x64__installer___x32__[.]zip

Sharing

Copy URL

Twitter E-mail

General

Target

x64__installer___x32__.zip
Size

26.6MB
MD5

951895db4798737e96a7b22f0451ef01
SHA1

2c9727632f4bfd3eda91b3fdd689ad53cfaae925
SHA256

f548d1ad81af9ffb56e07ae96aef96702160d06a84db8802679686ef2b51d85e
SHA512

82e6d3898bd5504e5f9aefbc2ea373468f217cff5d651db24c3ef84cae6ffb35d14700d11dab758661b114c8c4a674974efbb1bd31b4abf47af13591c88cb178
SSDEEP

393216:q/eG13sFOO/XnV5ZN5JNCyvmgrfB6rX9wAH8owLrgY+HhHgSIrA/d0FuIxi:qxrO/9N52yvmcJ6rXTcvL8wA/CXxi

Score

3^/10

Malware Config

Signatures

Unsigned PE 17 IoCs

Checks for missing Authenticode signature.

Processes:

resource
unpack002/AppxSip/AppxSip.dll
unpack002/AppxSip/MSVidCtl.dll
unpack002/AppxSip/deploymentcsps.dll
unpack002/SEMgrPS/SEMgrPS.dll
unpack002/SEMgrPS/SensorsApi.dll
unpack002/SEMgrPS/netprofmsvc.dll
unpack002/SEMgrPS/wcimage.dll
unpack002/icu/iassam.dll
unpack002/icu/icu.dll
unpack002/icu/mtxoci.dll
unpack002/icu/oledlg.dll
unpack002/mscms/NPSM.dll
unpack002/mscms/scrrun.dll
unpack002/netprofm/TapiSysprep.dll
unpack002/netprofm/netprofm.dll
unpack002/netprofm/rpcnsh.dll
unpack002/netprofm/socialapis.dll

Files

x64__installer___x32__.zip
.zip

Password: 2024
__x64___setup___x32__.zip
.zip

Password: 2024
AppxSip/AppxSip.dll
.dll regsvr32 windows:10 windows x64 arch:x64

Password: 2024

e06fe0d53e5834d5eeea2d913edb0995

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

AppxSip.pdb

Imports

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o__errno
_o__execute_onexit_table
_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__register_onexit_function
_o__seh_filter_dll
_o__strnicmp
memmove
_o__wcsicmp
_o_free
_o_malloc
_o_qsort
_o_wcscpy_s
__C_specific_handler
__CxxFrameHandler3
_CxxThrowException
_o__cexit
_o___stdio_common_vswprintf
wcschr
wcsstr
_o__callnewh
_o__crt_atexit
_o___stdio_common_vsnwprintf_s
_o___stdio_common_vsnprintf_s
_o__configure_narrow_argv
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
wcsrchr
memcmp
memcpy

api-ms-win-crt-string-l1-1-0

memset
wcscmp
wcsncmp

api-ms-win-core-errorhandling-l1-1-0

RaiseException
SetUnhandledExceptionFilter
GetLastError
UnhandledExceptionFilter
SetLastError

api-ms-win-core-synch-l1-1-0

EnterCriticalSection
LeaveCriticalSection
AcquireSRWLockExclusive
AcquireSRWLockShared
ReleaseSRWLockShared
InitializeCriticalSectionEx
ReleaseSRWLockExclusive

api-ms-win-core-util-l1-1-0

DecodePointer

api-ms-win-eventing-provider-l1-1-0

EventRegister
EventWriteTransfer
EventUnregister
EventSetInformation

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
IsDebuggerPresent
DebugBreak

api-ms-win-core-processthreads-l1-1-0

OpenThreadToken
GetCurrentThread
TlsSetValue
GetCurrentThreadId
GetCurrentProcess
TerminateProcess
GetCurrentProcessId
TlsAlloc
TlsGetValue

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-synch-l1-2-0

InitOnceBeginInitialize
InitOnceComplete

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlCaptureContext
RtlVirtualUnwind

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetVersionExW
GetLocalTime

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-libraryloader-l1-1-0

FindStringOrdinal
GetModuleHandleW
LoadLibraryExW
GetProcAddress
FreeLibrary
GetModuleFileNameA
GetModuleHandleExW
LoadLibraryExA
LoadResource
LockResource
SizeofResource

ntdll

RtlLookupElementGenericTableAvl
RtlNumberGenericTableElementsAvl
RtlReportException
NtQuerySystemInformation
RtlEnterCriticalSection
RtlSetLastWin32Error
RtlDeleteCriticalSection
RtlInitializeCriticalSection
RtlEnumerateGenericTableWithoutSplayingAvl
RtlNtStatusToDosError
RtlInitUnicodeString
RtlLeaveCriticalSection
RtlCompareUnicodeString
RtlInsertElementGenericTableAvl
RtlInitializeGenericTableAvl
RtlDeleteElementGenericTableAvl

api-ms-win-core-heap-l1-1-0

HeapFree
HeapAlloc
GetProcessHeap

api-ms-win-core-file-l1-2-0

GetTempPathW

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-file-l1-1-0

CreateFileW
DeleteFileW
DeleteFileA
GetFullPathNameW
GetFileAttributesW

api-ms-win-core-string-l1-1-0

CompareStringW
WideCharToMultiByte
CompareStringOrdinal
CompareStringEx

api-ms-win-core-url-l1-1-0

PathIsURLW

api-ms-win-core-registry-l1-1-0

RegGetValueW

api-ms-win-core-processenvironment-l1-1-0

GetEnvironmentVariableW

api-ms-win-core-heap-obsolete-l1-1-0

LocalFree

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

opcservices

ord12
ord8
ord16
ord15

api-ms-win-core-kernel32-legacy-l1-1-0

CopyFileW
FindResourceW
FileTimeToDosDateTime
DosDateTimeToFileTime

api-ms-win-core-file-l2-1-0

ReplaceFileW
MoveFileExW

api-ms-win-core-localization-obsolete-l1-2-0

CompareStringA

api-ms-win-core-timezone-l1-1-0

SystemTimeToFileTime

api-ms-win-security-base-l1-1-0

RevertToSelf
ImpersonateLoggedOnUser

Exports

Exports

AppxBundleSipCreateIndirectData
AppxBundleSipGetSignedDataMsg
AppxBundleSipIsFileSupportedName
AppxBundleSipPutSignedDataMsg
AppxBundleSipRemoveSignedDataMsg
AppxBundleSipVerifyIndirectData
AppxSipCreateIndirectData
AppxSipGetSignedDataMsg
AppxSipIsFileSupportedName
AppxSipPutSignedDataMsg
AppxSipRemoveSignedDataMsg
AppxSipVerifyIndirectData
DllCanUnloadNow
DllRegisterServer
DllUnregisterServer
EappxBundleSipCreateIndirectData
EappxBundleSipGetSignedDataMsg
EappxBundleSipIsFileSupportedName
EappxBundleSipPutSignedDataMsg
EappxBundleSipRemoveSignedDataMsg
EappxBundleSipVerifyIndirectData
EappxSipCreateIndirectData
EappxSipGetSignedDataMsg
EappxSipIsFileSupportedName
EappxSipPutSignedDataMsg
EappxSipRemoveSignedDataMsg
EappxSipVerifyIndirectData
P7xSipCreateIndirectData
P7xSipGetSignedDataMsg
P7xSipIsFileSupportedName
P7xSipPutSignedDataMsg
P7xSipRemoveSignedDataMsg
P7xSipVerifyIndirectData

Sections

.text
Size: 199KB - Virtual size: 199KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 49KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 440B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 832B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
AppxSip/MSVidCtl.dll
.dll regsvr32 windows:10 windows x64 arch:x64

Password: 2024

dd5e8a87d388e7f0e0dcb3f9ea5a64ef

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

MSVidCtl.pdb

Imports

msvcrt

_wsplitpath_s
wcscspn
swscanf
_wcsicmp
wcsncmp
iswalpha
??0exception@@QEAA@AEBQEBDH@Z
_callnewh
_XcptFilter
_amsg_exit
_initterm
?terminate@@YAXXZ
_lock
_unlock
__dllonexit
_onexit
??1type_info@@UEAA@XZ
memset
memmove
memcpy
memcmp
floor
__CxxFrameHandler3
_ui64tow
_errno
wcstol
wcsstr
iswspace
??8type_info@@QEBAHAEBV0@@Z
wcstoul
_vsnprintf
_wcsnicmp
_vsnwprintf
_itow
_wtoi
iswdigit
_purecall
realloc
wcscat_s
malloc
??0exception@@QEAA@XZ
memmove_s
??0exception@@QEAA@AEBQEBD@Z
??1exception@@UEAA@XZ
?what@exception@@UEBAPEBDXZ
memcpy_s
??0exception@@QEAA@AEBV0@@Z
wcsnlen
free
wcscpy_s
__C_specific_handler
_CxxThrowException
wcscmp

ole32

GetRunningObjectTable
MkParseDisplayName
CreateBindCtx
OleRegEnumVerbs
OleRegGetUserType
CreateOleAdviseHolder
OleRegGetMiscStatus
CreateDataAdviseHolder
CoGetMalloc
CoInitializeEx
CoWaitForMultipleHandles
CoUninitialize
ProgIDFromCLSID
StringFromCLSID
OleSaveToStream
WriteClassStm
OleLoadFromStream
StringFromGUID2
CoCreateFreeThreadedMarshaler
CLSIDFromString
CreateItemMoniker
CoTaskMemFree
CoTaskMemRealloc
CoCreateInstance
ReadClassStm
HDC_UserSize64
HDC_UserMarshal
HDC_UserUnmarshal64
HDC_UserFree
HDC_UserUnmarshal
HDC_UserMarshal64
HDC_UserSize
HDC_UserFree64
HWND_UserUnmarshal64
HWND_UserMarshal64
HWND_UserMarshal
HWND_UserSize
HWND_UserSize64
HWND_UserFree64
HWND_UserFree
HWND_UserUnmarshal
CoTaskMemAlloc

oleaut32

SafeArrayUnaccessData
SysStringByteLen
SysAllocStringLen
SafeArrayDestroy
LoadRegTypeLi
SafeArrayAccessData
CreateErrorInfo
VariantInit
VariantChangeTypeEx
VarCmp
OleCreatePictureIndirect
OleCreatePropertyFrame
SetErrorInfo
VariantChangeType
SysAllocStringByteLen
VarUI4FromStr
VariantClear
VariantCopy
LoadTypeLi
SysAllocString
SysStringLen
RegisterTypeLi
LPSAFEARRAY_UserSize64
LPSAFEARRAY_UserMarshal
LPSAFEARRAY_UserUnmarshal64
LPSAFEARRAY_UserMarshal64
LPSAFEARRAY_UserFree64
LPSAFEARRAY_UserUnmarshal
LPSAFEARRAY_UserFree
LPSAFEARRAY_UserSize
BSTR_UserMarshal64
BSTR_UserSize64
BSTR_UserFree64
VARIANT_UserUnmarshal64
VARIANT_UserFree64
BSTR_UserMarshal
VARIANT_UserMarshal
BSTR_UserUnmarshal
VARIANT_UserSize
VARIANT_UserUnmarshal
VARIANT_UserFree
BSTR_UserUnmarshal64
BSTR_UserFree
VARIANT_UserMarshal64
VARIANT_UserSize64
BSTR_UserSize
SysFreeString
SafeArrayCreate

kernel32

UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
InterlockedPopEntrySList
InterlockedPushEntrySList
FlushInstructionCache
GetProcessHeap
TerminateProcess
HeapAlloc
EncodePointer
LoadLibraryExA
VirtualFree
HeapFree
WriteFile
ExpandEnvironmentStringsW
OutputDebugStringA
GetTempPathW
GetLocalTime
SetLastError
GetCurrentThreadId
GlobalAlloc
GlobalLock
GlobalUnlock
GetTickCount64
GetCurrentProcessId
IsValidLocale
LoadLibraryW
GetSystemDirectoryW
WideCharToMultiByte
GetVersionExW
GetDriveTypeW
DeviceIoControl
CreateFileW
Sleep
GetLocaleInfoW
SetThreadExecutionState
DecodeSystemPointer
SizeofResource
GetCurrentProcess
DuplicateHandle
WaitForMultipleObjects
CreateThread
ResetEvent
SetEvent
SetUnhandledExceptionFilter
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
WakeAllConditionVariable
SleepConditionVariableSRW
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetTickCount
DecodePointer
CreateMutexW
LockResource
LoadResource
FindResourceW
ReleaseMutex
WaitForSingleObject
CloseHandle
CreateEventW
MultiByteToWideChar
FormatMessageW
lstrlenA
OutputDebugStringW
DebugBreak
GetSystemInfo
VirtualQuery
VirtualAlloc
VirtualProtect
GetModuleHandleW
lstrcpynW
lstrcmpiW
lstrlenW
lstrcpyW
HeapDestroy
DisableThreadLibraryCalls
FreeLibrary
EncodeSystemPointer
GetModuleFileNameW
LoadLibraryExW
GetProcAddress
GetLastError
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
RaiseException

user32

SetWindowLongPtrW
FillRect
LoadCursorW
wsprintfW
GetWindowLongPtrW
CreateWindowExW
RegisterClassExW
DefWindowProcW
BeginPaint
EndPaint
UnionRect
OffsetRect
SetWindowRgn
GetClassInfoExW
SetWindowPos
GetClientRect
PtInRect
SendMessageW
DestroyWindow
SetCursor
LoadImageW
DestroyAcceleratorTable
ShowWindow
CallWindowProcW
CharNextW
LoadStringW
CharPrevW
wvsprintfW
MsgWaitForMultipleObjectsEx
PeekMessageW
TranslateMessage
DispatchMessageW
PostThreadMessageW
IsWindow
CopyRect
MapWindowPoints
EqualRect
ReleaseDC
GetDC
SystemParametersInfoW
GetWindowRect
GetParent
IntersectRect
PostMessageW
GetKeyState
SetCapture
ReleaseCapture
SetTimer
KillTimer
GetDesktopWindow
InvalidateRect
SetFocus
GetFocus
IsChild

advapi32

RegQueryValueW
CryptGenRandom
CryptReleaseContext
RegCloseKey
RegOpenKeyExW
RegEnumKeyExW
RegQueryInfoKeyW
RegEnumValueW
CryptGetHashParam
CryptDestroyHash
CryptHashData
CryptCreateHash
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
CryptAcquireContextW
RegQueryValueExW
RegSetValueW
RegDeleteValueW
RegCreateKeyExW
RegSetValueExW

gdi32

DeleteDC
CreateCompatibleDC
SelectObject
CreateDIBitmap
DeleteMetaFile
CloseMetaFile
GetDeviceCaps
SetWindowOrgEx
SaveDC
SetWindowExtEx
CreateMetaFileW
CreateRectRgnIndirect
CreateSolidBrush
DeleteObject
RestoreDC

shlwapi

UrlIsW
PathCreateFromUrlW

rpcrt4

NdrCStdStubBuffer_Release
NdrStubForwardingFunction
NdrDllCanUnloadNow
IUnknown_AddRef_Proxy
NdrOleFree
IUnknown_Release_Proxy
NdrOleAllocate
IUnknown_QueryInterface_Proxy
NdrStubCall3
CStdStubBuffer_Invoke
NdrClientCall3
CStdStubBuffer_DebugServerQueryInterface
CStdStubBuffer_AddRef
CStdStubBuffer_CountRefs
CStdStubBuffer_QueryInterface
CStdStubBuffer_DebugServerRelease
CStdStubBuffer_Disconnect
CStdStubBuffer_IsIIDSupported
CStdStubBuffer_Connect
NdrCStdStubBuffer2_Release
NdrDllUnregisterProxy
NdrDllRegisterProxy
NdrDllGetClassObject

slc

SLGetWindowsInformationDWORD

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
GetProxyDllInfo

Sections

.text
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 266KB - Virtual size: 270KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 81KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 314KB - Virtual size: 314KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 60KB - Virtual size: 59KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
AppxSip/deploymentcsps.dll
.dll windows:10 windows x64 arch:x64

Password: 2024

2e29e86a1a3973521736ecbfb4f9b5b5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

deploymentcsps.pdb

Imports

msvcrt

?what@exception@@UEBAPEBDXZ
??1exception@@UEAA@XZ
??0exception@@QEAA@AEBV0@@Z
??0exception@@QEAA@AEBQEBDH@Z
??0exception@@QEAA@AEBQEBD@Z
_callnewh
__dllonexit
_vsnwprintf
memcpy_s
_unlock
_lock
_XcptFilter
_onexit
free
malloc
wcsncpy_s
_CxxThrowException
__C_specific_handler
_purecall
??_V@YAXPEAX@Z
__CxxFrameHandler3
_initterm
_amsg_exit
memcpy
memmove
_errno
realloc
??3@YAXPEAX@Z
_wcsicmp
_vsnprintf
wcschr
_wcsnicmp
toupper
??1type_info@@UEAA@XZ
memset

ntdll

RtlAllocateHeap
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
RtlFreeHeap

oleaut32

SysAllocString
VarUI4FromStr
VariantInit
SysFreeString

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW
LoadLibraryExW
FindResourceExW
GetModuleFileNameW
FreeLibrary
GetModuleFileNameA
LoadResource
DisableThreadLibraryCalls
GetProcAddress
SizeofResource

api-ms-win-core-com-l1-1-0

CoTaskMemAlloc
CoTaskMemRealloc
CoCreateInstance
CoTaskMemFree

api-ms-win-core-string-l2-1-0

CharNextW

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
UnhandledExceptionFilter
RaiseException
SetLastError
GetLastError

api-ms-win-core-registry-l1-1-0

RegQueryInfoKeyW
RegQueryValueExW
RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
RegCloseKey
RegOpenKeyExW
RegGetValueW
RegEnumKeyExW

api-ms-win-core-synch-l1-1-0

AcquireSRWLockExclusive
DeleteCriticalSection
ReleaseSRWLockExclusive
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection

api-ms-win-core-string-l1-1-0

MultiByteToWideChar

api-ms-win-core-heap-l1-1-0

HeapAlloc
HeapFree
GetProcessHeap

api-ms-win-eventing-provider-l1-1-0

EventUnregister
EventSetInformation
EventProviderEnabled
EventRegister
EventWriteTransfer

api-ms-win-core-processthreads-l1-1-0

TerminateProcess
CreateProcessW
GetCurrentThreadId
GetCurrentProcessId
GetCurrentProcess

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemTimeAsFileTime

api-ms-win-core-debug-l1-1-0

OutputDebugStringA

wdscore

CurrentIP
ConstructPartialMsgVW
WdsTerminate
WdsSetupLogMessageW
WdsInitialize

api-ms-win-core-heap-l2-1-0

LocalAlloc

api-ms-win-core-file-l1-1-0

CreateDirectoryW
GetFileAttributesW
GetFullPathNameW

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpiW

Exports

Exports

DllCanUnloadNow
DllGetClassObject

Sections

.text
Size: 44KB - Virtual size: 44KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 992B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
AppxSip/devenum.dll
.dll regsvr32 windows:10 windows x64 arch:x64

Password: 2024

4c9079c33bef679868c8dc14bf0fe71a

Code Sign

33:00:00:02:66:bd:15:80:ef:a7:5c:d6:d3:00:00:00:00:02:66
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

04-03-2020 18:30

Not After

03-03-2021 18:30

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19-10-2011 18:41

Not After

19-10-2026 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

6f:9e:99:aa:cf:23:07:0a:2d:84:76:5f:a8:29:7f:7f:a9:06:5a:9a:c4:e4:91:14:01:d7:c1:31:9f:48:ee:1c
Signer

Actual PE Digest

6f:9e:99:aa:cf:23:07:0a:2d:84:76:5f:a8:29:7f:7f:a9:06:5a:9a:c4:e4:91:14:01:d7:c1:31:9f:48:ee:1c

