D:\Work\Client\_Symbols\Release\FormEditor.pdb
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
dcbac23d690b632a2e7643baa0ab01d0N.exe
Resource
win7-20240708-en
windows7-x64
0 signatures
120 seconds
Behavioral task
behavioral2
Sample
dcbac23d690b632a2e7643baa0ab01d0N.exe
Resource
win10v2004-20240802-en
windows10-2004-x64
1 signatures
120 seconds
General
-
Target
dcbac23d690b632a2e7643baa0ab01d0N.exe
-
Size
6.7MB
-
MD5
dcbac23d690b632a2e7643baa0ab01d0
-
SHA1
c2d2017a1652dc38679459c869bbc6681f2cfd28
-
SHA256
0f9e139cbf7ccb5c2d871f12aa3e3ca23a5ef4487d87cbe92ced602b5ba2eee0
-
SHA512
dc4e9a33a0276cf164451a7078f137511d64a21676c45faef0b1213fdfdd35bc201072d083b51a884f398c5179f93144f1bc8a9df762b3de3922f7dd7096bbca
-
SSDEEP
98304:QCzsYjceZyIBF3WKGCyIt/osVDuhaJSPGvByEkYydxb:TpjcejBlWKGCZtQyDuhaFZNydl
Score
3/10
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource dcbac23d690b632a2e7643baa0ab01d0N.exe
Files
-
dcbac23d690b632a2e7643baa0ab01d0N.exe.exe windows:6 windows x86 arch:x86
12a2e82f9f9a20259621b25ce239bb32
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
PDB Paths
Imports
aatrix_log
?msgBoxReturnWithTitle@Log@Aatrix@@SAHPBDH0W4Level@12@PAUHWND__@@00I@Z
?ptrMsgBoxWithTitle@Log@Aatrix@@SAHPBDH0W4Level@12@PAVCWnd@@00I@Z
?GetSystemError@Error@Aatrix@@SA?AV?$CStringT@DV?$StrTraitMFC_DLL@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@K@Z
?GetFileExceptionCause@Error@Aatrix@@SA?AV?$CStringT@DV?$StrTraitMFC_DLL@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@PAVCFileException@@@Z
?msgBoxReturn@Log@Aatrix@@SAHPBDH0W4Level@12@0I@Z
?LogAndShowMessage@Log@Aatrix@@SAXPBDH0W4Level@12@0ZZ
?LogSystemError@Error@Aatrix@@SAXW4Level@12@@Z
?LogMessage@Log@Aatrix@@SAXPBDH0W4Level@12@0ZZ
?LogSystemError@Error@Aatrix@@SAXV?$CStringT@DV?$StrTraitMFC_DLL@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@0W4Level@12@@Z
aatrix_database
?SetEin@TaxTable@Aatrix@@YAXPBD@Z
??0RecordSet@Aatrix@@QAE@PAVDatabaseEx@1@@Z
?SetQuerySelect@RecordSet@Aatrix@@QAEXPBD@Z
?AddQuerySelect@RecordSet@Aatrix@@QAEXPBD@Z
?SetQueryFrom@RecordSet@Aatrix@@QAEXPBD@Z
?SetQueryWhere@RecordSet@Aatrix@@QAEXPBD@Z
?Open@RecordSet@Aatrix@@QAE_NXZ
?GetField@RecordSet@Aatrix@@QBE?AV?$CStringT@DV?$StrTraitMFC_DLL@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@V34@@Z
?GetCategory@TaxTable@Aatrix@@YA?AV?$CStringT@DV?$StrTraitMFC_DLL@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@H@Z
?GetCombine@TaxTable@Aatrix@@YA?AV?$CStringT@DV?$StrTraitMFC_DLL@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@H@Z
?Open@RecordSet@Aatrix@@QAE_NPBDPAVDatabaseEx@2@@Z
?MatchAccountNumber@TaxTable@Aatrix@@YA_NHPBDAAV?$CStringT@DV?$StrTraitMFC_DLL@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@1@Z
?GetParentTaxType@TaxTable@Aatrix@@YA?AV?$CStringT@DV?$StrTraitMFC_DLL@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@H@Z
?GetOpen@DatabaseEx@Aatrix@@QBE_NXZ
?GetFieldValue@RecordSet@Aatrix@@QBE?AV?$CStringT@DV?$StrTraitMFC_DLL@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@H@Z
?GetSingleValue@DatabaseEx@Aatrix@@QAE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@ABV34@_N@Z
?GetOpen@AatrixDataDatabase@Aatrix@@QBE_NXZ
?GetSmartDB@AatrixDataDatabase@Aatrix@@QBEPAVDatabaseEx@2@XZ
