FATXplorerBeta64[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

FATXplorerBeta64.zip
Size

33.4MB
MD5

10cec4de1d25ee9d86381fd4a74d86a6
SHA1

eab5eda7c935f76d9631c9371418ab689c162f80
SHA256

483cab96fd88c5ae91600ccbd76e4d439dfc03fdddf9acc8a51c84afb346ec1a
SHA512

25ef3c5957f68be7320c677c537b2cf51fb200513d28338c8d9fd8e598f5713d8061d07186d5653ead53ff09a49989c558ca8dc21933cb9f681a095f756e6696
SSDEEP

786432:t1Czlfrj2Vcvo5aEWnYii1rrhxZwMY52cgz7Oogo:bCpzi9aEWYfrXY52cgzz

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/FATXplorer\ServiceStack.Text.dll
unpack001/FATXplorer\callback.CBFSConnect.dll

Files

FATXplorerBeta64.zip
.zip
FATXplorer\DevExpress.Data.Desktop.v23.2.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Code Sign

04:85:cc:3c:f8:6b:2c:ad:3f:d2:9a:61:1c:55:d5:dd
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

19/12/2022, 00:00

Not After

24/01/2026, 23:59

Subject

CN=Developer Express Inc.,O=Developer Express Inc.,L=Glendale,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

25:d8:69:78:c3:b0:d2:6d:39:d2:01:74:0c:00:7b:8f:8f:e9:64:70:ba:ac:7a:3e:e2:a4:c1:13:25:42:3c:21
Signer

Actual PE Digest

25:d8:69:78:c3:b0:d2:6d:39:d2:01:74:0c:00:7b:8f:8f:e9:64:70:ba:ac:7a:3e:e2:a4:c1:13:25:42:3c:21

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

Win\DevExpress.Data.Desktop\DevExpress.Data.Desktop\obj.NCD\DevExpress.Data.Desktop.v23.2.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 963KB - Virtual size: 963KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
FATXplorer\DevExpress.Data.v23.2.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Code Sign

04:85:cc:3c:f8:6b:2c:ad:3f:d2:9a:61:1c:55:d5:dd
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

19/12/2022, 00:00

Not After

24/01/2026, 23:59

Subject

CN=Developer Express Inc.,O=Developer Express Inc.,L=Glendale,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

58:3e:f4:46:08:77:40:7f:e0:d4:d0:ab:8a:c7:ed:2f:ac:92:b9:d3:c8:89:60:e3:1f:18:ec:8b:a8:0a:c2:b2
Signer

Actual PE Digest

58:3e:f4:46:08:77:40:7f:e0:d4:d0:ab:8a:c7:ed:2f:ac:92:b9:d3:c8:89:60:e3:1f:18:ec:8b:a8:0a:c2:b2

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

Win\DevExpress.Data\obj.NC\DevExpress.Data.v23.2.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 5.2MB - Virtual size: 5.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
FATXplorer\DevExpress.Drawing.v23.2.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Code Sign

04:85:cc:3c:f8:6b:2c:ad:3f:d2:9a:61:1c:55:d5:dd
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

19/12/2022, 00:00

Not After

24/01/2026, 23:59

Subject

CN=Developer Express Inc.,O=Developer Express Inc.,L=Glendale,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

05:45:9a:c9:51:df:8b:7a:93:38:a9:50:16:98:ef:eb:16:78:39:ea:90:ac:53:1c:47:4a:c1:95:30:13:92:65
Signer

Actual PE Digest

05:45:9a:c9:51:df:8b:7a:93:38:a9:50:16:98:ef:eb:16:78:39:ea:90:ac:53:1c:47:4a:c1:95:30:13:92:65

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

Win\DevExpress.Drawing\DevExpress.Drawing\obj.NC\DevExpress.Drawing.v23.2.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 980KB - Virtual size: 979KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
FATXplorer\DevExpress.Printing.v23.2.Core.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Code Sign

04:85:cc:3c:f8:6b:2c:ad:3f:d2:9a:61:1c:55:d5:dd
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

19/12/2022, 00:00

Not After

24/01/2026, 23:59

Subject

CN=Developer Express Inc.,O=Developer Express Inc.,L=Glendale,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

44:b7:18:72:8d:7e:8d:41:3d:dc:ee:e0:62:2d:f9:a2:f1:51:83:a0:37:44:e0:90:57:b0:c9:ab:13:af:95:e4
Signer

Actual PE Digest

44:b7:18:72:8d:7e:8d:41:3d:dc:ee:e0:62:2d:f9:a2:f1:51:83:a0:37:44:e0:90:57:b0:c9:ab:13:af:95:e4

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

Win\DevExpress.XtraPrinting\DevExpress.Printing.Core\obj.NC\DevExpress.Printing.v23.2.Core.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 4.4MB - Virtual size: 4.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
FATXplorer\DevExpress.Utils.v23.2.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Code Sign

04:85:cc:3c:f8:6b:2c:ad:3f:d2:9a:61:1c:55:d5:dd
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

19/12/2022, 00:00

Not After

24/01/2026, 23:59

Subject

CN=Developer Express Inc.,O=Developer Express Inc.,L=Glendale,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

fe:c8:db:fb:e6:3a:7c:5c:fd:7c:92:51:b6:5a:0e:fc:b3:af:5d:a7:16:b1:9a:cb:24:2e:e0:53:72:16:fa:88
Signer

Actual PE Digest

fe:c8:db:fb:e6:3a:7c:5c:fd:7c:92:51:b6:5a:0e:fc:b3:af:5d:a7:16:b1:9a:cb:24:2e:e0:53:72:16:fa:88

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

Win\DevExpress.Utils\obj.NCD\DevExpress.Utils.v23.2.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 19.5MB - Virtual size: 19.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
FATXplorer\DevExpress.XtraBars.v23.2.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Code Sign

04:85:cc:3c:f8:6b:2c:ad:3f:d2:9a:61:1c:55:d5:dd
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

19/12/2022, 00:00

Not After

24/01/2026, 23:59

Subject

CN=Developer Express Inc.,O=Developer Express Inc.,L=Glendale,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

9a:76:30:85:65:64:fd:37:07:fd:df:10:76:35:79:99:83:b2:4d:de:75:05:bb:40:bc:04:97:3d:8e:25:b5:b7
Signer

Actual PE Digest

9a:76:30:85:65:64:fd:37:07:fd:df:10:76:35:79:99:83:b2:4d:de:75:05:bb:40:bc:04:97:3d:8e:25:b5:b7

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

Win\DevExpress.XtraBars\DevExpress.XtraBars\obj.NCD\DevExpress.XtraBars.v23.2.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 6.6MB - Virtual size: 6.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
FATXplorer\DevExpress.XtraEditors.v23.2.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Code Sign

04:85:cc:3c:f8:6b:2c:ad:3f:d2:9a:61:1c:55:d5:dd
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

19/12/2022, 00:00

Not After

24/01/2026, 23:59

Subject

CN=Developer Express Inc.,O=Developer Express Inc.,L=Glendale,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

23:47:f6:13:06:37:70:7f:9b:81:45:94:e7:dd:d9:82:1c:3a:0d:e7:99:71:1c:e3:04:e1:94:92:46:8b:25:b6
Signer

Actual PE Digest

23:47:f6:13:06:37:70:7f:9b:81:45:94:e7:dd:d9:82:1c:3a:0d:e7:99:71:1c:e3:04:e1:94:92:46:8b:25:b6

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

Win\DevExpress.XtraEditors\DevExpress.XtraEditors\obj.NCD\DevExpress.XtraEditors.v23.2.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 7.8MB - Virtual size: 7.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
FATXplorer\DevExpress.XtraLayout.v23.2.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Code Sign

04:85:cc:3c:f8:6b:2c:ad:3f:d2:9a:61:1c:55:d5:dd
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

19/12/2022, 00:00

Not After

24/01/2026, 23:59

Subject

CN=Developer Express Inc.,O=Developer Express Inc.,L=Glendale,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

2e:8d:f1:13:fc:21:89:b7:a2:38:bf:8f:01:2e:aa:73:a7:08:03:ea:ce:5b:ef:86:ed:03:61:ed:43:68:e2:e3
Signer

Actual PE Digest

2e:8d:f1:13:fc:21:89:b7:a2:38:bf:8f:01:2e:aa:73:a7:08:03:ea:ce:5b:ef:86:ed:03:61:ed:43:68:e2:e3

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

Win\DevExpress.XtraLayout\DevExpress.XtraLayout\obj.NCD\DevExpress.XtraLayout.v23.2.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 2.1MB - Virtual size: 2.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
FATXplorer\DevExpress.XtraWizard.v23.2.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Code Sign

04:85:cc:3c:f8:6b:2c:ad:3f:d2:9a:61:1c:55:d5:dd
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

19/12/2022, 00:00

Not After

24/01/2026, 23:59

Subject

CN=Developer Express Inc.,O=Developer Express Inc.,L=Glendale,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

4b:25:ac:77:76:d3:9f:36:bf:3d:c4:44:79:45:aa:6c:92:8a:88:52:ad:44:1d:c0:51:cc:67:fe:f1:a8:40:78
Signer

Actual PE Digest

4b:25:ac:77:76:d3:9f:36:bf:3d:c4:44:79:45:aa:6c:92:8a:88:52:ad:44:1d:c0:51:cc:67:fe:f1:a8:40:78

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

Win\DevExpress.XtraWizard\DevExpress.XtraWizard\obj.NCD\DevExpress.XtraWizard.v23.2.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 91KB - Virtual size: 90KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
FATXplorer\FATXplorer.deps.json
FATXplorer\FATXplorer.dll
.exe windows:4 windows x64 arch:x64

Code Sign

45:0c:c7:17:67:89:2d:d0:46:59:8a:b5:04:99:69:9f
Certificate

Issuer

CN=Certum Code Signing 2021 CA,O=Asseco Data Systems S.A.,C=PL

Not Before

11/04/2024, 07:37

Not After

11/04/2027, 07:37

Subject

CN=Eaton Zveare,O=Eaton Zveare,ST=Florida,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

99:a3:80:0a:26:55:3b:65:ab:dc:6e:84:a6:b3:ea:39
Certificate

Issuer

CN=Certum Trusted Network CA 2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

19/05/2021, 05:32

Not After

18/05/2036, 05:32

Subject

CN=Certum Code Signing 2021 CA,O=Asseco Data Systems S.A.,C=PL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

09:c5:cc:f8:bb:66:7d:71:37:aa:c1:59:80:06:cb:31
Certificate

Issuer

CN=Certum Timestamping 2021 CA,O=Asseco Data Systems S.A.,C=PL

Not Before

02/11/2023, 08:32

Not After

30/10/2034, 08:32

Subject

CN=Certum Timestamp 2023,O=Asseco Data Systems S.A.,C=PL

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

e7:ff:69:c7:3b:35:ce:4b:91:26:d8:74:7c:68:a5:87
Certificate

Issuer

CN=Certum Trusted Network CA 2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

19/05/2021, 05:32

Not After

18/05/2036, 05:32

Subject

CN=Certum Timestamping 2021 CA,O=Asseco Data Systems S.A.,C=PL

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1b:b5:8f:25:2a:df:23:00:49:28:c9:ae:3d:7e:ed:27
Certificate

Issuer

CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

31/05/2021, 06:43

Not After

17/09/2029, 06:43

Subject

CN=Certum Trusted Network CA 2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

99:70:5f:9d:fd:5f:a2:41:af:3a:ef:40:62:dd:f2:4e:72:e1:90:6b:14:0c:ed:29:64:5c:2e:0c:02:ae:39:0d
Signer

Actual PE Digest

99:70:5f:9d:fd:5f:a2:41:af:3a:ef:40:62:dd:f2:4e:72:e1:90:6b:14:0c:ed:29:64:5c:2e:0c:02:ae:39:0d

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

.text
Size: 2.0MB - Virtual size: 2.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 282KB - Virtual size: 282KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
FATXplorer\FATXplorer.exe
.exe windows:6 windows x64 arch:x64

6a91eb82bfd19d2706c7d43c46f7064e

Code Sign

45:0c:c7:17:67:89:2d:d0:46:59:8a:b5:04:99:69:9f
Certificate

Issuer

CN=Certum Code Signing 2021 CA,O=Asseco Data Systems S.A.,C=PL

Not Before

11/04/2024, 07:37

Not After

11/04/2027, 07:37

Subject

CN=Eaton Zveare,O=Eaton Zveare,ST=Florida,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

99:a3:80:0a:26:55:3b:65:ab:dc:6e:84:a6:b3:ea:39
Certificate

Issuer

CN=Certum Trusted Network CA 2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

19/05/2021, 05:32

Not After

18/05/2036, 05:32

Subject

CN=Certum Code Signing 2021 CA,O=Asseco Data Systems S.A.,C=PL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

09:c5:cc:f8:bb:66:7d:71:37:aa:c1:59:80:06:cb:31
Certificate

Issuer

CN=Certum Timestamping 2021 CA,O=Asseco Data Systems S.A.,C=PL

Not Before

02/11/2023, 08:32

Not After

30/10/2034, 08:32

Subject

CN=Certum Timestamp 2023,O=Asseco Data Systems S.A.,C=PL

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

e7:ff:69:c7:3b:35:ce:4b:91:26:d8:74:7c:68:a5:87
Certificate

Issuer

CN=Certum Trusted Network CA 2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

19/05/2021, 05:32

Not After

18/05/2036, 05:32

Subject

CN=Certum Timestamping 2021 CA,O=Asseco Data Systems S.A.,C=PL

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1b:b5:8f:25:2a:df:23:00:49:28:c9:ae:3d:7e:ed:27
Certificate

Issuer

CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

31/05/2021, 06:43

Not After

17/09/2029, 06:43

Subject

CN=Certum Trusted Network CA 2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

ff:5e:28:60:0e:91:aa:cb:e9:f9:76:4f:8c:3b:c8:d3:80:1d:4c:9b:25:bc:89:e6:e0:6b:d3:79:2c:ac:7d:2a
Signer

Actual PE Digest

ff:5e:28:60:0e:91:aa:cb:e9:f9:76:4f:8c:3b:c8:d3:80:1d:4c:9b:25:bc:89:e6:e0:6b:d3:79:2c:ac:7d:2a

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

D:\a\_work\1\s\artifacts\obj\win-x64.Release\corehost\apphost\standalone\apphost.pdb

Imports

kernel32

FreeLibrary
LoadLibraryExW
OutputDebugStringW
FindFirstFileExW
EnterCriticalSection
GetFullPathNameW
FindNextFileW
GetCurrentProcess
GetModuleHandleExW
GetModuleFileNameW
LeaveCriticalSection
GetEnvironmentVariableW
GetModuleHandleW
MultiByteToWideChar
GetFileAttributesExW
LoadLibraryA
DeleteCriticalSection
WideCharToMultiByte
IsWow64Process
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
GetProcAddress
GetWindowsDirectoryW
FindResourceW
GetLastError
ActivateActCtx
FindClose
CreateActCtxW
SetLastError
RaiseException
RtlPcToFileHeader
RtlUnwindEx
InitializeSListHead
GetCurrentProcessId
IsDebuggerPresent
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetStringTypeW
SwitchToThread
GetCurrentThreadId
InitializeCriticalSectionEx
EncodePointer
DecodePointer
LCMapStringEx
QueryPerformanceCounter
GetSystemTimeAsFileTime

user32

MessageBoxW

shell32

ShellExecuteW

advapi32

RegOpenKeyExW
RegGetValueW
DeregisterEventSource
RegisterEventSourceW
ReportEventW
RegCloseKey

api-ms-win-crt-runtime-l1-1-0

_invalid_parameter_noinfo_noreturn
_exit
exit
_initterm_e
_initterm
_get_initial_wide_environment
_initialize_wide_environment
_configure_wide_argv
_set_app_type
_seh_filter_exe
_cexit
_crt_atexit
_register_onexit_function
_initialize_onexit_table
_errno
abort
__p___wargv
_c_exit
_register_thread_local_exe_atexit_callback
terminate
__p___argc

api-ms-win-crt-stdio-l1-1-0

__acrt_iob_func
fputwc
__p__commode
_set_fmode
fputws
_wfsopen
fflush
__stdio_common_vfwprintf
__stdio_common_vsnwprintf_s
__stdio_common_vswprintf
setvbuf

api-ms-win-crt-heap-l1-1-0

calloc
_set_new_mode
free
_callnewh
malloc

api-ms-win-crt-string-l1-1-0

toupper
_wcsdup
wcsncmp
wcsnlen
strcpy_s

api-ms-win-crt-convert-l1-1-0

wcstoul
_wtoi

api-ms-win-crt-time-l1-1-0

_gmtime64_s
_time64
wcsftime

api-ms-win-crt-locale-l1-1-0

setlocale
___mb_cur_max_func
_configthreadlocale
___lc_codepage_func
___lc_locale_name_func
__pctype_func
_lock_locales
_unlock_locales

api-ms-win-crt-math-l1-1-0

__setusermatherr

Sections

.text
Size: 90KB - Virtual size: 90KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 37KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 500B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 792B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 282KB - Virtual size: 282KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
FATXplorer\FATXplorer.runtimeconfig.json
FATXplorer\ServiceStack.Text.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

ServiceStack.Text.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 737KB - Virtual size: 736KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1020B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
FATXplorer\System.Management.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Code Sign

33:00:00:03:7b:a1:0a:3e:cb:66:e9:01:c0:00:00:00:00:03:7b
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

11/05/2023, 19:03

Not After

08/05/2024, 19:03

Subject

CN=.NET,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08/07/2011, 20:59

Not After

08/07/2026, 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

49:77:8d:dc:15:13:5f:8d:f7:74:af:cd:a0:90:66:08:03:f3:bf:ee:4b:1b:24:2b:69:b4:8c:4e:9f:11:64:aa
Signer

Actual PE Digest

49:77:8d:dc:15:13:5f:8d:f7:74:af:cd:a0:90:66:08:03:f3:bf:ee:4b:1b:24:2b:69:b4:8c:4e:9f:11:64:aa

