agenttesla | Nexar_X_v1[.]0[.]8_FIXED[.]rar

resource	yara_rule
static1/unpack001/Guna.UI2.dll	family_agenttesla

resource
unpack001/Nexar X.exe
unpack001/NexarAPI.exe
unpack001/VisualStudioTabControl.dll
unpack001/ucrtbased.dll

Nexar_X_v1.0.8_FIXED.rar

.rar

Guna.UI2.dll

.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Code Sign

7a:98:1b:7d:3e:b4:86:bb:45:84:c4:3c:c9:a8:3f:db
Certificate

Issuer

CN=Sobatdata Root CA

Not Before

23/10/2019, 05:22

Not After

22/10/2025, 17:00

Subject

CN=Sobatdata Software

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

47:b4:cf:f5:c2:a1:e0:36:e9:3f:b8:c2:44:a0:df:33:c2:26:10:62
Signer

Actual PE Digest

47:b4:cf:f5:c2:a1:e0:36:e9:3f:b8:c2:44:a0:df:33:c2:26:10:62

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

IMAGE_DLLCHARACTERISTICS_NO_SEH

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_LARGE_ADDRESS_AWARE

IMAGE_FILE_DLL

Imports

mscoree

_CorDllMain

Sections

.text
Size: 2.1MB - Virtual size: 2.1MB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_DISCARDABLE

IMAGE_SCN_MEM_READ

Nexar X.exe

.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

IMAGE_DLLCHARACTERISTICS_NO_SEH

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\mostafa\Desktop\Main stuff for Nexar\Nexar X\Nexar X\obj\Debug\Nexar X.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 319KB - Virtual size: 319KB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

.rsrc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_DISCARDABLE

IMAGE_SCN_MEM_READ

NexarAPI.exe

.exe windows:6 windows x64 arch:x64

39fe52335bcb5f9357674966ec37e956

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\mostafa\Desktop\NexarAPI\x64\Debug\NexarAPI.pdb

Imports

kernel32

CloseHandle

CreateToolhelp32Snapshot

Process32FirstW

Process32NextW

IsDebuggerPresent

RaiseException

MultiByteToWideChar

WideCharToMultiByte

RtlCaptureContext

RtlLookupFunctionEntry

RtlVirtualUnwind

UnhandledExceptionFilter

SetUnhandledExceptionFilter

GetCurrentProcess

TerminateProcess

IsProcessorFeaturePresent

QueryPerformanceCounter

GetCurrentProcessId

GetSystemTimeAsFileTime

InitializeSListHead

GetStartupInfoW

GetModuleHandleW

GetLastError

HeapAlloc

HeapFree

GetProcAddress

GetProcessHeap

VirtualQuery

FreeLibrary

GetCurrentThreadId

msvcp140d

?uncaught_exception@std@@YA_NXZ

_Xtime_get_ticks

_Query_perf_counter

_Query_perf_frequency

_Thrd_sleep

?good@ios_base@std@@QEBA_NXZ

?flags@ios_base@std@@QEBAHXZ

?cerr@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A

?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A

?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ

?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ

?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADXZ

?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ

?tie@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_ostream@DU?$char_traits@D@std@@@2@XZ

?width@ios_base@std@@QEBA_JXZ

?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z

?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z

?width@ios_base@std@@QEAA_J_J@Z

?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z

vcruntime140_1d

__CxxFrameHandler4

vcruntime140d

memcpy

__C_specific_handler

__C_specific_handler_noexcept

__std_type_info_destroy_list

__vcrt_LoadLibraryExW

__vcrt_GetModuleHandleW

__vcrt_GetModuleFileNameW

__current_exception

__current_exception_context

ucrtbased

_seh_filter_dll

_initialize_onexit_table

_register_onexit_function

_execute_onexit_table

_crt_atexit

_crt_at_quick_exit

terminate

_wmakepath_s

_wsplitpath_s

wcscpy_s

__stdio_common_vsprintf_s

__p__commode

_set_new_mode

_configthreadlocale

_register_thread_local_exe_atexit_callback

_c_exit

strcat_s

__p___argv

__p___argc

_set_fmode

exit

_initterm_e

_initterm

_get_initial_narrow_environment

_initialize_narrow_environment

_configure_narrow_argv

__setusermatherr

_set_app_type

_seh_filter_exe

_CrtDbgReportW

_CrtDbgReport

strlen

_stricmp

wcstombs_s

_cexit

strcpy_s

_exit

Sections

.textbss
Size: - Virtual size: 64KB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_CNT_UNINITIALIZED_DATA

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.text
Size: 42KB - Virtual size: 42KB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

.rdata
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.pdata
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.idata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.msvcjmc
Size: 1024B - Virtual size: 559B

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.00cfg
Size: 512B - Virtual size: 373B

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 704B

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_DISCARDABLE

IMAGE_SCN_MEM_READ

Scripts/I love Nexar.txt

Scripts/Nexar on top.txt

Siticone.UI.dll

.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Code Sign

3a:93:0b:19:8f:29:72:9a:49:b0:8b:f3:6d:f8:17:ae
Certificate

Issuer

CN=Siticone Root CA

Not Before

05/02/2020, 06:42

Not After

22/10/2030, 17:00

Subject

CN=Siticone Technology

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

Issuer

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2014, 00:00

Not After

22/10/2024, 00:00

Subject

CN=DigiCert Timestamp Responder,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10/11/2006, 00:00

Not After

10/11/2021, 00:00

Subject

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageServerAuth

ExtKeyUsageClientAuth

ExtKeyUsageCodeSigning

ExtKeyUsageEmailProtection

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

34:8f:92:bf:68:07:1b:a4:18:d3:f6:b4:4e:02:5a:2c:51:c0:51:c0
Signer

Actual PE Digest

34:8f:92:bf:68:07:1b:a4:18:d3:f6:b4:4e:02:5a:2c:51:c0:51:c0

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

IMAGE_DLLCHARACTERISTICS_NO_SEH

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_LINE_NUMS_STRIPPED

IMAGE_FILE_LOCAL_SYMS_STRIPPED

IMAGE_FILE_LARGE_ADDRESS_AWARE

IMAGE_FILE_DLL

PDB Paths

C:\Users\Ilham-PC\Documents\Visual Studio 2015\Projects\Siticone.UI\Build\Release\Siticone.UI.WinForms\Siticone.UI.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_DISCARDABLE

IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

VisualStudioTabControl.dll

.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

IMAGE_DLLCHARACTERISTICS_NO_SEH

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_LARGE_ADDRESS_AWARE

IMAGE_FILE_DLL

PDB Paths

C:\Users\Alaa\Documents\Visual Studio 2015\Projects\VisualStudioTabControl\VisualStudioTabControl\obj\Debug\VisualStudioTabControl.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_DISCARDABLE

