agenttesla | ALL-IN-ONE[.]rar

Sharing

Copy URL Twitter E-mail

General

Target

ALL-IN-ONE.rar
Size

733.8MB
MD5

d5d2b5d73c30e9deed0e1d68cc53c68b
SHA1

fcf72e1d7bc62cdaccdc0e6eac4b7bbc65ae91e2
SHA256

e41695197b54be318cfd288cdb0c4a8ad899f6a79aa7a65f7ede68aafff97046
SHA512

cf91817f8e22e54fe307ecf3c3b6d182a1bf4a9d4744a4da1879f599e05018a6690101922dfba9d3f7108032572a28a647efbe220b688b18de4478a387940258
SSDEEP

12582912:OmQO70TQqlGrNlnIKLvQIJwKhIXu+x7gS9RCF3WdxKvEsHYDdrtK0WCA5KDkQTd/:ORTQWoQu3PhIXtcS9lH+EsHYltDkJ+

Score

10^/10

agenttesla

Malware Config

Signatures

AgentTesla payload 1 IoCs

resource	yara_rule
static1/unpack001/ALL-IN-ONE/Spoofer/Guna.UI2.dll	family_agenttesla

Agenttesla family
agenttesla

Unsigned PE 3 IoCs

Checks for missing Authenticode signature.

resource
unpack001/ALL-IN-ONE/Spoofer/Loader.dll
unpack001/ALL-IN-ONE/Spoofer/Loader.exe
unpack001/ALL-IN-ONE/TroubleShoot/DLLS/UCRTBASED/ucrtbased.dll

Files

ALL-IN-ONE.rar
.rar
ALL-IN-ONE/Instructions/ReadMe.txt
ALL-IN-ONE/Quick Launch.bat
ALL-IN-ONE/Spoofer/Guna.UI2.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Code Sign

7a:98:1b:7d:3e:b4:86:bb:45:84:c4:3c:c9:a8:3f:db
Certificate

Issuer

CN=Sobatdata Root CA

Not Before

23/10/2019, 05:22

Not After

22/10/2025, 17:00

Subject

CN=Sobatdata Software

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

5e:00:a7:1b:7e:46:57:12:de:98:da:e3:8d:91:ea:26:6d:ef:71:ee
Signer

Actual PE Digest

5e:00:a7:1b:7e:46:57:12:de:98:da:e3:8d:91:ea:26:6d:ef:71:ee

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

mscoree

_CorDllMain

Sections

.text
Size: 2.1MB - Virtual size: 2.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ALL-IN-ONE/Spoofer/Loader.dll
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\AJ\source\repos\RNSOURCES2\RNSOURCES2\obj\Debug\net8.0-windows8.0\Loader.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 45.7MB - Virtual size: 45.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ALL-IN-ONE/Spoofer/Loader.exe
.exe windows:6 windows x64 arch:x64

6a91eb82bfd19d2706c7d43c46f7064e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

D:\a\_work\1\s\artifacts\obj\win-x64.Release\corehost\apphost\standalone\apphost.pdb

Imports

kernel32

FreeLibrary
LoadLibraryExW
OutputDebugStringW
FindFirstFileExW
EnterCriticalSection
GetFullPathNameW
FindNextFileW
GetCurrentProcess
GetModuleHandleExW
GetModuleFileNameW
LeaveCriticalSection
GetEnvironmentVariableW
GetModuleHandleW
MultiByteToWideChar
GetFileAttributesExW
LoadLibraryA
DeleteCriticalSection
WideCharToMultiByte
IsWow64Process
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
GetProcAddress
GetWindowsDirectoryW
FindResourceW
GetLastError
ActivateActCtx
FindClose
CreateActCtxW
SetLastError
RaiseException
RtlPcToFileHeader
RtlUnwindEx
InitializeSListHead
GetCurrentProcessId
IsDebuggerPresent
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetStringTypeW
SwitchToThread
GetCurrentThreadId
InitializeCriticalSectionEx
EncodePointer
DecodePointer
LCMapStringEx
QueryPerformanceCounter
GetSystemTimeAsFileTime

user32

MessageBoxW

shell32

ShellExecuteW

advapi32

RegOpenKeyExW
RegGetValueW
DeregisterEventSource
RegisterEventSourceW
ReportEventW
RegCloseKey

api-ms-win-crt-runtime-l1-1-0

_invalid_parameter_noinfo_noreturn
_exit
exit
_initterm_e
_initterm
_get_initial_wide_environment
_initialize_wide_environment
_configure_wide_argv
_set_app_type
_seh_filter_exe
_cexit
_crt_atexit
_register_onexit_function
_initialize_onexit_table
_errno
abort
__p___wargv
_c_exit
_register_thread_local_exe_atexit_callback
terminate
__p___argc

api-ms-win-crt-stdio-l1-1-0

__acrt_iob_func
fputwc
__p__commode
_set_fmode
fputws
_wfsopen
fflush
__stdio_common_vfwprintf
__stdio_common_vsnwprintf_s
__stdio_common_vswprintf
setvbuf

api-ms-win-crt-heap-l1-1-0

calloc
_set_new_mode
free
_callnewh
malloc

api-ms-win-crt-string-l1-1-0

toupper
_wcsdup
wcsncmp
wcsnlen
strcpy_s

api-ms-win-crt-convert-l1-1-0

wcstoul
_wtoi

api-ms-win-crt-time-l1-1-0

_gmtime64_s
_time64
wcsftime

api-ms-win-crt-locale-l1-1-0

setlocale
___mb_cur_max_func
_configthreadlocale
___lc_codepage_func
___lc_locale_name_func
__pctype_func
_lock_locales
_unlock_locales

api-ms-win-crt-math-l1-1-0

__setusermatherr

Sections

.text
Size: 90KB - Virtual size: 90KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 37KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 500B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 792B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
ALL-IN-ONE/Spoofer/Loader.runtimeconfig.json
ALL-IN-ONE/TroubleShoot/DLLS/MSVCP/msvcp140.dll
.dll windows:6 windows x64 arch:x64

01c801a34c4715440ef1f25ad689b315

Code Sign

33:00:00:01:36:1b:d9:a8:16:fd:b8:e9:32:00:00:00:00:01:36
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/10/2019, 23:17

Not After

21/01/2021, 23:17

Subject

CN=Microsoft Time-Stamp Service,OU=Microsoft Ireland Operations Limited+OU=Thales TSS ESN:0842-4BE6-C29A,O=Microsoft Corporation,L=Redmond,ST=WA,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

33:00:00:01:52:9b:40:9f:50:56:99:75:88:00:00:00:00:01:52
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

02/05/2019, 21:37

Not After

02/05/2020, 21:37

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03/04/2007, 12:53

Not After

03/04/2021, 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08/07/2011, 20:59

Not After

08/07/2026, 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:01:52:9b:40:9f:50:56:99:75:88:00:00:00:00:01:52
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

02/05/2019, 21:37

Not After

02/05/2020, 21:37

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08/07/2011, 20:59

Not After

08/07/2026, 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

6d:f2:ce:f0:6b:33:91:c2:a5:5c:2f:44:e4:21:54:88:e8:09:31:05:76:a9:0a:7c:5c:8e:01:93:9a:da:80:3c
Signer

Actual PE Digest

6d:f2:ce:f0:6b:33:91:c2:a5:5c:2f:44:e4:21:54:88:e8:09:31:05:76:a9:0a:7c:5c:8e:01:93:9a:da:80:3c

Digest Algorithm

sha256

PE Digest Matches

true

48:83:9f:3f:80:32:1f:c8:5c:fa:be:ca:d8:b4:84:f6:ea:7e:86:df
Signer

Actual PE Digest

48:83:9f:3f:80:32:1f:c8:5c:fa:be:ca:d8:b4:84:f6:ea:7e:86:df

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

d:\agent\_work\3\s\\binaries\amd64ret\bin\amd64\\msvcp140.amd64.pdb

Imports

vcruntime140

__C_specific_handler
__current_exception_context
memcmp
__uncaught_exceptions
__uncaught_exception
memchr
memmove
__std_terminate
_purecall
memset
memcpy
_CxxThrowException
__AdjustPointer
__current_exception
__std_exception_destroy
__std_type_info_destroy_list
__std_exception_copy

vcruntime140_1

__CxxFrameHandler4

api-ms-win-crt-heap-l1-1-0

_callnewh
realloc
calloc
malloc
free

api-ms-win-crt-runtime-l1-1-0

abort
_invalid_parameter_noinfo_noreturn
_register_onexit_function
_initialize_onexit_table
_initialize_narrow_environment
terminate
_endthreadex
_seh_filter_dll
_set_new_handler
_execute_onexit_table
_crt_atexit
_cexit
_initterm_e
_configure_narrow_argv
_initterm
_errno
_beginthreadex

api-ms-win-crt-string-l1-1-0

isxdigit
isupper
wcscpy_s
wcsnlen
__strncnt
tolower
strcspn
iswdigit
isdigit
iswxdigit
islower
isspace
isalnum
iswspace
_wcsdup
iswalnum

api-ms-win-crt-locale-l1-1-0

___mb_cur_max_func
_lock_locales
___lc_locale_name_func
___lc_collate_cp_func
localeconv
___lc_codepage_func
setlocale
__pctype_func
_unlock_locales

api-ms-win-crt-stdio-l1-1-0

ungetwc
fseek
_fsopen
_wfsopen
__acrt_iob_func
_get_stream_buffer_pointers
fclose
__stdio_common_vsprintf_s
fflush
fputs
fgetc
fgetpos
fputc
fgetwc
fread
fputwc
fwrite
fsetpos
ungetc
setvbuf
_fseeki64

api-ms-win-crt-filesystem-l1-1-0

_lock_file
_wrename
_wchdir
_wremove
_wrmdir
_unlock_file

api-ms-win-crt-time-l1-1-0

_W_Getdays
_Getmonths
_W_Gettnames
_Wcsftime
_Strftime
_W_Getmonths
_Gettnames
_Getdays

api-ms-win-crt-environment-l1-1-0

_wgetcwd

api-ms-win-crt-math-l1-1-0

log
pow
powf
ldexp
logf
frexp

api-ms-win-crt-convert-l1-1-0

strtof
btowc
strtod

api-ms-win-crt-utility-l1-1-0

rand_s

kernel32

RtlCaptureStackBackTrace
RaiseException
MultiByteToWideChar
GetCPInfo
WideCharToMultiByte
LoadLibraryExA
CompareStringW
LCMapStringW
GetLocaleInfoW
CreateDirectoryW
CreateFileW
FindClose
FindFirstFileExW
FindNextFileW
GetDiskFreeSpaceExW
GetFileAttributesExW
GetFileInformationByHandle
SetEndOfFile
FreeLibrary
VirtualQuery
VirtualProtect
GetSystemInfo
InitializeSListHead
GetCurrentProcessId
IsDebuggerPresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetProcAddress
GetModuleHandleW
GetTickCount
GetSystemTimeAsFileTime
CreateEventW
InitializeCriticalSectionAndSpinCount
SetLastError
IsProcessorFeaturePresent
RtlPcToFileHeader
GetStringTypeW
QueryPerformanceFrequency
QueryPerformanceCounter
GetModuleHandleExW
QueueUserWorkItem
DeleteCriticalSection
TryEnterCriticalSection
LeaveCriticalSection
EnterCriticalSection
GetNativeSystemInfo
GetExitCodeThread
GetCurrentThreadId
SwitchToThread
Sleep
WaitForSingleObjectEx
FormatMessageA
LocalFree
DecodePointer
EncodePointer
CreateHardLinkW
CopyFileW
GetLastError
CloseHandle
AreFileApisANSI
GetTempPathW
SetFileTime
SetFilePointerEx
SetFileAttributesW

