dexpot_1614_r2439[.]exe

resource
unpack001/$PLUGINSDIR/InstallOptions.dll
unpack001/$PLUGINSDIR/LangDLL.dll
unpack001/$PLUGINSDIR/System.dll
unpack001/$PLUGINSDIR/UAC.dll
unpack001/$PLUGINSDIR/nsDialogs.dll
unpack001/$R2/NSIS.Library.RegTool.v3.$_56_.exe
unpack001/plugins/zlibwapi.dll
unpack001/zlibwapi.dll

resource	yara_rule
sample	nsis_installer_1
sample	nsis_installer_2

dexpot_1614_r2439.exe

.exe windows:4 windows x86 arch:x86

b76363e9cb88bf9390860da8e50999d2

Code Sign

b0:18:0d:97:b7:4d:c8:a3:f1:98:ff:2c:70:e0:ae:b1
Certificate

Issuer

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

08/07/2019, 00:00

Not After

07/07/2022, 23:59

Subject

CN=Sebastian Brands und Patrick Dubbert (Dexpot GbR),OU=Sebastian Brands und Patrick Dubbert (Dexpot GbR),O=Sebastian Brands und Patrick Dubbert (Dexpot GbR),POSTALCODE=46487,STREET=Bergerfurth 38,L=Wesel,ST=NRW,C=DE,2.5.4.18=#13053436343837

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/11/2018, 00:00

Not After

31/12/2030, 23:59

Subject

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

3d:1a:35:72:30:15:82:63:30:d0:13:71:7e:82:41:08
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

02/05/2019, 00:00

Not After

01/08/2030, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #1,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

e2:8c:5b:c6:eb:87:22:a0:4a:5e:f3:11:db:bf:1a:98:02:cb:8a:56:df:a6:62:d4:ba:03:b0:be:71:84:76:36
Signer

Actual PE Digest

e2:8c:5b:c6:eb:87:22:a0:4a:5e:f3:11:db:bf:1a:98:02:cb:8a:56:df:a6:62:d4:ba:03:b0:be:71:84:76:36

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_LINE_NUMS_STRIPPED

IMAGE_FILE_LOCAL_SYMS_STRIPPED

IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetTickCount

GetShortPathNameA

GetFullPathNameA

MoveFileA

SetCurrentDirectoryA

GetFileAttributesA

SetFileAttributesA

CompareFileTime

SearchPathA

GetFileSize

GetModuleFileNameA

GetCurrentProcess

CopyFileA

ExitProcess

GetWindowsDirectoryA

GetTempPathA

Sleep

lstrcmpiA

GetVersion

SetErrorMode

lstrcpynA

GetDiskFreeSpaceA

GlobalUnlock

GlobalLock

CreateThread

GetLastError

CreateDirectoryA

CreateProcessA

RemoveDirectoryA

CreateFileA

GetTempFileNameA

lstrcatA

GetSystemDirectoryA

WaitForSingleObject

SetFileTime

CloseHandle

GlobalFree

lstrcmpA

ExpandEnvironmentStringsA

GetExitCodeProcess

GlobalAlloc

lstrlenA

GetCommandLineA

GetProcAddress

FindFirstFileA

FindNextFileA

DeleteFileA

SetFilePointer

ReadFile

FindClose

GetPrivateProfileStringA

WritePrivateProfileStringA

WriteFile

MulDiv

MultiByteToWideChar

LoadLibraryExA

GetModuleHandleA

FreeLibrary

user32

SetCursor

GetWindowRect

EnableMenuItem

GetSystemMenu

SetClassLongA

IsWindowEnabled

SetWindowPos

GetSysColor

EndDialog

ScreenToClient

LoadCursorA

CheckDlgButton

GetMessagePos

LoadBitmapA

CallWindowProcA

IsWindowVisible

CloseClipboard

SetForegroundWindow

GetWindowLongA

RegisterClassA

TrackPopupMenu

AppendMenuA

CreatePopupMenu

GetSystemMetrics

SetDlgItemTextA

GetDlgItemTextA

MessageBoxIndirectA

CharPrevA

DispatchMessageA

PeekMessageA

GetDC

EnableWindow

InvalidateRect

SendMessageA

DefWindowProcA

BeginPaint

GetClientRect

FillRect

DrawTextA

SystemParametersInfoA

CreateWindowExA

GetClassInfoA

DialogBoxParamA

CharNextA

ExitWindowsEx

SetTimer

PostQuitMessage

SetWindowLongA

SendMessageTimeoutA

LoadImageA

wsprintfA

GetDlgItem

FindWindowExA

IsWindow

SetClipboardData

EmptyClipboard

OpenClipboard

EndPaint

CreateDialogParamA

DestroyWindow

ShowWindow

SetWindowTextA

gdi32

SelectObject

SetBkMode

CreateFontIndirectA

SetTextColor

DeleteObject

GetDeviceCaps

CreateBrushIndirect

SetBkColor

shell32

SHGetSpecialFolderLocation

SHGetPathFromIDListA

SHBrowseForFolderA

SHGetFileInfoA

SHFileOperationA

ShellExecuteA

advapi32

RegDeleteValueA

SetFileSecurityA

RegOpenKeyExA

RegDeleteKeyA

RegEnumValueA

RegCloseKey

RegCreateKeyExA

RegSetValueExA

RegQueryValueExA

RegEnumKeyA

comctl32

ImageList_AddMasked

ImageList_Destroy

ImageList_Create

ord17

ole32

OleUninitialize

OleInitialize

CoTaskMemFree

CoCreateInstance

Sections

.text
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 151KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 92KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.rsrc
Size: 62KB - Virtual size: 62KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

$PLUGINSDIR/InstallOptions.dll

.dll windows:4 windows x86 arch:x86

738dc9bb91549f627cf1953c2000e1d6

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_LINE_NUMS_STRIPPED

IMAGE_FILE_LOCAL_SYMS_STRIPPED

IMAGE_FILE_32BIT_MACHINE

IMAGE_FILE_DLL

Imports

kernel32

GetCurrentDirectoryA

MultiByteToWideChar

SetCurrentDirectoryA

GetPrivateProfileStringA

GetPrivateProfileIntA

GetModuleHandleA

lstrcmpiA

lstrcatA

lstrcpynA

WritePrivateProfileStringA

lstrlenA

lstrcpyA

GlobalFree

GlobalAlloc

GlobalUnlock

GlobalLock

user32

GetDlgCtrlID

CloseClipboard

GetClipboardData

MapWindowPoints

LoadCursorA

GetClientRect

SetWindowRgn

LoadIconA

GetWindowLongA

SetWindowLongA

CreateWindowExA

MapDialogRect

SetWindowPos

GetWindowRect

CreateDialogParamA

ShowWindow

SetCursor

PtInRect

EnableWindow

GetDlgItem

DestroyIcon

DestroyWindow

DispatchMessageA

TranslateMessage

GetMessageA

IsDialogMessageA

DrawFocusRect

CallWindowProcA

PostMessageA

MessageBoxA

CharNextA

wsprintfA

GetWindowTextA

SetWindowTextA

SendMessageA

EnableMenuItem

DrawTextA

GetSystemMenu

OpenClipboard

LoadImageA

gdi32

SetTextColor

DeleteObject

CombineRgn

CreateRectRgn

GetDIBits

SelectObject

CreateCompatibleDC

GetObjectA

shell32

SHGetPathFromIDListA

ShellExecuteA

SHBrowseForFolderA

SHGetDesktopFolder

comdlg32

GetOpenFileNameA

GetSaveFileNameA

CommDlgExtendedError

ole32

CoTaskMemFree

Exports

dialog

initDialog

show

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_DISCARDABLE

IMAGE_SCN_MEM_READ

$PLUGINSDIR/LangDLL.dll

.dll windows:4 windows x86 arch:x86

4e5f0ae8071ae04cdb537283701198ff

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_LINE_NUMS_STRIPPED

IMAGE_FILE_LOCAL_SYMS_STRIPPED

IMAGE_FILE_32BIT_MACHINE

IMAGE_FILE_DLL

Imports

kernel32

GetACP

GlobalFree

GetModuleHandleA

lstrcpynA

lstrcmpA

MulDiv

GlobalAlloc

lstrlenA

lstrcpyA

user32

SetDlgItemTextA

SendDlgItemMessageA

EndDialog

DialogBoxParamA

SetWindowTextA

LoadIconA

SendMessageA

ShowWindow

GetDC

gdi32

DeleteObject

CreateFontIndirectA

GetDeviceCaps

Exports

LangDialog

Sections

.text
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 697B

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 352B

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 320B

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_DISCARDABLE

IMAGE_SCN_MEM_READ

$PLUGINSDIR/System.dll

.dll windows:4 windows x86 arch:x86

f2ac1ab587d5531d5f1bf76c094aef4c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_LINE_NUMS_STRIPPED

IMAGE_FILE_LOCAL_SYMS_STRIPPED

IMAGE_FILE_32BIT_MACHINE

IMAGE_FILE_DLL

Imports

kernel32

MultiByteToWideChar

GlobalFree

GlobalSize

GetLastError

lstrcpyA

lstrcpynA

FreeLibrary

lstrcatA

GetProcAddress

LoadLibraryA

GetModuleHandleA

GlobalAlloc

lstrlenA

WideCharToMultiByte

VirtualAlloc

VirtualProtect

user32

wsprintfA

ole32

StringFromGUID2

CLSIDFromString

Exports

Alloc

Call

Copy

Free

Get

Int64Op

Store

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 784B

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 100B

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 510B

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_DISCARDABLE

IMAGE_SCN_MEM_READ

$PLUGINSDIR/UAC.dll

.dll windows:4 windows x86 arch:x86

2274cc1534607459cdd304a928601ef9

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_LINE_NUMS_STRIPPED

IMAGE_FILE_LOCAL_SYMS_STRIPPED

IMAGE_FILE_32BIT_MACHINE

IMAGE_FILE_DLL

Imports

kernel32

CreateProcessA

GlobalAlloc

lstrlenA

lstrcpynA

GetVersionExA

lstrcmpiA

GetCurrentThreadId

LoadLibraryA

FreeLibrary

GetLastError

GetExitCodeProcess

WaitForSingleObject

DuplicateHandle

Sleep

GetCurrentProcessId

CreateThread

GetCommandLineA

OpenProcess

MultiByteToWideChar

FormatMessageA

LocalFree

GlobalFree

CloseHandle

SetLastError

GetModuleFileNameA

GetPrivateProfileIntA

GetPrivateProfileStringA

GetProcAddress

GetModuleHandleA

user32

SendMessageW

DialogBoxParamA

CharNextA

UnhookWindowsHookEx

CallNextHookEx

GetClassNameA

SetWindowsHookExA

SendMessageTimeoutA

WaitForInputIdle

DefWindowProcA

PostMessageA

GetLastActivePopup

PostQuitMessage

SetForegroundWindow

DispatchMessageA

GetMessageA

CreateWindowExA

RegisterClassA

UnregisterClassA

GetWindowTextA

TranslateMessage

IsDialogMessageA

PeekMessageA

MsgWaitForMultipleObjects

IsWindow

GetWindowThreadProcessId

MessageBoxA

SetWindowLongA

LoadImageA

DestroyWindow

GetWindowLongA

EnableWindow

ShowWindow

SetWindowTextA

wsprintfA

GetDlgItem

SendMessageA

LoadStringA

EndDialog

advapi32

RegCloseKey

QueryServiceStatus

OpenServiceA

CloseServiceHandle

OpenSCManagerA

OpenProcessToken

RegQueryValueExA

RegOpenKeyExA

shell32

ShellExecuteExA

ole32

CoInitialize

CoUninitialize

Exports

Exec

ExecCodeSegment

ExecWait

GetElevationType

GetOuterHwnd

GetShellFolderPath

IsAdmin

RunElevated

ShellExec

ShellExecWait

StackPush

SupportsUAC

Unload

Sections

.text
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 488B

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_DISCARDABLE

IMAGE_SCN_MEM_READ

$PLUGINSDIR/dexpot.ini

$PLUGINSDIR/modern-header.bmp

$PLUGINSDIR/modern-wizard.bmp

$PLUGINSDIR/nsDialogs.dll

.dll windows:4 windows x86 arch:x86

f03b2bab186574d8892d3d73fa9fd3fd

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_LINE_NUMS_STRIPPED

IMAGE_FILE_LOCAL_SYMS_STRIPPED

IMAGE_FILE_32BIT_MACHINE

IMAGE_FILE_DLL

Imports

kernel32

GetFileAttributesA

lstrcmpiA

MulDiv

lstrlenA

lstrcpyA

GetCurrentDirectoryA

HeapFree

HeapAlloc

HeapReAlloc

GlobalFree

lstrcpynA

GlobalAlloc

SetCurrentDirectoryA

GetProcessHeap

user32

DestroyWindow

CallWindowProcA

SetCursor

LoadCursorA

GetPropA

CharPrevA

MapWindowPoints

GetWindowLongA

DrawTextA

GetClientRect

GetDlgItem

SetWindowLongA

SetWindowPos

CreateDialogParamA

MapDialogRect

GetWindowRect

SetPropA

CreateWindowExA

IsWindow

SetTimer

KillTimer

DispatchMessageA

TranslateMessage

GetMessageA

IsDialogMessageA

ShowWindow

wsprintfA

CharNextA

SendMessageA

RemovePropA

DrawFocusRect

GetWindowTextA

gdi32

SetTextColor

shell32

SHBrowseForFolderA

SHGetPathFromIDListA

comdlg32

GetSaveFileNameA

GetOpenFileNameA

CommDlgExtendedError

ole32

CoTaskMemFree

Exports

Create

CreateControl

CreateItem

CreateTimer

GetUserData

KillTimer

OnBack

OnChange

OnClick

OnNotify

SelectFileDialog

SelectFolderDialog

SetRTL

SetUserData

Show

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 572B

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_DISCARDABLE

IMAGE_SCN_MEM_READ

$R0

.dll regsvr32 windows:4 windows x86 arch:x86

fe3e00b55ce38538da3f709132445d8e

Code Sign

61:19:cc:93:00:01:00:00:00:66
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

10/10/2011, 20:32

Not After

10/01/2013, 20:32

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:05:13:36:00:00:00:00:00:1a
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

25/07/2011, 20:42

Not After

25/10/2012, 20:42

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:159C-A3F7-2570,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

61:33:26:1a:00:00:00:00:00:31
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

31/08/2010, 22:19

Not After

31/08/2020, 22:29

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03/04/2007, 12:53

Not After

03/04/2021, 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

99:62:75:37:aa:09:43:91:6f:df:53:cd:c9:a0:5f:34:d1:cc:bd:49
Signer

Actual PE Digest

99:62:75:37:aa:09:43:91:6f:df:53:cd:c9:a0:5f:34:d1:cc:bd:49

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_32BIT_MACHINE

IMAGE_FILE_DEBUG_STRIPPED

IMAGE_FILE_DLL

Imports

kernel32

CreateThread

MulDiv

GetTickCount

LocalReAlloc

GetProfileIntA

RtlMoveMemory

lstrcatA

LocalSize

Sleep

GetCurrentProcessId

GetSystemDefaultLCID

MapViewOfFile

CreateFileMappingA

UnmapViewOfFile

GlobalReAlloc

IsBadReadPtr

WaitForSingleObject

GlobalHandle

GetThreadLocale

LocalFree

LocalAlloc

GlobalAddAtomA

SetFilePointer

SetStdHandle

FlushFileBuffers

VirtualAlloc

WriteFile

VirtualFree

HeapCreate

HeapDestroy

GetEnvironmentStringsW

GetEnvironmentStrings

FreeEnvironmentStringsW

FreeEnvironmentStringsA

GetOEMCP

GetACP

GetCPInfo

GetStartupInfoA

GetFileType

GetStdHandle

SetHandleCount

TlsGetValue

SetLastError

TlsFree

TlsAlloc

TlsSetValue

GetCurrentProcess

TerminateProcess

ExitProcess

RtlUnwind

GetCommandLineA

CompareStringW

GlobalSize

CreateFileA

GetFileSize

GlobalUnlock

GlobalLock

ReadFile

CloseHandle

IsDBCSLeadByte

GetModuleHandleA

FindResourceA

LoadResource

LockResource

GetLastError

GetFileAttributesA

GetVersion

DisableThreadLibraryCalls

GetProcAddress

GetLocaleInfoA

LoadLibraryA

GetWindowsDirectoryA

GetModuleFileNameA

IsBadWritePtr

lstrcmpiA

GetLocalTime

GetTimeFormatA

GetDateFormatA

lstrcmpA

lstrcpynA

lstrcpyA

GlobalAlloc

GlobalFree

GetVersionExA

GetCurrentThreadId

MultiByteToWideChar

CompareStringA

InterlockedExchange

lstrlenA

HeapReAlloc

InterlockedDecrement

InterlockedIncrement

GetProcessHeap

EnterCriticalSection

LeaveCriticalSection

HeapAlloc

lstrlenW

WideCharToMultiByte

HeapFree

FreeLibrary

DeleteCriticalSection

FreeResource

InitializeCriticalSection

user32

GetDesktopWindow

EnumChildWindows

GetDoubleClickTime

CopyRect

DrawFocusRect

AdjustWindowRect

DrawFrameControl

TrackPopupMenu

GetMessageA

SetRectEmpty

AdjustWindowRectEx

GetKeyNameTextA

ShowCaret

SetCaretPos

GrayStringA

HideCaret

DestroyCaret

CreateCaret

SetWindowTextA

SetScrollInfo

DrawTextExA

InvertRect

GetShellWindow

SetKeyboardState

GetKeyboardState

GetScrollInfo

GetKeyboardLayout

DestroyCursor

GetUpdateRgn

GetUpdateRect

GetWindowRgn

ValidateRect

CallMsgFilterA

LockWindowUpdate

IsZoomed

CharNextExA

GetIconInfo

GetCursor

GetForegroundWindow

InvalidateRgn

GetDCEx

DeferWindowPos

BeginDeferWindowPos

FindWindowA

GetMessageTime

GetWindowThreadProcessId

RemovePropA

SendNotifyMessageA

SetScrollPos

SetScrollRange

GetWindowTextLengthA

EnableScrollBar

ChildWindowFromPoint

LoadStringA

SendMessageA

CopyImage

GetSystemMetrics

LoadIconA

InvalidateRect

RegisterClassA

GetClassInfoA

ReleaseCapture

GetCapture

GetKeyState

DrawTextA

SetActiveWindow

CheckRadioButton

SetFocus

IsDlgButtonChecked

SetDlgItemTextA

SetDlgItemInt

CheckDlgButton

GetDlgItem

IsWindowEnabled

SendDlgItemMessageA

DrawIconEx

UnregisterClassA

CreateIconIndirect

SystemParametersInfoA

IsIconic

GetWindowPlacement

GetClipboardFormatNameA

SetCursorPos

RegisterClipboardFormatA

MessageBeep

RegisterWindowMessageA

PeekMessageA

PostMessageW

PeekMessageW

VkKeyScanA

CreateAcceleratorTableA

CharNextA

RedrawWindow

SetCursor

CreateDialogIndirectParamA

GetNextDlgTabItem

IsDialogMessageA

ScrollWindowEx

ShowWindow

SetWindowRgn

IntersectRect

EqualRect

MoveWindow

BeginPaint

EndPaint

SetParent

IsWindowVisible

EndDeferWindowPos

FillRect

InflateRect

GetDlgItemTextA

GetDlgItemInt

EndDialog

GetWindow

GetPropA

GetCursorPos

WindowFromPoint

GetClassNameA

GetDlgCtrlID

IsWindow

SetPropA

SetTimer

KillTimer

DrawIcon

DestroyIcon

MapWindowPoints

CreatePopupMenu

AppendMenuA

TrackPopupMenuEx

DestroyMenu

GetActiveWindow

MessageBoxA

WinHelpA

PtInRect

DefWindowProcA

GetWindowDC

SetRect

LoadCursorA

IsRectEmpty

ClientToScreen

GetWindowRect

MapVirtualKeyA

DestroyWindow

CreateWindowExA

GetSysColorBrush

GetAsyncKeyState

EnableWindow

PostMessageA

TranslateMessage

DispatchMessageA

wsprintfA

DialogBoxParamA

UpdateWindow

GetWindowLongA

SetWindowLongA

GetDC

ReleaseDC

GetParent

OffsetRect

UnionRect

GetFocus

IsChild

CallNextHookEx

UnhookWindowsHookEx

SetWindowsHookExA

GetMessagePos

ScreenToClient

SetWindowPos

SetCapture

GetWindowTextA

WindowFromDC

GetClientRect

CallWindowProcA

DrawEdge

GetSysColor

FrameRect

CharUpperA

ole32

ReleaseStgMedium

DoDragDrop

RegisterDragDrop

RevokeDragDrop

OleLoadFromStream

OleSaveToStream

CreateOleAdviseHolder

CoTaskMemAlloc

CoTaskMemFree

CoCreateInstance

CreateStreamOnHGlobal

advapi32

RegCreateKeyExA

RegDeleteValueA

RegCloseKey

RegSetValueExA

RegOpenKeyExA

RegDeleteKeyA

RegEnumKeyExA

RegQueryValueExA

RegQueryValueA

oleaut32

VariantClear

SafeArrayCopy

SafeArrayRedim

SafeArrayPutElement

SafeArrayGetElement

SafeArrayCreate

SafeArrayDestroy

SafeArrayGetLBound

SafeArrayGetUBound

SafeArrayAccessData

SafeArrayUnaccessData

GetErrorInfo

OleCreateFontIndirect

OleCreatePropertyFrame

LoadTypeLibEx

UnRegisterTypeLi

RegisterTypeLi

CreateErrorInfo

SetErrorInfo

LoadRegTypeLi

LoadTypeLi

VariantChangeTypeEx

SysStringByteLen

SysAllocStringByteLen

OleLoadPicture

SysAllocStringLen

VariantCopy

OleTranslateColor

VariantChangeType

OleCreatePictureIndirect

VariantCopyInd

SysStringLen

SysFreeString

VariantInit

SysAllocString

comdlg32

GetOpenFileNameA

gdi32

DeleteObject

SelectObject

CreateSolidBrush

SetViewportOrgEx

SetWindowOrgEx

SetViewportExtEx

SetWindowExtEx

SetMapMode

GetDeviceCaps

CreateFontIndirectA

GetObjectA

SelectClipRgn

ExcludeClipRect

RectVisible

GetClipBox

IntersectClipRect

GetClipRgn

CreateRectRgnIndirect

RealizePalette

SelectPalette

PatBlt

CreateCompatibleBitmap

CreateBitmap

CreateCompatibleDC

GetTextExtentPoint32A

TextOutA

SetBkColor

SetTextColor

SetBkMode

Rectangle

CreatePen

GetStockObject

GetViewportExtEx

GetWindowExtEx

LPtoDP

DeleteDC

CreateDCA

CreateRectRgn

StretchBlt

CreateICA

CopyMetaFileA

CopyEnhMetaFileA

GetPaletteEntries

GetDIBits

CreateDIBitmap

GetBitmapBits

CreatePalette

GetNearestColor

CreatePatternBrush

CreateDIBSection

CreateHalftonePalette

BitBlt

SetDIBColorTable

GetDIBColorTable

GetPixel

StretchDIBits

SetBrushOrgEx

GetBkColor

ExtTextOutA

RestoreDC

SaveDC

CreateFontA

GetCharWidthA

GetTextExtentPointA

Arc

Ellipse

LineTo

MoveToEx

GetTextMetricsA

CombineRgn

GetTextColor

OffsetRgn

SetTextAlign

GetTextAlign

Polyline

GetTextExtentPointW

ExtTextOutW

OffsetWindowOrgEx

Exports

DLLGetDocumentation

DllCanUnloadNow

DllGetClassObject

DllRegisterServer

DllUnregisterServer

Sections

.text
Size: 676KB - Virtual size: 673KB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

.data
Size: 28KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.rsrc
Size: 284KB - Virtual size: 281KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.reloc
Size: 44KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_DISCARDABLE

IMAGE_SCN_MEM_READ

$R2/NSIS.Library.RegTool.v3.$_56_.exe

.exe windows:4 windows x86 arch:x86

d16ab3022432d93d45fa93eaa0c2bbd3

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_LINE_NUMS_STRIPPED

IMAGE_FILE_LOCAL_SYMS_STRIPPED

IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetProcAddress

CloseHandle

CreateProcessA

GetSystemDirectoryA

FreeLibrary

LoadLibraryExA

MultiByteToWideChar

lstrcmpiA

lstrlenA

GetCommandLineA

WaitForSingleObject

UnmapViewOfFile

lstrcpyA

MapViewOfFile

CreateFileMappingA

SetErrorMode

CreateFileA

lstrcatA

GetWindowsDirectoryA

GetShortPathNameA

GetModuleFileNameA

ExitProcess

GetModuleHandleA

SetEndOfFile

SetFilePointer

GetFileSize

oleaut32

LoadTypeLi

RegisterTypeLi

advapi32

RegCloseKey

RegDeleteKeyA

RegQueryValueExA

RegOpenKeyExA

RegEnumKeyA

user32

wsprintfA

CharNextA

ole32

OleInitialize

OleUninitialize

Sections

.text
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

Dexpot.dll

.dll windows:5 windows x86 arch:x86

44b45dd7d9a8121f3db992d0eb6bd81c

Code Sign

b0:18:0d:97:b7:4d:c8:a3:f1:98:ff:2c:70:e0:ae:b1
Certificate

Issuer

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

08/07/2019, 00:00

Not After

07/07/2022, 23:59

Subject

CN=Sebastian Brands und Patrick Dubbert (Dexpot GbR),OU=Sebastian Brands und Patrick Dubbert (Dexpot GbR),O=Sebastian Brands und Patrick Dubbert (Dexpot GbR),POSTALCODE=46487,STREET=Bergerfurth 38,L=Wesel,ST=NRW,C=DE,2.5.4.18=#13053436343837

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/11/2018, 00:00

Not After

31/12/2030, 23:59

Subject

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

3d:1a:35:72:30:15:82:63:30:d0:13:71:7e:82:41:08
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

02/05/2019, 00:00

Not After

01/08/2030, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #1,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

c7:b3:20:4a:bc:63:44:3c:e8:39:5d:19:d4:af:76:4f:37:4f:a1:e4:e1:65:83:0e:d7:c4:79:65:11:81:6f:3d
Signer

Actual PE Digest

c7:b3:20:4a:bc:63:44:3c:e8:39:5d:19:d4:af:76:4f:37:4f:a1:e4:e1:65:83:0e:d7:c4:79:65:11:81:6f:3d

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_32BIT_MACHINE

IMAGE_FILE_DLL

Imports

winmm

PlaySoundW

kernel32

IsProcessorFeaturePresent

GetACP

GetProcAddress

MapViewOfFile

CreateFileMappingW

VirtualAllocEx

OpenProcess

UnmapViewOfFile

CloseHandle

VirtualFreeEx

GetVersionExW

LoadLibraryW

WriteProcessMemory

ReadProcessMemory

HeapFree

GetProcessHeap

FreeLibrary

HeapAlloc

SetEnvironmentVariableA

GetTimeZoneInformation

CompareStringW

GetDateFormatA

GetTimeFormatA

InterlockedCompareExchange

SetEndOfFile

CreateFileW

SetStdHandle

WriteConsoleW

GetModuleFileNameW

IsValidLocale

EnumSystemLocalesA

GetLocaleInfoA

GetUserDefaultLCID

HeapReAlloc

GetLocaleInfoW

GetStringTypeW

IsValidCodePage

GetSystemTimeAsFileTime

GetCurrentProcessId

InterlockedIncrement

InterlockedDecrement

Sleep

InterlockedExchange

InitializeCriticalSection

DeleteCriticalSection

EnterCriticalSection

LeaveCriticalSection

EncodePointer

DecodePointer

RaiseException

RtlUnwind

GetLastError

GetCurrentThreadId

GetCommandLineA

WideCharToMultiByte

LCMapStringW

MultiByteToWideChar

GetCPInfo

GetTickCount

TerminateProcess

GetCurrentProcess

UnhandledExceptionFilter

SetUnhandledExceptionFilter

IsDebuggerPresent

TlsAlloc

TlsGetValue

TlsSetValue

TlsFree

GetModuleHandleW

SetLastError

HeapCreate

HeapDestroy

SetHandleCount

GetStdHandle

InitializeCriticalSectionAndSpinCount

GetFileType

GetStartupInfoW

ExitProcess

WriteFile

GetConsoleCP

GetConsoleMode

FlushFileBuffers

HeapSize

ReadFile

SetFilePointer

GetModuleFileNameA

FreeEnvironmentStringsW

GetEnvironmentStringsW

QueryPerformanceCounter

GetOEMCP

user32

GetClassNameA

GetWindowLongW

RemovePropW

SetPropW

GetPropW

GetForegroundWindow

SendMessageTimeoutW

SendNotifyMessageW

InvalidateRect

UpdateWindow

SendMessageW

RegisterWindowMessageW

IsWindow

FindWindowW

GetWindow

EnumWindows

FindWindowExW

GetWindowThreadProcessId

UnhookWindowsHookEx

SetWindowsHookExW

oleaut32

SysAllocString

shell32

ord232

Exports

??0?$oserializer@Vbinary_oarchive@archive@boost@@U?$pair@$$CBKVWnd@@@std@@@detail@archive@boost@@QAE@XZ

??0?$oserializer@Vbinary_oarchive@archive@boost@@V?$map@KVWnd@@U?$less@K@std@@V?$allocator@U?$pair@$$CBKVWnd@@@std@@@3@@std@@@detail@archive@boost@@QAE@XZ

??0?$oserializer@Vbinary_oarchive@archive@boost@@V?$vector@JV?$allocator@J@std@@@std@@@detail@archive@boost@@QAE@XZ

??0?$oserializer@Vbinary_oarchive@archive@boost@@VWnd@@@detail@archive@boost@@QAE@XZ

??_B?1??get_instance@?$singleton@V?$extended_type_info_typeid@U?$pair@$$CBKVWnd@@@std@@@serialization@boost@@@serialization@boost@@CAAAV?$extended_type_info_typeid@U?$pair@$$CBKVWnd@@@std@@@23@XZ@51

??_B?1??get_instance@?$singleton@V?$extended_type_info_typeid@V?$map@KVWnd@@U?$less@K@std@@V?$allocator@U?$pair@$$CBKVWnd@@@std@@@3@@std@@@serialization@boost@@@serialization@boost@@CAAAV?$extended_type_info_typeid@V?$map@KVWnd@@U?$less@K@std@@V?$allocator@U?$pair@$$CBKVWnd@@@std@@@3@@std@@@23@XZ@51

??_B?1??get_instance@?$singleton@V?$extended_type_info_typeid@V?$vector@JV?$allocator@J@std@@@std@@@serialization@boost@@@serialization@boost@@CAAAV?$extended_type_info_typeid@V?$vector@JV?$allocator@J@std@@@std@@@23@XZ@51

??_B?1??get_instance@?$singleton@V?$extended_type_info_typeid@VWnd@@@serialization@boost@@@serialization@boost@@CAAAV?$extended_type_info_typeid@VWnd@@@23@XZ@51

??_B?1??get_instance@?$singleton@V?$iserializer@Vbinary_iarchive@archive@boost@@U?$pair@$$CBKVWnd@@@std@@@detail@archive@boost@@@serialization@boost@@CAAAV?$iserializer@Vbinary_iarchive@archive@boost@@U?$pair@$$CBKVWnd@@@std@@@detail@archive@3@XZ@51

??_B?1??get_instance@?$singleton@V?$iserializer@Vbinary_iarchive@archive@boost@@V?$map@KVWnd@@U?$less@K@std@@V?$allocator@U?$pair@$$CBKVWnd@@@std@@@3@@std@@@detail@archive@boost@@@serialization@boost@@CAAAV?$iserializer@Vbinary_iarchive@archive@boost@@V?$map@KVWnd@@U?$less@K@std@@V?$allocator@U?$pair@$$CBKVWnd@@@std@@@3@@std@@@detail@archive@3@XZ@51

??_B?1??get_instance@?$singleton@V?$iserializer@Vbinary_iarchive@archive@boost@@V?$vector@JV?$allocator@J@std@@@std@@@detail@archive@boost@@@serialization@boost@@CAAAV?$iserializer@Vbinary_iarchive@archive@boost@@V?$vector@JV?$allocator@J@std@@@std@@@detail@archive@3@XZ@51

??_B?1??get_instance@?$singleton@V?$iserializer@Vbinary_iarchive@archive@boost@@VWnd@@@detail@archive@boost@@@serialization@boost@@CAAAV?$iserializer@Vbinary_iarchive@archive@boost@@VWnd@@@detail@archive@3@XZ@51

??_B?1??get_instance@?$singleton@V?$map@Vbinary_iarchive@archive@boost@@@extra_detail@detail@archive@boost@@@serialization@boost@@CAAAV?$map@Vbinary_iarchive@archive@boost@@@extra_detail@detail@archive@3@XZ@51

