sample[.]zip | Triage

Sharing

Copy URL Twitter E-mail

General

Target

sample.zip
Size

3.4MB
MD5

231c9ea331225fc97a0539b6eed76268
SHA1

a4d2801213e4fc3bec6fe7839fcd52f140f6ebaf
SHA256

29fcf5f8fb75cd0e1dca6b15805d0115d12636f6f7ceb5890a10c429e56f9189
SHA512

492b2e175a7cf018bc8878c98b14cd741b71d91735403fd9f3a9cf17d7332f1d3d2900db798e680385369efaf910ab55c054f189e2ee1e3f41ac263ee6797f3d
SSDEEP

98304:Y/E3IEstBhaKt4lYiVel/YIEXoNrLqjFK:YdECa+nscOQfqM

Score

3^/10

Malware Config

Signatures

Unsigned PE 3 IoCs

Checks for missing Authenticode signature.

resource
unpack002/__MACOS__/__MACOS__/__MACOS__/__MACOS__/__MACOS__/ipc_core.dll
unpack002/__MACOS__/__MACOS__/__MACOS__/__MACOS__/__MACOS__/zlibwapi.dll
unpack001/EvilEye.exe

Files

sample.zip
.zip
2ԶʻƷ-ﾲ˼ (1)(1).iso
.iso
2年自动驾驶产品经理-孙静个人简历.pdf.lnk
.lnk
__MACOS__/__MACOS__/__MACOS__/__MACOS__/__MACOS__/2.pdf
.pdf
__MACOS__/__MACOS__/__MACOS__/__MACOS__/__MACOS__/base.dll
.dll windows:5 windows x64 arch:x64

1d2b02d655aef49cb46e51cf69f91bfa

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0f:af:69:d7:a3:81:e9:2b:82:9f:9d:6e:3d:ad:92:5b
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

02/08/2021, 00:00

Not After

01/08/2024, 23:59

Subject

CN=DingTalk Technology Co.\,Ltd.,O=DingTalk Technology Co.\,Ltd.,L=杭州市,ST=浙江省,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0f:af:69:d7:a3:81:e9:2b:82:9f:9d:6e:3d:ad:92:5b
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

02/08/2021, 00:00

Not After

01/08/2024, 23:59

Subject

CN=DingTalk Technology Co.\,Ltd.,O=DingTalk Technology Co.\,Ltd.,L=杭州市,ST=浙江省,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

bd:bd:39:64:7d:93:91:8c:7e:e0:14:14:43:ce:dc:bd:09:95:58:2a:c5:79:f5:2d:89:18:e1:60:fd:c3:2d:9f
Signer

Actual PE Digest

bd:bd:39:64:7d:93:91:8c:7e:e0:14:14:43:ce:dc:bd:09:95:58:2a:c5:79:f5:2d:89:18:e1:60:fd:c3:2d:9f

Digest Algorithm

sha256

PE Digest Matches

true

aa:46:8c:99:bd:95:ed:be:4c:80:09:43:53:20:0a:a7:cd:26:b1:b5
Signer

Actual PE Digest

aa:46:8c:99:bd:95:ed:be:4c:80:09:43:53:20:0a:a7:cd:26:b1:b5

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

F:\work\base\out\Release_GN_x64_Shared\release\base.dll.pdb

Imports

netapi32

NetGetJoinInformation
NetApiBufferFree

advapi32

RegDeleteKeyW
ConvertSidToStringSidW
RegSetValueExW
InitializeAcl
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
CreateProcessAsUserW
OpenProcessToken
GetSidSubAuthority
GetSidSubAuthorityCount
GetTokenInformation
SystemFunction036
EventWriteTransfer
StartTraceW
ControlTraceW
EnableTrace
TraceEvent
RegisterTraceGuidsW
UnregisterTraceGuids
GetTraceLoggerHandle
GetTraceEnableLevel
GetTraceEnableFlags
RegCloseKey
RegCreateKeyExW
RegQueryValueExW
RegDeleteValueW
RegEnumKeyExW
RegEnumValueW
RegNotifyChangeKeyValue
RegOpenKeyExW
RegQueryInfoKeyW

dbghelp

StackWalk64
SymSetOptions
SymFunctionTableAccess64
SymGetModuleBase64
SymGetLineFromAddr64
SymInitialize
SymGetSearchPathW
SymSetSearchPathW
SymFromAddr

gdi32

CreateDIBSection
DeleteObject

kernel32

IsProcessorFeaturePresent
UnhandledExceptionFilter
RtlCaptureContext
WaitForSingleObjectEx
GetWindowsDirectoryW
GetSystemDirectoryW
RtlVirtualUnwind
RtlLookupFunctionEntry
GetNativeSystemInfo
DisableThreadLibraryCalls
LoadLibraryExA
InitializeSListHead
GetCommandLineW
LocalFree
GetCurrentProcess
GetCurrentProcessId
GetProcessId
VirtualProtect
VirtualQuery
GetModuleHandleA
K32EnumProcessModules
IsDebuggerPresent
CloseHandle
GetLastError
SetLastError
OpenProcess
K32GetProcessMemoryInfo
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
GetModuleHandleExW
GetProcAddress
RtlCaptureStackBackTrace
SetUnhandledExceptionFilter
GetCurrentThread
GetModuleFileNameW
GetEnvironmentVariableW
SetEnvironmentVariableW
GetUserDefaultLangID
FindClose
FindFirstFileW
FindFirstFileExW
FindNextFileW
GetFileAttributesW
FindCloseChangeNotification
FindFirstChangeNotificationW
SetCurrentDirectoryW
GetCurrentDirectoryW
CreateDirectoryW
CreateFileW
DeleteFileW
GetFileAttributesExW
GetLogicalDriveStringsW
GetLongPathNameW
GetTempFileNameW
GetVolumeInformationW
GetVolumePathNameW
QueryDosDeviceW
ReadFile
RemoveDirectoryW
SetFileAttributesW
WriteFile
GetTempPathW
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
CopyFileW
MoveFileW
MoveFileExW
ReplaceFileW
K32GetMappedFileNameW
FlushFileBuffers
GetFileInformationByHandle
GetFileSizeEx
LockFile
SetEndOfFile
SetFilePointerEx
SetFileTime
UnlockFile
DuplicateHandle
OutputDebugStringA
GetTickCount
FormatMessageA
VirtualAlloc
VirtualFree
GlobalMemoryStatusEx
OpenFileMappingW
GetModuleHandleW
CreateIoCompletionPort
GetQueuedCompletionStatus
PostQueuedCompletionStatus
SetInformationJobObject
FreeLibrary
LoadLibraryW
GetSystemPowerStatus
WaitForSingleObject
GetExitCodeProcess
GetStdHandle
SetHandleInformation
CreatePipe
ResumeThread
CreateProcessW
SetPriorityClass
AssignProcessToJobObject
AllocConsole
AttachConsole
HeapSetInformation
GetProcessHeaps
GetModuleHandleExA
GetProcessTimes
GetSystemInfo
VirtualQueryEx
GetProcessIoCounters
K32QueryWorkingSet
TerminateProcess
GetPriorityClass
OpenThread
SetThreadPriorityBoost
GetThreadPriorityBoost
SuspendThread
GetThreadContext
MultiByteToWideChar
WideCharToMultiByte
ConnectNamedPipe
PeekNamedPipe
CreateNamedPipeW
GetOverlappedResult
CancelIo
WaitForMultipleObjects
GetCurrentThreadId
SetEvent
CreateEventW
Sleep
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
TryEnterCriticalSection
DeleteCriticalSection
ResetEvent
GetDiskFreeSpaceExW
SystemTimeToFileTime
RaiseException
CreateThread
SetThreadPriority
GetThreadPriority
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
QueueUserWorkItem
QueryPerformanceCounter
QueryPerformanceFrequency
GetSystemTimeAsFileTime
SystemTimeToTzSpecificLocalTime
TzSpecificLocalTimeToSystemTime
FileTimeToSystemTime
HeapLock
HeapUnlock
HeapWalk
GetLocaleInfoW
GetUserDefaultUILanguage
lstrcmpiA
UnregisterWaitEx
RegisterWaitForSingleObject
ExpandEnvironmentStringsW
LoadResource
LockResource
SizeofResource
FindResourceW
GetVersionExW

ole32

CoTaskMemFree
StringFromGUID2
CoCreateGuid
CoTaskMemAlloc
CoUninitialize
CoInitializeEx
CoCreateInstance
PropVariantClear

oleaut32

SysAllocStringByteLen
SysAllocString
SysFreeString
SysStringLen
SysStringByteLen
VarCmp
SysAllocStringLen
SafeArrayGetVartype
VariantClear
VariantCopy

shell32

ShellExecuteExW
CommandLineToArgvW
SHGetFolderPathW
ShellExecuteW
SHChangeNotify
SHGetKnownFolderPath

user32

GetActiveWindow
KillTimer
SetTimer
MsgWaitForMultipleObjectsEx
GetQueueStatus
CallMsgFilterW
DestroyWindow
CreateWindowExW
RegisterClassExW
UnregisterClassW
PostQuitMessage
DefWindowProcW
WaitMessage
PostMessageW
PeekMessageW
DispatchMessageW
TranslateMessage
CharUpperW
GetGuiResources
GetWindowLongPtrW
SetWindowLongPtrW
FindWindowExW
IsWindow
IsWindowEnabled
GetSystemMetrics
FindWindowW
SystemParametersInfoW

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

winmm

timeGetTime
timeBeginPeriod
timeEndPeriod

ws2_32

ioctlsocket

msvcp140

?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?id@?$ctype@D@std@@2V0locale@2@A
?_Getcat@?$ctype@D@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?tolower@?$ctype@D@std@@QEBADD@Z
?classic@locale@std@@SAAEBV12@XZ
?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEBD_J@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@N@Z
?sync_with_stdio@ios_base@std@@SA_N_N@Z
?setw@std@@YA?AU?$_Smanip@_J@1@_J@Z
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@_J@Z
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?_Fiopen@std@@YAPEAU_iobuf@@PEB_WHH@Z
?read@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEAD_J@Z
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA_N_N@Z
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?always_noconv@codecvt_base@std@@QEBA_NXZ
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
??Bid@locale@std@@QEAA_KXZ
??1_Lockit@std@@QEAA@XZ
??0_Lockit@std@@QEAA@H@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@H@Z
?cerr@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@K@Z
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@_K@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@I@Z
?_Xout_of_range@std@@YAXPEBD@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@PEBX@Z
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
?_Xlength_error@std@@YAXPEBD@Z
?uncaught_exception@std@@YA_NXZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ

userenv

DestroyEnvironmentBlock
CreateEnvironmentBlock

vcruntime140

__std_exception_destroy
memset
_purecall
__std_terminate
_CxxThrowException
memcpy
memmove
__std_exception_copy
memcmp
__std_type_info_destroy_list
__current_exception_context
__current_exception
_set_purecall_handler
wcschr
memchr
__C_specific_handler

vcruntime140_1

__CxxFrameHandler4

api-ms-win-crt-runtime-l1-1-0

_configure_narrow_argv
_initialize_narrow_environment
_cexit
_initterm
_initterm_e
signal
_invalid_parameter_noinfo_noreturn
terminate
_exit
abort
_set_invalid_parameter_handler
_set_abort_behavior
_execute_onexit_table
_set_new_handler
_crt_atexit
_register_onexit_function
_initialize_onexit_table
_seh_filter_dll

api-ms-win-crt-stdio-l1-1-0

__acrt_iob_func
_close
_wfsopen
_chsize
ungetc
freopen
_dup2
_get_osfhandle
setvbuf
fwrite
ftell
_fseeki64
fsetpos
fread
fputc
__stdio_common_vsprintf
__stdio_common_vsnprintf_s
__stdio_common_vswprintf
_fileno
fgetpos
fgetc
fflush
ferror
fclose
_get_stream_buffer_pointers
__stdio_common_vsnwprintf_s
_write
_open_osfhandle

