Copy+to+UFED4PC+7[.]60+Installation+directory+(Data+file)[.]rar

resource	yara_rule
static1/unpack001/Copy to UFED4PC 7.60 Installation directory (Data file)/ufed copy to location DLL/ARM_Helper.dll	themida
static1/unpack001/Copy to UFED4PC 7.60 Installation directory (Data file)/ufed copy to location DLL/AndroidDeviceDecrypt.dll	themida
static1/unpack001/Copy to UFED4PC 7.60 Installation directory (Data file)/ufed copy to location DLL/AndroidLib.dll	themida
static1/unpack001/Copy to UFED4PC 7.60 Installation directory (Data file)/ufed copy to location DLL/AndroidRootAccessUtils.dll	themida
static1/unpack001/Copy to UFED4PC 7.60 Installation directory (Data file)/ufed copy to location DLL/Capone.dll	themida
static1/unpack001/Copy to UFED4PC 7.60 Installation directory (Data file)/ufed copy to location DLL/Common.dll	themida
static1/unpack001/Copy to UFED4PC 7.60 Installation directory (Data file)/ufed copy to location DLL/DatabaseEngine.dll	themida
static1/unpack001/Copy to UFED4PC 7.60 Installation directory (Data file)/ufed copy to location DLL/Dump_A2.dll	themida
static1/unpack001/Copy to UFED4PC 7.60 Installation directory (Data file)/ufed copy to location DLL/Dump_Advanced_ADB.dll	themida
static1/unpack001/Copy to UFED4PC 7.60 Installation directory (Data file)/ufed copy to location DLL/Dump_Android.dll	themida
static1/unpack001/Copy to UFED4PC 7.60 Installation directory (Data file)/ufed copy to location DLL/Dump_BB5.dll	themida
static1/unpack001/Copy to UFED4PC 7.60 Installation directory (Data file)/ufed copy to location DLL/Dump_BlackBerry.dll	themida
static1/unpack001/Copy to UFED4PC 7.60 Installation directory (Data file)/ufed copy to location DLL/Dump_BtlCommon.dll	themida
static1/unpack001/Copy to UFED4PC 7.60 Installation directory (Data file)/ufed copy to location DLL/Dump_Huawei.dll	themida
static1/unpack001/Copy to UFED4PC 7.60 Installation directory (Data file)/ufed copy to location DLL/Dump_Huawei_Vendor.dll	themida
static1/unpack001/Copy to UFED4PC 7.60 Installation directory (Data file)/ufed copy to location DLL/Dump_Lg_Android_LAF.dll	themida
static1/unpack001/Copy to UFED4PC 7.60 Installation directory (Data file)/ufed copy to location DLL/Dump_MTK_KO.dll	themida
static1/unpack001/Copy to UFED4PC 7.60 Installation directory (Data file)/ufed copy to location DLL/Dump_MTP.dll	themida
static1/unpack001/Copy to UFED4PC 7.60 Installation directory (Data file)/ufed copy to location DLL/Dump_MotGSM.dll	themida
static1/unpack001/Copy to UFED4PC 7.60 Installation directory (Data file)/ufed copy to location DLL/Dump_NokiaAsha.dll	themida
static1/unpack001/Copy to UFED4PC 7.60 Installation directory (Data file)/ufed copy to location DLL/Dump_Nokia_WP.dll	themida
static1/unpack001/Copy to UFED4PC 7.60 Installation directory (Data file)/ufed copy to location DLL/Dump_Oasis.dll	themida
static1/unpack001/Copy to UFED4PC 7.60 Installation directory (Data file)/ufed copy to location DLL/Dump_Py_Raw.dll	themida
static1/unpack001/Copy to UFED4PC 7.60 Installation directory (Data file)/ufed copy to location DLL/Dump_SamsungGSM.dll	themida
static1/unpack001/Copy to UFED4PC 7.60 Installation directory (Data file)/ufed copy to location DLL/Dump_SamsungSBL_FDE.dll	themida
static1/unpack001/Copy to UFED4PC 7.60 Installation directory (Data file)/ufed copy to location DLL/Dump_Selenium.dll	themida
static1/unpack001/Copy to UFED4PC 7.60 Installation directory (Data file)/ufed copy to location DLL/Dump_SpreadTrum.dll	themida
static1/unpack001/Copy to UFED4PC 7.60 Installation directory (Data file)/ufed copy to location DLL/Dump_ZTE.dll	themida
static1/unpack001/Copy to UFED4PC 7.60 Installation directory (Data file)/ufed copy to location DLL/Dump_common.dll	themida
static1/unpack001/Copy to UFED4PC 7.60 Installation directory (Data file)/ufed copy to location DLL/Dump_iPhone_MNM.dll	themida
static1/unpack001/Copy to UFED4PC 7.60 Installation directory (Data file)/ufed copy to location DLL/EvidenceCollection_iPhone.dll	themida
static1/unpack001/Copy to UFED4PC 7.60 Installation directory (Data file)/ufed copy to location DLL/GenesisStates.dll	themida
static1/unpack001/Copy to UFED4PC 7.60 Installation directory (Data file)/ufed copy to location DLL/InnerLoader.exe	themida
static1/unpack001/Copy to UFED4PC 7.60 Installation directory (Data file)/ufed copy to location DLL/Knockout_Utils.dll	themida
static1/unpack001/Copy to UFED4PC 7.60 Installation directory (Data file)/ufed copy to location DLL/MnmClient.dll	themida
static1/unpack001/Copy to UFED4PC 7.60 Installation directory (Data file)/ufed copy to location DLL/ToolsDucatiHardRestore.dll	themida
static1/unpack001/Copy to UFED4PC 7.60 Installation directory (Data file)/ufed copy to location DLL/ToolsLGFixBootLoader.dll	themida
static1/unpack001/Copy to UFED4PC 7.60 Installation directory (Data file)/ufed copy to location DLL/ToolsVinculumFirmwareFlash.dll	themida
static1/unpack001/Copy to UFED4PC 7.60 Installation directory (Data file)/ufed copy to location DLL/cld.dll	themida

resource
unpack001/Copy to UFED4PC 7.60 Installation directory (Data file)/ufed copy to location DLL/Exodus.CellebriteTouch.exe
unpack001/Copy to UFED4PC 7.60 Installation directory (Data file)/ufed copy to location DLL/cryptbase.dll
unpack001/Copy to UFED4PC 7.60 Installation directory (Data file)/ufed copy to location DLL/hasp_net_windows.dll
unpack001/Copy to UFED4PC 7.60 Installation directory (Data file)/ufed copy to location DLL/sntl_adminapi_net_windows.dll

Copy+to+UFED4PC+7.60+Installation+directory+(Data+file).rar

.rar

Copy to UFED4PC 7.60 Installation directory (Data file)/More information.txt

Copy to UFED4PC 7.60 Installation directory (Data file)/ufed copy to location DLL/ARM_Helper.dll

.dll windows:6 windows x86 arch:x86

Code Sign

03:a3:43:19:c7:07:88:13:c1:21:d6:74:4a:ba:05:7e
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

27/12/2020, 00:00

Not After

03/01/2024, 23:59

Subject

CN=Cellebrite DI LTD,O=Cellebrite DI LTD,L=Petah Tikva,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign

KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23/12/2017, 00:00

Not After

22/03/2029, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

73:6e:3e:85:c8:bd:d7:89:f7:49:ae:b7:62:f2:29:0d:59:7e:8b:b1:3b:da:83:9f:07:08:70:14:6f:ff:7d:00
Signer

Actual PE Digest

73:6e:3e:85:c8:bd:d7:89:f7:49:ae:b7:62:f2:29:0d:59:7e:8b:b1:3b:da:83:9f:07:08:70:14:6f:ff:7d:00

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_32BIT_MACHINE

IMAGE_FILE_DLL

Exports

??0?$Instruction@UArm32@DisassembleGeneric@@@DisassembleGeneric@@QAE@$$QAV01@@Z

??0?$Instruction@UArm32@DisassembleGeneric@@@DisassembleGeneric@@QAE@ABV01@@Z

??0?$Instruction@UArm32@DisassembleGeneric@@@DisassembleGeneric@@QAE@XZ

??0?$Instruction@UArm64@DisassembleGeneric@@@DisassembleGeneric@@QAE@$$QAV01@@Z

??0?$Instruction@UArm64@DisassembleGeneric@@@DisassembleGeneric@@QAE@ABV01@@Z

??0?$Instruction@UArm64@DisassembleGeneric@@@DisassembleGeneric@@QAE@XZ

??0?$Instruction@UThumb@DisassembleGeneric@@@DisassembleGeneric@@QAE@$$QAV01@@Z

??0?$Instruction@UThumb@DisassembleGeneric@@@DisassembleGeneric@@QAE@ABV01@@Z

??0?$Instruction@UThumb@DisassembleGeneric@@@DisassembleGeneric@@QAE@XZ

??0?$Nullable@I@DisassembleGeneric@@QAE@ABI@Z

??0?$Nullable@I@DisassembleGeneric@@QAE@XZ

??0?$Nullable@_K@DisassembleGeneric@@QAE@AB_K@Z

??0?$Nullable@_K@DisassembleGeneric@@QAE@XZ

??0?$RegsTempl@I$0BA@@DisassembleGeneric@@QAE@XZ

??0?$RegsTempl@_K$0CB@@DisassembleGeneric@@QAE@XZ

??0AddHiRegisterThumb@DisassembleGeneric@@QAE@$$QAV01@@Z

??0AddHiRegisterThumb@DisassembleGeneric@@QAE@ABV01@@Z

??0AddHiRegisterThumb@DisassembleGeneric@@QAE@XZ

??0AddInstArm32@DisassembleGeneric@@QAE@$$QAV01@@Z

??0AddInstArm32@DisassembleGeneric@@QAE@ABV01@@Z

??0AddInstArm32@DisassembleGeneric@@QAE@XZ

??0AddInstArm64@DisassembleGeneric@@QAE@$$QAV01@@Z

??0AddInstArm64@DisassembleGeneric@@QAE@ABV01@@Z

??0AddInstArm64@DisassembleGeneric@@QAE@XZ

??0AddwThumb@DisassembleGeneric@@QAE@$$QAV01@@Z

??0AddwThumb@DisassembleGeneric@@QAE@ABV01@@Z

??0AddwThumb@DisassembleGeneric@@QAE@XZ

??0AdrInstArm64@DisassembleGeneric@@QAE@$$QAV01@@Z

??0AdrInstArm64@DisassembleGeneric@@QAE@ABV01@@Z

??0AdrInstArm64@DisassembleGeneric@@QAE@XZ

??0AdrpInstArm64@DisassembleGeneric@@QAE@$$QAV01@@Z

??0AdrpInstArm64@DisassembleGeneric@@QAE@ABV01@@Z

??0AdrpInstArm64@DisassembleGeneric@@QAE@XZ

??0BranchArm32@DisassembleGeneric@@QAE@$$QAV01@@Z

??0BranchArm32@DisassembleGeneric@@QAE@ABV01@@Z

??0BranchArm32@DisassembleGeneric@@QAE@XZ

??0BranchArm64@DisassembleGeneric@@QAE@$$QAV01@@Z

??0BranchArm64@DisassembleGeneric@@QAE@ABV01@@Z

??0BranchArm64@DisassembleGeneric@@QAE@XZ

??0BranchLinkThumb2@DisassembleGeneric@@QAE@$$QAV01@@Z

??0BranchLinkThumb2@DisassembleGeneric@@QAE@ABV01@@Z

??0BranchLinkThumb2@DisassembleGeneric@@QAE@XZ

??0BranchLinkThumb@DisassembleGeneric@@QAE@$$QAV01@@Z

??0BranchLinkThumb@DisassembleGeneric@@QAE@ABV01@@Z

??0BranchLinkThumb@DisassembleGeneric@@QAE@XZ

??0BranchRegArm32@DisassembleGeneric@@QAE@$$QAV01@@Z

??0BranchRegArm32@DisassembleGeneric@@QAE@ABV01@@Z

??0BranchRegArm32@DisassembleGeneric@@QAE@XZ

??0BranchThumb@DisassembleGeneric@@QAE@$$QAV01@@Z

??0BranchThumb@DisassembleGeneric@@QAE@ABV01@@Z

??0BranchThumb@DisassembleGeneric@@QAE@XZ

??0CmpInstArm32@DisassembleGeneric@@QAE@$$QAV01@@Z

??0CmpInstArm32@DisassembleGeneric@@QAE@ABV01@@Z

??0CmpInstArm32@DisassembleGeneric@@QAE@XZ

??0FuncEndArm32@DisassembleGeneric@@QAE@$$QAV01@@Z

??0FuncEndArm32@DisassembleGeneric@@QAE@ABV01@@Z

??0FuncEndArm32@DisassembleGeneric@@QAE@XZ

??0FuncEndThumb@DisassembleGeneric@@QAE@$$QAV01@@Z

??0FuncEndThumb@DisassembleGeneric@@QAE@ABV01@@Z

??0FuncEndThumb@DisassembleGeneric@@QAE@XZ

??0FuncStartArm32@DisassembleGeneric@@QAE@$$QAV01@@Z

??0FuncStartArm32@DisassembleGeneric@@QAE@ABV01@@Z

??0FuncStartArm32@DisassembleGeneric@@QAE@XZ

??0FuncStartArm64@DisassembleGeneric@@QAE@$$QAV01@@Z

??0FuncStartArm64@DisassembleGeneric@@QAE@ABV01@@Z

??0FuncStartArm64@DisassembleGeneric@@QAE@XZ

??0FuncStartArm64NoStrict@DisassembleGeneric@@QAE@$$QAV01@@Z

??0FuncStartArm64NoStrict@DisassembleGeneric@@QAE@ABV01@@Z

??0FuncStartArm64NoStrict@DisassembleGeneric@@QAE@XZ

??0FuncStartThumb@DisassembleGeneric@@QAE@$$QAV01@@Z

??0FuncStartThumb@DisassembleGeneric@@QAE@ABV01@@Z

??0FuncStartThumb@DisassembleGeneric@@QAE@XZ

??0GeneriHiRegisterOperations@DisassembleGeneric@@QAE@$$QAV01@@Z

??0GeneriHiRegisterOperations@DisassembleGeneric@@QAE@ABV01@@Z

??0GeneriHiRegisterOperations@DisassembleGeneric@@QAE@XZ

??0GenericDataInstArm32@DisassembleGeneric@@QAE@$$QAV01@@Z

??0GenericDataInstArm32@DisassembleGeneric@@QAE@ABV01@@Z

??0GenericDataInstArm32@DisassembleGeneric@@QAE@XZ

??0GenericDataInstThumb@DisassembleGeneric@@QAE@$$QAV01@@Z

??0GenericDataInstThumb@DisassembleGeneric@@QAE@ABV01@@Z

??0GenericDataInstThumb@DisassembleGeneric@@QAE@XZ

??0GenericMoveAddSubInstThumb@DisassembleGeneric@@QAE@$$QAV01@@Z

??0GenericMoveAddSubInstThumb@DisassembleGeneric@@QAE@ABV01@@Z

??0GenericMoveAddSubInstThumb@DisassembleGeneric@@QAE@XZ

??0InstructionData@?$Instruction@UArm32@DisassembleGeneric@@@DisassembleGeneric@@QAE@XZ

??0InstructionData@?$Instruction@UArm64@DisassembleGeneric@@@DisassembleGeneric@@QAE@XZ

??0InstructionData@?$Instruction@UThumb@DisassembleGeneric@@@DisassembleGeneric@@QAE@XZ

??0LdrInstArm32@DisassembleGeneric@@QAE@$$QAV01@@Z

??0LdrInstArm32@DisassembleGeneric@@QAE@ABV01@@Z

??0LdrInstArm32@DisassembleGeneric@@QAE@XZ

??0LdrInstArm64@DisassembleGeneric@@QAE@$$QAV01@@Z

??0LdrInstArm64@DisassembleGeneric@@QAE@ABV01@@Z

??0LdrInstArm64@DisassembleGeneric@@QAE@XZ

??0LdrRelThumb@DisassembleGeneric@@QAE@$$QAV01@@Z

??0LdrRelThumb@DisassembleGeneric@@QAE@ABV01@@Z

??0LdrRelThumb@DisassembleGeneric@@QAE@XZ

??0LdrStrInstArm64@DisassembleGeneric@@QAE@$$QAV01@@Z

??0LdrStrInstArm64@DisassembleGeneric@@QAE@ABV01@@Z

??0LdrStrInstArm64@DisassembleGeneric@@QAE@XZ

??0LdrThumb@DisassembleGeneric@@QAE@$$QAV01@@Z

??0LdrThumb@DisassembleGeneric@@QAE@ABV01@@Z

??0LdrThumb@DisassembleGeneric@@QAE@XZ

??0Mov2Arm64@DisassembleGeneric@@QAE@$$QAV01@@Z

??0Mov2Arm64@DisassembleGeneric@@QAE@ABV01@@Z

??0Mov2Arm64@DisassembleGeneric@@QAE@XZ

??0Mov32Arm64@DisassembleGeneric@@QAE@$$QAV01@@Z

??0Mov32Arm64@DisassembleGeneric@@QAE@ABV01@@Z

??0Mov32Arm64@DisassembleGeneric@@QAE@XZ

??0MovArm64@DisassembleGeneric@@QAE@$$QAV01@@Z

??0MovArm64@DisassembleGeneric@@QAE@ABV01@@Z

??0MovArm64@DisassembleGeneric@@QAE@XZ

??0MovInstArm32@DisassembleGeneric@@QAE@$$QAV01@@Z

??0MovInstArm32@DisassembleGeneric@@QAE@ABV01@@Z

??0MovInstArm32@DisassembleGeneric@@QAE@XZ

??0MovsThumb@DisassembleGeneric@@QAE@$$QAV01@@Z

??0MovsThumb@DisassembleGeneric@@QAE@ABV01@@Z

??0MovsThumb@DisassembleGeneric@@QAE@XZ

??0MovtInstArm32@DisassembleGeneric@@QAE@$$QAV01@@Z

??0MovtInstArm32@DisassembleGeneric@@QAE@ABV01@@Z

??0MovtInstArm32@DisassembleGeneric@@QAE@XZ

??0MovtThumb@DisassembleGeneric@@QAE@$$QAV01@@Z

??0MovtThumb@DisassembleGeneric@@QAE@ABV01@@Z

??0MovtThumb@DisassembleGeneric@@QAE@XZ

??0RetArm64@DisassembleGeneric@@QAE@$$QAV01@@Z

??0RetArm64@DisassembleGeneric@@QAE@ABV01@@Z

??0RetArm64@DisassembleGeneric@@QAE@XZ

??0StrInstArm32@DisassembleGeneric@@QAE@$$QAV01@@Z

??0StrInstArm32@DisassembleGeneric@@QAE@ABV01@@Z

??0StrInstArm32@DisassembleGeneric@@QAE@XZ

??0StrInstArm64@DisassembleGeneric@@QAE@$$QAV01@@Z

??0StrInstArm64@DisassembleGeneric@@QAE@ABV01@@Z

??0StrInstArm64@DisassembleGeneric@@QAE@XZ

??0StrThumb@DisassembleGeneric@@QAE@$$QAV01@@Z

??0StrThumb@DisassembleGeneric@@QAE@ABV01@@Z

??0StrThumb@DisassembleGeneric@@QAE@XZ

??0SubInstArm64@DisassembleGeneric@@QAE@$$QAV01@@Z

??0SubInstArm64@DisassembleGeneric@@QAE@ABV01@@Z

??0SubInstArm64@DisassembleGeneric@@QAE@XZ

??4?$Instruction@UArm32@DisassembleGeneric@@@DisassembleGeneric@@QAEAAV01@$$QAV01@@Z

??4?$Instruction@UArm32@DisassembleGeneric@@@DisassembleGeneric@@QAEAAV01@ABV01@@Z

??4?$Instruction@UArm64@DisassembleGeneric@@@DisassembleGeneric@@QAEAAV01@$$QAV01@@Z

??4?$Instruction@UArm64@DisassembleGeneric@@@DisassembleGeneric@@QAEAAV01@ABV01@@Z

??4?$Instruction@UThumb@DisassembleGeneric@@@DisassembleGeneric@@QAEAAV01@$$QAV01@@Z

??4?$Instruction@UThumb@DisassembleGeneric@@@DisassembleGeneric@@QAEAAV01@ABV01@@Z

??4?$Nullable@I@DisassembleGeneric@@QAEAAV01@$$QAV01@@Z

??4?$Nullable@I@DisassembleGeneric@@QAEAAV01@ABV01@@Z

??4?$Nullable@_K@DisassembleGeneric@@QAEAAV01@$$QAV01@@Z

??4?$Nullable@_K@DisassembleGeneric@@QAEAAV01@ABV01@@Z

??4?$RegsTempl@I$0BA@@DisassembleGeneric@@QAEAAV01@$$QAV01@@Z

??4?$RegsTempl@I$0BA@@DisassembleGeneric@@QAEAAV01@ABV01@@Z

??4?$RegsTempl@_K$0CB@@DisassembleGeneric@@QAEAAV01@$$QAV01@@Z

??4?$RegsTempl@_K$0CB@@DisassembleGeneric@@QAEAAV01@ABV01@@Z

??4AddHiRegisterThumb@DisassembleGeneric@@QAEAAV01@$$QAV01@@Z

??4AddHiRegisterThumb@DisassembleGeneric@@QAEAAV01@ABV01@@Z

??4AddInstArm32@DisassembleGeneric@@QAEAAV01@$$QAV01@@Z

??4AddInstArm32@DisassembleGeneric@@QAEAAV01@ABV01@@Z

??4AddInstArm64@DisassembleGeneric@@QAEAAV01@$$QAV01@@Z

??4AddInstArm64@DisassembleGeneric@@QAEAAV01@ABV01@@Z

??4AddwThumb@DisassembleGeneric@@QAEAAV01@$$QAV01@@Z

??4AddwThumb@DisassembleGeneric@@QAEAAV01@ABV01@@Z

??4AdrInstArm64@DisassembleGeneric@@QAEAAV01@$$QAV01@@Z

??4AdrInstArm64@DisassembleGeneric@@QAEAAV01@ABV01@@Z

??4AdrpInstArm64@DisassembleGeneric@@QAEAAV01@$$QAV01@@Z

??4AdrpInstArm64@DisassembleGeneric@@QAEAAV01@ABV01@@Z

??4Arm32Coder@DisassembleGeneric@@QAEAAU01@$$QAU01@@Z

??4Arm32Coder@DisassembleGeneric@@QAEAAU01@ABU01@@Z

??4Arm64Coder@DisassembleGeneric@@QAEAAU01@$$QAU01@@Z

??4Arm64Coder@DisassembleGeneric@@QAEAAU01@ABU01@@Z

??4BranchArm32@DisassembleGeneric@@QAEAAV01@$$QAV01@@Z

??4BranchArm32@DisassembleGeneric@@QAEAAV01@ABV01@@Z

??4BranchArm64@DisassembleGeneric@@QAEAAV01@$$QAV01@@Z

??4BranchArm64@DisassembleGeneric@@QAEAAV01@ABV01@@Z

??4BranchLinkThumb2@DisassembleGeneric@@QAEAAV01@$$QAV01@@Z

??4BranchLinkThumb2@DisassembleGeneric@@QAEAAV01@ABV01@@Z

??4BranchLinkThumb@DisassembleGeneric@@QAEAAV01@$$QAV01@@Z

??4BranchLinkThumb@DisassembleGeneric@@QAEAAV01@ABV01@@Z

??4BranchRegArm32@DisassembleGeneric@@QAEAAV01@$$QAV01@@Z

??4BranchRegArm32@DisassembleGeneric@@QAEAAV01@ABV01@@Z

??4BranchThumb@DisassembleGeneric@@QAEAAV01@$$QAV01@@Z

??4BranchThumb@DisassembleGeneric@@QAEAAV01@ABV01@@Z

??4CmpInstArm32@DisassembleGeneric@@QAEAAV01@$$QAV01@@Z

??4CmpInstArm32@DisassembleGeneric@@QAEAAV01@ABV01@@Z

??4FuncEndArm32@DisassembleGeneric@@QAEAAV01@$$QAV01@@Z

??4FuncEndArm32@DisassembleGeneric@@QAEAAV01@ABV01@@Z

??4FuncEndThumb@DisassembleGeneric@@QAEAAV01@$$QAV01@@Z

??4FuncEndThumb@DisassembleGeneric@@QAEAAV01@ABV01@@Z

??4FuncStartArm32@DisassembleGeneric@@QAEAAV01@$$QAV01@@Z

??4FuncStartArm32@DisassembleGeneric@@QAEAAV01@ABV01@@Z

??4FuncStartArm64@DisassembleGeneric@@QAEAAV01@$$QAV01@@Z

??4FuncStartArm64@DisassembleGeneric@@QAEAAV01@ABV01@@Z

??4FuncStartArm64NoStrict@DisassembleGeneric@@QAEAAV01@$$QAV01@@Z

??4FuncStartArm64NoStrict@DisassembleGeneric@@QAEAAV01@ABV01@@Z

??4FuncStartThumb@DisassembleGeneric@@QAEAAV01@$$QAV01@@Z

??4FuncStartThumb@DisassembleGeneric@@QAEAAV01@ABV01@@Z

??4GeneriHiRegisterOperations@DisassembleGeneric@@QAEAAV01@$$QAV01@@Z

??4GeneriHiRegisterOperations@DisassembleGeneric@@QAEAAV01@ABV01@@Z

??4GenericDataInstArm32@DisassembleGeneric@@QAEAAV01@$$QAV01@@Z

??4GenericDataInstArm32@DisassembleGeneric@@QAEAAV01@ABV01@@Z

??4GenericDataInstThumb@DisassembleGeneric@@QAEAAV01@$$QAV01@@Z

??4GenericDataInstThumb@DisassembleGeneric@@QAEAAV01@ABV01@@Z

??4GenericMoveAddSubInstThumb@DisassembleGeneric@@QAEAAV01@$$QAV01@@Z

??4GenericMoveAddSubInstThumb@DisassembleGeneric@@QAEAAV01@ABV01@@Z

??4InstructionData@?$Instruction@UArm32@DisassembleGeneric@@@DisassembleGeneric@@QAEAAU012@$$QAU012@@Z

??4InstructionData@?$Instruction@UArm32@DisassembleGeneric@@@DisassembleGeneric@@QAEAAU012@ABU012@@Z

??4InstructionData@?$Instruction@UArm64@DisassembleGeneric@@@DisassembleGeneric@@QAEAAU012@$$QAU012@@Z

??4InstructionData@?$Instruction@UArm64@DisassembleGeneric@@@DisassembleGeneric@@QAEAAU012@ABU012@@Z

??4InstructionData@?$Instruction@UThumb@DisassembleGeneric@@@DisassembleGeneric@@QAEAAU012@$$QAU012@@Z

??4InstructionData@?$Instruction@UThumb@DisassembleGeneric@@@DisassembleGeneric@@QAEAAU012@ABU012@@Z

??4LdrInstArm32@DisassembleGeneric@@QAEAAV01@$$QAV01@@Z

??4LdrInstArm32@DisassembleGeneric@@QAEAAV01@ABV01@@Z

??4LdrInstArm64@DisassembleGeneric@@QAEAAV01@$$QAV01@@Z

??4LdrInstArm64@DisassembleGeneric@@QAEAAV01@ABV01@@Z

??4LdrRelThumb@DisassembleGeneric@@QAEAAV01@$$QAV01@@Z

??4LdrRelThumb@DisassembleGeneric@@QAEAAV01@ABV01@@Z

??4LdrStrInstArm64@DisassembleGeneric@@QAEAAV01@$$QAV01@@Z

??4LdrStrInstArm64@DisassembleGeneric@@QAEAAV01@ABV01@@Z

??4LdrThumb@DisassembleGeneric@@QAEAAV01@$$QAV01@@Z

??4LdrThumb@DisassembleGeneric@@QAEAAV01@ABV01@@Z

??4Mov2Arm64@DisassembleGeneric@@QAEAAV01@$$QAV01@@Z

??4Mov2Arm64@DisassembleGeneric@@QAEAAV01@ABV01@@Z

??4Mov32Arm64@DisassembleGeneric@@QAEAAV01@$$QAV01@@Z

??4Mov32Arm64@DisassembleGeneric@@QAEAAV01@ABV01@@Z

??4MovArm64@DisassembleGeneric@@QAEAAV01@$$QAV01@@Z

??4MovArm64@DisassembleGeneric@@QAEAAV01@ABV01@@Z

??4MovInstArm32@DisassembleGeneric@@QAEAAV01@$$QAV01@@Z

??4MovInstArm32@DisassembleGeneric@@QAEAAV01@ABV01@@Z

??4MovsThumb@DisassembleGeneric@@QAEAAV01@$$QAV01@@Z

??4MovsThumb@DisassembleGeneric@@QAEAAV01@ABV01@@Z

??4MovtInstArm32@DisassembleGeneric@@QAEAAV01@$$QAV01@@Z

??4MovtInstArm32@DisassembleGeneric@@QAEAAV01@ABV01@@Z

??4MovtThumb@DisassembleGeneric@@QAEAAV01@$$QAV01@@Z

??4MovtThumb@DisassembleGeneric@@QAEAAV01@ABV01@@Z

??4Regs32@DisassembleGeneric@@QAEAAU01@$$QAU01@@Z

??4Regs32@DisassembleGeneric@@QAEAAU01@ABU01@@Z

??4Regs64@DisassembleGeneric@@QAEAAU01@$$QAU01@@Z

??4Regs64@DisassembleGeneric@@QAEAAU01@ABU01@@Z

??4RetArm64@DisassembleGeneric@@QAEAAV01@$$QAV01@@Z

??4RetArm64@DisassembleGeneric@@QAEAAV01@ABV01@@Z

??4StrInstArm32@DisassembleGeneric@@QAEAAV01@$$QAV01@@Z

??4StrInstArm32@DisassembleGeneric@@QAEAAV01@ABV01@@Z

??4StrInstArm64@DisassembleGeneric@@QAEAAV01@$$QAV01@@Z

??4StrInstArm64@DisassembleGeneric@@QAEAAV01@ABV01@@Z

??4StrThumb@DisassembleGeneric@@QAEAAV01@$$QAV01@@Z

??4StrThumb@DisassembleGeneric@@QAEAAV01@ABV01@@Z

??4SubInstArm64@DisassembleGeneric@@QAEAAV01@$$QAV01@@Z

??4SubInstArm64@DisassembleGeneric@@QAEAAV01@ABV01@@Z

??4ThumbCoder@DisassembleGeneric@@QAEAAU01@$$QAU01@@Z

??4ThumbCoder@DisassembleGeneric@@QAEAAU01@ABU01@@Z

??_7?$Instruction@UArm32@DisassembleGeneric@@@DisassembleGeneric@@6B@

??_7?$Instruction@UArm64@DisassembleGeneric@@@DisassembleGeneric@@6B@

??_7?$Instruction@UThumb@DisassembleGeneric@@@DisassembleGeneric@@6B@

??_7AddHiRegisterThumb@DisassembleGeneric@@6B@

??_7AddInstArm32@DisassembleGeneric@@6B@

??_7AddInstArm64@DisassembleGeneric@@6B@

??_7AddwThumb@DisassembleGeneric@@6B@

??_7AdrInstArm64@DisassembleGeneric@@6B@

??_7AdrpInstArm64@DisassembleGeneric@@6B@

??_7BranchArm32@DisassembleGeneric@@6B@

??_7BranchArm64@DisassembleGeneric@@6B@

??_7BranchLinkThumb2@DisassembleGeneric@@6B@

??_7BranchLinkThumb@DisassembleGeneric@@6B@

??_7BranchRegArm32@DisassembleGeneric@@6B@

??_7BranchThumb@DisassembleGeneric@@6B@

??_7CmpInstArm32@DisassembleGeneric@@6B@

??_7FuncEndArm32@DisassembleGeneric@@6B@

??_7FuncEndThumb@DisassembleGeneric@@6B@

??_7FuncStartArm32@DisassembleGeneric@@6B@

??_7FuncStartArm64@DisassembleGeneric@@6B@

??_7FuncStartArm64NoStrict@DisassembleGeneric@@6B@

??_7FuncStartThumb@DisassembleGeneric@@6B@

??_7GeneriHiRegisterOperations@DisassembleGeneric@@6B@

??_7GenericDataInstArm32@DisassembleGeneric@@6B@

??_7GenericDataInstThumb@DisassembleGeneric@@6B@

??_7GenericMoveAddSubInstThumb@DisassembleGeneric@@6B@

??_7LdrInstArm32@DisassembleGeneric@@6B@

??_7LdrInstArm64@DisassembleGeneric@@6B@

??_7LdrRelThumb@DisassembleGeneric@@6B@

??_7LdrStrInstArm64@DisassembleGeneric@@6B@

??_7LdrThumb@DisassembleGeneric@@6B@

??_7Mov2Arm64@DisassembleGeneric@@6B@

??_7Mov32Arm64@DisassembleGeneric@@6B@

??_7MovArm64@DisassembleGeneric@@6B@

??_7MovInstArm32@DisassembleGeneric@@6B@

??_7MovsThumb@DisassembleGeneric@@6B@

??_7MovtInstArm32@DisassembleGeneric@@6B@

??_7MovtThumb@DisassembleGeneric@@6B@

??_7RetArm64@DisassembleGeneric@@6B@

??_7StrInstArm32@DisassembleGeneric@@6B@

??_7StrInstArm64@DisassembleGeneric@@6B@

??_7StrThumb@DisassembleGeneric@@6B@

??_7SubInstArm64@DisassembleGeneric@@6B@

?CacheFlushInvalidateARMV7@Arm32Coder@DisassembleGeneric@@0QBEB

?DecodeBitSet@MovArm64@DisassembleGeneric@@CAXIIIIAA_K0@Z

?DecodeBranch18@BranchThumb@DisassembleGeneric@@CA_NIGAAH@Z

?DecodeBranch19@BranchLinkThumb@DisassembleGeneric@@CAHIIAAH@Z

?DecodeData@GeneriHiRegisterOperations@DisassembleGeneric@@KA_NIAAV?$Machine@UThumb@DisassembleGeneric@@@2@GAAUInstructionData@?$Instruction@UThumb@DisassembleGeneric@@@2@@Z

?DecodeData@GenericDataInstArm32@DisassembleGeneric@@KA_NIPA_N_NAAUInstructionData@?$Instruction@UArm32@DisassembleGeneric@@@2@@Z

?DecodeData@GenericDataInstThumb@DisassembleGeneric@@KA_NIG_NAAUInstructionData@?$Instruction@UThumb@DisassembleGeneric@@@2@@Z

?DecodeData@GenericMoveAddSubInstThumb@DisassembleGeneric@@KA_NIGGAAUInstructionData@?$Instruction@UThumb@DisassembleGeneric@@@2@@Z

?DecodeDataProcessing@GenericDataInstArm32@DisassembleGeneric@@KA_NIIPAIIPA_NAAUInstructionData@?$Instruction@UArm32@DisassembleGeneric@@@2@@Z

?DecodeImm11@BranchThumb@DisassembleGeneric@@CAHI@Z

?DecodeImm12@AddwThumb@DisassembleGeneric@@CAIGG@Z

?DisableDCacheARMV7@Arm32Coder@DisassembleGeneric@@0QBEB

?DisableMMUARMV7@Arm32Coder@DisassembleGeneric@@0QBEB

?EnableMMUARMV7@Arm32Coder@DisassembleGeneric@@0QBEB

?Execute@?$Instruction@UArm32@DisassembleGeneric@@@DisassembleGeneric@@UAE_NAAV?$Machine@UArm32@DisassembleGeneric@@@2@AAV?$vector@IV?$allocator@I@std@@@std@@@Z

?Execute@?$Instruction@UArm64@DisassembleGeneric@@@DisassembleGeneric@@UAE_NAAV?$Machine@UArm64@DisassembleGeneric@@@2@AAV?$vector@_KV?$allocator@_K@std@@@std@@@Z

?Execute@?$Instruction@UThumb@DisassembleGeneric@@@DisassembleGeneric@@UAE_NAAV?$Machine@UThumb@DisassembleGeneric@@@2@AAV?$vector@IV?$allocator@I@std@@@std@@@Z

?Execute@AddHiRegisterThumb@DisassembleGeneric@@UAE_NAAV?$Machine@UThumb@DisassembleGeneric@@@2@AAV?$vector@IV?$allocator@I@std@@@std@@@Z

?Execute@AddInstArm32@DisassembleGeneric@@UAE_NAAV?$Machine@UArm32@DisassembleGeneric@@@2@AAV?$vector@IV?$allocator@I@std@@@std@@@Z

?Execute@AddInstArm64@DisassembleGeneric@@UAE_NAAV?$Machine@UArm64@DisassembleGeneric@@@2@AAV?$vector@_KV?$allocator@_K@std@@@std@@@Z

?Execute@AddwThumb@DisassembleGeneric@@UAE_NAAV?$Machine@UThumb@DisassembleGeneric@@@2@AAV?$vector@IV?$allocator@I@std@@@std@@@Z

?Execute@AdrInstArm64@DisassembleGeneric@@UAE_NAAV?$Machine@UArm64@DisassembleGeneric@@@2@AAV?$vector@_KV?$allocator@_K@std@@@std@@@Z

?Execute@AdrpInstArm64@DisassembleGeneric@@UAE_NAAV?$Machine@UArm64@DisassembleGeneric@@@2@AAV?$vector@_KV?$allocator@_K@std@@@std@@@Z

?Execute@BranchRegArm32@DisassembleGeneric@@UAE_NAAV?$Machine@UArm32@DisassembleGeneric@@@2@AAV?$vector@IV?$allocator@I@std@@@std@@@Z

?Execute@LdrInstArm32@DisassembleGeneric@@UAE_NAAV?$Machine@UArm32@DisassembleGeneric@@@2@AAV?$vector@IV?$allocator@I@std@@@std@@@Z

?Execute@LdrInstArm64@DisassembleGeneric@@UAE_NAAV?$Machine@UArm64@DisassembleGeneric@@@2@AAV?$vector@_KV?$allocator@_K@std@@@std@@@Z

?Execute@LdrRelThumb@DisassembleGeneric@@UAE_NAAV?$Machine@UThumb@DisassembleGeneric@@@2@AAV?$vector@IV?$allocator@I@std@@@std@@@Z

?Execute@LdrThumb@DisassembleGeneric@@UAE_NAAV?$Machine@UThumb@DisassembleGeneric@@@2@AAV?$vector@IV?$allocator@I@std@@@std@@@Z

?Execute@Mov2Arm64@DisassembleGeneric@@UAE_NAAV?$Machine@UArm64@DisassembleGeneric@@@2@AAV?$vector@_KV?$allocator@_K@std@@@std@@@Z

?Execute@MovArm64@DisassembleGeneric@@UAE_NAAV?$Machine@UArm64@DisassembleGeneric@@@2@AAV?$vector@_KV?$allocator@_K@std@@@std@@@Z

?Execute@MovInstArm32@DisassembleGeneric@@UAE_NAAV?$Machine@UArm32@DisassembleGeneric@@@2@AAV?$vector@IV?$allocator@I@std@@@std@@@Z

?Execute@MovsThumb@DisassembleGeneric@@UAE_NAAV?$Machine@UThumb@DisassembleGeneric@@@2@AAV?$vector@IV?$allocator@I@std@@@std@@@Z

?Execute@MovtInstArm32@DisassembleGeneric@@UAE_NAAV?$Machine@UArm32@DisassembleGeneric@@@2@AAV?$vector@IV?$allocator@I@std@@@std@@@Z

?Execute@MovtThumb@DisassembleGeneric@@UAE_NAAV?$Machine@UThumb@DisassembleGeneric@@@2@AAV?$vector@IV?$allocator@I@std@@@std@@@Z

?Execute@StrInstArm32@DisassembleGeneric@@UAE_NAAV?$Machine@UArm32@DisassembleGeneric@@@2@AAV?$vector@IV?$allocator@I@std@@@std@@@Z

?Execute@StrInstArm64@DisassembleGeneric@@UAE_NAAV?$Machine@UArm64@DisassembleGeneric@@@2@AAV?$vector@_KV?$allocator@_K@std@@@std@@@Z

?Execute@StrThumb@DisassembleGeneric@@UAE_NAAV?$Machine@UThumb@DisassembleGeneric@@@2@AAV?$vector@IV?$allocator@I@std@@@std@@@Z

?Execute@SubInstArm64@DisassembleGeneric@@UAE_NAAV?$Machine@UArm64@DisassembleGeneric@@@2@AAV?$vector@_KV?$allocator@_K@std@@@std@@@Z

?Get@?$Nullable@I@DisassembleGeneric@@QBE_NAAI@Z

?Get@?$Nullable@_K@DisassembleGeneric@@QBE_NAA_K@Z

?GetValue@?$RegsTempl@I$0BA@@DisassembleGeneric@@QBE_NIAAI@Z

?GetValue@?$RegsTempl@_K$0CB@@DisassembleGeneric@@QBE_NIAA_K@Z

?HighestBitSet@MovArm64@DisassembleGeneric@@CAII@Z

?ISBSYARMV7@Arm32Coder@DisassembleGeneric@@0QBEB

?Init@?$RegsTempl@I$0BA@@DisassembleGeneric@@QAEXXZ

?Init@?$RegsTempl@_K$0CB@@DisassembleGeneric@@QAEXXZ

?InvalidateTLBARMV7@Arm32Coder@DisassembleGeneric@@0QBEB

?MakeCacheClearAllARMV7@Arm32Coder@DisassembleGeneric@@SAXAAV?$vector@EV?$allocator@E@std@@@std@@@Z

?MakeCacheDisableMMUARMV7@Arm32Coder@DisassembleGeneric@@SAXAAV?$vector@EV?$allocator@E@std@@@std@@@Z

?MakeCacheEnableMMUARMV7@Arm32Coder@DisassembleGeneric@@SAXAAV?$vector@EV?$allocator@E@std@@@std@@@Z

?MakeCacheFlushInvalidateARMV7@Arm32Coder@DisassembleGeneric@@SAXAAV?$vector@EV?$allocator@E@std@@@std@@@Z

?MakeCacheInvalidateTLBARMV7@Arm32Coder@DisassembleGeneric@@SAXAAV?$vector@EV?$allocator@E@std@@@std@@@Z

?MakeCacheIsbSyARMV7@Arm32Coder@DisassembleGeneric@@SAXAAV?$vector@EV?$allocator@E@std@@@std@@@Z

?MakeDisableDCacheARMV7@Arm32Coder@DisassembleGeneric@@SAXAAV?$vector@EV?$allocator@E@std@@@std@@II@Z

?MakeEndStackFrame@Arm32Coder@DisassembleGeneric@@SAXAAV?$vector@EV?$allocator@E@std@@@std@@@Z

?MakeEndStackFrameNoReturn@Arm32Coder@DisassembleGeneric@@SAXAAV?$vector@EV?$allocator@E@std@@@std@@@Z

?MakeJumper@Arm32Coder@DisassembleGeneric@@SAXIAAV?$vector@EV?$allocator@E@std@@@std@@@Z

?MakeJumper@Arm64Coder@DisassembleGeneric@@SAX_KAAV?$vector@EV?$allocator@E@std@@@std@@@Z

?MakeJumper@ThumbCoder@DisassembleGeneric@@SAXIAAV?$vector@EV?$allocator@E@std@@@std@@@Z

?MakeJumperNotReturn@Arm32Coder@DisassembleGeneric@@SAXIAAV?$vector@EV?$allocator@E@std@@@std@@@Z

?MakeJumperRelative@Arm32Coder@DisassembleGeneric@@SAXH_NAAV?$vector@EV?$allocator@E@std@@@std@@@Z

?MakeJumperRelative@Arm64Coder@DisassembleGeneric@@SAXH_NAAV?$vector@EV?$allocator@E@std@@@std@@@Z

?MakeLdr@Arm32Coder@DisassembleGeneric@@SAXIHAAV?$vector@EV?$allocator@E@std@@@std@@@Z

?MakeLdr@Arm64Coder@DisassembleGeneric@@SAXIHAAV?$vector@EV?$allocator@E@std@@@std@@@Z

?MakeLdrBack@Arm32Coder@DisassembleGeneric@@SAXIHAAV?$vector@EV?$allocator@E@std@@@std@@@Z

?MakeLdrData@Arm32Coder@DisassembleGeneric@@SAXIIAAV?$vector@EV?$allocator@E@std@@@std@@@Z

?MakeLdrList@Arm32Coder@DisassembleGeneric@@SAXIABV?$vector@IV?$allocator@I@std@@@std@@AAV?$vector@EV?$allocator@E@std@@@4@@Z

?MakeLdrList@Arm64Coder@DisassembleGeneric@@SAXIABV?$vector@_KV?$allocator@_K@std@@@std@@AAV?$vector@EV?$allocator@E@std@@@4@@Z

?MakeLdrList@ThumbCoder@DisassembleGeneric@@SAXIABV?$vector@IV?$allocator@I@std@@@std@@AAV?$vector@EV?$allocator@E@std@@@4@@Z

?MakeMoveImmToReg@Arm64Coder@DisassembleGeneric@@SAXIIAAV?$vector@EV?$allocator@E@std@@@std@@@Z

?MakeNop@Arm64Coder@DisassembleGeneric@@SAXAAV?$vector@EV?$allocator@E@std@@@std@@@Z

?MakeParamHeader@Arm32Coder@DisassembleGeneric@@SAXABV?$vector@IV?$allocator@I@std@@@std@@AAV?$vector@EV?$allocator@E@std@@@4@@Z

?MakeParamHeader@Arm64Coder@DisassembleGeneric@@SAXABV?$vector@_KV?$allocator@_K@std@@@std@@AAV?$vector@EV?$allocator@E@std@@@4@@Z

?MakeParamHeader@ThumbCoder@DisassembleGeneric@@SAXABV?$vector@IV?$allocator@I@std@@@std@@AAV?$vector@EV?$allocator@E@std@@@4@@Z

?MakeRefreshCache@Arm64Coder@DisassembleGeneric@@SAXAAV?$vector@EV?$allocator@E@std@@@std@@@Z

?MakeRet@Arm64Coder@DisassembleGeneric@@SAXAAV?$vector@EV?$allocator@E@std@@@std@@@Z

?MakeSafeCall@Arm32Coder@DisassembleGeneric@@SAXAAV?$vector@EV?$allocator@E@std@@@std@@I@Z

?MakeSafeCallNoReturn@Arm32Coder@DisassembleGeneric@@SAXAAV?$vector@EV?$allocator@E@std@@@std@@I@Z

?MakeSaveArgsAndRet@Arm32Coder@DisassembleGeneric@@SAXAAV?$vector@EV?$allocator@E@std@@@std@@@Z

?MakeSmcCpuOff@Arm64Coder@DisassembleGeneric@@SAXAAV?$vector@EV?$allocator@E@std@@@std@@@Z

?MakeStackFrame@Arm32Coder@DisassembleGeneric@@SAXAAV?$vector@EV?$allocator@E@std@@@std@@@Z

?MakeStrVal@Arm64Coder@DisassembleGeneric@@SAX_K0AAV?$vector@EV?$allocator@E@std@@@std@@@Z

?MakeStrValToReg@Arm64Coder@DisassembleGeneric@@SAXI_KAAV?$vector@EV?$allocator@E@std@@@std@@@Z

?MakeThumbToARM@ThumbCoder@DisassembleGeneric@@SAXAAV?$vector@EV?$allocator@E@std@@@std@@@Z

?Ones@MovArm64@DisassembleGeneric@@CAII@Z

?Parse@AddHiRegisterThumb@DisassembleGeneric@@SA_NIAAV?$Machine@UThumb@DisassembleGeneric@@@2@AAUInstructionData@?$Instruction@UThumb@DisassembleGeneric@@@2@@Z

?Parse@AddInstArm32@DisassembleGeneric@@SA_NIAAV?$Machine@UArm32@DisassembleGeneric@@@2@AAUInstructionData@?$Instruction@UArm32@DisassembleGeneric@@@2@@Z

?Parse@AddInstArm64@DisassembleGeneric@@SA_N_KAAV?$Machine@UArm64@DisassembleGeneric@@@2@AAUInstructionData@?$Instruction@UArm64@DisassembleGeneric@@@2@@Z

?Parse@AddwThumb@DisassembleGeneric@@SA_NIAAV?$Machine@UThumb@DisassembleGeneric@@@2@AAUInstructionData@?$Instruction@UThumb@DisassembleGeneric@@@2@@Z

?Parse@AdrInstArm64@DisassembleGeneric@@SA_N_KAAV?$Machine@UArm64@DisassembleGeneric@@@2@AAUInstructionData@?$Instruction@UArm64@DisassembleGeneric@@@2@@Z

?Parse@AdrpInstArm64@DisassembleGeneric@@SA_N_KAAV?$Machine@UArm64@DisassembleGeneric@@@2@AAUInstructionData@?$Instruction@UArm64@DisassembleGeneric@@@2@@Z

?Parse@BranchArm32@DisassembleGeneric@@SA_NIAAV?$Machine@UArm32@DisassembleGeneric@@@2@AAUInstructionData@?$Instruction@UArm32@DisassembleGeneric@@@2@@Z

?Parse@BranchArm64@DisassembleGeneric@@SA_N_KAAV?$Machine@UArm64@DisassembleGeneric@@@2@AAUInstructionData@?$Instruction@UArm64@DisassembleGeneric@@@2@@Z

?Parse@BranchLinkThumb2@DisassembleGeneric@@SA_NIAAV?$Machine@UThumb@DisassembleGeneric@@@2@AAUInstructionData@?$Instruction@UThumb@DisassembleGeneric@@@2@@Z

?Parse@BranchLinkThumb@DisassembleGeneric@@SA_NIAAV?$Machine@UThumb@DisassembleGeneric@@@2@AAUInstructionData@?$Instruction@UThumb@DisassembleGeneric@@@2@@Z

?Parse@BranchRegArm32@DisassembleGeneric@@SA_NIAAV?$Machine@UArm32@DisassembleGeneric@@@2@AAUInstructionData@?$Instruction@UArm32@DisassembleGeneric@@@2@@Z

?Parse@BranchThumb@DisassembleGeneric@@SA_NIAAV?$Machine@UThumb@DisassembleGeneric@@@2@AAUInstructionData@?$Instruction@UThumb@DisassembleGeneric@@@2@@Z

?Parse@CmpInstArm32@DisassembleGeneric@@SA_NIAAV?$Machine@UArm32@DisassembleGeneric@@@2@AAUInstructionData@?$Instruction@UArm32@DisassembleGeneric@@@2@@Z

?Parse@FuncEndArm32@DisassembleGeneric@@SA_NIAAV?$Machine@UArm32@DisassembleGeneric@@@2@AAUInstructionData@?$Instruction@UArm32@DisassembleGeneric@@@2@@Z

?Parse@FuncEndThumb@DisassembleGeneric@@SA_NIAAV?$Machine@UThumb@DisassembleGeneric@@@2@AAUInstructionData@?$Instruction@UThumb@DisassembleGeneric@@@2@@Z

?Parse@FuncStartArm32@DisassembleGeneric@@SA_NIAAV?$Machine@UArm32@DisassembleGeneric@@@2@AAUInstructionData@?$Instruction@UArm32@DisassembleGeneric@@@2@@Z

?Parse@FuncStartArm64@DisassembleGeneric@@SA_N_KAAV?$Machine@UArm64@DisassembleGeneric@@@2@AAUInstructionData@?$Instruction@UArm64@DisassembleGeneric@@@2@@Z

?Parse@FuncStartArm64NoStrict@DisassembleGeneric@@SA_N_KAAV?$Machine@UArm64@DisassembleGeneric@@@2@AAUInstructionData@?$Instruction@UArm64@DisassembleGeneric@@@2@@Z

?Parse@FuncStartThumb@DisassembleGeneric@@SA_NIAAV?$Machine@UThumb@DisassembleGeneric@@@2@AAUInstructionData@?$Instruction@UThumb@DisassembleGeneric@@@2@@Z

?Parse@LdrInstArm32@DisassembleGeneric@@SA_NIAAV?$Machine@UArm32@DisassembleGeneric@@@2@AAUInstructionData@?$Instruction@UArm32@DisassembleGeneric@@@2@@Z

?Parse@LdrInstArm64@DisassembleGeneric@@SA_N_KAAV?$Machine@UArm64@DisassembleGeneric@@@2@AAUInstructionData@?$Instruction@UArm64@DisassembleGeneric@@@2@@Z

?Parse@LdrRelThumb@DisassembleGeneric@@SA_NIAAV?$Machine@UThumb@DisassembleGeneric@@@2@AAUInstructionData@?$Instruction@UThumb@DisassembleGeneric@@@2@@Z

?Parse@LdrStrInstArm64@DisassembleGeneric@@KA_N_KAAV?$Machine@UArm64@DisassembleGeneric@@@2@_NAAUInstructionData@?$Instruction@UArm64@DisassembleGeneric@@@2@@Z

?Parse@LdrThumb@DisassembleGeneric@@SA_NIAAV?$Machine@UThumb@DisassembleGeneric@@@2@AAUInstructionData@?$Instruction@UThumb@DisassembleGeneric@@@2@@Z

?Parse@Mov2Arm64@DisassembleGeneric@@SA_N_KAAV?$Machine@UArm64@DisassembleGeneric@@@2@AAUInstructionData@?$Instruction@UArm64@DisassembleGeneric@@@2@@Z

?Parse@Mov32Arm64@DisassembleGeneric@@SA_N_KAAV?$Machine@UArm64@DisassembleGeneric@@@2@AAUInstructionData@?$Instruction@UArm64@DisassembleGeneric@@@2@@Z

?Parse@MovArm64@DisassembleGeneric@@SA_N_KAAV?$Machine@UArm64@DisassembleGeneric@@@2@AAUInstructionData@?$Instruction@UArm64@DisassembleGeneric@@@2@@Z

?Parse@MovInstArm32@DisassembleGeneric@@SA_NIAAV?$Machine@UArm32@DisassembleGeneric@@@2@AAUInstructionData@?$Instruction@UArm32@DisassembleGeneric@@@2@@Z

?Parse@MovsThumb@DisassembleGeneric@@SA_NIAAV?$Machine@UThumb@DisassembleGeneric@@@2@AAUInstructionData@?$Instruction@UThumb@DisassembleGeneric@@@2@@Z

?Parse@MovtInstArm32@DisassembleGeneric@@SA_NIAAV?$Machine@UArm32@DisassembleGeneric@@@2@AAUInstructionData@?$Instruction@UArm32@DisassembleGeneric@@@2@@Z

?Parse@MovtThumb@DisassembleGeneric@@SA_NIAAV?$Machine@UThumb@DisassembleGeneric@@@2@AAUInstructionData@?$Instruction@UThumb@DisassembleGeneric@@@2@@Z

?Parse@RetArm64@DisassembleGeneric@@SA_N_KAAV?$Machine@UArm64@DisassembleGeneric@@@2@AAUInstructionData@?$Instruction@UArm64@DisassembleGeneric@@@2@@Z

?Parse@StrInstArm32@DisassembleGeneric@@SA_NIAAV?$Machine@UArm32@DisassembleGeneric@@@2@AAUInstructionData@?$Instruction@UArm32@DisassembleGeneric@@@2@@Z

?Parse@StrInstArm64@DisassembleGeneric@@SA_N_KAAV?$Machine@UArm64@DisassembleGeneric@@@2@AAUInstructionData@?$Instruction@UArm64@DisassembleGeneric@@@2@@Z

?Parse@StrThumb@DisassembleGeneric@@SA_NIAAV?$Machine@UThumb@DisassembleGeneric@@@2@AAUInstructionData@?$Instruction@UThumb@DisassembleGeneric@@@2@@Z

?Parse@SubInstArm64@DisassembleGeneric@@SA_N_KAAV?$Machine@UArm64@DisassembleGeneric@@@2@AAUInstructionData@?$Instruction@UArm64@DisassembleGeneric@@@2@@Z

?ParseAux@GenericDataInstArm32@DisassembleGeneric@@KA_NIAAV?$Machine@UArm32@DisassembleGeneric@@@2@PA_N_NAAUInstructionData@?$Instruction@UArm32@DisassembleGeneric@@@2@@Z

?ParseBranch@BranchArm32@DisassembleGeneric@@CA_NIIAAUInstructionData@?$Instruction@UArm32@DisassembleGeneric@@@2@@Z

?ParseCommon@MovArm64@DisassembleGeneric@@KA_N_KIAAV?$Machine@UArm64@DisassembleGeneric@@@2@AAUInstructionData@?$Instruction@UArm64@DisassembleGeneric@@@2@@Z

?ParseMov16@MovtInstArm32@DisassembleGeneric@@CA_NIIAAUInstructionData@?$Instruction@UArm32@DisassembleGeneric@@@2@@Z

?Replicate@MovArm64@DisassembleGeneric@@CA_KIII@Z

?Ror@MovArm64@DisassembleGeneric@@CAIIII@Z

?SaveArgsAndRet@Arm32Coder@DisassembleGeneric@@0QBEB

?SetData@?$Instruction@UArm32@DisassembleGeneric@@@DisassembleGeneric@@QAEXABUInstructionData@12@@Z

?SetData@?$Instruction@UArm64@DisassembleGeneric@@@DisassembleGeneric@@QAEXABUInstructionData@12@@Z

?SetData@?$Instruction@UThumb@DisassembleGeneric@@@DisassembleGeneric@@QAEXABUInstructionData@12@@Z

?SetToNull@?$Nullable@I@DisassembleGeneric@@QAEXXZ

?SetToNull@?$Nullable@_K@DisassembleGeneric@@QAEXXZ

?SetVal@?$Nullable@I@DisassembleGeneric@@QAEXABI@Z

?SetVal@?$Nullable@_K@DisassembleGeneric@@QAEXAB_K@Z

?SetValue@?$RegsTempl@I$0BA@@DisassembleGeneric@@QAEXII@Z

?SetValue@?$RegsTempl@_K$0CB@@DisassembleGeneric@@QAEXI_K@Z

?SwitchInstSet@ThumbCoder@DisassembleGeneric@@SAXAAV?$vector@EV?$allocator@E@std@@@std@@@Z

?TestSTP@FuncStartArm64@DisassembleGeneric@@KA_N_KAAV?$Machine@UArm64@DisassembleGeneric@@@2@@Z

?TestSTP@FuncStartArm64NoStrict@DisassembleGeneric@@KA_N_KAAV?$Machine@UArm64@DisassembleGeneric@@@2@@Z

?TestSubSP@FuncStartArm64@DisassembleGeneric@@KA_N_KAAV?$Machine@UArm64@DisassembleGeneric@@@2@@Z

?TestSubSP@FuncStartArm64NoStrict@DisassembleGeneric@@KA_N_KAAV?$Machine@UArm64@DisassembleGeneric@@@2@@Z

