98ac73476dc54d1b1a9724dfee21937d_JaffaCakes118

resource
unpack002/$PLUGINSDIR/InstallOptions.dll
unpack002/$PLUGINSDIR/System.dll
unpack002/$PLUGINSDIR/linker.dll
unpack002/$PLUGINSDIR/nsProcess.dll
unpack002/$PLUGINSDIR/nsSessionSIDW.dll
unpack003/$PLUGINSDIR/InstallOptions.dll
unpack003/$PLUGINSDIR/System.dll
unpack003/$PLUGINSDIR/nsEnvVariables.dll
unpack003/$PLUGINSDIR/nsProcess.dll
unpack003/$PLUGINSDIR/nsisos.dll

.exe windows:5 windows x86 arch:x86

bf95d1fc1d10de18b32654b123ad5e1f

Code Sign

07:c8:cc:b4:dd:a3:80:23:6b:da:84:4e:b9:25:91:3a
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

19/12/2019, 00:00

Not After

16/03/2022, 12:00

Subject

CN=Corel Corporation,O=Corel Corporation,L=Ottawa,ST=Ontario,C=CA

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

a6:b3:a1:34:36:c4:46:e6:ed:d2:28:3d:1c:3d:4c:cb:d6:87:da:78
Signer

Actual PE Digest

a6:b3:a1:34:36:c4:46:e6:ed:d2:28:3d:1c:3d:4c:cb:d6:87:da:78

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetFileTime

CompareFileTime

SearchPathW

GetShortPathNameW

GetFullPathNameW

MoveFileW

SetCurrentDirectoryW

GetFileAttributesW

GetLastError

CreateDirectoryW

SetFileAttributesW

Sleep

GetTickCount

GetFileSize

GetModuleFileNameW

GetCurrentProcess

CopyFileW

ExitProcess

GetWindowsDirectoryW

GetTempPathW

GetCommandLineW

SetErrorMode

lstrcpynA

CloseHandle

lstrcpynW

GetDiskFreeSpaceW

GlobalUnlock

GlobalLock

CreateThread

LoadLibraryW

CreateProcessW

lstrcmpiA

CreateFileW

GetTempFileNameW

lstrcatW

GetProcAddress

LoadLibraryA

GetModuleHandleA

OpenProcess

lstrcpyW

GetVersionExW

GetSystemDirectoryW

GetVersion

lstrcpyA

RemoveDirectoryW

lstrcmpiW

lstrcmpW

ExpandEnvironmentStringsW

GlobalAlloc

WaitForSingleObject

GetExitCodeProcess

GlobalFree

GetModuleHandleW

LoadLibraryExW

FreeLibrary

WritePrivateProfileStringW

GetPrivateProfileStringW

WideCharToMultiByte

MulDiv

lstrlenA

WriteFile

ReadFile

MultiByteToWideChar

SetFilePointer

FindClose

FindNextFileW

FindFirstFileW

DeleteFileW

lstrlenW

user32

ScreenToClient

GetMessagePos

CallWindowProcW

IsWindowVisible

LoadBitmapW

CloseClipboard

SetClipboardData

EmptyClipboard

OpenClipboard

TrackPopupMenu

GetWindowRect

AppendMenuW

CreatePopupMenu

GetSystemMetrics

EndDialog

EnableMenuItem

GetSystemMenu

SetClassLongW

IsWindowEnabled

SetWindowPos

DialogBoxParamW

CheckDlgButton

CreateWindowExW

SystemParametersInfoW

RegisterClassW

SetDlgItemTextW

GetDlgItemTextW

MessageBoxIndirectW

CharNextA

CharUpperW

CharPrevW

DispatchMessageW

PeekMessageW

wsprintfA

DestroyWindow

CreateDialogParamW

SetTimer

SetWindowTextW

PostQuitMessage

SetForegroundWindow

ShowWindow

wsprintfW

SendMessageTimeoutW

LoadCursorW

SetCursor

GetWindowLongW

GetSysColor

CharNextW

GetClassInfoW

ExitWindowsEx

FindWindowExW

GetDlgItem

SetWindowLongW

LoadImageW

GetDC

EnableWindow

InvalidateRect

SendMessageW

DefWindowProcW

BeginPaint

GetClientRect

FillRect

DrawTextW

EndPaint

IsWindow

gdi32

SetBkColor

GetDeviceCaps

DeleteObject

CreateBrushIndirect

CreateFontIndirectW

SetBkMode

SetTextColor

SelectObject

shell32

SHBrowseForFolderW

SHGetPathFromIDListW

SHGetFileInfoW

ShellExecuteW

SHFileOperationW

SHGetSpecialFolderLocation

advapi32

RegEnumKeyW

RegOpenKeyExW

RegCloseKey

RegDeleteKeyW

RegDeleteValueW

RegCreateKeyExW

RegSetValueExW

RegQueryValueExW

RegEnumValueW

comctl32

ImageList_AddMasked

ImageList_Destroy

ord17

ImageList_Create

ole32

CoTaskMemFree

OleInitialize

OleUninitialize

CoCreateInstance

version

GetFileVersionInfoSizeW

GetFileVersionInfoW

VerQueryValueW

Sections

.text
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 452KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 564KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.rsrc
Size: 364KB - Virtual size: 364KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

72c3d354-d3a2-43dd-a647-9eb167014660.exe

.exe windows:5 windows x86 arch:x86

b729b61eb1515fcf7b3e511e4e66258b

Code Sign

07:c8:cc:b4:dd:a3:80:23:6b:da:84:4e:b9:25:91:3a
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

19/12/2019, 00:00

Not After

16/03/2022, 12:00

Subject

CN=Corel Corporation,O=Corel Corporation,L=Ottawa,ST=Ontario,C=CA

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

9d:c6:3e:d3:c6:bd:f2:4c:87:de:94:48:a1:6f:73:da:bd:5a:12:34
Signer

Actual PE Digest

9d:c6:3e:d3:c6:bd:f2:4c:87:de:94:48:a1:6f:73:da:bd:5a:12:34

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetFileTime

CompareFileTime

SearchPathW

GetShortPathNameW

GetFullPathNameW

MoveFileW

SetCurrentDirectoryW

GetFileAttributesW

GetLastError

CreateDirectoryW

SetFileAttributesW

Sleep

GetTickCount

CreateFileW

GetFileSize

GetModuleFileNameW

GetCurrentProcess

CopyFileW

ExitProcess

GetWindowsDirectoryW

GetTempPathW

GetCommandLineW

SetErrorMode

CloseHandle

lstrlenW

lstrcpynW

GetDiskFreeSpaceW

GlobalUnlock

GlobalLock

CreateThread

LoadLibraryW

CreateProcessW

lstrcmpiA

GetTempFileNameW

lstrcatW

GetProcAddress

LoadLibraryA

GetModuleHandleA

OpenProcess

lstrcpyW

GetVersionExW

GetSystemDirectoryW

GetVersion

lstrcpyA

RemoveDirectoryW

lstrcmpiW

lstrcmpW

ExpandEnvironmentStringsW

GlobalAlloc

WaitForSingleObject

GetExitCodeProcess

GlobalFree

GetModuleHandleW

LoadLibraryExW

FreeLibrary

WritePrivateProfileStringW

GetPrivateProfileStringW

WideCharToMultiByte

MulDiv

lstrlenA

WriteFile

ReadFile

MultiByteToWideChar

SetFilePointer

FindClose

FindNextFileW

FindFirstFileW

DeleteFileW

lstrcpynA

user32

ScreenToClient

GetMessagePos

CallWindowProcW

IsWindowVisible

LoadBitmapW

CloseClipboard

SetClipboardData

EmptyClipboard

OpenClipboard

TrackPopupMenu

GetWindowRect

AppendMenuW

CreatePopupMenu

GetSystemMetrics

EndDialog

EnableMenuItem

GetSystemMenu

SetClassLongW

IsWindowEnabled

SetWindowPos

DialogBoxParamW

CheckDlgButton

CreateWindowExW

SystemParametersInfoW

RegisterClassW

SetDlgItemTextW

GetDlgItemTextW

MessageBoxIndirectW

CharNextA

CharUpperW

CharPrevW

DispatchMessageW

PeekMessageW

wsprintfA

DestroyWindow

CreateDialogParamW

SetTimer

SetWindowTextW

PostQuitMessage

SetForegroundWindow

ShowWindow

wsprintfW

SendMessageTimeoutW

LoadCursorW

SetCursor

GetWindowLongW

GetSysColor

CharNextW

GetClassInfoW

ExitWindowsEx

FindWindowExW

GetDlgItem

SetWindowLongW

LoadImageW

GetDC

EnableWindow

InvalidateRect

SendMessageW

DefWindowProcW

BeginPaint

GetClientRect

FillRect

DrawTextW

EndPaint

IsWindow

gdi32

SetBkColor

GetDeviceCaps

DeleteObject

CreateBrushIndirect

CreateFontIndirectW

SetBkMode

SetTextColor

SelectObject

shell32

SHBrowseForFolderW

SHGetPathFromIDListW

SHGetFileInfoW

ShellExecuteW

SHFileOperationW

SHGetSpecialFolderLocation

advapi32

RegEnumKeyW

RegOpenKeyExW

RegCloseKey

RegDeleteKeyW

RegDeleteValueW

RegCreateKeyExW

RegSetValueExW

RegQueryValueExW

RegEnumValueW

comctl32

ImageList_AddMasked

ImageList_Destroy

ord17

ImageList_Create

ole32

CoTaskMemFree

OleInitialize

OleUninitialize

CoCreateInstance

version

GetFileVersionInfoSizeW

GetFileVersionInfoW

VerQueryValueW

Sections

.text
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 409KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 996KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.rsrc
Size: 370KB - Virtual size: 369KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

$APPDATA/WinZip/WinZip Registry Optimizer/Language/Bulgarian.xml

.xml

$APPDATA/WinZip/WinZip Registry Optimizer/Language/Croatian.xml

.xml

$APPDATA/WinZip/WinZip Registry Optimizer/Language/Czech.xml

.xml

$APPDATA/WinZip/WinZip Registry Optimizer/Language/Danish.xml

.xml

$APPDATA/WinZip/WinZip Registry Optimizer/Language/Dutch.xml

.xml

$APPDATA/WinZip/WinZip Registry Optimizer/Language/English.xml

$APPDATA/WinZip/WinZip Registry Optimizer/Language/Finnish.xml

.xml

$APPDATA/WinZip/WinZip Registry Optimizer/Language/French.xml

.xml

$APPDATA/WinZip/WinZip Registry Optimizer/Language/German.xml

.xml

$APPDATA/WinZip/WinZip Registry Optimizer/Language/Greek.xml

.xml

$APPDATA/WinZip/WinZip Registry Optimizer/Language/Hungarian.xml

.xml

$APPDATA/WinZip/WinZip Registry Optimizer/Language/Indonesian.xml

.xml

$APPDATA/WinZip/WinZip Registry Optimizer/Language/Italian.xml

.xml

$APPDATA/WinZip/WinZip Registry Optimizer/Language/Japanese.xml

.xml

$APPDATA/WinZip/WinZip Registry Optimizer/Language/Korean.xml

$APPDATA/WinZip/WinZip Registry Optimizer/Language/Norwegian.xml

.xml

$APPDATA/WinZip/WinZip Registry Optimizer/Language/Polish.xml

.xml

$APPDATA/WinZip/WinZip Registry Optimizer/Language/Portuguese.xml

.xml

$APPDATA/WinZip/WinZip Registry Optimizer/Language/Romanian.xml

.xml

$APPDATA/WinZip/WinZip Registry Optimizer/Language/Russian.xml

$APPDATA/WinZip/WinZip Registry Optimizer/Language/SimpChinese.xml

.xml

$APPDATA/WinZip/WinZip Registry Optimizer/Language/Spanish.xml

.xml

$APPDATA/WinZip/WinZip Registry Optimizer/Language/Swedish.xml

.xml

$APPDATA/WinZip/WinZip Registry Optimizer/Language/Thai.xml

.xml

$APPDATA/WinZip/WinZip Registry Optimizer/Language/TradChinese.xml

.xml

$APPDATA/WinZip/WinZip Registry Optimizer/Language/Turkish.xml

.xml

$PLUGINSDIR/InstallOptions.dll

.dll windows:5 windows x86 arch:x86

cd90e33ffbc335413a25300c682c83df

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_32BIT_MACHINE

IMAGE_FILE_DLL

Imports

kernel32

lstrcmpiW

GetModuleHandleW

GlobalLock

GlobalUnlock

GetCurrentDirectoryW

SetCurrentDirectoryW

GetPrivateProfileIntW

GetPrivateProfileStringW

lstrcatW

WritePrivateProfileStringW

lstrcpynW

lstrlenW

lstrcpyW

GlobalFree

GlobalAlloc

user32

OpenClipboard

DestroyIcon

LoadCursorW

DispatchMessageW

TranslateMessage

GetMessageW

IsDialogMessageW

ShowWindow

SetWindowLongW

GetClientRect

SetWindowRgn

LoadIconW

LoadImageW

CreateWindowExW

MapDialogRect

GetClipboardData

GetWindowRect

CreateDialogParamW

EnableMenuItem

GetSystemMenu

EnableWindow

GetDlgItem

SetCursor

DrawTextW

GetWindowLongW

DrawFocusRect

CallWindowProcW

PostMessageW

wsprintfW

CharNextW

MessageBoxW

CloseClipboard

GetDlgCtrlID

MapWindowPoints

SetWindowPos

PtInRect

GetWindowTextW

SetWindowTextW

SendMessageW

DestroyWindow

gdi32

SelectObject

CreateRectRgn

GetObjectW

CombineRgn

DeleteObject

CreateCompatibleDC

GetDIBits

SetTextColor

shell32

SHBrowseForFolderW

SHGetPathFromIDListW

ShellExecuteW

SHGetDesktopFolder

comdlg32

GetOpenFileNameW

CommDlgExtendedError

GetSaveFileNameW

ole32

CoTaskMemFree

Exports

dialog

initDialog

show

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_DISCARDABLE

IMAGE_SCN_MEM_READ

$PLUGINSDIR/System.dll

.dll windows:5 windows x86 arch:x86

039bcbc605477e8e87ec550c2e60e748

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_32BIT_MACHINE

IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc

GlobalFree

GlobalSize

GetLastError

lstrcpyW

lstrcpynW

GetProcAddress

WideCharToMultiByte

lstrcatW

lstrlenW

lstrcmpiW

LoadLibraryW

GetModuleHandleW

MultiByteToWideChar

VirtualAlloc

VirtualProtect

FreeLibrary

user32

wsprintfW

ole32

CLSIDFromString

StringFromGUID2

Exports

Alloc

Call

Copy

Free

Get

Int64Op

Store

StrAlloc

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 963B

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 64B

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 588B

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_DISCARDABLE

IMAGE_SCN_MEM_READ

$PLUGINSDIR/ioSpecial.ini

$PLUGINSDIR/linker.dll

.dll windows:5 windows x86 arch:x86

d3b0357e5a9df93304cb6f852ecac3b7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_32BIT_MACHINE

IMAGE_FILE_DLL

Imports

user32

LoadCursorW

CreateCursor

GetFocus

DrawTextW

SetCapture

BeginPaint

ScreenToClient

SetCursor

ClientToScreen

GetClientRect

PtInRect

GetDC

DrawFocusRect

InvalidateRect

GetWindowLongW

GetAncestor

ReleaseDC

SetWindowLongW

EndPaint

SetFocus

DestroyCursor

SetWindowPos

IsWindow

ReleaseCapture

SendMessageW

CallWindowProcW

GetWindowRect

gdi32

GetObjectW

SelectObject

DeleteObject

SetBkMode

CreateFontIndirectW

SetTextColor

GetStockObject

shell32

ShellExecuteW

kernel32

lstrcpynW

GlobalFree

lstrcpyW

GlobalAlloc

GetModuleHandleW

Exports

Link

Unload

Sections

.text
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 268B

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 274B

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_DISCARDABLE

IMAGE_SCN_MEM_READ

$PLUGINSDIR/modern-wizard.bmp

$PLUGINSDIR/nsProcess.dll

.dll windows:5 windows x86 arch:x86

439074d1c01f7b16781bdf060930814a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_32BIT_MACHINE

IMAGE_FILE_DLL

Imports

kernel32

CloseHandle

TerminateProcess

WaitForSingleObject

GetExitCodeProcess

OpenProcess

MultiByteToWideChar

lstrlenA

lstrlenW

LoadLibraryA

lstrcmpiW

lstrcpynW

FreeLibrary

LocalFree

LocalAlloc

GetProcAddress

LoadLibraryW

GetVersionExW

GlobalFree

GlobalAlloc

user32

GetWindowThreadProcessId

EnumWindows

wsprintfW

PostMessageW

Exports

_CloseProcess

_FindProcess

_KillProcess

_Unload

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 927B

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 254B

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_DISCARDABLE

IMAGE_SCN_MEM_READ

$PLUGINSDIR/nsSessionSIDW.dll

.dll windows:5 windows x86 arch:x86

b3031de3a4e382143eb2236474719dea

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_32BIT_MACHINE

IMAGE_FILE_DLL

Imports

kernel32

FindResourceExW

OpenProcess

Process32NextW

Process32FirstW

CreateToolhelp32Snapshot

LocalFree

FindResourceW

lstrcpynW

GlobalAlloc

WideCharToMultiByte

MultiByteToWideChar

LoadResource

LockResource

SizeofResource

RaiseException

EnterCriticalSection

LeaveCriticalSection

InitializeCriticalSection

DeleteCriticalSection

HeapDestroy

HeapAlloc

HeapFree

HeapReAlloc

HeapSize

GetProcessHeap

TerminateProcess

GetCurrentProcess

UnhandledExceptionFilter

SetUnhandledExceptionFilter

IsDebuggerPresent

RtlUnwind

GetCurrentThreadId

GetCommandLineA

GetLastError

GetCPInfo

InterlockedIncrement

InterlockedDecrement

GetACP

GetOEMCP

IsValidCodePage

GetModuleHandleW

GetProcAddress

TlsGetValue

TlsAlloc

TlsSetValue

TlsFree

SetLastError

Sleep

ExitProcess

SetHandleCount

GetStdHandle

GetFileType

GetStartupInfoA

GetModuleFileNameA

FreeEnvironmentStringsA

GetEnvironmentStrings

FreeEnvironmentStringsW

GetEnvironmentStringsW

HeapCreate

VirtualFree

QueryPerformanceCounter

GetTickCount

GetCurrentProcessId

GetSystemTimeAsFileTime

VirtualAlloc

LCMapStringA

LCMapStringW

GetStringTypeA

GetStringTypeW

GetLocaleInfoA

WriteFile

LoadLibraryA

InitializeCriticalSectionAndSpinCount

advapi32

ConvertSidToStringSidW

OpenProcessToken

GetTokenInformation

Exports

getSessionSID

Sections

.text
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

.rdata
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_DISCARDABLE

IMAGE_SCN_MEM_READ

FileExtensionManager-vc141-mt.dll

.dll windows:6 windows x64 arch:x64

c27087b3bafbb1ede648913f85d193aa

Code Sign

07:c8:cc:b4:dd:a3:80:23:6b:da:84:4e:b9:25:91:3a
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

19/12/2019, 00:00

Not After

16/03/2022, 12:00

Subject

CN=Corel Corporation,O=Corel Corporation,L=Ottawa,ST=Ontario,C=CA

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

84:10:2b:e6:b1:29:e8:a6:5a:67:d7:a9:12:df:bb:b2:b1:5a:78:49
Signer

Actual PE Digest

84:10:2b:e6:b1:29:e8:a6:5a:67:d7:a9:12:df:bb:b2:b1:5a:78:49

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_LARGE_ADDRESS_AWARE

IMAGE_FILE_DLL

PDB Paths

D:\Projects\RegistryReviver_with_tests\bin\x64\Release\FileExtensionManager-vc141-mt.pdb

Imports

kernel32

GlobalLock

GlobalUnlock

GlobalFree

LoadLibraryW

CreateToolhelp32Snapshot

Process32FirstW

Process32NextW

Thread32First

Thread32Next

InitializeCriticalSectionAndSpinCount

ReleaseSemaphore

CreateSemaphoreA

VerSetConditionMask

InitializeCriticalSection

VerifyVersionInfoW

GetCurrentProcessId

Sleep

LeaveCriticalSection

CreateEventA

TerminateProcess

IsProcessorFeaturePresent

SetUnhandledExceptionFilter

SetLastError

RtlVirtualUnwind

RtlLookupFunctionEntry

RtlCaptureContext

CreateEventW

CreateWaitableTimerA

GetModuleHandleA

TlsFree

TlsSetValue

TlsGetValue

TlsAlloc

ResumeThread

SetWaitableTimer

OpenEventA

WaitForMultipleObjectsEx

ResetEvent

QueryPerformanceFrequency

QueryPerformanceCounter

LoadLibraryExA

VirtualFree

VirtualAlloc

FlushInstructionCache

InterlockedPushEntrySList

InterlockedPopEntrySList

InitializeSListHead

EncodePointer

OutputDebugStringW

IsDebuggerPresent

GlobalAlloc

EnterCriticalSection

WaitForSingleObjectEx

SetEvent

DeleteCriticalSection

InitializeCriticalSectionEx

GetProcessHeap

HeapSize

HeapFree

HeapReAlloc

HeapAlloc

HeapDestroy

GetLastError

RaiseException

CloseHandle

DecodePointer

ExpandEnvironmentStringsW

GetSystemTimeAsFileTime

GetUserDefaultLangID

FindResourceW

LocalFree

SizeofResource

LockResource

LoadResource

GetProcAddress

GetModuleHandleW

GetModuleFileNameW

FindResourceExW

GetCurrentThreadId

UnhandledExceptionFilter

GetCurrentProcess

DisableThreadLibraryCalls

user32

LoadImageW

DestroyCursor

SetCursor

IsWindowEnabled

ReleaseCapture

GetParent

SetWindowLongW

GetWindowLongW

ScreenToClient

GetWindowTextLengthW

GetWindowTextW

SetWindowTextW

GetPropW

DestroyIcon

InvalidateRect

UnregisterClassW

GetFocus

BeginPaint

GetGuiResources

DefWindowProcW

PostQuitMessage

CallWindowProcW

EndPaint

ReleaseDC

GetDC

SetWindowPos

SendMessageW

TrackMouseEvent

RegisterClassExW

GetClassInfoExW

CreateWindowExW

IsWindow

DestroyWindow

ShowWindow

SetPropW

GetClientRect

FillRect

GetWindowLongPtrW

SetWindowLongPtrW

LoadCursorW

RegisterWindowMessageW

IsWindowVisible

GetWindowRect

GetClassNameW

CallNextHookEx

mouse_event

SendInput

SetCursorPos

GetCursorPos

FindWindowW

SetWindowsHookExW

gdi32

SetStretchBltMode

StretchBlt

GetObjectW

GetBitmapBits

GetDeviceCaps

SaveDC

RestoreDC

SelectObject

CreateCompatibleDC

CreateCompatibleBitmap

BitBlt

DeleteObject

DeleteDC

CreateSolidBrush

shell32

ExtractIconExW

ole32

CreateStreamOnHGlobal

CoUninitialize

CoInitializeEx

CoCreateInstance

advapi32

OpenProcessToken

GetTokenInformation

LookupAccountSidW

RegCloseKey

RegEnumKeyExW

RegEnumValueW

RegOpenKeyExW

ConvertSidToStringSidW

ConvertStringSidToSidW

RegCreateKeyW

RegCreateKeyExW

RegDeleteKeyW

RegEnumKeyW

RegOpenKeyW

RegQueryInfoKeyW

RegQueryValueExW

RegSetValueExW

RegDeleteValueW

msvcp140

??0_Lockit@std@@QEAA@H@Z

??1_Lockit@std@@QEAA@XZ

?_Xbad_alloc@std@@YAXXZ

?_Xlength_error@std@@YAXPEBD@Z

_Wcscoll

_Wcsxfrm

??0_Locinfo@std@@QEAA@PEBD@Z

??1_Locinfo@std@@QEAA@XZ

?_Getcoll@_Locinfo@std@@QEBA?AU_Collvec@@XZ

??Bid@locale@std@@QEAA_KXZ

??0facet@locale@std@@IEAA@_K@Z

??1facet@locale@std@@MEAA@XZ

?_Init@locale@std@@CAPEAV_Locimp@12@_N@Z

?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ

?is@?$ctype@_W@std@@QEBA_NF_W@Z

?tolower@?$ctype@_W@std@@QEBA_W_W@Z

?tolower@?$ctype@_W@std@@QEBAPEB_WPEA_WPEB_W@Z

?_Getcat@?$ctype@_W@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z

?_Xregex_error@std@@YAXW4error_type@regex_constants@1@@Z

?_Decref@facet@locale@std@@UEAAPEAV_Facet_base@3@XZ

?_Incref@facet@locale@std@@UEAAXXZ

?id@?$ctype@_W@std@@2V0locale@2@A

?id@?$collate@_W@std@@2V0locale@2@A

?toupper@?$ctype@_W@std@@QEBA_W_W@Z

shlwapi

AssocQueryStringW

SHGetValueW

AssocQueryKeyW

wtsapi32

WTSFreeMemory

WTSQuerySessionInformationW

version

VerQueryValueW

GetFileVersionInfoSizeW

GetFileVersionInfoW

gdiplus

GdipCreateStringFormat

GdipGetImageGraphicsContext

GdipDeleteFont

GdipCreateBitmapFromFile

GdipDeleteBrush

GdipCreateFontFamilyFromName

GdipCreateSolidFill

GdipSetTextRenderingHint

GdipGetDpiY

GdipDeleteFontFamily

GdipGetFamilyName

GdipGetFamily

GdipCloneFont

GdipGetFontSize

GdipGetFontHeight

GdipDrawString

GdipMeasureString

GdipStringFormatGetGenericTypographic

GdipSetStringFormatAlign

GdipGetStringFormatAlign

GdipSetStringFormatLineAlign

GdipGetStringFormatLineAlign

GdipSetStringFormatTrimming

GdipCreateBitmapFromScan0

GdipGetFontStyle

GdipGetStringFormatTrimming

GdipCreateFont

GdipCreateFromHWND

GdipCloneBrush

GdipDrawImageRectRectI

GdipSetInterpolationMode

GdipSetPixelOffsetMode

GdipSetSmoothingMode

GdipDeleteGraphics

GdipCreateFromHDC

GdipSetImageAttributesWrapMode

GdipSetImageAttributesColorMatrix

GdipDisposeImageAttributes

GdipCreateImageAttributes

GdipCloneBitmapAreaI

GdipGetImagePixelFormat

GdipGetImageHeight

GdipGetImageWidth

GdipGetStringFormatFlags

GdipSetStringFormatFlags

GdipCloneStringFormat

GdipDeleteStringFormat

GdiplusStartup

GdipCreateBitmapFromStream

GdipDisposeImage

GdipCloneImage

GdipFree

GdipAlloc

GdipGetGenericFontFamilySansSerif

GdipCreateBitmapFromResource

vcruntime140

memset

__std_terminate

strchr

__std_exception_copy

__std_exception_destroy

__std_type_info_destroy_list

wcsstr

__C_specific_handler

_purecall

memmove

memcpy

__CxxFrameHandler3

_CxxThrowException

api-ms-win-crt-runtime-l1-1-0

_initterm_e

_initterm

_cexit

_crt_atexit

_errno

_register_onexit_function

_initialize_onexit_table

_initialize_narrow_environment

strerror

_seh_filter_dll

_beginthreadex

_invalid_parameter_noinfo_noreturn

_execute_onexit_table

_configure_narrow_argv

_invalid_parameter_noinfo

api-ms-win-crt-string-l1-1-0

tolower

strncpy

wcsnlen

wmemcpy_s

_wcsupr_s

wcscpy_s

iswspace

_wcslwr_s

api-ms-win-crt-heap-l1-1-0

free

realloc

_callnewh

_recalloc

malloc

api-ms-win-crt-convert-l1-1-0

_wtoi

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vswprintf_s

api-ms-win-crt-math-l1-1-0

floor

ceil

pow

Exports

??0CFileExtensionManager@FileExtensionManagerLib@@QEAA@XZ

??1CFileExtensionManager@FileExtensionManagerLib@@QEAA@XZ

?canWork@CFileExtensionManager@FileExtensionManagerLib@@SA_NXZ

?changeExtensionAssociation@CFileExtensionManager@FileExtensionManagerLib@@QEAA_NHV?$shared_ptr@VCApplicationHandler@FileExtensionManagerLib@@@boost@@@Z

?createApplicationHandler@CFileExtensionManager@FileExtensionManagerLib@@QEAA?AV?$shared_ptr@VCApplicationHandler@FileExtensionManagerLib@@@boost@@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z

?createIcon@CFileExtensionManager@FileExtensionManagerLib@@AEAA?AV?$shared_ptr@V?$CIconT@$00@FileExtensionManagerLib@@@boost@@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z

?getAdditionalData@CFileExtensionManager@FileExtensionManagerLib@@QEAA?AV?$vector@V?$shared_ptr@VCApplicationHandler@FileExtensionManagerLib@@@boost@@V?$allocator@V?$shared_ptr@VCApplicationHandler@FileExtensionManagerLib@@@boost@@@std@@@std@@H@Z

?getApplicationByProgIdOrProg@CFileExtensionManager@FileExtensionManagerLib@@AEAA_NV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@_NAEAV?$vector@V?$shared_ptr@VCApplicationHandler@FileExtensionManagerLib@@@boost@@V?$allocator@V?$shared_ptr@VCApplicationHandler@FileExtensionManagerLib@@@boost@@@std@@@4@AEBV34@@Z

?getExtension@CFileExtensionManager@FileExtensionManagerLib@@QEBA?AV?$shared_ptr@VCExtension@FileExtensionManagerLib@@@boost@@H@Z

?getExtensionCount@CFileExtensionManager@FileExtensionManagerLib@@QEBA_KXZ

?getExtensionData@CFileExtensionManager@FileExtensionManagerLib@@AEAA_NAEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@PEAUIQueryAssociations@@AEAV?$shared_ptr@VCExtension@FileExtensionManagerLib@@@boost@@@Z

?isScanRunning@CFileExtensionManager@FileExtensionManagerLib@@QEAA_NXZ

?join@CFileExtensionManager@FileExtensionManagerLib@@QEAAXXZ

?pathToNormal@CFileExtensionManager@FileExtensionManagerLib@@AEAAXAEAV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z

?scanFinished@CFileExtensionManager@FileExtensionManagerLib@@AEAAXXZ

?scaningThreadFunction@CFileExtensionManager@FileExtensionManagerLib@@AEAAXXZ

?start@CFileExtensionManager@FileExtensionManagerLib@@QEAAXPEAVIExtensionNotificationHandler@2@@Z

?stop@CFileExtensionManager@FileExtensionManagerLib@@QEAAXXZ

?updateInfo@CFileExtensionManager@FileExtensionManagerLib@@QEAA_NH@Z

?useWinEightStyle@CFileExtensionManager@FileExtensionManagerLib@@SA_NXZ

HookProcFunc

showOpenWithDlg

Sections

.text
Size: 209KB - Virtual size: 209KB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

.rdata
Size: 84KB - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.pdata
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.rsrc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_DISCARDABLE

IMAGE_SCN_MEM_READ

FileExtensionManager-vc141-mt.mab

RONotifier.exe

.exe windows:6 windows x64 arch:x64

211c085dcb1711f4f8bc736f1d9495d8

Code Sign

07:c8:cc:b4:dd:a3:80:23:6b:da:84:4e:b9:25:91:3a
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

19/12/2019, 00:00

Not After

16/03/2022, 12:00

Subject

CN=Corel Corporation,O=Corel Corporation,L=Ottawa,ST=Ontario,C=CA

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

33:43:8d:27:1f:62:84:b8:eb:b7:30:2e:b5:d1:dc:e2:82:27:3a:22
Signer

Actual PE Digest

33:43:8d:27:1f:62:84:b8:eb:b7:30:2e:b5:d1:dc:e2:82:27:3a:22

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

D:\Projects\IPM_Nuget\bin\x64\Release\notifier.pdb

Imports

kernel32

CreateFileW

SetUnhandledExceptionFilter

GetCurrentThread

GetLocalTime

GetVersionExA

RtlCaptureContext

GetEnvironmentVariableA

GetEnvironmentVariableW

GetCurrentDirectoryA

GetFileAttributesW

OutputDebugStringA

SetLastError

SuspendThread

ResumeThread

GetThreadContext

ReadProcessMemory

GetModuleFileNameA

GetModuleHandleExW

TerminateThread

CreateEventW

WaitForMultipleObjects

OpenThread

GetLocaleInfoW

InitializeCriticalSection

ReleaseSemaphore

CreateSemaphoreA

GlobalAlloc

GlobalLock

GlobalUnlock

GlobalFree

MulDiv

lstrcmpW

GetTempFileNameW

ResetEvent

WaitForMultipleObjectsEx

OpenEventA

SetWaitableTimer

TlsAlloc

TlsGetValue

TlsSetValue

TlsFree

GetModuleHandleA

CreateWaitableTimerA

RaiseException

GetLastError

HeapDestroy

HeapAlloc

HeapReAlloc

HeapFree

HeapSize

GetProcessHeap

InitializeCriticalSectionAndSpinCount

DeleteCriticalSection

GetCommandLineW

EnterCriticalSection

LeaveCriticalSection

RtlUnwind

GetFileAttributesExW

lstrlenA

GetCurrentProcess

GetFileSize

SetEndOfFile

WriteConsoleW

SetStdHandle

SetEnvironmentVariableA

FreeEnvironmentStringsW

GetEnvironmentStringsW

GetCommandLineA

GetOEMCP

IsValidCodePage

FindNextFileW

FindFirstFileExW

FindClose

DeleteFileW

GetTimeZoneInformation

SetFilePointerEx

ReadConsoleW

ReadFile

GetConsoleMode

GetConsoleCP

FlushFileBuffers

EnumSystemLocalesW

IsValidLocale

GetTimeFormatW

GetDateFormatW

GetFileType

GetACP

WriteFile

GetStdHandle

ExitProcess

FreeLibraryAndExitThread

ExitThread

CreateThread

RtlUnwindEx

RtlPcToFileHeader

AreFileApisANSI

GetUserDefaultLCID

GetStringTypeExW

LoadLibraryA

GetStartupInfoW

IsProcessorFeaturePresent

UnhandledExceptionFilter

RtlVirtualUnwind

RtlLookupFunctionEntry

LoadLibraryExA

VirtualFree

VirtualAlloc

FlushInstructionCache

InterlockedPushEntrySList

InterlockedPopEntrySList

InitializeSListHead

ExpandEnvironmentStringsW

SetEnvironmentVariableW

TerminateProcess

Process32NextW

Process32FirstW

CreateToolhelp32Snapshot

OpenProcess

ProcessIdToSessionId

CreateProcessW

GetExitCodeProcess

QueryDosDeviceW

GetLogicalDriveStringsW

Sleep

WTSGetActiveConsoleSessionId

LoadLibraryW

GetTickCount

OutputDebugStringW

IsDebuggerPresent

LCMapStringW

CompareStringW

GetSystemTimeAsFileTime

SwitchToThread

EncodePointer

GetCPInfo

GetStringTypeW

WaitForSingleObjectEx

lstrlenW

VerifyVersionInfoW

FindResourceExW

FreeLibrary

GetModuleFileNameW

GetModuleHandleW

GetProcAddress

LoadLibraryExW

LoadResource

LockResource

SizeofResource

lstrcmpiW

FindResourceW

MultiByteToWideChar

WideCharToMultiByte

GetTempPathW

CloseHandle

QueryPerformanceCounter

QueryPerformanceFrequency

SetEvent

CreateEventA

GetCurrentProcessId

GetCurrentThreadId

LocalFree

GetUserDefaultLangID

ReleaseMutex

WaitForSingleObject

CreateMutexW

VerSetConditionMask

DecodePointer

user32

SetWindowPos

GetMonitorInfoW

MonitorFromWindow

MonitorFromPoint

SendMessageW

FindWindowW

IsRectEmpty

IntersectRect

CopyRect

SetRectEmpty

SystemParametersInfoW

GetShellWindow

LoadStringW

GetDC

BeginPaint

EndPaint

SetPropW

GetPropW

GetClientRect

ScreenToClient

GetWindowLongW

SetWindowLongW

SetWindowLongPtrW

GetParent

EnumChildWindows

GetMessageW

TranslateMessage

DispatchMessageW

PeekMessageW

GetDesktopWindow

PostThreadMessageW

DestroyWindow

CreateDialogParamW

SetFocus

SetWindowTextW

MapWindowPoints

GetWindow

DestroyIcon

RegisterClassExW

GetClassInfoExW

CreateWindowExW

ShowWindow

LoadCursorW

DefWindowProcW

CallWindowProcW

InvalidateRect

GetWindowLongPtrW

TrackMouseEvent

ReleaseDC

GetWindowTextW

GetWindowTextLengthW

FillRect

GetFocus

ReleaseCapture

IsWindowEnabled

SetCursor

DestroyCursor

DrawIconEx

GetIconInfo

LoadImageW

RegisterWindowMessageW

IsChild

MoveWindow

GetDlgItem

GetKeyState

SetCapture

SetTimer

KillTimer

CreateAcceleratorTableW

DestroyAcceleratorTable

InvalidateRgn

RedrawWindow

ClientToScreen

GetSysColor

GetClassNameW

EndDialog

GetWindowRect

GetForegroundWindow

GetLastInputInfo

IsWindowVisible

PostMessageW

UnregisterClassW

CharNextW

IsWindow

gdi32

StretchBlt

CreateCompatibleBitmap

GetStockObject

GetBitmapBits

GetDeviceCaps

CreateSolidBrush

GetObjectW

SetStretchBltMode

BitBlt

SaveDC

RestoreDC

SelectObject

DeleteObject

DeleteDC

CreateCompatibleDC

shell32

SHCreateDirectoryExW

DuplicateIcon

SHGetFolderPathW

ExtractIconExW

ShellExecuteW

ole32

OleLockRunning

StringFromGUID2

OleInitialize

CoInitializeEx

CoUninitialize

CoMarshalInterface

OleUninitialize

CoCreateInstance

CoTaskMemAlloc

CoInitializeSecurity

CoSetProxyBlanket

CoTaskMemRealloc

CoTaskMemFree

CreateStreamOnHGlobal

CoGetClassObject

CLSIDFromString

CoUnmarshalInterface

CLSIDFromProgID

oleaut32

SafeArrayCreate

SysAllocStringLen

DispCallFunc

SafeArrayUnaccessData

SafeArrayAccessData

SafeArrayGetLBound

SafeArrayGetUBound

VariantCopy

VariantChangeType

SysAllocStringByteLen

LoadRegTypeLi

SysStringLen

VariantInit

SysAllocString

VarUI4FromStr

VariantClear

SysFreeString

OleCreateFontIndirect

LoadTypeLi

SysStringByteLen

advapi32

RegCreateKeyExW

RegDeleteKeyW

RegDeleteValueW

RegEnumKeyExW

RegOpenKeyExW

RegQueryInfoKeyW

RegSetValueExW

RegQueryValueExW

CryptDecrypt

CryptDestroyKey

CryptDeriveKey

CryptReleaseContext

LookupAccountSidW

RegOpenKeyW

UnlockServiceDatabase

LockServiceDatabase

CryptDestroyHash

CryptHashData

CryptCreateHash

CryptGetHashParam

CryptAcquireContextW

GetUserNameA

LookupPrivilegeValueW

GetTokenInformation

AdjustTokenPrivileges

OpenProcessToken

StartServiceW

QueryServiceStatus

QueryServiceConfigW

OpenServiceW

OpenSCManagerW

CloseServiceHandle

ChangeServiceConfigW

ConvertStringSidToSidW

RegCloseKey

shlwapi

UrlEscapeW

PathFileExistsW

wtsapi32

WTSFreeMemory

WTSQuerySessionInformationW

version

GetFileVersionInfoSizeA

GetFileVersionInfoA

VerQueryValueW

GetFileVersionInfoW

GetFileVersionInfoSizeW

msimg32

AlphaBlend

powrprof

CallNtPowerInformation

psapi

GetProcessImageFileNameW

winhttp

WinHttpOpen

WinHttpConnect

WinHttpReadData

WinHttpQueryDataAvailable

WinHttpSendRequest

WinHttpSetCredentials

WinHttpQueryAuthSchemes

WinHttpReceiveResponse

WinHttpCloseHandle

WinHttpQueryHeaders

WinHttpSetOption

WinHttpOpenRequest

WinHttpGetDefaultProxyConfiguration

WinHttpGetIEProxyConfigForCurrentUser

WinHttpAddRequestHeaders

wininet

HttpAddRequestHeadersW

InternetGetConnectedState

InternetSetOptionW

HttpOpenRequestW

HttpSendRequestW

InternetOpenW

InternetCloseHandle

InternetConnectW

InternetReadFile

InternetQueryDataAvailable

HttpQueryInfoW

gdiplus

GdipDeleteFontFamily

GdipGetDpiY

GdipSetTextRenderingHint

GdipDeleteGraphics

GdipCreateSolidFill

GdipDeleteBrush

GdipCloneBrush

GdipGetStringFormatFlags

GdiplusStartup

GdipSetStringFormatTrimming

GdipSetStringFormatFlags

GdipCloneStringFormat

GdipDeleteStringFormat

GdipFree

GdipAlloc

GdipGetStringFormatAlign

GdipSetStringFormatLineAlign

GdipGetFamilyName

GdipGetStringFormatTrimming

GdipFillRectangleI

GdipCreateFontFamilyFromName

GdipGetGenericFontFamilySansSerif

GdipCreateFont

GdipDeleteFont

GdipGetFontStyle

GdipCreateFromHWND

GdipCreateStringFormat

GdipCloneImage

GdipDisposeImage

GdipCreateBitmapFromStream

GdipCreateBitmapFromResource

GdipGetImageGraphicsContext

GdipGetFamily

GdipGetImageHeight

GdipCreateBitmapFromFile

GdipGetFontSize

GdipGetFontHeight

GdipDrawString

GdipMeasureString

GdipStringFormatGetGenericTypographic

GdipGetStringFormatLineAlign

GdipCreateBitmapFromScan0

GdipCreateImageAttributes

GdipSetStringFormatAlign

GdipDrawImageRectRectI

GdipSetInterpolationMode

GdipSetPixelOffsetMode

GdipSetImageAttributesWrapMode

GdipCloneFont

GdipCreateFromHDC

GdipDisposeImageAttributes

GdipGetImageWidth

urlmon

CoInternetSetFeatureEnabled

Exports

??0?$oserializer@Vtext_oarchive@archive@boost@@VCNextCheckDelayManager@Utils@IPMUtility@@@detail@archive@boost@@QEAA@XZ

??0?$singleton@V?$extended_type_info_typeid@VCNextCheckDelayManager@Utils@IPMUtility@@@serialization@boost@@@serialization@boost@@IEAA@XZ

?get_const_instance@?$singleton@V?$extended_type_info_typeid@VCNextCheckDelayManager@Utils@IPMUtility@@@serialization@boost@@@serialization@boost@@SAAEBV?$extended_type_info_typeid@VCNextCheckDelayManager@Utils@IPMUtility@@@23@XZ

?get_const_instance@?$singleton@V?$iserializer@Vtext_iarchive@archive@boost@@VCNextCheckDelayManager@Utils@IPMUtility@@@detail@archive@boost@@@serialization@boost@@SAAEBV?$iserializer@Vtext_iarchive@archive@boost@@VCNextCheckDelayManager@Utils@IPMUtility@@@detail@archive@3@XZ

?get_const_instance@?$singleton@V?$map@Vtext_iarchive@archive@boost@@@extra_detail@detail@archive@boost@@@serialization@boost@@SAAEBV?$map@Vtext_iarchive@archive@boost@@@extra_detail@detail@archive@3@XZ

?get_const_instance@?$singleton@V?$map@Vtext_oarchive@archive@boost@@@extra_detail@detail@archive@boost@@@serialization@boost@@SAAEBV?$map@Vtext_oarchive@archive@boost@@@extra_detail@detail@archive@3@XZ

?get_const_instance@?$singleton@V?$multiset@PEBVextended_type_info@serialization@boost@@Ukey_compare@detail@23@V?$allocator@PEBVextended_type_info@serialization@boost@@@std@@@std@@@serialization@boost@@SAAEBV?$multiset@PEBVextended_type_info@serialization@boost@@Ukey_compare@detail@23@V?$allocator@PEBVextended_type_info@serialization@boost@@@std@@@std@@XZ

?get_const_instance@?$singleton@V?$multiset@PEBVextended_type_info_typeid_0@typeid_system@serialization@boost@@Utype_compare@234@V?$allocator@PEBVextended_type_info_typeid_0@typeid_system@serialization@boost@@@std@@@std@@@serialization@boost@@SAAEBV?$multiset@PEBVextended_type_info_typeid_0@typeid_system@serialization@boost@@Utype_compare@234@V?$allocator@PEBVextended_type_info_typeid_0@typeid_system@serialization@boost@@@std@@@std@@XZ

?get_const_instance@?$singleton@V?$oserializer@Vtext_oarchive@archive@boost@@VCNextCheckDelayManager@Utils@IPMUtility@@@detail@archive@boost@@@serialization@boost@@SAAEBV?$oserializer@Vtext_oarchive@archive@boost@@VCNextCheckDelayManager@Utils@IPMUtility@@@detail@archive@3@XZ

?get_lock@singleton_module@serialization@boost@@AEAAAEA_NXZ

?get_mutable_instance@?$singleton@V?$map@Vtext_iarchive@archive@boost@@@extra_detail@detail@archive@boost@@@serialization@boost@@SAAEAV?$map@Vtext_iarchive@archive@boost@@@extra_detail@detail@archive@3@XZ

?get_mutable_instance@?$singleton@V?$map@Vtext_oarchive@archive@boost@@@extra_detail@detail@archive@boost@@@serialization@boost@@SAAEAV?$map@Vtext_oarchive@archive@boost@@@extra_detail@detail@archive@3@XZ

?get_mutable_instance@?$singleton@V?$multiset@PEBVextended_type_info@serialization@boost@@Ukey_compare@detail@23@V?$allocator@PEBVextended_type_info@serialization@boost@@@std@@@std@@@serialization@boost@@SAAEAV?$multiset@PEBVextended_type_info@serialization@boost@@Ukey_compare@detail@23@V?$allocator@PEBVextended_type_info@serialization@boost@@@std@@@std@@XZ

?get_mutable_instance@?$singleton@V?$multiset@PEBVextended_type_info_typeid_0@typeid_system@serialization@boost@@Utype_compare@234@V?$allocator@PEBVextended_type_info_typeid_0@typeid_system@serialization@boost@@@std@@@std@@@serialization@boost@@SAAEAV?$multiset@PEBVextended_type_info_typeid_0@typeid_system@serialization@boost@@Utype_compare@234@V?$allocator@PEBVextended_type_info_typeid_0@typeid_system@serialization@boost@@@std@@@std@@XZ

?is_destroyed@?$singleton@V?$map@Vtext_iarchive@archive@boost@@@extra_detail@detail@archive@boost@@@serialization@boost@@SA_NXZ

?is_destroyed@?$singleton@V?$map@Vtext_oarchive@archive@boost@@@extra_detail@detail@archive@boost@@@serialization@boost@@SA_NXZ

?is_destroyed@?$singleton@V?$multiset@PEBVextended_type_info@serialization@boost@@Ukey_compare@detail@23@V?$allocator@PEBVextended_type_info@serialization@boost@@@std@@@std@@@serialization@boost@@SA_NXZ

?is_destroyed@?$singleton@V?$multiset@PEBVextended_type_info_typeid_0@typeid_system@serialization@boost@@Utype_compare@234@V?$allocator@PEBVextended_type_info_typeid_0@typeid_system@serialization@boost@@@std@@@std@@@serialization@boost@@SA_NXZ

?is_locked@singleton_module@serialization@boost@@QEAA_NXZ

?load_object_data@?$iserializer@Vtext_iarchive@archive@boost@@VCNextCheckDelayManager@Utils@IPMUtility@@@detail@archive@boost@@UEBAXAEAVbasic_iarchive@234@PEAXI@Z

?lock@?1??get_lock@singleton_module@serialization@boost@@AEAAAEA_NXZ@4_NA

?lock@singleton_module@serialization@boost@@QEAAXXZ

?save_object_data@?$oserializer@Vtext_oarchive@archive@boost@@VCNextCheckDelayManager@Utils@IPMUtility@@@detail@archive@boost@@UEBAXAEAVbasic_oarchive@234@PEBX@Z

?unlock@singleton_module@serialization@boost@@QEAAXXZ

Sections

.text
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

.rdata
Size: 526KB - Virtual size: 525KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.data
Size: 112KB - Virtual size: 125KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.pdata
Size: 79KB - Virtual size: 78KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

interpro
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.rsrc
Size: 379KB - Virtual size: 379KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.reloc
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_DISCARDABLE

IMAGE_SCN_MEM_READ

RONotifier.mab

RONotifierTray.exe

.exe windows:6 windows x64 arch:x64

a0975c79fb22d0bc44718127f7bccae9

Code Sign

07:c8:cc:b4:dd:a3:80:23:6b:da:84:4e:b9:25:91:3a
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

19/12/2019, 00:00

Not After

16/03/2022, 12:00

Subject

CN=Corel Corporation,O=Corel Corporation,L=Ottawa,ST=Ontario,C=CA

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

6c:4e:36:c5:29:96:bb:f9:73:40:af:c3:05:50:2e:6b:1c:fb:85:12
Signer

Actual PE Digest

6c:4e:36:c5:29:96:bb:f9:73:40:af:c3:05:50:2e:6b:1c:fb:85:12

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

GetCurrentThreadId

CreateProcessW

MoveFileExW

VerSetConditionMask

SetEvent

CreateEventA

LocalFree

VerifyVersionInfoW

LocalAlloc

GetFileAttributesW

lstrlenW

IsDebuggerPresent

LoadLibraryW

ExpandEnvironmentStringsW

WaitForSingleObject

GetCurrentProcessId

GetExitCodeProcess

FindClose

WaitForSingleObjectEx

GlobalAlloc

GlobalLock

GlobalUnlock

MulDiv

lstrcmpW

SetEndOfFile

CreateFileW

WriteConsoleW

SetStdHandle

SetEnvironmentVariableA

FreeEnvironmentStringsW

GetEnvironmentStringsW

GetCommandLineW

GetCommandLineA

GetOEMCP

IsValidCodePage

FindNextFileW

FindFirstFileExW

CloseHandle

GetTimeZoneInformation

SetFilePointerEx

ReadConsoleW

ReadFile

GetConsoleMode

GetConsoleCP

FlushFileBuffers

EnumSystemLocalesW

GetUserDefaultLCID

IsValidLocale

GetFileType

GetACP

WriteFile

GetStdHandle

GetModuleHandleExW

ExitProcess

RtlUnwindEx

RtlPcToFileHeader

QueryPerformanceCounter

GetStartupInfoW

IsProcessorFeaturePresent

TerminateProcess

SetUnhandledExceptionFilter

UnhandledExceptionFilter

RtlVirtualUnwind

RtlLookupFunctionEntry

RtlCaptureContext

ResetEvent

GetLocaleInfoW

LCMapStringW

CompareStringW

GetCPInfo

GetSystemTimeAsFileTime

TlsFree

TlsSetValue

TlsGetValue

TlsAlloc

SwitchToThread

CreateEventW

GetStringTypeW

LoadLibraryExA

VirtualFree

VirtualAlloc

FlushInstructionCache

GetCurrentProcess

GetTempPathW

GetTempFileNameW

DeleteFileW

DecodePointer

lstrcmpiW

LoadLibraryExW

GetProcAddress

GetModuleHandleW

FreeLibrary

DeleteCriticalSection

InitializeCriticalSectionAndSpinCount

InterlockedPushEntrySList

InterlockedPopEntrySList

InitializeSListHead

EncodePointer

OutputDebugStringW

LeaveCriticalSection

EnterCriticalSection

GetLastError

RaiseException

GetUserDefaultLangID

WideCharToMultiByte

MultiByteToWideChar

FindResourceW

RtlUnwind

SetLastError

SizeofResource

LoadResource

LockResource

GetModuleFileNameW

FindResourceExW

GetTickCount

Sleep

GetProcessHeap

HeapSize

HeapFree

HeapReAlloc

HeapAlloc

HeapDestroy

SetCurrentDirectoryW

user32

ReleaseCapture

SetCapture

GetWindowTextLengthW

GetLastInputInfo

CreateAcceleratorTableW

CharNextW

UnregisterClassW

ShowWindow

SetWindowPos

DialogBoxParamW

EndDialog

GetActiveWindow

SetTimer

KillTimer

SetWindowTextW

GetClientRect

GetWindowRect

CopyRect

SetWindowLongPtrW

FindWindowW

MonitorFromPoint

GetMonitorInfoW

GetDC

GetClassNameW

DestroyAcceleratorTable

GetWindow

RegisterWindowMessageW

SendMessageW

DefWindowProcW

CallWindowProcW

RegisterClassExW

GetClassInfoExW

CreateWindowExW

IsWindow

IsChild

DestroyWindow

MoveWindow

GetDlgItem

SetFocus

GetFocus

ReleaseDC

LoadCursorW

GetParent

GetDesktopWindow

GetWindowLongPtrW

SetWindowLongW

GetWindowLongW

FillRect

GetSysColor

ScreenToClient

ClientToScreen

BeginPaint

GetWindowTextW

RedrawWindow

InvalidateRgn

InvalidateRect

EndPaint

GetKeyState

gdi32

GetDeviceCaps

DeleteDC

GetObjectW

SelectObject

GetStockObject

DeleteObject

CreateSolidBrush

CreateCompatibleDC

CreateCompatibleBitmap

BitBlt

shell32

ShellExecuteW

ole32

CoGetClassObject

CLSIDFromString

CLSIDFromProgID

StringFromGUID2

CreateStreamOnHGlobal

CoTaskMemFree

OleUninitialize

OleLockRunning

CoCreateInstance

CoTaskMemAlloc

OleInitialize

CoTaskMemRealloc

oleaut32

OleCreateFontIndirect

VariantCopy

DispCallFunc

LoadRegTypeLi

LoadTypeLi

VariantChangeType

VariantClear

VariantInit

SafeArrayUnaccessData

SafeArrayAccessData

SafeArrayGetLBound

SafeArrayGetUBound

SafeArrayCreate

SysStringLen

SysAllocStringLen

SysAllocString

SysFreeString

VarUI4FromStr

advapi32

RegCloseKey

RegDeleteKeyW

RegDeleteValueW

RegEnumKeyExW

RegOpenKeyExW

RegQueryInfoKeyW

RegSetValueExW

RegQueryValueExW

LookupAccountSidW

ConvertStringSidToSidW

RegCreateKeyExW

shlwapi

UrlEscapeW

wtsapi32

WTSFreeMemory

WTSQuerySessionInformationW

version

GetFileVersionInfoW

GetFileVersionInfoSizeW

VerQueryValueW

wintrust

WinVerifyTrust

crypt32

CryptQueryObject

CryptMsgClose

CryptMsgGetParam

CertCloseStore

CertFindCertificateInStore

CertFreeCertificateContext

CertGetNameStringW

winhttp

WinHttpOpen

WinHttpGetIEProxyConfigForCurrentUser

WinHttpSendRequest

WinHttpCloseHandle

WinHttpConnect

WinHttpReadData

WinHttpQueryDataAvailable

WinHttpSetCredentials

WinHttpQueryAuthSchemes

WinHttpReceiveResponse

WinHttpQueryHeaders

WinHttpOpenRequest

WinHttpGetDefaultProxyConfiguration

wininet

HttpQueryInfoW

HttpSendRequestW

HttpOpenRequestW

InternetOpenW

InternetCloseHandle

InternetConnectW

InternetReadFile

InternetQueryDataAvailable

urlmon

CoInternetSetFeatureEnabled

Exports

?get_lock@singleton_module@serialization@boost@@AEAAAEA_NXZ

?is_locked@singleton_module@serialization@boost@@QEAA_NXZ

?lock@?1??get_lock@singleton_module@serialization@boost@@AEAAAEA_NXZ@4_NA

?lock@singleton_module@serialization@boost@@QEAAXXZ

?unlock@singleton_module@serialization@boost@@QEAAXXZ

Sections

.text
Size: 375KB - Virtual size: 375KB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

