

api-ms-win-crt-heap-l1-1-0.pdb

Exports

Exports

_aligned_free
_aligned_malloc
_aligned_msize
_aligned_offset_malloc
_aligned_offset_realloc
_aligned_offset_recalloc
_aligned_realloc
_aligned_recalloc
_callnewh
_calloc_base
_expand
_free_base
_get_heap_handle
_heapchk
_heapmin
_heapwalk
_malloc_base
_msize
_query_new_handler
_query_new_mode
_realloc_base
_recalloc
_set_new_mode
calloc
free
malloc
realloc

Sections

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1008B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
yQIRHmxCMLdLbqed/api-ms-win-crt-locale-l1-1-0.dll
.dll windows:10 windows x64 arch:x64

Code Sign

33:00:00:02:32:41:fb:59:99:6d:cc:4d:ff:00:00:00:00:02:32
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

02-05-2019 21:24

Not After

02-05-2020 21:24

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19-10-2011 18:41

Not After

19-10-2026 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

f6:f6:af:d0:f4:88:a1:1b:0c:c8:7e:c9:61:65:0b:7f:17:b7:57:1c:00:aa:b9:cf:b3:33:3f:3e:67:e5:b7:80
Signer

Actual PE Digest

f6:f6:af:d0:f4:88:a1:1b:0c:c8:7e:c9:61:65:0b:7f:17:b7:57:1c:00:aa:b9:cf:b3:33:3f:3e:67:e5:b7:80

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

api-ms-win-crt-locale-l1-1-0.pdb

Exports

Exports

___lc_codepage_func
___lc_collate_cp_func
___lc_locale_name_func
___mb_cur_max_func
___mb_cur_max_l_func
__initialize_lconv_for_unsigned_char
__pctype_func
__pwctype_func
_configthreadlocale
_create_locale
_free_locale
_get_current_locale
_getmbcp
_lock_locales
_setmbcp
_unlock_locales
_wcreate_locale
_wsetlocale
localeconv
setlocale

Sections

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1008B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
yQIRHmxCMLdLbqed/api-ms-win-crt-math-l1-1-0.dll
.dll windows:10 windows x64 arch:x64

Code Sign

33:00:00:02:32:41:fb:59:99:6d:cc:4d:ff:00:00:00:00:02:32
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

02-05-2019 21:24

Not After

02-05-2020 21:24

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19-10-2011 18:41

Not After

19-10-2026 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

a3:2d:4a:c7:d3:09:a4:52:74:03:ab:4e:29:62:d3:3c:84:a4:13:85:38:49:fd:f5:09:1c:15:07:ad:2a:bb:31
Signer

Actual PE Digest

a3:2d:4a:c7:d3:09:a4:52:74:03:ab:4e:29:62:d3:3c:84:a4:13:85:38:49:fd:f5:09:1c:15:07:ad:2a:bb:31

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

api-ms-win-crt-math-l1-1-0.pdb

Exports

Exports

_Cbuild
_Cmulcc
_Cmulcr
_FCbuild
_FCmulcc
_FCmulcr
_LCbuild
_LCmulcc
_LCmulcr
__setusermatherr
_cabs
_chgsign
_chgsignf
_copysign
_copysignf
_d_int
_dclass
_dexp
_dlog
_dnorm
_dpcomp
_dpoly
_dscale
_dsign
_dsin
_dtest
_dunscale
_except1
_fd_int
_fdclass
_fdexp
_fdlog
_fdnorm
_fdopen
_fdpcomp
_fdpoly
_fdscale
_fdsign
_fdsin
_fdtest
_fdunscale
_finite
_finitef
_fpclass
_fpclassf
_get_FMA3_enable
_hypot
_hypotf
_isnan
_isnanf
_j0
_j1
_jn
_ld_int
_ldclass
_ldexp
_ldlog
_ldpcomp
_ldpoly
_ldscale
_ldsign
_ldsin
_ldtest
_ldunscale
_logb
_logbf
_nextafter
_nextafterf
_scalb
_scalbf
_set_FMA3_enable
_y0
_y1
_yn
acos
acosf
acosh
acoshf
acoshl
asin
asinf
asinh
asinhf
asinhl
atan
atan2
atan2f
atanf
atanh
atanhf
atanhl
cabs
cabsf
cabsl
cacos
cacosf
cacosh
cacoshf
cacoshl
cacosl
carg
cargf
cargl
casin
casinf
casinh
casinhf
casinhl
casinl
catan
catanf
catanh
catanhf
catanhl
catanl
cbrt
cbrtf
cbrtl
ccos
ccosf
ccosh
ccoshf
ccoshl
ccosl
ceil
ceilf
cexp
cexpf
cexpl
cimag
cimagf
cimagl
clog
clog10
clog10f
clog10l
clogf
clogl
conj
conjf
conjl
copysign
copysignf
copysignl
cos
cosf
cosh
coshf
cpow
cpowf
cpowl
cproj
cprojf
cprojl
creal
crealf
creall
csin
csinf
csinh
csinhf
csinhl
csinl
csqrt
csqrtf
csqrtl
ctan
ctanf
ctanh
ctanhf
ctanhl
ctanl
erf
erfc
erfcf
erfcl
erff
erfl
exp
exp2
exp2f
exp2l
expf
expm1
expm1f
expm1l
fabs
fdim
fdimf
fdiml
floor
floorf
fma
fmaf
fmal
fmax
fmaxf
fmaxl
fmin
fminf
fminl
fmod
fmodf
frexp
hypot
ilogb
ilogbf
ilogbl
ldexp
lgamma
lgammaf
lgammal
llrint
llrintf
llrintl
llround
llroundf
llroundl
log
log10
log10f
log1p
log1pf
log1pl
log2
log2f
log2l
logb
logbf
logbl
logf
lrint
lrintf
lrintl
lround
lroundf
lroundl
modf
modff
nan
nanf
nanl
nearbyint
nearbyintf
nearbyintl
nextafter
nextafterf
nextafterl
nexttoward
nexttowardf
nexttowardl
norm
normf
norml
pow
powf
remainder
remainderf
remainderl
remquo
remquof
remquol
rint
rintf
rintl
round
roundf
roundl
scalbln
scalblnf
scalblnl
scalbn
scalbnf
scalbnl
sin
sinf
sinh
sinhf
sqrt
sqrtf
tan
tanf
tanh
tanhf
tgamma
tgammaf
tgammal
trunc
truncf
truncl

Sections

.rdata
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1008B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
yQIRHmxCMLdLbqed/api-ms-win-crt-runtime-l1-1-0.dll
.dll windows:10 windows x64 arch:x64

Code Sign

33:00:00:02:32:41:fb:59:99:6d:cc:4d:ff:00:00:00:00:02:32
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

02-05-2019 21:24

Not After

02-05-2020 21:24

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19-10-2011 18:41

Not After

19-10-2026 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0f:cd:89:2b:3a:27:3c:b8:67:7a:8b:1f:e0:61:64:14:01:fa:c1:76:93:4a:88:f2:f7:6f:7f:8e:62:c9:2e:c7
Signer

Actual PE Digest

0f:cd:89:2b:3a:27:3c:b8:67:7a:8b:1f:e0:61:64:14:01:fa:c1:76:93:4a:88:f2:f7:6f:7f:8e:62:c9:2e:c7

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

api-ms-win-crt-runtime-l1-1-0.pdb

Exports

Exports

_Exit
__doserrno
__fpe_flt_rounds
__fpecode
__p___argc
__p___argv
__p___wargv
__p__acmdln
__p__pgmptr
__p__wcmdln
__p__wpgmptr
__pxcptinfoptrs
__sys_errlist
__sys_nerr
__threadhandle
__threadid
__wcserror
__wcserror_s
_assert
_beginthread
_beginthreadex
_c_exit
_cexit
_clearfp
_configure_narrow_argv
_configure_wide_argv
_control87
_controlfp
_controlfp_s
_crt_at_quick_exit
_crt_atexit
_endthread
_endthreadex
_errno
_execute_onexit_table
_exit
_fpieee_flt
_fpreset
_get_doserrno
_get_errno
_get_initial_narrow_environment
_get_initial_wide_environment
_get_invalid_parameter_handler
_get_narrow_winmain_command_line
_get_pgmptr
_get_terminate
_get_thread_local_invalid_parameter_handler
_get_wide_winmain_command_line
_get_wpgmptr
_getdllprocaddr
_getpid
_initialize_narrow_environment
_initialize_onexit_table
_initialize_wide_environment
_initterm
_initterm_e
_invalid_parameter_noinfo
_invalid_parameter_noinfo_noreturn
_invoke_watson
_query_app_type
_register_onexit_function
_register_thread_local_exe_atexit_callback
_resetstkoflw
_seh_filter_dll
_seh_filter_exe
_set_abort_behavior
_set_app_type
_set_controlfp
_set_doserrno
_set_errno
_set_error_mode
_set_invalid_parameter_handler
_set_new_handler
_set_thread_local_invalid_parameter_handler
_seterrormode
_sleep
_statusfp
_strerror
_strerror_s
_wassert
_wcserror
_wcserror_s
_wperror
_wsystem
abort
exit
feclearexcept
fegetenv
fegetexceptflag
fegetround
feholdexcept
fesetenv
fesetexceptflag
fesetround
fetestexcept
perror
quick_exit
raise
set_terminate
signal
strerror
strerror_s
system
terminate

Sections

.rdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1008B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
yQIRHmxCMLdLbqed/api-ms-win-crt-stdio-l1-1-0.dll
.dll windows:10 windows x64 arch:x64

Code Sign

33:00:00:02:32:41:fb:59:99:6d:cc:4d:ff:00:00:00:00:02:32
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

02-05-2019 21:24

Not After

02-05-2020 21:24

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19-10-2011 18:41

Not After

19-10-2026 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

6a:63:92:d7:b5:76:75:f0:10:26:df:0c:be:60:c7:ee:00:33:8b:e9:e3:99:a6:c3:df:9a:3f:67:b2:77:ac:fb
Signer

Actual PE Digest

6a:63:92:d7:b5:76:75:f0:10:26:df:0c:be:60:c7:ee:00:33:8b:e9:e3:99:a6:c3:df:9a:3f:67:b2:77:ac:fb