IMAGE_SCN_MEM_READ

bin/Monaco/ace/ace.js

.js

bin/Monaco/ace/ext-beautify.js

.js

bin/Monaco/ace/ext-code_lens.js

.js

bin/Monaco/ace/ext-elastic_tabstops_lite.js

.js

bin/Monaco/ace/ext-emmet.js

.js

bin/Monaco/ace/ext-error_marker.js

.js

bin/Monaco/ace/ext-keybinding_menu.js

.js

bin/Monaco/ace/ext-language_tools.js

.js

bin/Monaco/ace/ext-linking.js

.js

bin/Monaco/ace/ext-modelist.js

.js

bin/Monaco/ace/ext-options.js

.js

bin/Monaco/ace/ext-prompt.js

.js

bin/Monaco/ace/ext-rtl.js

.js

bin/Monaco/ace/ext-searchbox.js

.js

bin/Monaco/ace/ext-settings_menu.js

.js

bin/Monaco/ace/ext-spellcheck.js

.js

bin/Monaco/ace/ext-split.js

.js

bin/Monaco/ace/ext-static_highlight.js

.js

bin/Monaco/ace/ext-statusbar.js

.js

bin/Monaco/ace/ext-textarea.js

.js

bin/Monaco/ace/ext-themelist.js

.js

bin/Monaco/ace/ext-whitespace.js

.js

bin/Monaco/ace/keybinding-emacs.js

.js

bin/Monaco/ace/keybinding-sublime.js

.js

bin/Monaco/ace/keybinding-vim.js

.js

bin/Monaco/ace/keybinding-vscode.js

.js

bin/Monaco/ace/mode-lua.js

.js

bin/Monaco/ace/snippets/abap.js

.js

bin/Monaco/ace/snippets/abc.js

.js

bin/Monaco/ace/snippets/actionscript.js

.js

bin/Monaco/ace/snippets/ada.js

.js

bin/Monaco/ace/snippets/apache_conf.js

.js

bin/Monaco/ace/snippets/apex.js

.js

bin/Monaco/ace/snippets/applescript.js

.js

bin/Monaco/ace/snippets/aql.js

.js

bin/Monaco/ace/snippets/asciidoc.js

.js

bin/Monaco/ace/snippets/asl.js

.js

bin/Monaco/ace/snippets/assembly_x86.js

.js

bin/Monaco/ace/snippets/autohotkey.js

.js

bin/Monaco/ace/snippets/batchfile.js

.js

bin/Monaco/ace/snippets/bro.js

.js

bin/Monaco/ace/snippets/c9search.js

.js

bin/Monaco/ace/snippets/c_cpp.js

.js

bin/Monaco/ace/snippets/cirru.js

.js

bin/Monaco/ace/snippets/clojure.js

.js

bin/Monaco/ace/snippets/cobol.js

.js

bin/Monaco/ace/snippets/coffee.js

.js

bin/Monaco/ace/snippets/coldfusion.js

.js

bin/Monaco/ace/snippets/crystal.js

.js

bin/Monaco/ace/snippets/csharp.js

.js

bin/Monaco/ace/snippets/csound_document.js

.js

bin/Monaco/ace/snippets/csound_orchestra.js

.js

bin/Monaco/ace/snippets/csound_score.js

.js

bin/Monaco/ace/snippets/csp.js

.js

bin/Monaco/ace/snippets/css.js

.js

bin/Monaco/ace/snippets/curly.js

.js

bin/Monaco/ace/snippets/d.js

.js

bin/Monaco/ace/snippets/dart.js

.js

bin/Monaco/ace/snippets/diff.js

.js

bin/Monaco/ace/snippets/django.js

.js

bin/Monaco/ace/snippets/dockerfile.js

.js

bin/Monaco/ace/snippets/dot.js

.js

bin/Monaco/ace/snippets/drools.js

.js

bin/Monaco/ace/snippets/edifact.js

.js

bin/Monaco/ace/snippets/eiffel.js

.js

bin/Monaco/ace/snippets/ejs.js

.js

bin/Monaco/ace/snippets/elixir.js

.js

bin/Monaco/ace/snippets/elm.js

.js

bin/Monaco/ace/snippets/erlang.js

.js

bin/Monaco/ace/snippets/forth.js

.js

bin/Monaco/ace/snippets/fortran.js

.js

bin/Monaco/ace/snippets/fsharp.js

.js

bin/Monaco/ace/snippets/fsl.js

.js

bin/Monaco/ace/snippets/ftl.js

.js

bin/Monaco/ace/snippets/gcode.js

.js

bin/Monaco/ace/snippets/gherkin.js

.js

bin/Monaco/ace/snippets/gitignore.js

.js

bin/Monaco/ace/snippets/glsl.js

.js

bin/Monaco/ace/snippets/gobstones.js

.js

bin/Monaco/ace/snippets/golang.js

.js

bin/Monaco/ace/snippets/graphqlschema.js

.js

bin/Monaco/ace/snippets/groovy.js

.js

bin/Monaco/ace/snippets/haml.js

.js

bin/Monaco/ace/snippets/handlebars.js

.js

bin/Monaco/ace/snippets/haskell.js

.js

bin/Monaco/ace/snippets/haskell_cabal.js

.js

bin/Monaco/ace/snippets/haxe.js

.js

bin/Monaco/ace/snippets/hjson.js

.js

bin/Monaco/ace/snippets/html.js

.js

bin/Monaco/ace/snippets/html_elixir.js

.js

bin/Monaco/ace/snippets/html_ruby.js

.js

bin/Monaco/ace/snippets/ini.js

.js

bin/Monaco/ace/snippets/io.js

.js

bin/Monaco/ace/snippets/jack.js

.js

bin/Monaco/ace/snippets/jade.js

.js

bin/Monaco/ace/snippets/java.js

.js

bin/Monaco/ace/snippets/javascript.js

.js

bin/Monaco/ace/snippets/json.js

.js

bin/Monaco/ace/snippets/json5.js

.js

bin/Monaco/ace/snippets/jsoniq.js

.js

bin/Monaco/ace/snippets/jsp.js

.js .vbs

bin/Monaco/ace/snippets/jssm.js

.js

bin/Monaco/ace/snippets/jsx.js

.js

bin/Monaco/ace/snippets/julia.js

.js

bin/Monaco/ace/snippets/kotlin.js

.js

bin/Monaco/ace/snippets/latex.js

.js

bin/Monaco/ace/snippets/less.js

.js

bin/Monaco/ace/snippets/liquid.js

.js

bin/Monaco/ace/snippets/lisp.js

.js

bin/Monaco/ace/snippets/livescript.js

.js

bin/Monaco/ace/snippets/logiql.js

.js

bin/Monaco/ace/snippets/logtalk.js

.js

bin/Monaco/ace/snippets/lsl.js

.js

bin/Monaco/ace/snippets/lua.js

.js

bin/Monaco/ace/snippets/luapage.js

.js

bin/Monaco/ace/snippets/lucene.js

.js

bin/Monaco/ace/snippets/makefile.js

.js

bin/Monaco/ace/snippets/markdown.js

.js

bin/Monaco/ace/snippets/mask.js

.js

bin/Monaco/ace/snippets/matlab.js

.js

bin/Monaco/ace/snippets/maze.js

.js

bin/Monaco/ace/snippets/mel.js

.js

bin/Monaco/ace/snippets/mixal.js

.js

bin/Monaco/ace/snippets/mushcode.js

.js

bin/Monaco/ace/snippets/mysql.js

.js

bin/Monaco/ace/snippets/nginx.js

.js

bin/Monaco/ace/snippets/nim.js

.js

bin/Monaco/ace/snippets/nix.js

.js

bin/Monaco/ace/snippets/nsis.js

.js

bin/Monaco/ace/snippets/nunjucks.js

.js

bin/Monaco/ace/snippets/objectivec.js

.js

bin/Monaco/ace/snippets/ocaml.js

.js

bin/Monaco/ace/snippets/pascal.js

.js

bin/Monaco/ace/snippets/perl.js

.js

bin/Monaco/ace/snippets/perl6.js

.js

bin/Monaco/ace/snippets/pgsql.js

.js

bin/Monaco/ace/snippets/php.js

.js .ps1

bin/Monaco/ace/snippets/php_laravel_blade.js

.js

bin/Monaco/ace/snippets/pig.js

.js

bin/Monaco/ace/snippets/plain_text.js

.js

bin/Monaco/ace/snippets/powershell.js

.js

bin/Monaco/ace/snippets/praat.js

.js

bin/Monaco/ace/snippets/prolog.js

.js

bin/Monaco/ace/snippets/properties.js

.js

bin/Monaco/ace/snippets/protobuf.js

.js

bin/Monaco/ace/snippets/puppet.js

.js

bin/Monaco/ace/snippets/python.js

.js

bin/Monaco/ace/snippets/r.js

.js

bin/Monaco/ace/snippets/razor.js

.js

bin/Monaco/ace/snippets/rdoc.js

.js

bin/Monaco/ace/snippets/red.js

.js

bin/Monaco/ace/snippets/redshift.js

.js

bin/Monaco/ace/snippets/rhtml.js

.js

bin/Monaco/ace/snippets/rst.js

.js

bin/Monaco/ace/snippets/ruby.js

.js

bin/Monaco/ace/snippets/rust.js

.js

bin/Monaco/ace/snippets/sass.js

.js

bin/Monaco/ace/snippets/scad.js

.js

bin/Monaco/ace/snippets/scala.js

.js

bin/Monaco/ace/snippets/scheme.js

.js

bin/Monaco/ace/snippets/scss.js

.js

bin/Monaco/ace/snippets/sh.js

.js

bin/Monaco/ace/snippets/sjs.js

.js

bin/Monaco/ace/snippets/slim.js

.js

bin/Monaco/ace/snippets/smarty.js

.js

bin/Monaco/ace/snippets/snippets.js

.js

bin/Monaco/ace/snippets/soy_template.js

.js

bin/Monaco/ace/snippets/space.js

.js

bin/Monaco/ace/snippets/sparql.js

.js

bin/Monaco/ace/snippets/sql.js

.js

bin/Monaco/ace/snippets/sqlserver.js

.js

bin/Monaco/ace/snippets/stylus.js

.js

bin/Monaco/ace/snippets/svg.js

.js

bin/Monaco/ace/snippets/swift.js

.js

bin/Monaco/ace/snippets/tcl.js

.js

bin/Monaco/ace/snippets/terraform.js

.js

bin/Monaco/ace/snippets/tex.js

.js

bin/Monaco/ace/snippets/text.js

.js

bin/Monaco/ace/snippets/textile.js

.js

bin/Monaco/ace/snippets/toml.js

.js

bin/Monaco/ace/snippets/tsx.js

.js

bin/Monaco/ace/snippets/turtle.js

.js

bin/Monaco/ace/snippets/twig.js

.js

bin/Monaco/ace/snippets/typescript.js

.js

bin/Monaco/ace/snippets/vala.js

.js

bin/Monaco/ace/snippets/vbscript.js

.js

bin/Monaco/ace/snippets/velocity.js

.js

bin/Monaco/ace/snippets/verilog.js

.js

bin/Monaco/ace/snippets/vhdl.js

.js

bin/Monaco/ace/snippets/visualforce.js

.js

bin/Monaco/ace/snippets/wollok.js

.js

bin/Monaco/ace/snippets/xml.js

.js

bin/Monaco/ace/snippets/xquery.js

.js

bin/Monaco/ace/snippets/yaml.js

.js

bin/Monaco/ace/snippets/zeek.js

.js

bin/Monaco/ace/theme-ambiance.js

.js

bin/Monaco/ace/theme-chaos.js

.js

bin/Monaco/ace/theme-chrome.js

.js

bin/Monaco/ace/theme-clouds.js

.js

bin/Monaco/ace/theme-clouds_midnight.js

.js

bin/Monaco/ace/theme-cobalt.js

.js

bin/Monaco/ace/theme-crimson_editor.js

.js

bin/Monaco/ace/theme-dawn.js

.js

bin/Monaco/ace/theme-dracula.js

.js

bin/Monaco/ace/theme-dreamweaver.js

.js

bin/Monaco/ace/theme-eclipse.js

.js

bin/Monaco/ace/theme-github.js

.js

bin/Monaco/ace/theme-gob.js

.js

bin/Monaco/ace/theme-gruvbox.js

.js

bin/Monaco/ace/theme-idle_fingers.js

.js

bin/Monaco/ace/theme-iplastic.js

.js

bin/Monaco/ace/theme-katzenmilch.js

.js

bin/Monaco/ace/theme-kr_theme.js

.js

bin/Monaco/ace/theme-kuroir.js

.js

bin/Monaco/ace/theme-merbivore.js

.js

bin/Monaco/ace/theme-merbivore_soft.js

.js

bin/Monaco/ace/theme-mono_industrial.js

.js

bin/Monaco/ace/theme-monokai.js

.js

bin/Monaco/ace/theme-pastel_on_dark.js

.js

bin/Monaco/ace/theme-solarized_dark.js

.js

bin/Monaco/ace/theme-solarized_light.js

.js

bin/Monaco/ace/theme-sqlserver.js

.js

bin/Monaco/ace/theme-terminal.js

.js

bin/Monaco/ace/theme-textmate.js

.js

bin/Monaco/ace/theme-tomorrow.js

.js

bin/Monaco/ace/theme-tomorrow_night.js

.js

bin/Monaco/ace/theme-tomorrow_night_blue.js

.js

bin/Monaco/ace/theme-tomorrow_night_bright.js

.js

bin/Monaco/ace/theme-tomorrow_night_eighties.js

.js

bin/Monaco/ace/theme-twilight.js

.js

bin/Monaco/ace/theme-vibrant_ink.js

.js

bin/Monaco/ace/theme-xcode.js

.js

bin/Monaco/ace/worker-coffee.js

.js

bin/Monaco/ace/worker-css.js

.js

bin/Monaco/ace/worker-html.js

.js

bin/Monaco/ace/worker-javascript.js

.js

bin/Monaco/ace/worker-json.js

.js

bin/Monaco/ace/worker-lua.js

.js

bin/Monaco/ace/worker-php.js

.js

bin/Monaco/ace/worker-xml.js

.js

bin/Monaco/ace/worker-xquery.js

.js

bin/Monaco/index.html

.html .js polyglot

msvcp140d.dll

.dll windows:6 windows x64 arch:x64

ad8ded5102aefb2aa1ef491db8fd987f

Code Sign

33:00:00:00:9c:ee:fe:14:55:a9:5d:35:50:00:00:00:00:00:9c
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

30/03/2016, 19:21

Not After

30/06/2017, 19:21

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:5847-F761-4F70,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

33:00:00:01:40:96:a9:ee:70:56:fe:cc:07:00:01:00:00:01:40
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

18/08/2016, 20:17

Not After

02/11/2017, 20:17

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:33:26:1a:00:00:00:00:00:31
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

31/08/2010, 22:19

Not After

31/08/2020, 22:29

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03/04/2007, 12:53

Not After

03/04/2021, 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

33:00:00:00:64:47:84:94:86:db:41:19:38:00:00:00:00:00:64
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