api-ms-win-crt-heap-l1-1-0

realloc
malloc
_set_new_mode
_aligned_malloc
_callnewh
calloc
free

api-ms-win-crt-filesystem-l1-1-0

_lock_file
_unlock_file
_wfullpath

api-ms-win-crt-math-l1-1-0

exp
_fdopen
log
ceilf
_dclass
ceil
floor
ldexp

api-ms-win-crt-string-l1-1-0

_strdup
isalpha
_strnicmp
isspace
iswspace
_wcsicmp
strncmp

api-ms-win-crt-time-l1-1-0

_time64
_localtime64_s
_mktime64

api-ms-win-crt-convert-l1-1-0

strtod

Exports

Exports

??$MakeCheckOpString@HH@logging@@YAPEAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AEBH0PEBD@Z
??$MakeCheckOpString@IK@logging@@YAPEAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AEBIAEBKPEBD@Z
??$MakeCheckOpString@KI@logging@@YAPEAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AEBKAEBIPEBD@Z
??$MakeCheckOpString@KK@logging@@YAPEAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AEBK0PEBD@Z
??$MakeCheckOpString@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V12@@logging@@YAPEAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AEBV12@0PEBD@Z
??0?$BasicValueConverter@H@internal@base@@QEAA@XZ
??0?$BasicValueConverter@N@internal@base@@QEAA@XZ
??0?$BasicValueConverter@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@internal@base@@QEAA@XZ
??0?$BasicValueConverter@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@internal@base@@QEAA@XZ
??0?$BasicValueConverter@_N@internal@base@@QEAA@XZ
??0?$RefCounted@VConvertableToTraceFormat@trace_event@base@@@base@@QEAA@XZ
??0?$RefCounted@VFieldTrial@base@@@base@@QEAA@XZ
??0?$RefCountedThreadSafe@VFlag@WeakReference@internal@base@@U?$DefaultRefCountedThreadSafeTraits@VFlag@WeakReference@internal@base@@@4@@base@@QEAA@XZ
??0?$RefCountedThreadSafe@VIncomingTaskQueue@internal@base@@U?$DefaultRefCountedThreadSafeTraits@VIncomingTaskQueue@internal@base@@@3@@base@@QEAA@XZ
??0?$RefCountedThreadSafe@VMemoryDumpSessionState@trace_event@base@@U?$DefaultRefCountedThreadSafeTraits@VMemoryDumpSessionState@trace_event@base@@@3@@base@@QEAA@XZ
??0?$RefCountedThreadSafe@VRefCountedMemory@base@@U?$DefaultRefCountedThreadSafeTraits@VRefCountedMemory@base@@@2@@base@@QEAA@XZ
??0?$RefCountedThreadSafe@VTaskRunner@base@@UTaskRunnerTraits@2@@base@@QEAA@XZ
??0?$SupportsWeakPtr@VFileProxy@base@@@base@@QEAA@XZ
??0?$TimeBase@VThreadTicks@base@@@time_internal@base@@IEAA@_J@Z
??0?$TimeBase@VTime@base@@@time_internal@base@@IEAA@_J@Z
??0?$TimeBase@VTimeTicks@base@@@time_internal@base@@IEAA@_J@Z
??0?$ValueConverter@H@internal@base@@QEAA@AEBV012@@Z
??0?$ValueConverter@H@internal@base@@QEAA@XZ
??0?$ValueConverter@N@internal@base@@QEAA@AEBV012@@Z
??0?$ValueConverter@N@internal@base@@QEAA@XZ
??0?$ValueConverter@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@internal@base@@QEAA@AEBV012@@Z
??0?$ValueConverter@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@internal@base@@QEAA@XZ
??0?$ValueConverter@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@internal@base@@QEAA@AEBV012@@Z
??0?$ValueConverter@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@internal@base@@QEAA@XZ
??0?$ValueConverter@_N@internal@base@@QEAA@AEBV012@@Z
??0?$ValueConverter@_N@internal@base@@QEAA@XZ
??0?$queue@UPendingTask@base@@V?$deque@UPendingTask@base@@V?$allocator@UPendingTask@base@@@std@@@std@@@std@@QEAA@$$QEAV?$deque@UPendingTask@base@@V?$allocator@UPendingTask@base@@@std@@@1@@Z
??0?$queue@UPendingTask@base@@V?$deque@UPendingTask@base@@V?$allocator@UPendingTask@base@@@std@@@std@@@std@@QEAA@AEBV01@@Z
??0?$queue@UPendingTask@base@@V?$deque@UPendingTask@base@@V?$allocator@UPendingTask@base@@@std@@@std@@@std@@QEAA@AEBV?$deque@UPendingTask@base@@V?$allocator@UPendingTask@base@@@std@@@1@@Z
??0?$queue@UPendingTask@base@@V?$deque@UPendingTask@base@@V?$allocator@UPendingTask@base@@@std@@@std@@@std@@QEAA@XZ
??0Adjustment@OffsetAdjuster@base@@QEAA@_K00@Z
??0AllocationContext@trace_event@base@@AEAA@XZ
??0AllocationContextTracker@trace_event@base@@AEAA@XZ
??0AllocationRegister@trace_event@base@@QEAA@I@Z
??0AllocationRegister@trace_event@base@@QEAA@XZ
??0AsserterBase@base@@QEAA@AEBU01@@Z
??0AsserterBase@base@@QEAA@XZ
??0AtExitManager@base@@IEAA@_N@Z
??0AtExitManager@base@@QEAA@XZ
??0BigEndianReader@base@@QEAA@PEBD_K@Z
??0BigEndianWriter@base@@QEAA@PEAD_K@Z
??0BinaryValue@base@@QEAA@V?$scoped_ptr@$$BY0A@DU?$default_delete@$$BY0A@D@std@@@@_K@Z
??0BinaryValue@base@@QEAA@XZ
??0BirthOnThread@tracked_objects@@QEAA@AEBVLocation@1@AEBVThreadData@1@@Z
??0BirthOnThreadSnapshot@tracked_objects@@QEAA@AEBU01@@Z
??0BirthOnThreadSnapshot@tracked_objects@@QEAA@AEBVBirthOnThread@1@@Z
??0BirthOnThreadSnapshot@tracked_objects@@QEAA@XZ
??0Births@tracked_objects@@QEAA@AEBVLocation@1@AEBVThreadData@1@@Z
??0BooleanHistogram@base@@AEAA@AEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@PEBVBucketRanges@1@@Z
??0BucketRanges@base@@QEAA@_K@Z
??0CPU@base@@QEAA@$$QEAV01@@Z
??0CPU@base@@QEAA@AEBV01@@Z
??0CPU@base@@QEAA@XZ
??0CallStackProfile@StackSamplingProfiler@base@@QEAA@AEBU012@@Z
??0CallStackProfile@StackSamplingProfiler@base@@QEAA@XZ
??0CallbackBase@internal@base@@IEAA@PEAVBindStateBase@12@@Z
??0CallbackBase@internal@base@@QEAA@AEBV012@@Z
??0CancelableSyncSocket@base@@QEAA@PEAX@Z
??0CancelableSyncSocket@base@@QEAA@XZ
??0CancelableTaskTracker@base@@QEAA@XZ
??0CancellationFlag@base@@QEAA@XZ
??0Check@ThreadCollisionWarner@base@@QEAA@PEAV12@@Z
??0Clock@base@@QEAA@AEBV01@@Z
??0Clock@base@@QEAA@XZ
??0CommandLine@base@@QEAA@AEBV01@@Z
??0CommandLine@base@@QEAA@AEBV?$vector@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@V?$allocator@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@2@@std@@@Z
??0CommandLine@base@@QEAA@AEBVFilePath@1@@Z
??0CommandLine@base@@QEAA@HPEBQEB_W@Z
??0CommandLine@base@@QEAA@W4NoProgram@01@@Z
??0ConditionVariable@base@@QEAA@PEAVLock@1@@Z
??0ConstIterator@AllocationRegister@trace_event@base@@AEAA@AEBV123@I@Z
??0ConvertableToTraceFormat@trace_event@base@@QEAA@XZ
??0CustomHistogram@base@@IEAA@AEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@PEBVBucketRanges@1@@Z
??0DCheckAsserter@base@@QEAA@AEBU01@@Z
??0DCheckAsserter@base@@QEAA@XZ
??0Data@SupportsUserData@base@@QEAA@AEBV012@@Z
??0Data@SupportsUserData@base@@QEAA@XZ
??0DataSerializer@ImportantFileWriter@base@@QEAA@AEBV012@@Z
??0DataSerializer@ImportantFileWriter@base@@QEAA@XZ
??0DeathData@tracked_objects@@QEAA@AEBV01@@Z
??0DeathData@tracked_objects@@QEAA@XZ
??0DeathDataSnapshot@tracked_objects@@QEAA@HHHHHHH@Z
??0DeathDataSnapshot@tracked_objects@@QEAA@XZ
??0DefaultClock@base@@QEAA@AEBV01@@Z
??0DefaultClock@base@@QEAA@XZ
??0DefaultTickClock@base@@QEAA@AEBV01@@Z
??0DefaultTickClock@base@@QEAA@XZ
??0DeferredSequencedTaskRunner@base@@QEAA@AEBV?$scoped_refptr@VSequencedTaskRunner@base@@@@@Z
??0Delegate@DelegateSimpleThread@base@@QEAA@AEBV012@@Z
??0Delegate@DelegateSimpleThread@base@@QEAA@XZ
??0Delegate@MessagePump@base@@QEAA@AEBV012@@Z
??0Delegate@MessagePump@base@@QEAA@XZ
??0Delegate@ObjectWatcher@win@base@@QEAA@AEBV0123@@Z
??0Delegate@ObjectWatcher@win@base@@QEAA@XZ
??0Delegate@PlatformThread@base@@QEAA@AEBV012@@Z
??0Delegate@PlatformThread@base@@QEAA@XZ
??0DelegateSimpleThread@base@@QEAA@PEAVDelegate@01@AEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
??0DelegateSimpleThread@base@@QEAA@PEAVDelegate@01@AEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AEBVOptions@SimpleThread@1@@Z
??0DelegateSimpleThreadPool@base@@QEAA@AEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@H@Z
??0DestructionObserver@MessageLoop@base@@QEAA@AEBV012@@Z
??0DestructionObserver@MessageLoop@base@@QEAA@XZ
??0DevicesChangedObserver@SystemMonitor@base@@QEAA@AEBV012@@Z
??0DevicesChangedObserver@SystemMonitor@base@@QEAA@XZ
??0DictionaryValue@base@@QEAA@AEBV01@@Z
??0DictionaryValue@base@@QEAA@XZ
??0DiscardableMemory@base@@QEAA@AEBV01@@Z
??0DiscardableMemory@base@@QEAA@XZ
??0DiscardableMemoryAllocator@base@@QEAA@AEBV01@@Z
??0DiscardableMemoryAllocator@base@@QEAA@XZ
??0DiscardableSharedMemory@base@@QEAA@VSharedMemoryHandle@1@@Z
??0DiscardableSharedMemory@base@@QEAA@XZ
??0Duration@tracked_objects@@AEAA@H@Z
??0Duration@tracked_objects@@QEAA@XZ
??0ElapsedTimer@base@@QEAA@XZ
??0EnabledStateObserver@TraceLog@trace_event@base@@QEAA@AEBV0123@@Z
??0EnabledStateObserver@TraceLog@trace_event@base@@QEAA@XZ
??0EntropyProvider@FieldTrial@base@@QEAA@AEBV012@@Z
??0EntropyProvider@FieldTrial@base@@QEAA@XZ
??0EnumVariant@win@base@@QEAA@K@Z
??0Environment@base@@QEAA@AEBV01@@Z
??0Environment@base@@QEAA@XZ
??0EtwTraceController@win@base@@QEAA@XZ
??0EtwTraceProperties@win@base@@QEAA@XZ
??0EtwTraceProvider@win@base@@QEAA@AEBU_GUID@@@Z
??0EtwTraceProvider@win@base@@QEAA@XZ
??0FeatureList@base@@QEAA@XZ
??0FieldTrial@base@@AEAA@AEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@H0N@Z
??0FieldTrialList@base@@QEAA@PEBVEntropyProvider@FieldTrial@1@@Z
??0File@base@@QEAA@$$QEAV01@@Z
??0File@base@@QEAA@AEBVFilePath@1@I@Z
??0File@base@@QEAA@PEAX@Z
??0File@base@@QEAA@W4Error@01@@Z
??0File@base@@QEAA@XZ
??0FileEnumerator@base@@QEAA@AEBVFilePath@1@_NH@Z
??0FileEnumerator@base@@QEAA@AEBVFilePath@1@_NHAEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z
??0FileInfo@FileEnumerator@base@@QEAA@XZ
??0FilePath@base@@QEAA@AEBV01@@Z
??0FilePath@base@@QEAA@V?$BasicStringPiece@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@1@@Z
??0FilePath@base@@QEAA@V?$BasicStringPiece@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@1@@Z
??0FilePath@base@@QEAA@XZ
??0FilePathWatcher@base@@QEAA@XZ
??0FileProxy@base@@QEAA@PEAVTaskRunner@1@@Z
??0FileVersionInfo@@QEAA@AEBV0@@Z
??0FileVersionInfo@@QEAA@XZ
??0FileVersionInfoWin@@QEAA@PEAXGG@Z
??0Flag@WeakReference@internal@base@@QEAA@XZ
??0Frame@StackSamplingProfiler@base@@QEAA@XZ
??0Frame@StackSamplingProfiler@base@@QEAA@_K0@Z
??0FundamentalValue@base@@QEAA@AEBV01@@Z
??0FundamentalValue@base@@QEAA@H@Z
??0FundamentalValue@base@@QEAA@N@Z
??0FundamentalValue@base@@QEAA@_N@Z
??0HeapDumpWriter@internal@trace_event@base@@QEAA@PEAVStackFrameDeduplicator@23@PEAVTypeNameDeduplicator@23@@Z
??0HighResolutionTimerManager@base@@QEAA@XZ
??0Histogram@base@@IEAA@AEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@HHPEBVBucketRanges@1@@Z
??0HistogramBase@base@@QEAA@AEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
??0HistogramDeltaSerialization@base@@QEAA@AEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
??0HistogramFlattener@base@@IEAA@XZ
??0HistogramSamples@base@@QEAA@_K@Z
??0HistogramSamples@base@@QEAA@_KPEAUMetadata@01@@Z
??0HistogramSnapshotManager@base@@QEAA@PEAVHistogramFlattener@1@@Z
??0IATPatchFunction@win@base@@QEAA@XZ
??0IUnknownImpl@win@base@@QEAA@AEBV012@@Z
??0IUnknownImpl@win@base@@QEAA@XZ
??0ImportantFileWriter@base@@QEAA@AEBVFilePath@1@AEBV?$scoped_refptr@VSequencedTaskRunner@base@@@@@Z
??0ImportantFileWriter@base@@QEAA@AEBVFilePath@1@AEBV?$scoped_refptr@VSequencedTaskRunner@base@@@@VTimeDelta@1@@Z
??0IncomingTaskQueue@internal@base@@QEAA@PEAVMessageLoop@2@@Z
??0Info@File@base@@QEAA@XZ
??0Iterator@DictionaryValue@base@@QEAA@AEBV12@@Z
??0JSONFileValueDeserializer@@QEAA@AEBVFilePath@base@@@Z
??0JSONFileValueSerializer@@QEAA@AEBVFilePath@base@@@Z
??0JSONParser@internal@base@@QEAA@H@Z
??0JSONReader@base@@QEAA@H@Z
??0JSONReader@base@@QEAA@XZ
??0JSONStringValueDeserializer@@QEAA@AEBV?$BasicStringPiece@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@base@@@Z
??0JSONStringValueSerializer@@QEAA@PEAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
??0JSONWriter@base@@AEAA@HPEAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
??0LaunchOptions@base@@QEAA@XZ
??0LinearHistogram@base@@IEAA@AEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@HHPEBVBucketRanges@1@@Z
??0ListValue@base@@QEAA@AEBV01@@Z
??0ListValue@base@@QEAA@XZ
??0Location@tracked_objects@@QEAA@AEBV01@@Z
??0Location@tracked_objects@@QEAA@PEBD0HPEBX@Z
??0Location@tracked_objects@@QEAA@XZ
??0LocationSnapshot@tracked_objects@@QEAA@AEBU01@@Z
??0LocationSnapshot@tracked_objects@@QEAA@AEBVLocation@1@@Z
??0LocationSnapshot@tracked_objects@@QEAA@XZ
??0Lock@base@@QEAA@XZ
??0LockImpl@internal@base@@QEAA@XZ
??0LogEventProvider@logging@@AEAA@XZ
??0LogMessage@logging@@QEAA@PEBDH0@Z
??0LogMessage@logging@@QEAA@PEBDHH@Z
??0LogMessage@logging@@QEAA@PEBDHHPEAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
??0LogMessage@logging@@QEAA@PEBDHPEAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
??0LoggingSettings@logging@@QEAA@XZ
??0MemoryAllocatorDump@trace_event@base@@QEAA@AEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@PEAVProcessMemoryDump@12@@Z
??0MemoryAllocatorDump@trace_event@base@@QEAA@AEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@PEAVProcessMemoryDump@12@AEBVMemoryAllocatorDumpGuid@12@@Z
??0MemoryAllocatorDumpGuid@trace_event@base@@QEAA@AEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
??0MemoryAllocatorDumpGuid@trace_event@base@@QEAA@XZ
??0MemoryAllocatorDumpGuid@trace_event@base@@QEAA@_K@Z
??0MemoryDumpManager@trace_event@base@@AEAA@XZ
??0MemoryDumpManagerDelegate@trace_event@base@@IEAA@XZ
??0MemoryDumpProvider@trace_event@base@@IEAA@XZ
??0MemoryDumpSessionState@trace_event@base@@QEAA@AEBV?$scoped_refptr@VStackFrameDeduplicator@trace_event@base@@@@AEBV?$scoped_refptr@VTypeNameDeduplicator@trace_event@base@@@@@Z
??0MemoryMappedFile@base@@QEAA@XZ
??0MemoryPressureListener@base@@QEAA@AEBV?$Callback@$$A6AXW4MemoryPressureLevel@MemoryPressureListener@base@@@Z@1@@Z
??0MemoryPressureMonitor@base@@IEAA@XZ
??0MemoryPressureMonitor@win@base@@QEAA@HH@Z
??0MemoryPressureMonitor@win@base@@QEAA@XZ
??0MessageLoop@base@@AEAA@W4Type@01@V?$Callback@$$A6A?AV?$scoped_ptr@VMessagePump@base@@U?$default_delete@VMessagePump@base@@@std@@@@XZ@1@@Z
??0MessageLoop@base@@QEAA@V?$scoped_ptr@VMessagePump@base@@U?$default_delete@VMessagePump@base@@@std@@@@@Z
??0MessageLoop@base@@QEAA@W4Type@01@@Z
??0MessageLoopForIO@base@@QEAA@XZ
??0MessageLoopForUI@base@@QEAA@XZ
??0MessageLoopTaskRunner@internal@base@@QEAA@V?$scoped_refptr@VIncomingTaskQueue@internal@base@@@@@Z
??0MessagePump@base@@QEAA@AEBV01@@Z
??0MessagePump@base@@QEAA@XZ
??0MessagePumpDefault@base@@QEAA@XZ
??0MessagePumpDispatcher@base@@QEAA@AEBV01@@Z
??0MessagePumpDispatcher@base@@QEAA@XZ
??0MessagePumpForIO@base@@QEAA@XZ
??0MessagePumpForUI@base@@QEAA@AEBV01@@Z
??0MessagePumpForUI@base@@QEAA@XZ
??0MessagePumpWin@base@@QEAA@$$QEAV01@@Z
??0MessagePumpWin@base@@QEAA@AEBV01@@Z
??0MessagePumpWin@base@@QEAA@XZ
??0MessageWindow@win@base@@QEAA@XZ
??0MockTimer@base@@QEAA@AEBVLocation@tracked_objects@@VTimeDelta@1@AEBV?$Callback@$$A6AXXZ@1@_N@Z
??0MockTimer@base@@QEAA@_N0@Z
??0Module@StackSamplingProfiler@base@@QEAA@AEBU012@@Z
??0Module@StackSamplingProfiler@base@@QEAA@XZ
??0Module@StackSamplingProfiler@base@@QEAA@_KAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AEBVFilePath@2@@Z
??0NamedProcessIterator@base@@QEAA@AEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@PEBVProcessFilter@1@@Z
??0NativeLibraryLoadError@base@@QEAA@XZ
??0NativeStackSamplerTestDelegate@base@@IEAA@XZ
??0NonThreadSafeImpl@base@@QEAA@XZ
??0OSInfo@win@base@@AEAA@XZ
??0ObjectWatcher@win@base@@QEAA@XZ
??0Observer@FieldTrialList@base@@QEAA@AEBV012@@Z
??0Observer@FieldTrialList@base@@QEAA@XZ
??0Options@SimpleThread@base@@QEAA@W4ThreadPriority@2@@Z
??0Options@SimpleThread@base@@QEAA@XZ
??0Options@Thread@base@@QEAA@AEBU012@@Z
??0Options@Thread@base@@QEAA@W4Type@MessageLoop@2@_K@Z
??0Options@Thread@base@@QEAA@XZ
??0PendingTask@base@@QEAA@AEBU01@@Z
??0PendingTask@base@@QEAA@AEBVLocation@tracked_objects@@AEBV?$Callback@$$A6AXXZ@1@@Z
??0PendingTask@base@@QEAA@AEBVLocation@tracked_objects@@AEBV?$Callback@$$A6AXXZ@1@VTimeTicks@1@_N@Z
??0Pickle@base@@QEAA@AEBV01@@Z
??0Pickle@base@@QEAA@H@Z
??0Pickle@base@@QEAA@PEBDH@Z
??0Pickle@base@@QEAA@XZ
??0PickleIterator@base@@QEAA@AEBVPickle@1@@Z
??0PickleIterator@base@@QEAA@XZ
??0PowerMonitor@base@@QEAA@V?$scoped_ptr@VPowerMonitorSource@base@@U?$default_delete@VPowerMonitorSource@base@@@std@@@@@Z
??0PowerMonitorDeviceSource@base@@QEAA@XZ
??0PowerMonitorSource@base@@QEAA@XZ
??0PowerObserver@base@@QEAA@AEBV01@@Z
??0PowerObserver@base@@QEAA@XZ
??0Process@base@@QEAA@$$QEAV01@@Z
??0Process@base@@QEAA@PEAX@Z
??0ProcessDataPhaseSnapshot@tracked_objects@@QEAA@AEBU01@@Z
??0ProcessDataPhaseSnapshot@tracked_objects@@QEAA@XZ
??0ProcessDataSnapshot@tracked_objects@@QEAA@AEBU01@@Z
??0ProcessDataSnapshot@tracked_objects@@QEAA@XZ
??0ProcessIterator@base@@QEAA@PEBVProcessFilter@1@@Z
??0ProcessMemoryDump@trace_event@base@@QEAA@AEBV?$scoped_refptr@VMemoryDumpSessionState@trace_event@base@@@@@Z
??0ProcessMemoryMaps@trace_event@base@@QEAA@XZ
??0ProcessMemoryTotals@trace_event@base@@QEAA@XZ
??0ProcessMemoryTotalsDumpProvider@trace_event@base@@AEAA@XZ
??0ProcessMetrics@base@@AEAA@PEAX@Z
??0RefCountedBase@subtle@base@@IEAA@XZ
??0RefCountedBytes@base@@QEAA@AEBV?$vector@EV?$allocator@E@std@@@std@@@Z
??0RefCountedBytes@base@@QEAA@PEBE_K@Z
??0RefCountedBytes@base@@QEAA@XZ
??0RefCountedMemory@base@@IEAA@XZ
??0RefCountedStaticMemory@base@@QEAA@PEBX_K@Z
??0RefCountedStaticMemory@base@@QEAA@XZ
??0RefCountedString@base@@QEAA@XZ
??0RefCountedThreadSafeBase@subtle@base@@IEAA@XZ
??0RegKey@win@base@@QEAA@PEAUHKEY__@@@Z
??0RegKey@win@base@@QEAA@PEAUHKEY__@@PEB_WK@Z
??0RegKey@win@base@@QEAA@XZ
??0RegistryKeyIterator@win@base@@QEAA@PEAUHKEY__@@PEB_W@Z
??0RegistryKeyIterator@win@base@@QEAA@PEAUHKEY__@@PEB_WK@Z
??0RegistryValueIterator@win@base@@QEAA@PEAUHKEY__@@PEB_W@Z
??0RegistryValueIterator@win@base@@QEAA@PEAUHKEY__@@PEB_WK@Z
??0RunLoop@base@@QEAA@PEAVMessagePumpDispatcher@1@@Z
??0RunLoop@base@@QEAA@XZ
??0SampleCountIterator@base@@QEAA@AEBV01@@Z
??0SampleCountIterator@base@@QEAA@XZ
??0SampleMap@base@@QEAA@XZ
??0SampleMap@base@@QEAA@_K@Z
??0SampleMapIterator@base@@QEAA@AEBV01@@Z
??0SampleMapIterator@base@@QEAA@AEBV?$map@HHU?$less@H@std@@V?$allocator@U?$pair@$$CBHH@std@@@2@@std@@@Z
??0SampleVector@base@@QEAA@PEBVBucketRanges@1@@Z
??0SampleVector@base@@QEAA@_KPEAH0PEAUMetadata@HistogramSamples@1@PEBVBucketRanges@1@@Z
??0SampleVector@base@@QEAA@_KPEBVBucketRanges@1@@Z
??0SampleVectorIterator@base@@QEAA@AEBV01@@Z
??0SampleVectorIterator@base@@QEAA@PEBH_KPEBVBucketRanges@1@@Z
??0SampleVectorIterator@base@@QEAA@PEBV?$vector@HV?$allocator@H@std@@@std@@PEBVBucketRanges@1@@Z
??0SamplingParams@StackSamplingProfiler@base@@QEAA@XZ
??0ScopedAllowIO@ThreadRestrictions@base@@QEAA@XZ
??0ScopedAllowSingleton@ThreadRestrictions@base@@QEAA@XZ
??0ScopedAllowWait@ThreadRestrictions@base@@QEAA@XZ
??0ScopedBstr@win@base@@QEAA@PEB_W@Z
??0ScopedBstr@win@base@@QEAA@XZ
??0ScopedCheck@ThreadCollisionWarner@base@@QEAA@PEAV12@@Z
??0ScopedClosureRunner@base@@QEAA@AEBV?$Callback@$$A6AXXZ@1@@Z
??0ScopedClosureRunner@base@@QEAA@XZ
??0ScopedCrashKey@debug@base@@QEAA@AEBV?$BasicStringPiece@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@0@Z
??0ScopedNativeLibrary@base@@QEAA@AEBVFilePath@1@@Z
??0ScopedNativeLibrary@base@@QEAA@PEAUHINSTANCE__@@@Z
??0ScopedNativeLibrary@base@@QEAA@XZ
??0ScopedProcessInformation@win@base@@QEAA@AEBU_PROCESS_INFORMATION@@@Z
??0ScopedProcessInformation@win@base@@QEAA@XZ
??0ScopedProfile@tracked_objects@@QEAA@AEBVLocation@1@W4Mode@01@@Z
??0ScopedRecursiveCheck@ThreadCollisionWarner@base@@QEAA@PEAV12@@Z
??0ScopedSyntheticDelay@trace_event_internal@@QEAA@PEBDPEA_J@Z
??0ScopedTempDir@base@@QEAA@XZ
??0ScopedTraceBinaryEfficient@trace_event_internal@@QEAA@PEBD0@Z
??0ScopedTracer@trace_event_internal@@QEAA@XZ
??0ScopedTracker@tracked_objects@@QEAA@AEBVLocation@1@@Z
??0ScopedVariant@win@base@@QEAA@AEBUtagVARIANT@@@Z
??0ScopedVariant@win@base@@QEAA@HG@Z
??0ScopedVariant@win@base@@QEAA@NG@Z
??0ScopedVariant@win@base@@QEAA@PEAUIDispatch@@@Z
??0ScopedVariant@win@base@@QEAA@PEAUIUnknown@@@Z
??0ScopedVariant@win@base@@QEAA@PEAUtagSAFEARRAY@@@Z
??0ScopedVariant@win@base@@QEAA@PEB_W@Z
??0ScopedVariant@win@base@@QEAA@PEB_WI@Z
??0ScopedVariant@win@base@@QEAA@XZ
??0SequenceCheckerImpl@base@@QEAA@XZ
??0SequenceToken@SequencedWorkerPool@base@@AEAA@H@Z
??0SequenceToken@SequencedWorkerPool@base@@QEAA@XZ
??0SequencedTaskRunner@base@@QEAA@XZ
??0SequencedWorkerPool@base@@QEAA@_KAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
??0SequencedWorkerPool@base@@QEAA@_KAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@PEAVTestingObserver@01@@Z
??0SharedMemory@base@@QEAA@AEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z
??0SharedMemory@base@@QEAA@AEBVSharedMemoryHandle@1@_N@Z
??0SharedMemory@base@@QEAA@AEBVSharedMemoryHandle@1@_NPEAX@Z
??0SharedMemory@base@@QEAA@XZ
??0SharedMemoryCreateOptions@base@@QEAA@XZ
??0SharedMemoryHandle@base@@QEAA@AEBV01@@Z
??0SharedMemoryHandle@base@@QEAA@PEAXK@Z
??0SharedMemoryHandle@base@@QEAA@XZ
??0ShortcutProperties@win@base@@QEAA@AEBU012@@Z
??0ShortcutProperties@win@base@@QEAA@XZ
??0SimpleOutput@TraceResultBuffer@trace_event@base@@QEAA@$$QEAU0123@@Z
??0SimpleOutput@TraceResultBuffer@trace_event@base@@QEAA@AEBU0123@@Z
??0SimpleOutput@TraceResultBuffer@trace_event@base@@QEAA@XZ
??0SimpleThread@base@@QEAA@AEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
??0SimpleThread@base@@QEAA@AEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AEBVOptions@01@@Z
??0SingleThreadTaskRunner@base@@QEAA@XZ
??0Slot@ThreadLocalStorage@base@@QEAA@P6AXPEAX@Z@Z
??0SparseHistogram@base@@AEAA@AEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
??0StackFrameDeduplicator@trace_event@base@@QEAA@XZ
??0StackSamplingProfiler@base@@QEAA@KAEBUSamplingParams@01@AEBV?$Callback@$$A6AXAEBV?$vector@UCallStackProfile@StackSamplingProfiler@base@@V?$allocator@UCallStackProfile@StackSamplingProfiler@base@@@std@@@std@@@Z@1@@Z
??0StackSamplingProfiler@base@@QEAA@KAEBUSamplingParams@01@AEBV?$Callback@$$A6AXAEBV?$vector@UCallStackProfile@StackSamplingProfiler@base@@V?$allocator@UCallStackProfile@StackSamplingProfiler@base@@@std@@@std@@@Z@1@PEAVNativeStackSamplerTestDelegate@1@@Z
??0StackTrace@debug@base@@QEAA@PEAU_EXCEPTION_POINTERS@@@Z
??0StackTrace@debug@base@@QEAA@PEBQEBX_K@Z
??0StackTrace@debug@base@@QEAA@PEBU_CONTEXT@@@Z
??0StackTrace@debug@base@@QEAA@XZ
??0StartupInformation@win@base@@QEAA@XZ
??0State@FieldTrial@base@@QEAA@XZ
??0StatisticsRecorder@base@@AEAA@XZ
??0StringValue@base@@QEAA@AEBV01@@Z
??0StringValue@base@@QEAA@AEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
??0StringValue@base@@QEAA@AEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z
??0SupportsUserData@base@@QEAA@XZ
??0SyncSocket@base@@QEAA@PEAX@Z
??0SyncSocket@base@@QEAA@XZ
??0SystemMemoryInfoKB@base@@QEAA@XZ
??0SystemMonitor@base@@QEAA@XZ
??0TaskAnnotator@debug@base@@QEAA@XZ
??0TaskObserver@MessageLoop@base@@QEAA@AEBV012@@Z
??0TaskObserver@MessageLoop@base@@QEAA@XZ
??0TaskQueue@base@@QEAA@$$QEAV01@@Z
??0TaskQueue@base@@QEAA@AEBV01@@Z
??0TaskQueue@base@@QEAA@XZ
??0TaskRunner@base@@IEAA@XZ
??0TaskSnapshot@tracked_objects@@QEAA@AEBU01@@Z
??0TaskSnapshot@tracked_objects@@QEAA@AEBUBirthOnThreadSnapshot@1@AEBUDeathDataSnapshot@1@AEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
??0TaskSnapshot@tracked_objects@@QEAA@XZ
??0TaskStopwatch@tracked_objects@@QEAA@XZ
??0Thread@base@@QEAA@AEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
??0ThreadCheckerImpl@base@@QEAA@XZ
??0ThreadCollisionWarner@base@@QEAA@PEAUAsserterBase@1@@Z
??0ThreadData@tracked_objects@@AEAA@AEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
??0ThreadData@tracked_objects@@AEAA@H@Z
??0ThreadIdNameManager@base@@AEAA@XZ
??0ThreadTaskRunnerHandle@base@@QEAA@AEBV01@@Z
??0ThreadTaskRunnerHandle@base@@QEAA@AEBV?$scoped_refptr@VSingleThreadTaskRunner@base@@@@@Z
??0ThreadTicks@base@@AEAA@_J@Z
??0ThreadTicks@base@@QEAA@XZ
??0TickClock@base@@QEAA@AEBV01@@Z
??0TickClock@base@@QEAA@XZ
??0Time@base@@AEAA@_J@Z
??0Time@base@@QEAA@XZ
??0TimeDelta@base@@AEAA@_J@Z
??0TimeDelta@base@@QEAA@XZ
??0TimeTicks@base@@AEAA@_J@Z
??0TimeTicks@base@@QEAA@XZ
??0Timer@base@@QEAA@AEBVLocation@tracked_objects@@VTimeDelta@1@AEBV?$Callback@$$A6AXXZ@1@_N@Z
??0Timer@base@@QEAA@_N0@Z
??0TraceBuffer@trace_event@base@@QEAA@AEBV012@@Z
??0TraceBuffer@trace_event@base@@QEAA@XZ
??0TraceBufferChunk@trace_event@base@@QEAA@I@Z
??0TraceConfig@trace_event@base@@QEAA@AEBV012@@Z
??0TraceConfig@trace_event@base@@QEAA@AEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@0@Z
??0TraceConfig@trace_event@base@@QEAA@AEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
??0TraceConfig@trace_event@base@@QEAA@AEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@W4TraceRecordMode@12@@Z
??0TraceConfig@trace_event@base@@QEAA@XZ
??0TraceEvent@trace_event@base@@QEAA@XZ
??0TraceEventETWExport@trace_event@base@@AEAA@XZ
??0TraceEventMemoryOverhead@trace_event@base@@QEAA@XZ
??0TraceEventSyntheticDelay@trace_event@base@@AEAA@XZ
??0TraceEventSyntheticDelayClock@trace_event@base@@QEAA@XZ
??0TraceEventSystemStatsMonitor@trace_event@base@@QEAA@V?$scoped_refptr@VSingleThreadTaskRunner@base@@@@@Z
??0TraceLog@trace_event@base@@AEAA@XZ
??0TraceLogStatus@trace_event@base@@QEAA@XZ
??0TraceResultBuffer@trace_event@base@@QEAA@AEBV012@@Z
??0TraceResultBuffer@trace_event@base@@QEAA@XZ
??0TracedValue@trace_event@base@@QEAA@XZ
??0TracedValue@trace_event@base@@QEAA@_K@Z
??0TracingAgent@trace_event@base@@QEAA@AEBV012@@Z
??0TracingAgent@trace_event@base@@QEAA@XZ
??0TrackedTime@tracked_objects@@AEAA@H@Z
??0TrackedTime@tracked_objects@@QEAA@AEBVTimeTicks@base@@@Z
??0TrackedTime@tracked_objects@@QEAA@XZ
??0TrackingInfo@base@@QEAA@AEBVLocation@tracked_objects@@VTimeTicks@1@@Z
??0TrackingInfo@base@@QEAA@XZ
??0TypeNameDeduplicator@trace_event@base@@QEAA@XZ
??0UnwindFunctions@Win32StackFrameUnwinder@base@@IEAA@XZ
??0VMRegion@ProcessMemoryMaps@trace_event@base@@QEAA@$$QEAU0123@@Z
??0VMRegion@ProcessMemoryMaps@trace_event@base@@QEAA@AEBU0123@@Z
??0VMRegion@ProcessMemoryMaps@trace_event@base@@QEAA@XZ
??0Value@base@@IEAA@AEBV01@@Z
??0Value@base@@IEAA@W4Type@01@@Z
??0ValueDeserializer@base@@QEAA@AEBV01@@Z
??0ValueDeserializer@base@@QEAA@XZ
??0ValueSerializer@base@@QEAA@AEBV01@@Z
??0ValueSerializer@base@@QEAA@XZ
??0Version@base@@QEAA@AEBV01@@Z
??0Version@base@@QEAA@AEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
??0Version@base@@QEAA@XZ
??0VlogInfo@logging@@QEAA@AEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@0PEAH@Z
??0WaitableEvent@base@@QEAA@V?$GenericScopedHandle@VHandleTraits@win@base@@VVerifierTraits@23@@win@1@@Z
??0WaitableEvent@base@@QEAA@_N0@Z
??0WaitableEventWatcher@base@@QEAA@XZ
??0Watchdog@base@@QEAA@AEBVTimeDelta@1@AEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@_N@Z
??0WeakPtrBase@internal@base@@IEAA@AEBVWeakReference@12@@Z
??0WeakPtrBase@internal@base@@QEAA@AEBV012@@Z
??0WeakPtrBase@internal@base@@QEAA@XZ
??0WeakReference@internal@base@@QEAA@AEBV012@@Z
??0WeakReference@internal@base@@QEAA@PEBVFlag@012@@Z
??0WeakReference@internal@base@@QEAA@XZ
??0WeakReferenceOwner@internal@base@@QEAA@AEBV012@@Z
??0WeakReferenceOwner@internal@base@@QEAA@XZ
??0Win32ErrorLogMessage@logging@@QEAA@PEBDHHK@Z
??0Win32StackFrameUnwinder@base@@AEAA@V?$scoped_ptr@VUnwindFunctions@Win32StackFrameUnwinder@base@@U?$default_delete@VUnwindFunctions@Win32StackFrameUnwinder@base@@@std@@@@@Z
??0Win32StackFrameUnwinder@base@@QEAA@XZ
??0WinHeapDumpProvider@trace_event@base@@AEAA@XZ
??1?$BasicValueConverter@H@internal@base@@UEAA@XZ
??1?$BasicValueConverter@N@internal@base@@UEAA@XZ
??1?$BasicValueConverter@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@internal@base@@UEAA@XZ
??1?$BasicValueConverter@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@internal@base@@UEAA@XZ
??1?$BasicValueConverter@_N@internal@base@@UEAA@XZ
??1?$RefCounted@VConvertableToTraceFormat@trace_event@base@@@base@@IEAA@XZ
??1?$RefCounted@VFieldTrial@base@@@base@@IEAA@XZ
??1?$RefCountedThreadSafe@VFlag@WeakReference@internal@base@@U?$DefaultRefCountedThreadSafeTraits@VFlag@WeakReference@internal@base@@@4@@base@@IEAA@XZ
??1?$RefCountedThreadSafe@VIncomingTaskQueue@internal@base@@U?$DefaultRefCountedThreadSafeTraits@VIncomingTaskQueue@internal@base@@@3@@base@@IEAA@XZ
??1?$RefCountedThreadSafe@VMemoryDumpSessionState@trace_event@base@@U?$DefaultRefCountedThreadSafeTraits@VMemoryDumpSessionState@trace_event@base@@@3@@base@@IEAA@XZ
??1?$RefCountedThreadSafe@VRefCountedMemory@base@@U?$DefaultRefCountedThreadSafeTraits@VRefCountedMemory@base@@@2@@base@@IEAA@XZ
??1?$RefCountedThreadSafe@VTaskRunner@base@@UTaskRunnerTraits@2@@base@@IEAA@XZ
??1?$SupportsWeakPtr@VFileProxy@base@@@base@@IEAA@XZ
??1?$ValueConverter@H@internal@base@@UEAA@XZ
??1?$ValueConverter@N@internal@base@@UEAA@XZ
??1?$ValueConverter@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@internal@base@@UEAA@XZ
??1?$ValueConverter@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@internal@base@@UEAA@XZ
??1?$ValueConverter@_N@internal@base@@UEAA@XZ
??1?$queue@UPendingTask@base@@V?$deque@UPendingTask@base@@V?$allocator@UPendingTask@base@@@std@@@std@@@std@@QEAA@XZ
??1AllocationContextTracker@trace_event@base@@QEAA@XZ
??1AllocationRegister@trace_event@base@@QEAA@XZ
??1AsserterBase@base@@UEAA@XZ
??1AtExitManager@base@@QEAA@XZ
??1BinaryValue@base@@UEAA@XZ
??1BirthOnThreadSnapshot@tracked_objects@@QEAA@XZ
??1BooleanHistogram@base@@UEAA@XZ
??1BucketRanges@base@@QEAA@XZ
??1CPU@base@@QEAA@XZ
??1CallStackProfile@StackSamplingProfiler@base@@QEAA@XZ
??1CallbackBase@internal@base@@IEAA@XZ
??1CancelableSyncSocket@base@@UEAA@XZ
??1CancelableTaskTracker@base@@QEAA@XZ