?RecordCount@RecordSet@Aatrix@@QBEHXZ
?Close@RecordSet@Aatrix@@QAE_NXZ
?SetQueryGroupBy@RecordSet@Aatrix@@QAEXPBD@Z
?GetChangeCount@DatabaseEx@Aatrix@@QAEHXZ
?ExecuteUpdate@DatabaseEx@Aatrix@@QAE_NPBD0@Z
?AddQueryWhere@RecordSet@Aatrix@@QAEXPBD0_N@Z
?ExecuteDelete@DatabaseEx@Aatrix@@QAE_NPBD0@Z
?GetStateWithholdingTaxType@TaxTable@Aatrix@@YAHPBD@Z
?ExecuteUpdate@DatabaseEx@Aatrix@@QAE_NPBDH@Z
?FindFieldName@RecordSet@Aatrix@@QBEHV?$CStringT@DV?$StrTraitMFC_DLL@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@@Z
?GetLastInsertID@DatabaseEx@Aatrix@@QAE?AV?$CStringT@DV?$StrTraitMFC_DLL@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@XZ
?GetFieldName@RecordSet@Aatrix@@QBE?AV?$CStringT@DV?$StrTraitMFC_DLL@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@H@Z
?GetW2Name@TaxTable@Aatrix@@YA?AV?$CStringT@DV?$StrTraitMFC_DLL@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@H@Z
?GetFieldCount@RecordSet@Aatrix@@QBEHXZ
?FirstID@DatabaseEx@Aatrix@@2HB
?SetQueryWhere@RecordSet@Aatrix@@QAEXPBDH@Z
?SetDatabase@RecordSet@Aatrix@@QAEXPAVDatabaseEx@2@@Z
?GetRecordCount@DatabaseEx@Aatrix@@QAEHPBD@Z
?ExecuteInsert@DatabaseEx@Aatrix@@QAE_NPBDH@Z
?ClearFields@DatabaseEx@Aatrix@@QAEXXZ
?Open@TaxTable@Aatrix@@YA_NH@Z
?FormatString@DatabaseEx@Aatrix@@SA?AV?$CStringT@DV?$StrTraitMFC_DLL@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@PBD@Z
?SetQueryWhere@RecordSet@Aatrix@@QAEXPBD0_N@Z
?GetTaxTypeCode@TaxTable@Aatrix@@YA?AV?$CStringT@DV?$StrTraitMFC_DLL@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@H@Z
?GetName@TaxTable@Aatrix@@YA?AV?$CStringT@DV?$StrTraitMFC_DLL@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@H@Z
?GetState@TaxTable@Aatrix@@YA?AV?$CStringT@DV?$StrTraitMFC_DLL@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@H@Z
?CommitTransaction@DatabaseEx@Aatrix@@QAE_NXZ
?ClearQuery@RecordSet@Aatrix@@QAEXXZ
?RollbackTransaction@DatabaseEx@Aatrix@@QAE_NXZ
?BeginTransaction@DatabaseEx@Aatrix@@QAE_N_N@Z
?Close@DatabaseEx@Aatrix@@QAE_NXZ
??1DatabaseEx@Aatrix@@QAE@XZ
??0DatabaseEx@Aatrix@@QAE@XZ
?GetFieldValue@RecordSet@Aatrix@@QBE?AV?$CStringT@DV?$StrTraitMFC_DLL@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@V34@@Z
?GetColumnString@RecordSet@Aatrix@@QBEPBDV?$CStringT@DV?$StrTraitMFC_DLL@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@@Z
?IsEOF@RecordSet@Aatrix@@QAE_NXZ
?GetFieldType@RecordSet@Aatrix@@QBEHH@Z
?ExecuteDelete@DatabaseEx@Aatrix@@QAE_NPBDH@Z
?GetSubcategory@TaxTable@Aatrix@@YA?AV?$CStringT@DV?$StrTraitMFC_DLL@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@H@Z
?MoveNext@RecordSet@Aatrix@@QAEXXZ
?AddQueryWhere@RecordSet@Aatrix@@QAEXPBD@Z
?AddQueryJoin@RecordSet@Aatrix@@QAEXPBD@Z
?GetDatabaseFilePathName@AatrixDataDatabase@Aatrix@@QBE?AV?$CStringT@DV?$StrTraitMFC_DLL@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@XZ
?GetTransactionQueryCount@DatabaseEx@Aatrix@@QBEHXZ
?FormatDate@DatabaseEx@Aatrix@@SA?AV?$CStringT@DV?$StrTraitMFC_DLL@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@PBD@Z
?AddNullField@DatabaseEx@Aatrix@@QAEXPBD@Z
?GetW2Box12TaxType@TaxTable@Aatrix@@YAHPBD@Z
?GetTaxType@TaxTable@Aatrix@@YAHPBD00@Z
?MoveFirst@RecordSet@Aatrix@@QAEXXZ