28/10/2015, 20:31

Not After

28/01/2017, 20:31

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08/07/2011, 20:59

Not After

08/07/2026, 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

e5:13:8f:84:f4:96:1b:fe:73:13:57:25:aa:fc:dc:95:7e:d9:52:bf:20:95:4e:d7:0b:cd:4b:7a:2d:32:8e:3f
Signer

Actual PE Digest

e5:13:8f:84:f4:96:1b:fe:73:13:57:25:aa:fc:dc:95:7e:d9:52:bf:20:95:4e:d7:0b:cd:4b:7a:2d:32:8e:3f

Digest Algorithm

sha256

PE Digest Matches

true

02:c6:87:a0:6f:a1:ed:55:57:e8:b5:45:f8:53:b5:18:8f:61:d6:d8
Signer

Actual PE Digest

02:c6:87:a0:6f:a1:ed:55:57:e8:b5:45:f8:53:b5:18:8f:61:d6:d8

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_LARGE_ADDRESS_AWARE

IMAGE_FILE_DLL

PDB Paths

msvcp140d.amd64.pdb

Imports

vcruntime140d

__std_type_info_destroy_list

__C_specific_handler

__uncaught_exceptions

__uncaught_exception

memset

memmove

__CxxFrameHandler3

_CxxThrowException

__AdjustPointer

__processing_throw

__current_exception

__std_exception_destroy

__std_exception_copy

_purecall

memcmp

memchr

memcpy

ucrtbased

fabs

pow

frexp

powf

__stdio_common_vsprintf_s

setlocale

strcspn

fgetwc

fputwc

ungetwc

_Wcsftime

log

logf

_Strftime

_lock_locales

_unlock_locales

rand_s

_callnewh

_seh_filter_dll

_configure_narrow_argv

_initialize_narrow_environment

_initialize_onexit_table

_register_onexit_function

_execute_onexit_table

_crt_atexit

_cexit

_initterm

_initterm_e

strcmp

strtod

strtof

abs

_realloc_dbg

fseek

_fsopen

_wfsopen

wcslen

_wremove

_wrename

_wrmdir

_wchdir

_wgetcwd

_W_Gettnames

_W_Getmonths

_W_Getdays

_Gettnames

_Getmonths

_Getdays

strlen

_unlock_file

_lock_file

ungetc

setvbuf

fwrite

_fseeki64

fsetpos

fgetpos

fgetc

fflush

fclose

_get_stream_buffer_pointers

_invalid_parameter_noinfo

_invalid_parameter

wcscpy_s

wcsnlen

__strncnt

terminate

malloc

free

btowc

iswctype

_ismbblead

___mb_cur_max_func

_malloc_dbg

_free_dbg

___lc_collate_cp_func

tolower

isalnum

isxdigit

isspace

localeconv

isdigit

_CrtDbgReportW

ldexp

_errno

calloc

_endthreadex

_beginthreadex

fputs

fputc

__acrt_iob_func

abort

islower

___lc_codepage_func

___lc_locale_name_func

isupper

__pctype_func

_wcsdup_dbg

_calloc_dbg

_set_new_handler

kernel32

DuplicateHandle

WaitForSingleObjectEx

Sleep

GetCurrentProcess

GetCurrentThread

GetCurrentThreadId

GetExitCodeThread

GetNativeSystemInfo

QueryPerformanceCounter

QueryPerformanceFrequency

GetStringTypeW

MultiByteToWideChar

EnterCriticalSection

LeaveCriticalSection

DeleteCriticalSection

WideCharToMultiByte

RtlPcToFileHeader

LoadLibraryExA

FreeLibrary

VirtualQuery

VirtualProtect

GetSystemInfo

InitializeSListHead

GetCurrentProcessId

IsDebuggerPresent

TerminateProcess

SetUnhandledExceptionFilter

UnhandledExceptionFilter

RtlVirtualUnwind

RtlLookupFunctionEntry

RtlCaptureContext

GetProcAddress

GetModuleHandleW

GetTickCount

GetSystemTimeAsFileTime

CreateEventW

InitializeCriticalSectionAndSpinCount

SetLastError

QueueUserWorkItem

IsProcessorFeaturePresent

RtlCaptureStackBackTrace

TryEnterCriticalSection

FormatMessageW

AreFileApisANSI

CreateHardLinkW

CopyFileW

GetLastError

GetTempPathW

SetFilePointerEx

SetFileAttributesW

SetEndOfFile

GetFileInformationByHandle

GetFileAttributesExW

GetDiskFreeSpaceExW

FindNextFileW

FindFirstFileExW

FindClose

CreateFileW

CreateDirectoryW

GetLocaleInfoW

LCMapStringW

CompareStringW

GetCPInfo

RaiseException

DecodePointer

EncodePointer

CloseHandle

Exports

??$_Getvals@_W@?$time_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@IEAAX_WAEBV_Locinfo@1@@Z

??$_Getvals@_W@?$time_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@IEAAX_WAEBV_Locinfo@1@@Z

??$_Getvals@_W@?$time_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@IEAAX_WAEBV_Locinfo@1@@Z

??0?$_Yarn@D@std@@QEAA@AEBV01@@Z

??0?$_Yarn@D@std@@QEAA@PEBD@Z

??0?$_Yarn@D@std@@QEAA@XZ

??0?$_Yarn@G@std@@QEAA@AEBV01@@Z

??0?$_Yarn@G@std@@QEAA@PEBG@Z

??0?$_Yarn@G@std@@QEAA@XZ

??0?$_Yarn@_W@std@@QEAA@AEBV01@@Z

??0?$_Yarn@_W@std@@QEAA@PEB_W@Z

??0?$_Yarn@_W@std@@QEAA@XZ

??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ

??0?$basic_ios@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z

??0?$basic_ios@GU?$char_traits@G@std@@@std@@IEAA@XZ

??0?$basic_ios@GU?$char_traits@G@std@@@std@@QEAA@PEAV?$basic_streambuf@GU?$char_traits@G@std@@@1@@Z

??0?$basic_ios@_WU?$char_traits@_W@std@@@std@@IEAA@XZ

??0?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEAA@PEAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@@Z

??0?$basic_iostream@DU?$char_traits@D@std@@@std@@IEAA@$$QEAV01@@Z

??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z

??0?$basic_iostream@GU?$char_traits@G@std@@@std@@IEAA@$$QEAV01@@Z

??0?$basic_iostream@GU?$char_traits@G@std@@@std@@QEAA@PEAV?$basic_streambuf@GU?$char_traits@G@std@@@1@@Z

??0?$basic_iostream@_WU?$char_traits@_W@std@@@std@@IEAA@$$QEAV01@@Z

??0?$basic_iostream@_WU?$char_traits@_W@std@@@std@@QEAA@PEAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@@Z

??0?$basic_istream@DU?$char_traits@D@std@@@std@@IEAA@$$QEAV01@@Z

??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N1@Z

??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z

??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@W4_Uninitialized@1@@Z

??0?$basic_istream@GU?$char_traits@G@std@@@std@@IEAA@$$QEAV01@@Z

??0?$basic_istream@GU?$char_traits@G@std@@@std@@QEAA@PEAV?$basic_streambuf@GU?$char_traits@G@std@@@1@_N1@Z

??0?$basic_istream@GU?$char_traits@G@std@@@std@@QEAA@PEAV?$basic_streambuf@GU?$char_traits@G@std@@@1@_N@Z

??0?$basic_istream@GU?$char_traits@G@std@@@std@@QEAA@W4_Uninitialized@1@@Z

??0?$basic_istream@_WU?$char_traits@_W@std@@@std@@IEAA@$$QEAV01@@Z

??0?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAA@PEAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@_N1@Z

??0?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAA@PEAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@_N@Z

??0?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAA@W4_Uninitialized@1@@Z

??0?$basic_ostream@DU?$char_traits@D@std@@@std@@IEAA@$$QEAV01@@Z

??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z

??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@W4_Uninitialized@1@_N@Z

??0?$basic_ostream@GU?$char_traits@G@std@@@std@@IEAA@$$QEAV01@@Z

??0?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAA@PEAV?$basic_streambuf@GU?$char_traits@G@std@@@1@_N@Z

??0?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAA@W4_Uninitialized@1@_N@Z

??0?$basic_ostream@_WU?$char_traits@_W@std@@@std@@IEAA@$$QEAV01@@Z

??0?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAA@PEAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@_N@Z

??0?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAA@W4_Uninitialized@1@_N@Z

??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@AEBV01@@Z

??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@W4_Uninitialized@1@@Z

??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ

??0?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAA@AEBV01@@Z

??0?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAA@W4_Uninitialized@1@@Z

??0?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAA@XZ

??0?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAA@AEBV01@@Z

??0?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAA@W4_Uninitialized@1@@Z

??0?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAA@XZ

??0?$codecvt@DDU_Mbstatet@@@std@@QEAA@AEBV_Locinfo@1@_K@Z

??0?$codecvt@DDU_Mbstatet@@@std@@QEAA@_K@Z

??0?$codecvt@GDU_Mbstatet@@@std@@QEAA@AEBV_Locinfo@1@_K@Z

??0?$codecvt@GDU_Mbstatet@@@std@@QEAA@_K@Z

??0?$codecvt@_SDU_Mbstatet@@@std@@QEAA@AEBV_Locinfo@1@KW4_Codecvt_mode@1@_K@Z

??0?$codecvt@_SDU_Mbstatet@@@std@@QEAA@AEBV_Locinfo@1@_K@Z

??0?$codecvt@_SDU_Mbstatet@@@std@@QEAA@_K@Z

??0?$codecvt@_UDU_Mbstatet@@@std@@QEAA@AEBV_Locinfo@1@KW4_Codecvt_mode@1@_K@Z

??0?$codecvt@_UDU_Mbstatet@@@std@@QEAA@AEBV_Locinfo@1@_K@Z

??0?$codecvt@_UDU_Mbstatet@@@std@@QEAA@_K@Z

??0?$codecvt@_WDU_Mbstatet@@@std@@QEAA@AEBV_Locinfo@1@_K@Z

??0?$codecvt@_WDU_Mbstatet@@@std@@QEAA@_K@Z

??0?$ctype@D@std@@QEAA@AEBV_Locinfo@1@_K@Z

??0?$ctype@D@std@@QEAA@PEBF_N_K@Z

??0?$ctype@G@std@@QEAA@AEBV_Locinfo@1@_K@Z

??0?$ctype@G@std@@QEAA@_K@Z

??0?$ctype@_W@std@@QEAA@AEBV_Locinfo@1@_K@Z

??0?$ctype@_W@std@@QEAA@_K@Z

??0?$num_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QEAA@AEBV_Locinfo@1@_K@Z

??0?$num_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QEAA@_K@Z

??0?$num_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QEAA@AEBV_Locinfo@1@_K@Z

