privateloader | ccsetup623[.]zip

ccsetup623.zip

.zip

CCleaner.exe

.exe windows:6 windows x86 arch:x86

9381e5c599e91d84bb79f422192efbef

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

05:75:e1:f7:ec:9b:d8:a6:7a:3f:61:89:c6:3e:97:bb
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

16/09/2022, 00:00

Not After

17/09/2025, 23:59

Subject

CN=PIRIFORM SOFTWARE LIMITED,O=PIRIFORM SOFTWARE LIMITED,L=London,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

5e:b5:d4:b8:1f:6b:73:fb:7d:ce:e4:d9:02:01:62:55:66:f9:d2:7a:bd:08:75:1c:ad:4b:94:4e:47:4e:bf:a6
Signer

Actual PE Digest

5e:b5:d4:b8:1f:6b:73:fb:7d:ce:e4:d9:02:01:62:55:66:f9:d2:7a:bd:08:75:1c:ad:4b:94:4e:47:4e:bf:a6

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

IMAGE_DLLCHARACTERISTICS_GUARD_CF

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\BUILD\work\1878ef5ed829e50b\bin\CCleaner\Release Static\x86\CCleaner.pdb

Imports

ntdll

NtOpenKey

NtQueryKey

NtDeleteKey

RtlNtStatusToDosError

VerSetConditionMask

NtSetInformationThread

RtlDllShutdownInProgress

RtlUnwind

NtSystemDebugControl

NtClose

bcrypt

BCryptDestroySecret

BCryptOpenAlgorithmProvider

BCryptEncrypt

BCryptGenerateSymmetricKey

BCryptDeriveKey

BCryptGenRandom

BCryptSecretAgreement

BCryptExportKey

BCryptFinalizeKeyPair

BCryptCloseAlgorithmProvider

BCryptGenerateKeyPair

BCryptImportKeyPair

BCryptSetProperty

BCryptDestroyKey

rpcrt4

NdrServerCall2

NdrAsyncClientCall

RpcAsyncCancelCall

RpcAsyncInitializeHandle

UuidCreate

UuidFromStringA

RpcStringFreeA

RpcStringBindingComposeW

RpcBindingFromStringBindingW

RpcStringFreeW

RpcBindingFree

UuidToStringA

NdrAsyncServerCall

UuidToStringW

UuidFromStringW

NdrClientCall2

RpcMgmtEpEltInqDone

RpcIfInqId

RpcMgmtEpEltInqBegin

RpcMgmtEpEltInqNextW

RpcStringBindingParseW

I_RpcBindingInqLocalClientPID

RpcRevertToSelf

RpcImpersonateClient

RpcServerUnregisterIfEx

RpcServerRegisterIf2

RpcObjectSetType

RpcServerUseProtseqEpW

RpcEpRegisterW

RpcEpUnregister

RpcBindingToStringBindingW

RpcAsyncCompleteCall

ws2_32

WSACloseEvent

recvfrom

sendto

__WSAFDIsSet

freeaddrinfo

getaddrinfo

WSASocketW

WSASend

WSARecv

WSAGetOverlappedResult

WSAIoctl

WSAResetEvent

InetNtopW

WSAAddressToStringW

shutdown

socket

setsockopt

getservbyname

inet_ntoa

WSACreateEvent

htonl

WSAGetLastError

WSACleanup

WSAStartup

gethostbyname

select

ntohs

getsockopt

getsockname

ioctlsocket

listen

WSARecvFrom

FreeAddrInfoW

GetAddrInfoW

WSAEnumNetworkEvents

connect

closesocket

bind

accept

WSASetLastError

send

recv

htons

WSAEventSelect

WSAWaitForMultipleEvents

ntohl

gethostname

WSADuplicateSocketW

advapi32

GetSidIdentifierAuthority

EventRegister

EventWriteTransfer

SetSecurityDescriptorDacl

InitializeSecurityDescriptor

CryptEnumProvidersW

CryptSignHashW

CryptDestroyHash

CryptCreateHash

CryptDecrypt

CryptExportKey

CryptGetUserKey

CryptGetProvParam

CryptSetHashParam

CryptDestroyKey

SetThreadToken

RegLoadKeyW

LsaClose

LsaFreeMemory

LsaQueryInformationPolicy

LsaOpenPolicy

GetSidSubAuthority

GetSidSubAuthorityCount

LookupAccountSidW

GetUserNameW

AddAce

InitializeAcl

CopySid

GetLengthSid

TreeSetNamedSecurityInfoW

SetNamedSecurityInfoW

GetSecurityDescriptorControl

GetSecurityDescriptorDacl

GetSecurityDescriptorGroup

GetSecurityDescriptorOwner

ConvertStringSecurityDescriptorToSecurityDescriptorW

ImpersonateSelf

AdjustTokenPrivileges

LookupPrivilegeValueW

QueryServiceStatus

RegDeleteKeyExW

RegEnumKeyW

CryptReleaseContext

CryptGenRandom

CryptAcquireContextW

RegQueryMultipleValuesW

RegDeleteTreeW

RegNotifyChangeKeyValue

RevertToSelf

CloseEventLog

ClearEventLogW

CreateProcessAsUserW

DuplicateTokenEx

CheckTokenMembership

DuplicateToken

ConvertSidToStringSidW

ReportEventW

RegisterEventSourceW

DeregisterEventSource

FreeSid

EqualSid

AllocateAndInitializeSid

OpenThreadToken

RegEnumValueW

GetTokenInformation

OpenProcessToken

ChangeServiceConfigW

DeleteService

ChangeServiceConfig2W

CreateServiceW

EnumDependentServicesW

ControlService

CloseServiceHandle

StartServiceW

QueryServiceStatusEx

OpenServiceW

OpenSCManagerW

RegEnumKeyExW

RegQueryInfoKeyW

RegDeleteKeyW

RegCreateKeyExW

RegQueryValueExW

RegDeleteValueW

RegSetValueExW

RegGetValueW

RegOpenKeyExW

OpenEventLogW

LookupPrivilegeNameW

RegUnLoadKeyW

QueryServiceConfig2W

QueryServiceConfigW

EnumServicesStatusExW

AccessCheck

MapGenericMask

GetFileSecurityW

LookupAccountNameW

EventUnregister

RegQueryValueExA

RegOpenKeyExA

RegEnumKeyExA

SystemFunction036

CryptHashData

CryptGetHashParam

CryptAcquireContextA

IsValidSid

RegCloseKey

dnsapi

DnsFree

DnsQuery_W

DnsQuery_UTF8

winhttp

WinHttpGetIEProxyConfigForCurrentUser

WinHttpGetProxyForUrl

WinHttpConnect

WinHttpSetTimeouts

WinHttpOpen

WinHttpOpenRequest

WinHttpReadData

WinHttpQueryDataAvailable

WinHttpQueryHeaders

WinHttpReceiveResponse

WinHttpWriteData

WinHttpSendRequest

WinHttpSetCredentials

WinHttpAddRequestHeaders

WinHttpSetOption

WinHttpCloseHandle

WinHttpQueryOption

WinHttpCrackUrl

shlwapi

PathAddExtensionW

PathRemoveExtensionW

PathStripToRootW

PathSkipRootW

PathRemoveBackslashW

PathGetDriveNumberW

PathCompactPathW

PathRemoveArgsW

PathUnquoteSpacesW

PathAppendW

PathRemoveFileSpecW

StrRetToStrW

PathCanonicalizeW

PathMatchSpecW

PathFileExistsW

PathIsDirectoryW

PathIsDirectoryEmptyW

PathStripPathW

PathFindFileNameW

PathFindExtensionW

PathCombineW

AssocQueryStringW

PathAddBackslashW

PathIsURLW

PathCreateFromUrlW

PathStripPathA

StrCpyW

PathIsUNCW

PathIsRelativeW

ord487

userenv

ExpandEnvironmentStringsForUserW

DestroyEnvironmentBlock

CreateEnvironmentBlock

kernel32

LockFile

AreFileApisANSI

GetThreadSelectorEntry

VirtualProtectEx

GetThreadContext

LCMapStringW

SetConsoleCtrlHandler

WriteConsoleInputW

SetConsoleCursorPosition

GetConsoleScreenBufferInfo

SetConsoleCursorInfo

GetConsoleCursorInfo

FillConsoleOutputAttribute

FillConsoleOutputCharacterW

ReadConsoleInputW

GetNumberOfConsoleInputEvents

ExitThread

GetStringTypeExW

UnhandledExceptionFilter

CompareStringEx

LCMapStringEx

InitOnceComplete

InitOnceBeginInitialize

CloseThreadpoolWork

GetFullPathNameA

HeapValidate

GetDiskFreeSpaceA

GetFileAttributesA

DeleteFileA

HeapCompact

EncodePointer

InitializeSListHead

InterlockedPopEntrySList

InterlockedPushEntrySList

IsProcessorFeaturePresent

TryAcquireSRWLockExclusive

WakeConditionVariable

WakeAllConditionVariable

SleepConditionVariableSRW

GetStringTypeW

LocalSize

ExitProcess

CreateNamedPipeA

GetEnvironmentStringsW

SwitchToThread

GetNamedPipeHandleStateW

CreateNamedPipeW

ConnectNamedPipe

UnregisterWait

AllocConsole

GlobalSize

GetTempFileNameA

GetTempPathA

GetCurrencyFormatW

CompareStringA

FreeEnvironmentStringsW

GetCommandLineA

SubmitThreadpoolWork

CreateThreadpoolWork

FreeLibraryWhenCallbackReturns

SizeofResource

LockResource

LoadResource

FindResourceW

FindResourceExW

HeapDestroy

HeapSize

HeapReAlloc

HeapFree

HeapAlloc

GetProcessHeap

GetLastError

WideCharToMultiByte

MultiByteToWideChar

GetProcAddress

GetOEMCP

GetCurrentThreadId

FindClose

FindFirstFileW

FindNextFileW

LoadLibraryW

SetDllDirectoryW

EnterCriticalSection

LeaveCriticalSection

DeleteCriticalSection

CloseHandle

CreateEventW

ResetEvent

SetEvent

WaitForSingleObject

InitializeCriticalSectionEx

GlobalFree

GlobalUnlock

GlobalLock

GlobalAlloc

FreeResource

RaiseException

SetLastError

GetModuleFileNameW

FileTimeToSystemTime

CompareFileTime

SystemTimeToFileTime

TzSpecificLocalTimeToSystemTime

TerminateProcess

Sleep

OpenProcess

CreateToolhelp32Snapshot

Process32FirstW

Process32NextW

CreateFileW

GetTickCount64

FreeLibrary

WriteFile

GetCurrentProcessId

GetDiskFreeSpaceExW

GlobalHandle

MulDiv

lstrcmpW

lstrlenW

VerifyVersionInfoW

CompareStringW

lstrcmpiW

DeleteFileW

ReadFile

WaitForMultipleObjects

CreateProcessW

CreateMutexW

GetFileAttributesW

CreatePipe

PeekNamedPipe

LoadLibraryExW

SetErrorMode

GetSystemDirectoryW

GetStartupInfoW

GetCommandLineW

DecodePointer

QueryPerformanceFrequency

QueryPerformanceCounter

GetCurrentDirectoryW

SetCurrentDirectoryW

FormatMessageW

LocalFree

GetPrivateProfileStringW

ReleaseMutex

GetFileSize

SetFilePointer

SystemTimeToTzSpecificLocalTime

GetLongPathNameW

GetCurrentProcess

GetProcessTimes

GetWindowsDirectoryW

CreateDirectoryW

InitializeCriticalSection

GetLocaleInfoW

GetNumberFormatW

GetDateFormatW

GetTimeFormatW

WriteConsoleW

GetVersionExA

GetSystemInfo

GlobalMemoryStatusEx

CopyFileW

ResumeThread

GetNativeSystemInfo

CreateFileMappingW

MapViewOfFile

UnmapViewOfFile

GetFileInformationByHandle

GetCurrentThread

GetLocalTime

MoveFileW

InitializeProcThreadAttributeList

UpdateProcThreadAttribute

GetSystemTimeAsFileTime

DeviceIoControl

OutputDebugStringW

GetExitCodeProcess

ReadProcessMemory

IsValidCodePage

CheckRemoteDebuggerPresent

VirtualProtect

FlushInstructionCache

lstrcmpA

GetModuleFileNameA

DebugBreak

FlushFileBuffers

GetDiskFreeSpaceW

GetVolumeInformationW

SetFilePointerEx

SetEndOfFile

GetTempPathW

GetTempFileNameW

InitializeSRWLock

ReleaseSRWLockExclusive

ReleaseSRWLockShared

AcquireSRWLockExclusive

AcquireSRWLockShared

TlsAlloc

TlsGetValue

TlsSetValue

TlsFree

GetSystemDirectoryA

LoadLibraryA

FormatMessageA

GetStdHandle

GetFileType

VirtualAlloc

VirtualFree

IsDebuggerPresent

GetUserDefaultLCID

GetPrivateProfileIntW

GetFileAttributesExW

GetSystemDefaultUILanguage

GetSystemDefaultLCID

GetComputerNameW

WTSGetActiveConsoleSessionId

GetLogicalDriveStringsW

GetDriveTypeW

SetFileAttributesW

RemoveDirectoryW

K32GetProcessImageFileNameW

QueryDosDeviceW

SetConsoleTextAttribute

FindFirstFileExW

LocalAlloc

LocalLock

LocalUnlock

DeleteProcThreadAttributeList

GetThreadId

SetHandleInformation

GetPriorityClass

K32GetProcessMemoryInfo

GetProcessId

GetEnvironmentVariableW

SetEnvironmentVariableW

CreateThread

GetTickCount

SetUnhandledExceptionFilter

AddVectoredExceptionHandler

RemoveVectoredExceptionHandler

VirtualQuery

DuplicateHandle

GetSystemTimes

QueryFullProcessImageNameW

OpenThread

GetThreadPriority

K32EnumProcesses

GetThreadTimes

GetProcessHandleCount

ExpandEnvironmentStringsW

SetFileInformationByHandle

MoveFileExW

GetFileSizeEx

GetLogicalDrives

SetFileTime

GetCompressedFileSizeW

BackupRead

BackupSeek

EnumSystemLocalesW

InitializeCriticalSectionAndSpinCount

GetVolumePathNameW

GetVolumeNameForVolumeMountPointW

GetVersion

FindFirstVolumeW

FindNextVolumeW

GetVolumePathNamesForVolumeNameW

FindVolumeClose

GetFullPathNameW

OutputDebugStringA

K32GetMappedFileNameW

WritePrivateProfileStringW

GetConsoleMode

SetConsoleMode

ReadConsoleA

ReadConsoleW

ProcessIdToSessionId

UnlockFileEx

LockFileEx

GetLocaleInfoEx

GetUserDefaultLangID

GetCPInfo

GetConsoleOutputCP

GetVersionExW

GetShortPathNameW

GetSystemWindowsDirectoryW

GetFileTime

UnregisterWaitEx

RegisterWaitForSingleObject

SetThreadPriority

QueryThreadCycleTime

GetComputerNameExA

TerminateThread

GetUserGeoID

GetGeoInfoW

WerRegisterMemoryBlock

WerUnregisterMemoryBlock

InitOnceExecuteOnce

UnlockFile

CreateFileA

CreateSemaphoreW

CreateJobObjectW

CreateIoCompletionPort

SetInformationJobObject

AssignProcessToJobObject

GetQueuedCompletionStatus

SuspendThread

GetExitCodeThread

ReleaseSemaphore

TryEnterCriticalSection

GetProcessAffinityMask

HeapCreate

CancelIoEx

GetOverlappedResult

ReadDirectoryChangesW

SetThreadpoolWait

CreateThreadpoolWait

CloseThreadpoolWait

WaitForThreadpoolWaitCallbacks

CreateHardLinkW

PostQueuedCompletionStatus

QueueUserAPC

CancelIo

SetWaitableTimer

SleepEx

CreateWaitableTimerW

GetSystemTime

GetModuleHandleA

MoveFileExA

GetEnvironmentVariableA

FileTimeToLocalFileTime

ExpandEnvironmentStringsA

GetQueuedCompletionStatusEx

lstrcpyW

Module32FirstW

GetPrivateProfileSectionW

GetPrivateProfileSectionNamesW

IsBadStringPtrW

TerminateJobObject

GetTimeZoneInformation

GetBinaryTypeA

GetBinaryTypeW

QueueUserWorkItem

FlushViewOfFile

CreateFileMappingA

SetProcessWorkingSetSize

LCIDToLocaleName

SetNamedPipeHandleState

WaitNamedPipeW

WaitForSingleObjectEx

WaitForMultipleObjectsEx

ReadFileEx

WriteFileEx

LoadLibraryExA

IsValidLocale

SetStdHandle

GetModuleHandleExW

FreeLibraryAndExitThread

GetModuleHandleW

GetACP

GetFileInformationByHandleEx

user32

SetRect

LoadIconW

SetDlgItemTextW

FindWindowExW

IsDialogMessageW

PostQuitMessage

LockWindowUpdate

SendInput

SetMenuDefaultItem

IsClipboardFormatAvailable

SetParent

GetAncestor

GetDlgItemInt

GetForegroundWindow

wsprintfW

GetShellWindow

GetWindowInfo

GetMonitorInfoW

MonitorFromWindow

GetSystemMetrics

GetWindowPlacement

SystemParametersInfoA

DrawTextExW

NotifyWinEvent

GetAsyncKeyState

GetNextDlgGroupItem

DestroyCursor

GetIconInfo

GetMenuItemID

MonitorFromPoint

GetProcessWindowStation

GetUserObjectInformationW

MessageBoxW

GetLastActivePopup

MessageBeep

DrawIcon

GetDialogBaseUnits

LoadStringW

WinHelpW

EmptyClipboard

SetClipboardData

WaitMessage

IsHungAppWindow

SendMessageCallbackW

GetGUIThreadInfo

SendMessageTimeoutW

CharLowerW

CharLowerA

GetDlgItemTextW

AllowSetForegroundWindow

ExitWindowsEx

WaitForInputIdle

EnumDisplaySettingsW

FrameRect

CreateDialogParamW

EndPaint

BeginPaint

GetClassInfoExW

RegisterClassExW

MapWindowPoints

CreateWindowExW

GetDlgItem

IsWindowVisible

GetComboBoxInfo

GetWindow

IsChild

ChildWindowFromPoint

ScreenToClient

SetWindowPos

GetParent

IsWindowEnabled

GetDlgCtrlID

GetSysColor

UpdateWindow

MoveWindow

GetClientRect

ShowWindow

DestroyWindow

IsWindow

UnregisterClassW

SetWindowLongW

SendMessageW

CallWindowProcW

InvalidateRect

LoadCursorW

GetWindowLongW

GetWindowRect

FillRect

DefWindowProcW

LoadImageW

GetDC

ReleaseDC

PostMessageW

AdjustWindowRectEx

GetMenu

DrawEdge

SendDlgItemMessageW

MapDialogRect

DeleteMenu

SetLayeredWindowAttributes

SetWindowContextHelpId

UnhookWindowsHookEx

SetWindowsHookExW

CallNextHookEx

WindowFromPoint

AppendMenuW

GetScrollPos

GetMessagePos

InsertMenuW

SetCursorPos

CreatePopupMenu

MsgWaitForMultipleObjects

IsWindowUnicode

GetMessageA

DispatchMessageA

EnableMenuItem

BringWindowToTop

GetNextDlgTabItem

PeekMessageW

GetMessageW

TranslateMessage

DispatchMessageW

RegisterClassW

GetClassInfoW

IsIconic

GetWindowThreadProcessId

EnumWindows

FindWindowW

OpenIcon

GetClassLongW

IsDlgButtonChecked

CheckDlgButton

SetScrollPos

GetScrollInfo

GetCapture

GetCursorPos

ScrollWindowEx

SetScrollInfo

SetRectEmpty

CloseClipboard

GetClipboardData

OpenClipboard

GetKeyboardLayoutNameW

AddClipboardFormatListener

RemoveClipboardFormatListener

LoadCursorFromFileA

EnumDisplayDevicesW

EnumDisplayMonitors

MessageBoxA

GetMessageTime

GetMessageExtraInfo

BeginDeferWindowPos

DeferWindowPos

EndDeferWindowPos

CallMsgFilterW

GetUpdateRect

IsRectEmpty

SetClassLongW

EnumThreadWindows

GetDoubleClickTime

AnimateWindow

DrawIconEx

CreateIconIndirect

SetActiveWindow

GetKeyboardLayout

CreateCaret

DestroyCaret

SetCaretPos

GetClipboardSequenceNumber

RegisterClipboardFormatW

CountClipboardFormats

EnumClipboardFormats

MapVirtualKeyW

RegisterWindowMessageW

SetWinEventHook

PostThreadMessageW

GetQueueStatus

EnableScrollBar

DrawFrameControl

GetPropW

SetScrollRange

GetScrollRange

ShowScrollBar

RemovePropW

UpdateLayeredWindow

DestroyMenu

DrawFocusRect

DestroyIcon

DrawStateW

OffsetRect

GetWindowDC

SetPropW

CopyRect

GetKeyState

GetSysColorBrush

DialogBoxIndirectParamW

GetWindowTextLengthW

GetClassNameW

CharNextW

CreateAcceleratorTableW

ClientToScreen

SetCapture

ReleaseCapture

InvalidateRgn

DestroyAcceleratorTable

CreateDialogIndirectParamW

GetFocus

EnableWindow

KillTimer

SetTimer

DialogBoxParamW

SetCursor

SystemParametersInfoW

TrackMouseEvent

SetForegroundWindow

TrackPopupMenu

GetSystemMenu

IsZoomed

PtInRect

EndDialog

SetFocus

InflateRect

DrawTextW

SetWindowTextW

GetDesktopWindow

GetWindowTextW

RedrawWindow

GetActiveWindow

gdi32

SetBkMode

GetStockObject

CreateFontIndirectW

AddFontMemResourceEx

StretchBlt

GetDIBColorTable

SaveDC

RestoreDC

GetClipBox

CreateRectRgnIndirect

CombineRgn

SelectClipRgn

GetTextExtentPoint32W

CreateCompatibleBitmap

GetTextMetricsW

GetBkColor

ExcludeClipRect

CreateDCW

CreateRectRgn

GetClipRgn

BeginPath

EndPath

StrokeAndFillPath

PolylineTo

GetCurrentObject

Ellipse

CreateFontW

LineTo

MoveToEx

CreateBitmap

SetTextAlign

TextOutW

Rectangle

GetTextColor

GetDIBits

SetMapMode

StartDocW

EndDoc

StartPage

EndPage

SetLayout

GetGlyphIndicesW

EnumFontFamiliesExW

GetFontUnicodeRanges

GetObjectA

StretchDIBits

UnrealizeObject

CreatePen

RoundRect

CreatePatternBrush

SetViewportOrgEx

ExtTextOutW

SetBkColor

SetTextColor

CreateSolidBrush

DeleteObject

SetDIBColorTable

CreateDIBSection

GetObjectW

CreateCompatibleDC

BitBlt

SelectObject

DeleteDC

GetDeviceCaps

PatBlt

comdlg32

PrintDlgW

GetOpenFileNameW

GetSaveFileNameW

CommDlgExtendedError

shell32

ord727

ord74

ShellExecuteW

ExtractIconW

CommandLineToArgvW

SHGetSpecialFolderPathW

SHGetPathFromIDListW

SHBrowseForFolderW

DragQueryFileW

DragFinish

ShellExecuteExW

SHGetFolderPathW

ord165

Shell_NotifyIconW

ExtractIconExW

SHGetSpecialFolderLocation

SHGetFileInfoW

SHEmptyRecycleBinW

SHGetKnownFolderPath

SHAddToRecentDocs

ole32

CoInitializeSecurity

CoSetProxyBlanket

CoInitializeEx

CoCreateGuid

RegisterDragDrop

IIDFromString

StgIsStorageFile

StgOpenStorageEx

RevokeDragDrop

OleDuplicateData

ReleaseStgMedium

DoDragDrop

CoTaskMemRealloc

OleInitialize

CLSIDFromString

CLSIDFromProgID

CoGetClassObject

CoCreateInstance

OleLockRunning

CoFreeUnusedLibraries

StringFromGUID2

CoTaskMemFree

CoTaskMemAlloc

OleUninitialize

CoUninitialize

CoInitialize

PropVariantClear

CreateStreamOnHGlobal

oleaut32

SysStringLen

LoadRegTypeLi

LoadTypeLi

SysAllocStringLen

OleCreateFontIndirect

VarUI4FromStr

VariantClear

DispCallFunc

VarBstrFromR8

VarBstrFromI4

VariantChangeType

VariantTimeToSystemTime

SysAllocString

VariantInit

VarBstrCmp

SysFreeString

comctl32

ImageList_GetIcon

ImageList_SetIconSize

ImageList_Duplicate

ImageList_GetIconSize

ImageList_Draw

ImageList_Destroy

ImageList_ReplaceIcon

ImageList_Replace

ImageList_GetImageCount

ImageList_DrawEx

ImageList_LoadImageW

InitCommonControlsEx

ImageList_Add

ImageList_Create

ImageList_Remove

gdiplus

GdipCloneBrush

GdipDeleteBrush

GdipCreateBitmapFromGraphics

GdipGetFontSize

GdipGetFamily

GdipDeleteFont

GdipCreateFontFromLogfontA

GdipCreateFontFromDC

GdipGetLineSpacing

GdipGetCellAscent

GdipGetEmHeight

GdipDeleteFontFamily

GdipEndContainer

GdipBeginContainer2

GdipCreatePathGradientFromPath

GdipDeletePath

GdipCreatePath

GdiplusStartup

GdiplusShutdown

GdipGetImagePixelFormat

GdipGetImageHeight

GdipGetImageWidth

GdipGetImagePaletteSize

GdipGetImagePalette

GdipBitmapLockBits

GdipBitmapUnlockBits

GdipCreateBitmapFromScan0

GdipCloneImage

GdipAlloc

GdipFree

GdipCreateSolidFill

GdipGetImageGraphicsContext

GdipDeleteGraphics

GdipDrawImageI

GdipFillRectangleI

GdipCreateFromHDC

GdipSetSmoothingMode

GdipCreateHBITMAPFromBitmap

GdipCreatePen1

GdipDrawDriverString

GdipDrawRectangleI

GdipDeletePen

GdipCreateBitmapFromStream

GdipRestoreGraphics

GdipSaveGraphics

GdipGetClipBoundsI

GdipSetClipRectI

GdipSetClipRect

GdipDrawImageRectRect

GdipFillPath

GdipFillPie

GdipFillEllipse

GdipFillRectanglesI

GdipGraphicsClear

GdipDrawPath

GdipDrawPie

GdipDrawEllipse

GdipDrawRectangle

GdipDrawArc

GdipTransformPoints

GdipSetPageUnit

GdipGetWorldTransform

GdipTranslateWorldTransform

GdipMultiplyWorldTransform

GdipSetInterpolationMode

GdipSetTextRenderingHint

GdipSetPixelOffsetMode

GdipGetSmoothingMode

GdipSetCompositingQuality

GdipCreateFromHWNDICM

GdipCreateFromHWND

GdipSetImageAttributesColorMatrix

GdipDisposeImageAttributes

GdipCreateImageAttributes

GdipSetPenDashArray

GdipSetPenDashOffset

GdipSetPenDashStyle

GdipSetPenMiterLimit

GdipSetPenLineJoin

GdipSetPenEndCap

GdipSetPenStartCap

GdipCreatePen2

GdipSetPathGradientTransform

GdipSetPathGradientWrapMode

GdipDisposeImage

GdipSetPathGradientPresetBlend

GdipSetPathGradientCenterPoint

GdipMultiplyLineTransform

GdipSetLineWrapMode

GdipSetLinePresetBlend

GdipCreateLineBrush

GdipCreateTexture

GdipGetMatrixElements

GdipShearMatrix

GdipRotateMatrix

GdipScaleMatrix

GdipTranslateMatrix

GdipDeleteMatrix

GdipCreateMatrix2

GdipCreateMatrix

GdipIsVisiblePathPoint

GdipGetPathWorldBounds

GdipAddPathRectangleI

GdipAddPathArcI

GdipAddPathLineI

GdipAddPathEllipse

GdipAddPathBezier

GdipAddPathArc

GdipAddPathLine

GdipClosePathFigure

GdipStartPathFigure

GdipSetPathFillMode

GdipResetPath

GdipClonePath

GdipCreateBitmapFromFile

GdipDrawLine

GdipFillRectangle

GdipCreateHatchBrush

powrprof

CallNtPowerInformation

dxgi

CreateDXGIFactory1

dbghelp

MakeSureDirectoryPathExists

winmm

timeBeginPeriod

timeEndPeriod

timeSetEvent

timeKillEvent

timeGetTime

secur32

QueryContextAttributesW

urlmon

FindMimeFromData

oleacc

LresultFromObject

AccessibleObjectFromWindow

CreateStdAccessibleObject

imm32

ImmAssociateContextEx

ImmGetCompositionStringW

ImmGetContext

ImmNotifyIME

ImmSetCandidateWindow

ImmReleaseContext

ImmIsIME

usp10

ScriptPlace

ScriptItemize

ScriptBreak

ScriptFreeCache

ScriptShape

ScriptApplyDigitSubstitution

winspool.drv

ord203

Exports

??$IntToString@VInteger@CryptoPP@@@CryptoPP@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@VInteger@0@I@Z

??$IntToString@_K@CryptoPP@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@_KI@Z

??0?$ASN1CryptoMaterial@V?$DL_GroupParameters@VInteger@CryptoPP@@@CryptoPP@@@CryptoPP@@QAE@$$QAV01@@Z

??0?$ASN1CryptoMaterial@V?$DL_GroupParameters@VInteger@CryptoPP@@@CryptoPP@@@CryptoPP@@QAE@ABV01@@Z

??0?$ASN1CryptoMaterial@V?$DL_GroupParameters@VInteger@CryptoPP@@@CryptoPP@@@CryptoPP@@QAE@XZ

??0?$ASN1CryptoMaterial@VPrivateKey@CryptoPP@@@CryptoPP@@QAE@$$QAV01@@Z

??0?$ASN1CryptoMaterial@VPrivateKey@CryptoPP@@@CryptoPP@@QAE@ABV01@@Z

??0?$ASN1CryptoMaterial@VPrivateKey@CryptoPP@@@CryptoPP@@QAE@XZ

??0?$ASN1CryptoMaterial@VPublicKey@CryptoPP@@@CryptoPP@@QAE@$$QAV01@@Z

??0?$ASN1CryptoMaterial@VPublicKey@CryptoPP@@@CryptoPP@@QAE@ABV01@@Z

??0?$ASN1CryptoMaterial@VPublicKey@CryptoPP@@@CryptoPP@@QAE@XZ

??0?$AbstractEuclideanDomain@VInteger@CryptoPP@@@CryptoPP@@QAE@$$QAV01@@Z

??0?$AbstractEuclideanDomain@VInteger@CryptoPP@@@CryptoPP@@QAE@ABV01@@Z

??0?$AbstractEuclideanDomain@VInteger@CryptoPP@@@CryptoPP@@QAE@XZ

??0?$AbstractEuclideanDomain@VPolynomialMod2@CryptoPP@@@CryptoPP@@QAE@$$QAV01@@Z

??0?$AbstractEuclideanDomain@VPolynomialMod2@CryptoPP@@@CryptoPP@@QAE@ABV01@@Z

??0?$AbstractEuclideanDomain@VPolynomialMod2@CryptoPP@@@CryptoPP@@QAE@XZ

??0?$AbstractGroup@UEC2NPoint@CryptoPP@@@CryptoPP@@QAE@ABV01@@Z

??0?$AbstractGroup@UEC2NPoint@CryptoPP@@@CryptoPP@@QAE@XZ

??0?$AbstractGroup@UECPPoint@CryptoPP@@@CryptoPP@@QAE@ABV01@@Z

??0?$AbstractGroup@UECPPoint@CryptoPP@@@CryptoPP@@QAE@XZ

??0?$AbstractGroup@VInteger@CryptoPP@@@CryptoPP@@QAE@ABV01@@Z

??0?$AbstractGroup@VInteger@CryptoPP@@@CryptoPP@@QAE@XZ

??0?$AbstractGroup@VPolynomialMod2@CryptoPP@@@CryptoPP@@QAE@ABV01@@Z

??0?$AbstractGroup@VPolynomialMod2@CryptoPP@@@CryptoPP@@QAE@XZ

??0?$AbstractPolicyHolder@UAdditiveCipherAbstractPolicy@CryptoPP@@VCTR_ModePolicy@2@@CryptoPP@@QAE@ABV01@@Z

??0?$AbstractPolicyHolder@UAdditiveCipherAbstractPolicy@CryptoPP@@VCTR_ModePolicy@2@@CryptoPP@@QAE@XZ

??0?$AbstractPolicyHolder@UAdditiveCipherAbstractPolicy@CryptoPP@@VOFB_ModePolicy@2@@CryptoPP@@QAE@ABV01@@Z

??0?$AbstractPolicyHolder@UAdditiveCipherAbstractPolicy@CryptoPP@@VOFB_ModePolicy@2@@CryptoPP@@QAE@XZ

??0?$AbstractPolicyHolder@UAdditiveCipherAbstractPolicy@CryptoPP@@VSymmetricCipher@2@@CryptoPP@@QAE@ABV01@@Z

??0?$AbstractPolicyHolder@UAdditiveCipherAbstractPolicy@CryptoPP@@VSymmetricCipher@2@@CryptoPP@@QAE@XZ

??0?$AbstractPolicyHolder@VCFB_CipherAbstractPolicy@CryptoPP@@VCFB_ModePolicy@2@@CryptoPP@@QAE@ABV01@@Z

??0?$AbstractPolicyHolder@VCFB_CipherAbstractPolicy@CryptoPP@@VCFB_ModePolicy@2@@CryptoPP@@QAE@XZ

??0?$AbstractPolicyHolder@VCFB_CipherAbstractPolicy@CryptoPP@@VSymmetricCipher@2@@CryptoPP@@QAE@ABV01@@Z

??0?$AbstractPolicyHolder@VCFB_CipherAbstractPolicy@CryptoPP@@VSymmetricCipher@2@@CryptoPP@@QAE@XZ

??0?$AbstractRing@VInteger@CryptoPP@@@CryptoPP@@QAE@ABV01@@Z

??0?$AbstractRing@VInteger@CryptoPP@@@CryptoPP@@QAE@XZ

??0?$AbstractRing@VPolynomialMod2@CryptoPP@@@CryptoPP@@QAE@ABV01@@Z

??0?$AbstractRing@VPolynomialMod2@CryptoPP@@@CryptoPP@@QAE@XZ

??0?$AdditiveCipherTemplate@V?$AbstractPolicyHolder@UAdditiveCipherAbstractPolicy@CryptoPP@@VCTR_ModePolicy@2@@CryptoPP@@@CryptoPP@@QAE@ABV01@@Z

??0?$AdditiveCipherTemplate@V?$AbstractPolicyHolder@UAdditiveCipherAbstractPolicy@CryptoPP@@VCTR_ModePolicy@2@@CryptoPP@@@CryptoPP@@QAE@XZ

??0?$AdditiveCipherTemplate@V?$AbstractPolicyHolder@UAdditiveCipherAbstractPolicy@CryptoPP@@VOFB_ModePolicy@2@@CryptoPP@@@CryptoPP@@QAE@ABV01@@Z

??0?$AdditiveCipherTemplate@V?$AbstractPolicyHolder@UAdditiveCipherAbstractPolicy@CryptoPP@@VOFB_ModePolicy@2@@CryptoPP@@@CryptoPP@@QAE@XZ

??0?$AdditiveCipherTemplate@V?$AbstractPolicyHolder@UAdditiveCipherAbstractPolicy@CryptoPP@@VSymmetricCipher@2@@CryptoPP@@@CryptoPP@@QAE@ABV01@@Z

??0?$AdditiveCipherTemplate@V?$AbstractPolicyHolder@UAdditiveCipherAbstractPolicy@CryptoPP@@VSymmetricCipher@2@@CryptoPP@@@CryptoPP@@QAE@XZ

??0?$AlgorithmImpl@V?$IteratedHash@IU?$EnumToType@W4ByteOrder@CryptoPP@@$00@CryptoPP@@$0EA@VHashTransformation@2@@CryptoPP@@VSHA1@2@@CryptoPP@@QAE@ABV01@@Z

??0?$AlgorithmImpl@V?$IteratedHash@IU?$EnumToType@W4ByteOrder@CryptoPP@@$00@CryptoPP@@$0EA@VHashTransformation@2@@CryptoPP@@VSHA1@2@@CryptoPP@@QAE@XZ

??0?$AlgorithmImpl@V?$IteratedHash@IU?$EnumToType@W4ByteOrder@CryptoPP@@$00@CryptoPP@@$0EA@VHashTransformation@2@@CryptoPP@@VSHA224@2@@CryptoPP@@QAE@ABV01@@Z

??0?$AlgorithmImpl@V?$IteratedHash@IU?$EnumToType@W4ByteOrder@CryptoPP@@$00@CryptoPP@@$0EA@VHashTransformation@2@@CryptoPP@@VSHA224@2@@CryptoPP@@QAE@XZ

??0?$AlgorithmImpl@V?$IteratedHash@IU?$EnumToType@W4ByteOrder@CryptoPP@@$00@CryptoPP@@$0EA@VHashTransformation@2@@CryptoPP@@VSHA256@2@@CryptoPP@@QAE@ABV01@@Z

??0?$AlgorithmImpl@V?$IteratedHash@IU?$EnumToType@W4ByteOrder@CryptoPP@@$00@CryptoPP@@$0EA@VHashTransformation@2@@CryptoPP@@VSHA256@2@@CryptoPP@@QAE@XZ

??0?$AlgorithmImpl@V?$IteratedHash@_KU?$EnumToType@W4ByteOrder@CryptoPP@@$00@CryptoPP@@$0IA@VHashTransformation@2@@CryptoPP@@VSHA384@2@@CryptoPP@@QAE@ABV01@@Z

??0?$AlgorithmImpl@V?$IteratedHash@_KU?$EnumToType@W4ByteOrder@CryptoPP@@$00@CryptoPP@@$0IA@VHashTransformation@2@@CryptoPP@@VSHA384@2@@CryptoPP@@QAE@XZ

??0?$AlgorithmImpl@V?$IteratedHash@_KU?$EnumToType@W4ByteOrder@CryptoPP@@$00@CryptoPP@@$0IA@VHashTransformation@2@@CryptoPP@@VSHA512@2@@CryptoPP@@QAE@ABV01@@Z

??0?$AlgorithmImpl@V?$IteratedHash@_KU?$EnumToType@W4ByteOrder@CryptoPP@@$00@CryptoPP@@$0IA@VHashTransformation@2@@CryptoPP@@VSHA512@2@@CryptoPP@@QAE@XZ

??0?$AlgorithmImpl@V?$SimpleKeyingInterfaceImpl@V?$TwoBases@VBlockCipher@CryptoPP@@UDES_EDE2_Info@2@@CryptoPP@@V12@@CryptoPP@@V12@@CryptoPP@@QAE@ABV01@@Z

??0?$AlgorithmImpl@V?$SimpleKeyingInterfaceImpl@V?$TwoBases@VBlockCipher@CryptoPP@@UDES_EDE2_Info@2@@CryptoPP@@V12@@CryptoPP@@V12@@CryptoPP@@QAE@XZ

??0?$AlgorithmImpl@V?$SimpleKeyingInterfaceImpl@V?$TwoBases@VBlockCipher@CryptoPP@@UDES_EDE3_Info@2@@CryptoPP@@V12@@CryptoPP@@V12@@CryptoPP@@QAE@ABV01@@Z

??0?$AlgorithmImpl@V?$SimpleKeyingInterfaceImpl@V?$TwoBases@VBlockCipher@CryptoPP@@UDES_EDE3_Info@2@@CryptoPP@@V12@@CryptoPP@@V12@@CryptoPP@@QAE@XZ

??0?$AlgorithmImpl@V?$SimpleKeyingInterfaceImpl@V?$TwoBases@VBlockCipher@CryptoPP@@URijndael_Info@2@@CryptoPP@@V12@@CryptoPP@@V12@@CryptoPP@@QAE@ABV01@@Z

??0?$AlgorithmImpl@V?$SimpleKeyingInterfaceImpl@V?$TwoBases@VBlockCipher@CryptoPP@@URijndael_Info@2@@CryptoPP@@V12@@CryptoPP@@V12@@CryptoPP@@QAE@XZ

??0?$AlgorithmImpl@V?$SimpleKeyingInterfaceImpl@V?$TwoBases@VBlockCipher@CryptoPP@@USKIPJACK_Info@2@@CryptoPP@@V12@@CryptoPP@@V12@@CryptoPP@@QAE@ABV01@@Z

??0?$AlgorithmImpl@V?$SimpleKeyingInterfaceImpl@V?$TwoBases@VBlockCipher@CryptoPP@@USKIPJACK_Info@2@@CryptoPP@@V12@@CryptoPP@@V12@@CryptoPP@@QAE@XZ

??0?$AlgorithmParametersTemplate@H@CryptoPP@@QAE@$$QAV01@@Z

??0?$AlgorithmParametersTemplate@H@CryptoPP@@QAE@ABV01@@Z

??0?$AlgorithmParametersTemplate@H@CryptoPP@@QAE@PBDABH_N@Z

??0?$AlgorithmParametersTemplate@VConstByteArrayParameter@CryptoPP@@@CryptoPP@@QAE@$$QAV01@@Z

??0?$AlgorithmParametersTemplate@VConstByteArrayParameter@CryptoPP@@@CryptoPP@@QAE@ABV01@@Z

??0?$AlgorithmParametersTemplate@VConstByteArrayParameter@CryptoPP@@@CryptoPP@@QAE@PBDABVConstByteArrayParameter@1@_N@Z

??0?$AlgorithmParametersTemplate@_N@CryptoPP@@QAE@$$QAV01@@Z

??0?$AlgorithmParametersTemplate@_N@CryptoPP@@QAE@ABV01@@Z

??0?$AlgorithmParametersTemplate@_N@CryptoPP@@QAE@PBDAB_N_N@Z

??0?$AllocatorWithCleanup@E$0A@@CryptoPP@@QAE@XZ

??0?$AllocatorWithCleanup@G$0A@@CryptoPP@@QAE@XZ

??0?$AllocatorWithCleanup@I$00@CryptoPP@@QAE@XZ

??0?$AllocatorWithCleanup@I$0A@@CryptoPP@@QAE@XZ

??0?$AllocatorWithCleanup@_K$0A@@CryptoPP@@QAE@XZ

??0?$AutoSeededX917RNG@VRijndael@CryptoPP@@@CryptoPP@@QAE@_N0@Z

??0?$AutoSignaling@V?$InputRejecting@VBufferedTransformation@CryptoPP@@@CryptoPP@@@CryptoPP@@QAE@ABV01@@Z

??0?$AutoSignaling@V?$InputRejecting@VBufferedTransformation@CryptoPP@@@CryptoPP@@@CryptoPP@@QAE@H@Z

??0?$AutoSignaling@VBufferedTransformation@CryptoPP@@@CryptoPP@@QAE@ABV01@@Z

??0?$AutoSignaling@VBufferedTransformation@CryptoPP@@@CryptoPP@@QAE@H@Z

??0?$BlockCipherImpl@UDES_EDE2_Info@CryptoPP@@VBlockCipher@2@@CryptoPP@@QAE@ABV01@@Z

??0?$BlockCipherImpl@UDES_EDE2_Info@CryptoPP@@VBlockCipher@2@@CryptoPP@@QAE@XZ

??0?$BlockCipherImpl@UDES_EDE3_Info@CryptoPP@@VBlockCipher@2@@CryptoPP@@QAE@ABV01@@Z

??0?$BlockCipherImpl@UDES_EDE3_Info@CryptoPP@@VBlockCipher@2@@CryptoPP@@QAE@XZ

??0?$BlockCipherImpl@URijndael_Info@CryptoPP@@VBlockCipher@2@@CryptoPP@@QAE@ABV01@@Z

??0?$BlockCipherImpl@URijndael_Info@CryptoPP@@VBlockCipher@2@@CryptoPP@@QAE@XZ

??0?$BlockCipherImpl@USKIPJACK_Info@CryptoPP@@VBlockCipher@2@@CryptoPP@@QAE@ABV01@@Z

??0?$BlockCipherImpl@USKIPJACK_Info@CryptoPP@@VBlockCipher@2@@CryptoPP@@QAE@XZ

??0?$Bufferless@VBufferedTransformation@CryptoPP@@@CryptoPP@@QAE@ABV01@@Z

??0?$Bufferless@VBufferedTransformation@CryptoPP@@@CryptoPP@@QAE@XZ

??0?$Bufferless@VFilter@CryptoPP@@@CryptoPP@@QAE@XZ

??0?$Bufferless@VSink@CryptoPP@@@CryptoPP@@QAE@ABV01@@Z

??0?$Bufferless@VSink@CryptoPP@@@CryptoPP@@QAE@XZ

??0?$CFB_CipherTemplate@V?$AbstractPolicyHolder@VCFB_CipherAbstractPolicy@CryptoPP@@VCFB_ModePolicy@2@@CryptoPP@@@CryptoPP@@QAE@ABV01@@Z

??0?$CFB_CipherTemplate@V?$AbstractPolicyHolder@VCFB_CipherAbstractPolicy@CryptoPP@@VCFB_ModePolicy@2@@CryptoPP@@@CryptoPP@@QAE@XZ

??0?$CFB_CipherTemplate@V?$AbstractPolicyHolder@VCFB_CipherAbstractPolicy@CryptoPP@@VSymmetricCipher@2@@CryptoPP@@@CryptoPP@@QAE@ABV01@@Z

??0?$CFB_CipherTemplate@V?$AbstractPolicyHolder@VCFB_CipherAbstractPolicy@CryptoPP@@VSymmetricCipher@2@@CryptoPP@@@CryptoPP@@QAE@XZ

??0?$CFB_DecryptionTemplate@V?$AbstractPolicyHolder@VCFB_CipherAbstractPolicy@CryptoPP@@VCFB_ModePolicy@2@@CryptoPP@@@CryptoPP@@QAE@$$QAV01@@Z

??0?$CFB_DecryptionTemplate@V?$AbstractPolicyHolder@VCFB_CipherAbstractPolicy@CryptoPP@@VCFB_ModePolicy@2@@CryptoPP@@@CryptoPP@@QAE@ABV01@@Z

??0?$CFB_DecryptionTemplate@V?$AbstractPolicyHolder@VCFB_CipherAbstractPolicy@CryptoPP@@VCFB_ModePolicy@2@@CryptoPP@@@CryptoPP@@QAE@XZ

??0?$CFB_DecryptionTemplate@V?$AbstractPolicyHolder@VCFB_CipherAbstractPolicy@CryptoPP@@VSymmetricCipher@2@@CryptoPP@@@CryptoPP@@QAE@$$QAV01@@Z

??0?$CFB_DecryptionTemplate@V?$AbstractPolicyHolder@VCFB_CipherAbstractPolicy@CryptoPP@@VSymmetricCipher@2@@CryptoPP@@@CryptoPP@@QAE@ABV01@@Z

??0?$CFB_DecryptionTemplate@V?$AbstractPolicyHolder@VCFB_CipherAbstractPolicy@CryptoPP@@VSymmetricCipher@2@@CryptoPP@@@CryptoPP@@QAE@XZ

??0?$CFB_EncryptionTemplate@V?$AbstractPolicyHolder@VCFB_CipherAbstractPolicy@CryptoPP@@VCFB_ModePolicy@2@@CryptoPP@@@CryptoPP@@QAE@$$QAV01@@Z

??0?$CFB_EncryptionTemplate@V?$AbstractPolicyHolder@VCFB_CipherAbstractPolicy@CryptoPP@@VCFB_ModePolicy@2@@CryptoPP@@@CryptoPP@@QAE@ABV01@@Z

??0?$CFB_EncryptionTemplate@V?$AbstractPolicyHolder@VCFB_CipherAbstractPolicy@CryptoPP@@VCFB_ModePolicy@2@@CryptoPP@@@CryptoPP@@QAE@XZ

??0?$CFB_EncryptionTemplate@V?$AbstractPolicyHolder@VCFB_CipherAbstractPolicy@CryptoPP@@VSymmetricCipher@2@@CryptoPP@@@CryptoPP@@QAE@$$QAV01@@Z

??0?$CFB_EncryptionTemplate@V?$AbstractPolicyHolder@VCFB_CipherAbstractPolicy@CryptoPP@@VSymmetricCipher@2@@CryptoPP@@@CryptoPP@@QAE@ABV01@@Z

??0?$CFB_EncryptionTemplate@V?$AbstractPolicyHolder@VCFB_CipherAbstractPolicy@CryptoPP@@VSymmetricCipher@2@@CryptoPP@@@CryptoPP@@QAE@XZ

??0?$CipherModeFinalTemplate_ExternalCipher@V?$ConcretePolicyHolder@VEmpty@CryptoPP@@V?$AdditiveCipherTemplate@V?$AbstractPolicyHolder@UAdditiveCipherAbstractPolicy@CryptoPP@@VCTR_ModePolicy@2@@CryptoPP@@@2@UAdditiveCipherAbstractPolicy@2@@CryptoPP@@@CryptoPP@@QAE@$$QAV01@@Z

??0?$CipherModeFinalTemplate_ExternalCipher@V?$ConcretePolicyHolder@VEmpty@CryptoPP@@V?$AdditiveCipherTemplate@V?$AbstractPolicyHolder@UAdditiveCipherAbstractPolicy@CryptoPP@@VCTR_ModePolicy@2@@CryptoPP@@@2@UAdditiveCipherAbstractPolicy@2@@CryptoPP@@@CryptoPP@@QAE@AAVBlockCipher@1@@Z

??0?$CipherModeFinalTemplate_ExternalCipher@V?$ConcretePolicyHolder@VEmpty@CryptoPP@@V?$AdditiveCipherTemplate@V?$AbstractPolicyHolder@UAdditiveCipherAbstractPolicy@CryptoPP@@VCTR_ModePolicy@2@@CryptoPP@@@2@UAdditiveCipherAbstractPolicy@2@@CryptoPP@@@CryptoPP@@QAE@AAVBlockCipher@1@PBEH@Z

??0?$CipherModeFinalTemplate_ExternalCipher@V?$ConcretePolicyHolder@VEmpty@CryptoPP@@V?$AdditiveCipherTemplate@V?$AbstractPolicyHolder@UAdditiveCipherAbstractPolicy@CryptoPP@@VCTR_ModePolicy@2@@CryptoPP@@@2@UAdditiveCipherAbstractPolicy@2@@CryptoPP@@@CryptoPP@@QAE@ABV01@@Z

??0?$CipherModeFinalTemplate_ExternalCipher@V?$ConcretePolicyHolder@VEmpty@CryptoPP@@V?$AdditiveCipherTemplate@V?$AbstractPolicyHolder@UAdditiveCipherAbstractPolicy@CryptoPP@@VCTR_ModePolicy@2@@CryptoPP@@@2@UAdditiveCipherAbstractPolicy@2@@CryptoPP@@@CryptoPP@@QAE@XZ

??0?$CipherModeFinalTemplate_ExternalCipher@VCBC_CTS_Decryption@CryptoPP@@@CryptoPP@@QAE@$$QAV01@@Z

??0?$CipherModeFinalTemplate_ExternalCipher@VCBC_CTS_Decryption@CryptoPP@@@CryptoPP@@QAE@AAVBlockCipher@1@@Z

??0?$CipherModeFinalTemplate_ExternalCipher@VCBC_CTS_Decryption@CryptoPP@@@CryptoPP@@QAE@AAVBlockCipher@1@PBEH@Z

??0?$CipherModeFinalTemplate_ExternalCipher@VCBC_CTS_Decryption@CryptoPP@@@CryptoPP@@QAE@ABV01@@Z

??0?$CipherModeFinalTemplate_ExternalCipher@VCBC_CTS_Decryption@CryptoPP@@@CryptoPP@@QAE@XZ

??0?$CipherModeFinalTemplate_ExternalCipher@VCBC_CTS_Encryption@CryptoPP@@@CryptoPP@@QAE@$$QAV01@@Z

??0?$CipherModeFinalTemplate_ExternalCipher@VCBC_CTS_Encryption@CryptoPP@@@CryptoPP@@QAE@AAVBlockCipher@1@@Z

??0?$CipherModeFinalTemplate_ExternalCipher@VCBC_CTS_Encryption@CryptoPP@@@CryptoPP@@QAE@AAVBlockCipher@1@PBEH@Z

??0?$CipherModeFinalTemplate_ExternalCipher@VCBC_CTS_Encryption@CryptoPP@@@CryptoPP@@QAE@ABV01@@Z

??0?$CipherModeFinalTemplate_ExternalCipher@VCBC_CTS_Encryption@CryptoPP@@@CryptoPP@@QAE@XZ

??0?$CipherModeFinalTemplate_ExternalCipher@VCBC_Decryption@CryptoPP@@@CryptoPP@@QAE@$$QAV01@@Z

??0?$CipherModeFinalTemplate_ExternalCipher@VCBC_Decryption@CryptoPP@@@CryptoPP@@QAE@AAVBlockCipher@1@@Z

??0?$CipherModeFinalTemplate_ExternalCipher@VCBC_Decryption@CryptoPP@@@CryptoPP@@QAE@AAVBlockCipher@1@PBEH@Z

??0?$CipherModeFinalTemplate_ExternalCipher@VCBC_Decryption@CryptoPP@@@CryptoPP@@QAE@ABV01@@Z

??0?$CipherModeFinalTemplate_ExternalCipher@VCBC_Decryption@CryptoPP@@@CryptoPP@@QAE@XZ

??0?$CipherModeFinalTemplate_ExternalCipher@VCBC_Encryption@CryptoPP@@@CryptoPP@@QAE@$$QAV01@@Z

??0?$CipherModeFinalTemplate_ExternalCipher@VCBC_Encryption@CryptoPP@@@CryptoPP@@QAE@AAVBlockCipher@1@@Z

??0?$CipherModeFinalTemplate_ExternalCipher@VCBC_Encryption@CryptoPP@@@CryptoPP@@QAE@AAVBlockCipher@1@PBEH@Z

??0?$CipherModeFinalTemplate_ExternalCipher@VCBC_Encryption@CryptoPP@@@CryptoPP@@QAE@ABV01@@Z

??0?$CipherModeFinalTemplate_ExternalCipher@VCBC_Encryption@CryptoPP@@@CryptoPP@@QAE@XZ

??0?$CipherModeFinalTemplate_ExternalCipher@VECB_OneWay@CryptoPP@@@CryptoPP@@QAE@$$QAV01@@Z

??0?$CipherModeFinalTemplate_ExternalCipher@VECB_OneWay@CryptoPP@@@CryptoPP@@QAE@AAVBlockCipher@1@@Z

??0?$CipherModeFinalTemplate_ExternalCipher@VECB_OneWay@CryptoPP@@@CryptoPP@@QAE@AAVBlockCipher@1@PBEH@Z

??0?$CipherModeFinalTemplate_ExternalCipher@VECB_OneWay@CryptoPP@@@CryptoPP@@QAE@ABV01@@Z

??0?$CipherModeFinalTemplate_ExternalCipher@VECB_OneWay@CryptoPP@@@CryptoPP@@QAE@XZ

??0?$ClonableImpl@VSHA1@CryptoPP@@V?$AlgorithmImpl@V?$IteratedHash@IU?$EnumToType@W4ByteOrder@CryptoPP@@$00@CryptoPP@@$0EA@VHashTransformation@2@@CryptoPP@@VSHA1@2@@2@@CryptoPP@@QAE@ABV01@@Z

??0?$ClonableImpl@VSHA1@CryptoPP@@V?$AlgorithmImpl@V?$IteratedHash@IU?$EnumToType@W4ByteOrder@CryptoPP@@$00@CryptoPP@@$0EA@VHashTransformation@2@@CryptoPP@@VSHA1@2@@2@@CryptoPP@@QAE@XZ

??0?$ClonableImpl@VSHA224@CryptoPP@@V?$AlgorithmImpl@V?$IteratedHash@IU?$EnumToType@W4ByteOrder@CryptoPP@@$00@CryptoPP@@$0EA@VHashTransformation@2@@CryptoPP@@VSHA224@2@@2@@CryptoPP@@QAE@ABV01@@Z

??0?$ClonableImpl@VSHA224@CryptoPP@@V?$AlgorithmImpl@V?$IteratedHash@IU?$EnumToType@W4ByteOrder@CryptoPP@@$00@CryptoPP@@$0EA@VHashTransformation@2@@CryptoPP@@VSHA224@2@@2@@CryptoPP@@QAE@XZ

??0?$ClonableImpl@VSHA256@CryptoPP@@V?$AlgorithmImpl@V?$IteratedHash@IU?$EnumToType@W4ByteOrder@CryptoPP@@$00@CryptoPP@@$0EA@VHashTransformation@2@@CryptoPP@@VSHA256@2@@2@@CryptoPP@@QAE@ABV01@@Z

??0?$ClonableImpl@VSHA256@CryptoPP@@V?$AlgorithmImpl@V?$IteratedHash@IU?$EnumToType@W4ByteOrder@CryptoPP@@$00@CryptoPP@@$0EA@VHashTransformation@2@@CryptoPP@@VSHA256@2@@2@@CryptoPP@@QAE@XZ

??0?$ClonableImpl@VSHA384@CryptoPP@@V?$AlgorithmImpl@V?$IteratedHash@_KU?$EnumToType@W4ByteOrder@CryptoPP@@$00@CryptoPP@@$0IA@VHashTransformation@2@@CryptoPP@@VSHA384@2@@2@@CryptoPP@@QAE@ABV01@@Z

??0?$ClonableImpl@VSHA384@CryptoPP@@V?$AlgorithmImpl@V?$IteratedHash@_KU?$EnumToType@W4ByteOrder@CryptoPP@@$00@CryptoPP@@$0IA@VHashTransformation@2@@CryptoPP@@VSHA384@2@@2@@CryptoPP@@QAE@XZ

??0?$ClonableImpl@VSHA512@CryptoPP@@V?$AlgorithmImpl@V?$IteratedHash@_KU?$EnumToType@W4ByteOrder@CryptoPP@@$00@CryptoPP@@$0IA@VHashTransformation@2@@CryptoPP@@VSHA512@2@@2@@CryptoPP@@QAE@ABV01@@Z

??0?$ClonableImpl@VSHA512@CryptoPP@@V?$AlgorithmImpl@V?$IteratedHash@_KU?$EnumToType@W4ByteOrder@CryptoPP@@$00@CryptoPP@@$0IA@VHashTransformation@2@@CryptoPP@@VSHA512@2@@2@@CryptoPP@@QAE@XZ

??0?$ConcretePolicyHolder@VEmpty@CryptoPP@@V?$AdditiveCipherTemplate@V?$AbstractPolicyHolder@UAdditiveCipherAbstractPolicy@CryptoPP@@VCTR_ModePolicy@2@@CryptoPP@@@2@UAdditiveCipherAbstractPolicy@2@@CryptoPP@@QAE@ABV01@@Z

??0?$ConcretePolicyHolder@VEmpty@CryptoPP@@V?$AdditiveCipherTemplate@V?$AbstractPolicyHolder@UAdditiveCipherAbstractPolicy@CryptoPP@@VCTR_ModePolicy@2@@CryptoPP@@@2@UAdditiveCipherAbstractPolicy@2@@CryptoPP@@QAE@XZ

??0?$CustomFlushPropagation@VFilter@CryptoPP@@@CryptoPP@@QAE@XZ

??0?$CustomFlushPropagation@VSink@CryptoPP@@@CryptoPP@@QAE@ABV01@@Z

??0?$CustomFlushPropagation@VSink@CryptoPP@@@CryptoPP@@QAE@XZ

??0?$CustomSignalPropagation@VSink@CryptoPP@@@CryptoPP@@QAE@ABV01@@Z

??0?$CustomSignalPropagation@VSink@CryptoPP@@@CryptoPP@@QAE@XZ

??0?$DH_Domain@VDL_GroupParameters_GFP_DefaultSafePrime@CryptoPP@@U?$EnumToType@W4CofactorMultiplicationOption@CryptoPP@@$0A@@2@@CryptoPP@@QAE@AAVBufferedTransformation@1@@Z

??0?$DH_Domain@VDL_GroupParameters_GFP_DefaultSafePrime@CryptoPP@@U?$EnumToType@W4CofactorMultiplicationOption@CryptoPP@@$0A@@2@@CryptoPP@@QAE@ABV01@@Z

??0?$DH_Domain@VDL_GroupParameters_GFP_DefaultSafePrime@CryptoPP@@U?$EnumToType@W4CofactorMultiplicationOption@CryptoPP@@$0A@@2@@CryptoPP@@QAE@ABVDL_GroupParameters_GFP_DefaultSafePrime@1@@Z

??0?$DH_Domain@VDL_GroupParameters_GFP_DefaultSafePrime@CryptoPP@@U?$EnumToType@W4CofactorMultiplicationOption@CryptoPP@@$0A@@2@@CryptoPP@@QAE@XZ

??0?$DL_Algorithm_DSA_RFC6979@VInteger@CryptoPP@@VSHA1@2@@CryptoPP@@QAE@ABV01@@Z

??0?$DL_Algorithm_DSA_RFC6979@VInteger@CryptoPP@@VSHA1@2@@CryptoPP@@QAE@XZ

??0?$DL_Algorithm_DSA_RFC6979@VInteger@CryptoPP@@VSHA224@2@@CryptoPP@@QAE@ABV01@@Z

??0?$DL_Algorithm_DSA_RFC6979@VInteger@CryptoPP@@VSHA224@2@@CryptoPP@@QAE@XZ

??0?$DL_Algorithm_DSA_RFC6979@VInteger@CryptoPP@@VSHA256@2@@CryptoPP@@QAE@ABV01@@Z

??0?$DL_Algorithm_DSA_RFC6979@VInteger@CryptoPP@@VSHA256@2@@CryptoPP@@QAE@XZ

??0?$DL_Algorithm_DSA_RFC6979@VInteger@CryptoPP@@VSHA384@2@@CryptoPP@@QAE@ABV01@@Z

??0?$DL_Algorithm_DSA_RFC6979@VInteger@CryptoPP@@VSHA384@2@@CryptoPP@@QAE@XZ

??0?$DL_Algorithm_DSA_RFC6979@VInteger@CryptoPP@@VSHA512@2@@CryptoPP@@QAE@ABV01@@Z

??0?$DL_Algorithm_DSA_RFC6979@VInteger@CryptoPP@@VSHA512@2@@CryptoPP@@QAE@XZ

??0?$DL_Algorithm_GDSA@UEC2NPoint@CryptoPP@@@CryptoPP@@QAE@ABV01@@Z

??0?$DL_Algorithm_GDSA@UEC2NPoint@CryptoPP@@@CryptoPP@@QAE@XZ

??0?$DL_Algorithm_GDSA@UECPPoint@CryptoPP@@@CryptoPP@@QAE@ABV01@@Z

??0?$DL_Algorithm_GDSA@UECPPoint@CryptoPP@@@CryptoPP@@QAE@XZ

??0?$DL_Algorithm_GDSA@VInteger@CryptoPP@@@CryptoPP@@QAE@ABV01@@Z

??0?$DL_Algorithm_GDSA@VInteger@CryptoPP@@@CryptoPP@@QAE@XZ

??0?$DL_ElgamalLikeSignatureAlgorithm@UEC2NPoint@CryptoPP@@@CryptoPP@@QAE@ABV01@@Z

??0?$DL_ElgamalLikeSignatureAlgorithm@UEC2NPoint@CryptoPP@@@CryptoPP@@QAE@XZ

??0?$DL_ElgamalLikeSignatureAlgorithm@UECPPoint@CryptoPP@@@CryptoPP@@QAE@ABV01@@Z

??0?$DL_ElgamalLikeSignatureAlgorithm@UECPPoint@CryptoPP@@@CryptoPP@@QAE@XZ

??0?$DL_ElgamalLikeSignatureAlgorithm@VInteger@CryptoPP@@@CryptoPP@@QAE@ABV01@@Z

??0?$DL_ElgamalLikeSignatureAlgorithm@VInteger@CryptoPP@@@CryptoPP@@QAE@XZ

??0?$DL_FixedBasePrecomputation@UEC2NPoint@CryptoPP@@@CryptoPP@@QAE@ABV01@@Z

??0?$DL_FixedBasePrecomputation@UEC2NPoint@CryptoPP@@@CryptoPP@@QAE@XZ

??0?$DL_FixedBasePrecomputation@UECPPoint@CryptoPP@@@CryptoPP@@QAE@ABV01@@Z

??0?$DL_FixedBasePrecomputation@UECPPoint@CryptoPP@@@CryptoPP@@QAE@XZ

??0?$DL_FixedBasePrecomputation@VInteger@CryptoPP@@@CryptoPP@@QAE@ABV01@@Z

??0?$DL_FixedBasePrecomputation@VInteger@CryptoPP@@@CryptoPP@@QAE@XZ

??0?$DL_FixedBasePrecomputationImpl@UEC2NPoint@CryptoPP@@@CryptoPP@@QAE@ABV01@@Z

??0?$DL_FixedBasePrecomputationImpl@UEC2NPoint@CryptoPP@@@CryptoPP@@QAE@XZ

??0?$DL_FixedBasePrecomputationImpl@UECPPoint@CryptoPP@@@CryptoPP@@QAE@ABV01@@Z

??0?$DL_FixedBasePrecomputationImpl@UECPPoint@CryptoPP@@@CryptoPP@@QAE@XZ

??0?$DL_FixedBasePrecomputationImpl@VInteger@CryptoPP@@@CryptoPP@@QAE@ABV01@@Z

??0?$DL_FixedBasePrecomputationImpl@VInteger@CryptoPP@@@CryptoPP@@QAE@XZ

??0?$DL_GroupParameters@UEC2NPoint@CryptoPP@@@CryptoPP@@QAE@ABV01@@Z

??0?$DL_GroupParameters@UEC2NPoint@CryptoPP@@@CryptoPP@@QAE@XZ

??0?$DL_GroupParameters@UECPPoint@CryptoPP@@@CryptoPP@@QAE@ABV01@@Z

??0?$DL_GroupParameters@UECPPoint@CryptoPP@@@CryptoPP@@QAE@XZ

??0?$DL_GroupParameters@VInteger@CryptoPP@@@CryptoPP@@QAE@ABV01@@Z

??0?$DL_GroupParameters@VInteger@CryptoPP@@@CryptoPP@@QAE@XZ

??0?$DL_GroupParametersImpl@V?$EcPrecomputation@VEC2N@CryptoPP@@@CryptoPP@@V?$DL_FixedBasePrecomputationImpl@UEC2NPoint@CryptoPP@@@2@V?$DL_GroupParameters@UEC2NPoint@CryptoPP@@@2@@CryptoPP@@QAE@ABV01@@Z

??0?$DL_GroupParametersImpl@V?$EcPrecomputation@VEC2N@CryptoPP@@@CryptoPP@@V?$DL_FixedBasePrecomputationImpl@UEC2NPoint@CryptoPP@@@2@V?$DL_GroupParameters@UEC2NPoint@CryptoPP@@@2@@CryptoPP@@QAE@XZ

??0?$DL_GroupParametersImpl@V?$EcPrecomputation@VECP@CryptoPP@@@CryptoPP@@V?$DL_FixedBasePrecomputationImpl@UECPPoint@CryptoPP@@@2@V?$DL_GroupParameters@UECPPoint@CryptoPP@@@2@@CryptoPP@@QAE@ABV01@@Z

??0?$DL_GroupParametersImpl@V?$EcPrecomputation@VECP@CryptoPP@@@CryptoPP@@V?$DL_FixedBasePrecomputationImpl@UECPPoint@CryptoPP@@@2@V?$DL_GroupParameters@UECPPoint@CryptoPP@@@2@@CryptoPP@@QAE@XZ

??0?$DL_GroupParametersImpl@VModExpPrecomputation@CryptoPP@@V?$DL_FixedBasePrecomputationImpl@VInteger@CryptoPP@@@2@VDL_GroupParameters_IntegerBased@2@@CryptoPP@@QAE@ABV01@@Z

??0?$DL_GroupParametersImpl@VModExpPrecomputation@CryptoPP@@V?$DL_FixedBasePrecomputationImpl@VInteger@CryptoPP@@@2@VDL_GroupParameters_IntegerBased@2@@CryptoPP@@QAE@XZ

??0?$DL_GroupParameters_EC@VEC2N@CryptoPP@@@CryptoPP@@QAE@AAVBufferedTransformation@1@@Z

??0?$DL_GroupParameters_EC@VEC2N@CryptoPP@@@CryptoPP@@QAE@ABV01@@Z

??0?$DL_GroupParameters_EC@VEC2N@CryptoPP@@@CryptoPP@@QAE@ABVEC2N@1@ABUEC2NPoint@1@ABVInteger@1@2@Z

??0?$DL_GroupParameters_EC@VEC2N@CryptoPP@@@CryptoPP@@QAE@ABVOID@1@@Z

??0?$DL_GroupParameters_EC@VEC2N@CryptoPP@@@CryptoPP@@QAE@XZ

??0?$DL_GroupParameters_EC@VECP@CryptoPP@@@CryptoPP@@QAE@AAVBufferedTransformation@1@@Z

??0?$DL_GroupParameters_EC@VECP@CryptoPP@@@CryptoPP@@QAE@ABV01@@Z

??0?$DL_GroupParameters_EC@VECP@CryptoPP@@@CryptoPP@@QAE@ABVECP@1@ABUECPPoint@1@ABVInteger@1@2@Z

??0?$DL_GroupParameters_EC@VECP@CryptoPP@@@CryptoPP@@QAE@ABVOID@1@@Z

??0?$DL_GroupParameters_EC@VECP@CryptoPP@@@CryptoPP@@QAE@XZ

??0?$DL_GroupParameters_IntegerBasedImpl@VModExpPrecomputation@CryptoPP@@V?$DL_FixedBasePrecomputationImpl@VInteger@CryptoPP@@@2@@CryptoPP@@QAE@ABV01@@Z

??0?$DL_GroupParameters_IntegerBasedImpl@VModExpPrecomputation@CryptoPP@@V?$DL_FixedBasePrecomputationImpl@VInteger@CryptoPP@@@2@@CryptoPP@@QAE@XZ

??0?$DL_GroupPrecomputation@UEC2NPoint@CryptoPP@@@CryptoPP@@QAE@ABV01@@Z

??0?$DL_GroupPrecomputation@UEC2NPoint@CryptoPP@@@CryptoPP@@QAE@XZ

??0?$DL_GroupPrecomputation@UECPPoint@CryptoPP@@@CryptoPP@@QAE@ABV01@@Z

??0?$DL_GroupPrecomputation@UECPPoint@CryptoPP@@@CryptoPP@@QAE@XZ

??0?$DL_Key@UEC2NPoint@CryptoPP@@@CryptoPP@@QAE@ABV01@@Z

??0?$DL_Key@UEC2NPoint@CryptoPP@@@CryptoPP@@QAE@XZ

??0?$DL_Key@UECPPoint@CryptoPP@@@CryptoPP@@QAE@ABV01@@Z

??0?$DL_Key@UECPPoint@CryptoPP@@@CryptoPP@@QAE@XZ

??0?$DL_Key@VInteger@CryptoPP@@@CryptoPP@@QAE@ABV01@@Z

??0?$DL_Key@VInteger@CryptoPP@@@CryptoPP@@QAE@XZ

??0?$DL_KeyImpl@VPKCS8PrivateKey@CryptoPP@@V?$DL_GroupParameters_EC@VEC2N@CryptoPP@@@2@VOID@2@@CryptoPP@@QAE@ABV01@@Z

??0?$DL_KeyImpl@VPKCS8PrivateKey@CryptoPP@@V?$DL_GroupParameters_EC@VEC2N@CryptoPP@@@2@VOID@2@@CryptoPP@@QAE@XZ

??0?$DL_KeyImpl@VPKCS8PrivateKey@CryptoPP@@V?$DL_GroupParameters_EC@VECP@CryptoPP@@@2@VOID@2@@CryptoPP@@QAE@ABV01@@Z

??0?$DL_KeyImpl@VPKCS8PrivateKey@CryptoPP@@V?$DL_GroupParameters_EC@VECP@CryptoPP@@@2@VOID@2@@CryptoPP@@QAE@XZ

??0?$DL_KeyImpl@VPKCS8PrivateKey@CryptoPP@@VDL_GroupParameters_DSA@2@VOID@2@@CryptoPP@@QAE@ABV01@@Z

??0?$DL_KeyImpl@VPKCS8PrivateKey@CryptoPP@@VDL_GroupParameters_DSA@2@VOID@2@@CryptoPP@@QAE@XZ

??0?$DL_KeyImpl@VX509PublicKey@CryptoPP@@V?$DL_GroupParameters_EC@VEC2N@CryptoPP@@@2@VOID@2@@CryptoPP@@QAE@ABV01@@Z

??0?$DL_KeyImpl@VX509PublicKey@CryptoPP@@V?$DL_GroupParameters_EC@VEC2N@CryptoPP@@@2@VOID@2@@CryptoPP@@QAE@XZ

??0?$DL_KeyImpl@VX509PublicKey@CryptoPP@@V?$DL_GroupParameters_EC@VECP@CryptoPP@@@2@VOID@2@@CryptoPP@@QAE@ABV01@@Z

??0?$DL_KeyImpl@VX509PublicKey@CryptoPP@@V?$DL_GroupParameters_EC@VECP@CryptoPP@@@2@VOID@2@@CryptoPP@@QAE@XZ

??0?$DL_KeyImpl@VX509PublicKey@CryptoPP@@VDL_GroupParameters_DSA@2@VOID@2@@CryptoPP@@QAE@ABV01@@Z

??0?$DL_KeyImpl@VX509PublicKey@CryptoPP@@VDL_GroupParameters_DSA@2@VOID@2@@CryptoPP@@QAE@XZ

??0?$DL_PrivateKey@UEC2NPoint@CryptoPP@@@CryptoPP@@QAE@ABV01@@Z

??0?$DL_PrivateKey@UEC2NPoint@CryptoPP@@@CryptoPP@@QAE@XZ

??0?$DL_PrivateKey@UECPPoint@CryptoPP@@@CryptoPP@@QAE@ABV01@@Z

??0?$DL_PrivateKey@UECPPoint@CryptoPP@@@CryptoPP@@QAE@XZ

??0?$DL_PrivateKey@VInteger@CryptoPP@@@CryptoPP@@QAE@ABV01@@Z

??0?$DL_PrivateKey@VInteger@CryptoPP@@@CryptoPP@@QAE@XZ

??0?$DL_PrivateKeyImpl@V?$DL_GroupParameters_EC@VEC2N@CryptoPP@@@CryptoPP@@@CryptoPP@@QAE@ABV01@@Z

??0?$DL_PrivateKeyImpl@V?$DL_GroupParameters_EC@VEC2N@CryptoPP@@@CryptoPP@@@CryptoPP@@QAE@XZ

??0?$DL_PrivateKeyImpl@V?$DL_GroupParameters_EC@VECP@CryptoPP@@@CryptoPP@@@CryptoPP@@QAE@ABV01@@Z

??0?$DL_PrivateKeyImpl@V?$DL_GroupParameters_EC@VECP@CryptoPP@@@CryptoPP@@@CryptoPP@@QAE@XZ

??0?$DL_PrivateKeyImpl@VDL_GroupParameters_DSA@CryptoPP@@@CryptoPP@@QAE@ABV01@@Z

??0?$DL_PrivateKeyImpl@VDL_GroupParameters_DSA@CryptoPP@@@CryptoPP@@QAE@XZ

??0?$DL_PrivateKey_EC@VEC2N@CryptoPP@@@CryptoPP@@QAE@ABV01@@Z

??0?$DL_PrivateKey_EC@VEC2N@CryptoPP@@@CryptoPP@@QAE@XZ

??0?$DL_PrivateKey_EC@VECP@CryptoPP@@@CryptoPP@@QAE@ABV01@@Z

??0?$DL_PrivateKey_EC@VECP@CryptoPP@@@CryptoPP@@QAE@XZ

??0?$DL_PrivateKey_ECGDSA@VEC2N@CryptoPP@@@CryptoPP@@QAE@ABV01@@Z

??0?$DL_PrivateKey_ECGDSA@VEC2N@CryptoPP@@@CryptoPP@@QAE@XZ

??0?$DL_PrivateKey_ECGDSA@VECP@CryptoPP@@@CryptoPP@@QAE@ABV01@@Z

??0?$DL_PrivateKey_ECGDSA@VECP@CryptoPP@@@CryptoPP@@QAE@XZ

??0?$DL_PrivateKey_GFP@VDL_GroupParameters_DSA@CryptoPP@@@CryptoPP@@QAE@ABV01@@Z

??0?$DL_PrivateKey_GFP@VDL_GroupParameters_DSA@CryptoPP@@@CryptoPP@@QAE@XZ

??0?$DL_PrivateKey_WithSignaturePairwiseConsistencyTest@V?$DL_PrivateKey_EC@VEC2N@CryptoPP@@@CryptoPP@@U?$ECDSA@VEC2N@CryptoPP@@VSHA256@2@@2@@CryptoPP@@QAE@ABV01@@Z

??0?$DL_PrivateKey_WithSignaturePairwiseConsistencyTest@V?$DL_PrivateKey_EC@VEC2N@CryptoPP@@@CryptoPP@@U?$ECDSA@VEC2N@CryptoPP@@VSHA256@2@@2@@CryptoPP@@QAE@XZ

??0?$DL_PrivateKey_WithSignaturePairwiseConsistencyTest@V?$DL_PrivateKey_EC@VECP@CryptoPP@@@CryptoPP@@U?$ECDSA@VECP@CryptoPP@@VSHA256@2@@2@@CryptoPP@@QAE@ABV01@@Z

??0?$DL_PrivateKey_WithSignaturePairwiseConsistencyTest@V?$DL_PrivateKey_EC@VECP@CryptoPP@@@CryptoPP@@U?$ECDSA@VECP@CryptoPP@@VSHA256@2@@2@@CryptoPP@@QAE@XZ

??0?$DL_PrivateKey_WithSignaturePairwiseConsistencyTest@V?$DL_PrivateKey_GFP@VDL_GroupParameters_DSA@CryptoPP@@@CryptoPP@@V?$DSA2@VSHA1@CryptoPP@@@2@@CryptoPP@@QAE@ABV01@@Z

??0?$DL_PrivateKey_WithSignaturePairwiseConsistencyTest@V?$DL_PrivateKey_GFP@VDL_GroupParameters_DSA@CryptoPP@@@CryptoPP@@V?$DSA2@VSHA1@CryptoPP@@@2@@CryptoPP@@QAE@XZ

??0?$DL_PublicKey@UEC2NPoint@CryptoPP@@@CryptoPP@@QAE@ABV01@@Z

??0?$DL_PublicKey@UEC2NPoint@CryptoPP@@@CryptoPP@@QAE@XZ

??0?$DL_PublicKey@UECPPoint@CryptoPP@@@CryptoPP@@QAE@ABV01@@Z

??0?$DL_PublicKey@UECPPoint@CryptoPP@@@CryptoPP@@QAE@XZ

??0?$DL_PublicKey@VInteger@CryptoPP@@@CryptoPP@@QAE@ABV01@@Z

??0?$DL_PublicKey@VInteger@CryptoPP@@@CryptoPP@@QAE@XZ

??0?$DL_PublicKeyImpl@V?$DL_GroupParameters_EC@VEC2N@CryptoPP@@@CryptoPP@@@CryptoPP@@QAE@ABV01@@Z

??0?$DL_PublicKeyImpl@V?$DL_GroupParameters_EC@VEC2N@CryptoPP@@@CryptoPP@@@CryptoPP@@QAE@XZ

??0?$DL_PublicKeyImpl@V?$DL_GroupParameters_EC@VECP@CryptoPP@@@CryptoPP@@@CryptoPP@@QAE@ABV01@@Z

??0?$DL_PublicKeyImpl@V?$DL_GroupParameters_EC@VECP@CryptoPP@@@CryptoPP@@@CryptoPP@@QAE@XZ

??0?$DL_PublicKeyImpl@VDL_GroupParameters_DSA@CryptoPP@@@CryptoPP@@QAE@ABV01@@Z

??0?$DL_PublicKeyImpl@VDL_GroupParameters_DSA@CryptoPP@@@CryptoPP@@QAE@XZ

??0?$DL_PublicKey_EC@VEC2N@CryptoPP@@@CryptoPP@@QAE@ABV01@@Z

??0?$DL_PublicKey_EC@VEC2N@CryptoPP@@@CryptoPP@@QAE@XZ

??0?$DL_PublicKey_EC@VECP@CryptoPP@@@CryptoPP@@QAE@ABV01@@Z

??0?$DL_PublicKey_EC@VECP@CryptoPP@@@CryptoPP@@QAE@XZ

??0?$DL_PublicKey_ECGDSA@VEC2N@CryptoPP@@@CryptoPP@@QAE@ABV01@@Z

??0?$DL_PublicKey_ECGDSA@VEC2N@CryptoPP@@@CryptoPP@@QAE@XZ

??0?$DL_PublicKey_ECGDSA@VECP@CryptoPP@@@CryptoPP@@QAE@ABV01@@Z

??0?$DL_PublicKey_ECGDSA@VECP@CryptoPP@@@CryptoPP@@QAE@XZ

??0?$DL_PublicKey_GFP@VDL_GroupParameters_DSA@CryptoPP@@@CryptoPP@@QAE@ABV01@@Z

??0?$DL_PublicKey_GFP@VDL_GroupParameters_DSA@CryptoPP@@@CryptoPP@@QAE@XZ

??0?$DL_SimpleKeyAgreementDomainBase@VInteger@CryptoPP@@@CryptoPP@@QAE@ABV01@@Z

??0?$DL_SimpleKeyAgreementDomainBase@VInteger@CryptoPP@@@CryptoPP@@QAE@XZ

??0?$EMSA2HashIdLookup@VPK_DeterministicSignatureMessageEncodingMethod@CryptoPP@@@CryptoPP@@QAE@ABV01@@Z

??0?$EMSA2HashIdLookup@VPK_DeterministicSignatureMessageEncodingMethod@CryptoPP@@@CryptoPP@@QAE@XZ

??0?$EncodedPoint@UEC2NPoint@CryptoPP@@@CryptoPP@@QAE@ABV01@@Z

??0?$EncodedPoint@UEC2NPoint@CryptoPP@@@CryptoPP@@QAE@XZ

??0?$EncodedPoint@UECPPoint@CryptoPP@@@CryptoPP@@QAE@ABV01@@Z

??0?$EncodedPoint@UECPPoint@CryptoPP@@@CryptoPP@@QAE@XZ

??0?$EuclideanDomainOf@VPolynomialMod2@CryptoPP@@@CryptoPP@@QAE@$$QAV01@@Z

??0?$EuclideanDomainOf@VPolynomialMod2@CryptoPP@@@CryptoPP@@QAE@ABV01@@Z

??0?$EuclideanDomainOf@VPolynomialMod2@CryptoPP@@@CryptoPP@@QAE@XZ

??0?$InputRejecting@VBufferedTransformation@CryptoPP@@@CryptoPP@@QAE@ABV01@@Z

??0?$InputRejecting@VBufferedTransformation@CryptoPP@@@CryptoPP@@QAE@XZ

??0?$InputRejecting@VFilter@CryptoPP@@@CryptoPP@@QAE@XZ

??0?$IteratedHash@IU?$EnumToType@W4ByteOrder@CryptoPP@@$00@CryptoPP@@$0EA@VHashTransformation@2@@CryptoPP@@QAE@ABV01@@Z

??0?$IteratedHash@IU?$EnumToType@W4ByteOrder@CryptoPP@@$00@CryptoPP@@$0EA@VHashTransformation@2@@CryptoPP@@QAE@XZ

??0?$IteratedHash@_KU?$EnumToType@W4ByteOrder@CryptoPP@@$00@CryptoPP@@$0IA@VHashTransformation@2@@CryptoPP@@QAE@ABV01@@Z

??0?$IteratedHash@_KU?$EnumToType@W4ByteOrder@CryptoPP@@$00@CryptoPP@@$0IA@VHashTransformation@2@@CryptoPP@@QAE@XZ

??0?$IteratedHashBase@IVHashTransformation@CryptoPP@@@CryptoPP@@QAE@ABV01@@Z

??0?$IteratedHashBase@IVHashTransformation@CryptoPP@@@CryptoPP@@QAE@XZ

??0?$IteratedHashBase@_KVHashTransformation@CryptoPP@@@CryptoPP@@QAE@ABV01@@Z

??0?$IteratedHashBase@_KVHashTransformation@CryptoPP@@@CryptoPP@@QAE@XZ

??0?$IteratedHashWithStaticTransform@IU?$EnumToType@W4ByteOrder@CryptoPP@@$00@CryptoPP@@$0EA@$0BE@VSHA1@2@$0A@$0A@@CryptoPP@@IAE@XZ

??0?$IteratedHashWithStaticTransform@IU?$EnumToType@W4ByteOrder@CryptoPP@@$00@CryptoPP@@$0EA@$0BE@VSHA1@2@$0A@$0A@@CryptoPP@@QAE@ABV01@@Z

??0?$IteratedHashWithStaticTransform@IU?$EnumToType@W4ByteOrder@CryptoPP@@$00@CryptoPP@@$0EA@$0CA@VSHA224@2@$0BM@$00@CryptoPP@@IAE@XZ

??0?$IteratedHashWithStaticTransform@IU?$EnumToType@W4ByteOrder@CryptoPP@@$00@CryptoPP@@$0EA@$0CA@VSHA224@2@$0BM@$00@CryptoPP@@QAE@ABV01@@Z

??0?$IteratedHashWithStaticTransform@IU?$EnumToType@W4ByteOrder@CryptoPP@@$00@CryptoPP@@$0EA@$0CA@VSHA256@2@$0CA@$00@CryptoPP@@IAE@XZ

??0?$IteratedHashWithStaticTransform@IU?$EnumToType@W4ByteOrder@CryptoPP@@$00@CryptoPP@@$0EA@$0CA@VSHA256@2@$0CA@$00@CryptoPP@@QAE@ABV01@@Z

??0?$IteratedHashWithStaticTransform@_KU?$EnumToType@W4ByteOrder@CryptoPP@@$00@CryptoPP@@$0IA@$0EA@VSHA384@2@$0DA@$00@CryptoPP@@IAE@XZ

??0?$IteratedHashWithStaticTransform@_KU?$EnumToType@W4ByteOrder@CryptoPP@@$00@CryptoPP@@$0IA@$0EA@VSHA384@2@$0DA@$00@CryptoPP@@QAE@ABV01@@Z

??0?$IteratedHashWithStaticTransform@_KU?$EnumToType@W4ByteOrder@CryptoPP@@$00@CryptoPP@@$0IA@$0EA@VSHA512@2@$0EA@$00@CryptoPP@@IAE@XZ

??0?$IteratedHashWithStaticTransform@_KU?$EnumToType@W4ByteOrder@CryptoPP@@$00@CryptoPP@@$0IA@$0EA@VSHA512@2@$0EA@$00@CryptoPP@@QAE@ABV01@@Z

??0?$ModePolicyCommonTemplate@UAdditiveCipherAbstractPolicy@CryptoPP@@@CryptoPP@@QAE@ABV01@@Z

??0?$ModePolicyCommonTemplate@UAdditiveCipherAbstractPolicy@CryptoPP@@@CryptoPP@@QAE@XZ

??0?$ModePolicyCommonTemplate@VCFB_CipherAbstractPolicy@CryptoPP@@@CryptoPP@@QAE@ABV01@@Z

??0?$ModePolicyCommonTemplate@VCFB_CipherAbstractPolicy@CryptoPP@@@CryptoPP@@QAE@XZ

??0?$Multichannel@VFilter@CryptoPP@@@CryptoPP@@QAE@XZ

??0?$Multichannel@VSink@CryptoPP@@@CryptoPP@@QAE@ABV01@@Z

??0?$Multichannel@VSink@CryptoPP@@@CryptoPP@@QAE@XZ

??0?$OAEP@VSHA1@CryptoPP@@VP1363_MGF1@2@@CryptoPP@@QAE@$$QAV01@@Z

??0?$OAEP@VSHA1@CryptoPP@@VP1363_MGF1@2@@CryptoPP@@QAE@ABV01@@Z

??0?$OAEP@VSHA1@CryptoPP@@VP1363_MGF1@2@@CryptoPP@@QAE@XZ

??0?$PK_FixedLengthCryptoSystemImpl@VPK_Decryptor@CryptoPP@@@CryptoPP@@QAE@ABV01@@Z

??0?$PK_FixedLengthCryptoSystemImpl@VPK_Decryptor@CryptoPP@@@CryptoPP@@QAE@XZ

??0?$PK_FixedLengthCryptoSystemImpl@VPK_Encryptor@CryptoPP@@@CryptoPP@@QAE@ABV01@@Z

??0?$PK_FixedLengthCryptoSystemImpl@VPK_Encryptor@CryptoPP@@@CryptoPP@@QAE@XZ

??0?$QuotientRing@V?$EuclideanDomainOf@VPolynomialMod2@CryptoPP@@@CryptoPP@@@CryptoPP@@QAE@$$QAV01@@Z

??0?$QuotientRing@V?$EuclideanDomainOf@VPolynomialMod2@CryptoPP@@@CryptoPP@@@CryptoPP@@QAE@ABV01@@Z

??0?$QuotientRing@V?$EuclideanDomainOf@VPolynomialMod2@CryptoPP@@@CryptoPP@@@CryptoPP@@QAE@ABV?$EuclideanDomainOf@VPolynomialMod2@CryptoPP@@@1@ABVPolynomialMod2@1@@Z

??0?$SimpleKeyingInterfaceImpl@V?$TwoBases@VBlockCipher@CryptoPP@@UDES_EDE2_Info@2@@CryptoPP@@V12@@CryptoPP@@QAE@ABV01@@Z

??0?$SimpleKeyingInterfaceImpl@V?$TwoBases@VBlockCipher@CryptoPP@@UDES_EDE2_Info@2@@CryptoPP@@V12@@CryptoPP@@QAE@XZ

??0?$SimpleKeyingInterfaceImpl@V?$TwoBases@VBlockCipher@CryptoPP@@UDES_EDE3_Info@2@@CryptoPP@@V12@@CryptoPP@@QAE@ABV01@@Z

??0?$SimpleKeyingInterfaceImpl@V?$TwoBases@VBlockCipher@CryptoPP@@UDES_EDE3_Info@2@@CryptoPP@@V12@@CryptoPP@@QAE@XZ

??0?$SimpleKeyingInterfaceImpl@V?$TwoBases@VBlockCipher@CryptoPP@@URijndael_Info@2@@CryptoPP@@V12@@CryptoPP@@QAE@ABV01@@Z

??0?$SimpleKeyingInterfaceImpl@V?$TwoBases@VBlockCipher@CryptoPP@@URijndael_Info@2@@CryptoPP@@V12@@CryptoPP@@QAE@XZ

??0?$SimpleKeyingInterfaceImpl@V?$TwoBases@VBlockCipher@CryptoPP@@USKIPJACK_Info@2@@CryptoPP@@V12@@CryptoPP@@QAE@ABV01@@Z

??0?$SimpleKeyingInterfaceImpl@V?$TwoBases@VBlockCipher@CryptoPP@@USKIPJACK_Info@2@@CryptoPP@@V12@@CryptoPP@@QAE@XZ

??0?$SourceTemplate@VFileStore@CryptoPP@@@CryptoPP@@QAE@PAVBufferedTransformation@1@@Z

??0?$SourceTemplate@VRandomNumberStore@CryptoPP@@@CryptoPP@@QAE@PAVBufferedTransformation@1@@Z

??0?$SourceTemplate@VStringStore@CryptoPP@@@CryptoPP@@QAE@PAVBufferedTransformation@1@@Z

??0?$StringSinkTemplate@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@CryptoPP@@QAE@AAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z

??0?$StringSinkTemplate@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@CryptoPP@@QAE@ABV01@@Z

??0?$StringSinkTemplate@V?$vector@EV?$allocator@E@std@@@std@@@CryptoPP@@QAE@AAV?$vector@EV?$allocator@E@std@@@std@@@Z

??0?$StringSinkTemplate@V?$vector@EV?$allocator@E@std@@@std@@@CryptoPP@@QAE@ABV01@@Z

??0?$TF_Base@VRandomizedTrapdoorFunction@CryptoPP@@VPK_EncryptionMessageEncodingMethod@2@@CryptoPP@@QAE@ABV01@@Z

??0?$TF_Base@VRandomizedTrapdoorFunction@CryptoPP@@VPK_EncryptionMessageEncodingMethod@2@@CryptoPP@@QAE@XZ

??0?$TF_Base@VRandomizedTrapdoorFunctionInverse@CryptoPP@@VPK_SignatureMessageEncodingMethod@2@@CryptoPP@@QAE@ABV01@@Z

??0?$TF_Base@VRandomizedTrapdoorFunctionInverse@CryptoPP@@VPK_SignatureMessageEncodingMethod@2@@CryptoPP@@QAE@XZ

??0?$TF_Base@VTrapdoorFunction@CryptoPP@@VPK_SignatureMessageEncodingMethod@2@@CryptoPP@@QAE@ABV01@@Z

??0?$TF_Base@VTrapdoorFunction@CryptoPP@@VPK_SignatureMessageEncodingMethod@2@@CryptoPP@@QAE@XZ

??0?$TF_Base@VTrapdoorFunctionInverse@CryptoPP@@VPK_EncryptionMessageEncodingMethod@2@@CryptoPP@@QAE@ABV01@@Z

??0?$TF_Base@VTrapdoorFunctionInverse@CryptoPP@@VPK_EncryptionMessageEncodingMethod@2@@CryptoPP@@QAE@XZ

??0?$TF_CryptoSystemBase@VPK_Decryptor@CryptoPP@@V?$TF_Base@VTrapdoorFunctionInverse@CryptoPP@@VPK_EncryptionMessageEncodingMethod@2@@2@@CryptoPP@@QAE@ABV01@@Z

??0?$TF_CryptoSystemBase@VPK_Decryptor@CryptoPP@@V?$TF_Base@VTrapdoorFunctionInverse@CryptoPP@@VPK_EncryptionMessageEncodingMethod@2@@2@@CryptoPP@@QAE@XZ

??0?$TF_CryptoSystemBase@VPK_Encryptor@CryptoPP@@V?$TF_Base@VRandomizedTrapdoorFunction@CryptoPP@@VPK_EncryptionMessageEncodingMethod@2@@2@@CryptoPP@@QAE@ABV01@@Z

??0?$TF_CryptoSystemBase@VPK_Encryptor@CryptoPP@@V?$TF_Base@VRandomizedTrapdoorFunction@CryptoPP@@VPK_EncryptionMessageEncodingMethod@2@@2@@CryptoPP@@QAE@XZ

??0?$TF_SignatureSchemeBase@VPK_Signer@CryptoPP@@V?$TF_Base@VRandomizedTrapdoorFunctionInverse@CryptoPP@@VPK_SignatureMessageEncodingMethod@2@@2@@CryptoPP@@QAE@ABV01@@Z

??0?$TF_SignatureSchemeBase@VPK_Signer@CryptoPP@@V?$TF_Base@VRandomizedTrapdoorFunctionInverse@CryptoPP@@VPK_SignatureMessageEncodingMethod@2@@2@@CryptoPP@@QAE@XZ

??0?$TF_SignatureSchemeBase@VPK_Verifier@CryptoPP@@V?$TF_Base@VTrapdoorFunction@CryptoPP@@VPK_SignatureMessageEncodingMethod@2@@2@@CryptoPP@@QAE@ABV01@@Z

??0?$TF_SignatureSchemeBase@VPK_Verifier@CryptoPP@@V?$TF_Base@VTrapdoorFunction@CryptoPP@@VPK_SignatureMessageEncodingMethod@2@@2@@CryptoPP@@QAE@XZ

??0?$TwoBases@VBlockCipher@CryptoPP@@UDES_EDE2_Info@2@@CryptoPP@@QAE@ABV01@@Z

??0?$TwoBases@VBlockCipher@CryptoPP@@UDES_EDE2_Info@2@@CryptoPP@@QAE@XZ

??0?$TwoBases@VBlockCipher@CryptoPP@@UDES_EDE3_Info@2@@CryptoPP@@QAE@ABV01@@Z

??0?$TwoBases@VBlockCipher@CryptoPP@@UDES_EDE3_Info@2@@CryptoPP@@QAE@XZ

??0?$TwoBases@VBlockCipher@CryptoPP@@URijndael_Info@2@@CryptoPP@@QAE@ABV01@@Z

??0?$TwoBases@VBlockCipher@CryptoPP@@URijndael_Info@2@@CryptoPP@@QAE@XZ

??0?$TwoBases@VBlockCipher@CryptoPP@@USKIPJACK_Info@2@@CryptoPP@@QAE@ABV01@@Z

??0?$TwoBases@VBlockCipher@CryptoPP@@USKIPJACK_Info@2@@CryptoPP@@QAE@XZ

??0?$Unflushable@V?$Multichannel@VFilter@CryptoPP@@@CryptoPP@@@CryptoPP@@QAE@XZ

??0?$Unflushable@VFilter@CryptoPP@@@CryptoPP@@QAE@XZ

??0ASN1Object@CryptoPP@@QAE@ABV01@@Z

??0ASN1Object@CryptoPP@@QAE@XZ

??0AdditiveCipherAbstractPolicy@CryptoPP@@QAE@ABU01@@Z

??0AdditiveCipherAbstractPolicy@CryptoPP@@QAE@XZ

??0Algorithm@CryptoPP@@QAE@ABV01@@Z

??0Algorithm@CryptoPP@@QAE@_N@Z

??0AlgorithmParameters@CryptoPP@@QAE@ABV01@@Z

??0AlgorithmParameters@CryptoPP@@QAE@XZ

??0AlgorithmParametersBase@CryptoPP@@QAE@ABV01@@Z

??0AlgorithmParametersBase@CryptoPP@@QAE@PBD_N@Z

??0ArraySink@CryptoPP@@QAE@ABV01@@Z

??0ArraySink@CryptoPP@@QAE@ABVNameValuePairs@1@@Z

??0ArraySink@CryptoPP@@QAE@PAEI@Z

??0ArrayXorSink@CryptoPP@@QAE@ABV01@@Z

??0ArrayXorSink@CryptoPP@@QAE@PAEI@Z

??0AsymmetricAlgorithm@CryptoPP@@QAE@ABV01@@Z

??0AsymmetricAlgorithm@CryptoPP@@QAE@XZ

??0AuthenticatedDecryptionFilter@CryptoPP@@QAE@AAVAuthenticatedSymmetricCipher@1@PAVBufferedTransformation@1@IHW4BlockPaddingScheme@BlockPaddingSchemeDef@1@@Z

??0AuthenticatedEncryptionFilter@CryptoPP@@QAE@AAVAuthenticatedSymmetricCipher@1@PAVBufferedTransformation@1@_NHABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@W4BlockPaddingScheme@BlockPaddingSchemeDef@1@@Z

??0AuthenticatedKeyAgreementDomain@CryptoPP@@QAE@ABV01@@Z

??0AuthenticatedKeyAgreementDomain@CryptoPP@@QAE@XZ

??0AuthenticatedSymmetricCipher@CryptoPP@@QAE@ABV01@@Z

??0AuthenticatedSymmetricCipher@CryptoPP@@QAE@XZ

??0AuthenticatedSymmetricCipherBase@CryptoPP@@QAE@$$QAV01@@Z

??0AuthenticatedSymmetricCipherBase@CryptoPP@@QAE@ABV01@@Z

??0AuthenticatedSymmetricCipherBase@CryptoPP@@QAE@XZ

??0AutoSeededRandomPool@CryptoPP@@QAE@_NI@Z

??0BERDecodeErr@CryptoPP@@QAE@$$QAV01@@Z

??0BERDecodeErr@CryptoPP@@QAE@ABV01@@Z

??0BERDecodeErr@CryptoPP@@QAE@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z

??0BERDecodeErr@CryptoPP@@QAE@XZ

??0BERGeneralDecoder@CryptoPP@@QAE@AAV01@E@Z

??0BERGeneralDecoder@CryptoPP@@QAE@AAVBufferedTransformation@1@E@Z

??0BERGeneralDecoder@CryptoPP@@QAE@ABV01@@Z

??0BERSequenceDecoder@CryptoPP@@QAE@AAV01@E@Z

??0BERSequenceDecoder@CryptoPP@@QAE@AAVBufferedTransformation@1@E@Z

??0BERSetDecoder@CryptoPP@@QAE@AAV01@E@Z

??0BERSetDecoder@CryptoPP@@QAE@AAVBufferedTransformation@1@E@Z

??0Base@DES_EDE2@CryptoPP@@QAE@$$QAV012@@Z

??0Base@DES_EDE2@CryptoPP@@QAE@ABV012@@Z

??0Base@DES_EDE2@CryptoPP@@QAE@XZ

??0Base@DES_EDE3@CryptoPP@@QAE@$$QAV012@@Z

??0Base@DES_EDE3@CryptoPP@@QAE@ABV012@@Z

??0Base@DES_EDE3@CryptoPP@@QAE@XZ

??0Base@Rijndael@CryptoPP@@QAE@$$QAV012@@Z

??0Base@Rijndael@CryptoPP@@QAE@ABV012@@Z

??0Base@Rijndael@CryptoPP@@QAE@XZ

??0Base@SKIPJACK@CryptoPP@@QAE@$$QAV012@@Z

??0Base@SKIPJACK@CryptoPP@@QAE@ABV012@@Z

??0Base@SKIPJACK@CryptoPP@@QAE@XZ

??0BaseN_Decoder@CryptoPP@@QAE@PAVBufferedTransformation@1@@Z

??0BaseN_Decoder@CryptoPP@@QAE@PBHHPAVBufferedTransformation@1@@Z

??0BaseN_Encoder@CryptoPP@@QAE@PAVBufferedTransformation@1@@Z

??0BaseN_Encoder@CryptoPP@@QAE@PBEHPAVBufferedTransformation@1@H@Z

??0BitBucket@CryptoPP@@QAE@$$QAV01@@Z

??0BitBucket@CryptoPP@@QAE@ABV01@@Z

??0BitBucket@CryptoPP@@QAE@XZ

??0BlockCipher@CryptoPP@@QAE@$$QAV01@@Z

??0BlockCipher@CryptoPP@@QAE@ABV01@@Z

??0BlockCipher@CryptoPP@@QAE@XZ

??0BlockOrientedCipherModeBase@CryptoPP@@QAE@ABV01@@Z

??0BlockOrientedCipherModeBase@CryptoPP@@QAE@XZ

??0BlockTransformation@CryptoPP@@QAE@ABV01@@Z

??0BlockTransformation@CryptoPP@@QAE@XZ

??0BufferedTransformation@CryptoPP@@QAE@ABV01@@Z

??0BufferedTransformation@CryptoPP@@QAE@XZ

??0ByteQueue@CryptoPP@@QAE@ABV01@@Z

??0ByteQueue@CryptoPP@@QAE@I@Z

??0CBC_CTS_Decryption@CryptoPP@@QAE@$$QAV01@@Z

??0CBC_CTS_Decryption@CryptoPP@@QAE@ABV01@@Z

??0CBC_CTS_Decryption@CryptoPP@@QAE@XZ

??0CBC_CTS_Encryption@CryptoPP@@QAE@$$QAV01@@Z

??0CBC_CTS_Encryption@CryptoPP@@QAE@ABV01@@Z

??0CBC_CTS_Encryption@CryptoPP@@QAE@XZ

??0CBC_Decryption@CryptoPP@@QAE@ABV01@@Z

??0CBC_Decryption@CryptoPP@@QAE@XZ

??0CBC_Encryption@CryptoPP@@QAE@$$QAV01@@Z

??0CBC_Encryption@CryptoPP@@QAE@ABV01@@Z

??0CBC_Encryption@CryptoPP@@QAE@XZ

??0CBC_MAC_Base@CryptoPP@@QAE@$$QAV01@@Z

??0CBC_MAC_Base@CryptoPP@@QAE@ABV01@@Z

??0CBC_MAC_Base@CryptoPP@@QAE@XZ

??0CBC_ModeBase@CryptoPP@@QAE@$$QAV01@@Z

??0CBC_ModeBase@CryptoPP@@QAE@ABV01@@Z

??0CBC_ModeBase@CryptoPP@@QAE@XZ

??0CCM_Base@CryptoPP@@QAE@$$QAV01@@Z

??0CCM_Base@CryptoPP@@QAE@ABV01@@Z

??0CCM_Base@CryptoPP@@QAE@XZ

??0CFB_CipherAbstractPolicy@CryptoPP@@QAE@ABV01@@Z

??0CFB_CipherAbstractPolicy@CryptoPP@@QAE@XZ

??0CFB_ModePolicy@CryptoPP@@QAE@ABV01@@Z

??0CFB_ModePolicy@CryptoPP@@QAE@XZ

??0CMAC_Base@CryptoPP@@QAE@ABV01@@Z

??0CMAC_Base@CryptoPP@@QAE@XZ

??0CTR_ModePolicy@CryptoPP@@QAE@ABV01@@Z

??0CTR_ModePolicy@CryptoPP@@QAE@XZ

??0CannotFlush@CryptoPP@@QAE@$$QAV01@@Z

??0CannotFlush@CryptoPP@@QAE@ABV01@@Z

??0CannotFlush@CryptoPP@@QAE@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z