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

api-ms-win-crt-stdio-l1-1-0.pdb

Exports

Exports

__acrt_iob_func
__p__commode
__p__fmode
__stdio_common_vfprintf
__stdio_common_vfprintf_p
__stdio_common_vfprintf_s
__stdio_common_vfscanf
__stdio_common_vfwprintf
__stdio_common_vfwprintf_p
__stdio_common_vfwprintf_s
__stdio_common_vfwscanf
__stdio_common_vsnprintf_s
__stdio_common_vsnwprintf_s
__stdio_common_vsprintf
__stdio_common_vsprintf_p
__stdio_common_vsprintf_s
__stdio_common_vsscanf
__stdio_common_vswprintf
__stdio_common_vswprintf_p
__stdio_common_vswprintf_s
__stdio_common_vswscanf
_chsize
_chsize_s
_close
_commit
_creat
_dup
_dup2
_eof
_fclose_nolock
_fcloseall
_fflush_nolock
_fgetc_nolock
_fgetchar
_fgetwc_nolock
_fgetwchar
_filelength
_filelengthi64
_fileno
_flushall
_fputc_nolock
_fputchar
_fputwc_nolock
_fputwchar
_fread_nolock
_fread_nolock_s
_fseek_nolock
_fseeki64
_fseeki64_nolock
_fsopen
_ftell_nolock
_ftelli64
_ftelli64_nolock
_fwrite_nolock
_get_fmode
_get_osfhandle
_get_printf_count_output
_get_stream_buffer_pointers
_getc_nolock
_getcwd
_getdcwd
_getmaxstdio
_getw
_getwc_nolock
_getws
_getws_s
_isatty
_kbhit
_locking
_lseek
_lseeki64
_mktemp
_mktemp_s
_open
_open_osfhandle
_pclose
_pipe
_popen
_putc_nolock
_putw
_putwc_nolock
_putws
_read
_rmtmp
_set_fmode
_set_printf_count_output
_setmaxstdio
_setmode
_sopen
_sopen_dispatch
_sopen_s
_tell
_telli64
_tempnam
_ungetc_nolock
_ungetwc_nolock
_wcreat
_wfdopen
_wfopen
_wfopen_s
_wfreopen
_wfreopen_s
_wfsopen
_wmktemp
_wmktemp_s
_wopen
_wpopen
_write
_wsopen
_wsopen_dispatch
_wsopen_s
_wtempnam
_wtmpnam
_wtmpnam_s
clearerr
clearerr_s
fclose
feof
ferror
fflush
fgetc
fgetpos
fgets
fgetwc
fgetws
fopen
fopen_s
fputc
fputs
fputwc
fputws
fread
fread_s
freopen
freopen_s
fseek
fsetpos
ftell
fwrite
getc
getchar
gets
gets_s
getwc
getwchar
putc
putchar
puts
putwc
putwchar
rewind
setbuf
setvbuf
tmpfile
tmpfile_s
tmpnam
tmpnam_s
ungetc
ungetwc

Sections

.rdata
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1008B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
yQIRHmxCMLdLbqed/api-ms-win-crt-string-l1-1-0.dll
.dll windows:10 windows x64 arch:x64

Code Sign

33:00:00:02:32:41:fb:59:99:6d:cc:4d:ff:00:00:00:00:02:32
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

02-05-2019 21:24

Not After

02-05-2020 21:24

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19-10-2011 18:41

Not After

19-10-2026 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

a1:b7:03:30:6e:df:21:d0:97:5b:e2:f9:4c:ce:b4:76:7b:b9:ed:4e:99:b6:6a:e2:07:5f:d3:88:a1:8a:83:c1
Signer

Actual PE Digest

a1:b7:03:30:6e:df:21:d0:97:5b:e2:f9:4c:ce:b4:76:7b:b9:ed:4e:99:b6:6a:e2:07:5f:d3:88:a1:8a:83:c1

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

api-ms-win-crt-string-l1-1-0.pdb

Exports

Exports

__isascii
__iscsym
__iscsymf
__iswcsym
__iswcsymf
__strncnt
__wcsncnt
_isalnum_l
_isalpha_l
_isblank_l
_iscntrl_l
_isctype
_isctype_l
_isdigit_l
_isgraph_l
_isleadbyte_l
_islower_l
_isprint_l
_ispunct_l
_isspace_l
_isupper_l
_iswalnum_l
_iswalpha_l
_iswblank_l
_iswcntrl_l
_iswcsym_l
_iswcsymf_l
_iswctype_l
_iswdigit_l
_iswgraph_l
_iswlower_l
_iswprint_l
_iswpunct_l
_iswspace_l
_iswupper_l
_iswxdigit_l
_isxdigit_l
_memccpy
_memicmp
_memicmp_l
_strcoll_l
_strdup
_stricmp
_stricmp_l
_stricoll
_stricoll_l
_strlwr
_strlwr_l
_strlwr_s
_strlwr_s_l
_strncoll
_strncoll_l
_strnicmp
_strnicmp_l
_strnicoll
_strnicoll_l
_strnset
_strnset_s
_strrev
_strset
_strset_s
_strupr
_strupr_l
_strupr_s
_strupr_s_l
_strxfrm_l
_tolower
_tolower_l
_toupper
_toupper_l
_towlower_l
_towupper_l
_wcscoll_l
_wcsdup
_wcsicmp
_wcsicmp_l
_wcsicoll
_wcsicoll_l
_wcslwr
_wcslwr_l
_wcslwr_s
_wcslwr_s_l
_wcsncoll
_wcsncoll_l
_wcsnicmp
_wcsnicmp_l
_wcsnicoll
_wcsnicoll_l
_wcsnset
_wcsnset_s
_wcsrev
_wcsset
_wcsset_s
_wcsupr
_wcsupr_l
_wcsupr_s
_wcsupr_s_l
_wcsxfrm_l
_wctype
is_wctype
isalnum
isalpha
isblank
iscntrl
isdigit
isgraph
isleadbyte
islower
isprint
ispunct
isspace
isupper
iswalnum
iswalpha
iswascii
iswblank
iswcntrl
iswctype
iswdigit
iswgraph
iswlower
iswprint
iswpunct
iswspace
iswupper
iswxdigit
isxdigit
mblen
mbrlen
memcpy_s
memmove_s
memset
strcat
strcat_s
strcmp
strcoll
strcpy
strcpy_s
strcspn
strlen
strncat
strncat_s
strncmp
strncpy
strncpy_s
strnlen
strpbrk
strspn
strtok
strtok_s
strxfrm
tolower
toupper
towctrans
towlower
towupper
wcscat
wcscat_s
wcscmp
wcscoll
wcscpy
wcscpy_s
wcscspn
wcslen
wcsncat
wcsncat_s
wcsncmp
wcsncpy
wcsncpy_s
wcsnlen
wcspbrk
wcsspn
wcstok
wcstok_s
wcsxfrm
wctype
wmemcpy_s
wmemmove_s

Sections

.rdata
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1008B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
yQIRHmxCMLdLbqed/api-ms-win-crt-time-l1-1-0.dll
.dll windows:10 windows x64 arch:x64

Code Sign

33:00:00:02:32:41:fb:59:99:6d:cc:4d:ff:00:00:00:00:02:32
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

02-05-2019 21:24

Not After

02-05-2020 21:24

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19-10-2011 18:41

Not After

19-10-2026 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

64:5b:95:5b:97:93:e7:dd:51:a5:85:7b:74:4e:fe:d4:1b:d6:bd:06:36:f1:35:88:6c:d8:1b:d6:f9:61:f5:03
Signer

Actual PE Digest

64:5b:95:5b:97:93:e7:dd:51:a5:85:7b:74:4e:fe:d4:1b:d6:bd:06:36:f1:35:88:6c:d8:1b:d6:f9:61:f5:03

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

api-ms-win-crt-time-l1-1-0.pdb

Exports

Exports

_Getdays
_Getmonths
_Gettnames
_Strftime
_W_Getdays
_W_Getmonths
_W_Gettnames
_Wcsftime
__daylight
__dstbias
__timezone
__tzname
_ctime32
_ctime32_s
_ctime64
_ctime64_s
_difftime32
_difftime64
_ftime32
_ftime32_s
_ftime64
_ftime64_s
_futime32
_futime64
_get_daylight
_get_dstbias
_get_timezone
_get_tzname
_getsystime
_gmtime32
_gmtime32_s
_gmtime64
_gmtime64_s
_localtime32
_localtime32_s
_localtime64
_localtime64_s
_mkgmtime32
_mkgmtime64
_mktime32
_mktime64
_setsystime
_strdate
_strdate_s
_strftime_l
_strtime
_strtime_s
_time32
_time64
_timespec32_get
_timespec64_get
_tzset
_utime32
_utime64
_wasctime
_wasctime_s
_wcsftime_l
_wctime32
_wctime32_s
_wctime64
_wctime64_s
_wstrdate
_wstrdate_s
_wstrtime
_wstrtime_s
_wutime32
_wutime64
asctime
asctime_s
clock
strftime
wcsftime

Sections

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1008B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
yQIRHmxCMLdLbqed/api-ms-win-crt-utility-l1-1-0.dll
.dll windows:10 windows x64 arch:x64

Code Sign

33:00:00:02:32:41:fb:59:99:6d:cc:4d:ff:00:00:00:00:02:32
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

02-05-2019 21:24

Not After

02-05-2020 21:24

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19-10-2011 18:41

Not After

19-10-2026 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

57:aa:19:92:5b:c6:81:2a:56:7b:79:60:85:9d:9f:f2:4f:06:22:74:33:52:53:41:f1:c1:2d:c5:11:31:2a:24
Signer

Actual PE Digest

57:aa:19:92:5b:c6:81:2a:56:7b:79:60:85:9d:9f:f2:4f:06:22:74:33:52:53:41:f1:c1:2d:c5:11:31:2a:24

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

api-ms-win-crt-utility-l1-1-0.pdb

Exports

Exports

_abs64
_byteswap_uint64
_byteswap_ulong
_byteswap_ushort
_lfind
_lfind_s
_lrotl
_lrotr
_lsearch
_lsearch_s
_rotl
_rotl64
_rotr
_rotr64
_swab
abs
bsearch
bsearch_s
div
imaxabs
imaxdiv
labs
ldiv
llabs
lldiv
qsort
qsort_s
rand
rand_s
srand

Sections

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1008B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
yQIRHmxCMLdLbqed/boost_date_time-vc142-mt-x64-1_72.dll
.dll windows:6 windows x64 arch:x64

22109e70f23b821fd1a98fb95c61bd51

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

lstrlenA
UpdateProcThreadAttribute
FileTimeToSystemTime
LoadLibraryA
lstrcpyA
K32EnumProcesses
GetProcAddress
InitializeProcThreadAttributeList
GetModuleHandleW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
GlobalMemoryStatusEx
OutputDebugStringA
InitializeSListHead
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
GetCurrentProcess
TerminateProcess

user32

wsprintfA

ws2_32

WSACleanup

crypt32

CertCreateCertificateContext

vcruntime140_1

__CxxFrameHandler4

vcruntime140

memset
__C_specific_handler
__std_exception_destroy
__std_exception_copy
_purecall
__std_terminate
_CxxThrowException
__std_type_info_destroy_list
memcpy