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

/_/artifacts/obj/System.Management/Release/net8.0-windows/System.Management.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 291KB - Virtual size: 291KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
FATXplorer\XL Both Patches\VERSION_INFO
FATXplorer\XL Both Patches\_glitch.ini
FATXplorer\XL Both Patches\_glitch2.ini
FATXplorer\XL Both Patches\_glitch2m.ini
FATXplorer\XL Both Patches\_jtag.ini
FATXplorer\XL Both Patches\bin\patches_falcon.bin
FATXplorer\XL Both Patches\bin\patches_fat.bin
FATXplorer\XL Both Patches\bin\patches_g2corona.bin
FATXplorer\XL Both Patches\bin\patches_g2corona_WB.bin
FATXplorer\XL Both Patches\bin\patches_g2corona_WB4G.bin
FATXplorer\XL Both Patches\bin\patches_g2falcon.bin
FATXplorer\XL Both Patches\bin\patches_g2jasper.bin
FATXplorer\XL Both Patches\bin\patches_g2mcorona.bin
FATXplorer\XL Both Patches\bin\patches_g2mcorona_WB.bin
FATXplorer\XL Both Patches\bin\patches_g2mcorona_WB4G.bin
FATXplorer\XL Both Patches\bin\patches_g2mtrinity.bin
FATXplorer\XL Both Patches\bin\patches_g2trinity.bin
FATXplorer\XL Both Patches\bin\patches_g2zephyr.bin
FATXplorer\XL Both Patches\bin\patches_jasper.bin
FATXplorer\XL Both Patches\bin\patches_trinity.bin
FATXplorer\XL Both Patches\bin\patches_xenon.bin
FATXplorer\XL Both Patches\bin\patches_zephyr.bin
FATXplorer\XL Both Patches\xam.xex
FATXplorer\XL HDD Patches\VERSION_INFO
FATXplorer\XL HDD Patches\_glitch.ini
FATXplorer\XL HDD Patches\_glitch2.ini
FATXplorer\XL HDD Patches\_glitch2m.ini
FATXplorer\XL HDD Patches\_jtag.ini
FATXplorer\XL HDD Patches\bin\patches_falcon.bin
FATXplorer\XL HDD Patches\bin\patches_fat.bin
FATXplorer\XL HDD Patches\bin\patches_g2corona.bin
FATXplorer\XL HDD Patches\bin\patches_g2corona_WB.bin
FATXplorer\XL HDD Patches\bin\patches_g2corona_WB4G.bin
FATXplorer\XL HDD Patches\bin\patches_g2falcon.bin
FATXplorer\XL HDD Patches\bin\patches_g2jasper.bin
FATXplorer\XL HDD Patches\bin\patches_g2mcorona.bin
FATXplorer\XL HDD Patches\bin\patches_g2mcorona_WB.bin
FATXplorer\XL HDD Patches\bin\patches_g2mcorona_WB4G.bin
FATXplorer\XL HDD Patches\bin\patches_g2mtrinity.bin
FATXplorer\XL HDD Patches\bin\patches_g2trinity.bin
FATXplorer\XL HDD Patches\bin\patches_g2zephyr.bin
FATXplorer\XL HDD Patches\bin\patches_jasper.bin
FATXplorer\XL HDD Patches\bin\patches_trinity.bin
FATXplorer\XL HDD Patches\bin\patches_xenon.bin
FATXplorer\XL HDD Patches\bin\patches_zephyr.bin
FATXplorer\XL HDD Patches\xam.xex
FATXplorer\XL USB Patches\VERSION_INFO
FATXplorer\XL USB Patches\_glitch.ini
FATXplorer\XL USB Patches\_glitch2.ini
FATXplorer\XL USB Patches\_glitch2m.ini
FATXplorer\XL USB Patches\_jtag.ini
FATXplorer\XL USB Patches\bin\patches_falcon.bin
FATXplorer\XL USB Patches\bin\patches_fat.bin
FATXplorer\XL USB Patches\bin\patches_g2corona.bin
FATXplorer\XL USB Patches\bin\patches_g2corona_WB.bin
FATXplorer\XL USB Patches\bin\patches_g2corona_WB4G.bin
FATXplorer\XL USB Patches\bin\patches_g2falcon.bin
FATXplorer\XL USB Patches\bin\patches_g2jasper.bin
FATXplorer\XL USB Patches\bin\patches_g2mcorona.bin
FATXplorer\XL USB Patches\bin\patches_g2mcorona_WB.bin
FATXplorer\XL USB Patches\bin\patches_g2mcorona_WB4G.bin
FATXplorer\XL USB Patches\bin\patches_g2mtrinity.bin
FATXplorer\XL USB Patches\bin\patches_g2trinity.bin
FATXplorer\XL USB Patches\bin\patches_g2zephyr.bin
FATXplorer\XL USB Patches\bin\patches_jasper.bin
FATXplorer\XL USB Patches\bin\patches_trinity.bin
FATXplorer\XL USB Patches\bin\patches_xenon.bin
FATXplorer\XL USB Patches\bin\patches_zephyr.bin
FATXplorer\XL USB Patches\xam.xex
FATXplorer\callback.CBFSConnect.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

mscoree

_CorDllMain

Sections

.text
Size: 490KB - Virtual size: 489KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
FATXplorer\cbfs.cab
.cab
arm64/cbfs22.sys
arm64/cbfsShellHelper22.dll
arm64/cbfspnpbus.cat
arm64/cbfspnpbus.inf
arm64/cbfspnpbus.sys
arm64/wow64sup.exe
cbfsEvtMsg.dll
.dll windows:6 windows x86 arch:x86

Code Sign

06:16:a2:e9:d6:d7:2a:0c:d4:b6:c0:e3:b8:18:c0:db
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

31/08/2023, 00:00

Not After

01/09/2026, 23:59

Subject

SERIALNUMBER=1572249,CN=Callback Technologies\, Inc.,O=Callback Technologies\, Inc.,L=Chapel Hill,ST=North Carolina,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130e4e6f727468204361726f6c696e61,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

d0:28:c2:75:16:63:24:91:21:d3:97:02:16:d6:ba:e6:79:2e:a1:94:92:ee:08:b1:c5:2c:71:3c:d1:4e:bb:6c
Signer

Actual PE Digest

d0:28:c2:75:16:63:24:91:21:d3:97:02:16:d6:ba:e6:79:2e:a1:94:92:ee:08:b1:c5:2c:71:3c:d1:4e:bb:6c

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\Dev\CBT\v22\code\DriverLibraries\EventLog\msgdll\Release\CBFSEvtMsg.pdb

Sections

.rdata
Size: 512B - Virtual size: 288B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
i386/SHA1/cbfs22.sys
.sys windows:10 windows x86 arch:x86

e0e7a82287841804d9e0c3db2f063ebf

Code Sign

33:00:00:00:62:f4:5c:f9:9e:58:a9:6a:89:00:00:00:00:00:62
Certificate

Issuer

CN=Microsoft Windows Third Party Component CA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

06/04/2023, 19:16

Not After

03/04/2024, 19:16

Subject

CN=Microsoft Windows Hardware Compatibility Publisher,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

33:00:00:00:0d:69:0d:5d:78:93:d0:76:df:00:00:00:00:00:0d
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/10/2014, 20:31

Not After

15/10/2029, 20:41

Subject

CN=Microsoft Windows Third Party Component CA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

92:fa:cb:73:fe:2f:7a:4e:4e:d5:e7:43:40:1f:f5:b7:bb:a6:bc:05:94:32:2f:5a:8f:4d:79:57:d5:db:aa:55
Signer

Actual PE Digest

92:fa:cb:73:fe:2f:7a:4e:4e:d5:e7:43:40:1f:f5:b7:bb:a6:bc:05:94:32:2f:5a:8f:4d:79:57:d5:db:aa:55

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Dev\CBT\v22\code\CBFSConnect\ccore\cbfs\kmode\Release\cbfs22.pdb

Imports

ntoskrnl.exe

IoBuildAsynchronousFsdRequest
IofCallDriver
IoFreeIrp
IoFreeMdl
CcInitializeCacheMap
CcSetDirtyPageThreshold
CcMdlReadComplete
CcMdlWriteComplete
CcSetAdditionalCacheAttributes
KeEnterCriticalRegion
KeLeaveCriticalRegion
KeQuerySystemTime
ExAcquireResourceExclusiveLite
ExReleaseResourceLite
IofCompleteRequest
IoRemoveShareAccess
IoSetTopLevelIrp
IoAcquireVpbSpinLock
IoGetRequestorProcess
IoReleaseVpbSpinLock
MmFlushImageSection
FsRtlFastUnlockAll
FsRtlCheckOplock
FsRtlOplockIsFastIoPossible
FsRtlNotifyVolumeEvent
FsRtlNotifyFullChangeDirectory
FsRtlNotifyCleanup
CcUninitializeCacheMap
CcPurgeCacheSection
CcFlushCache
KeGetCurrentThread
KeDelayExecutionThread
KeSetTimer
ExAcquireFastMutexUnsafe
ExReleaseFastMutexUnsafe
ExGetExclusiveWaiterCount
ExGetSharedWaiterCount
IoQueueWorkItem
ObfReferenceObject
ObfDereferenceObject
RtlAppendUnicodeStringToString
RtlLengthSecurityDescriptor
IoCheckShareAccess
IoSetShareAccess
IoUpdateShareAccess
ZwClose
SeSinglePrivilegeCheck
PsGetCurrentThreadId
PsGetProcessId
PsGetThreadId
IoIsOperationSynchronous
IoThreadToProcess
MmCanFileBeTruncated
FsRtlOplockFsctrl
FsRtlCurrentBatchOplock
FsRtlDoesNameContainWildCards
CcSetFileSizes
CcIsThereDirtyData
memmove
MmProbeAndLockPages
MmUnlockPages
MmMapLockedPagesSpecifyCache
ObQueryNameString
ExFreePoolWithTag
IoBuildDeviceIoControlRequest
ExAcquireResourceSharedLite
ObReferenceObjectByHandle
ZwOpenFile
KeStackAttachProcess
KeUnstackDetachProcess
IoFileObjectType
MmHighestUserAddress
ExIsResourceAcquiredSharedLite
ExLocalTimeToSystemTime
IoGetRelatedDeviceObject
IoGetTopLevelIrp
FsRtlCopyRead
FsRtlCopyWrite
FsRtlFastCheckLockForRead
FsRtlFastCheckLockForWrite
FsRtlFastUnlockSingle
FsRtlFastUnlockAllByKey
FsRtlPrivateLock
CcCanIWrite
RtlAppendUnicodeToString
ExConvertExclusiveToSharedLite
ExIsResourceAcquiredExclusiveLite
FsRtlAreNamesEqual
ZwQueryDirectoryFile
MmForceSectionClosed
RtlInitUnicodeString
KeInitializeSpinLock
ExQueueWorkItem
IoAttachDeviceToDeviceStack
IoCreateDevice
IoDeleteDevice
IoDetachDevice
IoBuildSynchronousFsdRequest
RtlCompareMemory
KeQueryTimeIncrement
ProbeForRead
ObOpenObjectByPointer
FsRtlNormalizeNtstatus
FsRtlIsNtstatusExpected
FsRtlInitializeOplock
FsRtlUninitializeOplock
FsRtlNotifyFullReportChange
MmBuildMdlForNonPagedPool
CcWaitForCurrentLazyWriterActivity
_aulldiv
_aullrem
KeTickCount
IoAllocateIrp
ZwCreateFile
ZwQueryInformationFile
ZwSetInformationFile
ZwCreateKey
ZwOpenKey
ZwQueryValueKey
ZwSetValueKey
IoRaiseHardError
IoRaiseInformationalHardError
FsRtlIsTotalDeviceFailure
IoGetDeviceToVerify
IoIsSystemThread
IoSetDeviceToVerify
CcMdlWriteAbort
KeInitializeDpc
KeInitializeTimer
KeCancelTimer
ExInitializeNPagedLookasideList
ExDeleteNPagedLookasideList
ExInitializePagedLookasideList
ExDeletePagedLookasideList
ExInitializeResourceLite
ExDeleteResourceLite
MmGetSystemRoutineAddress
PsGetVersion
IoCreateSymbolicLink
IoDeleteSymbolicLink
IoAllocateWorkItem
IoFreeWorkItem
IoRegisterPlugPlayNotification
IoUnregisterPlugPlayNotification
FsRtlRegisterFileSystemFilterCallbacks
IoRegisterFileSystem
IoUnregisterFileSystem
KeInitializeThreadedDpc
PsCreateSystemThread
PsTerminateSystemThread
FsRtlProcessFileLock
RtlValidSid
RtlInitializeSid
RtlSubAuthoritySid
RtlLengthSid
RtlCopySid
IoCheckQuotaBufferValidity
ExAcquireSharedWaitForExclusive
IoGetStackLimits
FsRtlCheckLockForReadAccess
FsRtlPostStackOverflow
CcCopyRead
CcMdlRead
_allrem
MmSystemRangeStart
RtlValidRelativeSecurityDescriptor
SeQuerySecurityDescriptorInfo
RtlSplay
RtlDelete
_alldiv
KeFlushQueuedDpcs
KeReadStateTimer
KeQueryInterruptTime
ExAllocatePoolWithTag
RtlInitializeGenericTableAvl
RtlInsertElementGenericTableAvl
RtlDeleteElementGenericTableAvl
RtlLookupElementGenericTableAvl
RtlInitializeGenericTable
RtlInsertElementGenericTable
RtlDeleteElementGenericTable
RtlLookupElementGenericTable
RtlEnumerateGenericTableWithoutSplaying
IoCreateStreamFileObjectLite
FsRtlInitializeFileLock
FsRtlUninitializeFileLock
FsRtlNotifyInitializeSync
FsRtlNotifyUninitializeSync
FsRtlTeardownPerStreamContexts
KeInitializeSemaphore
KeReadStateSemaphore
KeReleaseSemaphore
KeAreApcsDisabled
KeWaitForMultipleObjects
IoSetHardErrorOrVerifyDevice
IoVerifyVolume
ExAcquireSharedStarveExclusive
MmAllocatePagesForMdl
MmFreePagesFromMdl
FsRtlCheckLockForWriteAccess
CcDeferWrite
CcCopyWrite
CcPrepareMdlWrite
MmQuerySystemSize
RtlEnumerateGenericTableWithoutSplayingAvl
RtlNumberGenericTableElementsAvl
_alldvrm
_allmul
KeResetEvent
PsSetCreateProcessNotifyRoutine
ExEventObjectType
PsThreadType
RtlUnwind
RtlDeleteNoSplay
ExRaiseStatus
KeBugCheckEx
KeWaitForSingleObject
KeSetEvent
KeInitializeEvent
IoAllocateMdl
memset
memcpy
InterlockedPushEntrySList
InterlockedPopEntrySList
SePrivilegeCheck
PsGetCurrentProcessId
IoGetCurrentProcess
RtlEqualUnicodeString
CcGetFileObjectFromSectionPtrs
_vsnwprintf
KeBugCheck
ExEnterCriticalRegionAndAcquireResourceExclusive
ExReleaseResourceAndLeaveCriticalRegion
RtlCreateSecurityDescriptor
RtlSetDaclSecurityDescriptor
SeCaptureSubjectContext
SeReleaseSubjectContext
ExUuidCreate
ZwEnumerateKey
ZwEnumerateValueKey
ZwOpenDirectoryObject
strrchr
wcsrchr
RtlUnicodeStringToAnsiString
RtlFreeAnsiString
IoAllocateErrorLogEntry
IoWriteErrorLogEntry
_vsnprintf
RtlGetElementGenericTable
RtlNumberGenericTableElements
RtlIsGenericTableEmpty
PsSetLoadImageNotifyRoutine
PsRemoveLoadImageNotifyRoutine
PsLookupProcessByProcessId
RtlUpcaseUnicodeChar
ZwOpenSymbolicLinkObject
ZwQuerySymbolicLinkObject
IoGetDeviceObjectPointer
ZwDeleteValueKey
SeQueryAuthenticationIdToken
PsReferencePrimaryToken
PsDereferencePrimaryToken
RtlInitializeBitMap
RtlClearBit
RtlSetBit
RtlTestBit
RtlFindClearBitsAndSet
RtlAreBitsClear
IoInvalidateDeviceRelations
PoSetPowerState
PoCallDriver
PoStartNextPowerIrp
wcstoul
KeClearEvent
IoBuildPartialMdl
IoGetAttachedDeviceReference
IoRequestDeviceEject
IoOpenDeviceRegistryKey
RtlPrefixUnicodeString
NtClose
IoGetLowerDeviceObject
ZwCreateEvent
_aullshr
IoCancelFileOpen
IoGetDiskDeviceObject
FsRtlRegisterUncProvider
FsRtlDeregisterUncProvider
FsRtlInsertPerStreamContext
FsRtlLookupPerStreamContextInternal
FsRtlRemovePerStreamContext
IoCreateSynchronizationEvent
RtlInt64ToUnicodeString
ZwWriteFile
ZwCreateDirectoryObject
ZwMakeTemporaryObject
ZwFsControlFile
PsSetCreateThreadNotifyRoutine
PsRemoveCreateThreadNotifyRoutine
PsLookupThreadByThreadId
MmUnmapLockedPages
MmUserProbeAddress
RtlCompareUnicodeString

hal

KeReleaseInStackQueuedSpinLock
KeAcquireInStackQueuedSpinLock
KeGetCurrentIrql
ExReleaseFastMutex
ExAcquireFastMutex
KeQueryPerformanceCounter

fltmgr.sys

FltIs32bitProcess
FltSetCallbackDataDirty
FltUnregisterFilter

Sections

.text
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGE
Size: 302KB - Virtual size: 301KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
i386/SHA1/cbfspnpbus.cat
i386/SHA1/cbfspnpbus.inf
i386/SHA1/cbfspnpbus.sys
.sys windows:10 windows x86 arch:x86

19a60f4deb560bc6a254edc4934bf8ee

Code Sign

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/01/2021, 00:00

Not After

06/01/2031, 00:00

Subject

CN=DigiCert Timestamp 2021,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:20:4d:b4:00:00:00:00:00:27
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/04/2011, 19:45

Not After

15/04/2021, 19:55

Subject

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

06:40:de:da:f3:40:2b:00:d8:d6:d9:47:4b:33:97:6b
Certificate

Issuer

CN=DigiCert EV Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

28/07/2020, 00:00

Not After

06/10/2023, 12:00

Subject

SERIALNUMBER=1572249,CN=Callback Technologies\, Inc.,O=Callback Technologies\, Inc.,L=Chapel Hill,ST=North Carolina,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130e4e6f727468204361726f6c696e61,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0d:d0:e3:37:4a:c9:5b:db:fa:6b:43:4b:2a:48:ec:06
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

18/04/2012, 12:00

Not After

18/04/2027, 12:00

Subject

CN=DigiCert EV Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

47:a1:57:75:70:90:d5:8c:cc:32:53:5f:25:b3:6d:c0:6b:ba:be:35
Signer

Actual PE Digest

47:a1:57:75:70:90:d5:8c:cc:32:53:5f:25:b3:6d:c0:6b:ba:be:35

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Dev\CBT\v20\code\DriverLibraries\VPnPBus\kmode\Release\cbfspnpbus.pdb

Imports

ntoskrnl.exe

KeSetEvent
KeEnterCriticalRegion
KeLeaveCriticalRegion
KeWaitForSingleObject
ExAllocatePoolWithTag
ExAcquireFastMutexUnsafe
ExReleaseFastMutexUnsafe
IofCallDriver
IofCompleteRequest
IoCreateDevice
IoDeleteDevice
IoDetachDevice
IoRegisterDeviceInterface
IoSetDeviceInterfaceState
PoSetPowerState
PoCallDriver
PoStartNextPowerIrp
ObfReferenceObject
IoAttachDeviceToDeviceStackSafe
_vsnwprintf
PsGetVersion
IoBuildSynchronousFsdRequest
memset
KeClearEvent
MmGetSystemRoutineAddress
KeBugCheckEx
KeInitializeEvent
RtlUnwind
RtlInitUnicodeString
RtlFreeUnicodeString

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 880B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 124B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGE
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 968B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 276B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
i386/cbfs22.sys
.sys windows:10 windows x86 arch:x86

e0e7a82287841804d9e0c3db2f063ebf

Code Sign

33:00:00:00:62:f4:5c:f9:9e:58:a9:6a:89:00:00:00:00:00:62
Certificate

Issuer

CN=Microsoft Windows Third Party Component CA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

06/04/2023, 19:16

Not After

03/04/2024, 19:16

Subject

CN=Microsoft Windows Hardware Compatibility Publisher,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

33:00:00:00:0d:69:0d:5d:78:93:d0:76:df:00:00:00:00:00:0d
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/10/2014, 20:31