.rdata
Size: 175KB - Virtual size: 175KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.data
Size: 17KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.pdata
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.rsrc
Size: 374KB - Virtual size: 373KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_DISCARDABLE

IMAGE_SCN_MEM_READ

RONotifierTray.mab

RegistryOptimizer.exe

.exe windows:6 windows x64 arch:x64

283d50c822895d094fc93341a43212bb

Code Sign

07:c8:cc:b4:dd:a3:80:23:6b:da:84:4e:b9:25:91:3a
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

19/12/2019, 00:00

Not After

16/03/2022, 12:00

Subject

CN=Corel Corporation,O=Corel Corporation,L=Ottawa,ST=Ontario,C=CA

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

50:6e:54:05:6a:0c:b5:90:23:5f:d2:a8:8a:a4:96:ed:55:30:60:0a
Signer

Actual PE Digest

50:6e:54:05:6a:0c:b5:90:23:5f:d2:a8:8a:a4:96:ed:55:30:60:0a

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

D:\Projects\RegistryReviver_with_tests\bin\x64\Release\RegistryOptimizer.pdb

Imports

kernel32

SetUnhandledExceptionFilter

GetCurrentThread

GetVersionExA

RtlCaptureContext

GetEnvironmentVariableA

GetCurrentDirectoryA

OutputDebugStringA

SuspendThread

ResumeThread

GetThreadContext

ReadProcessMemory

GetModuleFileNameA

PostQueuedCompletionStatus

SleepEx

TlsAlloc

TlsGetValue

TlsFree

CreateWaitableTimerA

CreateIoCompletionPort

GetQueuedCompletionStatus

QueueUserAPC

TlsSetValue

GetModuleHandleA

VerifyVersionInfoA

OpenEventA

HeapCreate

VirtualProtect

Thread32Next

Thread32First

SetThreadContext

VirtualFree

VirtualAlloc

VirtualQuery

FlushFileBuffers

FormatMessageA

LockFileEx

CreateFileMappingA

UnlockFile

HeapCompact

DeleteFileA

LoadLibraryA

FlushViewOfFile

OutputDebugStringW

GetFileAttributesA

GetDiskFreeSpaceA

GetTempPathA

HeapValidate

UnlockFileEx

GetFullPathNameA

LockFile

GetDiskFreeSpaceW

GetFullPathNameW

AreFileApisANSI

CreateDirectoryW

DeleteFileW

FindClose

FindFirstFileW

FindNextFileW

SystemTimeToFileTime

FlushInstructionCache

EncodePointer

InitializeSListHead

InterlockedPopEntrySList

InterlockedPushEntrySList

LoadLibraryExA

RtlLookupFunctionEntry

RtlVirtualUnwind

UnhandledExceptionFilter

TerminateProcess

IsProcessorFeaturePresent

GetStartupInfoW

GetNativeSystemInfo

UnmapViewOfFile

GetStdHandle

GetFileType

GlobalMemoryStatus

FlushConsoleInputBuffer

MapViewOfFile

GetLastError

HeapDestroy

HeapAlloc

HeapReAlloc

HeapFree

HeapSize

GetProcessHeap

FindResourceExW

LoadResource

LockResource

SizeofResource

FindResourceW

MoveFileW

CreateFileW

GetFileSize

ReadFile

SetEndOfFile

SetFileAttributesW

SetFilePointer

WriteFile

CloseHandle

ReleaseMutex

WaitForSingleObject

CreateMutexW

GetLocalTime

MultiByteToWideChar

RaiseException

InitializeCriticalSectionAndSpinCount

DeleteCriticalSection

GetModuleFileNameW

SetEvent

WaitForSingleObjectEx

CreateEventA

CreateEventW

GetModuleHandleW

GetProcAddress

LocalFree

FormatMessageW

WideCharToMultiByte

DecodePointer

SetLastError

EnterCriticalSection

LeaveCriticalSection

GetCurrentThreadId

GetVersion

LoadLibraryW

GetCurrentProcessId

ExitProcess

CreateProcessW

FreeLibrary

LoadLibraryExW

lstrcmpiW

Sleep

OpenProcess

CopyFileW

CreateToolhelp32Snapshot

Process32FirstW

Process32NextW

InitializeCriticalSection

ResetEvent

GetEnvironmentVariableW

MulDiv

SetWaitableTimer

TerminateThread

VerSetConditionMask

VerifyVersionInfoW

DuplicateHandle

ReleaseSemaphore

GetCurrentProcess

CreateSemaphoreA

WaitForMultipleObjectsEx

GetDateFormatW

GetTimeFormatW

GlobalMemoryStatusEx

QueryPerformanceCounter

CreateFileMappingW

GetWindowsDirectoryW

GetLongPathNameW

GetSystemInfo

GetSystemTime

FileTimeToSystemTime

GetExitCodeProcess

QueryDosDeviceW

lstrlenA

GetLogicalDriveStringsW

GetDriveTypeW

GetFileTime

ReadDirectoryChangesW

IsDebuggerPresent

DeviceIoControl

CreateFileA

LocalAlloc

GlobalFree

GetTempPathW

GetTempFileNameW

GetModuleHandleExW

WaitForMultipleObjects

OpenThread

GetSystemTimeAsFileTime

InitializeCriticalSectionEx

GetFileAttributesW

GetUserDefaultLangID

GetFileAttributesExW

ExpandEnvironmentStringsW

GetTickCount

lstrlenW

TryEnterCriticalSection

lstrcmpW

GlobalUnlock

GlobalLock

GlobalAlloc

GetVersionExW

GetSystemDirectoryW

QueryPerformanceFrequency

user32

SetDlgItemTextW

GetWindowThreadProcessId

EnumThreadWindows

IsRectEmpty

IntersectRect

SetRectEmpty

GetClassInfoExW

DestroyWindow

ShowWindow

SetWindowPos

BringWindowToTop

CreateDialogParamW

MessageBoxW

GetWindowLongW

SetWindowLongW

SetWindowLongPtrW

FindWindowW

IsIconic

DialogBoxParamW

CharNextW

DestroyIcon

LoadImageW

RegisterWindowMessageW

PostMessageW

SetWindowRgn

GetWindowRect

CallWindowProcW

GetProcessWindowStation

GetUserObjectInformationW

BeginPaint

EndPaint

GetClientRect

GetCursorPos

FillRect

GetWindowLongPtrW

ShowScrollBar

EnableScrollBar

GetDesktopWindow

CreateWindowExW

DrawTextW

GetDC

InvalidateRect

LoadBitmapW

LoadCursorW

GetSystemMetrics

GetParent

IsWindow

SetFocus

CreatePopupMenu

DestroyMenu

TrackPopupMenu

SetForegroundWindow

GetScrollPos

GetScrollRange

SetCursor

CopyRect

PtInRect

MonitorFromPoint

GetMonitorInfoW

GetWindowTextW

GetWindowTextLengthW

TrackMouseEvent

ScreenToClient

ReleaseDC

GetDlgItem

GetFocus

LoadIconW

UpdateWindow

GetWindowRgn

IsWindowVisible

MoveWindow

SetScrollPos

SetScrollRange

DestroyCursor

SetWindowTextW

GetWindowDC

MapWindowPoints

EnumChildWindows

GetClassNameW

GetDlgCtrlID

SetRect

SetTimer

KillTimer

EnableWindow

RedrawWindow

PostQuitMessage

GetAsyncKeyState

EnableMenuItem

OffsetRect

GetSysColor

GetWindow

DrawIconEx

IsDialogMessageW

MonitorFromWindow

SetCapture

ReleaseCapture

GetScrollInfo

IsChild

EndDialog

CreateAcceleratorTableW

DestroyAcceleratorTable

InvalidateRgn

ClientToScreen

SetPropW

GetPropW

GetActiveWindow

DrawStateW

SetParent

SetWindowsHookExW

UnhookWindowsHookEx

RegisterClassExW

DefWindowProcW

SendMessageW

PeekMessageW

DispatchMessageW

TranslateMessage

GetMessageW

UnregisterClassW

AppendMenuW

SetMenuItemInfoW

CallNextHookEx

EnumDisplayMonitors

SystemParametersInfoW

IsWindowEnabled

OpenClipboard

CloseClipboard

GetClipboardData

SendNotifyMessageW

GetCapture

ScrollWindowEx

SetScrollInfo

ExitWindowsEx

PostThreadMessageW

GetKeyState

GetIconInfo

HideCaret

gdi32

SelectObject

CreateCompatibleDC

CreateCompatibleBitmap

BitBlt

DeleteObject

CreateSolidBrush

CreateRoundRectRgn

DeleteDC

GetDeviceCaps

CreateFontW

SetTextColor

GetObjectW

CreateFontIndirectW

GetCurrentObject

GetStockObject

CreatePen

CreatePatternBrush

RoundRect

BeginPath

EndPath

StrokePath

CombineRgn

CreateRectRgn

FillRgn

PatBlt

SetBkMode

SetViewportOrgEx

LineTo

Rectangle

SetBkColor

MoveToEx

FloodFill

CreateDCW

DPtoLP

RestoreDC

SaveDC

GetBitmapBits

GetTextExtentPoint32W

GetTextColor

GetObjectA

StretchBlt

SetStretchBltMode

shell32

ExtractAssociatedIconW

SHGetSpecialFolderLocation

DuplicateIcon

CommandLineToArgvW

SHGetSpecialFolderPathW

Shell_NotifyIconW

ShellExecuteW

SHCreateDirectoryExW

ExtractIconExW

SHGetFolderPathW

SHGetDesktopFolder

SHGetDataFromIDListW

SHFileOperationW

SHGetPathFromIDListW

ole32

CLSIDFromString

CLSIDFromProgID

StringFromGUID2

OleInitialize

OleUninitialize

OleLockRunning

CoGetClassObject

CoUnmarshalInterface

CoInitializeSecurity

OleRun

CoUninitialize

CoInitializeEx

CoCreateInstance

CreateStreamOnHGlobal

CoSetProxyBlanket

CoMarshalInterface

CoTaskMemRealloc

CoTaskMemAlloc

CoTaskMemFree

oleaut32

GetErrorInfo

VariantChangeType

SafeArrayCreate

DispCallFunc

SafeArrayUnaccessData

SafeArrayAccessData

SafeArrayGetLBound

SafeArrayGetUBound

VariantCopy

OleCreateFontIndirect

LoadRegTypeLi

LoadTypeLi

SysStringLen

SysAllocStringLen

VariantClear

VariantInit

SysAllocString

VarUI4FromStr

SysFreeString

comdlg32

GetOpenFileNameW

advapi32

CheckTokenMembership

LookupAccountSidW

RegCloseKey

RegEnumKeyExW

RegOpenKeyExW

ConvertStringSidToSidW

AllocateAndInitializeSid

EnumServicesStatusW

QueryServiceConfig2W

DeregisterEventSource

RegisterEventSourceW

ReportEventW

FreeSid

RegCreateKeyExW

RegSetValueExW

RegDeleteKeyW

RegDeleteValueW

RegQueryInfoKeyW

CryptAcquireContextW

CryptReleaseContext

CryptEnumProvidersA

CryptGenRandom

CryptAcquireContextA

GetUserNameA

RegSaveKeyW

RegReplaceKeyW

RegOpenKeyW

RegFlushKey

ControlService

SetNamedSecurityInfoW

GetNamedSecurityInfoW

GetExplicitEntriesFromAclW

RegUnLoadKeyW

RegLoadKeyW

UnlockServiceDatabase

LockServiceDatabase

SetEntriesInAclW

SetSecurityDescriptorOwner

SetSecurityDescriptorGroup

SetSecurityDescriptorDacl

InitializeSecurityDescriptor

CreateWellKnownSid

CryptDecrypt

CryptDestroyKey

CryptDeriveKey

StartServiceW

QueryServiceStatus

QueryServiceConfigW

OpenServiceW

OpenSCManagerW

CloseServiceHandle

ChangeServiceConfigW

GetTokenInformation

LookupPrivilegeValueW

AdjustTokenPrivileges

RegQueryValueExW

RegEnumValueW

RevertToSelf

ImpersonateLoggedOnUser

OpenProcessToken

CryptDestroyHash

CryptHashData

CryptCreateHash

CryptGetHashParam

shlwapi

UrlEscapeW

PathFileExistsW

comctl32

ImageList_Create

ImageList_Add

ImageList_Draw

ImageList_Destroy

ImageList_GetImageCount

InitCommonControlsEx

msimg32

TransparentBlt

AlphaBlend

urlmon

CoInternetSetFeatureEnabled

gdiplus

GdipAddPathLineI

GdipCreatePath

GdipDeletePath

GdipAddPathArcI

GdipFillPath

GdipSetSmoothingMode

GdipGetFontSize

GdipGetFontStyle

GdipFillRectangleI

GdipCreateBitmapFromHICON

GdipCreateStringFormat

GdipGetFontHeightGivenDPI

GdipCloneFont

GdipSetTextContrast

GdipStringFormatGetGenericTypographic

GdipMeasureString

GdipDrawString

GdipGetLogFontW

GdipDeleteFont

GdipCreateFont

GdipCreateFontFromDC

GdipGetGenericFontFamilySansSerif

GdipDeleteFontFamily

GdipCreateFontFamilyFromName

GdipDrawImageRectRectI

GdipDrawImage

GdipFillRectangle

GdipDrawLineI

GdipDeleteGraphics

GdipCreateFromHWNDICM

GdipCreateFromHWND

GdipCreateFromHDC

GdipSetImageAttributesColorKeys

GdipDisposeImageAttributes

GdipCreateImageAttributes

GdipCreateBitmapFromHBITMAP

GdipGetImageHeight

GdipGetImageWidth

GdipDisposeImage

GdipCloneImage

GdipDeletePen

GdipCreatePen1

GdipCreateSolidFill

GdipDeleteBrush

GdipCloneBrush

GdipFree

GdipAlloc

GdipGetStringFormatTrimming

GdipSetStringFormatTrimming

GdipGetStringFormatLineAlign

GdipSetStringFormatLineAlign

GdipGetStringFormatAlign

GdipSetStringFormatAlign

GdipGetStringFormatFlags

GdipSetStringFormatFlags

GdipCloneStringFormat

GdipDeleteStringFormat

GdiplusShutdown

GdiplusStartup

GdipCreateFontFromLogfontA

GdipSetImageAttributesWrapMode

GdipGetImageGraphicsContext

GdipSetImageAttributesColorMatrix

GdipCreateBitmapFromResource

GdipCloneBitmapAreaI

GdipGetImagePixelFormat

GdipGetFontHeight

GdipGetFamily

GdipGetFamilyName

GdipGetDpiY

GdipSetTextRenderingHint

GdipCreateHBITMAPFromBitmap

GdipImageGetFrameCount

GdipImageSelectActiveFrame

GdipCreateBitmapFromStream

GdipDrawImageRectI

GdipSetInterpolationMode

GdipSetPixelOffsetMode

GdipClosePathFigure

GdipCreateBitmapFromFile

GdipCreateBitmapFromScan0

msvcp140

?setprecision@std@@YA?AU?$_Smanip@_J@1@_J@Z

??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@N@Z

??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z

??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@N@Z

?imbue@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEAA?AVlocale@2@AEBV32@@Z

?rdbuf@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEAAPEAV?$basic_streambuf@_WU?$char_traits@_W@std@@@2@PEAV32@@Z

?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAPEAV?$basic_streambuf@DU?$char_traits@D@std@@@2@PEAV32@@Z

?cerr@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A

?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A

?_Throw_C_error@std@@YAXH@Z

_Mtx_unlock

_Mtx_lock

_Mtx_destroy_in_situ

_Mtx_init_in_situ

_Query_perf_frequency

_Query_perf_counter

??_D?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAXXZ

?getline@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEAD_J@Z

??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEAH@Z

?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z

??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z

?_Winerror_message@std@@YAKKPEADK@Z

?_Winerror_map@std@@YAHH@Z

?pbase@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEBAPEA_WXZ

?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z

?exceptions@ios_base@std@@QEAAXH@Z

?narrow@?$ctype@D@std@@QEBADDD@Z

?widen@?$ctype@D@std@@QEBADD@Z

?id@?$numpunct@_W@std@@2V0locale@2@A

?uflow@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAGXZ

?sync@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAHXZ

?setbuf@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAPEAV12@PEA_W_J@Z

?imbue@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAXAEBVlocale@2@@Z

?_Unlock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UEAAXXZ

?_Lock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UEAAXXZ

??1?$basic_iostream@_WU?$char_traits@_W@std@@@std@@UEAA@XZ

??0?$basic_iostream@_WU?$char_traits@_W@std@@@std@@QEAA@PEAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@@Z

?widen@?$ctype@_W@std@@QEBA_WD@Z

?id@?$time_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@2V0locale@2@A

?id@?$num_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@2V0locale@2@A

?id@?$numpunct@D@std@@2V0locale@2@A

?do_get@?$num_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@MEBA?AV?$istreambuf_iterator@DU?$char_traits@D@std@@@2@V32@0AEAVios_base@2@AEAHAEA_N@Z

?do_get@?$num_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@MEBA?AV?$istreambuf_iterator@DU?$char_traits@D@std@@@2@V32@0AEAVios_base@2@AEAHAEA_K@Z

?do_get@?$num_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@MEBA?AV?$istreambuf_iterator@DU?$char_traits@D@std@@@2@V32@0AEAVios_base@2@AEAHAEA_J@Z

?do_get@?$num_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@MEBA?AV?$istreambuf_iterator@DU?$char_traits@D@std@@@2@V32@0AEAVios_base@2@AEAHAEAPEAX@Z

?do_get@?$num_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@MEBA?AV?$istreambuf_iterator@DU?$char_traits@D@std@@@2@V32@0AEAVios_base@2@AEAHAEAO@Z

?do_get@?$num_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@MEBA?AV?$istreambuf_iterator@DU?$char_traits@D@std@@@2@V32@0AEAVios_base@2@AEAHAEAN@Z

?do_get@?$num_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@MEBA?AV?$istreambuf_iterator@DU?$char_traits@D@std@@@2@V32@0AEAVios_base@2@AEAHAEAM@Z

??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z

?widen@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEBA_WD@Z

?putback@?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV12@_W@Z

?get@?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV12@AEA_W@Z

?do_unshift@?$codecvt@_WDU_Mbstatet@@@std@@MEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z

?do_length@?$codecvt@_WDU_Mbstatet@@@std@@MEBAHAEAU_Mbstatet@@PEBD1_K@Z

?do_always_noconv@?$codecvt@_WDU_Mbstatet@@@std@@MEBA_NXZ

?_Incref@facet@locale@std@@UEAAXXZ

?_Decref@facet@locale@std@@UEAAPEAV_Facet_base@3@XZ

?_Xregex_error@std@@YAXW4error_type@regex_constants@1@@Z

?_Getcat@?$ctype@_W@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z

?tolower@?$ctype@_W@std@@QEBAPEB_WPEA_WPEB_W@Z

?tolower@?$ctype@_W@std@@QEBA_W_W@Z

?is@?$ctype@_W@std@@QEBA_NF_W@Z

?_Init@locale@std@@CAPEAV_Locimp@12@_N@Z

??1facet@locale@std@@MEAA@XZ

??0facet@locale@std@@IEAA@_K@Z

?c_str@?$_Yarn@D@std@@QEBAPEBDXZ

??1_Locinfo@std@@QEAA@XZ

??0_Locinfo@std@@QEAA@PEBD@Z

_Wcsxfrm

_Wcscoll

?_Xbad_alloc@std@@YAXXZ

?sgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEAD_J@Z

??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ

??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z

?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ

?do_get@?$num_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@MEBA?AV?$istreambuf_iterator@DU?$char_traits@D@std@@@2@V32@0AEAVios_base@2@AEAHAEAK@Z

?do_get@?$num_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@MEBA?AV?$istreambuf_iterator@DU?$char_traits@D@std@@@2@V32@0AEAVios_base@2@AEAHAEAJ@Z

?do_get@?$num_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@MEBA?AV?$istreambuf_iterator@DU?$char_traits@D@std@@@2@V32@0AEAVios_base@2@AEAHAEAI@Z

?do_get@?$num_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@MEBA?AV?$istreambuf_iterator@DU?$char_traits@D@std@@@2@V32@0AEAVios_base@2@AEAHAEAG@Z

?_Getcat@?$time_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z

?put@?$time_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QEBA?AV?$ostreambuf_iterator@DU?$char_traits@D@std@@@2@V32@AEAVios_base@2@DPEBUtm@@PEBD3@Z

?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA_N_N@Z

?flush@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV12@XZ

?_Osfx@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAXXZ

??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@_J@Z

?clear@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEAAXH_N@Z

?imbue@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAA?AVlocale@2@AEBV32@@Z

??0?$num_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QEAA@_K@Z

??1?$num_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@MEAA@XZ

?_Getcat@?$num_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z

?sputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAA_JPEB_W_J@Z

?sputc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAAG_W@Z

?imbue@ios_base@std@@QEAA?AVlocale@2@AEBV32@@Z

?getloc@ios_base@std@@QEBA?AVlocale@2@XZ

?_Syserror_map@std@@YAPEBDH@Z

?_Execute_once@std@@YAHAEAUonce_flag@1@P6AHPEAX1PEAPEAX@Z1@Z

?tolower@?$ctype@D@std@@QEBADD@Z

?classic@locale@std@@SAAEBV12@XZ

?_Locimp_Addfac@_Locimp@locale@std@@CAXPEAV123@PEAVfacet@23@_K@Z

?_New_Locimp@_Locimp@locale@std@@CAPEAV123@AEBV123@@Z

??4?$_Yarn@D@std@@QEAAAEAV01@PEBD@Z

?_Gettrue@_Locinfo@std@@QEBAPEBDXZ

?_Getfalse@_Locinfo@std@@QEBAPEBDXZ

?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEBD_J@Z

??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEAG@Z

??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@G@Z

?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z

?is@?$ctype@D@std@@QEBA_NFD@Z

??1ctype_base@std@@UEAA@XZ

??0ctype_base@std@@QEAA@_K@Z

??0id@locale@std@@QEAA@_K@Z

?_Getctype@_Locinfo@std@@QEBA?AU_Ctypevec@@XZ

_Toupper

_Tolower

??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z

?bad@ios_base@std@@QEBA_NXZ

?swap@?$basic_iostream@DU?$char_traits@D@std@@@std@@IEAAXAEAV12@@Z

?tellg@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA?AV?$fpos@U_Mbstatet@@@2@XZ

?seekg@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@_JH@Z

?read@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEAD_J@Z

??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@K@Z

?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ

?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ

?swap@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXAEAV12@@Z

?id@?$ctype@D@std@@2V0locale@2@A

?_Getcat@?$ctype@D@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z

?toupper@?$ctype@D@std@@QEBADD@Z

?_Xbad_function_call@std@@YAXXZ

??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z

?setf@ios_base@std@@QEAAHHH@Z

?_Getcvt@_Locinfo@std@@QEBA?AU_Cvtvec@@XZ

_Mbrtowc

?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ

?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ

?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z

?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z

?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ

?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ

??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ

??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z

??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEA_K@Z

??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEAI@Z

??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEAF@Z

??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEA_N@Z

?id@?$ctype@_W@std@@2V0locale@2@A

?_Getcoll@_Locinfo@std@@QEBA?AU_Collvec@@XZ

?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD00@Z

??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z

??1?$codecvt@_WDU_Mbstatet@@@std@@MEAA@XZ

??0?$codecvt@_WDU_Mbstatet@@@std@@QEAA@_K@Z

?put@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV12@_W@Z

?sync@?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAAHXZ

?sync@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAHXZ

?get@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAHXZ

??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z

?do_unshift@?$codecvt@DDU_Mbstatet@@@std@@MEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z

?do_out@?$codecvt@DDU_Mbstatet@@@std@@MEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z

?do_max_length@codecvt_base@std@@MEBAHXZ

?do_length@?$codecvt@DDU_Mbstatet@@@std@@MEBAHAEAU_Mbstatet@@PEBD1_K@Z

?do_in@?$codecvt@DDU_Mbstatet@@@std@@MEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z

?do_encoding@codecvt_base@std@@MEBAHXZ

?pubsync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ

?pubimbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA?AVlocale@2@AEBV32@@Z

??1?$codecvt@DDU_Mbstatet@@@std@@MEAA@XZ

??0?$codecvt@DDU_Mbstatet@@@std@@QEAA@_K@Z

?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ

??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@_K@Z

??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@I@Z

??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@H@Z

??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@F@Z

??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@_N@Z

?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ

?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z

??Bios_base@std@@QEBA_NXZ

?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A

?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADXZ

?tie@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_ostream@DU?$char_traits@D@std@@@2@XZ

?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD00@Z

?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD0@Z

?pbase@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ

?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z

?width@ios_base@std@@QEAA_J_J@Z

?width@ios_base@std@@QEBA_JXZ

?flags@ios_base@std@@QEBAHXZ

?good@ios_base@std@@QEBA_NXZ

?uncaught_exception@std@@YA_NXZ

?id@?$codecvt@_WDU_Mbstatet@@@std@@2V0locale@2@A

?showmanyc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAA_JXZ

??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@AEA_K@Z

??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@AEA_J@Z

??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@AEAJ@Z

??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@AEAI@Z

??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@AEAH@Z

??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@AEA_N@Z

??1?$basic_istream@_WU?$char_traits@_W@std@@@std@@UEAA@XZ

??0?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAA@PEAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@_N@Z

??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@_K@Z

??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@_J@Z

??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@J@Z

??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@I@Z

??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@H@Z

??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@_N@Z

??1?$basic_ostream@_WU?$char_traits@_W@std@@@std@@UEAA@XZ

??0?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAA@PEAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@_N@Z

??0?$basic_ios@_WU?$char_traits@_W@std@@@std@@IEAA@XZ

?setstate@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEAAXH_N@Z

??1?$basic_ios@_WU?$char_traits@_W@std@@@std@@UEAA@XZ

?xsputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAA_JPEB_W_J@Z

?xsgetn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAA_JPEA_W_J@Z

?_Init@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAAXPEAPEA_W0PEAH001@Z

?_Init@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAAXXZ

?_Pnavail@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEBA_JXZ

?_Pninc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAAPEA_WXZ

?pbump@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAAXH@Z

?_Gnavail@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEBA_JXZ

?_Gninc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAAPEA_WXZ

?_Gndec@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAAPEA_WXZ

?epptr@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEBAPEA_WXZ

?setg@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAAXPEA_W00@Z

?gbump@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAAXH@Z

?egptr@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEBAPEA_WXZ

?pptr@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEBAPEA_WXZ

?gptr@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEBAPEA_WXZ

?eback@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEBAPEA_WXZ

?getloc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEBA?AVlocale@2@XZ

??1?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UEAA@XZ

??0?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAA@XZ

?fail@ios_base@std@@QEBA_NXZ

?toupper@?$ctype@_W@std@@QEBA_W_W@Z

?_Getcat@?$codecvt@_WDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z

?unshift@?$codecvt@_WDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z

?out@?$codecvt@_WDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEB_W1AEAPEB_WPEAD3AEAPEAD@Z

?in@?$codecvt@_WDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEA_W3AEAPEA_W@Z

??0_Lockit@std@@QEAA@H@Z

??1_Lockit@std@@QEAA@XZ

?_Xlength_error@std@@YAXPEBD@Z

?_Xout_of_range@std@@YAXPEBD@Z

??Bid@locale@std@@QEAA_KXZ

?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ

?always_noconv@codecvt_base@std@@QEBA_NXZ

?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z

?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z

?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z

?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z

??7ios_base@std@@QEBA_NXZ

??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ

??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ

?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ

?eback@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ

?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ

?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ

?egptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ

?gbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXH@Z

?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ

?epptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ

?_Gndec@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ

?_Gninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ

?_Gnavail@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBA_JXZ

?pbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXH@Z

?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ

?_Pnavail@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBA_JXZ

?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ

?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAPEAD0PEAH001@Z

?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z

?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z

??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ

?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z

??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ

??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z

??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ

?_Fiopen@std@@YAPEAU_iobuf@@PEB_WHH@Z

?id@?$collate@_W@std@@2V0locale@2@A

wtsapi32

WTSQuerySessionInformationW

WTSFreeMemory

version

GetFileVersionInfoSizeW

GetFileVersionInfoW

VerQueryValueW

GetFileVersionInfoSizeA

GetFileVersionInfoA

rpcrt4

RpcStringFreeW

UuidToStringW

UuidCreate

wintrust

WinVerifyTrust

ws2_32

WSARecv

WSASend

WSASocketW

WSAAddressToStringW

getaddrinfo

freeaddrinfo

recv

setsockopt

select

ntohs

ntohl

listen

WSAGetLastError

htonl

getsockopt

getsockname

getpeername

ioctlsocket

connect

closesocket

bind

accept

__WSAFDIsSet

WSACleanup

WSAStartup

WSAIoctl

htons

send

shutdown

WSASetLastError

crypt32

CertFreeCertificateContext

CertFindCertificateInStore

CertCloseStore

CryptMsgGetParam

CertGetNameStringW

CryptMsgClose

CryptQueryObject

winhttp

WinHttpQueryAuthSchemes

WinHttpQueryHeaders

WinHttpSetOption

WinHttpGetDefaultProxyConfiguration

WinHttpSetCredentials

WinHttpQueryDataAvailable

WinHttpGetIEProxyConfigForCurrentUser

WinHttpCloseHandle

WinHttpOpen

WinHttpReadData

WinHttpReceiveResponse

WinHttpSendRequest

WinHttpAddRequestHeaders

WinHttpOpenRequest

WinHttpConnect

wininet

HttpQueryInfoW

InternetQueryDataAvailable

InternetReadFile

InternetConnectW

InternetCloseHandle

InternetOpenW

HttpSendRequestW

HttpOpenRequestW

HttpAddRequestHeadersW

InternetSetOptionW

InternetGetConnectedState

vcruntime140

strstr

wcsrchr

memset

memcpy

memchr

wcschr

__C_specific_handler

__std_type_info_compare

memcmp

strchr

__RTtypeid

__std_type_info_name

memmove

__RTDynamicCast

__CxxFrameHandler3

_CxxThrowException

__std_exception_destroy

__std_exception_copy

_purecall

__std_terminate

wcsstr

api-ms-win-crt-runtime-l1-1-0

_initialize_onexit_table

signal

_register_onexit_function

_errno

_invalid_parameter_noinfo_noreturn

_invalid_parameter_noinfo

_crt_atexit

strerror

exit

_cexit

_seh_filter_exe

_set_app_type

_configure_wide_argv

_initialize_wide_environment

terminate

_get_wide_winmain_command_line

_initterm

_exit

_c_exit

_register_thread_local_exe_atexit_callback

_endthreadex

system

_beginthread

raise

_beginthreadex

abort

_initterm_e

api-ms-win-crt-convert-l1-1-0

mbstowcs

strtoul

atoi

_ultow_s

_itow_s

_wtoi64

_wtoi

wcstombs_s

api-ms-win-crt-string-l1-1-0

strcat_s

_strdup

iswpunct

strcpy_s

towlower

wcsncpy

iswprint

iswdigit

strncpy

wcspbrk

strncmp

_wcsicmp

strcmp

tolower

isdigit

_wcslwr_s

wmemcpy_s

wcscpy_s

wcsncpy_s

wcsnlen

_wcsupr_s

iswspace

_strnicmp

ispunct

isspace

isupper

isxdigit

wcscspn

wcsspn

wcscat_s

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vfprintf

__p__commode

fputs

_set_fmode

_setmode

ftell

fseek

__stdio_common_vsprintf_s

ungetwc

fputwc

fopen

fgetwc

__stdio_common_vsscanf

_fileno

fgets

ferror

_wfopen

feof

__acrt_iob_func

fopen_s

__stdio_common_vswprintf

__stdio_common_vswprintf_s

_get_stream_buffer_pointers

fclose

fflush

fgetc

fgetpos

__stdio_common_vsprintf

fputc

fread

ungetc

fsetpos

setvbuf

fwrite

_fseeki64

__stdio_common_vsnprintf_s

api-ms-win-crt-filesystem-l1-1-0

_stat64i32

_unlock_file

remove

_lock_file

api-ms-win-crt-time-l1-1-0

_gmtime64

_localtime64

_localtime64_s

wcsftime

_time64

_mktime64

strftime

api-ms-win-crt-heap-l1-1-0

realloc

calloc

_set_new_mode

_callnewh

_msize

_recalloc

malloc

free

api-ms-win-crt-utility-l1-1-0

rand

qsort

srand

rand_s

api-ms-win-crt-math-l1-1-0

__setusermatherr

ceilf

pow

ceil

floorf

floor

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

localeconv

api-ms-win-crt-environment-l1-1-0

_wdupenv_s

getenv

api-ms-win-crt-conio-l1-1-0

_getch

Exports

??$void_cast_register@VCDeleteFile@RegistryReviverLib@@VCFix@2@@serialization@boost@@YAAEBVvoid_caster@void_cast_detail@01@PEBVCDeleteFile@RegistryReviverLib@@PEBVCFix@5@@Z

??$void_cast_register@VCDeleteKey@RegistryReviverLib@@VCFix@2@@serialization@boost@@YAAEBVvoid_caster@void_cast_detail@01@PEBVCDeleteKey@RegistryReviverLib@@PEBVCFix@5@@Z

??$void_cast_register@VCDeleteValue@RegistryReviverLib@@VCFix@2@@serialization@boost@@YAAEBVvoid_caster@void_cast_detail@01@PEBVCDeleteValue@RegistryReviverLib@@PEBVCFix@5@@Z

??$void_cast_register@VCSystemExclusions@RegistryReviverLib@@VCExclusions@2@@serialization@boost@@YAAEBVvoid_caster@void_cast_detail@01@PEBVCSystemExclusions@RegistryReviverLib@@PEBVCExclusions@5@@Z

??0?$oserializer@Vbinary_oarchive@archive@boost@@U?$pair@$$CBW4EnumErrorType@RegistryReviverLib@@V?$vector@PEAVCRegError@RegistryReviverLib@@V?$allocator@PEAVCRegError@RegistryReviverLib@@@std@@@std@@@std@@@detail@archive@boost@@QEAA@XZ

??0?$oserializer@Vbinary_oarchive@archive@boost@@V?$map@W4EnumErrorType@RegistryReviverLib@@V?$vector@PEAVCRegError@RegistryReviverLib@@V?$allocator@PEAVCRegError@RegistryReviverLib@@@std@@@std@@U?$less@W4EnumErrorType@RegistryReviverLib@@@4@V?$allocator@U?$pair@$$CBW4EnumErrorType@RegistryReviverLib@@V?$vector@PEAVCRegError@RegistryReviverLib@@V?$allocator@PEAVCRegError@RegistryReviverLib@@@std@@@std@@@std@@@4@@std@@@detail@archive@boost@@QEAA@XZ

??0?$oserializer@Vbinary_oarchive@archive@boost@@V?$vector@EV?$allocator@E@std@@@std@@@detail@archive@boost@@QEAA@XZ

??0?$oserializer@Vbinary_oarchive@archive@boost@@V?$vector@PEAVCRegError@RegistryReviverLib@@V?$allocator@PEAVCRegError@RegistryReviverLib@@@std@@@std@@@detail@archive@boost@@QEAA@XZ

??0?$oserializer@Vbinary_oarchive@archive@boost@@VCBrowserLauncher@?A0x329a0eb6@@@detail@archive@boost@@QEAA@XZ

??0?$oserializer@Vbinary_oarchive@archive@boost@@VCDeleteFile@RegistryReviverLib@@@detail@archive@boost@@QEAA@XZ

??0?$oserializer@Vbinary_oarchive@archive@boost@@VCDeleteKey@RegistryReviverLib@@@detail@archive@boost@@QEAA@XZ

??0?$oserializer@Vbinary_oarchive@archive@boost@@VCDeleteValue@RegistryReviverLib@@@detail@archive@boost@@QEAA@XZ

??0?$oserializer@Vbinary_oarchive@archive@boost@@VCFix@RegistryReviverLib@@@detail@archive@boost@@QEAA@XZ

??0?$oserializer@Vbinary_oarchive@archive@boost@@VCRegError@RegistryReviverLib@@@detail@archive@boost@@QEAA@XZ

??0?$oserializer@Vbinary_oarchive@archive@boost@@VCRegErrorContainer@RegistryReviverLib@@@detail@archive@boost@@QEAA@XZ

??0?$oserializer@Vbinary_oarchive@archive@boost@@VCRegErrorContainerEx@RegistryReviver@@@detail@archive@boost@@QEAA@XZ

??0?$oserializer@Vbinary_oarchive@archive@boost@@VCRegErrorDescription@RegistryReviverLib@@@detail@archive@boost@@QEAA@XZ

??0?$oserializer@Vbinary_oarchive@archive@boost@@VCRegValue@RegistryReviverLib@@@detail@archive@boost@@QEAA@XZ

??0?$oserializer@Vtext_oarchive@archive@boost@@UCLicenseKeySerializer@?A0x629b6b80@@@detail@archive@boost@@QEAA@XZ

??0?$oserializer@Vtext_oarchive@archive@boost@@V?$vector@DV?$allocator@D@std@@@std@@@detail@archive@boost@@QEAA@XZ

??0?$oserializer@Vtext_oarchive@archive@boost@@V?$vector@EV?$allocator@E@std@@@std@@@detail@archive@boost@@QEAA@XZ

??0?$oserializer@Vtext_oarchive@archive@boost@@VCExclusions@RegistryReviverLib@@@detail@archive@boost@@QEAA@XZ

??0?$oserializer@Vtext_oarchive@archive@boost@@VCFreeErrorsContainer@RegistryReviver@@@detail@archive@boost@@QEAA@XZ

??0?$oserializer@Vtext_oarchive@archive@boost@@VCLicenseBase@License@ReviverSoft@@@detail@archive@boost@@QEAA@XZ

??0?$oserializer@Vtext_oarchive@archive@boost@@VCSystemExclusions@RegistryReviverLib@@@detail@archive@boost@@QEAA@XZ

??0?$oserializer@Vxml_woarchive@archive@boost@@U?$pair@$$CBW4EnumErrorType@RegistryReviverLib@@_N@std@@@detail@archive@boost@@QEAA@XZ

??0?$oserializer@Vxml_woarchive@archive@boost@@UPurchaseInformation@CSettings@RegistryReviver@@@detail@archive@boost@@QEAA@XZ

??0?$oserializer@Vxml_woarchive@archive@boost@@V?$map@W4EnumErrorType@RegistryReviverLib@@_NU?$less@W4EnumErrorType@RegistryReviverLib@@@std@@V?$allocator@U?$pair@$$CBW4EnumErrorType@RegistryReviverLib@@_N@std@@@4@@std@@@detail@archive@boost@@QEAA@XZ

??0?$oserializer@Vxml_woarchive@archive@boost@@VCCommonSettings@CSettings@RegistryReviver@@@detail@archive@boost@@QEAA@XZ

??0?$oserializer@Vxml_woarchive@archive@boost@@VCLanguageManager@RegistryReviver@@@detail@archive@boost@@QEAA@XZ

??0?$oserializer@Vxml_woarchive@archive@boost@@VCLastScan@RegistryReviver@@@detail@archive@boost@@QEAA@XZ

??0?$oserializer@Vxml_woarchive@archive@boost@@VCSettings@RegistryReviver@@@detail@archive@boost@@QEAA@XZ

??0?$oserializer@Vxml_woarchive@archive@boost@@VCStringEx@Utils@@@detail@archive@boost@@QEAA@XZ

??0?$singleton@V?$extended_type_info_typeid@U?$pair@$$CBW4EnumErrorType@RegistryReviverLib@@V?$vector@PEAVCRegError@RegistryReviverLib@@V?$allocator@PEAVCRegError@RegistryReviverLib@@@std@@@std@@@std@@@serialization@boost@@@serialization@boost@@IEAA@XZ

??0?$singleton@V?$extended_type_info_typeid@U?$pair@$$CBW4EnumErrorType@RegistryReviverLib@@_N@std@@@serialization@boost@@@serialization@boost@@IEAA@XZ

??0?$singleton@V?$extended_type_info_typeid@UCLicenseKeySerializer@?A0x629b6b80@@@serialization@boost@@@serialization@boost@@IEAA@XZ

??0?$singleton@V?$extended_type_info_typeid@UPurchaseInformation@CSettings@RegistryReviver@@@serialization@boost@@@serialization@boost@@IEAA@XZ

??0?$singleton@V?$extended_type_info_typeid@V?$map@W4EnumErrorType@RegistryReviverLib@@V?$vector@PEAVCRegError@RegistryReviverLib@@V?$allocator@PEAVCRegError@RegistryReviverLib@@@std@@@std@@U?$less@W4EnumErrorType@RegistryReviverLib@@@4@V?$allocator@U?$pair@$$CBW4EnumErrorType@RegistryReviverLib@@V?$vector@PEAVCRegError@RegistryReviverLib@@V?$allocator@PEAVCRegError@RegistryReviverLib@@@std@@@std@@@std@@@4@@std@@@serialization@boost@@@serialization@boost@@IEAA@XZ

??0?$singleton@V?$extended_type_info_typeid@V?$map@W4EnumErrorType@RegistryReviverLib@@_NU?$less@W4EnumErrorType@RegistryReviverLib@@@std@@V?$allocator@U?$pair@$$CBW4EnumErrorType@RegistryReviverLib@@_N@std@@@4@@std@@@serialization@boost@@@serialization@boost@@IEAA@XZ

??0?$singleton@V?$extended_type_info_typeid@V?$vector@DV?$allocator@D@std@@@std@@@serialization@boost@@@serialization@boost@@IEAA@XZ

??0?$singleton@V?$extended_type_info_typeid@V?$vector@EV?$allocator@E@std@@@std@@@serialization@boost@@@serialization@boost@@IEAA@XZ

??0?$singleton@V?$extended_type_info_typeid@V?$vector@PEAVCRegError@RegistryReviverLib@@V?$allocator@PEAVCRegError@RegistryReviverLib@@@std@@@std@@@serialization@boost@@@serialization@boost@@IEAA@XZ

??0?$singleton@V?$extended_type_info_typeid@VCBrowserLauncher@?A0x329a0eb6@@@serialization@boost@@@serialization@boost@@IEAA@XZ

??0?$singleton@V?$extended_type_info_typeid@VCCommonSettings@CSettings@RegistryReviver@@@serialization@boost@@@serialization@boost@@IEAA@XZ

??0?$singleton@V?$extended_type_info_typeid@VCDeleteFile@RegistryReviverLib@@@serialization@boost@@@serialization@boost@@IEAA@XZ

??0?$singleton@V?$extended_type_info_typeid@VCDeleteKey@RegistryReviverLib@@@serialization@boost@@@serialization@boost@@IEAA@XZ

??0?$singleton@V?$extended_type_info_typeid@VCDeleteValue@RegistryReviverLib@@@serialization@boost@@@serialization@boost@@IEAA@XZ

??0?$singleton@V?$extended_type_info_typeid@VCExclusions@RegistryReviverLib@@@serialization@boost@@@serialization@boost@@IEAA@XZ

??0?$singleton@V?$extended_type_info_typeid@VCFix@RegistryReviverLib@@@serialization@boost@@@serialization@boost@@IEAA@XZ

??0?$singleton@V?$extended_type_info_typeid@VCFreeErrorsContainer@RegistryReviver@@@serialization@boost@@@serialization@boost@@IEAA@XZ

??0?$singleton@V?$extended_type_info_typeid@VCLanguageManager@RegistryReviver@@@serialization@boost@@@serialization@boost@@IEAA@XZ

??0?$singleton@V?$extended_type_info_typeid@VCLastScan@RegistryReviver@@@serialization@boost@@@serialization@boost@@IEAA@XZ

??0?$singleton@V?$extended_type_info_typeid@VCLicenseBase@License@ReviverSoft@@@serialization@boost@@@serialization@boost@@IEAA@XZ

??0?$singleton@V?$extended_type_info_typeid@VCRegError@RegistryReviverLib@@@serialization@boost@@@serialization@boost@@IEAA@XZ

??0?$singleton@V?$extended_type_info_typeid@VCRegErrorContainer@RegistryReviverLib@@@serialization@boost@@@serialization@boost@@IEAA@XZ

??0?$singleton@V?$extended_type_info_typeid@VCRegErrorContainerEx@RegistryReviver@@@serialization@boost@@@serialization@boost@@IEAA@XZ

??0?$singleton@V?$extended_type_info_typeid@VCRegErrorDescription@RegistryReviverLib@@@serialization@boost@@@serialization@boost@@IEAA@XZ

??0?$singleton@V?$extended_type_info_typeid@VCRegValue@RegistryReviverLib@@@serialization@boost@@@serialization@boost@@IEAA@XZ

??0?$singleton@V?$extended_type_info_typeid@VCSettings@RegistryReviver@@@serialization@boost@@@serialization@boost@@IEAA@XZ

??0?$singleton@V?$extended_type_info_typeid@VCStringEx@Utils@@@serialization@boost@@@serialization@boost@@IEAA@XZ

??0?$singleton@V?$extended_type_info_typeid@VCSystemExclusions@RegistryReviverLib@@@serialization@boost@@@serialization@boost@@IEAA@XZ

??0?$singleton@VCBrowserLauncher@?A0x329a0eb6@@@serialization@boost@@IEAA@XZ

??0?$singleton@VCCommonSettings@CSettings@RegistryReviver@@@serialization@boost@@IEAA@XZ

??0?$singleton@VCFreeErrorsContainer@RegistryReviver@@@serialization@boost@@IEAA@XZ

??0?$singleton@VCMsgBoxInfo@@@serialization@boost@@IEAA@XZ

??0?$singleton@VCSettings@RegistryReviver@@@serialization@boost@@IEAA@XZ

?get_const_instance@?$singleton@V?$archive_serializer_map@Vbinary_oarchive@archive@boost@@@detail@archive@boost@@@serialization@boost@@SAAEBV?$archive_serializer_map@Vbinary_oarchive@archive@boost@@@detail@archive@3@XZ

?get_const_instance@?$singleton@V?$extended_type_info_typeid@U?$pair@$$CBW4EnumErrorType@RegistryReviverLib@@V?$vector@PEAVCRegError@RegistryReviverLib@@V?$allocator@PEAVCRegError@RegistryReviverLib@@@std@@@std@@@std@@@serialization@boost@@@serialization@boost@@SAAEBV?$extended_type_info_typeid@U?$pair@$$CBW4EnumErrorType@RegistryReviverLib@@V?$vector@PEAVCRegError@RegistryReviverLib@@V?$allocator@PEAVCRegError@RegistryReviverLib@@@std@@@std@@@std@@@23@XZ

?get_const_instance@?$singleton@V?$extended_type_info_typeid@U?$pair@$$CBW4EnumErrorType@RegistryReviverLib@@_N@std@@@serialization@boost@@@serialization@boost@@SAAEBV?$extended_type_info_typeid@U?$pair@$$CBW4EnumErrorType@RegistryReviverLib@@_N@std@@@23@XZ

?get_const_instance@?$singleton@V?$extended_type_info_typeid@UCLicenseKeySerializer@?A0x629b6b80@@@serialization@boost@@@serialization@boost@@SAAEBV?$extended_type_info_typeid@UCLicenseKeySerializer@?A0x629b6b80@@@23@XZ

?get_const_instance@?$singleton@V?$extended_type_info_typeid@UPurchaseInformation@CSettings@RegistryReviver@@@serialization@boost@@@serialization@boost@@SAAEBV?$extended_type_info_typeid@UPurchaseInformation@CSettings@RegistryReviver@@@23@XZ

?get_const_instance@?$singleton@V?$extended_type_info_typeid@V?$map@W4EnumErrorType@RegistryReviverLib@@V?$vector@PEAVCRegError@RegistryReviverLib@@V?$allocator@PEAVCRegError@RegistryReviverLib@@@std@@@std@@U?$less@W4EnumErrorType@RegistryReviverLib@@@4@V?$allocator@U?$pair@$$CBW4EnumErrorType@RegistryReviverLib@@V?$vector@PEAVCRegError@RegistryReviverLib@@V?$allocator@PEAVCRegError@RegistryReviverLib@@@std@@@std@@@std@@@4@@std@@@serialization@boost@@@serialization@boost@@SAAEBV?$extended_type_info_typeid@V?$map@W4EnumErrorType@RegistryReviverLib@@V?$vector@PEAVCRegError@RegistryReviverLib@@V?$allocator@PEAVCRegError@RegistryReviverLib@@@std@@@std@@U?$less@W4EnumErrorType@RegistryReviverLib@@@4@V?$allocator@U?$pair@$$CBW4EnumErrorType@RegistryReviverLib@@V?$vector@PEAVCRegError@RegistryReviverLib@@V?$allocator@PEAVCRegError@RegistryReviverLib@@@std@@@std@@@std@@@4@@std@@@23@XZ

?get_const_instance@?$singleton@V?$extended_type_info_typeid@V?$map@W4EnumErrorType@RegistryReviverLib@@_NU?$less@W4EnumErrorType@RegistryReviverLib@@@std@@V?$allocator@U?$pair@$$CBW4EnumErrorType@RegistryReviverLib@@_N@std@@@4@@std@@@serialization@boost@@@serialization@boost@@SAAEBV?$extended_type_info_typeid@V?$map@W4EnumErrorType@RegistryReviverLib@@_NU?$less@W4EnumErrorType@RegistryReviverLib@@@std@@V?$allocator@U?$pair@$$CBW4EnumErrorType@RegistryReviverLib@@_N@std@@@4@@std@@@23@XZ

?get_const_instance@?$singleton@V?$extended_type_info_typeid@V?$vector@DV?$allocator@D@std@@@std@@@serialization@boost@@@serialization@boost@@SAAEBV?$extended_type_info_typeid@V?$vector@DV?$allocator@D@std@@@std@@@23@XZ

?get_const_instance@?$singleton@V?$extended_type_info_typeid@V?$vector@EV?$allocator@E@std@@@std@@@serialization@boost@@@serialization@boost@@SAAEBV?$extended_type_info_typeid@V?$vector@EV?$allocator@E@std@@@std@@@23@XZ

?get_const_instance@?$singleton@V?$extended_type_info_typeid@V?$vector@PEAVCRegError@RegistryReviverLib@@V?$allocator@PEAVCRegError@RegistryReviverLib@@@std@@@std@@@serialization@boost@@@serialization@boost@@SAAEBV?$extended_type_info_typeid@V?$vector@PEAVCRegError@RegistryReviverLib@@V?$allocator@PEAVCRegError@RegistryReviverLib@@@std@@@std@@@23@XZ

?get_const_instance@?$singleton@V?$extended_type_info_typeid@VCBrowserLauncher@?A0x329a0eb6@@@serialization@boost@@@serialization@boost@@SAAEBV?$extended_type_info_typeid@VCBrowserLauncher@?A0x329a0eb6@@@23@XZ

?get_const_instance@?$singleton@V?$extended_type_info_typeid@VCCommonSettings@CSettings@RegistryReviver@@@serialization@boost@@@serialization@boost@@SAAEBV?$extended_type_info_typeid@VCCommonSettings@CSettings@RegistryReviver@@@23@XZ

?get_const_instance@?$singleton@V?$extended_type_info_typeid@VCDeleteFile@RegistryReviverLib@@@serialization@boost@@@serialization@boost@@SAAEBV?$extended_type_info_typeid@VCDeleteFile@RegistryReviverLib@@@23@XZ