??0ChannelSwitch@CryptoPP@@QAE@$$QAV01@@Z

??0ChannelSwitch@CryptoPP@@QAE@AAVBufferedTransformation@1@@Z

??0ChannelSwitch@CryptoPP@@QAE@AAVBufferedTransformation@1@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z

??0ChannelSwitch@CryptoPP@@QAE@ABV01@@Z

??0ChannelSwitch@CryptoPP@@QAE@XZ

??0CipherModeBase@CryptoPP@@IAE@XZ

??0CipherModeBase@CryptoPP@@QAE@ABV01@@Z

??0Clonable@CryptoPP@@QAE@ABV01@@Z

??0Clonable@CryptoPP@@QAE@XZ

??0CombinedNameValuePairs@CryptoPP@@QAE@$$QAV01@@Z

??0CombinedNameValuePairs@CryptoPP@@QAE@ABV01@@Z

??0CombinedNameValuePairs@CryptoPP@@QAE@ABVNameValuePairs@1@0@Z

??0CryptoMaterial@CryptoPP@@QAE@ABV01@@Z

??0CryptoMaterial@CryptoPP@@QAE@XZ

??0CryptoParameters@CryptoPP@@QAE@$$QAV01@@Z

??0CryptoParameters@CryptoPP@@QAE@ABV01@@Z

??0CryptoParameters@CryptoPP@@QAE@XZ

??0DERGeneralEncoder@CryptoPP@@QAE@AAV01@E@Z

??0DERGeneralEncoder@CryptoPP@@QAE@AAVBufferedTransformation@1@E@Z

Sections

.text
Size: 19.3MB - Virtual size: 19.3MB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

.rdata
Size: 5.4MB - Virtual size: 5.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.data
Size: 1.7MB - Virtual size: 3.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.didat
Size: 1024B - Virtual size: 516B

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.rsrc
Size: 9.7MB - Virtual size: 9.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.reloc
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_DISCARDABLE

IMAGE_SCN_MEM_READ

CCleaner64.exe

.exe windows:6 windows x64 arch:x64

d86693ce643afb92041ce5b57cca682d

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

05:75:e1:f7:ec:9b:d8:a6:7a:3f:61:89:c6:3e:97:bb
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

16/09/2022, 00:00

Not After

17/09/2025, 23:59

Subject

CN=PIRIFORM SOFTWARE LIMITED,O=PIRIFORM SOFTWARE LIMITED,L=London,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

f8:fd:71:d5:5c:46:68:52:38:3a:c9:ab:f6:8a:d4:e4:1a:cf:91:fa:3d:1d:5a:6b:34:5e:96:e2:6f:3e:17:3c
Signer

Actual PE Digest

f8:fd:71:d5:5c:46:68:52:38:3a:c9:ab:f6:8a:d4:e4:1a:cf:91:fa:3d:1d:5a:6b:34:5e:96:e2:6f:3e:17:3c

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

IMAGE_DLLCHARACTERISTICS_GUARD_CF

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\BUILD\work\1878ef5ed829e50b\bin\CCleaner\Release Static\x64\CCleaner64.pdb

Imports

rpcrt4

RpcAsyncCompleteCall

RpcBindingToStringBindingW

RpcEpUnregister

RpcEpRegisterW

RpcServerUseProtseqEpW

RpcObjectSetType

RpcServerRegisterIf2

RpcServerUnregisterIfEx

RpcImpersonateClient

RpcRevertToSelf

I_RpcBindingInqLocalClientPID

RpcAsyncInitializeHandle

NdrClientCall3

RpcMgmtEpEltInqNextW

Ndr64AsyncClientCall

RpcIfInqId

RpcMgmtEpEltInqDone

RpcBindingFree

RpcBindingFromStringBindingW

RpcStringBindingComposeW

NdrAsyncServerCall

Ndr64AsyncServerCallAll

UuidCreate

NdrServerCallAll

RpcStringBindingParseW

RpcAsyncCancelCall

UuidFromStringA

UuidFromStringW

RpcStringFreeW

UuidToStringW

RpcStringFreeA

UuidToStringA

RpcMgmtEpEltInqBegin

NdrServerCall2

comctl32

ImageList_Replace

ImageList_DrawEx

ImageList_Destroy

ImageList_Draw

ImageList_GetIconSize

ImageList_Duplicate

ImageList_SetIconSize

ImageList_GetIcon

InitCommonControlsEx

ImageList_ReplaceIcon

ImageList_GetImageCount

ImageList_LoadImageW

ImageList_Create

ImageList_Remove

ImageList_Add

ws2_32

freeaddrinfo

getaddrinfo

WSASend

WSARecv

WSAGetOverlappedResult

sendto

WSADuplicateSocketW

InetNtopW

recvfrom

WSAAddressToStringW

GetAddrInfoW

__WSAFDIsSet

WSAStartup

ntohl

WSAWaitForMultipleEvents

WSAResetEvent

WSAEventSelect

WSAEnumNetworkEvents

WSACreateEvent

FreeAddrInfoW

shutdown

socket

setsockopt

listen

connect

closesocket

bind

accept

send

recv

WSASetLastError

getservbyname

inet_ntoa

htons

htonl

WSAGetLastError

WSACleanup

gethostbyname

select

ntohs

getsockopt

getsockname

ioctlsocket

WSARecvFrom

WSACloseEvent

gethostname

WSASocketW

WSAIoctl

advapi32

CryptEnumProvidersW

RegQueryValueExA

DeregisterEventSource

RegisterEventSourceW

RegOpenKeyExA

RegEnumKeyExA

ReportEventW

SystemFunction036

EventUnregister

EventRegister

EventWriteTransfer

CryptAcquireContextA

SetSecurityDescriptorDacl

InitializeSecurityDescriptor

AddAce

InitializeAcl

TreeSetNamedSecurityInfoW

CryptReleaseContext

CryptDestroyKey

RegCloseKey

RegOpenKeyExW

RegGetValueW

RegSetValueExW

RegDeleteValueW

RegQueryValueExW

RegCreateKeyExW

RegDeleteKeyW

RegQueryInfoKeyW

RegEnumKeyExW

OpenSCManagerW

OpenServiceW

QueryServiceStatusEx

StartServiceW

CloseServiceHandle

ControlService

EnumDependentServicesW

CreateServiceW

ChangeServiceConfig2W

DeleteService

ChangeServiceConfigW

OpenProcessToken

GetTokenInformation

RegEnumValueW

OpenThreadToken

AllocateAndInitializeSid

EqualSid

FreeSid

ConvertSidToStringSidW

QueryServiceStatus

LookupPrivilegeValueW

AdjustTokenPrivileges

SetNamedSecurityInfoW

IsValidSid

GetSidIdentifierAuthority

GetSidSubAuthorityCount

GetSidSubAuthority

LookupAccountSidW

GetLengthSid

CopySid

LookupAccountNameW

GetUserNameW

LsaOpenPolicy

LsaQueryInformationPolicy

LsaFreeMemory

LsaClose

GetFileSecurityW

DuplicateToken

MapGenericMask

AccessCheck

RegNotifyChangeKeyValue

EnumServicesStatusExW

QueryServiceConfigW

QueryServiceConfig2W

RegLoadKeyW

RegUnLoadKeyW

LookupPrivilegeNameW

OpenEventLogW

ClearEventLogW

CloseEventLog

CryptAcquireContextW

CryptCreateHash

CryptHashData

CryptGetHashParam

GetSecurityDescriptorControl

CryptSetHashParam

CryptGetProvParam

CryptGetUserKey

CryptExportKey

CryptDecrypt

CryptDestroyHash

CryptSignHashW

CryptGenRandom

CheckTokenMembership

DuplicateTokenEx

CreateProcessAsUserW

RevertToSelf

RegDeleteTreeW

RegQueryMultipleValuesW

RegEnumKeyW

RegDeleteKeyExW

SetThreadToken

ImpersonateSelf

ConvertStringSecurityDescriptorToSecurityDescriptorW

GetSecurityDescriptorOwner

GetSecurityDescriptorDacl

GetSecurityDescriptorGroup

shlwapi

PathGetDriveNumberW

PathRemoveBackslashW

PathSkipRootW

PathStripToRootW

PathRemoveExtensionW

PathAddExtensionW

PathFindExtensionW

PathFindFileNameW

PathCombineW

PathAddBackslashW

PathIsURLW

PathCreateFromUrlW

PathIsDirectoryW

PathFileExistsW

PathMatchSpecW

PathCompactPathW

PathCanonicalizeW

PathStripPathW

PathRemoveFileSpecW

AssocQueryStringW

PathAppendW

PathUnquoteSpacesW

PathIsDirectoryEmptyW

PathRemoveArgsW

StrRetToStrW

ord487

PathIsRelativeW

PathIsUNCW

StrCpyW

PathStripPathA

userenv

CreateEnvironmentBlock

DestroyEnvironmentBlock

ExpandEnvironmentStringsForUserW

kernel32

GetNumberFormatW

GetDateFormatW

GetTimeFormatW

GetVersionExA

GetSystemInfo

GlobalMemoryStatusEx

CopyFileW

InitializeCriticalSection

ResumeThread

GetNativeSystemInfo

CreateFileMappingW

MapViewOfFile

UnmapViewOfFile

GetFileInformationByHandle

GetCurrentThread

GetLocalTime

MoveFileW

lstrcmpA

FlushFileBuffers

DeviceIoControl

GetDiskFreeSpaceW

GetVolumeInformationW

SetFilePointerEx

SetEndOfFile

GetTempPathW

GetTempFileNameW

GetUserDefaultLCID

GetPrivateProfileIntW

GetFileAttributesExW

GetSystemDefaultUILanguage

GetSystemDefaultLCID

GetComputerNameW

WTSGetActiveConsoleSessionId

GetLogicalDriveStringsW

GetDriveTypeW

GetStdHandle

SetFileAttributesW

RemoveDirectoryW

K32GetProcessImageFileNameW

QueryDosDeviceW

SetConsoleTextAttribute

FindFirstFileExW

LocalAlloc

LocalLock

LocalUnlock

SetFileTime

GetCompressedFileSizeW

BackupRead

BackupSeek

GetFullPathNameW

WritePrivateProfileStringW

lstrcpyW

ExpandEnvironmentStringsW

GetEnvironmentVariableW

LoadLibraryA

Module32FirstW

GetShortPathNameW

FileTimeToLocalFileTime

GetPrivateProfileSectionW

GetPrivateProfileSectionNamesW

GetUserDefaultLangID

IsBadStringPtrW

SetThreadPriority

CreateIoCompletionPort

GetQueuedCompletionStatus

GetExitCodeProcess

CreateJobObjectW

AssignProcessToJobObject

TerminateJobObject

SetInformationJobObject

MoveFileExW

GetTimeZoneInformation

GetSystemTime

GetSystemTimeAsFileTime

GetBinaryTypeA

GetBinaryTypeW

GetModuleFileNameA

GetFileSizeEx

ReleaseSemaphore

GetModuleHandleA

QueueUserWorkItem

FlushViewOfFile

CreateFileMappingA

CreateSemaphoreW

GetTickCount

SetProcessWorkingSetSize

InitializeCriticalSectionAndSpinCount

GetModuleHandleExW

UnregisterWaitEx

ProcessIdToSessionId

LockFileEx

UnlockFileEx

LCIDToLocaleName

SetNamedPipeHandleState

WaitNamedPipeW

CancelIo

GetLocaleInfoW

WaitForMultipleObjectsEx

ReadFileEx

WriteFileEx

VirtualProtect

VirtualQuery

LoadLibraryExA

CreateDirectoryW

FlsSetValue

FlsGetValue

FlsAlloc

SetStdHandle

FreeLibraryAndExitThread

ExitThread

RtlUnwind

RtlUnwindEx

GetStringTypeExW

UnhandledExceptionFilter

RtlCaptureContext

CompareStringEx

LCMapStringEx

InitOnceComplete

InitOnceBeginInitialize

IsProcessorFeaturePresent

GetWindowsDirectoryW

SubmitThreadpoolWork

CreateThreadpoolWork

FreeLibraryWhenCallbackReturns

RtlPcToFileHeader

GetFileInformationByHandleEx

GetStringTypeW

SleepConditionVariableSRW

WakeAllConditionVariable

WakeConditionVariable

TryAcquireSRWLockExclusive

InterlockedPushEntrySList

InterlockedPopEntrySList

InitializeSListHead

EncodePointer

HeapCompact

DeleteFileA

GetFileAttributesA

GetDiskFreeSpaceA

HeapValidate

GetFullPathNameA

LockFile

AreFileApisANSI

GetThreadSelectorEntry

VirtualProtectEx

GetThreadContext

LCMapStringW

SetConsoleCtrlHandler

WriteConsoleInputW

SetConsoleCursorPosition

GetConsoleScreenBufferInfo

SetConsoleCursorInfo

GetConsoleCursorInfo

FillConsoleOutputAttribute

FillConsoleOutputCharacterW

ReadConsoleInputW

GetNumberOfConsoleInputEvents

LocalSize

ExitProcess

CreateNamedPipeA

SwitchToThread

GetNamedPipeHandleStateW

CreateNamedPipeW

ConnectNamedPipe

UnregisterWait

AllocConsole

GlobalSize

GetTempFileNameA

GetTempPathA

GetCurrencyFormatW

CompareStringA

CreateWaitableTimerW

QueueUserAPC

SetWaitableTimer

CreateHardLinkW

WaitForThreadpoolWaitCallbacks

CloseThreadpoolWait

CreateThreadpoolWait

SetThreadpoolWait

ReadDirectoryChangesW

GetOverlappedResult

CancelIoEx

PostQueuedCompletionStatus

GetQueuedCompletionStatusEx

GetExitCodeThread

SuspendThread

HeapCreate

TryEnterCriticalSection

GetFileTime

ExpandEnvironmentStringsA

CreateFileA

UnlockFile

InitOnceExecuteOnce

WerUnregisterMemoryBlock

WerRegisterMemoryBlock

GetGeoInfoW

GetUserGeoID

GetComputerNameExA

GetSystemWindowsDirectoryW

GetVersionExW

TerminateThread

SleepEx

GetEnvironmentVariableA

MoveFileExA

GetConsoleOutputCP

GetCPInfo

GetLocaleInfoEx

GetProcessAffinityMask

RegisterWaitForSingleObject

QueryThreadCycleTime

OutputDebugStringA

K32GetMappedFileNameW

FindVolumeClose

GetVolumePathNamesForVolumeNameW

FindNextVolumeW

FindFirstVolumeW

GetVersion

GetVolumeNameForVolumeMountPointW

GetVolumePathNameW

GetProcessHandleCount

GetThreadTimes

K32EnumProcesses

OpenThread

QueryFullProcessImageNameW

DuplicateHandle

RemoveVectoredExceptionHandler

AddVectoredExceptionHandler

SetUnhandledExceptionFilter

CreateThread

SetEnvironmentVariableW

GetProcessId

GetThreadPriority

GetLogicalDrives

SetFileInformationByHandle

K32GetProcessMemoryInfo

GetPriorityClass

SetHandleInformation

GetThreadId

DeleteProcThreadAttributeList

GetSystemTimes

DebugBreak

IsDebuggerPresent

FlushInstructionCache

CheckRemoteDebuggerPresent

ReadProcessMemory

OutputDebugStringW

UpdateProcThreadAttribute

InitializeProcThreadAttributeList

WriteConsoleW

ReadConsoleW

ReadConsoleA

SetConsoleMode

GetConsoleMode

GetProcessTimes

GetCurrentProcess

GetLongPathNameW

SystemTimeToTzSpecificLocalTime

SetFilePointer

GetFileSize

ReleaseMutex

GetPrivateProfileStringW

LocalFree

FormatMessageW

SetCurrentDirectoryW

GetCurrentDirectoryW

QueryPerformanceCounter

QueryPerformanceFrequency

DecodePointer

GetCommandLineW

GetStartupInfoW

GetSystemDirectoryW

SetErrorMode

LoadLibraryExW

PeekNamedPipe

CreatePipe

GetFileAttributesW

CreateMutexW

CreateProcessW

WaitForMultipleObjects

ReadFile

DeleteFileW

lstrcmpiW

CompareStringW

VerSetConditionMask

VerifyVersionInfoW

lstrlenW

lstrcmpW

MulDiv

GlobalHandle

GetDiskFreeSpaceExW

GetCurrentProcessId

WriteFile

FreeLibrary

GetTickCount64

CreateFileW

Process32NextW

Process32FirstW

CreateToolhelp32Snapshot

OpenProcess

Sleep

TerminateProcess

TzSpecificLocalTimeToSystemTime

SystemTimeToFileTime

CompareFileTime

FileTimeToSystemTime

GetModuleFileNameW

SetLastError

RaiseException

FreeResource

GetACP

VirtualFree

VirtualAlloc

GetFileType

FormatMessageA

GetSystemDirectoryA

TlsFree

TlsSetValue

TlsGetValue

TlsAlloc

AcquireSRWLockShared

AcquireSRWLockExclusive

ReleaseSRWLockShared

ReleaseSRWLockExclusive

InitializeSRWLock

GlobalAlloc

GlobalLock

GlobalUnlock

GlobalFree

InitializeCriticalSectionEx

WaitForSingleObject

SetEvent

ResetEvent

CreateEventW

CloseHandle

DeleteCriticalSection

LeaveCriticalSection

EnterCriticalSection

SetDllDirectoryW

LoadLibraryW

FindNextFileW

FindFirstFileW

FindClose

GetCurrentThreadId

GetModuleHandleW

GetProcAddress

MultiByteToWideChar

WideCharToMultiByte

GetLastError

GetProcessHeap

HeapAlloc

HeapFree

HeapReAlloc

HeapSize

HeapDestroy

FindResourceExW

FindResourceW

LoadResource

LockResource

SizeofResource

FlsFree

IsValidLocale

EnumSystemLocalesW

IsValidCodePage

GetOEMCP

GetCommandLineA

GetEnvironmentStringsW

FreeEnvironmentStringsW

WaitForSingleObjectEx

CloseThreadpoolWork

user32

AnimateWindow

GetDoubleClickTime

EnumThreadWindows

SetClassLongW

GetClassLongW

IsRectEmpty

GetUpdateRect

CallMsgFilterW

EndDeferWindowPos

DeferWindowPos

BeginDeferWindowPos

GetMessageExtraInfo

GetMessageTime

MessageBoxA

EnumDisplayMonitors

EnumDisplayDevicesW

LoadCursorFromFileA

AllowSetForegroundWindow

GetGUIThreadInfo

SendMessageCallbackW

IsHungAppWindow

GetUserObjectInformationW

GetProcessWindowStation

SetActiveWindow

GetKeyboardLayout

CreateCaret

DestroyCaret

SetCaretPos

GetClipboardSequenceNumber

GetClipboardData

CloseClipboard

SetRectEmpty

SetScrollInfo

ScrollWindowEx

GetCursorPos

GetCapture

DrawIconEx

CreateIconIndirect

GetScrollInfo

SetScrollPos

PostMessageW

ReleaseDC

GetDC

LoadImageW

DefWindowProcW

FillRect

GetWindowRect

GetWindowLongW

LoadCursorW

InvalidateRect

CallWindowProcW

CheckDlgButton

IsDlgButtonChecked

GetClassLongPtrW

OpenIcon

FindWindowW

EnumWindows

GetWindowThreadProcessId

SendMessageW

SetWindowLongPtrW

GetWindowLongPtrW

UnregisterClassW

IsWindow

DestroyWindow

ShowWindow

GetClientRect

MoveWindow

UpdateWindow

GetSysColor

GetDlgCtrlID

IsWindowEnabled

GetParent

SetWindowPos

SetWindowLongW

ScreenToClient

ChildWindowFromPoint

IsChild

GetWindow

RedrawWindow

IsWindowVisible

GetDlgItem

CreateWindowExW

MapWindowPoints

RegisterClipboardFormatW

GetClassInfoExW

BeginPaint

IsIconic

GetClassInfoW

RegisterClassW

DispatchMessageW

TranslateMessage

GetMessageW

PeekMessageW

CountClipboardFormats

BringWindowToTop

EnableMenuItem

DispatchMessageA

GetMessageA

IsWindowUnicode

MsgWaitForMultipleObjects

CreatePopupMenu

SetCursorPos

InsertMenuW

GetMessagePos

GetScrollPos

AppendMenuW

WindowFromPoint

CallNextHookEx

SetWindowsHookExW

UnhookWindowsHookEx

SetWindowContextHelpId

SetLayeredWindowAttributes

DeleteMenu

MapDialogRect

SendDlgItemMessageW

DrawEdge

GetMenu

AdjustWindowRectEx

GetComboBoxInfo

SetRect

LoadIconW

SetDlgItemTextW

FindWindowExW

IsDialogMessageW

PostQuitMessage

LockWindowUpdate

SendInput

SetMenuDefaultItem

IsClipboardFormatAvailable

SetParent

GetAncestor

GetDlgItemInt

GetForegroundWindow

wsprintfW

GetShellWindow

GetWindowInfo

GetMonitorInfoW

MonitorFromWindow

GetSystemMetrics

UpdateLayeredWindow

GetWindowPlacement

SystemParametersInfoA

DrawTextExW

NotifyWinEvent

GetAsyncKeyState

GetNextDlgGroupItem

DestroyCursor

GetIconInfo

GetMenuItemID

MonitorFromPoint

EndPaint

CreateDialogParamW

FrameRect

GetActiveWindow

RegisterWindowMessageW

GetDesktopWindow

GetWindowTextW

SetWindowTextW

DrawTextW

InflateRect

SetFocus

EndDialog

PtInRect

IsZoomed

GetSystemMenu

TrackPopupMenu

SetForegroundWindow

GetLastActivePopup

TrackMouseEvent

SystemParametersInfoW

SetCursor

DialogBoxParamW

SetTimer

KillTimer

EnableWindow

GetFocus

CreateDialogIndirectParamW

DestroyAcceleratorTable

InvalidateRgn

ReleaseCapture

SetCapture

ClientToScreen

CreateAcceleratorTableW

CharNextW

GetClassNameW

GetWindowTextLengthW

DialogBoxIndirectParamW

GetSysColorBrush

GetKeyState

CopyRect

SetPropW

GetWindowDC

OffsetRect

MessageBoxW

MessageBeep

DrawIcon

GetDialogBaseUnits

LoadStringW

WinHelpW

EmptyClipboard

SetClipboardData

WaitMessage

CharLowerW

CharLowerA

GetDlgItemTextW

ExitWindowsEx

WaitForInputIdle

EnumDisplaySettingsW

SendMessageTimeoutW

OpenClipboard

GetKeyboardLayoutNameW

EnumClipboardFormats

MapVirtualKeyW

SetWinEventHook

PostThreadMessageW

GetQueueStatus

EnableScrollBar

DrawFrameControl

GetPropW

SetScrollRange

DrawStateW

DestroyIcon

DrawFocusRect

DestroyMenu

GetScrollRange

ShowScrollBar

RemovePropW

GetNextDlgTabItem

AddClipboardFormatListener

RemoveClipboardFormatListener

RegisterClassExW

gdi32

GetGlyphIndicesW

SetLayout

EndPage

BitBlt

EnumFontFamiliesExW

StartDocW

SelectObject

DeleteDC

SetMapMode

GetDeviceCaps

GetFontUnicodeRanges

GetObjectA

StretchDIBits

EndDoc

CreateCompatibleDC

GetObjectW

UnrealizeObject

GetDIBits

AddFontMemResourceEx

CreateDIBSection

CreateDCW

CreateRectRgn

GetClipRgn

BeginPath

EndPath

StrokeAndFillPath

PolylineTo

GetCurrentObject

Ellipse

CreateFontW

LineTo

MoveToEx

Rectangle

GetTextColor

CreatePatternBrush

CreateBitmap

PatBlt

TextOutW

SetTextAlign

RoundRect

CreatePen

ExcludeClipRect

GetBkColor

GetTextMetricsW

GetTextExtentPoint32W

SelectClipRgn

CombineRgn

CreateRectRgnIndirect

GetClipBox

RestoreDC

SaveDC

GetDIBColorTable

StretchBlt

CreateFontIndirectW

GetStockObject

SetBkMode

CreateCompatibleBitmap

SetViewportOrgEx

ExtTextOutW

SetBkColor

SetTextColor

CreateSolidBrush

DeleteObject

SetDIBColorTable

StartPage

comdlg32

GetOpenFileNameW

GetSaveFileNameW

PrintDlgW

CommDlgExtendedError

shell32

SHGetSpecialFolderLocation

ExtractIconExW

SHGetFolderPathW

SHGetFileInfoW

SHEmptyRecycleBinW

SHGetKnownFolderPath

SHAddToRecentDocs

ShellExecuteExW

DragFinish

DragQueryFileW

ExtractIconW

ord74

ord727

CommandLineToArgvW

SHGetSpecialFolderPathW

ord165

SHBrowseForFolderW

SHGetPathFromIDListW

ShellExecuteW

Shell_NotifyIconW

ole32

CoInitialize

CoUninitialize

OleUninitialize

CoCreateGuid

StgOpenStorageEx

StgIsStorageFile

IIDFromString

PropVariantClear

CoInitializeEx

CoSetProxyBlanket

CoInitializeSecurity

DoDragDrop

RegisterDragDrop

RevokeDragDrop

OleDuplicateData

ReleaseStgMedium

CoTaskMemRealloc

OleInitialize

CLSIDFromString

CoFreeUnusedLibraries

CLSIDFromProgID

CoGetClassObject

CoCreateInstance

OleLockRunning

StringFromGUID2

CoTaskMemFree

CoTaskMemAlloc

CreateStreamOnHGlobal

oleaut32

DispCallFunc

VarBstrCmp

VarUI4FromStr

OleCreateFontIndirect

SysAllocStringLen

LoadTypeLi

LoadRegTypeLi

SysStringLen

SysAllocString

VariantClear

VariantInit

VarBstrFromI4

VariantChangeType

VarBstrFromR8

SysFreeString

VariantTimeToSystemTime

ntdll

NtSystemDebugControl

RtlLookupFunctionEntry

NtSetInformationThread

NtDeleteKey

NtQueryKey

NtOpenKey

NtClose

RtlDllShutdownInProgress

RtlNtStatusToDosError

RtlVirtualUnwind

bcrypt

BCryptDeriveKey

BCryptSecretAgreement

BCryptExportKey

BCryptFinalizeKeyPair

BCryptGenerateKeyPair

BCryptImportKeyPair

BCryptSetProperty

BCryptOpenAlgorithmProvider

BCryptDestroySecret

BCryptDestroyKey

BCryptGenRandom

BCryptGenerateSymmetricKey

BCryptCloseAlgorithmProvider

BCryptEncrypt

gdiplus

GdipStartPathFigure

GdipClosePathFigure

GdipAddPathLine

GdipAddPathArc

GdipAddPathBezier

GdipAddPathEllipse

GdipAddPathLineI

GdipAddPathArcI

GdipAddPathRectangleI

GdipGetPathWorldBounds

GdipIsVisiblePathPoint

GdipCreateMatrix

GdipCreateMatrix2

GdipDeleteMatrix

GdipTranslateMatrix

GdipScaleMatrix

GdipRotateMatrix

GdipShearMatrix

GdipGetMatrixElements

GdipCreateTexture

GdipCreateLineBrush

GdipSetLinePresetBlend

GdipSetLineWrapMode

GdipMultiplyLineTransform

GdipSetPathGradientCenterPoint

GdipSetPathGradientPresetBlend

GdipSetPathGradientWrapMode

GdipSetPathGradientTransform

GdipCreatePen2

GdipSetPenStartCap

GdipSetPenEndCap

GdipSetPenLineJoin

GdipSetPenMiterLimit

GdipSetPenDashStyle

GdipSetPenDashOffset

GdipSetPenDashArray

GdipCreateImageAttributes

GdipDisposeImageAttributes

GdipSetImageAttributesColorMatrix

GdipCreateFromHWND

GdipResetPath

GdipDrawImageI

GdipDeleteGraphics

GdipGetImageGraphicsContext

GdipDisposeImage

GdipFree

GdipAlloc

GdipCloneImage

GdipCreateBitmapFromScan0

GdipBitmapUnlockBits

GdipBitmapLockBits

GdipGetImagePalette

GdipGetImagePaletteSize

GdipGetImageWidth

GdipGetImageHeight

GdipGetImagePixelFormat

GdipCreateBitmapFromStream

GdiplusShutdown

GdiplusStartup

GdipCreatePath

GdipDeletePath

GdipCreatePathGradientFromPath

GdipDeleteBrush

GdipCloneBrush

GdipCreateSolidFill

GdipFillRectangleI

GdipCreateFromHDC

GdipSetSmoothingMode

GdipCreatePen1

GdipDeletePen

GdipDrawRectangleI

GdipCreateHatchBrush

GdipSetCompositingQuality

GdipClonePath

GdipSetPathFillMode

GdipCreateBitmapFromFile

GdipFillRectangle

GdipDrawLine

GdipGetSmoothingMode

GdipDrawDriverString

GdipCreateHBITMAPFromBitmap

GdipCreateBitmapFromGraphics

GdipGetFontSize

GdipGetFamily

GdipDeleteFont

GdipCreateFontFromLogfontA

GdipCreateFontFromDC

GdipGetLineSpacing

GdipGetCellAscent

GdipGetEmHeight

GdipDeleteFontFamily

GdipEndContainer

GdipBeginContainer2

GdipRestoreGraphics

GdipSaveGraphics

GdipGetClipBoundsI

GdipSetClipRectI

GdipSetClipRect

GdipDrawImageRectRect

GdipFillPath

GdipFillPie

GdipFillEllipse

GdipFillRectanglesI

GdipGraphicsClear

GdipDrawPath

GdipDrawPie

GdipDrawEllipse

GdipDrawRectangle

GdipDrawArc

GdipTransformPoints

GdipSetPageUnit

GdipGetWorldTransform

GdipTranslateWorldTransform

GdipMultiplyWorldTransform

GdipSetInterpolationMode

GdipSetTextRenderingHint

GdipSetPixelOffsetMode

powrprof

CallNtPowerInformation

dxgi

CreateDXGIFactory1

dbghelp

MakeSureDirectoryPathExists

winmm

timeSetEvent

timeEndPeriod

timeBeginPeriod

timeKillEvent

timeGetTime

secur32

QueryContextAttributesW

urlmon

FindMimeFromData

oleacc

AccessibleObjectFromWindow

CreateStdAccessibleObject

LresultFromObject

imm32

ImmGetCompositionStringW

ImmGetContext

ImmIsIME

ImmSetCandidateWindow

ImmAssociateContextEx

ImmReleaseContext

ImmNotifyIME

usp10

ScriptShape

ScriptPlace

ScriptFreeCache

ScriptBreak

ScriptApplyDigitSubstitution

ScriptItemize

dnsapi

DnsQuery_W

DnsFree

DnsQuery_UTF8

winhttp

WinHttpQueryDataAvailable

WinHttpQueryHeaders

WinHttpReceiveResponse

WinHttpWriteData

WinHttpSendRequest

WinHttpSetCredentials

WinHttpAddRequestHeaders

WinHttpSetOption

WinHttpCloseHandle

WinHttpQueryOption

WinHttpCrackUrl

WinHttpGetIEProxyConfigForCurrentUser

WinHttpGetProxyForUrl

WinHttpReadData

WinHttpOpen

WinHttpConnect

WinHttpSetTimeouts

WinHttpOpenRequest

winspool.drv

ord203

Exports

??$IntToString@VInteger@CryptoPP@@@CryptoPP@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@VInteger@0@I@Z

??$IntToString@_K@CryptoPP@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@_KI@Z

??0?$ASN1CryptoMaterial@V?$DL_GroupParameters@VInteger@CryptoPP@@@CryptoPP@@@CryptoPP@@QEAA@$$QEAV01@@Z

??0?$ASN1CryptoMaterial@V?$DL_GroupParameters@VInteger@CryptoPP@@@CryptoPP@@@CryptoPP@@QEAA@AEBV01@@Z

??0?$ASN1CryptoMaterial@V?$DL_GroupParameters@VInteger@CryptoPP@@@CryptoPP@@@CryptoPP@@QEAA@XZ

??0?$ASN1CryptoMaterial@VPrivateKey@CryptoPP@@@CryptoPP@@QEAA@$$QEAV01@@Z

??0?$ASN1CryptoMaterial@VPrivateKey@CryptoPP@@@CryptoPP@@QEAA@AEBV01@@Z

??0?$ASN1CryptoMaterial@VPrivateKey@CryptoPP@@@CryptoPP@@QEAA@XZ

??0?$ASN1CryptoMaterial@VPublicKey@CryptoPP@@@CryptoPP@@QEAA@$$QEAV01@@Z

??0?$ASN1CryptoMaterial@VPublicKey@CryptoPP@@@CryptoPP@@QEAA@AEBV01@@Z

??0?$ASN1CryptoMaterial@VPublicKey@CryptoPP@@@CryptoPP@@QEAA@XZ

??0?$AbstractEuclideanDomain@VInteger@CryptoPP@@@CryptoPP@@QEAA@$$QEAV01@@Z

??0?$AbstractEuclideanDomain@VInteger@CryptoPP@@@CryptoPP@@QEAA@AEBV01@@Z

??0?$AbstractEuclideanDomain@VInteger@CryptoPP@@@CryptoPP@@QEAA@XZ

??0?$AbstractEuclideanDomain@VPolynomialMod2@CryptoPP@@@CryptoPP@@QEAA@$$QEAV01@@Z

??0?$AbstractEuclideanDomain@VPolynomialMod2@CryptoPP@@@CryptoPP@@QEAA@AEBV01@@Z

??0?$AbstractEuclideanDomain@VPolynomialMod2@CryptoPP@@@CryptoPP@@QEAA@XZ

??0?$AbstractGroup@UEC2NPoint@CryptoPP@@@CryptoPP@@QEAA@AEBV01@@Z

??0?$AbstractGroup@UEC2NPoint@CryptoPP@@@CryptoPP@@QEAA@XZ

??0?$AbstractGroup@UECPPoint@CryptoPP@@@CryptoPP@@QEAA@AEBV01@@Z

??0?$AbstractGroup@UECPPoint@CryptoPP@@@CryptoPP@@QEAA@XZ

??0?$AbstractGroup@VInteger@CryptoPP@@@CryptoPP@@QEAA@AEBV01@@Z

??0?$AbstractGroup@VInteger@CryptoPP@@@CryptoPP@@QEAA@XZ

??0?$AbstractGroup@VPolynomialMod2@CryptoPP@@@CryptoPP@@QEAA@AEBV01@@Z

??0?$AbstractGroup@VPolynomialMod2@CryptoPP@@@CryptoPP@@QEAA@XZ

??0?$AbstractPolicyHolder@UAdditiveCipherAbstractPolicy@CryptoPP@@VCTR_ModePolicy@2@@CryptoPP@@QEAA@AEBV01@@Z

??0?$AbstractPolicyHolder@UAdditiveCipherAbstractPolicy@CryptoPP@@VCTR_ModePolicy@2@@CryptoPP@@QEAA@XZ

??0?$AbstractPolicyHolder@UAdditiveCipherAbstractPolicy@CryptoPP@@VOFB_ModePolicy@2@@CryptoPP@@QEAA@AEBV01@@Z

??0?$AbstractPolicyHolder@UAdditiveCipherAbstractPolicy@CryptoPP@@VOFB_ModePolicy@2@@CryptoPP@@QEAA@XZ

??0?$AbstractPolicyHolder@UAdditiveCipherAbstractPolicy@CryptoPP@@VSymmetricCipher@2@@CryptoPP@@QEAA@AEBV01@@Z

??0?$AbstractPolicyHolder@UAdditiveCipherAbstractPolicy@CryptoPP@@VSymmetricCipher@2@@CryptoPP@@QEAA@XZ

??0?$AbstractPolicyHolder@VCFB_CipherAbstractPolicy@CryptoPP@@VCFB_ModePolicy@2@@CryptoPP@@QEAA@AEBV01@@Z

??0?$AbstractPolicyHolder@VCFB_CipherAbstractPolicy@CryptoPP@@VCFB_ModePolicy@2@@CryptoPP@@QEAA@XZ

??0?$AbstractPolicyHolder@VCFB_CipherAbstractPolicy@CryptoPP@@VSymmetricCipher@2@@CryptoPP@@QEAA@AEBV01@@Z

??0?$AbstractPolicyHolder@VCFB_CipherAbstractPolicy@CryptoPP@@VSymmetricCipher@2@@CryptoPP@@QEAA@XZ

??0?$AbstractRing@VInteger@CryptoPP@@@CryptoPP@@QEAA@AEBV01@@Z

??0?$AbstractRing@VInteger@CryptoPP@@@CryptoPP@@QEAA@XZ

??0?$AbstractRing@VPolynomialMod2@CryptoPP@@@CryptoPP@@QEAA@AEBV01@@Z

??0?$AbstractRing@VPolynomialMod2@CryptoPP@@@CryptoPP@@QEAA@XZ

??0?$AdditiveCipherTemplate@V?$AbstractPolicyHolder@UAdditiveCipherAbstractPolicy@CryptoPP@@VCTR_ModePolicy@2@@CryptoPP@@@CryptoPP@@QEAA@AEBV01@@Z

??0?$AdditiveCipherTemplate@V?$AbstractPolicyHolder@UAdditiveCipherAbstractPolicy@CryptoPP@@VCTR_ModePolicy@2@@CryptoPP@@@CryptoPP@@QEAA@XZ

??0?$AdditiveCipherTemplate@V?$AbstractPolicyHolder@UAdditiveCipherAbstractPolicy@CryptoPP@@VOFB_ModePolicy@2@@CryptoPP@@@CryptoPP@@QEAA@AEBV01@@Z

??0?$AdditiveCipherTemplate@V?$AbstractPolicyHolder@UAdditiveCipherAbstractPolicy@CryptoPP@@VOFB_ModePolicy@2@@CryptoPP@@@CryptoPP@@QEAA@XZ

??0?$AdditiveCipherTemplate@V?$AbstractPolicyHolder@UAdditiveCipherAbstractPolicy@CryptoPP@@VSymmetricCipher@2@@CryptoPP@@@CryptoPP@@QEAA@AEBV01@@Z

??0?$AdditiveCipherTemplate@V?$AbstractPolicyHolder@UAdditiveCipherAbstractPolicy@CryptoPP@@VSymmetricCipher@2@@CryptoPP@@@CryptoPP@@QEAA@XZ

??0?$AlgorithmImpl@V?$IteratedHash@IU?$EnumToType@W4ByteOrder@CryptoPP@@$00@CryptoPP@@$0EA@VHashTransformation@2@@CryptoPP@@VSHA1@2@@CryptoPP@@QEAA@AEBV01@@Z

??0?$AlgorithmImpl@V?$IteratedHash@IU?$EnumToType@W4ByteOrder@CryptoPP@@$00@CryptoPP@@$0EA@VHashTransformation@2@@CryptoPP@@VSHA1@2@@CryptoPP@@QEAA@XZ

??0?$AlgorithmImpl@V?$IteratedHash@IU?$EnumToType@W4ByteOrder@CryptoPP@@$00@CryptoPP@@$0EA@VHashTransformation@2@@CryptoPP@@VSHA224@2@@CryptoPP@@QEAA@AEBV01@@Z

??0?$AlgorithmImpl@V?$IteratedHash@IU?$EnumToType@W4ByteOrder@CryptoPP@@$00@CryptoPP@@$0EA@VHashTransformation@2@@CryptoPP@@VSHA224@2@@CryptoPP@@QEAA@XZ

??0?$AlgorithmImpl@V?$IteratedHash@IU?$EnumToType@W4ByteOrder@CryptoPP@@$00@CryptoPP@@$0EA@VHashTransformation@2@@CryptoPP@@VSHA256@2@@CryptoPP@@QEAA@AEBV01@@Z

??0?$AlgorithmImpl@V?$IteratedHash@IU?$EnumToType@W4ByteOrder@CryptoPP@@$00@CryptoPP@@$0EA@VHashTransformation@2@@CryptoPP@@VSHA256@2@@CryptoPP@@QEAA@XZ

??0?$AlgorithmImpl@V?$IteratedHash@_KU?$EnumToType@W4ByteOrder@CryptoPP@@$00@CryptoPP@@$0IA@VHashTransformation@2@@CryptoPP@@VSHA384@2@@CryptoPP@@QEAA@AEBV01@@Z

??0?$AlgorithmImpl@V?$IteratedHash@_KU?$EnumToType@W4ByteOrder@CryptoPP@@$00@CryptoPP@@$0IA@VHashTransformation@2@@CryptoPP@@VSHA384@2@@CryptoPP@@QEAA@XZ

??0?$AlgorithmImpl@V?$IteratedHash@_KU?$EnumToType@W4ByteOrder@CryptoPP@@$00@CryptoPP@@$0IA@VHashTransformation@2@@CryptoPP@@VSHA512@2@@CryptoPP@@QEAA@AEBV01@@Z

??0?$AlgorithmImpl@V?$IteratedHash@_KU?$EnumToType@W4ByteOrder@CryptoPP@@$00@CryptoPP@@$0IA@VHashTransformation@2@@CryptoPP@@VSHA512@2@@CryptoPP@@QEAA@XZ

??0?$AlgorithmImpl@V?$SimpleKeyingInterfaceImpl@V?$TwoBases@VBlockCipher@CryptoPP@@UDES_EDE2_Info@2@@CryptoPP@@V12@@CryptoPP@@V12@@CryptoPP@@QEAA@AEBV01@@Z

??0?$AlgorithmImpl@V?$SimpleKeyingInterfaceImpl@V?$TwoBases@VBlockCipher@CryptoPP@@UDES_EDE2_Info@2@@CryptoPP@@V12@@CryptoPP@@V12@@CryptoPP@@QEAA@XZ

??0?$AlgorithmImpl@V?$SimpleKeyingInterfaceImpl@V?$TwoBases@VBlockCipher@CryptoPP@@UDES_EDE3_Info@2@@CryptoPP@@V12@@CryptoPP@@V12@@CryptoPP@@QEAA@AEBV01@@Z

??0?$AlgorithmImpl@V?$SimpleKeyingInterfaceImpl@V?$TwoBases@VBlockCipher@CryptoPP@@UDES_EDE3_Info@2@@CryptoPP@@V12@@CryptoPP@@V12@@CryptoPP@@QEAA@XZ

??0?$AlgorithmImpl@V?$SimpleKeyingInterfaceImpl@V?$TwoBases@VBlockCipher@CryptoPP@@URijndael_Info@2@@CryptoPP@@V12@@CryptoPP@@V12@@CryptoPP@@QEAA@AEBV01@@Z

??0?$AlgorithmImpl@V?$SimpleKeyingInterfaceImpl@V?$TwoBases@VBlockCipher@CryptoPP@@URijndael_Info@2@@CryptoPP@@V12@@CryptoPP@@V12@@CryptoPP@@QEAA@XZ

??0?$AlgorithmImpl@V?$SimpleKeyingInterfaceImpl@V?$TwoBases@VBlockCipher@CryptoPP@@USKIPJACK_Info@2@@CryptoPP@@V12@@CryptoPP@@V12@@CryptoPP@@QEAA@AEBV01@@Z

??0?$AlgorithmImpl@V?$SimpleKeyingInterfaceImpl@V?$TwoBases@VBlockCipher@CryptoPP@@USKIPJACK_Info@2@@CryptoPP@@V12@@CryptoPP@@V12@@CryptoPP@@QEAA@XZ

??0?$AlgorithmParametersTemplate@H@CryptoPP@@QEAA@$$QEAV01@@Z

??0?$AlgorithmParametersTemplate@H@CryptoPP@@QEAA@AEBV01@@Z

??0?$AlgorithmParametersTemplate@H@CryptoPP@@QEAA@PEBDAEBH_N@Z

??0?$AlgorithmParametersTemplate@VConstByteArrayParameter@CryptoPP@@@CryptoPP@@QEAA@$$QEAV01@@Z

??0?$AlgorithmParametersTemplate@VConstByteArrayParameter@CryptoPP@@@CryptoPP@@QEAA@AEBV01@@Z

??0?$AlgorithmParametersTemplate@VConstByteArrayParameter@CryptoPP@@@CryptoPP@@QEAA@PEBDAEBVConstByteArrayParameter@1@_N@Z

??0?$AlgorithmParametersTemplate@_N@CryptoPP@@QEAA@$$QEAV01@@Z

??0?$AlgorithmParametersTemplate@_N@CryptoPP@@QEAA@AEBV01@@Z

??0?$AlgorithmParametersTemplate@_N@CryptoPP@@QEAA@PEBDAEB_N_N@Z

??0?$AllocatorWithCleanup@E$0A@@CryptoPP@@QEAA@XZ

??0?$AllocatorWithCleanup@G$0A@@CryptoPP@@QEAA@XZ

??0?$AllocatorWithCleanup@I$0A@@CryptoPP@@QEAA@XZ

??0?$AllocatorWithCleanup@_K$0A@@CryptoPP@@QEAA@XZ

??0?$AutoSeededX917RNG@VRijndael@CryptoPP@@@CryptoPP@@QEAA@_N0@Z

??0?$AutoSignaling@V?$InputRejecting@VBufferedTransformation@CryptoPP@@@CryptoPP@@@CryptoPP@@QEAA@AEBV01@@Z

??0?$AutoSignaling@V?$InputRejecting@VBufferedTransformation@CryptoPP@@@CryptoPP@@@CryptoPP@@QEAA@H@Z

??0?$AutoSignaling@VBufferedTransformation@CryptoPP@@@CryptoPP@@QEAA@AEBV01@@Z

??0?$AutoSignaling@VBufferedTransformation@CryptoPP@@@CryptoPP@@QEAA@H@Z

??0?$BlockCipherImpl@UDES_EDE2_Info@CryptoPP@@VBlockCipher@2@@CryptoPP@@QEAA@AEBV01@@Z

??0?$BlockCipherImpl@UDES_EDE2_Info@CryptoPP@@VBlockCipher@2@@CryptoPP@@QEAA@XZ

??0?$BlockCipherImpl@UDES_EDE3_Info@CryptoPP@@VBlockCipher@2@@CryptoPP@@QEAA@AEBV01@@Z

??0?$BlockCipherImpl@UDES_EDE3_Info@CryptoPP@@VBlockCipher@2@@CryptoPP@@QEAA@XZ

??0?$BlockCipherImpl@URijndael_Info@CryptoPP@@VBlockCipher@2@@CryptoPP@@QEAA@AEBV01@@Z

??0?$BlockCipherImpl@URijndael_Info@CryptoPP@@VBlockCipher@2@@CryptoPP@@QEAA@XZ

??0?$BlockCipherImpl@USKIPJACK_Info@CryptoPP@@VBlockCipher@2@@CryptoPP@@QEAA@AEBV01@@Z

??0?$BlockCipherImpl@USKIPJACK_Info@CryptoPP@@VBlockCipher@2@@CryptoPP@@QEAA@XZ

??0?$Bufferless@VBufferedTransformation@CryptoPP@@@CryptoPP@@QEAA@AEBV01@@Z

??0?$Bufferless@VBufferedTransformation@CryptoPP@@@CryptoPP@@QEAA@XZ

??0?$Bufferless@VFilter@CryptoPP@@@CryptoPP@@QEAA@XZ

??0?$Bufferless@VSink@CryptoPP@@@CryptoPP@@QEAA@AEBV01@@Z

??0?$Bufferless@VSink@CryptoPP@@@CryptoPP@@QEAA@XZ

??0?$CFB_CipherTemplate@V?$AbstractPolicyHolder@VCFB_CipherAbstractPolicy@CryptoPP@@VCFB_ModePolicy@2@@CryptoPP@@@CryptoPP@@QEAA@AEBV01@@Z

??0?$CFB_CipherTemplate@V?$AbstractPolicyHolder@VCFB_CipherAbstractPolicy@CryptoPP@@VCFB_ModePolicy@2@@CryptoPP@@@CryptoPP@@QEAA@XZ

??0?$CFB_CipherTemplate@V?$AbstractPolicyHolder@VCFB_CipherAbstractPolicy@CryptoPP@@VSymmetricCipher@2@@CryptoPP@@@CryptoPP@@QEAA@AEBV01@@Z

??0?$CFB_CipherTemplate@V?$AbstractPolicyHolder@VCFB_CipherAbstractPolicy@CryptoPP@@VSymmetricCipher@2@@CryptoPP@@@CryptoPP@@QEAA@XZ

??0?$CFB_DecryptionTemplate@V?$AbstractPolicyHolder@VCFB_CipherAbstractPolicy@CryptoPP@@VCFB_ModePolicy@2@@CryptoPP@@@CryptoPP@@QEAA@$$QEAV01@@Z

??0?$CFB_DecryptionTemplate@V?$AbstractPolicyHolder@VCFB_CipherAbstractPolicy@CryptoPP@@VCFB_ModePolicy@2@@CryptoPP@@@CryptoPP@@QEAA@AEBV01@@Z

??0?$CFB_DecryptionTemplate@V?$AbstractPolicyHolder@VCFB_CipherAbstractPolicy@CryptoPP@@VCFB_ModePolicy@2@@CryptoPP@@@CryptoPP@@QEAA@XZ

??0?$CFB_DecryptionTemplate@V?$AbstractPolicyHolder@VCFB_CipherAbstractPolicy@CryptoPP@@VSymmetricCipher@2@@CryptoPP@@@CryptoPP@@QEAA@$$QEAV01@@Z

??0?$CFB_DecryptionTemplate@V?$AbstractPolicyHolder@VCFB_CipherAbstractPolicy@CryptoPP@@VSymmetricCipher@2@@CryptoPP@@@CryptoPP@@QEAA@AEBV01@@Z

??0?$CFB_DecryptionTemplate@V?$AbstractPolicyHolder@VCFB_CipherAbstractPolicy@CryptoPP@@VSymmetricCipher@2@@CryptoPP@@@CryptoPP@@QEAA@XZ

??0?$CFB_EncryptionTemplate@V?$AbstractPolicyHolder@VCFB_CipherAbstractPolicy@CryptoPP@@VCFB_ModePolicy@2@@CryptoPP@@@CryptoPP@@QEAA@$$QEAV01@@Z

??0?$CFB_EncryptionTemplate@V?$AbstractPolicyHolder@VCFB_CipherAbstractPolicy@CryptoPP@@VCFB_ModePolicy@2@@CryptoPP@@@CryptoPP@@QEAA@AEBV01@@Z

??0?$CFB_EncryptionTemplate@V?$AbstractPolicyHolder@VCFB_CipherAbstractPolicy@CryptoPP@@VCFB_ModePolicy@2@@CryptoPP@@@CryptoPP@@QEAA@XZ

??0?$CFB_EncryptionTemplate@V?$AbstractPolicyHolder@VCFB_CipherAbstractPolicy@CryptoPP@@VSymmetricCipher@2@@CryptoPP@@@CryptoPP@@QEAA@$$QEAV01@@Z

??0?$CFB_EncryptionTemplate@V?$AbstractPolicyHolder@VCFB_CipherAbstractPolicy@CryptoPP@@VSymmetricCipher@2@@CryptoPP@@@CryptoPP@@QEAA@AEBV01@@Z

??0?$CFB_EncryptionTemplate@V?$AbstractPolicyHolder@VCFB_CipherAbstractPolicy@CryptoPP@@VSymmetricCipher@2@@CryptoPP@@@CryptoPP@@QEAA@XZ

??0?$CipherModeFinalTemplate_ExternalCipher@V?$ConcretePolicyHolder@VEmpty@CryptoPP@@V?$AdditiveCipherTemplate@V?$AbstractPolicyHolder@UAdditiveCipherAbstractPolicy@CryptoPP@@VCTR_ModePolicy@2@@CryptoPP@@@2@UAdditiveCipherAbstractPolicy@2@@CryptoPP@@@CryptoPP@@QEAA@$$QEAV01@@Z

??0?$CipherModeFinalTemplate_ExternalCipher@V?$ConcretePolicyHolder@VEmpty@CryptoPP@@V?$AdditiveCipherTemplate@V?$AbstractPolicyHolder@UAdditiveCipherAbstractPolicy@CryptoPP@@VCTR_ModePolicy@2@@CryptoPP@@@2@UAdditiveCipherAbstractPolicy@2@@CryptoPP@@@CryptoPP@@QEAA@AEAVBlockCipher@1@@Z

??0?$CipherModeFinalTemplate_ExternalCipher@V?$ConcretePolicyHolder@VEmpty@CryptoPP@@V?$AdditiveCipherTemplate@V?$AbstractPolicyHolder@UAdditiveCipherAbstractPolicy@CryptoPP@@VCTR_ModePolicy@2@@CryptoPP@@@2@UAdditiveCipherAbstractPolicy@2@@CryptoPP@@@CryptoPP@@QEAA@AEAVBlockCipher@1@PEBEH@Z

??0?$CipherModeFinalTemplate_ExternalCipher@V?$ConcretePolicyHolder@VEmpty@CryptoPP@@V?$AdditiveCipherTemplate@V?$AbstractPolicyHolder@UAdditiveCipherAbstractPolicy@CryptoPP@@VCTR_ModePolicy@2@@CryptoPP@@@2@UAdditiveCipherAbstractPolicy@2@@CryptoPP@@@CryptoPP@@QEAA@AEBV01@@Z

??0?$CipherModeFinalTemplate_ExternalCipher@V?$ConcretePolicyHolder@VEmpty@CryptoPP@@V?$AdditiveCipherTemplate@V?$AbstractPolicyHolder@UAdditiveCipherAbstractPolicy@CryptoPP@@VCTR_ModePolicy@2@@CryptoPP@@@2@UAdditiveCipherAbstractPolicy@2@@CryptoPP@@@CryptoPP@@QEAA@XZ

??0?$CipherModeFinalTemplate_ExternalCipher@VCBC_CTS_Decryption@CryptoPP@@@CryptoPP@@QEAA@$$QEAV01@@Z

??0?$CipherModeFinalTemplate_ExternalCipher@VCBC_CTS_Decryption@CryptoPP@@@CryptoPP@@QEAA@AEAVBlockCipher@1@@Z

??0?$CipherModeFinalTemplate_ExternalCipher@VCBC_CTS_Decryption@CryptoPP@@@CryptoPP@@QEAA@AEAVBlockCipher@1@PEBEH@Z

??0?$CipherModeFinalTemplate_ExternalCipher@VCBC_CTS_Decryption@CryptoPP@@@CryptoPP@@QEAA@AEBV01@@Z

??0?$CipherModeFinalTemplate_ExternalCipher@VCBC_CTS_Decryption@CryptoPP@@@CryptoPP@@QEAA@XZ

??0?$CipherModeFinalTemplate_ExternalCipher@VCBC_CTS_Encryption@CryptoPP@@@CryptoPP@@QEAA@$$QEAV01@@Z

??0?$CipherModeFinalTemplate_ExternalCipher@VCBC_CTS_Encryption@CryptoPP@@@CryptoPP@@QEAA@AEAVBlockCipher@1@@Z

??0?$CipherModeFinalTemplate_ExternalCipher@VCBC_CTS_Encryption@CryptoPP@@@CryptoPP@@QEAA@AEAVBlockCipher@1@PEBEH@Z

??0?$CipherModeFinalTemplate_ExternalCipher@VCBC_CTS_Encryption@CryptoPP@@@CryptoPP@@QEAA@AEBV01@@Z

??0?$CipherModeFinalTemplate_ExternalCipher@VCBC_CTS_Encryption@CryptoPP@@@CryptoPP@@QEAA@XZ

??0?$CipherModeFinalTemplate_ExternalCipher@VCBC_Decryption@CryptoPP@@@CryptoPP@@QEAA@$$QEAV01@@Z

??0?$CipherModeFinalTemplate_ExternalCipher@VCBC_Decryption@CryptoPP@@@CryptoPP@@QEAA@AEAVBlockCipher@1@@Z

??0?$CipherModeFinalTemplate_ExternalCipher@VCBC_Decryption@CryptoPP@@@CryptoPP@@QEAA@AEAVBlockCipher@1@PEBEH@Z

??0?$CipherModeFinalTemplate_ExternalCipher@VCBC_Decryption@CryptoPP@@@CryptoPP@@QEAA@AEBV01@@Z

??0?$CipherModeFinalTemplate_ExternalCipher@VCBC_Decryption@CryptoPP@@@CryptoPP@@QEAA@XZ

??0?$CipherModeFinalTemplate_ExternalCipher@VCBC_Encryption@CryptoPP@@@CryptoPP@@QEAA@$$QEAV01@@Z

??0?$CipherModeFinalTemplate_ExternalCipher@VCBC_Encryption@CryptoPP@@@CryptoPP@@QEAA@AEAVBlockCipher@1@@Z

??0?$CipherModeFinalTemplate_ExternalCipher@VCBC_Encryption@CryptoPP@@@CryptoPP@@QEAA@AEAVBlockCipher@1@PEBEH@Z

??0?$CipherModeFinalTemplate_ExternalCipher@VCBC_Encryption@CryptoPP@@@CryptoPP@@QEAA@AEBV01@@Z

??0?$CipherModeFinalTemplate_ExternalCipher@VCBC_Encryption@CryptoPP@@@CryptoPP@@QEAA@XZ

??0?$CipherModeFinalTemplate_ExternalCipher@VECB_OneWay@CryptoPP@@@CryptoPP@@QEAA@$$QEAV01@@Z

??0?$CipherModeFinalTemplate_ExternalCipher@VECB_OneWay@CryptoPP@@@CryptoPP@@QEAA@AEAVBlockCipher@1@@Z

??0?$CipherModeFinalTemplate_ExternalCipher@VECB_OneWay@CryptoPP@@@CryptoPP@@QEAA@AEAVBlockCipher@1@PEBEH@Z

??0?$CipherModeFinalTemplate_ExternalCipher@VECB_OneWay@CryptoPP@@@CryptoPP@@QEAA@AEBV01@@Z

??0?$CipherModeFinalTemplate_ExternalCipher@VECB_OneWay@CryptoPP@@@CryptoPP@@QEAA@XZ

??0?$ClonableImpl@VSHA1@CryptoPP@@V?$AlgorithmImpl@V?$IteratedHash@IU?$EnumToType@W4ByteOrder@CryptoPP@@$00@CryptoPP@@$0EA@VHashTransformation@2@@CryptoPP@@VSHA1@2@@2@@CryptoPP@@QEAA@AEBV01@@Z

??0?$ClonableImpl@VSHA1@CryptoPP@@V?$AlgorithmImpl@V?$IteratedHash@IU?$EnumToType@W4ByteOrder@CryptoPP@@$00@CryptoPP@@$0EA@VHashTransformation@2@@CryptoPP@@VSHA1@2@@2@@CryptoPP@@QEAA@XZ

??0?$ClonableImpl@VSHA224@CryptoPP@@V?$AlgorithmImpl@V?$IteratedHash@IU?$EnumToType@W4ByteOrder@CryptoPP@@$00@CryptoPP@@$0EA@VHashTransformation@2@@CryptoPP@@VSHA224@2@@2@@CryptoPP@@QEAA@AEBV01@@Z

??0?$ClonableImpl@VSHA224@CryptoPP@@V?$AlgorithmImpl@V?$IteratedHash@IU?$EnumToType@W4ByteOrder@CryptoPP@@$00@CryptoPP@@$0EA@VHashTransformation@2@@CryptoPP@@VSHA224@2@@2@@CryptoPP@@QEAA@XZ

??0?$ClonableImpl@VSHA256@CryptoPP@@V?$AlgorithmImpl@V?$IteratedHash@IU?$EnumToType@W4ByteOrder@CryptoPP@@$00@CryptoPP@@$0EA@VHashTransformation@2@@CryptoPP@@VSHA256@2@@2@@CryptoPP@@QEAA@AEBV01@@Z

??0?$ClonableImpl@VSHA256@CryptoPP@@V?$AlgorithmImpl@V?$IteratedHash@IU?$EnumToType@W4ByteOrder@CryptoPP@@$00@CryptoPP@@$0EA@VHashTransformation@2@@CryptoPP@@VSHA256@2@@2@@CryptoPP@@QEAA@XZ

??0?$ClonableImpl@VSHA384@CryptoPP@@V?$AlgorithmImpl@V?$IteratedHash@_KU?$EnumToType@W4ByteOrder@CryptoPP@@$00@CryptoPP@@$0IA@VHashTransformation@2@@CryptoPP@@VSHA384@2@@2@@CryptoPP@@QEAA@AEBV01@@Z

??0?$ClonableImpl@VSHA384@CryptoPP@@V?$AlgorithmImpl@V?$IteratedHash@_KU?$EnumToType@W4ByteOrder@CryptoPP@@$00@CryptoPP@@$0IA@VHashTransformation@2@@CryptoPP@@VSHA384@2@@2@@CryptoPP@@QEAA@XZ

??0?$ClonableImpl@VSHA512@CryptoPP@@V?$AlgorithmImpl@V?$IteratedHash@_KU?$EnumToType@W4ByteOrder@CryptoPP@@$00@CryptoPP@@$0IA@VHashTransformation@2@@CryptoPP@@VSHA512@2@@2@@CryptoPP@@QEAA@AEBV01@@Z

??0?$ClonableImpl@VSHA512@CryptoPP@@V?$AlgorithmImpl@V?$IteratedHash@_KU?$EnumToType@W4ByteOrder@CryptoPP@@$00@CryptoPP@@$0IA@VHashTransformation@2@@CryptoPP@@VSHA512@2@@2@@CryptoPP@@QEAA@XZ

??0?$ConcretePolicyHolder@VEmpty@CryptoPP@@V?$AdditiveCipherTemplate@V?$AbstractPolicyHolder@UAdditiveCipherAbstractPolicy@CryptoPP@@VCTR_ModePolicy@2@@CryptoPP@@@2@UAdditiveCipherAbstractPolicy@2@@CryptoPP@@QEAA@AEBV01@@Z

??0?$ConcretePolicyHolder@VEmpty@CryptoPP@@V?$AdditiveCipherTemplate@V?$AbstractPolicyHolder@UAdditiveCipherAbstractPolicy@CryptoPP@@VCTR_ModePolicy@2@@CryptoPP@@@2@UAdditiveCipherAbstractPolicy@2@@CryptoPP@@QEAA@XZ

??0?$CustomFlushPropagation@VFilter@CryptoPP@@@CryptoPP@@QEAA@XZ

??0?$CustomFlushPropagation@VSink@CryptoPP@@@CryptoPP@@QEAA@AEBV01@@Z

??0?$CustomFlushPropagation@VSink@CryptoPP@@@CryptoPP@@QEAA@XZ

??0?$CustomSignalPropagation@VSink@CryptoPP@@@CryptoPP@@QEAA@AEBV01@@Z

??0?$CustomSignalPropagation@VSink@CryptoPP@@@CryptoPP@@QEAA@XZ

??0?$DH_Domain@VDL_GroupParameters_GFP_DefaultSafePrime@CryptoPP@@U?$EnumToType@W4CofactorMultiplicationOption@CryptoPP@@$0A@@2@@CryptoPP@@QEAA@AEAVBufferedTransformation@1@@Z

??0?$DH_Domain@VDL_GroupParameters_GFP_DefaultSafePrime@CryptoPP@@U?$EnumToType@W4CofactorMultiplicationOption@CryptoPP@@$0A@@2@@CryptoPP@@QEAA@AEBV01@@Z

??0?$DH_Domain@VDL_GroupParameters_GFP_DefaultSafePrime@CryptoPP@@U?$EnumToType@W4CofactorMultiplicationOption@CryptoPP@@$0A@@2@@CryptoPP@@QEAA@AEBVDL_GroupParameters_GFP_DefaultSafePrime@1@@Z

??0?$DH_Domain@VDL_GroupParameters_GFP_DefaultSafePrime@CryptoPP@@U?$EnumToType@W4CofactorMultiplicationOption@CryptoPP@@$0A@@2@@CryptoPP@@QEAA@XZ

??0?$DL_Algorithm_DSA_RFC6979@VInteger@CryptoPP@@VSHA1@2@@CryptoPP@@QEAA@AEBV01@@Z

??0?$DL_Algorithm_DSA_RFC6979@VInteger@CryptoPP@@VSHA1@2@@CryptoPP@@QEAA@XZ

??0?$DL_Algorithm_DSA_RFC6979@VInteger@CryptoPP@@VSHA224@2@@CryptoPP@@QEAA@AEBV01@@Z

??0?$DL_Algorithm_DSA_RFC6979@VInteger@CryptoPP@@VSHA224@2@@CryptoPP@@QEAA@XZ

??0?$DL_Algorithm_DSA_RFC6979@VInteger@CryptoPP@@VSHA256@2@@CryptoPP@@QEAA@AEBV01@@Z

??0?$DL_Algorithm_DSA_RFC6979@VInteger@CryptoPP@@VSHA256@2@@CryptoPP@@QEAA@XZ

??0?$DL_Algorithm_DSA_RFC6979@VInteger@CryptoPP@@VSHA384@2@@CryptoPP@@QEAA@AEBV01@@Z

??0?$DL_Algorithm_DSA_RFC6979@VInteger@CryptoPP@@VSHA384@2@@CryptoPP@@QEAA@XZ

??0?$DL_Algorithm_DSA_RFC6979@VInteger@CryptoPP@@VSHA512@2@@CryptoPP@@QEAA@AEBV01@@Z

??0?$DL_Algorithm_DSA_RFC6979@VInteger@CryptoPP@@VSHA512@2@@CryptoPP@@QEAA@XZ

??0?$DL_Algorithm_GDSA@UEC2NPoint@CryptoPP@@@CryptoPP@@QEAA@AEBV01@@Z

??0?$DL_Algorithm_GDSA@UEC2NPoint@CryptoPP@@@CryptoPP@@QEAA@XZ

??0?$DL_Algorithm_GDSA@UECPPoint@CryptoPP@@@CryptoPP@@QEAA@AEBV01@@Z

??0?$DL_Algorithm_GDSA@UECPPoint@CryptoPP@@@CryptoPP@@QEAA@XZ

??0?$DL_Algorithm_GDSA@VInteger@CryptoPP@@@CryptoPP@@QEAA@AEBV01@@Z

??0?$DL_Algorithm_GDSA@VInteger@CryptoPP@@@CryptoPP@@QEAA@XZ

??0?$DL_ElgamalLikeSignatureAlgorithm@UEC2NPoint@CryptoPP@@@CryptoPP@@QEAA@AEBV01@@Z

??0?$DL_ElgamalLikeSignatureAlgorithm@UEC2NPoint@CryptoPP@@@CryptoPP@@QEAA@XZ

??0?$DL_ElgamalLikeSignatureAlgorithm@UECPPoint@CryptoPP@@@CryptoPP@@QEAA@AEBV01@@Z

??0?$DL_ElgamalLikeSignatureAlgorithm@UECPPoint@CryptoPP@@@CryptoPP@@QEAA@XZ

??0?$DL_ElgamalLikeSignatureAlgorithm@VInteger@CryptoPP@@@CryptoPP@@QEAA@AEBV01@@Z

??0?$DL_ElgamalLikeSignatureAlgorithm@VInteger@CryptoPP@@@CryptoPP@@QEAA@XZ

??0?$DL_FixedBasePrecomputation@UEC2NPoint@CryptoPP@@@CryptoPP@@QEAA@AEBV01@@Z

??0?$DL_FixedBasePrecomputation@UEC2NPoint@CryptoPP@@@CryptoPP@@QEAA@XZ

??0?$DL_FixedBasePrecomputation@UECPPoint@CryptoPP@@@CryptoPP@@QEAA@AEBV01@@Z

??0?$DL_FixedBasePrecomputation@UECPPoint@CryptoPP@@@CryptoPP@@QEAA@XZ

??0?$DL_FixedBasePrecomputation@VInteger@CryptoPP@@@CryptoPP@@QEAA@AEBV01@@Z

??0?$DL_FixedBasePrecomputation@VInteger@CryptoPP@@@CryptoPP@@QEAA@XZ

??0?$DL_FixedBasePrecomputationImpl@UEC2NPoint@CryptoPP@@@CryptoPP@@QEAA@AEBV01@@Z

??0?$DL_FixedBasePrecomputationImpl@UEC2NPoint@CryptoPP@@@CryptoPP@@QEAA@XZ

??0?$DL_FixedBasePrecomputationImpl@UECPPoint@CryptoPP@@@CryptoPP@@QEAA@AEBV01@@Z

??0?$DL_FixedBasePrecomputationImpl@UECPPoint@CryptoPP@@@CryptoPP@@QEAA@XZ

??0?$DL_FixedBasePrecomputationImpl@VInteger@CryptoPP@@@CryptoPP@@QEAA@AEBV01@@Z

??0?$DL_FixedBasePrecomputationImpl@VInteger@CryptoPP@@@CryptoPP@@QEAA@XZ

??0?$DL_GroupParameters@UEC2NPoint@CryptoPP@@@CryptoPP@@QEAA@AEBV01@@Z

??0?$DL_GroupParameters@UEC2NPoint@CryptoPP@@@CryptoPP@@QEAA@XZ

??0?$DL_GroupParameters@UECPPoint@CryptoPP@@@CryptoPP@@QEAA@AEBV01@@Z

??0?$DL_GroupParameters@UECPPoint@CryptoPP@@@CryptoPP@@QEAA@XZ

??0?$DL_GroupParameters@VInteger@CryptoPP@@@CryptoPP@@QEAA@AEBV01@@Z

??0?$DL_GroupParameters@VInteger@CryptoPP@@@CryptoPP@@QEAA@XZ

??0?$DL_GroupParametersImpl@V?$EcPrecomputation@VEC2N@CryptoPP@@@CryptoPP@@V?$DL_FixedBasePrecomputationImpl@UEC2NPoint@CryptoPP@@@2@V?$DL_GroupParameters@UEC2NPoint@CryptoPP@@@2@@CryptoPP@@QEAA@AEBV01@@Z

??0?$DL_GroupParametersImpl@V?$EcPrecomputation@VEC2N@CryptoPP@@@CryptoPP@@V?$DL_FixedBasePrecomputationImpl@UEC2NPoint@CryptoPP@@@2@V?$DL_GroupParameters@UEC2NPoint@CryptoPP@@@2@@CryptoPP@@QEAA@XZ

??0?$DL_GroupParametersImpl@V?$EcPrecomputation@VECP@CryptoPP@@@CryptoPP@@V?$DL_FixedBasePrecomputationImpl@UECPPoint@CryptoPP@@@2@V?$DL_GroupParameters@UECPPoint@CryptoPP@@@2@@CryptoPP@@QEAA@AEBV01@@Z

??0?$DL_GroupParametersImpl@V?$EcPrecomputation@VECP@CryptoPP@@@CryptoPP@@V?$DL_FixedBasePrecomputationImpl@UECPPoint@CryptoPP@@@2@V?$DL_GroupParameters@UECPPoint@CryptoPP@@@2@@CryptoPP@@QEAA@XZ

??0?$DL_GroupParametersImpl@VModExpPrecomputation@CryptoPP@@V?$DL_FixedBasePrecomputationImpl@VInteger@CryptoPP@@@2@VDL_GroupParameters_IntegerBased@2@@CryptoPP@@QEAA@AEBV01@@Z

??0?$DL_GroupParametersImpl@VModExpPrecomputation@CryptoPP@@V?$DL_FixedBasePrecomputationImpl@VInteger@CryptoPP@@@2@VDL_GroupParameters_IntegerBased@2@@CryptoPP@@QEAA@XZ

??0?$DL_GroupParameters_EC@VEC2N@CryptoPP@@@CryptoPP@@QEAA@AEAVBufferedTransformation@1@@Z

??0?$DL_GroupParameters_EC@VEC2N@CryptoPP@@@CryptoPP@@QEAA@AEBV01@@Z

??0?$DL_GroupParameters_EC@VEC2N@CryptoPP@@@CryptoPP@@QEAA@AEBVEC2N@1@AEBUEC2NPoint@1@AEBVInteger@1@2@Z

??0?$DL_GroupParameters_EC@VEC2N@CryptoPP@@@CryptoPP@@QEAA@AEBVOID@1@@Z

??0?$DL_GroupParameters_EC@VEC2N@CryptoPP@@@CryptoPP@@QEAA@XZ

??0?$DL_GroupParameters_EC@VECP@CryptoPP@@@CryptoPP@@QEAA@AEAVBufferedTransformation@1@@Z

??0?$DL_GroupParameters_EC@VECP@CryptoPP@@@CryptoPP@@QEAA@AEBV01@@Z

??0?$DL_GroupParameters_EC@VECP@CryptoPP@@@CryptoPP@@QEAA@AEBVECP@1@AEBUECPPoint@1@AEBVInteger@1@2@Z

??0?$DL_GroupParameters_EC@VECP@CryptoPP@@@CryptoPP@@QEAA@AEBVOID@1@@Z

??0?$DL_GroupParameters_EC@VECP@CryptoPP@@@CryptoPP@@QEAA@XZ

??0?$DL_GroupParameters_IntegerBasedImpl@VModExpPrecomputation@CryptoPP@@V?$DL_FixedBasePrecomputationImpl@VInteger@CryptoPP@@@2@@CryptoPP@@QEAA@AEBV01@@Z

??0?$DL_GroupParameters_IntegerBasedImpl@VModExpPrecomputation@CryptoPP@@V?$DL_FixedBasePrecomputationImpl@VInteger@CryptoPP@@@2@@CryptoPP@@QEAA@XZ

??0?$DL_GroupPrecomputation@UEC2NPoint@CryptoPP@@@CryptoPP@@QEAA@AEBV01@@Z

??0?$DL_GroupPrecomputation@UEC2NPoint@CryptoPP@@@CryptoPP@@QEAA@XZ

??0?$DL_GroupPrecomputation@UECPPoint@CryptoPP@@@CryptoPP@@QEAA@AEBV01@@Z

??0?$DL_GroupPrecomputation@UECPPoint@CryptoPP@@@CryptoPP@@QEAA@XZ

??0?$DL_Key@UEC2NPoint@CryptoPP@@@CryptoPP@@QEAA@AEBV01@@Z

??0?$DL_Key@UEC2NPoint@CryptoPP@@@CryptoPP@@QEAA@XZ

??0?$DL_Key@UECPPoint@CryptoPP@@@CryptoPP@@QEAA@AEBV01@@Z

??0?$DL_Key@UECPPoint@CryptoPP@@@CryptoPP@@QEAA@XZ

??0?$DL_Key@VInteger@CryptoPP@@@CryptoPP@@QEAA@AEBV01@@Z

??0?$DL_Key@VInteger@CryptoPP@@@CryptoPP@@QEAA@XZ

??0?$DL_KeyImpl@VPKCS8PrivateKey@CryptoPP@@V?$DL_GroupParameters_EC@VEC2N@CryptoPP@@@2@VOID@2@@CryptoPP@@QEAA@AEBV01@@Z

??0?$DL_KeyImpl@VPKCS8PrivateKey@CryptoPP@@V?$DL_GroupParameters_EC@VEC2N@CryptoPP@@@2@VOID@2@@CryptoPP@@QEAA@XZ

??0?$DL_KeyImpl@VPKCS8PrivateKey@CryptoPP@@V?$DL_GroupParameters_EC@VECP@CryptoPP@@@2@VOID@2@@CryptoPP@@QEAA@AEBV01@@Z

??0?$DL_KeyImpl@VPKCS8PrivateKey@CryptoPP@@V?$DL_GroupParameters_EC@VECP@CryptoPP@@@2@VOID@2@@CryptoPP@@QEAA@XZ

??0?$DL_KeyImpl@VPKCS8PrivateKey@CryptoPP@@VDL_GroupParameters_DSA@2@VOID@2@@CryptoPP@@QEAA@AEBV01@@Z

??0?$DL_KeyImpl@VPKCS8PrivateKey@CryptoPP@@VDL_GroupParameters_DSA@2@VOID@2@@CryptoPP@@QEAA@XZ

??0?$DL_KeyImpl@VX509PublicKey@CryptoPP@@V?$DL_GroupParameters_EC@VEC2N@CryptoPP@@@2@VOID@2@@CryptoPP@@QEAA@AEBV01@@Z

??0?$DL_KeyImpl@VX509PublicKey@CryptoPP@@V?$DL_GroupParameters_EC@VEC2N@CryptoPP@@@2@VOID@2@@CryptoPP@@QEAA@XZ

??0?$DL_KeyImpl@VX509PublicKey@CryptoPP@@V?$DL_GroupParameters_EC@VECP@CryptoPP@@@2@VOID@2@@CryptoPP@@QEAA@AEBV01@@Z

??0?$DL_KeyImpl@VX509PublicKey@CryptoPP@@V?$DL_GroupParameters_EC@VECP@CryptoPP@@@2@VOID@2@@CryptoPP@@QEAA@XZ

??0?$DL_KeyImpl@VX509PublicKey@CryptoPP@@VDL_GroupParameters_DSA@2@VOID@2@@CryptoPP@@QEAA@AEBV01@@Z

??0?$DL_KeyImpl@VX509PublicKey@CryptoPP@@VDL_GroupParameters_DSA@2@VOID@2@@CryptoPP@@QEAA@XZ

??0?$DL_PrivateKey@UEC2NPoint@CryptoPP@@@CryptoPP@@QEAA@AEBV01@@Z

??0?$DL_PrivateKey@UEC2NPoint@CryptoPP@@@CryptoPP@@QEAA@XZ

??0?$DL_PrivateKey@UECPPoint@CryptoPP@@@CryptoPP@@QEAA@AEBV01@@Z

??0?$DL_PrivateKey@UECPPoint@CryptoPP@@@CryptoPP@@QEAA@XZ

??0?$DL_PrivateKey@VInteger@CryptoPP@@@CryptoPP@@QEAA@AEBV01@@Z

??0?$DL_PrivateKey@VInteger@CryptoPP@@@CryptoPP@@QEAA@XZ

??0?$DL_PrivateKeyImpl@V?$DL_GroupParameters_EC@VEC2N@CryptoPP@@@CryptoPP@@@CryptoPP@@QEAA@AEBV01@@Z

??0?$DL_PrivateKeyImpl@V?$DL_GroupParameters_EC@VEC2N@CryptoPP@@@CryptoPP@@@CryptoPP@@QEAA@XZ

??0?$DL_PrivateKeyImpl@V?$DL_GroupParameters_EC@VECP@CryptoPP@@@CryptoPP@@@CryptoPP@@QEAA@AEBV01@@Z

??0?$DL_PrivateKeyImpl@V?$DL_GroupParameters_EC@VECP@CryptoPP@@@CryptoPP@@@CryptoPP@@QEAA@XZ

??0?$DL_PrivateKeyImpl@VDL_GroupParameters_DSA@CryptoPP@@@CryptoPP@@QEAA@AEBV01@@Z

??0?$DL_PrivateKeyImpl@VDL_GroupParameters_DSA@CryptoPP@@@CryptoPP@@QEAA@XZ

??0?$DL_PrivateKey_EC@VEC2N@CryptoPP@@@CryptoPP@@QEAA@AEBV01@@Z

??0?$DL_PrivateKey_EC@VEC2N@CryptoPP@@@CryptoPP@@QEAA@XZ

??0?$DL_PrivateKey_EC@VECP@CryptoPP@@@CryptoPP@@QEAA@AEBV01@@Z

??0?$DL_PrivateKey_EC@VECP@CryptoPP@@@CryptoPP@@QEAA@XZ

??0?$DL_PrivateKey_ECGDSA@VEC2N@CryptoPP@@@CryptoPP@@QEAA@AEBV01@@Z

??0?$DL_PrivateKey_ECGDSA@VEC2N@CryptoPP@@@CryptoPP@@QEAA@XZ

??0?$DL_PrivateKey_ECGDSA@VECP@CryptoPP@@@CryptoPP@@QEAA@AEBV01@@Z

??0?$DL_PrivateKey_ECGDSA@VECP@CryptoPP@@@CryptoPP@@QEAA@XZ

??0?$DL_PrivateKey_GFP@VDL_GroupParameters_DSA@CryptoPP@@@CryptoPP@@QEAA@AEBV01@@Z

??0?$DL_PrivateKey_GFP@VDL_GroupParameters_DSA@CryptoPP@@@CryptoPP@@QEAA@XZ

??0?$DL_PrivateKey_WithSignaturePairwiseConsistencyTest@V?$DL_PrivateKey_EC@VEC2N@CryptoPP@@@CryptoPP@@U?$ECDSA@VEC2N@CryptoPP@@VSHA256@2@@2@@CryptoPP@@QEAA@AEBV01@@Z

??0?$DL_PrivateKey_WithSignaturePairwiseConsistencyTest@V?$DL_PrivateKey_EC@VEC2N@CryptoPP@@@CryptoPP@@U?$ECDSA@VEC2N@CryptoPP@@VSHA256@2@@2@@CryptoPP@@QEAA@XZ

??0?$DL_PrivateKey_WithSignaturePairwiseConsistencyTest@V?$DL_PrivateKey_EC@VECP@CryptoPP@@@CryptoPP@@U?$ECDSA@VECP@CryptoPP@@VSHA256@2@@2@@CryptoPP@@QEAA@AEBV01@@Z

??0?$DL_PrivateKey_WithSignaturePairwiseConsistencyTest@V?$DL_PrivateKey_EC@VECP@CryptoPP@@@CryptoPP@@U?$ECDSA@VECP@CryptoPP@@VSHA256@2@@2@@CryptoPP@@QEAA@XZ

??0?$DL_PrivateKey_WithSignaturePairwiseConsistencyTest@V?$DL_PrivateKey_GFP@VDL_GroupParameters_DSA@CryptoPP@@@CryptoPP@@V?$DSA2@VSHA1@CryptoPP@@@2@@CryptoPP@@QEAA@AEBV01@@Z

??0?$DL_PrivateKey_WithSignaturePairwiseConsistencyTest@V?$DL_PrivateKey_GFP@VDL_GroupParameters_DSA@CryptoPP@@@CryptoPP@@V?$DSA2@VSHA1@CryptoPP@@@2@@CryptoPP@@QEAA@XZ

??0?$DL_PublicKey@UEC2NPoint@CryptoPP@@@CryptoPP@@QEAA@AEBV01@@Z

??0?$DL_PublicKey@UEC2NPoint@CryptoPP@@@CryptoPP@@QEAA@XZ

??0?$DL_PublicKey@UECPPoint@CryptoPP@@@CryptoPP@@QEAA@AEBV01@@Z

??0?$DL_PublicKey@UECPPoint@CryptoPP@@@CryptoPP@@QEAA@XZ

??0?$DL_PublicKey@VInteger@CryptoPP@@@CryptoPP@@QEAA@AEBV01@@Z

??0?$DL_PublicKey@VInteger@CryptoPP@@@CryptoPP@@QEAA@XZ

??0?$DL_PublicKeyImpl@V?$DL_GroupParameters_EC@VEC2N@CryptoPP@@@CryptoPP@@@CryptoPP@@QEAA@AEBV01@@Z

??0?$DL_PublicKeyImpl@V?$DL_GroupParameters_EC@VEC2N@CryptoPP@@@CryptoPP@@@CryptoPP@@QEAA@XZ

??0?$DL_PublicKeyImpl@V?$DL_GroupParameters_EC@VECP@CryptoPP@@@CryptoPP@@@CryptoPP@@QEAA@AEBV01@@Z

??0?$DL_PublicKeyImpl@V?$DL_GroupParameters_EC@VECP@CryptoPP@@@CryptoPP@@@CryptoPP@@QEAA@XZ

??0?$DL_PublicKeyImpl@VDL_GroupParameters_DSA@CryptoPP@@@CryptoPP@@QEAA@AEBV01@@Z

??0?$DL_PublicKeyImpl@VDL_GroupParameters_DSA@CryptoPP@@@CryptoPP@@QEAA@XZ

??0?$DL_PublicKey_EC@VEC2N@CryptoPP@@@CryptoPP@@QEAA@AEBV01@@Z

??0?$DL_PublicKey_EC@VEC2N@CryptoPP@@@CryptoPP@@QEAA@XZ

??0?$DL_PublicKey_EC@VECP@CryptoPP@@@CryptoPP@@QEAA@AEBV01@@Z

??0?$DL_PublicKey_EC@VECP@CryptoPP@@@CryptoPP@@QEAA@XZ

??0?$DL_PublicKey_ECGDSA@VEC2N@CryptoPP@@@CryptoPP@@QEAA@AEBV01@@Z

??0?$DL_PublicKey_ECGDSA@VEC2N@CryptoPP@@@CryptoPP@@QEAA@XZ

??0?$DL_PublicKey_ECGDSA@VECP@CryptoPP@@@CryptoPP@@QEAA@AEBV01@@Z

??0?$DL_PublicKey_ECGDSA@VECP@CryptoPP@@@CryptoPP@@QEAA@XZ

??0?$DL_PublicKey_GFP@VDL_GroupParameters_DSA@CryptoPP@@@CryptoPP@@QEAA@AEBV01@@Z

??0?$DL_PublicKey_GFP@VDL_GroupParameters_DSA@CryptoPP@@@CryptoPP@@QEAA@XZ

??0?$DL_SimpleKeyAgreementDomainBase@VInteger@CryptoPP@@@CryptoPP@@QEAA@AEBV01@@Z

??0?$DL_SimpleKeyAgreementDomainBase@VInteger@CryptoPP@@@CryptoPP@@QEAA@XZ

??0?$EMSA2HashIdLookup@VPK_DeterministicSignatureMessageEncodingMethod@CryptoPP@@@CryptoPP@@QEAA@AEBV01@@Z

??0?$EMSA2HashIdLookup@VPK_DeterministicSignatureMessageEncodingMethod@CryptoPP@@@CryptoPP@@QEAA@XZ

??0?$EncodedPoint@UEC2NPoint@CryptoPP@@@CryptoPP@@QEAA@AEBV01@@Z

??0?$EncodedPoint@UEC2NPoint@CryptoPP@@@CryptoPP@@QEAA@XZ

??0?$EncodedPoint@UECPPoint@CryptoPP@@@CryptoPP@@QEAA@AEBV01@@Z

??0?$EncodedPoint@UECPPoint@CryptoPP@@@CryptoPP@@QEAA@XZ

??0?$EuclideanDomainOf@VPolynomialMod2@CryptoPP@@@CryptoPP@@QEAA@$$QEAV01@@Z

??0?$EuclideanDomainOf@VPolynomialMod2@CryptoPP@@@CryptoPP@@QEAA@AEBV01@@Z

??0?$EuclideanDomainOf@VPolynomialMod2@CryptoPP@@@CryptoPP@@QEAA@XZ

??0?$InputRejecting@VBufferedTransformation@CryptoPP@@@CryptoPP@@QEAA@AEBV01@@Z

??0?$InputRejecting@VBufferedTransformation@CryptoPP@@@CryptoPP@@QEAA@XZ

??0?$InputRejecting@VFilter@CryptoPP@@@CryptoPP@@QEAA@XZ

??0?$IteratedHash@IU?$EnumToType@W4ByteOrder@CryptoPP@@$00@CryptoPP@@$0EA@VHashTransformation@2@@CryptoPP@@QEAA@AEBV01@@Z

??0?$IteratedHash@IU?$EnumToType@W4ByteOrder@CryptoPP@@$00@CryptoPP@@$0EA@VHashTransformation@2@@CryptoPP@@QEAA@XZ

??0?$IteratedHash@_KU?$EnumToType@W4ByteOrder@CryptoPP@@$00@CryptoPP@@$0IA@VHashTransformation@2@@CryptoPP@@QEAA@AEBV01@@Z

??0?$IteratedHash@_KU?$EnumToType@W4ByteOrder@CryptoPP@@$00@CryptoPP@@$0IA@VHashTransformation@2@@CryptoPP@@QEAA@XZ

??0?$IteratedHashBase@IVHashTransformation@CryptoPP@@@CryptoPP@@QEAA@AEBV01@@Z

??0?$IteratedHashBase@IVHashTransformation@CryptoPP@@@CryptoPP@@QEAA@XZ

??0?$IteratedHashBase@_KVHashTransformation@CryptoPP@@@CryptoPP@@QEAA@AEBV01@@Z

??0?$IteratedHashBase@_KVHashTransformation@CryptoPP@@@CryptoPP@@QEAA@XZ

??0?$IteratedHashWithStaticTransform@IU?$EnumToType@W4ByteOrder@CryptoPP@@$00@CryptoPP@@$0EA@$0BE@VSHA1@2@$0A@$0A@@CryptoPP@@IEAA@XZ

??0?$IteratedHashWithStaticTransform@IU?$EnumToType@W4ByteOrder@CryptoPP@@$00@CryptoPP@@$0EA@$0BE@VSHA1@2@$0A@$0A@@CryptoPP@@QEAA@AEBV01@@Z

??0?$IteratedHashWithStaticTransform@IU?$EnumToType@W4ByteOrder@CryptoPP@@$00@CryptoPP@@$0EA@$0CA@VSHA224@2@$0BM@$00@CryptoPP@@IEAA@XZ

??0?$IteratedHashWithStaticTransform@IU?$EnumToType@W4ByteOrder@CryptoPP@@$00@CryptoPP@@$0EA@$0CA@VSHA224@2@$0BM@$00@CryptoPP@@QEAA@AEBV01@@Z

??0?$IteratedHashWithStaticTransform@IU?$EnumToType@W4ByteOrder@CryptoPP@@$00@CryptoPP@@$0EA@$0CA@VSHA256@2@$0CA@$00@CryptoPP@@IEAA@XZ

??0?$IteratedHashWithStaticTransform@IU?$EnumToType@W4ByteOrder@CryptoPP@@$00@CryptoPP@@$0EA@$0CA@VSHA256@2@$0CA@$00@CryptoPP@@QEAA@AEBV01@@Z

??0?$IteratedHashWithStaticTransform@_KU?$EnumToType@W4ByteOrder@CryptoPP@@$00@CryptoPP@@$0IA@$0EA@VSHA384@2@$0DA@$00@CryptoPP@@IEAA@XZ

??0?$IteratedHashWithStaticTransform@_KU?$EnumToType@W4ByteOrder@CryptoPP@@$00@CryptoPP@@$0IA@$0EA@VSHA384@2@$0DA@$00@CryptoPP@@QEAA@AEBV01@@Z

??0?$IteratedHashWithStaticTransform@_KU?$EnumToType@W4ByteOrder@CryptoPP@@$00@CryptoPP@@$0IA@$0EA@VSHA512@2@$0EA@$00@CryptoPP@@IEAA@XZ

??0?$IteratedHashWithStaticTransform@_KU?$EnumToType@W4ByteOrder@CryptoPP@@$00@CryptoPP@@$0IA@$0EA@VSHA512@2@$0EA@$00@CryptoPP@@QEAA@AEBV01@@Z

??0?$ModePolicyCommonTemplate@UAdditiveCipherAbstractPolicy@CryptoPP@@@CryptoPP@@QEAA@AEBV01@@Z

??0?$ModePolicyCommonTemplate@UAdditiveCipherAbstractPolicy@CryptoPP@@@CryptoPP@@QEAA@XZ

??0?$ModePolicyCommonTemplate@VCFB_CipherAbstractPolicy@CryptoPP@@@CryptoPP@@QEAA@AEBV01@@Z

??0?$ModePolicyCommonTemplate@VCFB_CipherAbstractPolicy@CryptoPP@@@CryptoPP@@QEAA@XZ

??0?$Multichannel@VFilter@CryptoPP@@@CryptoPP@@QEAA@XZ

??0?$Multichannel@VSink@CryptoPP@@@CryptoPP@@QEAA@AEBV01@@Z

??0?$Multichannel@VSink@CryptoPP@@@CryptoPP@@QEAA@XZ

??0?$OAEP@VSHA1@CryptoPP@@VP1363_MGF1@2@@CryptoPP@@QEAA@$$QEAV01@@Z

??0?$OAEP@VSHA1@CryptoPP@@VP1363_MGF1@2@@CryptoPP@@QEAA@AEBV01@@Z

??0?$OAEP@VSHA1@CryptoPP@@VP1363_MGF1@2@@CryptoPP@@QEAA@XZ

??0?$PK_FixedLengthCryptoSystemImpl@VPK_Decryptor@CryptoPP@@@CryptoPP@@QEAA@AEBV01@@Z

??0?$PK_FixedLengthCryptoSystemImpl@VPK_Decryptor@CryptoPP@@@CryptoPP@@QEAA@XZ

??0?$PK_FixedLengthCryptoSystemImpl@VPK_Encryptor@CryptoPP@@@CryptoPP@@QEAA@AEBV01@@Z

??0?$PK_FixedLengthCryptoSystemImpl@VPK_Encryptor@CryptoPP@@@CryptoPP@@QEAA@XZ

??0?$QuotientRing@V?$EuclideanDomainOf@VPolynomialMod2@CryptoPP@@@CryptoPP@@@CryptoPP@@QEAA@$$QEAV01@@Z

??0?$QuotientRing@V?$EuclideanDomainOf@VPolynomialMod2@CryptoPP@@@CryptoPP@@@CryptoPP@@QEAA@AEBV01@@Z

??0?$QuotientRing@V?$EuclideanDomainOf@VPolynomialMod2@CryptoPP@@@CryptoPP@@@CryptoPP@@QEAA@AEBV?$EuclideanDomainOf@VPolynomialMod2@CryptoPP@@@1@AEBVPolynomialMod2@1@@Z

??0?$SimpleKeyingInterfaceImpl@V?$TwoBases@VBlockCipher@CryptoPP@@UDES_EDE2_Info@2@@CryptoPP@@V12@@CryptoPP@@QEAA@AEBV01@@Z

??0?$SimpleKeyingInterfaceImpl@V?$TwoBases@VBlockCipher@CryptoPP@@UDES_EDE2_Info@2@@CryptoPP@@V12@@CryptoPP@@QEAA@XZ

??0?$SimpleKeyingInterfaceImpl@V?$TwoBases@VBlockCipher@CryptoPP@@UDES_EDE3_Info@2@@CryptoPP@@V12@@CryptoPP@@QEAA@AEBV01@@Z

??0?$SimpleKeyingInterfaceImpl@V?$TwoBases@VBlockCipher@CryptoPP@@UDES_EDE3_Info@2@@CryptoPP@@V12@@CryptoPP@@QEAA@XZ

??0?$SimpleKeyingInterfaceImpl@V?$TwoBases@VBlockCipher@CryptoPP@@URijndael_Info@2@@CryptoPP@@V12@@CryptoPP@@QEAA@AEBV01@@Z

??0?$SimpleKeyingInterfaceImpl@V?$TwoBases@VBlockCipher@CryptoPP@@URijndael_Info@2@@CryptoPP@@V12@@CryptoPP@@QEAA@XZ

??0?$SimpleKeyingInterfaceImpl@V?$TwoBases@VBlockCipher@CryptoPP@@USKIPJACK_Info@2@@CryptoPP@@V12@@CryptoPP@@QEAA@AEBV01@@Z

??0?$SimpleKeyingInterfaceImpl@V?$TwoBases@VBlockCipher@CryptoPP@@USKIPJACK_Info@2@@CryptoPP@@V12@@CryptoPP@@QEAA@XZ

??0?$SourceTemplate@VFileStore@CryptoPP@@@CryptoPP@@QEAA@PEAVBufferedTransformation@1@@Z

??0?$SourceTemplate@VRandomNumberStore@CryptoPP@@@CryptoPP@@QEAA@PEAVBufferedTransformation@1@@Z

??0?$SourceTemplate@VStringStore@CryptoPP@@@CryptoPP@@QEAA@PEAVBufferedTransformation@1@@Z

??0?$StringSinkTemplate@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@CryptoPP@@QEAA@AEAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z

??0?$StringSinkTemplate@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@CryptoPP@@QEAA@AEBV01@@Z

??0?$StringSinkTemplate@V?$vector@EV?$allocator@E@std@@@std@@@CryptoPP@@QEAA@AEAV?$vector@EV?$allocator@E@std@@@std@@@Z

??0?$StringSinkTemplate@V?$vector@EV?$allocator@E@std@@@std@@@CryptoPP@@QEAA@AEBV01@@Z

??0?$TF_Base@VRandomizedTrapdoorFunction@CryptoPP@@VPK_EncryptionMessageEncodingMethod@2@@CryptoPP@@QEAA@AEBV01@@Z

??0?$TF_Base@VRandomizedTrapdoorFunction@CryptoPP@@VPK_EncryptionMessageEncodingMethod@2@@CryptoPP@@QEAA@XZ

??0?$TF_Base@VRandomizedTrapdoorFunctionInverse@CryptoPP@@VPK_SignatureMessageEncodingMethod@2@@CryptoPP@@QEAA@AEBV01@@Z

??0?$TF_Base@VRandomizedTrapdoorFunctionInverse@CryptoPP@@VPK_SignatureMessageEncodingMethod@2@@CryptoPP@@QEAA@XZ

??0?$TF_Base@VTrapdoorFunction@CryptoPP@@VPK_SignatureMessageEncodingMethod@2@@CryptoPP@@QEAA@AEBV01@@Z

??0?$TF_Base@VTrapdoorFunction@CryptoPP@@VPK_SignatureMessageEncodingMethod@2@@CryptoPP@@QEAA@XZ

??0?$TF_Base@VTrapdoorFunctionInverse@CryptoPP@@VPK_EncryptionMessageEncodingMethod@2@@CryptoPP@@QEAA@AEBV01@@Z

??0?$TF_Base@VTrapdoorFunctionInverse@CryptoPP@@VPK_EncryptionMessageEncodingMethod@2@@CryptoPP@@QEAA@XZ

??0?$TF_CryptoSystemBase@VPK_Decryptor@CryptoPP@@V?$TF_Base@VTrapdoorFunctionInverse@CryptoPP@@VPK_EncryptionMessageEncodingMethod@2@@2@@CryptoPP@@QEAA@AEBV01@@Z

??0?$TF_CryptoSystemBase@VPK_Decryptor@CryptoPP@@V?$TF_Base@VTrapdoorFunctionInverse@CryptoPP@@VPK_EncryptionMessageEncodingMethod@2@@2@@CryptoPP@@QEAA@XZ

??0?$TF_CryptoSystemBase@VPK_Encryptor@CryptoPP@@V?$TF_Base@VRandomizedTrapdoorFunction@CryptoPP@@VPK_EncryptionMessageEncodingMethod@2@@2@@CryptoPP@@QEAA@AEBV01@@Z

??0?$TF_CryptoSystemBase@VPK_Encryptor@CryptoPP@@V?$TF_Base@VRandomizedTrapdoorFunction@CryptoPP@@VPK_EncryptionMessageEncodingMethod@2@@2@@CryptoPP@@QEAA@XZ

??0?$TF_SignatureSchemeBase@VPK_Signer@CryptoPP@@V?$TF_Base@VRandomizedTrapdoorFunctionInverse@CryptoPP@@VPK_SignatureMessageEncodingMethod@2@@2@@CryptoPP@@QEAA@AEBV01@@Z

??0?$TF_SignatureSchemeBase@VPK_Signer@CryptoPP@@V?$TF_Base@VRandomizedTrapdoorFunctionInverse@CryptoPP@@VPK_SignatureMessageEncodingMethod@2@@2@@CryptoPP@@QEAA@XZ

??0?$TF_SignatureSchemeBase@VPK_Verifier@CryptoPP@@V?$TF_Base@VTrapdoorFunction@CryptoPP@@VPK_SignatureMessageEncodingMethod@2@@2@@CryptoPP@@QEAA@AEBV01@@Z

??0?$TF_SignatureSchemeBase@VPK_Verifier@CryptoPP@@V?$TF_Base@VTrapdoorFunction@CryptoPP@@VPK_SignatureMessageEncodingMethod@2@@2@@CryptoPP@@QEAA@XZ

