General

Malware Config

Signatures

Files

• AdobePremierePro.rar

  .rar

  Password: 7575

• AdobePremierePro.exe

  .exe windows x64

  Password: 7575

  4cea7ae85c87ddc7295d39ff9cda31d1

  
  

  Code Sign

  0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd

  Certificate

  Issuer

  CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

  Not Before

  01-01-2021 00:00

  Not After

  06-01-2031 00:00

  Subject

  CN=DigiCert Timestamp 2021,O=DigiCert\, Inc.,C=US

  Extended Key Usages

  ExtKeyUsageTimeStamping

  Key Usages

  KeyUsageDigitalSignature

  0a:1f:3a:05:7a:1d:ce:4b:f7:d7:6d:0c:7a:df:83:7e

  Certificate

  Issuer

  CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

  Not Before

  22-11-2019 00:00

  Not After

  04-02-2023 12:00

  Subject

  CN=Beijing Qihu Technology Co.\, Ltd.,O=Beijing Qihu Technology Co.\, Ltd.,ST=Beijing,C=CN

  Extended Key Usages

  ExtKeyUsageCodeSigning

  Key Usages

  KeyUsageDigitalSignature

  0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15

  Certificate

  Issuer

  CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

  Not Before

  07-01-2016 12:00

  Not After

  07-01-2031 12:00

  Subject

  CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

  Extended Key Usages

  ExtKeyUsageTimeStamping

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageCertSign

  KeyUsageCRLSign

  0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bd

  Certificate

  Issuer

  CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

  Not Before

  11-02-2011 12:00

  Not After

  10-02-2026 12:00

  Subject

  CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

  Extended Key Usages

  ExtKeyUsageCodeSigning

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageCertSign

  KeyUsageCRLSign

  04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08

  Certificate

  Issuer

  CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

  Not Before

  22-10-2013 12:00

  Not After

  22-10-2028 12:00

  Subject

  CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

  Extended Key Usages

  ExtKeyUsageCodeSigning

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageCertSign

  KeyUsageCRLSign

  0c:83:09:ba:16:54:68:50:e6:05:e7:5d:77:3e:56:de

  Certificate

  Issuer

  CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

  Not Before

  22-11-2019 00:00

  Not After

  04-02-2023 12:00

  Subject

  CN=Beijing Qihu Technology Co.\, Ltd.,O=Beijing Qihu Technology Co.\, Ltd.,ST=Beijing,C=CN

  Extended Key Usages

  ExtKeyUsageCodeSigning

  Key Usages

  KeyUsageDigitalSignature

  01:a8:f7:25:76:dc:7b:14:7a:18:63:9e:8d:4d:eb:37

  Certificate

  Issuer

  CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

  Not Before

  28-01-2021 11:08

  Not After

  01-03-2032 11:08

  Subject

  CN=Globalsign TSA for CodeSign1 - R6,O=GlobalSign nv-sa,C=BE

  Extended Key Usages

  ExtKeyUsageTimeStamping

  Key Usages

  KeyUsageDigitalSignature

  01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74

  Certificate

  Issuer

  CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

  Not Before

  20-06-2018 00:00

  Not After

  10-12-2034 00:00

  Subject

  CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageCertSign

  KeyUsageCRLSign

  45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51

  Certificate

  Issuer

  CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

  Not Before

  10-12-2014 00:00

  Not After

  10-12-2034 00:00

  Subject

  CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

  Key Usages

  KeyUsageCertSign

  KeyUsageCRLSign

  ba:b0:08:8c:1a:30:e9:e2:7e:85:89:5f:72:58:10:b0:b7:e1:e7:57:e2:6a:b4:11:dc:ca:24:10:6b:9b:35:cb

  Signer

  Actual PE Digest

  ba:b0:08:8c:1a:30:e9:e2:7e:85:89:5f:72:58:10:b0:b7:e1:e7:57:e2:6a:b4:11:dc:ca:24:10:6b:9b:35:cb

  Digest Algorithm

  sha256

  PE Digest Matches

  false

  Signature Validations

  Trusted

  true

  Verification

  Signing Certificate

  CN=Beijing Qihu Technology Co.\, Ltd.,O=Beijing Qihu Technology Co.\, Ltd.,ST=Beijing,C=CN

  09-12-2021 06:59

  Valid: true

  Chain 1

  CN=Beijing Qihu Technology Co.\, Ltd.,O=Beijing Qihu Technology Co.\, Ltd.,ST=Beijing,C=CN

  CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

  CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

  62:2e:66:cf:37:07:56:56:6d:d5:ac:6c:e0:36:82:18:f3:b3:e5:29

  Signer

  Actual PE Digest

  62:2e:66:cf:37:07:56:56:6d:d5:ac:6c:e0:36:82:18:f3:b3:e5:29

  Digest Algorithm

  sha1

  PE Digest Matches

  false

  Signature Validations

  Trusted

  false

  Verification

  Signing Certificate

  CN=Beijing Qihu Technology Co.\, Ltd.,O=Beijing Qihu Technology Co.\, Ltd.,ST=Beijing,C=CN