Sections

.text
Size: 770KB - Virtual size: 770KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 452KB - Virtual size: 452KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 46KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
__MACOS__/__MACOS__/__MACOS__/__MACOS__/__MACOS__/filter_installer_biz.dll
.dll windows:6 windows x64 arch:x64

5387784b984c039a9d1ded65139ff8ed

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0f:af:69:d7:a3:81:e9:2b:82:9f:9d:6e:3d:ad:92:5b
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

02/08/2021, 00:00

Not After

01/08/2024, 23:59

Subject

CN=DingTalk Technology Co.\,Ltd.,O=DingTalk Technology Co.\,Ltd.,L=杭州市,ST=浙江省,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0f:af:69:d7:a3:81:e9:2b:82:9f:9d:6e:3d:ad:92:5b
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

02/08/2021, 00:00

Not After

01/08/2024, 23:59

Subject

CN=DingTalk Technology Co.\,Ltd.,O=DingTalk Technology Co.\,Ltd.,L=杭州市,ST=浙江省,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

f3:0a:3b:83:6f:85:19:59:6a:1f:5b:c0:3a:97:43:59:40:e9:23:9e:44:27:c6:54:ce:d7:df:2b:cf:ea:51:c2
Signer

Actual PE Digest

f3:0a:3b:83:6f:85:19:59:6a:1f:5b:c0:3a:97:43:59:40:e9:23:9e:44:27:c6:54:ce:d7:df:2b:cf:ea:51:c2

Digest Algorithm

sha256

PE Digest Matches

true

ae:ef:d0:04:71:64:af:49:28:13:c9:94:3b:92:ad:f4:4c:f9:eb:61
Signer

Actual PE Digest

ae:ef:d0:04:71:64:af:49:28:13:c9:94:3b:92:ad:f4:4c:f9:eb:61

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

F:\x64_others\CrashDumper\symbol\x64\Release\filter_installer_biz.pdb

Imports

kernel32

GetLastError
CloseHandle
ReadProcessMemory
CreateProcessW
GetExitCodeProcess
VirtualProtect
VirtualFree
GetCurrentProcess
VirtualAlloc
GetCurrentThreadId
SuspendThread
GetCurrentThread
GetThreadContext
FlushInstructionCache
SetThreadContext
VirtualQuery
WriteFile
SetFilePointer
GetProcAddress
GetModuleHandleW
FreeLibrary
SizeofResource
FindFirstFileW
EnterCriticalSection
GetModuleFileNameW
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
InitializeCriticalSection
FindClose
CreateFileW
GetSystemDirectoryW
HeapSize
FormatMessageW
OutputDebugStringW
LockResource
DeleteFileW
HeapReAlloc
RaiseException
LoadLibraryW
FindResourceExW
LoadResource
FindResourceW
HeapAlloc
HeapDestroy
DeleteCriticalSection
GetCurrentProcessId
GetProcessHeap
SetUnhandledExceptionFilter
MultiByteToWideChar
WideCharToMultiByte
RtlCaptureContext
OutputDebugStringA
InitializeSListHead
DisableThreadLibraryCalls
GetSystemTimeAsFileTime
QueryPerformanceCounter
ResumeThread
WaitForSingleObject
TerminateProcess
SetLastError
HeapFree
IsDebuggerPresent
IsProcessorFeaturePresent
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
CreateEventW
WaitForSingleObjectEx
ResetEvent
SetEvent

user32

wsprintfW
wvsprintfW

advapi32

GetUserNameA
CryptAcquireContextW
CryptCreateHash
CryptHashData
CryptDestroyHash
CryptReleaseContext
CryptGetHashParam

shlwapi

PathFileExistsW

msvcp140

?_Xlength_error@std@@YAXPEBD@Z

vcruntime140

memset
wcsrchr
_CxxThrowException
memmove
__std_type_info_destroy_list
_set_purecall_handler
__std_exception_copy
__std_exception_destroy
__C_specific_handler
memcpy

vcruntime140_1

__CxxFrameHandler4

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vswprintf
__stdio_common_vsnprintf_s
__stdio_common_vsprintf_s
__stdio_common_vswprintf_s

api-ms-win-crt-string-l1-1-0

wcsnlen
strcpy_s
_strdup
_wcslwr
wmemcpy_s

api-ms-win-crt-runtime-l1-1-0

_initialize_onexit_table
_configure_narrow_argv
_execute_onexit_table
_crt_atexit
_cexit
_initterm
_initterm_e
_seh_filter_dll
_invalid_parameter_noinfo_noreturn
_initialize_narrow_environment
_errno
_invalid_parameter_noinfo
_register_onexit_function
_set_invalid_parameter_handler

api-ms-win-crt-heap-l1-1-0

malloc
_recalloc
calloc
free
_callnewh

api-ms-win-crt-environment-l1-1-0

_wgetenv_s

api-ms-win-crt-convert-l1-1-0

_ui64tow

Exports

Exports

?GetExceptionFilterInstallerService@fi@@YAPEAVIExceptionFilterInstaller@1@XZ

Sections

.text
Size: 70KB - Virtual size: 70KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.detourc
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.detourd
Size: 512B - Virtual size: 64B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
__MACOS__/__MACOS__/__MACOS__/__MACOS__/__MACOS__/help.dll
.dll windows:6 windows x64 arch:x64