??0?$TwoBases@VBlockCipher@CryptoPP@@UDES_EDE2_Info@2@@CryptoPP@@QEAA@AEBV01@@Z

??0?$TwoBases@VBlockCipher@CryptoPP@@UDES_EDE2_Info@2@@CryptoPP@@QEAA@XZ

??0?$TwoBases@VBlockCipher@CryptoPP@@UDES_EDE3_Info@2@@CryptoPP@@QEAA@AEBV01@@Z

??0?$TwoBases@VBlockCipher@CryptoPP@@UDES_EDE3_Info@2@@CryptoPP@@QEAA@XZ

??0?$TwoBases@VBlockCipher@CryptoPP@@URijndael_Info@2@@CryptoPP@@QEAA@AEBV01@@Z

??0?$TwoBases@VBlockCipher@CryptoPP@@URijndael_Info@2@@CryptoPP@@QEAA@XZ

??0?$TwoBases@VBlockCipher@CryptoPP@@USKIPJACK_Info@2@@CryptoPP@@QEAA@AEBV01@@Z

??0?$TwoBases@VBlockCipher@CryptoPP@@USKIPJACK_Info@2@@CryptoPP@@QEAA@XZ

??0?$Unflushable@V?$Multichannel@VFilter@CryptoPP@@@CryptoPP@@@CryptoPP@@QEAA@XZ

??0?$Unflushable@VFilter@CryptoPP@@@CryptoPP@@QEAA@XZ

??0ASN1Object@CryptoPP@@QEAA@AEBV01@@Z

??0ASN1Object@CryptoPP@@QEAA@XZ

??0AdditiveCipherAbstractPolicy@CryptoPP@@QEAA@AEBU01@@Z

??0AdditiveCipherAbstractPolicy@CryptoPP@@QEAA@XZ

??0Algorithm@CryptoPP@@QEAA@AEBV01@@Z

??0Algorithm@CryptoPP@@QEAA@_N@Z

??0AlgorithmParameters@CryptoPP@@QEAA@AEBV01@@Z

??0AlgorithmParameters@CryptoPP@@QEAA@XZ

??0AlgorithmParametersBase@CryptoPP@@QEAA@AEBV01@@Z

??0AlgorithmParametersBase@CryptoPP@@QEAA@PEBD_N@Z

??0ArraySink@CryptoPP@@QEAA@AEBV01@@Z

??0ArraySink@CryptoPP@@QEAA@AEBVNameValuePairs@1@@Z

??0ArraySink@CryptoPP@@QEAA@PEAE_K@Z

??0ArrayXorSink@CryptoPP@@QEAA@AEBV01@@Z

??0ArrayXorSink@CryptoPP@@QEAA@PEAE_K@Z

??0AsymmetricAlgorithm@CryptoPP@@QEAA@AEBV01@@Z

??0AsymmetricAlgorithm@CryptoPP@@QEAA@XZ

??0AuthenticatedDecryptionFilter@CryptoPP@@QEAA@AEAVAuthenticatedSymmetricCipher@1@PEAVBufferedTransformation@1@IHW4BlockPaddingScheme@BlockPaddingSchemeDef@1@@Z

??0AuthenticatedEncryptionFilter@CryptoPP@@QEAA@AEAVAuthenticatedSymmetricCipher@1@PEAVBufferedTransformation@1@_NHAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@W4BlockPaddingScheme@BlockPaddingSchemeDef@1@@Z

??0AuthenticatedKeyAgreementDomain@CryptoPP@@QEAA@AEBV01@@Z

??0AuthenticatedKeyAgreementDomain@CryptoPP@@QEAA@XZ

??0AuthenticatedSymmetricCipher@CryptoPP@@QEAA@AEBV01@@Z

??0AuthenticatedSymmetricCipher@CryptoPP@@QEAA@XZ

??0AuthenticatedSymmetricCipherBase@CryptoPP@@QEAA@$$QEAV01@@Z

??0AuthenticatedSymmetricCipherBase@CryptoPP@@QEAA@AEBV01@@Z

??0AuthenticatedSymmetricCipherBase@CryptoPP@@QEAA@XZ

??0AutoSeededRandomPool@CryptoPP@@QEAA@_NI@Z

??0BERDecodeErr@CryptoPP@@QEAA@$$QEAV01@@Z

??0BERDecodeErr@CryptoPP@@QEAA@AEBV01@@Z

??0BERDecodeErr@CryptoPP@@QEAA@AEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z

??0BERDecodeErr@CryptoPP@@QEAA@XZ

??0BERGeneralDecoder@CryptoPP@@QEAA@AEAV01@E@Z

??0BERGeneralDecoder@CryptoPP@@QEAA@AEAVBufferedTransformation@1@E@Z

??0BERGeneralDecoder@CryptoPP@@QEAA@AEBV01@@Z

??0BERSequenceDecoder@CryptoPP@@QEAA@AEAV01@E@Z

??0BERSequenceDecoder@CryptoPP@@QEAA@AEAVBufferedTransformation@1@E@Z

??0BERSetDecoder@CryptoPP@@QEAA@AEAV01@E@Z

??0BERSetDecoder@CryptoPP@@QEAA@AEAVBufferedTransformation@1@E@Z

??0Base@DES_EDE2@CryptoPP@@QEAA@$$QEAV012@@Z

??0Base@DES_EDE2@CryptoPP@@QEAA@AEBV012@@Z

??0Base@DES_EDE2@CryptoPP@@QEAA@XZ

??0Base@DES_EDE3@CryptoPP@@QEAA@$$QEAV012@@Z

??0Base@DES_EDE3@CryptoPP@@QEAA@AEBV012@@Z

??0Base@DES_EDE3@CryptoPP@@QEAA@XZ

??0Base@Rijndael@CryptoPP@@QEAA@$$QEAV012@@Z

??0Base@Rijndael@CryptoPP@@QEAA@AEBV012@@Z

??0Base@Rijndael@CryptoPP@@QEAA@XZ

??0Base@SKIPJACK@CryptoPP@@QEAA@$$QEAV012@@Z

??0Base@SKIPJACK@CryptoPP@@QEAA@AEBV012@@Z

??0Base@SKIPJACK@CryptoPP@@QEAA@XZ

??0BaseN_Decoder@CryptoPP@@QEAA@PEAVBufferedTransformation@1@@Z

??0BaseN_Decoder@CryptoPP@@QEAA@PEBHHPEAVBufferedTransformation@1@@Z

??0BaseN_Encoder@CryptoPP@@QEAA@PEAVBufferedTransformation@1@@Z

??0BaseN_Encoder@CryptoPP@@QEAA@PEBEHPEAVBufferedTransformation@1@H@Z

??0BitBucket@CryptoPP@@QEAA@$$QEAV01@@Z

??0BitBucket@CryptoPP@@QEAA@AEBV01@@Z

??0BitBucket@CryptoPP@@QEAA@XZ

??0BlockCipher@CryptoPP@@QEAA@$$QEAV01@@Z

??0BlockCipher@CryptoPP@@QEAA@AEBV01@@Z

??0BlockCipher@CryptoPP@@QEAA@XZ

??0BlockOrientedCipherModeBase@CryptoPP@@QEAA@AEBV01@@Z

??0BlockOrientedCipherModeBase@CryptoPP@@QEAA@XZ

??0BlockTransformation@CryptoPP@@QEAA@AEBV01@@Z

??0BlockTransformation@CryptoPP@@QEAA@XZ

??0BufferedTransformation@CryptoPP@@QEAA@AEBV01@@Z

??0BufferedTransformation@CryptoPP@@QEAA@XZ

??0ByteQueue@CryptoPP@@QEAA@AEBV01@@Z

??0ByteQueue@CryptoPP@@QEAA@_K@Z

??0CBC_CTS_Decryption@CryptoPP@@QEAA@$$QEAV01@@Z

??0CBC_CTS_Decryption@CryptoPP@@QEAA@AEBV01@@Z

??0CBC_CTS_Decryption@CryptoPP@@QEAA@XZ

??0CBC_CTS_Encryption@CryptoPP@@QEAA@$$QEAV01@@Z

??0CBC_CTS_Encryption@CryptoPP@@QEAA@AEBV01@@Z

??0CBC_CTS_Encryption@CryptoPP@@QEAA@XZ

??0CBC_Decryption@CryptoPP@@QEAA@AEBV01@@Z

??0CBC_Decryption@CryptoPP@@QEAA@XZ

??0CBC_Encryption@CryptoPP@@QEAA@$$QEAV01@@Z

??0CBC_Encryption@CryptoPP@@QEAA@AEBV01@@Z

??0CBC_Encryption@CryptoPP@@QEAA@XZ

??0CBC_MAC_Base@CryptoPP@@QEAA@$$QEAV01@@Z

??0CBC_MAC_Base@CryptoPP@@QEAA@AEBV01@@Z

??0CBC_MAC_Base@CryptoPP@@QEAA@XZ

??0CBC_ModeBase@CryptoPP@@QEAA@$$QEAV01@@Z

??0CBC_ModeBase@CryptoPP@@QEAA@AEBV01@@Z

??0CBC_ModeBase@CryptoPP@@QEAA@XZ

??0CCM_Base@CryptoPP@@QEAA@$$QEAV01@@Z

??0CCM_Base@CryptoPP@@QEAA@AEBV01@@Z

??0CCM_Base@CryptoPP@@QEAA@XZ

??0CFB_CipherAbstractPolicy@CryptoPP@@QEAA@AEBV01@@Z

??0CFB_CipherAbstractPolicy@CryptoPP@@QEAA@XZ

??0CFB_ModePolicy@CryptoPP@@QEAA@AEBV01@@Z

??0CFB_ModePolicy@CryptoPP@@QEAA@XZ

??0CMAC_Base@CryptoPP@@QEAA@AEBV01@@Z

??0CMAC_Base@CryptoPP@@QEAA@XZ

??0CTR_ModePolicy@CryptoPP@@QEAA@AEBV01@@Z

??0CTR_ModePolicy@CryptoPP@@QEAA@XZ

??0CannotFlush@CryptoPP@@QEAA@$$QEAV01@@Z

??0CannotFlush@CryptoPP@@QEAA@AEBV01@@Z

??0CannotFlush@CryptoPP@@QEAA@AEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z

??0ChannelSwitch@CryptoPP@@QEAA@$$QEAV01@@Z

??0ChannelSwitch@CryptoPP@@QEAA@AEAVBufferedTransformation@1@@Z

??0ChannelSwitch@CryptoPP@@QEAA@AEAVBufferedTransformation@1@AEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z

??0ChannelSwitch@CryptoPP@@QEAA@AEBV01@@Z

??0ChannelSwitch@CryptoPP@@QEAA@XZ

??0CipherModeBase@CryptoPP@@IEAA@XZ

??0CipherModeBase@CryptoPP@@QEAA@AEBV01@@Z

??0Clonable@CryptoPP@@QEAA@AEBV01@@Z

??0Clonable@CryptoPP@@QEAA@XZ

??0CombinedNameValuePairs@CryptoPP@@QEAA@$$QEAV01@@Z

??0CombinedNameValuePairs@CryptoPP@@QEAA@AEBV01@@Z

??0CombinedNameValuePairs@CryptoPP@@QEAA@AEBVNameValuePairs@1@0@Z

??0CryptoMaterial@CryptoPP@@QEAA@AEBV01@@Z

??0CryptoMaterial@CryptoPP@@QEAA@XZ

??0CryptoParameters@CryptoPP@@QEAA@$$QEAV01@@Z

??0CryptoParameters@CryptoPP@@QEAA@AEBV01@@Z

??0CryptoParameters@CryptoPP@@QEAA@XZ

??0DERGeneralEncoder@CryptoPP@@QEAA@AEAV01@E@Z

??0DERGeneralEncoder@CryptoPP@@QEAA@AEAVBufferedTransformation@1@E@Z

??0DERSequenceEncoder@CryptoPP@@QEAA@AEAV01@E@Z

Sections

.text
Size: 23.4MB - Virtual size: 23.4MB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

.rdata
Size: 7.0MB - Virtual size: 7.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.data
Size: 1.8MB - Virtual size: 4.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.pdata
Size: 948KB - Virtual size: 948KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.didat
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

_RDATA
Size: 512B - Virtual size: 500B

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.rsrc
Size: 9.8MB - Virtual size: 9.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.reloc
Size: 277KB - Virtual size: 276KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_DISCARDABLE

IMAGE_SCN_MEM_READ

CSASASDSACSA/SystemInformer.exe

.exe windows:6 windows x64 arch:x64

027166c97025b87b2219a54ea593c913

Code Sign

05:9b:1b:57:9e:8e:21:32:e2:39:07:bd:a7:77:75:5c
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2013, 12:00

Not After

15/01/2038, 12:00

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

05:0a:5a:39:6d:03:ea:60:cd:53:68:b3:d7:ba:f7:a6
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

21/09/2023, 00:00

Not After

15/09/2026, 23:59

Subject

CN=Winsider Seminars & Solutions Inc.,O=Winsider Seminars & Solutions Inc.,L=Montréal,ST=Quebec,C=CA

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

34:a3:55:ba:42:bd:46:d2:68:b0:96:a7:9e:cf:07:98:02:6e:48:1a:ba:87:54:f5:df:b6:61:ab:8b:00:13:9f
Signer

Actual PE Digest

34:a3:55:ba:42:bd:46:d2:68:b0:96:a7:9e:cf:07:98:02:6e:48:1a:ba:87:54:f5:df:b6:61:ab:8b:00:13:9f

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

IMAGE_DLLCHARACTERISTICS_GUARD_CF

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

SystemInformer.pdb

Imports

comctl32

ord381

PropertySheetW

ord345

InitCommonControlsEx

CreatePropertySheetPageW

ImageList_CoCreateInstance

ntdll

NtSetEvent

NtCreateEvent

NtAlpcQueryInformation

NtReadVirtualMemory

NtReadFile

NtWriteFile

NtQueryInformationThread

NtSuspendProcess

NtResumeThread

NtWaitForSingleObject

NtSetInformationDebugObject

NtUnmapViewOfSection

RtlRaiseStatus

NtSetInformationProcess

NtShutdownSystem

NtDuplicateObject

NtInitiatePowerAction

NtClose

NtQueryInformationToken

NtResumeProcess

NtSetSystemPowerState

NtRemoveProcessDebug

NtQueryInformationProcess

RtlEnterCriticalSection

RtlLeaveCriticalSection

RtlDeleteCriticalSection

RtlInitializeCriticalSection

RtlSetHeapInformation

NtProtectVirtualMemory

NtSuspendThread

RtlExitUserProcess

NtFreeVirtualMemory

RtlQueryPerformanceFrequency

RtlNtStatusToDosErrorNoTeb

NtCreateDirectoryObject

RtlTimeFieldsToTime

RtlGUIDFromString

NtDuplicateToken

RtlRandomEx

RtlTimeToTimeFields

RtlCreateProcessReflection

RtlGetAce

RtlGetFullPathName_UEx

NtDelayExecution

RtlFindMessage

RtlStringFromGUID

RtlQueryPerformanceCounter

RtlCreateProcessParameters

NtQueryDefaultLocale

RtlCreateUserProcess

RtlGetDaclSecurityDescriptor

NtTerminateProcess

RtlExpandEnvironmentStrings_U

RtlFirstEntrySList

RtlUnicodeToMultiByteN

RtlDowncaseUnicodeChar

NtCreateThreadEx

NtAllocateVirtualMemory

RtlReAllocateHeap

TpSimpleTryPost

RtlUTF8ToUnicodeN

RtlMultiByteToUnicodeN

RtlMultiByteToUnicodeSize

RtlUnicodeToMultiByteSize

RtlUnicodeToUTF8N

RtlFindClearBitsAndSet

RtlInterlockedPopEntrySList

RtlGetVersion

NtUnlockFile

NtSetInformationFile

NtLockFile

NtFlushBuffersFile

NtQueryInformationFile

NtGetContextThread

LdrGetProcedureAddress

LdrUnloadDll

LdrLoadDll

NtQueryValueKey

NtQueryKey

NtOpenProcessToken

NtOpenThread

RtlQueueApcWow64Thread

NtOpenSymbolicLinkObject

NtEnumerateKey

NtGetNextProcess

NtUnloadDriver

NtEnumerateValueKey

NtQueueApcThread

NtOpenKey

RtlGetSaclSecurityDescriptor

RtlDosPathNameToNtPathName_U_WithStatus

RtlConvertSidToUnicodeString

NtQuerySymbolicLinkObject

NtOpenProcess

NtTerminateThread

NtCreateNamedPipeFile

NtGetNextThread

NtQueryInformationJobObject

NtSetSecurityObject

NtDeleteValueKey

NtWaitForMultipleObjects

NtDeviceIoControlFile

NtOpenDirectoryObject

RtlGetUnloadEventTraceEx

NtFsControlFile

NtQueryDirectoryObject

NtAdjustGroupsToken

NtSetSystemEnvironmentValueEx

NtOpenThreadToken

NtTraceControl

NtQuerySystemEnvironmentValueEx

RtlInitializeBitMap

RtlNumberOfSetBits

NtLoadKeyEx

NtCreateKey

NtEnumerateSystemEnvironmentValuesEx

NtQueueApcThreadEx

NtQuerySecurityAttributesToken

NtQueryObject

NtCreateFile

NtQueryDirectoryFile

NtOpenSection

NtQuerySecurityObject

NtSetValueKey

RtlQueryEnvironmentVariable

NtOpenFile

NtQueryFullAttributesFile

NtReleaseKeyedEvent

NtWaitForKeyedEvent

NtCreateKeyedEvent

NtLoadDriver

LdrFindResource_U

LdrAccessResource

RtlLengthSecurityDescriptor

RtlValidSecurityDescriptor

NtClearEvent

NtCreateSemaphore

NtFlushInstructionCache

RtlSetOwnerSecurityDescriptor

RtlGetControlSecurityDescriptor

RtlGetOwnerSecurityDescriptor

RtlGetGroupSecurityDescriptor

RtlSetControlSecurityDescriptor

RtlSetGroupSecurityDescriptor

TpWaitForIoCompletion

TpAllocIoCompletion

TpReleasePool

TpReleaseIoCompletion

TpAllocPool

TpSetPoolMinThreads

TpCancelAsyncIoOperation

TpStartAsyncIoOperation

TpSetPoolMaxThreads

NtSetTimer

NtAlertThread

NtCreateTimer

RtlCaptureContext

RtlLookupFunctionEntry

RtlVirtualUnwind

RtlUnwindEx

RtlPcToFileHeader

NtResetEvent

NtQueryVirtualMemory

NtQueryOpenSubKeysEx

NtQuerySection

NtMapViewOfSection

NtQueryVolumeInformationFile

NtAssignProcessToJobObject

NtTerminateJobObject

NtSystemDebugControl

NtOpenMutant

NtAdjustPrivilegesToken

RtlSetUnhandledExceptionFilter

RtlSetCurrentDirectory_U

NtCreateMutant

NtWriteVirtualMemory

NtQuerySystemInformation

NtSetSystemInformation

RtlDestroyQueryDebugBuffer

RtlQueryProcessDebugInformation

RtlCreateQueryDebugBuffer

RtlDestroyHeap

RtlAllocateHeap

RtlFreeHeap

RtlCreateHeap

RtlInterlockedPushEntrySList

RtlInterlockedFlushSList

RtlIpv4AddressToStringExW

RtlIpv6AddressToStringExW

NtQueryTimer

NtSetLowEventPair

NtPulseEvent

NtCancelTimer

NtQuerySemaphore

NtQueryEvent

NtSetHighEventPair

NtReleaseSemaphore

NtDeleteKey

RtlQueryElevationFlags

NtCreateSection

RtlAbsoluteToSelfRelativeSD

NtRequestWaitReplyPort

NtConnectPort

RtlSelfRelativeToAbsoluteSD2

RtlValidRelativeSecurityDescriptor

NtCreatePort

RtlSetDaclSecurityDescriptor

NtReplyWaitReceivePort

NtAcceptConnectPort

NtQueryAttributesFile

RtlUpcaseUnicodeChar

NtSetInformationToken

NtPowerInformation

NtTestAlert

NtSetInformationThread

RtlSizeHeap

NtIsProcessInJob

NtQuerySystemInformationEx

RtlRegisterWait

RtlDeregisterWaitEx

RtlCreateSecurityDescriptor

RtlCreateAcl

NtQueryMutant

RtlAddAccessAllowedAce

kernel32

FindFirstFileExW

FindClose

SetEndOfFile

WideCharToMultiByte

SetStdHandle

GetOEMCP

GetACP

IsValidCodePage

MultiByteToWideChar

GetCPInfo

GetStringTypeW

HeapReAlloc

GetLastError

SetConsoleCtrlHandler

FreeConsole

GetConsoleWindow

AllocConsole

LoadLibraryExW

LocalFree

SearchPathW

GetTimeFormatEx

GetLocaleInfoW

GetDateFormatEx

FormatMessageW

GetNumberFormatW

CreateProcessW

TlsSetValue

SetLastError

TlsAlloc

TlsGetValue

GlobalAlloc

GlobalFree

GlobalLock

GlobalUnlock

IsProcessorFeaturePresent

FreeLibrary

GetCurrentProcess

LocalAlloc

GlobalSize

EnumSystemLocalesW

GetUserDefaultLCID

IsValidLocale

LCMapStringW

FlsFree

FlsSetValue

FlsGetValue

FlsAlloc

HeapFree

HeapAlloc

SetFilePointerEx

GetFileSizeEx

GetModuleHandleExW

ExitProcess

GetModuleFileNameW

GetStdHandle

GetFileType

CreateFileW

GetConsoleOutputCP

WriteFile

CloseHandle

ReadConsoleW

GetConsoleMode

ReadFile

GetProcAddress

TlsFree

InitializeCriticalSectionAndSpinCount

DeleteCriticalSection

LeaveCriticalSection

EnterCriticalSection

EncodePointer

RaiseException

GetModuleHandleW

GetStartupInfoW

IsDebuggerPresent

InitializeSListHead

GetSystemTimeAsFileTime

GetCurrentThreadId

GetCurrentProcessId

QueryPerformanceCounter

TerminateProcess

SetUnhandledExceptionFilter

UnhandledExceptionFilter

GetCommandLineW

GetProcessHeap

FlushFileBuffers

WriteConsoleW

HeapSize

FindNextFileW

GetCommandLineA

user32

GetCapture

RegisterClassExW

UnregisterClassW

GetDC

GetFocus

CallWindowProcW

DefWindowProcW

LoadImageW

PostQuitMessage

KillTimer

SetCursor

TranslateMessage

IsDialogMessageW

SetTimer

DispatchMessageW

GetMessageW

TranslateAcceleratorW

IsChild

LoadAcceleratorsW

SendMessageTimeoutW

UpdateWindow

OpenWindowStationW

OpenDesktopW

CreateMenu

EndDeferWindowPos

ChangeWindowMessageFilterEx

IntersectRect

SetMenu

CloseDesktop

BeginDeferWindowPos

IsWindow

GetWindowPlacement

CreateWindowExW

CloseWindowStation

GetWindow

ShowWindowAsync

DeferWindowPos

MoveWindow

GetMonitorInfoW

IsHungAppWindow

SetActiveWindow

MonitorFromWindow

MonitorFromPoint

GetForegroundWindow

GetDoubleClickTime

CreateIconIndirect

GetProcessWindowStation

SetWindowTextW

EnumDesktopsW

ReleaseCapture

PtInRect

SetCapture

GetAsyncKeyState

SetWindowPlacement

GetGUIThreadInfo

PeekMessageW

MsgWaitForMultipleObjects

MonitorFromRect

MessageBoxW

GetScrollBarInfo

GetWindowDC

SetMenuInfo

GetIconInfo

FindWindowExW

GetWindowTextW

SystemParametersInfoW

CreateDialogIndirectParamW

GetDesktopWindow

LookupIconIdFromDirectoryEx

IsClipboardFormatAvailable

GetUserObjectInformationW

SetClipboardData

GetClipboardData

EnumWindows

LoadMenuIndirectW

DialogBoxIndirectParamW

InternalGetWindowText

EmptyClipboard

CloseClipboard

GetWindowInfo

OpenClipboard

GetActiveWindow

GetThreadDesktop

GetSystemMetrics

GetGuiResources

EnumChildWindows

GetPropW

CreateIconFromResourceEx

GetWindowTextLengthW

DestroyMenu

TrackPopupMenu

CreatePopupMenu

InsertMenuItemW

SetScrollPos

ShowCaret

EnableScrollBar

DestroyCaret

DragDetect

CreateCaret

SetCaretPos

GetScrollInfo

RegisterClipboardFormatW

SetScrollInfo

SetCursorPos

ScrollWindowEx

GetUpdateRect

GetMessageTime

DrawFocusRect

InvalidateRgn

WaitMessage

MessageBeep

GetMessagePos

GetUpdateRgn

IsIconic

SetForegroundWindow

GetDlgItem

ShowWindow

SendMessageW

DestroyWindow

LockWorkStation

ExitWindowsEx

IsWindowVisible

AllowSetForegroundWindow

GetShellWindow

GetWindowThreadProcessId

EnableWindow

GetParent

IsWindowEnabled

EndDialog

GetClassNameW

GetCursorPos

InvalidateRect

GetClientRect

FindWindowW

SetLayeredWindowAttributes

ClientToScreen

DestroyIcon

RedrawWindow

GetSubMenu

GetWindowLongPtrW

ScreenToClient

SetWindowLongPtrW

GetMenuItemCount

GetMenu

PostMessageW

GetKeyState

GetMenuItemInfoW

GetSysColorBrush

DrawTextW

GetSysColor

FillRect

MapWindowPoints

FrameRect

SetWindowPos

GetWindowRect

MapDialogRect

SetFocus

DrawIconEx

EnableMenuItem

BringWindowToTop

DeleteMenu

GetSystemMenu

EndPaint

BeginPaint

ReleaseDC

GetDCEx

GetAncestor

DrawFrameControl

GetClassInfoExW

DrawEdge

TrackMouseEvent

gdi32

SaveDC

GetClipRgn

SelectClipRgn

RestoreDC

IntersectClipRect

SetBoundsRect

TextOutW

GetCharWidthW

Rectangle

GetDIBits

GetDeviceCaps

GdiAlphaBlend

CreateRectRgn

CombineRgn

PatBlt

ExcludeClipRect

CreateDIBSection

CreateFontW

Polyline

SetDCPenColor

GetTextMetricsW

GetTextColor

SetBkColor

GetTextExtentPoint32W

GetObjectW

RectVisible

GetStockObject

SetDCBrushColor

BitBlt

CreateCompatibleBitmap

SelectObject

CreateCompatibleDC

DeleteDC

SetTextColor

SetBkMode

CreateSolidBrush

CreateFontIndirectW

DeleteObject

advapi32

CloseServiceHandle

LsaClose

LsaAddAccountRights

CreateServiceW

StartServiceCtrlDispatcherW

SetServiceStatus

RegisterServiceCtrlHandlerExW

CreateProcessAsUserW

GetEffectiveRightsFromAclW

LsaSetSecurityObject

LsaQuerySecurityObject

SetSecurityInfo

GetSecurityInfo

GetInheritanceSourceW

LsaLookupSids

LsaFreeMemory

LsaLookupPrivilegeValue

LsaLookupPrivilegeDisplayName

LsaLookupNames2

LsaOpenPolicy

LsaEnumeratePrivileges

LsaLookupPrivilegeName

OpenSCManagerW

ChangeServiceConfig2W

DeleteService

SetServiceObjectSecurity

ControlService

EnumDependentServicesW

StartServiceW

EnumServicesStatusExW

QueryServiceConfigW

ChangeServiceConfigW

QueryServiceConfig2W

OpenServiceW

QueryServiceStatusEx

QueryServiceObjectSecurity

InitiateShutdownW

CreateProcessWithLogonW

LogonUserW

ole32

CoUninitialize

CoTaskMemFree

CoInitializeEx

CoSetProxyBlanket

Exports

KphEnumerateProcessHandles2

KphLevel

KphQueryHashInformationFile

PhAddElementAvlTree

PhAddEntryHashtable

PhAddEntryHashtableEx

PhAddItemArray

PhAddItemList

PhAddItemPointerList

PhAddItemSimpleHashtable

PhAddItemsArray

PhAddItemsList

PhAddJsonArrayObject

PhAddJsonObject

PhAddJsonObject2

PhAddJsonObjectInt64

PhAddJsonObjectUInt64

PhAddJsonObjectValue

PhAddLayoutItem

PhAddLayoutItemEx

PhAddListViewColumn

PhAddListViewGroup

PhAddListViewGroupItem

PhAddListViewItem

PhAddPlusMaxMemorySingles

PhAddProcessPropPage

PhAddProcessPropPage2

PhAddPropPageLayoutItem

PhAddSetting

PhAddSettings

PhAddTabControlTab

PhAddTreeNewFilter

PhAdjustPrivilege

PhAdjustRectangleToBounds

PhAdjustRectangleToWorkingArea

PhAllocate

PhAllocateExSafe

PhAllocateFromFreeList

PhAllocatePage

PhAllocateSafe

PhAppResolverGetAppIdForWindow

PhAppendBytesBuilder

PhAppendBytesBuilder2

PhAppendBytesBuilderEx

PhAppendCharStringBuilder

PhAppendCharStringBuilder2

PhAppendFormatStringBuilder

PhAppendFormatStringBuilder_V

PhAppendStringBuilder

PhAppendStringBuilderEx

PhApplyTreeNewFilters

PhApplyTreeNewFiltersToNode

PhAutoDereferenceObject

PhBitmapSetAlpha

PhBoostProvider

PhBufferToHexString

PhBufferToHexStringEx

PhCallKphQueryFileInformationWithTimeout

PhCenterRectangle

PhCenterWindow

PhChangeServiceConfig2

PhClearArray

PhClearCacheDirectory

PhClearCircularBuffer_FLOAT

PhClearCircularBuffer_PVOID

PhClearCircularBuffer_ULONG

PhClearCircularBuffer_ULONG64

PhClearHashtable

PhClearIgnoredSettings

PhClearList

PhCloseServiceHandle

PhCmLoadSettings

PhCmSaveSettings

PhCompareStringRef

PhCompareStringZNatural

PhCompareUnicodeStringZIgnoreMenuPrefix

PhConcatStringRef2

PhConcatStringRef3

PhConcatStrings

PhConcatStrings2

PhConcatStrings_V

PhConnectPipe

PhConvertIgnoredSettings

PhConvertMultiByteToUtf16

PhConvertMultiByteToUtf16Ex

PhConvertUtf16ToAsciiEx

PhConvertUtf16ToMultiByte

PhConvertUtf16ToMultiByteEx

PhConvertUtf16ToUtf8

PhConvertUtf16ToUtf8Buffer

PhConvertUtf16ToUtf8Ex

PhConvertUtf16ToUtf8Size

PhConvertUtf8ToUtf16

PhConvertUtf8ToUtf16Buffer

PhConvertUtf8ToUtf16Ex

PhConvertUtf8ToUtf16Size

PhCopyBytesZ

PhCopyCircularBuffer_FLOAT

PhCopyCircularBuffer_PVOID

PhCopyCircularBuffer_ULONG

PhCopyCircularBuffer_ULONG64

PhCopyConvertCircularBufferULONG

PhCopyListView

PhCopyListViewInfoTip

PhCopyStringZ

PhCopyStringZFromBytes

PhCopyStringZFromMultiByte

PhCountStringZ

PhCreateAlloc

PhCreateBytes

PhCreateBytesEx

PhCreateCacheFile

PhCreateDialog

PhCreateDirectoryFullPathWin32

PhCreateDirectoryWin32

PhCreateEMenu

PhCreateEMenuItem

PhCreateFile

PhCreateFileStream

PhCreateFileStream2

PhCreateFileWin32

PhCreateFileWin32Ex

PhCreateHashtable

PhCreateJsonArray

PhCreateJsonObject

PhCreateJsonParser

PhCreateJsonParserEx

PhCreateKey

PhCreateKsiSettingsBlob

PhCreateList

PhCreateNamedPipe

PhCreateObject

PhCreateObjectType

PhCreateObjectTypeEx

PhCreateOpenFileDialog

PhCreatePipe

PhCreatePointerList

PhCreateProcess

PhCreateProcessAsUser

PhCreateProcessPropContext

PhCreateProcessPropPageContext

PhCreateProcessPropPageContextEx

PhCreateProcessRedirection

PhCreateProcessWin32

PhCreateProcessWin32Ex

PhCreateSaveFileDialog

PhCreateSearchControl

PhCreateSecurityPage

PhCreateServiceListControl

PhCreateSimpleHashtable

PhCreateString

PhCreateString3

PhCreateStringEx

PhCreateSymbolProvider

PhCreateThread

PhCreateThread2

PhCreateThreadEx

PhCreateXmlNode

PhCreateXmlOpaqueNode

PhDecodeUnicodeDecoder

PhDelayExecution

PhDeleteArray

PhDeleteAutoPool

PhDeleteBytesBuilder

PhDeleteCacheFile

PhDeleteCallback

PhDeleteCircularBuffer_FLOAT

PhDeleteCircularBuffer_PVOID

PhDeleteCircularBuffer_ULONG

PhDeleteCircularBuffer_ULONG64

PhDeleteDirectoryWin32

PhDeleteFastLock

PhDeleteFile

PhDeleteFileWin32

PhDeleteFreeList

PhDeleteGraphState

PhDeleteImageVersionInfo

PhDeleteLayoutManager

PhDeleteMemoryItemList

PhDeleteProviderThread

PhDeleteStaticWindowIcon

PhDeleteStringBuilder

PhDeleteTreeNewColumnMenu

PhDeleteTreeNewFilterSupport

PhDeleteValueKey

PhDeleteWorkQueue

PhDereferenceObject

PhDereferenceObjectDeferDelete

PhDereferenceObjectEx

PhDereferenceProcessRecord

PhDeselectAllProcessNodes

PhDeselectAllServiceNodes

PhDestroyEMenu

PhDestroyEMenuItem

PhDestroyWindowIcon

PhDestroyWindowRemote

PhDetermineDosPathNameType

PhDevFreeObjects

PhDevGetObjects

PhDeviceIoControlFile

PhDeviceProviderInitialization

PhDialogBox

PhDisconnectNamedPipe

PhDivideSinglesBySingle

PhDnsFree

PhDnsQuery

PhDnsQuery2

PhDoPropPageLayout

PhDoesFileExist

PhDoesFileExistWin32

PhDosErrorToNtStatus

PhDosPathNameToNtPathName

PhDrainAutoPool

PhDrawGraphDirect

PhDrawTrayIconText

PhDuplicateBytesZ

PhDuplicateBytesZSafe

PhDuplicateProcessInformation

PhDuplicateProcessNodeList

PhDuplicateStringZ

PhEditSecurity

PhEllipsisString

PhEllipsisStringPath

PhEncodeUnicode

PhEnumAvlTree

PhEnumChildWindows

PhEnumDependentServices

PhEnumDirectoryFile

PhEnumDirectoryObjects

PhEnumFileStreams

PhEnumFirmwareEnvironmentValues

PhEnumGenericModules

PhEnumHashtable

PhEnumKernelModules

PhEnumNetworkItems

PhEnumNetworkItemsByProcessId

PhEnumNextProcess

PhEnumNextThread

PhEnumObjectIdInformation

PhEnumObjectTypes

PhEnumPagefiles

PhEnumPointerListEx

PhEnumProcessEnvironmentVariables

PhEnumProcessItems

PhEnumProcesses

PhEnumProcessesEx

PhEnumReparsePointInformation

PhEnumWindows

PhEnumerateKey

PhEnumeratePlugins

PhEnumeratePrivileges

PhEnumerateValueKey

PhEqualStringRef

PhEscapeCommandLinePart

PhEscapeStringForMenuPrefix

PhExecuteRunAsCommand2

PhExecuteRunAsCommand3

PhExpandAllProcessNodes

PhExpandEnvironmentStrings

PhExponentiate

PhExponentiate64

PhExtractIcon

PhExtractIconEx

PhFillMemoryUlong

PhFinalArrayItems

PhFinalBytesBuilderBytes

PhFinalHash

PhFinalStringBuilderString

PhFindCharInStringRef

PhFindEMenuItem

PhFindElementAvlTree

PhFindEntryHashtable

PhFindItemList

PhFindItemPointerList

PhFindItemSimpleHashtable

PhFindLastCharInStringRef

PhFindListViewItemByFlags

PhFindListViewItemByParam

PhFindNetworkNode

PhFindPlugin2

PhFindProcessInformation

PhFindProcessInformationByImageName

PhFindProcessNode

PhFindProcessRecord

PhFindServiceNode

PhFindStringInStringRef

PhFindXmlObject

PhFlushFileStream

PhFormat

PhFormatBytes

PhFormatBytes_V

PhFormatDate

PhFormatDateTime

PhFormatDecimal

PhFormatGuid

PhFormatImageVersionInfo

PhFormatLogEntry

PhFormatNativeKeyName

PhFormatSize

PhFormatString

PhFormatString_V

PhFormatTime

PhFormatTimeSpan

PhFormatTimeSpanRelative

PhFormatToBuffer

PhFormatUInt64

PhFree

PhFreeFileDialog

PhFreeJsonObject

PhFreeLibrary

PhFreeLibraryAsImageResource

PhFreePage

PhFreeToFreeList

PhFreeXmlObject

PhGenerateGuid

PhGenerateGuidFromName

PhGenerateRandomAlphaString

PhGenerateRandomNumber64

PhGetAccessEntries

PhGetAccessString

PhGetActiveProcessorCount

PhGetApplicationDataFileName

PhGetApplicationDirectory

PhGetApplicationDirectoryFileName

PhGetApplicationDirectoryWin32

PhGetApplicationFileNameWin32

PhGetApplicationIcon

PhGetApplicationIconEx

PhGetBaseDirectory

PhGetBaseName

PhGetClassObject

PhGetClientIdName

PhGetClientIdNameEx

PhGetComboBoxString

PhGetDeviceIcon

PhGetDeviceProperty

PhGetDeviceType

PhGetDialogItemValue

PhGetDllFileName

PhGetDllHandle

PhGetDpi

PhGetDpiValue

PhGetDrawInfoGraphBuffers

PhGetEnabledProvider

PhGetEtwPublisherName

PhGetFileDialogFileName

PhGetFileDialogFilterIndex

PhGetFileDialogOptions

PhGetFileFullAttributesInformation

PhGetFileName

PhGetFilePosition

PhGetFileSize

PhGetFileVersionFixedInfo

PhGetFileVersionInfo

PhGetFileVersionInfoEx

PhGetFileVersionInfoLangCodePage

PhGetFileVersionInfoString

PhGetFileVersionInfoString2

PhGetFilterSupportNetworkTreeList

PhGetFilterSupportProcessTreeList

PhGetFilterSupportServiceTreeList

PhGetFirmwareEnvironmentVariable

PhGetFullPath

PhGetGeneralCallback

PhGetGenericTreeNewLines

PhGetGlobalWorkQueue

PhGetHandleInformation

PhGetHandleInformationEx

PhGetImageListIcon

PhGetIntegerPairStringRefSetting

PhGetIntegerStringRefSetting

PhGetJobProcessIdList

PhGetJsonArrayIndexObject

PhGetJsonArrayLength

PhGetJsonArrayLong64

PhGetJsonArrayString

PhGetJsonObject

PhGetJsonObjectAsArrayList

PhGetJsonObjectBool

PhGetJsonObjectLength

PhGetJsonObjectType

PhGetJsonValueAsInt64

PhGetJsonValueAsString

PhGetJsonValueAsUInt64

PhGetKernelFileName

PhGetKernelFileName2

PhGetKnownFolderPath

PhGetKnownLocation

PhGetLineFromAddress

PhGetListBoxString

PhGetListViewContextMenuPoint

PhGetListViewItemImageIndex

PhGetListViewItemParam

PhGetListViewItemText

PhGetListViewSelectedItemText

PhGetMessage

PhGetModuleFromAddress

PhGetModuleProcAddress

PhGetMonitorDpi

PhGetNamedPipeClientComputerName

PhGetNamedPipeClientProcessId

PhGetNamedPipeServerProcessId

PhGetNtMessage

PhGetObjectSecurity

PhGetObjectType

PhGetObjectTypeInformation

PhGetObjectTypeName

PhGetOwnTokenAttributes

PhGetPhVersion

PhGetPhVersionHash

PhGetPhVersionNumbers

PhGetPluginCallback

PhGetPluginFileName

PhGetPluginInformation

PhGetPluginInterface

PhGetPluginName

PhGetPositionFileStream

PhGetPrimeNumber

PhGetProcedureAddress

PhGetProcedureAddressRemote

PhGetProcessCommandLine

PhGetProcessDepStatus

PhGetProcessDeviceMap

PhGetProcessEnvironment

PhGetProcessImageFileName

PhGetProcessImageFileNameByProcessId

PhGetProcessImageFileNameWin32

PhGetProcessIsDotNet

PhGetProcessIsDotNetEx

PhGetProcessIsSuspended

PhGetProcessKnownType

PhGetProcessKnownTypeEx

PhGetProcessMappedFileName

PhGetProcessPackageFullName

PhGetProcessPebString

PhGetProcessPriority

PhGetProcessPriorityClassString

PhGetProcessSmallImageList

PhGetProcessUnloadedDlls

PhGetProcessWindowTitle

PhGetProcessWorkingSetInformation

PhGetProcessWsCounters

PhGetProtocolTypeName

PhGetScalableIntegerPairStringRefSetting

PhGetSeObjectSecurity

PhGetSelectedAndPropagateProcessItems

PhGetSelectedListViewItemParam

PhGetSelectedListViewItemParams

PhGetSelectedProcessItem

PhGetSelectedProcessItems

PhGetSelectedProcessNodes

PhGetSelectedServiceItem

PhGetSelectedServiceItems

PhGetServiceChange

PhGetServiceConfig

PhGetServiceConfigFileName

PhGetServiceDescription

PhGetServiceDllParameter

PhGetServiceErrorControlInteger

PhGetServiceErrorControlString

PhGetServiceFileName

PhGetServiceNameFromTag

PhGetServiceStartTypeInteger

PhGetServiceStartTypeString

PhGetServiceStateString

PhGetServiceTypeInteger

PhGetServiceTypeString

PhGetShieldBitmap

PhGetSidFullName

PhGetSizeDpiValue

PhGetStatisticsTime

PhGetStatisticsTimeString

PhGetStatusMessage

PhGetStockApplicationIcon

PhGetStringRefSetting

PhGetSymbolFromAddress

PhGetSymbolFromName

PhGetSystemDirectory

PhGetSystemDpi

PhGetSystemMetrics

PhGetSystemParametersInfo

PhGetSystemRoot

PhGetTaskbarDpi

PhGetTcpStateName

PhGetTemporaryDirectoryRandomAlphaFileName

PhGetThreadServiceTag

PhGetTokenGroups

PhGetTokenIntegrityLevel

PhGetTokenIntegrityLevelRID

PhGetTokenOwner

PhGetTokenPrimaryGroup

PhGetTokenPrivileges

PhGetTokenUser

PhGetTreeNewText

PhGetWin32Message

PhGetWindowContext

PhGetWindowDpi

PhGetWindowText

PhGetWindowTextEx

PhGetXmlInterface

Sections

.text
Size: 2.0MB - Virtual size: 2.0MB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

.rdata
Size: 708KB - Virtual size: 706KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.data
Size: 36KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.pdata
Size: 80KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

_RDATA
Size: 4KB - Virtual size: 640B

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.si3rc
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.si3rd
Size: 4KB - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.rsrc
Size: 292KB - Virtual size: 289KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_DISCARDABLE

IMAGE_SCN_MEM_READ

CSASASDSACSA/SystemInformer.exe.settings.xml

CSASASDSACSA/SystemInformer.sig

CSASASDSACSA/SystemInformer.sys

.sys windows:10 windows x64 arch:x64

9f3845c4018003a0646180dea2b687ad

Code Sign

33:00:00:00:68:64:82:c2:f9:11:1a:c8:76:00:00:00:00:00:68
Certificate

Issuer

CN=Microsoft Windows Third Party Component CA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

11/01/2024, 20:09

Not After

10/01/2025, 20:09

Subject

CN=Microsoft Windows Hardware Compatibility Publisher,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

33:00:00:00:0d:69:0d:5d:78:93:d0:76:df:00:00:00:00:00:0d
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/10/2014, 20:31

Not After

15/10/2029, 20:41

Subject

CN=Microsoft Windows Third Party Component CA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

3a:c5:e8:63:fc:65:de:3e:07:74:3b:23:3d:86:c9:5e:9d:4c:03:c4:73:97:0d:3c:ae:84:02:91:15:25:a9:22
Signer

Actual PE Digest

3a:c5:e8:63:fc:65:de:3e:07:74:3b:23:3d:86:c9:5e:9d:4c:03:c4:73:97:0d:3c:ae:84:02:91:15:25:a9:22

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

systeminformer.pdb

Imports

ksi

KsiInitialize

KsiUninitialize

KsiRemoveQueueApc

KsiInsertQueueApc

KsiInitializeApc

fltmgr.sys

FltGetTunneledName

FltGetDestinationFileNameInformation

FltAcquirePushLockExclusiveEx

FltDeletePushLock

FltInitializePushLock

FltGetVolumeName

FltGetFileNameInformationUnsafe

FltReleaseContext

FltGetStreamHandleContext

FltSetStreamHandleContext

FltAllocateContext

FltAcquirePushLockSharedEx

FltReleasePushLockEx

FltObjectReference

FltObjectDereference

FltCreateCommunicationPort

FltCloseCommunicationPort

FltCloseClientPort

FltSendMessage

FltBuildDefaultSecurityDescriptor

FltFreeSecurityDescriptor

FltRegisterFilter

FltUnregisterFilter

FltStartFiltering

FltReleaseFileNameInformation

FltReferenceFileNameInformation

FltGetFileNameInformation

FltCancelFileOpen

FltSupportsStreamHandleContexts

ksecdd.sys

BCryptVerifySignature

BCryptDestroyKey

BCryptImportKeyPair

BCryptOpenAlgorithmProvider

BCryptCloseAlgorithmProvider

BCryptCreateHash

BCryptHashData

BCryptFinishHash

BCryptDestroyHash

BCryptGenRandom

ntoskrnl.exe

ExQueryDepthSList

ExpInterlockedPopEntrySList

ExpInterlockedPushEntrySList

ExInitializeNPagedLookasideList

ExDeleteNPagedLookasideList

ExInitializePagedLookasideList

ExDeletePagedLookasideList

RtlRandomEx

RtlCopyUnicodeString

ProbeForWrite

ObReferenceObjectByHandle

ObfReferenceObject

ObfDereferenceObject

PsGetProcessId

KeStackAttachProcess

KeUnstackDetachProcess

ObGetObjectType

PsProcessType

PsInitialSystemProcess

LpcPortObjectType

KeGetCurrentIrql

KeInitializeEvent

KeSetEvent

KeWaitForSingleObject

RtlWalkFrameChain

PsGetCurrentThreadId

ZwQuerySystemInformation

__C_specific_handler

KeEnterCriticalRegion

KeLeaveCriticalRegion

KeInitializeSpinLock

KeAcquireSpinLockRaiseToDpc

KeReleaseSpinLock

ObCloseHandle

PsGetThreadId

PsGetThreadProcessId

IoGetTransactionParameterBlock

SeLocateProcessImageName

PsIsThreadTerminating

PsLookupProcessByProcessId

PsLookupThreadByThreadId

PsIsSystemThread

MmDoesFileHaveUserWritableReferences

ObOpenObjectByPointer

ZwQueryInformationProcess

ZwQueryInformationThread

PsReferenceProcessFilePointer

PsGetProcessWow64Process

PsIsProcessBeingDebugged

KdDebuggerEnabled

PsThreadType

KeQueryActiveProcessorCountEx

ProbeForRead

ExGetPreviousMode

PsCreateSystemThread

PsTerminateSystemThread

IoGetCurrentProcess

PsGetCurrentProcessId

KeInitializeQueue

KeInsertHeadQueue

KeRemoveQueue

KeRundownQueue

RtlAnsiStringToUnicodeString

RtlFreeUnicodeString

RtlEqualString

RtlInitUnicodeString

MmGetSystemRoutineAddress

RtlEqualUnicodeString

ExAcquireResourceSharedLite

ExReleaseResourceLite

RtlFindExportedRoutineByName

PsLoadedModuleList

PsLoadedModuleResource

IoCreateFile

ZwQueryInformationFile

ExAllocatePoolWithTag

IoFileObjectType

KeResetEvent

FsRtlKernelFsControlFile

FsRtlQueryKernelEaFile

FsRtlSetKernelEaFile

ZwCreateEvent

ZwFsControlFile

RtlImageNtHeaderEx

ExEventObjectType

DbgSetDebugPrintCallback

KeInitializeThreadedDpc

KeInsertQueueDpc

KeRemoveQueueDpcEx

KeAcquireSpinLockAtDpcLevel

KeReleaseSpinLockFromDpcLevel

RtlAppendUnicodeStringToString

RtlAppendUnicodeToString

ZwCreateKey

ZwSetValueKey

ObQueryNameString

MmProbeAndLockProcessPages

MmUnlockPages

MmMapLockedPagesSpecifyCache

IoAllocateMdl

IoFreeMdl

IoGetStackLimits

IoGetOplockKeyContextEx

IoIsFileOriginRemote

IoIsFileObjectIgnoringSharing

PsGetThreadProcess

FsRtlIsPagingFile

FsRtlIsSystemPagingFile

FsRtlCreateSectionForDataScan

ExAcquireSpinLockShared

ExReleaseSpinLockShared

ExAcquireSpinLockExclusive

ExReleaseSpinLockExclusive

PsSetLoadImageNotifyRoutine

PsRemoveLoadImageNotifyRoutine

ObRegisterCallbacks

ObUnRegisterCallbacks

ExDesktopObjectType

PsSetCreateProcessNotifyRoutineEx

PsGetProcessExitStatus

KeTestAlertThread

CmUnRegisterCallback

CmRegisterCallbackEx

CmGetBoundTransaction

CmCallbackGetKeyObjectIDEx

CmCallbackReleaseKeyObjectIDEx

CmKeyObjectType

PsSetCreateThreadNotifyRoutineEx

PsRemoveCreateThreadNotifyRoutine

PsGetThreadExitStatus

ZwOpenSection

MmMapViewInSystemSpace

MmUnmapViewInSystemSpace

ZwQuerySection

MmSectionObjectType

KeLowerIrql

KfRaiseIrql

RtlGetVersion

IoWMIRegistrationControl

KeAreAllApcsDisabled

IoGetRelatedDeviceObject

IoGetTopLevelIrp

ZwMapViewOfSection

ZwUnmapViewOfSection

IoAcquireVpbSpinLock

IoGetAttachedDevice

IoReleaseVpbSpinLock

ZwQueryObject

ZwQueryVirtualMemory

ExfUnblockPushLock

ExEnumHandleTable

ObOpenObjectByName

ObSetHandleAttributes

ObDuplicateObject

PsAcquireProcessExitSynchronization

PsReleaseProcessExitSynchronization

IoDriverObjectType

ZwTerminateProcess

PsReferencePrimaryToken

PsDereferencePrimaryToken

PsLookupProcessThreadByCid

PsGetProcessJob

ZwSetInformationProcess

PsJobType

SeTokenObjectType

SeReleaseSubjectContext

SeCaptureSubjectContextEx

MmHighestUserAddress

IoQueryFullDriverPath

ExUuidCreate

ZwOpenProcess

ZwSetInformationThread

RtlInitAnsiStringEx

ExInitializeRundownProtection

ExAcquireRundownProtection

ExReleaseRundownProtection

ExWaitForRundownProtectionRelease

SeCaptureSubjectContext

ZwCreateSection

ZwOpenKey

ZwQueryValueKey

MmMapViewInSystemSpaceEx

PsGetCurrentThreadTeb

RtlInitUnicodeStringEx

SePrivilegeCheck

ZwSetInformationVirtualMemory

LdrAccessResource

LdrFindResource_U

PsGetProcessProtection

PsGetThreadTeb

PsGetProcessImageFileName

ZwAlpcConnectPort

ZwReadFile

RtlDuplicateUnicodeString

ExRaiseStatus

MmProbeAndLockPages

MmUnmapLockedPages

MmIsAddressValid

ExFreePoolWithTag

ZwQueryVolumeInformationFile

hal

KeQueryPerformanceCounter

Sections

.text
Size: 32KB - Virtual size: 29KB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

KSIRO
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

KSIDATA
Size: 4KB - Virtual size: 864B

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

PAGE
Size: 112KB - Virtual size: 111KB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

PAGEDATA
Size: 4KB - Virtual size: 25B

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

INIT
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_MEM_DISCARDABLE

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_DISCARDABLE

IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_DISCARDABLE

IMAGE_SCN_MEM_READ

CSASASDSACSA/capslist.txt

CSASASDSACSA/etwguids.txt

CSASASDSACSA/icon.png

.png

CSASASDSACSA/ksi.dll

.dll windows:10 windows x64 arch:x64

7aa58473975a85b44e72574ad135628e

Code Sign

33:00:00:00:68:64:82:c2:f9:11:1a:c8:76:00:00:00:00:00:68
Certificate

Issuer

CN=Microsoft Windows Third Party Component CA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

11/01/2024, 20:09

Not After

10/01/2025, 20:09

Subject

CN=Microsoft Windows Hardware Compatibility Publisher,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

33:00:00:00:0d:69:0d:5d:78:93:d0:76:df:00:00:00:00:00:0d
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/10/2014, 20:31

Not After

15/10/2029, 20:41

Subject

CN=Microsoft Windows Third Party Component CA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

56:7b:e2:d3:14:b1:a4:79:e2:51:5c:59:5b:3d:f8:b7:64:10:c6:80:fd:85:f6:29:0c:2b:3f:a9:57:60:cc:c1
Signer

Actual PE Digest

56:7b:e2:d3:14:b1:a4:79:e2:51:5c:59:5b:3d:f8:b7:64:10:c6:80:fd:85:f6:29:0c:2b:3f:a9:57:60:cc:c1

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_LARGE_ADDRESS_AWARE

IMAGE_FILE_DLL

PDB Paths

ksi.pdb

Imports

ntoskrnl.exe

RtlInitUnicodeString

MmGetSystemRoutineAddress

RtlGetVersion

ExQueueWorkItem

ObfReferenceObject

ObfDereferenceObject

ObDereferenceObjectDeferDelete

KeInitializeApc

KeInsertQueueApc

Exports

DllInitialize

DllUnload

KsiInitialize

KsiInitializeApc

KsiInitializeWorkItem

KsiInsertQueueApc

KsiQueueWorkItem

KsiRemoveQueueApc

KsiUninitialize

Sections

.text
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 928B

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 25B

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 180B

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

KSIDATA
Size: 4KB - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.edata
Size: 4KB - Virtual size: 284B

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

INIT
Size: 4KB - Virtual size: 338B

IMAGE_SCN_CNT_CODE

IMAGE_SCN_MEM_DISCARDABLE

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_DISCARDABLE

IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 168B

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_DISCARDABLE

IMAGE_SCN_MEM_READ

CSASASDSACSA/ksidyn.bin

CSASASDSACSA/ksidyn.sig

CSASASDSACSA/peview.exe

.exe windows:6 windows x64 arch:x64

4bcc994fe9352c2a64aae673bea325ea

Code Sign

05:9b:1b:57:9e:8e:21:32:e2:39:07:bd:a7:77:75:5c
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2013, 12:00

Not After

15/01/2038, 12:00

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

05:0a:5a:39:6d:03:ea:60:cd:53:68:b3:d7:ba:f7:a6
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

21/09/2023, 00:00

Not After

15/09/2026, 23:59

Subject

CN=Winsider Seminars & Solutions Inc.,O=Winsider Seminars & Solutions Inc.,L=Montréal,ST=Quebec,C=CA

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

f8:bc:ba:6d:d9:82:03:94:e6:43:76:4d:3b:26:e9:3f:ec:53:5a:e9:01:10:c5:91:3a:b8:d5:d0:37:61:a3:ab
Signer

Actual PE Digest

f8:bc:ba:6d:d9:82:03:94:e6:43:76:4d:3b:26:e9:3f:ec:53:5a:e9:01:10:c5:91:3a:b8:d5:d0:37:61:a3:ab

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

IMAGE_DLLCHARACTERISTICS_GUARD_CF

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

peview.pdb

Imports

ntdll

NtOpenKey

RtlDosPathNameToNtPathName_U_WithStatus

RtlConvertSidToUnicodeString

NtQuerySymbolicLinkObject

NtQuerySystemInformationEx

NtOpenProcess

NtTerminateThread

NtSetInformationFile

NtSetEaFile

NtCreateNamedPipeFile

NtSetInformationThread

NtSetSecurityObject

NtQueryEaFile

NtQueryAttributesFile

NtDeviceIoControlFile

NtFsControlFile

NtQueryInformationFile

NtEnumerateKey

NtQueryObject

NtCreateFile

NtQueryDirectoryFile

NtQuerySecurityObject

RtlQueryEnvironmentVariable

NtOpenFile

NtQueryFullAttributesFile

LdrFindResource_U

NtProtectVirtualMemory

LdrAccessResource

NtFlushInstructionCache

NtCreateEvent

NtSetEvent

NtClearEvent

RtlLengthSecurityDescriptor

RtlSetOwnerSecurityDescriptor

RtlSetControlSecurityDescriptor

RtlSetGroupSecurityDescriptor

NtReleaseKeyedEvent

NtWaitForKeyedEvent

NtCreateKeyedEvent

TpWaitForIoCompletion

TpAllocIoCompletion

TpReleasePool

TpReleaseIoCompletion

TpAllocPool

TpSetPoolMinThreads

TpCancelAsyncIoOperation

TpStartAsyncIoOperation

TpSetPoolMaxThreads

NtCreateSemaphore

NtReleaseSemaphore

RtlValidRelativeSecurityDescriptor

RtlValidSecurityDescriptor

RtlAbsoluteToSelfRelativeSD

NtOpenSymbolicLinkObject

NtOpenThread

NtOpenProcessToken

RtlExpandEnvironmentStrings_U

RtlGetDaclSecurityDescriptor

NtQueryDefaultLocale

NtWaitForSingleObject

RtlCreateSecurityDescriptor

RtlCreateAcl

RtlStringFromGUID

RtlFindMessage

RtlAddAccessAllowedAce

RtlCaptureContext

RtlLookupFunctionEntry

RtlVirtualUnwind

RtlUnwindEx

RtlPcToFileHeader

NtQueryInformationToken

NtSetInformationToken

RtlTimeToTimeFields

RtlSetDaclSecurityDescriptor

NtCreateDirectoryObject

RtlNtStatusToDosErrorNoTeb

RtlCreateHeap

RtlSetHeapInformation

RtlGetVersion

NtQueryValueKey

NtQueryInformationThread

RtlInterlockedPopEntrySList

RtlFindClearBitsAndSet

RtlLeaveCriticalSection

RtlUnicodeToUTF8N

RtlFreeHeap

RtlMultiByteToUnicodeSize

RtlMultiByteToUnicodeN

RtlEnterCriticalSection

RtlUTF8ToUnicodeN

RtlReAllocateHeap

NtAllocateVirtualMemory

NtCreateThreadEx

RtlAllocateHeap

NtFreeVirtualMemory

RtlInterlockedFlushSList

RtlInterlockedPushEntrySList

NtMapViewOfSection

NtReadVirtualMemory

NtQuerySystemInformation

RtlLcidToLocaleName

LdrUnloadAlternateResourceModule

NtWriteFile

LdrLoadAlternateResourceModule

NtUnmapViewOfSection

RtlDeleteTimer

RtlCreateTimerQueue

RtlCreateTimer

RtlUpdateTimer

NtSetInformationProcess

NtCreateMutant

RtlSetUnhandledExceptionFilter

NtQueryInformationProcess

RtlExitUserProcess

NtReadFile

RtlComputeImportTableHash

RtlDowncaseUnicodeChar

RtlRaiseStatus

NtCreateSection

NtClose

RtlUpcaseUnicodeChar

NtQueryVirtualMemory

kernel32

HeapSize

GetLastError

LocalFree

GlobalAlloc

GlobalFree

GlobalLock

GlobalUnlock

TlsSetValue

SetLastError

TlsAlloc

TlsGetValue

WriteConsoleW

FlushFileBuffers

GetProcessHeap

GetCommandLineW

GetCommandLineA

FindNextFileW

FindFirstFileExW

FindClose

WideCharToMultiByte

SetStdHandle

SetFilePointerEx

LCMapStringW

FlsFree

FlsSetValue

FlsGetValue

FlsAlloc

EnumSystemLocalesW

GetUserDefaultLCID

IsValidLocale

GetOEMCP

GetACP

IsValidCodePage

MultiByteToWideChar

GetCPInfo

HeapAlloc

HeapFree

GetStringTypeW

GetModuleHandleExW

ExitProcess

GetModuleFileNameW

GetStdHandle

GetFileType

CreateFileW

GetConsoleOutputCP

WriteFile

CloseHandle

GetConsoleMode

TlsFree

InitializeCriticalSectionAndSpinCount

DeleteCriticalSection

LeaveCriticalSection

EnterCriticalSection

EncodePointer

GetStartupInfoW

IsDebuggerPresent

InitializeSListHead

GetSystemTimeAsFileTime

GetCurrentThreadId

GetCurrentProcessId

QueryPerformanceCounter

TerminateProcess

SetUnhandledExceptionFilter

UnhandledExceptionFilter

LoadLibraryExA

GetProcAddress

GetModuleHandleW

VirtualQuery

VirtualProtect

GetSystemInfo

RaiseException

SearchPathW

LocalAlloc

GetCurrentProcess

FreeLibrary

IsProcessorFeaturePresent

LoadLibraryExW

CreateProcessW

FormatMessageW

GetDateFormatEx

GetLocaleInfoW

GetTimeFormatEx

HeapReAlloc

Sections

.text
Size: 912KB - Virtual size: 910KB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

.rdata
Size: 432KB - Virtual size: 429KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.pdata
Size: 32KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

_RDATA
Size: 4KB - Virtual size: 640B

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.si3rc
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.si3rd
Size: 4KB - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.rsrc
Size: 184KB - Virtual size: 181KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_DISCARDABLE

IMAGE_SCN_MEM_READ

CSASASDSACSA/peview.sig

CSASASDSACSA/plugins/DotNetTools.dll

.dll windows:6 windows x64 arch:x64

6b36989b5b445da515ff2f2fff684f14

Code Sign

05:9b:1b:57:9e:8e:21:32:e2:39:07:bd:a7:77:75:5c
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2013, 12:00

Not After

15/01/2038, 12:00

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

05:0a:5a:39:6d:03:ea:60:cd:53:68:b3:d7:ba:f7:a6
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

21/09/2023, 00:00

Not After

15/09/2026, 23:59

Subject

CN=Winsider Seminars & Solutions Inc.,O=Winsider Seminars & Solutions Inc.,L=Montréal,ST=Quebec,C=CA

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

10:28:25:08:55:32:19:a1:e0:ad:41:05:dc:cf:b3:29:01:96:1c:7a:b1:66:bd:cf:35:a9:a1:c2:65:ac:0a:37
Signer

Actual PE Digest

10:28:25:08:55:32:19:a1:e0:ad:41:05:dc:cf:b3:29:01:96:1c:7a:b1:66:bd:cf:35:a9:a1:c2:65:ac:0a:37

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_LARGE_ADDRESS_AWARE

IMAGE_FILE_DLL

PDB Paths

DotNetTools.pdb

Imports

systeminformer.exe

PhLoadLibrary

PhOpenThread

PhVerifyFileIsChainedToMicrosoft

PhLoadResource

PhEnumDirectoryFile

PhImpersonateToken

PhCreateFileWin32

PhGetJsonArrayIndexObject

PhGetTemporaryDirectoryRandomAlphaFileName

PhGetBaseName

PhGetJsonArrayString

PhReferenceEmptyString

PhGetProcedureAddress

PhHexStringToBufferEx

PhRevertImpersonationToken

PhGetJsonObjectType

PhFreeLibrary

PhAddJsonArrayObject

PhGetProcessMappedFileName

PhDeleteImageVersionInfo

PhAddJsonObjectUInt64

PhCreateFileWin32Ex

PhConvertUtf16ToUtf8Ex

PhCreateJsonParserEx

PhEqualStringRef

PhDeleteFileWin32

PhFreeJsonObject

PhAddJsonObject2

PhGetJsonArrayLength

PhDeleteDirectoryWin32

PhBufferToHexString

PhOpenProcess

PhAddJsonObjectValue

PhConcatStringRef3

PhGetSystemRoot

PhLoadLibraryAsImageResource

PhGetJsonValueAsString

PhOpenProcessToken

PhGetJsonObject

PhUnloadMappedImage

PhAutoDereferenceObject

PhFormatString_V

PhPluginInvokeWindowCallback

PhGetPluginCallback

PhRegisterPlugin

PhRegisterCallback

PhPluginSetObjectExtension

PhGetGeneralCallback

PhAddSettings

PhCopyListView

PhLoadListViewGroupStatesFromSetting

PhHandleListViewNotifyBehaviors

PhLoadListViewSortColumnsFromSetting

PhGetListViewContextMenuPoint

PhSaveListViewColumnsToSetting

PhSaveListViewGroupStatesToSetting

PhUnregisterCallback

PhLoadListViewColumnsFromSetting

PhAddListViewGroupItem

PhAddListViewColumn

PhSetExtendedListView

PhSaveListViewSortColumnsToSetting

PhAddListViewGroup

PhInsertCopyListViewEMenuItem

PhWindowThemeControlColor

PhFormatToBuffer

PhHandleCopyListViewEMenuItem

PhGetSelectedListViewItemParams

PhCreateSimpleHashtable

PhfAcquireQueuedLockExclusive

PhFindItemSimpleHashtable

PhfWakeForReleaseQueuedLock

PhRemoveItemSimpleHashtable

PhAddItemSimpleHashtable

PhCreateBytesEx

PhPluginQueryPhSvc

PhPluginCallPhSvc

PhPluginGetObjectExtension

PhPluginAddTreeNewColumn

PhReferenceProcessItem

PhConcatStringRef2

PhInitializeImageVersionInfoEx

PhEnumGenericModules

PhNtStatusToDosError

PhGetFileName

PhGetBaseDirectory

PhCreateJsonObject

PhExpandEnvironmentStrings

PhGetJsonValueAsUInt64

PhLoadMappedImage

PhCreateJsonArray

PhFindLastCharInStringRef

PhCreateThreadEx

PhInsertEMenuItem

PhCreateList

PhCreateString

PhGetTreeNewText

PhFormat

PhFreeLibraryAsImageResource

PhCreateObjectType

PhInitializeTreeNewFilterSupport

PhSetControlTheme

PhFormatString

PhCreateSearchControl

PhAllocate

PhCountStringZ

PhCreateEMenuItem

PhClearList

PhInitializeStringBuilder

PhCmLoadSettings

PhPropPageDlgProcHeader

PhCompareStringRef

PhConcatStrings2

PhDeleteTreeNewColumnMenu

PhCreateEMenu

PhFormatGuid

PhHandleCopyCellEMenuItem

PhAddItemList

PhGetStringRefSetting

PhGetWin32Message

PhfEndInitOnce

PhAddItemsList

PhInitializeWindowTheme

PhInitializeTreeNewColumnMenuEx

PhHandleTreeNewColumnMenu

PhGetIntegerStringRefSetting

PhSetIntegerStringRefSetting

PhSetClipboardString

PhAddTreeNewFilter

PhGetProcessIsDotNetEx

PhUiDisconnectFromPhSvc

PhSetIntegerPairStringRefSetting

PhGetGlobalWorkQueue

PhUiConnectToPhSvcEx

PhSplitStringRefAtChar

PhSetStringRefSetting

PhAddProcessPropPage

PhRemoveStringBuilder

PhCreateStringEx

PhQueueItemWorkQueue

PhDoPropPageLayout

PhFinalStringBuilderString

PhApplyTreeNewFilters

PhSearchControlMatch

PhShellExecuteUserString

PhShowEMenu

PhCreateObject

PhDoesFileExistWin32

PhRemoveTreeNewFilter

PhDestroyEMenu

PhFree

PhConcatStrings

PhCmSaveSettings

PhReferenceObject

PhInsertCopyCellEMenuItem

PhGetIntegerPairStringRefSetting

PhDeleteTreeNewFilterSupport

PhCreateProcessPropPageContextEx

PhAppendStringBuilder

PhDereferenceObject

PhfBeginInitOnce

PhSetFlagsEMenuItem

PhAddPropPageLayoutItem

PhQueryTokenVariableSize

PhFormatUInt64

ntdll

RtlLookupFunctionEntry

RtlVirtualUnwind

RtlUnwindEx

RtlPcToFileHeader

RtlCaptureContext

NtMapViewOfSection

NtOpenSection

RtlAddSIDToBoundaryDescriptor

NtOpenPrivateNamespace

NtUnmapViewOfSection

RtlFreeHeap

RtlCreateBoundaryDescriptor

NtReadVirtualMemory

NtQueryInformationProcess

NtWriteFile

NtGetContextThread

NtWaitForSingleObject

NtClose

kernel32

WideCharToMultiByte

MultiByteToWideChar

GetCommandLineW

GetCommandLineA

GetCPInfo

GetOEMCP

GetACP

IsValidCodePage

FindNextFileW

FindFirstFileExW

FindClose

HeapFree

HeapAlloc

GetModuleFileNameW

GetModuleHandleExW

ExitProcess

EncodePointer

LoadLibraryExW

TlsFree

TlsSetValue

TlsGetValue

TlsAlloc

InitializeCriticalSectionAndSpinCount

DeleteCriticalSection

LeaveCriticalSection

EnterCriticalSection

SetLastError

InterlockedFlushSList

GetStartupInfoW

IsDebuggerPresent

InitializeSListHead

GetSystemTimeAsFileTime

GetCurrentThreadId

GetCurrentProcessId

QueryPerformanceCounter

IsProcessorFeaturePresent

TerminateProcess

GetCurrentProcess

SetUnhandledExceptionFilter

UnhandledExceptionFilter

LoadLibraryExA

GetProcAddress

GetModuleHandleW

FreeLibrary

VirtualQuery

VirtualProtect

GetSystemInfo

RaiseException

FlsAlloc

FlsGetValue

FlsSetValue

FlsFree

LCMapStringW

GetProcessHeap

GetStdHandle

GetLastError

GetFileType

GetStringTypeW

HeapSize

HeapReAlloc

SetStdHandle

FlushFileBuffers

WriteFile

GetConsoleOutputCP

GetConsoleMode

SetFilePointerEx

CreateFileW

CloseHandle

WriteConsoleW

user32

GetDlgItem

SetFocus

SendMessageW

SetWindowLongPtrW

GetWindowRect

PostMessageW

UpdateWindow

GetKeyState

Sections

.text
Size: 100KB - Virtual size: 99KB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

.rdata
Size: 60KB - Virtual size: 57KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 56B

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

_RDATA
Size: 4KB - Virtual size: 500B

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_DISCARDABLE

IMAGE_SCN_MEM_READ

CSASASDSACSA/plugins/DotNetTools.sig

CSASASDSACSA/plugins/ExtendedNotifications.dll

.dll windows:6 windows x64 arch:x64

a92f94575f70a1861a38769dcd574cd8

Code Sign

05:9b:1b:57:9e:8e:21:32:e2:39:07:bd:a7:77:75:5c
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2013, 12:00

Not After

15/01/2038, 12:00

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

05:0a:5a:39:6d:03:ea:60:cd:53:68:b3:d7:ba:f7:a6
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

21/09/2023, 00:00

Not After

15/09/2026, 23:59

Subject

CN=Winsider Seminars & Solutions Inc.,O=Winsider Seminars & Solutions Inc.,L=Montréal,ST=Quebec,C=CA

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

b9:ed:1e:a3:e1:6e:aa:16:5e:dd:3d:b8:04:17:5c:a6:46:88:0e:5d:13:bc:ec:9f:9f:bc:e3:43:2c:72:c5:09
Signer

Actual PE Digest

b9:ed:1e:a3:e1:6e:aa:16:5e:dd:3d:b8:04:17:5c:a6:46:88:0e:5d:13:bc:ec:9f:9f:bc:e3:43:2c:72:c5:09

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_LARGE_ADDRESS_AWARE

IMAGE_FILE_DLL

PDB Paths

ExtendedNotifications.pdb

Imports

systeminformer.exe

PhSetWindowContext

PhCreateList

PhWindowThemeControlColor

PhInitializeLayoutManager

PhDeleteLayoutManager

PhFreeFileDialog

PhAllocate

PhShowFileDialog

PhEqualStringRef

PhInsertItemList

PhClearList

PhInitializeStringBuilder

PhGetWindowText

PhConcatStrings2

PhSetFileDialogFilter

PhAddItemList

PhAddSettings

PhRemoveItemList

PhGetFileDialogFileName

PhSetFileDialogFileName

PhCreateSaveFileDialog

PhGetWindowContext

PhSetStringRefSetting

PhSetDialogItemText

PhFinalStringBuilderString

PhAddLayoutItem

PhAppendCharStringBuilder

PhMatchWildcards

PhGetDeviceProperty

PhFree

PhRegisterPlugin

PhReferenceObject

PhAppendStringBuilderEx

PhGetPluginCallback

PhDeleteStringBuilder

PhGetFileName

PhLayoutManagerLayout

PhRemoveWindowContext

PhFindCharInStringRef

PhFormatToBuffer

PhGetStringRefSetting

PhGetApplicationDirectoryFileName

PhGetGeneralCallback

PhCreateFileStream

PhWriteStringFormatAsUtf8FileStream

PhFormatLogEntry

PhAutoDereferenceObject

PhRegisterCallback

PhFormatDateTime

PhExpandEnvironmentStrings

PhWriteStringAsUtf8FileStream

PhDereferenceObject

PhDetermineDosPathNameType

user32

EnableWindow

GetParent

GetDlgItem

GetWindowLongPtrW

SendMessageW

CallWindowProcW

SetWindowLongPtrW

ntdll

RtlLookupFunctionEntry

RtlVirtualUnwind

RtlUnwindEx

RtlPcToFileHeader

RtlCaptureContext

kernel32

GetCurrentThreadId

GetStringTypeW

GetFileType

GetStdHandle

GetProcessHeap

LCMapStringW

FlsFree

FlsSetValue

FlsGetValue

FlsAlloc

WideCharToMultiByte

MultiByteToWideChar

GetCommandLineW

GetCommandLineA

GetCPInfo

GetOEMCP

GetACP

IsValidCodePage

FindNextFileW

FindFirstFileExW

FindClose

HeapFree

HeapAlloc

GetModuleFileNameW

GetModuleHandleExW

ExitProcess

RaiseException

EncodePointer

LoadLibraryExW

GetProcAddress

FreeLibrary

TlsFree

TlsSetValue

TlsGetValue

TlsAlloc

InitializeCriticalSectionAndSpinCount

DeleteCriticalSection

LeaveCriticalSection

EnterCriticalSection

SetLastError

GetLastError

InterlockedFlushSList

WriteConsoleW

CloseHandle

CreateFileW

SetFilePointerEx

GetConsoleMode

GetConsoleOutputCP

WriteFile

FlushFileBuffers

SetStdHandle

HeapReAlloc

UnhandledExceptionFilter

SetUnhandledExceptionFilter

GetCurrentProcess

TerminateProcess

IsProcessorFeaturePresent

QueryPerformanceCounter

GetCurrentProcessId

GetModuleHandleW

GetSystemTimeAsFileTime

InitializeSListHead

IsDebuggerPresent

GetStartupInfoW

HeapSize

Sections

.text
Size: 68KB - Virtual size: 66KB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

.rdata
Size: 44KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

_RDATA
Size: 4KB - Virtual size: 500B

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.rsrc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_DISCARDABLE

IMAGE_SCN_MEM_READ

CSASASDSACSA/plugins/ExtendedNotifications.sig

CSASASDSACSA/plugins/ExtendedServices.dll

.dll windows:6 windows x64 arch:x64

700afe55f2c4403004e9b0fb37c8fd65

Code Sign

05:9b:1b:57:9e:8e:21:32:e2:39:07:bd:a7:77:75:5c
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2013, 12:00

Not After

15/01/2038, 12:00

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

05:0a:5a:39:6d:03:ea:60:cd:53:68:b3:d7:ba:f7:a6
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

21/09/2023, 00:00

Not After

15/09/2026, 23:59

Subject

CN=Winsider Seminars & Solutions Inc.,O=Winsider Seminars & Solutions Inc.,L=Montréal,ST=Quebec,C=CA

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

7d:70:7d:3a:72:33:fe:6e:a1:bc:2c:77:af:5e:fe:2a:da:fc:4c:8b:21:69:f0:2a:00:0b:03:1e:85:98:04:1e
Signer

Actual PE Digest

7d:70:7d:3a:72:33:fe:6e:a1:bc:2c:77:af:5e:fe:2a:da:fc:4c:8b:21:69:f0:2a:00:0b:03:1e:85:98:04:1e

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_LARGE_ADDRESS_AWARE

IMAGE_FILE_DLL

PDB Paths

ExtendedServices.pdb

Imports

systeminformer.exe

PhGetFileDialogFileName

PhGetComboBoxString

PhCreateOpenFileDialog

PhSetFileDialogFilter

PhShowFileDialog

PhFreeFileDialog

PhCreateString

PhGetHandleInformation

PhDevGetObjects

PhImageListCreate

PhShellOpenKey2

PhExpandEnvironmentStrings

PhDestroyEMenu

PhLoadLibrary

PhGetWindowDpi

PhGetDpi

PhExtractIconEx

PhShowEMenu

PhSplitStringRefAtChar

PhReferenceEmptyString

PhGetProcedureAddress

PhFreeLibrary

PhAddListViewGroupItem

PhStringToInteger64

PhDialogBox

PhGetSelectedListViewItemParam

PhDevFreeObjects

PhCreateEMenuItem

PhFormat

PhSplitStringRefAtLastChar

PhAddListViewGroup

PhWindowThemeControlColor

PhFormatToBuffer

PhSetListViewItemImageIndex

PhImageListAddIcon

PhCreateAlloc

PhAppendStringBuilderEx

PhInitializeAutoPool

PhFinalArrayItems

PhFinalStringBuilderString

PhInitializeArray

PhDeleteAutoPool

PhFormatGuid

PhGetEtwPublisherName

PhAddItemArray

PhClearList

PhStringToGuid

PhEnumerateKey

PhFormatString

PhQueryServiceStatus

PhCenterWindow

PhGetSystemRoot

PhConcatStringRef3

PhSetFileDialogFileName

PhQueryRegistryString

PhConcatStringRef2

PhOpenKey

PhaChoiceDialog

PhSetListViewSubItem

PhFindListViewItemByFlags

PhLookupPrivilegeDisplayName

PhSetControlTheme

PhQueryServiceVariableSize

PhEqualStringRef

PhSelectComboBoxString

PhSetExtendedListView

PhInitializeStringBuilder

PhGetWindowText

PhChangeServiceConfig2

PhAddListViewColumn

PhRemoveItemList

PhSidToStringSid

PhQueryServiceConfig2

PhGetDialogItemValue

PhGetModuleProcAddress

PhRemoveListViewItem

PhUiDisconnectFromPhSvc

PhEnumeratePrivileges

PhUiConnectToPhSvc

PhCreateStringEx

PhGetListViewItemParam

PhFindItemList

PhAddListViewItem

PhSvcCallChangeServiceConfig2

PhAppendCharStringBuilder

PhDeleteStringBuilder

PhShowMessage

PhAppendStringBuilder

PhGetOwnTokenAttributes

PhSetDialogItemValue

PhInsertEMenuItem

PhUiContinueService

PhUiStopService

PhfReleaseQueuedLockShared

PhEscapeStringForMenuPrefix

PhPluginCreateEMenuItem

PhPluginInvokeWindowCallback

PhCompareStringRef

PhFindEMenuItem

PhDestroyEMenuItem

PhAddSettings

PhShowStatus

PhGetGeneralCallback

PhfAcquireQueuedLockShared

PhIndexOfEMenuItem

PhFormatString_V

PhRegisterCallback

PhUiStartService

PhRegisterPlugin

PhReferenceObject

PhGetPluginCallback

PhUiPauseService

PhSetWindowContext

PhCreateList

PhInitializeLayoutManager

PhGetNtMessage

PhDeleteLayoutManager

PhAllocate

PhOpenService

PhCountStringZ

PhConcatStrings2

PhAddItemList

PhReferenceServiceItem

PhInitializeWindowTheme

PhGetIntegerStringRefSetting

PhGetWindowContext

PhSetDialogItemText

PhGetServiceConfig

PhAddLayoutItem

PhAutoDereferenceObject

PhFree

PhCloseServiceHandle

PhEnumDependentServices

PhLayoutManagerLayout

PhDereferenceObject

PhCreateServiceListControl

PhCreateEMenu

PhRemoveWindowContext

ntdll

RtlLookupFunctionEntry

RtlVirtualUnwind

RtlUnwindEx

RtlCaptureContext

RtlPcToFileHeader

NtClose

kernel32

FlsFree

FlsSetValue

FlsGetValue

FlsAlloc

WideCharToMultiByte

MultiByteToWideChar

GetCommandLineW

GetCommandLineA

GetCPInfo

GetOEMCP

GetACP

IsValidCodePage

FindNextFileW

FindFirstFileExW

FindClose

HeapFree

HeapAlloc

GetModuleFileNameW

GetModuleHandleExW

ExitProcess

EncodePointer

LoadLibraryExW

TlsFree

TlsSetValue

TlsGetValue

TlsAlloc

InitializeCriticalSectionAndSpinCount

LeaveCriticalSection

EnterCriticalSection

SetLastError

InterlockedFlushSList

GetStartupInfoW

IsDebuggerPresent

InitializeSListHead

GetSystemTimeAsFileTime

GetCurrentThreadId

GetCurrentProcessId

QueryPerformanceCounter

IsProcessorFeaturePresent

TerminateProcess

GetCurrentProcess

SetUnhandledExceptionFilter

UnhandledExceptionFilter

LoadLibraryExA

GetProcAddress

GetModuleHandleW

FreeLibrary

VirtualQuery

VirtualProtect

GetSystemInfo

GetLastError

RaiseException

LCMapStringW

DeleteCriticalSection

GetProcessHeap

GetStdHandle

GetFileType

GetStringTypeW

HeapSize

HeapReAlloc

SetStdHandle

FlushFileBuffers

WriteFile

GetConsoleOutputCP

GetConsoleMode

SetFilePointerEx

GetComputerNameW

CreateFileW

CloseHandle

WriteConsoleW

user32

GetDlgItem

MoveWindow

MapWindowPoints

ShowWindow

GetWindowRect

IsWindowEnabled

DestroyIcon

GetCursorPos

EndDialog

GetWindowLongPtrW

SetTimer

KillTimer

EnableWindow

SetWindowLongPtrW

SendMessageW

GetParent

comctl32

CreatePropertySheetPageW

Sections

.text
Size: 96KB - Virtual size: 94KB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

.rdata
Size: 56KB - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 104B

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

_RDATA
Size: 4KB - Virtual size: 500B

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.rsrc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_DISCARDABLE

IMAGE_SCN_MEM_READ

CSASASDSACSA/plugins/ExtendedServices.sig

CSASASDSACSA/plugins/ExtendedTools.dll

.dll windows:6 windows x64 arch:x64

7bbb6a9795632b12dd853276c4cf07fa

Code Sign

05:9b:1b:57:9e:8e:21:32:e2:39:07:bd:a7:77:75:5c
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2013, 12:00

Not After

15/01/2038, 12:00

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

05:0a:5a:39:6d:03:ea:60:cd:53:68:b3:d7:ba:f7:a6
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

21/09/2023, 00:00

Not After

15/09/2026, 23:59

Subject

CN=Winsider Seminars & Solutions Inc.,O=Winsider Seminars & Solutions Inc.,L=Montréal,ST=Quebec,C=CA

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

10:35:d8:98:73:25:d5:ce:b1:66:9c:5c:a7:53:5a:04:fe:fa:e5:02:bf:3f:1c:60:04:2d:23:90:65:33:55:58
Signer

Actual PE Digest

10:35:d8:98:73:25:d5:ce:b1:66:9c:5c:a7:53:5a:04:fe:fa:e5:02:bf:3f:1c:60:04:2d:23:90:65:33:55:58

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_LARGE_ADDRESS_AWARE

IMAGE_FILE_DLL

PDB Paths

ExtendedTools.pdb

Imports

systeminformer.exe

PhGetListViewItemParam

PhRemoveStringBuilder

PhLoadWindowPlacementFromSetting

PhSetApplicationWindowIcon

PhGetWindowContext

PhRemoveListViewItem

PhShowStatus

PhLoadListViewColumnsFromSetting

PhFormatGuid

PhAddListViewColumn

PhGetSelectedListViewItemParam

PhInitializeStringBuilder

PhSetExtendedListView

PhDialogBox

PhEqualStringRef

PhSetFirmwareEnvironmentVariable

PhSaveWindowPlacementToSetting

PhFindListViewItemByFlags

PhSetListViewSubItem

PhDeleteLayoutManager

PhInitializeLayoutManager

PhFormatSize

PhCreateString

PhInsertCopyListViewEMenuItem

PhWindowThemeControlColor

PhSetWindowContext

PhHandleCopyListViewEMenuItem

PhGetSelectedListViewItemParams

PhSetWindowText

PhSetScalableIntegerPairStringRefSetting2

PhInitializeAutoPool

PhFormatString_V

PhDrainAutoPool

PhCreateFileStream

PhCreateSaveFileDialog

PhSetFileDialogFileName

PhSetIntegerStringRefSetting

PhGetFileDialogFileName

PhDeleteAutoPool

PhAdjustRectangleToWorkingArea

PhSetFileDialogFilter

PhGetWindowText

PhSelectComboBoxString

PhGetScalableIntegerPairStringRefSetting

PhCreateDialog

PhGetFirmwareEnvironmentVariable

PhShowFileDialog

PhFreeFileDialog

PhGetMonitorDpi

PhWriteFileStream

PhGetStatisticsTimeString

PhAddPropPageLayoutItem

PhSetGroupBoxText

PhMaxMemorySingles

PhCreateProcessPropPageContextEx

PhSetGraphText

PhGetWindowDpi

PhGetDpi

PhCopyCircularBuffer_FLOAT

PhDoPropPageLayout

PhAddProcessPropPage

PhGraphStateGetDrawInfo

PhDeleteGraphState

PhUnregisterCallback

PhSiSetColorsGraphDrawInfo

PhPropPageDlgProcHeader

PhInitializeGraphState

PhDivideSinglesBySingle

PhfBeginInitOnce

PhInitializeWorkQueue

PhDnsQuery

PhGetSidFullName

PhHashBytes

PhLoadLibrary

PhQueueItemWorkQueue

PhFindPlugin2

PhGenerateGuid

PhGetBaseName

PhGetProcedureAddress

PhEnumProcessItems

PhfEndInitOnce

PhGetPluginInformation

PhAppendFormatStringBuilder

PhDnsFree

PhDnsQuery2

PhHashStringRefEx

PhGetSystemMetrics

PhFormatDateTime

PhImageListDrawIcon

PhAddItemsList

PhDoesFileExist

PhInsertItemList

PhLargeIntegerToLocalSystemTime

PhFormatUInt64

PhfResetEvent

PhShowMessage

PhfSetEvent

PhAddListViewGroupItem

PhfWaitForEvent

PhAddListViewGroup

PhCreateThreadEx

PhReferenceProcessRecordForStatistics

PhQueryRegistryUlong

PhInitializeCircularBuffer_FLOAT

PhFormatDate

PhQueryValueKey

PhInitializeCircularBuffer_ULONG64

PhInitializeCircularBuffer_ULONG

PhQueryRegistryUlong64

PhSaveListViewColumnsToSetting

PhGetSizeDpiValue

PhCopyConvertCircularBufferULONG

PhSiSizeLabelYFunction

PhGetStatisticsTime

PhGetDrawInfoGraphBuffers

PhFindProcessRecord

PhSetDialogItemText

PhAddLayoutItemEx

PhDrawTrayIconText

PhBitmapSetAlpha

PhNfGetTrayIconFont

PhShowSystemInformationDialog

PhStringToGuid

PhDrawGraphDirect

PhGetGlobalWorkQueue

PhGetHandleInformation

PhGetDeviceType

PhEnumProcesses

PhStdGetClientIdName

PhCallKphQueryFileInformationWithTimeout

PhEnumDirectoryFile

KphEnumerateProcessHandles2

KphLevel

PhGetNamedPipeServerProcessId

PhGetAccessEntries

PhGetAccessString

PhOpenProcess

PhOpenFile

PhImageListCreate

PhLoadIcon

PhConcatStringRef2

PhDosErrorToNtStatus

PhOpenDriver

PhGetModuleProcAddress

PhEnumDirectoryObjects

PhImageListDestroy

PhEditSecurity

PhConcatStringRef3

PhSetListViewItemImageIndex

PhImageListAddIcon

PhZeroExtendToUtf16Ex

PhExpandEnvironmentStrings

PhConvertUtf16ToUtf8Buffer

PhGetApplicationDirectoryFileName

PhSplitStringRefAtString

PhCreateString3

PhClearList

PhCreateFile

PhGetFileSize

PhDeleteTreeNewFilterSupport

PhZeroExtendToUtf16Buffer

PhSearchControlMatch

PhCreateSearchControl

PhSearchControlMatchLongHintZ

PhfReleaseFastLockExclusive

PhfAcquireFastLockExclusive

PhQueryObjectName

PhConcatStrings

PhOpenFileById

PhEnumReparsePointInformation

PhDeviceIoControlFile

PhShowConfirmMessage

PhEnumObjectIdInformation

PhPluginQueryPhSvc

PhPluginCallPhSvc

PhGetProcessUnloadedDlls

PhBufferToHexString

PhPluginGetObjectExtension

PhPluginAddTreeNewColumn

PhGetClassObject

PhPluginEnableTreeNewNotify

PhDuplicateProcessInformation

PhReferenceNetworkItem

PhIsExecutingInWow64

PhDeleteCircularBuffer_FLOAT

PhGetPluginCallback

PhRegisterPlugin

PhIndexOfEMenuItem

PhSetListViewItemParam

PhPluginSetObjectExtension

PhDeleteCircularBuffer_ULONG

PhAddSettings

PhPluginCreateEMenuItem

PhDeleteCircularBuffer_ULONG64

PhCreateServiceListControl

PhReferenceServiceItem

PhCreateSymbolProvider

PhCreateAlloc

PhEnumGenericModules

PhLoadSymbolProviderOptions

PhGetSymbolFromAddress

PhLoadModuleSymbolProvider

PhOpenThread

PhUiConnectToPhSvcEx

PhUiDisconnectFromPhSvc

PhHexStringToBufferEx

PhSecondsSince1970ToTime

PhCopyStringZ

PhCreateProcessPropContext

PhEnumNextThread

PhShowProcessProperties

PhFreeLibrary

PhFormatTime

PhSetSelectThreadIdProcessPropContext

PhGetListViewItemText

PhFindItemSimpleHashtable

PhSystemBasicInformation

PhGetModuleFromAddress

PhAddItemSimpleHashtable

PhHandleListViewNotifyForCopy

PhAddLayoutItem

PhAddListViewItem

PhAdjustPrivilege

PhCenterWindow

PhGetListViewContextMenuPoint

PhFindListViewItemByParam

PhAppendStringBuilder

PhLayoutManagerLayout

PhRemoveWindowContext

PhEnumFirmwareEnvironmentValues

PhCopyListView

PhIsFirmwareSupported

PhSetThreadName

PhCreateThread2

PhDelayExecution

PhGetOwnTokenAttributes

PhAutoDereferenceObject

PhCreateObjectType

PhQueryPerformanceCounter

PhAddEntryHashtableEx

PhInvokeCallback

PhGetGeneralCallback

PhAllocateFromFreeList

PhInitializeFreeList

PhDereferenceProcessRecord

PhCreateObject

PhReferenceProcessItem

PhGetFileName

PhFreeToFreeList

PhReferenceProcessRecord

PhCreateSimpleHashtable

PhQueryPerformanceFrequency

PhFinalStringBuilderString

PhFindLastCharInStringRef

PhMainWndHandle

PhInsertEMenuItem

PhFormatToBuffer

PhCreateList

PhGetStatusMessage

PhGetPluginInterface

PhGetTreeNewText

PhShowProcessRecordDialog

PhFormat

PhInitializeTreeNewFilterSupport

PhSetControlTheme

PhFormatString

PhFindProcessNode

PhCreateEMenuItem

PhRemoveEntryHashtable

PhPluginInvokeWindowCallback

PhSetFlagsAllEMenuItems

PhCmLoadSettings

PhAddItemArray

PhCompareStringRef

PhDeleteTreeNewColumnMenu

PhFindEMenuItem

PhCreateEMenu

PhHandleCopyCellEMenuItem

PhAddItemList

PhGetStringRefSetting

PhReferenceProcessItemForRecord

PhShellExploreFile

PhInitializeWindowTheme

PhInitializeTreeNewColumnMenuEx

PhHandleTreeNewColumnMenu

PhPluginCreateTabPage

PhInitializeArray

PhRemoveItemList

PhGetIntegerStringRefSetting

PhSetClipboardString

PhAddTreeNewFilter

PhReferenceEmptyString

PhApplyTreeNewFiltersToNode

PhShowMessage2

PhGetProcessSmallImageList

PhSetIntegerPairStringRefSetting

PhSetStringRefSetting

PhCreateStringEx

PhApplyTreeNewFilters

PhFindItemList

PhShellExecuteUserString

PhShowEMenu

PhRegisterCallback

PhRemoveItemsArray

PhSelectAndEnsureVisibleProcessNode

PhDoesFileExistWin32

PhDestroyEMenu

PhCmSaveSettings

PhReferenceObject

PhInsertCopyCellEMenuItem

PhGetIntegerPairStringRefSetting

PhWriteStringAsUtf8FileStream

PhGetGenericTreeNewLines

PhShellProperties

PhSetFlagsEMenuItem

PhAddEntryHashtable

PhfReleaseQueuedLockShared

PhAllocate

PhCountStringZ

PhStringToInteger64

PhfWakeForReleaseQueuedLock

PhClearHashtable

PhCreateHashtable

PhfAcquireQueuedLockShared

PhSplitStringRefAtChar

PhFree

PhfAcquireQueuedLockExclusive

PhEnumHashtable

PhDereferenceObject

PhSiDoubleLabelYFunction

PhFindEntryHashtable

ntdll

RtlLookupFunctionEntry

RtlVirtualUnwind

RtlUnwindEx

RtlCaptureContext

RtlPcToFileHeader

NtSetInformationProcess

NtQueryInformationProcess

NtQueryInformationThread

NtCancelSynchronousIoFile

NtDuplicateObject

NtQueryInformationWorkerFactory

RtlValidSecurityDescriptor

RtlGetOwnerSecurityDescriptor

NtQuerySystemInformation

NtReadFile

NtOpenSection

NtOpenJobObject

NtOpenDirectoryObject

NtOpenSession

NtOpenKeyedEvent

NtAlpcConnectPort

NtOpenEvent

NtOpenKey

NtOpenSymbolicLinkObject

NtOpenMutant

NtQueryInformationFile

RtlSetBits

RtlInitializeBitMap

NtClose

RtlIpv6AddressToStringExW

RtlIpv4AddressToStringExW

RtlInterlockedFlushSList

RtlRaiseStatus

RtlInterlockedPushEntrySList

kernel32

IsDebuggerPresent

IsProcessorFeaturePresent

TerminateProcess

GetCurrentProcess

RaiseException

GetSystemInfo

VirtualProtect

VirtualQuery

GetStartupInfoW

FreeLibrary

GetModuleHandleW

GetProcAddress

LoadLibraryExA

SetUnhandledExceptionFilter

QueryPerformanceCounter

GetCurrentProcessId

GetCurrentThreadId

GetSystemTimeAsFileTime

InitializeSListHead

InterlockedFlushSList

SetLastError

EncodePointer

EnterCriticalSection

LeaveCriticalSection

DeleteCriticalSection

InitializeCriticalSectionAndSpinCount

TlsAlloc

TlsGetValue

TlsSetValue

TlsFree

LoadLibraryExW

ExitProcess

GetModuleHandleExW

GetModuleFileNameW

HeapFree

HeapAlloc

HeapReAlloc

HeapSize

FindClose

FindFirstFileExW

FindNextFileW

IsValidCodePage

GetACP

GetOEMCP

GetCPInfo

GetCommandLineA

GetCommandLineW

MultiByteToWideChar

WideCharToMultiByte

LocalFree

GetLastError

FlsAlloc

FlsGetValue

FlsSetValue

FlsFree

LCMapStringW

GetProcessHeap

GetStdHandle

GetFileType

GetStringTypeW

SetStdHandle

FlushFileBuffers

WriteFile

GetConsoleOutputCP

GetConsoleMode

SetFilePointerEx

CreateFileW

CloseHandle

WriteConsoleW

UnhandledExceptionFilter

user32

InvalidateRect

SetFocus

SendMessageW

CreateWindowExW

GetKeyState

SetTimer

KillTimer

MapWindowPoints

EnableWindow

GetCursorPos

SetWindowTextW

GetWindowRect

DestroyIcon

SetCursor

LoadImageW

SetWindowPos

PostQuitMessage

IsIconic

DrawTextW

GetParent

DeferWindowPos

PostMessageW

SetWindowLongPtrW

GetWindowLongPtrW

BeginDeferWindowPos

EndDeferWindowPos

MapDialogRect

GetClientRect

GetMessageW

DestroyWindow

ShowWindow

DispatchMessageW

IsDialogMessageW

MoveWindow

TranslateMessage

SetForegroundWindow

EndDialog

GetDlgItem

gdi32

D3DKMTOpenAdapterFromDeviceName

D3DKMTQueryStatistics

D3DKMTQueryAdapterInfo

D3DKMTCloseAdapter

SelectObject

advapi32

GetThreadWaitChain

ConvertSecurityDescriptorToStringSecurityDescriptorW

CloseThreadWaitChainSession

OpenThreadWaitChainSession

RegisterWaitChainCOMCallback

PerfCloseQueryHandle

PerfQueryCounterData

PerfOpenQueryHandle

PerfAddCounters

EnableTraceEx2

OpenTraceW

ControlTraceW

CloseTrace

ProcessTrace

StartTraceW

comctl32

CreatePropertySheetPageW

Sections

.text
Size: 376KB - Virtual size: 374KB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

.rdata
Size: 232KB - Virtual size: 228KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.pdata
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 136B

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

_RDATA
Size: 4KB - Virtual size: 500B

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.rsrc
Size: 596KB - Virtual size: 594KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_DISCARDABLE

IMAGE_SCN_MEM_READ

CSASASDSACSA/plugins/ExtendedTools.sig

CSASASDSACSA/plugins/HardwareDevices.dll

.dll windows:6 windows x64 arch:x64

baeb1c621fbaa6648ecb7c01c05b5348

Code Sign

05:9b:1b:57:9e:8e:21:32:e2:39:07:bd:a7:77:75:5c
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2013, 12:00

Not After

15/01/2038, 12:00

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

05:0a:5a:39:6d:03:ea:60:cd:53:68:b3:d7:ba:f7:a6
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

21/09/2023, 00:00

Not After

15/09/2026, 23:59

Subject

CN=Winsider Seminars & Solutions Inc.,O=Winsider Seminars & Solutions Inc.,L=Montréal,ST=Quebec,C=CA

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

8d:d7:43:d2:bd:88:a8:03:f8:8e:0a:69:30:4a:9e:82:6f:a3:93:46:56:8f:56:38:3c:4c:a0:fe:87:c2:a9:be
Signer

Actual PE Digest

8d:d7:43:d2:bd:88:a8:03:f8:8e:0a:69:30:4a:9e:82:6f:a3:93:46:56:8f:56:38:3c:4c:a0:fe:87:c2:a9:be