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vsprintf

api-ms-win-crt-runtime-l1-1-0

_register_onexit_function
_invalid_parameter_noinfo_noreturn
_initterm
_initterm_e
_seh_filter_dll
_configure_narrow_argv
_initialize_narrow_environment
_initialize_onexit_table
_crt_atexit
_execute_onexit_table
_cexit

api-ms-win-crt-heap-l1-1-0

_callnewh
malloc
free

Exports

Exports

??0?$constrained_value@V?$simple_exception_policy@G$00$0M@Ubad_month@gregorian@boost@@@CV@boost@@@CV@boost@@QEAA@G@Z
??0?$constrained_value@V?$simple_exception_policy@G$0A@$05Ubad_weekday@gregorian@boost@@@CV@boost@@@CV@boost@@QEAA@G@Z
??0greg_month@gregorian@boost@@QEAA@G@Z
??0greg_month@gregorian@boost@@QEAA@W4months_of_year@date_time@2@@Z
??0greg_weekday@gregorian@boost@@QEAA@G@Z
??4?$constrained_value@V?$simple_exception_policy@G$00$0M@Ubad_month@gregorian@boost@@@CV@boost@@@CV@boost@@QEAAAEAV012@$$QEAV012@@Z
??4?$constrained_value@V?$simple_exception_policy@G$00$0M@Ubad_month@gregorian@boost@@@CV@boost@@@CV@boost@@QEAAAEAV012@AEBV012@@Z
??4?$constrained_value@V?$simple_exception_policy@G$00$0M@Ubad_month@gregorian@boost@@@CV@boost@@@CV@boost@@QEAAAEAV012@G@Z
??4?$constrained_value@V?$simple_exception_policy@G$0A@$05Ubad_weekday@gregorian@boost@@@CV@boost@@@CV@boost@@QEAAAEAV012@$$QEAV012@@Z
??4?$constrained_value@V?$simple_exception_policy@G$0A@$05Ubad_weekday@gregorian@boost@@@CV@boost@@@CV@boost@@QEAAAEAV012@AEBV012@@Z
??4?$constrained_value@V?$simple_exception_policy@G$0A@$05Ubad_weekday@gregorian@boost@@@CV@boost@@@CV@boost@@QEAAAEAV012@G@Z
??4greg_month@gregorian@boost@@QEAAAEAV012@$$QEAV012@@Z
??4greg_month@gregorian@boost@@QEAAAEAV012@AEBV012@@Z
??4greg_weekday@gregorian@boost@@QEAAAEAV012@$$QEAV012@@Z
??4greg_weekday@gregorian@boost@@QEAAAEAV012@AEBV012@@Z
??B?$constrained_value@V?$simple_exception_policy@G$00$0M@Ubad_month@gregorian@boost@@@CV@boost@@@CV@boost@@QEBAGXZ
??B?$constrained_value@V?$simple_exception_policy@G$0A@$05Ubad_weekday@gregorian@boost@@@CV@boost@@@CV@boost@@QEBAGXZ
??Bgreg_month@gregorian@boost@@QEBAGXZ
?as_enum@greg_month@gregorian@boost@@QEBA?AW4months_of_year@date_time@3@XZ
?as_enum@greg_weekday@gregorian@boost@@QEBA?AW4weekdays@date_time@3@XZ
?as_long_string@greg_month@gregorian@boost@@QEBAPEBDD@Z
?as_long_string@greg_month@gregorian@boost@@QEBAPEB_W_W@Z
?as_number@greg_month@gregorian@boost@@QEBAGXZ
?as_number@greg_weekday@gregorian@boost@@QEBAGXZ
?as_short_string@greg_month@gregorian@boost@@QEBAPEBDD@Z
?as_short_string@greg_month@gregorian@boost@@QEBAPEB_W_W@Z
?assign@?$constrained_value@V?$simple_exception_policy@G$00$0M@Ubad_month@gregorian@boost@@@CV@boost@@@CV@boost@@AEAAXG@Z
?assign@?$constrained_value@V?$simple_exception_policy@G$0A@$05Ubad_weekday@gregorian@boost@@@CV@boost@@@CV@boost@@AEAAXG@Z
?max@?$constrained_value@V?$simple_exception_policy@G$00$0M@Ubad_month@gregorian@boost@@@CV@boost@@@CV@boost@@SAGXZ
?max@?$constrained_value@V?$simple_exception_policy@G$0A@$05Ubad_weekday@gregorian@boost@@@CV@boost@@@CV@boost@@SAGXZ
?min@?$constrained_value@V?$simple_exception_policy@G$00$0M@Ubad_month@gregorian@boost@@@CV@boost@@@CV@boost@@SAGXZ
?min@?$constrained_value@V?$simple_exception_policy@G$0A@$05Ubad_weekday@gregorian@boost@@@CV@boost@@@CV@boost@@SAGXZ

Sections

.text
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
yQIRHmxCMLdLbqed/boost_system-vc142-mt-x64-1_72.dll
.dll windows:6 windows x64 arch:x64

420f1b1eba5d9f1de2ccc2b639e132cd

Code Sign

0e:a0:fe:4d:fb:74:cc:64:bc:32:14:31:03:c2:7c:8b
Certificate

Issuer

CN=DigiCert High Assurance Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

12-07-2019 00:00

Not After

10-07-2020 12:00

Subject

CN=Trend Micro\, Inc.,OU=Taipei\, TW,O=Trend Micro\, Inc.,L=Taipei,C=TW

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

Issuer

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22-10-2014 00:00

Not After

22-10-2024 00:00

Subject

CN=DigiCert Timestamp Responder,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

02:c4:d1:e5:8a:4a:68:0c:56:8d:a3:04:7e:7e:4d:5f
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

11-02-2011 12:00

Not After

10-02-2026 12:00

Subject

CN=DigiCert High Assurance Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10-11-2006 00:00

Not After

10-11-2021 00:00

Subject

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageEmailProtection
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

39:ca:b0:9c:cb:7a:e5:de:f9:27:42:47:6b:13:28:c5
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

15-05-2018 00:00

Not After

14-05-2021 23:59

Subject

CN=Trend Micro\, Inc.,O=Trend Micro\, Inc.,L=Taipei,C=TW

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10-12-2013 00:00

Not After

09-12-2023 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:cd:3f:85:68:ae:76:c6:1b:b0:fe:71:60:cc:a7:6d
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-10-2019 00:00

Not After

17-10-2030 00:00

Subject

CN=TIMESTAMP-SHA256-2019-10-15,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07-01-2016 12:00

Not After

07-01-2031 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

af:1a:11:f2:18:0a:5c:7e:60:ad:86:af:54:92:09:ec:2a:96:6f:4f:84:55:ed:40:bb:8c:59:9f:61:02:6b:80
Signer

Actual PE Digest

af:1a:11:f2:18:0a:5c:7e:60:ad:86:af:54:92:09:ec:2a:96:6f:4f:84:55:ed:40:bb:8c:59:9f:61:02:6b:80

Digest Algorithm

sha256

PE Digest Matches

true

eb:2f:33:d2:59:2e:dc:7e:37:02:45:42:a3:7d:77:28:a7:92:d9:99
Signer

Actual PE Digest

eb:2f:33:d2:59:2e:dc:7e:37:02:45:42:a3:7d:77:28:a7:92:d9:99

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\src\a\3rd_party\boost\boost_1_72_0\bin.v2\libs\system\build\msvc-14.2\release\address-model-64\debug-store-database\debug-symbols-on\threading-multi\boost_system-vc142-mt-x64-1_72.pdb

Imports

kernel32

QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
DisableThreadLibraryCalls
InitializeSListHead
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent

vcruntime140

__C_specific_handler
__std_type_info_destroy_list
memset

api-ms-win-crt-runtime-l1-1-0

_initterm
_initterm_e
_seh_filter_dll
_configure_narrow_argv
_initialize_narrow_environment
_initialize_onexit_table
_execute_onexit_table
_cexit

Exports

Exports

?dummy_exported_function@system@boost@@YAXXZ

Sections

.text
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 200B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 372B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 20B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
yQIRHmxCMLdLbqed/boost_system_vc140_mt_1_59.dll
.dll windows:6 windows x64 arch:x64

c52645c0abf42253bf0eddca18d3f133

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

FileTimeToSystemTime
LoadLibraryA
K32EnumProcesses
GlobalMemoryStatusEx
UpdateProcThreadAttribute
GetComputerNameA
GetModuleHandleW
InitializeProcThreadAttributeList
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
GetCurrentProcess
TerminateProcess

ws2_32

WSACleanup

crypt32

CertCreateCertificateContext

vcruntime140_1

__CxxFrameHandler4

vcruntime140

__std_type_info_destroy_list
memset
__std_exception_destroy
__std_exception_copy
_purecall
__std_terminate
_CxxThrowException
memcpy
__C_specific_handler

api-ms-win-crt-runtime-l1-1-0

_invalid_parameter_noinfo_noreturn
_initterm
_initterm_e
_seh_filter_dll
_configure_narrow_argv
_initialize_narrow_environment
_initialize_onexit_table
_register_onexit_function
_execute_onexit_table
_cexit
_crt_atexit

api-ms-win-crt-heap-l1-1-0

_callnewh
malloc
free

Exports

Exports

??0?$constrained_value@V?$simple_exception_policy@G$00$0M@Ubad_month@gregorian@boost@@@CV@boost@@@CV@boost@@QEAA@G@Z
??0?$constrained_value@V?$simple_exception_policy@G$0A@$05Ubad_weekday@gregorian@boost@@@CV@boost@@@CV@boost@@QEAA@G@Z
??0greg_month@gregorian@boost@@QEAA@G@Z
??0greg_month@gregorian@boost@@QEAA@W4months_of_year@date_time@2@@Z
??0greg_weekday@gregorian@boost@@QEAA@G@Z
??4?$constrained_value@V?$simple_exception_policy@G$00$0M@Ubad_month@gregorian@boost@@@CV@boost@@@CV@boost@@QEAAAEAV012@$$QEAV012@@Z
??4?$constrained_value@V?$simple_exception_policy@G$00$0M@Ubad_month@gregorian@boost@@@CV@boost@@@CV@boost@@QEAAAEAV012@AEBV012@@Z
??4?$constrained_value@V?$simple_exception_policy@G$00$0M@Ubad_month@gregorian@boost@@@CV@boost@@@CV@boost@@QEAAAEAV012@G@Z
??4?$constrained_value@V?$simple_exception_policy@G$0A@$05Ubad_weekday@gregorian@boost@@@CV@boost@@@CV@boost@@QEAAAEAV012@$$QEAV012@@Z
??4?$constrained_value@V?$simple_exception_policy@G$0A@$05Ubad_weekday@gregorian@boost@@@CV@boost@@@CV@boost@@QEAAAEAV012@AEBV012@@Z
??4?$constrained_value@V?$simple_exception_policy@G$0A@$05Ubad_weekday@gregorian@boost@@@CV@boost@@@CV@boost@@QEAAAEAV012@G@Z
??4greg_month@gregorian@boost@@QEAAAEAV012@$$QEAV012@@Z
??4greg_month@gregorian@boost@@QEAAAEAV012@AEBV012@@Z
??4greg_weekday@gregorian@boost@@QEAAAEAV012@$$QEAV012@@Z
??4greg_weekday@gregorian@boost@@QEAAAEAV012@AEBV012@@Z
??B?$constrained_value@V?$simple_exception_policy@G$00$0M@Ubad_month@gregorian@boost@@@CV@boost@@@CV@boost@@QEBAGXZ
??B?$constrained_value@V?$simple_exception_policy@G$0A@$05Ubad_weekday@gregorian@boost@@@CV@boost@@@CV@boost@@QEBAGXZ
??Bgreg_month@gregorian@boost@@QEBAGXZ
?as_enum@greg_month@gregorian@boost@@QEBA?AW4months_of_year@date_time@3@XZ
?as_enum@greg_weekday@gregorian@boost@@QEBA?AW4weekdays@date_time@3@XZ
?as_long_string@greg_month@gregorian@boost@@QEBAPEBDD@Z
?as_long_string@greg_month@gregorian@boost@@QEBAPEB_W_W@Z
?as_number@greg_month@gregorian@boost@@QEBAGXZ
?as_number@greg_weekday@gregorian@boost@@QEBAGXZ
?as_short_string@greg_month@gregorian@boost@@QEBAPEBDD@Z
?as_short_string@greg_month@gregorian@boost@@QEBAPEB_W_W@Z
?assign@?$constrained_value@V?$simple_exception_policy@G$00$0M@Ubad_month@gregorian@boost@@@CV@boost@@@CV@boost@@AEAAXG@Z
?assign@?$constrained_value@V?$simple_exception_policy@G$0A@$05Ubad_weekday@gregorian@boost@@@CV@boost@@@CV@boost@@AEAAXG@Z
?max@?$constrained_value@V?$simple_exception_policy@G$00$0M@Ubad_month@gregorian@boost@@@CV@boost@@@CV@boost@@SAGXZ
?max@?$constrained_value@V?$simple_exception_policy@G$0A@$05Ubad_weekday@gregorian@boost@@@CV@boost@@@CV@boost@@SAGXZ
?min@?$constrained_value@V?$simple_exception_policy@G$00$0M@Ubad_month@gregorian@boost@@@CV@boost@@@CV@boost@@SAGXZ
?min@?$constrained_value@V?$simple_exception_policy@G$0A@$05Ubad_weekday@gregorian@boost@@@CV@boost@@@CV@boost@@SAGXZ