Not After

15/10/2029, 20:41

Subject

CN=Microsoft Windows Third Party Component CA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

92:fa:cb:73:fe:2f:7a:4e:4e:d5:e7:43:40:1f:f5:b7:bb:a6:bc:05:94:32:2f:5a:8f:4d:79:57:d5:db:aa:55
Signer

Actual PE Digest

92:fa:cb:73:fe:2f:7a:4e:4e:d5:e7:43:40:1f:f5:b7:bb:a6:bc:05:94:32:2f:5a:8f:4d:79:57:d5:db:aa:55

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Dev\CBT\v22\code\CBFSConnect\ccore\cbfs\kmode\Release\cbfs22.pdb

Imports

ntoskrnl.exe

IoBuildAsynchronousFsdRequest
IofCallDriver
IoFreeIrp
IoFreeMdl
CcInitializeCacheMap
CcSetDirtyPageThreshold
CcMdlReadComplete
CcMdlWriteComplete
CcSetAdditionalCacheAttributes
KeEnterCriticalRegion
KeLeaveCriticalRegion
KeQuerySystemTime
ExAcquireResourceExclusiveLite
ExReleaseResourceLite
IofCompleteRequest
IoRemoveShareAccess
IoSetTopLevelIrp
IoAcquireVpbSpinLock
IoGetRequestorProcess
IoReleaseVpbSpinLock
MmFlushImageSection
FsRtlFastUnlockAll
FsRtlCheckOplock
FsRtlOplockIsFastIoPossible
FsRtlNotifyVolumeEvent
FsRtlNotifyFullChangeDirectory
FsRtlNotifyCleanup
CcUninitializeCacheMap
CcPurgeCacheSection
CcFlushCache
KeGetCurrentThread
KeDelayExecutionThread
KeSetTimer
ExAcquireFastMutexUnsafe
ExReleaseFastMutexUnsafe
ExGetExclusiveWaiterCount
ExGetSharedWaiterCount
IoQueueWorkItem
ObfReferenceObject
ObfDereferenceObject
RtlAppendUnicodeStringToString
RtlLengthSecurityDescriptor
IoCheckShareAccess
IoSetShareAccess
IoUpdateShareAccess
ZwClose
SeSinglePrivilegeCheck
PsGetCurrentThreadId
PsGetProcessId
PsGetThreadId
IoIsOperationSynchronous
IoThreadToProcess
MmCanFileBeTruncated
FsRtlOplockFsctrl
FsRtlCurrentBatchOplock
FsRtlDoesNameContainWildCards
CcSetFileSizes
CcIsThereDirtyData
memmove
MmProbeAndLockPages
MmUnlockPages
MmMapLockedPagesSpecifyCache
ObQueryNameString
ExFreePoolWithTag
IoBuildDeviceIoControlRequest
ExAcquireResourceSharedLite
ObReferenceObjectByHandle
ZwOpenFile
KeStackAttachProcess
KeUnstackDetachProcess
IoFileObjectType
MmHighestUserAddress
ExIsResourceAcquiredSharedLite
ExLocalTimeToSystemTime
IoGetRelatedDeviceObject
IoGetTopLevelIrp
FsRtlCopyRead
FsRtlCopyWrite
FsRtlFastCheckLockForRead
FsRtlFastCheckLockForWrite
FsRtlFastUnlockSingle
FsRtlFastUnlockAllByKey
FsRtlPrivateLock
CcCanIWrite
RtlAppendUnicodeToString
ExConvertExclusiveToSharedLite
ExIsResourceAcquiredExclusiveLite
FsRtlAreNamesEqual
ZwQueryDirectoryFile
MmForceSectionClosed
RtlInitUnicodeString
KeInitializeSpinLock
ExQueueWorkItem
IoAttachDeviceToDeviceStack
IoCreateDevice
IoDeleteDevice
IoDetachDevice
IoBuildSynchronousFsdRequest
RtlCompareMemory
KeQueryTimeIncrement
ProbeForRead
ObOpenObjectByPointer
FsRtlNormalizeNtstatus
FsRtlIsNtstatusExpected
FsRtlInitializeOplock
FsRtlUninitializeOplock
FsRtlNotifyFullReportChange
MmBuildMdlForNonPagedPool
CcWaitForCurrentLazyWriterActivity
_aulldiv
_aullrem
KeTickCount
IoAllocateIrp
ZwCreateFile
ZwQueryInformationFile
ZwSetInformationFile
ZwCreateKey
ZwOpenKey
ZwQueryValueKey
ZwSetValueKey
IoRaiseHardError
IoRaiseInformationalHardError
FsRtlIsTotalDeviceFailure
IoGetDeviceToVerify
IoIsSystemThread
IoSetDeviceToVerify
CcMdlWriteAbort
KeInitializeDpc
KeInitializeTimer
KeCancelTimer
ExInitializeNPagedLookasideList
ExDeleteNPagedLookasideList
ExInitializePagedLookasideList
ExDeletePagedLookasideList
ExInitializeResourceLite
ExDeleteResourceLite
MmGetSystemRoutineAddress
PsGetVersion
IoCreateSymbolicLink
IoDeleteSymbolicLink
IoAllocateWorkItem
IoFreeWorkItem
IoRegisterPlugPlayNotification
IoUnregisterPlugPlayNotification
FsRtlRegisterFileSystemFilterCallbacks
IoRegisterFileSystem
IoUnregisterFileSystem
KeInitializeThreadedDpc
PsCreateSystemThread
PsTerminateSystemThread
FsRtlProcessFileLock
RtlValidSid
RtlInitializeSid
RtlSubAuthoritySid
RtlLengthSid
RtlCopySid
IoCheckQuotaBufferValidity
ExAcquireSharedWaitForExclusive
IoGetStackLimits
FsRtlCheckLockForReadAccess
FsRtlPostStackOverflow
CcCopyRead
CcMdlRead
_allrem
MmSystemRangeStart
RtlValidRelativeSecurityDescriptor
SeQuerySecurityDescriptorInfo
RtlSplay
RtlDelete
_alldiv
KeFlushQueuedDpcs
KeReadStateTimer
KeQueryInterruptTime
ExAllocatePoolWithTag
RtlInitializeGenericTableAvl
RtlInsertElementGenericTableAvl
RtlDeleteElementGenericTableAvl
RtlLookupElementGenericTableAvl
RtlInitializeGenericTable
RtlInsertElementGenericTable
RtlDeleteElementGenericTable
RtlLookupElementGenericTable
RtlEnumerateGenericTableWithoutSplaying
IoCreateStreamFileObjectLite
FsRtlInitializeFileLock
FsRtlUninitializeFileLock
FsRtlNotifyInitializeSync
FsRtlNotifyUninitializeSync
FsRtlTeardownPerStreamContexts
KeInitializeSemaphore
KeReadStateSemaphore
KeReleaseSemaphore
KeAreApcsDisabled
KeWaitForMultipleObjects
IoSetHardErrorOrVerifyDevice
IoVerifyVolume
ExAcquireSharedStarveExclusive
MmAllocatePagesForMdl
MmFreePagesFromMdl
FsRtlCheckLockForWriteAccess
CcDeferWrite
CcCopyWrite
CcPrepareMdlWrite
MmQuerySystemSize
RtlEnumerateGenericTableWithoutSplayingAvl
RtlNumberGenericTableElementsAvl
_alldvrm
_allmul
KeResetEvent
PsSetCreateProcessNotifyRoutine
ExEventObjectType
PsThreadType
RtlUnwind
RtlDeleteNoSplay
ExRaiseStatus
KeBugCheckEx
KeWaitForSingleObject
KeSetEvent
KeInitializeEvent
IoAllocateMdl
memset
memcpy
InterlockedPushEntrySList
InterlockedPopEntrySList
SePrivilegeCheck
PsGetCurrentProcessId
IoGetCurrentProcess
RtlEqualUnicodeString
CcGetFileObjectFromSectionPtrs
_vsnwprintf
KeBugCheck
ExEnterCriticalRegionAndAcquireResourceExclusive
ExReleaseResourceAndLeaveCriticalRegion
RtlCreateSecurityDescriptor
RtlSetDaclSecurityDescriptor
SeCaptureSubjectContext
SeReleaseSubjectContext
ExUuidCreate
ZwEnumerateKey
ZwEnumerateValueKey
ZwOpenDirectoryObject
strrchr
wcsrchr
RtlUnicodeStringToAnsiString
RtlFreeAnsiString
IoAllocateErrorLogEntry
IoWriteErrorLogEntry
_vsnprintf
RtlGetElementGenericTable
RtlNumberGenericTableElements
RtlIsGenericTableEmpty
PsSetLoadImageNotifyRoutine
PsRemoveLoadImageNotifyRoutine
PsLookupProcessByProcessId
RtlUpcaseUnicodeChar
ZwOpenSymbolicLinkObject
ZwQuerySymbolicLinkObject
IoGetDeviceObjectPointer
ZwDeleteValueKey
SeQueryAuthenticationIdToken
PsReferencePrimaryToken
PsDereferencePrimaryToken
RtlInitializeBitMap
RtlClearBit
RtlSetBit
RtlTestBit
RtlFindClearBitsAndSet
RtlAreBitsClear
IoInvalidateDeviceRelations
PoSetPowerState
PoCallDriver
PoStartNextPowerIrp
wcstoul
KeClearEvent
IoBuildPartialMdl
IoGetAttachedDeviceReference
IoRequestDeviceEject
IoOpenDeviceRegistryKey
RtlPrefixUnicodeString
NtClose
IoGetLowerDeviceObject
ZwCreateEvent
_aullshr
IoCancelFileOpen
IoGetDiskDeviceObject
FsRtlRegisterUncProvider
FsRtlDeregisterUncProvider
FsRtlInsertPerStreamContext
FsRtlLookupPerStreamContextInternal
FsRtlRemovePerStreamContext
IoCreateSynchronizationEvent
RtlInt64ToUnicodeString
ZwWriteFile
ZwCreateDirectoryObject
ZwMakeTemporaryObject
ZwFsControlFile
PsSetCreateThreadNotifyRoutine
PsRemoveCreateThreadNotifyRoutine
PsLookupThreadByThreadId
MmUnmapLockedPages
MmUserProbeAddress
RtlCompareUnicodeString

hal

KeReleaseInStackQueuedSpinLock
KeAcquireInStackQueuedSpinLock
KeGetCurrentIrql
ExReleaseFastMutex
ExAcquireFastMutex
KeQueryPerformanceCounter

fltmgr.sys

FltIs32bitProcess
FltSetCallbackDataDirty
FltUnregisterFilter

Sections

.text
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGE
Size: 302KB - Virtual size: 301KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
i386/cbfsShellHelper22.dll
.dll regsvr32 windows:6 windows x86 arch:x86

683f0d60ea51fa387621ac37c3af471d

Code Sign

06:16:a2:e9:d6:d7:2a:0c:d4:b6:c0:e3:b8:18:c0:db
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

31/08/2023, 00:00

Not After

01/09/2026, 23:59

Subject

SERIALNUMBER=1572249,CN=Callback Technologies\, Inc.,O=Callback Technologies\, Inc.,L=Chapel Hill,ST=North Carolina,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130e4e6f727468204361726f6c696e61,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

9f:9f:d1:e0:0a:4b:67:a0:b5:75:3c:fa:9c:1e:85:b0:ed:13:15:3a:ac:96:52:96:35:3e:ee:68:5b:e9:ae:47
Signer

Actual PE Digest

9f:9f:d1:e0:0a:4b:67:a0:b5:75:3c:fa:9c:1e:85:b0:ed:13:15:3a:ac:96:52:96:35:3e:ee:68:5b:e9:ae:47

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\Dev\CBT\v22\code\CBFSConnect\ccore\CBFS\umode\HelperDLL\Release\CBFSShellHelper22.pdb

Imports

kernel32

SizeofResource
FindResourceW
LoadLibraryW
FindClose
FindNextFileW
GetSystemDirectoryW
GetWindowsDirectoryW
CreateMailslotW
lstrcpyW
lstrcatW
GetModuleFileNameW
SetEvent
CreateEventW
WaitForMultipleObjects
LockResource
GetCurrentProcess
lstrlenW
MultiByteToWideChar
GetComputerNameW
ResetEvent
TlsFree
EncodePointer
LoadLibraryExW
lstrcmpiW
GetThreadLocale
SetThreadLocale
GetOverlappedResult
DisableThreadLibraryCalls
GetConsoleMode
GetConsoleOutputCP
FlushFileBuffers
SetStdHandle
LoadResource
FreeLibrary
FindResourceExW
GetProcAddress
GetModuleHandleW
GetModuleFileNameA
GetCurrentProcessId
InitializeCriticalSectionEx
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
HeapDestroy
RaiseException
DecodePointer
LocalFree
DeleteCriticalSection
TlsSetValue
TlsGetValue
TlsAlloc
CreateFileW
GetCurrentThreadId
GetCurrentThread
CreateThread
Sleep
WaitForSingleObject
LeaveCriticalSection
EnterCriticalSection
DeviceIoControl
SetLastError
GetLastError
CloseHandle
WriteFile
ReadFile
GetFileAttributesW
SetFilePointerEx
GetStringTypeW
FreeEnvironmentStringsW
GetEnvironmentStringsW
WideCharToMultiByte
GetCommandLineW
GetCommandLineA
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
FindFirstFileExW
LCMapStringW
GetFileType
GetStdHandle
ExitProcess
GetModuleHandleExW
FreeLibraryAndExitThread
ExitThread
InterlockedFlushSList
RtlUnwind
OutputDebugStringW
InitializeSListHead
GetSystemTimeAsFileTime
QueryPerformanceCounter
GetStartupInfoW
IsDebuggerPresent
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
WaitForSingleObjectEx
InitializeCriticalSectionAndSpinCount
WriteConsoleW

user32

CharNextW
wsprintfW

advapi32

RegQueryInfoKeyW
SetEntriesInAclW
LsaNtStatusToWinError
QueryServiceStatus
QueryServiceConfigW
OpenServiceW
OpenSCManagerW
CloseServiceHandle
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
GetTokenInformation
FreeSid
AllocateAndInitializeSid
OpenThreadToken
OpenProcessToken
RegEnumValueW
RegDeleteValueW
RegOpenKeyW
RegEnumKeyExW
RegEnumKeyW
RegDeleteKeyW
RegSetValueExW
RegQueryValueExW
RegOpenKeyExW
RegCreateKeyExW
RegCloseKey
ReportEventW
RegisterEventSourceW
DeregisterEventSource
EqualSid

shell32

SHChangeNotify
SHGetIconOverlayIndexW
ord192

ole32

CoTaskMemFree
CoTaskMemAlloc
CoTaskMemRealloc
StringFromGUID2
CoCreateInstance
StringFromCLSID
CoCreateGuid

oleaut32

SysStringLen
LoadRegTypeLi
SysAllocString
SysFreeString
VarUI4FromStr
LoadTypeLi
RegisterTypeLi
UnRegisterTypeLi

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

shlwapi

SHDeleteKeyW
SHDeleteEmptyKeyW

netapi32

NetShareAdd
NetShareDel

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllInstall
DllRegisterServer
DllUnregisterServer
IconInstalled
InstallIcon
NPAddConnection
NPAddConnection3
NPCancelConnection
NPCloseEnum
NPEnumResource
NPFormatNetworkName
NPGetCaps
NPGetConnection
NPGetConnectionPerformance
NPGetDirectoryType
NPGetResourceInformation
NPGetResourceParent
NPGetUniversalName
NPOpenEnum
ResetIcon
SetIcon
UninstallIcon

Sections

.text
Size: 149KB - Virtual size: 148KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 45KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
i386/cbfspnpbus.cat
i386/cbfspnpbus.inf
i386/cbfspnpbus.sys
.sys windows:10 windows x86 arch:x86

fa55dbfb901985f22e831df14f144f45

Code Sign

33:00:00:00:62:f4:5c:f9:9e:58:a9:6a:89:00:00:00:00:00:62
Certificate

Issuer

CN=Microsoft Windows Third Party Component CA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

06/04/2023, 19:16

Not After

03/04/2024, 19:16

Subject

CN=Microsoft Windows Hardware Compatibility Publisher,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

33:00:00:00:0d:69:0d:5d:78:93:d0:76:df:00:00:00:00:00:0d
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/10/2014, 20:31

Not After

15/10/2029, 20:41

Subject

CN=Microsoft Windows Third Party Component CA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

96:38:79:88:7e:eb:6f:09:c2:d3:ea:b8:81:ef:66:12:b6:ea:3a:47:b5:f1:42:81:73:ad:41:1e:f4:24:67:e9
Signer

Actual PE Digest

96:38:79:88:7e:eb:6f:09:c2:d3:ea:b8:81:ef:66:12:b6:ea:3a:47:b5:f1:42:81:73:ad:41:1e:f4:24:67:e9

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Dev\CBT\v22\code\DriverLibraries\VPnPBus\kmode\Release\cbfspnpbus.pdb

Imports

ntoskrnl.exe

KeSetEvent
KeEnterCriticalRegion
KeLeaveCriticalRegion
KeWaitForSingleObject
ExAllocatePoolWithTag
ExAcquireFastMutexUnsafe
ExReleaseFastMutexUnsafe
IofCallDriver
IofCompleteRequest
IoCreateDevice
IoDeleteDevice
IoDetachDevice
IoRegisterDeviceInterface
IoSetDeviceInterfaceState
PoSetPowerState
PoCallDriver
PoStartNextPowerIrp
ObfReferenceObject
IoAttachDeviceToDeviceStackSafe
_vsnwprintf
PsGetVersion
RtlInitUnicodeString
KeClearEvent
MmGetSystemRoutineAddress
KeBugCheckEx
KeInitializeEvent
RtlUnwind
RtlFreeUnicodeString

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 864B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 124B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGE
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 1024B - Virtual size: 982B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 968B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 268B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
x64/SHA1/cbfs22.sys
.sys windows:10 windows x64 arch:x64

c82d5c2042107cd5ad6c6264c105d45f

Code Sign

33:00:00:00:62:f4:5c:f9:9e:58:a9:6a:89:00:00:00:00:00:62
Certificate

Issuer

CN=Microsoft Windows Third Party Component CA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

06/04/2023, 19:16

Not After

03/04/2024, 19:16

Subject

CN=Microsoft Windows Hardware Compatibility Publisher,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

33:00:00:00:0d:69:0d:5d:78:93:d0:76:df:00:00:00:00:00:0d
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/10/2014, 20:31

Not After

15/10/2029, 20:41

Subject

CN=Microsoft Windows Third Party Component CA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

7a:40:ec:c4:74:ab:d6:de:52:48:c9:76:fe:d6:7d:e1:42:43:fe:1a:f9:97:a0:fb:1d:1c:c4:c7:09:34:47:bb
Signer

Actual PE Digest

7a:40:ec:c4:74:ab:d6:de:52:48:c9:76:fe:d6:7d:e1:42:43:fe:1a:f9:97:a0:fb:1d:1c:c4:c7:09:34:47:bb

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Dev\CBT\v22\code\CBFSConnect\ccore\cbfs\kmode\x64\Release\cbfs22.pdb