?get_const_instance@?$singleton@V?$extended_type_info_typeid@VCDeleteKey@RegistryReviverLib@@@serialization@boost@@@serialization@boost@@SAAEBV?$extended_type_info_typeid@VCDeleteKey@RegistryReviverLib@@@23@XZ

?get_const_instance@?$singleton@V?$extended_type_info_typeid@VCDeleteValue@RegistryReviverLib@@@serialization@boost@@@serialization@boost@@SAAEBV?$extended_type_info_typeid@VCDeleteValue@RegistryReviverLib@@@23@XZ

?get_const_instance@?$singleton@V?$extended_type_info_typeid@VCExclusions@RegistryReviverLib@@@serialization@boost@@@serialization@boost@@SAAEBV?$extended_type_info_typeid@VCExclusions@RegistryReviverLib@@@23@XZ

?get_const_instance@?$singleton@V?$extended_type_info_typeid@VCFix@RegistryReviverLib@@@serialization@boost@@@serialization@boost@@SAAEBV?$extended_type_info_typeid@VCFix@RegistryReviverLib@@@23@XZ

?get_const_instance@?$singleton@V?$extended_type_info_typeid@VCFreeErrorsContainer@RegistryReviver@@@serialization@boost@@@serialization@boost@@SAAEBV?$extended_type_info_typeid@VCFreeErrorsContainer@RegistryReviver@@@23@XZ

?get_const_instance@?$singleton@V?$extended_type_info_typeid@VCLanguageManager@RegistryReviver@@@serialization@boost@@@serialization@boost@@SAAEBV?$extended_type_info_typeid@VCLanguageManager@RegistryReviver@@@23@XZ

?get_const_instance@?$singleton@V?$extended_type_info_typeid@VCLastScan@RegistryReviver@@@serialization@boost@@@serialization@boost@@SAAEBV?$extended_type_info_typeid@VCLastScan@RegistryReviver@@@23@XZ

?get_const_instance@?$singleton@V?$extended_type_info_typeid@VCLicenseBase@License@ReviverSoft@@@serialization@boost@@@serialization@boost@@SAAEBV?$extended_type_info_typeid@VCLicenseBase@License@ReviverSoft@@@23@XZ

?get_const_instance@?$singleton@V?$extended_type_info_typeid@VCRegError@RegistryReviverLib@@@serialization@boost@@@serialization@boost@@SAAEBV?$extended_type_info_typeid@VCRegError@RegistryReviverLib@@@23@XZ

?get_const_instance@?$singleton@V?$extended_type_info_typeid@VCRegErrorContainer@RegistryReviverLib@@@serialization@boost@@@serialization@boost@@SAAEBV?$extended_type_info_typeid@VCRegErrorContainer@RegistryReviverLib@@@23@XZ

?get_const_instance@?$singleton@V?$extended_type_info_typeid@VCRegErrorContainerEx@RegistryReviver@@@serialization@boost@@@serialization@boost@@SAAEBV?$extended_type_info_typeid@VCRegErrorContainerEx@RegistryReviver@@@23@XZ

?get_const_instance@?$singleton@V?$extended_type_info_typeid@VCRegErrorDescription@RegistryReviverLib@@@serialization@boost@@@serialization@boost@@SAAEBV?$extended_type_info_typeid@VCRegErrorDescription@RegistryReviverLib@@@23@XZ

?get_const_instance@?$singleton@V?$extended_type_info_typeid@VCRegValue@RegistryReviverLib@@@serialization@boost@@@serialization@boost@@SAAEBV?$extended_type_info_typeid@VCRegValue@RegistryReviverLib@@@23@XZ

?get_const_instance@?$singleton@V?$extended_type_info_typeid@VCSettings@RegistryReviver@@@serialization@boost@@@serialization@boost@@SAAEBV?$extended_type_info_typeid@VCSettings@RegistryReviver@@@23@XZ

?get_const_instance@?$singleton@V?$extended_type_info_typeid@VCStringEx@Utils@@@serialization@boost@@@serialization@boost@@SAAEBV?$extended_type_info_typeid@VCStringEx@Utils@@@23@XZ

?get_const_instance@?$singleton@V?$extended_type_info_typeid@VCSystemExclusions@RegistryReviverLib@@@serialization@boost@@@serialization@boost@@SAAEBV?$extended_type_info_typeid@VCSystemExclusions@RegistryReviverLib@@@23@XZ

?get_const_instance@?$singleton@V?$iserializer@Vbinary_iarchive@archive@boost@@U?$pair@$$CBW4EnumErrorType@RegistryReviverLib@@V?$vector@PEAVCRegError@RegistryReviverLib@@V?$allocator@PEAVCRegError@RegistryReviverLib@@@std@@@std@@@std@@@detail@archive@boost@@@serialization@boost@@SAAEBV?$iserializer@Vbinary_iarchive@archive@boost@@U?$pair@$$CBW4EnumErrorType@RegistryReviverLib@@V?$vector@PEAVCRegError@RegistryReviverLib@@V?$allocator@PEAVCRegError@RegistryReviverLib@@@std@@@std@@@std@@@detail@archive@3@XZ

?get_const_instance@?$singleton@V?$iserializer@Vbinary_iarchive@archive@boost@@V?$map@W4EnumErrorType@RegistryReviverLib@@V?$vector@PEAVCRegError@RegistryReviverLib@@V?$allocator@PEAVCRegError@RegistryReviverLib@@@std@@@std@@U?$less@W4EnumErrorType@RegistryReviverLib@@@4@V?$allocator@U?$pair@$$CBW4EnumErrorType@RegistryReviverLib@@V?$vector@PEAVCRegError@RegistryReviverLib@@V?$allocator@PEAVCRegError@RegistryReviverLib@@@std@@@std@@@std@@@4@@std@@@detail@archive@boost@@@serialization@boost@@SAAEBV?$iserializer@Vbinary_iarchive@archive@boost@@V?$map@W4EnumErrorType@RegistryReviverLib@@V?$vector@PEAVCRegError@RegistryReviverLib@@V?$allocator@PEAVCRegError@RegistryReviverLib@@@std@@@std@@U?$less@W4EnumErrorType@RegistryReviverLib@@@4@V?$allocator@U?$pair@$$CBW4EnumErrorType@RegistryReviverLib@@V?$vector@PEAVCRegError@RegistryReviverLib@@V?$allocator@PEAVCRegError@RegistryReviverLib@@@std@@@std@@@std@@@4@@std@@@detail@archive@3@XZ

?get_const_instance@?$singleton@V?$iserializer@Vbinary_iarchive@archive@boost@@V?$vector@EV?$allocator@E@std@@@std@@@detail@archive@boost@@@serialization@boost@@SAAEBV?$iserializer@Vbinary_iarchive@archive@boost@@V?$vector@EV?$allocator@E@std@@@std@@@detail@archive@3@XZ

?get_const_instance@?$singleton@V?$iserializer@Vbinary_iarchive@archive@boost@@V?$vector@PEAVCRegError@RegistryReviverLib@@V?$allocator@PEAVCRegError@RegistryReviverLib@@@std@@@std@@@detail@archive@boost@@@serialization@boost@@SAAEBV?$iserializer@Vbinary_iarchive@archive@boost@@V?$vector@PEAVCRegError@RegistryReviverLib@@V?$allocator@PEAVCRegError@RegistryReviverLib@@@std@@@std@@@detail@archive@3@XZ

?get_const_instance@?$singleton@V?$iserializer@Vbinary_iarchive@archive@boost@@VCBrowserLauncher@?A0x329a0eb6@@@detail@archive@boost@@@serialization@boost@@SAAEBV?$iserializer@Vbinary_iarchive@archive@boost@@VCBrowserLauncher@?A0x329a0eb6@@@detail@archive@3@XZ

?get_const_instance@?$singleton@V?$iserializer@Vbinary_iarchive@archive@boost@@VCDeleteFile@RegistryReviverLib@@@detail@archive@boost@@@serialization@boost@@SAAEBV?$iserializer@Vbinary_iarchive@archive@boost@@VCDeleteFile@RegistryReviverLib@@@detail@archive@3@XZ

?get_const_instance@?$singleton@V?$iserializer@Vbinary_iarchive@archive@boost@@VCDeleteKey@RegistryReviverLib@@@detail@archive@boost@@@serialization@boost@@SAAEBV?$iserializer@Vbinary_iarchive@archive@boost@@VCDeleteKey@RegistryReviverLib@@@detail@archive@3@XZ

?get_const_instance@?$singleton@V?$iserializer@Vbinary_iarchive@archive@boost@@VCDeleteValue@RegistryReviverLib@@@detail@archive@boost@@@serialization@boost@@SAAEBV?$iserializer@Vbinary_iarchive@archive@boost@@VCDeleteValue@RegistryReviverLib@@@detail@archive@3@XZ

?get_const_instance@?$singleton@V?$iserializer@Vbinary_iarchive@archive@boost@@VCFix@RegistryReviverLib@@@detail@archive@boost@@@serialization@boost@@SAAEBV?$iserializer@Vbinary_iarchive@archive@boost@@VCFix@RegistryReviverLib@@@detail@archive@3@XZ

?get_const_instance@?$singleton@V?$iserializer@Vbinary_iarchive@archive@boost@@VCLicenseBase@License@ReviverSoft@@@detail@archive@boost@@@serialization@boost@@SAAEBV?$iserializer@Vbinary_iarchive@archive@boost@@VCLicenseBase@License@ReviverSoft@@@detail@archive@3@XZ

?get_const_instance@?$singleton@V?$iserializer@Vbinary_iarchive@archive@boost@@VCRegError@RegistryReviverLib@@@detail@archive@boost@@@serialization@boost@@SAAEBV?$iserializer@Vbinary_iarchive@archive@boost@@VCRegError@RegistryReviverLib@@@detail@archive@3@XZ

?get_const_instance@?$singleton@V?$iserializer@Vbinary_iarchive@archive@boost@@VCRegErrorContainer@RegistryReviverLib@@@detail@archive@boost@@@serialization@boost@@SAAEBV?$iserializer@Vbinary_iarchive@archive@boost@@VCRegErrorContainer@RegistryReviverLib@@@detail@archive@3@XZ

?get_const_instance@?$singleton@V?$iserializer@Vbinary_iarchive@archive@boost@@VCRegErrorDescription@RegistryReviverLib@@@detail@archive@boost@@@serialization@boost@@SAAEBV?$iserializer@Vbinary_iarchive@archive@boost@@VCRegErrorDescription@RegistryReviverLib@@@detail@archive@3@XZ

?get_const_instance@?$singleton@V?$iserializer@Vbinary_iarchive@archive@boost@@VCRegValue@RegistryReviverLib@@@detail@archive@boost@@@serialization@boost@@SAAEBV?$iserializer@Vbinary_iarchive@archive@boost@@VCRegValue@RegistryReviverLib@@@detail@archive@3@XZ

?get_const_instance@?$singleton@V?$iserializer@Vtext_iarchive@archive@boost@@UCLicenseKeySerializer@?A0x629b6b80@@@detail@archive@boost@@@serialization@boost@@SAAEBV?$iserializer@Vtext_iarchive@archive@boost@@UCLicenseKeySerializer@?A0x629b6b80@@@detail@archive@3@XZ

?get_const_instance@?$singleton@V?$iserializer@Vtext_iarchive@archive@boost@@V?$vector@DV?$allocator@D@std@@@std@@@detail@archive@boost@@@serialization@boost@@SAAEBV?$iserializer@Vtext_iarchive@archive@boost@@V?$vector@DV?$allocator@D@std@@@std@@@detail@archive@3@XZ

?get_const_instance@?$singleton@V?$iserializer@Vtext_iarchive@archive@boost@@V?$vector@EV?$allocator@E@std@@@std@@@detail@archive@boost@@@serialization@boost@@SAAEBV?$iserializer@Vtext_iarchive@archive@boost@@V?$vector@EV?$allocator@E@std@@@std@@@detail@archive@3@XZ

?get_const_instance@?$singleton@V?$iserializer@Vtext_iarchive@archive@boost@@VCExclusions@RegistryReviverLib@@@detail@archive@boost@@@serialization@boost@@SAAEBV?$iserializer@Vtext_iarchive@archive@boost@@VCExclusions@RegistryReviverLib@@@detail@archive@3@XZ

?get_const_instance@?$singleton@V?$iserializer@Vtext_iarchive@archive@boost@@VCFreeErrorsContainer@RegistryReviver@@@detail@archive@boost@@@serialization@boost@@SAAEBV?$iserializer@Vtext_iarchive@archive@boost@@VCFreeErrorsContainer@RegistryReviver@@@detail@archive@3@XZ

?get_const_instance@?$singleton@V?$iserializer@Vtext_iarchive@archive@boost@@VCLicenseBase@License@ReviverSoft@@@detail@archive@boost@@@serialization@boost@@SAAEBV?$iserializer@Vtext_iarchive@archive@boost@@VCLicenseBase@License@ReviverSoft@@@detail@archive@3@XZ

?get_const_instance@?$singleton@V?$iserializer@Vtext_iarchive@archive@boost@@VCSystemExclusions@RegistryReviverLib@@@detail@archive@boost@@@serialization@boost@@SAAEBV?$iserializer@Vtext_iarchive@archive@boost@@VCSystemExclusions@RegistryReviverLib@@@detail@archive@3@XZ

?get_const_instance@?$singleton@V?$iserializer@Vxml_wiarchive@archive@boost@@U?$pair@$$CBW4EnumErrorType@RegistryReviverLib@@_N@std@@@detail@archive@boost@@@serialization@boost@@SAAEBV?$iserializer@Vxml_wiarchive@archive@boost@@U?$pair@$$CBW4EnumErrorType@RegistryReviverLib@@_N@std@@@detail@archive@3@XZ

?get_const_instance@?$singleton@V?$iserializer@Vxml_wiarchive@archive@boost@@UPurchaseInformation@CSettings@RegistryReviver@@@detail@archive@boost@@@serialization@boost@@SAAEBV?$iserializer@Vxml_wiarchive@archive@boost@@UPurchaseInformation@CSettings@RegistryReviver@@@detail@archive@3@XZ

?get_const_instance@?$singleton@V?$iserializer@Vxml_wiarchive@archive@boost@@V?$map@W4EnumErrorType@RegistryReviverLib@@_NU?$less@W4EnumErrorType@RegistryReviverLib@@@std@@V?$allocator@U?$pair@$$CBW4EnumErrorType@RegistryReviverLib@@_N@std@@@4@@std@@@detail@archive@boost@@@serialization@boost@@SAAEBV?$iserializer@Vxml_wiarchive@archive@boost@@V?$map@W4EnumErrorType@RegistryReviverLib@@_NU?$less@W4EnumErrorType@RegistryReviverLib@@@std@@V?$allocator@U?$pair@$$CBW4EnumErrorType@RegistryReviverLib@@_N@std@@@4@@std@@@detail@archive@3@XZ

?get_const_instance@?$singleton@V?$iserializer@Vxml_wiarchive@archive@boost@@VCCommonSettings@CSettings@RegistryReviver@@@detail@archive@boost@@@serialization@boost@@SAAEBV?$iserializer@Vxml_wiarchive@archive@boost@@VCCommonSettings@CSettings@RegistryReviver@@@detail@archive@3@XZ

?get_const_instance@?$singleton@V?$iserializer@Vxml_wiarchive@archive@boost@@VCLanguageManager@RegistryReviver@@@detail@archive@boost@@@serialization@boost@@SAAEBV?$iserializer@Vxml_wiarchive@archive@boost@@VCLanguageManager@RegistryReviver@@@detail@archive@3@XZ

?get_const_instance@?$singleton@V?$iserializer@Vxml_wiarchive@archive@boost@@VCLastScan@RegistryReviver@@@detail@archive@boost@@@serialization@boost@@SAAEBV?$iserializer@Vxml_wiarchive@archive@boost@@VCLastScan@RegistryReviver@@@detail@archive@3@XZ

?get_const_instance@?$singleton@V?$iserializer@Vxml_wiarchive@archive@boost@@VCSettings@RegistryReviver@@@detail@archive@boost@@@serialization@boost@@SAAEBV?$iserializer@Vxml_wiarchive@archive@boost@@VCSettings@RegistryReviver@@@detail@archive@3@XZ

?get_const_instance@?$singleton@V?$iserializer@Vxml_wiarchive@archive@boost@@VCStringEx@Utils@@@detail@archive@boost@@@serialization@boost@@SAAEBV?$iserializer@Vxml_wiarchive@archive@boost@@VCStringEx@Utils@@@detail@archive@3@XZ

?get_const_instance@?$singleton@V?$map@Vbinary_iarchive@archive@boost@@@extra_detail@detail@archive@boost@@@serialization@boost@@SAAEBV?$map@Vbinary_iarchive@archive@boost@@@extra_detail@detail@archive@3@XZ

?get_const_instance@?$singleton@V?$map@Vbinary_oarchive@archive@boost@@@extra_detail@detail@archive@boost@@@serialization@boost@@SAAEBV?$map@Vbinary_oarchive@archive@boost@@@extra_detail@detail@archive@3@XZ

?get_const_instance@?$singleton@V?$map@Vtext_iarchive@archive@boost@@@extra_detail@detail@archive@boost@@@serialization@boost@@SAAEBV?$map@Vtext_iarchive@archive@boost@@@extra_detail@detail@archive@3@XZ

?get_const_instance@?$singleton@V?$map@Vtext_oarchive@archive@boost@@@extra_detail@detail@archive@boost@@@serialization@boost@@SAAEBV?$map@Vtext_oarchive@archive@boost@@@extra_detail@detail@archive@3@XZ

?get_const_instance@?$singleton@V?$map@Vxml_wiarchive@archive@boost@@@extra_detail@detail@archive@boost@@@serialization@boost@@SAAEBV?$map@Vxml_wiarchive@archive@boost@@@extra_detail@detail@archive@3@XZ

?get_const_instance@?$singleton@V?$map@Vxml_woarchive@archive@boost@@@extra_detail@detail@archive@boost@@@serialization@boost@@SAAEBV?$map@Vxml_woarchive@archive@boost@@@extra_detail@detail@archive@3@XZ

?get_const_instance@?$singleton@V?$multiset@PEBVextended_type_info@serialization@boost@@Ukey_compare@detail@23@V?$allocator@PEBVextended_type_info@serialization@boost@@@std@@@std@@@serialization@boost@@SAAEBV?$multiset@PEBVextended_type_info@serialization@boost@@Ukey_compare@detail@23@V?$allocator@PEBVextended_type_info@serialization@boost@@@std@@@std@@XZ

?get_const_instance@?$singleton@V?$multiset@PEBVextended_type_info_typeid_0@typeid_system@serialization@boost@@Utype_compare@234@V?$allocator@PEBVextended_type_info_typeid_0@typeid_system@serialization@boost@@@std@@@std@@@serialization@boost@@SAAEBV?$multiset@PEBVextended_type_info_typeid_0@typeid_system@serialization@boost@@Utype_compare@234@V?$allocator@PEBVextended_type_info_typeid_0@typeid_system@serialization@boost@@@std@@@std@@XZ

?get_const_instance@?$singleton@V?$oserializer@Vbinary_oarchive@archive@boost@@U?$pair@$$CBW4EnumErrorType@RegistryReviverLib@@V?$vector@PEAVCRegError@RegistryReviverLib@@V?$allocator@PEAVCRegError@RegistryReviverLib@@@std@@@std@@@std@@@detail@archive@boost@@@serialization@boost@@SAAEBV?$oserializer@Vbinary_oarchive@archive@boost@@U?$pair@$$CBW4EnumErrorType@RegistryReviverLib@@V?$vector@PEAVCRegError@RegistryReviverLib@@V?$allocator@PEAVCRegError@RegistryReviverLib@@@std@@@std@@@std@@@detail@archive@3@XZ

?get_const_instance@?$singleton@V?$oserializer@Vbinary_oarchive@archive@boost@@V?$map@W4EnumErrorType@RegistryReviverLib@@V?$vector@PEAVCRegError@RegistryReviverLib@@V?$allocator@PEAVCRegError@RegistryReviverLib@@@std@@@std@@U?$less@W4EnumErrorType@RegistryReviverLib@@@4@V?$allocator@U?$pair@$$CBW4EnumErrorType@RegistryReviverLib@@V?$vector@PEAVCRegError@RegistryReviverLib@@V?$allocator@PEAVCRegError@RegistryReviverLib@@@std@@@std@@@std@@@4@@std@@@detail@archive@boost@@@serialization@boost@@SAAEBV?$oserializer@Vbinary_oarchive@archive@boost@@V?$map@W4EnumErrorType@RegistryReviverLib@@V?$vector@PEAVCRegError@RegistryReviverLib@@V?$allocator@PEAVCRegError@RegistryReviverLib@@@std@@@std@@U?$less@W4EnumErrorType@RegistryReviverLib@@@4@V?$allocator@U?$pair@$$CBW4EnumErrorType@RegistryReviverLib@@V?$vector@PEAVCRegError@RegistryReviverLib@@V?$allocator@PEAVCRegError@RegistryReviverLib@@@std@@@std@@@std@@@4@@std@@@detail@archive@3@XZ

?get_const_instance@?$singleton@V?$oserializer@Vbinary_oarchive@archive@boost@@V?$vector@EV?$allocator@E@std@@@std@@@detail@archive@boost@@@serialization@boost@@SAAEBV?$oserializer@Vbinary_oarchive@archive@boost@@V?$vector@EV?$allocator@E@std@@@std@@@detail@archive@3@XZ

?get_const_instance@?$singleton@V?$oserializer@Vbinary_oarchive@archive@boost@@V?$vector@PEAVCRegError@RegistryReviverLib@@V?$allocator@PEAVCRegError@RegistryReviverLib@@@std@@@std@@@detail@archive@boost@@@serialization@boost@@SAAEBV?$oserializer@Vbinary_oarchive@archive@boost@@V?$vector@PEAVCRegError@RegistryReviverLib@@V?$allocator@PEAVCRegError@RegistryReviverLib@@@std@@@std@@@detail@archive@3@XZ

?get_const_instance@?$singleton@V?$oserializer@Vbinary_oarchive@archive@boost@@VCBrowserLauncher@?A0x329a0eb6@@@detail@archive@boost@@@serialization@boost@@SAAEBV?$oserializer@Vbinary_oarchive@archive@boost@@VCBrowserLauncher@?A0x329a0eb6@@@detail@archive@3@XZ

?get_const_instance@?$singleton@V?$oserializer@Vbinary_oarchive@archive@boost@@VCDeleteFile@RegistryReviverLib@@@detail@archive@boost@@@serialization@boost@@SAAEBV?$oserializer@Vbinary_oarchive@archive@boost@@VCDeleteFile@RegistryReviverLib@@@detail@archive@3@XZ

?get_const_instance@?$singleton@V?$oserializer@Vbinary_oarchive@archive@boost@@VCDeleteKey@RegistryReviverLib@@@detail@archive@boost@@@serialization@boost@@SAAEBV?$oserializer@Vbinary_oarchive@archive@boost@@VCDeleteKey@RegistryReviverLib@@@detail@archive@3@XZ

?get_const_instance@?$singleton@V?$oserializer@Vbinary_oarchive@archive@boost@@VCDeleteValue@RegistryReviverLib@@@detail@archive@boost@@@serialization@boost@@SAAEBV?$oserializer@Vbinary_oarchive@archive@boost@@VCDeleteValue@RegistryReviverLib@@@detail@archive@3@XZ

?get_const_instance@?$singleton@V?$oserializer@Vbinary_oarchive@archive@boost@@VCFix@RegistryReviverLib@@@detail@archive@boost@@@serialization@boost@@SAAEBV?$oserializer@Vbinary_oarchive@archive@boost@@VCFix@RegistryReviverLib@@@detail@archive@3@XZ

?get_const_instance@?$singleton@V?$oserializer@Vbinary_oarchive@archive@boost@@VCRegError@RegistryReviverLib@@@detail@archive@boost@@@serialization@boost@@SAAEBV?$oserializer@Vbinary_oarchive@archive@boost@@VCRegError@RegistryReviverLib@@@detail@archive@3@XZ

?get_const_instance@?$singleton@V?$oserializer@Vbinary_oarchive@archive@boost@@VCRegErrorContainer@RegistryReviverLib@@@detail@archive@boost@@@serialization@boost@@SAAEBV?$oserializer@Vbinary_oarchive@archive@boost@@VCRegErrorContainer@RegistryReviverLib@@@detail@archive@3@XZ

?get_const_instance@?$singleton@V?$oserializer@Vbinary_oarchive@archive@boost@@VCRegErrorContainerEx@RegistryReviver@@@detail@archive@boost@@@serialization@boost@@SAAEBV?$oserializer@Vbinary_oarchive@archive@boost@@VCRegErrorContainerEx@RegistryReviver@@@detail@archive@3@XZ

?get_const_instance@?$singleton@V?$oserializer@Vbinary_oarchive@archive@boost@@VCRegErrorDescription@RegistryReviverLib@@@detail@archive@boost@@@serialization@boost@@SAAEBV?$oserializer@Vbinary_oarchive@archive@boost@@VCRegErrorDescription@RegistryReviverLib@@@detail@archive@3@XZ

?get_const_instance@?$singleton@V?$oserializer@Vbinary_oarchive@archive@boost@@VCRegValue@RegistryReviverLib@@@detail@archive@boost@@@serialization@boost@@SAAEBV?$oserializer@Vbinary_oarchive@archive@boost@@VCRegValue@RegistryReviverLib@@@detail@archive@3@XZ

?get_const_instance@?$singleton@V?$oserializer@Vtext_oarchive@archive@boost@@UCLicenseKeySerializer@?A0x629b6b80@@@detail@archive@boost@@@serialization@boost@@SAAEBV?$oserializer@Vtext_oarchive@archive@boost@@UCLicenseKeySerializer@?A0x629b6b80@@@detail@archive@3@XZ

?get_const_instance@?$singleton@V?$oserializer@Vtext_oarchive@archive@boost@@V?$vector@DV?$allocator@D@std@@@std@@@detail@archive@boost@@@serialization@boost@@SAAEBV?$oserializer@Vtext_oarchive@archive@boost@@V?$vector@DV?$allocator@D@std@@@std@@@detail@archive@3@XZ

?get_const_instance@?$singleton@V?$oserializer@Vtext_oarchive@archive@boost@@V?$vector@EV?$allocator@E@std@@@std@@@detail@archive@boost@@@serialization@boost@@SAAEBV?$oserializer@Vtext_oarchive@archive@boost@@V?$vector@EV?$allocator@E@std@@@std@@@detail@archive@3@XZ

?get_const_instance@?$singleton@V?$oserializer@Vtext_oarchive@archive@boost@@VCExclusions@RegistryReviverLib@@@detail@archive@boost@@@serialization@boost@@SAAEBV?$oserializer@Vtext_oarchive@archive@boost@@VCExclusions@RegistryReviverLib@@@detail@archive@3@XZ

?get_const_instance@?$singleton@V?$oserializer@Vtext_oarchive@archive@boost@@VCFreeErrorsContainer@RegistryReviver@@@detail@archive@boost@@@serialization@boost@@SAAEBV?$oserializer@Vtext_oarchive@archive@boost@@VCFreeErrorsContainer@RegistryReviver@@@detail@archive@3@XZ

?get_const_instance@?$singleton@V?$oserializer@Vtext_oarchive@archive@boost@@VCLicenseBase@License@ReviverSoft@@@detail@archive@boost@@@serialization@boost@@SAAEBV?$oserializer@Vtext_oarchive@archive@boost@@VCLicenseBase@License@ReviverSoft@@@detail@archive@3@XZ

?get_const_instance@?$singleton@V?$oserializer@Vtext_oarchive@archive@boost@@VCSystemExclusions@RegistryReviverLib@@@detail@archive@boost@@@serialization@boost@@SAAEBV?$oserializer@Vtext_oarchive@archive@boost@@VCSystemExclusions@RegistryReviverLib@@@detail@archive@3@XZ

?get_const_instance@?$singleton@V?$oserializer@Vxml_woarchive@archive@boost@@U?$pair@$$CBW4EnumErrorType@RegistryReviverLib@@_N@std@@@detail@archive@boost@@@serialization@boost@@SAAEBV?$oserializer@Vxml_woarchive@archive@boost@@U?$pair@$$CBW4EnumErrorType@RegistryReviverLib@@_N@std@@@detail@archive@3@XZ

?get_const_instance@?$singleton@V?$oserializer@Vxml_woarchive@archive@boost@@UPurchaseInformation@CSettings@RegistryReviver@@@detail@archive@boost@@@serialization@boost@@SAAEBV?$oserializer@Vxml_woarchive@archive@boost@@UPurchaseInformation@CSettings@RegistryReviver@@@detail@archive@3@XZ

?get_const_instance@?$singleton@V?$oserializer@Vxml_woarchive@archive@boost@@V?$map@W4EnumErrorType@RegistryReviverLib@@_NU?$less@W4EnumErrorType@RegistryReviverLib@@@std@@V?$allocator@U?$pair@$$CBW4EnumErrorType@RegistryReviverLib@@_N@std@@@4@@std@@@detail@archive@boost@@@serialization@boost@@SAAEBV?$oserializer@Vxml_woarchive@archive@boost@@V?$map@W4EnumErrorType@RegistryReviverLib@@_NU?$less@W4EnumErrorType@RegistryReviverLib@@@std@@V?$allocator@U?$pair@$$CBW4EnumErrorType@RegistryReviverLib@@_N@std@@@4@@std@@@detail@archive@3@XZ

?get_const_instance@?$singleton@V?$oserializer@Vxml_woarchive@archive@boost@@VCCommonSettings@CSettings@RegistryReviver@@@detail@archive@boost@@@serialization@boost@@SAAEBV?$oserializer@Vxml_woarchive@archive@boost@@VCCommonSettings@CSettings@RegistryReviver@@@detail@archive@3@XZ

?get_const_instance@?$singleton@V?$oserializer@Vxml_woarchive@archive@boost@@VCLanguageManager@RegistryReviver@@@detail@archive@boost@@@serialization@boost@@SAAEBV?$oserializer@Vxml_woarchive@archive@boost@@VCLanguageManager@RegistryReviver@@@detail@archive@3@XZ

?get_const_instance@?$singleton@V?$oserializer@Vxml_woarchive@archive@boost@@VCLastScan@RegistryReviver@@@detail@archive@boost@@@serialization@boost@@SAAEBV?$oserializer@Vxml_woarchive@archive@boost@@VCLastScan@RegistryReviver@@@detail@archive@3@XZ

?get_const_instance@?$singleton@V?$oserializer@Vxml_woarchive@archive@boost@@VCSettings@RegistryReviver@@@detail@archive@boost@@@serialization@boost@@SAAEBV?$oserializer@Vxml_woarchive@archive@boost@@VCSettings@RegistryReviver@@@detail@archive@3@XZ

?get_const_instance@?$singleton@V?$oserializer@Vxml_woarchive@archive@boost@@VCStringEx@Utils@@@detail@archive@boost@@@serialization@boost@@SAAEBV?$oserializer@Vxml_woarchive@archive@boost@@VCStringEx@Utils@@@detail@archive@3@XZ

?get_const_instance@?$singleton@V?$pointer_iserializer@Vbinary_iarchive@archive@boost@@VCDeleteFile@RegistryReviverLib@@@detail@archive@boost@@@serialization@boost@@SAAEBV?$pointer_iserializer@Vbinary_iarchive@archive@boost@@VCDeleteFile@RegistryReviverLib@@@detail@archive@3@XZ

?get_const_instance@?$singleton@V?$pointer_iserializer@Vbinary_iarchive@archive@boost@@VCDeleteKey@RegistryReviverLib@@@detail@archive@boost@@@serialization@boost@@SAAEBV?$pointer_iserializer@Vbinary_iarchive@archive@boost@@VCDeleteKey@RegistryReviverLib@@@detail@archive@3@XZ

?get_const_instance@?$singleton@V?$pointer_iserializer@Vbinary_iarchive@archive@boost@@VCDeleteValue@RegistryReviverLib@@@detail@archive@boost@@@serialization@boost@@SAAEBV?$pointer_iserializer@Vbinary_iarchive@archive@boost@@VCDeleteValue@RegistryReviverLib@@@detail@archive@3@XZ

?get_const_instance@?$singleton@V?$pointer_iserializer@Vbinary_iarchive@archive@boost@@VCRegError@RegistryReviverLib@@@detail@archive@boost@@@serialization@boost@@SAAEBV?$pointer_iserializer@Vbinary_iarchive@archive@boost@@VCRegError@RegistryReviverLib@@@detail@archive@3@XZ

?get_const_instance@?$singleton@V?$pointer_oserializer@Vbinary_oarchive@archive@boost@@VCDeleteFile@RegistryReviverLib@@@detail@archive@boost@@@serialization@boost@@SAAEBV?$pointer_oserializer@Vbinary_oarchive@archive@boost@@VCDeleteFile@RegistryReviverLib@@@detail@archive@3@XZ

?get_const_instance@?$singleton@V?$pointer_oserializer@Vbinary_oarchive@archive@boost@@VCDeleteKey@RegistryReviverLib@@@detail@archive@boost@@@serialization@boost@@SAAEBV?$pointer_oserializer@Vbinary_oarchive@archive@boost@@VCDeleteKey@RegistryReviverLib@@@detail@archive@3@XZ

?get_const_instance@?$singleton@V?$pointer_oserializer@Vbinary_oarchive@archive@boost@@VCDeleteValue@RegistryReviverLib@@@detail@archive@boost@@@serialization@boost@@SAAEBV?$pointer_oserializer@Vbinary_oarchive@archive@boost@@VCDeleteValue@RegistryReviverLib@@@detail@archive@3@XZ

?get_const_instance@?$singleton@V?$pointer_oserializer@Vbinary_oarchive@archive@boost@@VCRegError@RegistryReviverLib@@@detail@archive@boost@@@serialization@boost@@SAAEBV?$pointer_oserializer@Vbinary_oarchive@archive@boost@@VCRegError@RegistryReviverLib@@@detail@archive@3@XZ

?get_const_instance@?$singleton@V?$set@PEBVvoid_caster@void_cast_detail@serialization@boost@@Uvoid_caster_compare@234@V?$allocator@PEBVvoid_caster@void_cast_detail@serialization@boost@@@std@@@std@@@serialization@boost@@SAAEBV?$set@PEBVvoid_caster@void_cast_detail@serialization@boost@@Uvoid_caster_compare@234@V?$allocator@PEBVvoid_caster@void_cast_detail@serialization@boost@@@std@@@std@@XZ

?get_const_instance@?$singleton@V?$void_caster_primitive@VCDeleteFile@RegistryReviverLib@@VCFix@2@@void_cast_detail@serialization@boost@@@serialization@boost@@SAAEBV?$void_caster_primitive@VCDeleteFile@RegistryReviverLib@@VCFix@2@@void_cast_detail@23@XZ

?get_const_instance@?$singleton@V?$void_caster_primitive@VCDeleteKey@RegistryReviverLib@@VCFix@2@@void_cast_detail@serialization@boost@@@serialization@boost@@SAAEBV?$void_caster_primitive@VCDeleteKey@RegistryReviverLib@@VCFix@2@@void_cast_detail@23@XZ

?get_const_instance@?$singleton@V?$void_caster_primitive@VCDeleteValue@RegistryReviverLib@@VCFix@2@@void_cast_detail@serialization@boost@@@serialization@boost@@SAAEBV?$void_caster_primitive@VCDeleteValue@RegistryReviverLib@@VCFix@2@@void_cast_detail@23@XZ

?get_const_instance@?$singleton@V?$void_caster_primitive@VCSystemExclusions@RegistryReviverLib@@VCExclusions@2@@void_cast_detail@serialization@boost@@@serialization@boost@@SAAEBV?$void_caster_primitive@VCSystemExclusions@RegistryReviverLib@@VCExclusions@2@@void_cast_detail@23@XZ

?get_const_instance@?$singleton@VCBrowserLauncher@?A0x329a0eb6@@@serialization@boost@@SAAEBVCBrowserLauncher@?A0x329a0eb6@@XZ

?get_const_instance@?$singleton@VCFreeErrorsContainer@RegistryReviver@@@serialization@boost@@SAAEBVCFreeErrorsContainer@RegistryReviver@@XZ

?get_const_instance@?$singleton@VCMsgBoxInfo@@@serialization@boost@@SAAEBVCMsgBoxInfo@@XZ

?get_const_instance@?$singleton@VCSettings@RegistryReviver@@@serialization@boost@@SAAEBVCSettings@RegistryReviver@@XZ

?get_lock@singleton_module@serialization@boost@@AEAAAEA_NXZ

?get_mutable_instance@?$singleton@V?$iserializer@Vbinary_iarchive@archive@boost@@VCDeleteFile@RegistryReviverLib@@@detail@archive@boost@@@serialization@boost@@SAAEAV?$iserializer@Vbinary_iarchive@archive@boost@@VCDeleteFile@RegistryReviverLib@@@detail@archive@3@XZ

?get_mutable_instance@?$singleton@V?$iserializer@Vbinary_iarchive@archive@boost@@VCDeleteKey@RegistryReviverLib@@@detail@archive@boost@@@serialization@boost@@SAAEAV?$iserializer@Vbinary_iarchive@archive@boost@@VCDeleteKey@RegistryReviverLib@@@detail@archive@3@XZ

?get_mutable_instance@?$singleton@V?$iserializer@Vbinary_iarchive@archive@boost@@VCDeleteValue@RegistryReviverLib@@@detail@archive@boost@@@serialization@boost@@SAAEAV?$iserializer@Vbinary_iarchive@archive@boost@@VCDeleteValue@RegistryReviverLib@@@detail@archive@3@XZ

?get_mutable_instance@?$singleton@V?$iserializer@Vbinary_iarchive@archive@boost@@VCRegError@RegistryReviverLib@@@detail@archive@boost@@@serialization@boost@@SAAEAV?$iserializer@Vbinary_iarchive@archive@boost@@VCRegError@RegistryReviverLib@@@detail@archive@3@XZ

?get_mutable_instance@?$singleton@V?$map@Vbinary_iarchive@archive@boost@@@extra_detail@detail@archive@boost@@@serialization@boost@@SAAEAV?$map@Vbinary_iarchive@archive@boost@@@extra_detail@detail@archive@3@XZ

?get_mutable_instance@?$singleton@V?$map@Vbinary_oarchive@archive@boost@@@extra_detail@detail@archive@boost@@@serialization@boost@@SAAEAV?$map@Vbinary_oarchive@archive@boost@@@extra_detail@detail@archive@3@XZ

?get_mutable_instance@?$singleton@V?$map@Vtext_iarchive@archive@boost@@@extra_detail@detail@archive@boost@@@serialization@boost@@SAAEAV?$map@Vtext_iarchive@archive@boost@@@extra_detail@detail@archive@3@XZ

?get_mutable_instance@?$singleton@V?$map@Vtext_oarchive@archive@boost@@@extra_detail@detail@archive@boost@@@serialization@boost@@SAAEAV?$map@Vtext_oarchive@archive@boost@@@extra_detail@detail@archive@3@XZ

?get_mutable_instance@?$singleton@V?$map@Vxml_wiarchive@archive@boost@@@extra_detail@detail@archive@boost@@@serialization@boost@@SAAEAV?$map@Vxml_wiarchive@archive@boost@@@extra_detail@detail@archive@3@XZ

?get_mutable_instance@?$singleton@V?$map@Vxml_woarchive@archive@boost@@@extra_detail@detail@archive@boost@@@serialization@boost@@SAAEAV?$map@Vxml_woarchive@archive@boost@@@extra_detail@detail@archive@3@XZ

?get_mutable_instance@?$singleton@V?$multiset@PEBVextended_type_info@serialization@boost@@Ukey_compare@detail@23@V?$allocator@PEBVextended_type_info@serialization@boost@@@std@@@std@@@serialization@boost@@SAAEAV?$multiset@PEBVextended_type_info@serialization@boost@@Ukey_compare@detail@23@V?$allocator@PEBVextended_type_info@serialization@boost@@@std@@@std@@XZ

?get_mutable_instance@?$singleton@V?$multiset@PEBVextended_type_info_typeid_0@typeid_system@serialization@boost@@Utype_compare@234@V?$allocator@PEBVextended_type_info_typeid_0@typeid_system@serialization@boost@@@std@@@std@@@serialization@boost@@SAAEAV?$multiset@PEBVextended_type_info_typeid_0@typeid_system@serialization@boost@@Utype_compare@234@V?$allocator@PEBVextended_type_info_typeid_0@typeid_system@serialization@boost@@@std@@@std@@XZ

?get_mutable_instance@?$singleton@V?$oserializer@Vbinary_oarchive@archive@boost@@VCDeleteFile@RegistryReviverLib@@@detail@archive@boost@@@serialization@boost@@SAAEAV?$oserializer@Vbinary_oarchive@archive@boost@@VCDeleteFile@RegistryReviverLib@@@detail@archive@3@XZ

?get_mutable_instance@?$singleton@V?$oserializer@Vbinary_oarchive@archive@boost@@VCDeleteKey@RegistryReviverLib@@@detail@archive@boost@@@serialization@boost@@SAAEAV?$oserializer@Vbinary_oarchive@archive@boost@@VCDeleteKey@RegistryReviverLib@@@detail@archive@3@XZ

?get_mutable_instance@?$singleton@V?$oserializer@Vbinary_oarchive@archive@boost@@VCDeleteValue@RegistryReviverLib@@@detail@archive@boost@@@serialization@boost@@SAAEAV?$oserializer@Vbinary_oarchive@archive@boost@@VCDeleteValue@RegistryReviverLib@@@detail@archive@3@XZ

?get_mutable_instance@?$singleton@V?$oserializer@Vbinary_oarchive@archive@boost@@VCRegError@RegistryReviverLib@@@detail@archive@boost@@@serialization@boost@@SAAEAV?$oserializer@Vbinary_oarchive@archive@boost@@VCRegError@RegistryReviverLib@@@detail@archive@3@XZ

?get_mutable_instance@?$singleton@V?$set@PEBVvoid_caster@void_cast_detail@serialization@boost@@Uvoid_caster_compare@234@V?$allocator@PEBVvoid_caster@void_cast_detail@serialization@boost@@@std@@@std@@@serialization@boost@@SAAEAV?$set@PEBVvoid_caster@void_cast_detail@serialization@boost@@Uvoid_caster_compare@234@V?$allocator@PEBVvoid_caster@void_cast_detail@serialization@boost@@@std@@@std@@XZ

?get_mutable_instance@?$singleton@VCFreeErrorsContainer@RegistryReviver@@@serialization@boost@@SAAEAVCFreeErrorsContainer@RegistryReviver@@XZ

?get_mutable_instance@?$singleton@VCMsgBoxInfo@@@serialization@boost@@SAAEAVCMsgBoxInfo@@XZ

?get_mutable_instance@?$singleton@VCSettings@RegistryReviver@@@serialization@boost@@SAAEAVCSettings@RegistryReviver@@XZ

?is_destroyed@?$singleton@V?$map@Vbinary_iarchive@archive@boost@@@extra_detail@detail@archive@boost@@@serialization@boost@@SA_NXZ

?is_destroyed@?$singleton@V?$map@Vbinary_oarchive@archive@boost@@@extra_detail@detail@archive@boost@@@serialization@boost@@SA_NXZ

?is_destroyed@?$singleton@V?$map@Vtext_iarchive@archive@boost@@@extra_detail@detail@archive@boost@@@serialization@boost@@SA_NXZ

?is_destroyed@?$singleton@V?$map@Vtext_oarchive@archive@boost@@@extra_detail@detail@archive@boost@@@serialization@boost@@SA_NXZ

?is_destroyed@?$singleton@V?$map@Vxml_wiarchive@archive@boost@@@extra_detail@detail@archive@boost@@@serialization@boost@@SA_NXZ

?is_destroyed@?$singleton@V?$map@Vxml_woarchive@archive@boost@@@extra_detail@detail@archive@boost@@@serialization@boost@@SA_NXZ

?is_destroyed@?$singleton@V?$multiset@PEBVextended_type_info@serialization@boost@@Ukey_compare@detail@23@V?$allocator@PEBVextended_type_info@serialization@boost@@@std@@@std@@@serialization@boost@@SA_NXZ

?is_destroyed@?$singleton@V?$multiset@PEBVextended_type_info_typeid_0@typeid_system@serialization@boost@@Utype_compare@234@V?$allocator@PEBVextended_type_info_typeid_0@typeid_system@serialization@boost@@@std@@@std@@@serialization@boost@@SA_NXZ

?is_destroyed@?$singleton@V?$set@PEBVvoid_caster@void_cast_detail@serialization@boost@@Uvoid_caster_compare@234@V?$allocator@PEBVvoid_caster@void_cast_detail@serialization@boost@@@std@@@std@@@serialization@boost@@SA_NXZ

?is_locked@singleton_module@serialization@boost@@QEAA_NXZ

?load_object_data@?$iserializer@Vbinary_iarchive@archive@boost@@U?$pair@$$CBW4EnumErrorType@RegistryReviverLib@@V?$vector@PEAVCRegError@RegistryReviverLib@@V?$allocator@PEAVCRegError@RegistryReviverLib@@@std@@@std@@@std@@@detail@archive@boost@@UEBAXAEAVbasic_iarchive@234@PEAXI@Z

?load_object_data@?$iserializer@Vbinary_iarchive@archive@boost@@V?$map@W4EnumErrorType@RegistryReviverLib@@V?$vector@PEAVCRegError@RegistryReviverLib@@V?$allocator@PEAVCRegError@RegistryReviverLib@@@std@@@std@@U?$less@W4EnumErrorType@RegistryReviverLib@@@4@V?$allocator@U?$pair@$$CBW4EnumErrorType@RegistryReviverLib@@V?$vector@PEAVCRegError@RegistryReviverLib@@V?$allocator@PEAVCRegError@RegistryReviverLib@@@std@@@std@@@std@@@4@@std@@@detail@archive@boost@@UEBAXAEAVbasic_iarchive@234@PEAXI@Z

?load_object_data@?$iserializer@Vbinary_iarchive@archive@boost@@V?$vector@EV?$allocator@E@std@@@std@@@detail@archive@boost@@UEBAXAEAVbasic_iarchive@234@PEAXI@Z

?load_object_data@?$iserializer@Vbinary_iarchive@archive@boost@@V?$vector@PEAVCRegError@RegistryReviverLib@@V?$allocator@PEAVCRegError@RegistryReviverLib@@@std@@@std@@@detail@archive@boost@@UEBAXAEAVbasic_iarchive@234@PEAXI@Z

?load_object_data@?$iserializer@Vbinary_iarchive@archive@boost@@VCBrowserLauncher@?A0x329a0eb6@@@detail@archive@boost@@UEBAXAEAVbasic_iarchive@234@PEAXI@Z

?load_object_data@?$iserializer@Vbinary_iarchive@archive@boost@@VCDeleteFile@RegistryReviverLib@@@detail@archive@boost@@UEBAXAEAVbasic_iarchive@234@PEAXI@Z

?load_object_data@?$iserializer@Vbinary_iarchive@archive@boost@@VCDeleteKey@RegistryReviverLib@@@detail@archive@boost@@UEBAXAEAVbasic_iarchive@234@PEAXI@Z

?load_object_data@?$iserializer@Vbinary_iarchive@archive@boost@@VCDeleteValue@RegistryReviverLib@@@detail@archive@boost@@UEBAXAEAVbasic_iarchive@234@PEAXI@Z

?load_object_data@?$iserializer@Vbinary_iarchive@archive@boost@@VCFix@RegistryReviverLib@@@detail@archive@boost@@UEBAXAEAVbasic_iarchive@234@PEAXI@Z

?load_object_data@?$iserializer@Vbinary_iarchive@archive@boost@@VCLicenseBase@License@ReviverSoft@@@detail@archive@boost@@UEBAXAEAVbasic_iarchive@234@PEAXI@Z

?load_object_data@?$iserializer@Vbinary_iarchive@archive@boost@@VCRegError@RegistryReviverLib@@@detail@archive@boost@@UEBAXAEAVbasic_iarchive@234@PEAXI@Z

?load_object_data@?$iserializer@Vbinary_iarchive@archive@boost@@VCRegErrorContainer@RegistryReviverLib@@@detail@archive@boost@@UEBAXAEAVbasic_iarchive@234@PEAXI@Z

?load_object_data@?$iserializer@Vbinary_iarchive@archive@boost@@VCRegErrorDescription@RegistryReviverLib@@@detail@archive@boost@@UEBAXAEAVbasic_iarchive@234@PEAXI@Z

?load_object_data@?$iserializer@Vbinary_iarchive@archive@boost@@VCRegValue@RegistryReviverLib@@@detail@archive@boost@@UEBAXAEAVbasic_iarchive@234@PEAXI@Z

?load_object_data@?$iserializer@Vtext_iarchive@archive@boost@@UCLicenseKeySerializer@?A0x629b6b80@@@detail@archive@boost@@UEBAXAEAVbasic_iarchive@234@PEAXI@Z

?load_object_data@?$iserializer@Vtext_iarchive@archive@boost@@V?$vector@DV?$allocator@D@std@@@std@@@detail@archive@boost@@UEBAXAEAVbasic_iarchive@234@PEAXI@Z

?load_object_data@?$iserializer@Vtext_iarchive@archive@boost@@V?$vector@EV?$allocator@E@std@@@std@@@detail@archive@boost@@UEBAXAEAVbasic_iarchive@234@PEAXI@Z

?load_object_data@?$iserializer@Vtext_iarchive@archive@boost@@VCExclusions@RegistryReviverLib@@@detail@archive@boost@@UEBAXAEAVbasic_iarchive@234@PEAXI@Z

?load_object_data@?$iserializer@Vtext_iarchive@archive@boost@@VCFreeErrorsContainer@RegistryReviver@@@detail@archive@boost@@UEBAXAEAVbasic_iarchive@234@PEAXI@Z

?load_object_data@?$iserializer@Vtext_iarchive@archive@boost@@VCLicenseBase@License@ReviverSoft@@@detail@archive@boost@@UEBAXAEAVbasic_iarchive@234@PEAXI@Z

?load_object_data@?$iserializer@Vtext_iarchive@archive@boost@@VCSystemExclusions@RegistryReviverLib@@@detail@archive@boost@@UEBAXAEAVbasic_iarchive@234@PEAXI@Z

?load_object_data@?$iserializer@Vxml_wiarchive@archive@boost@@U?$pair@$$CBW4EnumErrorType@RegistryReviverLib@@_N@std@@@detail@archive@boost@@UEBAXAEAVbasic_iarchive@234@PEAXI@Z

?load_object_data@?$iserializer@Vxml_wiarchive@archive@boost@@UPurchaseInformation@CSettings@RegistryReviver@@@detail@archive@boost@@UEBAXAEAVbasic_iarchive@234@PEAXI@Z

?load_object_data@?$iserializer@Vxml_wiarchive@archive@boost@@V?$map@W4EnumErrorType@RegistryReviverLib@@_NU?$less@W4EnumErrorType@RegistryReviverLib@@@std@@V?$allocator@U?$pair@$$CBW4EnumErrorType@RegistryReviverLib@@_N@std@@@4@@std@@@detail@archive@boost@@UEBAXAEAVbasic_iarchive@234@PEAXI@Z

?load_object_data@?$iserializer@Vxml_wiarchive@archive@boost@@VCCommonSettings@CSettings@RegistryReviver@@@detail@archive@boost@@UEBAXAEAVbasic_iarchive@234@PEAXI@Z

?load_object_data@?$iserializer@Vxml_wiarchive@archive@boost@@VCLanguageManager@RegistryReviver@@@detail@archive@boost@@UEBAXAEAVbasic_iarchive@234@PEAXI@Z

?load_object_data@?$iserializer@Vxml_wiarchive@archive@boost@@VCLastScan@RegistryReviver@@@detail@archive@boost@@UEBAXAEAVbasic_iarchive@234@PEAXI@Z

?load_object_data@?$iserializer@Vxml_wiarchive@archive@boost@@VCSettings@RegistryReviver@@@detail@archive@boost@@UEBAXAEAVbasic_iarchive@234@PEAXI@Z

?load_object_data@?$iserializer@Vxml_wiarchive@archive@boost@@VCStringEx@Utils@@@detail@archive@boost@@UEBAXAEAVbasic_iarchive@234@PEAXI@Z

?load_object_ptr@?$pointer_iserializer@Vbinary_iarchive@archive@boost@@VCDeleteFile@RegistryReviverLib@@@detail@archive@boost@@EEBAXAEAVbasic_iarchive@234@PEAXI@Z

?load_object_ptr@?$pointer_iserializer@Vbinary_iarchive@archive@boost@@VCDeleteKey@RegistryReviverLib@@@detail@archive@boost@@EEBAXAEAVbasic_iarchive@234@PEAXI@Z

?load_object_ptr@?$pointer_iserializer@Vbinary_iarchive@archive@boost@@VCDeleteValue@RegistryReviverLib@@@detail@archive@boost@@EEBAXAEAVbasic_iarchive@234@PEAXI@Z

?load_object_ptr@?$pointer_iserializer@Vbinary_iarchive@archive@boost@@VCRegError@RegistryReviverLib@@@detail@archive@boost@@EEBAXAEAVbasic_iarchive@234@PEAXI@Z

?lock@?1??get_lock@singleton_module@serialization@boost@@AEAAAEA_NXZ@4_NA

?lock@singleton_module@serialization@boost@@QEAAXXZ

?save_object_data@?$oserializer@Vbinary_oarchive@archive@boost@@U?$pair@$$CBW4EnumErrorType@RegistryReviverLib@@V?$vector@PEAVCRegError@RegistryReviverLib@@V?$allocator@PEAVCRegError@RegistryReviverLib@@@std@@@std@@@std@@@detail@archive@boost@@UEBAXAEAVbasic_oarchive@234@PEBX@Z