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_LARGE_ADDRESS_AWARE

IMAGE_FILE_DLL

PDB Paths

HardwareDevices.pdb

Imports

systeminformer.exe

PhReferenceServiceItem

PhGetStringRefSetting

PhHandleCopyCellEMenuItem

PhDeleteTreeNewColumnMenu

PhCompareStringRef

PhAddItemArray

PhCmLoadSettings

PhPluginInvokeWindowCallback

PhGetApplicationIcon

PhInitializeTreeNewFilterSupport

PhGetTreeNewText

PhQuerySystemTime

PhGetPluginInterface

PhImageListAddIcon

PhMainWndHandle

PhFormatUInt64

PhQueryPerformanceFrequency

PhfResetEvent

PhRemoveWindowContext

PhShowMessage

PhAutoDereferenceObject

PhFormatString_V

PhfSetEvent

PhCreateStringEx

PhUnregisterCallback

PhfWaitForEvent

PhFormatSize

PhCreateThreadEx

PhDeleteCircularBuffer_FLOAT

PhInitializeCircularBuffer_FLOAT

PhFindPlugin2

PhDeleteCircularBuffer_ULONG

PhGetPluginInformation

PhInitializeCircularBuffer_ULONG

PhEqualStringRef

PhQueryPerformanceCounter

PhLayoutManagerLayout

PhCenterWindow

PhInitializeAutoPool

PhAddLayoutItem

PhDrainAutoPool

PhSetApplicationWindowIcon

PhDeleteAutoPool

PhCreateDialog

PhFormatString

PhDeleteLayoutManager

PhInitializeLayoutManager

PhFormatToBuffer

PhGetStatisticsTimeString

PhSiDoubleLabelYFunction

PhMaxMemorySingles

PhGetDrawInfoGraphBuffers

PhCreatePointerList

PhGetDpi

PhCopyCircularBuffer_FLOAT

PhSetDialogItemText

PhAddLayoutItemEx

PhGraphStateGetDrawInfo

PhDeleteGraphState

PhSiSizeLabelYFunction

PhInitializeGraphState

PhDivideSinglesBySingle

PhGetSizeDpiValue

PhWindowThemeControlColor

PhSetGraphText

PhLoadWindowPlacementFromSetting

PhSiSetColorsGraphDrawInfo

PhSaveWindowPlacementToSetting

PhExpandEnvironmentStrings

PhAppendCharStringBuilder

PhExtractIconEx

PhGetListViewItemParam

PhSplitStringRefAtChar

PhStringToInteger64

PhGetSelectedListViewItemParam

PhFindListViewItemByFlags

PhQueryRegistryUlong

PhFormatDate

PhQueryValueKey

PhFindStringInStringRef

PhQueryRegistryUlong64

PhLoadListViewSortColumnsFromSetting

PhAppendFormatStringBuilder

PhSaveListViewSortColumnsToSetting

PhQueueItemWorkQueue

PhGetGlobalWorkQueue

PhConcatStrings2

PhGetHandleInformation

PhShellOpenKey2

PhGetPluginCallback

PhRegisterPlugin

PhShowStatus

PhFreeLibrary

PhAddSettings

PhDeviceProviderInitialization

PhGetDllHandle

PhDeviceIoControlFile

PhConvertUtf8ToUtf16

PhQueryRegistryString

PhEnumChildWindows

PhReAllocate

PhCreateString3

PhGetProcessDeviceMap

PhGetActiveProcessorCount

PhInitializeTreeNewColumnMenuEx

PhHandleTreeNewColumnMenu

PhPluginCreateTabPage

PhInitializeArray

PhSetIntegerStringRefSetting

PhSetClipboardString

PhAddTreeNewFilter

PhApplyTreeNewFiltersToNode

PhGetGeneralCallback

PhSetIntegerPairStringRefSetting

PhSetStringRefSetting

PhApplyTreeNewFilters

PhRemoveItemPointerList

PhRegisterCallback

PhFinalArrayItems

PhCmSaveSettings

PhInsertCopyCellEMenuItem

PhImageListSetIconSize

PhReferenceDeviceTreeEx

PhAddItemPointerList

PhImageListCreate

PhSetFlagsEMenuItem

PhGetSelectedListViewItemParams

PhInsertEMenuItem

PhHandleCopyListViewEMenuItem

PhSetWindowContext

PhGetStatusMessage

PhInsertCopyListViewEMenuItem

PhAddListViewGroup

PhBufferToHexString

PhLargeIntegerToLocalSystemTime

PhFormat

PhSetListViewSubItem

PhSetControlTheme

PhAllocate

PhCreateEMenuItem

PhSetExtendedListView

PhInitializeStringBuilder

PhAddListViewColumn

PhCreateEMenu

PhFormatGuid

PhAddListViewGroupItem

PhfEndInitOnce

PhInitializeWindowTheme

PhLoadListViewColumnsFromSetting

PhGetProcedureAddress

PhReferenceEmptyString

PhLookupDevicePropertyClass

PhGetWindowContext

PhRemoveStringBuilder

PhFinalStringBuilderString

PhSaveListViewColumnsToSetting

PhCreateThread2

PhShowEMenu

PhAddListViewItem

PhGetDeviceIcon

PhGetWindowDpi

PhLoadLibrary

PhGetDeviceProperty

PhFormatDateTime

PhDestroyEMenu

PhFree

PhAppendStringBuilderEx

PhSetWindowText

PhGetListViewContextMenuPoint

PhGetIntegerPairStringRefSetting

PhDeleteStringBuilder

PhHandleListViewNotifyBehaviors

PhAppendStringBuilder

PhGetOwnTokenAttributes

PhfBeginInitOnce

PhGetSystemMetrics

PhCopyListView

PhModalPropertySheet

PhCreateList

PhDereferenceObjectDeferDelete

PhCreateString

PhDeleteCircularBuffer_ULONG64

PhfReleaseQueuedLockShared

PhCreateObjectType

PhCreateFile

PhCountStringZ

PhStringToGuid

PhfWakeForReleaseQueuedLock

PhAddItemList

PhRemoveItemList

PhGetIntegerStringRefSetting

PhInitializeCircularBuffer_ULONG64

PhfAcquireQueuedLockShared

PhReferenceObjectSafe

PhFindItemList

PhCreateObject

PhConcatStringRef2

PhReferenceObject

PhfAcquireQueuedLockExclusive

PhCopyConvertCircularBufferULONG

PhDereferenceObject

ntdll

RtlLookupFunctionEntry

RtlVirtualUnwind

RtlUnwindEx

RtlCaptureContext

RtlPcToFileHeader

NtQueryVolumeInformationFile

RtlIpv6AddressToStringExW

RtlIpv4AddressToStringExW

NtClose

user32

GetParent

GetDlgItem

DestroyIcon

SendMessageW

GetWindowRect

DefWindowProcW

CallWindowProcW

MapWindowPoints

GetClassNameW

GetAncestor

GetCursorPos

SetWindowLongPtrW

GetWindowLongPtrW

SetWindowPos

MapDialogRect

DeferWindowPos

BeginDeferWindowPos

EndDeferWindowPos

GetClientRect

GetMessageW

DestroyWindow

DispatchMessageW

InvalidateRect

TranslateMessage

PostQuitMessage

PostMessageW

ShowWindow

UpdateWindow

SetForegroundWindow

IsIconic

CreateWindowExW

SetFocus

IsDialogMessageW

gdi32

D3DKMTQueryAdapterInfo

D3DKMTOpenAdapterFromDeviceName

D3DKMTQueryStatistics

D3DKMTCloseAdapter

GetStockObject

SetTextColor

SetDCBrushColor

SetBkMode

comctl32

CreatePropertySheetPageW

kernel32

TlsAlloc

InitializeCriticalSectionAndSpinCount

DeleteCriticalSection

LeaveCriticalSection

EnterCriticalSection

SetLastError

InterlockedFlushSList

GetStartupInfoW

IsDebuggerPresent

InitializeSListHead

GetSystemTimeAsFileTime

GetCurrentThreadId

GetCurrentProcessId

QueryPerformanceCounter

IsProcessorFeaturePresent

TlsSetValue

GetCurrentProcess

SetUnhandledExceptionFilter

UnhandledExceptionFilter

LoadLibraryExA

GetProcAddress

GetModuleHandleW

FreeLibrary

VirtualQuery

VirtualProtect

GetSystemInfo

GetLastError

RaiseException

FindFirstFileExW

FindNextFileW

IsValidCodePage

GetACP

GetOEMCP

TlsFree

LoadLibraryExW

TlsGetValue

EncodePointer

ExitProcess

GetModuleHandleExW

GetModuleFileNameW

HeapAlloc

TerminateProcess

FindClose

GetCPInfo

GetCommandLineA

GetCommandLineW

MultiByteToWideChar

WideCharToMultiByte

FlsAlloc

FlsGetValue

FlsSetValue

FlsFree

LCMapStringW

GetProcessHeap

GetStdHandle

GetFileType

GetStringTypeW

HeapSize

HeapReAlloc

SetStdHandle

FlushFileBuffers

WriteFile

GetConsoleOutputCP

GetConsoleMode

SetFilePointerEx

CreateFileW

CloseHandle

WriteConsoleW

HeapFree

Sections

.text
Size: 196KB - Virtual size: 194KB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

.rdata
Size: 92KB - Virtual size: 90KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.pdata
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

_RDATA
Size: 4KB - Virtual size: 500B

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.rsrc
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_DISCARDABLE

IMAGE_SCN_MEM_READ

CSASASDSACSA/plugins/HardwareDevices.sig

CSASASDSACSA/plugins/NetworkTools.dll

.dll windows:6 windows x64 arch:x64

594f3174314d539a38121a9f0a3447b6

Code Sign

05:9b:1b:57:9e:8e:21:32:e2:39:07:bd:a7:77:75:5c
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2013, 12:00

Not After

15/01/2038, 12:00

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

05:0a:5a:39:6d:03:ea:60:cd:53:68:b3:d7:ba:f7:a6
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

21/09/2023, 00:00

Not After

15/09/2026, 23:59

Subject

CN=Winsider Seminars & Solutions Inc.,O=Winsider Seminars & Solutions Inc.,L=Montréal,ST=Quebec,C=CA

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

1b:25:6e:ff:41:f8:7a:f4:06:c3:5b:9a:f3:e1:55:9b:b3:14:18:2f:49:6e:4c:26:07:5f:68:2c:26:ee:e2:36
Signer

Actual PE Digest

1b:25:6e:ff:41:f8:7a:f4:06:c3:5b:9a:f3:e1:55:9b:b3:14:18:2f:49:6e:4c:26:07:5f:68:2c:26:ee:e2:36

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_LARGE_ADDRESS_AWARE

IMAGE_FILE_DLL

PDB Paths

NetworkTools.pdb

Imports

systeminformer.exe

PhSaveWindowPlacementToSetting

PhAllocate

PhQueryPerformanceCounter

PhCreateObjectType

PhFormat

PhGenerateRandomAlphaString

PhSetWindowContext

PhfSetEvent

PhHttpSocketGetErrorMessage

PhGetApplicationIcon

PhShellProcessHacker

PhGetStatusMessage

PhCountStringZ

PhSetFlagsEMenuItem

PhAppendStringBuilder

PhInsertCopyCellEMenuItem

PhConcatStrings

PhDnsQuery

PhDestroyEMenu

PhFindStringInStringRef

PhShowEMenu

PhFinalStringBuilderString

PhRemoveStringBuilder

PhSetClipboardString

PhHexStringToBuffer

PhGetWin32Message

PhHandleCopyCellEMenuItem

PhCreateEMenu

PhAppendFormatStringBuilder

PhDnsFree

PhInitializeStringBuilder

PhConvertUtf16ToMultiByteEx

PhDnsQuery2

PhGetTreeNewText

PhFormatToBuffer

PhCmSaveSettings

PhSetIntegerPairStringRefSetting

PhClearHashtable

PhHandleTreeNewColumnMenu

PhInitializeTreeNewColumnMenuEx

PhAddItemList

PhDeleteTreeNewColumnMenu

PhCmLoadSettings

PhClearList

PhCreateDialog

PhSetControlTheme

PhCreateList

PhfResetEvent

PhHttpSocketBeginRequest

PhDeleteCacheFile

PhShowMessage

PhGetBaseDirectory

PhNtStatusToDosError

PhConcatStringRef2

PhDoesFileExistWin32

PhHttpSocketConnect

PhCreateDirectoryFullPathWin32

PhUpdateHash

PhRegisterWindowCallback

PhGetPhVersionNumbers

PhHttpSocketDestroy

PhHttpSocketReadData

PhHttpSocketQueryHeaderString

PhHttpSocketQueryHeaderUlong

PhMoveFileWin32

PhCreateProcessRedirection

PhHttpSocketEndRequest

PhCreateFileWin32Ex

PhHttpSocketCreate

PhEqualStringRef

PhDeleteFileWin32

PhfWaitForEvent

PhFormatString

PhBufferToHexString

PhFinalHash

PhCreateCacheFile

PhInitializeHash

PhUnregisterWindowCallback

PhCreateThreadEx

PhGetSystemDirectory

PhHttpSocketSendRequest

PhZeroExtendToUtf16Ex

PhDeleteStringBuilder

PhLoadLibrary

PhReAllocate

PhFormatBytes

PhCreateString3

PhStringToInteger64

PhFindEMenuItem

PhInitializeGraphState

PhConvertUtf16ToUtf8Ex

PhPluginInvokeWindowCallback

PhDeleteAutoPool

PhInitializeWindowTheme

PhSiSetColorsGraphDrawInfo

PhUnregisterCallback

PhDeleteGraphState

PhReferenceEmptyString

PhGraphStateGetDrawInfo

PhAddLayoutItemEx

PhGetWindowContext

PhDivideSinglesBySingle

PhSetApplicationWindowIcon

PhLoadWindowPlacementFromSetting

PhCreateStringEx

PhDrainAutoPool

PhQueueItemWorkQueue

PhCopyCircularBuffer_FLOAT

PhCreateThread2

PhFormatString_V

PhGetWindowDpi

PhCreateObject

PhDeleteWorkQueue

PhSetGraphText

PhInitializeAutoPool

PhFree

PhSetWindowText

PhGetIntegerPairStringRefSetting

PhInitializeWorkQueue

PhGetSystemParametersInfo

PhInitializeCircularBuffer_FLOAT

PhDeleteCircularBuffer_FLOAT

PhAddPlusMaxMemorySingles

PhRemoveWindowContext

PhQueryPerformanceFrequency

PhGetStatisticsTimeString

PhWindowThemeControlColor

PhInitializeLayoutManager

PhDeleteLayoutManager

PhDialogBox

PhGetWindowText

PhGetStringRefSetting

PhAllocateSafe

PhCreateFile

PhGetFileSize

PhSetIntegerStringRefSetting

PhGetDialogItemValue

PhSetStringRefSetting

PhSetDialogItemText

PhAddLayoutItem

PhAutoDereferenceObject

PhCenterWindow

PhLayoutManagerLayout

PhShellExecute

PhSetDialogItemValue

PhInsertEMenuItem

PhCreateString

PhaChoiceDialog

PhFormatSize

PhPluginCreateEMenuItem

PhCreateEMenuItem

PhCompareStringRef

PhAddSettings

PhGetIntegerStringRefSetting

PhGetGeneralCallback

PhPluginSetObjectExtension

PhRegisterCallback

PhPluginAddTreeNewColumn

PhRegisterPlugin

PhGetPluginCallback

PhPluginGetObjectExtension

PhGetOwnTokenAttributes

PhFormatUInt64

PhAddEntryHashtable

PhQuerySystemTime

PhfReleaseQueuedLockShared

PhConvertUtf8ToUtf16Ex

PhfWakeForReleaseQueuedLock

PhfEndInitOnce

PhLoadImageFormatFromResource

PhCreateHashtable

PhImageListDrawIcon

PhfAcquireQueuedLockShared

PhTimeToSecondsSince1970

PhReferenceObject

PhGetApplicationDataFileName

PhfAcquireQueuedLockExclusive

PhImageListAddBitmap

PhImageListCreate

PhDereferenceObject

PhfBeginInitOnce

PhFindEntryHashtable

ntdll

RtlLookupFunctionEntry

RtlVirtualUnwind

RtlUnwindEx

RtlCaptureContext

RtlPcToFileHeader

NtMapViewOfSection

NtUnmapViewOfSection

NtCreateSection

NtClose

NtWriteFile

RtlIpv6StringToAddressExW

RtlIpv6AddressToStringExW

RtlIpv4AddressToStringExW

RtlIpv4StringToAddressExW

kernel32

GetModuleFileNameW

GetModuleHandleExW

ExitProcess

EncodePointer

LoadLibraryExW

TlsFree

TlsSetValue

TlsGetValue

TlsAlloc

InitializeCriticalSectionAndSpinCount

DeleteCriticalSection

LeaveCriticalSection

EnterCriticalSection

SetLastError

InterlockedFlushSList

GetStartupInfoW

IsDebuggerPresent

InitializeSListHead

HeapFree

GetCurrentThreadId

GetCurrentProcessId

QueryPerformanceCounter

IsProcessorFeaturePresent

TerminateProcess

GetCurrentProcess

SetUnhandledExceptionFilter

UnhandledExceptionFilter

LoadLibraryExA

GetProcAddress

GetModuleHandleW

FreeLibrary

VirtualQuery

VirtualProtect

GetSystemInfo

RaiseException

IsValidCodePage

GetACP

GetOEMCP

GetCPInfo

GetCommandLineA

GetStdHandle

GetFileType

HeapAlloc

FindClose

GetSystemTimeAsFileTime

FindNextFileW

GetCommandLineW

MultiByteToWideChar

WideCharToMultiByte

FlsAlloc

FlsGetValue

FlsSetValue

FlsFree

LCMapStringW

GetProcessHeap

GetStringTypeW

SetStdHandle

SetFilePointerEx

WriteFile

GetLastError

GetConsoleOutputCP

GetConsoleMode

HeapSize

HeapReAlloc

FlushFileBuffers

CloseHandle

CreateFileW

WriteConsoleW

FindFirstFileExW

user32

DrawTextW

GetParent

GetDlgItem

EndDialog

SendMessageW

SetFocus

CallWindowProcW

IsIconic

EnableWindow

GetMessageW

PostMessageW

DestroyWindow

SetWindowLongPtrW

CreateWindowExW

GetWindowLongPtrW

ShowWindow

DispatchMessageW

IsDialogMessageW

IsChild

InvalidateRect

PostQuitMessage

SetForegroundWindow

TranslateMessage

gdi32

CreateFontIndirectW

DeleteObject

CreateFontW

comctl32

ord345

Sections

.text
Size: 156KB - Virtual size: 152KB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

.rdata
Size: 300KB - Virtual size: 299KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 224B

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

_RDATA
Size: 4KB - Virtual size: 500B

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.rsrc
Size: 116KB - Virtual size: 113KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_DISCARDABLE

IMAGE_SCN_MEM_READ

CSASASDSACSA/plugins/NetworkTools.sig

CSASASDSACSA/plugins/OnlineChecks.dll

.dll windows:6 windows x64 arch:x64

4e9da9e9967066c012c4f7c5431953b6

Code Sign

05:9b:1b:57:9e:8e:21:32:e2:39:07:bd:a7:77:75:5c
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2013, 12:00

Not After

15/01/2038, 12:00

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

05:0a:5a:39:6d:03:ea:60:cd:53:68:b3:d7:ba:f7:a6
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

21/09/2023, 00:00

Not After

15/09/2026, 23:59

Subject

CN=Winsider Seminars & Solutions Inc.,O=Winsider Seminars & Solutions Inc.,L=Montréal,ST=Quebec,C=CA

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

bc:9b:e7:10:87:4e:34:24:f7:a6:56:1d:bd:41:b2:5d:e4:52:9c:ab:3d:66:ad:47:81:6d:b2:03:9b:94:2a:a0
Signer

Actual PE Digest

bc:9b:e7:10:87:4e:34:24:f7:a6:56:1d:bd:41:b2:5d:e4:52:9c:ab:3d:66:ad:47:81:6d:b2:03:9b:94:2a:a0

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_LARGE_ADDRESS_AWARE

IMAGE_FILE_DLL

PDB Paths

OnlineChecks.pdb

Imports

systeminformer.exe

PhHttpSocketCreate

PhCountStringZ

PhFreeJsonObject

PhFormatString

PhSetThreadIoPriority

PhCreateObjectType

PhBufferToHexString

PhGenerateRandomNumber64

PhFinalHash

PhFormatSize

PhQuerySystemTime

PhGetFileSize

PhInitializeHash

PhGetJsonObjectBool

PhCreateString

PhFormatToBuffer

PhSetWindowContext

PhGetJsonValueAsString

PhGetJsonObject

PhHttpSocketSendRequest

PhOpenKey

PhQueryRegistryUlong

PhCreateJsonArray

PhFormatDate

PhExpandEnvironmentStrings

PhInitializeStringBuilder

PhCreateJsonObject

PhConcatStringRef2

PhFree

PhFormatDateTime

PhQueryRegistryString

PhGetServiceDllParameter

PhDelayExecution

PhGetJsonObjectAsArrayList

PhFormatBytes

PhGetJsonArrayIndexObject

PhConvertUtf16ToUtf8

PhGetJsonArrayString

PhHexStringToBuffer

PhConvertUtf16ToMultiByte

PhAddJsonArrayObject

PhAddItemList

PhFormatTime

PhCreateBytes

PhQueryFullAttributesFileWin32

PhParseCommandLineFuzzy

PhGetJsonArrayLength

PhAddJsonObject

PhLargeIntegerToLocalSystemTime

PhCreateList

PhCreateThreadEx

KphQueryHashInformationFile

PhConcatStrings2

PhAppendFormatStringBuilder

PhGetPhVersion

PhfEndInitOnce

PhHttpSocketQueryHeaderUlong

PhHttpSocketDestroy

PhHttpSocketEndRequest

PhDeleteAutoPool

PhHttpSocketAddRequestHeaders

PhSetFilePosition

KphLevel

PhShowStatus

PhHttpSocketParseUrl

PhGetClassObject

PhUpdateHash

PhGetBaseName

PhGetWindowContext

PhHttpSocketGetErrorMessage

PhCreateFileWin32

PhLoadMappedImageEx

PhSetApplicationWindowIcon

PhCreateThread2

PhSetThreadBasePriority

PhHttpSocketConnect

PhHttpSocketWriteData

PhCreateObject

PhInitializeAutoPool

PhCenterWindow

PhConvertUtf16ToAsciiEx

PhUnloadMappedImage

PhDeleteStringBuilder

PhNtStatusToDosError

PhGetJsonArrayLong64

PhHttpSocketDownloadString

PhGetJsonValueAsUInt64

PhCreateJsonParser

PhfBeginInitOnce

PhRemoveWindowContext

PhHttpSocketBeginRequest

PhShellExecute

PhFormatUInt64

PhMainWndHandle

PhGetGlobalWorkQueue

PhQueueItemWorkQueue

PhFormatString_V

PhInsertEMenuItem

PhShellProcessHacker

PhFreeFileDialog

PhPluginCreateEMenuItem

PhShowFileDialog

PhCreateEMenuItem

PhGetApplicationIcon

PhPluginInvokeWindowCallback

PhCompareStringRef

PhSetFileDialogFilter

PhFindEMenuItem

PhCreateOpenFileDialog

PhAddSettings

PhGetFileDialogFileName

PhGetIntegerStringRefSetting

PhSetIntegerStringRefSetting

PhGetGeneralCallback

PhPluginSetObjectExtension

PhIndexOfEMenuItem

PhAutoDereferenceObject

PhRegisterCallback

PhPluginAddTreeNewColumn

PhRegisterPlugin

PhGetPluginCallback

PhGetFileName

PhPluginGetObjectExtension

PhFormat

PhHashStringRefEx

PhAllocate

PhEqualStringRef

PhAddEntryHashtableEx

PhfWakeForReleaseQueuedLock

PhCreateHashtable

PhReferenceObject

PhfAcquireQueuedLockExclusive

PhDereferenceObject

PhConvertUtf8ToUtf16

PhFindEntryHashtable

ntdll

RtlLookupFunctionEntry

RtlVirtualUnwind

RtlUnwindEx

RtlCaptureContext

RtlPcToFileHeader

NtQueryInformationThread

NtClose

NtReadFile

kernel32

FlsFree

FlsSetValue

FlsGetValue

FlsAlloc

WideCharToMultiByte

MultiByteToWideChar

GetCommandLineW

GetCommandLineA

GetCPInfo

GetOEMCP

GetACP

IsValidCodePage

FindNextFileW

FindFirstFileExW

FindClose

GetFileType

GetStdHandle

HeapFree

HeapAlloc

GetModuleFileNameW

GetModuleHandleExW

ExitProcess

RaiseException

EncodePointer

LCMapStringW

GetProcAddress

FreeLibrary

TlsFree

TlsSetValue

TlsGetValue

TlsAlloc

InitializeCriticalSectionAndSpinCount

DeleteCriticalSection

LeaveCriticalSection

EnterCriticalSection

SetLastError

InterlockedFlushSList

GetModuleHandleW

GetStartupInfoW

IsDebuggerPresent

InitializeSListHead

GetSystemTimeAsFileTime

GetCurrentThreadId

GetCurrentProcessId

QueryPerformanceCounter

IsProcessorFeaturePresent

TerminateProcess

GetCurrentProcess

SetUnhandledExceptionFilter

UnhandledExceptionFilter

GetProcessHeap

GetStringTypeW

LoadLibraryExW

SetStdHandle

HeapSize

HeapReAlloc

FlushFileBuffers

WriteFile

GetConsoleOutputCP

GetConsoleMode

SetFilePointerEx

SystemTimeToTzSpecificLocalTime

GetLastError

CloseHandle

CreateFileW

WriteConsoleW

user32

DrawTextW

GetDlgItem

SendMessageW

IsIconic

SetWindowLongPtrW

CallWindowProcW

PostMessageW

IsWindowVisible

GetWindowLongPtrW

comctl32

ord345

Sections

.text
Size: 116KB - Virtual size: 112KB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

.rdata
Size: 60KB - Virtual size: 58KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

_RDATA
Size: 4KB - Virtual size: 500B

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_DISCARDABLE

IMAGE_SCN_MEM_READ

CSASASDSACSA/plugins/OnlineChecks.sig

CSASASDSACSA/plugins/ToolStatus.dll

.dll windows:6 windows x64 arch:x64

30a5e4d8f9053e6a0e7d8e32e0f24403

Code Sign

05:9b:1b:57:9e:8e:21:32:e2:39:07:bd:a7:77:75:5c
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2013, 12:00

Not After

15/01/2038, 12:00

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

05:0a:5a:39:6d:03:ea:60:cd:53:68:b3:d7:ba:f7:a6
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

21/09/2023, 00:00

Not After

15/09/2026, 23:59

Subject

CN=Winsider Seminars & Solutions Inc.,O=Winsider Seminars & Solutions Inc.,L=Montréal,ST=Quebec,C=CA

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

2b:a2:75:b2:3e:02:ac:d9:cc:ca:42:1d:ac:da:c0:5d:11:46:17:c2:c1:da:3a:bd:97:2a:9f:a2:0c:98:c7:65
Signer

Actual PE Digest

2b:a2:75:b2:3e:02:ac:d9:cc:ca:42:1d:ac:da:c0:5d:11:46:17:c2:c1:da:3a:bd:97:2a:9f:a2:0c:98:c7:65

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_LARGE_ADDRESS_AWARE

IMAGE_FILE_DLL

PDB Paths

ToolStatus.pdb

Imports

systeminformer.exe

PhfAcquireQueuedLockShared

PhGetProtocolTypeName

PhSearchControlMatchZ

PhGetServiceTypeString

PhfReleaseQueuedLockShared

PhFormatToBuffer

PhSearchControlMatchLongHintZ

PhClearList

PhGetSelectedAndPropagateProcessItems

PhfBeginInitOnce

PhDelayExecution

PhTaskbarListCreate

PhSetThreadName

PhfEndInitOnce

PhFindServiceNode

PhDrawGraphDirect

PhTaskbarListDestroy

PhTaskbarListSetOverlayIcon

PhCreateThreadEx

PhImageListCreate

PhImageListSetIconSize

PhLoadIcon

PhSetWindowText

PhAddTreeNewFilter

PhLoadImageFormatFromResource

PhGetShieldBitmap

PhCreateSearchControl

PhIconToBitmap

PhReferenceObject

PhSearchControlMatch

PhGetProcessPriorityClassString

PhGetTcpStateName

PhSelectComboBoxString

PhGetWindowText

PhGetFilterSupportProcessTreeList

PhSetSelectThreadIdProcessPropContext

PhRemoveWindowContext

PhFindProcessNode

PhPluginGetSystemStatistics

PhPluginInvokeWindowCallback

PhUiTerminateProcesses

PhFindEMenuItem

PhCreateEMenu

PhDestroyEMenuItem

PhInvokeCallback

PhAddSettings

PhThemeWindowDrawRebar

PhGetGeneralCallback

PhRegisterMessageLoopFilter

PhShowProcessProperties

PhIndexOfEMenuItem

PhApplyTreeNewFilters

PhShowEMenu

PhExpandAllProcessNodes

PhRegisterCallback

PhSelectAndEnsureVisibleProcessNode

PhGetFilterSupportServiceTreeList

PhDeselectAllServiceNodes

PhGetSelectedProcessItem

PhDestroyEMenu

PhGetFilterSupportNetworkTreeList

PhReferenceProcessItem

PhRegisterPlugin

PhGetPluginCallback

PhHungWindowFromGhostWindow

PhCreateAlloc

PhShowMessage

PhThemeWindowDrawToolbar

PhImageListAddBitmap

PhGetOwnTokenAttributes

PhCreateProcessPropContext

PhDeselectAllProcessNodes

PhAddItemSimpleHashtable

PhInsertEMenuItem

PhCreateList

PhRemoveItemSimpleHashtable

PhModifyEMenuItem

PhShowProcessRecordDialog

PhFormat

PhSystemBasicInformation

PhPluginCreateEMenuItem

PhDivideSinglesBySingle

PhEqualStringRef

PhInitializeGraphState

PhCreateEMenuItem

PhInitializeStringBuilder

PhConcatStrings2

PhAppendFormatStringBuilder

PhStringToInteger64

PhAddItemList

PhGetStringRefSetting

PhSiSetColorsGraphDrawInfo

PhDeleteGraphState

PhShowSystemInformationDialog

PhReferenceEmptyString

PhGraphStateGetDrawInfo

PhSplitStringRefAtChar

PhSetStringRefSetting

PhRemoveStringBuilder

PhFinalStringBuilderString

PhCopyCircularBuffer_FLOAT

PhFindItemSimpleHashtable

PhDereferenceProcessRecord

PhAutoDereferenceObject

PhFindProcessRecord

PhDereferenceObject

PhGetPluginName

PhGetStatisticsTime

PhCreateSimpleHashtable

PhGetStatisticsTimeString

PhMainWndHandle

PhCountStringZ

PhSetIntegerStringRefSetting

PhImageListReplace

PhGetSystemMetrics

PhSetWindowContext

PhWindowThemeControlColor

PhAllocate

PhDialogBox

PhInsertItemList

PhInitializeWindowTheme

PhRemoveItemList

PhGetIntegerStringRefSetting

PhGetWindowContext

PhSetApplicationWindowIcon

PhGetDpi

PhGetWindowDpi

PhCenterWindow

PhFree

PhGetSystemParametersInfo

PhGetTaskbarDpi

ntdll

RtlUnwindEx

RtlVirtualUnwind

RtlLookupFunctionEntry

RtlCaptureContext

RtlPcToFileHeader

NtCreateEvent

NtWaitForSingleObject

NtSetEvent

user32

DefWindowProcW

CallWindowProcW

GetWindowRect

GetMenu

GetFocus

SetWindowPos

SetWindowLongPtrW

GetWindowLongPtrW

WindowFromPoint

LoadAcceleratorsW

IsChild

MapWindowPoints

SetFocus

TranslateAcceleratorW

SetCapture

GetWindowDC

SetCursor

GetClientRect

IsZoomed

ReleaseCapture

LoadImageW

IsIconic

GetCursorPos

DestroyWindow

IsWindowVisible

CreateWindowExW

ShowWindow

GetDC

DestroyIcon

CreateIconIndirect

SetMenu

DrawMenuBar

DrawIconEx

ReleaseDC

FillRect

SendMessageW

EndDialog

GetSysColor

GetDlgItem

GetSysColorBrush

GetParent

InvalidateRect

EnableWindow

GetWindowThreadProcessId

DrawTextW

gdi32

CreateFontIndirectW

DeleteObject

SetBkMode

SetTextColor

DeleteDC

CreateCompatibleDC

SelectObject

CreateCompatibleBitmap

BitBlt

SetROP2

RestoreDC

Rectangle

CreatePen

GetStockObject

SaveDC

GetTextExtentPoint32W

SetDCPenColor

SetDCBrushColor

Polyline

CreateDIBSection

GetTextMetricsW

CreateSolidBrush

kernel32

GetCurrentProcess

SetUnhandledExceptionFilter

UnhandledExceptionFilter

IsProcessorFeaturePresent

SetFilePointerEx

TerminateProcess

QueryPerformanceCounter

GetCurrentProcessId

GetCurrentThreadId

GetSystemTimeAsFileTime

InitializeSListHead

IsDebuggerPresent

GetStartupInfoW

GetModuleHandleW

InterlockedFlushSList

GetLastError

SetLastError

EnterCriticalSection

LeaveCriticalSection

DeleteCriticalSection

InitializeCriticalSectionAndSpinCount

TlsAlloc

TlsGetValue

TlsSetValue

TlsFree

GetConsoleMode

GetConsoleOutputCP

GetProcAddress

LoadLibraryExW

EncodePointer

RaiseException

ExitProcess

GetModuleHandleExW

GetModuleFileNameW

HeapFree

HeapAlloc

FindClose

FindFirstFileExW

FindNextFileW

IsValidCodePage

GetACP

GetOEMCP

GetCPInfo

GetCommandLineA

GetCommandLineW

MultiByteToWideChar

WideCharToMultiByte

FlsAlloc

FlsGetValue

FlsSetValue

FlsFree

LCMapStringW

GetProcessHeap

GetStdHandle

GetFileType

GetStringTypeW

HeapSize

HeapReAlloc

SetStdHandle

FlushFileBuffers

CreateFileW

CloseHandle

WriteConsoleW

WriteFile

FreeLibrary

Sections

.text
Size: 120KB - Virtual size: 116KB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

.rdata
Size: 56KB - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

_RDATA
Size: 4KB - Virtual size: 500B

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.rsrc
Size: 192KB - Virtual size: 191KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_DISCARDABLE

IMAGE_SCN_MEM_READ

CSASASDSACSA/plugins/ToolStatus.sig

CSASASDSACSA/plugins/Updater.dll

.dll windows:6 windows x64 arch:x64

c5a263e3cac227df6d673ebfa54fcbe5

Code Sign

05:9b:1b:57:9e:8e:21:32:e2:39:07:bd:a7:77:75:5c
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2013, 12:00

Not After

15/01/2038, 12:00

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

05:0a:5a:39:6d:03:ea:60:cd:53:68:b3:d7:ba:f7:a6
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

21/09/2023, 00:00

Not After

15/09/2026, 23:59

Subject

CN=Winsider Seminars & Solutions Inc.,O=Winsider Seminars & Solutions Inc.,L=Montréal,ST=Quebec,C=CA

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

7b:b4:82:c1:2e:97:74:06:61:1f:87:ed:f8:4d:5c:c0:77:1f:11:cb:4d:93:74:c7:15:99:86:4b:f6:ac:2b:e9
Signer

Actual PE Digest

7b:b4:82:c1:2e:97:74:06:61:1f:87:ed:f8:4d:5c:c0:77:1f:11:cb:4d:93:74:c7:15:99:86:4b:f6:ac:2b:e9

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_LARGE_ADDRESS_AWARE

IMAGE_FILE_DLL

PDB Paths

Updater.pdb

Imports

systeminformer.exe

PhfSetEvent

PhGetApplicationIcon

PhHttpSocketGetErrorMessage

PhFormatString

PhGetStatusMessage

PhfResetEvent

PhDeleteCacheFile

PhfBeginInitOnce

PhGetKernelFileName2

PhShowMessage

PhNtStatusToDosError

PhConcatStrings

PhInitializeAutoPool

PhCreateObject

PhDelayExecution

PhQueueItemWorkQueue

PhShellExecuteEx

PhSplitStringRefAtChar

PhGetGlobalWorkQueue

PhRegisterWindowCallback

PhHttpSocketParseUrl

PhShowStatus

PhGetApplicationDirectoryFileName

PhHttpSocketAddRequestHeaders

PhGetSelectedListViewItemParams

PhHttpSocketReadData

PhAllocateSafe

PhHttpSocketQueryHeaderUlong

PhfEndInitOnce

PhClearCacheDirectory

PhGetPhVersion

PhGetFileVersionInfoEx

PhPluginInvokeWindowCallback

PhDialogBox

PhCreateFileWin32Ex

PhGetFileVersionFixedInfo

PhIsExecutingInWow64

PhfWaitForEvent

PhCreateFile

PhCreateObjectType

PhConvertUtf8ToUtf16Ex

PhSplitStringRefAtLastChar

PhFormatSize

PhCreateCacheFile

PhUnregisterWindowCallback

PhCreateThreadEx

PhCreateKsiSettingsBlob

PhIntegerToString64

PhHexStringToBufferEx

PhBufferToHexString

PhGetJsonObject

PhGetJsonValueAsString

PhHandleCopyListViewEMenuItem

PhSetWindowContext

PhFormatToBuffer

PhCreateList

PhHttpSocketSendRequest

PhWindowThemeControlColor

PhInsertCopyListViewEMenuItem

PhQuerySystemTime

PhInitializeLayoutManager

PhLargeIntegerToLocalSystemTime

PhDeleteLayoutManager

PhFormat

PhSetListViewSubItem

PhFindListViewItemByFlags

PhSetControlTheme

PhFormatTimeSpanRelative

PhAllocate

PhGetJsonArrayLength

PhSaveWindowPlacementToSetting

PhGetPhVersionHash

PhFreeJsonObject

PhEqualStringRef

PhCreateJsonParserEx

PhSaveListViewSortColumnsToSetting

PhHttpSocketCreate

PhCreateEMenuItem

PhHttpSocketEndRequest

PhSetExtendedListView

PhInitializeStringBuilder

PhGetSelectedListViewItemParam

PhConcatStrings2

PhAddListViewColumn

PhCreateEMenu

PhStringToInteger64

PhAddItemList

PhCreateString3

PhHttpSocketDestroy

PhInitializeWindowTheme

PhLoadListViewColumnsFromSetting

PhGetJsonObjectType

PhGetPhVersionNumbers

PhReferenceEmptyString

PhGetJsonArrayIndexObject

PhGetWindowContext

PhSetDialogItemText

PhSetApplicationWindowIcon

PhLoadWindowPlacementFromSetting

PhCreateStringEx

PhGetListViewItemParam

PhFinalStringBuilderString

PhSaveListViewColumnsToSetting

PhHandleListViewNotifyForCopy

PhCreateThread2

PhAddLayoutItem

PhShowEMenu

PhHttpSocketConnect

PhAddListViewItem

PhFormatString_V

PhFindStringInStringRef

PhAutoDereferenceObject

PhAppendCharStringBuilder

PhFormatDateTime

PhCenterWindow

PhDestroyEMenu

PhFree

PhReferenceObject

PhGetListViewContextMenuPoint

PhLoadListViewSortColumnsFromSetting

PhGetIntegerPairStringRefSetting

PhHttpSocketDownloadString

PhGetJsonValueAsUInt64

PhFormatDate

PhGetListViewItemText

PhAppendStringBuilder

PhLayoutManagerLayout

PhRemoveWindowContext

PhHttpSocketBeginRequest

PhShellExecute

PhCopyListView

PhInsertEMenuItem

PhPluginCreateEMenuItem

PhGetStringRefSetting

PhAddSettings

PhGetIntegerStringRefSetting

PhSetIntegerStringRefSetting

PhGetGeneralCallback

PhSetStringRefSetting

PhRegisterCallback

PhRegisterPlugin

PhGetPluginCallback

PhDeleteAutoPool

PhDereferenceObject

ntdll

RtlLookupFunctionEntry

RtlVirtualUnwind

RtlUnwindEx

RtlCaptureContext

RtlPcToFileHeader

NtClose

NtWriteFile

kernel32

WideCharToMultiByte

MultiByteToWideChar

GetCommandLineW

GetCommandLineA

GetCPInfo

GetOEMCP

GetACP

IsValidCodePage

FindNextFileW

FindFirstFileExW

FindClose

GetFileType

GetStdHandle

HeapFree

HeapAlloc

GetModuleFileNameW

GetModuleHandleExW

ExitProcess

EncodePointer

LoadLibraryExW

TlsFree

TlsSetValue

TlsGetValue

TlsAlloc

InitializeCriticalSectionAndSpinCount

DeleteCriticalSection

LeaveCriticalSection

SetLastError

InterlockedFlushSList

GetStartupInfoW

IsDebuggerPresent

InitializeSListHead

GetSystemTimeAsFileTime

GetCurrentThreadId

GetCurrentProcessId

QueryPerformanceCounter

IsProcessorFeaturePresent

TerminateProcess

GetCurrentProcess

SetUnhandledExceptionFilter

UnhandledExceptionFilter

LoadLibraryExA

GetProcAddress

GetModuleHandleW

FreeLibrary

VirtualQuery

VirtualProtect

GetSystemInfo

RaiseException

LCMapStringW

FlsAlloc

FlsGetValue

FlsSetValue

FlsFree

EnterCriticalSection

GetProcessHeap

GetStringTypeW

SetStdHandle

HeapSize

HeapReAlloc

FlushFileBuffers

WriteFile

GetConsoleOutputCP

GetConsoleMode

SetFilePointerEx

GetLastError

SystemTimeToTzSpecificLocalTime

CloseHandle

CreateFileW

WriteConsoleW

user32

GetParent

GetDlgItem

GetSysColor

EndDialog

SendMessageW

CallWindowProcW

PostMessageW

GetWindowLongPtrW

ShowWindow

SetForegroundWindow

IsIconic

SetWindowLongPtrW

SetTimer

KillTimer

gdi32

SelectObject

GetObjectW

CreateFontIndirectW

DeleteObject

comctl32

ord345

Sections

.text
Size: 108KB - Virtual size: 107KB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

.rdata
Size: 60KB - Virtual size: 58KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 88B

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

_RDATA
Size: 4KB - Virtual size: 500B

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_DISCARDABLE

IMAGE_SCN_MEM_READ

CSASASDSACSA/plugins/Updater.sig

CSASASDSACSA/plugins/UserNotes.dll

.dll windows:6 windows x64 arch:x64

b67831227029474238ee103fc44a539d

Code Sign

05:9b:1b:57:9e:8e:21:32:e2:39:07:bd:a7:77:75:5c
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2013, 12:00

Not After

15/01/2038, 12:00

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

05:0a:5a:39:6d:03:ea:60:cd:53:68:b3:d7:ba:f7:a6
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

21/09/2023, 00:00

Not After

15/09/2026, 23:59

Subject

CN=Winsider Seminars & Solutions Inc.,O=Winsider Seminars & Solutions Inc.,L=Montréal,ST=Quebec,C=CA

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

1b:fc:1d:a1:06:de:c4:5d:ba:16:7b:b8:1c:df:d8:3a:2d:c9:cf:1f:fb:15:4e:65:08:e4:18:04:0a:29:9c:c2
Signer

Actual PE Digest

1b:fc:1d:a1:06:de:c4:5d:ba:16:7b:b8:1c:df:d8:3a:2d:c9:cf:1f:fb:15:4e:65:08:e4:18:04:0a:29:9c:c2

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_LARGE_ADDRESS_AWARE

IMAGE_FILE_DLL

PDB Paths

UserNotes.pdb

Imports

systeminformer.exe

PhAddSettings

PhCreateOpenFileDialog

PhFindEMenuItem

PhSetFileDialogFilter

PhCompareStringRef

PhPluginInvokeWindowCallback

PhGetApplicationIcon

PhCreateEMenuItem

PhShowFileDialog

PhLoadCustomColorList

PhPluginCreateEMenuItem

PhSetProcessItemPriority

PhFreeFileDialog

PhInvalidateAllProcessNodes

PhPluginAddMenuHook

PhGetPluginInterface

PhGetKnownLocation

PhGetFileDialogFileName

PhRemoveEMenuItem

PhInsertEMenuItem

PhCopyListView

PhGetListViewContextMenuPoint

PhDestroyEMenu

PhAddListViewItem

PhShowEMenu

PhSaveListViewColumnsToSetting

PhRemoveListViewItem

PhLoadListViewColumnsFromSetting

PhCreateEMenu

PhAddListViewColumn

PhSetExtendedListView

PhSetControlTheme

PhSetListViewSubItem

PhInsertCopyListViewEMenuItem

PhHandleCopyListViewEMenuItem

PhGetSelectedListViewItemParams

PhGetApplicationDirectoryFileName

PhShowStatus

PhSaveCustomColorList

PhGetGeneralCallback

PhShowMessage2

PhGetBaseName

PhPluginSetObjectExtension

PhSetApplicationWindowIcon

PhSetProcessItemIoPriority

PhAddProcessPropPage

PhGetSelectedProcessItems

PhShowProcessAffinityDialog2

PhIndexOfEMenuItem

PhSetProcessItemPagePriority

PhRegisterCallback

PhGetProcessPriority

PhGetSelectedProcessItem

PhUnloadMappedImage

PhPluginAddTreeNewColumn

PhRegisterPlugin

PhGetPluginCallback

PhCreateProcessPropPageContextEx

PhShowMessage

PhPluginGetObjectExtension

PhLoadMappedImage

PhSetProcessItemThrottlingState

PhDuplicateProcessNodeList

PhSetProcessItemAffinityMask

PhSetProcessItemPriorityBoost

PhIntegerToString64

PhFormatToBuffer

PhSaveXmlObjectToFile

PhConcatStringRef3

PhGetXmlNodeOpaqueText

PhHashStringRefEx

PhConvertUtf16ToUtf8Ex

PhRemoveEntryHashtable

PhSetXmlNodeAttributeText

PhCreateXmlOpaqueNode

PhDoesFileExist

PhAddEntryHashtableEx

PhFreeXmlObject

PhCreateKey

PhStringToInteger64

PhfWakeForReleaseQueuedLock

PhGetXmlNodeNextChild

PhCreateHashtable

PhCreateStringEx

PhGetXmlNodeFirstChild

PhDeleteFile

PhCreateXmlNode

PhConcatStringRef2

PhConvertUtf8ToUtf16

PhfAcquireQueuedLockExclusive

PhEnumHashtable

PhQueryRegistryUlong

PhGetOwnTokenAttributes

PhLoadXmlObjectFromFile

PhDeleteValueKey

PhOpenKey

PhFindEntryHashtable

PhGetXmlNodeAttributeCount

PhSetValueKey

PhGetXmlNodeAttributeByIndex

PhSetWindowContext

PhWindowThemeControlColor

PhInitializeLayoutManager

PhDeleteLayoutManager

PhAllocate

PhEqualStringRef

PhGetWindowText

PhPropPageDlgProcHeader

PhInitializeWindowTheme

PhGetIntegerStringRefSetting

PhReferenceEmptyString

PhGetWindowContext

PhSetDialogItemText

PhDoPropPageLayout

PhAddLayoutItem

PhFormatString_V

PhAutoDereferenceObject

PhCenterWindow

PhFree

PhReferenceObject

PhLayoutManagerLayout

PhDereferenceObject

PhRemoveWindowContext

PhGetStatusMessage

PhAddPropPageLayoutItem

ntdll

RtlLookupFunctionEntry

RtlVirtualUnwind

RtlUnwindEx

RtlPcToFileHeader

RtlCaptureContext

NtQueryInformationProcess

NtClose

NtDeleteKey

user32

EnableWindow

GetParent

GetDlgItem

SendMessageW

SetWindowLongPtrW

MessageBoxW

SetWindowTextW

comctl32

ord345

CreatePropertySheetPageW

kernel32

LCMapStringW

FlsFree

FlsSetValue

FlsGetValue

FlsAlloc

WideCharToMultiByte

MultiByteToWideChar

GetCommandLineW

GetCommandLineA

GetCPInfo

GetOEMCP

GetACP

IsValidCodePage

FindNextFileW

FindFirstFileExW

FindClose

HeapFree

HeapAlloc

GetModuleFileNameW

GetModuleHandleExW

ExitProcess

EncodePointer

LoadLibraryExW

TlsFree

TlsSetValue

GetProcessHeap

TlsAlloc

InitializeCriticalSectionAndSpinCount

DeleteCriticalSection

LeaveCriticalSection

EnterCriticalSection

SetLastError

InterlockedFlushSList

GetStartupInfoW

IsDebuggerPresent

InitializeSListHead

GetSystemTimeAsFileTime

GetCurrentThreadId

GetCurrentProcessId

QueryPerformanceCounter

IsProcessorFeaturePresent

TerminateProcess

GetCurrentProcess

SetUnhandledExceptionFilter

UnhandledExceptionFilter

LoadLibraryExA

GetProcAddress

GetModuleHandleW

FreeLibrary

VirtualQuery

VirtualProtect

GetSystemInfo

GetLastError

RaiseException

GetStringTypeW

HeapSize

HeapReAlloc

SetStdHandle

TlsGetValue

GetFileType

FlushFileBuffers

WriteFile

GetConsoleOutputCP

GetConsoleMode

SetFilePointerEx

CreateFileW

CloseHandle

WriteConsoleW

GetStdHandle

Sections

.text
Size: 92KB - Virtual size: 89KB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

.rdata
Size: 52KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

_RDATA
Size: 4KB - Virtual size: 500B

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_DISCARDABLE

IMAGE_SCN_MEM_READ

CSASASDSACSA/plugins/UserNotes.sig

CSASASDSACSA/plugins/WindowExplorer.dll

.dll windows:6 windows x64 arch:x64

5b1b8e3ff7b301f7b761e97c537799b3

Code Sign

05:9b:1b:57:9e:8e:21:32:e2:39:07:bd:a7:77:75:5c
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2013, 12:00

Not After

15/01/2038, 12:00

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

05:0a:5a:39:6d:03:ea:60:cd:53:68:b3:d7:ba:f7:a6
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

21/09/2023, 00:00

Not After

15/09/2026, 23:59

Subject

CN=Winsider Seminars & Solutions Inc.,O=Winsider Seminars & Solutions Inc.,L=Montréal,ST=Quebec,C=CA

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

91:48:d9:8d:5e:ce:24:99:da:bd:e1:7e:9e:44:c4:67:a4:8b:a2:c3:c7:75:ed:30:b2:bf:a0:92:95:d7:ab:cc
Signer

Actual PE Digest

91:48:d9:8d:5e:ce:24:99:da:bd:e1:7e:9e:44:c4:67:a4:8b:a2:c3:c7:75:ed:30:b2:bf:a0:92:95:d7:ab:cc

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_LARGE_ADDRESS_AWARE

IMAGE_FILE_DLL

PDB Paths

WindowExplorer.pdb

Imports

systeminformer.exe

PhFindProcessNode

PhCreateSearchControl

PhSetSelectThreadIdProcessPropContext

PhfWaitForEvent

PhFormatString

PhOpenProcess

PhGetTreeNewText

PhWindowThemeControlColor

PhDestroyWindowRemote

PhCreateThreadEx

PhModalPropertySheet

PhCopyListView

PhCreateSymbolProvider

PhAppendStringBuilder

PhHandleListViewNotifyBehaviors

PhfAcquireQueuedLockExclusive

PhAppResolverGetAppIdForWindow

PhDeleteStringBuilder

PhGetListViewContextMenuPoint

PhDosErrorToNtStatus

PhAppendCharStringBuilder

PhFormatString_V

PhAddListViewItem

PhCreateThread2

PhSaveListViewColumnsToSetting

PhFinalStringBuilderString

PhGetListViewItemParam

PhQueueItemWorkQueue

PhLoadSymbolProviderOptions

PhRemoveStringBuilder

PhGetImageListIcon

PhGetGlobalWorkQueue

PhShowMessage2

PhLoadModulesForVirtualSymbolProvider

PhGetModuleProcAddress

PhLoadListViewColumnsFromSetting

PhfWakeForReleaseQueuedLock

PhAddListViewGroupItem

PhGetSymbolFromAddress

PhAddListViewColumn

PhAppendFormatStringBuilder

PhCreateEMenuItem

PhInitializeStringBuilder

PhSetExtendedListView

PhDialogBox

PhEqualStringRef

PhSetControlTheme

PhFindListViewItemByFlags

PhSetListViewSubItem

PhFormatSize

PhShowConfirmMessage

PhAddListViewGroup

PhfInitializeInitOnce

PhInsertCopyListViewEMenuItem

PhHandleCopyListViewEMenuItem

PhGetStockApplicationIcon

PhGetSelectedListViewItemParams

PhFindEntryHashtable

PhImageListCreate

PhDeleteTreeNewFilterSupport

PhCmSaveSettings

PhRemoveTreeNewFilter

PhSearchControlMatch

PhSetStringRefSetting

PhGetProcessSmallImageList

PhCreateHashtable

PhClearHashtable

PhImageListSetBkColor

PhAddTreeNewFilter

PhHandleTreeNewColumnMenu

PhInitializeTreeNewColumnMenuEx

PhGetStringRefSetting

PhDeleteTreeNewColumnMenu

PhCompareStringRef

PhCmLoadSettings

PhClearList

PhImageListDestroy

PhInitializeTreeNewFilterSupport

PhImageListAddIcon

PhSearchControlMatchLongHintZ

PhAddEntryHashtable

PhPluginInvokeWindowCallback

PhSetFlagsAllEMenuItems

PhPropPageDlgProcHeader

PhConcatStrings2

PhCreateEMenu

PhCreateDialog

PhStringToInteger64

PhHandleCopyCellEMenuItem

PhfEndInitOnce

PhGetProcessMappedFileName

PhDeleteAutoPool

PhInitializeWindowTheme

PhUnregisterCallback

PhShowStatus

PhSetClipboardString

PhGetProcedureAddress

PhReferenceEmptyString

PhApplyTreeNewFiltersToNode

PhGetBaseName

PhSetApplicationWindowIcon

PhShowProcessProperties

PhAddProcessPropPage

PhDrainAutoPool

PhfSetEvent

PhDoPropPageLayout

PhApplyTreeNewFilters

PhShellExecuteUserString

PhShowEMenu

PhSelectAndEnsureVisibleProcessNode

PhLoadLibrary

PhGetWindowTextEx

PhDoesFileExistWin32

PhInitializeAutoPool

PhCenterWindow

PhDestroyEMenu

PhReferenceProcessItem

PhInsertCopyCellEMenuItem

PhSetWindowText

PhHungWindowFromGhostWindow

PhGetClientIdName

PhGetFileName

PhCreateProcessPropPageContextEx

PhShowMessage

PhCreateProcessPropContext

PhfBeginInitOnce

PhSetFlagsEMenuItem

PhfResetEvent

PhAddPropPageLayoutItem

PhCountStringZ

PhGetWindowDpi

PhGetSystemMetrics

PhSetWindowContext

PhInitializeLayoutManager

PhDeleteLayoutManager

PhCreateObjectType

PhEnumChildWindows

PhAllocate

PhSaveWindowPlacementToSetting

PhAddLayoutItemEx

PhGetWindowContext

PhSetDialogItemText

PhLoadWindowPlacementFromSetting

PhAddLayoutItem

PhCreateObject

PhFree

PhGetIntegerPairStringRefSetting

PhLayoutManagerLayout

PhDereferenceObject

PhRemoveWindowContext

PhInsertEMenuItem

PhCreateList

PhCreateString

PhaChoiceDialog

PhPluginCreateEMenuItem

PhFindEMenuItem

PhAddItemList

PhAddSettings

PhGetIntegerStringRefSetting

PhGetGeneralCallback

PhIndexOfEMenuItem

PhAutoDereferenceObject

PhRegisterCallback

PhRegisterPlugin

PhReferenceObject

PhGetWindowText

PhGetPluginCallback

ntdll

RtlVirtualUnwind

RtlLookupFunctionEntry

RtlCaptureContext

RtlUnwindEx

RtlPcToFileHeader

NtClose

kernel32

GetConsoleMode

WriteFile

FlushFileBuffers

SetStdHandle

HeapReAlloc

HeapSize

GetStringTypeW

GetFileType

GetStdHandle

GetProcessHeap

LCMapStringW

FlsFree

FlsSetValue

FlsGetValue

FlsAlloc

WideCharToMultiByte

MultiByteToWideChar

GetCommandLineW

GetCommandLineA

GetCPInfo

GetOEMCP

GetACP

IsValidCodePage

FindNextFileW

FindFirstFileExW

FindClose

HeapAlloc

HeapFree

GetModuleFileNameW

GetModuleHandleExW

ExitProcess

EncodePointer

LoadLibraryExW

TlsFree

TlsSetValue

TlsGetValue

TlsAlloc

InitializeCriticalSectionAndSpinCount

DeleteCriticalSection

LeaveCriticalSection

EnterCriticalSection

SetLastError

InterlockedFlushSList

GetStartupInfoW

IsDebuggerPresent

InitializeSListHead

GetSystemTimeAsFileTime

GetCurrentThreadId

GetCurrentProcessId

QueryPerformanceCounter

IsProcessorFeaturePresent

TerminateProcess

GetCurrentProcess

SetUnhandledExceptionFilter

UnhandledExceptionFilter

LoadLibraryExA

GetModuleHandleW

FreeLibrary

VirtualQuery

VirtualProtect

GetSystemInfo

RaiseException

SetFilePointerEx

GetLastError

GetProcAddress

CreateFileW

CloseHandle

WriteConsoleW

GetConsoleOutputCP

Sections

.text
Size: 108KB - Virtual size: 106KB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

.rdata
Size: 64KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 840B

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

_RDATA
Size: 4KB - Virtual size: 500B

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_DISCARDABLE

IMAGE_SCN_MEM_READ

CSASASDSACSA/plugins/WindowExplorer.sig

CSASASDSACSA/x86/SystemInformer.exe

.exe windows:6 windows x86 arch:x86

07d15768a5f7dc052a07df948b23e635

Code Sign

05:9b:1b:57:9e:8e:21:32:e2:39:07:bd:a7:77:75:5c
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2013, 12:00

Not After

15/01/2038, 12:00

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

05:0a:5a:39:6d:03:ea:60:cd:53:68:b3:d7:ba:f7:a6
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

21/09/2023, 00:00

Not After

15/09/2026, 23:59

Subject

CN=Winsider Seminars & Solutions Inc.,O=Winsider Seminars & Solutions Inc.,L=Montréal,ST=Quebec,C=CA

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

c2:da:dd:20:8d:1d:44:cb:99:61:12:7e:37:d9:6f:32:d7:4d:36:ee:09:36:fd:93:9f:02:bd:da:76:36:0a:b0
Signer

Actual PE Digest

c2:da:dd:20:8d:1d:44:cb:99:61:12:7e:37:d9:6f:32:d7:4d:36:ee:09:36:fd:93:9f:02:bd:da:76:36:0a:b0

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

IMAGE_DLLCHARACTERISTICS_GUARD_CF

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_32BIT_MACHINE

PDB Paths

SystemInformer.pdb

Imports

comctl32

CreatePropertySheetPageW

InitCommonControlsEx

ord345

ImageList_CoCreateInstance

ord381

PropertySheetW

ntdll

NtSetInformationToken

NtPowerInformation

NtTestAlert

NtSetInformationThread

RtlSizeHeap

NtIsProcessInJob

NtQuerySystemInformationEx

RtlRegisterWait

RtlDeregisterWaitEx

RtlCreateSecurityDescriptor

RtlCreateAcl

RtlAddAccessAllowedAce

NtAcceptConnectPort

NtReplyWaitReceivePort

RtlSetDaclSecurityDescriptor

NtCreatePort

RtlValidRelativeSecurityDescriptor

RtlSelfRelativeToAbsoluteSD2

NtConnectPort

NtRequestWaitReplyPort

RtlAbsoluteToSelfRelativeSD

NtCreateSection

RtlQueryElevationFlags

NtDeleteKey

NtReleaseSemaphore

NtFreeVirtualMemory

RtlExitUserProcess

NtSuspendThread

NtQueryInformationProcess

NtRemoveProcessDebug

NtSetSystemPowerState

NtSetHighEventPair

NtAdjustGroupsToken

NtQuerySemaphore

RtlQueryPerformanceFrequency

RtlNtStatusToDosErrorNoTeb

NtCreateDirectoryObject

RtlTimeFieldsToTime

RtlGUIDFromString

NtDuplicateToken

RtlRandomEx

RtlTimeToTimeFields

RtlCreateProcessReflection

RtlGetAce

RtlGetFullPathName_UEx

NtDelayExecution

RtlFindMessage

RtlStringFromGUID

RtlQueryPerformanceCounter

RtlCreateProcessParameters

NtQueryDefaultLocale

RtlCreateUserProcess

RtlGetDaclSecurityDescriptor

NtTerminateProcess

RtlExpandEnvironmentStrings_U

RtlFirstEntrySList

RtlUnicodeToMultiByteN

RtlDowncaseUnicodeChar

NtCreateThreadEx

NtAllocateVirtualMemory

RtlReAllocateHeap

TpSimpleTryPost

RtlUTF8ToUnicodeN

RtlMultiByteToUnicodeN

RtlMultiByteToUnicodeSize

RtlUnicodeToMultiByteSize

RtlUnicodeToUTF8N

RtlFindClearBitsAndSet

RtlInterlockedPopEntrySList

RtlGetVersion

NtUnlockFile

NtSetInformationFile

NtLockFile

NtFlushBuffersFile

NtQueryInformationFile

NtGetContextThread

NtQueryKey

NtOpenProcessToken

NtOpenThread

NtOpenSymbolicLinkObject

NtEnumerateKey

NtGetNextProcess

NtUnloadDriver

NtEnumerateValueKey

NtQueueApcThread

NtOpenKey

RtlGetSaclSecurityDescriptor

RtlDosPathNameToNtPathName_U_WithStatus

RtlConvertSidToUnicodeString

NtQuerySymbolicLinkObject

NtOpenProcess

NtTerminateThread

NtCreateNamedPipeFile

NtGetNextThread

NtQueryInformationJobObject

NtSetSecurityObject

NtDeleteValueKey

NtQueryAttributesFile

NtDeviceIoControlFile

NtOpenDirectoryObject

RtlGetUnloadEventTraceEx

NtFsControlFile

NtQueryDirectoryObject

NtQueryEvent

NtSetSystemEnvironmentValueEx

NtOpenThreadToken

NtTraceControl

NtQuerySystemEnvironmentValueEx

RtlInitializeBitMap

RtlNumberOfSetBits

NtLoadKeyEx

NtCreateKey

NtEnumerateSystemEnvironmentValuesEx

NtQueueApcThreadEx

NtQuerySecurityAttributesToken

NtQueryObject

NtCreateFile

NtQueryDirectoryFile

NtOpenSection

NtQuerySecurityObject

NtSetValueKey

RtlQueryEnvironmentVariable

NtOpenFile

NtQueryValueKey

NtQueryFullAttributesFile

NtReleaseKeyedEvent

NtWaitForKeyedEvent

NtCreateKeyedEvent

LdrFindResource_U

LdrAccessResource

RtlLengthSecurityDescriptor

RtlValidSecurityDescriptor

NtClearEvent

NtCreateSemaphore

NtFlushInstructionCache

RtlSetOwnerSecurityDescriptor

RtlGetControlSecurityDescriptor

RtlGetOwnerSecurityDescriptor

RtlGetGroupSecurityDescriptor

RtlSetControlSecurityDescriptor

RtlSetGroupSecurityDescriptor

TpWaitForIoCompletion

TpAllocIoCompletion

TpReleasePool

TpReleaseIoCompletion

TpAllocPool

TpSetPoolMinThreads

TpCancelAsyncIoOperation

TpStartAsyncIoOperation

TpSetPoolMaxThreads

NtSetTimer

NtAlertThread

NtCreateTimer

RtlUnwind

NtCancelTimer

NtPulseEvent

NtSetLowEventPair

NtQueryTimer

RtlIpv6AddressToStringExW

RtlIpv4AddressToStringExW

RtlInterlockedFlushSList

RtlInterlockedPushEntrySList

RtlCreateHeap

RtlFreeHeap

RtlAllocateHeap

RtlDestroyHeap

RtlCreateQueryDebugBuffer

RtlQueryProcessDebugInformation

RtlDestroyQueryDebugBuffer

NtSetSystemInformation

NtQuerySystemInformation

NtWriteVirtualMemory

NtCreateMutant

RtlSetCurrentDirectory_U

RtlSetUnhandledExceptionFilter

NtAdjustPrivilegesToken

NtOpenMutant

NtSystemDebugControl

NtTerminateJobObject

NtAssignProcessToJobObject

NtQueryMutant

NtQueryVolumeInformationFile

NtMapViewOfSection

NtQuerySection

NtQueryOpenSubKeysEx

NtQueryVirtualMemory

NtResetEvent

NtProtectVirtualMemory

RtlSetHeapInformation

RtlInitializeCriticalSection

RtlDeleteCriticalSection

RtlLeaveCriticalSection

RtlEnterCriticalSection

RtlUpcaseUnicodeChar

NtWaitForMultipleObjects

NtSetEvent

NtCreateEvent

NtAlpcQueryInformation

NtReadVirtualMemory

NtReadFile

NtWriteFile

NtQueryInformationThread

NtSuspendProcess

NtResumeThread

NtWaitForSingleObject

NtSetInformationDebugObject

NtUnmapViewOfSection

RtlRaiseStatus

NtSetInformationProcess

NtShutdownSystem

NtDuplicateObject

NtInitiatePowerAction

NtClose

NtQueryInformationToken

NtResumeProcess

kernel32

LCMapStringW

IsValidLocale

GetUserDefaultLCID

EnumSystemLocalesW

GetStringTypeW

GetCPInfo

MultiByteToWideChar

IsValidCodePage

GetACP

GetOEMCP

SetStdHandle

GetLastError

SetConsoleCtrlHandler

FreeConsole

GetConsoleWindow

AllocConsole

LoadLibraryExW

LocalFree

SearchPathW

GetTimeFormatEx

GetLocaleInfoW

GetDateFormatEx

FormatMessageW

GetNumberFormatW

TlsSetValue

SetLastError

TlsAlloc

TlsGetValue

GlobalAlloc

GlobalFree

GlobalLock

GlobalUnlock

IsProcessorFeaturePresent

FreeLibrary

GetCurrentProcess

LocalAlloc

GlobalSize

WideCharToMultiByte

SetEndOfFile

FindClose

FindFirstFileExW

FindNextFileW

GetCommandLineA

GetCommandLineW

GetProcessHeap

FlushFileBuffers

WriteConsoleW

HeapSize

HeapReAlloc

HeapFree

HeapAlloc

SetFilePointerEx

GetFileSizeEx

GetModuleHandleExW

ExitProcess

GetModuleFileNameW

GetStdHandle

GetFileType

CreateFileW

GetConsoleOutputCP

WriteFile

CloseHandle

ReadConsoleW

UnhandledExceptionFilter

SetUnhandledExceptionFilter

TerminateProcess

QueryPerformanceCounter

GetCurrentProcessId

GetCurrentThreadId

GetSystemTimeAsFileTime

InitializeSListHead

IsDebuggerPresent

GetStartupInfoW

GetModuleHandleW

RaiseException

EncodePointer

EnterCriticalSection

LeaveCriticalSection

DeleteCriticalSection

InitializeCriticalSectionAndSpinCount

TlsFree

GetProcAddress

ReadFile

CreateProcessW

GetConsoleMode

DecodePointer

user32

DrawIconEx

FrameRect

TrackMouseEvent

GetCapture

RegisterClassExW

UnregisterClassW

GetDC

GetFocus

CallWindowProcW

DefWindowProcW

LoadImageW

PostQuitMessage

KillTimer

SetCursor

TranslateMessage

IsDialogMessageW

SetTimer

DispatchMessageW

GetMessageW

TranslateAcceleratorW

IsChild

LoadAcceleratorsW

SendMessageTimeoutW

UpdateWindow

OpenWindowStationW

OpenDesktopW

CreateMenu

EndDeferWindowPos

ChangeWindowMessageFilterEx

IntersectRect

SetMenu

CloseDesktop

BeginDeferWindowPos

IsWindow

GetWindowPlacement

CreateWindowExW

CloseWindowStation

GetWindow

ShowWindowAsync

DeferWindowPos

MoveWindow

GetMonitorInfoW

IsHungAppWindow

SetActiveWindow

MonitorFromWindow

MonitorFromPoint

GetForegroundWindow

GetDoubleClickTime

CreateIconIndirect

GetProcessWindowStation

SetWindowTextW

EnumDesktopsW

ReleaseCapture

PtInRect

SetCapture

GetAsyncKeyState

SetWindowPlacement

GetGUIThreadInfo

PeekMessageW

MsgWaitForMultipleObjects

MonitorFromRect

MessageBoxW

GetScrollBarInfo

GetWindowDC

SetMenuInfo

GetIconInfo

FindWindowExW

GetWindowTextW

SystemParametersInfoW

CreateDialogIndirectParamW

GetDesktopWindow

LookupIconIdFromDirectoryEx

IsClipboardFormatAvailable

GetUserObjectInformationW

SetClipboardData

GetClipboardData

EnumWindows

LoadMenuIndirectW

DialogBoxIndirectParamW

InternalGetWindowText

EmptyClipboard

CloseClipboard

GetWindowInfo

OpenClipboard

GetActiveWindow

GetThreadDesktop

GetSystemMetrics

GetGuiResources

EnumChildWindows

GetPropW

CreateIconFromResourceEx

GetWindowTextLengthW

DestroyMenu

TrackPopupMenu

CreatePopupMenu

InsertMenuItemW

SetScrollPos

ShowCaret

EnableScrollBar

DestroyCaret

DragDetect

CreateCaret

SetCaretPos

GetScrollInfo

RegisterClipboardFormatW

SetScrollInfo

SetCursorPos

ScrollWindowEx

GetUpdateRect

GetMessageTime

DrawFocusRect

InvalidateRgn

WaitMessage

MessageBeep

GetMessagePos

GetClassInfoExW

GetUpdateRgn

DrawFrameControl

GetAncestor

GetDCEx

ReleaseDC

BeginPaint

EndPaint

GetSystemMenu

DeleteMenu

BringWindowToTop

EnableMenuItem

SetFocus

MapDialogRect

GetWindowRect

SetWindowPos

MapWindowPoints

FillRect

GetSysColor

DrawTextW

GetSysColorBrush

GetWindowLongW

GetMenuItemInfoW

GetKeyState

PostMessageW

GetMenu

GetMenuItemCount

ScreenToClient

GetSubMenu

RedrawWindow

DestroyIcon

ClientToScreen

SetLayeredWindowAttributes

FindWindowW

SetWindowLongW

GetClientRect

InvalidateRect

GetCursorPos

GetClassNameW

EndDialog

IsWindowEnabled

GetParent

EnableWindow

GetWindowThreadProcessId

GetShellWindow

AllowSetForegroundWindow

IsWindowVisible

ExitWindowsEx

LockWorkStation

DestroyWindow

SendMessageW

ShowWindow

GetDlgItem

SetForegroundWindow

IsIconic

DrawEdge

gdi32

CreateSolidBrush

SetBkMode

SetTextColor

DeleteDC

CreateCompatibleDC

SelectObject

CreateCompatibleBitmap

BitBlt

SetDCBrushColor

GetStockObject

RectVisible

GetObjectW

GetTextExtentPoint32W

SetBkColor

GetTextColor

GetTextMetricsW

SetDCPenColor

Polyline

CreateFontW

CreateDIBSection

ExcludeClipRect

PatBlt

CombineRgn

CreateRectRgn

GdiAlphaBlend

GetDeviceCaps

GetDIBits

Rectangle

GetCharWidthW

TextOutW

SetBoundsRect

IntersectClipRect

RestoreDC

SelectClipRgn

GetClipRgn

SaveDC

DeleteObject

CreateFontIndirectW

advapi32

CloseServiceHandle

GetEffectiveRightsFromAclW

LsaSetSecurityObject

OpenSCManagerW

LsaClose

LsaAddAccountRights

CreateServiceW

StartServiceCtrlDispatcherW

SetServiceStatus

RegisterServiceCtrlHandlerExW

CreateProcessAsUserW

LogonUserW

CreateProcessWithLogonW

InitiateShutdownW

QueryServiceObjectSecurity

QueryServiceStatusEx

OpenServiceW

QueryServiceConfig2W

ChangeServiceConfigW

QueryServiceConfigW

EnumServicesStatusExW

StartServiceW

EnumDependentServicesW

ControlService

SetServiceObjectSecurity

DeleteService

ChangeServiceConfig2W

LsaQuerySecurityObject

LsaLookupPrivilegeName

LsaEnumeratePrivileges

LsaOpenPolicy

LsaLookupNames2

LsaLookupPrivilegeDisplayName

LsaLookupPrivilegeValue

LsaFreeMemory

LsaLookupSids

GetInheritanceSourceW

GetSecurityInfo

SetSecurityInfo

ole32

CoSetProxyBlanket

CoUninitialize

CoTaskMemFree

CoInitializeEx

Exports

KphEnumerateProcessHandles2

KphLevel

KphQueryHashInformationFile

PhAddElementAvlTree

PhAddEntryHashtable

PhAddEntryHashtableEx

PhAddItemArray

PhAddItemList

PhAddItemPointerList

PhAddItemSimpleHashtable

PhAddItemsArray

PhAddItemsList

PhAddJsonArrayObject

PhAddJsonObject

PhAddJsonObject2

PhAddJsonObjectInt64

PhAddJsonObjectUInt64

PhAddJsonObjectValue

PhAddLayoutItem

PhAddLayoutItemEx

PhAddListViewColumn

PhAddListViewGroup

PhAddListViewGroupItem

PhAddListViewItem

PhAddPlusMaxMemorySingles

PhAddSetting

PhAddSettings

PhAddTabControlTab

PhAdjustPrivilege

PhAdjustRectangleToBounds

PhAdjustRectangleToWorkingArea

PhAllocate

PhAllocateExSafe

PhAllocateFromFreeList

PhAllocatePage

PhAllocateSafe

PhAppResolverGetAppIdForWindow

PhAppendBytesBuilder

PhAppendBytesBuilder2

PhAppendBytesBuilderEx

PhAppendCharStringBuilder

PhAppendCharStringBuilder2

PhAppendFormatStringBuilder

PhAppendFormatStringBuilder_V

PhAppendStringBuilder

PhAppendStringBuilderEx

PhAutoDereferenceObject

PhBitmapSetAlpha

PhBoostProvider

PhBufferToHexString

PhBufferToHexStringEx

PhCallKphQueryFileInformationWithTimeout

PhCenterRectangle

PhCenterWindow

PhChangeServiceConfig2

PhClearArray

PhClearCacheDirectory

PhClearCircularBuffer_FLOAT

PhClearCircularBuffer_PVOID

PhClearCircularBuffer_ULONG

PhClearCircularBuffer_ULONG64

PhClearHashtable

PhClearIgnoredSettings

PhClearList

PhCloseServiceHandle

PhCompareStringRef

PhCompareStringZNatural

PhCompareUnicodeStringZIgnoreMenuPrefix

PhConcatStringRef2

PhConcatStringRef3

PhConcatStrings

PhConcatStrings2

PhConcatStrings_V

PhConnectPipe

PhConvertIgnoredSettings

PhConvertMultiByteToUtf16

PhConvertMultiByteToUtf16Ex

PhConvertUtf16ToAsciiEx

PhConvertUtf16ToMultiByte

PhConvertUtf16ToMultiByteEx

PhConvertUtf16ToUtf8

PhConvertUtf16ToUtf8Buffer

PhConvertUtf16ToUtf8Ex

PhConvertUtf16ToUtf8Size

PhConvertUtf8ToUtf16

PhConvertUtf8ToUtf16Buffer

PhConvertUtf8ToUtf16Ex

PhConvertUtf8ToUtf16Size

PhCopyBytesZ

PhCopyCircularBuffer_FLOAT

PhCopyCircularBuffer_PVOID

PhCopyCircularBuffer_ULONG

PhCopyCircularBuffer_ULONG64

PhCopyConvertCircularBufferULONG

PhCopyStringZ

PhCopyStringZFromBytes

PhCopyStringZFromMultiByte

PhCountStringZ

PhCreateAlloc

PhCreateBytes

PhCreateBytesEx

PhCreateCacheFile

PhCreateDialog

PhCreateDirectoryFullPathWin32

PhCreateDirectoryWin32

PhCreateEMenu

PhCreateEMenuItem

PhCreateFile

PhCreateFileStream

PhCreateFileStream2

PhCreateFileWin32

PhCreateFileWin32Ex

PhCreateHashtable

PhCreateJsonArray

PhCreateJsonObject

PhCreateJsonParser

PhCreateJsonParserEx

PhCreateKey

PhCreateList

PhCreateNamedPipe

PhCreateObject

PhCreateObjectType

PhCreateObjectTypeEx

PhCreateOpenFileDialog

PhCreatePipe

PhCreatePointerList

PhCreateProcess

PhCreateProcessAsUser

PhCreateProcessRedirection

PhCreateProcessWin32

PhCreateProcessWin32Ex

PhCreateSaveFileDialog

PhCreateSecurityPage

PhCreateSimpleHashtable

PhCreateString

PhCreateString3

PhCreateStringEx

PhCreateSymbolProvider

PhCreateThread

PhCreateThread2

PhCreateThreadEx

PhCreateXmlNode

PhCreateXmlOpaqueNode

PhDecodeUnicodeDecoder

PhDelayExecution

PhDeleteArray

PhDeleteAutoPool

PhDeleteBytesBuilder

PhDeleteCacheFile

PhDeleteCallback

PhDeleteCircularBuffer_FLOAT

PhDeleteCircularBuffer_PVOID

PhDeleteCircularBuffer_ULONG

PhDeleteCircularBuffer_ULONG64

PhDeleteDirectoryWin32

PhDeleteFastLock

PhDeleteFile

PhDeleteFileWin32

PhDeleteFreeList

PhDeleteGraphState

PhDeleteImageVersionInfo

PhDeleteLayoutManager

PhDeleteProviderThread

PhDeleteStringBuilder

PhDeleteValueKey

PhDeleteWorkQueue

PhDereferenceObject

PhDereferenceObjectDeferDelete

PhDereferenceObjectEx

PhDestroyEMenu

PhDestroyEMenuItem

PhDestroyWindowRemote

PhDetermineDosPathNameType

PhDevFreeObjects

PhDevGetObjects

PhDeviceIoControlFile

PhDialogBox

PhDisconnectNamedPipe

PhDivideSinglesBySingle

PhDnsFree

PhDnsQuery

PhDnsQuery2

PhDoesFileExist

PhDoesFileExistWin32

PhDosErrorToNtStatus

PhDosPathNameToNtPathName

PhDrainAutoPool

PhDrawGraphDirect

PhDrawTrayIconText

PhDuplicateBytesZ

PhDuplicateBytesZSafe

PhDuplicateStringZ

PhEditSecurity

PhEllipsisString

PhEllipsisStringPath

PhEncodeUnicode

PhEnumAvlTree

PhEnumChildWindows

PhEnumDependentServices

PhEnumDirectoryFile

PhEnumDirectoryObjects

PhEnumFileStreams

PhEnumFirmwareEnvironmentValues

PhEnumGenericModules

PhEnumHashtable

PhEnumKernelModules

PhEnumNextProcess

PhEnumNextThread

PhEnumObjectIdInformation

PhEnumObjectTypes

PhEnumPagefiles

PhEnumPointerListEx

PhEnumProcessEnvironmentVariables

PhEnumProcesses

PhEnumProcessesEx

PhEnumReparsePointInformation

PhEnumWindows

PhEnumerateKey

PhEnumeratePrivileges

PhEnumerateValueKey

PhEqualStringRef

PhEscapeCommandLinePart

PhEscapeStringForMenuPrefix

PhExpandEnvironmentStrings

PhExponentiate

PhExponentiate64

PhExtractIcon

PhExtractIconEx

PhFillMemoryUlong

PhFinalArrayItems

PhFinalBytesBuilderBytes

PhFinalHash

PhFinalStringBuilderString

PhFindCharInStringRef

PhFindEMenuItem

PhFindElementAvlTree

PhFindEntryHashtable

PhFindItemList

PhFindItemPointerList

PhFindItemSimpleHashtable

PhFindLastCharInStringRef

PhFindListViewItemByFlags

PhFindListViewItemByParam

PhFindProcessInformation

PhFindProcessInformationByImageName

PhFindStringInStringRef

PhFindXmlObject

PhFlushFileStream

PhFormat

PhFormatBytes

PhFormatBytes_V

PhFormatDate

PhFormatDateTime

PhFormatDecimal

PhFormatGuid

PhFormatImageVersionInfo

PhFormatNativeKeyName

PhFormatSize

PhFormatString

PhFormatString_V

PhFormatTime

PhFormatTimeSpan

PhFormatTimeSpanRelative

PhFormatToBuffer

PhFormatUInt64

PhFree

PhFreeFileDialog

PhFreeJsonObject

PhFreeLibrary

PhFreeLibraryAsImageResource

PhFreePage

PhFreeToFreeList

PhFreeXmlObject

PhGenerateGuid

PhGenerateGuidFromName

PhGenerateRandomAlphaString

PhGenerateRandomNumber64

PhGetAccessEntries

PhGetAccessString

PhGetActiveProcessorCount

PhGetApplicationDataFileName

PhGetApplicationDirectory

PhGetApplicationDirectoryFileName

PhGetApplicationDirectoryWin32

PhGetApplicationFileNameWin32

PhGetBaseDirectory

PhGetBaseName

PhGetClassObject

PhGetComboBoxString

PhGetDeviceType

PhGetDialogItemValue

PhGetDllFileName

PhGetDllHandle

PhGetDpi

PhGetDpiValue

PhGetDrawInfoGraphBuffers

PhGetEnabledProvider

PhGetEtwPublisherName

PhGetFileDialogFileName

PhGetFileDialogFilterIndex

PhGetFileDialogOptions

PhGetFileFullAttributesInformation

PhGetFileName

PhGetFilePosition

PhGetFileSize

PhGetFileVersionFixedInfo

PhGetFileVersionInfo

PhGetFileVersionInfoEx

PhGetFileVersionInfoLangCodePage

PhGetFileVersionInfoString

PhGetFileVersionInfoString2

PhGetFirmwareEnvironmentVariable

PhGetFullPath

PhGetGenericTreeNewLines

PhGetGlobalWorkQueue

PhGetHandleInformation

PhGetHandleInformationEx

PhGetIntegerPairStringRefSetting

PhGetIntegerStringRefSetting

PhGetJobProcessIdList

PhGetJsonArrayIndexObject

PhGetJsonArrayLength

PhGetJsonArrayLong64

PhGetJsonArrayString

PhGetJsonObject

PhGetJsonObjectAsArrayList

PhGetJsonObjectBool

PhGetJsonObjectLength

PhGetJsonObjectType

PhGetJsonValueAsInt64

PhGetJsonValueAsString

PhGetJsonValueAsUInt64

PhGetKernelFileName

PhGetKernelFileName2

PhGetKnownFolderPath

PhGetKnownLocation

PhGetLineFromAddress

PhGetListBoxString

PhGetListViewItemImageIndex

PhGetListViewItemParam

PhGetListViewItemText

PhGetListViewSelectedItemText

PhGetMessage

PhGetModuleFromAddress

PhGetModuleProcAddress

PhGetMonitorDpi

PhGetNamedPipeClientComputerName

PhGetNamedPipeClientProcessId

PhGetNamedPipeServerProcessId

PhGetNtMessage

PhGetObjectSecurity

PhGetObjectType

PhGetObjectTypeInformation

PhGetObjectTypeName

PhGetOwnTokenAttributes

PhGetPositionFileStream

PhGetPrimeNumber

PhGetProcedureAddress

PhGetProcedureAddressRemote

PhGetProcessCommandLine

PhGetProcessDepStatus

PhGetProcessDeviceMap

PhGetProcessEnvironment

PhGetProcessImageFileName

PhGetProcessImageFileNameByProcessId

PhGetProcessImageFileNameWin32

PhGetProcessIsDotNet

PhGetProcessIsDotNetEx

PhGetProcessMappedFileName

PhGetProcessPackageFullName

PhGetProcessPebString

PhGetProcessPriority

PhGetProcessUnloadedDlls

PhGetProcessWindowTitle

PhGetProcessWorkingSetInformation

PhGetProcessWsCounters

PhGetScalableIntegerPairStringRefSetting

PhGetSeObjectSecurity

PhGetSelectedListViewItemParam

PhGetSelectedListViewItemParams

PhGetServiceConfig

PhGetServiceConfigFileName

PhGetServiceDescription

PhGetServiceDllParameter

PhGetServiceErrorControlInteger

PhGetServiceErrorControlString

PhGetServiceFileName

PhGetServiceNameFromTag

PhGetServiceStartTypeInteger

PhGetServiceStartTypeString

PhGetServiceStateString

PhGetServiceTypeInteger

PhGetServiceTypeString

PhGetSidFullName

PhGetSizeDpiValue

PhGetStatusMessage

PhGetStockApplicationIcon

PhGetStringRefSetting

PhGetSymbolFromAddress

PhGetSymbolFromName

PhGetSystemDirectory

PhGetSystemDpi

PhGetSystemMetrics

PhGetSystemParametersInfo

PhGetSystemRoot

PhGetTaskbarDpi

PhGetTemporaryDirectoryRandomAlphaFileName

PhGetThreadServiceTag

PhGetTokenGroups

PhGetTokenIntegrityLevel

PhGetTokenIntegrityLevelRID

PhGetTokenOwner

PhGetTokenPrimaryGroup

PhGetTokenPrivileges

PhGetTokenUser

PhGetTreeNewText

PhGetWin32Message

PhGetWindowContext

PhGetWindowDpi

PhGetWindowText

PhGetWindowTextEx

PhGetXmlInterface

PhGetXmlNodeAttributeByIndex

PhGetXmlNodeAttributeCount

PhGetXmlNodeAttributeText

PhGetXmlNodeElementText

PhGetXmlNodeFirstChild

PhGetXmlNodeNextChild

PhGetXmlNodeOpaqueText

PhGetXmlObject

PhGraphStateGetDrawInfo

PhHashBytes

PhHashStringRef

PhHashStringRefEx

PhHexStringToBuffer

PhHexStringToBufferEx

PhHttpDnsQuery

PhHttpSocketAddRequestHeaders

PhHttpSocketBeginRequest

PhHttpSocketClose

PhHttpSocketConnect

PhHttpSocketCreate

PhHttpSocketDestroy

PhHttpSocketDownloadString

PhHttpSocketEndRequest

PhHttpSocketGetErrorMessage

PhHttpSocketParseUrl

PhHttpSocketQueryHeaderString

PhHttpSocketQueryHeaderUlong

PhHttpSocketQueryHeaderUlong64

PhHttpSocketQueryHeaders

PhHttpSocketQueryOptionString

PhHttpSocketReadData

PhHttpSocketReadDataToBuffer

PhHttpSocketSendRequest

PhHttpSocketSetCredentials

PhHttpSocketSetFeature

PhHttpSocketSetSecurity

PhHttpSocketWriteData

PhHungWindowFromGhostWindow

PhIconToBitmap

PhImageListAddBitmap

PhImageListAddIcon

PhImageListCreate

PhImageListDestroy

PhImageListDrawEx

PhImageListDrawIcon

PhImageListGetIcon

PhImageListRemoveIcon

PhImageListReplace

PhImageListSetBkColor

PhImageListSetIconSize

PhImageListSetImageCount

PhImpersonateToken

PhIndexOfEMenuItem

PhInitializeArray

PhInitializeAutoPool

PhInitializeAvlTree

PhInitializeBytesBuilder

PhInitializeCallback

PhInitializeCircularBuffer_FLOAT

PhInitializeCircularBuffer_PVOID

PhInitializeCircularBuffer_ULONG

PhInitializeCircularBuffer_ULONG64

PhInitializeFastLock

PhInitializeFreeList

PhInitializeGraphState

PhInitializeHash

PhInitializeImageVersionInfo

PhInitializeImageVersionInfoEx

PhInitializeLayoutManager

PhInitializeProviderThread

PhInitializeStringBuilder

PhInitializeWindowTheme

PhInitializeWorkQueue

PhInitializeWorkQueueEnvironment

PhInsertEMenuItem

PhInsertItemList

PhInsertItemsList

PhInsertStringBuilder

Sections

.text
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

.rdata
Size: 552KB - Virtual size: 549KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.didat
Size: 4KB - Virtual size: 256B

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.si3rc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.si3rd
Size: 4KB - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.rsrc
Size: 292KB - Virtual size: 289KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.reloc
Size: 96KB - Virtual size: 95KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_DISCARDABLE

IMAGE_SCN_MEM_READ

CSASASDSACSA/x86/SystemInformer.sig

CSASASDSACSA/x86/plugins/DotNetTools.dll

.dll windows:6 windows x86 arch:x86

8614ae319b0f5442050c0c1e4d6275f8

Code Sign

05:9b:1b:57:9e:8e:21:32:e2:39:07:bd:a7:77:75:5c
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2013, 12:00

Not After

15/01/2038, 12:00

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

05:0a:5a:39:6d:03:ea:60:cd:53:68:b3:d7:ba:f7:a6
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

21/09/2023, 00:00

Not After

15/09/2026, 23:59

Subject

CN=Winsider Seminars & Solutions Inc.,O=Winsider Seminars & Solutions Inc.,L=Montréal,ST=Quebec,C=CA

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

97:7f:88:b1:ff:1e:9e:9a:fc:a1:ea:ae:80:31:60:31:4d:6f:e0:b3:93:66:74:66:f4:72:4a:88:9f:d0:40:f8
Signer

Actual PE Digest

97:7f:88:b1:ff:1e:9e:9a:fc:a1:ea:ae:80:31:60:31:4d:6f:e0:b3:93:66:74:66:f4:72:4a:88:9f:d0:40:f8

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_32BIT_MACHINE

IMAGE_FILE_DLL

PDB Paths

DotNetTools.pdb

Imports

systeminformer.exe

PhFreeLibraryAsImageResource

PhLoadLibrary

PhOpenThread

PhVerifyFileIsChainedToMicrosoft

PhLoadResource

PhEnumDirectoryFile

PhImpersonateToken

PhCreateFileWin32

PhGetTemporaryDirectoryRandomAlphaFileName

PhGetBaseName

PhGetJsonArrayString

PhReferenceEmptyString

PhGetProcedureAddress

PhRevertImpersonationToken

PhFreeLibrary

PhAddJsonArrayObject

PhGetProcessMappedFileName

PhDeleteImageVersionInfo

PhAddJsonObjectUInt64

PhCreateFileWin32Ex

PhConvertUtf16ToUtf8Ex

PhEqualStringRef

PhDeleteFileWin32

PhFreeJsonObject

PhAddJsonObject2

PhDeleteDirectoryWin32

PhBufferToHexString

PhOpenProcess

PhAddJsonObjectValue

PhConcatStringRef3

PhGetSystemRoot

PhLoadLibraryAsImageResource

PhOpenProcessToken

PhConcatStringRef2

PhQueryTokenVariableSize

PhAutoDereferenceObject

PhFormatString_V

_PhPluginInvokeWindowCallback@12

_PhGetPluginCallback@8

_PhRegisterPlugin@12

PhRegisterCallback

_PhPluginSetObjectExtension@20

_PhGetGeneralCallback@4

PhAddSettings

_PhCopyListView@4

PhLoadListViewGroupStatesFromSetting

_PhHandleListViewNotifyBehaviors@12

PhLoadListViewSortColumnsFromSetting

_PhGetListViewContextMenuPoint@8

PhSaveListViewColumnsToSetting

PhSaveListViewGroupStatesToSetting

PhUnregisterCallback

PhLoadListViewColumnsFromSetting

PhAddListViewGroupItem

PhAddListViewColumn

PhSetExtendedListView

PhSaveListViewSortColumnsToSetting

PhAddListViewGroup

_PhInsertCopyListViewEMenuItem@12

PhWindowThemeControlColor

PhFormatToBuffer

_PhHandleCopyListViewEMenuItem@4

PhGetSelectedListViewItemParams

PhCreateSimpleHashtable

PhfAcquireQueuedLockExclusive

PhFindItemSimpleHashtable

PhfWakeForReleaseQueuedLock

PhRemoveItemSimpleHashtable

PhAddItemSimpleHashtable

_PhPluginGetObjectExtension@12

_PhPluginAddTreeNewColumn@24

PhInitializeImageVersionInfoEx

PhEnumGenericModules

PhNtStatusToDosError

PhGetFileName

PhGetBaseDirectory

PhCreateJsonObject

PhExpandEnvironmentStrings

PhLoadMappedImage

PhCreateJsonArray

PhGetProcessImageFileNameByProcessId

PhFindLastCharInStringRef

PhCreateThreadEx

PhInsertEMenuItem

PhCreateList

PhCreateString

PhGetTreeNewText

PhFormat

PhCreateObjectType

PhUnloadMappedImage

_PhInitializeTreeNewFilterSupport@12

PhSetControlTheme

PhFormatString

_PhCreateSearchControl@20

PhAllocate

PhCountStringZ

PhCreateEMenuItem

PhClearList

PhInitializeStringBuilder

_PhCmLoadSettings@8

_PhPropPageDlgProcHeader@24

PhCompareStringRef

PhConcatStrings2

_PhDeleteTreeNewColumnMenu@4

PhCreateEMenu

PhFormatGuid

_PhHandleCopyCellEMenuItem@4

PhAddItemList

PhGetStringRefSetting

PhGetWin32Message

PhfEndInitOnce

PhAddItemsList

PhInitializeWindowTheme

_PhInitializeTreeNewColumnMenuEx@8

_PhHandleTreeNewColumnMenu@4

PhGetIntegerStringRefSetting

PhSetIntegerStringRefSetting

PhSetClipboardString

_PhAddTreeNewFilter@12

PhGetProcessIsDotNetEx

PhSetIntegerPairStringRefSetting

PhGetGlobalWorkQueue

PhSplitStringRefAtChar

PhSetStringRefSetting

_PhAddProcessPropPage@8

PhRemoveStringBuilder

PhCreateStringEx

PhQueueItemWorkQueue

_PhDoPropPageLayout@4

PhFinalStringBuilderString

_PhApplyTreeNewFilters@4

_PhSearchControlMatch@8

_PhShellExecuteUserString@20

PhShowEMenu

PhCreateObject

PhDoesFileExistWin32

_PhRemoveTreeNewFilter@8

PhDestroyEMenu

PhFree

PhConcatStrings

_PhCmSaveSettings@4

PhReferenceObject

_PhInsertCopyCellEMenuItem@16

PhGetIntegerPairStringRefSetting

_PhDeleteTreeNewFilterSupport@4

_PhCreateProcessPropPageContextEx@16

PhAppendStringBuilder

PhDereferenceObject

PhfBeginInitOnce

PhSetFlagsEMenuItem

_PhAddPropPageLayoutItem@16

PhFormatUInt64

ntdll

NtMapViewOfSection

NtOpenSection

RtlAddSIDToBoundaryDescriptor

NtOpenPrivateNamespace

NtUnmapViewOfSection

RtlFreeHeap

RtlCreateBoundaryDescriptor

NtReadVirtualMemory

NtQueryInformationProcess

NtWriteFile

NtGetContextThread

NtWaitForSingleObject

NtClose

RtlUnwind

kernel32

DecodePointer

WideCharToMultiByte

MultiByteToWideChar

GetCommandLineW

GetCommandLineA

GetCPInfo

GetOEMCP

GetACP

IsValidCodePage

FindNextFileW

FindFirstFileExW

FindClose

HeapFree

HeapAlloc

GetModuleFileNameW

GetModuleHandleExW

ExitProcess

EncodePointer

LoadLibraryExW

TlsFree

TlsSetValue

TlsGetValue

TlsAlloc

InitializeCriticalSectionAndSpinCount

DeleteCriticalSection

LeaveCriticalSection

EnterCriticalSection

SetLastError

InterlockedFlushSList

GetStartupInfoW

IsDebuggerPresent

InitializeSListHead

GetSystemTimeAsFileTime

GetCurrentThreadId

GetCurrentProcessId

QueryPerformanceCounter

IsProcessorFeaturePresent

TerminateProcess

GetCurrentProcess

SetUnhandledExceptionFilter

UnhandledExceptionFilter

LoadLibraryExA

GetProcAddress

GetModuleHandleW

FreeLibrary

VirtualQuery

VirtualProtect

GetSystemInfo

RaiseException

LCMapStringW

GetProcessHeap

GetStdHandle

GetLastError

GetFileType

GetStringTypeW

HeapSize

HeapReAlloc

SetStdHandle

FlushFileBuffers

WriteFile

GetConsoleOutputCP

GetConsoleMode

SetFilePointerEx

CreateFileW

CloseHandle

WriteConsoleW

user32

PostMessageW

UpdateWindow

GetKeyState

GetDlgItem

SendMessageW

SetFocus

SetWindowLongW

GetWindowRect

Sections

.text
Size: 84KB - Virtual size: 82KB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

.rdata
Size: 40KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.didat
Size: 4KB - Virtual size: 28B

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_DISCARDABLE

IMAGE_SCN_MEM_READ

CSASASDSACSA/x86/plugins/DotNetTools.sig

CSASASDSACSA/x86/plugins/ExtendedTools.dll

.dll windows:6 windows x86 arch:x86

97dc781c6a92c28679ad1fadbeccebaf

Code Sign

05:9b:1b:57:9e:8e:21:32:e2:39:07:bd:a7:77:75:5c
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2013, 12:00

Not After

15/01/2038, 12:00

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

05:0a:5a:39:6d:03:ea:60:cd:53:68:b3:d7:ba:f7:a6
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

21/09/2023, 00:00

Not After

15/09/2026, 23:59

Subject

CN=Winsider Seminars & Solutions Inc.,O=Winsider Seminars & Solutions Inc.,L=Montréal,ST=Quebec,C=CA

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

23:db:19:61:23:49:cc:fe:54:4f:8e:e5:3f:17:92:2a:69:0d:a5:be:5a:c6:a3:dd:fe:b4:34:ab:2b:00:7e:fc
Signer

Actual PE Digest

23:db:19:61:23:49:cc:fe:54:4f:8e:e5:3f:17:92:2a:69:0d:a5:be:5a:c6:a3:dd:fe:b4:34:ab:2b:00:7e:fc

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_32BIT_MACHINE

IMAGE_FILE_DLL

PDB Paths

ExtendedTools.pdb

Imports

systeminformer.exe

_PhHandleListViewNotifyForCopy@8

PhSaveListViewColumnsToSetting

PhFinalStringBuilderString

PhGetListViewItemParam

PhRemoveStringBuilder

PhLoadWindowPlacementFromSetting

_PhSetApplicationWindowIcon@4

PhGetWindowContext

PhRemoveListViewItem

PhShowStatus

PhLoadListViewColumnsFromSetting

PhFormatGuid

PhAddListViewColumn

PhGetSelectedListViewItemParam

PhInitializeStringBuilder

PhSetExtendedListView

PhDialogBox

PhEqualStringRef

PhSetFirmwareEnvironmentVariable

PhSaveWindowPlacementToSetting

PhFindListViewItemByFlags

PhSetListViewSubItem

PhDeleteLayoutManager

PhInitializeLayoutManager

PhFormatSize

PhCreateString

_PhInsertCopyListViewEMenuItem@12

PhWindowThemeControlColor

PhSetWindowContext

_PhHandleCopyListViewEMenuItem@4

PhGetSelectedListViewItemParams

PhSetWindowText

PhSetScalableIntegerPairStringRefSetting2

PhInitializeAutoPool

PhFormatString_V

PhDrainAutoPool

PhCreateFileStream

PhCreateSaveFileDialog

PhSetFileDialogFileName

PhSetIntegerStringRefSetting

PhGetFileDialogFileName

PhDeleteAutoPool

PhAdjustRectangleToWorkingArea

PhSetFileDialogFilter

PhGetWindowText

PhSelectComboBoxString

PhGetScalableIntegerPairStringRefSetting

PhCreateDialog

PhGetFirmwareEnvironmentVariable

PhShowFileDialog

PhFreeFileDialog

PhGetMonitorDpi

PhWriteFileStream

_PhGetStatisticsTimeString@8

_PhAddPropPageLayoutItem@16

PhSetGroupBoxText

PhMaxMemorySingles

_PhCreateProcessPropPageContextEx@16

PhSetGraphText

PhGetWindowDpi

PhGetDpi

PhCopyCircularBuffer_FLOAT

_PhDoPropPageLayout@4

_PhAddProcessPropPage@8

PhGraphStateGetDrawInfo

PhDeleteGraphState

PhUnregisterCallback

_PhSiSetColorsGraphDrawInfo@16

_PhPropPageDlgProcHeader@24

PhInitializeGraphState

PhDivideSinglesBySingle

PhfBeginInitOnce

PhInitializeWorkQueue

PhDnsQuery

PhGetSidFullName

PhHashBytes

PhLoadLibrary

PhQueueItemWorkQueue

_PhFindPlugin2@4

PhGenerateGuid

PhGetBaseName

PhGetProcedureAddress

_PhEnumProcessItems@8

PhfEndInitOnce

_PhGetPluginInformation@4

PhAppendFormatStringBuilder

PhDnsFree

PhDnsQuery2

PhHashStringRefEx

PhGetSystemMetrics

PhFormatDateTime

PhImageListDrawIcon

PhAddItemsList

PhDoesFileExist

PhInsertItemList

PhLargeIntegerToLocalSystemTime

PhFormatUInt64

PhfResetEvent

PhShowMessage

PhfSetEvent

PhAddListViewGroupItem

PhfWaitForEvent

PhAddListViewGroup

PhCreateThreadEx

_PhReferenceProcessRecordForStatistics@4

PhQueryRegistryUlong

PhInitializeCircularBuffer_FLOAT

PhFormatDate

PhQueryValueKey

PhAddListViewItem

PhInitializeCircularBuffer_ULONG

PhQueryRegistryUlong64

_PhSiDoubleLabelYFunction@16

PhGetSizeDpiValue

PhCopyConvertCircularBufferULONG

_PhSiSizeLabelYFunction@16

_PhGetStatisticsTime@12

PhGetDrawInfoGraphBuffers

_PhFindProcessRecord@8

PhSetDialogItemText

PhAddLayoutItemEx

PhDrawTrayIconText

PhBitmapSetAlpha

PhNfGetTrayIconFont

_PhShowSystemInformationDialog@4

PhStringToGuid

PhDrawGraphDirect

PhGetGlobalWorkQueue

PhGetHandleInformation

PhGetDeviceType

PhEnumProcesses

PhStdGetClientIdName

PhCallKphQueryFileInformationWithTimeout

PhEnumDirectoryFile

KphEnumerateProcessHandles2

KphLevel

PhGetNamedPipeServerProcessId

PhGetAccessEntries

PhGetAccessString

PhOpenProcess

PhOpenFile

PhImageListCreate

PhLoadIcon

PhConcatStringRef2

PhDosErrorToNtStatus

PhOpenDriver

PhGetModuleProcAddress

PhEnumDirectoryObjects

PhImageListDestroy

PhEditSecurity

PhConcatStringRef3

PhSetListViewItemImageIndex

PhImageListAddIcon

PhZeroExtendToUtf16Ex

PhExpandEnvironmentStrings

PhConvertUtf16ToUtf8Buffer

PhGetApplicationDirectoryFileName

PhSplitStringRefAtString

PhCreateString3

PhClearList

PhCreateFile

PhGetFileSize

_PhDeleteTreeNewFilterSupport@4

PhZeroExtendToUtf16Buffer

_PhSearchControlMatch@8

_PhCreateSearchControl@20

_PhSearchControlMatchLongHintZ@8

PhfReleaseFastLockExclusive

PhfAcquireFastLockExclusive

PhQueryObjectName

PhConcatStrings

PhOpenFileById

PhEnumReparsePointInformation

PhDeviceIoControlFile

PhShowConfirmMessage

PhEnumObjectIdInformation

PhGetProcessUnloadedDlls

PhBufferToHexString

_PhPluginGetObjectExtension@12

_PhPluginAddTreeNewColumn@24

PhGetClassObject

_PhPluginEnableTreeNewNotify@8

_PhDuplicateProcessInformation@4

_PhReferenceNetworkItem@16

PhIsExecutingInWow64

PhDeleteCircularBuffer_FLOAT

_PhGetPluginCallback@8

_PhRegisterPlugin@12

PhIndexOfEMenuItem

PhSetListViewItemParam

_PhPluginSetObjectExtension@20

PhDeleteCircularBuffer_ULONG

PhAddSettings

_PhPluginCreateEMenuItem@20

PhDeleteCircularBuffer_ULONG64

_PhCreateServiceListControl@12

_PhReferenceServiceItem@4

PhCreateSymbolProvider

PhCreateAlloc

PhEnumGenericModules

_PhLoadSymbolProviderOptions@4

PhGetSymbolFromAddress

PhLoadModuleSymbolProvider

PhOpenThread

PhSecondsSince1970ToTime

PhCopyStringZ

_PhCreateProcessPropContext@8

PhEnumNextThread

_PhShowProcessProperties@4

PhFreeLibrary

PhFormatTime

_PhSetSelectThreadIdProcessPropContext@8

PhGetListViewItemText

PhFindItemSimpleHashtable

PhSystemBasicInformation

PhGetModuleFromAddress

PhAddItemSimpleHashtable

PhAdjustPrivilege

PhCenterWindow

_PhGetListViewContextMenuPoint@8

PhFindListViewItemByParam

PhAppendStringBuilder

PhLayoutManagerLayout

PhRemoveWindowContext

PhEnumFirmwareEnvironmentValues

_PhCopyListView@4

PhIsFirmwareSupported

PhSetThreadName

PhCreateThread2

PhDelayExecution

PhGetOwnTokenAttributes

PhAutoDereferenceObject

PhCreateObjectType

PhQueryPerformanceCounter

PhAddEntryHashtableEx

PhInvokeCallback

_PhGetGeneralCallback@4

PhAllocateFromFreeList

PhInitializeFreeList

_PhDereferenceProcessRecord@4

PhCreateObject

_PhReferenceProcessItem@4

PhGetFileName

PhFreeToFreeList

_PhReferenceProcessRecord@4

PhCreateSimpleHashtable

PhQueryPerformanceFrequency

PhFindLastCharInStringRef

PhMainWndHandle

PhInsertEMenuItem

PhAddLayoutItem

PhFormatToBuffer

PhCreateList

PhGetStatusMessage

_PhGetPluginInterface@8

PhGetTreeNewText

_PhShowProcessRecordDialog@8

PhFormat

_PhInitializeTreeNewFilterSupport@12

PhSetControlTheme

PhFormatString

_PhFindProcessNode@4

PhCreateEMenuItem

PhRemoveEntryHashtable

_PhPluginInvokeWindowCallback@12

PhSetFlagsAllEMenuItems

_PhCmLoadSettings@8

PhAddItemArray

PhCompareStringRef

_PhDeleteTreeNewColumnMenu@4

PhFindEMenuItem

PhCreateEMenu

_PhHandleCopyCellEMenuItem@4

PhAddItemList

PhGetStringRefSetting

_PhReferenceProcessItemForRecord@4

PhShellExploreFile

PhInitializeWindowTheme

_PhInitializeTreeNewColumnMenuEx@8

_PhHandleTreeNewColumnMenu@4

_PhPluginCreateTabPage@4

PhInitializeArray

PhRemoveItemList

PhGetIntegerStringRefSetting

PhSetClipboardString

_PhAddTreeNewFilter@12

PhReferenceEmptyString

_PhApplyTreeNewFiltersToNode@8

PhShowMessage2

_PhGetProcessSmallImageList@0

PhSetIntegerPairStringRefSetting

PhSetStringRefSetting

PhCreateStringEx

_PhApplyTreeNewFilters@4

PhFindItemList

_PhShellExecuteUserString@20

PhShowEMenu

PhRegisterCallback

PhRemoveItemsArray

_PhSelectAndEnsureVisibleProcessNode@4

PhDoesFileExistWin32

PhDestroyEMenu

_PhCmSaveSettings@4

PhReferenceObject

_PhInsertCopyCellEMenuItem@16

PhGetIntegerPairStringRefSetting

PhWriteStringAsUtf8FileStream

PhGetGenericTreeNewLines

PhShellProperties

PhSetFlagsEMenuItem

PhAddEntryHashtable

PhfReleaseQueuedLockShared

PhAllocate

PhCountStringZ

PhStringToInteger64

PhfWakeForReleaseQueuedLock

PhClearHashtable

PhCreateHashtable

PhfAcquireQueuedLockShared

PhSplitStringRefAtChar

PhFree

PhfAcquireQueuedLockExclusive

PhEnumHashtable

PhDereferenceObject

PhInitializeCircularBuffer_ULONG64

PhFindEntryHashtable

ntdll

NtSetInformationProcess

NtQueryInformationProcess

NtQueryInformationThread

NtCancelSynchronousIoFile

NtDuplicateObject

NtQueryInformationWorkerFactory

RtlValidSecurityDescriptor

RtlGetOwnerSecurityDescriptor

NtQuerySystemInformation

NtReadFile

NtOpenSection

NtOpenJobObject

NtOpenDirectoryObject

NtOpenSession

NtOpenKeyedEvent

RtlUnwind

NtOpenEvent

NtOpenKey

NtOpenSymbolicLinkObject

NtOpenMutant

NtQueryInformationFile

RtlSetBits

RtlInitializeBitMap

NtClose

RtlIpv6AddressToStringExW

RtlIpv4AddressToStringExW

RtlInterlockedFlushSList

RtlRaiseStatus

RtlInterlockedPushEntrySList

NtAlpcConnectPort

kernel32

RaiseException

GetSystemInfo

VirtualProtect

VirtualQuery

FreeLibrary

GetCurrentProcess

GetModuleHandleW

GetProcAddress

LoadLibraryExA

UnhandledExceptionFilter

DecodePointer

TerminateProcess

IsProcessorFeaturePresent

IsDebuggerPresent

GetStartupInfoW

QueryPerformanceCounter

GetCurrentProcessId

GetCurrentThreadId

GetSystemTimeAsFileTime

InitializeSListHead

InterlockedFlushSList

SetLastError

EncodePointer

EnterCriticalSection

LeaveCriticalSection

DeleteCriticalSection

InitializeCriticalSectionAndSpinCount

TlsAlloc

TlsGetValue

TlsSetValue

TlsFree

LoadLibraryExW

ExitProcess

GetModuleHandleExW

GetModuleFileNameW

HeapFree

HeapAlloc

HeapReAlloc

HeapSize

FindClose

FindFirstFileExW

FindNextFileW

IsValidCodePage

GetACP

GetOEMCP

GetCPInfo

GetCommandLineA

LocalFree

GetLastError

GetCommandLineW

MultiByteToWideChar

WideCharToMultiByte

LCMapStringW

GetProcessHeap

GetStdHandle

GetFileType

GetStringTypeW

SetStdHandle

FlushFileBuffers

WriteFile

GetConsoleOutputCP

GetConsoleMode

SetFilePointerEx

CreateFileW

CloseHandle

WriteConsoleW

SetUnhandledExceptionFilter

user32

SetTimer

KillTimer

MapWindowPoints

EnableWindow

GetCursorPos

SetWindowTextW

GetWindowRect

DestroyIcon

SetCursor

LoadImageW

SetWindowPos

PostQuitMessage

IsIconic

DrawTextW

GetParent

GetWindowLongW

DeferWindowPos

PostMessageW

BeginDeferWindowPos

EndDeferWindowPos

MapDialogRect

SetWindowLongW

GetClientRect

GetMessageW

DestroyWindow

ShowWindow

DispatchMessageW

IsDialogMessageW

MoveWindow

TranslateMessage

SetForegroundWindow

EndDialog

GetDlgItem

GetKeyState

CreateWindowExW

SendMessageW

SetFocus

InvalidateRect

gdi32

D3DKMTCloseAdapter

D3DKMTQueryStatistics

D3DKMTQueryAdapterInfo

SelectObject

D3DKMTOpenAdapterFromDeviceName

advapi32

CloseThreadWaitChainSession

CloseTrace

ProcessTrace

StartTraceW

ConvertSecurityDescriptorToStringSecurityDescriptorW

PerfCloseQueryHandle

PerfQueryCounterData

PerfOpenQueryHandle

PerfAddCounters

EnableTraceEx2

OpenTraceW

ControlTraceW

GetThreadWaitChain

OpenThreadWaitChainSession

RegisterWaitChainCOMCallback

comctl32

CreatePropertySheetPageW

Sections

.text
Size: 328KB - Virtual size: 327KB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