Imports

ntoskrnl.exe

KeBugCheckEx
ExAcquireFastMutex
ExReleaseFastMutex
ExRaiseStatus
MmBuildMdlForNonPagedPool
IoAllocateMdl
IoBuildAsynchronousFsdRequest
IofCallDriver
IoFreeIrp
IoFreeMdl
CcInitializeCacheMap
CcSetDirtyPageThreshold
CcMdlReadComplete
CcMdlWriteComplete
CcSetAdditionalCacheAttributes
__C_specific_handler
KeEnterCriticalRegion
KeLeaveCriticalRegion
ExAcquireResourceExclusiveLite
ExReleaseResourceLite
IofCompleteRequest
IoRemoveShareAccess
IoSetTopLevelIrp
IoAcquireVpbSpinLock
IoGetRequestorProcess
IoReleaseVpbSpinLock
MmFlushImageSection
FsRtlFastUnlockAll
FsRtlCheckOplock
FsRtlOplockIsFastIoPossible
FsRtlNotifyVolumeEvent
FsRtlNotifyFullChangeDirectory
FsRtlNotifyCleanup
CcUninitializeCacheMap
CcPurgeCacheSection
CcFlushCache
KeDelayExecutionThread
KeSetTimer
ExAcquireFastMutexUnsafe
ExReleaseFastMutexUnsafe
ExGetExclusiveWaiterCount
ExGetSharedWaiterCount
IoQueueWorkItem
ObfReferenceObject
ObfDereferenceObject
RtlAppendUnicodeStringToString
RtlLengthSecurityDescriptor
IoCheckShareAccess
IoSetShareAccess
IoUpdateShareAccess
ZwClose
SeSinglePrivilegeCheck
PsGetCurrentThreadId
PsGetProcessId
PsGetThreadId
IoIsOperationSynchronous
IoThreadToProcess
MmCanFileBeTruncated
FsRtlOplockFsctrl
FsRtlCurrentBatchOplock
FsRtlDoesNameContainWildCards
CcSetFileSizes
CcIsThereDirtyData
MmProbeAndLockPages
MmUnlockPages
MmMapLockedPagesSpecifyCache
ObQueryNameString
ExFreePoolWithTag
IoBuildDeviceIoControlRequest
ExAcquireResourceSharedLite
ObReferenceObjectByHandle
ZwOpenFile
KeStackAttachProcess
KeUnstackDetachProcess
IoFileObjectType
MmHighestUserAddress
ExIsResourceAcquiredSharedLite
ExLocalTimeToSystemTime
IoGetRelatedDeviceObject
IoGetTopLevelIrp
FsRtlCopyRead
FsRtlFastCheckLockForRead
FsRtlFastCheckLockForWrite
FsRtlFastUnlockSingle
FsRtlFastUnlockAllByKey
FsRtlPrivateLock
CcCanIWrite
_local_unwind
RtlAppendUnicodeToString
ExConvertExclusiveToSharedLite
ExIsResourceAcquiredExclusiveLite
FsRtlAreNamesEqual
ZwQueryDirectoryFile
MmForceSectionClosed
RtlInitUnicodeString
KeAcquireInStackQueuedSpinLock
KeReleaseInStackQueuedSpinLock
ExQueueWorkItem
IoAttachDeviceToDeviceStack
IoCreateDevice
IoDeleteDevice
IoDetachDevice
IoBuildSynchronousFsdRequest
RtlCompareMemory
KeQueryTimeIncrement
KeWaitForSingleObject
IoIs32bitProcess
ObOpenObjectByPointer
FsRtlNormalizeNtstatus
FsRtlIsNtstatusExpected
FsRtlInitializeOplock
FsRtlUninitializeOplock
FsRtlNotifyFullReportChange
CcGetFileObjectFromSectionPtrs
CcWaitForCurrentLazyWriterActivity
IoAllocateIrp
ZwCreateFile
ZwQueryInformationFile
ZwSetInformationFile
ZwCreateKey
ZwOpenKey
ZwQueryValueKey
ZwSetValueKey
IoRaiseHardError
IoRaiseInformationalHardError
FsRtlIsTotalDeviceFailure
IoGetDeviceToVerify
IoIsSystemThread
IoSetDeviceToVerify
CcMdlWriteAbort
KeInitializeDpc
KeInitializeTimer
KeCancelTimer
InitializeSListHead
ExInitializeNPagedLookasideList
ExDeleteNPagedLookasideList
ExInitializePagedLookasideList
ExDeletePagedLookasideList
ExInitializeResourceLite
ExDeleteResourceLite
MmGetSystemRoutineAddress
PsGetVersion
IoCreateSymbolicLink
IoDeleteSymbolicLink
IoAllocateWorkItem
IoFreeWorkItem
IoRegisterPlugPlayNotification
IoUnregisterPlugPlayNotification
FsRtlRegisterFileSystemFilterCallbacks
IoRegisterFileSystem
IoUnregisterFileSystem
KeInitializeThreadedDpc
PsCreateSystemThread
PsTerminateSystemThread
FsRtlProcessFileLock
RtlValidSid
RtlInitializeSid
RtlSubAuthoritySid
RtlLengthSid
RtlCopySid
IoCheckQuotaBufferValidity
ExAcquireSharedWaitForExclusive
IoGetStackLimits
FsRtlCheckLockForReadAccess
FsRtlPostStackOverflow
CcCopyRead
CcMdlRead
MmSystemRangeStart
RtlValidRelativeSecurityDescriptor
SeQuerySecurityDescriptorInfo
RtlSplay
RtlDelete
KeFlushQueuedDpcs
KeReadStateTimer
ExAllocatePoolWithTag
RtlInitializeGenericTableAvl
RtlInsertElementGenericTableAvl
RtlDeleteElementGenericTableAvl
RtlLookupElementGenericTableAvl
RtlInitializeGenericTable
RtlInsertElementGenericTable
RtlDeleteElementGenericTable
RtlLookupElementGenericTable
RtlEnumerateGenericTableWithoutSplaying
IoCreateStreamFileObjectLite
FsRtlInitializeFileLock
FsRtlUninitializeFileLock
FsRtlNotifyInitializeSync
FsRtlNotifyUninitializeSync
FsRtlTeardownPerStreamContexts
KeInitializeSemaphore
KeReadStateSemaphore
KeReleaseSemaphore
KeAreApcsDisabled
KeWaitForMultipleObjects
IoSetHardErrorOrVerifyDevice
IoVerifyVolume
ExAcquireSharedStarveExclusive
MmAllocatePagesForMdl
MmFreePagesFromMdl
FsRtlCheckLockForWriteAccess
CcDeferWrite
CcCopyWrite
CcPrepareMdlWrite
MmQuerySystemSize
RtlEnumerateGenericTableWithoutSplayingAvl
RtlNumberGenericTableElementsAvl
KeResetEvent
PsSetCreateProcessNotifyRoutine
ExEventObjectType
PsThreadType
KeSetEvent
KeInitializeEvent
ExpInterlockedPushEntrySList
ExpInterlockedPopEntrySList
ExQueryDepthSList
SePrivilegeCheck
PsGetCurrentProcessId
IoGetCurrentProcess
RtlEqualUnicodeString
ProbeForRead
_vsnwprintf
KeBugCheck
ExEnterCriticalRegionAndAcquireResourceExclusive
ExReleaseResourceAndLeaveCriticalRegion
RtlCreateSecurityDescriptor
RtlSetDaclSecurityDescriptor
SeCaptureSubjectContext
SeReleaseSubjectContext
ExUuidCreate
ZwEnumerateKey
ZwEnumerateValueKey
ZwOpenDirectoryObject
strrchr
wcsrchr
RtlUnicodeStringToAnsiString
RtlFreeAnsiString
IoAllocateErrorLogEntry
IoWriteErrorLogEntry
_vsnprintf
RtlGetElementGenericTable
RtlNumberGenericTableElements
RtlIsGenericTableEmpty
PsSetLoadImageNotifyRoutine
PsRemoveLoadImageNotifyRoutine
PsLookupProcessByProcessId
RtlUpcaseUnicodeChar
ZwOpenSymbolicLinkObject
ZwQuerySymbolicLinkObject
IoGetDeviceObjectPointer
ZwDeleteValueKey
SeQueryAuthenticationIdToken
PsReferencePrimaryToken
PsDereferencePrimaryToken
RtlInitializeBitMap
RtlClearBit
RtlSetBit
RtlTestBit
RtlFindClearBitsAndSet
RtlAreBitsClear
IoInvalidateDeviceRelations
PoSetPowerState
PoCallDriver
PoStartNextPowerIrp
wcstoul
KeClearEvent
IoBuildPartialMdl
IoGetAttachedDeviceReference
IoRequestDeviceEject
IoOpenDeviceRegistryKey
RtlPrefixUnicodeString
NtClose
IoGetLowerDeviceObject
ZwCreateEvent
IoCancelFileOpen
IoGetDiskDeviceObject
FsRtlRegisterUncProvider
FsRtlDeregisterUncProvider
FsRtlInsertPerStreamContext
FsRtlLookupPerStreamContextInternal
FsRtlRemovePerStreamContext
IoCreateSynchronizationEvent
RtlInt64ToUnicodeString
ZwWriteFile
ZwCreateDirectoryObject
ZwMakeTemporaryObject
ZwFsControlFile
PsSetCreateThreadNotifyRoutine
PsRemoveCreateThreadNotifyRoutine
PsLookupThreadByThreadId
MmUnmapLockedPages
MmUserProbeAddress
RtlCompareUnicodeString

fltmgr.sys

FltStartFiltering
FltIs32bitProcess
FltObjectDereference
FltGetVolumeFromName
FltAttachVolume
FltRegisterFilter
FltUnregisterFilter
FltSetCallbackDataDirty

hal

KeQueryPerformanceCounter

Sections

.text
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

PAGE
Size: 377KB - Virtual size: 376KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 148B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
x64/SHA1/cbfspnpbus.cat
x64/SHA1/cbfspnpbus.inf
x64/SHA1/cbfspnpbus.sys
.sys windows:10 windows x64 arch:x64

d5ffb6b719db47a286413cca864d94c5

Code Sign

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/01/2021, 00:00

Not After

06/01/2031, 00:00

Subject

CN=DigiCert Timestamp 2021,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:20:4d:b4:00:00:00:00:00:27
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/04/2011, 19:45

Not After

15/04/2021, 19:55

Subject

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

06:40:de:da:f3:40:2b:00:d8:d6:d9:47:4b:33:97:6b
Certificate

Issuer

CN=DigiCert EV Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

28/07/2020, 00:00

Not After

06/10/2023, 12:00

Subject

SERIALNUMBER=1572249,CN=Callback Technologies\, Inc.,O=Callback Technologies\, Inc.,L=Chapel Hill,ST=North Carolina,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130e4e6f727468204361726f6c696e61,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0d:d0:e3:37:4a:c9:5b:db:fa:6b:43:4b:2a:48:ec:06
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

18/04/2012, 12:00

Not After

18/04/2027, 12:00

Subject

CN=DigiCert EV Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

bf:99:4f:9a:a4:20:e4:b1:8b:27:11:56:22:c7:42:6b:da:fa:01:a0
Signer

Actual PE Digest

bf:99:4f:9a:a4:20:e4:b1:8b:27:11:56:22:c7:42:6b:da:fa:01:a0

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Dev\CBT\v20\code\DriverLibraries\VPnPBus\kmode\x64\Release\cbfspnpbus.pdb

Imports

ntoskrnl.exe

RtlFreeUnicodeString
KeInitializeEvent
KeClearEvent
KeSetEvent
KeEnterCriticalRegion
KeLeaveCriticalRegion
KeWaitForSingleObject
ExAllocatePoolWithTag
ExAcquireFastMutexUnsafe
ExReleaseFastMutexUnsafe
IofCallDriver
IofCompleteRequest
IoCreateDevice
IoDeleteDevice
IoDetachDevice
IoRegisterDeviceInterface
IoSetDeviceInterfaceState
PoSetPowerState
PoCallDriver
PoStartNextPowerIrp
ObfReferenceObject
IoAttachDeviceToDeviceStackSafe
_vsnwprintf
PsGetVersion
IoBuildSynchronousFsdRequest
RtlInitUnicodeString
MmGetSystemRoutineAddress
KeBugCheckEx

Sections

.text
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 384B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 360B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

PAGE
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 968B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 20B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
x64/cbfs22.sys
.sys windows:10 windows x64 arch:x64

c82d5c2042107cd5ad6c6264c105d45f

Code Sign

33:00:00:00:62:f4:5c:f9:9e:58:a9:6a:89:00:00:00:00:00:62
Certificate

Issuer

CN=Microsoft Windows Third Party Component CA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

06/04/2023, 19:16

Not After

03/04/2024, 19:16

Subject

CN=Microsoft Windows Hardware Compatibility Publisher,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

33:00:00:00:0d:69:0d:5d:78:93:d0:76:df:00:00:00:00:00:0d
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/10/2014, 20:31

Not After

15/10/2029, 20:41

Subject

CN=Microsoft Windows Third Party Component CA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

7a:40:ec:c4:74:ab:d6:de:52:48:c9:76:fe:d6:7d:e1:42:43:fe:1a:f9:97:a0:fb:1d:1c:c4:c7:09:34:47:bb
Signer

Actual PE Digest

7a:40:ec:c4:74:ab:d6:de:52:48:c9:76:fe:d6:7d:e1:42:43:fe:1a:f9:97:a0:fb:1d:1c:c4:c7:09:34:47:bb

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Dev\CBT\v22\code\CBFSConnect\ccore\cbfs\kmode\x64\Release\cbfs22.pdb

Imports

ntoskrnl.exe

KeBugCheckEx
ExAcquireFastMutex
ExReleaseFastMutex
ExRaiseStatus
MmBuildMdlForNonPagedPool
IoAllocateMdl
IoBuildAsynchronousFsdRequest
IofCallDriver
IoFreeIrp
IoFreeMdl
CcInitializeCacheMap
CcSetDirtyPageThreshold
CcMdlReadComplete
CcMdlWriteComplete
CcSetAdditionalCacheAttributes
__C_specific_handler
KeEnterCriticalRegion
KeLeaveCriticalRegion
ExAcquireResourceExclusiveLite
ExReleaseResourceLite
IofCompleteRequest
IoRemoveShareAccess
IoSetTopLevelIrp
IoAcquireVpbSpinLock
IoGetRequestorProcess
IoReleaseVpbSpinLock
MmFlushImageSection
FsRtlFastUnlockAll
FsRtlCheckOplock
FsRtlOplockIsFastIoPossible
FsRtlNotifyVolumeEvent
FsRtlNotifyFullChangeDirectory
FsRtlNotifyCleanup
CcUninitializeCacheMap
CcPurgeCacheSection
CcFlushCache
KeDelayExecutionThread
KeSetTimer
ExAcquireFastMutexUnsafe
ExReleaseFastMutexUnsafe
ExGetExclusiveWaiterCount
ExGetSharedWaiterCount
IoQueueWorkItem
ObfReferenceObject
ObfDereferenceObject
RtlAppendUnicodeStringToString
RtlLengthSecurityDescriptor
IoCheckShareAccess
IoSetShareAccess
IoUpdateShareAccess
ZwClose
SeSinglePrivilegeCheck
PsGetCurrentThreadId
PsGetProcessId
PsGetThreadId
IoIsOperationSynchronous
IoThreadToProcess
MmCanFileBeTruncated
FsRtlOplockFsctrl
FsRtlCurrentBatchOplock
FsRtlDoesNameContainWildCards
CcSetFileSizes
CcIsThereDirtyData
MmProbeAndLockPages
MmUnlockPages
MmMapLockedPagesSpecifyCache
ObQueryNameString
ExFreePoolWithTag
IoBuildDeviceIoControlRequest
ExAcquireResourceSharedLite
ObReferenceObjectByHandle
ZwOpenFile
KeStackAttachProcess
KeUnstackDetachProcess
IoFileObjectType
MmHighestUserAddress
ExIsResourceAcquiredSharedLite
ExLocalTimeToSystemTime
IoGetRelatedDeviceObject
IoGetTopLevelIrp
FsRtlCopyRead
FsRtlFastCheckLockForRead
FsRtlFastCheckLockForWrite
FsRtlFastUnlockSingle
FsRtlFastUnlockAllByKey
FsRtlPrivateLock
CcCanIWrite
_local_unwind
RtlAppendUnicodeToString
ExConvertExclusiveToSharedLite
ExIsResourceAcquiredExclusiveLite
FsRtlAreNamesEqual
ZwQueryDirectoryFile
MmForceSectionClosed
RtlInitUnicodeString
KeAcquireInStackQueuedSpinLock
KeReleaseInStackQueuedSpinLock
ExQueueWorkItem
IoAttachDeviceToDeviceStack
IoCreateDevice
IoDeleteDevice
IoDetachDevice
IoBuildSynchronousFsdRequest
RtlCompareMemory
KeQueryTimeIncrement
KeWaitForSingleObject
IoIs32bitProcess
ObOpenObjectByPointer
FsRtlNormalizeNtstatus
FsRtlIsNtstatusExpected
FsRtlInitializeOplock
FsRtlUninitializeOplock
FsRtlNotifyFullReportChange
CcGetFileObjectFromSectionPtrs
CcWaitForCurrentLazyWriterActivity
IoAllocateIrp
ZwCreateFile
ZwQueryInformationFile
ZwSetInformationFile
ZwCreateKey
ZwOpenKey
ZwQueryValueKey
ZwSetValueKey
IoRaiseHardError
IoRaiseInformationalHardError
FsRtlIsTotalDeviceFailure
IoGetDeviceToVerify
IoIsSystemThread
IoSetDeviceToVerify
CcMdlWriteAbort
KeInitializeDpc
KeInitializeTimer
KeCancelTimer
InitializeSListHead
ExInitializeNPagedLookasideList
ExDeleteNPagedLookasideList
ExInitializePagedLookasideList
ExDeletePagedLookasideList
ExInitializeResourceLite
ExDeleteResourceLite
MmGetSystemRoutineAddress
PsGetVersion
IoCreateSymbolicLink
IoDeleteSymbolicLink
IoAllocateWorkItem
IoFreeWorkItem
IoRegisterPlugPlayNotification
IoUnregisterPlugPlayNotification
FsRtlRegisterFileSystemFilterCallbacks
IoRegisterFileSystem
IoUnregisterFileSystem
KeInitializeThreadedDpc
PsCreateSystemThread
PsTerminateSystemThread
FsRtlProcessFileLock
RtlValidSid
RtlInitializeSid
RtlSubAuthoritySid
RtlLengthSid
RtlCopySid
IoCheckQuotaBufferValidity
ExAcquireSharedWaitForExclusive
IoGetStackLimits
FsRtlCheckLockForReadAccess
FsRtlPostStackOverflow
CcCopyRead
CcMdlRead
MmSystemRangeStart
RtlValidRelativeSecurityDescriptor
SeQuerySecurityDescriptorInfo
RtlSplay
RtlDelete
KeFlushQueuedDpcs
KeReadStateTimer
ExAllocatePoolWithTag
RtlInitializeGenericTableAvl
RtlInsertElementGenericTableAvl
RtlDeleteElementGenericTableAvl
RtlLookupElementGenericTableAvl
RtlInitializeGenericTable
RtlInsertElementGenericTable
RtlDeleteElementGenericTable
RtlLookupElementGenericTable
RtlEnumerateGenericTableWithoutSplaying
IoCreateStreamFileObjectLite
FsRtlInitializeFileLock
FsRtlUninitializeFileLock
FsRtlNotifyInitializeSync
FsRtlNotifyUninitializeSync
FsRtlTeardownPerStreamContexts
KeInitializeSemaphore
KeReadStateSemaphore
KeReleaseSemaphore
KeAreApcsDisabled
KeWaitForMultipleObjects
IoSetHardErrorOrVerifyDevice
IoVerifyVolume
ExAcquireSharedStarveExclusive
MmAllocatePagesForMdl
MmFreePagesFromMdl
FsRtlCheckLockForWriteAccess
CcDeferWrite
CcCopyWrite
CcPrepareMdlWrite
MmQuerySystemSize
RtlEnumerateGenericTableWithoutSplayingAvl
RtlNumberGenericTableElementsAvl
KeResetEvent
PsSetCreateProcessNotifyRoutine
ExEventObjectType
PsThreadType
KeSetEvent
KeInitializeEvent
ExpInterlockedPushEntrySList
ExpInterlockedPopEntrySList
ExQueryDepthSList
SePrivilegeCheck
PsGetCurrentProcessId
IoGetCurrentProcess
RtlEqualUnicodeString
ProbeForRead
_vsnwprintf
KeBugCheck
ExEnterCriticalRegionAndAcquireResourceExclusive
ExReleaseResourceAndLeaveCriticalRegion
RtlCreateSecurityDescriptor
RtlSetDaclSecurityDescriptor
SeCaptureSubjectContext
SeReleaseSubjectContext
ExUuidCreate
ZwEnumerateKey
ZwEnumerateValueKey
ZwOpenDirectoryObject
strrchr
wcsrchr
RtlUnicodeStringToAnsiString
RtlFreeAnsiString
IoAllocateErrorLogEntry
IoWriteErrorLogEntry
_vsnprintf
RtlGetElementGenericTable
RtlNumberGenericTableElements
RtlIsGenericTableEmpty
PsSetLoadImageNotifyRoutine
PsRemoveLoadImageNotifyRoutine
PsLookupProcessByProcessId
RtlUpcaseUnicodeChar
ZwOpenSymbolicLinkObject
ZwQuerySymbolicLinkObject
IoGetDeviceObjectPointer
ZwDeleteValueKey
SeQueryAuthenticationIdToken
PsReferencePrimaryToken
PsDereferencePrimaryToken
RtlInitializeBitMap
RtlClearBit
RtlSetBit
RtlTestBit
RtlFindClearBitsAndSet
RtlAreBitsClear
IoInvalidateDeviceRelations
PoSetPowerState
PoCallDriver
PoStartNextPowerIrp
wcstoul
KeClearEvent
IoBuildPartialMdl
IoGetAttachedDeviceReference
IoRequestDeviceEject
IoOpenDeviceRegistryKey
RtlPrefixUnicodeString
NtClose
IoGetLowerDeviceObject
ZwCreateEvent
IoCancelFileOpen
IoGetDiskDeviceObject
FsRtlRegisterUncProvider
FsRtlDeregisterUncProvider
FsRtlInsertPerStreamContext
FsRtlLookupPerStreamContextInternal
FsRtlRemovePerStreamContext
IoCreateSynchronizationEvent
RtlInt64ToUnicodeString
ZwWriteFile
ZwCreateDirectoryObject
ZwMakeTemporaryObject
ZwFsControlFile
PsSetCreateThreadNotifyRoutine
PsRemoveCreateThreadNotifyRoutine
PsLookupThreadByThreadId
MmUnmapLockedPages
MmUserProbeAddress
RtlCompareUnicodeString