49130b6c3b4764cc9d6e66ee0e1d5e3d

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0f:af:69:d7:a3:81:e9:2b:82:9f:9d:6e:3d:ad:92:5b
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

02/08/2021, 00:00

Not After

01/08/2024, 23:59

Subject

CN=DingTalk Technology Co.\,Ltd.,O=DingTalk Technology Co.\,Ltd.,L=杭州市,ST=浙江省,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0f:af:69:d7:a3:81:e9:2b:82:9f:9d:6e:3d:ad:92:5b
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

02/08/2021, 00:00

Not After

01/08/2024, 23:59

Subject

CN=DingTalk Technology Co.\,Ltd.,O=DingTalk Technology Co.\,Ltd.,L=杭州市,ST=浙江省,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

41:33:9a:ba:b8:30:d7:da:54:7e:34:c6:5a:8e:d6:06:29:de:28:40:86:e3:52:52:2f:6a:ee:c6:7e:b3:6c:0c
Signer

Actual PE Digest

41:33:9a:ba:b8:30:d7:da:54:7e:34:c6:5a:8e:d6:06:29:de:28:40:86:e3:52:52:2f:6a:ee:c6:7e:b3:6c:0c

Digest Algorithm

sha256

PE Digest Matches

true

b1:f5:32:80:a2:e8:a6:64:b3:12:db:4f:3d:a5:ea:a9:c9:03:fe:52
Signer

Actual PE Digest

b1:f5:32:80:a2:e8:a6:64:b3:12:db:4f:3d:a5:ea:a9:c9:03:fe:52

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

F:\ACPF_LIBS__win_x64_for_vs2019\zlib-1.2.11\Release\zlibwapi.pdb

Imports

kernel32

ReadFile
WriteFile
SetFilePointer
CreateFileW
GetLastError
CreateFileA
CloseHandle
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
DisableThreadLibraryCalls
InitializeSListHead
RtlCaptureContext
RtlLookupFunctionEntry
GetModuleHandleW
IsProcessorFeaturePresent
GetStartupInfoW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
QueryPerformanceCounter

vcruntime140

__current_exception
__std_type_info_destroy_list
__C_specific_handler
__current_exception_context
memset
memchr
memcpy

api-ms-win-crt-stdio-l1-1-0

_lseeki64
fseek
_wopen
_open
_ftelli64
fopen
ferror
ftell
_write
fclose
fread
_close
_read
fwrite
_fseeki64
__stdio_common_vsprintf

api-ms-win-crt-convert-l1-1-0

wcstombs

api-ms-win-crt-heap-l1-1-0

free
malloc

api-ms-win-crt-runtime-l1-1-0

strerror
_cexit
_initterm
_initterm_e
_seh_filter_dll
_configure_narrow_argv
_initialize_narrow_environment
_initialize_onexit_table
_register_onexit_function
_execute_onexit_table
_crt_atexit
_crt_at_quick_exit
_errno
terminate

api-ms-win-crt-utility-l1-1-0

srand
rand

api-ms-win-crt-time-l1-1-0

_time64

Exports

Exports

adler32
adler32_combine
adler32_z
compress
compress2
compressBound
crc32
crc32_combine
crc32_z
deflate
deflateBound
deflateCopy
deflateEnd
deflateGetDictionary
deflateInit2_
deflateInit_
deflateParams
deflatePending
deflatePrime
deflateReset
deflateResetKeep
deflateSetDictionary
deflateSetHeader
deflateTune
fill_win32_filefunc
fill_win32_filefunc64
fill_win32_filefunc64A
fill_win32_filefunc64W
get_crc_table
gzbuffer
gzclearerr
gzclose
gzclose_r
gzclose_w
gzdirect
gzdopen
gzeof
gzerror
gzflush
gzfread
gzfwrite
gzgetc
gzgetc_
gzgets
gzoffset
gzopen
gzopen_w
gzprintf
gzputc
gzputs
gzread
gzrewind
gzseek
gzsetparams
gztell
gzungetc
gzvprintf
gzwrite
inflate
inflateBack
inflateBackEnd
inflateBackInit_
inflateCodesUsed
inflateCopy
inflateEnd
inflateGetDictionary
inflateGetHeader
inflateInit2_
inflateInit_
inflateMark
inflatePrime
inflateReset
inflateReset2
inflateResetKeep
inflateSetDictionary
inflateSync
inflateSyncPoint
inflateUndermine
inflateValidate
uncompress
uncompress2
unzClose
unzCloseCurrentFile
unzGetCurrentFileInfo
unzGetCurrentFileInfo64
unzGetCurrentFileZStreamPos64
unzGetFilePos
unzGetFilePos64
unzGetGlobalComment
unzGetGlobalInfo
unzGetGlobalInfo64
unzGetLocalExtrafield
unzGoToFilePos
unzGoToFilePos64
unzGoToFirstFile
unzGoToNextFile
unzLocateFile
unzOpen
unzOpen2
unzOpen2_64
unzOpen64
unzOpenCurrentFile
unzOpenCurrentFile2
unzOpenCurrentFile3
unzOpenCurrentFilePassword
unzReadCurrentFile
unzStringFileNameCompare
unzeof
unztell
unztell64
zError
zipClose
zipCloseFileInZip
zipCloseFileInZipRaw
zipCloseFileInZipRaw64
zipOpen
zipOpen2
zipOpen2_64
zipOpen64
zipOpenNewFileInZip
zipOpenNewFileInZip2
zipOpenNewFileInZip2_64
zipOpenNewFileInZip3
zipOpenNewFileInZip3_64
zipOpenNewFileInZip4_64
zipOpenNewFileInZip64
zipWriteInFileInZip
zlibCompileFlags
zlibVersion

Sections

.text
Size: 73KB - Virtual size: 72KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 30KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 232B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 920B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 112B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
__MACOS__/__MACOS__/__MACOS__/__MACOS__/__MACOS__/ipc_core.dll
.dll windows:6 windows x64 arch:x64

0ba78fc00bbd9bca332fc0734423adc6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

F:\Demo\ipc_sdk_fix\_win_x64\bin\RelWithDebInfo\ipc_core.pdb

Imports

advapi32

OpenProcessToken
GetUserNameW
RegCloseKey
RegOpenKeyExW
RegQueryValueExW
CryptAcquireContextW
CryptReleaseContext
CryptGenRandom
SystemFunction036

iphlpapi

GetAdaptersAddresses

userenv

GetUserProfileDirectoryW

ws2_32

WSAIoctl
WSARecv
WSASend
WSADuplicateSocketW
htonl
WSARecvFrom
WSASendTo
WSASetLastError
WSAStartup
select
socket
WSASocketW
ntohs
closesocket
getsockopt
setsockopt
WSAGetLastError
htons
bind
ioctlsocket
getpeername
getsockname
listen
shutdown

kernel32

RtlCaptureContext
GetModuleHandleW
WaitForSingleObjectEx
InitializeCriticalSectionAndSpinCount
RtlLookupFunctionEntry
InitOnceBeginInitialize
RtlVirtualUnwind
IsProcessorFeaturePresent
IsDebuggerPresent
GetCurrentThreadId
GetSystemTimeAsFileTime
InitOnceComplete
SetUnhandledExceptionFilter
UnhandledExceptionFilter
InitializeSListHead
VirtualUnlock
VirtualLock
VirtualFree
VirtualProtect
GetLastError
LocalAlloc
LocalFree
GetCurrentProcessId
GetTickCount
CloseHandle
SetErrorMode
CreateIoCompletionPort
GetQueuedCompletionStatus
SetHandleInformation
PostQueuedCompletionStatus
CancelIo
CreateEventW
RegisterWaitForSingleObject
UnregisterWait
VerSetConditionMask
GetEnvironmentVariableW
SetEnvironmentVariableW
SetCurrentDirectoryW
GetCurrentDirectoryW
GetTempPathW
QueryPerformanceCounter
QueryPerformanceFrequency
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetProcessTimes
GetCurrentProcess
GlobalMemoryStatusEx
GetSystemInfo
GetModuleFileNameW
VerifyVersionInfoW
FileTimeToSystemTime
MultiByteToWideChar
WideCharToMultiByte
GetConsoleTitleW
SetConsoleTitleW
K32GetProcessMemoryInfo
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
GetFileType
GetConsoleMode
TryEnterCriticalSection
DeleteCriticalSection
SetEvent
ResetEvent
ReleaseSemaphore
WaitForSingleObject
WaitForMultipleObjects
CreateSemaphoreW
ResumeThread
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
CreateFileW
FlushFileBuffers
ReadFile
WriteFile
DuplicateHandle
SetLastError
ConnectNamedPipe
SetNamedPipeHandleState
PeekNamedPipe
CreateNamedPipeW
WaitNamedPipeW
GetNamedPipeHandleStateW
SwitchToThread
GetCurrentThread
QueueUserWorkItem
CreateNamedPipeA
SetConsoleMode
GetNumberOfConsoleInputEvents
ReadConsoleInputW
ReadConsoleW
WriteConsoleW
FillConsoleOutputCharacterW
FillConsoleOutputAttribute
GetConsoleCursorInfo
SetConsoleCursorInfo
GetConsoleScreenBufferInfo
SetConsoleCursorPosition
SetConsoleTextAttribute
WriteConsoleInputW
Sleep
SetConsoleCtrlHandler
GetFileAttributesW
TerminateProcess
GetExitCodeProcess
CreateProcessW
OpenProcess
UnregisterWaitEx
CreateJobObjectW
AssignProcessToJobObject
SetInformationJobObject
LCMapStringW
FormatMessageA
CreateDirectoryW
GetFileInformationByHandle
RemoveDirectoryW
SetFileTime
DeviceIoControl
MoveFileExW
CreateHardLinkW
GetLongPathNameW
GetShortPathNameW
ReadDirectoryChangesW
GetModuleHandleA
GetProcAddress
GetStdHandle
CreateFileA
GetStartupInfoW
VirtualAlloc

ole32

CoCreateGuid

msvcp140

??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@F@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?_Xbad_alloc@std@@YAXXZ
?_Xlength_error@std@@YAXPEBD@Z
?_Xbad_function_call@std@@YAXXZ
_Mbrtowc
?_Getcvt@_Locinfo@std@@QEBA?AU_Cvtvec@@XZ
?_W_Getdays@_Locinfo@std@@QEBAPEBGXZ
?_W_Getmonths@_Locinfo@std@@QEBAPEBGXZ
?uncaught_exception@std@@YA_NXZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@_J@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@_N@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@H@Z
?_Xout_of_range@std@@YAXPEBD@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@_K@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@K@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@PEBX@Z
_Mtx_init_in_situ
_Mtx_destroy_in_situ
_Mtx_lock
_Mtx_unlock
?_Throw_C_error@std@@YAXH@Z
??4?$_Yarn@D@std@@QEAAAEAV01@PEBD@Z
??Bid@locale@std@@QEAA_KXZ
?_New_Locimp@_Locimp@locale@std@@CAPEAV123@AEBV123@@Z
?_Locimp_Addfac@_Locimp@locale@std@@CAXPEAV123@PEAVfacet@23@_K@Z
?_Init@locale@std@@CAPEAV_Locimp@12@_N@Z
?out@?$codecvt@_WDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEB_W1AEAPEB_WPEAD3AEAPEAD@Z
??0?$codecvt@_WDU_Mbstatet@@@std@@QEAA@_K@Z
??1?$codecvt@_WDU_Mbstatet@@@std@@MEAA@XZ
?_Decref@facet@locale@std@@UEAAPEAV_Facet_base@3@XZ
?_Incref@facet@locale@std@@UEAAXXZ
?id@?$codecvt@_WDU_Mbstatet@@@std@@2V0locale@2@A
_Xtime_get_ticks
_Query_perf_counter
_Query_perf_frequency
_Thrd_detach
_Thrd_sleep
_Thrd_id
_Cnd_do_broadcast_at_thread_exit
?_Throw_Cpp_error@std@@YAXH@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@I@Z
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z
?setw@std@@YA?AU?$_Smanip@_J@1@_J@Z
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ

crypt32

CryptMsgGetParam
CertCloseStore
CertFindCertificateInStore
CertFreeCertificateContext
CertGetNameStringW
CryptQueryObject
CryptMsgClose

wintrust

WinVerifyTrust

vcruntime140

__std_type_info_destroy_list
__current_exception_context
__current_exception
__C_specific_handler
wcsrchr
wcschr
strchr
__RTDynamicCast
memchr
memset
memcmp
memmove
memcpy
_CxxThrowException
_purecall
__std_terminate
__std_exception_copy
__std_exception_destroy

vcruntime140_1

__CxxFrameHandler4

api-ms-win-crt-runtime-l1-1-0

__doserrno
exit
abort
_beginthreadex
terminate
_errno
_invalid_parameter_noinfo_noreturn
_initterm_e
_initterm
_cexit
_crt_at_quick_exit
raise
_set_invalid_parameter_handler
_seh_filter_dll
_configure_narrow_argv
_initialize_narrow_environment
_initialize_onexit_table
_register_onexit_function
_execute_onexit_table
_crt_atexit

api-ms-win-crt-heap-l1-1-0

malloc
free
calloc
_callnewh
realloc

api-ms-win-crt-convert-l1-1-0

wcstombs
atoi

api-ms-win-crt-stdio-l1-1-0

_write
_read
_open_osfhandle
_lseeki64
__p__fmode
__acrt_iob_func
_get_osfhandle
__stdio_common_vsnprintf_s
__stdio_common_vfprintf
_close
__stdio_common_vsprintf
__stdio_common_vsnwprintf_s

api-ms-win-crt-time-l1-1-0

_localtime64_s
_time64

api-ms-win-crt-environment-l1-1-0

getenv

api-ms-win-crt-string-l1-1-0

wcsncmp
strncpy_s
wcsncpy_s
_wcsrev
_wcsnicmp
wcspbrk
_wcsdup

api-ms-win-crt-utility-l1-1-0

qsort

api-ms-win-crt-filesystem-l1-1-0

_umask
_wchmod
_wmkdir
_wrmdir

Exports

Exports

CreateServiceHost
CreateServiceInvoker
DestroyServiceHost
DestroyServiceInvoker
InitIPCCoreRuntime

Sections

.text
Size: 904KB - Virtual size: 903KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 210KB - Virtual size: 210KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 46KB - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 41KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 1024B - Virtual size: 782B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.00cfg
Size: 512B - Virtual size: 337B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
__MACOS__/__MACOS__/__MACOS__/__MACOS__/__MACOS__/msvcp140.dll
.dll windows:6 windows x64 arch:x64

2ba11fd5a511c8a409e705e9ab6b5dc1

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0f:af:69:d7:a3:81:e9:2b:82:9f:9d:6e:3d:ad:92:5b
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

02/08/2021, 00:00

Not After

01/08/2024, 23:59

Subject

CN=DingTalk Technology Co.\,Ltd.,O=DingTalk Technology Co.\,Ltd.,L=杭州市,ST=浙江省,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0f:af:69:d7:a3:81:e9:2b:82:9f:9d:6e:3d:ad:92:5b
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

02/08/2021, 00:00

Not After

01/08/2024, 23:59

Subject

CN=DingTalk Technology Co.\,Ltd.,O=DingTalk Technology Co.\,Ltd.,L=杭州市,ST=浙江省,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

18:67:30:15:ed:b1:3a:f0:82:18:b0:d9:26:25:09:bb:ed:24:fd:a9:78:e1:e6:7e:7f:ff:79:d0:05:98:45:c7
Signer

Actual PE Digest

18:67:30:15:ed:b1:3a:f0:82:18:b0:d9:26:25:09:bb:ed:24:fd:a9:78:e1:e6:7e:7f:ff:79:d0:05:98:45:c7

Digest Algorithm

sha256

PE Digest Matches

true

a0:e2:19:5e:b5:87:0f:c9:98:f4:ba:02:07:bd:cd:80:69:f4:83:39
Signer

Actual PE Digest

a0:e2:19:5e:b5:87:0f:c9:98:f4:ba:02:07:bd:cd:80:69:f4:83:39

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

d:\a01\_work\12\s\\binaries\amd64ret\bin\amd64\\msvcp140.amd64.pdb

Imports

vcruntime140

__current_exception_context
__C_specific_handler
memcmp
__uncaught_exceptions
__uncaught_exception
memchr
memmove
__std_terminate
_purecall
memset
memcpy
_CxxThrowException
__AdjustPointer
__current_exception
__std_exception_destroy
__std_type_info_destroy_list
__std_exception_copy

vcruntime140_1

__CxxFrameHandler4

api-ms-win-crt-heap-l1-1-0

_callnewh
realloc
calloc
free
malloc

api-ms-win-crt-runtime-l1-1-0

_seh_filter_dll
_configure_narrow_argv
abort
_initterm_e
_initialize_narrow_environment
_execute_onexit_table
_endthreadex
_beginthreadex
terminate
_set_new_handler
_invalid_parameter_noinfo_noreturn
_register_onexit_function
_initialize_onexit_table
_initterm
_crt_atexit
_cexit
_errno

api-ms-win-crt-string-l1-1-0

isdigit
isspace
isxdigit
iswxdigit
__strncnt
wcsnlen
iswspace
isupper
wcscpy_s
iswalnum
iswdigit
isalnum
islower
_wcsdup
tolower
strcspn

api-ms-win-crt-locale-l1-1-0

_lock_locales
__pctype_func
___lc_locale_name_func
setlocale
___lc_codepage_func
___mb_cur_max_func
___lc_collate_cp_func
_unlock_locales
localeconv

api-ms-win-crt-stdio-l1-1-0

fputs
fgetwc
fseek
_fsopen
_wfsopen
fputwc
ungetwc
__stdio_common_vsprintf_s
__acrt_iob_func
_get_stream_buffer_pointers
fclose
fflush
fgetc
fgetpos
fputc
fread
fsetpos
_fseeki64
fwrite
setvbuf
ungetc

api-ms-win-crt-filesystem-l1-1-0

_unlock_file
_lock_file
_wrmdir
_wrename
_wchdir
_wremove

api-ms-win-crt-time-l1-1-0

_W_Getmonths
_W_Getdays
_Gettnames
_Getmonths
_W_Gettnames
_Wcsftime
_Getdays
_Strftime

api-ms-win-crt-environment-l1-1-0

_wgetcwd

api-ms-win-crt-math-l1-1-0

pow
powf
ldexp
frexp
logf
log

api-ms-win-crt-convert-l1-1-0

btowc
strtod
strtof

api-ms-win-crt-utility-l1-1-0

rand_s

kernel32

SubmitThreadpoolWork
RaiseException
CompareStringEx
MultiByteToWideChar
GetCPInfo
InitializeSListHead
WideCharToMultiByte
LCMapStringEx
GetLocaleInfoEx
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
CreateDirectoryW
CreateFileW
FindClose
FindFirstFileExW
FindNextFileW
GetDiskFreeSpaceExW
GetFileAttributesExW
GetCurrentProcessId
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetFileInformationByHandleEx
GetProcAddress
GetModuleHandleW
CloseThreadpoolWait
SetThreadpoolWait
CreateThreadpoolWait
CloseThreadpoolTimer
WaitForThreadpoolTimerCallbacks
SetThreadpoolTimer
CreateThreadpoolTimer
GetTickCount64
GetSystemTimeAsFileTime
GetCurrentProcessorNumber
FlushProcessWriteBuffers
CreateSemaphoreExW
CreateEventExW
SetFileInformationByHandle
InitOnceExecuteOnce
GetStringTypeW
QueryPerformanceFrequency
QueryPerformanceCounter
GetModuleHandleExW
CloseThreadpoolWork
RtlPcToFileHeader
CreateThreadpoolWork
FreeLibraryWhenCallbackReturns
IsProcessorFeaturePresent
RtlCaptureStackBackTrace
DeleteCriticalSection
TryEnterCriticalSection
InitializeCriticalSectionEx
LeaveCriticalSection
EnterCriticalSection
InitializeSRWLock
GetNativeSystemInfo
GetExitCodeThread
GetCurrentThreadId
SwitchToThread
Sleep
WaitForSingleObjectEx
SleepConditionVariableSRW
SleepConditionVariableCS
WakeAllConditionVariable
WakeConditionVariable
InitializeConditionVariable
FormatMessageA
LocalFree
DecodePointer
EncodePointer
CreateSymbolicLinkW
CreateHardLinkW
CopyFileW
GetLastError
CloseHandle
AreFileApisANSI
GetTempPathW
SetFileTime
SetFilePointerEx
SetFileAttributesW
SetEndOfFile
GetFileInformationByHandle