?GetRecordCount@RecordSet@Aatrix@@QBEHXZ
?Open@RecordSet@Aatrix@@QAE_NPBDPAVAatrixDataDatabase@2@@Z
??1RecordSet@Aatrix@@QAE@XZ
??0RecordSet@Aatrix@@QAE@XZ
?GetInstance@AatrixDataDatabase@Aatrix@@SAPAV12@XZ
?GetStateUnemploymentTaxType@TaxTable@Aatrix@@YAHPBD@Z
?AddQueryWhere@RecordSet@Aatrix@@QAEXPBDH@Z
?EncryptDatabase@DatabaseEx@Aatrix@@QAE_NV?$CStringT@DV?$StrTraitMFC_DLL@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@0@Z
?Open@DatabaseEx@Aatrix@@UAE_NPBD0_N@Z
?GetMasterTaxType@TaxTable@Aatrix@@YAHH@Z
?GetActive@TaxTable@Aatrix@@YA?AV?$CStringT@DV?$StrTraitMFC_DLL@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@H@Z
?ExecuteDelete@DatabaseEx@Aatrix@@QAE_NPBD@Z
?GetIsOpen@TaxTable@Aatrix@@YA_NXZ
aatrix_filesystem
?GetFileExt@FileSystem@Aatrix@@SA?AV?$CStringT@DV?$StrTraitMFC_DLL@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@PBD@Z
?CreateDirectoryA@FileSystem@Aatrix@@SA_NPBD_N@Z
?Flush@CAtrxFileStream@@QAEXXZ
?Read@CAtrxFileStream@@QAEXPADAAH@Z
?GetLine@CAtrxFileStream@@QAEXPADHPBDH@Z
?IsEof@CAtrxFileStream@@QBE_NXZ
?Write@CAtrxFileStream@@QAEXPBDH@Z
?GetExtension@FileSystem@Aatrix@@SA?AV?$CStringT@DV?$StrTraitMFC_DLL@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@PBD@Z
?Copy@CAtrxFileStream@@QAEXAAV1@@Z
?SetCrypto@CAtrxFileStream@@QAEXHPBDHJ@Z
?Ignore@CAtrxFileStream@@QAEXHH@Z
?SetCrypto@CAtrxFileStream@@QAEXHIJ@Z
?Open@CAtrxFileStream@@QAEJPBDH@Z
??1CAtrxFileStream@@UAE@XZ
??0CAtrxFileStream@@QAE@XZ
?BackupFile@FileSystem@Aatrix@@SA_NPBD_N@Z
?DeleteFileA@FileSystem@Aatrix@@SA_NPBD_N@Z
?GetFileVersion@FileSystem@Aatrix@@SA?AV?$CStringT@DV?$StrTraitMFC_DLL@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@PBD0@Z
?_deleteFilePathArray@FileSystem@Aatrix@@SAXPAVCStringArray@@@Z
?FindDirectories@FileSystem@Aatrix@@SA_NPBD0_NPAPAVCStringArray@@@Z
?GetFileSize@FileSystem@Aatrix@@SAKPBD@Z
?GetFileName@FileSystem@Aatrix@@SA?AV?$CStringT@DV?$StrTraitMFC_DLL@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@PBD@Z
?GetAatrixLocalAppDataDirectory@FileSystem@Aatrix@@SA?AV?$CStringT@DV?$StrTraitMFC_DLL@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@XZ
?GetPathRoot@FileSystem@Aatrix@@SA?AV?$CStringT@DV?$StrTraitMFC_DLL@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@PBD@Z
?FormatDirectory@FileSystem@Aatrix@@SA?AV?$CStringT@DV?$StrTraitMFC_DLL@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@PBD@Z
?GetAatrixCompanyDirectory@FileSystem@Aatrix@@SA?AV?$CStringT@DV?$StrTraitMFC_DLL@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@PBD@Z
?CopyFileA@FileSystem@Aatrix@@SA_NPBD0_N@Z
?GetAatrixTempDirectory@FileSystem@Aatrix@@SA?AV?$CStringT@DV?$StrTraitMFC_DLL@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@XZ
?GetFileExists@FileSystem@Aatrix@@SA_NPBD@Z
?GetDirectory@FileSystem@Aatrix@@SA?AV?$CStringT@DV?$StrTraitMFC_DLL@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@PBD@Z
?GetAppDirectory@FileSystem@Aatrix@@SA?AV?$CStringT@DV?$StrTraitMFC_DLL@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@XZ
?ParseProductVersion@FileSystem@Aatrix@@SA?AV?$CStringT@DV?$StrTraitMFC_DLL@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@PBD0@Z
?OpenFile@FileSystem@Aatrix@@SA_NPBD@Z