fltmgr.sys

FltStartFiltering
FltIs32bitProcess
FltObjectDereference
FltGetVolumeFromName
FltAttachVolume
FltRegisterFilter
FltUnregisterFilter
FltSetCallbackDataDirty

hal

KeQueryPerformanceCounter

Sections

.text
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

PAGE
Size: 377KB - Virtual size: 376KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 148B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
x64/cbfsShellHelper22.dll
.dll regsvr32 windows:6 windows x64 arch:x64

0cde05528415693da331f9e589064462

Code Sign

06:16:a2:e9:d6:d7:2a:0c:d4:b6:c0:e3:b8:18:c0:db
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

31/08/2023, 00:00

Not After

01/09/2026, 23:59

Subject

SERIALNUMBER=1572249,CN=Callback Technologies\, Inc.,O=Callback Technologies\, Inc.,L=Chapel Hill,ST=North Carolina,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130e4e6f727468204361726f6c696e61,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

e4:31:d0:78:30:61:c5:70:49:29:51:f2:5a:e4:92:a4:39:6f:c5:b6:c7:b4:10:04:be:4e:88:ba:b8:de:92:0d
Signer

Actual PE Digest

e4:31:d0:78:30:61:c5:70:49:29:51:f2:5a:e4:92:a4:39:6f:c5:b6:c7:b4:10:04:be:4e:88:ba:b8:de:92:0d

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\Dev\CBT\v22\code\CBFSConnect\ccore\CBFS\umode\HelperDLL\x64\Release\CBFSShellHelper22.pdb

Imports

kernel32

SizeofResource
FindResourceW
LoadLibraryW
FindClose
FindNextFileW
GetSystemDirectoryW
GetWindowsDirectoryW
CreateMailslotW
lstrcpyW
lstrcatW
GetModuleFileNameW
SetEvent
CreateEventW
WaitForMultipleObjects
LockResource
GetCurrentProcess
lstrlenW
MultiByteToWideChar
GetComputerNameW
ResetEvent
TlsFree
EncodePointer
LoadLibraryExW
lstrcmpiW
GetThreadLocale
SetThreadLocale
GetOverlappedResult
DisableThreadLibraryCalls
WriteConsoleW
GetConsoleMode
GetConsoleOutputCP
FlushFileBuffers
LoadResource
FreeLibrary
FindResourceExW
GetProcAddress
GetModuleHandleW
GetModuleFileNameA
GetCurrentProcessId
InitializeCriticalSectionEx
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
HeapDestroy
RaiseException
DecodePointer
LocalFree
DeleteCriticalSection
TlsSetValue
TlsGetValue
TlsAlloc
GetCurrentThreadId
GetCurrentThread
CreateFileW
CreateThread
Sleep
WaitForSingleObject
LeaveCriticalSection
EnterCriticalSection
DeviceIoControl
SetLastError
GetLastError
CloseHandle
WriteFile
ReadFile
GetFileAttributesW
SetStdHandle
SetFilePointerEx
GetStringTypeW
FreeEnvironmentStringsW
GetEnvironmentStringsW
WideCharToMultiByte
GetCommandLineW
GetCommandLineA
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
FindFirstFileExW
LCMapStringW
GetFileType
GetStdHandle
ExitProcess
GetModuleHandleExW
FreeLibraryAndExitThread
ExitThread
InterlockedFlushSList
RtlPcToFileHeader
RtlUnwindEx
OutputDebugStringW
InitializeSListHead
GetSystemTimeAsFileTime
QueryPerformanceCounter
GetStartupInfoW
IsDebuggerPresent
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
WaitForSingleObjectEx
InitializeCriticalSectionAndSpinCount

user32

CharNextW
wsprintfW

advapi32

SetSecurityDescriptorDacl
RegQueryInfoKeyW
SetEntriesInAclW
LsaNtStatusToWinError
QueryServiceStatus
QueryServiceConfigW
OpenServiceW
OpenSCManagerW
CloseServiceHandle
InitializeSecurityDescriptor
GetTokenInformation
FreeSid
AllocateAndInitializeSid
OpenThreadToken
OpenProcessToken
RegEnumValueW
RegDeleteValueW
RegOpenKeyW
RegEnumKeyExW
RegEnumKeyW
RegDeleteKeyW
RegSetValueExW
RegQueryValueExW
RegOpenKeyExW
RegCreateKeyExW
RegCloseKey
ReportEventW
RegisterEventSourceW
DeregisterEventSource
EqualSid

shell32

SHChangeNotify
SHGetIconOverlayIndexW
ord192

ole32

CoTaskMemFree
CoTaskMemAlloc
CoTaskMemRealloc
StringFromGUID2
CoCreateInstance
StringFromCLSID
CoCreateGuid

oleaut32

UnRegisterTypeLi
RegisterTypeLi
VarUI4FromStr
LoadTypeLi
LoadRegTypeLi
SysFreeString
SysAllocString
SysStringLen

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

shlwapi

SHDeleteKeyW
SHDeleteEmptyKeyW

netapi32

NetShareDel
NetShareAdd

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllInstall
DllRegisterServer
DllUnregisterServer
IconInstalled
InstallIcon
NPAddConnection
NPAddConnection3
NPCancelConnection
NPCloseEnum
NPEnumResource
NPFormatNetworkName
NPGetCaps
NPGetConnection
NPGetConnectionPerformance
NPGetDirectoryType
NPGetResourceInformation
NPGetResourceParent
NPGetUniversalName
NPOpenEnum
ResetIcon
SetIcon
UninstallIcon

Sections

.text
Size: 174KB - Virtual size: 174KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 69KB - Virtual size: 69KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 148B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
x64/cbfspnpbus.cat
x64/cbfspnpbus.inf
x64/cbfspnpbus.sys
.sys windows:10 windows x64 arch:x64

72ac9207a1dfbefbaac424e07a0ef2bc

Code Sign

33:00:00:00:62:f4:5c:f9:9e:58:a9:6a:89:00:00:00:00:00:62
Certificate

Issuer

CN=Microsoft Windows Third Party Component CA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

06/04/2023, 19:16

Not After

03/04/2024, 19:16

Subject

CN=Microsoft Windows Hardware Compatibility Publisher,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

33:00:00:00:0d:69:0d:5d:78:93:d0:76:df:00:00:00:00:00:0d
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/10/2014, 20:31

Not After

15/10/2029, 20:41

Subject

CN=Microsoft Windows Third Party Component CA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

4d:78:d2:0b:f2:0e:fc:85:e5:e9:20:dc:1b:42:91:b2:9e:b2:06:73:67:d4:53:9a:7b:79:5c:bc:e2:5b:03:08
Signer

Actual PE Digest

4d:78:d2:0b:f2:0e:fc:85:e5:e9:20:dc:1b:42:91:b2:9e:b2:06:73:67:d4:53:9a:7b:79:5c:bc:e2:5b:03:08

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Dev\CBT\v22\code\DriverLibraries\VPnPBus\kmode\x64\Release\cbfspnpbus.pdb

Imports

ntoskrnl.exe

RtlFreeUnicodeString
KeInitializeEvent
KeClearEvent
KeSetEvent
KeEnterCriticalRegion
KeLeaveCriticalRegion
KeWaitForSingleObject
ExAllocatePoolWithTag
ExAcquireFastMutexUnsafe
ExReleaseFastMutexUnsafe
IofCallDriver
IofCompleteRequest
IoCreateDevice
IoDeleteDevice
IoDetachDevice
IoRegisterDeviceInterface
IoSetDeviceInterfaceState
PoSetPowerState
PoCallDriver
PoStartNextPowerIrp
ObfReferenceObject
IoAttachDeviceToDeviceStackSafe
_vsnwprintf
PsGetVersion
RtlInitUnicodeString
MmGetSystemRoutineAddress
KeBugCheckEx

Sections

.text
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 384B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 336B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

PAGE
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 968B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 20B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
x64/wow64sup.exe
.exe windows:6 windows x64 arch:x64

dcf91a6828e849eae4dcd3468e7f436d

Code Sign

06:16:a2:e9:d6:d7:2a:0c:d4:b6:c0:e3:b8:18:c0:db
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

31/08/2023, 00:00

Not After

01/09/2026, 23:59

Subject

SERIALNUMBER=1572249,CN=Callback Technologies\, Inc.,O=Callback Technologies\, Inc.,L=Chapel Hill,ST=North Carolina,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130e4e6f727468204361726f6c696e61,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

4a:83:1b:46:db:96:5d:4d:fe:39:01:5e:31:a3:b4:91:79:7a:2a:3d:8f:57:79:ca:6e:f9:9c:73:cf:71:9d:ce
Signer

Actual PE Digest

4a:83:1b:46:db:96:5d:4d:fe:39:01:5e:31:a3:b4:91:79:7a:2a:3d:8f:57:79:ca:6e:f9:9c:73:cf:71:9d:ce

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Dev\CBT\v22\code\CBFSConnect\ccore\CBFS\umode\wow64sup\x64\Release\wow64sup.pdb

Imports

kernel32

FreeLibrary
LoadLibraryW
lstrcpyW
lstrcatW
GetFileSize
GetSystemWindowsDirectoryW
GetCurrentProcess
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
lstrlenW
CopyFileW
MoveFileExW
MultiByteToWideChar
TlsFree
GetStdHandle
WriteConsoleW
GetConsoleMode
GetWindowsDirectoryW
GetSystemDirectoryW
RemoveDirectoryW
GetFullPathNameW
FindNextFileW
FindFirstFileW
FindClose
CreateDirectoryW
GetEnvironmentVariableW
GetProcAddress
GetModuleHandleW
GetModuleFileNameA
GetCurrentProcessId
DeleteCriticalSection
CreateProcessW
TlsSetValue
TlsGetValue
TlsAlloc
GetCurrentThreadId
GetCurrentThread
CreateFileW
GetExitCodeProcess
Sleep
WaitForSingleObject
LeaveCriticalSection
EnterCriticalSection
DeviceIoControl
CreatePipe
SetLastError
GetLastError
SetHandleInformation
CloseHandle
GetTempPathW
WriteFile
ReadFile
GetTempFileNameW
GetFileAttributesW
DeleteFileW
SetFileAttributesW
GetConsoleOutputCP
FlushFileBuffers
HeapReAlloc
HeapSize
SetFilePointerEx
GetProcessHeap
LCMapStringW
CompareStringW
GetStringTypeW
SetStdHandle
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
WideCharToMultiByte
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
FindFirstFileExW
GetFileType
HeapAlloc
HeapFree
GetCommandLineW
GetCommandLineA
GetModuleHandleExW
ExitProcess
GetModuleFileNameW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
RtlUnwindEx
InitializeCriticalSectionAndSpinCount
LoadLibraryExW
RaiseException

user32

wsprintfW

advapi32

SetSecurityDescriptorDacl
LsaNtStatusToWinError
StartServiceW
QueryServiceStatus
QueryServiceConfigW
OpenServiceW
OpenSCManagerW
DeleteService
CreateServiceW
ControlService
CloseServiceHandle
RegGetValueW
SetSecurityDescriptorSacl
SetSecurityDescriptorOwner
SetSecurityDescriptorGroup
InitializeSecurityDescriptor
InitializeAcl
GetTokenInformation
FreeSid
AllocateAndInitializeSid
AddAccessAllowedAce
OpenThreadToken
OpenProcessToken
RegEnumValueW
RegEnumKeyExW
RegDeleteValueW
RegSetValueExW
RegQueryValueExW
RegOpenKeyExW
RegCreateKeyExW
RegCloseKey
ReportEventW
RegisterEventSourceW
DeregisterEventSource
GetLengthSid
EqualSid

shell32

SHFileOperationW

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

setupapi

SetupDiGetActualSectionToInstallW
SetupDiSetClassInstallParamsW
SetupDiGetDeviceInstallParamsW
SetupDiSetDeviceRegistryPropertyW
SetupDiGetDeviceRegistryPropertyW
SetupDiCallClassInstaller
SetupDiGetINFClassW
SetupDiGetClassDevsW
SetupDiGetDeviceInterfaceDetailW
SetupDiEnumDeviceInterfaces
SetupDiDestroyDeviceInfoList
SetupDiEnumDeviceInfo
SetupDiGetDeviceInstanceIdW
SetupDiCreateDeviceInfoW
SetupDiCreateDeviceInfoList
CM_Get_DevNode_Status
SetupGetSourceInfoW
SetupGetSourceFileLocationW
SetupGetIntField
SetupGetStringFieldW
SetupFindFirstLineW
SetupCloseInfFile
SetupOpenInfFileW
SetupIterateCabinetW

Sections

.text
Size: 121KB - Virtual size: 121KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 56KB - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 148B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
FATXplorer\cbfsconnect22.dll
.dll windows:5 windows x64 arch:x64

b03cc4148b8d6373d7725921adc1d1d0

Code Sign

06:16:a2:e9:d6:d7:2a:0c:d4:b6:c0:e3:b8:18:c0:db
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

31/08/2023, 00:00

Not After

01/09/2026, 23:59

Subject

SERIALNUMBER=1572249,CN=Callback Technologies\, Inc.,O=Callback Technologies\, Inc.,L=Chapel Hill,ST=North Carolina,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130e4e6f727468204361726f6c696e61,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

d7:ba:a0:50:fc:05:60:75:ed:f9:9c:97:d0:42:d1:a9:b0:13:93:4a:5a:60:5a:e2:1f:b1:ac:c4:9b:05:4e:95
Signer

Actual PE Digest

d7:ba:a0:50:fc:05:60:75:ed:f9:9c:97:d0:42:d1:a9:b0:13:93:4a:5a:60:5a:e2:1f:b1:ac:c4:9b:05:4e:95

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\Dev\CBT\v22\Release\CBFSConnect\cpp\Release64\cbfsconnect22.full.pdb