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

devenum.pdb

Imports

msvcrt

__C_specific_handler
memcpy
_onexit
__dllonexit
_unlock
_lock
_initterm
_amsg_exit
_XcptFilter
_callnewh
_purecall
malloc
free
realloc
memcpy_s
_vsnwprintf
memset

kernel32

HeapDestroy
GetProcAddress
CreateMutexExW
DeleteCriticalSection
GetCurrentProcessId
GetProcessHeap
GetModuleHandleW
FreeLibrary
DebugBreak
lstrcmpiW
HeapAlloc
IsDebuggerPresent
GetVersionExW
DisableThreadLibraryCalls
CompareStringW
lstrlenW
lstrcmpW
CreateMutexW
LocalAlloc
LocalFree
OpenMutexW
CompareStringOrdinal
Sleep
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
WakeAllConditionVariable
SleepConditionVariableSRW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetTickCount
FindResourceW
LoadResource
LoadLibraryW
CloseHandle
OpenSemaphoreW
WaitForSingleObjectEx
OutputDebugStringW
GetLastError
FormatMessageW
MultiByteToWideChar
ReleaseMutex
GetCurrentThreadId
WaitForSingleObject
InitializeCriticalSection
LeaveCriticalSection
GetModuleFileNameW
GetModuleHandleExW
lstrcpynW
ReleaseSemaphore
GetCurrentProcess
EnterCriticalSection
SetLastError
HeapFree
CreateSemaphoreExW
SizeofResource
GetModuleFileNameA
LoadLibraryExW

user32

CharNextW
LoadStringW

advapi32

RegDeleteKeyW
RegGetValueW
RegEnumKeyW
SetEntriesInAclW
ConvertSidToStringSidW
SetSecurityDescriptorDacl
RegCloseKey
RegQueryInfoKeyW
RegEnumKeyExW
IsValidSid
RegSetValueExW
OpenProcessToken
InitializeSecurityDescriptor
RegOpenKeyExW
RegDeleteValueW
GetLengthSid
RegQueryValueExW
GetTokenInformation
RegCreateKeyExW
CopySid

ole32

PropVariantClear
CreateAntiMoniker
IIDFromString
StringFromGUID2
CreateBindCtx
CoTaskMemRealloc
CoTaskMemFree
CoCreateInstance
CoTaskMemAlloc

oleaut32

SafeArrayAccessData
SafeArrayCreate
VariantClear
SysAllocString
VarI4FromStr
SysFreeString
VariantInit
SafeArrayUnaccessData

winmm

waveOutMessage
waveInGetNumDevs
waveOutGetDevCapsW
waveInMessage
waveInGetDevCapsW
midiOutGetNumDevs
midiOutGetDevCapsW

cfgmgr32

CM_Get_Device_Interface_AliasW
CM_Get_Device_Interface_PropertyW
CM_Get_Device_Interface_ListW
CM_Get_Device_Interface_List_SizeW
CM_MapCrToWin32Err
CM_Get_DevNode_PropertyW
CM_Locate_DevNodeW

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 69KB - Virtual size: 68KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 668B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
SEMgrPS/SEMgrPS.dll
.dll windows:10 windows x64 arch:x64

Password: 2024

7dcc2d309d96727b06e1bbb65b6597f9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

SEMgrPS.pdb

Imports

msvcrt

__C_specific_handler
malloc
_initterm
free
_amsg_exit
_XcptFilter

rpcrt4

CStdStubBuffer_IsIIDSupported
CStdStubBuffer_Connect
NdrCStdStubBuffer2_Release
NdrStubForwardingFunction
NdrDllGetClassObject
NdrDllCanUnloadNow
NdrCStdStubBuffer_Release
CStdStubBuffer_Invoke
IUnknown_QueryInterface_Proxy
CStdStubBuffer_Disconnect
CStdStubBuffer_DebugServerRelease
NdrOleAllocate
CStdStubBuffer_QueryInterface
IUnknown_AddRef_Proxy
CStdStubBuffer_DebugServerQueryInterface
CStdStubBuffer_CountRefs
IUnknown_Release_Proxy
CStdStubBuffer_AddRef
NdrOleFree
NdrStubCall3

api-ms-win-core-libraryloader-l1-2-0

DisableThreadLibraryCalls

api-ms-win-core-winrt-string-l1-1-0

HSTRING_UserUnmarshal64
HSTRING_UserSize
HSTRING_UserSize64
HSTRING_UserFree
HSTRING_UserMarshal64
HSTRING_UserUnmarshal
HSTRING_UserFree64
HSTRING_UserMarshal

api-ms-win-core-com-midlproxystub-l1-1-0

ObjectStublessClient7
ObjectStublessClient15
NdrProxyForwardingFunction23
ObjectStublessClient6
ObjectStublessClient8
ObjectStublessClient9
NdrProxyForwardingFunction21
ObjectStublessClient3
ObjectStublessClient10
ObjectStublessClient5
ObjectStublessClient11
ObjectStublessClient14
ObjectStublessClient12
ObjectStublessClient30
ObjectStublessClient16
NdrProxyForwardingFunction9
ObjectStublessClient18
NdrProxyForwardingFunction11
NdrProxyForwardingFunction13
NdrProxyForwardingFunction29
NdrProxyForwardingFunction12
ObjectStublessClient4
NdrProxyForwardingFunction10
CStdStubBuffer2_CountRefs
NdrProxyForwardingFunction6
CStdStubBuffer2_Disconnect
CStdStubBuffer2_QueryInterface
NdrProxyForwardingFunction4
NdrProxyForwardingFunction5
NdrProxyForwardingFunction3
NdrProxyForwardingFunction7
ObjectStublessClient13
CStdStubBuffer2_Connect
ObjectStublessClient22
ObjectStublessClient27
NdrProxyForwardingFunction19
ObjectStublessClient28
ObjectStublessClient20
ObjectStublessClient23
ObjectStublessClient19
ObjectStublessClient26
ObjectStublessClient17
ObjectStublessClient29
ObjectStublessClient21
ObjectStublessClient24
ObjectStublessClient25
NdrProxyForwardingFunction27
NdrProxyForwardingFunction26
NdrProxyForwardingFunction24
NdrProxyForwardingFunction18
NdrProxyForwardingFunction22
NdrProxyForwardingFunction17
NdrProxyForwardingFunction14
ObjectStublessClient31
NdrProxyForwardingFunction15
NdrProxyForwardingFunction20
NdrProxyForwardingFunction28
NdrProxyForwardingFunction8
NdrProxyForwardingFunction16
NdrProxyForwardingFunction25

oleaut32

BSTR_UserUnmarshal
BSTR_UserFree
BSTR_UserUnmarshal64
BSTR_UserSize
BSTR_UserMarshal
BSTR_UserFree64
BSTR_UserMarshal64
BSTR_UserSize64

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-processthreads-l1-1-0

TerminateProcess
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlVirtualUnwind
RtlLookupFunctionEntry

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
UnhandledExceptionFilter

Exports

Exports

DllCanUnloadNow
DllGetClassObject

Sections

.text
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 30KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 264B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1000B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
SEMgrPS/SensorsApi.dll
.dll regsvr32 windows:10 windows x64 arch:x64

Password: 2024

93f00183f6b2824f35a5ab3c1bf4de20

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

SensorsApi.pdb

Imports

api-ms-win-crt-string-l1-1-0

memmove_s
wcsncmp
memset
wcscmp

api-ms-win-crt-runtime-l1-1-0

_initterm
_initterm_e

api-ms-win-crt-private-l1-1-0

_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__purecall
_o__recalloc
_o__register_onexit_function
_o__resetstkoflw
_o__seh_filter_dll
_o__wcsicmp
_o__wcsnicmp
memmove
_o_calloc
_o_free
_o_malloc
_o_strncat_s
_o_toupper
_o_wcscat_s
_o_wcscpy_s
_o_wcsncpy_s
_o_wmemcpy_s
__CxxFrameHandler3
_CxxThrowException
wcsrchr
_o__execute_onexit_table
_o__errno
_o__crt_atexit
_o__configure_narrow_argv
_o__cexit
_o__callnewh
_o___stdio_common_vswprintf
_o___stdio_common_vsnprintf_s
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
__std_terminate
__C_specific_handler
__CxxFrameHandler4
memcmp
memcpy

rpcrt4

CStdStubBuffer_AddRef
CStdStubBuffer_Invoke
IUnknown_Release_Proxy
NdrClientCall3
NdrDllUnregisterProxy
CStdStubBuffer_CountRefs
CStdStubBuffer_QueryInterface
NdrCStdStubBuffer_Release
I_RpcExceptionFilter
RpcBindingFree
RpcBindingBind
RpcBindingCreateW
CStdStubBuffer_Connect
NdrDllCanUnloadNow
CStdStubBuffer_IsIIDSupported
IUnknown_QueryInterface_Proxy
CStdStubBuffer_Disconnect
IUnknown_AddRef_Proxy
CStdStubBuffer_DebugServerQueryInterface
NdrDllGetClassObject
NdrDllRegisterProxy
CStdStubBuffer_DebugServerRelease
NdrOleAllocate
NdrOleFree

api-ms-win-core-com-midlproxystub-l1-1-0

ObjectStublessClient4
ObjectStublessClient11
ObjectStublessClient12
ObjectStublessClient8
ObjectStublessClient16
ObjectStublessClient14
ObjectStublessClient3
ObjectStublessClient7
ObjectStublessClient9
ObjectStublessClient6
ObjectStublessClient10
ObjectStublessClient15
ObjectStublessClient17
ObjectStublessClient13
ObjectStublessClient5

api-ms-win-core-libraryloader-l1-2-0

GetProcAddress
LoadLibraryExW
DisableThreadLibraryCalls
GetModuleHandleExW
SizeofResource
LockResource
LoadResource
FindResourceExW
GetModuleHandleW
GetModuleFileNameW
GetModuleFileNameA

api-ms-win-core-localization-l1-2-0

FormatMessageW
GetThreadLocale
SetThreadLocale

api-ms-win-core-synch-l1-2-0

Sleep
InitOnceExecuteOnce
InitOnceComplete
InitOnceBeginInitialize

api-ms-win-core-registry-l1-1-0

RegSetValueExW
RegEnumKeyExW
RegCreateKeyExW
RegOpenKeyExW
RegSetKeySecurity
RegGetKeySecurity
RegQueryValueExW
RegCloseKey
RegQueryInfoKeyW

api-ms-win-core-synch-l1-1-0

EnterCriticalSection
DeleteCriticalSection
CreateSemaphoreExW
InitializeCriticalSection
WaitForSingleObject
LeaveCriticalSection
CreateMutexExW
InitializeCriticalSectionAndSpinCount
OpenSemaphoreW
CreateEventW
WaitForSingleObjectEx
ReleaseSemaphore
ResetEvent
InitializeCriticalSectionEx
AcquireSRWLockShared
WaitForMultipleObjectsEx
CreateEventExW
ReleaseMutex
AcquireSRWLockExclusive
SetEvent
ReleaseSRWLockShared
ReleaseSRWLockExclusive
TryAcquireSRWLockExclusive
InitializeSRWLock

api-ms-win-core-heap-l1-1-0

HeapDestroy
HeapReAlloc
HeapFree
HeapSize
GetProcessHeap
HeapAlloc

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
SetLastError
GetLastError
SetUnhandledExceptionFilter
RaiseException

api-ms-win-eventing-provider-l1-1-0

EventProviderEnabled
EventUnregister
EventWriteTransfer
EventRegister
EventSetInformation

api-ms-win-eventing-classicprovider-l1-1-0

UnregisterTraceGuids
RegisterTraceGuidsW
GetTraceEnableLevel
GetTraceEnableFlags
GetTraceLoggerHandle
TraceMessage

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcessId
ExitProcess
GetCurrentThreadId
TerminateProcess
CreateThread
OpenProcessToken
GetCurrentProcess

api-ms-win-core-string-l2-1-0

CharNextW

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
OutputDebugStringW
DebugBreak

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-winrt-error-l1-1-0

RoOriginateError
SetRestrictedErrorInfo

api-ms-win-core-util-l1-1-0

DecodePointer

api-ms-win-core-file-l1-1-0

CreateFileW
ReadFile

api-ms-win-core-string-l1-1-0

MultiByteToWideChar

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlCaptureContext
RtlLookupFunctionEntry

api-ms-win-core-processthreads-l1-1-1

OpenProcess
IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceFrequency
QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetTickCount64
GetSystemTimeAsFileTime
GetTickCount

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-shcore-unicodeansi-l1-1-0

SHAnsiToUnicode

user32

DispatchMessageW
LoadStringW
LoadCursorW
SetCursor
TranslateMessage
PostQuitMessage
PeekMessageW
DialogBoxParamW
EndDialog
IsWindow
UnregisterClassA
MsgWaitForMultipleObjectsEx

sensorsutilsv2

PropVariantGetInformation
PropKeyFindKeySetPropVariant
PropKeyFindKeyGetFloat
PropKeyFindKeyGetDouble
CollectionsListGetSerializedSize
InitPropVariantFromFloat
PropKeyFindKeyGetPropVariant
CollectionsListCopyAndMarshall
PropKeyFindKeyGetFileTime
PropKeyFindKeyGetUlong
IsKeyPresentInCollectionList
CollectionsListGetMarshalledSize
IsCollectionListSame
PropKeyFindKeyGetGuid
CollectionsListDeserializeFromBuffer

sensorsnativeapi.v2

SensorGetCapabilitiesCollectionV2
SensorOpenByInterfaceV2
SensorCloseV2
SensorStartCollectionV2
SensorStartStateChangeNotificationV2
SensorGetSupportedDataFieldsV2
SensorGetDataCollectionV2
SensorEnableIdleOperationV2
SensorSetDataIntervalV2
SensorSetDataThresholdsV2
SensorGetDataIntervalV2
SensorGetDataThresholdsV2
SensorGetPropertiesV2
SensorGetDataFieldPropertiesV2
SensorStopV2
SensorStopStateChangeNotificationV2

api-ms-win-core-marshal-l1-1-0

HWND_UserSize
HWND_UserSize64
HWND_UserUnmarshal
HWND_UserMarshal64
HWND_UserUnmarshal64
HWND_UserMarshal
HWND_UserFree
HWND_UserFree64

msvcp_win

?_Xlength_error@std@@YAXPEBD@Z
_Mtx_lock
?_Throw_C_error@std@@YAXH@Z
_Mtx_init_in_situ
_Mtx_destroy_in_situ
?_Xbad_function_call@std@@YAXXZ
_Mtx_unlock

api-ms-win-core-threadpool-l1-2-0

SubmitThreadpoolWork
CreateThreadpoolTimer
SetThreadpoolTimer
CreateThreadpool
CloseThreadpool
CloseThreadpoolWork
WaitForThreadpoolWorkCallbacks
CreateThreadpoolWork
CloseThreadpoolTimer
SetThreadpoolThreadMinimum
WaitForThreadpoolTimerCallbacks
SetThreadpoolThreadMaximum

api-ms-win-security-base-l1-1-0

IsWellKnownSid
GetTokenInformation
SetSecurityDescriptorDacl
GetSecurityDescriptorDacl
GetAclInformation
GetLengthSid
AddAccessAllowedAceEx
InitializeAcl
InitializeSecurityDescriptor
CheckTokenMembership
FreeSid
GetAce
AllocateAndInitializeSid
IsValidSid
AddAce
CopySid

api-ms-win-core-heap-l2-1-0

LocalFree
LocalAlloc

api-ms-win-core-winrt-error-l1-1-1

RoGetMatchingRestrictedErrorInfo

api-ms-win-core-psapi-l1-1-0

K32GetModuleBaseNameW

api-ms-win-core-timezone-l1-1-0

FileTimeToSystemTime

api-ms-win-core-io-l1-1-0

GetOverlappedResult
CancelIoEx

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

ntdll

WinSqmIsOptedIn
WinSqmAddToStreamEx

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
SensorCloseCOM
SensorEnableIdleOperationCOM
SensorGetAccDataCOM
SensorGetAlsDataCOM
SensorGetAlsDataWithColorCOM
SensorGetBarDataCOM
SensorGetCapabilitiesCollectionCOM
SensorGetDataCollectionCOM
SensorGetDeviceIdCOM
SensorGetFusDataCOM
SensorGetGyrDataCOM
SensorGetMagDataCOM
SensorGetPropertiesCOM
SensorGetPrxDataCOM
SensorGetThresholdsCOM
SensorOpenByInterfaceCOM
SensorPermissionsHandler
SensorPermissionsHandlerA
SensorPermissionsHandlerW
SensorRegisterEventCOM
SensorSetAccThresholdsCOM
SensorSetAlsThresholdsCOM
SensorSetAlsWithColorThresholdsCOM
SensorSetBarThresholdsCOM
SensorSetFusThresholdsCOM
SensorSetGyrThresholdsCOM
SensorSetIntervalCOM
SensorSetMagThresholdsCOM
SensorSetOrientationSensorThresholdsCOM
SensorSetThresholdsCOM
SensorStartCollectionCOM
SensorStopCOM
SensorUnregisterEventCOM

Sections

.text
Size: 289KB - Virtual size: 289KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 94KB - Virtual size: 94KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 1024B - Virtual size: 632B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
SEMgrPS/netprofmsvc.dll
.dll windows:10 windows x64 arch:x64

Password: 2024

ad45623529f9b4402c7d26b5ea54d733

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

netprofmsvc.pdb

Imports

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o__purecall
_o__register_onexit_function
_o__seh_filter_dll
_o__wcsicmp
_o__wcsnicmp
memmove
_o_abort
_o_calloc
_o_free
_o_malloc
_o_strcpy_s
_o_terminate
_o_toupper
_o_wcscat_s
_o_wcscpy_s
_o_wcstod
__C_specific_handler
__CxxFrameHandler3
_CxxThrowException
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
_o__invalid_parameter_noinfo_noreturn
_o__invalid_parameter_noinfo
_o__initialize_onexit_table
_o__initialize_narrow_environment
_o__execute_onexit_table
_o__errno
_o__crt_atexit
_o__configure_narrow_argv
_o__cexit
_o__callnewh
__std_terminate
__CxxFrameHandler4
_o___stdio_common_vswprintf
memcmp
memcpy
_o___stdio_common_vsnwprintf_s
_o___stdio_common_vsnprintf_s

api-ms-win-crt-string-l1-1-0

wcsspn
memset
wcspbrk
wcsncmp
wcsnlen

ntdll

RtlIpv4StringToAddressExW
RtlPublishWnfStateData
RtlUnsubscribeWnfNotificationWaitForCompletion
EtwEventWriteTransfer
RtlSubscribeWnfStateChangeNotification
RtlQueryWnfStateData
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
NtQueryWnfStateData
RtlIpv6StringToAddressExW
NtCreateWnfStateName
EtwEventRegister
RtlGetCurrentServiceSessionId
NtDeleteWnfStateName
EtwEventUnregister

api-ms-win-core-libraryloader-l1-2-0

DisableThreadLibraryCalls
FindResourceExW
LoadStringW
GetModuleHandleExW
GetModuleHandleW
GetModuleFileNameA
LoadLibraryExW
LoadResource
SizeofResource
FreeResource
LockResource
GetProcAddress
FreeLibrary

api-ms-win-core-synch-l1-1-0

ReleaseSemaphore
WaitForSingleObject
ReleaseMutex
WaitForSingleObjectEx
OpenSemaphoreW
CreateMutexExW
InitializeCriticalSectionEx
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
CreateEventExW
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
SetEvent
ReleaseSRWLockShared
AcquireSRWLockShared
InitializeCriticalSection
CreateEventW
TryEnterCriticalSection
InitializeCriticalSectionAndSpinCount
ResetEvent
CreateSemaphoreExW

api-ms-win-core-heap-l1-1-0

HeapFree
HeapAlloc
GetProcessHeap

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
SetLastError
UnhandledExceptionFilter
GetLastError

api-ms-win-core-processthreads-l1-1-0

GetCurrentThreadId
CreateThread
GetCurrentProcess
GetCurrentProcessId
TerminateProcess
GetProcessId

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
IsDebuggerPresent
DebugBreak