?FindFiles@FileSystem@Aatrix@@SA_NPBD0_NPAPAVCStringArray@@@Z
?GetFileTitle@FileSystem@Aatrix@@SA?AV?$CStringT@DV?$StrTraitMFC_DLL@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@PBD@Z
?RemoveDirectoryA@FileSystem@Aatrix@@SA_NPBD_N@Z
?GetAatrixAppDataDirectory@FileSystem@Aatrix@@SA?AV?$CStringT@DV?$StrTraitMFC_DLL@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@XZ
?GetFileModifiedDate@FileSystem@Aatrix@@SA?AVCTime@ATL@@PBD@Z
?Close@CAtrxFileStream@@QAEXXZ
?GetDesktopDirectory@FileSystem@Aatrix@@SA?AV?$CStringT@DV?$StrTraitMFC_DLL@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@XZ
aatrix_form
?FormType_Suta@FormIndex@Aatrix@@2QBDB
?FormType_State@FormIndex@Aatrix@@2QBDB
?FormType_State_Local@FormIndex@Aatrix@@2QBDB
?FormType_CertifiedPayroll@FormIndex@Aatrix@@2QBDB
?FormType_W2_1099@FormIndex@Aatrix@@2QBDB
?FormType_1099@FormIndex@Aatrix@@2QBDB
?GetFormType@FormIndex@Aatrix@@QBE?AV?$CStringT@DV?$StrTraitMFC_DLL@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@PBDW4AppMode@2@@Z
?GetState@FormIndex@Aatrix@@QBE?AV?$CStringT@DV?$StrTraitMFC_DLL@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@PBD@Z
?ReadFile@FormIndex@Aatrix@@QAE_NXZ
??1FormIndex@Aatrix@@QAE@XZ
??0FormIndex@Aatrix@@QAE@XZ
?FormType_State_Suta@FormIndex@Aatrix@@2QBDB
aufdatabase
?Convert_SQL_To_AufFile@AufDatabase@Aatrix@@QAE_NV?$CStringT@DV?$StrTraitMFC_DLL@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@0_NPAD1@Z
??1AufDatabase@Aatrix@@UAE@XZ
?Convert_AufFile_To_SQL@AufDatabase@Aatrix@@QAE_NV?$CStringT@DV?$StrTraitMFC_DLL@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@0_NPADH1@Z
??0AufDatabase@Aatrix@@QAE@XZ
?SetVersion@AufDatabase@Aatrix@@QAEXV?$CStringT@DV?$StrTraitMFC_DLL@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@@Z
?Open@AufDatabase@Aatrix@@QAE_NPBD0@Z
aatrix_xml
??1CAXMLDocument@@QAE@XZ
?load@CAXMLDocument@@SAPAV1@PBDPAHPADH@Z
?getDocumentElement@CAXMLDocument@@QAEPAVCAXMLNode@@XZ
?getAttribute@CAXMLNode@@QBEPBDPBD@Z
?selectNodes@CAXMLNode@@QBE?AV?$shared_ptr@VCAXMLNodeList@@@std@@PBD_N@Z
?length@CAXMLNodeList@@QAEHXZ
?item@CAXMLNodeList@@QAEPAVCAXMLNode@@H@Z
?createDocument@CAXMLDocument@@SAPAV1@XZ
?createElement@CAXMLDocument@@QAEPAVCAXMLNode@@PBD@Z
?setAttribute@CAXMLNode@@QBEXPBD0@Z
?appendChild@CAXMLNode@@QBEPAV1@PAV1@_N@Z
?save@CAXMLDocument@@QBEHPBD@Z
?getXMLError@CAXMLDocument@@QBEXPAHPADH@Z
aatrix_webview2
?CreateDialogAndOpenDB@WebView2MsgBox@@SAHPAUHWND__@@IPBDABV?$vector@PBDV?$allocator@PBD@std@@@std@@@Z
aatrix_telemetry
?InsertLog@Telemetry@Aatrix@@QBE_NPBDABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?SetDatabase@Telemetry@Aatrix@@QAE_NPAVDatabaseEx@2@@Z
??1Telemetry@Aatrix@@QAE@XZ
??0Telemetry@Aatrix@@QAE@XZ
mfc140
ord14375
ord1706
ord4796
ord5098
ord12373
ord985
ord13200
ord1064
ord1204
ord2560
ord4490
ord4210
ord3140
ord9083
ord6464
ord3789
ord4468
ord581
ord14422
ord13455
ord5398
ord8705
ord4218
ord6581
ord3924
ord2524
ord4476
ord13278
ord13582
ord13584
ord5826
ord2992
ord5568
ord2202
ord2165
ord1507
ord1389
ord890
ord13230
ord9092
ord4227
ord3250
ord6806
ord3689
ord5401
ord3688
ord1696
ord7592
ord12159
ord10948
ord1406
ord6283
ord11879
ord11878
ord11880
ord11877
ord11117
ord10519
ord11280