Imports

kernel32

FindNextFileW
GetFileAttributesExW
SetFileAttributesW
CreateDirectoryW
GlobalMemoryStatusEx
GetSystemTimeAsFileTime
GetSystemTime
GetModuleFileNameW
lstrcpynA
FormatMessageA
SetFilePointerEx
ReadFile
WriteFile
TlsSetValue
CreateFileW
SetThreadPriorityBoost
SetThreadPriority
GetThreadPriorityBoost
GetThreadPriority
GetCurrentThread
VirtualUnlock
FormatMessageW
CreateFileA
lstrcmpiA
lstrcmpA
TlsAlloc
GetTickCount
LockFile
DeleteFileA
GetFileSize
RemoveDirectoryW
GetSystemInfo
lstrcpyA
GetSystemWindowsDirectoryW
GetEnvironmentVariableW
GetTempPathW
lstrcatW
GetDiskFreeSpaceExW
lstrlenW
CopyFileW
GetFileInformationByHandle
UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
QueryDosDeviceW
FlsAlloc
FlsFree
OpenThread
GetExitCodeProcess
CreateMailslotW
SetEndOfFile
CreateProcessW
SetHandleInformation
CreatePipe
GetTempFileNameW
GetComputerNameW
SizeofResource
LockResource
LoadResource
FindResourceW
GetACP
TerminateThread
ProcessIdToSessionId
GetComputerNameA
GetEnvironmentVariableA
SystemTimeToFileTime
CompareStringW
CompareStringA
GetProcessHeap
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
GetTimeZoneInformation
FlushFileBuffers
UnlockFile
GetVersionExW
SetCriticalSectionSpinCount
CreateThread
GetCurrentThreadId
WaitForSingleObject
CreateEventW
TryEnterCriticalSection
QueryPerformanceCounter
WideCharToMultiByte
MultiByteToWideChar
DeviceIoControl
InitializeCriticalSection
GetModuleFileNameA
GetCurrentProcessId
LocalFree
GetLogicalDrives
SetEvent
WaitForMultipleObjects
VirtualFree
VirtualAlloc
TlsGetValue
ResetEvent
ResumeThread
CloseHandle
Sleep
TlsFree
GetFullPathNameW
GetFileAttributesW
DeleteFileW
MoveFileExW
GetWindowsDirectoryW
GetSystemDirectoryW
GetCurrentProcess
LoadLibraryW
FreeLibrary
GetModuleHandleW
GetProcAddress
FindFirstFileW
FindClose
GetLastError
SetLastError
GetTickCount64
lstrlenA
FlsSetValue
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
lstrcpyW
SetStdHandle
GetConsoleMode
GetConsoleCP
SetFilePointer
InitializeCriticalSectionAndSpinCount
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
GetTimeFormatA
GetDateFormatA
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
GetLocaleInfoA
GetLocaleInfoW
FatalAppExitA
LoadLibraryA
SetConsoleCtrlHandler
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
SetHandleCount
HeapSize
RtlPcToFileHeader
RaiseException
ExitProcess
RtlVirtualUnwind
IsDebuggerPresent
TerminateProcess
IsValidCodePage
GetOEMCP
GetCPInfo
HeapDestroy
HeapCreate
HeapSetInformation
HeapFree
HeapAlloc
HeapReAlloc
ExitThread
RtlUnwindEx
RtlLookupFunctionEntry
GetCommandLineA
UnhandledExceptionFilter
SetUnhandledExceptionFilter
RtlCaptureContext
GetStdHandle
EncodePointer
DecodePointer
FlsGetValue
SetEnvironmentVariableA

user32

MessageBoxW
wsprintfA
wsprintfW
MessageBoxA
MessageBeep
wvsprintfA

advapi32

ReportEventW
RegQueryValueExA
RegOpenKeyExA
CreateServiceW
RegDeleteValueW
RegEnumKeyExW
GetSecurityDescriptorControl
GetSecurityDescriptorOwner
GetSecurityDescriptorGroup
InitializeAcl
AddAccessAllowedAce
SetSecurityDescriptorOwner
SetSecurityDescriptorGroup
SetSecurityDescriptorSacl
InitiateSystemShutdownW
LookupPrivilegeValueW
AdjustTokenPrivileges
LookupPrivilegeNameW
GetTokenInformation
OpenThreadToken
OpenProcessToken
QueryServiceConfigW
ControlService
StartServiceW
QueryServiceStatus
OpenSCManagerW
OpenServiceW
DeleteService
CloseServiceHandle
RegOpenKeyW
RegEnumValueW
CopySid
EqualSid
IsValidSid
GetLengthSid
RegisterEventSourceW
DeregisterEventSource
RegQueryValueExW
AllocateAndInitializeSid
SetEntriesInAclW
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
FreeSid
LsaNtStatusToWinError
RegOpenKeyExW
RegGetValueW
RegSetValueExW
RegCloseKey
RegCreateKeyExW

shell32

SHChangeNotify
SHFileOperationW

ole32

CoCreateGuid
StringFromGUID2

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

setupapi

SetupDiGetINFClassW
SetupDiEnumDeviceInterfaces
SetupDiGetDeviceInterfaceDetailW
SetupIterateCabinetW
SetupGetSourceFileLocationW
SetupGetSourceInfoW
SetupDiSetClassInstallParamsW
SetupDiGetDeviceInstallParamsW
SetupDiCreateDeviceInfoList
SetupDiCreateDeviceInfoW
SetupDiSetDeviceRegistryPropertyW
SetupDiCallClassInstaller
SetupDiGetDeviceInstanceIdW
SetupGetIntField
SetupDiGetActualSectionToInstallW
SetupOpenInfFileW
SetupFindFirstLineW
SetupFindNextLine
SetupGetStringFieldW
SetupDiGetClassDevsW
CM_Get_DevNode_Status
SetupDiDestroyDeviceInfoList
SetupDiEnumDeviceInfo
SetupDiGetDeviceRegistryPropertyW
SetupCloseInfFile

netapi32

NetShareAdd
NetShareDel

Exports

Exports

CBFSConnect_CBCache_CheckIndex
CBFSConnect_CBCache_Create
CBFSConnect_CBCache_Destroy
CBFSConnect_CBCache_Do
CBFSConnect_CBCache_Get
CBFSConnect_CBCache_GetEventError
CBFSConnect_CBCache_GetEventErrorCode
CBFSConnect_CBCache_GetLastError
CBFSConnect_CBCache_GetLastErrorCode
CBFSConnect_CBCache_Set
CBFSConnect_CBCache_SetEventErrorAndCode
CBFSConnect_CBCache_SetLastErrorAndCode
CBFSConnect_CBCache_StaticDestroy
CBFSConnect_CBCache_StaticInit
CBFSConnect_CBFS_CheckIndex
CBFSConnect_CBFS_Create
CBFSConnect_CBFS_Destroy
CBFSConnect_CBFS_Do
CBFSConnect_CBFS_Get
CBFSConnect_CBFS_GetEventError
CBFSConnect_CBFS_GetEventErrorCode
CBFSConnect_CBFS_GetLastError
CBFSConnect_CBFS_GetLastErrorCode
CBFSConnect_CBFS_Set
CBFSConnect_CBFS_SetEventErrorAndCode
CBFSConnect_CBFS_SetLastErrorAndCode
CBFSConnect_CBFS_StaticDestroy
CBFSConnect_CBFS_StaticInit
CBFSConnect_EvtStr
CBFSConnect_FUSE_CheckIndex
CBFSConnect_FUSE_Create
CBFSConnect_FUSE_Destroy
CBFSConnect_FUSE_Do
CBFSConnect_FUSE_Get
CBFSConnect_FUSE_GetEventError
CBFSConnect_FUSE_GetEventErrorCode
CBFSConnect_FUSE_GetLastError
CBFSConnect_FUSE_GetLastErrorCode
CBFSConnect_FUSE_Set
CBFSConnect_FUSE_SetEventErrorAndCode
CBFSConnect_FUSE_SetLastErrorAndCode
CBFSConnect_FUSE_StaticDestroy
CBFSConnect_FUSE_StaticInit
CBFSConnect_Stream

Sections

.text
Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 186KB - Virtual size: 185KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 31KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 53KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
FATXplorer\smartctl\msvcp140.dll
.dll windows:6 windows x64 arch:x64

118dde577a38119350ab495f68a0326f

Code Sign

33:00:00:00:f8:ae:a0:bd:67:8b:63:ac:eb:00:00:00:00:00:f8
Certificate

Issuer

CN=Microsoft Windows Third Party Component CA 2013,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2023, 19:43

Not After

16/10/2024, 19:43

Subject

CN=Microsoft Windows Software Compatibility Publisher,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

33:00:00:00:14:9d:fb:c3:1f:1f:63:c3:10:00:00:00:00:00:14
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

01/05/2013, 20:44

Not After

01/05/2028, 20:54

Subject

CN=Microsoft Windows Third Party Component CA 2013,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:03:a5:41:11:e8:f0:7f:be:0b:75:00:00:00:00:03:a5
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2023, 19:51

Not After

16/10/2024, 19:51

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08/07/2011, 20:59

Not After

08/07/2026, 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

09:9e:7b:ef:03:27:a7:fc:e4:8b:93:ea:a4:bd:93:4a:e4:7a:e1:20:38:8f:f5:02:99:2c:47:4b:6e:c8:ab:e0
Signer

Actual PE Digest

09:9e:7b:ef:03:27:a7:fc:e4:8b:93:ea:a4:bd:93:4a:e4:7a:e1:20:38:8f:f5:02:99:2c:47:4b:6e:c8:ab:e0

Digest Algorithm

sha256

PE Digest Matches

true

09:9e:7b:ef:03:27:a7:fc:e4:8b:93:ea:a4:bd:93:4a:e4:7a:e1:20:38:8f:f5:02:99:2c:47:4b:6e:c8:ab:e0
Signer

Actual PE Digest

09:9e:7b:ef:03:27:a7:fc:e4:8b:93:ea:a4:bd:93:4a:e4:7a:e1:20:38:8f:f5:02:99:2c:47:4b:6e:c8:ab:e0

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\msvcp140.amd64.pdb

Imports

vcruntime140

__current_exception_context
__C_specific_handler
memcmp
__uncaught_exceptions
__uncaught_exception
memchr
memmove
__std_terminate
_purecall
memset
memcpy
_CxxThrowException
__AdjustPointer
__current_exception
__std_exception_destroy
__std_type_info_destroy_list
__std_exception_copy

vcruntime140_1

__CxxFrameHandler4

api-ms-win-crt-heap-l1-1-0

free
calloc
realloc
_callnewh
malloc

api-ms-win-crt-runtime-l1-1-0

_seh_filter_dll
_configure_narrow_argv
_invalid_parameter_noinfo_noreturn
_initialize_narrow_environment
_register_onexit_function
_execute_onexit_table
_crt_atexit
_endthreadex
_beginthreadex
_set_new_handler
abort
terminate
_cexit
_initialize_onexit_table
_errno
_initterm_e
_initterm

api-ms-win-crt-string-l1-1-0

iswspace
_wcsdup
iswalnum
__strncnt
wcsnlen
wcscpy_s
strcspn
iswdigit
isupper
tolower
isdigit
isspace
islower
iswxdigit
isxdigit
isalnum

api-ms-win-crt-locale-l1-1-0

___lc_codepage_func
setlocale
_unlock_locales
___lc_locale_name_func
localeconv
__pctype_func
___mb_cur_max_func
___lc_collate_cp_func
_lock_locales

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vsprintf_s
fgetc
fseek
_fsopen
_wfsopen
fputs
fgetwc
fputwc
ungetwc
fflush
fgetpos
fputc
fread
fsetpos
_fseeki64
fwrite
setvbuf
__acrt_iob_func
_get_stream_buffer_pointers
fclose
ungetc

api-ms-win-crt-filesystem-l1-1-0

_wrename
_wchdir
_unlock_file
_wremove
_wrmdir
_lock_file

api-ms-win-crt-time-l1-1-0

_Wcsftime
_W_Gettnames
_W_Getmonths
_W_Getdays
_Strftime
_Getdays
_Gettnames
_Getmonths

api-ms-win-crt-environment-l1-1-0

_wgetcwd

api-ms-win-crt-math-l1-1-0

copysign
copysignf
ldexp
_dclass
frexp
_ldclass
log
logf

api-ms-win-crt-convert-l1-1-0

btowc
strtof
strtod

api-ms-win-crt-utility-l1-1-0

rand_s

kernel32

EnterCriticalSection
RaiseException
CompareStringEx
MultiByteToWideChar
GetCPInfo
InitializeSListHead
WideCharToMultiByte
LCMapStringEx
GetLocaleInfoEx
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
CreateDirectoryW
CreateFileW
FindClose
FindFirstFileExW
FindNextFileW
GetDiskFreeSpaceExW
GetFileAttributesExW
GetCurrentProcessId
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetFileInformationByHandleEx
GetProcAddress
GetModuleHandleW
CloseThreadpoolWait
SetThreadpoolWait
CreateThreadpoolWait
CloseThreadpoolTimer
WaitForThreadpoolTimerCallbacks
SetThreadpoolTimer
CreateThreadpoolTimer
GetTickCount64
GetSystemTimeAsFileTime
GetCurrentProcessorNumber
FlushProcessWriteBuffers
CreateSemaphoreExW
CreateEventExW
GetTempPathW
InitOnceExecuteOnce
GetStringTypeW
DeleteCriticalSection
InitializeCriticalSectionEx
LeaveCriticalSection
RtlPcToFileHeader
QueryPerformanceFrequency
QueryPerformanceCounter
GetModuleHandleExW
CloseThreadpoolWork
SubmitThreadpoolWork
CreateThreadpoolWork
FreeLibraryWhenCallbackReturns
IsProcessorFeaturePresent
RtlCaptureStackBackTrace
TryAcquireSRWLockExclusive
GetNativeSystemInfo
GetExitCodeThread
GetCurrentThreadId
SwitchToThread
Sleep
WaitForSingleObjectEx
SleepConditionVariableSRW
WakeAllConditionVariable
WakeConditionVariable
FormatMessageA
LocalFree
DecodePointer
EncodePointer
CreateSymbolicLinkW
CreateHardLinkW
CopyFileW
GetLastError
CloseHandle
AreFileApisANSI
SetFileTime
SetFileInformationByHandle
SetFileAttributesW
GetFileInformationByHandle