??_B?1??get_instance@?$singleton@V?$map@Vbinary_oarchive@archive@boost@@@extra_detail@detail@archive@boost@@@serialization@boost@@CAAAV?$map@Vbinary_oarchive@archive@boost@@@extra_detail@detail@archive@3@XZ@51

??_B?1??get_instance@?$singleton@V?$map@Vnaked_binary_iarchive@archive@boost@@@extra_detail@detail@archive@boost@@@serialization@boost@@CAAAV?$map@Vnaked_binary_iarchive@archive@boost@@@extra_detail@detail@archive@3@XZ@51

??_B?1??get_instance@?$singleton@V?$multiset@PBVextended_type_info@serialization@boost@@Ukey_compare@detail@23@V?$allocator@PBVextended_type_info@serialization@boost@@@std@@@std@@@serialization@boost@@CAAAV?$multiset@PBVextended_type_info@serialization@boost@@Ukey_compare@detail@23@V?$allocator@PBVextended_type_info@serialization@boost@@@std@@@std@@XZ@51

??_B?1??get_instance@?$singleton@V?$multiset@PBVextended_type_info_typeid_0@typeid_system@serialization@boost@@Utype_compare@234@V?$allocator@PBVextended_type_info_typeid_0@typeid_system@serialization@boost@@@std@@@std@@@serialization@boost@@CAAAV?$multiset@PBVextended_type_info_typeid_0@typeid_system@serialization@boost@@Utype_compare@234@V?$allocator@PBVextended_type_info_typeid_0@typeid_system@serialization@boost@@@std@@@std@@XZ@51

??_B?1??get_instance@?$singleton@V?$oserializer@Vbinary_oarchive@archive@boost@@U?$pair@$$CBKVWnd@@@std@@@detail@archive@boost@@@serialization@boost@@CAAAV?$oserializer@Vbinary_oarchive@archive@boost@@U?$pair@$$CBKVWnd@@@std@@@detail@archive@3@XZ@51

??_B?1??get_instance@?$singleton@V?$oserializer@Vbinary_oarchive@archive@boost@@V?$map@KVWnd@@U?$less@K@std@@V?$allocator@U?$pair@$$CBKVWnd@@@std@@@3@@std@@@detail@archive@boost@@@serialization@boost@@CAAAV?$oserializer@Vbinary_oarchive@archive@boost@@V?$map@KVWnd@@U?$less@K@std@@V?$allocator@U?$pair@$$CBKVWnd@@@std@@@3@@std@@@detail@archive@3@XZ@51

??_B?1??get_instance@?$singleton@V?$oserializer@Vbinary_oarchive@archive@boost@@V?$vector@JV?$allocator@J@std@@@std@@@detail@archive@boost@@@serialization@boost@@CAAAV?$oserializer@Vbinary_oarchive@archive@boost@@V?$vector@JV?$allocator@J@std@@@std@@@detail@archive@3@XZ@51

??_B?1??get_instance@?$singleton@V?$oserializer@Vbinary_oarchive@archive@boost@@VWnd@@@detail@archive@boost@@@serialization@boost@@CAAAV?$oserializer@Vbinary_oarchive@archive@boost@@VWnd@@@detail@archive@3@XZ@51

??_B?1??get_instance@?$singleton@V?$set@PBVvoid_caster@void_cast_detail@serialization@boost@@Uvoid_caster_compare@234@V?$allocator@PBVvoid_caster@void_cast_detail@serialization@boost@@@std@@@std@@@serialization@boost@@CAAAV?$set@PBVvoid_caster@void_cast_detail@serialization@boost@@Uvoid_caster_compare@234@V?$allocator@PBVvoid_caster@void_cast_detail@serialization@boost@@@std@@@std@@XZ@51

?get_const_instance@?$singleton@V?$extended_type_info_typeid@U?$pair@$$CBKVWnd@@@std@@@serialization@boost@@@serialization@boost@@SAABV?$extended_type_info_typeid@U?$pair@$$CBKVWnd@@@std@@@23@XZ

?get_const_instance@?$singleton@V?$extended_type_info_typeid@V?$map@KVWnd@@U?$less@K@std@@V?$allocator@U?$pair@$$CBKVWnd@@@std@@@3@@std@@@serialization@boost@@@serialization@boost@@SAABV?$extended_type_info_typeid@V?$map@KVWnd@@U?$less@K@std@@V?$allocator@U?$pair@$$CBKVWnd@@@std@@@3@@std@@@23@XZ

?get_const_instance@?$singleton@V?$extended_type_info_typeid@V?$vector@JV?$allocator@J@std@@@std@@@serialization@boost@@@serialization@boost@@SAABV?$extended_type_info_typeid@V?$vector@JV?$allocator@J@std@@@std@@@23@XZ

?get_const_instance@?$singleton@V?$extended_type_info_typeid@VWnd@@@serialization@boost@@@serialization@boost@@SAABV?$extended_type_info_typeid@VWnd@@@23@XZ

?get_const_instance@?$singleton@V?$iserializer@Vbinary_iarchive@archive@boost@@U?$pair@$$CBKVWnd@@@std@@@detail@archive@boost@@@serialization@boost@@SAABV?$iserializer@Vbinary_iarchive@archive@boost@@U?$pair@$$CBKVWnd@@@std@@@detail@archive@3@XZ

?get_const_instance@?$singleton@V?$iserializer@Vbinary_iarchive@archive@boost@@V?$map@KVWnd@@U?$less@K@std@@V?$allocator@U?$pair@$$CBKVWnd@@@std@@@3@@std@@@detail@archive@boost@@@serialization@boost@@SAABV?$iserializer@Vbinary_iarchive@archive@boost@@V?$map@KVWnd@@U?$less@K@std@@V?$allocator@U?$pair@$$CBKVWnd@@@std@@@3@@std@@@detail@archive@3@XZ

?get_const_instance@?$singleton@V?$iserializer@Vbinary_iarchive@archive@boost@@V?$vector@JV?$allocator@J@std@@@std@@@detail@archive@boost@@@serialization@boost@@SAABV?$iserializer@Vbinary_iarchive@archive@boost@@V?$vector@JV?$allocator@J@std@@@std@@@detail@archive@3@XZ

?get_const_instance@?$singleton@V?$iserializer@Vbinary_iarchive@archive@boost@@VWnd@@@detail@archive@boost@@@serialization@boost@@SAABV?$iserializer@Vbinary_iarchive@archive@boost@@VWnd@@@detail@archive@3@XZ

?get_const_instance@?$singleton@V?$map@Vbinary_iarchive@archive@boost@@@extra_detail@detail@archive@boost@@@serialization@boost@@SAABV?$map@Vbinary_iarchive@archive@boost@@@extra_detail@detail@archive@3@XZ

?get_const_instance@?$singleton@V?$map@Vbinary_oarchive@archive@boost@@@extra_detail@detail@archive@boost@@@serialization@boost@@SAABV?$map@Vbinary_oarchive@archive@boost@@@extra_detail@detail@archive@3@XZ

?get_const_instance@?$singleton@V?$map@Vnaked_binary_iarchive@archive@boost@@@extra_detail@detail@archive@boost@@@serialization@boost@@SAABV?$map@Vnaked_binary_iarchive@archive@boost@@@extra_detail@detail@archive@3@XZ

?get_const_instance@?$singleton@V?$multiset@PBVextended_type_info@serialization@boost@@Ukey_compare@detail@23@V?$allocator@PBVextended_type_info@serialization@boost@@@std@@@std@@@serialization@boost@@SAABV?$multiset@PBVextended_type_info@serialization@boost@@Ukey_compare@detail@23@V?$allocator@PBVextended_type_info@serialization@boost@@@std@@@std@@XZ

?get_const_instance@?$singleton@V?$multiset@PBVextended_type_info_typeid_0@typeid_system@serialization@boost@@Utype_compare@234@V?$allocator@PBVextended_type_info_typeid_0@typeid_system@serialization@boost@@@std@@@std@@@serialization@boost@@SAABV?$multiset@PBVextended_type_info_typeid_0@typeid_system@serialization@boost@@Utype_compare@234@V?$allocator@PBVextended_type_info_typeid_0@typeid_system@serialization@boost@@@std@@@std@@XZ

?get_const_instance@?$singleton@V?$oserializer@Vbinary_oarchive@archive@boost@@U?$pair@$$CBKVWnd@@@std@@@detail@archive@boost@@@serialization@boost@@SAABV?$oserializer@Vbinary_oarchive@archive@boost@@U?$pair@$$CBKVWnd@@@std@@@detail@archive@3@XZ

?get_const_instance@?$singleton@V?$oserializer@Vbinary_oarchive@archive@boost@@V?$map@KVWnd@@U?$less@K@std@@V?$allocator@U?$pair@$$CBKVWnd@@@std@@@3@@std@@@detail@archive@boost@@@serialization@boost@@SAABV?$oserializer@Vbinary_oarchive@archive@boost@@V?$map@KVWnd@@U?$less@K@std@@V?$allocator@U?$pair@$$CBKVWnd@@@std@@@3@@std@@@detail@archive@3@XZ

?get_const_instance@?$singleton@V?$oserializer@Vbinary_oarchive@archive@boost@@V?$vector@JV?$allocator@J@std@@@std@@@detail@archive@boost@@@serialization@boost@@SAABV?$oserializer@Vbinary_oarchive@archive@boost@@V?$vector@JV?$allocator@J@std@@@std@@@detail@archive@3@XZ

?get_const_instance@?$singleton@V?$oserializer@Vbinary_oarchive@archive@boost@@VWnd@@@detail@archive@boost@@@serialization@boost@@SAABV?$oserializer@Vbinary_oarchive@archive@boost@@VWnd@@@detail@archive@3@XZ

?get_const_instance@?$singleton@V?$set@PBVvoid_caster@void_cast_detail@serialization@boost@@Uvoid_caster_compare@234@V?$allocator@PBVvoid_caster@void_cast_detail@serialization@boost@@@std@@@std@@@serialization@boost@@SAABV?$set@PBVvoid_caster@void_cast_detail@serialization@boost@@Uvoid_caster_compare@234@V?$allocator@PBVvoid_caster@void_cast_detail@serialization@boost@@@std@@@std@@XZ

?get_instance@?$singleton@V?$extended_type_info_typeid@U?$pair@$$CBKVWnd@@@std@@@serialization@boost@@@serialization@boost@@CAAAV?$extended_type_info_typeid@U?$pair@$$CBKVWnd@@@std@@@23@XZ

?get_instance@?$singleton@V?$extended_type_info_typeid@V?$map@KVWnd@@U?$less@K@std@@V?$allocator@U?$pair@$$CBKVWnd@@@std@@@3@@std@@@serialization@boost@@@serialization@boost@@CAAAV?$extended_type_info_typeid@V?$map@KVWnd@@U?$less@K@std@@V?$allocator@U?$pair@$$CBKVWnd@@@std@@@3@@std@@@23@XZ

?get_instance@?$singleton@V?$extended_type_info_typeid@V?$vector@JV?$allocator@J@std@@@std@@@serialization@boost@@@serialization@boost@@CAAAV?$extended_type_info_typeid@V?$vector@JV?$allocator@J@std@@@std@@@23@XZ

?get_instance@?$singleton@V?$extended_type_info_typeid@VWnd@@@serialization@boost@@@serialization@boost@@CAAAV?$extended_type_info_typeid@VWnd@@@23@XZ

?get_instance@?$singleton@V?$iserializer@Vbinary_iarchive@archive@boost@@U?$pair@$$CBKVWnd@@@std@@@detail@archive@boost@@@serialization@boost@@CAAAV?$iserializer@Vbinary_iarchive@archive@boost@@U?$pair@$$CBKVWnd@@@std@@@detail@archive@3@XZ

?get_instance@?$singleton@V?$iserializer@Vbinary_iarchive@archive@boost@@V?$map@KVWnd@@U?$less@K@std@@V?$allocator@U?$pair@$$CBKVWnd@@@std@@@3@@std@@@detail@archive@boost@@@serialization@boost@@CAAAV?$iserializer@Vbinary_iarchive@archive@boost@@V?$map@KVWnd@@U?$less@K@std@@V?$allocator@U?$pair@$$CBKVWnd@@@std@@@3@@std@@@detail@archive@3@XZ

?get_instance@?$singleton@V?$iserializer@Vbinary_iarchive@archive@boost@@V?$vector@JV?$allocator@J@std@@@std@@@detail@archive@boost@@@serialization@boost@@CAAAV?$iserializer@Vbinary_iarchive@archive@boost@@V?$vector@JV?$allocator@J@std@@@std@@@detail@archive@3@XZ

?get_instance@?$singleton@V?$iserializer@Vbinary_iarchive@archive@boost@@VWnd@@@detail@archive@boost@@@serialization@boost@@CAAAV?$iserializer@Vbinary_iarchive@archive@boost@@VWnd@@@detail@archive@3@XZ

?get_instance@?$singleton@V?$map@Vbinary_iarchive@archive@boost@@@extra_detail@detail@archive@boost@@@serialization@boost@@CAAAV?$map@Vbinary_iarchive@archive@boost@@@extra_detail@detail@archive@3@XZ

?get_instance@?$singleton@V?$map@Vbinary_oarchive@archive@boost@@@extra_detail@detail@archive@boost@@@serialization@boost@@CAAAV?$map@Vbinary_oarchive@archive@boost@@@extra_detail@detail@archive@3@XZ

?get_instance@?$singleton@V?$map@Vnaked_binary_iarchive@archive@boost@@@extra_detail@detail@archive@boost@@@serialization@boost@@CAAAV?$map@Vnaked_binary_iarchive@archive@boost@@@extra_detail@detail@archive@3@XZ

?get_instance@?$singleton@V?$multiset@PBVextended_type_info@serialization@boost@@Ukey_compare@detail@23@V?$allocator@PBVextended_type_info@serialization@boost@@@std@@@std@@@serialization@boost@@CAAAV?$multiset@PBVextended_type_info@serialization@boost@@Ukey_compare@detail@23@V?$allocator@PBVextended_type_info@serialization@boost@@@std@@@std@@XZ

?get_instance@?$singleton@V?$multiset@PBVextended_type_info_typeid_0@typeid_system@serialization@boost@@Utype_compare@234@V?$allocator@PBVextended_type_info_typeid_0@typeid_system@serialization@boost@@@std@@@std@@@serialization@boost@@CAAAV?$multiset@PBVextended_type_info_typeid_0@typeid_system@serialization@boost@@Utype_compare@234@V?$allocator@PBVextended_type_info_typeid_0@typeid_system@serialization@boost@@@std@@@std@@XZ

?get_instance@?$singleton@V?$oserializer@Vbinary_oarchive@archive@boost@@U?$pair@$$CBKVWnd@@@std@@@detail@archive@boost@@@serialization@boost@@CAAAV?$oserializer@Vbinary_oarchive@archive@boost@@U?$pair@$$CBKVWnd@@@std@@@detail@archive@3@XZ

?get_instance@?$singleton@V?$oserializer@Vbinary_oarchive@archive@boost@@V?$map@KVWnd@@U?$less@K@std@@V?$allocator@U?$pair@$$CBKVWnd@@@std@@@3@@std@@@detail@archive@boost@@@serialization@boost@@CAAAV?$oserializer@Vbinary_oarchive@archive@boost@@V?$map@KVWnd@@U?$less@K@std@@V?$allocator@U?$pair@$$CBKVWnd@@@std@@@3@@std@@@detail@archive@3@XZ

?get_instance@?$singleton@V?$oserializer@Vbinary_oarchive@archive@boost@@V?$vector@JV?$allocator@J@std@@@std@@@detail@archive@boost@@@serialization@boost@@CAAAV?$oserializer@Vbinary_oarchive@archive@boost@@V?$vector@JV?$allocator@J@std@@@std@@@detail@archive@3@XZ

?get_instance@?$singleton@V?$oserializer@Vbinary_oarchive@archive@boost@@VWnd@@@detail@archive@boost@@@serialization@boost@@CAAAV?$oserializer@Vbinary_oarchive@archive@boost@@VWnd@@@detail@archive@3@XZ

?get_instance@?$singleton@V?$set@PBVvoid_caster@void_cast_detail@serialization@boost@@Uvoid_caster_compare@234@V?$allocator@PBVvoid_caster@void_cast_detail@serialization@boost@@@std@@@std@@@serialization@boost@@CAAAV?$set@PBVvoid_caster@void_cast_detail@serialization@boost@@Uvoid_caster_compare@234@V?$allocator@PBVvoid_caster@void_cast_detail@serialization@boost@@@std@@@std@@XZ

?get_mutable_instance@?$singleton@V?$map@Vbinary_iarchive@archive@boost@@@extra_detail@detail@archive@boost@@@serialization@boost@@SAAAV?$map@Vbinary_iarchive@archive@boost@@@extra_detail@detail@archive@3@XZ

?get_mutable_instance@?$singleton@V?$map@Vbinary_oarchive@archive@boost@@@extra_detail@detail@archive@boost@@@serialization@boost@@SAAAV?$map@Vbinary_oarchive@archive@boost@@@extra_detail@detail@archive@3@XZ

?get_mutable_instance@?$singleton@V?$map@Vnaked_binary_iarchive@archive@boost@@@extra_detail@detail@archive@boost@@@serialization@boost@@SAAAV?$map@Vnaked_binary_iarchive@archive@boost@@@extra_detail@detail@archive@3@XZ

?get_mutable_instance@?$singleton@V?$multiset@PBVextended_type_info@serialization@boost@@Ukey_compare@detail@23@V?$allocator@PBVextended_type_info@serialization@boost@@@std@@@std@@@serialization@boost@@SAAAV?$multiset@PBVextended_type_info@serialization@boost@@Ukey_compare@detail@23@V?$allocator@PBVextended_type_info@serialization@boost@@@std@@@std@@XZ

?get_mutable_instance@?$singleton@V?$multiset@PBVextended_type_info_typeid_0@typeid_system@serialization@boost@@Utype_compare@234@V?$allocator@PBVextended_type_info_typeid_0@typeid_system@serialization@boost@@@std@@@std@@@serialization@boost@@SAAAV?$multiset@PBVextended_type_info_typeid_0@typeid_system@serialization@boost@@Utype_compare@234@V?$allocator@PBVextended_type_info_typeid_0@typeid_system@serialization@boost@@@std@@@std@@XZ

?get_mutable_instance@?$singleton@V?$set@PBVvoid_caster@void_cast_detail@serialization@boost@@Uvoid_caster_compare@234@V?$allocator@PBVvoid_caster@void_cast_detail@serialization@boost@@@std@@@std@@@serialization@boost@@SAAAV?$set@PBVvoid_caster@void_cast_detail@serialization@boost@@Uvoid_caster_compare@234@V?$allocator@PBVvoid_caster@void_cast_detail@serialization@boost@@@std@@@std@@XZ

?instance@?$singleton@V?$extended_type_info_typeid@U?$pair@$$CBKVWnd@@@std@@@serialization@boost@@@serialization@boost@@0AAV?$extended_type_info_typeid@U?$pair@$$CBKVWnd@@@std@@@23@A

?instance@?$singleton@V?$extended_type_info_typeid@V?$map@KVWnd@@U?$less@K@std@@V?$allocator@U?$pair@$$CBKVWnd@@@std@@@3@@std@@@serialization@boost@@@serialization@boost@@0AAV?$extended_type_info_typeid@V?$map@KVWnd@@U?$less@K@std@@V?$allocator@U?$pair@$$CBKVWnd@@@std@@@3@@std@@@23@A

?instance@?$singleton@V?$extended_type_info_typeid@V?$vector@JV?$allocator@J@std@@@std@@@serialization@boost@@@serialization@boost@@0AAV?$extended_type_info_typeid@V?$vector@JV?$allocator@J@std@@@std@@@23@A

?instance@?$singleton@V?$extended_type_info_typeid@VWnd@@@serialization@boost@@@serialization@boost@@0AAV?$extended_type_info_typeid@VWnd@@@23@A

?instance@?$singleton@V?$iserializer@Vbinary_iarchive@archive@boost@@U?$pair@$$CBKVWnd@@@std@@@detail@archive@boost@@@serialization@boost@@0AAV?$iserializer@Vbinary_iarchive@archive@boost@@U?$pair@$$CBKVWnd@@@std@@@detail@archive@3@A

?instance@?$singleton@V?$iserializer@Vbinary_iarchive@archive@boost@@V?$map@KVWnd@@U?$less@K@std@@V?$allocator@U?$pair@$$CBKVWnd@@@std@@@3@@std@@@detail@archive@boost@@@serialization@boost@@0AAV?$iserializer@Vbinary_iarchive@archive@boost@@V?$map@KVWnd@@U?$less@K@std@@V?$allocator@U?$pair@$$CBKVWnd@@@std@@@3@@std@@@detail@archive@3@A

?instance@?$singleton@V?$iserializer@Vbinary_iarchive@archive@boost@@V?$vector@JV?$allocator@J@std@@@std@@@detail@archive@boost@@@serialization@boost@@0AAV?$iserializer@Vbinary_iarchive@archive@boost@@V?$vector@JV?$allocator@J@std@@@std@@@detail@archive@3@A

?instance@?$singleton@V?$iserializer@Vbinary_iarchive@archive@boost@@VWnd@@@detail@archive@boost@@@serialization@boost@@0AAV?$iserializer@Vbinary_iarchive@archive@boost@@VWnd@@@detail@archive@3@A

?instance@?$singleton@V?$map@Vbinary_iarchive@archive@boost@@@extra_detail@detail@archive@boost@@@serialization@boost@@0AAV?$map@Vbinary_iarchive@archive@boost@@@extra_detail@detail@archive@3@A

?instance@?$singleton@V?$map@Vbinary_oarchive@archive@boost@@@extra_detail@detail@archive@boost@@@serialization@boost@@0AAV?$map@Vbinary_oarchive@archive@boost@@@extra_detail@detail@archive@3@A

?instance@?$singleton@V?$map@Vnaked_binary_iarchive@archive@boost@@@extra_detail@detail@archive@boost@@@serialization@boost@@0AAV?$map@Vnaked_binary_iarchive@archive@boost@@@extra_detail@detail@archive@3@A

?instance@?$singleton@V?$multiset@PBVextended_type_info@serialization@boost@@Ukey_compare@detail@23@V?$allocator@PBVextended_type_info@serialization@boost@@@std@@@std@@@serialization@boost@@0AAV?$multiset@PBVextended_type_info@serialization@boost@@Ukey_compare@detail@23@V?$allocator@PBVextended_type_info@serialization@boost@@@std@@@std@@A

?instance@?$singleton@V?$multiset@PBVextended_type_info_typeid_0@typeid_system@serialization@boost@@Utype_compare@234@V?$allocator@PBVextended_type_info_typeid_0@typeid_system@serialization@boost@@@std@@@std@@@serialization@boost@@0AAV?$multiset@PBVextended_type_info_typeid_0@typeid_system@serialization@boost@@Utype_compare@234@V?$allocator@PBVextended_type_info_typeid_0@typeid_system@serialization@boost@@@std@@@std@@A

?instance@?$singleton@V?$oserializer@Vbinary_oarchive@archive@boost@@U?$pair@$$CBKVWnd@@@std@@@detail@archive@boost@@@serialization@boost@@0AAV?$oserializer@Vbinary_oarchive@archive@boost@@U?$pair@$$CBKVWnd@@@std@@@detail@archive@3@A

?instance@?$singleton@V?$oserializer@Vbinary_oarchive@archive@boost@@V?$map@KVWnd@@U?$less@K@std@@V?$allocator@U?$pair@$$CBKVWnd@@@std@@@3@@std@@@detail@archive@boost@@@serialization@boost@@0AAV?$oserializer@Vbinary_oarchive@archive@boost@@V?$map@KVWnd@@U?$less@K@std@@V?$allocator@U?$pair@$$CBKVWnd@@@std@@@3@@std@@@detail@archive@3@A

?instance@?$singleton@V?$oserializer@Vbinary_oarchive@archive@boost@@V?$vector@JV?$allocator@J@std@@@std@@@detail@archive@boost@@@serialization@boost@@0AAV?$oserializer@Vbinary_oarchive@archive@boost@@V?$vector@JV?$allocator@J@std@@@std@@@detail@archive@3@A

?instance@?$singleton@V?$oserializer@Vbinary_oarchive@archive@boost@@VWnd@@@detail@archive@boost@@@serialization@boost@@0AAV?$oserializer@Vbinary_oarchive@archive@boost@@VWnd@@@detail@archive@3@A

?instance@?$singleton@V?$set@PBVvoid_caster@void_cast_detail@serialization@boost@@Uvoid_caster_compare@234@V?$allocator@PBVvoid_caster@void_cast_detail@serialization@boost@@@std@@@std@@@serialization@boost@@0AAV?$set@PBVvoid_caster@void_cast_detail@serialization@boost@@Uvoid_caster_compare@234@V?$allocator@PBVvoid_caster@void_cast_detail@serialization@boost@@@std@@@std@@A

?is_destroyed@?$singleton@V?$map@Vbinary_iarchive@archive@boost@@@extra_detail@detail@archive@boost@@@serialization@boost@@SA_NXZ

?is_destroyed@?$singleton@V?$map@Vbinary_oarchive@archive@boost@@@extra_detail@detail@archive@boost@@@serialization@boost@@SA_NXZ

?is_destroyed@?$singleton@V?$map@Vnaked_binary_iarchive@archive@boost@@@extra_detail@detail@archive@boost@@@serialization@boost@@SA_NXZ

?is_destroyed@?$singleton@V?$multiset@PBVextended_type_info@serialization@boost@@Ukey_compare@detail@23@V?$allocator@PBVextended_type_info@serialization@boost@@@std@@@std@@@serialization@boost@@SA_NXZ

?is_destroyed@?$singleton@V?$multiset@PBVextended_type_info_typeid_0@typeid_system@serialization@boost@@Utype_compare@234@V?$allocator@PBVextended_type_info_typeid_0@typeid_system@serialization@boost@@@std@@@std@@@serialization@boost@@SA_NXZ

?is_destroyed@?$singleton@V?$set@PBVvoid_caster@void_cast_detail@serialization@boost@@Uvoid_caster_compare@234@V?$allocator@PBVvoid_caster@void_cast_detail@serialization@boost@@@std@@@std@@@serialization@boost@@SA_NXZ

?load_object_data@?$iserializer@Vbinary_iarchive@archive@boost@@U?$pair@$$CBKVWnd@@@std@@@detail@archive@boost@@UBEXAAVbasic_iarchive@234@PAXI@Z

?load_object_data@?$iserializer@Vbinary_iarchive@archive@boost@@V?$map@KVWnd@@U?$less@K@std@@V?$allocator@U?$pair@$$CBKVWnd@@@std@@@3@@std@@@detail@archive@boost@@UBEXAAVbasic_iarchive@234@PAXI@Z

?load_object_data@?$iserializer@Vbinary_iarchive@archive@boost@@V?$vector@JV?$allocator@J@std@@@std@@@detail@archive@boost@@UBEXAAVbasic_iarchive@234@PAXI@Z

?load_object_data@?$iserializer@Vbinary_iarchive@archive@boost@@VWnd@@@detail@archive@boost@@UBEXAAVbasic_iarchive@234@PAXI@Z

?save_object_data@?$oserializer@Vbinary_oarchive@archive@boost@@U?$pair@$$CBKVWnd@@@std@@@detail@archive@boost@@UBEXAAVbasic_oarchive@234@PBX@Z

?save_object_data@?$oserializer@Vbinary_oarchive@archive@boost@@V?$map@KVWnd@@U?$less@K@std@@V?$allocator@U?$pair@$$CBKVWnd@@@std@@@3@@std@@@detail@archive@boost@@UBEXAAVbasic_oarchive@234@PBX@Z

?save_object_data@?$oserializer@Vbinary_oarchive@archive@boost@@V?$vector@JV?$allocator@J@std@@@std@@@detail@archive@boost@@UBEXAAVbasic_oarchive@234@PBX@Z

?save_object_data@?$oserializer@Vbinary_oarchive@archive@boost@@VWnd@@@detail@archive@boost@@UBEXAAVbasic_oarchive@234@PBX@Z

?t@?1??get_instance@?$singleton@V?$extended_type_info_typeid@U?$pair@$$CBKVWnd@@@std@@@serialization@boost@@@serialization@boost@@CAAAV?$extended_type_info_typeid@U?$pair@$$CBKVWnd@@@std@@@34@XZ@4V?$singleton_wrapper@V?$extended_type_info_typeid@U?$pair@$$CBKVWnd@@@std@@@serialization@boost@@@detail@34@A

?t@?1??get_instance@?$singleton@V?$extended_type_info_typeid@V?$map@KVWnd@@U?$less@K@std@@V?$allocator@U?$pair@$$CBKVWnd@@@std@@@3@@std@@@serialization@boost@@@serialization@boost@@CAAAV?$extended_type_info_typeid@V?$map@KVWnd@@U?$less@K@std@@V?$allocator@U?$pair@$$CBKVWnd@@@std@@@3@@std@@@34@XZ@4V?$singleton_wrapper@V?$extended_type_info_typeid@V?$map@KVWnd@@U?$less@K@std@@V?$allocator@U?$pair@$$CBKVWnd@@@std@@@3@@std@@@serialization@boost@@@detail@34@A

?t@?1??get_instance@?$singleton@V?$extended_type_info_typeid@V?$vector@JV?$allocator@J@std@@@std@@@serialization@boost@@@serialization@boost@@CAAAV?$extended_type_info_typeid@V?$vector@JV?$allocator@J@std@@@std@@@34@XZ@4V?$singleton_wrapper@V?$extended_type_info_typeid@V?$vector@JV?$allocator@J@std@@@std@@@serialization@boost@@@detail@34@A

?t@?1??get_instance@?$singleton@V?$extended_type_info_typeid@VWnd@@@serialization@boost@@@serialization@boost@@CAAAV?$extended_type_info_typeid@VWnd@@@34@XZ@4V?$singleton_wrapper@V?$extended_type_info_typeid@VWnd@@@serialization@boost@@@detail@34@A

?t@?1??get_instance@?$singleton@V?$iserializer@Vbinary_iarchive@archive@boost@@U?$pair@$$CBKVWnd@@@std@@@detail@archive@boost@@@serialization@boost@@CAAAV?$iserializer@Vbinary_iarchive@archive@boost@@U?$pair@$$CBKVWnd@@@std@@@detail@archive@4@XZ@4V?$singleton_wrapper@V?$iserializer@Vbinary_iarchive@archive@boost@@U?$pair@$$CBKVWnd@@@std@@@detail@archive@boost@@@634@A

?t@?1??get_instance@?$singleton@V?$iserializer@Vbinary_iarchive@archive@boost@@V?$map@KVWnd@@U?$less@K@std@@V?$allocator@U?$pair@$$CBKVWnd@@@std@@@3@@std@@@detail@archive@boost@@@serialization@boost@@CAAAV?$iserializer@Vbinary_iarchive@archive@boost@@V?$map@KVWnd@@U?$less@K@std@@V?$allocator@U?$pair@$$CBKVWnd@@@std@@@3@@std@@@detail@archive@4@XZ@4V?$singleton_wrapper@V?$iserializer@Vbinary_iarchive@archive@boost@@V?$map@KVWnd@@U?$less@K@std@@V?$allocator@U?$pair@$$CBKVWnd@@@std@@@3@@std@@@detail@archive@boost@@@634@A

?t@?1??get_instance@?$singleton@V?$iserializer@Vbinary_iarchive@archive@boost@@V?$vector@JV?$allocator@J@std@@@std@@@detail@archive@boost@@@serialization@boost@@CAAAV?$iserializer@Vbinary_iarchive@archive@boost@@V?$vector@JV?$allocator@J@std@@@std@@@detail@archive@4@XZ@4V?$singleton_wrapper@V?$iserializer@Vbinary_iarchive@archive@boost@@V?$vector@JV?$allocator@J@std@@@std@@@detail@archive@boost@@@634@A

?t@?1??get_instance@?$singleton@V?$iserializer@Vbinary_iarchive@archive@boost@@VWnd@@@detail@archive@boost@@@serialization@boost@@CAAAV?$iserializer@Vbinary_iarchive@archive@boost@@VWnd@@@detail@archive@4@XZ@4V?$singleton_wrapper@V?$iserializer@Vbinary_iarchive@archive@boost@@VWnd@@@detail@archive@boost@@@634@A

?t@?1??get_instance@?$singleton@V?$map@Vbinary_iarchive@archive@boost@@@extra_detail@detail@archive@boost@@@serialization@boost@@CAAAV?$map@Vbinary_iarchive@archive@boost@@@extra_detail@detail@archive@4@XZ@4V?$singleton_wrapper@V?$map@Vbinary_iarchive@archive@boost@@@extra_detail@detail@archive@boost@@@734@A