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-winrt-error-l1-1-0

RoOriginateErrorW
RoOriginateError

api-ms-win-eventing-provider-l1-1-0

EventUnregister
EventSetInformation
EventRegister
EventWriteTransfer
EventProviderEnabled

api-ms-win-eventing-classicprovider-l1-1-0

UnregisterTraceGuids
RegisterTraceGuidsW
GetTraceEnableFlags
GetTraceEnableLevel
GetTraceLoggerHandle
TraceMessage

api-ms-win-core-registry-l1-1-0

RegCreateKeyExW
RegQueryInfoKeyW
RegGetValueW
RegCloseKey
RegQueryValueExW
RegEnumKeyExW
RegSetValueExW
RegOpenKeyExW
RegNotifyChangeKeyValue
RegDeleteKeyExW
RegQueryValueExA

api-ms-win-service-core-l1-1-0

SetServiceStatus
RegisterServiceCtrlHandlerExW

api-ms-win-core-synch-l1-2-0

InitOnceComplete
Sleep
InitOnceExecuteOnce
InitOnceBeginInitialize

api-ms-win-core-util-l1-1-0

EncodePointer
DecodePointer

api-ms-win-core-com-l1-1-0

StringFromGUID2
IIDFromString
CoTaskMemFree
CoCreateInstance
CoTaskMemAlloc
CoInitializeEx
CoUninitialize
CoDisconnectContext
CoResumeClassObjects
CoRegisterClassObject
CoRevokeClassObject
CoGetCallContext
CoImpersonateClient
CoRevertToSelf
CoCreateGuid
CoSetProxyBlanket

api-ms-win-core-winrt-l1-1-0

RoRegisterActivationFactories
RoRevokeActivationFactories

api-ms-win-core-kernel32-legacy-l1-1-0

UnregisterWait

api-ms-win-core-winrt-string-l1-1-0

WindowsCreateString
WindowsStringHasEmbeddedNull
WindowsGetStringRawBuffer
WindowsIsStringEmpty
WindowsDeleteString

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetTickCount64
GetTickCount
GetLocalTime
GetSystemDirectoryW
GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-service-management-l1-1-0

OpenSCManagerW
OpenServiceW
CloseServiceHandle

api-ms-win-core-threadpool-l1-2-0

TrySubmitThreadpoolCallback
DisassociateCurrentThreadFromCallback
CloseThreadpoolCleanupGroup
CloseThreadpoolCleanupGroupMembers
WaitForThreadpoolTimerCallbacks
WaitForThreadpoolWaitCallbacks
CloseThreadpoolWork
WaitForThreadpoolWorkCallbacks
CreateThreadpoolWork
CreateThreadpoolTimer
CreateThreadpoolWait
CloseThreadpoolTimer
CloseThreadpool
SetThreadpoolThreadMaximum
SubmitThreadpoolWork
SetThreadpoolThreadMinimum
CreateThreadpool
FreeLibraryWhenCallbackReturns
CloseThreadpoolWait
CreateThreadpoolCleanupGroup
SetThreadpoolWait
SetThreadpoolTimer

api-ms-win-security-isolatedcontainer-l1-1-1

IsProcessInWDAGContainer

iphlpapi

ConvertInterfaceIndexToLuid
NotifyUnicastIpAddressChange
CloseGetIPPhysicalInterfaceForDestination
ConvertInterfaceLuidToNameW
ConvertInterfaceGuidToLuid
GetIfEntry2Ex
GetAdaptersAddresses
GetIfEntry2
CancelMibChangeNotify2
GetIfStackTable
FreeMibTable
NotifyRouteChange2
ConvertInterfaceLuidToIndex
ConvertInterfaceLuidToGuid
GetSessionCompartmentId
InternalGetIPPhysicalInterfaceForDestination
GetBestInterfaceEx
GetBestInterface

api-ms-win-core-threadpool-legacy-l1-1-0

DeleteTimerQueueTimer
DeleteTimerQueueEx
CreateTimerQueue
UnregisterWaitEx
CreateTimerQueueTimer

ws2_32

inet_addr
htons
InetNtopW
closesocket
WSAIoctl
WSAGetLastError
WSACleanup
WSAStartup
WSASocketW

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpW

api-ms-win-security-base-l1-1-0

InitializeSecurityDescriptor
AddAccessAllowedAce
InitializeAcl
GetLengthSid
SetSecurityDescriptorDacl
GetTokenInformation

wkscli

NetGetJoinInformation

netutils

NetApiBufferFree

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW

api-ms-win-core-file-l1-1-0

GetFileAttributesW
GetFileSize
ReadFile
SetFileAttributesW
CreateFileW
WriteFile
DeleteFileW

api-ms-win-core-file-l2-1-2

CopyFileW

api-ms-win-service-winsvc-l1-1-0

QueryServiceStatus

api-ms-win-core-timezone-l1-1-0

SystemTimeToFileTime

api-ms-win-security-sddl-l1-1-0

ConvertStringSidToSidW
ConvertStringSecurityDescriptorToSecurityDescriptorW

api-ms-win-core-heap-l2-1-0

LocalFree
LocalAlloc

oleaut32

SysFreeString
VariantClear
SysAllocString
VariantInit

rpcrt4

RpcStringFreeW
UuidToStringW
RpcExceptionFilter
NdrClientCall3
NdrServerCallAll
NdrServerCall2
RpcBindingSetOption
RpcBindingFromStringBindingW
RpcStringBindingComposeW
RpcEpResolveBinding
RpcBindingFree
RpcBindingVectorFree
RpcServerUseProtseqEpW
RpcBindingToStringBindingW
RpcServerUnregisterIf
RpcServerRegisterIf3
RpcStringBindingParseW
RpcEpUnregister
RpcEpRegisterW
RpcServerInqCallAttributesW
RpcServerInqBindings

api-ms-win-core-string-l1-1-0

WideCharToMultiByte
MultiByteToWideChar

dhcpcsvc

DhcpFreeLeaseInfo
DhcpQueryLeaseInfoEx
DhcpIsEnabled

winhttp

WinHttpOpen
WinHttpSetOption
WinHttpSetStatusCallback
WinHttpQueryOption
WinHttpReceiveResponse
WinHttpConnect
WinHttpOpenRequest
WinHttpSendRequest
WinHttpCloseHandle
WinHttpQueryHeaders
WinHttpCrackUrl

dnsapi

DnsFlushResolverCache

api-ms-win-service-private-l1-1-0

UnsubscribeServiceChangeNotifications
SubscribeServiceChangeNotifications

api-ms-win-security-grouppolicy-l1-1-0

UnregisterGPNotificationInternal
RegisterGPNotificationInternal
LeaveCriticalPolicySectionInternal
EnterCriticalPolicySectionInternal

api-ms-win-core-threadpool-private-l1-1-0

RegisterWaitForSingleObjectEx

combase

ord66
ord69
ord68
ord67

nlaapi

NlaRegisterQuery
NlaAddToTypeSet
NlaCreateTypeSet
NlaQueryNetSignatures
NlaCreatePluginRequests
NlaAddToPluginRequests
NlaOpenQuery
NlaRefreshQuery
NlaQueryNetDataEx
NlaDeleteTypeSet
NlaCloseQuery
NlaDeleteDataSet
NlaDeletePluginRequests
NlaQueryNetData

winnsi

NsiRpcDeregisterChangeNotification
NsiDisconnectFromServer
NsiConnectToServer
NsiRpcRegisterChangeNotification

msvcp_win

?_Xinvalid_argument@std@@YAXPEBD@Z
?_Xout_of_range@std@@YAXPEBD@Z
?_Xbad_function_call@std@@YAXXZ
?_Xlength_error@std@@YAXPEBD@Z

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

api-ms-win-stateseparation-helpers-l1-1-0

GetPersistedRegistryLocationW

ncsi

NcsiGetWebProbeConfig

Exports

Exports

DllMain
ServiceMain
SvchostPushServiceGlobalsEx

Sections

.text
Size: 668KB - Virtual size: 668KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 159KB - Virtual size: 159KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 40KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 256B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 96KB - Virtual size: 96KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
SEMgrPS/wcimage.dll
.dll windows:10 windows x64 arch:x64

f8fb756be0e3bc5854c867138bb76490

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

wcimage.pdb

Imports

api-ms-win-crt-runtime-l1-1-0

_initterm
_initterm_e

api-ms-win-crt-private-l1-1-0

_o__execute_onexit_table
_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__seh_filter_dll
memmove
_o__wcsicmp
_o__wcsnicmp
_o_calloc
_o_free
_o_malloc
_o_wcscat_s
_o_wcsncat_s
_o_wcsncpy_s
_o_wcstok_s
__C_specific_handler
_o__cexit
_o__aligned_malloc
_o__aligned_free
_o___std_type_info_destroy_list
_o__configure_narrow_argv
wcsrchr
memcmp
memcpy

api-ms-win-crt-string-l1-1-0

wcsncmp
memset
wcsnlen

api-ms-win-eventing-provider-l1-1-0

EventUnregister
EventRegister
EventSetInformation
EventWriteTransfer

api-ms-win-core-registry-l1-1-0

RegQueryInfoKeyW
RegGetKeySecurity
RegEnumValueW
RegCloseKey

api-ms-win-core-registry-l2-1-0

RegOpenKeyW
RegEnumKeyW

ntdll

RtlUpcaseUnicodeChar
RtlRunOnceComplete
RtlFindNextForwardRunClear
RtlNumberOfSetBits
RtlInitializeSRWLock
RtlReleaseSRWLockExclusive
RtlAcquireSRWLockExclusive
RtlRunOnceBeginInitialize
NtOpenFile
RtlNtStatusToDosError
RtlAdjustPrivilege
RtlFreeHeap
NtClose
RtlImpersonateSelf
RtlDosPathNameToNtPathName_U_WithStatus
RtlFreeUnicodeString
NtSetInformationFile
RtlAllocateHeap

api-ms-win-core-string-l1-1-0

CompareStringOrdinal

api-ms-win-core-sysinfo-l1-1-0

GetVersionExW
GetTickCount64
GetSystemWindowsDirectoryW
GetSystemTimeAsFileTime
GetSystemDirectoryW
GetSystemInfo

api-ms-win-core-errorhandling-l1-1-0

SetLastError
GetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter

api-ms-win-core-file-l1-1-0

CreateDirectoryW
DeleteFileW
FindFirstFileExW
SetFileInformationByHandle
SetFileAttributesW
GetFinalPathNameByHandleW
WriteFile
ReadFile
RemoveDirectoryW
FindNextFileW
GetFileAttributesW
FlushFileBuffers
GetFileSizeEx
FindClose
CreateFileW

api-ms-win-core-synch-l1-1-0

DeleteCriticalSection
LeaveCriticalSection
InitializeSRWLock
InitializeCriticalSectionAndSpinCount
EnterCriticalSection
WaitForSingleObjectEx
ReleaseSRWLockExclusive
AcquireSRWLockExclusive

api-ms-win-core-file-l2-1-0

GetFileInformationByHandleEx
CreateHardLinkW

api-ms-win-security-provider-l1-1-0

SetNamedSecurityInfoW
GetNamedSecurityInfoW
SetEntriesInAclW

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-heap-l2-1-0

LocalFree

fltlib

FilterConnectCommunicationPort
FilterInstanceClose
FilterLoad
FilterSendMessage
FilterInstanceCreate
FilterDetach
FilterAttach

api-ms-win-core-io-l1-1-0

DeviceIoControl

api-ms-win-core-threadpool-legacy-l1-1-0

QueueUserWorkItem

api-ms-win-core-synch-l1-2-0

WakeAllConditionVariable
SleepConditionVariableSRW
InitializeConditionVariable
WakeConditionVariable
Sleep

api-ms-win-core-com-l1-1-0

CoTaskMemFree

api-ms-win-core-path-l1-1-0

PathCchAddBackslash

api-ms-win-core-kernel32-legacy-l1-1-1

SetVolumeMountPointW

api-ms-win-shcore-stream-l1-1-0

SHCreateStreamOnFileW

xmllite

CreateXmlReader

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlVirtualUnwind
RtlLookupFunctionEntry

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent

api-ms-win-core-processthreads-l1-1-0

GetCurrentThread
TlsGetValue
TlsAlloc
GetCurrentProcessId
TerminateProcess
GetCurrentProcess
TlsFree
CreateThread
GetCurrentThreadId
TlsSetValue
OpenThreadToken
OpenProcessToken

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-libraryloader-l1-2-0

GetProcAddress
GetModuleHandleW

virtdisk

OpenVirtualDisk
CreateVirtualDisk
DetachVirtualDisk
AttachVirtualDisk
GetVirtualDiskPhysicalPath

wimgapi

WIMCloseHandle
WIMSetTemporaryPath
WIMApplyImage
WIMCreateFile
WIMLoadImage

drvstore

DriverStoreEnumObjectsW
DriverStoreClose
DriverStoreOpenW

api-ms-win-security-base-l1-1-0

RevertToSelf
ImpersonateSelf
FreeSid
GetSecurityDescriptorLength
AdjustTokenPrivileges
AllocateAndInitializeSid
IsValidSecurityDescriptor
DestroyPrivateObjectSecurity
MakeSelfRelativeSD
CreatePrivateObjectSecurityWithMultipleInheritance
GetSecurityDescriptorControl
SetPrivateObjectSecurityEx

api-ms-win-security-lsalookup-l2-1-0

LookupPrivilegeValueW

api-ms-win-core-file-l1-2-0

GetVolumeNameForVolumeMountPointW

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

WcCompressFile
WcCompressFileAsync
WcConvertToReparsePoint
WcCreateContainerImageFromPortableBaseLayer
WcCreateContainerImageFromWim
WcCreateContainerImageFromWimEx
WcDismountVirtualDisk
WcDismountVirtualDiskFromHandle
WcEnsurePathExists
WcExpandContainerWim
WcMountVirtualDisk
WcProcessContainerLayer
WcSetVirtualDiskAttributes
WcWaitForPendingFileCompressionOperations

Sections

.text
Size: 94KB - Virtual size: 94KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

PAGE
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 76B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
icu/iassam.dll
.dll regsvr32 windows:10 windows x64 arch:x64

b75a31238f03dd3c08927e10a3368e70

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

iassam.pdb

Imports

msvcrt

wcscspn
strtoul
_CxxThrowException
wcsncpy_s
vsprintf_s
_strnicmp
_lfind
_vsnwprintf
wcsstr
_wcsupr
??0exception@@QEAA@XZ
memmove_s
??0exception@@QEAA@AEBQEBD@Z
memcpy_s
_ultow_s
_mbschr
_wtoi64
__CxxFrameHandler3
memcpy
_onexit
_unlock
_lock
??1type_info@@UEAA@XZ
?terminate@@YAXXZ
_initterm
_amsg_exit
_XcptFilter
_wcsicmp
strcpy_s
sprintf_s
_wcsupr_s
wcscat_s
wcschr
wcstoul
wcscpy_s
?what@exception@@UEBAPEBDXZ
_purecall
swprintf_s
wcsrchr
free
_callnewh
malloc
??0exception@@QEAA@AEBQEBDH@Z
??0exception@@QEAA@AEBV0@@Z
??1exception@@UEAA@XZ
__C_specific_handler
__dllonexit
wcsncat_s
memset

atl

ord16
ord21
ord15
ord18
ord23
ord22
ord32

ntdll

RtlSubAuthoritySid
RtlEqualSid
RtlInitString
RtlAdjustPrivilege
NtAllocateLocallyUniqueId
RtlCopySid
RtlLengthSid
RtlAnsiStringToUnicodeString
RtlCopySidAndAttributesArray
RtlLengthRequiredSid
RtlFreeHeap
RtlImageNtHeader
RtlAllocateHeap
RtlRandomEx
RtlInitializeSid
RtlInitUnicodeString
RtlNtStatusToDosError
RtlCaptureContext
RtlLookupFunctionEntry
RtlSubAuthorityCountSid
RtlCompareMemory
RtlVirtualUnwind
RtlGetNtProductType

iasrad

?radiusToIAS@VSAFilter@@QEBAJPEAEKAEAVIASAttributeVector@IASTL@@@Z
?shutdown@VSAFilter@@QEAAJXZ
?initialize@VSAFilter@@QEAAJXZ
?radiusFromIAS@VSAFilter@@QEBAJPEAUIAttributesRaw@@H@Z
?radiusToIAS@VSAFilter@@QEBAJPEAUIAttributesRaw@@@Z

iassvcs

IASReportSecurityEvent
IASReportEvent
IASAllocateUniqueID
IASGetHostByName
IASAdler32
IASGlobalUnlock
IASRegisterComponent
IASGlobalLock
IASGetLocalDictionary
IASVariantChangeType

kernel32

GetModuleHandleW
GetProcAddress
LoadLibraryW
GetCurrentProcess
CloseHandle
InitializeCriticalSection
DeleteCriticalSection
K32GetModuleBaseNameW
GetCurrentProcessId
DisableThreadLibraryCalls
LocalAlloc
LocalFree
Sleep
FormatMessageA
GetModuleFileNameW
lstrlenA
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetTickCount
CreateEventW
RegisterWaitForSingleObject
UnregisterWait
FreeLibrary
TryEnterCriticalSection
SwitchToThread
GetComputerNameW
SetThreadStackGuarantee
VirtualProtect
WideCharToMultiByte
MultiByteToWideChar
GetLastError
GetCurrentThreadId
LeaveCriticalSection
EnterCriticalSection
VirtualAlloc
lstrlenW
VirtualQuery
FormatMessageW
SystemTimeToFileTime
GetComputerNameExW
FileTimeToSystemTime
InitializeCriticalSectionAndSpinCount
GetTimeZoneInformation
WaitForSingleObject
SetEvent
CreateThread
CreateEventA
GetSystemInfo

advapi32

LsaFreeMemory
LsaQueryInformationPolicy
LsaOpenPolicy
LsaClose
SystemFunction009
SystemFunction017
SystemFunction019
SystemFunction008
CreateWellKnownSid
GetTokenInformation
GetSidSubAuthority
GetSidSubAuthorityCount
GetSidIdentifierAuthority
GetLengthSid
IsValidSid
RegEnumKeyExW
RegSetValueExW
RegQueryValueExW
RegOpenKeyExW
ConvertStringSidToSidW
ConvertSidToStringSidW
RegOpenKeyW
RegisterEventSourceW
ReportEventW
RegQueryInfoKeyW
RegNotifyChangeKeyValue
RegDeleteKeyW
CloseServiceHandle
OpenSCManagerA
TraceMessage
QueryServiceStatusEx
OpenServiceA
UnregisterTraceGuids
RegisterTraceGuidsW
GetTraceEnableFlags
GetTraceEnableLevel
GetTraceLoggerHandle
DeregisterEventSource
RegCreateKeyExW
RegCloseKey

netutils

NetApiBufferFree

logoncli

DsGetDcNameW
DsGetDcCloseW
DsGetDcNextW
DsGetDcOpenW

ntdsapi

DsFreeNameResultW
DsBindW
DsUnBindW
DsBindWithCredA
DsCrackNamesW

oleaut32

SysAllocStringLen
VariantClear
LoadRegTypeLi
SetErrorInfo
SafeArrayAccessData
SafeArrayCreate
SafeArrayUnaccessData
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayPtrOfIndex
SafeArrayGetDim
SafeArrayRedim
VariantInit
VariantTimeToSystemTime

rtutils

TraceDeregisterW
TraceVprintfExA
TraceRegisterExW

wldap32

ord224
ord77
ord203
ord12
ord147
ord18
ord36
ord41
ord140
ord13
ord145
ord16
ord14
ord88
ord73
ord127
ord167
ord142
ord133
ord26
ord79
ord312

ws2_32

ntohs
FreeAddrInfoW
htonl
WSAGetLastError
GetNameInfoW

rpcrt4

NdrDllRegisterProxy
NdrDllGetClassObject
NdrDllCanUnloadNow
NdrCStdStubBuffer_Release
CStdStubBuffer_Invoke
IUnknown_AddRef_Proxy
CStdStubBuffer_DebugServerQueryInterface
CStdStubBuffer_DebugServerRelease
NdrOleFree
CStdStubBuffer_AddRef
IUnknown_Release_Proxy
CStdStubBuffer_CountRefs
CStdStubBuffer_QueryInterface
NdrOleAllocate
NdrDllUnregisterProxy
CStdStubBuffer_Disconnect
CStdStubBuffer_Connect
CStdStubBuffer_IsIIDSupported
IUnknown_QueryInterface_Proxy

api-ms-win-core-com-l1-1-0

CoTaskMemFree
CoTaskMemAlloc
CoCreateInstance

api-ms-win-core-com-midlproxystub-l1-1-0

ObjectStublessClient4
ObjectStublessClient5
ObjectStublessClient3

samlib

SamRidToSid
SamLookupDomainInSamServer
SamConnect
SamiChangePasswordUser
SamGetAliasMembership
SamCloseHandle
SamFreeMemory
SamQueryInformationUser
SamOpenUser
SamOpenDomain
SamLookupNamesInDomain
SamiChangePasswordUser2
SamGetGroupsForUser

bcrypt

BCryptHashData
BCryptDestroyHash
BCryptFinishHash
BCryptCreateHash

sspicli

LsaUnregisterPolicyChangeNotification
LsaLookupAuthenticationPackage
LsaCallAuthenticationPackage
LsaLogonUser
LsaRegisterPolicyChangeNotification
LsaFreeReturnBuffer
LsaDeregisterLogonProcess
LsaRegisterLogonProcess