?save_object_data@?$oserializer@Vbinary_oarchive@archive@boost@@V?$map@W4EnumErrorType@RegistryReviverLib@@V?$vector@PEAVCRegError@RegistryReviverLib@@V?$allocator@PEAVCRegError@RegistryReviverLib@@@std@@@std@@U?$less@W4EnumErrorType@RegistryReviverLib@@@4@V?$allocator@U?$pair@$$CBW4EnumErrorType@RegistryReviverLib@@V?$vector@PEAVCRegError@RegistryReviverLib@@V?$allocator@PEAVCRegError@RegistryReviverLib@@@std@@@std@@@std@@@4@@std@@@detail@archive@boost@@UEBAXAEAVbasic_oarchive@234@PEBX@Z

?save_object_data@?$oserializer@Vbinary_oarchive@archive@boost@@V?$vector@EV?$allocator@E@std@@@std@@@detail@archive@boost@@UEBAXAEAVbasic_oarchive@234@PEBX@Z

?save_object_data@?$oserializer@Vbinary_oarchive@archive@boost@@V?$vector@PEAVCRegError@RegistryReviverLib@@V?$allocator@PEAVCRegError@RegistryReviverLib@@@std@@@std@@@detail@archive@boost@@UEBAXAEAVbasic_oarchive@234@PEBX@Z

?save_object_data@?$oserializer@Vbinary_oarchive@archive@boost@@VCBrowserLauncher@?A0x329a0eb6@@@detail@archive@boost@@UEBAXAEAVbasic_oarchive@234@PEBX@Z

?save_object_data@?$oserializer@Vbinary_oarchive@archive@boost@@VCDeleteFile@RegistryReviverLib@@@detail@archive@boost@@UEBAXAEAVbasic_oarchive@234@PEBX@Z

?save_object_data@?$oserializer@Vbinary_oarchive@archive@boost@@VCDeleteKey@RegistryReviverLib@@@detail@archive@boost@@UEBAXAEAVbasic_oarchive@234@PEBX@Z

?save_object_data@?$oserializer@Vbinary_oarchive@archive@boost@@VCDeleteValue@RegistryReviverLib@@@detail@archive@boost@@UEBAXAEAVbasic_oarchive@234@PEBX@Z

?save_object_data@?$oserializer@Vbinary_oarchive@archive@boost@@VCFix@RegistryReviverLib@@@detail@archive@boost@@UEBAXAEAVbasic_oarchive@234@PEBX@Z

?save_object_data@?$oserializer@Vbinary_oarchive@archive@boost@@VCRegError@RegistryReviverLib@@@detail@archive@boost@@UEBAXAEAVbasic_oarchive@234@PEBX@Z

?save_object_data@?$oserializer@Vbinary_oarchive@archive@boost@@VCRegErrorContainer@RegistryReviverLib@@@detail@archive@boost@@UEBAXAEAVbasic_oarchive@234@PEBX@Z

?save_object_data@?$oserializer@Vbinary_oarchive@archive@boost@@VCRegErrorContainerEx@RegistryReviver@@@detail@archive@boost@@UEBAXAEAVbasic_oarchive@234@PEBX@Z

?save_object_data@?$oserializer@Vbinary_oarchive@archive@boost@@VCRegErrorDescription@RegistryReviverLib@@@detail@archive@boost@@UEBAXAEAVbasic_oarchive@234@PEBX@Z

?save_object_data@?$oserializer@Vbinary_oarchive@archive@boost@@VCRegValue@RegistryReviverLib@@@detail@archive@boost@@UEBAXAEAVbasic_oarchive@234@PEBX@Z

?save_object_data@?$oserializer@Vtext_oarchive@archive@boost@@UCLicenseKeySerializer@?A0x629b6b80@@@detail@archive@boost@@UEBAXAEAVbasic_oarchive@234@PEBX@Z

?save_object_data@?$oserializer@Vtext_oarchive@archive@boost@@V?$vector@DV?$allocator@D@std@@@std@@@detail@archive@boost@@UEBAXAEAVbasic_oarchive@234@PEBX@Z

?save_object_data@?$oserializer@Vtext_oarchive@archive@boost@@V?$vector@EV?$allocator@E@std@@@std@@@detail@archive@boost@@UEBAXAEAVbasic_oarchive@234@PEBX@Z

?save_object_data@?$oserializer@Vtext_oarchive@archive@boost@@VCExclusions@RegistryReviverLib@@@detail@archive@boost@@UEBAXAEAVbasic_oarchive@234@PEBX@Z

?save_object_data@?$oserializer@Vtext_oarchive@archive@boost@@VCFreeErrorsContainer@RegistryReviver@@@detail@archive@boost@@UEBAXAEAVbasic_oarchive@234@PEBX@Z

?save_object_data@?$oserializer@Vtext_oarchive@archive@boost@@VCLicenseBase@License@ReviverSoft@@@detail@archive@boost@@UEBAXAEAVbasic_oarchive@234@PEBX@Z

?save_object_data@?$oserializer@Vtext_oarchive@archive@boost@@VCSystemExclusions@RegistryReviverLib@@@detail@archive@boost@@UEBAXAEAVbasic_oarchive@234@PEBX@Z

?save_object_data@?$oserializer@Vxml_woarchive@archive@boost@@U?$pair@$$CBW4EnumErrorType@RegistryReviverLib@@_N@std@@@detail@archive@boost@@UEBAXAEAVbasic_oarchive@234@PEBX@Z

?save_object_data@?$oserializer@Vxml_woarchive@archive@boost@@UPurchaseInformation@CSettings@RegistryReviver@@@detail@archive@boost@@UEBAXAEAVbasic_oarchive@234@PEBX@Z

?save_object_data@?$oserializer@Vxml_woarchive@archive@boost@@V?$map@W4EnumErrorType@RegistryReviverLib@@_NU?$less@W4EnumErrorType@RegistryReviverLib@@@std@@V?$allocator@U?$pair@$$CBW4EnumErrorType@RegistryReviverLib@@_N@std@@@4@@std@@@detail@archive@boost@@UEBAXAEAVbasic_oarchive@234@PEBX@Z

?save_object_data@?$oserializer@Vxml_woarchive@archive@boost@@VCCommonSettings@CSettings@RegistryReviver@@@detail@archive@boost@@UEBAXAEAVbasic_oarchive@234@PEBX@Z

?save_object_data@?$oserializer@Vxml_woarchive@archive@boost@@VCLanguageManager@RegistryReviver@@@detail@archive@boost@@UEBAXAEAVbasic_oarchive@234@PEBX@Z

?save_object_data@?$oserializer@Vxml_woarchive@archive@boost@@VCLastScan@RegistryReviver@@@detail@archive@boost@@UEBAXAEAVbasic_oarchive@234@PEBX@Z

?save_object_data@?$oserializer@Vxml_woarchive@archive@boost@@VCSettings@RegistryReviver@@@detail@archive@boost@@UEBAXAEAVbasic_oarchive@234@PEBX@Z

?save_object_data@?$oserializer@Vxml_woarchive@archive@boost@@VCStringEx@Utils@@@detail@archive@boost@@UEBAXAEAVbasic_oarchive@234@PEBX@Z

?save_object_ptr@?$pointer_oserializer@Vbinary_oarchive@archive@boost@@VCDeleteFile@RegistryReviverLib@@@detail@archive@boost@@EEBAXAEAVbasic_oarchive@234@PEBX@Z

?save_object_ptr@?$pointer_oserializer@Vbinary_oarchive@archive@boost@@VCDeleteKey@RegistryReviverLib@@@detail@archive@boost@@EEBAXAEAVbasic_oarchive@234@PEBX@Z

?save_object_ptr@?$pointer_oserializer@Vbinary_oarchive@archive@boost@@VCDeleteValue@RegistryReviverLib@@@detail@archive@boost@@EEBAXAEAVbasic_oarchive@234@PEBX@Z

?save_object_ptr@?$pointer_oserializer@Vbinary_oarchive@archive@boost@@VCRegError@RegistryReviverLib@@@detail@archive@boost@@EEBAXAEAVbasic_oarchive@234@PEBX@Z

?unlock@singleton_module@serialization@boost@@QEAAXXZ

Sections

.text
Size: 7.2MB - Virtual size: 7.2MB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

.rdata
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.data
Size: 573KB - Virtual size: 607KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.pdata
Size: 285KB - Virtual size: 284KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.rsrc
Size: 19.1MB - Virtual size: 19.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.reloc
Size: 45KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_DISCARDABLE

IMAGE_SCN_MEM_READ

RegistryOptimizer.mab

RegistryOptimizerUpdater.exe

.exe windows:6 windows x64 arch:x64

e3cad74c682d9d64e7b77ea261a21e05

Code Sign

07:c8:cc:b4:dd:a3:80:23:6b:da:84:4e:b9:25:91:3a
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

19/12/2019, 00:00

Not After

16/03/2022, 12:00

Subject

CN=Corel Corporation,O=Corel Corporation,L=Ottawa,ST=Ontario,C=CA

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

4f:a1:b8:d4:63:1e:15:b6:ff:67:bd:9a:e7:f7:25:94:d4:77:93:50
Signer

Actual PE Digest

4f:a1:b8:d4:63:1e:15:b6:ff:67:bd:9a:e7:f7:25:94:d4:77:93:50

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

D:\Projects\RegistryReviver_with_tests\bin\x64\Release\RegistryOptimizerUpdater.pdb

Imports

kernel32

HeapFree

HeapSize

GetProcessHeap

InitializeCriticalSectionAndSpinCount

DeleteCriticalSection

WaitForSingleObject

Sleep

TerminateProcess

GetCurrentThread

GetCurrentThreadId

CreateProcessW

OpenProcess

GetVersion

FindResourceExW

GetModuleFileNameW

GetModuleHandleW

GetProcAddress

LoadResource

LockResource

SizeofResource

FindResourceW

HeapReAlloc

GetCurrentProcessId

CreateToolhelp32Snapshot

Process32FirstW

Process32NextW

GetSystemTimeAsFileTime

QueryPerformanceCounter

GetCurrentProcess

IsProcessorFeaturePresent

GetStartupInfoW

SetUnhandledExceptionFilter

UnhandledExceptionFilter

RtlVirtualUnwind

RtlLookupFunctionEntry

RtlCaptureContext

CreateEventW

WaitForSingleObjectEx

ResetEvent

HeapAlloc

HeapDestroy

GetLastError

RaiseException

CloseHandle

SetEvent

LeaveCriticalSection

EnterCriticalSection

OutputDebugStringW

IsDebuggerPresent

InitializeSListHead

user32

FindWindowW

SendMessageW

ole32

CoCreateInstance

CoInitializeSecurity

CoInitializeEx

CoUninitialize

oleaut32

SysFreeString

SysAllocString

advapi32

RegOpenKeyExW

RegDeleteValueW

RegCloseKey

LookupPrivilegeValueW

ImpersonateSelf

AdjustTokenPrivileges

OpenThreadToken

psapi

GetProcessImageFileNameW

msvcp140

?_Xlength_error@std@@YAXPEBD@Z

vcruntime140

__C_specific_handler

wcsrchr

__std_exception_destroy

__std_exception_copy

memset

memmove

memcpy

__CxxFrameHandler3

_CxxThrowException

wcsstr

__std_terminate

api-ms-win-crt-runtime-l1-1-0

_configure_wide_argv

_initialize_wide_environment

_get_wide_winmain_command_line

_initterm

_seh_filter_exe

exit

_exit

_cexit

_c_exit

_register_thread_local_exe_atexit_callback

_crt_atexit

_register_onexit_function

_initialize_onexit_table

_errno

_invalid_parameter_noinfo_noreturn

_invalid_parameter_noinfo

_set_app_type

_initterm_e

terminate

api-ms-win-crt-string-l1-1-0

_wcsicmp

wmemcpy_s

wcscpy_s

wcsnlen

api-ms-win-crt-heap-l1-1-0

_callnewh

malloc

_set_new_mode

free

api-ms-win-crt-convert-l1-1-0

_wtoi

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vswprintf

__p__commode

_set_fmode

__stdio_common_vswprintf_s

api-ms-win-crt-math-l1-1-0

__setusermatherr

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

.rdata
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.pdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.rsrc
Size: 49KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 128B

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_DISCARDABLE

IMAGE_SCN_MEM_READ

RegistryOptimizerUpdater.mab

Uninstall.exe

.exe windows:5 windows x86 arch:x86

bf95d1fc1d10de18b32654b123ad5e1f

Code Sign

07:c8:cc:b4:dd:a3:80:23:6b:da:84:4e:b9:25:91:3a
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

19/12/2019, 00:00

Not After

16/03/2022, 12:00

Subject

CN=Corel Corporation,O=Corel Corporation,L=Ottawa,ST=Ontario,C=CA

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

4d:a6:1e:31:c3:fb:fc:bc:7e:f1:17:4c:89:a2:90:95:5a:64:d0:f7
Signer

Actual PE Digest

4d:a6:1e:31:c3:fb:fc:bc:7e:f1:17:4c:89:a2:90:95:5a:64:d0:f7

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetFileTime

CompareFileTime

SearchPathW

GetShortPathNameW

GetFullPathNameW

MoveFileW

SetCurrentDirectoryW

GetFileAttributesW

GetLastError

CreateDirectoryW

SetFileAttributesW

Sleep

GetTickCount

GetFileSize

GetModuleFileNameW

GetCurrentProcess

CopyFileW

ExitProcess

GetWindowsDirectoryW

GetTempPathW

GetCommandLineW

SetErrorMode

lstrcpynA

CloseHandle

lstrcpynW

GetDiskFreeSpaceW

GlobalUnlock

GlobalLock

CreateThread

LoadLibraryW

CreateProcessW

lstrcmpiA

CreateFileW

GetTempFileNameW

lstrcatW

GetProcAddress

LoadLibraryA

GetModuleHandleA

OpenProcess

lstrcpyW

GetVersionExW

GetSystemDirectoryW

GetVersion

lstrcpyA

RemoveDirectoryW

lstrcmpiW

lstrcmpW

ExpandEnvironmentStringsW

GlobalAlloc

WaitForSingleObject

GetExitCodeProcess

GlobalFree

GetModuleHandleW

LoadLibraryExW

FreeLibrary

WritePrivateProfileStringW

GetPrivateProfileStringW

WideCharToMultiByte

MulDiv

lstrlenA

WriteFile

ReadFile

MultiByteToWideChar

SetFilePointer

FindClose

FindNextFileW

FindFirstFileW

DeleteFileW

lstrlenW

user32

ScreenToClient

GetMessagePos

CallWindowProcW

IsWindowVisible

LoadBitmapW

CloseClipboard

SetClipboardData

EmptyClipboard

OpenClipboard

TrackPopupMenu

GetWindowRect

AppendMenuW

CreatePopupMenu

GetSystemMetrics

EndDialog

EnableMenuItem

GetSystemMenu

SetClassLongW

IsWindowEnabled

SetWindowPos

DialogBoxParamW

CheckDlgButton

CreateWindowExW

SystemParametersInfoW

RegisterClassW

SetDlgItemTextW

GetDlgItemTextW

MessageBoxIndirectW

CharNextA

CharUpperW

CharPrevW

DispatchMessageW

PeekMessageW

wsprintfA

DestroyWindow

CreateDialogParamW

SetTimer

SetWindowTextW

PostQuitMessage

SetForegroundWindow

ShowWindow

wsprintfW

SendMessageTimeoutW

LoadCursorW

SetCursor

GetWindowLongW

GetSysColor

CharNextW

GetClassInfoW

ExitWindowsEx

FindWindowExW

GetDlgItem

SetWindowLongW

LoadImageW

GetDC

EnableWindow

InvalidateRect

SendMessageW

DefWindowProcW

BeginPaint

GetClientRect

FillRect

DrawTextW

EndPaint

IsWindow

gdi32

SetBkColor

GetDeviceCaps

DeleteObject

CreateBrushIndirect

CreateFontIndirectW

SetBkMode

SetTextColor

SelectObject

shell32

SHBrowseForFolderW

SHGetPathFromIDListW

SHGetFileInfoW

ShellExecuteW

SHFileOperationW

SHGetSpecialFolderLocation

advapi32

RegEnumKeyW

RegOpenKeyExW

RegCloseKey

RegDeleteKeyW

RegDeleteValueW

RegCreateKeyExW

RegSetValueExW

RegQueryValueExW

RegEnumValueW

comctl32

ImageList_AddMasked

ImageList_Destroy

ord17

ImageList_Create

ole32

CoTaskMemFree

OleInitialize

OleUninitialize

CoCreateInstance

version

GetFileVersionInfoSizeW

GetFileVersionInfoW

VerQueryValueW

Sections

.text
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 452KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 596KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.rsrc
Size: 370KB - Virtual size: 369KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

$PLUGINSDIR/InstallOptions.dll

.dll windows:5 windows x86 arch:x86

cd90e33ffbc335413a25300c682c83df

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_32BIT_MACHINE

IMAGE_FILE_DLL

Imports

kernel32

lstrcmpiW

GetModuleHandleW

GlobalLock

GlobalUnlock

GetCurrentDirectoryW

SetCurrentDirectoryW

GetPrivateProfileIntW

GetPrivateProfileStringW

lstrcatW

WritePrivateProfileStringW

lstrcpynW

lstrlenW

lstrcpyW

GlobalFree

GlobalAlloc

user32

OpenClipboard

DestroyIcon

LoadCursorW

DispatchMessageW

TranslateMessage

GetMessageW

IsDialogMessageW

ShowWindow

SetWindowLongW

GetClientRect

SetWindowRgn

LoadIconW

LoadImageW

CreateWindowExW

MapDialogRect

GetClipboardData

GetWindowRect

CreateDialogParamW

EnableMenuItem

GetSystemMenu

EnableWindow

GetDlgItem

SetCursor

DrawTextW

GetWindowLongW

DrawFocusRect

CallWindowProcW

PostMessageW

wsprintfW

CharNextW

MessageBoxW

CloseClipboard

GetDlgCtrlID

MapWindowPoints

SetWindowPos

PtInRect

GetWindowTextW

SetWindowTextW

SendMessageW

DestroyWindow

gdi32

SelectObject

CreateRectRgn

GetObjectW

CombineRgn

DeleteObject

CreateCompatibleDC

GetDIBits

SetTextColor

shell32

SHBrowseForFolderW

SHGetPathFromIDListW

ShellExecuteW

SHGetDesktopFolder

comdlg32

GetOpenFileNameW

CommDlgExtendedError

GetSaveFileNameW

ole32

CoTaskMemFree

Exports

dialog

initDialog

show

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_DISCARDABLE

IMAGE_SCN_MEM_READ

$PLUGINSDIR/System.dll

.dll windows:5 windows x86 arch:x86

039bcbc605477e8e87ec550c2e60e748

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_32BIT_MACHINE

IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc

GlobalFree

GlobalSize

GetLastError

lstrcpyW

lstrcpynW

GetProcAddress

WideCharToMultiByte

lstrcatW

lstrlenW

lstrcmpiW

LoadLibraryW

GetModuleHandleW

MultiByteToWideChar

VirtualAlloc

VirtualProtect

FreeLibrary

user32

wsprintfW

ole32

CLSIDFromString

StringFromGUID2

Exports

Alloc

Call

Copy

Free

Get

Int64Op

Store

StrAlloc

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 963B

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 64B

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 588B

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_DISCARDABLE

IMAGE_SCN_MEM_READ

$PLUGINSDIR/ioSpecial.ini

$PLUGINSDIR/modern-wizard.bmp

$PLUGINSDIR/nsEnvVariables.dll

.dll windows:5 windows x86 arch:x86

211e16547fae1d5f51bf909bfc524385

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_32BIT_MACHINE

IMAGE_FILE_DLL

Imports

kernel32

MultiByteToWideChar

GlobalAlloc

lstrcpynW

WideCharToMultiByte

GetCurrentThreadId

GetCommandLineA

GetModuleHandleW

GetProcAddress

TlsGetValue

TlsAlloc

TlsSetValue

TlsFree

InterlockedIncrement

SetLastError

GetLastError

InterlockedDecrement

HeapFree

Sleep

ExitProcess

SetHandleCount

GetStdHandle

GetFileType

GetStartupInfoA

DeleteCriticalSection

GetModuleFileNameA

FreeEnvironmentStringsA

GetEnvironmentStrings

FreeEnvironmentStringsW

GetEnvironmentStringsW

HeapCreate

HeapDestroy

VirtualFree

QueryPerformanceCounter

GetTickCount

GetCurrentProcessId

GetSystemTimeAsFileTime

LeaveCriticalSection

EnterCriticalSection

GetCPInfo

GetACP

GetOEMCP

IsValidCodePage

HeapAlloc

VirtualAlloc

HeapReAlloc

WriteFile

TerminateProcess

GetCurrentProcess

UnhandledExceptionFilter

SetUnhandledExceptionFilter

IsDebuggerPresent

LoadLibraryA

InitializeCriticalSectionAndSpinCount

RtlUnwind

GetLocaleInfoA

GetStringTypeA

GetStringTypeW

LCMapStringA

LCMapStringW

HeapSize

user32

wsprintfW

advapi32

CheckTokenMembership

FreeSid

AllocateAndInitializeSid

Exports

IsAdministrator

Sections

.text
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

.rdata
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_DISCARDABLE

IMAGE_SCN_MEM_READ

$PLUGINSDIR/nsProcess.dll

.dll windows:5 windows x86 arch:x86

439074d1c01f7b16781bdf060930814a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_32BIT_MACHINE

IMAGE_FILE_DLL

Imports

kernel32

CloseHandle

TerminateProcess

WaitForSingleObject

GetExitCodeProcess

OpenProcess

MultiByteToWideChar

lstrlenA

lstrlenW

LoadLibraryA

lstrcmpiW

lstrcpynW

FreeLibrary

LocalFree

LocalAlloc

GetProcAddress

LoadLibraryW

GetVersionExW

GlobalFree

GlobalAlloc

user32

GetWindowThreadProcessId

EnumWindows

wsprintfW

PostMessageW

Exports

_CloseProcess

_FindProcess

_KillProcess

_Unload

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 927B

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 254B

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_DISCARDABLE

IMAGE_SCN_MEM_READ

$PLUGINSDIR/nsisos.dll

.dll windows:5 windows x86 arch:x86

02dceff3de5d2175177a78f2eb554a86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_32BIT_MACHINE

IMAGE_FILE_DLL

Imports

kernel32

VerifyVersionInfoW

VerSetConditionMask

GetVersionExW

lstrcpyW

lstrcpynW

GlobalAlloc

IsProcessorFeaturePresent

Exports

osplatform

osversion

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 396B

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 192B

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_DISCARDABLE

IMAGE_SCN_MEM_READ

api-ms-win-core-console-l1-1-0.dll

.dll windows:10 windows x64 arch:x64

Code Sign

33:00:00:00:70:f4:18:bf:23:21:fc:50:9d:00:00:00:00:00:70
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

20/03/2015, 17:32

Not After

20/06/2016, 17:32

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:F528-3777-8A76,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

33:00:00:01:0a:2c:79:ae:d7:79:7b:a6:ac:00:01:00:00:01:0a
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

04/06/2015, 17:42

Not After

04/09/2016, 17:42

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:33:26:1a:00:00:00:00:00:31
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

31/08/2010, 22:19

Not After

31/08/2020, 22:29

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03/04/2007, 12:53

Not After

03/04/2021, 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

33:00:00:00:7b:a2:81:0b:87:11:ab:e7:fc:00:00:00:00:00:7b
Certificate

Issuer

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

01/10/2014, 18:06

Not After

01/01/2016, 18:06

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0c:52:4c:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

06/07/2010, 20:40

Not After

06/07/2025, 20:50

Subject

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

7b:ec:97:26:cd:6b:bf:1f:79:1f:cf:2c:05:26:8c:16:fd:95:95:23:b5:71:a2:84:cd:ea:a0:24:41:99:d7:68
Signer

Actual PE Digest

7b:ec:97:26:cd:6b:bf:1f:79:1f:cf:2c:05:26:8c:16:fd:95:95:23:b5:71:a2:84:cd:ea:a0:24:41:99:d7:68

Digest Algorithm

sha256

PE Digest Matches

true

12:f4:3b:b9:51:88:92:ea:6c:22:17:9b:ff:25:34:68:01:88:60:90
Signer

Actual PE Digest

12:f4:3b:b9:51:88:92:ea:6c:22:17:9b:ff:25:34:68:01:88:60:90

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_LARGE_ADDRESS_AWARE

IMAGE_FILE_DLL

PDB Paths

api-ms-win-core-console-l1-1-0.pdb

Exports

AllocConsole

GetConsoleCP

GetConsoleMode

GetConsoleOutputCP

GetNumberOfConsoleInputEvents

PeekConsoleInputA

ReadConsoleA

ReadConsoleInputA

ReadConsoleInputW

ReadConsoleW

SetConsoleCtrlHandler

SetConsoleMode

WriteConsoleA

WriteConsoleW

Sections

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1000B

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

api-ms-win-core-datetime-l1-1-0.dll

.dll windows:10 windows x64 arch:x64

Code Sign

33:00:00:00:70:f4:18:bf:23:21:fc:50:9d:00:00:00:00:00:70
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

20/03/2015, 17:32

Not After

20/06/2016, 17:32

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:F528-3777-8A76,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

33:00:00:01:0a:2c:79:ae:d7:79:7b:a6:ac:00:01:00:00:01:0a
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

04/06/2015, 17:42

Not After

04/09/2016, 17:42

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:33:26:1a:00:00:00:00:00:31
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

31/08/2010, 22:19

Not After

31/08/2020, 22:29

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03/04/2007, 12:53

Not After

03/04/2021, 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

33:00:00:00:7b:a2:81:0b:87:11:ab:e7:fc:00:00:00:00:00:7b
Certificate

Issuer

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

01/10/2014, 18:06

Not After

01/01/2016, 18:06

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0c:52:4c:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

06/07/2010, 20:40

Not After

06/07/2025, 20:50

Subject

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

f4:19:d0:30:9a:81:75:94:12:46:79:a5:33:ce:59:fd:58:5b:e3:25:42:6a:87:ee:2b:0d:2e:5a:2d:f9:5f:14
Signer

Actual PE Digest

f4:19:d0:30:9a:81:75:94:12:46:79:a5:33:ce:59:fd:58:5b:e3:25:42:6a:87:ee:2b:0d:2e:5a:2d:f9:5f:14

Digest Algorithm

sha256

PE Digest Matches

true

25:7b:57:dc:5f:6d:78:53:f3:94:11:95:01:c0:d7:13:a4:b4:ad:6c
Signer

Actual PE Digest

25:7b:57:dc:5f:6d:78:53:f3:94:11:95:01:c0:d7:13:a4:b4:ad:6c

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_LARGE_ADDRESS_AWARE

IMAGE_FILE_DLL

PDB Paths

api-ms-win-core-datetime-l1-1-0.pdb

Exports

GetDateFormatA

GetDateFormatW

GetTimeFormatA

GetTimeFormatW

Sections

.rdata
Size: 1024B - Virtual size: 548B

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1000B

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

api-ms-win-core-debug-l1-1-0.dll

.dll windows:10 windows x64 arch:x64

Code Sign

33:00:00:00:70:f4:18:bf:23:21:fc:50:9d:00:00:00:00:00:70
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

20/03/2015, 17:32

Not After

20/06/2016, 17:32

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:F528-3777-8A76,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

33:00:00:01:0a:2c:79:ae:d7:79:7b:a6:ac:00:01:00:00:01:0a
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

04/06/2015, 17:42

Not After

04/09/2016, 17:42

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:33:26:1a:00:00:00:00:00:31
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

31/08/2010, 22:19

Not After

31/08/2020, 22:29

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03/04/2007, 12:53

Not After

03/04/2021, 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

33:00:00:00:7b:a2:81:0b:87:11:ab:e7:fc:00:00:00:00:00:7b
Certificate

Issuer

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

01/10/2014, 18:06

Not After

01/01/2016, 18:06

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0c:52:4c:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

06/07/2010, 20:40

Not After

06/07/2025, 20:50

Subject

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

32:ba:58:20:a4:4e:a8:13:9f:d3:29:8b:6b:d5:32:0b:95:5b:95:17:14:fa:6d:5f:17:20:db:64:96:97:24:26
Signer

Actual PE Digest

32:ba:58:20:a4:4e:a8:13:9f:d3:29:8b:6b:d5:32:0b:95:5b:95:17:14:fa:6d:5f:17:20:db:64:96:97:24:26

Digest Algorithm

sha256

PE Digest Matches

true

31:29:51:42:aa:8e:90:ce:dc:41:47:64:41:6d:63:20:54:69:4f:56
Signer

Actual PE Digest

31:29:51:42:aa:8e:90:ce:dc:41:47:64:41:6d:63:20:54:69:4f:56

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_LARGE_ADDRESS_AWARE

IMAGE_FILE_DLL

PDB Paths

api-ms-win-core-debug-l1-1-0.pdb

Exports

DebugBreak

IsDebuggerPresent

OutputDebugStringA

OutputDebugStringW

Sections

.rdata
Size: 1024B - Virtual size: 560B

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1000B

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

api-ms-win-core-errorhandling-l1-1-0.dll

.dll windows:10 windows x64 arch:x64

Code Sign

33:00:00:00:70:f4:18:bf:23:21:fc:50:9d:00:00:00:00:00:70
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

20/03/2015, 17:32

Not After

20/06/2016, 17:32

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:F528-3777-8A76,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

33:00:00:01:0a:2c:79:ae:d7:79:7b:a6:ac:00:01:00:00:01:0a
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

04/06/2015, 17:42

Not After

04/09/2016, 17:42

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:33:26:1a:00:00:00:00:00:31
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

31/08/2010, 22:19

Not After

31/08/2020, 22:29

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03/04/2007, 12:53

Not After

03/04/2021, 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

33:00:00:00:7b:a2:81:0b:87:11:ab:e7:fc:00:00:00:00:00:7b
Certificate

Issuer

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

01/10/2014, 18:06

Not After

01/01/2016, 18:06

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0c:52:4c:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

06/07/2010, 20:40

Not After

06/07/2025, 20:50

Subject

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

b8:c4:71:9f:75:a9:c5:43:4f:d0:4e:73:ac:89:12:eb:a7:19:72:7f:52:cf:a5:d6:d7:6e:d6:30:cd:e9:ec:22
Signer

Actual PE Digest

b8:c4:71:9f:75:a9:c5:43:4f:d0:4e:73:ac:89:12:eb:a7:19:72:7f:52:cf:a5:d6:d7:6e:d6:30:cd:e9:ec:22

Digest Algorithm

sha256

PE Digest Matches

true

8c:d5:3a:0a:16:47:49:65:34:5f:25:8b:cc:5e:49:4d:d1:25:f6:13
Signer

Actual PE Digest

8c:d5:3a:0a:16:47:49:65:34:5f:25:8b:cc:5e:49:4d:d1:25:f6:13

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_LARGE_ADDRESS_AWARE

IMAGE_FILE_DLL

PDB Paths

api-ms-win-core-errorhandling-l1-1-0.pdb

Exports

GetErrorMode

GetLastError

RaiseException

SetErrorMode

SetLastError

SetUnhandledExceptionFilter

UnhandledExceptionFilter

Sections

.rdata
Size: 1024B - Virtual size: 740B

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1000B

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

api-ms-win-core-file-l1-1-0.dll

.dll windows:10 windows x64 arch:x64

Code Sign

33:00:00:00:70:f4:18:bf:23:21:fc:50:9d:00:00:00:00:00:70
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

20/03/2015, 17:32

Not After

20/06/2016, 17:32

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:F528-3777-8A76,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

33:00:00:01:0a:2c:79:ae:d7:79:7b:a6:ac:00:01:00:00:01:0a
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

04/06/2015, 17:42

Not After

04/09/2016, 17:42

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:33:26:1a:00:00:00:00:00:31
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

31/08/2010, 22:19

Not After

31/08/2020, 22:29

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03/04/2007, 12:53

Not After

03/04/2021, 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

33:00:00:00:7b:a2:81:0b:87:11:ab:e7:fc:00:00:00:00:00:7b
Certificate

Issuer

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

01/10/2014, 18:06

Not After

01/01/2016, 18:06

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0c:52:4c:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

06/07/2010, 20:40

Not After

06/07/2025, 20:50

Subject

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

a9:fc:f1:84:30:f2:70:be:55:7d:4f:d5:89:61:39:d6:80:10:c6:4f:22:ee:8c:4c:66:a7:00:17:e9:da:c5:38
Signer

Actual PE Digest

a9:fc:f1:84:30:f2:70:be:55:7d:4f:d5:89:61:39:d6:80:10:c6:4f:22:ee:8c:4c:66:a7:00:17:e9:da:c5:38

Digest Algorithm

sha256

PE Digest Matches

true

c0:6e:08:94:c2:93:0d:3f:b8:33:1d:fb:61:02:c4:16:f2:8c:9d:c2
Signer

Actual PE Digest

c0:6e:08:94:c2:93:0d:3f:b8:33:1d:fb:61:02:c4:16:f2:8c:9d:c2

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_LARGE_ADDRESS_AWARE

IMAGE_FILE_DLL

PDB Paths

api-ms-win-core-file-l1-1-0.pdb

Exports

CompareFileTime

CreateDirectoryA

CreateDirectoryW

CreateFileA

CreateFileW

DefineDosDeviceW

DeleteFileA

DeleteFileW

DeleteVolumeMountPointW

FileTimeToLocalFileTime

FindClose

FindCloseChangeNotification

FindFirstChangeNotificationA

FindFirstChangeNotificationW

FindFirstFileA

FindFirstFileExA

FindFirstFileExW

FindFirstFileW

FindFirstVolumeW

FindNextChangeNotification

FindNextFileA

FindNextFileW

FindNextVolumeW

FindVolumeClose

FlushFileBuffers

GetDiskFreeSpaceA

GetDiskFreeSpaceExA

GetDiskFreeSpaceExW

GetDiskFreeSpaceW

GetDriveTypeA

GetDriveTypeW

GetFileAttributesA

GetFileAttributesExA

GetFileAttributesExW

GetFileAttributesW

GetFileInformationByHandle

GetFileSize

GetFileSizeEx

GetFileTime

GetFileType

GetFinalPathNameByHandleA

GetFinalPathNameByHandleW

GetFullPathNameA

GetFullPathNameW

GetLogicalDriveStringsW

GetLogicalDrives

GetLongPathNameA

GetLongPathNameW

GetShortPathNameW

GetTempFileNameW

GetVolumeInformationByHandleW

GetVolumeInformationW

GetVolumePathNameW

LocalFileTimeToFileTime

LockFile

LockFileEx

QueryDosDeviceW

ReadFile

ReadFileEx

ReadFileScatter

RemoveDirectoryA

RemoveDirectoryW

SetEndOfFile

SetFileAttributesA

SetFileAttributesW

SetFileInformationByHandle

SetFilePointer

SetFilePointerEx

SetFileTime

SetFileValidData

UnlockFile

UnlockFileEx

WriteFile

WriteFileEx

WriteFileGather

Sections

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1000B

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

api-ms-win-core-file-l1-2-0.dll

.dll windows:10 windows x64 arch:x64

Code Sign

33:00:00:00:6f:65:2d:58:6d:07:11:46:28:00:00:00:00:00:6f
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

20/03/2015, 17:32

Not After

20/06/2016, 17:32

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:C0F4-3086-DEF8,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

33:00:00:01:0a:2c:79:ae:d7:79:7b:a6:ac:00:01:00:00:01:0a
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

04/06/2015, 17:42

Not After

04/09/2016, 17:42

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:33:26:1a:00:00:00:00:00:31
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

31/08/2010, 22:19

Not After

31/08/2020, 22:29

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03/04/2007, 12:53

Not After

03/04/2021, 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

33:00:00:00:7b:a2:81:0b:87:11:ab:e7:fc:00:00:00:00:00:7b
Certificate

Issuer

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

01/10/2014, 18:06

Not After

01/01/2016, 18:06

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0c:52:4c:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

06/07/2010, 20:40

Not After

06/07/2025, 20:50

Subject

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

38:09:76:b4:e3:9d:4f:d8:b4:62:dc:0e:c9:f5:59:a2:04:64:13:77:6b:23:a3:5b:f1:d7:b1:42:cb:61:0e:ba
Signer

Actual PE Digest

38:09:76:b4:e3:9d:4f:d8:b4:62:dc:0e:c9:f5:59:a2:04:64:13:77:6b:23:a3:5b:f1:d7:b1:42:cb:61:0e:ba

Digest Algorithm

sha256

PE Digest Matches

true

eb:b6:3f:4e:26:54:5e:5b:0f:b8:0d:56:68:24:23:e1:f8:38:9b:45
Signer

Actual PE Digest

eb:b6:3f:4e:26:54:5e:5b:0f:b8:0d:56:68:24:23:e1:f8:38:9b:45

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_LARGE_ADDRESS_AWARE

IMAGE_FILE_DLL

PDB Paths

api-ms-win-core-file-l1-2-0.pdb

Exports

CreateFile2

GetTempPathW

GetVolumeNameForVolumeMountPointW

GetVolumePathNamesForVolumeNameW

Sections

.rdata
Size: 1024B - Virtual size: 604B

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1000B

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

api-ms-win-core-file-l2-1-0.dll

.dll windows:10 windows x64 arch:x64

Code Sign

33:00:00:00:70:f4:18:bf:23:21:fc:50:9d:00:00:00:00:00:70
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

20/03/2015, 17:32

Not After

20/06/2016, 17:32

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:F528-3777-8A76,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

33:00:00:01:0a:2c:79:ae:d7:79:7b:a6:ac:00:01:00:00:01:0a
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

04/06/2015, 17:42

Not After

04/09/2016, 17:42

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:33:26:1a:00:00:00:00:00:31
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

31/08/2010, 22:19

Not After

31/08/2020, 22:29

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03/04/2007, 12:53

Not After

03/04/2021, 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

33:00:00:00:7b:a2:81:0b:87:11:ab:e7:fc:00:00:00:00:00:7b
Certificate

Issuer

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

01/10/2014, 18:06

Not After

01/01/2016, 18:06

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0c:52:4c:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

06/07/2010, 20:40

Not After

06/07/2025, 20:50

Subject

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

fc:b2:31:d8:e3:53:e5:76:d2:5e:ea:74:92:52:50:33:93:24:4a:f2:da:3b:b8:99:5e:6f:ad:51:2d:b7:9c:57
Signer

Actual PE Digest

fc:b2:31:d8:e3:53:e5:76:d2:5e:ea:74:92:52:50:33:93:24:4a:f2:da:3b:b8:99:5e:6f:ad:51:2d:b7:9c:57

Digest Algorithm

sha256

PE Digest Matches

true

6f:3d:04:ff:52:02:17:37:a2:eb:a4:ee:5c:2d:fc:74:ff:6c:5f:06
Signer

Actual PE Digest

6f:3d:04:ff:52:02:17:37:a2:eb:a4:ee:5c:2d:fc:74:ff:6c:5f:06

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_LARGE_ADDRESS_AWARE

IMAGE_FILE_DLL

PDB Paths

api-ms-win-core-file-l2-1-0.pdb

Exports

CopyFile2

CopyFileExW

CreateDirectoryExW

CreateHardLinkW

CreateSymbolicLinkW

GetFileInformationByHandleEx

MoveFileExW

MoveFileWithProgressW

ReOpenFile

ReadDirectoryChangesW

ReplaceFileW

Sections

.rdata
Size: 1024B - Virtual size: 928B

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1000B

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

api-ms-win-core-handle-l1-1-0.dll

.dll windows:10 windows x64 arch:x64

Code Sign

33:00:00:00:70:f4:18:bf:23:21:fc:50:9d:00:00:00:00:00:70
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

20/03/2015, 17:32

Not After

20/06/2016, 17:32

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:F528-3777-8A76,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

33:00:00:01:0a:2c:79:ae:d7:79:7b:a6:ac:00:01:00:00:01:0a
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

04/06/2015, 17:42

Not After

04/09/2016, 17:42

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:33:26:1a:00:00:00:00:00:31
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

31/08/2010, 22:19

Not After

31/08/2020, 22:29

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03/04/2007, 12:53

Not After

03/04/2021, 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

33:00:00:00:7b:a2:81:0b:87:11:ab:e7:fc:00:00:00:00:00:7b
Certificate

Issuer

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

01/10/2014, 18:06

Not After

01/01/2016, 18:06

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0c:52:4c:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

06/07/2010, 20:40

Not After

06/07/2025, 20:50

Subject

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

b0:5a:57:9f:c2:fa:e7:e3:1f:db:4f:ef:ef:b1:33:38:d0:37:4f:bb:41:5d:cf:93:ee:a2:b4:c7:8c:e9:82:a9
Signer

Actual PE Digest

b0:5a:57:9f:c2:fa:e7:e3:1f:db:4f:ef:ef:b1:33:38:d0:37:4f:bb:41:5d:cf:93:ee:a2:b4:c7:8c:e9:82:a9

Digest Algorithm

sha256

PE Digest Matches

true

1a:30:d8:94:aa:d3:ff:89:c6:71:4e:66:c8:36:71:17:dc:8f:bc:1c
Signer

Actual PE Digest

1a:30:d8:94:aa:d3:ff:89:c6:71:4e:66:c8:36:71:17:dc:8f:bc:1c

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_LARGE_ADDRESS_AWARE

IMAGE_FILE_DLL

PDB Paths

api-ms-win-core-handle-l1-1-0.pdb

Exports

CloseHandle

CompareObjectHandles

DuplicateHandle

GetHandleInformation

SetHandleInformation

Sections

.rdata
Size: 1024B - Virtual size: 628B

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1000B

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

api-ms-win-core-heap-l1-1-0.dll

.dll windows:10 windows x64 arch:x64

Code Sign

33:00:00:00:70:f4:18:bf:23:21:fc:50:9d:00:00:00:00:00:70
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

20/03/2015, 17:32

Not After

20/06/2016, 17:32

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:F528-3777-8A76,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

33:00:00:01:0a:2c:79:ae:d7:79:7b:a6:ac:00:01:00:00:01:0a
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

04/06/2015, 17:42

Not After

04/09/2016, 17:42

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:33:26:1a:00:00:00:00:00:31
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

31/08/2010, 22:19

Not After

31/08/2020, 22:29

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03/04/2007, 12:53

Not After

03/04/2021, 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

33:00:00:00:7b:a2:81:0b:87:11:ab:e7:fc:00:00:00:00:00:7b
Certificate

Issuer

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

01/10/2014, 18:06

Not After

01/01/2016, 18:06

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0c:52:4c:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

06/07/2010, 20:40

Not After

06/07/2025, 20:50

Subject

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

df:b9:d9:d5:c4:c0:6b:c7:3a:54:41:3b:5b:46:22:af:01:8a:5d:c8:6d:f3:47:98:10:97:4d:a6:ad:bc:62:92
Signer

Actual PE Digest

df:b9:d9:d5:c4:c0:6b:c7:3a:54:41:3b:5b:46:22:af:01:8a:5d:c8:6d:f3:47:98:10:97:4d:a6:ad:bc:62:92

Digest Algorithm

sha256

PE Digest Matches

true

a2:92:ce:3a:03:29:e2:15:83:41:d6:32:5d:a8:bf:37:8d:d0:13:6e
Signer

Actual PE Digest

a2:92:ce:3a:03:29:e2:15:83:41:d6:32:5d:a8:bf:37:8d:d0:13:6e

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_LARGE_ADDRESS_AWARE

IMAGE_FILE_DLL

PDB Paths

api-ms-win-core-heap-l1-1-0.pdb

Exports

GetProcessHeap

GetProcessHeaps

HeapAlloc

HeapCompact

HeapCreate

HeapDestroy

HeapFree

HeapLock

HeapQueryInformation

HeapReAlloc

HeapSetInformation

HeapSize

HeapSummary

HeapUnlock

HeapValidate

HeapWalk

Sections

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1000B

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

api-ms-win-core-interlocked-l1-1-0.dll

.dll windows:10 windows x64 arch:x64

Code Sign

33:00:00:00:70:f4:18:bf:23:21:fc:50:9d:00:00:00:00:00:70
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

20/03/2015, 17:32

Not After

20/06/2016, 17:32

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:F528-3777-8A76,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

33:00:00:01:0a:2c:79:ae:d7:79:7b:a6:ac:00:01:00:00:01:0a
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

04/06/2015, 17:42

Not After

04/09/2016, 17:42

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:33:26:1a:00:00:00:00:00:31
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

31/08/2010, 22:19

Not After

31/08/2020, 22:29

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03/04/2007, 12:53

Not After

03/04/2021, 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

33:00:00:00:7b:a2:81:0b:87:11:ab:e7:fc:00:00:00:00:00:7b
Certificate

Issuer

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

01/10/2014, 18:06

Not After

01/01/2016, 18:06

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0c:52:4c:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

06/07/2010, 20:40

Not After

06/07/2025, 20:50

Subject

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

22:bc:21:d9:6a:f4:91:3b:f9:f9:31:76:29:1e:74:91:61:a3:dc:8b:2f:1c:f8:2d:c8:52:67:63:f8:cb:de:ae
Signer

Actual PE Digest

22:bc:21:d9:6a:f4:91:3b:f9:f9:31:76:29:1e:74:91:61:a3:dc:8b:2f:1c:f8:2d:c8:52:67:63:f8:cb:de:ae

Digest Algorithm

sha256

PE Digest Matches

true

1b:ff:58:9a:66:36:ce:e8:47:c2:6d:35:74:fb:7e:f9:a4:70:dd:b4
Signer

Actual PE Digest

1b:ff:58:9a:66:36:ce:e8:47:c2:6d:35:74:fb:7e:f9:a4:70:dd:b4

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_LARGE_ADDRESS_AWARE

IMAGE_FILE_DLL

PDB Paths

api-ms-win-core-interlocked-l1-1-0.pdb

Exports

InitializeSListHead

InterlockedFlushSList

InterlockedPopEntrySList

InterlockedPushEntrySList

QueryDepthSList

Sections

.rdata
Size: 1024B - Virtual size: 672B

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1000B

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

api-ms-win-core-libraryloader-l1-1-0.dll

.dll windows:10 windows x64 arch:x64

Code Sign

33:00:00:00:6f:65:2d:58:6d:07:11:46:28:00:00:00:00:00:6f
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

20/03/2015, 17:32

Not After

20/06/2016, 17:32

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:C0F4-3086-DEF8,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

33:00:00:01:0a:2c:79:ae:d7:79:7b:a6:ac:00:01:00:00:01:0a
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

04/06/2015, 17:42

Not After

04/09/2016, 17:42

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:33:26:1a:00:00:00:00:00:31
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

31/08/2010, 22:19

Not After

31/08/2020, 22:29

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03/04/2007, 12:53

Not After

03/04/2021, 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

33:00:00:00:7b:a2:81:0b:87:11:ab:e7:fc:00:00:00:00:00:7b
Certificate

Issuer

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

01/10/2014, 18:06

Not After

01/01/2016, 18:06

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0c:52:4c:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

06/07/2010, 20:40

Not After

06/07/2025, 20:50

Subject

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

4b:f8:98:e7:0a:ad:54:66:5f:5a:e2:75:d8:8d:af:34:cf:a1:90:30:18:95:63:3e:b2:ca:d2:d7:b3:db:47:ad
Signer

Actual PE Digest

4b:f8:98:e7:0a:ad:54:66:5f:5a:e2:75:d8:8d:af:34:cf:a1:90:30:18:95:63:3e:b2:ca:d2:d7:b3:db:47:ad

Digest Algorithm

sha256

PE Digest Matches

true

33:cb:23:73:a8:5e:5b:8b:52:3c:3b:1c:04:75:64:fc:9e:da:1d:b4
Signer

Actual PE Digest

33:cb:23:73:a8:5e:5b:8b:52:3c:3b:1c:04:75:64:fc:9e:da:1d:b4

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_LARGE_ADDRESS_AWARE

IMAGE_FILE_DLL

PDB Paths

api-ms-win-core-libraryloader-l1-1-0.pdb

Exports

DisableThreadLibraryCalls

FindResourceExW

FindStringOrdinal

FreeLibrary

FreeLibraryAndExitThread

FreeResource

GetModuleFileNameA

GetModuleFileNameW

GetModuleHandleA

GetModuleHandleExA

GetModuleHandleExW

GetModuleHandleW

GetProcAddress

LoadLibraryExA

LoadLibraryExW

LoadResource

LockResource

SizeofResource

Sections

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1000B

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

api-ms-win-core-localization-l1-2-0.dll

.dll windows:10 windows x64 arch:x64

Code Sign

33:00:00:00:70:f4:18:bf:23:21:fc:50:9d:00:00:00:00:00:70
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

20/03/2015, 17:32

Not After

20/06/2016, 17:32

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:F528-3777-8A76,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

33:00:00:01:0a:2c:79:ae:d7:79:7b:a6:ac:00:01:00:00:01:0a
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

04/06/2015, 17:42

Not After

04/09/2016, 17:42

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:33:26:1a:00:00:00:00:00:31
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

31/08/2010, 22:19

Not After

31/08/2020, 22:29

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03/04/2007, 12:53

Not After

03/04/2021, 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

33:00:00:00:7b:a2:81:0b:87:11:ab:e7:fc:00:00:00:00:00:7b
Certificate

Issuer

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

01/10/2014, 18:06

Not After

01/01/2016, 18:06

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0c:52:4c:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

06/07/2010, 20:40

Not After

06/07/2025, 20:50

Subject

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

09:17:78:0e:c8:c8:b1:01:69:29:ea:b7:b9:7f:93:55:78:e2:1d:0c:a3:55:ca:d4:2c:bd:b0:bc:d3:49:ae:bc
Signer

Actual PE Digest

09:17:78:0e:c8:c8:b1:01:69:29:ea:b7:b9:7f:93:55:78:e2:1d:0c:a3:55:ca:d4:2c:bd:b0:bc:d3:49:ae:bc

Digest Algorithm

sha256

PE Digest Matches

true

6a:6c:5b:8c:1e:27:87:98:15:50:b5:0e:23:56:fa:19:38:76:9a:b8
Signer

Actual PE Digest

6a:6c:5b:8c:1e:27:87:98:15:50:b5:0e:23:56:fa:19:38:76:9a:b8

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_LARGE_ADDRESS_AWARE

IMAGE_FILE_DLL

PDB Paths

api-ms-win-core-localization-l1-2-0.pdb

Exports

ConvertDefaultLocale

EnumSystemGeoID

EnumSystemLocalesA

EnumSystemLocalesW

FindNLSString

FindNLSStringEx

FormatMessageA

FormatMessageW

GetACP

GetCPInfo

GetCPInfoExW

GetCalendarInfoEx

GetCalendarInfoW

GetFileMUIInfo

GetFileMUIPath

GetGeoInfoW

GetLocaleInfoA

GetLocaleInfoEx

GetLocaleInfoW

GetNLSVersion

GetNLSVersionEx

GetOEMCP

GetProcessPreferredUILanguages

GetSystemDefaultLCID

GetSystemDefaultLangID

GetSystemPreferredUILanguages

GetThreadLocale

GetThreadPreferredUILanguages

GetThreadUILanguage

GetUILanguageInfo

GetUserDefaultLCID

GetUserDefaultLangID

GetUserDefaultLocaleName

GetUserGeoID

GetUserPreferredUILanguages

IdnToAscii

IdnToUnicode

IsDBCSLeadByte

IsDBCSLeadByteEx

IsNLSDefinedString

IsValidCodePage

IsValidLanguageGroup

IsValidLocale

IsValidLocaleName

IsValidNLSVersion

LCMapStringA

LCMapStringEx

LCMapStringW

LocaleNameToLCID

ResolveLocaleName

SetCalendarInfoW

SetLocaleInfoW

SetProcessPreferredUILanguages

SetThreadLocale

SetThreadPreferredUILanguages

SetThreadUILanguage

SetUserGeoID

VerLanguageNameA

VerLanguageNameW

Sections

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1000B

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

api-ms-win-core-memory-l1-1-0.dll

.dll windows:10 windows x64 arch:x64

Code Sign

33:00:00:00:70:f4:18:bf:23:21:fc:50:9d:00:00:00:00:00:70
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

20/03/2015, 17:32

Not After

20/06/2016, 17:32

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:F528-3777-8A76,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

33:00:00:01:0a:2c:79:ae:d7:79:7b:a6:ac:00:01:00:00:01:0a
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

04/06/2015, 17:42

Not After

04/09/2016, 17:42

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:33:26:1a:00:00:00:00:00:31
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

31/08/2010, 22:19

Not After

31/08/2020, 22:29

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03/04/2007, 12:53

Not After

03/04/2021, 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

33:00:00:00:7b:a2:81:0b:87:11:ab:e7:fc:00:00:00:00:00:7b
Certificate

Issuer

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

01/10/2014, 18:06

Not After

01/01/2016, 18:06

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0c:52:4c:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

06/07/2010, 20:40

Not After

06/07/2025, 20:50

Subject

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

c8:89:13:24:56:ab:c8:b4:c7:1d:9a:ee:05:16:15:75:31:7a:89:cb:6b:a1:28:eb:58:33:38:35:cb:8a:04:98
Signer

Actual PE Digest

c8:89:13:24:56:ab:c8:b4:c7:1d:9a:ee:05:16:15:75:31:7a:89:cb:6b:a1:28:eb:58:33:38:35:cb:8a:04:98

Digest Algorithm

sha256

PE Digest Matches

true

42:b1:1d:88:ec:72:f1:43:a5:cd:d4:4c:63:29:8d:7d:ae:c8:19:2b
Signer

Actual PE Digest

42:b1:1d:88:ec:72:f1:43:a5:cd:d4:4c:63:29:8d:7d:ae:c8:19:2b

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_LARGE_ADDRESS_AWARE

IMAGE_FILE_DLL

PDB Paths

api-ms-win-core-memory-l1-1-0.pdb

Exports

CreateFileMappingW

FlushViewOfFile

MapViewOfFile

MapViewOfFileEx

OpenFileMappingW

ReadProcessMemory

UnmapViewOfFile

VirtualAlloc

VirtualAllocEx

VirtualFree

VirtualFreeEx

VirtualProtect

VirtualProtectEx

VirtualQuery

VirtualQueryEx

WriteProcessMemory

Sections

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1000B

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

api-ms-win-core-namedpipe-l1-1-0.dll

.dll windows:10 windows x64 arch:x64

Code Sign

33:00:00:00:6f:65:2d:58:6d:07:11:46:28:00:00:00:00:00:6f
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