Exports

Exports

??$_Getvals@_W@?$time_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@IEAAX_WAEBV_Locinfo@1@@Z
??$_Getvals@_W@?$time_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@IEAAX_WAEBV_Locinfo@1@@Z
??$_Getvals@_W@?$time_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@IEAAX_WAEBV_Locinfo@1@@Z
??0?$_Yarn@D@std@@QEAA@AEBV01@@Z
??0?$_Yarn@D@std@@QEAA@PEBD@Z
??0?$_Yarn@D@std@@QEAA@XZ
??0?$_Yarn@G@std@@QEAA@AEBV01@@Z
??0?$_Yarn@G@std@@QEAA@PEBG@Z
??0?$_Yarn@G@std@@QEAA@XZ
??0?$_Yarn@_W@std@@QEAA@AEBV01@@Z
??0?$_Yarn@_W@std@@QEAA@PEB_W@Z
??0?$_Yarn@_W@std@@QEAA@XZ
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
??0?$basic_ios@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??0?$basic_ios@GU?$char_traits@G@std@@@std@@IEAA@XZ
??0?$basic_ios@GU?$char_traits@G@std@@@std@@QEAA@PEAV?$basic_streambuf@GU?$char_traits@G@std@@@1@@Z
??0?$basic_ios@_WU?$char_traits@_W@std@@@std@@IEAA@XZ
??0?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEAA@PEAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@@Z
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@IEAA@$$QEAV01@@Z
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??0?$basic_iostream@GU?$char_traits@G@std@@@std@@IEAA@$$QEAV01@@Z
??0?$basic_iostream@GU?$char_traits@G@std@@@std@@QEAA@PEAV?$basic_streambuf@GU?$char_traits@G@std@@@1@@Z
??0?$basic_iostream@_WU?$char_traits@_W@std@@@std@@IEAA@$$QEAV01@@Z
??0?$basic_iostream@_WU?$char_traits@_W@std@@@std@@QEAA@PEAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@@Z
??0?$basic_istream@DU?$char_traits@D@std@@@std@@IEAA@$$QEAV01@@Z
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N1@Z
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@W4_Uninitialized@1@@Z
??0?$basic_istream@GU?$char_traits@G@std@@@std@@IEAA@$$QEAV01@@Z
??0?$basic_istream@GU?$char_traits@G@std@@@std@@QEAA@PEAV?$basic_streambuf@GU?$char_traits@G@std@@@1@_N1@Z
??0?$basic_istream@GU?$char_traits@G@std@@@std@@QEAA@PEAV?$basic_streambuf@GU?$char_traits@G@std@@@1@_N@Z
??0?$basic_istream@GU?$char_traits@G@std@@@std@@QEAA@W4_Uninitialized@1@@Z
??0?$basic_istream@_WU?$char_traits@_W@std@@@std@@IEAA@$$QEAV01@@Z
??0?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAA@PEAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@_N1@Z
??0?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAA@PEAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@_N@Z
??0?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAA@W4_Uninitialized@1@@Z
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@IEAA@$$QEAV01@@Z
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@W4_Uninitialized@1@_N@Z
??0?$basic_ostream@GU?$char_traits@G@std@@@std@@IEAA@$$QEAV01@@Z
??0?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAA@PEAV?$basic_streambuf@GU?$char_traits@G@std@@@1@_N@Z
??0?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAA@W4_Uninitialized@1@_N@Z
??0?$basic_ostream@_WU?$char_traits@_W@std@@@std@@IEAA@$$QEAV01@@Z
??0?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAA@PEAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@_N@Z
??0?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAA@W4_Uninitialized@1@_N@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@AEBV01@@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@W4_Uninitialized@1@@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
??0?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAA@AEBV01@@Z
??0?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAA@W4_Uninitialized@1@@Z
??0?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAA@XZ
??0?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAA@AEBV01@@Z
??0?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAA@W4_Uninitialized@1@@Z
??0?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAA@XZ
??0?$codecvt@DDU_Mbstatet@@@std@@QEAA@AEBV_Locinfo@1@_K@Z
??0?$codecvt@DDU_Mbstatet@@@std@@QEAA@_K@Z
??0?$codecvt@GDU_Mbstatet@@@std@@QEAA@AEBV_Locinfo@1@_K@Z
??0?$codecvt@GDU_Mbstatet@@@std@@QEAA@_K@Z
??0?$codecvt@_SDU_Mbstatet@@@std@@QEAA@AEBV_Locinfo@1@KW4_Codecvt_mode@1@_K@Z
??0?$codecvt@_SDU_Mbstatet@@@std@@QEAA@AEBV_Locinfo@1@_K@Z
??0?$codecvt@_SDU_Mbstatet@@@std@@QEAA@_K@Z
??0?$codecvt@_UDU_Mbstatet@@@std@@QEAA@AEBV_Locinfo@1@KW4_Codecvt_mode@1@_K@Z
??0?$codecvt@_UDU_Mbstatet@@@std@@QEAA@AEBV_Locinfo@1@_K@Z
??0?$codecvt@_UDU_Mbstatet@@@std@@QEAA@_K@Z
??0?$codecvt@_WDU_Mbstatet@@@std@@QEAA@AEBV_Locinfo@1@_K@Z
??0?$codecvt@_WDU_Mbstatet@@@std@@QEAA@_K@Z
??0?$ctype@D@std@@QEAA@AEBV_Locinfo@1@_K@Z
??0?$ctype@D@std@@QEAA@PEBF_N_K@Z
??0?$ctype@G@std@@QEAA@AEBV_Locinfo@1@_K@Z
??0?$ctype@G@std@@QEAA@_K@Z
??0?$ctype@_W@std@@QEAA@AEBV_Locinfo@1@_K@Z
??0?$ctype@_W@std@@QEAA@_K@Z
??0?$num_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QEAA@AEBV_Locinfo@1@_K@Z
??0?$num_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QEAA@_K@Z
??0?$num_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QEAA@AEBV_Locinfo@1@_K@Z
??0?$num_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QEAA@_K@Z
??0?$num_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@QEAA@AEBV_Locinfo@1@_K@Z
??0?$num_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@QEAA@_K@Z
??0?$num_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QEAA@AEBV_Locinfo@1@_K@Z
??0?$num_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QEAA@_K@Z
??0?$num_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QEAA@AEBV_Locinfo@1@_K@Z
??0?$num_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QEAA@_K@Z
??0?$num_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@QEAA@AEBV_Locinfo@1@_K@Z
??0?$num_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@QEAA@_K@Z
??0?$time_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@IEAA@PEBD_K@Z
??0?$time_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QEAA@AEBV_Locinfo@1@_K@Z
??0?$time_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QEAA@_K@Z
??0?$time_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@IEAA@PEBD_K@Z
??0?$time_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QEAA@AEBV_Locinfo@1@_K@Z
??0?$time_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QEAA@_K@Z
??0?$time_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@IEAA@PEBD_K@Z
??0?$time_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@QEAA@AEBV_Locinfo@1@_K@Z
??0?$time_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@QEAA@_K@Z
??0?$time_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QEAA@AEBV_Locinfo@1@_K@Z
??0?$time_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QEAA@_K@Z
??0?$time_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@IEAA@PEBD_K@Z
??0?$time_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QEAA@AEBV_Locinfo@1@_K@Z
??0?$time_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QEAA@_K@Z
??0?$time_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@IEAA@PEBD_K@Z
??0?$time_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@QEAA@AEBV_Locinfo@1@_K@Z
??0?$time_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@QEAA@_K@Z
??0Init@ios_base@std@@QEAA@XZ
??0_Facet_base@std@@QEAA@AEBV01@@Z
??0_Facet_base@std@@QEAA@XZ
??0_Init_locks@std@@QEAA@XZ
??0_Locimp@locale@std@@AEAA@AEBV012@@Z
??0_Locimp@locale@std@@AEAA@_N@Z
??0_Locinfo@std@@QEAA@HPEBD@Z
??0_Locinfo@std@@QEAA@PEBD@Z
??0_Lockit@std@@QEAA@H@Z
??0_Lockit@std@@QEAA@XZ
??0_Timevec@std@@QEAA@AEBV01@@Z
??0_Timevec@std@@QEAA@PEAX@Z
??0_UShinit@std@@QEAA@XZ
??0_Winit@std@@QEAA@XZ
??0codecvt_base@std@@QEAA@_K@Z
??0ctype_base@std@@QEAA@_K@Z
??0facet@locale@std@@IEAA@_K@Z
??0id@locale@std@@QEAA@_K@Z
??0ios_base@std@@IEAA@XZ
??0task_continuation_context@Concurrency@@AEAA@XZ
??0time_base@std@@QEAA@_K@Z
??1?$_Yarn@D@std@@QEAA@XZ
??1?$_Yarn@G@std@@QEAA@XZ
??1?$_Yarn@_W@std@@QEAA@XZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1?$basic_ios@GU?$char_traits@G@std@@@std@@UEAA@XZ
??1?$basic_ios@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1?$basic_iostream@GU?$char_traits@G@std@@@std@@UEAA@XZ
??1?$basic_iostream@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1?$basic_istream@GU?$char_traits@G@std@@@std@@UEAA@XZ
??1?$basic_istream@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1?$basic_ostream@GU?$char_traits@G@std@@@std@@UEAA@XZ
??1?$basic_ostream@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAA@XZ
??1?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
??1?$codecvt@DDU_Mbstatet@@@std@@MEAA@XZ
??1?$codecvt@GDU_Mbstatet@@@std@@MEAA@XZ
??1?$codecvt@_SDU_Mbstatet@@@std@@MEAA@XZ
??1?$codecvt@_UDU_Mbstatet@@@std@@MEAA@XZ
??1?$codecvt@_WDU_Mbstatet@@@std@@MEAA@XZ
??1?$ctype@D@std@@MEAA@XZ
??1?$ctype@G@std@@MEAA@XZ
??1?$ctype@_W@std@@MEAA@XZ
??1?$num_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@MEAA@XZ
??1?$num_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@MEAA@XZ
??1?$num_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@MEAA@XZ
??1?$num_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@MEAA@XZ
??1?$num_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@MEAA@XZ
??1?$num_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@MEAA@XZ
??1?$time_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@MEAA@XZ
??1?$time_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@MEAA@XZ
??1?$time_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@MEAA@XZ
??1?$time_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@MEAA@XZ
??1?$time_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@MEAA@XZ
??1?$time_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@MEAA@XZ
??1Init@ios_base@std@@QEAA@XZ
??1_Facet_base@std@@UEAA@XZ
??1_Init_locks@std@@QEAA@XZ
??1_Locimp@locale@std@@MEAA@XZ
??1_Locinfo@std@@QEAA@XZ
??1_Lockit@std@@QEAA@XZ
??1_Timevec@std@@QEAA@XZ
??1_UShinit@std@@QEAA@XZ
??1_Winit@std@@QEAA@XZ
??1codecvt_base@std@@UEAA@XZ
??1ctype_base@std@@UEAA@XZ
??1facet@locale@std@@MEAA@XZ
??1ios_base@std@@UEAA@XZ
??1time_base@std@@UEAA@XZ
??4?$_Iosb@H@std@@QEAAAEAV01@$$QEAV01@@Z
??4?$_Iosb@H@std@@QEAAAEAV01@AEBV01@@Z
??4?$_Yarn@D@std@@QEAAAEAV01@AEBV01@@Z
??4?$_Yarn@D@std@@QEAAAEAV01@PEBD@Z
??4?$_Yarn@G@std@@QEAAAEAV01@AEBV01@@Z
??4?$_Yarn@G@std@@QEAAAEAV01@PEBG@Z
??4?$_Yarn@_W@std@@QEAAAEAV01@AEBV01@@Z
??4?$_Yarn@_W@std@@QEAAAEAV01@PEB_W@Z
??4?$basic_iostream@DU?$char_traits@D@std@@@std@@IEAAAEAV01@$$QEAV01@@Z
??4?$basic_iostream@GU?$char_traits@G@std@@@std@@IEAAAEAV01@$$QEAV01@@Z
??4?$basic_iostream@_WU?$char_traits@_W@std@@@std@@IEAAAEAV01@$$QEAV01@@Z
??4?$basic_istream@DU?$char_traits@D@std@@@std@@IEAAAEAV01@$$QEAV01@@Z
??4?$basic_istream@GU?$char_traits@G@std@@@std@@IEAAAEAV01@$$QEAV01@@Z
??4?$basic_istream@_WU?$char_traits@_W@std@@@std@@IEAAAEAV01@$$QEAV01@@Z
??4?$basic_ostream@DU?$char_traits@D@std@@@std@@IEAAAEAV01@$$QEAV01@@Z
??4?$basic_ostream@GU?$char_traits@G@std@@@std@@IEAAAEAV01@$$QEAV01@@Z
??4?$basic_ostream@_WU?$char_traits@_W@std@@@std@@IEAAAEAV01@$$QEAV01@@Z
??4?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAAEAV01@AEBV01@@Z
??4?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAAEAV01@AEBV01@@Z
??4?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAAAEAV01@AEBV01@@Z
??4Init@ios_base@std@@QEAAAEAV012@AEBV012@@Z
??4_Crt_new_delete@std@@QEAAAEAU01@$$QEAU01@@Z
??4_Crt_new_delete@std@@QEAAAEAU01@AEBU01@@Z
??4_Facet_base@std@@QEAAAEAV01@AEBV01@@Z
??4_Init_locks@std@@QEAAAEAV01@AEBV01@@Z
??4_Timevec@std@@QEAAAEAV01@AEBV01@@Z
??4_UShinit@std@@QEAAAEAV01@AEBV01@@Z
??4_Winit@std@@QEAAAEAV01@AEBV01@@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEAF@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEAG@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEAH@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEAI@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEAJ@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEAK@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEAM@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEAN@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEAO@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEAPEAX@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEA_J@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEA_K@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEA_N@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV?$basic_ios@DU?$char_traits@D@std@@@1@AEAV21@@Z@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@AEAF@Z
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@AEAG@Z
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@AEAH@Z
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@AEAI@Z
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@AEAJ@Z
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@AEAK@Z
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@AEAM@Z
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@AEAN@Z
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@AEAO@Z
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@AEAPEAX@Z
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@AEA_J@Z
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@AEA_K@Z
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@AEA_N@Z
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@P6AAEAV?$basic_ios@GU?$char_traits@G@std@@@1@AEAV21@@Z@Z
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@PEAV?$basic_streambuf@GU?$char_traits@G@std@@@1@@Z
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@AEAF@Z
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@AEAG@Z
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@AEAH@Z
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@AEAI@Z
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@AEAJ@Z
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@AEAK@Z
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@AEAM@Z
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@AEAN@Z
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@AEAO@Z
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@AEAPEAX@Z
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@AEA_J@Z
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@AEA_K@Z
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@AEA_N@Z
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@P6AAEAV?$basic_ios@_WU?$char_traits@_W@std@@@1@AEAV21@@Z@Z
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@PEAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@F@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@G@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@H@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@I@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@J@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@K@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@M@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@N@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@O@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV?$basic_ios@DU?$char_traits@D@std@@@1@AEAV21@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@PEBX@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@_J@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@_K@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@_N@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@F@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@G@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@H@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@I@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@J@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@K@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@M@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@N@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@O@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@P6AAEAV?$basic_ios@GU?$char_traits@G@std@@@1@AEAV21@@Z@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@PEAV?$basic_streambuf@GU?$char_traits@G@std@@@1@@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@PEBX@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@_J@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@_K@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@_N@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@F@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@G@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@H@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@I@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@J@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@K@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@M@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@N@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@O@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@P6AAEAV?$basic_ios@_WU?$char_traits@_W@std@@@1@AEAV21@@Z@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@PEAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@PEBX@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@_J@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@_K@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@_N@Z
??7ios_base@std@@QEBA_NXZ
??Bid@locale@std@@QEAA_KXZ
??Bios_base@std@@QEBA_NXZ
??_7?$basic_ios@DU?$char_traits@D@std@@@std@@6B@
??_7?$basic_ios@GU?$char_traits@G@std@@@std@@6B@
??_7?$basic_ios@_WU?$char_traits@_W@std@@@std@@6B@
??_7?$basic_iostream@DU?$char_traits@D@std@@@std@@6B@
??_7?$basic_iostream@GU?$char_traits@G@std@@@std@@6B@
??_7?$basic_iostream@_WU?$char_traits@_W@std@@@std@@6B@
??_7?$basic_istream@DU?$char_traits@D@std@@@std@@6B@
??_7?$basic_istream@GU?$char_traits@G@std@@@std@@6B@
??_7?$basic_istream@_WU?$char_traits@_W@std@@@std@@6B@
??_7?$basic_ostream@DU?$char_traits@D@std@@@std@@6B@
??_7?$basic_ostream@GU?$char_traits@G@std@@@std@@6B@
??_7?$basic_ostream@_WU?$char_traits@_W@std@@@std@@6B@
??_7?$basic_streambuf@DU?$char_traits@D@std@@@std@@6B@
??_7?$basic_streambuf@GU?$char_traits@G@std@@@std@@6B@
??_7?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@6B@
??_7?$codecvt@DDU_Mbstatet@@@std@@6B@
??_7?$codecvt@GDU_Mbstatet@@@std@@6B@
??_7?$codecvt@_SDU_Mbstatet@@@std@@6B@
??_7?$codecvt@_UDU_Mbstatet@@@std@@6B@
??_7?$codecvt@_WDU_Mbstatet@@@std@@6B@
??_7?$ctype@D@std@@6B@
??_7?$ctype@G@std@@6B@
??_7?$ctype@_W@std@@6B@
??_7?$num_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@6B@
??_7?$num_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@6B@
??_7?$num_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@6B@
??_7?$num_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@6B@
??_7?$num_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@6B@
??_7?$num_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@6B@
??_7?$time_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@6B@
??_7?$time_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@6B@
??_7?$time_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@6B@
??_7?$time_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@6B@
??_7?$time_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@6B@
??_7?$time_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@6B@
??_7_Facet_base@std@@6B@
??_7_Locimp@locale@std@@6B@
??_7codecvt_base@std@@6B@
??_7ctype_base@std@@6B@
??_7facet@locale@std@@6B@
??_7ios_base@std@@6B@
??_7time_base@std@@6B@
??_8?$basic_iostream@DU?$char_traits@D@std@@@std@@7B?$basic_istream@DU?$char_traits@D@std@@@1@@
??_8?$basic_iostream@DU?$char_traits@D@std@@@std@@7B?$basic_ostream@DU?$char_traits@D@std@@@1@@
??_8?$basic_iostream@GU?$char_traits@G@std@@@std@@7B?$basic_istream@GU?$char_traits@G@std@@@1@@
??_8?$basic_iostream@GU?$char_traits@G@std@@@std@@7B?$basic_ostream@GU?$char_traits@G@std@@@1@@
??_8?$basic_iostream@_WU?$char_traits@_W@std@@@std@@7B?$basic_istream@_WU?$char_traits@_W@std@@@1@@
??_8?$basic_iostream@_WU?$char_traits@_W@std@@@std@@7B?$basic_ostream@_WU?$char_traits@_W@std@@@1@@
??_8?$basic_istream@DU?$char_traits@D@std@@@std@@7B@
??_8?$basic_istream@GU?$char_traits@G@std@@@std@@7B@
??_8?$basic_istream@_WU?$char_traits@_W@std@@@std@@7B@
??_8?$basic_ostream@DU?$char_traits@D@std@@@std@@7B@
??_8?$basic_ostream@GU?$char_traits@G@std@@@std@@7B@
??_8?$basic_ostream@_WU?$char_traits@_W@std@@@std@@7B@
??_D?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
??_D?$basic_iostream@GU?$char_traits@G@std@@@std@@QEAAXXZ
??_D?$basic_iostream@_WU?$char_traits@_W@std@@@std@@QEAAXXZ
??_D?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAXXZ
??_D?$basic_istream@GU?$char_traits@G@std@@@std@@QEAAXXZ
??_D?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAAXXZ
??_D?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
??_D?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAXXZ
??_D?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAXXZ
??_F?$codecvt@DDU_Mbstatet@@@std@@QEAAXXZ
??_F?$codecvt@GDU_Mbstatet@@@std@@QEAAXXZ
??_F?$codecvt@_SDU_Mbstatet@@@std@@QEAAXXZ
??_F?$codecvt@_UDU_Mbstatet@@@std@@QEAAXXZ
??_F?$codecvt@_WDU_Mbstatet@@@std@@QEAAXXZ
??_F?$ctype@D@std@@QEAAXXZ
??_F?$ctype@G@std@@QEAAXXZ
??_F?$ctype@_W@std@@QEAAXXZ
??_F?$num_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QEAAXXZ
??_F?$num_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QEAAXXZ
??_F?$num_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@QEAAXXZ
??_F?$num_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QEAAXXZ
??_F?$num_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QEAAXXZ
??_F?$num_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@QEAAXXZ
??_F?$time_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QEAAXXZ
??_F?$time_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QEAAXXZ
??_F?$time_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@QEAAXXZ
??_F?$time_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QEAAXXZ
??_F?$time_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QEAAXXZ
??_F?$time_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@QEAAXXZ
??_F_Locinfo@std@@QEAAXXZ
??_F_Timevec@std@@QEAAXXZ
??_Fcodecvt_base@std@@QEAAXXZ
??_Fctype_base@std@@QEAAXXZ
??_Ffacet@locale@std@@QEAAXXZ
??_Fid@locale@std@@QEAAXXZ
??_Ftime_base@std@@QEAAXXZ
?CaptureCallstack@platform@details@Concurrency@@YA_KPEAPEAX_K1@Z
?GetCurrentThreadId@platform@details@Concurrency@@YAJXZ
?GetNextAsyncId@platform@details@Concurrency@@YAIXZ
?ReportUnhandledError@_ExceptionHolder@details@Concurrency@@AEAAXXZ
?_Addcats@_Locinfo@std@@QEAAAEAV12@HPEBD@Z
?_Addfac@_Locimp@locale@std@@AEAAXPEAVfacet@23@_K@Z
?_Addstd@ios_base@std@@SAXPEAV12@@Z
?_Assign@_ContextCallback@details@Concurrency@@AEAAXPEAX@Z
?_Atexit@@YAXP6AXXZ@Z
?_BADOFF@std@@3_JB
?_C_str@?$_Yarn@D@std@@QEBAPEBDXZ
?_C_str@?$_Yarn@G@std@@QEBAPEBGXZ
?_C_str@?$_Yarn@_W@std@@QEBAPEB_WXZ
?_CallInContext@_ContextCallback@details@Concurrency@@QEBAXV?$function@$$A6AXXZ@std@@_N@Z
?_Callfns@ios_base@std@@AEAAXW4event@12@@Z
?_Capture@_ContextCallback@details@Concurrency@@AEAAXXZ
?_Clocptr@_Locimp@locale@std@@0PEAV123@EA
?_Decref@facet@locale@std@@UEAAPEAV_Facet_base@3@XZ
?_Donarrow@?$ctype@G@std@@IEBADGD@Z
?_Donarrow@?$ctype@_W@std@@IEBAD_WD@Z
?_Dowiden@?$ctype@G@std@@IEBAGD@Z
?_Dowiden@?$ctype@_W@std@@IEBA_WD@Z
?_Empty@?$_Yarn@D@std@@QEBA_NXZ
?_Empty@?$_Yarn@G@std@@QEBA_NXZ
?_Empty@?$_Yarn@_W@std@@QEBA_NXZ
?_Execute_once@std@@YAHAEAUonce_flag@1@P6AHPEAX1PEAPEAX@Z1@Z
?_Ffmt@?$num_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@AEBAPEADPEADDH@Z
?_Ffmt@?$num_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@AEBAPEADPEADDH@Z
?_Ffmt@?$num_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@AEBAPEADPEADDH@Z
?_Findarr@ios_base@std@@AEAAAEAU_Iosarray@12@H@Z
?_Fiopen@std@@YAPEAU_iobuf@@PEBDHH@Z
?_Fiopen@std@@YAPEAU_iobuf@@PEBGHH@Z
?_Fiopen@std@@YAPEAU_iobuf@@PEB_WHH@Z
?_Fput@?$num_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@AEBA?AV?$ostreambuf_iterator@DU?$char_traits@D@std@@@2@V32@AEAVios_base@2@DPEBD_K@Z
?_Fput@?$num_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@AEBA?AV?$ostreambuf_iterator@GU?$char_traits@G@std@@@2@V32@AEAVios_base@2@GPEBD_K@Z
?_Fput@?$num_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@AEBA?AV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@2@V32@AEAVios_base@2@_WPEBD_K@Z
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?_Getcat@?$codecvt@GDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?_Getcat@?$codecvt@_SDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?_Getcat@?$codecvt@_UDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?_Getcat@?$codecvt@_WDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?_Getcat@?$ctype@D@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?_Getcat@?$ctype@G@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?_Getcat@?$ctype@_W@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?_Getcat@?$num_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?_Getcat@?$num_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?_Getcat@?$num_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?_Getcat@?$num_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?_Getcat@?$num_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?_Getcat@?$num_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?_Getcat@?$time_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?_Getcat@?$time_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?_Getcat@?$time_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?_Getcat@?$time_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?_Getcat@?$time_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?_Getcat@?$time_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?_Getcat@facet@locale@std@@SA_KPEAPEBV123@PEBV23@@Z
?_Getcoll@_Locinfo@std@@QEBA?AU_Collvec@@XZ
?_Getctype@_Locinfo@std@@QEBA?AU_Ctypevec@@XZ
?_Getcvt@_Locinfo@std@@QEBA?AU_Cvtvec@@XZ
?_Getdateorder@_Locinfo@std@@QEBAHXZ
?_Getdays@_Locinfo@std@@QEBAPEBDXZ
?_Getfalse@_Locinfo@std@@QEBAPEBDXZ
?_Getffld@?$num_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@AEBAHPEADAEAV?$istreambuf_iterator@DU?$char_traits@D@std@@@2@1AEAVios_base@2@PEAH@Z
?_Getffld@?$num_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@AEBAHPEADAEAV?$istreambuf_iterator@GU?$char_traits@G@std@@@2@1AEAVios_base@2@PEAH@Z
?_Getffld@?$num_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@AEBAHPEADAEAV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@2@1AEAVios_base@2@PEAH@Z
?_Getffldx@?$num_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@AEBAHPEADAEAV?$istreambuf_iterator@DU?$char_traits@D@std@@@2@1AEAVios_base@2@PEAH@Z
?_Getffldx@?$num_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@AEBAHPEADAEAV?$istreambuf_iterator@GU?$char_traits@G@std@@@2@1AEAVios_base@2@PEAH@Z
?_Getffldx@?$num_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@AEBAHPEADAEAV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@2@1AEAVios_base@2@PEAH@Z
?_Getfmt@?$time_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@IEBA?AV?$istreambuf_iterator@DU?$char_traits@D@std@@@2@V32@0AEAVios_base@2@AEAHPEAUtm@@PEBD@Z
?_Getfmt@?$time_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@IEBA?AV?$istreambuf_iterator@GU?$char_traits@G@std@@@2@V32@0AEAVios_base@2@AEAHPEAUtm@@PEBD@Z
?_Getfmt@?$time_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@IEBA?AV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@2@V32@0AEAVios_base@2@AEAHPEAUtm@@PEBD@Z
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
?_Getifld@?$num_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@AEBAHPEADAEAV?$istreambuf_iterator@DU?$char_traits@D@std@@@2@1HAEBVlocale@2@@Z
?_Getifld@?$num_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@AEBAHPEADAEAV?$istreambuf_iterator@GU?$char_traits@G@std@@@2@1HAEBVlocale@2@@Z
?_Getifld@?$num_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@AEBAHPEADAEAV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@2@1HAEBVlocale@2@@Z
?_Getint@?$time_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@AEBAHAEAV?$istreambuf_iterator@DU?$char_traits@D@std@@@2@0HHAEAHAEBV?$ctype@D@2@@Z
?_Getint@?$time_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@AEBAHAEAV?$istreambuf_iterator@GU?$char_traits@G@std@@@2@0HHAEAHAEBV?$ctype@G@2@@Z
?_Getint@?$time_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@AEBAHAEAV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@2@0HHAEAHAEBV?$ctype@_W@2@@Z
?_Getlconv@_Locinfo@std@@QEBAPEBUlconv@@XZ
?_Getmonths@_Locinfo@std@@QEBAPEBDXZ
?_Getname@_Locinfo@std@@QEBAPEBDXZ
?_Getptr@_Timevec@std@@QEBAPEAXXZ
?_Gettnames@_Locinfo@std@@QEBA?AV_Timevec@2@XZ
?_Gettrue@_Locinfo@std@@QEBAPEBDXZ
?_Gnavail@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBA_JXZ
?_Gnavail@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBA_JXZ
?_Gnavail@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEBA_JXZ
?_Gndec@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?_Gndec@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAPEAGXZ
?_Gndec@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAAPEA_WXZ
?_Gninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?_Gninc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAPEAGXZ
?_Gninc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAAPEA_WXZ
?_Gnpreinc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?_Gnpreinc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAPEAGXZ
?_Gnpreinc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAAPEA_WXZ
?_Id_cnt@id@locale@std@@0HA
?_Ifmt@?$num_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@AEBAPEADPEADPEBDH@Z
?_Ifmt@?$num_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@AEBAPEADPEADPEBDH@Z
?_Ifmt@?$num_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@AEBAPEADPEADPEBDH@Z
?_Incref@facet@locale@std@@UEAAXXZ
?_Index@ios_base@std@@0HA