?ThumbExpandImm@AddwThumb@DisassembleGeneric@@CAII@Z

Sections

Size: 12KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

Size: 7KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

Size: 512B - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_DISCARDABLE

IMAGE_SCN_MEM_READ

.edata
Size: 35KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 3.5MB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.boot
Size: 2.2MB - Virtual size: 2.2MB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

Copy to UFED4PC 7.60 Installation directory (Data file)/ufed copy to location DLL/AndroidDeviceDecrypt.dll

.dll windows:6 windows x86 arch:x86

Code Sign

03:a3:43:19:c7:07:88:13:c1:21:d6:74:4a:ba:05:7e
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

27/12/2020, 00:00

Not After

03/01/2024, 23:59

Subject

CN=Cellebrite DI LTD,O=Cellebrite DI LTD,L=Petah Tikva,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign

KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23/12/2017, 00:00

Not After

22/03/2029, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

e3:59:9f:d3:ab:4a:87:f2:a1:56:f5:e6:cd:46:81:c6:77:7a:08:97:5f:c7:6e:44:41:ff:aa:c1:4b:19:a9:3b
Signer

Actual PE Digest

e3:59:9f:d3:ab:4a:87:f2:a1:56:f5:e6:cd:46:81:c6:77:7a:08:97:5f:c7:6e:44:41:ff:aa:c1:4b:19:a9:3b

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_32BIT_MACHINE

IMAGE_FILE_DLL

Exports

??0Analayzer@@QAE@ABV0@@Z

??0AndroidDeviceDecrypt@@QAE@AAVCLowLevel@@PAVAndroidDumper@@PAVCClientKnockout@@PAVIDumperRestart@@@Z

??0AndroidFridaCoreInterface@@QAE@V?$unique_ptr@VIFridaCoreProivder@@U?$default_delete@VIFridaCoreProivder@@@std@@@std@@AAVCLowLevel@@AAVAndroidDumper@@V?$unique_ptr@VIFridaCoreCommandHandler@@U?$default_delete@VIFridaCoreCommandHandler@@@std@@@2@@Z

??0CFileRead@@QAE@ABV0@@Z

??0CFileRead@@QAE@PBGI@Z

??0CFileWrite@@QAE@ABV0@@Z

??0CsvFile@@QAE@ABV0@@Z

??0FridaCoreEprProivder@@QAE@$$QAV0@@Z

??0FridaScriptResult@@QAE@$$QAU0@@Z

??0FridaScriptResult@@QAE@ABU0@@Z

??0FridaScriptResult@@QAE@XZ

??0FridaTarget@@QAE@$$QAU0@@Z

??0FridaTarget@@QAE@ABU0@@Z

??0FridaTarget@@QAE@XZ

??0IDumpLister@@QAE@$$QAV0@@Z

??0IDumpLister@@QAE@ABV0@@Z

??0IDumpLister@@QAE@XZ

??0IFileRead@@QAE@ABV0@@Z

??0IFileRead@@QAE@XZ

??0IFridaCoreProivder@@QAE@ABV0@@Z

??0IFridaCoreProivder@@QAE@XZ

??0PythonClass@@QAE@ABV0@@Z

??0Regs@@QAE@ABV0@@Z

??0ResultHandler@@QAE@ABV0@@Z

??0SearchParams@@QAE@ABV0@@Z

??0Segment@@QAE@ABV0@@Z

??1Analayzer@@UAE@XZ

??1AndroidDeviceDecrypt@@QAE@XZ

??1AndroidFridaCoreInterface@@UAE@XZ

??1CFileRead@@UAE@XZ

??1FridaCoreEprProivder@@UAE@XZ

??1FridaScriptResult@@QAE@XZ

??1FridaTarget@@QAE@XZ

??1IFileRead@@UAE@XZ

??1IFridaCoreDeviceInterface@@UAE@XZ

??1IFridaCoreProivder@@UAE@XZ

??1ResultHandler@@UAE@XZ

??1SearchParams@@UAE@XZ

??1Segment@@UAE@XZ

??4Analayzer@@QAEAAV0@ABV0@@Z

??4CFileRead@@QAEAAV0@ABV0@@Z

??4CFileWrite@@QAEAAV0@ABV0@@Z

??4CTimestampUtil@@QAEAAV0@$$QAV0@@Z

??4CTimestampUtil@@QAEAAV0@ABV0@@Z

??4CsvFile@@QAEAAV0@ABV0@@Z

??4FridaCoreExecutor@@QAEAAV0@$$QAV0@@Z

??4FridaCoreExecutor@@QAEAAV0@ABV0@@Z

??4FridaTarget@@QAEAAU0@$$QAU0@@Z

??4FridaTarget@@QAEAAU0@ABU0@@Z

??4IDumpLister@@QAEAAV0@$$QAV0@@Z

??4IDumpLister@@QAEAAV0@ABV0@@Z

??4IFileRead@@QAEAAV0@ABV0@@Z

??4IFridaCoreProivder@@QAEAAV0@ABV0@@Z

??4PyInterpeter@@QAEAAV0@ABV0@@Z

??4PythonClass@@QAEAAV0@ABV0@@Z

??4Regs@@QAEAAV0@ABV0@@Z

??4ResultHandler@@QAEAAV0@ABV0@@Z

??4SearchParams@@QAEAAV0@ABV0@@Z

??4Segment@@QAEAAV0@ABV0@@Z

??_7Analayzer@@6B@

??_7AndroidDeviceDecrypt@@6B@

??_7AndroidFridaCoreInterface@@6B@

??_7CFileRead@@6B@

??_7CFileWrite@@6B@

??_7CsvFile@@6B@

??_7FridaCoreEprProivder@@6B@

??_7IDumpLister@@6B@

??_7IFileRead@@6B@

??_7IFridaCoreProivder@@6B@

??_7PythonClass@@6B@

??_7Regs@@6B@

??_7ResultHandler@@6B@

??_7SearchParams@@6B@

??_7Segment@@6B@

?AbortAutoUnlock@AndroidDeviceDecrypt@@QAEXXZ

?BFUFlow@AndroidDeviceDecrypt@@IAE_NXZ

?CheckAndSetupAdb@AndroidFridaCoreInterface@@AAEXXZ

?CheckAndSetupDumper@AndroidFridaCoreInterface@@AAEXXZ

?Cleanup@AndroidFridaCoreInterface@@UAEXXZ

?Close@CFileRead@@QAEXXZ

?CloseDumpListFile@CDumpListerFacade@@UAE?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@XZ

?DecryptUserData@AndroidDeviceDecrypt@@UAE_N_N0@Z

?DoesTargetPackageExists@AndroidFridaCoreInterface@@EAE_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z

?FetchFileListFromAllIncludes@CDumpListerFacade@@UAE_NXZ

?FetchFilesList@CDumpListerFacade@@UAE_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z

?FetchMoreFilesAndDirsToLists@CDumpListerFacade@@UAE_NAAH0@Z

?GetAppUid@AndroidFridaCoreInterface@@AAEHABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z

?GetArchitecture@AndroidFridaCoreInterface@@EAE?AW4Arch@IFridaCoreProivder@@XZ

?GetBrand@AndroidFridaCoreInterface@@AAE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ

?GetDevicePacakges@AndroidFridaCoreInterface@@CA?AV?$vector@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V?$allocator@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@@std@@AAVCLowLevel@@@Z

?GetFileSize@CFileRead@@KA_JPAU_iobuf@@@Z

?GetManufacturer@AndroidFridaCoreInterface@@AAE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ

?GetNextPath@CDumpListerFacade@@UAE?AUPathInfo@IDumpLister@@XZ

?GetNumberOfFiles@CDumpListerFacade@@UAEIXZ

?GetPasswordFromUser@AndroidDeviceDecrypt@@IAE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ

?GetStatusCountersVector@CDumpListerFacade@@UAE?AV?$vector@IV?$allocator@I@std@@@std@@XZ

?GetTempPathW@CDumpListerFacade@@UAE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ

?GetTotalFilesCount@CDumpListerFacade@@UAE_NAA_K@Z

?GetTotalFilesSize@CDumpListerFacade@@UAE_NAA_K@Z

?GetVendor@AndroidFridaCoreInterface@@EAE?AW4Vendor@IFridaCoreVendor@@XZ

?InitializeObjects@AndroidDeviceDecrypt@@MAEXXZ

?IsDeviceFBE@AndroidDeviceDecrypt@@UAE_NXZ

?IsEncrypted@AndroidDeviceDecrypt@@UAE_NXZ

?IsOpen@CFileRead@@UAE_NXZ

?KillApp@AndroidFridaCoreInterface@@EAEXABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z

?KillPidsByCmdline@AndroidFridaCoreInterface@@AAEXABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z

?KillPidsByCmdlineNoThrow@AndroidFridaCoreInterface@@AAEXABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z

?ListingEnded@CDumpListerFacade@@UAE_NXZ

?ManualUnlockFlow@AndroidDeviceDecrypt@@IAE_NXZ

?PatchSeTargetPolicy@AndroidFridaCoreInterface@@AAEXABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@W4Vendor@IFridaCoreVendor@@@Z

?PatchTriggerSetupScript@AndroidFridaCoreInterface@@AAEXAAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@H@Z

?Pos64@CFileRead@@UAE_JXZ

?Pos@CFileRead@@QAEIXZ

?PostFailureCleanup@AndroidFridaCoreInterface@@EAEXABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z

?Read@CFileRead@@UAE_NPAEI@Z

?RecoverFromDecrypt@AndroidDeviceDecrypt@@UAE_NH@Z

?ResetFilesAndDirsList@CDumpListerFacade@@UAEXXZ

?RestartDumperIfNeeded@AndroidDeviceDecrypt@@IAEXXZ

?RunBFFlow@AndroidDeviceDecrypt@@IAE_NXZ

?RunFridaScriptImpl@AndroidFridaCoreInterface@@EAE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@ABV23@ABUFridaTarget@@@Z

?RunPsWithGrep@AndroidFridaCoreInterface@@AAE?AV?$optional@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@std@@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@3@@Z

?RunResumBFFlow@AndroidDeviceDecrypt@@IAE_NXZ

?Seek@CFileRead@@QAE_NI@Z

?SetApplicationMessageCallback@CDumpListerFacade@@UAEXV?$function@$$A6AXVCStringArg@@V?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@_KI@Z@std@@@Z

?SetApplicationMessageCallback@IDumpLister@@UAEXV?$function@$$A6AXVCStringArg@@V?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@_KI@Z@std@@@Z

?SetFileMetaDataCallback@CDumpListerFacade@@UAEXV?$function@$$A6A?AUFileMetaData@IDumpLister@@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z@std@@@Z

?SetFileMetaDataCallback@IDumpLister@@UAEXV?$function@$$A6A?AUFileMetaData@IDumpLister@@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z@std@@@Z

?SetFileStatus@CDumpListerFacade@@UAEXABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@W4FileStatus@IDumpLister@@PAU_DWE_file_data@@PAUFileMetaData@5@@Z

?SetFolderList@CDumpListerFacade@@UAEXAAVCFoldersInfo@@@Z

?SetFolderList@IDumpLister@@UAEXAAVCFoldersInfo@@@Z

?SetFolderNotificationCallback@CDumpListerFacade@@UAEXV?$function@$$A6AXABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z@std@@@Z

?SetFolderNotificationCallback@IDumpLister@@UAEXV?$function@$$A6AXABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z@std@@@Z

?SetPassword@AndroidDeviceDecrypt@@UAEXV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z

?SetTarget@CDumpListerFacade@@UAEXPAUIDumperTargetCallback@@@Z

?SetTarget@IDumpLister@@UAEXPAUIDumperTargetCallback@@@Z

?Size64@CFileRead@@UAE_JXZ

?Size@CFileRead@@QAEIXZ

?StartFetchFilesAndDirectoriesLists@CDumpListerFacade@@UAE_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@_N@Z

?TriggerAppCmd@AndroidFridaCoreInterface@@EAE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@ABUFridaTarget@@@Z

?TriggerAppRetrySetup@AndroidFridaCoreInterface@@AAEXH@Z

?UnlockFlow@AndroidDeviceDecrypt@@IAE_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z

?UpdateFilesCount@CDumpListerFacade@@UAE_NXZ

?UploadAndTrackFile@AndroidFridaCoreInterface@@AAE_NPBEIABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z

?UploadFiles@AndroidFridaCoreInterface@@EAE_NXZ

?UploadFridaScript@AndroidFridaCoreInterface@@EAE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@ABUFridaTarget@@@Z

?UserAbortedFlow@AndroidDeviceDecrypt@@IAE_NXZ

?UserUnlockFlow@AndroidDeviceDecrypt@@IAE_NXZ

?__autoclassinit2@CConditionVariable@@QAEXI@Z

?__autoclassinit2@CFileRead@@QAEXI@Z

?checkFDEIsNowEncrypted@AndroidDeviceDecrypt@@IAE_NXZ

?getDimentions@AndroidDeviceDecrypt@@MAE?AU?$pair@HH@std@@XZ

?getUserSelection@AndroidDeviceDecrypt@@IAE?AV?$function@$$A6A_NXZ@std@@_N0@Z

?getUserSelectionText@AndroidDeviceDecrypt@@IAE?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@_N0@Z

?isBFAvailable@AndroidDeviceDecrypt@@IAE_NXZ

?isScreenOn@AndroidDeviceDecrypt@@MAE_NXZ

?unlockDevice@AndroidDeviceDecrypt@@MAE_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z

?unlockScreen@AndroidDeviceDecrypt@@MAE_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z

Sections

Size: 219KB - Virtual size: 671KB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

Size: 67KB - Virtual size: 159KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

Size: 2KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

Size: 21KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_DISCARDABLE

IMAGE_SCN_MEM_READ

.edata
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.idata
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 3.9MB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.boot
Size: 2.5MB - Virtual size: 2.5MB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

.reloc
Size: 16B - Virtual size: 4KB

IMAGE_SCN_MEM_READ

Copy to UFED4PC 7.60 Installation directory (Data file)/ufed copy to location DLL/AndroidLib.dll

.dll windows:6 windows x86 arch:x86

Code Sign

03:a3:43:19:c7:07:88:13:c1:21:d6:74:4a:ba:05:7e
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

27/12/2020, 00:00

Not After

03/01/2024, 23:59

Subject

CN=Cellebrite DI LTD,O=Cellebrite DI LTD,L=Petah Tikva,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign

KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23/12/2017, 00:00

Not After

22/03/2029, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:cc:95:d1:dd:93:74:60:0c:c7:58:2e:10:88:15:39:86:9c:32:11:a9:e1:a7:b4:01:a7:59:06:46:70:8a:f1
Signer

Actual PE Digest

01:cc:95:d1:dd:93:74:60:0c:c7:58:2e:10:88:15:39:86:9c:32:11:a9:e1:a7:b4:01:a7:59:06:46:70:8a:f1

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_32BIT_MACHINE

IMAGE_FILE_DLL

Exports

?$class@xml_node_uix@@QBE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ

??0ADBAuth@@QAE@ABV0@@Z

??0ADBAuth@@QAE@XZ

??0ADBAuthException@@QAE@$$QAV0@@Z

??0ADBAuthException@@QAE@ABV0@@Z

??0ADBAuthException@@QAE@PBD@Z

??0ADBClient@@QAE@AAUIUSBDevice@@_N@Z

??0ADBClient@@QAE@ABV0@@Z

??0ADBClientAuthException@@QAE@$$QAV0@@Z

??0ADBClientAuthException@@QAE@ABV0@@Z

??0ADBClientAuthException@@QAE@PBD@Z

??0ADBClientAuthTimeoutException@@QAE@$$QAV0@@Z

??0ADBClientAuthTimeoutException@@QAE@ABV0@@Z

??0ADBClientAuthTimeoutException@@QAE@PBD@Z

??0ADBClientException@@QAE@$$QAV0@@Z

??0ADBClientException@@QAE@ABV0@@Z

??0ADBClientException@@QAE@PBD@Z

??0ADBClientFactory@@QAE@$$QAV0@@Z

??0ADBClientFactory@@QAE@ABV0@@Z

??0ADBClientFactory@@QAE@XZ

??0ADBFileRam@@QAE@$$QAV0@@Z

??0ADBFileRam@@QAE@ABV0@@Z

??0ADBFileRam@@QAE@PAEI@Z

??0ADBMessage@@QAE@$$QAV0@@Z

??0ADBMessage@@QAE@ABV0@@Z

??0ADBMessage@@QAE@W4ADBCommand@0@II@Z

??0ADBMessage@@QAE@W4ADBCommand@0@IIABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z

??0ADBMessage@@QAE@XZ

??0ADBShell@@QAE@AAUIADBClient@@_N@Z

??0ADBShell@@QAE@ABV0@@Z

??0ADBShellFactory@@QAE@$$QAV0@@Z

??0ADBShellFactory@@QAE@ABV0@@Z

??0ADBShellFactory@@QAE@XZ

??0ADBShellSafe@@QAE@_N@Z

??0ADBSync@@QAE@AAUIADBClient@@PAUADBSyncProgress@@@Z

??0ADBSync@@QAE@ABV0@@Z

??0ADBSyncException@@QAE@$$QAV0@@Z

??0ADBSyncException@@QAE@ABV0@@Z

??0ADBSyncException@@QAE@PBD@Z

??0ADBSyncFactory@@QAE@$$QAV0@@Z

??0ADBSyncFactory@@QAE@ABV0@@Z

??0ADBSyncFactory@@QAE@XZ

??0ADBSyncMessage@@QAE@$$QAV0@@Z

??0ADBSyncMessage@@QAE@ABV0@@Z

??0ADBSyncMessage@@QAE@W4ADBSyncCommand@0@@Z

??0ADBSyncMessage@@QAE@W4ADBSyncCommand@0@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z

??0ADBSyncMessage@@QAE@W4ADBSyncCommand@0@ABV?$vector@EV?$allocator@E@std@@@std@@@Z

??0ADBSyncMessage@@QAE@W4ADBSyncCommand@0@PBEI@Z

??0ADBSyncProgress@@QAE@ABU0@@Z

??0ADBSyncProgress@@QAE@XZ

??0ADBSyncSafe@@QAE@_N@Z

??0ADBWindowsIOFileTarget@@QAE@ABV0@@Z

??0ADBWindowsIOFileTarget@@QAE@ABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@@Z

??0AOARequests@@QAE@AAUIBaseLink@@HKK@Z

??0AOARequests@@QAE@ABV0@@Z

??0AccountInfoEntry@@QAE@$$QAU0@@Z

??0AccountInfoEntry@@QAE@ABU0@@Z

??0AccountInfoEntry@@QAE@XZ

??0AccountInfoReaderBase@@IAE@AAVADBClient@@K_N@Z

??0AccountInfoReaderBase@@QAE@ABV0@@Z

??0AccountInfoReaderException@@QAE@$$QAV0@@Z

??0AccountInfoReaderException@@QAE@ABV0@@Z

??0AccountInfoReaderException@@QAE@PBD@Z

??0AndroidHelper@@QAE@AAVADBClient@@@Z

??0AndroidHelper@@QAE@ABV0@@Z

??0Attributes@XmlBuilder@@QAE@$$QAV01@@Z

??0Attributes@XmlBuilder@@QAE@ABV01@@Z

??0Attributes@XmlBuilder@@QAE@XZ

??0BinWrite@@QAE@PAEI@Z

??0BrowserBkHistData@@QAE@$$QAV0@@Z

??0BrowserBkHistData@@QAE@ABV0@@Z

??0BrowserBkHistData@@QAE@PBEI@Z

??0BrowserBkHistData@@QAE@XZ

??0BrowserDataReaderBase@@IAE@AAVADBClient@@W4EMode@IBrowserDataReader@@@Z

??0BrowserDataReaderBase@@QAE@ABV0@@Z

??0BrowserDataReaderException@@QAE@$$QAV0@@Z

??0BrowserDataReaderException@@QAE@ABV0@@Z

??0BrowserDataReaderException@@QAE@PBD@Z

??0BrowserDataWriterBase@@IAE@AAVADBClient@@@Z

??0BrowserDataWriterBase@@QAE@ABV0@@Z

??0BrowserDataWriterException@@QAE@$$QAV0@@Z

??0BrowserDataWriterException@@QAE@ABV0@@Z

??0BrowserDataWriterException@@QAE@PBD@Z

??0BrowserSearchData@@QAE@$$QAV0@@Z

??0BrowserSearchData@@QAE@ABV0@@Z

??0BrowserSearchData@@QAE@PBEI@Z

??0BrowserSearchData@@QAE@XZ

??0ByteArray@@QAE@I@Z

??0ByteArray@@QAE@PBEI@Z

??0CAndroidPhoneInfo@@QAE@$$QAV0@@Z

??0CAndroidPhoneInfo@@QAE@ABV0@@Z

??0CAndroidPhoneInfo@@QAE@XZ

??0CAndroidStorageHelper@@QAE@ABV0@@Z

??0CAndroidStorageHelper@@QAE@XZ

??0CDumpLister@@QAE@PAVINandreadDumper@@AAVCLowLevel@@V?$CSimpleSmPtr@UIMixPanelHandlerNative@@@@@Z

??0CDumpListerDB@@QAE@PAVINandreadDumper@@AAVCLowLevel@@V?$CSimpleSmPtr@UIMixPanelHandlerNative@@@@@Z

??0CDumpListerDWE@@QAE@PAVINandreadDumper@@AAVCLowLevel@@V?$CSimpleSmPtr@UIMixPanelHandlerNative@@@@@Z

??0CDumpListerFacade@@QAE@PAVINandreadDumper@@AAVCLowLevel@@AAVCModuleInfo@@V?$CSimpleSmPtr@UIMixPanelHandlerNative@@@@@Z

??0CFSPackgeNamesHelper@@QAE@ABV0@@Z

??0CFSPackgeNamesHelper@@QAE@XZ

??0CFastBoot@@QAE@ABV0@@Z

??0CFastBoot@@QAE@PAUIBaseLink@@PAVCTransferIndicator@@@Z

??0CFastBootProtocol@@QAE@ABV0@@Z

??0CFastBootProtocol@@QAE@PAUIBaseLink@@PAVCTransferIndicator@@@Z

??0CFileWrite@@QAE@ABV0@@Z

??0CLowLevel@@QAE@AAVCRamLogger@@_N@Z

??0CTcpIP_Framer@@QAE@ABV0@@Z

??0CTcpIP_Framer@@QAE@PAUIBaseLink@@@Z

??0CTimestampUtil@@QAE@W4eEpoch@0@W4eTimeUnit@0@@Z

??0CalEntry@@QAE@ABV0@@Z

??0CalEntry@@QAE@PBEI@Z

??0CalEntry@@QAE@XZ

??0CalReaderBase@@IAE@AAVADBClient@@@Z

??0CalReaderBase@@QAE@ABV0@@Z

??0CalReaderException@@QAE@$$QAV0@@Z

??0CalReaderException@@QAE@ABV0@@Z

??0CalReaderException@@QAE@PBD@Z

??0CalWriterBase@@IAE@AAVADBClient@@@Z

??0CalWriterBase@@QAE@ABV0@@Z

??0CalWriterException@@QAE@ABV0@@Z

??0CalWriterException@@QAE@PBD@Z

??0CalWriterNoAccountsException@@QAE@ABV0@@Z

??0CalWriterNoAccountsException@@QAE@PBD@Z

??0CallLogEntry@@QAE@ABV0@@Z

??0CallLogEntry@@QAE@PBEI@Z

??0CallLogEntry@@QAE@XZ

??0CallLogsReaderBase@@IAE@AAVADBClient@@@Z

??0CallLogsReaderBase@@QAE@ABV0@@Z

??0CallLogsReaderException@@QAE@$$QAV0@@Z

??0CallLogsReaderException@@QAE@ABV0@@Z

??0CallLogsReaderException@@QAE@PBD@Z

??0CsvFile@@QAE@ABV0@@Z

??0CsvFile@@QAE@ABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@@Z

??0CsvFile@@QAE@PBEI@Z

??0DeviceManager@@QAE@ABV0@@Z

??0DeviceManager@@QAE@XZ

??0DeviceManagerFactory@@QAE@$$QAU0@@Z

??0DeviceManagerFactory@@QAE@ABU0@@Z

??0DeviceManagerFactory@@QAE@XZ

??0DeviceScreen@@QAE@ABV0@@Z

??0DeviceScreen@@QAE@XZ

??0DeviceScreenFactory@@QAE@$$QAU0@@Z

??0DeviceScreenFactory@@QAE@ABU0@@Z

??0DeviceScreenFactory@@QAE@XZ

??0FileInfo@@QAE@ABV0@@Z

??0FileInfo@@QAE@PBEI@Z

??0FileInfo@@QAE@XZ

??0FileInputStream@@QAE@ABV0@@Z

??0FileInputStream@@QAE@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@_N@Z

??0FileInputStream@@QAE@V?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@_N@Z

??0FileOutputStream@@QAE@ABV0@@Z

??0FileOutputStream@@QAE@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@_NPAVCTransferIndicator@@@Z

??0FileOutputStream@@QAE@V?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@_NPAVCTransferIndicator@@@Z

??0IAccountInfoReader@@QAE@ABU0@@Z

??0IAccountInfoReader@@QAE@XZ

??0IBrowserDataReader@@QAE@ABU0@@Z

??0IBrowserDataReader@@QAE@XZ

??0IBrowserDataWriter@@QAE@ABU0@@Z

??0IBrowserDataWriter@@QAE@XZ

??0ICalReader@@QAE@ABU0@@Z

??0ICalReader@@QAE@XZ

??0ICalWriter@@QAE@ABU0@@Z

??0ICalWriter@@QAE@XZ

??0ICallLogsReader@@QAE@ABU0@@Z

??0ICallLogsReader@@QAE@XZ

??0IDumpLister@@QAE@$$QAV0@@Z

??0IDumpLister@@QAE@ABV0@@Z

??0IDumpLister@@QAE@XZ

??0IMMSReader@@QAE@ABU0@@Z

??0IMMSReader@@QAE@XZ

??0IMMSWriter@@QAE@ABU0@@Z

??0IMMSWriter@@QAE@XZ

??0IMMStatusReader@@QAE@ABU0@@Z

??0IMMStatusReader@@QAE@XZ

??0ISMSReader@@QAE@ABU0@@Z

??0ISMSReader@@QAE@XZ

??0ISMSWriter@@QAE@ABU0@@Z

??0ISMSWriter@@QAE@XZ

??0ITPConnectRefusedException@@QAE@$$QAV0@@Z

??0ITPConnectRefusedException@@QAE@ABV0@@Z

??0ITPConnectRefusedException@@QAE@PBD@Z

??0ITPConnectTimeoutException@@QAE@$$QAV0@@Z

??0ITPConnectTimeoutException@@QAE@ABV0@@Z

??0ITPConnectTimeoutException@@QAE@PBD@Z

??0ITPConnectionClosedException@@QAE@$$QAV0@@Z

??0ITPConnectionClosedException@@QAE@ABV0@@Z

??0ITPConnectionClosedException@@QAE@PBD@Z

??0ITPException@@QAE@$$QAV0@@Z

??0ITPException@@QAE@ABV0@@Z

??0ITPException@@QAE@PBD@Z

??0ITPSocketNotReadyException@@QAE@$$QAV0@@Z

??0ITPSocketNotReadyException@@QAE@ABV0@@Z

??0ITPSocketNotReadyException@@QAE@PBD@Z

??0InitSyncRequestMessage@@QAE@ABV0@@Z

??0InitSyncRequestMessage@@QAE@XZ

??0InitSyncResponseMessage@@QAE@$$QAV0@@Z

??0InitSyncResponseMessage@@QAE@ABV0@@Z

??0InitSyncResponseMessage@@QAE@XZ

??0InputStream@@QAE@ABV0@@Z

??0InputStream@@QAE@XZ

??0Locale@@QAE@$$QAV0@@Z

??0Locale@@QAE@ABV0@@Z

??0Locale@@QAE@XZ

??0MMSMetaData@@QAE@$$QAV0@@Z

??0MMSMetaData@@QAE@ABV0@@Z

??0MMSMetaData@@QAE@PBEI@Z

??0MMSMetaData@@QAE@XZ

??0MMSPartHeader@@QAE@$$QAV0@@Z

??0MMSPartHeader@@QAE@ABV0@@Z

??0MMSPartHeader@@QAE@PBEI@Z

??0MMSPartHeader@@QAE@XZ

??0MMSReaderBase@@IAE@AAVADBClient@@@Z

??0MMSReaderBase@@QAE@ABV0@@Z

??0MMSReaderException@@QAE@$$QAV0@@Z

??0MMSReaderException@@QAE@ABV0@@Z

??0MMSReaderException@@QAE@PBD@Z

??0MMSWriterBase@@IAE@AAVADBClient@@@Z

??0MMSWriterBase@@QAE@ABV0@@Z

??0MMSWriterException@@QAE@$$QAV0@@Z

??0MMSWriterException@@QAE@ABV0@@Z

??0MMSWriterException@@QAE@PBD@Z

??0MMStatusReaderBase@@IAE@AAVADBClient@@@Z

??0MMStatusReaderBase@@QAE@ABV0@@Z

??0MMStatusReaderException@@QAE@$$QAV0@@Z

??0MMStatusReaderException@@QAE@ABV0@@Z

??0MMStatusReaderException@@QAE@PBD@Z

??0MsgDefaultAppHandler@@QAE@ABU0@@Z

??0MsgDefaultAppHandler@@QAE@XZ

??0MsgDefaultAppImpl@@QAE@ABU0@@Z

??0MsgDefaultAppImpl@@QAE@XZ

??0NandShellClient@@QAE@AAVUSBDevice@@K@Z

??0NandShellClient@@QAE@ABV0@@Z

??0OutOfSpaceException@CLowLevel@@QAE@$$QAV01@@Z

??0OutOfSpaceException@CLowLevel@@QAE@ABV01@@Z

??0OutOfSpaceException@CLowLevel@@QAE@PBD@Z

??0OutputStream@@QAE@ABV0@@Z

??0OutputStream@@QAE@XZ

??0PhoneInfo@@QAE@$$QAU0@@Z

??0PhoneInfo@@QAE@ABU0@@Z

??0PhoneInfo@@QAE@XZ

??0PhoneInfoCsv@@QAE@ABV0@@Z

??0PhoneInfoCsv@@QAE@XZ

??0PhoneInfoEntry@@QAE@ABV0@@Z

??0PhoneInfoEntry@@QAE@PBEI@Z

??0PhoneInfoEntry@@QAE@XZ

??0RebootTimeOutException@@QAE@$$QAV0@@Z

??0RebootTimeOutException@@QAE@ABV0@@Z

??0RebootTimeOutException@@QAE@PBD@Z

??0SMSMessage@@QAE@ABV0@@Z

??0SMSMessage@@QAE@PBEI@Z

??0SMSMessage@@QAE@XZ

??0SMSReaderBase@@IAE@AAVADBClient@@K@Z

??0SMSReaderBase@@QAE@ABV0@@Z

??0SMSReaderException@@QAE@$$QAV0@@Z

??0SMSReaderException@@QAE@ABV0@@Z

??0SMSReaderException@@QAE@PBD@Z

??0SMSWriterBase@@IAE@AAVADBClient@@K@Z

??0SMSWriterBase@@QAE@ABV0@@Z

??0StorageSize_t@@QAE@ABV0@@Z

??0StorageSize_t@@QAE@NW4SizeType@0@@Z

??0StorageSize_t@@QAE@U?$pair@NW4SizeType@StorageSize_t@@@std@@@Z

??0StorageSize_t@@QAE@XZ

??0SyncStatusResponseMessage@@QAE@$$QAV0@@Z

??0SyncStatusResponseMessage@@QAE@ABV0@@Z

??0SyncStatusResponseMessage@@QAE@XZ

??0Timezone@@QAE@$$QAV0@@Z

??0Timezone@@QAE@ABV0@@Z

??0Timezone@@QAE@XZ

??0USBBadImageException@@QAE@$$QAV0@@Z

??0USBBadImageException@@QAE@ABV0@@Z

??0USBBadImageException@@QAE@PBD@Z

??0USBDevice@@QAE@XZ

??0USBDeviceEnabler@@IAE@XZ

??0USBDeviceFactory@@QAE@$$QAV0@@Z

??0USBDeviceFactory@@QAE@ABV0@@Z

??0USBDeviceFactory@@QAE@XZ

??0XmlBuilder@@QAE@ABV0@@Z

??0XmlBuilder@@QAE@I@Z

??0xml_node_uix@@IAE@PAUxml_node_struct@pugi@@@Z

??0xml_node_uix@@QAE@ABVxml_node@pugi@@@Z

??0xml_node_uix@@QAE@XZ

??1ADBAuth@@UAE@XZ

??1ADBAuthException@@UAE@XZ

??1ADBClient@@UAE@XZ

??1ADBClientAuthException@@UAE@XZ

??1ADBClientAuthTimeoutException@@UAE@XZ

??1ADBClientException@@UAE@XZ

??1ADBClientFactory@@UAE@XZ

??1ADBFileRam@@UAE@XZ

??1ADBMessage@@QAE@XZ

??1ADBShell@@UAE@XZ

??1ADBShellFactory@@UAE@XZ

??1ADBShellSafe@@UAE@XZ

??1ADBSync@@UAE@XZ

??1ADBSyncException@@UAE@XZ

??1ADBSyncFactory@@UAE@XZ

??1ADBSyncMessage@@QAE@XZ

??1ADBSyncProgress@@UAE@XZ

??1ADBSyncSafe@@UAE@XZ

??1ADBWindowsIOFileTarget@@UAE@XZ

??1AOARequests@@UAE@XZ

??1AccountInfoEntry@@QAE@XZ

??1AccountInfoReaderBase@@MAE@XZ

??1AccountInfoReaderException@@UAE@XZ

??1AndroidHelper@@UAE@XZ

??1Attributes@XmlBuilder@@QAE@XZ

??1BinWrite@@QAE@XZ

??1BrowserBkHistData@@QAE@XZ

??1BrowserDataReaderBase@@MAE@XZ

??1BrowserDataReaderException@@UAE@XZ

??1BrowserDataWriterBase@@MAE@XZ

??1BrowserDataWriterException@@UAE@XZ

??1BrowserSearchData@@QAE@XZ

??1ByteArray@@QAE@XZ

??1CAndroidPhoneInfo@@QAE@XZ

??1CAndroidStorageHelper@@QAE@XZ

??1CDumpLister@@UAE@XZ

??1CDumpListerDB@@UAE@XZ

??1CDumpListerDWE@@UAE@XZ

??1CDumpListerFacade@@UAE@XZ

??1CFSPackgeNamesHelper@@QAE@XZ

??1CFastBoot@@UAE@XZ

??1CFastBootProtocol@@UAE@XZ

??1CLowLevel@@UAE@XZ

??1CTcpIP_Framer@@UAE@XZ

??1CalEntry@@UAE@XZ

??1CalReaderBase@@MAE@XZ

??1CalReaderException@@UAE@XZ

??1CalWriterBase@@MAE@XZ

??1CalWriterException@@UAE@XZ

??1CalWriterNoAccountsException@@UAE@XZ

??1CallLogEntry@@UAE@XZ

??1CallLogsReaderBase@@MAE@XZ

??1CallLogsReaderException@@UAE@XZ

??1CsvFile@@UAE@XZ

??1DeviceManager@@UAE@XZ

??1DeviceManagerFactory@@UAE@XZ

??1DeviceScreen@@UAE@XZ

??1DeviceScreenFactory@@UAE@XZ

??1FileInfo@@UAE@XZ

??1FileInputStream@@UAE@XZ

??1FileOutputStream@@UAE@XZ

??1IAccountInfoReader@@UAE@XZ

??1IBrowserDataReader@@UAE@XZ

??1IBrowserDataWriter@@UAE@XZ

??1ICalReader@@UAE@XZ

??1ICalWriter@@UAE@XZ

??1ICallLogsReader@@UAE@XZ

??1IMMSReader@@UAE@XZ

??1IMMSWriter@@UAE@XZ

??1IMMStatusReader@@UAE@XZ

??1ISMSReader@@UAE@XZ

??1ISMSWriter@@UAE@XZ

??1ITPConnectRefusedException@@UAE@XZ

??1ITPConnectTimeoutException@@UAE@XZ

??1ITPConnectionClosedException@@UAE@XZ

??1ITPException@@UAE@XZ

??1ITPSocketNotReadyException@@UAE@XZ

??1InitSyncRequestMessage@@QAE@XZ

??1InitSyncResponseMessage@@QAE@XZ

??1InputStream@@UAE@XZ

??1Locale@@QAE@XZ

??1MMSMetaData@@UAE@XZ

??1MMSPartHeader@@UAE@XZ

??1MMSReaderBase@@MAE@XZ

??1MMSReaderException@@UAE@XZ

??1MMSWriterBase@@MAE@XZ

??1MMSWriterException@@UAE@XZ

??1MMStatusReaderBase@@MAE@XZ

??1MMStatusReaderException@@UAE@XZ

??1MsgDefaultAppHandler@@UAE@XZ

??1MsgDefaultAppImpl@@UAE@XZ

??1NandShellClient@@QAE@XZ

??1OutOfSpaceException@CLowLevel@@UAE@XZ

??1OutputStream@@UAE@XZ

??1PhoneInfo@@QAE@XZ

??1PhoneInfoCsv@@UAE@XZ

??1PhoneInfoEntry@@UAE@XZ

??1RebootTimeOutException@@UAE@XZ

??1SMSMessage@@UAE@XZ

??1SMSReaderBase@@MAE@XZ

??1SMSReaderException@@UAE@XZ

??1SMSWriterBase@@MAE@XZ

??1StorageSize_t@@UAE@XZ

??1SyncStatusResponseMessage@@QAE@XZ

??1Timezone@@QAE@XZ

??1USBBadImageException@@UAE@XZ

??1USBDevice@@UAE@XZ

??1USBDeviceEnabler@@UAE@XZ

??1USBDeviceFactory@@UAE@XZ

??1XmlBuilder@@UAE@XZ

??4ADBAuth@@QAEAAV0@ABV0@@Z

??4ADBAuthException@@QAEAAV0@$$QAV0@@Z

??4ADBAuthException@@QAEAAV0@ABV0@@Z

??4ADBClientAuthException@@QAEAAV0@$$QAV0@@Z

??4ADBClientAuthException@@QAEAAV0@ABV0@@Z

??4ADBClientAuthTimeoutException@@QAEAAV0@$$QAV0@@Z

??4ADBClientAuthTimeoutException@@QAEAAV0@ABV0@@Z

??4ADBClientException@@QAEAAV0@$$QAV0@@Z

??4ADBClientException@@QAEAAV0@ABV0@@Z

??4ADBClientFactory@@QAEAAV0@$$QAV0@@Z

??4ADBClientFactory@@QAEAAV0@ABV0@@Z

??4ADBFileRam@@QAEAAV0@$$QAV0@@Z

??4ADBFileRam@@QAEAAV0@ABV0@@Z

??4ADBHeader@@QAEAAU0@$$QAU0@@Z

??4ADBHeader@@QAEAAU0@ABU0@@Z

??4ADBMessage@@QAEAAV0@$$QAV0@@Z

??4ADBMessage@@QAEAAV0@ABV0@@Z

??4ADBShellFactory@@QAEAAV0@$$QAV0@@Z

??4ADBShellFactory@@QAEAAV0@ABV0@@Z

??4ADBSyncException@@QAEAAV0@$$QAV0@@Z

??4ADBSyncException@@QAEAAV0@ABV0@@Z

??4ADBSyncFactory@@QAEAAV0@$$QAV0@@Z

??4ADBSyncFactory@@QAEAAV0@ABV0@@Z

??4ADBSyncHeader@@QAEAAU0@$$QAU0@@Z

??4ADBSyncHeader@@QAEAAU0@ABU0@@Z

??4ADBSyncMessage@@QAEAAV0@$$QAV0@@Z

??4ADBSyncMessage@@QAEAAV0@ABV0@@Z

??4ADBSyncProgress@@QAEAAU0@ABU0@@Z

??4ADBWindowsIOFileTarget@@QAEAAV0@ABV0@@Z

??4AccountInfoEntry@@QAEAAU0@$$QAU0@@Z

??4AccountInfoEntry@@QAEAAU0@ABU0@@Z

??4AccountInfoReaderException@@QAEAAV0@$$QAV0@@Z

??4AccountInfoReaderException@@QAEAAV0@ABV0@@Z

??4Attributes@XmlBuilder@@QAEAAV01@$$QAV01@@Z

??4Attributes@XmlBuilder@@QAEAAV01@ABV01@@Z

??4BinWrite@@QAEAAV0@ABV0@@Z

??4BrowserBkHistData@@QAEAAV0@$$QAV0@@Z

??4BrowserBkHistData@@QAEAAV0@ABV0@@Z

??4BrowserDataReaderException@@QAEAAV0@$$QAV0@@Z

??4BrowserDataReaderException@@QAEAAV0@ABV0@@Z

??4BrowserDataTypes@@QAEAAV0@$$QAV0@@Z

??4BrowserDataTypes@@QAEAAV0@ABV0@@Z

??4BrowserDataWriterException@@QAEAAV0@$$QAV0@@Z

??4BrowserDataWriterException@@QAEAAV0@ABV0@@Z

??4BrowserSearchData@@QAEAAV0@$$QAV0@@Z

??4BrowserSearchData@@QAEAAV0@ABV0@@Z

??4CAdbCommandResultsParser@@QAEAAV0@$$QAV0@@Z

??4CAdbCommandResultsParser@@QAEAAV0@ABV0@@Z

??4CAndroidPhoneInfo@@QAEAAV0@$$QAV0@@Z

??4CAndroidPhoneInfo@@QAEAAV0@ABV0@@Z

??4CAndroidStorageHelper@@QAEAAV0@ABV0@@Z

??4CFSPackgeNamesHelper@@QAEAAV0@ABV0@@Z

??4CFastBoot@@QAEAAV0@ABV0@@Z

??4CFastBootProtocol@@QAEAAV0@ABV0@@Z

??4CFileWrite@@QAEAAV0@ABV0@@Z

??4CTcpIP_Framer@@QAEAAV0@ABV0@@Z

??4CTimestampUtil@@QAEAAV0@$$QAV0@@Z

??4CTimestampUtil@@QAEAAV0@ABV0@@Z

??4CalEntry@@QAEAAV0@ABV0@@Z

??4CalReaderException@@QAEAAV0@$$QAV0@@Z

??4CalReaderException@@QAEAAV0@ABV0@@Z

??4CalWriterException@@QAEAAV0@ABV0@@Z

??4CalWriterNoAccountsException@@QAEAAV0@ABV0@@Z

??4CallLogEntry@@QAEAAV0@ABV0@@Z

??4CallLogsReaderException@@QAEAAV0@$$QAV0@@Z

??4CallLogsReaderException@@QAEAAV0@ABV0@@Z

??4CsvFile@@QAEAAV0@ABV0@@Z

??4DeviceManager@@QAEAAV0@ABV0@@Z

??4DeviceManagerFactory@@QAEAAU0@$$QAU0@@Z

??4DeviceManagerFactory@@QAEAAU0@ABU0@@Z

??4DeviceScreen@@QAEAAV0@ABV0@@Z

??4DeviceScreenFactory@@QAEAAU0@$$QAU0@@Z

??4DeviceScreenFactory@@QAEAAU0@ABU0@@Z

??4FileInfo@@QAEAAV0@ABV0@@Z

??4FileInputStream@@QAEAAV0@ABV0@@Z

??4FileOutputStream@@QAEAAV0@ABV0@@Z

??4IAccountInfoReader@@QAEAAU0@ABU0@@Z

??4IBrowserDataReader@@QAEAAU0@ABU0@@Z

??4IBrowserDataWriter@@QAEAAU0@ABU0@@Z

??4ICalReader@@QAEAAU0@ABU0@@Z

??4ICalWriter@@QAEAAU0@ABU0@@Z

??4ICallLogsReader@@QAEAAU0@ABU0@@Z

??4IDumpLister@@QAEAAV0@$$QAV0@@Z

??4IDumpLister@@QAEAAV0@ABV0@@Z

??4IMMSReader@@QAEAAU0@ABU0@@Z

??4IMMSWriter@@QAEAAU0@ABU0@@Z

??4IMMStatusReader@@QAEAAU0@ABU0@@Z

??4ISMSReader@@QAEAAU0@ABU0@@Z

??4ISMSWriter@@QAEAAU0@ABU0@@Z

??4ITPConnectRefusedException@@QAEAAV0@$$QAV0@@Z

??4ITPConnectRefusedException@@QAEAAV0@ABV0@@Z

??4ITPConnectTimeoutException@@QAEAAV0@$$QAV0@@Z

??4ITPConnectTimeoutException@@QAEAAV0@ABV0@@Z

??4ITPConnectionClosedException@@QAEAAV0@$$QAV0@@Z

??4ITPConnectionClosedException@@QAEAAV0@ABV0@@Z

??4ITPException@@QAEAAV0@$$QAV0@@Z

??4ITPException@@QAEAAV0@ABV0@@Z

??4ITPSocketNotReadyException@@QAEAAV0@$$QAV0@@Z

??4ITPSocketNotReadyException@@QAEAAV0@ABV0@@Z

??4InitSyncRequestMessage@@QAEAAV0@ABV0@@Z

??4InitSyncResponseMessage@@QAEAAV0@$$QAV0@@Z

??4InitSyncResponseMessage@@QAEAAV0@ABV0@@Z

??4InputStream@@QAEAAV0@ABV0@@Z

??4Locale@@QAEAAV0@$$QAV0@@Z

??4Locale@@QAEAAV0@ABV0@@Z

??4LsParser@@QAEAAV0@$$QAV0@@Z

??4LsParser@@QAEAAV0@ABV0@@Z

??4MMSMetaData@@QAEAAV0@$$QAV0@@Z

??4MMSMetaData@@QAEAAV0@ABV0@@Z

Sections

Size: 785KB - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

Size: 251KB - Virtual size: 575KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

Size: 5KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

Size: 47KB - Virtual size: 77KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_DISCARDABLE

IMAGE_SCN_MEM_READ

.edata
Size: 77KB - Virtual size: 77KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.idata
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 3.9MB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.boot
Size: 2.4MB - Virtual size: 2.4MB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

.reloc
Size: 16B - Virtual size: 4KB

IMAGE_SCN_MEM_READ

Copy to UFED4PC 7.60 Installation directory (Data file)/ufed copy to location DLL/AndroidRootAccessUtils.dll

.dll windows:6 windows x86 arch:x86

Code Sign

03:a3:43:19:c7:07:88:13:c1:21:d6:74:4a:ba:05:7e
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

27/12/2020, 00:00

Not After

03/01/2024, 23:59

Subject

CN=Cellebrite DI LTD,O=Cellebrite DI LTD,L=Petah Tikva,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign

KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23/12/2017, 00:00

Not After

22/03/2029, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

9d:e4:4b:02:75:e7:50:0a:c7:84:e7:60:29:a0:74:a3:b3:06:34:c9:a3:ae:87:1f:24:c6:63:39:9b:04:03:da
Signer

Actual PE Digest

9d:e4:4b:02:75:e7:50:0a:c7:84:e7:60:29:a0:74:a3:b3:06:34:c9:a3:ae:87:1f:24:c6:63:39:9b:04:03:da

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_32BIT_MACHINE

IMAGE_FILE_DLL

Exports

??0CAndroidElfFilePatcher@@QAE@XZ

??0CAndroidFileUtils@@QAE@$$QAV0@@Z

??0CAndroidFileUtils@@QAE@AAVCLowLevel@@@Z

??0CAndroidRootAccess@@QAE@AAVCLowLevel@@AAVCRamLogger@@@Z

??0CElfSectionPatchInfoCollection@@QAE@ABV0@@Z

??0CElfSectionPatchInfoCollection@@QAE@XZ

??0CFileRead@@QAE@ABV0@@Z

??0CFileRead@@QAE@PBGI@Z

??0CFridaClient@@QAE@AAVADBClient@@@Z

??0CFridaClient@@QAE@ABV0@@Z

??0CFridaDumper@@QAE@AAVUSBDevice@@AAVCRamLogger@@@Z

??0CFridaDumper@@QAE@ABV0@@Z

??0CFridaScripts@@QAE@AAVCFridaClient@@@Z

??0CFridaScripts@@QAE@ABV0@@Z

??0CLoggingEnabler@@QAE@AAVCLowLevel@@AAVCRamLogger@@AAVCAndroidFileUtils@@@Z

??0CLoggingEnabler@@QAE@ABV0@@Z

??0CRunnableAsRoot@@QAE@$$QAV0@@Z

??0CRunnableAsRoot@@QAE@AAVCLowLevel@@@Z

??0CRunnableAsRoot@@QAE@ABV0@@Z

??0CsvFile@@QAE@ABV0@@Z

??0CsvFile@@QAE@ABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@@Z

??0CsvFile@@QAE@PBEI@Z

??0FridaCoreEprProivder@@QAE@$$QAV0@@Z

??0FridaCoreEprProivder@@QAE@AAVCVersion@@@Z

??0FridaScriptResult@@QAE@$$QAU0@@Z

??0FridaScriptResult@@QAE@ABU0@@Z

??0FridaScriptResult@@QAE@XZ

??0FridaTarget@@QAE@$$QAU0@@Z

??0FridaTarget@@QAE@ABU0@@Z

??0FridaTarget@@QAE@XZ

??0IFileRead@@QAE@ABV0@@Z

??0IFileRead@@QAE@XZ

??0IFridaCoreDeviceInterface@@QAE@V?$unique_ptr@VIFridaCoreProivder@@U?$default_delete@VIFridaCoreProivder@@@std@@@std@@@Z

??0IFridaCoreProivder@@QAE@ABV0@@Z

??0IFridaCoreProivder@@QAE@XZ

??0IOnSpawnCallback@CFridaClient@@QAE@ABU01@@Z

??0IOnSpawnCallback@CFridaClient@@QAE@XZ

??0TempTimeout@@QAE@AAVCLowLevel@@K@Z

??0UfedFridaCoreCommandHandler@@QAE@$$QAV0@@Z

??0UfedFridaCoreCommandHandler@@QAE@ABV0@@Z

??0UfedFridaCoreCommandHandler@@QAE@XZ

??0UnableToGetRootException@@QAE@$$QAV0@@Z

??0UnableToGetRootException@@QAE@ABV0@@Z

??0UnableToGetRootException@@QAE@PBD@Z

??1CAndroidElfFilePatcher@@QAE@XZ

??1CAndroidFileUtils@@QAE@XZ

??1CAndroidRootAccess@@UAE@XZ

??1CElfSectionPatchInfoCollection@@QAE@XZ

??1CFileRead@@UAE@XZ

??1CFridaClient@@QAE@XZ

??1CFridaDumper@@QAE@XZ

??1CFridaScripts@@UAE@XZ

??1CLoggingEnabler@@UAE@XZ

??1CsvFile@@UAE@XZ

??1FridaCoreEprProivder@@UAE@XZ

??1FridaScriptResult@@QAE@XZ

??1FridaTarget@@QAE@XZ

??1IFileRead@@UAE@XZ

??1IFridaCoreDeviceInterface@@UAE@XZ

??1IFridaCoreProivder@@UAE@XZ

??1IOnSpawnCallback@CFridaClient@@UAE@XZ

??1TempTimeout@@QAE@XZ

??1UfedFridaCoreCommandHandler@@UAE@XZ

??1UnableToGetRootException@@UAE@XZ

??4CAndroidElfFilePatcher@@QAEAAV0@ABV0@@Z

??4CElfSectionPatchInfoCollection@@QAEAAV0@ABV0@@Z

??4CFileRead@@QAEAAV0@ABV0@@Z

??4CTimestampUtil@@QAEAAV0@$$QAV0@@Z

??4CTimestampUtil@@QAEAAV0@ABV0@@Z

??4CsvFile@@QAEAAV0@ABV0@@Z

??4FridaCoreExecutor@@QAEAAV0@$$QAV0@@Z

??4FridaCoreExecutor@@QAEAAV0@ABV0@@Z

??4FridaTarget@@QAEAAU0@$$QAU0@@Z

??4FridaTarget@@QAEAAU0@ABU0@@Z

??4IFileRead@@QAEAAV0@ABV0@@Z

??4IFridaCoreProivder@@QAEAAV0@ABV0@@Z

??4IOnSpawnCallback@CFridaClient@@QAEAAU01@ABU01@@Z

??4UfedFridaCoreCommandHandler@@QAEAAV0@$$QAV0@@Z

??4UfedFridaCoreCommandHandler@@QAEAAV0@ABV0@@Z

??4UnableToGetRootException@@QAEAAV0@$$QAV0@@Z

??4UnableToGetRootException@@QAEAAV0@ABV0@@Z

??5CsvFile@@QAEAAV0@AAG@Z

??5CsvFile@@QAEAAV0@AAK@Z

??5CsvFile@@QAEAAV0@AAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z

??5CsvFile@@QAEAAV0@AAV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@@Z

??_7CAndroidRootAccess@@6B@

??_7CFileRead@@6B@

??_7CFridaScripts@@6B@

??_7CLoggingEnabler@@6B@

??_7CRunnableAsRoot@@6B@

??_7CsvFile@@6B@

??_7FridaCoreEprProivder@@6B@

??_7IFileRead@@6B@

??_7IFridaCoreDeviceInterface@@6B@

??_7IFridaCoreProivder@@6B@

??_7IOnSpawnCallback@CFridaClient@@6B@

??_7UfedFridaCoreCommandHandler@@6B@

??_7UnableToGetRootException@@6B@

?AddInfo@CFridaDumper@@AAEXABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@00@Z

?AddSection@CElfSectionPatchInfoCollection@@QAEXABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@00@Z

?AddSection@CElfSectionPatchInfoCollection@@QAEXABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@II@Z

?Attach@CFridaClient@@QAEII@Z

?Authenticate@CFridaClient@@QAEXXZ

?BlankVirtualMethodClangWorkaround@UnableToGetRootException@@EAEXXZ

?CheckConfig_gz@CAndroidRootAccess@@MAE_NV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z

?CheckDeprecatedDumperUse@CAndroidRootAccess@@QAEXXZ

?CheckNandreadRunning@CAndroidRootAccess@@IAE_NXZ

?CheckNativeRoot@CAndroidRootAccess@@QAE_NXZ

?ClearMessagesQueue@CFridaClient@@AAEXXZ

?Close@CFileRead@@QAEXXZ

?CloseAll@CFridaClient@@QAEXXZ

?CloseSession@CFridaClient@@QAEXI@Z

?Connect@CFridaClient@@QAEXXZ

?Connectable@CFridaDumper@@QAE_NXZ

?CreateFirdaCoreRunCmd@UfedFridaCoreCommandHandler@@UAE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@ABV23@00W4Vendor@IFridaCoreVendor@@@Z

?CreateScript@CFridaClient@@QAEIIABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z

?DefaultFlow@CAndroidRootAccess@@UAEXV?$vector@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V?$allocator@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@@std@@@Z

?DeleteExploitFiles@CAndroidRootAccess@@QAEXXZ

?DestroyScript@CFridaClient@@QAEXII@Z

?Disable@CLoggingEnabler@@QAE_NXZ

?DisableSpawnGating@CFridaClient@@QAEXXZ

?Disconnect@CFridaClient@@QAEXXZ

?DumpTargets@FridaCoreExecutor@@CAXABV?$vector@UFridaScriptResult@@V?$allocator@UFridaScriptResult@@@std@@@std@@PAUIDumperTargetCallback@@AAVCTransferIndicator@@@Z

?Enable@CLoggingEnabler@@QAEXXZ

?EnableSharpRead@CAndroidRootAccess@@UAEXXZ

?EnableSpawnGating@CFridaClient@@QAEXPAUIOnSpawnCallback@1@@Z

?Eof@CsvFile@@QAE_NXZ

?ExecuteCowGirlDirtyCow@CAndroidRootAccess@@AAE_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAV?$vector@U?$pair@KV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@@std@@V?$allocator@U?$pair@KV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@@std@@@2@@3@@Z

?ExecuteCowGirlPatcher@CAndroidRootAccess@@AAEHABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z

?ExecuteExploit@CAndroidRootAccess@@UAE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@ABV23@0_N@Z

?ExecuteMethod@CFridaClient@@AAE?AV?$vector@EV?$allocator@E@std@@@std@@PBD@Z

?ExecuteMethod@CFridaClient@@AAE?AV?$vector@EV?$allocator@E@std@@@std@@PBDI@Z

?ExecuteRootSpot@CAndroidRootAccess@@IAE_NV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@0H@Z

?ExploitCowGirl32BitSam@CAndroidRootAccess@@UAE_NXZ

?ExploitCowGirl64BitSam@CAndroidRootAccess@@UAE_NXZ

?ExploitCowGirl@CAndroidRootAccess@@QAE_NXZ

?ExploitFourRunner@CAndroidRootAccess@@UAE_NXZ

?ExploitFourRunnerAltShell@CAndroidRootAccess@@UAE_NXZ

?ExploitFourRunnerEricsonProtection@CAndroidRootAccess@@UAE_NXZ

?ExploitFourRunnerJellyBean@CAndroidRootAccess@@UAE_NXZ

?ExploitFourRunnerJellyBeanAltShell@CAndroidRootAccess@@UAE_NXZ

?ExploitFourRunnerJellyBeanEricsonProtection@CAndroidRootAccess@@UAE_NXZ

?ExploitFourRunnerJellyBeanEricsonProtectionAltShell@CAndroidRootAccess@@UAE_NXZ

?ExploitFourRunnerNandRead@CAndroidRootAccess@@UAE_N_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z

?ExploitFourRunnerParams@CAndroidRootAccess@@UAE_NXZ

?ExploitGb@CAndroidRootAccess@@UAE_N_N@Z

?ExploitGbNoKill@CAndroidRootAccess@@UAE_NXZ

?ExploitGbNormal@CAndroidRootAccess@@UAE_NXZ

?ExploitMTKRoot@CAndroidRootAccess@@UAE_NXZ

?ExploitPingRoot@CAndroidRootAccess@@UAE_NXZ

?ExploitPsneuter@CAndroidRootAccess@@UAE_NXZ

?ExploitRootSpot@CAndroidRootAccess@@UAE_NXZ

?ExploitRosecure@CAndroidRootAccess@@UAE_NXZ

?ExploitSetuid@CAndroidRootAccess@@UAE_NXZ

?ExploitVolBeat@CAndroidRootAccess@@UAE_NXZ

?ExploitVolBeat@CAndroidRootAccess@@UAE_N_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z

?ExploitZergRush@CAndroidRootAccess@@UAE_N_N@Z

?ExploitZergRushNoKill@CAndroidRootAccess@@UAE_NXZ

?ExploitZergRushNormal@CAndroidRootAccess@@UAE_NXZ

?Exploitdjango@CAndroidRootAccess@@UAE_NXZ

?FindMagic@CAndroidElfFilePatcher@@AAEPADPADIABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z