20/03/2015, 17:32

Not After

20/06/2016, 17:32

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:C0F4-3086-DEF8,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

33:00:00:01:0a:2c:79:ae:d7:79:7b:a6:ac:00:01:00:00:01:0a
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

04/06/2015, 17:42

Not After

04/09/2016, 17:42

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:33:26:1a:00:00:00:00:00:31
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

31/08/2010, 22:19

Not After

31/08/2020, 22:29

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03/04/2007, 12:53

Not After

03/04/2021, 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

33:00:00:00:7b:a2:81:0b:87:11:ab:e7:fc:00:00:00:00:00:7b
Certificate

Issuer

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

01/10/2014, 18:06

Not After

01/01/2016, 18:06

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0c:52:4c:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

06/07/2010, 20:40

Not After

06/07/2025, 20:50

Subject

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

34:0b:6f:b0:f3:53:45:e2:46:47:a8:84:79:2a:d4:f3:17:8d:e0:2f:b6:89:66:fa:2a:3d:27:4b:c6:5a:f1:1f
Signer

Actual PE Digest

34:0b:6f:b0:f3:53:45:e2:46:47:a8:84:79:2a:d4:f3:17:8d:e0:2f:b6:89:66:fa:2a:3d:27:4b:c6:5a:f1:1f

Digest Algorithm

sha256

PE Digest Matches

true

3a:29:ee:dd:a1:79:79:cc:5c:7a:eb:92:dc:4b:8a:7c:1c:8c:e6:1d
Signer

Actual PE Digest

3a:29:ee:dd:a1:79:79:cc:5c:7a:eb:92:dc:4b:8a:7c:1c:8c:e6:1d

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_LARGE_ADDRESS_AWARE

IMAGE_FILE_DLL

PDB Paths

api-ms-win-core-namedpipe-l1-1-0.pdb

Exports

ConnectNamedPipe

CreateNamedPipeW

CreatePipe

DisconnectNamedPipe

GetNamedPipeClientComputerNameW

ImpersonateNamedPipeClient

PeekNamedPipe

SetNamedPipeHandleState

TransactNamedPipe

WaitNamedPipeW

Sections

.rdata
Size: 1024B - Virtual size: 940B

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1000B

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

api-ms-win-core-processenvironment-l1-1-0.dll

.dll windows:10 windows x64 arch:x64

Code Sign

33:00:00:00:71:b3:2e:8a:6b:82:aa:1f:4e:00:00:00:00:00:71
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

20/03/2015, 17:32

Not After

20/06/2016, 17:32

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:B8EC-30A4-7144,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

33:00:00:01:0a:2c:79:ae:d7:79:7b:a6:ac:00:01:00:00:01:0a
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

04/06/2015, 17:42

Not After

04/09/2016, 17:42

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:33:26:1a:00:00:00:00:00:31
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

31/08/2010, 22:19

Not After

31/08/2020, 22:29

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03/04/2007, 12:53

Not After

03/04/2021, 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

33:00:00:00:7b:a2:81:0b:87:11:ab:e7:fc:00:00:00:00:00:7b
Certificate

Issuer

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

01/10/2014, 18:06

Not After

01/01/2016, 18:06

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0c:52:4c:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

06/07/2010, 20:40

Not After

06/07/2025, 20:50

Subject

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

67:5d:52:ba:08:81:7b:9a:d0:b6:84:28:80:c2:54:a5:a0:6d:d8:40:65:76:7f:6d:91:47:c5:6f:1b:b6:c8:f5
Signer

Actual PE Digest

67:5d:52:ba:08:81:7b:9a:d0:b6:84:28:80:c2:54:a5:a0:6d:d8:40:65:76:7f:6d:91:47:c5:6f:1b:b6:c8:f5

Digest Algorithm

sha256

PE Digest Matches

true

3a:8d:8e:e0:8d:73:b9:9f:8c:c9:fd:a7:ce:ed:62:04:b8:6c:27:42
Signer

Actual PE Digest

3a:8d:8e:e0:8d:73:b9:9f:8c:c9:fd:a7:ce:ed:62:04:b8:6c:27:42

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_LARGE_ADDRESS_AWARE

IMAGE_FILE_DLL

PDB Paths

api-ms-win-core-processenvironment-l1-1-0.pdb

Exports

ExpandEnvironmentStringsA

ExpandEnvironmentStringsW

FreeEnvironmentStringsA

FreeEnvironmentStringsW

GetCommandLineA

GetCommandLineW

GetCurrentDirectoryA

GetCurrentDirectoryW

GetEnvironmentStrings

GetEnvironmentStringsW

GetEnvironmentVariableA

GetEnvironmentVariableW

GetStdHandle

SearchPathW

SetCurrentDirectoryA

SetCurrentDirectoryW

SetEnvironmentStringsW

SetEnvironmentVariableA

SetEnvironmentVariableW

SetStdHandle

SetStdHandleEx

Sections

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1000B

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

api-ms-win-core-processthreads-l1-1-0.dll

.dll windows:10 windows x64 arch:x64

Code Sign

33:00:00:00:6f:65:2d:58:6d:07:11:46:28:00:00:00:00:00:6f
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

20/03/2015, 17:32

Not After

20/06/2016, 17:32

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:C0F4-3086-DEF8,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

33:00:00:01:0a:2c:79:ae:d7:79:7b:a6:ac:00:01:00:00:01:0a
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

04/06/2015, 17:42

Not After

04/09/2016, 17:42

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:33:26:1a:00:00:00:00:00:31
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

31/08/2010, 22:19

Not After

31/08/2020, 22:29

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03/04/2007, 12:53

Not After

03/04/2021, 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

33:00:00:00:7b:a2:81:0b:87:11:ab:e7:fc:00:00:00:00:00:7b
Certificate

Issuer

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

01/10/2014, 18:06

Not After

01/01/2016, 18:06

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0c:52:4c:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

06/07/2010, 20:40

Not After

06/07/2025, 20:50

Subject

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

15:d7:7f:f1:a5:64:96:81:25:dd:ac:69:3c:a2:10:bc:86:e1:72:76:cc:f8:96:d6:94:a8:de:7d:71:b1:f7:fe
Signer

Actual PE Digest

15:d7:7f:f1:a5:64:96:81:25:dd:ac:69:3c:a2:10:bc:86:e1:72:76:cc:f8:96:d6:94:a8:de:7d:71:b1:f7:fe

Digest Algorithm

sha256

PE Digest Matches

true

87:99:12:a8:eb:69:86:83:a7:b5:e5:a9:3f:90:62:bf:92:3b:f5:9f
Signer

Actual PE Digest

87:99:12:a8:eb:69:86:83:a7:b5:e5:a9:3f:90:62:bf:92:3b:f5:9f

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_LARGE_ADDRESS_AWARE

IMAGE_FILE_DLL

PDB Paths

api-ms-win-core-processthreads-l1-1-0.pdb

Exports

CreateProcessA

CreateProcessAsUserW

CreateProcessW

CreateRemoteThread

CreateRemoteThreadEx

CreateThread

DeleteProcThreadAttributeList

ExitProcess

ExitThread

FlushProcessWriteBuffers

GetCurrentProcess

GetCurrentProcessId

GetCurrentThread

GetCurrentThreadId

GetExitCodeProcess

GetExitCodeThread

GetPriorityClass

GetProcessId

GetProcessIdOfThread

GetProcessTimes

GetProcessVersion

GetStartupInfoW

GetThreadId

GetThreadPriority

GetThreadPriorityBoost

InitializeProcThreadAttributeList

OpenProcessToken

OpenThread

OpenThreadToken

ProcessIdToSessionId

QueryProcessAffinityUpdateMode

QueueUserAPC

ResumeThread

SetPriorityClass

SetProcessAffinityUpdateMode

SetProcessShutdownParameters

SetThreadPriority

SetThreadPriorityBoost

SetThreadStackGuarantee

SetThreadToken

SuspendThread

SwitchToThread

TerminateProcess

TerminateThread

TlsAlloc

TlsFree

TlsGetValue

TlsSetValue

UpdateProcThreadAttribute

Sections

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1000B

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

api-ms-win-core-processthreads-l1-1-1.dll

.dll windows:10 windows x64 arch:x64

Code Sign

33:00:00:00:70:f4:18:bf:23:21:fc:50:9d:00:00:00:00:00:70
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

20/03/2015, 17:32

Not After

20/06/2016, 17:32

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:F528-3777-8A76,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

33:00:00:01:0a:2c:79:ae:d7:79:7b:a6:ac:00:01:00:00:01:0a
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

04/06/2015, 17:42

Not After

04/09/2016, 17:42

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:33:26:1a:00:00:00:00:00:31
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

31/08/2010, 22:19

Not After

31/08/2020, 22:29

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03/04/2007, 12:53

Not After

03/04/2021, 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

33:00:00:00:7b:a2:81:0b:87:11:ab:e7:fc:00:00:00:00:00:7b
Certificate

Issuer

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

01/10/2014, 18:06

Not After

01/01/2016, 18:06

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0c:52:4c:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

06/07/2010, 20:40

Not After

06/07/2025, 20:50

Subject

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

e8:46:0a:e1:7f:83:77:e2:ef:2d:60:d7:55:5c:ff:a9:66:5d:d9:36:77:fd:86:78:75:2c:2e:f7:c0:8d:b4:11
Signer

Actual PE Digest

e8:46:0a:e1:7f:83:77:e2:ef:2d:60:d7:55:5c:ff:a9:66:5d:d9:36:77:fd:86:78:75:2c:2e:f7:c0:8d:b4:11

Digest Algorithm

sha256

PE Digest Matches

true

de:b1:73:ef:3e:05:78:7e:5a:5a:e0:fd:4e:bb:76:5f:3e:23:28:87
Signer

Actual PE Digest

de:b1:73:ef:3e:05:78:7e:5a:5a:e0:fd:4e:bb:76:5f:3e:23:28:87

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_LARGE_ADDRESS_AWARE

IMAGE_FILE_DLL

PDB Paths

api-ms-win-core-processthreads-l1-1-1.pdb

Exports

FlushInstructionCache

GetCurrentProcessorNumber

GetCurrentProcessorNumberEx

GetCurrentThreadStackLimits

GetProcessHandleCount

GetProcessMitigationPolicy

GetThreadContext

GetThreadIdealProcessorEx

GetThreadTimes

IsProcessorFeaturePresent

OpenProcess

SetProcessMitigationPolicy

SetThreadContext

SetThreadIdealProcessorEx

Sections

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1000B

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

api-ms-win-core-profile-l1-1-0.dll

.dll windows:10 windows x64 arch:x64

Code Sign

33:00:00:00:70:f4:18:bf:23:21:fc:50:9d:00:00:00:00:00:70
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

20/03/2015, 17:32

Not After

20/06/2016, 17:32

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:F528-3777-8A76,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

33:00:00:01:0a:2c:79:ae:d7:79:7b:a6:ac:00:01:00:00:01:0a
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

04/06/2015, 17:42

Not After

04/09/2016, 17:42

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:33:26:1a:00:00:00:00:00:31
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

31/08/2010, 22:19

Not After

31/08/2020, 22:29

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03/04/2007, 12:53

Not After

03/04/2021, 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

33:00:00:00:7b:a2:81:0b:87:11:ab:e7:fc:00:00:00:00:00:7b
Certificate

Issuer

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

01/10/2014, 18:06

Not After

01/01/2016, 18:06

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0c:52:4c:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

06/07/2010, 20:40

Not After

06/07/2025, 20:50

Subject

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

58:fb:c4:0d:4d:31:53:bd:ee:14:2f:34:92:60:d4:86:f5:6b:21:31:6f:17:66:50:ac:ec:01:98:6f:80:e2:1a
Signer

Actual PE Digest

58:fb:c4:0d:4d:31:53:bd:ee:14:2f:34:92:60:d4:86:f5:6b:21:31:6f:17:66:50:ac:ec:01:98:6f:80:e2:1a

Digest Algorithm

sha256

PE Digest Matches

true

3f:fb:52:42:5a:a7:5b:77:61:ec:f8:db:f1:c5:10:cd:e3:ac:56:d7
Signer

Actual PE Digest

3f:fb:52:42:5a:a7:5b:77:61:ec:f8:db:f1:c5:10:cd:e3:ac:56:d7

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_LARGE_ADDRESS_AWARE

IMAGE_FILE_DLL

PDB Paths

api-ms-win-core-profile-l1-1-0.pdb

Exports

QueryPerformanceCounter

QueryPerformanceFrequency

Sections

.rdata
Size: 512B - Virtual size: 492B

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1000B

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

api-ms-win-core-rtlsupport-l1-1-0.dll

.dll windows:10 windows x64 arch:x64

Code Sign

33:00:00:00:70:f4:18:bf:23:21:fc:50:9d:00:00:00:00:00:70
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

20/03/2015, 17:32

Not After

20/06/2016, 17:32

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:F528-3777-8A76,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

33:00:00:01:0a:2c:79:ae:d7:79:7b:a6:ac:00:01:00:00:01:0a
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

04/06/2015, 17:42

Not After

04/09/2016, 17:42

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:33:26:1a:00:00:00:00:00:31
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

31/08/2010, 22:19

Not After

31/08/2020, 22:29

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03/04/2007, 12:53

Not After

03/04/2021, 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

33:00:00:00:7b:a2:81:0b:87:11:ab:e7:fc:00:00:00:00:00:7b
Certificate

Issuer

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

01/10/2014, 18:06

Not After

01/01/2016, 18:06

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0c:52:4c:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

06/07/2010, 20:40

Not After

06/07/2025, 20:50

Subject

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

80:37:93:bf:54:7f:d3:df:17:73:0b:f9:fd:3f:c7:0f:45:a7:9e:ad:65:36:33:2f:9b:44:63:43:c6:b7:36:12
Signer

Actual PE Digest

80:37:93:bf:54:7f:d3:df:17:73:0b:f9:fd:3f:c7:0f:45:a7:9e:ad:65:36:33:2f:9b:44:63:43:c6:b7:36:12

Digest Algorithm

sha256

PE Digest Matches

true

bf:5c:c4:ca:4b:59:5d:d4:a6:77:ee:95:ad:cd:2c:cb:d0:92:0d:b1
Signer

Actual PE Digest

bf:5c:c4:ca:4b:59:5d:d4:a6:77:ee:95:ad:cd:2c:cb:d0:92:0d:b1

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_LARGE_ADDRESS_AWARE

IMAGE_FILE_DLL

PDB Paths

api-ms-win-core-rtlsupport-l1-1-0.pdb

Exports

RtlAddFunctionTable

RtlCaptureContext

RtlCaptureStackBackTrace

RtlCompareMemory

RtlDeleteFunctionTable

RtlInstallFunctionTableCallback

RtlLookupFunctionEntry

RtlPcToFileHeader

RtlRaiseException

RtlRestoreContext

RtlUnwind

RtlUnwindEx

RtlVirtualUnwind

Sections

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1000B

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

api-ms-win-core-string-l1-1-0.dll

.dll windows:10 windows x64 arch:x64

Code Sign

33:00:00:00:6f:65:2d:58:6d:07:11:46:28:00:00:00:00:00:6f
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

20/03/2015, 17:32

Not After

20/06/2016, 17:32

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:C0F4-3086-DEF8,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

33:00:00:01:0a:2c:79:ae:d7:79:7b:a6:ac:00:01:00:00:01:0a
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

04/06/2015, 17:42

Not After

04/09/2016, 17:42

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:33:26:1a:00:00:00:00:00:31
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

31/08/2010, 22:19

Not After

31/08/2020, 22:29

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03/04/2007, 12:53

Not After

03/04/2021, 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

33:00:00:00:7b:a2:81:0b:87:11:ab:e7:fc:00:00:00:00:00:7b
Certificate

Issuer

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

01/10/2014, 18:06

Not After

01/01/2016, 18:06

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0c:52:4c:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

06/07/2010, 20:40

Not After

06/07/2025, 20:50

Subject

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

d4:10:4e:74:14:23:25:61:72:61:c9:c9:ac:bc:85:66:5f:91:b7:6b:cd:f2:77:3a:dd:ab:60:1c:a1:88:74:b9
Signer

Actual PE Digest

d4:10:4e:74:14:23:25:61:72:61:c9:c9:ac:bc:85:66:5f:91:b7:6b:cd:f2:77:3a:dd:ab:60:1c:a1:88:74:b9

Digest Algorithm

sha256

PE Digest Matches

true

2c:37:e7:33:34:a0:6c:28:29:0a:ac:fb:fd:7a:b8:83:46:a0:0f:91
Signer

Actual PE Digest

2c:37:e7:33:34:a0:6c:28:29:0a:ac:fb:fd:7a:b8:83:46:a0:0f:91

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_LARGE_ADDRESS_AWARE

IMAGE_FILE_DLL

PDB Paths

api-ms-win-core-string-l1-1-0.pdb

Exports

CompareStringEx

CompareStringOrdinal

CompareStringW

FoldStringW

GetStringTypeExW

GetStringTypeW

MultiByteToWideChar

WideCharToMultiByte

Sections

.rdata
Size: 1024B - Virtual size: 776B

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1000B

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

api-ms-win-core-synch-l1-1-0.dll

.dll windows:10 windows x64 arch:x64

Code Sign

33:00:00:00:70:f4:18:bf:23:21:fc:50:9d:00:00:00:00:00:70
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

20/03/2015, 17:32

Not After

20/06/2016, 17:32

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:F528-3777-8A76,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

33:00:00:01:0a:2c:79:ae:d7:79:7b:a6:ac:00:01:00:00:01:0a
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

04/06/2015, 17:42

Not After

04/09/2016, 17:42

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:33:26:1a:00:00:00:00:00:31
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

31/08/2010, 22:19

Not After

31/08/2020, 22:29

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03/04/2007, 12:53

Not After

03/04/2021, 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

33:00:00:00:7b:a2:81:0b:87:11:ab:e7:fc:00:00:00:00:00:7b
Certificate

Issuer

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

01/10/2014, 18:06

Not After

01/01/2016, 18:06

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0c:52:4c:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

06/07/2010, 20:40

Not After

06/07/2025, 20:50

Subject

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

a0:a5:b7:f6:5c:bd:9c:2a:2d:c6:25:e7:29:0d:e1:2c:8f:cf:cd:b1:62:2e:53:61:8e:ec:8c:99:73:03:0f:fc
Signer

Actual PE Digest

a0:a5:b7:f6:5c:bd:9c:2a:2d:c6:25:e7:29:0d:e1:2c:8f:cf:cd:b1:62:2e:53:61:8e:ec:8c:99:73:03:0f:fc

Digest Algorithm

sha256

PE Digest Matches

true

c9:bf:fc:88:28:f6:5c:5e:27:e8:ce:50:25:e2:63:82:f3:70:38:98
Signer

Actual PE Digest

c9:bf:fc:88:28:f6:5c:5e:27:e8:ce:50:25:e2:63:82:f3:70:38:98

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_LARGE_ADDRESS_AWARE

IMAGE_FILE_DLL

PDB Paths

api-ms-win-core-synch-l1-1-0.pdb

Exports

AcquireSRWLockExclusive

AcquireSRWLockShared

CancelWaitableTimer

CreateEventA

CreateEventExA

CreateEventExW

CreateEventW

CreateMutexA

CreateMutexExA

CreateMutexExW

CreateMutexW

CreateSemaphoreExW

CreateWaitableTimerExW

DeleteCriticalSection

EnterCriticalSection

InitializeCriticalSection

InitializeCriticalSectionAndSpinCount

InitializeCriticalSectionEx

InitializeSRWLock

LeaveCriticalSection

OpenEventA

OpenEventW

OpenMutexW

OpenSemaphoreW

OpenWaitableTimerW

ReleaseMutex

ReleaseSRWLockExclusive

ReleaseSRWLockShared

ReleaseSemaphore

ResetEvent

SetCriticalSectionSpinCount

SetEvent

SetWaitableTimer

SetWaitableTimerEx

SleepEx

TryAcquireSRWLockExclusive

TryAcquireSRWLockShared

TryEnterCriticalSection

WaitForMultipleObjectsEx

WaitForSingleObject

WaitForSingleObjectEx

Sections

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1000B

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

api-ms-win-core-synch-l1-2-0.dll

.dll windows:10 windows x64 arch:x64

Code Sign

33:00:00:00:71:b3:2e:8a:6b:82:aa:1f:4e:00:00:00:00:00:71
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

20/03/2015, 17:32

Not After

20/06/2016, 17:32

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:B8EC-30A4-7144,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

33:00:00:01:0a:2c:79:ae:d7:79:7b:a6:ac:00:01:00:00:01:0a
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

04/06/2015, 17:42

Not After

04/09/2016, 17:42

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:33:26:1a:00:00:00:00:00:31
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

31/08/2010, 22:19

Not After

31/08/2020, 22:29

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03/04/2007, 12:53

Not After

03/04/2021, 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

33:00:00:00:7b:a2:81:0b:87:11:ab:e7:fc:00:00:00:00:00:7b
Certificate

Issuer

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

01/10/2014, 18:06

Not After

01/01/2016, 18:06

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0c:52:4c:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

06/07/2010, 20:40

Not After

06/07/2025, 20:50

Subject

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

80:8f:b3:f2:d7:19:44:17:cd:25:db:1b:92:c1:d6:7b:72:cd:88:41:39:2c:f1:99:26:91:bb:6f:5b:d0:d6:07
Signer

Actual PE Digest

80:8f:b3:f2:d7:19:44:17:cd:25:db:1b:92:c1:d6:7b:72:cd:88:41:39:2c:f1:99:26:91:bb:6f:5b:d0:d6:07

Digest Algorithm

sha256

PE Digest Matches

true

fc:ac:4d:ab:e5:9a:ca:6f:68:71:fa:90:63:af:f4:7a:79:ce:82:87
Signer

Actual PE Digest

fc:ac:4d:ab:e5:9a:ca:6f:68:71:fa:90:63:af:f4:7a:79:ce:82:87

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_LARGE_ADDRESS_AWARE

IMAGE_FILE_DLL

PDB Paths

api-ms-win-core-synch-l1-2-0.pdb

Exports

DeleteSynchronizationBarrier

EnterSynchronizationBarrier

InitOnceBeginInitialize

InitOnceComplete

InitOnceExecuteOnce

InitOnceInitialize

InitializeConditionVariable

InitializeSynchronizationBarrier

SignalObjectAndWait

Sleep

SleepConditionVariableCS

SleepConditionVariableSRW

WaitOnAddress

WakeAllConditionVariable

WakeByAddressAll

WakeByAddressSingle

WakeConditionVariable

Sections

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1000B

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

api-ms-win-core-sysinfo-l1-1-0.dll

.dll windows:10 windows x64 arch:x64

Code Sign

33:00:00:00:71:b3:2e:8a:6b:82:aa:1f:4e:00:00:00:00:00:71
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

20/03/2015, 17:32

Not After

20/06/2016, 17:32

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:B8EC-30A4-7144,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

33:00:00:01:0a:2c:79:ae:d7:79:7b:a6:ac:00:01:00:00:01:0a
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

04/06/2015, 17:42

Not After

04/09/2016, 17:42

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:33:26:1a:00:00:00:00:00:31
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

31/08/2010, 22:19

Not After

31/08/2020, 22:29

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03/04/2007, 12:53

Not After

03/04/2021, 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

33:00:00:00:7b:a2:81:0b:87:11:ab:e7:fc:00:00:00:00:00:7b
Certificate

Issuer

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

01/10/2014, 18:06

Not After

01/01/2016, 18:06

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0c:52:4c:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

06/07/2010, 20:40

Not After

06/07/2025, 20:50

Subject

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

3a:55:6e:f2:84:e5:97:4f:30:ba:3c:8d:26:23:d2:69:21:5a:4a:77:d0:32:24:96:43:25:c1:82:4a:33:57:26
Signer

Actual PE Digest

3a:55:6e:f2:84:e5:97:4f:30:ba:3c:8d:26:23:d2:69:21:5a:4a:77:d0:32:24:96:43:25:c1:82:4a:33:57:26

Digest Algorithm

sha256

PE Digest Matches

true

3c:2f:01:6b:52:16:c5:74:cb:91:76:ca:69:6f:e7:4a:e4:09:21:89
Signer

Actual PE Digest

3c:2f:01:6b:52:16:c5:74:cb:91:76:ca:69:6f:e7:4a:e4:09:21:89

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_LARGE_ADDRESS_AWARE

IMAGE_FILE_DLL

PDB Paths

api-ms-win-core-sysinfo-l1-1-0.pdb

Exports

GetComputerNameExA

GetComputerNameExW

GetLocalTime

GetLogicalProcessorInformation

GetLogicalProcessorInformationEx

GetSystemDirectoryA

GetSystemDirectoryW

GetSystemInfo

GetSystemTime

GetSystemTimeAdjustment

GetSystemTimeAsFileTime

GetSystemWindowsDirectoryA

GetSystemWindowsDirectoryW

GetTickCount

GetTickCount64

GetVersion

GetVersionExA

GetVersionExW

GetWindowsDirectoryA

GetWindowsDirectoryW

GlobalMemoryStatusEx

SetLocalTime

Sections

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1000B

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

api-ms-win-core-timezone-l1-1-0.dll

.dll windows:10 windows x64 arch:x64

Code Sign

33:00:00:00:6f:65:2d:58:6d:07:11:46:28:00:00:00:00:00:6f
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

20/03/2015, 17:32

Not After

20/06/2016, 17:32

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:C0F4-3086-DEF8,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

33:00:00:01:0a:2c:79:ae:d7:79:7b:a6:ac:00:01:00:00:01:0a
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

04/06/2015, 17:42

Not After

04/09/2016, 17:42

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:33:26:1a:00:00:00:00:00:31
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

31/08/2010, 22:19

Not After

31/08/2020, 22:29

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03/04/2007, 12:53

Not After

03/04/2021, 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

33:00:00:00:7b:a2:81:0b:87:11:ab:e7:fc:00:00:00:00:00:7b
Certificate

Issuer

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

01/10/2014, 18:06

Not After

01/01/2016, 18:06

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0c:52:4c:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

06/07/2010, 20:40

Not After

06/07/2025, 20:50

Subject

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

a3:ef:80:56:d5:ed:f2:d4:12:94:75:e0:8e:35:77:12:38:c9:87:42:87:41:92:34:b5:34:a2:42:0d:ab:1e:f3
Signer

Actual PE Digest

a3:ef:80:56:d5:ed:f2:d4:12:94:75:e0:8e:35:77:12:38:c9:87:42:87:41:92:34:b5:34:a2:42:0d:ab:1e:f3

Digest Algorithm

sha256

PE Digest Matches

true

7f:01:c4:6d:2b:99:1b:4b:a9:b1:c3:e9:6f:02:1a:0c:34:dd:f9:8e
Signer

Actual PE Digest

7f:01:c4:6d:2b:99:1b:4b:a9:b1:c3:e9:6f:02:1a:0c:34:dd:f9:8e

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_LARGE_ADDRESS_AWARE

IMAGE_FILE_DLL

PDB Paths

api-ms-win-core-timezone-l1-1-0.pdb

Exports

FileTimeToSystemTime

GetDynamicTimeZoneInformation

GetTimeZoneInformation

GetTimeZoneInformationForYear

SetDynamicTimeZoneInformation

SetTimeZoneInformation

SystemTimeToFileTime

SystemTimeToTzSpecificLocalTime

TzSpecificLocalTimeToSystemTime

Sections

.rdata
Size: 1024B - Virtual size: 1008B

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1000B

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

api-ms-win-core-util-l1-1-0.dll

.dll windows:10 windows x64 arch:x64

Code Sign

33:00:00:00:6f:65:2d:58:6d:07:11:46:28:00:00:00:00:00:6f
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

20/03/2015, 17:32

Not After

20/06/2016, 17:32

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:C0F4-3086-DEF8,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

33:00:00:01:0a:2c:79:ae:d7:79:7b:a6:ac:00:01:00:00:01:0a
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

04/06/2015, 17:42

Not After

04/09/2016, 17:42

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:33:26:1a:00:00:00:00:00:31
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

31/08/2010, 22:19

Not After

31/08/2020, 22:29

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03/04/2007, 12:53

Not After

03/04/2021, 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

33:00:00:00:7b:a2:81:0b:87:11:ab:e7:fc:00:00:00:00:00:7b
Certificate

Issuer

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

01/10/2014, 18:06

Not After

01/01/2016, 18:06

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0c:52:4c:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

06/07/2010, 20:40

Not After

06/07/2025, 20:50

Subject

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

bc:81:10:b8:59:9a:d2:c5:1c:02:62:23:48:d7:02:e6:07:05:f5:a0:bb:a0:0b:f4:5d:19:ff:2e:ac:21:47:23
Signer

Actual PE Digest

bc:81:10:b8:59:9a:d2:c5:1c:02:62:23:48:d7:02:e6:07:05:f5:a0:bb:a0:0b:f4:5d:19:ff:2e:ac:21:47:23

Digest Algorithm

sha256

PE Digest Matches

true

84:0f:bd:e1:d0:84:8e:e4:db:a9:8b:22:0c:bc:ce:48:89:d0:7b:a8
Signer

Actual PE Digest

84:0f:bd:e1:d0:84:8e:e4:db:a9:8b:22:0c:bc:ce:48:89:d0:7b:a8

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_LARGE_ADDRESS_AWARE

IMAGE_FILE_DLL

PDB Paths

api-ms-win-core-util-l1-1-0.pdb

Exports

Beep

DecodePointer

DecodeSystemPointer

EncodePointer

EncodeSystemPointer

Sections

.rdata
Size: 1024B - Virtual size: 588B

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1000B

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

api-ms-win-crt-conio-l1-1-0.dll

.dll windows:10 windows x64 arch:x64

Code Sign

33:00:00:00:6f:65:2d:58:6d:07:11:46:28:00:00:00:00:00:6f
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

20/03/2015, 17:32

Not After

20/06/2016, 17:32

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:C0F4-3086-DEF8,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

33:00:00:01:0a:2c:79:ae:d7:79:7b:a6:ac:00:01:00:00:01:0a
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

04/06/2015, 17:42

Not After

04/09/2016, 17:42

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:33:26:1a:00:00:00:00:00:31
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

31/08/2010, 22:19

Not After

31/08/2020, 22:29

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03/04/2007, 12:53

Not After

03/04/2021, 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

33:00:00:00:7b:a2:81:0b:87:11:ab:e7:fc:00:00:00:00:00:7b
Certificate

Issuer

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

01/10/2014, 18:06

Not After

01/01/2016, 18:06

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0c:52:4c:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

06/07/2010, 20:40

Not After

06/07/2025, 20:50

Subject

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

23:58:a1:d3:25:d9:b7:3a:6a:32:70:c9:f6:78:2f:88:b1:f2:0c:fa:7f:c3:98:79:3d:07:af:2d:c7:7c:88:82
Signer

Actual PE Digest

23:58:a1:d3:25:d9:b7:3a:6a:32:70:c9:f6:78:2f:88:b1:f2:0c:fa:7f:c3:98:79:3d:07:af:2d:c7:7c:88:82

Digest Algorithm

sha256

PE Digest Matches

true

9b:0c:6e:8d:84:9a:ff:4d:6a:93:ee:66:96:a8:6b:f5:ae:e2:fa:9b
Signer

Actual PE Digest

9b:0c:6e:8d:84:9a:ff:4d:6a:93:ee:66:96:a8:6b:f5:ae:e2:fa:9b

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_LARGE_ADDRESS_AWARE

IMAGE_FILE_DLL

PDB Paths

api-ms-win-crt-conio-l1-1-0.pdb

Exports

__conio_common_vcprintf

__conio_common_vcprintf_p

__conio_common_vcprintf_s

__conio_common_vcscanf

__conio_common_vcwprintf

__conio_common_vcwprintf_p

__conio_common_vcwprintf_s

__conio_common_vcwscanf

_cgets

_cgets_s

_cgetws

_cgetws_s

_cputs

_cputws

_getch

_getch_nolock

_getche

_getche_nolock

_getwch

_getwch_nolock

_getwche

_getwche_nolock

_putch

_putch_nolock

_putwch

_putwch_nolock

_ungetch

_ungetch_nolock

_ungetwch

_ungetwch_nolock

Sections

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1000B

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

api-ms-win-crt-convert-l1-1-0.dll

.dll windows:10 windows x64 arch:x64

Code Sign

33:00:00:00:71:b3:2e:8a:6b:82:aa:1f:4e:00:00:00:00:00:71
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

20/03/2015, 17:32

Not After

20/06/2016, 17:32

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:B8EC-30A4-7144,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

33:00:00:01:0a:2c:79:ae:d7:79:7b:a6:ac:00:01:00:00:01:0a
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

04/06/2015, 17:42

Not After

04/09/2016, 17:42

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:33:26:1a:00:00:00:00:00:31
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

31/08/2010, 22:19

Not After

31/08/2020, 22:29

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03/04/2007, 12:53

Not After

03/04/2021, 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

33:00:00:00:7b:a2:81:0b:87:11:ab:e7:fc:00:00:00:00:00:7b
Certificate

Issuer

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

01/10/2014, 18:06

Not After

01/01/2016, 18:06

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0c:52:4c:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

06/07/2010, 20:40

Not After

06/07/2025, 20:50

Subject

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

a6:c2:10:35:21:c0:ac:bf:76:00:e9:cc:95:b3:24:55:bc:6b:9d:4d:ab:31:ab:96:5e:e4:d7:5d:51:fe:86:c8
Signer

Actual PE Digest

a6:c2:10:35:21:c0:ac:bf:76:00:e9:cc:95:b3:24:55:bc:6b:9d:4d:ab:31:ab:96:5e:e4:d7:5d:51:fe:86:c8

Digest Algorithm

sha256

PE Digest Matches

true

48:9b:cd:2e:3c:33:a4:ba:bd:f8:f6:14:f4:a0:e9:38:cd:04:ca:2c
Signer

Actual PE Digest

48:9b:cd:2e:3c:33:a4:ba:bd:f8:f6:14:f4:a0:e9:38:cd:04:ca:2c

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_LARGE_ADDRESS_AWARE

IMAGE_FILE_DLL

PDB Paths

api-ms-win-crt-convert-l1-1-0.pdb

Exports

__toascii

_atodbl

_atodbl_l

_atof_l

_atoflt

_atoflt_l

_atoi64

_atoi64_l

_atoi_l

_atol_l

_atoldbl

_atoldbl_l

_atoll_l

_ecvt

_ecvt_s

_fcvt

_fcvt_s

_gcvt

_gcvt_s

_i64toa

_i64toa_s

_i64tow

_i64tow_s

_itoa

_itoa_s

_itow

_itow_s

_ltoa

_ltoa_s

_ltow

_ltow_s

_strtod_l

_strtof_l

_strtoi64

_strtoi64_l

_strtoimax_l

_strtol_l

_strtold_l

_strtoll_l

_strtoui64

_strtoui64_l

_strtoul_l

_strtoull_l

_strtoumax_l

_ui64toa

_ui64toa_s

_ui64tow

_ui64tow_s

_ultoa

_ultoa_s

_ultow

_ultow_s

_wcstod_l

_wcstof_l

_wcstoi64

_wcstoi64_l

_wcstoimax_l

_wcstol_l

_wcstold_l

_wcstoll_l

_wcstombs_l

_wcstombs_s_l

_wcstoui64

_wcstoui64_l

_wcstoul_l

_wcstoull_l

_wcstoumax_l

_wctomb_l

_wctomb_s_l

_wtof

_wtof_l

_wtoi

_wtoi64

_wtoi64_l

_wtoi_l

_wtol

_wtol_l

_wtoll

_wtoll_l

atof

atoi

atol

atoll

btowc

c16rtomb

c32rtomb

mbrtoc16

mbrtoc32

mbrtowc

mbsrtowcs

mbsrtowcs_s

mbstowcs

mbstowcs_s

mbtowc

strtod

strtof

strtoimax

strtol

strtold

strtoll

strtoul

strtoull

strtoumax

wcrtomb

wcrtomb_s

wcsrtombs

wcsrtombs_s

wcstod

wcstof

wcstoimax

wcstol

wcstold

wcstoll

wcstombs

wcstombs_s

wcstoul

wcstoull

wcstoumax

wctob

wctomb

wctomb_s

wctrans

Sections

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1000B

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

api-ms-win-crt-environment-l1-1-0.dll

.dll windows:10 windows x64 arch:x64

Code Sign

33:00:00:00:70:f4:18:bf:23:21:fc:50:9d:00:00:00:00:00:70
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

20/03/2015, 17:32

Not After

20/06/2016, 17:32

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:F528-3777-8A76,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

33:00:00:01:0a:2c:79:ae:d7:79:7b:a6:ac:00:01:00:00:01:0a
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

04/06/2015, 17:42

Not After

04/09/2016, 17:42

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:33:26:1a:00:00:00:00:00:31
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

31/08/2010, 22:19

Not After

31/08/2020, 22:29

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03/04/2007, 12:53

Not After

03/04/2021, 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

33:00:00:00:7b:a2:81:0b:87:11:ab:e7:fc:00:00:00:00:00:7b
Certificate

Issuer

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

01/10/2014, 18:06

Not After

01/01/2016, 18:06

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0c:52:4c:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

06/07/2010, 20:40

Not After

06/07/2025, 20:50

Subject

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

ce:9a:a7:38:c5:49:1f:0f:4e:f9:0d:4c:d3:20:9a:51:47:d0:9b:6d:dd:81:99:1f:a3:de:9e:8d:8b:56:18:1e
Signer

Actual PE Digest

ce:9a:a7:38:c5:49:1f:0f:4e:f9:0d:4c:d3:20:9a:51:47:d0:9b:6d:dd:81:99:1f:a3:de:9e:8d:8b:56:18:1e

Digest Algorithm

sha256

PE Digest Matches

true

64:87:e5:30:f3:50:69:27:38:3a:8f:d5:78:74:d1:ad:93:61:cf:31
Signer

Actual PE Digest

64:87:e5:30:f3:50:69:27:38:3a:8f:d5:78:74:d1:ad:93:61:cf:31

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_LARGE_ADDRESS_AWARE

IMAGE_FILE_DLL

PDB Paths

api-ms-win-crt-environment-l1-1-0.pdb

Exports

__p__environ

__p__wenviron

_dupenv_s

_putenv

_putenv_s

_searchenv

_searchenv_s

_wdupenv_s

_wgetcwd

_wgetdcwd

_wgetenv

_wgetenv_s

_wputenv

_wputenv_s

_wsearchenv

_wsearchenv_s

getenv

getenv_s

Sections

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1000B

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

api-ms-win-crt-filesystem-l1-1-0.dll

.dll windows:10 windows x64 arch:x64

Code Sign

33:00:00:00:70:f4:18:bf:23:21:fc:50:9d:00:00:00:00:00:70
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

20/03/2015, 17:32

Not After

20/06/2016, 17:32

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:F528-3777-8A76,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

33:00:00:01:0a:2c:79:ae:d7:79:7b:a6:ac:00:01:00:00:01:0a
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

04/06/2015, 17:42

Not After

04/09/2016, 17:42

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:33:26:1a:00:00:00:00:00:31
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

31/08/2010, 22:19

Not After

31/08/2020, 22:29

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03/04/2007, 12:53

Not After

03/04/2021, 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

33:00:00:00:7b:a2:81:0b:87:11:ab:e7:fc:00:00:00:00:00:7b
Certificate

Issuer

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

01/10/2014, 18:06

Not After

01/01/2016, 18:06

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0c:52:4c:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

06/07/2010, 20:40

Not After

06/07/2025, 20:50

Subject

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

58:98:a4:8c:19:c3:34:ae:c6:77:bd:e6:a0:81:aa:e8:06:89:00:0f:67:a4:94:0e:25:b0:74:0a:ce:18:79:8b
Signer

Actual PE Digest

58:98:a4:8c:19:c3:34:ae:c6:77:bd:e6:a0:81:aa:e8:06:89:00:0f:67:a4:94:0e:25:b0:74:0a:ce:18:79:8b

Digest Algorithm

sha256

PE Digest Matches

true

e2:00:e5:80:92:3e:78:c9:91:4a:a3:5b:28:09:93:a2:c3:e1:6c:c8
Signer

Actual PE Digest

e2:00:e5:80:92:3e:78:c9:91:4a:a3:5b:28:09:93:a2:c3:e1:6c:c8

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_LARGE_ADDRESS_AWARE

IMAGE_FILE_DLL

PDB Paths

api-ms-win-crt-filesystem-l1-1-0.pdb

Exports

_access

_access_s

_chdir

_chdrive

_chmod

_findclose

_findfirst32

_findfirst32i64

_findfirst64

_findfirst64i32

_findnext32

_findnext32i64

_findnext64

_findnext64i32

_fstat32

_fstat32i64

_fstat64

_fstat64i32

_fullpath

_getdiskfree

_getdrive

_getdrives

_lock_file

_makepath

_makepath_s

_mkdir

_rmdir

_splitpath

_splitpath_s

_stat32

_stat32i64

_stat64

_stat64i32

_umask

_umask_s

_unlink

_unlock_file

_waccess

_waccess_s

_wchdir

_wchmod

_wfindfirst32

_wfindfirst32i64

_wfindfirst64

_wfindfirst64i32

_wfindnext32

_wfindnext32i64

_wfindnext64

_wfindnext64i32

_wfullpath

_wmakepath

_wmakepath_s

_wmkdir

_wremove

_wrename

_wrmdir

_wsplitpath

_wsplitpath_s

_wstat32

_wstat32i64

_wstat64

_wstat64i32

_wunlink

remove

rename

Sections

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1000B

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

api-ms-win-crt-heap-l1-1-0.dll

.dll windows:10 windows x64 arch:x64

Code Sign

33:00:00:00:71:b3:2e:8a:6b:82:aa:1f:4e:00:00:00:00:00:71
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

20/03/2015, 17:32

Not After

20/06/2016, 17:32

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:B8EC-30A4-7144,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

33:00:00:01:0a:2c:79:ae:d7:79:7b:a6:ac:00:01:00:00:01:0a
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

04/06/2015, 17:42

Not After

04/09/2016, 17:42

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:33:26:1a:00:00:00:00:00:31
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

31/08/2010, 22:19

Not After

31/08/2020, 22:29

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03/04/2007, 12:53

Not After

03/04/2021, 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

33:00:00:00:7b:a2:81:0b:87:11:ab:e7:fc:00:00:00:00:00:7b
Certificate

Issuer

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

01/10/2014, 18:06

Not After

01/01/2016, 18:06

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0c:52:4c:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

06/07/2010, 20:40

Not After

06/07/2025, 20:50

Subject

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

15:e5:f6:c3:88:5f:e4:96:ac:a4:22:7f:5f:79:30:43:d2:0f:56:0a:67:ff:51:f2:d3:3c:34:da:18:39:63:49
Signer

Actual PE Digest

15:e5:f6:c3:88:5f:e4:96:ac:a4:22:7f:5f:79:30:43:d2:0f:56:0a:67:ff:51:f2:d3:3c:34:da:18:39:63:49

Digest Algorithm

sha256

PE Digest Matches

true

df:c7:8e:90:a7:35:c9:07:01:ff:a5:86:cd:39:9b:fe:f3:31:38:30
Signer

Actual PE Digest

df:c7:8e:90:a7:35:c9:07:01:ff:a5:86:cd:39:9b:fe:f3:31:38:30

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_LARGE_ADDRESS_AWARE

IMAGE_FILE_DLL

PDB Paths

api-ms-win-crt-heap-l1-1-0.pdb

Exports

_aligned_free

_aligned_malloc

_aligned_msize

_aligned_offset_malloc

_aligned_offset_realloc

_aligned_offset_recalloc

_aligned_realloc

_aligned_recalloc

_callnewh

_calloc_base

_expand

_free_base

_get_heap_handle

_heapchk

_heapmin

_heapwalk

_malloc_base

_msize

_query_new_handler

_query_new_mode

_realloc_base

_recalloc

_set_new_mode

calloc

free

malloc

realloc

Sections

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1000B

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

api-ms-win-crt-locale-l1-1-0.dll

.dll windows:10 windows x64 arch:x64

Code Sign

33:00:00:00:70:f4:18:bf:23:21:fc:50:9d:00:00:00:00:00:70
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

20/03/2015, 17:32

Not After

20/06/2016, 17:32

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:F528-3777-8A76,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

33:00:00:01:0a:2c:79:ae:d7:79:7b:a6:ac:00:01:00:00:01:0a
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

04/06/2015, 17:42

Not After

04/09/2016, 17:42

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:33:26:1a:00:00:00:00:00:31
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

31/08/2010, 22:19

Not After

31/08/2020, 22:29

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03/04/2007, 12:53

Not After

03/04/2021, 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

33:00:00:00:7b:a2:81:0b:87:11:ab:e7:fc:00:00:00:00:00:7b
Certificate

Issuer

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

01/10/2014, 18:06

Not After

01/01/2016, 18:06

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0c:52:4c:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

06/07/2010, 20:40

Not After

06/07/2025, 20:50

Subject

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

25:b8:7a:d3:2d:cb:d4:e0:03:6c:38:a0:06:17:63:db:3a:96:6f:b7:1d:eb:31:e4:9b:8e:a4:bd:2d:f4:69:ea
Signer

Actual PE Digest

25:b8:7a:d3:2d:cb:d4:e0:03:6c:38:a0:06:17:63:db:3a:96:6f:b7:1d:eb:31:e4:9b:8e:a4:bd:2d:f4:69:ea

Digest Algorithm

sha256

PE Digest Matches

true

22:f2:86:b5:0a:2e:4b:0c:f9:40:33:58:b3:51:3b:b1:63:55:00:b0
Signer

Actual PE Digest

22:f2:86:b5:0a:2e:4b:0c:f9:40:33:58:b3:51:3b:b1:63:55:00:b0

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_LARGE_ADDRESS_AWARE

IMAGE_FILE_DLL

PDB Paths

api-ms-win-crt-locale-l1-1-0.pdb

Exports

___lc_codepage_func

___lc_collate_cp_func

___lc_locale_name_func

___mb_cur_max_func

___mb_cur_max_l_func

__initialize_lconv_for_unsigned_char

__pctype_func

__pwctype_func

_configthreadlocale

_create_locale

_free_locale

_get_current_locale

_getmbcp

_lock_locales

_setmbcp

_unlock_locales

_wcreate_locale

_wsetlocale

localeconv

setlocale

Sections

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1000B

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

api-ms-win-crt-math-l1-1-0.dll

.dll windows:10 windows x64 arch:x64

Code Sign

33:00:00:00:6f:65:2d:58:6d:07:11:46:28:00:00:00:00:00:6f
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

20/03/2015, 17:32

Not After

20/06/2016, 17:32

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:C0F4-3086-DEF8,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

33:00:00:01:0a:2c:79:ae:d7:79:7b:a6:ac:00:01:00:00:01:0a
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

04/06/2015, 17:42

Not After

04/09/2016, 17:42

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:33:26:1a:00:00:00:00:00:31
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

31/08/2010, 22:19

Not After

31/08/2020, 22:29

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03/04/2007, 12:53

Not After

03/04/2021, 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

33:00:00:00:7b:a2:81:0b:87:11:ab:e7:fc:00:00:00:00:00:7b
Certificate

Issuer

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

01/10/2014, 18:06

Not After

01/01/2016, 18:06

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0c:52:4c:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

06/07/2010, 20:40

Not After

06/07/2025, 20:50

Subject

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

7b:a7:0b:e1:e9:b8:99:63:c5:73:e3:b7:29:95:35:9a:25:88:34:82:58:c9:d9:d9:28:aa:d6:3f:74:08:54:15
Signer

Actual PE Digest

7b:a7:0b:e1:e9:b8:99:63:c5:73:e3:b7:29:95:35:9a:25:88:34:82:58:c9:d9:d9:28:aa:d6:3f:74:08:54:15

Digest Algorithm

sha256

PE Digest Matches

true

c8:f2:07:e1:f4:a5:27:0e:ce:38:39:c3:48:1a:ff:f3:d9:27:21:6a
Signer

Actual PE Digest

c8:f2:07:e1:f4:a5:27:0e:ce:38:39:c3:48:1a:ff:f3:d9:27:21:6a

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_LARGE_ADDRESS_AWARE

IMAGE_FILE_DLL

PDB Paths

api-ms-win-crt-math-l1-1-0.pdb

Exports

_Cbuild

_Cmulcc

_Cmulcr

_FCbuild

_FCmulcc

_FCmulcr

_LCbuild

_LCmulcc

_LCmulcr

__setusermatherr

_cabs

_chgsign

_chgsignf

_copysign

_copysignf

_d_int

_dclass

_dexp

_dlog

_dnorm

_dpcomp

_dpoly

_dscale

_dsign

_dsin

_dtest

_dunscale

_except1

_fd_int

_fdclass

_fdexp

_fdlog

_fdnorm

_fdopen

_fdpcomp

_fdpoly

_fdscale

_fdsign

_fdsin

_fdtest

_fdunscale

_finite

_finitef

_fpclass

_fpclassf

_get_FMA3_enable

_hypot

_hypotf

_isnan

_isnanf

_j0

_j1

_jn

_ld_int

_ldclass

_ldexp

_ldlog

_ldpcomp

_ldpoly

_ldscale

_ldsign

_ldsin

_ldtest

_ldunscale

_logb

_logbf

_nextafter

_nextafterf

_scalb

_scalbf

_set_FMA3_enable

_y0

_y1

_yn

acos

acosf

acosh

acoshf

acoshl

asin

asinf

asinh

asinhf

asinhl

atan

atan2

atan2f

atanf

atanh

atanhf

atanhl

cabs

cabsf

cabsl

cacos

cacosf

cacosh

cacoshf

cacoshl

cacosl

carg

cargf

cargl

casin

casinf

casinh

casinhf

casinhl

casinl

catan

catanf

catanh

catanhf

catanhl

catanl

cbrt

cbrtf

cbrtl

ccos

ccosf

ccosh

ccoshf

ccoshl

ccosl

ceil

ceilf

cexp

cexpf

cexpl

cimag

cimagf

cimagl

clog

clog10

clog10f

clog10l

clogf

clogl

conj

conjf

conjl

copysign

copysignf

copysignl

cos

cosf

cosh

coshf

cpow

cpowf

cpowl

cproj

cprojf

cprojl

creal

crealf

creall

csin

csinf

csinh

csinhf

csinhl

csinl

csqrt

csqrtf

csqrtl

ctan

ctanf

ctanh

ctanhf

ctanhl

ctanl

erf

erfc

erfcf

erfcl

erff

erfl

exp

exp2

exp2f

exp2l

expf

expm1

expm1f

expm1l

fabs

fdim

fdimf

fdiml

floor

floorf

fma

fmaf

fmal

fmax

fmaxf

fmaxl

fmin

fminf

fminl

fmod

fmodf

frexp

hypot

ilogb

ilogbf

ilogbl

ldexp

lgamma

lgammaf

lgammal

llrint

llrintf

llrintl

llround

llroundf

llroundl

log

log10

log10f

log1p

log1pf

log1pl

log2

log2f

log2l

logb

logbf

logbl

logf

lrint

lrintf

lrintl

lround

lroundf

lroundl

modf

modff

nan

nanf

nanl

nearbyint

nearbyintf

nearbyintl

nextafter

nextafterf

nextafterl

nexttoward

nexttowardf

nexttowardl

norm

normf

norml

pow

powf

remainder

remainderf

remainderl

remquo

remquof

remquol

rint

rintf

rintl

round

roundf

roundl

scalbln

scalblnf

scalblnl

scalbn

scalbnf

scalbnl

sin

sinf

sinh

sinhf

sqrt

sqrtf

tan

tanf

tanh

tanhf

tgamma

tgammaf

tgammal

trunc

truncf

truncl

Sections

.rdata
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1000B

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

api-ms-win-crt-multibyte-l1-1-0.dll

.dll windows:10 windows x64 arch:x64

Code Sign

33:00:00:00:6f:65:2d:58:6d:07:11:46:28:00:00:00:00:00:6f
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

20/03/2015, 17:32

Not After

20/06/2016, 17:32

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:C0F4-3086-DEF8,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

33:00:00:01:0a:2c:79:ae:d7:79:7b:a6:ac:00:01:00:00:01:0a
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

04/06/2015, 17:42

Not After

04/09/2016, 17:42

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:33:26:1a:00:00:00:00:00:31
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

31/08/2010, 22:19

Not After

31/08/2020, 22:29

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03/04/2007, 12:53

Not After

03/04/2021, 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

33:00:00:00:7b:a2:81:0b:87:11:ab:e7:fc:00:00:00:00:00:7b
Certificate

Issuer

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

01/10/2014, 18:06

Not After

01/01/2016, 18:06

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0c:52:4c:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

06/07/2010, 20:40

Not After

06/07/2025, 20:50

Subject

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

ec:a8:85:44:5a:b7:7f:ac:d3:fc:e5:59:a7:ec:f6:aa:19:30:a6:7b:8d:0a:73:ed:69:a0:99:83:f4:67:5f:56
Signer

Actual PE Digest

ec:a8:85:44:5a:b7:7f:ac:d3:fc:e5:59:a7:ec:f6:aa:19:30:a6:7b:8d:0a:73:ed:69:a0:99:83:f4:67:5f:56