Sections

.text
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 428B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
yQIRHmxCMLdLbqed/boost_thread-vc142-mt-x64-1_72.dll
.dll windows:6 windows x64 arch:x64

154a3f076cafdd0276c86152b4900ff9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

msvcp140

?_Xlength_error@std@@YAXPEBD@Z

kernel32

RtlLookupFunctionEntry
TerminateProcess
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsDebuggerPresent
CloseHandle
DuplicateHandle
GetLastError
QueryPerformanceCounter
QueryPerformanceFrequency
HeapAlloc
HeapFree
GetProcessHeap
SetEvent
ResetEvent
ReleaseSemaphore
WaitForSingleObjectEx
WaitForMultipleObjectsEx
CreateEventA
OpenEventA
SetWaitableTimer
Sleep
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
ResumeThread
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemInfo
GetSystemTimeAsFileTime
GetLogicalProcessorInformation
GetModuleHandleA
GetProcAddress
CreateWaitableTimerA
GetComputerNameA
GetTickCount64
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
CreateEventW
GetModuleHandleW
RtlCaptureContext
RtlVirtualUnwind
InitializeSListHead

vcruntime140

_purecall
__std_terminate
__std_exception_copy
__std_exception_destroy
_CxxThrowException
__std_type_info_destroy_list
memcpy
memmove
memset
__current_exception
__current_exception_context
__C_specific_handler

vcruntime140_1

__CxxFrameHandler4

api-ms-win-crt-runtime-l1-1-0

_initterm
_beginthreadex
terminate
_invalid_parameter_noinfo_noreturn
_initterm_e
strerror
_seh_filter_dll
_configure_narrow_argv
_initialize_narrow_environment
_initialize_onexit_table
_register_onexit_function
_execute_onexit_table
_crt_atexit
_cexit

api-ms-win-crt-heap-l1-1-0

_callnewh
malloc
free

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vfprintf
__acrt_iob_func

api-ms-win-crt-string-l1-1-0

strncpy

Exports

Exports

??0disable_interruption@this_thread@boost@@QEAA@XZ
??0handle_manager@win32@detail@boost@@QEAA@PEAX@Z
??0handle_manager@win32@detail@boost@@QEAA@XZ
??0restore_interruption@this_thread@boost@@QEAA@AEAVdisable_interruption@12@@Z
??0thread@boost@@AEAA@V?$intrusive_ptr@Uthread_data_base@detail@boost@@@1@@Z
??0thread@boost@@QEAA@$$QEAV01@@Z
??0thread@boost@@QEAA@XZ
??0thread_data_base@detail@boost@@QEAA@XZ
??1disable_interruption@this_thread@boost@@QEAA@XZ
??1handle_manager@win32@detail@boost@@QEAA@XZ
??1restore_interruption@this_thread@boost@@QEAA@XZ
??1thread@boost@@QEAA@XZ
??1thread_data_base@detail@boost@@UEAA@XZ
??4handle_manager@win32@detail@boost@@QEAAAEAV0123@PEAX@Z
??4thread@boost@@QEAAAEAV01@$$QEAV01@@Z
??7handle_manager@win32@detail@boost@@QEBA_NXZ
??8thread@boost@@QEBA_NAEBV01@@Z
??9thread@boost@@QEBA_NAEBV01@@Z
??Bhandle_manager@win32@detail@boost@@QEBAPEAXXZ
??_7thread_data_base@detail@boost@@6B@
?add_thread_exit_function@detail@boost@@YAXPEAUthread_exit_function_base@12@@Z
?cleanup@handle_manager@win32@detail@boost@@AEAAXXZ
?detach@thread@boost@@QEAAXXZ
?do_try_join_until@thread@boost@@AEAA_NAEBUmono_platform_timepoint@detail@2@@Z
?do_try_join_until_noexcept@thread@boost@@AEAA_NAEBUmono_platform_timepoint@detail@2@AEA_N@Z
?duplicate@handle_manager@win32@detail@boost@@QEBAPEAXXZ
?future_category@boost@@YAAEBVerror_category@system@1@XZ
?get_current_thread_data@detail@boost@@YAPEAUthread_data_base@12@XZ
?get_id@this_thread@boost@@YA?AVid@thread@2@XZ
?get_id@thread@boost@@QEBA?AVid@12@XZ
?get_thread_info@thread@boost@@AEBA?AV?$intrusive_ptr@Uthread_data_base@detail@boost@@@2@XZ
?get_tss_data@detail@boost@@YAPEAXPEBX@Z
?gettickcount64@win32@detail@boost@@3P6A_KXZEA
?hardware_concurrency@thread@boost@@SAIXZ
?interrupt@thread@boost@@QEAAXXZ
?interrupt@thread_data_base@detail@boost@@QEAAXXZ
?interruptible_wait@this_thread@boost@@YA_NPEAXAEBUmono_platform_timepoint@detail@2@@Z
?interruption_enabled@this_thread@boost@@YA_NXZ
?interruption_point@this_thread@boost@@YAXXZ
?interruption_requested@this_thread@boost@@YA_NXZ
?interruption_requested@thread@boost@@QEBA_NXZ
?join@thread@boost@@QEAAXXZ
?join_noexcept@thread@boost@@AEAA_NXZ
?joinable@thread@boost@@QEBA_NXZ
?make_ready_at_thread_exit@thread_data_base@detail@boost@@QEAAXV?$shared_ptr@Ushared_state_base@detail@boost@@@3@@Z
?make_thread_info@thread@boost@@CA?AV?$intrusive_ptr@Uthread_data_base@detail@boost@@@2@P6AXXZ@Z
?native_handle@thread@boost@@QEAAPEAXXZ
?non_interruptible_wait@no_interruption_point@this_thread@boost@@YA_NPEAXAEBUmono_platform_timepoint@detail@3@@Z
?notify_all_at_thread_exit@boost@@YAXAEAVcondition_variable@1@V?$unique_lock@Vmutex@boost@@@1@@Z
?notify_all_at_thread_exit@thread_data_base@detail@boost@@UEAAXPEAVcondition_variable@3@PEAVmutex@3@@Z
?on_process_enter@boost@@YAXXZ
?on_process_exit@boost@@YAXXZ
?on_thread_enter@boost@@YAXXZ
?on_thread_exit@boost@@YAXXZ
?physical_concurrency@thread@boost@@SAIXZ
?release@handle_manager@win32@detail@boost@@QEAAPEAXXZ
?release_handle@thread@boost@@AEAAXXZ
?set_tss_data@detail@boost@@YAXPEBXP6AXP6AXPEAX@Z1@Z21_N@Z
?sleep@thread@boost@@SAXAEBVptime@posix_time@2@@Z
?start_thread@thread@boost@@AEAAXAEBVthread_attributes@2@@Z
?start_thread@thread@boost@@AEAAXXZ
?start_thread_noexcept@thread@boost@@AEAA_NAEBVthread_attributes@2@@Z
?start_thread_noexcept@thread@boost@@AEAA_NXZ
?swap@handle_manager@win32@detail@boost@@QEAAXAEAV1234@@Z
?swap@thread@boost@@QEAAXAEAV12@@Z
?timed_join@thread@boost@@QEAA_NAEBVptime@posix_time@2@@Z
?yield@this_thread@boost@@YAXXZ
?yield@thread@boost@@SAXXZ

Sections

.text
Size: 44KB - Virtual size: 43KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 29KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 584B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
yQIRHmxCMLdLbqed/error.bin
yQIRHmxCMLdLbqed/msvcp140.dll
.dll windows:6 windows x64 arch:x64

7be75bce9bc33e1e12ce35a06ab9327d

Code Sign

33:00:00:00:e7:1a:a6:e3:0b:5e:b4:0a:54:00:00:00:00:00:e7
Certificate

Issuer

CN=Microsoft Windows Third Party Component CA 2013,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

02-02-2023 22:33

Not After

31-01-2024 22:33

Subject

CN=Microsoft Windows Software Compatibility Publisher,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

33:00:00:00:14:9d:fb:c3:1f:1f:63:c3:10:00:00:00:00:00:14
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

01-05-2013 20:44

Not After

01-05-2028 20:54

Subject

CN=Microsoft Windows Third Party Component CA 2013,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:03:3e:63:3a:86:bf:41:73:d7:e0:00:00:00:00:03:3e
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16-02-2023 20:10

Not After

31-01-2024 20:10

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08-07-2011 20:59

Not After

08-07-2026 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

5d:ba:22:eb:89:15:a9:8a:ef:df:26:29:72:03:ea:ff:de:93:59:71:6f:e0:e4:65:b0:2e:dc:e4:ba:b5:45:73
Signer

Actual PE Digest

5d:ba:22:eb:89:15:a9:8a:ef:df:26:29:72:03:ea:ff:de:93:59:71:6f:e0:e4:65:b0:2e:dc:e4:ba:b5:45:73

Digest Algorithm

sha256

PE Digest Matches

true

5d:ba:22:eb:89:15:a9:8a:ef:df:26:29:72:03:ea:ff:de:93:59:71:6f:e0:e4:65:b0:2e:dc:e4:ba:b5:45:73
Signer

Actual PE Digest

5d:ba:22:eb:89:15:a9:8a:ef:df:26:29:72:03:ea:ff:de:93:59:71:6f:e0:e4:65:b0:2e:dc:e4:ba:b5:45:73