??0?$num_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QEAA@_K@Z

??0?$num_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@QEAA@AEBV_Locinfo@1@_K@Z

??0?$num_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@QEAA@_K@Z

??0?$num_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QEAA@AEBV_Locinfo@1@_K@Z

??0?$num_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QEAA@_K@Z

??0?$num_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QEAA@AEBV_Locinfo@1@_K@Z

??0?$num_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QEAA@_K@Z

??0?$num_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@QEAA@AEBV_Locinfo@1@_K@Z

??0?$num_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@QEAA@_K@Z

??0?$time_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@IEAA@PEBD_K@Z

??0?$time_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QEAA@AEBV_Locinfo@1@_K@Z

??0?$time_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QEAA@_K@Z

??0?$time_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@IEAA@PEBD_K@Z

??0?$time_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QEAA@AEBV_Locinfo@1@_K@Z

??0?$time_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QEAA@_K@Z

??0?$time_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@IEAA@PEBD_K@Z

??0?$time_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@QEAA@AEBV_Locinfo@1@_K@Z

??0?$time_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@QEAA@_K@Z

??0?$time_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QEAA@AEBV_Locinfo@1@_K@Z

??0?$time_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QEAA@_K@Z

??0?$time_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@IEAA@PEBD_K@Z

??0?$time_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QEAA@AEBV_Locinfo@1@_K@Z

??0?$time_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QEAA@_K@Z

??0?$time_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@IEAA@PEBD_K@Z

??0?$time_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@QEAA@AEBV_Locinfo@1@_K@Z

??0?$time_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@QEAA@_K@Z

??0Init@ios_base@std@@QEAA@XZ

??0_Facet_base@std@@QEAA@AEBV01@@Z

??0_Facet_base@std@@QEAA@XZ

??0_Init_locks@std@@QEAA@XZ

??0_Locimp@locale@std@@AEAA@AEBV012@@Z

??0_Locimp@locale@std@@AEAA@_N@Z

??0_Locinfo@std@@QEAA@HPEBD@Z

??0_Locinfo@std@@QEAA@PEBD@Z

??0_Lockit@std@@QEAA@H@Z

??0_Lockit@std@@QEAA@XZ

??0_Timevec@std@@QEAA@AEBV01@@Z

??0_Timevec@std@@QEAA@PEAX@Z

??0_UShinit@std@@QEAA@XZ

??0_Winit@std@@QEAA@XZ

??0codecvt_base@std@@QEAA@_K@Z

??0ctype_base@std@@QEAA@_K@Z

??0facet@locale@std@@IEAA@_K@Z

??0id@locale@std@@QEAA@_K@Z

??0ios_base@std@@IEAA@XZ

??0task_continuation_context@Concurrency@@AEAA@XZ

??0time_base@std@@QEAA@_K@Z

??1?$_Yarn@D@std@@QEAA@XZ

??1?$_Yarn@G@std@@QEAA@XZ

??1?$_Yarn@_W@std@@QEAA@XZ

??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ

??1?$basic_ios@GU?$char_traits@G@std@@@std@@UEAA@XZ

??1?$basic_ios@_WU?$char_traits@_W@std@@@std@@UEAA@XZ

??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ

??1?$basic_iostream@GU?$char_traits@G@std@@@std@@UEAA@XZ

??1?$basic_iostream@_WU?$char_traits@_W@std@@@std@@UEAA@XZ

??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ

??1?$basic_istream@GU?$char_traits@G@std@@@std@@UEAA@XZ

??1?$basic_istream@_WU?$char_traits@_W@std@@@std@@UEAA@XZ

??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ

??1?$basic_ostream@GU?$char_traits@G@std@@@std@@UEAA@XZ

??1?$basic_ostream@_WU?$char_traits@_W@std@@@std@@UEAA@XZ

??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ

??1?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAA@XZ

??1?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UEAA@XZ

??1?$codecvt@DDU_Mbstatet@@@std@@MEAA@XZ

??1?$codecvt@GDU_Mbstatet@@@std@@MEAA@XZ

??1?$codecvt@_SDU_Mbstatet@@@std@@MEAA@XZ

??1?$codecvt@_UDU_Mbstatet@@@std@@MEAA@XZ

??1?$codecvt@_WDU_Mbstatet@@@std@@MEAA@XZ

??1?$ctype@D@std@@MEAA@XZ

??1?$ctype@G@std@@MEAA@XZ

??1?$ctype@_W@std@@MEAA@XZ

??1?$num_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@MEAA@XZ

??1?$num_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@MEAA@XZ

??1?$num_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@MEAA@XZ

??1?$num_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@MEAA@XZ

??1?$num_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@MEAA@XZ

??1?$num_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@MEAA@XZ

??1?$time_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@MEAA@XZ

??1?$time_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@MEAA@XZ

??1?$time_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@MEAA@XZ

??1?$time_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@MEAA@XZ

??1?$time_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@MEAA@XZ

??1?$time_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@MEAA@XZ

??1Init@ios_base@std@@QEAA@XZ

??1_Facet_base@std@@UEAA@XZ

??1_Init_locks@std@@QEAA@XZ

??1_Locimp@locale@std@@MEAA@XZ

??1_Locinfo@std@@QEAA@XZ

??1_Lockit@std@@QEAA@XZ

??1_Timevec@std@@QEAA@XZ

??1_UShinit@std@@QEAA@XZ

??1_Winit@std@@QEAA@XZ

??1codecvt_base@std@@UEAA@XZ

??1ctype_base@std@@UEAA@XZ

??1facet@locale@std@@MEAA@XZ

??1ios_base@std@@UEAA@XZ

??1time_base@std@@UEAA@XZ

??2_Crt_new_delete@std@@SAPEAX_K@Z

??2_Crt_new_delete@std@@SAPEAX_KAEBUnothrow_t@1@@Z

??2_Crt_new_delete@std@@SAPEAX_KPEAX@Z

??3_Crt_new_delete@std@@SAXPEAX0@Z

??3_Crt_new_delete@std@@SAXPEAX@Z

??3_Crt_new_delete@std@@SAXPEAXAEBUnothrow_t@1@@Z

??4?$_Iosb@H@std@@QEAAAEAV01@$$QEAV01@@Z

??4?$_Iosb@H@std@@QEAAAEAV01@AEBV01@@Z

??4?$_Yarn@D@std@@QEAAAEAV01@AEBV01@@Z

??4?$_Yarn@D@std@@QEAAAEAV01@PEBD@Z

??4?$_Yarn@G@std@@QEAAAEAV01@AEBV01@@Z

??4?$_Yarn@G@std@@QEAAAEAV01@PEBG@Z

??4?$_Yarn@_W@std@@QEAAAEAV01@AEBV01@@Z

??4?$_Yarn@_W@std@@QEAAAEAV01@PEB_W@Z

??4?$basic_iostream@DU?$char_traits@D@std@@@std@@IEAAAEAV01@$$QEAV01@@Z

??4?$basic_iostream@GU?$char_traits@G@std@@@std@@IEAAAEAV01@$$QEAV01@@Z

??4?$basic_iostream@_WU?$char_traits@_W@std@@@std@@IEAAAEAV01@$$QEAV01@@Z

??4?$basic_istream@DU?$char_traits@D@std@@@std@@IEAAAEAV01@$$QEAV01@@Z

??4?$basic_istream@GU?$char_traits@G@std@@@std@@IEAAAEAV01@$$QEAV01@@Z

??4?$basic_istream@_WU?$char_traits@_W@std@@@std@@IEAAAEAV01@$$QEAV01@@Z

??4?$basic_ostream@DU?$char_traits@D@std@@@std@@IEAAAEAV01@$$QEAV01@@Z

??4?$basic_ostream@GU?$char_traits@G@std@@@std@@IEAAAEAV01@$$QEAV01@@Z

??4?$basic_ostream@_WU?$char_traits@_W@std@@@std@@IEAAAEAV01@$$QEAV01@@Z

??4?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAAEAV01@AEBV01@@Z

??4?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAAEAV01@AEBV01@@Z

??4?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAAAEAV01@AEBV01@@Z

??4Init@ios_base@std@@QEAAAEAV012@AEBV012@@Z

??4_Crt_new_delete@std@@QEAAAEAU01@$$QEAU01@@Z

??4_Crt_new_delete@std@@QEAAAEAU01@AEBU01@@Z

??4_Facet_base@std@@QEAAAEAV01@AEBV01@@Z

??4_Init_locks@std@@QEAAAEAV01@AEBV01@@Z

??4_Timevec@std@@QEAAAEAV01@AEBV01@@Z

??4_UShinit@std@@QEAAAEAV01@AEBV01@@Z

??4_Winit@std@@QEAAAEAV01@AEBV01@@Z

??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEAF@Z

??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEAG@Z

??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEAH@Z

??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEAI@Z

??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEAJ@Z

??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEAK@Z

??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEAM@Z

??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEAN@Z

??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEAO@Z

??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEAPEAX@Z

??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEA_J@Z

??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEA_K@Z

??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEA_N@Z

??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z

??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV?$basic_ios@DU?$char_traits@D@std@@@1@AEAV21@@Z@Z

??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z

??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z

??5?$basic_istream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@AEAF@Z

??5?$basic_istream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@AEAG@Z

??5?$basic_istream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@AEAH@Z

??5?$basic_istream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@AEAI@Z

??5?$basic_istream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@AEAJ@Z

??5?$basic_istream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@AEAK@Z

??5?$basic_istream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@AEAM@Z

??5?$basic_istream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@AEAN@Z

??5?$basic_istream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@AEAO@Z

??5?$basic_istream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@AEAPEAX@Z

??5?$basic_istream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@AEA_J@Z

??5?$basic_istream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@AEA_K@Z

??5?$basic_istream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@AEA_N@Z

??5?$basic_istream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z

??5?$basic_istream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@P6AAEAV?$basic_ios@GU?$char_traits@G@std@@@1@AEAV21@@Z@Z

??5?$basic_istream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z

??5?$basic_istream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@PEAV?$basic_streambuf@GU?$char_traits@G@std@@@1@@Z

??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@AEAF@Z

??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@AEAG@Z

??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@AEAH@Z

??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@AEAI@Z

??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@AEAJ@Z

??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@AEAK@Z

??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@AEAM@Z

??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@AEAN@Z

??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@AEAO@Z

??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@AEAPEAX@Z

??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@AEA_J@Z

??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@AEA_K@Z

??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@AEA_N@Z

??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z

??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@P6AAEAV?$basic_ios@_WU?$char_traits@_W@std@@@1@AEAV21@@Z@Z

??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z

??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@PEAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@@Z

??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@F@Z

??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@G@Z

??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@H@Z

??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@I@Z

??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@J@Z

??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@K@Z

??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@M@Z

??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@N@Z

??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@O@Z

??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z

??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV?$basic_ios@DU?$char_traits@D@std@@@1@AEAV21@@Z@Z