  09-12-2021 06:58

  Valid: false

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA

  IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

  IMAGE_DLLCHARACTERISTICS_NX_COMPAT

  IMAGE_DLLCHARACTERISTICS_GUARD_CF

  IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_LARGE_ADDRESS_AWARE

  Imports

  advapi32

  GetTokenInformation

  RegDeleteValueA

  RegOpenKeyExA

  RegQueryInfoKeyA

  FreeSid

  OpenProcessToken

  RegSetValueExA

  RegCreateKeyExA

  LookupPrivilegeValueA

  AllocateAndInitializeSid

  RegQueryValueExA

  EqualSid

  RegCloseKey

  AdjustTokenPrivileges

  kernel32

  _lopen

  _llseek

  CompareStringA

  GetLastError

  GetFileAttributesA

  GetSystemDirectoryA

  LoadLibraryA

  DeleteFileA

  GlobalAlloc

  GlobalFree

  CloseHandle

  WritePrivateProfileStringA

  IsDBCSLeadByte

  GetWindowsDirectoryA

  SetFileAttributesA

  GetProcAddress

  GlobalLock

  LocalFree

  RemoveDirectoryA

  FreeLibrary

  _lclose

  CreateDirectoryA

  GetPrivateProfileIntA

  GetPrivateProfileStringA

  GlobalUnlock

  ReadFile

  SizeofResource

  WriteFile

  GetDriveTypeA

  LoadLibraryExA

  SetFileTime

  SetFilePointer

  FindResourceA

  CreateMutexA

  GetVolumeInformationA

  WaitForSingleObject

  GetCurrentDirectoryA

  FreeResource

  GetVersion

  SetCurrentDirectoryA

  GetTempPathA

  LocalFileTimeToFileTime

  CreateFileA

  SetEvent

  TerminateThread

  GetVersionExA

  LockResource

  GetSystemInfo

  CreateThread

  ResetEvent

  LoadResource

  ExitProcess

  GetModuleHandleW

  CreateProcessA

  FormatMessageA

  GetTempFileNameA

  DosDateTimeToFileTime

  CreateEventA

  GetExitCodeProcess

  ExpandEnvironmentStringsA

  LocalAlloc

  lstrcmpA

  FindNextFileA

  GetCurrentProcess

  FindFirstFileA

  GetModuleFileNameA

  GetShortPathNameA

  Sleep

  GetStartupInfoW

  RtlCaptureContext

  RtlLookupFunctionEntry

  RtlVirtualUnwind

  UnhandledExceptionFilter

  SetUnhandledExceptionFilter

  TerminateProcess

  QueryPerformanceCounter

  GetCurrentProcessId

  GetCurrentThreadId

  GetSystemTimeAsFileTime

  GetTickCount

  EnumResourceLanguagesA

  GetDiskFreeSpaceA

  MulDiv

  FindClose

  gdi32

  GetDeviceCaps

  user32

  ShowWindow

  MsgWaitForMultipleObjects

  SetWindowPos

  GetDC

  GetWindowRect

  DispatchMessageA

  GetSystemMetrics

  CallWindowProcA

  SetWindowTextA

  MessageBoxA

  SendDlgItemMessageA

  SendMessageA

  GetDlgItem

  DialogBoxIndirectParamA

  GetWindowLongPtrA

  SetWindowLongPtrA

  SetForegroundWindow

  ReleaseDC

  EnableWindow

  CharNextA

  LoadStringA

  CharPrevA

  EndDialog

  MessageBeep

  ExitWindowsEx

  SetDlgItemTextA

  CharUpperA

  GetDesktopWindow

  PeekMessageA

  GetDlgItemTextA

  msvcrt

  ?terminate@@YAXXZ

  _commode

  _fmode

  _acmdln

  __C_specific_handler

  memset

  __setusermatherr

  _ismbblead

  _cexit

  _exit

  exit

  __set_app_type

  __getmainargs

  _amsg_exit

  _XcptFilter

  memcpy_s

  _vsnprintf

  _initterm

  memcpy

  comctl32

  ord17

  cabinet

  ord20

  ord21

  ord23

  ord22

  version

  VerQueryValueA

  GetFileVersionInfoSizeA

  GetFileVersionInfoA

  Sections

  .text

  Size: 31KB - Virtual size: 30KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: 9KB - Virtual size: 8KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: 1024B - Virtual size: 7KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .pdata

  Size: 1KB - Virtual size: 1KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .rsrc

  Size: 499KB - Virtual size: 499KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .reloc

  Size: 512B - Virtual size: 32B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ

• port/cont/rich/kaps/unbcl.dll

  .dll windows x64

  Password: 7575

  17a4cb05f783d1732c260e2ba0b5ca43

  
  

  Code Sign

  33:00:00:03:3c:89:c6:6a:7b:45:bb:1f:bd:00:00:00:00:03:3c

  Certificate

  Issuer

  CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

  Not Before

  02-09-2021 18:23

  Not After

  01-09-2022 18:23

  Subject

  CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

  Extended Key Usages

  ExtKeyUsageCodeSigning

  61:07:76:56:00:00:00:00:00:08

  Certificate

  Issuer

  CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

  Not Before

  19-10-2011 18:41

  Not After

  19-10-2026 18:51

  Subject

  CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageCertSign

  KeyUsageCRLSign

  33:5e:45:4f:2f:14:1c:93:13:8b:54:c6:38:54:9d:36:76:1a:98:9f:f2:99:ba:ef:e0:e1:dc:ff:94:22:37:7d

  Signer

  Actual PE Digest

  33:5e:45:4f:2f:14:1c:93:13:8b:54:c6:38:54:9d:36:76:1a:98:9f:f2:99:ba:ef:e0:e1:dc:ff:94:22:37:7d