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\msvcp140.amd64.pdb

Imports

vcruntime140

__current_exception_context
__C_specific_handler
memcmp
__uncaught_exceptions
__uncaught_exception
memchr
memmove
__std_terminate
_purecall
memset
memcpy
_CxxThrowException
__AdjustPointer
__current_exception
__std_exception_destroy
__std_type_info_destroy_list
__std_exception_copy

vcruntime140_1

__CxxFrameHandler4

api-ms-win-crt-heap-l1-1-0

malloc
_callnewh
calloc
free
realloc

api-ms-win-crt-runtime-l1-1-0

abort
_configure_narrow_argv
_initterm
_cexit
_initialize_narrow_environment
_invalid_parameter_noinfo_noreturn
_endthreadex
_beginthreadex
terminate
_set_new_handler
_seh_filter_dll
_initterm_e
_initialize_onexit_table
_execute_onexit_table
_crt_atexit
_register_onexit_function
_errno

api-ms-win-crt-string-l1-1-0

isdigit
isspace
isxdigit
iswxdigit
__strncnt
wcsnlen
iswspace
isupper
wcscpy_s
iswalnum
iswdigit
isalnum
islower
_wcsdup
tolower
strcspn

api-ms-win-crt-locale-l1-1-0

setlocale
__pctype_func
___lc_locale_name_func
_lock_locales
___lc_codepage_func
___mb_cur_max_func
___lc_collate_cp_func
_unlock_locales
localeconv

api-ms-win-crt-stdio-l1-1-0

fputs
fgetwc
fseek
_fsopen
_wfsopen
fputwc
ungetwc
__stdio_common_vsprintf_s
__acrt_iob_func
_get_stream_buffer_pointers
fclose
fflush
fgetc
fgetpos
fputc
fread
fsetpos
_fseeki64
fwrite
setvbuf
ungetc

api-ms-win-crt-filesystem-l1-1-0

_wremove
_wchdir
_unlock_file
_wrmdir
_wrename
_lock_file

api-ms-win-crt-time-l1-1-0

_W_Getmonths
_W_Getdays
_Gettnames
_Getmonths
_W_Gettnames
_Wcsftime
_Getdays
_Strftime

api-ms-win-crt-environment-l1-1-0

_wgetcwd

api-ms-win-crt-math-l1-1-0

ldexp
powf
log
frexp
pow
copysign
logf
copysignf

api-ms-win-crt-convert-l1-1-0

btowc
strtod
strtof

api-ms-win-crt-utility-l1-1-0

rand_s

kernel32

LeaveCriticalSection
RaiseException
CompareStringEx
MultiByteToWideChar
GetCPInfo
InitializeSListHead
WideCharToMultiByte
LCMapStringEx
GetLocaleInfoEx
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
CreateDirectoryW
CreateFileW
FindClose
FindFirstFileExW
FindNextFileW
GetDiskFreeSpaceExW
GetFileAttributesExW
GetCurrentProcessId
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetFileInformationByHandleEx
GetProcAddress
GetModuleHandleW
CloseThreadpoolWait
SetThreadpoolWait
CreateThreadpoolWait
CloseThreadpoolTimer
WaitForThreadpoolTimerCallbacks
SetThreadpoolTimer
CreateThreadpoolTimer
GetTickCount64
GetSystemTimeAsFileTime
GetCurrentProcessorNumber
FlushProcessWriteBuffers
CreateSemaphoreExW
CreateEventExW
GetTempPathW
InitOnceExecuteOnce
GetStringTypeW
DeleteCriticalSection
InitializeCriticalSectionEx
RtlPcToFileHeader
EnterCriticalSection
QueryPerformanceFrequency
QueryPerformanceCounter
GetModuleHandleExW
CloseThreadpoolWork
SubmitThreadpoolWork
CreateThreadpoolWork
FreeLibraryWhenCallbackReturns
IsProcessorFeaturePresent
RtlCaptureStackBackTrace
TryAcquireSRWLockExclusive
InitializeSRWLock
GetNativeSystemInfo
GetExitCodeThread
GetCurrentThreadId
SwitchToThread
Sleep
WaitForSingleObjectEx
SleepConditionVariableSRW
WakeAllConditionVariable
WakeConditionVariable
InitializeConditionVariable
FormatMessageA
LocalFree
DecodePointer
EncodePointer
CreateSymbolicLinkW
CreateHardLinkW
CopyFileW
GetLastError
CloseHandle
AreFileApisANSI
SetFileTime
SetFileInformationByHandle
SetFileAttributesW
GetFileInformationByHandle