Sections

.text
Size: 336KB - Virtual size: 335KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 194KB - Virtual size: 194KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 104B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1000B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ALL-IN-ONE/TroubleShoot/DLLS/ReadMe.txt
ALL-IN-ONE/TroubleShoot/DLLS/UCRTBASED/ucrtbased.dll
.dll windows:10 windows x64 arch:x64

b55fd631afff103d396e8e1df0093baa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

ucrtbased.pdb

Imports

api-ms-win-core-string-l1-1-0

MultiByteToWideChar
GetStringTypeW
WideCharToMultiByte
CompareStringW

api-ms-win-core-errorhandling-l1-1-0

RaiseException
SetUnhandledExceptionFilter
UnhandledExceptionFilter
SetErrorMode
SetLastError
GetLastError

api-ms-win-core-file-l1-1-0

GetDiskFreeSpaceW
FlushFileBuffers
SetEndOfFile
LockFileEx
SetFileTime
UnlockFileEx
DeleteFileW
RemoveDirectoryW
CreateDirectoryW
FindClose
GetFullPathNameA
SetFileAttributesW
GetFullPathNameW
GetFileAttributesExW
WriteFile
FindNextFileA
FindFirstFileExA
FindNextFileW
GetLogicalDrives
FindFirstFileExW
SetFilePointerEx
GetFileType
GetDriveTypeW
CreateFileW
ReadFile

api-ms-win-core-timezone-l1-1-0

SystemTimeToTzSpecificLocalTime
SystemTimeToFileTime
GetTimeZoneInformation
FileTimeToSystemTime
TzSpecificLocalTimeToSystemTime

api-ms-win-core-handle-l1-1-0

DuplicateHandle
CloseHandle

api-ms-win-core-namedpipe-l1-1-0

CreatePipe
PeekNamedPipe

api-ms-win-core-file-l2-1-0

MoveFileExW

api-ms-win-core-heap-l1-1-0

HeapFree
HeapQueryInformation
HeapReAlloc
HeapCompact
HeapWalk
GetProcessHeap
HeapValidate
HeapSize
HeapAlloc

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
SetLocalTime
GetSystemInfo
GetLocalTime
GetSystemTimeAsFileTime

api-ms-win-core-libraryloader-l1-1-0

LoadLibraryExA
FreeLibrary
GetModuleHandleW
GetProcAddress
LoadLibraryExW
GetModuleFileNameW
GetModuleHandleExW
GetModuleFileNameA
FreeLibraryAndExitThread

api-ms-win-core-synch-l1-1-0

EnterCriticalSection
WaitForSingleObjectEx
WaitForSingleObject
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount

api-ms-win-core-processthreads-l1-1-0

ResumeThread
ExitThread
ExitProcess
TerminateProcess
GetCurrentProcessId
CreateProcessW
CreateProcessA
CreateThread
GetStartupInfoW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
GetExitCodeProcess
GetCurrentThreadId
GetCurrentThread
GetCurrentProcess

api-ms-win-core-processenvironment-l1-1-0

SetCurrentDirectoryA
GetCurrentDirectoryW
GetStdHandle
SetCurrentDirectoryW
SetEnvironmentVariableW
GetCommandLineW
GetCommandLineA
FreeEnvironmentStringsW
GetCurrentDirectoryA
GetEnvironmentStringsW
SetEnvironmentVariableA
SetStdHandle

api-ms-win-core-datetime-l1-1-0

GetTimeFormatW
GetDateFormatW

api-ms-win-core-localization-l1-2-0

GetCPInfo
IsValidCodePage
GetUserDefaultLCID
GetACP
GetLocaleInfoW
LCMapStringW
GetOEMCP
EnumSystemLocalesW
IsValidLocale

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-console-l1-1-0

SetConsoleMode
GetConsoleMode
ReadConsoleW
GetConsoleCP
WriteConsoleW
ReadConsoleInputW
SetConsoleCtrlHandler
PeekConsoleInputA
ReadConsoleInputA
GetNumberOfConsoleInputEvents

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
OutputDebugStringA
IsDebuggerPresent

api-ms-win-core-rtlsupport-l1-1-0

RtlUnwindEx
RtlPcToFileHeader
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-file-l1-2-0

GetTempPathW

api-ms-win-core-profile-l1-1-0

QueryPerformanceFrequency
QueryPerformanceCounter

api-ms-win-core-memory-l1-1-0

VirtualProtect
VirtualQuery
VirtualAlloc

api-ms-win-core-util-l1-1-0

EncodePointer
Beep

api-ms-win-core-interlocked-l1-1-0

InterlockedPushEntrySList
InterlockedFlushSList

Exports

Exports

_Cbuild
_Cmulcc
_Cmulcr
_CreateFrameInfo
_CrtCheckMemory
_CrtDbgReport
_CrtDbgReportW
_CrtDoForAllClientObjects
_CrtDumpMemoryLeaks
_CrtGetAllocHook
_CrtGetDebugFillThreshold
_CrtGetDumpClient
_CrtGetReportHook
_CrtIsMemoryBlock
_CrtIsValidHeapPointer
_CrtIsValidPointer
_CrtMemCheckpoint
_CrtMemDifference
_CrtMemDumpAllObjectsSince
_CrtMemDumpStatistics
_CrtReportBlockType
_CrtSetAllocHook
_CrtSetBreakAlloc
_CrtSetDbgBlockType
_CrtSetDbgFlag
_CrtSetDebugFillThreshold
_CrtSetDumpClient
_CrtSetReportFile
_CrtSetReportHook
_CrtSetReportHook2
_CrtSetReportHookW2
_CrtSetReportMode
_CxxThrowException
_Exit
_FCbuild
_FCmulcc
_FCmulcr
_FindAndUnlinkFrame
_GetImageBase
_GetThrowImageBase
_Getdays
_Getmonths
_Gettnames
_IsExceptionObjectToBeDestroyed
_LCbuild
_LCmulcc
_LCmulcr
_SetImageBase
_SetThrowImageBase
_SetWinRTOutOfMemoryExceptionCallback
_Strftime
_VCrtDbgReportA
_VCrtDbgReportW
_W_Getdays
_W_Getmonths
_W_Gettnames
_Wcsftime
__AdjustPointer
__BuildCatchObject
__BuildCatchObjectHelper
__C_specific_handler
__CxxDetectRethrow
__CxxExceptionFilter
__CxxFrameHandler
__CxxFrameHandler2
__CxxFrameHandler3
__CxxQueryExceptionSize
__CxxRegisterExceptionObject
__CxxUnregisterExceptionObject
__DestructExceptionObject
__FrameUnwindFilter
__GetPlatformExceptionInfo
__NLG_Dispatch2
__NLG_Return2
__RTCastToVoid
__RTDynamicCast
__RTtypeid
__TypeMatch
___lc_codepage_func
___lc_collate_cp_func
___lc_locale_name_func
___mb_cur_max_func
___mb_cur_max_l_func
__acrt_iob_func
__conio_common_vcprintf
__conio_common_vcprintf_p
__conio_common_vcprintf_s
__conio_common_vcscanf
__conio_common_vcwprintf
__conio_common_vcwprintf_p
__conio_common_vcwprintf_s
__conio_common_vcwscanf
__current_exception
__current_exception_context
__daylight
__dcrt_get_wide_environment_from_os
__dcrt_initial_narrow_environment
__doserrno
__dstbias
__fpe_flt_rounds
__fpecode
__initialize_lconv_for_unsigned_char
__intrinsic_setjmp
__intrinsic_setjmpex
__isascii
__iscsym
__iscsymf
__iswcsym
__iswcsymf
__p___argc
__p___argv
__p___wargv
__p__acmdln
__p__commode
__p__crtBreakAlloc
__p__crtDbgFlag
__p__environ
__p__fmode
__p__mbcasemap
__p__mbctype
__p__pgmptr
__p__wcmdln
__p__wenviron
__p__wpgmptr
__pctype_func
__processing_throw
__pwctype_func
__pxcptinfoptrs
__report_gsfailure
__setusermatherr
__std_exception_copy
__std_exception_destroy
__std_type_info_compare
__std_type_info_destroy_list
__std_type_info_hash
__std_type_info_name
__stdio_common_vfprintf
__stdio_common_vfprintf_p
__stdio_common_vfprintf_s
__stdio_common_vfscanf
__stdio_common_vfwprintf
__stdio_common_vfwprintf_p
__stdio_common_vfwprintf_s
__stdio_common_vfwscanf
__stdio_common_vsnprintf_s
__stdio_common_vsnwprintf_s
__stdio_common_vsprintf
__stdio_common_vsprintf_p
__stdio_common_vsprintf_s
__stdio_common_vsscanf
__stdio_common_vswprintf
__stdio_common_vswprintf_p
__stdio_common_vswprintf_s
__stdio_common_vswscanf
__strncnt
__sys_errlist
__sys_nerr
__threadhandle
__threadid
__timezone
__toascii
__tzname
__unDName
__unDNameEx
__uncaught_exception
__wcserror
__wcserror_s
__wcsncnt
_abs64
_access
_access_s
_aligned_free
_aligned_free_dbg
_aligned_malloc
_aligned_malloc_dbg
_aligned_msize
_aligned_msize_dbg
_aligned_offset_malloc
_aligned_offset_malloc_dbg
_aligned_offset_realloc
_aligned_offset_realloc_dbg
_aligned_offset_recalloc
_aligned_offset_recalloc_dbg
_aligned_realloc
_aligned_realloc_dbg
_aligned_recalloc
_aligned_recalloc_dbg
_assert
_atodbl
_atodbl_l
_atof_l
_atoflt
_atoflt_l
_atoi64
_atoi64_l
_atoi_l
_atol_l
_atoldbl
_atoldbl_l
_atoll_l
_beep
_beginthread
_beginthreadex
_byteswap_uint64
_byteswap_ulong
_byteswap_ushort
_c_exit
_cabs
_callnewh
_calloc_base
_calloc_dbg
_cexit
_cgets
_cgets_s
_cgetws
_cgetws_s
_chdir
_chdrive
_chgsign
_chgsignf
_chmod
_chsize
_chsize_s
_chvalidator
_chvalidator_l
_clearfp
_close
_commit
_configthreadlocale
_configure_narrow_argv
_configure_wide_argv
_control87
_controlfp
_controlfp_s
_copysign
_copysignf
_cputs
_cputws
_creat
_create_locale
_crt_at_quick_exit
_crt_atexit
_ctime32
_ctime32_s
_ctime64
_ctime64_s
_cwait
_d_int
_dclass
_dexp
_difftime32
_difftime64
_dlog
_dnorm
_dpcomp
_dpoly
_dscale
_dsign
_dsin
_dtest
_dunscale
_dup
_dup2
_dupenv_s
_dupenv_s_dbg
_ecvt
_ecvt_s
_endthread
_endthreadex
_eof
_errno
_except1
_execl
_execle
_execlp
_execlpe
_execute_onexit_table
_execv
_execve
_execvp
_execvpe
_exit
_expand
_expand_dbg
_fclose_nolock
_fcloseall
_fcvt
_fcvt_s
_fd_int
_fdclass
_fdexp
_fdlog
_fdnorm
_fdopen
_fdpcomp
_fdpoly
_fdscale
_fdsign
_fdsin
_fdtest
_fdunscale
_fflush_nolock
_fgetc_nolock
_fgetchar
_fgetwc_nolock
_fgetwchar
_filelength
_filelengthi64
_fileno
_findclose
_findfirst32
_findfirst32i64
_findfirst64
_findfirst64i32
_findnext32
_findnext32i64
_findnext64
_findnext64i32
_finite
_finitef
_flushall
_fpclass
_fpclassf
_fpieee_flt
_fpreset
_fputc_nolock
_fputchar
_fputwc_nolock
_fputwchar
_fread_nolock
_fread_nolock_s
_free_base
_free_dbg
_free_locale
_fseek_nolock
_fseeki64
_fseeki64_nolock
_fsopen
_fstat32
_fstat32i64
_fstat64
_fstat64i32
_ftell_nolock
_ftelli64
_ftelli64_nolock
_ftime32
_ftime32_s
_ftime64
_ftime64_s
_fullpath
_fullpath_dbg
_futime32
_futime64
_fwrite_nolock
_gcvt
_gcvt_s
_get_FMA3_enable
_get_current_locale
_get_daylight
_get_doserrno
_get_dstbias
_get_errno
_get_fmode
_get_heap_handle
_get_initial_narrow_environment
_get_initial_wide_environment
_get_invalid_parameter_handler
_get_narrow_winmain_command_line
_get_osfhandle
_get_pgmptr
_get_printf_count_output
_get_purecall_handler
_get_stream_buffer_pointers
_get_terminate
_get_thread_local_invalid_parameter_handler
_get_timezone
_get_tzname
_get_unexpected
_get_wide_winmain_command_line
_get_wpgmptr
_getc_nolock
_getch
_getch_nolock
_getche
_getche_nolock
_getcwd
_getcwd_dbg
_getdcwd
_getdcwd_dbg
_getdiskfree
_getdllprocaddr
_getdrive
_getdrives
_getmaxstdio
_getmbcp
_getpid
_getsystime
_getw
_getwc_nolock
_getwch
_getwch_nolock
_getwche
_getwche_nolock
_getws
_getws_s
_gmtime32
_gmtime32_s
_gmtime64
_gmtime64_s
_heapchk
_heapmin
_heapwalk
_hypot
_hypotf
_i64toa
_i64toa_s
_i64tow
_i64tow_s
_initialize_narrow_environment
_initialize_onexit_table
_initialize_wide_environment
_initterm
_initterm_e
_invalid_parameter
_invalid_parameter_noinfo
_invalid_parameter_noinfo_noreturn
_invoke_watson
_is_exception_typeof
_isalnum_l
_isalpha_l
_isatty
_isblank_l
_iscntrl_l
_isctype
_isctype_l
_isdigit_l
_isgraph_l
_isleadbyte_l
_islower_l
_ismbbalnum
_ismbbalnum_l
_ismbbalpha
_ismbbalpha_l
_ismbbblank
_ismbbblank_l
_ismbbgraph
_ismbbgraph_l
_ismbbkalnum
_ismbbkalnum_l
_ismbbkana
_ismbbkana_l
_ismbbkprint
_ismbbkprint_l
_ismbbkpunct
_ismbbkpunct_l
_ismbblead
_ismbblead_l
_ismbbprint
_ismbbprint_l
_ismbbpunct
_ismbbpunct_l
_ismbbtrail
_ismbbtrail_l
_ismbcalnum
_ismbcalnum_l
_ismbcalpha
_ismbcalpha_l
_ismbcblank
_ismbcblank_l
_ismbcdigit
_ismbcdigit_l
_ismbcgraph
_ismbcgraph_l
_ismbchira
_ismbchira_l
_ismbckata
_ismbckata_l
_ismbcl0
_ismbcl0_l
_ismbcl1
_ismbcl1_l
_ismbcl2
_ismbcl2_l
_ismbclegal
_ismbclegal_l
_ismbclower
_ismbclower_l
_ismbcprint
_ismbcprint_l
_ismbcpunct
_ismbcpunct_l
_ismbcspace
_ismbcspace_l
_ismbcsymbol
_ismbcsymbol_l
_ismbcupper
_ismbcupper_l
_ismbslead
_ismbslead_l
_ismbstrail

Sections

.text
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 350KB - Virtual size: 350KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 49KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ALL-IN-ONE/TroubleShoot/DLLS/VCRUNTIME/vcruntime140.dll
.dll windows:6 windows x86 arch:x86

b06d4116da69a513992d529f84731e6f

Code Sign

33:00:00:01:87:72:17:72:15:59:40:c7:09:00:00:00:00:01:87
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

04/03/2020, 18:39

Not After

03/03/2021, 18:39

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08/07/2011, 20:59

Not After

08/07/2026, 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

4a:0d:b7:e5:86:f3:50:0b:02:01:27:29:90:a5:66:54:d4:1e:7f:76:30:82:b6:d1:75:19:c1:2b:e2:ec:aa:86
Signer

Actual PE Digest

4a:0d:b7:e5:86:f3:50:0b:02:01:27:29:90:a5:66:54:d4:1e:7f:76:30:82:b6:d1:75:19:c1:2b:e2:ec:aa:86

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\a01\_work\2\s\\binaries\x86ret\bin\i386\\vcruntime140.i386.pdb

Imports

api-ms-win-crt-runtime-l1-1-0

terminate
abort

api-ms-win-crt-heap-l1-1-0

calloc
malloc
free

api-ms-win-crt-string-l1-1-0

strcpy_s
strncmp
wcsncmp

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vsprintf_s

api-ms-win-crt-convert-l1-1-0

atol

kernel32

DeleteCriticalSection
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
GetModuleHandleW
GetModuleFileNameW
LoadLibraryExW
GetProcAddress
FreeLibrary
RtlUnwind
VirtualQuery
EncodePointer
InterlockedPushEntrySList
InterlockedFlushSList
RaiseException
EnterCriticalSection
LeaveCriticalSection
TlsSetValue
GetLastError
SetLastError
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsFree

Exports

Exports

_CreateFrameInfo
_CxxThrowException
_EH_prolog
_FindAndUnlinkFrame
_IsExceptionObjectToBeDestroyed
_NLG_Dispatch2
_NLG_Return
_NLG_Return2
_SetWinRTOutOfMemoryExceptionCallback
__AdjustPointer
__BuildCatchObject
__BuildCatchObjectHelper
__CxxDetectRethrow
__CxxExceptionFilter
__CxxFrameHandler
__CxxFrameHandler2
__CxxFrameHandler3
__CxxLongjmpUnwind
__CxxQueryExceptionSize
__CxxRegisterExceptionObject
__CxxUnregisterExceptionObject
__DestructExceptionObject
__FrameUnwindFilter
__GetPlatformExceptionInfo
__RTCastToVoid
__RTDynamicCast
__RTtypeid
__TypeMatch
__current_exception
__current_exception_context
__intrinsic_setjmp
__processing_throw
__report_gsfailure
__std_exception_copy
__std_exception_destroy
__std_terminate
__std_type_info_compare
__std_type_info_destroy_list
__std_type_info_hash
__std_type_info_name
__telemetry_main_invoke_trigger
__telemetry_main_return_trigger
__unDName
__unDNameEx
__uncaught_exception
__uncaught_exceptions
__vcrt_GetModuleFileNameW
__vcrt_GetModuleHandleW
__vcrt_InitializeCriticalSectionEx
__vcrt_LoadLibraryExW
_chkesp
_except_handler2
_except_handler3
_except_handler4_common
_get_purecall_handler
_get_unexpected
_global_unwind2
_is_exception_typeof
_local_unwind2
_local_unwind4
_longjmpex
_purecall
_seh_longjmp_unwind
_seh_longjmp_unwind4
_set_purecall_handler
_set_se_translator
_setjmp3
longjmp
memchr
memcmp
memcpy
memmove
memset
set_unexpected
strchr
strrchr
strstr
unexpected
wcschr
wcsrchr
wcsstr