Digest Algorithm

sha256

PE Digest Matches

true

9d:c5:f1:ea:02:c8:05:49:35:3c:27:dc:30:1b:56:c1:d0:f6:04:e6
Signer

Actual PE Digest

9d:c5:f1:ea:02:c8:05:49:35:3c:27:dc:30:1b:56:c1:d0:f6:04:e6

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_LARGE_ADDRESS_AWARE

IMAGE_FILE_DLL

PDB Paths

api-ms-win-crt-multibyte-l1-1-0.pdb

Exports

__p__mbcasemap

__p__mbctype

_ismbbalnum

_ismbbalnum_l

_ismbbalpha

_ismbbalpha_l

_ismbbblank

_ismbbblank_l

_ismbbgraph

_ismbbgraph_l

_ismbbkalnum

_ismbbkalnum_l

_ismbbkana

_ismbbkana_l

_ismbbkprint

_ismbbkprint_l

_ismbbkpunct

_ismbbkpunct_l

_ismbblead

_ismbblead_l

_ismbbprint

_ismbbprint_l

_ismbbpunct

_ismbbpunct_l

_ismbbtrail

_ismbbtrail_l

_ismbcalnum

_ismbcalnum_l

_ismbcalpha

_ismbcalpha_l

_ismbcblank

_ismbcblank_l

_ismbcdigit

_ismbcdigit_l

_ismbcgraph

_ismbcgraph_l

_ismbchira

_ismbchira_l

_ismbckata

_ismbckata_l

_ismbcl0

_ismbcl0_l

_ismbcl1

_ismbcl1_l

_ismbcl2

_ismbcl2_l

_ismbclegal

_ismbclegal_l

_ismbclower

_ismbclower_l

_ismbcprint

_ismbcprint_l

_ismbcpunct

_ismbcpunct_l

_ismbcspace

_ismbcspace_l

_ismbcsymbol

_ismbcsymbol_l

_ismbcupper

_ismbcupper_l

_ismbslead

_ismbslead_l

_ismbstrail

_ismbstrail_l

_mbbtombc

_mbbtombc_l

_mbbtype

_mbbtype_l

_mbcasemap

_mbccpy

_mbccpy_l

_mbccpy_s

_mbccpy_s_l

_mbcjistojms

_mbcjistojms_l

_mbcjmstojis

_mbcjmstojis_l

_mbclen

_mbclen_l

_mbctohira

_mbctohira_l

_mbctokata

_mbctokata_l

_mbctolower

_mbctolower_l

_mbctombb

_mbctombb_l

_mbctoupper

_mbctoupper_l

_mblen_l

_mbsbtype

_mbsbtype_l

_mbscat_s

_mbscat_s_l

_mbschr

_mbschr_l

_mbscmp

_mbscmp_l

_mbscoll

_mbscoll_l

_mbscpy_s

_mbscpy_s_l

_mbscspn

_mbscspn_l

_mbsdec

_mbsdec_l

_mbsdup

_mbsicmp

_mbsicmp_l

_mbsicoll

_mbsicoll_l

_mbsinc

_mbsinc_l

_mbslen

_mbslen_l

_mbslwr

_mbslwr_l

_mbslwr_s

_mbslwr_s_l

_mbsnbcat

_mbsnbcat_l

_mbsnbcat_s

_mbsnbcat_s_l

_mbsnbcmp

_mbsnbcmp_l

_mbsnbcnt

_mbsnbcnt_l

_mbsnbcoll

_mbsnbcoll_l

_mbsnbcpy

_mbsnbcpy_l

_mbsnbcpy_s

_mbsnbcpy_s_l

_mbsnbicmp

_mbsnbicmp_l

_mbsnbicoll

_mbsnbicoll_l

_mbsnbset

_mbsnbset_l

_mbsnbset_s

_mbsnbset_s_l

_mbsncat

_mbsncat_l

_mbsncat_s

_mbsncat_s_l

_mbsnccnt

_mbsnccnt_l

_mbsncmp

_mbsncmp_l

_mbsncoll

_mbsncoll_l

_mbsncpy

_mbsncpy_l

_mbsncpy_s

_mbsncpy_s_l

_mbsnextc

_mbsnextc_l

_mbsnicmp

_mbsnicmp_l

_mbsnicoll

_mbsnicoll_l

_mbsninc

_mbsninc_l

_mbsnlen

_mbsnlen_l

_mbsnset

_mbsnset_l

_mbsnset_s

_mbsnset_s_l

_mbspbrk

_mbspbrk_l

_mbsrchr

_mbsrchr_l

_mbsrev

_mbsrev_l

_mbsset

_mbsset_l

_mbsset_s

_mbsset_s_l

_mbsspn

_mbsspn_l

_mbsspnp

_mbsspnp_l

_mbsstr

_mbsstr_l

_mbstok

_mbstok_l

_mbstok_s

_mbstok_s_l

_mbstowcs_l

_mbstowcs_s_l

_mbstrlen

_mbstrlen_l

_mbstrnlen

_mbstrnlen_l

_mbsupr

_mbsupr_l

_mbsupr_s

_mbsupr_s_l

_mbtowc_l

Sections

.rdata
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1000B

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

api-ms-win-crt-private-l1-1-0.dll

.dll windows:10 windows x64 arch:x64

Code Sign

33:00:00:00:71:b3:2e:8a:6b:82:aa:1f:4e:00:00:00:00:00:71
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

20/03/2015, 17:32

Not After

20/06/2016, 17:32

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:B8EC-30A4-7144,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

33:00:00:01:0a:2c:79:ae:d7:79:7b:a6:ac:00:01:00:00:01:0a
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

04/06/2015, 17:42

Not After

04/09/2016, 17:42

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:33:26:1a:00:00:00:00:00:31
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

31/08/2010, 22:19

Not After

31/08/2020, 22:29

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03/04/2007, 12:53

Not After

03/04/2021, 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

33:00:00:00:7b:a2:81:0b:87:11:ab:e7:fc:00:00:00:00:00:7b
Certificate

Issuer

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

01/10/2014, 18:06

Not After

01/01/2016, 18:06

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0c:52:4c:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

06/07/2010, 20:40

Not After

06/07/2025, 20:50

Subject

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

fb:85:e7:d6:1e:c4:e0:be:98:97:dd:b0:01:72:13:17:02:da:f0:cf:97:ee:ff:e9:9c:1c:2c:d3:60:b5:3c:f6
Signer

Actual PE Digest

fb:85:e7:d6:1e:c4:e0:be:98:97:dd:b0:01:72:13:17:02:da:f0:cf:97:ee:ff:e9:9c:1c:2c:d3:60:b5:3c:f6

Digest Algorithm

sha256

PE Digest Matches

true

67:eb:2c:65:69:1a:7b:65:ba:14:ec:a7:5e:aa:32:4a:55:0f:eb:a9
Signer

Actual PE Digest

67:eb:2c:65:69:1a:7b:65:ba:14:ec:a7:5e:aa:32:4a:55:0f:eb:a9

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_LARGE_ADDRESS_AWARE

IMAGE_FILE_DLL

PDB Paths

api-ms-win-crt-private-l1-1-0.pdb

Exports

_CreateFrameInfo

_CxxThrowException

_FindAndUnlinkFrame

_GetImageBase

_GetThrowImageBase

_IsExceptionObjectToBeDestroyed

_SetImageBase

_SetThrowImageBase

_SetWinRTOutOfMemoryExceptionCallback

__AdjustPointer

__BuildCatchObject

__BuildCatchObjectHelper

__C_specific_handler

__CxxDetectRethrow

__CxxExceptionFilter

__CxxFrameHandler

__CxxFrameHandler2

__CxxFrameHandler3

__CxxQueryExceptionSize

__CxxRegisterExceptionObject

__CxxUnregisterExceptionObject

__DestructExceptionObject

__FrameUnwindFilter

__GetPlatformExceptionInfo

__NLG_Dispatch2

__NLG_Return2

__RTCastToVoid

__RTDynamicCast

__RTtypeid

__TypeMatch

__current_exception

__current_exception_context

__dcrt_get_wide_environment_from_os

__dcrt_initial_narrow_environment

__intrinsic_setjmp

__intrinsic_setjmpex

__processing_throw

__report_gsfailure

__std_exception_copy

__std_exception_destroy

__std_type_info_compare

__std_type_info_destroy_list

__std_type_info_hash

__std_type_info_name

__unDName

__unDNameEx

__uncaught_exception

_get_purecall_handler

_get_unexpected

_is_exception_typeof

_local_unwind

_o__Getdays

_o__Getmonths

_o__Gettnames

_o__Strftime

_o__W_Getdays

_o__W_Getmonths

_o__W_Gettnames

_o__Wcsftime

_o____lc_codepage_func

_o____lc_collate_cp_func

_o____lc_locale_name_func

_o____mb_cur_max_func

_o___acrt_iob_func

_o___conio_common_vcprintf

_o___conio_common_vcprintf_p

_o___conio_common_vcprintf_s

_o___conio_common_vcscanf

_o___conio_common_vcwprintf

_o___conio_common_vcwprintf_p

_o___conio_common_vcwprintf_s

_o___conio_common_vcwscanf

_o___daylight

_o___dstbias

_o___fpe_flt_rounds

_o___p___argc

_o___p___argv

_o___p___wargv

_o___p__acmdln

_o___p__commode

_o___p__environ

_o___p__fmode

_o___p__mbcasemap

_o___p__mbctype

_o___p__pgmptr

_o___p__wcmdln

_o___p__wenviron

_o___p__wpgmptr

_o___pctype_func

_o___pwctype_func

_o___std_exception_copy

_o___std_exception_destroy

_o___std_type_info_destroy_list

_o___std_type_info_name

_o___stdio_common_vfprintf

_o___stdio_common_vfprintf_p

_o___stdio_common_vfprintf_s

_o___stdio_common_vfscanf

_o___stdio_common_vfwprintf

_o___stdio_common_vfwprintf_p

_o___stdio_common_vfwprintf_s

_o___stdio_common_vfwscanf

_o___stdio_common_vsnprintf_s

_o___stdio_common_vsnwprintf_s

_o___stdio_common_vsprintf

_o___stdio_common_vsprintf_p

_o___stdio_common_vsprintf_s

_o___stdio_common_vsscanf

_o___stdio_common_vswprintf

_o___stdio_common_vswprintf_p

_o___stdio_common_vswprintf_s

_o___stdio_common_vswscanf

_o___timezone

_o___tzname

_o___wcserror

_o__access

_o__access_s

_o__aligned_free

_o__aligned_malloc

_o__aligned_msize

_o__aligned_offset_malloc

_o__aligned_offset_realloc

_o__aligned_offset_recalloc

_o__aligned_realloc

_o__aligned_recalloc

_o__atodbl

_o__atodbl_l

_o__atof_l

_o__atoflt

_o__atoflt_l

_o__atoi64

_o__atoi64_l

_o__atoi_l

_o__atol_l

_o__atoldbl

_o__atoldbl_l

_o__atoll_l

_o__beep

_o__beginthread

_o__beginthreadex

_o__cabs

_o__callnewh

_o__calloc_base

_o__cexit

_o__cgets

_o__cgets_s

_o__cgetws

_o__cgetws_s

_o__chdir

_o__chdrive

_o__chmod

_o__chsize

_o__chsize_s

_o__close

_o__commit

_o__configthreadlocale

_o__configure_narrow_argv

_o__configure_wide_argv

_o__controlfp_s

_o__cputs

_o__cputws

_o__creat

_o__create_locale

_o__crt_atexit

_o__ctime32_s

_o__ctime64_s

_o__cwait

_o__d_int

_o__dclass

_o__difftime32

_o__difftime64

_o__dlog

_o__dnorm

_o__dpcomp

_o__dpoly

_o__dscale

_o__dsign

_o__dsin

_o__dtest

_o__dunscale

_o__dup

_o__dup2

_o__dupenv_s

_o__ecvt

_o__ecvt_s

_o__endthread

_o__endthreadex

_o__eof

_o__errno

_o__except1

_o__execute_onexit_table

_o__execv

_o__execve

_o__execvp

_o__execvpe

_o__exit

_o__expand

_o__fclose_nolock

_o__fcloseall

_o__fcvt

_o__fcvt_s

_o__fd_int

_o__fdclass

_o__fdexp

_o__fdlog

_o__fdopen

_o__fdpcomp

_o__fdpoly

_o__fdscale

_o__fdsign

_o__fdsin

_o__fflush_nolock

_o__fgetc_nolock

_o__fgetchar

_o__fgetwc_nolock

_o__fgetwchar

_o__filelength

_o__filelengthi64

_o__fileno

_o__findclose

_o__findfirst32

_o__findfirst32i64

_o__findfirst64

_o__findfirst64i32

_o__findnext32

_o__findnext32i64

_o__findnext64

_o__findnext64i32

_o__flushall

_o__fpclass

_o__fpclassf

_o__fputc_nolock

_o__fputchar

_o__fputwc_nolock

_o__fputwchar

_o__fread_nolock

_o__fread_nolock_s

_o__free_base

_o__free_locale

_o__fseek_nolock

_o__fseeki64

_o__fseeki64_nolock

_o__fsopen

_o__fstat32

_o__fstat32i64

_o__fstat64

_o__fstat64i32

_o__ftell_nolock

_o__ftelli64

_o__ftelli64_nolock

_o__ftime32

_o__ftime32_s

_o__ftime64

_o__ftime64_s

_o__fullpath

_o__futime32

_o__futime64

_o__fwrite_nolock

_o__gcvt

_o__gcvt_s

_o__get_daylight

_o__get_doserrno

_o__get_dstbias

_o__get_errno

_o__get_fmode

_o__get_heap_handle

_o__get_initial_narrow_environment

_o__get_initial_wide_environment

_o__get_invalid_parameter_handler

_o__get_narrow_winmain_command_line

_o__get_osfhandle

_o__get_pgmptr

_o__get_stream_buffer_pointers

_o__get_terminate

_o__get_thread_local_invalid_parameter_handler

_o__get_timezone

_o__get_tzname

_o__get_wide_winmain_command_line

_o__get_wpgmptr

_o__getc_nolock

_o__getch

_o__getch_nolock

_o__getche

_o__getche_nolock

_o__getcwd

_o__getdcwd

_o__getdiskfree

_o__getdllprocaddr

_o__getdrive

_o__getdrives

_o__getmbcp

_o__getsystime

_o__getw

_o__getwc_nolock

_o__getwch

_o__getwch_nolock

_o__getwche

_o__getwche_nolock

_o__getws

_o__getws_s

_o__gmtime32

_o__gmtime32_s

_o__gmtime64

_o__gmtime64_s

_o__heapchk

_o__heapmin

_o__hypot

_o__hypotf

_o__i64toa

_o__i64toa_s

_o__i64tow

_o__i64tow_s

_o__initialize_narrow_environment

_o__initialize_onexit_table

_o__initialize_wide_environment

_o__invalid_parameter_noinfo

_o__invalid_parameter_noinfo_noreturn

_o__isatty

_o__isctype

_o__isctype_l

_o__isleadbyte_l

_o__ismbbalnum

_o__ismbbalnum_l

_o__ismbbalpha

_o__ismbbalpha_l

_o__ismbbblank

_o__ismbbblank_l

_o__ismbbgraph

_o__ismbbgraph_l

_o__ismbbkalnum

_o__ismbbkalnum_l

_o__ismbbkana

_o__ismbbkana_l

_o__ismbbkprint

_o__ismbbkprint_l

_o__ismbbkpunct

_o__ismbbkpunct_l

_o__ismbblead

_o__ismbblead_l

_o__ismbbprint

_o__ismbbprint_l

_o__ismbbpunct

_o__ismbbpunct_l

_o__ismbbtrail

_o__ismbbtrail_l

_o__ismbcalnum

_o__ismbcalnum_l

_o__ismbcalpha

_o__ismbcalpha_l

_o__ismbcblank

_o__ismbcblank_l

_o__ismbcdigit

_o__ismbcdigit_l

_o__ismbcgraph

_o__ismbcgraph_l

_o__ismbchira

_o__ismbchira_l

_o__ismbckata

_o__ismbckata_l

_o__ismbcl0

_o__ismbcl0_l

_o__ismbcl1

_o__ismbcl1_l

_o__ismbcl2

_o__ismbcl2_l

_o__ismbclegal

_o__ismbclegal_l

_o__ismbclower

_o__ismbclower_l

_o__ismbcprint

_o__ismbcprint_l

_o__ismbcpunct

_o__ismbcpunct_l

_o__ismbcspace

_o__ismbcspace_l

_o__ismbcsymbol

_o__ismbcsymbol_l

_o__ismbcupper

_o__ismbcupper_l

_o__ismbslead

_o__ismbslead_l

_o__ismbstrail

_o__ismbstrail_l

_o__iswctype_l

_o__itoa

_o__itoa_s

_o__itow

_o__itow_s

_o__j0

_o__j1

_o__jn

_o__kbhit

_o__ld_int

_o__ldclass

_o__ldexp

_o__ldlog

_o__ldpcomp

_o__ldpoly

_o__ldscale

_o__ldsign

_o__ldsin

_o__ldtest

_o__ldunscale

_o__lfind

_o__lfind_s

_o__loaddll

_o__localtime32

_o__localtime32_s

_o__localtime64

_o__localtime64_s

_o__lock_file

_o__locking

_o__logb

_o__logbf

_o__lsearch

_o__lsearch_s

_o__lseek

_o__lseeki64

_o__ltoa

_o__ltoa_s

_o__ltow

_o__ltow_s

_o__makepath

_o__makepath_s

_o__malloc_base

_o__mbbtombc

_o__mbbtombc_l

_o__mbbtype

_o__mbbtype_l

_o__mbccpy

_o__mbccpy_l

_o__mbccpy_s

_o__mbccpy_s_l

_o__mbcjistojms

_o__mbcjistojms_l

_o__mbcjmstojis

_o__mbcjmstojis_l

_o__mbclen

_o__mbclen_l

_o__mbctohira

_o__mbctohira_l

_o__mbctokata

_o__mbctokata_l

_o__mbctolower

_o__mbctolower_l

_o__mbctombb

_o__mbctombb_l

_o__mbctoupper

_o__mbctoupper_l

_o__mblen_l

_o__mbsbtype

_o__mbsbtype_l

_o__mbscat_s

_o__mbscat_s_l

_o__mbschr

_o__mbschr_l

_o__mbscmp

_o__mbscmp_l

_o__mbscoll

_o__mbscoll_l

_o__mbscpy_s

_o__mbscpy_s_l

_o__mbscspn

_o__mbscspn_l

_o__mbsdec

_o__mbsdec_l

_o__mbsicmp

_o__mbsicmp_l

_o__mbsicoll

_o__mbsicoll_l

_o__mbsinc

_o__mbsinc_l

_o__mbslen

_o__mbslen_l

_o__mbslwr

_o__mbslwr_l

_o__mbslwr_s

_o__mbslwr_s_l

_o__mbsnbcat

_o__mbsnbcat_l

_o__mbsnbcat_s

_o__mbsnbcat_s_l

_o__mbsnbcmp

_o__mbsnbcmp_l

_o__mbsnbcnt

_o__mbsnbcnt_l

_o__mbsnbcoll

_o__mbsnbcoll_l

_o__mbsnbcpy

_o__mbsnbcpy_l

_o__mbsnbcpy_s

_o__mbsnbcpy_s_l

_o__mbsnbicmp

_o__mbsnbicmp_l

_o__mbsnbicoll

_o__mbsnbicoll_l

_o__mbsnbset

_o__mbsnbset_l

_o__mbsnbset_s

_o__mbsnbset_s_l

Sections

.rdata
Size: 52KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1000B

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

api-ms-win-crt-process-l1-1-0.dll

.dll windows:10 windows x64 arch:x64

Code Sign

33:00:00:00:6f:65:2d:58:6d:07:11:46:28:00:00:00:00:00:6f
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

20/03/2015, 17:32

Not After

20/06/2016, 17:32

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:C0F4-3086-DEF8,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

33:00:00:01:0a:2c:79:ae:d7:79:7b:a6:ac:00:01:00:00:01:0a
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

04/06/2015, 17:42

Not After

04/09/2016, 17:42

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:33:26:1a:00:00:00:00:00:31
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

31/08/2010, 22:19

Not After

31/08/2020, 22:29

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03/04/2007, 12:53

Not After

03/04/2021, 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

33:00:00:00:7b:a2:81:0b:87:11:ab:e7:fc:00:00:00:00:00:7b
Certificate

Issuer

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

01/10/2014, 18:06

Not After

01/01/2016, 18:06

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0c:52:4c:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

06/07/2010, 20:40

Not After

06/07/2025, 20:50

Subject

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

54:47:81:a5:a3:07:9b:8f:e0:dc:50:9c:e6:b3:f5:5a:8d:53:07:a7:16:f4:6e:5b:bf:e7:0d:ec:65:86:11:fb
Signer

Actual PE Digest

54:47:81:a5:a3:07:9b:8f:e0:dc:50:9c:e6:b3:f5:5a:8d:53:07:a7:16:f4:6e:5b:bf:e7:0d:ec:65:86:11:fb

Digest Algorithm

sha256

PE Digest Matches

true

39:88:58:5c:ad:8e:65:6e:e6:02:5d:e2:f5:bd:f8:07:3c:b4:19:65
Signer

Actual PE Digest

39:88:58:5c:ad:8e:65:6e:e6:02:5d:e2:f5:bd:f8:07:3c:b4:19:65

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_LARGE_ADDRESS_AWARE

IMAGE_FILE_DLL

PDB Paths

api-ms-win-crt-process-l1-1-0.pdb

Exports

_beep

_cwait

_execl

_execle

_execlp

_execlpe

_execv

_execve

_execvp

_execvpe

_loaddll

_spawnl

_spawnle

_spawnlp

_spawnlpe

_spawnv

_spawnve

_spawnvp

_spawnvpe

_unloaddll

_wexecl

_wexecle

_wexeclp

_wexeclpe

_wexecv

_wexecve

_wexecvp

_wexecvpe

_wspawnl

_wspawnle

_wspawnlp

_wspawnlpe

_wspawnv

_wspawnve

_wspawnvp

_wspawnvpe

Sections

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1000B

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

api-ms-win-crt-runtime-l1-1-0.dll

.dll windows:10 windows x64 arch:x64

Code Sign

33:00:00:00:6f:65:2d:58:6d:07:11:46:28:00:00:00:00:00:6f
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

20/03/2015, 17:32

Not After

20/06/2016, 17:32

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:C0F4-3086-DEF8,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

33:00:00:01:0a:2c:79:ae:d7:79:7b:a6:ac:00:01:00:00:01:0a
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

04/06/2015, 17:42

Not After

04/09/2016, 17:42

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:33:26:1a:00:00:00:00:00:31
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

31/08/2010, 22:19

Not After

31/08/2020, 22:29

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03/04/2007, 12:53

Not After

03/04/2021, 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

33:00:00:00:7b:a2:81:0b:87:11:ab:e7:fc:00:00:00:00:00:7b
Certificate

Issuer

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

01/10/2014, 18:06

Not After

01/01/2016, 18:06

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0c:52:4c:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

06/07/2010, 20:40

Not After

06/07/2025, 20:50

Subject

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

46:33:4b:cb:70:14:60:93:45:10:06:ca:af:ca:58:26:74:d0:78:df:67:42:a4:5f:d5:35:8c:3a:92:bf:81:34
Signer

Actual PE Digest

46:33:4b:cb:70:14:60:93:45:10:06:ca:af:ca:58:26:74:d0:78:df:67:42:a4:5f:d5:35:8c:3a:92:bf:81:34

Digest Algorithm

sha256

PE Digest Matches

true

a3:9f:bb:fc:24:ab:d1:0a:6f:2e:78:cd:34:a6:4e:c8:df:26:35:c0
Signer

Actual PE Digest

a3:9f:bb:fc:24:ab:d1:0a:6f:2e:78:cd:34:a6:4e:c8:df:26:35:c0

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_LARGE_ADDRESS_AWARE

IMAGE_FILE_DLL

PDB Paths

api-ms-win-crt-runtime-l1-1-0.pdb

Exports

_Exit

__doserrno

__fpe_flt_rounds

__fpecode

__p___argc

__p___argv

__p___wargv

__p__acmdln

__p__pgmptr

__p__wcmdln

__p__wpgmptr

__pxcptinfoptrs

__sys_errlist

__sys_nerr

__threadhandle

__threadid

__wcserror

__wcserror_s

_assert

_beginthread

_beginthreadex

_c_exit

_cexit

_clearfp

_configure_narrow_argv

_configure_wide_argv

_control87

_controlfp

_controlfp_s

_crt_at_quick_exit

_crt_atexit

_endthread

_endthreadex

_errno

_execute_onexit_table

_exit

_fpieee_flt

_fpreset

_get_doserrno

_get_errno

_get_initial_narrow_environment

_get_initial_wide_environment

_get_invalid_parameter_handler

_get_narrow_winmain_command_line

_get_pgmptr

_get_terminate

_get_thread_local_invalid_parameter_handler

_get_wide_winmain_command_line

_get_wpgmptr

_getdllprocaddr

_getpid

_initialize_narrow_environment

_initialize_onexit_table

_initialize_wide_environment

_initterm

_initterm_e

_invalid_parameter_noinfo

_invalid_parameter_noinfo_noreturn

_invoke_watson

_query_app_type

_register_onexit_function

_register_thread_local_exe_atexit_callback

_resetstkoflw

_seh_filter_dll

_seh_filter_exe

_set_abort_behavior

_set_app_type

_set_controlfp

_set_doserrno

_set_errno

_set_error_mode

_set_invalid_parameter_handler

_set_new_handler

_set_thread_local_invalid_parameter_handler

_seterrormode

_sleep

_statusfp

_strerror

_strerror_s

_wassert

_wcserror

_wcserror_s

_wperror

_wsystem

abort

exit

feclearexcept

fegetenv

fegetexceptflag

fegetround

feholdexcept

fesetenv

fesetexceptflag

fesetround

fetestexcept

perror

quick_exit

raise

set_terminate

signal

strerror

strerror_s

system

terminate

Sections

.rdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1000B

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

api-ms-win-crt-stdio-l1-1-0.dll

.dll windows:10 windows x64 arch:x64

Code Sign

33:00:00:00:6f:65:2d:58:6d:07:11:46:28:00:00:00:00:00:6f
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

20/03/2015, 17:32

Not After

20/06/2016, 17:32

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:C0F4-3086-DEF8,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

33:00:00:01:0a:2c:79:ae:d7:79:7b:a6:ac:00:01:00:00:01:0a
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

04/06/2015, 17:42

Not After

04/09/2016, 17:42

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:33:26:1a:00:00:00:00:00:31
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

31/08/2010, 22:19

Not After

31/08/2020, 22:29

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03/04/2007, 12:53

Not After

03/04/2021, 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

33:00:00:00:7b:a2:81:0b:87:11:ab:e7:fc:00:00:00:00:00:7b
Certificate

Issuer

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

01/10/2014, 18:06

Not After

01/01/2016, 18:06

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0c:52:4c:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

06/07/2010, 20:40

Not After

06/07/2025, 20:50

Subject

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

7d:ee:05:7a:10:cb:b5:6a:6a:1e:c4:44:25:ad:88:7b:11:45:13:98:ec:70:f2:b9:ab:2c:11:fb:63:6f:15:c3
Signer

Actual PE Digest

7d:ee:05:7a:10:cb:b5:6a:6a:1e:c4:44:25:ad:88:7b:11:45:13:98:ec:70:f2:b9:ab:2c:11:fb:63:6f:15:c3

Digest Algorithm

sha256

PE Digest Matches

true

dc:6f:64:c1:d0:32:97:4d:7d:c7:0f:86:f9:ff:c0:60:5f:4f:97:c3
Signer

Actual PE Digest

dc:6f:64:c1:d0:32:97:4d:7d:c7:0f:86:f9:ff:c0:60:5f:4f:97:c3

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_LARGE_ADDRESS_AWARE

IMAGE_FILE_DLL

PDB Paths

api-ms-win-crt-stdio-l1-1-0.pdb

Exports

__acrt_iob_func

__p__commode

__p__fmode

__stdio_common_vfprintf

__stdio_common_vfprintf_p

__stdio_common_vfprintf_s

__stdio_common_vfscanf

__stdio_common_vfwprintf

__stdio_common_vfwprintf_p

__stdio_common_vfwprintf_s

__stdio_common_vfwscanf

__stdio_common_vsnprintf_s

__stdio_common_vsnwprintf_s

__stdio_common_vsprintf

__stdio_common_vsprintf_p

__stdio_common_vsprintf_s

__stdio_common_vsscanf

__stdio_common_vswprintf

__stdio_common_vswprintf_p

__stdio_common_vswprintf_s

__stdio_common_vswscanf

_chsize

_chsize_s

_close

_commit

_creat

_dup

_dup2

_eof

_fclose_nolock

_fcloseall

_fflush_nolock

_fgetc_nolock

_fgetchar

_fgetwc_nolock

_fgetwchar

_filelength

_filelengthi64

_fileno

_flushall

_fputc_nolock

_fputchar

_fputwc_nolock

_fputwchar

_fread_nolock

_fread_nolock_s

_fseek_nolock

_fseeki64

_fseeki64_nolock

_fsopen

_ftell_nolock

_ftelli64

_ftelli64_nolock

_fwrite_nolock

_get_fmode

_get_osfhandle

_get_printf_count_output

_get_stream_buffer_pointers

_getc_nolock

_getcwd

_getdcwd

_getmaxstdio

_getw

_getwc_nolock

_getws

_getws_s

_isatty

_kbhit

_locking

_lseek

_lseeki64

_mktemp

_mktemp_s

_open

_open_osfhandle

_pclose

_pipe

_popen

_putc_nolock

_putw

_putwc_nolock

_putws

_read

_rmtmp

_set_fmode

_set_printf_count_output

_setmaxstdio

_setmode

_sopen

_sopen_dispatch

_sopen_s

_tell

_telli64

_tempnam

_ungetc_nolock

_ungetwc_nolock

_wcreat

_wfdopen

_wfopen

_wfopen_s

_wfreopen

_wfreopen_s

_wfsopen

_wmktemp

_wmktemp_s

_wopen

_wpopen

_write

_wsopen

_wsopen_dispatch

_wsopen_s

_wtempnam

_wtmpnam

_wtmpnam_s

clearerr

clearerr_s

fclose

feof

ferror

fflush

fgetc

fgetpos

fgets

fgetwc

fgetws

fopen

fopen_s

fputc

fputs

fputwc

fputws

fread

fread_s

freopen

freopen_s

fseek

fsetpos

ftell

fwrite

getc

getchar

gets

gets_s

getwc

getwchar

putc

putchar

puts

putwc

putwchar

rewind

setbuf

setvbuf

tmpfile

tmpfile_s

tmpnam

tmpnam_s

ungetc

ungetwc

Sections

.rdata
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1000B

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

api-ms-win-crt-string-l1-1-0.dll

.dll windows:10 windows x64 arch:x64

Code Sign

33:00:00:00:6f:65:2d:58:6d:07:11:46:28:00:00:00:00:00:6f
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

20/03/2015, 17:32

Not After

20/06/2016, 17:32

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:C0F4-3086-DEF8,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

33:00:00:01:0a:2c:79:ae:d7:79:7b:a6:ac:00:01:00:00:01:0a
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

04/06/2015, 17:42

Not After

04/09/2016, 17:42

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:33:26:1a:00:00:00:00:00:31
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

31/08/2010, 22:19

Not After

31/08/2020, 22:29

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03/04/2007, 12:53

Not After

03/04/2021, 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

33:00:00:00:7b:a2:81:0b:87:11:ab:e7:fc:00:00:00:00:00:7b
Certificate

Issuer

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

01/10/2014, 18:06

Not After

01/01/2016, 18:06

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0c:52:4c:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

06/07/2010, 20:40

Not After

06/07/2025, 20:50

Subject

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

17:3f:43:ff:ad:8d:17:4e:7e:df:64:10:d5:09:13:fb:0a:3d:fb:da:df:5e:64:b9:38:e9:a1:a7:de:6b:3f:0b
Signer

Actual PE Digest

17:3f:43:ff:ad:8d:17:4e:7e:df:64:10:d5:09:13:fb:0a:3d:fb:da:df:5e:64:b9:38:e9:a1:a7:de:6b:3f:0b

Digest Algorithm

sha256

PE Digest Matches

true

d8:9a:14:9d:14:91:12:dc:db:38:89:3b:fd:43:0b:be:23:0a:dc:17
Signer

Actual PE Digest

d8:9a:14:9d:14:91:12:dc:db:38:89:3b:fd:43:0b:be:23:0a:dc:17

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_LARGE_ADDRESS_AWARE

IMAGE_FILE_DLL

PDB Paths

api-ms-win-crt-string-l1-1-0.pdb

Exports

__isascii

__iscsym

__iscsymf

__iswcsym

__iswcsymf

__strncnt

__wcsncnt

_isalnum_l

_isalpha_l

_isblank_l

_iscntrl_l

_isctype

_isctype_l

_isdigit_l

_isgraph_l

_isleadbyte_l

_islower_l

_isprint_l

_ispunct_l

_isspace_l

_isupper_l

_iswalnum_l

_iswalpha_l

_iswblank_l

_iswcntrl_l

_iswcsym_l

_iswcsymf_l

_iswctype_l

_iswdigit_l

_iswgraph_l

_iswlower_l

_iswprint_l

_iswpunct_l

_iswspace_l

_iswupper_l

_iswxdigit_l

_isxdigit_l

_memccpy

_memicmp

_memicmp_l

_strcoll_l

_strdup

_stricmp

_stricmp_l

_stricoll

_stricoll_l

_strlwr

_strlwr_l

_strlwr_s

_strlwr_s_l

_strncoll

_strncoll_l

_strnicmp

_strnicmp_l

_strnicoll

_strnicoll_l

_strnset

_strnset_s

_strrev

_strset

_strset_s

_strupr

_strupr_l

_strupr_s

_strupr_s_l

_strxfrm_l

_tolower

_tolower_l

_toupper

_toupper_l

_towlower_l

_towupper_l

_wcscoll_l

_wcsdup

_wcsicmp

_wcsicmp_l

_wcsicoll

_wcsicoll_l

_wcslwr

_wcslwr_l

_wcslwr_s

_wcslwr_s_l

_wcsncoll

_wcsncoll_l

_wcsnicmp

_wcsnicmp_l

_wcsnicoll

_wcsnicoll_l

_wcsnset

_wcsnset_s

_wcsrev

_wcsset

_wcsset_s

_wcsupr

_wcsupr_l

_wcsupr_s

_wcsupr_s_l

_wcsxfrm_l

_wctype

is_wctype

isalnum

isalpha

isblank

iscntrl

isdigit

isgraph

isleadbyte

islower

isprint

ispunct

isspace

isupper

iswalnum

iswalpha

iswascii

iswblank

iswcntrl

iswctype

iswdigit

iswgraph

iswlower

iswprint

iswpunct

iswspace

iswupper

iswxdigit

isxdigit

mblen

mbrlen

memcpy_s

memmove_s

memset

strcat

strcat_s

strcmp

strcoll

strcpy

strcpy_s

strcspn

strlen

strncat

strncat_s

strncmp

strncpy

strncpy_s

strnlen

strpbrk

strspn

strtok

strtok_s

strxfrm

tolower

toupper

towctrans

towlower

towupper

wcscat

wcscat_s

wcscmp

wcscoll

wcscpy

wcscpy_s

wcscspn

wcslen

wcsncat

wcsncat_s

wcsncmp

wcsncpy

wcsncpy_s

wcsnlen

wcspbrk

wcsspn

wcstok

wcstok_s

wcsxfrm

wctype

wmemcpy_s

wmemmove_s

Sections

.rdata
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1000B

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

api-ms-win-crt-time-l1-1-0.dll

.dll windows:10 windows x64 arch:x64

Code Sign

33:00:00:00:71:b3:2e:8a:6b:82:aa:1f:4e:00:00:00:00:00:71
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

20/03/2015, 17:32

Not After

20/06/2016, 17:32

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:B8EC-30A4-7144,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

33:00:00:01:0a:2c:79:ae:d7:79:7b:a6:ac:00:01:00:00:01:0a
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

04/06/2015, 17:42

Not After

04/09/2016, 17:42

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:33:26:1a:00:00:00:00:00:31
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

31/08/2010, 22:19

Not After

31/08/2020, 22:29

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03/04/2007, 12:53

Not After

03/04/2021, 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

33:00:00:00:7b:a2:81:0b:87:11:ab:e7:fc:00:00:00:00:00:7b
Certificate

Issuer

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

01/10/2014, 18:06

Not After

01/01/2016, 18:06

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0c:52:4c:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

06/07/2010, 20:40

Not After

06/07/2025, 20:50

Subject

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

38:56:04:42:cd:70:26:0f:14:73:d0:c5:f1:e0:c0:47:89:71:3c:02:a6:af:5e:1f:26:69:74:04:32:a8:30:ef
Signer

Actual PE Digest

38:56:04:42:cd:70:26:0f:14:73:d0:c5:f1:e0:c0:47:89:71:3c:02:a6:af:5e:1f:26:69:74:04:32:a8:30:ef

Digest Algorithm

sha256

PE Digest Matches

true

32:48:e7:a5:5e:1b:c0:21:29:0b:cf:34:e7:db:b9:7d:73:2f:6c:ac
Signer

Actual PE Digest

32:48:e7:a5:5e:1b:c0:21:29:0b:cf:34:e7:db:b9:7d:73:2f:6c:ac

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_LARGE_ADDRESS_AWARE

IMAGE_FILE_DLL

PDB Paths

api-ms-win-crt-time-l1-1-0.pdb

Exports

_Getdays

_Getmonths

_Gettnames

_Strftime

_W_Getdays

_W_Getmonths

_W_Gettnames

_Wcsftime

__daylight

__dstbias

__timezone

__tzname

_ctime32

_ctime32_s

_ctime64

_ctime64_s

_difftime32

_difftime64

_ftime32

_ftime32_s

_ftime64

_ftime64_s

_futime32

_futime64

_get_daylight

_get_dstbias

_get_timezone

_get_tzname

_getsystime

_gmtime32

_gmtime32_s

_gmtime64

_gmtime64_s

_localtime32

_localtime32_s

_localtime64

_localtime64_s

_mkgmtime32

_mkgmtime64

_mktime32

_mktime64

_setsystime

_strdate

_strdate_s

_strftime_l

_strtime

_strtime_s

_time32

_time64

_timespec32_get

_timespec64_get

_tzset

_utime32

_utime64

_wasctime

_wasctime_s

_wcsftime_l

_wctime32

_wctime32_s

_wctime64

_wctime64_s

_wstrdate

_wstrdate_s

_wstrtime

_wstrtime_s

_wutime32

_wutime64

asctime

asctime_s

clock

strftime

wcsftime

Sections

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1000B

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

api-ms-win-crt-utility-l1-1-0.dll

.dll windows:10 windows x64 arch:x64

Code Sign

33:00:00:00:6f:65:2d:58:6d:07:11:46:28:00:00:00:00:00:6f
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

20/03/2015, 17:32

Not After

20/06/2016, 17:32

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:C0F4-3086-DEF8,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

33:00:00:01:0a:2c:79:ae:d7:79:7b:a6:ac:00:01:00:00:01:0a
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

04/06/2015, 17:42

Not After

04/09/2016, 17:42

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:33:26:1a:00:00:00:00:00:31
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

31/08/2010, 22:19

Not After

31/08/2020, 22:29

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03/04/2007, 12:53

Not After

03/04/2021, 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

33:00:00:00:7b:a2:81:0b:87:11:ab:e7:fc:00:00:00:00:00:7b
Certificate

Issuer

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

01/10/2014, 18:06

Not After

01/01/2016, 18:06

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0c:52:4c:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

06/07/2010, 20:40

Not After

06/07/2025, 20:50

Subject

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

ce:aa:d7:23:19:44:46:34:53:fd:19:40:d4:20:8c:fe:85:e9:6b:69:e4:5d:c2:80:61:cf:cc:ff:f8:4e:b1:a8
Signer

Actual PE Digest

ce:aa:d7:23:19:44:46:34:53:fd:19:40:d4:20:8c:fe:85:e9:6b:69:e4:5d:c2:80:61:cf:cc:ff:f8:4e:b1:a8

Digest Algorithm

sha256

PE Digest Matches

true

99:11:ff:bf:e0:5e:e4:ad:eb:30:b1:f1:ec:6d:27:9d:a7:f1:8d:14
Signer

Actual PE Digest

99:11:ff:bf:e0:5e:e4:ad:eb:30:b1:f1:ec:6d:27:9d:a7:f1:8d:14

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_LARGE_ADDRESS_AWARE

IMAGE_FILE_DLL

PDB Paths

api-ms-win-crt-utility-l1-1-0.pdb

Exports

_abs64

_byteswap_uint64

_byteswap_ulong

_byteswap_ushort

_lfind

_lfind_s

_lrotl

_lrotr

_lsearch

_lsearch_s

_rotl

_rotl64

_rotr

_rotr64

_swab

abs

bsearch

bsearch_s

div

imaxabs

imaxdiv

labs

ldiv

llabs

lldiv

qsort

qsort_s

rand

rand_s

srand

Sections

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1000B

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

concrt140.dll

.dll windows:6 windows x64 arch:x64

0e53a682f1331df9628488b9ca56f28b

Code Sign

33:00:00:00:f5:82:36:5b:4e:30:d5:29:7a:00:00:00:00:00:f5
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/08/2018, 20:20

Not After

23/11/2019, 20:20

Subject

CN=Microsoft Time-Stamp Service,OU=Microsoft Operations Puerto Rico+OU=Thales TSS ESN:31C5-30BA-7C91,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

33:00:00:01:51:9e:8d:8f:40:71:a3:0e:41:00:00:00:00:01:51
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

02/05/2019, 21:37

Not After

02/05/2020, 21:37

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03/04/2007, 12:53

Not After

03/04/2021, 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08/07/2011, 20:59

Not After

08/07/2026, 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

33:00:00:01:51:9e:8d:8f:40:71:a3:0e:41:00:00:00:00:01:51
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

02/05/2019, 21:37

Not After

02/05/2020, 21:37

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08/07/2011, 20:59

Not After

08/07/2026, 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

f2:6a:14:30:91:a7:b5:2a:57:8f:75:24:4f:66:45:c6:72:58:12:0e:a3:fb:25:7d:39:6a:68:2c:fc:4f:7e:2e
Signer

Actual PE Digest

f2:6a:14:30:91:a7:b5:2a:57:8f:75:24:4f:66:45:c6:72:58:12:0e:a3:fb:25:7d:39:6a:68:2c:fc:4f:7e:2e

Digest Algorithm

sha256

PE Digest Matches

true

16:7e:8c:3b:6d:6d:29:da:55:aa:e5:10:3e:eb:fc:c6:16:27:80:48
Signer

Actual PE Digest

16:7e:8c:3b:6d:6d:29:da:55:aa:e5:10:3e:eb:fc:c6:16:27:80:48

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_LARGE_ADDRESS_AWARE

IMAGE_FILE_DLL

PDB Paths

d:\agent\_work\2\s\binaries\amd64ret\bin\amd64\\concrt140.amd64.pdb

Imports

msvcp140

?_Xbad_function_call@std@@YAXXZ

?GetCurrentThreadId@platform@details@Concurrency@@YAJXZ

_Mtx_init_in_situ

_Mtx_destroy_in_situ

_Mtx_lock

_Mtx_unlock

_Cnd_init_in_situ

_Cnd_destroy_in_situ

_Cnd_wait

_Cnd_broadcast

?_Throw_C_error@std@@YAXH@Z

__crtInitializeCriticalSectionEx

__crtCreateEventExW

__crtGetTickCount64

__crtFlushProcessWriteBuffers

__crtGetCurrentProcessorNumber

__crtCreateSemaphoreExW

__crtSetThreadpoolTimer

?__ExceptionPtrDestroy@@YAXPEAX@Z

?__ExceptionPtrCreate@@YAXPEAX@Z

?__ExceptionPtrCopy@@YAXPEAXPEBX@Z

?__ExceptionPtrCurrentException@@YAXPEAX@Z

?__ExceptionPtrRethrow@@YAXPEBX@Z

__crtCreateThreadpoolTimer

__crtWaitForThreadpoolTimerCallbacks

__crtCloseThreadpoolTimer

__crtCreateThreadpoolWait

__crtSetThreadpoolWait

__crtCloseThreadpoolWait

__crtFreeLibraryWhenCallbackReturns

vcruntime140

__C_specific_handler

memcpy

__uncaught_exception

memset

__RTDynamicCast

_CxxThrowException

__std_exception_destroy

__std_exception_copy

__std_terminate

_purecall

__CxxFrameHandler3

__std_type_info_destroy_list

api-ms-win-crt-runtime-l1-1-0

_initterm_e

_initterm

_cexit

terminate

_invalid_parameter_noinfo_noreturn

_seh_filter_dll

_configure_narrow_argv

_initialize_narrow_environment

_initialize_onexit_table

_register_onexit_function

_execute_onexit_table

_crt_atexit

api-ms-win-crt-heap-l1-1-0

_callnewh

free

malloc

api-ms-win-crt-math-l1-1-0

sqrt

exp

api-ms-win-crt-string-l1-1-0

wcsncpy_s

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vfwprintf

__stdio_common_vswprintf_s

__acrt_iob_func

fflush

kernel32

InterlockedPopEntrySList

DisableThreadLibraryCalls

GetSystemTimeAsFileTime

GetCurrentProcessId

QueryPerformanceCounter

IsDebuggerPresent

IsProcessorFeaturePresent

TerminateProcess

SetUnhandledExceptionFilter

UnhandledExceptionFilter

RtlVirtualUnwind

RtlLookupFunctionEntry

RtlCaptureContext

GetModuleHandleA

GetModuleFileNameW

FreeLibraryAndExitThread

FreeLibrary

GetThreadTimes

OutputDebugStringW

LoadLibraryW

LoadLibraryExW

SetLastError

EncodePointer

UnregisterWaitEx

ReleaseSemaphore

InitializeSListHead

SetProcessAffinityMask

VirtualFree

VirtualProtect

VirtualAlloc

GetVersionExW

DeleteCriticalSection

TryEnterCriticalSection

LeaveCriticalSection

EnterCriticalSection

UnregisterWait

RegisterWaitForSingleObject

SetThreadAffinityMask

GetProcessAffinityMask

GetNumaHighestNodeNumber

GetProcAddress

GetModuleHandleW

DeleteTimerQueueTimer

ChangeTimerQueueTimer

CreateTimerQueueTimer

GetLogicalProcessorInformation

TlsFree

TlsSetValue

TlsGetValue

TlsAlloc

GetThreadPriority

SetThreadPriority

CreateThread

SwitchToThread

SignalObjectAndWait

Sleep

GetCurrentThreadId

GetCurrentProcess

WaitForSingleObjectEx

SetEvent

GetLastError

DuplicateHandle

CloseHandle

GetCurrentThread

CreateTimerQueue

QueryDepthSList

InterlockedFlushSList

InterlockedPushEntrySList

Exports

??0?$_SpinWait@$00@details@Concurrency@@QEAA@P6AXXZ@Z

??0?$_SpinWait@$0A@@details@Concurrency@@QEAA@P6AXXZ@Z

??0SchedulerPolicy@Concurrency@@QEAA@AEBV01@@Z

??0SchedulerPolicy@Concurrency@@QEAA@XZ

??0SchedulerPolicy@Concurrency@@QEAA@_KZZ

??0_Cancellation_beacon@details@Concurrency@@QEAA@XZ

??0_Concurrent_queue_base_v4@details@Concurrency@@IEAA@_K@Z

??0_Concurrent_queue_iterator_base_v4@details@Concurrency@@IEAA@AEBV_Concurrent_queue_base_v4@12@@Z

??0_Condition_variable@details@Concurrency@@QEAA@XZ

??0_Context@details@Concurrency@@QEAA@PEAVContext@2@@Z

??0_NonReentrantBlockingLock@details@Concurrency@@QEAA@XZ

??0_NonReentrantPPLLock@details@Concurrency@@QEAA@XZ

??0_ReaderWriterLock@details@Concurrency@@QEAA@XZ

??0_ReentrantBlockingLock@details@Concurrency@@QEAA@XZ

??0_ReentrantLock@details@Concurrency@@QEAA@XZ

??0_ReentrantPPLLock@details@Concurrency@@QEAA@XZ

??0_Runtime_object@details@Concurrency@@QEAA@H@Z

??0_Runtime_object@details@Concurrency@@QEAA@XZ

??0_Scheduler@details@Concurrency@@QEAA@PEAVScheduler@2@@Z

??0_Scoped_lock@_NonReentrantPPLLock@details@Concurrency@@QEAA@AEAV123@@Z

??0_Scoped_lock@_ReentrantPPLLock@details@Concurrency@@QEAA@AEAV123@@Z

??0_SpinLock@details@Concurrency@@QEAA@AECJ@Z

??0_StructuredTaskCollection@details@Concurrency@@QEAA@PEAV_CancellationTokenState@12@@Z

??0_TaskCollection@details@Concurrency@@QEAA@PEAV_CancellationTokenState@12@@Z

??0_TaskCollection@details@Concurrency@@QEAA@XZ

??0_Timer@details@Concurrency@@IEAA@I_N@Z

??0agent@Concurrency@@QEAA@AEAVScheduleGroup@1@@Z

??0agent@Concurrency@@QEAA@AEAVScheduler@1@@Z

??0agent@Concurrency@@QEAA@XZ

??0bad_target@Concurrency@@QEAA@PEBD@Z

??0bad_target@Concurrency@@QEAA@XZ

??0context_self_unblock@Concurrency@@QEAA@PEBD@Z

??0context_self_unblock@Concurrency@@QEAA@XZ

??0context_unblock_unbalanced@Concurrency@@QEAA@PEBD@Z

??0context_unblock_unbalanced@Concurrency@@QEAA@XZ

??0critical_section@Concurrency@@QEAA@XZ

??0default_scheduler_exists@Concurrency@@QEAA@PEBD@Z

??0default_scheduler_exists@Concurrency@@QEAA@XZ

??0event@Concurrency@@QEAA@XZ

??0improper_lock@Concurrency@@QEAA@PEBD@Z

??0improper_lock@Concurrency@@QEAA@XZ

??0improper_scheduler_attach@Concurrency@@QEAA@PEBD@Z

??0improper_scheduler_attach@Concurrency@@QEAA@XZ

??0improper_scheduler_detach@Concurrency@@QEAA@PEBD@Z

??0improper_scheduler_detach@Concurrency@@QEAA@XZ

??0improper_scheduler_reference@Concurrency@@QEAA@PEBD@Z

??0improper_scheduler_reference@Concurrency@@QEAA@XZ

??0invalid_link_target@Concurrency@@QEAA@PEBD@Z

??0invalid_link_target@Concurrency@@QEAA@XZ

??0invalid_multiple_scheduling@Concurrency@@QEAA@PEBD@Z

??0invalid_multiple_scheduling@Concurrency@@QEAA@XZ

??0invalid_oversubscribe_operation@Concurrency@@QEAA@PEBD@Z

??0invalid_oversubscribe_operation@Concurrency@@QEAA@XZ

??0invalid_scheduler_policy_key@Concurrency@@QEAA@PEBD@Z

??0invalid_scheduler_policy_key@Concurrency@@QEAA@XZ

??0invalid_scheduler_policy_thread_specification@Concurrency@@QEAA@PEBD@Z

??0invalid_scheduler_policy_thread_specification@Concurrency@@QEAA@XZ

??0invalid_scheduler_policy_value@Concurrency@@QEAA@PEBD@Z

??0invalid_scheduler_policy_value@Concurrency@@QEAA@XZ

??0message_not_found@Concurrency@@QEAA@PEBD@Z

??0message_not_found@Concurrency@@QEAA@XZ

??0missing_wait@Concurrency@@QEAA@PEBD@Z

??0missing_wait@Concurrency@@QEAA@XZ

??0nested_scheduler_missing_detach@Concurrency@@QEAA@PEBD@Z

??0nested_scheduler_missing_detach@Concurrency@@QEAA@XZ

??0operation_timed_out@Concurrency@@QEAA@PEBD@Z

??0operation_timed_out@Concurrency@@QEAA@XZ

??0reader_writer_lock@Concurrency@@QEAA@XZ

??0scheduler_not_attached@Concurrency@@QEAA@PEBD@Z

??0scheduler_not_attached@Concurrency@@QEAA@XZ

??0scheduler_resource_allocation_error@Concurrency@@QEAA@J@Z

??0scheduler_resource_allocation_error@Concurrency@@QEAA@PEBDJ@Z

??0scheduler_worker_creation_error@Concurrency@@QEAA@J@Z

??0scheduler_worker_creation_error@Concurrency@@QEAA@PEBDJ@Z

??0scoped_lock@critical_section@Concurrency@@QEAA@AEAV12@@Z

??0scoped_lock@reader_writer_lock@Concurrency@@QEAA@AEAV12@@Z

??0scoped_lock_read@reader_writer_lock@Concurrency@@QEAA@AEAV12@@Z

??0unsupported_os@Concurrency@@QEAA@PEBD@Z

??0unsupported_os@Concurrency@@QEAA@XZ

??1SchedulerPolicy@Concurrency@@QEAA@XZ

??1_Cancellation_beacon@details@Concurrency@@QEAA@XZ

??1_Concurrent_queue_base_v4@details@Concurrency@@MEAA@XZ

??1_Concurrent_queue_iterator_base_v4@details@Concurrency@@IEAA@XZ

??1_Concurrent_vector_base_v4@details@Concurrency@@IEAA@XZ

??1_Condition_variable@details@Concurrency@@QEAA@XZ

??1_NonReentrantBlockingLock@details@Concurrency@@QEAA@XZ

??1_ReentrantBlockingLock@details@Concurrency@@QEAA@XZ

??1_Scoped_lock@_NonReentrantPPLLock@details@Concurrency@@QEAA@XZ

??1_Scoped_lock@_ReentrantPPLLock@details@Concurrency@@QEAA@XZ

??1_SpinLock@details@Concurrency@@QEAA@XZ

??1_StructuredTaskCollection@details@Concurrency@@QEAA@XZ

??1_TaskCollection@details@Concurrency@@QEAA@XZ

??1_Timer@details@Concurrency@@MEAA@XZ

??1agent@Concurrency@@UEAA@XZ

??1critical_section@Concurrency@@QEAA@XZ

??1event@Concurrency@@QEAA@XZ

??1reader_writer_lock@Concurrency@@QEAA@XZ

??1scoped_lock@critical_section@Concurrency@@QEAA@XZ

??1scoped_lock@reader_writer_lock@Concurrency@@QEAA@XZ

??1scoped_lock_read@reader_writer_lock@Concurrency@@QEAA@XZ

??4?$_SpinWait@$00@details@Concurrency@@QEAAAEAV012@$$QEAV012@@Z

??4?$_SpinWait@$00@details@Concurrency@@QEAAAEAV012@AEBV012@@Z

??4?$_SpinWait@$0A@@details@Concurrency@@QEAAAEAV012@$$QEAV012@@Z

??4?$_SpinWait@$0A@@details@Concurrency@@QEAAAEAV012@AEBV012@@Z

??4SchedulerPolicy@Concurrency@@QEAAAEAV01@AEBV01@@Z

??_F?$_SpinWait@$00@details@Concurrency@@QEAAXXZ

??_F?$_SpinWait@$0A@@details@Concurrency@@QEAAXXZ

??_F_Context@details@Concurrency@@QEAAXXZ

??_F_Scheduler@details@Concurrency@@QEAAXXZ

?AgentEventGuid@Concurrency@@3U_GUID@@B

?Alloc@Concurrency@@YAPEAX_K@Z

?Block@Context@Concurrency@@SAXXZ

?ChoreEventGuid@Concurrency@@3U_GUID@@B

?ConcRTEventGuid@Concurrency@@3U_GUID@@B

?ConcRT_ProviderGuid@Concurrency@@3U_GUID@@B

?ContextEventGuid@Concurrency@@3U_GUID@@B

?Create@CurrentScheduler@Concurrency@@SAXAEBVSchedulerPolicy@2@@Z

?Create@Scheduler@Concurrency@@SAPEAV12@AEBVSchedulerPolicy@2@@Z

?CreateResourceManager@Concurrency@@YAPEAUIResourceManager@1@XZ

?CreateScheduleGroup@CurrentScheduler@Concurrency@@SAPEAVScheduleGroup@2@AEAVlocation@2@@Z