Exports

Exports

??$_Getvals@_W@?$time_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@IEAAX_WAEBV_Locinfo@1@@Z
??$_Getvals@_W@?$time_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@IEAAX_WAEBV_Locinfo@1@@Z
??$_Getvals@_W@?$time_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@IEAAX_WAEBV_Locinfo@1@@Z
??0?$_Yarn@D@std@@QEAA@AEBV01@@Z
??0?$_Yarn@D@std@@QEAA@PEBD@Z
??0?$_Yarn@D@std@@QEAA@XZ
??0?$_Yarn@G@std@@QEAA@AEBV01@@Z
??0?$_Yarn@G@std@@QEAA@PEBG@Z
??0?$_Yarn@G@std@@QEAA@XZ
??0?$_Yarn@_W@std@@QEAA@AEBV01@@Z
??0?$_Yarn@_W@std@@QEAA@PEB_W@Z
??0?$_Yarn@_W@std@@QEAA@XZ
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
??0?$basic_ios@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??0?$basic_ios@GU?$char_traits@G@std@@@std@@IEAA@XZ
??0?$basic_ios@GU?$char_traits@G@std@@@std@@QEAA@PEAV?$basic_streambuf@GU?$char_traits@G@std@@@1@@Z
??0?$basic_ios@_WU?$char_traits@_W@std@@@std@@IEAA@XZ
??0?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEAA@PEAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@@Z
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@IEAA@$$QEAV01@@Z
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??0?$basic_iostream@GU?$char_traits@G@std@@@std@@IEAA@$$QEAV01@@Z
??0?$basic_iostream@GU?$char_traits@G@std@@@std@@QEAA@PEAV?$basic_streambuf@GU?$char_traits@G@std@@@1@@Z
??0?$basic_iostream@_WU?$char_traits@_W@std@@@std@@IEAA@$$QEAV01@@Z
??0?$basic_iostream@_WU?$char_traits@_W@std@@@std@@QEAA@PEAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@@Z
??0?$basic_istream@DU?$char_traits@D@std@@@std@@IEAA@$$QEAV01@@Z
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N1@Z
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@W4_Uninitialized@1@@Z
??0?$basic_istream@GU?$char_traits@G@std@@@std@@IEAA@$$QEAV01@@Z
??0?$basic_istream@GU?$char_traits@G@std@@@std@@QEAA@PEAV?$basic_streambuf@GU?$char_traits@G@std@@@1@_N1@Z
??0?$basic_istream@GU?$char_traits@G@std@@@std@@QEAA@PEAV?$basic_streambuf@GU?$char_traits@G@std@@@1@_N@Z
??0?$basic_istream@GU?$char_traits@G@std@@@std@@QEAA@W4_Uninitialized@1@@Z
??0?$basic_istream@_WU?$char_traits@_W@std@@@std@@IEAA@$$QEAV01@@Z
??0?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAA@PEAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@_N1@Z
??0?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAA@PEAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@_N@Z
??0?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAA@W4_Uninitialized@1@@Z
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@IEAA@$$QEAV01@@Z
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@W4_Uninitialized@1@_N@Z
??0?$basic_ostream@GU?$char_traits@G@std@@@std@@IEAA@$$QEAV01@@Z
??0?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAA@PEAV?$basic_streambuf@GU?$char_traits@G@std@@@1@_N@Z
??0?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAA@W4_Uninitialized@1@_N@Z
??0?$basic_ostream@_WU?$char_traits@_W@std@@@std@@IEAA@$$QEAV01@@Z
??0?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAA@PEAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@_N@Z
??0?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAA@W4_Uninitialized@1@_N@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@AEBV01@@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@W4_Uninitialized@1@@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
??0?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAA@AEBV01@@Z
??0?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAA@W4_Uninitialized@1@@Z
??0?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAA@XZ
??0?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAA@AEBV01@@Z
??0?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAA@W4_Uninitialized@1@@Z
??0?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAA@XZ
??0?$codecvt@DDU_Mbstatet@@@std@@QEAA@AEBV_Locinfo@1@_K@Z
??0?$codecvt@DDU_Mbstatet@@@std@@QEAA@_K@Z
??0?$codecvt@GDU_Mbstatet@@@std@@QEAA@AEBV_Locinfo@1@_K@Z
??0?$codecvt@GDU_Mbstatet@@@std@@QEAA@_K@Z
??0?$codecvt@_SDU_Mbstatet@@@std@@QEAA@AEBV_Locinfo@1@KW4_Codecvt_mode@1@_K@Z
??0?$codecvt@_SDU_Mbstatet@@@std@@QEAA@AEBV_Locinfo@1@_K@Z
??0?$codecvt@_SDU_Mbstatet@@@std@@QEAA@_K@Z
??0?$codecvt@_UDU_Mbstatet@@@std@@QEAA@AEBV_Locinfo@1@KW4_Codecvt_mode@1@_K@Z
??0?$codecvt@_UDU_Mbstatet@@@std@@QEAA@AEBV_Locinfo@1@_K@Z
??0?$codecvt@_UDU_Mbstatet@@@std@@QEAA@_K@Z
??0?$codecvt@_WDU_Mbstatet@@@std@@QEAA@AEBV_Locinfo@1@_K@Z
??0?$codecvt@_WDU_Mbstatet@@@std@@QEAA@_K@Z
??0?$ctype@D@std@@QEAA@AEBV_Locinfo@1@_K@Z
??0?$ctype@D@std@@QEAA@PEBF_N_K@Z
??0?$ctype@G@std@@QEAA@AEBV_Locinfo@1@_K@Z
??0?$ctype@G@std@@QEAA@_K@Z
??0?$ctype@_W@std@@QEAA@AEBV_Locinfo@1@_K@Z
??0?$ctype@_W@std@@QEAA@_K@Z
??0?$num_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QEAA@AEBV_Locinfo@1@_K@Z
??0?$num_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QEAA@_K@Z
??0?$num_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QEAA@AEBV_Locinfo@1@_K@Z
??0?$num_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QEAA@_K@Z
??0?$num_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@QEAA@AEBV_Locinfo@1@_K@Z
??0?$num_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@QEAA@_K@Z
??0?$num_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QEAA@AEBV_Locinfo@1@_K@Z
??0?$num_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QEAA@_K@Z
??0?$num_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QEAA@AEBV_Locinfo@1@_K@Z
??0?$num_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QEAA@_K@Z
??0?$num_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@QEAA@AEBV_Locinfo@1@_K@Z
??0?$num_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@QEAA@_K@Z
??0?$time_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@IEAA@PEBD_K@Z
??0?$time_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QEAA@AEBV_Locinfo@1@_K@Z
??0?$time_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QEAA@_K@Z
??0?$time_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@IEAA@PEBD_K@Z
??0?$time_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QEAA@AEBV_Locinfo@1@_K@Z
??0?$time_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QEAA@_K@Z
??0?$time_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@IEAA@PEBD_K@Z
??0?$time_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@QEAA@AEBV_Locinfo@1@_K@Z
??0?$time_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@QEAA@_K@Z
??0?$time_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QEAA@AEBV_Locinfo@1@_K@Z
??0?$time_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QEAA@_K@Z
??0?$time_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@IEAA@PEBD_K@Z
??0?$time_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QEAA@AEBV_Locinfo@1@_K@Z
??0?$time_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QEAA@_K@Z
??0?$time_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@IEAA@PEBD_K@Z
??0?$time_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@QEAA@AEBV_Locinfo@1@_K@Z
??0?$time_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@QEAA@_K@Z
??0Init@ios_base@std@@QEAA@XZ
??0_Facet_base@std@@QEAA@AEBV01@@Z
??0_Facet_base@std@@QEAA@XZ
??0_Init_locks@std@@QEAA@XZ
??0_Locimp@locale@std@@AEAA@AEBV012@@Z
??0_Locimp@locale@std@@AEAA@_N@Z
??0_Locinfo@std@@QEAA@HPEBD@Z
??0_Locinfo@std@@QEAA@PEBD@Z
??0_Lockit@std@@QEAA@H@Z
??0_Lockit@std@@QEAA@XZ
??0_Timevec@std@@QEAA@AEBV01@@Z
??0_Timevec@std@@QEAA@PEAX@Z
??0_UShinit@std@@QEAA@XZ
??0_Winit@std@@QEAA@XZ
??0codecvt_base@std@@QEAA@_K@Z
??0ctype_base@std@@QEAA@_K@Z
??0facet@locale@std@@IEAA@_K@Z
??0id@locale@std@@QEAA@_K@Z
??0ios_base@std@@IEAA@XZ
??0task_continuation_context@Concurrency@@AEAA@XZ
??0time_base@std@@QEAA@_K@Z
??1?$_Yarn@D@std@@QEAA@XZ
??1?$_Yarn@G@std@@QEAA@XZ
??1?$_Yarn@_W@std@@QEAA@XZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1?$basic_ios@GU?$char_traits@G@std@@@std@@UEAA@XZ
??1?$basic_ios@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1?$basic_iostream@GU?$char_traits@G@std@@@std@@UEAA@XZ
??1?$basic_iostream@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1?$basic_istream@GU?$char_traits@G@std@@@std@@UEAA@XZ
??1?$basic_istream@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1?$basic_ostream@GU?$char_traits@G@std@@@std@@UEAA@XZ
??1?$basic_ostream@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAA@XZ
??1?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
??1?$codecvt@DDU_Mbstatet@@@std@@MEAA@XZ
??1?$codecvt@GDU_Mbstatet@@@std@@MEAA@XZ
??1?$codecvt@_SDU_Mbstatet@@@std@@MEAA@XZ
??1?$codecvt@_UDU_Mbstatet@@@std@@MEAA@XZ
??1?$codecvt@_WDU_Mbstatet@@@std@@MEAA@XZ
??1?$ctype@D@std@@MEAA@XZ
??1?$ctype@G@std@@MEAA@XZ
??1?$ctype@_W@std@@MEAA@XZ
??1?$num_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@MEAA@XZ
??1?$num_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@MEAA@XZ
??1?$num_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@MEAA@XZ
??1?$num_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@MEAA@XZ
??1?$num_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@MEAA@XZ
??1?$num_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@MEAA@XZ
??1?$time_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@MEAA@XZ
??1?$time_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@MEAA@XZ
??1?$time_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@MEAA@XZ
??1?$time_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@MEAA@XZ
??1?$time_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@MEAA@XZ
??1?$time_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@MEAA@XZ
??1Init@ios_base@std@@QEAA@XZ
??1_Facet_base@std@@UEAA@XZ
??1_Init_locks@std@@QEAA@XZ
??1_Locimp@locale@std@@MEAA@XZ
??1_Locinfo@std@@QEAA@XZ
??1_Lockit@std@@QEAA@XZ
??1_Timevec@std@@QEAA@XZ
??1_UShinit@std@@QEAA@XZ
??1_Winit@std@@QEAA@XZ
??1codecvt_base@std@@UEAA@XZ
??1ctype_base@std@@UEAA@XZ
??1facet@locale@std@@MEAA@XZ
??1ios_base@std@@UEAA@XZ
??1time_base@std@@UEAA@XZ
??4?$_Iosb@H@std@@QEAAAEAV01@$$QEAV01@@Z
??4?$_Iosb@H@std@@QEAAAEAV01@AEBV01@@Z
??4?$_Yarn@D@std@@QEAAAEAV01@AEBV01@@Z
??4?$_Yarn@D@std@@QEAAAEAV01@PEBD@Z
??4?$_Yarn@G@std@@QEAAAEAV01@AEBV01@@Z
??4?$_Yarn@G@std@@QEAAAEAV01@PEBG@Z
??4?$_Yarn@_W@std@@QEAAAEAV01@AEBV01@@Z
??4?$_Yarn@_W@std@@QEAAAEAV01@PEB_W@Z
??4?$basic_iostream@DU?$char_traits@D@std@@@std@@IEAAAEAV01@$$QEAV01@@Z
??4?$basic_iostream@GU?$char_traits@G@std@@@std@@IEAAAEAV01@$$QEAV01@@Z
??4?$basic_iostream@_WU?$char_traits@_W@std@@@std@@IEAAAEAV01@$$QEAV01@@Z
??4?$basic_istream@DU?$char_traits@D@std@@@std@@IEAAAEAV01@$$QEAV01@@Z
??4?$basic_istream@GU?$char_traits@G@std@@@std@@IEAAAEAV01@$$QEAV01@@Z
??4?$basic_istream@_WU?$char_traits@_W@std@@@std@@IEAAAEAV01@$$QEAV01@@Z
??4?$basic_ostream@DU?$char_traits@D@std@@@std@@IEAAAEAV01@$$QEAV01@@Z
??4?$basic_ostream@GU?$char_traits@G@std@@@std@@IEAAAEAV01@$$QEAV01@@Z
??4?$basic_ostream@_WU?$char_traits@_W@std@@@std@@IEAAAEAV01@$$QEAV01@@Z
??4?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAAEAV01@AEBV01@@Z
??4?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAAEAV01@AEBV01@@Z
??4?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAAAEAV01@AEBV01@@Z
??4Init@ios_base@std@@QEAAAEAV012@AEBV012@@Z
??4_Crt_new_delete@std@@QEAAAEAU01@$$QEAU01@@Z
??4_Crt_new_delete@std@@QEAAAEAU01@AEBU01@@Z
??4_Facet_base@std@@QEAAAEAV01@AEBV01@@Z
??4_Init_locks@std@@QEAAAEAV01@AEBV01@@Z
??4_Timevec@std@@QEAAAEAV01@AEBV01@@Z
??4_UShinit@std@@QEAAAEAV01@AEBV01@@Z
??4_Winit@std@@QEAAAEAV01@AEBV01@@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEAF@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEAG@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEAH@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEAI@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEAJ@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEAK@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEAM@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEAN@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEAO@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEAPEAX@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEA_J@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEA_K@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEA_N@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV?$basic_ios@DU?$char_traits@D@std@@@1@AEAV21@@Z@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@AEAF@Z
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@AEAG@Z
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@AEAH@Z
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@AEAI@Z
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@AEAJ@Z
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@AEAK@Z
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@AEAM@Z
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@AEAN@Z
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@AEAO@Z
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@AEAPEAX@Z
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@AEA_J@Z
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@AEA_K@Z
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@AEA_N@Z
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@P6AAEAV?$basic_ios@GU?$char_traits@G@std@@@1@AEAV21@@Z@Z
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@PEAV?$basic_streambuf@GU?$char_traits@G@std@@@1@@Z
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@AEAF@Z
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@AEAG@Z
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@AEAH@Z
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@AEAI@Z
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@AEAJ@Z
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@AEAK@Z
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@AEAM@Z
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@AEAN@Z
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@AEAO@Z
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@AEAPEAX@Z
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@AEA_J@Z
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@AEA_K@Z
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@AEA_N@Z
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@P6AAEAV?$basic_ios@_WU?$char_traits@_W@std@@@1@AEAV21@@Z@Z
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@PEAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@F@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@G@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@H@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@I@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@J@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@K@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@M@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@N@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@O@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV?$basic_ios@DU?$char_traits@D@std@@@1@AEAV21@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@PEBX@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@_J@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@_K@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@_N@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@F@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@G@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@H@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@I@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@J@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@K@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@M@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@N@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@O@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@P6AAEAV?$basic_ios@GU?$char_traits@G@std@@@1@AEAV21@@Z@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@PEAV?$basic_streambuf@GU?$char_traits@G@std@@@1@@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@PEBX@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@_J@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@_K@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@_N@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@F@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@G@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@H@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@I@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@J@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@K@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@M@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@N@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@O@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@P6AAEAV?$basic_ios@_WU?$char_traits@_W@std@@@1@AEAV21@@Z@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@PEAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@PEBX@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@_J@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@_K@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@_N@Z
??7ios_base@std@@QEBA_NXZ
??Bid@locale@std@@QEAA_KXZ
??Bios_base@std@@QEBA_NXZ
??_7?$basic_ios@DU?$char_traits@D@std@@@std@@6B@
??_7?$basic_ios@GU?$char_traits@G@std@@@std@@6B@
??_7?$basic_ios@_WU?$char_traits@_W@std@@@std@@6B@
??_7?$basic_iostream@DU?$char_traits@D@std@@@std@@6B@
??_7?$basic_iostream@GU?$char_traits@G@std@@@std@@6B@
??_7?$basic_iostream@_WU?$char_traits@_W@std@@@std@@6B@
??_7?$basic_istream@DU?$char_traits@D@std@@@std@@6B@
??_7?$basic_istream@GU?$char_traits@G@std@@@std@@6B@
??_7?$basic_istream@_WU?$char_traits@_W@std@@@std@@6B@
??_7?$basic_ostream@DU?$char_traits@D@std@@@std@@6B@
??_7?$basic_ostream@GU?$char_traits@G@std@@@std@@6B@
??_7?$basic_ostream@_WU?$char_traits@_W@std@@@std@@6B@
??_7?$basic_streambuf@DU?$char_traits@D@std@@@std@@6B@
??_7?$basic_streambuf@GU?$char_traits@G@std@@@std@@6B@
??_7?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@6B@
??_7?$codecvt@DDU_Mbstatet@@@std@@6B@
??_7?$codecvt@GDU_Mbstatet@@@std@@6B@
??_7?$codecvt@_SDU_Mbstatet@@@std@@6B@
??_7?$codecvt@_UDU_Mbstatet@@@std@@6B@
??_7?$codecvt@_WDU_Mbstatet@@@std@@6B@
??_7?$ctype@D@std@@6B@
??_7?$ctype@G@std@@6B@
??_7?$ctype@_W@std@@6B@
??_7?$num_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@6B@
??_7?$num_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@6B@
??_7?$num_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@6B@
??_7?$num_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@6B@
??_7?$num_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@6B@
??_7?$num_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@6B@
??_7?$time_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@6B@
??_7?$time_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@6B@
??_7?$time_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@6B@
??_7?$time_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@6B@
??_7?$time_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@6B@
??_7?$time_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@6B@
??_7_Facet_base@std@@6B@
??_7_Locimp@locale@std@@6B@
??_7codecvt_base@std@@6B@
??_7ctype_base@std@@6B@
??_7facet@locale@std@@6B@
??_7ios_base@std@@6B@
??_7time_base@std@@6B@
??_8?$basic_iostream@DU?$char_traits@D@std@@@std@@7B?$basic_istream@DU?$char_traits@D@std@@@1@@
??_8?$basic_iostream@DU?$char_traits@D@std@@@std@@7B?$basic_ostream@DU?$char_traits@D@std@@@1@@
??_8?$basic_iostream@GU?$char_traits@G@std@@@std@@7B?$basic_istream@GU?$char_traits@G@std@@@1@@
??_8?$basic_iostream@GU?$char_traits@G@std@@@std@@7B?$basic_ostream@GU?$char_traits@G@std@@@1@@
??_8?$basic_iostream@_WU?$char_traits@_W@std@@@std@@7B?$basic_istream@_WU?$char_traits@_W@std@@@1@@
??_8?$basic_iostream@_WU?$char_traits@_W@std@@@std@@7B?$basic_ostream@_WU?$char_traits@_W@std@@@1@@
??_8?$basic_istream@DU?$char_traits@D@std@@@std@@7B@
??_8?$basic_istream@GU?$char_traits@G@std@@@std@@7B@
??_8?$basic_istream@_WU?$char_traits@_W@std@@@std@@7B@
??_8?$basic_ostream@DU?$char_traits@D@std@@@std@@7B@
??_8?$basic_ostream@GU?$char_traits@G@std@@@std@@7B@
??_8?$basic_ostream@_WU?$char_traits@_W@std@@@std@@7B@
??_D?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
??_D?$basic_iostream@GU?$char_traits@G@std@@@std@@QEAAXXZ
??_D?$basic_iostream@_WU?$char_traits@_W@std@@@std@@QEAAXXZ
??_D?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAXXZ
??_D?$basic_istream@GU?$char_traits@G@std@@@std@@QEAAXXZ
??_D?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAAXXZ
??_D?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
??_D?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAXXZ
??_D?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAXXZ
??_F?$codecvt@DDU_Mbstatet@@@std@@QEAAXXZ
??_F?$codecvt@GDU_Mbstatet@@@std@@QEAAXXZ
??_F?$codecvt@_SDU_Mbstatet@@@std@@QEAAXXZ
??_F?$codecvt@_UDU_Mbstatet@@@std@@QEAAXXZ
??_F?$codecvt@_WDU_Mbstatet@@@std@@QEAAXXZ
??_F?$ctype@D@std@@QEAAXXZ
??_F?$ctype@G@std@@QEAAXXZ
??_F?$ctype@_W@std@@QEAAXXZ
??_F?$num_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QEAAXXZ
??_F?$num_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QEAAXXZ
??_F?$num_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@QEAAXXZ
??_F?$num_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QEAAXXZ
??_F?$num_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QEAAXXZ
??_F?$num_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@QEAAXXZ
??_F?$time_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QEAAXXZ
??_F?$time_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QEAAXXZ
??_F?$time_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@QEAAXXZ
??_F?$time_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QEAAXXZ
??_F?$time_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QEAAXXZ
??_F?$time_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@QEAAXXZ
??_F_Locinfo@std@@QEAAXXZ
??_F_Timevec@std@@QEAAXXZ
??_Fcodecvt_base@std@@QEAAXXZ
??_Fctype_base@std@@QEAAXXZ
??_Ffacet@locale@std@@QEAAXXZ
??_Fid@locale@std@@QEAAXXZ
??_Ftime_base@std@@QEAAXXZ
?CaptureCallstack@platform@details@Concurrency@@YA_KPEAPEAX_K1@Z
?GetCurrentThreadId@platform@details@Concurrency@@YAJXZ
?GetNextAsyncId@platform@details@Concurrency@@YAIXZ
?ReportUnhandledError@_ExceptionHolder@details@Concurrency@@AEAAXXZ
?_Addcats@_Locinfo@std@@QEAAAEAV12@HPEBD@Z
?_Addfac@_Locimp@locale@std@@AEAAXPEAVfacet@23@_K@Z
?_Addstd@ios_base@std@@SAXPEAV12@@Z
?_Assign@_ContextCallback@details@Concurrency@@AEAAXPEAX@Z
?_Atexit@@YAXP6AXXZ@Z
?_BADOFF@std@@3_JB
?_C_str@?$_Yarn@D@std@@QEBAPEBDXZ
?_C_str@?$_Yarn@G@std@@QEBAPEBGXZ
?_C_str@?$_Yarn@_W@std@@QEBAPEB_WXZ
?_CallInContext@_ContextCallback@details@Concurrency@@QEBAXV?$function@$$A6AXXZ@std@@_N@Z
?_Callfns@ios_base@std@@AEAAXW4event@12@@Z
?_Capture@_ContextCallback@details@Concurrency@@AEAAXXZ
?_Clocptr@_Locimp@locale@std@@0PEAV123@EA
?_Decref@facet@locale@std@@UEAAPEAV_Facet_base@3@XZ
?_Donarrow@?$ctype@G@std@@IEBADGD@Z
?_Donarrow@?$ctype@_W@std@@IEBAD_WD@Z
?_Dowiden@?$ctype@G@std@@IEBAGD@Z
?_Dowiden@?$ctype@_W@std@@IEBA_WD@Z
?_Empty@?$_Yarn@D@std@@QEBA_NXZ
?_Empty@?$_Yarn@G@std@@QEBA_NXZ
?_Empty@?$_Yarn@_W@std@@QEBA_NXZ
?_Execute_once@std@@YAHAEAUonce_flag@1@P6AHPEAX1PEAPEAX@Z1@Z
?_Ffmt@?$num_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@AEBAPEADPEADDH@Z
?_Ffmt@?$num_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@AEBAPEADPEADDH@Z
?_Ffmt@?$num_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@AEBAPEADPEADDH@Z
?_Findarr@ios_base@std@@AEAAAEAU_Iosarray@12@H@Z
?_Fiopen@std@@YAPEAU_iobuf@@PEBDHH@Z
?_Fiopen@std@@YAPEAU_iobuf@@PEBGHH@Z
?_Fiopen@std@@YAPEAU_iobuf@@PEB_WHH@Z
?_Fput@?$num_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@AEBA?AV?$ostreambuf_iterator@DU?$char_traits@D@std@@@2@V32@AEAVios_base@2@DPEBD_K@Z
?_Fput@?$num_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@AEBA?AV?$ostreambuf_iterator@GU?$char_traits@G@std@@@2@V32@AEAVios_base@2@GPEBD_K@Z
?_Fput@?$num_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@AEBA?AV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@2@V32@AEAVios_base@2@_WPEBD_K@Z
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?_Getcat@?$codecvt@GDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?_Getcat@?$codecvt@_SDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?_Getcat@?$codecvt@_UDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?_Getcat@?$codecvt@_WDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?_Getcat@?$ctype@D@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?_Getcat@?$ctype@G@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?_Getcat@?$ctype@_W@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?_Getcat@?$num_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?_Getcat@?$num_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?_Getcat@?$num_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?_Getcat@?$num_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?_Getcat@?$num_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?_Getcat@?$num_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?_Getcat@?$time_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?_Getcat@?$time_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?_Getcat@?$time_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?_Getcat@?$time_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?_Getcat@?$time_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?_Getcat@?$time_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?_Getcat@facet@locale@std@@SA_KPEAPEBV123@PEBV23@@Z
?_Getcoll@_Locinfo@std@@QEBA?AU_Collvec@@XZ
?_Getctype@_Locinfo@std@@QEBA?AU_Ctypevec@@XZ
?_Getcvt@_Locinfo@std@@QEBA?AU_Cvtvec@@XZ
?_Getdateorder@_Locinfo@std@@QEBAHXZ
?_Getdays@_Locinfo@std@@QEBAPEBDXZ
?_Getfalse@_Locinfo@std@@QEBAPEBDXZ
?_Getffld@?$num_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@AEBAHPEADAEAV?$istreambuf_iterator@DU?$char_traits@D@std@@@2@1AEAVios_base@2@PEAH@Z
?_Getffld@?$num_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@AEBAHPEADAEAV?$istreambuf_iterator@GU?$char_traits@G@std@@@2@1AEAVios_base@2@PEAH@Z
?_Getffld@?$num_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@AEBAHPEADAEAV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@2@1AEAVios_base@2@PEAH@Z
?_Getffldx@?$num_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@AEBAHPEADAEAV?$istreambuf_iterator@DU?$char_traits@D@std@@@2@1AEAVios_base@2@PEAH@Z
?_Getffldx@?$num_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@AEBAHPEADAEAV?$istreambuf_iterator@GU?$char_traits@G@std@@@2@1AEAVios_base@2@PEAH@Z
?_Getffldx@?$num_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@AEBAHPEADAEAV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@2@1AEAVios_base@2@PEAH@Z
?_Getfmt@?$time_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@IEBA?AV?$istreambuf_iterator@DU?$char_traits@D@std@@@2@V32@0AEAVios_base@2@AEAHPEAUtm@@PEBD@Z
?_Getfmt@?$time_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@IEBA?AV?$istreambuf_iterator@GU?$char_traits@G@std@@@2@V32@0AEAVios_base@2@AEAHPEAUtm@@PEBD@Z
?_Getfmt@?$time_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@IEBA?AV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@2@V32@0AEAVios_base@2@AEAHPEAUtm@@PEBD@Z
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
?_Getifld@?$num_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@AEBAHPEADAEAV?$istreambuf_iterator@DU?$char_traits@D@std@@@2@1HAEBVlocale@2@@Z
?_Getifld@?$num_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@AEBAHPEADAEAV?$istreambuf_iterator@GU?$char_traits@G@std@@@2@1HAEBVlocale@2@@Z
?_Getifld@?$num_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@AEBAHPEADAEAV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@2@1HAEBVlocale@2@@Z
?_Getint@?$time_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@AEBAHAEAV?$istreambuf_iterator@DU?$char_traits@D@std@@@2@0HHAEAHAEBV?$ctype@D@2@@Z
?_Getint@?$time_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@AEBAHAEAV?$istreambuf_iterator@GU?$char_traits@G@std@@@2@0HHAEAHAEBV?$ctype@G@2@@Z
?_Getint@?$time_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@AEBAHAEAV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@2@0HHAEAHAEBV?$ctype@_W@2@@Z
?_Getlconv@_Locinfo@std@@QEBAPEBUlconv@@XZ
?_Getmonths@_Locinfo@std@@QEBAPEBDXZ
?_Getname@_Locinfo@std@@QEBAPEBDXZ
?_Getptr@_Timevec@std@@QEBAPEAXXZ
?_Gettnames@_Locinfo@std@@QEBA?AV_Timevec@2@XZ
?_Gettrue@_Locinfo@std@@QEBAPEBDXZ
?_Gnavail@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBA_JXZ
?_Gnavail@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBA_JXZ
?_Gnavail@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEBA_JXZ
?_Gndec@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?_Gndec@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAPEAGXZ
?_Gndec@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAAPEA_WXZ
?_Gninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?_Gninc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAPEAGXZ
?_Gninc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAAPEA_WXZ
?_Gnpreinc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?_Gnpreinc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAPEAGXZ
?_Gnpreinc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAAPEA_WXZ
?_Id_cnt@id@locale@std@@0HA
?_Ifmt@?$num_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@AEBAPEADPEADPEBDH@Z
?_Ifmt@?$num_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@AEBAPEADPEADPEBDH@Z
?_Ifmt@?$num_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@AEBAPEADPEADPEBDH@Z
?_Incref@facet@locale@std@@UEAAXXZ
?_Index@ios_base@std@@0HA