Sections

.text
Size: 58KB - Virtual size: 58KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1016B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ALL-IN-ONE/TroubleShoot/DirectX/dxwebsetup.exe
.exe windows:5 windows x86 arch:x86

1494de9b53e05fc1f40cb92afbdd6ce4

Code Sign

33:00:00:01:87:72:17:72:15:59:40:c7:09:00:00:00:00:01:87
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

04/03/2020, 18:39

Not After

03/03/2021, 18:39

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08/07/2011, 20:59

Not After

08/07/2026, 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

27:76:a5:a9:c5:b9:5a:43:1b:2c:30:b6:5e:2d:45:20:bf:45:97:ec:05:e8:52:14:50:01:2c:09:4d:ce:b4:84
Signer

Actual PE Digest

27:76:a5:a9:c5:b9:5a:43:1b:2c:30:b6:5e:2d:45:20:bf:45:97:ec:05:e8:52:14:50:01:2c:09:4d:ce:b4:84

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

FreeSid
AllocateAndInitializeSid
EqualSid
GetTokenInformation
OpenProcessToken
AdjustTokenPrivileges
LookupPrivilegeValueA
RegCloseKey
RegDeleteValueA
RegOpenKeyExA
RegSetValueExA
RegQueryValueExA
RegCreateKeyExA
RegQueryInfoKeyA

kernel32

LocalFree
LocalAlloc
GetLastError
GetCurrentProcess
GetModuleFileNameA
lstrlenA
GetSystemDirectoryA
RemoveDirectoryA
FindClose
FindNextFileA
DeleteFileA
SetFileAttributesA
lstrcmpA
FindFirstFileA
lstrcatA
lstrcpyA
_lclose
_llseek
_lopen
WritePrivateProfileStringA
GetWindowsDirectoryA
CreateDirectoryA
GetFileAttributesA
ExpandEnvironmentStringsA
IsDBCSLeadByte
GetShortPathNameA
GetPrivateProfileStringA
GetPrivateProfileIntA
lstrcmpiA
GetProcAddress
GlobalUnlock
GlobalLock
GlobalAlloc
FreeResource
CloseHandle
LoadResource
SizeofResource
FindResourceA
ReadFile
WriteFile
SetFilePointer
SetFileTime
LocalFileTimeToFileTime
DosDateTimeToFileTime
SetCurrentDirectoryA
GetTempFileNameA
ExitProcess
CreateFileA
LoadLibraryExA
lstrcpynA
GetVolumeInformationA
FormatMessageA
GetCurrentDirectoryA
GetVersionExA
GetExitCodeProcess
WaitForSingleObject
CreateProcessA
GetTempPathA
GetSystemInfo
CreateMutexA
SetEvent
CreateEventA
CreateThread
ResetEvent
TerminateThread
GetDriveTypeA
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
LockResource
LoadLibraryA
GetDiskFreeSpaceA
MulDiv
EnumResourceLanguagesA
FreeLibrary
GlobalFree

gdi32

GetDeviceCaps

user32

ExitWindowsEx
wsprintfA
CharNextA
CharUpperA
CharPrevA
SetWindowLongA
GetWindowLongA
CallWindowProcA
DispatchMessageA
MsgWaitForMultipleObjects
PeekMessageA
SendMessageA
SetWindowPos
ReleaseDC
GetDC
GetWindowRect
SendDlgItemMessageA
GetDlgItem
SetForegroundWindow
SetWindowTextA
MessageBoxA
DialogBoxIndirectParamA
ShowWindow
EnableWindow
GetDlgItemTextA
EndDialog
GetDesktopWindow
MessageBeep
SetDlgItemTextA
LoadStringA
GetSystemMetrics

comctl32

ord17

version

GetFileVersionInfoA
VerQueryValueA
GetFileVersionInfoSizeA

Sections

.text
Size: 34KB - Virtual size: 33KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 243KB - Virtual size: 244KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
ALL-IN-ONE/TroubleShoot/NET/net 6.exe
.exe windows:6 windows x86 arch:x86

f57d7a40ebfca87e6f8082251d937ed8

Code Sign

33:00:00:03:d2:da:19:16:5d:6d:c7:49:af:00:00:00:00:03:d2
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/02/2024, 20:25

Not After

19/02/2025, 20:25

Subject

CN=.NET,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08/07/2011, 20:59

Not After

08/07/2026, 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

56:c4:f0:43:c9:61:f5:d5:4f:fc:2c:59:1b:8f:12:b7:31:5e:ae:fc:6e:3f:78:8f:1d:4f:72:6a:f7:11:7e:0c
Signer

Actual PE Digest

56:c4:f0:43:c9:61:f5:d5:4f:fc:2c:59:1b:8f:12:b7:31:5e:ae:fc:6e:3f:78:8f:1d:4f:72:6a:f7:11:7e:0c

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP
IMAGE_FILE_NET_RUN_FROM_SWAP

PDB Paths

C:\agent\_work\138\s\build\ship\x86\burn.pdb

Imports

advapi32

RegCloseKey
RegOpenKeyExW
OpenProcessToken
AdjustTokenPrivileges
LookupPrivilegeValueW
InitiateSystemShutdownExW
GetUserNameW
RegQueryValueExW
RegDeleteValueW
CloseEventLog
OpenEventLogW
ReportEventW
ConvertStringSecurityDescriptorToSecurityDescriptorW
CreateWellKnownSid
InitializeAcl
DecryptFileW
SetEntriesInAclW
ChangeServiceConfigW
CloseServiceHandle
ControlService
OpenSCManagerW
OpenServiceW
QueryServiceStatus
SetNamedSecurityInfoW
CheckTokenMembership
AllocateAndInitializeSid
SetEntriesInAclA
SetSecurityDescriptorOwner
SetSecurityDescriptorGroup
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
RegSetValueExW
RegQueryInfoKeyW
RegEnumValueW
RegEnumKeyExW
RegDeleteKeyW
RegCreateKeyExW
GetTokenInformation
CryptDestroyHash
CryptHashData
CryptCreateHash
CryptGetHashParam
CryptReleaseContext
CryptAcquireContextW
QueryServiceConfigW

user32

PeekMessageW
PostMessageW
IsWindow
WaitForInputIdle
PostQuitMessage
GetMessageW
TranslateMessage
MsgWaitForMultipleObjects
PostThreadMessageW
GetMonitorInfoW
MonitorFromPoint
IsDialogMessageW
LoadCursorW
LoadBitmapW
SetWindowLongW
GetWindowLongW
GetCursorPos
MessageBoxW
CreateWindowExW
UnregisterClassW
RegisterClassW
DefWindowProcW
DispatchMessageW

oleaut32

VariantInit
SysAllocString
VariantClear
SysFreeString

gdi32

DeleteDC
DeleteObject
SelectObject
StretchBlt
GetObjectW
CreateCompatibleDC

shell32

CommandLineToArgvW
SHGetFolderPathW
ShellExecuteExW

ole32

CoUninitialize
CoInitializeEx
CoInitialize
StringFromGUID2
CoCreateInstance
CoTaskMemFree
CoInitializeSecurity
CLSIDFromProgID

kernel32

GetCPInfo
GetOEMCP
GetACP
CreateFileW
CloseHandle
GetLastError
HeapSetInformation
GetModuleHandleW
GetProcAddress
LocalFree
FormatMessageW
lstrlenA
lstrlenW
MultiByteToWideChar
WideCharToMultiByte
LCMapStringW
ExpandEnvironmentStringsW
CreateDirectoryW
GetFullPathNameW
GetTempFileNameW
GetTempPathW
Sleep
GetLocalTime
GetModuleFileNameW
CompareStringW
CreateFileA
SetFilePointer
WriteFile
GetCurrentProcessId
GetSystemDirectoryW
LoadLibraryW
HeapAlloc
HeapReAlloc
HeapFree
HeapSize
GetCommandLineA
SetCurrentDirectoryW
GetCurrentDirectoryW
DeleteFileW
FindClose
FindFirstFileW
FindNextFileW
GetFileAttributesW
RemoveDirectoryW
SetFileAttributesW
MoveFileExW
InitializeCriticalSection
DeleteCriticalSection
ReleaseMutex
GetCurrentProcess
GetCurrentThreadId
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
CreateProcessW
GetVersionExW
VerSetConditionMask
GetVolumePathNameW
EnterCriticalSection
LeaveCriticalSection
GetSystemTime
GetWindowsDirectoryW
GetNativeSystemInfo
GetCommandLineW
FreeLibrary
GetModuleHandleExW
GetComputerNameW
VerifyVersionInfoW
GetDateFormatW
GetUserDefaultUILanguage
GetUserDefaultLangID
GetSystemDefaultLangID
GetStringTypeW
ReadFile
SetFilePointerEx
DuplicateHandle
LoadLibraryExW
CreateEventW
ProcessIdToSessionId
ConnectNamedPipe
SetNamedPipeHandleState
CreateNamedPipeW
WaitForSingleObject
GetProcessId
OpenProcess
CreateThread
GetExitCodeThread
SetEvent
WaitForMultipleObjects
LocalFileTimeToFileTime
SetEndOfFile
SetFileTime
ResetEvent
DosDateTimeToFileTime
CompareStringA
GetExitCodeProcess
SetThreadExecutionState
CopyFileExW
CreateMutexW
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
GetThreadLocale
IsValidCodePage
FindFirstFileExW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetStdHandle
GetFileSizeEx
FlushFileBuffers
GetConsoleCP
GetConsoleMode
DecodePointer
WriteConsoleW
GetModuleHandleA
GlobalAlloc
GlobalFree
CopyFileW
VirtualAlloc
VirtualFree
SystemTimeToTzSpecificLocalTime
SystemTimeToFileTime
GetTimeZoneInformation
GetSystemInfo
VirtualProtect
VirtualQuery
GetSystemWow64DirectoryW
GetProcessHeap
GetFileType
ExitProcess
GetStdHandle
InitializeCriticalSectionAndSpinCount
SetLastError
RtlUnwind
RaiseException
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
LoadLibraryExA

rpcrt4

UuidCreate

Sections

.text
Size: 295KB - Virtual size: 294KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 125KB - Virtual size: 124KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.wixburn
Size: 512B - Virtual size: 56B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ALL-IN-ONE/TroubleShoot/NET/net 7.exe
.exe windows:6 windows x86 arch:x86

e277f1464e7729ad9df5ec047611738a

Code Sign

33:00:00:03:d3:76:69:dc:80:ec:01:a2:43:00:00:00:00:03:d3
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/02/2024, 20:25

Not After

19/02/2025, 20:25

Subject

CN=.NET,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08/07/2011, 20:59

Not After

08/07/2026, 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

16:51:06:12:b3:9a:4f:09:c6:f0:73:d9:3d:ea:50:f6:9f:e4:ac:5d:38:b0:ef:7a:b2:af:1c:ce:42:d0:a7:c3
Signer

Actual PE Digest

16:51:06:12:b3:9a:4f:09:c6:f0:73:d9:3d:ea:50:f6:9f:e4:ac:5d:38:b0:ef:7a:b2:af:1c:ce:42:d0:a7:c3

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP
IMAGE_FILE_NET_RUN_FROM_SWAP

PDB Paths

C:\agent\_work\36\s\wix\build\ship\x86\burn.pdb

Imports

advapi32

RegCloseKey
RegOpenKeyExW
RegCreateKeyExW
RegDeleteKeyW
RegDeleteValueW
RegEnumKeyExW
RegEnumValueW
RegQueryInfoKeyW
RegQueryValueExW
RegSetValueExW
OpenProcessToken
AdjustTokenPrivileges
LookupPrivilegeValueW
InitiateSystemShutdownExW
GetUserNameW
CloseEventLog
OpenEventLogW
ReportEventW
ConvertStringSecurityDescriptorToSecurityDescriptorW
CreateWellKnownSid
InitializeAcl
DecryptFileW
SetEntriesInAclW
ChangeServiceConfigW
CloseServiceHandle
ControlService
OpenSCManagerW
OpenServiceW
QueryServiceStatus
SetNamedSecurityInfoW
CheckTokenMembership
AllocateAndInitializeSid
SetEntriesInAclA
SetSecurityDescriptorOwner
SetSecurityDescriptorGroup
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
GetTokenInformation
CryptDestroyHash
CryptHashData
CryptCreateHash
CryptGetHashParam
CryptReleaseContext
CryptAcquireContextW
QueryServiceConfigW

user32

PeekMessageW
PostMessageW
IsWindow
WaitForInputIdle
PostQuitMessage
GetMessageW
TranslateMessage
MsgWaitForMultipleObjects
PostThreadMessageW
GetMonitorInfoW
MonitorFromPoint
IsDialogMessageW
LoadCursorW
LoadBitmapW
SetWindowLongW
GetWindowLongW
GetCursorPos
MessageBoxW
CreateWindowExW
UnregisterClassW
RegisterClassW
DefWindowProcW
DispatchMessageW

oleaut32

VariantInit
SysAllocString
VariantClear
SysFreeString

gdi32

DeleteDC
DeleteObject
SelectObject
StretchBlt
GetObjectW
CreateCompatibleDC

shell32

CommandLineToArgvW
SHGetFolderPathW
ShellExecuteExW

ole32

CoUninitialize
CoInitializeEx
CoInitialize
StringFromGUID2
CoCreateInstance
CoTaskMemFree
CoInitializeSecurity
CLSIDFromProgID

kernel32

GetFileType
GetStdHandle
EncodePointer
InitializeCriticalSectionAndSpinCount
SetLastError
RtlUnwind
CreateFileW
CloseHandle
ExitProcess
CreateFileA
SetFilePointer
WriteFile
GetLastError
GetCurrentProcessId
GetSystemDirectoryW
LoadLibraryW
lstrlenA
HeapSetInformation
GetModuleHandleW
GetProcAddress
LocalFree
SetCurrentDirectoryW
GetCurrentDirectoryW
CreateDirectoryW
DeleteFileW
FindClose
FindFirstFileW
FindNextFileW
GetFileAttributesW
GetTempFileNameW
RemoveDirectoryW
SetFileAttributesW
GetTempPathW
MoveFileExW
FormatMessageW
lstrlenW
MultiByteToWideChar
IsValidCodePage
LCMapStringW
ExpandEnvironmentStringsW
GetFileSizeEx
GetFullPathNameW
ReadFile
SetFilePointerEx
SetFileTime
Sleep
GlobalAlloc
GlobalFree
CopyFileW
GetLocalTime
GetModuleFileNameW
CompareStringW
HeapAlloc
HeapReAlloc
HeapFree
HeapSize
GetProcessHeap
FreeLibrary
InitializeCriticalSection
DeleteCriticalSection
ReleaseMutex
GetCurrentProcess
FindFirstFileExW
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
CreateProcessW
GetVersionExW
VerSetConditionMask
GetVolumePathNameW
EnterCriticalSection
LeaveCriticalSection
GetSystemTime
GetWindowsDirectoryW
GetNativeSystemInfo
GetSystemWow64DirectoryW
GetModuleHandleExW
GetComputerNameW
VerifyVersionInfoW
GetDateFormatW
GetUserDefaultUILanguage
GetUserDefaultLangID
GetSystemDefaultLangID
GetStringTypeW
DuplicateHandle
LoadLibraryExW
CreateEventW
ProcessIdToSessionId
ConnectNamedPipe
SetNamedPipeHandleState
CreateNamedPipeW
WaitForSingleObject
GetProcessId
OpenProcess
CreateThread
GetExitCodeThread
SetEvent
WaitForMultipleObjects
LocalFileTimeToFileTime
SetEndOfFile
ResetEvent
DosDateTimeToFileTime
CompareStringA
GetExitCodeProcess
SetThreadExecutionState
CopyFileExW
CreateMutexW
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
GetThreadLocale
GetStartupInfoW
IsDebuggerPresent
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetStdHandle
FlushFileBuffers
GetConsoleOutputCP
GetConsoleMode
DecodePointer
WriteConsoleW
GetModuleHandleA
VirtualAlloc
VirtualFree
SystemTimeToTzSpecificLocalTime
SystemTimeToFileTime
GetCurrentThreadId
WideCharToMultiByte
InitializeSListHead
GetSystemTimeAsFileTime
QueryPerformanceCounter
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
LoadLibraryExA
VirtualQuery
VirtualProtect
GetSystemInfo
RaiseException
GetTimeZoneInformation

rpcrt4

UuidCreate

Sections

.text
Size: 307KB - Virtual size: 306KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 126KB - Virtual size: 125KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.wixburn
Size: 512B - Virtual size: 56B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ALL-IN-ONE/TroubleShoot/NET/net 8.exe
.exe windows:6 windows x86 arch:x86

e277f1464e7729ad9df5ec047611738a

Code Sign

33:00:00:03:d3:76:69:dc:80:ec:01:a2:43:00:00:00:00:03:d3
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/02/2024, 20:25

Not After

19/02/2025, 20:25

Subject

CN=.NET,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08/07/2011, 20:59

Not After

08/07/2026, 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

49:99:4d:65:c9:79:d2:57:83:18:5c:46:cc:a3:61:44:f5:7f:a8:c5:f0:9c:9d:26:d3:52:65:c4:24:7c:4b:83
Signer

Actual PE Digest

49:99:4d:65:c9:79:d2:57:83:18:5c:46:cc:a3:61:44:f5:7f:a8:c5:f0:9c:9d:26:d3:52:65:c4:24:7c:4b:83

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP
IMAGE_FILE_NET_RUN_FROM_SWAP