.rdata
Size: 184KB - Virtual size: 181KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.didat
Size: 4KB - Virtual size: 68B

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.rsrc
Size: 596KB - Virtual size: 594KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.reloc
Size: 32KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_DISCARDABLE

IMAGE_SCN_MEM_READ

CSASASDSACSA/x86/plugins/ExtendedTools.sig

Lang/lang-1025.dll

.dll windows:6 windows x86 arch:x86

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

05:75:e1:f7:ec:9b:d8:a6:7a:3f:61:89:c6:3e:97:bb
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

16/09/2022, 00:00

Not After

17/09/2025, 23:59

Subject

CN=PIRIFORM SOFTWARE LIMITED,O=PIRIFORM SOFTWARE LIMITED,L=London,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

27:ca:82:73:b8:32:22:9a:37:71:89:74:46:8b:4b:df:30:16:26:9d:a3:40:b2:de:91:69:ee:d0:45:ab:85:a6
Signer

Actual PE Digest

27:ca:82:73:b8:32:22:9a:37:71:89:74:46:8b:4b:df:30:16:26:9d:a3:40:b2:de:91:69:ee:d0:45:ab:85:a6

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_32BIT_MACHINE

IMAGE_FILE_DLL

Sections

.rdata
Size: 512B - Virtual size: 160B

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.rsrc
Size: 234KB - Virtual size: 233KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

Lang/lang-1026.dll

.dll windows:6 windows x86 arch:x86

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

05:75:e1:f7:ec:9b:d8:a6:7a:3f:61:89:c6:3e:97:bb
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

16/09/2022, 00:00

Not After

17/09/2025, 23:59

Subject

CN=PIRIFORM SOFTWARE LIMITED,O=PIRIFORM SOFTWARE LIMITED,L=London,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

57:db:ed:60:fa:2e:f4:05:fb:d5:b3:6b:a8:7e:c6:e3:ef:01:dd:25:b0:f0:85:09:eb:76:1a:c6:ea:dc:7c:39
Signer

Actual PE Digest

57:db:ed:60:fa:2e:f4:05:fb:d5:b3:6b:a8:7e:c6:e3:ef:01:dd:25:b0:f0:85:09:eb:76:1a:c6:ea:dc:7c:39

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_32BIT_MACHINE

IMAGE_FILE_DLL

Sections

.rdata
Size: 512B - Virtual size: 160B

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.rsrc
Size: 280KB - Virtual size: 280KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

Lang/lang-1027.dll

.dll windows:6 windows x86 arch:x86

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

05:75:e1:f7:ec:9b:d8:a6:7a:3f:61:89:c6:3e:97:bb
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

16/09/2022, 00:00

Not After

17/09/2025, 23:59

Subject

CN=PIRIFORM SOFTWARE LIMITED,O=PIRIFORM SOFTWARE LIMITED,L=London,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

f9:6c:86:eb:80:7c:65:4a:d2:c6:70:29:b8:5d:c6:98:1c:40:bc:98:c3:7f:a1:53:80:52:99:12:ec:92:52:3a
Signer

Actual PE Digest

f9:6c:86:eb:80:7c:65:4a:d2:c6:70:29:b8:5d:c6:98:1c:40:bc:98:c3:7f:a1:53:80:52:99:12:ec:92:52:3a

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_32BIT_MACHINE

IMAGE_FILE_DLL

Sections

.rdata
Size: 512B - Virtual size: 160B

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.rsrc
Size: 283KB - Virtual size: 283KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

Lang/lang-1028.dll

.dll windows:6 windows x86 arch:x86

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

05:75:e1:f7:ec:9b:d8:a6:7a:3f:61:89:c6:3e:97:bb
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

16/09/2022, 00:00

Not After

17/09/2025, 23:59

Subject

CN=PIRIFORM SOFTWARE LIMITED,O=PIRIFORM SOFTWARE LIMITED,L=London,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

d0:38:95:8a:c9:25:95:57:5f:0c:9b:6b:9d:c6:83:11:04:26:8c:09:20:9a:2b:2c:5e:0e:22:f2:59:12:86:03
Signer

Actual PE Digest

d0:38:95:8a:c9:25:95:57:5f:0c:9b:6b:9d:c6:83:11:04:26:8c:09:20:9a:2b:2c:5e:0e:22:f2:59:12:86:03

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_32BIT_MACHINE

IMAGE_FILE_DLL

Sections

.rdata
Size: 512B - Virtual size: 160B

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.rsrc
Size: 104KB - Virtual size: 103KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

Lang/lang-1029.dll

.dll windows:6 windows x86 arch:x86

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

05:75:e1:f7:ec:9b:d8:a6:7a:3f:61:89:c6:3e:97:bb
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

16/09/2022, 00:00

Not After

17/09/2025, 23:59

Subject

CN=PIRIFORM SOFTWARE LIMITED,O=PIRIFORM SOFTWARE LIMITED,L=London,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

13:22:cd:f2:1d:66:a7:2c:ac:97:65:9d:b1:fc:24:6c:6c:ce:81:ab:d9:2f:cc:0c:58:1a:20:d9:a1:f6:aa:53
Signer

Actual PE Digest

13:22:cd:f2:1d:66:a7:2c:ac:97:65:9d:b1:fc:24:6c:6c:ce:81:ab:d9:2f:cc:0c:58:1a:20:d9:a1:f6:aa:53

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_32BIT_MACHINE

IMAGE_FILE_DLL

Sections

.rdata
Size: 512B - Virtual size: 160B

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.rsrc
Size: 248KB - Virtual size: 247KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

Lang/lang-1030.dll

.dll windows:6 windows x86 arch:x86

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

05:75:e1:f7:ec:9b:d8:a6:7a:3f:61:89:c6:3e:97:bb
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

16/09/2022, 00:00

Not After

17/09/2025, 23:59

Subject

CN=PIRIFORM SOFTWARE LIMITED,O=PIRIFORM SOFTWARE LIMITED,L=London,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

eb:77:b8:48:24:71:15:94:22:44:bb:27:4a:2e:71:a9:c6:8e:b8:6e:23:19:b5:3c:31:48:2d:79:93:01:28:3f
Signer

Actual PE Digest

eb:77:b8:48:24:71:15:94:22:44:bb:27:4a:2e:71:a9:c6:8e:b8:6e:23:19:b5:3c:31:48:2d:79:93:01:28:3f

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_32BIT_MACHINE

IMAGE_FILE_DLL

Sections

.rdata
Size: 512B - Virtual size: 160B

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.rsrc
Size: 244KB - Virtual size: 243KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

Lang/lang-1031.dll

.dll windows:6 windows x86 arch:x86

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

05:75:e1:f7:ec:9b:d8:a6:7a:3f:61:89:c6:3e:97:bb
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

16/09/2022, 00:00

Not After

17/09/2025, 23:59

Subject

CN=PIRIFORM SOFTWARE LIMITED,O=PIRIFORM SOFTWARE LIMITED,L=London,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

3b:e7:1b:08:5b:c3:fe:74:99:82:cb:24:57:f6:b7:4f:e7:48:f4:77:35:4f:5f:a0:c4:ec:23:d9:9f:c0:b6:79
Signer

Actual PE Digest

3b:e7:1b:08:5b:c3:fe:74:99:82:cb:24:57:f6:b7:4f:e7:48:f4:77:35:4f:5f:a0:c4:ec:23:d9:9f:c0:b6:79

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_32BIT_MACHINE

IMAGE_FILE_DLL

Sections

.rdata
Size: 512B - Virtual size: 160B

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.rsrc
Size: 277KB - Virtual size: 277KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

Lang/lang-1032.dll

.dll windows:6 windows x86 arch:x86

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

05:75:e1:f7:ec:9b:d8:a6:7a:3f:61:89:c6:3e:97:bb
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

16/09/2022, 00:00

Not After

17/09/2025, 23:59

Subject

CN=PIRIFORM SOFTWARE LIMITED,O=PIRIFORM SOFTWARE LIMITED,L=London,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

24:e0:c6:2e:a4:e6:62:42:12:46:cd:90:b7:49:c6:d8:6b:73:39:98:27:26:7d:9e:e9:d6:4f:21:8b:78:88:a3
Signer

Actual PE Digest

24:e0:c6:2e:a4:e6:62:42:12:46:cd:90:b7:49:c6:d8:6b:73:39:98:27:26:7d:9e:e9:d6:4f:21:8b:78:88:a3

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_32BIT_MACHINE

IMAGE_FILE_DLL

Sections

.rdata
Size: 512B - Virtual size: 160B

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.rsrc
Size: 291KB - Virtual size: 290KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

Lang/lang-1034.dll

.dll windows:6 windows x86 arch:x86

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

05:75:e1:f7:ec:9b:d8:a6:7a:3f:61:89:c6:3e:97:bb
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

16/09/2022, 00:00

Not After

17/09/2025, 23:59

Subject

CN=PIRIFORM SOFTWARE LIMITED,O=PIRIFORM SOFTWARE LIMITED,L=London,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

ba:0b:1b:95:dd:59:94:51:78:48:4d:e9:49:d1:f4:88:f0:35:fa:08:ba:7d:63:72:4e:11:86:81:0b:b6:27:9b
Signer

Actual PE Digest

ba:0b:1b:95:dd:59:94:51:78:48:4d:e9:49:d1:f4:88:f0:35:fa:08:ba:7d:63:72:4e:11:86:81:0b:b6:27:9b

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_32BIT_MACHINE

IMAGE_FILE_DLL

Sections

.rdata
Size: 512B - Virtual size: 160B

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.rsrc
Size: 276KB - Virtual size: 276KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

Lang/lang-1035.dll

.dll windows:6 windows x86 arch:x86

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

05:75:e1:f7:ec:9b:d8:a6:7a:3f:61:89:c6:3e:97:bb
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

16/09/2022, 00:00

Not After

17/09/2025, 23:59

Subject

CN=PIRIFORM SOFTWARE LIMITED,O=PIRIFORM SOFTWARE LIMITED,L=London,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

c4:47:49:53:b1:b1:72:e3:5f:27:36:d3:87:1c:df:2b:c3:61:11:d3:c7:1e:81:d4:2b:a0:c8:07:45:fb:7e:d8
Signer

Actual PE Digest

c4:47:49:53:b1:b1:72:e3:5f:27:36:d3:87:1c:df:2b:c3:61:11:d3:c7:1e:81:d4:2b:a0:c8:07:45:fb:7e:d8

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_32BIT_MACHINE

IMAGE_FILE_DLL

Sections

.rdata
Size: 512B - Virtual size: 160B

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.rsrc
Size: 256KB - Virtual size: 255KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

Lang/lang-1036.dll

.dll windows:6 windows x86 arch:x86

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

05:75:e1:f7:ec:9b:d8:a6:7a:3f:61:89:c6:3e:97:bb
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

16/09/2022, 00:00

Not After

17/09/2025, 23:59

Subject

CN=PIRIFORM SOFTWARE LIMITED,O=PIRIFORM SOFTWARE LIMITED,L=London,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

13:a0:64:dd:ff:b9:29:16:50:7a:da:64:96:87:f9:d3:60:60:c4:b4:17:22:5f:9f:cc:92:fe:c6:e7:44:88:56
Signer

Actual PE Digest

13:a0:64:dd:ff:b9:29:16:50:7a:da:64:96:87:f9:d3:60:60:c4:b4:17:22:5f:9f:cc:92:fe:c6:e7:44:88:56

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_32BIT_MACHINE

IMAGE_FILE_DLL

Sections

.rdata
Size: 512B - Virtual size: 160B

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.rsrc
Size: 288KB - Virtual size: 288KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

Lang/lang-1037.dll

.dll windows:6 windows x86 arch:x86

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

05:75:e1:f7:ec:9b:d8:a6:7a:3f:61:89:c6:3e:97:bb
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

16/09/2022, 00:00

Not After

17/09/2025, 23:59

Subject

CN=PIRIFORM SOFTWARE LIMITED,O=PIRIFORM SOFTWARE LIMITED,L=London,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

dd:62:48:35:70:92:c8:e6:d0:b5:96:a4:85:00:59:50:5b:22:01:ef:77:1b:fa:72:9b:f5:01:cf:e2:c9:dc:5a
Signer

Actual PE Digest

dd:62:48:35:70:92:c8:e6:d0:b5:96:a4:85:00:59:50:5b:22:01:ef:77:1b:fa:72:9b:f5:01:cf:e2:c9:dc:5a

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_32BIT_MACHINE

IMAGE_FILE_DLL

Sections

.rdata
Size: 512B - Virtual size: 160B

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.rsrc
Size: 71KB - Virtual size: 71KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

Lang/lang-1038.dll

.dll windows:6 windows x86 arch:x86

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

05:75:e1:f7:ec:9b:d8:a6:7a:3f:61:89:c6:3e:97:bb
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

16/09/2022, 00:00

Not After

17/09/2025, 23:59

Subject

CN=PIRIFORM SOFTWARE LIMITED,O=PIRIFORM SOFTWARE LIMITED,L=London,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

11:07:2b:11:63:f1:fc:5f:ad:01:6b:62:17:90:bd:6c:b6:6b:19:7a:31:b2:32:f8:86:7c:f9:1a:ee:fc:09:06
Signer

Actual PE Digest

11:07:2b:11:63:f1:fc:5f:ad:01:6b:62:17:90:bd:6c:b6:6b:19:7a:31:b2:32:f8:86:7c:f9:1a:ee:fc:09:06

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_32BIT_MACHINE

IMAGE_FILE_DLL

Sections

.rdata
Size: 512B - Virtual size: 160B

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.rsrc
Size: 274KB - Virtual size: 273KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

Lang/lang-1040.dll

.dll windows:6 windows x86 arch:x86

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

05:75:e1:f7:ec:9b:d8:a6:7a:3f:61:89:c6:3e:97:bb
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

16/09/2022, 00:00

Not After

17/09/2025, 23:59

Subject

CN=PIRIFORM SOFTWARE LIMITED,O=PIRIFORM SOFTWARE LIMITED,L=London,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

69:18:da:5a:24:c7:9f:c1:27:35:43:4a:00:23:09:fa:0d:60:87:46:90:b8:12:a3:38:96:ac:03:35:ba:52:d7
Signer

Actual PE Digest

69:18:da:5a:24:c7:9f:c1:27:35:43:4a:00:23:09:fa:0d:60:87:46:90:b8:12:a3:38:96:ac:03:35:ba:52:d7

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_32BIT_MACHINE

IMAGE_FILE_DLL

Sections

.rdata
Size: 512B - Virtual size: 160B

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.rsrc
Size: 271KB - Virtual size: 270KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

Lang/lang-1041.dll

.dll windows:6 windows x86 arch:x86

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

05:75:e1:f7:ec:9b:d8:a6:7a:3f:61:89:c6:3e:97:bb
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

16/09/2022, 00:00

Not After

17/09/2025, 23:59

Subject

CN=PIRIFORM SOFTWARE LIMITED,O=PIRIFORM SOFTWARE LIMITED,L=London,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

96:98:b1:7c:1a:2a:55:d7:97:ef:ca:81:74:1a:db:4b:68:98:3a:89:da:59:9b:c7:ab:10:80:70:83:cc:d4:0c
Signer

Actual PE Digest

96:98:b1:7c:1a:2a:55:d7:97:ef:ca:81:74:1a:db:4b:68:98:3a:89:da:59:9b:c7:ab:10:80:70:83:cc:d4:0c

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_32BIT_MACHINE

IMAGE_FILE_DLL

Sections

.rdata
Size: 512B - Virtual size: 160B

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.rsrc
Size: 143KB - Virtual size: 142KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

Lang/lang-1042.dll

.dll windows:6 windows x86 arch:x86

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

05:75:e1:f7:ec:9b:d8:a6:7a:3f:61:89:c6:3e:97:bb
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

16/09/2022, 00:00

Not After

17/09/2025, 23:59

Subject

CN=PIRIFORM SOFTWARE LIMITED,O=PIRIFORM SOFTWARE LIMITED,L=London,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

78:5e:57:ee:33:d8:a9:27:f6:78:9d:2e:e3:af:ef:b4:62:7f:ec:2d:63:f0:17:50:04:0e:79:d0:99:c6:34:e8
Signer

Actual PE Digest

78:5e:57:ee:33:d8:a9:27:f6:78:9d:2e:e3:af:ef:b4:62:7f:ec:2d:63:f0:17:50:04:0e:79:d0:99:c6:34:e8

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_32BIT_MACHINE

IMAGE_FILE_DLL

Sections

.rdata
Size: 512B - Virtual size: 160B

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.rsrc
Size: 138KB - Virtual size: 137KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

Lang/lang-1043.dll

.dll windows:6 windows x86 arch:x86

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

05:75:e1:f7:ec:9b:d8:a6:7a:3f:61:89:c6:3e:97:bb
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

16/09/2022, 00:00

Not After

17/09/2025, 23:59

Subject

CN=PIRIFORM SOFTWARE LIMITED,O=PIRIFORM SOFTWARE LIMITED,L=London,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

45:91:ec:03:64:df:c9:43:f7:43:47:67:98:f8:aa:c6:6f:77:ec:c8:2c:0d:00:1d:2c:d7:46:8f:2f:37:f7:2f
Signer

Actual PE Digest

45:91:ec:03:64:df:c9:43:f7:43:47:67:98:f8:aa:c6:6f:77:ec:c8:2c:0d:00:1d:2c:d7:46:8f:2f:37:f7:2f

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_32BIT_MACHINE

IMAGE_FILE_DLL

Sections

.rdata
Size: 512B - Virtual size: 160B

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.rsrc
Size: 273KB - Virtual size: 272KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

Lang/lang-1044.dll

.dll windows:6 windows x86 arch:x86

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

05:75:e1:f7:ec:9b:d8:a6:7a:3f:61:89:c6:3e:97:bb
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

16/09/2022, 00:00

Not After

17/09/2025, 23:59

Subject

CN=PIRIFORM SOFTWARE LIMITED,O=PIRIFORM SOFTWARE LIMITED,L=London,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

cd:df:10:db:bd:85:cf:b6:10:b2:7b:a2:5d:e2:4e:0f:88:fc:9f:cd:ff:ba:bf:2f:08:71:9d:5f:ee:d6:9f:88
Signer

Actual PE Digest

cd:df:10:db:bd:85:cf:b6:10:b2:7b:a2:5d:e2:4e:0f:88:fc:9f:cd:ff:ba:bf:2f:08:71:9d:5f:ee:d6:9f:88

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_32BIT_MACHINE

IMAGE_FILE_DLL

Sections

.rdata
Size: 512B - Virtual size: 160B

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.rsrc
Size: 245KB - Virtual size: 245KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

Lang/lang-1045.dll

.dll windows:6 windows x86 arch:x86

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

05:75:e1:f7:ec:9b:d8:a6:7a:3f:61:89:c6:3e:97:bb
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

16/09/2022, 00:00

Not After

17/09/2025, 23:59

Subject

CN=PIRIFORM SOFTWARE LIMITED,O=PIRIFORM SOFTWARE LIMITED,L=London,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

7f:51:9f:da:bd:79:96:11:86:55:c0:92:d1:c7:89:35:98:1c:91:f1:ea:9b:63:6f:71:ff:75:80:34:30:f2:c9
Signer

Actual PE Digest

7f:51:9f:da:bd:79:96:11:86:55:c0:92:d1:c7:89:35:98:1c:91:f1:ea:9b:63:6f:71:ff:75:80:34:30:f2:c9

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_32BIT_MACHINE

IMAGE_FILE_DLL

Sections

.rdata
Size: 512B - Virtual size: 160B

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.rsrc
Size: 278KB - Virtual size: 277KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

Lang/lang-1046.dll

.dll windows:6 windows x86 arch:x86

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

05:75:e1:f7:ec:9b:d8:a6:7a:3f:61:89:c6:3e:97:bb
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

16/09/2022, 00:00

Not After

17/09/2025, 23:59

Subject

CN=PIRIFORM SOFTWARE LIMITED,O=PIRIFORM SOFTWARE LIMITED,L=London,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

42:86:c8:b6:5a:9f:cd:8e:f1:fa:1f:fa:cf:16:73:0c:e6:58:bf:11:96:7e:e2:83:9c:8c:9d:47:73:1c:4e:df
Signer

Actual PE Digest

42:86:c8:b6:5a:9f:cd:8e:f1:fa:1f:fa:cf:16:73:0c:e6:58:bf:11:96:7e:e2:83:9c:8c:9d:47:73:1c:4e:df

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_32BIT_MACHINE

IMAGE_FILE_DLL

Sections

.rdata
Size: 512B - Virtual size: 160B

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.rsrc
Size: 268KB - Virtual size: 267KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

Lang/lang-1048.dll

.dll windows:6 windows x86 arch:x86

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

05:75:e1:f7:ec:9b:d8:a6:7a:3f:61:89:c6:3e:97:bb
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

16/09/2022, 00:00

Not After

17/09/2025, 23:59

Subject

CN=PIRIFORM SOFTWARE LIMITED,O=PIRIFORM SOFTWARE LIMITED,L=London,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

8d:76:fe:fd:d8:b0:68:90:52:2f:2e:15:1d:48:94:5b:17:12:b5:d4:f0:c2:56:74:3a:b3:05:cf:d0:15:6b:7c
Signer

Actual PE Digest

8d:76:fe:fd:d8:b0:68:90:52:2f:2e:15:1d:48:94:5b:17:12:b5:d4:f0:c2:56:74:3a:b3:05:cf:d0:15:6b:7c

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_32BIT_MACHINE

IMAGE_FILE_DLL

Sections

.rdata
Size: 512B - Virtual size: 160B

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.rsrc
Size: 288KB - Virtual size: 288KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

Lang/lang-1049.dll

.dll windows:6 windows x86 arch:x86

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

05:75:e1:f7:ec:9b:d8:a6:7a:3f:61:89:c6:3e:97:bb
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

16/09/2022, 00:00

Not After

17/09/2025, 23:59

Subject

CN=PIRIFORM SOFTWARE LIMITED,O=PIRIFORM SOFTWARE LIMITED,L=London,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

db:a6:92:07:71:e5:e4:4b:f5:f0:40:2d:75:bc:3d:33:6d:28:21:68:9f:63:5d:bd:59:fe:6c:b8:73:37:a9:4d
Signer

Actual PE Digest

db:a6:92:07:71:e5:e4:4b:f5:f0:40:2d:75:bc:3d:33:6d:28:21:68:9f:63:5d:bd:59:fe:6c:b8:73:37:a9:4d

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_32BIT_MACHINE

IMAGE_FILE_DLL

Sections

.rdata
Size: 512B - Virtual size: 160B

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.rsrc
Size: 256KB - Virtual size: 256KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

Lang/lang-1050.dll

.dll windows:6 windows x86 arch:x86

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

05:75:e1:f7:ec:9b:d8:a6:7a:3f:61:89:c6:3e:97:bb
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

16/09/2022, 00:00

Not After

17/09/2025, 23:59

Subject

CN=PIRIFORM SOFTWARE LIMITED,O=PIRIFORM SOFTWARE LIMITED,L=London,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

0d:8a:1b:55:20:03:c6:fc:0f:30:53:3e:0f:db:7f:8a:a3:4e:4c:1a:a8:66:03:4b:d4:9c:91:e9:7c:52:19:cd
Signer

Actual PE Digest

0d:8a:1b:55:20:03:c6:fc:0f:30:53:3e:0f:db:7f:8a:a3:4e:4c:1a:a8:66:03:4b:d4:9c:91:e9:7c:52:19:cd

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_32BIT_MACHINE

IMAGE_FILE_DLL

Sections

.rdata
Size: 512B - Virtual size: 160B

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.rsrc
Size: 268KB - Virtual size: 268KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

Lang/lang-1051.dll

.dll windows:6 windows x86 arch:x86

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

05:75:e1:f7:ec:9b:d8:a6:7a:3f:61:89:c6:3e:97:bb
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

16/09/2022, 00:00

Not After

17/09/2025, 23:59

Subject

CN=PIRIFORM SOFTWARE LIMITED,O=PIRIFORM SOFTWARE LIMITED,L=London,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

3b:46:24:bf:8c:5d:36:83:f7:f6:0b:82:92:b7:e9:ce:7e:21:a6:ce:f8:9a:f2:89:fd:e4:af:0a:44:b8:da:3d
Signer

Actual PE Digest

3b:46:24:bf:8c:5d:36:83:f7:f6:0b:82:92:b7:e9:ce:7e:21:a6:ce:f8:9a:f2:89:fd:e4:af:0a:44:b8:da:3d

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_32BIT_MACHINE

IMAGE_FILE_DLL

Sections

.rdata
Size: 512B - Virtual size: 160B

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.rsrc
Size: 254KB - Virtual size: 253KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

Lang/lang-1052.dll

.dll windows:6 windows x86 arch:x86

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

05:75:e1:f7:ec:9b:d8:a6:7a:3f:61:89:c6:3e:97:bb
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

16/09/2022, 00:00

Not After

17/09/2025, 23:59

Subject

CN=PIRIFORM SOFTWARE LIMITED,O=PIRIFORM SOFTWARE LIMITED,L=London,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

00:bc:7a:fb:12:4b:95:a1:04:21:db:a4:9c:c0:a3:db:a3:7e:cc:5c:86:a0:11:1e:33:27:d9:a8:4d:37:16:65
Signer

Actual PE Digest

00:bc:7a:fb:12:4b:95:a1:04:21:db:a4:9c:c0:a3:db:a3:7e:cc:5c:86:a0:11:1e:33:27:d9:a8:4d:37:16:65

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_32BIT_MACHINE

IMAGE_FILE_DLL

Sections

.rdata
Size: 512B - Virtual size: 160B

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.rsrc
Size: 85KB - Virtual size: 85KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

Lang/lang-1053.dll

.dll windows:6 windows x86 arch:x86

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

05:75:e1:f7:ec:9b:d8:a6:7a:3f:61:89:c6:3e:97:bb
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

16/09/2022, 00:00

Not After

17/09/2025, 23:59

Subject

CN=PIRIFORM SOFTWARE LIMITED,O=PIRIFORM SOFTWARE LIMITED,L=London,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

50:5d:17:48:4f:e3:e2:e2:fb:ba:85:0d:ee:b1:4d:dc:b5:f2:d0:49:74:16:1e:cf:3d:2b:f8:f3:c9:56:0a:00
Signer

Actual PE Digest

50:5d:17:48:4f:e3:e2:e2:fb:ba:85:0d:ee:b1:4d:dc:b5:f2:d0:49:74:16:1e:cf:3d:2b:f8:f3:c9:56:0a:00

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_32BIT_MACHINE

IMAGE_FILE_DLL

Sections

.rdata
Size: 512B - Virtual size: 160B

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.rsrc
Size: 250KB - Virtual size: 250KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

Lang/lang-1054.dll

.dll windows:6 windows x86 arch:x86

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

05:75:e1:f7:ec:9b:d8:a6:7a:3f:61:89:c6:3e:97:bb
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

16/09/2022, 00:00

Not After

17/09/2025, 23:59

Subject

CN=PIRIFORM SOFTWARE LIMITED,O=PIRIFORM SOFTWARE LIMITED,L=London,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

ee:d1:bd:1a:7d:1c:9c:d7:15:cf:4d:77:90:06:50:49:74:e2:02:a3:d9:58:e8:72:77:04:d6:c0:77:69:fd:43
Signer

Actual PE Digest

ee:d1:bd:1a:7d:1c:9c:d7:15:cf:4d:77:90:06:50:49:74:e2:02:a3:d9:58:e8:72:77:04:d6:c0:77:69:fd:43

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_32BIT_MACHINE

IMAGE_FILE_DLL

Sections

.rdata
Size: 512B - Virtual size: 160B

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.rsrc
Size: 238KB - Virtual size: 238KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

Lang/lang-1055.dll

.dll windows:6 windows x86 arch:x86

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

05:75:e1:f7:ec:9b:d8:a6:7a:3f:61:89:c6:3e:97:bb
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

16/09/2022, 00:00

Not After

17/09/2025, 23:59

Subject

CN=PIRIFORM SOFTWARE LIMITED,O=PIRIFORM SOFTWARE LIMITED,L=London,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

49:4a:98:ae:a5:a7:40:04:1e:88:de:eb:cd:45:f4:d2:16:ec:35:60:c7:38:34:4d:fe:61:07:64:bb:40:cc:35
Signer

Actual PE Digest

49:4a:98:ae:a5:a7:40:04:1e:88:de:eb:cd:45:f4:d2:16:ec:35:60:c7:38:34:4d:fe:61:07:64:bb:40:cc:35

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_32BIT_MACHINE

IMAGE_FILE_DLL

Sections

.rdata
Size: 512B - Virtual size: 160B

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.rsrc
Size: 269KB - Virtual size: 269KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

Lang/lang-1056.dll

.dll windows:6 windows x86 arch:x86

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

05:75:e1:f7:ec:9b:d8:a6:7a:3f:61:89:c6:3e:97:bb
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

16/09/2022, 00:00

Not After

17/09/2025, 23:59

Subject

CN=PIRIFORM SOFTWARE LIMITED,O=PIRIFORM SOFTWARE LIMITED,L=London,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

2c:c2:75:a8:47:d5:c9:32:6b:0a:f0:ce:fb:50:6c:c8:0d:00:17:30:31:7e:04:75:d9:e5:4a:f5:f9:73:bf:86
Signer

Actual PE Digest

2c:c2:75:a8:47:d5:c9:32:6b:0a:f0:ce:fb:50:6c:c8:0d:00:17:30:31:7e:04:75:d9:e5:4a:f5:f9:73:bf:86

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_32BIT_MACHINE

IMAGE_FILE_DLL

Sections

.rdata
Size: 512B - Virtual size: 160B

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.rsrc
Size: 257KB - Virtual size: 256KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

Lang/lang-1057.dll

.dll windows:6 windows x86 arch:x86

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

05:75:e1:f7:ec:9b:d8:a6:7a:3f:61:89:c6:3e:97:bb
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

16/09/2022, 00:00

Not After

17/09/2025, 23:59

Subject

CN=PIRIFORM SOFTWARE LIMITED,O=PIRIFORM SOFTWARE LIMITED,L=London,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

0e:ee:b9:34:b9:70:19:c8:f9:c9:f3:76:86:fe:bd:95:b5:80:66:09:a6:91:86:0d:dc:88:5e:bb:3f:79:b3:1e
Signer

Actual PE Digest

0e:ee:b9:34:b9:70:19:c8:f9:c9:f3:76:86:fe:bd:95:b5:80:66:09:a6:91:86:0d:dc:88:5e:bb:3f:79:b3:1e

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_32BIT_MACHINE

IMAGE_FILE_DLL

Sections

.rdata
Size: 512B - Virtual size: 160B

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.rsrc
Size: 259KB - Virtual size: 258KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

Lang/lang-1058.dll

.dll windows:6 windows x86 arch:x86

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

05:75:e1:f7:ec:9b:d8:a6:7a:3f:61:89:c6:3e:97:bb
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

16/09/2022, 00:00

Not After

17/09/2025, 23:59

Subject

CN=PIRIFORM SOFTWARE LIMITED,O=PIRIFORM SOFTWARE LIMITED,L=London,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

3c:97:62:10:d5:ba:05:70:8c:41:7b:7d:62:2e:fb:c8:93:26:4f:4b:53:71:cf:73:0c:a4:0c:44:e4:05:4b:b6
Signer

Actual PE Digest

3c:97:62:10:d5:ba:05:70:8c:41:7b:7d:62:2e:fb:c8:93:26:4f:4b:53:71:cf:73:0c:a4:0c:44:e4:05:4b:b6

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_32BIT_MACHINE

IMAGE_FILE_DLL

Sections

.rdata
Size: 512B - Virtual size: 160B

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.rsrc
Size: 261KB - Virtual size: 260KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

Lang/lang-1059.dll

.dll windows:6 windows x86 arch:x86

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

05:75:e1:f7:ec:9b:d8:a6:7a:3f:61:89:c6:3e:97:bb
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

16/09/2022, 00:00

Not After

17/09/2025, 23:59

Subject

CN=PIRIFORM SOFTWARE LIMITED,O=PIRIFORM SOFTWARE LIMITED,L=London,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

89:68:43:0e:a4:4f:8d:5a:11:32:86:64:81:2e:6a:d4:a5:c5:82:1a:29:b3:7c:47:d7:8c:de:a4:7b:dc:81:aa
Signer

Actual PE Digest

89:68:43:0e:a4:4f:8d:5a:11:32:86:64:81:2e:6a:d4:a5:c5:82:1a:29:b3:7c:47:d7:8c:de:a4:7b:dc:81:aa

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_32BIT_MACHINE

IMAGE_FILE_DLL

Sections

.rdata
Size: 512B - Virtual size: 160B

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.rsrc
Size: 254KB - Virtual size: 254KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

Lang/lang-1060.dll

.dll windows:6 windows x86 arch:x86

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

05:75:e1:f7:ec:9b:d8:a6:7a:3f:61:89:c6:3e:97:bb
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

16/09/2022, 00:00

Not After

17/09/2025, 23:59

Subject

CN=PIRIFORM SOFTWARE LIMITED,O=PIRIFORM SOFTWARE LIMITED,L=London,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

e6:45:6f:99:03:44:9d:09:7b:16:fe:c8:04:ac:c6:52:42:87:ba:72:55:0f:7f:c3:76:9a:08:52:20:d8:bf:6f
Signer

Actual PE Digest

e6:45:6f:99:03:44:9d:09:7b:16:fe:c8:04:ac:c6:52:42:87:ba:72:55:0f:7f:c3:76:9a:08:52:20:d8:bf:6f

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_32BIT_MACHINE

IMAGE_FILE_DLL

Sections

.rdata
Size: 512B - Virtual size: 160B

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.rsrc
Size: 272KB - Virtual size: 272KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

Lang/lang-1061.dll

.dll windows:6 windows x86 arch:x86

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

05:75:e1:f7:ec:9b:d8:a6:7a:3f:61:89:c6:3e:97:bb
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

16/09/2022, 00:00

Not After

17/09/2025, 23:59

Subject

CN=PIRIFORM SOFTWARE LIMITED,O=PIRIFORM SOFTWARE LIMITED,L=London,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

64:fb:a5:5c:99:96:f0:a5:a2:fb:c1:34:92:6d:a4:e7:d6:86:a8:26:dc:4e:d8:d5:d7:24:c0:b1:b4:2b:c5:23
Signer

Actual PE Digest

64:fb:a5:5c:99:96:f0:a5:a2:fb:c1:34:92:6d:a4:e7:d6:86:a8:26:dc:4e:d8:d5:d7:24:c0:b1:b4:2b:c5:23

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_32BIT_MACHINE

IMAGE_FILE_DLL

Sections

.rdata
Size: 512B - Virtual size: 160B

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.rsrc
Size: 246KB - Virtual size: 245KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

Lang/lang-1062.dll

.dll windows:6 windows x86 arch:x86

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

05:75:e1:f7:ec:9b:d8:a6:7a:3f:61:89:c6:3e:97:bb
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

16/09/2022, 00:00

Not After

17/09/2025, 23:59

Subject

CN=PIRIFORM SOFTWARE LIMITED,O=PIRIFORM SOFTWARE LIMITED,L=London,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

80:8b:7b:d6:8e:ad:3e:51:75:e7:58:23:1c:a4:df:37:56:20:a6:05:9c:7e:3f:b8:73:53:ac:51:ae:98:d6:68
Signer

Actual PE Digest

80:8b:7b:d6:8e:ad:3e:51:75:e7:58:23:1c:a4:df:37:56:20:a6:05:9c:7e:3f:b8:73:53:ac:51:ae:98:d6:68

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_32BIT_MACHINE

IMAGE_FILE_DLL

Sections

.rdata
Size: 512B - Virtual size: 160B

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.rsrc
Size: 253KB - Virtual size: 253KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

Lang/lang-1063.dll

.dll windows:6 windows x86 arch:x86

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

05:75:e1:f7:ec:9b:d8:a6:7a:3f:61:89:c6:3e:97:bb
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

16/09/2022, 00:00

Not After

17/09/2025, 23:59

Subject

CN=PIRIFORM SOFTWARE LIMITED,O=PIRIFORM SOFTWARE LIMITED,L=London,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

c2:83:46:33:74:f7:0c:07:87:10:9b:0e:75:17:d5:6a:95:01:80:e0:19:c4:02:24:27:db:51:0d:87:ee:09:cd
Signer

Actual PE Digest

c2:83:46:33:74:f7:0c:07:87:10:9b:0e:75:17:d5:6a:95:01:80:e0:19:c4:02:24:27:db:51:0d:87:ee:09:cd

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_32BIT_MACHINE

IMAGE_FILE_DLL

Sections

.rdata
Size: 512B - Virtual size: 160B

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.rsrc
Size: 260KB - Virtual size: 260KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

Lang/lang-1065.dll

.dll windows:6 windows x86 arch:x86

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

05:75:e1:f7:ec:9b:d8:a6:7a:3f:61:89:c6:3e:97:bb
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

16/09/2022, 00:00

Not After

17/09/2025, 23:59

Subject

CN=PIRIFORM SOFTWARE LIMITED,O=PIRIFORM SOFTWARE LIMITED,L=London,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

23:e7:a0:4b:2f:0f:95:3d:2b:ca:a2:f3:d2:41:d5:19:e9:87:79:72:8d:a1:bc:fe:5b:79:76:76:b0:04:24:dd
Signer

Actual PE Digest

23:e7:a0:4b:2f:0f:95:3d:2b:ca:a2:f3:d2:41:d5:19:e9:87:79:72:8d:a1:bc:fe:5b:79:76:76:b0:04:24:dd

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_32BIT_MACHINE

IMAGE_FILE_DLL

Sections

.rdata
Size: 512B - Virtual size: 160B

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.rsrc
Size: 255KB - Virtual size: 254KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

Lang/lang-1066.dll

.dll windows:6 windows x86 arch:x86

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

05:75:e1:f7:ec:9b:d8:a6:7a:3f:61:89:c6:3e:97:bb
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

16/09/2022, 00:00

Not After

17/09/2025, 23:59

Subject

CN=PIRIFORM SOFTWARE LIMITED,O=PIRIFORM SOFTWARE LIMITED,L=London,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

37:dc:4e:51:d9:a5:32:84:5a:90:cc:cb:6c:06:ba:6f:34:d6:36:f4:ab:2c:c5:d6:62:ef:31:5a:be:e1:95:1d
Signer

Actual PE Digest

37:dc:4e:51:d9:a5:32:84:5a:90:cc:cb:6c:06:ba:6f:34:d6:36:f4:ab:2c:c5:d6:62:ef:31:5a:be:e1:95:1d

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_32BIT_MACHINE

IMAGE_FILE_DLL

Sections

.rdata
Size: 512B - Virtual size: 160B

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.rsrc
Size: 266KB - Virtual size: 265KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

Lang/lang-1067.dll

.dll windows:6 windows x86 arch:x86

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

05:75:e1:f7:ec:9b:d8:a6:7a:3f:61:89:c6:3e:97:bb
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

16/09/2022, 00:00

Not After

17/09/2025, 23:59

Subject

CN=PIRIFORM SOFTWARE LIMITED,O=PIRIFORM SOFTWARE LIMITED,L=London,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

1e:ad:ab:5b:ee:a0:17:2b:37:24:65:23:42:a1:a6:a9:84:97:9c:a0:9b:4f:cc:84:30:1f:f6:b4:5f:5e:1f:a7
Signer

Actual PE Digest

1e:ad:ab:5b:ee:a0:17:2b:37:24:65:23:42:a1:a6:a9:84:97:9c:a0:9b:4f:cc:84:30:1f:f6:b4:5f:5e:1f:a7

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_32BIT_MACHINE

IMAGE_FILE_DLL

Sections

.rdata
Size: 512B - Virtual size: 160B

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.rsrc
Size: 84KB - Virtual size: 83KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

Lang/lang-1068.dll

.dll windows:6 windows x86 arch:x86

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

05:75:e1:f7:ec:9b:d8:a6:7a:3f:61:89:c6:3e:97:bb
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

16/09/2022, 00:00

Not After

17/09/2025, 23:59

Subject

CN=PIRIFORM SOFTWARE LIMITED,O=PIRIFORM SOFTWARE LIMITED,L=London,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

46:ba:25:d2:8d:f1:f5:cf:1b:a0:ac:be:d7:01:d0:48:0e:c0:e8:7f:49:be:2f:8a:c9:68:e0:a8:be:f0:64:a5
Signer

Actual PE Digest

46:ba:25:d2:8d:f1:f5:cf:1b:a0:ac:be:d7:01:d0:48:0e:c0:e8:7f:49:be:2f:8a:c9:68:e0:a8:be:f0:64:a5

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_32BIT_MACHINE

IMAGE_FILE_DLL

Sections

.rdata
Size: 512B - Virtual size: 160B

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.rsrc
Size: 83KB - Virtual size: 83KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

Lang/lang-1071.dll

.dll windows:6 windows x86 arch:x86

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

05:75:e1:f7:ec:9b:d8:a6:7a:3f:61:89:c6:3e:97:bb
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

16/09/2022, 00:00

Not After

17/09/2025, 23:59

Subject

CN=PIRIFORM SOFTWARE LIMITED,O=PIRIFORM SOFTWARE LIMITED,L=London,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

15:a4:92:21:19:31:6f:64:bf:b5:cd:da:74:6e:05:1d:db:86:9f:51:b8:fd:9c:7c:23:e9:dd:95:85:53:6b:5b
Signer

Actual PE Digest

15:a4:92:21:19:31:6f:64:bf:b5:cd:da:74:6e:05:1d:db:86:9f:51:b8:fd:9c:7c:23:e9:dd:95:85:53:6b:5b

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_32BIT_MACHINE

IMAGE_FILE_DLL

Sections

.rdata
Size: 512B - Virtual size: 160B

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.rsrc
Size: 92KB - Virtual size: 92KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

Lang/lang-1079.dll

.dll windows:6 windows x86 arch:x86

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

05:75:e1:f7:ec:9b:d8:a6:7a:3f:61:89:c6:3e:97:bb
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

16/09/2022, 00:00

Not After

17/09/2025, 23:59

Subject

CN=PIRIFORM SOFTWARE LIMITED,O=PIRIFORM SOFTWARE LIMITED,L=London,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

81:e7:8e:33:5d:ce:7b:72:79:c1:01:40:08:6a:8b:18:9b:50:bd:ab:0a:1e:10:3f:e3:26:71:f6:60:19:86:5d
Signer

Actual PE Digest

81:e7:8e:33:5d:ce:7b:72:79:c1:01:40:08:6a:8b:18:9b:50:bd:ab:0a:1e:10:3f:e3:26:71:f6:60:19:86:5d

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_32BIT_MACHINE

IMAGE_FILE_DLL

Sections

.rdata
Size: 512B - Virtual size: 160B

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.rsrc
Size: 85KB - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

Lang/lang-1081.dll

.dll windows:6 windows x86 arch:x86

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

05:75:e1:f7:ec:9b:d8:a6:7a:3f:61:89:c6:3e:97:bb
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

16/09/2022, 00:00

Not After

17/09/2025, 23:59

Subject

CN=PIRIFORM SOFTWARE LIMITED,O=PIRIFORM SOFTWARE LIMITED,L=London,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

be:56:4b:1e:30:c0:a9:a2:1a:db:9c:37:47:0f:0f:2c:2c:3a:11:ce:0b:1b:4b:1e:7f:db:95:9b:ab:31:1e:23
Signer

Actual PE Digest

be:56:4b:1e:30:c0:a9:a2:1a:db:9c:37:47:0f:0f:2c:2c:3a:11:ce:0b:1b:4b:1e:7f:db:95:9b:ab:31:1e:23

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_32BIT_MACHINE

IMAGE_FILE_DLL

Sections

.rdata
Size: 512B - Virtual size: 160B

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.rsrc
Size: 258KB - Virtual size: 258KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

Lang/lang-1086.dll

.dll windows:6 windows x86 arch:x86

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

05:75:e1:f7:ec:9b:d8:a6:7a:3f:61:89:c6:3e:97:bb
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

16/09/2022, 00:00

Not After

17/09/2025, 23:59

Subject

CN=PIRIFORM SOFTWARE LIMITED,O=PIRIFORM SOFTWARE LIMITED,L=London,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

13:b6:6a:be:8a:9c:9a:be:9e:7b:24:ba:52:ed:0a:25:74:2b:04:57:94:c5:1a:fd:ef:60:01:2f:36:05:dc:a7
Signer

Actual PE Digest

13:b6:6a:be:8a:9c:9a:be:9e:7b:24:ba:52:ed:0a:25:74:2b:04:57:94:c5:1a:fd:ef:60:01:2f:36:05:dc:a7

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_32BIT_MACHINE

IMAGE_FILE_DLL

Sections

.rdata
Size: 512B - Virtual size: 160B

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.rsrc
Size: 269KB - Virtual size: 268KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

Lang/lang-1087.dll

.dll windows:6 windows x86 arch:x86

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

05:75:e1:f7:ec:9b:d8:a6:7a:3f:61:89:c6:3e:97:bb
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

16/09/2022, 00:00

Not After

17/09/2025, 23:59

Subject

CN=PIRIFORM SOFTWARE LIMITED,O=PIRIFORM SOFTWARE LIMITED,L=London,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

07:b4:75:a9:aa:fd:80:7d:60:72:95:2d:c8:8e:8a:14:4d:ab:12:c7:90:1d:fd:df:b0:2a:58:91:7f:b2:18:44
Signer

Actual PE Digest

07:b4:75:a9:aa:fd:80:7d:60:72:95:2d:c8:8e:8a:14:4d:ab:12:c7:90:1d:fd:df:b0:2a:58:91:7f:b2:18:44

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_32BIT_MACHINE

IMAGE_FILE_DLL

Sections

.rdata
Size: 512B - Virtual size: 160B

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.rsrc
Size: 82KB - Virtual size: 81KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

Lang/lang-1090.dll

.dll windows:6 windows x86 arch:x86

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

05:75:e1:f7:ec:9b:d8:a6:7a:3f:61:89:c6:3e:97:bb
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

16/09/2022, 00:00

Not After

17/09/2025, 23:59

Subject

CN=PIRIFORM SOFTWARE LIMITED,O=PIRIFORM SOFTWARE LIMITED,L=London,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

98:65:0e:8e:fb:a1:dc:3f:f7:0d:dd:0a:af:9b:16:7a:e6:60:44:6c:90:5f:d7:b7:ee:27:8e:22:4b:54:56:fa
Signer

Actual PE Digest

98:65:0e:8e:fb:a1:dc:3f:f7:0d:dd:0a:af:9b:16:7a:e6:60:44:6c:90:5f:d7:b7:ee:27:8e:22:4b:54:56:fa

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_32BIT_MACHINE

IMAGE_FILE_DLL

Sections

.rdata
Size: 512B - Virtual size: 160B

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.rsrc
Size: 93KB - Virtual size: 93KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

Lang/lang-1092.dll

.dll windows:6 windows x86 arch:x86

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

05:75:e1:f7:ec:9b:d8:a6:7a:3f:61:89:c6:3e:97:bb
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

16/09/2022, 00:00

Not After

17/09/2025, 23:59

Subject

CN=PIRIFORM SOFTWARE LIMITED,O=PIRIFORM SOFTWARE LIMITED,L=London,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

67:d6:56:75:d3:12:d5:87:48:9c:8c:f6:60:5a:f0:5b:ba:11:d7:fb:9d:fe:3c:2f:87:c3:76:34:e2:70:c9:fd
Signer

Actual PE Digest

67:d6:56:75:d3:12:d5:87:48:9c:8c:f6:60:5a:f0:5b:ba:11:d7:fb:9d:fe:3c:2f:87:c3:76:34:e2:70:c9:fd

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_32BIT_MACHINE

IMAGE_FILE_DLL

Sections

.rdata
Size: 512B - Virtual size: 160B

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.rsrc
Size: 81KB - Virtual size: 81KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

Lang/lang-1093.dll

.dll windows:6 windows x86 arch:x86

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

05:75:e1:f7:ec:9b:d8:a6:7a:3f:61:89:c6:3e:97:bb
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

16/09/2022, 00:00

Not After

17/09/2025, 23:59

Subject

CN=PIRIFORM SOFTWARE LIMITED,O=PIRIFORM SOFTWARE LIMITED,L=London,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

01:11:ff:df:65:aa:94:b7:7c:e3:ed:bf:f1:c2:dd:9e:a6:88:98:1a:16:af:d1:d8:ff:1a:f5:0c:16:f8:17:82
Signer

Actual PE Digest

01:11:ff:df:65:aa:94:b7:7c:e3:ed:bf:f1:c2:dd:9e:a6:88:98:1a:16:af:d1:d8:ff:1a:f5:0c:16:f8:17:82

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_32BIT_MACHINE

IMAGE_FILE_DLL

Sections

.rdata
Size: 512B - Virtual size: 160B

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.rsrc
Size: 262KB - Virtual size: 261KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

Lang/lang-1102.dll

.dll windows:6 windows x86 arch:x86

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

05:75:e1:f7:ec:9b:d8:a6:7a:3f:61:89:c6:3e:97:bb
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

16/09/2022, 00:00

Not After

17/09/2025, 23:59

Subject

CN=PIRIFORM SOFTWARE LIMITED,O=PIRIFORM SOFTWARE LIMITED,L=London,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

f6:ce:5e:60:0d:53:8e:5e:14:fc:67:d3:98:1a:cb:05:d1:a6:39:c6:8a:ec:e1:5a:98:82:10:f6:01:8b:76:89
Signer

Actual PE Digest

f6:ce:5e:60:0d:53:8e:5e:14:fc:67:d3:98:1a:cb:05:d1:a6:39:c6:8a:ec:e1:5a:98:82:10:f6:01:8b:76:89

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_32BIT_MACHINE

IMAGE_FILE_DLL

Sections

.rdata
Size: 512B - Virtual size: 160B

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.rsrc
Size: 86KB - Virtual size: 85KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

Lang/lang-1104.dll

.dll windows:6 windows x86 arch:x86

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

05:75:e1:f7:ec:9b:d8:a6:7a:3f:61:89:c6:3e:97:bb
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

16/09/2022, 00:00

Not After

17/09/2025, 23:59

Subject

CN=PIRIFORM SOFTWARE LIMITED,O=PIRIFORM SOFTWARE LIMITED,L=London,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

27:0d:06:3c:05:eb:f0:64:26:9d:e2:3c:2a:9b:95:81:65:e2:61:9f:84:38:3d:45:04:7a:4e:2e:a5:67:9b:92
Signer

Actual PE Digest

27:0d:06:3c:05:eb:f0:64:26:9d:e2:3c:2a:9b:95:81:65:e2:61:9f:84:38:3d:45:04:7a:4e:2e:a5:67:9b:92

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_32BIT_MACHINE

IMAGE_FILE_DLL

Sections

.rdata
Size: 512B - Virtual size: 160B

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.rsrc
Size: 84KB - Virtual size: 83KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

Lang/lang-1109.dll

.dll windows:6 windows x86 arch:x86

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

05:75:e1:f7:ec:9b:d8:a6:7a:3f:61:89:c6:3e:97:bb
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

16/09/2022, 00:00

Not After

17/09/2025, 23:59

Subject

CN=PIRIFORM SOFTWARE LIMITED,O=PIRIFORM SOFTWARE LIMITED,L=London,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

ad:5b:d1:8a:d1:05:88:be:48:59:2b:5c:b6:22:f3:4a:98:fd:73:14:db:85:a8:c6:26:46:05:27:41:d6:f6:26
Signer

Actual PE Digest

ad:5b:d1:8a:d1:05:88:be:48:59:2b:5c:b6:22:f3:4a:98:fd:73:14:db:85:a8:c6:26:46:05:27:41:d6:f6:26

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_32BIT_MACHINE

IMAGE_FILE_DLL

Sections

.rdata
Size: 512B - Virtual size: 160B

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.rsrc
Size: 88KB - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

Lang/lang-1110.dll

.dll windows:6 windows x86 arch:x86

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

05:75:e1:f7:ec:9b:d8:a6:7a:3f:61:89:c6:3e:97:bb
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

16/09/2022, 00:00

Not After

17/09/2025, 23:59

Subject

CN=PIRIFORM SOFTWARE LIMITED,O=PIRIFORM SOFTWARE LIMITED,L=London,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

d6:5d:f3:85:ff:02:ee:b1:ff:a9:d3:65:af:37:5a:aa:20:db:42:99:f3:04:59:39:93:e5:5b:b8:cf:68:b8:cb
Signer

Actual PE Digest

d6:5d:f3:85:ff:02:ee:b1:ff:a9:d3:65:af:37:5a:aa:20:db:42:99:f3:04:59:39:93:e5:5b:b8:cf:68:b8:cb

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_32BIT_MACHINE

IMAGE_FILE_DLL

Sections

.rdata
Size: 512B - Virtual size: 160B

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.rsrc
Size: 83KB - Virtual size: 83KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

Lang/lang-1155.dll

.dll windows:6 windows x86 arch:x86

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

05:75:e1:f7:ec:9b:d8:a6:7a:3f:61:89:c6:3e:97:bb
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

16/09/2022, 00:00

Not After

17/09/2025, 23:59

Subject

CN=PIRIFORM SOFTWARE LIMITED,O=PIRIFORM SOFTWARE LIMITED,L=London,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

80:ab:de:3a:af:e3:f7:b4:cf:a3:b0:f8:8e:db:46:56:bc:29:e2:ef:c9:1a:34:37:d1:0f:40:b8:65:61:ee:d4
Signer

Actual PE Digest

80:ab:de:3a:af:e3:f7:b4:cf:a3:b0:f8:8e:db:46:56:bc:29:e2:ef:c9:1a:34:37:d1:0f:40:b8:65:61:ee:d4

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_32BIT_MACHINE

IMAGE_FILE_DLL

Sections

.rdata
Size: 512B - Virtual size: 160B

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.rsrc
Size: 100KB - Virtual size: 99KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

Lang/lang-2052.dll

.dll windows:6 windows x86 arch:x86

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

05:75:e1:f7:ec:9b:d8:a6:7a:3f:61:89:c6:3e:97:bb
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

16/09/2022, 00:00

Not After

17/09/2025, 23:59

Subject

CN=PIRIFORM SOFTWARE LIMITED,O=PIRIFORM SOFTWARE LIMITED,L=London,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

18:33:44:f9:2d:a0:f5:dc:44:98:b2:9a:c2:25:10:c5:e2:f4:4c:93:4e:86:94:4b:13:5a:7c:2d:1b:6b:4b:da
Signer

Actual PE Digest

18:33:44:f9:2d:a0:f5:dc:44:98:b2:9a:c2:25:10:c5:e2:f4:4c:93:4e:86:94:4b:13:5a:7c:2d:1b:6b:4b:da

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_32BIT_MACHINE

IMAGE_FILE_DLL

Sections

.rdata
Size: 512B - Virtual size: 160B

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.rsrc
Size: 100KB - Virtual size: 100KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

Lang/lang-2070.dll

.dll windows:6 windows x86 arch:x86

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

05:75:e1:f7:ec:9b:d8:a6:7a:3f:61:89:c6:3e:97:bb
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

16/09/2022, 00:00

Not After

17/09/2025, 23:59

Subject

CN=PIRIFORM SOFTWARE LIMITED,O=PIRIFORM SOFTWARE LIMITED,L=London,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

d6:86:89:4c:e2:91:97:95:e0:76:9e:1d:62:ab:72:45:76:8b:42:15:62:b7:34:d3:43:0a:35:3c:7a:f0:7b:c0
Signer

Actual PE Digest

d6:86:89:4c:e2:91:97:95:e0:76:9e:1d:62:ab:72:45:76:8b:42:15:62:b7:34:d3:43:0a:35:3c:7a:f0:7b:c0

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_32BIT_MACHINE

IMAGE_FILE_DLL

Sections

.rdata
Size: 512B - Virtual size: 160B

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.rsrc
Size: 271KB - Virtual size: 271KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

Lang/lang-2074.dll

.dll windows:6 windows x86 arch:x86

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

05:75:e1:f7:ec:9b:d8:a6:7a:3f:61:89:c6:3e:97:bb
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

16/09/2022, 00:00

Not After

17/09/2025, 23:59

Subject

CN=PIRIFORM SOFTWARE LIMITED,O=PIRIFORM SOFTWARE LIMITED,L=London,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

a2:de:57:d5:70:6b:2b:b4:9e:ec:41:f1:51:cc:c5:52:17:9b:45:d3:a5:1a:14:3a:93:78:c0:17:67:ac:78:97
Signer

Actual PE Digest

a2:de:57:d5:70:6b:2b:b4:9e:ec:41:f1:51:cc:c5:52:17:9b:45:d3:a5:1a:14:3a:93:78:c0:17:67:ac:78:97

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_32BIT_MACHINE

IMAGE_FILE_DLL

Sections

.rdata
Size: 512B - Virtual size: 160B

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.rsrc
Size: 267KB - Virtual size: 266KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

Lang/lang-3098.dll

.dll windows:6 windows x86 arch:x86

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

05:75:e1:f7:ec:9b:d8:a6:7a:3f:61:89:c6:3e:97:bb
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

16/09/2022, 00:00

Not After

17/09/2025, 23:59

Subject

CN=PIRIFORM SOFTWARE LIMITED,O=PIRIFORM SOFTWARE LIMITED,L=London,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

80:75:dc:fa:b6:79:3f:15:5c:ee:e8:a5:ce:c4:3e:82:7e:46:72:da:d9:a3:d8:60:e8:50:7e:b6:fb:c4:86:3b
Signer

Actual PE Digest

80:75:dc:fa:b6:79:3f:15:5c:ee:e8:a5:ce:c4:3e:82:7e:46:72:da:d9:a3:d8:60:e8:50:7e:b6:fb:c4:86:3b

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_32BIT_MACHINE

IMAGE_FILE_DLL

Sections

.rdata
Size: 512B - Virtual size: 160B

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.rsrc
Size: 86KB - Virtual size: 85KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

Lang/lang-5146.dll

.dll windows:6 windows x86 arch:x86

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

05:75:e1:f7:ec:9b:d8:a6:7a:3f:61:89:c6:3e:97:bb
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

16/09/2022, 00:00

Not After

17/09/2025, 23:59

Subject

CN=PIRIFORM SOFTWARE LIMITED,O=PIRIFORM SOFTWARE LIMITED,L=London,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

1d:37:5e:7e:24:a6:aa:d0:31:82:85:ba:85:be:a3:10:8c:34:ce:9a:e7:9d:b1:02:31:df:0c:63:2f:8c:1b:c6
Signer

Actual PE Digest

1d:37:5e:7e:24:a6:aa:d0:31:82:85:ba:85:be:a3:10:8c:34:ce:9a:e7:9d:b1:02:31:df:0c:63:2f:8c:1b:c6

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_32BIT_MACHINE

IMAGE_FILE_DLL

Sections

.rdata
Size: 512B - Virtual size: 160B

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.rsrc
Size: 89KB - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

Lang/lang-9999.dll

.dll windows:6 windows x86 arch:x86

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

05:75:e1:f7:ec:9b:d8:a6:7a:3f:61:89:c6:3e:97:bb
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

16/09/2022, 00:00

Not After

17/09/2025, 23:59

Subject

CN=PIRIFORM SOFTWARE LIMITED,O=PIRIFORM SOFTWARE LIMITED,L=London,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

ef:b5:31:45:69:37:56:66:fb:2b:fb:ff:99:52:92:a1:af:33:0b:df:32:05:79:e9:da:5d:73:a6:51:c6:63:a8
Signer

Actual PE Digest

ef:b5:31:45:69:37:56:66:fb:2b:fb:ff:99:52:92:a1:af:33:0b:df:32:05:79:e9:da:5d:73:a6:51:c6:63:a8

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_32BIT_MACHINE

IMAGE_FILE_DLL

Sections

.rdata
Size: 512B - Virtual size: 160B

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.rsrc
Size: 87KB - Virtual size: 87KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

License.txt

portable.dat

x64/CCleanerBugReport.exe

.exe windows:6 windows x64 arch:x64

99c1db897203bfc337c7dfbed3e81519

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

05:75:e1:f7:ec:9b:d8:a6:7a:3f:61:89:c6:3e:97:bb
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

16/09/2022, 00:00

Not After

17/09/2025, 23:59

Subject

CN=PIRIFORM SOFTWARE LIMITED,O=PIRIFORM SOFTWARE LIMITED,L=London,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

70:29:45:47:19:c8:38:a4:be:1f:a5:a7:cc:ab:7e:96:04:91:e0:7c:31:6e:66:58:b3:ba:4a:fa:8c:de:fc:e1
Signer

Actual PE Digest

70:29:45:47:19:c8:38:a4:be:1f:a5:a7:cc:ab:7e:96:04:91:e0:7c:31:6e:66:58:b3:ba:4a:fa:8c:de:fc:e1

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

IMAGE_DLLCHARACTERISTICS_GUARD_CF

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\AvastClient\BUILDS\Release\x64\CCleanerBugReport.pdb

Imports

rpcrt4

RpcBindingFromStringBindingW

RpcStringBindingComposeW

RpcBindingFree

RpcStringFreeW

NdrClientCall3

RpcMgmtEpEltInqDone

RpcIfInqId

RpcMgmtEpEltInqBegin

RpcStringBindingParseW

UuidFromStringW

UuidToStringW

Ndr64AsyncServerCallAll

NdrAsyncServerCall

NdrServerCall2

NdrServerCallAll

Ndr64AsyncClientCall

RpcAsyncCancelCall

RpcAsyncInitializeHandle

RpcAsyncCompleteCall

RpcBindingToStringBindingW

RpcEpUnregister

RpcEpRegisterW

RpcServerUseProtseqEpW

RpcObjectSetType

RpcServerRegisterIf2

RpcServerUnregisterIfEx

RpcImpersonateClient

RpcRevertToSelf

I_RpcBindingInqLocalClientPID

RpcMgmtEpEltInqNextW

UuidCreate

wtsapi32

WTSQuerySessionInformationW

WTSFreeMemory

shell32

SHGetFolderPathW

ord165

ntdll

NtOpenKey

RtlNtStatusToDosError

NtQueryKey

RtlPcToFileHeader

RtlUnwind

RtlCaptureContext

NtDeleteKey

NtSetInformationThread

NtClose

RtlDllShutdownInProgress

VerSetConditionMask

NtSystemDebugControl

RtlLookupFunctionEntry

RtlVirtualUnwind

RtlUnwindEx

kernel32

GetProcessHandleCount

Sleep

TerminateProcess

GetFileTime

GetVersionExW

LoadLibraryExW

InitializeCriticalSectionEx

HeapSize

HeapReAlloc

DecodePointer

HeapDestroy

UnlockFileEx

LockFileEx

CompareFileTime

SetFilePointerEx

GetFileSizeEx

ReadFile

CancelIoEx

GetOverlappedResult

ResetEvent

ReadDirectoryChangesW

UnregisterWaitEx

SetThreadpoolWait

CreateThreadpoolWait

CloseThreadpoolWait

WaitForThreadpoolWaitCallbacks

ProcessIdToSessionId

WaitForMultipleObjects

GetCurrentThread

LocalFree

CompareStringW

InitializeCriticalSectionAndSpinCount

TerminateThread

ResumeThread

SetThreadPriority

QueryPerformanceFrequency

QueryPerformanceCounter

QueryThreadCycleTime

K32GetProcessImageFileNameW

GetThreadId

WriteFile

LocalAlloc

FlushFileBuffers

GetFileInformationByHandle

GetFullPathNameW

OutputDebugStringA

FileTimeToSystemTime

GetSystemInfo

ExpandEnvironmentStringsW

GetShortPathNameW

GetSystemWindowsDirectoryW

GetProcessAffinityMask

GetLongPathNameW

VirtualAlloc

VirtualFree

GlobalMemoryStatusEx

GetExitCodeThread

SetFilePointer

SetFileAttributesW

GetFileSize

SetEndOfFile

MoveFileExW

GetWindowsDirectoryW

CreateFileMappingW

MapViewOfFile

CreateEventW

GetFileAttributesExW

CreateDirectoryW

GetCurrentDirectoryW

FindFirstFileExW

FindNextFileW

QueryDosDeviceW

GetVolumePathNameW

GetVolumeNameForVolumeMountPointW

GetDateFormatW

GetTimeFormatW

CopyFileW

SetFileInformationByHandle

GetDiskFreeSpaceExW

FindResourceW

LoadResource

LockResource

SizeofResource

K32GetMappedFileNameW

FindFirstVolumeW

FindNextVolumeW

GetVolumePathNamesForVolumeNameW

FindVolumeClose

GetTickCount64

SetLastError

GetProcessTimes

GetSystemTimes

FindResourceExW

GetVersion

Process32NextW

RegisterWaitForSingleObject

DuplicateHandle

GetNativeSystemInfo

VirtualQuery

RemoveVectoredExceptionHandler

AddVectoredExceptionHandler

SetUnhandledExceptionFilter

GetTickCount

TlsGetValue

TlsSetValue

TlsAlloc

TlsFree

CreateThread

SetEnvironmentVariableW

GetEnvironmentVariableW

GetProcessId

FormatMessageW

GetModuleFileNameA

FindClose

RaiseException

FlushInstructionCache

VirtualProtect

CheckRemoteDebuggerPresent

GetModuleHandleExW

ReadProcessMemory

FindFirstFileW

GetExitCodeProcess

CreateProcessW

DeleteFileW

OutputDebugStringW

GetCurrentProcess

GetCurrentThreadId

OpenProcess

GetCurrentProcessId

DeviceIoControl

CreateFileW

GetSystemTimeAsFileTime

VerifyVersionInfoW

GetModuleFileNameW

GetFileAttributesW

FreeLibrary

LoadLibraryW

GetSystemDirectoryW

UpdateProcThreadAttribute

InitializeProcThreadAttributeList

MultiByteToWideChar

SetErrorMode

GetConsoleWindow

ReleaseMutex

CreateMutexW

SetDllDirectoryW

WideCharToMultiByte

WaitForSingleObject

HeapFree

GetProcessHeap

HeapAlloc

GetProcAddress

GetModuleHandleW

DeleteCriticalSection

InitializeCriticalSection

WriteConsoleW

ReadConsoleW

GetTimeZoneInformation

FreeEnvironmentStringsW

GetEnvironmentStringsW

GetOEMCP

GetACP

IsValidCodePage

GetConsoleMode

GetConsoleOutputCP

EnumSystemLocalesW

GetUserDefaultLCID

IsValidLocale

GetLocaleInfoW

LCMapStringW

FlsFree

FlsSetValue

FlsGetValue

FlsAlloc

GetFileType

SetStdHandle

ExitProcess

GetCommandLineW

GetCommandLineA

GetStdHandle

FreeLibraryAndExitThread

ExitThread

InterlockedPushEntrySList

GetStartupInfoW

IsDebuggerPresent

UnhandledExceptionFilter

InitializeSListHead

GetCPInfo

EncodePointer

LCMapStringEx

InitOnceComplete

InitOnceBeginInitialize

CloseThreadpoolWork

SubmitThreadpoolWork

CreateThreadpoolWork

FreeLibraryWhenCallbackReturns

WakeConditionVariable

GetLocaleInfoEx

IsProcessorFeaturePresent

SleepConditionVariableSRW

WakeAllConditionVariable

AcquireSRWLockShared

ReleaseSRWLockShared

TryAcquireSRWLockExclusive

AcquireSRWLockExclusive

LeaveCriticalSection

EnterCriticalSection

CloseHandle

GetLastError

Process32FirstW

CreateToolhelp32Snapshot

K32GetProcessMemoryInfo

GetThreadTimes

K32EnumProcesses

GetThreadPriority

OpenThread

GetPriorityClass

QueryFullProcessImageNameW

SetEvent

UnmapViewOfFile

ReleaseSRWLockExclusive

WaitForSingleObjectEx

FormatMessageA

GetStringTypeW

AreFileApisANSI

GetFileInformationByHandleEx

user32

ShowWindow

PeekMessageW

IsHungAppWindow

RegisterClassExW

GetClassInfoExW

SetWindowLongPtrW

SendMessageW

PostMessageW

RegisterWindowMessageW

LoadStringW

GetSystemMetrics

GetGUIThreadInfo

SendMessageCallbackW

advapi32

RegEnumKeyExW

InitializeSecurityDescriptor

SetSecurityDescriptorDacl

RevertToSelf

RegCloseKey

OpenThreadToken

ConvertStringSecurityDescriptorToSecurityDescriptorW

GetTokenInformation

OpenProcessToken

EqualSid

DuplicateToken

CloseServiceHandle

EnumServicesStatusW

QueryServiceStatusEx

QueryServiceConfigW

OpenServiceW

CheckTokenMembership

LookupPrivilegeValueW

AdjustTokenPrivileges

CryptReleaseContext

CryptGenRandom

CryptAcquireContextW

RegQueryMultipleValuesW

RegDeleteTreeW

RegNotifyChangeKeyValue

RegQueryInfoKeyW

RegDeleteValueW

RegEnumValueW

RegSetValueExW

RegCreateKeyExW

RegQueryValueExW

FreeSid

LookupAccountSidW

RegOpenKeyExW

AddAce

InitializeAcl

GetLengthSid

AllocateAndInitializeSid

ImpersonateSelf

OpenSCManagerW

ole32

CoCreateGuid

powrprof

CallNtPowerInformation

winhttp

WinHttpSetOption

WinHttpSendRequest

WinHttpAddRequestHeaders

WinHttpCloseHandle

WinHttpQueryOption

WinHttpSetCredentials

WinHttpConnect

WinHttpCrackUrl

WinHttpSetTimeouts

WinHttpOpen

WinHttpOpenRequest

WinHttpReadData

WinHttpQueryDataAvailable

WinHttpQueryHeaders

WinHttpReceiveResponse

WinHttpWriteData

shlwapi

PathAppendW

PathRemoveFileSpecW

PathFindFileNameW

PathMatchSpecW

version

GetFileVersionInfoW

VerQueryValueW

GetFileVersionInfoSizeW

crypt32

CertFreeCertificateContext

ws2_32

WSAAddressToStringW

Exports

asw_process_storage_allocate_connector

asw_process_storage_deallocate_connector

on_avast_dll_unload

onexit_register_connector_avast_2

Sections

.text
Size: 3.2MB - Virtual size: 3.2MB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

.rdata
Size: 973KB - Virtual size: 972KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.data
Size: 474KB - Virtual size: 517KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.pdata
Size: 151KB - Virtual size: 150KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 500B

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.rsrc
Size: 72KB - Virtual size: 71KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.reloc
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_DISCARDABLE

IMAGE_SCN_MEM_READ

x64/CCleanerDU.dll

.dll windows:6 windows x64 arch:x64

6728a4aa1f67ac36351d503d8098ea23

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

05:75:e1:f7:ec:9b:d8:a6:7a:3f:61:89:c6:3e:97:bb
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

16/09/2022, 00:00

Not After

17/09/2025, 23:59

Subject

CN=PIRIFORM SOFTWARE LIMITED,O=PIRIFORM SOFTWARE LIMITED,L=London,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

fe:30:e9:79:28:6f:94:91:0a:99:e5:15:e8:7d:68:3c:90:cd:60:39:d7:8d:a9:13:46:16:57:35:60:0c:2e:5a
Signer

Actual PE Digest

fe:30:e9:79:28:6f:94:91:0a:99:e5:15:e8:7d:68:3c:90:cd:60:39:d7:8d:a9:13:46:16:57:35:60:0c:2e:5a

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_LARGE_ADDRESS_AWARE

IMAGE_FILE_DLL

PDB Paths

C:\BUILD\work\ff1498008bc2b597\BUILDS\Release\x64\CCleanerDU.pdb

Imports

advapi32

InitializeSecurityDescriptor

CreateWellKnownSid

SetEntriesInAclW

SetSecurityDescriptorOwner

SetSecurityDescriptorGroup

SetSecurityDescriptorDacl

ImpersonateLoggedOnUser

OpenThreadToken

RevertToSelf

RegCloseKey

RegQueryValueExW

SetThreadToken

CryptSetHashParam

CryptDestroyKey

ReportEventW

RegisterEventSourceW

DeregisterEventSource

OpenProcessToken

CryptReleaseContext

CryptGenRandom

CryptAcquireContextW

RegOpenKeyExW

CryptGetUserKey

CryptExportKey

CryptDecrypt

CryptCreateHash

CryptDestroyHash

CryptSignHashW

CryptEnumProvidersW

GetTokenInformation

IsValidSid

ConvertSidToStringSidW

DuplicateTokenEx

LookupPrivilegeValueW

AdjustTokenPrivileges

RegCreateKeyExW

RegSetValueExW

EqualSid

ConvertStringSecurityDescriptorToSecurityDescriptorW

FreeSid

AllocateAndInitializeSid

ConvertStringSidToSidW

GetSidSubAuthorityCount

GetSidSubAuthority

GetLengthSid

CreateProcessAsUserW

InitializeAcl

AddAce

RegEnumKeyExW

RegEnumValueW

RegDeleteValueW

RegQueryInfoKeyW

CryptGetProvParam

RegEnumKeyW

RegDeleteKeyExW

RegNotifyChangeKeyValue

RegDeleteTreeW

RegQueryMultipleValuesW

CryptAcquireContextA

CryptGetHashParam

CryptHashData

RegEnumKeyExA

RegOpenKeyExA

RegQueryValueExA

SystemFunction036

crypt32

CertFindExtension

CertAddCertificateContextToStore

CryptDecodeObjectEx

PFXImportCertStore

CryptStringToBinaryA

CertGetCertificateChain

CertFreeCertificateChain

CryptProtectData

CryptQueryObject

CryptVerifyTimeStampSignature

CryptMemFree

CertOpenStore

CertCloseStore

CertEnumCertificatesInStore

CertFindCertificateInStore

CertDuplicateCertificateContext

CertFreeCertificateContext

CertGetCertificateContextProperty

CertGetNameStringA

CertCreateCertificateChainEngine

CryptUnprotectData

CertFreeCertificateChainEngine

bcrypt

BCryptGenerateKeyPair

BCryptFinalizeKeyPair

BCryptExportKey

BCryptSecretAgreement

BCryptDeriveKey

BCryptGenerateSymmetricKey

BCryptEncrypt

BCryptOpenAlgorithmProvider

BCryptDestroySecret

BCryptImportKeyPair

BCryptSetProperty

BCryptDestroyKey

BCryptGenRandom

BCryptCloseAlgorithmProvider

userenv

DestroyEnvironmentBlock

CreateEnvironmentBlock

wtsapi32

WTSQuerySessionInformationW

WTSFreeMemory

WTSEnumerateSessionsW

WTSQueryUserToken

setupapi

SetupDiEnumDriverInfoW

SetupDiGetDriverInfoDetailW

SetupDiGetDriverInstallParamsW

SetupGetIntField

SetupDiSetSelectedDriverW

SetupOpenFileQueue

SetupDiGetDeviceInstallParamsW

SetupDiSetDeviceInstallParamsW

SetupDiCallClassInstaller

SetupScanFileQueueW

SetupCloseFileQueue

SetupDiCreateDeviceInfoList

SetupDiOpenDeviceInfoW

SetupDiDestroyDeviceInfoList

CM_Get_Child

CM_Get_Device_IDW

CM_Get_Sibling

CM_Get_Parent

SetupDiDestroyDriverInfoList

SetupDiBuildDriverInfoList

SetupFindNextMatchLineW

SetupGetStringFieldW

SetupEnumInfSectionsW

SetupDiGetDeviceRegistryPropertyW

SetupDiGetDevicePropertyW

CM_Get_Device_Interface_ListW

CM_Get_Device_Interface_List_SizeW

SetupDiGetDeviceInstanceIdW

SetupDiEnumDeviceInfo

SetupDiGetClassDevsExW

SetupFindFirstLineW

SetupOpenInfFileW

SetupCloseInfFile

SetupGetInfDriverStoreLocationW

CMP_WaitNoPendingInstallEvents

CM_Get_DevNode_Status

CM_Locate_DevNodeW

CM_Reenumerate_DevNode_Ex

CM_Locate_DevNode_ExW

SetupUninstallOEMInfW

SetupDiSetClassInstallParamsW

shell32

SHGetFolderPathW

version

VerQueryValueW

GetFileVersionInfoW

GetFileVersionInfoSizeW

ntdll

VerSetConditionMask

RtlVirtualUnwind

RtlPcToFileHeader

NtSetInformationThread

RtlLookupFunctionEntry

RtlUnwindEx

RtlUnwind

NtDeleteKey

RtlCaptureContext

NtQueryKey

NtOpenKey

NtClose

RtlNtStatusToDosError

kernel32

HeapFree

HeapReAlloc

HeapSize

GetUserDefaultLCID

LeaveCriticalSection

EnterCriticalSection

GetSystemTimes

Sleep

SystemTimeToFileTime

GetLocalTime

SetEvent

CreateEventW

WaitForSingleObject

WaitForMultipleObjects

FileTimeToSystemTime

GetSystemTime

CloseHandle

LoadLibraryW

FreeLibrary

GetCurrentThreadId

CompareFileTime

GetSystemPowerStatus

GetSystemDirectoryW

lstrcatW

GetFileAttributesW

LocalFree

CreateFileW

GetFileSizeEx

ReadFile

GetExitCodeProcess

GetCurrentThread

GetModuleFileNameW

DeviceIoControl

SetFileInformationByHandle

GetFileInformationByHandleEx

GetFinalPathNameByHandleW

OutputDebugStringW

DebugBreak

FindFirstFileW

FindNextFileW

FindClose

LockFileEx

UnlockFileEx

WriteFile

InitializeCriticalSection

GetCurrentProcessId

ProcessIdToSessionId

GetModuleHandleExW

GetPrivateProfileStringW

WritePrivateProfileStringW

LoadResource

LockResource

GetModuleFileNameA

FormatMessageW

SetLastError

GetLocaleInfoW

LoadLibraryExW

GetUserDefaultLangID

GetCPInfo

GetLocaleInfoEx

GetConsoleOutputCP

GetTickCount

ResetEvent

GetComputerNameW

GetUserGeoID

GetGeoInfoW

GetSystemDefaultLCID

GetCurrentProcess

SetFilePointerEx

CreateDirectoryW

GetFileSize

RemoveDirectoryW

DeleteFileW

GlobalMemoryStatusEx

LCIDToLocaleName

GetNativeSystemInfo

InitializeSRWLock

ReleaseSRWLockExclusive

ReleaseSRWLockShared

AcquireSRWLockExclusive

AcquireSRWLockShared

TlsAlloc

TlsGetValue

TlsSetValue

TlsFree

GetSystemTimeAsFileTime

GetStdHandle

GetFileType

GetSystemDirectoryA

LoadLibraryA

FormatMessageA

EncodePointer

VirtualAlloc

VirtualFree

GetEnvironmentVariableW

GetACP

GetConsoleMode

SetConsoleMode

ReadConsoleA

ReadConsoleW

CreateTimerQueue

DeleteTimerQueueEx

CreateTimerQueueTimer

ChangeTimerQueueTimer

DeleteTimerQueueTimer

WTSGetActiveConsoleSessionId

GetThreadLocale

CreateSemaphoreW

CreateThread

ReleaseSemaphore

GetFileInformationByHandle

SetEndOfFile

WerRegisterMemoryBlock

WerUnregisterMemoryBlock

UnmapViewOfFile

UnlockFile

CreateFileA

CreateFileMappingW

MapViewOfFile

QueryPerformanceCounter

QueryPerformanceFrequency

InitOnceExecuteOnce

ReleaseMutex

CreateMutexW

GetFileTime

CancelIoEx

GetOverlappedResult

IsProcessorFeaturePresent

UnregisterWaitEx

SetThreadpoolWait

CreateThreadpoolWait

CloseThreadpoolWait

WaitForThreadpoolWaitCallbacks

SetFilePointer

GetCurrentDirectoryW

LocalFileTimeToFileTime

SetFileTime

HeapAlloc

InitOnceComplete

OpenProcess

TerminateProcess

VerifyVersionInfoW

CreateProcessW

ResumeThread

InitializeCriticalSectionAndSpinCount

GetThreadPriority

TerminateThread

SetThreadPriority

GetThreadTimes

RaiseException

QueryThreadCycleTime

CompareStringW

InitializeProcThreadAttributeList

DeleteProcThreadAttributeList

UpdateProcThreadAttribute

CreateToolhelp32Snapshot

Process32FirstW

Process32NextW

GetThreadId

GetProcessTimes

QueryFullProcessImageNameW

GetDriveTypeW

SetFileAttributesW

MoveFileExW

GetWindowsDirectoryW

GetShortPathNameW

DuplicateHandle

GetFullPathNameW

FindFirstFileExW

QueryDosDeviceW

GetProcessAffinityMask

GetVersionExW

ExpandEnvironmentStringsW

GetLongPathNameW

GetVolumePathNameW

GetVolumeNameForVolumeMountPointW

GetDateFormatW

GetTimeFormatW

GetExitCodeThread

SetEnvironmentVariableW

GetVersion

SizeofResource

FindResourceExW

FindResourceW

FlushFileBuffers

OutputDebugStringA

CopyFileW

GetDiskFreeSpaceExW

K32GetMappedFileNameW

FindFirstVolumeW

FindNextVolumeW

GetVolumePathNamesForVolumeNameW

FindVolumeClose

GetModuleHandleA

MoveFileExA

GetEnvironmentVariableA

SleepEx

ExpandEnvironmentStringsA

GetWindowsDirectoryA

GetVersionExA

LCMapStringEx

CompareStringEx

InitializeSListHead

UnhandledExceptionFilter

SetUnhandledExceptionFilter

IsDebuggerPresent

GetStartupInfoW

CreateEventA

OpenEventA

InterlockedPushEntrySList

InterlockedFlushSList

ExitThread

FreeLibraryAndExitThread

ExitProcess

SetConsoleCtrlHandler

PeekNamedPipe

SystemTimeToTzSpecificLocalTime

FlsAlloc

FlsGetValue

FlsSetValue

FlsFree

LCMapStringW

IsValidLocale

EnumSystemLocalesW

GetTimeZoneInformation

IsValidCodePage

GetOEMCP

SetStdHandle

GetCommandLineA

GetCommandLineW

GetEnvironmentStringsW

FreeEnvironmentStringsW

SleepConditionVariableSRW

WakeAllConditionVariable

WriteConsoleW

RegisterWaitForSingleObject

InitOnceBeginInitialize

WaitForSingleObjectEx

HeapDestroy

DecodePointer

GetLastError

DeleteCriticalSection

InitializeCriticalSectionEx

MultiByteToWideChar

GetProcessHeap

WideCharToMultiByte

GetProcAddress

GetFileAttributesExW

GetModuleHandleW

GetStringTypeW

AreFileApisANSI

TryAcquireSRWLockExclusive

WakeConditionVariable

GetTickCount64

ReadDirectoryChangesW

GetSystemInfo

user32

GetDesktopWindow

GetSystemMetrics

LoadStringW

wsprintfW

RegisterClassExW

GetClassInfoExW

MessageBoxW

GetUserObjectInformationW

CharLowerW

GetProcessWindowStation

SetWindowLongPtrW

SendMessageW

PostMessageW

RegisterWindowMessageW

ole32

CoCreateInstance

CoSetProxyBlanket

CoInitialize

CoTaskMemFree

CoCreateGuid

StringFromGUID2

CoInitializeSecurity

CoUninitialize

CoInitializeEx

CLSIDFromString

oleaut32

VariantCopy

SysFreeString

VariantInit

VariantClear

SysAllocString

newdev

DiInstallDriverW

DiInstallDevice

cfgmgr32

CM_Get_DevNode_PropertyW

CM_Get_Device_Interface_PropertyW

secur32

QueryContextAttributesW

iphlpapi

GetUnicastIpAddressTable

GetBestRoute2

GetAdaptersAddresses

FreeMibTable

GetIfEntry2

GetIfTable2Ex

rpcrt4

RpcAsyncCancelCall

RpcBindingFromStringBindingW

RpcAsyncInitializeHandle

RpcAsyncCompleteCall

Ndr64AsyncClientCall

RpcEpUnregister

RpcEpRegisterW

RpcServerUseProtseqEpW

RpcObjectSetType

RpcServerRegisterIf2

RpcServerUnregisterIfEx

RpcImpersonateClient

RpcRevertToSelf

I_RpcBindingInqLocalClientPID

RpcMgmtEpEltInqNextW

RpcMgmtEpEltInqBegin

RpcIfInqId

RpcMgmtEpEltInqDone

RpcBindingFree

RpcStringFreeW

UuidToStringW

UuidFromStringW

NdrServerCallAll

RpcBindingToStringBindingW

NdrServerCall2

NdrAsyncServerCall

Ndr64AsyncServerCallAll

RpcStringBindingComposeW

RpcStringBindingParseW

NdrClientCall3

winhttp

WinHttpCrackUrl

WinHttpConnect

WinHttpOpenRequest

WinHttpAddRequestHeaders

WinHttpSendRequest

WinHttpReceiveResponse

WinHttpQueryDataAvailable

WinHttpReadData

WinHttpCloseHandle

WinHttpTimeFromSystemTime

WinHttpSetOption

WinHttpQueryHeaders

WinHttpQueryOption

WinHttpSetStatusCallback

WinHttpSetCredentials

WinHttpWriteData

WinHttpSetTimeouts

WinHttpOpen

ws2_32

WSACloseEvent

WSACreateEvent

WSAEnumNetworkEvents

WSAEventSelect

WSAResetEvent

WSAWaitForMultipleEvents

ntohl

WSAIoctl

__WSAFDIsSet

getpeername

InetNtopW

htons

htonl

WSAGetLastError

select

ntohs

getsockopt

getsockname

ioctlsocket

WSACleanup

WSAStartup

WSAAddressToStringW

freeaddrinfo

recvfrom

sendto

getaddrinfo

socket

setsockopt

connect

closesocket

bind

send

recv

WSASetLastError

getservbyname

gethostname

dnsapi

DnsQuery_W

DnsFree

shlwapi

PathMatchSpecW

powrprof

CallNtPowerInformation

Exports

?RegisterSpocNotificationHandler@spoc@asw@@YA?AV?$shared_ptr@VISpocCookie@spoc@asw@@@std@@AEBUNotificationKey@12@V?$function@$$A6AXUSpocNotification@spoc@asw@@@Z@4@@Z

CreateEnvironment

FreeInterface

GetInterface

ShutdownEnvironment

StartInterface

StopInterface

UpdateSettings

on_avast_dll_unload

Sections

.text
Size: 9.2MB - Virtual size: 9.2MB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

.rdata
Size: 2.5MB - Virtual size: 2.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.data
Size: 668KB - Virtual size: 746KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.pdata
Size: 381KB - Virtual size: 381KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 500B

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.reloc
Size: 85KB - Virtual size: 85KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_DISCARDABLE

IMAGE_SCN_MEM_READ

x64/libwaapi.dll

.dll windows:6 windows x64 arch:x64

0123af608cf712e085e611bb0028ab20

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

09:02:b3:6b:32:51:c3:28:08:3f:77:7c:a0:84:28:ff
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

16/09/2022, 00:00

Not After

17/09/2025, 23:59

Subject

CN=Avast Software s.r.o.,O=Avast Software s.r.o.,L=Praha,C=CZ

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

b2:2e:49:46:e9:fc:68:4d:89:68:8b:2d:aa:e4:0f:3a:04:a9:1f:d4:80:33:ad:b1:d0:15:e9:88:09:0e:b1:8a
Signer

Actual PE Digest

b2:2e:49:46:e9:fc:68:4d:89:68:8b:2d:aa:e4:0f:3a:04:a9:1f:d4:80:33:ad:b1:d0:15:e9:88:09:0e:b1:8a

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_LARGE_ADDRESS_AWARE

IMAGE_FILE_DLL

PDB Paths

libwaapi.pdb

Imports

libwaheap

wa_getHeap

crypt32

CryptQueryObject

CertFindCertificateInStore

CryptMsgClose

CertFreeCertificateContext

CertCloseStore

CryptMsgGetParam

wintrust

WinVerifyTrust

kernel32

WriteConsoleW

WideCharToMultiByte

EnterCriticalSection

GetCurrentProcess

InitializeCriticalSectionEx

LocalAlloc

CreateToolhelp32Snapshot

GetLastError

Process32NextW

Process32FirstW

CloseHandle

RaiseException

DecodePointer

LocalFree

DeleteCriticalSection

GetCurrentProcessId

GetExitCodeProcess

LeaveCriticalSection

TryEnterCriticalSection

GetCurrentThreadId

DuplicateHandle

CreateFileW

SetStdHandle

GetConsoleMode

GetConsoleOutputCP

WriteFile

FlushFileBuffers

SetEnvironmentVariableW

FreeEnvironmentStringsW

GetEnvironmentStringsW

GetCommandLineW

GetCommandLineA

GetOEMCP

GetACP

IsValidCodePage

FindNextFileW

FindFirstFileExW

FindClose

HeapSize

GetTimeZoneInformation

SetFilePointerEx

EnumSystemLocalesW

GetUserDefaultLCID

IsValidLocale

GetTimeFormatW

GetDateFormatW

GetFileType

GetStdHandle

ExitProcess

GetModuleHandleExW

ExitThread

HeapReAlloc

HeapFree

HeapAlloc

RtlUnwindEx

LoadLibraryW

UnregisterWaitEx

QueryDepthSList

InterlockedFlushSList

InterlockedPushEntrySList

InterlockedPopEntrySList

ReleaseSemaphore

VirtualProtect

VirtualFree

VirtualAlloc

GetVersionExW

LoadLibraryExW

GetModuleHandleA

GetModuleFileNameW

FreeLibraryAndExitThread

FreeLibrary

GetThreadTimes

UnregisterWait

RegisterWaitForSingleObject

SetThreadAffinityMask

GetProcessAffinityMask

GetNumaHighestNodeNumber

DeleteTimerQueueTimer

ChangeTimerQueueTimer

CreateTimerQueueTimer

GetLogicalProcessorInformation

GetThreadPriority

SetThreadPriority

CreateThread

SwitchToThread

SignalObjectAndWait

CreateTimerQueue

InitializeSListHead

GetStartupInfoW

TerminateProcess

SetUnhandledExceptionFilter

UnhandledExceptionFilter

RtlVirtualUnwind

RtlLookupFunctionEntry

RtlCaptureContext

ResetEvent

SetEvent

OutputDebugStringW

IsDebuggerPresent

GetCPInfo

GetLocaleInfoW

LCMapStringW

CompareStringW

GetProcAddress

GetModuleHandleW

GetTickCount

GetSystemTimeAsFileTime

TlsFree

TlsSetValue

TlsGetValue

TlsAlloc

CreateEventW

InitializeCriticalSectionAndSpinCount

SetLastError

GetStringTypeW

QueueUserWorkItem

IsProcessorFeaturePresent

EncodePointer

RtlPcToFileHeader

QueryPerformanceCounter

GetNativeSystemInfo

GetExitCodeThread

GetCurrentThread

Sleep

WaitForSingleObjectEx

MultiByteToWideChar

libwautils

?isLicensed@WaLicense@@QEBAHH@Z

?setComponentAllocation@WaComponentManager@@QEAAHPEA_WAEAPEAVWaExternalComponent@@@Z

?initModule@WaComponentManager@@QEAAHAEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@PEB_WAEAVWaJson@@@Z

?getComponent@WaComponentManager@@QEBAHPEB_WPEAPEAVWaExternalComponent@@@Z

?end@WaComponentManager@@QEBA?AV?$_List_const_iterator@V?$_List_val@U?$_List_simple_types@U?$pair@$$CBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@VWaExternalComponent@@@std@@@std@@@std@@@std@@XZ

?begin@WaComponentManager@@QEBA?AV?$_List_const_iterator@V?$_List_val@U?$_List_simple_types@U?$pair@$$CBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@VWaExternalComponent@@@std@@@std@@@std@@@std@@XZ

?create@WaJsonFactory@@SAHV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@AEAVWaJson@@@Z

?get@WaDatabase@@SAHAEBW4WaDatabaseKey@@AEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@AEAVWaJson@@_N@Z

?SendProxyMessage@WaThirdPartyGatewayHandle@@QEAAHAEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@AEAV23@_N@Z

??0WaThirdPartyGatewayHandle@@QEAA@H@Z

?cachedInvoke@WaExternalComponent@@QEBAHAEAVWaJson@@PEAPEA_W@Z

?getDllName@WaExternalComponent@@QEBA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@XZ

?getModuleName@WaExternalComponent@@QEBA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@XZ

?fileContents@WaFileUtils@@SAHV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@AEAV23@_NHHAEB_N2@Z

?remove@WaJson@@UEAAXPEB_W@Z

?dotGet@WaJson@@UEAAHAEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@AEAV1@@Z

?dotGet@WaJson@@UEAAHPEB_WAEAH@Z

?get@WaJson@@UEBAHPEB_WAEAV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z

?put@WaJson@@UEAAXPEB_WAEBV1@@Z

?size@WaJson@@UEBA_KXZ

??0WaJson@@QEAA@AEBV0@@Z

??0WaJson@@QEAA@_N@Z

??0WaJson@@QEAA@$$QEAUObjectConstructor@0@@Z

?getOESISVersion@WaFileInfo@@QEAAHAEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@0AEAV23@@Z

??1WaFileInfo@@QEAA@XZ

??0WaFileInfo@@QEAA@XZ

?getMethod@Method@WaStaticDb@@YAPEBUmethod@12@H@Z

?fileExists@WaFileUtils@@SAHAEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@_NAEB_N@Z

??1PerfLoggingScope@@QEAA@XZ

??0PerfLoggingScope@@QEAA@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z

?setEventPreLaunch@WaEventManager@@QEAAXAEBW4WaEventType@1@$$QEAV?$function@$$A6AHP6AXPEA_W@ZHVWaJson@@@Z@std@@@Z

?setEventSink@WaEventManager@@QEAAXAEBW4WaEventType@1@$$QEAV?$function@$$A6AHP6AXPEA_W@ZV?$shared_ptr@VWaSignalLock@@@std@@HVWaJson@@@Z@std@@@Z

?_dotRetrieve@WaJson@@EEAAHPEB_WAEAV1@W4WaJsonType@@@Z

?_dotInsert@WaJson@@EEAAHPEB_WAEBV1@W4WaJsonType@@@Z

?_encodeString@WaJson@@EEBA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@AEBV23@@Z

?_toPrettyString@WaJson@@EEBA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@H_N@Z

?_set@WaJson@@EEAAXAEBH@Z

?_set@WaJson@@EEAAX_N@Z

?_set@WaJson@@EEAAXPEB_W@Z

?_set@WaJson@@EEAAX$$QEAV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z

?_set@WaJson@@EEAAXAEBV?$vector@VWaJson@@V?$wa_allocator@VWaJson@@@@@std@@@Z

?_set@WaJson@@EEAAXAEBV?$unordered_map@$$CBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@VWaJson@@Uwa_map_hasher@@Uwa_map_equal_to@@V?$wa_allocator@U?$pair@$$CBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@VWaJson@@@std@@@@@std@@@Z

?_init@WaJson@@EEAAXXZ

?removeRecursive@WaJson@@UEAAXPEB_W@Z

?first@WaJson@@UEAA?AV1@XZ

?val@WaJson@@UEBAHAEAH@Z

?val@WaJson@@UEBAHAEAV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z

?val@WaJson@@UEBAHAEA_N@Z

?keys@WaJson@@UEBA?AV?$set@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@U?$less@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@2@V?$allocator@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@2@@std@@XZ

?contains@WaJson@@UEBA_NAEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z

?remove@WaJson@@UEAAXAEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z

?remove@WaJson@@UEAAXH@Z

?dotAdd@WaJson@@UEAAHAEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@AEBV1@@Z

?dotPut@WaJson@@UEAAHAEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@AEBV1@@Z

?dotAt@WaJson@@UEAAHPEB_WAEAV1@@Z

?dotAt@WaJson@@UEAAHAEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@AEAV1@@Z

?dotAt@WaJson@@UEAAHPEB_WAEAV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z

?dotAt@WaJson@@UEAAHAEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@AEAV23@@Z

?dotAt@WaJson@@UEAAHPEB_WAEAH@Z

?dotAt@WaJson@@UEAAHAEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@AEAH@Z

?dotAt@WaJson@@UEAAHPEB_WAEA_N@Z

?dotAt@WaJson@@UEAAHAEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@AEA_N@Z

?dotGet@WaJson@@UEAAHPEB_WAEAV1@@Z

?dotGet@WaJson@@UEAAHAEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@AEAV23@@Z

?dotGet@WaJson@@UEAAHAEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@AEA_N@Z

?getString@WaJson@@UEBA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@XZ

?getInt@WaJson@@UEBAHXZ

?get@WaJson@@UEBA?AV1@AEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z

?get@WaJson@@UEBAHAEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@AEAV23@@Z

?Is64@WaOSUtils@@QEAA_NXZ

?get@WaJson@@UEBAHAEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@AEA_N@Z

?get@WaJson@@UEBAHAEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@AEAV1@@Z

?put@WaJson@@UEAAXAEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@AEBV1@@Z

?put@WaJson@@UEAAXAEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@$$QEAV1@@Z