?ForceRebootAndSleep@CAndroidRootAccess@@UAE_NXZ

?ForceStop@CAndroidFileUtils@@QAEXABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z

?ForceStop@CAndroidRootAccess@@QAEXABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z

?GetCPUType@CAndroidRootAccess@@QAE?AW4CpuCheck@@XZ

?GetConfig@FridaCoreEprProivder@@UAE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ

?GetElfSectionByName@CAndroidElfFilePatcher@@AAEPAVsection@ELFIO@@PAVelfio@3@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z

?GetFileSize@CFileRead@@KA_JPAU_iobuf@@@Z

?GetFridaCoreBuf@FridaCoreEprProivder@@UAE?AV?$vector@EV?$allocator@E@std@@@std@@W4Arch@IFridaCoreProivder@@W4Vendor@IFridaCoreVendor@@_N@Z

?GetFridaCoreBuf@IFridaCoreDeviceInterface@@IAE?AV?$vector@EV?$allocator@E@std@@@std@@_N@Z

?GetFridaCoreResourcePath@FridaCoreEprProivder@@AAE?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@W4Arch@IFridaCoreProivder@@W4Vendor@IFridaCoreVendor@@_N@Z

?GetFridaCoreResourcePathForAndroid12@FridaCoreEprProivder@@AAE?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@V23@W4Vendor@IFridaCoreVendor@@_N@Z

?GetFridaScriptBuf@FridaCoreEprProivder@@AAE?AV?$vector@EV?$allocator@E@std@@@std@@ABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@3@@Z

?GetMoreData@CsvFile@@IAE_NXZ

?GetNextDWORD@CsvFile@@QAEKXZ

?GetNextString@CsvFile@@QAE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ

?GetSePolicyInejctBuf@FridaCoreEprProivder@@UAE?AV?$vector@EV?$allocator@E@std@@@std@@W4Arch@IFridaCoreProivder@@@Z

?GetSepolicyInecjtBuf@IFridaCoreDeviceInterface@@IAE?AV?$vector@EV?$allocator@E@std@@@std@@XZ

?GetTargetFridaScriptBuf@FridaCoreEprProivder@@UAE?AV?$vector@EV?$allocator@E@std@@@std@@ABUFridaTarget@@@Z

?GetTargetFridaScriptBuf@IFridaCoreDeviceInterface@@IAE?AV?$vector@EV?$allocator@E@std@@@std@@ABUFridaTarget@@@Z

?GetTargets@IFridaCoreDeviceInterface@@QAE?AV?$vector@UFridaTarget@@V?$allocator@UFridaTarget@@@std@@@std@@XZ

?GetUtilFridaScriptBuf@FridaCoreEprProivder@@UAE?AV?$vector@EV?$allocator@E@std@@@std@@ABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@3@@Z

?GetUtilFridaScriptBuf@IFridaCoreDeviceInterface@@IAE?AV?$vector@EV?$allocator@E@std@@@std@@ABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@3@@Z

?GetWifiInterfaceName@CAndroidRootAccess@@AAE_NAAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z

?HuaweuEnableLog@CAndroidRootAccess@@UAEXV?$vector@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V?$allocator@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@@std@@@Z

?InstallApp@CAndroidFileUtils@@QAE_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@3@@Z

?InstallApp@CAndroidRootAccess@@QAE_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@3@@Z

?IsConnected@CFridaClient@@QAE_NXZ

?IsJson@CFridaDumper@@AAE_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z

?IsJson@FridaCoreExecutor@@CA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z

?IsLoggingDevicePresent@CLoggingEnabler@@IAE_NXZ

?IsNativeRootById@CAndroidRootAccess@@IAE_NXZ

?IsOpen@CFileRead@@UAE_NXZ

?JapaneseReadEnabler@CAndroidRootAccess@@UAEXV?$vector@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V?$allocator@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@@std@@@Z

?Kill@CFridaClient@@QAEXI@Z

?LoadScript@CFridaClient@@QAEXII@Z

?ManageExploitParams@CAndroidRootAccess@@MAEXV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAV23@@Z

?NeedesCapabilitiesShellSetup@UfedFridaCoreCommandHandler@@UAE_NXZ

?NewLine@CsvFile@@QAE_NXZ

?NextLine@CsvFile@@QAE_NXZ

?Ok@CsvFile@@QAE_NXZ

?OnSpawn@CFridaScripts@@UAEXIABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z

?Patch@CAndroidElfFilePatcher@@QAE_NAAV?$basic_istream@DU?$char_traits@D@std@@@std@@0ABVCElfSectionPatchInfoCollection@@AAV?$vector@EV?$allocator@E@std@@@3@@Z

?PatchFile@CAndroidElfFilePatcher@@QAE_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@0ABVCElfSectionPatchInfoCollection@@AAV?$vector@EV?$allocator@E@std@@@3@@Z

?PatchFile@CAndroidElfFilePatcher@@QAE_NABV?$vector@EV?$allocator@E@std@@@std@@0ABVCElfSectionPatchInfoCollection@@AAV23@@Z

?PatchFullPath@CAndroidElfFilePatcher@@QAE_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@0ABVCElfSectionPatchInfoCollection@@AAV?$vector@EV?$allocator@E@std@@@3@@Z

?PhoneChipsetCaseInsensitive@CAndroidRootAccess@@MAE_NV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z

?PhoneModelWildCard@CAndroidRootAccess@@MAE_NV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z

?Pos64@CFileRead@@UAE_JXZ

?Pos@CFileRead@@QAEIXZ

?PraseTargetsFromJson@IFridaCoreDeviceInterface@@CA?AV?$vector@UFridaTarget@@V?$allocator@UFridaTarget@@@std@@@std@@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@3@@Z

?ProcessMessageFromScript@CFridaClient@@AAEXABV?$vector@EV?$allocator@E@std@@@std@@@Z

?ProcessSignals@CFridaClient@@AAEX_N@Z

?ProcessSpawnAdded@CFridaClient@@AAEXABV?$vector@EV?$allocator@E@std@@@std@@@Z

?ProcessTarget@FridaCoreExecutor@@CA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@ABUFridaScriptResult@@@Z

?Read@CFileRead@@UAE_NPAEI@Z

?ReadStream@CAndroidElfFilePatcher@@AAE_NAAV?$basic_istream@DU?$char_traits@D@std@@@std@@AAV?$vector@EV?$allocator@E@std@@@3@@Z

?ReceiveMessage@CFridaClient@@QAE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@ABV23@@Z

?RecoverFromCrash@CAndroidRootAccess@@AAEXXZ

?Reset@CsvFile@@QAE_NXZ

?RestartAfterSetuid@CAndroidRootAccess@@UAEXV?$vector@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V?$allocator@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@@std@@@Z

?Resume@CFridaClient@@QAEXI@Z

?RootSpotGotWifiDriver@CAndroidRootAccess@@IAE_NXZ

?Run@CFridaDumper@@QAEXAAUIDumperTargetCallback@@@Z

?Run@CFridaScripts@@QAE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@ABV23@ABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@3@0@Z

?RunAsRoot@CAndroidRootAccess@@QAEXAAVCRunnableAsRoot@@AAUPhoneInfo@@_N@Z

?RunFridaScript@IFridaCoreDeviceInterface@@QAE?AUFridaScriptResult@@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@ABUFridaTarget@@@Z

?RunScripts@CFridaDumper@@AAEXXZ

?RunScripts@FridaCoreExecutor@@CA?AV?$vector@UFridaScriptResult@@V?$allocator@UFridaScriptResult@@@std@@@std@@AAVIFridaCoreDeviceInterface@@@Z

?RunScriptsAndDumpResults@FridaCoreExecutor@@SAXPAUIDumperTargetCallback@@AAVIFridaCoreDeviceInterface@@AAVCTransferIndicator@@@Z

?SaveInfo@CFridaDumper@@AAEXAAUIDumperTargetCallback@@@Z

?SecurityPatchLevelSupported@CAndroidRootAccess@@QAE_NXZ

?Seek@CFileRead@@QAE_NI@Z

?SendReceive@CFridaClient@@AAE?AV?$vector@EV?$allocator@E@std@@@std@@ABV23@0@Z

?SessionObjectStr@CFridaClient@@AAE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@I@Z

?SetAttributesAndUpload@CAndroidRootAccess@@MAEXPBG_N@Z

?SetCSVInfoFile@CAndroidRootAccess@@QAE?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@XZ

?SetParams@CAndroidRootAccess@@QAEXPAVCDBUtil@@PAUIUserInteraction@@PAVCModuleInfo@@@Z

?SetTimeOut@CAndroidRootAccess@@IAEXXZ

?SetTimeOutValue@CAndroidRootAccess@@QAEXK@Z

?Size64@CFileRead@@UAE_JXZ

?Size@CFileRead@@QAEIXZ

?Spawn@CFridaClient@@QAEIABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z

?SpawnProcRunScriptContent@CFridaScripts@@AAE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@ABV23@@Z

?StrSave@CFridaDumper@@AAEXABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAUIDumperTargetCallback@@AA_K@Z

?StrSave@FridaCoreExecutor@@CAXABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@PAUIDumperTargetCallback@@AA_KABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@3@@Z

?TestPatchedFileSize@CAndroidRootAccess@@AAE_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@0@Z

?TimeOut@CAndroidRootAccess@@IAE_NXZ

?UninstallApp@CAndroidFileUtils@@QAE_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z

?UninstallApp@CAndroidRootAccess@@QAE_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z

?UnpackFile@CAndroidFileUtils@@QAE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@PBGABV23@@Z

?UnpackFile@CAndroidFileUtils@@QAE?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@AAV?$vector@EV?$allocator@E@std@@@3@PBG@Z

?UnpackFile@CAndroidRootAccess@@QAE?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@AAV?$vector@EV?$allocator@E@std@@@3@PBG@Z

?UnpackFileToTempFolder@CAndroidRootAccess@@AAE?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@ABV23@0@Z

?UnpackNandread@CAndroidFileUtils@@QAE?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@W4NandreadVarient@1@AAV?$vector@EV?$allocator@E@std@@@3@@Z

?UnpackNandread@CAndroidFileUtils@@QAE?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@W4NandreadVarient@1@ABV23@@Z

?UnzipCsvFile@CAndroidFileUtils@@QAE?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@XZ

?UnzipCsvFile@CAndroidRootAccess@@QAE?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@XZ

?UpdateFourRunnerUploadedFiles@CAndroidRootAccess@@IAEXXZ

?UpdateUfd@CFridaDumper@@AAEXAAUIDumperTargetCallback@@@Z

?UpdateUfd@FridaCoreExecutor@@CAXPAUIDumperTargetCallback@@ABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@@Z

?UploadFile@CAndroidFileUtils@@QAE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@PBGABV23@V?$vector@EV?$allocator@E@std@@@3@@Z

?UploadFile@CAndroidRootAccess@@QAE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@PBGABV23@@Z

?UploadFileFromLocalMachine@CAndroidFileUtils@@QAE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@PBGABV23@@Z

?UploadFileFromLocalMachine@CAndroidRootAccess@@QAE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@PBGABV23@@Z

?UploadFrida@CAndroidFileUtils@@QAE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@_N@Z

?UploadKnockoutBinary@CAndroidFileUtils@@QAE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@ABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@3@@Z

?UploadNandread@CAndroidFileUtils@@QAE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@W4NandreadVarient@1@ABV23@@Z

?UseDeprecatedDumper@CAndroidFileUtils@@QAE_NXZ

?UseOatdump@CAndroidRootAccess@@QAE_NXZ

?VendorWildCardCaseInsensative@CAndroidRootAccess@@MAE_NV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z

?WriteTempFile@CAndroidElfFilePatcher@@AAE_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@ABV?$vector@EV?$allocator@E@std@@@3@@Z

?__autoclassinit2@CFileRead@@QAEXI@Z

?cowGirlPatcher@CAndroidRootAccess@@0V?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@B

?cowGirlShellCode32Iptables@CAndroidRootAccess@@0V?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@B

?cowGirlShellCode32Oatdump@CAndroidRootAccess@@0V?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@B

?cowGirlShellCode@CAndroidRootAccess@@0V?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@B

?createPatchPair@CAndroidRootAccess@@AAEKABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAU?$pair@KV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@@3@@Z

?dirtyCow32Bin@CAndroidRootAccess@@0V?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@B

?dirtyCowBin@CAndroidRootAccess@@0V?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@B

?findCorrectLine@CAndroidRootAccess@@QAE_NAAUPhoneInfo@@@Z

?m_CGDir@CAndroidRootAccess@@0V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@B

?m_NANDD@CAndroidRootAccess@@2V?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@B

?m_NAND_READ_32_PIE_VOLD@CAndroidRootAccess@@2V?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@B

?m_NAND_READ_64_PIE_VOLD@CAndroidRootAccess@@2V?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@B

?m_NAND_READ_PIE@CAndroidRootAccess@@2V?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@B

?m_NAND_READ_STATIC@CAndroidRootAccess@@2V?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@B

?m_NAND_READ_STATIC_REVERSE@CAndroidRootAccess@@2V?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@B

?overWriteFunction@CAndroidRootAccess@@0V?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@B

?rootSpotPackageName@CAndroidRootAccess@@2V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@B

?shellCodeFunctionsArr@CAndroidRootAccess@@0QBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@B

?triggerFunctions32Arr@CAndroidRootAccess@@0QBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@B

?triggerFunctionsArr@CAndroidRootAccess@@0QBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@B

Sections

Size: 162KB - Virtual size: 398KB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

Size: 30KB - Virtual size: 116KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

Size: 1KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

Size: 17KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_DISCARDABLE

IMAGE_SCN_MEM_READ

.edata
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.idata
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 3.9MB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.boot
Size: 2.5MB - Virtual size: 2.5MB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

.reloc
Size: 16B - Virtual size: 4KB

IMAGE_SCN_MEM_READ

Copy to UFED4PC 7.60 Installation directory (Data file)/ufed copy to location DLL/CEIniStorage.dll

.dll windows:6 windows x86 arch:x86

f7c4d3160d3dad2e54a3a8ae6644ab59

Code Sign

03:a3:43:19:c7:07:88:13:c1:21:d6:74:4a:ba:05:7e
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

27/12/2020, 00:00

Not After

03/01/2024, 23:59

Subject

CN=Cellebrite DI LTD,O=Cellebrite DI LTD,L=Petah Tikva,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign

KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23/12/2017, 00:00

Not After

22/03/2029, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

8f:0a:b9:c3:20:bf:3f:4c:7d:1d:96:ac:37:bb:06:e9:df:78:55:65:a8:36:41:36:b0:09:7d:b0:3d:c4:c2:4b
Signer

Actual PE Digest

8f:0a:b9:c3:20:bf:3f:4c:7d:1d:96:ac:37:bb:06:e9:df:78:55:65:a8:36:41:36:b0:09:7d:b0:3d:c4:c2:4b

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_32BIT_MACHINE

IMAGE_FILE_DLL

PDB Paths

D:\ADOAgent\_work\711\s\Exodus.Touch\Output\Binary\Release\CEIniStorage.pdb

Imports

common

?DebugFileName@@YAPBDPBD@Z

?GetIniFileFolder@CInterModuleService@@SA?BV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@XZ

?xxprintf@@YAHPBG0ZZ

kernel32

DeleteCriticalSection

ReleaseMutex

EnterCriticalSection

CreateMutexW

LocalFree

MoveFileW

MultiByteToWideChar

WideCharToMultiByte

GetSystemTimeAsFileTime

InitializeCriticalSection

CloseHandle

FindFirstFileW

FindClose

DeleteFileW

CreateFileW

GetLastError

LeaveCriticalSection

WaitForSingleObject

GetCurrentThreadId

GetCurrentProcessId

QueryPerformanceCounter

TerminateProcess

GetCurrentProcess

SetUnhandledExceptionFilter

UnhandledExceptionFilter

IsDebuggerPresent

IsProcessorFeaturePresent

InitializeSListHead

advapi32

CryptCreateHash

CryptReleaseContext

CryptDeriveKey

ConvertStringSecurityDescriptorToSecurityDescriptorW

CryptDestroyHash

CryptHashData

CryptAcquireContextW

CryptDecrypt

CryptEncrypt

CryptDestroyKey

msvcp140

?_Xout_of_range@std@@YAXPBD@Z

?_Xlength_error@std@@YAXPBD@Z

vcruntime140

_except_handler4_common

_CxxThrowException

__std_exception_copy

memmove

__CxxFrameHandler3

__std_type_info_destroy_list

memcpy

memset

_purecall

__std_exception_destroy

api-ms-win-crt-heap-l1-1-0

free

malloc

_callnewh

api-ms-win-crt-runtime-l1-1-0

_configure_narrow_argv

_invalid_parameter_noinfo_noreturn

_initialize_onexit_table

_register_onexit_function

_seh_filter_dll

_crt_atexit

_cexit

_initterm

_initterm_e

_initialize_narrow_environment

_errno

_execute_onexit_table

api-ms-win-crt-string-l1-1-0

_wcsicmp

api-ms-win-crt-stdio-l1-1-0

fclose

__stdio_common_vswscanf

__stdio_common_vswprintf

_wfopen_s

_wfopen

fseek

fwrite

fread

fputs

ftell

Exports

GetIniFileImpl

GetIniFileImplNew

Sections

.text
Size: 31KB - Virtual size: 31KB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

.rdata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_DISCARDABLE

IMAGE_SCN_MEM_READ

Copy to UFED4PC 7.60 Installation directory (Data file)/ufed copy to location DLL/Capone.dll

.dll windows:6 windows x86 arch:x86

Code Sign

03:a3:43:19:c7:07:88:13:c1:21:d6:74:4a:ba:05:7e
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

27/12/2020, 00:00

Not After

03/01/2024, 23:59

Subject

CN=Cellebrite DI LTD,O=Cellebrite DI LTD,L=Petah Tikva,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign

KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23/12/2017, 00:00

Not After

22/03/2029, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

83:37:23:2c:2a:3f:d9:4a:ab:88:8a:00:c3:20:c4:96:78:5d:53:71:b7:6c:71:34:ea:f0:2e:0b:c2:31:7b:cc
Signer

Actual PE Digest

83:37:23:2c:2a:3f:d9:4a:ab:88:8a:00:c3:20:c4:96:78:5d:53:71:b7:6c:71:34:ea:f0:2e:0b:c2:31:7b:cc

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_32BIT_MACHINE

IMAGE_FILE_DLL

Exports

??0CFileRead@@QAE@ABV0@@Z

??0CFileRead@@QAE@PBGI@Z

??0CaponProtocol@@QAE@AAVUSBDevice@@IK@Z

??0CaponeClient@@QAE@XZ

??0CaponeRunner@@AAE@XZ

??0ICaponeRunner@@QAE@$$QAV0@@Z

??0ICaponeRunner@@QAE@ABV0@@Z

??0ICaponeRunner@@QAE@XZ

??0IFileRead@@QAE@ABV0@@Z

??0IFileRead@@QAE@XZ

??0PyInterpeter@@QAE@ABV0@@Z

??0PyInterpeter@@QAE@XZ

??0PythonClass@@QAE@ABV0@@Z

??0PythonClass@@QAE@XZ

??1CFileRead@@UAE@XZ

??1CaponProtocol@@UAE@XZ

??1CaponeClient@@UAE@XZ

??1CaponeRunner@@EAE@XZ

??1ICaponeRunner@@QAE@XZ

??1IFileRead@@UAE@XZ

??1PyInterpeter@@UAE@XZ

??1PythonClass@@UAE@XZ

??4CFileRead@@QAEAAV0@ABV0@@Z

??4CTimestampUtil@@QAEAAV0@$$QAV0@@Z

??4CTimestampUtil@@QAEAAV0@ABV0@@Z

??4ICaponeRunner@@QAEAAV0@$$QAV0@@Z

??4ICaponeRunner@@QAEAAV0@ABV0@@Z

??4IFileRead@@QAEAAV0@ABV0@@Z

??4PyInterpeter@@QAEAAV0@ABV0@@Z

??4PythonClass@@QAEAAV0@ABV0@@Z

??BPythonClass@@UAE?AVobject@pybind11@@XZ

??BPythonClass@@UBE?AVobject@pybind11@@XZ

??_7CFileRead@@6B@

??_7CaponProtocol@@6B@

??_7CaponeClient@@6B@

??_7CaponeRunner@@6BICaponeRunner@@@

??_7CaponeRunner@@6BPythonClass@@@

??_7ICaponeRunner@@6B@

??_7IFileRead@@6B@

??_7PyInterpeter@@6B@

??_7PythonClass@@6B@

?AdbBindPort@CaponeClient@@UAEHHH@Z

?AddToUploadedList@ICaponeRunner@@QAEXV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z

?Auth@CaponProtocol@@UAE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ

?ChanRecv@CaponProtocol@@UAEIPAEI@Z

?ChanSend@CaponProtocol@@UAEXPBEI@Z

?ChangeId@CaponeClient@@UAE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@II@Z

?Chid@CaponProtocol@@UAE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@II@Z

?Close@CFileRead@@QAEXXZ

?Connect@CaponeClient@@UAEXXZ

?Decrypt@CaponProtocol@@QAE_NABV?$vector@EV?$allocator@E@std@@@std@@AAV23@1@Z

?Destroy@CaponeRunner@@UAEXXZ

?DownloadFile@CaponeClient@@UAE_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@ABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@3@_N@Z

?Encrypt@CaponProtocol@@QAE_NABV?$vector@EV?$allocator@E@std@@@std@@AAV23@1@Z

?ExecuteCommand@CaponProtocol@@IAE?AV?$vector@EV?$allocator@E@std@@@std@@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@3@ABV23@HH_N@Z

?GetDataPath@PyInterpeter@@AAE?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@XZ

?GetFalconClient@CaponeRunner@@UAEAAVCFalconClient@@XZ

?GetFileSize@CFileRead@@KA_JPAU_iobuf@@@Z

?GetInfo@CaponeClient@@UAE?AVobject@pybind11@@XZ

?GetInstance@CaponeRunner@@SAPAVICaponeRunner@@XZ

?GetJsonInfo@CaponeClient@@UAE?AV?$basic_json@DV?$allocator@X@std@@@jsoncons@@XZ

?GetLibsDirectory@PyInterpeter@@AAE?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@XZ

?GetPropW@CaponeClient@@UAE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@ABV23@@Z

?GetUiUpdateCallback@CaponeRunner@@UAEAAV?$function@$$A6AXHHH@Z@std@@XZ

?GetUploadedFileList@ICaponeRunner@@UAEABV?$list@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V?$allocator@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@@std@@XZ

?GetUsbDevice@CaponeRunner@@UAEAAVUSBDevice@@XZ

?Handshake@CaponeClient@@IAE_NXZ

?Info@CaponProtocol@@UAE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ

?IsOpen@CFileRead@@UAE_NXZ

?Ping@CaponProtocol@@UAE_NXZ

?Pos64@CFileRead@@UAE_JXZ

?Pos@CFileRead@@QAEIXZ

?Read@CFileRead@@UAE_NPAEI@Z

?ReadAddress@CaponeClient@@UAE?AVbytes@pybind11@@_K0I_N@Z

?ReadAddressFmt@CaponeClient@@UAE?AVtuple@pybind11@@_KV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@_N@Z

?ReadAdrr@CaponProtocol@@UAE?AV?$vector@EV?$allocator@E@std@@@std@@_K0I_N@Z

?ReciveResponce@CaponProtocol@@MAE_NV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAV?$vector@EV?$allocator@E@std@@@3@@Z

?Reconnect@CaponeClient@@UAEXXZ

?Run@CaponeRunner@@UAE_JV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z

?Seek@CFileRead@@QAE_NI@Z

?SendRequest@CaponProtocol@@MAE_NV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@ABV?$vector@EV?$allocator@E@std@@@3@@Z

?SetFalconClient@CaponeRunner@@UAEXAAVCFalconClient@@@Z

?SetPythonPath@PyInterpeter@@AAEXXZ

?SetUiUpdateCallback@CaponeRunner@@UAEXAAV?$function@$$A6AXHHH@Z@std@@@Z

?SetUsbDevice@CaponeRunner@@UAEXAAVUSBDevice@@@Z

?Shell@CaponProtocol@@UAE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V23@PAHPAV23@@Z

?Shell@CaponeClient@@UAE?AV?$tuple@HV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V12@@std@@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@3@@Z

?Size64@CFileRead@@UAE_JXZ

?Size@CFileRead@@QAEIXZ

?UnpackCaponeEpr@CaponeRunner@@AAE?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@XZ

?UpdateUi@CaponeClient@@UAEXHHH@Z

?UploadFile@CaponeClient@@UAE_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@3@_N@Z

?WaitForAdbDevice@CaponeClient@@UAE_NXZ

?WriteAddress@CaponeClient@@UAE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@_KVbytes@pybind11@@I_N@Z

?WriteAddressFmt@CaponeClient@@UAE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@_KV23@Vtuple@pybind11@@_N3@Z

?WriteAdrr@CaponProtocol@@UAE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@_KV?$vector@EV?$allocator@E@std@@@3@I_N@Z

?__autoclassinit2@CConditionVariable@@QAEXI@Z

?__autoclassinit2@CFileRead@@QAEXI@Z

?__autoclassinit2@CaponProtocol@@QAEXI@Z

?__autoclassinit2@CaponeClient@@QAEXI@Z

?__autoclassinit2@CaponeRunner@@QAEXI@Z

?__autoclassinit2@ICaponeRunner@@QAEXI@Z

?__autoclassinit2@PythonClass@@QAEXI@Z

?addToPythonPaths@PythonClass@@UAEXABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@@Z

?get_class_name@PythonClass@@UAE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ

?get_python_class@PythonClass@@UAE?AVobject@pybind11@@XZ

?mpiCaponeRunner@CaponeRunner@@0PAV1@A

?refcount@PyInterpeter@@2IA

Sections

Size: 703KB - Virtual size: 1.4MB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

Size: 234KB - Virtual size: 440KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

Size: 3KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

Size: 35KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_DISCARDABLE

IMAGE_SCN_MEM_READ

.edata
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.idata
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 3.9MB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.boot
Size: 2.4MB - Virtual size: 2.4MB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

.reloc
Size: 16B - Virtual size: 4KB

IMAGE_SCN_MEM_READ

Copy to UFED4PC 7.60 Installation directory (Data file)/ufed copy to location DLL/Cellebrite.License.Common.dll

.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Code Sign

03:a3:43:19:c7:07:88:13:c1:21:d6:74:4a:ba:05:7e
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

27/12/2020, 00:00

Not After

03/01/2024, 23:59

Subject

CN=Cellebrite DI LTD,O=Cellebrite DI LTD,L=Petah Tikva,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign

KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23/12/2017, 00:00

Not After

22/03/2029, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

1a:77:ae:fd:dd:74:30:f5:ee:de:53:59:4b:a3:a4:3f:ac:45:ea:cd:0a:13:b8:0e:22:91:a1:4b:63:60:89:d0
Signer

Actual PE Digest

1a:77:ae:fd:dd:74:30:f5:ee:de:53:59:4b:a3:a4:3f:ac:45:ea:cd:0a:13:b8:0e:22:91:a1:4b:63:60:89:d0

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

IMAGE_DLLCHARACTERISTICS_NO_SEH

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_LARGE_ADDRESS_AWARE

IMAGE_FILE_DLL

PDB Paths

D:\ADOAgent\_work\711\s\Exodus.Touch\Exodus\Cellebrite.License.Common\obj\Release\Cellebrite.License.Common.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_DISCARDABLE

IMAGE_SCN_MEM_READ

Copy to UFED4PC 7.60 Installation directory (Data file)/ufed copy to location DLL/Cellebrite.License.Configuration.dll

.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Code Sign

03:a3:43:19:c7:07:88:13:c1:21:d6:74:4a:ba:05:7e
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

27/12/2020, 00:00

Not After

03/01/2024, 23:59

Subject

CN=Cellebrite DI LTD,O=Cellebrite DI LTD,L=Petah Tikva,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign

KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23/12/2017, 00:00

Not After

22/03/2029, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

b7:26:0f:e9:16:64:90:f7:e9:0f:8e:98:98:24:0e:32:50:96:78:2b:a9:4f:b0:0c:56:39:2d:39:57:d8:d5:5a
Signer

Actual PE Digest

b7:26:0f:e9:16:64:90:f7:e9:0f:8e:98:98:24:0e:32:50:96:78:2b:a9:4f:b0:0c:56:39:2d:39:57:d8:d5:5a

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

IMAGE_DLLCHARACTERISTICS_NO_SEH

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_LARGE_ADDRESS_AWARE

IMAGE_FILE_DLL

PDB Paths

D:\ADOAgent\_work\711\s\Exodus.Touch\Exodus\Cellebrite.License.Configuration\obj\Release\Cellebrite.License.Configuration.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_DISCARDABLE

IMAGE_SCN_MEM_READ

Copy to UFED4PC 7.60 Installation directory (Data file)/ufed copy to location DLL/Cellebrite.License.Connector.dll

.dll windows:6 windows x86 arch:x86

905a53bc6153493440dec3a52831cb07

Code Sign

03:a3:43:19:c7:07:88:13:c1:21:d6:74:4a:ba:05:7e
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

27/12/2020, 00:00

Not After

03/01/2024, 23:59

Subject

CN=Cellebrite DI LTD,O=Cellebrite DI LTD,L=Petah Tikva,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign

KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23/12/2017, 00:00

Not After

22/03/2029, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

79:18:75:fc:74:1a:4f:3a:43:d4:81:de:8a:28:76:b7:e0:d8:d6:1c:19:30:33:4f:a9:ae:70:6f:19:4e:2b:17
Signer

Actual PE Digest

79:18:75:fc:74:1a:4f:3a:43:d4:81:de:8a:28:76:b7:e0:d8:d6:1c:19:30:33:4f:a9:ae:70:6f:19:4e:2b:17

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_32BIT_MACHINE

IMAGE_FILE_DLL

PDB Paths

D:\ADOAgent\_work\711\s\Exodus.Touch\Output\Binary\Release\Cellebrite.License.Connector.pdb

Imports

vcruntime140

__CxxDetectRethrow

__CxxQueryExceptionSize

__CxxRegisterExceptionObject

__CxxExceptionFilter

__std_exception_copy

memmove

__FrameUnwindFilter

__CxxFrameHandler3

memcpy

_except_handler4_common

memset

__std_type_info_destroy_list

_CxxThrowException

__std_exception_destroy

__CxxUnregisterExceptionObject

api-ms-win-crt-runtime-l1-1-0

_execute_onexit_table

_register_onexit_function

_initialize_onexit_table

_initialize_narrow_environment

_cexit

_crt_atexit

_initterm_e

_initterm

_errno

_invalid_parameter_noinfo

_invalid_parameter_noinfo_noreturn

abort

_seh_filter_dll

terminate

_crt_at_quick_exit

_configure_narrow_argv

api-ms-win-crt-heap-l1-1-0

free

_callnewh

malloc

kernel32

FileTimeToSystemTime

Sleep

TerminateProcess

GetCurrentProcess

GetModuleHandleW

IsProcessorFeaturePresent

GetStartupInfoW

SetUnhandledExceptionFilter

UnhandledExceptionFilter

IsDebuggerPresent

InitializeSListHead

DisableThreadLibraryCalls

SystemTimeToFileTime

QueryPerformanceCounter

GetCurrentProcessId

GetCurrentThreadId

GetSystemTimeAsFileTime

GetLocalTime

databaseengine

?GetSerial@CDeviceIdReaderHelper@@SA?AV?$vector@EV?$allocator@E@std@@@std@@W4EHardwareType@@W4ELicenseSource@@@Z

?GetSerialAsString@CDeviceIdReaderHelper@@SA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@W4EHardwareType@@W4ELicenseSource@@@Z

?GetPcSerialString@CDeviceIdReaderHelper@@SA?BV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ

?GetInvalidLicense@CLicenseInfoHelper@@SAPBVILicenseInfoNative@@XZ

?GetSerialAsString@CDeviceIdReaderHelper@@SA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@ABV?$vector@EV?$allocator@E@std@@@3@W4EHardwareType@@W4ELicenseSource@@@Z

?Parse@CLicenseInfoHelper@@SAPBVILicenseInfoNative@@PBEAAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z

?GetNotInitializeLicense@CLicenseInfoHelper@@SAPBVILicenseInfoNative@@PBE@Z

?ResetPcSerial@CDeviceIdReaderHelper@@SAXXZ

user32

wsprintfW

msvcp140

?__ExceptionPtrCopy@@YAXPAXPBX@Z

?_Xlength_error@std@@YAXPBD@Z

?__ExceptionPtrDestroy@@YAXPAX@Z

api-ms-win-crt-time-l1-1-0

_gmtime32_s

api-ms-win-crt-math-l1-1-0

floor

mscoree

_CorDllMain

Sections

.text
Size: 31KB - Virtual size: 31KB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

.rdata
Size: 97KB - Virtual size: 97KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_DISCARDABLE

IMAGE_SCN_MEM_READ

Copy to UFED4PC 7.60 Installation directory (Data file)/ufed copy to location DLL/Cellebrite.License.Core.dll

.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Code Sign

03:a3:43:19:c7:07:88:13:c1:21:d6:74:4a:ba:05:7e
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

27/12/2020, 00:00

Not After

03/01/2024, 23:59

Subject

CN=Cellebrite DI LTD,O=Cellebrite DI LTD,L=Petah Tikva,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign

KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23/12/2017, 00:00

Not After

22/03/2029, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

a0:04:f6:0a:67:03:97:83:de:b7:19:5a:88:ba:02:f7:b9:cc:56:60:92:9d:d3:03:4c:e6:96:c3:2c:15:99:5e
Signer

Actual PE Digest

a0:04:f6:0a:67:03:97:83:de:b7:19:5a:88:ba:02:f7:b9:cc:56:60:92:9d:d3:03:4c:e6:96:c3:2c:15:99:5e

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

IMAGE_DLLCHARACTERISTICS_NO_SEH

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_LARGE_ADDRESS_AWARE

IMAGE_FILE_DLL

PDB Paths

D:\ADOAgent\_work\711\s\Exodus.Touch\Exodus\Cellebrite.License.Core\obj\Release\Cellebrite.License.Core.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 104KB - Virtual size: 103KB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_DISCARDABLE

IMAGE_SCN_MEM_READ

Copy to UFED4PC 7.60 Installation directory (Data file)/ufed copy to location DLL/Cellebrite.License.SafeNet.dll

.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Code Sign

03:a3:43:19:c7:07:88:13:c1:21:d6:74:4a:ba:05:7e
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

27/12/2020, 00:00

Not After

03/01/2024, 23:59

Subject

CN=Cellebrite DI LTD,O=Cellebrite DI LTD,L=Petah Tikva,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign

KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23/12/2017, 00:00

Not After

22/03/2029, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

3c:39:46:4d:f3:67:ad:f1:33:2f:5c:ab:9c:bb:e8:39:48:99:f7:9c:97:4f:ae:05:2f:ae:00:14:b5:f9:02:0e
Signer

Actual PE Digest

3c:39:46:4d:f3:67:ad:f1:33:2f:5c:ab:9c:bb:e8:39:48:99:f7:9c:97:4f:ae:05:2f:ae:00:14:b5:f9:02:0e

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

IMAGE_DLLCHARACTERISTICS_NO_SEH

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_LARGE_ADDRESS_AWARE

IMAGE_FILE_DLL

PDB Paths

D:\ADOAgent\_work\711\s\Exodus.Touch\Exodus\Cellebrite.License.SafeNet\obj\Release\Cellebrite.License.SafeNet.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_DISCARDABLE

IMAGE_SCN_MEM_READ

Copy to UFED4PC 7.60 Installation directory (Data file)/ufed copy to location DLL/Common.dll

.dll windows:6 windows x86 arch:x86

Code Sign

03:a3:43:19:c7:07:88:13:c1:21:d6:74:4a:ba:05:7e
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

27/12/2020, 00:00

Not After

03/01/2024, 23:59

Subject

CN=Cellebrite DI LTD,O=Cellebrite DI LTD,L=Petah Tikva,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign

KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23/12/2017, 00:00

Not After

22/03/2029, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

1a:28:28:37:90:ca:cc:be:d2:d0:7e:f9:61:bc:db:46:19:02:ec:67:93:8f:e4:c7:ba:ca:1b:be:4a:fe:77:1a
Signer

Actual PE Digest

1a:28:28:37:90:ca:cc:be:d2:d0:7e:f9:61:bc:db:46:19:02:ec:67:93:8f:e4:c7:ba:ca:1b:be:4a:fe:77:1a

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_32BIT_MACHINE

IMAGE_FILE_DLL

Exports

??0?$CHashInfo@$00$0BA@UMD5state_st@@@@QAE@ABV0@@Z

??0?$CHashInfo@$00$0BA@UMD5state_st@@@@QAE@XZ

??0?$CHashInfo@$01$0CA@USHA256state_st@@@@QAE@ABV0@@Z

??0?$CHashInfo@$01$0CA@USHA256state_st@@@@QAE@XZ

??0?$IHashUpdater_Template@VIHashProvider@@@@QAE@ABV0@@Z

??0?$IHashUpdater_Template@VIHashProvider@@@@QAE@XZ

??0AppUploaderBaseCommon@@QAE@AAVCDBUtil@@PBG1@Z

??0AppUploaderBaseCommon@@QAE@ABV0@@Z

??0AutoDelete16@@QAE@ABV0@@Z

??0AutoDelete16@@QAE@PAG@Z

??0AutoDelete8@@QAE@ABV0@@Z

??0AutoDelete8@@QAE@PAE@Z

??0CAsciiField@@QAE@ABV0@@Z

??0CAsciiField@@QAE@PBD0_N1@Z

??0CAsciiField@@QAE@XZ

??0CAtCommandsAccess@@QAE@ABV0@@Z

??0CAtCommandsAccess@@QAE@XZ

??0CBase64EncDec@@QAE@ABV0@@Z

??0CBase64EncDec@@QAE@XZ

??0CBuffData@@QAE@$$QAV0@@Z

??0CBuffData@@QAE@ABV0@@Z

??0CBuffData@@QAE@PBEIV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@@Z

??0CConditionVariable@@QAE@XZ

??0CCrypto@@QAE@$$QAV0@@Z

??0CCrypto@@QAE@ABV0@@Z

??0CCrypto@@QAE@PBEK@Z

??0CCryptoStub@@QAE@$$QAV0@@Z

??0CCryptoStub@@QAE@ABV0@@Z

??0CCryptoStub@@QAE@XZ

??0CDBUtil@@QAE@ABV0@@Z

??0CDBUtil@@QAE@PAUIDataProvider@@PAVCModuleInfo@@@Z

??0CDBUtil@@QAE@XZ

??0CDynamicHashStorage@@QAE@ABV0@@Z

??0CDynamicHashStorage@@QAE@I@Z

??0CFileData@@QAE@ABV0@@Z

??0CFileData@@QAE@ABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@@Z

??0CFileWrite@@QAE@ABV0@@Z

??0CFileWrite@@QAE@PBG0I@Z

??0CFileWrite@@QAE@PBGI@Z

??0CGSM_Util@@QAE@ABV0@@Z

??0CGSM_Util@@QAE@XZ

??0CGSM_Util_Status@@QAE@PAVCTransferIndicator@@@Z

??0CGSM_Util_Status@@QAE@XZ

??0CGptDetector@@QAE@$$QAV0@@Z

??0CGptDetector@@QAE@ABV0@@Z

??0CGptDetector@@QAE@PAVIGptFetcher@@_N1@Z

??0CGptResultPack@@QAE@$$QAV0@@Z

??0CGptResultPack@@QAE@ABV0@@Z

??0CGptResultPack@@QAE@XZ

??0CHashInfoBase@@QAE@$$QAV0@@Z

??0CHashInfoBase@@QAE@ABV0@@Z

??0CHashInfoBase@@QAE@XZ

??0CHashInfoMD5@@QAE@$$QAV0@@Z

??0CHashInfoMD5@@QAE@ABV0@@Z

??0CHashInfoMD5@@QAE@XZ

??0CHashInfoSHA256@@QAE@$$QAV0@@Z

??0CHashInfoSHA256@@QAE@ABV0@@Z

??0CHashInfoSHA256@@QAE@XZ

??0CIObex@@QAE@XZ

??0CInterModuleService@@AAE@XZ

??0CLgCDMAAccess@@QAE@ABV0@@Z

??0CLgCDMAAccess@@QAE@H@Z

??0CLgCDMAAccess@@QAE@W4eLinkConfig@0@H@Z

??0CModuleInfo@@QAE@ABV0@@Z

??0CModuleInfo@@QAE@XZ

??0CObexSvrUtil@@QAE@ABV0@@Z

??0CObexSvrUtil@@QAE@XZ

??0CObexUtil@@QAE@ABV0@@Z

??0CObexUtil@@QAE@XZ

??0COsComparison@@QAE@ABV0@@Z

??0COsComparison@@QAE@XZ

??0COsDependValue@@QAE@$$QAV0@@Z

??0COsDependValue@@QAE@ABV0@@Z

??0COsDependValue@@QAE@XZ

??0CPartitonEntry@@QAE@XZ

??0CPathSetter@@QAE@ABV0@@Z

??0CPathSetter@@QAE@ABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@@Z

??0CPhoneInfo@@QAE@ABV0@@Z

??0CPhoneInfo@@QAE@XZ

??0CProgramPaths@@AAE@XZ

??0CQCPFileSystem@@QAE@AAVIQCPFramer@@@Z

??0CQCPFileSystem@@QAE@ABV0@@Z

??0CQPSTFileSystem@@QAE@AAVIQCPFramer@@@Z

??0CQPSTFileSystem@@QAE@ABV0@@Z

??0CQdmssDlProtocol@@QAE@ABV0@@Z

??0CQdmssDlProtocol@@QAE@PAVCLgCDMAAccess@@PAVCTransferIndicator@@@Z

??0CQualcommDlProtocol@@QAE@ABV0@@Z

??0CQualcommDlProtocol@@QAE@PAVCLgCDMAAccess@@PAVCTransferIndicator@@I@Z

??0CRamLogger@@QAE@ABV0@@Z

??0CRamLogger@@QAE@I@Z

??0CRestartWait@@QAE@PAVCModuleInfo@@PAUIUserInteraction@@@Z

??0CSIMField@@QAE@_N@Z

??0CSimpleFtp@@QAE@AAUIBaseLink@@@Z

??0CSimpleFtp@@QAE@AAUIBaseLink@@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@1@Z

??0CStringArg@@QAE@ABV0@@Z

??0CStringArg@@QAE@ABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@@Z

??0CStringArg@@QAE@PBG@Z

??0CStringArg@@QAE@XZ

??0CTargetHttpResponseManager@@QAE@$$QAV0@@Z

??0CTargetHttpResponseManager@@QAE@ABV0@@Z

??0CTargetHttpResponseManager@@QAE@PAUIDumperTargetCallback@@V?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@@Z

??0CTimeout@@QAE@I@Z

??0CTimestampUtil@@QAE@W4eEpoch@0@W4eTimeUnit@0@@Z

??0CTransferIndicator@@QAE@PAUIUserInteraction@@W4EDialogGroupId@@_N@Z

??0CTransferIndicator@@QAE@_N@Z

??0CUnicodeField@@QAE@PBD0_N1@Z

??0CUnicodeField@@QAE@XZ

??0CVcardUtil@@QAE@ABV0@@Z

??0CVcardUtil@@QAE@XZ

??0CVersion@@QAE@HHHH@Z

??0CVersion@@QAE@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z

??0CWindowSuppressor@@QAE@ABV0@@Z

??0CWindowSuppressor@@QAE@XZ

??0CableTypeInfo@@QAE@$$QAV0@@Z

??0CableTypeInfo@@QAE@ABV0@@Z

??0CableTypeInfo@@QAE@ABVCDBUtil@@PAVCModuleInfo@@@Z

??0CryptoException@@QAE@$$QAV0@@Z

??0CryptoException@@QAE@ABV0@@Z

??0CryptoException@@QAE@PBD@Z

??0CsvFile@@QAE@ABV0@@Z

??0CsvFile@@QAE@ABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@@Z

??0CsvFile@@QAE@PBEI@Z

??0ExtendedDLLParams@@QAE@$$QAU0@@Z

??0ExtendedDLLParams@@QAE@ABU0@@Z

??0ExtendedDLLParams@@QAE@PAUIDataProvider@@W4ModuleClassEnum@@PBG@Z

??0ExtendedDLLParams@@QAE@XZ

??0ExtendedProvisionDLLParams@@QAE@$$QAU0@@Z

??0ExtendedProvisionDLLParams@@QAE@ABU0@@Z

??0ExtendedProvisionDLLParams@@QAE@PAUIDataProvider@@PBG@Z

??0FileHelper@@QAE@ABV0@@Z

??0FileHelper@@QAE@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@W4Mode@0@@Z

??0FileHelper@@QAE@ABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@W4Mode@0@@Z

??0FileReadCallbacks@@QAE@$$QAU0@@Z

??0FileReadCallbacks@@QAE@ABU0@@Z

??0FileReadCallbacks@@QAE@XZ

??0HttpRequest@@QAE@$$QAU0@@Z

??0HttpRequest@@QAE@ABU0@@Z

??0HttpRequest@@QAE@PBD@Z

??0IDBUtil@@QAE@ABV0@@Z

??0IDBUtil@@QAE@XZ

??0IData@@QAE@ABV0@@Z

??0IData@@QAE@XZ

??0IGptFetcher@@QAE@$$QAV0@@Z

??0IGptFetcher@@QAE@ABV0@@Z

??0IGptFetcher@@QAE@XZ

??0IResponseStorageManager@@QAE@ABV0@@Z

??0IResponseStorageManager@@QAE@I@Z

??0KeyList@@QAE@ABV0@@Z

??0KeyList@@QAE@W4VirtualKey@@VCStringArg@@0101@Z

??0KeyList@@QAE@XZ

??1?$CHashInfo@$00$0BA@UMD5state_st@@@@UAE@XZ

??1?$CHashInfo@$01$0CA@USHA256state_st@@@@UAE@XZ

??1?$IHashUpdater_Template@VIHashProvider@@@@UAE@XZ

??1AppUploaderBaseCommon@@UAE@XZ

??1AutoDelete16@@UAE@XZ

??1AutoDelete8@@UAE@XZ

??1CAsciiField@@UAE@XZ

??1CAtCommandsAccess@@UAE@XZ

??1CBase64EncDec@@UAE@XZ

??1CBuffData@@UAE@XZ

??1CConditionVariable@@UAE@XZ

??1CCrypto@@UAE@XZ

??1CCryptoStub@@UAE@XZ

??1CDBUtil@@UAE@XZ

??1CDynamicHashStorage@@UAE@XZ

??1CFileData@@UAE@XZ

??1CFileWrite@@UAE@XZ

??1CGSM_Util@@QAE@XZ

??1CGSM_Util_Status@@QAE@XZ

??1CGptDetector@@QAE@XZ

??1CGptResultPack@@QAE@XZ

??1CHashInfoBase@@UAE@XZ

??1CHashInfoMD5@@UAE@XZ

??1CHashInfoSHA256@@UAE@XZ

??1CIObex@@UAE@XZ

??1CLgCDMAAccess@@UAE@XZ

??1CModuleInfo@@UAE@XZ

??1CObexSvrUtil@@UAE@XZ

??1CObexUtil@@UAE@XZ

??1COsComparison@@QAE@XZ

??1COsDependValue@@QAE@XZ

??1CPathSetter@@QAE@XZ

??1CPhoneInfo@@UAE@XZ

??1CQCPFileSystem@@UAE@XZ

??1CQPSTFileSystem@@UAE@XZ

??1CQdmssDlProtocol@@UAE@XZ

??1CQualcommDlProtocol@@UAE@XZ

??1CRamLogger@@UAE@XZ

??1CRestartWait@@QAE@XZ

??1CSIMField@@QAE@XZ

??1CSimpleFtp@@QAE@XZ

??1CStringArg@@UAE@XZ

??1CTargetHttpResponseManager@@UAE@XZ

??1CTransferIndicator@@UAE@XZ

??1CUnicodeField@@QAE@XZ

??1CVcardUtil@@UAE@XZ

??1CWindowSuppressor@@QAE@XZ

??1CableTypeInfo@@QAE@XZ

??1CryptoException@@UAE@XZ

??1CsvFile@@UAE@XZ

??1ExtendedDLLParams@@QAE@XZ

??1ExtendedProvisionDLLParams@@QAE@XZ

??1FileHelper@@UAE@XZ

??1HttpRequest@@QAE@XZ

??1IDBUtil@@UAE@XZ

??1IData@@UAE@XZ

??1IResponseStorageManager@@UAE@XZ

??1KeyList@@UAE@XZ

??2?$CHashInfo@$00$0BA@UMD5state_st@@@@SAPAXIPAX@Z

??2?$CHashInfo@$01$0CA@USHA256state_st@@@@SAPAXIPAX@Z

??3?$CHashInfo@$00$0BA@UMD5state_st@@@@SAXPAX0@Z

??3?$CHashInfo@$00$0BA@UMD5state_st@@@@SAXPAX@Z

??3?$CHashInfo@$01$0CA@USHA256state_st@@@@SAXPAX0@Z

??3?$CHashInfo@$01$0CA@USHA256state_st@@@@SAXPAX@Z

??4?$CHashInfo@$00$0BA@UMD5state_st@@@@QAEAAV0@ABV0@@Z

??4?$CHashInfo@$01$0CA@USHA256state_st@@@@QAEAAV0@ABV0@@Z

??4?$IHashUpdater_Template@VIHashProvider@@@@QAEAAV0@ABV0@@Z

??4AppUploaderBaseCommon@@QAEAAV0@ABV0@@Z

??4AutoDelete16@@QAEAAV0@ABV0@@Z

??4AutoDelete8@@QAEAAV0@ABV0@@Z

??4CAsciiField@@QAEAAV0@ABV0@@Z

??4CAtCommandsAccess@@QAEAAV0@ABV0@@Z

??4CBase64EncDec@@QAEAAV0@ABV0@@Z

??4CBuffData@@QAEAAV0@$$QAV0@@Z

??4CBuffData@@QAEAAV0@ABV0@@Z

??4CCalculateHashes@@QAEAAV0@$$QAV0@@Z

??4CCalculateHashes@@QAEAAV0@ABV0@@Z

??4CCommon@@QAEAAV0@$$QAV0@@Z

??4CCommon@@QAEAAV0@ABV0@@Z

??4CCrypto@@QAEAAV0@$$QAV0@@Z

??4CCrypto@@QAEAAV0@ABV0@@Z

??4CCryptoStub@@QAEAAV0@$$QAV0@@Z

??4CCryptoStub@@QAEAAV0@ABV0@@Z

??4CDBUtil@@QAEAAV0@ABV0@@Z

??4CDynamicHashStorage@@QAEAAV0@ABV0@@Z

??4CFileData@@QAEAAV0@ABV0@@Z

??4CFileRights@@QAEAAV0@$$QAV0@@Z

??4CFileRights@@QAEAAV0@ABV0@@Z

??4CFileWrite@@QAEAAV0@ABV0@@Z

??4CGSM_Util@@QAEAAV0@ABV0@@Z

??4CGSM_Util_Status@@QAEAAV0@ABV0@@Z

??4CGptDetector@@QAEAAV0@$$QAV0@@Z

??4CGptDetector@@QAEAAV0@ABV0@@Z

??4CGptResultPack@@QAEAAV0@$$QAV0@@Z

??4CGptResultPack@@QAEAAV0@ABV0@@Z

??4CHashInfoBase@@QAEAAV0@$$QAV0@@Z

??4CHashInfoBase@@QAEAAV0@ABV0@@Z

??4CHashInfoMD5@@QAEAAV0@$$QAV0@@Z

??4CHashInfoMD5@@QAEAAV0@ABV0@@Z

??4CHashInfoSHA256@@QAEAAV0@$$QAV0@@Z

??4CHashInfoSHA256@@QAEAAV0@ABV0@@Z

??4CInterModuleService@@QAEAAV0@$$QAV0@@Z

??4CInterModuleService@@QAEAAV0@ABV0@@Z

??4CLgCDMAAccess@@QAEAAV0@ABV0@@Z

??4CModuleInfo@@QAEAAV0@ABV0@@Z

??4CObexSvrUtil@@QAEAAV0@ABV0@@Z

??4CObexUtil@@QAEAAV0@ABV0@@Z

??4COsComparison@@QAEAAV0@ABV0@@Z

??4COsDependValue@@QAEAAV0@$$QAV0@@Z

??4COsDependValue@@QAEAAV0@ABV0@@Z

??4CPartitonEntry@@QAEAAV0@$$QAV0@@Z

??4CPartitonEntry@@QAEAAV0@ABV0@@Z

??4CPathSetter@@QAEAAV0@ABV0@@Z

??4CPhoneInfo@@QAEAAV0@ABV0@@Z

??4CProgramPaths@@QAEAAV0@$$QAV0@@Z

??4CProgramPaths@@QAEAAV0@ABV0@@Z

??4CQCPFileSystem@@QAEAAV0@ABV0@@Z

??4CQPSTFileSystem@@QAEAAV0@ABV0@@Z

??4CQdmssDlProtocol@@QAEAAV0@ABV0@@Z

??4CQualcommDlProtocol@@QAEAAV0@ABV0@@Z

??4CRamLogger@@QAEAAV0@ABV0@@Z

??4CRestartWait@@QAEXABV0@@Z

??4CSIMField@@QAEAAV0@ABV0@@Z

??4CStringArg@@QAEAAV0@ABV0@@Z

??4CTargetHttpResponseManager@@QAEAAV0@$$QAV0@@Z

??4CTargetHttpResponseManager@@QAEAAV0@ABV0@@Z

??4CTimeout@@QAEAAV0@$$QAV0@@Z

??4CTimeout@@QAEAAV0@ABV0@@Z

??4CTimestampUtil@@QAEAAV0@$$QAV0@@Z

??4CTimestampUtil@@QAEAAV0@ABV0@@Z

??4CUnicodeField@@QAEAAV0@ABV0@@Z

??4CVcardUtil@@QAEAAV0@ABV0@@Z

??4CVersion@@QAEAAV0@$$QAV0@@Z

??4CVersion@@QAEAAV0@ABV0@@Z

??4CWindowSuppressor@@QAEAAV0@ABV0@@Z

??4CableTypeInfo@@QAEAAV0@$$QAV0@@Z

??4CableTypeInfo@@QAEAAV0@ABV0@@Z

??4CryptoException@@QAEAAV0@$$QAV0@@Z

??4CryptoException@@QAEAAV0@ABV0@@Z

??4CsvFile@@QAEAAV0@ABV0@@Z

??4ExtendedDLLParams@@QAEAAU0@$$QAU0@@Z

??4ExtendedDLLParams@@QAEAAU0@ABU0@@Z

??4ExtendedProvisionDLLParams@@QAEAAU0@$$QAU0@@Z

??4ExtendedProvisionDLLParams@@QAEAAU0@ABU0@@Z

??4FileHelper@@QAEAAV0@ABV0@@Z

??4FileReadCallbacks@@QAEAAU0@$$QAU0@@Z

??4FileReadCallbacks@@QAEAAU0@ABU0@@Z

??4HttpRequest@@QAEAAU0@$$QAU0@@Z

??4HttpRequest@@QAEAAU0@ABU0@@Z

??4IDBUtil@@QAEAAV0@ABV0@@Z

??4IData@@QAEAAV0@ABV0@@Z

??4IGptFetcher@@QAEAAV0@$$QAV0@@Z

??4IGptFetcher@@QAEAAV0@ABV0@@Z

??4IResponseStorageManager@@QAEAAV0@ABV0@@Z

??4KeyList@@QAEAAV0@ABV0@@Z

??4Timeutils@@QAEAAU0@$$QAU0@@Z

??4Timeutils@@QAEAAU0@ABU0@@Z

??5CsvFile@@QAEAAV0@AAG@Z

??5CsvFile@@QAEAAV0@AAK@Z

??5CsvFile@@QAEAAV0@AAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z

??5CsvFile@@QAEAAV0@AAV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@@Z

??8CPhoneInfo@@QAE_NABV0@@Z

??8CStringArg@@QAEHABV0@@Z

??8CVersion@@QAE_NABV0@@Z

??9CStringArg@@QAEHABV0@@Z

??9CVersion@@QAE_NABV0@@Z

??ACPhoneInfo@@QAEAAGW4eWordParams@0@@Z

??ACPhoneInfo@@QAEAAHW4eInt32Params@0@@Z

??ACPhoneInfo@@QAEAAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@W4eStrParams@0@@Z

??ACPhoneInfo@@QAEAAV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@W4eWStrParams@0@@Z

??BCTransferIndicator@@QAEPAUIUserInteraction@@XZ

??CCTransferIndicator@@QAEPAUIUserInteraction@@XZ

??MCVersion@@QAE_NABV0@@Z

??NCVersion@@QAE_NABV0@@Z

??OCVersion@@QAE_NABV0@@Z

??PCVersion@@QAE_NABV0@@Z

??_7?$CHashInfo@$00$0BA@UMD5state_st@@@@6B@

??_7?$CHashInfo@$01$0CA@USHA256state_st@@@@6B@

??_7?$IHashUpdater_Template@VIHashProvider@@@@6B@

??_7AppUploaderBaseCommon@@6B@

??_7AutoDelete16@@6B@

??_7AutoDelete8@@6B@

??_7CAsciiField@@6B@

??_7CAtCommandsAccess@@6B@

??_7CBase64EncDec@@6B@

??_7CBuffData@@6B@

??_7CConditionVariable@@6B@

??_7CCrypto@@6B@

??_7CCryptoStub@@6B@

??_7CDBUtil@@6B@

??_7CDynamicHashStorage@@6B@

??_7CFileData@@6B@

??_7CFileWrite@@6B@

??_7CGSM_Util@@6B@

??_7CHashInfoBase@@6B@

??_7CHashInfoMD5@@6B@

??_7CHashInfoSHA256@@6B@

??_7CIObex@@6B@

??_7CLgCDMAAccess@@6B@

??_7CModuleInfo@@6B@

??_7CObexSvrUtil@@6B@

??_7CObexUtil@@6B@

??_7CPhoneInfo@@6B@

??_7CQCPFileSystem@@6B@

??_7CQPSTFileSystem@@6B@

??_7CQdmssDlProtocol@@6B@

??_7CQualcommDlProtocol@@6B@

??_7CRamLogger@@6B@

??_7CStringArg@@6B@

??_7CTargetHttpResponseManager@@6B@

??_7CTransferIndicator@@6B@

??_7CVcardUtil@@6B@

??_7CryptoException@@6B@

??_7CsvFile@@6B@

??_7FileHelper@@6B@

??_7FileReadCallbacks@@6B@

??_7IDBUtil@@6B@

??_7IData@@6B@

??_7IGptFetcher@@6B@

??_7IResponseStorageManager@@6B@

??_7KeyList@@6B@

??_FCGptDetector@@QAEXXZ

??_FCLgCDMAAccess@@QAEXXZ

??_FCRamLogger@@QAEXXZ

??_FCSIMField@@QAEXXZ

??_FCTransferIndicator@@QAEXXZ

??_FCVersion@@QAEXXZ

??_FHttpRequest@@QAEXXZ

??_FIResponseStorageManager@@QAEXXZ

?Aborted@CAtCommandsAccess@@QAE_NXZ

?AddDays@Timeutils@@SA?AW4ErrorCode@@AAUtm@@H@Z

?AddField@CVcardUtil@@IAEXPAUIPhoneEntry@@W4eFieldType@IPhoneField@@PBGABUFieldLabel@@@Z