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
IASParmsQueryUserProperty

Sections

.text
Size: 173KB - Virtual size: 173KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 64KB - Virtual size: 63KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
icu/icu.dll
.dll windows:10 windows x64 arch:x64

e932e3f0df205f2040dca6c08ecc3666

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

icu.pdb

Imports

api-ms-win-crt-runtime-l1-1-0

_initterm
_initterm_e

api-ms-win-crt-private-l1-1-0

_o__callnewh
_o__cexit
_o__configure_narrow_argv
_o__crt_atexit
_o__dsign
_o__dtest
_o__execute_onexit_table
_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__purecall
_o__register_onexit_function
_o__seh_filter_dll
memmove
_o___timezone
_o__wcsicmp
_o_abort
_o_asin
_o_atan
_o_atan2
_o_atoi
_o_atol
_o_ceil
_o_cos
_o_floor
_o_fmod
_o_free
_o_isspace
_o_log
_o_malloc
_o_pow
_o_qsort
_o_realloc
_o_round
_o_sin
_o_sqrt
_o_strtod
_o_strtol
_o_strtoul
_o_tan
__C_specific_handler
_o___stdio_common_vswprintf
_o___stdio_common_vsprintf
_o___std_type_info_name
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
__RTDynamicCast
strchr
__std_type_info_compare
__RTtypeid
strstr
strrchr
_CxxThrowException
memcmp
memcpy

api-ms-win-crt-string-l1-1-0

strncpy
strcmp
memset
strncmp

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-processthreads-l1-1-0

TerminateProcess
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId

api-ms-win-core-sysinfo-l1-1-0

GetSystemWindowsDirectoryW
GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetLastError

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

msvcp_win

_Mtx_lock
?__ExceptionPtrDestroy@@YAXPEAX@Z
_Mtx_destroy_in_situ
?_XGetLastError@std@@YAXXZ
?_Throw_C_error@std@@YAXH@Z
?_Execute_once@std@@YAHAEAUonce_flag@1@P6AHPEAX1PEAPEAX@Z1@Z
?__ExceptionPtrCopy@@YAXPEAXPEBX@Z
_Cnd_init_in_situ
?__ExceptionPtrCreate@@YAXPEAX@Z
?__ExceptionPtrRethrow@@YAXPEBX@Z
_Mtx_init_in_situ
_Cnd_wait
_Mtx_unlock
_Cnd_broadcast
_Cnd_destroy_in_situ
?__ExceptionPtrToBool@@YA_NPEBX@Z

api-ms-win-crt-utility-l1-1-0

div

api-ms-win-crt-math-l1-1-0

trunc

api-ms-win-core-localization-l1-2-0

ResolveLocaleName
LocaleNameToLCID
GetLocaleInfoEx
GetUserGeoID
GetGeoInfoW

api-ms-win-core-timezone-l1-1-0

GetTimeZoneInformation
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
GetDynamicTimeZoneInformation

api-ms-win-core-localization-l1-2-2

LCIDToLocaleName

api-ms-win-core-file-l1-1-0

CreateFileW

api-ms-win-core-memory-l1-1-0

UnmapViewOfFile
CreateFileMappingW
MapViewOfFile

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-processenvironment-l1-1-0

GetEnvironmentVariableW

api-ms-win-core-datetime-l1-1-1

GetDateFormatEx
GetTimeFormatEx

api-ms-win-core-localization-l2-1-0

GetNumberFormatEx
GetCurrencyFormatEx

Exports

Exports

UCNV_FROM_U_CALLBACK_ESCAPE
UCNV_FROM_U_CALLBACK_SKIP
UCNV_FROM_U_CALLBACK_STOP
UCNV_FROM_U_CALLBACK_SUBSTITUTE
UCNV_TO_U_CALLBACK_ESCAPE
UCNV_TO_U_CALLBACK_SKIP
UCNV_TO_U_CALLBACK_STOP
UCNV_TO_U_CALLBACK_SUBSTITUTE
u_UCharsToChars
u_austrcpy
u_austrncpy
u_catclose
u_catgets
u_catopen
u_charAge
u_charDigitValue
u_charDirection
u_charFromName
u_charMirror
u_charName
u_charType
u_charsToUChars
u_cleanup
u_countChar32
u_digit
u_enumCharNames
u_enumCharTypes
u_errorName
u_foldCase
u_forDigit
u_formatMessage
u_formatMessageWithError
u_getBidiPairedBracket
u_getCombiningClass
u_getDataVersion
u_getFC_NFKC_Closure
u_getIntPropertyMaxValue
u_getIntPropertyMinValue
u_getIntPropertyValue
u_getNumericValue
u_getPropertyEnum
u_getPropertyName
u_getPropertyValueEnum
u_getPropertyValueName
u_getUnicodeVersion
u_getVersion
u_hasBinaryProperty
u_init
u_isIDIgnorable
u_isIDPart
u_isIDStart
u_isISOControl
u_isJavaIDPart
u_isJavaIDStart
u_isJavaSpaceChar
u_isMirrored
u_isUAlphabetic
u_isULowercase
u_isUUppercase
u_isUWhiteSpace
u_isWhitespace
u_isalnum
u_isalpha
u_isbase
u_isblank
u_iscntrl
u_isdefined
u_isdigit
u_isgraph
u_islower
u_isprint
u_ispunct
u_isspace
u_istitle
u_isupper
u_isxdigit
u_memcasecmp
u_memchr
u_memchr32
u_memcmp
u_memcmpCodePointOrder
u_memcpy
u_memmove
u_memrchr
u_memrchr32
u_memset
u_parseMessage
u_parseMessageWithError
u_setMemoryFunctions
u_shapeArabic
u_strCaseCompare
u_strCompare
u_strCompareIter
u_strFindFirst
u_strFindLast
u_strFoldCase
u_strFromJavaModifiedUTF8WithSub
u_strFromUTF32
u_strFromUTF32WithSub
u_strFromUTF8
u_strFromUTF8Lenient
u_strFromUTF8WithSub
u_strFromWCS
u_strHasMoreChar32Than
u_strToJavaModifiedUTF8
u_strToLower
u_strToTitle
u_strToUTF32
u_strToUTF32WithSub
u_strToUTF8
u_strToUTF8WithSub
u_strToUpper
u_strToWCS
u_strcasecmp
u_strcat
u_strchr
u_strchr32
u_strcmp
u_strcmpCodePointOrder
u_strcpy
u_strcspn
u_strlen
u_strncasecmp
u_strncat
u_strncmp
u_strncmpCodePointOrder
u_strncpy
u_strpbrk
u_strrchr
u_strrchr32
u_strrstr
u_strspn
u_strstr
u_strtok_r
u_tolower
u_totitle
u_toupper
u_uastrcpy
u_uastrncpy
u_unescape
u_unescapeAt
u_versionFromString
u_versionFromUString
u_versionToString
u_vformatMessage
u_vformatMessageWithError
u_vparseMessage
u_vparseMessageWithError
ubidi_close
ubidi_countParagraphs
ubidi_countRuns
ubidi_getBaseDirection
ubidi_getClassCallback
ubidi_getCustomizedClass
ubidi_getDirection
ubidi_getLength
ubidi_getLevelAt
ubidi_getLevels
ubidi_getLogicalIndex
ubidi_getLogicalMap
ubidi_getLogicalRun
ubidi_getParaLevel
ubidi_getParagraph
ubidi_getParagraphByIndex
ubidi_getProcessedLength
ubidi_getReorderingMode
ubidi_getReorderingOptions
ubidi_getResultLength
ubidi_getText
ubidi_getVisualIndex
ubidi_getVisualMap
ubidi_getVisualRun
ubidi_invertMap
ubidi_isInverse
ubidi_isOrderParagraphsLTR
ubidi_open
ubidi_openSized
ubidi_orderParagraphsLTR
ubidi_reorderLogical
ubidi_reorderVisual
ubidi_setClassCallback
ubidi_setContext
ubidi_setInverse
ubidi_setLine
ubidi_setPara
ubidi_setReorderingMode
ubidi_setReorderingOptions
ubidi_writeReordered
ubidi_writeReverse
ubiditransform_close
ubiditransform_open
ubiditransform_transform
ublock_getCode
ubrk_close
ubrk_countAvailable
ubrk_current
ubrk_first
ubrk_following
ubrk_getAvailable
ubrk_getBinaryRules
ubrk_getLocaleByType
ubrk_getRuleStatus
ubrk_getRuleStatusVec
ubrk_isBoundary
ubrk_last
ubrk_next
ubrk_open
ubrk_openBinaryRules
ubrk_openRules
ubrk_preceding
ubrk_previous
ubrk_refreshUText
ubrk_safeClone
ubrk_setText
ubrk_setUText
ucal_add
ucal_clear
ucal_clearField
ucal_clone
ucal_close
ucal_countAvailable
ucal_equivalentTo
ucal_get
ucal_getAttribute
ucal_getAvailable
ucal_getCanonicalTimeZoneID
ucal_getDSTSavings
ucal_getDayOfWeekType
ucal_getDefaultTimeZone
ucal_getFieldDifference
ucal_getGregorianChange
ucal_getKeywordValuesForLocale
ucal_getLimit
ucal_getLocaleByType
ucal_getMillis
ucal_getNow
ucal_getTZDataVersion
ucal_getTimeZoneDisplayName
ucal_getTimeZoneID
ucal_getTimeZoneIDForWindowsID
ucal_getTimeZoneTransitionDate
ucal_getType
ucal_getWeekendTransition
ucal_getWindowsTimeZoneID
ucal_inDaylightTime
ucal_isSet
ucal_isWeekend
ucal_open
ucal_openCountryTimeZones
ucal_openTimeZoneIDEnumeration
ucal_openTimeZones
ucal_roll
ucal_set
ucal_setAttribute
ucal_setDate
ucal_setDateTime
ucal_setDefaultTimeZone
ucal_setGregorianChange
ucal_setMillis
ucal_setTimeZone
ucasemap_close
ucasemap_getBreakIterator
ucasemap_getLocale
ucasemap_getOptions
ucasemap_open
ucasemap_setBreakIterator
ucasemap_setLocale
ucasemap_setOptions
ucasemap_toTitle
ucasemap_utf8FoldCase
ucasemap_utf8ToLower
ucasemap_utf8ToTitle
ucasemap_utf8ToUpper
ucnv_cbFromUWriteBytes
ucnv_cbFromUWriteSub
ucnv_cbFromUWriteUChars
ucnv_cbToUWriteSub
ucnv_cbToUWriteUChars
ucnv_close
ucnv_compareNames
ucnv_convert
ucnv_convertEx
ucnv_countAliases
ucnv_countAvailable
ucnv_countStandards
ucnv_detectUnicodeSignature
ucnv_fixFileSeparator
ucnv_flushCache
ucnv_fromAlgorithmic
ucnv_fromUChars
ucnv_fromUCountPending
ucnv_fromUnicode
ucnv_getAlias
ucnv_getAliases
ucnv_getAvailableName
ucnv_getCCSID
ucnv_getCanonicalName
ucnv_getDefaultName
ucnv_getDisplayName
ucnv_getFromUCallBack
ucnv_getInvalidChars
ucnv_getInvalidUChars
ucnv_getMaxCharSize
ucnv_getMinCharSize
ucnv_getName
ucnv_getNextUChar
ucnv_getPlatform
ucnv_getStandard
ucnv_getStandardName
ucnv_getStarters
ucnv_getSubstChars
ucnv_getToUCallBack
ucnv_getType
ucnv_getUnicodeSet
ucnv_isAmbiguous
ucnv_isFixedWidth
ucnv_open
ucnv_openAllNames
ucnv_openCCSID
ucnv_openPackage
ucnv_openStandardNames
ucnv_openU
ucnv_reset
ucnv_resetFromUnicode
ucnv_resetToUnicode
ucnv_safeClone
ucnv_setDefaultName
ucnv_setFallback
ucnv_setFromUCallBack
ucnv_setSubstChars
ucnv_setSubstString
ucnv_setToUCallBack
ucnv_toAlgorithmic
ucnv_toUChars
ucnv_toUCountPending
ucnv_toUnicode
ucnv_usesFallback
ucnvsel_close
ucnvsel_open
ucnvsel_openFromSerialized
ucnvsel_selectForString
ucnvsel_selectForUTF8
ucnvsel_serialize
ucol_cloneBinary
ucol_close
ucol_closeElements
ucol_countAvailable
ucol_equal
ucol_getAttribute
ucol_getAvailable
ucol_getBound
ucol_getContractionsAndExpansions
ucol_getDisplayName
ucol_getEquivalentReorderCodes
ucol_getFunctionalEquivalent
ucol_getKeywordValues
ucol_getKeywordValuesForLocale
ucol_getKeywords
ucol_getLocaleByType
ucol_getMaxExpansion
ucol_getMaxVariable
ucol_getOffset
ucol_getReorderCodes
ucol_getRules
ucol_getRulesEx
ucol_getSortKey
ucol_getStrength
ucol_getTailoredSet
ucol_getUCAVersion
ucol_getVariableTop
ucol_getVersion
ucol_greater
ucol_greaterOrEqual
ucol_keyHashCode
ucol_mergeSortkeys
ucol_next
ucol_nextSortKeyPart
ucol_open
ucol_openAvailableLocales
ucol_openBinary
ucol_openElements
ucol_openRules
ucol_previous
ucol_primaryOrder
ucol_reset
ucol_safeClone
ucol_secondaryOrder
ucol_setAttribute
ucol_setMaxVariable
ucol_setOffset
ucol_setReorderCodes
ucol_setStrength
ucol_setText
ucol_strcoll
ucol_strcollIter
ucol_strcollUTF8
ucol_tertiaryOrder
ucsdet_close
ucsdet_detect
ucsdet_detectAll
ucsdet_enableInputFilter
ucsdet_getAllDetectableCharsets
ucsdet_getConfidence
ucsdet_getLanguage
ucsdet_getName
ucsdet_getUChars
ucsdet_isInputFilterEnabled
ucsdet_open
ucsdet_setDeclaredEncoding
ucsdet_setText
ucurr_countCurrencies
ucurr_forLocale
ucurr_forLocaleAndDate
ucurr_getDefaultFractionDigits
ucurr_getDefaultFractionDigitsForUsage
ucurr_getKeywordValuesForLocale
ucurr_getName
ucurr_getNumericCode
ucurr_getPluralName
ucurr_getRoundingIncrement
ucurr_getRoundingIncrementForUsage
ucurr_isAvailable
ucurr_openISOCurrencies
ucurr_register
ucurr_unregister
udat_adoptNumberFormat
udat_adoptNumberFormatForFields
udat_applyPattern
udat_clone
udat_close
udat_countAvailable
udat_countSymbols
udat_format
udat_formatCalendar
udat_formatCalendarForFields
udat_formatForFields
udat_get2DigitYearStart
udat_getAvailable
udat_getBooleanAttribute
udat_getCalendar
udat_getContext
udat_getLocaleByType
udat_getNumberFormat
udat_getNumberFormatForField
udat_getSymbols
udat_isLenient
udat_open
udat_parse
udat_parseCalendar
udat_set2DigitYearStart
udat_setBooleanAttribute
udat_setCalendar
udat_setContext
udat_setLenient
udat_setNumberFormat
udat_setSymbols
udat_toCalendarDateField
udat_toPattern
udatpg_addPattern
udatpg_clone
udatpg_close
udatpg_getAppendItemFormat
udatpg_getAppendItemName
udatpg_getBaseSkeleton
udatpg_getBestPattern
udatpg_getBestPatternWithOptions
udatpg_getDateTimeFormat
udatpg_getDecimal
udatpg_getFieldDisplayName
udatpg_getPatternForSkeleton
udatpg_getSkeleton
udatpg_open
udatpg_openBaseSkeletons
udatpg_openEmpty
udatpg_openSkeletons
udatpg_replaceFieldTypes
udatpg_replaceFieldTypesWithOptions
udatpg_setAppendItemFormat
udatpg_setAppendItemName
udatpg_setDateTimeFormat
udatpg_setDecimal
udtitvfmt_close
udtitvfmt_format
udtitvfmt_open
uenum_close
uenum_count
uenum_next
uenum_openCharStringsEnumeration
uenum_openUCharStringsEnumeration
uenum_reset
uenum_unext
ufieldpositer_close
ufieldpositer_next
ufieldpositer_open
ufmt_close
ufmt_getArrayItemByIndex
ufmt_getArrayLength
ufmt_getDate
ufmt_getDecNumChars
ufmt_getDouble

Sections

.text
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 586KB - Virtual size: 585KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 40KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 66KB - Virtual size: 66KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
icu/mtxoci.dll
.dll regsvr32 windows:10 windows x64 arch:x64

d675dfd5bee6a2b7d70a36dfe19f5218

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

MTxOCI.pdb

Imports

api-ms-win-core-com-l1-1-0

CoGetObjectContext
CoTaskMemFree
CoCreateInstance
StringFromGUID2
CoTaskMemAlloc

api-ms-win-core-synch-l1-1-0

CreateEventA
InitializeCriticalSectionAndSpinCount
ResetEvent
WaitForSingleObjectEx
SetEvent
WaitForSingleObject
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection

rpcrt4

UuidCreate
UuidToStringA
RpcStringFreeA

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
GetLastError
SetUnhandledExceptionFilter

api-ms-win-core-sysinfo-l1-1-0

GetSystemWindowsDirectoryA
GetSystemDirectoryA
GetTickCount
GetSystemTimeAsFileTime
GetLocalTime

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
IsDebuggerPresent
DebugBreak
OutputDebugStringA

api-ms-win-core-libraryloader-l1-2-0

FindResourceExW
LockResource
LoadStringW
FreeLibrary
GetProcAddress
GetModuleHandleW
LoadResource
LoadLibraryExW
GetModuleFileNameW
LoadLibraryExA

api-ms-win-core-registry-l1-1-0

RegQueryValueExA
RegOpenKeyExW
RegCloseKey
RegCreateKeyExA
RegSetValueExA
RegOpenKeyExA
RegQueryValueExW
RegSetValueExW

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsA
GetCommandLineA
ExpandEnvironmentStringsW

api-ms-win-core-processthreads-l1-1-0

TlsFree
TlsGetValue
TlsAlloc
GetExitCodeProcess
GetCurrentProcess
TerminateProcess
TerminateThread
CreateProcessW
ExitThread
GetCurrentThreadId
GetCurrentProcessId
OpenProcessToken

api-ms-win-core-heap-l1-1-0

HeapFree
HeapAlloc
GetProcessHeap

msvcrt

free
_beginthreadex
malloc
printf
strchr
_vsnprintf
_callnewh
__CxxFrameHandler3
_lock
__C_specific_handler
_unlock
__dllonexit
_onexit
?terminate@@YAXXZ
?what@exception@@UEBAPEBDXZ
_amsg_exit
_wfopen
??1type_info@@UEAA@XZ
_purecall
_initterm
_CxxThrowException
_local_unwind
memcpy
_XcptFilter
_vsnwprintf
_wcsicmp
_stricmp
fopen
fflush
fclose
fprintf
fwprintf
wcsrchr
_waccess
??1exception@@UEAA@XZ
??0exception@@QEAA@AEBQEBDH@Z
??0exception@@QEAA@AEBV0@@Z
memset

ntdll

RtlVirtualUnwind
RtlReportException
RtlLookupFunctionEntry
RtlCaptureContext

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-file-l1-1-0

DeleteFileW
GetFullPathNameW
CreateFileW
CreateDirectoryW
FindNextFileW
FindFirstFileW
SetFileAttributesW
FindClose

api-ms-win-core-psapi-l1-1-0

QueryFullProcessImageNameW

api-ms-win-core-string-l1-1-0

MultiByteToWideChar

api-ms-win-core-version-l1-1-0

VerQueryValueW

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-heap-l2-1-0

LocalFree
LocalAlloc

api-ms-win-security-base-l1-1-0

GetTokenInformation

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

kernel32

UnregisterWaitEx
QueueUserWorkItem

Exports

Exports

DllRegisterServer
DllUnregisterServer
Enlist
GetXaSwitch
MTxOciGetVersion
MTxOciInit
MTxOciRegisterCursor
MTxolog
obindps
obndra
obndrn
obndrv
obreak
ocan
oclose
ocof
ocom
ocon
odefin
odefinps
odescr
odessp
oerhms
oermsg
oexec
oexfet
oexn
ofen
ofetch
oflng
ogetpi
olog
ologTransacted
ologof
oopen
oopt
oparse
opinit
orol
osetpi