Sections

.text
Size: 335KB - Virtual size: 334KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 182KB - Virtual size: 181KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1000B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
__MACOS__/__MACOS__/__MACOS__/__MACOS__/__MACOS__/setup.exe
.exe windows:5 windows x64 arch:x64

dcc1dc0e373158f59c7577ecb9021c13

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0f:af:69:d7:a3:81:e9:2b:82:9f:9d:6e:3d:ad:92:5b
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

02/08/2021, 00:00

Not After

01/08/2024, 23:59

Subject

CN=DingTalk Technology Co.\,Ltd.,O=DingTalk Technology Co.\,Ltd.,L=杭州市,ST=浙江省,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0f:af:69:d7:a3:81:e9:2b:82:9f:9d:6e:3d:ad:92:5b
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

02/08/2021, 00:00

Not After

01/08/2024, 23:59

Subject

CN=DingTalk Technology Co.\,Ltd.,O=DingTalk Technology Co.\,Ltd.,L=杭州市,ST=浙江省,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

4e:f5:7e:24:cd:a3:21:8f:3c:c0:90:bf:b9:9d:51:9a:b4:6a:2f:43:eb:96:02:a1:3c:39:d2:82:b2:f9:9e:e6
Signer

Actual PE Digest

4e:f5:7e:24:cd:a3:21:8f:3c:c0:90:bf:b9:9d:51:9a:b4:6a:2f:43:eb:96:02:a1:3c:39:d2:82:b2:f9:9e:e6

Digest Algorithm

sha256

PE Digest Matches

true

31:b3:72:b1:b7:00:ac:8c:ea:aa:99:b2:16:58:67:e2:d5:dd:f6:8e
Signer

Actual PE Digest

31:b3:72:b1:b7:00:ac:8c:ea:aa:99:b2:16:58:67:e2:d5:dd:f6:8e

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

D:\jenkins\workspace\ci.dingding.manual.new\DingTalk-Win\win\bin\release\DingTalkSnippingTool.exe.pdb

Imports

advapi32

RegCloseKey
RegCreateKeyExW
RegDeleteKeyW
RegDeleteValueW
RegEnumKeyExW
RegOpenKeyExW
RegQueryInfoKeyW
RegSetValueExW

comdlg32

GetSaveFileNameW
GetOpenFileNameW
ChooseColorW

gdi32

GetRgnBox
SetRectRgn
BitBlt
CreateCompatibleBitmap
CreateCompatibleDC
DeleteDC
SelectObject
SetBkColor
ExtTextOutW
EnumFontFamiliesExW
GetDeviceCaps
CreateDIBSection
GdiFlush
GetObjectA
CreateFontIndirectW
CreatePen
GetStockObject
Rectangle
RestoreDC
SaveDC
GetTextMetricsW
GetObjectW
SetWindowOrgEx
CreatePenIndirect
DeleteObject
CreateRoundRectRgn
CreateSolidBrush
GetCharABCWidthsW
GetClipBox
GetTextExtentPoint32W
LineTo
RoundRect
SelectClipRgn
ExtSelectClipRgn
SetBkMode
StretchBlt
SetStretchBltMode
SetTextColor
MoveToEx
TextOutW
CreatePatternBrush
AddFontResourceExW
CombineRgn
CreateRectRgn
CreateRectRgnIndirect

kernel32

GetCurrentProcess
GetCurrentThread
GetCurrentThreadId
SuspendThread
GetThreadContext
SetThreadContext
FlushInstructionCache
VirtualAlloc
VirtualProtect
VirtualFree
VirtualQuery
GetFileSize
SetFilePointer
WriteFile
FreeLibrary
GetModuleHandleW
ResumeThread
LoadLibraryExA
LoadLibraryExW
SetUnhandledExceptionFilter
SetErrorMode
HeapDestroy
HeapAlloc
HeapReAlloc
HeapFree
HeapSize
GetProcessHeap
FindResourceExW
LoadResource
LockResource
SizeofResource
FindResourceW
MultiByteToWideChar
WideCharToMultiByte
SetEnvironmentVariableA
CreateFileW
FlushFileBuffers
SetEndOfFile
GetCurrentProcessId
DecodePointer
RaiseException
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
GetModuleFileNameW
lstrcmpiW
GetCurrentDirectoryW
GetTickCount
DeleteFileW
GetTempFileNameW
GetTempPathW
InitializeCriticalSection
SetEvent
CreateEventW
WaitForMultipleObjects
CreateThread
ReadFile
GlobalAlloc
GlobalUnlock
GlobalLock
GlobalFree
GlobalSize
Sleep
GetLocalTime
GetVersionExW
MulDiv
GetFileAttributesW
GetACP
LoadLibraryW
FreeResource
CreateDirectoryW
GetFileType
SetFileTime
DuplicateHandle
DosDateTimeToFileTime
SystemTimeToFileTime
GetSystemInfo
TerminateProcess
WaitForSingleObject
LocalFree
GetSystemTimeAsFileTime
QueryPerformanceCounter
GetStartupInfoW
IsProcessorFeaturePresent
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
WaitForSingleObjectEx
ResetEvent
InitOnceComplete
InitOnceBeginInitialize
InterlockedPushEntrySList
InterlockedPopEntrySList
SetLastError
GetLastError
CloseHandle
GetEnvironmentVariableW
GetProcAddress
IsDebuggerPresent
EncodePointer
InitializeSListHead
OutputDebugStringW

ole32

CoUninitialize
CoCreateInstance
CoTaskMemAlloc
CoCreateGuid
StringFromGUID2
OleGetClipboard
CreateStreamOnHGlobal
OleRun
RevokeDragDrop
RegisterDragDrop
CoLockObjectExternal
CoInitialize
CoTaskMemFree
CoTaskMemRealloc

oleaut32

VarUI4FromStr
SysAllocStringLen
SysFreeString
SysAllocString
VariantInit
VariantClear
VariantChangeType

shlwapi

PathFileExistsW
StrCmpNW

user32

GetForegroundWindow
MapWindowPoints
GetParent
MonitorFromWindow
BringWindowToTop
IsZoomed
SetActiveWindow
SetWindowRgn
RedrawWindow
SetPropA
SetWindowTextW
SetWindowLongW
GetWindow
SetWindowsHookExA
CallNextHookEx
LoadIconW
SetWindowsHookExW
UnhookWindowsHookEx
MonitorFromRect
wvsprintfW
GetFocus
GetUpdateRect
NotifyWinEvent
CharPrevW
DrawTextW
FillRect
RegisterClassW
GetMenu
SetPropW
GetPropW
AdjustWindowRectEx
GetWindowTextW
GetWindowTextLengthW
GetCaretBlinkTime
GetCaretPos
GetSysColor
PostMessageW
UnregisterClassW
RegisterClassExW
GetClassInfoExW
CreateWindowExW
SetWindowLongPtrW
EqualRect
CallWindowProcW
SetFocus
GetAsyncKeyState
EnableWindow
GetSystemMetrics
UpdateWindow
GetWindowDC
ReleaseDC
BeginPaint
EndPaint
InvalidateRect
AttachThreadInput
GetDesktopWindow
InflateRect
UnionRect
SetTimer
KillTimer
DestroyCursor
OpenClipboard
CloseClipboard
SetClipboardData
GetClipboardData
EmptyClipboard
IsClipboardFormatAvailable
CreateCaret
DestroyCaret
HideCaret
ShowCaret
SetCaretPos
GetDC
RegisterClipboardFormatW
GetClipboardFormatNameW
SetCapture
ReleaseCapture
RegisterWindowMessageW
IsWindow
SetWindowPos
GetActiveWindow
EnumWindows
EnumChildWindows
PtInRect
IsRectEmpty
OffsetRect
IntersectRect
CopyRect
SetRectEmpty
ScreenToClient
GetWindowRect
IsWindowEnabled
GetKeyState
IsWindowVisible
GetClientRect
LoadCursorW
SetRect
ClipCursor
ClientToScreen
GetCursorPos
SetCursor
MessageBoxW
CharNextW
DestroyWindow
DefWindowProcW
GetGuiResources
GetWindowThreadProcessId
GetClassNameA
GetWindowLongW
IsIconic
ShowWindow
SendMessageW
SetForegroundWindow
LoadImageW
SystemParametersInfoW
GetMonitorInfoW
MonitorFromPoint
GetWindowLongPtrW
MoveWindow
EnumDisplayMonitors