Exports

Exports

??$_Getvals@_W@?$time_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@IEAAX_WAEBV_Locinfo@1@@Z
??$_Getvals@_W@?$time_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@IEAAX_WAEBV_Locinfo@1@@Z
??$_Getvals@_W@?$time_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@IEAAX_WAEBV_Locinfo@1@@Z
??0?$_Yarn@D@std@@QEAA@AEBV01@@Z
??0?$_Yarn@D@std@@QEAA@PEBD@Z
??0?$_Yarn@D@std@@QEAA@XZ
??0?$_Yarn@G@std@@QEAA@AEBV01@@Z
??0?$_Yarn@G@std@@QEAA@PEBG@Z
??0?$_Yarn@G@std@@QEAA@XZ
??0?$_Yarn@_W@std@@QEAA@AEBV01@@Z
??0?$_Yarn@_W@std@@QEAA@PEB_W@Z
??0?$_Yarn@_W@std@@QEAA@XZ
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
??0?$basic_ios@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??0?$basic_ios@GU?$char_traits@G@std@@@std@@IEAA@XZ
??0?$basic_ios@GU?$char_traits@G@std@@@std@@QEAA@PEAV?$basic_streambuf@GU?$char_traits@G@std@@@1@@Z
??0?$basic_ios@_WU?$char_traits@_W@std@@@std@@IEAA@XZ
??0?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEAA@PEAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@@Z
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@IEAA@$$QEAV01@@Z
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??0?$basic_iostream@GU?$char_traits@G@std@@@std@@IEAA@$$QEAV01@@Z
??0?$basic_iostream@GU?$char_traits@G@std@@@std@@QEAA@PEAV?$basic_streambuf@GU?$char_traits@G@std@@@1@@Z
??0?$basic_iostream@_WU?$char_traits@_W@std@@@std@@IEAA@$$QEAV01@@Z
??0?$basic_iostream@_WU?$char_traits@_W@std@@@std@@QEAA@PEAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@@Z
??0?$basic_istream@DU?$char_traits@D@std@@@std@@IEAA@$$QEAV01@@Z
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N1@Z
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@W4_Uninitialized@1@@Z
??0?$basic_istream@GU?$char_traits@G@std@@@std@@IEAA@$$QEAV01@@Z
??0?$basic_istream@GU?$char_traits@G@std@@@std@@QEAA@PEAV?$basic_streambuf@GU?$char_traits@G@std@@@1@_N1@Z
??0?$basic_istream@GU?$char_traits@G@std@@@std@@QEAA@PEAV?$basic_streambuf@GU?$char_traits@G@std@@@1@_N@Z
??0?$basic_istream@GU?$char_traits@G@std@@@std@@QEAA@W4_Uninitialized@1@@Z
??0?$basic_istream@_WU?$char_traits@_W@std@@@std@@IEAA@$$QEAV01@@Z
??0?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAA@PEAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@_N1@Z
??0?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAA@PEAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@_N@Z
??0?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAA@W4_Uninitialized@1@@Z
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@IEAA@$$QEAV01@@Z
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@W4_Uninitialized@1@_N@Z
??0?$basic_ostream@GU?$char_traits@G@std@@@std@@IEAA@$$QEAV01@@Z
??0?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAA@PEAV?$basic_streambuf@GU?$char_traits@G@std@@@1@_N@Z
??0?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAA@W4_Uninitialized@1@_N@Z
??0?$basic_ostream@_WU?$char_traits@_W@std@@@std@@IEAA@$$QEAV01@@Z
??0?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAA@PEAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@_N@Z
??0?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAA@W4_Uninitialized@1@_N@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@AEBV01@@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@W4_Uninitialized@1@@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
??0?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAA@AEBV01@@Z
??0?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAA@W4_Uninitialized@1@@Z
??0?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAA@XZ
??0?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAA@AEBV01@@Z
??0?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAA@W4_Uninitialized@1@@Z
??0?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAA@XZ
??0?$codecvt@DDU_Mbstatet@@@std@@QEAA@AEBV_Locinfo@1@_K@Z
??0?$codecvt@DDU_Mbstatet@@@std@@QEAA@_K@Z
??0?$codecvt@GDU_Mbstatet@@@std@@QEAA@AEBV_Locinfo@1@_K@Z
??0?$codecvt@GDU_Mbstatet@@@std@@QEAA@_K@Z
??0?$codecvt@_SDU_Mbstatet@@@std@@QEAA@AEBV_Locinfo@1@KW4_Codecvt_mode@1@_K@Z
??0?$codecvt@_SDU_Mbstatet@@@std@@QEAA@AEBV_Locinfo@1@_K@Z
??0?$codecvt@_SDU_Mbstatet@@@std@@QEAA@_K@Z
??0?$codecvt@_UDU_Mbstatet@@@std@@QEAA@AEBV_Locinfo@1@KW4_Codecvt_mode@1@_K@Z
??0?$codecvt@_UDU_Mbstatet@@@std@@QEAA@AEBV_Locinfo@1@_K@Z
??0?$codecvt@_UDU_Mbstatet@@@std@@QEAA@_K@Z
??0?$codecvt@_WDU_Mbstatet@@@std@@QEAA@AEBV_Locinfo@1@_K@Z
??0?$codecvt@_WDU_Mbstatet@@@std@@QEAA@_K@Z
??0?$ctype@D@std@@QEAA@AEBV_Locinfo@1@_K@Z
??0?$ctype@D@std@@QEAA@PEBF_N_K@Z
??0?$ctype@G@std@@QEAA@AEBV_Locinfo@1@_K@Z
??0?$ctype@G@std@@QEAA@_K@Z
??0?$ctype@_W@std@@QEAA@AEBV_Locinfo@1@_K@Z
??0?$ctype@_W@std@@QEAA@_K@Z
??0?$num_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QEAA@AEBV_Locinfo@1@_K@Z
??0?$num_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QEAA@_K@Z
??0?$num_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QEAA@AEBV_Locinfo@1@_K@Z
??0?$num_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QEAA@_K@Z
??0?$num_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@QEAA@AEBV_Locinfo@1@_K@Z
??0?$num_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@QEAA@_K@Z
??0?$num_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QEAA@AEBV_Locinfo@1@_K@Z
??0?$num_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QEAA@_K@Z
??0?$num_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QEAA@AEBV_Locinfo@1@_K@Z
??0?$num_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QEAA@_K@Z
??0?$num_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@QEAA@AEBV_Locinfo@1@_K@Z
??0?$num_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@QEAA@_K@Z
??0?$time_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@IEAA@PEBD_K@Z
??0?$time_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QEAA@AEBV_Locinfo@1@_K@Z
??0?$time_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QEAA@_K@Z
??0?$time_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@IEAA@PEBD_K@Z
??0?$time_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QEAA@AEBV_Locinfo@1@_K@Z
??0?$time_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QEAA@_K@Z
??0?$time_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@IEAA@PEBD_K@Z
??0?$time_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@QEAA@AEBV_Locinfo@1@_K@Z
??0?$time_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@QEAA@_K@Z
??0?$time_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QEAA@AEBV_Locinfo@1@_K@Z
??0?$time_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QEAA@_K@Z
??0?$time_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@IEAA@PEBD_K@Z
??0?$time_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QEAA@AEBV_Locinfo@1@_K@Z
??0?$time_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QEAA@_K@Z
??0?$time_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@IEAA@PEBD_K@Z
??0?$time_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@QEAA@AEBV_Locinfo@1@_K@Z
??0?$time_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@QEAA@_K@Z
??0Init@ios_base@std@@QEAA@XZ
??0_Facet_base@std@@QEAA@AEBV01@@Z
??0_Facet_base@std@@QEAA@XZ
??0_Init_locks@std@@QEAA@XZ
??0_Locimp@locale@std@@AEAA@AEBV012@@Z
??0_Locimp@locale@std@@AEAA@_N@Z
??0_Locinfo@std@@QEAA@HPEBD@Z
??0_Locinfo@std@@QEAA@PEBD@Z
??0_Lockit@std@@QEAA@H@Z
??0_Lockit@std@@QEAA@XZ
??0_Timevec@std@@QEAA@AEBV01@@Z
??0_Timevec@std@@QEAA@PEAX@Z
??0_UShinit@std@@QEAA@XZ
??0_Winit@std@@QEAA@XZ
??0codecvt_base@std@@QEAA@_K@Z
??0ctype_base@std@@QEAA@_K@Z
??0facet@locale@std@@IEAA@_K@Z
??0id@locale@std@@QEAA@_K@Z
??0ios_base@std@@IEAA@XZ
??0task_continuation_context@Concurrency@@AEAA@XZ
??0time_base@std@@QEAA@_K@Z
??1?$_Yarn@D@std@@QEAA@XZ
??1?$_Yarn@G@std@@QEAA@XZ
??1?$_Yarn@_W@std@@QEAA@XZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1?$basic_ios@GU?$char_traits@G@std@@@std@@UEAA@XZ
??1?$basic_ios@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1?$basic_iostream@GU?$char_traits@G@std@@@std@@UEAA@XZ
??1?$basic_iostream@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1?$basic_istream@GU?$char_traits@G@std@@@std@@UEAA@XZ
??1?$basic_istream@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1?$basic_ostream@GU?$char_traits@G@std@@@std@@UEAA@XZ
??1?$basic_ostream@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAA@XZ
??1?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
??1?$codecvt@DDU_Mbstatet@@@std@@MEAA@XZ
??1?$codecvt@GDU_Mbstatet@@@std@@MEAA@XZ
??1?$codecvt@_SDU_Mbstatet@@@std@@MEAA@XZ
??1?$codecvt@_UDU_Mbstatet@@@std@@MEAA@XZ
??1?$codecvt@_WDU_Mbstatet@@@std@@MEAA@XZ
??1?$ctype@D@std@@MEAA@XZ
??1?$ctype@G@std@@MEAA@XZ
??1?$ctype@_W@std@@MEAA@XZ
??1?$num_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@MEAA@XZ
??1?$num_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@MEAA@XZ
??1?$num_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@MEAA@XZ
??1?$num_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@MEAA@XZ
??1?$num_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@MEAA@XZ
??1?$num_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@MEAA@XZ
??1?$time_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@MEAA@XZ
??1?$time_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@MEAA@XZ
??1?$time_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@MEAA@XZ
??1?$time_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@MEAA@XZ
??1?$time_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@MEAA@XZ
??1?$time_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@MEAA@XZ
??1Init@ios_base@std@@QEAA@XZ
??1_Facet_base@std@@UEAA@XZ
??1_Init_locks@std@@QEAA@XZ
??1_Locimp@locale@std@@MEAA@XZ
??1_Locinfo@std@@QEAA@XZ
??1_Lockit@std@@QEAA@XZ
??1_Timevec@std@@QEAA@XZ
??1_UShinit@std@@QEAA@XZ
??1_Winit@std@@QEAA@XZ
??1codecvt_base@std@@UEAA@XZ
??1ctype_base@std@@UEAA@XZ
??1facet@locale@std@@MEAA@XZ
??1ios_base@std@@UEAA@XZ
??1time_base@std@@UEAA@XZ
??4?$_Iosb@H@std@@QEAAAEAV01@$$QEAV01@@Z
??4?$_Iosb@H@std@@QEAAAEAV01@AEBV01@@Z
??4?$_Yarn@D@std@@QEAAAEAV01@AEBV01@@Z
??4?$_Yarn@D@std@@QEAAAEAV01@PEBD@Z
??4?$_Yarn@G@std@@QEAAAEAV01@AEBV01@@Z
??4?$_Yarn@G@std@@QEAAAEAV01@PEBG@Z
??4?$_Yarn@_W@std@@QEAAAEAV01@AEBV01@@Z
??4?$_Yarn@_W@std@@QEAAAEAV01@PEB_W@Z
??4?$basic_iostream@DU?$char_traits@D@std@@@std@@IEAAAEAV01@$$QEAV01@@Z
??4?$basic_iostream@GU?$char_traits@G@std@@@std@@IEAAAEAV01@$$QEAV01@@Z
??4?$basic_iostream@_WU?$char_traits@_W@std@@@std@@IEAAAEAV01@$$QEAV01@@Z
??4?$basic_istream@DU?$char_traits@D@std@@@std@@IEAAAEAV01@$$QEAV01@@Z
??4?$basic_istream@GU?$char_traits@G@std@@@std@@IEAAAEAV01@$$QEAV01@@Z
??4?$basic_istream@_WU?$char_traits@_W@std@@@std@@IEAAAEAV01@$$QEAV01@@Z
??4?$basic_ostream@DU?$char_traits@D@std@@@std@@IEAAAEAV01@$$QEAV01@@Z
??4?$basic_ostream@GU?$char_traits@G@std@@@std@@IEAAAEAV01@$$QEAV01@@Z
??4?$basic_ostream@_WU?$char_traits@_W@std@@@std@@IEAAAEAV01@$$QEAV01@@Z
??4?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAAEAV01@AEBV01@@Z
??4?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAAEAV01@AEBV01@@Z
??4?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAAAEAV01@AEBV01@@Z
??4Init@ios_base@std@@QEAAAEAV012@AEBV012@@Z
??4_Crt_new_delete@std@@QEAAAEAU01@$$QEAU01@@Z
??4_Crt_new_delete@std@@QEAAAEAU01@AEBU01@@Z
??4_Facet_base@std@@QEAAAEAV01@AEBV01@@Z
??4_Init_locks@std@@QEAAAEAV01@AEBV01@@Z
??4_Timevec@std@@QEAAAEAV01@AEBV01@@Z
??4_UShinit@std@@QEAAAEAV01@AEBV01@@Z
??4_Winit@std@@QEAAAEAV01@AEBV01@@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEAF@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEAG@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEAH@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEAI@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEAJ@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEAK@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEAM@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEAN@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEAO@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEAPEAX@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEA_J@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEA_K@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEA_N@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV?$basic_ios@DU?$char_traits@D@std@@@1@AEAV21@@Z@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@AEAF@Z
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@AEAG@Z
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@AEAH@Z
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@AEAI@Z
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@AEAJ@Z
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@AEAK@Z
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@AEAM@Z
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@AEAN@Z
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@AEAO@Z
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@AEAPEAX@Z
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@AEA_J@Z
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@AEA_K@Z
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@AEA_N@Z
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@P6AAEAV?$basic_ios@GU?$char_traits@G@std@@@1@AEAV21@@Z@Z
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@PEAV?$basic_streambuf@GU?$char_traits@G@std@@@1@@Z
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@AEAF@Z
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@AEAG@Z
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@AEAH@Z
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@AEAI@Z
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@AEAJ@Z
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@AEAK@Z
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@AEAM@Z
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@AEAN@Z
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@AEAO@Z
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@AEAPEAX@Z
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@AEA_J@Z
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@AEA_K@Z
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@AEA_N@Z
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@P6AAEAV?$basic_ios@_WU?$char_traits@_W@std@@@1@AEAV21@@Z@Z