?AddHeader@HttpRequest@@QAEXPBD0@Z

?AddHeader@HttpRequest@@QAEXPBDK@Z

?AddHours@Timeutils@@SA?AW4ErrorCode@@AAUtm@@H@Z

?AddKey@KeyList@@QAEXW4VirtualKey@@VCStringArg@@@Z

?AddMinutes@Timeutils@@SA?AW4ErrorCode@@AAUtm@@H@Z

?AddPermissionsToEveryone@CFileRights@@SAKPBG@Z

?AddProfile@CWindowSuppressor@@QAEXW4eWindowManagementProfile@@PAUIUserInteraction@@@Z

?AddQALogger@@YAXXZ

?AddRule@COsComparison@@AAE_NW4_eRule@1@PBGI@Z

?AddRules@COsComparison@@AAE_NPBG@Z

?AddSeconds@Timeutils@@SA?AW4ErrorCode@@AAUtm@@H@Z

?AddWeeks@Timeutils@@SA?AW4ErrorCode@@AAUtm@@H@Z

?AddWholeMonths@Timeutils@@SA?AW4ErrorCode@@AAUtm@@H@Z

?AddWholeYears@Timeutils@@SA?AW4ErrorCode@@AAUtm@@H@Z

?AddWindowToClose@CWindowSuppressor@@AAEXAAV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@0@Z

?AddWindowToClose@CWindowSuppressor@@AAEXAAV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@0I@Z

?AddWindowToClose@CWindowSuppressor@@AAEXAAV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@0IIJ@Z

?AddWindowToClose@CWindowSuppressor@@AAEXAAV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@@Z

?AddWindowToClose@CWindowSuppressor@@AAEXPAUIUserInteraction@@AAV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@V34@@Z

?AddWindowToClose@CWindowSuppressor@@AAEXPAUIUserInteraction@@V?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@1@Z

?AddWindowToClose@CWindowSuppressor@@AAEXPAUIUserInteraction@@V?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@1I@Z

?AddWindowToClose@CWindowSuppressor@@AAEXPAUIUserInteraction@@V?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@1IIJ@Z

?AddWindowToClose@CWindowSuppressor@@AAEXPAUIUserInteraction@@V?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@@Z

?AdjustSystemTime@@YAXPAU_SYSTEMTIME@@_J1@Z

?AllowErrorBlocks@CGSM_Util@@QAEX_N@Z

?AllowSetDefaultCharset@CGSM_Util@@QAEX_N@Z

?AnalyzeEntry@@YA?AW4ErrorCode@@PAUIPhoneEntry@@PBDPADW4CharSet@@_NPBW4eFieldType@IPhoneField@@DDI@Z

?AnalyzeVCard@@YA?AW4ErrorCode@@PAUIPhoneEntry@@PBDW4VCardParserMode@@@Z

?AppendIPhonePath@CPathSetter@@QAE_NXZ

?AppendPath@CPathSetter@@QAE_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@_N@Z

?AsString@CVersion@@ABE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@H@Z

?AsciiToHex@@YA?BIPAEIPADI@Z

?AsyncOpHide@CTransferIndicator@@QAEXXZ

?AsyncOperation@CGSM_Util_Status@@QAEXVCStringArg@@0@Z

?AsyncOperation@CTransferIndicator@@QAE_NVCStringArg@@0@Z

?AsyncOperationUserPending@CTransferIndicator@@QAE_NVCStringArg@@0@Z

?AsyncUserPendingOpHide@CTransferIndicator@@QAEXXZ

?Base64Chars@CBase64EncDec@@1QBDB

?Base64SizeFromDataSize@CBase64EncDec@@QAEII@Z

?Base64toUnicode@@YAIPAGIPBEH@Z

?BlankVirtualMethodClangWorkaround@CryptoException@@EAEXXZ

?BlockBytes@CCrypto@@UAEKXZ

?BlockBytes@CCryptoStub@@UAEKXZ

?BruteForceHide@CTransferIndicator@@QAEXXZ

?BruteForceNewTransfer@CTransferIndicator@@QAE_N_K@Z

?BruteForceSetAttempt@CTransferIndicator@@QAE_N_K@Z

?BruteForceSetLastAttempted@CTransferIndicator@@QAE_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@@Z

?BruteForceSetRate@CTransferIndicator@@QAE_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@@Z

?BruteForceSetTimeRemain@CTransferIndicator@@QAE_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@@Z

?BruteForceShow@CTransferIndicator@@QAEXXZ

?BuildGetPacket@CObexUtil@@MAEHPAEPBGPBD12HH@Z

?BuildRequest@HttpRequest@@AAEIPADIAAW4eMode@1@@Z

?ByteCount@?$CHashInfo@$00$0BA@UMD5state_st@@@@UBEIXZ

?ByteCount@?$CHashInfo@$01$0CA@USHA256state_st@@@@UBEIXZ

?ByteStreamToUni@@YAHPAGIPAEH@Z

?CalcFileMD5Hash@@YA_NPAGIPBG@Z

?CalcHash@CDynamicHashStorage@@UAE_NPBEI_N1@Z

?CalcHash@CHashInfoBase@@UAE_NPBEI_N1@Z

?CalcMD5Hash@@YAXPAGIPBEI@Z

?CalcTimeDifference@@YA_JPBU_SYSTEMTIME@@0_J@Z

?CalcWeirdZteChecksum@CQualcommDlProtocol@@EAEIPBEI@Z

?CalculateCRC@CLgCDMAAccess@@MAEGPBEH@Z

?CalculateLimit_CodingUTF8@@YAIPBGI@Z

?CalculateMD5@CCalculateHashes@@SA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@PAEI@Z

?CalculateSHA256@CCalculateHashes@@SA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@PAEI@Z

?CancelableSleep@@YA_NV?$duration@_JU?$ratio@$00$0DOI@@std@@@chrono@std@@V?$function@$$A6A_NXZ@3@0@Z

?CheckReply@CAtCommandsAccess@@QAEHPAEPAPAE@Z

?CleanPath@CPathSetter@@QAE_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@@Z

?Clear@COsComparison@@AAEXXZ

?Clear@CPhoneInfo@@QAEXXZ

?Clear@HttpRequest@@QAEXXZ

?ClearSubAddrTypes@CVcardUtil@@QAEXXZ

?ClearValue@CModuleInfo@@QAE_NPBG@Z

?ClearWhoHeader@CIObex@@QAEXXZ

?Close@CFileWrite@@QAE_NXZ

?CloseFile@CQCPFileSystem@@UAE_NXZ

?CloseFile@CQPSTFileSystem@@UAE_NXZ

?CloseQpstDir@CQPSTFileSystem@@IAE_NXZ

?CloseQpstFile@CQPSTFileSystem@@IAE_NXZ

?Compare@COsComparison@@QAE?AW4ErrorCode@@PAUIPhone@@PBGW4EMemoryContentMask@@@Z

?Compare@COsComparison@@QAE?AW4ErrorCode@@PAUIPhone@@PBGW4_physical_types@1@PAVCModuleInfo@@@Z

?Compare@COsComparison@@QAE?AW4ErrorCode@@PBG0@Z

?Compare@CVersion@@QAEHABV1@@Z

?CompareVersion@CVersion@@AAEHABV1@@Z

?Connect@CIObex@@UAEEPBE@Z

?Connect@CObexUtil@@UAE_NPAUIBaseLink@@PBE@Z

?Connected@CObexUtil@@QAE_NXZ

?ConvertBase64toUnicode@@YAIPAGIPBEH@Z

?ConvertEucToSjis@@YAHPAEH@Z

?ConvertFromUnicode@@YAHPADIW4CharSet@@PBG@Z

?ConvertJisToSjis@@YAHPAEH@Z

?ConvertSjisToUnicode@@YA_NPAGIPAEW4CharSet@@H@Z

?ConvertToUnicode@@YA_NPAGIPBEW4CharSet@@HPAI@Z

?ConvertUnicodeToSjis@@YA_NPAEIPAGI@Z

?ConvertUnicodeToSjisHalf@@YA_NPAEIPAGI@Z

?ConvertUnicodeToWin1251@CCommon@@SAXPAEIPBG@Z

?ConvertWin1251ToUnicode@CCommon@@SAXPAGIPBE@Z

?Create@CVcardUtil@@QAEHPADHPAUIPhoneEntry@@H@Z

?CreateContext@?$CHashInfo@$00$0BA@UMD5state_st@@@@MAEPAEXZ

?CreateContext@?$CHashInfo@$01$0CA@USHA256state_st@@@@MAEPAEXZ

?CreateDir@CQCPFileSystem@@UAE_NPBG@Z

?CreateDir@CQPSTFileSystem@@UAE_NPBG@Z

?CreateExtAdd@CVcardUtil@@IAE_NPAUIPhoneField@@PAGI_N@Z

?CreateLogger@@YAXPBG@Z

?CreateTimestamp@CTimestampUtil@@QAEX_KAAUSMS_struct_tag@@@Z

?CreateTimestamp@CTimestampUtil@@QAEX_KAAU_SYSTEMTIME@@@Z

?CreateTimestamp@CTimestampUtil@@QAEX_KAAUtm@@@Z

?DataSizeFromBase64Size@CBase64EncDec@@QAEII@Z

?DateInDwordIniFormat2System@@YAXKAAU_SYSTEMTIME@@@Z

?DebugFileName@@YAPBDPBD@Z

?DebugOut@CPhoneInfo@@QAEXXZ

?DebugOutput2__@@YAXPBDPAEI@Z

?DebugTime@@YAXPAG@Z

?Decode@CBase64EncDec@@QAEIAAV?$vector@EV?$allocator@E@std@@@std@@PBDI_N@Z

?Decode@CBase64EncDec@@QAEIPAEIPBEI@Z

?DecodeEx@CBase64EncDec@@QAEIPAEIPBEI@Z

?DecodeQP@@YAHPAEHPBDD@Z

?DecodeQP@@YAHPAEHPBGG@Z

Sections

Size: 183KB - Virtual size: 442KB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

Size: 77KB - Virtual size: 213KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

Size: 1KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

Size: 13KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_DISCARDABLE

IMAGE_SCN_MEM_READ

.edata
Size: 64KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.idata
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 3.7MB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.boot
Size: 2.3MB - Virtual size: 2.3MB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

.reloc
Size: 16B - Virtual size: 4KB

IMAGE_SCN_MEM_READ

Copy to UFED4PC 7.60 Installation directory (Data file)/ufed copy to location DLL/ConfigurationProtectionProvider.dll

.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Code Sign

03:a3:43:19:c7:07:88:13:c1:21:d6:74:4a:ba:05:7e
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

27/12/2020, 00:00

Not After

03/01/2024, 23:59

Subject

CN=Cellebrite DI LTD,O=Cellebrite DI LTD,L=Petah Tikva,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign

KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23/12/2017, 00:00

Not After

22/03/2029, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

3d:93:1c:16:fb:0b:bd:de:49:9f:02:54:64:ca:f7:9b:17:1a:01:58:1d:b7:ba:d8:c4:df:1b:9e:f0:1d:c2:97
Signer

Actual PE Digest

3d:93:1c:16:fb:0b:bd:de:49:9f:02:54:64:ca:f7:9b:17:1a:01:58:1d:b7:ba:d8:c4:df:1b:9e:f0:1d:c2:97

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

IMAGE_DLLCHARACTERISTICS_NO_SEH

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_32BIT_MACHINE

IMAGE_FILE_DLL

PDB Paths

D:\ADOAgent\_work\711\s\Exodus.Touch\Exodus\ConfigurationProtectionProvider\obj\x86\Release\ConfigurationProtectionProvider.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_DISCARDABLE

IMAGE_SCN_MEM_READ

Copy to UFED4PC 7.60 Installation directory (Data file)/ufed copy to location DLL/DatabaseEngine.dll

.dll windows:6 windows x86 arch:x86

Code Sign

03:a3:43:19:c7:07:88:13:c1:21:d6:74:4a:ba:05:7e
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

27/12/2020, 00:00

Not After

03/01/2024, 23:59

Subject

CN=Cellebrite DI LTD,O=Cellebrite DI LTD,L=Petah Tikva,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign

KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23/12/2017, 00:00

Not After

22/03/2029, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

ca:b3:b9:df:33:db:02:e9:80:5e:7f:5b:2c:93:37:e0:37:69:22:76:fa:74:03:6b:cc:e7:5f:cb:b7:6c:6d:7b
Signer

Actual PE Digest

ca:b3:b9:df:33:db:02:e9:80:5e:7f:5b:2c:93:37:e0:37:69:22:76:fa:74:03:6b:cc:e7:5f:cb:b7:6c:6d:7b

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_32BIT_MACHINE

IMAGE_FILE_DLL

Exports

??0CFakePhone@@QAE@ABV0@@Z

??0CFakePhone@@QAE@XZ

??0CFileRead@@QAE@ABV0@@Z

??0CFileRead@@QAE@PBGI@Z

??0CLicenseAdapter@@QAE@$$QAV0@@Z

??0CLicenseAdapter@@QAE@ABV0@@Z

??0CLicenseAdapter@@QAE@_N@Z

??0COTFImpl@@QAE@XZ

??0CPhone4ManagedContainer@@QAE@XZ

??0CPhoneEx@@QAE@ABV0@@Z

??0CPhoneEx@@QAE@PAUIPhone@@00_N@Z

??0IFileRead@@QAE@ABV0@@Z

??0IFileRead@@QAE@XZ

??1CFakePhone@@UAE@XZ

??1CFileRead@@UAE@XZ

??1CLicenseAdapter@@QAE@XZ

??1COTFImpl@@QAE@XZ

??1CPhone4ManagedContainer@@QAE@XZ

??1CPhoneEx@@UAE@XZ

??1IFileRead@@UAE@XZ

??4CDeviceIdReaderHelper@@QAEAAV0@$$QAV0@@Z

??4CDeviceIdReaderHelper@@QAEAAV0@ABV0@@Z

??4CExternalDBStaff@@QAEAAV0@$$QAV0@@Z

??4CExternalDBStaff@@QAEAAV0@ABV0@@Z

??4CFakePhone@@QAEAAV0@ABV0@@Z

??4CFileRead@@QAEAAV0@ABV0@@Z

??4CLicenseAdapter@@QAEAAV0@$$QAV0@@Z

??4CLicenseAdapter@@QAEAAV0@ABV0@@Z

??4CLicenseInfoHelper@@QAEAAV0@$$QAV0@@Z

??4CLicenseInfoHelper@@QAEAAV0@ABV0@@Z

??4COTFImpl@@QAEAAV0@ABV0@@Z

??4CPhone4ManagedContainer@@QAEAAV0@ABV0@@Z

??4CPhoneEx@@QAEAAV0@ABV0@@Z

??4CTimestampUtil@@QAEAAV0@$$QAV0@@Z

??4CTimestampUtil@@QAEAAV0@ABV0@@Z

??4IFileRead@@QAEAAV0@ABV0@@Z

??CCPhone4ManagedContainer@@QAEPAU?$ICollection@UIPhone@@@@XZ

??_7CFakePhone@@6B@

??_7CFileRead@@6B@

??_7CPhoneEx@@6B@

??_7IFileRead@@6B@

?AddOverrideValue@CPhoneEx@@QAEXABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@PBG@Z

?AddToFeaturesArray@CLicenseAdapter@@CAXDPADIPAI@Z

?Close@CFileRead@@QAEXXZ

?ConvertToEFeature@CLicenseAdapter@@AAEXW4EPhoneFeatures@@PADIPAI@Z

?CreateDefaultPhone@CPhone4ManagedContainer@@QAEPAUIPhone@@FPBG00W4eSide@@W4ETransferType@2@W4EPhoneFeatures@@@Z

?CreateExtendedPhone@@YAPAUIPhone@@PAU?$ICollection@UIPhone@@@@PAU1@_N@Z

?CreateLicenseAdapter@CExternalDBStaff@@SAX_N@Z

?CreateLicenseManager@@YAPAVILicenseManager@@_N@Z

?CreatePhone@CPhone4ManagedContainer@@QAE_NFPBG00W4eSide@@W4ETransferType@IPhone@@W4EPhoneFeatures@@PAPAU4@@Z

?CreateRawPhone@CPhone4ManagedContainer@@QAEPAUIPhone@@F@Z

?DeleteLicenseAdapter@CExternalDBStaff@@SAXXZ

?EPhoneFeaturesToString@CLicenseAdapter@@CA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@W4EPhoneFeatures@@@Z

?FillPhoneFromXML@CFakePhone@@QAE_NW4eOsType@1@@Z

?Get@CFakePhone@@UAEHPBGPAPAUIValue@@@Z

?Get@CPhoneEx@@UAEHPBGPAPAUIValue@@@Z

?GetAllDynamicVendors@CExternalDBStaff@@SA_NW4EPhoneFeatures@@AAV?$vector@PAUIPhoneFamily@@V?$allocator@PAUIPhoneFamily@@@std@@@std@@@Z

?GetAttributedElements@CFakePhone@@UAEHPBGAAV?$vector@UAttributedElement@IPhone@@V?$allocator@UAttributedElement@IPhone@@@std@@@std@@@Z

?GetAttributedElements@CPhoneEx@@UAEHPBGAAV?$vector@UAttributedElement@IPhone@@V?$allocator@UAttributedElement@IPhone@@@std@@@std@@@Z

?GetCustomer@CFakePhone@@UAEXAAV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@@Z

?GetCustomer@CPhoneEx@@UAEXAAV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@@Z

?GetDefaultPhoneByPhoneOS@@YAPAUIPhone@@PAU?$ICollection@UIPhone@@@@PAU1@@Z

?GetFamiliesList@CExternalDBStaff@@SA_NW4EPhoneFeatures@@AAV?$vector@PAUIPhoneFamily@@V?$allocator@PAUIPhoneFamily@@@std@@@std@@@Z

?GetFileSize@CFileRead@@KA_JPAU_iobuf@@@Z

?GetGUIDInfo@CFakePhone@@UAEHAAV?$vector@UGuidInfo@IPhone@@V?$allocator@UGuidInfo@IPhone@@@std@@@std@@@Z

?GetGUIDInfo@CPhoneEx@@UAEHAAV?$vector@UGuidInfo@IPhone@@V?$allocator@UGuidInfo@IPhone@@@std@@@std@@@Z

?GetImplName@CExternalDBStaff@@SAXPAUIPhone@@ABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@HAAU_implInfo@1@PAV?$map@V?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@V12@U?$less@V?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@@2@V?$allocator@U?$pair@$$CBV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@V12@@std@@@2@@4@_N@Z

?GetInvalidLicense@CLicenseInfoHelper@@SAPBVILicenseInfoNative@@XZ

?GetLicenseManager@CLicenseAdapter@@SAPAVILicenseManager@@XZ

?GetNotInitializeLicense@CLicenseInfoHelper@@SAPBVILicenseInfoNative@@PBE@Z

?GetPcSerialString@CDeviceIdReaderHelper@@SA?BV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ

?GetPhoneVersion@CFakePhone@@UAEXAAV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@@Z

?GetPhoneVersion@CPhoneEx@@UAEXAAV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@@Z

?GetProvider@CFakePhone@@UAEXAAV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@@Z

?GetProvider@CPhoneEx@@UAEXAAV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@@Z

?GetRegion@CFakePhone@@UAEXAAV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@@Z

?GetRegion@CPhoneEx@@UAEXAAV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@@Z

?GetSelectedLink@CFakePhone@@UAEKXZ

?GetSelectedLink@CPhoneEx@@UAEKXZ

?GetSerial@CDeviceIdReaderHelper@@SA?AV?$vector@EV?$allocator@E@std@@@std@@W4EHardwareType@@W4ELicenseSource@@@Z

?GetSerialAsString@CDeviceIdReaderHelper@@SA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@ABV?$vector@EV?$allocator@E@std@@@3@W4EHardwareType@@W4ELicenseSource@@@Z

?GetSerialAsString@CDeviceIdReaderHelper@@SA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@W4EHardwareType@@W4ELicenseSource@@@Z

?GetStrings@CFakePhone@@UAEHPBGAAV?$vector@V?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@V?$allocator@V?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@@2@@std@@@Z

?GetStrings@CPhoneEx@@UAEHPBGAAV?$vector@V?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@V?$allocator@V?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@@2@@std@@@Z

?GetTags@CFakePhone@@UAEXAAV?$set@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@U?$less@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@V?$allocator@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@@std@@@Z

?GetTags@CPhoneEx@@UAEXAAV?$set@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@U?$less@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@V?$allocator@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@@std@@@Z

?GetTransferType@CFakePhone@@UAE?AW4ETransferType@IPhone@@XZ

?GetTransferType@CPhoneEx@@UAE?AW4ETransferType@IPhone@@XZ

?Getside@CFakePhone@@UAE?AW4eSide@@XZ

?Getside@CPhoneEx@@UAE?AW4eSide@@XZ

?Init@CPhone4ManagedContainer@@QAE_NPBG@Z

?IsExtractPasswordsSupported@CLicenseAdapter@@CA_NPAUIPhone@@@Z

?IsFeatureAllowed@CLicenseAdapter@@AAE_ND@Z

?IsFileDumpSupported@CLicenseAdapter@@CA_NPAUIPhone@@@Z

?IsMemoryDumpSupported@CLicenseAdapter@@CA_NPAUIPhone@@@Z

?IsMethodAllowed@CExternalDBStaff@@CA_NH@Z

?IsOpen@CFileRead@@UAE_NXZ

?IsPhoneAllowed@CLicenseAdapter@@AAE_NPAUIPhone@@D@Z

?IsPhoneAllowed@CLicenseAdapter@@AAE_NPAVILicenseFeaturesSetNative@@DPAUIPhone@@PAVCDateTime@@@Z

?IsPhoneAllowed@CLicenseAdapter@@QAE_NPAUIPhone@@W4EPhoneFeatures@@@Z

?IsPhoneFamilyAllowed@CLicenseAdapter@@IAE_NHD@Z

?IsPhoneFamilyAllowed@CLicenseAdapter@@QAE_NHW4EPhoneFeatures@@@Z

?IsPhysicalxtractSupported@CLicenseAdapter@@CA_NPAUIPhone@@PBG@Z

?Parse@CLicenseInfoHelper@@SAPBVILicenseInfoNative@@PBEAAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z

?Phone4Transfer@@YAHAAU_AllPhonesInfo@@PBGK@Z

?PhoneFamilyFabrick@@YAPAUIPhoneFamily@@ABU_family_info_internal@@@Z

?Pos64@CFileRead@@UAE_JXZ

?Pos@CFileRead@@QAEIXZ

?Prepare2CacheBuild@CExternalDBStaff@@SAXXZ

?Read@CFileRead@@UAE_NPAEI@Z

?Release@CFakePhone@@UAEXXZ

?Release@CPhoneEx@@UAEXXZ

?ResetPcSerial@CDeviceIdReaderHelper@@SAXXZ

?Seek@CFileRead@@QAE_NI@Z

?SetCustomer@CFakePhone@@UAEXABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@@Z

?SetCustomer@CPhoneEx@@UAEXABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@@Z

?SetLicenseManager@CLicenseAdapter@@SAXPAVILicenseManager@@@Z

?SetPCMode@CFakePhone@@UAEXPBG@Z

?SetPCMode@CPhoneEx@@UAEXPBG@Z

?SetPhoneVersion@CFakePhone@@UAEXABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@@Z

?SetPhoneVersion@CPhoneEx@@UAEXABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@@Z

?SetPhones@CPhoneEx@@QAEXPAUIPhone@@00@Z

?SetRegionAndProvider@CFakePhone@@UAEXABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@0@Z

?SetRegionAndProvider@CPhoneEx@@UAEXABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@0@Z

?SetSelectedLink@CFakePhone@@UAEXK@Z

?SetSelectedLink@CPhoneEx@@UAEXK@Z

?SetSide@CFakePhone@@UAEXW4eSide@@@Z

?SetSide@CPhoneEx@@UAEXW4eSide@@@Z

?SetTransferType@CFakePhone@@UAEXW4ETransferType@IPhone@@@Z

?SetTransferType@CPhoneEx@@UAEXW4ETransferType@IPhone@@@Z

?SetValue@CFakePhone@@QAEXABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@0@Z

?Size64@CFileRead@@UAE_JXZ

?Size@CFileRead@@QAEIXZ

?UpdateHardwareType@CFakePhone@@UAEXXZ

?UpdateHardwareType@CPhoneEx@@UAEXXZ

?__autoclassinit2@CFileRead@@QAEXI@Z

?_licenseManagerInstance@CLicenseAdapter@@0PAVILicenseManager@@A

?get@COTFImpl@@QAEPAUICreatePhoneOnTheFly@@XZ

?m_isOnlyLogicalLicense@CExternalDBStaff@@0_NA

?m_licenseAdaptor@CExternalDBStaff@@0PAVCLicenseAdapter@@A

CreateDataSource

CreateDataSourceMp

GetDatasource

ReleaseDataSource

SetActivationCode

SetOldActivationCode

Sections

Size: 2.1MB - Virtual size: 3.4MB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

Size: 1.2MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

Size: 77KB - Virtual size: 645KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

Size: 63KB - Virtual size: 87KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_DISCARDABLE

IMAGE_SCN_MEM_READ

.edata
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.idata
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 4.7MB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.boot
Size: 3.0MB - Virtual size: 3.0MB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

.reloc
Size: 16B - Virtual size: 4KB

IMAGE_SCN_MEM_READ

Copy to UFED4PC 7.60 Installation directory (Data file)/ufed copy to location DLL/Dump_A2.dll

.dll windows:6 windows x86 arch:x86

Code Sign

03:a3:43:19:c7:07:88:13:c1:21:d6:74:4a:ba:05:7e
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

27/12/2020, 00:00

Not After

03/01/2024, 23:59

Subject

CN=Cellebrite DI LTD,O=Cellebrite DI LTD,L=Petah Tikva,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign

KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23/12/2017, 00:00

Not After

22/03/2029, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

04:7c:5d:55:0d:bd:7c:e2:35:71:0a:23:e5:85:19:27:24:64:36:c7:3f:f6:ad:32:b7:dd:55:8c:0a:cc:e4:b4
Signer

Actual PE Digest

04:7c:5d:55:0d:bd:7c:e2:35:71:0a:23:e5:85:19:27:24:64:36:c7:3f:f6:ad:32:b7:dd:55:8c:0a:cc:e4:b4

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_32BIT_MACHINE

IMAGE_FILE_DLL

Exports

??0CFileRead@@QAE@ABV0@@Z

??0CFileRead@@QAE@PBGI@Z

??0CsvFile@@QAE@ABV0@@Z

??0CsvFile@@QAE@ABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@@Z

??0CsvFile@@QAE@PBEI@Z

??0IFileRead@@QAE@ABV0@@Z

??0IFileRead@@QAE@XZ

??1CFileRead@@UAE@XZ

??1CsvFile@@UAE@XZ

??1IFileRead@@UAE@XZ

??4CFileRead@@QAEAAV0@ABV0@@Z

??4CTimestampUtil@@QAEAAV0@$$QAV0@@Z

??4CTimestampUtil@@QAEAAV0@ABV0@@Z

??4CsvFile@@QAEAAV0@ABV0@@Z

??4IFileRead@@QAEAAV0@ABV0@@Z

??5CsvFile@@QAEAAV0@AAG@Z

??5CsvFile@@QAEAAV0@AAK@Z

??5CsvFile@@QAEAAV0@AAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z

??5CsvFile@@QAEAAV0@AAV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@@Z

??_7CFileRead@@6B@

??_7CsvFile@@6B@

??_7IFileRead@@6B@

?Close@CFileRead@@QAEXXZ

?Eof@CsvFile@@QAE_NXZ

?GetFileSize@CFileRead@@KA_JPAU_iobuf@@@Z

?GetMoreData@CsvFile@@IAE_NXZ

?GetNextDWORD@CsvFile@@QAEKXZ

?GetNextString@CsvFile@@QAE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ

?IsOpen@CFileRead@@UAE_NXZ

?NewLine@CsvFile@@QAE_NXZ

?NextLine@CsvFile@@QAE_NXZ

?Ok@CsvFile@@QAE_NXZ

?Pos64@CFileRead@@UAE_JXZ

?Pos@CFileRead@@QAEIXZ

?Read@CFileRead@@UAE_NPAEI@Z

?Reset@CsvFile@@QAE_NXZ

?Seek@CFileRead@@QAE_NI@Z

?Size64@CFileRead@@UAE_JXZ

?Size@CFileRead@@QAEIXZ

?__autoclassinit2@CFileRead@@QAEXI@Z

CreateObject

CreateObjectExt

Sections

Size: 50KB - Virtual size: 103KB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

Size: 23KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_DISCARDABLE

IMAGE_SCN_MEM_READ

.edata
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.idata
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 3.7MB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.boot
Size: 2.4MB - Virtual size: 2.4MB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

.reloc
Size: 16B - Virtual size: 4KB

IMAGE_SCN_MEM_READ

Copy to UFED4PC 7.60 Installation directory (Data file)/ufed copy to location DLL/Dump_Advanced_ADB.dll

.dll windows:6 windows x86 arch:x86

Code Sign

03:a3:43:19:c7:07:88:13:c1:21:d6:74:4a:ba:05:7e
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

27/12/2020, 00:00

Not After

03/01/2024, 23:59

Subject

CN=Cellebrite DI LTD,O=Cellebrite DI LTD,L=Petah Tikva,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign

KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23/12/2017, 00:00

Not After

22/03/2029, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

fe:58:b8:54:86:b4:bb:7b:10:ea:e8:8d:e2:72:1b:a0:95:3c:65:cc:84:8d:79:a2:fa:11:4a:1d:89:14:43:99
Signer

Actual PE Digest

fe:58:b8:54:86:b4:bb:7b:10:ea:e8:8d:e2:72:1b:a0:95:3c:65:cc:84:8d:79:a2:fa:11:4a:1d:89:14:43:99

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_32BIT_MACHINE

IMAGE_FILE_DLL

Exports

??0CableTypeInfo@@QAE@$$QAV0@@Z

??0CableTypeInfo@@QAE@ABV0@@Z

??0CsvFile@@QAE@ABV0@@Z

??1CableTypeInfo@@QAE@XZ

??4CTimestampUtil@@QAEAAV0@$$QAV0@@Z

??4CTimestampUtil@@QAEAAV0@ABV0@@Z

??4CableTypeInfo@@QAEAAV0@$$QAV0@@Z

??4CableTypeInfo@@QAEAAV0@ABV0@@Z

??4CsvFile@@QAEAAV0@ABV0@@Z

??_7CsvFile@@6B@

CreateObject

CreateObjectExt

Sections

Size: 17KB - Virtual size: 38KB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

Size: 4KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_DISCARDABLE

IMAGE_SCN_MEM_READ

.edata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.idata
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 3.7MB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.boot
Size: 2.4MB - Virtual size: 2.4MB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

Copy to UFED4PC 7.60 Installation directory (Data file)/ufed copy to location DLL/Dump_Android.dll

.dll windows:6 windows x86 arch:x86

Code Sign

03:a3:43:19:c7:07:88:13:c1:21:d6:74:4a:ba:05:7e
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

27/12/2020, 00:00

Not After

03/01/2024, 23:59

Subject

CN=Cellebrite DI LTD,O=Cellebrite DI LTD,L=Petah Tikva,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign

KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23/12/2017, 00:00

Not After

22/03/2029, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

a9:45:c8:a2:19:0f:10:e6:c0:57:77:5b:76:ce:ff:52:16:0c:f1:e1:a5:5b:b1:30:44:04:9c:4d:71:59:58:5b
Signer

Actual PE Digest

a9:45:c8:a2:19:0f:10:e6:c0:57:77:5b:76:ce:ff:52:16:0c:f1:e1:a5:5b:b1:30:44:04:9c:4d:71:59:58:5b

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_32BIT_MACHINE

IMAGE_FILE_DLL

Exports

??0AndroidFridaCoreInterface@@QAE@V?$unique_ptr@VIFridaCoreProivder@@U?$default_delete@VIFridaCoreProivder@@@std@@@std@@AAVCLowLevel@@AAVAndroidDumper@@V?$unique_ptr@VIFridaCoreCommandHandler@@U?$default_delete@VIFridaCoreCommandHandler@@@std@@@2@@Z

??0CFileRead@@QAE@ABV0@@Z

??0CFileRead@@QAE@PBGI@Z

??0CFileWrite@@QAE@ABV0@@Z

??0CFileWrite@@QAE@PBG0I@Z

??0CFileWrite@@QAE@PBGI@Z

??0CTimestampUtil@@QAE@W4eEpoch@0@W4eTimeUnit@0@@Z

??0CsvFile@@QAE@ABV0@@Z

??0CsvFile@@QAE@ABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@@Z

??0CsvFile@@QAE@PBEI@Z

??0FridaCoreEprProivder@@QAE@$$QAV0@@Z

??0FridaScriptResult@@QAE@$$QAU0@@Z

??0FridaScriptResult@@QAE@ABU0@@Z

??0FridaScriptResult@@QAE@XZ

??0FridaTarget@@QAE@$$QAU0@@Z

??0FridaTarget@@QAE@ABU0@@Z

??0FridaTarget@@QAE@XZ

??0ICaponeRunner@@QAE@$$QAV0@@Z

??0ICaponeRunner@@QAE@ABV0@@Z

??0ICaponeRunner@@QAE@XZ

??0IDumpLister@@QAE@$$QAV0@@Z

??0IDumpLister@@QAE@ABV0@@Z

??0IDumpLister@@QAE@XZ

??0IFileRead@@QAE@ABV0@@Z

??0IFileRead@@QAE@XZ

??0IFridaCoreProivder@@QAE@ABV0@@Z

??0IFridaCoreProivder@@QAE@XZ

??0PythonClass@@QAE@ABV0@@Z

??0UfedFridaCoreCommandHandler@@QAE@$$QAV0@@Z

??0UfedFridaCoreCommandHandler@@QAE@ABV0@@Z

??0UfedFridaCoreCommandHandler@@QAE@XZ

??1AndroidFridaCoreInterface@@UAE@XZ

??1CFileRead@@UAE@XZ

??1CFileWrite@@UAE@XZ

??1CsvFile@@UAE@XZ

??1FridaCoreEprProivder@@UAE@XZ

??1FridaScriptResult@@QAE@XZ

??1FridaTarget@@QAE@XZ

??1ICaponeRunner@@QAE@XZ

??1IFileRead@@UAE@XZ

??1IFridaCoreDeviceInterface@@UAE@XZ

??1IFridaCoreProivder@@UAE@XZ

??1UfedFridaCoreCommandHandler@@UAE@XZ

??4CFileRead@@QAEAAV0@ABV0@@Z

??4CFileWrite@@QAEAAV0@ABV0@@Z

??4CTimestampUtil@@QAEAAV0@$$QAV0@@Z

??4CTimestampUtil@@QAEAAV0@ABV0@@Z

??4CsvFile@@QAEAAV0@ABV0@@Z

??4FridaCoreExecutor@@QAEAAV0@$$QAV0@@Z

??4FridaCoreExecutor@@QAEAAV0@ABV0@@Z

??4FridaTarget@@QAEAAU0@$$QAU0@@Z

??4FridaTarget@@QAEAAU0@ABU0@@Z

??4ICaponeRunner@@QAEAAV0@$$QAV0@@Z

??4ICaponeRunner@@QAEAAV0@ABV0@@Z

??4IDumpLister@@QAEAAV0@$$QAV0@@Z

??4IDumpLister@@QAEAAV0@ABV0@@Z

??4IFileRead@@QAEAAV0@ABV0@@Z

??4IFridaCoreProivder@@QAEAAV0@ABV0@@Z

??4LsParser@@QAEAAV0@$$QAV0@@Z

??4LsParser@@QAEAAV0@ABV0@@Z

??4PyInterpeter@@QAEAAV0@ABV0@@Z

??4PythonClass@@QAEAAV0@ABV0@@Z

??4UfedFridaCoreCommandHandler@@QAEAAV0@$$QAV0@@Z

??4UfedFridaCoreCommandHandler@@QAEAAV0@ABV0@@Z

??5CsvFile@@QAEAAV0@AAG@Z

??5CsvFile@@QAEAAV0@AAK@Z

??5CsvFile@@QAEAAV0@AAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z

??5CsvFile@@QAEAAV0@AAV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@@Z

??_7AndroidFridaCoreInterface@@6B@

??_7CFileRead@@6B@

??_7CFileWrite@@6B@

??_7CsvFile@@6B@

??_7FridaCoreEprProivder@@6B@

??_7ICaponeRunner@@6B@

??_7IDumpLister@@6B@

??_7IFileRead@@6B@

??_7IFridaCoreProivder@@6B@

??_7PythonClass@@6B@

??_7UfedFridaCoreCommandHandler@@6B@

?AddToUploadedList@ICaponeRunner@@QAEXV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z

?CheckAndSetupAdb@AndroidFridaCoreInterface@@AAEXXZ

?CheckAndSetupDumper@AndroidFridaCoreInterface@@AAEXXZ

?Cleanup@AndroidFridaCoreInterface@@UAEXXZ

?Close@CFileRead@@QAEXXZ

?Close@CFileWrite@@QAE_NXZ

?CloseDumpListFile@CDumpListerFacade@@UAE?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@XZ

?CreateTimestamp@CTimestampUtil@@QAEX_KAAUSMS_struct_tag@@@Z

?CreateTimestamp@CTimestampUtil@@QAEX_KAAU_SYSTEMTIME@@@Z

?CreateTimestamp@CTimestampUtil@@QAEX_KAAUtm@@@Z

?DoesTargetPackageExists@AndroidFridaCoreInterface@@EAE_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z

?Eof@CsvFile@@QAE_NXZ

?FetchFileListFromAllIncludes@CDumpListerFacade@@UAE_NXZ

?FetchFilesList@CDumpListerFacade@@UAE_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z

?FetchMoreFilesAndDirsToLists@CDumpListerFacade@@UAE_NAAH0@Z

?FlushCachedData@CFileWrite@@QAE_NXZ

?GetAppUid@AndroidFridaCoreInterface@@AAEHABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z

?GetArchitecture@AndroidFridaCoreInterface@@EAE?AW4Arch@IFridaCoreProivder@@XZ

?GetBrand@AndroidFridaCoreInterface@@AAE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ

?GetDevicePacakges@AndroidFridaCoreInterface@@CA?AV?$vector@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V?$allocator@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@@std@@AAVCLowLevel@@@Z

?GetFileSize@CFileRead@@KA_JPAU_iobuf@@@Z

?GetInTimeUnits@CTimestampUtil@@QAE_KABUSMS_struct_tag@@@Z

?GetInTimeUnits@CTimestampUtil@@QAE_KABU_FILETIME@@@Z

?GetInTimeUnits@CTimestampUtil@@QAE_KABU_SYSTEMTIME@@@Z

?GetInTimeUnits@CTimestampUtil@@QAE_KABUtm@@@Z

?GetManufacturer@AndroidFridaCoreInterface@@AAE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ

?GetMoreData@CsvFile@@IAE_NXZ

?GetNextDWORD@CsvFile@@QAEKXZ

?GetNextPath@CDumpListerFacade@@UAE?AUPathInfo@IDumpLister@@XZ

?GetNextString@CsvFile@@QAE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ

?GetNumberOfFiles@CDumpListerFacade@@UAEIXZ

?GetStatusCountersVector@CDumpListerFacade@@UAE?AV?$vector@IV?$allocator@I@std@@@std@@XZ

?GetTempPathW@CDumpListerFacade@@UAE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ

?GetTotalFilesCount@CDumpListerFacade@@UAE_NAA_K@Z

?GetTotalFilesSize@CDumpListerFacade@@UAE_NAA_K@Z

?GetUploadedFileList@ICaponeRunner@@UAEABV?$list@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V?$allocator@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@@std@@XZ

?GetVendor@AndroidFridaCoreInterface@@EAE?AW4Vendor@IFridaCoreVendor@@XZ

?IsOpen@CFileRead@@UAE_NXZ

?IsReady@CFileWrite@@QAE_NXZ

?KillApp@AndroidFridaCoreInterface@@EAEXABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z

?KillPidsByCmdline@AndroidFridaCoreInterface@@AAEXABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z

?KillPidsByCmdlineNoThrow@AndroidFridaCoreInterface@@AAEXABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z

?ListingEnded@CDumpListerFacade@@UAE_NXZ

?LoadLibraryGenesis@@YGPAUHINSTANCE__@@PBG@Z

?NewLine@CsvFile@@QAE_NXZ

?NextLine@CsvFile@@QAE_NXZ

?Ok@CsvFile@@QAE_NXZ

?Open@CFileWrite@@QAE_NPBG_N@Z

?PatchSeTargetPolicy@AndroidFridaCoreInterface@@AAEXABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@W4Vendor@IFridaCoreVendor@@@Z

?PatchTriggerSetupScript@AndroidFridaCoreInterface@@AAEXAAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@H@Z

?Pos64@CFileRead@@UAE_JXZ

?Pos@CFileRead@@QAEIXZ

?PostFailureCleanup@AndroidFridaCoreInterface@@EAEXABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z

?Read@CFileRead@@UAE_NPAEI@Z

?Rename@CFileWrite@@SA_NPBG0@Z

?Reset@CsvFile@@QAE_NXZ

?ResetFilesAndDirsList@CDumpListerFacade@@UAEXXZ

?RunFridaScriptImpl@AndroidFridaCoreInterface@@EAE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@ABV23@ABUFridaTarget@@@Z

?RunPsWithGrep@AndroidFridaCoreInterface@@AAE?AV?$optional@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@std@@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@3@@Z

?Seek@CFileRead@@QAE_NI@Z

?Seek@CFileWrite@@QAE_NI@Z

?SetApplicationMessageCallback@CDumpListerFacade@@UAEXV?$function@$$A6AXVCStringArg@@V?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@_KI@Z@std@@@Z

?SetApplicationMessageCallback@IDumpLister@@UAEXV?$function@$$A6AXVCStringArg@@V?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@_KI@Z@std@@@Z

?SetEpoch@CTimestampUtil@@QAEXW4eEpoch@1@@Z

?SetFileMetaDataCallback@CDumpListerFacade@@UAEXV?$function@$$A6A?AUFileMetaData@IDumpLister@@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z@std@@@Z

?SetFileMetaDataCallback@IDumpLister@@UAEXV?$function@$$A6A?AUFileMetaData@IDumpLister@@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z@std@@@Z

?SetFileStatus@CDumpListerFacade@@UAEXABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@W4FileStatus@IDumpLister@@PAU_DWE_file_data@@PAUFileMetaData@5@@Z

?SetFolderList@CDumpListerFacade@@UAEXAAVCFoldersInfo@@@Z

?SetFolderList@IDumpLister@@UAEXAAVCFoldersInfo@@@Z

?SetFolderNotificationCallback@CDumpListerFacade@@UAEXV?$function@$$A6AXABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z@std@@@Z

?SetFolderNotificationCallback@IDumpLister@@UAEXV?$function@$$A6AXABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z@std@@@Z

?SetPassword@AndroidDeviceDecrypt@@UAEXV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z

?SetTarget@CDumpListerFacade@@UAEXPAUIDumperTargetCallback@@@Z

?SetTarget@IDumpLister@@UAEXPAUIDumperTargetCallback@@@Z

?Size64@CFileRead@@UAE_JXZ

?Size@CFileRead@@QAEIXZ

?SmsTimeToSystemTime@CTimestampUtil@@SA?AU_SYSTEMTIME@@ABUSMS_struct_tag@@@Z

?StartFetchFilesAndDirectoriesLists@CDumpListerFacade@@UAE_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@_N@Z

?SystemTimeToSmsTime@CTimestampUtil@@SAXABU_SYSTEMTIME@@AAUSMS_struct_tag@@@Z

?SystemTimeToString@CTimestampUtil@@SA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@ABU_SYSTEMTIME@@@Z

?SystemTimeToTm@CTimestampUtil@@SA?AUtm@@ABU_SYSTEMTIME@@@Z

?SystemTimeToWstring@CTimestampUtil@@SA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@ABU_SYSTEMTIME@@@Z

?TmToSystemTime@CTimestampUtil@@SA?AU_SYSTEMTIME@@ABUtm@@@Z

?TriggerAppCmd@AndroidFridaCoreInterface@@EAE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@ABUFridaTarget@@@Z

?TriggerAppRetrySetup@AndroidFridaCoreInterface@@AAEXH@Z

?UpdateFilesCount@CDumpListerFacade@@UAE_NXZ

?UploadAndTrackFile@AndroidFridaCoreInterface@@AAE_NPBEIABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z

?UploadFiles@AndroidFridaCoreInterface@@EAE_NXZ

?UploadFridaScript@AndroidFridaCoreInterface@@EAE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@ABUFridaTarget@@@Z

?Write@CFileWrite@@QAE_NPBEI@Z

?__autoclassinit2@CConditionVariable@@QAEXI@Z

?__autoclassinit2@CFileRead@@QAEXI@Z

?mAltQcpEpoch@CTimestampUtil@@0U_SYSTEMTIME@@B

?mAppleEpoch@CTimestampUtil@@0U_SYSTEMTIME@@B

?mLinuxEpoch@CTimestampUtil@@0U_SYSTEMTIME@@B

?mQcpEpoch@CTimestampUtil@@0U_SYSTEMTIME@@B

CreateObject

CreateObjectExt

CreateSmartFlow

compress_memory

Sections

Size: 541KB - Virtual size: 1.4MB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

Size: 133KB - Virtual size: 434KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

Size: 5KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

Size: 60KB - Virtual size: 87KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_DISCARDABLE

IMAGE_SCN_MEM_READ

.edata
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.idata
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 3.7MB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.boot
Size: 2.3MB - Virtual size: 2.3MB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

.reloc
Size: 16B - Virtual size: 4KB

IMAGE_SCN_MEM_READ

Copy to UFED4PC 7.60 Installation directory (Data file)/ufed copy to location DLL/Dump_BB5.dll

.dll windows:6 windows x86 arch:x86

Code Sign

03:a3:43:19:c7:07:88:13:c1:21:d6:74:4a:ba:05:7e
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

27/12/2020, 00:00

Not After

03/01/2024, 23:59

Subject

CN=Cellebrite DI LTD,O=Cellebrite DI LTD,L=Petah Tikva,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign

KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23/12/2017, 00:00

Not After

22/03/2029, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

47:b9:ba:a0:72:a1:41:18:ad:f0:7a:e6:bd:14:91:d4:2e:84:21:ef:d1:a5:05:cc:c6:e0:42:3a:84:d4:2a:c9
Signer

Actual PE Digest

47:b9:ba:a0:72:a1:41:18:ad:f0:7a:e6:bd:14:91:d4:2e:84:21:ef:d1:a5:05:cc:c6:e0:42:3a:84:d4:2a:c9

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_32BIT_MACHINE

IMAGE_FILE_DLL

Exports

??0CFileRead@@QAE@ABV0@@Z

??0CFileRead@@QAE@PBGI@Z

??0CsvFile@@QAE@ABV0@@Z

??0CsvFile@@QAE@ABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@@Z

??0CsvFile@@QAE@PBEI@Z

??0IFileRead@@QAE@ABV0@@Z

??0IFileRead@@QAE@XZ

??1CFileRead@@UAE@XZ

??1CsvFile@@UAE@XZ

??1IFileRead@@UAE@XZ

??4CFileRead@@QAEAAV0@ABV0@@Z

??4CTimestampUtil@@QAEAAV0@$$QAV0@@Z

??4CTimestampUtil@@QAEAAV0@ABV0@@Z

??4CsvFile@@QAEAAV0@ABV0@@Z

??4IFileRead@@QAEAAV0@ABV0@@Z

??5CsvFile@@QAEAAV0@AAG@Z

??5CsvFile@@QAEAAV0@AAK@Z

??5CsvFile@@QAEAAV0@AAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z

??5CsvFile@@QAEAAV0@AAV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@@Z

??_7CFileRead@@6B@

??_7CsvFile@@6B@

??_7IFileRead@@6B@

?Close@CFileRead@@QAEXXZ

?Eof@CsvFile@@QAE_NXZ

?GetFileSize@CFileRead@@KA_JPAU_iobuf@@@Z

?GetMoreData@CsvFile@@IAE_NXZ

?GetNextDWORD@CsvFile@@QAEKXZ

?GetNextString@CsvFile@@QAE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ

?IsOpen@CFileRead@@UAE_NXZ

?NewLine@CsvFile@@QAE_NXZ

?NextLine@CsvFile@@QAE_NXZ

?Ok@CsvFile@@QAE_NXZ

?Pos64@CFileRead@@UAE_JXZ

?Pos@CFileRead@@QAEIXZ

?Read@CFileRead@@UAE_NPAEI@Z

?Reset@CsvFile@@QAE_NXZ

?Seek@CFileRead@@QAE_NI@Z

?Size64@CFileRead@@UAE_JXZ

?Size@CFileRead@@QAEIXZ

?__autoclassinit2@CFileRead@@QAEXI@Z

CreateObject

CreateObjectExt

Sections

Size: 72KB - Virtual size: 160KB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

Size: 12KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

Size: 1024B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

Size: 6KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_DISCARDABLE

IMAGE_SCN_MEM_READ

.edata
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.idata
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 3.9MB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.boot
Size: 2.4MB - Virtual size: 2.4MB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

Copy to UFED4PC 7.60 Installation directory (Data file)/ufed copy to location DLL/Dump_BlackBerry.dll

.dll windows:6 windows x86 arch:x86

Code Sign

03:a3:43:19:c7:07:88:13:c1:21:d6:74:4a:ba:05:7e
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

27/12/2020, 00:00

Not After

03/01/2024, 23:59

Subject

CN=Cellebrite DI LTD,O=Cellebrite DI LTD,L=Petah Tikva,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign

KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23/12/2017, 00:00

Not After

22/03/2029, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

a7:28:e9:cb:1b:1f:e3:4e:96:96:6c:5d:16:a1:7e:11:7c:30:62:b2:07:d2:0a:93:c1:15:d8:fe:9f:d9:b5:2e
Signer

Actual PE Digest

a7:28:e9:cb:1b:1f:e3:4e:96:96:6c:5d:16:a1:7e:11:7c:30:62:b2:07:d2:0a:93:c1:15:d8:fe:9f:d9:b5:2e

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_32BIT_MACHINE

IMAGE_FILE_DLL

Exports

??0CFileRead@@QAE@ABV0@@Z

??0CFileRead@@QAE@PBGI@Z

??0IFileRead@@QAE@ABV0@@Z

??0IFileRead@@QAE@XZ

??1CFileRead@@UAE@XZ

??1IFileRead@@UAE@XZ

??4CFileRead@@QAEAAV0@ABV0@@Z

??4CTimestampUtil@@QAEAAV0@$$QAV0@@Z

??4CTimestampUtil@@QAEAAV0@ABV0@@Z

??4IFileRead@@QAEAAV0@ABV0@@Z

??_7CFileRead@@6B@

??_7IFileRead@@6B@

?Close@CFileRead@@QAEXXZ

?GetFileSize@CFileRead@@KA_JPAU_iobuf@@@Z

?IsOpen@CFileRead@@UAE_NXZ

?Pos64@CFileRead@@UAE_JXZ

?Pos@CFileRead@@QAEIXZ

?Read@CFileRead@@UAE_NPAEI@Z

?Seek@CFileRead@@QAE_NI@Z

?Size64@CFileRead@@UAE_JXZ

?Size@CFileRead@@QAEIXZ

?__autoclassinit2@CFileRead@@QAEXI@Z

CreateObject

CreateObjectExt

Sections

Size: 77KB - Virtual size: 173KB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

Size: 13KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

Size: 1024B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_DISCARDABLE

IMAGE_SCN_MEM_READ

.edata
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.idata
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 3.7MB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.boot
Size: 2.3MB - Virtual size: 2.3MB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

Copy to UFED4PC 7.60 Installation directory (Data file)/ufed copy to location DLL/Dump_BtlCommon.dll

.dll windows:6 windows x86 arch:x86

Code Sign

03:a3:43:19:c7:07:88:13:c1:21:d6:74:4a:ba:05:7e
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

27/12/2020, 00:00

Not After

03/01/2024, 23:59

Subject

CN=Cellebrite DI LTD,O=Cellebrite DI LTD,L=Petah Tikva,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign

KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23/12/2017, 00:00

Not After

22/03/2029, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

41:3a:58:0a:3a:16:1c:96:46:87:08:71:eb:bb:18:e6:26:f1:48:88:41:9f:77:96:40:f9:da:fe:7d:a6:63:8d
Signer

Actual PE Digest

41:3a:58:0a:3a:16:1c:96:46:87:08:71:eb:bb:18:e6:26:f1:48:88:41:9f:77:96:40:f9:da:fe:7d:a6:63:8d

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_32BIT_MACHINE

IMAGE_FILE_DLL

Exports

??0CBootloaderProtocol@@QAE@AAVDumpFramer@@PAVCRamLogger@@@Z

??0CBootloaderProtocol@@QAE@ABV0@@Z

??1CBootloaderProtocol@@UAE@XZ

??4CBootloaderProtocol@@QAEAAV0@ABV0@@Z

??_7CBootloaderProtocol@@6B@

?CONF@CBootloaderProtocol@@QAE_NPBEI0I@Z

?DONE@CBootloaderProtocol@@QAE_NXZ

?DumpFromRam@CBootloaderProtocol@@QAE_NIIPAEIAAI@Z

?IEXM@CBootloaderProtocol@@QAE_KAAV?$vector@UMemSegmentInfo_t@@V?$allocator@UMemSegmentInfo_t@@@std@@@std@@@Z

?INTB@CBootloaderProtocol@@QAE_NAAV?$vector@KV?$allocator@K@std@@@std@@@Z

?INTN@CBootloaderProtocol@@QAE_NAAV?$vector@KV?$allocator@K@std@@@std@@@Z

?InitOnnd@CBootloaderProtocol@@QAE_NAAV?$vector@KV?$allocator@K@std@@@std@@PAK11@Z

?MMCI@CBootloaderProtocol@@QAE_NAAI0PAEEK@Z

?MMCR@CBootloaderProtocol@@QAE_NIII@Z

?NAND@CBootloaderProtocol@@QAE_NPAEKAAV?$vector@KV?$allocator@K@std@@@std@@K@Z

?ONND@CBootloaderProtocol@@QAE_NPAEIKKI@Z

?PING@CBootloaderProtocol@@QAE_NPAEI@Z

?PRBN@CBootloaderProtocol@@QAE_NAAV?$vector@KV?$allocator@K@std@@@std@@PAK1@Z

Sections

Size: 5KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

Size: 3KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

Size: 1024B - Virtual size: 796B

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_DISCARDABLE

IMAGE_SCN_MEM_READ

.edata
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.idata
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 3.5MB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.boot
Size: 2.2MB - Virtual size: 2.2MB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

Copy to UFED4PC 7.60 Installation directory (Data file)/ufed copy to location DLL/Dump_Huawei.dll

.dll windows:6 windows x86 arch:x86

Code Sign

03:a3:43:19:c7:07:88:13:c1:21:d6:74:4a:ba:05:7e
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

27/12/2020, 00:00

Not After

03/01/2024, 23:59

Subject

CN=Cellebrite DI LTD,O=Cellebrite DI LTD,L=Petah Tikva,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign

KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23/12/2017, 00:00

Not After

22/03/2029, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

22:9a:7d:ed:b7:ed:12:4c:5b:60:01:03:56:af:0b:40:69:23:b5:2e:e6:d1:4e:77:0e:1b:1d:f5:49:1d:40:de
Signer

Actual PE Digest

22:9a:7d:ed:b7:ed:12:4c:5b:60:01:03:56:af:0b:40:69:23:b5:2e:e6:d1:4e:77:0e:1b:1d:f5:49:1d:40:de

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_32BIT_MACHINE

IMAGE_FILE_DLL

Exports

??0CFileRead@@QAE@ABV0@@Z

??0CFileRead@@QAE@PBGI@Z

??0CFileWrite@@QAE@ABV0@@Z

??0CTimestampUtil@@QAE@W4eEpoch@0@W4eTimeUnit@0@@Z

??0CsvFile@@QAE@ABV0@@Z

??0FridaCoreEprProivder@@QAE@$$QAV0@@Z

??0FridaScriptResult@@QAE@$$QAU0@@Z

??0FridaScriptResult@@QAE@ABU0@@Z

??0FridaScriptResult@@QAE@XZ

??0FridaTarget@@QAE@$$QAU0@@Z

??0FridaTarget@@QAE@ABU0@@Z

??0FridaTarget@@QAE@XZ

??0IDumpLister@@QAE@$$QAV0@@Z

??0IDumpLister@@QAE@ABV0@@Z

??0IDumpLister@@QAE@XZ

??0IFileRead@@QAE@ABV0@@Z

??0IFileRead@@QAE@XZ

??0IFridaCoreProivder@@QAE@ABV0@@Z

??0IFridaCoreProivder@@QAE@XZ

??0PythonClass@@QAE@ABV0@@Z

??1AndroidFridaCoreInterface@@UAE@XZ

??1CFileRead@@UAE@XZ

??1FridaCoreEprProivder@@UAE@XZ

??1FridaScriptResult@@QAE@XZ

??1FridaTarget@@QAE@XZ

??1IFileRead@@UAE@XZ

??1IFridaCoreDeviceInterface@@UAE@XZ

??1IFridaCoreProivder@@UAE@XZ

??4CFileRead@@QAEAAV0@ABV0@@Z

??4CFileWrite@@QAEAAV0@ABV0@@Z

??4CTimestampUtil@@QAEAAV0@$$QAV0@@Z

??4CTimestampUtil@@QAEAAV0@ABV0@@Z

??4CsvFile@@QAEAAV0@ABV0@@Z

??4FridaCoreExecutor@@QAEAAV0@$$QAV0@@Z

??4FridaCoreExecutor@@QAEAAV0@ABV0@@Z

??4FridaTarget@@QAEAAU0@$$QAU0@@Z

??4FridaTarget@@QAEAAU0@ABU0@@Z

??4IDumpLister@@QAEAAV0@$$QAV0@@Z

??4IDumpLister@@QAEAAV0@ABV0@@Z

??4IFileRead@@QAEAAV0@ABV0@@Z

??4IFridaCoreProivder@@QAEAAV0@ABV0@@Z

??4PyInterpeter@@QAEAAV0@ABV0@@Z

??4PythonClass@@QAEAAV0@ABV0@@Z

??_7CFileRead@@6B@

??_7CFileWrite@@6B@

??_7CsvFile@@6B@

??_7FridaCoreEprProivder@@6B@

??_7IDumpLister@@6B@

??_7IFileRead@@6B@

??_7IFridaCoreProivder@@6B@

??_7PythonClass@@6B@

??_FByteArray@@QAEXXZ

?Close@CFileRead@@QAEXXZ

?CloseDumpListFile@CDumpListerFacade@@UAE?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@XZ