  Digest Algorithm

  sha256

  PE Digest Matches

  true

  Signature Validations

  Trusted

  false

  Verification

  Signing Certificate

  CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

  20-02-2023 17:34

  Valid: false

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA

  IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

  IMAGE_DLLCHARACTERISTICS_NX_COMPAT

  IMAGE_DLLCHARACTERISTICS_GUARD_CF

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_LARGE_ADDRESS_AWARE

  IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP

  IMAGE_FILE_NET_RUN_FROM_SWAP

  Imports

  msvcrt

  _unlock

  _lock

  ??1type_info@@UEAA@XZ

  ?terminate@@YAXXZ

  _initterm

  _amsg_exit

  _XcptFilter

  _CxxThrowException

  _callnewh

  ?what@exception@@UEBAPEBDXZ

  ??1exception@@UEAA@XZ

  ??0exception@@QEAA@AEBV0@@Z

  ??0exception@@QEAA@AEBQEBDH@Z

  _isnan

  wcsncmp

  _wcsnicmp

  iswprint

  wcsncpy_s

  _onexit

  __RTtypeid

  _vsnprintf

  _wtoi64

  __C_specific_handler

  printf

  _wcsncoll

  iswalpha

  iswdigit

  towlower

  ?name@type_info@@QEBAPEBDXZ

  calloc

  wcscspn

  malloc

  memmove_s

  wcsrchr

  wcscoll

  free

  _wcslwr_s

  wcsspn

  _wcsupr_s

  wcsstr

  wcschr

  _vscwprintf

  wcspbrk

  _purecall

  vswprintf_s

  iswspace

  _wcsrev

  _wcsicmp

  memcpy_s

  _wcsicoll

  memmove

  memcpy

  __RTDynamicCast

  __dllonexit

  towupper

  __CxxFrameHandler3

  memset

  ntdll

  RtlCaptureContext

  RtlVirtualUnwind

  NtSetInformationFile

  RtlGetVersion

  NtQuerySystemInformation

  RtlNtStatusToDosError

  RtlLookupFunctionEntry

  oleaut32

  VariantChangeType

  VariantClear

  SysAllocStringLen

  SysFreeString

  SysAllocString

  SysReAllocStringLen

  VariantInit

  advapi32

  RegQueryInfoKeyW

  RegCreateKeyExW

  RegEnumKeyExW

  RegSetValueExW

  RegDeleteValueW

  RegEnumValueW

  RegCloseKey

  RegOpenKeyExW

  RegQueryValueExW

  kernel32

  SetUnhandledExceptionFilter

  UnhandledExceptionFilter

  RaiseException

  HeapDestroy

  HeapSize

  GlobalAlloc

  CreateThread

  Sleep

  DuplicateHandle

  ResumeThread

  VirtualQuery

  CreateProcessW

  ReleaseMutex

  CreateMutexW

  SetEvent

  CreateEventW

  WaitForSingleObject

  ReleaseSemaphore

  CreateSemaphoreExW

  DebugBreak

  GetProcessHeap

  HeapCompact

  HeapAlloc

  HeapReAlloc

  TerminateProcess

  HeapValidate

  GetCurrentProcess

  HeapFree

  FlushFileBuffers

  GetFileType

  GetFileSize

  SetEndOfFile

  SetFilePointer

  WriteFile

  ReadFile

  GetFullPathNameW

  GetTempFileNameW

  FindNextFileNameW

  DeleteFileW

  SetFileInformationByHandle

  GetFileInformationByHandle

  FindFirstFileNameW

  GetFileInformationByHandleEx

  LoadLibraryExA

  VirtualProtect

  LoadLibraryExW

  GetEnvironmentStringsW

  FreeLibrary

  GlobalMemoryStatusEx

  GetComputerNameW

  GetProcAddress

  GetSystemInfo

  GetSystemDefaultLangID

  FreeEnvironmentStringsW

  GetVersionExW

  SetEnvironmentVariableW

  ExpandEnvironmentStringsW

  ReleaseSRWLockExclusive

  AcquireSRWLockExclusive

  WakeAllConditionVariable

  SleepConditionVariableSRW

  QueryPerformanceCounter

  GetCurrentProcessId

  GetCurrentThreadId

  GetTickCount

  GetCurrentThread

  SetFileTime

  SizeofResource

  EnterCriticalSection

  LeaveCriticalSection

  InitializeCriticalSection

  GetEnvironmentVariableW

  MultiByteToWideChar

  FormatMessageW

  LockResource

  FindResourceExW

  LoadResource

  LocalFree

  DeleteCriticalSection

  ExitProcess

  OutputDebugStringA

  LocalFileTimeToFileTime

  GetLocalTime

  SystemTimeToFileTime

  GetSystemTimeAsFileTime

  CreateDirectoryW

  FindFirstFileW

  SetLastError

  FindNextFileW

  DeviceIoControl

  RemoveDirectoryW

  GetLogicalDrives

  GetModuleFileNameW

  SetErrorMode

  GetTempPathW

  FindClose

  LocalAlloc

  CreateFileW

  GetFileAttributesW

  GetSystemDirectoryW

  SetFileAttributesW

  GetLastError

  GetFileAttributesExW

  CloseHandle

  GetCurrentDirectoryW

  GetWindowsDirectoryW

  MoveFileExW

  GetModuleHandleW

  CopyFileExW

  GetFileTime

  ole32

  CoCreateInstance

  CoSetProxyBlanket

  CoInitializeEx

  CreateStreamOnHGlobal

  CoUninitialize

  Exports

  Exports

  ??0?$Array@E@UnBCL@@IEAA@XZ

  ??0?$Array@E@UnBCL@@QEAA@AEBV01@@Z

  ??0?$Array@E@UnBCL@@QEAA@HH@Z

  ??0?$Array@E@UnBCL@@QEAA@PEBU?$ICollection@E@1@@Z

  ??0?$Array@G@UnBCL@@IEAA@XZ

  ??0?$Array@G@UnBCL@@QEAA@AEBV01@@Z

  ??0?$Array@G@UnBCL@@QEAA@HH@Z

  ??0?$Array@G@UnBCL@@QEAA@PEBU?$ICollection@G@1@@Z

  ??0?$Array@H@UnBCL@@IEAA@XZ

  ??0?$Array@H@UnBCL@@QEAA@AEBV01@@Z

  ??0?$Array@H@UnBCL@@QEAA@HH@Z

  ??0?$Array@H@UnBCL@@QEAA@PEBU?$ICollection@H@1@@Z

  ??0?$Array@PEAVObject@UnBCL@@@UnBCL@@IEAA@XZ

  ??0?$Array@PEAVObject@UnBCL@@@UnBCL@@QEAA@AEBV01@@Z

  ??0?$Array@PEAVObject@UnBCL@@@UnBCL@@QEAA@HH@Z

  ??0?$Array@PEAVObject@UnBCL@@@UnBCL@@QEAA@PEBU?$ICollection@PEAVObject@UnBCL@@@1@@Z

  ??0?$Array@PEAVString@UnBCL@@@UnBCL@@IEAA@XZ

  ??0?$Array@PEAVString@UnBCL@@@UnBCL@@QEAA@AEBV01@@Z

  ??0?$Array@PEAVString@UnBCL@@@UnBCL@@QEAA@HH@Z

  ??0?$Array@PEAVString@UnBCL@@@UnBCL@@QEAA@PEBU?$ICollection@PEAVString@UnBCL@@@1@@Z

  ??0?$ArrayList@G@UnBCL@@AEAA@AEBV01@@Z

  ??0?$ArrayList@G@UnBCL@@QEAA@HH@Z

  ??0?$ArrayList@G@UnBCL@@QEAA@PEBU?$ICollection@G@1@@Z

  ??0?$ArrayList@G@UnBCL@@QEAA@XZ

  ??0?$ArrayList@PEAVString@UnBCL@@@UnBCL@@AEAA@AEBV01@@Z

  ??0?$ArrayList@PEAVString@UnBCL@@@UnBCL@@QEAA@HH@Z

  ??0?$ArrayList@PEAVString@UnBCL@@@UnBCL@@QEAA@PEBU?$ICollection@PEAVString@UnBCL@@@1@@Z

  ??0?$ArrayList@PEAVString@UnBCL@@@UnBCL@@QEAA@XZ

  ??0?$CSimpleStringT@G$0A@@ATL@@QEAA@AEBV01@@Z

  ??0?$CSimpleStringT@G$0A@@ATL@@QEAA@AEBV?$CSimpleStringT@G$00@1@@Z

  ??0?$CSimpleStringT@G$0A@@ATL@@QEAA@PEAUIAtlStringMgr@1@@Z

  ??0?$CSimpleStringT@G$0A@@ATL@@QEAA@PEBGHPEAUIAtlStringMgr@1@@Z

  ??0?$CSimpleStringT@G$0A@@ATL@@QEAA@PEBGPEAUIAtlStringMgr@1@@Z

  ??0?$CStringT@GV?$StrTraitATL@GV?$ChTraitsCRT@G@ATL@@@ATL@@@ATL@@QEAA@AEBUtagVARIANT@@@Z

  ??0?$CStringT@GV?$StrTraitATL@GV?$ChTraitsCRT@G@ATL@@@ATL@@@ATL@@QEAA@AEBUtagVARIANT@@PEAUIAtlStringMgr@1@@Z

  ??0?$CStringT@GV?$StrTraitATL@GV?$ChTraitsCRT@G@ATL@@@ATL@@@ATL@@QEAA@AEBV01@@Z

  ??0?$CStringT@GV?$StrTraitATL@GV?$ChTraitsCRT@G@ATL@@@ATL@@@ATL@@QEAA@DH@Z

  ??0?$CStringT@GV?$StrTraitATL@GV?$ChTraitsCRT@G@ATL@@@ATL@@@ATL@@QEAA@GH@Z

  ??0?$CStringT@GV?$StrTraitATL@GV?$ChTraitsCRT@G@ATL@@@ATL@@@ATL@@QEAA@PEAUIAtlStringMgr@1@@Z

  ??0?$CStringT@GV?$StrTraitATL@GV?$ChTraitsCRT@G@ATL@@@ATL@@@ATL@@QEAA@PEBD@Z

  ??0?$CStringT@GV?$StrTraitATL@GV?$ChTraitsCRT@G@ATL@@@ATL@@@ATL@@QEAA@PEBDH@Z

  ??0?$CStringT@GV?$StrTraitATL@GV?$ChTraitsCRT@G@ATL@@@ATL@@@ATL@@QEAA@PEBDHPEAUIAtlStringMgr@1@@Z