??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z

??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z

??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@PEBX@Z

??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@_J@Z

??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@_K@Z

??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@_N@Z

??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@F@Z

??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@G@Z

??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@H@Z

??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@I@Z

??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@J@Z

??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@K@Z

??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@M@Z

??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@N@Z

??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@O@Z

??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z

??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@P6AAEAV?$basic_ios@GU?$char_traits@G@std@@@1@AEAV21@@Z@Z

??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z

??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@PEAV?$basic_streambuf@GU?$char_traits@G@std@@@1@@Z

??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@PEBX@Z

??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@_J@Z

??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@_K@Z

??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@_N@Z

??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@F@Z

??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@G@Z

??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@H@Z

??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@I@Z

??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@J@Z

??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@K@Z

??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@M@Z

??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@N@Z

??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@O@Z

??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z

??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@P6AAEAV?$basic_ios@_WU?$char_traits@_W@std@@@1@AEAV21@@Z@Z

??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z

??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@PEAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@@Z

??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@PEBX@Z

??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@_J@Z

??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@_K@Z

??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@_N@Z

??7ios_base@std@@QEBA_NXZ

??Bid@locale@std@@QEAA_KXZ

??Bios_base@std@@QEBA_NXZ

??_7?$basic_ios@DU?$char_traits@D@std@@@std@@6B@

??_7?$basic_ios@GU?$char_traits@G@std@@@std@@6B@

??_7?$basic_ios@_WU?$char_traits@_W@std@@@std@@6B@

??_7?$basic_iostream@DU?$char_traits@D@std@@@std@@6B@

??_7?$basic_iostream@GU?$char_traits@G@std@@@std@@6B@

??_7?$basic_iostream@_WU?$char_traits@_W@std@@@std@@6B@

??_7?$basic_istream@DU?$char_traits@D@std@@@std@@6B@

??_7?$basic_istream@GU?$char_traits@G@std@@@std@@6B@

??_7?$basic_istream@_WU?$char_traits@_W@std@@@std@@6B@

??_7?$basic_ostream@DU?$char_traits@D@std@@@std@@6B@

??_7?$basic_ostream@GU?$char_traits@G@std@@@std@@6B@

??_7?$basic_ostream@_WU?$char_traits@_W@std@@@std@@6B@

??_7?$basic_streambuf@DU?$char_traits@D@std@@@std@@6B@

??_7?$basic_streambuf@GU?$char_traits@G@std@@@std@@6B@

??_7?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@6B@

??_7?$codecvt@DDU_Mbstatet@@@std@@6B@

??_7?$codecvt@GDU_Mbstatet@@@std@@6B@

??_7?$codecvt@_SDU_Mbstatet@@@std@@6B@

??_7?$codecvt@_UDU_Mbstatet@@@std@@6B@

??_7?$codecvt@_WDU_Mbstatet@@@std@@6B@

??_7?$ctype@D@std@@6B@

??_7?$ctype@G@std@@6B@

??_7?$ctype@_W@std@@6B@

??_7?$num_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@6B@

??_7?$num_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@6B@

??_7?$num_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@6B@

??_7?$num_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@6B@

??_7?$num_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@6B@

??_7?$num_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@6B@

??_7?$time_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@6B@

??_7?$time_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@6B@

??_7?$time_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@6B@

??_7?$time_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@6B@

??_7?$time_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@6B@

??_7?$time_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@6B@

??_7_Facet_base@std@@6B@

??_7_Locimp@locale@std@@6B@

??_7codecvt_base@std@@6B@

??_7ctype_base@std@@6B@

??_7facet@locale@std@@6B@

??_7ios_base@std@@6B@

??_7time_base@std@@6B@

??_8?$basic_iostream@DU?$char_traits@D@std@@@std@@7B?$basic_istream@DU?$char_traits@D@std@@@1@@

??_8?$basic_iostream@DU?$char_traits@D@std@@@std@@7B?$basic_ostream@DU?$char_traits@D@std@@@1@@

??_8?$basic_iostream@GU?$char_traits@G@std@@@std@@7B?$basic_istream@GU?$char_traits@G@std@@@1@@

??_8?$basic_iostream@GU?$char_traits@G@std@@@std@@7B?$basic_ostream@GU?$char_traits@G@std@@@1@@

??_8?$basic_iostream@_WU?$char_traits@_W@std@@@std@@7B?$basic_istream@_WU?$char_traits@_W@std@@@1@@

??_8?$basic_iostream@_WU?$char_traits@_W@std@@@std@@7B?$basic_ostream@_WU?$char_traits@_W@std@@@1@@

??_8?$basic_istream@DU?$char_traits@D@std@@@std@@7B@

??_8?$basic_istream@GU?$char_traits@G@std@@@std@@7B@

??_8?$basic_istream@_WU?$char_traits@_W@std@@@std@@7B@

??_8?$basic_ostream@DU?$char_traits@D@std@@@std@@7B@

??_8?$basic_ostream@GU?$char_traits@G@std@@@std@@7B@

??_8?$basic_ostream@_WU?$char_traits@_W@std@@@std@@7B@

??_D?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAAXXZ

??_D?$basic_iostream@GU?$char_traits@G@std@@@std@@QEAAXXZ

??_D?$basic_iostream@_WU?$char_traits@_W@std@@@std@@QEAAXXZ

??_D?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAXXZ

??_D?$basic_istream@GU?$char_traits@G@std@@@std@@QEAAXXZ

??_D?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAAXXZ

??_D?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ

??_D?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAXXZ

??_D?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAXXZ

??_F?$codecvt@DDU_Mbstatet@@@std@@QEAAXXZ

??_F?$codecvt@GDU_Mbstatet@@@std@@QEAAXXZ

??_F?$codecvt@_SDU_Mbstatet@@@std@@QEAAXXZ

??_F?$codecvt@_UDU_Mbstatet@@@std@@QEAAXXZ

??_F?$codecvt@_WDU_Mbstatet@@@std@@QEAAXXZ

??_F?$ctype@D@std@@QEAAXXZ

??_F?$ctype@G@std@@QEAAXXZ

??_F?$ctype@_W@std@@QEAAXXZ

??_F?$num_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QEAAXXZ

??_F?$num_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QEAAXXZ

??_F?$num_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@QEAAXXZ

??_F?$num_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QEAAXXZ

??_F?$num_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QEAAXXZ

??_F?$num_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@QEAAXXZ

??_F?$time_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QEAAXXZ

??_F?$time_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QEAAXXZ

??_F?$time_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@QEAAXXZ

??_F?$time_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QEAAXXZ

??_F?$time_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QEAAXXZ

??_F?$time_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@QEAAXXZ

??_F_Locinfo@std@@QEAAXXZ

??_F_Timevec@std@@QEAAXXZ

??_Fcodecvt_base@std@@QEAAXXZ

??_Fctype_base@std@@QEAAXXZ

??_Ffacet@locale@std@@QEAAXXZ

??_Fid@locale@std@@QEAAXXZ

??_Ftime_base@std@@QEAAXXZ

?CaptureCallstack@platform@details@Concurrency@@YA_KPEAPEAX_K1@Z

?GetCurrentThreadId@platform@details@Concurrency@@YAJXZ

?GetNextAsyncId@platform@details@Concurrency@@YAIXZ

?ReportUnhandledError@_ExceptionHolder@details@Concurrency@@AEAAXXZ

?_Addcats@_Locinfo@std@@QEAAAEAV12@HPEBD@Z

?_Addfac@_Locimp@locale@std@@AEAAXPEAVfacet@23@_K@Z

?_Addstd@ios_base@std@@SAXPEAV12@@Z

?_Assign@_ContextCallback@details@Concurrency@@AEAAXPEAX@Z

?_Atexit@@YAXP6AXXZ@Z

?_BADOFF@std@@3_JB

?_C_str@?$_Yarn@D@std@@QEBAPEBDXZ

?_C_str@?$_Yarn@G@std@@QEBAPEBGXZ

?_C_str@?$_Yarn@_W@std@@QEBAPEB_WXZ

?_CallInContext@_ContextCallback@details@Concurrency@@QEBAXV?$function@$$A6AXXZ@std@@_N@Z

?_Callfns@ios_base@std@@AEAAXW4event@12@@Z

?_Capture@_ContextCallback@details@Concurrency@@AEAAXXZ

?_Clocptr@_Locimp@locale@std@@0PEAV123@EA

?_Debug_message@std@@YAXPEBG0I@Z

?_Debug_message@std@@YAXPEB_W0I@Z

?_Decref@facet@locale@std@@UEAAPEAV_Facet_base@3@XZ

?_Donarrow@?$ctype@G@std@@IEBADGD@Z

?_Donarrow@?$ctype@_W@std@@IEBAD_WD@Z

?_Dowiden@?$ctype@G@std@@IEBAGD@Z

?_Dowiden@?$ctype@_W@std@@IEBA_WD@Z

?_Empty@?$_Yarn@D@std@@QEBA_NXZ

?_Empty@?$_Yarn@G@std@@QEBA_NXZ

?_Empty@?$_Yarn@_W@std@@QEBA_NXZ

?_Execute_once@std@@YAHAEAUonce_flag@1@P6AHPEAX1PEAPEAX@Z1@Z

?_Ffmt@?$num_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@AEBAPEADPEADDH@Z

?_Ffmt@?$num_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@AEBAPEADPEADDH@Z

?_Ffmt@?$num_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@AEBAPEADPEADDH@Z

?_Findarr@ios_base@std@@AEAAAEAU_Iosarray@12@H@Z

?_Fiopen@std@@YAPEAU_iobuf@@PEBDHH@Z

?_Fiopen@std@@YAPEAU_iobuf@@PEBGHH@Z

?_Fiopen@std@@YAPEAU_iobuf@@PEB_WHH@Z

?_Fput@?$num_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@AEBA?AV?$ostreambuf_iterator@DU?$char_traits@D@std@@@2@V32@AEAVios_base@2@DPEBD_K@Z

?_Fput@?$num_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@AEBA?AV?$ostreambuf_iterator@GU?$char_traits@G@std@@@2@V32@AEAVios_base@2@GPEBD_K@Z

?_Fput@?$num_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@AEBA?AV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@2@V32@AEAVios_base@2@_WPEBD_K@Z