PDB Paths

C:\agent\_work\36\s\wix\build\ship\x86\burn.pdb

Imports

advapi32

RegCloseKey
RegOpenKeyExW
RegCreateKeyExW
RegDeleteKeyW
RegDeleteValueW
RegEnumKeyExW
RegEnumValueW
RegQueryInfoKeyW
RegQueryValueExW
RegSetValueExW
OpenProcessToken
AdjustTokenPrivileges
LookupPrivilegeValueW
InitiateSystemShutdownExW
GetUserNameW
CloseEventLog
OpenEventLogW
ReportEventW
ConvertStringSecurityDescriptorToSecurityDescriptorW
CreateWellKnownSid
InitializeAcl
DecryptFileW
SetEntriesInAclW
ChangeServiceConfigW
CloseServiceHandle
ControlService
OpenSCManagerW
OpenServiceW
QueryServiceStatus
SetNamedSecurityInfoW
CheckTokenMembership
AllocateAndInitializeSid
SetEntriesInAclA
SetSecurityDescriptorOwner
SetSecurityDescriptorGroup
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
GetTokenInformation
CryptDestroyHash
CryptHashData
CryptCreateHash
CryptGetHashParam
CryptReleaseContext
CryptAcquireContextW
QueryServiceConfigW

user32

PeekMessageW
PostMessageW
IsWindow
WaitForInputIdle
PostQuitMessage
GetMessageW
TranslateMessage
MsgWaitForMultipleObjects
PostThreadMessageW
GetMonitorInfoW
MonitorFromPoint
IsDialogMessageW
LoadCursorW
LoadBitmapW
SetWindowLongW
GetWindowLongW
GetCursorPos
MessageBoxW
CreateWindowExW
UnregisterClassW
RegisterClassW
DefWindowProcW
DispatchMessageW

oleaut32

VariantInit
SysAllocString
VariantClear
SysFreeString

gdi32

DeleteDC
DeleteObject
SelectObject
StretchBlt
GetObjectW
CreateCompatibleDC

shell32

CommandLineToArgvW
SHGetFolderPathW
ShellExecuteExW

ole32

CoUninitialize
CoInitializeEx
CoInitialize
StringFromGUID2
CoCreateInstance
CoTaskMemFree
CoInitializeSecurity
CLSIDFromProgID

kernel32

GetFileType
GetStdHandle
EncodePointer
InitializeCriticalSectionAndSpinCount
SetLastError
RtlUnwind
CreateFileW
CloseHandle
ExitProcess
CreateFileA
SetFilePointer
WriteFile
GetLastError
GetCurrentProcessId
GetSystemDirectoryW
LoadLibraryW
lstrlenA
HeapSetInformation
GetModuleHandleW
GetProcAddress
LocalFree
SetCurrentDirectoryW
GetCurrentDirectoryW
CreateDirectoryW
DeleteFileW
FindClose
FindFirstFileW
FindNextFileW
GetFileAttributesW
GetTempFileNameW
RemoveDirectoryW
SetFileAttributesW
GetTempPathW
MoveFileExW
FormatMessageW
lstrlenW
MultiByteToWideChar
IsValidCodePage
LCMapStringW
ExpandEnvironmentStringsW
GetFileSizeEx
GetFullPathNameW
ReadFile
SetFilePointerEx
SetFileTime
Sleep
GlobalAlloc
GlobalFree
CopyFileW
GetLocalTime
GetModuleFileNameW
CompareStringW
HeapAlloc
HeapReAlloc
HeapFree
HeapSize
GetProcessHeap
FreeLibrary
InitializeCriticalSection
DeleteCriticalSection
ReleaseMutex
GetCurrentProcess
FindFirstFileExW
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
CreateProcessW
GetVersionExW
VerSetConditionMask
GetVolumePathNameW
EnterCriticalSection
LeaveCriticalSection
GetSystemTime
GetWindowsDirectoryW
GetNativeSystemInfo
GetSystemWow64DirectoryW
GetModuleHandleExW
GetComputerNameW
VerifyVersionInfoW
GetDateFormatW
GetUserDefaultUILanguage
GetUserDefaultLangID
GetSystemDefaultLangID
GetStringTypeW
DuplicateHandle
LoadLibraryExW
CreateEventW
ProcessIdToSessionId
ConnectNamedPipe
SetNamedPipeHandleState
CreateNamedPipeW
WaitForSingleObject
GetProcessId
OpenProcess
CreateThread
GetExitCodeThread
SetEvent
WaitForMultipleObjects
LocalFileTimeToFileTime
SetEndOfFile
ResetEvent
DosDateTimeToFileTime
CompareStringA
GetExitCodeProcess
SetThreadExecutionState
CopyFileExW
CreateMutexW
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
GetThreadLocale
GetStartupInfoW
IsDebuggerPresent
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetStdHandle
FlushFileBuffers
GetConsoleOutputCP
GetConsoleMode
DecodePointer
WriteConsoleW
GetModuleHandleA
VirtualAlloc
VirtualFree
SystemTimeToTzSpecificLocalTime
SystemTimeToFileTime
GetCurrentThreadId
WideCharToMultiByte
InitializeSListHead
GetSystemTimeAsFileTime
QueryPerformanceCounter
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
LoadLibraryExA
VirtualQuery
VirtualProtect
GetSystemInfo
RaiseException
GetTimeZoneInformation

rpcrt4

UuidCreate

Sections

.text
Size: 307KB - Virtual size: 306KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 126KB - Virtual size: 125KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.wixburn
Size: 512B - Virtual size: 56B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ALL-IN-ONE/TroubleShoot/Other/Image.png
.png
ALL-IN-ONE/TroubleShoot/Other/ReadMe.txt
ALL-IN-ONE/TroubleShoot/Other/VisualStudioSetup.exe
.exe windows:5 windows x86 arch:x86

01b29b0304f316768e6c21448e7b24b7

Code Sign

33:00:00:03:af:30:40:0e:4c:a3:4d:05:41:00:00:00:00:03:af
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/11/2023, 19:09

Not After

14/11/2024, 19:09

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08/07/2011, 20:59

Not After

08/07/2026, 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

15:e2:29:fe:14:35:70:74:b6:6a:98:f8:0b:49:59:7c
Certificate

Issuer

CN=C2RService,O=C2RService,L=Redmond,ST=Washington,C=US

Not Before

17/02/2017, 00:12

Not After

31/12/2039, 23:59

Subject

CN=C2RService,O=C2RService,L=Redmond,ST=Washington,C=US

5a:4d:c1:0a:c0:b0:4f:d2:6f:2f:01:b6:68:a3:bb:b9:95:f5:e8:81:2d:66:ff:a9:5c:23:73:39:b2:61:2e:35
Signer

Actual PE Digest

5a:4d:c1:0a:c0:b0:4f:d2:6f:2f:01:b6:68:a3:bb:b9:95:f5:e8:81:2d:66:ff:a9:5c:23:73:39:b2:61:2e:35

Digest Algorithm

sha256

PE Digest Matches

true

5a:4d:c1:0a:c0:b0:4f:d2:6f:2f:01:b6:68:a3:bb:b9:95:f5:e8:81:2d:66:ff:a9:5c:23:73:39:b2:61:2e:35
Signer

Actual PE Digest

5a:4d:c1:0a:c0:b0:4f:d2:6f:2f:01:b6:68:a3:bb:b9:95:f5:e8:81:2d:66:ff:a9:5c:23:73:39:b2:61:2e:35

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\a\_work\1\s\src\BoxStub\bin\Release\Win32\boxstub.pdb

Imports

ole32

CoInitializeEx

comctl32

ord17

rpcrt4

UuidCreate
UuidToStringW
RpcStringFreeW

shell32

SHGetPathFromIDListW
CommandLineToArgvW
ShellExecuteExW
SHBrowseForFolderW

shlwapi

PathRemoveExtensionW

user32

GetWindowLongW
SetWindowLongW
PostQuitMessage
EndDialog
SetWindowTextW
DialogBoxParamW
SendMessageW
GetWindow
GetWindowThreadProcessId
GetTopWindow
MessageBoxW
GetDlgItem
LoadStringW
PostMessageW

advapi32

RegCloseKey
CryptGenRandom
CryptReleaseContext
DecryptFileW
RegOpenKeyExW
RegQueryValueExW
CryptAcquireContextW

kernel32

FileTimeToDosDateTime
FileTimeToLocalFileTime
MoveFileExW
GlobalFree
GlobalAlloc
SetCurrentDirectoryW
GetCurrentDirectoryW
RemoveDirectoryW
GetFileAttributesW
DeleteFileW
FileTimeToSystemTime
GetSystemInfo
CreateEventA
GetModuleHandleW
GetEnvironmentVariableW
GetTickCount
SetEnvironmentVariableW
GetLastError
ExpandEnvironmentStringsW
Sleep
GetProcessId
WaitForSingleObject
GetExitCodeProcess
CloseHandle
SetFileAttributesW
InitializeCriticalSection
CreateEventW
CreateThread
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
SetEvent
GetCommandLineW
lstrlenW
CompareStringW
LocalFree
CreateDirectoryW
GetTempPathW
LoadLibraryW
GetProcAddress
GetSystemDirectoryW
SetDefaultDllDirectories
FreeLibrary
WaitForMultipleObjects
ExitThread
SetLastError
SystemTimeToTzSpecificLocalTime
GetSystemTime
GetTimeZoneInformation
FormatMessageW
lstrlenA
GetComputerNameW
GetLocalTime
GetVersionExW
CreateFileA
SetFileTime
LocalFileTimeToFileTime
DosDateTimeToFileTime
SetFilePointer
InitializeCriticalSectionAndSpinCount
ResetEvent
WaitForSingleObjectEx
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
RtlUnwind
FreeLibraryAndExitThread
EncodePointer
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
RaiseException
GetStdHandle
WriteFile
GetModuleFileNameW
ExitProcess
GetModuleHandleExW
HeapFree
HeapAlloc
GetFileType
LCMapStringW
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
MultiByteToWideChar
WideCharToMultiByte
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetStdHandle
GetStringTypeW
GetProcessHeap
GetFileSizeEx
SetFilePointerEx
FlushFileBuffers
GetConsoleOutputCP
GetConsoleMode
HeapSize
HeapReAlloc
ReadFile
DecodePointer
CreateFileW
WriteConsoleW
DuplicateHandle
FindFirstFileW
SetEndOfFile

cabinet

ord23
ord22
ord20

oleaut32

VariantClear
SysAllocString

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

bcrypt

BCryptCreateHash
BCryptHashData
BCryptFinishHash
BCryptDestroyHash
BCryptCloseAlgorithmProvider
BCryptOpenAlgorithmProvider

Exports

Exports

?dwPlaceholder@@3PAEA

Sections

.text
Size: 222KB - Virtual size: 221KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.boxld01
Size: 512B - Virtual size: 184B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 176KB - Virtual size: 175KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ALL-IN-ONE/TroubleShoot/Runtimes/Installer/install_all.bat
ALL-IN-ONE/TroubleShoot/Runtimes/Installer/vcredist2005_x64.exe
.exe windows:5 windows x86 arch:x86

0ebb3c09b06b1666d307952e824c8697

Code Sign

2e:ab:11:dc:50:ff:5c:9d:cb:c0
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

22/08/2007, 22:31

Not After

25/08/2012, 07:00

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:01:b2:9b:00:00:00:00:00:15
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

21/02/2011, 20:53

Not After

21/05/2012, 20:53

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

16/09/2006, 01:04

Not After

15/09/2019, 07:00

Subject

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:06:94:2d:00:00:00:00:00:09
Certificate

Issuer

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

25/07/2008, 19:02

Not After

25/07/2013, 19:12

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:7A82-688A-9F92,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

72:eb:ec:84:ec:eb:2c:99:f6:93:1a:22:55:c2:43:bc:37:c7:56:59
Signer

Actual PE Digest

72:eb:ec:84:ec:eb:2c:99:f6:93:1a:22:55:c2:43:bc:37:c7:56:59

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

wextract.pdb

Imports

advapi32

FreeSid
AllocateAndInitializeSid
EqualSid
GetTokenInformation
OpenProcessToken
AdjustTokenPrivileges
LookupPrivilegeValueA
RegCloseKey
RegDeleteValueA
RegOpenKeyExA
RegSetValueExA
RegQueryValueExA
RegCreateKeyExA
RegQueryInfoKeyA

kernel32

LocalFree
LocalAlloc
GetLastError
GetCurrentProcess
lstrlenA
GetModuleFileNameA
GetSystemDirectoryA
_lclose
_llseek
_lopen
WritePrivateProfileStringA
GetWindowsDirectoryA
CreateDirectoryA
GetFileAttributesA
ExpandEnvironmentStringsA
lstrcpyA
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
IsDBCSLeadByte
GetShortPathNameA
GetPrivateProfileStringA
GetPrivateProfileIntA
lstrcmpiA
RemoveDirectoryA
FindClose
FindNextFileA
DeleteFileA
SetFileAttributesA
lstrcmpA
FindFirstFileA
FreeResource
GetProcAddress
LoadResource
SizeofResource
FindResourceA
lstrcatA
CloseHandle
WriteFile
SetFilePointer
SetFileTime
LocalFileTimeToFileTime
DosDateTimeToFileTime
SetCurrentDirectoryA
GetTempFileNameA
ExitProcess
CreateFileA
LoadLibraryExA
lstrcpynA
GetVolumeInformationA
FormatMessageA
GetCurrentDirectoryA
GetVersionExA
GetExitCodeProcess
WaitForSingleObject
CreateProcessA
GetTempPathA
GetSystemInfo
CreateMutexA
SetEvent
CreateEventA
CreateThread
ResetEvent
TerminateThread
GetDriveTypeA
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
ReadFile
LoadLibraryA
GetDiskFreeSpaceA
MulDiv
EnumResourceLanguagesA
FreeLibrary
LockResource

gdi32

GetDeviceCaps

user32

ExitWindowsEx
wsprintfA
CharNextA
CharUpperA
CharPrevA
SetWindowLongA
GetWindowLongA
CallWindowProcA
DispatchMessageA
MsgWaitForMultipleObjects
PeekMessageA
SendMessageA
SetWindowPos
ReleaseDC
GetDC
GetWindowRect
SendDlgItemMessageA
GetDlgItem
SetForegroundWindow
SetWindowTextA
MessageBoxA
DialogBoxIndirectParamA
ShowWindow
EnableWindow
GetDlgItemTextA
EndDialog
GetDesktopWindow
MessageBeep
SetDlgItemTextA
LoadStringA
GetSystemMetrics

comctl32

ord17

version

GetFileVersionInfoA
VerQueryValueA
GetFileVersionInfoSizeA

Sections

.text
Size: 38KB - Virtual size: 38KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3.0MB - Virtual size: 3.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
ALL-IN-ONE/TroubleShoot/Runtimes/Installer/vcredist2005_x86.exe
.exe windows:5 windows x86 arch:x86

0ebb3c09b06b1666d307952e824c8697

Code Sign

2e:ab:11:dc:50:ff:5c:9d:cb:c0
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

22/08/2007, 22:31

Not After

25/08/2012, 07:00

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:01:b2:9b:00:00:00:00:00:15
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

21/02/2011, 20:53

Not After

21/05/2012, 20:53

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

16/09/2006, 01:04

Not After

15/09/2019, 07:00

Subject

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:06:94:2d:00:00:00:00:00:09
Certificate

Issuer

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

25/07/2008, 19:02

Not After

25/07/2013, 19:12

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:7A82-688A-9F92,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

5d:9a:9e:30:e8:b4:79:bd:b9:25:8e:b1:69:72:67:0f:90:ec:0f:7f
Signer

Actual PE Digest

5d:9a:9e:30:e8:b4:79:bd:b9:25:8e:b1:69:72:67:0f:90:ec:0f:7f

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

wextract.pdb

Imports

advapi32

FreeSid
AllocateAndInitializeSid
EqualSid
GetTokenInformation
OpenProcessToken
AdjustTokenPrivileges
LookupPrivilegeValueA
RegCloseKey
RegDeleteValueA
RegOpenKeyExA
RegSetValueExA
RegQueryValueExA
RegCreateKeyExA
RegQueryInfoKeyA

kernel32

LocalFree
LocalAlloc
GetLastError
GetCurrentProcess
lstrlenA
GetModuleFileNameA
GetSystemDirectoryA
_lclose
_llseek
_lopen
WritePrivateProfileStringA
GetWindowsDirectoryA
CreateDirectoryA
GetFileAttributesA
ExpandEnvironmentStringsA
lstrcpyA
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
IsDBCSLeadByte
GetShortPathNameA
GetPrivateProfileStringA
GetPrivateProfileIntA
lstrcmpiA
RemoveDirectoryA
FindClose
FindNextFileA
DeleteFileA
SetFileAttributesA
lstrcmpA
FindFirstFileA
FreeResource
GetProcAddress
LoadResource
SizeofResource
FindResourceA
lstrcatA
CloseHandle
WriteFile
SetFilePointer
SetFileTime
LocalFileTimeToFileTime
DosDateTimeToFileTime
SetCurrentDirectoryA
GetTempFileNameA
ExitProcess
CreateFileA
LoadLibraryExA
lstrcpynA
GetVolumeInformationA
FormatMessageA
GetCurrentDirectoryA
GetVersionExA
GetExitCodeProcess
WaitForSingleObject
CreateProcessA
GetTempPathA
GetSystemInfo
CreateMutexA
SetEvent
CreateEventA
CreateThread
ResetEvent
TerminateThread
GetDriveTypeA
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
ReadFile
LoadLibraryA
GetDiskFreeSpaceA
MulDiv
EnumResourceLanguagesA
FreeLibrary
LockResource

gdi32

GetDeviceCaps

user32

ExitWindowsEx
wsprintfA
CharNextA
CharUpperA
CharPrevA
SetWindowLongA
GetWindowLongA
CallWindowProcA
DispatchMessageA
MsgWaitForMultipleObjects
PeekMessageA
SendMessageA
SetWindowPos
ReleaseDC
GetDC
GetWindowRect
SendDlgItemMessageA
GetDlgItem
SetForegroundWindow
SetWindowTextA
MessageBoxA
DialogBoxIndirectParamA
ShowWindow
EnableWindow
GetDlgItemTextA
EndDialog
GetDesktopWindow
MessageBeep
SetDlgItemTextA
LoadStringA
GetSystemMetrics

comctl32

ord17

version

GetFileVersionInfoA
VerQueryValueA
GetFileVersionInfoSizeA

Sections

.text
Size: 38KB - Virtual size: 38KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2.5MB - Virtual size: 2.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
ALL-IN-ONE/TroubleShoot/Runtimes/Installer/vcredist2008_x64.exe
.exe windows:5 windows x86 arch:x86

092eb6daba2f17cbda102fd1a32acd00

Code Sign

2e:ab:11:dc:50:ff:5c:9d:cb:c0
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

22/08/2007, 22:31

Not After

25/08/2012, 07:00

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:01:b2:9b:00:00:00:00:00:15
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

21/02/2011, 20:53

Not After

21/05/2012, 20:53

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

16/09/2006, 01:04

Not After

15/09/2019, 07:00

Subject

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:06:94:2d:00:00:00:00:00:09
Certificate

Issuer

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

25/07/2008, 19:02

Not After

25/07/2013, 19:12

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:7A82-688A-9F92,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

8f:01:df:78:ce:80:39:28:c8:49:b3:c7:c4:01:28:81:cc:40:e4:47
Signer

Actual PE Digest

8f:01:df:78:ce:80:39:28:c8:49:b3:c7:c4:01:28:81:cc:40:e4:47

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP
IMAGE_FILE_NET_RUN_FROM_SWAP

Imports

kernel32

GetDriveTypeA
HeapFree
FormatMessageA
LeaveCriticalSection
DeleteFileA
EnterCriticalSection
TerminateProcess
WaitForMultipleObjects
CreateEventW
SetEvent
Sleep
SetEnvironmentVariableA
GetEnvironmentVariableA
WideCharToMultiByte
HeapAlloc
SetLastError
WriteFile
MoveFileA
ExitProcess
DeleteCriticalSection
FlushFileBuffers
GetVersionExA
WaitForSingleObject
OpenEventA
GetCurrentProcess
GetFileAttributesA
GetCommandLineA
GetModuleFileNameA
CreateFileA
FindNextFileA
FindFirstFileA
CopyFileA
SetFileAttributesA
SystemTimeToFileTime
GetSystemTime
GetDiskFreeSpaceA
QueryDosDeviceA
GetCurrentDirectoryA
SetEndOfFile
SetFileTime
LocalFileTimeToFileTime
DosDateTimeToFileTime
GetExitCodeProcess
CreateProcessA
ExpandEnvironmentStringsA
GetFileSize
CreateThread
CreateEventA
GetProcessHeap
InitializeCriticalSectionAndSpinCount
GetModuleHandleA
QueryPerformanceCounter
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
SetUnhandledExceptionFilter
CloseHandle
DeviceIoControl
GetSystemDirectoryA
LoadLibraryA
GetProcAddress
FreeLibrary
SetErrorMode
GetTickCount
CreateDirectoryA
GetLastError
RemoveDirectoryA
MoveFileExA
SetFilePointer
FindClose
ReadFile

msvcrt

strchr
_strnicmp
_stricmp
strrchr
_strlwr
strncpy
strstr
_snprintf
sprintf

advapi32

AllocateAndInitializeSid
GetTokenInformation
GetLengthSid
InitiateSystemShutdownA
CryptReleaseContext
CryptGenRandom
CryptAcquireContextA
SetSecurityDescriptorDacl
AddAccessAllowedAce
InitializeAcl
InitializeSecurityDescriptor
OpenProcessToken

user32

ShowWindow
SendDlgItemMessageA
SendMessageA
DialogBoxParamA
LoadStringA
EndDialog
SetParent
MessageBoxA

ntdll

NtShutdownSystem
NtAdjustPrivilegesToken
NtClose
NtOpenProcessToken

comctl32

ord17

shell32

SHBrowseForFolderA
SHGetPathFromIDListA

Sections

.text
Size: 30KB - Virtual size: 30KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4.9MB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
ALL-IN-ONE/TroubleShoot/Runtimes/Installer/vcredist2008_x86.exe
.exe windows:5 windows x86 arch:x86

092eb6daba2f17cbda102fd1a32acd00

Code Sign

2e:ab:11:dc:50:ff:5c:9d:cb:c0
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

22/08/2007, 22:31

Not After

25/08/2012, 07:00

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:01:b2:9b:00:00:00:00:00:15
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

21/02/2011, 20:53

Not After

21/05/2012, 20:53

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

16/09/2006, 01:04

Not After

15/09/2019, 07:00

Subject

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:05:a2:30:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