  ??0?$CStringT@GV?$StrTraitATL@GV?$ChTraitsCRT@G@ATL@@@ATL@@@ATL@@QEAA@PEBDPEAUIAtlStringMgr@1@@Z

  ??0?$CStringT@GV?$StrTraitATL@GV?$ChTraitsCRT@G@ATL@@@ATL@@@ATL@@QEAA@PEBE@Z

  ??0?$CStringT@GV?$StrTraitATL@GV?$ChTraitsCRT@G@ATL@@@ATL@@@ATL@@QEAA@PEBEPEAUIAtlStringMgr@1@@Z

  ??0?$CStringT@GV?$StrTraitATL@GV?$ChTraitsCRT@G@ATL@@@ATL@@@ATL@@QEAA@PEBG@Z

  ??0?$CStringT@GV?$StrTraitATL@GV?$ChTraitsCRT@G@ATL@@@ATL@@@ATL@@QEAA@PEBGH@Z

  ??0?$CStringT@GV?$StrTraitATL@GV?$ChTraitsCRT@G@ATL@@@ATL@@@ATL@@QEAA@PEBGHPEAUIAtlStringMgr@1@@Z

  ??0?$CStringT@GV?$StrTraitATL@GV?$ChTraitsCRT@G@ATL@@@ATL@@@ATL@@QEAA@PEBGPEAUIAtlStringMgr@1@@Z

  ??0?$CStringT@GV?$StrTraitATL@GV?$ChTraitsCRT@G@ATL@@@ATL@@@ATL@@QEAA@XZ

  ??0?$CollectionBase@PEAVObject@UnBCL@@@UnBCL@@IEAA@XZ

  ??0?$CollectionBase@PEAVObject@UnBCL@@@UnBCL@@QEAA@AEBV01@@Z

  ??0?$Hashtable@PEAVString@UnBCL@@PEAV12@@UnBCL@@QEAA@AEBV01@@Z

  ??0?$Hashtable@PEAVString@UnBCL@@PEAV12@@UnBCL@@QEAA@H@Z

  ??0?$Hashtable@PEAVString@UnBCL@@PEAV12@@UnBCL@@QEAA@HH@Z

  ??0?$Hashtable@PEAVString@UnBCL@@PEAV12@@UnBCL@@QEAA@PEBU?$IDictionary@PEAVString@UnBCL@@PEAV12@@1@@Z

  ??0?$Hashtable@PEAVString@UnBCL@@PEAV12@@UnBCL@@QEAA@XZ

  ??0?$ICollection@E@UnBCL@@QEAA@AEBU01@@Z

  ??0?$ICollection@E@UnBCL@@QEAA@XZ

  ??0?$ICollection@G@UnBCL@@QEAA@AEBU01@@Z

  ??0?$ICollection@G@UnBCL@@QEAA@XZ

  ??0?$ICollection@H@UnBCL@@QEAA@AEBU01@@Z

  ??0?$ICollection@H@UnBCL@@QEAA@XZ

  ??0?$ICollection@PEAVObject@UnBCL@@@UnBCL@@QEAA@AEBU01@@Z

  ??0?$ICollection@PEAVObject@UnBCL@@@UnBCL@@QEAA@XZ

  ??0?$ICollection@PEAVString@UnBCL@@@UnBCL@@QEAA@AEBU01@@Z

  ??0?$ICollection@PEAVString@UnBCL@@@UnBCL@@QEAA@XZ

  ??0?$ICollection@V?$DictionaryEntry@PEAVString@UnBCL@@PEAV12@@UnBCL@@@UnBCL@@QEAA@AEBU01@@Z

  ??0?$ICollection@V?$DictionaryEntry@PEAVString@UnBCL@@PEAV12@@UnBCL@@@UnBCL@@QEAA@XZ

  ??0?$IComparer@PEAVString@UnBCL@@@UnBCL@@QEAA@AEBU01@@Z

  ??0?$IComparer@PEAVString@UnBCL@@@UnBCL@@QEAA@XZ

  ??0?$IDictionary@PEAVString@UnBCL@@PEAV12@@UnBCL@@QEAA@AEBU01@@Z

  ??0?$IDictionary@PEAVString@UnBCL@@PEAV12@@UnBCL@@QEAA@XZ

  ??0?$IEnumerable@E@UnBCL@@QEAA@AEBU01@@Z

  ??0?$IEnumerable@E@UnBCL@@QEAA@XZ

  ??0?$IEnumerable@G@UnBCL@@QEAA@AEBU01@@Z

  ??0?$IEnumerable@G@UnBCL@@QEAA@XZ

  ??0?$IEnumerable@H@UnBCL@@QEAA@AEBU01@@Z

  ??0?$IEnumerable@H@UnBCL@@QEAA@XZ

  ??0?$IEnumerable@PEAVObject@UnBCL@@@UnBCL@@QEAA@AEBU01@@Z

  ??0?$IEnumerable@PEAVObject@UnBCL@@@UnBCL@@QEAA@XZ

  ??0?$IEnumerable@PEAVString@UnBCL@@@UnBCL@@QEAA@AEBU01@@Z

  ??0?$IEnumerable@PEAVString@UnBCL@@@UnBCL@@QEAA@XZ

  ??0?$IEnumerable@PEBG@UnBCL@@QEAA@AEBU01@@Z

  ??0?$IEnumerable@PEBG@UnBCL@@QEAA@XZ

  ??0?$IEnumerable@V?$DictionaryEntry@PEAVString@UnBCL@@PEAV12@@UnBCL@@@UnBCL@@QEAA@AEBU01@@Z

  ??0?$IEnumerable@V?$DictionaryEntry@PEAVString@UnBCL@@PEAV12@@UnBCL@@@UnBCL@@QEAA@XZ