winmm

timeKillEvent

base

??0WeakPtrBase@internal@base@@QEAA@AEBV012@@Z
??0WeakPtrBase@internal@base@@IEAA@AEBVWeakReference@12@@Z
??1WeakPtrBase@internal@base@@QEAA@XZ
?GetRef@WeakReferenceOwner@internal@base@@QEBA?AVWeakReference@23@XZ
?NeedsLazyInstance@internal@base@@YA_NPEA_J@Z
?ReadUnicodeCharacter@base@@YA_NPEB_WHPEAHPEAI@Z
??1WeakReferenceOwner@internal@base@@QEAA@XZ
?ReadUnicodeCharacter@base@@YA_NPEBDHPEAHPEAI@Z
?LowerCaseEqualsASCII@base@@YA_NV?$BasicStringPiece@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@1@0@Z
??8base@@YA_NAEBV?$BasicStringPiece@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@0@0@Z
?Swap@DictionaryValue@base@@UEAAXPEAV12@@Z
?HexStringToUInt@base@@YA_NAEBV?$BasicStringPiece@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@1@PEAI@Z
?RemoveWithoutPathExpansion@DictionaryValue@base@@UEAA_NAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@PEAV?$scoped_ptr@VValue@base@@U?$default_delete@VValue@base@@@std@@@@@Z
?RemovePath@DictionaryValue@base@@UEAA_NAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@PEAV?$scoped_ptr@VValue@base@@U?$default_delete@VValue@base@@@std@@@@@Z
?Remove@DictionaryValue@base@@UEAA_NAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@PEAV?$scoped_ptr@VValue@base@@U?$default_delete@VValue@base@@@std@@@@@Z
?GetAsString@Value@base@@UEBA_NPEAV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z
?GetAsString@Value@base@@UEBA_NPEAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?GetAsString@Value@base@@UEBA_NPEAPEBVStringValue@2@@Z
?GetAsList@Value@base@@UEBA_NPEAPEBVListValue@2@@Z
?GetAsList@Value@base@@UEAA_NPEAPEAVListValue@2@@Z
?GetAsInteger@Value@base@@UEBA_NPEAH@Z
?GetAsDouble@Value@base@@UEBA_NPEAN@Z
?GetAsDictionary@DictionaryValue@base@@UEBA_NPEAPEBV12@@Z
?GetAsDictionary@DictionaryValue@base@@UEAA_NPEAPEAV12@@Z
?GetAsBoolean@Value@base@@UEBA_NPEA_N@Z
?GetAsBinary@Value@base@@UEBA_NPEAPEBVBinaryValue@2@@Z
?Equals@DictionaryValue@base@@UEBA_NPEBVValue@2@@Z
?DeepCopy@DictionaryValue@base@@UEBAPEAV12@XZ
?Int64ToString@base@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@_J@Z
?SetString@DictionaryValue@base@@QEAAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@0@Z
?Set@DictionaryValue@base@@QEAAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@PEAVValue@2@@Z
??1DictionaryValue@base@@UEAA@XZ
??0DictionaryValue@base@@QEAA@XZ
?SplitString@base@@YA?AV?$vector@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V?$allocator@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@@std@@V?$BasicStringPiece@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@1@0W4WhitespaceHandling@1@W4SplitResult@1@@Z
??0WeakReferenceOwner@internal@base@@QEAA@XZ
?is_valid@WeakReference@internal@base@@QEBA_NXZ
??1WeakReference@internal@base@@QEAA@XZ
?StringToInt@base@@YA_NAEBV?$BasicStringPiece@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@1@PEAH@Z
?IntToString16@base@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@H@Z
?WideToUTF8@base@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@3@@Z
?RegisterCallback@AtExitManager@base@@SAXP6AXPEAX@Z0@Z
??6std@@YAAEAV?$basic_ostream@DU?$char_traits@D@std@@@0@AEAV10@PEB_W@Z
?StringToUint64@base@@YA_NAEBV?$BasicStringPiece@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@1@PEA_K@Z
?IntToString@base@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@H@Z
?Base64Decode@base@@YA_NAEBV?$BasicStringPiece@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@1@PEAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?GetSwitchValuePath@CommandLine@base@@QEBA?AVFilePath@2@AEBV?$BasicStringPiece@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@@Z
?GetSwitchValueASCII@CommandLine@base@@QEBA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AEBV?$BasicStringPiece@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@@Z
?HasSwitch@CommandLine@base@@QEBA_NQEBD@Z
?ForCurrentProcess@CommandLine@base@@SAPEAV12@XZ
?Init@CommandLine@base@@SA_NHPEBQEBD@Z
?StringToInt64@base@@YA_NAEBV?$BasicStringPiece@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@1@PEA_J@Z
?StringToInt@base@@YA_NAEBV?$BasicStringPiece@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@1@PEAH@Z
??1AtExitManager@base@@QEAA@XZ
??0AtExitManager@base@@QEAA@XZ
?GetInstance@OSInfo@win@base@@SAPEAV123@XZ
?Get@ThreadTaskRunnerHandle@base@@SA?AV?$scoped_refptr@VSingleThreadTaskRunner@base@@@@XZ
?AsUTF8Unsafe@FilePath@base@@QEBA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ
??4FilePath@base@@QEAAAEAV01@AEBV01@@Z
??0FilePath@base@@QEAA@AEBV01@@Z
??0FilePath@base@@QEAA@XZ
?IsType@MessageLoop@base@@UEBA_NW4Type@12@@Z
?DoWork@MessageLoop@base@@EEAA_NXZ
?DoIdleWork@MessageLoop@base@@EEAA_NXZ
?DoDelayedWork@MessageLoop@base@@EEAA_NPEAVTimeTicks@2@@Z
?Run@RunLoop@base@@QEAAXXZ
??1RunLoop@base@@QEAA@XZ
??0RunLoop@base@@QEAA@XZ
?UTF8ToWide@base@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@V?$BasicStringPiece@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@1@@Z
?WaitForInstance@internal@base@@YA_JPEA_J@Z
?GetFileSize@base@@YA_NAEBVFilePath@1@PEA_J@Z
?ReadFileToString@base@@YA_NAEBVFilePath@1@PEAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?FromUTF16Unsafe@FilePath@base@@SA?AV12@AEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z
?FromUTF8Unsafe@FilePath@base@@SA?AV12@AEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
??1FilePath@base@@QEAA@XZ
?task_runner@Thread@base@@QEBA?AV?$scoped_refptr@VSingleThreadTaskRunner@base@@@@XZ
?StartWithOptions@Thread@base@@QEAA_NAEBUOptions@12@@Z
??1Thread@base@@UEAA@XZ
??0Thread@base@@QEAA@AEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
??1Options@Thread@base@@QEAA@XZ
??0Options@Thread@base@@QEAA@XZ
?QuitWhenIdleClosure@MessageLoop@base@@SA?AV?$Callback@$$A6AXXZ@2@XZ
?PostDelayedTask@MessageLoop@base@@QEAAXAEBVLocation@tracked_objects@@AEBV?$Callback@$$A6AXXZ@2@VTimeDelta@2@@Z
??1MessageLoop@base@@UEAA@XZ
??0MessageLoop@base@@QEAA@W4Type@01@@Z
?StopTracking@VerifierTraits@win@base@@SAXPEAXPEBX11@Z
?StartTracking@VerifierTraits@win@base@@SAXPEAXPEBX11@Z
?CloseHandle@HandleTraits@win@base@@SA_NPEAX@Z
?Destruct@TaskRunnerTraits@base@@SAXPEBVTaskRunner@2@@Z
?PostTask@TaskRunner@base@@QEAA_NAEBVLocation@tracked_objects@@AEBV?$Callback@$$A6AXXZ@2@@Z
?FromSeconds@TimeDelta@base@@SA?AV12@_J@Z
?SetLogMessageHandler@logging@@YAXP6A_NHPEBDH_KAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z@Z
?SetLogItems@logging@@YAX_N000@Z
?SetMinLogLevel@logging@@YAXH@Z
?BaseInitLoggingImpl_built_with_NDEBUG@logging@@YA_NAEBULoggingSettings@1@@Z
??0LoggingSettings@logging@@QEAA@XZ
??1CallbackBase@internal@base@@IEAA@XZ
??0CallbackBase@internal@base@@IEAA@PEAVBindStateBase@12@@Z
??0CallbackBase@internal@base@@QEAA@AEBV012@@Z
?Release@RefCountedThreadSafeBase@subtle@base@@IEBA_NXZ
?GetProgramCounter@tracked_objects@@YAPEBXXZ
??0Location@tracked_objects@@QEAA@PEBD0HPEBX@Z
?SysWideToUTF8@base@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@3@@Z
??1LogMessage@logging@@QEAA@XZ
??0LogMessage@logging@@QEAA@PEBDHH@Z
?ShouldCreateLogMessage@logging@@YA_NH@Z
?CompleteLazyInstance@internal@base@@YAXPEA_J_JPEAXP6AX2@Z@Z
?SetValueInSlot@ThreadLocalPlatform@internal@base@@SAXKPEAX@Z
?GetValueFromSlot@ThreadLocalPlatform@internal@base@@SAPEAXK@Z
?AllocateSlot@ThreadLocalPlatform@internal@base@@SAXPEAK@Z

ipc_core

DestroyServiceInvoker
InitIPCCoreRuntime
CreateServiceInvoker

filter_installer_biz

?GetExceptionFilterInstallerService@fi@@YAPEAVIExceptionFilterInstaller@1@XZ

zlibwapi

ord26

comctl32

_TrackMouseEvent
ord17
InitCommonControlsEx

gdiplus

GdipLoadImageFromStream
GdipGetFamily
GdipDrawImage
GdipSetCompositingQuality
GdipCreateLineBrushI
GdipSetStringFormatTrimming
GdipPrivateAddFontFile
GdipGetFontCollectionFamilyList
GdipDeletePrivateFontCollection
GdipNewPrivateFontCollection
GdipCloneFontFamily
GdipFillPath
GdipDrawArc
GdipDrawLine
GdipSetPenLineJoin
GdipAddPathEllipseI
GdipAddPathArcI
GdipClosePathFigure
GdipSetPathFillMode
GdipSetStringFormatLineAlign
GdipSetStringFormatAlign
GdipCreateFontFromLogfontA
GdipCreateFontFromDC
GdipDrawRectangle
GdipStringFormatGetGenericDefault
GdipCreateBitmapFromStream
GdipRotateMatrix
GdipScaleMatrix
GdipGetTextRenderingHint
GdipSetTextRenderingHint
GdipDeleteRegion
GdipCreateRegion
GdipGetMatrixElements
GdipSetMatrixElements
GdipFillEllipseI
GdipSetPenDashArray
GdipSetPenDashOffset
GdipSetPenDashStyle
GdipCreateMetafileFromFile
GdipSetImageAttributesRemapTable
GdipDisposeImageAttributes
GdipCreateImageAttributes
GdipGetStringFormatFlags
GdipSetStringFormatFlags
GdipCloneStringFormat
GdipCloneFont
GdipGetPixelOffsetMode
GdipSetPixelOffsetMode
GdipCloneBitmapArea
GdipTransformMatrixPoints
GdipMultiplyMatrix
GdipCloneMatrix
GdipDrawPath
GdipCreateAdjustableArrowCap
GdipDeleteCustomLineCap
GdipSetPenCustomEndCap
GdipGetPenFillType
GdipGetPenColor
GdipGetPenWidth
GdipAddPathRectangleI
GdipSetClipPath
GdipGetSmoothingMode
GdipSetSmoothingMode
GdipWidenPath
GdipAddPathLineI
GdipAddPathEllipse
GdipGetPropertyItemSize
GdipDeletePath
GdipCreatePath
GdipFillEllipse
GdipDrawEllipseI
GdipSetPenEndCap
GdipSetPenStartCap
GdipCreateTexture
GdipGetAllPropertyItems
GdipGetPropertySize
GdipImageSelectActiveFrame
GdipImageGetFrameCount
GdipImageGetFrameDimensionsList
GdipStringFormatGetGenericTypographic
GdipDrawCachedBitmap
GdipDeleteCachedBitmap
GdipCreateCachedBitmap
GdipSetWorldTransform
GdipTranslateMatrix
GdipCreateFromHDC
GdipCreateBitmapFromHBITMAP
GdipDeleteMatrix
GdipCreateMatrix
GdipDrawImageRectRectI
GdipSetInterpolationMode
GdipDrawLineI
GdipBitmapGetPixel
GdipCloneBitmapAreaI
GdipEndContainer
GdipBeginContainer2
GdipSetClipRectI
GdipDeleteStringFormat
GdipCreateStringFormat
GdipMeasureString
GdipDrawString
GdipDeleteFont
GdipCreateFont
GdipGetGenericFontFamilySansSerif
GdipDeleteFontFamily
GdipCreateFontFamilyFromName
GdipFillRectangle
GdipFillRectangleI
GdipCreateSolidFill
GdipDeleteBrush
GdipCloneBrush
GdipGetImageEncoders
GdipGetImageEncodersSize
GdipDrawImageI
GdipSaveImageToFile
GdipDrawRectangleI
GdipCreateBitmapFromFile
GdipDeletePen
GdipCreatePen1
GdipGraphicsClear
GdipDrawImageRectI
GdipDeleteGraphics
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromScan0
GdipGetImagePixelFormat
GdipGetImageGraphicsContext
GdipDisposeImage
GdipCloneImage
GdipFree
GdipAlloc
GdipDrawImagePointRectI
GdipGetImageHeight
GdipGetImageWidth
GdiplusShutdown
GdiplusStartup
GdipGetPropertyItem
GdipStartPathFigure
GdipImageGetFrameDimensionsCount

msvcp140

?uncaught_exception@std@@YA_NXZ
?_Xlength_error@std@@YAXPEBD@Z
??0?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAA@XZ
??1?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
?sputc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAAG_W@Z
?sputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAA_JPEB_W_J@Z
?_Pninc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAAPEA_WXZ
??1?$basic_ios@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
?setstate@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEAAXH_N@Z
??0?$basic_ios@_WU?$char_traits@_W@std@@@std@@IEAA@XZ
??0?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAA@PEAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@_N@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@_K@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@J@Z
?_Xout_of_range@std@@YAXPEBD@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@K@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@M@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@H@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@_N@Z
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
?_Xbad_function_call@std@@YAXXZ
?_Throw_C_error@std@@YAXH@Z
_Cnd_signal
_Cnd_wait
_Cnd_destroy_in_situ
_Cnd_init_in_situ
_Mtx_unlock
_Mtx_lock
_Mtx_destroy_in_situ
_Mtx_init_in_situ
_Xtime_get_ticks
?xsputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAA_JPEB_W_J@Z
?xsgetn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAA_JPEA_W_J@Z
?uflow@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAGXZ
?sync@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAHXZ
?showmanyc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAA_JXZ
?setbuf@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAPEAV12@PEA_W_J@Z
?imbue@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAXAEBVlocale@2@@Z
?_Unlock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UEAAXXZ
?_Lock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UEAAXXZ
?flush@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV12@XZ
?_Osfx@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAXXZ
??1?$basic_ostream@_WU?$char_traits@_W@std@@@std@@UEAA@XZ

oleacc

AccessibleObjectFromWindow
LresultFromObject

imm32

ImmSetCompositionWindow
ImmSetCandidateWindow
ImmGetContext
ImmReleaseContext
ImmSetCompositionFontW

vcruntime140

_purecall
__current_exception_context
memset
__C_specific_handler
memcpy
__std_terminate
__current_exception
memmove
__std_exception_copy
__std_exception_destroy
_CxxThrowException
__std_type_info_compare
memcmp
wcsstr
__RTDynamicCast
wcschr
wcsrchr
__std_type_info_name

vcruntime140_1

__CxxFrameHandler4

api-ms-win-crt-stdio-l1-1-0

_set_fmode
__stdio_common_vswprintf_s
__stdio_common_vswscanf
__p__commode
__stdio_common_vswprintf
__stdio_common_vsprintf_s

api-ms-win-crt-runtime-l1-1-0

_initialize_wide_environment
_configure_wide_argv
_initterm
_set_app_type
_seh_filter_exe
_cexit
_crt_atexit
_register_onexit_function
_initterm_e
terminate
_invalid_parameter_noinfo
_get_wide_winmain_command_line
exit
_exit
_invalid_parameter_noinfo_noreturn
_c_exit
_set_abort_behavior
_register_thread_local_exe_atexit_callback
abort
_errno
_initialize_onexit_table

api-ms-win-crt-environment-l1-1-0

_wputenv_s

api-ms-win-crt-string-l1-1-0

wcsncpy
_wcslwr
wcsncmp
isdigit
_wcslwr_s
wcsncpy_s
iscntrl
iswalnum
strcmp
wcsnlen
_wcsicmp
strncmp
wmemcpy_s

api-ms-win-crt-heap-l1-1-0

calloc
free
malloc
realloc
_callnewh
_set_new_mode
_recalloc

api-ms-win-crt-convert-l1-1-0

_strtoui64
_itoa_s
atoi
wcstoul
wcstol
_itow
_wtoi
_wtof
strtoul
wcstod

api-ms-win-crt-math-l1-1-0

exp
ceilf
floorf
log
roundf
atan2
atan
sqrt
sin
cos
__setusermatherr

api-ms-win-crt-utility-l1-1-0

qsort_s
rand
srand

api-ms-win-crt-time-l1-1-0

_time64
_gmtime64

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Exports

Exports

??4MultiMonitor@@QEAAAEAV0@$$QEAV0@@Z
??4MultiMonitor@@QEAAAEAV0@AEBV0@@Z
?BeSureInit@MultiMonitor@@CAXXZ
?CenterWindowInCurrentMonitor@MultiMonitor@@SAHPEAUHWND__@@0@Z
?ClipOrCenterRectToMonitor@MultiMonitor@@SAXPEAUtagRECT@@I@Z
?GetFullScreenRect@MultiMonitor@@SAXPEAUHMONITOR__@@AEAUtagRECT@@K@Z
?GetFullScreenRectInCurrentMonitor@MultiMonitor@@SAXPEAUHWND__@@AEAUtagRECT@@K@Z
?GetFullScreenRectInCurrentMonitor@MultiMonitor@@SAXUtagPOINT@@AEAUtagRECT@@K@Z
?GetPrimaryScreen@MultiMonitor@@SAHXZ
?GetScreenCnt@MultiMonitor@@SAHXZ
?GetScreenHMonitor@MultiMonitor@@SAPEAUHMONITOR__@@_K@Z
?GetScreenNumFromHMonitor@MultiMonitor@@SAHPEAUHMONITOR__@@@Z
?GetScreenNumFromHwnd@MultiMonitor@@SAHPEAUHWND__@@@Z
?GetScreenNumFromRect@MultiMonitor@@SAHUtagRECT@@@Z
?GetScreenRect@MultiMonitor@@SAX_KAEAUtagRECT@@@Z
?GetScreenWorkArea@MultiMonitor@@SAX_KAEAUtagRECT@@@Z
?GetVirtualScreenRect@MultiMonitor@@SAXAEAUtagRECT@@@Z
?GetWindowRectInMonitorCoordinate@MultiMonitor@@SAXPEAUHWND__@@AEAUtagRECT@@@Z
?Init@MultiMonitor@@SAXXZ
?MoveIntoNearestScreen@MultiMonitor@@SAXAEAUtagRECT@@@Z
?MoveIntoRect@MultiMonitor@@CAXAEAUtagRECT@@AEBU2@@Z
?MoveIntoSpecScreen@MultiMonitor@@SAXHAEAUtagRECT@@@Z
?MoveIntoVirtualScreen@MultiMonitor@@SAXAEAUtagRECT@@@Z
?MyMonitorEnumProc@MultiMonitor@@SAHPEAUHMONITOR__@@PEAUHDC__@@PEAUtagRECT@@_J@Z
?Reset@MultiMonitor@@SAXXZ
?TransferPrimaryRectToSpecMonitorRect@MultiMonitor@@SAXAEAUtagRECT@@PEAUHMONITOR__@@@Z
?inited@MultiMonitor@@0_NA
?primaryScreen@MultiMonitor@@0HA
?screenCnt@MultiMonitor@@0HA
DeleteGifEncoder
NewGifEncoder