?CreateTimestamp@CTimestampUtil@@QAEX_KAAUSMS_struct_tag@@@Z

?CreateTimestamp@CTimestampUtil@@QAEX_KAAU_SYSTEMTIME@@@Z

?CreateTimestamp@CTimestampUtil@@QAEX_KAAUtm@@@Z

?FetchFileListFromAllIncludes@CDumpListerFacade@@UAE_NXZ

?FetchFilesList@CDumpListerFacade@@UAE_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z

?FetchMoreFilesAndDirsToLists@CDumpListerFacade@@UAE_NAAH0@Z

?GetFileSize@CFileRead@@KA_JPAU_iobuf@@@Z

?GetInTimeUnits@CTimestampUtil@@QAE_KABUSMS_struct_tag@@@Z

?GetInTimeUnits@CTimestampUtil@@QAE_KABU_FILETIME@@@Z

?GetInTimeUnits@CTimestampUtil@@QAE_KABU_SYSTEMTIME@@@Z

?GetInTimeUnits@CTimestampUtil@@QAE_KABUtm@@@Z

?GetNextPath@CDumpListerFacade@@UAE?AUPathInfo@IDumpLister@@XZ

?GetNumberOfFiles@CDumpListerFacade@@UAEIXZ

?GetStatusCountersVector@CDumpListerFacade@@UAE?AV?$vector@IV?$allocator@I@std@@@std@@XZ

?GetTempPathW@CDumpListerFacade@@UAE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ

?GetTotalFilesCount@CDumpListerFacade@@UAE_NAA_K@Z

?GetTotalFilesSize@CDumpListerFacade@@UAE_NAA_K@Z

?IsOpen@CFileRead@@UAE_NXZ

?ListingEnded@CDumpListerFacade@@UAE_NXZ

?Pos64@CFileRead@@UAE_JXZ

?Pos@CFileRead@@QAEIXZ

?Read@CFileRead@@UAE_NPAEI@Z

?ResetFilesAndDirsList@CDumpListerFacade@@UAEXXZ

?Seek@CFileRead@@QAE_NI@Z

?SetApplicationMessageCallback@CDumpListerFacade@@UAEXV?$function@$$A6AXVCStringArg@@V?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@_KI@Z@std@@@Z

?SetApplicationMessageCallback@IDumpLister@@UAEXV?$function@$$A6AXVCStringArg@@V?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@_KI@Z@std@@@Z

?SetEpoch@CTimestampUtil@@QAEXW4eEpoch@1@@Z

?SetFileMetaDataCallback@CDumpListerFacade@@UAEXV?$function@$$A6A?AUFileMetaData@IDumpLister@@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z@std@@@Z

?SetFileMetaDataCallback@IDumpLister@@UAEXV?$function@$$A6A?AUFileMetaData@IDumpLister@@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z@std@@@Z

?SetFileStatus@CDumpListerFacade@@UAEXABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@W4FileStatus@IDumpLister@@PAU_DWE_file_data@@PAUFileMetaData@5@@Z

?SetFolderList@CDumpListerFacade@@UAEXAAVCFoldersInfo@@@Z

?SetFolderList@IDumpLister@@UAEXAAVCFoldersInfo@@@Z

?SetFolderNotificationCallback@CDumpListerFacade@@UAEXV?$function@$$A6AXABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z@std@@@Z

?SetFolderNotificationCallback@IDumpLister@@UAEXV?$function@$$A6AXABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z@std@@@Z

?SetTarget@CDumpListerFacade@@UAEXPAUIDumperTargetCallback@@@Z

?SetTarget@IDumpLister@@UAEXPAUIDumperTargetCallback@@@Z

?Size64@CFileRead@@UAE_JXZ

?Size@CFileRead@@QAEIXZ

?SmsTimeToSystemTime@CTimestampUtil@@SA?AU_SYSTEMTIME@@ABUSMS_struct_tag@@@Z

?StartFetchFilesAndDirectoriesLists@CDumpListerFacade@@UAE_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@_N@Z

?SystemTimeToSmsTime@CTimestampUtil@@SAXABU_SYSTEMTIME@@AAUSMS_struct_tag@@@Z

?SystemTimeToString@CTimestampUtil@@SA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@ABU_SYSTEMTIME@@@Z

?SystemTimeToTm@CTimestampUtil@@SA?AUtm@@ABU_SYSTEMTIME@@@Z

?SystemTimeToWstring@CTimestampUtil@@SA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@ABU_SYSTEMTIME@@@Z

?TmToSystemTime@CTimestampUtil@@SA?AU_SYSTEMTIME@@ABUtm@@@Z

?UpdateFilesCount@CDumpListerFacade@@UAE_NXZ

?__autoclassinit2@CFileRead@@QAEXI@Z

?mAltQcpEpoch@CTimestampUtil@@0U_SYSTEMTIME@@B

?mAppleEpoch@CTimestampUtil@@0U_SYSTEMTIME@@B

?mLinuxEpoch@CTimestampUtil@@0U_SYSTEMTIME@@B

?mQcpEpoch@CTimestampUtil@@0U_SYSTEMTIME@@B

CreateObject

CreateObjectExt

Sections

Size: 225KB - Virtual size: 545KB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

Size: 41KB - Virtual size: 165KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

Size: 2KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

Size: 25KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_DISCARDABLE

IMAGE_SCN_MEM_READ

.edata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.idata
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 4.1MB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.boot
Size: 2.5MB - Virtual size: 2.5MB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

.reloc
Size: 16B - Virtual size: 4KB

IMAGE_SCN_MEM_READ

Copy to UFED4PC 7.60 Installation directory (Data file)/ufed copy to location DLL/Dump_Huawei_Vendor.dll

.dll windows:6 windows x86 arch:x86

Code Sign

03:a3:43:19:c7:07:88:13:c1:21:d6:74:4a:ba:05:7e
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

27/12/2020, 00:00

Not After

03/01/2024, 23:59

Subject

CN=Cellebrite DI LTD,O=Cellebrite DI LTD,L=Petah Tikva,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign

KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23/12/2017, 00:00

Not After

22/03/2029, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

92:d4:05:74:ab:b7:92:c2:8b:6d:08:8a:4f:4d:05:7a:ea:75:6f:57:09:72:29:07:dc:a4:51:00:86:93:a9:19
Signer

Actual PE Digest

92:d4:05:74:ab:b7:92:c2:8b:6d:08:8a:4f:4d:05:7a:ea:75:6f:57:09:72:29:07:dc:a4:51:00:86:93:a9:19

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_32BIT_MACHINE

IMAGE_FILE_DLL

Exports

??0CFileRead@@QAE@ABV0@@Z

??0CFileRead@@QAE@PBGI@Z

??0IFileRead@@QAE@ABV0@@Z

??0IFileRead@@QAE@XZ

??1CFileRead@@UAE@XZ

??1IFileRead@@UAE@XZ

??4CFileRead@@QAEAAV0@ABV0@@Z

??4CTimestampUtil@@QAEAAV0@$$QAV0@@Z

??4CTimestampUtil@@QAEAAV0@ABV0@@Z

??4IFileRead@@QAEAAV0@ABV0@@Z

??_7CFileRead@@6B@

??_7IFileRead@@6B@

?Close@CFileRead@@QAEXXZ

?GetFileSize@CFileRead@@KA_JPAU_iobuf@@@Z

?IsOpen@CFileRead@@UAE_NXZ

?Pos64@CFileRead@@UAE_JXZ

?Pos@CFileRead@@QAEIXZ

?Read@CFileRead@@UAE_NPAEI@Z

?Seek@CFileRead@@QAE_NI@Z

?Size64@CFileRead@@UAE_JXZ

?Size@CFileRead@@QAEIXZ

?__autoclassinit2@CFileRead@@QAEXI@Z

CreateObject

CreateObjectExt

Sections

Size: 648KB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

Size: 195KB - Virtual size: 384KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

Size: 3KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

Size: 32KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_DISCARDABLE

IMAGE_SCN_MEM_READ

.edata
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.idata
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 3.9MB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.boot
Size: 2.5MB - Virtual size: 2.5MB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

.reloc
Size: 16B - Virtual size: 4KB

IMAGE_SCN_MEM_READ

Copy to UFED4PC 7.60 Installation directory (Data file)/ufed copy to location DLL/Dump_Lg_Android_LAF.dll

.dll windows:6 windows x86 arch:x86

Code Sign

03:a3:43:19:c7:07:88:13:c1:21:d6:74:4a:ba:05:7e
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

27/12/2020, 00:00

Not After

03/01/2024, 23:59

Subject

CN=Cellebrite DI LTD,O=Cellebrite DI LTD,L=Petah Tikva,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign

KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23/12/2017, 00:00

Not After

22/03/2029, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

18:be:59:c1:05:97:66:1b:5c:28:7c:67:b5:1d:42:97:16:16:e3:ad:00:57:3d:01:4f:d3:d7:da:89:45:76:5c
Signer

Actual PE Digest

18:be:59:c1:05:97:66:1b:5c:28:7c:67:b5:1d:42:97:16:16:e3:ad:00:57:3d:01:4f:d3:d7:da:89:45:76:5c

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_32BIT_MACHINE

IMAGE_FILE_DLL

Exports

??4CTimestampUtil@@QAEAAV0@$$QAV0@@Z

??4CTimestampUtil@@QAEAAV0@ABV0@@Z

CreateObject

CreateObjectExt

Sections

Size: 51KB - Virtual size: 124KB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

Size: 10KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

Size: 512B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

Size: 6KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_DISCARDABLE

IMAGE_SCN_MEM_READ

.edata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.idata
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 3.7MB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.boot
Size: 2.4MB - Virtual size: 2.4MB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

Copy to UFED4PC 7.60 Installation directory (Data file)/ufed copy to location DLL/Dump_MTK_KO.dll

.dll windows:6 windows x86 arch:x86

Code Sign

03:a3:43:19:c7:07:88:13:c1:21:d6:74:4a:ba:05:7e
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

27/12/2020, 00:00

Not After

03/01/2024, 23:59

Subject

CN=Cellebrite DI LTD,O=Cellebrite DI LTD,L=Petah Tikva,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign

KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23/12/2017, 00:00

Not After

22/03/2029, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

03:d1:aa:6c:57:73:75:5d:80:72:2a:7e:04:99:f1:64:69:4d:fd:87:4f:15:16:62:de:b9:dc:d4:e6:85:1e:00
Signer

Actual PE Digest

03:d1:aa:6c:57:73:75:5d:80:72:2a:7e:04:99:f1:64:69:4d:fd:87:4f:15:16:62:de:b9:dc:d4:e6:85:1e:00

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_32BIT_MACHINE

IMAGE_FILE_DLL

Exports

??0AndroidFridaCoreInterface@@QAE@V?$unique_ptr@VIFridaCoreProivder@@U?$default_delete@VIFridaCoreProivder@@@std@@@std@@AAVCLowLevel@@AAVAndroidDumper@@V?$unique_ptr@VIFridaCoreCommandHandler@@U?$default_delete@VIFridaCoreCommandHandler@@@std@@@2@@Z

??0CFileRead@@QAE@ABV0@@Z

??0CFileRead@@QAE@PBGI@Z

??0CFileWrite@@QAE@ABV0@@Z

??0CTimestampUtil@@QAE@W4eEpoch@0@W4eTimeUnit@0@@Z

??0CsvFile@@QAE@ABV0@@Z

??0FridaCoreEprProivder@@QAE@$$QAV0@@Z

??0FridaScriptResult@@QAE@$$QAU0@@Z

??0FridaScriptResult@@QAE@ABU0@@Z

??0FridaScriptResult@@QAE@XZ

??0FridaTarget@@QAE@$$QAU0@@Z

??0FridaTarget@@QAE@ABU0@@Z

??0FridaTarget@@QAE@XZ

??0IDumpLister@@QAE@$$QAV0@@Z

??0IDumpLister@@QAE@ABV0@@Z

??0IDumpLister@@QAE@XZ

??0IFileRead@@QAE@ABV0@@Z

??0IFileRead@@QAE@XZ

??0IFridaCoreProivder@@QAE@ABV0@@Z

??0IFridaCoreProivder@@QAE@XZ

??1AndroidFridaCoreInterface@@UAE@XZ

??1CFileRead@@UAE@XZ

??1FridaCoreEprProivder@@UAE@XZ

??1FridaScriptResult@@QAE@XZ

??1FridaTarget@@QAE@XZ

??1IFileRead@@UAE@XZ

??1IFridaCoreDeviceInterface@@UAE@XZ

??1IFridaCoreProivder@@UAE@XZ

??4CFileRead@@QAEAAV0@ABV0@@Z

??4CFileWrite@@QAEAAV0@ABV0@@Z

??4CTimestampUtil@@QAEAAV0@$$QAV0@@Z

??4CTimestampUtil@@QAEAAV0@ABV0@@Z

??4CsvFile@@QAEAAV0@ABV0@@Z

??4FridaCoreExecutor@@QAEAAV0@$$QAV0@@Z

??4FridaCoreExecutor@@QAEAAV0@ABV0@@Z

??4FridaTarget@@QAEAAU0@$$QAU0@@Z

??4FridaTarget@@QAEAAU0@ABU0@@Z

??4IDumpLister@@QAEAAV0@$$QAV0@@Z

??4IDumpLister@@QAEAAV0@ABV0@@Z

??4IFileRead@@QAEAAV0@ABV0@@Z

??4IFridaCoreProivder@@QAEAAV0@ABV0@@Z

??_7AndroidFridaCoreInterface@@6B@

??_7CFileRead@@6B@

??_7CFileWrite@@6B@

??_7CsvFile@@6B@

??_7FridaCoreEprProivder@@6B@

??_7IDumpLister@@6B@

??_7IFileRead@@6B@

??_7IFridaCoreProivder@@6B@

?CheckAndSetupAdb@AndroidFridaCoreInterface@@AAEXXZ

?CheckAndSetupDumper@AndroidFridaCoreInterface@@AAEXXZ

?Cleanup@AndroidFridaCoreInterface@@UAEXXZ

?Close@CFileRead@@QAEXXZ

?CloseDumpListFile@CDumpListerFacade@@UAE?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@XZ

?CreateTimestamp@CTimestampUtil@@QAEX_KAAUSMS_struct_tag@@@Z

?CreateTimestamp@CTimestampUtil@@QAEX_KAAU_SYSTEMTIME@@@Z

?CreateTimestamp@CTimestampUtil@@QAEX_KAAUtm@@@Z

?DoesTargetPackageExists@AndroidFridaCoreInterface@@EAE_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z

?FetchFileListFromAllIncludes@CDumpListerFacade@@UAE_NXZ

?FetchFilesList@CDumpListerFacade@@UAE_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z

?FetchMoreFilesAndDirsToLists@CDumpListerFacade@@UAE_NAAH0@Z

?GetAppUid@AndroidFridaCoreInterface@@AAEHABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z

?GetArchitecture@AndroidFridaCoreInterface@@EAE?AW4Arch@IFridaCoreProivder@@XZ

?GetBrand@AndroidFridaCoreInterface@@AAE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ

?GetDevicePacakges@AndroidFridaCoreInterface@@CA?AV?$vector@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V?$allocator@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@@std@@AAVCLowLevel@@@Z

?GetFileSize@CFileRead@@KA_JPAU_iobuf@@@Z

?GetInTimeUnits@CTimestampUtil@@QAE_KABUSMS_struct_tag@@@Z

?GetInTimeUnits@CTimestampUtil@@QAE_KABU_FILETIME@@@Z

?GetInTimeUnits@CTimestampUtil@@QAE_KABU_SYSTEMTIME@@@Z

?GetInTimeUnits@CTimestampUtil@@QAE_KABUtm@@@Z

?GetManufacturer@AndroidFridaCoreInterface@@AAE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ

?GetNextPath@CDumpListerFacade@@UAE?AUPathInfo@IDumpLister@@XZ

?GetNumberOfFiles@CDumpListerFacade@@UAEIXZ

?GetStatusCountersVector@CDumpListerFacade@@UAE?AV?$vector@IV?$allocator@I@std@@@std@@XZ

?GetTempPathW@CDumpListerFacade@@UAE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ

?GetTotalFilesCount@CDumpListerFacade@@UAE_NAA_K@Z

?GetTotalFilesSize@CDumpListerFacade@@UAE_NAA_K@Z

?GetVendor@AndroidFridaCoreInterface@@EAE?AW4Vendor@IFridaCoreVendor@@XZ

?IsOpen@CFileRead@@UAE_NXZ

?KillApp@AndroidFridaCoreInterface@@EAEXABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z

?KillPidsByCmdline@AndroidFridaCoreInterface@@AAEXABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z

?KillPidsByCmdlineNoThrow@AndroidFridaCoreInterface@@AAEXABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z

?ListingEnded@CDumpListerFacade@@UAE_NXZ

?PatchSeTargetPolicy@AndroidFridaCoreInterface@@AAEXABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@W4Vendor@IFridaCoreVendor@@@Z

?PatchTriggerSetupScript@AndroidFridaCoreInterface@@AAEXAAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@H@Z

?Pos64@CFileRead@@UAE_JXZ

?Pos@CFileRead@@QAEIXZ

?PostFailureCleanup@AndroidFridaCoreInterface@@EAEXABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z

?Read@CFileRead@@UAE_NPAEI@Z

?ResetFilesAndDirsList@CDumpListerFacade@@UAEXXZ

?RunFridaScriptImpl@AndroidFridaCoreInterface@@EAE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@ABV23@ABUFridaTarget@@@Z

?RunPsWithGrep@AndroidFridaCoreInterface@@AAE?AV?$optional@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@std@@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@3@@Z

?Seek@CFileRead@@QAE_NI@Z

?SetApplicationMessageCallback@CDumpListerFacade@@UAEXV?$function@$$A6AXVCStringArg@@V?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@_KI@Z@std@@@Z

?SetApplicationMessageCallback@IDumpLister@@UAEXV?$function@$$A6AXVCStringArg@@V?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@_KI@Z@std@@@Z

?SetEpoch@CTimestampUtil@@QAEXW4eEpoch@1@@Z

?SetFileMetaDataCallback@CDumpListerFacade@@UAEXV?$function@$$A6A?AUFileMetaData@IDumpLister@@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z@std@@@Z

?SetFileMetaDataCallback@IDumpLister@@UAEXV?$function@$$A6A?AUFileMetaData@IDumpLister@@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z@std@@@Z

?SetFileStatus@CDumpListerFacade@@UAEXABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@W4FileStatus@IDumpLister@@PAU_DWE_file_data@@PAUFileMetaData@5@@Z

?SetFolderList@CDumpListerFacade@@UAEXAAVCFoldersInfo@@@Z

?SetFolderList@IDumpLister@@UAEXAAVCFoldersInfo@@@Z

?SetFolderNotificationCallback@CDumpListerFacade@@UAEXV?$function@$$A6AXABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z@std@@@Z

?SetFolderNotificationCallback@IDumpLister@@UAEXV?$function@$$A6AXABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z@std@@@Z

?SetTarget@CDumpListerFacade@@UAEXPAUIDumperTargetCallback@@@Z

?SetTarget@IDumpLister@@UAEXPAUIDumperTargetCallback@@@Z

?Size64@CFileRead@@UAE_JXZ

?Size@CFileRead@@QAEIXZ

?SmsTimeToSystemTime@CTimestampUtil@@SA?AU_SYSTEMTIME@@ABUSMS_struct_tag@@@Z

?StartFetchFilesAndDirectoriesLists@CDumpListerFacade@@UAE_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@_N@Z

?SystemTimeToSmsTime@CTimestampUtil@@SAXABU_SYSTEMTIME@@AAUSMS_struct_tag@@@Z

?SystemTimeToString@CTimestampUtil@@SA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@ABU_SYSTEMTIME@@@Z

?SystemTimeToTm@CTimestampUtil@@SA?AUtm@@ABU_SYSTEMTIME@@@Z

?SystemTimeToWstring@CTimestampUtil@@SA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@ABU_SYSTEMTIME@@@Z

?TmToSystemTime@CTimestampUtil@@SA?AU_SYSTEMTIME@@ABUtm@@@Z

?TriggerAppCmd@AndroidFridaCoreInterface@@EAE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@ABUFridaTarget@@@Z

?TriggerAppRetrySetup@AndroidFridaCoreInterface@@AAEXH@Z

?UpdateFilesCount@CDumpListerFacade@@UAE_NXZ

?UploadAndTrackFile@AndroidFridaCoreInterface@@AAE_NPBEIABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z

?UploadFiles@AndroidFridaCoreInterface@@EAE_NXZ

?UploadFridaScript@AndroidFridaCoreInterface@@EAE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@ABUFridaTarget@@@Z

?__autoclassinit2@AndroidFridaCoreInterface@@QAEXI@Z

?__autoclassinit2@CConditionVariable@@QAEXI@Z

?__autoclassinit2@CDumpListerFacade@@QAEXI@Z

?__autoclassinit2@CFileRead@@QAEXI@Z

?__autoclassinit2@CFileWrite@@QAEXI@Z

?__autoclassinit2@CsvFile@@QAEXI@Z

?__autoclassinit2@FridaCoreEprProivder@@QAEXI@Z

?__autoclassinit2@IFridaCoreDeviceInterface@@QAEXI@Z

?mAltQcpEpoch@CTimestampUtil@@0U_SYSTEMTIME@@B

?mAppleEpoch@CTimestampUtil@@0U_SYSTEMTIME@@B

?mLinuxEpoch@CTimestampUtil@@0U_SYSTEMTIME@@B

?mQcpEpoch@CTimestampUtil@@0U_SYSTEMTIME@@B

CreateObject

CreateObjectExt

Sections

Size: 210KB - Virtual size: 511KB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

Size: 38KB - Virtual size: 153KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

Size: 2KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

Size: 22KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_DISCARDABLE

IMAGE_SCN_MEM_READ

.edata
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.idata
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 3.7MB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.boot
Size: 2.4MB - Virtual size: 2.4MB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

.reloc
Size: 16B - Virtual size: 4KB

IMAGE_SCN_MEM_READ

Copy to UFED4PC 7.60 Installation directory (Data file)/ufed copy to location DLL/Dump_MTP.dll

.dll windows:6 windows x86 arch:x86

Code Sign

03:a3:43:19:c7:07:88:13:c1:21:d6:74:4a:ba:05:7e
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

27/12/2020, 00:00

Not After

03/01/2024, 23:59

Subject

CN=Cellebrite DI LTD,O=Cellebrite DI LTD,L=Petah Tikva,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign

KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23/12/2017, 00:00

Not After

22/03/2029, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

26:10:27:d5:b1:a9:45:e3:da:cf:0b:f1:6b:79:3f:bc:18:55:f5:05:dc:19:08:91:d2:13:af:0f:ca:94:a0:3b
Signer

Actual PE Digest

26:10:27:d5:b1:a9:45:e3:da:cf:0b:f1:6b:79:3f:bc:18:55:f5:05:dc:19:08:91:d2:13:af:0f:ca:94:a0:3b

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_32BIT_MACHINE

IMAGE_FILE_DLL

Exports

??0CsvFile@@QAE@ABV0@@Z

??4CTimestampUtil@@QAEAAV0@$$QAV0@@Z

??4CTimestampUtil@@QAEAAV0@ABV0@@Z

??4CsvFile@@QAEAAV0@ABV0@@Z

??_7CsvFile@@6B@

CreateObject

CreateObjectExt

Sections

Size: 29KB - Virtual size: 59KB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

Size: 4KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_DISCARDABLE

IMAGE_SCN_MEM_READ

.edata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.idata
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 3.7MB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.boot
Size: 2.4MB - Virtual size: 2.4MB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

Copy to UFED4PC 7.60 Installation directory (Data file)/ufed copy to location DLL/Dump_MotGSM.dll

.dll windows:6 windows x86 arch:x86

Code Sign

03:a3:43:19:c7:07:88:13:c1:21:d6:74:4a:ba:05:7e
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

27/12/2020, 00:00

Not After

03/01/2024, 23:59

Subject

CN=Cellebrite DI LTD,O=Cellebrite DI LTD,L=Petah Tikva,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign

KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23/12/2017, 00:00

Not After

22/03/2029, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

52:71:22:d6:cb:05:69:84:80:41:91:b9:f0:29:ac:a3:ca:6e:a2:bc:d9:f3:6b:0f:f3:c2:1f:60:1e:1d:f9:ff
Signer

Actual PE Digest

52:71:22:d6:cb:05:69:84:80:41:91:b9:f0:29:ac:a3:ca:6e:a2:bc:d9:f3:6b:0f:f3:c2:1f:60:1e:1d:f9:ff

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_32BIT_MACHINE

IMAGE_FILE_DLL

Exports

??0AndroidFridaCoreInterface@@QAE@V?$unique_ptr@VIFridaCoreProivder@@U?$default_delete@VIFridaCoreProivder@@@std@@@std@@AAVCLowLevel@@AAVAndroidDumper@@V?$unique_ptr@VIFridaCoreCommandHandler@@U?$default_delete@VIFridaCoreCommandHandler@@@std@@@2@@Z

??0CFileRead@@QAE@ABV0@@Z

??0CFileRead@@QAE@PBGI@Z

??0CFileWrite@@QAE@ABV0@@Z

??0CTimestampUtil@@QAE@W4eEpoch@0@W4eTimeUnit@0@@Z

??0CsvFile@@QAE@ABV0@@Z

??0CsvFile@@QAE@ABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@@Z

??0CsvFile@@QAE@PBEI@Z

??0FridaCoreEprProivder@@QAE@$$QAV0@@Z

??0FridaScriptResult@@QAE@$$QAU0@@Z

??0FridaScriptResult@@QAE@ABU0@@Z

??0FridaScriptResult@@QAE@XZ

??0FridaTarget@@QAE@$$QAU0@@Z

??0FridaTarget@@QAE@ABU0@@Z

??0FridaTarget@@QAE@XZ

??0IDumpLister@@QAE@$$QAV0@@Z

??0IDumpLister@@QAE@ABV0@@Z

??0IDumpLister@@QAE@XZ

??0IFileRead@@QAE@ABV0@@Z

??0IFileRead@@QAE@XZ

??0IFridaCoreProivder@@QAE@ABV0@@Z

??0IFridaCoreProivder@@QAE@XZ

??1AndroidFridaCoreInterface@@UAE@XZ

??1CFileRead@@UAE@XZ

??1CsvFile@@UAE@XZ

??1FridaCoreEprProivder@@UAE@XZ

??1FridaScriptResult@@QAE@XZ

??1FridaTarget@@QAE@XZ

??1IFileRead@@UAE@XZ

??1IFridaCoreDeviceInterface@@UAE@XZ

??1IFridaCoreProivder@@UAE@XZ

??4CFileRead@@QAEAAV0@ABV0@@Z

??4CFileWrite@@QAEAAV0@ABV0@@Z

??4CTimestampUtil@@QAEAAV0@$$QAV0@@Z

??4CTimestampUtil@@QAEAAV0@ABV0@@Z

??4CsvFile@@QAEAAV0@ABV0@@Z

??4FridaCoreExecutor@@QAEAAV0@$$QAV0@@Z

??4FridaCoreExecutor@@QAEAAV0@ABV0@@Z

??4FridaTarget@@QAEAAU0@$$QAU0@@Z

??4FridaTarget@@QAEAAU0@ABU0@@Z

??4IDumpLister@@QAEAAV0@$$QAV0@@Z

??4IDumpLister@@QAEAAV0@ABV0@@Z

??4IFileRead@@QAEAAV0@ABV0@@Z

??4IFridaCoreProivder@@QAEAAV0@ABV0@@Z

??5CsvFile@@QAEAAV0@AAG@Z

??5CsvFile@@QAEAAV0@AAK@Z

??5CsvFile@@QAEAAV0@AAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z

??5CsvFile@@QAEAAV0@AAV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@@Z

??_7AndroidFridaCoreInterface@@6B@

??_7CFileRead@@6B@

??_7CFileWrite@@6B@

??_7CsvFile@@6B@

??_7FridaCoreEprProivder@@6B@

??_7IDumpLister@@6B@

??_7IFileRead@@6B@

??_7IFridaCoreProivder@@6B@

?CheckAndSetupAdb@AndroidFridaCoreInterface@@AAEXXZ

?CheckAndSetupDumper@AndroidFridaCoreInterface@@AAEXXZ

?Cleanup@AndroidFridaCoreInterface@@UAEXXZ

?Close@CFileRead@@QAEXXZ

?CloseDumpListFile@CDumpListerFacade@@UAE?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@XZ

?CreateTimestamp@CTimestampUtil@@QAEX_KAAUSMS_struct_tag@@@Z

?CreateTimestamp@CTimestampUtil@@QAEX_KAAU_SYSTEMTIME@@@Z

?CreateTimestamp@CTimestampUtil@@QAEX_KAAUtm@@@Z

?DoesTargetPackageExists@AndroidFridaCoreInterface@@EAE_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z

?Eof@CsvFile@@QAE_NXZ

?FetchFileListFromAllIncludes@CDumpListerFacade@@UAE_NXZ

?FetchFilesList@CDumpListerFacade@@UAE_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z

?FetchMoreFilesAndDirsToLists@CDumpListerFacade@@UAE_NAAH0@Z

?GetAppUid@AndroidFridaCoreInterface@@AAEHABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z

?GetArchitecture@AndroidFridaCoreInterface@@EAE?AW4Arch@IFridaCoreProivder@@XZ

?GetBrand@AndroidFridaCoreInterface@@AAE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ

?GetDevicePacakges@AndroidFridaCoreInterface@@CA?AV?$vector@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V?$allocator@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@@std@@AAVCLowLevel@@@Z

?GetFileSize@CFileRead@@KA_JPAU_iobuf@@@Z

?GetInTimeUnits@CTimestampUtil@@QAE_KABUSMS_struct_tag@@@Z

?GetInTimeUnits@CTimestampUtil@@QAE_KABU_FILETIME@@@Z

?GetInTimeUnits@CTimestampUtil@@QAE_KABU_SYSTEMTIME@@@Z

?GetInTimeUnits@CTimestampUtil@@QAE_KABUtm@@@Z

?GetManufacturer@AndroidFridaCoreInterface@@AAE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ

?GetMoreData@CsvFile@@IAE_NXZ

?GetNextDWORD@CsvFile@@QAEKXZ

?GetNextPath@CDumpListerFacade@@UAE?AUPathInfo@IDumpLister@@XZ

?GetNextString@CsvFile@@QAE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ

?GetNumberOfFiles@CDumpListerFacade@@UAEIXZ

?GetStatusCountersVector@CDumpListerFacade@@UAE?AV?$vector@IV?$allocator@I@std@@@std@@XZ

?GetTempPathW@CDumpListerFacade@@UAE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ

?GetTotalFilesCount@CDumpListerFacade@@UAE_NAA_K@Z

?GetTotalFilesSize@CDumpListerFacade@@UAE_NAA_K@Z

?GetVendor@AndroidFridaCoreInterface@@EAE?AW4Vendor@IFridaCoreVendor@@XZ

?IsOpen@CFileRead@@UAE_NXZ

?KillApp@AndroidFridaCoreInterface@@EAEXABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z

?KillPidsByCmdline@AndroidFridaCoreInterface@@AAEXABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z

?KillPidsByCmdlineNoThrow@AndroidFridaCoreInterface@@AAEXABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z

?ListingEnded@CDumpListerFacade@@UAE_NXZ

?NewLine@CsvFile@@QAE_NXZ

?NextLine@CsvFile@@QAE_NXZ

?Ok@CsvFile@@QAE_NXZ

?PatchSeTargetPolicy@AndroidFridaCoreInterface@@AAEXABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@W4Vendor@IFridaCoreVendor@@@Z

?PatchTriggerSetupScript@AndroidFridaCoreInterface@@AAEXAAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@H@Z

?Pos64@CFileRead@@UAE_JXZ

?Pos@CFileRead@@QAEIXZ

?PostFailureCleanup@AndroidFridaCoreInterface@@EAEXABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z

?Read@CFileRead@@UAE_NPAEI@Z

?Reset@CsvFile@@QAE_NXZ

?ResetFilesAndDirsList@CDumpListerFacade@@UAEXXZ

?RunFridaScriptImpl@AndroidFridaCoreInterface@@EAE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@ABV23@ABUFridaTarget@@@Z

?RunPsWithGrep@AndroidFridaCoreInterface@@AAE?AV?$optional@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@std@@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@3@@Z

?Seek@CFileRead@@QAE_NI@Z

?SetApplicationMessageCallback@CDumpListerFacade@@UAEXV?$function@$$A6AXVCStringArg@@V?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@_KI@Z@std@@@Z

?SetApplicationMessageCallback@IDumpLister@@UAEXV?$function@$$A6AXVCStringArg@@V?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@_KI@Z@std@@@Z

?SetEpoch@CTimestampUtil@@QAEXW4eEpoch@1@@Z

?SetFileMetaDataCallback@CDumpListerFacade@@UAEXV?$function@$$A6A?AUFileMetaData@IDumpLister@@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z@std@@@Z

?SetFileMetaDataCallback@IDumpLister@@UAEXV?$function@$$A6A?AUFileMetaData@IDumpLister@@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z@std@@@Z

?SetFileStatus@CDumpListerFacade@@UAEXABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@W4FileStatus@IDumpLister@@PAU_DWE_file_data@@PAUFileMetaData@5@@Z

?SetFolderList@CDumpListerFacade@@UAEXAAVCFoldersInfo@@@Z

?SetFolderList@IDumpLister@@UAEXAAVCFoldersInfo@@@Z

?SetFolderNotificationCallback@CDumpListerFacade@@UAEXV?$function@$$A6AXABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z@std@@@Z

?SetFolderNotificationCallback@IDumpLister@@UAEXV?$function@$$A6AXABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z@std@@@Z

?SetTarget@CDumpListerFacade@@UAEXPAUIDumperTargetCallback@@@Z

?SetTarget@IDumpLister@@UAEXPAUIDumperTargetCallback@@@Z

?Size64@CFileRead@@UAE_JXZ

?Size@CFileRead@@QAEIXZ

?SmsTimeToSystemTime@CTimestampUtil@@SA?AU_SYSTEMTIME@@ABUSMS_struct_tag@@@Z

?StartFetchFilesAndDirectoriesLists@CDumpListerFacade@@UAE_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@_N@Z

?SystemTimeToSmsTime@CTimestampUtil@@SAXABU_SYSTEMTIME@@AAUSMS_struct_tag@@@Z

?SystemTimeToString@CTimestampUtil@@SA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@ABU_SYSTEMTIME@@@Z

?SystemTimeToTm@CTimestampUtil@@SA?AUtm@@ABU_SYSTEMTIME@@@Z

?SystemTimeToWstring@CTimestampUtil@@SA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@ABU_SYSTEMTIME@@@Z

?TmToSystemTime@CTimestampUtil@@SA?AU_SYSTEMTIME@@ABUtm@@@Z

?TriggerAppCmd@AndroidFridaCoreInterface@@EAE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@ABUFridaTarget@@@Z

?TriggerAppRetrySetup@AndroidFridaCoreInterface@@AAEXH@Z

?UpdateFilesCount@CDumpListerFacade@@UAE_NXZ

?UploadAndTrackFile@AndroidFridaCoreInterface@@AAE_NPBEIABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z

?UploadFiles@AndroidFridaCoreInterface@@EAE_NXZ

?UploadFridaScript@AndroidFridaCoreInterface@@EAE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@ABUFridaTarget@@@Z

?__autoclassinit2@CFileRead@@QAEXI@Z

?mAltQcpEpoch@CTimestampUtil@@0U_SYSTEMTIME@@B

?mAppleEpoch@CTimestampUtil@@0U_SYSTEMTIME@@B

?mLinuxEpoch@CTimestampUtil@@0U_SYSTEMTIME@@B

?mQcpEpoch@CTimestampUtil@@0U_SYSTEMTIME@@B

CreateObject

CreateObjectExt

Sections

Size: 168KB - Virtual size: 402KB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

Size: 30KB - Virtual size: 119KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

Size: 1KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

Size: 17KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_DISCARDABLE

IMAGE_SCN_MEM_READ

.edata
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.idata
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 3.9MB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.boot
Size: 2.5MB - Virtual size: 2.5MB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

.reloc
Size: 16B - Virtual size: 4KB

IMAGE_SCN_MEM_READ

Copy to UFED4PC 7.60 Installation directory (Data file)/ufed copy to location DLL/Dump_NokiaAsha.dll

.dll windows:6 windows x86 arch:x86

Code Sign

03:a3:43:19:c7:07:88:13:c1:21:d6:74:4a:ba:05:7e
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

27/12/2020, 00:00

Not After

03/01/2024, 23:59

Subject

CN=Cellebrite DI LTD,O=Cellebrite DI LTD,L=Petah Tikva,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign

KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23/12/2017, 00:00

Not After

22/03/2029, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

88:27:de:bb:89:6a:9c:57:4a:1c:32:dd:66:a3:02:12:d3:43:18:67:b8:6c:ed:62:da:9b:b7:03:09:29:d7:48
Signer

Actual PE Digest

88:27:de:bb:89:6a:9c:57:4a:1c:32:dd:66:a3:02:12:d3:43:18:67:b8:6c:ed:62:da:9b:b7:03:09:29:d7:48

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_32BIT_MACHINE

IMAGE_FILE_DLL

Exports

??4CTimestampUtil@@QAEAAV0@$$QAV0@@Z

??4CTimestampUtil@@QAEAAV0@ABV0@@Z

CreateObject

Sections

Size: 21KB - Virtual size: 40KB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

Size: 6KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_DISCARDABLE

IMAGE_SCN_MEM_READ

.edata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.idata
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 3.5MB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.boot
Size: 2.3MB - Virtual size: 2.3MB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

Copy to UFED4PC 7.60 Installation directory (Data file)/ufed copy to location DLL/Dump_Nokia_WP.dll

.dll windows:6 windows x86 arch:x86

Code Sign

03:a3:43:19:c7:07:88:13:c1:21:d6:74:4a:ba:05:7e
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

27/12/2020, 00:00

Not After

03/01/2024, 23:59

Subject

CN=Cellebrite DI LTD,O=Cellebrite DI LTD,L=Petah Tikva,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign

KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23/12/2017, 00:00

Not After

22/03/2029, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

67:3a:37:68:42:d9:51:8b:81:8e:ff:d0:d2:b1:77:22:69:c3:25:32:2a:cd:7e:60:34:61:c0:f9:cb:62:a3:f6
Signer

Actual PE Digest

67:3a:37:68:42:d9:51:8b:81:8e:ff:d0:d2:b1:77:22:69:c3:25:32:2a:cd:7e:60:34:61:c0:f9:cb:62:a3:f6

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_32BIT_MACHINE

IMAGE_FILE_DLL

Exports

??0CFileRead@@QAE@ABV0@@Z

??0CFileRead@@QAE@PBGI@Z

??0IFileRead@@QAE@ABV0@@Z

??0IFileRead@@QAE@XZ

??1CFileRead@@UAE@XZ

??1IFileRead@@UAE@XZ

??4CFileRead@@QAEAAV0@ABV0@@Z

??4CTimestampUtil@@QAEAAV0@$$QAV0@@Z

??4CTimestampUtil@@QAEAAV0@ABV0@@Z

??4IFileRead@@QAEAAV0@ABV0@@Z

??_7CFileRead@@6B@

??_7IFileRead@@6B@

?Close@CFileRead@@QAEXXZ

?GetFileSize@CFileRead@@KA_JPAU_iobuf@@@Z

?IsOpen@CFileRead@@UAE_NXZ

?Pos64@CFileRead@@UAE_JXZ

?Pos@CFileRead@@QAEIXZ

?Read@CFileRead@@UAE_NPAEI@Z

?Seek@CFileRead@@QAE_NI@Z

?Size64@CFileRead@@UAE_JXZ

?Size@CFileRead@@QAEIXZ

?__autoclassinit2@CFileRead@@QAEXI@Z

CreateObject

CreateObjectExt

Sections

Size: 74KB - Virtual size: 171KB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

Size: 12KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

Size: 1024B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_DISCARDABLE

IMAGE_SCN_MEM_READ

.edata
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.idata
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 3.5MB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.boot
Size: 2.2MB - Virtual size: 2.2MB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

Copy to UFED4PC 7.60 Installation directory (Data file)/ufed copy to location DLL/Dump_Oasis.dll

.dll windows:6 windows x86 arch:x86

Code Sign

03:a3:43:19:c7:07:88:13:c1:21:d6:74:4a:ba:05:7e
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

27/12/2020, 00:00

Not After

03/01/2024, 23:59

Subject

CN=Cellebrite DI LTD,O=Cellebrite DI LTD,L=Petah Tikva,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign

KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23/12/2017, 00:00

Not After

22/03/2029, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

b9:18:f3:10:e3:2a:48:66:6e:76:e4:9e:35:65:7c:1b:f2:7a:4c:f5:8a:d6:6d:79:44:af:53:88:0f:0a:f9:f1
Signer

Actual PE Digest

b9:18:f3:10:e3:2a:48:66:6e:76:e4:9e:35:65:7c:1b:f2:7a:4c:f5:8a:d6:6d:79:44:af:53:88:0f:0a:f9:f1

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_32BIT_MACHINE

IMAGE_FILE_DLL

Exports

??0AndroidFridaCoreInterface@@QAE@V?$unique_ptr@VIFridaCoreProivder@@U?$default_delete@VIFridaCoreProivder@@@std@@@std@@AAVCLowLevel@@AAVAndroidDumper@@V?$unique_ptr@VIFridaCoreCommandHandler@@U?$default_delete@VIFridaCoreCommandHandler@@@std@@@2@@Z

??0CFileRead@@QAE@ABV0@@Z

??0CFileRead@@QAE@PBGI@Z

??0CFileWrite@@QAE@ABV0@@Z

??0CTimestampUtil@@QAE@W4eEpoch@0@W4eTimeUnit@0@@Z

??0CsvFile@@QAE@ABV0@@Z

??0CsvFile@@QAE@ABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@@Z

??0CsvFile@@QAE@PBEI@Z

??0FridaCoreEprProivder@@QAE@$$QAV0@@Z

??0FridaScriptResult@@QAE@$$QAU0@@Z

??0FridaScriptResult@@QAE@ABU0@@Z

??0FridaScriptResult@@QAE@XZ

??0FridaTarget@@QAE@$$QAU0@@Z

??0FridaTarget@@QAE@ABU0@@Z

??0FridaTarget@@QAE@XZ

??0IDumpLister@@QAE@$$QAV0@@Z

??0IDumpLister@@QAE@ABV0@@Z

??0IDumpLister@@QAE@XZ

??0IFileRead@@QAE@ABV0@@Z

??0IFileRead@@QAE@XZ

??0IFridaCoreProivder@@QAE@ABV0@@Z

??0IFridaCoreProivder@@QAE@XZ

??1AndroidFridaCoreInterface@@UAE@XZ

??1CFileRead@@UAE@XZ

??1CsvFile@@UAE@XZ

??1FridaCoreEprProivder@@UAE@XZ

??1FridaScriptResult@@QAE@XZ

??1FridaTarget@@QAE@XZ

??1IFileRead@@UAE@XZ

??1IFridaCoreDeviceInterface@@UAE@XZ

??1IFridaCoreProivder@@UAE@XZ

??4CFileRead@@QAEAAV0@ABV0@@Z

??4CFileWrite@@QAEAAV0@ABV0@@Z

??4CTimestampUtil@@QAEAAV0@$$QAV0@@Z

??4CTimestampUtil@@QAEAAV0@ABV0@@Z

??4CsvFile@@QAEAAV0@ABV0@@Z

??4FridaCoreExecutor@@QAEAAV0@$$QAV0@@Z

??4FridaCoreExecutor@@QAEAAV0@ABV0@@Z

??4FridaTarget@@QAEAAU0@$$QAU0@@Z

??4FridaTarget@@QAEAAU0@ABU0@@Z

??4IDumpLister@@QAEAAV0@$$QAV0@@Z

??4IDumpLister@@QAEAAV0@ABV0@@Z

??4IFileRead@@QAEAAV0@ABV0@@Z

??4IFridaCoreProivder@@QAEAAV0@ABV0@@Z

??5CsvFile@@QAEAAV0@AAG@Z

??5CsvFile@@QAEAAV0@AAK@Z

??5CsvFile@@QAEAAV0@AAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z

??5CsvFile@@QAEAAV0@AAV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@@Z

??_7AndroidFridaCoreInterface@@6B@

??_7CFileRead@@6B@

??_7CFileWrite@@6B@

??_7CsvFile@@6B@

??_7FridaCoreEprProivder@@6B@

??_7IDumpLister@@6B@

??_7IFileRead@@6B@

??_7IFridaCoreProivder@@6B@

?CheckAndSetupAdb@AndroidFridaCoreInterface@@AAEXXZ

?CheckAndSetupDumper@AndroidFridaCoreInterface@@AAEXXZ

?Cleanup@AndroidFridaCoreInterface@@UAEXXZ

?Close@CFileRead@@QAEXXZ

?CloseDumpListFile@CDumpListerFacade@@UAE?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@XZ

?CreateTimestamp@CTimestampUtil@@QAEX_KAAUSMS_struct_tag@@@Z

?CreateTimestamp@CTimestampUtil@@QAEX_KAAU_SYSTEMTIME@@@Z

?CreateTimestamp@CTimestampUtil@@QAEX_KAAUtm@@@Z

?DoesTargetPackageExists@AndroidFridaCoreInterface@@EAE_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z

?Eof@CsvFile@@QAE_NXZ

?FetchFileListFromAllIncludes@CDumpListerFacade@@UAE_NXZ

?FetchFilesList@CDumpListerFacade@@UAE_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z

?FetchMoreFilesAndDirsToLists@CDumpListerFacade@@UAE_NAAH0@Z

?GetAppUid@AndroidFridaCoreInterface@@AAEHABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z

?GetArchitecture@AndroidFridaCoreInterface@@EAE?AW4Arch@IFridaCoreProivder@@XZ

?GetBrand@AndroidFridaCoreInterface@@AAE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ

?GetDevicePacakges@AndroidFridaCoreInterface@@CA?AV?$vector@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V?$allocator@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@@std@@AAVCLowLevel@@@Z

?GetFileSize@CFileRead@@KA_JPAU_iobuf@@@Z

?GetInTimeUnits@CTimestampUtil@@QAE_KABUSMS_struct_tag@@@Z

?GetInTimeUnits@CTimestampUtil@@QAE_KABU_FILETIME@@@Z

?GetInTimeUnits@CTimestampUtil@@QAE_KABU_SYSTEMTIME@@@Z

?GetInTimeUnits@CTimestampUtil@@QAE_KABUtm@@@Z

?GetManufacturer@AndroidFridaCoreInterface@@AAE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ

?GetMoreData@CsvFile@@IAE_NXZ

?GetNextDWORD@CsvFile@@QAEKXZ

?GetNextPath@CDumpListerFacade@@UAE?AUPathInfo@IDumpLister@@XZ

?GetNextString@CsvFile@@QAE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ

?GetNumberOfFiles@CDumpListerFacade@@UAEIXZ

?GetStatusCountersVector@CDumpListerFacade@@UAE?AV?$vector@IV?$allocator@I@std@@@std@@XZ

?GetTempPathW@CDumpListerFacade@@UAE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ

?GetTotalFilesCount@CDumpListerFacade@@UAE_NAA_K@Z

?GetTotalFilesSize@CDumpListerFacade@@UAE_NAA_K@Z

?GetVendor@AndroidFridaCoreInterface@@EAE?AW4Vendor@IFridaCoreVendor@@XZ

?IsOpen@CFileRead@@UAE_NXZ

?KillApp@AndroidFridaCoreInterface@@EAEXABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z

?KillPidsByCmdline@AndroidFridaCoreInterface@@AAEXABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z

?KillPidsByCmdlineNoThrow@AndroidFridaCoreInterface@@AAEXABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z

?ListingEnded@CDumpListerFacade@@UAE_NXZ

?NewLine@CsvFile@@QAE_NXZ

?NextLine@CsvFile@@QAE_NXZ

?Ok@CsvFile@@QAE_NXZ

?PatchSeTargetPolicy@AndroidFridaCoreInterface@@AAEXABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@W4Vendor@IFridaCoreVendor@@@Z

?PatchTriggerSetupScript@AndroidFridaCoreInterface@@AAEXAAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@H@Z

?Pos64@CFileRead@@UAE_JXZ

?Pos@CFileRead@@QAEIXZ

?PostFailureCleanup@AndroidFridaCoreInterface@@EAEXABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z

?Read@CFileRead@@UAE_NPAEI@Z

?Reset@CsvFile@@QAE_NXZ

?ResetFilesAndDirsList@CDumpListerFacade@@UAEXXZ

?RunFridaScriptImpl@AndroidFridaCoreInterface@@EAE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@ABV23@ABUFridaTarget@@@Z

?RunPsWithGrep@AndroidFridaCoreInterface@@AAE?AV?$optional@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@std@@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@3@@Z

?Seek@CFileRead@@QAE_NI@Z

?SetApplicationMessageCallback@CDumpListerFacade@@UAEXV?$function@$$A6AXVCStringArg@@V?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@_KI@Z@std@@@Z

?SetApplicationMessageCallback@IDumpLister@@UAEXV?$function@$$A6AXVCStringArg@@V?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@_KI@Z@std@@@Z

?SetEpoch@CTimestampUtil@@QAEXW4eEpoch@1@@Z

?SetFileMetaDataCallback@CDumpListerFacade@@UAEXV?$function@$$A6A?AUFileMetaData@IDumpLister@@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z@std@@@Z

?SetFileMetaDataCallback@IDumpLister@@UAEXV?$function@$$A6A?AUFileMetaData@IDumpLister@@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z@std@@@Z

?SetFileStatus@CDumpListerFacade@@UAEXABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@W4FileStatus@IDumpLister@@PAU_DWE_file_data@@PAUFileMetaData@5@@Z

?SetFolderList@CDumpListerFacade@@UAEXAAVCFoldersInfo@@@Z

?SetFolderList@IDumpLister@@UAEXAAVCFoldersInfo@@@Z

?SetFolderNotificationCallback@CDumpListerFacade@@UAEXV?$function@$$A6AXABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z@std@@@Z

?SetFolderNotificationCallback@IDumpLister@@UAEXV?$function@$$A6AXABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z@std@@@Z

?SetTarget@CDumpListerFacade@@UAEXPAUIDumperTargetCallback@@@Z

?SetTarget@IDumpLister@@UAEXPAUIDumperTargetCallback@@@Z

?Size64@CFileRead@@UAE_JXZ

?Size@CFileRead@@QAEIXZ

?SmsTimeToSystemTime@CTimestampUtil@@SA?AU_SYSTEMTIME@@ABUSMS_struct_tag@@@Z

?StartFetchFilesAndDirectoriesLists@CDumpListerFacade@@UAE_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@_N@Z

?SystemTimeToSmsTime@CTimestampUtil@@SAXABU_SYSTEMTIME@@AAUSMS_struct_tag@@@Z

?SystemTimeToString@CTimestampUtil@@SA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@ABU_SYSTEMTIME@@@Z

?SystemTimeToTm@CTimestampUtil@@SA?AUtm@@ABU_SYSTEMTIME@@@Z

?SystemTimeToWstring@CTimestampUtil@@SA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@ABU_SYSTEMTIME@@@Z

?TmToSystemTime@CTimestampUtil@@SA?AU_SYSTEMTIME@@ABUtm@@@Z

?TriggerAppCmd@AndroidFridaCoreInterface@@EAE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@ABUFridaTarget@@@Z

?TriggerAppRetrySetup@AndroidFridaCoreInterface@@AAEXH@Z

?UpdateFilesCount@CDumpListerFacade@@UAE_NXZ

?UploadAndTrackFile@AndroidFridaCoreInterface@@AAE_NPBEIABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z

?UploadFiles@AndroidFridaCoreInterface@@EAE_NXZ

?UploadFridaScript@AndroidFridaCoreInterface@@EAE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@ABUFridaTarget@@@Z

?__autoclassinit2@CFileRead@@QAEXI@Z

?mAltQcpEpoch@CTimestampUtil@@0U_SYSTEMTIME@@B

?mAppleEpoch@CTimestampUtil@@0U_SYSTEMTIME@@B

?mLinuxEpoch@CTimestampUtil@@0U_SYSTEMTIME@@B

?mQcpEpoch@CTimestampUtil@@0U_SYSTEMTIME@@B

CreateObject

Sections

Size: 801KB - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

Size: 223KB - Virtual size: 499KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

Size: 3KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

Size: 48KB - Virtual size: 71KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_DISCARDABLE

IMAGE_SCN_MEM_READ

.edata
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.idata
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 3.9MB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.boot
Size: 2.4MB - Virtual size: 2.4MB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

.reloc
Size: 16B - Virtual size: 4KB

IMAGE_SCN_MEM_READ

Copy to UFED4PC 7.60 Installation directory (Data file)/ufed copy to location DLL/Dump_Py_Raw.dll

.dll windows:6 windows x86 arch:x86

Code Sign

03:a3:43:19:c7:07:88:13:c1:21:d6:74:4a:ba:05:7e
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

27/12/2020, 00:00

Not After

03/01/2024, 23:59

Subject

CN=Cellebrite DI LTD,O=Cellebrite DI LTD,L=Petah Tikva,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign

KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23/12/2017, 00:00

Not After

22/03/2029, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

b5:51:b1:ce:4c:c8:41:13:33:1e:7c:12:80:44:82:4d:3e:76:66:43:4b:a3:22:3d:92:f1:80:dd:c2:58:6d:13
Signer

Actual PE Digest

b5:51:b1:ce:4c:c8:41:13:33:1e:7c:12:80:44:82:4d:3e:76:66:43:4b:a3:22:3d:92:f1:80:dd:c2:58:6d:13

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_32BIT_MACHINE

IMAGE_FILE_DLL

Exports

??0PythonCoreRunner@@IAE@XZ

??0PythonCoreRunner@@QAE@ABV0@@Z

??1PythonCoreRunner@@UAE@XZ

??4CTimestampUtil@@QAEAAV0@$$QAV0@@Z

??4CTimestampUtil@@QAEAAV0@ABV0@@Z

??4PythonCoreRunner@@QAEAAV0@ABV0@@Z

??_7PythonCoreRunner@@6B@

?ExecuteScript@PythonCoreRunner@@QAE_NV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@W4eLogLevel@@@Z

?GetDataPath@PythonCoreRunner@@SA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@XZ

?GetEssentialStuff@PythonCoreRunner@@QAEXPAPAUIBaseLink@@PAPAUIPhone@@PAPAUIUserInteraction@@PAPAUIDumperTargetCallback@@PAPAVCModuleInfo@@@Z

?GetGlobalVal@PythonCoreRunner@@QAE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V23@@Z

?GetInstance@PythonCoreRunner@@SAPAV1@XZ

?GetLastErrorStringId@PythonCoreRunner@@SA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@XZ

?GetLibsDirectory@PythonCoreRunner@@SA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@XZ

?GetLibsPath@PythonCoreRunner@@QAEPADXZ

?InitPython@PythonCoreRunner@@QAE_NXZ

?IsWindowsDebuggerPresent@PythonCoreRunner@@SAHXZ

?PtrPython@PythonCoreRunner@@2PAV1@A

?RunScript@PythonCoreRunner@@AAEHV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@0@Z

?SetEssentialStuff@PythonCoreRunner@@QAEXAAUIBaseLink@@AAUIPhone@@AAUIUserInteraction@@AAVCModuleInfo@@@Z

?SetTarget@PythonCoreRunner@@QAEXPAUIDumperTargetCallback@@@Z

?_lastErrorStringId@PythonCoreRunner@@2V?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@A

?printToXtrace@@YAXPBD@Z

?printToXtrace@@YAXV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z

CreateObject

CreateObjectExt

Sections

Size: 11KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

Size: 3KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_DISCARDABLE

IMAGE_SCN_MEM_READ

.edata
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.idata
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 3.3MB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.boot
Size: 2.1MB - Virtual size: 2.1MB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

Copy to UFED4PC 7.60 Installation directory (Data file)/ufed copy to location DLL/Dump_SamsungGSM.dll

.dll windows:6 windows x86 arch:x86

Code Sign

03:a3:43:19:c7:07:88:13:c1:21:d6:74:4a:ba:05:7e
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

27/12/2020, 00:00

Not After

03/01/2024, 23:59

Subject

CN=Cellebrite DI LTD,O=Cellebrite DI LTD,L=Petah Tikva,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign

KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23/12/2017, 00:00

Not After

22/03/2029, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

ef:90:99:a3:79:87:44:f4:24:7c:a0:f5:1f:11:02:83:34:93:b8:b0:26:d0:6a:2d:c9:63:4a:dc:1d:d4:00:87
Signer

Actual PE Digest

ef:90:99:a3:79:87:44:f4:24:7c:a0:f5:1f:11:02:83:34:93:b8:b0:26:d0:6a:2d:c9:63:4a:dc:1d:d4:00:87

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_32BIT_MACHINE

IMAGE_FILE_DLL

Exports

??0CFileRead@@QAE@ABV0@@Z

??0CFileRead@@QAE@PBGI@Z

??0CsvFile@@QAE@ABV0@@Z

??0CsvFile@@QAE@ABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@@Z

??0CsvFile@@QAE@PBEI@Z

??0IFileRead@@QAE@ABV0@@Z

??0IFileRead@@QAE@XZ

??1CFileRead@@UAE@XZ

??1CsvFile@@UAE@XZ

??1IFileRead@@UAE@XZ

??4CFileRead@@QAEAAV0@ABV0@@Z

??4CTimestampUtil@@QAEAAV0@$$QAV0@@Z

??4CTimestampUtil@@QAEAAV0@ABV0@@Z

??4CsvFile@@QAEAAV0@ABV0@@Z

??4IFileRead@@QAEAAV0@ABV0@@Z

??5CsvFile@@QAEAAV0@AAG@Z

??5CsvFile@@QAEAAV0@AAK@Z

??5CsvFile@@QAEAAV0@AAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z

??5CsvFile@@QAEAAV0@AAV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@@Z

??_7CFileRead@@6B@

??_7CsvFile@@6B@

??_7IFileRead@@6B@

?Close@CFileRead@@QAEXXZ

?Eof@CsvFile@@QAE_NXZ

?GetFileSize@CFileRead@@KA_JPAU_iobuf@@@Z

?GetMoreData@CsvFile@@IAE_NXZ

?GetNextDWORD@CsvFile@@QAEKXZ

?GetNextString@CsvFile@@QAE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ

?IsOpen@CFileRead@@UAE_NXZ

?NewLine@CsvFile@@QAE_NXZ

?NextLine@CsvFile@@QAE_NXZ

?Ok@CsvFile@@QAE_NXZ

?Pos64@CFileRead@@UAE_JXZ

?Pos@CFileRead@@QAEIXZ

?Read@CFileRead@@UAE_NPAEI@Z

?Reset@CsvFile@@QAE_NXZ

?Seek@CFileRead@@QAE_NI@Z

?Size64@CFileRead@@UAE_JXZ

?Size@CFileRead@@QAEIXZ

?__autoclassinit2@CFileRead@@QAEXI@Z

CreateObject

CreateObjectExt

Sections

Size: 157KB - Virtual size: 377KB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