?put@WaJson@@UEAAXV?$initializer_list@U?$pair@PEB_WVWaJson@@@std@@@std@@@Z

?at@WaJson@@UEBA?AV1@_K@Z

?add@WaJson@@UEAAXAEBV1@@Z

?add@WaJson@@UEAAX$$QEAV1@@Z

?add@WaJson@@UEAAXV?$initializer_list@VWaJson@@@std@@@Z

?isObjKeyType@WaJson@@UEBA_NPEB_WAEBW4WaJsonType@@@Z

?getObjKeyType@WaJson@@UEBA?AW4WaJsonType@@PEB_W@Z

?convert@WaJson@@UEAAXAEBW4WaJsonType@@@Z

??MWaJson@@UEBA_NAEBV0@@Z

??9WaJson@@UEBA_NAEBV0@@Z

??8WaJson@@UEBA_NAEBV0@@Z

??AWaJson@@UEAAAEAV0@_K@Z

??AWaJson@@UEBAAEBV0@_K@Z

??AWaJson@@UEAAAEAV0@PEB_W@Z

??AWaJson@@UEBAAEBV0@PEB_W@Z

??AWaJson@@UEAAAEAV0@AEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z

??AWaJson@@UEBAAEBV0@AEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z

??YWaJson@@UEAAAEAV0@AEBV0@@Z

??4WaJson@@UEAAAEAV0@$$QEAV0@@Z

??4WaJson@@UEAAAEAV0@AEBV0@@Z

??4WaJson@@UEAAAEAV0@PEB_W@Z

??4WaJson@@UEAAAEAV0@AEBH@Z

??4WaJson@@UEAAAEAV0@_N@Z

??4WaJson@@UEAAAEAV0@AEBV?$vector@VWaJson@@V?$wa_allocator@VWaJson@@@@@std@@@Z

??4WaJson@@UEAAAEAV0@AEBV?$unordered_map@$$CBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@VWaJson@@Uwa_map_hasher@@Uwa_map_equal_to@@V?$wa_allocator@U?$pair@$$CBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@VWaJson@@@std@@@@@std@@@Z

??0WaJson@@QEAA@$$QEAV0@@Z

?detectionCall@WaDebugInfo@@QEAA?AV?$shared_ptr@U?$Scope@_N@WaDbgCallTracker@@@std@@XZ

?getUserPasswordProtected@WaOSUtils@@QEAAHAEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@0AEA_NAEAW4PasswordProtectionInfo@@@Z

?generateUUID@WaOSUtils@@QEAAHAEAV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z

?getDeviceID@WaOSUtils@@QEAAHAEAV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z

?revertImpersonation@WaOSUtils@@QEAAHXZ

?impersonateCurrentUser@WaOSUtils@@QEAAHXZ

?getUserName@WaOSUtils@@QEAAHAEAV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@0@Z

?instance@WaWmiThread@@SAPEAV1@XZ

?getLicenseStatus@WaLicense@@QEAAHPEB_WAEAV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z

?terminateProcess@WaTaskManager@@QEAAHV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@AEBV23@_NH@Z

?isProcessRunning@WaTaskManager@@QEAA_NV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@AEBV23@0@Z

?getListCerts@WaFileInfo@@SAHAEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@AEAV?$vector@VWaJson@@V?$wa_allocator@VWaJson@@@@@3@@Z

?getExeArchitecture@WaFileInfo@@SAHHAEAVWaJson@@AEB_N@Z

?getInfo@WaFileInfo@@QEAAHPEB_WW4_VI_STR@@AEAV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@AEB_N@Z

?Matches@WaRegex@@SA_NPEB_W0@Z

?Match@WaRegex@@SAHPEB_W0AEAV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z

?open@WaRegKey@@QEAAHXZ

?getPath@WaRegKey@@QEAA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@XZ

??1WaRegKey@@QEAA@XZ

?getWscAvProducts@WaWmi@@UEAAHAEAVWaJson@@@Z

??1WaWmi@@UEAA@XZ

??0WaWmi@@QEAA@XZ

?launchProduct@WaProductUtils@@YAHH@Z

?getComponents@WaProductUtils@@YAHHAEAV?$vector@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@V?$allocator@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@2@@std@@@Z

?getInstalledLanguage@WaProductUtils@@YAHAEBHAEAVWaJson@@@Z

?getDefaultBrowserPath@WaProductUtils@@YAHAEAV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z

?verifyMainComponentDigitalSignature@WaProductUtils@@YAHAEBHAEAVWaJson@@AEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@AEB_N@Z

?getMainInstallPath@WaProductUtils@@YAHHAEAV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@AEBV23@@Z

?getOSInfo@WaProductUtils@@YAHAEBVWaJson@@AEAV2@@Z

?getMainComponent@WaProductUtils@@YAHHAEAHAEAV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@AEBV23@@Z

?getUninstallHiveInfo@WaProductUtils@@YAHHAEAVWaJson@@@Z

?getSha2HashForFile@WaHasher@@SAHAEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@AEAV23@_N@Z

?getMd5HashForFile@WaHasher@@SAHAEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@AEAV23@_N@Z

?evalDefinition@WaDetectionEngine@@SAHHAEBV?$vector@HV?$allocator@H@std@@@std@@AEAVWaJson@@_N22@Z

?setShowBundleInfo@WaDetectionEngine@@QEAAXAEB_N@Z

?setShowUninstallHive@WaDetectionEngine@@QEAAXAEB_N@Z

?setProductDigitalSignatureVerification@WaDetectionEngine@@QEAAX_N@Z

?setSingleThreaded@WaDetectionEngine@@QEAAX_N@Z

?setAddInstallDateToResults@WaDetectionEngine@@QEAAX_N@Z

?setAddInstallDirsToResults@WaDetectionEngine@@QEAAX_N@Z

?setAddMethodsToResults@WaDetectionEngine@@QEAAX_N@Z

?detectProducts@WaDetectionEngine@@QEAAXAEBV?$vector@HV?$allocator@H@std@@@std@@AEAVWaJson@@@Z

??1WaDetectionEngine@@QEAA@XZ

??0WaDetectionEngine@@QEAA@XZ

?getPathListFromFilePathJson@WaEvaluator@@SA?AV?$vector@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@V?$allocator@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@2@@std@@AEBVWaJson@@@Z

?evaluateRegistryPath@WaEvaluator@@SAHAEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@AEAV?$vector@VWaRegKey@@V?$allocator@VWaRegKey@@@std@@@3@@Z

?evaluateFilePath@WaEvaluator@@SAHAEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@AEAHAEAVWaJson@@AEBH0@Z

?evaluateFilePath@WaEvaluator@@SAHAEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@AEAHAEAV23@AEBH0@Z

?splitExpressionFact@WaEvaluator@@SAHAEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@AEAW4WaDatabaseKey@@AEAV23@@Z

?evaluateFact@WaEvaluator@@SAHW4WaDatabaseKey@@AEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@PEAVWaJson@@@Z

?evaluateExpression@WaEvaluator@@SAHAEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z

?canExecuteByAllUsers@WaFileUtils@@SAHAEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z

?verifyFileAuthenticity@WaFileUtils@@SAHAEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@AEA_NAEAV23@AEB_N@Z

?getSigningStatus@WaFileUtils@@SAHAEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@AEAHAEA_NAEAV23@@Z

?getFileVersionFromPath@WaFileUtils@@SAHAEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@AEBHAEAV23@AEB_N@Z

?directoryExists@WaFileUtils@@SAHAEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@_NAEB_N@Z

?remove@WaCache@@QEAAHAEBW4WaCacheNamespace@@AEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@PEB_W@Z

?get@WaCache@@QEAAHAEBW4WaCacheNamespace@@AEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@PEB_WAEAVWaJson@@@Z

?insert@WaCache@@QEAAHAEBW4WaCacheNamespace@@AEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@PEB_WAEBVWaJson@@@Z

?deallocate@WaMemoryPoolManager@@QEAAX_KPEAX@Z

??0WaJson@@QEAA@AEBV?$vector@VWaJson@@V?$wa_allocator@VWaJson@@@@@std@@@Z

??0WaJson@@QEAA@W4WaJsonType@@@Z

?getServiceSnapshot@WaServiceManager@@QEAAHAEAVWaJson@@@Z

?getService@WaServiceManager@@QEAAHV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@AEAUWaService@@@Z

?getCurrentEpochTime@WaTime@@YAHXZ

?writeToFile@WaDebugInfo@@QEAAHAEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@_NW4LOG_LEVEL@1@V?$set@W4LOG_COMPONENT@WaDebugInfo@@U?$less@W4LOG_COMPONENT@WaDebugInfo@@@std@@V?$allocator@W4LOG_COMPONENT@WaDebugInfo@@@4@@3@11@Z

?setCurrentSignatureId@WaDebugInfo@@QEAA?AV?$shared_ptr@U?$Scope@H@WaDbgCallTracker@@@std@@H@Z

?disable@WaRevocationCheck@WaCertificate@@QEAAXXZ

?enable@WaRevocationCheck@WaCertificate@@QEAAXXZ

?setVersionStamp@WaHttp@@QEAAXAEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z

?isRemoteConnected@WaEndPointManager@@QEAA_NXZ

?instance@?$Singleton@VWaWuaProgressReceiver@@@@SAPEAVWaWuaProgressReceiver@@XZ

?destroy@?$Singleton@VWaWMIManager@@@@SAXXZ

?destroy@?$Singleton@VWaEndPointManager@@@@SAXXZ

?instance@?$Singleton@VWaEndPointManager@@@@SAPEAVWaEndPointManager@@XZ

?destroy@?$Singleton@VWaSecuredTempFile@@@@SAXXZ

?destroy@?$Singleton@VWaNet@@@@SAXXZ

?destroy@?$Singleton@VWaOSUtils@@@@SAXXZ

?instance@?$Singleton@VWaOSUtils@@@@SAPEAVWaOSUtils@@XZ

?destroy@?$Singleton@VWaServiceManager@@@@SAXXZ

?instance@?$Singleton@VWaServiceManager@@@@SAPEAVWaServiceManager@@XZ

?destroy@?$Singleton@VWaCryptoApiWrapper@@@@SAXXZ

?instance@?$Singleton@VWaCryptoApiWrapper@@@@SAPEAVWaCryptoApiWrapper@@XZ

?destroy@?$Singleton@VWaMemoryPoolManager@@@@SAXXZ

?instance@?$Singleton@VWaMemoryPoolManager@@@@SAPEAVWaMemoryPoolManager@@XZ

?instance@WaHttp@@SAPEAV1@XZ

?destroy@WaHttp@@SAXXZ

?initialize@WaHttp@@QEAAHXZ

?calculateVersionStamp@WaHttp@@SA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@XZ

?registerNotifier@WaServiceManager@@QEAAHUWaServiceMgrParam@@@Z

?unregisterNotifier@WaServiceManager@@QEAAXXZ

??0WaJson@@QEAA@AEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@AEBV0@@Z

??0WaJson@@QEAA@AEBH@Z

??0WaJson@@QEAA@PEB_W@Z

??0WaJson@@QEAA@XZ

??1WaJson@@UEAA@XZ

?getType@WaJson@@UEBA?AW4WaJsonType@@XZ

?isType@WaJson@@UEBA_NAEBW4WaJsonType@@@Z

?clear@WaJson@@UEAAXXZ

?put@WaJson@@UEAAXPEB_W$$QEAV1@@Z

?get@WaJson@@UEBAHPEB_WAEAV1@@Z

?get@WaJson@@UEBAHPEB_WAEA_N@Z

?get@WaJson@@UEBAHPEB_WAEAH@Z

?get@WaJson@@UEBA?AV1@PEB_W@Z

?getBool@WaJson@@UEBA_NXZ

?dotGet@WaJson@@UEAAHPEB_WAEA_N@Z

?dotGet@WaJson@@UEAAHAEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@AEAH@Z

?dotGet@WaJson@@UEAAHPEB_WAEAV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z

?dotPut@WaJson@@UEAAHPEB_WAEBV1@@Z

?dotAdd@WaJson@@UEAAHPEB_WAEBV1@@Z

?contains@WaJson@@UEBA_NPEB_W@Z

?toString@WaJson@@UEBA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@XZ

?toPrettyString@WaJson@@UEBA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@XZ

?toCharPointer@WaJson@@UEBAXPEAPEA_W@Z

?toPrettyCharPointer@WaJson@@UEBAXPEAPEA_W@Z

?setObjectsPerPool@WaMemoryPoolManager@@QEAAX_K@Z

?instance@WaCache@@SAPEAV1@XZ

?destroy@WaCache@@SAXXZ

?initialize@WaCache@@QEAAHXZ

?cache@WaCache@@QEAAHXZ

?instance@WaEventManager@@SAPEAV1@XZ

?destroy@WaEventManager@@SAXXZ

?registerEvent@WaEventManager@@QEAAHAEBVWaJson@@P6AXPEA_W@ZAEAH@Z

?unregisterEvent@WaEventManager@@QEAAHAEBH@Z

?getDeploymentPath@WaFileUtils@@SAHAEAV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z

?invoke@WaExternalComponent@@QEBAHAEAVWaJson@@0@Z

?destroy@WaThirdPartyGatewayHandle@@SAXXZ

?instance@WaRegistry@@SAPEAV1@XZ

?destroy@WaRegistry@@SAXXZ

?registerNotifier@WaRegistry@@QEAAHXZ

?unregisterNotifier@WaRegistry@@QEAAXXZ

?instance@WaDatabase@@SAPEAV1@XZ

?destroy@WaDatabase@@SAXXZ

?initialize@WaDatabase@@QEAAHXZ

?switchToOnlineMode@WaDatabase@@QEAAHXZ

?cache@WaDatabase@@QEAAHXZ

?switchToOfflineMode@WaDatabase@@SAXXZ

?wCaseCmp@WaStringUtils@@YAHPEB_W0@Z

?trim@WaStringUtils@@YAAEAV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@AEAV23@@Z

?create@WaJsonFactory@@SAHPEB_WAEAVWaJson@@@Z

?getActualError@WaCallTree@@SAHAEAVWaJson@@@Z

?getCallTree@WaCallTree@@SAXAEAVWaJson@@@Z

?evaluateResult@WaCallTree@@SAHH@Z

?instance@WaCallTree@@SAPEAV1@AEBVid@thread@std@@@Z

?destroy@WaCallTree@@SAXXZ

?removeThreadStack@WaCallTree@@SAXAEBVid@thread@std@@@Z

?getTickCount@WaTime@@YA_JXZ

?instance@WaConfigurations@@SAPEAV1@XZ

?destroy@WaConfigurations@@SAXXZ

?instance@WaComponentManager@@SAPEAV1@XZ

?destroy@WaComponentManager@@SAXXZ

?initialize@WaComponentManager@@QEAAHXZ

?getComponent@WaComponentManager@@QEBAHAEBHPEAPEAVWaExternalComponent@@@Z

?freeComponentAllocation@WaComponentManager@@QEAAHPEA_W@Z

?initialize@WaEndPointManager@@QEAAHAEBVWaJson@@@Z

?instance@WaTaskManager@@SAPEAV1@XZ

?destroy@WaTaskManager@@SAXXZ

?startTaskManager@WaTaskManager@@QEAAHUWaTaskMgrParam@@@Z

?instance@WaLicense@@SAPEAV1@XZ

?destroy@WaLicense@@SAXXZ

?init@WaLicense@@QEAAHXZ

?renew@WaLicense@@QEAAHXZ

?getUserId@WaLicense@@QEAAHAEAV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z

?setModuleOutput@WaApiUtils@@YAH_KAEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@PEB_WHAEAVWaJson@@@Z

?addUtilsOwnerTag@WaApiUtils@@YAHPEB_WAEAV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z

?isUtilsOwnerTagPresent@WaApiUtils@@YA_NPEB_W@Z

?isTeardownRequest@WaApiUtils@@YA_NAEBVWaJson@@@Z

?updateLicenseFile@WaApiUtils@@YAH_N0PEAVWaJson@@@Z

?instance@WaRevocationCheck@WaCertificate@@SAPEAV12@XZ

?destroy@WaRevocationCheck@WaCertificate@@SAXXZ

?setEnabled@WaRevocationCheckUtilsLocal@WaCertificate@@SAX_N@Z

?destroy@WaWmiThread@@SAXXZ

?destroy@WaCustomDetection@@SAXXZ

?initialize@WaOSUtils@@QEAAXXZ

?instance@WaDebugInfo@@SAPEAV1@XZ

?destroy@WaDebugInfo@@SAXXZ

?initializeCrypto@WaDebugInfo@@QEAAHXZ

?setupCall@WaDebugInfo@@QEAA?AV?$shared_ptr@U?$Scope@_N@WaDbgCallTracker@@@std@@PEB_W@Z

?invokeCall@WaDebugInfo@@QEAA?AV?$shared_ptr@U?$Scope@_N@WaDbgCallTracker@@@std@@AEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@3@@Z

?teardownCall@WaDebugInfo@@QEAAXXZ

?freeCall@WaDebugInfo@@QEAAXXZ

?setCurrentMethodId@WaDebugInfo@@QEAA?AV?$shared_ptr@U?$Scope@H@WaDbgCallTracker@@@std@@H@Z

?get@WaJson@@UEBAHAEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@AEAH@Z

msi

ord70

Exports

wa_api_free

wa_api_invoke

wa_api_register_handler

wa_api_setup

wa_api_teardown

wa_api_unregister_handler

Sections

.text
Size: 662KB - Virtual size: 662KB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

.rdata
Size: 295KB - Virtual size: 294KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.data
Size: 21KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.pdata
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.gehcont
Size: 512B - Virtual size: 20B

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_DISCARDABLE

IMAGE_SCN_MEM_READ

x64/libwaheap.dll

.dll windows:6 windows x64 arch:x64

4579528d9f107c4d5b73bc9c2cf81053

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

09:02:b3:6b:32:51:c3:28:08:3f:77:7c:a0:84:28:ff
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

16/09/2022, 00:00

Not After

17/09/2025, 23:59

Subject

CN=Avast Software s.r.o.,O=Avast Software s.r.o.,L=Praha,C=CZ

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

df:30:81:dc:f8:fa:27:1b:51:db:4d:8e:ba:0a:33:9b:e2:31:2a:10:27:c8:f4:0d:5a:4b:71:8e:c2:bd:c8:93
Signer

Actual PE Digest

df:30:81:dc:f8:fa:27:1b:51:db:4d:8e:ba:0a:33:9b:e2:31:2a:10:27:c8:f4:0d:5a:4b:71:8e:c2:bd:c8:93

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_LARGE_ADDRESS_AWARE

IMAGE_FILE_DLL

PDB Paths

libwaheap.pdb

Imports

kernel32

HeapCreate

GetVersion

HeapSetInformation

HeapDestroy

RtlCaptureContext

RtlLookupFunctionEntry

RtlVirtualUnwind

UnhandledExceptionFilter

SetUnhandledExceptionFilter

GetCurrentProcess

TerminateProcess

IsProcessorFeaturePresent

QueryPerformanceCounter

GetCurrentProcessId

GetCurrentThreadId

GetSystemTimeAsFileTime

InitializeSListHead

IsDebuggerPresent

GetStartupInfoW

GetModuleHandleW

RtlUnwindEx

InterlockedFlushSList

GetLastError

SetLastError

EnterCriticalSection

LeaveCriticalSection

DeleteCriticalSection

InitializeCriticalSectionAndSpinCount

TlsAlloc

TlsGetValue

TlsSetValue

TlsFree

FreeLibrary

GetProcAddress

LoadLibraryExW

ExitProcess

GetModuleHandleExW

GetModuleFileNameW

HeapFree

HeapAlloc

FindClose

FindFirstFileExW

FindNextFileW

IsValidCodePage

GetACP

GetOEMCP

GetCPInfo

GetCommandLineA

GetCommandLineW

MultiByteToWideChar

WideCharToMultiByte

GetEnvironmentStringsW

FreeEnvironmentStringsW

LCMapStringW

GetProcessHeap

GetStdHandle

GetFileType

GetStringTypeW

HeapSize

HeapReAlloc

SetStdHandle

FlushFileBuffers

WriteFile

GetConsoleOutputCP

GetConsoleMode

SetFilePointerEx

CreateFileW

CloseHandle

WriteConsoleW

RaiseException

Exports

wa_getHeap

Sections

.text
Size: 44KB - Virtual size: 44KB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

.rdata
Size: 34KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.pdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.gehcont
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_DISCARDABLE

IMAGE_SCN_MEM_READ

x64/libwalocal.dll

.dll windows:6 windows x64 arch:x64

251c1d87cd6226bcc79893e95f4ea563

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

09:02:b3:6b:32:51:c3:28:08:3f:77:7c:a0:84:28:ff
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

16/09/2022, 00:00

Not After

17/09/2025, 23:59

Subject

CN=Avast Software s.r.o.,O=Avast Software s.r.o.,L=Praha,C=CZ

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

d3:fe:11:a6:e7:0e:29:7a:b6:9c:6d:72:e1:ad:a5:c3:31:6f:4b:31:3d:c4:dc:38:9d:8c:78:57:71:63:be:24
Signer

Actual PE Digest

d3:fe:11:a6:e7:0e:29:7a:b6:9c:6d:72:e1:ad:a5:c3:31:6f:4b:31:3d:c4:dc:38:9d:8c:78:57:71:63:be:24

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_LARGE_ADDRESS_AWARE

IMAGE_FILE_DLL

PDB Paths

libwalocal.pdb

Imports

libwaapi

wa_api_invoke

wa_api_free

libwaheap

wa_getHeap

kernel32

RtlLookupFunctionEntry

RtlVirtualUnwind

UnregisterWaitEx

AreFileApisANSI

ReadFile

TryEnterCriticalSection

HeapCreate

HeapFree

EnterCriticalSection

GetFullPathNameW

WriteFile

GetDiskFreeSpaceW

OutputDebugStringA

LockFile

LeaveCriticalSection

InitializeCriticalSection

SetFilePointer

GetFullPathNameA

SetEndOfFile

UnlockFileEx

GetTempPathW

CreateMutexW

WaitForSingleObject

CreateFileW

GetFileAttributesW

GetCurrentThreadId

UnmapViewOfFile

HeapValidate

HeapSize

MultiByteToWideChar

Sleep

GetTempPathA

FormatMessageW

GetDiskFreeSpaceA

GetLastError

GetFileAttributesA

GetFileAttributesExW

OutputDebugStringW

FlushViewOfFile

CreateFileA

LoadLibraryA

WaitForSingleObjectEx

DeleteFileA

DeleteFileW

HeapReAlloc

CloseHandle

RaiseException

GetSystemInfo

LoadLibraryW

HeapAlloc

HeapCompact

HeapDestroy

UnlockFile

GetProcAddress

LocalFree

LockFileEx

GetFileSize

DeleteCriticalSection

GetCurrentProcessId

GetProcessHeap

SystemTimeToFileTime

FreeLibrary

WideCharToMultiByte

GetSystemTimeAsFileTime

GetSystemTime

FormatMessageA

CreateFileMappingW

MapViewOfFile

QueryPerformanceCounter

GetTickCount

FlushFileBuffers

InitializeCriticalSectionEx

DecodePointer

ExpandEnvironmentStringsW

DeviceIoControl

UnhandledExceptionFilter

SetUnhandledExceptionFilter

QueryDepthSList

InterlockedPopEntrySList

ReleaseSemaphore

GetCurrentProcess

TerminateProcess

IsProcessorFeaturePresent

IsDebuggerPresent

GetStartupInfoW

VirtualProtect

VirtualFree

VirtualAlloc

GetVersionExW

GetModuleHandleA

GetThreadTimes

UnregisterWait

RegisterWaitForSingleObject

SetThreadAffinityMask

GetProcessAffinityMask

GetNumaHighestNodeNumber

DeleteTimerQueueTimer

ChangeTimerQueueTimer

CreateTimerQueueTimer

GetLogicalProcessorInformation

GetThreadPriority

SetThreadPriority

SwitchToThread

SignalObjectAndWait

SetEvent

CreateTimerQueue

WriteConsoleW

SetStdHandle

GetConsoleMode

GetConsoleOutputCP

SetFilePointerEx

GetFileSizeEx

SetEnvironmentVariableW

FreeEnvironmentStringsW

GetEnvironmentStringsW

GetCommandLineW

GetCommandLineA

GetOEMCP

GetACP

IsValidCodePage

FindNextFileW

FindFirstFileExW

FindClose

GetFileType

GetStdHandle

GetTimeZoneInformation

EnumSystemLocalesW

GetUserDefaultLCID

IsValidLocale

GetTimeFormatW

GetDateFormatW

GetModuleFileNameW

ExitProcess

GetModuleHandleExW

FreeLibraryAndExitThread

ExitThread

CreateThread

LoadLibraryExW

InterlockedFlushSList

InterlockedPushEntrySList

RtlUnwindEx

RtlPcToFileHeader

GetCPInfo

GetLocaleInfoW

LCMapStringW

CompareStringW

TlsFree

TlsSetValue

TlsGetValue

TlsAlloc

CreateEventW

InitializeCriticalSectionAndSpinCount

SetLastError

EncodePointer

GetStringTypeW

GetCurrentThread

DuplicateHandle

InitializeSListHead

GetModuleHandleW

RtlCaptureContext

ole32

CoInitializeEx

CoUninitialize

CoCreateInstance

oleaut32

VariantInit

VariantChangeType

VariantClear

libwautils

?get@WaJson@@UEBAHAEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@AEA_N@Z

?get@WaJson@@UEBAHPEB_WAEAV1@@Z

?get@WaJson@@UEBAHAEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@AEAV1@@Z

?put@WaJson@@UEAAXPEB_WAEBV1@@Z

?put@WaJson@@UEAAXPEB_W$$QEAV1@@Z

?put@WaJson@@UEAAXAEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@AEBV1@@Z

?put@WaJson@@UEAAXAEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@$$QEAV1@@Z

?put@WaJson@@UEAAXV?$initializer_list@U?$pair@PEB_WVWaJson@@@std@@@std@@@Z

?at@WaJson@@UEBA?AV1@_K@Z

?add@WaJson@@UEAAXAEBV1@@Z

?add@WaJson@@UEAAX$$QEAV1@@Z

?add@WaJson@@UEAAXV?$initializer_list@VWaJson@@@std@@@Z

?size@WaJson@@UEBA_KXZ

?clear@WaJson@@UEAAXXZ

?get@WaJson@@UEBAHPEB_WAEAH@Z

?isType@WaJson@@UEBA_NAEBW4WaJsonType@@@Z

?getObjKeyType@WaJson@@UEBA?AW4WaJsonType@@PEB_W@Z

?getType@WaJson@@UEBA?AW4WaJsonType@@XZ

?convert@WaJson@@UEAAXAEBW4WaJsonType@@@Z

??MWaJson@@UEBA_NAEBV0@@Z

??9WaJson@@UEBA_NAEBV0@@Z

??8WaJson@@UEBA_NAEBV0@@Z

??AWaJson@@UEAAAEAV0@_K@Z

??AWaJson@@UEBAAEBV0@_K@Z

??AWaJson@@UEAAAEAV0@PEB_W@Z

??AWaJson@@UEBAAEBV0@PEB_W@Z

??AWaJson@@UEAAAEAV0@AEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z

??AWaJson@@UEBAAEBV0@AEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z

??YWaJson@@UEAAAEAV0@AEBV0@@Z

??4WaJson@@UEAAAEAV0@$$QEAV0@@Z

??4WaJson@@UEAAAEAV0@AEBV0@@Z

??4WaJson@@UEAAAEAV0@PEB_W@Z

??4WaJson@@UEAAAEAV0@AEBH@Z

??4WaJson@@UEAAAEAV0@_N@Z

??4WaJson@@UEAAAEAV0@AEBV?$vector@VWaJson@@V?$wa_allocator@VWaJson@@@@@std@@@Z

??4WaJson@@UEAAAEAV0@AEBV?$unordered_map@$$CBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@VWaJson@@Uwa_map_hasher@@Uwa_map_equal_to@@V?$wa_allocator@U?$pair@$$CBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@VWaJson@@@std@@@@@std@@@Z

??1WaJson@@UEAA@XZ

??0WaJson@@QEAA@XZ

??0WaJson@@QEAA@AEBV0@@Z

??0WaJson@@QEAA@PEB_W@Z

??0WaJson@@QEAA@AEBH@Z

??0WaJson@@QEAA@AEBV?$vector@VWaJson@@V?$wa_allocator@VWaJson@@@@@std@@@Z

??0WaJson@@QEAA@AEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@AEBV0@@Z

??0WaJson@@QEAA@W4WaJsonType@@@Z

?instance@?$Singleton@VWaMemoryPoolManager@@@@SAPEAVWaMemoryPoolManager@@XZ

?instance@?$Singleton@VWaSecuredTempFile@@@@SAPEAVWaSecuredTempFile@@XZ

?instance@?$Singleton@VWaEndPointManager@@@@SAPEAVWaEndPointManager@@XZ

?isUseRegularExpressionInDirectoryPath@WaEvaluator@@SA_NAEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z

?isRemoteConnected@WaEndPointManager@@QEAA_NXZ

?byteArrayToEpoch@WaTime@@YAHAEBQEAEAEAH@Z

?bytesToWString@WaStringUtils@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@PEAEI_N@Z

?evaluateRegistryFact@WaEvaluator@@SAHAEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@AEAVWaJson@@_N@Z

?evaluateFilePath@WaEvaluator@@SAHAEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@AEAHAEAVWaJson@@AEBH0@Z

?evaluateServiceFact@WaEvaluator@@SAHAEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@AEAVWaJson@@_N@Z

?httpGet@WaNet@@QEAAHAEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@HAEAV23@0@Z

??0WaJson@@QEAA@$$QEAV0@@Z

?instance@?$Singleton@VWaNet@@@@SAPEAVWaNet@@XZ

?create@WaJsonFactory@@SAHPEB_WAEAVWaJson@@@Z

?getUserName@WaOSUtils@@QEAAHAEAV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@0@Z

?getProcessSnapshot@WaTaskManager@@QEAAHAEAVWaJson@@AEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z

?getInternetState@WaEndPointManager@@QEAAHV?$vector@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@V?$allocator@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@2@@std@@HHAEA_N@Z

?Match@WaRegex@@SAHPEB_W0AEAV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z

?instance@?$Singleton@VWaOSUtils@@@@SAPEAVWaOSUtils@@XZ

?Matches@WaRegex@@SA_NPEB_W0@Z

?CaptureAll@WaRegex@@SAHPEB_W0AEAV?$vector@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@V?$allocator@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@2@@std@@@Z

?query@WaWMIManager@@QEAAHPEB_W0AEBV?$vector@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@V?$allocator@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@2@@std@@AEAVWaJson@@HH_N@Z

?getCurrentEpochTime@WaTime@@YAHAEAH@Z

?timeStringToEpochTime@WaTime@@YAHAEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@0AEAH@Z

?getTimeString@WaTime@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@AEBV23@_NAEB_J@Z

?split@WaStringUtils@@YAHAEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@_WAEAV?$vector@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@V?$allocator@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@2@@3@_N@Z

?instance@?$Singleton@VWaWMIManager@@@@SAPEAVWaWMIManager@@XZ

?base64Decode@WaBase64@@QEAA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@AEBV23@@Z

?getExeArchitecture@WaFileInfo@@SAHHAEAVWaJson@@AEB_N@Z

?instance@WaConfigurations@@SAPEAV1@XZ

?getInstalledLanguage@WaProductUtils@@YAHAEBHAEAVWaJson@@@Z

?create@WaJsonFactory@@SAHV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@AEAVWaJson@@@Z

?get@WaDatabase@@SAHAEBW4WaDatabaseKey@@AEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@AEAVWaJson@@_N@Z

?instance@WaDatabase@@SAPEAV1@XZ

?isRegistered@WaSelfProtection@@QEBA_NAEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z

?registerModule@WaSelfProtection@@QEAAHAEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z

??1WaSelfProtection@@QEAA@XZ

??0WaSelfProtection@@QEAA@XZ

??0WaJson@@QEAA@_N@Z

?revertImpersonation@WaOSUtils@@QEAAHXZ

?comErrorToString@WaComUtils@@SA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@J@Z

?get@WaRegKey@@QEAAHAEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@AEAV23@_N@Z

?open@WaRegKey@@QEAAHPEAUHKEY__@@AEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@K@Z

??1WaRegKey@@QEAA@XZ

??0WaRegKey@@QEAA@PEAUHKEY__@@AEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z

?getApiGuardKey@WaCache@@QEAAHAEAV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z

?instance@WaCache@@SAPEAV1@XZ

??0WaJson@@QEAA@$$QEAUObjectConstructor@0@@Z

?getWSCProductState@WaOSUtils@@QEAAHW4_WSC_SECURITY_PROVIDER@@AEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@AEAW4WSC_SECURITY_PRODUCT_STATE@@@Z

?queryEventlog@WaOSUtils@@QEAAHAEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@0AEAVWaJson@@AEBH2@Z

?getAllAsJsonObjectRecursive@WaRegKey@@QEAAHAEAVWaJson@@@Z

?open@WaRegKey@@QEAAHXZ

?setPath@WaRegKey@@QEAAXAEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z

?getRegLocationEnum@WaRegistry@@SAHV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@0AEAH@Z

?getRegKeyFromLocation@WaRegistry@@SAHW4WaRegistryLocation@@AEAVWaRegKey@@@Z

?get@WaJson@@UEBAHPEB_WAEA_N@Z

?execute@WaPowerShellGateway@@YAHPEB_WAEAV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@H_NAEAK2@Z

?shellExecute@WaProcessUtils@@SAHAEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@0HAEAKAEAV23@H_N@Z

?instance@WaWmiThread@@SAPEAV1@XZ

?readArchitectureInfo@WaFileInfo@@SAHAEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@AEAV23@AEAH@Z

?getLanguageInfo@WaProductUtils@@YAHAEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@AEAV23@AEBW4LanguageInfo@@@Z

?trimRight@WaStringUtils@@YAAEAV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@AEAV23@@Z

?isCurrentPermissionGTE@WaProcessUtils@@SAHAEBHAEA_N@Z

?shellExecuteAsUser@WaProcessUtils@@SAHAEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@0HAEAKAEAV23@H_N3@Z

?launchProcessAsUser@WaProcessUtils@@SAHAEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@0PEAHHPEAKPEAV23@H@Z

?launchProcess@WaProcessUtils@@SAHAEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@0PEAHHPEAKPEAV23@H@Z

?get@WaJson@@UEBAHAEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@AEAV23@@Z

?get@WaJson@@UEBAHPEB_WAEAV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z

?get@WaJson@@UEBA?AV1@AEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z

?get@WaJson@@UEBA?AV1@PEB_W@Z

?getInt@WaJson@@UEBAHXZ

?getString@WaJson@@UEBA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@XZ

?getBool@WaJson@@UEBA_NXZ

?dotGet@WaJson@@UEAAHAEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@AEA_N@Z

?dotGet@WaJson@@UEAAHPEB_WAEA_N@Z

?dotGet@WaJson@@UEAAHAEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@AEAH@Z

?dotGet@WaJson@@UEAAHPEB_WAEAH@Z

?dotGet@WaJson@@UEAAHAEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@AEAV23@@Z

?dotGet@WaJson@@UEAAHPEB_WAEAV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z

?dotGet@WaJson@@UEAAHAEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@AEAV1@@Z

?dotGet@WaJson@@UEAAHPEB_WAEAV1@@Z

?dotAt@WaJson@@UEAAHAEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@AEA_N@Z

?dotAt@WaJson@@UEAAHPEB_WAEA_N@Z

?dotAt@WaJson@@UEAAHAEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@AEAH@Z

?dotAt@WaJson@@UEAAHPEB_WAEAH@Z

?dotAt@WaJson@@UEAAHAEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@AEAV23@@Z

?dotAt@WaJson@@UEAAHPEB_WAEAV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z

?dotAt@WaJson@@UEAAHAEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@AEAV1@@Z

?dotAt@WaJson@@UEAAHPEB_WAEAV1@@Z

?dotPut@WaJson@@UEAAHAEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@AEBV1@@Z

?dotPut@WaJson@@UEAAHPEB_WAEBV1@@Z

?dotAdd@WaJson@@UEAAHAEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@AEBV1@@Z

?dotAdd@WaJson@@UEAAHPEB_WAEBV1@@Z

?remove@WaJson@@UEAAXH@Z

?remove@WaJson@@UEAAXAEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z

?remove@WaJson@@UEAAXPEB_W@Z

?contains@WaJson@@UEBA_NAEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z

?contains@WaJson@@UEBA_NPEB_W@Z

?keys@WaJson@@UEBA?AV?$set@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@U?$less@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@2@V?$allocator@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@2@@std@@XZ

?val@WaJson@@UEBAHAEA_N@Z

?val@WaJson@@UEBAHAEAV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z

?val@WaJson@@UEBAHAEAH@Z

?toString@WaJson@@UEBA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@XZ

?toPrettyString@WaJson@@UEBA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@XZ

?toCharPointer@WaJson@@UEBAXPEAPEA_W@Z

?toPrettyCharPointer@WaJson@@UEBAXPEAPEA_W@Z

?first@WaJson@@UEAA?AV1@XZ

?removeRecursive@WaJson@@UEAAXPEB_W@Z

?_init@WaJson@@EEAAXXZ

?_set@WaJson@@EEAAXAEBV?$unordered_map@$$CBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@VWaJson@@Uwa_map_hasher@@Uwa_map_equal_to@@V?$wa_allocator@U?$pair@$$CBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@VWaJson@@@std@@@@@std@@@Z

?_set@WaJson@@EEAAXAEBV?$vector@VWaJson@@V?$wa_allocator@VWaJson@@@@@std@@@Z

?_set@WaJson@@EEAAX$$QEAV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z

?_set@WaJson@@EEAAXPEB_W@Z

?_set@WaJson@@EEAAX_N@Z

?_set@WaJson@@EEAAXAEBH@Z

?_toPrettyString@WaJson@@EEBA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@H_N@Z

?_encodeString@WaJson@@EEBA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@AEBV23@@Z

?_dotInsert@WaJson@@EEAAHPEB_WAEBV1@W4WaJsonType@@@Z

?_dotRetrieve@WaJson@@EEAAHPEB_WAEAV1@W4WaJsonType@@@Z

?allocate@WaMemoryPoolManager@@QEAAPEAX_K@Z

?deallocate@WaMemoryPoolManager@@QEAAX_KPEAX@Z

?isElevated@WaProcessUtils@@SA_NPEAX@Z

?fileContents@WaFileUtils@@SAHV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@AEAV23@_NHHAEB_N2@Z

?binaryFileContents@WaFileUtils@@SAHV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@AEAV23@_NHHAEB_N@Z

?fileContains@WaFileUtils@@SAHV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@AEBV23@AEAV?$vector@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@V?$allocator@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@2@@3@_N3AEB_N@Z

?fileExists@WaFileUtils@@SAHAEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@_NAEB_N@Z

?getFileVersionFromPath@WaFileUtils@@SAHAEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@AEBHAEAV23@AEB_N@Z

?directoryContents@WaFileUtils@@SAHAEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@AEAVWaJson@@H_NAEB_N@Z

?calculateDirectoryDepth@WaFileUtils@@SAHAEAV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@AEA_NAEAH@Z

?createTempFile@WaFileUtils@@SAHAEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@AEAV23@@Z

?copyFileToTemp@WaFileUtils@@SAHAEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@AEAV23@@Z

?deleteTempFile@WaFileUtils@@SAHAEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z

?evaluateDirectoryRegex@WaEvaluator@@SAHAEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@0AEAV?$vector@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@V?$allocator@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@2@@3@@Z

?getHashString@WaHasher@@SAHAEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@AEAV23@W4WaHashAlg@@_N@Z

?ensurePathEnding@WaStringUtils@@YAXAEAV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z

?isNumber@WaStringUtils@@YA_NAEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z

?evaluateResult@WaCallTree@@SAHH@Z

?instance@WaCallTree@@SAPEAV1@AEBVid@thread@std@@@Z

?Capture@WaRegex@@SAHPEB_W0AEAV?$vector@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@V?$allocator@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@2@@std@@@Z

??0WaFileInfo@@QEAA@XZ

??1WaFileInfo@@QEAA@XZ

?getLastModifiedTime@WaFileInfo@@QEAAHPEB_WAEAHAEB_N@Z

?getListCerts@WaFileInfo@@SAHAEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@AEAV?$vector@VWaJson@@V?$wa_allocator@VWaJson@@@@@3@@Z

?toRemoteTempFile@WaEndPointManager@@QEAAHAEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@AEAV23@@Z

?toRemotePath@WaEndPointManager@@QEAA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@AEBV23@@Z

?getEnvironmentFolder@WaEndPointManager@@QEAAHAEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@AEAV23@@Z

?instance@WaTaskManager@@SAPEAV1@XZ

?terminateProcess@WaTaskManager@@QEAAHH_NH@Z

?terminateProcess@WaTaskManager@@QEAAHV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@AEBV23@_NH@Z

?instance@WaDebugInfo@@SAPEAV1@XZ

?writeToFile@WaDebugInfo@@QEAAHAEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@_NW4LOG_LEVEL@1@V?$set@W4LOG_COMPONENT@WaDebugInfo@@U?$less@W4LOG_COMPONENT@WaDebugInfo@@@std@@V?$allocator@W4LOG_COMPONENT@WaDebugInfo@@@4@@3@11@Z

?contents@WaSecuredTempFile@@QEAAHAEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@AEAV23@@Z

?binaryContents@WaSecuredTempFile@@QEAAHAEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@AEAV23@@Z

?contains@WaSecuredTempFile@@QEAAHV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@AEBV23@AEAV?$vector@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@V?$allocator@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@2@@3@_N@Z

?create@WaSecuredTempFile@@QEAAHAEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@AEAV23@_N@Z

?remove@WaSecuredTempFile@@QEAAHAEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z

?instance@WaRegistry@@SAPEAV1@XZ

?get@WaJson@@UEBAHAEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@AEAH@Z

?isObjKeyType@WaJson@@UEBA_NPEB_WAEBW4WaJsonType@@@Z

Exports

wa_comp_free

wa_comp_setup

wa_comp_teardown

wa_local_invoke_script

Sections

.text
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

.rdata
Size: 382KB - Virtual size: 381KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.data
Size: 28KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.pdata
Size: 52KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.gehcont
Size: 512B - Virtual size: 20B

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.reloc
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_DISCARDABLE

IMAGE_SCN_MEM_READ

x64/libwaresource.dll

.dll windows:6 windows x86 arch:x86

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

09:02:b3:6b:32:51:c3:28:08:3f:77:7c:a0:84:28:ff
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

16/09/2022, 00:00

Not After

17/09/2025, 23:59

Subject

CN=Avast Software s.r.o.,O=Avast Software s.r.o.,L=Praha,C=CZ

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

55:b0:6b:7c:ea:b2:ad:b0:fe:6e:64:ca:8f:fd:5c:4d:ab:23:4c:05:a5:a3:54:d0:2e:74:a3:8f:50:78:0f:07
Signer

Actual PE Digest

55:b0:6b:7c:ea:b2:ad:b0:fe:6e:64:ca:8f:fd:5c:4d:ab:23:4c:05:a5:a3:54:d0:2e:74:a3:8f:50:78:0f:07

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_32BIT_MACHINE

IMAGE_FILE_DLL

PDB Paths

libwaresource.pdb

Sections

.rdata
Size: 512B - Virtual size: 260B

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.rsrc
Size: 4.4MB - Virtual size: 4.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

x64/libwautils.dll

.dll windows:6 windows x64 arch:x64

e9886d3208f36b5161f902bcfed56f22

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

09:02:b3:6b:32:51:c3:28:08:3f:77:7c:a0:84:28:ff
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

16/09/2022, 00:00

Not After

17/09/2025, 23:59

Subject

CN=Avast Software s.r.o.,O=Avast Software s.r.o.,L=Praha,C=CZ

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

6f:34:a1:56:d0:5e:70:df:5f:d6:e6:cc:13:d8:99:c3:17:1b:7b:0b:24:a3:20:4d:11:a8:81:1b:08:ab:8f:ad
Signer

Actual PE Digest

6f:34:a1:56:d0:5e:70:df:5f:d6:e6:cc:13:d8:99:c3:17:1b:7b:0b:24:a3:20:4d:11:a8:81:1b:08:ab:8f:ad

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_LARGE_ADDRESS_AWARE

IMAGE_FILE_DLL

PDB Paths

libwautils.pdb

Imports

setupapi

SetupDiGetClassDevsW

SetupDiGetDeviceRegistryPropertyW

SetupDiEnumDeviceInfo

SetupDiDestroyDeviceInfoList

rpcrt4

UuidCreate

RpcStringFreeW

UuidToStringW

secur32

LsaEnumerateLogonSessions

GetUserNameExW

LsaGetLogonSessionData

LsaFreeReturnBuffer

wtsapi32

WTSCloseServer

WTSEnumerateSessionsW

WTSFreeMemory

WTSOpenServerExW

WTSQuerySessionInformationW

WTSQueryUserToken

WTSEnumerateProcessesW

libwaheap

wa_getHeap

crypt32

CryptMsgClose

CryptQueryObject

CertCloseStore

CryptMsgGetParam

CertFindCertificateInStore

CryptDecodeObjectEx

CryptImportPublicKeyInfoEx2

CryptMsgUpdate

CryptMsgOpenToDecode

CertGetNameStringW

CertOpenStore

CryptHashCertificate

CryptImportPublicKeyInfo

CertFreeCertificateContext

wintrust

CryptCATAdminEnumCatalogFromHash

CryptCATAdminAcquireContext

CryptCATCatalogInfoFromContext

CryptCATAdminReleaseContext

WinVerifyTrust

CryptCATAdminCalcHashFromFileHandle

version

GetFileVersionInfoW

GetFileVersionInfoSizeW

VerQueryValueW

winhttp

WinHttpConnect

WinHttpSetTimeouts

WinHttpSendRequest

WinHttpQueryDataAvailable

WinHttpCloseHandle

WinHttpReceiveResponse

WinHttpOpen

WinHttpAddRequestHeaders

WinHttpQueryHeaders

WinHttpReadData

WinHttpOpenRequest

WinHttpSetOption

WinHttpGetProxyForUrl

WinHttpGetIEProxyConfigForCurrentUser

kernel32

UnregisterWaitEx

QueryDepthSList

InterlockedFlushSList

InterlockedPushEntrySList

InterlockedPopEntrySList

ReleaseSemaphore

GetModuleHandleA

FreeLibraryAndExitThread

GetThreadTimes

UnregisterWait

lstrcpynW

GetModuleFileNameW

InitializeCriticalSectionEx

GetLastError

RaiseException

DecodePointer

DeleteCriticalSection

FindFirstFileW

FindNextFileW

RemoveDirectoryW

FindClose

DeleteFileW

MoveFileExW

LocalAlloc

LoadLibraryW

GetProcAddress

LocalFree

FreeLibrary

GetCurrentProcessId

GetModuleHandleW

ReadFile

CreateNamedPipeW

CloseHandle

ConnectNamedPipe

GetTickCount64

GetLocalTime

SystemTimeToFileTime

OpenProcess

Sleep

ExpandEnvironmentStringsW

GetEnvironmentVariableW

WaitForSingleObject

CreateEventW

FormatMessageW

SetEvent

CopyFileW

ResetEvent

GetQueuedCompletionStatus

PostQueuedCompletionStatus

CreateIoCompletionPort

GetTickCount

CreateThread

SizeofResource

LockResource

LoadResource

FindResourceW

LoadLibraryExW

GetFileSizeEx

GetTempPathW

CreateFileW

GetFileAttributesW

GetFileTime

GetCurrentThreadId

OpenThread

GlobalAlloc

GlobalFree

SetHandleInformation

RtlUnwindEx

WriteFile

WaitForMultipleObjects

InitializeProcThreadAttributeList

UpdateProcThreadAttribute

HeapAlloc

GetOverlappedResult

GetProcessHeap

SetNamedPipeHandleState

WaitNamedPipeW

GetLongPathNameW

GetLocaleInfoW

GetVersionExW

LCIDToLocaleName

LocaleNameToLCID

GetCurrentProcess

LoadLibraryA

K32GetModuleInformation

UnmapViewOfFile

lstrcmpiA

CreateFileMappingW

MapViewOfFile

CreateToolhelp32Snapshot

Process32NextW

Process32FirstW

GetSystemInfo

CreateProcessW

GetExitCodeProcess

TerminateProcess

K32EnumProcesses

QueryFullProcessImageNameW

HeapFree

ReleaseMutex

CreateMutexA

VirtualAlloc

VirtualFree

MultiByteToWideChar

WideCharToMultiByte

RegisterWaitForSingleObject

SetThreadAffinityMask

GetProcessAffinityMask

GetNumaHighestNodeNumber

DeleteTimerQueueTimer

ChangeTimerQueueTimer

CreateTimerQueueTimer

GetLogicalProcessorInformation

GetThreadPriority

SetThreadPriority

SwitchToThread

GetFullPathNameW

HeapReAlloc

ExitThread

GetModuleHandleExW

ExitProcess

SetFilePointerEx

GetConsoleMode

ReadConsoleW

GetStdHandle

GetFileType

FlushFileBuffers

CreateDirectoryW

GetConsoleOutputCP

GetDateFormatW

GetTimeFormatW

IsValidLocale

GetUserDefaultLCID

EnumSystemLocalesW

IsValidCodePage

GetACP

GetOEMCP

GetTimeZoneInformation

GetDriveTypeW

FindFirstFileExW

GetCommandLineA

GetCommandLineW

GetEnvironmentStringsW

FreeEnvironmentStringsW

SetEnvironmentVariableW

HeapSize

SignalObjectAndWait

CreateTimerQueue

OutputDebugStringW

InitializeSListHead

GetStartupInfoW

IsDebuggerPresent

IsProcessorFeaturePresent

SetUnhandledExceptionFilter

UnhandledExceptionFilter

RtlVirtualUnwind

RtlLookupFunctionEntry

RtlCaptureContext

GetCPInfo

LCMapStringW

CompareStringW

GetSystemTimeAsFileTime

TlsFree

TlsSetValue

TlsGetValue

TlsAlloc

InitializeCriticalSectionAndSpinCount

QueryPerformanceFrequency

QueryPerformanceCounter

GetNativeSystemInfo

GetExitCodeThread

GetCurrentThread

WaitForSingleObjectEx

DuplicateHandle

TryEnterCriticalSection

LeaveCriticalSection

EnterCriticalSection

GetStringTypeW

EncodePointer

RtlPcToFileHeader

LoadLibraryExA

VirtualQuery

VirtualProtect

SetStdHandle

GetCurrentDirectoryW

SetEndOfFile

WriteConsoleW

SetLastError

user32

PostThreadMessageW

wsprintfW

GetThreadDesktop

SendMessageW

GetWindowThreadProcessId

MessageBoxW

GetShellWindow

EnumDesktopWindows

GetWindowTextW

advapi32

GetNamedSecurityInfoW

ImpersonateLoggedOnUser

RevertToSelf

LookupAccountNameW

RegConnectRegistryW

ConvertSidToStringSidW

RegEnumKeyExW

RegDeleteTreeW

RegSetValueExW

RegDeleteValueW

RegEnumValueW

RegQueryValueExW

IsWellKnownSid

CreateProcessAsUserW

DeregisterEventSource

OpenProcessToken

DuplicateTokenEx

LookupAccountSidW

RegisterEventSourceW

ReportEventW

GetTokenInformation

CloseServiceHandle

OpenSCManagerW

EnumServicesStatusExW

QueryServiceConfigW

OpenServiceW

CreateWellKnownSid

RegNotifyChangeKeyValue

RegCloseKey

RegOpenCurrentUser

RegOpenKeyExW

LogonUserW

shell32

SHGetFolderPathW

ShellExecuteW

ole32

CoSetProxyBlanket

CoInitializeSecurity

CoInitializeEx

CoCreateInstance

CoUninitialize

oleaut32

SafeArrayGetLBound

SysFreeString

VariantTimeToSystemTime

VariantClear

SysAllocStringLen

SafeArrayCreate

SafeArrayLock

SysAllocString

SysAllocStringByteLen

SafeArrayGetVartype

SafeArrayDestroy

VariantInit

SafeArrayUnlock

SysStringByteLen

SafeArrayCopy

SafeArrayGetUBound

shlwapi

PathFileExistsW

ws2_32

ioctlsocket

mpr

WNetCancelConnection2W

WNetAddConnection2W

authz

AuthzFreeContext

AuthzInitializeContextFromSid

AuthzInitializeResourceManager

AuthzFreeResourceManager

AuthzAccessCheck

netapi32

NetUserGetInfo

NetApiBufferFree

NetGetAnyDCName

NetUserModalsGet

NetUserChangePassword

wldap32

ord41

ord140

ord14

ord147

ord16

ord167

ord208

ord224

ord73

ord301

ord26

ord127

ord170

ord46

userenv

CreateEnvironmentBlock

DestroyEnvironmentBlock

Exports

??0?$Singleton@VDiagnoseParamHandler@@@@IEAA@XZ

??0?$Singleton@VWaCryptoApiWrapper@@@@IEAA@XZ

??0?$Singleton@VWaEndPointManager@@@@IEAA@XZ

??0?$Singleton@VWaEndpointRegistry@@@@IEAA@XZ

??0?$Singleton@VWaMemoryPoolManager@@@@IEAA@XZ

??0?$Singleton@VWaNet@@@@IEAA@XZ

??0?$Singleton@VWaOSUtils@@@@IEAA@XZ

??0?$Singleton@VWaSecuredTempFile@@@@IEAA@XZ

??0?$Singleton@VWaServiceManager@@@@IEAA@XZ

??0?$Singleton@VWaWMIManager@@@@IEAA@XZ

??0?$Singleton@VWaWinRM@@@@IEAA@XZ

??0?$Singleton@VWaWuaProgressReceiver@@@@IEAA@XZ

??0DiagnoseParamHandler@@AEAA@XZ

??0PerfLoggingScope@@QEAA@AEBV0@@Z

??0PerfLoggingScope@@QEAA@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z

??0WTSConnection@WaEndPointManager@@QEAA@XZ

??0WaCache@@AEAA@XZ

??0WaCallTree@@IEAA@XZ

??0WaCallTree@@QEAA@AEBV0@@Z

??0WaCallTreeBlocker@@QEAA@XZ

??0WaCallTreeDisabled@@QEAA@$$QEAV0@@Z

??0WaCallTreeDisabled@@QEAA@AEBV0@@Z

??0WaCallTreeDisabled@@QEAA@XZ

??0WaCallTreeNode@@IEAA@XZ

??0WaCallTreeNode@@QEAA@AEBV0@@Z

??0WaCallTreeNode@@QEAA@PEAV0@HAEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@11@Z

??0WaCallTreeNode@@QEAA@PEAV0@HAEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@1H1@Z

??0WaComThread@@QEAA@W4WaComInitType@0@@Z

??0WaComponentManager@@IEAA@XZ

??0WaConfigurations@@AEAA@XZ

??0WaConfigurationsBase@@AEAA@AEAUWaConfigurationsData@@@Z

??0WaCryptoApiWrapper@@QEAA@XZ

??0WaCustomDetection@@AEAA@XZ

??0WaDatabase@@AEAA@XZ

??0WaDebugInfo@@AEAA@XZ

??0WaDetectionEngine@@QEAA@XZ

??0WaEndPointManager@@QEAA@XZ

??0WaEndpointRegistry@@QEAA@XZ

??0WaEventManager@@AEAA@XZ

??0WaExternalComponent@@QEAA@$$QEAV0@@Z

??0WaExternalComponent@@QEAA@PEB_W0PEBD111@Z

??0WaExternalComponent@@QEAA@XZ

??0WaFileInfo@@QEAA@XZ

??0WaFuncCallNode@@QEAA@AEBV0@@Z

??0WaFuncCallNode@@QEAA@PEAVWaCallTreeNode@@HAEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@111@Z

??0WaGui@@QEAA@XZ

??0WaHttp@@AEAA@XZ

??0WaHttpLowLevel@@QEAA@XZ

??0WaIConfigurations@@QEAA@AEBV0@@Z

??0WaIConfigurations@@QEAA@XZ

??0WaJson@@QEAA@$$QEAUArrayConstructor@0@@Z

??0WaJson@@QEAA@$$QEAUObjectConstructor@0@@Z

??0WaJson@@QEAA@$$QEAV0@@Z

??0WaJson@@QEAA@$$QEAV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z

??0WaJson@@QEAA@AEBH@Z

??0WaJson@@QEAA@AEBV0@@Z

??0WaJson@@QEAA@AEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@AEBV0@@Z

??0WaJson@@QEAA@AEBV?$unordered_map@$$CBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@VWaJson@@Uwa_map_hasher@@Uwa_map_equal_to@@V?$wa_allocator@U?$pair@$$CBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@VWaJson@@@std@@@@@std@@@Z

??0WaJson@@QEAA@AEBV?$vector@VWaJson@@V?$wa_allocator@VWaJson@@@@@std@@@Z

??0WaJson@@QEAA@PEB_W@Z

??0WaJson@@QEAA@W4WaJsonType@@@Z

??0WaJson@@QEAA@XZ

??0WaJson@@QEAA@_N@Z

??0WaLicense@@AEAA@XZ

??0WaMemoryPool@@AEAA@QEAV0@@Z

??0WaMemoryPool@@QEAA@_K0@Z

??0WaMemoryPoolManager@@AEAA@XZ

??0WaNet@@AEAA@XZ

??0WaOSUtils@@AEAA@XZ

??0WaPooledIO@@QEAA@XZ

??0WaRegKey@@QEAA@AEBV0@@Z

??0WaRegKey@@QEAA@PEAUHKEY__@@AEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z

??0WaRegistry@@AEAA@XZ

??0WaReturnNode@@QEAA@AEBV0@@Z

??0WaReturnNode@@QEAA@PEAVWaCallTreeNode@@HAEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@11@Z

??0WaReturnNode@@QEAA@PEAVWaCallTreeNode@@HAEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@1H1@Z

??0WaRevocationCheck@WaCertificate@@AEAA@XZ

??0WaRootNode@@QEAA@AEBV0@@Z

??0WaRootNode@@QEAA@XZ

??0WaSecuredTempFile@@AEAA@XZ

??0WaSelfProtection@@QEAA@XZ

??0WaServiceManager@@AEAA@XZ

??0WaTaskManager@@AEAA@XZ

??0WaThirdPartyGatewayHandle@@QEAA@H@Z

??0WaWMIManager@@QEAA@XZ

??0WaWinRM@@QEAA@XZ

??0WaWmi@@QEAA@AEBV0@@Z

??0WaWmi@@QEAA@PEB_W000@Z

??0WaWmi@@QEAA@XZ

??0WaWmiThread@@IEAA@XZ

??0WaWuaProgressReceiver@@QEAA@XZ

??1?$Singleton@VDiagnoseParamHandler@@@@MEAA@XZ

??1?$Singleton@VWaCryptoApiWrapper@@@@MEAA@XZ

??1?$Singleton@VWaEndPointManager@@@@MEAA@XZ

??1?$Singleton@VWaEndpointRegistry@@@@MEAA@XZ

??1?$Singleton@VWaMemoryPoolManager@@@@MEAA@XZ

??1?$Singleton@VWaNet@@@@MEAA@XZ

??1?$Singleton@VWaOSUtils@@@@MEAA@XZ

??1?$Singleton@VWaSecuredTempFile@@@@MEAA@XZ

??1?$Singleton@VWaServiceManager@@@@MEAA@XZ

??1?$Singleton@VWaWMIManager@@@@MEAA@XZ

??1?$Singleton@VWaWinRM@@@@MEAA@XZ

??1?$Singleton@VWaWuaProgressReceiver@@@@MEAA@XZ

??1DiagnoseParamHandler@@UEAA@XZ

??1PerfLoggingScope@@QEAA@XZ

??1WTSConnection@WaEndPointManager@@QEAA@XZ

??1WaCache@@AEAA@XZ

??1WaCallTree@@MEAA@XZ

??1WaCallTreeBlocker@@QEAA@XZ

??1WaCallTreeDisabled@@UEAA@XZ

??1WaCallTreeNode@@UEAA@XZ

??1WaComThread@@UEAA@XZ

??1WaComponentManager@@MEAA@XZ

??1WaConfigurations@@EEAA@XZ

??1WaConfigurationsBase@@AEAA@XZ

??1WaCryptoApiWrapper@@UEAA@XZ

??1WaCustomDetection@@AEAA@XZ

??1WaDatabase@@AEAA@XZ

??1WaDebugInfo@@AEAA@XZ

??1WaDetectionEngine@@QEAA@XZ

??1WaEndPointManager@@UEAA@XZ

??1WaEndpointRegistry@@UEAA@XZ

??1WaEventManager@@AEAA@XZ

??1WaExternalComponent@@QEAA@XZ

??1WaFileInfo@@QEAA@XZ

??1WaFuncCallNode@@UEAA@XZ

??1WaGui@@QEAA@XZ

??1WaHttp@@AEAA@XZ

??1WaHttpLowLevel@@QEAA@XZ

??1WaIConfigurations@@MEAA@XZ

??1WaJson@@UEAA@XZ

??1WaLicense@@AEAA@XZ

??1WaMemoryPool@@QEAA@XZ

??1WaMemoryPoolManager@@UEAA@XZ

??1WaNet@@UEAA@XZ

??1WaOSUtils@@EEAA@XZ

??1WaPooledIO@@QEAA@XZ

??1WaRegKey@@QEAA@XZ

??1WaRegistry@@AEAA@XZ

??1WaReturnNode@@UEAA@XZ

??1WaRevocationCheck@WaCertificate@@AEAA@XZ

??1WaRootNode@@UEAA@XZ

??1WaSecuredTempFile@@EEAA@XZ

??1WaSelfProtection@@QEAA@XZ

??1WaServiceManager@@EEAA@XZ

??1WaTaskManager@@AEAA@XZ

??1WaWMIManager@@UEAA@XZ

??1WaWinRM@@UEAA@XZ

??1WaWmi@@UEAA@XZ

??1WaWmiThread@@MEAA@XZ

??1WaWuaProgressReceiver@@UEAA@XZ

??4PerfLoggingScope@@QEAAAEAV0@AEBV0@@Z

??4WaBase64@@QEAAAEAV0@$$QEAV0@@Z

??4WaBase64@@QEAAAEAV0@AEBV0@@Z

??4WaCallTree@@QEAAAEAV0@AEBV0@@Z

??4WaCallTreeBlocker@@QEAAAEAV0@AEBV0@@Z

??4WaCallTreeDisabled@@QEAAAEAV0@$$QEAV0@@Z

??4WaCallTreeDisabled@@QEAAAEAV0@AEBV0@@Z

??4WaCallTreeNode@@QEAAAEAV0@AEBV0@@Z

??4WaComUtils@@QEAAAEAV0@$$QEAV0@@Z

??4WaComUtils@@QEAAAEAV0@AEBV0@@Z

??4WaCryptoApiFactory@@QEAAAEAV0@$$QEAV0@@Z

??4WaCryptoApiFactory@@QEAAAEAV0@AEBV0@@Z

??4WaEvaluator@@QEAAAEAV0@$$QEAV0@@Z

??4WaEvaluator@@QEAAAEAV0@AEBV0@@Z

??4WaFileInfo@@QEAAAEAV0@AEBV0@@Z

??4WaFileUtils@@QEAAAEAV0@$$QEAV0@@Z

??4WaFileUtils@@QEAAAEAV0@AEBV0@@Z

??4WaFuncCallNode@@QEAAAEAV0@AEBV0@@Z

??4WaGui@@QEAAAEAV0@AEBV0@@Z

??4WaIConfigurations@@QEAAAEAV0@AEBV0@@Z

??4WaJson@@UEAAAEAV0@$$QEAV0@@Z

??4WaJson@@UEAAAEAV0@AEBH@Z

??4WaJson@@UEAAAEAV0@AEBV0@@Z

??4WaJson@@UEAAAEAV0@AEBV?$unordered_map@$$CBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@VWaJson@@Uwa_map_hasher@@Uwa_map_equal_to@@V?$wa_allocator@U?$pair@$$CBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@VWaJson@@@std@@@@@std@@@Z

??4WaJson@@UEAAAEAV0@AEBV?$vector@VWaJson@@V?$wa_allocator@VWaJson@@@@@std@@@Z

??4WaJson@@UEAAAEAV0@PEB_W@Z

??4WaJson@@UEAAAEAV0@_N@Z

??4WaJsonFactory@@QEAAAEAV0@$$QEAV0@@Z

??4WaJsonFactory@@QEAAAEAV0@AEBV0@@Z

??4WaProcessUtils@@QEAAAEAV0@$$QEAV0@@Z

??4WaProcessUtils@@QEAAAEAV0@AEBV0@@Z

??4WaRegex@@QEAAAEAV0@$$QEAV0@@Z

??4WaRegex@@QEAAAEAV0@AEBV0@@Z

??4WaReturnNode@@QEAAAEAV0@AEBV0@@Z

??4WaRevocationCheckUtilsLocal@WaCertificate@@QEAAAEAV01@$$QEAV01@@Z

??4WaRevocationCheckUtilsLocal@WaCertificate@@QEAAAEAV01@AEBV01@@Z

??4WaRootNode@@QEAAAEAV0@AEBV0@@Z

??4WaSecureFile@@QEAAAEAV0@$$QEAV0@@Z

??4WaSecureFile@@QEAAAEAV0@AEBV0@@Z

??4WaUtilsNotification@@QEAAAEAV0@$$QEAV0@@Z

??4WaUtilsNotification@@QEAAAEAV0@AEBV0@@Z

??4WaVirtualization@@QEAAAEAV0@$$QEAV0@@Z

??4WaVirtualization@@QEAAAEAV0@AEBV0@@Z

??4WaWmi@@QEAAAEAV0@AEBV0@@Z

??8WaJson@@UEBA_NAEBV0@@Z

??9WaJson@@UEBA_NAEBV0@@Z

??AWaJson@@UEAAAEAV0@AEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z

??AWaJson@@UEAAAEAV0@PEB_W@Z

??AWaJson@@UEAAAEAV0@_K@Z

??AWaJson@@UEBAAEBV0@AEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z

??AWaJson@@UEBAAEBV0@PEB_W@Z

??AWaJson@@UEBAAEBV0@_K@Z

??MWaJson@@UEBA_NAEBV0@@Z

??YWaJson@@UEAAAEAV0@AEBV0@@Z

??_7?$Singleton@VDiagnoseParamHandler@@@@6B@

??_7?$Singleton@VWaCryptoApiWrapper@@@@6B@

??_7?$Singleton@VWaEndPointManager@@@@6B@

??_7?$Singleton@VWaEndpointRegistry@@@@6B@

??_7?$Singleton@VWaMemoryPoolManager@@@@6B@

??_7?$Singleton@VWaNet@@@@6B@

??_7?$Singleton@VWaOSUtils@@@@6B@

??_7?$Singleton@VWaSecuredTempFile@@@@6B@

??_7?$Singleton@VWaServiceManager@@@@6B@

??_7?$Singleton@VWaWMIManager@@@@6B@

??_7?$Singleton@VWaWinRM@@@@6B@

??_7?$Singleton@VWaWuaProgressReceiver@@@@6B@

??_7DiagnoseParamHandler@@6B@

??_7WaCallTree@@6B@

??_7WaCallTreeDisabled@@6B@

??_7WaCallTreeNode@@6B@

??_7WaComThread@@6B@

??_7WaComponentManager@@6B@

??_7WaConfigurations@@6B@

??_7WaCryptoApiWrapper@@6B@

??_7WaEndPointManager@@6B@

??_7WaEndpointRegistry@@6B@

??_7WaFuncCallNode@@6B@

??_7WaIConfigurations@@6B@

??_7WaJson@@6B@

??_7WaMemoryPoolManager@@6B@

??_7WaNet@@6B@

??_7WaOSUtils@@6B@

??_7WaReturnNode@@6B@

??_7WaRootNode@@6B@

??_7WaSecuredTempFile@@6B@

??_7WaServiceManager@@6B@

??_7WaWMIManager@@6B@

??_7WaWinRM@@6B@

??_7WaWmi@@6B@

??_7WaWmiThread@@6B@

??_7WaWuaProgressReceiver@@6B@

??_FWaRegKey@@QEAAXXZ

?Capture@WaRegex@@SAHPEB_W0AEAV?$vector@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@V?$allocator@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@2@@std@@@Z

?CaptureAll@WaRegex@@SAHPEB_W0AEAV?$vector@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@V?$allocator@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@2@@std@@@Z

?CaptureIterator@WaRegex@@SAHPEB_W0HAEAHAEAV?$vector@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@V?$allocator@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@2@@std@@@Z

?Compress@WaFileUtils@@SAHAEAV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@0_K@Z

?DefaultObjectsPerPool@WaMemoryPoolManager@@2_KB

?EPWTSCloseServer@WaEndPointManager@@QEAAXPEAX@Z

?EPWTSOpenServerEx@WaEndPointManager@@QEAAHAEAPEAX@Z

?EvtClose@WaEndPointManager@@QEAAXAEAPEAX@Z

?EvtOpenSession@WaEndPointManager@@QEAAHAEAPEAX@Z

?GET@WaHttp@@QEAAHAEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@0AEAV23@_N@Z

?GET@WaHttp@@QEAAHAEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@AEAV23@_N@Z

?GETJson@WaHttp@@QEAAHAEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@0AEAVWaJson@@_N@Z

?GETJson@WaHttp@@QEAAHAEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@AEAVWaJson@@_N@Z

?GETRequest@WaHttpLowLevel@@QEAAHAEAVWaHttpRequest@1@@Z

?GetVersion@WaOSUtils@@QEAAXPEAH0000@Z

?InitGateway@WaThirdPartyGatewayHandle@@CAXW4WaThirdPartyGatewayType@@@Z

?InitImpersonatedGateway@WaThirdPartyGatewayHandle@@CAXW4WaThirdPartyGatewayType@@@Z

?InitProcessMonitor@WaTaskManager@@AEAAHXZ

?Is64@WaOSUtils@@QEAA_NXZ

?IsUserPasswordProtected@WaOSUtils@@AEAAHAEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@0AEA_NAEAW4PasswordProtectionInfo@@@Z

?IsWTSSessionReady@WaEndPointManager@@QEAAHXZ

?LICENSE_FILE@WaLicense@@2PEB_WEB

?LogError@WaDebugInfo@@AEAAXAEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z

?Match@WaRegex@@SAHPEB_W0AEAV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z

?Matches@WaRegex@@SA_NPEB_W0@Z

?POST@WaHttp@@QEAAHAEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@00AEAV23@_N@Z

?POST@WaHttp@@QEAAHAEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@0AEAV23@_N@Z

?POSTRequest@WaHttpLowLevel@@QEAAHAEAVWaHttpRequest@1@AEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z

?REGEX_INSIDE_DIR_PATH_FIRST_SIGN@WaEvaluator@@2QEB_WEB

?REGEX_INSIDE_DIR_PATH_LAST_SIGN@WaEvaluator@@2QEB_WEB

?SendProxyMessage@WaThirdPartyGatewayHandle@@QEAAHAEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@AEAV23@_N@Z

?SubResultCallback@WaWinRM@@AEAAXHPEB_WH@Z

?SubResultCallbackStatic@WaWinRM@@CAXHPEB_WH@Z

?Uncompress@WaFileUtils@@SAHAEAV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@V23@@Z

?WaRegCloseKey@WaEndpointRegistry@@QEAAJPEAUHKEY__@@@Z

?WaRegNotifyChangeKeyValue@WaEndpointRegistry@@QEAAJPEAUHKEY__@@HKPEAXH@Z

?WaRegOpenCurrentUser@WaEndpointRegistry@@QEAAJKPEAPEAUHKEY__@@@Z

?WaRegOpenKeyEx@WaEndpointRegistry@@QEAAJPEAUHKEY__@@PEB_WKKPEAPEAU2@@Z

?_OpenSession@WaWinRM@@AEAAHPEB_W000@Z

?_addCandidateDefinition@WaDetectionEngine@@AEAAXAEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z

?_addElement@WaPooledIO@@AEAAXPEB_W0HH@Z

?_bufferResource@WaDetectionEngine@@AEAAXW4WaDatabaseKey@@AEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z

?_buildPooledJson@WaPooledIO@@CAXAEBV?$list@PEAUWaAsyncIocpMsgBase@@V?$allocator@PEAUWaAsyncIocpMsgBase@@@std@@@std@@0AEAVWaJson@@AEAV?$map@IPEAUWaAsyncIocpMsgBase@@U?$less@I@std@@V?$allocator@U?$pair@$$CBIPEAUWaAsyncIocpMsgBase@@@std@@@3@@3@HAEAH@Z

?_canExecuteByAllUsers@WaFileUtils@@CAHAEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z

?_checkOPSWATSignature@WaSelfProtection@@IEBA_NAEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z

?_cleanup@WaHttpLowLevel@@AEAAXXZ

?_cleanup@WaPooledIO@@AEAAXXZ

?_collectClues@WaDetectionEngine@@AEAAXXZ

?_collectProcessClues@WaDetectionEngine@@AEAAXXZ

?_collectRegistryClues@WaDetectionEngine@@AEAAXXZ

?_collectServiceClues@WaDetectionEngine@@AEAAXXZ

?_configChanged@WaHttp@@AEAA_NAEAH@Z

?_connect@WaWMIManager@@AEAAHAEBUResourceArch@1@AEAV?$CComPtr@UIWbemServices@@@ATL@@@Z

?_constructCollections@WaDatabase@@AEAAXQEBQEB_W0QEBH@Z

?_constructCollections@WaDatabase@@AEAAXXZ

?_convertResultToErrorCode@WaRegKey@@AEAAHAEBJ@Z

?_convertToHexQuad@WaJsonFactory@@CAHAEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@AEA_W@Z

?_copyFile@WaFileUtils@@CAHAEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@0@Z

?_create@WaJsonFactory@@CAHAEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@AEA_KAEAVWaJson@@@Z

?_createAES@WaCryptoApiFactory@@CA?AV?$shared_ptr@VIWaCryptoAES@@@std@@W4CryptoApiType@@@Z

?_createArray@WaJsonFactory@@CAHAEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@AEA_KAEAVWaJson@@@Z

?_createExecutableFileFromEncryptedBytes@WaFileUtils@@CAHAEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@AEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@3@1AEAV23@@Z

?_createIOObjects@WaPooledIO@@AEAAXXZ

?_createNotifier@WaRegistry@@AEAAHV?$vector@V?$shared_ptr@VWaHiveMonitor@WaRegistry@@@std@@V?$allocator@V?$shared_ptr@VWaHiveMonitor@WaRegistry@@@std@@@2@@std@@PEAXK@Z

?_createNumber@WaJsonFactory@@CAHAEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@AEA_KAEAVWaJson@@@Z

?_createObject@WaJsonFactory@@CAHAEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@AEA_KAEAVWaJson@@@Z

?_createRSA@WaCryptoApiFactory@@CA?AV?$shared_ptr@VIWaCryptoRSA@@@std@@W4CryptoApiType@@@Z

?_createSpecialCase@WaJsonFactory@@CAHAEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@AEA_KAEAVWaJson@@@Z

?_createString@WaJsonFactory@@CAHAEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@AEA_KAEAV23@@Z

?_decodeCharacter@WaJsonFactory@@CAHAEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@AEA_WAEA_K@Z

?_decrypt@WaCache@@CAHAEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@AEAV?$basic_string@EU?$char_traits@E@std@@V?$allocator@E@2@@3@AEBV?$shared_ptr@VIWaCryptoAES@@@3@_N@Z

?_decrypt@WaDatabase@@CAHPEBEHAEAV?$basic_string@EU?$char_traits@E@std@@V?$allocator@E@2@@std@@AEBV?$shared_ptr@VIWaCryptoAES@@@3@@Z

?_decrypt@WaDatabase@@CAHPEBEHAEAVWaJson@@AEBV?$shared_ptr@VIWaCryptoAES@@@std@@@Z

?_dotInsert@WaJson@@EEAAHPEB_WAEBV1@W4WaJsonType@@@Z

?_dotRetrieve@WaJson@@EEAAHPEB_WAEAV1@W4WaJsonType@@@Z

?_enableRemoteReg@WaEndpointRegistry@@AEAAHXZ

?_encodeString@WaJson@@EEBA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@AEBV23@@Z

?_encrypt@WaCache@@CAHAEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@AEBV?$basic_string@EU?$char_traits@E@std@@V?$allocator@E@2@@3@AEBV?$shared_ptr@VIWaCryptoAES@@@3@_N@Z

?_encryptExecutableFile@WaFileUtils@@CAHAEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@0@Z

?_enumerateElement@WaWMIManager@@AEAAHV?$CComPtr@UIEnumWbemClassObject@@@ATL@@AEBV?$vector@U?$pair@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@V?$function@$$A6A?AVWaJson@@AEBV1@@Z@2@@std@@V?$allocator@U?$pair@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@V?$function@$$A6A?AVWaJson@@AEBV1@@Z@2@@std@@@2@@std@@AEAVWaJson@@HH@Z

?_errorCallback@WaPooledIO@@CAXPEAUIWaAsyncIO@@AEAV?$map@IPEAUWaAsyncIocpMsgBase@@U?$less@I@std@@V?$allocator@U?$pair@$$CBIPEAUWaAsyncIocpMsgBase@@@std@@@3@@std@@H_N@Z

?_evalCategories@WaDetectionEngine@@CA_NAEBV?$vector@HV?$allocator@H@std@@@std@@_NAEBVWaJson@@AEAV4@@Z

?_executeThreadCmd@WaPooledIO@@AEAA_NH@Z

?_executeThreadCmdAndTerminate@WaPooledIO@@AEAAXH@Z

?_fetchAndValidate@WaDebugInfo@@AEAAXAEBVWaJson@@@Z

?_fileContents@WaFileUtils@@CAHV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@PEAPEADAEAH_NHH@Z

?_forcePathUnicode@WaFileUtils@@CAXAEAV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z

?_formatQuery@WaWMIManager@@AEAA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@PEB_WAEBV?$vector@U?$pair@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@V?$function@$$A6A?AVWaJson@@AEBV1@@Z@2@@std@@V?$allocator@U?$pair@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@V?$function@$$A6A?AVWaJson@@AEBV1@@Z@2@@std@@@2@@3@@Z

?_getConnectionFromCache@WaWMIManager@@AEAA?AV?$CComPtr@UIWbemServices@@@ATL@@AEBUResourceArch@1@@Z

?_getContentOfEmbeddedFile@WaFileUtils@@CAHAEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@AEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@3@1AEAV?$basic_string@EU?$char_traits@E@std@@V?$allocator@E@2@@3@@Z

?_getExeArchitecture@WaFileInfo@@CAHHAEAV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@AEAHAEB_N@Z

?_getFileCreationTime@WaFileUtils@@CAHV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@AEAH@Z

?_getFileSize@WaFileUtils@@CAHV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@AEAH@Z

?_getFixedVersion@WaFileInfo@@AEAAHAEBW4WaFileInfoRealVersions@@PEB_WPEAH222@Z

?_getProcessEventSink@WaTaskManager@@AEAA?AV?$function@$$A6AHP6AXPEA_W@ZV?$shared_ptr@VWaSignalLock@@@std@@HVWaJson@@@Z@std@@XZ

?_getUninstallEventSink@WaRegistry@@AEAA?AV?$function@$$A6AHP6AXPEA_W@ZV?$shared_ptr@VWaSignalLock@@@std@@HVWaJson@@@Z@std@@XZ

?_getUserName@WaOSUtils@@QEAAHKAEAV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@0@Z

?_getUserNameByWMI@WaOSUtils@@QEAAHAEAV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@0AEBV23@@Z

?_getWuaProgressEventSink@WaWuaProgressReceiver@@AEAA?AV?$function@$$A6AHP6AXPEA_W@ZV?$shared_ptr@VWaSignalLock@@@std@@HVWaJson@@@Z@std@@XZ

?_hasEventPreLaunch@WaEventManager@@AEAA_NW4WaEventType@1@@Z

?_hasEventSink@WaEventManager@@AEAA_NW4WaEventType@1@@Z

?_ignoreWhiteSpace@WaJsonFactory@@CAXAEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@AEA_K@Z

?_init@WaJson@@EEAAXXZ

?_launchProcessByWMI@WaEndPointManager@@AEAAHAEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@AEBHAEAH2@Z

?_load@WaExternalComponent@@AEAAHXZ

?_loadCacheFromDatFile@WaDatabase@@CAHAEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@0AEBV?$basic_string@EU?$char_traits@E@std@@V?$allocator@E@2@@3@AEAVWaJson@@AEBV?$shared_ptr@VIWaCryptoAES@@@3@@Z

?_loadSharedPaths@WaEndPointManager@@AEAAHXZ

?_manualPerformUpdateServices@WaServiceManager@@AEAAX_N@Z

?_mergeDatAndResDll@WaDatabase@@CAHAEBVWaJson@@AEAV2@_J@Z

?_monitorRegistryThread@WaRegistry@@AEAAHV?$vector@W4WaRegistryLocation@@V?$allocator@W4WaRegistryLocation@@@std@@@std@@@Z

?_normalizeWSCNameForComparison@WaWmi@@MEAAXAEAV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z

?_notifyCallback@WaRegistry@@AEAAXV?$shared_ptr@VWaHiveMonitor@WaRegistry@@@std@@@Z

?_overrideApiTypeWithConfiguration@WaCryptoApiFactory@@CAHAEAW4CryptoApiType@@@Z

?_parseCustomDebugConfigs@WaDebugInfo@@AEAAXAEAV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@AEAW4LOG_LEVEL@1@@Z

?_parseCustomDebugConfigs@WaDebugInfo@@AEAAXAEBVWaJson@@AEAV?$set@HU?$less@H@std@@V?$allocator@H@2@@std@@@Z

?_parseCustomDebugConfigs@WaDebugInfo@@AEAAXAEBVWaJson@@AEAV?$set@W4LOG_COMPONENT@WaDebugInfo@@U?$less@W4LOG_COMPONENT@WaDebugInfo@@@std@@V?$allocator@W4LOG_COMPONENT@WaDebugInfo@@@4@@std@@@Z

?_parseEnvVariable@WaDebugInfo@@AEAAXAEAV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z

?_preDetectStage1@WaDetectionEngine@@AEAAXXZ

?_preDetectStage2@WaDetectionEngine@@AEAAXXZ

?_readCacheFile@WaCache@@AEAAHAEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@0AEAV?$basic_string@EU?$char_traits@E@std@@V?$allocator@E@2@@3@AEBV?$shared_ptr@VIWaCryptoAES@@@3@_N@Z

?_readCacheFile@WaCache@@AEAAHAEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@0AEAVWaJson@@AEBV?$shared_ptr@VIWaCryptoAES@@@3@_N@Z

?_regConnect@WaEndpointRegistry@@AEAAJPEAUHKEY__@@PEAPEAU2@_N@Z

?_registerEventSink@WaWuaProgressReceiver@@AEAAXXZ

?_reinit@WaHttp@@AEAAHXZ

?_reinit@WaLicense@@AEAAHW4WA_PASSPHRASE_RETRIEVE_MODE@@@Z

?_requestBegin@WaHttp@@AEAAHXZ

?_requestEnd@WaHttp@@AEAAHAEAVWaHttpRequest@WaHttpLowLevel@@HAEAV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@AEA_N_N@Z

?_runRegexIteration@WaRegistry@@AEAAHPEB_WW4WaUninstallValueTypeToRegex@@AEAV?$vector@UWaUninstallKey@@V?$allocator@UWaUninstallKey@@@std@@@std@@AEBH@Z

?_semiAsyncQuery@WaWMIManager@@AEAA?AUSemiAsyncThread@1@V?$CComPtr@UIEnumWbemClassObject@@@ATL@@PEAUIWbemObjectSink@@@Z

?_sendRequest@WaHttpLowLevel@@AEAAHAEBW4WaHttpVerb@1@AEAVWaHttpRequest@1@PEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z

?_serviceMonitorThread@WaServiceManager@@AEAAXXZ

?_set@WaJson@@EEAAX$$QEAV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z

?_set@WaJson@@EEAAXAEBH@Z

?_set@WaJson@@EEAAXAEBV?$unordered_map@$$CBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@VWaJson@@Uwa_map_hasher@@Uwa_map_equal_to@@V?$wa_allocator@U?$pair@$$CBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@VWaJson@@@std@@@@@std@@@Z

?_set@WaJson@@EEAAXAEBV?$vector@VWaJson@@V?$wa_allocator@VWaJson@@@@@std@@@Z

?_set@WaJson@@EEAAXPEB_W@Z

?_set@WaJson@@EEAAX_N@Z

?_setCollectionProperties@WaCache@@AEAAHAEBW4WaCacheNamespace@@AEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@AEBUWaCacheProps@@@Z

?_signAndEncrypt@WaCache@@CAHAEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@AEBV?$basic_string@EU?$char_traits@E@std@@V?$allocator@E@2@@3@V?$shared_ptr@VIWaCryptoRSA@@@3@@Z

?_startWTSConnection@WaEndPointManager@@AEAAHV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z

?_successCallback@WaPooledIO@@CAXPEAUIWaAsyncIO@@AEAV?$map@IPEAUWaAsyncIocpMsgBase@@U?$less@I@std@@V?$allocator@U?$pair@$$CBIPEAUWaAsyncIocpMsgBase@@@std@@@3@@std@@HAEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@4@@Z

?_syncExecNotificationQuery@WaWMIManager@@AEAAHAEBV?$CComPtr@UIWbemServices@@@ATL@@AEBUResourceArch@1@PEB_WAEAV?$CComPtr@UIEnumWbemClassObject@@@3@@Z

?_toPrettyString@WaJson@@EEBA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@H_N@Z

?_updateCandidateDefinition@WaDetectionEngine@@AEAAXAEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z

?_updateServices@WaServiceManager@@AEAAXXZ

?_writeCacheFile@WaCache@@AEAAHAEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@0AEBV?$basic_string@EU?$char_traits@E@std@@V?$allocator@E@2@@3@AEBV?$shared_ptr@VIWaCryptoAES@@@3@_N3@Z

?_writeCacheFile@WaCache@@AEAAHAEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@0AEBVWaJson@@AEBV?$shared_ptr@VIWaCryptoAES@@@3@_N3@Z

?add@WaJson@@UEAAX$$QEAV1@@Z

?add@WaJson@@UEAAXAEBV1@@Z

?add@WaJson@@UEAAXV?$initializer_list@VWaJson@@@std@@@Z

?addChildThread@WaCallTree@@UEAAXAEBVid@thread@std@@@Z

?addChildThread@WaCallTreeDisabled@@UEAAXAEBVid@thread@std@@@Z

?addDefinition@WaDetectionEngine@@QEAAXAEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@_N@Z

?addFuncCall@WaCallTreeNode@@QEAAPEAV1@HAEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@000@Z

?addMetadata@WaPooledIO@@QEAAXPEB_W0@Z

?addProcess@WaTaskManager@@QEAAXAEAUWaRunningProcess@@@Z

?addRefDefaultConfigurationsHandler@WaConfigurationsBase@@SAHPEAVWaIConfigurations@@@Z

?addResource@WaPooledIO@@QEAAXPEB_W0H@Z

?addReturnValue@WaCallTreeNode@@QEAAPEAV1@HAEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@00@Z

?addReturnValue@WaCallTreeNode@@QEAAPEAV1@HAEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@0H0@Z

?addUtilsOwnerTag@WaApiUtils@@YAHPEB_WAEAV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z

?allocate@WaMemoryPool@@QEAAPEAX_K@Z

?allocate@WaMemoryPoolManager@@QEAAPEAX_K@Z

?appendAccess@WaRegKey@@QEAAXK@Z

?appendPath@WaRegKey@@QEAAXAEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z

?at@WaJson@@UEBA?AV1@_K@Z

?base64Decode@WaBase64@@QEAA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@AEBV23@@Z

?base64Encode@WaBase64@@QEAA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@V23@@Z

?base64utf16Encode@WaBase64@@QEAA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@V23@@Z

?begin@WaComponentManager@@QEBA?AV?$_List_const_iterator@V?$_List_val@U?$_List_simple_types@U?$pair@$$CBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@VWaExternalComponent@@@std@@@std@@@std@@@std@@XZ

?binaryContents@WaSecuredTempFile@@QEAAHAEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@AEAV23@@Z

?binaryFileContents@WaFileUtils@@SAHV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@AEAV23@_NHHAEB_N@Z

?bindKey@WaRegKey@@QEAAXPEAUHKEY__@@@Z

?blacklist@WaCallTree@@SAXAEBVid@thread@std@@@Z

?byteArrayToEpoch@WaTime@@YAHAEBQEAEAEAH@Z

?bytesToHexString@WaStringUtils@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@PEBEI@Z

?bytesToHexWString@WaStringUtils@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@PEBEI@Z

?bytesToWString@WaStringUtils@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@PEAEI_N@Z

?cache@WaCache@@QEAAHXZ

?cache@WaDatabase@@QEAAHXZ

?cachedInvoke@WaExternalComponent@@QEBAHAEAVWaJson@@PEAPEA_W@Z

?calculateDirectoryDepth@WaFileUtils@@SAHAEAV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@AEA_NAEAH@Z

?calculateVersionStamp@WaHttp@@SA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@XZ

?canConfigWithoutReInit@WaConfigurations@@UEBA_NPEB_WAEA_NAEAVWaJson@@@Z

?canConfigWithoutReInit@WaConfigurationsBase@@QEBA_NPEB_WAEA_NAEAVWaJson@@@Z

?canExecuteByAllUsers@WaFileUtils@@SAHAEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z

?cancelAsync@WaWMIManager@@QEAAXPEAUIWbemObjectSink@@@Z

?cancelAsync@WaWmi@@UEAAXPEAUIWbemObjectSink@@@Z

?cancelSubcribeAsync@WaWinRM@@QEAAHH@Z

?checkCacheLimitAndCleanCollection@WaCache@@QEAAHAEBW4WaCacheNamespace@@AEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@H@Z

?checkDlpLicese@WaLicense@@QEAAHXZ

?checkHashAndGetDecryptedInput@WaSecureFile@@SAHAEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@AEAV23@@Z

?checkHostReachableByHttp@WaNet@@AEAA_NAEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@HH@Z

?checkHostReachableBySocketRemote@WaNet@@AEAA_NAEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@HH@Z

?checkHostReachableBySystemPSHttp@WaNet@@AEAA_NAEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@HH@Z

?checkHostReachableByWMIPing@WaNet@@AEAA_NAEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@HH@Z

?checkStatusForWSCInterface@WaWmi@@UEAAHVWaJson@@AEA_N@Z

?checkStatusForWSCInterface@WaWmiThread@@UEAAHAEBVWaJson@@AEA_N@Z

?checkUpToDateForWSCInterface@WaWmi@@UEAAHVWaJson@@AEA_N@Z

?checkUpToDateForWSCInterface@WaWmiThread@@UEAAHAEBVWaJson@@AEA_N@Z

?checkWSC@WaWmiThread@@IEAAHHAEBVWaJson@@AEA_N@Z

?cleanCollection@WaCache@@QEAAHAEBW4WaCacheNamespace@@AEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z

?clear@WaJson@@UEAAXXZ

?clearCachedConnections@WaWMIManager@@QEAAXXZ

?clearOldLogFiles@WaDebugInfo@@AEAAXAEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z

?close@WaRegKey@@QEAAHXZ

?closeSession@WaWinRM@@QEAAHXZ

?closeWindow@WaGui@@QEAAHAEBUWaWindow@@@Z

?closeWriteToBinaryFile@WaFileUtils@@SAHAEAPEAU_iobuf@@@Z

?closeWriteToFile@WaFileUtils@@SAHAEAV?$basic_ofstream@DU?$char_traits@D@std@@@std@@@Z

?cluesCollectionNotification@WaDetectionEngine@@QEAAXPEB_WPEAX_N@Z

?comErrorToString@WaComUtils@@SA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@J@Z

?computeString@WaDebugInfo@@AEAA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@_NAEBV23@@Z

?connect@WaWMIManager@@QEAAHPEB_WH_N@Z

?connect@WaWinRM@@QEAAHPEB_W@Z

?connect@WaWmi@@UEAAHPEB_W@Z

?contains@WaJson@@UEBA_NAEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z

?contains@WaJson@@UEBA_NPEB_W@Z

?contains@WaSecuredTempFile@@QEAAHV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@AEBV23@AEAV?$vector@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@V?$allocator@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@2@@3@_N@Z

?contents@WaSecuredTempFile@@QEAAHAEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@AEAV23@@Z

?convert@WaJson@@UEAAXAEBW4WaJsonType@@@Z

?copyFileToTemp@WaFileUtils@@SAHAEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@AEAV23@@Z

?create@WaJsonFactory@@SAHPEB_WAEAVWaJson@@@Z

?create@WaJsonFactory@@SAHV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@AEAVWaJson@@@Z

?create@WaSecuredTempFile@@QEAAHAEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@AEAV23@_N@Z

?createAES@WaCryptoApiFactory@@SAHAEAV?$shared_ptr@VIWaCryptoAES@@@std@@AEAU?$BlindString@E@WaStringUtils@@W4CryptoApiType@@@Z

?createAESWithOpswatSecret@WaCryptoApiFactory@@SAHAEAV?$shared_ptr@VIWaCryptoAES@@@std@@W4CryptoApiType@@@Z

?createAESWithUserSecret@WaCryptoApiFactory@@SAHAEAV?$shared_ptr@VIWaCryptoAES@@@std@@W4CryptoApiType@@@Z

?createAndLockCacheControlFile@WaCache@@AEAAHXZ

?createDirectoryRecursively@WaFileUtils@@SAHAEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z

?createExecutableFileFromEncryptedBytes@WaFileUtils@@SAHAEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@AEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@3@1AEAV23@@Z

?createManagedCacheFile@WaCache@@QEAAHAEBV?$basic_string@EU?$char_traits@E@std@@V?$allocator@E@2@@std@@AEAV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@3@@Z

?createManagedCacheFile@WaCache@@QEAAHAEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@AEAV23@@Z

?createRSA@WaCryptoApiFactory@@SAHAEAV?$shared_ptr@VIWaCryptoRSA@@@std@@AEAU?$BlindString@E@WaStringUtils@@_NW4CryptoApiType@@@Z

?createRSAWithUserPubKey@WaCryptoApiFactory@@SAHAEAV?$shared_ptr@VIWaCryptoRSA@@@std@@W4CryptoApiType@@@Z

?createTempFile@WaFileUtils@@SAHAEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@AEAV23@@Z

?current@WaCallTree@@UEBAPEAVWaCallTreeNode@@XZ

?current@WaCallTreeDisabled@@UEBAPEAVWaCallTreeNode@@XZ

?deallocate@WaMemoryPool@@QEAAXPEAX@Z

?deallocate@WaMemoryPoolManager@@QEAAX_KPEAX@Z

?decryptDetection@WaCustomDetection@@AEAAHAEAV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@0AEAVWaJson@@@Z

?decryptFile@WaCustomDetection@@QEAAHAEAV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@0AEAVWaJson@@@Z

?deinit@?$Singleton@VDiagnoseParamHandler@@@@MEAAHXZ

?deinit@?$Singleton@VWaCryptoApiWrapper@@@@MEAAHXZ

?deinit@?$Singleton@VWaEndPointManager@@@@MEAAHXZ

?deinit@?$Singleton@VWaEndpointRegistry@@@@MEAAHXZ

?deinit@?$Singleton@VWaMemoryPoolManager@@@@MEAAHXZ

?deinit@?$Singleton@VWaNet@@@@MEAAHXZ

?deinit@?$Singleton@VWaOSUtils@@@@MEAAHXZ

?deinit@?$Singleton@VWaSecuredTempFile@@@@MEAAHXZ

?deinit@?$Singleton@VWaServiceManager@@@@MEAAHXZ

?deinit@?$Singleton@VWaWMIManager@@@@MEAAHXZ

?deinit@?$Singleton@VWaWinRM@@@@MEAAHXZ

?deinit@?$Singleton@VWaWuaProgressReceiver@@@@MEAAHXZ

?deinit@WaEndPointManager@@MEAAHXZ

?deinit@WaEndpointRegistry@@MEAAHXZ

?deinit@WaNet@@UEAAHXZ

Sections

.text
Size: 2.1MB - Virtual size: 2.1MB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

.rdata
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.data
Size: 45KB - Virtual size: 319KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.pdata
Size: 80KB - Virtual size: 79KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 353B

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.gehcont
Size: 512B - Virtual size: 36B

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.reloc
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_DISCARDABLE

IMAGE_SCN_MEM_READ

x64/libwavmodapi.dll

.dll windows:6 windows x64 arch:x64

fdfc87145f469ae3bc60d73182d8e31c

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

09:02:b3:6b:32:51:c3:28:08:3f:77:7c:a0:84:28:ff
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

16/09/2022, 00:00

Not After

17/09/2025, 23:59

Subject

CN=Avast Software s.r.o.,O=Avast Software s.r.o.,L=Praha,C=CZ

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

42:f4:bf:1f:a7:6f:11:8b:64:e7:ef:71:cd:5f:11:ac:b0:49:0f:32:01:01:6b:7f:0e:01:2b:4e:aa:c8:51:9c
Signer

Actual PE Digest

42:f4:bf:1f:a7:6f:11:8b:64:e7:ef:71:cd:5f:11:ac:b0:49:0f:32:01:01:6b:7f:0e:01:2b:4e:aa:c8:51:9c

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_LARGE_ADDRESS_AWARE

IMAGE_FILE_DLL

PDB Paths

libwavmodapi.pdb

Imports

msi

ord115

ord32

ord159

ord160

ord224

ord270

ord48

ord8

ord118

ord92

ord158

imagehlp

ImageGetCertificateHeader

ImageGetCertificateData

bcrypt

BCryptDestroyHash

BCryptVerifySignature

BCryptDestroyKey

BCryptImportKeyPair

BCryptDecrypt

BCryptGenerateSymmetricKey

BCryptGetProperty

BCryptFinishHash

BCryptHashData

BCryptCreateHash

BCryptCloseAlgorithmProvider

BCryptOpenAlgorithmProvider

wintrust

WinVerifyTrust

crypt32

CertNameToStrW

CryptStringToBinaryA

CertFreeCertificateChain

CertGetCertificateChain

CryptFindOIDInfo

CertFreeCertificateContext

CryptHashCertificate2

CertGetNameStringW

CryptVerifyMessageSignature

user32

GetSystemMetrics

slc

SLGetWindowsInformationDWORD

libwautils

?getSpecialFolder@WaFileUtils@@SAHAEBHAEAV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z

??0WaFileInfo@@QEAA@XZ

??1WaConfigurationsBase@@AEAA@XZ

??0WaConfigurationsBase@@AEAA@AEAUWaConfigurationsData@@@Z

?getCurrentSequenceNumber@WaConfigurationsBase@@QEBAHXZ

?jsonToCharPointer@WaConfigurationsBase@@QEBAXAEBVWaJson@@PEAPEA_W_N@Z

?getIntOption@WaConfigurationsBase@@QEBAHPEB_WAEAH@Z

?getStringOption@WaConfigurationsBase@@QEBAHPEB_WAEAV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z

?getBoolOption@WaConfigurationsBase@@QEBAHPEB_WAEA_N@Z

?getOption@WaConfigurationsBase@@QEBAHPEB_WAEAVWaJson@@@Z

?filterOptions@WaConfigurationsBase@@QEBA?AVWaJson@@AEBV2@@Z

?getOptions@WaConfigurationsBase@@QEBA?AVWaJson@@XZ

?setOptions@WaConfigurationsBase@@QEAAHPEB_W@Z

?normalize@WaConfigurationsBase@@QEBAHAEAVWaJson@@@Z

?removeForeignKeys@WaConfigurationsBase@@QEBAHAEAVWaJson@@@Z

?parseConfig@WaConfigurationsBase@@QEBAHPEB_WAEAVWaJson@@AEA_N2@Z

?canConfigWithoutReInit@WaConfigurationsBase@@QEBA_NPEB_WAEA_NAEAVWaJson@@@Z

?releaseDefaultConfigurationsHandler@WaConfigurationsBase@@SAHXZ

?addRefDefaultConfigurationsHandler@WaConfigurationsBase@@SAHPEAVWaIConfigurations@@@Z

??0WaIConfigurations@@QEAA@XZ

??1WaIConfigurations@@MEAA@XZ

?wCaseCmp@WaStringUtils@@YAHPEB_W0@Z

?checkHashAndGetDecryptedInput@WaSecureFile@@SAHAEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@AEAV23@@Z

?CaptureAll@WaRegex@@SAHPEB_W0AEAV?$vector@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@V?$allocator@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@2@@std@@@Z

?Match@WaRegex@@SAHPEB_W0AEAV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z

?split@WaStringUtils@@YAHAEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@_WAEAV?$vector@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@V?$allocator@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@2@@3@_N@Z

?replaceAll@WaStringUtils@@YAXAEAV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@AEBV23@1@Z

?val@WaJson@@UEBAHAEA_N@Z

?val@WaJson@@UEBAHAEAV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z

?val@WaJson@@UEBAHAEAH@Z

?toPrettyString@WaJson@@UEBA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@XZ

?removeRecursive@WaJson@@UEAAXPEB_W@Z

?remove@WaJson@@UEAAXPEB_W@Z

?remove@WaJson@@UEAAXH@Z

?remove@WaJson@@UEAAXAEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z

?put@WaJson@@UEAAXV?$initializer_list@U?$pair@PEB_WVWaJson@@@std@@@std@@@Z

?put@WaJson@@UEAAXAEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@AEBV1@@Z

?put@WaJson@@UEAAXAEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@$$QEAV1@@Z

?keys@WaJson@@UEBA?AV?$set@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@U?$less@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@2@V?$allocator@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@2@@std@@XZ

?getString@WaJson@@UEBA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@XZ

?getObjKeyType@WaJson@@UEBA?AW4WaJsonType@@PEB_W@Z

?getInt@WaJson@@UEBAHXZ

?getBool@WaJson@@UEBA_NXZ

?get@WaJson@@UEBAHPEB_WAEA_N@Z

?get@WaJson@@UEBAHAEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@AEA_N@Z

?get@WaJson@@UEBAHAEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@AEAV23@@Z

?get@WaJson@@UEBAHAEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@AEAV1@@Z

?get@WaJson@@UEBAHAEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@AEAH@Z

?get@WaJson@@UEBA?AV1@AEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z

?first@WaJson@@UEAA?AV1@XZ

?dotPut@WaJson@@UEAAHPEB_WAEBV1@@Z

?dotPut@WaJson@@UEAAHAEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@AEBV1@@Z

?dotGet@WaJson@@UEAAHPEB_WAEA_N@Z

?dotGet@WaJson@@UEAAHPEB_WAEAV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z

?dotGet@WaJson@@UEAAHPEB_WAEAV1@@Z

?dotGet@WaJson@@UEAAHPEB_WAEAH@Z

?dotGet@WaJson@@UEAAHAEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@AEA_N@Z

?dotGet@WaJson@@UEAAHAEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@AEAV23@@Z

?dotGet@WaJson@@UEAAHAEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@AEAV1@@Z

?dotGet@WaJson@@UEAAHAEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@AEAH@Z

?dotAt@WaJson@@UEAAHPEB_WAEA_N@Z

?dotAt@WaJson@@UEAAHPEB_WAEAV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z

?dotAt@WaJson@@UEAAHPEB_WAEAV1@@Z

?dotAt@WaJson@@UEAAHPEB_WAEAH@Z

?dotAt@WaJson@@UEAAHAEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@AEA_N@Z

?dotAt@WaJson@@UEAAHAEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@AEAV23@@Z

?dotAt@WaJson@@UEAAHAEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@AEAV1@@Z

?dotAt@WaJson@@UEAAHAEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@AEAH@Z