25/07/2008, 19:01

Not After

25/07/2013, 19:11

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:85D3-305C-5BCF,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

d0:b8:36:c9:ae:3b:cb:20:6d:59:26:4f:5f:9c:95:6f:4b:15:75:3a
Signer

Actual PE Digest

d0:b8:36:c9:ae:3b:cb:20:6d:59:26:4f:5f:9c:95:6f:4b:15:75:3a

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP
IMAGE_FILE_NET_RUN_FROM_SWAP

Imports

kernel32

GetDriveTypeA
HeapFree
FormatMessageA
LeaveCriticalSection
DeleteFileA
EnterCriticalSection
TerminateProcess
WaitForMultipleObjects
CreateEventW
SetEvent
Sleep
SetEnvironmentVariableA
GetEnvironmentVariableA
WideCharToMultiByte
HeapAlloc
SetLastError
WriteFile
MoveFileA
ExitProcess
DeleteCriticalSection
FlushFileBuffers
GetVersionExA
WaitForSingleObject
OpenEventA
GetCurrentProcess
GetFileAttributesA
GetCommandLineA
GetModuleFileNameA
CreateFileA
FindNextFileA
FindFirstFileA
CopyFileA
SetFileAttributesA
SystemTimeToFileTime
GetSystemTime
GetDiskFreeSpaceA
QueryDosDeviceA
GetCurrentDirectoryA
SetEndOfFile
SetFileTime
LocalFileTimeToFileTime
DosDateTimeToFileTime
GetExitCodeProcess
CreateProcessA
ExpandEnvironmentStringsA
GetFileSize
CreateThread
CreateEventA
GetProcessHeap
InitializeCriticalSectionAndSpinCount
GetModuleHandleA
QueryPerformanceCounter
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
SetUnhandledExceptionFilter
CloseHandle
DeviceIoControl
GetSystemDirectoryA
LoadLibraryA
GetProcAddress
FreeLibrary
SetErrorMode
GetTickCount
CreateDirectoryA
GetLastError
RemoveDirectoryA
MoveFileExA
SetFilePointer
FindClose
ReadFile

msvcrt

strchr
_strnicmp
_stricmp
strrchr
_strlwr
strncpy
strstr
_snprintf
sprintf

advapi32

AllocateAndInitializeSid
GetTokenInformation
GetLengthSid
InitiateSystemShutdownA
CryptReleaseContext
CryptGenRandom
CryptAcquireContextA
SetSecurityDescriptorDacl
AddAccessAllowedAce
InitializeAcl
InitializeSecurityDescriptor
OpenProcessToken

user32

ShowWindow
SendDlgItemMessageA
SendMessageA
DialogBoxParamA
LoadStringA
EndDialog
SetParent
MessageBoxA

ntdll

NtShutdownSystem
NtAdjustPrivilegesToken
NtClose
NtOpenProcessToken

comctl32

ord17

shell32

SHBrowseForFolderA
SHGetPathFromIDListA

Sections

.text
Size: 30KB - Virtual size: 30KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4.2MB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
ALL-IN-ONE/TroubleShoot/Runtimes/Installer/vcredist2010_x64.exe
.exe windows:5 windows x86 arch:x86

a1f6f100bff4507a3332f3f0cdfc24f5

Code Sign

2e:ab:11:dc:50:ff:5c:9d:cb:c0
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

22/08/2007, 22:31

Not After

25/08/2012, 07:00

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:01:b2:9b:00:00:00:00:00:15
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

21/02/2011, 20:53

Not After

21/05/2012, 20:53

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

16/09/2006, 01:04

Not After

15/09/2019, 07:00

Subject

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:06:94:2d:00:00:00:00:00:09
Certificate

Issuer

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

25/07/2008, 19:02

Not After

25/07/2013, 19:12

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:7A82-688A-9F92,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

3e:29:68:50:9f:c0:15:85:b2:43:f6:40:df:72:7e:8c:87:c3:b3:4f
Signer

Actual PE Digest

3e:29:68:50:9f:c0:15:85:b2:43:f6:40:df:72:7e:8c:87:c3:b3:4f

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP
IMAGE_FILE_NET_RUN_FROM_SWAP

PDB Paths

sfxcab.pdb

Imports

msvcrt

__setusermatherr
_initterm
__getmainargs
__initenv
exit
_cexit
_adjust_fdiv
_exit
_c_exit
strncpy
strstr
_strlwr
strrchr
_stricmp
__p__commode
__p__fmode
__set_app_type
_except_handler3
_controlfp
_XcptFilter
_snprintf
sprintf
strchr
_strnicmp
_vsnprintf

advapi32

InitializeAcl
AddAccessAllowedAce
SetSecurityDescriptorDacl
CryptAcquireContextA
CryptGenRandom
CryptReleaseContext
AllocateAndInitializeSid
OpenProcessToken
GetTokenInformation
GetLengthSid
InitiateSystemShutdownA
InitializeSecurityDescriptor

kernel32

CreateThread
GetFileSize
ExpandEnvironmentStringsA
CreateProcessA
GetExitCodeProcess
InitializeCriticalSectionAndSpinCount
LocalFileTimeToFileTime
SetFileTime
SetEndOfFile
CreateEventA
QueryDosDeviceA
GetDiskFreeSpaceA
GetSystemTime
QueryPerformanceCounter
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentDirectoryA
GetProcessHeap
CopyFileA
SetFileAttributesA
DosDateTimeToFileTime
SetEvent
GetVersionExA
ReadFile
SetFilePointer
MoveFileExA
RemoveDirectoryA
GetLastError
CreateDirectoryA
GetTickCount
SetErrorMode
FreeLibrary
GetProcAddress
LoadLibraryA
GetSystemDirectoryA
CloseHandle
DeviceIoControl
CreateFileA
GetDriveTypeA
HeapFree
FormatMessageA
LeaveCriticalSection
DeleteFileA
EnterCriticalSection
TerminateProcess
WaitForMultipleObjects
CreateEventW
FindFirstFileA
Sleep
SetEnvironmentVariableA
GetEnvironmentVariableA
WideCharToMultiByte
HeapAlloc
SetLastError
WriteFile
MoveFileA
ExitProcess
DeleteCriticalSection
FlushFileBuffers
WaitForSingleObject
OpenEventA
GetCurrentProcess
GetFileAttributesA
GetCommandLineA
GetModuleFileNameA
FindClose
FindNextFileA
SystemTimeToFileTime

user32

SendDlgItemMessageA
SendMessageA
DialogBoxParamA
MessageBoxA
SetParent
EndDialog
LoadStringA
ShowWindow

ntdll

NtOpenProcessToken
NtAdjustPrivilegesToken
NtClose
NtShutdownSystem

comctl32

ord17

shell32

SHBrowseForFolderA
SHGetPathFromIDListA

Sections

.text
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 9.8MB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
ALL-IN-ONE/TroubleShoot/Runtimes/Installer/vcredist2010_x86.exe
.exe windows:5 windows x86 arch:x86

a1f6f100bff4507a3332f3f0cdfc24f5

Code Sign

2e:ab:11:dc:50:ff:5c:9d:cb:c0
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

22/08/2007, 22:31

Not After

25/08/2012, 07:00

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:01:b2:9b:00:00:00:00:00:15
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

21/02/2011, 20:53

Not After

21/05/2012, 20:53

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

16/09/2006, 01:04

Not After

15/09/2019, 07:00

Subject

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:05:a2:30:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

25/07/2008, 19:01

Not After

25/07/2013, 19:11

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:85D3-305C-5BCF,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

58:5d:c5:26:99:03:d9:98:d7:bd:f4:32:05:e3:4e:3b:e4:dd:15:47
Signer

Actual PE Digest

58:5d:c5:26:99:03:d9:98:d7:bd:f4:32:05:e3:4e:3b:e4:dd:15:47

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP
IMAGE_FILE_NET_RUN_FROM_SWAP

PDB Paths

sfxcab.pdb

Imports

msvcrt

__setusermatherr
_initterm
__getmainargs
__initenv
exit
_cexit
_adjust_fdiv
_exit
_c_exit
strncpy
strstr
_strlwr
strrchr
_stricmp
__p__commode
__p__fmode
__set_app_type
_except_handler3
_controlfp
_XcptFilter
_snprintf
sprintf
strchr
_strnicmp
_vsnprintf

advapi32

InitializeAcl
AddAccessAllowedAce
SetSecurityDescriptorDacl
CryptAcquireContextA
CryptGenRandom
CryptReleaseContext
AllocateAndInitializeSid
OpenProcessToken
GetTokenInformation
GetLengthSid
InitiateSystemShutdownA
InitializeSecurityDescriptor

kernel32

CreateThread
GetFileSize
ExpandEnvironmentStringsA
CreateProcessA
GetExitCodeProcess
InitializeCriticalSectionAndSpinCount
LocalFileTimeToFileTime
SetFileTime
SetEndOfFile
CreateEventA
QueryDosDeviceA
GetDiskFreeSpaceA
GetSystemTime
QueryPerformanceCounter
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentDirectoryA
GetProcessHeap
CopyFileA
SetFileAttributesA
DosDateTimeToFileTime
SetEvent
GetVersionExA
ReadFile
SetFilePointer
MoveFileExA
RemoveDirectoryA
GetLastError
CreateDirectoryA
GetTickCount
SetErrorMode
FreeLibrary
GetProcAddress
LoadLibraryA
GetSystemDirectoryA
CloseHandle
DeviceIoControl
CreateFileA
GetDriveTypeA
HeapFree
FormatMessageA
LeaveCriticalSection
DeleteFileA
EnterCriticalSection
TerminateProcess
WaitForMultipleObjects
CreateEventW
FindFirstFileA
Sleep
SetEnvironmentVariableA
GetEnvironmentVariableA
WideCharToMultiByte
HeapAlloc
SetLastError
WriteFile
MoveFileA
ExitProcess
DeleteCriticalSection
FlushFileBuffers
WaitForSingleObject
OpenEventA
GetCurrentProcess
GetFileAttributesA
GetCommandLineA
GetModuleFileNameA
FindClose
FindNextFileA
SystemTimeToFileTime

user32

SendDlgItemMessageA
SendMessageA
DialogBoxParamA
MessageBoxA
SetParent
EndDialog
LoadStringA
ShowWindow

ntdll

NtOpenProcessToken
NtAdjustPrivilegesToken
NtClose
NtShutdownSystem

comctl32

ord17

shell32

SHBrowseForFolderA
SHGetPathFromIDListA

Sections

.text
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8.5MB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
ALL-IN-ONE/TroubleShoot/Runtimes/Installer/vcredist2012_x64.exe
.exe windows:5 windows x86 arch:x86

33c6db41ca15b47cfcec52de6c2ab2b7

Code Sign

33:00:00:00:2b:39:32:48:c1:b2:c9:48:f3:00:00:00:00:00:2b
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

04/09/2012, 21:12

Not After

04/12/2013, 21:12

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:C0F4-3086-DEF8,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

33:00:00:00:b0:11:af:0a:8b:d0:3b:9f:dd:00:01:00:00:00:b0
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

24/01/2013, 22:33

Not After

24/04/2014, 22:33

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:33:26:1a:00:00:00:00:00:31
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

31/08/2010, 22:19

Not After

31/08/2020, 22:29

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03/04/2007, 12:53

Not After

03/04/2021, 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:1a:77:bb:74:b3:07:d1:16:b8:00:00:00:00:00:1a
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

24/09/2013, 17:41

Not After

24/12/2014, 17:41

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08/07/2011, 20:59

Not After

08/07/2026, 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

f9:21:a8:7f:5a:3b:9a:0a:03:ac:c7:ff:64:14:0d:fb:d7:83:d6:35:6f:b3:45:b4:6a:5d:07:98:a0:f2:ce:30
Signer

Actual PE Digest

f9:21:a8:7f:5a:3b:9a:0a:03:ac:c7:ff:64:14:0d:fb:d7:83:d6:35:6f:b3:45:b4:6a:5d:07:98:a0:f2:ce:30

Digest Algorithm

sha256

PE Digest Matches

true

fa:4d:cd:f6:4c:96:60:0c:ed:96:a4:ab:84:4d:56:72:9b:e5:6f:2f
Signer

Actual PE Digest

fa:4d:cd:f6:4c:96:60:0c:ed:96:a4:ab:84:4d:56:72:9b:e5:6f:2f

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP
IMAGE_FILE_NET_RUN_FROM_SWAP

PDB Paths

E:\delivery\Dev\wix36_dev11\build\ship\x86\x86\burn.pdb

Imports

kernel32

CopyFileExW
MapViewOfFile
CreateFileMappingW
CreateMutexW
SetFileTime
LocalFileTimeToFileTime
DosDateTimeToFileTime
ResetEvent
SetEndOfFile
DeleteFileW
GetThreadLocale
UnmapViewOfFile
GetFullPathNameW
GetTempFileNameW
CreateDirectoryW
GetLocalTime
SetFilePointer
GetComputerNameW
CreateFileA
GetProcessHeap
GetModuleHandleA
CopyFileW
MoveFileExW
GlobalFree
GlobalAlloc
GetFileSizeEx
GetCurrentDirectoryW
SystemTimeToFileTime
SystemTimeToTzSpecificLocalTime
RaiseException
GetConsoleCP
GetConsoleMode
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
FormatMessageW
HeapSetInformation
GetStartupInfoW
SetUnhandledExceptionFilter
GetModuleHandleW
Sleep
GetProcAddress
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
GetModuleFileNameW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
SetHandleCount
GetFileType
GetStartupInfoA
DeleteCriticalSection
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
GetLastError
InterlockedDecrement
HeapCreate
VirtualFree
HeapFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
LeaveCriticalSection
EnterCriticalSection
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
IsDebuggerPresent
FreeLibrary
InterlockedExchange
LoadLibraryA
InitializeCriticalSectionAndSpinCount
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
HeapAlloc
VirtualAlloc
HeapReAlloc
RtlUnwind
HeapSize
GetLocaleInfoA
WideCharToMultiByte
GetStringTypeA
MultiByteToWideChar
GetStringTypeW
LCMapStringA
LCMapStringW
GetTimeZoneInformation
CompareStringW
InitializeCriticalSection
CloseHandle
LocalFree
ReleaseMutex
GetVersionExW
GetProcessId
ReadFile
CreateNamedPipeW
ConnectNamedPipe
SetNamedPipeHandleState
lstrlenW
WaitForSingleObject
OpenProcess
CreateFileW
SetFilePointerEx
lstrlenA
RemoveDirectoryW
GetFileAttributesW
ExpandEnvironmentStringsW
VerifyVersionInfoW
VerSetConditionMask
GetTempPathW
GetSystemDirectoryW
GetSystemWow64DirectoryW
GetVolumePathNameW
GetWindowsDirectoryW
GetSystemDefaultLangID
GetUserDefaultLangID
GetDateFormatW
GetSystemTime
LoadLibraryW
InterlockedCompareExchange
GetExitCodeThread
CreateThread
SetEvent
WaitForMultipleObjects
CreateEventW
ProcessIdToSessionId
SetFileAttributesW
FindClose
FindNextFileW
FindFirstFileW
CreateProcessW
GetExitCodeProcess
SetThreadExecutionState
FlushFileBuffers

msi

ord171
ord45
ord137
ord125
ord17
ord8
ord141
ord238
ord190
ord88
ord90
ord173
ord111
ord70
ord169
ord118
ord115
ord116
ord205

shell32

SHGetFolderPathW
ShellExecuteExW
CommandLineToArgvW

rpcrt4

UuidCreate

wininet

HttpQueryInfoW
InternetCrackUrlW
InternetSetOptionW
InternetConnectW
InternetCloseHandle
InternetOpenW
HttpAddRequestHeadersW
HttpOpenRequestW
InternetErrorDlg
InternetReadFile
HttpSendRequestW

wintrust

WinVerifyTrust
WTHelperGetProvSignerFromChain
WTHelperProvDataFromStateData
CryptCATAdminCalcHashFromFileHandle

crypt32

CertGetCertificateContextProperty
CryptHashPublicKeyInfo

gdi32

DeleteDC
DeleteObject
GetObjectW
CreateCompatibleDC
SelectObject
StretchBlt

cabinet

ord23
ord22
ord20

advapi32

CryptAcquireContextW
CryptCreateHash
CryptHashData
CryptGetHashParam
CryptDestroyHash
CryptReleaseContext
SetNamedSecurityInfoW
AllocateAndInitializeSid
CheckTokenMembership
RegDeleteKeyW
RegCreateKeyExW
RegEnumKeyExW
RegEnumValueW
RegQueryInfoKeyW
RegSetValueExW
InitializeSecurityDescriptor
SetEntriesInAclA
SetSecurityDescriptorOwner
SetSecurityDescriptorGroup
SetSecurityDescriptorDacl
RegOpenKeyExW
GetTokenInformation
OpenSCManagerW
OpenServiceW
QueryServiceStatus
CloseServiceHandle
ChangeServiceConfigW
DecryptFileW
SetEntriesInAclW
InitializeAcl
CreateWellKnownSid
InitiateSystemShutdownExW
GetUserNameW
RegQueryValueExW
RegDeleteValueW
RegCloseKey
ConvertStringSecurityDescriptorToSecurityDescriptorW
OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges
QueryServiceConfigW

oleaut32

SysFreeString
SysAllocString
VariantInit
VariantClear

ole32

CLSIDFromProgID
CoInitializeSecurity
CoTaskMemFree
CoCreateInstance
CoInitialize
CoInitializeEx
CoUninitialize
StringFromGUID2

user32

LoadBitmapW
IsWindow
PostMessageW
PeekMessageW
GetMessageW
GetWindowLongW
SetWindowLongW
DefWindowProcW
UnregisterClassW
DispatchMessageW
TranslateMessage
IsDialogMessageW
CreateWindowExW
RegisterClassW
MsgWaitForMultipleObjects
LoadCursorW
PostQuitMessage
GetCursorPos
MonitorFromPoint
GetMonitorInfoW
PostThreadMessageW
MessageBoxW

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

Sections

.text
Size: 312KB - Virtual size: 312KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.wixburn
Size: 512B - Virtual size: 56B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ALL-IN-ONE/TroubleShoot/Runtimes/Installer/vcredist2012_x86.exe
.exe windows:5 windows x86 arch:x86

33c6db41ca15b47cfcec52de6c2ab2b7

Code Sign

33:00:00:00:2b:39:32:48:c1:b2:c9:48:f3:00:00:00:00:00:2b
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

04/09/2012, 21:12

Not After

04/12/2013, 21:12

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:C0F4-3086-DEF8,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

33:00:00:00:b0:11:af:0a:8b:d0:3b:9f:dd:00:01:00:00:00:b0
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

24/01/2013, 22:33

Not After

24/04/2014, 22:33

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:33:26:1a:00:00:00:00:00:31
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

31/08/2010, 22:19

Not After

31/08/2020, 22:29

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03/04/2007, 12:53

Not After

03/04/2021, 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:1a:77:bb:74:b3:07:d1:16:b8:00:00:00:00:00:1a
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

24/09/2013, 17:41

Not After

24/12/2014, 17:41

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08/07/2011, 20:59

Not After

08/07/2026, 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

51:3c:0e:d0:e9:29:66:d4:05:e1:26:24:9d:da:d9:c0:63:79:c5:68:38:c7:69:c5:25:f3:62:ab:0e:b8:a4:f6
Signer

Actual PE Digest

51:3c:0e:d0:e9:29:66:d4:05:e1:26:24:9d:da:d9:c0:63:79:c5:68:38:c7:69:c5:25:f3:62:ab:0e:b8:a4:f6

Digest Algorithm

sha256

PE Digest Matches

true

8c:12:40:11:a9:d9:22:02:f1:9b:18:34:2a:70:2d:89:dc:3c:69:a5
Signer

Actual PE Digest

8c:12:40:11:a9:d9:22:02:f1:9b:18:34:2a:70:2d:89:dc:3c:69:a5

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP
IMAGE_FILE_NET_RUN_FROM_SWAP