?t@?1??get_instance@?$singleton@V?$map@Vbinary_oarchive@archive@boost@@@extra_detail@detail@archive@boost@@@serialization@boost@@CAAAV?$map@Vbinary_oarchive@archive@boost@@@extra_detail@detail@archive@4@XZ@4V?$singleton_wrapper@V?$map@Vbinary_oarchive@archive@boost@@@extra_detail@detail@archive@boost@@@734@A

?t@?1??get_instance@?$singleton@V?$map@Vnaked_binary_iarchive@archive@boost@@@extra_detail@detail@archive@boost@@@serialization@boost@@CAAAV?$map@Vnaked_binary_iarchive@archive@boost@@@extra_detail@detail@archive@4@XZ@4V?$singleton_wrapper@V?$map@Vnaked_binary_iarchive@archive@boost@@@extra_detail@detail@archive@boost@@@734@A

?t@?1??get_instance@?$singleton@V?$multiset@PBVextended_type_info@serialization@boost@@Ukey_compare@detail@23@V?$allocator@PBVextended_type_info@serialization@boost@@@std@@@std@@@serialization@boost@@CAAAV?$multiset@PBVextended_type_info@serialization@boost@@Ukey_compare@detail@23@V?$allocator@PBVextended_type_info@serialization@boost@@@std@@@std@@XZ@4V?$singleton_wrapper@V?$multiset@PBVextended_type_info@serialization@boost@@Ukey_compare@detail@23@V?$allocator@PBVextended_type_info@serialization@boost@@@std@@@std@@@detail@34@A

?t@?1??get_instance@?$singleton@V?$multiset@PBVextended_type_info_typeid_0@typeid_system@serialization@boost@@Utype_compare@234@V?$allocator@PBVextended_type_info_typeid_0@typeid_system@serialization@boost@@@std@@@std@@@serialization@boost@@CAAAV?$multiset@PBVextended_type_info_typeid_0@typeid_system@serialization@boost@@Utype_compare@234@V?$allocator@PBVextended_type_info_typeid_0@typeid_system@serialization@boost@@@std@@@std@@XZ@4V?$singleton_wrapper@V?$multiset@PBVextended_type_info_typeid_0@typeid_system@serialization@boost@@Utype_compare@234@V?$allocator@PBVextended_type_info_typeid_0@typeid_system@serialization@boost@@@std@@@std@@@detail@34@A

?t@?1??get_instance@?$singleton@V?$oserializer@Vbinary_oarchive@archive@boost@@U?$pair@$$CBKVWnd@@@std@@@detail@archive@boost@@@serialization@boost@@CAAAV?$oserializer@Vbinary_oarchive@archive@boost@@U?$pair@$$CBKVWnd@@@std@@@detail@archive@4@XZ@4V?$singleton_wrapper@V?$oserializer@Vbinary_oarchive@archive@boost@@U?$pair@$$CBKVWnd@@@std@@@detail@archive@boost@@@634@A

?t@?1??get_instance@?$singleton@V?$oserializer@Vbinary_oarchive@archive@boost@@V?$map@KVWnd@@U?$less@K@std@@V?$allocator@U?$pair@$$CBKVWnd@@@std@@@3@@std@@@detail@archive@boost@@@serialization@boost@@CAAAV?$oserializer@Vbinary_oarchive@archive@boost@@V?$map@KVWnd@@U?$less@K@std@@V?$allocator@U?$pair@$$CBKVWnd@@@std@@@3@@std@@@detail@archive@4@XZ@4V?$singleton_wrapper@V?$oserializer@Vbinary_oarchive@archive@boost@@V?$map@KVWnd@@U?$less@K@std@@V?$allocator@U?$pair@$$CBKVWnd@@@std@@@3@@std@@@detail@archive@boost@@@634@A

?t@?1??get_instance@?$singleton@V?$oserializer@Vbinary_oarchive@archive@boost@@V?$vector@JV?$allocator@J@std@@@std@@@detail@archive@boost@@@serialization@boost@@CAAAV?$oserializer@Vbinary_oarchive@archive@boost@@V?$vector@JV?$allocator@J@std@@@std@@@detail@archive@4@XZ@4V?$singleton_wrapper@V?$oserializer@Vbinary_oarchive@archive@boost@@V?$vector@JV?$allocator@J@std@@@std@@@detail@archive@boost@@@634@A

?t@?1??get_instance@?$singleton@V?$oserializer@Vbinary_oarchive@archive@boost@@VWnd@@@detail@archive@boost@@@serialization@boost@@CAAAV?$oserializer@Vbinary_oarchive@archive@boost@@VWnd@@@detail@archive@4@XZ@4V?$singleton_wrapper@V?$oserializer@Vbinary_oarchive@archive@boost@@VWnd@@@detail@archive@boost@@@634@A

?t@?1??get_instance@?$singleton@V?$set@PBVvoid_caster@void_cast_detail@serialization@boost@@Uvoid_caster_compare@234@V?$allocator@PBVvoid_caster@void_cast_detail@serialization@boost@@@std@@@std@@@serialization@boost@@CAAAV?$set@PBVvoid_caster@void_cast_detail@serialization@boost@@Uvoid_caster_compare@234@V?$allocator@PBVvoid_caster@void_cast_detail@serialization@boost@@@std@@@std@@XZ@4V?$singleton_wrapper@V?$set@PBVvoid_caster@void_cast_detail@serialization@boost@@Uvoid_caster_compare@234@V?$allocator@PBVvoid_caster@void_cast_detail@serialization@boost@@@std@@@std@@@detail@34@A

AufrollSubclassen

Beenden

DesktopIconFinden

DesktopIconFinden2

DesktopIconsGetAbstand

DesktopIconsGetAnzahl

DesktopIconsGetAnzahlAusgewaehlt

DesktopIconsGetAnzahlSichtbar

DesktopIconsGetHintergrundFarbe

DesktopIconsGetNumberOfWorkareas

DesktopIconsGetPosition

DesktopIconsGetStatus

DesktopIconsGetText

DesktopIconsGetTextFarbe

DesktopIconsGetTextHintergrundFarbe

DesktopIconsGetWorkareas

DesktopIconsSetHintergrundFarbe

DesktopIconsSetPosition

DesktopIconsSetTextFarbe

DesktopIconsSetTextHintergrundFarbe

DesktopIconsSetWorkareas

DesktopIconsShowLabels

GetDominantIconColor

HookEntfernen

HookLieberDochNichtSetzen

HookSetzen

HookSetzen2

Initialisieren

KonstanteSetzen

SHSetFolderPathW

TaskleisteGetButtonAnzahl

TaskleisteGetButtonText

TaskleisteGetButtonlParam

TaskleisteIstButtonAktiviert

TaskleisteShowButton

dexGetProp

dexGetSystemMenu

dexGraustufen

dexPlaySound

dexPropStoreCheck

dexPropStoreClear

dexPropStoreGet

dexPropStoreLoad

dexPropStoreRemove

dexPropStoreResize

dexPropStoreSave

dexPropStoreSet

dexRemoveProp

dexSetForegroundWindow

dexSetProp

Sections

.text
Size: 274KB - Virtual size: 274KB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

.rdata
Size: 77KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.data
Size: 15KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.reloc
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_DISCARDABLE

IMAGE_SCN_MEM_READ

Dexpot64.dll

.dll windows:5 windows x64 arch:x64

ef2d65e112946c8548a808e96ed46b4e

Code Sign

b0:18:0d:97:b7:4d:c8:a3:f1:98:ff:2c:70:e0:ae:b1
Certificate

Issuer

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

08/07/2019, 00:00

Not After

07/07/2022, 23:59

Subject

CN=Sebastian Brands und Patrick Dubbert (Dexpot GbR),OU=Sebastian Brands und Patrick Dubbert (Dexpot GbR),O=Sebastian Brands und Patrick Dubbert (Dexpot GbR),POSTALCODE=46487,STREET=Bergerfurth 38,L=Wesel,ST=NRW,C=DE,2.5.4.18=#13053436343837

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/11/2018, 00:00

Not After

31/12/2030, 23:59

Subject

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

3d:1a:35:72:30:15:82:63:30:d0:13:71:7e:82:41:08
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

02/05/2019, 00:00

Not After

01/08/2030, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #1,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

4e:e7:94:02:2c:70:30:b9:c2:01:0a:ac:65:f3:16:24:c7:c3:d0:4b:55:9c:86:b5:73:bf:dc:8f:b9:9d:f6:36
Signer

Actual PE Digest

4e:e7:94:02:2c:70:30:b9:c2:01:0a:ac:65:f3:16:24:c7:c3:d0:4b:55:9c:86:b5:73:bf:dc:8f:b9:9d:f6:36

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_LARGE_ADDRESS_AWARE

IMAGE_FILE_DLL

Imports

winmm

PlaySoundW

kernel32

IsDebuggerPresent

WriteFile

GetProcAddress

MapViewOfFile

CreateFileMappingW

VirtualAllocEx

OpenProcess

UnmapViewOfFile

CloseHandle

VirtualFreeEx

GetVersionExW

LoadLibraryW

WriteProcessMemory

ReadProcessMemory

HeapFree

GetProcessHeap

FreeLibrary

HeapAlloc

GetStringTypeW

MultiByteToWideChar

LCMapStringW

HeapReAlloc

HeapSize

IsValidCodePage

GetOEMCP

GetACP

GetCPInfo

EnterCriticalSection

LeaveCriticalSection

GetSystemTimeAsFileTime

GetCurrentProcessId

RtlLookupFunctionEntry

RtlUnwindEx

GetCurrentThreadId

FlsSetValue

GetCommandLineA

GetLastError

EncodePointer

TerminateProcess

GetCurrentProcess

UnhandledExceptionFilter

SetUnhandledExceptionFilter

GetTickCount

RtlVirtualUnwind

RtlCaptureContext

DecodePointer

FlsGetValue

FlsFree

SetLastError

FlsAlloc

Sleep

GetModuleHandleW

ExitProcess

SetHandleCount

GetStdHandle

InitializeCriticalSectionAndSpinCount

GetFileType

GetStartupInfoW

DeleteCriticalSection

GetModuleFileNameA

FreeEnvironmentStringsW

WideCharToMultiByte

GetEnvironmentStringsW

HeapSetInformation

GetVersion

HeapCreate

HeapDestroy

QueryPerformanceCounter

GetModuleFileNameW

user32

GetPropW

GetWindowLongPtrW

GetForegroundWindow

SendMessageTimeoutW

SendNotifyMessageW

InvalidateRect

UpdateWindow

SendMessageW

RegisterWindowMessageW

IsWindow

FindWindowW

GetWindow

EnumWindows

FindWindowExW

GetWindowThreadProcessId

UnhookWindowsHookEx

SetWindowsHookExW

oleaut32

SysAllocString

shell32

ord232

Exports

AufrollSubclassen

Beenden

DesktopIconFinden

DesktopIconFinden2

DesktopIconsGetAbstand

DesktopIconsGetAnzahl

DesktopIconsGetAnzahlAusgewaehlt

DesktopIconsGetAnzahlSichtbar

DesktopIconsGetHintergrundFarbe

DesktopIconsGetNumberOfWorkareas

DesktopIconsGetPosition

DesktopIconsGetStatus

DesktopIconsGetText

DesktopIconsGetTextFarbe

DesktopIconsGetTextHintergrundFarbe

DesktopIconsGetWorkareas

DesktopIconsSetHintergrundFarbe

DesktopIconsSetPosition

DesktopIconsSetTextFarbe

DesktopIconsSetTextHintergrundFarbe

DesktopIconsSetWorkareas

DesktopIconsShowLabels

HookEntfernen

HookLieberDochNichtSetzen

HookSetzen

HookSetzen2

Initialisieren

KonstanteSetzen

SHSetFolderPathW

TaskleisteGetButtonAnzahl

TaskleisteGetButtonText

TaskleisteGetButtonlParam

TaskleisteIstButtonAktiviert

TaskleisteShowButton

dexGetSystemMenu

dexGraustufen

dexPlaySound

dexSetForegroundWindow

Sections

.text
Size: 40KB - Virtual size: 40KB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_DISCARDABLE

IMAGE_SCN_MEM_READ

Dexpot64.exe

.exe windows:5 windows x64 arch:x64

eddf58a533bc1aba7e9b353eef976e4a

Code Sign

b0:18:0d:97:b7:4d:c8:a3:f1:98:ff:2c:70:e0:ae:b1
Certificate

Issuer

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

08/07/2019, 00:00

Not After

07/07/2022, 23:59

Subject

CN=Sebastian Brands und Patrick Dubbert (Dexpot GbR),OU=Sebastian Brands und Patrick Dubbert (Dexpot GbR),O=Sebastian Brands und Patrick Dubbert (Dexpot GbR),POSTALCODE=46487,STREET=Bergerfurth 38,L=Wesel,ST=NRW,C=DE,2.5.4.18=#13053436343837

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/11/2018, 00:00

Not After

31/12/2030, 23:59

Subject

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

3d:1a:35:72:30:15:82:63:30:d0:13:71:7e:82:41:08
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

02/05/2019, 00:00

Not After

01/08/2030, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #1,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

10:30:78:c5:18:86:ba:00:f5:cb:f6:9e:96:0e:8f:b9:b0:dc:c0:4b:3f:f1:16:6d:a6:f8:ac:38:c2:bb:8a:ad
Signer

Actual PE Digest

10:30:78:c5:18:86:ba:00:f5:cb:f6:9e:96:0e:8f:b9:b0:dc:c0:4b:3f:f1:16:6d:a6:f8:ac:38:c2:bb:8a:ad

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\Patrick\Desktop\dexcode\komponenten\Dexpot64\x64\Release\Dexpot64.pdb

Imports

dexpot64

ord17

ord3

ord6

ord31

ord26

ord25

ord4

ord2

ord39

ord36

ord8

ord35

ord32

ord1

ord22

ord30

ord5

ord19

ord34

ord33

ord38

kernel32

MapViewOfFile

UnmapViewOfFile

SetEvent

GetFileAttributesW

GetModuleFileNameW

OpenFileMappingW

OpenEventW

CloseHandle

GetStringTypeW

MultiByteToWideChar

LCMapStringW

WideCharToMultiByte

HeapReAlloc

IsValidCodePage

GetOEMCP

GetACP

GetCPInfo

LoadLibraryW

EnterCriticalSection

LeaveCriticalSection

HeapSize

Sleep

GetSystemTimeAsFileTime

GetCommandLineW

GetStartupInfoW

TerminateProcess

GetCurrentProcess

UnhandledExceptionFilter

SetUnhandledExceptionFilter

IsDebuggerPresent

RtlVirtualUnwind

RtlLookupFunctionEntry

RtlCaptureContext

GetLastError

HeapFree

EncodePointer

DecodePointer

HeapAlloc

RaiseException

RtlPcToFileHeader

GetProcAddress

GetModuleHandleW

ExitProcess

WriteFile

GetStdHandle

RtlUnwindEx

FreeEnvironmentStringsW

GetEnvironmentStringsW

SetHandleCount

InitializeCriticalSectionAndSpinCount

GetFileType

DeleteCriticalSection

FlsGetValue

FlsSetValue

FlsFree

SetLastError

GetCurrentThreadId

FlsAlloc

HeapSetInformation

GetVersion

HeapCreate

QueryPerformanceCounter

GetTickCount

GetCurrentProcessId

user32

GetMessageW

PostQuitMessage

UnregisterClassW

SetTimer

KillTimer

FindWindowW

TranslateMessage

RegisterClassExW

ShowWindow

IsWindow

CreateWindowExW

MessageBoxW

DefWindowProcW

DispatchMessageW

PostMessageW

shell32

ShellExecuteW

oleaut32

SysFreeString

SysStringByteLen

SysStringLen

Sections

.text
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

.rdata
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 954B

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_DISCARDABLE

IMAGE_SCN_MEM_READ

autodex.exe

.exe windows:5 windows x86 arch:x86

5cfb68175cfd765d9da47edc5facd34a

Code Sign

b0:18:0d:97:b7:4d:c8:a3:f1:98:ff:2c:70:e0:ae:b1
Certificate

Issuer

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

08/07/2019, 00:00

Not After

07/07/2022, 23:59

Subject

CN=Sebastian Brands und Patrick Dubbert (Dexpot GbR),OU=Sebastian Brands und Patrick Dubbert (Dexpot GbR),O=Sebastian Brands und Patrick Dubbert (Dexpot GbR),POSTALCODE=46487,STREET=Bergerfurth 38,L=Wesel,ST=NRW,C=DE,2.5.4.18=#13053436343837

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/11/2018, 00:00

Not After

31/12/2030, 23:59

Subject

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

3d:1a:35:72:30:15:82:63:30:d0:13:71:7e:82:41:08
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

02/05/2019, 00:00

Not After

01/08/2030, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #1,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

3a:9e:be:4c:57:4d:93:70:e7:3e:06:67:98:15:9f:1d:46:ed:e4:c9:91:fe:cd:53:59:ec:2d:73:2b:32:84:56
Signer

Actual PE Digest

3a:9e:be:4c:57:4d:93:70:e7:3e:06:67:98:15:9f:1d:46:ed:e4:c9:91:fe:cd:53:59:ec:2d:73:2b:32:84:56

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Users\Patrick\Desktop\dexcode\komponenten\autodex\Release\autodex.pdb

Imports

kernel32

CreateMutexW

MapViewOfFile

UnmapViewOfFile

InterlockedDecrement

GetCurrentProcess

WaitForSingleObject

SetEvent

QueryFullProcessImageNameW

GetProcessId

OpenFileMappingW

OpenEventW

ReleaseMutex

CloseHandle

FlushFileBuffers

CreateFileW

WriteConsoleW

SetStdHandle

LoadLibraryW

GetConsoleMode

GetConsoleCP

SetFilePointer

HeapReAlloc

IsValidLocale

EnumSystemLocalesA

GetLocaleInfoA

GetUserDefaultLCID

IsValidCodePage

GetOEMCP

WideCharToMultiByte

InterlockedIncrement

InterlockedCompareExchange

InterlockedExchange

MultiByteToWideChar

GetStringTypeW

EncodePointer

DecodePointer

Sleep

InitializeCriticalSection

DeleteCriticalSection

EnterCriticalSection

LeaveCriticalSection

LocalFree

GetLastError

HeapFree

GetCommandLineW

HeapSetInformation

GetStartupInfoW

GetCPInfo

RaiseException

RtlUnwind

HeapAlloc

LCMapStringW

TerminateProcess

UnhandledExceptionFilter

SetUnhandledExceptionFilter

IsDebuggerPresent

IsProcessorFeaturePresent

HeapCreate

TlsAlloc

TlsGetValue

TlsSetValue

TlsFree

GetModuleHandleW

SetLastError

GetCurrentThreadId

GetProcAddress

HeapSize

ExitProcess

WriteFile

GetStdHandle

GetModuleFileNameW

FreeEnvironmentStringsW

GetEnvironmentStringsW

SetHandleCount

InitializeCriticalSectionAndSpinCount

GetFileType

QueryPerformanceCounter

GetTickCount

GetCurrentProcessId

GetSystemTimeAsFileTime

GetLocaleInfoW

GetACP

user32

GetDesktopWindow

FindWindowW

SendMessageW

shell32

ShellExecuteExW

CommandLineToArgvW

ole32

CoInitializeSecurity

CoInitializeEx

CoCreateInstance

CoUninitialize

oleaut32

SysFreeString

VariantInit

VariantClear

SysAllocString

Sections

.text
Size: 108KB - Virtual size: 108KB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_DISCARDABLE

IMAGE_SCN_MEM_READ

dexpot.exe

.exe windows:4 windows x86 arch:x86

bcedfe584a911a02f77f6dd7158e8cca

Code Sign

b0:18:0d:97:b7:4d:c8:a3:f1:98:ff:2c:70:e0:ae:b1
Certificate

Issuer

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

08/07/2019, 00:00

Not After

07/07/2022, 23:59

Subject

CN=Sebastian Brands und Patrick Dubbert (Dexpot GbR),OU=Sebastian Brands und Patrick Dubbert (Dexpot GbR),O=Sebastian Brands und Patrick Dubbert (Dexpot GbR),POSTALCODE=46487,STREET=Bergerfurth 38,L=Wesel,ST=NRW,C=DE,2.5.4.18=#13053436343837

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/11/2018, 00:00

Not After

31/12/2030, 23:59

Subject

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

3d:1a:35:72:30:15:82:63:30:d0:13:71:7e:82:41:08
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

02/05/2019, 00:00

Not After

01/08/2030, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #1,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

78:4f:38:b5:9f:20:38:7a:b6:a5:a1:6f:3c:91:fe:2e:61:2c:fc:7c:75:ae:9c:a1:25:8f:45:6f:54:f7:38:54
Signer

Actual PE Digest

78:4f:38:b5:9f:20:38:7a:b6:a5:a1:6f:3c:91:fe:2e:61:2c:fc:7c:75:ae:9c:a1:25:8f:45:6f:54:f7:38:54

Digest Algorithm

sha256

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_LINE_NUMS_STRIPPED

IMAGE_FILE_LOCAL_SYMS_STRIPPED

IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

ord693

ord588

MethCallEngine

ord516

ord517

ord519

ord661

ord662

ord669

ord592

ord300

ord301

ord595

ord303

ord598

ord305

ord306

ord307

ord309

ord709

ord631

ord525

EVENT_SINK_AddRef

ord527

ord529

ord561

DllFunctionCall

ord563

ord670

ord564

EVENT_SINK_Release

ord600

ord311

EVENT_SINK_QueryInterface

__vbaExceptHandler

ord711

ord313

ord712

ord606

ord714

ord607

ord530

ord531

ord609

ord717

ord533

ProcCallEngine

ord537

ord644

ord538

ord645

ord646

ord648

ord573

ord681

ord576

ord577

ord578

ord685

ord100

ord611

ord614

ord616

ord617

ord618

ord619

ord546

ord581

Sections

.text
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 74KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.rsrc
Size: 532KB - Virtual size: 530KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

hooxpot.dll

.dll windows:5 windows x86 arch:x86

32f0b0f6180e04f409479493840c41af

Code Sign

b0:18:0d:97:b7:4d:c8:a3:f1:98:ff:2c:70:e0:ae:b1
Certificate

Issuer

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

08/07/2019, 00:00

Not After

07/07/2022, 23:59

Subject

CN=Sebastian Brands und Patrick Dubbert (Dexpot GbR),OU=Sebastian Brands und Patrick Dubbert (Dexpot GbR),O=Sebastian Brands und Patrick Dubbert (Dexpot GbR),POSTALCODE=46487,STREET=Bergerfurth 38,L=Wesel,ST=NRW,C=DE,2.5.4.18=#13053436343837

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/11/2018, 00:00

Not After

31/12/2030, 23:59

Subject

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

3d:1a:35:72:30:15:82:63:30:d0:13:71:7e:82:41:08
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

02/05/2019, 00:00

Not After

01/08/2030, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #1,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

91:6a:d4:72:28:10:64:a7:02:21:c9:ea:68:6f:d6:26:aa:9d:9d:e5:c6:13:fc:12:6c:74:5b:95:25:0b:87:f6
Signer

Actual PE Digest

91:6a:d4:72:28:10:64:a7:02:21:c9:ea:68:6f:d6:26:aa:9d:9d:e5:c6:13:fc:12:6c:74:5b:95:25:0b:87:f6

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_32BIT_MACHINE

IMAGE_FILE_DLL

PDB Paths

C:\Users\Patrick\Desktop\dexcode\komponenten\hooxpot\Release\hooxpot.pdb

Imports

user32

GetSystemMenu

SetForegroundWindow

IsWindow

GetWindowThreadProcessId

SetWindowsHookExW

SetPropW

GetPropW

GetSystemMetrics

IsWindowUnicode

SetWindowLongW

SetWindowLongA

RemovePropW

CallWindowProcW

CallWindowProcA

DefWindowProcW

CallNextHookEx

SendMessageTimeoutW

SendNotifyMessageW

kernel32

GetFileType

IsProcessorFeaturePresent

HeapSize

GetStringTypeW

MultiByteToWideChar

LCMapStringW

RtlUnwind

GetModuleFileNameW

WriteFile

GetCurrentProcess

TerminateProcess

IsDebuggerPresent

SetUnhandledExceptionFilter

UnhandledExceptionFilter

LoadLibraryW

GetCurrentThreadId

DecodePointer

GetCommandLineA

EncodePointer

TlsAlloc

TlsGetValue

TlsSetValue

TlsFree

InterlockedIncrement

GetModuleHandleW

SetLastError

GetLastError

InterlockedDecrement

GetProcAddress

HeapFree

Sleep

ExitProcess

SetHandleCount

GetStdHandle

InitializeCriticalSectionAndSpinCount

GetStartupInfoW

DeleteCriticalSection

GetModuleFileNameA

FreeEnvironmentStringsW

WideCharToMultiByte

GetEnvironmentStringsW

HeapCreate

HeapDestroy

QueryPerformanceCounter

GetTickCount

GetCurrentProcessId

GetSystemTimeAsFileTime

LeaveCriticalSection

EnterCriticalSection

GetCPInfo

GetACP

GetOEMCP

IsValidCodePage

HeapAlloc

HeapReAlloc

Exports

AufrollSubclassen

CallWndProc

GetSystemMenuHookProc

HookSetzen

Init

MouseProc

SetForegroundWindowHookProc

ShellProc

SysMsgProc

Sections

.text
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

.rdata
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

Dexpot
Size: 512B - Virtual size: 40B

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_DISCARDABLE

IMAGE_SCN_MEM_READ

hooxpot64.dll

.dll windows:5 windows x64 arch:x64

8f70c7d5dbce8946e3773a48f7d89108

Code Sign

b0:18:0d:97:b7:4d:c8:a3:f1:98:ff:2c:70:e0:ae:b1
Certificate

Issuer

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

08/07/2019, 00:00

Not After

07/07/2022, 23:59

Subject

CN=Sebastian Brands und Patrick Dubbert (Dexpot GbR),OU=Sebastian Brands und Patrick Dubbert (Dexpot GbR),O=Sebastian Brands und Patrick Dubbert (Dexpot GbR),POSTALCODE=46487,STREET=Bergerfurth 38,L=Wesel,ST=NRW,C=DE,2.5.4.18=#13053436343837

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/11/2018, 00:00

Not After

31/12/2030, 23:59

Subject

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

3d:1a:35:72:30:15:82:63:30:d0:13:71:7e:82:41:08
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

02/05/2019, 00:00

Not After

01/08/2030, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #1,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

05:31:2c:04:17:af:2f:aa:0e:ad:bd:b4:55:f0:54:af:2c:6b:96:8f:d4:c6:29:d1:df:c7:d4:b9:10:36:9b:f8
Signer

Actual PE Digest

05:31:2c:04:17:af:2f:aa:0e:ad:bd:b4:55:f0:54:af:2c:6b:96:8f:d4:c6:29:d1:df:c7:d4:b9:10:36:9b:f8

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_LARGE_ADDRESS_AWARE

IMAGE_FILE_DLL

Imports

user32

GetSystemMenu

SetForegroundWindow

IsWindow

GetWindowThreadProcessId

SetWindowsHookExW

SetPropW

GetPropW

GetSystemMetrics

IsWindowUnicode

SetWindowLongPtrW

SetWindowLongPtrA

RemovePropW

CallWindowProcW

CallWindowProcA

DefWindowProcW

CallNextHookEx

SendMessageTimeoutW

SendNotifyMessageW

kernel32

DeleteCriticalSection

HeapSize

GetStringTypeW

MultiByteToWideChar

LCMapStringW

GetModuleFileNameW

WriteFile

GetCurrentProcess

TerminateProcess

RtlCaptureContext

RtlLookupFunctionEntry

RtlVirtualUnwind

IsDebuggerPresent

SetUnhandledExceptionFilter

UnhandledExceptionFilter

LoadLibraryW

GetCurrentThreadId

FlsSetValue

GetCommandLineA

RtlUnwindEx

EncodePointer

FlsGetValue

FlsFree

SetLastError

GetLastError

FlsAlloc

HeapFree

Sleep

GetProcAddress

GetModuleHandleW

ExitProcess

DecodePointer

SetHandleCount

GetStdHandle

InitializeCriticalSectionAndSpinCount

GetFileType

GetStartupInfoW

GetModuleFileNameA

FreeEnvironmentStringsW

WideCharToMultiByte

GetEnvironmentStringsW

HeapSetInformation

GetVersion

HeapCreate

HeapDestroy

QueryPerformanceCounter

GetTickCount

GetCurrentProcessId

GetSystemTimeAsFileTime

LeaveCriticalSection

EnterCriticalSection

GetCPInfo

GetACP

GetOEMCP

IsValidCodePage

HeapAlloc

HeapReAlloc

Exports

AufrollSubclassen

CallWndProc

GetSystemMenuHookProc

HookSetzen

Init

MouseProc

SetForegroundWindowHookProc

ShellProc

SysMsgProc

Sections

.text
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

.rdata
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.pdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

Dexpot
Size: 512B - Virtual size: 80B

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 464B

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_DISCARDABLE

IMAGE_SCN_MEM_READ

icons/Classic/d1.ico

icons/Classic/d10.ico

icons/Classic/d10a.ico

icons/Classic/d11.ico

icons/Classic/d11a.ico

icons/Classic/d12.ico

icons/Classic/d12a.ico

icons/Classic/d13.ico

icons/Classic/d13a.ico

icons/Classic/d14.ico

icons/Classic/d14a.ico

icons/Classic/d15.ico

icons/Classic/d15a.ico

icons/Classic/d16.ico

icons/Classic/d16a.ico

icons/Classic/d17.ico

icons/Classic/d17a.ico

icons/Classic/d18.ico

icons/Classic/d18a.ico

icons/Classic/d19.ico

icons/Classic/d19a.ico

icons/Classic/d1a.ico

icons/Classic/d2.ico

icons/Classic/d20.ico

icons/Classic/d20a.ico

icons/Classic/d2a.ico

icons/Classic/d3.ico

icons/Classic/d3a.ico

icons/Classic/d4.ico

icons/Classic/d4a.ico

icons/Classic/d5.ico

icons/Classic/d5a.ico

icons/Classic/d6.ico

icons/Classic/d6a.ico

icons/Classic/d7.ico

icons/Classic/d7a.ico

icons/Classic/d8.ico

icons/Classic/d8a.ico

icons/Classic/d9.ico

icons/Classic/d9a.ico

icons/Classic/next.ico

icons/Classic/prev.ico

icons/New Blue/d1.ico

icons/New Blue/d10.ico

icons/New Blue/d10a.ico

icons/New Blue/d11.ico

icons/New Blue/d11a.ico

icons/New Blue/d12.ico

icons/New Blue/d12a.ico

icons/New Blue/d13.ico

icons/New Blue/d13a.ico

icons/New Blue/d14.ico

icons/New Blue/d14a.ico

icons/New Blue/d15.ico

icons/New Blue/d15a.ico

icons/New Blue/d16.ico

icons/New Blue/d16a.ico

icons/New Blue/d17.ico

icons/New Blue/d17a.ico

icons/New Blue/d18.ico

icons/New Blue/d18a.ico

icons/New Blue/d19.ico

icons/New Blue/d19a.ico

icons/New Blue/d1a.ico

icons/New Blue/d2.ico

icons/New Blue/d20.ico

icons/New Blue/d20a.ico

icons/New Blue/d2a.ico

icons/New Blue/d3.ico

icons/New Blue/d3a.ico

icons/New Blue/d4.ico

icons/New Blue/d4a.ico

icons/New Blue/d5.ico

icons/New Blue/d5a.ico

icons/New Blue/d6.ico

icons/New Blue/d6a.ico

icons/New Blue/d7.ico

icons/New Blue/d7a.ico

icons/New Blue/d8.ico

icons/New Blue/d8a.ico

icons/New Blue/d9.ico

icons/New Blue/d9a.ico

icons/New Blue/next.ico

icons/New Blue/prev.ico

license.txt

licensepro.txt

lizenz.txt

lizenzpro.txt

plugins/DexControl.exe

.exe windows:5 windows x86 arch:x86

c1c366217b3051a35baaa2ca9e871238

Code Sign

b0:18:0d:97:b7:4d:c8:a3:f1:98:ff:2c:70:e0:ae:b1
Certificate

Issuer

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

08/07/2019, 00:00

Not After

07/07/2022, 23:59

Subject

CN=Sebastian Brands und Patrick Dubbert (Dexpot GbR),OU=Sebastian Brands und Patrick Dubbert (Dexpot GbR),O=Sebastian Brands und Patrick Dubbert (Dexpot GbR),POSTALCODE=46487,STREET=Bergerfurth 38,L=Wesel,ST=NRW,C=DE,2.5.4.18=#13053436343837

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/11/2018, 00:00

Not After

31/12/2030, 23:59

Subject

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

3d:1a:35:72:30:15:82:63:30:d0:13:71:7e:82:41:08
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

02/05/2019, 00:00

Not After

01/08/2030, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #1,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