Exports

Exports

??$_Getvals@_W@?$time_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@IEAAX_WAEBV_Locinfo@1@@Z
??$_Getvals@_W@?$time_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@IEAAX_WAEBV_Locinfo@1@@Z
??$_Getvals@_W@?$time_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@IEAAX_WAEBV_Locinfo@1@@Z
??0?$_Yarn@D@std@@QEAA@AEBV01@@Z
??0?$_Yarn@D@std@@QEAA@PEBD@Z
??0?$_Yarn@D@std@@QEAA@XZ
??0?$_Yarn@G@std@@QEAA@AEBV01@@Z
??0?$_Yarn@G@std@@QEAA@PEBG@Z
??0?$_Yarn@G@std@@QEAA@XZ
??0?$_Yarn@_W@std@@QEAA@AEBV01@@Z
??0?$_Yarn@_W@std@@QEAA@PEB_W@Z
??0?$_Yarn@_W@std@@QEAA@XZ
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
??0?$basic_ios@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??0?$basic_ios@GU?$char_traits@G@std@@@std@@IEAA@XZ
??0?$basic_ios@GU?$char_traits@G@std@@@std@@QEAA@PEAV?$basic_streambuf@GU?$char_traits@G@std@@@1@@Z
??0?$basic_ios@_WU?$char_traits@_W@std@@@std@@IEAA@XZ
??0?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEAA@PEAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@@Z
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@IEAA@$$QEAV01@@Z
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??0?$basic_iostream@GU?$char_traits@G@std@@@std@@IEAA@$$QEAV01@@Z
??0?$basic_iostream@GU?$char_traits@G@std@@@std@@QEAA@PEAV?$basic_streambuf@GU?$char_traits@G@std@@@1@@Z
??0?$basic_iostream@_WU?$char_traits@_W@std@@@std@@IEAA@$$QEAV01@@Z
??0?$basic_iostream@_WU?$char_traits@_W@std@@@std@@QEAA@PEAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@@Z
??0?$basic_istream@DU?$char_traits@D@std@@@std@@IEAA@$$QEAV01@@Z
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N1@Z
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@W4_Uninitialized@1@@Z
??0?$basic_istream@GU?$char_traits@G@std@@@std@@IEAA@$$QEAV01@@Z
??0?$basic_istream@GU?$char_traits@G@std@@@std@@QEAA@PEAV?$basic_streambuf@GU?$char_traits@G@std@@@1@_N1@Z
??0?$basic_istream@GU?$char_traits@G@std@@@std@@QEAA@PEAV?$basic_streambuf@GU?$char_traits@G@std@@@1@_N@Z
??0?$basic_istream@GU?$char_traits@G@std@@@std@@QEAA@W4_Uninitialized@1@@Z
??0?$basic_istream@_WU?$char_traits@_W@std@@@std@@IEAA@$$QEAV01@@Z
??0?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAA@PEAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@_N1@Z
??0?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAA@PEAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@_N@Z
??0?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAA@W4_Uninitialized@1@@Z
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@IEAA@$$QEAV01@@Z
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@W4_Uninitialized@1@_N@Z
??0?$basic_ostream@GU?$char_traits@G@std@@@std@@IEAA@$$QEAV01@@Z
??0?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAA@PEAV?$basic_streambuf@GU?$char_traits@G@std@@@1@_N@Z
??0?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAA@W4_Uninitialized@1@_N@Z
??0?$basic_ostream@_WU?$char_traits@_W@std@@@std@@IEAA@$$QEAV01@@Z
??0?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAA@PEAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@_N@Z
??0?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAA@W4_Uninitialized@1@_N@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@AEBV01@@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@W4_Uninitialized@1@@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
??0?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAA@AEBV01@@Z
??0?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAA@W4_Uninitialized@1@@Z
??0?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAA@XZ
??0?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAA@AEBV01@@Z
??0?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAA@W4_Uninitialized@1@@Z
??0?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAA@XZ
??0?$codecvt@DDU_Mbstatet@@@std@@QEAA@AEBV_Locinfo@1@_K@Z
??0?$codecvt@DDU_Mbstatet@@@std@@QEAA@_K@Z
??0?$codecvt@GDU_Mbstatet@@@std@@QEAA@AEBV_Locinfo@1@_K@Z
??0?$codecvt@GDU_Mbstatet@@@std@@QEAA@_K@Z
??0?$codecvt@_SDU_Mbstatet@@@std@@QEAA@AEBV_Locinfo@1@KW4_Codecvt_mode@1@_K@Z
??0?$codecvt@_SDU_Mbstatet@@@std@@QEAA@AEBV_Locinfo@1@_K@Z
??0?$codecvt@_SDU_Mbstatet@@@std@@QEAA@_K@Z
??0?$codecvt@_UDU_Mbstatet@@@std@@QEAA@AEBV_Locinfo@1@KW4_Codecvt_mode@1@_K@Z
??0?$codecvt@_UDU_Mbstatet@@@std@@QEAA@AEBV_Locinfo@1@_K@Z
??0?$codecvt@_UDU_Mbstatet@@@std@@QEAA@_K@Z
??0?$codecvt@_WDU_Mbstatet@@@std@@QEAA@AEBV_Locinfo@1@_K@Z
??0?$codecvt@_WDU_Mbstatet@@@std@@QEAA@_K@Z
??0?$ctype@D@std@@QEAA@AEBV_Locinfo@1@_K@Z
??0?$ctype@D@std@@QEAA@PEBF_N_K@Z
??0?$ctype@G@std@@QEAA@AEBV_Locinfo@1@_K@Z
??0?$ctype@G@std@@QEAA@_K@Z
??0?$ctype@_W@std@@QEAA@AEBV_Locinfo@1@_K@Z
??0?$ctype@_W@std@@QEAA@_K@Z
??0?$num_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QEAA@AEBV_Locinfo@1@_K@Z
??0?$num_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QEAA@_K@Z
??0?$num_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QEAA@AEBV_Locinfo@1@_K@Z
??0?$num_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QEAA@_K@Z
??0?$num_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@QEAA@AEBV_Locinfo@1@_K@Z
??0?$num_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@QEAA@_K@Z
??0?$num_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QEAA@AEBV_Locinfo@1@_K@Z
??0?$num_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QEAA@_K@Z
??0?$num_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QEAA@AEBV_Locinfo@1@_K@Z
??0?$num_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QEAA@_K@Z
??0?$num_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@QEAA@AEBV_Locinfo@1@_K@Z
??0?$num_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@QEAA@_K@Z
??0?$time_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@IEAA@PEBD_K@Z
??0?$time_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QEAA@AEBV_Locinfo@1@_K@Z
??0?$time_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QEAA@_K@Z
??0?$time_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@IEAA@PEBD_K@Z
??0?$time_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QEAA@AEBV_Locinfo@1@_K@Z
??0?$time_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QEAA@_K@Z
??0?$time_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@IEAA@PEBD_K@Z
??0?$time_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@QEAA@AEBV_Locinfo@1@_K@Z
??0?$time_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@QEAA@_K@Z
??0?$time_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QEAA@AEBV_Locinfo@1@_K@Z
??0?$time_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QEAA@_K@Z
??0?$time_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@IEAA@PEBD_K@Z
??0?$time_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QEAA@AEBV_Locinfo@1@_K@Z
??0?$time_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QEAA@_K@Z
??0?$time_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@IEAA@PEBD_K@Z
??0?$time_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@QEAA@AEBV_Locinfo@1@_K@Z
??0?$time_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@QEAA@_K@Z
??0Init@ios_base@std@@QEAA@XZ
??0_Facet_base@std@@QEAA@AEBV01@@Z
??0_Facet_base@std@@QEAA@XZ
??0_Init_locks@std@@QEAA@XZ
??0_Locimp@locale@std@@AEAA@AEBV012@@Z
??0_Locimp@locale@std@@AEAA@_N@Z
??0_Locinfo@std@@QEAA@HPEBD@Z
??0_Locinfo@std@@QEAA@PEBD@Z
??0_Lockit@std@@QEAA@H@Z
??0_Lockit@std@@QEAA@XZ
??0_Timevec@std@@QEAA@AEBV01@@Z
??0_Timevec@std@@QEAA@PEAX@Z
??0_UShinit@std@@QEAA@XZ
??0_Winit@std@@QEAA@XZ
??0codecvt_base@std@@QEAA@_K@Z
??0ctype_base@std@@QEAA@_K@Z
??0facet@locale@std@@IEAA@_K@Z
??0id@locale@std@@QEAA@_K@Z
??0ios_base@std@@IEAA@XZ
??0task_continuation_context@Concurrency@@AEAA@XZ
??0time_base@std@@QEAA@_K@Z
??1?$_Yarn@D@std@@QEAA@XZ
??1?$_Yarn@G@std@@QEAA@XZ
??1?$_Yarn@_W@std@@QEAA@XZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1?$basic_ios@GU?$char_traits@G@std@@@std@@UEAA@XZ
??1?$basic_ios@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1?$basic_iostream@GU?$char_traits@G@std@@@std@@UEAA@XZ
??1?$basic_iostream@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1?$basic_istream@GU?$char_traits@G@std@@@std@@UEAA@XZ
??1?$basic_istream@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1?$basic_ostream@GU?$char_traits@G@std@@@std@@UEAA@XZ
??1?$basic_ostream@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAA@XZ
??1?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
??1?$codecvt@DDU_Mbstatet@@@std@@MEAA@XZ
??1?$codecvt@GDU_Mbstatet@@@std@@MEAA@XZ
??1?$codecvt@_SDU_Mbstatet@@@std@@MEAA@XZ
??1?$codecvt@_UDU_Mbstatet@@@std@@MEAA@XZ
??1?$codecvt@_WDU_Mbstatet@@@std@@MEAA@XZ
??1?$ctype@D@std@@MEAA@XZ
??1?$ctype@G@std@@MEAA@XZ
??1?$ctype@_W@std@@MEAA@XZ
??1?$num_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@MEAA@XZ
??1?$num_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@MEAA@XZ
??1?$num_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@MEAA@XZ
??1?$num_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@MEAA@XZ
??1?$num_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@MEAA@XZ
??1?$num_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@MEAA@XZ
??1?$time_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@MEAA@XZ
??1?$time_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@MEAA@XZ
??1?$time_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@MEAA@XZ
??1?$time_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@MEAA@XZ
??1?$time_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@MEAA@XZ
??1?$time_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@MEAA@XZ
??1Init@ios_base@std@@QEAA@XZ
??1_Facet_base@std@@UEAA@XZ
??1_Init_locks@std@@QEAA@XZ
??1_Locimp@locale@std@@MEAA@XZ
??1_Locinfo@std@@QEAA@XZ
??1_Lockit@std@@QEAA@XZ
??1_Timevec@std@@QEAA@XZ
??1_UShinit@std@@QEAA@XZ
??1_Winit@std@@QEAA@XZ
??1codecvt_base@std@@UEAA@XZ
??1ctype_base@std@@UEAA@XZ
??1facet@locale@std@@MEAA@XZ
??1ios_base@std@@UEAA@XZ
??1time_base@std@@UEAA@XZ
??4?$_Iosb@H@std@@QEAAAEAV01@$$QEAV01@@Z
??4?$_Iosb@H@std@@QEAAAEAV01@AEBV01@@Z
??4?$_Yarn@D@std@@QEAAAEAV01@AEBV01@@Z
??4?$_Yarn@D@std@@QEAAAEAV01@PEBD@Z
??4?$_Yarn@G@std@@QEAAAEAV01@AEBV01@@Z
??4?$_Yarn@G@std@@QEAAAEAV01@PEBG@Z
??4?$_Yarn@_W@std@@QEAAAEAV01@AEBV01@@Z
??4?$_Yarn@_W@std@@QEAAAEAV01@PEB_W@Z
??4?$basic_iostream@DU?$char_traits@D@std@@@std@@IEAAAEAV01@$$QEAV01@@Z
??4?$basic_iostream@GU?$char_traits@G@std@@@std@@IEAAAEAV01@$$QEAV01@@Z
??4?$basic_iostream@_WU?$char_traits@_W@std@@@std@@IEAAAEAV01@$$QEAV01@@Z
??4?$basic_istream@DU?$char_traits@D@std@@@std@@IEAAAEAV01@$$QEAV01@@Z
??4?$basic_istream@GU?$char_traits@G@std@@@std@@IEAAAEAV01@$$QEAV01@@Z
??4?$basic_istream@_WU?$char_traits@_W@std@@@std@@IEAAAEAV01@$$QEAV01@@Z
??4?$basic_ostream@DU?$char_traits@D@std@@@std@@IEAAAEAV01@$$QEAV01@@Z
??4?$basic_ostream@GU?$char_traits@G@std@@@std@@IEAAAEAV01@$$QEAV01@@Z
??4?$basic_ostream@_WU?$char_traits@_W@std@@@std@@IEAAAEAV01@$$QEAV01@@Z
??4?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAAEAV01@AEBV01@@Z
??4?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAAEAV01@AEBV01@@Z
??4?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAAAEAV01@AEBV01@@Z
??4Init@ios_base@std@@QEAAAEAV012@AEBV012@@Z
??4_Crt_new_delete@std@@QEAAAEAU01@$$QEAU01@@Z
??4_Crt_new_delete@std@@QEAAAEAU01@AEBU01@@Z
??4_Facet_base@std@@QEAAAEAV01@AEBV01@@Z
??4_Init_locks@std@@QEAAAEAV01@AEBV01@@Z
??4_Timevec@std@@QEAAAEAV01@AEBV01@@Z
??4_UShinit@std@@QEAAAEAV01@AEBV01@@Z
??4_Winit@std@@QEAAAEAV01@AEBV01@@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEAF@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEAG@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEAH@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEAI@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEAJ@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEAK@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEAM@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEAN@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEAO@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEAPEAX@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEA_J@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEA_K@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEA_N@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV?$basic_ios@DU?$char_traits@D@std@@@1@AEAV21@@Z@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@AEAF@Z
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@AEAG@Z
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@AEAH@Z
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@AEAI@Z
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@AEAJ@Z
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@AEAK@Z
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@AEAM@Z
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@AEAN@Z
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@AEAO@Z
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@AEAPEAX@Z
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@AEA_J@Z
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@AEA_K@Z
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@AEA_N@Z
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@P6AAEAV?$basic_ios@GU?$char_traits@G@std@@@1@AEAV21@@Z@Z
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@PEAV?$basic_streambuf@GU?$char_traits@G@std@@@1@@Z
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@AEAF@Z
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@AEAG@Z
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@AEAH@Z
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@AEAI@Z
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@AEAJ@Z
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@AEAK@Z
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@AEAM@Z
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@AEAN@Z
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@AEAO@Z
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@AEAPEAX@Z
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@AEA_J@Z
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@AEA_K@Z
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@AEA_N@Z
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@P6AAEAV?$basic_ios@_WU?$char_traits@_W@std@@@1@AEAV21@@Z@Z
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@PEAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@F@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@G@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@H@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@I@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@J@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@K@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@M@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@N@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@O@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV?$basic_ios@DU?$char_traits@D@std@@@1@AEAV21@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@PEBX@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@_J@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@_K@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@_N@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@F@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@G@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@H@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@I@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@J@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@K@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@M@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@N@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@O@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@P6AAEAV?$basic_ios@GU?$char_traits@G@std@@@1@AEAV21@@Z@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@PEAV?$basic_streambuf@GU?$char_traits@G@std@@@1@@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@PEBX@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@_J@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@_K@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@_N@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@F@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@G@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@H@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@I@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@J@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@K@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@M@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@N@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@O@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@P6AAEAV?$basic_ios@_WU?$char_traits@_W@std@@@1@AEAV21@@Z@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@PEAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@PEBX@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@_J@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@_K@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@_N@Z
??7ios_base@std@@QEBA_NXZ
??Bid@locale@std@@QEAA_KXZ
??Bios_base@std@@QEBA_NXZ
??_7?$basic_ios@DU?$char_traits@D@std@@@std@@6B@
??_7?$basic_ios@GU?$char_traits@G@std@@@std@@6B@
??_7?$basic_ios@_WU?$char_traits@_W@std@@@std@@6B@
??_7?$basic_iostream@DU?$char_traits@D@std@@@std@@6B@
??_7?$basic_iostream@GU?$char_traits@G@std@@@std@@6B@
??_7?$basic_iostream@_WU?$char_traits@_W@std@@@std@@6B@
??_7?$basic_istream@DU?$char_traits@D@std@@@std@@6B@
??_7?$basic_istream@GU?$char_traits@G@std@@@std@@6B@
??_7?$basic_istream@_WU?$char_traits@_W@std@@@std@@6B@
??_7?$basic_ostream@DU?$char_traits@D@std@@@std@@6B@
??_7?$basic_ostream@GU?$char_traits@G@std@@@std@@6B@
??_7?$basic_ostream@_WU?$char_traits@_W@std@@@std@@6B@
??_7?$basic_streambuf@DU?$char_traits@D@std@@@std@@6B@
??_7?$basic_streambuf@GU?$char_traits@G@std@@@std@@6B@
??_7?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@6B@
??_7?$codecvt@DDU_Mbstatet@@@std@@6B@
??_7?$codecvt@GDU_Mbstatet@@@std@@6B@
??_7?$codecvt@_SDU_Mbstatet@@@std@@6B@
??_7?$codecvt@_UDU_Mbstatet@@@std@@6B@
??_7?$codecvt@_WDU_Mbstatet@@@std@@6B@
??_7?$ctype@D@std@@6B@
??_7?$ctype@G@std@@6B@
??_7?$ctype@_W@std@@6B@
??_7?$num_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@6B@
??_7?$num_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@6B@
??_7?$num_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@6B@
??_7?$num_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@6B@
??_7?$num_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@6B@
??_7?$num_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@6B@
??_7?$time_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@6B@
??_7?$time_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@6B@
??_7?$time_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@6B@
??_7?$time_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@6B@
??_7?$time_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@6B@
??_7?$time_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@6B@
??_7_Facet_base@std@@6B@
??_7_Locimp@locale@std@@6B@
??_7codecvt_base@std@@6B@
??_7ctype_base@std@@6B@
??_7facet@locale@std@@6B@
??_7ios_base@std@@6B@
??_7time_base@std@@6B@
??_8?$basic_iostream@DU?$char_traits@D@std@@@std@@7B?$basic_istream@DU?$char_traits@D@std@@@1@@
??_8?$basic_iostream@DU?$char_traits@D@std@@@std@@7B?$basic_ostream@DU?$char_traits@D@std@@@1@@
??_8?$basic_iostream@GU?$char_traits@G@std@@@std@@7B?$basic_istream@GU?$char_traits@G@std@@@1@@
??_8?$basic_iostream@GU?$char_traits@G@std@@@std@@7B?$basic_ostream@GU?$char_traits@G@std@@@1@@
??_8?$basic_iostream@_WU?$char_traits@_W@std@@@std@@7B?$basic_istream@_WU?$char_traits@_W@std@@@1@@
??_8?$basic_iostream@_WU?$char_traits@_W@std@@@std@@7B?$basic_ostream@_WU?$char_traits@_W@std@@@1@@
??_8?$basic_istream@DU?$char_traits@D@std@@@std@@7B@
??_8?$basic_istream@GU?$char_traits@G@std@@@std@@7B@
??_8?$basic_istream@_WU?$char_traits@_W@std@@@std@@7B@
??_8?$basic_ostream@DU?$char_traits@D@std@@@std@@7B@
??_8?$basic_ostream@GU?$char_traits@G@std@@@std@@7B@
??_8?$basic_ostream@_WU?$char_traits@_W@std@@@std@@7B@
??_D?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
??_D?$basic_iostream@GU?$char_traits@G@std@@@std@@QEAAXXZ
??_D?$basic_iostream@_WU?$char_traits@_W@std@@@std@@QEAAXXZ
??_D?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAXXZ
??_D?$basic_istream@GU?$char_traits@G@std@@@std@@QEAAXXZ
??_D?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAAXXZ
??_D?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
??_D?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAXXZ
??_D?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAXXZ
??_F?$codecvt@DDU_Mbstatet@@@std@@QEAAXXZ
??_F?$codecvt@GDU_Mbstatet@@@std@@QEAAXXZ
??_F?$codecvt@_SDU_Mbstatet@@@std@@QEAAXXZ
??_F?$codecvt@_UDU_Mbstatet@@@std@@QEAAXXZ
??_F?$codecvt@_WDU_Mbstatet@@@std@@QEAAXXZ
??_F?$ctype@D@std@@QEAAXXZ
??_F?$ctype@G@std@@QEAAXXZ
??_F?$ctype@_W@std@@QEAAXXZ
??_F?$num_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QEAAXXZ
??_F?$num_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QEAAXXZ
??_F?$num_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@QEAAXXZ
??_F?$num_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QEAAXXZ
??_F?$num_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QEAAXXZ
??_F?$num_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@QEAAXXZ
??_F?$time_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QEAAXXZ
??_F?$time_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QEAAXXZ
??_F?$time_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@QEAAXXZ
??_F?$time_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QEAAXXZ
??_F?$time_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QEAAXXZ
??_F?$time_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@QEAAXXZ
??_F_Locinfo@std@@QEAAXXZ
??_F_Timevec@std@@QEAAXXZ
??_Fcodecvt_base@std@@QEAAXXZ
??_Fctype_base@std@@QEAAXXZ
??_Ffacet@locale@std@@QEAAXXZ
??_Fid@locale@std@@QEAAXXZ
??_Ftime_base@std@@QEAAXXZ
?CaptureCallstack@platform@details@Concurrency@@YA_KPEAPEAX_K1@Z
?GetCurrentThreadId@platform@details@Concurrency@@YAJXZ
?GetNextAsyncId@platform@details@Concurrency@@YAIXZ
?ReportUnhandledError@_ExceptionHolder@details@Concurrency@@AEAAXXZ
?_Addcats@_Locinfo@std@@QEAAAEAV12@HPEBD@Z
?_Addfac@_Locimp@locale@std@@AEAAXPEAVfacet@23@_K@Z
?_Addstd@ios_base@std@@SAXPEAV12@@Z
?_Assign@_ContextCallback@details@Concurrency@@AEAAXPEAX@Z
?_Atexit@@YAXP6AXXZ@Z
?_BADOFF@std@@3_JB
?_C_str@?$_Yarn@D@std@@QEBAPEBDXZ
?_C_str@?$_Yarn@G@std@@QEBAPEBGXZ
?_C_str@?$_Yarn@_W@std@@QEBAPEB_WXZ
?_CallInContext@_ContextCallback@details@Concurrency@@QEBAXV?$function@$$A6AXXZ@std@@_N@Z
?_Callfns@ios_base@std@@AEAAXW4event@12@@Z
?_Capture@_ContextCallback@details@Concurrency@@AEAAXXZ
?_Clocptr@_Locimp@locale@std@@0PEAV123@EA
?_Decref@facet@locale@std@@UEAAPEAV_Facet_base@3@XZ
?_Donarrow@?$ctype@G@std@@IEBADGD@Z
?_Donarrow@?$ctype@_W@std@@IEBAD_WD@Z
?_Dowiden@?$ctype@G@std@@IEBAGD@Z
?_Dowiden@?$ctype@_W@std@@IEBA_WD@Z
?_Empty@?$_Yarn@D@std@@QEBA_NXZ
?_Empty@?$_Yarn@G@std@@QEBA_NXZ
?_Empty@?$_Yarn@_W@std@@QEBA_NXZ
?_Execute_once@std@@YAHAEAUonce_flag@1@P6AHPEAX1PEAPEAX@Z1@Z
?_Ffmt@?$num_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@AEBAPEADPEADDH@Z
?_Ffmt@?$num_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@AEBAPEADPEADDH@Z
?_Ffmt@?$num_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@AEBAPEADPEADDH@Z
?_Findarr@ios_base@std@@AEAAAEAU_Iosarray@12@H@Z
?_Fiopen@std@@YAPEAU_iobuf@@PEBDHH@Z
?_Fiopen@std@@YAPEAU_iobuf@@PEBGHH@Z
?_Fiopen@std@@YAPEAU_iobuf@@PEB_WHH@Z
?_Fput@?$num_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@AEBA?AV?$ostreambuf_iterator@DU?$char_traits@D@std@@@2@V32@AEAVios_base@2@DPEBD_K@Z
?_Fput@?$num_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@AEBA?AV?$ostreambuf_iterator@GU?$char_traits@G@std@@@2@V32@AEAVios_base@2@GPEBD_K@Z
?_Fput@?$num_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@AEBA?AV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@2@V32@AEAVios_base@2@_WPEBD_K@Z
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?_Getcat@?$codecvt@GDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?_Getcat@?$codecvt@_SDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?_Getcat@?$codecvt@_UDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?_Getcat@?$codecvt@_WDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?_Getcat@?$ctype@D@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?_Getcat@?$ctype@G@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?_Getcat@?$ctype@_W@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?_Getcat@?$num_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?_Getcat@?$num_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?_Getcat@?$num_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?_Getcat@?$num_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?_Getcat@?$num_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?_Getcat@?$num_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?_Getcat@?$time_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?_Getcat@?$time_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?_Getcat@?$time_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?_Getcat@?$time_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?_Getcat@?$time_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?_Getcat@?$time_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?_Getcat@facet@locale@std@@SA_KPEAPEBV123@PEBV23@@Z
?_Getcoll@_Locinfo@std@@QEBA?AU_Collvec@@XZ
?_Getctype@_Locinfo@std@@QEBA?AU_Ctypevec@@XZ
?_Getcvt@_Locinfo@std@@QEBA?AU_Cvtvec@@XZ
?_Getdateorder@_Locinfo@std@@QEBAHXZ
?_Getdays@_Locinfo@std@@QEBAPEBDXZ
?_Getfalse@_Locinfo@std@@QEBAPEBDXZ
?_Getffld@?$num_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@AEBAHPEADAEAV?$istreambuf_iterator@DU?$char_traits@D@std@@@2@1AEAVios_base@2@PEAH@Z
?_Getffld@?$num_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@AEBAHPEADAEAV?$istreambuf_iterator@GU?$char_traits@G@std@@@2@1AEAVios_base@2@PEAH@Z
?_Getffld@?$num_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@AEBAHPEADAEAV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@2@1AEAVios_base@2@PEAH@Z
?_Getffldx@?$num_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@AEBAHPEADAEAV?$istreambuf_iterator@DU?$char_traits@D@std@@@2@1AEAVios_base@2@PEAH@Z
?_Getffldx@?$num_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@AEBAHPEADAEAV?$istreambuf_iterator@GU?$char_traits@G@std@@@2@1AEAVios_base@2@PEAH@Z
?_Getffldx@?$num_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@AEBAHPEADAEAV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@2@1AEAVios_base@2@PEAH@Z
?_Getfmt@?$time_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@IEBA?AV?$istreambuf_iterator@DU?$char_traits@D@std@@@2@V32@0AEAVios_base@2@AEAHPEAUtm@@PEBD@Z
?_Getfmt@?$time_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@IEBA?AV?$istreambuf_iterator@GU?$char_traits@G@std@@@2@V32@0AEAVios_base@2@AEAHPEAUtm@@PEBD@Z
?_Getfmt@?$time_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@IEBA?AV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@2@V32@0AEAVios_base@2@AEAHPEAUtm@@PEBD@Z
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
?_Getifld@?$num_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@AEBAHPEADAEAV?$istreambuf_iterator@DU?$char_traits@D@std@@@2@1HAEBVlocale@2@@Z
?_Getifld@?$num_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@AEBAHPEADAEAV?$istreambuf_iterator@GU?$char_traits@G@std@@@2@1HAEBVlocale@2@@Z
?_Getifld@?$num_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@AEBAHPEADAEAV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@2@1HAEBVlocale@2@@Z
?_Getint@?$time_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@AEBAHAEAV?$istreambuf_iterator@DU?$char_traits@D@std@@@2@0HHAEAHAEBV?$ctype@D@2@@Z
?_Getint@?$time_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@AEBAHAEAV?$istreambuf_iterator@GU?$char_traits@G@std@@@2@0HHAEAHAEBV?$ctype@G@2@@Z
?_Getint@?$time_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@AEBAHAEAV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@2@0HHAEAHAEBV?$ctype@_W@2@@Z
?_Getlconv@_Locinfo@std@@QEBAPEBUlconv@@XZ
?_Getmonths@_Locinfo@std@@QEBAPEBDXZ
?_Getname@_Locinfo@std@@QEBAPEBDXZ
?_Getptr@_Timevec@std@@QEBAPEAXXZ
?_Gettnames@_Locinfo@std@@QEBA?AV_Timevec@2@XZ
?_Gettrue@_Locinfo@std@@QEBAPEBDXZ
?_Gnavail@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBA_JXZ
?_Gnavail@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBA_JXZ
?_Gnavail@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEBA_JXZ
?_Gndec@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?_Gndec@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAPEAGXZ
?_Gndec@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAAPEA_WXZ
?_Gninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?_Gninc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAPEAGXZ
?_Gninc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAAPEA_WXZ
?_Gnpreinc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?_Gnpreinc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAPEAGXZ
?_Gnpreinc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAAPEA_WXZ
?_Id_cnt@id@locale@std@@0HA
?_Ifmt@?$num_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@AEBAPEADPEADPEBDH@Z
?_Ifmt@?$num_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@AEBAPEADPEADPEBDH@Z
?_Ifmt@?$num_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@AEBAPEADPEADPEBDH@Z
?_Incref@facet@locale@std@@UEAAXXZ
?_Index@ios_base@std@@0HA