PDB Paths

E:\delivery\Dev\wix36_dev11\build\ship\x86\x86\burn.pdb

Imports

kernel32

CopyFileExW
MapViewOfFile
CreateFileMappingW
CreateMutexW
SetFileTime
LocalFileTimeToFileTime
DosDateTimeToFileTime
ResetEvent
SetEndOfFile
DeleteFileW
GetThreadLocale
UnmapViewOfFile
GetFullPathNameW
GetTempFileNameW
CreateDirectoryW
GetLocalTime
SetFilePointer
GetComputerNameW
CreateFileA
GetProcessHeap
GetModuleHandleA
CopyFileW
MoveFileExW
GlobalFree
GlobalAlloc
GetFileSizeEx
GetCurrentDirectoryW
SystemTimeToFileTime
SystemTimeToTzSpecificLocalTime
RaiseException
GetConsoleCP
GetConsoleMode
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
FormatMessageW
HeapSetInformation
GetStartupInfoW
SetUnhandledExceptionFilter
GetModuleHandleW
Sleep
GetProcAddress
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
GetModuleFileNameW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
SetHandleCount
GetFileType
GetStartupInfoA
DeleteCriticalSection
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
GetLastError
InterlockedDecrement
HeapCreate
VirtualFree
HeapFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
LeaveCriticalSection
EnterCriticalSection
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
IsDebuggerPresent
FreeLibrary
InterlockedExchange
LoadLibraryA
InitializeCriticalSectionAndSpinCount
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
HeapAlloc
VirtualAlloc
HeapReAlloc
RtlUnwind
HeapSize
GetLocaleInfoA
WideCharToMultiByte
GetStringTypeA
MultiByteToWideChar
GetStringTypeW
LCMapStringA
LCMapStringW
GetTimeZoneInformation
CompareStringW
InitializeCriticalSection
CloseHandle
LocalFree
ReleaseMutex
GetVersionExW
GetProcessId
ReadFile
CreateNamedPipeW
ConnectNamedPipe
SetNamedPipeHandleState
lstrlenW
WaitForSingleObject
OpenProcess
CreateFileW
SetFilePointerEx
lstrlenA
RemoveDirectoryW
GetFileAttributesW
ExpandEnvironmentStringsW
VerifyVersionInfoW
VerSetConditionMask
GetTempPathW
GetSystemDirectoryW
GetSystemWow64DirectoryW
GetVolumePathNameW
GetWindowsDirectoryW
GetSystemDefaultLangID
GetUserDefaultLangID
GetDateFormatW
GetSystemTime
LoadLibraryW
InterlockedCompareExchange
GetExitCodeThread
CreateThread
SetEvent
WaitForMultipleObjects
CreateEventW
ProcessIdToSessionId
SetFileAttributesW
FindClose
FindNextFileW
FindFirstFileW
CreateProcessW
GetExitCodeProcess
SetThreadExecutionState
FlushFileBuffers

msi

ord171
ord45
ord137
ord125
ord17
ord8
ord141
ord238
ord190
ord88
ord90
ord173
ord111
ord70
ord169
ord118
ord115
ord116
ord205

shell32

SHGetFolderPathW
ShellExecuteExW
CommandLineToArgvW

rpcrt4

UuidCreate

wininet

HttpQueryInfoW
InternetCrackUrlW
InternetSetOptionW
InternetConnectW
InternetCloseHandle
InternetOpenW
HttpAddRequestHeadersW
HttpOpenRequestW
InternetErrorDlg
InternetReadFile
HttpSendRequestW

wintrust

WinVerifyTrust
WTHelperGetProvSignerFromChain
WTHelperProvDataFromStateData
CryptCATAdminCalcHashFromFileHandle

crypt32

CertGetCertificateContextProperty
CryptHashPublicKeyInfo

gdi32

DeleteDC
DeleteObject
GetObjectW
CreateCompatibleDC
SelectObject
StretchBlt

cabinet

ord23
ord22
ord20

advapi32

CryptAcquireContextW
CryptCreateHash
CryptHashData
CryptGetHashParam
CryptDestroyHash
CryptReleaseContext
SetNamedSecurityInfoW
AllocateAndInitializeSid
CheckTokenMembership
RegDeleteKeyW
RegCreateKeyExW
RegEnumKeyExW
RegEnumValueW
RegQueryInfoKeyW
RegSetValueExW
InitializeSecurityDescriptor
SetEntriesInAclA
SetSecurityDescriptorOwner
SetSecurityDescriptorGroup
SetSecurityDescriptorDacl
RegOpenKeyExW
GetTokenInformation
OpenSCManagerW
OpenServiceW
QueryServiceStatus
CloseServiceHandle
ChangeServiceConfigW
DecryptFileW
SetEntriesInAclW
InitializeAcl
CreateWellKnownSid
InitiateSystemShutdownExW
GetUserNameW
RegQueryValueExW
RegDeleteValueW
RegCloseKey
ConvertStringSecurityDescriptorToSecurityDescriptorW
OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges
QueryServiceConfigW

oleaut32

SysFreeString
SysAllocString
VariantInit
VariantClear

ole32

CLSIDFromProgID
CoInitializeSecurity
CoTaskMemFree
CoCreateInstance
CoInitialize
CoInitializeEx
CoUninitialize
StringFromGUID2

user32

LoadBitmapW
IsWindow
PostMessageW
PeekMessageW
GetMessageW
GetWindowLongW
SetWindowLongW
DefWindowProcW
UnregisterClassW
DispatchMessageW
TranslateMessage
IsDialogMessageW
CreateWindowExW
RegisterClassW
MsgWaitForMultipleObjects
LoadCursorW
PostQuitMessage
GetCursorPos
MonitorFromPoint
GetMonitorInfoW
PostThreadMessageW
MessageBoxW

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

Sections

.text
Size: 312KB - Virtual size: 312KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.wixburn
Size: 512B - Virtual size: 56B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ALL-IN-ONE/TroubleShoot/Runtimes/Installer/vcredist2013_x64.exe
.exe windows:5 windows x86 arch:x86

8e2588a9cf43886de3449dfff03137b6

Code Sign

33:00:00:00:c8:47:22:9d:a3:0d:ca:c0:58:00:00:00:00:00:c8
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

07/09/2016, 17:58

Not After

07/09/2018, 17:58

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:98FD-C61E-E641,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

33:00:00:01:40:96:a9:ee:70:56:fe:cc:07:00:01:00:00:01:40
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

18/08/2016, 20:17

Not After

02/11/2017, 20:17

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:33:26:1a:00:00:00:00:00:31
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

31/08/2010, 22:19

Not After

31/08/2020, 22:29

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03/04/2007, 12:53

Not After

03/04/2021, 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:8e:87:91:a4:57:1a:5f:ca:3e:00:00:00:00:00:8e
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

17/11/2016, 22:09

Not After

17/02/2018, 22:09

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08/07/2011, 20:59

Not After

08/07/2026, 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

d2:15:be:d8:35:8b:b3:7c:e3:4d:4d:50:1d:e6:91:02:c5:a1:a4:0d:b3:8f:12:4d:59:61:61:e5:59:2d:0e:e7
Signer

Actual PE Digest

d2:15:be:d8:35:8b:b3:7c:e3:4d:4d:50:1d:e6:91:02:c5:a1:a4:0d:b3:8f:12:4d:59:61:61:e5:59:2d:0e:e7

Digest Algorithm

sha256

PE Digest Matches

true

44:91:26:71:a4:e4:9a:f9:12:6b:88:da:fb:ae:ae:f6:69:04:19:21
Signer

Actual PE Digest

44:91:26:71:a4:e4:9a:f9:12:6b:88:da:fb:ae:ae:f6:69:04:19:21

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP
IMAGE_FILE_NET_RUN_FROM_SWAP

PDB Paths

E:\delivery\Dev\wix37\build\ship\x86\burn.pdb

Imports

gdiplus

GdiplusShutdown
GdiplusStartup
GdipDeleteGraphics
GdipFree
GdipCloneImage
GdipDisposeImage
GdipGetImageWidth
GdipGetImageHeight
GdipCreateBitmapFromResource
GdipCreateFromHDC
GdipSetInterpolationMode
GdipDrawImageRectI
GdipAlloc

advapi32

QueryServiceConfigW
CryptAcquireContextW
CryptCreateHash
CryptHashData
CryptGetHashParam
CryptDestroyHash
CryptReleaseContext
RegDeleteKeyW
RegCreateKeyExW
RegEnumKeyExW
RegEnumValueW
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
ConvertStringSecurityDescriptorToSecurityDescriptorW
RegCloseKey
RegDeleteValueW
RegQueryValueExW
GetUserNameW
InitiateSystemShutdownExW
CreateWellKnownSid
InitializeAcl
SetEntriesInAclW
DecryptFileW
ChangeServiceConfigW
ControlService
CloseServiceHandle
QueryServiceStatus
OpenServiceW
OpenSCManagerW
RegQueryInfoKeyW
RegSetValueExW
SetEntriesInAclA
SetSecurityDescriptorGroup
RegOpenKeyExW
GetTokenInformation
CheckTokenMembership
AllocateAndInitializeSid
FreeSid
LookupAccountNameW
SetNamedSecurityInfoW
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
SetSecurityDescriptorOwner

user32

GetMessageW
PeekMessageW
PostMessageW
IsWindow
PostQuitMessage
GetWindowLongW
SetWindowLongW
DefWindowProcW
UnregisterClassW
DispatchMessageW
TranslateMessage
IsDialogMessageW
MsgWaitForMultipleObjects
WaitForInputIdle
LoadCursorW
BeginPaint
EndPaint
GetCursorPos
MonitorFromPoint
GetMonitorInfoW
ReleaseDC
MessageBoxW
PostThreadMessageW
RegisterClassW
CreateWindowExW

oleaut32

VariantClear
VariantInit
SysAllocString
SysFreeString

gdi32

GetDeviceCaps
CreateDCW

shell32

ShellExecuteExW
SHGetFolderPathW
CommandLineToArgvW

ole32

CoTaskMemFree
CoCreateInstance
CoInitialize
CoUninitialize
CoInitializeEx
StringFromGUID2
CoInitializeSecurity
CLSIDFromProgID

kernel32

GetCurrentProcess
InitializeCriticalSection
TlsFree
DeleteCriticalSection
CloseHandle
TlsGetValue
Sleep
GetLastError
ReleaseMutex
TlsSetValue
TlsAlloc
GetCurrentThreadId
GetVersionExW
GetModuleHandleW
ReadFile
SetFilePointerEx
CreateFileW
GetCurrentProcessId
GetProcessId
WriteFile
ConnectNamedPipe
SetNamedPipeHandleState
lstrlenW
CompareStringW
LocalFree
CreateNamedPipeW
WaitForSingleObject
OpenProcess
lstrlenA
RemoveDirectoryW
GetFileAttributesW
ExpandEnvironmentStringsW
LeaveCriticalSection
EnterCriticalSection
FreeLibrary
GetProcAddress
VerifyVersionInfoW
VerSetConditionMask
GetComputerNameW
GetTempPathW
GetSystemDirectoryW
GetSystemWow64DirectoryW
GetVolumePathNameW
HeapAlloc
GetSystemDefaultLangID
GetUserDefaultLangID
GetDateFormatW
GetSystemTime
InterlockedExchange
LoadLibraryW
InterlockedCompareExchange
GetExitCodeThread
CreateThread
SetEvent
WaitForMultipleObjects
CreateEventW
ProcessIdToSessionId
InterlockedIncrement
InterlockedDecrement
GetStringTypeW
SetFileAttributesW
FindClose
FindNextFileW
FindFirstFileW
CreateProcessW
SetCurrentDirectoryW
GetCurrentDirectoryW
GetExitCodeProcess
SetThreadExecutionState
CopyFileExW
HeapSetInformation
MapViewOfFile
CreateFileMappingW
CreateMutexW
SetEndOfFile
ResetEvent
SetFileTime
LocalFileTimeToFileTime
DosDateTimeToFileTime
CreateFileA
GetSystemTimeAsFileTime
VirtualFree
VirtualAlloc
DeleteFileW
GetThreadLocale
GetTimeZoneInformation
TerminateProcess
UnhandledExceptionFilter
SystemTimeToTzSpecificLocalTime
SystemTimeToFileTime
GlobalAlloc
IsProcessorFeaturePresent
GetTickCount
QueryPerformanceCounter
HeapCreate
SetLastError
EncodePointer
GetFileType
InitializeCriticalSectionAndSpinCount
SetHandleCount
GetEnvironmentStringsW
GlobalFree
MoveFileExW
CopyFileW
GetFileSizeEx
GetModuleHandleA
RaiseException
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
RtlUnwind
SetFilePointer
WideCharToMultiByte
GetConsoleCP
GetConsoleMode
HeapSize
HeapReAlloc
LCMapStringW
MultiByteToWideChar
SetStdHandle
WriteConsoleW
FlushFileBuffers
GetLocalTime
UnmapViewOfFile
IsDebuggerPresent
DuplicateHandle
HeapFree
FormatMessageW
GetTempFileNameW
GetWindowsDirectoryW
CompareStringA
FreeEnvironmentStringsW
GetModuleFileNameW
GetStdHandle
DecodePointer
ExitProcess
SetUnhandledExceptionFilter
GetStartupInfoW
GetCommandLineW
GetFullPathNameW
CreateDirectoryW
GetProcessHeap

cabinet

ord22
ord20
ord23

crypt32

CertGetCertificateContextProperty
CryptHashPublicKeyInfo

msi

ord88
ord17
ord125
ord116
ord115
ord118
ord8
ord171
ord205
ord45
ord137
ord141
ord238
ord190
ord169
ord90
ord173
ord111
ord70

rpcrt4

UuidCreate

wininet

InternetCloseHandle
HttpAddRequestHeadersW
HttpOpenRequestW
InternetErrorDlg
InternetReadFile
HttpSendRequestW
InternetSetOptionW
InternetOpenW
HttpQueryInfoW
InternetCrackUrlW
InternetConnectW

wintrust

WinVerifyTrust
WTHelperGetProvSignerFromChain
WTHelperProvDataFromStateData
CryptCATAdminCalcHashFromFileHandle

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

Sections

.text
Size: 229KB - Virtual size: 228KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 104KB - Virtual size: 104KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.wixburn
Size: 512B - Virtual size: 56B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ALL-IN-ONE/TroubleShoot/Runtimes/Installer/vcredist2013_x86.exe
.exe windows:5 windows x86 arch:x86

8e2588a9cf43886de3449dfff03137b6

Code Sign

33:00:00:00:c6:78:80:36:01:75:1a:69:72:00:00:00:00:00:c6
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

07/09/2016, 17:58

Not After

07/09/2018, 17:58

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:F528-3777-8A76,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

33:00:00:01:40:96:a9:ee:70:56:fe:cc:07:00:01:00:00:01:40
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

18/08/2016, 20:17

Not After

02/11/2017, 20:17

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:33:26:1a:00:00:00:00:00:31
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

31/08/2010, 22:19

Not After

31/08/2020, 22:29

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03/04/2007, 12:53

Not After

03/04/2021, 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:8e:87:91:a4:57:1a:5f:ca:3e:00:00:00:00:00:8e
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

17/11/2016, 22:09

Not After

17/02/2018, 22:09

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08/07/2011, 20:59

Not After

08/07/2026, 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

52:23:3d:61:a3:c7:a5:8d:8d:8c:82:da:a0:4b:34:8f:7b:f4:1d:29:40:64:85:23:a9:3c:34:b5:c4:85:42:3f
Signer

Actual PE Digest

52:23:3d:61:a3:c7:a5:8d:8d:8c:82:da:a0:4b:34:8f:7b:f4:1d:29:40:64:85:23:a9:3c:34:b5:c4:85:42:3f

Digest Algorithm

sha256

PE Digest Matches

true

55:93:21:ff:30:02:58:ca:25:32:ed:9f:50:2b:ee:cc:82:3b:d9:62
Signer

Actual PE Digest

55:93:21:ff:30:02:58:ca:25:32:ed:9f:50:2b:ee:cc:82:3b:d9:62

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP
IMAGE_FILE_NET_RUN_FROM_SWAP

PDB Paths

E:\delivery\Dev\wix37\build\ship\x86\burn.pdb

Imports

gdiplus

GdiplusShutdown
GdiplusStartup
GdipDeleteGraphics
GdipFree
GdipCloneImage
GdipDisposeImage
GdipGetImageWidth
GdipGetImageHeight
GdipCreateBitmapFromResource
GdipCreateFromHDC
GdipSetInterpolationMode
GdipDrawImageRectI
GdipAlloc

advapi32

QueryServiceConfigW
CryptAcquireContextW
CryptCreateHash
CryptHashData
CryptGetHashParam
CryptDestroyHash
CryptReleaseContext
RegDeleteKeyW
RegCreateKeyExW
RegEnumKeyExW
RegEnumValueW
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
ConvertStringSecurityDescriptorToSecurityDescriptorW
RegCloseKey
RegDeleteValueW
RegQueryValueExW
GetUserNameW
InitiateSystemShutdownExW
CreateWellKnownSid
InitializeAcl
SetEntriesInAclW
DecryptFileW
ChangeServiceConfigW
ControlService
CloseServiceHandle
QueryServiceStatus
OpenServiceW
OpenSCManagerW
RegQueryInfoKeyW
RegSetValueExW
SetEntriesInAclA
SetSecurityDescriptorGroup
RegOpenKeyExW
GetTokenInformation
CheckTokenMembership
AllocateAndInitializeSid
FreeSid
LookupAccountNameW
SetNamedSecurityInfoW
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
SetSecurityDescriptorOwner

user32

GetMessageW
PeekMessageW
PostMessageW
IsWindow
PostQuitMessage
GetWindowLongW
SetWindowLongW
DefWindowProcW
UnregisterClassW
DispatchMessageW
TranslateMessage
IsDialogMessageW
MsgWaitForMultipleObjects
WaitForInputIdle
LoadCursorW
BeginPaint
EndPaint
GetCursorPos
MonitorFromPoint
GetMonitorInfoW
ReleaseDC
MessageBoxW
PostThreadMessageW
RegisterClassW
CreateWindowExW

oleaut32

VariantClear
VariantInit
SysAllocString
SysFreeString

gdi32

GetDeviceCaps
CreateDCW

shell32

ShellExecuteExW
SHGetFolderPathW
CommandLineToArgvW

ole32

CoTaskMemFree
CoCreateInstance
CoInitialize
CoUninitialize
CoInitializeEx
StringFromGUID2
CoInitializeSecurity
CLSIDFromProgID

kernel32

GetCurrentProcess
InitializeCriticalSection
TlsFree
DeleteCriticalSection
CloseHandle
TlsGetValue
Sleep
GetLastError
ReleaseMutex
TlsSetValue
TlsAlloc
GetCurrentThreadId
GetVersionExW
GetModuleHandleW
ReadFile
SetFilePointerEx
CreateFileW
GetCurrentProcessId
GetProcessId
WriteFile
ConnectNamedPipe
SetNamedPipeHandleState
lstrlenW
CompareStringW
LocalFree
CreateNamedPipeW
WaitForSingleObject
OpenProcess
lstrlenA
RemoveDirectoryW
GetFileAttributesW
ExpandEnvironmentStringsW
LeaveCriticalSection
EnterCriticalSection
FreeLibrary
GetProcAddress
VerifyVersionInfoW
VerSetConditionMask
GetComputerNameW
GetTempPathW
GetSystemDirectoryW
GetSystemWow64DirectoryW
GetVolumePathNameW
HeapAlloc
GetSystemDefaultLangID
GetUserDefaultLangID
GetDateFormatW
GetSystemTime
InterlockedExchange
LoadLibraryW
InterlockedCompareExchange
GetExitCodeThread
CreateThread
SetEvent
WaitForMultipleObjects
CreateEventW
ProcessIdToSessionId
InterlockedIncrement
InterlockedDecrement
GetStringTypeW
SetFileAttributesW
FindClose
FindNextFileW
FindFirstFileW
CreateProcessW
SetCurrentDirectoryW
GetCurrentDirectoryW
GetExitCodeProcess
SetThreadExecutionState
CopyFileExW
HeapSetInformation
MapViewOfFile
CreateFileMappingW
CreateMutexW
SetEndOfFile
ResetEvent
SetFileTime
LocalFileTimeToFileTime
DosDateTimeToFileTime
CreateFileA
GetSystemTimeAsFileTime
VirtualFree
VirtualAlloc
DeleteFileW
GetThreadLocale
GetTimeZoneInformation
TerminateProcess
UnhandledExceptionFilter
SystemTimeToTzSpecificLocalTime
SystemTimeToFileTime
GlobalAlloc
IsProcessorFeaturePresent
GetTickCount
QueryPerformanceCounter
HeapCreate
SetLastError
EncodePointer
GetFileType
InitializeCriticalSectionAndSpinCount
SetHandleCount
GetEnvironmentStringsW
GlobalFree
MoveFileExW
CopyFileW
GetFileSizeEx
GetModuleHandleA
RaiseException
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
RtlUnwind
SetFilePointer
WideCharToMultiByte
GetConsoleCP
GetConsoleMode
HeapSize
HeapReAlloc
LCMapStringW
MultiByteToWideChar
SetStdHandle
WriteConsoleW
FlushFileBuffers
GetLocalTime
UnmapViewOfFile
IsDebuggerPresent
DuplicateHandle
HeapFree
FormatMessageW
GetTempFileNameW
GetWindowsDirectoryW
CompareStringA
FreeEnvironmentStringsW
GetModuleFileNameW
GetStdHandle
DecodePointer
ExitProcess
SetUnhandledExceptionFilter
GetStartupInfoW
GetCommandLineW
GetFullPathNameW
CreateDirectoryW
GetProcessHeap

cabinet

ord22
ord20
ord23

crypt32

CertGetCertificateContextProperty
CryptHashPublicKeyInfo

msi

ord88
ord17
ord125
ord116
ord115
ord118
ord8
ord171
ord205
ord45
ord137
ord141
ord238
ord190
ord169
ord90
ord173
ord111
ord70

rpcrt4

UuidCreate

wininet

InternetCloseHandle
HttpAddRequestHeadersW
HttpOpenRequestW
InternetErrorDlg
InternetReadFile
HttpSendRequestW
InternetSetOptionW
InternetOpenW
HttpQueryInfoW
InternetCrackUrlW
InternetConnectW

wintrust

WinVerifyTrust
WTHelperGetProvSignerFromChain
WTHelperProvDataFromStateData
CryptCATAdminCalcHashFromFileHandle