Size: 28KB - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

Size: 17KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_DISCARDABLE

IMAGE_SCN_MEM_READ

.edata
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.idata
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 3.9MB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.boot
Size: 2.5MB - Virtual size: 2.5MB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

.reloc
Size: 16B - Virtual size: 4KB

IMAGE_SCN_MEM_READ

Copy to UFED4PC 7.60 Installation directory (Data file)/ufed copy to location DLL/Dump_SamsungSBL_FDE.dll

.dll windows:6 windows x86 arch:x86

Code Sign

03:a3:43:19:c7:07:88:13:c1:21:d6:74:4a:ba:05:7e
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

27/12/2020, 00:00

Not After

03/01/2024, 23:59

Subject

CN=Cellebrite DI LTD,O=Cellebrite DI LTD,L=Petah Tikva,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign

KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23/12/2017, 00:00

Not After

22/03/2029, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

f1:e1:2f:89:91:42:34:ed:43:9a:2b:51:6c:87:81:82:87:f2:38:cf:4c:8f:3d:e0:16:ca:41:a9:7e:ce:7f:32
Signer

Actual PE Digest

f1:e1:2f:89:91:42:34:ed:43:9a:2b:51:6c:87:81:82:87:f2:38:cf:4c:8f:3d:e0:16:ca:41:a9:7e:ce:7f:32

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_32BIT_MACHINE

IMAGE_FILE_DLL

Exports

??0Analayzer@@QAE@ABV0@@Z

??0CFileRead@@QAE@ABV0@@Z

??0CFileRead@@QAE@PBGI@Z

??0CFileWrite@@QAE@ABV0@@Z

??0CTimestampUtil@@QAE@W4eEpoch@0@W4eTimeUnit@0@@Z

??0CsvFile@@QAE@ABV0@@Z

??0CsvFile@@QAE@ABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@@Z

??0CsvFile@@QAE@PBEI@Z

??0FridaCoreEprProivder@@QAE@$$QAV0@@Z

??0FridaScriptResult@@QAE@$$QAU0@@Z

??0FridaScriptResult@@QAE@ABU0@@Z

??0FridaScriptResult@@QAE@XZ

??0FridaTarget@@QAE@$$QAU0@@Z

??0FridaTarget@@QAE@ABU0@@Z

??0FridaTarget@@QAE@XZ

??0IDumpLister@@QAE@$$QAV0@@Z

??0IDumpLister@@QAE@ABV0@@Z

??0IDumpLister@@QAE@XZ

??0IFileRead@@QAE@ABV0@@Z

??0IFileRead@@QAE@XZ

??0IFridaCoreProivder@@QAE@ABV0@@Z

??0IFridaCoreProivder@@QAE@XZ

??0PythonClass@@QAE@ABV0@@Z

??0Regs@@QAE@ABV0@@Z

??0ResultHandler@@QAE@ABV0@@Z

??0SearchParams@@QAE@ABV0@@Z

??0Segment@@QAE@ABV0@@Z

??0UfedFridaCoreCommandHandler@@QAE@$$QAV0@@Z

??0UfedFridaCoreCommandHandler@@QAE@ABV0@@Z

??0UfedFridaCoreCommandHandler@@QAE@XZ

??1Analayzer@@UAE@XZ

??1AndroidFridaCoreInterface@@UAE@XZ

??1CFileRead@@UAE@XZ

??1CsvFile@@UAE@XZ

??1FridaCoreEprProivder@@UAE@XZ

??1FridaScriptResult@@QAE@XZ

??1FridaTarget@@QAE@XZ

??1IFileRead@@UAE@XZ

??1IFridaCoreDeviceInterface@@UAE@XZ

??1IFridaCoreProivder@@UAE@XZ

??1ResultHandler@@UAE@XZ

??1SearchParams@@UAE@XZ

??1Segment@@UAE@XZ

??1UfedFridaCoreCommandHandler@@UAE@XZ

??4Analayzer@@QAEAAV0@ABV0@@Z

??4CFileRead@@QAEAAV0@ABV0@@Z

??4CFileWrite@@QAEAAV0@ABV0@@Z

??4CTimestampUtil@@QAEAAV0@$$QAV0@@Z

??4CTimestampUtil@@QAEAAV0@ABV0@@Z

??4CsvFile@@QAEAAV0@ABV0@@Z

??4FridaCoreExecutor@@QAEAAV0@$$QAV0@@Z

??4FridaCoreExecutor@@QAEAAV0@ABV0@@Z

??4FridaTarget@@QAEAAU0@$$QAU0@@Z

??4FridaTarget@@QAEAAU0@ABU0@@Z

??4IDumpLister@@QAEAAV0@$$QAV0@@Z

??4IDumpLister@@QAEAAV0@ABV0@@Z

??4IFileRead@@QAEAAV0@ABV0@@Z

??4IFridaCoreProivder@@QAEAAV0@ABV0@@Z

??4PyInterpeter@@QAEAAV0@ABV0@@Z

??4PythonClass@@QAEAAV0@ABV0@@Z

??4Regs@@QAEAAV0@ABV0@@Z

??4ResultHandler@@QAEAAV0@ABV0@@Z

??4SearchParams@@QAEAAV0@ABV0@@Z

??4Segment@@QAEAAV0@ABV0@@Z

??4UfedFridaCoreCommandHandler@@QAEAAV0@$$QAV0@@Z

??4UfedFridaCoreCommandHandler@@QAEAAV0@ABV0@@Z

??5CsvFile@@QAEAAV0@AAG@Z

??5CsvFile@@QAEAAV0@AAK@Z

??5CsvFile@@QAEAAV0@AAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z

??5CsvFile@@QAEAAV0@AAV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@@Z

??_7Analayzer@@6B@

??_7CFileRead@@6B@

??_7CFileWrite@@6B@

??_7CsvFile@@6B@

??_7FridaCoreEprProivder@@6B@

??_7IDumpLister@@6B@

??_7IFileRead@@6B@

??_7IFridaCoreProivder@@6B@

??_7PythonClass@@6B@

??_7Regs@@6B@

??_7ResultHandler@@6B@

??_7SearchParams@@6B@

??_7Segment@@6B@

??_7UfedFridaCoreCommandHandler@@6B@

?Close@CFileRead@@QAEXXZ

?CloseDumpListFile@CDumpListerFacade@@UAE?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@XZ

?CreateTimestamp@CTimestampUtil@@QAEX_KAAUSMS_struct_tag@@@Z

?CreateTimestamp@CTimestampUtil@@QAEX_KAAU_SYSTEMTIME@@@Z

?CreateTimestamp@CTimestampUtil@@QAEX_KAAUtm@@@Z

?Eof@CsvFile@@QAE_NXZ

?FetchFileListFromAllIncludes@CDumpListerFacade@@UAE_NXZ

?FetchFilesList@CDumpListerFacade@@UAE_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z

?FetchMoreFilesAndDirsToLists@CDumpListerFacade@@UAE_NAAH0@Z

?GetFileSize@CFileRead@@KA_JPAU_iobuf@@@Z

?GetInTimeUnits@CTimestampUtil@@QAE_KABUSMS_struct_tag@@@Z

?GetInTimeUnits@CTimestampUtil@@QAE_KABU_FILETIME@@@Z

?GetInTimeUnits@CTimestampUtil@@QAE_KABU_SYSTEMTIME@@@Z

?GetInTimeUnits@CTimestampUtil@@QAE_KABUtm@@@Z

?GetMoreData@CsvFile@@IAE_NXZ

?GetNextDWORD@CsvFile@@QAEKXZ

?GetNextPath@CDumpListerFacade@@UAE?AUPathInfo@IDumpLister@@XZ

?GetNextString@CsvFile@@QAE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ

?GetNumberOfFiles@CDumpListerFacade@@UAEIXZ

?GetStatusCountersVector@CDumpListerFacade@@UAE?AV?$vector@IV?$allocator@I@std@@@std@@XZ

?GetTempPathW@CDumpListerFacade@@UAE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ

?GetTotalFilesCount@CDumpListerFacade@@UAE_NAA_K@Z

?GetTotalFilesSize@CDumpListerFacade@@UAE_NAA_K@Z

?IsOpen@CFileRead@@UAE_NXZ

?ListingEnded@CDumpListerFacade@@UAE_NXZ

?NewLine@CsvFile@@QAE_NXZ

?NextLine@CsvFile@@QAE_NXZ

?Ok@CsvFile@@QAE_NXZ

?Pos64@CFileRead@@UAE_JXZ

?Pos@CFileRead@@QAEIXZ

?Read@CFileRead@@UAE_NPAEI@Z

?Reset@CsvFile@@QAE_NXZ

?ResetFilesAndDirsList@CDumpListerFacade@@UAEXXZ

?Seek@CFileRead@@QAE_NI@Z

?SetApplicationMessageCallback@CDumpListerFacade@@UAEXV?$function@$$A6AXVCStringArg@@V?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@_KI@Z@std@@@Z

?SetApplicationMessageCallback@IDumpLister@@UAEXV?$function@$$A6AXVCStringArg@@V?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@_KI@Z@std@@@Z

?SetEpoch@CTimestampUtil@@QAEXW4eEpoch@1@@Z

?SetFileMetaDataCallback@CDumpListerFacade@@UAEXV?$function@$$A6A?AUFileMetaData@IDumpLister@@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z@std@@@Z

?SetFileMetaDataCallback@IDumpLister@@UAEXV?$function@$$A6A?AUFileMetaData@IDumpLister@@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z@std@@@Z

?SetFileStatus@CDumpListerFacade@@UAEXABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@W4FileStatus@IDumpLister@@PAU_DWE_file_data@@PAUFileMetaData@5@@Z

?SetFolderList@CDumpListerFacade@@UAEXAAVCFoldersInfo@@@Z

?SetFolderList@IDumpLister@@UAEXAAVCFoldersInfo@@@Z

?SetFolderNotificationCallback@CDumpListerFacade@@UAEXV?$function@$$A6AXABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z@std@@@Z

?SetFolderNotificationCallback@IDumpLister@@UAEXV?$function@$$A6AXABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z@std@@@Z

?SetPassword@AndroidDeviceDecrypt@@UAEXV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z

?SetTarget@CDumpListerFacade@@UAEXPAUIDumperTargetCallback@@@Z

?SetTarget@IDumpLister@@UAEXPAUIDumperTargetCallback@@@Z

?Size64@CFileRead@@UAE_JXZ

?Size@CFileRead@@QAEIXZ

?SmsTimeToSystemTime@CTimestampUtil@@SA?AU_SYSTEMTIME@@ABUSMS_struct_tag@@@Z

?StartFetchFilesAndDirectoriesLists@CDumpListerFacade@@UAE_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@_N@Z

?SystemTimeToSmsTime@CTimestampUtil@@SAXABU_SYSTEMTIME@@AAUSMS_struct_tag@@@Z

?SystemTimeToString@CTimestampUtil@@SA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@ABU_SYSTEMTIME@@@Z

?SystemTimeToTm@CTimestampUtil@@SA?AUtm@@ABU_SYSTEMTIME@@@Z

?SystemTimeToWstring@CTimestampUtil@@SA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@ABU_SYSTEMTIME@@@Z

?TmToSystemTime@CTimestampUtil@@SA?AU_SYSTEMTIME@@ABUtm@@@Z

?UpdateFilesCount@CDumpListerFacade@@UAE_NXZ

?__autoclassinit2@CFileRead@@QAEXI@Z

?mAltQcpEpoch@CTimestampUtil@@0U_SYSTEMTIME@@B

?mAppleEpoch@CTimestampUtil@@0U_SYSTEMTIME@@B

?mLinuxEpoch@CTimestampUtil@@0U_SYSTEMTIME@@B

?mQcpEpoch@CTimestampUtil@@0U_SYSTEMTIME@@B

CreateObject

CreateObjectExt

Sections

Size: 416KB - Virtual size: 1006KB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

Size: 88KB - Virtual size: 377KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

Size: 3KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

Size: 48KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_DISCARDABLE

IMAGE_SCN_MEM_READ

.edata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.idata
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 3.9MB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.boot
Size: 2.4MB - Virtual size: 2.4MB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

.reloc
Size: 16B - Virtual size: 4KB

IMAGE_SCN_MEM_READ

Copy to UFED4PC 7.60 Installation directory (Data file)/ufed copy to location DLL/Dump_Selenium.dll

.dll windows:6 windows x86 arch:x86

Code Sign

03:a3:43:19:c7:07:88:13:c1:21:d6:74:4a:ba:05:7e
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

27/12/2020, 00:00

Not After

03/01/2024, 23:59

Subject

CN=Cellebrite DI LTD,O=Cellebrite DI LTD,L=Petah Tikva,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign

KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23/12/2017, 00:00

Not After

22/03/2029, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

e6:3f:b8:a6:cf:23:ed:99:3f:15:fb:28:d0:c1:ec:c1:1d:1a:c6:31:fd:f4:6f:48:d3:df:fa:89:c3:11:12:cc
Signer

Actual PE Digest

e6:3f:b8:a6:cf:23:ed:99:3f:15:fb:28:d0:c1:ec:c1:1d:1a:c6:31:fd:f4:6f:48:d3:df:fa:89:c3:11:12:cc

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_32BIT_MACHINE

IMAGE_FILE_DLL

Exports

??0AndroidFridaCoreInterface@@QAE@V?$unique_ptr@VIFridaCoreProivder@@U?$default_delete@VIFridaCoreProivder@@@std@@@std@@AAVCLowLevel@@AAVAndroidDumper@@V?$unique_ptr@VIFridaCoreCommandHandler@@U?$default_delete@VIFridaCoreCommandHandler@@@std@@@2@@Z

??0CFileRead@@QAE@ABV0@@Z

??0CFileRead@@QAE@PBGI@Z

??0CFileWrite@@QAE@ABV0@@Z

??0CFileWrite@@QAE@PBG0I@Z

??0CFileWrite@@QAE@PBGI@Z

??0CTimestampUtil@@QAE@W4eEpoch@0@W4eTimeUnit@0@@Z

??0CsvFile@@QAE@ABV0@@Z

??0FridaCoreEprProivder@@QAE@$$QAV0@@Z

??0FridaScriptResult@@QAE@$$QAU0@@Z

??0FridaScriptResult@@QAE@ABU0@@Z

??0FridaScriptResult@@QAE@XZ

??0FridaTarget@@QAE@$$QAU0@@Z

??0FridaTarget@@QAE@ABU0@@Z

??0FridaTarget@@QAE@XZ

??0IDumpLister@@QAE@$$QAV0@@Z

??0IDumpLister@@QAE@ABV0@@Z

??0IDumpLister@@QAE@XZ

??0IFileRead@@QAE@ABV0@@Z

??0IFileRead@@QAE@XZ

??0IFridaCoreProivder@@QAE@ABV0@@Z

??0IFridaCoreProivder@@QAE@XZ

??1AndroidFridaCoreInterface@@UAE@XZ

??1CFileRead@@UAE@XZ

??1CFileWrite@@UAE@XZ

??1FridaCoreEprProivder@@UAE@XZ

??1FridaScriptResult@@QAE@XZ

??1FridaTarget@@QAE@XZ

??1IFileRead@@UAE@XZ

??1IFridaCoreDeviceInterface@@UAE@XZ

??1IFridaCoreProivder@@UAE@XZ

??4CFileRead@@QAEAAV0@ABV0@@Z

??4CFileWrite@@QAEAAV0@ABV0@@Z

??4CTimestampUtil@@QAEAAV0@$$QAV0@@Z

??4CTimestampUtil@@QAEAAV0@ABV0@@Z

??4CsvFile@@QAEAAV0@ABV0@@Z

??4FridaCoreExecutor@@QAEAAV0@$$QAV0@@Z

??4FridaCoreExecutor@@QAEAAV0@ABV0@@Z

??4FridaTarget@@QAEAAU0@$$QAU0@@Z

??4FridaTarget@@QAEAAU0@ABU0@@Z

??4IDumpLister@@QAEAAV0@$$QAV0@@Z

??4IDumpLister@@QAEAAV0@ABV0@@Z

??4IFileRead@@QAEAAV0@ABV0@@Z

??4IFridaCoreProivder@@QAEAAV0@ABV0@@Z

??_7AndroidFridaCoreInterface@@6B@

??_7CFileRead@@6B@

??_7CFileWrite@@6B@

??_7CsvFile@@6B@

??_7FridaCoreEprProivder@@6B@

??_7IDumpLister@@6B@

??_7IFileRead@@6B@

??_7IFridaCoreProivder@@6B@

?CheckAndSetupAdb@AndroidFridaCoreInterface@@AAEXXZ

?CheckAndSetupDumper@AndroidFridaCoreInterface@@AAEXXZ

?Cleanup@AndroidFridaCoreInterface@@UAEXXZ

?Close@CFileRead@@QAEXXZ

?Close@CFileWrite@@QAE_NXZ

?CloseDumpListFile@CDumpListerFacade@@UAE?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@XZ

?CreateTimestamp@CTimestampUtil@@QAEX_KAAUSMS_struct_tag@@@Z

?CreateTimestamp@CTimestampUtil@@QAEX_KAAU_SYSTEMTIME@@@Z

?CreateTimestamp@CTimestampUtil@@QAEX_KAAUtm@@@Z

?DoesTargetPackageExists@AndroidFridaCoreInterface@@EAE_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z

?FetchFileListFromAllIncludes@CDumpListerFacade@@UAE_NXZ

?FetchFilesList@CDumpListerFacade@@UAE_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z

?FetchMoreFilesAndDirsToLists@CDumpListerFacade@@UAE_NAAH0@Z

?FlushCachedData@CFileWrite@@QAE_NXZ

?GetAppUid@AndroidFridaCoreInterface@@AAEHABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z

?GetArchitecture@AndroidFridaCoreInterface@@EAE?AW4Arch@IFridaCoreProivder@@XZ

?GetBrand@AndroidFridaCoreInterface@@AAE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ

?GetDevicePacakges@AndroidFridaCoreInterface@@CA?AV?$vector@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V?$allocator@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@@std@@AAVCLowLevel@@@Z

?GetFileSize@CFileRead@@KA_JPAU_iobuf@@@Z

?GetInTimeUnits@CTimestampUtil@@QAE_KABUSMS_struct_tag@@@Z

?GetInTimeUnits@CTimestampUtil@@QAE_KABU_FILETIME@@@Z

?GetInTimeUnits@CTimestampUtil@@QAE_KABU_SYSTEMTIME@@@Z

?GetInTimeUnits@CTimestampUtil@@QAE_KABUtm@@@Z

?GetManufacturer@AndroidFridaCoreInterface@@AAE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ

?GetNextPath@CDumpListerFacade@@UAE?AUPathInfo@IDumpLister@@XZ

?GetNumberOfFiles@CDumpListerFacade@@UAEIXZ

?GetStatusCountersVector@CDumpListerFacade@@UAE?AV?$vector@IV?$allocator@I@std@@@std@@XZ

?GetTempPathW@CDumpListerFacade@@UAE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ

?GetTotalFilesCount@CDumpListerFacade@@UAE_NAA_K@Z

?GetTotalFilesSize@CDumpListerFacade@@UAE_NAA_K@Z

?GetVendor@AndroidFridaCoreInterface@@EAE?AW4Vendor@IFridaCoreVendor@@XZ

?IsOpen@CFileRead@@UAE_NXZ

?IsReady@CFileWrite@@QAE_NXZ

?KillApp@AndroidFridaCoreInterface@@EAEXABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z

?KillPidsByCmdline@AndroidFridaCoreInterface@@AAEXABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z

?KillPidsByCmdlineNoThrow@AndroidFridaCoreInterface@@AAEXABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z

?ListingEnded@CDumpListerFacade@@UAE_NXZ

?Open@CFileWrite@@QAE_NPBG_N@Z

?PatchSeTargetPolicy@AndroidFridaCoreInterface@@AAEXABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@W4Vendor@IFridaCoreVendor@@@Z

?PatchTriggerSetupScript@AndroidFridaCoreInterface@@AAEXAAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@H@Z

?Pos64@CFileRead@@UAE_JXZ

?Pos@CFileRead@@QAEIXZ

?PostFailureCleanup@AndroidFridaCoreInterface@@EAEXABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z

?Read@CFileRead@@UAE_NPAEI@Z

?Rename@CFileWrite@@SA_NPBG0@Z

?ResetFilesAndDirsList@CDumpListerFacade@@UAEXXZ

?RunFridaScriptImpl@AndroidFridaCoreInterface@@EAE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@ABV23@ABUFridaTarget@@@Z

?RunPsWithGrep@AndroidFridaCoreInterface@@AAE?AV?$optional@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@std@@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@3@@Z

?Seek@CFileRead@@QAE_NI@Z

?Seek@CFileWrite@@QAE_NI@Z

?SetApplicationMessageCallback@CDumpListerFacade@@UAEXV?$function@$$A6AXVCStringArg@@V?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@_KI@Z@std@@@Z

?SetApplicationMessageCallback@IDumpLister@@UAEXV?$function@$$A6AXVCStringArg@@V?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@_KI@Z@std@@@Z

?SetEpoch@CTimestampUtil@@QAEXW4eEpoch@1@@Z

?SetFileMetaDataCallback@CDumpListerFacade@@UAEXV?$function@$$A6A?AUFileMetaData@IDumpLister@@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z@std@@@Z

?SetFileMetaDataCallback@IDumpLister@@UAEXV?$function@$$A6A?AUFileMetaData@IDumpLister@@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z@std@@@Z

?SetFileStatus@CDumpListerFacade@@UAEXABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@W4FileStatus@IDumpLister@@PAU_DWE_file_data@@PAUFileMetaData@5@@Z

?SetFolderList@CDumpListerFacade@@UAEXAAVCFoldersInfo@@@Z

?SetFolderList@IDumpLister@@UAEXAAVCFoldersInfo@@@Z

?SetFolderNotificationCallback@CDumpListerFacade@@UAEXV?$function@$$A6AXABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z@std@@@Z

?SetFolderNotificationCallback@IDumpLister@@UAEXV?$function@$$A6AXABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z@std@@@Z

?SetTarget@CDumpListerFacade@@UAEXPAUIDumperTargetCallback@@@Z

?SetTarget@IDumpLister@@UAEXPAUIDumperTargetCallback@@@Z

?Size64@CFileRead@@UAE_JXZ

?Size@CFileRead@@QAEIXZ

?SmsTimeToSystemTime@CTimestampUtil@@SA?AU_SYSTEMTIME@@ABUSMS_struct_tag@@@Z

?StartFetchFilesAndDirectoriesLists@CDumpListerFacade@@UAE_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@_N@Z

?SystemTimeToSmsTime@CTimestampUtil@@SAXABU_SYSTEMTIME@@AAUSMS_struct_tag@@@Z

?SystemTimeToString@CTimestampUtil@@SA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@ABU_SYSTEMTIME@@@Z

?SystemTimeToTm@CTimestampUtil@@SA?AUtm@@ABU_SYSTEMTIME@@@Z

?SystemTimeToWstring@CTimestampUtil@@SA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@ABU_SYSTEMTIME@@@Z

?TmToSystemTime@CTimestampUtil@@SA?AU_SYSTEMTIME@@ABUtm@@@Z

?TriggerAppCmd@AndroidFridaCoreInterface@@EAE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@ABUFridaTarget@@@Z

?TriggerAppRetrySetup@AndroidFridaCoreInterface@@AAEXH@Z

?UpdateFilesCount@CDumpListerFacade@@UAE_NXZ

?UploadAndTrackFile@AndroidFridaCoreInterface@@AAE_NPBEIABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z

?UploadFiles@AndroidFridaCoreInterface@@EAE_NXZ

?UploadFridaScript@AndroidFridaCoreInterface@@EAE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@ABUFridaTarget@@@Z

?Write@CFileWrite@@QAE_NPBEI@Z

?__autoclassinit2@CFileRead@@QAEXI@Z

?mAltQcpEpoch@CTimestampUtil@@0U_SYSTEMTIME@@B

?mAppleEpoch@CTimestampUtil@@0U_SYSTEMTIME@@B

?mLinuxEpoch@CTimestampUtil@@0U_SYSTEMTIME@@B

?mQcpEpoch@CTimestampUtil@@0U_SYSTEMTIME@@B

CreateObject

CreateObjectExt

Sections

Size: 180KB - Virtual size: 428KB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

Size: 34KB - Virtual size: 123KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

Size: 1KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

Size: 19KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_DISCARDABLE

IMAGE_SCN_MEM_READ

.edata
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.idata
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 3.7MB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.boot
Size: 2.4MB - Virtual size: 2.4MB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

.reloc
Size: 16B - Virtual size: 4KB

IMAGE_SCN_MEM_READ

Copy to UFED4PC 7.60 Installation directory (Data file)/ufed copy to location DLL/Dump_SpreadTrum.dll

.dll windows:6 windows x86 arch:x86

Code Sign

03:a3:43:19:c7:07:88:13:c1:21:d6:74:4a:ba:05:7e
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

27/12/2020, 00:00

Not After

03/01/2024, 23:59

Subject

CN=Cellebrite DI LTD,O=Cellebrite DI LTD,L=Petah Tikva,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign

KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23/12/2017, 00:00

Not After

22/03/2029, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

4e:23:b0:31:ee:ea:f8:91:9a:81:df:46:04:cc:9d:5c:6c:b7:42:a6:bd:8e:1b:34:90:3e:ae:e4:07:04:a0:e9
Signer

Actual PE Digest

4e:23:b0:31:ee:ea:f8:91:9a:81:df:46:04:cc:9d:5c:6c:b7:42:a6:bd:8e:1b:34:90:3e:ae:e4:07:04:a0:e9

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_32BIT_MACHINE

IMAGE_FILE_DLL

Exports

??4CTimestampUtil@@QAEAAV0@$$QAV0@@Z

??4CTimestampUtil@@QAEAAV0@ABV0@@Z

CreateObject

CreateObjectExt

Sections

Size: 32KB - Virtual size: 62KB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

Size: 8KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_DISCARDABLE

IMAGE_SCN_MEM_READ

.edata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.idata
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 3.9MB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.boot
Size: 2.5MB - Virtual size: 2.5MB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

.reloc
Size: 16B - Virtual size: 4KB

IMAGE_SCN_MEM_READ

Copy to UFED4PC 7.60 Installation directory (Data file)/ufed copy to location DLL/Dump_ZTE.dll

.dll windows:6 windows x86 arch:x86

Code Sign

03:a3:43:19:c7:07:88:13:c1:21:d6:74:4a:ba:05:7e
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

27/12/2020, 00:00

Not After

03/01/2024, 23:59

Subject

CN=Cellebrite DI LTD,O=Cellebrite DI LTD,L=Petah Tikva,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign

KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23/12/2017, 00:00

Not After

22/03/2029, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

87:57:56:7f:50:8f:bb:6a:4f:82:2f:77:40:ac:72:66:3f:08:1b:99:86:28:e6:70:ad:95:5a:71:bb:e9:01:11
Signer

Actual PE Digest

87:57:56:7f:50:8f:bb:6a:4f:82:2f:77:40:ac:72:66:3f:08:1b:99:86:28:e6:70:ad:95:5a:71:bb:e9:01:11

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_32BIT_MACHINE

IMAGE_FILE_DLL

Exports

??4CTimestampUtil@@QAEAAV0@$$QAV0@@Z

??4CTimestampUtil@@QAEAAV0@ABV0@@Z

CreateObject

CreateObjectExt

Sections

Size: 24KB - Virtual size: 46KB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

Size: 6KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_DISCARDABLE

IMAGE_SCN_MEM_READ

.edata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.idata
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 3.5MB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.boot
Size: 2.2MB - Virtual size: 2.2MB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

Copy to UFED4PC 7.60 Installation directory (Data file)/ufed copy to location DLL/Dump_common.dll

.dll windows:6 windows x86 arch:x86

Code Sign

03:a3:43:19:c7:07:88:13:c1:21:d6:74:4a:ba:05:7e
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

27/12/2020, 00:00

Not After

03/01/2024, 23:59

Subject

CN=Cellebrite DI LTD,O=Cellebrite DI LTD,L=Petah Tikva,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign

KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23/12/2017, 00:00

Not After

22/03/2029, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

e2:99:36:56:a2:e5:af:52:6d:5e:9b:ab:f0:48:6b:53:f9:bc:09:f2:56:c1:0b:2d:cd:66:8e:00:81:44:42:93
Signer

Actual PE Digest

e2:99:36:56:a2:e5:af:52:6d:5e:9b:ab:f0:48:6b:53:f9:bc:09:f2:56:c1:0b:2d:cd:66:8e:00:81:44:42:93

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_32BIT_MACHINE

IMAGE_FILE_DLL

Exports

??0BaseAddresses_t@@QAE@KKKKKKKKKKKKKKKKKKKKK_NKKKK@Z

??0CMTKRomLoader@@QAE@ABV0@@Z

??0CMTKRomLoader@@QAE@XZ

??0CNewMTKRomLoader@@QAE@ABV0@@Z

??0CNewMTKRomLoader@@QAE@XZ

??0DeviceProfiles_t@@QAE@$$QAU0@@Z

??0DeviceProfiles_t@@QAE@ABU0@@Z

??0DeviceProfiles_t@@QAE@PBDKKKKGPBKKKKKKKKKKKKKKKEEPBUBaseAddresses_t@@@Z

??0PhoneInfo_t@@QAE@XZ

??1CMTKRomLoader@@UAE@XZ

??1CNewMTKRomLoader@@UAE@XZ

??1DeviceProfiles_t@@QAE@XZ

??4BaseAddresses_t@@QAEAAU0@$$QAU0@@Z

??4BaseAddresses_t@@QAEAAU0@ABU0@@Z

??4CMTKRomLoader@@QAEAAV0@ABV0@@Z

??4CNewMTKRomLoader@@QAEAAV0@ABV0@@Z

??4DeviceProfiles_t@@QAEAAU0@$$QAU0@@Z

??4DeviceProfiles_t@@QAEAAU0@ABU0@@Z

??4PhoneInfo_t@@QAEAAU0@$$QAU0@@Z

??4PhoneInfo_t@@QAEAAU0@ABU0@@Z

??_7CMTKRomLoader@@6B@

??_7CNewMTKRomLoader@@6B@

??_FBaseAddresses_t@@QAEXXZ

?BTLInitSequenceForCommNokia@CNewMTKRomLoader@@QAEXXZ

?CheckAndSetInfoByFamily@CMTKRomLoader@@QAE_NG@Z

?Connect6223@CMTKRomLoader@@IAEXXZ

?Connect6225@CMTKRomLoader@@IAEXXZ

?Connect6226@CMTKRomLoader@@IAEXXZ

?Connect6228@CMTKRomLoader@@IAEXXZ

?Connect6235@CMTKRomLoader@@IAEXXZ

?Connect6236@CMTKRomLoader@@IAEXXZ

?Connect6238@CMTKRomLoader@@IAEXXZ

?Connect6252@CMTKRomLoader@@IAEXXZ

?Connect6253@CMTKRomLoader@@IAEXXZ

?Connect6516@CMTKRomLoader@@IAEXXZ

?Connect@CNewMTKRomLoader@@QAE_NXZ

?CreateMTKFrame@CMTKRomLoader@@IAEHPAEKKHPBE@Z

?DisablePowerOff@CMTKRomLoader@@QAEXXZ

?DisablePowerOff@CNewMTKRomLoader@@UAEXXZ

?DisableProfileSupport@CNewMTKRomLoader@@QAEXPBD@Z

?DisableWdt@CMTKRomLoader@@UAEXK@Z

?DumpPart@CNewMTKRomLoader@@QAE?AW4ErrorCode@@PAEKKH@Z

?EMI_CONI_ofst@CMTKRomLoader@@2QBEB

?GetCPUSpeed@CMTKRomLoader@@QAEXXZ

?GetCurrentDeviceProfile@CNewMTKRomLoader@@QAEPBUDeviceProfiles_t@@XZ

?GetHWCodes_CmdFD@CNewMTKRomLoader@@AAEXAAG0@Z

?GetHWSWVers_CmdFC@CNewMTKRomLoader@@AAEXAAK0@Z

?GetMemAtAddress@CMTKRomLoader@@QAE_NPAEHKH@Z

?GetNokiaMTKOpCode@CNewMTKRomLoader@@AAEEH_NAAK@Z

?GetPhoneInfo@CMTKRomLoader@@QAEXAAUPhoneInfo_t@@@Z

?GetProtectionType_CmdFF@CNewMTKRomLoader@@AAEXAAE@Z

?Jump2Address@CNewMTKRomLoader@@QAEXKKKK@Z

?JumpToAddress@CMTKRomLoader@@QAEXKKK@Z

?LockRTC@CMTKRomLoader@@IAEX_N@Z

?LockRTC@CNewMTKRomLoader@@EAEX_N@Z

?MatchDeviceProfile@CNewMTKRomLoader@@AAEPBUBaseAddresses_t@@GGGKKE@Z

?PreConnect@CMTKRomLoader@@IAEXXZ

?RunBuiltInBTL@CMTKRomLoader@@QAE_NXZ

?RunGenericBTL@CMTKRomLoader@@QAE_NXZ

?SendReceive@CMTKRomLoader@@QAEHPAEHPBEHI@Z

?SendReceiveMTKFrame@CMTKRomLoader@@MAEHPAEKKHPBE@Z

?SendReceiveMTKFrame@CNewMTKRomLoader@@EAEHPAEKKHPBE@Z

?SetBaseAddresses@CMTKRomLoader@@QAEPBUBaseAddresses_t@@XZ

?SetBaudrate@CMTKRomLoader@@QAE_NH@Z

?SetDeviceAddress@CNewMTKRomLoader@@QAEPBUBaseAddresses_t@@XZ

?SetEMI_1@CMTKRomLoader@@QAEXXZ

?SetEMI_2@CMTKRomLoader@@QAEXXZ

?SetLink@CMTKRomLoader@@QAEXPAUIBaseLink@@@Z

?SetMemAtAddress@CMTKRomLoader@@QAE_NPAEHKPBEH@Z

?SetPhone@CMTKRomLoader@@QAEXW4ePhoneType@1@@Z

?SetPhoneInfo@CMTKRomLoader@@QAE_NXZ

?SetTimeOut@CMTKRomLoader@@IAEXXZ

?SetTimeOutValue@CMTKRomLoader@@QAEXK@Z

?TimeOut@CMTKRomLoader@@IAE_NXZ

?base_Address_4@CMTKRomLoader@@2UBaseAddresses_t@@B

?base_Address_5@CMTKRomLoader@@2UBaseAddresses_t@@B

?base_Address_6235@CMTKRomLoader@@2UBaseAddresses_t@@B

?base_Address_6@CMTKRomLoader@@2UBaseAddresses_t@@B

?base_Address_80001@CMTKRomLoader@@2UBaseAddresses_t@@B

?base_Address_8000@CMTKRomLoader@@2UBaseAddresses_t@@B

?base_Address_8001@CMTKRomLoader@@2UBaseAddresses_t@@B

?base_Address_MT_625A@CMTKRomLoader@@2UBaseAddresses_t@@B

?base_Address_MT_6260@CMTKRomLoader@@2UBaseAddresses_t@@B

?base_Address_MT_6261@CMTKRomLoader@@2UBaseAddresses_t@@B

?base_Address_MT_6571@CMTKRomLoader@@2UBaseAddresses_t@@B

?base_Address_MT_6572@CMTKRomLoader@@2UBaseAddresses_t@@B

?base_Address_MT_6573@CMTKRomLoader@@2UBaseAddresses_t@@B

?base_Address_MT_6580@CMTKRomLoader@@2UBaseAddresses_t@@B

?base_Address_MT_6582@CMTKRomLoader@@2UBaseAddresses_t@@B

?base_Address_MT_6583@CMTKRomLoader@@2UBaseAddresses_t@@B

?base_Address_MT_6592@CMTKRomLoader@@2UBaseAddresses_t@@B

?base_Address_MT_6595@CMTKRomLoader@@2UBaseAddresses_t@@B

?base_Address_MT_65xx@CMTKRomLoader@@2UBaseAddresses_t@@B

?base_Address_MT_6735@CMTKRomLoader@@2UBaseAddresses_t@@B

?base_Address_MT_6752@CMTKRomLoader@@2UBaseAddresses_t@@B

?base_Address_MT_6795@CMTKRomLoader@@2UBaseAddresses_t@@B

?mtk625AProfile@CNewMTKRomLoader@@2UDeviceProfiles_t@@B

?mtk6260Profile@CNewMTKRomLoader@@2UDeviceProfiles_t@@B

?mtk6571Profile@CNewMTKRomLoader@@2UDeviceProfiles_t@@B

?mtk6572Profile@CNewMTKRomLoader@@2UDeviceProfiles_t@@B

?mtk6580Profile@CNewMTKRomLoader@@2UDeviceProfiles_t@@B

?mtk6582Profile@CNewMTKRomLoader@@2UDeviceProfiles_t@@B

?mtk6592Profile@CNewMTKRomLoader@@2UDeviceProfiles_t@@B

?mtk6595Profile@CNewMTKRomLoader@@2UDeviceProfiles_t@@B

?mtk6735AltProfile@CNewMTKRomLoader@@2UDeviceProfiles_t@@B

?mtk6735Profile@CNewMTKRomLoader@@2UDeviceProfiles_t@@B

?mtk6752Profile@CNewMTKRomLoader@@2UDeviceProfiles_t@@B

?mtk6753Profile@CNewMTKRomLoader@@2UDeviceProfiles_t@@B

?mtk6795Profile@CNewMTKRomLoader@@2UDeviceProfiles_t@@B

?nokia105Profile@CNewMTKRomLoader@@2UDeviceProfiles_t@@B

?nokia108Profile@CNewMTKRomLoader@@2UDeviceProfiles_t@@B

Sections

Size: 12KB - Virtual size: 26KB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

Size: 3KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_DISCARDABLE

IMAGE_SCN_MEM_READ

.edata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 3.5MB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.boot
Size: 2.2MB - Virtual size: 2.2MB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

Copy to UFED4PC 7.60 Installation directory (Data file)/ufed copy to location DLL/Dump_iPhone_MNM.dll

.dll windows:6 windows x86 arch:x86

Code Sign

03:a3:43:19:c7:07:88:13:c1:21:d6:74:4a:ba:05:7e
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

27/12/2020, 00:00

Not After

03/01/2024, 23:59

Subject

CN=Cellebrite DI LTD,O=Cellebrite DI LTD,L=Petah Tikva,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign

KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23/12/2017, 00:00

Not After

22/03/2029, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

13:8d:0f:dd:4b:5b:ce:00:9b:0a:81:d1:51:28:06:93:3e:e8:02:89:79:c9:b1:e6:86:52:89:4f:c3:b1:97:17
Signer

Actual PE Digest

13:8d:0f:dd:4b:5b:ce:00:9b:0a:81:d1:51:28:06:93:3e:e8:02:89:79:c9:b1:e6:86:52:89:4f:c3:b1:97:17

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_32BIT_MACHINE

IMAGE_FILE_DLL

Exports

??0CFileRead@@QAE@ABV0@@Z

??0CFileRead@@QAE@PBGI@Z

??0IFileRead@@QAE@ABV0@@Z

??0IFileRead@@QAE@XZ

??1CFileRead@@UAE@XZ

??1IFileRead@@UAE@XZ

??4CFileRead@@QAEAAV0@ABV0@@Z

??4CTimestampUtil@@QAEAAV0@$$QAV0@@Z

??4CTimestampUtil@@QAEAAV0@ABV0@@Z

??4IFileRead@@QAEAAV0@ABV0@@Z

??_7CFileRead@@6B@

??_7IFileRead@@6B@

?Close@CFileRead@@QAEXXZ

?GetFileSize@CFileRead@@KA_JPAU_iobuf@@@Z

?IsOpen@CFileRead@@UAE_NXZ

?Pos64@CFileRead@@UAE_JXZ

?Pos@CFileRead@@QAEIXZ

?Read@CFileRead@@UAE_NPAEI@Z

?Seek@CFileRead@@QAE_NI@Z

?Size64@CFileRead@@UAE_JXZ

?Size@CFileRead@@QAEIXZ

?__autoclassinit2@CFileRead@@QAEXI@Z

CreateObject

CreateObjectExt

Sections

Size: 171KB - Virtual size: 420KB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

Size: 44KB - Virtual size: 159KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

Size: 1KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

Size: 17KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_DISCARDABLE

IMAGE_SCN_MEM_READ

.edata
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.idata
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 3.7MB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.boot
Size: 2.4MB - Virtual size: 2.4MB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

.reloc
Size: 16B - Virtual size: 4KB

IMAGE_SCN_MEM_READ

Copy to UFED4PC 7.60 Installation directory (Data file)/ufed copy to location DLL/EvidenceCollection_iPhone.dll

.dll windows:6 windows x86 arch:x86

Code Sign

03:a3:43:19:c7:07:88:13:c1:21:d6:74:4a:ba:05:7e
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

27/12/2020, 00:00

Not After

03/01/2024, 23:59

Subject

CN=Cellebrite DI LTD,O=Cellebrite DI LTD,L=Petah Tikva,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign

KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23/12/2017, 00:00

Not After

22/03/2029, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

a5:88:73:f7:6d:ff:f7:7b:a4:80:26:36:06:7b:73:dc:8e:60:3d:2e:a6:dd:21:e9:7e:cb:d4:c4:30:f7:aa:ae
Signer

Actual PE Digest

a5:88:73:f7:6d:ff:f7:7b:a4:80:26:36:06:7b:73:dc:8e:60:3d:2e:a6:dd:21:e9:7e:cb:d4:c4:30:f7:aa:ae

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_32BIT_MACHINE

IMAGE_FILE_DLL

Exports

??4CTimestampUtil@@QAEAAV0@$$QAV0@@Z

??4CTimestampUtil@@QAEAAV0@ABV0@@Z

CreateObject

CreateObjectExt

Sections

Size: 28KB - Virtual size: 56KB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

Size: 6KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_DISCARDABLE

IMAGE_SCN_MEM_READ

.edata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.idata
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 3.7MB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.boot
Size: 2.3MB - Virtual size: 2.3MB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

Copy to UFED4PC 7.60 Installation directory (Data file)/ufed copy to location DLL/Exodus.CellebriteTouch.exe

.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

IMAGE_DLLCHARACTERISTICS_NO_SEH

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_LINE_NUMS_STRIPPED

IMAGE_FILE_LOCAL_SYMS_STRIPPED

IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: - Virtual size: 20.3MB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

.u5;
Size: - Virtual size: 16.5MB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

.&uz
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.IpR
Size: 31.5MB - Virtual size: 31.5MB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

.rsrc
Size: 127KB - Virtual size: 126KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_DISCARDABLE

IMAGE_SCN_MEM_READ

Copy to UFED4PC 7.60 Installation directory (Data file)/ufed copy to location DLL/Exodus.Connector.Database.dll

.dll windows:6 windows x86 arch:x86

12718fd49107e10bee67d4293ad4be59

Code Sign

03:a3:43:19:c7:07:88:13:c1:21:d6:74:4a:ba:05:7e
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

27/12/2020, 00:00

Not After

03/01/2024, 23:59

Subject

CN=Cellebrite DI LTD,O=Cellebrite DI LTD,L=Petah Tikva,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign

KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23/12/2017, 00:00

Not After

22/03/2029, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

42:83:d2:6d:bb:a9:4e:b1:64:f5:19:9f:34:35:f5:e8:ae:38:64:ff:05:ad:4e:f1:b7:c8:f4:c1:0d:fc:d5:6d
Signer

Actual PE Digest

42:83:d2:6d:bb:a9:4e:b1:64:f5:19:9f:34:35:f5:e8:ae:38:64:ff:05:ad:4e:f1:b7:c8:f4:c1:0d:fc:d5:6d

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_32BIT_MACHINE

IMAGE_FILE_DLL

PDB Paths

D:\ADOAgent\_work\711\s\Exodus.Touch\Output\Binary\Release\Exodus.Connector.Database.pdb

Imports

genesisstates

?GetDisabledMemoryContentMask@CDataSource@@SA_KXZ

??0CToolTipHelperCAIS@@QAE@XZ

?CreateNativePhoneStates@@YAPAUIPhone@@PBGK00KW4eSide@@W4ETransferType@1@@Z

?GetIninFile@CDataSource@@SAPAUIIniFileInterface@@XZ

?TranslateToLocalLanguage@CDataSource@@SA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@ABV23@_N@Z

?GetEnglishString@CDataSource@@SA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@V23@@Z

?GetString@CDataSource@@SA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@V23@@Z

?ClearAndInitializeDatabase@CDataSource@@SAHXZ

?InitializeDatabase@CDataSource@@SA_NXZ

?Destroy@CDataSource@@SAXXZ

?ClearOTFMethodsOnly@CDataSource@@SAXXZ

?ClearOTFXMLsOnly@CDataSource@@SAXXZ

?ClearFakeXMLs@CDataSource@@SAXXZ

?ClearReferenceXMLs@CDataSource@@SAX_N@Z

?GetSerialNumber@CDataSource@@SAKXZ

?GetDisabledMemoryContentMaskWeb@CDataSource@@SA_KXZ

?MakeDisabledMemoryContentMaskWeb@CDataSource@@SAXXZ

?RestoreToFactorySettings@CDataSource@@SAHXZ

?InsertFactorySettings@CDataSource@@SAHXZ

?LoadInterfaceStrings@CDataSource@@SAHXZ

?GetToolTip@CToolTipHelper@@QAE_NABU_toolTipDescription@@AAU_toolTipData@@@Z

??0CToolTipHelper@@QAE@XZ

?SetForensic@CDataSource@@SAX_N@Z

??1CToolTipHelperCAIS@@UAE@XZ

??1CToolTipHelper@@UAE@XZ

?GetTagValue@CToolTipHelperCAIS@@MAE_NPAUIPhone@@PBGAAV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@@Z

?GetTagValue@CToolTipHelper@@MAE_NPAUIPhone@@PBGAAV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@@Z

?m_isKiosk@CDataSource@@2_NA

?m_isPc@CDataSource@@2_NA

?MakeDisabledMemoryContentMask@CDataSource@@SAXXZ

?m_hardware@CDataSource@@2V?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@A

?Create@CDataSource@@SA_NXZ

?SetSoundEnable@CDataSource@@SAX_N@Z

?GetInterface@CDataSource@@SAXIPAPAX@Z

?InitializeHelp@CDataSource@@SA_NXZ

vcruntime140

__std_terminate

memmove

__CxxExceptionFilter

__FrameUnwindFilter

_purecall

__std_exception_copy

__std_exception_destroy

_CxxThrowException

_except_handler4_common

__std_type_info_destroy_list

memset

__CxxUnregisterExceptionObject

__CxxRegisterExceptionObject

__CxxDetectRethrow

__CxxQueryExceptionSize

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vswprintf

api-ms-win-crt-runtime-l1-1-0

_seh_filter_dll

_initterm

terminate

_initialize_onexit_table

_cexit

_invalid_parameter_noinfo_noreturn

_crt_at_quick_exit

abort

_crt_atexit

_execute_onexit_table

_initterm_e

_configure_narrow_argv

_initialize_narrow_environment

_register_onexit_function

api-ms-win-crt-heap-l1-1-0

calloc

_callnewh

malloc

free

kernel32

TerminateProcess

GetCurrentProcess

GetModuleHandleW

IsProcessorFeaturePresent

GetStartupInfoW

SetUnhandledExceptionFilter

UnhandledExceptionFilter

IsDebuggerPresent

InitializeSListHead

DisableThreadLibraryCalls

GetSystemTimeAsFileTime

GetCurrentThreadId

GetCurrentProcessId

QueryPerformanceCounter

LocalFree

Sleep

FreeLibrary

GetProcAddress

GetLastError

WideCharToMultiByte

LoadLibraryW

common

??1CPhoneInfo@@UAE@XZ

??ACPhoneInfo@@QAEAAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@W4eStrParams@0@@Z

?GetDataFolderPath@CProgramPaths@@SA?BV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@XZ

??1ExtendedDLLParams@@QAE@XZ

??0ExtendedDLLParams@@QAE@XZ

?xxprintf@@YAHPBG0ZZ

?DebugFileName@@YAPBDPBD@Z

??4CTimestampUtil@@QAEAAV0@ABV0@@Z

??4CTimestampUtil@@QAEAAV0@$$QAV0@@Z

??0CPhoneInfo@@QAE@XZ

databaseengine

?CreateExtendedPhone@@YAPAUIPhone@@PAU?$ICollection@UIPhone@@@@PAU1@_N@Z

?GetAllDynamicVendors@CExternalDBStaff@@SA_NW4EPhoneFeatures@@AAV?$vector@PAUIPhoneFamily@@V?$allocator@PAUIPhoneFamily@@@std@@@std@@@Z

?GetFamiliesList@CExternalDBStaff@@SA_NW4EPhoneFeatures@@AAV?$vector@PAUIPhoneFamily@@V?$allocator@PAUIPhoneFamily@@@std@@@std@@@Z

?CreateRawPhone@CPhone4ManagedContainer@@QAEPAUIPhone@@F@Z

?CreateDefaultPhone@CPhone4ManagedContainer@@QAEPAUIPhone@@FPBG00W4eSide@@W4ETransferType@2@W4EPhoneFeatures@@@Z

?CreatePhone@CPhone4ManagedContainer@@QAE_NFPBG00W4eSide@@W4ETransferType@IPhone@@W4EPhoneFeatures@@PAPAU4@@Z

??CCPhone4ManagedContainer@@QAEPAU?$ICollection@UIPhone@@@@XZ

??1CPhone4ManagedContainer@@QAE@XZ

?Init@CPhone4ManagedContainer@@QAE_NPBG@Z

??0CPhone4ManagedContainer@@QAE@XZ

?CreateLicenseAdapter@CExternalDBStaff@@SAX_N@Z

?DeleteLicenseAdapter@CExternalDBStaff@@SAXXZ

?Prepare2CacheBuild@CExternalDBStaff@@SAXXZ

??1COTFImpl@@QAE@XZ

??0COTFImpl@@QAE@XZ

?get@COTFImpl@@QAEPAUICreatePhoneOnTheFly@@XZ

oleaut32

VariantClear

GetErrorInfo

CreateErrorInfo

VariantChangeType

VariantCopy

VariantInit

SetErrorInfo

SysFreeString

msvcp140

_Mbrtowc

?__ExceptionPtrCopy@@YAXPAXPBX@Z

?_Xbad_alloc@std@@YAXXZ

?_Xlength_error@std@@YAXPBD@Z

?_W_Getmonths@_Locinfo@std@@QBEPBGXZ

?_W_Getdays@_Locinfo@std@@QBEPBGXZ

?_Getcvt@_Locinfo@std@@QBE?AU_Cvtvec@@XZ

?__ExceptionPtrDestroy@@YAXPAX@Z

mscoree

_CorDllMain

Exports

??4CTimestampUtil@@QAEAAV0@$$QAV0@@Z

??4CTimestampUtil@@QAEAAV0@ABV0@@Z

Sections

.text
Size: 72KB - Virtual size: 72KB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

.rdata
Size: 296KB - Virtual size: 295KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_DISCARDABLE

IMAGE_SCN_MEM_READ

Copy to UFED4PC 7.60 Installation directory (Data file)/ufed copy to location DLL/Exodus.Connector.dll

.dll windows:6 windows x86 arch:x86

1de882668488c424e0387e78eb457c50

Code Sign

03:a3:43:19:c7:07:88:13:c1:21:d6:74:4a:ba:05:7e
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

27/12/2020, 00:00

Not After

03/01/2024, 23:59

Subject

CN=Cellebrite DI LTD,O=Cellebrite DI LTD,L=Petah Tikva,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign

KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23/12/2017, 00:00

Not After

22/03/2029, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

b2:98:ed:44:e6:da:11:44:10:c7:15:dc:ef:5f:d1:a5:14:52:48:fa:b9:f0:96:c1:70:81:51:10:67:f0:44:5d
Signer

Actual PE Digest

b2:98:ed:44:e6:da:11:44:10:c7:15:dc:ef:5f:d1:a5:14:52:48:fa:b9:f0:96:c1:70:81:51:10:67:f0:44:5d

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_32BIT_MACHINE

IMAGE_FILE_DLL

PDB Paths

D:\ADOAgent\_work\711\s\Exodus.Touch\Output\Binary\Release\Exodus.Connector.pdb

Imports

genesisstates

??1CHelpProvider@@UAE@XZ

?AddEraseNoteForTarget@CHelpProvider@@UAEX_N@Z

?GetDFUEnterEvent@CHelpProvider@@UAE?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@W4eSide@@@Z

?SetModuleInfo@CHelpProvider@@UAEXPAVCModuleInfo@@0@Z

?GetHelpEntries@CHelpProvider@@UAE?AV?$vector@UCHelpEntry@@V?$allocator@UCHelpEntry@@@std@@@std@@XZ

?GetHelpURL@CHelpProvider@@UAE_NW4eSide@@AAV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@@Z

?GetHelpString@CHelpProvider@@UAE_NW4eSide@@AAV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@@Z

?ComposeFullHelp@CHelpProvider@@UAE?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@PAUIDataProvider@@@Z

?IsEmpty@CHelpProvider@@UAE_NXZ

?GenerateHelp@CHelpProvider@@UAE_NW4EShowHelpFor@@W4HelpCategoryId@GenesisHelp@@W4eSide@@_N3W4EHelpSections@@4V?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@@Z

?GenerateHelp@CHelpProvider@@UAE_NABVCHelpAttributes@@@Z

?GenerateHelp@CHelpProvider@@UAE_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@W4eSide@@@Z

?AddHelpTopic@CHelpProvider@@UAE_NPAUIDataProvider@@PAUIBaseLink@@V?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@ABV45@@Z

?Reset@CHelpProvider@@UAEXXZ

?m_Statistics@CDataSource@@2VCStatFasade@Stat@@A

??1CEvidencePhoneNative@@UAE@XZ

?m_serial@CDataSource@@2V?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@A

??1ChatCaptureManagerFactory@@UAE@XZ

?Create@ChatCaptureManagerFactory@@UAEPAUIChatCaptureManager@@XZ

?globalParamsStorage@@3VCGlobalParamStorage@StatesToolBox@@A

?GetTagsPrefixByTransferType@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@W4EMenuItemId@@@Z

?CreateNativePhoneStates@@YAPAUIPhone@@PBGK00KW4eSide@@W4ETransferType@1@@Z

?AndroidPackagesMetaData@CStateMemoryDump@@QAEABV?$map@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@VCPkgMetaData@@U?$less@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@V?$allocator@U?$pair@$$CBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@VCPkgMetaData@@@std@@@2@@std@@XZ

?EnableBF4Transfer@CStateMemoryDump@@QAEX_N@Z

?ExtractionResultCode@CStateMemoryDump@@QAE?AW4PhysicalExtractionResult@@XZ

?ShowDumpInstructionSuccess@CStateMemoryDump@@QAEXW4EMenuItemId@@_N@Z

?GetRebootPhoneUserSelection@CStateMemoryDump@@QAE_NXZ

??1CSmartFlowState@@UAE@XZ

?GetResultMessage@CStateMemoryDump@@QAE?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@XZ

?IsTransferSuccess@CStateMemoryDump@@QAE_NXZ

?SetOs@CStateMemoryDump@@QAEXABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@@Z

?ShowTransferResult@CStateMemoryDump@@QAEX_N@Z

?SetPAConnectionIface@CStateMemoryDump@@QAEXPAUIPA_InteractionInterface@@@Z

?SetRebootPhoneUserSelection@CStateMemoryDump@@QAEX_N@Z

?SaveStatReport@CStateMemoryDump@@QAEX_N@Z

?SetBiosDate@CStateMemoryDump@@QAEXABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@@Z

?SetExodusMainWnd@CStateMemoryDump@@QAEXPAUHWND__@@@Z

?SetNoAdapter@CStateMemoryDump@@QAEX_N@Z

??0CSmartFlowState@@QAE@PAUIScheduler@@ABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@1V23@@Z

??1CExtractionUserActivityLog@@QAE@XZ

?GetFilteredOutContentTypes@CStateReading@@QAE_KXZ

?GetRebootPhoneUserSelection@CStateReading@@QAE_NXZ

?Save@CExtractionUserActivityLog@@QAEXXZ

?GetResultMessage@CStateReading@@QAE?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@XZ

??1CModTestIniCreate@@QAE@XZ

?Create@CModTestIniCreate@@QAEXPAVCResultsManager@@@Z

??0CModTestIniCreate@@QAE@ABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@@Z

??0CExtractionUserActivityLog@@QAE@ABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@@Z

?SetRebootPhoneUserSelection@CStateReading@@QAEX_N@Z

?SetAcademicLicense@CStateReading@@QAEX_N@Z

?SetPAConnectionIface@CStateReading@@QAEXPAUIPA_InteractionInterface@@@Z

?SetExtractSourceImei@CStateReading@@QAEX_N@Z

??1CStateWriteFileToTarget@@UAE@XZ

?Save@CStateWriteFileToTarget@@QAE_NPBE_KPBG@Z

?InitInstance@CStateWriteFileToTarget@@QAEXPAUIUserInteraction@@@Z

??0CStateWriteFileToTarget@@QAE@XZ

?RunToolFromExtractionFlow@CStateToolsExecute@@QAEXXZ

?ExtractionIsCowGirl@@YA_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@0PAUIPhone@@@Z

?IsForensic@CDataSource@@SA_NXZ

?ParseExtractionCommandJson_NG@CFunctions@@SA_NAAV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@AAU_extractionCommandNG@@@Z

?IsFileDumpSupportedByPhysicalPhone@CFunctions@@SA_NHABV?$vector@V?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@V?$allocator@V?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@@2@@std@@ABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@3@1@Z

?GetTools@CDataSource@@SA_NAAV?$vector@U_toolDescriptor@@V?$allocator@U_toolDescriptor@@@std@@@std@@_N@Z