?CreateScheduleGroup@CurrentScheduler@Concurrency@@SAPEAVScheduleGroup@2@XZ

?CurrentContext@Context@Concurrency@@SAPEAV12@XZ

?Detach@CurrentScheduler@Concurrency@@SAXXZ

?DisableTracing@Concurrency@@YAJXZ

?EnableTracing@Concurrency@@YAJXZ

?Free@Concurrency@@YAXPEAX@Z

?Get@CurrentScheduler@Concurrency@@SAPEAVScheduler@2@XZ

?GetExecutionContextId@Concurrency@@YAIXZ

?GetNumberOfVirtualProcessors@CurrentScheduler@Concurrency@@SAIXZ

?GetOSVersion@Concurrency@@YA?AW4OSVersion@IResourceManager@1@XZ

?GetPolicy@CurrentScheduler@Concurrency@@SA?AVSchedulerPolicy@2@XZ

?GetPolicyValue@SchedulerPolicy@Concurrency@@QEBAIW4PolicyElementKey@2@@Z

?GetProcessorCount@Concurrency@@YAIXZ

?GetProcessorNodeCount@Concurrency@@YAIXZ

?GetSchedulerId@Concurrency@@YAIXZ

?GetSharedTimerQueue@details@Concurrency@@YAPEAXXZ

?Id@Context@Concurrency@@SAIXZ

?Id@CurrentScheduler@Concurrency@@SAIXZ

?IsAvailableLocation@CurrentScheduler@Concurrency@@SA_NAEBVlocation@2@@Z

?IsCurrentTaskCollectionCanceling@Context@Concurrency@@SA_NXZ

?LockEventGuid@Concurrency@@3U_GUID@@B

?Log2@details@Concurrency@@YAK_K@Z

?NFS_Allocate@details@Concurrency@@YAPEAX_K0PEAX@Z

?NFS_Free@details@Concurrency@@YAXPEAX@Z

?NFS_GetLineSize@details@Concurrency@@YA_KXZ

?Oversubscribe@Context@Concurrency@@SAX_N@Z

?PPLParallelForEventGuid@Concurrency@@3U_GUID@@B

?PPLParallelForeachEventGuid@Concurrency@@3U_GUID@@B

?PPLParallelInvokeEventGuid@Concurrency@@3U_GUID@@B

?RegisterShutdownEvent@CurrentScheduler@Concurrency@@SAXPEAX@Z

?ResetDefaultSchedulerPolicy@Scheduler@Concurrency@@SAXXZ

?ResourceManagerEventGuid@Concurrency@@3U_GUID@@B

?ScheduleGroupEventGuid@Concurrency@@3U_GUID@@B

?ScheduleGroupId@Context@Concurrency@@SAIXZ

?ScheduleTask@CurrentScheduler@Concurrency@@SAXP6AXPEAX@Z0@Z

?ScheduleTask@CurrentScheduler@Concurrency@@SAXP6AXPEAX@Z0AEAVlocation@2@@Z

?SchedulerEventGuid@Concurrency@@3U_GUID@@B

?SetConcurrencyLimits@SchedulerPolicy@Concurrency@@QEAAXII@Z

?SetDefaultSchedulerPolicy@Scheduler@Concurrency@@SAXAEBVSchedulerPolicy@2@@Z

?SetPolicyValue@SchedulerPolicy@Concurrency@@QEAAIW4PolicyElementKey@2@I@Z

?VirtualProcessorEventGuid@Concurrency@@3U_GUID@@B

?VirtualProcessorId@Context@Concurrency@@SAIXZ

?Yield@Context@Concurrency@@SAXXZ

?_Abort@_StructuredTaskCollection@details@Concurrency@@AEAAXXZ

?_Acquire@_NonReentrantBlockingLock@details@Concurrency@@QEAAXXZ

?_Acquire@_NonReentrantPPLLock@details@Concurrency@@QEAAXPEAX@Z

?_Acquire@_ReentrantBlockingLock@details@Concurrency@@QEAAXXZ

?_Acquire@_ReentrantLock@details@Concurrency@@QEAAXXZ

?_Acquire@_ReentrantPPLLock@details@Concurrency@@QEAAXPEAX@Z

?_AcquireRead@_ReaderWriterLock@details@Concurrency@@QEAAXXZ

?_AcquireWrite@_ReaderWriterLock@details@Concurrency@@QEAAXXZ

?_Advance@_Concurrent_queue_iterator_base_v4@details@Concurrency@@IEAAXXZ

?_Assign@_Concurrent_queue_iterator_base_v4@details@Concurrency@@IEAAXAEBV123@@Z

?_Byte_reverse_table@details@Concurrency@@3QBEB

?_Cancel@_StructuredTaskCollection@details@Concurrency@@QEAAXXZ

?_Cancel@_TaskCollection@details@Concurrency@@QEAAXXZ

?_CheckTaskCollection@_UnrealizedChore@details@Concurrency@@IEAAXXZ

?_CleanupToken@_StructuredTaskCollection@details@Concurrency@@AEAAXXZ

?_ConcRT_CoreAssert@details@Concurrency@@YAXPEBD0H@Z

?_ConcRT_Trace@details@Concurrency@@YAXHPEB_WZZ

?_Confirm_cancel@_Cancellation_beacon@details@Concurrency@@QEAA_NXZ

?_CurrentContext@_Context@details@Concurrency@@SA?AV123@XZ

?_Current_node@location@Concurrency@@SA?AV12@XZ

?_Destroy@_AsyncTaskCollection@details@Concurrency@@EEAAXXZ

?_DoYield@?$_SpinWait@$00@details@Concurrency@@IEAAXXZ

?_DoYield@?$_SpinWait@$0A@@details@Concurrency@@IEAAXXZ

?_Get@_CurrentScheduler@details@Concurrency@@SA?AV_Scheduler@23@XZ

?_GetCombinableSize@details@Concurrency@@YA_KXZ

?_GetConcRTTraceInfo@Concurrency@@YAPEBU_CONCRT_TRACE_INFO@details@1@XZ

?_GetConcurrency@details@Concurrency@@YAIXZ

?_GetCurrentInlineDepth@_StackGuard@details@Concurrency@@CAAEA_KXZ

?_GetNumberOfVirtualProcessors@_CurrentScheduler@details@Concurrency@@SAIXZ

?_GetScheduler@_Scheduler@details@Concurrency@@QEAAPEAVScheduler@3@XZ

?_Id@_CurrentScheduler@details@Concurrency@@SAIXZ

?_Internal_assign@_Concurrent_vector_base_v4@details@Concurrency@@IEAAXAEBV123@_KP6AXPEAX1@ZP6AX2PEBX1@Z5@Z

?_Internal_capacity@_Concurrent_vector_base_v4@details@Concurrency@@IEBA_KXZ

?_Internal_clear@_Concurrent_vector_base_v4@details@Concurrency@@IEAA_KP6AXPEAX_K@Z@Z

?_Internal_compact@_Concurrent_vector_base_v4@details@Concurrency@@IEAAPEAX_KPEAXP6AX10@ZP6AX1PEBX0@Z@Z

?_Internal_copy@_Concurrent_vector_base_v4@details@Concurrency@@IEAAXAEBV123@_KP6AXPEAXPEBX1@Z@Z

?_Internal_empty@_Concurrent_queue_base_v4@details@Concurrency@@IEBA_NXZ

?_Internal_finish_clear@_Concurrent_queue_base_v4@details@Concurrency@@IEAAXXZ

?_Internal_grow_by@_Concurrent_vector_base_v4@details@Concurrency@@IEAA_K_K0P6AXPEAXPEBX0@Z2@Z

?_Internal_grow_to_at_least_with_result@_Concurrent_vector_base_v4@details@Concurrency@@IEAA_K_K0P6AXPEAXPEBX0@Z2@Z

?_Internal_move_push@_Concurrent_queue_base_v4@details@Concurrency@@IEAAXPEAX@Z

?_Internal_pop_if_present@_Concurrent_queue_base_v4@details@Concurrency@@IEAA_NPEAX@Z

?_Internal_push@_Concurrent_queue_base_v4@details@Concurrency@@IEAAXPEBX@Z

?_Internal_push_back@_Concurrent_vector_base_v4@details@Concurrency@@IEAAPEAX_KAEA_K@Z

?_Internal_reserve@_Concurrent_vector_base_v4@details@Concurrency@@IEAAX_K00@Z

?_Internal_resize@_Concurrent_vector_base_v4@details@Concurrency@@IEAAX_K00P6AXPEAX0@ZP6AX1PEBX0@Z3@Z

?_Internal_size@_Concurrent_queue_base_v4@details@Concurrency@@IEBA_KXZ

?_Internal_swap@_Concurrent_queue_base_v4@details@Concurrency@@IEAAXAEAV123@@Z

?_Internal_swap@_Concurrent_vector_base_v4@details@Concurrency@@IEAAXAEAV123@@Z

?_Internal_throw_exception@_Concurrent_queue_base_v4@details@Concurrency@@IEBAXXZ

?_Internal_throw_exception@_Concurrent_vector_base_v4@details@Concurrency@@IEBAX_K@Z

?_IsCanceling@_StructuredTaskCollection@details@Concurrency@@QEAA_NXZ

?_IsCanceling@_TaskCollection@details@Concurrency@@QEAA_NXZ

?_IsSynchronouslyBlocked@_Context@details@Concurrency@@QEBA_NXZ

?_NewCollection@_AsyncTaskCollection@details@Concurrency@@SAPEAV123@PEAV_CancellationTokenState@23@@Z

?_NumberOfSpins@?$_SpinWait@$00@details@Concurrency@@IEAAKXZ

?_NumberOfSpins@?$_SpinWait@$0A@@details@Concurrency@@IEAAKXZ

?_Oversubscribe@_Context@details@Concurrency@@SAX_N@Z

?_Reference@_Scheduler@details@Concurrency@@QEAAIXZ

?_Release@_NonReentrantBlockingLock@details@Concurrency@@QEAAXXZ

?_Release@_NonReentrantPPLLock@details@Concurrency@@QEAAXXZ

?_Release@_ReentrantBlockingLock@details@Concurrency@@QEAAXXZ

?_Release@_ReentrantLock@details@Concurrency@@QEAAXXZ

?_Release@_ReentrantPPLLock@details@Concurrency@@QEAAXXZ

?_Release@_Scheduler@details@Concurrency@@QEAAIXZ

?_ReleaseRead@_ReaderWriterLock@details@Concurrency@@QEAAXXZ

?_ReleaseWrite@_ReaderWriterLock@details@Concurrency@@QEAAXXZ

?_Reset@?$_SpinWait@$00@details@Concurrency@@IEAAXXZ

?_Reset@?$_SpinWait@$0A@@details@Concurrency@@IEAAXXZ

?_RunAndWait@_StructuredTaskCollection@details@Concurrency@@QEAA?AW4_TaskCollectionStatus@23@PEAV_UnrealizedChore@23@@Z

?_RunAndWait@_TaskCollection@details@Concurrency@@QEAA?AW4_TaskCollectionStatus@23@PEAV_UnrealizedChore@23@@Z

?_Schedule@_StructuredTaskCollection@details@Concurrency@@QEAAXPEAV_UnrealizedChore@23@@Z

?_Schedule@_StructuredTaskCollection@details@Concurrency@@QEAAXPEAV_UnrealizedChore@23@PEAVlocation@3@@Z

?_Schedule@_TaskCollection@details@Concurrency@@QEAAXPEAV_UnrealizedChore@23@@Z

?_Schedule@_TaskCollection@details@Concurrency@@QEAAXPEAV_UnrealizedChore@23@PEAVlocation@3@@Z

?_ScheduleTask@_CurrentScheduler@details@Concurrency@@SAXP6AXPEAX@Z0@Z

?_Segment_index_of@_Concurrent_vector_base_v4@details@Concurrency@@KA_K_K@Z

?_SetSpinCount@?$_SpinWait@$00@details@Concurrency@@QEAAXI@Z

?_SetSpinCount@?$_SpinWait@$0A@@details@Concurrency@@QEAAXI@Z

?_ShouldSpinAgain@?$_SpinWait@$00@details@Concurrency@@IEAA_NXZ

?_ShouldSpinAgain@?$_SpinWait@$0A@@details@Concurrency@@IEAA_NXZ

?_SpinOnce@?$_SpinWait@$00@details@Concurrency@@QEAA_NXZ

?_SpinOnce@?$_SpinWait@$0A@@details@Concurrency@@QEAA_NXZ

?_SpinYield@Context@Concurrency@@SAXXZ

?_Start@_Timer@details@Concurrency@@IEAAXXZ

?_Stop@_Timer@details@Concurrency@@IEAAXXZ

?_Trace_agents@Concurrency@@YAXW4Agents_EventType@1@_JZZ

?_Trace_ppl_function@Concurrency@@YAXAEBU_GUID@@EW4ConcRT_EventType@1@@Z

?_TryAcquire@_NonReentrantBlockingLock@details@Concurrency@@QEAA_NXZ

?_TryAcquire@_ReentrantBlockingLock@details@Concurrency@@QEAA_NXZ

?_TryAcquire@_ReentrantLock@details@Concurrency@@QEAA_NXZ

?_TryAcquireWrite@_ReaderWriterLock@details@Concurrency@@QEAA_NXZ

?_UnderlyingYield@details@Concurrency@@YAXXZ

?_Value@_SpinCount@details@Concurrency@@SAIXZ

?_Yield@_Context@details@Concurrency@@SAXXZ

?cancel@agent@Concurrency@@QEAA_NXZ

?current@location@Concurrency@@SA?AV12@XZ

?done@agent@Concurrency@@IEAA_NXZ

?from_numa_node@location@Concurrency@@SA?AV12@G@Z

?get_error_code@scheduler_resource_allocation_error@Concurrency@@QEBAJXZ

?is_current_task_group_canceling@Concurrency@@YA_NXZ

?lock@critical_section@Concurrency@@QEAAXXZ

?lock@reader_writer_lock@Concurrency@@QEAAXXZ

?lock_read@reader_writer_lock@Concurrency@@QEAAXXZ

?native_handle@critical_section@Concurrency@@QEAAAEAV12@XZ

?notify_all@_Condition_variable@details@Concurrency@@QEAAXXZ

?notify_one@_Condition_variable@details@Concurrency@@QEAAXXZ

?reset@event@Concurrency@@QEAAXXZ

?set@event@Concurrency@@QEAAXXZ

?set_task_execution_resources@Concurrency@@YAXGPEAU_GROUP_AFFINITY@@@Z

?set_task_execution_resources@Concurrency@@YAX_K@Z

?start@agent@Concurrency@@QEAA_NXZ

?status@agent@Concurrency@@QEAA?AW4agent_status@2@XZ

?status_port@agent@Concurrency@@QEAAPEAV?$ISource@W4agent_status@Concurrency@@@2@XZ

?try_lock@critical_section@Concurrency@@QEAA_NXZ

?try_lock@reader_writer_lock@Concurrency@@QEAA_NXZ

?try_lock_for@critical_section@Concurrency@@QEAA_NI@Z

?try_lock_read@reader_writer_lock@Concurrency@@QEAA_NXZ

?unlock@critical_section@Concurrency@@QEAAXXZ

?unlock@reader_writer_lock@Concurrency@@QEAAXXZ

?wait@Concurrency@@YAXI@Z

?wait@_Condition_variable@details@Concurrency@@QEAAXAEAVcritical_section@3@@Z

?wait@agent@Concurrency@@SA?AW4agent_status@2@PEAV12@I@Z

?wait@event@Concurrency@@QEAA_KI@Z

?wait_for@_Condition_variable@details@Concurrency@@QEAA_NAEAVcritical_section@3@I@Z

?wait_for_all@agent@Concurrency@@SAX_KPEAPEAV12@PEAW4agent_status@2@I@Z

?wait_for_multiple@event@Concurrency@@SA_KPEAPEAV12@_K_NI@Z

?wait_for_one@agent@Concurrency@@SAX_KPEAPEAV12@AEAW4agent_status@2@AEA_KI@Z

Sections

.text
Size: 185KB - Virtual size: 185KB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

.rdata
Size: 91KB - Virtual size: 90KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.pdata
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_DISCARDABLE

IMAGE_SCN_MEM_READ

msvcp140.dll

.dll windows:6 windows x64 arch:x64

adf99b9ea3a1f76c33522f96772bc4dd

Code Sign

33:00:00:00:fa:fe:5e:7b:76:00:e8:42:86:00:00:00:00:00:fa
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/08/2018, 20:20

Not After

23/11/2019, 20:20

Subject

CN=Microsoft Time-Stamp Service,OU=Microsoft Operations Puerto Rico+OU=Thales TSS ESN:98FD-C61E-E641,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

33:00:00:01:51:9e:8d:8f:40:71:a3:0e:41:00:00:00:00:01:51
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

02/05/2019, 21:37

Not After

02/05/2020, 21:37

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03/04/2007, 12:53

Not After

03/04/2021, 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08/07/2011, 20:59

Not After

08/07/2026, 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

33:00:00:01:51:9e:8d:8f:40:71:a3:0e:41:00:00:00:00:01:51
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

02/05/2019, 21:37

Not After

02/05/2020, 21:37

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08/07/2011, 20:59

Not After

08/07/2026, 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

75:d1:f0:68:a9:c9:8f:3a:b7:32:1c:05:a3:70:8f:85:cd:58:65:f2:91:b3:a3:25:ba:0c:76:56:eb:c0:70:9c
Signer

Actual PE Digest

75:d1:f0:68:a9:c9:8f:3a:b7:32:1c:05:a3:70:8f:85:cd:58:65:f2:91:b3:a3:25:ba:0c:76:56:eb:c0:70:9c

Digest Algorithm

sha256

PE Digest Matches

true

1d:56:91:ca:bc:94:cb:08:f4:e6:76:01:08:ee:50:34:61:d5:be:f3
Signer

Actual PE Digest

1d:56:91:ca:bc:94:cb:08:f4:e6:76:01:08:ee:50:34:61:d5:be:f3

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_LARGE_ADDRESS_AWARE

IMAGE_FILE_DLL

PDB Paths

d:\agent\_work\2\s\binaries\amd64ret\bin\amd64\\msvcp140.amd64.pdb

Imports

vcruntime140

__C_specific_handler

__uncaught_exceptions

__uncaught_exception

memmove

__std_terminate

_purecall

__CxxFrameHandler3

_CxxThrowException

__AdjustPointer

__processing_throw

__current_exception

__std_exception_destroy

__std_exception_copy

memset

memcmp

memchr

__std_type_info_destroy_list

memcpy

api-ms-win-crt-heap-l1-1-0

malloc

calloc

free

realloc

_callnewh

api-ms-win-crt-locale-l1-1-0

___mb_cur_max_func

___lc_collate_cp_func

localeconv

___lc_codepage_func

___lc_locale_name_func

__pctype_func

_unlock_locales

_lock_locales

setlocale

api-ms-win-crt-string-l1-1-0

wcsnlen

tolower

isalnum

__strncnt

isspace

wcscpy_s

isdigit

islower

isxdigit

_wcsdup

isupper

strcspn

iswctype

api-ms-win-crt-runtime-l1-1-0

_beginthreadex

_set_new_handler

_initterm_e

terminate

_crt_atexit

_execute_onexit_table

_invalid_parameter_noinfo_noreturn

_seh_filter_dll

_endthreadex

_errno

_initterm

_configure_narrow_argv

_initialize_narrow_environment

_initialize_onexit_table

_register_onexit_function

abort

_cexit

api-ms-win-crt-stdio-l1-1-0

fputc

ungetc

setvbuf

fwrite

_fseeki64

fsetpos

fread

fgetpos

fgetc

fflush

fclose

_get_stream_buffer_pointers

ungetwc

_wfsopen

_fsopen

fseek

fputwc

fgetwc

__acrt_iob_func

__stdio_common_vsprintf_s

fputs

api-ms-win-crt-math-l1-1-0

ldexp

log

powf

pow

logf

frexp

api-ms-win-crt-convert-l1-1-0

btowc

strtod

strtof

api-ms-win-crt-filesystem-l1-1-0

_wrmdir

_wrename

_wremove

_wchdir

_unlock_file

_lock_file

api-ms-win-crt-time-l1-1-0

_Getdays

_Getmonths

_Gettnames

_W_Getmonths

_W_Gettnames

_W_Getdays

_Strftime

_Wcsftime

api-ms-win-crt-environment-l1-1-0

_wgetcwd

api-ms-win-crt-utility-l1-1-0

rand_s

kernel32

IsProcessorFeaturePresent

DuplicateHandle

WaitForSingleObjectEx

Sleep

GetCurrentProcess

SwitchToThread

GetCurrentThread

GetCurrentThreadId

GetExitCodeThread

GetNativeSystemInfo

QueryPerformanceCounter

QueryPerformanceFrequency

GetStringTypeW

MultiByteToWideChar

EnterCriticalSection

LeaveCriticalSection

DeleteCriticalSection

WideCharToMultiByte

LoadLibraryExA

FreeLibrary

VirtualQuery

VirtualProtect

GetSystemInfo

InitializeSListHead

GetCurrentProcessId

IsDebuggerPresent

TerminateProcess

SetUnhandledExceptionFilter

UnhandledExceptionFilter

RtlVirtualUnwind

RtlLookupFunctionEntry

RtlCaptureContext

GetProcAddress

GetModuleHandleW

GetTickCount

GetSystemTimeAsFileTime

CreateEventW

InitializeCriticalSectionAndSpinCount

SetLastError

GetModuleHandleExW

QueueUserWorkItem

CloseHandle

RtlCaptureStackBackTrace

TryEnterCriticalSection

FormatMessageW

CreateHardLinkW

CopyFileW

GetLastError

AreFileApisANSI

GetTempPathW

SetFileTime

SetFilePointerEx

SetFileAttributesW

SetEndOfFile

GetFileInformationByHandle

GetFileAttributesExW

GetDiskFreeSpaceExW

FindNextFileW

FindFirstFileExW

FindClose

CreateFileW

CreateDirectoryW

GetLocaleInfoW

LCMapStringW

CompareStringW

GetCPInfo

RaiseException

DecodePointer

EncodePointer

RtlPcToFileHeader

Exports

??$_Getvals@_W@?$time_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@IEAAX_WAEBV_Locinfo@1@@Z

??$_Getvals@_W@?$time_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@IEAAX_WAEBV_Locinfo@1@@Z

??$_Getvals@_W@?$time_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@IEAAX_WAEBV_Locinfo@1@@Z

??0?$_Yarn@D@std@@QEAA@AEBV01@@Z

??0?$_Yarn@D@std@@QEAA@PEBD@Z

??0?$_Yarn@D@std@@QEAA@XZ

??0?$_Yarn@G@std@@QEAA@AEBV01@@Z

??0?$_Yarn@G@std@@QEAA@PEBG@Z

??0?$_Yarn@G@std@@QEAA@XZ

??0?$_Yarn@_W@std@@QEAA@AEBV01@@Z

??0?$_Yarn@_W@std@@QEAA@PEB_W@Z

??0?$_Yarn@_W@std@@QEAA@XZ

??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ

??0?$basic_ios@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z

??0?$basic_ios@GU?$char_traits@G@std@@@std@@IEAA@XZ

??0?$basic_ios@GU?$char_traits@G@std@@@std@@QEAA@PEAV?$basic_streambuf@GU?$char_traits@G@std@@@1@@Z

??0?$basic_ios@_WU?$char_traits@_W@std@@@std@@IEAA@XZ

??0?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEAA@PEAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@@Z

??0?$basic_iostream@DU?$char_traits@D@std@@@std@@IEAA@$$QEAV01@@Z

??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z

??0?$basic_iostream@GU?$char_traits@G@std@@@std@@IEAA@$$QEAV01@@Z

??0?$basic_iostream@GU?$char_traits@G@std@@@std@@QEAA@PEAV?$basic_streambuf@GU?$char_traits@G@std@@@1@@Z

??0?$basic_iostream@_WU?$char_traits@_W@std@@@std@@IEAA@$$QEAV01@@Z

??0?$basic_iostream@_WU?$char_traits@_W@std@@@std@@QEAA@PEAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@@Z

??0?$basic_istream@DU?$char_traits@D@std@@@std@@IEAA@$$QEAV01@@Z

??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N1@Z

??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z

??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@W4_Uninitialized@1@@Z

??0?$basic_istream@GU?$char_traits@G@std@@@std@@IEAA@$$QEAV01@@Z

??0?$basic_istream@GU?$char_traits@G@std@@@std@@QEAA@PEAV?$basic_streambuf@GU?$char_traits@G@std@@@1@_N1@Z

??0?$basic_istream@GU?$char_traits@G@std@@@std@@QEAA@PEAV?$basic_streambuf@GU?$char_traits@G@std@@@1@_N@Z

??0?$basic_istream@GU?$char_traits@G@std@@@std@@QEAA@W4_Uninitialized@1@@Z

??0?$basic_istream@_WU?$char_traits@_W@std@@@std@@IEAA@$$QEAV01@@Z

??0?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAA@PEAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@_N1@Z

??0?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAA@PEAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@_N@Z

??0?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAA@W4_Uninitialized@1@@Z

??0?$basic_ostream@DU?$char_traits@D@std@@@std@@IEAA@$$QEAV01@@Z

??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z

??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@W4_Uninitialized@1@_N@Z

??0?$basic_ostream@GU?$char_traits@G@std@@@std@@IEAA@$$QEAV01@@Z

??0?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAA@PEAV?$basic_streambuf@GU?$char_traits@G@std@@@1@_N@Z

??0?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAA@W4_Uninitialized@1@_N@Z

??0?$basic_ostream@_WU?$char_traits@_W@std@@@std@@IEAA@$$QEAV01@@Z

??0?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAA@PEAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@_N@Z

??0?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAA@W4_Uninitialized@1@_N@Z

??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@AEBV01@@Z

??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@W4_Uninitialized@1@@Z

??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ

??0?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAA@AEBV01@@Z

??0?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAA@W4_Uninitialized@1@@Z

??0?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAA@XZ

??0?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAA@AEBV01@@Z

??0?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAA@W4_Uninitialized@1@@Z

??0?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAA@XZ

??0?$codecvt@DDU_Mbstatet@@@std@@QEAA@AEBV_Locinfo@1@_K@Z

??0?$codecvt@DDU_Mbstatet@@@std@@QEAA@_K@Z

??0?$codecvt@GDU_Mbstatet@@@std@@QEAA@AEBV_Locinfo@1@_K@Z

??0?$codecvt@GDU_Mbstatet@@@std@@QEAA@_K@Z

??0?$codecvt@_SDU_Mbstatet@@@std@@QEAA@AEBV_Locinfo@1@KW4_Codecvt_mode@1@_K@Z

??0?$codecvt@_SDU_Mbstatet@@@std@@QEAA@AEBV_Locinfo@1@_K@Z

??0?$codecvt@_SDU_Mbstatet@@@std@@QEAA@_K@Z

??0?$codecvt@_UDU_Mbstatet@@@std@@QEAA@AEBV_Locinfo@1@KW4_Codecvt_mode@1@_K@Z

??0?$codecvt@_UDU_Mbstatet@@@std@@QEAA@AEBV_Locinfo@1@_K@Z

??0?$codecvt@_UDU_Mbstatet@@@std@@QEAA@_K@Z

??0?$codecvt@_WDU_Mbstatet@@@std@@QEAA@AEBV_Locinfo@1@_K@Z

??0?$codecvt@_WDU_Mbstatet@@@std@@QEAA@_K@Z

??0?$ctype@D@std@@QEAA@AEBV_Locinfo@1@_K@Z

??0?$ctype@D@std@@QEAA@PEBF_N_K@Z

??0?$ctype@G@std@@QEAA@AEBV_Locinfo@1@_K@Z

??0?$ctype@G@std@@QEAA@_K@Z

??0?$ctype@_W@std@@QEAA@AEBV_Locinfo@1@_K@Z

??0?$ctype@_W@std@@QEAA@_K@Z

??0?$num_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QEAA@AEBV_Locinfo@1@_K@Z

??0?$num_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QEAA@_K@Z

??0?$num_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QEAA@AEBV_Locinfo@1@_K@Z

??0?$num_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QEAA@_K@Z

??0?$num_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@QEAA@AEBV_Locinfo@1@_K@Z

??0?$num_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@QEAA@_K@Z

??0?$num_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QEAA@AEBV_Locinfo@1@_K@Z

??0?$num_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QEAA@_K@Z

??0?$num_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QEAA@AEBV_Locinfo@1@_K@Z

??0?$num_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QEAA@_K@Z

??0?$num_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@QEAA@AEBV_Locinfo@1@_K@Z

??0?$num_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@QEAA@_K@Z

??0?$time_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@IEAA@PEBD_K@Z

??0?$time_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QEAA@AEBV_Locinfo@1@_K@Z

??0?$time_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QEAA@_K@Z

??0?$time_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@IEAA@PEBD_K@Z

??0?$time_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QEAA@AEBV_Locinfo@1@_K@Z

??0?$time_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QEAA@_K@Z

??0?$time_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@IEAA@PEBD_K@Z

??0?$time_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@QEAA@AEBV_Locinfo@1@_K@Z

??0?$time_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@QEAA@_K@Z

??0?$time_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QEAA@AEBV_Locinfo@1@_K@Z

??0?$time_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QEAA@_K@Z

??0?$time_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@IEAA@PEBD_K@Z

??0?$time_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QEAA@AEBV_Locinfo@1@_K@Z

??0?$time_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QEAA@_K@Z

??0?$time_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@IEAA@PEBD_K@Z

??0?$time_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@QEAA@AEBV_Locinfo@1@_K@Z

??0?$time_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@QEAA@_K@Z

??0Init@ios_base@std@@QEAA@XZ

??0_Facet_base@std@@QEAA@AEBV01@@Z

??0_Facet_base@std@@QEAA@XZ

??0_Init_locks@std@@QEAA@XZ

??0_Locimp@locale@std@@AEAA@AEBV012@@Z

??0_Locimp@locale@std@@AEAA@_N@Z

??0_Locinfo@std@@QEAA@HPEBD@Z

??0_Locinfo@std@@QEAA@PEBD@Z

??0_Lockit@std@@QEAA@H@Z

??0_Lockit@std@@QEAA@XZ

??0_Timevec@std@@QEAA@AEBV01@@Z

??0_Timevec@std@@QEAA@PEAX@Z

??0_UShinit@std@@QEAA@XZ

??0_Winit@std@@QEAA@XZ

??0codecvt_base@std@@QEAA@_K@Z

??0ctype_base@std@@QEAA@_K@Z

??0facet@locale@std@@IEAA@_K@Z

??0id@locale@std@@QEAA@_K@Z

??0ios_base@std@@IEAA@XZ

??0task_continuation_context@Concurrency@@AEAA@XZ

??0time_base@std@@QEAA@_K@Z

??1?$_Yarn@D@std@@QEAA@XZ

??1?$_Yarn@G@std@@QEAA@XZ

??1?$_Yarn@_W@std@@QEAA@XZ

??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ

??1?$basic_ios@GU?$char_traits@G@std@@@std@@UEAA@XZ

??1?$basic_ios@_WU?$char_traits@_W@std@@@std@@UEAA@XZ

??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ

??1?$basic_iostream@GU?$char_traits@G@std@@@std@@UEAA@XZ

??1?$basic_iostream@_WU?$char_traits@_W@std@@@std@@UEAA@XZ

??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ

??1?$basic_istream@GU?$char_traits@G@std@@@std@@UEAA@XZ

??1?$basic_istream@_WU?$char_traits@_W@std@@@std@@UEAA@XZ

??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ

??1?$basic_ostream@GU?$char_traits@G@std@@@std@@UEAA@XZ

??1?$basic_ostream@_WU?$char_traits@_W@std@@@std@@UEAA@XZ

??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ

??1?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAA@XZ

??1?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UEAA@XZ

??1?$codecvt@DDU_Mbstatet@@@std@@MEAA@XZ

??1?$codecvt@GDU_Mbstatet@@@std@@MEAA@XZ

??1?$codecvt@_SDU_Mbstatet@@@std@@MEAA@XZ

??1?$codecvt@_UDU_Mbstatet@@@std@@MEAA@XZ

??1?$codecvt@_WDU_Mbstatet@@@std@@MEAA@XZ

??1?$ctype@D@std@@MEAA@XZ

??1?$ctype@G@std@@MEAA@XZ

??1?$ctype@_W@std@@MEAA@XZ

??1?$num_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@MEAA@XZ

??1?$num_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@MEAA@XZ

??1?$num_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@MEAA@XZ

??1?$num_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@MEAA@XZ

??1?$num_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@MEAA@XZ

??1?$num_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@MEAA@XZ

??1?$time_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@MEAA@XZ

??1?$time_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@MEAA@XZ

??1?$time_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@MEAA@XZ

??1?$time_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@MEAA@XZ

??1?$time_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@MEAA@XZ

??1?$time_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@MEAA@XZ

??1Init@ios_base@std@@QEAA@XZ

??1_Facet_base@std@@UEAA@XZ

??1_Init_locks@std@@QEAA@XZ

??1_Locimp@locale@std@@MEAA@XZ

??1_Locinfo@std@@QEAA@XZ

??1_Lockit@std@@QEAA@XZ

??1_Timevec@std@@QEAA@XZ

??1_UShinit@std@@QEAA@XZ

??1_Winit@std@@QEAA@XZ

??1codecvt_base@std@@UEAA@XZ

??1ctype_base@std@@UEAA@XZ

??1facet@locale@std@@MEAA@XZ

??1ios_base@std@@UEAA@XZ

??1time_base@std@@UEAA@XZ

??4?$_Iosb@H@std@@QEAAAEAV01@$$QEAV01@@Z

??4?$_Iosb@H@std@@QEAAAEAV01@AEBV01@@Z

??4?$_Yarn@D@std@@QEAAAEAV01@AEBV01@@Z

??4?$_Yarn@D@std@@QEAAAEAV01@PEBD@Z

??4?$_Yarn@G@std@@QEAAAEAV01@AEBV01@@Z

??4?$_Yarn@G@std@@QEAAAEAV01@PEBG@Z

??4?$_Yarn@_W@std@@QEAAAEAV01@AEBV01@@Z

??4?$_Yarn@_W@std@@QEAAAEAV01@PEB_W@Z

??4?$basic_iostream@DU?$char_traits@D@std@@@std@@IEAAAEAV01@$$QEAV01@@Z

??4?$basic_iostream@GU?$char_traits@G@std@@@std@@IEAAAEAV01@$$QEAV01@@Z

??4?$basic_iostream@_WU?$char_traits@_W@std@@@std@@IEAAAEAV01@$$QEAV01@@Z

??4?$basic_istream@DU?$char_traits@D@std@@@std@@IEAAAEAV01@$$QEAV01@@Z

??4?$basic_istream@GU?$char_traits@G@std@@@std@@IEAAAEAV01@$$QEAV01@@Z

??4?$basic_istream@_WU?$char_traits@_W@std@@@std@@IEAAAEAV01@$$QEAV01@@Z

??4?$basic_ostream@DU?$char_traits@D@std@@@std@@IEAAAEAV01@$$QEAV01@@Z

??4?$basic_ostream@GU?$char_traits@G@std@@@std@@IEAAAEAV01@$$QEAV01@@Z

??4?$basic_ostream@_WU?$char_traits@_W@std@@@std@@IEAAAEAV01@$$QEAV01@@Z

??4?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAAEAV01@AEBV01@@Z

??4?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAAEAV01@AEBV01@@Z

??4?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAAAEAV01@AEBV01@@Z

??4Init@ios_base@std@@QEAAAEAV012@AEBV012@@Z

??4_Crt_new_delete@std@@QEAAAEAU01@$$QEAU01@@Z

??4_Crt_new_delete@std@@QEAAAEAU01@AEBU01@@Z

??4_Facet_base@std@@QEAAAEAV01@AEBV01@@Z

??4_Init_locks@std@@QEAAAEAV01@AEBV01@@Z

??4_Timevec@std@@QEAAAEAV01@AEBV01@@Z

??4_UShinit@std@@QEAAAEAV01@AEBV01@@Z

??4_Winit@std@@QEAAAEAV01@AEBV01@@Z

??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEAF@Z

??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEAG@Z

??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEAH@Z

??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEAI@Z

??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEAJ@Z

??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEAK@Z

??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEAM@Z

??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEAN@Z

??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEAO@Z

??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEAPEAX@Z

??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEA_J@Z

??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEA_K@Z

??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEA_N@Z

??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z

??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV?$basic_ios@DU?$char_traits@D@std@@@1@AEAV21@@Z@Z

??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z

??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z

??5?$basic_istream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@AEAF@Z

??5?$basic_istream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@AEAG@Z

??5?$basic_istream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@AEAH@Z

??5?$basic_istream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@AEAI@Z

??5?$basic_istream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@AEAJ@Z

??5?$basic_istream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@AEAK@Z

??5?$basic_istream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@AEAM@Z

??5?$basic_istream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@AEAN@Z

??5?$basic_istream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@AEAO@Z

??5?$basic_istream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@AEAPEAX@Z

??5?$basic_istream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@AEA_J@Z

??5?$basic_istream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@AEA_K@Z

??5?$basic_istream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@AEA_N@Z

??5?$basic_istream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z

??5?$basic_istream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@P6AAEAV?$basic_ios@GU?$char_traits@G@std@@@1@AEAV21@@Z@Z

??5?$basic_istream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z

??5?$basic_istream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@PEAV?$basic_streambuf@GU?$char_traits@G@std@@@1@@Z

??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@AEAF@Z

??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@AEAG@Z

??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@AEAH@Z

??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@AEAI@Z

??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@AEAJ@Z

??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@AEAK@Z

??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@AEAM@Z

??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@AEAN@Z

??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@AEAO@Z

??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@AEAPEAX@Z

??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@AEA_J@Z

??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@AEA_K@Z

??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@AEA_N@Z

??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z

??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@P6AAEAV?$basic_ios@_WU?$char_traits@_W@std@@@1@AEAV21@@Z@Z

??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z

??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@PEAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@@Z

??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@F@Z

??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@G@Z

??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@H@Z

??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@I@Z

??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@J@Z

??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@K@Z

??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@M@Z

??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@N@Z

??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@O@Z

??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z

??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV?$basic_ios@DU?$char_traits@D@std@@@1@AEAV21@@Z@Z

??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z

??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z

??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@PEBX@Z

??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@_J@Z

??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@_K@Z

??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@_N@Z

??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@F@Z

??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@G@Z

??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@H@Z

??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@I@Z

??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@J@Z

??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@K@Z

??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@M@Z

??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@N@Z

??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@O@Z

??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z

??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@P6AAEAV?$basic_ios@GU?$char_traits@G@std@@@1@AEAV21@@Z@Z

??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z

??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@PEAV?$basic_streambuf@GU?$char_traits@G@std@@@1@@Z

??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@PEBX@Z

??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@_J@Z

??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@_K@Z

??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@_N@Z

??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@F@Z

??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@G@Z

??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@H@Z

??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@I@Z

??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@J@Z

??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@K@Z

??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@M@Z

??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@N@Z

??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@O@Z

??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z

??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@P6AAEAV?$basic_ios@_WU?$char_traits@_W@std@@@1@AEAV21@@Z@Z

??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z

??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@PEAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@@Z

??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@PEBX@Z

??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@_J@Z

??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@_K@Z

??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@_N@Z

??7ios_base@std@@QEBA_NXZ

??Bid@locale@std@@QEAA_KXZ

??Bios_base@std@@QEBA_NXZ

??_7?$basic_ios@DU?$char_traits@D@std@@@std@@6B@

??_7?$basic_ios@GU?$char_traits@G@std@@@std@@6B@

??_7?$basic_ios@_WU?$char_traits@_W@std@@@std@@6B@

??_7?$basic_iostream@DU?$char_traits@D@std@@@std@@6B@

??_7?$basic_iostream@GU?$char_traits@G@std@@@std@@6B@

??_7?$basic_iostream@_WU?$char_traits@_W@std@@@std@@6B@

??_7?$basic_istream@DU?$char_traits@D@std@@@std@@6B@

??_7?$basic_istream@GU?$char_traits@G@std@@@std@@6B@

??_7?$basic_istream@_WU?$char_traits@_W@std@@@std@@6B@

??_7?$basic_ostream@DU?$char_traits@D@std@@@std@@6B@

??_7?$basic_ostream@GU?$char_traits@G@std@@@std@@6B@

??_7?$basic_ostream@_WU?$char_traits@_W@std@@@std@@6B@

??_7?$basic_streambuf@DU?$char_traits@D@std@@@std@@6B@

??_7?$basic_streambuf@GU?$char_traits@G@std@@@std@@6B@

??_7?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@6B@

??_7?$codecvt@DDU_Mbstatet@@@std@@6B@

??_7?$codecvt@GDU_Mbstatet@@@std@@6B@

??_7?$codecvt@_SDU_Mbstatet@@@std@@6B@

??_7?$codecvt@_UDU_Mbstatet@@@std@@6B@

??_7?$codecvt@_WDU_Mbstatet@@@std@@6B@

??_7?$ctype@D@std@@6B@

??_7?$ctype@G@std@@6B@

??_7?$ctype@_W@std@@6B@

??_7?$num_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@6B@

??_7?$num_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@6B@

??_7?$num_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@6B@

??_7?$num_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@6B@

??_7?$num_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@6B@

??_7?$num_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@6B@

??_7?$time_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@6B@

??_7?$time_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@6B@

??_7?$time_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@6B@

??_7?$time_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@6B@

??_7?$time_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@6B@

??_7?$time_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@6B@

??_7_Facet_base@std@@6B@

??_7_Locimp@locale@std@@6B@

??_7codecvt_base@std@@6B@

??_7ctype_base@std@@6B@

??_7facet@locale@std@@6B@

??_7ios_base@std@@6B@

??_7time_base@std@@6B@

??_8?$basic_iostream@DU?$char_traits@D@std@@@std@@7B?$basic_istream@DU?$char_traits@D@std@@@1@@

??_8?$basic_iostream@DU?$char_traits@D@std@@@std@@7B?$basic_ostream@DU?$char_traits@D@std@@@1@@

??_8?$basic_iostream@GU?$char_traits@G@std@@@std@@7B?$basic_istream@GU?$char_traits@G@std@@@1@@

??_8?$basic_iostream@GU?$char_traits@G@std@@@std@@7B?$basic_ostream@GU?$char_traits@G@std@@@1@@

??_8?$basic_iostream@_WU?$char_traits@_W@std@@@std@@7B?$basic_istream@_WU?$char_traits@_W@std@@@1@@

??_8?$basic_iostream@_WU?$char_traits@_W@std@@@std@@7B?$basic_ostream@_WU?$char_traits@_W@std@@@1@@

??_8?$basic_istream@DU?$char_traits@D@std@@@std@@7B@

??_8?$basic_istream@GU?$char_traits@G@std@@@std@@7B@

??_8?$basic_istream@_WU?$char_traits@_W@std@@@std@@7B@

??_8?$basic_ostream@DU?$char_traits@D@std@@@std@@7B@

??_8?$basic_ostream@GU?$char_traits@G@std@@@std@@7B@

??_8?$basic_ostream@_WU?$char_traits@_W@std@@@std@@7B@

??_D?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAAXXZ

??_D?$basic_iostream@GU?$char_traits@G@std@@@std@@QEAAXXZ

??_D?$basic_iostream@_WU?$char_traits@_W@std@@@std@@QEAAXXZ

??_D?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAXXZ

??_D?$basic_istream@GU?$char_traits@G@std@@@std@@QEAAXXZ

??_D?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAAXXZ

??_D?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ

??_D?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAXXZ

??_D?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAXXZ

??_F?$codecvt@DDU_Mbstatet@@@std@@QEAAXXZ

??_F?$codecvt@GDU_Mbstatet@@@std@@QEAAXXZ

??_F?$codecvt@_SDU_Mbstatet@@@std@@QEAAXXZ

??_F?$codecvt@_UDU_Mbstatet@@@std@@QEAAXXZ

??_F?$codecvt@_WDU_Mbstatet@@@std@@QEAAXXZ

??_F?$ctype@D@std@@QEAAXXZ

??_F?$ctype@G@std@@QEAAXXZ

??_F?$ctype@_W@std@@QEAAXXZ

??_F?$num_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QEAAXXZ

??_F?$num_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QEAAXXZ

??_F?$num_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@QEAAXXZ

??_F?$num_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QEAAXXZ

??_F?$num_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QEAAXXZ

??_F?$num_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@QEAAXXZ

??_F?$time_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QEAAXXZ

??_F?$time_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QEAAXXZ

??_F?$time_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@QEAAXXZ

??_F?$time_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QEAAXXZ

??_F?$time_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QEAAXXZ

??_F?$time_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@QEAAXXZ

??_F_Locinfo@std@@QEAAXXZ

??_F_Timevec@std@@QEAAXXZ

??_Fcodecvt_base@std@@QEAAXXZ

??_Fctype_base@std@@QEAAXXZ

??_Ffacet@locale@std@@QEAAXXZ

??_Fid@locale@std@@QEAAXXZ

??_Ftime_base@std@@QEAAXXZ

?CaptureCallstack@platform@details@Concurrency@@YA_KPEAPEAX_K1@Z

?GetCurrentThreadId@platform@details@Concurrency@@YAJXZ

?GetNextAsyncId@platform@details@Concurrency@@YAIXZ

?ReportUnhandledError@_ExceptionHolder@details@Concurrency@@AEAAXXZ

?_Addcats@_Locinfo@std@@QEAAAEAV12@HPEBD@Z

?_Addfac@_Locimp@locale@std@@AEAAXPEAVfacet@23@_K@Z

?_Addstd@ios_base@std@@SAXPEAV12@@Z

?_Assign@_ContextCallback@details@Concurrency@@AEAAXPEAX@Z

?_Atexit@@YAXP6AXXZ@Z

?_BADOFF@std@@3_JB

?_C_str@?$_Yarn@D@std@@QEBAPEBDXZ

?_C_str@?$_Yarn@G@std@@QEBAPEBGXZ

?_C_str@?$_Yarn@_W@std@@QEBAPEB_WXZ

?_CallInContext@_ContextCallback@details@Concurrency@@QEBAXV?$function@$$A6AXXZ@std@@_N@Z

?_Callfns@ios_base@std@@AEAAXW4event@12@@Z

?_Capture@_ContextCallback@details@Concurrency@@AEAAXXZ

?_Clocptr@_Locimp@locale@std@@0PEAV123@EA

?_Decref@facet@locale@std@@UEAAPEAV_Facet_base@3@XZ

?_Donarrow@?$ctype@G@std@@IEBADGD@Z

?_Donarrow@?$ctype@_W@std@@IEBAD_WD@Z

?_Dowiden@?$ctype@G@std@@IEBAGD@Z

?_Dowiden@?$ctype@_W@std@@IEBA_WD@Z

?_Empty@?$_Yarn@D@std@@QEBA_NXZ

?_Empty@?$_Yarn@G@std@@QEBA_NXZ

?_Empty@?$_Yarn@_W@std@@QEBA_NXZ

?_Execute_once@std@@YAHAEAUonce_flag@1@P6AHPEAX1PEAPEAX@Z1@Z

?_Ffmt@?$num_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@AEBAPEADPEADDH@Z

?_Ffmt@?$num_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@AEBAPEADPEADDH@Z

?_Ffmt@?$num_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@AEBAPEADPEADDH@Z

?_Findarr@ios_base@std@@AEAAAEAU_Iosarray@12@H@Z

?_Fiopen@std@@YAPEAU_iobuf@@PEBDHH@Z

?_Fiopen@std@@YAPEAU_iobuf@@PEBGHH@Z

?_Fiopen@std@@YAPEAU_iobuf@@PEB_WHH@Z

?_Fput@?$num_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@AEBA?AV?$ostreambuf_iterator@DU?$char_traits@D@std@@@2@V32@AEAVios_base@2@DPEBD_K@Z

?_Fput@?$num_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@AEBA?AV?$ostreambuf_iterator@GU?$char_traits@G@std@@@2@V32@AEAVios_base@2@GPEBD_K@Z

?_Fput@?$num_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@AEBA?AV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@2@V32@AEAVios_base@2@_WPEBD_K@Z

?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z

?_Getcat@?$codecvt@GDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z

?_Getcat@?$codecvt@_SDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z

?_Getcat@?$codecvt@_UDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z

?_Getcat@?$codecvt@_WDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z

?_Getcat@?$ctype@D@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z

?_Getcat@?$ctype@G@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z

?_Getcat@?$ctype@_W@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z

?_Getcat@?$num_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z

?_Getcat@?$num_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z

?_Getcat@?$num_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z

?_Getcat@?$num_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z

?_Getcat@?$num_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z

?_Getcat@?$num_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z

?_Getcat@?$time_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z

?_Getcat@?$time_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z

?_Getcat@?$time_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z

?_Getcat@?$time_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z

?_Getcat@?$time_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z

?_Getcat@?$time_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z

?_Getcat@facet@locale@std@@SA_KPEAPEBV123@PEBV23@@Z

?_Getcoll@_Locinfo@std@@QEBA?AU_Collvec@@XZ

?_Getctype@_Locinfo@std@@QEBA?AU_Ctypevec@@XZ

?_Getcvt@_Locinfo@std@@QEBA?AU_Cvtvec@@XZ

?_Getdateorder@_Locinfo@std@@QEBAHXZ

?_Getdays@_Locinfo@std@@QEBAPEBDXZ

?_Getfalse@_Locinfo@std@@QEBAPEBDXZ

?_Getffld@?$num_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@AEBAHPEADAEAV?$istreambuf_iterator@DU?$char_traits@D@std@@@2@1AEAVios_base@2@PEAH@Z

?_Getffld@?$num_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@AEBAHPEADAEAV?$istreambuf_iterator@GU?$char_traits@G@std@@@2@1AEAVios_base@2@PEAH@Z

?_Getffld@?$num_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@AEBAHPEADAEAV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@2@1AEAVios_base@2@PEAH@Z

?_Getffldx@?$num_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@AEBAHPEADAEAV?$istreambuf_iterator@DU?$char_traits@D@std@@@2@1AEAVios_base@2@PEAH@Z

?_Getffldx@?$num_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@AEBAHPEADAEAV?$istreambuf_iterator@GU?$char_traits@G@std@@@2@1AEAVios_base@2@PEAH@Z

?_Getffldx@?$num_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@AEBAHPEADAEAV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@2@1AEAVios_base@2@PEAH@Z

?_Getfmt@?$time_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@IEBA?AV?$istreambuf_iterator@DU?$char_traits@D@std@@@2@V32@0AEAVios_base@2@AEAHPEAUtm@@PEBD@Z

?_Getfmt@?$time_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@IEBA?AV?$istreambuf_iterator@GU?$char_traits@G@std@@@2@V32@0AEAVios_base@2@AEAHPEAUtm@@PEBD@Z

?_Getfmt@?$time_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@IEBA?AV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@2@V32@0AEAVios_base@2@AEAHPEAUtm@@PEBD@Z

?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ

?_Getifld@?$num_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@AEBAHPEADAEAV?$istreambuf_iterator@DU?$char_traits@D@std@@@2@1HAEBVlocale@2@@Z

?_Getifld@?$num_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@AEBAHPEADAEAV?$istreambuf_iterator@GU?$char_traits@G@std@@@2@1HAEBVlocale@2@@Z

?_Getifld@?$num_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@AEBAHPEADAEAV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@2@1HAEBVlocale@2@@Z