  ??0?$IEnumerator@PEAVString@UnBCL@@@UnBCL@@QEAA@AEBU01@@Z

  ??0?$IEnumerator@PEAVString@UnBCL@@@UnBCL@@QEAA@XZ

  ??0?$IEnumerator@PEBG@UnBCL@@QEAA@AEBU01@@Z

  ??0?$IEnumerator@PEBG@UnBCL@@QEAA@XZ

  ??0?$IList@E@UnBCL@@QEAA@AEBU01@@Z

  ??0?$IList@E@UnBCL@@QEAA@XZ

  ??0?$IList@G@UnBCL@@QEAA@AEBU01@@Z

  ??0?$IList@G@UnBCL@@QEAA@XZ

  ??0?$IList@H@UnBCL@@QEAA@AEBU01@@Z

  ??0?$IList@H@UnBCL@@QEAA@XZ

  ??0?$IList@PEAVObject@UnBCL@@@UnBCL@@QEAA@AEBU01@@Z

  ??0?$IList@PEAVObject@UnBCL@@@UnBCL@@QEAA@XZ

  ??0?$IList@PEAVString@UnBCL@@@UnBCL@@QEAA@AEBU01@@Z

  ??0?$IList@PEAVString@UnBCL@@@UnBCL@@QEAA@XZ

  ??0?$SerializableArrayBase@E@_@UnBCL@@QEAA@AEBV012@@Z

  ??0?$SerializableArrayBase@E@_@UnBCL@@QEAA@XZ

  ??0?$SerializableArrayBase@G@_@UnBCL@@QEAA@AEBV012@@Z

  ??0?$SerializableArrayBase@G@_@UnBCL@@QEAA@XZ

  ??0?$SerializableArrayBase@H@_@UnBCL@@QEAA@AEBV012@@Z

  ??0?$SerializableArrayBase@H@_@UnBCL@@QEAA@XZ

  ??0?$SerializableArrayBase@PEAVString@UnBCL@@@_@UnBCL@@QEAA@AEBV012@@Z

  ??0?$SerializableArrayBase@PEAVString@UnBCL@@@_@UnBCL@@QEAA@XZ

  ??0?$SerializableArrayListBase@PEAVString@UnBCL@@@_@UnBCL@@QEAA@AEBV012@@Z

  ??0?$SerializableArrayListBase@PEAVString@UnBCL@@@_@UnBCL@@QEAA@XZ

  ??0?$SerializableArrayListPrimitiveBase@G@_@UnBCL@@QEAA@AEBV012@@Z

  ??0?$SerializableArrayListPrimitiveBase@G@_@UnBCL@@QEAA@XZ

  ??0?$SerializableBase@V?$Array@E@UnBCL@@$0A@V?$SimpleInstanceFactory@$1?NewLarvalArray@?$StaticArrayOps@E@_@UnBCL@@SAPEAUISerializable@4@XZ@2@@UnBCL@@IEAA@XZ

  ??0?$SerializableBase@V?$Array@E@UnBCL@@$0A@V?$SimpleInstanceFactory@$1?NewLarvalArray@?$StaticArrayOps@E@_@UnBCL@@SAPEAUISerializable@4@XZ@2@@UnBCL@@QEAA@AEBV01@@Z

  ??0?$SerializableBase@V?$Array@G@UnBCL@@$0A@V?$SimpleInstanceFactory@$1?NewLarvalArray@?$StaticArrayOps@G@_@UnBCL@@SAPEAUISerializable@4@XZ@2@@UnBCL@@IEAA@XZ

  ??0?$SerializableBase@V?$Array@G@UnBCL@@$0A@V?$SimpleInstanceFactory@$1?NewLarvalArray@?$StaticArrayOps@G@_@UnBCL@@SAPEAUISerializable@4@XZ@2@@UnBCL@@QEAA@AEBV01@@Z

  ??0?$SerializableBase@V?$Array@H@UnBCL@@$0A@V?$SimpleInstanceFactory@$1?NewLarvalArray@?$StaticArrayOps@H@_@UnBCL@@SAPEAUISerializable@4@XZ@2@@UnBCL@@IEAA@XZ

  ??0?$SerializableBase@V?$Array@H@UnBCL@@$0A@V?$SimpleInstanceFactory@$1?NewLarvalArray@?$StaticArrayOps@H@_@UnBCL@@SAPEAUISerializable@4@XZ@2@@UnBCL@@QEAA@AEBV01@@Z

  ??0?$SerializableBase@V?$Array@PEAVString@UnBCL@@@UnBCL@@$0A@V?$SimpleInstanceFactory@$1?NewLarvalArray@?$StaticArrayOps@PEAVString@UnBCL@@@_@UnBCL@@SAPEAUISerializable@4@XZ@2@@UnBCL@@IEAA@XZ

  ??0?$SerializableBase@V?$Array@PEAVString@UnBCL@@@UnBCL@@$0A@V?$SimpleInstanceFactory@$1?NewLarvalArray@?$StaticArrayOps@PEAVString@UnBCL@@@_@UnBCL@@SAPEAUISerializable@4@XZ@2@@UnBCL@@QEAA@AEBV01@@Z

  ??0?$SerializableBase@V?$ArrayList@G@UnBCL@@$0A@V?$SimpleInstanceFactory@$1?OperatorNew@?$StaticOps@V?$ArrayList@G@UnBCL@@@_@UnBCL@@SAPEAUISerializable@4@XZ@2@@UnBCL@@IEAA@XZ

  ??0?$SerializableBase@V?$ArrayList@G@UnBCL@@$0A@V?$SimpleInstanceFactory@$1?OperatorNew@?$StaticOps@V?$ArrayList@G@UnBCL@@@_@UnBCL@@SAPEAUISerializable@4@XZ@2@@UnBCL@@QEAA@AEBV01@@Z

  ??0?$SerializableBase@V?$ArrayList@PEAVString@UnBCL@@@UnBCL@@$0A@V?$SimpleInstanceFactory@$1?OperatorNew@?$StaticOps@V?$ArrayList@PEAVString@UnBCL@@@UnBCL@@@_@UnBCL@@SAPEAUISerializable@4@XZ@2@@UnBCL@@IEAA@XZ

  ??0?$SerializableBase@V?$ArrayList@PEAVString@UnBCL@@@UnBCL@@$0A@V?$SimpleInstanceFactory@$1?OperatorNew@?$StaticOps@V?$ArrayList@PEAVString@UnBCL@@@UnBCL@@@_@UnBCL@@SAPEAUISerializable@4@XZ@2@@UnBCL@@QEAA@AEBV01@@Z

  ??0?$SerializableBase@V?$Hashtable@PEAVString@UnBCL@@PEAV12@@UnBCL@@$0A@V?$SimpleInstanceFactory@$1?OperatorNew@?$StaticOps@V?$Hashtable@PEAVString@UnBCL@@PEAV12@@UnBCL@@@_@UnBCL@@SAPEAUISerializable@4@XZ@2@@UnBCL@@IEAA@XZ

  ??0?$SerializableBase@V?$Hashtable@PEAVString@UnBCL@@PEAV12@@UnBCL@@$0A@V?$SimpleInstanceFactory@$1?OperatorNew@?$StaticOps@V?$Hashtable@PEAVString@UnBCL@@PEAV12@@UnBCL@@@_@UnBCL@@SAPEAUISerializable@4@XZ@2@@UnBCL@@QEAA@AEBV01@@Z

  ??0?$SerializableBase@V?$Stack@H@UnBCL@@$0A@V?$SimpleInstanceFactory@$1?OperatorNew@?$StaticOps@V?$Stack@H@UnBCL@@@_@UnBCL@@SAPEAUISerializable@4@XZ@2@@UnBCL@@IEAA@XZ

  ??0?$SerializableBase@V?$Stack@H@UnBCL@@$0A@V?$SimpleInstanceFactory@$1?OperatorNew@?$StaticOps@V?$Stack@H@UnBCL@@@_@UnBCL@@SAPEAUISerializable@4@XZ@2@@UnBCL@@QEAA@AEBV01@@Z

  ??0?$SerializableBase@VMultiSz@UnBCL@@$0A@V?$DefaultInstanceFactory@VMultiSz@UnBCL@@@2@@UnBCL@@IEAA@XZ

  ??0?$SerializableBase@VMultiSz@UnBCL@@$0A@V?$DefaultInstanceFactory@VMultiSz@UnBCL@@@2@@UnBCL@@QEAA@AEBV01@@Z

  ??0?$SerializableBase@VOperatingSystem@UnBCL@@$00V?$DefaultInstanceFactory@VOperatingSystem@UnBCL@@@2@@UnBCL@@IEAA@XZ