?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z

?_Getcat@?$codecvt@GDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z

?_Getcat@?$codecvt@_SDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z

?_Getcat@?$codecvt@_UDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z

?_Getcat@?$codecvt@_WDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z

?_Getcat@?$ctype@D@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z

?_Getcat@?$ctype@G@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z

?_Getcat@?$ctype@_W@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z

?_Getcat@?$num_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z

?_Getcat@?$num_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z

?_Getcat@?$num_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z

?_Getcat@?$num_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z

?_Getcat@?$num_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z

?_Getcat@?$num_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z

?_Getcat@?$time_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z

?_Getcat@?$time_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z

?_Getcat@?$time_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z

?_Getcat@?$time_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z

?_Getcat@?$time_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z

?_Getcat@?$time_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z

?_Getcat@facet@locale@std@@SA_KPEAPEBV123@PEBV23@@Z

?_Getcoll@_Locinfo@std@@QEBA?AU_Collvec@@XZ

?_Getctype@_Locinfo@std@@QEBA?AU_Ctypevec@@XZ

?_Getcvt@_Locinfo@std@@QEBA?AU_Cvtvec@@XZ

?_Getdateorder@_Locinfo@std@@QEBAHXZ

?_Getdays@_Locinfo@std@@QEBAPEBDXZ

?_Getfalse@_Locinfo@std@@QEBAPEBDXZ

?_Getffld@?$num_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@AEBAHPEADAEAV?$istreambuf_iterator@DU?$char_traits@D@std@@@2@1AEAVios_base@2@PEAH@Z

?_Getffld@?$num_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@AEBAHPEADAEAV?$istreambuf_iterator@GU?$char_traits@G@std@@@2@1AEAVios_base@2@PEAH@Z

?_Getffld@?$num_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@AEBAHPEADAEAV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@2@1AEAVios_base@2@PEAH@Z

?_Getffldx@?$num_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@AEBAHPEADAEAV?$istreambuf_iterator@DU?$char_traits@D@std@@@2@1AEAVios_base@2@PEAH@Z

?_Getffldx@?$num_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@AEBAHPEADAEAV?$istreambuf_iterator@GU?$char_traits@G@std@@@2@1AEAVios_base@2@PEAH@Z

?_Getffldx@?$num_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@AEBAHPEADAEAV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@2@1AEAVios_base@2@PEAH@Z

?_Getfmt@?$time_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@IEBA?AV?$istreambuf_iterator@DU?$char_traits@D@std@@@2@V32@0AEAVios_base@2@AEAHPEAUtm@@PEBD@Z

?_Getfmt@?$time_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@IEBA?AV?$istreambuf_iterator@GU?$char_traits@G@std@@@2@V32@0AEAVios_base@2@AEAHPEAUtm@@PEBD@Z

?_Getfmt@?$time_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@IEBA?AV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@2@V32@0AEAVios_base@2@AEAHPEAUtm@@PEBD@Z

?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ

?_Getifld@?$num_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@AEBAHPEADAEAV?$istreambuf_iterator@DU?$char_traits@D@std@@@2@1HAEBVlocale@2@@Z

?_Getifld@?$num_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@AEBAHPEADAEAV?$istreambuf_iterator@GU?$char_traits@G@std@@@2@1HAEBVlocale@2@@Z

?_Getifld@?$num_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@AEBAHPEADAEAV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@2@1HAEBVlocale@2@@Z

?_Getint@?$time_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@AEBAHAEAV?$istreambuf_iterator@DU?$char_traits@D@std@@@2@0HHAEAHAEBV?$ctype@D@2@@Z

?_Getint@?$time_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@AEBAHAEAV?$istreambuf_iterator@GU?$char_traits@G@std@@@2@0HHAEAHAEBV?$ctype@G@2@@Z

?_Getint@?$time_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@AEBAHAEAV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@2@0HHAEAHAEBV?$ctype@_W@2@@Z

?_Getlconv@_Locinfo@std@@QEBAPEBUlconv@@XZ

?_Getmonths@_Locinfo@std@@QEBAPEBDXZ

?_Getname@_Locinfo@std@@QEBAPEBDXZ

?_Getptr@_Timevec@std@@QEBAPEAXXZ

?_Gettnames@_Locinfo@std@@QEBA?AV_Timevec@2@XZ

?_Gettrue@_Locinfo@std@@QEBAPEBDXZ

?_Gnavail@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBA_JXZ

?_Gnavail@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBA_JXZ

?_Gnavail@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEBA_JXZ

?_Gndec@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ

?_Gndec@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAPEAGXZ

?_Gndec@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAAPEA_WXZ

?_Gninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ

?_Gninc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAPEAGXZ

?_Gninc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAAPEA_WXZ

?_Gnpreinc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ

Sections

.text
Size: 602KB - Virtual size: 602KB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

.rdata
Size: 300KB - Virtual size: 299KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.pdata
Size: 46KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 104B

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_DISCARDABLE

IMAGE_SCN_MEM_READ

ucrtbased.dll

.dll windows:10 windows x64 arch:x64

b55fd631afff103d396e8e1df0093baa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_LARGE_ADDRESS_AWARE