9c:92:eb:08:e3:15:36:a1:45:15:04:8f:52:08:71:3b:dc:bf:f4:94:1c:55:17:9b:1d:3f:64:31:80:a8:e6:7b
Signer

Actual PE Digest

9c:92:eb:08:e3:15:36:a1:45:15:04:8f:52:08:71:3b:dc:bf:f4:94:1c:55:17:9b:1d:3f:64:31:80:a8:e6:7b

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Users\Patrick\Desktop\dexcode\plugins\DesktopControl\Release\DexControl.pdb

Imports

kernel32

SetWaitableTimer

CancelWaitableTimer

SleepEx

QueueUserAPC

CreateWaitableTimerW

CreateThread

QueryFullProcessImageNameW

OpenProcess

LoadLibraryW

GetProcAddress

GetTickCount64

Sleep

CreateFileW

WriteConsoleW

SetStdHandle

GetConsoleMode

GetConsoleCP

SetFilePointer

WaitForMultipleObjects

CreateEventW

SetEvent

VirtualQuery

CreateMutexW

HeapReAlloc

MultiByteToWideChar

LCMapStringW

CloseHandle

WideCharToMultiByte

RtlUnwind

EnterCriticalSection

LeaveCriticalSection

GetSystemTimeAsFileTime

GetCurrentProcessId

GetTickCount

MapViewOfFile

HeapCreate

DeleteCriticalSection

GetFileType

InitializeCriticalSectionAndSpinCount

SetHandleCount

GetEnvironmentStringsW

FreeEnvironmentStringsW

ExitProcess

HeapSize

GetCurrentThreadId

SetLastError

GetModuleHandleW

TlsFree

TlsSetValue

TlsGetValue

TlsAlloc

IsValidCodePage

GetOEMCP

GetACP

InterlockedDecrement

InterlockedIncrement

ReleaseMutex

CreateFileMappingW

OpenMutexW

WaitForSingleObject

GetStringTypeW

UnmapViewOfFile

GetCPInfo

IsProcessorFeaturePresent

HeapAlloc

GetModuleFileNameW

GetStdHandle

WriteFile

HeapFree

FlushFileBuffers

GetLastError

IsDebuggerPresent

SetUnhandledExceptionFilter

UnhandledExceptionFilter

GetCurrentProcess

TerminateProcess

RaiseException

GetStartupInfoW

HeapSetInformation

EncodePointer

DecodePointer

QueryPerformanceCounter

GetCommandLineW

user32

IntersectRect

OffsetRect

IsIconic

InvalidateRect

DispatchMessageW

TranslateMessage

PostQuitMessage

GetWindowLongW

GetWindow

SetWindowLongW

GetLayeredWindowAttributes

GetSystemMetrics

IsWindow

GetDesktopWindow

MonitorFromWindow

GetMessageW

UnregisterClassW

InternalGetWindowText

GetClassLongW

GetWindowPlacement

SendMessageTimeoutW

GetWindowRect

SetCapture

IsZoomed

GetKeyState

SetCursorPos

GetCursorPos

ReleaseCapture

GetClientRect

EndPaint

DestroyWindow

SendNotifyMessageW

EnumDisplayMonitors

SetWindowRgn

ShowWindowAsync

PostMessageW

SetForegroundWindow

LoadCursorW

FindWindowW

BeginPaint

GetForegroundWindow

BringWindowToTop

RedrawWindow

SetWindowPos

ShowWindow

CreateWindowExW

RegisterClassW

IsWindowVisible

AllowSetForegroundWindow

SendMessageW

GetMonitorInfoW

DefWindowProcW

GetWindowThreadProcessId

GetAncestor

gdi32

CreateRectRgnIndirect

CombineRgn

CreateRectRgn

GetStockObject

DeleteObject

shell32

CommandLineToArgvW

ole32

CoInitializeEx

CoUninitialize

CoCreateInstance

gdiplus

GdiplusStartup

GdiplusShutdown

dwmapi

DwmQueryThumbnailSourceSize

DwmGetWindowAttribute

DwmUnregisterThumbnail

DwmUpdateThumbnailProperties

DwmRegisterThumbnail

uxtheme

BufferedPaintInit

BufferedPaintUnInit

d2d1

ord1

dwrite

DWriteCreateFactory

Sections

.text
Size: 133KB - Virtual size: 133KB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

.rdata
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.reloc
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_DISCARDABLE

IMAGE_SCN_MEM_READ

plugins/DexControl.ini

plugins/Dexcube.exe

.exe windows:5 windows x86 arch:x86

8c6d72a881adad911b5683612601fae9

Code Sign

b0:18:0d:97:b7:4d:c8:a3:f1:98:ff:2c:70:e0:ae:b1
Certificate

Issuer

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

08/07/2019, 00:00

Not After

07/07/2022, 23:59

Subject

CN=Sebastian Brands und Patrick Dubbert (Dexpot GbR),OU=Sebastian Brands und Patrick Dubbert (Dexpot GbR),O=Sebastian Brands und Patrick Dubbert (Dexpot GbR),POSTALCODE=46487,STREET=Bergerfurth 38,L=Wesel,ST=NRW,C=DE,2.5.4.18=#13053436343837

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/11/2018, 00:00

Not After

31/12/2030, 23:59

Subject

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

3d:1a:35:72:30:15:82:63:30:d0:13:71:7e:82:41:08
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

02/05/2019, 00:00

Not After

01/08/2030, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #1,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

59:ee:0b:b5:6a:c5:93:56:45:52:59:ec:91:10:7b:c7:89:bc:8a:75:64:71:91:bc:4b:6d:2d:92:8a:9f:63:b0
Signer

Actual PE Digest

59:ee:0b:b5:6a:c5:93:56:45:52:59:ec:91:10:7b:c7:89:bc:8a:75:64:71:91:bc:4b:6d:2d:92:8a:9f:63:b0

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Users\Patrick\Desktop\dexcode\plugins\dexcube\Release\Dexcube.pdb

Imports

d3dx9_43

D3DXCreateTexture

D3DXVec2Hermite

D3DXMatrixRotationY

D3DXMatrixRotationX

D3DXMatrixMultiply

D3DXMatrixLookAtLH

D3DXMatrixPerspectiveFovLH

D3DXVec3Normalize

d3d9

Direct3DCreate9

winmm

timeBeginPeriod

timeGetTime

timeEndPeriod

kernel32

FlushFileBuffers

CreateFileW

WriteConsoleW

SetStdHandle

GetStringTypeW

LCMapStringW

HeapReAlloc

MultiByteToWideChar

GetConsoleMode

GetConsoleCP

GetSystemPowerStatus

GetModuleFileNameW

SetPriorityClass

GetCurrentProcess

GetCurrentThreadId

ReleaseMutex

CloseHandle

UnmapViewOfFile

MapViewOfFile

CreateFileMappingW

WaitForSingleObject

OpenMutexW

GetModuleHandleW

Sleep

LeaveCriticalSection

SetEvent

EnterCriticalSection

DeleteCriticalSection

ResetEvent

CreateThread

CreateEventW

InitializeCriticalSection

CreateMutexW

VirtualQuery

OpenProcess

WaitForMultipleObjects

WideCharToMultiByte

LoadLibraryW

IsValidCodePage

GetOEMCP

GetACP

GetCPInfo

GetSystemTimeAsFileTime

GetCurrentProcessId

GetTickCount

QueryPerformanceCounter

HeapCreate

GetFileType

InitializeCriticalSectionAndSpinCount

SetHandleCount

SetFilePointer

GetEnvironmentStringsW

FreeEnvironmentStringsW

ExitProcess

HeapSize

TerminateProcess

IsDebuggerPresent

SetUnhandledExceptionFilter

UnhandledExceptionFilter

GetStdHandle

WriteFile

RtlUnwind

RaiseException

DecodePointer

EncodePointer

GetCommandLineW

HeapSetInformation

GetStartupInfoW

IsProcessorFeaturePresent

GetLastError

HeapFree

HeapAlloc

TlsAlloc

TlsGetValue

TlsSetValue

TlsFree

InterlockedIncrement

SetLastError

InterlockedDecrement

GetProcAddress

user32

SendNotifyMessageW

PostMessageW

FindWindowW

GetWindowThreadProcessId

AttachThreadInput

GetAsyncKeyState

IsWindow

EnumDisplayMonitors

UnregisterClassW

RegisterClassW

DestroyWindow

SetWindowPos

ShowWindow

DefWindowProcW

CreateWindowExW

GetWindowLongW

SetWindowLongW

SendMessageW

GetMessageW

TranslateMessage

DispatchMessageW

GetDesktopWindow

PostQuitMessage

GetMonitorInfoW

shell32

ShellExecuteW

Sections

.text
Size: 96KB - Virtual size: 96KB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

.rdata
Size: 42KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.rsrc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

plugins/Dexcube.ini

plugins/Dexgrid.exe

.exe windows:5 windows x86 arch:x86

8d8a2a551986403955cc622830c12c84

Code Sign

b0:18:0d:97:b7:4d:c8:a3:f1:98:ff:2c:70:e0:ae:b1
Certificate

Issuer

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

08/07/2019, 00:00

Not After

07/07/2022, 23:59

Subject

CN=Sebastian Brands und Patrick Dubbert (Dexpot GbR),OU=Sebastian Brands und Patrick Dubbert (Dexpot GbR),O=Sebastian Brands und Patrick Dubbert (Dexpot GbR),POSTALCODE=46487,STREET=Bergerfurth 38,L=Wesel,ST=NRW,C=DE,2.5.4.18=#13053436343837

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/11/2018, 00:00

Not After

31/12/2030, 23:59

Subject

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

3d:1a:35:72:30:15:82:63:30:d0:13:71:7e:82:41:08
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

02/05/2019, 00:00

Not After

01/08/2030, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #1,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

1c:f0:9b:e8:93:79:bd:4b:4a:1f:f7:de:63:37:29:e2:b1:97:63:35:db:55:7a:a4:69:da:29:c6:e7:1e:2b:a1
Signer

Actual PE Digest

1c:f0:9b:e8:93:79:bd:4b:4a:1f:f7:de:63:37:29:e2:b1:97:63:35:db:55:7a:a4:69:da:29:c6:e7:1e:2b:a1

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Users\Patrick\Desktop\dexcode\plugins\Dexgrid\Release\Dexgrid.pdb

Imports

comctl32

InitCommonControlsEx

kernel32

FlushFileBuffers

CreateFileW

GetStringTypeW

LCMapStringW

WriteConsoleW

SetStdHandle

LoadLibraryW

HeapReAlloc

IsValidCodePage

GetOEMCP

GetACP

GetCPInfo

GetConsoleMode

GetConsoleCP

WideCharToMultiByte

SetFilePointer

RtlUnwind

EnterCriticalSection

LeaveCriticalSection

GetSystemTimeAsFileTime

GetCurrentProcessId

Sleep

GetTickCount

GetPrivateProfileStringW

MultiByteToWideChar

QueryPerformanceCounter

HeapCreate

InterlockedDecrement

GetCurrentThreadId

SetLastError

InterlockedIncrement

TlsFree

TlsSetValue

TlsGetValue

TlsAlloc

DeleteCriticalSection

GetFileType

InitializeCriticalSectionAndSpinCount

SetHandleCount

GetEnvironmentStringsW

FreeEnvironmentStringsW

GetModuleFileNameW

GetStdHandle

WriteFile

ExitProcess

GetModuleHandleW

GetProcAddress

HeapSize

IsProcessorFeaturePresent

HeapFree

GetLastError

HeapAlloc

IsDebuggerPresent

SetUnhandledExceptionFilter

UnhandledExceptionFilter

GetCurrentProcess

TerminateProcess

RaiseException

GetStartupInfoW

HeapSetInformation

GetCommandLineW

CreateMutexW

MapViewOfFile

UnmapViewOfFile

VirtualQuery

WaitForSingleObject

SetEvent

OpenProcess

CreateFileMappingW

CreateEventW

WaitForMultipleObjects

ReleaseMutex

CloseHandle

CreateThread

EncodePointer

DecodePointer

user32

FindWindowW

GetWindowLongW

SetWindowLongW

SetWindowPos

SendMessageW

GetWindowThreadProcessId

DispatchMessageW

TranslateMessage

PostQuitMessage

GetMessageW

DestroyIcon

SetWindowTextW

SetDlgItemTextW

GetDlgItemTextW

IsWindow

CreateDialogParamW

ShowWindow

SendDlgItemMessageW

GetWindowTextW

LoadImageW

GetDlgItemInt

SendNotifyMessageW

DestroyWindow

DefWindowProcW

IsWindowVisible

CreateWindowExW

ReleaseDC

GetDC

KillTimer

SetTimer

UpdateLayeredWindow

GetMonitorInfoW

RegisterClassW

LoadCursorW

UnregisterClassW

EnumDisplayMonitors

PostMessageW

gdi32

GetStockObject

DeleteDC

CreateDIBSection

DeleteObject

SelectObject

CreateCompatibleDC

gdiplus

GdiplusShutdown

GdiplusStartup

GdipDeleteBrush

GdipFree

GdipDeletePen

GdipResetPath

GdipStringFormatGetGenericDefault

GdipSetStringFormatLineAlign

GdipSetClipRect

GdipSetTextRenderingHint

GdipDrawPath

GdipDeleteFont

GdipDeleteGraphics

GdipFillRegion

GdipSetStringFormatAlign

GdipGraphicsClear

GdipSetSmoothingMode

GdipClosePathFigure

GdipCreatePen2

GdipDeleteFontFamily

GdipAddPathArcI

GdipCreateSolidFill

GdipAlloc

GdipCreateFont

GdipCreateRegionPath

GdipDeletePath

GdipDeleteRegion

GdipGetGenericFontFamilySansSerif

GdipDrawString

GdipCloneStringFormat

GdipCreateFontFamilyFromName

GdipCreateFromHDC

GdipFillPath

GdipCombineRegionPath

GdipCreatePath

GdipDeleteStringFormat

Sections

.text
Size: 74KB - Virtual size: 73KB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

.rdata
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_DISCARDABLE

IMAGE_SCN_MEM_READ

plugins/Dexgrid.ini

plugins/Leap.dll

.dll windows:5 windows x86 arch:x86

49cb3d3ef348fe64f50458083bd80462

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign

KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0e:6a:83:c0:27:bf:a6:b5:a2:e8:bf:f2:da:1b:a7:c1
Certificate

Issuer

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

18/04/2013, 00:00

Not After

21/04/2014, 12:00

Subject

CN=Leap Motion Inc,O=Leap Motion Inc,L=San Francisco,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bd
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

11/02/2011, 12:00

Not After

10/02/2026, 12:00

Subject

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

34:90:1d:54:9e:00:d2:42:c8:67:ea:64:8b:11:eb:fe:62:a0:5c:91
Signer

Actual PE Digest

34:90:1d:54:9e:00:d2:42:c8:67:ea:64:8b:11:eb:fe:62:a0:5c:91

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_32BIT_MACHINE

IMAGE_FILE_DLL

PDB Paths

I:\JenkinsHome\jobs\platform_win-custom\workspace\build\x86\bin\Release\Leap.pdb

Imports

kernel32

HeapAlloc

DisableThreadLibraryCalls

SetUnhandledExceptionFilter

UnhandledExceptionFilter

SetThreadExecutionState

DecodePointer

EncodePointer

CreateWaitableTimerA

SetWaitableTimer

WaitForMultipleObjects

Thread32Next

Thread32First

CreateToolhelp32Snapshot

GetCurrentProcess

DuplicateHandle

HeapFree

GetProcessHeap

GetCurrentProcessId

GetSystemTimeAsFileTime

CreateSemaphoreA

ReleaseSemaphore

GetCurrentThreadId

SetEvent

CreateEventA

WaitForSingleObject

TerminateProcess

CloseHandle

SystemTimeToFileTime

ResumeThread

TlsSetValue

ResetEvent

OpenEventA

TlsGetValue

TlsFree

TlsAlloc

LocalFree

SetHandleInformation

QueryPerformanceFrequency

FindClose

FindNextFileA

FindFirstFileA

FormatMessageA

InterlockedExchangeAdd

InterlockedExchange

InterlockedCompareExchange

Sleep

LeaveCriticalSection

EnterCriticalSection

DeleteCriticalSection

InitializeCriticalSection

FlushConsoleInputBuffer

GetVersionExA

LoadLibraryA

FreeLibrary

GlobalMemoryStatus

QueryPerformanceCounter

MultiByteToWideChar

GetStdHandle

GetFileType

GetVersion

GetModuleHandleA

GetProcAddress

GetLastError

RaiseException

GetModuleFileNameW

GetTickCount

OpenProcess

QueryDosDeviceW

Process32Next

Process32First

IsDebuggerPresent

IsProcessorFeaturePresent

user32

GetDesktopWindow

MessageBoxA

GetMonitorInfoA

EnumDisplayMonitors

GetAncestor

GetWindowThreadProcessId

GetForegroundWindow

GetUserObjectInformationW

GetProcessWindowStation

psapi

GetProcessImageFileNameW

ws2_32

getsockopt

connect

accept

htonl

htons

send

bind

setsockopt

closesocket

__WSAFDIsSet

select

WSAGetLastError

WSACleanup

WSAStartup

recv

getaddrinfo

freeaddrinfo

socket

ioctlsocket

listen

msvcp100

?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z

?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z

?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ

?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ

?uncaught_exception@std@@YA_NXZ

??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UAE@XZ

??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z

??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@H@Z

??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@_J@Z

??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@M@Z

??1_Container_base12@std@@QAE@XZ

??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AAN@Z

?endl@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@1@AAV21@@Z

_FNan

??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z

?_Xfunc@tr1@std@@YAXXZ

?cerr@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A

??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@I@Z

??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@O@Z

??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@N@Z

??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@_K@Z

??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AAI@Z

?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z

?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ

?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ

?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ

??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ

?_Xlength_error@std@@YAXPBD@Z

?_Xout_of_range@std@@YAXPBD@Z

?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAD00@Z

??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ

?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEXABVlocale@2@@Z

?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEPAV12@PAD_J@Z

?_BADOFF@std@@3_JB

?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z

?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ

?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ

??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ

??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ

??_7?$basic_ostream@DU?$char_traits@D@std@@@std@@6B@

??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z

??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ

??1?$basic_istream@DU?$char_traits@D@std@@@std@@UAE@XZ

??_7?$basic_istream@DU?$char_traits@D@std@@@std@@6B@

?_Orphan_all@_Container_base0@std@@QAEXXZ

??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AAM@Z

??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AAH@Z

??0?$basic_istream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z

?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z

?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ

msvcr100

qsort

isspace

isdigit

strchr

atoi

_time64

strcmp

isxdigit

tolower

isupper

strncmp

_strnicmp

fclose

ferror

fread

fwrite

fflush

fopen

_setmode

_fileno

ftell

feof

fseek

fgets

_wfopen

strrchr

_stricmp

strstr

fputs

signal

_getch

_isnan

_CxxThrowException

__CxxFrameHandler3

_snprintf

memchr

rand

_beginthreadex

?terminate@@YAXXZ

_unlock

__dllonexit

_lock

_onexit

_malloc_crt

_encoded_null

_initterm

_initterm_e

_amsg_exit

__CppXcptFilter

__clean_type_info_names_internal

_except_handler4_common

_crt_debugger_hook

?_type_info_dtor_internal_method@type_info@@QAEXXZ

strncpy

realloc

fprintf

raise

_exit

__iob_func

vfprintf

_vsnprintf

wcsstr

getenv

sscanf

strtoul

sprintf

_errno

strerror

free

malloc

memset

memcpy

?__ExceptionPtrCurrentException@@YAXPAX@Z

?__ExceptionPtrRethrow@@YAXPBX@Z

?__ExceptionPtrDestroy@@YAXPAX@Z

?__ExceptionPtrCreate@@YAXPAX@Z

wcscpy_s

wcscat_s

_wcsicmp

wcschr

?before@type_info@@QBEHABV1@@Z

__RTtypeid

ldiv

??0exception@std@@QAE@XZ

??0exception@std@@QAE@ABQBDH@Z

_gmtime64

_purecall

memmove

??2@YAPAXI@Z

??_V@YAXPAX@Z

??3@YAXPAX@Z

??0exception@std@@QAE@ABQBD@Z

??1exception@std@@UAE@XZ

?what@exception@std@@UBEPBDXZ

??0exception@std@@QAE@ABV01@@Z

__RTDynamicCast

__libm_sse2_acosf

__libm_sse2_atanf

__libm_sse2_logf

__libm_sse2_expf

__libm_sse2_tanf

??8type_info@@QBE_NABV0@@Z

__libm_sse2_exp

shell32

SHGetFolderPathA

advapi32

InitializeSecurityDescriptor

RegisterEventSourceA

ReportEventA

DeregisterEventSource

SetSecurityDescriptorDacl

Exports

??0CircleGesture@Leap@@QAE@ABVGesture@1@@Z

??0CircleGesture@Leap@@QAE@XZ

??0Config@Leap@@QAE@XZ

??0Controller@Leap@@QAE@AAVListener@1@@Z

??0Controller@Leap@@QAE@XZ

??0Device@Leap@@QAE@XZ

??0DeviceList@Leap@@QAE@XZ

??0Finger@Leap@@QAE@ABVPointable@1@@Z

??0Finger@Leap@@QAE@XZ

??0FingerList@Leap@@QAE@XZ

??0Frame@Leap@@QAE@XZ

??0Gesture@Leap@@QAE@ABV01@@Z

??0Gesture@Leap@@QAE@XZ

??0GestureList@Leap@@QAE@XZ

??0Hand@Leap@@QAE@XZ

??0HandList@Leap@@QAE@XZ

??0InteractionBox@Leap@@QAE@XZ

??0Interface@Leap@@IAE@ABV01@@Z

??0Interface@Leap@@IAE@PAUImplementation@01@PAX@Z

??0Interface@Leap@@IAE@PAX@Z

??0KeyTapGesture@Leap@@QAE@ABVGesture@1@@Z

??0KeyTapGesture@Leap@@QAE@XZ

??0Listener@Leap@@QAE@XZ

??0Pointable@Leap@@QAE@XZ

??0PointableList@Leap@@QAE@XZ

??0Screen@Leap@@QAE@XZ

??0ScreenList@Leap@@QAE@XZ

??0ScreenTapGesture@Leap@@QAE@ABVGesture@1@@Z

??0ScreenTapGesture@Leap@@QAE@XZ

??0SwipeGesture@Leap@@QAE@ABVGesture@1@@Z

??0SwipeGesture@Leap@@QAE@XZ

??0Tool@Leap@@QAE@ABVPointable@1@@Z

??0Tool@Leap@@QAE@XZ

??0ToolList@Leap@@QAE@XZ

??0_Mutex@std@@QAE@W4_Uninitialized@1@@Z

??1Controller@Leap@@UAE@XZ

??1Implementation@Interface@Leap@@UAE@XZ

??1Interface@Leap@@MAE@XZ

??1Listener@Leap@@UAE@XZ

??4Interface@Leap@@IAEAAV01@ABV01@@Z

??4_Init_locks@std@@QAEAAV01@ABV01@@Z

??6Leap@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@std@@AAV12@ABVDevice@0@@Z

??6Leap@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@std@@AAV12@ABVFrame@0@@Z

??6Leap@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@std@@AAV12@ABVHand@0@@Z

??6Leap@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@std@@AAV12@ABVInteractionBox@0@@Z

??6Leap@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@std@@AAV12@ABVPointable@0@@Z

??6Leap@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@std@@AAV12@ABVScreen@0@@Z

??8Device@Leap@@QBE_NABV01@@Z

??8Frame@Leap@@QBE_NABV01@@Z

??8Gesture@Leap@@QBE_NABV01@@Z

??8Hand@Leap@@QBE_NABV01@@Z

??8InteractionBox@Leap@@QBE_NABV01@@Z

??8Pointable@Leap@@QBE_NABV01@@Z

??8Screen@Leap@@QBE_NABV01@@Z

??9Device@Leap@@QBE_NABV01@@Z

??9Frame@Leap@@QBE_NABV01@@Z

??9Gesture@Leap@@QBE_NABV01@@Z

??9Hand@Leap@@QBE_NABV01@@Z

??9InteractionBox@Leap@@QBE_NABV01@@Z

??9Pointable@Leap@@QBE_NABV01@@Z

??9Screen@Leap@@QBE_NABV01@@Z

??ADeviceList@Leap@@QBE?AVDevice@1@H@Z

??AFingerList@Leap@@QBE?AVFinger@1@H@Z

??AGestureList@Leap@@QBE?AVGesture@1@H@Z

??AHandList@Leap@@QBE?AVHand@1@H@Z

??APointableList@Leap@@QBE?AVPointable@1@H@Z

??AScreenList@Leap@@QBE?AVScreen@1@H@Z

??AToolList@Leap@@QBE?AVTool@1@H@Z

?addListener@Controller@Leap@@QAE_NAAVListener@2@@Z

?append@DeviceList@Leap@@QAEAAV12@ABV12@@Z

?append@FingerList@Leap@@QAEAAV12@ABV12@@Z

?append@GestureList@Leap@@QAEAAV12@ABV12@@Z

?append@HandList@Leap@@QAEAAV12@ABV12@@Z

?append@PointableList@Leap@@QAEAAV12@ABV12@@Z

?append@PointableList@Leap@@QAEAAV12@ABVFingerList@2@@Z

?append@PointableList@Leap@@QAEAAV12@ABVToolList@2@@Z

?append@ToolList@Leap@@QAEAAV12@ABV12@@Z

?begin@DeviceList@Leap@@QBE?AV?$ConstListIterator@VDeviceList@Leap@@VDevice@2@@2@XZ

?begin@FingerList@Leap@@QBE?AV?$ConstListIterator@VFingerList@Leap@@VFinger@2@@2@XZ

?begin@GestureList@Leap@@QBE?AV?$ConstListIterator@VGestureList@Leap@@VGesture@2@@2@XZ

?begin@HandList@Leap@@QBE?AV?$ConstListIterator@VHandList@Leap@@VHand@2@@2@XZ

?begin@PointableList@Leap@@QBE?AV?$ConstListIterator@VPointableList@Leap@@VPointable@2@@2@XZ

?begin@ScreenList@Leap@@QBE?AV?$ConstListIterator@VScreenList@Leap@@VScreen@2@@2@XZ

?begin@ToolList@Leap@@QBE?AV?$ConstListIterator@VToolList@Leap@@VTool@2@@2@XZ

?bottomLeftCorner@Screen@Leap@@QBE?AUVector@2@XZ

?center@CircleGesture@Leap@@QBE?AUVector@2@XZ

?center@InteractionBox@Leap@@QBE?AUVector@2@XZ

?closestScreen@ScreenList@Leap@@QBE?AVScreen@2@ABUVector@2@@Z

?closestScreenHit@ScreenList@Leap@@QBE?AVScreen@2@ABUVector@2@0@Z

?closestScreenHit@ScreenList@Leap@@QBE?AVScreen@2@ABVPointable@2@@Z

?config@Controller@Leap@@QBE?AVConfig@2@XZ

?count@DeviceList@Leap@@QBEHXZ

?count@FingerList@Leap@@QBEHXZ

?count@GestureList@Leap@@QBEHXZ

?count@HandList@Leap@@QBEHXZ

?count@PointableList@Leap@@QBEHXZ

?count@ScreenList@Leap@@QBEHXZ

?count@ToolList@Leap@@QBEHXZ

?currentFramesPerSecond@Frame@Leap@@QBEMXZ

?denormalizePoint@InteractionBox@Leap@@QBE?AUVector@2@ABU32@@Z

?depth@InteractionBox@Leap@@QBEMXZ

?devices@Controller@Leap@@QBE?AVDeviceList@2@XZ

?direction@Hand@Leap@@QBE?AUVector@2@XZ

?direction@KeyTapGesture@Leap@@QBE?AUVector@2@XZ

?direction@Pointable@Leap@@QBE?AUVector@2@XZ

?direction@ScreenTapGesture@Leap@@QBE?AUVector@2@XZ

?direction@SwipeGesture@Leap@@QBE?AUVector@2@XZ

?distanceToBoundary@Device@Leap@@QBEMABUVector@2@@Z

?distanceToPoint@Screen@Leap@@QBEMABUVector@2@@Z

?duration@Gesture@Leap@@QBE_JXZ

?durationSeconds@Gesture@Leap@@QBEMXZ

?enableGesture@Controller@Leap@@QBEXW4Type@Gesture@2@_N@Z

?end@DeviceList@Leap@@QBE?AV?$ConstListIterator@VDeviceList@Leap@@VDevice@2@@2@XZ

?end@FingerList@Leap@@QBE?AV?$ConstListIterator@VFingerList@Leap@@VFinger@2@@2@XZ

?end@GestureList@Leap@@QBE?AV?$ConstListIterator@VGestureList@Leap@@VGesture@2@@2@XZ

?end@HandList@Leap@@QBE?AV?$ConstListIterator@VHandList@Leap@@VHand@2@@2@XZ

?end@PointableList@Leap@@QBE?AV?$ConstListIterator@VPointableList@Leap@@VPointable@2@@2@XZ

?end@ScreenList@Leap@@QBE?AV?$ConstListIterator@VScreenList@Leap@@VScreen@2@@2@XZ

?end@ToolList@Leap@@QBE?AV?$ConstListIterator@VToolList@Leap@@VTool@2@@2@XZ

?finger@Frame@Leap@@QBE?AVFinger@2@H@Z

?finger@Hand@Leap@@QBE?AVFinger@2@H@Z

?fingers@Frame@Leap@@QBE?AVFingerList@2@XZ

?fingers@Hand@Leap@@QBE?AVFingerList@2@XZ

?frame@Controller@Leap@@QBE?AVFrame@2@H@Z

?frame@Gesture@Leap@@QBE?AVFrame@2@XZ

?frame@Hand@Leap@@QBE?AVFrame@2@XZ

?frame@Pointable@Leap@@QBE?AVFrame@2@XZ

?frontmost@FingerList@Leap@@QBE?AVFinger@2@XZ

?frontmost@HandList@Leap@@QBE?AVHand@2@XZ

?frontmost@PointableList@Leap@@QBE?AVPointable@2@XZ

?frontmost@ToolList@Leap@@QBE?AVTool@2@XZ

?gesture@Frame@Leap@@QBE?AVGesture@2@H@Z

?gestures@Frame@Leap@@QBE?AVGestureList@2@ABV12@@Z

?gestures@Frame@Leap@@QBE?AVGestureList@2@XZ

?getBool@Config@Leap@@QBE_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z

?getFloat@Config@Leap@@QBEMABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z

?getInt32@Config@Leap@@QBEHABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z

?getString@Config@Leap@@QBE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@ABV34@@Z