ord8999
ord10969
ord11182
ord8934
ord914
ord7346
ord5369
ord13863
ord3236
ord1178
ord1409
ord1922
ord4100
ord924
ord4086
ord509
ord5938
ord8996
ord10962
ord6473
ord7402
ord2210
ord7598
ord11848
ord10377
ord11528
ord11225
ord11222
ord7751
ord11065
ord2678
ord1425
ord13859
ord947
ord7363
ord10102
ord10101
ord9303
ord12031
ord12066
ord9183
ord6847
ord10001
ord10000
ord11094
ord8968
ord8870
ord8880
ord10458
ord9480
ord9944
ord9940
ord9468
ord9478
ord9463
ord8266
ord4121
ord5023
ord1443
ord13855
ord6853
ord13475
ord12969
ord2860
ord8776
ord7783
ord14054
ord8458
ord4870
ord14291
ord4869
ord13841
ord13028
ord13036
ord358
ord4866
ord14332
ord8188
ord6290
ord4085
ord1141
ord501
ord6200
ord10105
ord14404
ord12526
ord14223
ord8438
ord9165
ord8931
ord14131
ord11838
ord12948
ord2799
ord8420
ord4581
ord6832
ord2200
ord953
ord8429
ord7618
ord8347
ord12190
ord10383
ord12869
ord12806
ord8285
ord5336
ord10103
ord10099
ord10096
ord2484
ord12485
ord12484
ord14509
ord7886
ord14507
ord9353
ord4143
ord4082
ord12888
ord7905
ord12189
ord11972
ord2027
ord11928
ord11927
ord1860
ord14380
ord12474
ord7964
ord14581
ord6322
ord14583
ord6324
ord14582
ord6323
ord13830
ord8421
ord1070
ord5869
ord3844
ord5894
ord12182
ord8180
ord12194
ord12162
ord14149
ord5742
ord10202
ord1422
ord6788
ord3825
ord1456
ord13253
ord8435
ord982
ord1444
ord13556
ord968
ord7471
ord9258
ord10353
ord11442
ord12024
ord9194
ord12045
ord4578
ord3835
ord12120
ord5348
ord11741
ord11746
ord9170
ord8172
ord1149
ord9307
ord8789
ord5931
ord11377
ord4486
ord2555
ord5914
ord13632
ord5915
ord1509
ord2383
ord2381
ord13634
ord13625
ord5910
ord1783
ord12403
ord6105
ord13041
ord14537
ord12400
ord5017
ord8358
ord3169
ord514
ord7107
ord14421
ord3669
ord8426
ord8679
ord4655
ord9085
ord1068
ord3864
ord2988
ord8703
ord4213
ord5858
ord3142
ord6471
ord6104
ord7619
ord6195
ord13681
ord2759
ord12163
ord10686
ord1000
ord9166
ord1169
ord3178
ord540
ord1066
ord362
ord1106
ord13966
ord12808
ord12894
ord450
ord3946
ord2518
ord7459
ord12074
ord6193
ord13677
ord2758
ord9167
ord12115
ord1109
ord8997
ord10963
ord11343
ord10421
ord4084
ord458
ord3395
ord3396
ord3159
ord6505
ord3298
ord3295
ord10207
ord8173
ord14699
ord10237
ord10239
ord10238
ord10236
ord10240
ord5631
ord11671
ord11672
ord9096
ord12032
ord3830
ord11881
ord14502
ord8922
ord6947
ord10950
ord9213
ord3259
ord13798
ord12205
ord12201
ord1717
ord1739
ord1765
ord1751
ord1772
ord4920
ord4987
ord4932
ord4950
ord4944
ord4938
ord4997
ord4981
ord4926
ord5003
ord4958
ord4896
ord4911
ord4972
ord4493
ord5769
ord9647
ord4485
ord3050
ord14510
ord7887
ord14508
ord6848
ord11663
ord13628
ord5911
ord13597
ord2680
ord12067
ord12994
ord4303
ord11916
ord5564
ord5567
ord5560
ord6306
ord6809
ord12372
ord971
ord969
ord311
ord12826
ord7998
ord5565
ord3933
ord3363
ord4725
ord3364
ord4705
ord3258
ord12111
ord8300
ord3834
ord1142
ord3808
ord503
ord4246
ord4276
ord4242
ord8146
ord4733
ord11981
ord259
ord4820
ord4200
ord4170
ord2298
ord14322
ord14328
ord14334
ord8672
ord12528
ord6836
ord4104
ord5744
ord12705
ord7997
ord1695
ord13193
ord3230
ord12291
ord2376
ord14518
ord4841
ord12348
ord262
ord14571
ord306
ord266
ord265
ord12584
ord14238
ord7467
ord9169
ord6103
ord7961
ord1469
ord994