IMAGE_FILE_DLL

PDB Paths

ucrtbased.pdb

Imports

api-ms-win-core-string-l1-1-0

MultiByteToWideChar

GetStringTypeW

WideCharToMultiByte

CompareStringW

api-ms-win-core-errorhandling-l1-1-0

RaiseException

SetUnhandledExceptionFilter

UnhandledExceptionFilter

SetErrorMode

SetLastError

GetLastError

api-ms-win-core-file-l1-1-0

GetDiskFreeSpaceW

FlushFileBuffers

SetEndOfFile

LockFileEx

SetFileTime

UnlockFileEx

DeleteFileW

RemoveDirectoryW

CreateDirectoryW

FindClose

GetFullPathNameA

SetFileAttributesW

GetFullPathNameW

GetFileAttributesExW

WriteFile

FindNextFileA

FindFirstFileExA

FindNextFileW

GetLogicalDrives

FindFirstFileExW

SetFilePointerEx

GetFileType

GetDriveTypeW

CreateFileW

ReadFile

api-ms-win-core-timezone-l1-1-0

SystemTimeToTzSpecificLocalTime

SystemTimeToFileTime

GetTimeZoneInformation

FileTimeToSystemTime

TzSpecificLocalTimeToSystemTime

api-ms-win-core-handle-l1-1-0

DuplicateHandle

CloseHandle

api-ms-win-core-namedpipe-l1-1-0

CreatePipe

PeekNamedPipe

api-ms-win-core-file-l2-1-0

MoveFileExW

api-ms-win-core-heap-l1-1-0

HeapFree

HeapQueryInformation

HeapReAlloc

HeapCompact

HeapWalk

GetProcessHeap

HeapValidate

HeapSize

HeapAlloc

api-ms-win-core-sysinfo-l1-1-0

GetTickCount

SetLocalTime

GetSystemInfo

GetLocalTime

GetSystemTimeAsFileTime

api-ms-win-core-libraryloader-l1-1-0

LoadLibraryExA

FreeLibrary

GetModuleHandleW

GetProcAddress

LoadLibraryExW

GetModuleFileNameW

GetModuleHandleExW

GetModuleFileNameA

FreeLibraryAndExitThread

api-ms-win-core-synch-l1-1-0

EnterCriticalSection

WaitForSingleObjectEx

WaitForSingleObject

LeaveCriticalSection

DeleteCriticalSection

InitializeCriticalSectionAndSpinCount

api-ms-win-core-processthreads-l1-1-0

ResumeThread

ExitThread

ExitProcess

TerminateProcess

GetCurrentProcessId

CreateProcessW

CreateProcessA

CreateThread

GetStartupInfoW

TlsFree

TlsSetValue

TlsGetValue

TlsAlloc

GetExitCodeProcess

GetCurrentThreadId

GetCurrentThread

GetCurrentProcess

api-ms-win-core-processenvironment-l1-1-0

SetCurrentDirectoryA

GetCurrentDirectoryW

GetStdHandle

SetCurrentDirectoryW

SetEnvironmentVariableW

GetCommandLineW

GetCommandLineA

FreeEnvironmentStringsW

GetCurrentDirectoryA

GetEnvironmentStringsW

SetEnvironmentVariableA

SetStdHandle

api-ms-win-core-datetime-l1-1-0

GetTimeFormatW

GetDateFormatW

api-ms-win-core-localization-l1-2-0

GetCPInfo

IsValidCodePage

GetUserDefaultLCID

GetACP

GetLocaleInfoW

LCMapStringW

GetOEMCP

EnumSystemLocalesW

IsValidLocale

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-console-l1-1-0

SetConsoleMode

GetConsoleMode

ReadConsoleW

GetConsoleCP

WriteConsoleW

ReadConsoleInputW

SetConsoleCtrlHandler

PeekConsoleInputA

ReadConsoleInputA

GetNumberOfConsoleInputEvents

api-ms-win-core-debug-l1-1-0

OutputDebugStringW

OutputDebugStringA

IsDebuggerPresent

api-ms-win-core-rtlsupport-l1-1-0

RtlUnwindEx

RtlPcToFileHeader

RtlCaptureContext

RtlLookupFunctionEntry

RtlVirtualUnwind

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-file-l1-2-0

GetTempPathW

api-ms-win-core-profile-l1-1-0

QueryPerformanceFrequency

QueryPerformanceCounter

api-ms-win-core-memory-l1-1-0

VirtualProtect

VirtualQuery

VirtualAlloc

api-ms-win-core-util-l1-1-0

EncodePointer

Beep

api-ms-win-core-interlocked-l1-1-0

InterlockedPushEntrySList

InterlockedFlushSList

Exports

_Cbuild

_Cmulcc

_Cmulcr

_CreateFrameInfo

_CrtCheckMemory

_CrtDbgReport

_CrtDbgReportW

_CrtDoForAllClientObjects

_CrtDumpMemoryLeaks

_CrtGetAllocHook

_CrtGetDebugFillThreshold

_CrtGetDumpClient

_CrtGetReportHook

_CrtIsMemoryBlock

_CrtIsValidHeapPointer

_CrtIsValidPointer

_CrtMemCheckpoint

_CrtMemDifference

_CrtMemDumpAllObjectsSince

_CrtMemDumpStatistics

_CrtReportBlockType

_CrtSetAllocHook

_CrtSetBreakAlloc

_CrtSetDbgBlockType

_CrtSetDbgFlag

_CrtSetDebugFillThreshold

_CrtSetDumpClient

_CrtSetReportFile

_CrtSetReportHook

_CrtSetReportHook2

_CrtSetReportHookW2

_CrtSetReportMode

_CxxThrowException

_Exit

_FCbuild

_FCmulcc

_FCmulcr

_FindAndUnlinkFrame

_GetImageBase

_GetThrowImageBase

_Getdays

_Getmonths

_Gettnames

_IsExceptionObjectToBeDestroyed

_LCbuild

_LCmulcc

_LCmulcr

_SetImageBase

_SetThrowImageBase

_SetWinRTOutOfMemoryExceptionCallback

_Strftime

_VCrtDbgReportA

_VCrtDbgReportW

_W_Getdays

_W_Getmonths

_W_Gettnames

_Wcsftime

__AdjustPointer

__BuildCatchObject

__BuildCatchObjectHelper

__C_specific_handler

__CxxDetectRethrow

__CxxExceptionFilter

__CxxFrameHandler

__CxxFrameHandler2

__CxxFrameHandler3

__CxxQueryExceptionSize

__CxxRegisterExceptionObject

__CxxUnregisterExceptionObject

__DestructExceptionObject

__FrameUnwindFilter

__GetPlatformExceptionInfo

__NLG_Dispatch2

__NLG_Return2

__RTCastToVoid

__RTDynamicCast

__RTtypeid

__TypeMatch

___lc_codepage_func

___lc_collate_cp_func

___lc_locale_name_func

___mb_cur_max_func

___mb_cur_max_l_func

__acrt_iob_func

__conio_common_vcprintf

__conio_common_vcprintf_p

__conio_common_vcprintf_s

__conio_common_vcscanf

__conio_common_vcwprintf

__conio_common_vcwprintf_p

__conio_common_vcwprintf_s

__conio_common_vcwscanf

__current_exception

__current_exception_context

__daylight

__dcrt_get_wide_environment_from_os

__dcrt_initial_narrow_environment

__doserrno

__dstbias

__fpe_flt_rounds

__fpecode

__initialize_lconv_for_unsigned_char

__intrinsic_setjmp

__intrinsic_setjmpex

__isascii

__iscsym

__iscsymf

__iswcsym

__iswcsymf

__p___argc

__p___argv

__p___wargv

__p__acmdln

__p__commode

__p__crtBreakAlloc

__p__crtDbgFlag

__p__environ

__p__fmode

__p__mbcasemap

__p__mbctype

__p__pgmptr

__p__wcmdln

__p__wenviron

__p__wpgmptr

__pctype_func

__processing_throw

__pwctype_func

__pxcptinfoptrs

__report_gsfailure

__setusermatherr

__std_exception_copy

__std_exception_destroy

__std_type_info_compare

__std_type_info_destroy_list

__std_type_info_hash

__std_type_info_name

__stdio_common_vfprintf

__stdio_common_vfprintf_p

__stdio_common_vfprintf_s

__stdio_common_vfscanf

__stdio_common_vfwprintf

__stdio_common_vfwprintf_p

__stdio_common_vfwprintf_s

__stdio_common_vfwscanf

__stdio_common_vsnprintf_s

__stdio_common_vsnwprintf_s

__stdio_common_vsprintf

__stdio_common_vsprintf_p

__stdio_common_vsprintf_s

__stdio_common_vsscanf

__stdio_common_vswprintf

__stdio_common_vswprintf_p

__stdio_common_vswprintf_s

__stdio_common_vswscanf

__strncnt

__sys_errlist

__sys_nerr

__threadhandle

__threadid

__timezone

__toascii

__tzname

__unDName

__unDNameEx

__uncaught_exception

__wcserror

__wcserror_s

__wcsncnt

_abs64

_access

_access_s

_aligned_free

_aligned_free_dbg

_aligned_malloc

_aligned_malloc_dbg

_aligned_msize

_aligned_msize_dbg

_aligned_offset_malloc

_aligned_offset_malloc_dbg

_aligned_offset_realloc

_aligned_offset_realloc_dbg

_aligned_offset_recalloc

_aligned_offset_recalloc_dbg

_aligned_realloc

_aligned_realloc_dbg

_aligned_recalloc

_aligned_recalloc_dbg

_assert

_atodbl

_atodbl_l

_atof_l

_atoflt

_atoflt_l

_atoi64

_atoi64_l

_atoi_l

_atol_l

_atoldbl

_atoldbl_l

_atoll_l

_beep

_beginthread

_beginthreadex

_byteswap_uint64

_byteswap_ulong

_byteswap_ushort

_c_exit

_cabs

_callnewh

_calloc_base

_calloc_dbg

_cexit

_cgets

_cgets_s

_cgetws

_cgetws_s

_chdir

_chdrive

_chgsign

_chgsignf

_chmod

_chsize

_chsize_s

_chvalidator

_chvalidator_l

_clearfp

_close

_commit

_configthreadlocale

_configure_narrow_argv

_configure_wide_argv

_control87

_controlfp

_controlfp_s

_copysign

_copysignf

_cputs

_cputws

_creat

_create_locale

_crt_at_quick_exit

_crt_atexit

_ctime32

_ctime32_s

_ctime64

_ctime64_s

_cwait

_d_int

_dclass

_dexp

_difftime32

_difftime64

_dlog

_dnorm

_dpcomp

_dpoly

_dscale

_dsign

_dsin

_dtest

_dunscale

_dup

_dup2

_dupenv_s

_dupenv_s_dbg

_ecvt

_ecvt_s

_endthread

_endthreadex

_eof

_errno

_except1

_execl

_execle

_execlp

_execlpe

_execute_onexit_table

_execv

_execve

_execvp

_execvpe

_exit

_expand

_expand_dbg

_fclose_nolock

_fcloseall

_fcvt

_fcvt_s

_fd_int

_fdclass

_fdexp

_fdlog

_fdnorm

_fdopen

_fdpcomp

_fdpoly

_fdscale

_fdsign

_fdsin

_fdtest

_fdunscale

_fflush_nolock

_fgetc_nolock

_fgetchar

_fgetwc_nolock

_fgetwchar

_filelength

_filelengthi64

_fileno

_findclose

_findfirst32

_findfirst32i64

_findfirst64

_findfirst64i32

_findnext32

_findnext32i64

_findnext64

_findnext64i32

_finite

_finitef

_flushall

_fpclass

_fpclassf

_fpieee_flt

_fpreset

_fputc_nolock

_fputchar

_fputwc_nolock

_fputwchar

_fread_nolock

_fread_nolock_s

_free_base

_free_dbg

_free_locale

_fseek_nolock

_fseeki64

_fseeki64_nolock

_fsopen

_fstat32

_fstat32i64

_fstat64

_fstat64i32

_ftell_nolock

_ftelli64

_ftelli64_nolock

_ftime32

_ftime32_s

_ftime64

_ftime64_s

_fullpath

_fullpath_dbg

_futime32

_futime64

_fwrite_nolock

_gcvt

_gcvt_s

_get_FMA3_enable

_get_current_locale

_get_daylight

_get_doserrno

_get_dstbias

_get_errno

_get_fmode

_get_heap_handle

_get_initial_narrow_environment

_get_initial_wide_environment

_get_invalid_parameter_handler

_get_narrow_winmain_command_line

_get_osfhandle

_get_pgmptr

_get_printf_count_output

_get_purecall_handler

_get_stream_buffer_pointers

_get_terminate

_get_thread_local_invalid_parameter_handler

_get_timezone

_get_tzname

_get_unexpected

_get_wide_winmain_command_line

_get_wpgmptr

_getc_nolock

_getch

_getch_nolock

_getche

_getche_nolock

_getcwd

_getcwd_dbg

_getdcwd

_getdcwd_dbg

_getdiskfree

_getdllprocaddr

_getdrive

_getdrives

_getmaxstdio

_getmbcp

_getpid

_getsystime

_getw

_getwc_nolock

_getwch

_getwch_nolock

_getwche

_getwche_nolock

_getws

_getws_s

_gmtime32

_gmtime32_s

_gmtime64

_gmtime64_s

_heapchk

_heapmin

_heapwalk

_hypot

_hypotf

_i64toa

_i64toa_s

_i64tow

_i64tow_s

_initialize_narrow_environment

_initialize_onexit_table

_initialize_wide_environment

_initterm

_initterm_e

_invalid_parameter

_invalid_parameter_noinfo

_invalid_parameter_noinfo_noreturn

_invoke_watson

_is_exception_typeof

_isalnum_l

_isalpha_l

_isatty

_isblank_l

_iscntrl_l

_isctype

_isctype_l

_isdigit_l

_isgraph_l

_isleadbyte_l

_islower_l

_ismbbalnum

_ismbbalnum_l

_ismbbalpha

_ismbbalpha_l

_ismbbblank

_ismbbblank_l

_ismbbgraph

_ismbbgraph_l

_ismbbkalnum

_ismbbkalnum_l

_ismbbkana

_ismbbkana_l

_ismbbkprint

_ismbbkprint_l

_ismbbkpunct

_ismbbkpunct_l

_ismbblead

_ismbblead_l

_ismbbprint

_ismbbprint_l

_ismbbpunct

_ismbbpunct_l

_ismbbtrail

_ismbbtrail_l

_ismbcalnum

_ismbcalnum_l

_ismbcalpha

_ismbcalpha_l

_ismbcblank

_ismbcblank_l

_ismbcdigit

_ismbcdigit_l

_ismbcgraph

_ismbcgraph_l

_ismbchira

_ismbchira_l

_ismbckata

_ismbckata_l

_ismbcl0

_ismbcl0_l

_ismbcl1

_ismbcl1_l

_ismbcl2

_ismbcl2_l

_ismbclegal

_ismbclegal_l

_ismbclower

_ismbclower_l

_ismbcprint

_ismbcprint_l

_ismbcpunct

_ismbcpunct_l

_ismbcspace

_ismbcspace_l

_ismbcsymbol

_ismbcsymbol_l

_ismbcupper

_ismbcupper_l

_ismbslead

_ismbslead_l

_ismbstrail

Sections

.text
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

.rdata
Size: 350KB - Virtual size: 350KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.pdata
Size: 49KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_DISCARDABLE

IMAGE_SCN_MEM_READ

vcruntime140_1d.dll

.dll windows:6 windows x64 arch:x64

30c26d0c0b20ce0c9f73508ad9ade67f

Code Sign

33:00:00:00:eb:69:aa:cc:3e:29:9f:2d:39:00:00:00:00:00:eb
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/08/2018, 20:19

Not After

23/11/2019, 20:19

Subject

CN=Microsoft Time-Stamp Service,OU=Microsoft Operations Puerto Rico+OU=Thales TSS ESN:B8EC-30A4-7144,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

33:00:00:01:51:9e:8d:8f:40:71:a3:0e:41:00:00:00:00:01:51
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

02/05/2019, 21:37

Not After

02/05/2020, 21:37

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03/04/2007, 12:53

Not After

03/04/2021, 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08/07/2011, 20:59

Not After

08/07/2026, 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

33:00:00:01:51:9e:8d:8f:40:71:a3:0e:41:00:00:00:00:01:51
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

02/05/2019, 21:37

Not After

02/05/2020, 21:37

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08/07/2011, 20:59

Not After

08/07/2026, 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

8f:04:24:c3:ff:35:e2:c8:d8:b5:3c:47:28:6e:c2:12:a8:cc:98:c8:aa:81:53:2d:ee:0e:3b:58:6a:0e:00:9f
Signer

Actual PE Digest

8f:04:24:c3:ff:35:e2:c8:d8:b5:3c:47:28:6e:c2:12:a8:cc:98:c8:aa:81:53:2d:ee:0e:3b:58:6a:0e:00:9f