?hand@Frame@Leap@@QBE?AVHand@2@H@Z

?hand@Pointable@Leap@@QBE?AVHand@2@XZ

?hands@Frame@Leap@@QBE?AVHandList@2@XZ

?hands@Gesture@Leap@@QBE?AVHandList@2@XZ

?hasFocus@Controller@Leap@@QBE_NXZ

?height@InteractionBox@Leap@@QBEMXZ

?heightPixels@Screen@Leap@@QBEHXZ

?horizontalAxis@Screen@Leap@@QBE?AUVector@2@XZ

?horizontalViewAngle@Device@Leap@@QBEMXZ

?id@Frame@Leap@@QBE_JXZ

?id@Gesture@Leap@@QBEHXZ

?id@Hand@Leap@@QBEHXZ

?id@Pointable@Leap@@QBEHXZ

?id@Screen@Leap@@QBEHXZ

?interactionBox@Frame@Leap@@QBE?AVInteractionBox@2@XZ

?intersect@Screen@Leap@@QBE?AUVector@2@ABU32@0_NM@Z

?intersect@Screen@Leap@@QBE?AUVector@2@ABVPointable@2@_NM@Z

?invalid@Device@Leap@@SAABV12@XZ

?invalid@Finger@Leap@@SAABV12@XZ

?invalid@Frame@Leap@@SAABV12@XZ

?invalid@Gesture@Leap@@SAABV12@XZ

?invalid@Hand@Leap@@SAABV12@XZ

?invalid@InteractionBox@Leap@@SAABV12@XZ

?invalid@Pointable@Leap@@SAABV12@XZ

?invalid@Screen@Leap@@SAABV12@XZ

?invalid@Tool@Leap@@SAABV12@XZ

?isConnected@Controller@Leap@@QBE_NXZ

?isEmpty@DeviceList@Leap@@QBE_NXZ

?isEmpty@FingerList@Leap@@QBE_NXZ

?isEmpty@GestureList@Leap@@QBE_NXZ

?isEmpty@HandList@Leap@@QBE_NXZ

?isEmpty@PointableList@Leap@@QBE_NXZ

?isEmpty@ScreenList@Leap@@QBE_NXZ

?isEmpty@ToolList@Leap@@QBE_NXZ

?isFinger@Pointable@Leap@@QBE_NXZ

?isGestureEnabled@Controller@Leap@@QBE_NW4Type@Gesture@2@@Z

?isTool@Pointable@Leap@@QBE_NXZ

?isValid@Device@Leap@@QBE_NXZ

?isValid@Frame@Leap@@QBE_NXZ

?isValid@Gesture@Leap@@QBE_NXZ

?isValid@Hand@Leap@@QBE_NXZ

?isValid@InteractionBox@Leap@@QBE_NXZ

?isValid@Pointable@Leap@@QBE_NXZ

?isValid@Screen@Leap@@QBE_NXZ

?leftmost@FingerList@Leap@@QBE?AVFinger@2@XZ

?leftmost@HandList@Leap@@QBE?AVHand@2@XZ

?leftmost@PointableList@Leap@@QBE?AVPointable@2@XZ

?leftmost@ToolList@Leap@@QBE?AVTool@2@XZ

?length@Pointable@Leap@@QBEMXZ

?locatedScreens@Controller@Leap@@QBE?AVScreenList@2@XZ

?normal@CircleGesture@Leap@@QBE?AUVector@2@XZ

?normal@Screen@Leap@@QBE?AUVector@2@XZ

?normalizePoint@InteractionBox@Leap@@QBE?AUVector@2@ABU32@_N@Z

?onConnect@Listener@Leap@@UAEXABVController@2@@Z

?onDisconnect@Listener@Leap@@UAEXABVController@2@@Z

?onExit@Listener@Leap@@UAEXABVController@2@@Z

?onFocusGained@Listener@Leap@@UAEXABVController@2@@Z

?onFocusLost@Listener@Leap@@UAEXABVController@2@@Z

?onFrame@Listener@Leap@@UAEXABVController@2@@Z

?onInit@Listener@Leap@@UAEXABVController@2@@Z

?palmNormal@Hand@Leap@@QBE?AUVector@2@XZ

?palmPosition@Hand@Leap@@QBE?AUVector@2@XZ

?palmVelocity@Hand@Leap@@QBE?AUVector@2@XZ

?pointable@CircleGesture@Leap@@QBE?AVPointable@2@XZ

?pointable@Frame@Leap@@QBE?AVPointable@2@H@Z

?pointable@Hand@Leap@@QBE?AVPointable@2@H@Z

?pointable@KeyTapGesture@Leap@@QBE?AVPointable@2@XZ

?pointable@ScreenTapGesture@Leap@@QBE?AVPointable@2@XZ

?pointable@SwipeGesture@Leap@@QBE?AVPointable@2@XZ

?pointables@Frame@Leap@@QBE?AVPointableList@2@XZ

?pointables@Gesture@Leap@@QBE?AVPointableList@2@XZ

?pointables@Hand@Leap@@QBE?AVPointableList@2@XZ

?policyFlags@Controller@Leap@@QBE?AW4PolicyFlag@12@XZ

?position@KeyTapGesture@Leap@@QBE?AUVector@2@XZ

?position@ScreenTapGesture@Leap@@QBE?AUVector@2@XZ

?position@SwipeGesture@Leap@@QBE?AUVector@2@XZ

?progress@CircleGesture@Leap@@QBEMXZ

?progress@KeyTapGesture@Leap@@QBEMXZ

?progress@ScreenTapGesture@Leap@@QBEMXZ

?project@Screen@Leap@@QBE?AUVector@2@ABU32@_NM@Z

?radius@CircleGesture@Leap@@QBEMXZ

?range@Device@Leap@@QBEMXZ

?reference@Interface@Leap@@ABEPAUImplementation@12@XZ

?removeListener@Controller@Leap@@QAE_NAAVListener@2@@Z

?rightmost@FingerList@Leap@@QBE?AVFinger@2@XZ

?rightmost@HandList@Leap@@QBE?AVHand@2@XZ

?rightmost@PointableList@Leap@@QBE?AVPointable@2@XZ

?rightmost@ToolList@Leap@@QBE?AVTool@2@XZ

?rotationAngle@Frame@Leap@@QBEMABV12@@Z

?rotationAngle@Frame@Leap@@QBEMABV12@ABUVector@2@@Z

?rotationAngle@Hand@Leap@@QBEMABVFrame@2@@Z

?rotationAngle@Hand@Leap@@QBEMABVFrame@2@ABUVector@2@@Z

?rotationAxis@Frame@Leap@@QBE?AUVector@2@ABV12@@Z

?rotationAxis@Hand@Leap@@QBE?AUVector@2@ABVFrame@2@@Z

?rotationMatrix@Frame@Leap@@QBE?AUMatrix@2@ABV12@@Z

?rotationMatrix@Hand@Leap@@QBE?AUMatrix@2@ABVFrame@2@@Z

?rotationProbability@Frame@Leap@@QBEMABV12@@Z

?rotationProbability@Hand@Leap@@QBEMABVFrame@2@@Z

?save@Config@Leap@@QAE_NXZ

?scaleFactor@Frame@Leap@@QBEMABV12@@Z

?scaleFactor@Hand@Leap@@QBEMABVFrame@2@@Z

?scaleProbability@Frame@Leap@@QBEMABV12@@Z

?scaleProbability@Hand@Leap@@QBEMABVFrame@2@@Z

?setBool@Config@Leap@@QAE_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@_N@Z

?setFloat@Config@Leap@@QAE_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@M@Z

?setInt32@Config@Leap@@QAE_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@H@Z

?setPolicyFlags@Controller@Leap@@QBEXW4PolicyFlag@12@@Z

?setString@Config@Leap@@QAE_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@0@Z

?speed@SwipeGesture@Leap@@QBEMXZ

?sphereCenter@Hand@Leap@@QBE?AUVector@2@XZ

?sphereRadius@Hand@Leap@@QBEMXZ

?stabilizedPalmPosition@Hand@Leap@@QBE?AUVector@2@XZ

?stabilizedTipPosition@Pointable@Leap@@QBE?AUVector@2@XZ

?startPosition@SwipeGesture@Leap@@QBE?AUVector@2@XZ

?state@Gesture@Leap@@QBE?AW4State@12@XZ

?timeVisible@Hand@Leap@@QBEMXZ

?timeVisible@Pointable@Leap@@QBEMXZ

?timestamp@Frame@Leap@@QBE_JXZ

?tipPosition@Pointable@Leap@@QBE?AUVector@2@XZ

?tipVelocity@Pointable@Leap@@QBE?AUVector@2@XZ

?toString@Device@Leap@@QBE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ

?toString@Finger@Leap@@QBE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ

?toString@Frame@Leap@@QBE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ

?toString@Gesture@Leap@@QBE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ

?toString@Hand@Leap@@QBE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ

?toString@InteractionBox@Leap@@QBE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ

?toString@Pointable@Leap@@QBE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ

?toString@Screen@Leap@@QBE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ

?toString@Tool@Leap@@QBE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ

?tool@Frame@Leap@@QBE?AVTool@2@H@Z

?tool@Hand@Leap@@QBE?AVTool@2@H@Z

?tools@Frame@Leap@@QBE?AVToolList@2@XZ

?tools@Hand@Leap@@QBE?AVToolList@2@XZ

?touchDistance@Pointable@Leap@@QBEMXZ

?touchZone@Pointable@Leap@@QBE?AW4Zone@12@XZ

?translation@Frame@Leap@@QBE?AUVector@2@ABV12@@Z

?translation@Hand@Leap@@QBE?AUVector@2@ABVFrame@2@@Z

?translationProbability@Frame@Leap@@QBEMABV12@@Z

?translationProbability@Hand@Leap@@QBEMABVFrame@2@@Z

?type@Config@Leap@@QBE?AW4ValueType@12@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z

?type@Gesture@Leap@@QBE?AW4Type@12@XZ

?verticalAxis@Screen@Leap@@QBE?AUVector@2@XZ

?verticalViewAngle@Device@Leap@@QBEMXZ

?width@InteractionBox@Leap@@QBEMXZ

?width@Pointable@Leap@@QBEMXZ

?widthPixels@Screen@Leap@@QBEHXZ

Sections

.text
Size: 970KB - Virtual size: 969KB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

.rdata
Size: 271KB - Virtual size: 270KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.data
Size: 21KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 2B

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.reloc
Size: 88KB - Virtual size: 87KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_DISCARDABLE

IMAGE_SCN_MEM_READ

plugins/MouseEvents.exe

.exe windows:5 windows x86 arch:x86

d330e1cc82f938f18f3bf3e9316e4e6a

Code Sign

b0:18:0d:97:b7:4d:c8:a3:f1:98:ff:2c:70:e0:ae:b1
Certificate

Issuer

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

08/07/2019, 00:00

Not After

07/07/2022, 23:59

Subject

CN=Sebastian Brands und Patrick Dubbert (Dexpot GbR),OU=Sebastian Brands und Patrick Dubbert (Dexpot GbR),O=Sebastian Brands und Patrick Dubbert (Dexpot GbR),POSTALCODE=46487,STREET=Bergerfurth 38,L=Wesel,ST=NRW,C=DE,2.5.4.18=#13053436343837

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/11/2018, 00:00

Not After

31/12/2030, 23:59

Subject

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

3d:1a:35:72:30:15:82:63:30:d0:13:71:7e:82:41:08
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

02/05/2019, 00:00

Not After

01/08/2030, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #1,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

7e:f1:aa:a6:f1:40:03:c2:d1:cb:74:02:f0:42:3b:b9:91:d1:e8:bc:2c:f7:f0:21:91:b3:d4:81:d7:03:ee:d3
Signer

Actual PE Digest

7e:f1:aa:a6:f1:40:03:c2:d1:cb:74:02:f0:42:3b:b9:91:d1:e8:bc:2c:f7:f0:21:91:b3:d4:81:d7:03:ee:d3

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Users\Patrick\Desktop\dexcode\plugins\MouseEvents\Release\MouseEvents.pdb

Imports

leap

?direction@SwipeGesture@Leap@@QBE?AUVector@2@XZ

?startPosition@SwipeGesture@Leap@@QBE?AUVector@2@XZ

??0SwipeGesture@Leap@@QAE@ABVGesture@1@@Z

?duration@Gesture@Leap@@QBE_JXZ

?state@Gesture@Leap@@QBE?AW4State@12@XZ

?type@Gesture@Leap@@QBE?AW4Type@12@XZ

??AGestureList@Leap@@QBE?AVGesture@1@H@Z

?count@GestureList@Leap@@QBEHXZ

?gestures@Frame@Leap@@QBE?AVGestureList@2@XZ

?enableGesture@Controller@Leap@@QBEXW4Type@Gesture@2@_N@Z

?frame@Controller@Leap@@QBE?AVFrame@2@H@Z

?setPolicyFlags@Controller@Leap@@QBEXW4PolicyFlag@12@@Z

??1Interface@Leap@@MAE@XZ

?removeListener@Controller@Leap@@QAE_NAAVListener@2@@Z

?addListener@Controller@Leap@@QAE_NAAVListener@2@@Z

??1Controller@Leap@@UAE@XZ

??0Controller@Leap@@QAE@XZ

??1Listener@Leap@@UAE@XZ

??0Listener@Leap@@QAE@XZ

?position@SwipeGesture@Leap@@QBE?AUVector@2@XZ

kernel32

GetCommandLineW

FlushFileBuffers

CreateFileW

WriteConsoleW

SetStdHandle

GetStringTypeW

LCMapStringW

MultiByteToWideChar

GetConsoleMode

GetConsoleCP

WideCharToMultiByte

SetFilePointer

IsValidCodePage

GetOEMCP

GetACP

GetCPInfo

GetTickCount

LoadLibraryW

GetProcAddress

CreateMutexW

MapViewOfFile

UnmapViewOfFile

VirtualQuery

WaitForSingleObject

SetEvent

OpenProcess

CreateFileMappingW

CreateEventW

WaitForMultipleObjects

CloseHandle

CreateThread

HeapReAlloc

RtlUnwind

EnterCriticalSection

LeaveCriticalSection

GetSystemTimeAsFileTime

GetCurrentProcessId

QueryPerformanceCounter

HeapCreate

InterlockedDecrement

GetCurrentThreadId

SetLastError

InterlockedIncrement

TlsFree

TlsSetValue

TlsGetValue

TlsAlloc

DeleteCriticalSection

GetFileType

InitializeCriticalSectionAndSpinCount

SetHandleCount

GetEnvironmentStringsW

FreeEnvironmentStringsW

GetModuleFileNameW

EncodePointer

DecodePointer

HeapSetInformation

GetStartupInfoW

RaiseException

TerminateProcess

GetCurrentProcess

UnhandledExceptionFilter

SetUnhandledExceptionFilter

IsDebuggerPresent

HeapAlloc

GetLastError

HeapFree

IsProcessorFeaturePresent

Sleep

HeapSize

GetModuleHandleW

ExitProcess

WriteFile

GetStdHandle

user32

SendMessageW

GetWindowThreadProcessId

SendNotifyMessageW

AllowSetForegroundWindow

PostQuitMessage

TranslateMessage

DispatchMessageW

GetSystemMetrics

UnhookWindowsHookEx

SetWindowsHookExW

SendMessageTimeoutW

GetAsyncKeyState

CallNextHookEx

EnumDisplayMonitors

DefWindowProcW

RegisterClassW

CreateWindowExW

IsWindow

SetWindowPos

SetWindowLongW

GetWindowLongW

FindWindowW

PostMessageW

UnregisterClassW

DestroyWindow

GetMessageW

Sections

.text
Size: 65KB - Virtual size: 65KB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

.rdata
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_DISCARDABLE

IMAGE_SCN_MEM_READ

plugins/MouseEvents.ini

plugins/SevenDex.exe

.exe windows:5 windows x86 arch:x86

35308e8c9afde8b9fcb4409dac3fcd72

Code Sign

b0:18:0d:97:b7:4d:c8:a3:f1:98:ff:2c:70:e0:ae:b1
Certificate

Issuer

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

08/07/2019, 00:00

Not After

07/07/2022, 23:59

Subject

CN=Sebastian Brands und Patrick Dubbert (Dexpot GbR),OU=Sebastian Brands und Patrick Dubbert (Dexpot GbR),O=Sebastian Brands und Patrick Dubbert (Dexpot GbR),POSTALCODE=46487,STREET=Bergerfurth 38,L=Wesel,ST=NRW,C=DE,2.5.4.18=#13053436343837

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/11/2018, 00:00

Not After

31/12/2030, 23:59

Subject

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

3d:1a:35:72:30:15:82:63:30:d0:13:71:7e:82:41:08
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

02/05/2019, 00:00

Not After

01/08/2030, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #1,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

1c:d7:af:1b:2e:b4:46:aa:73:2c:78:f5:98:1e:0b:85:35:92:05:7a:d7:d7:fa:f5:68:b3:1a:cc:d4:a0:21:f4
Signer

Actual PE Digest

1c:d7:af:1b:2e:b4:46:aa:73:2c:78:f5:98:1e:0b:85:35:92:05:7a:d7:d7:fa:f5:68:b3:1a:cc:d4:a0:21:f4

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Users\Patrick\Desktop\dexcode\plugins\SevenDex\Release\SevenDex.pdb

Imports

dwmapi

DwmSetIconicThumbnail

DwmSetWindowAttribute

DwmSetIconicLivePreviewBitmap

DwmInvalidateIconicBitmaps

shlwapi

SHStrDupW

StrTrimW

comctl32

ord380

kernel32

CreateFileMappingW

ReleaseMutex

CloseHandle

CreateMutexW

VirtualQuery

SetEvent

OpenProcess

CreateEventW

WaitForMultipleObjects

CreateThread

GetStringTypeW

LCMapStringW

MultiByteToWideChar

GetConsoleMode

GetConsoleCP

WideCharToMultiByte

SetFilePointer

IsValidCodePage

GetOEMCP

GetACP

GetCPInfo

RtlUnwind

LoadLibraryW

OpenMutexW

EnterCriticalSection

LeaveCriticalSection

HeapReAlloc

GetSystemTimeAsFileTime

GetCurrentProcessId

GetTickCount

QueryPerformanceCounter

HeapCreate

InterlockedDecrement

GetCurrentThreadId

SetLastError

InterlockedIncrement

TlsFree

TlsSetValue

TlsGetValue

TlsAlloc

DeleteCriticalSection

GetFileType

InitializeCriticalSectionAndSpinCount

SetHandleCount

GetEnvironmentStringsW

FreeEnvironmentStringsW

GetStdHandle

WriteFile

ExitProcess

GetModuleHandleW

GetModuleFileNameW

Sleep

GetPrivateProfileStringW

WaitForSingleObject

UnmapViewOfFile

MapViewOfFile

SetStdHandle

WriteConsoleW

CreateFileW

FlushFileBuffers

GetProcAddress

HeapSize

IsProcessorFeaturePresent

HeapFree

GetLastError

HeapAlloc

IsDebuggerPresent

SetUnhandledExceptionFilter

EncodePointer

DecodePointer

GetCommandLineW

HeapSetInformation

GetStartupInfoW

RaiseException

TerminateProcess

GetCurrentProcess

UnhandledExceptionFilter

user32

MoveWindow

DispatchMessageW

PostMessageW

FindWindowW

RegisterClassW

GetWindowThreadProcessId

ClientToScreen

DestroyWindow

SendNotifyMessageW

EnumDisplayMonitors

GetSystemMenu

SetTimer

RemovePropW

GetMessageW

PostQuitMessage

ShowWindowAsync

RegisterWindowMessageW

FillRect

RegisterShellHookWindow

UnregisterClassW

KillTimer

SetForegroundWindow

DeleteMenu

LoadCursorW

DefWindowProcW

TranslateMessage

RegisterClassExW

GetWindowLongW

AppendMenuW

SetWindowLongW

GetDesktopWindow

GetSysColor

SetWindowPos

SetLayeredWindowAttributes

ShowWindow

GetMenuItemCount

IsWindow

CreateWindowExW

GetSystemMetrics

IsWindowVisible

SendMessageW

SetWindowTextW

DestroyIcon

GetPropW

SetPropW

gdi32

StretchBlt

BitBlt

DeleteDC

CreateDIBSection

SetDCBrushColor

DeleteObject

SelectObject

CreateCompatibleDC

SetStretchBltMode

GetStockObject

advapi32

RegCloseKey

RegOpenKeyExW

RegQueryValueExW

shell32

SetCurrentProcessExplicitAppUserModelID

ShellExecuteW

ole32

CoUninitialize

CoInitialize

PropVariantClear

CoCreateInstance

Sections

.text
Size: 70KB - Virtual size: 69KB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

.rdata
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.rsrc
Size: 231KB - Virtual size: 230KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_DISCARDABLE

IMAGE_SCN_MEM_READ

plugins/SevenDex.ini

plugins/Slideshow.exe

.exe windows:4 windows x86 arch:x86

90adf7423b511c00ad1e16e8710bedc5

Code Sign

b0:18:0d:97:b7:4d:c8:a3:f1:98:ff:2c:70:e0:ae:b1
Certificate

Issuer

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

08/07/2019, 00:00

Not After

07/07/2022, 23:59

Subject

CN=Sebastian Brands und Patrick Dubbert (Dexpot GbR),OU=Sebastian Brands und Patrick Dubbert (Dexpot GbR),O=Sebastian Brands und Patrick Dubbert (Dexpot GbR),POSTALCODE=46487,STREET=Bergerfurth 38,L=Wesel,ST=NRW,C=DE,2.5.4.18=#13053436343837

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/11/2018, 00:00

Not After

31/12/2030, 23:59

Subject

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

3d:1a:35:72:30:15:82:63:30:d0:13:71:7e:82:41:08
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

02/05/2019, 00:00

Not After

01/08/2030, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #1,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

a9:19:e1:94:0b:06:08:fd:ec:6f:d6:42:62:df:52:df:06:0c:29:72:11:68:49:d6:02:8f:05:ed:61:8a:ba:53
Signer

Actual PE Digest

a9:19:e1:94:0b:06:08:fd:ec:6f:d6:42:62:df:52:df:06:0c:29:72:11:68:49:d6:02:8f:05:ed:61:8a:ba:53

Digest Algorithm

sha256

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_LINE_NUMS_STRIPPED

IMAGE_FILE_LOCAL_SYMS_STRIPPED

IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

MethCallEngine

ord519

ord300

ord598

ord306

ord709

EVENT_SINK_AddRef

ord561

DllFunctionCall

EVENT_SINK_Release

EVENT_SINK_QueryInterface

__vbaExceptHandler

ord711

ord712

ord606

ord717

ProcCallEngine

ord644

ord645

ord681

ord685

ord100

ord616

ord618

ord581

Sections

.text
Size: 40KB - Virtual size: 37KB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

plugins/Slideshow.ini

plugins/Taskbar Pager.exe

.exe windows:5 windows x86 arch:x86

a04708e40f981b51bece123a011c84b6

Code Sign

b0:18:0d:97:b7:4d:c8:a3:f1:98:ff:2c:70:e0:ae:b1
Certificate

Issuer

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

08/07/2019, 00:00

Not After

07/07/2022, 23:59

Subject

CN=Sebastian Brands und Patrick Dubbert (Dexpot GbR),OU=Sebastian Brands und Patrick Dubbert (Dexpot GbR),O=Sebastian Brands und Patrick Dubbert (Dexpot GbR),POSTALCODE=46487,STREET=Bergerfurth 38,L=Wesel,ST=NRW,C=DE,2.5.4.18=#13053436343837

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/11/2018, 00:00

Not After

31/12/2030, 23:59

Subject

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

3d:1a:35:72:30:15:82:63:30:d0:13:71:7e:82:41:08
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

02/05/2019, 00:00

Not After

01/08/2030, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #1,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

7d:fa:1b:01:48:2e:6a:83:9e:ec:01:e6:db:a6:ff:c3:37:fa:a4:08:82:f2:4f:49:0b:72:a2:29:3b:ec:50:ae
Signer

Actual PE Digest

7d:fa:1b:01:48:2e:6a:83:9e:ec:01:e6:db:a6:ff:c3:37:fa:a4:08:82:f2:4f:49:0b:72:a2:29:3b:ec:50:ae

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Users\Patrick\Desktop\dexcode\plugins\Taskbar Pager\Release\Taskbar Pager.pdb

Imports

gdiplus

GdiplusStartup

GdipFree

GdipCloneBrush

GdipCombineRegionRectI

GdipCreateLineBrushFromRect

GdipDrawRectangleI

GdipCreatePen1

GdipReleaseDC

GdipGetImageWidth

GdipCloneImage

GdipBitmapLockBits

GdipGetDC

GdipDisposeImage

GdipBitmapUnlockBits

GdipDrawImageRectI

GdipCreateBitmapFromScan0

GdipCreateBitmapFromHICON

GdipGetImageHeight

GdipCreateLineBrushFromRectI

GdipDeletePen

GdipDeleteBrush

GdipSetInterpolationMode

GdipCreateFromHDC

GdipGraphicsClear

GdipDeleteGraphics

GdiplusShutdown

GdipFillRectangleI

GdipSetSolidFillColor

GdipResetClip

GdipFillRectangle

GdipDeleteRegion

GdipAlloc

GdipCreateSolidFill

GdipCreateRegionRectI

GdipSetClipRectI

GdipFillRegion

comctl32

InitCommonControlsEx

kernel32

GetOEMCP

GetACP

GetCPInfo

HeapReAlloc

WideCharToMultiByte

RtlUnwind

EnterCriticalSection

LeaveCriticalSection

GetSystemTimeAsFileTime

GetCurrentProcessId

GetTickCount

QueryPerformanceCounter

HeapCreate

InterlockedDecrement

GetCurrentThreadId

SetLastError

IsValidCodePage

SetFilePointer

GetPrivateProfileStringW

LoadLibraryW

Sleep

GetVersionExW

GetProcAddress

SetWaitableTimer

WaitForSingleObject

SleepEx

QueueUserAPC

CreateWaitableTimerW

CloseHandle

CreateThread

CreateMutexW

MapViewOfFile

GetConsoleCP

VirtualQuery

SetEvent

OpenProcess

CreateFileMappingW

CreateEventW

WaitForMultipleObjects

ReleaseMutex

GetFileType

InitializeCriticalSectionAndSpinCount

SetHandleCount

GetEnvironmentStringsW

FreeEnvironmentStringsW

ExitProcess

GetModuleHandleW

HeapSize

IsProcessorFeaturePresent

GetModuleFileNameW

GetStdHandle

WriteFile

HeapAlloc

HeapFree

GetLastError

IsDebuggerPresent

SetUnhandledExceptionFilter

UnhandledExceptionFilter

GetCurrentProcess

TerminateProcess

RaiseException

GetStartupInfoW

HeapSetInformation

GetCommandLineW

EncodePointer

DecodePointer

DeleteCriticalSection

TlsAlloc

TlsGetValue

TlsSetValue

TlsFree

InterlockedIncrement

GetConsoleMode

MultiByteToWideChar

LCMapStringW

GetStringTypeW

SetStdHandle

WriteConsoleW

CreateFileW

FlushFileBuffers

UnmapViewOfFile

user32

GetClientRect

FindWindowW

SetParent

LoadCursorW

TrackMouseEvent

SetForegroundWindow

KillTimer

UnregisterClassW

SetCapture

RegisterWindowMessageW

PostQuitMessage

GetMessageW

ScreenToClient

SetTimer

EnumDisplayMonitors

EndPaint

PostMessageW

BeginPaint

GetIconInfo

GetClassLongW

IsZoomed

GetDC

TranslateMessage

GetForegroundWindow

UnionRect

InvalidateRect

GetAncestor

ReleaseDC

MonitorFromWindow

SetWindowLongW

RedrawWindow

SetWindowPos

FindWindowExW

CreateWindowExW

SendMessageTimeoutW

GetDoubleClickTime

RegisterClassW

GetSystemMetrics

AllowSetForegroundWindow

GetMonitorInfoW

DefWindowProcW

GetShellWindow

DispatchMessageW

DestroyWindow

SendNotifyMessageW

GetDlgItemInt

LoadImageW

IsWindowEnabled

GetWindowTextW

GetDlgItem

SendDlgItemMessageW

ShowWindow

CreateDialogParamW

GetDlgItemTextW

SetDlgItemTextW

EnableWindow

SetWindowTextW

DestroyIcon

IsWindow

SendMessageW

GetWindowRect

IsIconic

EnumWindows

PtInRect

GetWindowLongW

GetSysColor

IsWindowVisible

GetWindow

GetWindowThreadProcessId

gdi32

CombineRgn

CreateCompatibleDC

SelectObject

DeleteObject

GetRgnBox

CreateCompatibleBitmap

BitBlt

GetObjectW

GetDIBits

CreateRectRgn

DeleteDC

GetStockObject

shell32

SHAppBarMessage

ole32

OleInitialize

OleUninitialize

RegisterDragDrop

RevokeDragDrop

Sections

.text
Size: 104KB - Virtual size: 104KB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

.rdata
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_DISCARDABLE

IMAGE_SCN_MEM_READ

plugins/Taskbar Pager.ini

plugins/Wallpaper Clock.exe

.exe windows:4 windows x86 arch:x86

a63a6dbf71b416da2e76152bda49be86

Code Sign

b0:18:0d:97:b7:4d:c8:a3:f1:98:ff:2c:70:e0:ae:b1
Certificate

Issuer

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

08/07/2019, 00:00

Not After

07/07/2022, 23:59

Subject

CN=Sebastian Brands und Patrick Dubbert (Dexpot GbR),OU=Sebastian Brands und Patrick Dubbert (Dexpot GbR),O=Sebastian Brands und Patrick Dubbert (Dexpot GbR),POSTALCODE=46487,STREET=Bergerfurth 38,L=Wesel,ST=NRW,C=DE,2.5.4.18=#13053436343837

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/11/2018, 00:00

Not After

31/12/2030, 23:59

Subject

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

3d:1a:35:72:30:15:82:63:30:d0:13:71:7e:82:41:08
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

02/05/2019, 00:00

Not After

01/08/2030, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #1,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

81:a7:64:2c:8a:ef:5d:b8:ef:f3:d9:78:aa:eb:86:2a:1c:ea:8b:8e:00:ac:e2:64:fb:5b:45:57:be:2d:60:e0
Signer

Actual PE Digest

81:a7:64:2c:8a:ef:5d:b8:ef:f3:d9:78:aa:eb:86:2a:1c:ea:8b:8e:00:ac:e2:64:fb:5b:45:57:be:2d:60:e0

Digest Algorithm

sha256

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_LINE_NUMS_STRIPPED

IMAGE_FILE_LOCAL_SYMS_STRIPPED

IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

MethCallEngine

ord517

ord519

ord552

ord553

ord661

ord598

ord305

ord709

ord525

EVENT_SINK_AddRef

ord529

DllFunctionCall

ord563

EVENT_SINK_Release

ord311

EVENT_SINK_QueryInterface

__vbaExceptHandler

ord313

ord712

ord605

ord606

ord714

ord531

ord717

ord532

ProcCallEngine

ord644

ord537

ord645

ord681

ord576

ord685

ord100

ord616

ord618

ord619

ord542

ord543

ord544

ord545

ord546

ord547

ord581

Sections

.text
Size: 132KB - Virtual size: 128KB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

plugins/Wallpaper Clock.ini

plugins/d3dx9_43.dll

.dll windows:6 windows x86 arch:x86

5fb75b2a87c1fa7cc3d7904a0b97084a

Code Sign

2e:ab:11:dc:50:ff:5c:9d:cb:c0
Certificate

Issuer

Not Before

22/08/2007, 22:31

Not After

25/08/2012, 07:00

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

61:01:cf:3e:00:00:00:00:00:0f
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

07/12/2009, 22:40

Not After

07/03/2011, 22:40

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2
Certificate

Issuer

Not Before

16/09/2006, 01:04

Not After

15/09/2019, 07:00

Subject

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

61:06:94:2d:00:00:00:00:00:09
Certificate

Issuer

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

25/07/2008, 19:02

Not After

25/07/2013, 19:12

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:7A82-688A-9F92,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