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@PEAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@F@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@G@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@H@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@I@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@J@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@K@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@M@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@N@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@O@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV?$basic_ios@DU?$char_traits@D@std@@@1@AEAV21@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@PEBX@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@_J@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@_K@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@_N@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@F@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@G@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@H@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@I@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@J@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@K@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@M@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@N@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@O@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@P6AAEAV?$basic_ios@GU?$char_traits@G@std@@@1@AEAV21@@Z@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@PEAV?$basic_streambuf@GU?$char_traits@G@std@@@1@@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@PEBX@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@_J@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@_K@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@_N@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@F@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@G@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@H@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@I@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@J@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@K@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@M@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@N@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@O@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@P6AAEAV?$basic_ios@_WU?$char_traits@_W@std@@@1@AEAV21@@Z@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@PEAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@PEBX@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@_J@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@_K@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@_N@Z
??7ios_base@std@@QEBA_NXZ
??Bid@locale@std@@QEAA_KXZ
??Bios_base@std@@QEBA_NXZ
??_7?$basic_ios@DU?$char_traits@D@std@@@std@@6B@
??_7?$basic_ios@GU?$char_traits@G@std@@@std@@6B@
??_7?$basic_ios@_WU?$char_traits@_W@std@@@std@@6B@
??_7?$basic_iostream@DU?$char_traits@D@std@@@std@@6B@
??_7?$basic_iostream@GU?$char_traits@G@std@@@std@@6B@
??_7?$basic_iostream@_WU?$char_traits@_W@std@@@std@@6B@
??_7?$basic_istream@DU?$char_traits@D@std@@@std@@6B@
??_7?$basic_istream@GU?$char_traits@G@std@@@std@@6B@
??_7?$basic_istream@_WU?$char_traits@_W@std@@@std@@6B@
??_7?$basic_ostream@DU?$char_traits@D@std@@@std@@6B@
??_7?$basic_ostream@GU?$char_traits@G@std@@@std@@6B@
??_7?$basic_ostream@_WU?$char_traits@_W@std@@@std@@6B@
??_7?$basic_streambuf@DU?$char_traits@D@std@@@std@@6B@
??_7?$basic_streambuf@GU?$char_traits@G@std@@@std@@6B@
??_7?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@6B@
??_7?$codecvt@DDU_Mbstatet@@@std@@6B@
??_7?$codecvt@GDU_Mbstatet@@@std@@6B@
??_7?$codecvt@_SDU_Mbstatet@@@std@@6B@
??_7?$codecvt@_UDU_Mbstatet@@@std@@6B@
??_7?$codecvt@_WDU_Mbstatet@@@std@@6B@
??_7?$ctype@D@std@@6B@
??_7?$ctype@G@std@@6B@
??_7?$ctype@_W@std@@6B@
??_7?$num_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@6B@
??_7?$num_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@6B@
??_7?$num_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@6B@
??_7?$num_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@6B@
??_7?$num_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@6B@
??_7?$num_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@6B@
??_7?$time_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@6B@
??_7?$time_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@6B@
??_7?$time_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@6B@
??_7?$time_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@6B@
??_7?$time_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@6B@
??_7?$time_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@6B@
??_7_Facet_base@std@@6B@
??_7_Locimp@locale@std@@6B@
??_7codecvt_base@std@@6B@
??_7ctype_base@std@@6B@
??_7facet@locale@std@@6B@
??_7ios_base@std@@6B@
??_7time_base@std@@6B@
??_8?$basic_iostream@DU?$char_traits@D@std@@@std@@7B?$basic_istream@DU?$char_traits@D@std@@@1@@
??_8?$basic_iostream@DU?$char_traits@D@std@@@std@@7B?$basic_ostream@DU?$char_traits@D@std@@@1@@
??_8?$basic_iostream@GU?$char_traits@G@std@@@std@@7B?$basic_istream@GU?$char_traits@G@std@@@1@@
??_8?$basic_iostream@GU?$char_traits@G@std@@@std@@7B?$basic_ostream@GU?$char_traits@G@std@@@1@@
??_8?$basic_iostream@_WU?$char_traits@_W@std@@@std@@7B?$basic_istream@_WU?$char_traits@_W@std@@@1@@
??_8?$basic_iostream@_WU?$char_traits@_W@std@@@std@@7B?$basic_ostream@_WU?$char_traits@_W@std@@@1@@
??_8?$basic_istream@DU?$char_traits@D@std@@@std@@7B@
??_8?$basic_istream@GU?$char_traits@G@std@@@std@@7B@
??_8?$basic_istream@_WU?$char_traits@_W@std@@@std@@7B@
??_8?$basic_ostream@DU?$char_traits@D@std@@@std@@7B@
??_8?$basic_ostream@GU?$char_traits@G@std@@@std@@7B@
??_8?$basic_ostream@_WU?$char_traits@_W@std@@@std@@7B@
??_D?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
??_D?$basic_iostream@GU?$char_traits@G@std@@@std@@QEAAXXZ
??_D?$basic_iostream@_WU?$char_traits@_W@std@@@std@@QEAAXXZ
??_D?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAXXZ
??_D?$basic_istream@GU?$char_traits@G@std@@@std@@QEAAXXZ
??_D?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAAXXZ
??_D?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
??_D?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAXXZ
??_D?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAXXZ
??_F?$codecvt@DDU_Mbstatet@@@std@@QEAAXXZ
??_F?$codecvt@GDU_Mbstatet@@@std@@QEAAXXZ
??_F?$codecvt@_SDU_Mbstatet@@@std@@QEAAXXZ
??_F?$codecvt@_UDU_Mbstatet@@@std@@QEAAXXZ
??_F?$codecvt@_WDU_Mbstatet@@@std@@QEAAXXZ
??_F?$ctype@D@std@@QEAAXXZ
??_F?$ctype@G@std@@QEAAXXZ
??_F?$ctype@_W@std@@QEAAXXZ
??_F?$num_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QEAAXXZ
??_F?$num_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QEAAXXZ
??_F?$num_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@QEAAXXZ
??_F?$num_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QEAAXXZ
??_F?$num_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QEAAXXZ
??_F?$num_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@QEAAXXZ
??_F?$time_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QEAAXXZ
??_F?$time_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QEAAXXZ
??_F?$time_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@QEAAXXZ
??_F?$time_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QEAAXXZ
??_F?$time_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QEAAXXZ
??_F?$time_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@QEAAXXZ
??_F_Locinfo@std@@QEAAXXZ
??_F_Timevec@std@@QEAAXXZ
??_Fcodecvt_base@std@@QEAAXXZ
??_Fctype_base@std@@QEAAXXZ
??_Ffacet@locale@std@@QEAAXXZ
??_Fid@locale@std@@QEAAXXZ
??_Ftime_base@std@@QEAAXXZ
?CaptureCallstack@platform@details@Concurrency@@YA_KPEAPEAX_K1@Z
?GetCurrentThreadId@platform@details@Concurrency@@YAJXZ
?GetNextAsyncId@platform@details@Concurrency@@YAIXZ
?ReportUnhandledError@_ExceptionHolder@details@Concurrency@@AEAAXXZ
?_Addcats@_Locinfo@std@@QEAAAEAV12@HPEBD@Z
?_Addfac@_Locimp@locale@std@@AEAAXPEAVfacet@23@_K@Z
?_Addstd@ios_base@std@@SAXPEAV12@@Z
?_Assign@_ContextCallback@details@Concurrency@@AEAAXPEAX@Z
?_Atexit@@YAXP6AXXZ@Z
?_BADOFF@std@@3_JB
?_C_str@?$_Yarn@D@std@@QEBAPEBDXZ
?_C_str@?$_Yarn@G@std@@QEBAPEBGXZ
?_C_str@?$_Yarn@_W@std@@QEBAPEB_WXZ
?_CallInContext@_ContextCallback@details@Concurrency@@QEBAXV?$function@$$A6AXXZ@std@@_N@Z
?_Callfns@ios_base@std@@AEAAXW4event@12@@Z
?_Capture@_ContextCallback@details@Concurrency@@AEAAXXZ
?_Clocptr@_Locimp@locale@std@@0PEAV123@EA
?_Decref@facet@locale@std@@UEAAPEAV_Facet_base@3@XZ
?_Donarrow@?$ctype@G@std@@IEBADGD@Z
?_Donarrow@?$ctype@_W@std@@IEBAD_WD@Z
?_Dowiden@?$ctype@G@std@@IEBAGD@Z
?_Dowiden@?$ctype@_W@std@@IEBA_WD@Z
?_Empty@?$_Yarn@D@std@@QEBA_NXZ
?_Empty@?$_Yarn@G@std@@QEBA_NXZ
?_Empty@?$_Yarn@_W@std@@QEBA_NXZ
?_Execute_once@std@@YAHAEAUonce_flag@1@P6AHPEAX1PEAPEAX@Z1@Z
?_Ffmt@?$num_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@AEBAPEADPEADDH@Z
?_Ffmt@?$num_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@AEBAPEADPEADDH@Z
?_Ffmt@?$num_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@AEBAPEADPEADDH@Z
?_Findarr@ios_base@std@@AEAAAEAU_Iosarray@12@H@Z
?_Fiopen@std@@YAPEAU_iobuf@@PEBDHH@Z
?_Fiopen@std@@YAPEAU_iobuf@@PEBGHH@Z
?_Fiopen@std@@YAPEAU_iobuf@@PEB_WHH@Z
?_Fput@?$num_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@AEBA?AV?$ostreambuf_iterator@DU?$char_traits@D@std@@@2@V32@AEAVios_base@2@DPEBD_K@Z
?_Fput@?$num_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@AEBA?AV?$ostreambuf_iterator@GU?$char_traits@G@std@@@2@V32@AEAVios_base@2@GPEBD_K@Z
?_Fput@?$num_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@AEBA?AV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@2@V32@AEAVios_base@2@_WPEBD_K@Z
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?_Getcat@?$codecvt@GDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?_Getcat@?$codecvt@_SDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?_Getcat@?$codecvt@_UDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?_Getcat@?$codecvt@_WDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?_Getcat@?$ctype@D@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?_Getcat@?$ctype@G@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?_Getcat@?$ctype@_W@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?_Getcat@?$num_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?_Getcat@?$num_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?_Getcat@?$num_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?_Getcat@?$num_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?_Getcat@?$num_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?_Getcat@?$num_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?_Getcat@?$time_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?_Getcat@?$time_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?_Getcat@?$time_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?_Getcat@?$time_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?_Getcat@?$time_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?_Getcat@?$time_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?_Getcat@facet@locale@std@@SA_KPEAPEBV123@PEBV23@@Z
?_Getcoll@_Locinfo@std@@QEBA?AU_Collvec@@XZ
?_Getctype@_Locinfo@std@@QEBA?AU_Ctypevec@@XZ
?_Getcvt@_Locinfo@std@@QEBA?AU_Cvtvec@@XZ
?_Getdateorder@_Locinfo@std@@QEBAHXZ
?_Getdays@_Locinfo@std@@QEBAPEBDXZ
?_Getfalse@_Locinfo@std@@QEBAPEBDXZ
?_Getffld@?$num_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@AEBAHPEADAEAV?$istreambuf_iterator@DU?$char_traits@D@std@@@2@1AEAVios_base@2@PEAH@Z
?_Getffld@?$num_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@AEBAHPEADAEAV?$istreambuf_iterator@GU?$char_traits@G@std@@@2@1AEAVios_base@2@PEAH@Z
?_Getffld@?$num_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@AEBAHPEADAEAV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@2@1AEAVios_base@2@PEAH@Z
?_Getffldx@?$num_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@AEBAHPEADAEAV?$istreambuf_iterator@DU?$char_traits@D@std@@@2@1AEAVios_base@2@PEAH@Z
?_Getffldx@?$num_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@AEBAHPEADAEAV?$istreambuf_iterator@GU?$char_traits@G@std@@@2@1AEAVios_base@2@PEAH@Z
?_Getffldx@?$num_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@AEBAHPEADAEAV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@2@1AEAVios_base@2@PEAH@Z
?_Getfmt@?$time_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@IEBA?AV?$istreambuf_iterator@DU?$char_traits@D@std@@@2@V32@0AEAVios_base@2@AEAHPEAUtm@@PEBD@Z
?_Getfmt@?$time_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@IEBA?AV?$istreambuf_iterator@GU?$char_traits@G@std@@@2@V32@0AEAVios_base@2@AEAHPEAUtm@@PEBD@Z
?_Getfmt@?$time_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@IEBA?AV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@2@V32@0AEAVios_base@2@AEAHPEAUtm@@PEBD@Z
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
?_Getifld@?$num_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@AEBAHPEADAEAV?$istreambuf_iterator@DU?$char_traits@D@std@@@2@1HAEBVlocale@2@@Z
?_Getifld@?$num_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@AEBAHPEADAEAV?$istreambuf_iterator@GU?$char_traits@G@std@@@2@1HAEBVlocale@2@@Z
?_Getifld@?$num_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@AEBAHPEADAEAV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@2@1HAEBVlocale@2@@Z
?_Getint@?$time_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@AEBAHAEAV?$istreambuf_iterator@DU?$char_traits@D@std@@@2@0HHAEAHAEBV?$ctype@D@2@@Z
?_Getint@?$time_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@AEBAHAEAV?$istreambuf_iterator@GU?$char_traits@G@std@@@2@0HHAEAHAEBV?$ctype@G@2@@Z
?_Getint@?$time_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@AEBAHAEAV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@2@0HHAEAHAEBV?$ctype@_W@2@@Z
?_Getlconv@_Locinfo@std@@QEBAPEBUlconv@@XZ
?_Getmonths@_Locinfo@std@@QEBAPEBDXZ
?_Getname@_Locinfo@std@@QEBAPEBDXZ
?_Getptr@_Timevec@std@@QEBAPEAXXZ
?_Gettnames@_Locinfo@std@@QEBA?AV_Timevec@2@XZ
?_Gettrue@_Locinfo@std@@QEBAPEBDXZ
?_Gnavail@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBA_JXZ
?_Gnavail@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBA_JXZ
?_Gnavail@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEBA_JXZ
?_Gndec@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?_Gndec@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAPEAGXZ
?_Gndec@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAAPEA_WXZ
?_Gninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?_Gninc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAPEAGXZ
?_Gninc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAAPEA_WXZ
?_Gnpreinc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?_Gnpreinc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAPEAGXZ
?_Gnpreinc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAAPEA_WXZ
?_Id_cnt@id@locale@std@@0HA
?_Ifmt@?$num_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@AEBAPEADPEADPEBDH@Z
?_Ifmt@?$num_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@AEBAPEADPEADPEBDH@Z
?_Ifmt@?$num_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@AEBAPEADPEADPEBDH@Z
?_Incref@facet@locale@std@@UEAAXXZ
?_Index@ios_base@std@@0HA