ord5102
ord9933
ord12503
ord13198
ord13199
ord13883
ord1661
ord1447
ord974
ord5861
ord6936
ord5960
ord9089
ord8031
ord4216
ord8026
ord5155
ord5792
ord13574
ord6563
ord11689
ord7460
ord13678
ord11700
ord2631
ord1110
ord3160
ord461
ord6506
ord9318
ord11087
ord13900
ord11086
ord14492
ord10670
ord10203
ord12021
ord12041
ord10381
ord12114
ord8947
ord5347
ord3931
ord5356
ord366
ord8135
ord14425
ord2649
ord4080
ord4129
ord1126
ord12036
ord12905
ord2716
ord9438
ord4693
ord12601
kernel32
GetCurrentDirectoryW
CreateDirectoryW
CreateFileW
DeleteFileW
FindClose
FindFirstFileW
FindNextFileW
GetFileAttributesW
GetFullPathNameW
RemoveDirectoryW
SetFileAttributesW
SetFilePointer
GetTempPathW
GetTempPathA
GetModuleFileNameW
GetModuleHandleA
GetProcAddress
CopyFileW
MoveFileW
MoveFileExW
InitializeCriticalSection
Sleep
GetSystemTimeAsFileTime
GetTickCount
FormatMessageA
GetComputerNameW
GetACP
GetOEMCP
SetCurrentDirectoryW
QueryPerformanceFrequency
CloseHandle
CreateThread
GetFileSize
GetFileTime
ReadFile
SetEndOfFile
SetFileTime
WriteFile
LocalFileTimeToFileTime
MapViewOfFile
UnmapViewOfFile
CreateFileMappingA
IsBadReadPtr
HeapValidate
GetProcessHeaps
LoadLibraryW
GetSystemDirectoryA
lstrcpyW
ReleaseSemaphore
WaitForSingleObject
CreateSemaphoreA
GetCurrentDirectoryA
SetLastError
GetVersionExA
GetComputerNameA
OutputDebugStringA
InitializeCriticalSectionAndSpinCount
GetModuleHandleW
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
WakeAllConditionVariable
SleepConditionVariableSRW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
GetCurrentProcessId
InitializeSListHead
GetTimeZoneInformation
SystemTimeToFileTime
FileTimeToSystemTime
GetLocalTime
GetSystemTime
CompareFileTime
FindResourceA
LoadLibraryA
LoadResource
DeleteCriticalSection
DeleteFileA
DecodePointer
GetLastError
LoadLibraryExA
ExpandEnvironmentStringsA
HeapDestroy
HeapAlloc
HeapReAlloc
HeapFree
HeapSize
GetProcessHeap
EnterCriticalSection
LeaveCriticalSection
GetCurrentThreadId
InitializeCriticalSectionEx
GetPrivateProfileSectionA
GetPrivateProfileSectionNamesA
WritePrivateProfileStringA
GetPrivateProfileStringA
MultiByteToWideChar
FreeLibrary
WideCharToMultiByte
GetModuleHandleExA
GetModuleFileNameA
SizeofResource
LockResource
lstrcpyA
GetWindowsDirectoryA
CreateSymbolicLinkW
GetFileInformationByHandleEx
CreateHardLinkW
CreateDirectoryExW
DeviceIoControl
AreFileApisANSI
SetFileInformationByHandle
OutputDebugStringW
RaiseException
LocalFree
GetLocaleInfoEx
FindFirstFileExW
GetDiskFreeSpaceExW
GetFileAttributesExW
GetFileInformationByHandle
QueryPerformanceCounter
GetFinalPathNameByHandleW
user32
SetCursor
GetWindowRect
GetClientRect
InvalidateRect
RemoveMenu
ModifyMenuA
GetSubMenu
EnableMenuItem
DrawMenuBar
ReleaseCapture
SetCapture
GetKeyState
UpdateWindow
SetCaretPos
CopyRect
DrawFocusRect
GetSysColor
GetSystemMetrics
EnableWindow
SetRect
FillRect
GetDC
EmptyClipboard
CloseClipboard
GetCursorPos
SendMessageA
PeekMessageA
DispatchMessageA
TranslateMessage
ShowScrollBar
EnableScrollBar
LoadCursorA
CopyIcon
DestroyCursor
IsWindow
LockWindowUpdate
IsWindowVisible
SetWindowLongA
RedrawWindow
GetParent
SetFocus
RegisterClassA
CreateWindowExA
KillTimer
PostMessageA
DestroyWindow