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

Sections

.text
Size: 229KB - Virtual size: 228KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 104KB - Virtual size: 104KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.wixburn
Size: 512B - Virtual size: 56B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ALL-IN-ONE/TroubleShoot/Runtimes/Installer/vcredist2015_2017_2019_2022_x64.exe
.exe windows:5 windows x86 arch:x86

1a5cdbf711fee14b077e599d13fddab2

Code Sign

33:00:00:03:a5:41:11:e8:f0:7f:be:0b:75:00:00:00:00:03:a5
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2023, 19:51

Not After

16/10/2024, 19:51

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08/07/2011, 20:59

Not After

08/07/2026, 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

5e:18:06:fe:03:84:bc:c9:9b:18:69:dd:02:f9:1c:4d:21:5e:1c:b6:9c:c2:01:d7:6c:82:c7:2b:73:76:55:23
Signer

Actual PE Digest

5e:18:06:fe:03:84:bc:c9:9b:18:69:dd:02:f9:1c:4d:21:5e:1c:b6:9c:c2:01:d7:6c:82:c7:2b:73:76:55:23

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP
IMAGE_FILE_NET_RUN_FROM_SWAP

PDB Paths

C:\agent\_work\8\s\build\ship\x86\burn.pdb

Imports

advapi32

RegCloseKey
RegOpenKeyExW
OpenProcessToken
AdjustTokenPrivileges
LookupPrivilegeValueW
InitiateSystemShutdownExW
GetUserNameW
RegQueryValueExW
RegDeleteValueW
ConvertStringSecurityDescriptorToSecurityDescriptorW
DecryptFileW
CreateWellKnownSid
InitializeAcl
SetEntriesInAclW
ChangeServiceConfigW
CloseServiceHandle
ControlService
OpenSCManagerW
OpenServiceW
QueryServiceStatus
SetNamedSecurityInfoW
CheckTokenMembership
AllocateAndInitializeSid
SetEntriesInAclA
SetSecurityDescriptorGroup
SetSecurityDescriptorOwner
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
RegSetValueExW
RegQueryInfoKeyW
RegEnumValueW
RegEnumKeyExW
RegDeleteKeyW
RegCreateKeyExW
GetTokenInformation
CryptDestroyHash
CryptHashData
CryptCreateHash
CryptGetHashParam
CryptReleaseContext
CryptAcquireContextW
QueryServiceConfigW

user32

GetMessageW
PostMessageW
IsWindow
WaitForInputIdle
PostQuitMessage
PeekMessageW
MsgWaitForMultipleObjects
PostThreadMessageW
GetMonitorInfoW
MonitorFromPoint
IsDialogMessageW
LoadCursorW
LoadBitmapW
SetWindowLongW
GetWindowLongW
GetCursorPos
MessageBoxW
CreateWindowExW
UnregisterClassW
RegisterClassW
DefWindowProcW
DispatchMessageW
TranslateMessage

oleaut32

SysFreeString
SysAllocString
VariantInit
VariantClear

gdi32

CreateCompatibleDC
DeleteObject
SelectObject
StretchBlt
GetObjectW
DeleteDC

shell32

SHGetFolderPathW
CommandLineToArgvW
ShellExecuteExW

ole32

CoUninitialize
CoInitializeEx
CoInitialize
StringFromGUID2
CoCreateInstance
CoTaskMemFree
CoInitializeSecurity
CLSIDFromProgID

kernel32

GetCommandLineA
GetCPInfo
GetOEMCP
CloseHandle
CreateFileW
GetProcAddress
LocalFree
HeapSetInformation
GetLastError
GetModuleHandleW
FormatMessageW
lstrlenA
lstrlenW
MultiByteToWideChar
WideCharToMultiByte
LCMapStringW
Sleep
GetLocalTime
GetModuleFileNameW
ExpandEnvironmentStringsW
GetTempPathW
GetTempFileNameW
CreateDirectoryW
GetFullPathNameW
CompareStringW
GetCurrentProcessId
WriteFile
SetFilePointer
LoadLibraryW
GetSystemDirectoryW
CreateFileA
HeapAlloc
HeapReAlloc
HeapFree
HeapSize
GetProcessHeap
FindClose
GetCommandLineW
GetCurrentDirectoryW
RemoveDirectoryW
SetFileAttributesW
GetFileAttributesW
DeleteFileW
FindFirstFileW
FindNextFileW
MoveFileExW
GetCurrentProcess
GetCurrentThreadId
InitializeCriticalSection
DeleteCriticalSection
ReleaseMutex
GetEnvironmentStringsW
TlsGetValue
TlsSetValue
TlsFree
CreateProcessW
GetVersionExW
VerSetConditionMask
FreeLibrary
EnterCriticalSection
LeaveCriticalSection
GetSystemTime
GetNativeSystemInfo
GetModuleHandleExW
GetWindowsDirectoryW
GetSystemWow64DirectoryW
GetComputerNameW
VerifyVersionInfoW
GetVolumePathNameW
GetDateFormatW
GetSystemDefaultLangID
GetUserDefaultLangID
GetStringTypeW
ReadFile
SetFilePointerEx
DuplicateHandle
InterlockedExchange
InterlockedCompareExchange
CreateEventW
ProcessIdToSessionId
OpenProcess
GetProcessId
WaitForSingleObject
ConnectNamedPipe
SetNamedPipeHandleState
CreateNamedPipeW
CreateThread
GetExitCodeThread
SetEvent
WaitForMultipleObjects
InterlockedIncrement
InterlockedDecrement
ResetEvent
SetEndOfFile
SetFileTime
LocalFileTimeToFileTime
DosDateTimeToFileTime
CompareStringA
GetExitCodeProcess
SetThreadExecutionState
CopyFileExW
MapViewOfFile
UnmapViewOfFile
CreateMutexW
CreateFileMappingW
GetThreadLocale
IsValidCodePage
FreeEnvironmentStringsW
TlsAlloc
SetStdHandle
GetConsoleCP
GetConsoleMode
FlushFileBuffers
DecodePointer
WriteConsoleW
GetModuleHandleA
GlobalAlloc
GlobalFree
GetFileSizeEx
CopyFileW
VirtualAlloc
VirtualFree
SystemTimeToTzSpecificLocalTime
GetTimeZoneInformation
SystemTimeToFileTime
GetSystemInfo
VirtualProtect
VirtualQuery
SetCurrentDirectoryW
FindFirstFileExW
GetFileType
GetACP
ExitProcess
GetStdHandle
LoadLibraryExW
InitializeCriticalSectionAndSpinCount
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
RaiseException
RtlUnwind
SetLastError
LoadLibraryExA

rpcrt4

UuidCreate

Sections

.text
Size: 294KB - Virtual size: 293KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 123KB - Virtual size: 122KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.wixburn
Size: 512B - Virtual size: 56B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 224B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ALL-IN-ONE/TroubleShoot/Runtimes/Installer/vcredist2015_2017_2019_2022_x86.exe
.exe windows:5 windows x86 arch:x86

1a5cdbf711fee14b077e599d13fddab2

Code Sign

33:00:00:03:a4:cb:e3:56:b8:cb:7f:e4:27:00:00:00:00:03:a4
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2023, 19:51

Not After

16/10/2024, 19:51

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08/07/2011, 20:59

Not After

08/07/2026, 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

f9:68:9d:02:1c:12:b1:a6:ba:e4:a5:a8:bd:49:d5:c8:01:52:9f:20:08:db:28:22:14:a9:53:1b:df:16:c3:86
Signer

Actual PE Digest

f9:68:9d:02:1c:12:b1:a6:ba:e4:a5:a8:bd:49:d5:c8:01:52:9f:20:08:db:28:22:14:a9:53:1b:df:16:c3:86

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP
IMAGE_FILE_NET_RUN_FROM_SWAP

PDB Paths

C:\agent\_work\8\s\build\ship\x86\burn.pdb

Imports

advapi32

RegCloseKey
RegOpenKeyExW
OpenProcessToken
AdjustTokenPrivileges
LookupPrivilegeValueW
InitiateSystemShutdownExW
GetUserNameW
RegQueryValueExW
RegDeleteValueW
ConvertStringSecurityDescriptorToSecurityDescriptorW
DecryptFileW
CreateWellKnownSid
InitializeAcl
SetEntriesInAclW
ChangeServiceConfigW
CloseServiceHandle
ControlService
OpenSCManagerW
OpenServiceW
QueryServiceStatus
SetNamedSecurityInfoW
CheckTokenMembership
AllocateAndInitializeSid
SetEntriesInAclA
SetSecurityDescriptorGroup
SetSecurityDescriptorOwner
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
RegSetValueExW
RegQueryInfoKeyW
RegEnumValueW
RegEnumKeyExW
RegDeleteKeyW
RegCreateKeyExW
GetTokenInformation
CryptDestroyHash
CryptHashData
CryptCreateHash
CryptGetHashParam
CryptReleaseContext
CryptAcquireContextW
QueryServiceConfigW

user32

GetMessageW
PostMessageW
IsWindow
WaitForInputIdle
PostQuitMessage
PeekMessageW
MsgWaitForMultipleObjects
PostThreadMessageW
GetMonitorInfoW
MonitorFromPoint
IsDialogMessageW
LoadCursorW
LoadBitmapW
SetWindowLongW
GetWindowLongW
GetCursorPos
MessageBoxW
CreateWindowExW
UnregisterClassW
RegisterClassW
DefWindowProcW
DispatchMessageW
TranslateMessage

oleaut32

SysFreeString
SysAllocString
VariantInit
VariantClear

gdi32

CreateCompatibleDC
DeleteObject
SelectObject
StretchBlt
GetObjectW
DeleteDC

shell32

SHGetFolderPathW
CommandLineToArgvW
ShellExecuteExW

ole32

CoUninitialize
CoInitializeEx
CoInitialize
StringFromGUID2
CoCreateInstance
CoTaskMemFree
CoInitializeSecurity
CLSIDFromProgID

kernel32

GetCommandLineA
GetCPInfo
GetOEMCP
CloseHandle
CreateFileW
GetProcAddress
LocalFree
HeapSetInformation
GetLastError
GetModuleHandleW
FormatMessageW
lstrlenA
lstrlenW
MultiByteToWideChar
WideCharToMultiByte
LCMapStringW
Sleep
GetLocalTime
GetModuleFileNameW
ExpandEnvironmentStringsW
GetTempPathW
GetTempFileNameW
CreateDirectoryW
GetFullPathNameW
CompareStringW
GetCurrentProcessId
WriteFile
SetFilePointer
LoadLibraryW
GetSystemDirectoryW
CreateFileA
HeapAlloc
HeapReAlloc
HeapFree
HeapSize
GetProcessHeap
FindClose
GetCommandLineW
GetCurrentDirectoryW
RemoveDirectoryW
SetFileAttributesW
GetFileAttributesW
DeleteFileW
FindFirstFileW
FindNextFileW
MoveFileExW
GetCurrentProcess
GetCurrentThreadId
InitializeCriticalSection
DeleteCriticalSection
ReleaseMutex
GetEnvironmentStringsW
TlsGetValue
TlsSetValue
TlsFree
CreateProcessW
GetVersionExW
VerSetConditionMask
FreeLibrary
EnterCriticalSection
LeaveCriticalSection
GetSystemTime
GetNativeSystemInfo
GetModuleHandleExW
GetWindowsDirectoryW
GetSystemWow64DirectoryW
GetComputerNameW
VerifyVersionInfoW
GetVolumePathNameW
GetDateFormatW
GetSystemDefaultLangID
GetUserDefaultLangID
GetStringTypeW
ReadFile
SetFilePointerEx
DuplicateHandle
InterlockedExchange
InterlockedCompareExchange
CreateEventW
ProcessIdToSessionId
OpenProcess
GetProcessId
WaitForSingleObject
ConnectNamedPipe
SetNamedPipeHandleState
CreateNamedPipeW
CreateThread
GetExitCodeThread
SetEvent
WaitForMultipleObjects
InterlockedIncrement
InterlockedDecrement
ResetEvent
SetEndOfFile
SetFileTime
LocalFileTimeToFileTime
DosDateTimeToFileTime
CompareStringA
GetExitCodeProcess
SetThreadExecutionState
CopyFileExW
MapViewOfFile
UnmapViewOfFile
CreateMutexW
CreateFileMappingW
GetThreadLocale
IsValidCodePage
FreeEnvironmentStringsW
TlsAlloc
SetStdHandle
GetConsoleCP
GetConsoleMode
FlushFileBuffers
DecodePointer
WriteConsoleW
GetModuleHandleA
GlobalAlloc
GlobalFree
GetFileSizeEx
CopyFileW
VirtualAlloc
VirtualFree
SystemTimeToTzSpecificLocalTime
GetTimeZoneInformation
SystemTimeToFileTime
GetSystemInfo
VirtualProtect
VirtualQuery
SetCurrentDirectoryW
FindFirstFileExW
GetFileType
GetACP
ExitProcess
GetStdHandle
LoadLibraryExW
InitializeCriticalSectionAndSpinCount
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
RaiseException
RtlUnwind
SetLastError
LoadLibraryExA

rpcrt4

UuidCreate

Sections

.text
Size: 294KB - Virtual size: 293KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 123KB - Virtual size: 122KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.wixburn
Size: 512B - Virtual size: 56B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 224B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ALL-IN-ONE/TroubleShoot/Runtimes/ReadMe.txt

Sharing

General

Malware Config

Signatures

Files

dae02f32a21e03ce65412f6e56942daa

Code Sign

7a:98:1b:7d:3e:b4:86:bb:45:84:c4:3c:c9:a8:3f:dbCertificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16Certificate

Extended Key Usages

Key Usages

5e:00:a7:1b:7e:46:57:12:de:98:da:e3:8d:91:ea:26:6d:ef:71:eeSigner

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 2.1MB - Virtual size: 2.1MB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 12B

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mscoree

Sections

.text Size: 45.7MB - Virtual size: 45.7MB

.rsrc Size: 4KB - Virtual size: 4KB

.reloc Size: 512B - Virtual size: 12B

6a91eb82bfd19d2706c7d43c46f7064e

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

shell32

advapi32

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-math-l1-1-0

Sections

.text Size: 90KB - Virtual size: 90KB

.rdata Size: 37KB - Virtual size: 37KB

.data Size: 2KB - Virtual size: 6KB

.pdata Size: 5KB - Virtual size: 4KB

_RDATA Size: 512B - Virtual size: 500B

.reloc Size: 1024B - Virtual size: 792B

.rsrc Size: 4KB - Virtual size: 4KB

01c801a34c4715440ef1f25ad689b315

Code Sign

33:00:00:01:36:1b:d9:a8:16:fd:b8:e9:32:00:00:00:00:01:36Certificate

Extended Key Usages

33:00:00:01:52:9b:40:9f:50:56:99:75:88:00:00:00:00:01:52Certificate

Extended Key Usages

61:16:68:34:00:00:00:00:00:1cCertificate

Extended Key Usages

Key Usages

61:0e:90:d2:00:00:00:00:00:03Certificate

Key Usages

33:00:00:01:52:9b:40:9f:50:56:99:75:88:00:00:00:00:01:52Certificate

Extended Key Usages

61:0e:90:d2:00:00:00:00:00:03Certificate

Key Usages

6d:f2:ce:f0:6b:33:91:c2:a5:5c:2f:44:e4:21:54:88:e8:09:31:05:76:a9:0a:7c:5c:8e:01:93:9a:da:80:3cSigner

48:83:9f:3f:80:32:1f:c8:5c:fa:be:ca:d8:b4:84:f6:ea:7e:86:dfSigner

7a:98:1b:7d:3e:b4:86:bb:45:84:c4:3c:c9:a8:3f:db
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

5e:00:a7:1b:7e:46:57:12:de:98:da:e3:8d:91:ea:26:6d:ef:71:ee
Signer

.text
Size: 2.1MB - Virtual size: 2.1MB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 45.7MB - Virtual size: 45.7MB

.rsrc
Size: 4KB - Virtual size: 4KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 90KB - Virtual size: 90KB

.rdata
Size: 37KB - Virtual size: 37KB

.data
Size: 2KB - Virtual size: 6KB

.pdata
Size: 5KB - Virtual size: 4KB

_RDATA
Size: 512B - Virtual size: 500B

.reloc
Size: 1024B - Virtual size: 792B

.rsrc
Size: 4KB - Virtual size: 4KB

33:00:00:01:36:1b:d9:a8:16:fd:b8:e9:32:00:00:00:00:01:36
Certificate

33:00:00:01:52:9b:40:9f:50:56:99:75:88:00:00:00:00:01:52
Certificate

61:16:68:34:00:00:00:00:00:1c
Certificate

61:0e:90:d2:00:00:00:00:00:03
Certificate

33:00:00:01:52:9b:40:9f:50:56:99:75:88:00:00:00:00:01:52
Certificate

61:0e:90:d2:00:00:00:00:00:03
Certificate

6d:f2:ce:f0:6b:33:91:c2:a5:5c:2f:44:e4:21:54:88:e8:09:31:05:76:a9:0a:7c:5c:8e:01:93:9a:da:80:3c
Signer

48:83:9f:3f:80:32:1f:c8:5c:fa:be:ca:d8:b4:84:f6:ea:7e:86:df
Signer

.text
Size: 336KB - Virtual size: 335KB

.rdata
Size: 194KB - Virtual size: 194KB

.data
Size: 8KB - Virtual size: 14KB

.pdata
Size: 15KB - Virtual size: 14KB

.didat
Size: 512B - Virtual size: 104B

.rsrc
Size: 1024B - Virtual size: 1000B

.reloc
Size: 3KB - Virtual size: 3KB

.text
Size: 1.3MB - Virtual size: 1.3MB

.rdata
Size: 350KB - Virtual size: 350KB

.data
Size: 9KB - Virtual size: 22KB

.pdata
Size: 49KB - Virtual size: 48KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 3KB - Virtual size: 2KB