??1CStateReading@@UAE@XZ

?SetExtractTargetImei@CStateReading@@QAEX_N@Z

?SetDualStageTransaction@CStateReading@@QAEX_NH@Z

?GetConnectLaterStuff@CStateReading@@QAEAAU_ConnectLaterStuff@1@XZ

?ShowSuccessHelp@CStateReading@@QAEX_N@Z

??0CStateReading@@QAE@PAUIScheduler@@V?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@@Z

??1CDumpsHelpCategory@StatesToolBox@@QAE@XZ

?GetHelpCategory@CDumpsHelpCategory@StatesToolBox@@QAE?AW4HelpCategoryId@GenesisHelp@@PBGW4EMenuItemId@@H@Z

??4CTimestampUtil@@QAEAAV0@$$QAV0@@Z

??4CTimestampUtil@@QAEAAV0@ABV0@@Z

??0ChatCaptureManagerFactory@@QAE@XZ

??0CEvidencePhoneNative@@QAE@XZ

?SetUserInteraction@CEvidencePhoneNative@@QAEXPAUIUserInteraction@@0@Z

?DisconnectSource@CEvidencePhoneNative@@QAEXXZ

??0CEvidenceBlob@@QAE@XZ

?GetSnapshot@CEvidencePhoneNative@@QAE?AW4eEvidence_status@1@AAVCEvidenceBlob@@@Z

?GetSize@CEvidenceBlob@@QAEKXZ

?GetData@CEvidenceBlob@@QAEPAXXZ

?GetType@CEvidenceBlob@@QAEKXZ

??1CEvidenceBlob@@QAE@XZ

?DisconnectTarget@CEvidencePhoneNative@@QAEXXZ

?GetSnapshotFolderName@CEvidencePhoneNative@@QAE?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@XZ

?GetVideoFolderName@CEvidencePhoneNative@@QAE?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@XZ

?Init@CEvidencePhoneNative@@QAEXABU_init_staff@1@PAUIPhone@@1PAV?$InterfaceFromDllPtr@UIBaseLink@@@@2@Z

?UpdateUserBackupDirForFixedDirectory@CEvidencePhoneNative@@QAEXPBG@Z

?SaveSnapshot@CEvidencePhoneNative@@QAE?AW4eEvidence_status@1@ABU_evidence_file@@@Z

?SaveSnapshot@CEvidencePhoneNative@@QAE?AW4eEvidence_status@1@ABU_evidence_file@@AAV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@1@Z

?SaveVideo@CEvidencePhoneNative@@QAE?AW4eEvidence_status@1@ABU_evidence_file@@@Z

?SaveVideo@CEvidencePhoneNative@@QAE?AW4eEvidence_status@1@ABU_evidence_file@@AAV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@1@Z

?SaveIndexFile@CEvidencePhoneNative@@QAE?AW4eEvidence_status@1@ABU_evidence_file@@@Z

?GetString@CDataSource@@SA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@V23@@Z

??1CPrefixChangeEx@@QAE@XZ

?SetSourcePhone@CPrefixChange@@QAEXPAUIPhone@@@Z

?SetPhantomSource@CPrefixChange@@QAEX_N@Z

?SetPhone@CPrefixChange@@QAEXPAUIPhone@@@Z

?CollectChangeSetNames@CPrefixChangeEx@@QAEXXZ

?GetChangeSetNames@CPrefixChangeEx@@QAEABV?$vector@V?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@V?$allocator@V?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@@2@@std@@XZ

?GetSelectedSetParams@CPrefixChangeEx@@QAE?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@H@Z

?GetParamOfSelectedSet@CPrefixChangeEx@@QAE_NGAAV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@0AAH1@Z

??0CPrefixChangeEx@@QAE@AAV?$map@GV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@U?$less@G@2@V?$allocator@U?$pair@$$CBGV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@@std@@@2@@std@@@Z

?Beep@CDataSource@@SAXKKH@Z

??0CHelpProvider@@QAE@XZ

?GetEnglishString@CDataSource@@SA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@V23@@Z

?TranslateToLocalLanguage@CDataSource@@SA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@ABV23@_N@Z

?SetInfoValue@CStateReading@@QAEXW4InfoType@1@PBG1@Z

?SetSIM_Password@CStateReading@@QAEXABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@@Z

?SetNextSimExtractionTypeNeeded@CStateReading@@QAEXI@Z

??0CStateRunAndroidInfo@@QAE@XZ

?InitInstance@CStateRunAndroidInfo@@QAEXPAUIUserInteraction@@@Z

?Execute@CStateRunAndroidInfo@@QAE?AW4ErrorCode@@XZ

??1CStateRunAndroidInfo@@UAE@XZ

?SetBiosDate@CStateReading@@QAEXABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@@Z

?GetNextSimExtractionTypeNeeded@CStateReading@@QAEIXZ

?GetSIM_InsertedPassword@CStateReading@@QAE?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@XZ

?StatisticsAsXMLNode@CStatFasade@Stat@@QAE?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@XZ

?GetSingleTransactionRecord@CStatFasade@Stat@@QAE?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@XZ

??0CValue@Stat@@QAE@ABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@@Z

??0CKey@Stat@@QAE@W4EIndex@1@00@Z

??ACStatFasade@Stat@@QAEAAVCValue@1@ABVCKey@1@@Z

??4CValue@Stat@@QAEAAV01@ABV01@@Z

??1CKey@Stat@@UAE@XZ

??1CValue@Stat@@UAE@XZ

??0CProduceDeactivationKey@@QAE@K@Z

?GenerateKey@CProduceDeactivationKey@@QAEXXZ

?GetKey@CProduceDeactivationKey@@QAEXAAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z

??1CProduceDeactivationKey@@QAE@XZ

?SetCustomerPackIndex@CStateReading@@QAEXABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@@Z

?SetCustomerPackIndex@CStateMemoryDump@@QAEXABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@@Z

?GetIninFile@CDataSource@@SAPAUIIniFileInterface@@XZ

??0CStateMemoryDump@@QAE@PAUIScheduler@@ABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@1V23@@Z

??1CStateMemoryDump@@UAE@XZ

?GetFSSelectiveSupportByPhone@CStateMemoryDump@@QAEXPAUIPhone@@AAV?$vector@HV?$allocator@H@std@@@std@@@Z

??0CStateToolsExecute@@QAE@PAUIScheduler@@ABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@@Z

?SetLogPath@CStateToolsExecute@@QAEXABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@@Z

??1CStateToolsExecute@@UAE@XZ

??0CStateCloneSimId@@QAE@PAUIScheduler@@ABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@@Z

?SaveStatReport@CStateCloneSimId@@QAEX_N@Z

?GetTransactionResult@CStateCloneSimId@@QAE_NXZ

??1CStateCloneSimId@@UAE@XZ

?SetReportFileName@CStateReading@@QAEXV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@@Z

??0CValue@Stat@@QAE@H@Z

?GetInterface@CDataSource@@SAXIPAPAX@Z

?InitInstance@CStateReading@@QAEXPAUIUserInteraction@@0_N@Z

?SetNoAdapter@CStateReading@@QAEX_N@Z

?SetDontRemoveBluetoothPairingOnDisconnect@CStateReading@@QAEXXZ

?SetDirectBluetoothConnection@CStateReading@@QAEX_K@Z

?SetPhonebookAccounts@CStateReading@@QAEXABV?$vector@UAccountDataStruct@@V?$allocator@UAccountDataStruct@@@std@@@std@@@Z

?GetStateResults@CDataSource@@SAPAVCResultsManager@@XZ

??0CDumpsHelpCategory@StatesToolBox@@QAE@XZ

databaseengine

?Get@CFakePhone@@UAEHPBGPAPAUIValue@@@Z

?SetPCMode@CFakePhone@@UAEXPBG@Z

?Release@CFakePhone@@UAEXXZ

?SetPhoneVersion@CFakePhone@@UAEXABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@@Z

?SetRegionAndProvider@CFakePhone@@UAEXABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@0@Z

?SetCustomer@CFakePhone@@UAEXABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@@Z

?SetSelectedLink@CFakePhone@@UAEXK@Z

?SetSide@CFakePhone@@UAEXW4eSide@@@Z

?SetTransferType@CFakePhone@@UAEXW4ETransferType@IPhone@@@Z

?UpdateHardwareType@CFakePhone@@UAEXXZ

?GetRegion@CFakePhone@@UAEXAAV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@@Z

?GetProvider@CFakePhone@@UAEXAAV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@@Z

?GetCustomer@CFakePhone@@UAEXAAV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@@Z

?GetSelectedLink@CFakePhone@@UAEKXZ

?Getside@CFakePhone@@UAE?AW4eSide@@XZ

?GetTransferType@CFakePhone@@UAE?AW4ETransferType@IPhone@@XZ

?GetPhoneVersion@CFakePhone@@UAEXAAV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@@Z

?GetGUIDInfo@CFakePhone@@UAEHAAV?$vector@UGuidInfo@IPhone@@V?$allocator@UGuidInfo@IPhone@@@std@@@std@@@Z

?GetAttributedElements@CFakePhone@@UAEHPBGAAV?$vector@UAttributedElement@IPhone@@V?$allocator@UAttributedElement@IPhone@@@std@@@std@@@Z

?GetTags@CFakePhone@@UAEXAAV?$set@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@U?$less@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@V?$allocator@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@@std@@@Z

??1CFakePhone@@UAE@XZ

?PhoneFamilyFabrick@@YAPAUIPhoneFamily@@ABU_family_info_internal@@@Z

?SetValue@CFakePhone@@QAEXABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@0@Z

?FillPhoneFromXML@CFakePhone@@QAE_NW4eOsType@1@@Z

??0CFakePhone@@QAE@XZ

?GetStrings@CFakePhone@@UAEHPBGAAV?$vector@V?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@V?$allocator@V?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@@2@@std@@@Z

msvcp140

?classic@locale@std@@SAABV12@XZ

?imbue@?$basic_ios@DU?$char_traits@D@std@@@std@@QAE?AVlocale@2@ABV32@@Z

?setf@ios_base@std@@QAEHHH@Z

??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAVios_base@1@AAV21@@Z@Z

?setprecision@std@@YA?AU?$_Smanip@_J@1@_J@Z

??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@N@Z

?setf@ios_base@std@@QAEHH@Z

??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@_J@Z

?_Gninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ

?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A

?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEXABVlocale@2@@Z

?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ

?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEPAV12@PAD_J@Z

?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z

?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@D@Z

?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ

?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ

?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ

?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ

?imbue@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MAEXABVlocale@2@@Z

?sync@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MAEHXZ

?setbuf@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MAEPAV12@PAG_J@Z

?xsputn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MAE_JPBG_J@Z

?xsgetn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MAE_JPAG_J@Z

?uflow@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MAEGXZ

?showmanyc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MAE_JXZ

?_Unlock@?$basic_streambuf@GU?$char_traits@G@std@@@std@@UAEXXZ

?_Lock@?$basic_streambuf@GU?$char_traits@G@std@@@std@@UAEXXZ

??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@_K@Z

??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@K@Z

?pbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXH@Z

?_Pnavail@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBE_JXZ

?gbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXH@Z

?_Gnavail@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBE_JXZ

?in@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z

?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z

?_Gndec@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ

?out@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z

?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ

?bad@ios_base@std@@QBE_NXZ

?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z

?gcount@?$basic_istream@DU?$char_traits@D@std@@@std@@QBE_JXZ

?__ExceptionPtrDestroy@@YAXPAX@Z

?__ExceptionPtrCopy@@YAXPAXPBX@Z

?rdbuf@?$basic_ios@GU?$char_traits@G@std@@@std@@QBEPAV?$basic_streambuf@GU?$char_traits@G@std@@@2@XZ

?widen@?$basic_ios@GU?$char_traits@G@std@@@std@@QBEGD@Z

?put@?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEAAV12@G@Z

?flush@?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEAAV12@XZ

?_Xlength_error@std@@YAXPBD@Z

?uncaught_exception@std@@YA_NXZ

?_Osfx@?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEXXZ

?good@ios_base@std@@QBE_NXZ

?tie@?$basic_ios@GU?$char_traits@G@std@@@std@@QBEPAV?$basic_ostream@GU?$char_traits@G@std@@@2@XZ

??0?$basic_streambuf@GU?$char_traits@G@std@@@std@@IAE@XZ

??1?$basic_streambuf@GU?$char_traits@G@std@@@std@@UAE@XZ

?width@ios_base@std@@QBE_JXZ

?flags@ios_base@std@@QBEHXZ

?fill@?$basic_ios@GU?$char_traits@G@std@@@std@@QBEGXZ

?sputc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QAEGG@Z

?sputn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QAE_JPBG_J@Z

?width@ios_base@std@@QAE_J_J@Z

?setstate@?$basic_ios@GU?$char_traits@G@std@@@std@@QAEXH_N@Z

?pptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IBEPAGXZ

?epptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IBEPAGXZ

?egptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IBEPAGXZ

?eback@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IBEPAGXZ

?setg@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IAEXPAG00@Z

?setp@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IAEXPAG0@Z

??1?$basic_iostream@GU?$char_traits@G@std@@@std@@UAE@XZ

??0?$basic_ios@GU?$char_traits@G@std@@@std@@IAE@XZ

??1?$basic_ios@GU?$char_traits@G@std@@@std@@UAE@XZ

??0?$basic_iostream@GU?$char_traits@G@std@@@std@@QAE@PAV?$basic_streambuf@GU?$char_traits@G@std@@@1@@Z

?pbase@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IBEPAGXZ

?gptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IBEPAGXZ

??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEAAV01@K@Z

??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEAAV01@J@Z

??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z

?_Pninc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IAEPAGXZ

?setp@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IAEXPAG00@Z

?gbump@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IAEXH@Z

_Mbrtowc

?_Xbad_alloc@std@@YAXXZ

?_Xout_of_range@std@@YAXPBD@Z

?_Getcvt@_Locinfo@std@@QBE?AU_Cvtvec@@XZ

?_W_Getdays@_Locinfo@std@@QBEPBGXZ

?_W_Getmonths@_Locinfo@std@@QBEPBGXZ

?_Xbad_function_call@std@@YAXXZ

?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ

?eback@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ

?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAD00@Z

?read@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@PAD_J@Z

?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXXZ

?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAPAD0PAH001@Z

??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ

??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ

?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEPAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ

?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z

?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ

?tie@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEPAV?$basic_ostream@DU?$char_traits@D@std@@@2@XZ

?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ

?always_noconv@codecvt_base@std@@QBE_NXZ

?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDXZ

?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z

?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z

??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ

??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ

??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ

??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z

?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ

?epptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ

?egptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ

?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAD0@Z

?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAD00@Z

?_Xinvalid_argument@std@@YAXPBD@Z

??1?$basic_ostream@GU?$char_traits@G@std@@@std@@UAE@XZ

??0?$basic_ostream@GU?$char_traits@G@std@@@std@@QAE@PAV?$basic_streambuf@GU?$char_traits@G@std@@@1@_N@Z

??1?$basic_istream@DU?$char_traits@D@std@@@std@@UAE@XZ

?pbase@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ

?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ

??0_Lockit@std@@QAE@H@Z

??Bid@locale@std@@QAEIXZ

?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z

??1_Lockit@std@@QAE@XZ

??0?$basic_istream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z

?_Fiopen@std@@YAPAU_iobuf@@PBGHH@Z

?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QBE?AVlocale@2@XZ

?eof@ios_base@std@@QBE_NXZ

?unshift@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PAD1AAPAD@Z

kernel32

GetProcAddress

CreateEventW

WaitForSingleObjectEx

ResetEvent

SetEvent

DeleteCriticalSection

InitializeCriticalSectionAndSpinCount

LeaveCriticalSection

EnterCriticalSection

CloseHandle

FreeLibrary

WaitForSingleObject

GetLastError

LoadLibraryW

QueryPerformanceCounter

GetCurrentProcessId

GetCurrentThreadId

GetSystemTimeAsFileTime

DisableThreadLibraryCalls

InitializeSListHead

IsDebuggerPresent

LocalFree

Sleep

WriteFile

CreateFileW

CreateDirectoryW

GetLocalTime

GetTickCount

InitializeCriticalSection

MultiByteToWideChar

WideCharToMultiByte

UnhandledExceptionFilter

SetUnhandledExceptionFilter

GetStartupInfoW

IsProcessorFeaturePresent

GetModuleHandleW

GetCurrentProcess

TerminateProcess

vcruntime140

__CxxUnregisterExceptionObject

__std_terminate

__FrameUnwindFilter

__CxxDetectRethrow

__CxxRegisterExceptionObject

__CxxQueryExceptionSize

memmove

memset

__std_type_info_destroy_list

_except_handler4_common

_CxxThrowException

__std_exception_destroy

__std_exception_copy

_purecall

__CxxExceptionFilter

__CxxFrameHandler3

api-ms-win-crt-stdio-l1-1-0

fread

_fseeki64

fclose

fputc

ungetc

fgetc

fgetpos

fsetpos

setvbuf

fflush

_get_stream_buffer_pointers

fwrite

__stdio_common_vsprintf

__stdio_common_vsnprintf_s

__stdio_common_vswprintf_s

__stdio_common_vswprintf

_wfsopen

api-ms-win-crt-runtime-l1-1-0

_crt_at_quick_exit

_invalid_parameter_noinfo_noreturn

_crt_atexit

abort

_execute_onexit_table

_initialize_onexit_table

_cexit

terminate

_errno

_initialize_narrow_environment

_configure_narrow_argv

_initterm

_seh_filter_dll

_initterm_e

_get_errno

_register_onexit_function

api-ms-win-crt-heap-l1-1-0

malloc

calloc

free

_callnewh

common

?DebugFileName@@YAPBDPBD@Z

?xxprintf@@YAHPBG0ZZ

?SetValue@CModuleInfo@@QAE_NPBG0@Z

?GetValue@CModuleInfo@@QAE_NPBGPAV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@@Z

?GetUINT32@CModuleInfo@@QAEIPBGI@Z

?SetValue@CModuleInfo@@QAE_NPBGI@Z

?ToWstring@CStringArg@@QBE?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@PAUIStringTranslator@@@Z

??0CStringArg@@QAE@ABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@@Z

??0KeyList@@QAE@XZ

??0CStringArg@@QAE@PBG@Z

?AddKey@KeyList@@QAEXW4VirtualKey@@VCStringArg@@@Z

?GetDatabasePath@CProgramPaths@@SA?BV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@XZ

?GetApkDowngradePath@CProgramPaths@@SA?BV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@XZ

?GetProvisionImplementer@@YAXPAUIPhone@@W4EProvisionTypes@@AAV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@2@Z

??0CModuleInfo@@QAE@XZ

??1CModuleInfo@@UAE@XZ

?Reset@CModuleInfo@@QAEXXZ

?getSystemGmtOffset@@YAHXZ

??0ExtendedDLLParams@@QAE@PAUIDataProvider@@W4ModuleClassEnum@@PBG@Z

?GetTempFolderPath@CProgramPaths@@SA?BV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@XZ

?GetStringId@CStringArg@@QBE?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@XZ

mm_common

?GetName@CFileItem@@QBE?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@XZ

?GetFinalSize@CFileItem@@QBE_K_N@Z

?ContTypFromExt@CFileExtAnalyzer@@QAE?AU?$pair@W4EContentType@@I@std@@ABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@3@W4EContentType@@@Z

??1CFileExtAnalyzer@@QAE@XZ

??0CFileExtAnalyzer@@QAE@XZ

?GetItemId@CFileItem@@QBEIXZ

managerscommon

??0CBackupFileUtil@@QAE@PAUIUserInteraction@@PAVCModuleInfo@@ABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@PAVIDirChecker@CDirSelect@@@Z

??1CBackupFileUtil@@QAE@XZ

?CreateDirectoryWithPrefixOnly@CBackupFileUtil@@QAE?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@AAV23@W4eCounterFormat4PrefixOnlyFolderFormat@@@Z

??0CBackupFileUtil@@QAE@PAUIUserInteraction@@PAVCModuleInfo@@@Z

?UpdateDir@CBackupFileUtil@@QAEXAAV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@_NVCStringArg@@2@Z

oleaut32

VariantInit

VariantCopy

CreateErrorInfo

SysFreeString

SetErrorInfo

VariantChangeType

VariantClear

GetErrorInfo

bthprops.cpl

BluetoothRemoveDevice

BluetoothGetDeviceInfo

api-ms-win-crt-string-l1-1-0

toupper

wcsncmp

wcscpy_s

api-ms-win-crt-convert-l1-1-0

_ecvt_s

strtoull

_strtod_l

_wtol

_itoa_s

wcstoll

api-ms-win-crt-locale-l1-1-0

_create_locale

api-ms-win-crt-filesystem-l1-1-0

_unlock_file

_lock_file

api-ms-win-crt-math-l1-1-0

_finite

_isnan

user32

PostQuitMessage

MessageBoxW

mscoree

_CorDllMain

Exports

??4CTimestampUtil@@QAEAAV0@$$QAV0@@Z

??4CTimestampUtil@@QAEAAV0@ABV0@@Z

Sections

.text
Size: 422KB - Virtual size: 421KB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

.rdata
Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.data
Size: 25KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.reloc
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_DISCARDABLE

IMAGE_SCN_MEM_READ

Copy to UFED4PC 7.60 Installation directory (Data file)/ufed copy to location DLL/Exodus.License.dll

.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Code Sign

03:a3:43:19:c7:07:88:13:c1:21:d6:74:4a:ba:05:7e
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

27/12/2020, 00:00

Not After

03/01/2024, 23:59

Subject

CN=Cellebrite DI LTD,O=Cellebrite DI LTD,L=Petah Tikva,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign

KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23/12/2017, 00:00

Not After

22/03/2029, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

66:96:cb:aa:89:31:c0:58:ca:45:8b:37:08:fc:70:1f:ff:26:69:85:aa:10:b4:55:74:4c:9a:bf:8f:0c:e8:6d
Signer

Actual PE Digest

66:96:cb:aa:89:31:c0:58:ca:45:8b:37:08:fc:70:1f:ff:26:69:85:aa:10:b4:55:74:4c:9a:bf:8f:0c:e8:6d

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

IMAGE_DLLCHARACTERISTICS_NO_SEH

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_LARGE_ADDRESS_AWARE

IMAGE_FILE_DLL

PDB Paths

D:\ADOAgent\_work\711\s\Exodus.Touch\Exodus\Exodus.License\obj\Release\Exodus.License.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_DISCARDABLE

IMAGE_SCN_MEM_READ

Copy to UFED4PC 7.60 Installation directory (Data file)/ufed copy to location DLL/Exodus.Types.dll

.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Code Sign

03:a3:43:19:c7:07:88:13:c1:21:d6:74:4a:ba:05:7e
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

27/12/2020, 00:00

Not After

03/01/2024, 23:59

Subject

CN=Cellebrite DI LTD,O=Cellebrite DI LTD,L=Petah Tikva,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign

KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23/12/2017, 00:00

Not After

22/03/2029, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

dd:28:b7:92:46:25:2b:1d:78:d0:4d:6f:b9:1e:71:0f:d4:b1:ff:ee:69:45:c6:c1:95:97:ae:cd:98:f9:3c:0e
Signer

Actual PE Digest

dd:28:b7:92:46:25:2b:1d:78:d0:4d:6f:b9:1e:71:0f:d4:b1:ff:ee:69:45:c6:c1:95:97:ae:cd:98:f9:3c:0e

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

IMAGE_DLLCHARACTERISTICS_NO_SEH

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_LARGE_ADDRESS_AWARE

IMAGE_FILE_DLL

PDB Paths

D:\ADOAgent\_work\711\s\Exodus.Touch\Exodus\Exodus.Types\obj\Release\Exodus.Types.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 165KB - Virtual size: 164KB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_DISCARDABLE

IMAGE_SCN_MEM_READ

Copy to UFED4PC 7.60 Installation directory (Data file)/ufed copy to location DLL/ExportLog.exe

.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Code Sign

03:a3:43:19:c7:07:88:13:c1:21:d6:74:4a:ba:05:7e
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

27/12/2020, 00:00

Not After

03/01/2024, 23:59

Subject

CN=Cellebrite DI LTD,O=Cellebrite DI LTD,L=Petah Tikva,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign

KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23/12/2017, 00:00

Not After

22/03/2029, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

fa:96:4e:30:09:92:41:20:cd:98:0b:c3:fc:ce:a2:82:8c:fe:11:24:c4:ee:ad:6d:b3:8e:27:e9:14:c4:fd:70
Signer

Actual PE Digest

fa:96:4e:30:09:92:41:20:cd:98:0b:c3:fc:ce:a2:82:8c:fe:11:24:c4:ee:ad:6d:b3:8e:27:e9:14:c4:fd:70

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

IMAGE_DLLCHARACTERISTICS_NO_SEH

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

D:\ADOAgent\_work\711\s\Exodus.Touch\Tools\ExportLog\obj\Release\ExportLog.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_DISCARDABLE

IMAGE_SCN_MEM_READ

Copy to UFED4PC 7.60 Installation directory (Data file)/ufed copy to location DLL/GenesisStates.dll

.dll windows:6 windows x86 arch:x86

Code Sign

03:a3:43:19:c7:07:88:13:c1:21:d6:74:4a:ba:05:7e
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

27/12/2020, 00:00

Not After

03/01/2024, 23:59

Subject

CN=Cellebrite DI LTD,O=Cellebrite DI LTD,L=Petah Tikva,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign

KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23/12/2017, 00:00

Not After

22/03/2029, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

c7:d4:a9:8a:04:a5:75:39:ac:01:5a:f7:87:45:0c:98:08:19:e2:38:ab:1f:78:18:c1:52:80:cd:14:64:bd:ea
Signer

Actual PE Digest

c7:d4:a9:8a:04:a5:75:39:ac:01:5a:f7:87:45:0c:98:08:19:e2:38:ab:1f:78:18:c1:52:80:cd:14:64:bd:ea

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_32BIT_MACHINE

IMAGE_FILE_DLL

Exports

??0?$BaseImplement@UIState@@@@QAE@ABV0@@Z

??0?$BaseImplement@UIState@@@@QAE@XZ

??0?$State@UIState@@@@QAE@ABV0@@Z

??0?$State@UIState@@@@QAE@PAUIScheduler@@V?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@@Z

??0CCalendarImpl@@QAE@XZ

??0CContentImplBase@@QAE@ABV0@@Z

??0CContentImplBase@@QAE@XZ

??0CCycleContentImplBase@@QAE@$$QAV0@@Z

??0CCycleContentImplBase@@QAE@ABV0@@Z

??0CCycleContentImplBase@@QAE@XZ

??0CDataBaseImpl@@QAE@ABV0@@Z

??0CDataBaseImpl@@QAE@XZ

??0CDumpsHelpCategory@StatesToolBox@@QAE@$$QAV01@@Z

??0CDumpsHelpCategory@StatesToolBox@@QAE@ABV01@@Z

??0CDumpsHelpCategory@StatesToolBox@@QAE@XZ

??0CEEPROM@@QAE@ABV0@@Z

??0CEEPROM@@QAE@XZ

??0CEISourceImpl@@QAE@ABV0@@Z

??0CEISourceImpl@@QAE@XZ

??0CEvidenceBlob@@QAE@XZ

??0CEvidenceHelper@@QAE@$$QAV0@@Z

??0CEvidenceHelper@@QAE@XZ

??0CEvidencePhoneNative@@QAE@ABV0@@Z

??0CEvidencePhoneNative@@QAE@XZ

??0CExtraInfoImpl@@QAE@ABV0@@Z

??0CExtraInfoImpl@@QAE@XZ

??0CExtractionUserActivityLog@@QAE@ABV0@@Z

??0CExtractionUserActivityLog@@QAE@ABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@@Z

??0CFileWrite@@QAE@ABV0@@Z

??0CFileWrite@@QAE@PBG0I@Z

??0CFileWrite@@QAE@PBGI@Z

??0CForensicReportHandler@@QAE@XZ

??0CFunctions@@QAE@ABV0@@Z

??0CFunctions@@QAE@XZ

??0CGlobalParamStorage@StatesToolBox@@QAE@ABV01@@Z

??0CGlobalParamStorage@StatesToolBox@@QAE@XZ

??0CHelpProvider@@QAE@ABV0@@Z

??0CHelpProvider@@QAE@XZ

??0CKey@Stat@@QAE@ABV01@@Z

??0CKey@Stat@@QAE@W4EIndex@1@00@Z

??0CLastSelectedPhonesStorage@@QAE@ABV0@@Z

??0CLastSelectedPhonesStorage@@QAE@ABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@@Z

??0CLastSelectedPhonesStorage@@QAE@XZ

??0CLastSelectedPhonesStorageUplApp@@QAE@ABV0@@Z

??0CLastSelectedPhonesStorageUplApp@@QAE@ABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@@Z

??0CMessagesImpl@@QAE@XZ

??0CModTestIniCreate@@QAE@$$QAV0@@Z

??0CModTestIniCreate@@QAE@ABV0@@Z

??0CModTestIniCreate@@QAE@ABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@@Z

??0CMultimediaImpl@@QAE@ABV0@@Z

??0CMultimediaImpl@@QAE@XZ

??0CMultimediaImplBase@@QAE@ABV0@@Z

??0CMultimediaImplBase@@QAE@XZ

??0CPhoneBookImpl@@QAE@XZ

??0CPhoneBookSIMImpl@@QAE@XZ

??0CPrefixChange@@QAE@AAV?$map@GV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@U?$less@G@2@V?$allocator@U?$pair@$$CBGV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@@std@@@2@@std@@@Z

??0CPrefixChange@@QAE@ABV0@@Z

??0CPrefixChangeEx@@QAE@$$QAV0@@Z

??0CPrefixChangeEx@@QAE@AAV?$map@GV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@U?$less@G@2@V?$allocator@U?$pair@$$CBGV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@@std@@@2@@std@@@Z

??0CPrefixChangeEx@@QAE@ABV0@@Z

??0CProduceDeactivationKey@@QAE@$$QAV0@@Z

??0CProduceDeactivationKey@@QAE@ABV0@@Z

??0CProduceDeactivationKey@@QAE@K@Z

??0CSmartFlowState@@QAE@PAUIScheduler@@ABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@1V23@@Z

??0CStatCollector@@QAE@$$QAV0@@Z

??0CStatCollector@@QAE@ABV0@@Z

??0CStatCollector@@QAE@XZ

??0CStatFasade@Stat@@QAE@ABV01@@Z

??0CStatFasade@Stat@@QAE@H@Z

??0CStatFasade@Stat@@QAE@XZ

??0CStateCloneSimId@@QAE@ABV0@@Z

??0CStateCloneSimId@@QAE@PAUIScheduler@@ABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@@Z

??0CStateMemoryDump@@QAE@PAUIScheduler@@ABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@1V23@@Z

??0CStateReading@@QAE@PAUIScheduler@@V?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@@Z

??0CStateRunAndroidInfo@@QAE@ABV0@@Z

??0CStateRunAndroidInfo@@QAE@XZ

??0CStateSaveReports@@QAE@ABV0@@Z

??0CStateSaveReports@@QAE@ABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@@Z

??0CStateToolsExecute@@QAE@ABV0@@Z

??0CStateToolsExecute@@QAE@PAUIScheduler@@ABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@@Z

??0CStateWriteFileToTarget@@QAE@ABV0@@Z

??0CStateWriteFileToTarget@@QAE@XZ

??0CToolTipHelper@@QAE@ABV0@@Z

??0CToolTipHelper@@QAE@XZ

??0CToolTipHelperCAIS@@QAE@ABV0@@Z

??0CToolTipHelperCAIS@@QAE@XZ

??0CUserInstructions@@QAE@$$QAV0@@Z

??0CUserInstructions@@QAE@ABV0@@Z

??0CUserInstructions@@QAE@XZ

??0CValue@Stat@@QAE@ABV01@@Z

??0CValue@Stat@@QAE@ABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@@Z

??0CValue@Stat@@QAE@H@Z

??0CValue@Stat@@QAE@K@Z

??0CValue@Stat@@QAE@PBG@Z

??0CValue@Stat@@QAE@XZ

??0CValue@Stat@@QAE@_J@Z

??0CValue@Stat@@QAE@_N@Z

??0CableTypeInfo@@QAE@$$QAV0@@Z

??0CableTypeInfo@@QAE@ABV0@@Z

??0ChatCaptureManager@@QAE@XZ

??0ChatCaptureManagerFactory@@QAE@$$QAU0@@Z

??0ChatCaptureManagerFactory@@QAE@ABU0@@Z

??0ChatCaptureManagerFactory@@QAE@XZ

??0selected_phone@CLastSelectedPhonesStorage@@QAE@ABU01@@Z

??0selected_phone@CLastSelectedPhonesStorage@@QAE@XZ

??1?$BaseImplement@UIState@@@@UAE@XZ

??1?$State@UIState@@@@UAE@XZ

??1CCalendarImpl@@UAE@XZ

??1CContentImplBase@@UAE@XZ

??1CCycleContentImplBase@@UAE@XZ

??1CDataBaseImpl@@UAE@XZ

??1CDumpsHelpCategory@StatesToolBox@@QAE@XZ

??1CEEPROM@@UAE@XZ

??1CEISourceImpl@@UAE@XZ

??1CEvidenceBlob@@QAE@XZ

??1CEvidenceHelper@@QAE@XZ

??1CEvidencePhoneNative@@UAE@XZ

??1CExtraInfoImpl@@UAE@XZ

??1CExtractionUserActivityLog@@QAE@XZ

??1CFileWrite@@UAE@XZ

??1CForensicReportHandler@@UAE@XZ

??1CFunctions@@UAE@XZ

??1CGlobalParamStorage@StatesToolBox@@UAE@XZ

??1CHelpProvider@@UAE@XZ

??1CKey@Stat@@UAE@XZ

??1CLastSelectedPhonesStorage@@UAE@XZ

??1CLastSelectedPhonesStorageUplApp@@UAE@XZ

??1CMessagesImpl@@UAE@XZ

??1CModTestIniCreate@@QAE@XZ

??1CMultimediaImpl@@UAE@XZ

??1CMultimediaImplBase@@UAE@XZ

??1CPhoneBookImpl@@UAE@XZ

??1CPhoneBookSIMImpl@@UAE@XZ

??1CPrefixChange@@QAE@XZ

??1CPrefixChangeEx@@QAE@XZ

??1CProduceDeactivationKey@@QAE@XZ

??1CSmartFlowState@@UAE@XZ

??1CStatCollector@@QAE@XZ

??1CStatFasade@Stat@@UAE@XZ

??1CStateCloneSimId@@UAE@XZ

??1CStateMemoryDump@@UAE@XZ

??1CStateReading@@UAE@XZ

??1CStateRunAndroidInfo@@UAE@XZ

??1CStateSaveReports@@QAE@XZ

??1CStateToolsExecute@@UAE@XZ

??1CStateWriteFileToTarget@@UAE@XZ

??1CToolTipHelper@@UAE@XZ

??1CToolTipHelperCAIS@@UAE@XZ

??1CUserInstructions@@UAE@XZ

??1CValue@Stat@@UAE@XZ

??1CableTypeInfo@@QAE@XZ

??1ChatCaptureManager@@UAE@XZ

??1ChatCaptureManagerFactory@@UAE@XZ

??1selected_phone@CLastSelectedPhonesStorage@@QAE@XZ

??4?$BaseImplement@UIState@@@@QAEAAV0@ABV0@@Z

??4?$State@UIState@@@@QAEAAV0@ABV0@@Z

??4CContentImplBase@@QAEAAV0@ABV0@@Z

??4CCycleContentImplBase@@QAEAAV0@$$QAV0@@Z

??4CCycleContentImplBase@@QAEAAV0@ABV0@@Z

??4CDataBaseImpl@@QAEAAV0@ABV0@@Z

??4CDataSource@@QAEAAV0@$$QAV0@@Z

??4CDataSource@@QAEAAV0@ABV0@@Z

??4CDumpsHelpCategory@StatesToolBox@@QAEAAV01@$$QAV01@@Z

??4CDumpsHelpCategory@StatesToolBox@@QAEAAV01@ABV01@@Z

??4CEEPROM@@QAEAAV0@ABV0@@Z

??4CEISourceImpl@@QAEAAV0@ABV0@@Z

??4CEvidenceBlob@@QAEAAV0@ABV0@@Z

??4CEvidenceHelper@@QAEAAV0@$$QAV0@@Z

??4CEvidencePhoneNative@@QAEAAV0@ABV0@@Z

??4CExtraInfoImpl@@QAEAAV0@ABV0@@Z

??4CFileWrite@@QAEAAV0@ABV0@@Z

??4CFunctions@@QAEAAV0@ABV0@@Z

??4CGlobalParamStorage@StatesToolBox@@QAEAAV01@ABV01@@Z

??4CHelpProvider@@QAEAAV0@ABV0@@Z

??4CKey@Stat@@QAEAAV01@ABV01@@Z

??4CLastSelectedPhonesStorage@@QAEAAV0@ABV0@@Z

??4CLastSelectedPhonesStorageUplApp@@QAEAAV0@ABV0@@Z

??4CModTestIniCreate@@QAEAAV0@$$QAV0@@Z

??4CModTestIniCreate@@QAEAAV0@ABV0@@Z

??4CMultimediaImpl@@QAEAAV0@ABV0@@Z

??4CMultimediaImplBase@@QAEAAV0@ABV0@@Z

??4CProduceDeactivationKey@@QAEAAV0@$$QAV0@@Z

??4CProduceDeactivationKey@@QAEAAV0@ABV0@@Z

??4CStatCollector@@QAEAAV0@$$QAV0@@Z

??4CStatCollector@@QAEAAV0@ABV0@@Z

??4CStatFasade@Stat@@QAEAAV01@ABV01@@Z

??4CStateCloneSimId@@QAEAAV0@ABV0@@Z

??4CStateRunAndroidInfo@@QAEAAV0@ABV0@@Z

??4CStateSaveReports@@QAEAAV0@ABV0@@Z

??4CStateToolsExecute@@QAEAAV0@ABV0@@Z

??4CStateWriteFileToTarget@@QAEAAV0@ABV0@@Z

??4CTimestampUtil@@QAEAAV0@$$QAV0@@Z

??4CTimestampUtil@@QAEAAV0@ABV0@@Z

??4CToolTipHelper@@QAEAAV0@ABV0@@Z

??4CToolTipHelperCAIS@@QAEAAV0@ABV0@@Z

??4CUserInstructions@@QAEAAV0@$$QAV0@@Z

??4CUserInstructions@@QAEAAV0@ABV0@@Z

??4CValue@Stat@@QAEAAV01@ABV01@@Z

??4CableTypeInfo@@QAEAAV0@$$QAV0@@Z

??4CableTypeInfo@@QAEAAV0@ABV0@@Z

??4ChatCaptureManagerFactory@@QAEAAU0@$$QAU0@@Z

??4ChatCaptureManagerFactory@@QAEAAU0@ABU0@@Z

??4selected_phone@CLastSelectedPhonesStorage@@QAEXABU01@@Z

??ACLastSelectedPhonesStorage@@UAEPAUselected_phone@0@G@Z

??ACStatFasade@Stat@@QAEAAVCValue@1@ABVCKey@1@@Z

??ECValue@Stat@@QAEAAV01@H@Z

??ECValue@Stat@@QAEAAV01@XZ

??MCKey@Stat@@QBE_NABV01@@Z

??YCValue@Stat@@QAEAAV01@ABV01@@Z

??_7?$BaseImplement@UIState@@@@6B@

??_7?$State@UIState@@@@6B@

??_7CCalendarImpl@@6B@

??_7CContentImplBase@@6B@

??_7CCycleContentImplBase@@6B@

??_7CDataBaseImpl@@6B@

??_7CEEPROM@@6B@

??_7CEISourceImpl@@6B@

??_7CEvidenceHelper@@6BIServices@@@

??_7CEvidenceHelper@@6BITransferState@@@

??_7CEvidencePhoneNative@@6B@

??_7CExtraInfoImpl@@6B@

??_7CExtractionUserActivityLog@@6B@

??_7CFileWrite@@6B@

??_7CForensicReportHandler@@6B@

??_7CFunctions@@6B@

??_7CGlobalParamStorage@StatesToolBox@@6B@

??_7CHelpProvider@@6B@

??_7CKey@Stat@@6B@

??_7CLastSelectedPhonesStorage@@6B@

??_7CLastSelectedPhonesStorageUplApp@@6B@

??_7CMessagesImpl@@6B@

??_7CMultimediaImpl@@6B@

??_7CMultimediaImplBase@@6B@

??_7CPhoneBookImpl@@6B@

??_7CPhoneBookSIMImpl@@6B@

??_7CSmartFlowState@@6B?$State@UIState@@@@@

??_7CSmartFlowState@@6BCFunctions@@@

??_7CStatFasade@Stat@@6B@

??_7CStateCloneSimId@@6B?$State@UIState@@@@@

??_7CStateCloneSimId@@6BCUserInteractionEx@@@

??_7CStateMemoryDump@@6B?$State@UIState@@@@@

??_7CStateMemoryDump@@6BCFunctions@@@

??_7CStateReading@@6B?$State@UIState@@@@@

??_7CStateReading@@6BCFunctions@@@

??_7CStateReading@@6BIFlowControlCallbacks@@@

??_7CStateReading@@6BIServices@@@

??_7CStateReading@@6BITransferState@@@

??_7CStateRunAndroidInfo@@6B@

??_7CStateToolsExecute@@6B?$State@UIState@@@@@

??_7CStateToolsExecute@@6BCFunctions@@@

??_7CStateWriteFileToTarget@@6B@

??_7CToolTipHelper@@6B@

??_7CToolTipHelperCAIS@@6B@

??_7CUserInstructions@@6B@

??_7CValue@Stat@@6B@

??_7ChatCaptureManager@@6BIApplicationsManager@@@

??_7ChatCaptureManager@@6BIChatsCapturer@@@

??_7ChatCaptureManagerFactory@@6B@

?Abort@CMessagesImpl@@IAE?AW4EContentTypes@IContentImpl@@PAVCStatCollector@@I_N@Z

?Add@CValue@Stat@@QAEXABV12@@Z

?AddCheckBoxSelection@CExtractionUserActivityLog@@UAEX_N0ABV?$vector@IV?$allocator@I@std@@@std@@@Z

?AddDirectoryName@CEvidencePhoneNative@@IAEXAAV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@K@Z

?AddEraseNoteForTarget@CHelpProvider@@UAEX_N@Z

?AddFileInfo4ForensicReport@CEvidencePhoneNative@@IAEXPAXAAU_SYSTEMTIME@@@Z

?AddHelpTopic@CHelpProvider@@UAE_NPAUIDataProvider@@PAUIBaseLink@@V?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@ABV45@@Z

?AddLSourceLinkInfo@CStateMemoryDump@@IAEXPAUIBaseLink@@@Z

?AddListBoxSelection@CExtractionUserActivityLog@@UAEXH@Z

?AddLogicalContentTYpe@CModTestIniCreate@@AAEX_K@Z

?AddMMSelectContentSelection@CExtractionUserActivityLog@@UAEX_N0ABV?$vector@IV?$allocator@I@std@@@std@@@Z

?AddMask@CValue@Stat@@QAEXK@Z

?AddMessageBoxSelection@CExtractionUserActivityLog@@UAEXABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@@Z

?AddMethodMenuStr@CStateMemoryDump@@IAEXW4EMenuItemId@@@Z

?AddMultimediaStats@CStatCollector@@QAE_NHHPAVCMmStats@@@Z

?AddPBAccountSelection@CExtractionUserActivityLog@@UAEX_N0ABV?$vector@IV?$allocator@I@std@@@std@@@Z

?AddPhone@CLastSelectedPhonesStorage@@UAEXABUselected_phone@1@@Z

?AddSourceLinkInfo@CModTestIniCreate@@AAEXW4EMenuItemId@@PAVCResultsManager@@@Z

?AddSourceMemoryInfo@CModTestIniCreate@@AAEXK@Z

?AddSourcePhoneInfoInfo@CModTestIniCreate@@AAEXW4EMenuItemId@@PAVCResultsManager@@@Z

?AddSuggestedMethodInfo@CStateMemoryDump@@IAEXW4EMenuItemId@@H@Z

?AddTheRest@CModTestIniCreate@@AAEXXZ

?AddToFlowControl@CStateReading@@IAE_NW4EContentTypes@IContentImpl@@W4EOperation@3@@Z

?AddTransferType@CModTestIniCreate@@AAEXW4EMenuItemId@@@Z

?AddUFEDTexts2Stat@CStateReading@@IAEXXZ

?AddUserTextSelection@CExtractionUserActivityLog@@UAEXABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@@Z

?AddXmlRecord@CStatFasade@Stat@@QAE_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@@Z

?AnalyzeServerResponse@CStatFasade@Stat@@QAE?AW4EResponseAnalyzingResult@2@AAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@PA_N@Z

?AndroidPackagesMetaData@CStateMemoryDump@@QAEABV?$map@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@VCPkgMetaData@@U?$less@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@V?$allocator@U?$pair@$$CBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@VCPkgMetaData@@@std@@@2@@std@@XZ

?ApplyParams@CPrefixChange@@IAE_NXZ

?AskAboutSkipEmptyPB@CStateReading@@IAE_NPAUIPhone@@@Z

?AskForRemoveSomeContentTypes@CStateReading@@IAEX_KPAPA_K@Z

?AttachmentEventCb@CStateReading@@KA_NPAVIAttachmentField@@W4EStorageEvents@IContainer@@PAX@Z

?AttachmentManagerTargetConnect@CEvidenceHelper@@UAEXXZ

?AttachmentManagerTargetConnect@CStateReading@@MAEXXZ

?AttachmentManagerTargetDisconnect@CEvidenceHelper@@UAEXXZ

?AttachmentManagerTargetDisconnect@CStateReading@@MAEXXZ

?BackupContent@CMultimediaImpl@@MAE?AW4EErrorCode@@PAUIBaseLink@@0AAW4eSide@@@Z

?BackupExtraInfo@CExtraInfoImpl@@AAE_NPAUIBaseLink@@@Z

?BackupPreProcessBook@CPhoneBookImpl@@IAEXXZ

?BackupRestorePB@CPhoneBookImpl@@IAE_NPAUIBaseLink@@PAUIUserInteraction@@PAVCModuleInfo@@_N@Z

?Beep@CDataSource@@SAXKKH@Z

?Beep@CDataSource@@SAXW4BeepType@@H@Z

?Beep@CStateReading@@QAEXKKH@Z

?CalendarProxy@CCalendarImpl@@IAE?AW4ErrorCode@@PAUIBaseCalendarLib@@PAVICalendar@@_N@Z

?CaptureChat@ChatCaptureManager@@UAE?AW4ErrorCode@@V?$shared_ptr@UChatCaptureConfig@@@std@@V?$shared_ptr@$$CBUIChatCaptureCallback@@@4@@Z

?ChangeInOrder@CLastSelectedPhonesStorage@@UAEXXZ

?Check4XMLFiles@CStatFasade@Stat@@QAEXXZ

?CheckOverCurrentOnUSB@CFunctions@@SA_NPAUIBaseLink@@PAUIUserInteraction@@@Z

?CheckUserAbortMM@CMultimediaImplBase@@AAEXPAVICntModule@@PAVCModuleInfo@@PAUIUserInteraction@@@Z

?ChoosePhonebookAccounts@CPhoneBookImpl@@IAEXPAUIBasePhoneLib@@PAUIUserInteraction@@@Z

?Clear@CGlobalParamStorage@StatesToolBox@@QAEXXZ

?Clear@CLastSelectedPhonesStorage@@UAEXXZ

?ClearAndInitializeDatabase@CDataSource@@SAHXZ

?ClearFakeXMLs@CDataSource@@SAXXZ

?ClearOTFMethodsOnly@CDataSource@@SAXXZ

?ClearOTFXMLsOnly@CDataSource@@SAXXZ

?ClearReferenceXMLs@CDataSource@@SAX_N@Z

?Close@CFileWrite@@QAE_NXZ

?CloseExtraction@ChatCaptureManager@@UAE?AW4ErrorCode@@AAV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@W42@_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@4@@Z

?CollectChangeSetNames@CPrefixChangeEx@@QAEXXZ

?ComposeFullHelp@CHelpProvider@@UAE?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@PAUIDataProvider@@@Z

?ComposeHandsetIdMessage@CStateReading@@IAEXABUhandsetInfo@@AAV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@_N@Z

?ConfigSourceLink@CStateMemoryDump@@IAEXAAV?$InterfaceFromDllPtr@UIBaseLink@@@@@Z

?ConfigSourceModuleImplementation@CStateMemoryDump@@MAEXAAV?$InterfaceFromDllPtr@UIBaseDumperModule@@@@PAUIValue@@AAUExtendedDLLParams@@@Z

?ConfigTargetModuleImplementation@CStateMemoryDump@@MAEXAAV?$InterfaceFromDllPtr@UIDumperTargetModule@@@@PAUIValue@@AAUExtendedDLLParams@@@Z

?Connect@CCalendarImpl@@IAE_NAAV?$InterfaceFromDllPtr@UIBaseCalendarLib@@@@_N@Z

?Connect@CEEPROM@@IAE_NXZ

?Connect@CForensicReportHandler@@AAE_NXZ

?ConnectCleanup@CMessagesImpl@@IAEXI_N@Z

?ConnectSource@CEvidencePhoneNative@@IAE?AW4ErrorCode@@XZ

?ConnectTarget@CEvidencePhoneNative@@IAE_NXZ

?ContainText@CHelpProvider@@IAE_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@@Z

?ContentImplFactory@CStateReading@@MAEPAVIContentImpl@@W4EContentTypes@2@@Z

?ContentImplTypeToMemoryContentMask@CForensicReportHandler@@AAE_KI@Z

?Create@CDataSource@@SA_NXZ

?Create@CModTestIniCreate@@QAEXPAVCResultsManager@@@Z

?Create@ChatCaptureManagerFactory@@UAEPAUIChatCaptureManager@@XZ

?CreateAPK_DowngradeFolderName@CStateMemoryDump@@IAEXW4EMenuItemId@@@Z

?CreateBackupRestoreLink@CStateReading@@IAEXAAV?$InterfaceFromDllPtr@UIBaseLink@@@@_N@Z

?CreateFakeUFD@CForensicReportHandler@@AAEXXZ

?CreateFileSystemTarget@CStateReading@@AAEXXZ

?CreateForensicModule@CForensicReportHandler@@AAE_NXZ

?CreateHideTypesString@CHelpProvider@@IAEXW4EHelpSections@@AAV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@@Z

?CreateInitModule@CPhoneBookImpl@@MAE_NAAV?$InterfaceFromDllPtr@UIBasePhoneLib@@@@PBGPAUIPhone@@PAUIUserInteraction@@_N@Z

?CreateLinks@CStateReading@@IAEXXZ

?CreateMediaAsPhone@CStateReading@@IAEXXZ

?CreateModelNameForFolder@CStateReading@@IAEXXZ

?CreateNativePhoneStates@@YAPAUIPhone@@PBGK00KW4eSide@@W4ETransferType@1@@Z

?CreateSource@CSmartFlowState@@IAEHXZ

?CreateSourceLink@CEvidenceHelper@@QAE_NPBG@Z

?CreateSourceModuleImplementation@CDataBaseImpl@@MAEXAAV?$InterfaceFromDllPtr@UIBaseDumperModule@@@@PAUIValue@@AAUExtendedDLLParams@@@Z

?CreateStandartListBox@?$State@UIState@@@@QAEXXZ

?CreateStatisticsCommon@CSmartFlowState@@IAEXXZ

?CreateTagName4Search@CToolTipHelper@@IAEXABU_toolTipRule@@KAAV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@@Z

?CreateTargetModuleImplementation@CDataBaseImpl@@MAEXAAV?$InterfaceFromDllPtr@UIDumperTargetModule@@@@PAUIValue@@AAUExtendedDLLParams@@@Z

?CreateTopWindow@?$State@UIState@@@@QAEXV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@@Z

?CreateTopWindow@?$State@UIState@@@@QAEXXZ

?Cycle@CContentImplBase@@IAE?AW4EContentImplStatus@@W4EOperation@IContentImpl@@P81@AE_N0@ZV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@@Z

?CycleAction@CContentImplBase@@MAE_NW4EOperation@IContentImpl@@@Z

?CycleCalendar@CCalendarImpl@@IAE?AW4EContentImplStatus@@PAUIBaseLink@@W4EMenuItemId@@1_N@Z

?CycleContentTransfer@CMultimediaImplBase@@IAE?AW4EContentImplStatus@@XZ

?CycleDBExtract@CDataBaseImpl@@AAE?AW4EContentImplStatus@@W4EMenuItemId@@PAUIBaseLink@@1@Z

?CycleExtSIM@CPhoneBookSIMImpl@@IAE?AW4EContentImplStatus@@_N@Z

?CycleExtraInfoRead@CExtraInfoImpl@@IAE?AW4EContentImplStatus@@PAUIBaseLink@@W4EMenuItemId@@1_N@Z

?CycleExtraInfoWrite@CExtraInfoImpl@@IAE?AW4EContentImplStatus@@PAUIBaseLink@@W4EMenuItemId@@1@Z

?CycleMemDump@CStateMemoryDump@@MAEXW4EMenuItemId@@@Z

?CycleMessages@CMessagesImpl@@IAE?AW4EContentTypes@IContentImpl@@I_N@Z

?CyclePB@CPhoneBookImpl@@IAE?AW4EContentImplStatus@@_N@Z

?CycleSaveFile@CEvidencePhoneNative@@IAE?AW4eEvidence_status@1@ABU_evidence_file@@KAAV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@1@Z

?DBExtract@CDataBaseImpl@@AAEXPAUIBaseLink@@0@Z

?DBExtractMock@CDataBaseImpl@@AAEXPAUIBaseLink@@0@Z

?DeleteAPK_DowngradeFolderOnSuccess@CStateMemoryDump@@IAEXXZ

?DeleteAllZipFiles@CStatFasade@Stat@@QAEXXZ

?DeleteTopWindow@?$State@UIState@@@@QAEXXZ

?Destroy@CDataSource@@SAXXZ

?DetectPhoneOSType@@YAXPAUIPhone@@AAV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@@Z

?Disconnect@CEEPROM@@IAE_NXZ

?Disconnect@CForensicReportHandler@@AAE_N_N@Z

?DisconnectCleanup@CPhoneBookImpl@@IAEX_N0@Z

?DisconnectCleanupSource@CCalendarImpl@@IAEX_NW4EMenuItemId@@0@Z

?DisconnectCleanupSource@CEISourceImpl@@EAEXW4EMenuItemId@@_N@Z

?DisconnectInternalSource@CEvidencePhoneNative@@IAEXXZ

?DisconnectInternalTarget@CEvidencePhoneNative@@IAEX_N@Z

?DisconnectSource@CEvidencePhoneNative@@QAEXXZ

?DisconnectTarget@CEvidencePhoneNative@@QAEXXZ

?DoClone@CStateCloneSimId@@IAEHXZ

?DoTransfer@CMultimediaImpl@@MAE?AW4EErrorCode@@PAUIBaseLink@@0AAW4eSide@@_N2@Z

?EnableBF4Transfer@CStateMemoryDump@@QAEX_N@Z

?EnableFeature@CStateMemoryDump@@IAE_NH@Z

?EnsureFileSize@CEEPROM@@IAE_NH@Z

?EraseAfterRestore@CStateReading@@IAEXXZ

?EraseStatFiles@CStatFasade@Stat@@SAXXZ

?ErrorExit@?$State@UIState@@@@UAEHW4StateErrorCode@@@Z

?EvaluateHelpHtmReplacement@CHelpProvider@@IAEPBGXZ

?ExcludeHugeFiles@CMultimediaImplBase@@AAEXPAVCFileStore@@_N@Z

?Execute@CStateRunAndroidInfo@@QAE?AW4ErrorCode@@XZ

?ExecuteAttackAndAction@CStateMemoryDump@@MAEXW4EMenuItemId@@@Z

?ExecuteMemDump@CStateMemoryDump@@MAEXXZ

?ExecuteTransMgr@CMultimediaImplBase@@IAE?AW4EErrorCode@@PAVCEndPoint@@KAAW4eSide@@_N2PAVICntModule@@@Z

?ExtractHandsetInfo@CExtraInfoImpl@@AAEX_N@Z

?ExtractSIMAfterPhoneQ@CStateReading@@IAE_NW4EMenuItemId@@0H@Z

?ExtractionIsCowGirl@@YA_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@0PAUIPhone@@@Z

?ExtractionResultCode@CStateMemoryDump@@QAE?AW4PhysicalExtractionResult@@XZ

?Filter4ClientName@CHelpProvider@@IAEXW4HelpCategoryId@GenesisHelp@@W4eSide@@AAV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@@Z

?FilterDeletedSMS@CStateReading@@IAEXXZ

?FinalActions@CSmartFlowState@@IAEXXZ

?FinalActions@CStateReading@@IAEHXZ

?FinalCleanup@CStateReading@@IAEXXZ

?Finalize@CContentImplBase@@UAE_NXZ

?Finalize@CForensicReportHandler@@UAEXXZ

?Finalize@CStatFasade@Stat@@QAE_NAA_N@Z

?Finalize@ChatCaptureManager@@UAE?AW4ErrorCode@@W42@@Z

?FinalizeCycle@CCycleContentImplBase@@UAEXW4EOperation@IContentImpl@@@Z

?FinalizeStatReport@CStateReading@@IAEXXZ

?FinishAttachmentManager@CStateReading@@MAEXXZ

?FinishBaro@CStateMemoryDump@@IAEXXZ

?FinishStatRecord@CStateCloneSimId@@IAE_NAA_N0@Z

?FinishStatRecord@CStateMemoryDump@@IAE_NAA_N0@Z

?FlagsConvert@CPrefixChange@@IAEKABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@@Z

?FlushCachedData@CFileWrite@@QAE_NXZ

?FolderNameBuilder@CEvidencePhoneNative@@IAEXPAVCModuleInfo@@PAUIUserInteraction@@W4eEvidence_type@1@@Z

?FolderNameBuilder@CStateMemoryDump@@IAEXPAVCModuleInfo@@PAUIUserInteraction@@W4EMenuItemId@@@Z

?FolderNameBuilder@CStateReading@@QAEX_NPAVCModuleInfo@@PAUIUserInteraction@@0@Z

?ForceDisconnectTimeEstimation@CMultimediaImplBase@@AAEXPAVICntModule@@PAVCModuleInfo@@@Z

?FormatDateTime@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@AAU_SYSTEMTIME@@@Z

?GenerateHelp@CHelpProvider@@UAE_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@W4eSide@@@Z

?GenerateHelp@CHelpProvider@@UAE_NABVCHelpAttributes@@@Z

?GenerateHelp@CHelpProvider@@UAE_NW4EShowHelpFor@@W4HelpCategoryId@GenesisHelp@@W4eSide@@_N3W4EHelpSections@@4V?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@@Z