?dotAdd@WaJson@@UEAAHPEB_WAEBV1@@Z

?dotAdd@WaJson@@UEAAHAEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@AEBV1@@Z

?remove@WaCache@@QEAAHAEBW4WaCacheNamespace@@AEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@PEB_W@Z

?contains@WaJson@@UEBA_NAEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z

?add@WaJson@@UEAAXV?$initializer_list@VWaJson@@@std@@@Z

?_toPrettyString@WaJson@@EEBA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@H_N@Z

?_set@WaJson@@EEAAX_N@Z

?_set@WaJson@@EEAAXPEB_W@Z

?_set@WaJson@@EEAAXAEBV?$vector@VWaJson@@V?$wa_allocator@VWaJson@@@@@std@@@Z

?_set@WaJson@@EEAAXAEBV?$unordered_map@$$CBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@VWaJson@@Uwa_map_hasher@@Uwa_map_equal_to@@V?$wa_allocator@U?$pair@$$CBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@VWaJson@@@std@@@@@std@@@Z

?_set@WaJson@@EEAAXAEBH@Z

?_set@WaJson@@EEAAX$$QEAV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z

?_init@WaJson@@EEAAXXZ

?_encodeString@WaJson@@EEBA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@AEBV23@@Z

?_dotRetrieve@WaJson@@EEAAHPEB_WAEAV1@W4WaJsonType@@@Z

?_dotInsert@WaJson@@EEAAHPEB_WAEBV1@W4WaJsonType@@@Z

??YWaJson@@UEAAAEAV0@AEBV0@@Z

??MWaJson@@UEBA_NAEBV0@@Z

??AWaJson@@UEBAAEBV0@_K@Z

??AWaJson@@UEBAAEBV0@PEB_W@Z

??AWaJson@@UEBAAEBV0@AEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z

??AWaJson@@UEAAAEAV0@_K@Z

??AWaJson@@UEAAAEAV0@PEB_W@Z

??AWaJson@@UEAAAEAV0@AEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z

??9WaJson@@UEBA_NAEBV0@@Z

??8WaJson@@UEBA_NAEBV0@@Z

??4WaJson@@UEAAAEAV0@_N@Z

??4WaJson@@UEAAAEAV0@PEB_W@Z

??4WaJson@@UEAAAEAV0@AEBV?$vector@VWaJson@@V?$wa_allocator@VWaJson@@@@@std@@@Z

??4WaJson@@UEAAAEAV0@AEBV?$unordered_map@$$CBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@VWaJson@@Uwa_map_hasher@@Uwa_map_equal_to@@V?$wa_allocator@U?$pair@$$CBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@VWaJson@@@std@@@@@std@@@Z

??4WaJson@@UEAAAEAV0@AEBV0@@Z

??4WaJson@@UEAAAEAV0@AEBH@Z

??4WaJson@@UEAAAEAV0@$$QEAV0@@Z

?fileExists@WaFileUtils@@SAHAEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@_NAEB_N@Z

?getSha1HashForFile@WaHasher@@SAHAEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@AEAV23@_N@Z

?isNumber@WaStringUtils@@YA_NAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z

?get@WaJson@@UEBAHPEB_WAEAH@Z

?get@WaJson@@UEBAHPEB_WAEAV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z

?at@WaJson@@UEBA?AV1@_K@Z

?get@WaCache@@QEAAHAEBW4WaCacheNamespace@@AEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@PEB_WAEAVWaJson@@@Z

?insert@WaCache@@QEAAHAEBW4WaCacheNamespace@@AEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@PEB_WAEBVWaJson@@@Z

??0WaJson@@QEAA@$$QEAUObjectConstructor@0@@Z

??0WaJson@@QEAA@_N@Z

?Capture@WaRegex@@SAHPEB_W0AEAV?$vector@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@V?$allocator@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@2@@std@@@Z

?getTempDir@WaFileUtils@@SAHAEAV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z

??0WaJson@@QEAA@$$QEAV0@@Z

?createDirectoryRecursively@WaFileUtils@@SAHAEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z

?getActiveUserSession@WaOSUtils@@QEAAHAEAUWaInternalUserSessionParams@1@@Z

?isArchitectureSupported@WaOSUtils@@QEAA_NW4WaArchitectureType@@@Z

?instance@?$Singleton@VWaOSUtils@@@@SAPEAVWaOSUtils@@XZ

?shellExecuteAsUser@WaProcessUtils@@SAHAEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@0HAEAKAEAV23@H_N3@Z

??1WaFileInfo@@QEAA@XZ

?getSha2HashForFile@WaHasher@@SAHAEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@AEAV23@_N@Z

?key@WaRegKey@@QEBAPEAUHKEY__@@XZ

?findFilesForSearchPattern@WaFileUtils@@SAHAEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@AEAV?$vector@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@V?$allocator@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@2@@3@@Z

?getFileVersionFromPath@WaFileUtils@@SAHAEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@AEBHAEAV23@AEB_N@Z

?revertFsRedirection@WaFileUtils@@SAHAEAPEAX@Z

?disableFsRedirection@WaFileUtils@@SAHAEAPEAX@Z

?directoryExists@WaFileUtils@@SAHAEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@_NAEB_N@Z

?getEnvFolder@WaFileUtils@@SAHAEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@AEAV23@@Z

?create@WaJsonFactory@@SAHV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@AEAVWaJson@@@Z

?trim@WaStringUtils@@YAAEAV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@AEAV23@@Z

?get@WaJson@@UEBAHPEB_WAEAV1@@Z

?add@WaJson@@UEAAX$$QEAV1@@Z

?isObjKeyType@WaJson@@UEBA_NPEB_WAEBW4WaJsonType@@@Z

??0WaJson@@QEAA@W4WaJsonType@@@Z

??0WaJson@@QEAA@AEBV0@@Z

?size@WaJson@@UEBA_KXZ

?getType@WaJson@@UEBA?AW4WaJsonType@@XZ

?isLicensed@WaLicense@@QEBAHH@Z

?updateLicenseFile@WaApiUtils@@YAH_N0PEAVWaJson@@@Z

?addUtilsOwnerTag@WaApiUtils@@YAHPEB_WAEAV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z

?isUtilsOwnerTagPresent@WaApiUtils@@YA_NPEB_W@Z

?isTeardownRequest@WaApiUtils@@YA_NAEBVWaJson@@@Z

?setModuleOutput@WaApiUtils@@YAH_KAEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@PEB_WHAEAVWaJson@@@Z

?initialize@WaHttp@@QEAAHXZ

?destroy@WaHttp@@SAXXZ

?instance@WaHttp@@SAPEAV1@XZ

?unInit@WaLicense@@QEAAXXZ

?renew@WaLicense@@QEAAHXZ

?init@WaLicense@@QEAAHXZ

?destroy@WaLicense@@SAXXZ

?instance@WaLicense@@SAPEAV1@XZ

?setCollectionProperties@WaCache@@SAHAEBW4WaCacheNamespace@@AEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@AEBUWaCacheProps@@@Z

?instance@WaCache@@SAPEAV1@XZ

?initialize@WaCryptoApiWrapper@@QEAAHXZ

?destroy@?$Singleton@VWaCryptoApiWrapper@@@@SAXXZ

?instance@?$Singleton@VWaCryptoApiWrapper@@@@SAPEAVWaCryptoApiWrapper@@XZ

?removeThreadStack@WaCallTree@@SAXAEBVid@thread@std@@@Z

?destroy@WaCallTree@@SAXXZ

?getCallTree@WaCallTree@@SAXAEAVWaJson@@@Z

?getCallTree@WaCallTree@@SAXPEAPEA_W_N@Z

?getTickCountSinceEpoch@WaTime@@YA_JXZ

?getCurrentEpochTime@WaTime@@YAHAEAH@Z

?create@WaJsonFactory@@SAHPEB_WAEAVWaJson@@@Z

?toPrettyCharPointer@WaJson@@UEBAXPEAPEA_W@Z

?toCharPointer@WaJson@@UEBAXPEAPEA_W@Z

?toString@WaJson@@UEBA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@XZ

?contains@WaJson@@UEBA_NPEB_W@Z

?put@WaJson@@UEAAXPEB_W$$QEAV1@@Z

?put@WaJson@@UEAAXPEB_WAEBV1@@Z

?add@WaJson@@UEAAXAEBV1@@Z

?clear@WaJson@@UEAAXXZ

?isType@WaJson@@UEBA_NAEBW4WaJsonType@@@Z

??0WaJson@@QEAA@AEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@AEBV0@@Z

??0WaJson@@QEAA@AEBH@Z

??0WaJson@@QEAA@$$QEAV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z

??0WaJson@@QEAA@PEB_W@Z

??0WaJson@@QEAA@XZ

?get@WaJson@@UEBA?AV1@PEB_W@Z

??1WaJson@@UEAA@XZ

?writeToFile@WaDebugInfo@@QEAAHAEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@_NW4LOG_LEVEL@1@V?$set@W4LOG_COMPONENT@WaDebugInfo@@U?$less@W4LOG_COMPONENT@WaDebugInfo@@@std@@V?$allocator@W4LOG_COMPONENT@WaDebugInfo@@@4@@3@11@Z

?instance@WaDebugInfo@@SAPEAV1@XZ

?instance@WaCallTree@@SAPEAV1@AEBVid@thread@std@@@Z

?evaluateResult@WaCallTree@@SAHH@Z

?instance@WaWmiThread@@SAPEAV1@XZ

?hasNext@WaRegKey@@QEAA_NAEAV1@AEAKAEAV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@AEAH@Z

?getAll@WaRegKey@@QEAAHAEAVWaJson@@@Z

?get@WaRegKey@@QEAAHAEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@AEAV23@_N@Z

?close@WaRegKey@@QEAAHXZ

?open@WaRegKey@@QEAAHXZ

?open@WaRegKey@@QEAAHPEAUHKEY__@@AEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@K@Z

??1WaRegKey@@QEAA@XZ

??0WaRegKey@@QEAA@PEAUHKEY__@@AEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z

?instance@WaConfigurations@@SAPEAV1@XZ

?ensurePathEnding@WaStringUtils@@YAXAEAV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z

?base64Decode@WaBase64@@QEAA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@AEBV23@@Z

?checkCacheLimitAndCleanCollection@WaCache@@QEAAHAEBW4WaCacheNamespace@@AEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@H@Z

?getRaw@WaCache@@QEAAHAEBW4WaCacheNamespace@@AEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@PEB_WAEAVWaJson@@@Z

?insertRaw@WaCache@@QEAAHAEBW4WaCacheNamespace@@AEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@PEB_WAEBVWaJson@@@Z

?bytesToHexWString@WaStringUtils@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@PEBEI@Z

?shellExecute@WaProcessUtils@@SAHAEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@0HAEAKAEAV23@H_N@Z

?expandPath@WaFileUtils@@SA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@AEBV23@@Z

?directoryContentsAll@WaFileUtils@@SAHAEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@AEAVWaJson@@H_NAEB_N@Z

?getDeploymentPath@WaFileUtils@@SAHAEAV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z

?convert@WaJson@@UEAAXAEBW4WaJsonType@@@Z

?getOESISVersion@WaFileInfo@@QEAAHAEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@0AEAV23@@Z

?execute@WaPowerShellGateway@@YAHPEB_WAEAV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@H_NAEAK2@Z

libwaheap

wa_getHeap

winhttp

WinHttpOpen

WinHttpCloseHandle

WinHttpConnect

WinHttpReadData

WinHttpQueryDataAvailable

WinHttpGetDefaultProxyConfiguration

WinHttpReceiveResponse

WinHttpSetTimeouts

WinHttpOpenRequest

WinHttpAddRequestHeaders

WinHttpSendRequest

WinHttpSetCredentials

WinHttpQueryAuthSchemes

WinHttpCrackUrl

WinHttpGetIEProxyConfigForCurrentUser

WinHttpGetProxyForUrl

WinHttpQueryHeaders

WinHttpSetOption

kernel32

GetCommandLineA

GetCommandLineW

GetEnvironmentStringsW

FindFirstFileExW

ReadConsoleW

GetConsoleMode

GetConsoleOutputCP

FlushFileBuffers

EnumSystemLocalesW

IsValidLocale

GetTimeFormatW

GetDateFormatW

HeapReAlloc

FreeLibraryAndExitThread

ExitThread

CreateThread

GetModuleHandleExW

ExitProcess

SetStdHandle

MoveFileExW

SetFilePointerEx

GetDriveTypeW

LoadLibraryExW

InterlockedFlushSList

InterlockedPushEntrySList

RtlUnwindEx

RtlPcToFileHeader

FreeEnvironmentStringsW

GetCPInfo

GetLocaleInfoW

LCMapStringW

CompareStringW

GetTickCount

TlsFree

TlsSetValue

TlsGetValue

TlsAlloc

InitializeCriticalSectionAndSpinCount

SetLastError

EncodePointer

GetStringTypeW

TryEnterCriticalSection

GetExitCodeThread

GetCurrentThread

GetSystemTimeAsFileTime

GetCurrentThreadId

GetCurrentProcessId

GetStartupInfoW

IsDebuggerPresent

InitializeSListHead

IsProcessorFeaturePresent

TerminateProcess

SetUnhandledExceptionFilter

UnhandledExceptionFilter

RtlVirtualUnwind

RtlLookupFunctionEntry

RtlCaptureContext

CreateEventW

WaitForSingleObjectEx

ResetEvent

SetEvent

LeaveCriticalSection

EnterCriticalSection

SetThreadAffinityMask

RegisterWaitForSingleObject

UnregisterWait

GetThreadTimes

SetEnvironmentVariableW

HeapSize

WriteConsoleW

CreateTimerQueue

SignalObjectAndWait

SwitchToThread

SetThreadPriority

GetThreadPriority

GetLogicalProcessorInformation

CreateTimerQueueTimer

ChangeTimerQueueTimer

DeleteTimerQueueTimer

GetNumaHighestNodeNumber

GetModuleHandleA

VirtualAlloc

VirtualFree

VirtualProtect

ReleaseSemaphore

InterlockedPopEntrySList

QueryDepthSList

UnregisterWaitEx

OutputDebugStringW

OpenProcess

CreateProcessA

CreatePipe

SetHandleInformation

DuplicateHandle

SearchPathA

GetStdHandle

GetExitCodeProcess

PeekNamedPipe

GetFullPathNameW

GetFileAttributesA

CreateFileA

GetOEMCP

GetACP

IsValidCodePage

GetTempPathW

LoadLibraryA

SetEndOfFile

GetFileType

GetFileInformationByHandle

GetCurrentDirectoryW

WideCharToMultiByte

MultiByteToWideChar

DeviceIoControl

QueryPerformanceCounter

SetFileTime

SetFileAttributesW

GetFileSizeEx

GetFileAttributesW

DeleteFileW

CreateDirectoryW

WriteFile

GetVersionExW

GlobalFree

GlobalAlloc

GetModuleHandleW

FindNextFileW

FindFirstFileW

FindClose

GetProcessHeap

HeapFree

HeapAlloc

SetFilePointer

ReadFile

Sleep

GetNativeSystemInfo

EnumUILanguagesW

DeleteCriticalSection

InitializeCriticalSectionEx

RaiseException

DecodePointer

LoadLibraryW

GetProcAddress

FreeLibrary

LocalFree

LocalAlloc

GetCurrentProcess

FileTimeToSystemTime

SystemTimeToTzSpecificLocalTime

MoveFileW

Wow64RevertWow64FsRedirection

Wow64DisableWow64FsRedirection

GetLastError

CloseHandle

RemoveDirectoryW

GetFileTime

CreateFileW

CopyFileW

FormatMessageW

GetUserDefaultLCID

GetTimeZoneInformation

GetModuleFileNameW

GetProcessAffinityMask

advapi32

ConvertStringSecurityDescriptorToSecurityDescriptorA

GetSidSubAuthority

GetSidSubAuthorityCount

GetTokenInformation

RegEnumKeyExW

RegQueryInfoKeyW

LookupPrivilegeValueW

CryptAcquireContextW

CryptReleaseContext

CryptGetHashParam

CryptCreateHash

CryptHashData

CryptDestroyHash

RegCloseKey

RegOpenKeyExW

RegQueryValueExW

CloseServiceHandle

ControlService

OpenSCManagerW

OpenServiceW

QueryServiceStatus

StartServiceW

CryptAcquireContextA

CryptGenRandom

OpenProcessToken

shell32

SHGetFolderPathW

ole32

CoCreateInstance

CoInitialize

CoUninitialize

oleaut32

SysAllocString

SysFreeString

SysStringLen

VariantTimeToSystemTime

VariantInit

VariantClear

Exports

??0WaOVJson@OfflineVMod@@QEAA@$$QEAV01@@Z

??0WaOVJson@OfflineVMod@@QEAA@$$QEAV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z

??0WaOVJson@OfflineVMod@@QEAA@$$QEAV?$vector@VWaOVJson@OfflineVMod@@V?$allocator@VWaOVJson@OfflineVMod@@@std@@@std@@@Z

??0WaOVJson@OfflineVMod@@QEAA@AEAV01@_N@Z

??0WaOVJson@OfflineVMod@@QEAA@AEBV01@_N@Z

??0WaOVJson@OfflineVMod@@QEAA@AEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@_N@Z

??0WaOVJson@OfflineVMod@@QEAA@AEBV?$vector@VWaOVJson@OfflineVMod@@V?$allocator@VWaOVJson@OfflineVMod@@@std@@@std@@_N@Z

??0WaOVJson@OfflineVMod@@QEAA@H@Z

??0WaOVJson@OfflineVMod@@QEAA@PEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@_N@Z

??0WaOVJson@OfflineVMod@@QEAA@PEB_W@Z

??0WaOVJson@OfflineVMod@@QEAA@W4JsonTypeEnum@01@@Z

??0WaOVJson@OfflineVMod@@QEAA@XZ

??0WaOVJson@OfflineVMod@@QEAA@_N@Z

??1WaOVJson@OfflineVMod@@QEAA@XZ

??4WaOVJson@OfflineVMod@@QEAAAEAV01@$$QEAV01@@Z

??4WaOVJson@OfflineVMod@@QEAAAEAV01@AEBV01@@Z

??_OWaOVJson@OfflineVMod@@QEAAXAEAV01@@Z

?addToArray@WaOVJson@OfflineVMod@@QEAA_N$$QEAV12@@Z

?addToArray@WaOVJson@OfflineVMod@@QEAA_NAEAV12@@Z

?addToArray@WaOVJson@OfflineVMod@@QEAA_NAEBV12@_N@Z

?addToArrayBypassChecking@WaOVJson@OfflineVMod@@QEAAXAEBV12@_N@Z

?addToArrayBypassChecking@WaOVJson@OfflineVMod@@QEAAXAEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@_N@Z

?addToArrayBypassChecking@WaOVJson@OfflineVMod@@QEAAXAEBV?$vector@VWaOVJson@OfflineVMod@@V?$allocator@VWaOVJson@OfflineVMod@@@std@@@std@@_N@Z

?clean@WaOVJson@OfflineVMod@@AEAAXXZ

?clearArray@WaOVJson@OfflineVMod@@QEAAXXZ

?containsKey@WaOVJson@OfflineVMod@@QEBA_NAEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z

?containsKey@WaOVJson@OfflineVMod@@QEBA_NPEB_W@Z

?escStr@WaOVJson@OfflineVMod@@SA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@AEBV34@@Z

?getArraySize@WaOVJson@OfflineVMod@@QEBAHXZ

?getKeys@WaOVJson@OfflineVMod@@QEBA?AV?$vector@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@V?$allocator@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@2@@std@@XZ

?getObjectSize@WaOVJson@OfflineVMod@@QEBAHXZ

?getType@WaOVJson@OfflineVMod@@QEBA?AW4JsonTypeEnum@12@XZ

?getValue@WaOVJson@OfflineVMod@@QEBA_NAEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@AEAH@Z

?getValue@WaOVJson@OfflineVMod@@QEBA_NAEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@AEAV12@@Z

?getValue@WaOVJson@OfflineVMod@@QEBA_NAEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@AEAV34@@Z

?getValue@WaOVJson@OfflineVMod@@QEBA_NAEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@AEAV?$vector@VWaOVJson@OfflineVMod@@V?$allocator@VWaOVJson@OfflineVMod@@@std@@@4@@Z

?getValue@WaOVJson@OfflineVMod@@QEBA_NAEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@AEA_N@Z

?getValue@WaOVJson@OfflineVMod@@QEBA_NPEB_WAEAH@Z

?getValue@WaOVJson@OfflineVMod@@QEBA_NPEB_WAEAV12@@Z

?getValue@WaOVJson@OfflineVMod@@QEBA_NPEB_WAEAV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z

?getValue@WaOVJson@OfflineVMod@@QEBA_NPEB_WAEAV?$vector@VWaOVJson@OfflineVMod@@V?$allocator@VWaOVJson@OfflineVMod@@@std@@@std@@@Z

?getValue@WaOVJson@OfflineVMod@@QEBA_NPEB_WAEA_N@Z

?getValueArray@WaOVJson@OfflineVMod@@QEAAAEAV?$vector@VWaOVJson@OfflineVMod@@V?$allocator@VWaOVJson@OfflineVMod@@@std@@@std@@PEB_W@Z

?getValueArray@WaOVJson@OfflineVMod@@QEBAAEBV?$vector@VWaOVJson@OfflineVMod@@V?$allocator@VWaOVJson@OfflineVMod@@@std@@@std@@PEB_W@Z

?getValueAsBool@WaOVJson@OfflineVMod@@QEBA_NAEA_N@Z

?getValueAsInt@WaOVJson@OfflineVMod@@QEBA_NAEAH@Z

?getValueAsString@WaOVJson@OfflineVMod@@QEBAAEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@XZ

?getValueAsString@WaOVJson@OfflineVMod@@QEBA_NAEAV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z

?getValueAt@WaOVJson@OfflineVMod@@QEAAAEAV12@H@Z

?getValueAt@WaOVJson@OfflineVMod@@QEBAAEBV12@H@Z

?getValueAt@WaOVJson@OfflineVMod@@QEBA_NHAEAH@Z

?getValueAt@WaOVJson@OfflineVMod@@QEBA_NHAEAV12@@Z

?getValueAt@WaOVJson@OfflineVMod@@QEBA_NHAEAV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z

?getValueAt@WaOVJson@OfflineVMod@@QEBA_NHAEAV?$vector@VWaOVJson@OfflineVMod@@V?$allocator@VWaOVJson@OfflineVMod@@@std@@@std@@@Z

?getValueAt@WaOVJson@OfflineVMod@@QEBA_NHAEA_N@Z

?getValueObject@WaOVJson@OfflineVMod@@QEAAAEAV12@PEB_W@Z

?getValueObject@WaOVJson@OfflineVMod@@QEBAAEBV12@PEB_W@Z

?getValueString@WaOVJson@OfflineVMod@@QEAAAEAV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@PEB_W@Z

?getValueString@WaOVJson@OfflineVMod@@QEBAAEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@PEB_W@Z

?getValueType@WaOVJson@OfflineVMod@@QEBA?AW4JsonTypeEnum@12@AEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z

?getValueType@WaOVJson@OfflineVMod@@QEBA?AW4JsonTypeEnum@12@PEB_W@Z

?init@WaOVJson@OfflineVMod@@AEAAXXZ

?isUndefined@WaOVJson@OfflineVMod@@QEBA_NXZ

?isValueNull@WaOVJson@OfflineVMod@@QEBA_NPEB_W@Z

?putToObject@WaOVJson@OfflineVMod@@QEAA_N$$QEAV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@$$QEAV12@@Z

?putToObject@WaOVJson@OfflineVMod@@QEAA_NAEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@AEAV12@@Z

?putToObject@WaOVJson@OfflineVMod@@QEAA_NAEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@AEBV12@_N@Z

?putToObject@WaOVJson@OfflineVMod@@QEAA_NPEB_W$$QEAV12@@Z

?putToObject@WaOVJson@OfflineVMod@@QEAA_NPEB_WAEAV12@@Z

?putToObject@WaOVJson@OfflineVMod@@QEAA_NPEB_WAEBV12@_N@Z

?putToObjectBypassChecking@WaOVJson@OfflineVMod@@QEAAXPEB_WAEBV12@_N@Z

?putToObjectBypassChecking@WaOVJson@OfflineVMod@@QEAAXPEB_WAEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@_N@Z

?putToObjectBypassChecking@WaOVJson@OfflineVMod@@QEAAXPEB_WAEBV?$vector@VWaOVJson@OfflineVMod@@V?$allocator@VWaOVJson@OfflineVMod@@@std@@@std@@_N@Z

?remove@WaOVJson@OfflineVMod@@QEAAXH@Z

?remove@WaOVJson@OfflineVMod@@QEAAXPEB_W@Z

?reserveArraySize@WaOVJson@OfflineVMod@@QEAAX_K@Z

?setType@WaOVJson@OfflineVMod@@QEAAXW4JsonTypeEnum@12@@Z

?toString@WaOVJson@OfflineVMod@@QEBA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@XZ

?toString@WaOVJson@OfflineVMod@@QEBAXAEAV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z

?toString@WaOVJson@OfflineVMod@@QEBAXPEAPEA_W@Z

?wa_offline_vmod_invoke@@YA_NAEBVWaOVJson@OfflineVMod@@AEAV12@@Z

wa_offline_vmod_extract_database_from_path

wa_offline_vmod_free

wa_offline_vmod_invoke

wa_offline_vmod_load_database_from_path

wa_offline_vmod_load_database_from_string

wa_offline_vmod_read_database_from_path

wa_offline_vmod_read_database_from_string

wa_offline_vmod_setup

wa_offline_vmod_teardown

wa_vmod_api_free

wa_vmod_api_invoke

wa_vmod_api_register_handler

wa_vmod_api_setup

wa_vmod_api_teardown

wa_vmod_api_unregister_handler

Sections

.text
Size: 3.3MB - Virtual size: 3.3MB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

.rdata
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.data
Size: 31KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.pdata
Size: 114KB - Virtual size: 114KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 353B

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.gehcont
Size: 512B - Virtual size: 36B

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.reloc
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_DISCARDABLE

IMAGE_SCN_MEM_READ

x64/wa_3rd_party_host_64.exe

.exe windows:6 windows x64 arch:x64

eaa6039d7eb6e6c5df830272879946da

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

09:02:b3:6b:32:51:c3:28:08:3f:77:7c:a0:84:28:ff
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

16/09/2022, 00:00

Not After

17/09/2025, 23:59

Subject

CN=Avast Software s.r.o.,O=Avast Software s.r.o.,L=Praha,C=CZ

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

d3:25:b6:94:f8:9d:82:4f:13:85:c1:71:ab:2c:d5:7d:e8:d3:86:4b:f3:f7:4f:33:24:cd:f2:89:17:f5:45:b0
Signer

Actual PE Digest

d3:25:b6:94:f8:9d:82:4f:13:85:c1:71:ab:2c:d5:7d:e8:d3:86:4b:f3:f7:4f:33:24:cd:f2:89:17:f5:45:b0

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

IMAGE_DLLCHARACTERISTICS_GUARD_CF

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

wa_3rd_party_host_64.pdb

Imports

kernel32

GetTempPathA

FormatMessageW

GetDiskFreeSpaceA

GetLastError

GetFileAttributesA

GetFileAttributesExW

OutputDebugStringW

FlushViewOfFile

CreateFileA

LoadLibraryA

WaitForSingleObjectEx

DeleteFileA

DeleteFileW

HeapReAlloc

CloseHandle

RaiseException

GetSystemInfo

LoadLibraryW

HeapAlloc

HeapCompact

HeapDestroy

UnlockFile

GetProcAddress

LocalFree

LockFileEx

GetFileSize

DeleteCriticalSection

GetCurrentProcessId

GetProcessHeap

SystemTimeToFileTime

FreeLibrary

WideCharToMultiByte

GetSystemTimeAsFileTime

GetSystemTime

FormatMessageA

CreateFileMappingW

MapViewOfFile

QueryPerformanceCounter

GetTickCount

FlushFileBuffers

GetTickCount64

SizeofResource

GetModuleHandleExW

GetModuleFileNameW

LocalAlloc

FreeResource

LockResource

LoadResource

FindResourceW

SetErrorMode

LoadLibraryExW

InitializeCriticalSectionEx

Sleep

GetWindowsDirectoryW

GetEnvironmentStringsW

GetCurrentDirectoryW

SetCurrentDirectoryW

FindFirstFileW

FindNextFileW

FindClose

FileTimeToSystemTime

GetFileTime

GetVolumeNameForVolumeMountPointW

GetLogicalDriveStringsW

GetDriveTypeW

DeviceIoControl

GetSystemWindowsDirectoryW

lstrcpyW

GetModuleHandleW

WaitForMultipleObjects

CreateEventW

SetEvent

CreateNamedPipeW

OpenProcess

CreateThread

GetOverlappedResult

ConnectNamedPipe

GetExitCodeProcess

CreateToolhelp32Snapshot

Process32NextW

Process32FirstW

DisconnectNamedPipe

CreateDirectoryW

GetCurrentProcess

CreateProcessW

CopyFileW

SetLastError

lstrcpynW

GetLocaleInfoW

TerminateProcess

GetTempFileNameW

ExpandEnvironmentStringsW

GetVersionExW

GetTimeZoneInformation

GetSystemDirectoryW

ReleaseMutex

CreateMutexA

VirtualAlloc

VirtualFree

VirtualQuery

WriteConsoleW

ReadConsoleW

SetStdHandle

MultiByteToWideChar

HeapSize

HeapValidate

UnmapViewOfFile

GetCurrentThreadId

GetFileAttributesW

CreateFileW

WaitForSingleObject

CreateMutexW

GetTempPathW

UnlockFileEx

SetEndOfFile

GetFullPathNameA

SetFilePointer

AreFileApisANSI

InitializeCriticalSection

LeaveCriticalSection

LockFile

OutputDebugStringA

GetDiskFreeSpaceW

WriteFile

GetFullPathNameW

EnterCriticalSection

HeapFree

HeapCreate

TryEnterCriticalSection

ReadFile

DecodePointer

FreeEnvironmentStringsW

FindFirstFileExW

SetEnvironmentVariableW

SetFilePointerEx

GetFileSizeEx

GetConsoleMode

GetConsoleOutputCP

GetOEMCP

GetACP

IsValidCodePage

GetFileType

EnumSystemLocalesW

GetUserDefaultLCID

IsValidLocale

GetTimeFormatW

GetDateFormatW

GetCommandLineW

GetCommandLineA

GetStdHandle

ExitProcess

ExitThread

RtlUnwindEx

UnregisterWaitEx

QueryDepthSList

InterlockedFlushSList

InterlockedPushEntrySList

InterlockedPopEntrySList

ReleaseSemaphore

VirtualProtect

UnregisterWait

RegisterWaitForSingleObject

SetThreadAffinityMask

GetProcessAffinityMask

GetNumaHighestNodeNumber

DeleteTimerQueueTimer

ChangeTimerQueueTimer

CreateTimerQueueTimer

GetLogicalProcessorInformation

GetThreadPriority

SetThreadPriority

SwitchToThread

SignalObjectAndWait

GetModuleHandleA

FreeLibraryAndExitThread

RtlCaptureContext

RtlLookupFunctionEntry

RtlVirtualUnwind

UnhandledExceptionFilter

SetUnhandledExceptionFilter

IsProcessorFeaturePresent

ResetEvent

IsDebuggerPresent

GetStartupInfoW

InitializeSListHead

GetStringTypeW

DuplicateHandle

GetCurrentThread

GetExitCodeThread

GetNativeSystemInfo

QueryPerformanceFrequency

RtlPcToFileHeader

EncodePointer

QueueUserWorkItem

InitializeCriticalSectionAndSpinCount

TlsAlloc

TlsGetValue

TlsSetValue

TlsFree

CompareStringW

LCMapStringW

GetCPInfo

CreateTimerQueue

GetThreadTimes

LoadLibraryExA

user32

PostThreadMessageW

wsprintfW

advapi32

RegQueryValueExW

EqualSid

AllocateAndInitializeSid

FreeSid

CheckTokenMembership

QueryServiceStatus

OpenServiceW

RegCloseKey

RegEnumKeyExW

RegOpenKeyExW

CloseServiceHandle

OpenSCManagerW

GetSidSubAuthorityCount

GetSidSubAuthority

GetTokenInformation

AccessCheck

GetFileSecurityW

DuplicateToken

MapGenericMask

LookupPrivilegeValueW

AdjustTokenPrivileges

RegSaveKeyW

OpenProcessToken

ole32

CoSetProxyBlanket

CoUninitialize

CoInitializeEx

CoCreateInstance

IIDFromString

CLSIDFromString

CoAddRefServerProcess

CoReleaseServerProcess

OleRun

oleaut32

GetErrorInfo

VariantTimeToSystemTime

VariantClear

SafeArrayCreateVector

SafeArrayCreate

SafeArrayLock

VariantCopy

SafeArrayPutElement

SysAllocString

SysFreeString

SafeArrayGetDim

SysStringLen

SysAllocStringLen

SafeArrayDestroy

VariantInit

SafeArrayGetElement

SafeArrayUnlock

version

GetFileVersionInfoSizeW

GetFileVersionInfoW

VerQueryValueW

shlwapi

StrStrIW

wininet

HttpSendRequestW

InternetConnectW

InternetCloseHandle

InternetOpenW

InternetSetOptionW

InternetReadFile

HttpOpenRequestW

Exports

QHChangeOnAccessScanState

QHEnableOnAccessScan

QHFreeThreatHistoryListA

QHFreeThreatHistoryListW

QHGetAppLanguageA

QHGetAppLanguageW

QHGetDigitalCertSignerA

QHGetDigitalCertSignerW

QHGetEngineVersionA

QHGetEngineVersionW

QHGetExpDate

QHGetLastFullScanTime

QHGetProductInstallDirA

QHGetProductInstallDirW

QHGetSASQHStatus

QHGetSigDatabaseDirA

QHGetSigDatabaseDirW

QHGetSigDatabaseTime

QHGetSigDatabaseVersionA

QHGetSigDatabaseVersionW

QHGetThreatHistoryA

QHGetThreatHistoryW

QHInitUpdate

QHInitiateFileScanA

QHInitiateFileScanW

QHInitiateFolderScanA

QHInitiateFolderScanW

QHInitiateFullScan

QHIsAVInstalled

QHIsFullScanRunning

QHIsLicenseExpired

QHIsOnAccessScanEnabled

QHIsUpdateInProgress

QHOpenScanner

Sections

.text
Size: 1.9MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

.rdata
Size: 640KB - Virtual size: 639KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.data
Size: 39KB - Virtual size: 59KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.pdata
Size: 90KB - Virtual size: 89KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.gehcont
Size: 512B - Virtual size: 36B

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.rsrc
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.reloc
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_DISCARDABLE

IMAGE_SCN_MEM_READ

x86/CCleanerBugReport.exe

.exe windows:6 windows x86 arch:x86

c7a59f08cfb0aca8ecdcc834e5f2618b

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

05:75:e1:f7:ec:9b:d8:a6:7a:3f:61:89:c6:3e:97:bb
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

16/09/2022, 00:00

Not After

17/09/2025, 23:59

Subject

CN=PIRIFORM SOFTWARE LIMITED,O=PIRIFORM SOFTWARE LIMITED,L=London,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

65:d3:5b:58:44:e4:60:f4:d7:82:3d:36:b7:48:9f:1b:0c:0b:fc:c4:41:2c:a6:7a:4a:cc:9e:c5:59:7f:61:17
Signer

Actual PE Digest

65:d3:5b:58:44:e4:60:f4:d7:82:3d:36:b7:48:9f:1b:0c:0b:fc:c4:41:2c:a6:7a:4a:cc:9e:c5:59:7f:61:17

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

IMAGE_DLLCHARACTERISTICS_GUARD_CF

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\AvastClient\BUILDS\Release\x86\CCleanerBugReport.pdb

Imports

rpcrt4

RpcStringBindingComposeW

RpcBindingFromStringBindingW

NdrClientCall2

RpcBindingFree

RpcStringFreeW

RpcMgmtEpEltInqDone

RpcStringBindingParseW

UuidFromStringW

UuidToStringW

NdrAsyncServerCall

NdrServerCall2

NdrAsyncClientCall

RpcAsyncCancelCall

RpcAsyncInitializeHandle

RpcAsyncCompleteCall

RpcBindingToStringBindingW

RpcEpUnregister

RpcEpRegisterW

RpcServerUseProtseqEpW

RpcObjectSetType

RpcServerRegisterIf2

RpcServerUnregisterIfEx

RpcImpersonateClient

RpcRevertToSelf

I_RpcBindingInqLocalClientPID

RpcMgmtEpEltInqNextW

RpcMgmtEpEltInqBegin

RpcIfInqId

UuidCreate

wtsapi32

WTSFreeMemory

WTSQuerySessionInformationW

shell32

SHGetFolderPathW

ord165

ntdll

NtOpenKey

RtlNtStatusToDosError

NtSetInformationThread

NtClose

NtQueryKey

NtDeleteKey

RtlDllShutdownInProgress

NtSystemDebugControl

VerSetConditionMask

RtlUnwind

kernel32

TerminateProcess

GetFileTime

GetVersionExW

LoadLibraryExW

InitializeCriticalSectionEx

HeapSize

HeapReAlloc

DecodePointer

HeapDestroy

UnlockFileEx

LockFileEx

CompareFileTime

SetFilePointerEx

GetFileSizeEx

ReadFile

CancelIoEx

GetOverlappedResult

ResetEvent

ReadDirectoryChangesW

UnregisterWaitEx

SetThreadpoolWait

CreateThreadpoolWait

CloseThreadpoolWait

WaitForThreadpoolWaitCallbacks

ProcessIdToSessionId

WaitForMultipleObjects

GetCurrentThread

LocalFree

CompareStringW

InitializeCriticalSectionAndSpinCount

TerminateThread

ResumeThread

SetThreadPriority

QueryPerformanceFrequency

QueryPerformanceCounter

QueryThreadCycleTime

K32GetProcessImageFileNameW

GetThreadId

WriteFile

LocalAlloc

FlushFileBuffers

GetFileInformationByHandle

GetFullPathNameW

OutputDebugStringA

FileTimeToSystemTime

GetSystemInfo

ExpandEnvironmentStringsW

GetShortPathNameW

GetSystemWindowsDirectoryW

GetProcessAffinityMask

GetLongPathNameW

VirtualAlloc

VirtualFree

GlobalMemoryStatusEx

GetExitCodeThread

SetFilePointer

SetFileAttributesW

GetFileSize

SetEndOfFile

MoveFileExW

GetWindowsDirectoryW

CreateFileMappingW

MapViewOfFile

QueryFullProcessImageNameW

GetFileAttributesExW

CreateDirectoryW

GetCurrentDirectoryW

FindFirstFileExW

FindNextFileW

QueryDosDeviceW

GetVolumePathNameW

GetVolumeNameForVolumeMountPointW

GetDateFormatW

GetTimeFormatW

CopyFileW

SetFileInformationByHandle

GetDiskFreeSpaceExW

FindResourceW

LoadResource

LockResource

SizeofResource

K32GetMappedFileNameW

FindFirstVolumeW

FindNextVolumeW

GetVolumePathNamesForVolumeNameW

FindVolumeClose

GetTickCount64

SetEvent

CreateEventW

SetLastError

GetProcessTimes

GetSystemTimes

FindResourceExW

Sleep

RegisterWaitForSingleObject

DuplicateHandle

GetNativeSystemInfo

VirtualQuery

RemoveVectoredExceptionHandler

AddVectoredExceptionHandler

SetUnhandledExceptionFilter

GetTickCount

TlsGetValue

TlsSetValue

TlsAlloc

TlsFree

CreateThread

SetEnvironmentVariableW

GetEnvironmentVariableW

GetProcessId

FormatMessageW

GetModuleFileNameA

FindClose

RaiseException

FlushInstructionCache

VirtualProtect

CheckRemoteDebuggerPresent

GetModuleHandleExW

ReadProcessMemory

FindFirstFileW

GetExitCodeProcess

CreateProcessW

DeleteFileW

OutputDebugStringW

GetCurrentProcess

GetCurrentThreadId

OpenProcess

GetCurrentProcessId

DeviceIoControl

CreateFileW

GetSystemTimeAsFileTime

VerifyVersionInfoW

GetModuleFileNameW

GetFileAttributesW

FreeLibrary

LoadLibraryW

GetSystemDirectoryW

UpdateProcThreadAttribute

InitializeProcThreadAttributeList

MultiByteToWideChar

SetErrorMode

GetConsoleWindow

ReleaseMutex

CreateMutexW

SetDllDirectoryW

WideCharToMultiByte

WaitForSingleObject

HeapFree

GetProcessHeap

HeapAlloc

GetProcAddress

GetModuleHandleW

DeleteCriticalSection

InitializeCriticalSection

WriteConsoleW

ReadConsoleW

GetTimeZoneInformation

FreeEnvironmentStringsW

GetEnvironmentStringsW

GetOEMCP

GetACP

IsValidCodePage

GetConsoleMode

GetConsoleOutputCP

EnumSystemLocalesW

GetUserDefaultLCID

IsValidLocale

GetLocaleInfoW

LCMapStringW

GetFileType

SetStdHandle

ExitProcess

GetCommandLineW

GetCommandLineA

GetStdHandle

FreeLibraryAndExitThread

ExitThread

InterlockedPushEntrySList

GetStartupInfoW

IsDebuggerPresent

UnhandledExceptionFilter

InitializeSListHead

GetCPInfo

EncodePointer

LCMapStringEx

InitOnceComplete

InitOnceBeginInitialize

IsProcessorFeaturePresent

CloseThreadpoolWork

SubmitThreadpoolWork

CreateThreadpoolWork

FreeLibraryWhenCallbackReturns

WakeConditionVariable

GetLocaleInfoEx

SleepConditionVariableSRW

WakeAllConditionVariable

AcquireSRWLockShared

ReleaseSRWLockShared

TryAcquireSRWLockExclusive

LeaveCriticalSection

EnterCriticalSection

CloseHandle

GetLastError

GetProcessHandleCount

Process32NextW

Process32FirstW

CreateToolhelp32Snapshot

K32GetProcessMemoryInfo

GetThreadTimes

K32EnumProcesses

GetThreadPriority

OpenThread

GetVersion

GetPriorityClass

UnmapViewOfFile

AcquireSRWLockExclusive

ReleaseSRWLockExclusive

FormatMessageA

GetStringTypeW

AreFileApisANSI

GetFileInformationByHandleEx

WaitForSingleObjectEx

user32

IsHungAppWindow

PeekMessageW

SendMessageCallbackW

ShowWindow

RegisterClassExW

GetClassInfoExW

SetWindowLongW

SendMessageW

PostMessageW

RegisterWindowMessageW

LoadStringW

GetSystemMetrics

GetGUIThreadInfo

advapi32

RegQueryValueExW

OpenServiceW

OpenSCManagerW

InitializeSecurityDescriptor

SetSecurityDescriptorDacl

RevertToSelf

RegCloseKey

OpenThreadToken

ConvertStringSecurityDescriptorToSecurityDescriptorW

GetTokenInformation

OpenProcessToken

CloseServiceHandle

EnumServicesStatusW

QueryServiceStatusEx

QueryServiceConfigW

EqualSid

DuplicateToken

CheckTokenMembership

CryptReleaseContext

CryptGenRandom

CryptAcquireContextW

RegQueryMultipleValuesW

RegDeleteTreeW

RegNotifyChangeKeyValue

RegQueryInfoKeyW

RegDeleteValueW

RegEnumValueW

RegEnumKeyExW

RegSetValueExW

RegCreateKeyExW

FreeSid

LookupAccountSidW

RegOpenKeyExW

AddAce

InitializeAcl

GetLengthSid

AllocateAndInitializeSid

ImpersonateSelf

AdjustTokenPrivileges

LookupPrivilegeValueW

ole32

CoCreateGuid

powrprof

CallNtPowerInformation

winhttp

WinHttpSetOption

WinHttpConnect

WinHttpSetTimeouts

WinHttpOpen

WinHttpCloseHandle

WinHttpQueryOption

WinHttpCrackUrl

WinHttpAddRequestHeaders

WinHttpOpenRequest

WinHttpReadData

WinHttpQueryDataAvailable

WinHttpQueryHeaders

WinHttpReceiveResponse

WinHttpWriteData

WinHttpSendRequest

WinHttpSetCredentials

shlwapi

PathAppendW

PathMatchSpecW

PathRemoveFileSpecW

PathFindFileNameW

version

VerQueryValueW

GetFileVersionInfoW

GetFileVersionInfoSizeW

crypt32

CertFreeCertificateContext

ws2_32

WSAAddressToStringW

Exports

asw_process_storage_allocate_connector

asw_process_storage_deallocate_connector

on_avast_dll_unload

onexit_register_connector_avast_2

Sections

.text
Size: 2.9MB - Virtual size: 2.9MB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

.rdata
Size: 784KB - Virtual size: 783KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.data
Size: 451KB - Virtual size: 486KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.rsrc
Size: 72KB - Virtual size: 71KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.reloc
Size: 175KB - Virtual size: 175KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_DISCARDABLE

IMAGE_SCN_MEM_READ

x86/CCleanerDU.dll

.dll windows:6 windows x86 arch:x86

7b6677740f909f79675195b01550e6e0

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

05:75:e1:f7:ec:9b:d8:a6:7a:3f:61:89:c6:3e:97:bb
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

16/09/2022, 00:00

Not After

17/09/2025, 23:59

Subject

CN=PIRIFORM SOFTWARE LIMITED,O=PIRIFORM SOFTWARE LIMITED,L=London,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

20:e9:83:32:6c:f8:c2:d5:32:78:61:05:3b:92:38:4d:fa:45:c2:f2:27:1b:16:48:39:77:f5:3f:1b:9f:60:cd
Signer

Actual PE Digest

20:e9:83:32:6c:f8:c2:d5:32:78:61:05:3b:92:38:4d:fa:45:c2:f2:27:1b:16:48:39:77:f5:3f:1b:9f:60:cd

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_32BIT_MACHINE

IMAGE_FILE_DLL

PDB Paths

C:\BUILD\work\ff1498008bc2b597\BUILDS\Release\x86\CCleanerDU.pdb

Imports

advapi32

InitializeSecurityDescriptor

CreateWellKnownSid

SetEntriesInAclW

SetSecurityDescriptorOwner

SetSecurityDescriptorGroup

SetSecurityDescriptorDacl

ImpersonateLoggedOnUser

OpenThreadToken

RevertToSelf

RegCloseKey

RegQueryValueExW

SetThreadToken

RegisterEventSourceW

DeregisterEventSource

OpenProcessToken

CryptReleaseContext

CryptGenRandom

CryptAcquireContextW

RegOpenKeyExW

CryptDestroyKey

CryptSetHashParam

CryptGetProvParam

CryptGetUserKey

CryptExportKey

CryptDecrypt

CryptCreateHash

CryptDestroyHash

CryptSignHashW

CryptEnumProvidersW

GetTokenInformation

IsValidSid

ConvertSidToStringSidW

DuplicateTokenEx

LookupPrivilegeValueW

AdjustTokenPrivileges

RegCreateKeyExW

RegSetValueExW

EqualSid

ConvertStringSecurityDescriptorToSecurityDescriptorW

FreeSid

AllocateAndInitializeSid

ConvertStringSidToSidW

GetSidSubAuthorityCount

GetSidSubAuthority

GetLengthSid

CreateProcessAsUserW

InitializeAcl

AddAce

RegEnumKeyExW

RegEnumValueW

RegDeleteValueW

ReportEventW

RegQueryInfoKeyW

RegEnumKeyW

RegDeleteKeyExW

RegNotifyChangeKeyValue

RegDeleteTreeW

RegQueryMultipleValuesW

CryptAcquireContextA

CryptGetHashParam

CryptHashData

RegEnumKeyExA

RegOpenKeyExA

RegQueryValueExA

SystemFunction036

crypt32

CryptStringToBinaryA

CertGetCertificateChain

CertFreeCertificateChain

CryptProtectData

CryptUnprotectData

CryptVerifyTimeStampSignature

CertGetNameStringA

CryptQueryObject

CryptDecodeObjectEx

CertFreeCertificateChainEngine

CryptMemFree

CertOpenStore

CertCloseStore

CertEnumCertificatesInStore

CertFindCertificateInStore

CertDuplicateCertificateContext

CertFreeCertificateContext

CertGetCertificateContextProperty

PFXImportCertStore

CertAddCertificateContextToStore

CertCreateCertificateChainEngine

CertFindExtension

bcrypt

BCryptGenerateKeyPair

BCryptFinalizeKeyPair

BCryptExportKey

BCryptSecretAgreement

BCryptDeriveKey

BCryptGenerateSymmetricKey

BCryptOpenAlgorithmProvider

BCryptSetProperty

BCryptGenRandom

BCryptCloseAlgorithmProvider

BCryptDestroyKey

BCryptImportKeyPair

BCryptEncrypt

BCryptDestroySecret

userenv

DestroyEnvironmentBlock

CreateEnvironmentBlock

wtsapi32

WTSQuerySessionInformationW

WTSFreeMemory

WTSEnumerateSessionsW

WTSQueryUserToken

setupapi

CM_Get_Sibling

SetupDiGetDriverInfoDetailW

SetupDiGetDriverInstallParamsW

SetupDiDestroyDriverInfoList

SetupOpenInfFileW

SetupFindFirstLineW

SetupGetIntField

SetupDiSetClassInstallParamsW

SetupOpenFileQueue

SetupDiGetDeviceInstallParamsW

SetupDiSetDeviceInstallParamsW

SetupDiCallClassInstaller

SetupScanFileQueueW

SetupCloseFileQueue

SetupDiCreateDeviceInfoList

SetupDiOpenDeviceInfoW

SetupDiDestroyDeviceInfoList

CM_Get_Child

CM_Get_Device_IDW

SetupUninstallOEMInfW

CM_Locate_DevNode_ExW

CM_Reenumerate_DevNode_Ex

CM_Get_Parent

CM_Locate_DevNodeW

CM_Get_DevNode_Status

SetupDiGetClassDevsExW

SetupDiEnumDeviceInfo

SetupDiGetDeviceInstanceIdW

CM_Get_Device_Interface_List_SizeW

CM_Get_Device_Interface_ListW

SetupDiGetDevicePropertyW

SetupDiGetDeviceRegistryPropertyW

SetupCloseInfFile

SetupGetInfDriverStoreLocationW

CMP_WaitNoPendingInstallEvents

SetupEnumInfSectionsW

SetupGetStringFieldW

SetupDiEnumDriverInfoW

SetupFindNextMatchLineW

SetupDiSetSelectedDriverW

SetupDiBuildDriverInfoList

shell32

SHGetFolderPathW

version

VerQueryValueW

GetFileVersionInfoW

GetFileVersionInfoSizeW

ntdll

RtlUnwind

VerSetConditionMask

NtClose

RtlNtStatusToDosError

NtDeleteKey

NtQueryKey

NtOpenKey

NtSetInformationThread

kernel32

HeapReAlloc

HeapSize

GetUserDefaultLCID

LeaveCriticalSection

EnterCriticalSection

GetSystemTimes

Sleep

SystemTimeToFileTime

GetLocalTime

SetEvent

CreateEventW

WaitForSingleObject

WaitForMultipleObjects

FileTimeToSystemTime

GetSystemTime

CloseHandle

LoadLibraryW

FreeLibrary

GetCurrentThreadId

CompareFileTime

GetSystemPowerStatus

GetSystemDirectoryW

lstrcatW

GetFileAttributesW

LocalFree

CreateFileW

GetFileSizeEx

ReadFile

GetExitCodeProcess

GetCurrentThread

GetModuleFileNameW

DeviceIoControl

SetFileInformationByHandle

GetFileInformationByHandleEx

GetFinalPathNameByHandleW

OutputDebugStringW

DebugBreak

FindFirstFileW

FindNextFileW

FindClose

LockFileEx

UnlockFileEx

WriteFile

InitializeCriticalSection

GetCurrentProcessId

ProcessIdToSessionId

GetModuleHandleExW

GetPrivateProfileStringW

WritePrivateProfileStringW

LoadResource

LockResource

GetModuleFileNameA

FormatMessageW

SetLastError

GetLocaleInfoW

LoadLibraryExW

GetUserDefaultLangID

GetCPInfo

GetLocaleInfoEx

GetConsoleOutputCP

GetTickCount

ResetEvent

GetComputerNameW

GetUserGeoID

GetGeoInfoW

GetSystemDefaultLCID

GetCurrentProcess

SetFilePointerEx

CreateDirectoryW

GetFileSize

RemoveDirectoryW

DeleteFileW

GlobalMemoryStatusEx

LCIDToLocaleName

GetNativeSystemInfo

InitializeSRWLock

ReleaseSRWLockExclusive

ReleaseSRWLockShared

AcquireSRWLockExclusive

AcquireSRWLockShared

TlsAlloc

TlsGetValue

TlsSetValue

TlsFree

GetSystemTimeAsFileTime

GetStdHandle

GetFileType

GetSystemDirectoryA

LoadLibraryA

FormatMessageA

EncodePointer

VirtualAlloc

VirtualFree

GetEnvironmentVariableW

GetACP

GetConsoleMode

SetConsoleMode

ReadConsoleA

ReadConsoleW

CreateTimerQueue

DeleteTimerQueueEx

CreateTimerQueueTimer

ChangeTimerQueueTimer

DeleteTimerQueueTimer

WTSGetActiveConsoleSessionId

GetThreadLocale

CreateSemaphoreW

CreateThread

ReleaseSemaphore

GetFileInformationByHandle

SetEndOfFile

WerRegisterMemoryBlock

WerUnregisterMemoryBlock

UnmapViewOfFile

UnlockFile

CreateFileA

CreateFileMappingW

MapViewOfFile

QueryPerformanceCounter

QueryPerformanceFrequency

InitOnceExecuteOnce

ReleaseMutex

CreateMutexW

GetFileTime

CancelIoEx

GetOverlappedResult

GetTickCount64

UnregisterWaitEx

SetThreadpoolWait

CreateThreadpoolWait

CloseThreadpoolWait

WaitForThreadpoolWaitCallbacks

SetFilePointer

GetCurrentDirectoryW

LocalFileTimeToFileTime

SetFileTime

GetFileAttributesExW

HeapFree

GetModuleHandleW

OpenProcess

TerminateProcess

VerifyVersionInfoW

CreateProcessW

ResumeThread

InitializeCriticalSectionAndSpinCount

GetThreadPriority

TerminateThread

SetThreadPriority

GetThreadTimes

RaiseException

QueryThreadCycleTime

CompareStringW

InitializeProcThreadAttributeList

DeleteProcThreadAttributeList

UpdateProcThreadAttribute

CreateToolhelp32Snapshot

Process32FirstW

Process32NextW

GetThreadId

GetProcessTimes

QueryFullProcessImageNameW

GetDriveTypeW

SetFileAttributesW

MoveFileExW

GetWindowsDirectoryW

GetShortPathNameW

DuplicateHandle

GetFullPathNameW

FindFirstFileExW

QueryDosDeviceW

GetProcessAffinityMask

GetVersionExW

ExpandEnvironmentStringsW

GetLongPathNameW

GetVolumePathNameW

GetVolumeNameForVolumeMountPointW

GetDateFormatW

GetTimeFormatW

GetExitCodeThread

SetEnvironmentVariableW

GetVersion

SizeofResource

FindResourceExW

FindResourceW

FlushFileBuffers

OutputDebugStringA

CopyFileW

GetDiskFreeSpaceExW

K32GetMappedFileNameW

FindFirstVolumeW

FindNextVolumeW

GetVolumePathNamesForVolumeNameW

FindVolumeClose

GetModuleHandleA

MoveFileExA

GetEnvironmentVariableA

SleepEx

ExpandEnvironmentStringsA

GetWindowsDirectoryA

GetVersionExA

LCMapStringEx

CompareStringEx

IsProcessorFeaturePresent

InitializeSListHead

UnhandledExceptionFilter

SetUnhandledExceptionFilter

IsDebuggerPresent

GetStartupInfoW

CreateEventA

OpenEventA

InterlockedPushEntrySList

InterlockedFlushSList

ExitThread

FreeLibraryAndExitThread

ExitProcess

SetConsoleCtrlHandler

PeekNamedPipe

SystemTimeToTzSpecificLocalTime

LCMapStringW

IsValidLocale

EnumSystemLocalesW

GetTimeZoneInformation

IsValidCodePage

GetOEMCP

SetStdHandle

GetCommandLineA

GetCommandLineW

GetEnvironmentStringsW

FreeEnvironmentStringsW

WriteConsoleW

RegisterWaitForSingleObject

InitOnceComplete

SleepConditionVariableSRW

WakeAllConditionVariable

WaitForSingleObjectEx

GetStringTypeW

HeapAlloc

HeapDestroy

DecodePointer

GetLastError

DeleteCriticalSection

InitializeCriticalSectionEx

MultiByteToWideChar

GetProcessHeap

WideCharToMultiByte

GetProcAddress

AreFileApisANSI

TryAcquireSRWLockExclusive

InitOnceBeginInitialize

WakeConditionVariable

ReadDirectoryChangesW

GetSystemInfo

user32

RegisterClassExW

GetUserObjectInformationW

GetProcessWindowStation

GetSystemMetrics

LoadStringW

GetClassInfoExW

CharLowerW

SetWindowLongW

SendMessageW

PostMessageW

MessageBoxW

GetDesktopWindow

RegisterWindowMessageW

wsprintfW

ole32

CoInitializeSecurity

CoInitialize

CoUninitialize

CoInitializeEx

CoCreateGuid

CoCreateInstance

CLSIDFromString

CoSetProxyBlanket

StringFromGUID2

CoTaskMemFree

oleaut32

SysFreeString

VariantInit

VariantCopy

VariantClear

SysAllocString

newdev

DiInstallDriverW

DiInstallDevice

cfgmgr32

CM_Get_DevNode_PropertyW

CM_Get_Device_Interface_PropertyW

secur32

QueryContextAttributesW

iphlpapi

GetUnicastIpAddressTable

GetBestRoute2

GetAdaptersAddresses

FreeMibTable

GetIfEntry2

GetIfTable2Ex

rpcrt4

RpcServerUseProtseqEpW

RpcBindingToStringBindingW

RpcEpUnregister

RpcEpRegisterW

RpcObjectSetType

RpcServerRegisterIf2

RpcServerUnregisterIfEx

RpcImpersonateClient

RpcRevertToSelf

I_RpcBindingInqLocalClientPID

RpcMgmtEpEltInqNextW

RpcMgmtEpEltInqBegin

RpcIfInqId

RpcMgmtEpEltInqDone

RpcBindingFree

RpcStringFreeW

UuidToStringW

UuidFromStringW

RpcAsyncInitializeHandle

RpcBindingFromStringBindingW

RpcAsyncCancelCall

NdrAsyncClientCall

NdrClientCall2

RpcAsyncCompleteCall

NdrServerCall2

NdrAsyncServerCall

RpcStringBindingComposeW

RpcStringBindingParseW

winhttp

WinHttpCloseHandle

WinHttpReadData

WinHttpQueryDataAvailable

WinHttpTimeFromSystemTime

WinHttpSendRequest

WinHttpAddRequestHeaders

WinHttpOpenRequest

WinHttpConnect

WinHttpSetOption

WinHttpQueryHeaders

WinHttpQueryOption

WinHttpSetStatusCallback

WinHttpOpen

WinHttpCrackUrl

WinHttpSetCredentials

WinHttpWriteData

WinHttpReceiveResponse

WinHttpSetTimeouts

ws2_32

WSACloseEvent

WSACreateEvent

WSAEnumNetworkEvents

WSAEventSelect

WSAResetEvent

WSAWaitForMultipleEvents

ntohl

WSAIoctl

__WSAFDIsSet

getpeername

gethostname

InetNtopW

freeaddrinfo

recvfrom

sendto

getaddrinfo

socket

setsockopt

connect

closesocket

bind

send

recv

WSASetLastError

getservbyname

getsockopt

htons

htonl

WSAGetLastError

select

ntohs

getsockname

ioctlsocket

WSACleanup

WSAStartup

WSAAddressToStringW

dnsapi

DnsQuery_W

DnsFree

shlwapi

PathMatchSpecW

powrprof

CallNtPowerInformation

Exports

?RegisterSpocNotificationHandler@spoc@asw@@YA?AV?$shared_ptr@VISpocCookie@spoc@asw@@@std@@ABUNotificationKey@12@V?$function@$$A6AXUSpocNotification@spoc@asw@@@Z@4@@Z

CreateEnvironment

FreeInterface

GetInterface

ShutdownEnvironment

StartInterface

StopInterface

UpdateSettings

on_avast_dll_unload

Sections

.text
Size: 7.5MB - Virtual size: 7.5MB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

.rdata
Size: 1.9MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.data
Size: 623KB - Virtual size: 681KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.reloc
Size: 432KB - Virtual size: 431KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_DISCARDABLE

IMAGE_SCN_MEM_READ

x86/libwaapi.dll

.dll windows:6 windows x86 arch:x86

5f6507feb1a560c3a1f198a028945819

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

09:02:b3:6b:32:51:c3:28:08:3f:77:7c:a0:84:28:ff
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

16/09/2022, 00:00

Not After

17/09/2025, 23:59

Subject

CN=Avast Software s.r.o.,O=Avast Software s.r.o.,L=Praha,C=CZ

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

6a:70:2d:4a:f3:fb:cd:74:23:fa:9f:66:bd:e4:fc:40:45:2f:e2:8e:c6:08:84:81:54:e5:7a:d3:42:ee:30:37
Signer

Actual PE Digest

6a:70:2d:4a:f3:fb:cd:74:23:fa:9f:66:bd:e4:fc:40:45:2f:e2:8e:c6:08:84:81:54:e5:7a:d3:42:ee:30:37

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_32BIT_MACHINE

IMAGE_FILE_DLL

PDB Paths

libwaapi.pdb

Imports

libwaheap

_wa_getHeap@0

crypt32

CryptQueryObject

CertFindCertificateInStore

CryptMsgClose

CertFreeCertificateContext

CertCloseStore

CryptMsgGetParam

wintrust

WinVerifyTrust

kernel32

WriteConsoleW

WideCharToMultiByte

EnterCriticalSection

GetCurrentProcess

InitializeCriticalSectionEx

LocalAlloc

CreateToolhelp32Snapshot

GetLastError

Process32NextW

Process32FirstW

CloseHandle

RaiseException

DecodePointer

LocalFree

DeleteCriticalSection

GetCurrentProcessId

GetExitCodeProcess

LeaveCriticalSection

TryEnterCriticalSection

GetCurrentThreadId

DuplicateHandle

CreateFileW

SetStdHandle

GetConsoleMode

GetConsoleOutputCP

WriteFile

FlushFileBuffers

SetEnvironmentVariableW

FreeEnvironmentStringsW

GetEnvironmentStringsW

GetCommandLineW

GetCommandLineA

GetOEMCP

GetACP

IsValidCodePage

FindNextFileW

FindFirstFileExW

FindClose

HeapSize

GetTimeZoneInformation

SetFilePointerEx

EnumSystemLocalesW

GetUserDefaultLCID

IsValidLocale

GetTimeFormatW

GetDateFormatW

GetFileType

GetStdHandle

ExitProcess

GetModuleHandleExW

ExitThread

HeapReAlloc

HeapFree

HeapAlloc

RtlUnwind

LoadLibraryW

UnregisterWaitEx

QueryDepthSList

InterlockedFlushSList

InterlockedPushEntrySList

InterlockedPopEntrySList

ReleaseSemaphore

VirtualProtect

VirtualFree

VirtualAlloc

GetVersionExW

LoadLibraryExW

GetModuleHandleA

GetModuleFileNameW

FreeLibraryAndExitThread

FreeLibrary

GetThreadTimes

UnregisterWait

RegisterWaitForSingleObject

SetThreadAffinityMask

GetProcessAffinityMask

GetNumaHighestNodeNumber

DeleteTimerQueueTimer

ChangeTimerQueueTimer

CreateTimerQueueTimer

GetLogicalProcessorInformation

GetThreadPriority

SetThreadPriority

CreateThread

SwitchToThread

SignalObjectAndWait

CreateTimerQueue

InitializeSListHead

GetStartupInfoW

TerminateProcess

SetUnhandledExceptionFilter

UnhandledExceptionFilter

ResetEvent

SetEvent

OutputDebugStringW

IsDebuggerPresent

GetCPInfo

GetLocaleInfoW

LCMapStringW

CompareStringW

GetProcAddress

GetModuleHandleW

GetTickCount

GetSystemTimeAsFileTime

TlsFree

TlsSetValue

TlsGetValue

TlsAlloc

CreateEventW

InitializeCriticalSectionAndSpinCount

SetLastError

GetStringTypeW

QueueUserWorkItem

IsProcessorFeaturePresent

EncodePointer

QueryPerformanceCounter

GetNativeSystemInfo

GetExitCodeThread

GetCurrentThread

Sleep

WaitForSingleObjectEx

MultiByteToWideChar

libwautils

?enable@WaRevocationCheck@WaCertificate@@QAEXXZ

?disable@WaRevocationCheck@WaCertificate@@QAEXXZ

?Is64@WaOSUtils@@QAE_NXZ

?isLicensed@WaLicense@@QBEHH@Z

?setComponentAllocation@WaComponentManager@@QAEHPA_WAAPAVWaExternalComponent@@@Z

?initModule@WaComponentManager@@QAEHABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@PB_WAAVWaJson@@@Z

?getComponent@WaComponentManager@@QBEHPB_WPAPAVWaExternalComponent@@@Z

?end@WaComponentManager@@QBE?AV?$_List_const_iterator@V?$_List_val@U?$_List_simple_types@U?$pair@$$CBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@VWaExternalComponent@@@std@@@std@@@std@@@std@@XZ

?begin@WaComponentManager@@QBE?AV?$_List_const_iterator@V?$_List_val@U?$_List_simple_types@U?$pair@$$CBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@VWaExternalComponent@@@std@@@std@@@std@@@std@@XZ

?create@WaJsonFactory@@SAHV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@AAVWaJson@@@Z

?get@WaDatabase@@SAHABW4WaDatabaseKey@@ABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@AAVWaJson@@_N@Z

?SendProxyMessage@WaThirdPartyGatewayHandle@@QAEHABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@AAV23@_N@Z

??0WaThirdPartyGatewayHandle@@QAE@H@Z

?cachedInvoke@WaExternalComponent@@QBEHAAVWaJson@@PAPA_W@Z

?getDllName@WaExternalComponent@@QBE?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@XZ

?getModuleName@WaExternalComponent@@QBE?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@XZ

?fileContents@WaFileUtils@@SAHV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@AAV23@_NHHAB_N2@Z

?remove@WaJson@@UAEXPB_W@Z

?dotGet@WaJson@@UAEHABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@AAV1@@Z

?dotGet@WaJson@@UAEHPB_WAAH@Z

?get@WaJson@@UBEHPB_WAAV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z

?put@WaJson@@UAEXPB_WABV1@@Z

?size@WaJson@@UBEIXZ

??0WaJson@@QAE@ABV0@@Z

??0WaJson@@QAE@_N@Z

??0WaJson@@QAE@$$QAUObjectConstructor@0@@Z

?getOESISVersion@WaFileInfo@@QAEHABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@0AAV23@@Z

??1WaFileInfo@@QAE@XZ

??0WaFileInfo@@QAE@XZ

?getMethod@Method@WaStaticDb@@YAPBUmethod@12@H@Z

?fileExists@WaFileUtils@@SAHABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@_NAB_N@Z

??1PerfLoggingScope@@QAE@XZ

??0PerfLoggingScope@@QAE@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z

?setEventPreLaunch@WaEventManager@@QAEXABW4WaEventType@1@$$QAV?$function@$$A6AHP6AXPA_W@ZHVWaJson@@@Z@std@@@Z

?setEventSink@WaEventManager@@QAEXABW4WaEventType@1@$$QAV?$function@$$A6AHP6AXPA_W@ZV?$shared_ptr@VWaSignalLock@@@std@@HVWaJson@@@Z@std@@@Z

?_dotRetrieve@WaJson@@EAEHPB_WAAV1@W4WaJsonType@@@Z

?_dotInsert@WaJson@@EAEHPB_WABV1@W4WaJsonType@@@Z

?_encodeString@WaJson@@EBE?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@ABV23@@Z

?_toPrettyString@WaJson@@EBE?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@H_N@Z

?_set@WaJson@@EAEXABH@Z

?_set@WaJson@@EAEX_N@Z

?_set@WaJson@@EAEXPB_W@Z

?_set@WaJson@@EAEX$$QAV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z

?_set@WaJson@@EAEXABV?$vector@VWaJson@@V?$wa_allocator@VWaJson@@@@@std@@@Z

?_set@WaJson@@EAEXABV?$unordered_map@$$CBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@VWaJson@@Uwa_map_hasher@@Uwa_map_equal_to@@V?$wa_allocator@U?$pair@$$CBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@VWaJson@@@std@@@@@std@@@Z

?_init@WaJson@@EAEXXZ

?removeRecursive@WaJson@@UAEXPB_W@Z

?first@WaJson@@UAE?AV1@XZ

?val@WaJson@@UBEHAAH@Z

?val@WaJson@@UBEHAAV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z

?val@WaJson@@UBEHAA_N@Z

?keys@WaJson@@UBE?AV?$set@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@U?$less@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@2@V?$allocator@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@2@@std@@XZ

?contains@WaJson@@UBE_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z

?remove@WaJson@@UAEXABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z

?remove@WaJson@@UAEXH@Z

?dotAdd@WaJson@@UAEHABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@ABV1@@Z

?dotPut@WaJson@@UAEHABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@ABV1@@Z

?dotAt@WaJson@@UAEHPB_WAAV1@@Z

?dotAt@WaJson@@UAEHABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@AAV1@@Z

?dotAt@WaJson@@UAEHPB_WAAV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z

?dotAt@WaJson@@UAEHABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@AAV23@@Z

?dotAt@WaJson@@UAEHPB_WAAH@Z

?dotAt@WaJson@@UAEHABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@AAH@Z

?dotAt@WaJson@@UAEHPB_WAA_N@Z

?dotAt@WaJson@@UAEHABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@AA_N@Z

?dotGet@WaJson@@UAEHPB_WAAV1@@Z

?dotGet@WaJson@@UAEHABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@AAV23@@Z

?dotGet@WaJson@@UAEHABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@AA_N@Z

?getString@WaJson@@UBE?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@XZ

?getInt@WaJson@@UBEHXZ

?get@WaJson@@UBEHABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@AAV23@@Z

?get@WaJson@@UBEHABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@AAH@Z

?get@WaJson@@UBEHABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@AA_N@Z

?get@WaJson@@UBEHABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@AAV1@@Z

?put@WaJson@@UAEXABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@ABV1@@Z

?put@WaJson@@UAEXABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@$$QAV1@@Z

?put@WaJson@@UAEXV?$initializer_list@U?$pair@PB_WVWaJson@@@std@@@std@@@Z

?at@WaJson@@UBE?AV1@I@Z

?add@WaJson@@UAEXABV1@@Z

?add@WaJson@@UAEX$$QAV1@@Z

?add@WaJson@@UAEXV?$initializer_list@VWaJson@@@std@@@Z

?isObjKeyType@WaJson@@UBE_NPB_WABW4WaJsonType@@@Z

?getObjKeyType@WaJson@@UBE?AW4WaJsonType@@PB_W@Z

?convert@WaJson@@UAEXABW4WaJsonType@@@Z

??MWaJson@@UBE_NABV0@@Z

??9WaJson@@UBE_NABV0@@Z

??8WaJson@@UBE_NABV0@@Z

??AWaJson@@UAEAAV0@I@Z

??AWaJson@@UBEABV0@I@Z

??AWaJson@@UAEAAV0@PB_W@Z

??AWaJson@@UBEABV0@PB_W@Z

??AWaJson@@UAEAAV0@ABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z

??AWaJson@@UBEABV0@ABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z

??YWaJson@@UAEAAV0@ABV0@@Z

??4WaJson@@UAEAAV0@$$QAV0@@Z

??4WaJson@@UAEAAV0@ABV0@@Z

??4WaJson@@UAEAAV0@PB_W@Z

??4WaJson@@UAEAAV0@ABH@Z

??4WaJson@@UAEAAV0@_N@Z

??4WaJson@@UAEAAV0@ABV?$vector@VWaJson@@V?$wa_allocator@VWaJson@@@@@std@@@Z

??4WaJson@@UAEAAV0@ABV?$unordered_map@$$CBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@VWaJson@@Uwa_map_hasher@@Uwa_map_equal_to@@V?$wa_allocator@U?$pair@$$CBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@VWaJson@@@std@@@@@std@@@Z

??0WaJson@@QAE@$$QAV0@@Z

?detectionCall@WaDebugInfo@@QAE?AV?$shared_ptr@U?$Scope@_N@WaDbgCallTracker@@@std@@XZ

?getUserPasswordProtected@WaOSUtils@@QAEHABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@0AA_NAAW4PasswordProtectionInfo@@@Z

?generateUUID@WaOSUtils@@QAEHAAV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z

?getDeviceID@WaOSUtils@@QAEHAAV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z

?revertImpersonation@WaOSUtils@@QAEHXZ

?impersonateCurrentUser@WaOSUtils@@QAEHXZ

?getUserName@WaOSUtils@@QAEHAAV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@0@Z

?instance@WaWmiThread@@SAPAV1@XZ

?getLicenseStatus@WaLicense@@QAEHPB_WAAV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z

?terminateProcess@WaTaskManager@@QAEHV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@ABV23@_NH@Z

?isProcessRunning@WaTaskManager@@QAE_NV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@ABV23@0@Z

?getListCerts@WaFileInfo@@SAHABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@AAV?$vector@VWaJson@@V?$wa_allocator@VWaJson@@@@@3@@Z

?getExeArchitecture@WaFileInfo@@SAHHAAVWaJson@@AB_N@Z

?getInfo@WaFileInfo@@QAEHPB_WW4_VI_STR@@AAV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@AB_N@Z

?Matches@WaRegex@@SA_NPB_W0@Z

?Match@WaRegex@@SAHPB_W0AAV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z

?open@WaRegKey@@QAEHXZ

?getPath@WaRegKey@@QAE?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@XZ

??1WaRegKey@@QAE@XZ

?getWscAvProducts@WaWmi@@UAEHAAVWaJson@@@Z

??1WaWmi@@UAE@XZ

??0WaWmi@@QAE@XZ

?launchProduct@WaProductUtils@@YAHH@Z

?getComponents@WaProductUtils@@YAHHAAV?$vector@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@V?$allocator@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@2@@std@@@Z

?getInstalledLanguage@WaProductUtils@@YAHABHAAVWaJson@@@Z

?getDefaultBrowserPath@WaProductUtils@@YAHAAV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z

?verifyMainComponentDigitalSignature@WaProductUtils@@YAHABHAAVWaJson@@ABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@AB_N@Z

?getMainInstallPath@WaProductUtils@@YAHHAAV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@ABV23@@Z

?getOSInfo@WaProductUtils@@YAHABVWaJson@@AAV2@@Z

?getMainComponent@WaProductUtils@@YAHHAAHAAV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@ABV23@@Z

?getUninstallHiveInfo@WaProductUtils@@YAHHAAVWaJson@@@Z

?getSha2HashForFile@WaHasher@@SAHABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@AAV23@_N@Z

?getMd5HashForFile@WaHasher@@SAHABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@AAV23@_N@Z

?evalDefinition@WaDetectionEngine@@SAHHABV?$vector@HV?$allocator@H@std@@@std@@AAVWaJson@@_N22@Z

?setShowBundleInfo@WaDetectionEngine@@QAEXAB_N@Z

?setShowUninstallHive@WaDetectionEngine@@QAEXAB_N@Z

?setProductDigitalSignatureVerification@WaDetectionEngine@@QAEX_N@Z

?setSingleThreaded@WaDetectionEngine@@QAEX_N@Z

?setAddInstallDateToResults@WaDetectionEngine@@QAEX_N@Z

?setAddInstallDirsToResults@WaDetectionEngine@@QAEX_N@Z

?setAddMethodsToResults@WaDetectionEngine@@QAEX_N@Z

?detectProducts@WaDetectionEngine@@QAEXABV?$vector@HV?$allocator@H@std@@@std@@AAVWaJson@@@Z

??1WaDetectionEngine@@QAE@XZ

??0WaDetectionEngine@@QAE@XZ

?getPathListFromFilePathJson@WaEvaluator@@SA?AV?$vector@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@V?$allocator@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@2@@std@@ABVWaJson@@@Z

?evaluateRegistryPath@WaEvaluator@@SAHABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@AAV?$vector@VWaRegKey@@V?$allocator@VWaRegKey@@@std@@@3@@Z

?evaluateFilePath@WaEvaluator@@SAHABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@AAHAAVWaJson@@ABH0@Z

?evaluateFilePath@WaEvaluator@@SAHABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@AAHAAV23@ABH0@Z

?splitExpressionFact@WaEvaluator@@SAHABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@AAW4WaDatabaseKey@@AAV23@@Z

?evaluateFact@WaEvaluator@@SAHW4WaDatabaseKey@@ABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@PAVWaJson@@@Z

?evaluateExpression@WaEvaluator@@SAHABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z

?canExecuteByAllUsers@WaFileUtils@@SAHABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z

?verifyFileAuthenticity@WaFileUtils@@SAHABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@AA_NAAV23@AB_N@Z

?getSigningStatus@WaFileUtils@@SAHABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@AAHAA_NAAV23@@Z

?getFileVersionFromPath@WaFileUtils@@SAHABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@ABHAAV23@AB_N@Z

?directoryExists@WaFileUtils@@SAHABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@_NAB_N@Z

?remove@WaCache@@QAEHABW4WaCacheNamespace@@ABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@PB_W@Z

?get@WaCache@@QAEHABW4WaCacheNamespace@@ABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@PB_WAAVWaJson@@@Z

?insert@WaCache@@QAEHABW4WaCacheNamespace@@ABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@PB_WABVWaJson@@@Z

?deallocate@WaMemoryPoolManager@@QAEXIPAX@Z

??0WaJson@@QAE@ABV?$vector@VWaJson@@V?$wa_allocator@VWaJson@@@@@std@@@Z

??0WaJson@@QAE@W4WaJsonType@@@Z

?getServiceSnapshot@WaServiceManager@@QAEHAAVWaJson@@@Z

?getService@WaServiceManager@@QAEHV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@AAUWaService@@@Z

?getCurrentEpochTime@WaTime@@YAHXZ

?writeToFile@WaDebugInfo@@QAEHABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@_NW4LOG_LEVEL@1@V?$set@W4LOG_COMPONENT@WaDebugInfo@@U?$less@W4LOG_COMPONENT@WaDebugInfo@@@std@@V?$allocator@W4LOG_COMPONENT@WaDebugInfo@@@4@@3@11@Z

?setCurrentSignatureId@WaDebugInfo@@QAE?AV?$shared_ptr@U?$Scope@H@WaDbgCallTracker@@@std@@H@Z

?setVersionStamp@WaHttp@@QAEXABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z

?isRemoteConnected@WaEndPointManager@@QAE_NXZ

?instance@?$Singleton@VWaWuaProgressReceiver@@@@SAPAVWaWuaProgressReceiver@@XZ

?destroy@?$Singleton@VWaWMIManager@@@@SAXXZ

?destroy@?$Singleton@VWaEndPointManager@@@@SAXXZ

?instance@?$Singleton@VWaEndPointManager@@@@SAPAVWaEndPointManager@@XZ

?destroy@?$Singleton@VWaSecuredTempFile@@@@SAXXZ

?destroy@?$Singleton@VWaNet@@@@SAXXZ

?destroy@?$Singleton@VWaOSUtils@@@@SAXXZ

?instance@?$Singleton@VWaOSUtils@@@@SAPAVWaOSUtils@@XZ

?destroy@?$Singleton@VWaServiceManager@@@@SAXXZ

?instance@?$Singleton@VWaServiceManager@@@@SAPAVWaServiceManager@@XZ

?destroy@?$Singleton@VWaCryptoApiWrapper@@@@SAXXZ

?instance@?$Singleton@VWaCryptoApiWrapper@@@@SAPAVWaCryptoApiWrapper@@XZ

?destroy@?$Singleton@VWaMemoryPoolManager@@@@SAXXZ

?instance@?$Singleton@VWaMemoryPoolManager@@@@SAPAVWaMemoryPoolManager@@XZ

?instance@WaHttp@@SAPAV1@XZ

?destroy@WaHttp@@SAXXZ

?initialize@WaHttp@@QAEHXZ

?calculateVersionStamp@WaHttp@@SA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@XZ

?registerNotifier@WaServiceManager@@QAEHUWaServiceMgrParam@@@Z

?unregisterNotifier@WaServiceManager@@QAEXXZ

??0WaJson@@QAE@ABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@ABV0@@Z

??0WaJson@@QAE@ABH@Z

??0WaJson@@QAE@PB_W@Z

??0WaJson@@QAE@XZ

??1WaJson@@UAE@XZ

?getType@WaJson@@UBE?AW4WaJsonType@@XZ

?isType@WaJson@@UBE_NABW4WaJsonType@@@Z

?clear@WaJson@@UAEXXZ

?put@WaJson@@UAEXPB_W$$QAV1@@Z

?get@WaJson@@UBEHPB_WAAV1@@Z

?get@WaJson@@UBEHPB_WAA_N@Z

?get@WaJson@@UBEHPB_WAAH@Z

?get@WaJson@@UBE?AV1@PB_W@Z

?getBool@WaJson@@UBE_NXZ

?dotGet@WaJson@@UAEHPB_WAA_N@Z

?dotGet@WaJson@@UAEHABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@AAH@Z

?dotGet@WaJson@@UAEHPB_WAAV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z

?dotPut@WaJson@@UAEHPB_WABV1@@Z

?dotAdd@WaJson@@UAEHPB_WABV1@@Z

?contains@WaJson@@UBE_NPB_W@Z

?toString@WaJson@@UBE?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@XZ

?toPrettyString@WaJson@@UBE?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@XZ

?toCharPointer@WaJson@@UBEXPAPA_W@Z

?toPrettyCharPointer@WaJson@@UBEXPAPA_W@Z

?setObjectsPerPool@WaMemoryPoolManager@@QAEXI@Z

?instance@WaCache@@SAPAV1@XZ

?destroy@WaCache@@SAXXZ

?initialize@WaCache@@QAEHXZ

?cache@WaCache@@QAEHXZ

?instance@WaEventManager@@SAPAV1@XZ

?destroy@WaEventManager@@SAXXZ

?registerEvent@WaEventManager@@QAEHABVWaJson@@P6AXPA_W@ZAAH@Z

?unregisterEvent@WaEventManager@@QAEHABH@Z

?getDeploymentPath@WaFileUtils@@SAHAAV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z

?invoke@WaExternalComponent@@QBEHAAVWaJson@@0@Z

?destroy@WaThirdPartyGatewayHandle@@SAXXZ

?instance@WaRegistry@@SAPAV1@XZ

?destroy@WaRegistry@@SAXXZ

?registerNotifier@WaRegistry@@QAEHXZ

?unregisterNotifier@WaRegistry@@QAEXXZ

?instance@WaDatabase@@SAPAV1@XZ

?destroy@WaDatabase@@SAXXZ

?initialize@WaDatabase@@QAEHXZ

?switchToOnlineMode@WaDatabase@@QAEHXZ

?cache@WaDatabase@@QAEHXZ

?switchToOfflineMode@WaDatabase@@SAXXZ

?wCaseCmp@WaStringUtils@@YAHPB_W0@Z

?trim@WaStringUtils@@YAAAV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@AAV23@@Z

?create@WaJsonFactory@@SAHPB_WAAVWaJson@@@Z

?getActualError@WaCallTree@@SAHAAVWaJson@@@Z

?getCallTree@WaCallTree@@SAXAAVWaJson@@@Z

?evaluateResult@WaCallTree@@SAHH@Z

?instance@WaCallTree@@SAPAV1@ABVid@thread@std@@@Z

?destroy@WaCallTree@@SAXXZ

?removeThreadStack@WaCallTree@@SAXABVid@thread@std@@@Z

?getTickCount@WaTime@@YA_JXZ

?instance@WaConfigurations@@SAPAV1@XZ

?destroy@WaConfigurations@@SAXXZ

?instance@WaComponentManager@@SAPAV1@XZ

?destroy@WaComponentManager@@SAXXZ

?initialize@WaComponentManager@@QAEHXZ

?getComponent@WaComponentManager@@QBEHABHPAPAVWaExternalComponent@@@Z

?freeComponentAllocation@WaComponentManager@@QAEHPA_W@Z

?initialize@WaEndPointManager@@QAEHABVWaJson@@@Z

?instance@WaTaskManager@@SAPAV1@XZ

?destroy@WaTaskManager@@SAXXZ

?startTaskManager@WaTaskManager@@QAEHUWaTaskMgrParam@@@Z

?instance@WaLicense@@SAPAV1@XZ

?destroy@WaLicense@@SAXXZ

?init@WaLicense@@QAEHXZ

?renew@WaLicense@@QAEHXZ

?getUserId@WaLicense@@QAEHAAV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z

?setModuleOutput@WaApiUtils@@YAH_KABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@PB_WHAAVWaJson@@@Z

?addUtilsOwnerTag@WaApiUtils@@YAHPB_WAAV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z

?isUtilsOwnerTagPresent@WaApiUtils@@YA_NPB_W@Z

?isTeardownRequest@WaApiUtils@@YA_NABVWaJson@@@Z

?updateLicenseFile@WaApiUtils@@YAH_N0PAVWaJson@@@Z

?instance@WaRevocationCheck@WaCertificate@@SAPAV12@XZ

?destroy@WaRevocationCheck@WaCertificate@@SAXXZ

?setEnabled@WaRevocationCheckUtilsLocal@WaCertificate@@SAX_N@Z

?destroy@WaWmiThread@@SAXXZ

?destroy@WaCustomDetection@@SAXXZ

?initialize@WaOSUtils@@QAEXXZ

?instance@WaDebugInfo@@SAPAV1@XZ

?destroy@WaDebugInfo@@SAXXZ

?initializeCrypto@WaDebugInfo@@QAEHXZ

?setupCall@WaDebugInfo@@QAE?AV?$shared_ptr@U?$Scope@_N@WaDbgCallTracker@@@std@@PB_W@Z

?invokeCall@WaDebugInfo@@QAE?AV?$shared_ptr@U?$Scope@_N@WaDbgCallTracker@@@std@@ABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@3@@Z

?teardownCall@WaDebugInfo@@QAEXXZ

?freeCall@WaDebugInfo@@QAEXXZ

?setCurrentMethodId@WaDebugInfo@@QAE?AV?$shared_ptr@U?$Scope@H@WaDbgCallTracker@@@std@@H@Z

?get@WaJson@@UBE?AV1@ABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z

msi

ord70

Exports

wa_api_free

wa_api_invoke

wa_api_register_handler

wa_api_setup

wa_api_teardown

wa_api_unregister_handler

Sections

.text
Size: 522KB - Virtual size: 522KB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

.rdata
Size: 178KB - Virtual size: 178KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.data
Size: 17KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.reloc
Size: 35KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_DISCARDABLE

IMAGE_SCN_MEM_READ

x86/libwaheap.dll

.dll windows:6 windows x86 arch:x86

1cbaa094a4c4ac00ce6bb31669d8f7a7

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

09:02:b3:6b:32:51:c3:28:08:3f:77:7c:a0:84:28:ff
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

16/09/2022, 00:00

Not After

17/09/2025, 23:59

Subject

CN=Avast Software s.r.o.,O=Avast Software s.r.o.,L=Praha,C=CZ

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

9d:f6:67:d4:ae:b2:45:ed:6a:3f:4b:d7:9d:4b:5d:ee:a2:b9:1d:7d:98:81:56:1c:83:2c:25:9a:27:8d:f2:4b
Signer

Actual PE Digest

9d:f6:67:d4:ae:b2:45:ed:6a:3f:4b:d7:9d:4b:5d:ee:a2:b9:1d:7d:98:81:56:1c:83:2c:25:9a:27:8d:f2:4b

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_32BIT_MACHINE

IMAGE_FILE_DLL

PDB Paths

libwaheap.pdb

Imports

kernel32

HeapCreate

HeapDestroy

UnhandledExceptionFilter

SetUnhandledExceptionFilter

GetCurrentProcess

TerminateProcess

IsProcessorFeaturePresent

QueryPerformanceCounter

GetCurrentProcessId

GetCurrentThreadId

GetSystemTimeAsFileTime

InitializeSListHead

IsDebuggerPresent

GetStartupInfoW

GetModuleHandleW

InterlockedFlushSList

RtlUnwind

GetLastError

SetLastError

EnterCriticalSection

LeaveCriticalSection

DeleteCriticalSection

InitializeCriticalSectionAndSpinCount

TlsAlloc

TlsGetValue

TlsSetValue

TlsFree

FreeLibrary

GetProcAddress

LoadLibraryExW

ExitProcess

GetModuleHandleExW

GetModuleFileNameW

HeapFree

HeapAlloc

FindClose

FindFirstFileExW

FindNextFileW

IsValidCodePage

GetACP

GetOEMCP

GetCPInfo

GetCommandLineA

GetCommandLineW

MultiByteToWideChar

WideCharToMultiByte

GetEnvironmentStringsW

FreeEnvironmentStringsW

LCMapStringW

GetProcessHeap

GetStdHandle

GetFileType

GetStringTypeW

HeapSize

HeapReAlloc

SetStdHandle

FlushFileBuffers

WriteFile

GetConsoleOutputCP

GetConsoleMode

SetFilePointerEx

CreateFileW

CloseHandle

WriteConsoleW

DecodePointer

RaiseException

Exports

_wa_getHeap@0

Sections

.text
Size: 43KB - Virtual size: 43KB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

.rdata
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_DISCARDABLE

IMAGE_SCN_MEM_READ

x86/libwalocal.dll

.dll windows:6 windows x86 arch:x86

f15c536bcf5e48378d7d3348519c8d11

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

09:02:b3:6b:32:51:c3:28:08:3f:77:7c:a0:84:28:ff
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

16/09/2022, 00:00

Not After

17/09/2025, 23:59

Subject

CN=Avast Software s.r.o.,O=Avast Software s.r.o.,L=Praha,C=CZ

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

6e:34:15:b4:df:88:ef:bc:92:89:11:72:ee:e0:a7:80:ce:3b:2a:19:d4:9a:36:dd:4b:db:3c:c1:3a:d5:c4:2c
Signer

Actual PE Digest

6e:34:15:b4:df:88:ef:bc:92:89:11:72:ee:e0:a7:80:ce:3b:2a:19:d4:9a:36:dd:4b:db:3c:c1:3a:d5:c4:2c

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_32BIT_MACHINE

IMAGE_FILE_DLL

PDB Paths

libwalocal.pdb

Imports

libwaapi

wa_api_invoke

wa_api_free

libwaheap

_wa_getHeap@0

kernel32

SetUnhandledExceptionFilter

GetCurrentProcess

UnregisterWaitEx

AreFileApisANSI

ReadFile

TryEnterCriticalSection

HeapCreate

HeapFree

EnterCriticalSection

GetFullPathNameW

WriteFile

GetDiskFreeSpaceW

OutputDebugStringA

LockFile

LeaveCriticalSection

InitializeCriticalSection

SetFilePointer

GetFullPathNameA

SetEndOfFile

UnlockFileEx

GetTempPathW

CreateMutexW

WaitForSingleObject

CreateFileW

GetFileAttributesW

GetCurrentThreadId

UnmapViewOfFile

HeapValidate

HeapSize

MultiByteToWideChar

Sleep

GetTempPathA

FormatMessageW

GetDiskFreeSpaceA

GetLastError

GetFileAttributesA

GetFileAttributesExW

OutputDebugStringW

FlushViewOfFile

CreateFileA

LoadLibraryA

WaitForSingleObjectEx

DeleteFileA

DeleteFileW

HeapReAlloc

CloseHandle

RaiseException

GetSystemInfo

LoadLibraryW

HeapAlloc

HeapCompact

HeapDestroy

UnlockFile

GetProcAddress

LocalFree

LockFileEx

GetFileSize

DeleteCriticalSection

GetCurrentProcessId

GetProcessHeap

SystemTimeToFileTime

FreeLibrary

WideCharToMultiByte

GetSystemTimeAsFileTime

GetSystemTime

FormatMessageA

CreateFileMappingW

MapViewOfFile

QueryPerformanceCounter

GetTickCount

FlushFileBuffers

InitializeCriticalSectionEx

DecodePointer

ExpandEnvironmentStringsW

DeviceIoControl

TerminateProcess

IsProcessorFeaturePresent

QueryDepthSList

InterlockedPopEntrySList

ReleaseSemaphore

IsDebuggerPresent

GetStartupInfoW

GetModuleHandleW

UnhandledExceptionFilter

InitializeSListHead

VirtualProtect

VirtualFree

VirtualAlloc

GetVersionExW

GetModuleHandleA

GetThreadTimes

UnregisterWait

RegisterWaitForSingleObject

SetThreadAffinityMask

GetProcessAffinityMask

GetNumaHighestNodeNumber

DeleteTimerQueueTimer

ChangeTimerQueueTimer

CreateTimerQueueTimer

GetLogicalProcessorInformation

GetThreadPriority

SetThreadPriority

SwitchToThread

SignalObjectAndWait

SetEvent

CreateTimerQueue

WriteConsoleW

SetStdHandle

GetConsoleMode

GetConsoleOutputCP

SetFilePointerEx

GetFileSizeEx

SetEnvironmentVariableW

FreeEnvironmentStringsW

GetEnvironmentStringsW

GetCommandLineW

GetCommandLineA

GetOEMCP

GetACP

IsValidCodePage

FindNextFileW

FindFirstFileExW

FindClose

GetFileType

GetStdHandle

GetTimeZoneInformation

EnumSystemLocalesW

GetUserDefaultLCID

IsValidLocale

GetTimeFormatW

GetDateFormatW

GetModuleFileNameW

ExitProcess

GetModuleHandleExW

FreeLibraryAndExitThread

ExitThread

CreateThread

LoadLibraryExW

InterlockedFlushSList

InterlockedPushEntrySList

RtlUnwind

GetCPInfo

GetLocaleInfoW

LCMapStringW

CompareStringW

TlsFree

TlsSetValue

TlsGetValue

TlsAlloc

CreateEventW

InitializeCriticalSectionAndSpinCount

SetLastError

EncodePointer

GetStringTypeW

GetCurrentThread

DuplicateHandle

ole32

CoInitializeEx

CoUninitialize

CoCreateInstance

oleaut32

VariantChangeType

VariantClear

VariantInit

libwautils

?get@WaJson@@UBEHABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@AAV23@@Z

?get@WaJson@@UBEHPB_WAAH@Z

?get@WaJson@@UBEHABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@AAH@Z

?get@WaJson@@UBEHPB_WAA_N@Z

?get@WaJson@@UBEHABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@AA_N@Z

?get@WaJson@@UBEHPB_WAAV1@@Z

?get@WaJson@@UBEHABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@AAV1@@Z

?put@WaJson@@UAEXPB_WABV1@@Z

?put@WaJson@@UAEXPB_W$$QAV1@@Z

?put@WaJson@@UAEXABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@ABV1@@Z

?put@WaJson@@UAEXABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@$$QAV1@@Z

?put@WaJson@@UAEXV?$initializer_list@U?$pair@PB_WVWaJson@@@std@@@std@@@Z

?at@WaJson@@UBE?AV1@I@Z

?add@WaJson@@UAEXABV1@@Z

?add@WaJson@@UAEX$$QAV1@@Z

?add@WaJson@@UAEXV?$initializer_list@VWaJson@@@std@@@Z

?get@WaJson@@UBE?AV1@PB_W@Z

?clear@WaJson@@UAEXXZ

?isObjKeyType@WaJson@@UBE_NPB_WABW4WaJsonType@@@Z

?isType@WaJson@@UBE_NABW4WaJsonType@@@Z

?getObjKeyType@WaJson@@UBE?AW4WaJsonType@@PB_W@Z

?getType@WaJson@@UBE?AW4WaJsonType@@XZ

?convert@WaJson@@UAEXABW4WaJsonType@@@Z

??MWaJson@@UBE_NABV0@@Z

??9WaJson@@UBE_NABV0@@Z

??8WaJson@@UBE_NABV0@@Z

??AWaJson@@UAEAAV0@I@Z

??AWaJson@@UBEABV0@I@Z

??AWaJson@@UAEAAV0@PB_W@Z

??AWaJson@@UBEABV0@PB_W@Z

??AWaJson@@UAEAAV0@ABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z

??AWaJson@@UBEABV0@ABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z

??YWaJson@@UAEAAV0@ABV0@@Z

??4WaJson@@UAEAAV0@$$QAV0@@Z

??4WaJson@@UAEAAV0@ABV0@@Z

??4WaJson@@UAEAAV0@PB_W@Z

??4WaJson@@UAEAAV0@ABH@Z

??4WaJson@@UAEAAV0@_N@Z

??4WaJson@@UAEAAV0@ABV?$vector@VWaJson@@V?$wa_allocator@VWaJson@@@@@std@@@Z

??4WaJson@@UAEAAV0@ABV?$unordered_map@$$CBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@VWaJson@@Uwa_map_hasher@@Uwa_map_equal_to@@V?$wa_allocator@U?$pair@$$CBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@VWaJson@@@std@@@@@std@@@Z

??1WaJson@@UAE@XZ

??0WaJson@@QAE@XZ

??0WaJson@@QAE@ABV0@@Z

??0WaJson@@QAE@PB_W@Z

??0WaJson@@QAE@ABH@Z

??0WaJson@@QAE@ABV?$vector@VWaJson@@V?$wa_allocator@VWaJson@@@@@std@@@Z

??0WaJson@@QAE@ABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@ABV0@@Z

??0WaJson@@QAE@W4WaJsonType@@@Z

?instance@?$Singleton@VWaMemoryPoolManager@@@@SAPAVWaMemoryPoolManager@@XZ

?instance@?$Singleton@VWaSecuredTempFile@@@@SAPAVWaSecuredTempFile@@XZ

?instance@?$Singleton@VWaEndPointManager@@@@SAPAVWaEndPointManager@@XZ

?isUseRegularExpressionInDirectoryPath@WaEvaluator@@SA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z

?isRemoteConnected@WaEndPointManager@@QAE_NXZ

?byteArrayToEpoch@WaTime@@YGHABQAEAAH@Z

?bytesToWString@WaStringUtils@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@PAEI_N@Z

?evaluateRegistryFact@WaEvaluator@@SAHABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@AAVWaJson@@_N@Z

?evaluateFilePath@WaEvaluator@@SAHABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@AAHAAVWaJson@@ABH0@Z

?evaluateServiceFact@WaEvaluator@@SAHABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@AAVWaJson@@_N@Z

?httpGet@WaNet@@QAEHABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@HAAV23@0@Z

??0WaJson@@QAE@$$QAV0@@Z

?instance@?$Singleton@VWaNet@@@@SAPAVWaNet@@XZ

?create@WaJsonFactory@@SAHPB_WAAVWaJson@@@Z

?getUserName@WaOSUtils@@QAEHAAV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@0@Z

?getProcessSnapshot@WaTaskManager@@QAEHAAVWaJson@@ABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z

?getInternetState@WaEndPointManager@@QAEHV?$vector@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@V?$allocator@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@2@@std@@HHAA_N@Z

?Match@WaRegex@@SAHPB_W0AAV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z

?instance@?$Singleton@VWaOSUtils@@@@SAPAVWaOSUtils@@XZ

?Matches@WaRegex@@SA_NPB_W0@Z

?CaptureAll@WaRegex@@SAHPB_W0AAV?$vector@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@V?$allocator@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@2@@std@@@Z

?query@WaWMIManager@@QAEHPB_W0ABV?$vector@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@V?$allocator@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@2@@std@@AAVWaJson@@HH_N@Z

?getCurrentEpochTime@WaTime@@YGHAAH@Z

?timeStringToEpochTime@WaTime@@YGHABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@0AAH@Z

?getTimeString@WaTime@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@ABV23@_NAB_J@Z

?split@WaStringUtils@@YAHABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@_WAAV?$vector@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@V?$allocator@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@2@@3@_N@Z

?instance@?$Singleton@VWaWMIManager@@@@SAPAVWaWMIManager@@XZ

?base64Decode@WaBase64@@QAE?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@ABV23@@Z

?getExeArchitecture@WaFileInfo@@SAHHAAVWaJson@@AB_N@Z

?instance@WaConfigurations@@SAPAV1@XZ

?getInstalledLanguage@WaProductUtils@@YAHABHAAVWaJson@@@Z

?create@WaJsonFactory@@SAHV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@AAVWaJson@@@Z

?get@WaDatabase@@SAHABW4WaDatabaseKey@@ABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@AAVWaJson@@_N@Z

?instance@WaDatabase@@SAPAV1@XZ

?isRegistered@WaSelfProtection@@QBE_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z

?registerModule@WaSelfProtection@@QAEHABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z

??1WaSelfProtection@@QAE@XZ

??0WaSelfProtection@@QAE@XZ

??0WaJson@@QAE@_N@Z

?revertImpersonation@WaOSUtils@@QAEHXZ

?comErrorToString@WaComUtils@@SA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@J@Z

?get@WaRegKey@@QAEHABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@AAV23@_N@Z

?open@WaRegKey@@QAEHPAUHKEY__@@ABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@K@Z

??1WaRegKey@@QAE@XZ

??0WaRegKey@@QAE@PAUHKEY__@@ABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z

?getApiGuardKey@WaCache@@QAEHAAV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z

?instance@WaCache@@SAPAV1@XZ

??0WaJson@@QAE@$$QAUObjectConstructor@0@@Z

?getWSCProductState@WaOSUtils@@QAEHW4_WSC_SECURITY_PROVIDER@@ABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@AAW4WSC_SECURITY_PRODUCT_STATE@@@Z

?queryEventlog@WaOSUtils@@QAEHABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@0AAVWaJson@@ABH2@Z

?getAllAsJsonObjectRecursive@WaRegKey@@QAEHAAVWaJson@@@Z

?get@WaJson@@UBEHPB_WAAV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z

?setPath@WaRegKey@@QAEXABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z

?getRegLocationEnum@WaRegistry@@SAHV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@0AAH@Z

?getRegKeyFromLocation@WaRegistry@@SAHW4WaRegistryLocation@@AAVWaRegKey@@@Z

?instance@WaRegistry@@SAPAV1@XZ

?execute@WaPowerShellGateway@@YGHPB_WAAV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@H_NAAK2@Z

?shellExecute@WaProcessUtils@@SAHABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@0HAAKAAV23@H_N@Z

?instance@WaWmiThread@@SAPAV1@XZ

?readArchitectureInfo@WaFileInfo@@SAHABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@AAV23@AAH@Z

?getLanguageInfo@WaProductUtils@@YAHABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@AAV23@ABW4LanguageInfo@@@Z

?trimRight@WaStringUtils@@YAAAV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@AAV23@@Z