Digest Algorithm

sha256

PE Digest Matches

true

f0:bc:50:62:37:a1:dd:11:e3:8f:26:6c:77:f9:e3:c8:26:2f:f4:45
Signer

Actual PE Digest

f0:bc:50:62:37:a1:dd:11:e3:8f:26:6c:77:f9:e3:c8:26:2f:f4:45

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_LARGE_ADDRESS_AWARE

IMAGE_FILE_DLL

PDB Paths

d:\agent\_work\3\s\\binaries\amd64ret\bin\amd64\\vcruntime140_1d.amd64.pdb

Imports

ucrtbased

strcmp

wcsncmp

abort

_calloc_dbg

_free_dbg

strlen

strcpy_s

malloc

free

_CrtDbgReportW

memset

terminate

vcruntime140d

__processing_throw

__current_exception

memmove

__C_specific_handler

kernel32

IsProcessorFeaturePresent

TerminateProcess

GetCurrentProcess

SetUnhandledExceptionFilter

UnhandledExceptionFilter

RtlVirtualUnwind

RtlCaptureContext

GetSystemTimeAsFileTime

GetCurrentThreadId

GetCurrentProcessId

QueryPerformanceCounter

RtlUnwindEx

RtlLookupFunctionEntry

LoadLibraryExW

GetProcAddress

FreeLibrary

TlsFree

TlsSetValue

TlsGetValue

TlsAlloc

InitializeCriticalSectionAndSpinCount

EncodePointer

RaiseException

RtlPcToFileHeader

GetLastError

DeleteCriticalSection

SetLastError

Exports

__CxxFrameHandler4

__NLG_Dispatch2

__NLG_Return2

Sections

.text
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

.rdata
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 280B

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_DISCARDABLE

IMAGE_SCN_MEM_READ

vcruntime140d.dll

.dll windows:6 windows x64 arch:x64

0ec3c3c7f981e5ae8205d85c9009ac26

Code Sign

33:00:00:00:9c:ee:fe:14:55:a9:5d:35:50:00:00:00:00:00:9c
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

30/03/2016, 19:21

Not After

30/06/2017, 19:21

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:5847-F761-4F70,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

33:00:00:01:0a:2c:79:ae:d7:79:7b:a6:ac:00:01:00:00:01:0a
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

04/06/2015, 17:42

Not After

04/09/2016, 17:42

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:33:26:1a:00:00:00:00:00:31
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

31/08/2010, 22:19

Not After

31/08/2020, 22:29

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03/04/2007, 12:53

Not After

03/04/2021, 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

33:00:00:00:64:47:84:94:86:db:41:19:38:00:00:00:00:00:64
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

28/10/2015, 20:31

Not After

28/01/2017, 20:31

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08/07/2011, 20:59

Not After

08/07/2026, 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

7d:18:78:bd:4d:05:00:1e:bc:b9:fa:5f:cc:84:92:15:e0:b0:fd:7a:cf:ed:92:09:0f:72:3f:91:30:9f:38:3e
Signer

Actual PE Digest

7d:18:78:bd:4d:05:00:1e:bc:b9:fa:5f:cc:84:92:15:e0:b0:fd:7a:cf:ed:92:09:0f:72:3f:91:30:9f:38:3e

Digest Algorithm

sha256

PE Digest Matches

true

0b:d3:4a:10:e3:10:59:d9:59:09:01:b3:0b:64:29:0a:86:af:80:42
Signer

Actual PE Digest

0b:d3:4a:10:e3:10:59:d9:59:09:01:b3:0b:64:29:0a:86:af:80:42

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_LARGE_ADDRESS_AWARE

IMAGE_FILE_DLL

PDB Paths

vcruntime140d.amd64.pdb

Imports

ucrtbased

atol

__stdio_common_vsprintf_s

abort

_calloc_dbg

_malloc_dbg

_free_dbg

strlen

strcpy_s

malloc

free

_CrtDbgReportW

strcmp

terminate

kernel32

SetLastError

IsProcessorFeaturePresent

TerminateProcess

GetCurrentProcess

SetUnhandledExceptionFilter

UnhandledExceptionFilter

RtlVirtualUnwind

RtlCaptureContext

GetSystemTimeAsFileTime

GetCurrentThreadId

GetCurrentProcessId

QueryPerformanceCounter

RtlLookupFunctionEntry

GetModuleHandleW

RtlUnwindEx

RtlPcToFileHeader

EncodePointer

RaiseException

InterlockedPushEntrySList

InterlockedFlushSList

EnterCriticalSection

LeaveCriticalSection

DeleteCriticalSection

GetLastError

InitializeCriticalSectionAndSpinCount

TlsAlloc

TlsGetValue

TlsSetValue

TlsFree

FreeLibrary

GetProcAddress

LoadLibraryExW

GetModuleFileNameW

Exports

_CreateFrameInfo

_CxxThrowException

_FindAndUnlinkFrame

_IsExceptionObjectToBeDestroyed

_SetWinRTOutOfMemoryExceptionCallback

__AdjustPointer

__BuildCatchObject

__BuildCatchObjectHelper

__C_specific_handler

__C_specific_handler_noexcept

__CxxDetectRethrow

__CxxExceptionFilter

__CxxFrameHandler

__CxxFrameHandler2

__CxxFrameHandler3

__CxxQueryExceptionSize

__CxxRegisterExceptionObject

__CxxUnregisterExceptionObject

__DestructExceptionObject

__FrameUnwindFilter

__GetPlatformExceptionInfo

__NLG_Dispatch2

__NLG_Return2

__RTCastToVoid

__RTDynamicCast

__RTtypeid

__TypeMatch

__current_exception

__current_exception_context

__intrinsic_setjmp

__intrinsic_setjmpex

__processing_throw

__report_gsfailure

__std_exception_copy

__std_exception_destroy

__std_terminate

__std_type_info_compare

__std_type_info_destroy_list

__std_type_info_hash

__std_type_info_name

__telemetry_main_invoke_trigger

__telemetry_main_return_trigger

__unDName

__unDNameEx

__uncaught_exception

__uncaught_exceptions

__vcrt_GetModuleFileNameW

__vcrt_GetModuleHandleW

__vcrt_InitializeCriticalSectionEx

__vcrt_LoadLibraryExW

_get_purecall_handler

_get_unexpected

_is_exception_typeof

_local_unwind

_purecall

_set_purecall_handler

_set_se_translator

longjmp

memchr

memcmp

memcpy

memmove

memset

set_unexpected

strchr

strrchr

strstr

unexpected

wcschr

wcsrchr

wcsstr

Sections

.text
Size: 90KB - Virtual size: 90KB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

.rdata
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 372B

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_DISCARDABLE

IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

dae02f32a21e03ce65412f6e56942daa

Code Sign

7a:98:1b:7d:3e:b4:86:bb:45:84:c4:3c:c9:a8:3f:dbCertificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16Certificate

Extended Key Usages

Key Usages

47:b4:cf:f5:c2:a1:e0:36:e9:3f:b8:c2:44:a0:df:33:c2:26:10:62Signer

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 2.1MB - Virtual size: 2.1MB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 12B

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mscoree

Sections

.text Size: 319KB - Virtual size: 319KB

.rsrc Size: 5KB - Virtual size: 5KB

.reloc Size: 512B - Virtual size: 12B

39fe52335bcb5f9357674966ec37e956

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

msvcp140d

vcruntime140_1d

vcruntime140d

ucrtbased

Sections

.textbss Size: - Virtual size: 64KB

.text Size: 42KB - Virtual size: 42KB

.rdata Size: 14KB - Virtual size: 14KB

.data Size: 512B - Virtual size: 2KB

.pdata Size: 9KB - Virtual size: 9KB

.idata Size: 6KB - Virtual size: 5KB

.msvcjmc Size: 1024B - Virtual size: 559B

.00cfg Size: 512B - Virtual size: 373B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 1024B - Virtual size: 704B

dae02f32a21e03ce65412f6e56942daa

Code Sign

3a:93:0b:19:8f:29:72:9a:49:b0:8b:f3:6d:f8:17:aeCertificate

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66Certificate

Extended Key Usages

Key Usages

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1bCertificate

Extended Key Usages

Key Usages

34:8f:92:bf:68:07:1b:a4:18:d3:f6:b4:4e:02:5a:2c:51:c0:51:c0Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mscoree

Sections

.text Size: 1.3MB - Virtual size: 1.3MB

.reloc Size: 512B - Virtual size: 12B

.rsrc Size: 1KB - Virtual size: 1KB

dae02f32a21e03ce65412f6e56942daa

7a:98:1b:7d:3e:b4:86:bb:45:84:c4:3c:c9:a8:3f:db
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

47:b4:cf:f5:c2:a1:e0:36:e9:3f:b8:c2:44:a0:df:33:c2:26:10:62
Signer

.text
Size: 2.1MB - Virtual size: 2.1MB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 319KB - Virtual size: 319KB

.rsrc
Size: 5KB - Virtual size: 5KB

.reloc
Size: 512B - Virtual size: 12B

.textbss
Size: - Virtual size: 64KB

.text
Size: 42KB - Virtual size: 42KB

.rdata
Size: 14KB - Virtual size: 14KB

.data
Size: 512B - Virtual size: 2KB

.pdata
Size: 9KB - Virtual size: 9KB

.idata
Size: 6KB - Virtual size: 5KB

.msvcjmc
Size: 1024B - Virtual size: 559B

.00cfg
Size: 512B - Virtual size: 373B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 1024B - Virtual size: 704B

3a:93:0b:19:8f:29:72:9a:49:b0:8b:f3:6d:f8:17:ae
Certificate

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

34:8f:92:bf:68:07:1b:a4:18:d3:f6:b4:4e:02:5a:2c:51:c0:51:c0
Signer

.text
Size: 1.3MB - Virtual size: 1.3MB

.reloc
Size: 512B - Virtual size: 12B

.rsrc
Size: 1KB - Virtual size: 1KB

.text
Size: 10KB - Virtual size: 9KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B

33:00:00:00:9c:ee:fe:14:55:a9:5d:35:50:00:00:00:00:00:9c
Certificate

33:00:00:01:40:96:a9:ee:70:56:fe:cc:07:00:01:00:00:01:40
Certificate

61:33:26:1a:00:00:00:00:00:31
Certificate

61:16:68:34:00:00:00:00:00:1c
Certificate

33:00:00:00:64:47:84:94:86:db:41:19:38:00:00:00:00:00:64
Certificate

61:0e:90:d2:00:00:00:00:00:03
Certificate

e5:13:8f:84:f4:96:1b:fe:73:13:57:25:aa:fc:dc:95:7e:d9:52:bf:20:95:4e:d7:0b:cd:4b:7a:2d:32:8e:3f
Signer

02:c6:87:a0:6f:a1:ed:55:57:e8:b5:45:f8:53:b5:18:8f:61:d6:d8
Signer

.text
Size: 602KB - Virtual size: 602KB

.rdata
Size: 300KB - Virtual size: 299KB

.data
Size: 7KB - Virtual size: 14KB

.pdata
Size: 46KB - Virtual size: 46KB

.didat
Size: 512B - Virtual size: 104B

.rsrc
Size: 1024B - Virtual size: 1024B

.reloc
Size: 3KB - Virtual size: 3KB