KeyUsageContentCommitment

9b:28:ef:17:5d:cd:b3:d3:ec:10:d1:6d:64:92:d2:24:02:c3:2b:3e
Signer

Actual PE Digest

9b:28:ef:17:5d:cd:b3:d3:ec:10:d1:6d:64:92:d2:24:02:c3:2b:3e

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_32BIT_MACHINE

IMAGE_FILE_DLL

PDB Paths

d3dx9_43.pdb

Imports

msvcrt

_isatty

_write

_lseeki64

__pioinfo

__badioinfo

wctomb

_itoa

_snprintf

_fileno

isleadbyte

?terminate@@YAXXZ

_onexit

_lock

__dllonexit

_unlock

_amsg_exit

_initterm

_XcptFilter

srand

strtod

fread

fflush

fwrite

abort

_tempnam

exit

isalpha

atof

atol

isxdigit

_ultoa

wcstombs

_CIexp

_isnan

rand

atoi

isalnum

floor

_strtime

_strdate

sscanf

isspace

isdigit

_setjmp3

longjmp

ldexp

frexp

calloc

realloc

_CIlog

setlocale

_strdup

free

_clearfp

ceil

_controlfp

malloc

_CIatan

_CIcos

_CIasin

_finite

_CIsin

_CIatan2

_CIacos

memmove

qsort

_CIfmod

_purecall

_stricmp

modf

iswspace

iswalpha

iswdigit

iswpunct

_CIsqrt

memcpy

memset

_CIpow

??2@YAPAXI@Z

??3@YAXPAX@Z

_iob

_vsnprintf

_vsnwprintf

_errno

__CxxFrameHandler

gdi32

GetTextMetricsA

GetObjectA

GetGlyphOutlineA

CreateDIBSection

DeleteDC

DeleteObject

SelectObject

GetCharacterPlacementW

GetCharacterPlacementA

SetTextColor

SetBkColor

SetBkMode

GetTextMetricsW

GetFontLanguageInfo

CreateFontIndirectA

CreateFontIndirectW

SetTextAlign

SetMapMode

CreateCompatibleDC

ExtTextOutA

MoveToEx

ExtTextOutW

TranslateCharsetInfo

GetCurrentObject

GetOutlineTextMetricsA

GetGlyphOutlineW

GetObjectW

kernel32

DeleteFileW

SetFilePointer

GetFileSize

CreateFileMappingA

MapViewOfFile

UnmapViewOfFile

FindResourceA

LoadResource

LockResource

SizeofResource

FreeResource

CompareStringA

LeaveCriticalSection

EnterCriticalSection

DeleteCriticalSection

InitializeCriticalSection

FormatMessageA

LocalFree

CreateFileW

GetFileSizeEx

GetFullPathNameW

GetLastError

IsDBCSLeadByte

WriteFile

GetTempPathA

MoveFileA

CreateFileA

ReadFile

CloseHandle

DeleteFileA

InterlockedDecrement

InterlockedIncrement

IsProcessorFeaturePresent

VirtualFree

GetACP

WideCharToMultiByte

MultiByteToWideChar

OutputDebugStringA

GetModuleHandleA

FreeLibrary

LoadLibraryA

GetVersionExA

GetSystemInfo

GetProcAddress

VirtualAlloc

GetProcessHeap

HeapFree

HeapAlloc

DisableThreadLibraryCalls

MoveFileW

GetTempFileNameW

GlobalMemoryStatus

SetEndOfFile

ExpandEnvironmentStringsA

IsBadCodePtr

IsBadReadPtr

IsBadWritePtr

WaitForSingleObject

ReleaseMutex

CreateMutexA

Sleep

InterlockedExchange

InterlockedCompareExchange

RtlUnwind

QueryPerformanceCounter

GetTickCount

GetCurrentThreadId

GetCurrentProcessId

GetSystemTimeAsFileTime

TerminateProcess

GetCurrentProcess

UnhandledExceptionFilter

SetUnhandledExceptionFilter

GetVersion

GetTempFileNameA

FindResourceW

advapi32

RegOpenKeyA

RegQueryValueExA

RegCloseKey

Exports

D3DXAssembleShader

D3DXAssembleShaderFromFileA

D3DXAssembleShaderFromFileW

D3DXAssembleShaderFromResourceA

D3DXAssembleShaderFromResourceW

D3DXBoxBoundProbe

D3DXCheckCubeTextureRequirements

D3DXCheckTextureRequirements

D3DXCheckVersion

D3DXCheckVolumeTextureRequirements

D3DXCleanMesh

D3DXColorAdjustContrast

D3DXColorAdjustSaturation

D3DXCompileShader

D3DXCompileShaderFromFileA

D3DXCompileShaderFromFileW

D3DXCompileShaderFromResourceA

D3DXCompileShaderFromResourceW

D3DXComputeBoundingBox

D3DXComputeBoundingSphere

D3DXComputeIMTFromPerTexelSignal

D3DXComputeIMTFromPerVertexSignal

D3DXComputeIMTFromSignal

D3DXComputeIMTFromTexture

D3DXComputeNormalMap

D3DXComputeNormals

D3DXComputeTangent

D3DXComputeTangentFrame

D3DXComputeTangentFrameEx

D3DXConcatenateMeshes

D3DXConvertMeshSubsetToSingleStrip

D3DXConvertMeshSubsetToStrips

D3DXCreateAnimationController

D3DXCreateBox

D3DXCreateBuffer

D3DXCreateCompressedAnimationSet

D3DXCreateCubeTexture

D3DXCreateCubeTextureFromFileA

D3DXCreateCubeTextureFromFileExA

D3DXCreateCubeTextureFromFileExW

D3DXCreateCubeTextureFromFileInMemory

D3DXCreateCubeTextureFromFileInMemoryEx

D3DXCreateCubeTextureFromFileW

D3DXCreateCubeTextureFromResourceA

D3DXCreateCubeTextureFromResourceExA

D3DXCreateCubeTextureFromResourceExW

D3DXCreateCubeTextureFromResourceW

D3DXCreateCylinder

D3DXCreateEffect

D3DXCreateEffectCompiler

D3DXCreateEffectCompilerFromFileA

D3DXCreateEffectCompilerFromFileW

D3DXCreateEffectCompilerFromResourceA

D3DXCreateEffectCompilerFromResourceW

D3DXCreateEffectEx

D3DXCreateEffectFromFileA

D3DXCreateEffectFromFileExA

D3DXCreateEffectFromFileExW

D3DXCreateEffectFromFileW

D3DXCreateEffectFromResourceA

D3DXCreateEffectFromResourceExA

D3DXCreateEffectFromResourceExW

D3DXCreateEffectFromResourceW

D3DXCreateEffectPool

D3DXCreateFontA

D3DXCreateFontIndirectA

D3DXCreateFontIndirectW

D3DXCreateFontW

D3DXCreateKeyframedAnimationSet

D3DXCreateLine

D3DXCreateMatrixStack

D3DXCreateMesh

D3DXCreateMeshFVF

D3DXCreateNPatchMesh

D3DXCreatePMeshFromStream

D3DXCreatePRTBuffer

D3DXCreatePRTBufferTex

D3DXCreatePRTCompBuffer

D3DXCreatePRTEngine

D3DXCreatePatchMesh

D3DXCreatePolygon

D3DXCreateRenderToEnvMap

D3DXCreateRenderToSurface

D3DXCreateSPMesh

D3DXCreateSkinInfo

D3DXCreateSkinInfoFVF

D3DXCreateSkinInfoFromBlendedMesh

D3DXCreateSphere

D3DXCreateSprite

D3DXCreateTeapot

D3DXCreateTextA

D3DXCreateTextW

D3DXCreateTexture

D3DXCreateTextureFromFileA

D3DXCreateTextureFromFileExA

D3DXCreateTextureFromFileExW

D3DXCreateTextureFromFileInMemory

D3DXCreateTextureFromFileInMemoryEx

D3DXCreateTextureFromFileW

D3DXCreateTextureFromResourceA

D3DXCreateTextureFromResourceExA

D3DXCreateTextureFromResourceExW

D3DXCreateTextureFromResourceW

D3DXCreateTextureGutterHelper

D3DXCreateTextureShader

D3DXCreateTorus

D3DXCreateVolumeTexture

D3DXCreateVolumeTextureFromFileA

D3DXCreateVolumeTextureFromFileExA

D3DXCreateVolumeTextureFromFileExW

D3DXCreateVolumeTextureFromFileInMemory

D3DXCreateVolumeTextureFromFileInMemoryEx

D3DXCreateVolumeTextureFromFileW

D3DXCreateVolumeTextureFromResourceA

D3DXCreateVolumeTextureFromResourceExA

D3DXCreateVolumeTextureFromResourceExW

D3DXCreateVolumeTextureFromResourceW

D3DXDebugMute

D3DXDeclaratorFromFVF

D3DXDisassembleEffect

D3DXDisassembleShader

D3DXFVFFromDeclarator

D3DXFileCreate

D3DXFillCubeTexture

D3DXFillCubeTextureTX

D3DXFillTexture

D3DXFillTextureTX

D3DXFillVolumeTexture

D3DXFillVolumeTextureTX

D3DXFilterTexture

D3DXFindShaderComment

D3DXFloat16To32Array

D3DXFloat32To16Array

D3DXFrameAppendChild

D3DXFrameCalculateBoundingSphere

D3DXFrameDestroy

D3DXFrameFind

D3DXFrameNumNamedMatrices

D3DXFrameRegisterNamedMatrices

D3DXFresnelTerm

D3DXGenerateOutputDecl

D3DXGeneratePMesh

D3DXGetDeclLength

D3DXGetDeclVertexSize

D3DXGetDriverLevel

D3DXGetFVFVertexSize

D3DXGetImageInfoFromFileA

D3DXGetImageInfoFromFileInMemory

D3DXGetImageInfoFromFileW

D3DXGetImageInfoFromResourceA

D3DXGetImageInfoFromResourceW

D3DXGetPixelShaderProfile

D3DXGetShaderConstantTable

D3DXGetShaderConstantTableEx

D3DXGetShaderInputSemantics

D3DXGetShaderOutputSemantics

D3DXGetShaderSamplers

D3DXGetShaderSize

D3DXGetShaderVersion

D3DXGetVertexShaderProfile

D3DXIntersect

D3DXIntersectSubset

D3DXIntersectTri

D3DXLoadMeshFromXA

D3DXLoadMeshFromXInMemory

D3DXLoadMeshFromXResource

D3DXLoadMeshFromXW

D3DXLoadMeshFromXof

D3DXLoadMeshHierarchyFromXA

D3DXLoadMeshHierarchyFromXInMemory

D3DXLoadMeshHierarchyFromXW

D3DXLoadPRTBufferFromFileA

D3DXLoadPRTBufferFromFileW

D3DXLoadPRTCompBufferFromFileA

D3DXLoadPRTCompBufferFromFileW

D3DXLoadPatchMeshFromXof

D3DXLoadSkinMeshFromXof

D3DXLoadSurfaceFromFileA

D3DXLoadSurfaceFromFileInMemory

D3DXLoadSurfaceFromFileW

D3DXLoadSurfaceFromMemory

D3DXLoadSurfaceFromResourceA

D3DXLoadSurfaceFromResourceW

D3DXLoadSurfaceFromSurface

D3DXLoadVolumeFromFileA

D3DXLoadVolumeFromFileInMemory

D3DXLoadVolumeFromFileW

D3DXLoadVolumeFromMemory

D3DXLoadVolumeFromResourceA

D3DXLoadVolumeFromResourceW

D3DXLoadVolumeFromVolume

D3DXMatrixAffineTransformation

D3DXMatrixAffineTransformation2D

D3DXMatrixDecompose

D3DXMatrixDeterminant

D3DXMatrixInverse

D3DXMatrixLookAtLH

D3DXMatrixLookAtRH

D3DXMatrixMultiply

D3DXMatrixMultiplyTranspose

D3DXMatrixOrthoLH

D3DXMatrixOrthoOffCenterLH

D3DXMatrixOrthoOffCenterRH

D3DXMatrixOrthoRH

D3DXMatrixPerspectiveFovLH

D3DXMatrixPerspectiveFovRH

D3DXMatrixPerspectiveLH

D3DXMatrixPerspectiveOffCenterLH

D3DXMatrixPerspectiveOffCenterRH

D3DXMatrixPerspectiveRH

D3DXMatrixReflect

D3DXMatrixRotationAxis

D3DXMatrixRotationQuaternion

D3DXMatrixRotationX

D3DXMatrixRotationY

D3DXMatrixRotationYawPitchRoll

D3DXMatrixRotationZ

D3DXMatrixScaling

D3DXMatrixShadow

D3DXMatrixTransformation

D3DXMatrixTransformation2D

D3DXMatrixTranslation

D3DXMatrixTranspose

D3DXOptimizeFaces

D3DXOptimizeVertices

D3DXPlaneFromPointNormal

D3DXPlaneFromPoints

D3DXPlaneIntersectLine

D3DXPlaneNormalize

D3DXPlaneTransform

D3DXPlaneTransformArray

D3DXPreprocessShader

D3DXPreprocessShaderFromFileA

D3DXPreprocessShaderFromFileW

D3DXPreprocessShaderFromResourceA

D3DXPreprocessShaderFromResourceW

D3DXQuaternionBaryCentric

D3DXQuaternionExp

D3DXQuaternionInverse

D3DXQuaternionLn

D3DXQuaternionMultiply

D3DXQuaternionNormalize

D3DXQuaternionRotationAxis

D3DXQuaternionRotationMatrix

D3DXQuaternionRotationYawPitchRoll

D3DXQuaternionSlerp

D3DXQuaternionSquad

D3DXQuaternionSquadSetup

D3DXQuaternionToAxisAngle

D3DXRectPatchSize

D3DXSHAdd

D3DXSHDot

D3DXSHEvalConeLight

D3DXSHEvalDirection

D3DXSHEvalDirectionalLight

D3DXSHEvalHemisphereLight

D3DXSHEvalSphericalLight

D3DXSHMultiply2

D3DXSHMultiply3

D3DXSHMultiply4

D3DXSHMultiply5

D3DXSHMultiply6

D3DXSHPRTCompSplitMeshSC

D3DXSHPRTCompSuperCluster

D3DXSHProjectCubeMap

D3DXSHRotate

D3DXSHRotateZ

D3DXSHScale

D3DXSaveMeshHierarchyToFileA

D3DXSaveMeshHierarchyToFileW

D3DXSaveMeshToXA

D3DXSaveMeshToXW

D3DXSavePRTBufferToFileA

D3DXSavePRTBufferToFileW

D3DXSavePRTCompBufferToFileA

D3DXSavePRTCompBufferToFileW

D3DXSaveSurfaceToFileA

D3DXSaveSurfaceToFileInMemory

D3DXSaveSurfaceToFileW

D3DXSaveTextureToFileA

D3DXSaveTextureToFileInMemory

D3DXSaveTextureToFileW

D3DXSaveVolumeToFileA

D3DXSaveVolumeToFileInMemory

D3DXSaveVolumeToFileW

D3DXSimplifyMesh

D3DXSphereBoundProbe

D3DXSplitMesh

D3DXTessellateNPatches

D3DXTessellateRectPatch

D3DXTessellateTriPatch

D3DXTriPatchSize

D3DXUVAtlasCreate

D3DXUVAtlasPack

D3DXUVAtlasPartition

D3DXValidMesh

D3DXValidPatchMesh

D3DXVec2BaryCentric

D3DXVec2CatmullRom

D3DXVec2Hermite

D3DXVec2Normalize

D3DXVec2Transform

D3DXVec2TransformArray

D3DXVec2TransformCoord

D3DXVec2TransformCoordArray

D3DXVec2TransformNormal

D3DXVec2TransformNormalArray

D3DXVec3BaryCentric

D3DXVec3CatmullRom

D3DXVec3Hermite

D3DXVec3Normalize

D3DXVec3Project

D3DXVec3ProjectArray

D3DXVec3Transform

D3DXVec3TransformArray

D3DXVec3TransformCoord

D3DXVec3TransformCoordArray

D3DXVec3TransformNormal

D3DXVec3TransformNormalArray

D3DXVec3Unproject

D3DXVec3UnprojectArray

D3DXVec4BaryCentric

D3DXVec4CatmullRom

D3DXVec4Cross

D3DXVec4Hermite

D3DXVec4Normalize

D3DXVec4Transform

D3DXVec4TransformArray

D3DXWeldVertices

Sections

.text
Size: 1.8MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

.data
Size: 62KB - Virtual size: 148KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 928B

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.reloc
Size: 55KB - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_DISCARDABLE

IMAGE_SCN_MEM_READ

plugins/dexcube/DexcubeConfig.exe

.exe windows:4 windows x86 arch:x86

d201c362e16b847d52f2f17bc27370b6

Code Sign

b0:18:0d:97:b7:4d:c8:a3:f1:98:ff:2c:70:e0:ae:b1
Certificate

Issuer

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

08/07/2019, 00:00

Not After

07/07/2022, 23:59

Subject

CN=Sebastian Brands und Patrick Dubbert (Dexpot GbR),OU=Sebastian Brands und Patrick Dubbert (Dexpot GbR),O=Sebastian Brands und Patrick Dubbert (Dexpot GbR),POSTALCODE=46487,STREET=Bergerfurth 38,L=Wesel,ST=NRW,C=DE,2.5.4.18=#13053436343837

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/11/2018, 00:00

Not After

31/12/2030, 23:59

Subject

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

3d:1a:35:72:30:15:82:63:30:d0:13:71:7e:82:41:08
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

02/05/2019, 00:00

Not After

01/08/2030, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #1,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

f0:ca:1c:93:46:09:3f:28:c7:7f:f2:9b:5d:9b:65:97:9b:57:f3:a0:97:70:8f:b5:4f:53:4c:b4:94:60:67:19
Signer

Actual PE Digest

f0:ca:1c:93:46:09:3f:28:c7:7f:f2:9b:5d:9b:65:97:9b:57:f3:a0:97:70:8f:b5:4f:53:4c:b4:94:60:67:19

Digest Algorithm

sha256

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_LINE_NUMS_STRIPPED

IMAGE_FILE_LOCAL_SYMS_STRIPPED

IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

MethCallEngine

ord669

ord709

EVENT_SINK_AddRef

DllFunctionCall

EVENT_SINK_Release

EVENT_SINK_QueryInterface

__vbaExceptHandler

ord711

ord712

ord606

ord717

ProcCallEngine

ord644

ord645

ord681

ord685

ord100

ord616

ord581

Sections

.text
Size: 36KB - Virtual size: 33KB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

plugins/msvcp100.dll

.dll windows:5 windows x86 arch:x86

7a0d9f66efd1839f136ca6896fa52dfa

Code Sign

2e:ab:11:dc:50:ff:5c:9d:cb:c0
Certificate

Issuer

Not Before

22/08/2007, 22:31

Not After

25/08/2012, 07:00

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

61:01:b2:9b:00:00:00:00:00:15
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

21/02/2011, 20:53

Not After

21/05/2012, 20:53

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2
Certificate

Issuer

Not Before

16/09/2006, 01:04

Not After

15/09/2019, 07:00

Subject

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

61:05:a2:30:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

25/07/2008, 19:01

Not After

25/07/2013, 19:11

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:85D3-305C-5BCF,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

KeyUsageContentCommitment

bf:b0:fa:8d:3c:66:79:75:e3:a2:ca:10:72:d2:b3:8d:c5:59:ee:76
Signer

Actual PE Digest

bf:b0:fa:8d:3c:66:79:75:e3:a2:ca:10:72:d2:b3:8d:c5:59:ee:76

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_LARGE_ADDRESS_AWARE

IMAGE_FILE_32BIT_MACHINE

IMAGE_FILE_DLL

PDB Paths

msvcp100.i386.pdb

Imports

msvcr100

rand_s

memset

memmove

fgetc

ungetc

_lock_file

_unlock_file

fflush

setvbuf

memcpy_s

fwrite

fgetpos

_fseeki64

fsetpos

fclose

_fsopen

_wfsopen

fseek

ldexp

wcslen

memchr

memmove_s

sprintf_s

_Strftime

strcspn

setlocale

_realloc_crt

strcmp

_malloc_crt

?_set_new_handler@@YAP6AHI@ZP6AHI@Z@Z

_purecall

strerror

fgetwc

fputwc

ungetwc

__uncaught_exception

towlower

towupper

_create_locale

_ui64toa_s

_free_locale

__pctype_func

_errno

___mb_cur_max_l_func

___lc_codepage_func

___lc_handle_func

__crtCompareStringA

memcmp

___lc_collate_cp_func

__crtLCMapStringA

__iob_func

?Alloc@Concurrency@@YAPAXI@Z

?ScheduleTask@CurrentScheduler@Concurrency@@SAXP6AXPAX@Z0@Z

?Yield@Context@Concurrency@@SAXXZ

??1critical_section@Concurrency@@QAE@XZ

??0invalid_link_target@Concurrency@@QAE@PBD@Z

??0message_not_found@Concurrency@@QAE@XZ

??0bad_target@Concurrency@@QAE@XZ

??0invalid_operation@Concurrency@@QAE@PBD@Z

?set@event@Concurrency@@QAEXXZ

?wait@event@Concurrency@@QAEII@Z

??1event@Concurrency@@QAE@XZ

??0event@Concurrency@@QAE@XZ

?Free@Concurrency@@YAXPAX@Z

??1_Scoped_lock@_ReentrantPPLLock@details@Concurrency@@QAE@XZ

??0_Scoped_lock@_ReentrantPPLLock@details@Concurrency@@QAE@AAV123@@Z

??0_ReentrantPPLLock@details@Concurrency@@QAE@XZ

??1_Scoped_lock@_NonReentrantPPLLock@details@Concurrency@@QAE@XZ

??0_Scoped_lock@_NonReentrantPPLLock@details@Concurrency@@QAE@AAV123@@Z

??0_NonReentrantPPLLock@details@Concurrency@@QAE@XZ

?_UnderlyingYield@details@Concurrency@@YAXXZ

?_SpinOnce@?$_SpinWait@$00@details@Concurrency@@QAE_NXZ

?GetNumberOfVirtualProcessors@CurrentScheduler@Concurrency@@SAIXZ

?IsCurrentTaskCollectionCanceling@Context@Concurrency@@SA_NXZ

??1_SpinLock@details@Concurrency@@QAE@XZ

??0_SpinLock@details@Concurrency@@QAE@ACJ@Z

?Log2@details@Concurrency@@YAKI@Z

isupper

_calloc_crt

islower

__crtLCMapStringW

isspace

tolower

strtod

__crtCompareStringW

?terminate@@YAXXZ

_unlock

__dllonexit

_lock

_onexit

_encoded_null

_initterm

_initterm_e

_amsg_exit

__CppXcptFilter

?_type_info_dtor_internal_method@type_info@@QAEXXZ

_except_handler4_common

_crt_debugger_hook

__clean_type_info_names_internal

fputs

fputc

abort

log

??0bad_cast@std@@QAE@ABV01@@Z

??1bad_cast@std@@UAE@XZ

??0bad_cast@std@@QAE@PBD@Z

_Getmonths

_Getdays

malloc

__CxxFrameHandler3

??2@YAPAXI@Z

___mb_cur_max_func

memcpy

strlen

??_V@YAXPAX@Z

_Gettnames

localeconv

free

??0exception@std@@QAE@ABQBD@Z

?what@exception@std@@UBEPBDXZ

??0exception@std@@QAE@ABQBDH@Z

??3@YAXPAX@Z

??0exception@std@@QAE@ABV01@@Z

_CxxThrowException

??1exception@std@@UAE@XZ

??0operation_timed_out@Concurrency@@QAE@XZ

??0exception@std@@QAE@XZ

kernel32

GetCurrentProcessId

GetTickCount

QueryPerformanceCounter

DisableThreadLibraryCalls

IsDebuggerPresent

SetUnhandledExceptionFilter

UnhandledExceptionFilter

GetCurrentProcess

TerminateProcess

IsProcessorFeaturePresent

Sleep

GetStringTypeW

InterlockedDecrement

InterlockedIncrement

GetLocaleInfoW

GetCurrentThreadId

WideCharToMultiByte

MultiByteToWideChar

InterlockedExchange

InterlockedCompareExchange

DecodePointer

EncodePointer

LeaveCriticalSection

EnterCriticalSection

DeleteCriticalSection

InitializeCriticalSection

GetSystemTimeAsFileTime

Exports

??0?$_Yarn@D@std@@QAE@ABV01@@Z

??0?$_Yarn@D@std@@QAE@PBD@Z

??0?$_Yarn@D@std@@QAE@XZ

??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ

??0?$basic_ios@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z

??0?$basic_ios@GU?$char_traits@G@std@@@std@@IAE@XZ

??0?$basic_ios@GU?$char_traits@G@std@@@std@@QAE@PAV?$basic_streambuf@GU?$char_traits@G@std@@@1@@Z

??0?$basic_ios@_WU?$char_traits@_W@std@@@std@@IAE@XZ

??0?$basic_ios@_WU?$char_traits@_W@std@@@std@@QAE@PAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@@Z

??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QAE@$$QAV01@@Z

??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z

??0?$basic_iostream@GU?$char_traits@G@std@@@std@@QAE@$$QAV01@@Z

??0?$basic_iostream@GU?$char_traits@G@std@@@std@@QAE@PAV?$basic_streambuf@GU?$char_traits@G@std@@@1@@Z

??0?$basic_iostream@_WU?$char_traits@_W@std@@@std@@QAE@$$QAV01@@Z

??0?$basic_iostream@_WU?$char_traits@_W@std@@@std@@QAE@PAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@@Z

??0?$basic_istream@DU?$char_traits@D@std@@@std@@QAE@$$QAV01@@Z

??0?$basic_istream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N1@Z

??0?$basic_istream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z

??0?$basic_istream@DU?$char_traits@D@std@@@std@@QAE@W4_Uninitialized@1@@Z

??0?$basic_istream@GU?$char_traits@G@std@@@std@@QAE@$$QAV01@@Z

??0?$basic_istream@GU?$char_traits@G@std@@@std@@QAE@PAV?$basic_streambuf@GU?$char_traits@G@std@@@1@_N1@Z

??0?$basic_istream@GU?$char_traits@G@std@@@std@@QAE@PAV?$basic_streambuf@GU?$char_traits@G@std@@@1@_N@Z

??0?$basic_istream@GU?$char_traits@G@std@@@std@@QAE@W4_Uninitialized@1@@Z

??0?$basic_istream@_WU?$char_traits@_W@std@@@std@@QAE@$$QAV01@@Z

??0?$basic_istream@_WU?$char_traits@_W@std@@@std@@QAE@PAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@_N1@Z

??0?$basic_istream@_WU?$char_traits@_W@std@@@std@@QAE@PAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@_N@Z

??0?$basic_istream@_WU?$char_traits@_W@std@@@std@@QAE@W4_Uninitialized@1@@Z

??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@$$QAV01@@Z

??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z

??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@W4_Uninitialized@1@_N@Z

??0?$basic_ostream@GU?$char_traits@G@std@@@std@@QAE@$$QAV01@@Z

??0?$basic_ostream@GU?$char_traits@G@std@@@std@@QAE@PAV?$basic_streambuf@GU?$char_traits@G@std@@@1@_N@Z

??0?$basic_ostream@GU?$char_traits@G@std@@@std@@QAE@W4_Uninitialized@1@_N@Z

??0?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAE@$$QAV01@@Z

??0?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAE@PAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@_N@Z

??0?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAE@W4_Uninitialized@1@_N@Z

??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@ABV01@@Z

??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@W4_Uninitialized@1@@Z

??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ

??0?$basic_streambuf@GU?$char_traits@G@std@@@std@@IAE@ABV01@@Z

??0?$basic_streambuf@GU?$char_traits@G@std@@@std@@IAE@W4_Uninitialized@1@@Z

??0?$basic_streambuf@GU?$char_traits@G@std@@@std@@IAE@XZ

??0?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAE@ABV01@@Z

??0?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAE@W4_Uninitialized@1@@Z

??0?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAE@XZ

??0?$codecvt@DDH@std@@QAE@ABV_Locinfo@1@I@Z

??0?$codecvt@DDH@std@@QAE@I@Z

??0?$codecvt@GDH@std@@QAE@ABV_Locinfo@1@I@Z

??0?$codecvt@GDH@std@@QAE@I@Z

??0?$codecvt@_WDH@std@@QAE@ABV_Locinfo@1@I@Z

??0?$codecvt@_WDH@std@@QAE@I@Z

??0?$ctype@D@std@@QAE@ABV_Locinfo@1@I@Z

??0?$ctype@D@std@@QAE@PBF_NI@Z

??0?$ctype@G@std@@QAE@ABV_Locinfo@1@I@Z

??0?$ctype@G@std@@QAE@I@Z

??0?$ctype@_W@std@@QAE@ABV_Locinfo@1@I@Z

??0?$ctype@_W@std@@QAE@I@Z

??0?$num_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QAE@ABV_Locinfo@1@I@Z

??0?$num_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QAE@I@Z

??0?$num_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QAE@ABV_Locinfo@1@I@Z

??0?$num_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QAE@I@Z

??0?$num_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@QAE@ABV_Locinfo@1@I@Z

??0?$num_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@QAE@I@Z

??0?$num_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QAE@ABV_Locinfo@1@I@Z

??0?$num_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QAE@I@Z

??0?$num_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QAE@ABV_Locinfo@1@I@Z

??0?$num_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QAE@I@Z

??0?$num_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@QAE@ABV_Locinfo@1@I@Z

??0?$num_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@QAE@I@Z

??0?$time_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@IAE@PBDI@Z

??0?$time_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QAE@ABV_Locinfo@1@I@Z

??0?$time_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QAE@I@Z

??0?$time_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@IAE@PBDI@Z

??0?$time_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QAE@ABV_Locinfo@1@I@Z

??0?$time_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QAE@I@Z

??0?$time_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@IAE@PBDI@Z

??0?$time_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@QAE@ABV_Locinfo@1@I@Z

??0?$time_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@QAE@I@Z

??0?$time_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QAE@ABV_Locinfo@1@I@Z

??0?$time_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QAE@I@Z

??0?$time_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@IAE@PBDI@Z

??0?$time_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QAE@ABV_Locinfo@1@I@Z

??0?$time_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QAE@I@Z

??0?$time_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@IAE@PBDI@Z

??0?$time_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@QAE@ABV_Locinfo@1@I@Z

??0?$time_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@QAE@I@Z

??0Init@ios_base@std@@QAE@XZ

??0_Concurrent_queue_base_v4@details@Concurrency@@IAE@I@Z

??0_Concurrent_queue_iterator_base_v4@details@Concurrency@@IAE@ABV_Concurrent_queue_base_v4@12@@Z

??0_Container_base12@std@@QAE@ABU01@@Z

??0_Container_base12@std@@QAE@XZ

??0_Init_locks@std@@QAE@XZ

??0_Locimp@locale@std@@AAE@ABV012@@Z

??0_Locimp@locale@std@@AAE@_N@Z

??0_Locinfo@std@@QAE@HPBD@Z

??0_Locinfo@std@@QAE@PBD@Z

??0_Lockit@std@@QAE@H@Z

??0_Lockit@std@@QAE@XZ

??0_Mutex@std@@QAE@W4_Uninitialized@1@@Z

??0_Mutex@std@@QAE@XZ

??0_Runtime_object@details@Concurrency@@QAE@H@Z

??0_Runtime_object@details@Concurrency@@QAE@XZ

??0_Timevec@std@@QAE@ABV01@@Z

??0_Timevec@std@@QAE@PAX@Z

??0_UShinit@std@@QAE@XZ

??0_Winit@std@@QAE@XZ

??0agent@Concurrency@@QAE@AAVScheduleGroup@1@@Z

??0agent@Concurrency@@QAE@AAVScheduler@1@@Z

??0agent@Concurrency@@QAE@XZ

??0codecvt_base@std@@QAE@I@Z

??0ctype_base@std@@QAE@I@Z

??0facet@locale@std@@IAE@I@Z

??0id@locale@std@@QAE@I@Z

??0ios_base@std@@IAE@XZ

??0ios_base@std@@QAE@ABV01@@Z

??0time_base@std@@QAE@I@Z

??1?$_Yarn@D@std@@QAE@XZ

??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ

??1?$basic_ios@GU?$char_traits@G@std@@@std@@UAE@XZ

??1?$basic_ios@_WU?$char_traits@_W@std@@@std@@UAE@XZ

??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UAE@XZ

??1?$basic_iostream@GU?$char_traits@G@std@@@std@@UAE@XZ

??1?$basic_iostream@_WU?$char_traits@_W@std@@@std@@UAE@XZ

??1?$basic_istream@DU?$char_traits@D@std@@@std@@UAE@XZ

??1?$basic_istream@GU?$char_traits@G@std@@@std@@UAE@XZ

??1?$basic_istream@_WU?$char_traits@_W@std@@@std@@UAE@XZ

??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ

??1?$basic_ostream@GU?$char_traits@G@std@@@std@@UAE@XZ

??1?$basic_ostream@_WU?$char_traits@_W@std@@@std@@UAE@XZ

??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ

??1?$basic_streambuf@GU?$char_traits@G@std@@@std@@UAE@XZ

??1?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UAE@XZ

??1?$codecvt@DDH@std@@MAE@XZ

??1?$codecvt@GDH@std@@MAE@XZ

??1?$codecvt@_WDH@std@@MAE@XZ

??1?$ctype@D@std@@MAE@XZ

??1?$ctype@G@std@@MAE@XZ

??1?$ctype@_W@std@@MAE@XZ

??1?$num_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@MAE@XZ

??1?$num_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@MAE@XZ

??1?$num_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@MAE@XZ

??1?$num_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@MAE@XZ

??1?$num_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@MAE@XZ

??1?$num_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@MAE@XZ

??1?$time_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@MAE@XZ

??1?$time_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@MAE@XZ

??1?$time_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@MAE@XZ

??1?$time_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@MAE@XZ

??1?$time_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@MAE@XZ

??1?$time_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@MAE@XZ

??1Init@ios_base@std@@QAE@XZ

??1_Concurrent_queue_base_v4@details@Concurrency@@MAE@XZ

??1_Concurrent_queue_iterator_base_v4@details@Concurrency@@IAE@XZ

??1_Concurrent_vector_base_v4@details@Concurrency@@IAE@XZ

??1_Container_base12@std@@QAE@XZ

??1_Init_locks@std@@QAE@XZ

??1_Locimp@locale@std@@MAE@XZ

??1_Locinfo@std@@QAE@XZ

??1_Lockit@std@@QAE@XZ

??1_Mutex@std@@QAE@XZ

??1_Timevec@std@@QAE@XZ

??1_UShinit@std@@QAE@XZ

??1_Winit@std@@QAE@XZ

??1agent@Concurrency@@UAE@XZ

??1codecvt_base@std@@UAE@XZ

??1ctype_base@std@@UAE@XZ

??1facet@locale@std@@UAE@XZ

??1ios_base@std@@UAE@XZ

??1time_base@std@@UAE@XZ

??4?$_Iosb@H@std@@QAEAAV01@ABV01@@Z

??4?$_Yarn@D@std@@QAEAAV01@ABV01@@Z

??4?$_Yarn@D@std@@QAEAAV01@PBD@Z

??4?$basic_iostream@DU?$char_traits@D@std@@@std@@QAEAAV01@$$QAV01@@Z

??4?$basic_iostream@GU?$char_traits@G@std@@@std@@QAEAAV01@$$QAV01@@Z

??4?$basic_iostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@$$QAV01@@Z

??4?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@$$QAV01@@Z

??4?$basic_istream@GU?$char_traits@G@std@@@std@@QAEAAV01@$$QAV01@@Z

??4?$basic_istream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@$$QAV01@@Z