  ??0?$SerializableBase@VOperatingSystem@UnBCL@@$00V?$DefaultInstanceFactory@VOperatingSystem@UnBCL@@@2@@UnBCL@@QEAA@AEBV01@@Z

  ??0?$SerializableBase@VVersion@UnBCL@@$0A@V?$SimpleInstanceFactory@$1?OperatorNew@?$StaticOps@VVersion@UnBCL@@@_@UnBCL@@SAPEAUISerializable@4@XZ@2@@UnBCL@@IEAA@XZ

  ??0?$SerializableBase@VVersion@UnBCL@@$0A@V?$SimpleInstanceFactory@$1?OperatorNew@?$StaticOps@VVersion@UnBCL@@@_@UnBCL@@SAPEAUISerializable@4@XZ@2@@UnBCL@@QEAA@AEBV01@@Z

  ??0?$SerializableHashtableBase@PEAVString@UnBCL@@PEAV12@@_@UnBCL@@QEAA@AEBV012@@Z

  ??0?$SerializableHashtableBase@PEAVString@UnBCL@@PEAV12@@_@UnBCL@@QEAA@XZ

  ??0?$SerializableStackBase@H@_@UnBCL@@QEAA@AEBV012@@Z

  ??0?$SerializableStackBase@H@_@UnBCL@@QEAA@XZ

  ??0?$SmartPtr@V?$Array@E@UnBCL@@@UnBCL@@QEAA@AEBV01@@Z

  ??0?$SmartPtr@V?$Array@E@UnBCL@@@UnBCL@@QEAA@PEAV?$Array@E@1@@Z

  ??0?$SmartPtr@V?$Array@E@UnBCL@@@UnBCL@@QEAA@XZ

  ??0?$SmartPtr@V?$Array@PEAVString@UnBCL@@@UnBCL@@@UnBCL@@QEAA@AEBV01@@Z

  ??0?$SmartPtr@V?$Array@PEAVString@UnBCL@@@UnBCL@@@UnBCL@@QEAA@PEAV?$Array@PEAVString@UnBCL@@@1@@Z

  ??0?$SmartPtr@V?$Array@PEAVString@UnBCL@@@UnBCL@@@UnBCL@@QEAA@XZ

  ??0?$SmartPtr@V?$ArrayList@PEAVString@UnBCL@@@UnBCL@@@UnBCL@@QEAA@AEBV01@@Z

  ??0?$SmartPtr@V?$ArrayList@PEAVString@UnBCL@@@UnBCL@@@UnBCL@@QEAA@PEAV?$ArrayList@PEAVString@UnBCL@@@1@@Z

  ??0?$SmartPtr@V?$ArrayList@PEAVString@UnBCL@@@UnBCL@@@UnBCL@@QEAA@XZ

  ??0?$SmartPtr@VDecoder@UnBCL@@@UnBCL@@QEAA@AEBV01@@Z

  ??0?$SmartPtr@VDecoder@UnBCL@@@UnBCL@@QEAA@PEAVDecoder@1@@Z

  ??0?$SmartPtr@VDecoder@UnBCL@@@UnBCL@@QEAA@XZ

  ??0?$SmartPtr@VEncoding@UnBCL@@@UnBCL@@QEAA@AEBV01@@Z

  ??0?$SmartPtr@VEncoding@UnBCL@@@UnBCL@@QEAA@PEAVEncoding@1@@Z

  ??0?$SmartPtr@VEncoding@UnBCL@@@UnBCL@@QEAA@XZ

  ??0?$SmartPtr@VObject@UnBCL@@@UnBCL@@QEAA@AEBV01@@Z

  ??0?$SmartPtr@VObject@UnBCL@@@UnBCL@@QEAA@PEAVObject@1@@Z

  ??0?$SmartPtr@VObject@UnBCL@@@UnBCL@@QEAA@XZ

  ??0?$SmartPtr@VSerializationId@UnBCL@@@UnBCL@@QEAA@AEBV01@@Z

  ??0?$SmartPtr@VSerializationId@UnBCL@@@UnBCL@@QEAA@PEAVSerializationId@1@@Z

  ??0?$SmartPtr@VSerializationId@UnBCL@@@UnBCL@@QEAA@XZ

  ??0?$SmartPtr@VSerializationStream@UnBCL@@@UnBCL@@QEAA@AEBV01@@Z

  ??0?$SmartPtr@VSerializationStream@UnBCL@@@UnBCL@@QEAA@PEAVSerializationStream@1@@Z

  ??0?$SmartPtr@VSerializationStream@UnBCL@@@UnBCL@@QEAA@XZ

  ??0?$SmartPtr@VStream@UnBCL@@@UnBCL@@QEAA@AEBV01@@Z

  ??0?$SmartPtr@VStream@UnBCL@@@UnBCL@@QEAA@PEAVStream@1@@Z

  ??0?$SmartPtr@VStream@UnBCL@@@UnBCL@@QEAA@XZ

  ??0?$SmartPtr@VString@UnBCL@@@UnBCL@@QEAA@AEBV01@@Z

  ??0?$SmartPtr@VString@UnBCL@@@UnBCL@@QEAA@PEAVString@1@@Z

  ??0?$SmartPtr@VString@UnBCL@@@UnBCL@@QEAA@XZ

  ??0?$SmartPtr@VVersion@UnBCL@@@UnBCL@@QEAA@AEBV01@@Z

  ??0?$SmartPtr@VVersion@UnBCL@@@UnBCL@@QEAA@PEAVVersion@1@@Z

  ??0?$SmartPtr@VVersion@UnBCL@@@UnBCL@@QEAA@XZ

  ??0?$SmartPtr@VXmlNamespaceManager@UnBCL@@@UnBCL@@QEAA@AEBV01@@Z

  ??0?$SmartPtr@VXmlNamespaceManager@UnBCL@@@UnBCL@@QEAA@PEAVXmlNamespaceManager@1@@Z