?GenerateKey@CProduceDeactivationKey@@QAEXXZ

?GetAltera@CEvidenceHelper@@UAEPAVCAltera@@XZ

?GetAltera@CStateReading@@MAEPAVCAltera@@XZ

?GetApplications@ChatCaptureManager@@UAE?AW4ErrorCode@@AAV?$vector@UApplicationInfo@@V?$allocator@UApplicationInfo@@@std@@@std@@@Z

?GetApplicationsContent@CEvidenceHelper@@UAEPAUApplicationsContent@NativeTypes@ApplicationsTbr@Interop@Cellebrite@@XZ

?GetApplicationsContent@CStateReading@@MAEPAUApplicationsContent@NativeTypes@ApplicationsTbr@Interop@Cellebrite@@XZ

?GetApplicationsInstallation@CEvidenceHelper@@UAEPAUApplicationsInstallation@NativeTypes@ApplicationsTbr@Interop@Cellebrite@@XZ

?GetApplicationsInstallation@CStateReading@@MAEPAUApplicationsInstallation@NativeTypes@ApplicationsTbr@Interop@Cellebrite@@XZ

?GetApropriateAbortString@CContentImplBase@@IAE?AVCStringArg@@XZ

?GetAttachmentManager@CEvidenceHelper@@UAEPAVIAttachmentManager@@XZ

?GetAttachmentManager@CStateReading@@MAEPAVIAttachmentManager@@XZ

?GetBackupName@CEvidenceHelper@@UAEPBGW4EMenuItemId@@@Z

?GetBackupName@CStateReading@@MAEPBGW4EMenuItemId@@@Z

?GetCalendar@CEvidenceHelper@@UAEPAVICalendar@@XZ

?GetCalendar@CStateReading@@MAEPAVICalendar@@XZ

?GetCalendarImplementator@CFunctions@@SAPBGPBG@Z

?GetCategoryTitle@CHelpProvider@@IAE?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@W4HelpCategoryId@GenesisHelp@@@Z

?GetChangeSetNames@CPrefixChangeEx@@QAEABV?$vector@V?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@V?$allocator@V?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@@2@@std@@XZ

?GetChannel@CFunctions@@SAPBGPBGPAV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@@Z

?GetChatsList@ChatCaptureManager@@UAE?AW4ErrorCode@@V?$shared_ptr@UChatsListScanningConfig@@@std@@V?$shared_ptr@$$CBUIChatInfoCallback@@@4@@Z

?GetCompletedContentMask@CEvidenceHelper@@UAEI_N@Z

?GetCompletedContentMask@CStateReading@@MAEI_N@Z

?GetConnectLaterStuff@CStateReading@@QAEAAU_ConnectLaterStuff@1@XZ

?GetContentCountFailSpecificTitle@CCalendarImpl@@MAE?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@XZ

?GetContentCountFailSpecificTitle@CContentImplBase@@MAE?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@XZ

?GetContentCountFailSpecificTitle@CMessagesImpl@@MAE?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@XZ

?GetContentCountFailSpecificTitle@CMultimediaImplBase@@EAE?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@XZ

?GetContentCountFailSpecificTitle@CPhoneBookImpl@@MAE?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@XZ

?GetContentCountFailSpecificTitle@CPhoneBookSIMImpl@@MAE?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@XZ

?GetContentCountSide@CContentImplBase@@MAE?AW4eSide@@XZ

?GetContentFilterSource@CEvidenceHelper@@UAE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ

?GetContentFilterSource@CStateReading@@MAE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ

?GetContentFilterTarget@CEvidenceHelper@@UAE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ

?GetContentFilterTarget@CStateReading@@MAE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ

?GetCopyMemoryType@CFunctions@@SA?AW4CopyMemoryType@@PBG@Z

?GetDFUEnterEvent@CHelpProvider@@UAE?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@W4eSide@@@Z

?GetData@CEvidenceBlob@@QAEPAXXZ

?GetDataSourceInterface@CDataSource@@SAPAUIDataSource@@XZ

?GetDate@CDataSource@@SA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@PAU_SYSTEMTIME@@@Z

?GetDifSourceFrendlyName@CFunctions@@SA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@AAV23@@Z

?GetDisabledMemoryContentMask@CDataSource@@SA_KXZ

?GetDisabledMemoryContentMaskWeb@CDataSource@@SA_KXZ

?GetDisplay@CDataSource@@SAPAVIDisplay@LCDGraphics@@_N@Z

?GetDumperTarget@CEvidenceHelper@@UAEPAUIDumperTargetModule@@XZ

?GetDumperTarget@CStateReading@@MAEPAUIDumperTargetModule@@XZ

?GetEnglishString@CDataSource@@SA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@V23@@Z

?GetErrorMessageId@CCalendarImpl@@IAE?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@PAUIBaseCalendarLib@@@Z

?GetErrorMessageId@CDataBaseImpl@@AAE?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@PAUIBaseDumperModule@@@Z

?GetErrorMessageId@CEvidencePhoneNative@@IAE?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@PAUIBaseEvidenceCollectionModule@@@Z

?GetErrorMessageId@CExtraInfoImpl@@AAE?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@PAVIBaseExtraInfoModule@@@Z

?GetErrorMessageId@CPhoneBookImpl@@IAE?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@PAUIBasePhoneLib@@@Z

?GetErrorMessageId@CPhoneBookSIMImpl@@IAE?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@PAUIBasePhoneLib@@@Z

?GetErrorMessageId@CStateMemoryDump@@IAE?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@PAUIBaseDumperModule@@@Z

?GetEstimatedRawDataSize@CStatFasade@Stat@@QAEIXZ

?GetEthernetData@CDataSource@@SAHAAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@0PAG@Z

?GetExtraInfoImplementator@CFunctions@@SAPBGPBG@Z

?GetExtracInfoCount@CExtraInfoImpl@@AAEIQBKI@Z

?GetFSSelectiveSupportByPhone@CStateMemoryDump@@QAEXPAUIPhone@@AAV?$vector@HV?$allocator@H@std@@@std@@@Z

?GetFailedContentMask@CEvidenceHelper@@UAEI_N@Z

?GetFailedContentMask@CStateReading@@MAEI_N@Z

?GetFamily@CEvidenceHelper@@UAE?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@_N@Z

?GetFamily@CStateReading@@MAE?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@_N@Z

?GetFileData@CStatFasade@Stat@@QAE_NPBGAAVCRawDataChunk@2@AAI@Z

?GetFilteredOutContentTypes@CStateReading@@QAE_KXZ

?GetFolderListInfo4FileDump@CFunctions@@CA_NPAUIPhone@@AAV?$map@V?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@V?$vector@V?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@V?$allocator@V?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@@2@@2@U?$less@V?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@@2@V?$allocator@U?$pair@$$CBV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@V?$vector@V?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@V?$allocator@V?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@@2@@2@@std@@@2@@std@@PBG@Z

?GetFolderListInfo4FileDump@CFunctions@@SA_NPAUIPhone@@AAV?$map@V?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@V?$vector@V?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@V?$allocator@V?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@@2@@2@U?$less@V?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@@2@V?$allocator@U?$pair@$$CBV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@V?$vector@V?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@V?$allocator@V?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@@2@@2@@std@@@2@@std@@PBGK@Z

?GetFolderPrefix@CStateMemoryDump@@IAE?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@W4EMenuItemId@@@Z

?GetFullExtract@ChatCaptureManager@@UAE?AW4ErrorCode@@V?$shared_ptr@$$CBUIChatCaptureCallback@@@std@@@Z

?GetGeneric@CEvidenceHelper@@UAEPAVIGenericStorage@@XZ

?GetGeneric@CStateReading@@MAEPAVIGenericStorage@@XZ

?GetHandsetInfo@CEvidenceHelper@@UAEPAUhandsetInfo@@_N@Z

?GetHandsetInfo@CStateReading@@MAEPAUhandsetInfo@@_N@Z

?GetHelp4Link@CHelpProvider@@IAE_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@W4eSide@@0AAV23@@Z

Sections

Size: 375KB - Virtual size: 964KB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

Size: 87KB - Virtual size: 347KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

Size: 3KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

Size: 42KB - Virtual size: 62KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_DISCARDABLE

IMAGE_SCN_MEM_READ

.edata
Size: 81KB - Virtual size: 81KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.idata
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 3.9MB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.boot
Size: 2.5MB - Virtual size: 2.5MB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

.reloc
Size: 16B - Virtual size: 4KB

IMAGE_SCN_MEM_READ

Copy to UFED4PC 7.60 Installation directory (Data file)/ufed copy to location DLL/InnerLoader.exe

.exe windows:6 windows x86 arch:x86

Code Sign

03:a3:43:19:c7:07:88:13:c1:21:d6:74:4a:ba:05:7e
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

27/12/2020, 00:00

Not After

03/01/2024, 23:59

Subject

CN=Cellebrite DI LTD,O=Cellebrite DI LTD,L=Petah Tikva,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign

KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23/12/2017, 00:00

Not After

22/03/2029, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

ed:1a:7d:6b:a2:38:6b:55:27:03:d8:a6:4e:30:ba:84:a7:02:e2:6a:91:a5:08:f6:d8:04:ba:5e:17:fa:dd:40
Signer

Actual PE Digest

ed:1a:7d:6b:a2:38:6b:55:27:03:d8:a6:4e:30:ba:84:a7:02:e2:6a:91:a5:08:f6:d8:04:ba:5e:17:fa:dd:40

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_32BIT_MACHINE

Sections

Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

Size: 33KB - Virtual size: 123KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

Size: 512B - Virtual size: 464B

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_DISCARDABLE

IMAGE_SCN_MEM_READ

.idata
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.rsrc
Size: 123KB - Virtual size: 123KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 3.7MB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.boot
Size: 2.3MB - Virtual size: 2.3MB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

Copy to UFED4PC 7.60 Installation directory (Data file)/ufed copy to location DLL/Knockout_Utils.dll

.dll windows:6 windows x86 arch:x86

Code Sign

03:a3:43:19:c7:07:88:13:c1:21:d6:74:4a:ba:05:7e
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

27/12/2020, 00:00

Not After

03/01/2024, 23:59

Subject

CN=Cellebrite DI LTD,O=Cellebrite DI LTD,L=Petah Tikva,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign

KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23/12/2017, 00:00

Not After

22/03/2029, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

cf:72:bf:ae:cd:3f:01:7e:12:79:8c:66:74:3b:a4:c9:8e:aa:e3:71:78:e6:2c:97:6f:c3:92:49:56:ec:4e:59
Signer

Actual PE Digest

cf:72:bf:ae:cd:3f:01:7e:12:79:8c:66:74:3b:a4:c9:8e:aa:e3:71:78:e6:2c:97:6f:c3:92:49:56:ec:4e:59

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_32BIT_MACHINE

IMAGE_FILE_DLL

Exports

??0CClientKnockoutBase@@QAE@ABV0@@Z

??0CClientKnockoutBase@@QAE@PAVCLowLevel@@PAUIBaseLink@@PAVINandreadDumper@@_N@Z

??0CFileRead@@QAE@ABV0@@Z

??0CFileRead@@QAE@PBGI@Z

??0CImageEdit@@QAE@ABV0@@Z

??0CImageEdit@@QAE@PBG0I0PAVCTransferIndicator@@0@Z

??0CImageEditKnockout@@QAE@ABV0@@Z

??0CImageEditKnockout@@QAE@PBG0IPAVCTransferIndicator@@00@Z

??0CImageEditKnockoutNG@@QAE@ABV0@@Z

??0CImageEditKnockoutNG@@QAE@PBG0IPAVCTransferIndicator@@000_N0@Z

??0CKnockoutNG3@@QAE@ABV0@@Z

??0CKnockoutNG3@@QAE@PBG000000@Z

??0IFileRead@@QAE@ABV0@@Z

??0IFileRead@@QAE@XZ

??0INandreadDumper@@QAE@ABV0@@Z

??0INandreadDumper@@QAE@XZ

??0PyInterpeter@@QAE@ABV0@@Z

??0PyInterpeter@@QAE@XZ

??0PythonClass@@QAE@ABV0@@Z

??0PythonClass@@QAE@XZ

??1CClientKnockoutBase@@UAE@XZ

??1CFileRead@@UAE@XZ

??1CImageEdit@@QAE@XZ

??1CImageEditKnockout@@UAE@XZ

??1CImageEditKnockoutNG@@QAE@XZ

??1CKnockoutNG3@@UAE@XZ

??1IFileRead@@UAE@XZ

??1INandreadDumper@@UAE@XZ

??1PyInterpeter@@UAE@XZ

??1PythonClass@@UAE@XZ

??4CClientKnockoutBase@@QAEAAV0@ABV0@@Z

??4CFileRead@@QAEAAV0@ABV0@@Z

??4CImageEdit@@QAEAAV0@ABV0@@Z

??4CImageEditKnockout@@QAEAAV0@ABV0@@Z

??4CImageEditKnockoutNG@@QAEAAV0@ABV0@@Z

??4CKnockoutNG3@@QAEAAV0@ABV0@@Z

??4CTimestampUtil@@QAEAAV0@$$QAV0@@Z

??4CTimestampUtil@@QAEAAV0@ABV0@@Z

??4IFileRead@@QAEAAV0@ABV0@@Z

??4INandreadDumper@@QAEAAV0@ABV0@@Z

??4PyInterpeter@@QAEAAV0@ABV0@@Z

??4PythonClass@@QAEAAV0@ABV0@@Z

??BPythonClass@@UAE?AVobject@pybind11@@XZ

??BPythonClass@@UBE?AVobject@pybind11@@XZ

??_7CClientKnockoutBase@@6B@

??_7CFileRead@@6B@

??_7CImageEdit@@6B@

??_7CImageEditKnockout@@6B@

??_7CImageEditKnockoutNG@@6B@

??_7CKnockoutNG3@@6BCImageEditKnockoutNG@@@

??_7CKnockoutNG3@@6BPythonClass@@@

??_7IFileRead@@6B@

??_7INandreadDumper@@6B@

??_7PyInterpeter@@6B@

??_7PythonClass@@6B@

?Close@CFileRead@@QAEXXZ

?EditImage@CImageEdit@@UAE_NXZ

?EditImage@CKnockoutNG3@@UAE_NXZ

?FollowSymLink@CClientKnockoutBase@@IAE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@ABV23@@Z

?GetBlkDevName@CClientKnockoutBase@@IAE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@ABV23@@Z

?GetDataPartition@CClientKnockoutBase@@QAE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ

?GetDataPartitionPath@CClientKnockoutBase@@IAE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@ABV23@0@Z

?GetDataPath@PyInterpeter@@AAE?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@XZ

?GetDumperRestarter@CClientKnockoutBase@@QAEPAVIDumperRestart@@XZ

?GetFSTab@CClientKnockoutBase@@MAE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@ABV23@@Z

?GetFileSize@CFileRead@@KA_JPAU_iobuf@@@Z

?GetLibsDirectory@PyInterpeter@@AAE?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@XZ

?GetPartition@CClientKnockoutBase@@QAE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@ABV23@@Z

?GetPartitionSize@CClientKnockoutBase@@IAE_NV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AA_K@Z

?GetPythonPathFromFileName@CKnockoutNG3@@IAE?AVobject@pybind11@@ABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@@Z

?GetSerialNumber@CClientKnockoutBase@@QAE?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@XZ

?Init@CImageEdit@@UAE_NXZ

?IsDeviceFBE@CClientKnockoutBase@@QAE_NXZ

?IsEncrypted@CClientKnockoutBase@@QAE_NXZ

?IsInitialized@INandreadDumper@@UAE_NXZ

?IsOpen@CFileRead@@UAE_NXZ

?IsReadOnly@CClientKnockoutBase@@QAE_NXZ

?IsUsingDumpClient@CClientKnockoutBase@@QBE_NXZ

?PerformPasswordRemoval@CClientKnockoutBase@@QAE_NXZ

?PerformRevertPasswordRemoval@CClientKnockoutBase@@QAE_NXZ

?Pos64@CFileRead@@UAE_JXZ

?Pos@CFileRead@@QAEIXZ

?Read@CFileRead@@UAE_NPAEI@Z

?RemountDataPartition@CClientKnockoutBase@@QAE_NXZ

?RemoveOrRevertPasswordWithReadOnlyFs@CClientKnockoutBase@@QAE_N_N@Z

?ReplaceAdbKeys@CImageEdit@@UAE_NXZ

?Run@CImageEdit@@MAE_NXZ

?Run@CKnockoutNG3@@MAE_NXZ

?SEOutForContext@CImageEditKnockoutNG@@QAE_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@0@Z

?Seek@CFileRead@@QAE_NI@Z

?SetNandreadName@CClientKnockoutBase@@QAEXABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z

?SetPythonPath@PyInterpeter@@AAEXXZ

?SetSkipChecktForBootComplete@CClientKnockoutBase@@QAEX_N@Z

?Size64@CFileRead@@UAE_JXZ

?Size@CFileRead@@QAEIXZ

?StartNandRead@CClientKnockoutBase@@QAE_N_N0@Z

?StopNandread@CClientKnockoutBase@@QAE_NXZ

?TrimWhiteSpace@CClientKnockoutBase@@IAEXAAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z

?TryDeleteFilesOnDevice@CClientKnockoutBase@@QAEXXZ

?UnpackNandread@CImageEditKnockout@@UAEXXZ

?UnpackNandread@CImageEditKnockoutNG@@UAEXXZ

?UseOldWatchdog@CImageEdit@@UAEX_N@Z

?WaitForDevice@CClientKnockoutBase@@QAE_NIII@Z

?WaitForDeviceAndCheckSerial@CClientKnockoutBase@@QAE_NIII@Z

?WriteFile@CImageEdit@@KAXABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@3@@Z

?__autoclassinit2@CFileRead@@QAEXI@Z

?addToPythonPaths@PythonClass@@UAEXABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@@Z

?getAdbKeysPath@CImageEditKnockoutNG@@QAE?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@XZ

?getRamdiskPathFromBootImage@CImageEditKnockoutNG@@AAE?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@ABV23@0@Z

?get_class_name@PythonClass@@UAE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ

?get_python_class@PythonClass@@UAE?AVobject@pybind11@@XZ

?isSpblobRemove@CClientKnockoutBase@@IAE_NXZ

?isSuccess@CImageEdit@@MAE_NXZ

?isSuccess@CKnockoutNG3@@MAE_NXZ

?packRamdisk@CImageEditKnockoutNG@@QAE_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@0@Z

?refcount@PyInterpeter@@2IA

?replaceWatchdog@CImageEdit@@MAEXABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@@Z

?replaceWatchdog@CImageEditKnockoutNG@@MAEXABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@@Z

?runExe@CImageEdit@@IAE_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@@Z

?unpackAndroidImage@CImageEditKnockoutNG@@QAE?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@ABV23@0@Z

?unpackBootOnly@CImageEditKnockoutNG@@QAE_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@0@Z

?unpackRamDisk@CImageEditKnockoutNG@@QAE_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@0@Z

Sections

Size: 114KB - Virtual size: 273KB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

Size: 19KB - Virtual size: 70KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

Size: 1024B - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

Size: 10KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_DISCARDABLE

IMAGE_SCN_MEM_READ

.edata
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.idata
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 3.7MB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.boot
Size: 2.4MB - Virtual size: 2.4MB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

.reloc
Size: 16B - Virtual size: 4KB

IMAGE_SCN_MEM_READ

Copy to UFED4PC 7.60 Installation directory (Data file)/ufed copy to location DLL/MnmClient.dll

.dll windows:6 windows x86 arch:x86

Code Sign

03:a3:43:19:c7:07:88:13:c1:21:d6:74:4a:ba:05:7e
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

27/12/2020, 00:00

Not After

03/01/2024, 23:59

Subject

CN=Cellebrite DI LTD,O=Cellebrite DI LTD,L=Petah Tikva,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign

KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23/12/2017, 00:00

Not After

22/03/2029, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

4c:35:a8:57:ea:c7:7b:5a:1c:e5:5c:1c:f0:cb:a1:2e:90:7d:d0:43:17:ef:9b:94:23:c8:fd:04:e9:fe:14:78
Signer

Actual PE Digest

4c:35:a8:57:ea:c7:7b:5a:1c:e5:5c:1c:f0:cb:a1:2e:90:7d:d0:43:17:ef:9b:94:23:c8:fd:04:e9:fe:14:78

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_32BIT_MACHINE

IMAGE_FILE_DLL

Exports

??4CTimestampUtil@@QAEAAV0@$$QAV0@@Z

??4CTimestampUtil@@QAEAAV0@ABV0@@Z

?Clear@CMnmExtractionFsReadResponse@@QAEXXZ

?Clear@CMnmExtractionMdReadResponse@@QAEXXZ

?Clear@CMnmExtractionReadResponse@@QAEXXZ

?Clear@CMnmLogResponse@@QAEXXZ

?Clear@CMnmNARExtractionReadMetadataResponse@@QAEXXZ

?GetAdvertisingIdentifier@CMnmGetPlatformInfoResponse@@QBE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ

?GetArchitecture@CMnmGetPlatformInfoResponse@@QBE_KXZ

?GetAttemptCount@CMnmBruteforceGetStatusResponse@@QBE_KXZ

?GetAttemptDetails@CMnmBruteforceGetStatusResponse@@QBE?AVCBruteforceStatusAttemptDetails@1@XZ

?GetBatteryLevel@CMnmGetPlatformInfoResponse@@QBENXZ

?GetCanBruteforce@CMnmGetLockInfoResponse@@QBE_NXZ

?GetCanUnlock@CMnmGetLockInfoResponse@@QBE_NXZ

?GetClassKeys@CMnmGetLockInfoResponse@@QBE?AV?$map@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V?$vector@DV?$allocator@D@std@@@2@U?$less@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@V?$allocator@U?$pair@$$CBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V?$vector@DV?$allocator@D@std@@@2@@std@@@2@@std@@XZ

?GetClassKeys@CMnmKeyChainClassKeysResponse@@QBE?AV?$map@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V?$vector@DV?$allocator@D@std@@@2@U?$less@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@V?$allocator@U?$pair@$$CBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V?$vector@DV?$allocator@D@std@@@2@@std@@@2@@std@@XZ

?GetCompiledTime@CMnmGetVersionResponse@@QBE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ

?GetContinue@CMnmExtractionMdReadResponse@@QBE_NXZ

?GetCorrectPasscode@CMnmBruteforceGetStatusResponse@@QBE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ

?GetCorrectPasscode@CMnmGetPersistentDataResponse@@QBE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ

?GetCorrectPasscodeExists@CMnmBruteforceGetStatusResponse@@QBE_NXZ

?GetCorrectPasscodeExists@CMnmGetPersistentDataResponse@@QBE_NXZ

?GetCount@CMnmExtractionMdReadResponse@@QBE_KXZ

?GetCount@CMnmNARExtractionReadMetadataResponse@@QBE_KXZ

?GetDIMEI@CMnmBruteforceGetHintsResponse@@QBE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ

?GetData@CMnmExtractionFsReadResponse@@QBEABV?$vector@DV?$allocator@D@std@@@std@@XZ

?GetData@CMnmExtractionTestResponse@@QBE?AV?$vector@DV?$allocator@D@std@@@std@@XZ

?GetData@CMnmKeyChainResponse@@QBE?AV?$vector@DV?$allocator@D@std@@@std@@XZ

?GetData@CMnmNARExtractionReadMetadataResponse@@QBEABV?$list@UNarMetadataStruct@@V?$allocator@UNarMetadataStruct@@@std@@@std@@XZ

?GetDeviceUserName@CMnmGetPlatformInfoResponse@@QBE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ

?GetDictDetails@CMnmBruteforceGetStatusResponse@@QBE?AVCBruteforceStatusDictDetails@1@XZ

?GetDiskUsage@CMnmGetPlatformInfoResponse@@QBE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ

?GetEcid@CMnmGetPlatformInfoResponse@@QBE_KXZ

?GetEncryptedLog@CMnmLogResponse@@QBEABV?$vector@DV?$allocator@D@std@@@std@@XZ

?GetError@CMnmExtractionFsReadResponse@@QBEABV?$vector@DV?$allocator@D@std@@@std@@XZ

?GetExtractionProgress@CMnmOtpResponse@@QBENXZ

?GetExtractionStatus@CMnmExtractionStatusResponse@@QBE?AW4EExtractionStatus@1@XZ

?GetExtractionStatusAsString@CMnmExtractionStatusResponse@@QBE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ

?GetExtractionType@CMnmExtractionStatusResponse@@QBE?AW4EExtractionType@1@XZ

?GetGoldilocksState@CMnmGetLockInfoResponse@@QBE?AW4EGoldilocksState@1@XZ

?GetGoldilocksStateString@CMnmGetLockInfoResponse@@QBE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ

?GetHasRomBpr@CMnmGetPlatformInfoResponse@@QBE_NXZ

?GetICCID@CMnmBruteforceGetHintsResponse@@QBE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ

?GetIMEI@CMnmBruteforceGetHintsResponse@@QBE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ

?GetIccid@CMnmGetPlatformInfoResponse@@QBE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ

?GetImei@CMnmGetPlatformInfoResponse@@QBE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ

?GetInProgress@CMnmBruteforceGetStatusResponse@@QBE_KXZ

?GetIsDeviceUnlockedSinceBoot@CMnmIsDeviceUnlockedSinceBootResponse@@QBE_NXZ

?GetIsExtractionInProgress@CMnmOtpResponse@@QBE_NXZ

?GetIsFinished@CMnmNARExtractionReadMetadataResponse@@QBE_NXZ

?GetIsInstalled@CMnmInstallationStatusResponse@@QBE_NXZ

?GetIsLogEncrypted@CMnmLogResponse@@QBE_NXZ

?GetIsPasscodeProtected@CMnmIsPasscodeProtectedResponse@@QBE_NXZ

?GetKeybagDetails@CMnmGetLockInfoResponse@@QBE?AVCLockInfoKeybagDetails@1@XZ

?GetLastAttemptedIndex@CMnmGetPersistentDataResponse@@QBE_KXZ

?GetLastDictionaryUniqueId@CMnmGetPersistentDataResponse@@QBE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ

?GetLockers@CMnmGetLockInfoResponse@@QBE?AV?$map@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V?$vector@DV?$allocator@D@std@@@2@U?$less@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@V?$allocator@U?$pair@$$CBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V?$vector@DV?$allocator@D@std@@@2@@std@@@2@@std@@XZ

?GetLog@CMnmLogResponse@@QBE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ

?GetLogicalErrorId@CMnmResponse@@QBE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ

?GetMSISDN@CMnmBruteforceGetHintsResponse@@QBE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ

?GetMailAccounts@CMnmBruteforceGetHintsResponse@@QBEABV?$vector@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V?$allocator@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@@std@@XZ

?GetMarketingName@CMnmGetPlatformInfoResponse@@QBE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ

?GetMnmFlavor@CMnmGetPlatformInfoResponse@@QBE?AW4EMnmFlavor@1@XZ

?GetMnmFlavorString@CMnmGetPlatformInfoResponse@@QBE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ

?GetModel@CMnmGetPlatformInfoResponse@@QBE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ

?GetModelFriendlyName@CMnmGetPlatformInfoResponse@@QBE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ

?GetOffset@CMnmExtractionFsReadResponse@@QBE_KXZ

?GetOsVersion@CMnmGetPlatformInfoResponse@@QBE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ

?GetOtpData@CMnmOtpResponse@@QBEABV?$vector@DV?$allocator@D@std@@@std@@XZ

?GetPartitionType@CMnmExtractionMdReadResponse@@QBE?AW4EPartitionType@1@XZ

?GetPartitionType@CMnmExtractionStatusResponse@@QBE?AW4EPartitionType@1@XZ

?GetPasscodeType@CMnmGetLockInfoResponse@@QBE?AW4EPasscodeType@1@XZ

?GetPasscodeTypeString@CMnmGetLockInfoResponse@@QBE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ

?GetPort@CMnmNARExtractionStartSessionResponse@@QBE_KXZ

?GetRamDiskVersion@CMnmGetPlatformInfoResponse@@QBE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ

?GetSegmentDetails@CMnmBruteforceGetStatusResponse@@QBE?AVCBruteforceStatusSegmentDetails@1@XZ

?GetSeshatDetails@CMnmGetLockInfoResponse@@QBE?AVCLockInfoSeshatDetails@1@XZ

?GetSessionId@CMnmNARExtractionStartSessionResponse@@QBE_KXZ

?GetSessionStatus@CMnmNARExtractionSessionStatusResponse@@QBE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ

?GetSlowBruteforce@CMnmGetLockInfoResponse@@QBE_NXZ

?GetStartedIndex@CMnmBruteforceGetStatusResponse@@QBE_KXZ

?GetTotal@CMnmExtractionReadResponse@@QBE_KXZ

?GetTree@CMnmExtractionMdReadResponse@@QBEABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ

?GetVersion@CMnmGetVersionResponse@@QBE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ

?HasLogicalError@CMnmResponse@@QBE_NXZ

?IsBruteforceInProgress@CMnmBruteforceGetStatusResponse@@QBE_NXZ

_CreateMnmClient@8

Sections

Size: 44KB - Virtual size: 141KB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

Size: 9KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

Size: 512B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

Size: 6KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_DISCARDABLE

IMAGE_SCN_MEM_READ

.edata
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.idata
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 3.9MB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.boot
Size: 2.5MB - Virtual size: 2.5MB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

.reloc
Size: 16B - Virtual size: 4KB

IMAGE_SCN_MEM_READ

Copy to UFED4PC 7.60 Installation directory (Data file)/ufed copy to location DLL/ToolsDucatiHardRestore.dll

.dll windows:6 windows x86 arch:x86

Code Sign

03:a3:43:19:c7:07:88:13:c1:21:d6:74:4a:ba:05:7e
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

27/12/2020, 00:00

Not After

03/01/2024, 23:59

Subject

CN=Cellebrite DI LTD,O=Cellebrite DI LTD,L=Petah Tikva,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign

KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23/12/2017, 00:00

Not After

22/03/2029, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

7d:35:84:1b:3e:94:a6:50:a4:a8:ad:d3:d5:ab:10:fd:47:95:b6:d0:43:20:58:52:b9:51:1c:f3:d3:0f:61:2b
Signer

Actual PE Digest

7d:35:84:1b:3e:94:a6:50:a4:a8:ad:d3:d5:ab:10:fd:47:95:b6:d0:43:20:58:52:b9:51:1c:f3:d3:0f:61:2b

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_32BIT_MACHINE

IMAGE_FILE_DLL

Exports

??0Analayzer@@QAE@ABV0@@Z

??0CFileRead@@QAE@ABV0@@Z

??0CFileRead@@QAE@PBGI@Z

??0CFileWrite@@QAE@ABV0@@Z

??0CFileWrite@@QAE@PBG0I@Z

??0CFileWrite@@QAE@PBGI@Z

??0CsvFile@@QAE@ABV0@@Z

??0FridaCoreEprProivder@@QAE@$$QAV0@@Z

??0FridaScriptResult@@QAE@$$QAU0@@Z

??0FridaScriptResult@@QAE@ABU0@@Z

??0FridaScriptResult@@QAE@XZ

??0FridaTarget@@QAE@$$QAU0@@Z

??0FridaTarget@@QAE@ABU0@@Z

??0FridaTarget@@QAE@XZ

??0IDumpLister@@QAE@$$QAV0@@Z

??0IDumpLister@@QAE@ABV0@@Z

??0IDumpLister@@QAE@XZ

??0IFileRead@@QAE@ABV0@@Z

??0IFileRead@@QAE@XZ

??0IFridaCoreProivder@@QAE@ABV0@@Z

??0IFridaCoreProivder@@QAE@XZ

??0PythonClass@@QAE@ABV0@@Z

??0Regs@@QAE@ABV0@@Z

??0ResultHandler@@QAE@ABV0@@Z

??0SearchParams@@QAE@ABV0@@Z

??0Segment@@QAE@ABV0@@Z

??1Analayzer@@UAE@XZ

??1AndroidFridaCoreInterface@@UAE@XZ

??1CFileRead@@UAE@XZ

??1CFileWrite@@UAE@XZ

??1FridaCoreEprProivder@@UAE@XZ

??1FridaScriptResult@@QAE@XZ

??1FridaTarget@@QAE@XZ

??1IFileRead@@UAE@XZ

??1IFridaCoreDeviceInterface@@UAE@XZ

??1IFridaCoreProivder@@UAE@XZ

??1ResultHandler@@UAE@XZ

??1SearchParams@@UAE@XZ

??1Segment@@UAE@XZ

??4Analayzer@@QAEAAV0@ABV0@@Z

??4CFileRead@@QAEAAV0@ABV0@@Z

??4CFileWrite@@QAEAAV0@ABV0@@Z

??4CTimestampUtil@@QAEAAV0@$$QAV0@@Z

??4CTimestampUtil@@QAEAAV0@ABV0@@Z

??4CsvFile@@QAEAAV0@ABV0@@Z

??4FridaCoreExecutor@@QAEAAV0@$$QAV0@@Z

??4FridaCoreExecutor@@QAEAAV0@ABV0@@Z

??4FridaTarget@@QAEAAU0@$$QAU0@@Z

??4FridaTarget@@QAEAAU0@ABU0@@Z

??4IDumpLister@@QAEAAV0@$$QAV0@@Z

??4IDumpLister@@QAEAAV0@ABV0@@Z

??4IFileRead@@QAEAAV0@ABV0@@Z

??4IFridaCoreProivder@@QAEAAV0@ABV0@@Z

??4PyInterpeter@@QAEAAV0@ABV0@@Z

??4PythonClass@@QAEAAV0@ABV0@@Z

??4Regs@@QAEAAV0@ABV0@@Z

??4ResultHandler@@QAEAAV0@ABV0@@Z

??4SearchParams@@QAEAAV0@ABV0@@Z

??4Segment@@QAEAAV0@ABV0@@Z

??_7Analayzer@@6B@

??_7CFileRead@@6B@

??_7CFileWrite@@6B@

??_7CsvFile@@6B@

??_7FridaCoreEprProivder@@6B@

??_7IDumpLister@@6B@

??_7IFileRead@@6B@

??_7IFridaCoreProivder@@6B@

??_7PythonClass@@6B@

??_7Regs@@6B@

??_7ResultHandler@@6B@

??_7SearchParams@@6B@

??_7Segment@@6B@

?Close@CFileRead@@QAEXXZ

?Close@CFileWrite@@QAE_NXZ

?CloseDumpListFile@CDumpListerFacade@@UAE?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@XZ

?FetchFileListFromAllIncludes@CDumpListerFacade@@UAE_NXZ

?FetchFilesList@CDumpListerFacade@@UAE_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z

?FetchMoreFilesAndDirsToLists@CDumpListerFacade@@UAE_NAAH0@Z

?FlushCachedData@CFileWrite@@QAE_NXZ

?GetFileSize@CFileRead@@KA_JPAU_iobuf@@@Z

?GetNextPath@CDumpListerFacade@@UAE?AUPathInfo@IDumpLister@@XZ

?GetNumberOfFiles@CDumpListerFacade@@UAEIXZ

?GetStatusCountersVector@CDumpListerFacade@@UAE?AV?$vector@IV?$allocator@I@std@@@std@@XZ

?GetTempPathW@CDumpListerFacade@@UAE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ

?GetTotalFilesCount@CDumpListerFacade@@UAE_NAA_K@Z

?GetTotalFilesSize@CDumpListerFacade@@UAE_NAA_K@Z

?IsOpen@CFileRead@@UAE_NXZ

?IsReady@CFileWrite@@QAE_NXZ

?ListingEnded@CDumpListerFacade@@UAE_NXZ

?Open@CFileWrite@@QAE_NPBG_N@Z

?Pos64@CFileRead@@UAE_JXZ

?Pos@CFileRead@@QAEIXZ

?Read@CFileRead@@UAE_NPAEI@Z

?Rename@CFileWrite@@SA_NPBG0@Z

?ResetFilesAndDirsList@CDumpListerFacade@@UAEXXZ

?Seek@CFileRead@@QAE_NI@Z

?Seek@CFileWrite@@QAE_NI@Z

?SetApplicationMessageCallback@CDumpListerFacade@@UAEXV?$function@$$A6AXVCStringArg@@V?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@_KI@Z@std@@@Z

?SetApplicationMessageCallback@IDumpLister@@UAEXV?$function@$$A6AXVCStringArg@@V?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@_KI@Z@std@@@Z

?SetFileMetaDataCallback@CDumpListerFacade@@UAEXV?$function@$$A6A?AUFileMetaData@IDumpLister@@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z@std@@@Z

?SetFileMetaDataCallback@IDumpLister@@UAEXV?$function@$$A6A?AUFileMetaData@IDumpLister@@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z@std@@@Z

?SetFileStatus@CDumpListerFacade@@UAEXABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@W4FileStatus@IDumpLister@@PAU_DWE_file_data@@PAUFileMetaData@5@@Z

?SetFolderList@CDumpListerFacade@@UAEXAAVCFoldersInfo@@@Z

?SetFolderList@IDumpLister@@UAEXAAVCFoldersInfo@@@Z

?SetFolderNotificationCallback@CDumpListerFacade@@UAEXV?$function@$$A6AXABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z@std@@@Z

?SetFolderNotificationCallback@IDumpLister@@UAEXV?$function@$$A6AXABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z@std@@@Z

?SetPassword@AndroidDeviceDecrypt@@UAEXV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z

?SetTarget@CDumpListerFacade@@UAEXPAUIDumperTargetCallback@@@Z

?SetTarget@IDumpLister@@UAEXPAUIDumperTargetCallback@@@Z

?Size64@CFileRead@@UAE_JXZ

?Size@CFileRead@@QAEIXZ

?StartFetchFilesAndDirectoriesLists@CDumpListerFacade@@UAE_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@_N@Z

?UpdateFilesCount@CDumpListerFacade@@UAE_NXZ

?Write@CFileWrite@@QAE_NPBEI@Z

?__autoclassinit2@CFileRead@@QAEXI@Z

CreateObject

Sections

Size: 201KB - Virtual size: 525KB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

Size: 43KB - Virtual size: 156KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

Size: 2KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

Size: 25KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_DISCARDABLE

IMAGE_SCN_MEM_READ

.edata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.idata
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 3.7MB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.boot
Size: 2.3MB - Virtual size: 2.3MB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

.reloc
Size: 16B - Virtual size: 4KB

IMAGE_SCN_MEM_READ

Copy to UFED4PC 7.60 Installation directory (Data file)/ufed copy to location DLL/ToolsLGFixBootLoader.dll

.dll windows:6 windows x86 arch:x86

Code Sign

03:a3:43:19:c7:07:88:13:c1:21:d6:74:4a:ba:05:7e
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

27/12/2020, 00:00

Not After

03/01/2024, 23:59

Subject

CN=Cellebrite DI LTD,O=Cellebrite DI LTD,L=Petah Tikva,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign

KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23/12/2017, 00:00

Not After

22/03/2029, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

d0:a0:ed:05:dd:bc:cb:84:bf:29:7f:8b:62:bb:7d:0e:83:ce:c4:d9:c5:e2:f3:60:41:77:3b:cc:37:65:2d:e8
Signer

Actual PE Digest

d0:a0:ed:05:dd:bc:cb:84:bf:29:7f:8b:62:bb:7d:0e:83:ce:c4:d9:c5:e2:f3:60:41:77:3b:cc:37:65:2d:e8

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_32BIT_MACHINE

IMAGE_FILE_DLL

Exports

??0CFileRead@@QAE@ABV0@@Z

??0CFileRead@@QAE@PBGI@Z

??0CsvFile@@QAE@ABV0@@Z

??0IFileRead@@QAE@ABV0@@Z

??0IFileRead@@QAE@XZ

??1CFileRead@@UAE@XZ

??1IFileRead@@UAE@XZ

??4CFileRead@@QAEAAV0@ABV0@@Z

??4CTimestampUtil@@QAEAAV0@$$QAV0@@Z

??4CTimestampUtil@@QAEAAV0@ABV0@@Z

??4CsvFile@@QAEAAV0@ABV0@@Z

??4IFileRead@@QAEAAV0@ABV0@@Z

??_7CFileRead@@6B@

??_7CsvFile@@6B@

??_7IFileRead@@6B@

?Close@CFileRead@@QAEXXZ

?GetFileSize@CFileRead@@KA_JPAU_iobuf@@@Z

?IsOpen@CFileRead@@UAE_NXZ

?Pos64@CFileRead@@UAE_JXZ

?Pos@CFileRead@@QAEIXZ

?Read@CFileRead@@UAE_NPAEI@Z

?Seek@CFileRead@@QAE_NI@Z

?Size64@CFileRead@@UAE_JXZ

?Size@CFileRead@@QAEIXZ

?__autoclassinit2@CFileRead@@QAEXI@Z

CreateObject

Sections

Size: 102KB - Virtual size: 246KB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

Size: 16KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

Size: 9KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_DISCARDABLE

IMAGE_SCN_MEM_READ

.edata
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.idata
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 3.9MB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.boot
Size: 2.5MB - Virtual size: 2.5MB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

Copy to UFED4PC 7.60 Installation directory (Data file)/ufed copy to location DLL/ToolsVinculumFirmwareFlash.dll

.dll windows:6 windows x86 arch:x86

Code Sign

03:a3:43:19:c7:07:88:13:c1:21:d6:74:4a:ba:05:7e
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

27/12/2020, 00:00

Not After

03/01/2024, 23:59

Subject

CN=Cellebrite DI LTD,O=Cellebrite DI LTD,L=Petah Tikva,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign

KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23/12/2017, 00:00

Not After

22/03/2029, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

2b:4c:e2:45:0c:63:e1:fb:f9:37:ca:c2:97:84:07:96:b8:64:0b:8e:77:69:f2:10:30:2b:13:2c:91:7a:c3:b7
Signer

Actual PE Digest

2b:4c:e2:45:0c:63:e1:fb:f9:37:ca:c2:97:84:07:96:b8:64:0b:8e:77:69:f2:10:30:2b:13:2c:91:7a:c3:b7

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_32BIT_MACHINE

IMAGE_FILE_DLL

Exports

??0CFileRead@@QAE@ABV0@@Z

??0CFileRead@@QAE@PBGI@Z

??0CFileWrite@@QAE@ABV0@@Z

??0CFileWrite@@QAE@PBG0I@Z

??0CFileWrite@@QAE@PBGI@Z

??0IFileRead@@QAE@ABV0@@Z

??0IFileRead@@QAE@XZ

??1CFileRead@@UAE@XZ

??1CFileWrite@@UAE@XZ

??1IFileRead@@UAE@XZ

??4CFileRead@@QAEAAV0@ABV0@@Z

??4CFileWrite@@QAEAAV0@ABV0@@Z

??4CTimestampUtil@@QAEAAV0@$$QAV0@@Z

??4CTimestampUtil@@QAEAAV0@ABV0@@Z

??4IFileRead@@QAEAAV0@ABV0@@Z

??_7CFileRead@@6B@

??_7CFileWrite@@6B@

??_7IFileRead@@6B@

?Close@CFileRead@@QAEXXZ

?Close@CFileWrite@@QAE_NXZ

?FlushCachedData@CFileWrite@@QAE_NXZ

?GetFileSize@CFileRead@@KA_JPAU_iobuf@@@Z

?IsOpen@CFileRead@@UAE_NXZ

?IsReady@CFileWrite@@QAE_NXZ

?Open@CFileWrite@@QAE_NPBG_N@Z

?Pos64@CFileRead@@UAE_JXZ

?Pos@CFileRead@@QAEIXZ

?Read@CFileRead@@UAE_NPAEI@Z

?Rename@CFileWrite@@SA_NPBG0@Z

?Seek@CFileRead@@QAE_NI@Z

?Seek@CFileWrite@@QAE_NI@Z

?Size64@CFileRead@@UAE_JXZ

?Size@CFileRead@@QAEIXZ

?Write@CFileWrite@@QAE_NPBEI@Z

?__autoclassinit2@CFileRead@@QAEXI@Z

CreateObject

Sections

Size: 64KB - Virtual size: 143KB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

Size: 11KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

Size: 1024B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

Size: 6KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_DISCARDABLE

IMAGE_SCN_MEM_READ

.edata
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.idata
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 3.7MB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.boot
Size: 2.4MB - Virtual size: 2.4MB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

Copy to UFED4PC 7.60 Installation directory (Data file)/ufed copy to location DLL/cld.dll

.dll windows:6 windows x86 arch:x86

Code Sign

03:a3:43:19:c7:07:88:13:c1:21:d6:74:4a:ba:05:7e
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

27/12/2020, 00:00

Not After

03/01/2024, 23:59

Subject

CN=Cellebrite DI LTD,O=Cellebrite DI LTD,L=Petah Tikva,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign

KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23/12/2017, 00:00

Not After

22/03/2029, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

49:28:22:2f:e7:c3:8a:29:fd:d5:01:df:a7:4a:f7:2f:ef:14:59:f1:e1:a0:49:0d:0e:8f:11:7f:9a:2d:05:0d
Signer

Actual PE Digest

49:28:22:2f:e7:c3:8a:29:fd:d5:01:df:a7:4a:f7:2f:ef:14:59:f1:e1:a0:49:0d:0e:8f:11:7f:9a:2d:05:0d

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_32BIT_MACHINE

IMAGE_FILE_DLL

Exports

cellebrite_end_decrypt

cellebrite_get_char

cellebrite_init_decrypt_module

cellebrite_init_new_python_file

cellebrite_init_new_python_file_with_fd

Sections

Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

Size: 1024B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

Size: 512B - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

Size: 512B - Virtual size: 444B

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_DISCARDABLE

IMAGE_SCN_MEM_READ

.edata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 3.5MB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.boot
Size: 2.2MB - Virtual size: 2.2MB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

Copy to UFED4PC 7.60 Installation directory (Data file)/ufed copy to location DLL/cryptbase.dll

.dll windows:6 windows x86 arch:x86

3200fa705ebabc7aec80efbf4c8ca791

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_32BIT_MACHINE

IMAGE_FILE_DLL

Imports

kernel32

WriteProcessMemory

GetSystemTimeAsFileTime

LocalAlloc

LocalFree

GetModuleFileNameW

ExitProcess

LoadLibraryA

GetModuleHandleA

GetProcAddress

user32

MessageBoxA

CharUpperBuffW

Exports

ɱڋИYȅ�E�h�z�2��v��f��ۡP�t5_��4V��%:��W��z%GՅ��űDs/� �=��6��D7�MS��&�:��#�m�e�2M��>>{��LѴ��wŋ�-��j.z%�x�4NZR�*վ>X��Wm;�+aD�Q�@k��mp��&��2�нi��ݤ��L`��q�)�y��y3�^��7E�Ǭ*��#��v=�� x�]$B[�� v�n�}{�>侾EX�F�h4��h��JH��7/�`#6�Rg��_9=/��Y��*��`�ϟG�K�0ke+��G.c�� h}��/B��Wh�o�\96EnO�C�l��1ն��y�sZ�� _��XKNG�/ށ�`��¾/+��K2Q��Hk8c�]JUXV6u�<�qVp|b�vd��G�{��!��N�>C�6hS��!�_�ӄO��C��E�r�<Y�>u ��&v��o�Q�EPx�ή��l�i~ҳ��x@Y;T��\j��8�A�7�Ox��Qu��, |~1Ƿ�Ls3�!��뺰�G7��Ï�-"�� G��/��$Aod��mjv9d�P�Hu��SZ��L��l)K��W?\翕â&��jS ��I�Qd�(��',��j�z�|��L��B4hU��a��p�xXܜ�m�륒Pͤ�A�Ĵ)c�}5�E�=�c��?RE� �_K�K~t-�]y!��ډL�9��0i�<"a ��f� ��E��d$/�Od%�n��bf�| �9$��a�,��M��~A�D�(zaB��:�BI��M��Q7r��| �RkCT{y&��b��j%u>G{J�y��#jٝ=e��e�JϩB'_c_ߚ(3��.��Z��I=�XG��:��p�b��퇱-�}<S��O��^�� J�� K�u�N��|��A/��:�vBP|�\��RU��:�i�x�\��g��<�ENr��F뿣=��y%l.��R~zn��V4�M(��!/�$��j>7�$^)�O?�;�4��T�:��+ ?��AA.�c��㨝_1��g��r��Z]��!s��7�;�.~OZ��P@�� e�LH��V�jp�:F��B@�6�U��O m�4��#�u�h�|��O�R&��U�E�`1��ȝ7�"5�TboX ~!�k7v�Kn�Z��$kY6��g*�ҁ�6р'?��C��e"m ٠��n�$��"F��1�a�d��ю�'��d�o �+��.��h��&��=��sPIR��@�ܑ�4A��!�T7�#~#��-G۷P��/C��~�d�3f��"ٗS�?��'t��[p�v�g��h�t�Dy�o��kS{��\J�� ծ"a^�J�r{��Se�Ylz�F�wKu�;GA��I��h��d��;��}�h�W��.%s-$V4W�9��S�;lr 2G�-쮨qI�2��qk��M2c��+�˙� ��Z�l9Y��te�0�3wcf4�%iw�}�w�+v�%P��m��P�40~��W�%0F�z�\lP֝��lrG]�2Z��7o�w�"��;��q�$�9#��5�I�P��(c��Gغ��t�r0�Ī�Aŀ�Jp�'�+~^��>��np��>�Y��u#�9�6�k*�(��)d�}��C�� KF��p�j11^~�G��C'S�|l��q�%��f�*�`��oc�>�/��Sw�lYi��j��ZtW*�/��83��3�seϐKc��O�)�s($B[u��b%p�!��5G��AD{�nM&FG��u'�=n95x��R�:�� ֊��Oq�Rs]�VޒDdSvo��L��J� c�p�&c�`y'<@I��g�0�ˮ*�Il��mf�� f�*�ԎG��?ɓQft��p9o��0#��K2 4��fQ@�<}��pՓ�~� ��5�GF0�eeS��u)�9*�U��`fR��Q�l0/�邷Ǭ��p�,��o�/Dڇ�;43(87�G:�-F��=��chY�í��JJ��8��5;��d��!��w��)�@1��>�BP�7��P��h�1��uj�O�\��j'�bK�c4��11$��# 9g{�#6��4Kg�;��|L�bf�G�(i�L��2pT`Srns.L��b��x� ��oo��ٔM�� ZPvQ�%:��&�ӳH8G�T��=D\h5oE�/sg��<��$b�|��d}��/2��u͎�7��iK�.�Q�G��*��L4�V,`/�6�Q�>�cЩ�ז8V훏��D��y[�?{��s ��F�~=l,��d�WP4qňu�貨j��$��'�k�j�`c�+W�`�/ᖾ�R��n��)��(�(��9oz��4w�Q�U�L��r��!$IhW�q�%��ʬ��7�v��X�@/��,��;OVְ��e��U��z�ե�L��g� ��Z�sYc[��դ��ٌ�%�'G��iiW:lh�z��?��M0J]C9�y��V$��K@�Zws3�@J�f8$�z�{�q��-�~Q ��7 ��I��.�j�|0��H_�QqeV:~G�RH"��0�%�R)�r�|��;t�!Yk�N�Z>8pBe�?��b��z(�c�+��+��8:�fR�BفQ��Nb&@ӕ��a��R��,|_<DCc�B��1(=�E=e��NȾ*>��0PV�RO6��@�z��BC�e�b�]`�OHE�f��~�O%��b�(c: �~9m#8 �^�W�y�V�냵 I��88/:��x^�)[p��ol�I!h�>d�� W.�T��`��3�#R�ͣ{x}��a��'��1�o��5z�wR��*�*��\5��l;lK&��U!��ʹ�ǽL�Ia"H�j

SystemFunction001

SystemFunction002

SystemFunction003

SystemFunction004

SystemFunction005

SystemFunction028

SystemFunction029

SystemFunction034

SystemFunction036

SystemFunction040

SystemFunction041

Sections

.text
Size: - Virtual size: 115KB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.HnE
Size: - Virtual size: 5.6MB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

."R/
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.2_.
Size: 8.6MB - Virtual size: 8.6MB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 233B

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

Copy to UFED4PC 7.60 Installation directory (Data file)/ufed copy to location DLL/hasp_net_windows.dll

.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

IMAGE_DLLCHARACTERISTICS_NO_SEH

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_LINE_NUMS_STRIPPED

IMAGE_FILE_LOCAL_SYMS_STRIPPED

IMAGE_FILE_32BIT_MACHINE

IMAGE_FILE_DLL

Imports

mscoree

_CorDllMain

Sections

.text
Size: - Virtual size: 301KB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

.MHV
Size: - Virtual size: 960KB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

.}c*
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.\17
Size: 715KB - Virtual size: 714KB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_DISCARDABLE

IMAGE_SCN_MEM_READ

Copy to UFED4PC 7.60 Installation directory (Data file)/ufed copy to location DLL/sntl_adminapi_net_windows.dll

.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

IMAGE_DLLCHARACTERISTICS_NO_SEH

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_LINE_NUMS_STRIPPED

IMAGE_FILE_LOCAL_SYMS_STRIPPED

IMAGE_FILE_32BIT_MACHINE

IMAGE_FILE_DLL

Imports

mscoree

_CorDllMain

Sections

.text
Size: - Virtual size: 56KB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

.!`]
Size: - Virtual size: 396KB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

.gsj
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.!8_
Size: 403KB - Virtual size: 402KB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_DISCARDABLE

IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Code Sign

03:a3:43:19:c7:07:88:13:c1:21:d6:74:4a:ba:05:7eCertificate

Extended Key Usages

Key Usages

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08Certificate

Extended Key Usages

Key Usages

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12Certificate

Extended Key Usages

Key Usages

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12Certificate

Extended Key Usages

Key Usages

73:6e:3e:85:c8:bd:d7:89:f7:49:ae:b7:62:f2:29:0d:59:7e:8b:b1:3b:da:83:9f:07:08:70:14:6f:ff:7d:00Signer

Headers

DLL Characteristics

File Characteristics

Exports

Exports

Sections

Size: 12KB - Virtual size: 28KB

Size: 7KB - Virtual size: 42KB

Size: 512B - Virtual size: 3KB

Size: 1024B - Virtual size: 1KB

Size: 2KB - Virtual size: 1KB

.edata Size: 35KB - Virtual size: 35KB

.idata Size: 512B - Virtual size: 4KB

.rsrc Size: 1KB - Virtual size: 4KB

.themida Size: - Virtual size: 3.5MB

.boot Size: 2.2MB - Virtual size: 2.2MB

Code Sign

03:a3:43:19:c7:07:88:13:c1:21:d6:74:4a:ba:05:7eCertificate

Extended Key Usages

Key Usages

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08Certificate

Extended Key Usages

Key Usages

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12Certificate

Extended Key Usages

Key Usages

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12Certificate

Extended Key Usages

Key Usages

e3:59:9f:d3:ab:4a:87:f2:a1:56:f5:e6:cd:46:81:c6:77:7a:08:97:5f:c7:6e:44:41:ff:aa:c1:4b:19:a9:3bSigner

Headers

DLL Characteristics

File Characteristics

Exports

Exports

Sections

Size: 219KB - Virtual size: 671KB

Size: 67KB - Virtual size: 159KB

Size: 2KB - Virtual size: 10KB

Size: 1024B - Virtual size: 1KB

Size: 21KB - Virtual size: 27KB

.edata Size: 10KB - Virtual size: 10KB

.idata Size: 2KB - Virtual size: 4KB

.tls Size: 512B - Virtual size: 4KB

.rsrc Size: 1KB - Virtual size: 4KB

.themida Size: - Virtual size: 3.9MB

.boot Size: 2.5MB - Virtual size: 2.5MB

.reloc Size: 16B - Virtual size: 4KB

Code Sign

03:a3:43:19:c7:07:88:13:c1:21:d6:74:4a:ba:05:7eCertificate

Extended Key Usages

Key Usages

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08Certificate

Extended Key Usages

Key Usages

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12Certificate

Extended Key Usages

Key Usages

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12Certificate

Extended Key Usages

Key Usages

03:a3:43:19:c7:07:88:13:c1:21:d6:74:4a:ba:05:7e
Certificate

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

73:6e:3e:85:c8:bd:d7:89:f7:49:ae:b7:62:f2:29:0d:59:7e:8b:b1:3b:da:83:9f:07:08:70:14:6f:ff:7d:00
Signer

.edata
Size: 35KB - Virtual size: 35KB

.idata
Size: 512B - Virtual size: 4KB

.rsrc
Size: 1KB - Virtual size: 4KB

.themida
Size: - Virtual size: 3.5MB

.boot
Size: 2.2MB - Virtual size: 2.2MB

03:a3:43:19:c7:07:88:13:c1:21:d6:74:4a:ba:05:7e
Certificate

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

e3:59:9f:d3:ab:4a:87:f2:a1:56:f5:e6:cd:46:81:c6:77:7a:08:97:5f:c7:6e:44:41:ff:aa:c1:4b:19:a9:3b
Signer

.edata
Size: 10KB - Virtual size: 10KB

.idata
Size: 2KB - Virtual size: 4KB

.tls
Size: 512B - Virtual size: 4KB

.rsrc
Size: 1KB - Virtual size: 4KB

.themida
Size: - Virtual size: 3.9MB

.boot
Size: 2.5MB - Virtual size: 2.5MB

.reloc
Size: 16B - Virtual size: 4KB

03:a3:43:19:c7:07:88:13:c1:21:d6:74:4a:ba:05:7e
Certificate

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

01:cc:95:d1:dd:93:74:60:0c:c7:58:2e:10:88:15:39:86:9c:32:11:a9:e1:a7:b4:01:a7:59:06:46:70:8a:f1
Signer

.edata
Size: 77KB - Virtual size: 77KB

.idata
Size: 2KB - Virtual size: 4KB

.tls
Size: 512B - Virtual size: 4KB

.rsrc
Size: 1KB - Virtual size: 4KB

.themida
Size: - Virtual size: 3.9MB

.boot
Size: 2.4MB - Virtual size: 2.4MB

.reloc
Size: 16B - Virtual size: 4KB

03:a3:43:19:c7:07:88:13:c1:21:d6:74:4a:ba:05:7e
Certificate

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

9d:e4:4b:02:75:e7:50:0a:c7:84:e7:60:29:a0:74:a3:b3:06:34:c9:a3:ae:87:1f:24:c6:63:39:9b:04:03:da
Signer

.edata
Size: 23KB - Virtual size: 23KB

.idata
Size: 1KB - Virtual size: 4KB

.tls
Size: 512B - Virtual size: 4KB

.rsrc
Size: 1KB - Virtual size: 4KB

.themida
Size: - Virtual size: 3.9MB

.boot
Size: 2.5MB - Virtual size: 2.5MB

.reloc
Size: 16B - Virtual size: 4KB

03:a3:43:19:c7:07:88:13:c1:21:d6:74:4a:ba:05:7e
Certificate

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

8f:0a:b9:c3:20:bf:3f:4c:7d:1d:96:ac:37:bb:06:e9:df:78:55:65:a8:36:41:36:b0:09:7d:b0:3d:c4:c2:4b
Signer