Sections

.text
Size: 337KB - Virtual size: 337KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 181KB - Virtual size: 180KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 960B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
yQIRHmxCMLdLbqed/vcruntime140.dll
.dll windows:6 windows x64 arch:x64

7f07fd94e5bb907093556781cc464017

Code Sign

33:00:00:00:e7:1a:a6:e3:0b:5e:b4:0a:54:00:00:00:00:00:e7
Certificate

Issuer

CN=Microsoft Windows Third Party Component CA 2013,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

02-02-2023 22:33

Not After

31-01-2024 22:33

Subject

CN=Microsoft Windows Software Compatibility Publisher,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

33:00:00:00:14:9d:fb:c3:1f:1f:63:c3:10:00:00:00:00:00:14
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

01-05-2013 20:44

Not After

01-05-2028 20:54

Subject

CN=Microsoft Windows Third Party Component CA 2013,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:03:3e:63:3a:86:bf:41:73:d7:e0:00:00:00:00:03:3e
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16-02-2023 20:10

Not After

31-01-2024 20:10

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08-07-2011 20:59

Not After

08-07-2026 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

a7:db:b4:ba:b8:a5:7d:70:a2:02:57:5c:42:c1:5a:eb:68:ac:ec:52:07:b1:ec:4c:29:ac:93:24:9e:d4:f6:8c
Signer

Actual PE Digest

a7:db:b4:ba:b8:a5:7d:70:a2:02:57:5c:42:c1:5a:eb:68:ac:ec:52:07:b1:ec:4c:29:ac:93:24:9e:d4:f6:8c

Digest Algorithm

sha256

PE Digest Matches

true

a7:db:b4:ba:b8:a5:7d:70:a2:02:57:5c:42:c1:5a:eb:68:ac:ec:52:07:b1:ec:4c:29:ac:93:24:9e:d4:f6:8c
Signer

Actual PE Digest

a7:db:b4:ba:b8:a5:7d:70:a2:02:57:5c:42:c1:5a:eb:68:ac:ec:52:07:b1:ec:4c:29:ac:93:24:9e:d4:f6:8c

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdb

Imports

api-ms-win-crt-runtime-l1-1-0

terminate
abort

api-ms-win-crt-heap-l1-1-0

calloc
malloc
free

api-ms-win-crt-string-l1-1-0

strcpy_s
strncmp
wcsncmp

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vsprintf
__stdio_common_vsprintf_s

api-ms-win-crt-convert-l1-1-0

atol

kernel32

GetLastError
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlCaptureContext
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
RtlLookupFunctionEntry
RtlUnwindEx
GetModuleHandleW
GetModuleFileNameW
RtlUnwind
EncodePointer
RaiseException
RtlPcToFileHeader
InterlockedPushEntrySList
InterlockedFlushSList
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
GetProcAddress
SetLastError
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW

Exports

Exports

_CreateFrameInfo
_CxxThrowException
_FindAndUnlinkFrame
_IsExceptionObjectToBeDestroyed
_SetWinRTOutOfMemoryExceptionCallback
__AdjustPointer
__BuildCatchObject
__BuildCatchObjectHelper
__C_specific_handler
__C_specific_handler_noexcept
__CxxDetectRethrow
__CxxExceptionFilter
__CxxFrameHandler
__CxxFrameHandler2
__CxxFrameHandler3
__CxxQueryExceptionSize
__CxxRegisterExceptionObject
__CxxUnregisterExceptionObject
__DestructExceptionObject
__FrameUnwindFilter
__GetPlatformExceptionInfo
__NLG_Dispatch2
__NLG_Return2
__RTCastToVoid
__RTDynamicCast
__RTtypeid
__TypeMatch
__current_exception
__current_exception_context
__intrinsic_setjmp
__intrinsic_setjmpex
__processing_throw
__report_gsfailure
__std_exception_copy
__std_exception_destroy
__std_terminate
__std_type_info_compare
__std_type_info_destroy_list
__std_type_info_hash
__std_type_info_name
__telemetry_main_invoke_trigger
__telemetry_main_return_trigger
__unDName
__unDNameEx
__uncaught_exception
__uncaught_exceptions
__vcrt_GetModuleFileNameW
__vcrt_GetModuleHandleW
__vcrt_InitializeCriticalSectionEx
__vcrt_LoadLibraryExW
_get_purecall_handler
_get_unexpected
_is_exception_typeof
_local_unwind
_purecall
_set_purecall_handler
_set_se_translator
longjmp
memchr
memcmp
memcpy
memmove
memset
set_unexpected
strchr
strrchr
strstr
unexpected
wcschr
wcsrchr
wcsstr

Sections

.text
Size: 63KB - Virtual size: 63KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 976B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 416B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
yQIRHmxCMLdLbqed/vcruntime140_1.dll
.dll windows:6 windows x64 arch:x64

f241ab269df0f49a166138f5cc16a017

Code Sign

33:00:00:00:e5:ce:9e:eb:de:4d:48:35:f4:00:00:00:00:00:e5
Certificate

Issuer

CN=Microsoft Windows Third Party Component CA 2013,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

02-02-2023 22:33

Not After

31-01-2024 22:33

Subject

CN=Microsoft Windows Software Compatibility Publisher,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

33:00:00:00:14:9d:fb:c3:1f:1f:63:c3:10:00:00:00:00:00:14
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

01-05-2013 20:44

Not After

01-05-2028 20:54

Subject

CN=Microsoft Windows Third Party Component CA 2013,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:03:3c:2b:0a:49:d9:d2:91:7e:ac:00:00:00:00:03:3c
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16-02-2023 20:10

Not After

31-01-2024 20:10

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08-07-2011 20:59

Not After

08-07-2026 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

be:da:66:63:55:a1:0a:07:a8:eb:3b:66:cb:9f:52:d5:da:bc:44:ef:48:e5:b5:d0:44:00:61:d0:4f:63:c7:c7
Signer

Actual PE Digest

be:da:66:63:55:a1:0a:07:a8:eb:3b:66:cb:9f:52:d5:da:bc:44:ef:48:e5:b5:d0:44:00:61:d0:4f:63:c7:c7

Digest Algorithm

sha256

PE Digest Matches

true

be:da:66:63:55:a1:0a:07:a8:eb:3b:66:cb:9f:52:d5:da:bc:44:ef:48:e5:b5:d0:44:00:61:d0:4f:63:c7:c7
Signer

Actual PE Digest

be:da:66:63:55:a1:0a:07:a8:eb:3b:66:cb:9f:52:d5:da:bc:44:ef:48:e5:b5:d0:44:00:61:d0:4f:63:c7:c7

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140_1.amd64.pdb

Imports

api-ms-win-crt-runtime-l1-1-0

terminate
abort

api-ms-win-crt-heap-l1-1-0

malloc
calloc
free

api-ms-win-crt-string-l1-1-0

strcpy_s
wcsncmp

vcruntime140

memcpy
__processing_throw
__current_exception
__C_specific_handler
_local_unwind
memmove

kernel32

IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlCaptureContext
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
RtlUnwindEx
RtlLookupFunctionEntry
LoadLibraryExW
GetProcAddress
FreeLibrary
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
EncodePointer
RaiseException
RtlPcToFileHeader
GetLastError
DeleteCriticalSection
SetLastError

Exports

Exports

__CxxFrameHandler4
__NLG_Dispatch2
__NLG_Return2

Sections

.text
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 984B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 324B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Resubmissions

Sharing

General

Malware Config

Signatures

Files

43b6580915f07ded0d4cf8379deb738b

Code Sign

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08Certificate

Extended Key Usages

Key Usages

05:ad:e4:6d:b0:2a:2f:78:46:2a:29:37:27:e8:d8:74Certificate

Extended Key Usages

Key Usages

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5aCertificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

e7:2f:40:60:ba:e3:90:10:31:14:4a:23:3d:d9:38:6d:0a:ed:37:4a:fc:9c:e3:d7:db:88:f4:f1:ed:b7:f0:08Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

shell32

ws2_32

wtsapi32

wintrust

msvcp140

shlwapi

userenv

rpcrt4

boost_date_time-vc142-mt-x64-1_72

winhttp

urlmon

crypt32

bcrypt

vcruntime140_1

vcruntime140

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-environment-l1-1-0

api-ms-win-crt-locale-l1-1-0

ole32

oleaut32

Sections

.text Size: 2.0MB - Virtual size: 2.0MB

.rdata Size: 722KB - Virtual size: 721KB

.data Size: 45KB - Virtual size: 64KB

.pdata Size: 79KB - Virtual size: 79KB

.rsrc Size: 2KB - Virtual size: 2KB

.reloc Size: 23KB - Virtual size: 22KB

d8b33b2494c7e7a4654601b80e6e4ce5

Code Sign

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08Certificate

Extended Key Usages

Key Usages

05:ad:e4:6d:b0:2a:2f:78:46:2a:29:37:27:e8:d8:74Certificate

Extended Key Usages

Key Usages

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5aCertificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

05:ad:e4:6d:b0:2a:2f:78:46:2a:29:37:27:e8:d8:74
Certificate

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

e7:2f:40:60:ba:e3:90:10:31:14:4a:23:3d:d9:38:6d:0a:ed:37:4a:fc:9c:e3:d7:db:88:f4:f1:ed:b7:f0:08
Signer

.text
Size: 2.0MB - Virtual size: 2.0MB

.rdata
Size: 722KB - Virtual size: 721KB

.data
Size: 45KB - Virtual size: 64KB

.pdata
Size: 79KB - Virtual size: 79KB

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 23KB - Virtual size: 22KB

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

05:ad:e4:6d:b0:2a:2f:78:46:2a:29:37:27:e8:d8:74
Certificate

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

f4:34:37:d6:78:83:b7:1b:dc:a6:92:f1:b2:2e:e6:b9:25:f5:3d:99:ef:d2:01:96:32:81:c0:ca:cf:d0:b7:e6
Signer

.text
Size: 246KB - Virtual size: 246KB

.rdata
Size: 108KB - Virtual size: 108KB

.data
Size: 6KB - Virtual size: 20KB

.pdata
Size: 13KB - Virtual size: 13KB

_RDATA
Size: 512B - Virtual size: 148B

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 4KB - Virtual size: 3KB

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

05:ad:e4:6d:b0:2a:2f:78:46:2a:29:37:27:e8:d8:74
Certificate

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

66:00:81:07:0e:e9:c1:0f:21:ef:7a:a2:79:44:be:99:11:2e:d2:58:e5:68:86:42:50:c3:b5:86:4d:03:f5:68
Signer

.text
Size: 594KB - Virtual size: 593KB

.rdata
Size: 208KB - Virtual size: 208KB

.data
Size: 17KB - Virtual size: 25KB

.pdata
Size: 31KB - Virtual size: 31KB

_RDATA
Size: 512B - Virtual size: 148B

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 6KB - Virtual size: 6KB

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

05:ad:e4:6d:b0:2a:2f:78:46:2a:29:37:27:e8:d8:74
Certificate