??4?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@$$QAV01@@Z

??4?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEAAV01@$$QAV01@@Z

??4?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@$$QAV01@@Z

??4?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEAAV01@ABV01@@Z

??4?$basic_streambuf@GU?$char_traits@G@std@@@std@@IAEAAV01@ABV01@@Z

??4?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAEAAV01@ABV01@@Z

??4?$numeric_limits@C@std@@QAEAAV01@ABV01@@Z

??4?$numeric_limits@D@std@@QAEAAV01@ABV01@@Z

??4?$numeric_limits@E@std@@QAEAAV01@ABV01@@Z

??4?$numeric_limits@F@std@@QAEAAV01@ABV01@@Z

??4?$numeric_limits@G@std@@QAEAAV01@ABV01@@Z

??4?$numeric_limits@H@std@@QAEAAV01@ABV01@@Z

??4?$numeric_limits@I@std@@QAEAAV01@ABV01@@Z

??4?$numeric_limits@J@std@@QAEAAV01@ABV01@@Z

??4?$numeric_limits@K@std@@QAEAAV01@ABV01@@Z

??4?$numeric_limits@M@std@@QAEAAV01@ABV01@@Z

??4?$numeric_limits@N@std@@QAEAAV01@ABV01@@Z

??4?$numeric_limits@O@std@@QAEAAV01@ABV01@@Z

??4?$numeric_limits@_J@std@@QAEAAV01@ABV01@@Z

??4?$numeric_limits@_K@std@@QAEAAV01@ABV01@@Z

??4?$numeric_limits@_N@std@@QAEAAV01@ABV01@@Z

??4?$numeric_limits@_W@std@@QAEAAV01@ABV01@@Z

??4Init@ios_base@std@@QAEAAV012@ABV012@@Z

??4_Container_base0@std@@QAEAAU01@ABU01@@Z

??4_Container_base12@std@@QAEAAU01@ABU01@@Z

??4_Init_locks@std@@QAEAAV01@ABV01@@Z

??4_Num_base@std@@QAEAAU01@ABU01@@Z

??4_Num_float_base@std@@QAEAAU01@ABU01@@Z

??4_Num_int_base@std@@QAEAAU01@ABU01@@Z

??4_Timevec@std@@QAEAAV01@ABV01@@Z

??4_UShinit@std@@QAEAAV01@ABV01@@Z

??4_Winit@std@@QAEAAV01@ABV01@@Z

??4ios_base@std@@QAEAAV01@ABV01@@Z

??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AAF@Z

??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AAG@Z

??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AAH@Z

??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AAI@Z

??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AAJ@Z

??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AAK@Z

??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AAM@Z

??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AAN@Z

??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AAO@Z

??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AAPAX@Z

??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AA_J@Z

??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AA_K@Z

??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AA_N@Z

??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z

??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV?$basic_ios@DU?$char_traits@D@std@@@1@AAV21@@Z@Z

??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAVios_base@1@AAV21@@Z@Z

??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z

??5?$basic_istream@GU?$char_traits@G@std@@@std@@QAEAAV01@AAF@Z

??5?$basic_istream@GU?$char_traits@G@std@@@std@@QAEAAV01@AAG@Z

??5?$basic_istream@GU?$char_traits@G@std@@@std@@QAEAAV01@AAH@Z

??5?$basic_istream@GU?$char_traits@G@std@@@std@@QAEAAV01@AAI@Z

??5?$basic_istream@GU?$char_traits@G@std@@@std@@QAEAAV01@AAJ@Z

??5?$basic_istream@GU?$char_traits@G@std@@@std@@QAEAAV01@AAK@Z

??5?$basic_istream@GU?$char_traits@G@std@@@std@@QAEAAV01@AAM@Z

??5?$basic_istream@GU?$char_traits@G@std@@@std@@QAEAAV01@AAN@Z

??5?$basic_istream@GU?$char_traits@G@std@@@std@@QAEAAV01@AAO@Z

??5?$basic_istream@GU?$char_traits@G@std@@@std@@QAEAAV01@AAPAX@Z

??5?$basic_istream@GU?$char_traits@G@std@@@std@@QAEAAV01@AA_J@Z

??5?$basic_istream@GU?$char_traits@G@std@@@std@@QAEAAV01@AA_K@Z

??5?$basic_istream@GU?$char_traits@G@std@@@std@@QAEAAV01@AA_N@Z

??5?$basic_istream@GU?$char_traits@G@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z

??5?$basic_istream@GU?$char_traits@G@std@@@std@@QAEAAV01@P6AAAV?$basic_ios@GU?$char_traits@G@std@@@1@AAV21@@Z@Z

??5?$basic_istream@GU?$char_traits@G@std@@@std@@QAEAAV01@P6AAAVios_base@1@AAV21@@Z@Z

??5?$basic_istream@GU?$char_traits@G@std@@@std@@QAEAAV01@PAV?$basic_streambuf@GU?$char_traits@G@std@@@1@@Z

??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@AAF@Z

??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@AAG@Z

??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@AAH@Z

??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@AAI@Z

??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@AAJ@Z

??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@AAK@Z

??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@AAM@Z

??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@AAN@Z

??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@AAO@Z

??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@AAPAX@Z

??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@AA_J@Z

??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@AA_K@Z

??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@AA_N@Z

??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z

??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@P6AAAV?$basic_ios@_WU?$char_traits@_W@std@@@1@AAV21@@Z@Z

??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@P6AAAVios_base@1@AAV21@@Z@Z

??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@PAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@@Z

??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@F@Z

??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@G@Z

??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@H@Z

??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@I@Z

??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@J@Z

??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@K@Z

??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@M@Z

??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@N@Z

??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@O@Z

??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z

??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV?$basic_ios@DU?$char_traits@D@std@@@1@AAV21@@Z@Z

??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAVios_base@1@AAV21@@Z@Z

??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z

??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@PBX@Z

??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@_J@Z

??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@_K@Z

??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@_N@Z

??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEAAV01@F@Z

??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEAAV01@G@Z

??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEAAV01@H@Z

??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEAAV01@I@Z

??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEAAV01@J@Z

??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEAAV01@K@Z

??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEAAV01@M@Z

??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEAAV01@N@Z

??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEAAV01@O@Z

??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z

??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEAAV01@P6AAAV?$basic_ios@GU?$char_traits@G@std@@@1@AAV21@@Z@Z

??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEAAV01@P6AAAVios_base@1@AAV21@@Z@Z

??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEAAV01@PAV?$basic_streambuf@GU?$char_traits@G@std@@@1@@Z

??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEAAV01@PBX@Z

??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEAAV01@_J@Z

??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEAAV01@_K@Z

??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEAAV01@_N@Z

??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@F@Z

??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@G@Z

??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@H@Z

??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@I@Z

??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@J@Z

??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@K@Z

??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@M@Z

??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@N@Z

??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@O@Z

??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z

??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@P6AAAV?$basic_ios@_WU?$char_traits@_W@std@@@1@AAV21@@Z@Z

??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@P6AAAVios_base@1@AAV21@@Z@Z

??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@PAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@@Z

??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@PBX@Z

??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@_J@Z

??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@_K@Z

??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@_N@Z

??7ios_base@std@@QBE_NXZ

??Bid@locale@std@@QAEIXZ

??Bios_base@std@@QBEPAXXZ

??_7?$basic_ios@DU?$char_traits@D@std@@@std@@6B@

??_7?$basic_ios@GU?$char_traits@G@std@@@std@@6B@

??_7?$basic_ios@_WU?$char_traits@_W@std@@@std@@6B@

??_7?$basic_iostream@DU?$char_traits@D@std@@@std@@6B@

??_7?$basic_iostream@GU?$char_traits@G@std@@@std@@6B@

??_7?$basic_iostream@_WU?$char_traits@_W@std@@@std@@6B@

??_7?$basic_istream@DU?$char_traits@D@std@@@std@@6B@

??_7?$basic_istream@GU?$char_traits@G@std@@@std@@6B@

??_7?$basic_istream@_WU?$char_traits@_W@std@@@std@@6B@

??_7?$basic_ostream@DU?$char_traits@D@std@@@std@@6B@

??_7?$basic_ostream@GU?$char_traits@G@std@@@std@@6B@

??_7?$basic_ostream@_WU?$char_traits@_W@std@@@std@@6B@

??_7?$basic_streambuf@DU?$char_traits@D@std@@@std@@6B@

??_7?$basic_streambuf@GU?$char_traits@G@std@@@std@@6B@

??_7?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@6B@

??_7?$codecvt@DDH@std@@6B@

??_7?$codecvt@GDH@std@@6B@

??_7?$codecvt@_WDH@std@@6B@

??_7?$ctype@D@std@@6B@

??_7?$ctype@G@std@@6B@

??_7?$ctype@_W@std@@6B@

??_7?$num_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@6B@

??_7?$num_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@6B@

??_7?$num_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@6B@

??_7?$num_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@6B@

??_7?$num_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@6B@

??_7?$num_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@6B@

??_7?$time_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@6B@

??_7?$time_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@6B@

??_7?$time_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@6B@

??_7?$time_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@6B@

??_7?$time_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@6B@

??_7?$time_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@6B@

??_7_Locimp@locale@std@@6B@

??_7codecvt_base@std@@6B@

??_7ctype_base@std@@6B@

??_7ios_base@std@@6B@

??_7time_base@std@@6B@

??_8?$basic_iostream@DU?$char_traits@D@std@@@std@@7B?$basic_istream@DU?$char_traits@D@std@@@1@@

??_8?$basic_iostream@DU?$char_traits@D@std@@@std@@7B?$basic_ostream@DU?$char_traits@D@std@@@1@@

??_8?$basic_iostream@GU?$char_traits@G@std@@@std@@7B?$basic_istream@GU?$char_traits@G@std@@@1@@

??_8?$basic_iostream@GU?$char_traits@G@std@@@std@@7B?$basic_ostream@GU?$char_traits@G@std@@@1@@

??_8?$basic_iostream@_WU?$char_traits@_W@std@@@std@@7B?$basic_istream@_WU?$char_traits@_W@std@@@1@@

??_8?$basic_iostream@_WU?$char_traits@_W@std@@@std@@7B?$basic_ostream@_WU?$char_traits@_W@std@@@1@@

??_8?$basic_istream@DU?$char_traits@D@std@@@std@@7B@

??_8?$basic_istream@GU?$char_traits@G@std@@@std@@7B@

??_8?$basic_istream@_WU?$char_traits@_W@std@@@std@@7B@

??_8?$basic_ostream@DU?$char_traits@D@std@@@std@@7B@

??_8?$basic_ostream@GU?$char_traits@G@std@@@std@@7B@

??_8?$basic_ostream@_WU?$char_traits@_W@std@@@std@@7B@

??_D?$basic_iostream@DU?$char_traits@D@std@@@std@@QAEXXZ

??_D?$basic_iostream@GU?$char_traits@G@std@@@std@@QAEXXZ

??_D?$basic_iostream@_WU?$char_traits@_W@std@@@std@@QAEXXZ

??_D?$basic_istream@DU?$char_traits@D@std@@@std@@QAEXXZ

??_D?$basic_istream@GU?$char_traits@G@std@@@std@@QAEXXZ

??_D?$basic_istream@_WU?$char_traits@_W@std@@@std@@QAEXXZ

??_D?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ

??_D?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEXXZ

??_D?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEXXZ

??_F?$codecvt@DDH@std@@QAEXXZ

??_F?$codecvt@GDH@std@@QAEXXZ

??_F?$codecvt@_WDH@std@@QAEXXZ

??_F?$ctype@D@std@@QAEXXZ

??_F?$ctype@G@std@@QAEXXZ

??_F?$ctype@_W@std@@QAEXXZ

??_F?$num_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QAEXXZ

??_F?$num_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QAEXXZ

??_F?$num_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@QAEXXZ

??_F?$num_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QAEXXZ

??_F?$num_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QAEXXZ

??_F?$num_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@QAEXXZ

??_F?$time_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QAEXXZ

??_F?$time_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QAEXXZ

??_F?$time_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@QAEXXZ

??_F?$time_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QAEXXZ

??_F?$time_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QAEXXZ

??_F?$time_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@QAEXXZ

??_F_Locimp@locale@std@@QAEXXZ

??_F_Locinfo@std@@QAEXXZ

??_F_Timevec@std@@QAEXXZ

??_Fcodecvt_base@std@@QAEXXZ

??_Fctype_base@std@@QAEXXZ

??_Ffacet@locale@std@@QAEXXZ

??_Fid@locale@std@@QAEXXZ

??_Ftime_base@std@@QAEXXZ

?NFS_Allocate@details@Concurrency@@YAPAXIIPAX@Z

?NFS_Free@details@Concurrency@@YAXPAX@Z

?NFS_GetLineSize@details@Concurrency@@YAIXZ

?_Addcats@_Locinfo@std@@QAEAAV12@HPBD@Z

?_Addfac@_Locimp@locale@std@@AAEXPAVfacet@23@I@Z

?_Addstd@ios_base@std@@SAXPAV12@@Z

?_Advance@_Concurrent_queue_iterator_base_v4@details@Concurrency@@IAEXXZ

?_Assign@_Concurrent_queue_iterator_base_v4@details@Concurrency@@IAEXABV123@@Z

?_Atexit@@YAXP6AXXZ@Z

?_BADOFF@std@@3_JB

?_C_str@?$_Yarn@D@std@@QBEPBDXZ

?_Callfns@ios_base@std@@AAEXW4event@12@@Z

?_Clocptr@_Locimp@locale@std@@0PAV123@A

?_Decref@facet@locale@std@@QAEPAV123@XZ

?_Donarrow@?$ctype@G@std@@IBEDGD@Z

?_Donarrow@?$ctype@_W@std@@IBED_WD@Z

?_Dowiden@?$ctype@G@std@@IBEGD@Z

?_Dowiden@?$ctype@_W@std@@IBE_WD@Z

?_Empty@?$_Yarn@D@std@@QBE_NXZ

?_Ffmt@?$num_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@ABAPADPADDH@Z

?_Ffmt@?$num_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@ABAPADPADDH@Z

?_Ffmt@?$num_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@ABAPADPADDH@Z

?_Findarr@ios_base@std@@AAEAAU_Iosarray@12@H@Z

?_Fiopen@std@@YAPAU_iobuf@@PBDHH@Z

?_Fiopen@std@@YAPAU_iobuf@@PBGHH@Z

?_Fiopen@std@@YAPAU_iobuf@@PB_WHH@Z

?_Fput@?$num_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@ABA?AV?$ostreambuf_iterator@DU?$char_traits@D@std@@@2@V32@AAVios_base@2@DPBDIIII@Z

?_Fput@?$num_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@ABA?AV?$ostreambuf_iterator@GU?$char_traits@G@std@@@2@V32@AAVios_base@2@GPBDIIII@Z

?_Fput@?$num_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@ABA?AV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@2@V32@AAVios_base@2@_WPBDIIII@Z

?_GetCombinableSize@details@Concurrency@@YAIXZ

?_GetCurrentThreadId@details@Concurrency@@YAKXZ

?_Getcat@?$codecvt@DDH@std@@SAIPAPBVfacet@locale@2@PBV42@@Z

?_Getcat@?$codecvt@GDH@std@@SAIPAPBVfacet@locale@2@PBV42@@Z

?_Getcat@?$codecvt@_WDH@std@@SAIPAPBVfacet@locale@2@PBV42@@Z

?_Getcat@?$ctype@D@std@@SAIPAPBVfacet@locale@2@PBV42@@Z

?_Getcat@?$ctype@G@std@@SAIPAPBVfacet@locale@2@PBV42@@Z

?_Getcat@?$ctype@_W@std@@SAIPAPBVfacet@locale@2@PBV42@@Z

?_Getcat@?$num_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z

?_Getcat@?$num_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z

?_Getcat@?$num_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z

?_Getcat@?$num_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z

?_Getcat@?$num_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z

?_Getcat@?$num_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z

?_Getcat@?$time_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z

?_Getcat@?$time_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z

?_Getcat@?$time_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z

?_Getcat@?$time_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z

?_Getcat@?$time_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z

?_Getcat@?$time_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z

?_Getcat@facet@locale@std@@SAIPAPBV123@PBV23@@Z

?_Getcoll@_Locinfo@std@@QBE?AU_Collvec@@XZ

?_Getctype@_Locinfo@std@@QBE?AU_Ctypevec@@XZ

?_Getcvt@_Locinfo@std@@QBE?AU_Cvtvec@@XZ

?_Getdateorder@_Locinfo@std@@QBEHXZ

?_Getdays@_Locinfo@std@@QBEPBDXZ

?_Getfalse@_Locinfo@std@@QBEPBDXZ

?_Getffld@?$num_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@ABAHPADAAV?$istreambuf_iterator@DU?$char_traits@D@std@@@2@1AAVios_base@2@PAH@Z

?_Getffld@?$num_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@ABAHPADAAV?$istreambuf_iterator@GU?$char_traits@G@std@@@2@1AAVios_base@2@PAH@Z

?_Getffld@?$num_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@ABAHPADAAV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@2@1AAVios_base@2@PAH@Z

?_Getffldx@?$num_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@ABAHPADAAV?$istreambuf_iterator@DU?$char_traits@D@std@@@2@1AAVios_base@2@PAH@Z

?_Getffldx@?$num_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@ABAHPADAAV?$istreambuf_iterator@GU?$char_traits@G@std@@@2@1AAVios_base@2@PAH@Z

?_Getffldx@?$num_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@ABAHPADAAV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@2@1AAVios_base@2@PAH@Z

?_Getfmt@?$time_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@IBE?AV?$istreambuf_iterator@DU?$char_traits@D@std@@@2@V32@0AAVios_base@2@AAHPAUtm@@PBD@Z

?_Getfmt@?$time_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@IBE?AV?$istreambuf_iterator@GU?$char_traits@G@std@@@2@V32@0AAVios_base@2@AAHPAUtm@@PBD@Z

?_Getfmt@?$time_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@IBE?AV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@2@V32@0AAVios_base@2@AAHPAUtm@@PBD@Z

?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ

?_Getifld@?$num_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@ABAHPADAAV?$istreambuf_iterator@DU?$char_traits@D@std@@@2@1HABVlocale@2@@Z

?_Getifld@?$num_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@ABAHPADAAV?$istreambuf_iterator@GU?$char_traits@G@std@@@2@1HABVlocale@2@@Z

?_Getifld@?$num_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@ABAHPADAAV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@2@1HABVlocale@2@@Z

?_Getint@?$time_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@ABAHAAV?$istreambuf_iterator@DU?$char_traits@D@std@@@2@0HHAAH@Z

?_Getint@?$time_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@ABAHAAV?$istreambuf_iterator@GU?$char_traits@G@std@@@2@0HHAAH@Z

?_Getint@?$time_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@ABAHAAV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@2@0HHAAH@Z

?_Getlconv@_Locinfo@std@@QBEPBUlconv@@XZ

?_Getmonths@_Locinfo@std@@QBEPBDXZ

?_Getname@_Locinfo@std@@QBEPBDXZ

?_Getpfirst@_Container_base12@std@@QBEPAPAU_Iterator_base12@2@XZ

?_Getptr@_Timevec@std@@QBEPAXXZ

?_Gettnames@_Locinfo@std@@QBE?AV_Timevec@2@XZ

?_Gettrue@_Locinfo@std@@QBEPBDXZ

?_Gnavail@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBE_JXZ

?_Gnavail@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IBE_JXZ

?_Gnavail@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IBE_JXZ

?_Gndec@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ

?_Gndec@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IAEPAGXZ

?_Gndec@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAEPA_WXZ

?_Gninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ

?_Gninc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IAEPAGXZ

?_Gninc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAEPA_WXZ

?_Gnpreinc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ

?_Gnpreinc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IAEPAGXZ

?_Gnpreinc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAEPA_WXZ

?_Hexdig@?$num_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@ABAHDDDD@Z

?_Hexdig@?$num_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@ABAHGGGG@Z

?_Hexdig@?$num_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@ABAH_W000@Z

?_Id_cnt@id@locale@std@@0HA

?_Ifmt@?$num_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@ABAPADPADPBDH@Z

?_Ifmt@?$num_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@ABAPADPADPBDH@Z

?_Ifmt@?$num_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@ABAPADPADPBDH@Z

?_Incref@facet@locale@std@@QAEXXZ

Sections

.text
Size: 371KB - Virtual size: 371KB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 984B

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.reloc
Size: 21KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_DISCARDABLE

IMAGE_SCN_MEM_READ

plugins/msvcr100.dll

.dll windows:5 windows x86 arch:x86

5271d5ce8b44dd47bc92563e27585466

Code Sign

2e:ab:11:dc:50:ff:5c:9d:cb:c0
Certificate

Issuer

Not Before

22/08/2007, 22:31

Not After

25/08/2012, 07:00

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

61:01:b2:9b:00:00:00:00:00:15
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

21/02/2011, 20:53

Not After

21/05/2012, 20:53

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2
Certificate

Issuer

Not Before

16/09/2006, 01:04

Not After

15/09/2019, 07:00

Subject

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

61:06:94:2d:00:00:00:00:00:09
Certificate

Issuer

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

25/07/2008, 19:02

Not After

25/07/2013, 19:12

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:7A82-688A-9F92,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