Sections

.text
Size: 80KB - Virtual size: 80KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 51KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 600B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
icu/oledlg.dll
.dll windows:10 windows x64 arch:x64

a5298af77eae9772ff5903c5760e539b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

oledlg.pdb

Imports

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o__purecall
_o__register_onexit_function
_o__resetstkoflw
_o__seh_filter_dll
_o__stricmp
_o__wcsicmp
memmove
_o_free
_o_iswalpha
_o_malloc
__C_specific_handler
_o__execute_onexit_table
_o__errno
_o__crt_atexit
_o__configure_narrow_argv
_o__cexit
_o__callnewh
_o__invalid_parameter_noinfo
_o__initialize_onexit_table
_o__initialize_narrow_environment
_o___stdio_common_vswprintf
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
wcschr
__CxxFrameHandler3
_CxxThrowException
memcmp
memcpy

api-ms-win-crt-string-l1-1-0

wcsncmp
memset

ntdll

EtwTraceMessage
NtQuerySystemInformationEx
EtwEventWriteTransfer
RtlAllocateHeap
RtlImageNtHeader
NtQuerySecurityAttributesToken
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
RtlFreeHeap

kernel32

VirtualQuery
SetThreadStackGuarantee
GetSystemInfo
VirtualAlloc
VirtualProtect
GetProcessHeap
DeleteCriticalSection
AcquireSRWLockShared
CreateMutexExW
HeapAlloc
CreateThreadpoolTimer
ReleaseSRWLockShared
SetThreadpoolTimer
OpenSemaphoreW
InitOnceBeginInitialize
CreateSemaphoreExW
HeapFree
EnterCriticalSection
ReleaseSemaphore
LeaveCriticalSection
InitializeCriticalSectionEx
WaitForThreadpoolTimerCallbacks
ReleaseMutex
MulDiv
GetFileType
CreateFileW
FindNextFileW
ResetEvent
CloseHandle
CreateEventW
WaitForSingleObject
DebugBreak
OutputDebugStringW
GetLastError
FormatMessageW
GetModuleHandleExW
SetLastError
GetModuleFileNameA
LoadLibraryExW
FindResourceW
LoadResource
LockResource
IsBadStringPtrW
IsBadReadPtr
IsBadCodePtr
IsBadWritePtr
GlobalSize
GetDateFormatW
GetSystemTime
SystemTimeToFileTime
GetTimeFormatW
FileTimeToLocalFileTime
GetNumberFormatW
FileTimeToSystemTime
LocalFileTimeToFileTime
GetLocaleInfoW
CompareFileTime
GetProcAddress
GetCurrentDirectoryW
LoadLibraryW
GetFileAttributesW
GetFullPathNameW
FindClose
GetShortPathNameW
SearchPathW
FindFirstFileW
CompareStringW
GlobalUnlock
FreeLibrary
LocalFree
GlobalLock
GlobalFree
GlobalAlloc
GetVersion
LocalAlloc
WideCharToMultiByte
MultiByteToWideChar
TerminateProcess
GetCurrentProcess
GetModuleHandleW
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsDebuggerPresent
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
DisableThreadLibraryCalls
ReleaseSRWLockExclusive
CloseThreadpoolTimer
GetCurrentThread
InitOnceComplete
WaitForSingleObjectEx
AcquireSRWLockExclusive

user32

ReleaseDC
DialogBoxParamW
RegisterWindowMessageW
CreateIcon
SetWindowWord
GetWindowWord
CharLowerW
SetCursor
ShowCursor
DefWindowProcW
SetWindowLongPtrW
UnregisterClassW
GetWindowLongPtrW
RegisterClassW
LoadBitmapW
LoadCursorW
BeginPaint
EndPaint
GetWindowLongW
DialogBoxIndirectParamW
RegisterClipboardFormatW
SetClipboardViewer
ChangeClipboardChain
GetForegroundWindow
GetWindowTextLengthW
IsWindowEnabled
GetDlgItemInt
SetDlgItemInt
MessageBoxW
GetWindowInfo
CheckDlgButton
SetWindowLongW
GetFocus
GetSystemMetrics
DrawIcon
DestroyIcon
DrawFocusRect
SetFocus
DestroyWindow
SetWindowPos
CheckRadioButton
CharPrevW
MapWindowPoints
GetDialogBaseUnits
IsDlgButtonChecked
GetClipboardFormatNameW
UpdateWindow
InvalidateRect
EnableWindow
GetWindowThreadProcessId
GetLastActivePopup
GetWindow
IsWindowVisible
GetDesktopWindow
GetParent
SetForegroundWindow
IsIconic
GetWindowTextW
PostMessageW
GetWindowRect
GetMenu
InflateRect
GetDC
GetPropW
FillRect
CreateWindowExW
DeleteMenu
ScreenToClient
SendMessageW
EndDialog
RemovePropW
SetWindowTextW
CreatePopupMenu
LoadStringW
GetActiveWindow
ShowWindow
IsWindow
DispatchMessageW
SetTimer
IsDialogMessageW
PeekMessageW
SetDlgItemTextW
GetDlgItemTextW
SendDlgItemMessageW
GetSysColor
DestroyMenu
CharNextW
SetPropW
TranslateMessage
LoadIconW
DrawMenuBar
InsertMenuW
GetClientRect
GetDlgItem
KillTimer

gdi32

GetTextExtentPointW
GetBkColor
UnrealizeObject
SetBrushOrgEx
CreateBitmap
SetMapMode
RestoreDC
EnumMetaFile
BitBlt
CreateCompatibleBitmap
CreateCompatibleDC
GetLayout
GetDeviceCaps
DeleteDC
GetObjectW
SelectObject
GetStockObject
GetTextMetricsW
SetTextColor
SetBkMode
SetBkColor
ExtTextOutW
GetMetaFileBitsEx
DeleteObject
CreateSolidBrush
CreateICW
SetDIBits
SaveDC
PlayMetaFileRecord
GetBitmapBits
SetViewportExtEx
SetViewportOrgEx
PlayMetaFile

advapi32

RegEnumKeyExW
RegLoadMUIStringW
EventWriteTransfer
RegQueryValueW
RegNotifyChangeKeyValue
EventRegister
EventSetInformation
RegOpenUserClassesRoot
OpenProcessToken
SetThreadToken
RegOpenKeyExW
RegGetValueW
EventUnregister
ConvertSidToStringSidW
OpenThreadToken
GetTokenInformation
RegCloseKey

ole32

OleGetIconOfFile
OleCreateFromFile
GetClassFile
OleMetafilePictFromIconAndLabel
OleRegGetUserType
CLSIDFromString
CoGetTreatAsClass
OleGetIconOfClass
StringFromGUID2
OleDuplicateData
OleCreateLinkToFile
OleQueryLinkFromData
OleGetClipboard
ReleaseStgMedium
CLSIDFromProgID
CoCreateInstance
IIDFromString
OleQueryCreateFromData
CoGetMalloc
CoTaskMemFree
CoTaskMemRealloc
OleCreate

api-ms-win-core-winrt-string-l1-1-0

WindowsDuplicateString
WindowsDeleteString
WindowsGetStringRawBuffer
WindowsCreateString

api-ms-win-core-wow64-l1-1-1

Wow64SetThreadDefaultGuestMachine

Exports

Exports

OleUIAddVerbMenuA
OleUIAddVerbMenuW
OleUIBusyA
OleUIBusyW
OleUICanConvertOrActivateAs
OleUIChangeIconA
OleUIChangeIconW
OleUIChangeSourceA
OleUIChangeSourceW
OleUIConvertA
OleUIConvertW
OleUIEditLinksA
OleUIEditLinksW
OleUIInsertObjectA
OleUIInsertObjectW
OleUIObjectPropertiesA
OleUIObjectPropertiesW
OleUIPasteSpecialA
OleUIPasteSpecialW
OleUIPromptUserA
OleUIPromptUserW
OleUIUpdateLinksA
OleUIUpdateLinksW

Sections

.text
Size: 151KB - Virtual size: 151KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 30KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 528B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
mscms/NPSM.dll
.dll windows:10 windows x64 arch:x64

4004c0a0bb2b5158cf0f1819716be35f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

NPSM.pdb

Imports

msvcrt

__dllonexit
_unlock
_lock
memcpy
_CxxThrowException
??1type_info@@UEAA@XZ
_onexit
_initterm
__CxxFrameHandler3
_callnewh
malloc
free
?what@exception@@UEBAPEBDXZ
_amsg_exit
_XcptFilter
?terminate@@YAXXZ
memset
__C_specific_handler
memmove
??3@YAXPEAX@Z
??0exception@@QEAA@AEBQEBDH@Z
_purecall
_vsnwprintf
??_V@YAXPEAX@Z
memcpy_s
??1exception@@UEAA@XZ
??0exception@@QEAA@XZ
??0exception@@QEAA@AEBV0@@Z
_vsnprintf_s
difftime
time
wcschr
??0exception@@QEAA@AEBQEBD@Z
wcscmp

api-ms-win-core-synch-l1-2-0

Sleep
WakeByAddressAll
WaitOnAddress
InitOnceComplete
InitOnceBeginInitialize
InitOnceExecuteOnce

api-ms-win-core-winrt-string-l1-1-0

WindowsStringHasEmbeddedNull
WindowsDeleteString
WindowsCreateString
WindowsCreateStringReference
WindowsGetStringRawBuffer
WindowsIsStringEmpty

api-ms-win-core-util-l1-1-0

EncodePointer
DecodePointer

api-ms-win-eventing-obsolete-l1-1-0

RegisterTraceGuidsA

api-ms-win-eventing-classicprovider-l1-1-0

GetTraceEnableFlags
UnregisterTraceGuids
TraceMessage
GetTraceLoggerHandle
GetTraceEnableLevel

api-ms-win-core-winrt-error-l1-1-0

RoOriginateErrorW
RoOriginateError
RoTransformError

api-ms-win-core-synch-l1-1-0

InitializeSRWLock
CreateSemaphoreExW
WaitForSingleObject
SetEvent
ReleaseMutex
CreateEventW
ReleaseSRWLockExclusive
WaitForSingleObjectEx
OpenSemaphoreW
AcquireSRWLockShared
EnterCriticalSection
LeaveCriticalSection
CreateMutexExW
ReleaseSRWLockShared
AcquireSRWLockExclusive
InitializeCriticalSectionEx
DeleteCriticalSection
ReleaseSemaphore

api-ms-win-core-libraryloader-l1-2-0

GetProcAddress
GetModuleHandleW
GetModuleFileNameA
FreeLibrary
GetModuleHandleExW
DisableThreadLibraryCalls

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-processthreads-l1-1-0

GetCurrentThreadId
GetCurrentProcessId
GetProcessId
TerminateProcess
OpenProcessToken
ProcessIdToSessionId
GetCurrentProcess

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind

api-ms-win-core-errorhandling-l1-1-0

SetLastError
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetLastError
RaiseException

api-ms-win-core-com-l1-1-0

CoIncrementMTAUsage
CoResumeClassObjects
CoInitializeEx
CoCreateFreeThreadedMarshaler
CoRegisterClassObject
CoCreateInstance
CoGetCallContext
CoDecrementMTAUsage
CoTaskMemRealloc
CoSetProxyBlanket
CoImpersonateClient
CoUninitialize
CoTaskMemFree
CoDisableCallCancellation
CoRevokeClassObject
CoTaskMemAlloc
CoGetMalloc
CLSIDFromString
CoRevertToSelf
CoCancelCall
CoEnableCallCancellation
CoDisconnectContext

ntdll

RtlFreeHeap
NtQueryInformationToken
RtlInitUnicodeString
RtlEqualSid
RtlAllocateHeap
RtlNtStatusToDosErrorNoTeb
RtlCompareUnicodeString
RtlQueryPackageClaims
RtlPublishWnfStateData

api-ms-win-core-winrt-l1-1-0

RoRegisterActivationFactories
RoRevokeActivationFactories
RoGetActivationFactory

api-ms-win-eventing-provider-l1-1-0

EventUnregister
EventSetInformation
EventActivityIdControl
EventWriteTransfer
EventRegister

api-ms-win-core-heap-l1-1-0

HeapFree
GetProcessHeap
HeapAlloc

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

DebugBreak
OutputDebugStringW
IsDebuggerPresent

api-ms-win-core-handle-l1-1-0

DuplicateHandle
CloseHandle

api-ms-win-service-core-l1-1-0

RegisterServiceCtrlHandlerExW
SetServiceStatus

api-ms-win-power-setting-l1-1-0

PowerSettingRegisterNotification
PowerSettingUnregisterNotification

api-ms-win-core-kernel32-legacy-l1-1-0

UnregisterWait

api-ms-win-core-string-l1-1-0

CompareStringOrdinal

api-ms-win-core-threadpool-l1-2-0

CloseThreadpoolWait
WaitForThreadpoolWaitCallbacks
CreateThreadpoolTimer
CloseThreadpoolTimer
FreeLibraryWhenCallbackReturns
CreateThreadpoolWork
CloseThreadpoolWork
SubmitThreadpoolWork
SetThreadpoolWait
SetThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CreateThreadpoolWait

api-ms-win-core-featurestaging-l1-1-0

RecordFeatureUsage
UnsubscribeFeatureStateChangeNotification
GetFeatureEnabledState
SubscribeFeatureStateChangeNotification

api-ms-win-core-processthreads-l1-1-1

OpenProcess

rpcrt4

I_RpcBindingInqLocalClientPID

api-ms-win-security-base-l1-1-0

CopySid
GetTokenInformation
GetLengthSid

api-ms-win-security-capability-l1-1-0

CapabilityCheck

api-ms-win-shcore-taskpool-l1-1-0

SHTaskPoolQueueTask
SHTaskPoolGetUniqueContext

api-ms-win-core-registry-l1-1-0

RegGetValueW

api-ms-win-core-com-l1-1-1

RoGetAgileReference

api-ms-win-core-threadpool-legacy-l1-1-0

DeleteTimerQueueTimer
CreateTimerQueueTimer

api-ms-win-shcore-thread-l1-1-0

SHCreateThread

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW

api-ms-win-core-psapi-l1-1-0

QueryFullProcessImageNameW

api-ms-win-core-atoms-l1-1-0

GlobalGetAtomNameW

api-ms-win-core-heap-l2-1-0

LocalFree
LocalAlloc

combase

ord66
ord67
ord68

propsys

PSCreateMemoryPropertyStore

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

DllCanUnloadNow
DllGetActivationFactory
DllGetClassObject
RegisterNowPlayingSessionManagerFactory
ServiceMain
SvchostPushServiceGlobals
UnregisterNowPlayingSessionManagerFactory

Sections

.text
Size: 131KB - Virtual size: 131KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 52KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 128B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
mscms/mscms.dll
.dll windows:10 windows x64 arch:x64

f725807fb7dee4b0001264abf003889b

Code Sign

33:00:00:02:66:bd:15:80:ef:a7:5c:d6:d3:00:00:00:00:02:66
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

04-03-2020 18:30

Not After

03-03-2021 18:30

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19-10-2011 18:41

Not After

19-10-2026 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

5a:08:a9:14:61:d8:cc:e8:c5:7b:95:fd:79:db:a3:cd:11:2a:78:4f:d0:ad:ff:c3:22:86:56:8e:65:71:7c:4c
Signer

Actual PE Digest

5a:08:a9:14:61:d8:cc:e8:c5:7b:95:fd:79:db:a3:cd:11:2a:78:4f:d0:ad:ff:c3:22:86:56:8e:65:71:7c:4c

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

mscms.pdb

Imports

api-ms-win-crt-math-l1-1-0

expf
cosf
atan2f
sqrtf
floorf
logf
sinf
_finite

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__purecall
_o__register_onexit_function
_o__seh_filter_dll
_o__wcsicmp
_o__wtoi
_o_floor
_o_free
_o_iswupper
_o_malloc
_o_memcpy_s
_o_pow
_o_powf
_o_qsort
_o_sqrt
_o_terminate
_o_toupper
_o_towlower
_o_wcscpy_s
_o_wcstod
_o_wcstok_s
_o__execute_onexit_table
_o__errno
wcschr
__CxxFrameHandler3
_o__crt_atexit
_o__configure_narrow_argv
_o__cexit
_o__callnewh
_o___stdio_common_vswscanf
_o___stdio_common_vswprintf
_o___stdio_common_vsprintf
_o___stdio_common_vsnprintf_s
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
__C_specific_handler
__std_terminate
__CxxFrameHandler4
wcsrchr
wcsstr
_CxxThrowException
memcmp
memcpy
memmove

api-ms-win-crt-string-l1-1-0

memset
wcsncmp

api-ms-win-core-libraryloader-l1-2-0

GetProcAddress
DisableThreadLibraryCalls
LockResource
LoadResource
FreeLibraryAndExitThread
LoadLibraryExW
GetModuleHandleExW
GetModuleFileNameA
LoadStringW
GetModuleHandleW
FreeLibrary
SizeofResource

api-ms-win-core-synch-l1-1-0

InitializeCriticalSectionAndSpinCount
CreateMutexW
InitializeCriticalSectionEx
DeleteCriticalSection
ReleaseMutex
WaitForSingleObject
WaitForSingleObjectEx
ReleaseSemaphore
OpenSemaphoreW
ReleaseSRWLockShared
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
CreateSemaphoreExW
CreateMutexExW
CreateEventW
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
AcquireSRWLockShared

ntdll

RtlGetPersistedStateLocation
NtRenameKey
EtwEventEnabled
RtlPublishWnfStateData
EtwEventWrite
WinSqmIsOptedIn
EtwEventUnregister
EtwEventRegister
RtlLcidToLocaleName
RtlFreeUnicodeString
RtlNtStatusToDosError
WinSqmAddToStream

api-ms-win-eventing-provider-l1-1-0

EventUnregister
EventProviderEnabled
EventRegister
EventSetInformation
EventWriteTransfer

api-ms-win-core-errorhandling-l1-1-0

SetLastError
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RaiseException
GetLastError

api-ms-win-core-string-l1-1-0

MultiByteToWideChar
CompareStringW
WideCharToMultiByte

api-ms-win-core-file-l1-1-0

FindNextFileW
DeleteFileW
FindClose
GetFileSize
CreateFileW
SetFilePointer
GetFileAttributesW
GetFileTime
SetEndOfFile
ReadFile
FindFirstFileW
WriteFile
GetFileSizeEx

api-ms-win-core-memory-l1-1-0

MapViewOfFile
CreateFileMappingW
UnmapViewOfFile

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-heap-l1-1-0

HeapAlloc
HeapReAlloc
GetProcessHeap
HeapFree

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW
FindResourceW

api-ms-win-core-processthreads-l1-1-0

GetCurrentThread
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
SetThreadToken
OpenThreadToken
TerminateProcess
CreateThread
OpenProcessToken

api-ms-win-core-registry-l1-1-0

RegQueryValueExW
RegCloseKey
RegCreateKeyExW
RegOpenKeyExW
RegDeleteValueW
RegSetValueExW

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetTickCount64
GetSystemTimeAsFileTime
GetSystemDirectoryW
GetSystemTime

api-ms-win-core-file-l2-1-2

CopyFileW

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpiW

api-ms-win-core-localization-l1-2-0

FormatMessageW
GetThreadLocale
LCMapStringW
GetThreadPreferredUILanguages

api-ms-win-ntuser-sysparams-l1-1-0

GetMonitorInfoW
DisplayConfigGetDeviceInfo
EnumDisplayMonitors
GetSystemMetrics
GetDisplayConfigBufferSizes
DisplayConfigSetDeviceInfo
EnumDisplayDevicesW
QueryDisplayConfig

api-ms-win-core-largeinteger-l1-1-0

MulDiv

api-ms-win-core-com-l1-1-0

CoInitializeEx
CoCreateInstance
CLSIDFromString
CoUninitialize
CoWaitForMultipleHandles

userenv

EnterCriticalPolicySection
LeaveCriticalPolicySection

api-ms-win-core-threadpool-l1-2-0

CreateThreadpoolTimer
SetThreadpoolTimer
CloseThreadpoolTimer
WaitForThreadpoolTimerCallbacks

api-ms-win-core-winrt-l1-1-0

RoUninitialize
RoInitialize

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
IsDebuggerPresent
DebugBreak

api-ms-win-core-heap-l2-1-0

GlobalFree
LocalAlloc
LocalFree

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-string-l2-1-0

CharNextW
CharPrevW
CharUpperW

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlCaptureContext
RtlVirtualUnwind