?isCurrentPermissionGTE@WaProcessUtils@@SAHABHAA_N@Z

?shellExecuteAsUser@WaProcessUtils@@SAHABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@0HAAKAAV23@H_N3@Z

?launchProcessAsUser@WaProcessUtils@@SAHABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@0PAHHPAKPAV23@H@Z

?launchProcess@WaProcessUtils@@SAHABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@0PAHHPAKPAV23@H@Z

?getInt@WaJson@@UBEHXZ

?getString@WaJson@@UBE?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@XZ

?getBool@WaJson@@UBE_NXZ

?dotGet@WaJson@@UAEHABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@AA_N@Z

?dotGet@WaJson@@UAEHPB_WAA_N@Z

?dotGet@WaJson@@UAEHABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@AAH@Z

?dotGet@WaJson@@UAEHPB_WAAH@Z

?dotGet@WaJson@@UAEHABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@AAV23@@Z

?dotGet@WaJson@@UAEHPB_WAAV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z

?dotGet@WaJson@@UAEHABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@AAV1@@Z

?dotGet@WaJson@@UAEHPB_WAAV1@@Z

?dotAt@WaJson@@UAEHABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@AA_N@Z

?dotAt@WaJson@@UAEHPB_WAA_N@Z

?dotAt@WaJson@@UAEHABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@AAH@Z

?dotAt@WaJson@@UAEHPB_WAAH@Z

?dotAt@WaJson@@UAEHABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@AAV23@@Z

?dotAt@WaJson@@UAEHPB_WAAV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z

?dotAt@WaJson@@UAEHABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@AAV1@@Z

?dotAt@WaJson@@UAEHPB_WAAV1@@Z

?dotPut@WaJson@@UAEHABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@ABV1@@Z

?dotPut@WaJson@@UAEHPB_WABV1@@Z

?dotAdd@WaJson@@UAEHABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@ABV1@@Z

?dotAdd@WaJson@@UAEHPB_WABV1@@Z

?remove@WaJson@@UAEXH@Z

?remove@WaJson@@UAEXABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z

?remove@WaJson@@UAEXPB_W@Z

?contains@WaJson@@UBE_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z

?contains@WaJson@@UBE_NPB_W@Z

?keys@WaJson@@UBE?AV?$set@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@U?$less@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@2@V?$allocator@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@2@@std@@XZ

?val@WaJson@@UBEHAA_N@Z

?val@WaJson@@UBEHAAV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z

?val@WaJson@@UBEHAAH@Z

?toString@WaJson@@UBE?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@XZ

?toPrettyString@WaJson@@UBE?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@XZ

?toCharPointer@WaJson@@UBEXPAPA_W@Z

?toPrettyCharPointer@WaJson@@UBEXPAPA_W@Z

?first@WaJson@@UAE?AV1@XZ

?removeRecursive@WaJson@@UAEXPB_W@Z

?_init@WaJson@@EAEXXZ

?_set@WaJson@@EAEXABV?$unordered_map@$$CBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@VWaJson@@Uwa_map_hasher@@Uwa_map_equal_to@@V?$wa_allocator@U?$pair@$$CBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@VWaJson@@@std@@@@@std@@@Z

?_set@WaJson@@EAEXABV?$vector@VWaJson@@V?$wa_allocator@VWaJson@@@@@std@@@Z

?_set@WaJson@@EAEX$$QAV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z

?_set@WaJson@@EAEXPB_W@Z

?_set@WaJson@@EAEX_N@Z

?_set@WaJson@@EAEXABH@Z

?_toPrettyString@WaJson@@EBE?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@H_N@Z

?_encodeString@WaJson@@EBE?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@ABV23@@Z

?_dotInsert@WaJson@@EAEHPB_WABV1@W4WaJsonType@@@Z

?_dotRetrieve@WaJson@@EAEHPB_WAAV1@W4WaJsonType@@@Z

?allocate@WaMemoryPoolManager@@QAEPAXI@Z

?deallocate@WaMemoryPoolManager@@QAEXIPAX@Z

?isElevated@WaProcessUtils@@SA_NPAX@Z

?fileContents@WaFileUtils@@SAHV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@AAV23@_NHHAB_N2@Z

?binaryFileContents@WaFileUtils@@SAHV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@AAV23@_NHHAB_N@Z

?fileContains@WaFileUtils@@SAHV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@ABV23@AAV?$vector@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@V?$allocator@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@2@@3@_N3AB_N@Z

?fileExists@WaFileUtils@@SAHABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@_NAB_N@Z

?getFileVersionFromPath@WaFileUtils@@SAHABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@ABHAAV23@AB_N@Z

?directoryContents@WaFileUtils@@SAHABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@AAVWaJson@@H_NAB_N@Z

?calculateDirectoryDepth@WaFileUtils@@SAHAAV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@AA_NAAH@Z

?createTempFile@WaFileUtils@@SAHABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@AAV23@@Z

?copyFileToTemp@WaFileUtils@@SAHABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@AAV23@@Z

?deleteTempFile@WaFileUtils@@SAHABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z

?evaluateDirectoryRegex@WaEvaluator@@SAHABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@0AAV?$vector@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@V?$allocator@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@2@@3@@Z

?getHashString@WaHasher@@SAHABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@AAV23@W4WaHashAlg@@_N@Z

?ensurePathEnding@WaStringUtils@@YAXAAV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z

?isNumber@WaStringUtils@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z

?evaluateResult@WaCallTree@@SAHH@Z

?instance@WaCallTree@@SAPAV1@ABVid@thread@std@@@Z

?Capture@WaRegex@@SAHPB_W0AAV?$vector@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@V?$allocator@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@2@@std@@@Z

??0WaFileInfo@@QAE@XZ

??1WaFileInfo@@QAE@XZ

?getLastModifiedTime@WaFileInfo@@QAEHPB_WAAHAB_N@Z

?getListCerts@WaFileInfo@@SAHABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@AAV?$vector@VWaJson@@V?$wa_allocator@VWaJson@@@@@3@@Z

?toRemoteTempFile@WaEndPointManager@@QAEHABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@AAV23@@Z

?toRemotePath@WaEndPointManager@@QAE?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@ABV23@@Z

?getEnvironmentFolder@WaEndPointManager@@QAEHABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@AAV23@@Z

?instance@WaTaskManager@@SAPAV1@XZ

?terminateProcess@WaTaskManager@@QAEHH_NH@Z

?terminateProcess@WaTaskManager@@QAEHV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@ABV23@_NH@Z

?instance@WaDebugInfo@@SAPAV1@XZ

?writeToFile@WaDebugInfo@@QAEHABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@_NW4LOG_LEVEL@1@V?$set@W4LOG_COMPONENT@WaDebugInfo@@U?$less@W4LOG_COMPONENT@WaDebugInfo@@@std@@V?$allocator@W4LOG_COMPONENT@WaDebugInfo@@@4@@3@11@Z

?contents@WaSecuredTempFile@@QAEHABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@AAV23@@Z

?binaryContents@WaSecuredTempFile@@QAEHABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@AAV23@@Z

?contains@WaSecuredTempFile@@QAEHV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@ABV23@AAV?$vector@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@V?$allocator@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@2@@3@_N@Z

?create@WaSecuredTempFile@@QAEHABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@AAV23@_N@Z

?remove@WaSecuredTempFile@@QAEHABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z

?open@WaRegKey@@QAEHXZ

?get@WaJson@@UBE?AV1@ABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z

?size@WaJson@@UBEIXZ

Exports

wa_comp_free

wa_comp_setup

wa_comp_teardown

wa_local_invoke_script

Sections

.text
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

.rdata
Size: 242KB - Virtual size: 242KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.data
Size: 19KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.reloc
Size: 46KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_DISCARDABLE

IMAGE_SCN_MEM_READ

x86/libwaresource.dll

.dll windows:6 windows x86 arch:x86

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

09:02:b3:6b:32:51:c3:28:08:3f:77:7c:a0:84:28:ff
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

16/09/2022, 00:00

Not After

17/09/2025, 23:59

Subject

CN=Avast Software s.r.o.,O=Avast Software s.r.o.,L=Praha,C=CZ

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

55:b0:6b:7c:ea:b2:ad:b0:fe:6e:64:ca:8f:fd:5c:4d:ab:23:4c:05:a5:a3:54:d0:2e:74:a3:8f:50:78:0f:07
Signer

Actual PE Digest

55:b0:6b:7c:ea:b2:ad:b0:fe:6e:64:ca:8f:fd:5c:4d:ab:23:4c:05:a5:a3:54:d0:2e:74:a3:8f:50:78:0f:07

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_32BIT_MACHINE

IMAGE_FILE_DLL

PDB Paths

libwaresource.pdb

Sections

.rdata
Size: 512B - Virtual size: 260B

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.rsrc
Size: 4.4MB - Virtual size: 4.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

x86/libwautils.dll

.dll windows:6 windows x86 arch:x86

712211b1b420fa2ec5aa317b55c37e5c

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

09:02:b3:6b:32:51:c3:28:08:3f:77:7c:a0:84:28:ff
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

16/09/2022, 00:00

Not After

17/09/2025, 23:59

Subject

CN=Avast Software s.r.o.,O=Avast Software s.r.o.,L=Praha,C=CZ

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

65:93:a4:32:03:0b:00:47:00:70:ce:1e:47:38:55:32:fd:a1:4e:e9:af:d6:29:2e:d9:a8:84:f5:5b:2b:5e:f4
Signer

Actual PE Digest

65:93:a4:32:03:0b:00:47:00:70:ce:1e:47:38:55:32:fd:a1:4e:e9:af:d6:29:2e:d9:a8:84:f5:5b:2b:5e:f4

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_32BIT_MACHINE

IMAGE_FILE_DLL

PDB Paths

libwautils.pdb

Imports

setupapi

SetupDiGetClassDevsW

SetupDiGetDeviceRegistryPropertyW

SetupDiEnumDeviceInfo

SetupDiDestroyDeviceInfoList

rpcrt4

UuidCreate

RpcStringFreeW

UuidToStringW

dbghelp

SymCleanup

StackWalk64

secur32

LsaFreeReturnBuffer

GetUserNameExW

LsaGetLogonSessionData

LsaEnumerateLogonSessions

wtsapi32

WTSCloseServer

WTSEnumerateSessionsW

WTSFreeMemory

WTSOpenServerExW

WTSQuerySessionInformationW

WTSQueryUserToken

WTSEnumerateProcessesW

libwaheap

_wa_getHeap@0

crypt32

CryptHashCertificate

CryptImportPublicKeyInfo

CertFreeCertificateContext

CertOpenStore

CertCloseStore

CryptMsgGetParam

CertFindCertificateInStore

CertGetNameStringW

CryptMsgOpenToDecode

CryptMsgUpdate

CryptMsgClose

CryptImportPublicKeyInfoEx2

CryptQueryObject

CryptDecodeObjectEx

wintrust

CryptCATAdminCalcHashFromFileHandle

CryptCATAdminAcquireContext

CryptCATCatalogInfoFromContext

CryptCATAdminReleaseContext

WinVerifyTrust

CryptCATAdminEnumCatalogFromHash

version

GetFileVersionInfoW

GetFileVersionInfoSizeW

VerQueryValueW

winhttp

WinHttpQueryHeaders

WinHttpOpenRequest

WinHttpSetOption

WinHttpGetIEProxyConfigForCurrentUser

WinHttpGetProxyForUrl

WinHttpOpen

WinHttpCloseHandle

WinHttpQueryDataAvailable

WinHttpConnect

WinHttpSendRequest

WinHttpSetTimeouts

WinHttpReceiveResponse

WinHttpReadData

WinHttpAddRequestHeaders

kernel32

VirtualQuery

VirtualProtect

LoadLibraryExA

TryEnterCriticalSection

DuplicateHandle

GetExitCodeThread

GetNativeSystemInfo

InitializeSListHead

CreateTimerQueue

SignalObjectAndWait

SwitchToThread

SetThreadPriority

GetThreadPriority

WaitForSingleObjectEx

lstrcpynW

GetModuleFileNameW

InitializeCriticalSectionEx

GetLastError

RaiseException

DecodePointer

DeleteCriticalSection

FindFirstFileW

FindNextFileW

RemoveDirectoryW

FindClose

DeleteFileW

MoveFileExW

LocalAlloc

LoadLibraryW

GetProcAddress

LocalFree

FreeLibrary

GetCurrentProcessId

GetModuleHandleW

ReadFile

CreateNamedPipeW

CloseHandle

ConnectNamedPipe

GetTickCount64

GetLocalTime

SystemTimeToFileTime

OpenProcess

Sleep

ExpandEnvironmentStringsW

GetEnvironmentVariableW

WaitForSingleObject

CreateEventW

FormatMessageW

SetEvent

CopyFileW

ResetEvent

GetQueuedCompletionStatus

PostQueuedCompletionStatus

CreateIoCompletionPort

GetTickCount

CreateThread

SizeofResource

LockResource

LoadResource

FindResourceW

LoadLibraryExW

CreateDirectoryW

GetFileSizeEx

GetTempPathW

CreateFileW

GetFileAttributesW

GetLogicalProcessorInformation

GetCurrentThreadId

OpenThread

GlobalAlloc

GlobalFree

SetHandleInformation

SetLastError

WriteFile

WaitForMultipleObjects

InitializeProcThreadAttributeList

UpdateProcThreadAttribute

HeapAlloc

GetOverlappedResult

GetProcessHeap

SetNamedPipeHandleState

WaitNamedPipeW

GetLongPathNameW

GetLocaleInfoW

GetVersionExW

LCIDToLocaleName

LocaleNameToLCID

GetCurrentProcess

GetCurrentThread

K32GetModuleInformation

UnmapViewOfFile

lstrcmpiA

CreateFileMappingW

MapViewOfFile

CreateToolhelp32Snapshot

Process32NextW

Process32FirstW

GetSystemInfo

CreateProcessW

GetExitCodeProcess

TerminateProcess

K32EnumProcesses

QueryFullProcessImageNameW

HeapFree

ReleaseMutex

CreateMutexA

VirtualAlloc

VirtualFree

IsDebuggerPresent

UnhandledExceptionFilter

SetUnhandledExceptionFilter

IsProcessorFeaturePresent

EnterCriticalSection

LeaveCriticalSection

GetSystemTimeAsFileTime

QueryPerformanceCounter

QueryPerformanceFrequency

GetFullPathNameW

SetFilePointerEx

GetConsoleMode

ReadConsoleW

GetStdHandle

GetFileType

GetStartupInfoW

FlushFileBuffers

GetConsoleOutputCP

InitializeCriticalSectionAndSpinCount

TlsAlloc

TlsSetValue

TlsFree

GetDateFormatW

GetTimeFormatW

CompareStringW

LCMapStringW

IsValidLocale

GetUserDefaultLCID

EnumSystemLocalesW

MultiByteToWideChar

GetCPInfo

GetStringTypeW

IsValidCodePage

GetACP

GetOEMCP

GetTimeZoneInformation

GetDriveTypeW

WideCharToMultiByte

HeapReAlloc

SetStdHandle

ExitProcess

GetModuleHandleExW

GetCurrentDirectoryW

SetEndOfFile

WriteConsoleW

OutputDebugStringW

EncodePointer

GetEnvironmentStringsW

FreeEnvironmentStringsW

SetEnvironmentVariableW

HeapSize

CreateTimerQueueTimer

ChangeTimerQueueTimer

DeleteTimerQueueTimer

GetNumaHighestNodeNumber

GetProcessAffinityMask

SetThreadAffinityMask

RegisterWaitForSingleObject

UnregisterWait

GetThreadTimes

FreeLibraryAndExitThread

GetModuleHandleA

ReleaseSemaphore

InterlockedPopEntrySList

InterlockedPushEntrySList

InterlockedFlushSList

QueryDepthSList

UnregisterWaitEx

RtlUnwind

ExitThread

FindFirstFileExW

GetCommandLineA

GetCommandLineW

GetFileTime

TlsGetValue

user32

GetShellWindow

GetWindowTextW

MessageBoxW

GetWindowThreadProcessId

SendMessageW

PostThreadMessageW

EnumDesktopWindows

GetThreadDesktop

wsprintfW

advapi32

OpenSCManagerW

QueryServiceConfigW

OpenServiceW

CreateWellKnownSid

GetNamedSecurityInfoW

RegNotifyChangeKeyValue

RegCloseKey

RegOpenCurrentUser

RegOpenKeyExW

ConvertSidToStringSidW

RegConnectRegistryW

LookupAccountNameW

RevertToSelf

ImpersonateLoggedOnUser

LogonUserW

CloseServiceHandle

GetTokenInformation

ReportEventW

RegisterEventSourceW

LookupAccountSidW

DuplicateTokenEx

OpenProcessToken

DeregisterEventSource

CreateProcessAsUserW

IsWellKnownSid

RegQueryValueExW

EnumServicesStatusExW

RegEnumValueW

RegDeleteValueW

RegSetValueExW

RegDeleteTreeW

RegEnumKeyExW

shell32

ShellExecuteW

SHGetFolderPathW

ole32

CoCreateInstance

CoUninitialize

CoSetProxyBlanket

CoInitializeSecurity

CoInitializeEx

oleaut32

SafeArrayLock

SysAllocString

SysAllocStringByteLen

SysAllocStringLen

SafeArrayGetVartype

SysStringByteLen

SafeArrayCopy

SafeArrayGetLBound

SafeArrayCreate

SafeArrayDestroy

VariantInit

SafeArrayGetUBound

SysFreeString

VariantTimeToSystemTime

VariantClear

SafeArrayUnlock

shlwapi

PathFileExistsW

ws2_32

ioctlsocket

mpr

WNetCancelConnection2W

WNetAddConnection2W

authz

AuthzInitializeContextFromSid

AuthzFreeContext

AuthzFreeResourceManager

AuthzAccessCheck

AuthzInitializeResourceManager

netapi32

NetUserChangePassword

NetUserModalsGet

NetApiBufferFree

NetUserGetInfo

NetGetAnyDCName

wldap32

ord41

ord140

ord14

ord147

ord16

ord26

ord127

ord170

ord208

ord224

ord73

ord167

ord301

ord46

userenv

DestroyEnvironmentBlock

CreateEnvironmentBlock

Exports

??0?$Singleton@VDiagnoseParamHandler@@@@IAE@XZ

??0?$Singleton@VWaCryptoApiWrapper@@@@IAE@XZ

??0?$Singleton@VWaEndPointManager@@@@IAE@XZ

??0?$Singleton@VWaEndpointRegistry@@@@IAE@XZ

??0?$Singleton@VWaMemoryPoolManager@@@@IAE@XZ

??0?$Singleton@VWaNet@@@@IAE@XZ

??0?$Singleton@VWaOSUtils@@@@IAE@XZ

??0?$Singleton@VWaSecuredTempFile@@@@IAE@XZ

??0?$Singleton@VWaServiceManager@@@@IAE@XZ

??0?$Singleton@VWaWMIManager@@@@IAE@XZ

??0?$Singleton@VWaWinRM@@@@IAE@XZ

??0?$Singleton@VWaWuaProgressReceiver@@@@IAE@XZ

??0DiagnoseParamHandler@@AAE@XZ

??0PerfLoggingScope@@QAE@ABV0@@Z

??0PerfLoggingScope@@QAE@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z

??0WTSConnection@WaEndPointManager@@QAE@XZ

??0WaCache@@AAE@XZ

??0WaCallTree@@IAE@XZ

??0WaCallTree@@QAE@ABV0@@Z

??0WaCallTreeBlocker@@QAE@XZ

??0WaCallTreeDisabled@@QAE@$$QAV0@@Z

??0WaCallTreeDisabled@@QAE@ABV0@@Z

??0WaCallTreeDisabled@@QAE@XZ

??0WaCallTreeNode@@IAE@XZ

??0WaCallTreeNode@@QAE@ABV0@@Z

??0WaCallTreeNode@@QAE@PAV0@HABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@11@Z

??0WaCallTreeNode@@QAE@PAV0@HABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@1H1@Z

??0WaComThread@@QAE@W4WaComInitType@0@@Z

??0WaComponentManager@@IAE@XZ

??0WaConfigurations@@AAE@XZ

??0WaConfigurationsBase@@AAE@AAUWaConfigurationsData@@@Z

??0WaCryptoApiWrapper@@QAE@XZ

??0WaCustomDetection@@AAE@XZ

??0WaDatabase@@AAE@XZ

??0WaDebugInfo@@AAE@XZ

??0WaDetectionEngine@@QAE@XZ

??0WaEndPointManager@@QAE@XZ

??0WaEndpointRegistry@@QAE@XZ

??0WaEventManager@@AAE@XZ

??0WaExternalComponent@@QAE@$$QAV0@@Z

??0WaExternalComponent@@QAE@PB_W0PBD111@Z

??0WaExternalComponent@@QAE@XZ

??0WaFileInfo@@QAE@XZ

??0WaFuncCallNode@@QAE@ABV0@@Z

??0WaFuncCallNode@@QAE@PAVWaCallTreeNode@@HABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@111@Z

??0WaGui@@QAE@XZ

??0WaHttp@@AAE@XZ

??0WaHttpLowLevel@@QAE@XZ

??0WaIConfigurations@@QAE@ABV0@@Z

??0WaIConfigurations@@QAE@XZ

??0WaJson@@QAE@$$QAUArrayConstructor@0@@Z

??0WaJson@@QAE@$$QAUObjectConstructor@0@@Z

??0WaJson@@QAE@$$QAV0@@Z

??0WaJson@@QAE@$$QAV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z

??0WaJson@@QAE@ABH@Z

??0WaJson@@QAE@ABV0@@Z

??0WaJson@@QAE@ABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@ABV0@@Z

??0WaJson@@QAE@ABV?$unordered_map@$$CBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@VWaJson@@Uwa_map_hasher@@Uwa_map_equal_to@@V?$wa_allocator@U?$pair@$$CBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@VWaJson@@@std@@@@@std@@@Z

??0WaJson@@QAE@ABV?$vector@VWaJson@@V?$wa_allocator@VWaJson@@@@@std@@@Z

??0WaJson@@QAE@PB_W@Z

??0WaJson@@QAE@W4WaJsonType@@@Z

??0WaJson@@QAE@XZ

??0WaJson@@QAE@_N@Z

??0WaLicense@@AAE@XZ

??0WaMemoryPool@@AAE@QAV0@@Z

??0WaMemoryPool@@QAE@II@Z

??0WaMemoryPoolManager@@AAE@XZ

??0WaNet@@AAE@XZ

??0WaOSUtils@@AAE@XZ

??0WaPooledIO@@QAE@XZ

??0WaRegKey@@QAE@ABV0@@Z

??0WaRegKey@@QAE@PAUHKEY__@@ABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z

??0WaRegistry@@AAE@XZ

??0WaReturnNode@@QAE@ABV0@@Z

??0WaReturnNode@@QAE@PAVWaCallTreeNode@@HABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@11@Z

??0WaReturnNode@@QAE@PAVWaCallTreeNode@@HABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@1H1@Z

??0WaRevocationCheck@WaCertificate@@AAE@XZ

??0WaRootNode@@QAE@ABV0@@Z

??0WaRootNode@@QAE@XZ

??0WaSecuredTempFile@@AAE@XZ

??0WaSelfProtection@@QAE@XZ

??0WaServiceManager@@AAE@XZ

??0WaTaskManager@@AAE@XZ

??0WaThirdPartyGatewayHandle@@QAE@H@Z

??0WaWMIManager@@QAE@XZ

??0WaWinRM@@QAE@XZ

??0WaWmi@@QAE@ABV0@@Z

??0WaWmi@@QAE@PB_W000@Z

??0WaWmi@@QAE@XZ

??0WaWmiThread@@IAE@XZ

??0WaWuaProgressReceiver@@QAE@XZ

??1?$Singleton@VDiagnoseParamHandler@@@@MAE@XZ

??1?$Singleton@VWaCryptoApiWrapper@@@@MAE@XZ

??1?$Singleton@VWaEndPointManager@@@@MAE@XZ

??1?$Singleton@VWaEndpointRegistry@@@@MAE@XZ

??1?$Singleton@VWaMemoryPoolManager@@@@MAE@XZ

??1?$Singleton@VWaNet@@@@MAE@XZ

??1?$Singleton@VWaOSUtils@@@@MAE@XZ

??1?$Singleton@VWaSecuredTempFile@@@@MAE@XZ

??1?$Singleton@VWaServiceManager@@@@MAE@XZ

??1?$Singleton@VWaWMIManager@@@@MAE@XZ

??1?$Singleton@VWaWinRM@@@@MAE@XZ

??1?$Singleton@VWaWuaProgressReceiver@@@@MAE@XZ

??1DiagnoseParamHandler@@UAE@XZ

??1PerfLoggingScope@@QAE@XZ

??1WTSConnection@WaEndPointManager@@QAE@XZ

??1WaCache@@AAE@XZ

??1WaCallTree@@MAE@XZ

??1WaCallTreeBlocker@@QAE@XZ

??1WaCallTreeDisabled@@UAE@XZ

??1WaCallTreeNode@@UAE@XZ

??1WaComThread@@UAE@XZ

??1WaComponentManager@@MAE@XZ

??1WaConfigurations@@EAE@XZ

??1WaConfigurationsBase@@AAE@XZ

??1WaCryptoApiWrapper@@UAE@XZ

??1WaCustomDetection@@AAE@XZ

??1WaDatabase@@AAE@XZ

??1WaDebugInfo@@AAE@XZ

??1WaDetectionEngine@@QAE@XZ

??1WaEndPointManager@@UAE@XZ

??1WaEndpointRegistry@@UAE@XZ

??1WaEventManager@@AAE@XZ

??1WaExternalComponent@@QAE@XZ

??1WaFileInfo@@QAE@XZ

??1WaFuncCallNode@@UAE@XZ

??1WaGui@@QAE@XZ

??1WaHttp@@AAE@XZ

??1WaHttpLowLevel@@QAE@XZ

??1WaIConfigurations@@MAE@XZ

??1WaJson@@UAE@XZ

??1WaLicense@@AAE@XZ

??1WaMemoryPool@@QAE@XZ

??1WaMemoryPoolManager@@UAE@XZ

??1WaNet@@UAE@XZ

??1WaOSUtils@@EAE@XZ

??1WaPooledIO@@QAE@XZ

??1WaRegKey@@QAE@XZ

??1WaRegistry@@AAE@XZ

??1WaReturnNode@@UAE@XZ

??1WaRevocationCheck@WaCertificate@@AAE@XZ

??1WaRootNode@@UAE@XZ

??1WaSecuredTempFile@@EAE@XZ

??1WaSelfProtection@@QAE@XZ

??1WaServiceManager@@EAE@XZ

??1WaTaskManager@@AAE@XZ

??1WaWMIManager@@UAE@XZ

??1WaWinRM@@UAE@XZ

??1WaWmi@@UAE@XZ

??1WaWmiThread@@MAE@XZ

??1WaWuaProgressReceiver@@UAE@XZ

??4PerfLoggingScope@@QAEAAV0@ABV0@@Z

??4WaBase64@@QAEAAV0@$$QAV0@@Z

??4WaBase64@@QAEAAV0@ABV0@@Z

??4WaCallTree@@QAEAAV0@ABV0@@Z

??4WaCallTreeBlocker@@QAEAAV0@ABV0@@Z

??4WaCallTreeDisabled@@QAEAAV0@$$QAV0@@Z

??4WaCallTreeDisabled@@QAEAAV0@ABV0@@Z

??4WaCallTreeNode@@QAEAAV0@ABV0@@Z

??4WaComUtils@@QAEAAV0@$$QAV0@@Z

??4WaComUtils@@QAEAAV0@ABV0@@Z

??4WaCryptoApiFactory@@QAEAAV0@$$QAV0@@Z

??4WaCryptoApiFactory@@QAEAAV0@ABV0@@Z

??4WaEvaluator@@QAEAAV0@$$QAV0@@Z

??4WaEvaluator@@QAEAAV0@ABV0@@Z

??4WaFileInfo@@QAEAAV0@ABV0@@Z

??4WaFileUtils@@QAEAAV0@$$QAV0@@Z

??4WaFileUtils@@QAEAAV0@ABV0@@Z

??4WaFuncCallNode@@QAEAAV0@ABV0@@Z

??4WaGui@@QAEAAV0@ABV0@@Z

??4WaIConfigurations@@QAEAAV0@ABV0@@Z

??4WaJson@@UAEAAV0@$$QAV0@@Z

??4WaJson@@UAEAAV0@ABH@Z

??4WaJson@@UAEAAV0@ABV0@@Z

??4WaJson@@UAEAAV0@ABV?$unordered_map@$$CBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@VWaJson@@Uwa_map_hasher@@Uwa_map_equal_to@@V?$wa_allocator@U?$pair@$$CBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@VWaJson@@@std@@@@@std@@@Z

??4WaJson@@UAEAAV0@ABV?$vector@VWaJson@@V?$wa_allocator@VWaJson@@@@@std@@@Z

??4WaJson@@UAEAAV0@PB_W@Z

??4WaJson@@UAEAAV0@_N@Z

??4WaJsonFactory@@QAEAAV0@$$QAV0@@Z

??4WaJsonFactory@@QAEAAV0@ABV0@@Z

??4WaProcessUtils@@QAEAAV0@$$QAV0@@Z

??4WaProcessUtils@@QAEAAV0@ABV0@@Z

??4WaRegex@@QAEAAV0@$$QAV0@@Z

??4WaRegex@@QAEAAV0@ABV0@@Z

??4WaReturnNode@@QAEAAV0@ABV0@@Z

??4WaRevocationCheckUtilsLocal@WaCertificate@@QAEAAV01@$$QAV01@@Z

??4WaRevocationCheckUtilsLocal@WaCertificate@@QAEAAV01@ABV01@@Z

??4WaRootNode@@QAEAAV0@ABV0@@Z

??4WaSecureFile@@QAEAAV0@$$QAV0@@Z

??4WaSecureFile@@QAEAAV0@ABV0@@Z

??4WaUtilsNotification@@QAEAAV0@$$QAV0@@Z

??4WaUtilsNotification@@QAEAAV0@ABV0@@Z

??4WaVirtualization@@QAEAAV0@$$QAV0@@Z

??4WaVirtualization@@QAEAAV0@ABV0@@Z

??4WaWmi@@QAEAAV0@ABV0@@Z

??8WaJson@@UBE_NABV0@@Z

??9WaJson@@UBE_NABV0@@Z

??AWaJson@@UAEAAV0@ABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z

??AWaJson@@UAEAAV0@I@Z

??AWaJson@@UAEAAV0@PB_W@Z

??AWaJson@@UBEABV0@ABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z

??AWaJson@@UBEABV0@I@Z

??AWaJson@@UBEABV0@PB_W@Z

??MWaJson@@UBE_NABV0@@Z

??YWaJson@@UAEAAV0@ABV0@@Z

??_7?$Singleton@VDiagnoseParamHandler@@@@6B@

??_7?$Singleton@VWaCryptoApiWrapper@@@@6B@

??_7?$Singleton@VWaEndPointManager@@@@6B@

??_7?$Singleton@VWaEndpointRegistry@@@@6B@

??_7?$Singleton@VWaMemoryPoolManager@@@@6B@

??_7?$Singleton@VWaNet@@@@6B@

??_7?$Singleton@VWaOSUtils@@@@6B@

??_7?$Singleton@VWaSecuredTempFile@@@@6B@

??_7?$Singleton@VWaServiceManager@@@@6B@

??_7?$Singleton@VWaWMIManager@@@@6B@

??_7?$Singleton@VWaWinRM@@@@6B@

??_7?$Singleton@VWaWuaProgressReceiver@@@@6B@

??_7DiagnoseParamHandler@@6B@

??_7WaCallTree@@6B@

??_7WaCallTreeDisabled@@6B@

??_7WaCallTreeNode@@6B@

??_7WaComThread@@6B@

??_7WaComponentManager@@6B@

??_7WaConfigurations@@6B@

??_7WaCryptoApiWrapper@@6B@

??_7WaEndPointManager@@6B@

??_7WaEndpointRegistry@@6B@

??_7WaFuncCallNode@@6B@

??_7WaIConfigurations@@6B@

??_7WaJson@@6B@

??_7WaMemoryPoolManager@@6B@

??_7WaNet@@6B@

??_7WaOSUtils@@6B@

??_7WaReturnNode@@6B@

??_7WaRootNode@@6B@

??_7WaSecuredTempFile@@6B@

??_7WaServiceManager@@6B@

??_7WaWMIManager@@6B@

??_7WaWinRM@@6B@

??_7WaWmi@@6B@

??_7WaWmiThread@@6B@

??_7WaWuaProgressReceiver@@6B@

??_FWaRegKey@@QAEXXZ

?Capture@WaRegex@@SAHPB_W0AAV?$vector@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@V?$allocator@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@2@@std@@@Z

?CaptureAll@WaRegex@@SAHPB_W0AAV?$vector@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@V?$allocator@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@2@@std@@@Z

?CaptureIterator@WaRegex@@SAHPB_W0HAAHAAV?$vector@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@V?$allocator@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@2@@std@@@Z

?Compress@WaFileUtils@@SAHAAV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@0I@Z

?DefaultObjectsPerPool@WaMemoryPoolManager@@2IB

?EPWTSCloseServer@WaEndPointManager@@QAEXPAX@Z

?EPWTSOpenServerEx@WaEndPointManager@@QAEHAAPAX@Z

?EvtClose@WaEndPointManager@@QAEXAAPAX@Z

?EvtOpenSession@WaEndPointManager@@QAEHAAPAX@Z

?GET@WaHttp@@QAEHABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@0AAV23@_N@Z

?GET@WaHttp@@QAEHABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@AAV23@_N@Z

?GETJson@WaHttp@@QAEHABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@0AAVWaJson@@_N@Z

?GETJson@WaHttp@@QAEHABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@AAVWaJson@@_N@Z

?GETRequest@WaHttpLowLevel@@QAEHAAVWaHttpRequest@1@@Z

?GetVersion@WaOSUtils@@QAEXPAH0000@Z

?InitGateway@WaThirdPartyGatewayHandle@@CAXW4WaThirdPartyGatewayType@@@Z

?InitImpersonatedGateway@WaThirdPartyGatewayHandle@@CAXW4WaThirdPartyGatewayType@@@Z

?InitProcessMonitor@WaTaskManager@@AAEHXZ

?Is64@WaOSUtils@@QAE_NXZ

?IsUserPasswordProtected@WaOSUtils@@AAEHABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@0AA_NAAW4PasswordProtectionInfo@@@Z

?IsWTSSessionReady@WaEndPointManager@@QAEHXZ

?LICENSE_FILE@WaLicense@@2PB_WB

?LogError@WaDebugInfo@@AAEXABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z

?Match@WaRegex@@SAHPB_W0AAV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z

?Matches@WaRegex@@SA_NPB_W0@Z

?POST@WaHttp@@QAEHABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@00AAV23@_N@Z

?POST@WaHttp@@QAEHABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@0AAV23@_N@Z

?POSTRequest@WaHttpLowLevel@@QAEHAAVWaHttpRequest@1@ABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z

?REGEX_INSIDE_DIR_PATH_FIRST_SIGN@WaEvaluator@@2QB_WB

?REGEX_INSIDE_DIR_PATH_LAST_SIGN@WaEvaluator@@2QB_WB

?SendProxyMessage@WaThirdPartyGatewayHandle@@QAEHABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@AAV23@_N@Z

?SubResultCallback@WaWinRM@@AAEXHPB_WH@Z

?SubResultCallbackStatic@WaWinRM@@CAXHPB_WH@Z

?Uncompress@WaFileUtils@@SAHAAV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@V23@@Z

?WaRegCloseKey@WaEndpointRegistry@@QAEJPAUHKEY__@@@Z

?WaRegNotifyChangeKeyValue@WaEndpointRegistry@@QAEJPAUHKEY__@@HKPAXH@Z

?WaRegOpenCurrentUser@WaEndpointRegistry@@QAEJKPAPAUHKEY__@@@Z

?WaRegOpenKeyEx@WaEndpointRegistry@@QAEJPAUHKEY__@@PB_WKKPAPAU2@@Z

?_OpenSession@WaWinRM@@AAEHPB_W000@Z

?_addCandidateDefinition@WaDetectionEngine@@AAEXABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z

?_addElement@WaPooledIO@@AAEXPB_W0HH@Z

?_bufferResource@WaDetectionEngine@@AAEXW4WaDatabaseKey@@ABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z

?_buildPooledJson@WaPooledIO@@CAXABV?$list@PAUWaAsyncIocpMsgBase@@V?$allocator@PAUWaAsyncIocpMsgBase@@@std@@@std@@0AAVWaJson@@AAV?$map@IPAUWaAsyncIocpMsgBase@@U?$less@I@std@@V?$allocator@U?$pair@$$CBIPAUWaAsyncIocpMsgBase@@@std@@@3@@3@HAAH@Z

?_canExecuteByAllUsers@WaFileUtils@@CAHABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z

?_checkOPSWATSignature@WaSelfProtection@@IBE_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z

?_cleanup@WaHttpLowLevel@@AAEXXZ

?_cleanup@WaPooledIO@@AAEXXZ

?_collectClues@WaDetectionEngine@@AAEXXZ

?_collectProcessClues@WaDetectionEngine@@AAEXXZ

?_collectRegistryClues@WaDetectionEngine@@AAEXXZ

?_collectServiceClues@WaDetectionEngine@@AAEXXZ

?_configChanged@WaHttp@@AAE_NAAH@Z

?_connect@WaWMIManager@@AAEHABUResourceArch@1@AAV?$CComPtr@UIWbemServices@@@ATL@@@Z

?_constructCollections@WaDatabase@@AAEXQBQB_W0QBH@Z

?_constructCollections@WaDatabase@@AAEXXZ

?_convertResultToErrorCode@WaRegKey@@AAEHABJ@Z

?_convertToHexQuad@WaJsonFactory@@CAHABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@AA_W@Z

?_copyFile@WaFileUtils@@CAHABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@0@Z

?_create@WaJsonFactory@@CAHABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@AAIAAVWaJson@@@Z

?_createAES@WaCryptoApiFactory@@CA?AV?$shared_ptr@VIWaCryptoAES@@@std@@W4CryptoApiType@@@Z

?_createArray@WaJsonFactory@@CAHABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@AAIAAVWaJson@@@Z

?_createExecutableFileFromEncryptedBytes@WaFileUtils@@CAHABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@3@1AAV23@@Z

?_createIOObjects@WaPooledIO@@AAEXXZ

?_createNotifier@WaRegistry@@AAEHV?$vector@V?$shared_ptr@VWaHiveMonitor@WaRegistry@@@std@@V?$allocator@V?$shared_ptr@VWaHiveMonitor@WaRegistry@@@std@@@2@@std@@PAXK@Z

?_createNumber@WaJsonFactory@@CAHABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@AAIAAVWaJson@@@Z

?_createObject@WaJsonFactory@@CAHABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@AAIAAVWaJson@@@Z

?_createRSA@WaCryptoApiFactory@@CA?AV?$shared_ptr@VIWaCryptoRSA@@@std@@W4CryptoApiType@@@Z

?_createSpecialCase@WaJsonFactory@@CAHABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@AAIAAVWaJson@@@Z

?_createString@WaJsonFactory@@CAHABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@AAIAAV23@@Z

?_decodeCharacter@WaJsonFactory@@CAHABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@AA_WAAI@Z

?_decrypt@WaCache@@CAHABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@AAV?$basic_string@EU?$char_traits@E@std@@V?$allocator@E@2@@3@ABV?$shared_ptr@VIWaCryptoAES@@@3@_N@Z

?_decrypt@WaDatabase@@CAHPBEHAAV?$basic_string@EU?$char_traits@E@std@@V?$allocator@E@2@@std@@ABV?$shared_ptr@VIWaCryptoAES@@@3@@Z

?_decrypt@WaDatabase@@CAHPBEHAAVWaJson@@ABV?$shared_ptr@VIWaCryptoAES@@@std@@@Z

?_dotInsert@WaJson@@EAEHPB_WABV1@W4WaJsonType@@@Z

?_dotRetrieve@WaJson@@EAEHPB_WAAV1@W4WaJsonType@@@Z

?_enableRemoteReg@WaEndpointRegistry@@AAEHXZ

?_encodeString@WaJson@@EBE?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@ABV23@@Z

?_encrypt@WaCache@@CAHABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@ABV?$basic_string@EU?$char_traits@E@std@@V?$allocator@E@2@@3@ABV?$shared_ptr@VIWaCryptoAES@@@3@_N@Z

?_encryptExecutableFile@WaFileUtils@@CAHABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@0@Z

?_enumerateElement@WaWMIManager@@AAEHV?$CComPtr@UIEnumWbemClassObject@@@ATL@@ABV?$vector@U?$pair@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@V?$function@$$A6A?AVWaJson@@ABV1@@Z@2@@std@@V?$allocator@U?$pair@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@V?$function@$$A6A?AVWaJson@@ABV1@@Z@2@@std@@@2@@std@@AAVWaJson@@HH@Z

?_errorCallback@WaPooledIO@@CAXPAUIWaAsyncIO@@AAV?$map@IPAUWaAsyncIocpMsgBase@@U?$less@I@std@@V?$allocator@U?$pair@$$CBIPAUWaAsyncIocpMsgBase@@@std@@@3@@std@@H_N@Z

?_evalCategories@WaDetectionEngine@@CA_NABV?$vector@HV?$allocator@H@std@@@std@@_NABVWaJson@@AAV4@@Z

?_executeThreadCmd@WaPooledIO@@AAE_NH@Z

?_executeThreadCmdAndTerminate@WaPooledIO@@AAEXH@Z

?_fetchAndValidate@WaDebugInfo@@AAEXABVWaJson@@@Z

?_fileContents@WaFileUtils@@CAHV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@PAPADAAH_NHH@Z

?_forcePathUnicode@WaFileUtils@@CAXAAV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z

?_formatQuery@WaWMIManager@@AAE?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@PB_WABV?$vector@U?$pair@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@V?$function@$$A6A?AVWaJson@@ABV1@@Z@2@@std@@V?$allocator@U?$pair@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@V?$function@$$A6A?AVWaJson@@ABV1@@Z@2@@std@@@2@@3@@Z

?_getConnectionFromCache@WaWMIManager@@AAE?AV?$CComPtr@UIWbemServices@@@ATL@@ABUResourceArch@1@@Z

?_getContentOfEmbeddedFile@WaFileUtils@@CAHABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@3@1AAV?$basic_string@EU?$char_traits@E@std@@V?$allocator@E@2@@3@@Z

?_getExeArchitecture@WaFileInfo@@CAHHAAV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@AAHAB_N@Z

?_getFileCreationTime@WaFileUtils@@CAHV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@AAH@Z

?_getFileSize@WaFileUtils@@CAHV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@AAH@Z

?_getFixedVersion@WaFileInfo@@AAEHABW4WaFileInfoRealVersions@@PB_WPAH222@Z

?_getProcessEventSink@WaTaskManager@@AAE?AV?$function@$$A6AHP6AXPA_W@ZV?$shared_ptr@VWaSignalLock@@@std@@HVWaJson@@@Z@std@@XZ

?_getUninstallEventSink@WaRegistry@@AAE?AV?$function@$$A6AHP6AXPA_W@ZV?$shared_ptr@VWaSignalLock@@@std@@HVWaJson@@@Z@std@@XZ

?_getUserName@WaOSUtils@@QAEHKAAV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@0@Z

?_getUserNameByWMI@WaOSUtils@@QAEHAAV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@0ABV23@@Z

?_getWuaProgressEventSink@WaWuaProgressReceiver@@AAE?AV?$function@$$A6AHP6AXPA_W@ZV?$shared_ptr@VWaSignalLock@@@std@@HVWaJson@@@Z@std@@XZ

?_hasEventPreLaunch@WaEventManager@@AAE_NW4WaEventType@1@@Z

?_hasEventSink@WaEventManager@@AAE_NW4WaEventType@1@@Z

?_ignoreWhiteSpace@WaJsonFactory@@CAXABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@AAI@Z

?_init@WaJson@@EAEXXZ

?_launchProcessByWMI@WaEndPointManager@@AAEHABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@ABHAAH2@Z

?_load@WaExternalComponent@@AAEHXZ

?_loadCacheFromDatFile@WaDatabase@@CAHABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@0ABV?$basic_string@EU?$char_traits@E@std@@V?$allocator@E@2@@3@AAVWaJson@@ABV?$shared_ptr@VIWaCryptoAES@@@3@@Z

?_loadSharedPaths@WaEndPointManager@@AAEHXZ

?_manualPerformUpdateServices@WaServiceManager@@AAEX_N@Z

?_mergeDatAndResDll@WaDatabase@@CAHABVWaJson@@AAV2@_J@Z

?_monitorRegistryThread@WaRegistry@@AAEHV?$vector@W4WaRegistryLocation@@V?$allocator@W4WaRegistryLocation@@@std@@@std@@@Z

?_normalizeWSCNameForComparison@WaWmi@@MAEXAAV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z

?_notifyCallback@WaRegistry@@AAEXV?$shared_ptr@VWaHiveMonitor@WaRegistry@@@std@@@Z

?_overrideApiTypeWithConfiguration@WaCryptoApiFactory@@CAHAAW4CryptoApiType@@@Z

?_parseCustomDebugConfigs@WaDebugInfo@@AAEXAAV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@AAW4LOG_LEVEL@1@@Z

?_parseCustomDebugConfigs@WaDebugInfo@@AAEXABVWaJson@@AAV?$set@HU?$less@H@std@@V?$allocator@H@2@@std@@@Z

?_parseCustomDebugConfigs@WaDebugInfo@@AAEXABVWaJson@@AAV?$set@W4LOG_COMPONENT@WaDebugInfo@@U?$less@W4LOG_COMPONENT@WaDebugInfo@@@std@@V?$allocator@W4LOG_COMPONENT@WaDebugInfo@@@4@@std@@@Z

?_parseEnvVariable@WaDebugInfo@@AAEXAAV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z

?_preDetectStage1@WaDetectionEngine@@AAEXXZ

?_preDetectStage2@WaDetectionEngine@@AAEXXZ

?_readCacheFile@WaCache@@AAEHABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@0AAV?$basic_string@EU?$char_traits@E@std@@V?$allocator@E@2@@3@ABV?$shared_ptr@VIWaCryptoAES@@@3@_N@Z

?_readCacheFile@WaCache@@AAEHABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@0AAVWaJson@@ABV?$shared_ptr@VIWaCryptoAES@@@3@_N@Z

?_regConnect@WaEndpointRegistry@@AAEJPAUHKEY__@@PAPAU2@_N@Z

?_registerEventSink@WaWuaProgressReceiver@@AAEXXZ

?_reinit@WaHttp@@AAEHXZ

?_reinit@WaLicense@@AAEHW4WA_PASSPHRASE_RETRIEVE_MODE@@@Z

?_requestBegin@WaHttp@@AAEHXZ

?_requestEnd@WaHttp@@AAEHAAVWaHttpRequest@WaHttpLowLevel@@HAAV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@AA_N_N@Z

?_runRegexIteration@WaRegistry@@AAEHPB_WW4WaUninstallValueTypeToRegex@@AAV?$vector@UWaUninstallKey@@V?$allocator@UWaUninstallKey@@@std@@@std@@ABH@Z

?_semiAsyncQuery@WaWMIManager@@AAE?AUSemiAsyncThread@1@V?$CComPtr@UIEnumWbemClassObject@@@ATL@@PAUIWbemObjectSink@@@Z

?_sendRequest@WaHttpLowLevel@@AAEHABW4WaHttpVerb@1@AAVWaHttpRequest@1@PBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z

?_serviceMonitorThread@WaServiceManager@@AAEXXZ

?_set@WaJson@@EAEX$$QAV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z

?_set@WaJson@@EAEXABH@Z

?_set@WaJson@@EAEXABV?$unordered_map@$$CBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@VWaJson@@Uwa_map_hasher@@Uwa_map_equal_to@@V?$wa_allocator@U?$pair@$$CBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@VWaJson@@@std@@@@@std@@@Z

?_set@WaJson@@EAEXABV?$vector@VWaJson@@V?$wa_allocator@VWaJson@@@@@std@@@Z

?_set@WaJson@@EAEXPB_W@Z

?_set@WaJson@@EAEX_N@Z

?_setCollectionProperties@WaCache@@AAEHABW4WaCacheNamespace@@ABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@ABUWaCacheProps@@@Z

?_signAndEncrypt@WaCache@@CAHABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@ABV?$basic_string@EU?$char_traits@E@std@@V?$allocator@E@2@@3@V?$shared_ptr@VIWaCryptoRSA@@@3@@Z

?_startWTSConnection@WaEndPointManager@@AAEHV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z

?_successCallback@WaPooledIO@@CAXPAUIWaAsyncIO@@AAV?$map@IPAUWaAsyncIocpMsgBase@@U?$less@I@std@@V?$allocator@U?$pair@$$CBIPAUWaAsyncIocpMsgBase@@@std@@@3@@std@@HABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@4@@Z

?_syncExecNotificationQuery@WaWMIManager@@AAEHABV?$CComPtr@UIWbemServices@@@ATL@@ABUResourceArch@1@PB_WAAV?$CComPtr@UIEnumWbemClassObject@@@3@@Z

?_toPrettyString@WaJson@@EBE?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@H_N@Z

?_updateCandidateDefinition@WaDetectionEngine@@AAEXABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z

?_updateServices@WaServiceManager@@AAEXXZ

?_writeCacheFile@WaCache@@AAEHABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@0ABV?$basic_string@EU?$char_traits@E@std@@V?$allocator@E@2@@3@ABV?$shared_ptr@VIWaCryptoAES@@@3@_N3@Z

?_writeCacheFile@WaCache@@AAEHABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@0ABVWaJson@@ABV?$shared_ptr@VIWaCryptoAES@@@3@_N3@Z

?add@WaJson@@UAEX$$QAV1@@Z

?add@WaJson@@UAEXABV1@@Z

?add@WaJson@@UAEXV?$initializer_list@VWaJson@@@std@@@Z

?addChildThread@WaCallTree@@UAEXABVid@thread@std@@@Z

?addChildThread@WaCallTreeDisabled@@UAEXABVid@thread@std@@@Z

?addDefinition@WaDetectionEngine@@QAEXABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@_N@Z

?addFuncCall@WaCallTreeNode@@QAEPAV1@HABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@000@Z

?addMetadata@WaPooledIO@@QAEXPB_W0@Z

?addProcess@WaTaskManager@@QAEXAAUWaRunningProcess@@@Z

?addRefDefaultConfigurationsHandler@WaConfigurationsBase@@SAHPAVWaIConfigurations@@@Z

?addResource@WaPooledIO@@QAEXPB_W0H@Z

?addReturnValue@WaCallTreeNode@@QAEPAV1@HABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@00@Z

?addReturnValue@WaCallTreeNode@@QAEPAV1@HABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@0H0@Z

?addUtilsOwnerTag@WaApiUtils@@YAHPB_WAAV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z

?allocate@WaMemoryPool@@QAEPAXI@Z

?allocate@WaMemoryPoolManager@@QAEPAXI@Z

?appendAccess@WaRegKey@@QAEXK@Z

?appendPath@WaRegKey@@QAEXABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z

?at@WaJson@@UBE?AV1@I@Z

?base64Decode@WaBase64@@QAE?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@ABV23@@Z

?base64Encode@WaBase64@@QAE?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@V23@@Z

?base64utf16Encode@WaBase64@@QAE?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@V23@@Z

?begin@WaComponentManager@@QBE?AV?$_List_const_iterator@V?$_List_val@U?$_List_simple_types@U?$pair@$$CBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@VWaExternalComponent@@@std@@@std@@@std@@@std@@XZ

?binaryContents@WaSecuredTempFile@@QAEHABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@AAV23@@Z

?binaryFileContents@WaFileUtils@@SAHV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@AAV23@_NHHAB_N@Z

?bindKey@WaRegKey@@QAEXPAUHKEY__@@@Z

?blacklist@WaCallTree@@SAXABVid@thread@std@@@Z

?byteArrayToEpoch@WaTime@@YGHABQAEAAH@Z

?bytesToHexString@WaStringUtils@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@PBEI@Z

?bytesToHexWString@WaStringUtils@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@PBEI@Z

?bytesToWString@WaStringUtils@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@PAEI_N@Z

?cache@WaCache@@QAEHXZ

?cache@WaDatabase@@QAEHXZ

?cachedInvoke@WaExternalComponent@@QBEHAAVWaJson@@PAPA_W@Z

?calculateDirectoryDepth@WaFileUtils@@SAHAAV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@AA_NAAH@Z

?calculateVersionStamp@WaHttp@@SA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@XZ

?canConfigWithoutReInit@WaConfigurations@@UBE_NPB_WAA_NAAVWaJson@@@Z

?canConfigWithoutReInit@WaConfigurationsBase@@QBE_NPB_WAA_NAAVWaJson@@@Z

?canExecuteByAllUsers@WaFileUtils@@SAHABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z

?cancelAsync@WaWMIManager@@QAEXPAUIWbemObjectSink@@@Z

?cancelAsync@WaWmi@@UAEXPAUIWbemObjectSink@@@Z

?cancelSubcribeAsync@WaWinRM@@QAEHH@Z

?checkCacheLimitAndCleanCollection@WaCache@@QAEHABW4WaCacheNamespace@@ABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@H@Z

?checkDlpLicese@WaLicense@@QAEHXZ

?checkHashAndGetDecryptedInput@WaSecureFile@@SAHABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@AAV23@@Z

?checkHostReachableByHttp@WaNet@@AAE_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@HH@Z

?checkHostReachableBySocketRemote@WaNet@@AAE_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@HH@Z

?checkHostReachableBySystemPSHttp@WaNet@@AAE_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@HH@Z

?checkHostReachableByWMIPing@WaNet@@AAE_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@HH@Z

?checkStatusForWSCInterface@WaWmi@@UAEHVWaJson@@AA_N@Z

?checkStatusForWSCInterface@WaWmiThread@@UAEHABVWaJson@@AA_N@Z

?checkUpToDateForWSCInterface@WaWmi@@UAEHVWaJson@@AA_N@Z

?checkUpToDateForWSCInterface@WaWmiThread@@UAEHABVWaJson@@AA_N@Z

?checkWSC@WaWmiThread@@IAEHHABVWaJson@@AA_N@Z

?cleanCollection@WaCache@@QAEHABW4WaCacheNamespace@@ABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z

?clear@WaJson@@UAEXXZ

?clearCachedConnections@WaWMIManager@@QAEXXZ

?clearOldLogFiles@WaDebugInfo@@AAEXABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z

?close@WaRegKey@@QAEHXZ

?closeSession@WaWinRM@@QAEHXZ

?closeWindow@WaGui@@QAEHABUWaWindow@@@Z

?closeWriteToBinaryFile@WaFileUtils@@SAHAAPAU_iobuf@@@Z

?closeWriteToFile@WaFileUtils@@SAHAAV?$basic_ofstream@DU?$char_traits@D@std@@@std@@@Z

?cluesCollectionNotification@WaDetectionEngine@@QAEXPB_WPAX_N@Z

?comErrorToString@WaComUtils@@SA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@J@Z

?computeString@WaDebugInfo@@AAE?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@_NABV23@@Z

?connect@WaWMIManager@@QAEHPB_WH_N@Z

?connect@WaWinRM@@QAEHPB_W@Z

?connect@WaWmi@@UAEHPB_W@Z

?contains@WaJson@@UBE_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z

?contains@WaJson@@UBE_NPB_W@Z

?contains@WaSecuredTempFile@@QAEHV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@ABV23@AAV?$vector@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@V?$allocator@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@2@@3@_N@Z

?contents@WaSecuredTempFile@@QAEHABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@AAV23@@Z

?convert@WaJson@@UAEXABW4WaJsonType@@@Z

?copyFileToTemp@WaFileUtils@@SAHABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@AAV23@@Z

?create@WaJsonFactory@@SAHPB_WAAVWaJson@@@Z

?create@WaJsonFactory@@SAHV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@AAVWaJson@@@Z

?create@WaSecuredTempFile@@QAEHABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@AAV23@_N@Z

?createAES@WaCryptoApiFactory@@SAHAAV?$shared_ptr@VIWaCryptoAES@@@std@@AAU?$BlindString@E@WaStringUtils@@W4CryptoApiType@@@Z

?createAESWithOpswatSecret@WaCryptoApiFactory@@SAHAAV?$shared_ptr@VIWaCryptoAES@@@std@@W4CryptoApiType@@@Z

?createAESWithUserSecret@WaCryptoApiFactory@@SAHAAV?$shared_ptr@VIWaCryptoAES@@@std@@W4CryptoApiType@@@Z

?createAndLockCacheControlFile@WaCache@@AAEHXZ

?createDirectoryRecursively@WaFileUtils@@SAHABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z

?createExecutableFileFromEncryptedBytes@WaFileUtils@@SAHABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@3@1AAV23@@Z

?createManagedCacheFile@WaCache@@QAEHABV?$basic_string@EU?$char_traits@E@std@@V?$allocator@E@2@@std@@AAV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@3@@Z

?createManagedCacheFile@WaCache@@QAEHABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@AAV23@@Z

?createRSA@WaCryptoApiFactory@@SAHAAV?$shared_ptr@VIWaCryptoRSA@@@std@@AAU?$BlindString@E@WaStringUtils@@_NW4CryptoApiType@@@Z

?createRSAWithUserPubKey@WaCryptoApiFactory@@SAHAAV?$shared_ptr@VIWaCryptoRSA@@@std@@W4CryptoApiType@@@Z

?createTempFile@WaFileUtils@@SAHABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@AAV23@@Z

?current@WaCallTree@@UBEPAVWaCallTreeNode@@XZ

?current@WaCallTreeDisabled@@UBEPAVWaCallTreeNode@@XZ

?deallocate@WaMemoryPool@@QAEXPAX@Z

?deallocate@WaMemoryPoolManager@@QAEXIPAX@Z

?decryptDetection@WaCustomDetection@@AAEHAAV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@0AAVWaJson@@@Z

?decryptFile@WaCustomDetection@@QAEHAAV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@0AAVWaJson@@@Z

?deinit@?$Singleton@VDiagnoseParamHandler@@@@MAEHXZ

?deinit@?$Singleton@VWaCryptoApiWrapper@@@@MAEHXZ

?deinit@?$Singleton@VWaEndPointManager@@@@MAEHXZ

?deinit@?$Singleton@VWaEndpointRegistry@@@@MAEHXZ

?deinit@?$Singleton@VWaMemoryPoolManager@@@@MAEHXZ

?deinit@?$Singleton@VWaNet@@@@MAEHXZ

?deinit@?$Singleton@VWaOSUtils@@@@MAEHXZ

?deinit@?$Singleton@VWaSecuredTempFile@@@@MAEHXZ

?deinit@?$Singleton@VWaServiceManager@@@@MAEHXZ

?deinit@?$Singleton@VWaWMIManager@@@@MAEHXZ

?deinit@?$Singleton@VWaWinRM@@@@MAEHXZ

?deinit@?$Singleton@VWaWuaProgressReceiver@@@@MAEHXZ

?deinit@WaEndPointManager@@MAEHXZ

?deinit@WaEndpointRegistry@@MAEHXZ

?deinit@WaNet@@UAEHXZ

Sections

.text
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

.rdata
Size: 726KB - Virtual size: 725KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.data
Size: 36KB - Virtual size: 307KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.didat
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 193B

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.reloc
Size: 105KB - Virtual size: 104KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_DISCARDABLE

IMAGE_SCN_MEM_READ

x86/libwavmodapi.dll

.dll windows:6 windows x86 arch:x86

5570599f57b821993627f01b77bae45f

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

09:02:b3:6b:32:51:c3:28:08:3f:77:7c:a0:84:28:ff
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

16/09/2022, 00:00

Not After

17/09/2025, 23:59

Subject

CN=Avast Software s.r.o.,O=Avast Software s.r.o.,L=Praha,C=CZ

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

31:82:90:a9:0b:a2:14:ad:63:69:f9:e5:36:fe:2d:1c:76:e6:64:88:62:b8:ce:49:32:ea:72:f3:fc:da:c1:80
Signer

Actual PE Digest

31:82:90:a9:0b:a2:14:ad:63:69:f9:e5:36:fe:2d:1c:76:e6:64:88:62:b8:ce:49:32:ea:72:f3:fc:da:c1:80

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_32BIT_MACHINE

IMAGE_FILE_DLL

PDB Paths

libwavmodapi.pdb

Imports

msi

ord115

ord32

ord159

ord160

ord224

ord270

ord48

ord8

ord118

ord92

ord158

imagehlp

ImageGetCertificateHeader

ImageGetCertificateData

bcrypt

BCryptDestroyHash

BCryptVerifySignature

BCryptDestroyKey

BCryptImportKeyPair

BCryptDecrypt

BCryptGenerateSymmetricKey

BCryptGetProperty

BCryptFinishHash

BCryptHashData

BCryptCreateHash

BCryptCloseAlgorithmProvider

BCryptOpenAlgorithmProvider

wintrust

WinVerifyTrust

crypt32

CertNameToStrW

CryptStringToBinaryA

CertFreeCertificateChain

CertGetCertificateChain

CryptFindOIDInfo

CertFreeCertificateContext

CryptHashCertificate2

CertGetNameStringW

CryptVerifyMessageSignature

user32

GetSystemMetrics

slc

SLGetWindowsInformationDWORD

libwautils

?remove@WaCache@@QAEHABW4WaCacheNamespace@@ABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@PB_W@Z

?get@WaCache@@QAEHABW4WaCacheNamespace@@ABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@PB_WAAVWaJson@@@Z

?insert@WaCache@@QAEHABW4WaCacheNamespace@@ABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@PB_WABVWaJson@@@Z

??0WaJson@@QAE@$$QAV0@@Z

?createDirectoryRecursively@WaFileUtils@@SAHABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z

?getCurrentSequenceNumber@WaConfigurationsBase@@QBEHXZ

?jsonToCharPointer@WaConfigurationsBase@@QBEXABVWaJson@@PAPA_W_N@Z

?getIntOption@WaConfigurationsBase@@QBEHPB_WAAH@Z

?getStringOption@WaConfigurationsBase@@QBEHPB_WAAV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z

?getBoolOption@WaConfigurationsBase@@QBEHPB_WAA_N@Z

?getOption@WaConfigurationsBase@@QBEHPB_WAAVWaJson@@@Z

?filterOptions@WaConfigurationsBase@@QBE?AVWaJson@@ABV2@@Z

?getOptions@WaConfigurationsBase@@QBE?AVWaJson@@XZ

?setOptions@WaConfigurationsBase@@QAEHPB_W@Z

?normalize@WaConfigurationsBase@@QBEHAAVWaJson@@@Z

?removeForeignKeys@WaConfigurationsBase@@QBEHAAVWaJson@@@Z

?parseConfig@WaConfigurationsBase@@QBEHPB_WAAVWaJson@@AA_N2@Z

?canConfigWithoutReInit@WaConfigurationsBase@@QBE_NPB_WAA_NAAVWaJson@@@Z

?releaseDefaultConfigurationsHandler@WaConfigurationsBase@@SAHXZ

?addRefDefaultConfigurationsHandler@WaConfigurationsBase@@SAHPAVWaIConfigurations@@@Z

??0WaIConfigurations@@QAE@XZ

??1WaIConfigurations@@MAE@XZ

?wCaseCmp@WaStringUtils@@YAHPB_W0@Z

?checkHashAndGetDecryptedInput@WaSecureFile@@SAHABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@AAV23@@Z

?CaptureAll@WaRegex@@SAHPB_W0AAV?$vector@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@V?$allocator@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@2@@std@@@Z

?Match@WaRegex@@SAHPB_W0AAV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z

?split@WaStringUtils@@YAHABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@_WAAV?$vector@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@V?$allocator@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@2@@3@_N@Z

?replaceAll@WaStringUtils@@YAXAAV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@ABV23@1@Z

?val@WaJson@@UBEHAA_N@Z

?val@WaJson@@UBEHAAV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z

?val@WaJson@@UBEHAAH@Z

?toPrettyString@WaJson@@UBE?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@XZ

?removeRecursive@WaJson@@UAEXPB_W@Z

?remove@WaJson@@UAEXPB_W@Z

?remove@WaJson@@UAEXH@Z

?remove@WaJson@@UAEXABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z

?put@WaJson@@UAEXV?$initializer_list@U?$pair@PB_WVWaJson@@@std@@@std@@@Z

?put@WaJson@@UAEXABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@ABV1@@Z

?put@WaJson@@UAEXABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@$$QAV1@@Z

?keys@WaJson@@UBE?AV?$set@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@U?$less@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@2@V?$allocator@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@2@@std@@XZ

?getString@WaJson@@UBE?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@XZ

?getObjKeyType@WaJson@@UBE?AW4WaJsonType@@PB_W@Z

?getInt@WaJson@@UBEHXZ

?getBool@WaJson@@UBE_NXZ

?get@WaJson@@UBEHPB_WAA_N@Z

?get@WaJson@@UBEHABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@AA_N@Z

?get@WaJson@@UBEHABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@AAV23@@Z

?get@WaJson@@UBEHABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@AAV1@@Z

?get@WaJson@@UBEHABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@AAH@Z

?get@WaJson@@UBE?AV1@ABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z

?first@WaJson@@UAE?AV1@XZ

?dotPut@WaJson@@UAEHPB_WABV1@@Z

?dotPut@WaJson@@UAEHABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@ABV1@@Z

?dotGet@WaJson@@UAEHPB_WAA_N@Z

?dotGet@WaJson@@UAEHPB_WAAV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z

?dotGet@WaJson@@UAEHPB_WAAV1@@Z

?dotGet@WaJson@@UAEHPB_WAAH@Z

?dotGet@WaJson@@UAEHABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@AA_N@Z

?dotGet@WaJson@@UAEHABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@AAV23@@Z

?dotGet@WaJson@@UAEHABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@AAV1@@Z

?dotGet@WaJson@@UAEHABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@AAH@Z

?dotAt@WaJson@@UAEHPB_WAA_N@Z

?dotAt@WaJson@@UAEHPB_WAAV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z

?dotAt@WaJson@@UAEHPB_WAAV1@@Z

?dotAt@WaJson@@UAEHPB_WAAH@Z

?dotAt@WaJson@@UAEHABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@AA_N@Z

?dotAt@WaJson@@UAEHABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@AAV23@@Z

?dotAt@WaJson@@UAEHABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@AAV1@@Z

?dotAt@WaJson@@UAEHABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@AAH@Z

?dotAdd@WaJson@@UAEHPB_WABV1@@Z

?getActiveUserSession@WaOSUtils@@QAEHAAUWaInternalUserSessionParams@1@@Z

?convert@WaJson@@UAEXABW4WaJsonType@@@Z

?contains@WaJson@@UBE_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z

?add@WaJson@@UAEXV?$initializer_list@VWaJson@@@std@@@Z

?_toPrettyString@WaJson@@EBE?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@H_N@Z

?_set@WaJson@@EAEX_N@Z

?_set@WaJson@@EAEXPB_W@Z

?_set@WaJson@@EAEXABV?$vector@VWaJson@@V?$wa_allocator@VWaJson@@@@@std@@@Z

?_set@WaJson@@EAEXABV?$unordered_map@$$CBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@VWaJson@@Uwa_map_hasher@@Uwa_map_equal_to@@V?$wa_allocator@U?$pair@$$CBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@VWaJson@@@std@@@@@std@@@Z

?_set@WaJson@@EAEXABH@Z

?_set@WaJson@@EAEX$$QAV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z

?_init@WaJson@@EAEXXZ

?_encodeString@WaJson@@EBE?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@ABV23@@Z

?_dotRetrieve@WaJson@@EAEHPB_WAAV1@W4WaJsonType@@@Z

?_dotInsert@WaJson@@EAEHPB_WABV1@W4WaJsonType@@@Z

??YWaJson@@UAEAAV0@ABV0@@Z

??MWaJson@@UBE_NABV0@@Z

??AWaJson@@UBEABV0@PB_W@Z

??AWaJson@@UBEABV0@I@Z

??AWaJson@@UBEABV0@ABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z

??AWaJson@@UAEAAV0@PB_W@Z

??AWaJson@@UAEAAV0@I@Z

??AWaJson@@UAEAAV0@ABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z

??9WaJson@@UBE_NABV0@@Z

??8WaJson@@UBE_NABV0@@Z

??4WaJson@@UAEAAV0@_N@Z

??4WaJson@@UAEAAV0@PB_W@Z

??4WaJson@@UAEAAV0@ABV?$vector@VWaJson@@V?$wa_allocator@VWaJson@@@@@std@@@Z

??4WaJson@@UAEAAV0@ABV?$unordered_map@$$CBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@VWaJson@@Uwa_map_hasher@@Uwa_map_equal_to@@V?$wa_allocator@U?$pair@$$CBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@VWaJson@@@std@@@@@std@@@Z

??4WaJson@@UAEAAV0@ABV0@@Z

??4WaJson@@UAEAAV0@ABH@Z

??4WaJson@@UAEAAV0@$$QAV0@@Z

?fileExists@WaFileUtils@@SAHABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@_NAB_N@Z

?getSha1HashForFile@WaHasher@@SAHABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@AAV23@_N@Z

?isNumber@WaStringUtils@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z

?get@WaJson@@UBEHPB_WAAH@Z

?get@WaJson@@UBEHPB_WAAV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z

?at@WaJson@@UBE?AV1@I@Z

??0WaJson@@QAE@$$QAUObjectConstructor@0@@Z

??0WaJson@@QAE@_N@Z

?Capture@WaRegex@@SAHPB_W0AAV?$vector@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@V?$allocator@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@2@@std@@@Z

?isArchitectureSupported@WaOSUtils@@QAE_NW4WaArchitectureType@@@Z

?shellExecuteAsUser@WaProcessUtils@@SAHABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@0HAAKAAV23@H_N3@Z

?getTempDir@WaFileUtils@@SAHAAV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z

?directoryExists@WaFileUtils@@SAHABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@_NAB_N@Z

?getEnvFolder@WaFileUtils@@SAHABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@AAV23@@Z

?create@WaJsonFactory@@SAHV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@AAVWaJson@@@Z

?execute@WaPowerShellGateway@@YGHPB_WAAV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@H_NAAK2@Z

?getSha2HashForFile@WaHasher@@SAHABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@AAV23@_N@Z

?key@WaRegKey@@QBEPAUHKEY__@@XZ

?findFilesForSearchPattern@WaFileUtils@@SAHABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@AAV?$vector@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@V?$allocator@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@2@@3@@Z

??0WaConfigurationsBase@@AAE@AAUWaConfigurationsData@@@Z

?revertFsRedirection@WaFileUtils@@SAHAAPAX@Z

?disableFsRedirection@WaFileUtils@@SAHAAPAX@Z

?instance@WaWmiThread@@SAPAV1@XZ

?hasNext@WaRegKey@@QAE_NAAV1@AAKAAV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@AAH@Z

?getAll@WaRegKey@@QAEHAAVWaJson@@@Z

?get@WaRegKey@@QAEHABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@AAV23@_N@Z

?close@WaRegKey@@QAEHXZ

?open@WaRegKey@@QAEHXZ

?trim@WaStringUtils@@YAAAV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@AAV23@@Z

?get@WaJson@@UBEHPB_WAAV1@@Z

?add@WaJson@@UAEX$$QAV1@@Z

?isObjKeyType@WaJson@@UBE_NPB_WABW4WaJsonType@@@Z

??0WaJson@@QAE@W4WaJsonType@@@Z

??0WaJson@@QAE@ABV0@@Z

?size@WaJson@@UBEIXZ

?getType@WaJson@@UBE?AW4WaJsonType@@XZ

?isLicensed@WaLicense@@QBEHH@Z

?updateLicenseFile@WaApiUtils@@YAH_N0PAVWaJson@@@Z

?addUtilsOwnerTag@WaApiUtils@@YAHPB_WAAV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z

?isUtilsOwnerTagPresent@WaApiUtils@@YA_NPB_W@Z

?isTeardownRequest@WaApiUtils@@YA_NABVWaJson@@@Z

?setModuleOutput@WaApiUtils@@YAH_KABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@PB_WHAAVWaJson@@@Z

?initialize@WaHttp@@QAEHXZ

?destroy@WaHttp@@SAXXZ

?instance@WaHttp@@SAPAV1@XZ

?unInit@WaLicense@@QAEXXZ

?renew@WaLicense@@QAEHXZ

?init@WaLicense@@QAEHXZ

?destroy@WaLicense@@SAXXZ

?instance@WaLicense@@SAPAV1@XZ

?setCollectionProperties@WaCache@@SAHABW4WaCacheNamespace@@ABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@ABUWaCacheProps@@@Z

?instance@WaCache@@SAPAV1@XZ

?destroy@?$Singleton@VWaCryptoApiWrapper@@@@SAXXZ

?instance@?$Singleton@VWaCryptoApiWrapper@@@@SAPAVWaCryptoApiWrapper@@XZ

?removeThreadStack@WaCallTree@@SAXABVid@thread@std@@@Z

?destroy@WaCallTree@@SAXXZ

?getCallTree@WaCallTree@@SAXAAVWaJson@@@Z

?getCallTree@WaCallTree@@SAXPAPA_W_N@Z

?getTickCountSinceEpoch@WaTime@@YA_JXZ

?getCurrentEpochTime@WaTime@@YGHAAH@Z

?create@WaJsonFactory@@SAHPB_WAAVWaJson@@@Z

?toPrettyCharPointer@WaJson@@UBEXPAPA_W@Z

?toCharPointer@WaJson@@UBEXPAPA_W@Z

?toString@WaJson@@UBE?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@XZ

?contains@WaJson@@UBE_NPB_W@Z

?put@WaJson@@UAEXPB_W$$QAV1@@Z

?put@WaJson@@UAEXPB_WABV1@@Z

?add@WaJson@@UAEXABV1@@Z

?clear@WaJson@@UAEXXZ

?isType@WaJson@@UBE_NABW4WaJsonType@@@Z

??0WaJson@@QAE@ABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@ABV0@@Z

??0WaJson@@QAE@ABH@Z

??0WaJson@@QAE@$$QAV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z

??0WaJson@@QAE@PB_W@Z

??0WaJson@@QAE@XZ

?get@WaJson@@UBE?AV1@PB_W@Z

??1WaJson@@UAE@XZ

?writeToFile@WaDebugInfo@@QAEHABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@_NW4LOG_LEVEL@1@V?$set@W4LOG_COMPONENT@WaDebugInfo@@U?$less@W4LOG_COMPONENT@WaDebugInfo@@@std@@V?$allocator@W4LOG_COMPONENT@WaDebugInfo@@@4@@3@11@Z

?instance@WaDebugInfo@@SAPAV1@XZ

?instance@WaCallTree@@SAPAV1@ABVid@thread@std@@@Z

?evaluateResult@WaCallTree@@SAHH@Z

?open@WaRegKey@@QAEHPAUHKEY__@@ABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@K@Z

??1WaRegKey@@QAE@XZ

??0WaRegKey@@QAE@PAUHKEY__@@ABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z

?instance@WaConfigurations@@SAPAV1@XZ

?ensurePathEnding@WaStringUtils@@YAXAAV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z

?base64Decode@WaBase64@@QAE?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@ABV23@@Z

?checkCacheLimitAndCleanCollection@WaCache@@QAEHABW4WaCacheNamespace@@ABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@H@Z

?getRaw@WaCache@@QAEHABW4WaCacheNamespace@@ABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@PB_WAAVWaJson@@@Z

?insertRaw@WaCache@@QAEHABW4WaCacheNamespace@@ABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@PB_WABVWaJson@@@Z

?bytesToHexWString@WaStringUtils@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@PBEI@Z

?Is64@WaOSUtils@@QAE_NXZ

?instance@?$Singleton@VWaOSUtils@@@@SAPAVWaOSUtils@@XZ

?shellExecute@WaProcessUtils@@SAHABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@0HAAKAAV23@H_N@Z

?expandPath@WaFileUtils@@SA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@ABV23@@Z

?directoryContentsAll@WaFileUtils@@SAHABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@AAVWaJson@@H_NAB_N@Z

?getSpecialFolder@WaFileUtils@@SAHABHAAV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z

?getDeploymentPath@WaFileUtils@@SAHAAV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z

?getOESISVersion@WaFileInfo@@QAEHABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@0AAV23@@Z

??1WaFileInfo@@QAE@XZ

??0WaFileInfo@@QAE@XZ

?dotAdd@WaJson@@UAEHABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@ABV1@@Z

??1WaConfigurationsBase@@AAE@XZ

?getFileVersionFromPath@WaFileUtils@@SAHABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@ABHAAV23@AB_N@Z

libwaheap

_wa_getHeap@0

winhttp

WinHttpSetCredentials

WinHttpCrackUrl

WinHttpGetDefaultProxyConfiguration

WinHttpOpen

WinHttpCloseHandle

WinHttpConnect

WinHttpAddRequestHeaders

WinHttpReadData

WinHttpQueryDataAvailable

WinHttpSetOption

WinHttpSetTimeouts

WinHttpOpenRequest

WinHttpSendRequest

WinHttpQueryAuthSchemes

WinHttpGetIEProxyConfigForCurrentUser

WinHttpGetProxyForUrl

WinHttpQueryHeaders

WinHttpReceiveResponse

kernel32

GetCommandLineA

GetCommandLineW

GetEnvironmentStringsW

FindFirstFileExW

ReadConsoleW

GetConsoleMode

GetConsoleOutputCP

FlushFileBuffers

EnumSystemLocalesW

IsValidLocale

GetTimeFormatW

GetDateFormatW

HeapReAlloc

FreeLibraryAndExitThread

ExitThread

CreateThread

GetModuleHandleExW

ExitProcess

SetStdHandle

MoveFileExW

SetFilePointerEx

GetDriveTypeW

LoadLibraryExW

InterlockedFlushSList

InterlockedPushEntrySList

FreeEnvironmentStringsW

OutputDebugStringW

GetCPInfo

GetLocaleInfoW

LCMapStringW

CompareStringW

GetTickCount

TlsFree

TlsSetValue

TlsGetValue

TlsAlloc

InitializeCriticalSectionAndSpinCount

SetLastError

EncodePointer

GetStringTypeW

TryEnterCriticalSection

GetExitCodeThread

GetCurrentThread

GetSystemTimeAsFileTime

GetCurrentThreadId

GetCurrentProcessId

GetStartupInfoW

IsDebuggerPresent

InitializeSListHead

IsProcessorFeaturePresent

TerminateProcess

SetUnhandledExceptionFilter

UnhandledExceptionFilter

CreateEventW

WaitForSingleObjectEx

ResetEvent

SetEvent

LeaveCriticalSection

EnterCriticalSection

SetThreadAffinityMask

RegisterWaitForSingleObject

UnregisterWait

GetThreadTimes

SetEnvironmentVariableW

HeapSize

WriteConsoleW

CreateTimerQueue

SignalObjectAndWait

SwitchToThread

SetThreadPriority

GetThreadPriority

GetLogicalProcessorInformation

CreateTimerQueueTimer

ChangeTimerQueueTimer

DeleteTimerQueueTimer

GetNumaHighestNodeNumber

GetModuleHandleA

VirtualAlloc

VirtualFree

VirtualProtect

ReleaseSemaphore

InterlockedPopEntrySList

QueryDepthSList

UnregisterWaitEx

RtlUnwind

OpenProcess

CreateProcessA

CreatePipe

SetHandleInformation

DuplicateHandle

SearchPathA

GetStdHandle

GetExitCodeProcess

PeekNamedPipe

GetFullPathNameW

GetFileAttributesA

CreateFileA

GetOEMCP

GetACP

IsValidCodePage

GetTempPathW

LoadLibraryA

SetEndOfFile

GetFileType

GetFileInformationByHandle

GetCurrentDirectoryW

WideCharToMultiByte

MultiByteToWideChar

DeviceIoControl

QueryPerformanceCounter

SetFileTime

SetFileAttributesW

GetFileSizeEx

GetFileAttributesW

DeleteFileW

CreateDirectoryW

WriteFile

GetVersionExW

GlobalFree

GlobalAlloc

GetModuleHandleW

FindNextFileW

FindFirstFileW

FindClose

GetProcessHeap

HeapFree

HeapAlloc

SetFilePointer

ReadFile

Sleep

GetNativeSystemInfo

EnumUILanguagesW

DeleteCriticalSection

InitializeCriticalSectionEx

RaiseException

DecodePointer

LoadLibraryW

GetProcAddress

FreeLibrary

LocalFree

LocalAlloc

GetCurrentProcess

FileTimeToSystemTime

SystemTimeToTzSpecificLocalTime

MoveFileW

Wow64RevertWow64FsRedirection

Wow64DisableWow64FsRedirection

GetLastError

CloseHandle

RemoveDirectoryW

GetFileTime

CreateFileW

CopyFileW

FormatMessageW

GetUserDefaultLCID

GetTimeZoneInformation

GetModuleFileNameW

GetProcessAffinityMask

advapi32

ConvertStringSecurityDescriptorToSecurityDescriptorA

GetSidSubAuthority

GetSidSubAuthorityCount

GetTokenInformation

RegEnumKeyExW

RegQueryInfoKeyW

LookupPrivilegeValueW

CryptAcquireContextW

CryptReleaseContext

CryptGetHashParam

CryptCreateHash

CryptHashData

CryptDestroyHash

RegCloseKey

RegOpenKeyExW

RegQueryValueExW

CloseServiceHandle

ControlService

OpenSCManagerW

OpenServiceW

QueryServiceStatus

StartServiceW

CryptAcquireContextA

CryptGenRandom

OpenProcessToken

shell32

SHGetFolderPathW

ole32

CoCreateInstance

CoInitialize

CoUninitialize

oleaut32

SysAllocStringByteLen

SysAllocString

SysFreeString

SysStringLen

SysStringByteLen

VariantTimeToSystemTime

VariantInit

VariantClear

Exports

??0WaOVJson@OfflineVMod@@QAE@$$QAV01@@Z

??0WaOVJson@OfflineVMod@@QAE@$$QAV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z

??0WaOVJson@OfflineVMod@@QAE@$$QAV?$vector@VWaOVJson@OfflineVMod@@V?$allocator@VWaOVJson@OfflineVMod@@@std@@@std@@@Z

??0WaOVJson@OfflineVMod@@QAE@AAV01@_N@Z

??0WaOVJson@OfflineVMod@@QAE@ABV01@_N@Z

??0WaOVJson@OfflineVMod@@QAE@ABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@_N@Z

??0WaOVJson@OfflineVMod@@QAE@ABV?$vector@VWaOVJson@OfflineVMod@@V?$allocator@VWaOVJson@OfflineVMod@@@std@@@std@@_N@Z

??0WaOVJson@OfflineVMod@@QAE@H@Z

??0WaOVJson@OfflineVMod@@QAE@PBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@_N@Z

??0WaOVJson@OfflineVMod@@QAE@PB_W@Z

??0WaOVJson@OfflineVMod@@QAE@W4JsonTypeEnum@01@@Z

??0WaOVJson@OfflineVMod@@QAE@XZ

??0WaOVJson@OfflineVMod@@QAE@_N@Z

??1WaOVJson@OfflineVMod@@QAE@XZ

??4WaOVJson@OfflineVMod@@QAEAAV01@$$QAV01@@Z

??4WaOVJson@OfflineVMod@@QAEAAV01@ABV01@@Z

??_OWaOVJson@OfflineVMod@@QAEXAAV01@@Z

?addToArray@WaOVJson@OfflineVMod@@QAE_N$$QAV12@@Z

?addToArray@WaOVJson@OfflineVMod@@QAE_NAAV12@@Z

?addToArray@WaOVJson@OfflineVMod@@QAE_NABV12@_N@Z

?addToArrayBypassChecking@WaOVJson@OfflineVMod@@QAEXABV12@_N@Z

?addToArrayBypassChecking@WaOVJson@OfflineVMod@@QAEXABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@_N@Z

?addToArrayBypassChecking@WaOVJson@OfflineVMod@@QAEXABV?$vector@VWaOVJson@OfflineVMod@@V?$allocator@VWaOVJson@OfflineVMod@@@std@@@std@@_N@Z

?clean@WaOVJson@OfflineVMod@@AAEXXZ

?clearArray@WaOVJson@OfflineVMod@@QAEXXZ

?containsKey@WaOVJson@OfflineVMod@@QBE_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z

?containsKey@WaOVJson@OfflineVMod@@QBE_NPB_W@Z

?escStr@WaOVJson@OfflineVMod@@SA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@ABV34@@Z

?getArraySize@WaOVJson@OfflineVMod@@QBEHXZ

?getKeys@WaOVJson@OfflineVMod@@QBE?AV?$vector@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@V?$allocator@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@2@@std@@XZ

?getObjectSize@WaOVJson@OfflineVMod@@QBEHXZ

?getType@WaOVJson@OfflineVMod@@QBE?AW4JsonTypeEnum@12@XZ

?getValue@WaOVJson@OfflineVMod@@QBE_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@AAH@Z

?getValue@WaOVJson@OfflineVMod@@QBE_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@AAV12@@Z

?getValue@WaOVJson@OfflineVMod@@QBE_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@AAV34@@Z

?getValue@WaOVJson@OfflineVMod@@QBE_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@AAV?$vector@VWaOVJson@OfflineVMod@@V?$allocator@VWaOVJson@OfflineVMod@@@std@@@4@@Z

?getValue@WaOVJson@OfflineVMod@@QBE_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@AA_N@Z

?getValue@WaOVJson@OfflineVMod@@QBE_NPB_WAAH@Z

?getValue@WaOVJson@OfflineVMod@@QBE_NPB_WAAV12@@Z

?getValue@WaOVJson@OfflineVMod@@QBE_NPB_WAAV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z

?getValue@WaOVJson@OfflineVMod@@QBE_NPB_WAAV?$vector@VWaOVJson@OfflineVMod@@V?$allocator@VWaOVJson@OfflineVMod@@@std@@@std@@@Z

?getValue@WaOVJson@OfflineVMod@@QBE_NPB_WAA_N@Z

?getValueArray@WaOVJson@OfflineVMod@@QAEAAV?$vector@VWaOVJson@OfflineVMod@@V?$allocator@VWaOVJson@OfflineVMod@@@std@@@std@@PB_W@Z

?getValueArray@WaOVJson@OfflineVMod@@QBEABV?$vector@VWaOVJson@OfflineVMod@@V?$allocator@VWaOVJson@OfflineVMod@@@std@@@std@@PB_W@Z

?getValueAsBool@WaOVJson@OfflineVMod@@QBE_NAA_N@Z

?getValueAsInt@WaOVJson@OfflineVMod@@QBE_NAAH@Z

?getValueAsString@WaOVJson@OfflineVMod@@QBEABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@XZ

?getValueAsString@WaOVJson@OfflineVMod@@QBE_NAAV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z

?getValueAt@WaOVJson@OfflineVMod@@QAEAAV12@H@Z

?getValueAt@WaOVJson@OfflineVMod@@QBEABV12@H@Z

?getValueAt@WaOVJson@OfflineVMod@@QBE_NHAAH@Z

?getValueAt@WaOVJson@OfflineVMod@@QBE_NHAAV12@@Z

?getValueAt@WaOVJson@OfflineVMod@@QBE_NHAAV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z

?getValueAt@WaOVJson@OfflineVMod@@QBE_NHAAV?$vector@VWaOVJson@OfflineVMod@@V?$allocator@VWaOVJson@OfflineVMod@@@std@@@std@@@Z

?getValueAt@WaOVJson@OfflineVMod@@QBE_NHAA_N@Z

?getValueObject@WaOVJson@OfflineVMod@@QAEAAV12@PB_W@Z

?getValueObject@WaOVJson@OfflineVMod@@QBEABV12@PB_W@Z

?getValueString@WaOVJson@OfflineVMod@@QAEAAV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@PB_W@Z

?getValueString@WaOVJson@OfflineVMod@@QBEABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@PB_W@Z

?getValueType@WaOVJson@OfflineVMod@@QBE?AW4JsonTypeEnum@12@ABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z

?getValueType@WaOVJson@OfflineVMod@@QBE?AW4JsonTypeEnum@12@PB_W@Z

?init@WaOVJson@OfflineVMod@@AAEXXZ

?isUndefined@WaOVJson@OfflineVMod@@QBE_NXZ

?isValueNull@WaOVJson@OfflineVMod@@QBE_NPB_W@Z

?putToObject@WaOVJson@OfflineVMod@@QAE_N$$QAV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@$$QAV12@@Z

?putToObject@WaOVJson@OfflineVMod@@QAE_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@AAV12@@Z

?putToObject@WaOVJson@OfflineVMod@@QAE_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@ABV12@_N@Z

?putToObject@WaOVJson@OfflineVMod@@QAE_NPB_W$$QAV12@@Z

?putToObject@WaOVJson@OfflineVMod@@QAE_NPB_WAAV12@@Z

?putToObject@WaOVJson@OfflineVMod@@QAE_NPB_WABV12@_N@Z

?putToObjectBypassChecking@WaOVJson@OfflineVMod@@QAEXPB_WABV12@_N@Z

?putToObjectBypassChecking@WaOVJson@OfflineVMod@@QAEXPB_WABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@_N@Z

?putToObjectBypassChecking@WaOVJson@OfflineVMod@@QAEXPB_WABV?$vector@VWaOVJson@OfflineVMod@@V?$allocator@VWaOVJson@OfflineVMod@@@std@@@std@@_N@Z

?remove@WaOVJson@OfflineVMod@@QAEXH@Z

?remove@WaOVJson@OfflineVMod@@QAEXPB_W@Z

?reserveArraySize@WaOVJson@OfflineVMod@@QAEXI@Z

?setType@WaOVJson@OfflineVMod@@QAEXW4JsonTypeEnum@12@@Z

?toString@WaOVJson@OfflineVMod@@QBE?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@XZ

?toString@WaOVJson@OfflineVMod@@QBEXAAV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z

?toString@WaOVJson@OfflineVMod@@QBEXPAPA_W@Z

?wa_offline_vmod_invoke@@YG_NABVWaOVJson@OfflineVMod@@AAV12@@Z

_wa_offline_vmod_extract_database_from_path@8

_wa_offline_vmod_free@4

_wa_offline_vmod_invoke@8

_wa_offline_vmod_load_database_from_path@4

_wa_offline_vmod_load_database_from_string@4

_wa_offline_vmod_read_database_from_path@8

_wa_offline_vmod_read_database_from_string@8

_wa_offline_vmod_setup@0

_wa_offline_vmod_teardown@0

wa_vmod_api_free

wa_vmod_api_invoke

wa_vmod_api_register_handler

wa_vmod_api_setup

wa_vmod_api_teardown

wa_vmod_api_unregister_handler

Sections

.text
Size: 2.8MB - Virtual size: 2.8MB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

.rdata
Size: 536KB - Virtual size: 535KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.data
Size: 25KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 177B

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.reloc
Size: 157KB - Virtual size: 156KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_DISCARDABLE

IMAGE_SCN_MEM_READ

x86/wa_3rd_party_host_32.exe

.exe windows:6 windows x86 arch:x86

8228b51f94e32d919543d0118d0ddc46

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

09:02:b3:6b:32:51:c3:28:08:3f:77:7c:a0:84:28:ff
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

16/09/2022, 00:00

Not After

17/09/2025, 23:59

Subject

CN=Avast Software s.r.o.,O=Avast Software s.r.o.,L=Praha,C=CZ

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

26:e8:69:f5:73:ff:00:22:d1:02:49:6d:20:65:91:64:b4:8f:15:76:13:43:b5:63:bc:eb:61:05:53:2e:22:2f
Signer

Actual PE Digest

26:e8:69:f5:73:ff:00:22:d1:02:49:6d:20:65:91:64:b4:8f:15:76:13:43:b5:63:bc:eb:61:05:53:2e:22:2f

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

IMAGE_DLLCHARACTERISTICS_GUARD_CF

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_32BIT_MACHINE

PDB Paths

wa_3rd_party_host_32.pdb

Imports

kernel32

GetTempPathA

FormatMessageW

GetDiskFreeSpaceA

GetLastError

GetFileAttributesA

GetFileAttributesExW

OutputDebugStringW

FlushViewOfFile

CreateFileA

LoadLibraryA

WaitForSingleObjectEx

DeleteFileA

DeleteFileW

HeapReAlloc

CloseHandle

RaiseException

GetSystemInfo

LoadLibraryW

HeapAlloc

HeapCompact

HeapDestroy

UnlockFile

GetProcAddress

LocalFree

LockFileEx

GetFileSize

DeleteCriticalSection

GetCurrentProcessId

GetProcessHeap

SystemTimeToFileTime

FreeLibrary

WideCharToMultiByte

GetSystemTimeAsFileTime

GetSystemTime

FormatMessageA

CreateFileMappingW

MapViewOfFile

QueryPerformanceCounter

GetTickCount

FlushFileBuffers

GetTickCount64

SizeofResource

GetModuleHandleExW

GetModuleFileNameW

LocalAlloc

FreeResource

LockResource

LoadResource

FindResourceW

SetErrorMode

LoadLibraryExW

InitializeCriticalSectionEx

Sleep

GetWindowsDirectoryW

GetEnvironmentStringsW

GetCurrentDirectoryW

SetCurrentDirectoryW

FindFirstFileW

FindNextFileW

FindClose

FileTimeToSystemTime

GetFileTime

GetVolumeNameForVolumeMountPointW

GetLogicalDriveStringsW

GetDriveTypeW

DeviceIoControl

GetSystemWindowsDirectoryW

lstrcpyW

GetModuleHandleW

WaitForMultipleObjects

CreateEventW

SetEvent

CreateNamedPipeW

OpenProcess

CreateThread

GetOverlappedResult

ConnectNamedPipe

GetExitCodeProcess

CreateToolhelp32Snapshot

Process32NextW

Process32FirstW

DisconnectNamedPipe

CreateDirectoryW

GetCurrentProcess

CreateProcessW

CopyFileW

SetLastError

lstrcpynW

GetLocaleInfoW

TerminateProcess

GetTempFileNameW

ExpandEnvironmentStringsW

GetVersionExW

GetTimeZoneInformation

GetSystemDirectoryW

ReleaseMutex

CreateMutexA

VirtualAlloc

VirtualFree

VirtualQuery

WriteConsoleW

ReadConsoleW

SetStdHandle

MultiByteToWideChar

HeapSize

HeapValidate

UnmapViewOfFile

GetCurrentThreadId

GetFileAttributesW

CreateFileW

WaitForSingleObject

CreateMutexW

GetTempPathW

UnlockFileEx

SetEndOfFile

AreFileApisANSI

GetFullPathNameA

SetFilePointer

InitializeCriticalSection

LeaveCriticalSection

LockFile

OutputDebugStringA

GetDiskFreeSpaceW

WriteFile

GetFullPathNameW

EnterCriticalSection

HeapFree

HeapCreate

TryEnterCriticalSection

ReadFile

DecodePointer

FreeEnvironmentStringsW

FindFirstFileExW

SetEnvironmentVariableW

SetFilePointerEx

GetFileSizeEx

GetConsoleMode

GetConsoleOutputCP

GetOEMCP

GetACP

IsValidCodePage

GetFileType

EnumSystemLocalesW

GetUserDefaultLCID

IsValidLocale

GetTimeFormatW

GetDateFormatW

GetCommandLineW

GetCommandLineA

GetStdHandle

ExitProcess

ExitThread

RtlUnwind

UnregisterWaitEx

QueryDepthSList

InterlockedFlushSList

InterlockedPushEntrySList

InterlockedPopEntrySList

ReleaseSemaphore

VirtualProtect

UnregisterWait

RegisterWaitForSingleObject

SetThreadAffinityMask

GetProcessAffinityMask

GetNumaHighestNodeNumber

DeleteTimerQueueTimer

ChangeTimerQueueTimer

CreateTimerQueueTimer

GetLogicalProcessorInformation

GetThreadPriority

SetThreadPriority

SwitchToThread

SignalObjectAndWait

GetModuleHandleA

FreeLibraryAndExitThread

UnhandledExceptionFilter

SetUnhandledExceptionFilter

IsProcessorFeaturePresent

ResetEvent

IsDebuggerPresent

GetStartupInfoW

InitializeSListHead

GetStringTypeW

DuplicateHandle

GetCurrentThread

GetExitCodeThread

GetNativeSystemInfo

QueryPerformanceFrequency

EncodePointer

QueueUserWorkItem

InitializeCriticalSectionAndSpinCount

TlsAlloc

TlsGetValue

TlsSetValue

TlsFree

CompareStringW

LCMapStringW

GetCPInfo

CreateTimerQueue

GetThreadTimes

LoadLibraryExA

user32

PostThreadMessageW

wsprintfW

advapi32

OpenSCManagerW

EqualSid

AllocateAndInitializeSid

FreeSid

CheckTokenMembership

QueryServiceStatus

OpenServiceW

RegCloseKey

RegEnumKeyExW

RegOpenKeyExW

RegQueryValueExW

CloseServiceHandle

GetSidSubAuthorityCount

GetSidSubAuthority

GetTokenInformation

AccessCheck

GetFileSecurityW

DuplicateToken

MapGenericMask

LookupPrivilegeValueW

AdjustTokenPrivileges

RegSaveKeyW

OpenProcessToken

ole32

CoSetProxyBlanket

CoUninitialize

CoInitializeEx

CoCreateInstance

IIDFromString

CLSIDFromString

CoAddRefServerProcess

CoReleaseServerProcess

OleRun

oleaut32

GetErrorInfo

VariantTimeToSystemTime

VariantClear

SafeArrayCreateVector

SafeArrayCreate

SafeArrayLock

VariantCopy

SafeArrayPutElement

SysAllocString

SysFreeString

SafeArrayGetDim

SysStringLen

SysAllocStringLen

SafeArrayDestroy

VariantInit

SafeArrayGetElement

SafeArrayUnlock

version

GetFileVersionInfoSizeW

GetFileVersionInfoW

VerQueryValueW

shlwapi

StrStrIW

wininet

HttpSendRequestW

InternetConnectW

InternetCloseHandle

InternetOpenW

InternetSetOptionW

InternetReadFile

HttpOpenRequestW

Exports

_QHChangeOnAccessScanState@8

_QHEnableOnAccessScan@8

_QHFreeThreatHistoryListA@8

_QHFreeThreatHistoryListW@8

_QHGetAppLanguageA@16

_QHGetAppLanguageW@16

_QHGetDigitalCertSignerA@12

_QHGetDigitalCertSignerW@12

_QHGetEngineVersionA@12

_QHGetEngineVersionW@12

_QHGetExpDate@8

_QHGetLastFullScanTime@8

_QHGetProductInstallDirA@12

_QHGetProductInstallDirW@12

_QHGetSASQHStatus@8

_QHGetSigDatabaseDirA@12

_QHGetSigDatabaseDirW@12

_QHGetSigDatabaseTime@8

_QHGetSigDatabaseVersionA@12

_QHGetSigDatabaseVersionW@12

_QHGetThreatHistoryA@8

_QHGetThreatHistoryW@8

_QHInitUpdate@4

_QHInitiateFileScanA@8

_QHInitiateFileScanW@8

_QHInitiateFolderScanA@8

_QHInitiateFolderScanW@8

_QHInitiateFullScan@4

_QHIsAVInstalled@4

_QHIsFullScanRunning@4

_QHIsLicenseExpired@4

_QHIsOnAccessScanEnabled@4

_QHIsUpdateInProgress@4

_QHOpenScanner@4

Sections

.text
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

.rdata
Size: 406KB - Virtual size: 405KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.data
Size: 29KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.didat
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.reloc
Size: 69KB - Virtual size: 69KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_DISCARDABLE

IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9381e5c599e91d84bb79f422192efbef

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

05:75:e1:f7:ec:9b:d8:a6:7a:3f:61:89:c6:3e:97:bbCertificate

Extended Key Usages

Key Usages

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16Certificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

5e:b5:d4:b8:1f:6b:73:fb:7d:ce:e4:d9:02:01:62:55:66:f9:d2:7a:bd:08:75:1c:ad:4b:94:4e:47:4e:bf:a6Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ntdll

bcrypt

rpcrt4

ws2_32

advapi32

dnsapi

winhttp

shlwapi

userenv

kernel32

user32

gdi32

comdlg32

shell32

ole32

oleaut32

comctl32

gdiplus

powrprof

dxgi

dbghelp

winmm

secur32

urlmon

oleacc

imm32

usp10

winspool.drv

Exports

Exports

Sections

.text Size: 19.3MB - Virtual size: 19.3MB

.rdata Size: 5.4MB - Virtual size: 5.4MB

.data Size: 1.7MB - Virtual size: 3.8MB

.didat Size: 1024B - Virtual size: 516B

.rsrc Size: 9.7MB - Virtual size: 9.7MB

.reloc Size: 1.2MB - Virtual size: 1.2MB

d86693ce643afb92041ce5b57cca682d

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

05:75:e1:f7:ec:9b:d8:a6:7a:3f:61:89:c6:3e:97:bbCertificate

Extended Key Usages

Key Usages

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16Certificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

05:75:e1:f7:ec:9b:d8:a6:7a:3f:61:89:c6:3e:97:bb
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

5e:b5:d4:b8:1f:6b:73:fb:7d:ce:e4:d9:02:01:62:55:66:f9:d2:7a:bd:08:75:1c:ad:4b:94:4e:47:4e:bf:a6
Signer

.text
Size: 19.3MB - Virtual size: 19.3MB

.rdata
Size: 5.4MB - Virtual size: 5.4MB

.data
Size: 1.7MB - Virtual size: 3.8MB

.didat
Size: 1024B - Virtual size: 516B

.rsrc
Size: 9.7MB - Virtual size: 9.7MB

.reloc
Size: 1.2MB - Virtual size: 1.2MB

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

05:75:e1:f7:ec:9b:d8:a6:7a:3f:61:89:c6:3e:97:bb
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

f8:fd:71:d5:5c:46:68:52:38:3a:c9:ab:f6:8a:d4:e4:1a:cf:91:fa:3d:1d:5a:6b:34:5e:96:e2:6f:3e:17:3c
Signer

.text
Size: 23.4MB - Virtual size: 23.4MB

.rdata
Size: 7.0MB - Virtual size: 7.0MB

.data
Size: 1.8MB - Virtual size: 4.0MB

.pdata
Size: 948KB - Virtual size: 948KB

.didat
Size: 1KB - Virtual size: 1KB

_RDATA
Size: 512B - Virtual size: 500B

.rsrc
Size: 9.8MB - Virtual size: 9.8MB

.reloc
Size: 277KB - Virtual size: 276KB

05:9b:1b:57:9e:8e:21:32:e2:39:07:bd:a7:77:75:5c
Certificate

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

05:0a:5a:39:6d:03:ea:60:cd:53:68:b3:d7:ba:f7:a6
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

34:a3:55:ba:42:bd:46:d2:68:b0:96:a7:9e:cf:07:98:02:6e:48:1a:ba:87:54:f5:df:b6:61:ab:8b:00:13:9f
Signer