KeyUsageContentCommitment

8d:91:f0:a3:ff:41:70:8c:67:d0:ba:79:6d:52:da:88:0c:59:23:cc
Signer

Actual PE Digest

8d:91:f0:a3:ff:41:70:8c:67:d0:ba:79:6d:52:da:88:0c:59:23:cc

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_LARGE_ADDRESS_AWARE

IMAGE_FILE_32BIT_MACHINE

IMAGE_FILE_DLL

PDB Paths

msvcr100.i386.pdb

Imports

kernel32

EncodePointer

DecodePointer

RaiseException

GetModuleFileNameA

GetModuleFileNameW

GetModuleHandleW

GetProcAddress

ExitProcess

WriteFile

GetStdHandle

GetCurrentThreadId

TlsGetValue

GetCommandLineW

GetCommandLineA

InitializeCriticalSectionAndSpinCount

DeleteCriticalSection

LeaveCriticalSection

EnterCriticalSection

ExitThread

CloseHandle

GetLastError

ResumeThread

CreateThread

TlsAlloc

TlsSetValue

TlsFree

InterlockedIncrement

SetLastError

InterlockedDecrement

GetCurrentThread

FindNextFileA

FindFirstFileExA

FindClose

FindNextFileW

FindFirstFileExW

GetLogicalDrives

GetDiskFreeSpaceA

FileTimeToSystemTime

FileTimeToLocalFileTime

SetErrorMode

Sleep

Beep

GetFileAttributesA

SetFileAttributesA

SetEnvironmentVariableA

GetCurrentDirectoryA

SetCurrentDirectoryA

GetCurrentDirectoryW

SetCurrentDirectoryW

GetFullPathNameA

GetDriveTypeW

GetCurrentProcessId

CreateDirectoryA

MoveFileA

RemoveDirectoryA

GetDriveTypeA

DeleteFileA

GetFileAttributesW

SetEnvironmentVariableW

SetFileAttributesW

GetFullPathNameW

CreateDirectoryW

MoveFileW

RemoveDirectoryW

DeleteFileW

GetExitCodeProcess

WaitForSingleObject

CreateProcessA

LoadLibraryA

FreeLibrary

CreateProcessW

ReadFile

DuplicateHandle

GetCurrentProcess

GetSystemTimeAsFileTime

GetTimeZoneInformation

GetLocalTime

WideCharToMultiByte

SetFileTime

LocalFileTimeToFileTime

SystemTimeToFileTime

SetLocalTime

InterlockedPopEntrySList

InterlockedFlushSList

QueryDepthSList

InterlockedPushEntrySList

CreateTimerQueue

CreateTimerQueueTimer

DeleteTimerQueueTimer

SetEvent

CreateEventW

SwitchToThread

SignalObjectAndWait

TryEnterCriticalSection

GetTickCount

VirtualFree

GetVersionExW

SetThreadPriority

VirtualAlloc

GetSystemInfo

GetProcessAffinityMask

VirtualProtect

SetThreadAffinityMask

InitializeSListHead

ReleaseSemaphore

CreateSemaphoreW

WaitForMultipleObjects

GetThreadPriority

LoadLibraryW

SleepEx

OutputDebugStringW

FreeLibraryAndExitThread

GetModuleHandleA

GetThreadTimes

DebugBreak

MultiByteToWideChar

GetStringTypeW

GetCPInfo

GetACP

GetOEMCP

IsValidCodePage

GetTimeFormatA

GetDateFormatA

GetTimeFormatW

GetDateFormatW

RtlUnwind

HeapAlloc

HeapFree

HeapCreate

HeapDestroy

HeapQueryInformation

HeapReAlloc

HeapSize

HeapValidate

HeapCompact

HeapWalk

VirtualQuery

SetHandleCount

GetFileType

GetStartupInfoW

GetFileInformationByHandle

PeekNamedPipe

CreateFileA

CreateFileW

SetFilePointer

GetConsoleCP

GetConsoleMode

FlushFileBuffers

CreatePipe

SetStdHandle

ReadConsoleInputA

SetConsoleMode

PeekConsoleInputA

GetNumberOfConsoleInputEvents

ReadConsoleInputW

WriteConsoleW

ReadConsoleW

SetEndOfFile

GetProcessHeap

InterlockedExchange

LockFile

UnlockFile

UnhandledExceptionFilter

SetUnhandledExceptionFilter

IsDebuggerPresent

TerminateProcess

SetConsoleCtrlHandler

GetLocaleInfoW

FreeEnvironmentStringsW

GetEnvironmentStringsW

QueryPerformanceCounter

LCMapStringW

CompareStringW

GetUserDefaultLCID

GetLocaleInfoA

EnumSystemLocalesA

IsValidLocale

IsProcessorFeaturePresent

Exports

$I10_OUTPUT

??0?$_SpinWait@$00@details@Concurrency@@QAE@P6AXXZ@Z

??0?$_SpinWait@$0A@@details@Concurrency@@QAE@P6AXXZ@Z

??0SchedulerPolicy@Concurrency@@QAA@IZZ

??0SchedulerPolicy@Concurrency@@QAE@ABV01@@Z

??0SchedulerPolicy@Concurrency@@QAE@XZ

??0_NonReentrantBlockingLock@details@Concurrency@@QAE@XZ

??0_NonReentrantPPLLock@details@Concurrency@@QAE@XZ

??0_ReaderWriterLock@details@Concurrency@@QAE@XZ

??0_ReentrantBlockingLock@details@Concurrency@@QAE@XZ

??0_ReentrantLock@details@Concurrency@@QAE@XZ

??0_ReentrantPPLLock@details@Concurrency@@QAE@XZ

??0_Scoped_lock@_NonReentrantPPLLock@details@Concurrency@@QAE@AAV123@@Z

??0_Scoped_lock@_ReentrantPPLLock@details@Concurrency@@QAE@AAV123@@Z

??0_SpinLock@details@Concurrency@@QAE@ACJ@Z

??0_TaskCollection@details@Concurrency@@QAE@XZ

??0_Timer@details@Concurrency@@IAE@I_N@Z

??0__non_rtti_object@std@@QAE@ABV01@@Z

??0__non_rtti_object@std@@QAE@PBD@Z

??0bad_cast@std@@AAE@PBQBD@Z

??0bad_cast@std@@QAE@ABV01@@Z

??0bad_cast@std@@QAE@PBD@Z

??0bad_target@Concurrency@@QAE@PBD@Z

??0bad_target@Concurrency@@QAE@XZ

??0bad_typeid@std@@QAE@ABV01@@Z

??0bad_typeid@std@@QAE@PBD@Z

??0context_self_unblock@Concurrency@@QAE@PBD@Z

??0context_self_unblock@Concurrency@@QAE@XZ

??0context_unblock_unbalanced@Concurrency@@QAE@PBD@Z

??0context_unblock_unbalanced@Concurrency@@QAE@XZ

??0critical_section@Concurrency@@QAE@XZ

??0default_scheduler_exists@Concurrency@@QAE@PBD@Z

??0default_scheduler_exists@Concurrency@@QAE@XZ

??0event@Concurrency@@QAE@XZ

??0exception@std@@QAE@ABQBD@Z

??0exception@std@@QAE@ABQBDH@Z

??0exception@std@@QAE@ABV01@@Z

??0exception@std@@QAE@XZ

??0improper_lock@Concurrency@@QAE@PBD@Z

??0improper_lock@Concurrency@@QAE@XZ

??0improper_scheduler_attach@Concurrency@@QAE@PBD@Z

??0improper_scheduler_attach@Concurrency@@QAE@XZ

??0improper_scheduler_detach@Concurrency@@QAE@PBD@Z

??0improper_scheduler_detach@Concurrency@@QAE@XZ

??0improper_scheduler_reference@Concurrency@@QAE@PBD@Z

??0improper_scheduler_reference@Concurrency@@QAE@XZ

??0invalid_link_target@Concurrency@@QAE@PBD@Z

??0invalid_link_target@Concurrency@@QAE@XZ

??0invalid_multiple_scheduling@Concurrency@@QAE@PBD@Z

??0invalid_multiple_scheduling@Concurrency@@QAE@XZ

??0invalid_operation@Concurrency@@QAE@PBD@Z

??0invalid_operation@Concurrency@@QAE@XZ

??0invalid_oversubscribe_operation@Concurrency@@QAE@PBD@Z

??0invalid_oversubscribe_operation@Concurrency@@QAE@XZ

??0invalid_scheduler_policy_key@Concurrency@@QAE@PBD@Z

??0invalid_scheduler_policy_key@Concurrency@@QAE@XZ

??0invalid_scheduler_policy_thread_specification@Concurrency@@QAE@PBD@Z

??0invalid_scheduler_policy_thread_specification@Concurrency@@QAE@XZ

??0invalid_scheduler_policy_value@Concurrency@@QAE@PBD@Z

??0invalid_scheduler_policy_value@Concurrency@@QAE@XZ

??0message_not_found@Concurrency@@QAE@PBD@Z

??0message_not_found@Concurrency@@QAE@XZ

??0missing_wait@Concurrency@@QAE@PBD@Z

??0missing_wait@Concurrency@@QAE@XZ

??0nested_scheduler_missing_detach@Concurrency@@QAE@PBD@Z

??0nested_scheduler_missing_detach@Concurrency@@QAE@XZ

??0operation_timed_out@Concurrency@@QAE@PBD@Z

??0operation_timed_out@Concurrency@@QAE@XZ

??0reader_writer_lock@Concurrency@@QAE@XZ

??0scheduler_not_attached@Concurrency@@QAE@PBD@Z

??0scheduler_not_attached@Concurrency@@QAE@XZ

??0scheduler_resource_allocation_error@Concurrency@@QAE@J@Z

??0scheduler_resource_allocation_error@Concurrency@@QAE@PBDJ@Z

??0scoped_lock@critical_section@Concurrency@@QAE@AAV12@@Z

??0scoped_lock@reader_writer_lock@Concurrency@@QAE@AAV12@@Z

??0scoped_lock_read@reader_writer_lock@Concurrency@@QAE@AAV12@@Z

??0task_canceled@details@Concurrency@@QAE@PBD@Z

??0task_canceled@details@Concurrency@@QAE@XZ

??0unsupported_os@Concurrency@@QAE@PBD@Z

??0unsupported_os@Concurrency@@QAE@XZ

??1SchedulerPolicy@Concurrency@@QAE@XZ

??1_NonReentrantBlockingLock@details@Concurrency@@QAE@XZ

??1_ReentrantBlockingLock@details@Concurrency@@QAE@XZ

??1_Scoped_lock@_NonReentrantPPLLock@details@Concurrency@@QAE@XZ

??1_Scoped_lock@_ReentrantPPLLock@details@Concurrency@@QAE@XZ

??1_SpinLock@details@Concurrency@@QAE@XZ

??1_TaskCollection@details@Concurrency@@QAE@XZ

??1_Timer@details@Concurrency@@IAE@XZ

??1__non_rtti_object@std@@UAE@XZ

??1bad_cast@std@@UAE@XZ

??1bad_typeid@std@@UAE@XZ

??1critical_section@Concurrency@@QAE@XZ

??1event@Concurrency@@QAE@XZ

??1exception@std@@UAE@XZ

??1reader_writer_lock@Concurrency@@QAE@XZ

??1scoped_lock@critical_section@Concurrency@@QAE@XZ

??1scoped_lock@reader_writer_lock@Concurrency@@QAE@XZ

??1scoped_lock_read@reader_writer_lock@Concurrency@@QAE@XZ

??1type_info@@UAE@XZ

??2@YAPAXI@Z

??2@YAPAXIHPBDH@Z

??3@YAXPAX@Z

??4?$_SpinWait@$00@details@Concurrency@@QAEAAV012@ABV012@@Z

??4?$_SpinWait@$0A@@details@Concurrency@@QAEAAV012@ABV012@@Z

??4SchedulerPolicy@Concurrency@@QAEAAV01@ABV01@@Z

??4__non_rtti_object@std@@QAEAAV01@ABV01@@Z

??4bad_cast@std@@QAEAAV01@ABV01@@Z

??4bad_typeid@std@@QAEAAV01@ABV01@@Z

??4exception@std@@QAEAAV01@ABV01@@Z

??8type_info@@QBE_NABV0@@Z

??9type_info@@QBE_NABV0@@Z

??_7__non_rtti_object@std@@6B@

??_7bad_cast@std@@6B@

??_7bad_typeid@std@@6B@

??_7exception@@6B@

??_7exception@std@@6B@

??_F?$_SpinWait@$00@details@Concurrency@@QAEXXZ

??_F?$_SpinWait@$0A@@details@Concurrency@@QAEXXZ

??_Fbad_cast@std@@QAEXXZ

??_Fbad_typeid@std@@QAEXXZ

??_U@YAPAXI@Z

??_U@YAPAXIHPBDH@Z

??_V@YAXPAX@Z

?Alloc@Concurrency@@YAPAXI@Z

?Block@Context@Concurrency@@SAXXZ

?Create@CurrentScheduler@Concurrency@@SAXABVSchedulerPolicy@2@@Z

?Create@Scheduler@Concurrency@@SAPAV12@ABVSchedulerPolicy@2@@Z

?CreateResourceManager@Concurrency@@YAPAUIResourceManager@1@XZ

?CreateScheduleGroup@CurrentScheduler@Concurrency@@SAPAVScheduleGroup@2@XZ

?CurrentContext@Context@Concurrency@@SAPAV12@XZ

?Detach@CurrentScheduler@Concurrency@@SAXXZ

?DisableTracing@Concurrency@@YAJXZ

?EnableTracing@Concurrency@@YAJXZ

?Free@Concurrency@@YAXPAX@Z

?Get@CurrentScheduler@Concurrency@@SAPAVScheduler@2@XZ

?GetExecutionContextId@Concurrency@@YAIXZ

?GetNumberOfVirtualProcessors@CurrentScheduler@Concurrency@@SAIXZ

?GetOSVersion@Concurrency@@YA?AW4OSVersion@IResourceManager@1@XZ

?GetPolicy@CurrentScheduler@Concurrency@@SA?AVSchedulerPolicy@2@XZ

?GetPolicyValue@SchedulerPolicy@Concurrency@@QBEIW4PolicyElementKey@2@@Z

?GetProcessorCount@Concurrency@@YAIXZ

?GetProcessorNodeCount@Concurrency@@YAIXZ

?GetSchedulerId@Concurrency@@YAIXZ

?GetSharedTimerQueue@details@Concurrency@@YAPAXXZ

?Id@Context@Concurrency@@SAIXZ

?Id@CurrentScheduler@Concurrency@@SAIXZ

?IsCurrentTaskCollectionCanceling@Context@Concurrency@@SA_NXZ

?Log2@details@Concurrency@@YAKI@Z

?Oversubscribe@Context@Concurrency@@SAX_N@Z

?RegisterShutdownEvent@CurrentScheduler@Concurrency@@SAXPAX@Z

?ResetDefaultSchedulerPolicy@Scheduler@Concurrency@@SAXXZ

?ScheduleGroupId@Context@Concurrency@@SAIXZ

?ScheduleTask@CurrentScheduler@Concurrency@@SAXP6AXPAX@Z0@Z

?SetConcurrencyLimits@SchedulerPolicy@Concurrency@@QAEXII@Z

?SetDefaultSchedulerPolicy@Scheduler@Concurrency@@SAXABVSchedulerPolicy@2@@Z

?SetPolicyValue@SchedulerPolicy@Concurrency@@QAEIW4PolicyElementKey@2@I@Z

?VirtualProcessorId@Context@Concurrency@@SAIXZ

?Yield@Context@Concurrency@@SAXXZ

?_Abort@_StructuredTaskCollection@details@Concurrency@@AAEXXZ

?_Acquire@_NonReentrantBlockingLock@details@Concurrency@@QAEXXZ

?_Acquire@_NonReentrantPPLLock@details@Concurrency@@QAEXPAX@Z

?_Acquire@_ReentrantBlockingLock@details@Concurrency@@QAEXXZ

?_Acquire@_ReentrantLock@details@Concurrency@@QAEXXZ

?_Acquire@_ReentrantPPLLock@details@Concurrency@@QAEXPAX@Z

?_AcquireRead@_ReaderWriterLock@details@Concurrency@@QAEXXZ

?_AcquireWrite@_ReaderWriterLock@details@Concurrency@@QAEXXZ

?_Cancel@_StructuredTaskCollection@details@Concurrency@@QAEXXZ

?_Cancel@_TaskCollection@details@Concurrency@@QAEXXZ

?_CheckTaskCollection@_UnrealizedChore@details@Concurrency@@IAEXXZ

?_ConcRT_Assert@details@Concurrency@@YAXPBD0H@Z

?_ConcRT_CoreAssert@details@Concurrency@@YAXPBD0H@Z

?_ConcRT_DumpMessage@details@Concurrency@@YAXPB_WZZ

?_ConcRT_Trace@details@Concurrency@@YAXHPB_WZZ

?_Copy_str@exception@std@@AAEXPBD@Z

?_DoYield@?$_SpinWait@$00@details@Concurrency@@IAEXXZ

?_DoYield@?$_SpinWait@$0A@@details@Concurrency@@IAEXXZ

?_IsCanceling@_StructuredTaskCollection@details@Concurrency@@QAE_NXZ

?_IsCanceling@_TaskCollection@details@Concurrency@@QAE_NXZ

?_Name_base@type_info@@CAPBDPBV1@PAU__type_info_node@@@Z

?_Name_base_internal@type_info@@CAPBDPBV1@PAU__type_info_node@@@Z

?_NumberOfSpins@?$_SpinWait@$00@details@Concurrency@@IAEKXZ

?_NumberOfSpins@?$_SpinWait@$0A@@details@Concurrency@@IAEKXZ

?_Release@_NonReentrantBlockingLock@details@Concurrency@@QAEXXZ

?_Release@_NonReentrantPPLLock@details@Concurrency@@QAEXXZ

?_Release@_ReentrantBlockingLock@details@Concurrency@@QAEXXZ

?_Release@_ReentrantLock@details@Concurrency@@QAEXXZ

?_Release@_ReentrantPPLLock@details@Concurrency@@QAEXXZ

?_ReleaseRead@_ReaderWriterLock@details@Concurrency@@QAEXXZ

?_ReleaseWrite@_ReaderWriterLock@details@Concurrency@@QAEXXZ

?_Reset@?$_SpinWait@$00@details@Concurrency@@IAEXXZ

?_Reset@?$_SpinWait@$0A@@details@Concurrency@@IAEXXZ

?_RunAndWait@_StructuredTaskCollection@details@Concurrency@@QAG?AW4_TaskCollectionStatus@23@PAV_UnrealizedChore@23@@Z

?_RunAndWait@_TaskCollection@details@Concurrency@@QAG?AW4_TaskCollectionStatus@23@PAV_UnrealizedChore@23@@Z

?_Schedule@_StructuredTaskCollection@details@Concurrency@@QAEXPAV_UnrealizedChore@23@@Z

?_Schedule@_TaskCollection@details@Concurrency@@QAEXPAV_UnrealizedChore@23@@Z

?_SetSpinCount@?$_SpinWait@$00@details@Concurrency@@QAEXI@Z

?_SetSpinCount@?$_SpinWait@$0A@@details@Concurrency@@QAEXI@Z

?_ShouldSpinAgain@?$_SpinWait@$00@details@Concurrency@@IAE_NXZ

?_ShouldSpinAgain@?$_SpinWait@$0A@@details@Concurrency@@IAE_NXZ

?_SpinOnce@?$_SpinWait@$00@details@Concurrency@@QAE_NXZ

?_SpinOnce@?$_SpinWait@$0A@@details@Concurrency@@QAE_NXZ

?_SpinYield@Context@Concurrency@@SAXXZ

?_Start@_Timer@details@Concurrency@@IAEXXZ

?_Stop@_Timer@details@Concurrency@@IAEXXZ

?_Tidy@exception@std@@AAEXXZ

?_Trace_ppl_function@Concurrency@@YAXABU_GUID@@EW4ConcRT_EventType@1@@Z

?_TryAcquire@_NonReentrantBlockingLock@details@Concurrency@@QAE_NXZ

?_TryAcquire@_ReentrantBlockingLock@details@Concurrency@@QAE_NXZ

?_TryAcquire@_ReentrantLock@details@Concurrency@@QAE_NXZ

?_TryAcquireWrite@_ReaderWriterLock@details@Concurrency@@QAE_NXZ

?_Type_info_dtor@type_info@@CAXPAV1@@Z

?_Type_info_dtor_internal@type_info@@CAXPAV1@@Z

?_UnderlyingYield@details@Concurrency@@YAXXZ

?_ValidateExecute@@YAHP6GHXZ@Z

?_ValidateRead@@YAHPBXI@Z

?_ValidateWrite@@YAHPAXI@Z

?_Value@_SpinCount@details@Concurrency@@SAIXZ

?__ExceptionPtrAssign@@YAXPAXPBX@Z

?__ExceptionPtrCompare@@YA_NPBX0@Z

?__ExceptionPtrCopy@@YAXPAXPBX@Z

?__ExceptionPtrCopyException@@YAXPAXPBX1@Z

?__ExceptionPtrCreate@@YAXPAX@Z

?__ExceptionPtrCurrentException@@YAXPAX@Z

?__ExceptionPtrDestroy@@YAXPAX@Z

?__ExceptionPtrRethrow@@YAXPBX@Z

?_inconsistency@@YAXXZ

?_invalid_parameter@@YAXPBG00II@Z

?_is_exception_typeof@@YAHABVtype_info@@PAU_EXCEPTION_POINTERS@@@Z

?_name_internal_method@type_info@@QBEPBDPAU__type_info_node@@@Z

?_open@@YAHPBDHH@Z

?_query_new_handler@@YAP6AHI@ZXZ

?_query_new_mode@@YAHXZ

?_set_new_handler@@YAP6AHI@ZH@Z

?_set_new_handler@@YAP6AHI@ZP6AHI@Z@Z

?_set_new_mode@@YAHH@Z

?_set_se_translator@@YAP6AXIPAU_EXCEPTION_POINTERS@@@ZH@Z

?_set_se_translator@@YAP6AXIPAU_EXCEPTION_POINTERS@@@ZP6AXI0@Z@Z

?_sopen@@YAHPBDHHH@Z

?_type_info_dtor_internal_method@type_info@@QAEXXZ

?_wopen@@YAHPB_WHH@Z

?_wsopen@@YAHPB_WHHH@Z

?before@type_info@@QBEHABV1@@Z

?get_error_code@scheduler_resource_allocation_error@Concurrency@@QBEJXZ

?lock@critical_section@Concurrency@@QAEXXZ

?lock@reader_writer_lock@Concurrency@@QAEXXZ

?lock_read@reader_writer_lock@Concurrency@@QAEXXZ

?name@type_info@@QBEPBDPAU__type_info_node@@@Z

?native_handle@critical_section@Concurrency@@QAEAAV12@XZ

?raw_name@type_info@@QBEPBDXZ

?reset@event@Concurrency@@QAEXXZ

?set@event@Concurrency@@QAEXXZ

?set_new_handler@@YAP6AXXZP6AXXZ@Z

?set_terminate@@YAP6AXXZH@Z

?set_terminate@@YAP6AXXZP6AXXZ@Z

?set_unexpected@@YAP6AXXZH@Z

?set_unexpected@@YAP6AXXZP6AXXZ@Z

?swprintf@@YAHPAGIPBGZZ

?swprintf@@YAHPA_WIPB_WZZ

?terminate@@YAXXZ

?try_lock@critical_section@Concurrency@@QAE_NXZ

?try_lock@reader_writer_lock@Concurrency@@QAE_NXZ

?try_lock_read@reader_writer_lock@Concurrency@@QAE_NXZ

?unexpected@@YAXXZ

?unlock@critical_section@Concurrency@@QAEXXZ

?unlock@reader_writer_lock@Concurrency@@QAEXXZ

?vswprintf@@YAHPA_WIPB_WPAD@Z

?wait@Concurrency@@YAXI@Z

?wait@event@Concurrency@@QAEII@Z

?wait_for_multiple@event@Concurrency@@SAIPAPAV12@I_NI@Z

?what@exception@std@@UBEPBDXZ

_CIacos

_CIasin

_CIatan

_CIatan2

_CIcos

_CIcosh

_CIexp

_CIfmod

_CIlog

_CIlog10

_CIpow

_CIsin

_CIsinh

_CIsqrt

_CItan

_CItanh

_CRT_RTC_INIT

_CRT_RTC_INITW

_CreateFrameInfo

_CxxThrowException

_EH_prolog

_FindAndUnlinkFrame

_Getdays

_Getmonths

_Gettnames

_HUGE

_IsExceptionObjectToBeDestroyed

_NLG_Dispatch2

_NLG_Return

_NLG_Return2

_Strftime

_XcptFilter

__AdjustPointer

__BuildCatchObject

__BuildCatchObjectHelper

__CppXcptFilter

__CxxCallUnwindDelDtor

__CxxCallUnwindDtor

__CxxCallUnwindStdDelDtor

__CxxCallUnwindVecDtor

__CxxDetectRethrow

__CxxExceptionFilter

__CxxFrameHandler

__CxxFrameHandler2

__CxxFrameHandler3

__CxxLongjmpUnwind

__CxxQueryExceptionSize

__CxxRegisterExceptionObject

__CxxUnregisterExceptionObject

__DestructExceptionObject

__FrameUnwindFilter

__RTCastToVoid

__RTDynamicCast

__RTtypeid

__STRINGTOLD

__STRINGTOLD_L

__TypeMatch

___fls_getvalue@4

___fls_setvalue@8

___lc_codepage_func

___lc_collate_cp_func

___lc_handle_func

___mb_cur_max_func

___mb_cur_max_l_func

___setlc_active_func

___unguarded_readlc_active_add_func

__argc

__argv

__badioinfo

__clean_type_info_names_internal

__control87_2

__create_locale

__crtCompareStringA

__crtCompareStringW

__crtLCMapStringA

__crtLCMapStringW

__daylight

__dllonexit

__doserrno

__dstbias

__fpecode

__free_locale

__get_current_locale

__get_flsindex

__get_tlsindex

__getmainargs

__initenv

__iob_func

__isascii

__iscsym

__iscsymf

__iswcsym

__iswcsymf

__lconv

__lconv_init

__libm_sse2_acos

__libm_sse2_acosf

__libm_sse2_asin

__libm_sse2_asinf

__libm_sse2_atan

__libm_sse2_atan2

__libm_sse2_atanf

__libm_sse2_cos

__libm_sse2_cosf

__libm_sse2_exp

__libm_sse2_expf

__libm_sse2_log

__libm_sse2_log10

__libm_sse2_log10f

__libm_sse2_logf

__libm_sse2_pow

__libm_sse2_powf

__libm_sse2_sin

__libm_sse2_sinf

__libm_sse2_tan

__libm_sse2_tanf

__mb_cur_max

__p___argc

__p___argv

__p___initenv

__p___mb_cur_max

__p___wargv

__p___winitenv

__p__acmdln

__p__commode

__p__daylight

__p__dstbias

__p__environ

__p__fmode

__p__iob

__p__mbcasemap

__p__mbctype

__p__pctype

__p__pgmptr

__p__pwctype

__p__timezone

__p__tzname

__p__wcmdln

__p__wenviron

__p__wpgmptr

__pctype_func

__pioinfo

__pwctype_func

__pxcptinfoptrs

__report_gsfailure

__set_app_type

__set_flsgetvalue

__setlc_active

__setusermatherr

__strncnt

__swprintf_l

__sys_errlist

__sys_nerr

__threadhandle

__threadid

__timezone

__toascii

__tzname

__unDName

__unDNameEx

__unDNameHelper

__uncaught_exception

__unguarded_readlc_active

__vswprintf_l

__wargv

__wcserror

__wcserror_s

__wcsncnt

__wgetmainargs

__winitenv

_abnormal_termination

_abs64

_access

_access_s

_acmdln

_aligned_free

_aligned_malloc

_aligned_msize

_aligned_offset_malloc

_aligned_offset_realloc

_aligned_offset_recalloc

_aligned_realloc

_aligned_recalloc

_amsg_exit

_assert

_atodbl

_atodbl_l

_atof_l

_atoflt

_atoflt_l

_atoi64

_atoi64_l

_atoi_l

_atol_l

_atoldbl

_atoldbl_l

_beep

_beginthread

_beginthreadex

_byteswap_uint64

_byteswap_ulong

_byteswap_ushort

_c_exit

_cabs

_callnewh

_calloc_crt

_cexit

_cgets

_cgets_s

_cgetws

_cgetws_s

_chdir

_chdrive

_chgsign

_chkesp

_chmod

_chsize

_chsize_s

_clearfp

_close

_commit

_commode

_configthreadlocale

_control87

_controlfp

_controlfp_s

_copysign

_cprintf

_cprintf_l

_cprintf_p

Sections

.text
Size: 709KB - Virtual size: 708KB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

.data
Size: 19KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1016B

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.reloc
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_DISCARDABLE

IMAGE_SCN_MEM_READ

plugins/zlibwapi.dll

.dll windows:5 windows x86 arch:x86

b070f394134929dd5353cb9140a1caaf

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_32BIT_MACHINE

IMAGE_FILE_DLL

Imports

kernel32

CreateFileA

SetFilePointer

WriteFile

ReadFile

CreateFileW

GetLastError

CloseHandle

HeapFree

HeapAlloc

GetSystemTimeAsFileTime

GetCurrentThreadId

DecodePointer

GetCommandLineA

UnhandledExceptionFilter

SetUnhandledExceptionFilter

IsDebuggerPresent

EncodePointer

TerminateProcess

GetCurrentProcess

HeapCreate

HeapDestroy

GetProcAddress

GetModuleHandleW

ExitProcess

GetStdHandle

GetModuleFileNameW

Sleep

TlsAlloc

TlsGetValue

TlsSetValue

TlsFree

InterlockedIncrement

SetLastError

InterlockedDecrement

MultiByteToWideChar

SetHandleCount

InitializeCriticalSectionAndSpinCount

GetFileType

GetStartupInfoW

DeleteCriticalSection

EnterCriticalSection

LeaveCriticalSection

RtlUnwind

WideCharToMultiByte

GetConsoleCP

GetConsoleMode

GetModuleFileNameA

FreeEnvironmentStringsW

GetEnvironmentStringsW

QueryPerformanceCounter

GetTickCount

GetCurrentProcessId

GetCPInfo

GetACP

GetOEMCP

IsValidCodePage

LoadLibraryW

HeapReAlloc

SetStdHandle

FlushFileBuffers

IsProcessorFeaturePresent

WriteConsoleW

LCMapStringW

GetStringTypeW

HeapSize

SetEndOfFile

GetProcessHeap

Exports

adler32

adler32_combine

compress

compress2

compressBound

crc32

crc32_combine

deflate

deflateBound

deflateCopy

deflateEnd

deflateInit2_

deflateInit_

deflateParams

deflatePrime

deflateReset

deflateSetDictionary

deflateSetHeader

deflateTune

fill_win32_filefunc

fill_win32_filefunc64

fill_win32_filefunc64A

fill_win32_filefunc64W

get_crc_table

gzbuffer

gzclearerr

gzclose

gzclose_r

gzclose_w

gzdirect

gzdopen

gzeof

gzerror

gzflush

gzgetc

gzgets

gzoffset

gzopen

gzprintf

gzputc

gzputs

gzread

gzrewind

gzseek

gzsetparams

gztell

gzungetc

gzwrite

inflate

inflateBack

inflateBackEnd

inflateBackInit_

inflateCopy

inflateEnd

inflateGetHeader

inflateInit2_

inflateInit_

inflateMark

inflatePrime

inflateReset

inflateReset2

inflateSetDictionary

inflateSync

inflateSyncPoint

inflateUndermine

uncompress

unzClose

unzCloseCurrentFile

unzGetCurrentFileInfo

unzGetCurrentFileInfo64

unzGetCurrentFileZStreamPos64

unzGetFilePos

unzGetFilePos64

unzGetGlobalComment

unzGetGlobalInfo

unzGetGlobalInfo64

unzGetLocalExtrafield

unzGoToFilePos

unzGoToFilePos64

unzGoToFirstFile

unzGoToNextFile

unzLocateFile

unzOpen

unzOpen2

unzOpen2_64

unzOpen64

unzOpenCurrentFile

unzOpenCurrentFile2

unzOpenCurrentFile3

unzOpenCurrentFilePassword

unzReadCurrentFile

unzStringFileNameCompare

unzeof

unztell

unztell64

zError

zipClose

zipCloseFileInZip

zipCloseFileInZipRaw

zipCloseFileInZipRaw64

zipOpen

zipOpen2

zipOpen2_64

zipOpen64

zipOpenNewFileInZip

zipOpenNewFileInZip2

zipOpenNewFileInZip2_64

zipOpenNewFileInZip3

zipOpenNewFileInZip3_64

zipOpenNewFileInZip4_64

zipOpenNewFileInZip64

zipWriteInFileInZip

zlibCompileFlags

zlibVersion

Sections

.text
Size: 98KB - Virtual size: 97KB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

.rdata
Size: 29KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 912B

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_DISCARDABLE

IMAGE_SCN_MEM_READ

regeldb.dxr

sprache/chinesesimp.dxs

sprache/chinesetrad.dxs

sprache/czech.dxs

sprache/deutsch.dxs

sprache/english.dxs

sprache/espanol.dxs

sprache/farsi.dxs

sprache/francais.dxs

sprache/greek.dxs

sprache/hungarian.dxs

sprache/italiano.dxs

sprache/korean.dxs

sprache/nederlands.dxs

sprache/norwegian.dxs

sprache/polski.dxs

sprache/portuguese.dxs

sprache/russian.dxs

sprache/schweizerdeutsch.dxs

sprache/serbian_cyr.dxs

sprache/serbian_lat.dxs

sprache/slovak.dxs

sprache/suomi.dxs

sprache/svenska.dxs

sprache/turkish.dxs

sprache/ukrainian.dxs

uninstall.exe.nsis

updexer.exe

.exe windows:4 windows x86 arch:x86

b7b12a34159b0524a0c5e7945fd95c42

Code Sign

b0:18:0d:97:b7:4d:c8:a3:f1:98:ff:2c:70:e0:ae:b1
Certificate

Issuer

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

08/07/2019, 00:00

Not After

07/07/2022, 23:59

Subject

CN=Sebastian Brands und Patrick Dubbert (Dexpot GbR),OU=Sebastian Brands und Patrick Dubbert (Dexpot GbR),O=Sebastian Brands und Patrick Dubbert (Dexpot GbR),POSTALCODE=46487,STREET=Bergerfurth 38,L=Wesel,ST=NRW,C=DE,2.5.4.18=#13053436343837

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/11/2018, 00:00

Not After

31/12/2030, 23:59

Subject

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

3d:1a:35:72:30:15:82:63:30:d0:13:71:7e:82:41:08
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

02/05/2019, 00:00

Not After

01/08/2030, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #1,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

7e:57:dd:59:74:e9:94:b1:13:5c:c2:80:58:f7:96:12:b3:c1:7e:9b:22:5d:ef:42:85:3c:de:de:94:cd:5f:31
Signer

Actual PE Digest

7e:57:dd:59:74:e9:94:b1:13:5c:c2:80:58:f7:96:12:b3:c1:7e:9b:22:5d:ef:42:85:3c:de:de:94:cd:5f:31

Digest Algorithm

sha256

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_LINE_NUMS_STRIPPED

IMAGE_FILE_LOCAL_SYMS_STRIPPED

IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

EVENT_SINK_GetIDsOfNames

MethCallEngine

EVENT_SINK_Invoke

ord517

ord519

ord553

Zombie_GetTypeInfo

ord669

ord300

ord301

ord595

ord303

ord598

ord305

ord306

ord307

ord309

ord709

ord631

ord525

EVENT_SINK_AddRef

ord529

DllFunctionCall

ord563

Zombie_GetTypeInfoCount

EVENT_SINK_Release

ord311

EVENT_SINK_QueryInterface

__vbaExceptHandler

ord711

ord313

ord712

ord606

ord530

ord531

ord717

ord319

ProcCallEngine

ord537

ord644

ord645

ord648

ord681

ord576

ord685

ord100

ord611

ord320

ord321

ord616

ord618

ord619

ord542

ord543

ord544

ord545

ord546

ord547

ord581

Sections

.text
Size: 80KB - Virtual size: 78KB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

wechsel.ini

zlibwapi.dll

.dll windows:5 windows x86 arch:x86

b070f394134929dd5353cb9140a1caaf

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_32BIT_MACHINE

IMAGE_FILE_DLL

Imports

kernel32

CreateFileA

SetFilePointer

WriteFile

ReadFile

CreateFileW

GetLastError

CloseHandle

HeapFree

HeapAlloc

GetSystemTimeAsFileTime

GetCurrentThreadId

DecodePointer

GetCommandLineA

UnhandledExceptionFilter

SetUnhandledExceptionFilter

IsDebuggerPresent

EncodePointer

TerminateProcess

GetCurrentProcess

HeapCreate

HeapDestroy

GetProcAddress

GetModuleHandleW

ExitProcess

GetStdHandle

GetModuleFileNameW

Sleep

TlsAlloc

TlsGetValue

TlsSetValue

TlsFree

InterlockedIncrement

SetLastError

InterlockedDecrement

MultiByteToWideChar

SetHandleCount

InitializeCriticalSectionAndSpinCount

GetFileType

GetStartupInfoW

DeleteCriticalSection

EnterCriticalSection

LeaveCriticalSection

RtlUnwind

WideCharToMultiByte

GetConsoleCP

GetConsoleMode

GetModuleFileNameA

FreeEnvironmentStringsW

GetEnvironmentStringsW

QueryPerformanceCounter

GetTickCount

GetCurrentProcessId

GetCPInfo

GetACP

GetOEMCP

IsValidCodePage

LoadLibraryW

HeapReAlloc

SetStdHandle

FlushFileBuffers

IsProcessorFeaturePresent

WriteConsoleW

LCMapStringW

GetStringTypeW

HeapSize

SetEndOfFile

GetProcessHeap

Exports

adler32

adler32_combine

compress

compress2

compressBound

crc32

crc32_combine

deflate

deflateBound

deflateCopy

deflateEnd

deflateInit2_

deflateInit_

deflateParams

deflatePrime

deflateReset

deflateSetDictionary

deflateSetHeader

deflateTune

fill_win32_filefunc

fill_win32_filefunc64

fill_win32_filefunc64A

fill_win32_filefunc64W

get_crc_table

gzbuffer

gzclearerr

gzclose

gzclose_r

gzclose_w

gzdirect

gzdopen

gzeof

gzerror

gzflush

gzgetc

gzgets

gzoffset

gzopen

gzprintf

gzputc

gzputs

gzread

gzrewind

gzseek

gzsetparams

gztell

gzungetc

gzwrite

inflate

inflateBack

inflateBackEnd

inflateBackInit_

inflateCopy

inflateEnd

inflateGetHeader

inflateInit2_

inflateInit_

inflateMark

inflatePrime

inflateReset

inflateReset2

inflateSetDictionary

inflateSync

inflateSyncPoint

inflateUndermine

uncompress

unzClose

unzCloseCurrentFile

unzGetCurrentFileInfo

unzGetCurrentFileInfo64

unzGetCurrentFileZStreamPos64

unzGetFilePos

unzGetFilePos64

unzGetGlobalComment

unzGetGlobalInfo

unzGetGlobalInfo64

unzGetLocalExtrafield

unzGoToFilePos

unzGoToFilePos64

unzGoToFirstFile

unzGoToNextFile

unzLocateFile

unzOpen

unzOpen2

unzOpen2_64

unzOpen64

unzOpenCurrentFile

unzOpenCurrentFile2

unzOpenCurrentFile3

unzOpenCurrentFilePassword

unzReadCurrentFile

unzStringFileNameCompare

unzeof

unztell

unztell64

zError

zipClose

zipCloseFileInZip

zipCloseFileInZipRaw

zipCloseFileInZipRaw64

zipOpen

zipOpen2

zipOpen2_64

zipOpen64

zipOpenNewFileInZip

zipOpenNewFileInZip2

zipOpenNewFileInZip2_64

zipOpenNewFileInZip3

zipOpenNewFileInZip3_64

zipOpenNewFileInZip4_64

zipOpenNewFileInZip64

zipWriteInFileInZip

zlibCompileFlags

zlibVersion

Sections

.text
Size: 98KB - Virtual size: 97KB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

.rdata
Size: 29KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 912B

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_DISCARDABLE

IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b76363e9cb88bf9390860da8e50999d2

Code Sign

b0:18:0d:97:b7:4d:c8:a3:f1:98:ff:2c:70:e0:ae:b1Certificate

Extended Key Usages

Key Usages

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6aCertificate

Extended Key Usages

Key Usages

3d:1a:35:72:30:15:82:63:30:d0:13:71:7e:82:41:08Certificate

Extended Key Usages

Key Usages

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate

Extended Key Usages

Key Usages

e2:8c:5b:c6:eb:87:22:a0:4a:5e:f3:11:db:bf:1a:98:02:cb:8a:56:df:a6:62:d4:ba:03:b0:be:71:84:76:36Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

Sections

.text Size: 24KB - Virtual size: 23KB

.rdata Size: 5KB - Virtual size: 4KB

.data Size: 1KB - Virtual size: 151KB

.ndata Size: - Virtual size: 92KB

.rsrc Size: 62KB - Virtual size: 62KB

738dc9bb91549f627cf1953c2000e1d6

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

comdlg32

ole32

Exports

Exports

Sections

.text Size: 7KB - Virtual size: 6KB

.rdata Size: 2KB - Virtual size: 2KB

.data Size: 2KB - Virtual size: 10KB

.rsrc Size: 512B - Virtual size: 152B

.reloc Size: 1KB - Virtual size: 1KB

4e5f0ae8071ae04cdb537283701198ff

Headers

File Characteristics

Imports

kernel32

user32

gdi32

Exports

Exports

Sections

.text Size: 2KB - Virtual size: 1KB

.rdata Size: 1024B - Virtual size: 697B

.data Size: 512B - Virtual size: 3KB

.rsrc Size: 512B - Virtual size: 352B

.reloc Size: 512B - Virtual size: 320B

f2ac1ab587d5531d5f1bf76c094aef4c

Headers

File Characteristics

Imports

kernel32

user32

ole32

Exports

Exports

Sections

b0:18:0d:97:b7:4d:c8:a3:f1:98:ff:2c:70:e0:ae:b1
Certificate

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

3d:1a:35:72:30:15:82:63:30:d0:13:71:7e:82:41:08
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

e2:8c:5b:c6:eb:87:22:a0:4a:5e:f3:11:db:bf:1a:98:02:cb:8a:56:df:a6:62:d4:ba:03:b0:be:71:84:76:36
Signer

.text
Size: 24KB - Virtual size: 23KB

.rdata
Size: 5KB - Virtual size: 4KB

.data
Size: 1KB - Virtual size: 151KB

.ndata
Size: - Virtual size: 92KB

.rsrc
Size: 62KB - Virtual size: 62KB

.text
Size: 7KB - Virtual size: 6KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 2KB - Virtual size: 10KB

.rsrc
Size: 512B - Virtual size: 152B

.reloc
Size: 1KB - Virtual size: 1KB

.text
Size: 2KB - Virtual size: 1KB

.rdata
Size: 1024B - Virtual size: 697B

.data
Size: 512B - Virtual size: 3KB

.rsrc
Size: 512B - Virtual size: 352B

.reloc
Size: 512B - Virtual size: 320B

.text
Size: 7KB - Virtual size: 7KB

.rdata
Size: 1024B - Virtual size: 784B

.data
Size: 512B - Virtual size: 100B

.reloc
Size: 512B - Virtual size: 510B

.text
Size: 13KB - Virtual size: 12KB

.data
Size: 1024B - Virtual size: 1KB

.rsrc
Size: 512B - Virtual size: 488B

.reloc
Size: 1KB - Virtual size: 1KB

.text
Size: 4KB - Virtual size: 4KB

.rdata
Size: 2KB - Virtual size: 1KB

.data
Size: 512B - Virtual size: 4KB

.rsrc
Size: 512B - Virtual size: 152B

.reloc
Size: 1024B - Virtual size: 572B

61:19:cc:93:00:01:00:00:00:66
Certificate

61:05:13:36:00:00:00:00:00:1a
Certificate

61:33:26:1a:00:00:00:00:00:31
Certificate

61:16:68:34:00:00:00:00:00:1c
Certificate

99:62:75:37:aa:09:43:91:6f:df:53:cd:c9:a0:5f:34:d1:cc:bd:49
Signer

.text
Size: 676KB - Virtual size: 673KB

.data
Size: 28KB - Virtual size: 31KB

.rsrc
Size: 284KB - Virtual size: 281KB

.reloc
Size: 44KB - Virtual size: 41KB