?_Getint@?$time_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@AEBAHAEAV?$istreambuf_iterator@DU?$char_traits@D@std@@@2@0HHAEAHAEBV?$ctype@D@2@@Z

?_Getint@?$time_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@AEBAHAEAV?$istreambuf_iterator@GU?$char_traits@G@std@@@2@0HHAEAHAEBV?$ctype@G@2@@Z

?_Getint@?$time_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@AEBAHAEAV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@2@0HHAEAHAEBV?$ctype@_W@2@@Z

?_Getlconv@_Locinfo@std@@QEBAPEBUlconv@@XZ

?_Getmonths@_Locinfo@std@@QEBAPEBDXZ

?_Getname@_Locinfo@std@@QEBAPEBDXZ

?_Getptr@_Timevec@std@@QEBAPEAXXZ

?_Gettnames@_Locinfo@std@@QEBA?AV_Timevec@2@XZ

?_Gettrue@_Locinfo@std@@QEBAPEBDXZ

?_Gnavail@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBA_JXZ

?_Gnavail@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBA_JXZ

?_Gnavail@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEBA_JXZ

?_Gndec@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ

?_Gndec@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAPEAGXZ

?_Gndec@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAAPEA_WXZ

?_Gninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ

?_Gninc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAPEAGXZ

?_Gninc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAAPEA_WXZ

?_Gnpreinc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ

?_Gnpreinc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAPEAGXZ

?_Gnpreinc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAAPEA_WXZ

?_Id_cnt@id@locale@std@@0HA

?_Ifmt@?$num_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@AEBAPEADPEADPEBDH@Z

?_Ifmt@?$num_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@AEBAPEADPEADPEBDH@Z

?_Ifmt@?$num_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@AEBAPEADPEADPEBDH@Z

?_Incref@facet@locale@std@@UEAAXXZ

?_Index@ios_base@std@@0HA

Sections

.text
Size: 324KB - Virtual size: 323KB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

.rdata
Size: 244KB - Virtual size: 243KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.pdata
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 104B

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1008B

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_DISCARDABLE

IMAGE_SCN_MEM_READ

system_excludes

ucrtbase.dll

.dll windows:10 windows x64 arch:x64

57abd1fde351971a01e912069e11b44c

Code Sign

33:00:00:00:c8:47:22:9d:a3:0d:ca:c0:58:00:00:00:00:00:c8
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

07/09/2016, 17:58

Not After

07/09/2018, 17:58

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:98FD-C61E-E641,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

33:00:00:01:40:96:a9:ee:70:56:fe:cc:07:00:01:00:00:01:40
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

18/08/2016, 20:17

Not After

02/11/2017, 20:17

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:33:26:1a:00:00:00:00:00:31
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

31/08/2010, 22:19

Not After

31/08/2020, 22:29

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03/04/2007, 12:53

Not After

03/04/2021, 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

33:00:00:01:4f:e7:c6:62:c9:46:f4:a9:7f:00:00:00:00:01:4f
Certificate

Issuer

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

17/11/2016, 21:59

Not After

17/02/2018, 21:59

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0c:52:4c:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

06/07/2010, 20:40

Not After

06/07/2025, 20:50

Subject

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

90:d9:f3:3b:f5:0f:52:e6:71:01:20:a5:66:4e:00:26:e2:70:a6:ba:af:0f:ee:50:cf:f7:34:75:64:b8:f1:c8
Signer

Actual PE Digest

90:d9:f3:3b:f5:0f:52:e6:71:01:20:a5:66:4e:00:26:e2:70:a6:ba:af:0f:ee:50:cf:f7:34:75:64:b8:f1:c8

Digest Algorithm

sha256

PE Digest Matches

true

ad:da:c7:90:42:2a:c7:e0:2b:0a:e7:e2:c6:33:19:31:79:60:f1:4f
Signer

Actual PE Digest

ad:da:c7:90:42:2a:c7:e0:2b:0a:e7:e2:c6:33:19:31:79:60:f1:4f

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_LARGE_ADDRESS_AWARE

IMAGE_FILE_DLL

PDB Paths

ucrtbase.pdb

Imports

api-ms-win-core-string-l1-1-0

WideCharToMultiByte

MultiByteToWideChar

CompareStringW

GetStringTypeW

api-ms-win-core-errorhandling-l1-1-0

SetLastError

SetUnhandledExceptionFilter

SetErrorMode

RaiseException

GetLastError

UnhandledExceptionFilter

api-ms-win-core-file-l1-1-0

GetFileAttributesExW

GetDriveTypeW

GetFileType

GetLogicalDrives

FindClose

LockFileEx

GetFileInformationByHandle

GetFullPathNameW

SetFileAttributesW

FindNextFileW

CreateFileW

UnlockFileEx

FindFirstFileExW

DeleteFileW

RemoveDirectoryW

WriteFile

GetFullPathNameA

SetFileTime

CreateDirectoryW

GetDiskFreeSpaceW

FlushFileBuffers

FindFirstFileExA

SetFilePointerEx

SetEndOfFile

FindNextFileA

ReadFile

api-ms-win-core-timezone-l1-1-0

SystemTimeToTzSpecificLocalTime

SystemTimeToFileTime

FileTimeToSystemTime

TzSpecificLocalTimeToSystemTime

GetTimeZoneInformation

api-ms-win-core-namedpipe-l1-1-0

CreatePipe

PeekNamedPipe

api-ms-win-core-handle-l1-1-0

DuplicateHandle

CloseHandle

api-ms-win-core-file-l2-1-0

MoveFileExW

api-ms-win-core-heap-l1-1-0

HeapWalk

HeapCompact

HeapSize

HeapAlloc

HeapValidate

HeapQueryInformation

HeapFree

GetProcessHeap

HeapReAlloc

api-ms-win-core-libraryloader-l1-1-0

FreeLibraryAndExitThread

FreeLibrary

GetModuleHandleExW

GetModuleFileNameW

GetModuleHandleW

GetProcAddress

LoadLibraryExA

LoadLibraryExW

GetModuleFileNameA

api-ms-win-core-synch-l1-1-0

LeaveCriticalSection

EnterCriticalSection

WaitForSingleObject

DeleteCriticalSection

InitializeCriticalSectionAndSpinCount

api-ms-win-core-processthreads-l1-1-0

TlsFree

TerminateProcess

GetCurrentThreadId

CreateProcessW

CreateProcessA

GetCurrentThread

GetStartupInfoW

TlsGetValue

TlsSetValue

GetCurrentProcessId

GetCurrentProcess

GetExitCodeProcess

TlsAlloc

CreateThread

ExitThread

ResumeThread

ExitProcess

api-ms-win-core-processenvironment-l1-1-0

SetCurrentDirectoryA

GetCurrentDirectoryA

GetCommandLineA

GetCommandLineW

GetCurrentDirectoryW

SetCurrentDirectoryW

SetEnvironmentVariableW

GetEnvironmentStringsW

GetStdHandle

FreeEnvironmentStringsW

SetStdHandle

SetEnvironmentVariableA

api-ms-win-core-localization-l1-2-0

GetACP

GetLocaleInfoW

IsValidCodePage

GetOEMCP

LCMapStringW

EnumSystemLocalesW

GetUserDefaultLCID

GetCPInfo

IsValidLocale

api-ms-win-core-datetime-l1-1-0

GetDateFormatW

GetTimeFormatW

api-ms-win-core-sysinfo-l1-1-0

SetLocalTime

GetSystemInfo

GetLocalTime

GetTickCount

GetSystemTimeAsFileTime

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-console-l1-1-0

ReadConsoleInputA

SetConsoleCtrlHandler

SetConsoleMode

GetConsoleMode

PeekConsoleInputA

GetNumberOfConsoleInputEvents

ReadConsoleInputW

WriteConsoleW

GetConsoleCP

ReadConsoleW

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent

OutputDebugStringW

OutputDebugStringA

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry

RtlVirtualUnwind

RtlPcToFileHeader

RtlUnwindEx

RtlCaptureContext

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-file-l1-2-0

GetTempPathW

api-ms-win-core-profile-l1-1-0

QueryPerformanceFrequency

QueryPerformanceCounter

api-ms-win-core-memory-l1-1-0

VirtualAlloc

VirtualQuery

VirtualProtect

api-ms-win-core-util-l1-1-0

EncodePointer

Beep

api-ms-win-core-interlocked-l1-1-0

InterlockedFlushSList

InterlockedPushEntrySList

Exports

_Cbuild

_Cmulcc

_Cmulcr

_CreateFrameInfo

_CxxThrowException

_Exit

_FCbuild

_FCmulcc

_FCmulcr

_FindAndUnlinkFrame

_GetImageBase

_GetThrowImageBase

_Getdays

_Getmonths

_Gettnames

_IsExceptionObjectToBeDestroyed

_LCbuild

_LCmulcc

_LCmulcr

_SetImageBase

_SetThrowImageBase

_SetWinRTOutOfMemoryExceptionCallback

_Strftime

_W_Getdays

_W_Getmonths

_W_Gettnames

_Wcsftime

__AdjustPointer

__BuildCatchObject

__BuildCatchObjectHelper

__C_specific_handler

__CxxDetectRethrow

__CxxExceptionFilter

__CxxFrameHandler

__CxxFrameHandler2

__CxxFrameHandler3

__CxxQueryExceptionSize

__CxxRegisterExceptionObject

__CxxUnregisterExceptionObject

__DestructExceptionObject

__FrameUnwindFilter

__GetPlatformExceptionInfo

__NLG_Dispatch2

__NLG_Return2

__RTCastToVoid

__RTDynamicCast

__RTtypeid

__TypeMatch

___lc_codepage_func

___lc_collate_cp_func

___lc_locale_name_func

___mb_cur_max_func

___mb_cur_max_l_func

__acrt_iob_func

__conio_common_vcprintf

__conio_common_vcprintf_p

__conio_common_vcprintf_s

__conio_common_vcscanf

__conio_common_vcwprintf

__conio_common_vcwprintf_p

__conio_common_vcwprintf_s

__conio_common_vcwscanf

__current_exception

__current_exception_context

__daylight

__dcrt_get_wide_environment_from_os

__dcrt_initial_narrow_environment

__doserrno

__dstbias

__fpe_flt_rounds

__fpecode

__initialize_lconv_for_unsigned_char

__intrinsic_setjmp

__intrinsic_setjmpex

__isascii

__iscsym

__iscsymf

__iswcsym

__iswcsymf

__p___argc

__p___argv

__p___wargv

__p__acmdln

__p__commode

__p__environ

__p__fmode

__p__mbcasemap

__p__mbctype

__p__pgmptr

__p__wcmdln

__p__wenviron

__p__wpgmptr

__pctype_func

__processing_throw

__pwctype_func

__pxcptinfoptrs

__report_gsfailure

__setusermatherr

__std_exception_copy

__std_exception_destroy

__std_terminate

__std_type_info_compare

__std_type_info_destroy_list

__std_type_info_hash

__std_type_info_name

__stdio_common_vfprintf

__stdio_common_vfprintf_p

__stdio_common_vfprintf_s

__stdio_common_vfscanf

__stdio_common_vfwprintf

__stdio_common_vfwprintf_p

__stdio_common_vfwprintf_s

__stdio_common_vfwscanf

__stdio_common_vsnprintf_s

__stdio_common_vsnwprintf_s

__stdio_common_vsprintf

__stdio_common_vsprintf_p

__stdio_common_vsprintf_s

__stdio_common_vsscanf

__stdio_common_vswprintf

__stdio_common_vswprintf_p

__stdio_common_vswprintf_s

__stdio_common_vswscanf

__strncnt

__sys_errlist

__sys_nerr

__threadhandle

__threadid

__timezone

__toascii

__tzname

__unDName

__unDNameEx

__uncaught_exception

__uncaught_exceptions

__wcserror

__wcserror_s

__wcsncnt

_abs64

_access

_access_s

_aligned_free

_aligned_malloc

_aligned_msize

_aligned_offset_malloc

_aligned_offset_realloc

_aligned_offset_recalloc

_aligned_realloc

_aligned_recalloc

_assert

_atodbl

_atodbl_l

_atof_l

_atoflt

_atoflt_l

_atoi64

_atoi64_l

_atoi_l

_atol_l

_atoldbl

_atoldbl_l

_atoll_l

_beep

_beginthread

_beginthreadex

_byteswap_uint64

_byteswap_ulong

_byteswap_ushort

_c_exit

_cabs

_callnewh

_calloc_base

_cexit

_cgets

_cgets_s

_cgetws

_cgetws_s

_chdir

_chdrive

_chgsign

_chgsignf

_chmod

_chsize

_chsize_s

_clearfp

_close

_commit

_configthreadlocale

_configure_narrow_argv

_configure_wide_argv

_control87

_controlfp

_controlfp_s

_copysign

_copysignf

_cputs

_cputws

_creat

_create_locale

_crt_at_quick_exit

_crt_atexit

_ctime32

_ctime32_s

_ctime64

_ctime64_s

_cwait

_d_int

_dclass

_dexp

_difftime32

_difftime64

_dlog

_dnorm

_dpcomp

_dpoly

_dscale

_dsign

_dsin

_dtest

_dunscale

_dup

_dup2

_dupenv_s

_ecvt

_ecvt_s

_endthread

_endthreadex

_eof

_errno

_except1

_execl

_execle

_execlp

_execlpe

_execute_onexit_table

_execv

_execve

_execvp

_execvpe

_exit

_expand

_fclose_nolock

_fcloseall

_fcvt

_fcvt_s

_fd_int

_fdclass

_fdexp

_fdlog

_fdnorm

_fdopen

_fdpcomp

_fdpoly

_fdscale

_fdsign

_fdsin

_fdtest

_fdunscale

_fflush_nolock

_fgetc_nolock

_fgetchar

_fgetwc_nolock

_fgetwchar

_filelength

_filelengthi64

_fileno

_findclose

_findfirst32

_findfirst32i64

_findfirst64

_findfirst64i32

_findnext32

_findnext32i64

_findnext64

_findnext64i32

_finite

_finitef

_flushall

_fpclass

_fpclassf

_fpieee_flt

_fpreset

_fputc_nolock

_fputchar

_fputwc_nolock

_fputwchar

_fread_nolock

_fread_nolock_s

_free_base

_free_locale

_fseek_nolock

_fseeki64

_fseeki64_nolock

_fsopen

_fstat32

_fstat32i64

_fstat64

_fstat64i32

_ftell_nolock

_ftelli64

_ftelli64_nolock

_ftime32

_ftime32_s

_ftime64

_ftime64_s

_fullpath

_futime32

_futime64

_fwrite_nolock

_gcvt

_gcvt_s

_get_FMA3_enable

_get_current_locale

_get_daylight

_get_doserrno

_get_dstbias

_get_errno

_get_fmode

_get_heap_handle

_get_initial_narrow_environment

_get_initial_wide_environment

_get_invalid_parameter_handler

_get_narrow_winmain_command_line

_get_osfhandle

_get_pgmptr

_get_printf_count_output

_get_purecall_handler

_get_stream_buffer_pointers

_get_terminate

_get_thread_local_invalid_parameter_handler

_get_timezone

_get_tzname

_get_unexpected

_get_wide_winmain_command_line

_get_wpgmptr

_getc_nolock

_getch

_getch_nolock

_getche

_getche_nolock

_getcwd

_getdcwd

_getdiskfree

_getdllprocaddr

_getdrive

_getdrives

_getmaxstdio

_getmbcp

_getpid

_getsystime

_getw

_getwc_nolock

_getwch

_getwch_nolock

_getwche

_getwche_nolock

_getws

_getws_s

_gmtime32

_gmtime32_s

_gmtime64

_gmtime64_s

_heapchk

_heapmin

_heapwalk

_hypot

_hypotf

_i64toa

_i64toa_s

_i64tow

_i64tow_s

_initialize_narrow_environment

_initialize_onexit_table

_initialize_wide_environment

_initterm

_initterm_e

_invalid_parameter_noinfo

_invalid_parameter_noinfo_noreturn

_invoke_watson

_is_exception_typeof

_isalnum_l

_isalpha_l

_isatty

_isblank_l

_iscntrl_l

_isctype

_isctype_l

_isdigit_l

_isgraph_l

_isleadbyte_l

_islower_l

_ismbbalnum

_ismbbalnum_l

_ismbbalpha

_ismbbalpha_l

_ismbbblank

_ismbbblank_l

_ismbbgraph

_ismbbgraph_l

_ismbbkalnum

_ismbbkalnum_l

_ismbbkana

_ismbbkana_l

_ismbbkprint

_ismbbkprint_l

_ismbbkpunct

_ismbbkpunct_l

_ismbblead

_ismbblead_l

_ismbbprint

_ismbbprint_l

_ismbbpunct

_ismbbpunct_l

_ismbbtrail

_ismbbtrail_l

_ismbcalnum

_ismbcalnum_l

_ismbcalpha

_ismbcalpha_l

_ismbcblank

_ismbcblank_l

_ismbcdigit

_ismbcdigit_l

_ismbcgraph

_ismbcgraph_l

_ismbchira

_ismbchira_l

_ismbckata

_ismbckata_l

_ismbcl0

_ismbcl0_l

_ismbcl1

_ismbcl1_l

_ismbcl2

_ismbcl2_l

_ismbclegal

_ismbclegal_l

_ismbclower

_ismbclower_l

_ismbcprint

_ismbcprint_l

_ismbcpunct

_ismbcpunct_l

_ismbcspace

_ismbcspace_l

_ismbcsymbol

_ismbcsymbol_l

_ismbcupper

_ismbcupper_l

_ismbslead

_ismbslead_l

_ismbstrail

_ismbstrail_l

_isnan

_isnanf

_isprint_l

_ispunct_l

_isspace_l

_isupper_l

_iswalnum_l

_iswalpha_l

_iswblank_l

_iswcntrl_l

_iswcsym_l

_iswcsymf_l

_iswctype_l

_iswdigit_l

_iswgraph_l

_iswlower_l

_iswprint_l

_iswpunct_l

_iswspace_l

_iswupper_l

_iswxdigit_l

_isxdigit_l

_itoa

_itoa_s

_itow

_itow_s

_j0

_j1

_jn

_kbhit

_ld_int

_ldclass

_ldexp

_ldlog

_ldpcomp

_ldpoly

_ldscale

_ldsign

_ldsin

_ldtest

_ldunscale

_lfind

_lfind_s

_loaddll

_local_unwind

_localtime32

_localtime32_s

Sections

.text
Size: 680KB - Virtual size: 680KB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

.rdata
Size: 225KB - Virtual size: 225KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.pdata
Size: 43KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_DISCARDABLE

IMAGE_SCN_MEM_READ

vccorlib140.dll

.dll windows:6 windows x64 arch:x64

22d5f5a59536f7b488c92896a4d858ec

Code Sign

33:00:00:00:fd:c7:f0:c9:6a:69:a1:c8:4c:00:00:00:00:00:fd
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/08/2018, 20:20

Not After

23/11/2019, 20:20

Subject

CN=Microsoft Time-Stamp Service,OU=Microsoft Operations Puerto Rico+OU=Thales TSS ESN:5847-F761-4F70,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

33:00:00:01:51:9e:8d:8f:40:71:a3:0e:41:00:00:00:00:01:51
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

02/05/2019, 21:37

Not After

02/05/2020, 21:37

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03/04/2007, 12:53

Not After

03/04/2021, 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08/07/2011, 20:59

Not After

08/07/2026, 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

33:00:00:01:51:9e:8d:8f:40:71:a3:0e:41:00:00:00:00:01:51
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

02/05/2019, 21:37

Not After

02/05/2020, 21:37

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08/07/2011, 20:59

Not After

08/07/2026, 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

4d:9e:04:38:19:b0:49:7b:4e:62:e9:27:39:1d:94:0e:63:a9:c6:d1:45:47:a2:6a:5f:c3:46:f4:ef:94:db:e8
Signer

Actual PE Digest

4d:9e:04:38:19:b0:49:7b:4e:62:e9:27:39:1d:94:0e:63:a9:c6:d1:45:47:a2:6a:5f:c3:46:f4:ef:94:db:e8

Digest Algorithm

sha256

PE Digest Matches

true

12:1a:a8:70:b7:9b:4e:8f:17:f8:12:5c:72:dc:79:9e:30:b7:e9:01
Signer

Actual PE Digest

12:1a:a8:70:b7:9b:4e:8f:17:f8:12:5c:72:dc:79:9e:30:b7:e9:01

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_LARGE_ADDRESS_AWARE

IMAGE_FILE_DLL

PDB Paths

d:\agent\_work\2\s\binaries\amd64ret\bin\amd64\vccorlib140.amd64.pdb

Imports

kernel32

RaiseException

ReleaseSRWLockExclusive

AcquireSRWLockExclusive

ReleaseSRWLockShared

AcquireSRWLockShared

FormatMessageW

GetProcAddress

LoadLibraryExW

HeapFree

EnterCriticalSection

LeaveCriticalSection

InitializeCriticalSectionEx

GetLastError

OutputDebugStringW

HeapAlloc

DeleteCriticalSection

GetProcessHeap

CreateEventExW

WaitForMultipleObjectsEx

SetEvent

CloseHandle

DecodePointer

InitializeSRWLock

TryAcquireSRWLockShared

GetCurrentProcessId

RtlCaptureContext

RtlLookupFunctionEntry

RtlVirtualUnwind

UnhandledExceptionFilter

GetCurrentThreadId

SetUnhandledExceptionFilter

GetCurrentProcess

TerminateProcess

IsProcessorFeaturePresent

IsDebuggerPresent

InitializeSListHead

DisableThreadLibraryCalls

GetSystemTimeAsFileTime

QueryPerformanceCounter

vcruntime140

__std_exception_destroy

__std_exception_copy

__C_specific_handler

memset

__std_terminate

_purecall

__CxxFrameHandler3

_CxxThrowException

__std_type_info_destroy_list

__GetPlatformExceptionInfo

memcpy

_SetWinRTOutOfMemoryExceptionCallback

memmove

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vfprintf

__acrt_iob_func

__stdio_common_vswprintf_s

api-ms-win-crt-runtime-l1-1-0

_register_onexit_function

_execute_onexit_table

_initterm_e

_invalid_parameter_noinfo_noreturn

_cexit

_invoke_watson

__p___wargv

__p___argc

_configure_wide_argv

_initialize_onexit_table

terminate

_seh_filter_dll

_configure_narrow_argv

_crt_atexit

_initialize_narrow_environment

_initterm

api-ms-win-crt-heap-l1-1-0

_callnewh

_aligned_offset_malloc

_aligned_free

malloc

free

api-ms-win-crt-string-l1-1-0

wcscpy_s

msvcp140

?_Xlength_error@std@@YAXPEBD@Z

ole32

CoGetApartmentType

CoReleaseServerProcess

CoAddRefServerProcess

CoGetContextToken

CoGetInterfaceAndReleaseStream

CoGetObjectContext

CoTaskMemFree

CoTaskMemAlloc

CoCreateFreeThreadedMarshaler

CoMarshalInterThreadInterfaceInStream

oleaut32

SysFreeString

SysAllocStringLen

api-ms-win-core-winrt-string-l1-1-0

WindowsGetStringLen

WindowsDeleteString

WindowsIsStringEmpty

WindowsCompareStringOrdinal

WindowsCreateString

WindowsGetStringRawBuffer

WindowsCreateStringReference

WindowsDuplicateString

WindowsStringHasEmbeddedNull

api-ms-win-core-winrt-error-l1-1-0

GetRestrictedErrorInfo

RoOriginateError

RoTransformError

SetRestrictedErrorInfo

api-ms-win-core-winrt-l1-1-0

RoUninitialize

RoRegisterActivationFactories

RoInitialize

RoUnregisterForApartmentShutdown

RoGetActivationFactory

RoRegisterForApartmentShutdown

RoGetApartmentIdentifier

RoRevokeActivationFactories

Exports

?<Dispose>@Exception@Platform@@UE$AAAXXZ

?<Dispose>@String@Platform@@UE$AAAXXZ

?<Dispose>@Type@Platform@@UE$AAAXXZ

??0AccessDeniedException@Platform@@QE$AAA@PE$AAVString@1@@Z

??0AccessDeniedException@Platform@@QE$AAA@XZ

??0Attribute@Metadata@Platform@@QE$AAA@XZ

??0Boolean@Platform@@QEAA@_N@Z

??0COMException@Platform@@QE$AAA@H@Z

??0COMException@Platform@@QE$AAA@HPE$AAVString@1@@Z

??0ChangedStateException@Platform@@QE$AAA@PE$AAVString@1@@Z

??0ChangedStateException@Platform@@QE$AAA@XZ

??0ClassNotRegisteredException@Platform@@QE$AAA@PE$AAVString@1@@Z

??0ClassNotRegisteredException@Platform@@QE$AAA@XZ

??0Delegate@Platform@@QE$AAA@XZ

??0DisconnectedException@Platform@@QE$AAA@PE$AAVString@1@@Z

??0DisconnectedException@Platform@@QE$AAA@XZ

??0Enum@Platform@@QE$AAA@XZ

??0Exception@Platform@@QE$AAA@H@Z

??0Exception@Platform@@QE$AAA@HPE$AAVString@1@@Z

??0FailureException@Platform@@QE$AAA@PE$AAVString@1@@Z

??0FailureException@Platform@@QE$AAA@XZ

??0GridLength@Xaml@UI@Windows@@QEAA@NW4GridUnitType@123@@Z

??0IntPtr@Platform@@QEAA@H@Z

??0IntPtr@Platform@@QEAA@PEAX@Z

??0InvalidArgumentException@Platform@@QE$AAA@PE$AAVString@1@@Z

??0InvalidArgumentException@Platform@@QE$AAA@XZ

??0InvalidCastException@Platform@@QE$AAA@PE$AAVString@1@@Z

??0InvalidCastException@Platform@@QE$AAA@XZ

??0MTAThreadAttribute@Platform@@QE$AAA@XZ

??0NotImplementedException@Platform@@QE$AAA@PE$AAVString@1@@Z

??0NotImplementedException@Platform@@QE$AAA@XZ

??0NullReferenceException@Platform@@QE$AAA@PE$AAVString@1@@Z

??0NullReferenceException@Platform@@QE$AAA@XZ

??0Object@Platform@@QE$AAA@XZ

??0ObjectDisposedException@Platform@@QE$AAA@PE$AAVString@1@@Z

??0ObjectDisposedException@Platform@@QE$AAA@XZ

??0OnePhaseConstructedAttribute@CompilerServices@Runtime@Platform@@QE$AAA@XZ

??0OperationCanceledException@Platform@@QE$AAA@PE$AAVString@1@@Z

??0OperationCanceledException@Platform@@QE$AAA@XZ

??0OutOfBoundsException@Platform@@QE$AAA@PE$AAVString@1@@Z

??0OutOfBoundsException@Platform@@QE$AAA@XZ

??0OutOfMemoryException@Platform@@QE$AAA@PE$AAVString@1@@Z

??0OutOfMemoryException@Platform@@QE$AAA@XZ

??0Rect@Foundation@Windows@@QEAA@VPoint@12@0@Z

??0Rect@Foundation@Windows@@QEAA@VPoint@12@VSize@12@@Z

??0RepeatBehavior@Animation@Media@Xaml@UI@Windows@@QEAA@N@Z

??0STAThreadAttribute@Platform@@QE$AAA@XZ

??0SizeT@Platform@@QEAA@H@Z

??0SizeT@Platform@@QEAA@PEAX@Z

??0Type@Platform@@QE$AAA@PE$AAVObject@1@@Z

??0Type@Platform@@QE$AAA@VIntPtr@1@@Z

??0Type@Platform@@QE$AAA@VTypeName@Interop@Xaml@UI@Windows@@@Z

??0ValueType@Platform@@QE$AAA@XZ

??0WrongThreadException@Platform@@QE$AAA@PE$AAVString@1@@Z

??0WrongThreadException@Platform@@QE$AAA@XZ

??0char16@default@@QEAA@_W@Z

??0float32@default@@QEAA@M@Z

??0float64@default@@QEAA@N@Z

??0int16@default@@QEAA@F@Z

??0int32@default@@QEAA@H@Z

??0int64@default@@QEAA@_J@Z

??0int8@default@@QEAA@C@Z

??0uint16@default@@QEAA@G@Z

??0uint32@default@@QEAA@I@Z

??0uint64@default@@QEAA@_K@Z

??0uint8@default@@QEAA@E@Z

??BIntPtr@Platform@@SA?AV01@H@Z

??BIntPtr@Platform@@SA?AV01@PEAX@Z

??BIntPtr@Platform@@SAPEAXV01@@Z

??BType@Platform@@SA?AVTypeName@Interop@Xaml@UI@Windows@@PE$AAV01@@Z

??BType@Platform@@SAPE$AAV01@VTypeName@Interop@Xaml@UI@Windows@@@Z

??DMatrix3D@Media3D@Media@Xaml@UI@Windows@@SA?AV012345@V012345@0@Z

??GDuration@Xaml@UI@Windows@@SA?AV0123@V0123@0@Z

??HDuration@Xaml@UI@Windows@@SA?AV0123@V0123@0@Z

??MDuration@Xaml@UI@Windows@@SA_NV0123@0@Z

??NDuration@Xaml@UI@Windows@@SA_NV0123@0@Z

??ODuration@Xaml@UI@Windows@@SA_NV0123@0@Z

??PDuration@Xaml@UI@Windows@@SA_NV0123@0@Z

?AlignedAllocate@Heap@Details@Platform@@SAPEAX_K00@Z

?AlignedAllocate@Heap@Details@Platform@@SAPEAX_K0@Z

?AlignedAllocateException@Heap@Details@Platform@@SAPEAX_K00@Z

?AlignedAllocateException@Heap@Details@Platform@@SAPEAX_K0@Z

?AlignedFree@Heap@Details@Platform@@SAXPEAX@Z

?AlignedFreeException@Heap@Details@Platform@@SAXPEAX@Z

?Allocate@Heap@Details@Platform@@SAPEAX_K0@Z

?Allocate@Heap@Details@Platform@@SAPEAX_K@Z

?AllocateException@Heap@Details@Platform@@SAPEAX_K0@Z

?AllocateException@Heap@Details@Platform@@SAPEAX_K@Z

?Compare@Duration@Xaml@UI@Windows@@SAHV1234@0@Z

?Contains@Rect@Foundation@Windows@@QEAA_NVPoint@23@@Z

?CreateException@Exception@Platform@@SAPE$AAV12@H@Z

?CreateException@Exception@Platform@@SAPE$AAV12@HPE$AAVString@2@@Z

?CreateValue@Details@Platform@@YAPE$AAVObject@2@W4TypeCode@2@PEBX@Z

?EnableFactoryCache@@YAXXZ

?EnumerateAllocatedObjects@Heap@Details@Platform@@SAXPE$AAVHeapEntryHandler@23@@Z

?Equals@Attribute@Metadata@Platform@@QE$AAA_NPE$AAVObject@3@@Z

?Equals@Boolean@Platform@@QEAA_NPE$AAVObject@2@@Z

?Equals@Delegate@Platform@@QE$AAA_NPE$AAVObject@2@@Z

?Equals@Enum@Platform@@QE$AAA_NPE$AAVObject@2@@Z

?Equals@Exception@Platform@@UE$AAA_NPE$AAVObject@2@@Z

?Equals@MTAThreadAttribute@Platform@@QE$AAA_NPE$AAVObject@2@@Z

?Equals@Object@Platform@@QE$AAA_NPE$AAV12@@Z

?Equals@OnePhaseConstructedAttribute@CompilerServices@Runtime@Platform@@QE$AAA_NPE$AAVObject@4@@Z

?Equals@STAThreadAttribute@Platform@@QE$AAA_NPE$AAVObject@2@@Z

?Equals@Type@Platform@@UE$AAA_NPE$AAVObject@2@@Z

?Equals@ValueType@Platform@@QE$AAA_NPE$AAVObject@2@@Z

?Equals@char16@default@@QEAA_NPE$AAVObject@Platform@@@Z

?Equals@float32@default@@QEAA_NPE$AAVObject@Platform@@@Z

?Equals@float64@default@@QEAA_NPE$AAVObject@Platform@@@Z

?Equals@int16@default@@QEAA_NPE$AAVObject@Platform@@@Z

?Equals@int32@default@@QEAA_NPE$AAVObject@Platform@@@Z

?Equals@int64@default@@QEAA_NPE$AAVObject@Platform@@@Z

?Equals@int8@default@@QEAA_NPE$AAVObject@Platform@@@Z

?Equals@uint16@default@@QEAA_NPE$AAVObject@Platform@@@Z

?Equals@uint32@default@@QEAA_NPE$AAVObject@Platform@@@Z

?Equals@uint64@default@@QEAA_NPE$AAVObject@Platform@@@Z

?Equals@uint8@default@@QEAA_NPE$AAVObject@Platform@@@Z

?EventSourceAdd@Details@Platform@@YA?AVEventRegistrationToken@Foundation@Windows@@PEAPEAXPEAUEventLock@12@PE$AAVDelegate@2@@Z

?EventSourceGetTargetArray@Details@Platform@@YAPEAXPEAXPEAUEventLock@12@@Z

?EventSourceGetTargetArrayEvent@Details@Platform@@YAPEAXPEAXIPEBXPEA_J@Z

?EventSourceGetTargetArraySize@Details@Platform@@YAIPEAX@Z

?EventSourceInitialize@Details@Platform@@YAXPEAPEAX@Z

?EventSourceRemove@Details@Platform@@YAXPEAPEAXPEAUEventLock@12@VEventRegistrationToken@Foundation@Windows@@@Z

?EventSourceUninitialize@Details@Platform@@YAXPEAPEAX@Z

?FlushFactoryCache@@YAXXZ

?Free@Heap@Details@Platform@@SAXPEAX@Z

?FreeException@Heap@Details@Platform@@SAXPEAX@Z

?GetActivationFactory@Details@Platform@@YAJPEAVModuleBase@1WRL@Microsoft@@PEAUHSTRING__@@PEAPEAUIActivationFactory@@@Z

?GetActivationFactoryByPCWSTR@@YAJPEAXAEAVGuid@Platform@@PEAPEAX@Z

?GetCmdArguments@Details@Platform@@YAPEAPEA_WPEAH@Z

?GetHashCode@Attribute@Metadata@Platform@@QE$AAAHXZ

?GetHashCode@Boolean@Platform@@QEAAHXZ

?GetHashCode@Delegate@Platform@@QE$AAAHXZ

?GetHashCode@Enum@Platform@@QE$AAAHXZ

?GetHashCode@Exception@Platform@@UE$AAAHXZ

?GetHashCode@Guid@Platform@@QEAAHXZ

?GetHashCode@MTAThreadAttribute@Platform@@QE$AAAHXZ

?GetHashCode@Object@Platform@@QE$AAAHXZ

?GetHashCode@OnePhaseConstructedAttribute@CompilerServices@Runtime@Platform@@QE$AAAHXZ

?GetHashCode@STAThreadAttribute@Platform@@QE$AAAHXZ

?GetHashCode@Type@Platform@@UE$AAAHXZ

?GetHashCode@ValueType@Platform@@QE$AAAHXZ

?GetHashCode@char16@default@@QEAAHXZ

?GetHashCode@float32@default@@QEAAHXZ

?GetHashCode@float64@default@@QEAAHXZ

?GetHashCode@int16@default@@QEAAHXZ

?GetHashCode@int32@default@@QEAAHXZ

?GetHashCode@int64@default@@QEAAHXZ

?GetHashCode@int8@default@@QEAAHXZ

?GetHashCode@uint16@default@@QEAAHXZ

?GetHashCode@uint32@default@@QEAAHXZ

?GetHashCode@uint64@default@@QEAAHXZ

?GetHashCode@uint8@default@@QEAAHXZ

?GetIBoxArrayVtable@Details@Platform@@YAPEAXPEAX@Z

?GetIBoxVtable@Details@Platform@@YAPEAXPEAX@Z

?GetIidsFn@@YAJHPEAKPEBU__s_GUID@@PEAPEAVGuid@Platform@@@Z

?GetObjectContext@Details@Platform@@YAPEAUIUnknown@@XZ

?GetProxyImpl@Details@Platform@@YAJPEAUIUnknown@@AEBU_GUID@@0PEAPEAU3@@Z

?GetType@Boolean@Platform@@QEAAPE$AAVType@2@XZ

?GetType@Guid@Platform@@QEAAPE$AAVType@2@XZ

?GetType@Object@Platform@@QE$AAAPE$AAVType@2@XZ

?GetType@char16@default@@QEAAPE$AAVType@Platform@@XZ

?GetType@float32@default@@QEAAPE$AAVType@Platform@@XZ

?GetType@float64@default@@QEAAPE$AAVType@Platform@@XZ

?GetType@int16@default@@QEAAPE$AAVType@Platform@@XZ

?GetType@int32@default@@QEAAPE$AAVType@Platform@@XZ

?GetType@int64@default@@QEAAPE$AAVType@Platform@@XZ

?GetType@int8@default@@QEAAPE$AAVType@Platform@@XZ

?GetType@uint16@default@@QEAAPE$AAVType@Platform@@XZ

?GetType@uint32@default@@QEAAPE$AAVType@Platform@@XZ

?GetType@uint64@default@@QEAAPE$AAVType@Platform@@XZ

?GetType@uint8@default@@QEAAPE$AAVType@Platform@@XZ

?GetTypeCode@Type@Platform@@SA?AW4TypeCode@2@PE$AAV12@@Z

?GetWeakReference@Details@Platform@@YAPEAU__abi_IUnknown@@QE$ADVObject@2@@Z

?InitControlBlock@ControlBlock@Details@Platform@@AEAAXPEAX_N11@Z

?InitializeData@Details@Platform@@YAJH@Z

?Intersect@Rect@Foundation@Windows@@QEAAXV123@@Z

?IntersectsWith@Rect@Foundation@Windows@@QEAA_NV123@@Z

?Invert@Matrix3D@Media3D@Media@Xaml@UI@Windows@@QEAAXXZ

?ReCreateException@Exception@Platform@@SAPE$AAV12@H@Z

?ReferenceEquals@Object@Platform@@SA_NPE$AAV12@0@Z

?ReferenceEquals@Object@Platform@@SA_NPE$AAVString@2@0@Z

?RegisterFactories@Details@Platform@@YAPE$AAVObject@2@PEAPEAVModuleBase@1WRL@Microsoft@@PEAPEAU__abi_Module@@P6AXXZ@Z

?ReleaseInContextImpl@Details@Platform@@YAJPEAUIUnknown@@0@Z

?ReleaseTarget@ControlBlock@Details@Platform@@AEAAXXZ

?ResolveWeakReference@Details@Platform@@YAPE$AAVObject@2@AEBU_GUID@@PEAPEAU__abi_IUnknown@@@Z

?RunApplicationServer@Details@Platform@@YAXPEAPEAVModuleBase@1WRL@Microsoft@@PEAPEAU__abi_Module@@PEB_W@Z

?RunServer@Details@Platform@@YAXPEAPEAVModuleBase@1WRL@Microsoft@@PEAPEAU__abi_Module@@PEB_W@Z

?TerminateModule@Details@Platform@@YA_NPEAVModuleBase@1WRL@Microsoft@@@Z

?ToInt32@IntPtr@Platform@@QEAAHXZ

?ToString@Attribute@Metadata@Platform@@QE$AAAPE$AAVString@3@XZ

?ToString@Boolean@Platform@@QEAAPE$AAVString@2@XZ

?ToString@Delegate@Platform@@QE$AAAPE$AAVString@2@XZ

?ToString@Enum@Platform@@QE$AAAPE$AAVString@2@XZ

?ToString@Exception@Platform@@UE$AAAPE$AAVString@2@XZ

?ToString@Guid@Platform@@QEAAPE$AAVString@2@XZ

?ToString@MTAThreadAttribute@Platform@@QE$AAAPE$AAVString@2@XZ

?ToString@OnePhaseConstructedAttribute@CompilerServices@Runtime@Platform@@QE$AAAPE$AAVString@4@XZ

?ToString@STAThreadAttribute@Platform@@QE$AAAPE$AAVString@2@XZ

?ToString@Type@Platform@@UE$AAAPE$AAVString@2@XZ

?ToString@ValueType@Platform@@QE$AAAPE$AAVString@2@XZ

?ToString@char16@default@@QEAAPE$AAVString@Platform@@XZ

?ToString@float32@default@@QEAAPE$AAVString@Platform@@XZ

?ToString@float64@default@@QEAAPE$AAVString@Platform@@XZ

?ToString@int16@default@@QEAAPE$AAVString@Platform@@XZ

?ToString@int32@default@@QEAAPE$AAVString@Platform@@XZ

?ToString@int64@default@@QEAAPE$AAVString@Platform@@XZ

?ToString@int8@default@@QEAAPE$AAVString@Platform@@XZ

?ToString@uint16@default@@QEAAPE$AAVString@Platform@@XZ

?ToString@uint32@default@@QEAAPE$AAVString@Platform@@XZ

?ToString@uint64@default@@QEAAPE$AAVString@Platform@@XZ

?ToString@uint8@default@@QEAAPE$AAVString@Platform@@XZ

?UninitializeData@Details@Platform@@YAXH@Z

?Union@Rect@Foundation@Windows@@QEAAXV123@@Z

?Union@Rect@Foundation@Windows@@QEAAXVPoint@23@@Z

?WriteLine@Console@Details@Platform@@SAXPE$AAVObject@3@@Z

?WriteLine@Console@Details@Platform@@SAXPE$AAVString@3@@Z

?WriteLine@Console@Details@Platform@@SAXXZ

?__abi_FailFast@@YAXXZ

?__abi_ObjectToString@__abi_details@@YAPE$AAVString@Platform@@PE$AAVObject@3@_N@Z

?__abi_Resolve@ControlBlock@Details@Platform@@UEAAJAEAVGuid@3@PEAPEAU__abi_IInspectable@@@Z

?__abi_WinRTraiseAccessDeniedException@@YAXXZ

?__abi_WinRTraiseCOMException@@YAXJ@Z

?__abi_WinRTraiseChangedStateException@@YAXXZ

?__abi_WinRTraiseClassNotRegisteredException@@YAXXZ

?__abi_WinRTraiseDisconnectedException@@YAXXZ

?__abi_WinRTraiseFailureException@@YAXXZ

?__abi_WinRTraiseInvalidArgumentException@@YAXXZ

?__abi_WinRTraiseInvalidCastException@@YAXXZ

?__abi_WinRTraiseNotImplementedException@@YAXXZ

?__abi_WinRTraiseNullReferenceException@@YAXXZ

?__abi_WinRTraiseObjectDisposedException@@YAXXZ

?__abi_WinRTraiseOperationCanceledException@@YAXXZ

?__abi_WinRTraiseOutOfBoundsException@@YAXXZ

?__abi_WinRTraiseOutOfMemoryException@@YAXXZ

?__abi_WinRTraiseWrongThreadException@@YAXXZ

?__abi_cast_Object_to_String@__abi_details@@YAPE$AAVString@Platform@@_NPE$AAVObject@3@@Z

?__abi_cast_String_to_Object@__abi_details@@YAPE$AAVObject@Platform@@PE$AAVString@3@@Z

?__abi_make_type_id@@YAPE$AAVType@Platform@@AEBU__abi_type_descriptor@@@Z

?__abi_translateCurrentException@@YAJ_N@Z

?__getActivationFactoryByHSTRING@@YAJPEAUHSTRING__@@AEAVGuid@Platform@@PEAPEAX@Z

?get@Bottom@Rect@Foundation@Windows@@QEAAMXZ

?get@BreakOnAllocationId@Heap@Details@Platform@@SAHXZ

?get@BreakOnFreeId@Heap@Details@Platform@@SAHXZ

?get@CurrentAllocationId@Heap@Details@Platform@@SAHXZ

?get@Empty@Rect@Foundation@Windows@@SA?AV234@XZ

?get@Empty@Size@Foundation@Windows@@SA?AV234@XZ

?get@FullName@Type@Platform@@QE$AAAPE$AAVString@3@XZ

?get@HasInverse@Matrix3D@Media3D@Media@Xaml@UI@Windows@@QEAA_NXZ

?get@Message@Exception@Platform@@QE$AAAPE$AAVString@3@XZ

?get@ObjectCount@Heap@Details@Platform@@SAHXZ

?get@Right@Rect@Foundation@Windows@@QEAAMXZ

?get@TrackingLevel@Heap@Details@Platform@@SA?AW4HeapAllocationTrackingLevel@34@XZ

?set@BreakOnAllocationId@Heap@Details@Platform@@SAXH@Z

?set@BreakOnFreeId@Heap@Details@Platform@@SAXH@Z

?set@TrackingLevel@Heap@Details@Platform@@SAXW4HeapAllocationTrackingLevel@34@@Z

Sections

.text
Size: 162KB - Virtual size: 161KB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

.rdata
Size: 120KB - Virtual size: 120KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.data
Size: 41KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.pdata
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_DISCARDABLE

IMAGE_SCN_MEM_READ

vcruntime140.dll

.dll windows:6 windows x64 arch:x64

2cb5da5225e972a08f32d04b8085dc7e

Code Sign

33:00:00:00:fc:a0:e2:4f:d0:dc:19:5a:3a:00:00:00:00:00:fc
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/08/2018, 20:20

Not After

23/11/2019, 20:20

Subject

CN=Microsoft Time-Stamp Service,OU=Microsoft Operations Puerto Rico+OU=Thales TSS ESN:728D-C45F-F9EB,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

33:00:00:01:51:9e:8d:8f:40:71:a3:0e:41:00:00:00:00:01:51
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

02/05/2019, 21:37

Not After

02/05/2020, 21:37

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03/04/2007, 12:53

Not After

03/04/2021, 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08/07/2011, 20:59

Not After

08/07/2026, 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

33:00:00:01:51:9e:8d:8f:40:71:a3:0e:41:00:00:00:00:01:51
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

02/05/2019, 21:37

Not After

02/05/2020, 21:37

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08/07/2011, 20:59

Not After

08/07/2026, 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

31:88:b0:6c:7e:d2:15:11:e7:3c:97:3d:2d:dd:84:ac:df:d0:e7:43:df:ba:d3:d5:52:d4:af:65:15:5f:47:e7
Signer

Actual PE Digest

31:88:b0:6c:7e:d2:15:11:e7:3c:97:3d:2d:dd:84:ac:df:d0:e7:43:df:ba:d3:d5:52:d4:af:65:15:5f:47:e7

Digest Algorithm

sha256

PE Digest Matches

true

99:e2:68:a3:53:32:b1:eb:68:bc:1e:d5:72:55:74:ad:95:59:c7:1b
Signer

Actual PE Digest

99:e2:68:a3:53:32:b1:eb:68:bc:1e:d5:72:55:74:ad:95:59:c7:1b

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_LARGE_ADDRESS_AWARE

IMAGE_FILE_DLL

PDB Paths

d:\agent\_work\2\s\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdb

Imports

api-ms-win-crt-runtime-l1-1-0

abort

terminate

api-ms-win-crt-heap-l1-1-0

calloc

malloc

free

api-ms-win-crt-string-l1-1-0

strcpy_s

wcsncmp

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vsprintf_s

api-ms-win-crt-convert-l1-1-0

atol

kernel32

GetLastError

IsProcessorFeaturePresent

TerminateProcess

GetCurrentProcess

SetUnhandledExceptionFilter

UnhandledExceptionFilter

RtlVirtualUnwind

RtlCaptureContext

GetSystemTimeAsFileTime

GetCurrentThreadId

GetCurrentProcessId

QueryPerformanceCounter

RtlLookupFunctionEntry

GetModuleHandleW

GetModuleFileNameW

RtlUnwindEx

RtlUnwind

EncodePointer

RaiseException

RtlPcToFileHeader

InterlockedPushEntrySList

InterlockedFlushSList

EnterCriticalSection

LeaveCriticalSection

DeleteCriticalSection

GetProcAddress

SetLastError

InitializeCriticalSectionAndSpinCount

TlsAlloc

TlsGetValue

TlsSetValue

TlsFree

FreeLibrary

LoadLibraryExW

Exports

_CreateFrameInfo

_CxxThrowException

_FindAndUnlinkFrame

_IsExceptionObjectToBeDestroyed

_SetWinRTOutOfMemoryExceptionCallback

__AdjustPointer

__BuildCatchObject

__BuildCatchObjectHelper

__C_specific_handler

__C_specific_handler_noexcept

__CxxDetectRethrow

__CxxExceptionFilter

__CxxFrameHandler

__CxxFrameHandler2

__CxxFrameHandler3

__CxxQueryExceptionSize

__CxxRegisterExceptionObject

__CxxUnregisterExceptionObject

__DestructExceptionObject

__FrameUnwindFilter

__GetPlatformExceptionInfo

__NLG_Dispatch2

__NLG_Return2

__RTCastToVoid

__RTDynamicCast

__RTtypeid

__TypeMatch

__current_exception

__current_exception_context

__intrinsic_setjmp

__intrinsic_setjmpex

__processing_throw

__report_gsfailure

__std_exception_copy

__std_exception_destroy

__std_terminate

__std_type_info_compare

__std_type_info_destroy_list

__std_type_info_hash

__std_type_info_name

__telemetry_main_invoke_trigger

__telemetry_main_return_trigger

__unDName

__unDNameEx

__uncaught_exception

__uncaught_exceptions

__vcrt_GetModuleFileNameW

__vcrt_GetModuleHandleW

__vcrt_InitializeCriticalSectionEx

__vcrt_LoadLibraryExW

_get_purecall_handler

_get_unexpected

_is_exception_typeof

_local_unwind

_purecall

_set_purecall_handler

_set_se_translator

longjmp

memchr

memcmp

memcpy

memmove

memset

set_unexpected

strchr

strrchr

strstr

unexpected

wcschr

wcsrchr

wcsstr

Sections

.text
Size: 47KB - Virtual size: 47KB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

.rdata
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 372B

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_DISCARDABLE

IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

bf95d1fc1d10de18b32654b123ad5e1f

Code Sign

07:c8:cc:b4:dd:a3:80:23:6b:da:84:4e:b9:25:91:3aCertificate

Extended Key Usages

Key Usages

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08Certificate

Extended Key Usages

Key Usages

a6:b3:a1:34:36:c4:46:e6:ed:d2:28:3d:1c:3d:4c:cb:d6:87:da:78Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

version

Sections

.text Size: 26KB - Virtual size: 25KB

.rdata Size: 6KB - Virtual size: 6KB

.data Size: 512B - Virtual size: 452KB

.ndata Size: - Virtual size: 564KB

.rsrc Size: 364KB - Virtual size: 364KB

b729b61eb1515fcf7b3e511e4e66258b

Code Sign

07:c8:cc:b4:dd:a3:80:23:6b:da:84:4e:b9:25:91:3aCertificate

Extended Key Usages

Key Usages

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08Certificate

Extended Key Usages

Key Usages

9d:c6:3e:d3:c6:bd:f2:4c:87:de:94:48:a1:6f:73:da:bd:5a:12:34Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

version

Sections

.text Size: 25KB - Virtual size: 24KB

.rdata Size: 6KB - Virtual size: 6KB

.data Size: 512B - Virtual size: 409KB

.ndata Size: - Virtual size: 996KB

.rsrc Size: 370KB - Virtual size: 369KB

cd90e33ffbc335413a25300c682c83df

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

comdlg32

ole32

Exports

Exports

Sections

.text Size: 7KB - Virtual size: 6KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 1024B - Virtual size: 17KB

.rsrc Size: 512B - Virtual size: 152B

.reloc Size: 1KB - Virtual size: 1KB

039bcbc605477e8e87ec550c2e60e748

Headers

07:c8:cc:b4:dd:a3:80:23:6b:da:84:4e:b9:25:91:3a
Certificate

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

a6:b3:a1:34:36:c4:46:e6:ed:d2:28:3d:1c:3d:4c:cb:d6:87:da:78
Signer

.text
Size: 26KB - Virtual size: 25KB

.rdata
Size: 6KB - Virtual size: 6KB

.data
Size: 512B - Virtual size: 452KB

.ndata
Size: - Virtual size: 564KB

.rsrc
Size: 364KB - Virtual size: 364KB

07:c8:cc:b4:dd:a3:80:23:6b:da:84:4e:b9:25:91:3a
Certificate

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

9d:c6:3e:d3:c6:bd:f2:4c:87:de:94:48:a1:6f:73:da:bd:5a:12:34
Signer

.text
Size: 25KB - Virtual size: 24KB

.rdata
Size: 6KB - Virtual size: 6KB

.data
Size: 512B - Virtual size: 409KB

.ndata
Size: - Virtual size: 996KB

.rsrc
Size: 370KB - Virtual size: 369KB

.text
Size: 7KB - Virtual size: 6KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 1024B - Virtual size: 17KB

.rsrc
Size: 512B - Virtual size: 152B

.reloc
Size: 1KB - Virtual size: 1KB

.text
Size: 7KB - Virtual size: 7KB

.rdata
Size: 1024B - Virtual size: 963B

.data
Size: 512B - Virtual size: 64B

.reloc
Size: 1024B - Virtual size: 588B

.text
Size: 2KB - Virtual size: 2KB

.rdata
Size: 1KB - Virtual size: 1KB

.data
Size: 512B - Virtual size: 268B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 274B

.text
Size: 1KB - Virtual size: 1KB

.rdata
Size: 1024B - Virtual size: 927B

.data
Size: - Virtual size: 2KB

.rsrc
Size: 512B - Virtual size: 436B

.reloc
Size: 512B - Virtual size: 254B

.text
Size: 36KB - Virtual size: 36KB

.rdata
Size: 11KB - Virtual size: 11KB

.data
Size: 3KB - Virtual size: 6KB

.rsrc
Size: 512B - Virtual size: 436B

.reloc
Size: 5KB - Virtual size: 5KB

07:c8:cc:b4:dd:a3:80:23:6b:da:84:4e:b9:25:91:3a
Certificate

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

84:10:2b:e6:b1:29:e8:a6:5a:67:d7:a9:12:df:bb:b2:b1:5a:78:49
Signer