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-timezone-l1-1-0

FileTimeToSystemTime

api-ms-win-core-winrt-string-l1-1-0

WindowsCreateString
WindowsDeleteString

api-ms-win-security-base-l1-1-0

GetTokenInformation

coloradapterclient

ModernColorSetGDILutFromHDC
ModernColorGetGDILutFromHDC
ModernColorSetLut
ModernColorSetMatrix
ModernColorSetGDILut

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

AssociateColorProfileWithDeviceA
AssociateColorProfileWithDeviceW
CheckBitmapBits
CheckColors
CloseColorProfile
CloseDisplay
ColorAdapterGetCurrentProfileCalibration
ColorAdapterGetDisplayCurrentStateID
ColorAdapterGetDisplayProfile
ColorAdapterGetDisplayTargetWhitePoint
ColorAdapterGetDisplayTransformData
ColorAdapterGetSystemModifyWhitePointCaps
ColorAdapterRegisterOEMColorService
ColorAdapterUnregisterOEMColorService
ColorAdapterUpdateDeviceProfile
ColorAdapterUpdateDisplayGamma
ColorCplGetDefaultProfileScope
ColorCplGetDefaultRenderingIntentScope
ColorCplGetProfileProperties
ColorCplHasSystemWideAssociationListChanged
ColorCplInitialize
ColorCplLoadAssociationList
ColorCplMergeAssociationLists
ColorCplOverwritePerUserAssociationList
ColorCplReleaseProfileProperties
ColorCplResetSystemWideAssociationListChangedWarning
ColorCplSaveAssociationList
ColorCplSetUsePerUserProfiles
ColorCplUninitialize
ColorProfileAddDisplayAssociation
ColorProfileGetDisplayDefault
ColorProfileGetDisplayList
ColorProfileGetDisplayUserScope
ColorProfileRemoveDisplayAssociation
ColorProfileSetDisplayDefaultAssociation
ConvertColorNameToIndex
ConvertIndexToColorName
CreateColorTransformA
CreateColorTransformW
CreateDeviceLinkProfile
CreateMultiProfileTransform
CreateProfileFromLogColorSpaceA
CreateProfileFromLogColorSpaceW
DccwCreateDisplayProfileAssociationList
DccwGetDisplayProfileAssociationList
DccwGetGamutSize
DccwReleaseDisplayProfileAssociationList
DccwSetDisplayProfileAssociationList
DeleteColorTransform
DeviceRenameEvent
DisassociateColorProfileFromDeviceA
DisassociateColorProfileFromDeviceW
DllCanUnloadNow
DllGetClassObject
EnumColorProfilesA
EnumColorProfilesW
GenerateCopyFilePaths
GetCMMInfo
GetColorDirectoryA
GetColorDirectoryW
GetColorProfileElement
GetColorProfileElementTag
GetColorProfileFromHandle
GetColorProfileHeader
GetCountColorProfileElements
GetNamedProfileInfo
GetPS2ColorRenderingDictionary
GetPS2ColorRenderingIntent
GetPS2ColorSpaceArray
GetStandardColorSpaceProfileA
GetStandardColorSpaceProfileW
InstallColorProfileA
InstallColorProfileW
InternalGetAppliedGDIGammaRamp
InternalGetAppliedGammaRamp
InternalGetDeviceConfig
InternalGetDeviceGammaCapability
InternalGetPS2CSAFromLCS
InternalGetPS2ColorRenderingDictionary
InternalGetPS2ColorRenderingDictionary2
InternalGetPS2ColorSpaceArray
InternalGetPS2ColorSpaceArray2
InternalGetPS2PreviewCRD
InternalGetPS2PreviewCRD2
InternalRefreshCalibration
InternalSetDeviceConfig
InternalSetDeviceGDIGammaRamp
InternalSetDeviceGammaRamp
InternalSetDeviceTemperature
InternalWcsAssociateColorProfileWithDevice
InternalWcsDisassociateColorProfileWithDevice
IsColorProfileTagPresent
IsColorProfileValid
OpenColorProfileA
OpenColorProfileW
OpenDisplay
RegisterCMMA
RegisterCMMW
SelectCMM
SetColorProfileElement
SetColorProfileElementReference
SetColorProfileElementSize
SetColorProfileHeader
SetStandardColorSpaceProfileA
SetStandardColorSpaceProfileW
SpoolerCopyFileEvent
TranslateBitmapBits
TranslateColors
UninstallColorProfileA
UninstallColorProfileW
UnregisterCMMA
UnregisterCMMW
WcsAssociateColorProfileWithDevice
WcsCheckColors
WcsCreateIccProfile
WcsDisassociateColorProfileFromDevice
WcsEnumColorProfiles
WcsEnumColorProfilesSize
WcsGetCalibrationManagementState
WcsGetDefaultColorProfile
WcsGetDefaultColorProfileSize
WcsGetDefaultRenderingIntent
WcsGetUsePerUserProfiles
WcsGpCanInstallOrUninstallProfiles
WcsOpenColorProfileA
WcsOpenColorProfileW
WcsSetCalibrationManagementState
WcsSetDefaultColorProfile
WcsSetDefaultRenderingIntent
WcsSetUsePerUserProfiles
WcsTranslateColors

Sections

.text
Size: 494KB - Virtual size: 494KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 91KB - Virtual size: 91KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 208B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 66KB - Virtual size: 66KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
mscms/msvcp120.dll
.dll windows:6 windows x64 arch:x64

8bbb502b9452fee14bc96b306e6136bf

Code Sign

33:00:00:00:b5:ac:7d:6d:87:6b:26:11:47:00:00:00:00:00:b5
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

07-09-2016 17:58

Not After

07-09-2018 17:58

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:B8EC-30A4-7144,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

33:00:00:01:40:96:a9:ee:70:56:fe:cc:07:00:01:00:00:01:40
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

18-08-2016 20:17

Not After

02-11-2017 20:17

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:33:26:1a:00:00:00:00:00:31
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

31-08-2010 22:19

Not After

31-08-2020 22:29

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03-04-2007 12:53

Not After

03-04-2021 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:8e:87:91:a4:57:1a:5f:ca:3e:00:00:00:00:00:8e
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

17-11-2016 22:09

Not After

17-02-2018 22:09

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08-07-2011 20:59

Not After

08-07-2026 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

56:1a:ad:be:27:0f:1d:1b:6a:1a:b3:9e:bc:f0:f6:36:a5:be:09:4a:3b:0f:d6:76:52:de:25:91:b3:38:58:46
Signer

Actual PE Digest

56:1a:ad:be:27:0f:1d:1b:6a:1a:b3:9e:bc:f0:f6:36:a5:be:09:4a:3b:0f:d6:76:52:de:25:91:b3:38:58:46

Digest Algorithm

sha256

PE Digest Matches

true

2d:18:18:d8:59:2e:ba:1c:99:19:b2:71:03:0a:ae:85:4f:f9:3a:7b
Signer

Actual PE Digest

2d:18:18:d8:59:2e:ba:1c:99:19:b2:71:03:0a:ae:85:4f:f9:3a:7b

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

msvcp120.amd64.pdb

Imports

msvcr120

??0bad_cast@std@@QEAA@AEBV01@@Z
??1bad_cast@std@@UEAA@XZ
?what@exception@std@@UEBAPEBDXZ
_CxxThrowException
__CxxFrameHandler3
fclose
fflush
fgetc
fgetpos
fsetpos
_fseeki64
fwrite
setvbuf
ungetc
_lock_file
_unlock_file
memcpy_s
_fsopen
fseek
_wfsopen
?__ExceptionPtrDestroy@@YAXPEAX@Z
?__ExceptionPtrCopy@@YAXPEAXPEBX@Z
?__ExceptionPtrRethrow@@YAXPEBX@Z
?Alloc@Concurrency@@YAPEAX_K@Z
?Free@Concurrency@@YAXPEAX@Z
?_ScheduleTask@_CurrentScheduler@details@Concurrency@@SAXP6AXPEAX@Z0@Z
??0invalid_operation@Concurrency@@QEAA@PEBD@Z
??0critical_section@Concurrency@@QEAA@XZ
??1critical_section@Concurrency@@QEAA@XZ
??0event@Concurrency@@QEAA@XZ
??1event@Concurrency@@QEAA@XZ
?wait@event@Concurrency@@QEAA_KI@Z
?set@event@Concurrency@@QEAAXXZ
ldexp
sprintf_s
strcspn
wcslen
_Strftime
_Wcsftime
strcmp
setlocale
_malloc_crt
_realloc_crt
?_set_new_handler@@YAP6AH_K@ZP6AH0@Z@Z
fgetwc
fputwc
ungetwc
__uncaught_exception
_errno
memcmp
_wcsdup
___lc_locale_name_func
___lc_collate_cp_func
__crtCompareStringA
__crtLCMapStringA
___lc_codepage_func
_ismbblead
remove
rename
_wremove
strcpy_s
wcscpy_s
_wgetcwd
_wchdir
_wmkdir
_wrmdir
_W_Gettnames
_getcwd
_chdir
_mkdir
_rmdir
__crtCreateSymbolicLinkW
__crtGetFileInformationByHandleEx
__crtSetFileInformationByHandle
_calloc_crt
??0_Condition_variable@details@Concurrency@@QEAA@XZ
??1_Condition_variable@details@Concurrency@@QEAA@XZ
?wait@_Condition_variable@details@Concurrency@@QEAAXAEAVcritical_section@3@@Z
?wait_for@_Condition_variable@details@Concurrency@@QEAA_NAEAVcritical_section@3@I@Z
?notify_one@_Condition_variable@details@Concurrency@@QEAAXXZ
?notify_all@_Condition_variable@details@Concurrency@@QEAAXXZ
__crtSleep
_beginthreadex
_endthreadex
?lock@critical_section@Concurrency@@QEAAXXZ
?try_lock@critical_section@Concurrency@@QEAA_NXZ
?try_lock_for@critical_section@Concurrency@@QEAA_NI@Z
?unlock@critical_section@Concurrency@@QEAAXXZ
?terminate@@YAXXZ
__crtFlsAlloc
__crtFlsFree
__crtFlsGetValue
__crtFlsSetValue
calloc
??0operation_timed_out@Concurrency@@QEAA@XZ
?ScheduleTask@CurrentScheduler@Concurrency@@SAXP6AXPEAX@Z0@Z
??0invalid_link_target@Concurrency@@QEAA@PEBD@Z
??0message_not_found@Concurrency@@QEAA@XZ
?_Trace_agents@Concurrency@@YAXW4Agents_EventType@1@_JZZ
??0bad_target@Concurrency@@QEAA@XZ
??1_Scoped_lock@_ReentrantPPLLock@details@Concurrency@@QEAA@XZ
??0_Scoped_lock@_ReentrantPPLLock@details@Concurrency@@QEAA@AEAV123@@Z
??0_ReentrantPPLLock@details@Concurrency@@QEAA@XZ
??1_Scoped_lock@_NonReentrantPPLLock@details@Concurrency@@QEAA@XZ
??0_Scoped_lock@_NonReentrantPPLLock@details@Concurrency@@QEAA@AEAV123@@Z
??0_NonReentrantPPLLock@details@Concurrency@@QEAA@XZ
?_Yield@_Context@details@Concurrency@@SAXXZ
?_UnderlyingYield@details@Concurrency@@YAXXZ
?_SpinOnce@?$_SpinWait@$00@details@Concurrency@@QEAA_NXZ
?GetNumberOfVirtualProcessors@CurrentScheduler@Concurrency@@SAIXZ
?IsCurrentTaskCollectionCanceling@Context@Concurrency@@SA_NXZ
??1_SpinLock@details@Concurrency@@QEAA@XZ
??0_SpinLock@details@Concurrency@@QEAA@AECJ@Z
?Log2@details@Concurrency@@YAK_K@Z
_lock
_unlock
__pctype_func
isupper
__crtGetLocaleInfoEx
islower
__crtLCMapStringW
isspace
tolower
memchr
sqrt
isdigit
isxdigit
isalnum
__crtCompareStringW
__C_specific_handler
__dllonexit
_onexit
__CppXcptFilter
_amsg_exit
_initterm
_initterm_e
__crt_debugger_hook
__crtUnhandledException
__crtTerminateProcess
__crtCapturePreviousContext
?_type_info_dtor_internal_method@type_info@@QEAAXXZ
__clean_type_info_names_internal
_W_Getmonths
_W_Getdays
_Gettnames
_Getmonths
_Getdays
localeconv
??0bad_cast@std@@QEAA@PEBD@Z
??_V@YAXPEAX@Z
??1exception@std@@UEAA@XZ
??0exception@std@@QEAA@AEBV01@@Z
??0exception@std@@QEAA@AEBQEBDH@Z
??0exception@std@@QEAA@AEBQEBD@Z
??0exception@std@@QEAA@XZ
memmove
strlen
memcpy
malloc
free
___mb_cur_max_func
_purecall
rand_s
fputs
fputc
__iob_func
abort
logf
log
__crtInitializeCriticalSectionEx
??3@YAXPEAX@Z
??2@YAPEAX_K@Z
memset
_wrename

kernel32

GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
IsDebuggerPresent
GetStringTypeW
GetSystemTimeAsFileTime
GetExitCodeThread
GetCurrentThreadId
GetCurrentThread
GetCurrentProcess
WaitForSingleObject
DuplicateHandle
AreFileApisANSI
CreateHardLinkW
CopyFileW
GetLastError
CloseHandle
GetFileInformationByHandle
GetFileAttributesExW
GetDiskFreeSpaceExW
FindNextFileW
FindFirstFileExW
FindClose
CreateFileW
WideCharToMultiByte
MultiByteToWideChar
DecodePointer
EncodePointer
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
DisableThreadLibraryCalls

Exports

Exports

??$_Getvals@_W@?$time_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@IEAAX_WAEBV_Locinfo@1@@Z
??$_Getvals@_W@?$time_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@IEAAX_WAEBV_Locinfo@1@@Z
??$_Getvals@_W@?$time_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@IEAAX_WAEBV_Locinfo@1@@Z
??0?$_Yarn@D@std@@QEAA@AEBV01@@Z
??0?$_Yarn@D@std@@QEAA@PEBD@Z
??0?$_Yarn@D@std@@QEAA@XZ
??0?$_Yarn@_W@std@@QEAA@XZ
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
??0?$basic_ios@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??0?$basic_ios@GU?$char_traits@G@std@@@std@@IEAA@XZ
??0?$basic_ios@GU?$char_traits@G@std@@@std@@QEAA@PEAV?$basic_streambuf@GU?$char_traits@G@std@@@1@@Z
??0?$basic_ios@_WU?$char_traits@_W@std@@@std@@IEAA@XZ
??0?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEAA@PEAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@@Z
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@IEAA@$$QEAV01@@Z
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??0?$basic_iostream@GU?$char_traits@G@std@@@std@@IEAA@$$QEAV01@@Z
??0?$basic_iostream@GU?$char_traits@G@std@@@std@@QEAA@PEAV?$basic_streambuf@GU?$char_traits@G@std@@@1@@Z
??0?$basic_iostream@_WU?$char_traits@_W@std@@@std@@IEAA@$$QEAV01@@Z
??0?$basic_iostream@_WU?$char_traits@_W@std@@@std@@QEAA@PEAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@@Z
??0?$basic_istream@DU?$char_traits@D@std@@@std@@IEAA@$$QEAV01@@Z
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N1@Z
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@W4_Uninitialized@1@@Z
??0?$basic_istream@GU?$char_traits@G@std@@@std@@IEAA@$$QEAV01@@Z
??0?$basic_istream@GU?$char_traits@G@std@@@std@@QEAA@PEAV?$basic_streambuf@GU?$char_traits@G@std@@@1@_N1@Z
??0?$basic_istream@GU?$char_traits@G@std@@@std@@QEAA@PEAV?$basic_streambuf@GU?$char_traits@G@std@@@1@_N@Z
??0?$basic_istream@GU?$char_traits@G@std@@@std@@QEAA@W4_Uninitialized@1@@Z
??0?$basic_istream@_WU?$char_traits@_W@std@@@std@@IEAA@$$QEAV01@@Z
??0?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAA@PEAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@_N1@Z
??0?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAA@PEAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@_N@Z
??0?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAA@W4_Uninitialized@1@@Z
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@IEAA@$$QEAV01@@Z
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@W4_Uninitialized@1@_N@Z
??0?$basic_ostream@GU?$char_traits@G@std@@@std@@IEAA@$$QEAV01@@Z
??0?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAA@PEAV?$basic_streambuf@GU?$char_traits@G@std@@@1@_N@Z
??0?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAA@W4_Uninitialized@1@_N@Z
??0?$basic_ostream@_WU?$char_traits@_W@std@@@std@@IEAA@$$QEAV01@@Z
??0?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAA@PEAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@_N@Z
??0?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAA@W4_Uninitialized@1@_N@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@AEBV01@@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@W4_Uninitialized@1@@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
??0?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAA@AEBV01@@Z
??0?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAA@W4_Uninitialized@1@@Z
??0?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAA@XZ
??0?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAA@AEBV01@@Z
??0?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAA@W4_Uninitialized@1@@Z
??0?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAA@XZ
??0?$codecvt@DDH@std@@QEAA@AEBV_Locinfo@1@_K@Z
??0?$codecvt@DDH@std@@QEAA@_K@Z
??0?$codecvt@GDH@std@@QEAA@AEBV_Locinfo@1@_K@Z
??0?$codecvt@GDH@std@@QEAA@_K@Z
??0?$codecvt@_WDH@std@@QEAA@AEBV_Locinfo@1@_K@Z
??0?$codecvt@_WDH@std@@QEAA@_K@Z
??0?$ctype@D@std@@QEAA@AEBV_Locinfo@1@_K@Z
??0?$ctype@D@std@@QEAA@PEBF_N_K@Z
??0?$ctype@G@std@@QEAA@AEBV_Locinfo@1@_K@Z
??0?$ctype@G@std@@QEAA@_K@Z
??0?$ctype@_W@std@@QEAA@AEBV_Locinfo@1@_K@Z
??0?$ctype@_W@std@@QEAA@_K@Z
??0?$num_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QEAA@AEBV_Locinfo@1@_K@Z
??0?$num_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QEAA@_K@Z
??0?$num_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QEAA@AEBV_Locinfo@1@_K@Z
??0?$num_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QEAA@_K@Z
??0?$num_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@QEAA@AEBV_Locinfo@1@_K@Z
??0?$num_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@QEAA@_K@Z
??0?$num_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QEAA@AEBV_Locinfo@1@_K@Z
??0?$num_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QEAA@_K@Z
??0?$num_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QEAA@AEBV_Locinfo@1@_K@Z
??0?$num_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QEAA@_K@Z
??0?$num_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@QEAA@AEBV_Locinfo@1@_K@Z
??0?$num_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@QEAA@_K@Z
??0?$time_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@IEAA@PEBD_K@Z
??0?$time_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QEAA@AEBV_Locinfo@1@_K@Z
??0?$time_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QEAA@_K@Z
??0?$time_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@IEAA@PEBD_K@Z
??0?$time_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QEAA@AEBV_Locinfo@1@_K@Z
??0?$time_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QEAA@_K@Z
??0?$time_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@IEAA@PEBD_K@Z
??0?$time_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@QEAA@AEBV_Locinfo@1@_K@Z
??0?$time_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@QEAA@_K@Z
??0?$time_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QEAA@AEBV_Locinfo@1@_K@Z
??0?$time_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QEAA@_K@Z
??0?$time_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@IEAA@PEBD_K@Z
??0?$time_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QEAA@AEBV_Locinfo@1@_K@Z
??0?$time_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QEAA@_K@Z
??0?$time_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@IEAA@PEBD_K@Z
??0?$time_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@QEAA@AEBV_Locinfo@1@_K@Z
??0?$time_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@QEAA@_K@Z
??0Init@ios_base@std@@QEAA@XZ
??0_Concurrent_queue_base_v4@details@Concurrency@@IEAA@_K@Z
??0_Concurrent_queue_iterator_base_v4@details@Concurrency@@IEAA@AEBV_Concurrent_queue_base_v4@12@@Z
??0_Container_base12@std@@QEAA@AEBU01@@Z
??0_Container_base12@std@@QEAA@XZ
??0_Facet_base@std@@QEAA@AEBV01@@Z
??0_Facet_base@std@@QEAA@XZ
??0_Init_locks@std@@QEAA@XZ
??0_Locimp@locale@std@@AEAA@AEBV012@@Z
??0_Locimp@locale@std@@AEAA@_N@Z
??0_Locinfo@std@@QEAA@HPEBD@Z
??0_Locinfo@std@@QEAA@PEBD@Z
??0_Lockit@std@@QEAA@H@Z
??0_Lockit@std@@QEAA@XZ
??0_Pad@std@@QEAA@AEBV01@@Z
??0_Pad@std@@QEAA@XZ
??0_Runtime_object@details@Concurrency@@QEAA@H@Z
??0_Runtime_object@details@Concurrency@@QEAA@XZ
??0_Timevec@std@@QEAA@AEBV01@@Z
??0_Timevec@std@@QEAA@PEAX@Z
??0_UShinit@std@@QEAA@XZ
??0_Winit@std@@QEAA@XZ
??0agent@Concurrency@@QEAA@AEAVScheduleGroup@1@@Z
??0agent@Concurrency@@QEAA@AEAVScheduler@1@@Z
??0agent@Concurrency@@QEAA@XZ
??0codecvt_base@std@@QEAA@_K@Z
??0ctype_base@std@@QEAA@_K@Z
??0facet@locale@std@@IEAA@_K@Z
??0id@locale@std@@QEAA@_K@Z
??0ios_base@std@@IEAA@XZ
??0time_base@std@@QEAA@_K@Z
??1?$_Yarn@D@std@@QEAA@XZ
??1?$_Yarn@_W@std@@QEAA@XZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1?$basic_ios@GU?$char_traits@G@std@@@std@@UEAA@XZ
??1?$basic_ios@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1?$basic_iostream@GU?$char_traits@G@std@@@std@@UEAA@XZ
??1?$basic_iostream@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1?$basic_istream@GU?$char_traits@G@std@@@std@@UEAA@XZ
??1?$basic_istream@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1?$basic_ostream@GU?$char_traits@G@std@@@std@@UEAA@XZ
??1?$basic_ostream@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAA@XZ
??1?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
??1?$codecvt@DDH@std@@MEAA@XZ
??1?$codecvt@GDH@std@@MEAA@XZ
??1?$codecvt@_WDH@std@@MEAA@XZ
??1?$ctype@D@std@@MEAA@XZ
??1?$ctype@G@std@@MEAA@XZ
??1?$ctype@_W@std@@MEAA@XZ
??1?$num_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@MEAA@XZ
??1?$num_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@MEAA@XZ
??1?$num_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@MEAA@XZ
??1?$num_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@MEAA@XZ
??1?$num_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@MEAA@XZ
??1?$num_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@MEAA@XZ
??1?$time_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@MEAA@XZ
??1?$time_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@MEAA@XZ
??1?$time_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@MEAA@XZ
??1?$time_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@MEAA@XZ
??1?$time_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@MEAA@XZ
??1?$time_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@MEAA@XZ
??1Init@ios_base@std@@QEAA@XZ
??1_Concurrent_queue_base_v4@details@Concurrency@@MEAA@XZ
??1_Concurrent_queue_iterator_base_v4@details@Concurrency@@IEAA@XZ
??1_Concurrent_vector_base_v4@details@Concurrency@@IEAA@XZ
??1_Container_base12@std@@QEAA@XZ
??1_Facet_base@std@@UEAA@XZ
??1_Init_locks@std@@QEAA@XZ
??1_Locimp@locale@std@@MEAA@XZ
??1_Locinfo@std@@QEAA@XZ
??1_Lockit@std@@QEAA@XZ
??1_Pad@std@@QEAA@XZ
??1_Timevec@std@@QEAA@XZ
??1_UShinit@std@@QEAA@XZ
??1_Winit@std@@QEAA@XZ
??1agent@Concurrency@@UEAA@XZ
??1codecvt_base@std@@UEAA@XZ
??1ctype_base@std@@UEAA@XZ
??1facet@locale@std@@MEAA@XZ
??1ios_base@std@@UEAA@XZ
??1time_base@std@@UEAA@XZ
??4?$_Iosb@H@std@@QEAAAEAV01@AEBV01@@Z
??4?$_Yarn@D@std@@QEAAAEAV01@AEBV01@@Z
??4?$_Yarn@D@std@@QEAAAEAV01@PEBD@Z
??4?$_Yarn@_W@std@@QEAAAEAV01@PEB_W@Z
??4?$basic_iostream@DU?$char_traits@D@std@@@std@@IEAAAEAV01@$$QEAV01@@Z
??4?$basic_iostream@GU?$char_traits@G@std@@@std@@IEAAAEAV01@$$QEAV01@@Z
??4?$basic_iostream@_WU?$char_traits@_W@std@@@std@@IEAAAEAV01@$$QEAV01@@Z
??4?$basic_istream@DU?$char_traits@D@std@@@std@@IEAAAEAV01@$$QEAV01@@Z
??4?$basic_istream@GU?$char_traits@G@std@@@std@@IEAAAEAV01@$$QEAV01@@Z
??4?$basic_istream@_WU?$char_traits@_W@std@@@std@@IEAAAEAV01@$$QEAV01@@Z
??4?$basic_ostream@DU?$char_traits@D@std@@@std@@IEAAAEAV01@$$QEAV01@@Z
??4?$basic_ostream@GU?$char_traits@G@std@@@std@@IEAAAEAV01@$$QEAV01@@Z
??4?$basic_ostream@_WU?$char_traits@_W@std@@@std@@IEAAAEAV01@$$QEAV01@@Z
??4?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAAEAV01@AEBV01@@Z
??4?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAAEAV01@AEBV01@@Z
??4?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAAAEAV01@AEBV01@@Z
??4Init@ios_base@std@@QEAAAEAV012@AEBV012@@Z
??4_Container_base0@std@@QEAAAEAU01@AEBU01@@Z
??4_Container_base12@std@@QEAAAEAU01@AEBU01@@Z
??4_Facet_base@std@@QEAAAEAV01@AEBV01@@Z
??4_Init_locks@std@@QEAAAEAV01@AEBV01@@Z
??4_Pad@std@@QEAAAEAV01@AEBV01@@Z
??4_Timevec@std@@QEAAAEAV01@AEBV01@@Z
??4_UShinit@std@@QEAAAEAV01@AEBV01@@Z
??4_Winit@std@@QEAAAEAV01@AEBV01@@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEAF@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEAG@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEAH@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEAI@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEAJ@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEAK@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEAM@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEAN@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEAO@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEAPEAX@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEA_J@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEA_K@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEA_N@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV?$basic_ios@DU?$char_traits@D@std@@@1@AEAV21@@Z@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@AEAF@Z
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@AEAG@Z
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@AEAH@Z
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@AEAI@Z
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@AEAJ@Z
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@AEAK@Z
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@AEAM@Z
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@AEAN@Z
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@AEAO@Z
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@AEAPEAX@Z
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@AEA_J@Z
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@AEA_K@Z
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@AEA_N@Z
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@P6AAEAV?$basic_ios@GU?$char_traits@G@std@@@1@AEAV21@@Z@Z
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@PEAV?$basic_streambuf@GU?$char_traits@G@std@@@1@@Z
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@AEAF@Z
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@AEAG@Z
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@AEAH@Z
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@AEAI@Z
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@AEAJ@Z
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@AEAK@Z
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@AEAM@Z
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@AEAN@Z
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@AEAO@Z
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@AEAPEAX@Z
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@AEA_J@Z
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@AEA_K@Z
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@AEA_N@Z
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@P6AAEAV?$basic_ios@_WU?$char_traits@_W@std@@@1@AEAV21@@Z@Z
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@PEAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@F@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@G@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@H@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@I@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@J@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@K@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@M@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@N@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@O@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV?$basic_ios@DU?$char_traits@D@std@@@1@AEAV21@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@PEBX@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@_J@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@_K@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@_N@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@F@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@G@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@H@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@I@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@J@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@K@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@M@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@N@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@O@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@P6AAEAV?$basic_ios@GU?$char_traits@G@std@@@1@AEAV21@@Z@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@PEAV?$basic_streambuf@GU?$char_traits@G@std@@@1@@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@PEBX@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@_J@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@_K@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@_N@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@F@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@G@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@H@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@I@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@J@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@K@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@M@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@N@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@O@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@P6AAEAV?$basic_ios@_WU?$char_traits@_W@std@@@1@AEAV21@@Z@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@PEAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@PEBX@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@_J@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@_K@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@_N@Z
??7ios_base@std@@QEBA_NXZ
??Bid@locale@std@@QEAA_KXZ
??Bios_base@std@@QEBA_NXZ
??_7?$basic_ios@DU?$char_traits@D@std@@@std@@6B@
??_7?$basic_ios@GU?$char_traits@G@std@@@std@@6B@
??_7?$basic_ios@_WU?$char_traits@_W@std@@@std@@6B@
??_7?$basic_iostream@DU?$char_traits@D@std@@@std@@6B@
??_7?$basic_iostream@GU?$char_traits@G@std@@@std@@6B@
??_7?$basic_iostream@_WU?$char_traits@_W@std@@@std@@6B@
??_7?$basic_istream@DU?$char_traits@D@std@@@std@@6B@
??_7?$basic_istream@GU?$char_traits@G@std@@@std@@6B@
??_7?$basic_istream@_WU?$char_traits@_W@std@@@std@@6B@
??_7?$basic_ostream@DU?$char_traits@D@std@@@std@@6B@
??_7?$basic_ostream@GU?$char_traits@G@std@@@std@@6B@
??_7?$basic_ostream@_WU?$char_traits@_W@std@@@std@@6B@
??_7?$basic_streambuf@DU?$char_traits@D@std@@@std@@6B@
??_7?$basic_streambuf@GU?$char_traits@G@std@@@std@@6B@
??_7?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@6B@
??_7?$codecvt@DDH@std@@6B@
??_7?$codecvt@GDH@std@@6B@
??_7?$codecvt@_WDH@std@@6B@
??_7?$ctype@D@std@@6B@
??_7?$ctype@G@std@@6B@
??_7?$ctype@_W@std@@6B@
??_7?$num_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@6B@
??_7?$num_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@6B@
??_7?$num_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@6B@
??_7?$num_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@6B@
??_7?$num_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@6B@
??_7?$num_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@6B@
??_7?$time_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@6B@
??_7?$time_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@6B@
??_7?$time_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@6B@
??_7?$time_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@6B@
??_7?$time_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@6B@
??_7?$time_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@6B@
??_7_Facet_base@std@@6B@
??_7_Locimp@locale@std@@6B@
??_7_Pad@std@@6B@
??_7codecvt_base@std@@6B@
??_7ctype_base@std@@6B@
??_7facet@locale@std@@6B@
??_7ios_base@std@@6B@
??_7time_base@std@@6B@
??_8?$basic_iostream@DU?$char_traits@D@std@@@std@@7B?$basic_istream@DU?$char_traits@D@std@@@1@@
??_8?$basic_iostream@DU?$char_traits@D@std@@@std@@7B?$basic_ostream@DU?$char_traits@D@std@@@1@@
??_8?$basic_iostream@GU?$char_traits@G@std@@@std@@7B?$basic_istream@GU?$char_traits@G@std@@@1@@
??_8?$basic_iostream@GU?$char_traits@G@std@@@std@@7B?$basic_ostream@GU?$char_traits@G@std@@@1@@
??_8?$basic_iostream@_WU?$char_traits@_W@std@@@std@@7B?$basic_istream@_WU?$char_traits@_W@std@@@1@@
??_8?$basic_iostream@_WU?$char_traits@_W@std@@@std@@7B?$basic_ostream@_WU?$char_traits@_W@std@@@1@@
??_8?$basic_istream@DU?$char_traits@D@std@@@std@@7B@
??_8?$basic_istream@GU?$char_traits@G@std@@@std@@7B@
??_8?$basic_istream@_WU?$char_traits@_W@std@@@std@@7B@
??_8?$basic_ostream@DU?$char_traits@D@std@@@std@@7B@
??_8?$basic_ostream@GU?$char_traits@G@std@@@std@@7B@
??_8?$basic_ostream@_WU?$char_traits@_W@std@@@std@@7B@
??_D?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
??_D?$basic_iostream@GU?$char_traits@G@std@@@std@@QEAAXXZ
??_D?$basic_iostream@_WU?$char_traits@_W@std@@@std@@QEAAXXZ
??_D?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAXXZ
??_D?$basic_istream@GU?$char_traits@G@std@@@std@@QEAAXXZ
??_D?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAAXXZ
??_D?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
??_D?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAXXZ
??_D?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAXXZ
??_F?$codecvt@DDH@std@@QEAAXXZ
??_F?$codecvt@GDH@std@@QEAAXXZ
??_F?$codecvt@_WDH@std@@QEAAXXZ
??_F?$ctype@D@std@@QEAAXXZ
??_F?$ctype@G@std@@QEAAXXZ
??_F?$ctype@_W@std@@QEAAXXZ
??_F?$num_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QEAAXXZ
??_F?$num_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QEAAXXZ
??_F?$num_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@QEAAXXZ
??_F?$num_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QEAAXXZ
??_F?$num_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QEAAXXZ
??_F?$num_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@QEAAXXZ
??_F?$time_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QEAAXXZ
??_F?$time_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QEAAXXZ
??_F?$time_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@QEAAXXZ
??_F?$time_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QEAAXXZ
??_F?$time_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QEAAXXZ
??_F?$time_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@QEAAXXZ
??_F_Locinfo@std@@QEAAXXZ
??_F_Timevec@std@@QEAAXXZ
??_Fcodecvt_base@std@@QEAAXXZ
??_Fctype_base@std@@QEAAXXZ
??_Ffacet@locale@std@@QEAAXXZ
??_Fid@locale@std@@QEAAXXZ
??_Ftime_base@std@@QEAAXXZ
?GetNextAsyncId@platform@details@Concurrency@@YAIXZ
?NFS_Allocate@details@Concurrency@@YAPEAX_K0PEAX@Z
?NFS_Free@details@Concurrency@@YAXPEAX@Z
?NFS_GetLineSize@details@Concurrency@@YA_KXZ
?_10@placeholders@std@@3V?$_Ph@$09@2@A
?_11@placeholders@std@@3V?$_Ph@$0L@@2@A
?_12@placeholders@std@@3V?$_Ph@$0M@@2@A
?_13@placeholders@std@@3V?$_Ph@$0N@@2@A
?_14@placeholders@std@@3V?$_Ph@$0O@@2@A
?_15@placeholders@std@@3V?$_Ph@$0P@@2@A
?_16@placeholders@std@@3V?$_Ph@$0BA@@2@A
?_17@placeholders@std@@3V?$_Ph@$0BB@@2@A
?_18@placeholders@std@@3V?$_Ph@$0BC@@2@A
?_19@placeholders@std@@3V?$_Ph@$0BD@@2@A
?_1@placeholders@std@@3V?$_Ph@$00@2@A
?_20@placeholders@std@@3V?$_Ph@$0BE@@2@A
?_2@placeholders@std@@3V?$_Ph@$01@2@A
?_3@placeholders@std@@3V?$_Ph@$02@2@A
?_4@placeholders@std@@3V?$_Ph@$03@2@A
?_5@placeholders@std@@3V?$_Ph@$04@2@A
?_6@placeholders@std@@3V?$_Ph@$05@2@A
?_7@placeholders@std@@3V?$_Ph@$06@2@A
?_8@placeholders@std@@3V?$_Ph@$07@2@A
?_9@placeholders@std@@3V?$_Ph@$08@2@A
?_Addcats@_Locinfo@std@@QEAAAEAV12@HPEBD@Z
?_Addfac@_Locimp@locale@std@@AEAAXPEAVfacet@23@_K@Z
?_Addstd@ios_base@std@@SAXPEAV12@@Z
?_Advance@_Concurrent_queue_iterator_base_v4@details@Concurrency@@IEAAXXZ
?_Assign@_Concurrent_queue_iterator_base_v4@details@Concurrency@@IEAAXAEBV123@@Z
?_Atexit@@YAXP6AXXZ@Z
?_BADOFF@std@@3_JB
?_Byte_reverse_table@details@Concurrency@@3QBEB
?_C_str@?$_Yarn@D@std@@QEBAPEBDXZ
?_C_str@?$_Yarn@_W@std@@QEBAPEB_WXZ
?_Callfns@ios_base@std@@AEAAXW4event@12@@Z
?_Clocptr@_Locimp@locale@std@@0PEAV123@EA
?_Close_dir@sys@tr2@std@@YAXPEAX@Z
?_Copy_file@sys@tr2@std@@YAHPEBD0_N@Z
?_Copy_file@sys@tr2@std@@YAHPEB_W0_N@Z
?_Current_get@sys@tr2@std@@YAPEADAEAY0BAE@D@Z
?_Current_get@sys@tr2@std@@YAPEA_WAEAY0BAE@_W@Z
?_Current_set@sys@tr2@std@@YA_NPEBD@Z
?_Current_set@sys@tr2@std@@YA_NPEB_W@Z
?_Decref@facet@locale@std@@UEAAPEAV_Facet_base@3@XZ
?_Donarrow@?$ctype@G@std@@IEBADGD@Z
?_Donarrow@?$ctype@_W@std@@IEBAD_WD@Z
?_Dowiden@?$ctype@G@std@@IEBAGD@Z
?_Dowiden@?$ctype@_W@std@@IEBA_WD@Z
?_Empty@?$_Yarn@D@std@@QEBA_NXZ
?_Empty@?$_Yarn@_W@std@@QEBA_NXZ
?_Equivalent@sys@tr2@std@@YAHPEBD0@Z
?_Equivalent@sys@tr2@std@@YAHPEB_W0@Z
?_Ffmt@?$num_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@AEBAPEADPEADDH@Z
?_Ffmt@?$num_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@AEBAPEADPEADDH@Z
?_Ffmt@?$num_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@AEBAPEADPEADDH@Z
?_File_size@sys@tr2@std@@YA_KPEBD@Z
?_File_size@sys@tr2@std@@YA_KPEB_W@Z
?_Findarr@ios_base@std@@AEAAAEAU_Iosarray@12@H@Z
?_Fiopen@std@@YAPEAU_iobuf@@PEBDHH@Z
?_Fiopen@std@@YAPEAU_iobuf@@PEBGHH@Z
?_Fiopen@std@@YAPEAU_iobuf@@PEB_WHH@Z
?_Fput@?$num_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@AEBA?AV?$ostreambuf_iterator@DU?$char_traits@D@std@@@2@V32@AEAVios_base@2@DPEBD_K333@Z
?_Fput@?$num_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@AEBA?AV?$ostreambuf_iterator@GU?$char_traits@G@std@@@2@V32@AEAVios_base@2@GPEBD_K333@Z
?_Fput@?$num_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@AEBA?AV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@2@V32@AEAVios_base@2@_WPEBD_K444@Z
?_Future_error_map@std@@YAPEBDH@Z
?_GetCombinableSize@details@Concurrency@@YA_KXZ
?_Getcat@?$codecvt@DDH@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?_Getcat@?$codecvt@GDH@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?_Getcat@?$codecvt@_WDH@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?_Getcat@?$ctype@D@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?_Getcat@?$ctype@G@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?_Getcat@?$ctype@_W@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?_Getcat@?$num_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?_Getcat@?$num_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?_Getcat@?$num_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?_Getcat@?$num_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?_Getcat@?$num_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?_Getcat@?$num_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?_Getcat@?$time_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?_Getcat@?$time_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?_Getcat@?$time_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?_Getcat@?$time_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?_Getcat@?$time_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?_Getcat@?$time_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?_Getcat@facet@locale@std@@SA_KPEAPEBV123@PEBV23@@Z
?_Getcoll@_Locinfo@std@@QEBA?AU_Collvec@@XZ
?_Getctype@_Locinfo@std@@QEBA?AU_Ctypevec@@XZ
?_Getcvt@_Locinfo@std@@QEBA?AU_Cvtvec@@XZ
?_Getdateorder@_Locinfo@std@@QEBAHXZ
?_Getdays@_Locinfo@std@@QEBAPEBDXZ
?_Getfalse@_Locinfo@std@@QEBAPEBDXZ
?_Getffld@?$num_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@AEBAHPEADAEAV?$istreambuf_iterator@DU?$char_traits@D@std@@@2@1AEAVios_base@2@PEAH@Z
?_Getffld@?$num_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@AEBAHPEADAEAV?$istreambuf_iterator@GU?$char_traits@G@std@@@2@1AEAVios_base@2@PEAH@Z
?_Getffld@?$num_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@AEBAHPEADAEAV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@2@1AEAVios_base@2@PEAH@Z
?_Getffldx@?$num_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@AEBAHPEADAEAV?$istreambuf_iterator@DU?$char_traits@D@std@@@2@1AEAVios_base@2@PEAH@Z
?_Getffldx@?$num_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@AEBAHPEADAEAV?$istreambuf_iterator@GU?$char_traits@G@std@@@2@1AEAVios_base@2@PEAH@Z
?_Getffldx@?$num_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@AEBAHPEADAEAV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@2@1AEAVios_base@2@PEAH@Z
?_Getfmt@?$time_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@IEBA?AV?$istreambuf_iterator@DU?$char_traits@D@std@@@2@V32@0AEAVios_base@2@AEAHPEAUtm@@PEBD@Z
?_Getfmt@?$time_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@IEBA?AV?$istreambuf_iterator@GU?$char_traits@G@std@@@2@V32@0AEAVios_base@2@AEAHPEAUtm@@PEBD@Z
?_Getfmt@?$time_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@IEBA?AV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@2@V32@0AEAVios_base@2@AEAHPEAUtm@@PEBD@Z
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
?_Getifld@?$num_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@AEBAHPEADAEAV?$istreambuf_iterator@DU?$char_traits@D@std@@@2@1HAEBVlocale@2@@Z
?_Getifld@?$num_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@AEBAHPEADAEAV?$istreambuf_iterator@GU?$char_traits@G@std@@@2@1HAEBVlocale@2@@Z
?_Getifld@?$num_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@AEBAHPEADAEAV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@2@1HAEBVlocale@2@@Z
?_Getint@?$time_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@AEBAHAEAV?$istreambuf_iterator@DU?$char_traits@D@std@@@2@0HHAEAHAEBV?$ctype@D@2@@Z
?_Getint@?$time_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@AEBAHAEAV?$istreambuf_iterator@GU?$char_traits@G@std@@@2@0HHAEAHAEBV?$ctype@G@2@@Z
?_Getint@?$time_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@AEBAHAEAV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@2@0HHAEAHAEBV?$ctype@_W@2@@Z

Sections

.text
Size: 335KB - Virtual size: 335KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 255KB - Virtual size: 255KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 14KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1008B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
mscms/scrrun.dll
.dll regsvr32 windows:10 windows x64 arch:x64

5684e53d4593797441fef52c573a45ba

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

scrrun.pdb

Imports

msvcrt

_XcptFilter
_amsg_exit
_callnewh
towupper
_wcsnicmp
_lock
iswalpha
wcscat_s
_itow_s
towlower
_ismbblead
_mbsicmp
_mbsnbcpy_s
strcat_s
_mbsdec
_mbctoupper
_mbctolower
isalpha
_mbsnbicmp
_itoa_s
_wcsicmp
__dllonexit
_onexit
strcmp
strncpy_s
free
_unlock
wcsncmp
bsearch
rand_s
wcsncpy_s
wcscpy_s
memmove_s
_purecall
memcpy_s
_vsnwprintf
sprintf_s
strcpy_s
_vsnprintf
__C_specific_handler
malloc
_initterm
memcmp
memcpy
memmove
memset
wcscmp

kernel32

GetSystemTimeAsFileTime
QueryPerformanceCounter
SleepConditionVariableSRW
WakeAllConditionVariable
SetUnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
Sleep
GetTickCount
MoveFileW
CopyFileW
GetWindowsDirectoryW
DeleteFileW
GetSystemDirectoryW
GetFileAttributesW
GetTempPathW
RemoveDirectoryW
GetShortPathNameW
FindNextFileW
GetFullPathNameW
CreateDirectoryW
SearchPathW
RemoveDirectoryA
GetWindowsDirectoryA
CompareStringW
SetLastError
DeleteFileA
LCMapStringA
MultiByteToWideChar
CompareStringA
GetSystemDirectoryA
LCMapStringW
WideCharToMultiByte
GetModuleFileNameA
GetFileAttributesA
CopyFileA
EnterCriticalSection
GetTempPathA
GetFullPathNameA
LeaveCriticalSection
InitializeCriticalSection
GetSystemDefaultUILanguage
FindNextFileA
GetUserDefaultUILanguage
GetModuleHandleA
MoveFileA
GetLocaleInfoW
GetVersionExW
UnmapViewOfFile
FindResourceExW
DeleteCriticalSection
GetShortPathNameA
FreeLibrary
LoadResource
GetStdHandle
CreateFileMappingW
MapViewOfFile
SetFileAttributesA
CreateDirectoryA
SetFileAttributesW
CreateSemaphoreExW
HeapFree
GetCurrentProcess
ReleaseSemaphore
GetUserDefaultLCID
GetModuleHandleExW
TerminateProcess
GetVersion
InitializeCriticalSectionEx
WaitForThreadpoolTimerCallbacks
FileTimeToLocalFileTime
WaitForSingleObject
GetCurrentThreadId
ReleaseMutex
GetVersionExA
FormatMessageW
GetLastError
ReleaseSRWLockExclusive
OutputDebugStringW
CloseThreadpoolTimer
FileTimeToSystemTime
AcquireSRWLockExclusive
WaitForSingleObjectEx
OpenSemaphoreW
CloseHandle
SetThreadpoolTimer
ReleaseSRWLockShared
RaiseException
CreateThreadpoolTimer
HeapAlloc
GetLocaleInfoA
GetModuleFileNameW
LoadLibraryExA
GetProcAddress
CreateMutexExW
AcquireSRWLockShared
GetCurrentProcessId
UnhandledExceptionFilter
GetProcessHeap
WriteConsoleW
GetFileInformationByHandle
GetConsoleMode
DebugBreak
PeekNamedPipe
IsDebuggerPresent
GetVolumeInformationW
GetLogicalDrives
GetDiskFreeSpaceW
GetDriveTypeA
SetErrorMode
GetVolumeInformationA
SetVolumeLabelW
GetDiskFreeSpaceA
SetVolumeLabelA
GetDriveTypeW
SetFilePointer
WriteFile
ReadFile
GetModuleHandleW
CreateFileA
FindFirstFileW
FindFirstFileA
FindClose
CreateFileW
LoadLibraryExW

oleaut32

VarR4FromCy
SysAllocString
VarCyFromR4
VariantCopy
SafeArrayLock
VarCyFromI4
VarDecFromI4
SafeArrayCreate
VariantClear
UnRegisterTypeLi
VarCyFromR8
VariantChangeTypeEx
LHashValOfNameSysA
LHashValOfNameSys
SysReAllocStringLen
LoadRegTypeLi
SafeArrayUnlock
VariantInit
SysStringLen
VarR4FromDec
SysAllocStringLen
SysFreeString
LoadTypeLibEx
SafeArrayDestroy

ole32

CLSIDFromProgID
CoCreateInstance
CLSIDFromString
StringFromCLSID
StringFromGUID2
CoTaskMemFree
CoGetMalloc

advapi32

RegOpenKeyExA
RegEnumKeyA
RegCloseKey
RegOpenKeyA
RegSetValueA
RegDeleteKeyA
RegQueryValueExA
RegQueryValueA
RegOpenKeyExW
RegSetValueExA
RegQueryInfoKeyA
RegQueryValueExW
RegCreateKeyA
IsTextUnicode

user32

CharNextA
LoadStringA

version

GetFileVersionInfoSizeA
VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueA
GetFileVersionInfoA

Exports

Exports

DLLGetDocumentation
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
DoOpenPipeStream

Sections

.text
Size: 135KB - Virtual size: 135KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 42KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
netprofm/TapiSysprep.dll
.dll windows:10 windows x64 arch:x64

397bc475fccba616c4c1b87402a4b3b1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

tapisysprep.pdb

Imports

msvcrt

_amsg_exit
__C_specific_handler
_initterm
malloc
free
_XcptFilter

advapi32

RegCloseKey
RegEnumKeyExW
RegQueryValueExW
RegOpenKeyExW

shlwapi

SHDeleteKeyW

wdscore

WdsSetupLogMessageW
CurrentIP
ConstructPartialMsgVW

kernel32

RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
UnhandledExceptionFilter
GetSystemTimeAsFileTime
GetCurrentThreadId
SetUnhandledExceptionFilter
QueryPerformanceCounter
GetCurrentProcess
TerminateProcess
GetTickCount
Sleep
GetLastError
GetCurrentProcessId

Exports

Exports

TapiSysPrepClean

Sections

.text
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 312B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 28B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
netprofm/netprofm.dll
.dll regsvr32 windows:10 windows x64 arch:x64

affb8b2ee176e881ad572d4ee006ac27

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

netprofm.pdb

Imports

msvcp_win

?_Xlength_error@std@@YAXPEBD@Z

api-ms-win-crt-string-l1-1-0

memset

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o__crt_atexit
_o__errno
_o__execute_onexit_table
_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__purecall
_o__recalloc
_o__register_onexit_function
_o__resetstkoflw
_o__seh_filter_dll
memmove
_o_calloc
_o_free
_o_malloc
_o_terminate
_o_toupper
_o_wcscat_s
_o_wcscpy_s
__CxxFrameHandler3
_CxxThrowException
_o___stdio_common_vswprintf
_o__cexit
_o___stdio_common_vsnprintf_s
_o__callnewh
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
_o__configure_narrow_argv
__C_specific_handler
__std_terminate
__CxxFrameHandler4
memcmp
memcpy

ntdll

RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext

api-ms-win-core-libraryloader-l1-2-0

GetModuleFileNameA
GetModuleHandleW
GetProcAddress
GetModuleHandleExW
DisableThreadLibraryCalls
LoadLibraryExW
GetModuleFileNameW

api-ms-win-core-synch-l1-1-0

CreateSemaphoreExW
InitializeCriticalSectionEx
OpenSemaphoreW
EnterCriticalSection
InitializeCriticalSectionAndSpinCount
ReleaseSemaphore
LeaveCriticalSection
WaitForSingleObject
ReleaseSRWLockExclusive
ResetEvent
SetEvent
ReleaseMutex
CreateEventW
CreateMutexExW
InitializeCriticalSection
AcquireSRWLockExclusive
DeleteCriticalSection
WaitForSingleObjectEx

api-ms-win-core-heap-l1-1-0

HeapAlloc
HeapFree
GetProcessHeap

api-ms-win-core-errorhandling-l1-1-0

GetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter
SetLastError
RaiseException

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
TerminateProcess
CreateThread

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-eventing-classicprovider-l1-1-0

UnregisterTraceGuids
GetTraceLoggerHandle
RegisterTraceGuidsW
GetTraceEnableLevel
GetTraceEnableFlags
TraceMessage

api-ms-win-core-debug-l1-1-0

DebugBreak
IsDebuggerPresent
OutputDebugStringW

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-eventing-provider-l1-1-0

EventSetInformation
EventRegister
EventWriteTransfer
EventUnregister
EventProviderEnabled
EventActivityIdControl

api-ms-win-core-registry-l1-1-0

RegOpenKeyExW
RegCloseKey
RegGetValueW
RegQueryValueExW
RegQueryInfoKeyW

api-ms-win-core-sysinfo-l1-1-0

GetTickCount64
GetSystemTimeAsFileTime
GetTickCount

api-ms-win-core-timezone-l1-1-0

SystemTimeToFileTime

api-ms-win-core-threadpool-l1-2-0

CreateThreadpoolWork
SubmitThreadpoolWork
CloseThreadpoolWork

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-threadpool-legacy-l1-1-0

DeleteTimerQueueTimer
CreateTimerQueueTimer

api-ms-win-core-heap-l2-1-0

LocalAlloc
LocalFree

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 158KB - Virtual size: 158KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 34KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 328B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
netprofm/rpcnsh.dll
.dll windows:10 windows x64 arch:x64

00ce5d3d7014818cc40866bdfd22be77

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

rpcnsh.pdb

Imports

msvcrt

_wtoi
atol
memcpy
_initterm
_amsg_exit
_XcptFilter
free
_callnewh
malloc
wcsrchr
printf
swscanf
_wcsicmp
_vsnprintf
__C_specific_handler
memset

ntdll

RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
WinSqmIncrementDWORD
WinSqmIsOptedIn

netsh.exe

RegisterContext
RegisterHelper
MatchToken
PrintMessage
PrintError
PreprocessCommand
PrintMessageFromModule

ws2_32

WSAStartup
WSAStringToAddressW
WSAGetLastError
inet_ntoa
inet_pton

advapi32

ConvertStringSecurityDescriptorToSecurityDescriptorW
ConvertSecurityDescriptorToStringSecurityDescriptorW
RegSetValueExA
RegCloseKey
RegGetValueA
RegCreateKeyExA
RegDeleteKeyExA
RegOpenKeyExA

iphlpapi

GetIfEntry
GetIpAddrTable

kernel32

GetCurrentProcess
GetTickCount
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
Sleep
GetLastError
GetModuleHandleA
SetUnhandledExceptionFilter
TerminateProcess
LocalFree
UnhandledExceptionFilter

rpcrt4

UuidCreateSequential
UuidCreateNil
UuidIsNil
UuidEqual

fwpuclnt

FwpmFilterDeleteByKey0
FwpmEngineOpen0
FwpmFilterCreateEnumHandle0
FwpmFilterEnum0
FwpmEngineClose0
FwpmFreeMemory0
FwpmFilterDestroyEnumHandle0
FwpmFilterAdd0

Exports

Exports

InitHelperDll

Sections

.text
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1024B - Virtual size: 756B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
netprofm/socialapis.dll
.dll windows:10 windows x64 arch:x64

d9b95dc964953cd6b1c3f52ff54556e6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

SocialApis.pdb

Imports

msvcrt

_unlock
_onexit
_errno
_initterm
__C_specific_handler
_lock
__dllonexit
_amsg_exit
_XcptFilter
_callnewh
realloc
_purecall
memmove_s
wcsncpy_s
malloc
free
memcpy_s
__CxxFrameHandler3
memset

api-ms-win-core-libraryloader-l1-2-0

FreeLibrary
GetModuleHandleW
GetProcAddress
LoadLibraryExW
DisableThreadLibraryCalls
SizeofResource
LoadResource
FindResourceExW
GetModuleFileNameW
GetModuleHandleExW

api-ms-win-core-synch-l1-2-0

InitOnceExecuteOnce
Sleep

api-ms-win-core-synch-l1-1-0

AcquireSRWLockShared
InitializeSRWLock
EnterCriticalSection
InitializeCriticalSection
LeaveCriticalSection
ReleaseSRWLockShared
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
DeleteCriticalSection

api-ms-win-core-registry-l1-1-0

RegCreateKeyExW
RegEnumKeyExW
RegCloseKey
RegOpenKeyExW
RegSetValueExW
RegDeleteValueW
RegQueryInfoKeyW

api-ms-win-eventing-provider-l1-1-0

EventRegister
EventWriteTransfer
EventUnregister

api-ms-win-core-util-l1-1-0

EncodePointer
DecodePointer

api-ms-win-core-string-l2-1-0

CharNextW

api-ms-win-core-string-l1-1-0

MultiByteToWideChar

api-ms-win-core-errorhandling-l1-1-0

GetLastError
RaiseException
SetUnhandledExceptionFilter
UnhandledExceptionFilter

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpiW

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-threadpool-l1-2-0

SubmitThreadpoolWork
CloseThreadpoolWork
FreeLibraryWhenCallbackReturns
CreateThreadpoolWork

api-ms-win-security-base-l1-1-0

GetTokenInformation
RevertToSelf

api-ms-win-core-processthreads-l1-1-0

OpenThreadToken
GetCurrentThreadId
GetCurrentProcess
OpenProcessToken
GetCurrentThread
SetThreadToken
GetCurrentProcessId
TerminateProcess

api-ms-win-core-processthreads-l1-1-1

OpenProcess

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlCaptureContext
RtlVirtualUnwind

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount

api-ms-win-core-debug-l1-1-0

OutputDebugStringA

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

DllCanUnloadNow
DllGetActivationFactory
DllGetClassObject

Sections

.text
Size: 85KB - Virtual size: 85KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 296B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
setup.msi
.msi
password.jpg
.jpg

Sharing

General

Malware Config

Signatures

Files

Password: 2024

Password: 2024

Password: 2024

e06fe0d53e5834d5eeea2d913edb0995

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-private-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-synch-l1-1-0

api-ms-win-core-util-l1-1-0

api-ms-win-eventing-provider-l1-1-0

api-ms-win-core-debug-l1-1-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-localization-l1-2-0

api-ms-win-core-synch-l1-2-0

api-ms-win-core-rtlsupport-l1-1-0

api-ms-win-core-processthreads-l1-1-1

api-ms-win-core-profile-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-core-interlocked-l1-1-0

api-ms-win-core-libraryloader-l1-1-0

ntdll

api-ms-win-core-heap-l1-1-0

api-ms-win-core-file-l1-2-0

api-ms-win-core-handle-l1-1-0

api-ms-win-core-file-l1-1-0

api-ms-win-core-string-l1-1-0

api-ms-win-core-url-l1-1-0

api-ms-win-core-registry-l1-1-0

api-ms-win-core-processenvironment-l1-1-0

api-ms-win-core-heap-obsolete-l1-1-0

api-ms-win-core-delayload-l1-1-0

opcservices

api-ms-win-core-kernel32-legacy-l1-1-0

api-ms-win-core-file-l2-1-0

api-ms-win-core-localization-obsolete-l1-2-0

api-ms-win-core-timezone-l1-1-0

api-ms-win-security-base-l1-1-0

Exports

Exports

Sections

.text Size: 199KB - Virtual size: 199KB

.rdata Size: 49KB - Virtual size: 49KB

.data Size: 1024B - Virtual size: 3KB

.pdata Size: 9KB - Virtual size: 8KB

.didat Size: 512B - Virtual size: 440B

.rsrc Size: 7KB - Virtual size: 6KB

.reloc Size: 1024B - Virtual size: 832B

Password: 2024

dd5e8a87d388e7f0e0dcb3f9ea5a64ef

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

ole32

oleaut32

kernel32

user32

advapi32

gdi32

shlwapi

rpcrt4

slc

Exports

Exports

Sections

.text Size: 1.4MB - Virtual size: 1.4MB

.rdata Size: 1.2MB - Virtual size: 1.2MB

.text
Size: 199KB - Virtual size: 199KB

.rdata
Size: 49KB - Virtual size: 49KB

.data
Size: 1024B - Virtual size: 3KB

.pdata
Size: 9KB - Virtual size: 8KB

.didat
Size: 512B - Virtual size: 440B

.rsrc
Size: 7KB - Virtual size: 6KB

.reloc
Size: 1024B - Virtual size: 832B

.text
Size: 1.4MB - Virtual size: 1.4MB

.rdata
Size: 1.2MB - Virtual size: 1.2MB

.data
Size: 266KB - Virtual size: 270KB

.pdata
Size: 81KB - Virtual size: 80KB

.rsrc
Size: 314KB - Virtual size: 314KB

.reloc
Size: 60KB - Virtual size: 59KB

.text
Size: 44KB - Virtual size: 44KB

.rdata
Size: 24KB - Virtual size: 23KB

.data
Size: 2KB - Virtual size: 3KB

.pdata
Size: 2KB - Virtual size: 2KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 1024B - Virtual size: 992B

33:00:00:02:66:bd:15:80:ef:a7:5c:d6:d3:00:00:00:00:02:66
Certificate

61:07:76:56:00:00:00:00:00:08
Certificate

6f:9e:99:aa:cf:23:07:0a:2d:84:76:5f:a8:29:7f:7f:a9:06:5a:9a:c4:e4:91:14:01:d7:c1:31:9f:48:ee:1c
Signer

.text
Size: 69KB - Virtual size: 68KB

.rdata
Size: 18KB - Virtual size: 18KB

.data
Size: 1024B - Virtual size: 3KB