SetWindowPos
SetTimer
DefWindowProcA
PtInRect
ScreenToClient
LoadCursorW
LoadImageA
UnregisterClassA
SetWindowsHookExA
UnhookWindowsHookEx
CallNextHookEx
LoadStringA
OpenClipboard
LoadMenuW
GetActiveWindow
gdi32
CreatePen
DeleteDC
LPtoDP
DPtoLP
SetPixel
CreateCompatibleDC
CreateCompatibleBitmap
BitBlt
GetCurrentObject
CreateFontIndirectA
GetTextMetricsA
SetTextColor
SetBkMode
SetBkColor
MoveToEx
LineTo
SetTextJustification
TextOutA
PatBlt
GetViewportOrgEx
GetROP2
GetObjectA
SelectObject
GetStockObject
GetBkColor
EnumFontsA
CreateSolidBrush
Polygon
RoundRect
RemoveFontResourceA
Rectangle
GetTextExtentPoint32A
GetDeviceCaps
Ellipse
DeleteObject
CreateFontA
CreateBrushIndirect
advapi32
CryptDeriveKey
CryptGetKeyParam
CryptGetUserKey
CryptExportKey
CryptImportKey
CryptHashData
CryptGetProvParam
CryptEnumProvidersA
RegCloseKey
RegEnumValueA
RegQueryValueExA
RegSetValueExA
RegSetValueExW
CryptGenRandom
CryptReleaseContext
CryptSignHashA
CryptDestroyHash
CryptCreateHash
CryptSetHashParam
CryptAcquireContextW
CryptAcquireContextA
RegOpenKeyExW
RegOpenKeyExA
RegEnumKeyExA
RegCreateKeyExA
GetUserNameA
RegQueryValueA
CryptDestroyKey
comctl32
ImageList_Draw
shlwapi
PathFindFileNameA
ole32
CoUninitialize
CoInitialize
oleaut32
SysFreeString
SystemTimeToVariantTime
VariantTimeToSystemTime
VarDateFromStr
VarUdateFromDate
gdiplus
GdiplusShutdown
ws2_32
WSAStartup
WSAGetLastError
WSAIoctl
gethostname
gethostbyname
bind
accept
__WSAFDIsSet
connect
ioctlsocket
getpeername
getsockname
getsockopt
htons
inet_addr
inet_ntoa
listen
closesocket
ntohs
recv
select
send
sendto
setsockopt
shutdown
socket
msvcp140
?tie@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEPAV?$basic_ostream@DU?$char_traits@D@std@@@2@XZ
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?width@ios_base@std@@QAE_J_J@Z
?width@ios_base@std@@QBE_JXZ
?flags@ios_base@std@@QBEHXZ
?good@ios_base@std@@QBE_NXZ
?uncaught_exception@std@@YA_NXZ
?_Winerror_map@std@@YAHH@Z
?_Syserror_map@std@@YAPBDH@Z
?_Xinvalid_argument@std@@YAXPBD@Z
?_Getdays@_Locinfo@std@@QBEPBDXZ
?_Getmonths@_Locinfo@std@@QBEPBDXZ
?_W_Getdays@_Locinfo@std@@QBEPBGXZ
?_W_Getmonths@_Locinfo@std@@QBEPBGXZ
?_Xbad_alloc@std@@YAXXZ
_Mbrtowc
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
?get@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEHXZ
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UAE@XZ
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@D@Z
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDD@Z
??0_Lockit@std@@QAE@H@Z
??1_Lockit@std@@QAE@XZ
?_Xlength_error@std@@YAXPBD@Z
?_Xout_of_range@std@@YAXPBD@Z
??Bid@locale@std@@QAEIXZ
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ
?always_noconv@codecvt_base@std@@QBE_NXZ
?in@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PAD1AAPAD@Z
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?eof@ios_base@std@@QBE_NXZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QBE?AVlocale@2@XZ
?eback@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?egptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?gbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXH@Z
?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAD00@Z
?epptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?_Gndec@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
?_Gninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
?_Gnavail@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBE_JXZ
?pbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXH@Z
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
?_Pnavail@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBE_JXZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXXZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAPAD0PAH001@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDXZ
?_Fiopen@std@@YAPAU_iobuf@@PBDHH@Z
?_Getcvt@_Locinfo@std@@QBE?AU_Cvtvec@@XZ
?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEPAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ
vcruntime140
__RTDynamicCast
__std_type_info_destroy_list
_except_handler4_common
__current_exception_context
__current_exception
strchr
_purecall
__std_terminate
__CxxFrameHandler3
__std_exception_copy
__std_exception_destroy
_CxxThrowException
memcpy
memmove
memchr
memset
strstr
wcsstr
api-ms-win-crt-stdio-l1-1-0
__p__commode
fclose
ferror
_telli64
_filelengthi64
_filelength
_chsize_s
fgets
fflush
fgetc
__stdio_common_vfprintf
fgetpos
fputc
fread
fsetpos
_fseeki64
__stdio_common_vsprintf_s
fwrite
putc
getc
ftell
fseek
fputs
feof
fopen_s
setvbuf
ungetc
_get_stream_buffer_pointers
_set_fmode
_fileno
__stdio_common_vsprintf
api-ms-win-crt-convert-l1-1-0
_fcvt_s
strtoul
atof
atoi
_itoa_s
_atoi64
strtol
api-ms-win-crt-time-l1-1-0
_tzset
_get_daylight
clock
_localtime64_s
strftime
_mktime64
_time64
_get_timezone
api-ms-win-crt-runtime-l1-1-0
_invalid_parameter_noinfo_noreturn
_errno
_resetstkoflw
_invalid_parameter_noinfo
abort
_controlfp_s
terminate
_register_thread_local_exe_atexit_callback
_c_exit
_seh_filter_dll
_exit
exit
_initterm_e
_initterm
_get_narrow_winmain_command_line
_set_app_type
_seh_filter_exe
_cexit
_crt_at_quick_exit
_crt_atexit
_execute_onexit_table
_register_onexit_function
_initialize_onexit_table
_initialize_narrow_environment
_configure_narrow_argv
api-ms-win-crt-filesystem-l1-1-0
_unlock_file
_lock_file
api-ms-win-crt-string-l1-1-0
isalpha
iswascii
tolower
toupper
_strnicmp
strncmp
isdigit
strncpy_s
strcat_s
towlower
strcpy_s
_strdup
towupper
_stricmp
isalnum
strnlen
api-ms-win-crt-heap-l1-1-0
malloc
calloc
_recalloc
realloc
free
_set_new_mode
api-ms-win-crt-multibyte-l1-1-0
_mbsnbcpy
_mbsrchr
_mbsnbicmp
_ismbclower
_ismbcupper
_ismbcalnum
_ismbcdigit
_ismbcalpha
_mbscmp
_mbsicmp
_mbschr
api-ms-win-crt-utility-l1-1-0
rand
srand
api-ms-win-crt-environment-l1-1-0
_dupenv_s
api-ms-win-crt-math-l1-1-0
_CIfmod
ceil
_except1
__setusermatherr
floor
api-ms-win-crt-locale-l1-1-0
_configthreadlocale
_setmbcp
___lc_codepage_func
shell32
ShellExecuteA
Sections
.text Size: 4.7MB - Virtual size: 4.7MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 1.4MB - Virtual size: 1.4MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 246KB - Virtual size: 272KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 25KB - Virtual size: 25KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 280KB - Virtual size: 280KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