  ??0?$SmartPtr@VXmlNamespaceManager@UnBCL@@@UnBCL@@QEAA@XZ

  ??0?$Stack@H@UnBCL@@QEAA@AEBV01@@Z

  ??0?$Stack@H@UnBCL@@QEAA@XZ

  ??0?$Stack@PEAVObject@UnBCL@@@UnBCL@@QEAA@AEBV01@@Z

  ??0?$Stack@PEAVObject@UnBCL@@@UnBCL@@QEAA@XZ

  ??0ASCIIEncoding@UnBCL@@QEAA@$$QEAV01@@Z

  ??0ASCIIEncoding@UnBCL@@QEAA@AEBV01@@Z

  ??0ASCIIEncoding@UnBCL@@QEAA@XZ

  ??0AbandonedMutexException@UnBCL@@QEAA@$$QEAV01@@Z

  ??0AbandonedMutexException@UnBCL@@QEAA@AEBV01@@Z

  ??0AbandonedMutexException@UnBCL@@QEAA@PEBG@Z

  ??0AbandonedMutexException@UnBCL@@QEAA@PEBVString@1@@Z

  ??0AbandonedMutexException@UnBCL@@QEAA@PEBVString@1@PEAVException@1@@Z

  ??0AbandonedMutexException@UnBCL@@QEAA@XZ

  ??0ApplicationException@UnBCL@@QEAA@$$QEAV01@@Z

  ??0ApplicationException@UnBCL@@QEAA@AEBV01@@Z

  ??0ApplicationException@UnBCL@@QEAA@PEAVException@1@PEBG@Z

  ??0ApplicationException@UnBCL@@QEAA@PEAVString@1@@Z

  ??0ApplicationException@UnBCL@@QEAA@PEBG@Z

  ??0ApplicationException@UnBCL@@QEAA@XZ

  ??0ArgumentException@UnBCL@@QEAA@$$QEAV01@@Z

  ??0ArgumentException@UnBCL@@QEAA@AEBV01@@Z

  ??0ArgumentException@UnBCL@@QEAA@PEBG@Z

  ??0ArgumentException@UnBCL@@QEAA@PEBVString@1@@Z

  ??0ArgumentException@UnBCL@@QEAA@PEBVString@1@PEAVException@1@@Z

  ??0ArgumentException@UnBCL@@QEAA@XZ

  ??0ArgumentNullException@UnBCL@@QEAA@$$QEAV01@@Z

  ??0ArgumentNullException@UnBCL@@QEAA@AEBV01@@Z

  ??0ArgumentNullException@UnBCL@@QEAA@PEBG@Z

  ??0ArgumentNullException@UnBCL@@QEAA@PEBVString@1@@Z

  ??0ArgumentNullException@UnBCL@@QEAA@PEBVString@1@PEAVException@1@@Z

  ??0ArgumentNullException@UnBCL@@QEAA@XZ

  ??0ArgumentOutOfRangeException@UnBCL@@QEAA@$$QEAV01@@Z

  ??0ArgumentOutOfRangeException@UnBCL@@QEAA@AEBV01@@Z

  ??0ArgumentOutOfRangeException@UnBCL@@QEAA@PEBG@Z

  ??0ArgumentOutOfRangeException@UnBCL@@QEAA@PEBVString@1@@Z

  ??0ArgumentOutOfRangeException@UnBCL@@QEAA@PEBVString@1@PEAVException@1@@Z

  ??0ArgumentOutOfRangeException@UnBCL@@QEAA@XZ

  ??0ArithmeticException@UnBCL@@QEAA@$$QEAV01@@Z

  ??0ArithmeticException@UnBCL@@QEAA@AEBV01@@Z

  ??0ArithmeticException@UnBCL@@QEAA@PEBG@Z

  ??0ArithmeticException@UnBCL@@QEAA@PEBVString@1@@Z

  ??0ArithmeticException@UnBCL@@QEAA@PEBVString@1@PEAVException@1@@Z

  ??0ArithmeticException@UnBCL@@QEAA@XZ

  ??0BufferedStream@UnBCL@@QEAA@AEBV01@@Z

  ??0BufferedStream@UnBCL@@QEAA@PEAVStream@1@K@Z

  ??0CaseInsensitiveStringComparer@UnBCL@@QEAA@$$QEAV01@@Z

  ??0CaseInsensitiveStringComparer@UnBCL@@QEAA@AEBV01@@Z

  ??0CaseInsensitiveStringComparer@UnBCL@@QEAA@XZ

  ??0Char@UnBCL@@QEAA@AEBV01@@Z

  ??0Char@UnBCL@@QEAA@G@Z

  ??0Char@UnBCL@@QEAA@XZ

  ??0ConsoleLogHandler@UnBCL@@QEAA@$$QEAV01@@Z

  ??0ConsoleLogHandler@UnBCL@@QEAA@AEBV01@@Z

  ??0ConsoleLogHandler@UnBCL@@QEAA@XZ

  ??0DateTime@UnBCL@@IEAA@_JH@Z

  ??0DateTime@UnBCL@@QEAA@AEBV01@@Z

  ??0DateTime@UnBCL@@QEAA@HHHHHHH@Z

  ??0DateTime@UnBCL@@QEAA@_J@Z

  ??0Decoder@UnBCL@@QEAA@$$QEAV01@@Z

  ??0Decoder@UnBCL@@QEAA@AEBV01@@Z

  ??0Decoder@UnBCL@@QEAA@XZ

  ??0Delegate@UnBCL@@QEAA@$$QEAV01@@Z

  ??0Delegate@UnBCL@@QEAA@AEBV01@@Z

  ??0Delegate@UnBCL@@QEAA@XZ

  ??0DirectoryInfo@UnBCL@@QEAA@$$QEAV01@@Z

  ??0DirectoryInfo@UnBCL@@QEAA@AEBV01@@Z

  ??0DirectoryInfo@UnBCL@@QEAA@XZ

  ??0Encoding@UnBCL@@IEAA@H@Z

  ??0Encoding@UnBCL@@QEAA@$$QEAV01@@Z

  ??0Encoding@UnBCL@@QEAA@AEBV01@@Z

  ??0Environment@UnBCL@@AEAA@XZ

  ??0Exception@UnBCL@@QEAA@AEBV01@@Z

  ??0Exception@UnBCL@@QEAA@PEAV01@PEBG@Z

  ??0Exception@UnBCL@@QEAA@PEBG@Z

  ??0Exception@UnBCL@@QEAA@PEBVString@1@@Z

  ??0Exception@UnBCL@@QEAA@PEBVString@1@PEAV01@@Z

  ??0Exception@UnBCL@@QEAA@XZ

  ??0ExternalException@UnBCL@@QEAA@$$QEAV01@@Z

  ??0ExternalException@UnBCL@@QEAA@AEBV01@@Z

  ??0ExternalException@UnBCL@@QEAA@PEBG@Z

  ??0ExternalException@UnBCL@@QEAA@PEBGPEAVException@1@@Z

  ??0ExternalException@UnBCL@@QEAA@PEBVString@1@@Z

  ??0ExternalException@UnBCL@@QEAA@PEBVString@1@PEAVException@1@@Z

  ??0ExternalException@UnBCL@@QEAA@XZ

  ??0FileStream@UnBCL@@QEAA@AEBV01@@Z

  ??0FileStream@UnBCL@@QEAA@PEAXW4FileAccess@1@@Z

  ??0FileStream@UnBCL@@QEAA@PEBVString@1@W4FileMode@1@W4FileAccess@1@W4FileShare@1@K@Z