Sections

.text
Size: 332KB - Virtual size: 332KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 181KB - Virtual size: 180KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 960B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
FATXplorer\smartctl\readme.txt
FATXplorer\smartctl\smartctl-nc.exe
.exe windows:6 windows x64 arch:x64

90864622481751818a5cbfd8cdfeef16

Code Sign

45:0c:c7:17:67:89:2d:d0:46:59:8a:b5:04:99:69:9f
Certificate

Issuer

CN=Certum Code Signing 2021 CA,O=Asseco Data Systems S.A.,C=PL

Not Before

11/04/2024, 07:37

Not After

11/04/2027, 07:37

Subject

CN=Eaton Zveare,O=Eaton Zveare,ST=Florida,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

99:a3:80:0a:26:55:3b:65:ab:dc:6e:84:a6:b3:ea:39
Certificate

Issuer

CN=Certum Trusted Network CA 2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

19/05/2021, 05:32

Not After

18/05/2036, 05:32

Subject

CN=Certum Code Signing 2021 CA,O=Asseco Data Systems S.A.,C=PL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

09:c5:cc:f8:bb:66:7d:71:37:aa:c1:59:80:06:cb:31
Certificate

Issuer

CN=Certum Timestamping 2021 CA,O=Asseco Data Systems S.A.,C=PL

Not Before

02/11/2023, 08:32

Not After

30/10/2034, 08:32

Subject

CN=Certum Timestamp 2023,O=Asseco Data Systems S.A.,C=PL

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

e7:ff:69:c7:3b:35:ce:4b:91:26:d8:74:7c:68:a5:87
Certificate

Issuer

CN=Certum Trusted Network CA 2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

19/05/2021, 05:32

Not After

18/05/2036, 05:32

Subject

CN=Certum Timestamping 2021 CA,O=Asseco Data Systems S.A.,C=PL

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1b:b5:8f:25:2a:df:23:00:49:28:c9:ae:3d:7e:ed:27
Certificate

Issuer

CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

31/05/2021, 06:43

Not After

17/09/2029, 06:43

Subject

CN=Certum Trusted Network CA 2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

d7:02:f6:f6:d9:5e:3b:1d:23:00:64:b6:93:53:49:fa:16:f7:a2:2a:26:ae:69:2f:22:87:6f:80:ae:7c:c1:9d
Signer

Actual PE Digest

d7:02:f6:f6:d9:5e:3b:1d:23:00:64:b6:93:53:49:fa:16:f7:a2:2a:26:ae:69:2f:22:87:6f:80:ae:7c:c1:9d

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

DeviceIoControl
VirtualAlloc
GetSystemPowerStatus
CreateMutexA
GetVersionExW
ReleaseMutex
GetModuleHandleA
GetDevicePowerState
GetLastError
VirtualFree
GlobalFree
GetProcAddress
GlobalLock
SetThreadExecutionState
WakeAllConditionVariable
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
GetModuleFileNameA
WideCharToMultiByte
GetVersionExA
MultiByteToWideChar
GetExitCodeProcess
CreateProcessA
CloseHandle
CreateFileA
WaitForSingleObject
CreatePipe
GetCurrentProcess
GlobalSize
SetHandleInformation
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
IsDebuggerPresent
GetModuleHandleW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
SleepConditionVariableSRW

user32

GetSystemMetrics
OpenClipboard
CloseClipboard
GetClipboardData

advapi32

RegCloseKey
RegQueryValueExA
RegOpenKeyExA

ole32

CoCreateInstance
CoInitialize
CoSetProxyBlanket

oleaut32

SysAllocStringLen
SysFreeString
VariantInit
VariantClear

msvcp140

_Query_perf_counter
?_Xlength_error@std@@YAXPEBD@Z
_Query_perf_frequency
?_Xout_of_range@std@@YAXPEBD@Z

vcruntime140

__std_terminate
memset
_CxxThrowException
strstr
_purecall
memmove
memcpy
memcmp
__current_exception_context
__current_exception
__C_specific_handler
strchr
__std_exception_copy
__std_exception_destroy

vcruntime140_1

__CxxFrameHandler4

api-ms-win-crt-string-l1-1-0

tolower
isupper
isalpha
isgraph
toupper
isxdigit
isalnum
_strnicmp
_stricmp
iscntrl
isspace
ispunct
isdigit
islower
strcspn
strncpy
strspn
strncmp
isprint
strcmp

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vfprintf
getc
putc
fputs
fclose
__p__commode
__acrt_iob_func
_close
__stdio_common_vsscanf
_open_osfhandle
fread
fopen
fflush
__stdio_common_vsprintf
_set_fmode

api-ms-win-crt-runtime-l1-1-0

_errno
_invalid_parameter_noinfo_noreturn
strerror
abort
_register_thread_local_exe_atexit_callback
__p___argv
_configure_narrow_argv
_initialize_narrow_environment
_initialize_onexit_table
_register_onexit_function
_crt_atexit
_cexit
terminate
_seh_filter_exe
_set_app_type
_c_exit
_get_initial_narrow_environment
_initterm
_initterm_e
exit
_exit
__p___argc

api-ms-win-crt-heap-l1-1-0

realloc
_set_new_mode
malloc
free
_callnewh
calloc

api-ms-win-crt-environment-l1-1-0

getenv
_putenv

api-ms-win-crt-locale-l1-1-0

___mb_cur_max_func
localeconv
_configthreadlocale
setlocale

api-ms-win-crt-convert-l1-1-0

atoi
strtoull
strtol

api-ms-win-crt-time-l1-1-0

_tzset
__tzname
_localtime64_s
asctime_s
_time64
strftime

api-ms-win-crt-multibyte-l1-1-0

_mbsinc

api-ms-win-crt-math-l1-1-0

__setusermatherr
_fdopen

api-ms-win-crt-filesystem-l1-1-0

_access

Sections

.text
Size: 493KB - Virtual size: 493KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 356KB - Virtual size: 355KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
FATXplorer\smartctl\vcruntime140.dll
.dll windows:6 windows x64 arch:x64

7f07fd94e5bb907093556781cc464017

Code Sign

33:00:00:00:f8:ae:a0:bd:67:8b:63:ac:eb:00:00:00:00:00:f8
Certificate

Issuer

CN=Microsoft Windows Third Party Component CA 2013,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2023, 19:43

Not After

16/10/2024, 19:43

Subject

CN=Microsoft Windows Software Compatibility Publisher,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

33:00:00:00:14:9d:fb:c3:1f:1f:63:c3:10:00:00:00:00:00:14
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

01/05/2013, 20:44

Not After

01/05/2028, 20:54

Subject

CN=Microsoft Windows Third Party Component CA 2013,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:03:a5:41:11:e8:f0:7f:be:0b:75:00:00:00:00:03:a5
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2023, 19:51

Not After

16/10/2024, 19:51

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08/07/2011, 20:59

Not After

08/07/2026, 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

1a:10:bc:7c:70:3a:63:1e:59:62:cd:e6:a1:79:12:c0:c4:d6:01:d7:92:6a:f3:49:92:51:74:e7:92:fb:3d:a0
Signer

Actual PE Digest

1a:10:bc:7c:70:3a:63:1e:59:62:cd:e6:a1:79:12:c0:c4:d6:01:d7:92:6a:f3:49:92:51:74:e7:92:fb:3d:a0

Digest Algorithm

sha256

PE Digest Matches

true

1a:10:bc:7c:70:3a:63:1e:59:62:cd:e6:a1:79:12:c0:c4:d6:01:d7:92:6a:f3:49:92:51:74:e7:92:fb:3d:a0
Signer

Actual PE Digest

1a:10:bc:7c:70:3a:63:1e:59:62:cd:e6:a1:79:12:c0:c4:d6:01:d7:92:6a:f3:49:92:51:74:e7:92:fb:3d:a0

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdb

Imports

api-ms-win-crt-runtime-l1-1-0

terminate
abort

api-ms-win-crt-heap-l1-1-0

calloc
malloc
free

api-ms-win-crt-string-l1-1-0

strcpy_s
strncmp
wcsncmp

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vsprintf
__stdio_common_vsprintf_s

api-ms-win-crt-convert-l1-1-0

atol

kernel32

GetLastError
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlCaptureContext
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
RtlLookupFunctionEntry
RtlUnwindEx
GetModuleHandleW
GetModuleFileNameW
RtlUnwind
EncodePointer
RaiseException
RtlPcToFileHeader
InterlockedPushEntrySList
InterlockedFlushSList
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
GetProcAddress
SetLastError
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW

Exports

Exports

_CreateFrameInfo
_CxxThrowException
_FindAndUnlinkFrame
_IsExceptionObjectToBeDestroyed
_SetWinRTOutOfMemoryExceptionCallback
__AdjustPointer
__BuildCatchObject
__BuildCatchObjectHelper
__C_specific_handler
__C_specific_handler_noexcept
__CxxDetectRethrow
__CxxExceptionFilter
__CxxFrameHandler
__CxxFrameHandler2
__CxxFrameHandler3
__CxxQueryExceptionSize
__CxxRegisterExceptionObject
__CxxUnregisterExceptionObject
__DestructExceptionObject
__FrameUnwindFilter
__GetPlatformExceptionInfo
__NLG_Dispatch2
__NLG_Return2
__RTCastToVoid
__RTDynamicCast
__RTtypeid
__TypeMatch
__current_exception
__current_exception_context
__intrinsic_setjmp
__intrinsic_setjmpex
__processing_throw
__report_gsfailure
__std_exception_copy
__std_exception_destroy
__std_terminate
__std_type_info_compare
__std_type_info_destroy_list
__std_type_info_hash
__std_type_info_name
__telemetry_main_invoke_trigger
__telemetry_main_return_trigger
__unDName
__unDNameEx
__uncaught_exception
__uncaught_exceptions
__vcrt_GetModuleFileNameW
__vcrt_GetModuleHandleW
__vcrt_InitializeCriticalSectionEx
__vcrt_LoadLibraryExW
_get_purecall_handler
_get_unexpected
_is_exception_typeof
_local_unwind
_purecall
_set_purecall_handler
_set_se_translator
longjmp
memchr
memcmp
memcpy
memmove
memset
set_unexpected
strchr
strrchr
strstr
unexpected
wcschr
wcsrchr
wcsstr

Sections

.text
Size: 68KB - Virtual size: 67KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

fothk
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 504B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 976B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 732B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
FATXplorer\smartctl\vcruntime140_1.dll
.dll windows:6 windows x64 arch:x64

72707e942878aac770fcc118ce3ec1c9

Code Sign

33:00:00:00:f8:ae:a0:bd:67:8b:63:ac:eb:00:00:00:00:00:f8
Certificate

Issuer

CN=Microsoft Windows Third Party Component CA 2013,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2023, 19:43

Not After

16/10/2024, 19:43

Subject

CN=Microsoft Windows Software Compatibility Publisher,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

33:00:00:00:14:9d:fb:c3:1f:1f:63:c3:10:00:00:00:00:00:14
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

01/05/2013, 20:44

Not After

01/05/2028, 20:54

Subject

CN=Microsoft Windows Third Party Component CA 2013,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:03:a5:41:11:e8:f0:7f:be:0b:75:00:00:00:00:03:a5
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2023, 19:51

Not After

16/10/2024, 19:51

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08/07/2011, 20:59

Not After

08/07/2026, 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

85:09:23:9c:92:b6:1d:1e:e6:9b:12:ba:3e:b3:d7:ed:7b:08:8e:83:76:bd:0b:8a:b6:25:44:ba:71:da:0e:7a
Signer

Actual PE Digest

85:09:23:9c:92:b6:1d:1e:e6:9b:12:ba:3e:b3:d7:ed:7b:08:8e:83:76:bd:0b:8a:b6:25:44:ba:71:da:0e:7a

Digest Algorithm

sha256

PE Digest Matches

true

85:09:23:9c:92:b6:1d:1e:e6:9b:12:ba:3e:b3:d7:ed:7b:08:8e:83:76:bd:0b:8a:b6:25:44:ba:71:da:0e:7a
Signer

Actual PE Digest

85:09:23:9c:92:b6:1d:1e:e6:9b:12:ba:3e:b3:d7:ed:7b:08:8e:83:76:bd:0b:8a:b6:25:44:ba:71:da:0e:7a

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140_1.amd64.pdb

Imports

api-ms-win-crt-runtime-l1-1-0

terminate
abort

api-ms-win-crt-heap-l1-1-0

malloc
calloc
free

api-ms-win-crt-string-l1-1-0

strcpy_s
wcsncmp

vcruntime140

memcpy
__processing_throw
__C_specific_handler
memmove
__current_exception

kernel32

IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlCaptureContext
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
RtlUnwindEx
RtlLookupFunctionEntry
LoadLibraryExW
GetProcAddress
FreeLibrary
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
EncodePointer
RaiseException
RtlPcToFileHeader
GetLastError
DeleteCriticalSection
SetLastError

Exports

Exports

__CxxFrameHandler4
__NLG_Dispatch2
__NLG_Return2

Sections

.text
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 984B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 324B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

dae02f32a21e03ce65412f6e56942daa

Code Sign

04:85:cc:3c:f8:6b:2c:ad:3f:d2:9a:61:1c:55:d5:ddCertificate

Extended Key Usages

Key Usages

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16Certificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

25:d8:69:78:c3:b0:d2:6d:39:d2:01:74:0c:00:7b:8f:8f:e9:64:70:ba:ac:7a:3e:e2:a4:c1:13:25:42:3c:21Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mscoree

Sections

.text Size: 963KB - Virtual size: 963KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 12B

dae02f32a21e03ce65412f6e56942daa

Code Sign

04:85:cc:3c:f8:6b:2c:ad:3f:d2:9a:61:1c:55:d5:ddCertificate

Extended Key Usages

Key Usages

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16Certificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

58:3e:f4:46:08:77:40:7f:e0:d4:d0:ab:8a:c7:ed:2f:ac:92:b9:d3:c8:89:60:e3:1f:18:ec:8b:a8:0a:c2:b2Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mscoree

Sections

.text Size: 5.2MB - Virtual size: 5.2MB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 12B

dae02f32a21e03ce65412f6e56942daa

Code Sign

04:85:cc:3c:f8:6b:2c:ad:3f:d2:9a:61:1c:55:d5:ddCertificate

Extended Key Usages

Key Usages

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16Certificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

05:45:9a:c9:51:df:8b:7a:93:38:a9:50:16:98:ef:eb:16:78:39:ea:90:ac:53:1c:47:4a:c1:95:30:13:92:65Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

04:85:cc:3c:f8:6b:2c:ad:3f:d2:9a:61:1c:55:d5:dd
Certificate

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

25:d8:69:78:c3:b0:d2:6d:39:d2:01:74:0c:00:7b:8f:8f:e9:64:70:ba:ac:7a:3e:e2:a4:c1:13:25:42:3c:21
Signer

.text
Size: 963KB - Virtual size: 963KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B

04:85:cc:3c:f8:6b:2c:ad:3f:d2:9a:61:1c:55:d5:dd
Certificate

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

58:3e:f4:46:08:77:40:7f:e0:d4:d0:ab:8a:c7:ed:2f:ac:92:b9:d3:c8:89:60:e3:1f:18:ec:8b:a8:0a:c2:b2
Signer

.text
Size: 5.2MB - Virtual size: 5.2MB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B

04:85:cc:3c:f8:6b:2c:ad:3f:d2:9a:61:1c:55:d5:dd
Certificate

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

05:45:9a:c9:51:df:8b:7a:93:38:a9:50:16:98:ef:eb:16:78:39:ea:90:ac:53:1c:47:4a:c1:95:30:13:92:65
Signer

.text
Size: 980KB - Virtual size: 979KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B

04:85:cc:3c:f8:6b:2c:ad:3f:d2:9a:61:1c:55:d5:dd
Certificate

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

44:b7:18:72:8d:7e:8d:41:3d:dc:ee:e0:62:2d:f9:a2:f1:51:83:a0:37:44:e0:90:57:b0:c9:ab:13:af:95:e4
Signer

.text
Size: 4.4MB - Virtual size: 4.4MB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B

04:85:cc:3c:f8:6b:2c:ad:3f:d2:9a:61:1c:55:d5:dd
Certificate

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

fe:c8:db:fb:e6:3a:7c:5c:fd:7c:92:51:b6:5a:0e:fc:b3:af:5d:a7:16:b1:9a:cb:24:2e:e0:53:72:16:fa:88
Signer

.text
Size: 19.5MB - Virtual size: 19.5MB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B

04:85:cc:3c:f8:6b:2c:ad:3f:d2:9a:61:1c:55:d5:dd
Certificate

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate