SessEnv.pdb
Overview
overview
10Static
static
3__x64___se...nv.dll
windows10-2004-x64
1__x64___se...or.dll
windows10-2004-x64
1__x64___se...vc.dll
windows10-2004-x64
1__x64___se...df.dll
windows10-2004-x64
1__x64___se...nc.dll
windows10-2004-x64
1__x64___se...tr.dll
windows10-2004-x64
1__x64___se...el.dll
windows10-2004-x64
1__x64___se...lg.dll
windows10-2004-x64
1__x64___se...ab.dll
windows10-2004-x64
1__x64___se...rf.dll
windows10-2004-x64
1__x64___se...on.dll
windows10-2004-x64
1__x64___se...al.dll
windows10-2004-x64
1__x64___se...SM.dll
windows10-2004-x64
1__x64___se...ms.dll
windows10-2004-x64
1__x64___se...20.dll
windows7-x64
1__x64___se...20.dll
windows10-2004-x64
1__x64___se...un.dll
windows10-2004-x64
7__x64___se...up.msi
windows7-x64
6__x64___se...up.msi
windows10-2004-x64
10__x64___se...ph.dll
windows10-2004-x64
1__x64___se...rs.dll
windows10-2004-x64
1__x64___se...rv.dll
windows10-2004-x64
1__x64___se...re.dll
windows10-2004-x64
1Static task
static1
Behavioral task
behavioral1
Sample
__x64___setup___x32__/SettingMonitor/SessEnv.dll
Resource
win10v2004-20240226-en
Behavioral task
behavioral2
Sample
__x64___setup___x32__/SettingMonitor/SettingMonitor.dll
Resource
win10v2004-20240611-en
Behavioral task
behavioral3
Sample
__x64___setup___x32__/SettingMonitor/pnrpsvc.dll
Resource
win10v2004-20240611-en
Behavioral task
behavioral4
Sample
__x64___setup___x32__/SettingMonitor/uudf.dll
Resource
win10v2004-20240611-en
Behavioral task
behavioral5
Sample
__x64___setup___x32__/SettingSync/SettingSync.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral6
Sample
__x64___setup___x32__/SettingSync/rasmontr.dll
Resource
win10v2004-20240226-en
Behavioral task
behavioral7
Sample
__x64___setup___x32__/SettingSync/schannel.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral8
Sample
__x64___setup___x32__/SettingSync/sppcommdlg.dll
Resource
win10v2004-20240611-en
Behavioral task
behavioral9
Sample
__x64___setup___x32__/dab/dab.dll
Resource
win10v2004-20240611-en
Behavioral task
behavioral10
Sample
__x64___setup___x32__/dab/diagperf.dll
Resource
win10v2004-20240611-en
Behavioral task
behavioral11
Sample
__x64___setup___x32__/dab/fcon.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral12
Sample
__x64___setup___x32__/dab/hal.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral13
Sample
__x64___setup___x32__/mscms/NPSM.dll
Resource
win10v2004-20240611-en
Behavioral task
behavioral14
Sample
__x64___setup___x32__/mscms/mscms.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral15
Sample
__x64___setup___x32__/mscms/msvcp120.dll
Resource
win7-20240221-en
Behavioral task
behavioral16
Sample
__x64___setup___x32__/mscms/msvcp120.dll
Resource
win10v2004-20240611-en
Behavioral task
behavioral17
Sample
__x64___setup___x32__/mscms/scrrun.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral18
Sample
__x64___setup___x32__/setup.msi
Resource
win7-20240508-en
Behavioral task
behavioral19
Sample
__x64___setup___x32__/setup.msi
Resource
win10v2004-20240611-en
Behavioral task
behavioral20
Sample
__x64___setup___x32__/vmrdvcore/mssph.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral21
Sample
__x64___setup___x32__/vmrdvcore/perfctrs.dll
Resource
win10v2004-20240226-en
Behavioral task
behavioral22
Sample
__x64___setup___x32__/vmrdvcore/tapisrv.dll
Resource
win10v2004-20240611-en
Behavioral task
behavioral23
Sample
__x64___setup___x32__/vmrdvcore/vmrdvcore.dll
Resource
win10v2004-20240508-en
General
-
Target
ff654bc32dcbba43b22e006634fc0ef4.bin
-
Size
35.3MB
-
MD5
5ebec6d6ca28a0f4492b866699cd0855
-
SHA1
f49572ea016cf7aca7ba388793e4dc3f3c6bc9b9
-
SHA256
1adf1646b9113fd13d0e6745b83a59fae2160ba93ecade45be63dd210cf6c8a6
-
SHA512
6cb052f8a74507993f2d3429775c4a9fbcd28c177e3a0ec2300160e55de39da440a0ff48c55eaa63557fa7d66ab78de46cd244ebe524a1747562f3405f0c58b7
-
SSDEEP
786432:XptkKH/LpFhB2+jnU/FQnxvw8+bYhAf35PDL/q:zHNFv2+jnMFE+cKv5PXq
Malware Config
Signatures
-
Unsigned PE 17 IoCs
Checks for missing Authenticode signature.
Processes:
resource unpack002/__x64___setup___x32__/SettingMonitor/SessEnv.dll unpack002/__x64___setup___x32__/SettingMonitor/SettingMonitor.dll unpack002/__x64___setup___x32__/SettingMonitor/pnrpsvc.dll unpack002/__x64___setup___x32__/SettingMonitor/uudf.dll unpack002/__x64___setup___x32__/SettingSync/SettingSync.dll unpack002/__x64___setup___x32__/SettingSync/rasmontr.dll unpack002/__x64___setup___x32__/SettingSync/schannel.dll unpack002/__x64___setup___x32__/SettingSync/sppcommdlg.dll unpack002/__x64___setup___x32__/dab/dab.dll unpack002/__x64___setup___x32__/dab/diagperf.dll unpack002/__x64___setup___x32__/dab/fcon.dll unpack002/__x64___setup___x32__/mscms/NPSM.dll unpack002/__x64___setup___x32__/mscms/scrrun.dll unpack002/__x64___setup___x32__/vmrdvcore/mssph.dll unpack002/__x64___setup___x32__/vmrdvcore/perfctrs.dll unpack002/__x64___setup___x32__/vmrdvcore/tapisrv.dll unpack002/__x64___setup___x32__/vmrdvcore/vmrdvcore.dll
Files
-
ff654bc32dcbba43b22e006634fc0ef4.bin.zip
Password: infected
-
f4f4dd8a1fca44d6d7c78da7dc5741b91250eabf8faae79604c786672ea2efb8.zip.zip
Password: infected
-
__x64___setup___x32__/SettingMonitor/SessEnv.dll.dll windows:10 windows x64 arch:x64
Password: infected
c252150e2ab272715077e6f59b74980d
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
PDB Paths
Imports
msvcrt
memset
_CxxThrowException
?what@exception@@UEBAPEBDXZ
strcmp
_onexit
memcpy
memmove
?terminate@@YAXXZ
??1type_info@@UEAA@XZ
wcscat_s
??1exception@@UEAA@XZ
wcschr
??_V@YAXPEAX@Z
memmove_s
_wtol
??0exception@@QEAA@AEBV0@@Z
_wcsicmp
swprintf_s
memcpy_s
_vsnprintf
_vsnwprintf
memcmp
toupper
??0exception@@QEAA@AEBQEBDH@Z
??0exception@@QEAA@AEBQEBD@Z
_callnewh
__dllonexit
_unlock
_wcsnicmp
wcsrchr
wcsncmp
iswalpha
_lock
__CxxFrameHandler3
__C_specific_handler
_initterm
malloc
free
_amsg_exit
_XcptFilter
_purecall
??3@YAXPEAX@Z
wcscpy_s
wcscmp
ntdll
NtQueryInformationProcess
NtDuplicateToken
RtlFreeHeap
RtlAllocateHeap
RtlNtStatusToDosError
RtlCaptureContext
WinSqmSetDWORD
WinSqmStartSession
WinSqmAddToStream
WinSqmEndSession
WinSqmIsOptedIn
RtlGetActiveConsoleId
EtwEventWriteFull
EtwEventRegister
EtwEventUnregister
RtlUnsubscribeWnfStateChangeNotification
RtlSubscribeWnfStateChangeNotification
NtQueryWnfStateData
RtlInsertElementGenericTable
RtlLookupElementGenericTable
RtlQueryEnvironmentVariable_U
RtlInitUnicodeStringEx
RtlInitializeGenericTable
RtlDeleteElementGenericTable
RtlEnumerateGenericTable
RtlAllocateAndInitializeSid
RtlAcquireResourceExclusive
RtlReleaseResource
RtlAcquireResourceShared
DbgPrint
RtlEqualSid
VerSetConditionMask
RtlFreeSid
RtlLookupFunctionEntry
RtlInitializeResource
RtlVerifyVersionInfo
RtlCaptureStackBackTrace
RtlDeleteResource
NtQuerySystemInformation
RtlVirtualUnwind
RtlLengthSid
api-ms-win-core-libraryloader-l1-2-0
FreeLibrary
LoadStringW
GetModuleHandleExW
GetProcAddress
DisableThreadLibraryCalls
GetModuleHandleW
GetModuleFileNameW
LoadLibraryExW
GetModuleFileNameA
api-ms-win-core-errorhandling-l1-1-0
SetLastError
GetLastError
SetUnhandledExceptionFilter
UnhandledExceptionFilter
api-ms-win-core-handle-l1-1-0
CloseHandle
DuplicateHandle
api-ms-win-service-core-l1-1-0
SetServiceStatus
RegisterServiceCtrlHandlerExW
api-ms-win-core-synch-l1-1-0
DeleteCriticalSection
InitializeCriticalSection
ReleaseSRWLockExclusive
LeaveCriticalSection
AcquireSRWLockExclusive
ReleaseSemaphore
EnterCriticalSection
CreateEventW
SetEvent
CreateSemaphoreExW
ReleaseSRWLockShared
AcquireSRWLockShared
InitializeCriticalSectionAndSpinCount
InitializeCriticalSectionEx
WaitForSingleObject
OpenSemaphoreW
CreateMutexExW
WaitForMultipleObjectsEx
WaitForSingleObjectEx
ResetEvent
ReleaseMutex
api-ms-win-core-registry-l1-1-0
RegGetValueW
RegCloseKey
RegSetValueExW
RegEnumKeyExW
RegNotifyChangeKeyValue
RegDeleteValueW
RegEnumValueW
RegQueryInfoKeyW
RegUnLoadKeyW
RegCreateKeyExW
RegLoadKeyW
RegDeleteTreeW
RegQueryValueExW
RegOpenKeyExW
RegOpenCurrentUser
api-ms-win-eventing-provider-l1-1-0
EventWriteTransfer
EventRegister
EventActivityIdControl
EventSetInformation
EventUnregister
EventProviderEnabled
api-ms-win-core-synch-l1-2-0
InitOnceExecuteOnce
Sleep
api-ms-win-core-profile-l1-1-0
QueryPerformanceCounter
QueryPerformanceFrequency
api-ms-win-core-processthreads-l1-1-0
CreateProcessAsUserW
GetThreadId
TerminateThread
ProcessIdToSessionId
GetCurrentThreadId
CreateThread
GetCurrentThread
OpenProcessToken
OpenThreadToken
GetCurrentProcess
TerminateProcess
CreateProcessW
GetCurrentProcessId
api-ms-win-core-sysinfo-l1-1-0
GetSystemDirectoryW
GetTickCount
GetComputerNameExW
GetVersionExW
GetSystemTime
GetSystemTimeAsFileTime
GetLocalTime
api-ms-win-core-threadpool-legacy-l1-1-0
CreateTimerQueue
DeleteTimerQueueEx
CreateTimerQueueTimer
UnregisterWaitEx
DeleteTimerQueueTimer
sysntfy
SysNotifyStartServer
SysNotifyStopServer
dismapi
DismDisableFeature
DismOpenSession
DismEnableFeature
DismShutdown
DismInitialize
api-ms-win-eventing-controller-l1-1-0
ControlTraceW
EnableTraceEx2
StartTraceW
api-ms-win-core-com-l1-1-0
CoUninitialize
CoCreateInstanceEx
CoTaskMemAlloc
StringFromCLSID
CoCreateInstance
CoCreateGuid
CoInitializeEx
CoWaitForMultipleHandles
CoSetProxyBlanket
CoTaskMemFree
api-ms-win-core-debug-l1-1-0
DebugBreak
OutputDebugStringW
IsDebuggerPresent
OutputDebugStringA
api-ms-win-security-base-l1-1-0
GetFileSecurityW
CopySid
GetAce
EqualSid
CheckTokenMembership
GetAclInformation
FreeSid
GetSecurityDescriptorDacl
SetSecurityDescriptorDacl
DuplicateToken
GetSecurityDescriptorLength
SetSecurityDescriptorControl
InitializeSecurityDescriptor
IsValidSid
DeleteAce
GetSecurityDescriptorControl
CreateWellKnownSid
AllocateAndInitializeSid
GetLengthSid
RevertToSelf
GetTokenInformation
ImpersonateLoggedOnUser
SetTokenInformation
SetFileSecurityW
AdjustTokenPrivileges
DuplicateTokenEx
MakeAbsoluteSD
api-ms-win-core-heap-l1-1-0
HeapAlloc
GetProcessHeap
HeapFree
HeapReAlloc
api-ms-win-core-threadpool-l1-2-0
WaitForThreadpoolTimerCallbacks
CloseThreadpoolTimer
CreateThreadpoolTimer
SetThreadpoolTimer
api-ms-win-core-heap-l2-1-0
LocalAlloc
LocalFree
api-ms-win-security-sddl-l1-1-0
ConvertSidToStringSidW
ConvertStringSecurityDescriptorToSecurityDescriptorW
ConvertStringSidToSidW
api-ms-win-core-localization-l1-2-0
FormatMessageW
rpcrt4
RpcBindingCopy
RpcBindingUnbind
Ndr64AsyncClientCall
UuidCreate
I_RpcBindingInqLocalClientPID
I_RpcExceptionFilter
UuidToStringW
RpcStringFreeW
NdrServerCall2
NdrServerCallAll
RpcServerInqDefaultPrincNameW
RpcServerRegisterAuthInfoW
RpcServerUseProtseqEpW
RpcServerRegisterIfEx
RpcAsyncCompleteCall
RpcBindingBind
RpcBindingCreateW
UuidFromStringW
RpcAsyncInitializeHandle
RpcBindingVectorFree
RpcEpRegisterW
RpcServerInqBindings
RpcServerUseProtseqExW
RpcBindingFree
RpcBindingInqAuthClientW
RpcBindingServerFromClient
RpcServerUnregisterIfEx
RpcBindingToStringBindingW
RpcStringBindingParseW
RpcServerInqCallAttributesW
RpcGetAuthorizationContextForClient
RpcFreeAuthorizationContext
RpcImpersonateClient
RpcRevertToSelf
api-ms-win-core-file-l1-1-0
GetFileAttributesW
GetFileSizeEx
ReadFile
SetFileAttributesW
DeleteVolumeMountPointW
CreateFileW
FindNextVolumeW
GetFileTime
WriteFile
FindClose
FindFirstVolumeW
RemoveDirectoryW
DeleteFileW
FindFirstFileW
FindNextFileW
FileTimeToLocalFileTime
SetFilePointer
CompareFileTime
CreateDirectoryW
FindVolumeClose
api-ms-win-core-string-l1-1-0
WideCharToMultiByte
MultiByteToWideChar
api-ms-win-core-synch-l1-2-1
WaitForMultipleObjects
api-ms-win-core-shutdown-l1-1-0
InitiateSystemShutdownExW
api-ms-win-core-timezone-l1-1-0
SystemTimeToFileTime
FileTimeToSystemTime
api-ms-win-core-processenvironment-l1-1-0
ExpandEnvironmentStringsW
api-ms-win-core-io-l1-1-0
DeviceIoControl
api-ms-win-core-file-l2-1-0
MoveFileWithProgressW
GetFileInformationByHandleEx
CopyFileExW
CreateSymbolicLinkW
api-ms-win-core-path-l1-1-0
PathCchCombine
api-ms-win-core-processthreads-l1-1-1
GetProcessMitigationPolicy
OpenProcess
api-ms-win-core-psapi-l1-1-0
QueryFullProcessImageNameW
samcli
NetLocalGroupDelMembers
NetLocalGroupAddMembers
NetUserGetInfo
api-ms-win-core-file-l1-2-0
GetTempPathW
GetVolumeNameForVolumeMountPointW
GetVolumePathNamesForVolumeNameW
api-ms-win-eventing-classicprovider-l1-1-0
TraceMessage
api-ms-win-security-credentials-l1-1-0
CredUnprotectW
api-ms-win-core-delayload-l1-1-1
ResolveDelayLoadedAPI
api-ms-win-core-delayload-l1-1-0
DelayLoadFailureHook
api-ms-win-core-heap-obsolete-l1-1-0
LocalSize
api-ms-win-core-string-obsolete-l1-1-0
lstrcmpiW
api-ms-win-core-shlwapi-obsolete-l1-1-0
StrToIntExW
api-ms-win-security-lsalookup-l1-1-0
LookupAccountSidLocalW
api-ms-win-core-kernel32-legacy-l1-1-0
WTSGetActiveConsoleSessionId
MoveFileW
GetComputerNameW
api-ms-win-core-kernel32-legacy-l1-1-1
VerifyVersionInfoW
SetVolumeMountPointW
api-ms-win-core-registry-l2-1-0
RegDeleteKeyW
RegEnumKeyW
api-ms-win-security-provider-l1-1-0
SetEntriesInAclW
scecli
SceSetupSystemByInfName
api-ms-win-core-libraryloader-l1-2-1
LoadLibraryW
api-ms-win-security-lsapolicy-l1-1-0
LsaFreeMemory
api-ms-win-core-apiquery-l1-1-0
ApiSetQueryApiSetPresence
api-ms-win-eventlog-legacy-l1-1-0
DeregisterEventSource
ReportEventW
RegisterEventSourceW
Exports
Exports
ServiceMain
SvchostPushServiceGlobals
Sections
.text Size: 362KB - Virtual size: 361KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 144KB - Virtual size: 144KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 2KB - Virtual size: 17KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 14KB - Virtual size: 13KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.didat Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
__x64___setup___x32__/SettingMonitor/SettingMonitor.dll.dll windows:10 windows x64 arch:x64
Password: infected
4d80d07630c7e6d5d9d8f47c9eb385d7
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
PDB Paths
SettingMonitor.pdb
Imports
msvcrt
memcpy
_CxxThrowException
memcmp
__CxxFrameHandler3
__dllonexit
_unlock
_onexit
_initterm
malloc
_amsg_exit
_XcptFilter
free
memmove_s
__C_specific_handler
iswalnum
??1exception@@UEAA@XZ
??0exception@@QEAA@XZ
??0exception@@QEAA@AEBV0@@Z
_vsnprintf_s
_callnewh
??1type_info@@UEAA@XZ
_lock
_vsnwprintf
_purecall
memcpy_s
memmove
memset
api-ms-win-shcore-taskpool-l1-1-0
SHTaskPoolGetUniqueContext
SHTaskPoolQueueTask
api-ms-win-shcore-sysinfo-l1-1-0
IsOS
api-ms-win-shcore-obsolete-l1-1-0
SHStrDupW
api-ms-win-shcore-registry-l1-1-0
SHGetValueW
SHDeleteValueW
SHSetValueW
policymanager
PolicyManager_GetPolicyInt
api-ms-win-core-libraryloader-l1-2-0
GetModuleHandleW
DisableThreadLibraryCalls
GetModuleFileNameA
GetProcAddress
GetModuleHandleExW
GetModuleFileNameW
api-ms-win-core-synch-l1-1-0
DeleteCriticalSection
AcquireSRWLockExclusive
AcquireSRWLockShared
ReleaseSRWLockShared
LeaveCriticalSection
ReleaseSemaphore
WaitForSingleObject
InitializeCriticalSection
InitializeCriticalSectionEx
EnterCriticalSection
ReleaseMutex
CreateEventW
ReleaseSRWLockExclusive
WaitForSingleObjectEx
OpenSemaphoreW
OpenEventW
CreateMutexExW
CreateSemaphoreExW
api-ms-win-core-heap-l1-1-0
HeapAlloc
GetProcessHeap
HeapFree
api-ms-win-core-errorhandling-l1-1-0
SetUnhandledExceptionFilter
GetLastError
UnhandledExceptionFilter
SetLastError
api-ms-win-core-processthreads-l1-1-0
TerminateProcess
GetCurrentThreadId
OpenThreadToken
GetCurrentThread
OpenProcessToken
GetCurrentProcess
GetCurrentProcessId
api-ms-win-core-localization-l1-2-0
FormatMessageW
api-ms-win-core-debug-l1-1-0
OutputDebugStringW
DebugBreak
IsDebuggerPresent
OutputDebugStringA
api-ms-win-core-handle-l1-1-0
CloseHandle
api-ms-win-core-com-l1-1-0
CoTaskMemRealloc
CoCreateInstance
CoTaskMemAlloc
PropVariantClear
CoEnableCallCancellation
CoTaskMemFree
CoDisableCallCancellation
CoGetMalloc
CoCancelCall
CoInitializeEx
IIDFromString
CLSIDFromString
CoRevokeClassObject
CoRegisterClassObject
CoUninitialize
api-ms-win-core-winrt-error-l1-1-0
RoOriginateError
api-ms-win-core-sysinfo-l1-1-0
GetTickCount
GetSystemTimeAsFileTime
api-ms-win-core-string-l1-1-0
CompareStringOrdinal
api-ms-win-eventing-provider-l1-1-0
EventRegister
EventUnregister
EventWriteTransfer
api-ms-win-core-registry-l1-1-0
RegCloseKey
RegCreateKeyExW
RegGetValueW
RegEnumKeyExW
RegQueryInfoKeyW
RegNotifyChangeKeyValue
RegOpenKeyExW
RegSetValueExW
api-ms-win-eventing-classicprovider-l1-1-0
GetTraceEnableFlags
RegisterTraceGuidsW
TraceMessage
UnregisterTraceGuids
GetTraceLoggerHandle
GetTraceEnableLevel
api-ms-win-core-util-l1-1-0
DecodePointer
EncodePointer
api-ms-win-core-synch-l1-2-0
InitOnceExecuteOnce
Sleep
api-ms-win-core-file-l1-1-0
CompareFileTime
api-ms-win-core-threadpool-l1-2-0
CreateThreadpoolWait
SetThreadpoolWait
CloseThreadpoolWork
CreateThreadpoolWork
SubmitThreadpoolWork
CreateThreadpoolTimer
CloseThreadpoolTimer
CloseThreadpoolWait
SetThreadpoolTimer
WaitForThreadpoolTimerCallbacks
WaitForThreadpoolWaitCallbacks
api-ms-win-core-heap-l2-1-0
LocalFree
LocalAlloc
api-ms-win-core-libraryloader-l1-2-1
LoadLibraryW
api-ms-win-core-path-l1-1-0
PathCchCombine
api-ms-win-core-rtlsupport-l1-1-0
RtlLookupFunctionEntry
RtlCaptureContext
RtlVirtualUnwind
api-ms-win-core-profile-l1-1-0
QueryPerformanceCounter
api-ms-win-core-sysinfo-l1-2-0
GetOsSafeBootMode
api-ms-win-core-sidebyside-l1-1-0
CreateActCtxW
FindActCtxSectionStringW
ActivateActCtx
DeactivateActCtx
QueryActCtxW
api-ms-win-core-threadpool-legacy-l1-1-0
DeleteTimerQueueTimer
CreateTimerQueueTimer
ntdll
NtQueryInformationToken
NtPowerInformation
user32
DefWindowProcW
UnregisterPowerSettingNotification
DestroyWindow
SetWindowLongPtrW
SetCoalescableTimer
KillTimer
RegisterPowerSettingNotification
GetWindowLongPtrW
api-ms-win-core-delayload-l1-1-1
ResolveDelayLoadedAPI
api-ms-win-core-delayload-l1-1-0
DelayLoadFailureHook
Exports
Exports
DllCanUnloadNow
DllGetClassObject
Sections
.text Size: 115KB - Virtual size: 115KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 33KB - Virtual size: 33KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 512B - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 8KB - Virtual size: 8KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.didat Size: 512B - Virtual size: 512B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
__x64___setup___x32__/SettingMonitor/pnrpsvc.dll.dll windows:10 windows x64 arch:x64
Password: infected
37f774d87f855a0f404a69308f3151da
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
PDB Paths
pnrpsvc.pdb
Imports
msvcrt
_lock
wcsncmp
swscanf_s
_wcsnicmp
_unlock
wcschr
_onexit
strcmp
_purecall
memmove
_initterm
memcmp
iswdigit
__dllonexit
_stricmp
free
_vsnwprintf
iswalpha
towlower
printf
_wcsicmp
qsort_s
?terminate@@YAXXZ
memset
_vsnprintf
__C_specific_handler
wcscat_s
memcpy
malloc
_amsg_exit
_XcptFilter
__CxxFrameHandler3
wcscmp
ntdll
RtlIpv4AddressToStringExW
RtlFreeUnicodeString
EtwTraceMessage
RtlStringFromGUID
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
EtwUnregisterTraceGuids
EtwGetTraceEnableFlags
EtwGetTraceLoggerHandle
EtwGetTraceEnableLevel
EtwRegisterTraceGuidsW
RtlIpv6AddressToStringExW
api-ms-win-core-libraryloader-l1-2-0
GetModuleHandleExW
FreeLibrary
GetProcAddress
LoadLibraryExW
DisableThreadLibraryCalls
api-ms-win-core-synch-l1-2-0
Sleep
api-ms-win-core-profile-l1-1-0
QueryPerformanceCounter
api-ms-win-core-processthreads-l1-1-0
GetCurrentProcess
TerminateProcess
GetCurrentProcessId
OpenThreadToken
SetThreadToken
OpenProcessToken
GetCurrentThreadId
api-ms-win-core-sysinfo-l1-1-0
GetSystemTimeAsFileTime
GetTickCount
api-ms-win-core-errorhandling-l1-1-0
UnhandledExceptionFilter
SetUnhandledExceptionFilter
kernel32
DuplicateHandle
SwitchToThread
GetFileAttributesW
CreateDirectoryW
DebugBreak
DeleteTimerQueueTimer
CreateTimerQueueTimer
DeviceIoControl
CreateThread
WaitForMultipleObjectsEx
SystemTimeToFileTime
FileTimeToSystemTime
ExitProcess
GetVersionExW
LocalFree
GetCurrentThread
SetLastError
CopyFileExW
DeleteFileW
MultiByteToWideChar
WideCharToMultiByte
WaitForSingleObject
ResetEvent
UnregisterWaitEx
SetEvent
RegisterWaitForSingleObjectEx
CreateEventW
CompareStringA
CompareFileTime
WriteFile
CloseHandle
ReadFile
GetFileSize
CreateFileW
GetLastError
GetProcessHeap
HeapAlloc
HeapReAlloc
HeapFree
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
api-ms-win-core-registry-l1-1-0
RegNotifyChangeKeyValue
RegSetValueExW
RegEnumValueW
RegDeleteKeyExW
RegCreateKeyExW
RegOpenKeyExW
RegCloseKey
RegQueryInfoKeyW
RegQueryValueExW
rpcrt4
RpcServerUseProtseqW
I_RpcBindingInqTransportType
UuidCreate
NdrServerCallAll
NdrServerCall2
RpcBindingVectorFree
RpcServerRegisterAuthInfoW
RpcBindingInqAuthClientW
RpcStringFreeW
RpcStringBindingParseW
I_RpcExceptionFilter
RpcImpersonateClient
RpcServerRegisterIfEx
RpcBindingToStringBindingW
RpcEpRegisterW
RpcServerUnregisterIfEx
RpcStringBindingComposeW
RpcSsContextLockExclusive
NdrClientCall3
RpcBindingFromStringBindingW
RpcBindingSetAuthInfoExW
RpcBindingFree
RpcErrorStartEnumeration
RpcRevertToSelf
RpcErrorGetNextRecord
RpcRaiseException
RpcErrorEndEnumeration
RpcServerInqBindings
UuidToStringW
api-ms-win-security-base-l1-1-0
CopySid
GetTokenInformation
EqualSid
GetWindowsAccountDomainSid
CheckTokenMembership
CreateWellKnownSid
RevertToSelf
api-ms-win-service-core-l1-1-0
SetServiceStatus
RegisterServiceCtrlHandlerExW
api-ms-win-core-heap-l2-1-0
LocalAlloc
api-ms-win-core-delayload-l1-1-1
ResolveDelayLoadedAPI
api-ms-win-core-delayload-l1-1-0
DelayLoadFailureHook
api-ms-win-security-grouppolicy-l1-1-0
UnregisterGPNotificationInternal
RegisterGPNotificationInternal
api-ms-win-service-management-l1-1-0
OpenServiceW
StartServiceW
CloseServiceHandle
OpenSCManagerW
api-ms-win-service-winsvc-l1-1-0
QueryServiceStatus
Exports
Exports
IMServiceMain
SVCServiceMain
SvchostPushServiceGlobals
Sections
.text Size: 285KB - Virtual size: 284KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 44KB - Virtual size: 44KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 1024B - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 7KB - Virtual size: 7KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.didat Size: 1024B - Virtual size: 848B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 2KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
__x64___setup___x32__/SettingMonitor/uudf.dll.dll windows:10 windows x64 arch:x64
Password: infected
b38628cfe74c2369b1284d127e70c2cb
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
PDB Paths
uudf.pdb
Imports
msvcrt
memset
memcmp
memcpy
memmove
_initterm
malloc
free
_amsg_exit
_XcptFilter
_vsnprintf
_vsnwprintf
__C_specific_handler
ntdll
RtlFreeHeap
RtlNumberGenericTableElementsAvl
NtQuerySystemTime
RtlSystemTimeToLocalTime
RtlTimeToTimeFields
DbgPrint
RtlRaiseStatus
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
RtlAllocateHeap
api-ms-win-eventing-classicprovider-l1-1-0
GetTraceEnableLevel
GetTraceLoggerHandle
RegisterTraceGuidsW
GetTraceEnableFlags
TraceMessage
UnregisterTraceGuids
api-ms-win-core-errorhandling-l1-1-0
UnhandledExceptionFilter
SetLastError
SetErrorMode
GetLastError
SetUnhandledExceptionFilter
api-ms-win-core-sysinfo-l1-1-0
GetSystemTimeAsFileTime
GetWindowsDirectoryW
GetTickCount
api-ms-win-core-libraryloader-l1-2-0
DisableThreadLibraryCalls
api-ms-win-core-synch-l1-2-0
Sleep
api-ms-win-core-processthreads-l1-1-0
GetCurrentProcess
GetCurrentThreadId
GetCurrentProcessId
TerminateProcess
api-ms-win-core-profile-l1-1-0
QueryPerformanceCounter
ulib
??1MESSAGE@@UEAA@XZ
??0MESSAGE@@QEAA@XZ
?DisplayMsg@MESSAGE@@QEAAEKW4MESSAGE_TYPE@@K@Z
?MakeFileToken@MESSAGE@@SA_KPEBD@Z
?DisplayMsg@MESSAGE@@QEAAEKW4MESSAGE_TYPE@@KPEBDZZ
?Initialize@WSTRING@@QEAAEPEBV1@KK@Z
?Stricmp@WSTRING@@QEBAJPEBV1@@Z
?Initialize@WSTRING@@QEAAEPEBGK@Z
?QueryString@WSTRING@@QEBAPEAV1@KK@Z
?Display@MESSAGE@@QEAAEPEBDZZ
?DisplayMsg@MESSAGE@@QEAAEK@Z
?Initialize@HMEM@@QEAAEXZ
??1HMEM@@UEAA@XZ
??0HMEM@@QEAA@XZ
??0LIST@@QEAA@XZ
?Initialize@FSTRING@@QEAAPEAVWSTRING@@PEAGK@Z
??0FSTRING@@QEAA@XZ
??1DSTRING@@UEAA@XZ
??0DSTRING@@QEAA@XZ
?DisplayMsg@MESSAGE@@QEAAEKPEBDZZ
?DebugDump@OBJECT@@UEBAXE@Z
?Compare@OBJECT@@UEBAJPEBV1@@Z
UlibRealloc
??1OBJECT@@UEAA@XZ
??0OBJECT@@IEAA@XZ
??1ITERATOR@@UEAA@XZ
??1LIST@@UEAA@XZ
?Initialize@LIST@@QEAAEXZ
?QueryIterator@LIST@@UEBAPEAVITERATOR@@XZ
?DeleteAllMembers@SEQUENTIAL_CONTAINER@@UEAAEXZ
??0MEM_ALLOCATOR@@QEAA@XZ
??1MEM_ALLOCATOR@@UEAA@XZ
?Initialize@MEM_ALLOCATOR@@QEAAE_KK@Z
?Allocate@MEM_ALLOCATOR@@QEAAPEAXK@Z
??0ITERATOR@@IEAA@XZ
?FindNext@ITERATOR@@UEAAPEAVOBJECT@@PEBV2@@Z
??1FSTRING@@UEAA@XZ
ifsutil
?Initialize@SUPERAREA@@IEAAEPEAVMEM@@PEAVLOG_IO_DP_DRIVE@@KPEAVMESSAGE@@@Z
?Recover@VOL_LIODPDRV@@QEAAEPEBVWSTRING@@PEAVMESSAGE@@@Z
?DismountVolume@IFS_SYSTEM@@SAEPEBVWSTRING@@@Z
?QueryUdfMediaNeedsVat@DP_DRIVE@@QEAAEXZ
?QueryUdfMediaNeedsSparing@DP_DRIVE@@QEAAEXZ
?Format@VOL_LIODPDRV@@QEAA?AW4FORMAT_ERROR_CODE@@PEBVWSTRING@@PEAVMESSAGE@@KKK@Z
?QueryUdfMediaNeedsLowLevelFormat@DP_DRIVE@@QEAAEXZ
?Initialize@DP_DRIVE@@QEAAEPEBVWSTRING@@PEAVMESSAGE@@EE@Z
??0DP_DRIVE@@QEAA@XZ
?QueryUdfMediaType@DP_DRIVE@@QEAAKXZ
?QueryRewritableMOSupport@DP_DRIVE@@QEAAEXZ
?DismountAndLock@IO_DP_DRIVE@@QEAAEXZ
?DosDriveNameToNtDriveName@IFS_SYSTEM@@SAEPEBVWSTRING@@PEAV2@@Z
?ChkDsk@VOL_LIODPDRV@@QEAAEW4FIX_LEVEL@@PEAVMESSAGE@@KKGPEAKPEBVWSTRING@@@Z
?Lock@IO_DP_DRIVE@@QEAAEXZ
?PowForceAllocation@IO_DP_DRIVE@@QEAAEKKPEAKW4NwaType@DP_DRIVE@@@Z
?EliminateCycles@DIGRAPH@@QEAAEPEAVCONTAINER@@PEAE@Z
?RemoveEdge@DIGRAPH@@QEAAEKK@Z
?QueryParents@DIGRAPH@@QEBAEKPEAVNUMBER_SET@@@Z
?Remove@NUMBER_SET@@QEAAEPEBV1@@Z
?QueryParentsWithChildren@DIGRAPH@@QEBAEPEAVNUMBER_SET@@K@Z
?QueryNumParents@DIGRAPH@@QEBAKK@Z
?QueryNumber@NUMBER_SET@@QEBA?AVBIG_INT@@V2@@Z
?QueryChildren@DIGRAPH@@QEBAEKPEAVNUMBER_SET@@@Z
?SetFileSystemName@VOL_LIODPDRV@@QEAAEPEBG@Z
?Write@SECRUN@@UEAAEXZ
?Initialize@SECRUN@@QEAAEPEAVMEM@@PEAVIO_DP_DRIVE@@VBIG_INT@@K@Z
??1SECRUN@@UEAA@XZ
??0SECRUN@@QEAA@XZ
?Read@IO_DP_DRIVE@@QEAAEVBIG_INT@@KPEAX@Z
??1NUMBER_SET@@UEAA@XZ
?Add@NUMBER_SET@@QEAAEVBIG_INT@@@Z
?CheckAndRemove@NUMBER_SET@@QEAAEVBIG_INT@@PEAE@Z
?QueryEccBlockSizeInSectors@DP_DRIVE@@QEAAGXZ
?AddEdge@DIGRAPH@@QEAAEKK@Z
?QueryDisjointRange@NUMBER_SET@@QEBAXKPEAVBIG_INT@@0@Z
?Initialize@NUMBER_SET@@QEAAEXZ
??0NUMBER_SET@@QEAA@XZ
?Add@NUMBER_SET@@QEAAEVBIG_INT@@0@Z
?Remove@NUMBER_SET@@QEAAEVBIG_INT@@0@Z
?DoesIntersectSet@NUMBER_SET@@QEBAEVBIG_INT@@0@Z
?QueryUdfMediaHasPow@DP_DRIVE@@QEAAEXZ
?QueryUdfMediaSupportsBackgroundFormat@DP_DRIVE@@QEAAEXZ
?QueryDiscStatus@DP_DRIVE@@QEAAEPEAK0@Z
?ReinitiateBackgroundFormat@DP_DRIVE@@QEAAEXZ
?QueryUdfMediaSupportsQuickGrow@DP_DRIVE@@QEAAEXZ
?ReadFormattableCapacity@DP_DRIVE@@QEAAEEPEAKPEAE0@Z
?QueryVolumeBounds@DP_DRIVE@@QEAAEPEAK0@Z
?QueryNextWritableAddress@DP_DRIVE@@QEAAEPEAKW4NwaType@1@@Z
?QueryFreeBlocksInLastTrack@DP_DRIVE@@QEAAEPEAK@Z
?SendPowLowLevelFormat@DP_DRIVE@@QEAAEPEAVMESSAGE@@@Z
?WriteEntireDrive@VOL_LIODPDRV@@UEAA?AW4FORMAT_ERROR_CODE@@PEAVMESSAGE@@PEAXKII@Z
?QueryPartitionInfo@DP_DRIVE@@UEAAEPEAU_PARTITION_INFORMATION_EX@@@Z
?QueryTierCount@DP_DRIVE@@UEAAJPEAK@Z
?QueryReadCacheSize@DP_DRIVE@@UEAAJPEA_K@Z
?QueryDataRedundancyCount@DP_DRIVE@@UEAAJPEAK0@Z
?QuerySectors@DP_DRIVE@@UEBA?AVBIG_INT@@XZ
?QueryWriteBlockSize@DP_DRIVE@@UEBAKXZ
?QuerySectorSize@DP_DRIVE@@UEBAKXZ
?Initialize@VOL_LIODPDRV@@IEAA?AW4FORMAT_ERROR_CODE@@PEBVWSTRING@@PEAVSUPERAREA@@PEAVMESSAGE@@EEW4_MEDIA_TYPE@@GEIE@Z
??1VOL_LIODPDRV@@UEAA@XZ
??0VOL_LIODPDRV@@IEAA@XZ
?VerifyRead@SECRUN@@UEAAEPEAE@Z
?Read@SECRUN@@UEAAEXZ
?IsUdfMediaWritable@DP_DRIVE@@QEAAEXZ
?Write@IO_DP_DRIVE@@QEAAEVBIG_INT@@KPEAX@Z
?WaitForUnit@DP_DRIVE@@QEAAEPEAVMESSAGE@@@Z
??1SUPERAREA@@UEAA@XZ
??0SUPERAREA@@IEAA@XZ
?Initialize@DIGRAPH@@QEAAEK@Z
??1DIGRAPH@@UEAA@XZ
??0DIGRAPH@@QEAA@XZ
?FormatScaleTotalFreeClusters@IFS_SYSTEM@@SAE_K0PEAK1PEA_K2@Z
?WaitForWriteCompletion@DP_DRIVE@@QEAAEPEAVMESSAGE@@@Z
?FlushCache@IO_DP_DRIVE@@QEAAEXZ
?Initialize@READ_WRITE_CACHE@@QEAAEPEAVIO_DP_DRIVE@@KE@Z
??0READ_WRITE_CACHE@@QEAA@XZ
?Initialize@READ_MODIFY_WRITE_CACHE@@QEAAEPEAVIO_DP_DRIVE@@KKEE@Z
??0READ_MODIFY_WRITE_CACHE@@QEAA@XZ
?Initialize@POW_CACHE@@QEAAEKKKKK@Z
?Initialize@POW_CACHE@@QEAAEPEAVIO_DP_DRIVE@@@Z
??0POW_CACHE@@QEAA@XZ
?SetCache@IO_DP_DRIVE@@QEAAXPEAVDRIVE_CACHE@@@Z
?Initialize@WRITE_ONCE_CACHE@@QEAAEPEAVIO_DP_DRIVE@@KKK@Z
??0WRITE_ONCE_CACHE@@QEAA@XZ
?SetSectors@DP_DRIVE@@QEAAXVBIG_INT@@@Z
?QueryHighestTrackAddress@DP_DRIVE@@QEAAEPEAK@Z
?QueryLastWritableAddress@DP_DRIVE@@QEAAEPEAKW4NwaType@1@@Z
?SetPowTrackConfiguration@DP_DRIVE@@QEAAEE@Z
Exports
Exports
??0METADATA_PARTITION@@QEAA@XZ
??0UDF_LVOL@@QEAA@XZ
??0UDF_SA@@QEAA@XZ
??0UDF_VOL@@QEAA@XZ
??1METADATA_PARTITION@@UEAA@XZ
??1UDF_LVOL@@UEAA@XZ
??1UDF_SA@@UEAA@XZ
??1UDF_VOL@@UEAA@XZ
?CreateOnDisk@UDF_LVOL@@QEAAEPEAVUDF_SA@@PEAVMESSAGE@@PEAVVDS@@PEAUEXTENTAD@@K3@Z
?Initialize@UDF_SA@@QEAAEPEAVLOG_IO_DP_DRIVE@@PEAVMESSAGE@@G@Z
?Initialize@UDF_VOL@@QEAA?AW4FORMAT_ERROR_CODE@@PEBVWSTRING@@PEAVMESSAGE@@EGEEE@Z
?ReadFromDisk@UDF_LVOL@@QEAAEPEAVUDF_SA@@PEAVMESSAGE@@PEAVVDS@@@Z
Chkdsk
ChkdskEx
Format
FormatEx
GetFilesystemInformation
Recover
Sections
.text Size: 143KB - Virtual size: 142KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 19KB - Virtual size: 18KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 512B - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 4KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 1024B - Virtual size: 992B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 344B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
__x64___setup___x32__/SettingSync/SettingSync.dll.dll windows:10 windows x64 arch:x64
Password: infected
7b47ecf8ca02907cd93bfb196ed60609
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
PDB Paths
SettingSync.pdb
Imports
msvcrt
??0exception@@QEAA@AEBQEBDH@Z
_amsg_exit
_initterm
_XcptFilter
__dllonexit
_onexit
??1type_info@@UEAA@XZ
?terminate@@YAXXZ
memset
?what@exception@@UEBAPEBDXZ
??0exception@@QEAA@AEBQEBD@Z
memcmp
??8type_info@@QEBAHAEBV0@@Z
_callnewh
_CxxThrowException
memcpy
_unlock
_lock
wcsncmp
wcsstr
_get_errno
_set_errno
wcschr
__C_specific_handler
sprintf
_vsnprintf
memmove_s
realloc
malloc
free
_purecall
_vsnprintf_s
__CxxFrameHandler3
??0exception@@QEAA@AEBV0@@Z
iswalnum
swscanf_s
wcstok
wcstoul
wcscpy_s
_wcsicmp
swscanf
??0exception@@QEAA@XZ
??1exception@@UEAA@XZ
??3@YAXPEAX@Z
memcpy_s
_vsnwprintf
??_V@YAXPEAX@Z
memmove
sqrt
api-ms-win-shcore-taskpool-l1-1-0
SHTaskPoolGetUniqueContext
SHTaskPoolQueueTask
api-ms-win-shcore-sysinfo-l1-1-0
IsOS
api-ms-win-core-libraryloader-l1-2-0
LoadLibraryExW
GetProcAddress
GetModuleHandleW
GetModuleHandleExW
DisableThreadLibraryCalls
FreeLibrary
GetModuleFileNameA
GetModuleFileNameW
api-ms-win-core-synch-l1-1-0
WaitForMultipleObjectsEx
InitializeCriticalSection
CreateMutexExW
LeaveCriticalSection
OpenSemaphoreW
InitializeCriticalSectionEx
WaitForSingleObject
OpenEventW
InitializeSRWLock
SetEvent
DeleteCriticalSection
CreateEventExW
ReleaseSemaphore
WaitForSingleObjectEx
ReleaseMutex
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
CreateSemaphoreExW
AcquireSRWLockShared
ReleaseSRWLockShared
EnterCriticalSection
api-ms-win-core-heap-l1-1-0
HeapReAlloc
HeapFree
HeapAlloc
GetProcessHeap
api-ms-win-core-errorhandling-l1-1-0
SetUnhandledExceptionFilter
SetLastError
UnhandledExceptionFilter
RaiseException
GetLastError
api-ms-win-core-processthreads-l1-1-0
GetCurrentThreadId
OpenThreadToken
GetCurrentThread
OpenProcessToken
GetCurrentProcessId
GetCurrentProcess
TerminateProcess
CreateProcessW
api-ms-win-core-localization-l1-2-0
GetLocaleInfoW
GetUserDefaultLocaleName
SetLocaleInfoW
GetLocaleInfoEx
FormatMessageW
api-ms-win-core-debug-l1-1-0
DebugBreak
OutputDebugStringW
IsDebuggerPresent
OutputDebugStringA
api-ms-win-core-handle-l1-1-0
CloseHandle
api-ms-win-eventing-classicprovider-l1-1-0
GetTraceEnableFlags
TraceMessage
GetTraceLoggerHandle
GetTraceEnableLevel
UnregisterTraceGuids
RegisterTraceGuidsW
api-ms-win-core-string-l1-1-0
CompareStringOrdinal
api-ms-win-core-registry-l1-1-0
RegEnumValueW
RegDeleteValueW
RegOpenKeyExW
RegQueryValueExW
RegGetValueW
RegQueryInfoKeyW
RegCloseKey
RegSetValueExW
RegCreateKeyExW
RegEnumKeyExW
RegOpenCurrentUser
api-ms-win-core-file-l1-1-0
CompareFileTime
GetFileAttributesExW
DeleteFileW
api-ms-win-eventing-provider-l1-1-0
EventSetInformation
EventRegister
EventUnregister
EventActivityIdControl
EventWriteTransfer
api-ms-win-core-threadpool-l1-2-0
CloseThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CreateThreadpoolTimer
SetThreadpoolTimer
api-ms-win-core-synch-l1-2-0
InitOnceBeginInitialize
InitOnceComplete
WakeAllConditionVariable
SleepConditionVariableSRW
InitOnceExecuteOnce
Sleep
api-ms-win-core-libraryloader-l1-2-1
LoadLibraryW
api-ms-win-core-util-l1-1-0
EncodePointer
DecodePointer
api-ms-win-core-sysinfo-l1-1-0
GetSystemDirectoryW
GetSystemTimeAsFileTime
GetVersionExW
GetTickCount
api-ms-win-core-path-l1-1-0
PathCchCombine
PathCchAppend
api-ms-win-core-heap-l2-1-0
LocalAlloc
LocalFree
LocalReAlloc
api-ms-win-core-rtlsupport-l1-1-0
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
api-ms-win-core-profile-l1-1-0
QueryPerformanceCounter
api-ms-win-eventing-controller-l1-1-0
EnableTraceEx2
StopTraceW
StartTraceW
api-ms-win-core-sysinfo-l1-2-0
VerSetConditionMask
api-ms-win-core-sidebyside-l1-1-0
ActivateActCtx
FindActCtxSectionStringW
QueryActCtxW
DeactivateActCtx
CreateActCtxW
api-ms-win-core-kernel32-legacy-l1-1-0
GetComputerNameW
api-ms-win-core-shlwapi-legacy-l1-1-0
SHExpandEnvironmentStringsW
PathFileExistsW
PathFindNextComponentW
PathRelativePathToW
api-ms-win-core-shlwapi-obsolete-l1-1-0
QISearch
StrCmpICW
api-ms-win-shlwapi-winrt-storage-l1-1-1
IUnknown_GetWindow
ord635
ord187
api-ms-win-rtcore-ntuser-window-l1-1-0
FindWindowW
PostMessageW
PeekMessageW
PostQuitMessage
TranslateMessage
DispatchMessageW
FindWindowExW
SendNotifyMessageW
GetClassNameW
api-ms-win-ntuser-sysparams-l1-1-0
GetSystemMetrics
SystemParametersInfoW
api-ms-win-rtcore-ntuser-synch-l1-1-0
MsgWaitForMultipleObjectsEx
coremessaging
CoreUICreate
ntdll
RtlGetSuiteMask
NtQueryInformationToken
NtQueryInformationProcess
RtlGetDeviceFamilyInfoEnum
coreuicomponents
CoreUIFactoryCreate
slc
SLIsWindowsGenuineLocal
wevtapi
EvtOpenChannelConfig
EvtSetChannelConfigProperty
EvtSaveChannelConfig
EvtClose
api-ms-win-core-delayload-l1-1-1
ResolveDelayLoadedAPI
api-ms-win-core-delayload-l1-1-0
DelayLoadFailureHook
api-ms-win-core-apiquery-l1-1-0
ApiSetQueryApiSetPresence
api-ms-win-core-localization-private-l1-1-0
LoadStringByReference
api-ms-win-core-kernel32-legacy-l1-1-1
VerifyVersionInfoW
api-ms-win-core-string-obsolete-l1-1-0
lstrlenW
Exports
Exports
DllCanUnloadNow
DllGetClassObject
Sections
.text Size: 461KB - Virtual size: 461KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 183KB - Virtual size: 183KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 6KB - Virtual size: 29KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 29KB - Virtual size: 29KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.didat Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 8KB - Virtual size: 8KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 5KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
__x64___setup___x32__/SettingSync/rasmontr.dll.dll windows:10 windows x64 arch:x64
Password: infected
18970be6d7b652fcb1413c038f894c24
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
PDB Paths
rasmontr.pdb
Imports
msvcrt
_wcsicmp
_CxxThrowException
memcmp
memcpy
memset
_onexit
__dllonexit
_unlock
_lock
_initterm
_amsg_exit
_XcptFilter
wcstoul
wcstol
wcstok
wcspbrk
_itow
wcstombs
_wtoi
strchr
_wctime
time
free
malloc
atoi
wcsrchr
_vsnwprintf
strncmp
__C_specific_handler
__CxxFrameHandler3
wcsncat_s
wcscpy_s
_strcmpi
_callnewh
??1type_info@@UEAA@XZ
wcscmp
ntdll
EtwTraceMessage
RtlInitUnicodeString
NtQuerySystemInformation
VerSetConditionMask
RtlIpv4AddressToStringW
RtlNtStatusToDosError
RtlSecondsSince1970ToTime
RtlGUIDFromString
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
RtlIpv6AddressToStringW
RtlIpv6StringToAddressW
advapi32
ReadEventLogW
TraceMessage
RegEnumKeyExW
RegQueryInfoKeyW
RegConnectRegistryW
LsaStorePrivateData
RegDeleteKeyExW
RegEnumKeyW
RegEnumValueW
EnableTraceEx2
ControlTraceW
EnableTrace
StartTraceW
RegCreateKeyExW
RegQueryValueExW
LsaClose
LsaFreeMemory
LsaSetInformationPolicy
LsaQueryInformationPolicy
LsaOpenPolicy
CloseEventLog
ClearEventLogW
OpenEventLogW
RegSetValueExW
EnumServicesStatusExW
OpenProcessToken
OpenThreadToken
RegCloseKey
RegOpenKeyExW
mprapi
MprAdminUserSetInfo
MprConfigServerSetInfoEx
MprAdminServerGetInfoEx
MprAdminServerSetInfoEx
MprAdminConnectionGetInfo
MprAdminBufferFree
MprAdminServerConnect
MprAdminConnectionEnum
MprAdminServerDisconnect
MprAdminInterfaceDisconnect
MprAdminConnectionClearStats
MprDomainQueryRasServer
MprDomainRegisterRasServer
MprAdminServerSetCredentials
MprAdminServerGetCredentials
MprAdminServerGetInfo
MprAdminPortGetInfo
MprAdminPortClearStats
MprAdminPortEnum
MprConfigServerConnect
MprConfigInterfaceGetInfo
MprConfigInterfaceTransportGetHandle
MprConfigInterfaceGetHandle
MprConfigServerGetInfoEx
MprConfigServerDisconnect
MprConfigBufferFree
MprAdminUserServerConnect
MprAdminUserServerDisconnect
MprAdminUserGetInfo
MprAdminUserOpen
MprAdminUserRead
MprAdminUserWrite
MprAdminUserClose
netsh.exe
PrintMessageFromModule
RegisterHelper
PrintMessage
MakeQuotedString
RegisterContext
MakeString
PrintError
MatchToken
MatchEnumTag
FreeString
rasapi32
RasEnumDevicesW
user32
LoadStringW
GetWindowThreadProcessId
GetWindow
GetWindowLongW
GetWindowTextW
FindWindowExW
OpenDesktopW
GetThreadDesktop
SetThreadDesktop
EnumWindows
CloseDesktop
OpenWindowStationW
GetProcessWindowStation
SetProcessWindowStation
EnumDesktopsW
CloseWindowStation
EnumWindowStationsW
fwpuclnt
IkeextSetConfigParameters0
IkeextGetConfigParameters0
ws2_32
WSAIoctl
htonl
ntohl
FreeAddrInfoW
WSAAddressToStringW
GetAddrInfoW
WSACleanup
closesocket
WSACloseEvent
GetNameInfoW
WSAResetEvent
WSAWaitForMultipleEvents
WSAEventSelect
WSACreateEvent
inet_addr
bind
htons
WSAGetLastError
WSASocketW
WSAStartup
setsockopt
rasman
RasGetDeviceConfigInfo
RasGetCalledIdInfo
RasRpcDisconnectServer
RasSetCalledIdInfo
RasSetDeviceConfigInfo
RasRpcConnectServer
kernel32
CreateProcessW
GetFullPathNameW
GetModuleHandleExW
GetModuleFileNameW
GetProcessMitigationPolicy
WideCharToMultiByte
WaitForSingleObject
UnhandledExceptionFilter
SetUnhandledExceptionFilter
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetComputerNameExW
RegOpenKeyExA
RegQueryValueExA
RegGetValueW
RegDeleteValueW
VirtualProtect
LoadLibraryExA
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
RaiseException
VirtualQuery
SetEvent
CreateEventW
SetConsoleCtrlHandler
HeapAlloc
GetProcessHeap
GetExitCodeProcess
GetTickCount
FreeLibrary
GetProcAddress
LoadLibraryExW
GetFileAttributesW
CopyFileW
GetSystemWindowsDirectoryW
GetComputerNameW
GetTimeFormatW
GetDateFormatW
GetLocalTime
GetVersionExW
GetSystemInfo
GetFileType
lstrcmpiW
GetTempFileNameW
GetTempPathW
GetPrivateProfileStringW
ExpandEnvironmentStringsW
CloseHandle
ReadFile
GetFileSize
CreateFileW
LocalFree
FormatMessageW
lstrlenA
MultiByteToWideChar
lstrlenW
GetLastError
WriteFile
DeleteFileW
LocalAlloc
GetCurrentThread
HeapFree
DisableThreadLibraryCalls
FindClose
FindNextFileW
SetLastError
GetCurrentProcess
SystemTimeToFileTime
CompareFileTime
GetCurrentThreadId
GetFileAttributesExW
FileTimeToLocalFileTime
FileTimeToSystemTime
DuplicateHandle
TerminateProcess
SetFilePointer
SetEndOfFile
VirtualAlloc
VirtualFree
VerifyVersionInfoW
Sleep
FindFirstFileW
mfc42u
ord2408
ord3830
ord6832
ord5815
ord2876
ord6821
ord5804
ord2121
iphlpapi
NhGetInterfaceNameFromGuid
Exports
Exports
GetDiagnosticFunctions
InitHelperDll
RutlAlloc
RutlAssignmentFromTokenAndDword
RutlAssignmentFromTokens
RutlCloseDumpFile
RutlCreateDumpFile
RutlDwordDup
RutlFree
RutlGetOsVersion
RutlGetTagToken
RutlIsHelpToken
RutlParse
RutlStrDup
Sections
.text Size: 230KB - Virtual size: 230KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 103KB - Virtual size: 103KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 7KB - Virtual size: 11KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 6KB - Virtual size: 6KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.didat Size: 512B - Virtual size: 384B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
__x64___setup___x32__/SettingSync/schannel.dll.dll windows:10 windows x64 arch:x64
Password: infected
f9a7e6d2b3de9b36a6c1af314faffb97
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
PDB Paths
schannel.pdb
Imports
api-ms-win-crt-runtime-l1-1-0
_initterm_e
_initterm
api-ms-win-crt-private-l1-1-0
_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__purecall
_o__register_onexit_function
_o__seh_filter_dll
_o__stricmp
memmove
_o__wcsicmp
_o__wcsnicmp
_o__wsplitpath_s
_o_free
_o_malloc
_o_memcpy_s
_o_wcscat_s
_o_wcscpy_s
_o_wcsncpy_s
_o__execute_onexit_table
_o__crt_atexit
_o__configure_narrow_argv
_o__cexit
_o__callnewh
_o___stdio_common_vswprintf
_o___stdio_common_vsnwprintf_s
_o___std_type_info_destroy_list
wcschr
__C_specific_handler
memcmp
memcpy
__CxxFrameHandler3
__std_terminate
wcsrchr
wcsstr
api-ms-win-crt-string-l1-1-0
memset
strcmp
wcscmp
wcsncmp
wcsnlen
memmove_s
api-ms-win-core-heap-l2-1-0
LocalAlloc
LocalFree
LocalReAlloc
api-ms-win-core-errorhandling-l1-1-0
SetLastError
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetLastError
api-ms-win-security-base-l1-1-0
CreateWellKnownSid
GetTokenInformation
EqualSid
GetLengthSid
RevertToSelf
AllocateLocallyUniqueId
api-ms-win-core-registry-l1-1-0
RegCreateKeyExW
RegOpenKeyExW
RegQueryValueExW
RegCloseKey
RegFlushKey
RegSetValueExW
RegNotifyChangeKeyValue
RegOpenKeyExA
api-ms-win-core-libraryloader-l1-2-0
FreeLibrary
LoadLibraryExW
GetModuleFileNameW
GetModuleHandleW
GetProcAddress
GetModuleFileNameA
GetModuleHandleExW
DisableThreadLibraryCalls
api-ms-win-core-localization-l1-2-0
FormatMessageW
api-ms-win-core-memory-l1-1-0
MapViewOfFileEx
CreateFileMappingW
VirtualFree
VirtualAlloc
VirtualQuery
VirtualProtect
UnmapViewOfFile
OpenFileMappingW
api-ms-win-core-handle-l1-1-0
CloseHandle
api-ms-win-core-wow64-l1-1-1
GetSystemWow64DirectoryW
api-ms-win-core-synch-l1-1-0
TryAcquireSRWLockExclusive
CreateMutexExW
CreateEventW
InitializeCriticalSectionAndSpinCount
AcquireSRWLockExclusive
LeaveCriticalSection
CreateSemaphoreExW
ReleaseSRWLockShared
ReleaseSemaphore
ReleaseMutex
EnterCriticalSection
InitializeCriticalSectionEx
SetEvent
ReleaseSRWLockExclusive
InitializeSRWLock
ResetEvent
CreateEventA
WaitForSingleObjectEx
InitializeCriticalSection
DeleteCriticalSection
WaitForSingleObject
AcquireSRWLockShared
OpenSemaphoreW
api-ms-win-core-synch-l1-2-0
Sleep
api-ms-win-core-rtlsupport-l1-1-0
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
RtlCompareMemory
api-ms-win-core-debug-l1-1-0
DebugBreak
OutputDebugStringW
IsDebuggerPresent
api-ms-win-core-processthreads-l1-1-0
GetCurrentThread
OpenThreadToken
SetThreadStackGuarantee
TerminateProcess
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
api-ms-win-core-processthreads-l1-1-1
IsProcessorFeaturePresent
OpenProcess
api-ms-win-core-profile-l1-1-0
QueryPerformanceFrequency
QueryPerformanceCounter
api-ms-win-core-sysinfo-l1-1-0
GetVersionExW
GetSystemTimeAsFileTime
GetSystemInfo
GetWindowsDirectoryW
GetComputerNameExW
GetTickCount
GetTickCount64
api-ms-win-core-interlocked-l1-1-0
InterlockedPushEntrySList
InterlockedPopEntrySList
InterlockedFlushSList
InitializeSListHead
api-ms-win-eventing-classicprovider-l1-1-0
TraceMessage
api-ms-win-eventing-provider-l1-1-0
EventWriteTransfer
EventUnregister
EventSetInformation
EventRegister
api-ms-win-core-psapi-l1-1-0
QueryFullProcessImageNameW
api-ms-win-core-processenvironment-l1-1-0
ExpandEnvironmentStringsW
SetCurrentDirectoryW
GetCurrentDirectoryW
api-ms-win-core-file-l1-1-0
CompareFileTime
CreateDirectoryW
api-ms-win-core-heap-l1-1-0
HeapAlloc
HeapFree
GetProcessHeap
api-ms-win-core-threadpool-l1-2-0
CreateThreadpoolTimer
CloseThreadpoolTimer
SetThreadpoolTimer
WaitForThreadpoolTimerCallbacks
api-ms-win-core-string-l1-1-0
MultiByteToWideChar
WideCharToMultiByte
api-ms-win-core-threadpool-private-l1-1-0
RegisterWaitForSingleObjectEx
api-ms-win-core-threadpool-legacy-l1-1-0
DeleteTimerQueueTimer
CreateTimerQueueTimer
UnregisterWaitEx
ChangeTimerQueueTimer
api-ms-win-core-string-obsolete-l1-1-0
lstrlenW
ntdll
NtQuerySystemTime
NtQuerySystemInformation
NtOpenEvent
NtCreateEvent
NtSetEvent
RtlDuplicateUnicodeString
NtWaitForSingleObject
RtlValidSid
RtlSubAuthorityCountSid
RtlImageNtHeader
RtlDeregisterWait
RtlEnterCriticalSection
RtlDeleteCriticalSection
RtlInitializeCriticalSection
EtwUnregisterTraceGuids
RtlFreeHeap
NtOpenKey
RtlInitializeResource
RtlEqualUnicodeString
RtlGetNtProductType
RtlCopySid
RtlLengthSid
RtlSubAuthoritySid
RtlInitializeSid
RtlInitString
RtlAcquireResourceExclusive
EtwEventWrite
EtwEventUnregister
EtwEventRegister
RtlReleaseResource
RtlAcquireResourceShared
RtlNtStatusToDosErrorNoTeb
NtClose
NtDuplicateObject
RtlNtStatusToDosError
RtlInitUnicodeString
RtlAnsiStringToUnicodeString
EtwEventWriteTransfer
EtwTraceMessage
RtlAppendUnicodeToString
RtlAllocateHeap
NtEnumerateKey
RtlCompareUnicodeString
RtlConvertSharedToExclusive
NtQueryValueKey
RtlIpv6StringToAddressExW
RtlIpv4StringToAddressExW
NtSetInformationThread
NtAllocateVirtualMemory
NtFreeVirtualMemory
RtlDeleteResource
RtlInitAnsiString
RtlLeaveCriticalSection
EtwRegisterTraceGuidsW
EtwGetTraceEnableFlags
EtwGetTraceEnableLevel
EtwGetTraceLoggerHandle
RtlPublishWnfStateData
WinSqmSetDWORD
RtlRegisterWait
RtlFreeUnicodeString
api-ms-win-crt-time-l1-1-0
_time32
api-ms-win-core-version-l1-1-0
GetFileVersionInfoExW
VerQueryValueW
GetFileVersionInfoSizeExW
api-ms-win-core-file-l2-1-0
MoveFileExW
api-ms-win-core-delayload-l1-1-1
ResolveDelayLoadedAPI
api-ms-win-core-delayload-l1-1-0
DelayLoadFailureHook
api-ms-win-core-apiquery-l1-1-0
ApiSetQueryApiSetPresence
Exports
Exports
AcceptSecurityContext
AcquireCredentialsHandleA
AcquireCredentialsHandleW
ApplyControlToken
CompleteAuthToken
DeleteSecurityContext
EnumerateSecurityPackagesA
EnumerateSecurityPackagesW
FreeContextBuffer
FreeCredentialsHandle
ImpersonateSecurityContext
InitSecurityInterfaceA
InitSecurityInterfaceW
InitializeSecurityContextA
InitializeSecurityContextW
MakeSignature
QueryContextAttributesA
QueryContextAttributesW
QuerySecurityPackageInfoA
QuerySecurityPackageInfoW
RevertSecurityContext
SealMessage
SpLsaModeInitialize
SpUserModeInitialize
SslCrackCertificate
SslEmptyCacheA
SslEmptyCacheW
SslFreeCertificate
SslFreeCustomBuffer
SslGenerateRandomBits
SslGetExtensions
SslGetMaximumKeySize
SslGetServerIdentity
SslLoadCertificate
UnsealMessage
VerifySignature
Sections
.text Size: 469KB - Virtual size: 468KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 79KB - Virtual size: 79KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 2KB - Virtual size: 9KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 18KB - Virtual size: 18KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.didat Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 5KB - Virtual size: 5KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
__x64___setup___x32__/SettingSync/sppcommdlg.dll.dll windows:10 windows x64 arch:x64
9e7a74f359a4f7d11d4fce9a42612bae
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
PDB Paths
sppcommdlg.pdb
Imports
msvcrt
memcpy
memmove
_onexit
__dllonexit
wcschr
_unlock
_lock
__C_specific_handler
_initterm
malloc
free
_amsg_exit
_XcptFilter
_wtoi
_vsnwprintf
_wcsicmp
memset
api-ms-win-core-heap-l1-1-0
GetProcessHeap
HeapAlloc
HeapFree
api-ms-win-core-libraryloader-l1-2-0
LoadLibraryExW
LockResource
LoadResource
FindResourceExW
GetModuleFileNameW
GetProcAddress
GetModuleHandleExW
DisableThreadLibraryCalls
GetModuleHandleW
FreeLibraryAndExitThread
LoadStringW
FreeLibrary
api-ms-win-core-processthreads-l1-1-0
CreateThread
GetCurrentThread
GetCurrentProcess
TerminateProcess
GetThreadPriority
SetThreadPriority
GetCurrentThreadId
GetCurrentProcessId
api-ms-win-core-memory-l1-1-0
VirtualQuery
api-ms-win-core-errorhandling-l1-1-0
SetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetLastError
api-ms-win-core-handle-l1-1-0
CloseHandle
api-ms-win-core-registry-l1-1-0
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
api-ms-win-core-string-l2-1-0
CharUpperW
oleaut32
SysAllocString
VariantTimeToSystemTime
SysStringLen
SysFreeString
VariantClear
VariantInit
api-ms-win-core-com-l1-1-0
CoInitializeEx
CoCreateInstance
CoUninitialize
api-ms-win-core-timezone-l1-1-0
SystemTimeToFileTime
api-ms-win-core-sysinfo-l1-1-0
GetSystemTimeAsFileTime
GetTickCount
GetSystemDirectoryW
GetVersionExW
GetSystemTime
api-ms-win-core-localization-l1-2-0
FormatMessageW
api-ms-win-core-heap-l2-1-0
LocalAlloc
LocalFree
api-ms-win-core-synch-l1-2-1
WaitForMultipleObjects
CreateSemaphoreW
api-ms-win-core-synch-l1-1-0
ReleaseSRWLockExclusive
ReleaseSemaphore
AcquireSRWLockExclusive
SetEvent
WaitForSingleObject
api-ms-win-core-util-l1-1-0
DecodePointer
EncodePointer
api-ms-win-core-synch-l1-2-0
SleepConditionVariableSRW
Sleep
WakeAllConditionVariable
api-ms-win-core-rtlsupport-l1-1-0
RtlLookupFunctionEntry
RtlCaptureContext
RtlVirtualUnwind
api-ms-win-core-profile-l1-1-0
QueryPerformanceCounter
comctl32
CreatePropertySheetPageW
ord344
PropertySheetW
ord345
gdi32
GetDeviceCaps
DeleteObject
CreateFontIndirectW
GetObjectW
imm32
ImmAssociateContext
kernel32
GlobalLock
GetProcessAffinityMask
MulDiv
GlobalUnlock
shell32
ShellExecuteExW
shlwapi
StrTrimW
StrStrIW
user32
OpenClipboard
IsClipboardFormatAvailable
MessageBeep
ReleaseDC
GetDC
NotifyWinEvent
SetForegroundWindow
DestroyIcon
FindWindowW
LoadIconW
GetSystemMenu
ShowWindow
SetWindowTextW
GetWindowLongPtrW
EnableMenuItem
SetWindowLongPtrW
DrawMenuBar
GetKeyState
GetClipboardData
SetFocus
GetWindowTextLengthW
GetDlgCtrlID
SetWindowPos
MapWindowPoints
GetWindowLongW
IsWindow
GetDlgItem
MessageBoxW
KillTimer
LoadCursorW
CallWindowProcW
DefWindowProcW
SetCursor
GetParent
PostMessageW
SetTimer
SendMessageW
GetWindowTextW
ShowCursor
CloseClipboard
LoadImageW
GetWindow
GetWindowRect
EnableWindow
SystemParametersInfoW
GetClientRect
sppc
SLClose
SLOpen
SLpIsCurrentInstalledProductKeyDefaultKey
Exports
Exports
SLUXActivationWizard
Sections
.text Size: 100KB - Virtual size: 100KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 14KB - Virtual size: 14KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 512B - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 3KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 192KB - Virtual size: 192KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 84B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
__x64___setup___x32__/dab/dab.dll.dll windows:10 windows x64 arch:x64
9aec5c4aa0eee59fdd831e6d45f17768
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
PDB Paths
dab.pdb
Imports
api-ms-win-crt-runtime-l1-1-0
_initterm_e
_initterm
api-ms-win-crt-private-l1-1-0
_o__execute_onexit_table
_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__seh_filter_dll
memcpy
_o__wcsicmp
_o_free
_o_rand_s
__C_specific_handler
_o___std_type_info_destroy_list
_o__configure_narrow_argv
_o__cexit
memcmp
api-ms-win-crt-string-l1-1-0
memset
api-ms-win-core-libraryloader-l1-2-0
DisableThreadLibraryCalls
api-ms-win-core-profile-l1-1-0
QueryPerformanceCounter
api-ms-win-core-processthreads-l1-1-0
OpenProcessToken
GetCurrentProcessId
GetCurrentThreadId
GetCurrentThread
TerminateProcess
ResumeThread
GetCurrentProcess
OpenThreadToken
CreateThread
api-ms-win-core-sysinfo-l1-1-0
GetSystemTimeAsFileTime
GetTickCount64
api-ms-win-core-interlocked-l1-1-0
InitializeSListHead
api-ms-win-core-rtlsupport-l1-1-0
RtlLookupFunctionEntry
RtlVirtualUnwind
RtlCaptureContext
api-ms-win-core-debug-l1-1-0
IsDebuggerPresent
api-ms-win-core-errorhandling-l1-1-0
GetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter
SetLastError
api-ms-win-core-processthreads-l1-1-1
IsProcessorFeaturePresent
api-ms-win-security-base-l1-1-0
AllocateAndInitializeSid
CopySid
CheckTokenMembership
EqualSid
GetTokenInformation
FreeSid
GetLengthSid
api-ms-win-core-handle-l1-1-0
CloseHandle
api-ms-win-core-file-l1-1-0
CompareFileTime
rpcrt4
NdrServerCallAll
RpcImpersonateClient
RpcServerRegisterIfEx
UuidToStringW
UuidEqual
RpcRevertToSelf
UuidIsNil
RpcServerUnregisterIfEx
RpcServerUseProtseqEpW
RpcServerInqCallAttributesW
NdrServerCall2
RpcBindingVectorFree
RpcStringFreeW
UuidFromStringW
api-ms-win-core-synch-l1-2-0
InitializeConditionVariable
SleepConditionVariableSRW
WakeConditionVariable
InitOnceExecuteOnce
api-ms-win-core-threadpool-l1-2-0
CloseThreadpoolTimer
SetThreadpoolThreadMaximum
CallbackMayRunLong
SetThreadpoolThreadMinimum
CreateThreadpool
SetThreadpoolTimer
CloseThreadpool
CloseThreadpoolWork
CreateThreadpoolTimer
CloseThreadpoolCleanupGroup
CreateThreadpoolWork
CloseThreadpoolCleanupGroupMembers
CreateThreadpoolCleanupGroup
SubmitThreadpoolWork
api-ms-win-core-timezone-l1-1-0
TzSpecificLocalTimeToSystemTime
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
SystemTimeToFileTime
api-ms-win-core-synch-l1-1-0
WaitForMultipleObjectsEx
CreateEventW
CreateWaitableTimerExW
SetWaitableTimerEx
CancelWaitableTimer
SetWaitableTimer
WaitForSingleObject
SetEvent
api-ms-win-core-heap-l1-1-0
HeapAlloc
GetProcessHeap
HeapFree
api-ms-win-core-registry-l1-1-0
RegGetValueW
RegCloseKey
RegDeleteKeyExW
RegCreateKeyExW
RegOpenKeyExW
RegDeleteTreeW
api-ms-win-core-delayload-l1-1-1
ResolveDelayLoadedAPI
api-ms-win-core-delayload-l1-1-0
DelayLoadFailureHook
api-ms-win-core-apiquery-l1-1-0
ApiSetQueryApiSetPresence
ntdll
RtlAcquireSRWLockShared
RtlReleaseSRWLockExclusive
RtlSubscribeWnfStateChangeNotification
RtlInitializeSRWLock
RtlReleaseSRWLockShared
RtlPublishWnfStateData
NtQueryWnfStateData
RtlCreateSecurityDescriptor
RtlCreateAcl
RtlAbsoluteToSelfRelativeSD
RtlAddAccessAllowedAce
NtPowerInformation
RtlIsMultiSessionSku
RtlUnsubscribeWnfNotificationWaitForCompletion
NtSetThreadExecutionState
RtlNtStatusToDosError
EtwTraceMessage
RtlTryAcquireSRWLockShared
RtlSetDaclSecurityDescriptor
NtCreateWnfStateName
NtDeleteWnfStateName
RtlSetOwnerSecurityDescriptor
RtlLengthSecurityDescriptor
RtlCopySid
RtlAcquireSRWLockExclusive
RtlTestAndPublishWnfStateData
RtlWaitForWnfMetaNotification
EtwRegisterTraceGuidsW
EtwGetTraceEnableLevel
EtwGetTraceLoggerHandle
EtwGetTraceEnableFlags
EtwUnregisterTraceGuids
RtlLengthSid
api-ms-win-eventing-controller-l1-1-0
EnableTraceEx2
ControlTraceW
StartTraceW
api-ms-win-eventing-consumer-l1-1-0
OpenTraceW
CloseTrace
ProcessTrace
api-ms-win-power-setting-l1-1-0
PowerSettingRegisterNotification
PowerSettingUnregisterNotification
Exports
Exports
DabInitialize
DabPowerStateChanged
DabSessionStateChanged
DabTerminate
Sections
.text Size: 79KB - Virtual size: 78KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 22KB - Virtual size: 22KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 512B - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.didat Size: 512B - Virtual size: 64B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 364B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
__x64___setup___x32__/dab/diagperf.dll.dll regsvr32 windows:10 windows x64 arch:x64
b306282d5919c33c601b0599c6b8ce39
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
PDB Paths
diagperf.pdb
Imports
msvcrt
wcscspn
calloc
memcpy
memmove
_lock
_unlock
wcsspn
__CxxFrameHandler3
_XcptFilter
_amsg_exit
_initterm
?terminate@@YAXXZ
__dllonexit
_onexit
??1type_info@@UEAA@XZ
memset
memcmp
_wcslwr_s
wcsrchr
wcschr
_mktime64
_localtime64_s
_CxxThrowException
_callnewh
fprintf
fwprintf
vswprintf_s
_vscwprintf
realloc
wcstok_s
wcsncmp
_i64tow_s
??0exception@@QEAA@AEBQEBDH@Z
malloc
ldiv
??0exception@@QEAA@AEBQEBD@Z
?what@exception@@UEBAPEBDXZ
_wcsicmp
memmove_s
??0exception@@QEAA@AEBV0@@Z
??1exception@@UEAA@XZ
??0exception@@QEAA@XZ
_vsnprintf_s
_vsnwprintf
memcpy_s
_wcsdup
free
__C_specific_handler
_purecall
__iob_func
_itow_s
_wcsnicmp
wcsstr
_wcslwr
sqrt
ntdll
NtQuerySystemInformation
NtSetInformationFile
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
WinSqmAddToStream
EtwEventWriteEndScenario
EtwEventWriteStartScenario
EtwEventActivityIdControl
WinSqmSetDWORD
WinSqmSetString
WinSqmEndSession
WinSqmStartSession
WinSqmIsOptedIn
EtwEventWrite
EtwEventEnabled
EtwEventUnregister
EtwEventRegister
WinSqmIncrementDWORD
api-ms-win-core-datetime-l1-1-0
GetTimeFormatW
GetDateFormatW
api-ms-win-core-debug-l1-1-0
DebugBreak
OutputDebugStringW
OutputDebugStringA
IsDebuggerPresent
api-ms-win-core-errorhandling-l1-1-0
RaiseException
GetLastError
SetUnhandledExceptionFilter
UnhandledExceptionFilter
SetLastError
api-ms-win-core-file-l1-1-0
ReadFile
CompareFileTime
FileTimeToLocalFileTime
LockFileEx
SetFilePointer
GetFileSize
CreateFileW
SetEndOfFile
UnlockFile
WriteFile
api-ms-win-core-handle-l1-1-0
CloseHandle
api-ms-win-core-heap-l1-1-0
HeapDestroy
GetProcessHeap
HeapAlloc
HeapSize
HeapFree
HeapReAlloc
api-ms-win-core-libraryloader-l1-2-0
GetModuleFileNameW
GetModuleHandleW
FindResourceExW
LoadResource
LockResource
SizeofResource
GetModuleFileNameA
GetProcAddress
GetModuleHandleExW
FreeLibrary
api-ms-win-core-libraryloader-l1-2-1
LoadLibraryW
api-ms-win-core-registry-l1-1-0
RegCloseKey
RegOpenKeyExW
RegQueryValueExW
RegCreateKeyExW
RegSetValueExW
api-ms-win-core-processthreads-l1-1-0
GetCurrentProcess
TerminateProcess
CreateThread
SetThreadPriority
TlsAlloc
TlsFree
TlsGetValue
GetCurrentThreadId
GetCurrentProcessId
TlsSetValue
GetCurrentThread
GetThreadPriority
api-ms-win-core-profile-l1-1-0
QueryPerformanceCounter
api-ms-win-core-string-l1-1-0
MultiByteToWideChar
api-ms-win-core-synch-l1-1-0
DeleteCriticalSection
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
ReleaseSRWLockShared
ReleaseSemaphore
ReleaseMutex
WaitForSingleObjectEx
InitializeCriticalSectionEx
WaitForSingleObject
SetEvent
OpenSemaphoreW
CreateMutexExW
CreateSemaphoreExW
CreateEventW
AcquireSRWLockShared
api-ms-win-core-synch-l1-2-1
WaitForMultipleObjects
api-ms-win-core-synch-l1-2-0
Sleep
WakeAllConditionVariable
SleepConditionVariableSRW
api-ms-win-core-sysinfo-l1-1-0
GetSystemDirectoryW
GetTickCount
GetSystemTimeAsFileTime
GetSystemWindowsDirectoryW
api-ms-win-core-threadpool-l1-2-0
CloseThreadpoolTimer
WaitForThreadpoolTimerCallbacks
SetThreadpoolTimer
CreateThreadpoolTimer
api-ms-win-security-base-l1-1-0
GetLengthSid
CopySid
IsValidSid
AllocateAndInitializeSid
FreeSid
GetTokenInformation
AddAccessAllowedAceEx
InitializeAcl
api-ms-win-security-sddl-l1-1-0
ConvertStringSecurityDescriptorToSecurityDescriptorW
ConvertSidToStringSidW
kernel32
ResolveDelayLoadedAPI
GlobalMemoryStatusEx
GetFileAttributesExW
GetSystemInfo
DeleteFileW
CreateDirectoryW
ExpandEnvironmentStringsW
FindFirstVolumeW
GetVolumePathNamesForVolumeNameW
QueryDosDeviceW
FindNextVolumeW
FindVolumeClose
QueryActCtxW
CreateActCtxW
FindActCtxSectionStringW
ActivateActCtx
DeactivateActCtx
CreateTimerQueueTimer
DeleteTimerQueueTimer
DeleteTimerQueueEx
CreateTimerQueue
LocalFree
FileTimeToSystemTime
FormatMessageW
DelayLoadFailureHook
rpcrt4
RpcBindingFree
RpcStringFreeW
RpcStringBindingComposeW
RpcBindingSetAuthInfoExW
NdrClientCall3
RpcBindingFromStringBindingW
Exports
Exports
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
WdiDiagnosticModuleMain
WdiGetDiagnosticModuleInterfaceVersion
WdiHandleInstance
Sections
.text Size: 888KB - Virtual size: 887KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 289KB - Virtual size: 288KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 11KB - Virtual size: 15KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 55KB - Virtual size: 55KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.didat Size: 1024B - Virtual size: 632B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 69KB - Virtual size: 69KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 6KB - Virtual size: 6KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
__x64___setup___x32__/dab/fcon.dll.dll windows:10 windows x64 arch:x64
e49a29f9efd90448f49e5fd8823a3bef
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
PDB Paths
fcon.pdb
Imports
msvcp_win
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@I@Z
?_Xbad_function_call@std@@YAXXZ
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@H@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@_N@Z
??0?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAA@PEAV?$basic_streambuf@GU?$char_traits@G@std@@@1@_N@Z
?_Xout_of_range@std@@YAXPEBD@Z
?_Xinvalid_argument@std@@YAXPEBD@Z
??1?$basic_ios@GU?$char_traits@G@std@@@std@@UEAA@XZ
??1?$basic_ostream@GU?$char_traits@G@std@@@std@@UEAA@XZ
?gbump@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXH@Z
?_Pninc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAPEAGXZ
??1?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAA@XZ
?flush@?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV12@XZ
?setstate@?$basic_ios@GU?$char_traits@G@std@@@std@@QEAAXH_N@Z
?sync@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAHXZ
?_Osfx@?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAXXZ
?uncaught_exception@std@@YA_NXZ
?_Unlock@?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAAXXZ
?_Lock@?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAAXXZ
?getloc@ios_base@std@@QEBA?AVlocale@2@XZ
?sputc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QEAAGG@Z
??1_Lockit@std@@QEAA@XZ
??0_Lockit@std@@QEAA@H@Z
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
??Bid@locale@std@@QEAA_KXZ
?_Getcat@?$ctype@G@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?id@?$ctype@G@std@@2V0locale@2@A
?widen@?$ctype@G@std@@QEBAGD@Z
?showmanyc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JXZ
?uflow@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAGXZ
?xsgetn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JPEAG_J@Z
?xsputn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JPEBG_J@Z
?setbuf@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAPEAV12@PEAG_J@Z
?imbue@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAXAEBVlocale@2@@Z
??0?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAA@XZ
??0?$basic_ios@GU?$char_traits@G@std@@@std@@IEAA@XZ
?_Xlength_error@std@@YAXPEBD@Z
api-ms-win-crt-runtime-l1-1-0
_initterm
_initterm_e
api-ms-win-crt-private-l1-1-0
_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__purecall
_o__register_onexit_function
_o__seh_filter_dll
memmove
_o__wcsdup
_o__wcsicmp
_o_free
_o_malloc
_o_qsort
_o_terminate
_o_wcscpy_s
_o_wcstoul
__C_specific_handler
__CxxFrameHandler3
_CxxThrowException
_o__crt_atexit
_o__execute_onexit_table
_o__configure_narrow_argv
_o__errno
_o___stdio_common_vswprintf
_o___stdio_common_vsnprintf_s
_o__cexit
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
_o__callnewh
memcmp
__std_terminate
__CxxFrameHandler4
memcpy
api-ms-win-crt-string-l1-1-0
memset
api-ms-win-core-libraryloader-l1-2-0
GetModuleFileNameA
FreeLibraryAndExitThread
FreeLibrary
GetProcAddress
GetModuleHandleExW
GetModuleHandleW
api-ms-win-core-synch-l1-1-0
ReleaseSemaphore
EnterCriticalSection
InitializeCriticalSectionEx
WaitForSingleObject
ReleaseMutex
ReleaseSRWLockExclusive
CreateSemaphoreExW
ResetEvent
LeaveCriticalSection
AcquireSRWLockExclusive
WaitForSingleObjectEx
OpenSemaphoreW
ReleaseSRWLockShared
CreateMutexExW
AcquireSRWLockShared
InitializeCriticalSectionAndSpinCount
SetEvent
DeleteCriticalSection
CreateEventW
api-ms-win-core-heap-l1-1-0
GetProcessHeap
HeapFree
HeapAlloc
api-ms-win-core-errorhandling-l1-1-0
UnhandledExceptionFilter
SetLastError
SetUnhandledExceptionFilter
GetLastError
RaiseException
api-ms-win-core-threadpool-l1-2-0
CloseThreadpoolTimer
CreateThreadpoolTimer
SetThreadpoolTimer
WaitForThreadpoolTimerCallbacks
api-ms-win-core-processthreads-l1-1-0
GetCurrentProcess
GetCurrentThreadId
CreateThread
OpenProcessToken
TerminateProcess
GetCurrentProcessId
ResumeThread
api-ms-win-core-localization-l1-2-0
FormatMessageW
api-ms-win-core-debug-l1-1-0
DebugBreak
OutputDebugStringW
IsDebuggerPresent
api-ms-win-core-handle-l1-1-0
CloseHandle
api-ms-win-eventing-provider-l1-1-0
EventSetInformation
EventRegister
EventWriteTransfer
EventUnregister
api-ms-win-core-winrt-string-l1-1-0
WindowsGetStringRawBuffer
WindowsCreateString
WindowsCreateStringReference
WindowsStringHasEmbeddedNull
WindowsIsStringEmpty
WindowsDeleteString
api-ms-win-core-com-l1-1-0
CoGetCallContext
CoCreateGuid
CoCreateFreeThreadedMarshaler
StringFromGUID2
CoGetClassObject
CoCreateInstance
CoTaskMemFree
CoTaskMemAlloc
api-ms-win-core-winrt-error-l1-1-0
RoOriginateErrorW
RoOriginateError
api-ms-win-core-util-l1-1-0
DecodePointer
EncodePointer
api-ms-win-core-synch-l1-2-0
InitOnceExecuteOnce
InitOnceComplete
InitOnceBeginInitialize
api-ms-win-core-winrt-l1-1-0
RoActivateInstance
RoGetActivationFactory
api-ms-win-core-rtlsupport-l1-1-0
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
api-ms-win-core-processthreads-l1-1-1
IsProcessorFeaturePresent
api-ms-win-core-profile-l1-1-0
QueryPerformanceCounter
api-ms-win-core-sysinfo-l1-1-0
GetSystemTimeAsFileTime
api-ms-win-core-interlocked-l1-1-0
InitializeSListHead
ntdll
RtlSetSystemBootStatus
RtlQueryFeatureUsageNotificationSubscriptions
RtlSetFeatureConfigurations
RtlSubscribeForFeatureUsageNotification
RtlQueryAllFeatureConfigurations
RtlQueryFeatureConfigurationChangeStamp
RtlUnsubscribeFromFeatureUsageNotifications
RtlIsStateSeparationEnabled
RtlAllocateHeap
RtlGetSystemBootStatus
RtlEqualUnicodeString
RtlIntegerToUnicodeString
ZwQueryKey
ZwOpenKeyEx
ZwEnumerateValueKey
ZwEnumerateKey
ZwClose
RtlFreeHeap
RtlPublishWnfStateData
api-ms-win-core-string-l1-1-0
CompareStringOrdinal
api-ms-win-core-registry-l1-1-0
RegDeleteTreeW
RegEnumValueW
RegFlushKey
RegCloseKey
RegDeleteValueW
RegQueryInfoKeyW
RegOpenKeyExW
RegSetValueExW
RegGetValueW
RegCreateKeyExW
api-ms-win-core-path-l1-1-0
PathAllocCombine
api-ms-win-stateseparation-helpers-l1-1-0
GetPersistedRegistryLocationW
api-ms-win-core-registry-l2-1-0
RegEnumKeyW
RegDeleteKeyW
RegOpenKeyW
rpcrt4
RpcStringFreeW
RpcBindingFromStringBindingW
RpcBindingFree
RpcExceptionFilter
NdrClientCall3
RpcStringBindingComposeW
api-ms-win-security-base-l1-1-0
GetTokenInformation
api-ms-win-core-apiquery-l1-1-0
ApiSetQueryApiSetPresence
api-ms-win-core-delayload-l1-1-1
ResolveDelayLoadedAPI
api-ms-win-core-delayload-l1-1-0
DelayLoadFailureHook
api-ms-win-crt-math-l1-1-0
ceilf
Exports
Exports
DllCanUnloadNow
DllGetActivationFactory
DllGetClassObject
GetCtacPropertyAlloc
ModifyStagingControls
Sections
.text Size: 190KB - Virtual size: 189KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 51KB - Virtual size: 50KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 2KB - Virtual size: 6KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 9KB - Virtual size: 8KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.didat Size: 512B - Virtual size: 16B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
__x64___setup___x32__/dab/hal.dll.dll windows:10 windows x64 arch:x64
Code Sign
33:00:00:03:8d:b0:bf:e1:b0:ca:33:b3:d4:00:00:00:00:03:8dCertificate
IssuerCN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before05-05-2022 19:23Not After04-05-2023 19:23SubjectCN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageCodeSigning
61:07:76:56:00:00:00:00:00:08Certificate
IssuerCN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before19-10-2011 18:41Not After19-10-2026 18:51SubjectCN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
34:25:a5:72:46:7c:d8:53:12:38:0c:aa:83:2f:60:81:92:2f:e8:86:7d:b7:1d:3d:3d:0e:35:b6:ec:9b:c2:8dSigner
Actual PE Digest34:25:a5:72:46:7c:d8:53:12:38:0c:aa:83:2f:60:81:92:2f:e8:86:7d:b7:1d:3d:3d:0e:35:b6:ec:9b:c2:8dDigest Algorithmsha256PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
PDB Paths
hal.pdb
Exports
Exports
HalAcpiGetTableEx
HalAcquireDisplayOwnership
HalAdjustResourceList
HalAllProcessorsStarted
HalAllocateAdapterChannel
HalAllocateCommonBuffer
HalAllocateCrashDumpRegisters
HalAllocateHardwareCounters
HalAssignSlotResources
HalBugCheckSystem
HalCalibratePerformanceCounter
HalClearSoftwareInterrupt
HalConvertDeviceIdtToIrql
HalDisableInterrupt
HalDisplayString
HalDmaAllocateCrashDumpRegistersEx
HalDmaFreeCrashDumpRegistersEx
HalEnableInterrupt
HalEnumerateEnvironmentVariablesEx
HalEnumerateProcessors
HalFlushCommonBuffer
HalFreeCommonBuffer
HalFreeHardwareCounters
HalGetAdapter
HalGetBusData
HalGetBusDataByOffset
HalGetEnvironmentVariable
HalGetEnvironmentVariableEx
HalGetInterruptTargetInformation
HalGetInterruptVector
HalGetMemoryCachingRequirements
HalGetMessageRoutingInfo
HalGetProcessorIdByNtNumber
HalGetVectorInput
HalHandleMcheck
HalHandleNMI
HalInitSystem
HalInitializeBios
HalInitializeOnResume
HalInitializeProcessor
HalIsHyperThreadingEnabled
HalMakeBeep
HalPerformEndOfInterrupt
HalProcessorIdle
HalQueryDisplayParameters
HalQueryEnvironmentVariableInfoEx
HalQueryMaximumProcessorCount
HalQueryRealTimeClock
HalReadDmaCounter
HalRegisterDynamicProcessor
HalRegisterErrataCallbacks
HalReportResourceUsage
HalRequestClockInterrupt
HalRequestDeferredRecoveryServiceInterrupt
HalRequestIpi
HalRequestIpiSpecifyVector
HalRequestSoftwareInterrupt
HalReturnToFirmware
HalSendNMI
HalSendSoftwareInterrupt
HalSetBusData
HalSetBusDataByOffset
HalSetDisplayParameters
HalSetEnvironmentVariable
HalSetEnvironmentVariableEx
HalSetProfileInterval
HalSetRealTimeClock
HalStartDynamicProcessor
HalStartNextProcessor
HalStartProfileInterrupt
HalStopProfileInterrupt
HalSystemVectorDispatchEntry
HalTranslateBusAddress
HalWheaUpdateCmciPolicy
IoFlushAdapterBuffers
IoFreeAdapterChannel
IoFreeMapRegisters
IoMapTransfer
IoReadPartitionTable
IoSetPartitionInformation
IoWritePartitionTable
KdComPortInUse
KdHvComPortInUse
KeFlushWriteBuffer
KeQueryPerformanceCounter
KeStallExecutionProcessor
x86BiosAllocateBuffer
x86BiosCall
x86BiosFreeBuffer
x86BiosReadMemory
x86BiosWriteMemory
Sections
.rdata Size: 512B - Virtual size: 268B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: - Virtual size: 128B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.edata Size: 6KB - Virtual size: 5KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 1024B - Virtual size: 1024B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
__x64___setup___x32__/mscms/NPSM.dll.dll windows:10 windows x64 arch:x64
4004c0a0bb2b5158cf0f1819716be35f
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
PDB Paths
NPSM.pdb
Imports
msvcrt
__dllonexit
_unlock
_lock
memcpy
_CxxThrowException
??1type_info@@UEAA@XZ
_onexit
_initterm
__CxxFrameHandler3
_callnewh
malloc
free
?what@exception@@UEBAPEBDXZ
_amsg_exit
_XcptFilter
?terminate@@YAXXZ
memset
__C_specific_handler
memmove
??3@YAXPEAX@Z
??0exception@@QEAA@AEBQEBDH@Z
_purecall
_vsnwprintf
??_V@YAXPEAX@Z
memcpy_s
??1exception@@UEAA@XZ
??0exception@@QEAA@XZ
??0exception@@QEAA@AEBV0@@Z
_vsnprintf_s
difftime
time
wcschr
??0exception@@QEAA@AEBQEBD@Z
wcscmp
api-ms-win-core-synch-l1-2-0
Sleep
WakeByAddressAll
WaitOnAddress
InitOnceComplete
InitOnceBeginInitialize
InitOnceExecuteOnce
api-ms-win-core-winrt-string-l1-1-0
WindowsStringHasEmbeddedNull
WindowsDeleteString
WindowsCreateString
WindowsCreateStringReference
WindowsGetStringRawBuffer
WindowsIsStringEmpty
api-ms-win-core-util-l1-1-0
EncodePointer
DecodePointer
api-ms-win-eventing-obsolete-l1-1-0
RegisterTraceGuidsA
api-ms-win-eventing-classicprovider-l1-1-0
GetTraceEnableFlags
UnregisterTraceGuids
TraceMessage
GetTraceLoggerHandle
GetTraceEnableLevel
api-ms-win-core-winrt-error-l1-1-0
RoOriginateErrorW
RoOriginateError
RoTransformError
api-ms-win-core-synch-l1-1-0
InitializeSRWLock
CreateSemaphoreExW
WaitForSingleObject
SetEvent
ReleaseMutex
CreateEventW
ReleaseSRWLockExclusive
WaitForSingleObjectEx
OpenSemaphoreW
AcquireSRWLockShared
EnterCriticalSection
LeaveCriticalSection
CreateMutexExW
ReleaseSRWLockShared
AcquireSRWLockExclusive
InitializeCriticalSectionEx
DeleteCriticalSection
ReleaseSemaphore
api-ms-win-core-libraryloader-l1-2-0
GetProcAddress
GetModuleHandleW
GetModuleFileNameA
FreeLibrary
GetModuleHandleExW
DisableThreadLibraryCalls
api-ms-win-core-profile-l1-1-0
QueryPerformanceCounter
api-ms-win-core-processthreads-l1-1-0
GetCurrentThreadId
GetCurrentProcessId
GetProcessId
TerminateProcess
OpenProcessToken
ProcessIdToSessionId
GetCurrentProcess
api-ms-win-core-sysinfo-l1-1-0
GetSystemTimeAsFileTime
GetTickCount
api-ms-win-core-rtlsupport-l1-1-0
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
api-ms-win-core-errorhandling-l1-1-0
SetLastError
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetLastError
RaiseException
api-ms-win-core-com-l1-1-0
CoIncrementMTAUsage
CoResumeClassObjects
CoInitializeEx
CoCreateFreeThreadedMarshaler
CoRegisterClassObject
CoCreateInstance
CoGetCallContext
CoDecrementMTAUsage
CoTaskMemRealloc
CoSetProxyBlanket
CoImpersonateClient
CoUninitialize
CoTaskMemFree
CoDisableCallCancellation
CoRevokeClassObject
CoTaskMemAlloc
CoGetMalloc
CLSIDFromString
CoRevertToSelf
CoCancelCall
CoEnableCallCancellation
CoDisconnectContext
ntdll
RtlFreeHeap
NtQueryInformationToken
RtlInitUnicodeString
RtlEqualSid
RtlAllocateHeap
RtlNtStatusToDosErrorNoTeb
RtlCompareUnicodeString
RtlQueryPackageClaims
RtlPublishWnfStateData
api-ms-win-core-winrt-l1-1-0
RoRegisterActivationFactories
RoRevokeActivationFactories
RoGetActivationFactory
api-ms-win-eventing-provider-l1-1-0
EventUnregister
EventSetInformation
EventActivityIdControl
EventWriteTransfer
EventRegister
api-ms-win-core-heap-l1-1-0
HeapFree
GetProcessHeap
HeapAlloc
api-ms-win-core-localization-l1-2-0
FormatMessageW
api-ms-win-core-debug-l1-1-0
DebugBreak
OutputDebugStringW
IsDebuggerPresent
api-ms-win-core-handle-l1-1-0
DuplicateHandle
CloseHandle
api-ms-win-service-core-l1-1-0
RegisterServiceCtrlHandlerExW
SetServiceStatus
api-ms-win-power-setting-l1-1-0
PowerSettingRegisterNotification
PowerSettingUnregisterNotification
api-ms-win-core-kernel32-legacy-l1-1-0
UnregisterWait
api-ms-win-core-string-l1-1-0
CompareStringOrdinal
api-ms-win-core-threadpool-l1-2-0
CloseThreadpoolWait
WaitForThreadpoolWaitCallbacks
CreateThreadpoolTimer
CloseThreadpoolTimer
FreeLibraryWhenCallbackReturns
CreateThreadpoolWork
CloseThreadpoolWork
SubmitThreadpoolWork
SetThreadpoolWait
SetThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CreateThreadpoolWait
api-ms-win-core-featurestaging-l1-1-0
RecordFeatureUsage
UnsubscribeFeatureStateChangeNotification
GetFeatureEnabledState
SubscribeFeatureStateChangeNotification
api-ms-win-core-processthreads-l1-1-1
OpenProcess
rpcrt4
I_RpcBindingInqLocalClientPID
api-ms-win-security-base-l1-1-0
CopySid
GetTokenInformation
GetLengthSid
api-ms-win-security-capability-l1-1-0
CapabilityCheck
api-ms-win-shcore-taskpool-l1-1-0
SHTaskPoolQueueTask
SHTaskPoolGetUniqueContext
api-ms-win-core-registry-l1-1-0
RegGetValueW
api-ms-win-core-com-l1-1-1
RoGetAgileReference
api-ms-win-core-threadpool-legacy-l1-1-0
DeleteTimerQueueTimer
CreateTimerQueueTimer
api-ms-win-shcore-thread-l1-1-0
SHCreateThread
api-ms-win-core-processenvironment-l1-1-0
ExpandEnvironmentStringsW
api-ms-win-core-psapi-l1-1-0
QueryFullProcessImageNameW
api-ms-win-core-atoms-l1-1-0
GlobalGetAtomNameW
api-ms-win-core-heap-l2-1-0
LocalFree
LocalAlloc
combase
ord66
ord67
ord68
propsys
PSCreateMemoryPropertyStore
api-ms-win-core-delayload-l1-1-1
ResolveDelayLoadedAPI
api-ms-win-core-delayload-l1-1-0
DelayLoadFailureHook
Exports
Exports
DllCanUnloadNow
DllGetActivationFactory
DllGetClassObject
RegisterNowPlayingSessionManagerFactory
ServiceMain
SvchostPushServiceGlobals
UnregisterNowPlayingSessionManagerFactory
Sections
.text Size: 131KB - Virtual size: 131KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 52KB - Virtual size: 51KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 1024B - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 7KB - Virtual size: 6KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.didat Size: 512B - Virtual size: 128B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
__x64___setup___x32__/mscms/mscms.dll.dll windows:10 windows x64 arch:x64
f725807fb7dee4b0001264abf003889b
Code Sign
33:00:00:02:66:bd:15:80:ef:a7:5c:d6:d3:00:00:00:00:02:66Certificate
IssuerCN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before04-03-2020 18:30Not After03-03-2021 18:30SubjectCN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageCodeSigning
61:07:76:56:00:00:00:00:00:08Certificate
IssuerCN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before19-10-2011 18:41Not After19-10-2026 18:51SubjectCN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
5a:08:a9:14:61:d8:cc:e8:c5:7b:95:fd:79:db:a3:cd:11:2a:78:4f:d0:ad:ff:c3:22:86:56:8e:65:71:7c:4cSigner
Actual PE Digest5a:08:a9:14:61:d8:cc:e8:c5:7b:95:fd:79:db:a3:cd:11:2a:78:4f:d0:ad:ff:c3:22:86:56:8e:65:71:7c:4cDigest Algorithmsha256PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
PDB Paths
mscms.pdb
Imports
api-ms-win-crt-math-l1-1-0
expf
cosf
atan2f
sqrtf
floorf
logf
sinf
_finite
api-ms-win-crt-runtime-l1-1-0
_initterm_e
_initterm
api-ms-win-crt-private-l1-1-0
_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__purecall
_o__register_onexit_function
_o__seh_filter_dll
_o__wcsicmp
_o__wtoi
_o_floor
_o_free
_o_iswupper
_o_malloc
_o_memcpy_s
_o_pow
_o_powf
_o_qsort
_o_sqrt
_o_terminate
_o_toupper
_o_towlower
_o_wcscpy_s
_o_wcstod
_o_wcstok_s
_o__execute_onexit_table
_o__errno
wcschr
__CxxFrameHandler3
_o__crt_atexit
_o__configure_narrow_argv
_o__cexit
_o__callnewh
_o___stdio_common_vswscanf
_o___stdio_common_vswprintf
_o___stdio_common_vsprintf
_o___stdio_common_vsnprintf_s
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
__C_specific_handler
__std_terminate
__CxxFrameHandler4
wcsrchr
wcsstr
_CxxThrowException
memcmp
memcpy
memmove
api-ms-win-crt-string-l1-1-0
memset
wcsncmp
api-ms-win-core-libraryloader-l1-2-0
GetProcAddress
DisableThreadLibraryCalls
LockResource
LoadResource
FreeLibraryAndExitThread
LoadLibraryExW
GetModuleHandleExW
GetModuleFileNameA
LoadStringW
GetModuleHandleW
FreeLibrary
SizeofResource
api-ms-win-core-synch-l1-1-0
InitializeCriticalSectionAndSpinCount
CreateMutexW
InitializeCriticalSectionEx
DeleteCriticalSection
ReleaseMutex
WaitForSingleObject
WaitForSingleObjectEx
ReleaseSemaphore
OpenSemaphoreW
ReleaseSRWLockShared
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
CreateSemaphoreExW
CreateMutexExW
CreateEventW
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
AcquireSRWLockShared
ntdll
RtlGetPersistedStateLocation
NtRenameKey
EtwEventEnabled
RtlPublishWnfStateData
EtwEventWrite
WinSqmIsOptedIn
EtwEventUnregister
EtwEventRegister
RtlLcidToLocaleName
RtlFreeUnicodeString
RtlNtStatusToDosError
WinSqmAddToStream
api-ms-win-eventing-provider-l1-1-0
EventUnregister
EventProviderEnabled
EventRegister
EventSetInformation
EventWriteTransfer
api-ms-win-core-errorhandling-l1-1-0
SetLastError
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RaiseException
GetLastError
api-ms-win-core-string-l1-1-0
MultiByteToWideChar
CompareStringW
WideCharToMultiByte
api-ms-win-core-file-l1-1-0
FindNextFileW
DeleteFileW
FindClose
GetFileSize
CreateFileW
SetFilePointer
GetFileAttributesW
GetFileTime
SetEndOfFile
ReadFile
FindFirstFileW
WriteFile
GetFileSizeEx
api-ms-win-core-memory-l1-1-0
MapViewOfFile
CreateFileMappingW
UnmapViewOfFile
api-ms-win-core-handle-l1-1-0
CloseHandle
api-ms-win-core-heap-l1-1-0
HeapAlloc
HeapReAlloc
GetProcessHeap
HeapFree
api-ms-win-core-libraryloader-l1-2-1
LoadLibraryW
FindResourceW
api-ms-win-core-processthreads-l1-1-0
GetCurrentThread
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
SetThreadToken
OpenThreadToken
TerminateProcess
CreateThread
OpenProcessToken
api-ms-win-core-registry-l1-1-0
RegQueryValueExW
RegCloseKey
RegCreateKeyExW
RegOpenKeyExW
RegDeleteValueW
RegSetValueExW
api-ms-win-core-sysinfo-l1-1-0
GetTickCount
GetTickCount64
GetSystemTimeAsFileTime
GetSystemDirectoryW
GetSystemTime
api-ms-win-core-file-l2-1-2
CopyFileW
api-ms-win-core-string-obsolete-l1-1-0
lstrcmpiW
api-ms-win-core-localization-l1-2-0
FormatMessageW
GetThreadLocale
LCMapStringW
GetThreadPreferredUILanguages
api-ms-win-ntuser-sysparams-l1-1-0
GetMonitorInfoW
DisplayConfigGetDeviceInfo
EnumDisplayMonitors
GetSystemMetrics
GetDisplayConfigBufferSizes
DisplayConfigSetDeviceInfo
EnumDisplayDevicesW
QueryDisplayConfig
api-ms-win-core-largeinteger-l1-1-0
MulDiv
api-ms-win-core-com-l1-1-0
CoInitializeEx
CoCreateInstance
CLSIDFromString
CoUninitialize
CoWaitForMultipleHandles
userenv
EnterCriticalPolicySection
LeaveCriticalPolicySection
api-ms-win-core-threadpool-l1-2-0
CreateThreadpoolTimer
SetThreadpoolTimer
CloseThreadpoolTimer
WaitForThreadpoolTimerCallbacks
api-ms-win-core-winrt-l1-1-0
RoUninitialize
RoInitialize
api-ms-win-core-debug-l1-1-0
OutputDebugStringW
IsDebuggerPresent
DebugBreak
api-ms-win-core-heap-l2-1-0
GlobalFree
LocalAlloc
LocalFree
api-ms-win-core-processthreads-l1-1-1
IsProcessorFeaturePresent
api-ms-win-core-string-l2-1-0
CharNextW
CharPrevW
CharUpperW
api-ms-win-core-rtlsupport-l1-1-0
RtlLookupFunctionEntry
RtlCaptureContext
RtlVirtualUnwind
api-ms-win-core-profile-l1-1-0
QueryPerformanceCounter
api-ms-win-core-interlocked-l1-1-0
InitializeSListHead
api-ms-win-core-timezone-l1-1-0
FileTimeToSystemTime
api-ms-win-core-winrt-string-l1-1-0
WindowsCreateString
WindowsDeleteString
api-ms-win-security-base-l1-1-0
GetTokenInformation
coloradapterclient
ModernColorSetGDILutFromHDC
ModernColorGetGDILutFromHDC
ModernColorSetLut
ModernColorSetMatrix
ModernColorSetGDILut
api-ms-win-core-apiquery-l1-1-0
ApiSetQueryApiSetPresence
api-ms-win-core-synch-l1-2-0
Sleep
api-ms-win-core-delayload-l1-1-1
ResolveDelayLoadedAPI
api-ms-win-core-delayload-l1-1-0
DelayLoadFailureHook
Exports
Exports
AssociateColorProfileWithDeviceA
AssociateColorProfileWithDeviceW
CheckBitmapBits
CheckColors
CloseColorProfile
CloseDisplay
ColorAdapterGetCurrentProfileCalibration
ColorAdapterGetDisplayCurrentStateID
ColorAdapterGetDisplayProfile
ColorAdapterGetDisplayTargetWhitePoint
ColorAdapterGetDisplayTransformData
ColorAdapterGetSystemModifyWhitePointCaps
ColorAdapterRegisterOEMColorService
ColorAdapterUnregisterOEMColorService
ColorAdapterUpdateDeviceProfile
ColorAdapterUpdateDisplayGamma
ColorCplGetDefaultProfileScope
ColorCplGetDefaultRenderingIntentScope
ColorCplGetProfileProperties
ColorCplHasSystemWideAssociationListChanged
ColorCplInitialize
ColorCplLoadAssociationList
ColorCplMergeAssociationLists
ColorCplOverwritePerUserAssociationList
ColorCplReleaseProfileProperties
ColorCplResetSystemWideAssociationListChangedWarning
ColorCplSaveAssociationList
ColorCplSetUsePerUserProfiles
ColorCplUninitialize
ColorProfileAddDisplayAssociation
ColorProfileGetDisplayDefault
ColorProfileGetDisplayList
ColorProfileGetDisplayUserScope
ColorProfileRemoveDisplayAssociation
ColorProfileSetDisplayDefaultAssociation
ConvertColorNameToIndex
ConvertIndexToColorName
CreateColorTransformA
CreateColorTransformW
CreateDeviceLinkProfile
CreateMultiProfileTransform
CreateProfileFromLogColorSpaceA
CreateProfileFromLogColorSpaceW
DccwCreateDisplayProfileAssociationList
DccwGetDisplayProfileAssociationList
DccwGetGamutSize
DccwReleaseDisplayProfileAssociationList
DccwSetDisplayProfileAssociationList
DeleteColorTransform
DeviceRenameEvent
DisassociateColorProfileFromDeviceA
DisassociateColorProfileFromDeviceW
DllCanUnloadNow
DllGetClassObject
EnumColorProfilesA
EnumColorProfilesW
GenerateCopyFilePaths
GetCMMInfo
GetColorDirectoryA
GetColorDirectoryW
GetColorProfileElement
GetColorProfileElementTag
GetColorProfileFromHandle
GetColorProfileHeader
GetCountColorProfileElements
GetNamedProfileInfo
GetPS2ColorRenderingDictionary
GetPS2ColorRenderingIntent
GetPS2ColorSpaceArray
GetStandardColorSpaceProfileA
GetStandardColorSpaceProfileW
InstallColorProfileA
InstallColorProfileW
InternalGetAppliedGDIGammaRamp
InternalGetAppliedGammaRamp
InternalGetDeviceConfig
InternalGetDeviceGammaCapability
InternalGetPS2CSAFromLCS
InternalGetPS2ColorRenderingDictionary
InternalGetPS2ColorRenderingDictionary2
InternalGetPS2ColorSpaceArray
InternalGetPS2ColorSpaceArray2
InternalGetPS2PreviewCRD
InternalGetPS2PreviewCRD2
InternalRefreshCalibration
InternalSetDeviceConfig
InternalSetDeviceGDIGammaRamp
InternalSetDeviceGammaRamp
InternalSetDeviceTemperature
InternalWcsAssociateColorProfileWithDevice
InternalWcsDisassociateColorProfileWithDevice
IsColorProfileTagPresent
IsColorProfileValid
OpenColorProfileA
OpenColorProfileW
OpenDisplay
RegisterCMMA
RegisterCMMW
SelectCMM
SetColorProfileElement
SetColorProfileElementReference
SetColorProfileElementSize
SetColorProfileHeader
SetStandardColorSpaceProfileA
SetStandardColorSpaceProfileW
SpoolerCopyFileEvent
TranslateBitmapBits
TranslateColors
UninstallColorProfileA
UninstallColorProfileW
UnregisterCMMA
UnregisterCMMW
WcsAssociateColorProfileWithDevice
WcsCheckColors
WcsCreateIccProfile
WcsDisassociateColorProfileFromDevice
WcsEnumColorProfiles
WcsEnumColorProfilesSize
WcsGetCalibrationManagementState
WcsGetDefaultColorProfile
WcsGetDefaultColorProfileSize
WcsGetDefaultRenderingIntent
WcsGetUsePerUserProfiles
WcsGpCanInstallOrUninstallProfiles
WcsOpenColorProfileA
WcsOpenColorProfileW
WcsSetCalibrationManagementState
WcsSetDefaultColorProfile
WcsSetDefaultRenderingIntent
WcsSetUsePerUserProfiles
WcsTranslateColors
Sections
.text Size: 494KB - Virtual size: 494KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 91KB - Virtual size: 91KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 2KB - Virtual size: 5KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 19KB - Virtual size: 19KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.didat Size: 512B - Virtual size: 208B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 66KB - Virtual size: 66KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 2KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
__x64___setup___x32__/mscms/msvcp120.dll.dll windows:6 windows x64 arch:x64
8bbb502b9452fee14bc96b306e6136bf
Code Sign
33:00:00:00:b5:ac:7d:6d:87:6b:26:11:47:00:00:00:00:00:b5Certificate
IssuerCN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before07-09-2016 17:58Not After07-09-2018 17:58SubjectCN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:B8EC-30A4-7144,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageTimeStamping
33:00:00:01:40:96:a9:ee:70:56:fe:cc:07:00:01:00:00:01:40Certificate
IssuerCN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before18-08-2016 20:17Not After02-11-2017 20:17SubjectCN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageCodeSigning
61:33:26:1a:00:00:00:00:00:31Certificate
IssuerCN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6dNot Before31-08-2010 22:19Not After31-08-2020 22:29SubjectCN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
61:16:68:34:00:00:00:00:00:1cCertificate
IssuerCN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6dNot Before03-04-2007 12:53Not After03-04-2021 13:03SubjectCN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
33:00:00:00:8e:87:91:a4:57:1a:5f:ca:3e:00:00:00:00:00:8eCertificate
IssuerCN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before17-11-2016 22:09Not After17-02-2018 22:09SubjectCN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageCodeSigning
61:0e:90:d2:00:00:00:00:00:03Certificate
IssuerCN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before08-07-2011 20:59Not After08-07-2026 21:09SubjectCN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
56:1a:ad:be:27:0f:1d:1b:6a:1a:b3:9e:bc:f0:f6:36:a5:be:09:4a:3b:0f:d6:76:52:de:25:91:b3:38:58:46Signer
Actual PE Digest56:1a:ad:be:27:0f:1d:1b:6a:1a:b3:9e:bc:f0:f6:36:a5:be:09:4a:3b:0f:d6:76:52:de:25:91:b3:38:58:46Digest Algorithmsha256PE Digest Matchestrue2d:18:18:d8:59:2e:ba:1c:99:19:b2:71:03:0a:ae:85:4f:f9:3a:7bSigner
Actual PE Digest2d:18:18:d8:59:2e:ba:1c:99:19:b2:71:03:0a:ae:85:4f:f9:3a:7bDigest Algorithmsha1PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
PDB Paths
msvcp120.amd64.pdb
Imports
msvcr120
??0bad_cast@std@@QEAA@AEBV01@@Z
??1bad_cast@std@@UEAA@XZ
?what@exception@std@@UEBAPEBDXZ
_CxxThrowException
__CxxFrameHandler3
fclose
fflush
fgetc
fgetpos
fsetpos
_fseeki64
fwrite
setvbuf
ungetc
_lock_file
_unlock_file
memcpy_s
_fsopen
fseek
_wfsopen
?__ExceptionPtrDestroy@@YAXPEAX@Z
?__ExceptionPtrCopy@@YAXPEAXPEBX@Z
?__ExceptionPtrRethrow@@YAXPEBX@Z
?Alloc@Concurrency@@YAPEAX_K@Z
?Free@Concurrency@@YAXPEAX@Z
?_ScheduleTask@_CurrentScheduler@details@Concurrency@@SAXP6AXPEAX@Z0@Z
??0invalid_operation@Concurrency@@QEAA@PEBD@Z
??0critical_section@Concurrency@@QEAA@XZ
??1critical_section@Concurrency@@QEAA@XZ
??0event@Concurrency@@QEAA@XZ
??1event@Concurrency@@QEAA@XZ
?wait@event@Concurrency@@QEAA_KI@Z
?set@event@Concurrency@@QEAAXXZ
ldexp
sprintf_s
strcspn
wcslen
_Strftime
_Wcsftime
strcmp
setlocale
_malloc_crt
_realloc_crt
?_set_new_handler@@YAP6AH_K@ZP6AH0@Z@Z
fgetwc
fputwc
ungetwc
__uncaught_exception
_errno
memcmp
_wcsdup
___lc_locale_name_func
___lc_collate_cp_func
__crtCompareStringA
__crtLCMapStringA
___lc_codepage_func
_ismbblead
remove
rename
_wremove
strcpy_s
wcscpy_s
_wgetcwd
_wchdir
_wmkdir
_wrmdir
_W_Gettnames
_getcwd
_chdir
_mkdir
_rmdir
__crtCreateSymbolicLinkW
__crtGetFileInformationByHandleEx
__crtSetFileInformationByHandle
_calloc_crt
??0_Condition_variable@details@Concurrency@@QEAA@XZ
??1_Condition_variable@details@Concurrency@@QEAA@XZ
?wait@_Condition_variable@details@Concurrency@@QEAAXAEAVcritical_section@3@@Z
?wait_for@_Condition_variable@details@Concurrency@@QEAA_NAEAVcritical_section@3@I@Z
?notify_one@_Condition_variable@details@Concurrency@@QEAAXXZ
?notify_all@_Condition_variable@details@Concurrency@@QEAAXXZ
__crtSleep
_beginthreadex
_endthreadex
?lock@critical_section@Concurrency@@QEAAXXZ
?try_lock@critical_section@Concurrency@@QEAA_NXZ
?try_lock_for@critical_section@Concurrency@@QEAA_NI@Z
?unlock@critical_section@Concurrency@@QEAAXXZ
?terminate@@YAXXZ
__crtFlsAlloc
__crtFlsFree
__crtFlsGetValue
__crtFlsSetValue
calloc
??0operation_timed_out@Concurrency@@QEAA@XZ
?ScheduleTask@CurrentScheduler@Concurrency@@SAXP6AXPEAX@Z0@Z
??0invalid_link_target@Concurrency@@QEAA@PEBD@Z
??0message_not_found@Concurrency@@QEAA@XZ
?_Trace_agents@Concurrency@@YAXW4Agents_EventType@1@_JZZ
??0bad_target@Concurrency@@QEAA@XZ
??1_Scoped_lock@_ReentrantPPLLock@details@Concurrency@@QEAA@XZ
??0_Scoped_lock@_ReentrantPPLLock@details@Concurrency@@QEAA@AEAV123@@Z
??0_ReentrantPPLLock@details@Concurrency@@QEAA@XZ
??1_Scoped_lock@_NonReentrantPPLLock@details@Concurrency@@QEAA@XZ
??0_Scoped_lock@_NonReentrantPPLLock@details@Concurrency@@QEAA@AEAV123@@Z
??0_NonReentrantPPLLock@details@Concurrency@@QEAA@XZ
?_Yield@_Context@details@Concurrency@@SAXXZ
?_UnderlyingYield@details@Concurrency@@YAXXZ
?_SpinOnce@?$_SpinWait@$00@details@Concurrency@@QEAA_NXZ
?GetNumberOfVirtualProcessors@CurrentScheduler@Concurrency@@SAIXZ
?IsCurrentTaskCollectionCanceling@Context@Concurrency@@SA_NXZ
??1_SpinLock@details@Concurrency@@QEAA@XZ
??0_SpinLock@details@Concurrency@@QEAA@AECJ@Z
?Log2@details@Concurrency@@YAK_K@Z
_lock
_unlock
__pctype_func
isupper
__crtGetLocaleInfoEx
islower
__crtLCMapStringW
isspace
tolower
memchr
sqrt
isdigit
isxdigit
isalnum
__crtCompareStringW
__C_specific_handler
__dllonexit
_onexit
__CppXcptFilter
_amsg_exit
_initterm
_initterm_e
__crt_debugger_hook
__crtUnhandledException
__crtTerminateProcess
__crtCapturePreviousContext
?_type_info_dtor_internal_method@type_info@@QEAAXXZ
__clean_type_info_names_internal
_W_Getmonths
_W_Getdays
_Gettnames
_Getmonths
_Getdays
localeconv
??0bad_cast@std@@QEAA@PEBD@Z
??_V@YAXPEAX@Z
??1exception@std@@UEAA@XZ
??0exception@std@@QEAA@AEBV01@@Z
??0exception@std@@QEAA@AEBQEBDH@Z
??0exception@std@@QEAA@AEBQEBD@Z
??0exception@std@@QEAA@XZ
memmove
strlen
memcpy
malloc
free
___mb_cur_max_func
_purecall
rand_s
fputs
fputc
__iob_func
abort
logf
log
__crtInitializeCriticalSectionEx
??3@YAXPEAX@Z
??2@YAPEAX_K@Z
memset
_wrename
kernel32
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
IsDebuggerPresent
GetStringTypeW
GetSystemTimeAsFileTime
GetExitCodeThread
GetCurrentThreadId
GetCurrentThread
GetCurrentProcess
WaitForSingleObject
DuplicateHandle
AreFileApisANSI
CreateHardLinkW
CopyFileW
GetLastError
CloseHandle
GetFileInformationByHandle
GetFileAttributesExW
GetDiskFreeSpaceExW
FindNextFileW
FindFirstFileExW
FindClose
CreateFileW
WideCharToMultiByte
MultiByteToWideChar
DecodePointer
EncodePointer
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
DisableThreadLibraryCalls
Exports
Exports
??$_Getvals@_W@?$time_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@IEAAX_WAEBV_Locinfo@1@@Z
??$_Getvals@_W@?$time_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@IEAAX_WAEBV_Locinfo@1@@Z
??$_Getvals@_W@?$time_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@IEAAX_WAEBV_Locinfo@1@@Z
??0?$_Yarn@D@std@@QEAA@AEBV01@@Z
??0?$_Yarn@D@std@@QEAA@PEBD@Z
??0?$_Yarn@D@std@@QEAA@XZ
??0?$_Yarn@_W@std@@QEAA@XZ
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
??0?$basic_ios@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??0?$basic_ios@GU?$char_traits@G@std@@@std@@IEAA@XZ
??0?$basic_ios@GU?$char_traits@G@std@@@std@@QEAA@PEAV?$basic_streambuf@GU?$char_traits@G@std@@@1@@Z
??0?$basic_ios@_WU?$char_traits@_W@std@@@std@@IEAA@XZ
??0?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEAA@PEAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@@Z
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@IEAA@$$QEAV01@@Z
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??0?$basic_iostream@GU?$char_traits@G@std@@@std@@IEAA@$$QEAV01@@Z
??0?$basic_iostream@GU?$char_traits@G@std@@@std@@QEAA@PEAV?$basic_streambuf@GU?$char_traits@G@std@@@1@@Z
??0?$basic_iostream@_WU?$char_traits@_W@std@@@std@@IEAA@$$QEAV01@@Z
??0?$basic_iostream@_WU?$char_traits@_W@std@@@std@@QEAA@PEAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@@Z
??0?$basic_istream@DU?$char_traits@D@std@@@std@@IEAA@$$QEAV01@@Z
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N1@Z
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@W4_Uninitialized@1@@Z
??0?$basic_istream@GU?$char_traits@G@std@@@std@@IEAA@$$QEAV01@@Z
??0?$basic_istream@GU?$char_traits@G@std@@@std@@QEAA@PEAV?$basic_streambuf@GU?$char_traits@G@std@@@1@_N1@Z
??0?$basic_istream@GU?$char_traits@G@std@@@std@@QEAA@PEAV?$basic_streambuf@GU?$char_traits@G@std@@@1@_N@Z
??0?$basic_istream@GU?$char_traits@G@std@@@std@@QEAA@W4_Uninitialized@1@@Z
??0?$basic_istream@_WU?$char_traits@_W@std@@@std@@IEAA@$$QEAV01@@Z
??0?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAA@PEAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@_N1@Z
??0?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAA@PEAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@_N@Z
??0?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAA@W4_Uninitialized@1@@Z
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@IEAA@$$QEAV01@@Z
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@W4_Uninitialized@1@_N@Z
??0?$basic_ostream@GU?$char_traits@G@std@@@std@@IEAA@$$QEAV01@@Z
??0?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAA@PEAV?$basic_streambuf@GU?$char_traits@G@std@@@1@_N@Z
??0?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAA@W4_Uninitialized@1@_N@Z
??0?$basic_ostream@_WU?$char_traits@_W@std@@@std@@IEAA@$$QEAV01@@Z
??0?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAA@PEAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@_N@Z
??0?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAA@W4_Uninitialized@1@_N@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@AEBV01@@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@W4_Uninitialized@1@@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
??0?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAA@AEBV01@@Z
??0?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAA@W4_Uninitialized@1@@Z
??0?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAA@XZ
??0?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAA@AEBV01@@Z
??0?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAA@W4_Uninitialized@1@@Z
??0?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAA@XZ
??0?$codecvt@DDH@std@@QEAA@AEBV_Locinfo@1@_K@Z
??0?$codecvt@DDH@std@@QEAA@_K@Z
??0?$codecvt@GDH@std@@QEAA@AEBV_Locinfo@1@_K@Z
??0?$codecvt@GDH@std@@QEAA@_K@Z
??0?$codecvt@_WDH@std@@QEAA@AEBV_Locinfo@1@_K@Z
??0?$codecvt@_WDH@std@@QEAA@_K@Z
??0?$ctype@D@std@@QEAA@AEBV_Locinfo@1@_K@Z
??0?$ctype@D@std@@QEAA@PEBF_N_K@Z
??0?$ctype@G@std@@QEAA@AEBV_Locinfo@1@_K@Z
??0?$ctype@G@std@@QEAA@_K@Z
??0?$ctype@_W@std@@QEAA@AEBV_Locinfo@1@_K@Z
??0?$ctype@_W@std@@QEAA@_K@Z
??0?$num_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QEAA@AEBV_Locinfo@1@_K@Z
??0?$num_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QEAA@_K@Z
??0?$num_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QEAA@AEBV_Locinfo@1@_K@Z
??0?$num_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QEAA@_K@Z
??0?$num_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@QEAA@AEBV_Locinfo@1@_K@Z
??0?$num_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@QEAA@_K@Z
??0?$num_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QEAA@AEBV_Locinfo@1@_K@Z
??0?$num_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QEAA@_K@Z
??0?$num_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QEAA@AEBV_Locinfo@1@_K@Z
??0?$num_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QEAA@_K@Z
??0?$num_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@QEAA@AEBV_Locinfo@1@_K@Z
??0?$num_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@QEAA@_K@Z
??0?$time_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@IEAA@PEBD_K@Z
??0?$time_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QEAA@AEBV_Locinfo@1@_K@Z
??0?$time_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QEAA@_K@Z
??0?$time_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@IEAA@PEBD_K@Z
??0?$time_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QEAA@AEBV_Locinfo@1@_K@Z
??0?$time_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QEAA@_K@Z
??0?$time_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@IEAA@PEBD_K@Z
??0?$time_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@QEAA@AEBV_Locinfo@1@_K@Z
??0?$time_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@QEAA@_K@Z
??0?$time_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QEAA@AEBV_Locinfo@1@_K@Z
??0?$time_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QEAA@_K@Z
??0?$time_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@IEAA@PEBD_K@Z
??0?$time_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QEAA@AEBV_Locinfo@1@_K@Z
??0?$time_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QEAA@_K@Z
??0?$time_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@IEAA@PEBD_K@Z
??0?$time_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@QEAA@AEBV_Locinfo@1@_K@Z
??0?$time_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@QEAA@_K@Z
??0Init@ios_base@std@@QEAA@XZ
??0_Concurrent_queue_base_v4@details@Concurrency@@IEAA@_K@Z
??0_Concurrent_queue_iterator_base_v4@details@Concurrency@@IEAA@AEBV_Concurrent_queue_base_v4@12@@Z
??0_Container_base12@std@@QEAA@AEBU01@@Z
??0_Container_base12@std@@QEAA@XZ
??0_Facet_base@std@@QEAA@AEBV01@@Z
??0_Facet_base@std@@QEAA@XZ
??0_Init_locks@std@@QEAA@XZ
??0_Locimp@locale@std@@AEAA@AEBV012@@Z
??0_Locimp@locale@std@@AEAA@_N@Z
??0_Locinfo@std@@QEAA@HPEBD@Z
??0_Locinfo@std@@QEAA@PEBD@Z
??0_Lockit@std@@QEAA@H@Z
??0_Lockit@std@@QEAA@XZ
??0_Pad@std@@QEAA@AEBV01@@Z
??0_Pad@std@@QEAA@XZ
??0_Runtime_object@details@Concurrency@@QEAA@H@Z
??0_Runtime_object@details@Concurrency@@QEAA@XZ
??0_Timevec@std@@QEAA@AEBV01@@Z
??0_Timevec@std@@QEAA@PEAX@Z
??0_UShinit@std@@QEAA@XZ
??0_Winit@std@@QEAA@XZ
??0agent@Concurrency@@QEAA@AEAVScheduleGroup@1@@Z
??0agent@Concurrency@@QEAA@AEAVScheduler@1@@Z
??0agent@Concurrency@@QEAA@XZ
??0codecvt_base@std@@QEAA@_K@Z
??0ctype_base@std@@QEAA@_K@Z
??0facet@locale@std@@IEAA@_K@Z
??0id@locale@std@@QEAA@_K@Z
??0ios_base@std@@IEAA@XZ
??0time_base@std@@QEAA@_K@Z
??1?$_Yarn@D@std@@QEAA@XZ
??1?$_Yarn@_W@std@@QEAA@XZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1?$basic_ios@GU?$char_traits@G@std@@@std@@UEAA@XZ
??1?$basic_ios@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1?$basic_iostream@GU?$char_traits@G@std@@@std@@UEAA@XZ
??1?$basic_iostream@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1?$basic_istream@GU?$char_traits@G@std@@@std@@UEAA@XZ
??1?$basic_istream@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1?$basic_ostream@GU?$char_traits@G@std@@@std@@UEAA@XZ
??1?$basic_ostream@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAA@XZ
??1?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
??1?$codecvt@DDH@std@@MEAA@XZ
??1?$codecvt@GDH@std@@MEAA@XZ
??1?$codecvt@_WDH@std@@MEAA@XZ
??1?$ctype@D@std@@MEAA@XZ
??1?$ctype@G@std@@MEAA@XZ
??1?$ctype@_W@std@@MEAA@XZ
??1?$num_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@MEAA@XZ
??1?$num_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@MEAA@XZ
??1?$num_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@MEAA@XZ
??1?$num_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@MEAA@XZ
??1?$num_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@MEAA@XZ
??1?$num_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@MEAA@XZ
??1?$time_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@MEAA@XZ
??1?$time_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@MEAA@XZ
??1?$time_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@MEAA@XZ
??1?$time_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@MEAA@XZ
??1?$time_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@MEAA@XZ
??1?$time_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@MEAA@XZ
??1Init@ios_base@std@@QEAA@XZ
??1_Concurrent_queue_base_v4@details@Concurrency@@MEAA@XZ
??1_Concurrent_queue_iterator_base_v4@details@Concurrency@@IEAA@XZ
??1_Concurrent_vector_base_v4@details@Concurrency@@IEAA@XZ
??1_Container_base12@std@@QEAA@XZ
??1_Facet_base@std@@UEAA@XZ
??1_Init_locks@std@@QEAA@XZ
??1_Locimp@locale@std@@MEAA@XZ
??1_Locinfo@std@@QEAA@XZ
??1_Lockit@std@@QEAA@XZ
??1_Pad@std@@QEAA@XZ
??1_Timevec@std@@QEAA@XZ
??1_UShinit@std@@QEAA@XZ
??1_Winit@std@@QEAA@XZ
??1agent@Concurrency@@UEAA@XZ
??1codecvt_base@std@@UEAA@XZ
??1ctype_base@std@@UEAA@XZ
??1facet@locale@std@@MEAA@XZ
??1ios_base@std@@UEAA@XZ
??1time_base@std@@UEAA@XZ
??4?$_Iosb@H@std@@QEAAAEAV01@AEBV01@@Z
??4?$_Yarn@D@std@@QEAAAEAV01@AEBV01@@Z
??4?$_Yarn@D@std@@QEAAAEAV01@PEBD@Z
??4?$_Yarn@_W@std@@QEAAAEAV01@PEB_W@Z
??4?$basic_iostream@DU?$char_traits@D@std@@@std@@IEAAAEAV01@$$QEAV01@@Z
??4?$basic_iostream@GU?$char_traits@G@std@@@std@@IEAAAEAV01@$$QEAV01@@Z
??4?$basic_iostream@_WU?$char_traits@_W@std@@@std@@IEAAAEAV01@$$QEAV01@@Z
??4?$basic_istream@DU?$char_traits@D@std@@@std@@IEAAAEAV01@$$QEAV01@@Z
??4?$basic_istream@GU?$char_traits@G@std@@@std@@IEAAAEAV01@$$QEAV01@@Z
??4?$basic_istream@_WU?$char_traits@_W@std@@@std@@IEAAAEAV01@$$QEAV01@@Z
??4?$basic_ostream@DU?$char_traits@D@std@@@std@@IEAAAEAV01@$$QEAV01@@Z
??4?$basic_ostream@GU?$char_traits@G@std@@@std@@IEAAAEAV01@$$QEAV01@@Z
??4?$basic_ostream@_WU?$char_traits@_W@std@@@std@@IEAAAEAV01@$$QEAV01@@Z
??4?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAAEAV01@AEBV01@@Z
??4?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAAEAV01@AEBV01@@Z
??4?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAAAEAV01@AEBV01@@Z
??4Init@ios_base@std@@QEAAAEAV012@AEBV012@@Z
??4_Container_base0@std@@QEAAAEAU01@AEBU01@@Z
??4_Container_base12@std@@QEAAAEAU01@AEBU01@@Z
??4_Facet_base@std@@QEAAAEAV01@AEBV01@@Z
??4_Init_locks@std@@QEAAAEAV01@AEBV01@@Z
??4_Pad@std@@QEAAAEAV01@AEBV01@@Z
??4_Timevec@std@@QEAAAEAV01@AEBV01@@Z
??4_UShinit@std@@QEAAAEAV01@AEBV01@@Z
??4_Winit@std@@QEAAAEAV01@AEBV01@@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEAF@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEAG@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEAH@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEAI@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEAJ@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEAK@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEAM@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEAN@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEAO@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEAPEAX@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEA_J@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEA_K@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEA_N@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV?$basic_ios@DU?$char_traits@D@std@@@1@AEAV21@@Z@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@AEAF@Z
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@AEAG@Z
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@AEAH@Z
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@AEAI@Z
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@AEAJ@Z
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@AEAK@Z
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@AEAM@Z
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@AEAN@Z
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@AEAO@Z
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@AEAPEAX@Z
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@AEA_J@Z
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@AEA_K@Z
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@AEA_N@Z
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@P6AAEAV?$basic_ios@GU?$char_traits@G@std@@@1@AEAV21@@Z@Z
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@PEAV?$basic_streambuf@GU?$char_traits@G@std@@@1@@Z
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@AEAF@Z
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@AEAG@Z
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@AEAH@Z
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@AEAI@Z
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@AEAJ@Z
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@AEAK@Z
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@AEAM@Z
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@AEAN@Z
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@AEAO@Z
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@AEAPEAX@Z
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@AEA_J@Z
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@AEA_K@Z
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@AEA_N@Z
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@P6AAEAV?$basic_ios@_WU?$char_traits@_W@std@@@1@AEAV21@@Z@Z
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@PEAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@F@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@G@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@H@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@I@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@J@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@K@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@M@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@N@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@O@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV?$basic_ios@DU?$char_traits@D@std@@@1@AEAV21@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@PEBX@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@_J@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@_K@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@_N@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@F@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@G@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@H@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@I@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@J@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@K@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@M@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@N@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@O@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@P6AAEAV?$basic_ios@GU?$char_traits@G@std@@@1@AEAV21@@Z@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@PEAV?$basic_streambuf@GU?$char_traits@G@std@@@1@@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@PEBX@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@_J@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@_K@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@_N@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@F@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@G@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@H@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@I@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@J@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@K@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@M@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@N@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@O@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@P6AAEAV?$basic_ios@_WU?$char_traits@_W@std@@@1@AEAV21@@Z@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@PEAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@PEBX@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@_J@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@_K@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@_N@Z
??7ios_base@std@@QEBA_NXZ
??Bid@locale@std@@QEAA_KXZ
??Bios_base@std@@QEBA_NXZ
??_7?$basic_ios@DU?$char_traits@D@std@@@std@@6B@
??_7?$basic_ios@GU?$char_traits@G@std@@@std@@6B@
??_7?$basic_ios@_WU?$char_traits@_W@std@@@std@@6B@
??_7?$basic_iostream@DU?$char_traits@D@std@@@std@@6B@
??_7?$basic_iostream@GU?$char_traits@G@std@@@std@@6B@
??_7?$basic_iostream@_WU?$char_traits@_W@std@@@std@@6B@
??_7?$basic_istream@DU?$char_traits@D@std@@@std@@6B@
??_7?$basic_istream@GU?$char_traits@G@std@@@std@@6B@
??_7?$basic_istream@_WU?$char_traits@_W@std@@@std@@6B@
??_7?$basic_ostream@DU?$char_traits@D@std@@@std@@6B@
??_7?$basic_ostream@GU?$char_traits@G@std@@@std@@6B@
??_7?$basic_ostream@_WU?$char_traits@_W@std@@@std@@6B@
??_7?$basic_streambuf@DU?$char_traits@D@std@@@std@@6B@
??_7?$basic_streambuf@GU?$char_traits@G@std@@@std@@6B@
??_7?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@6B@
??_7?$codecvt@DDH@std@@6B@
??_7?$codecvt@GDH@std@@6B@
??_7?$codecvt@_WDH@std@@6B@
??_7?$ctype@D@std@@6B@
??_7?$ctype@G@std@@6B@
??_7?$ctype@_W@std@@6B@
??_7?$num_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@6B@
??_7?$num_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@6B@
??_7?$num_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@6B@
??_7?$num_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@6B@
??_7?$num_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@6B@
??_7?$num_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@6B@
??_7?$time_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@6B@
??_7?$time_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@6B@
??_7?$time_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@6B@
??_7?$time_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@6B@
??_7?$time_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@6B@
??_7?$time_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@6B@
??_7_Facet_base@std@@6B@
??_7_Locimp@locale@std@@6B@
??_7_Pad@std@@6B@
??_7codecvt_base@std@@6B@
??_7ctype_base@std@@6B@
??_7facet@locale@std@@6B@
??_7ios_base@std@@6B@
??_7time_base@std@@6B@
??_8?$basic_iostream@DU?$char_traits@D@std@@@std@@7B?$basic_istream@DU?$char_traits@D@std@@@1@@
??_8?$basic_iostream@DU?$char_traits@D@std@@@std@@7B?$basic_ostream@DU?$char_traits@D@std@@@1@@
??_8?$basic_iostream@GU?$char_traits@G@std@@@std@@7B?$basic_istream@GU?$char_traits@G@std@@@1@@
??_8?$basic_iostream@GU?$char_traits@G@std@@@std@@7B?$basic_ostream@GU?$char_traits@G@std@@@1@@
??_8?$basic_iostream@_WU?$char_traits@_W@std@@@std@@7B?$basic_istream@_WU?$char_traits@_W@std@@@1@@
??_8?$basic_iostream@_WU?$char_traits@_W@std@@@std@@7B?$basic_ostream@_WU?$char_traits@_W@std@@@1@@
??_8?$basic_istream@DU?$char_traits@D@std@@@std@@7B@
??_8?$basic_istream@GU?$char_traits@G@std@@@std@@7B@
??_8?$basic_istream@_WU?$char_traits@_W@std@@@std@@7B@
??_8?$basic_ostream@DU?$char_traits@D@std@@@std@@7B@
??_8?$basic_ostream@GU?$char_traits@G@std@@@std@@7B@
??_8?$basic_ostream@_WU?$char_traits@_W@std@@@std@@7B@
??_D?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
??_D?$basic_iostream@GU?$char_traits@G@std@@@std@@QEAAXXZ
??_D?$basic_iostream@_WU?$char_traits@_W@std@@@std@@QEAAXXZ
??_D?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAXXZ
??_D?$basic_istream@GU?$char_traits@G@std@@@std@@QEAAXXZ
??_D?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAAXXZ
??_D?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
??_D?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAXXZ
??_D?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAXXZ
??_F?$codecvt@DDH@std@@QEAAXXZ
??_F?$codecvt@GDH@std@@QEAAXXZ
??_F?$codecvt@_WDH@std@@QEAAXXZ
??_F?$ctype@D@std@@QEAAXXZ
??_F?$ctype@G@std@@QEAAXXZ
??_F?$ctype@_W@std@@QEAAXXZ
??_F?$num_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QEAAXXZ
??_F?$num_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QEAAXXZ
??_F?$num_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@QEAAXXZ
??_F?$num_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QEAAXXZ
??_F?$num_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QEAAXXZ
??_F?$num_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@QEAAXXZ
??_F?$time_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QEAAXXZ
??_F?$time_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QEAAXXZ
??_F?$time_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@QEAAXXZ
??_F?$time_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QEAAXXZ
??_F?$time_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QEAAXXZ
??_F?$time_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@QEAAXXZ
??_F_Locinfo@std@@QEAAXXZ
??_F_Timevec@std@@QEAAXXZ
??_Fcodecvt_base@std@@QEAAXXZ
??_Fctype_base@std@@QEAAXXZ
??_Ffacet@locale@std@@QEAAXXZ
??_Fid@locale@std@@QEAAXXZ
??_Ftime_base@std@@QEAAXXZ
?GetNextAsyncId@platform@details@Concurrency@@YAIXZ
?NFS_Allocate@details@Concurrency@@YAPEAX_K0PEAX@Z
?NFS_Free@details@Concurrency@@YAXPEAX@Z
?NFS_GetLineSize@details@Concurrency@@YA_KXZ
?_10@placeholders@std@@3V?$_Ph@$09@2@A
?_11@placeholders@std@@3V?$_Ph@$0L@@2@A
?_12@placeholders@std@@3V?$_Ph@$0M@@2@A
?_13@placeholders@std@@3V?$_Ph@$0N@@2@A
?_14@placeholders@std@@3V?$_Ph@$0O@@2@A
?_15@placeholders@std@@3V?$_Ph@$0P@@2@A
?_16@placeholders@std@@3V?$_Ph@$0BA@@2@A
?_17@placeholders@std@@3V?$_Ph@$0BB@@2@A
?_18@placeholders@std@@3V?$_Ph@$0BC@@2@A
?_19@placeholders@std@@3V?$_Ph@$0BD@@2@A
?_1@placeholders@std@@3V?$_Ph@$00@2@A
?_20@placeholders@std@@3V?$_Ph@$0BE@@2@A
?_2@placeholders@std@@3V?$_Ph@$01@2@A
?_3@placeholders@std@@3V?$_Ph@$02@2@A
?_4@placeholders@std@@3V?$_Ph@$03@2@A
?_5@placeholders@std@@3V?$_Ph@$04@2@A
?_6@placeholders@std@@3V?$_Ph@$05@2@A
?_7@placeholders@std@@3V?$_Ph@$06@2@A
?_8@placeholders@std@@3V?$_Ph@$07@2@A
?_9@placeholders@std@@3V?$_Ph@$08@2@A
?_Addcats@_Locinfo@std@@QEAAAEAV12@HPEBD@Z
?_Addfac@_Locimp@locale@std@@AEAAXPEAVfacet@23@_K@Z
?_Addstd@ios_base@std@@SAXPEAV12@@Z
?_Advance@_Concurrent_queue_iterator_base_v4@details@Concurrency@@IEAAXXZ
?_Assign@_Concurrent_queue_iterator_base_v4@details@Concurrency@@IEAAXAEBV123@@Z
?_Atexit@@YAXP6AXXZ@Z
?_BADOFF@std@@3_JB
?_Byte_reverse_table@details@Concurrency@@3QBEB
?_C_str@?$_Yarn@D@std@@QEBAPEBDXZ
?_C_str@?$_Yarn@_W@std@@QEBAPEB_WXZ
?_Callfns@ios_base@std@@AEAAXW4event@12@@Z
?_Clocptr@_Locimp@locale@std@@0PEAV123@EA
?_Close_dir@sys@tr2@std@@YAXPEAX@Z
?_Copy_file@sys@tr2@std@@YAHPEBD0_N@Z
?_Copy_file@sys@tr2@std@@YAHPEB_W0_N@Z
?_Current_get@sys@tr2@std@@YAPEADAEAY0BAE@D@Z
?_Current_get@sys@tr2@std@@YAPEA_WAEAY0BAE@_W@Z
?_Current_set@sys@tr2@std@@YA_NPEBD@Z
?_Current_set@sys@tr2@std@@YA_NPEB_W@Z
?_Decref@facet@locale@std@@UEAAPEAV_Facet_base@3@XZ
?_Donarrow@?$ctype@G@std@@IEBADGD@Z
?_Donarrow@?$ctype@_W@std@@IEBAD_WD@Z
?_Dowiden@?$ctype@G@std@@IEBAGD@Z
?_Dowiden@?$ctype@_W@std@@IEBA_WD@Z
?_Empty@?$_Yarn@D@std@@QEBA_NXZ
?_Empty@?$_Yarn@_W@std@@QEBA_NXZ
?_Equivalent@sys@tr2@std@@YAHPEBD0@Z
?_Equivalent@sys@tr2@std@@YAHPEB_W0@Z
?_Ffmt@?$num_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@AEBAPEADPEADDH@Z
?_Ffmt@?$num_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@AEBAPEADPEADDH@Z
?_Ffmt@?$num_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@AEBAPEADPEADDH@Z
?_File_size@sys@tr2@std@@YA_KPEBD@Z
?_File_size@sys@tr2@std@@YA_KPEB_W@Z
?_Findarr@ios_base@std@@AEAAAEAU_Iosarray@12@H@Z
?_Fiopen@std@@YAPEAU_iobuf@@PEBDHH@Z
?_Fiopen@std@@YAPEAU_iobuf@@PEBGHH@Z
?_Fiopen@std@@YAPEAU_iobuf@@PEB_WHH@Z
?_Fput@?$num_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@AEBA?AV?$ostreambuf_iterator@DU?$char_traits@D@std@@@2@V32@AEAVios_base@2@DPEBD_K333@Z
?_Fput@?$num_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@AEBA?AV?$ostreambuf_iterator@GU?$char_traits@G@std@@@2@V32@AEAVios_base@2@GPEBD_K333@Z
?_Fput@?$num_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@AEBA?AV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@2@V32@AEAVios_base@2@_WPEBD_K444@Z
?_Future_error_map@std@@YAPEBDH@Z
?_GetCombinableSize@details@Concurrency@@YA_KXZ
?_Getcat@?$codecvt@DDH@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?_Getcat@?$codecvt@GDH@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?_Getcat@?$codecvt@_WDH@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?_Getcat@?$ctype@D@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?_Getcat@?$ctype@G@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?_Getcat@?$ctype@_W@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?_Getcat@?$num_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?_Getcat@?$num_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?_Getcat@?$num_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?_Getcat@?$num_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?_Getcat@?$num_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?_Getcat@?$num_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?_Getcat@?$time_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?_Getcat@?$time_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?_Getcat@?$time_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?_Getcat@?$time_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?_Getcat@?$time_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?_Getcat@?$time_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?_Getcat@facet@locale@std@@SA_KPEAPEBV123@PEBV23@@Z
?_Getcoll@_Locinfo@std@@QEBA?AU_Collvec@@XZ
?_Getctype@_Locinfo@std@@QEBA?AU_Ctypevec@@XZ
?_Getcvt@_Locinfo@std@@QEBA?AU_Cvtvec@@XZ
?_Getdateorder@_Locinfo@std@@QEBAHXZ
?_Getdays@_Locinfo@std@@QEBAPEBDXZ
?_Getfalse@_Locinfo@std@@QEBAPEBDXZ
?_Getffld@?$num_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@AEBAHPEADAEAV?$istreambuf_iterator@DU?$char_traits@D@std@@@2@1AEAVios_base@2@PEAH@Z
?_Getffld@?$num_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@AEBAHPEADAEAV?$istreambuf_iterator@GU?$char_traits@G@std@@@2@1AEAVios_base@2@PEAH@Z
?_Getffld@?$num_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@AEBAHPEADAEAV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@2@1AEAVios_base@2@PEAH@Z
?_Getffldx@?$num_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@AEBAHPEADAEAV?$istreambuf_iterator@DU?$char_traits@D@std@@@2@1AEAVios_base@2@PEAH@Z
?_Getffldx@?$num_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@AEBAHPEADAEAV?$istreambuf_iterator@GU?$char_traits@G@std@@@2@1AEAVios_base@2@PEAH@Z
?_Getffldx@?$num_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@AEBAHPEADAEAV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@2@1AEAVios_base@2@PEAH@Z
?_Getfmt@?$time_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@IEBA?AV?$istreambuf_iterator@DU?$char_traits@D@std@@@2@V32@0AEAVios_base@2@AEAHPEAUtm@@PEBD@Z
?_Getfmt@?$time_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@IEBA?AV?$istreambuf_iterator@GU?$char_traits@G@std@@@2@V32@0AEAVios_base@2@AEAHPEAUtm@@PEBD@Z
?_Getfmt@?$time_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@IEBA?AV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@2@V32@0AEAVios_base@2@AEAHPEAUtm@@PEBD@Z
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
?_Getifld@?$num_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@AEBAHPEADAEAV?$istreambuf_iterator@DU?$char_traits@D@std@@@2@1HAEBVlocale@2@@Z
?_Getifld@?$num_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@AEBAHPEADAEAV?$istreambuf_iterator@GU?$char_traits@G@std@@@2@1HAEBVlocale@2@@Z
?_Getifld@?$num_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@AEBAHPEADAEAV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@2@1HAEBVlocale@2@@Z
?_Getint@?$time_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@AEBAHAEAV?$istreambuf_iterator@DU?$char_traits@D@std@@@2@0HHAEAHAEBV?$ctype@D@2@@Z
?_Getint@?$time_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@AEBAHAEAV?$istreambuf_iterator@GU?$char_traits@G@std@@@2@0HHAEAHAEBV?$ctype@G@2@@Z
?_Getint@?$time_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@AEBAHAEAV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@2@0HHAEAHAEBV?$ctype@_W@2@@Z
Sections
.text Size: 335KB - Virtual size: 335KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 255KB - Virtual size: 255KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 14KB - Virtual size: 36KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 18KB - Virtual size: 17KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 1024B - Virtual size: 1008B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 3KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
__x64___setup___x32__/mscms/scrrun.dll.dll regsvr32 windows:10 windows x64 arch:x64
5684e53d4593797441fef52c573a45ba
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
PDB Paths
scrrun.pdb
Imports
msvcrt
_XcptFilter
_amsg_exit
_callnewh
towupper
_wcsnicmp
_lock
iswalpha
wcscat_s
_itow_s
towlower
_ismbblead
_mbsicmp
_mbsnbcpy_s
strcat_s
_mbsdec
_mbctoupper
_mbctolower
isalpha
_mbsnbicmp
_itoa_s
_wcsicmp
__dllonexit
_onexit
strcmp
strncpy_s
free
_unlock
wcsncmp
bsearch
rand_s
wcsncpy_s
wcscpy_s
memmove_s
_purecall
memcpy_s
_vsnwprintf
sprintf_s
strcpy_s
_vsnprintf
__C_specific_handler
malloc
_initterm
memcmp
memcpy
memmove
memset
wcscmp
kernel32
GetSystemTimeAsFileTime
QueryPerformanceCounter
SleepConditionVariableSRW
WakeAllConditionVariable
SetUnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
Sleep
GetTickCount
MoveFileW
CopyFileW
GetWindowsDirectoryW
DeleteFileW
GetSystemDirectoryW
GetFileAttributesW
GetTempPathW
RemoveDirectoryW
GetShortPathNameW
FindNextFileW
GetFullPathNameW
CreateDirectoryW
SearchPathW
RemoveDirectoryA
GetWindowsDirectoryA
CompareStringW
SetLastError
DeleteFileA
LCMapStringA
MultiByteToWideChar
CompareStringA
GetSystemDirectoryA
LCMapStringW
WideCharToMultiByte
GetModuleFileNameA
GetFileAttributesA
CopyFileA
EnterCriticalSection
GetTempPathA
GetFullPathNameA
LeaveCriticalSection
InitializeCriticalSection
GetSystemDefaultUILanguage
FindNextFileA
GetUserDefaultUILanguage
GetModuleHandleA
MoveFileA
GetLocaleInfoW
GetVersionExW
UnmapViewOfFile
FindResourceExW
DeleteCriticalSection
GetShortPathNameA
FreeLibrary
LoadResource
GetStdHandle
CreateFileMappingW
MapViewOfFile
SetFileAttributesA
CreateDirectoryA
SetFileAttributesW
CreateSemaphoreExW
HeapFree
GetCurrentProcess
ReleaseSemaphore
GetUserDefaultLCID
GetModuleHandleExW
TerminateProcess
GetVersion
InitializeCriticalSectionEx
WaitForThreadpoolTimerCallbacks
FileTimeToLocalFileTime
WaitForSingleObject
GetCurrentThreadId
ReleaseMutex
GetVersionExA
FormatMessageW
GetLastError
ReleaseSRWLockExclusive
OutputDebugStringW
CloseThreadpoolTimer
FileTimeToSystemTime
AcquireSRWLockExclusive
WaitForSingleObjectEx
OpenSemaphoreW
CloseHandle
SetThreadpoolTimer
ReleaseSRWLockShared
RaiseException
CreateThreadpoolTimer
HeapAlloc
GetLocaleInfoA
GetModuleFileNameW
LoadLibraryExA
GetProcAddress
CreateMutexExW
AcquireSRWLockShared
GetCurrentProcessId
UnhandledExceptionFilter
GetProcessHeap
WriteConsoleW
GetFileInformationByHandle
GetConsoleMode
DebugBreak
PeekNamedPipe
IsDebuggerPresent
GetVolumeInformationW
GetLogicalDrives
GetDiskFreeSpaceW
GetDriveTypeA
SetErrorMode
GetVolumeInformationA
SetVolumeLabelW
GetDiskFreeSpaceA
SetVolumeLabelA
GetDriveTypeW
SetFilePointer
WriteFile
ReadFile
GetModuleHandleW
CreateFileA
FindFirstFileW
FindFirstFileA
FindClose
CreateFileW
LoadLibraryExW
oleaut32
VarR4FromCy
SysAllocString
VarCyFromR4
VariantCopy
SafeArrayLock
VarCyFromI4
VarDecFromI4
SafeArrayCreate
VariantClear
UnRegisterTypeLi
VarCyFromR8
VariantChangeTypeEx
LHashValOfNameSysA
LHashValOfNameSys
SysReAllocStringLen
LoadRegTypeLi
SafeArrayUnlock
VariantInit
SysStringLen
VarR4FromDec
SysAllocStringLen
SysFreeString
LoadTypeLibEx
SafeArrayDestroy
ole32
CLSIDFromProgID
CoCreateInstance
CLSIDFromString
StringFromCLSID
StringFromGUID2
CoTaskMemFree
CoGetMalloc
advapi32
RegOpenKeyExA
RegEnumKeyA
RegCloseKey
RegOpenKeyA
RegSetValueA
RegDeleteKeyA
RegQueryValueExA
RegQueryValueA
RegOpenKeyExW
RegSetValueExA
RegQueryInfoKeyA
RegQueryValueExW
RegCreateKeyA
IsTextUnicode
user32
CharNextA
LoadStringA
version
GetFileVersionInfoSizeA
VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueA
GetFileVersionInfoA
Exports
Exports
DLLGetDocumentation
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
DoOpenPipeStream
Sections
.text Size: 135KB - Virtual size: 135KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 42KB - Virtual size: 42KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 1024B - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 8KB - Virtual size: 8KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 32KB - Virtual size: 31KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 3KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
__x64___setup___x32__/setup.msi.msi
-
__x64___setup___x32__/vmrdvcore/mssph.dll.dll regsvr32 windows:10 windows x64 arch:x64
5dfbf61ae94045240f766cbfaff03ede
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
PDB Paths
mssph.pdb
Imports
msvcrt
__CxxFrameHandler3
??1type_info@@UEAA@XZ
realloc
_errno
memset
_initterm
toupper
_wcsnicmp
wcsncmp
?terminate@@YAXXZ
_wcsicmp
towupper
iswspace
_onexit
_wtol
_lock
memmove_s
_amsg_exit
wcsncpy_s
__dllonexit
_unlock
wcschr
??0exception@@QEAA@AEBQEBD@Z
??0exception@@QEAA@AEBQEBDH@Z
?what@exception@@UEBAPEBDXZ
_CxxThrowException
_XcptFilter
memcpy
malloc
free
_vsnprintf_s
??0exception@@QEAA@AEBV0@@Z
??0exception@@QEAA@XZ
??1exception@@UEAA@XZ
_purecall
wcscat_s
wcscpy_s
memcpy_s
_vsnwprintf
__C_specific_handler
memcmp
memmove
wcscmp
oleaut32
VarUI4FromStr
api-ms-win-core-libraryloader-l1-2-0
GetModuleHandleW
LoadLibraryExW
GetModuleFileNameA
GetProcAddress
SizeofResource
FreeLibrary
DisableThreadLibraryCalls
GetModuleFileNameW
GetModuleHandleExW
LoadResource
FindResourceExW
api-ms-win-core-synch-l1-2-0
InitOnceBeginInitialize
Sleep
InitOnceComplete
WakeAllConditionVariable
InitOnceExecuteOnce
SleepConditionVariableSRW
api-ms-win-core-synch-l1-1-0
OpenMutexW
DeleteCriticalSection
InitializeCriticalSectionEx
WaitForSingleObjectEx
ReleaseMutex
CreateEventW
SetEvent
CreateSemaphoreExW
AcquireSRWLockShared
ReleaseSRWLockShared
EnterCriticalSection
ReleaseSemaphore
LeaveCriticalSection
InitializeCriticalSection
CreateMutexExW
WaitForSingleObject
ReleaseSRWLockExclusive
OpenSemaphoreW
AcquireSRWLockExclusive
api-ms-win-core-heap-l1-1-0
HeapAlloc
HeapFree
GetProcessHeap
api-ms-win-core-errorhandling-l1-1-0
UnhandledExceptionFilter
GetLastError
SetLastError
SetUnhandledExceptionFilter
RaiseException
api-ms-win-core-com-l1-1-0
CoCreateInstance
PropVariantCopy
CoTaskMemFree
CoTaskMemRealloc
CoTaskMemAlloc
CoUnmarshalInterface
StringFromGUID2
api-ms-win-core-registry-l1-1-0
RegDeleteKeyExW
RegDeleteValueW
RegEnumValueW
RegQueryValueExW
RegSetValueExW
RegOpenKeyExW
RegEnumKeyExW
RegCreateKeyExW
RegGetValueW
RegCloseKey
RegQueryInfoKeyW
api-ms-win-core-processthreads-l1-1-0
TerminateProcess
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
api-ms-win-core-string-l2-1-0
CharNextW
api-ms-win-core-string-l1-1-0
CompareStringOrdinal
WideCharToMultiByte
CompareStringW
MultiByteToWideChar
api-ms-win-core-localization-l1-2-0
FormatMessageW
GetSystemDefaultLCID
LCMapStringW
api-ms-win-core-debug-l1-1-0
OutputDebugStringA
DebugBreak
OutputDebugStringW
IsDebuggerPresent
ntdll
RtlIsCloudFilesPlaceholder
RtlIsNonEmptyDirectoryReparsePointAllowed
RtlInitUnicodeString
EtwEventEnabled
ZwQueryInformationFile
NtCreateFile
RtlNtStatusToDosError
RtlIsStateSeparationEnabled
RtlGetPersistedStateLocation
EtwEventRegister
EtwEventUnregister
EtwEventWriteTransfer
EtwEventSetInformation
RtlIsPartialPlaceholder
api-ms-win-core-handle-l1-1-0
DuplicateHandle
CloseHandle
api-ms-win-core-string-obsolete-l1-1-0
lstrcmpiW
api-ms-win-core-processenvironment-l1-1-0
ExpandEnvironmentStringsW
api-ms-win-core-file-l1-1-0
GetDriveTypeW
SetFilePointer
LockFile
DeleteFileW
ReadFile
SetEndOfFile
WriteFile
SetFileTime
UnlockFile
GetFileAttributesW
CreateFileW
CompareFileTime
GetFileSize
GetFileTime
FlushFileBuffers
api-ms-win-security-base-l1-1-0
IsValidSid
GetSecurityDescriptorOwner
GetSecurityDescriptorLength
SetSecurityDescriptorOwner
MakeSelfRelativeSD
MakeAbsoluteSD
SetSecurityDescriptorGroup
GetLengthSid
InitializeAcl
InitializeSecurityDescriptor
GetSecurityDescriptorDacl
SetSecurityDescriptorDacl
GetSecurityDescriptorGroup
IsValidSecurityDescriptor
api-ms-win-core-sysinfo-l1-1-0
GetVersionExA
GetSystemInfo
GetTickCount
GetSystemTimeAsFileTime
GetSystemTime
api-ms-win-core-kernel32-legacy-l1-1-0
RegisterWaitForSingleObject
api-ms-win-shcore-registry-l1-1-0
SHEnumKeyExW
SHEnumValueW
api-ms-win-shcore-obsolete-l1-1-0
SHStrDupW
api-ms-win-security-sddl-l1-1-0
ConvertStringSecurityDescriptorToSecurityDescriptorW
ConvertStringSidToSidW
api-ms-win-core-heap-l2-1-0
LocalAlloc
LocalFree
api-ms-win-core-rtlsupport-l1-1-0
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
api-ms-win-core-profile-l1-1-0
QueryPerformanceCounter
api-ms-win-core-memory-l1-1-0
UnmapViewOfFile
VirtualFree
VirtualAlloc
api-ms-win-eventing-provider-l1-1-0
EventWriteTransfer
EventUnregister
EventSetInformation
EventProviderEnabled
EventRegister
shcore
ord190
SHCreateMemStream
api-ms-win-core-shlwapi-legacy-l1-1-0
PathStripToRootW
PathFindExtensionW
PathGetDriveNumberW
PathFileExistsW
api-ms-win-core-file-l2-1-0
GetFileInformationByHandleEx
api-ms-win-core-io-l1-1-0
DeviceIoControl
api-ms-win-core-threadpool-l1-2-0
CreateThreadpoolTimer
CloseThreadpoolTimer
SetThreadpoolTimer
WaitForThreadpoolTimerCallbacks
api-ms-win-core-threadpool-legacy-l1-1-0
UnregisterWaitEx
api-ms-win-core-sysinfo-l1-2-0
VerSetConditionMask
api-ms-win-core-kernel32-legacy-l1-1-1
VerifyVersionInfoW
api-ms-win-core-timezone-l1-1-0
SystemTimeToFileTime
api-ms-win-core-delayload-l1-1-1
ResolveDelayLoadedAPI
api-ms-win-core-delayload-l1-1-0
DelayLoadFailureHook
api-ms-win-core-apiquery-l1-1-0
ApiSetQueryApiSetPresence
Exports
Exports
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
Sections
.text Size: 134KB - Virtual size: 133KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 57KB - Virtual size: 57KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 1KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 10KB - Virtual size: 10KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.didat Size: 512B - Virtual size: 208B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 2KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
__x64___setup___x32__/vmrdvcore/perfctrs.dll.dll windows:10 windows x64 arch:x64
2405ad06873b3990210b1b04a23682fd
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
PDB Paths
perfctrs.pdb
Imports
msvcrt
__C_specific_handler
isprint
_initterm
malloc
free
_amsg_exit
_XcptFilter
wcsnlen
memmove
ntdll
RtlLookupFunctionEntry
RtlCaptureContext
NtWaitForSingleObject
NtCreateFile
RtlInitString
RtlFreeUnicodeString
RtlVirtualUnwind
NtOpenFile
RtlIntegerToUnicodeString
RtlNtStatusToDosError
NtClose
NtDeviceIoControlFile
RtlReAllocateHeap
RtlCopyUnicodeString
RtlInitUnicodeString
RtlAnsiStringToUnicodeString
api-ms-win-core-heap-l1-1-0
HeapAlloc
HeapFree
HeapReAlloc
api-ms-win-core-registry-l1-1-0
RegOpenKeyExA
RegQueryValueExW
RegOpenKeyExW
RegQueryValueExA
RegCloseKey
iphlpapi
GetIcmpStatisticsEx
GetTcpStatisticsEx
GetUdpStatisticsEx
FreeMibTable
GetIpStatisticsEx
GetIfTable2
GetNumberOfInterfaces
api-ms-win-core-errorhandling-l1-1-0
GetLastError
SetUnhandledExceptionFilter
UnhandledExceptionFilter
api-ms-win-core-kernel32-legacy-l1-1-0
GetComputerNameA
api-ms-win-core-memory-l1-1-0
CreateFileMappingW
UnmapViewOfFile
MapViewOfFile
api-ms-win-core-handle-l1-1-0
CloseHandle
api-ms-win-core-synch-l1-2-0
Sleep
api-ms-win-core-processthreads-l1-1-0
GetCurrentProcessId
GetCurrentProcess
TerminateProcess
GetCurrentThreadId
api-ms-win-core-profile-l1-1-0
QueryPerformanceCounter
api-ms-win-core-sysinfo-l1-1-0
GetSystemTimeAsFileTime
GetTickCount
api-ms-win-eventlog-legacy-l1-1-0
RegisterEventSourceW
DeregisterEventSource
ReportEventW
ReportEventA
nsi
NsiGetAllParameters
Exports
Exports
CloseDhcpPerformanceData
CloseIPXPerformanceData
CloseNWNBPerformanceData
CloseNbfPerformanceData
CloseSPXPerformanceData
CloseTcpIpPerformanceData
CollectDhcpPerformanceData
CollectIPXPerformanceData
CollectNWNBPerformanceData
CollectNbfPerformanceData
CollectSPXPerformanceData
CollectTcpIpPerformanceData
OpenDhcpPerformanceData
OpenIPXPerformanceData
OpenNWNBPerformanceData
OpenNbfPerformanceData
OpenSPXPerformanceData
OpenTcpIpPerformanceData
Sections
.text Size: 22KB - Virtual size: 21KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 7KB - Virtual size: 6KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 9KB - Virtual size: 15KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 1024B - Virtual size: 576B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 6KB - Virtual size: 5KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 44B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
__x64___setup___x32__/vmrdvcore/tapisrv.dll.dll windows:10 windows x64 arch:x64
6aba8903eb7e4be23e07d9607806e424
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
PDB Paths
tapisrv.pdb
Imports
msvcrt
free
_initterm
_vsnprintf
memmove
_amsg_exit
malloc
_XcptFilter
_itow
_wcsnicmp
wcsncmp
_wtol
wcsstr
wcschr
_wcsupr
_wcsicmp
_vsnwprintf
__C_specific_handler
memcpy
memset
api-ms-win-core-registry-l1-1-0
RegOpenKeyExW
RegQueryValueExW
RegSetValueExW
RegEnumKeyExW
RegCreateKeyExW
RegQueryValueExA
RegOpenKeyExA
RegNotifyChangeKeyValue
RegDeleteValueW
RegEnumValueW
RegCloseKey
RegDeleteKeyExW
RegOpenCurrentUser
RegQueryInfoKeyW
rpcrt4
RpcServerUseProtseqEpW
RpcServerInqDefaultPrincNameW
RpcBindingFromStringBindingW
RpcMgmtSetCancelTimeout
RpcRevertToSelf
RpcBindingSetAuthInfoW
RpcServerUnregisterIf
RpcStringBindingComposeW
I_RpcExceptionFilter
RpcStringFreeW
NdrServerCall2
NdrServerCallAll
NdrClientCall3
RpcCancelThread
RpcServerInqCallAttributesW
RpcBindingFree
RpcServerRegisterAuthInfoW
RpcServerListen
RpcServerRegisterIfEx
RpcImpersonateClient
api-ms-win-service-core-l1-1-0
SetServiceStatus
api-ms-win-service-winsvc-l1-1-0
RegisterServiceCtrlHandlerW
api-ms-win-service-management-l1-1-0
CloseServiceHandle
OpenSCManagerW
OpenServiceW
api-ms-win-service-management-l2-1-0
ChangeServiceConfigW
kernel32
GetSystemTime
DelayLoadFailureHook
ResolveDelayLoadedAPI
GetWindowsDirectoryW
GlobalFree
DeleteFileW
GlobalAlloc
GetCurrentProcessId
QueryPerformanceCounter
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetLocalTime
lstrlenA
OutputDebugStringA
GetSystemTimeAsFileTime
LocalFree
K32EnumProcesses
FileTimeToSystemTime
GetSystemWindowsDirectoryW
MapViewOfFile
CreateFileMappingW
WritePrivateProfileSectionW
GetFileSize
GetCurrentDirectoryW
IsDBCSLeadByte
GetFileAttributesExW
GetPrivateProfileStringW
UnmapViewOfFile
GetSystemDirectoryW
FindClose
GetPrivateProfileSectionW
FindNextFileW
FindFirstFileW
lstrcmpiW
GetProcessHeap
GetComputerNameW
DeleteCriticalSection
GetProcAddress
HeapDestroy
HeapCompact
HeapAlloc
ResetEvent
CreateThread
GetSystemInfo
GetCurrentThread
DisableThreadLibraryCalls
CreateEventW
OpenProcess
ExitThread
GetComputerNameExW
GetPrivateProfileSectionNamesW
OpenEventW
CreateFileW
InitializeCriticalSectionAndSpinCount
SetThreadPriority
WaitForMultipleObjects
GetPrivateProfileIntW
UnregisterWait
WriteFile
GetCurrentProcess
EnterCriticalSection
lstrlenW
LeaveCriticalSection
CreateMutexW
WaitForSingleObject
LocalAlloc
GetCurrentThreadId
ReleaseMutex
DuplicateHandle
MultiByteToWideChar
Sleep
GetLastError
SetEvent
CloseHandle
LoadLibraryW
FreeLibrary
HeapFree
GetTickCount
HeapCreate
WritePrivateProfileStringW
CompareStringW
api-ms-win-core-com-l1-1-0
CoUninitialize
CoInitializeEx
CoCreateInstance
Exports
Exports
ServiceMain
SvchostPushServiceGlobals
Sections
.text Size: 239KB - Virtual size: 238KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 59KB - Virtual size: 58KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 512B - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 5KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.didat Size: 512B - Virtual size: 496B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 3KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 1024B - Virtual size: 960B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
__x64___setup___x32__/vmrdvcore/vmrdvcore.dll.dll windows:10 windows x64 arch:x64
055a22c998dd9328accc6de5710f416b
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
PDB Paths
vmrdvcore.pdb
Imports
msvcrt
_callnewh
??0exception@@QEAA@AEBQEBD@Z
swprintf_s
_purecall
_wcsicmp
??0exception@@QEAA@AEBQEBDH@Z
??0exception@@QEAA@AEBV0@@Z
??1exception@@UEAA@XZ
?what@exception@@UEBAPEBDXZ
_CxxThrowException
??_V@YAXPEAX@Z
?terminate@@YAXXZ
??1type_info@@UEAA@XZ
_vsnwprintf
_XcptFilter
wcscspn
??3@YAXPEAX@Z
_vsnwprintf_s
wcsrchr
wcsncmp
_wcsnicmp
_wtol
wcschr
memmove
__CxxFrameHandler3
iswalpha
memcmp
_onexit
__dllonexit
_unlock
_lock
__C_specific_handler
_initterm
malloc
free
_amsg_exit
memcpy
memset
api-ms-win-core-heap-l2-1-0
LocalFree
LocalAlloc
api-ms-win-core-libraryloader-l1-2-0
GetModuleHandleExW
FreeLibrary
GetProcAddress
DisableThreadLibraryCalls
GetModuleHandleW
LoadLibraryExW
api-ms-win-core-synch-l1-2-0
SleepConditionVariableSRW
Sleep
WakeAllConditionVariable
api-ms-win-core-profile-l1-1-0
QueryPerformanceCounter
api-ms-win-core-processthreads-l1-1-0
GetCurrentProcessId
CreateThread
GetExitCodeProcess
GetCurrentProcess
OpenThreadToken
GetExitCodeThread
GetCurrentThread
CreateProcessW
SuspendThread
OpenProcessToken
TerminateProcess
GetCurrentThreadId
ResumeThread
api-ms-win-core-sysinfo-l1-1-0
GetComputerNameExW
GetVersionExW
GetTickCount
GetSystemTimeAsFileTime
GetLocalTime
api-ms-win-core-rtlsupport-l1-1-0
RtlLookupFunctionEntry
RtlCaptureContext
RtlVirtualUnwind
api-ms-win-core-errorhandling-l1-1-0
SetUnhandledExceptionFilter
SetLastError
GetLastError
UnhandledExceptionFilter
api-ms-win-core-synch-l1-1-0
OpenEventW
SetEvent
InitializeCriticalSectionAndSpinCount
ResetEvent
WaitForSingleObject
AcquireSRWLockExclusive
CreateEventW
ReleaseSRWLockExclusive
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
api-ms-win-eventing-classicprovider-l1-1-0
RegisterTraceGuidsW
UnregisterTraceGuids
GetTraceEnableFlags
GetTraceEnableLevel
GetTraceLoggerHandle
TraceMessage
api-ms-win-core-heap-l1-1-0
HeapFree
HeapAlloc
GetProcessHeap
api-ms-win-core-threadpool-l1-2-0
CallbackMayRunLong
SubmitThreadpoolWork
WaitForThreadpoolWorkCallbacks
CreateThreadpoolWork
CloseThreadpoolWork
api-ms-win-core-handle-l1-1-0
CloseHandle
api-ms-win-core-com-l1-1-0
CoSetProxyBlanket
CLSIDFromString
CoUninitialize
CoInitializeEx
CoCreateGuid
CoCreateInstanceEx
StringFromGUID2
CoCreateInstance
CoTaskMemFree
api-ms-win-core-synch-l1-2-1
WaitForMultipleObjects
api-ms-win-security-lsapolicy-l1-1-0
LsaClose
LsaOpenPolicy
LsaFreeMemory
LsaQueryInformationPolicy
api-ms-win-service-management-l1-1-0
OpenSCManagerW
CloseServiceHandle
OpenServiceW
StartServiceW
netutils
NetApiBufferFree
api-ms-win-service-winsvc-l1-1-0
QueryServiceStatus
api-ms-win-core-registry-l1-1-0
RegQueryValueExW
RegUnLoadKeyW
RegLoadKeyW
RegDeleteTreeW
RegCreateKeyExW
RegGetValueW
RegSetValueExW
RegCloseKey
RegDeleteValueW
RegOpenKeyExW
RegNotifyChangeKeyValue
RegEnumKeyExW
api-ms-win-core-file-l1-1-0
FindNextFileW
FindFirstFileW
FindClose
CreateFileW
WriteFile
RemoveDirectoryW
GetLongPathNameW
GetShortPathNameW
GetFileAttributesW
CreateDirectoryW
SetFileAttributesW
FindFirstVolumeW
DeleteFileW
FindNextVolumeW
FindVolumeClose
ReadFile
DeleteVolumeMountPointW
api-ms-win-shcore-registry-l1-1-0
SHGetValueW
api-ms-win-core-kernel32-legacy-l1-1-0
GetComputerNameW
MoveFileW
oleaut32
VariantClear
VariantInit
SysAllocString
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayAccessData
SafeArrayUnaccessData
SafeArrayDestroy
SafeArrayUnlock
SafeArrayCreate
SafeArrayRedim
SafeArrayLock
VarBstrCmp
VariantTimeToSystemTime
SysStringByteLen
SysStringLen
SysFreeString
userenv
DeleteProfileW
GetUserProfileDirectoryW
GetProfilesDirectoryW
RefreshPolicyEx
api-ms-win-security-lsalookup-l2-1-0
LookupAccountSidW
LookupPrivilegeValueW
iphlpapi
GetAdaptersAddresses
ws2_32
InetNtopW
WSAGetLastError
api-ms-win-security-sddl-l1-1-0
ConvertStringSecurityDescriptorToSecurityDescriptorW
ConvertSidToStringSidW
ConvertStringSidToSidW
samcli
NetLocalGroupDelMembers
NetLocalGroupAddMembers
api-ms-win-security-base-l1-1-0
GetFileSecurityW
GetAce
SetSecurityDescriptorDacl
GetSecurityDescriptorDacl
CreateWellKnownSid
GetLengthSid
DeleteAce
EqualSid
AdjustTokenPrivileges
IsValidSid
SetFileSecurityW
GetAclInformation
MakeAbsoluteSD
api-ms-win-core-string-l1-1-0
CompareStringEx
api-ms-win-core-registry-l2-1-0
RegDeleteKeyW
api-ms-win-service-management-l2-1-0
NotifyServiceStatusChangeW
xmllite
CreateXmlReader
api-ms-win-shcore-stream-l1-1-0
SHCreateMemStream
api-ms-win-security-provider-l1-1-0
SetEntriesInAclW
rpcrt4
UuidToStringW
RpcServerUseProtseqEpW
RpcServerInqBindings
RpcEpRegisterW
RpcServerRegisterAuthInfoW
RpcServerRegisterIfEx
RpcBindingVectorFree
RpcBindingInqAuthClientW
RpcBindingToStringBindingW
RpcStringBindingParseW
RpcEpUnregister
UuidCompare
RpcBindingFree
RpcStringBindingComposeW
RpcStringFreeW
RpcBindingFromStringBindingW
RpcEpResolveBinding
RpcServerUnregisterIf
RpcRaiseException
NdrServerCallAll
NdrServerCall2
RpcAsyncInitializeHandle
RpcAsyncCompleteCall
RpcAsyncCancelCall
Ndr64AsyncClientCall
UuidCreate
api-ms-win-core-kernel32-legacy-l1-1-1
SetVolumeMountPointW
VerifyVersionInfoW
api-ms-win-core-file-l2-1-0
GetFileInformationByHandleEx
MoveFileWithProgressW
CopyFileExW
CreateSymbolicLinkW
api-ms-win-core-heap-obsolete-l1-1-0
LocalSize
api-ms-win-core-libraryloader-l1-2-1
LoadLibraryW
api-ms-win-core-file-l1-2-0
GetVolumePathNamesForVolumeNameW
GetVolumeNameForVolumeMountPointW
api-ms-win-security-systemfunctions-l1-1-0
SystemFunction036
api-ms-win-core-io-l1-1-0
DeviceIoControl
GetOverlappedResult
srvcli
NetShareGetInfo
api-ms-win-core-namedpipe-l1-1-0
CreateNamedPipeW
SetNamedPipeHandleState
ConnectNamedPipe
DisconnectNamedPipe
api-ms-win-core-io-l1-1-1
CancelIo
advapi32
LsaNtStatusToWinError
netapi32
I_NetLogonControl2
virtdisk
OpenVirtualDisk
DetachVirtualDisk
GetVirtualDiskPhysicalPath
AttachVirtualDisk
wtsapi32
WTSSendMessageW
api-ms-win-core-shutdown-l1-1-1
InitiateShutdownW
api-ms-win-core-sysinfo-l1-2-0
VerSetConditionMask
api-ms-win-core-timezone-l1-1-0
TzSpecificLocalTimeToSystemTime
SystemTimeToFileTime
api-ms-win-core-delayload-l1-1-1
ResolveDelayLoadedAPI
api-ms-win-core-delayload-l1-1-0
DelayLoadFailureHook
Exports
Exports
VmRdvCore_CreateInstance
VmRdvCore_GetInstance
VmRdvCore_TerminateInstance
Sections
.text Size: 305KB - Virtual size: 305KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 130KB - Virtual size: 129KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 512B - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 7KB - Virtual size: 7KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.didat Size: 512B - Virtual size: 320B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 1024B - Virtual size: 1024B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 2KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