Sections

.text
Size: 922KB - Virtual size: 922KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 256KB - Virtual size: 256KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 25KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 42KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.detourc
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.detourd
Size: 512B - Virtual size: 72B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 307KB - Virtual size: 306KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
__MACOS__/__MACOS__/__MACOS__/__MACOS__/__MACOS__/vcruntime140.dll
.dll windows:6 windows x64 arch:x64

44c3854843f7a3fccdf8ddbbea66f302

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0f:af:69:d7:a3:81:e9:2b:82:9f:9d:6e:3d:ad:92:5b
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

02/08/2021, 00:00

Not After

01/08/2024, 23:59

Subject

CN=DingTalk Technology Co.\,Ltd.,O=DingTalk Technology Co.\,Ltd.,L=杭州市,ST=浙江省,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0f:af:69:d7:a3:81:e9:2b:82:9f:9d:6e:3d:ad:92:5b
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

02/08/2021, 00:00

Not After

01/08/2024, 23:59

Subject

CN=DingTalk Technology Co.\,Ltd.,O=DingTalk Technology Co.\,Ltd.,L=杭州市,ST=浙江省,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

98:09:a8:dc:f7:00:df:75:b8:22:1d:1b:72:13:c7:66:4d:39:3e:2f:22:5c:f6:71:64:6a:1d:be:96:bf:00:56
Signer

Actual PE Digest

98:09:a8:dc:f7:00:df:75:b8:22:1d:1b:72:13:c7:66:4d:39:3e:2f:22:5c:f6:71:64:6a:1d:be:96:bf:00:56

Digest Algorithm

sha256

PE Digest Matches

true

fa:7d:2f:2f:f5:00:ea:f4:9b:4a:87:67:3b:ce:e5:62:83:0f:f4:c5
Signer

Actual PE Digest

fa:7d:2f:2f:f5:00:ea:f4:9b:4a:87:67:3b:ce:e5:62:83:0f:f4:c5

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

d:\a01\_work\12\s\\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdb

Imports

api-ms-win-crt-runtime-l1-1-0

terminate
abort

api-ms-win-crt-heap-l1-1-0

calloc
malloc
free

api-ms-win-crt-string-l1-1-0

strcpy_s
strncmp
wcsncmp

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vsprintf_s

api-ms-win-crt-convert-l1-1-0

atol

kernel32

SetLastError
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlCaptureContext
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
RtlLookupFunctionEntry
RtlUnwindEx
GetModuleHandleW
RtlUnwind
EncodePointer
RaiseException
RtlPcToFileHeader
InterlockedPushEntrySList
InterlockedFlushSList
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
GetLastError
LoadLibraryExW
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetProcAddress
GetModuleFileNameW

Exports

Exports

_CreateFrameInfo
_CxxThrowException
_FindAndUnlinkFrame
_IsExceptionObjectToBeDestroyed
_SetWinRTOutOfMemoryExceptionCallback
__AdjustPointer
__BuildCatchObject
__BuildCatchObjectHelper
__C_specific_handler
__C_specific_handler_noexcept
__CxxDetectRethrow
__CxxExceptionFilter
__CxxFrameHandler
__CxxFrameHandler2
__CxxFrameHandler3
__CxxQueryExceptionSize
__CxxRegisterExceptionObject
__CxxUnregisterExceptionObject
__DestructExceptionObject
__FrameUnwindFilter
__GetPlatformExceptionInfo
__NLG_Dispatch2
__NLG_Return2
__RTCastToVoid
__RTDynamicCast
__RTtypeid
__TypeMatch
__current_exception
__current_exception_context
__intrinsic_setjmp
__intrinsic_setjmpex
__processing_throw
__report_gsfailure
__std_exception_copy
__std_exception_destroy
__std_terminate
__std_type_info_compare
__std_type_info_destroy_list
__std_type_info_hash
__std_type_info_name
__telemetry_main_invoke_trigger
__telemetry_main_return_trigger
__unDName
__unDNameEx
__uncaught_exception
__uncaught_exceptions
__vcrt_GetModuleFileNameW
__vcrt_GetModuleHandleW
__vcrt_InitializeCriticalSectionEx
__vcrt_LoadLibraryExW
_get_purecall_handler
_get_unexpected
_is_exception_typeof
_local_unwind
_purecall
_set_purecall_handler
_set_se_translator
longjmp
memchr
memcmp
memcpy
memmove
memset
set_unexpected
strchr
strrchr
strstr
unexpected
wcschr
wcsrchr
wcsstr

Sections

.text
Size: 62KB - Virtual size: 62KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 244B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1016B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 416B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
__MACOS__/__MACOS__/__MACOS__/__MACOS__/__MACOS__/vcruntime140_1.dll
.dll windows:6 windows x64 arch:x64

ae0bde6314fa2027b54ce04898f6ab69

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0f:af:69:d7:a3:81:e9:2b:82:9f:9d:6e:3d:ad:92:5b
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

02/08/2021, 00:00

Not After

01/08/2024, 23:59

Subject

CN=DingTalk Technology Co.\,Ltd.,O=DingTalk Technology Co.\,Ltd.,L=杭州市,ST=浙江省,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0f:af:69:d7:a3:81:e9:2b:82:9f:9d:6e:3d:ad:92:5b
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

02/08/2021, 00:00

Not After

01/08/2024, 23:59

Subject

CN=DingTalk Technology Co.\,Ltd.,O=DingTalk Technology Co.\,Ltd.,L=杭州市,ST=浙江省,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

28:44:26:42:67:e0:b4:89:6c:d5:54:8b:d2:f4:58:54:d9:4e:e1:23:26:47:6c:be:70:a3:51:36:12:22:0b:9c
Signer

Actual PE Digest

28:44:26:42:67:e0:b4:89:6c:d5:54:8b:d2:f4:58:54:d9:4e:e1:23:26:47:6c:be:70:a3:51:36:12:22:0b:9c

Digest Algorithm

sha256

PE Digest Matches

true

ad:5a:b2:e6:95:bf:56:ad:39:fa:32:2f:bb:b2:96:2c:ab:28:ac:bc
Signer

Actual PE Digest

ad:5a:b2:e6:95:bf:56:ad:39:fa:32:2f:bb:b2:96:2c:ab:28:ac:bc

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

d:\a01\_work\12\s\\binaries\amd64ret\bin\amd64\\vcruntime140_1.amd64.pdb

Imports

api-ms-win-crt-runtime-l1-1-0

terminate
abort

api-ms-win-crt-heap-l1-1-0

malloc
calloc
free

api-ms-win-crt-string-l1-1-0

strcpy_s
wcsncmp

vcruntime140

__processing_throw
__C_specific_handler
memmove
__current_exception

kernel32

IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlCaptureContext
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
RtlUnwindEx
RtlLookupFunctionEntry
LoadLibraryExW
GetProcAddress
FreeLibrary
TlsFree
TlsSetValue
TlsGetValue
EncodePointer
RaiseException
RtlPcToFileHeader
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
GetLastError
SetLastError
TlsAlloc

Exports

Exports

__CxxFrameHandler4
__NLG_Dispatch2
__NLG_Return2

Sections

.text
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1024B - Virtual size: 1020B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 316B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
__MACOS__/__MACOS__/__MACOS__/__MACOS__/__MACOS__/zlibwapi.dll
.dll windows:6 windows x64 arch:x64

bf0a9643f8774e3899de976872c36662

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

AcquireSRWLockExclusive
CloseHandle
CreateFileW
CreateThread
DecodePointer
DeleteCriticalSection
DeleteFileA
EncodePointer
EnterCriticalSection
EnumSystemLocalesW
ExitProcess
ExitThread
FindClose
FindFirstFileExW
FindNextFileW
FlsAlloc
FlsFree
FlsGetValue
FlsSetValue
FlushFileBuffers
FreeEnvironmentStringsW
FreeLibrary
FreeLibraryAndExitThread
GetACP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetConsoleMode
GetConsoleOutputCP
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetEnvironmentStringsW
GetEnvironmentVariableA
GetFileAttributesA
GetFileSizeEx
GetFileType
GetLastError
GetLocaleInfoW
GetModuleFileNameA
GetModuleFileNameW
GetModuleHandleA
GetModuleHandleExW
GetModuleHandleW
GetOEMCP
GetProcAddress
GetProcessHeap
GetStartupInfoW
GetStdHandle
GetStringTypeW
GetSystemTimeAsFileTime
GetUserDefaultLCID
GlobalMemoryStatusEx
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
InitializeCriticalSectionAndSpinCount
InitializeCriticalSectionEx
InitializeSListHead
InterlockedFlushSList
IsDebuggerPresent
IsProcessorFeaturePresent
IsValidCodePage
IsValidLocale
K32GetModuleInformation
LCMapStringEx
LCMapStringW
LeaveCriticalSection
LoadLibraryExW
MultiByteToWideChar
QueryPerformanceCounter
RaiseException
ReadConsoleW
ReadFile
ReleaseSRWLockExclusive
RtlCaptureContext
RtlLookupFunctionEntry
RtlPcToFileHeader
RtlUnwind
RtlUnwindEx
RtlVirtualUnwind
SetEndOfFile
SetFilePointerEx
SetLastError
SetStdHandle
SetUnhandledExceptionFilter
SleepConditionVariableSRW
TerminateProcess
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
UnhandledExceptionFilter
VirtualAlloc
VirtualProtectEx
WakeAllConditionVariable
WideCharToMultiByte
WriteConsoleW
WriteFile
WriteProcessMemory

shell32

ShellExecuteA

Exports

Exports

adler32
adler32_combine
adler32_z
compress
compress2
compressBound
crc32
crc32_combine
crc32_z
deflate
deflateBound
deflateCopy
deflateEnd
deflateGetDictionary
deflateInit2_
deflateInit_
deflateParams
deflatePending
deflatePrime
deflateReset
deflateResetKeep
deflateSetDictionary
deflateSetHeader
deflateTune
fill_win32_filefunc
fill_win32_filefunc64
fill_win32_filefunc64A
fill_win32_filefunc64W
get_crc_table
gzbuffer
gzclearerr
gzclose
gzclose_r
gzclose_w
gzdirect
gzdopen
gzeof
gzerror
gzflush
gzfread
gzfwrite
gzgetc
gzgetc_
gzgets
gzoffset
gzopen
gzopen_w
gzprintf
gzputc
gzputs
gzread
gzrewind
gzseek
gzsetparams
gztell
gzungetc
gzvprintf
gzwrite
inflate
inflateBack
inflateBackEnd
inflateBackInit_
inflateCodesUsed
inflateCopy
inflateEnd
inflateGetDictionary
inflateGetHeader
inflateInit2_
inflateInit_
inflateMark
inflatePrime
inflateReset
inflateReset2
inflateResetKeep
inflateSetDictionary
inflateSync
inflateSyncPoint
inflateUndermine
inflateValidate
uncompress
uncompress2
unzClose
unzCloseCurrentFile
unzGetCurrentFileInfo
unzGetCurrentFileInfo64
unzGetCurrentFileZStreamPos64
unzGetFilePos
unzGetFilePos64
unzGetGlobalComment
unzGetGlobalInfo
unzGetGlobalInfo64
unzGetLocalExtrafield
unzGoToFilePos
unzGoToFilePos64
unzGoToFirstFile
unzGoToNextFile
unzLocateFile
unzOpen
unzOpen2
unzOpen2_64
unzOpen64
unzOpenCurrentFile
unzOpenCurrentFile2
unzOpenCurrentFile3
unzOpenCurrentFilePassword
unzReadCurrentFile
unzStringFileNameCompare
unzeof
unztell
unztell64
zError
zipClose
zipCloseFileInZip
zipCloseFileInZipRaw
zipCloseFileInZipRaw64
zipOpen
zipOpen2
zipOpen2_64
zipOpen64
zipOpenNewFileInZip
zipOpenNewFileInZip2
zipOpenNewFileInZip2_64
zipOpenNewFileInZip3
zipOpenNewFileInZip3_64
zipOpenNewFileInZip4_64
zipOpenNewFileInZip64
zipWriteInFileInZip
zlibCompileFlags
zlibVersion

Sections

.text
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 80KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.00cfg
Size: 512B - Virtual size: 56B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gxfg
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.retplne
Size: 512B - Virtual size: 140B

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_RDATA
Size: 512B - Virtual size: 500B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1008B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
EvilEye.exe
.exe windows:6 windows x64 arch:x64

c7269d59926fa4252270f407e4dab043

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

WriteFile
WriteConsoleW
WaitForMultipleObjects
WaitForSingleObject
VirtualQuery
VirtualFree
VirtualAlloc
SwitchToThread
SuspendThread
Sleep
SetWaitableTimer
SetUnhandledExceptionFilter
SetProcessPriorityBoost
SetEvent
SetErrorMode
SetConsoleCtrlHandler
ResumeThread
PostQueuedCompletionStatus
LoadLibraryA
LoadLibraryW
SetThreadContext
GetThreadContext
GetSystemInfo
GetSystemDirectoryA
GetStdHandle
GetQueuedCompletionStatusEx
GetProcessAffinityMask
GetProcAddress
GetEnvironmentStringsW
GetConsoleMode
FreeEnvironmentStringsW
ExitProcess
DuplicateHandle
CreateWaitableTimerExW
CreateThread
CreateIoCompletionPort
CreateFileA
CreateEventA
CloseHandle
AddVectoredExceptionHandler

Sections

.text
Size: 671KB - Virtual size: 671KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 740KB - Virtual size: 740KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 95KB - Virtual size: 460KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 29KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.symtab
Size: 512B - Virtual size: 4B

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1d2b02d655aef49cb46e51cf69f91bfa

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

0f:af:69:d7:a3:81:e9:2b:82:9f:9d:6e:3d:ad:92:5bCertificate

Extended Key Usages

Key Usages

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

0f:af:69:d7:a3:81:e9:2b:82:9f:9d:6e:3d:ad:92:5bCertificate

Extended Key Usages

Key Usages

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16Certificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

bd:bd:39:64:7d:93:91:8c:7e:e0:14:14:43:ce:dc:bd:09:95:58:2a:c5:79:f5:2d:89:18:e1:60:fd:c3:2d:9fSigner

aa:46:8c:99:bd:95:ed:be:4c:80:09:43:53:20:0a:a7:cd:26:b1:b5Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

netapi32

advapi32

dbghelp

gdi32

kernel32

ole32

oleaut32

shell32

user32

version

winmm

ws2_32

msvcp140

userenv

vcruntime140

vcruntime140_1

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-convert-l1-1-0

Exports

Exports

Sections

.text Size: 770KB - Virtual size: 770KB

.rdata Size: 452KB - Virtual size: 452KB

.data Size: 12KB - Virtual size: 20KB

.pdata Size: 46KB - Virtual size: 46KB

.reloc Size: 3KB - Virtual size: 2KB

5387784b984c039a9d1ded65139ff8ed

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

0f:af:69:d7:a3:81:e9:2b:82:9f:9d:6e:3d:ad:92:5bCertificate

Extended Key Usages

Key Usages

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

0f:af:69:d7:a3:81:e9:2b:82:9f:9d:6e:3d:ad:92:5bCertificate

Extended Key Usages

Key Usages

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

0f:af:69:d7:a3:81:e9:2b:82:9f:9d:6e:3d:ad:92:5b
Certificate

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

0f:af:69:d7:a3:81:e9:2b:82:9f:9d:6e:3d:ad:92:5b
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

bd:bd:39:64:7d:93:91:8c:7e:e0:14:14:43:ce:dc:bd:09:95:58:2a:c5:79:f5:2d:89:18:e1:60:fd:c3:2d:9f
Signer

aa:46:8c:99:bd:95:ed:be:4c:80:09:43:53:20:0a:a7:cd:26:b1:b5
Signer

.text
Size: 770KB - Virtual size: 770KB

.rdata
Size: 452KB - Virtual size: 452KB

.data
Size: 12KB - Virtual size: 20KB

.pdata
Size: 46KB - Virtual size: 46KB

.reloc
Size: 3KB - Virtual size: 2KB

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

0f:af:69:d7:a3:81:e9:2b:82:9f:9d:6e:3d:ad:92:5b
Certificate

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

0f:af:69:d7:a3:81:e9:2b:82:9f:9d:6e:3d:ad:92:5b
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

f3:0a:3b:83:6f:85:19:59:6a:1f:5b:c0:3a:97:43:59:40:e9:23:9e:44:27:c6:54:ce:d7:df:2b:cf:ea:51:c2
Signer

ae:ef:d0:04:71:64:af:49:28:13:c9:94:3b:92:ad:f4:4c:f9:eb:61
Signer

.text
Size: 70KB - Virtual size: 70KB

.rdata
Size: 22KB - Virtual size: 21KB

.data
Size: 1024B - Virtual size: 12KB

.pdata
Size: 4KB - Virtual size: 3KB

.detourc
Size: 26KB - Virtual size: 26KB

.detourd
Size: 512B - Virtual size: 64B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 3KB - Virtual size: 3KB

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

0f:af:69:d7:a3:81:e9:2b:82:9f:9d:6e:3d:ad:92:5b
Certificate

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

0f:af:69:d7:a3:81:e9:2b:82:9f:9d:6e:3d:ad:92:5b
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

41:33:9a:ba:b8:30:d7:da:54:7e:34:c6:5a:8e:d6:06:29:de:28:40:86:e3:52:52:2f:6a:ee:c6:7e:b3:6c:0c
Signer

b1:f5:32:80:a2:e8:a6:64:b3:12:db:4f:3d:a5:ea:a9:c9:03:fe:52
Signer