  ??0FileSystemEnumerator@UnBCL@@QEAA@AEBV01@@Z

  ??0FileSystemEnumerator@UnBCL@@QEAA@PEBG0@Z

  ??0FormatException@UnBCL@@QEAA@$$QEAV01@@Z

  ??0FormatException@UnBCL@@QEAA@AEBV01@@Z

  ??0FormatException@UnBCL@@QEAA@PEAVString@1@@Z

  ??0FormatException@UnBCL@@QEAA@PEAVString@1@PEAVException@1@@Z

  ??0FormatException@UnBCL@@QEAA@PEBG@Z

  ??0FormatException@UnBCL@@QEAA@XZ

  ??0HeapMemoryManager@UnBCL@@QEAA@AEBV01@@Z

  ??0HeapMemoryManager@UnBCL@@QEAA@XZ

  ??0IDisposable@UnBCL@@QEAA@$$QEAU01@@Z

  ??0IDisposable@UnBCL@@QEAA@AEBU01@@Z

  ??0IDisposable@UnBCL@@QEAA@XZ

  ??0IInstanceFactory@UnBCL@@QEAA@$$QEAU01@@Z

  ??0IInstanceFactory@UnBCL@@QEAA@AEBU01@@Z

  ??0IInstanceFactory@UnBCL@@QEAA@XZ

  ??0IPoolable@UnBCL@@QEAA@$$QEAU01@@Z

  ??0IPoolable@UnBCL@@QEAA@AEBU01@@Z

  ??0IPoolable@UnBCL@@QEAA@XZ

  ??0ISerializable@UnBCL@@QEAA@$$QEAU01@@Z

  ??0ISerializable@UnBCL@@QEAA@AEBU01@@Z

  ??0ISerializable@UnBCL@@QEAA@XZ

  ??0IndexOutOfRangeException@UnBCL@@QEAA@$$QEAV01@@Z

  ??0IndexOutOfRangeException@UnBCL@@QEAA@AEBV01@@Z

  ??0IndexOutOfRangeException@UnBCL@@QEAA@PEAVString@1@@Z

  ??0IndexOutOfRangeException@UnBCL@@QEAA@PEAVString@1@PEAVException@1@@Z

  ??0IndexOutOfRangeException@UnBCL@@QEAA@PEBG@Z

  ??0IndexOutOfRangeException@UnBCL@@QEAA@XZ

  ??0InvalidCastException@UnBCL@@QEAA@$$QEAV01@@Z

  ??0InvalidCastException@UnBCL@@QEAA@AEBV01@@Z

  ??0InvalidCastException@UnBCL@@QEAA@PEAVString@1@@Z

  ??0InvalidCastException@UnBCL@@QEAA@PEAVString@1@PEAVException@1@@Z

  ??0InvalidCastException@UnBCL@@QEAA@PEBG@Z

  ??0InvalidCastException@UnBCL@@QEAA@XZ

  ??0InvalidOperationException@UnBCL@@QEAA@$$QEAV01@@Z

  ??0InvalidOperationException@UnBCL@@QEAA@AEBV01@@Z

  ??0InvalidOperationException@UnBCL@@QEAA@PEBG@Z

  ??0InvalidOperationException@UnBCL@@QEAA@PEBVString@1@@Z

  ??0InvalidOperationException@UnBCL@@QEAA@PEBVString@1@PEAVException@1@@Z

  ??0InvalidOperationException@UnBCL@@QEAA@XZ

  ??0MemoryStream@UnBCL@@QEAA@AEBV01@@Z

  ??0MemoryStream@UnBCL@@QEAA@PEAV?$Array@E@1@HH@Z

  ??0MemoryStream@UnBCL@@QEAA@XZ

  ??0Monitor@UnBCL@@AEAA@XZ

  ??0Monitor@UnBCL@@QEAA@AEBV01@@Z

  ??0MultiSz@UnBCL@@QEAA@AEBV01@@Z

  ??0MultiSz@UnBCL@@QEAA@PEBE_KPEAK@Z

  ??0MultiSz@UnBCL@@QEAA@PEBG@Z

  ??0MultiSz@UnBCL@@QEAA@XZ

  ??0MutableString@UnBCL@@QEAA@$$QEAV01@@Z

  ??0MutableString@UnBCL@@QEAA@AEBV01@@Z

  ??0MutableString@UnBCL@@QEAA@AEBVString@1@@Z

  ??0MutableString@UnBCL@@QEAA@GH@Z

  ??0MutableString@UnBCL@@QEAA@PEBG@Z

  ??0MutableString@UnBCL@@QEAA@PEBGHH@Z

  ??0MutableString@UnBCL@@QEAA@PEBVString@1@@Z

  ??0MutableString@UnBCL@@QEAA@XZ

  ??0Mutex@UnBCL@@QEAA@$$QEAV01@@Z

  ??0Mutex@UnBCL@@QEAA@AEBV01@@Z

  ??0Mutex@UnBCL@@QEAA@XZ

  ??0NotSupportedException@UnBCL@@QEAA@$$QEAV01@@Z

  ??0NotSupportedException@UnBCL@@QEAA@AEBV01@@Z

  ??0NotSupportedException@UnBCL@@QEAA@PEBG@Z

  ??0NotSupportedException@UnBCL@@QEAA@PEBVString@1@@Z

  ??0NotSupportedException@UnBCL@@QEAA@PEBVString@1@PEAVException@1@@Z

  ??0NotSupportedException@UnBCL@@QEAA@XZ

  ??0Object@UnBCL@@QEAA@AEBV01@@Z

  ??0Object@UnBCL@@QEAA@XZ

  ??0ObjectDisposedException@UnBCL@@QEAA@$$QEAV01@@Z

  ??0ObjectDisposedException@UnBCL@@QEAA@AEBV01@@Z

  ??0ObjectDisposedException@UnBCL@@QEAA@PEBG@Z

  ??0ObjectDisposedException@UnBCL@@QEAA@PEBVString@1@@Z

  ??0ObjectDisposedException@UnBCL@@QEAA@PEBVString@1@PEAVException@1@@Z

  ??0ObjectDisposedException@UnBCL@@QEAA@XZ

  ??0OperatingSystem@UnBCL@@AEAA@XZ

  ??0OperatingSystem@UnBCL@@QEAA@AEBV01@@Z

  ??0OperatingSystem@UnBCL@@QEAA@W4PlatformID@1@KPEAVVersion@1@@Z

  ??0OperatingSystem@UnBCL@@QEAA@W4PlatformID@1@KW4InstallationType@1@PEAVVersion@1@@Z

  ??0OperatingSystem@UnBCL@@QEAA@W4PlatformID@1@PEAVVersion@1@@Z

  ??0OperatingSystem@UnBCL@@QEAA@W4PlatformID@1@W4InstallationType@1@PEAVVersion@1@@Z

  ??0OutOfMemoryException@UnBCL@@QEAA@$$QEAV01@@Z

  ??0OutOfMemoryException@UnBCL@@QEAA@AEBV01@@Z

  ??0OutOfMemoryException@UnBCL@@QEAA@PEAVString@1@@Z

  ??0OutOfMemoryException@UnBCL@@QEAA@PEAVString@1@PEAVException@1@@Z

  ??0OutOfMemoryException@UnBCL@@QEAA@PEBG@Z

  ??0OutOfMemoryException@UnBCL@@QEAA@XZ

  ??0OverflowException@UnBCL@@QEAA@$$QEAV01@@Z

  ??0OverflowException@UnBCL@@QEAA@AEBV01@@Z

  ??0OverflowException@UnBCL@@QEAA@PEBG@Z

  ??0OverflowException@UnBCL@@QEAA@PEBVString@1@@Z

  ??0OverflowException@UnBCL@@QEAA@PEBVString@1@PEAVException@1@@Z

  ??0OverflowException@UnBCL@@QEAA@XZ

  ??0PathTooLongException@UnBCL@@QEAA@$$QEAV01@@Z

  ??0PathTooLongException@UnBCL@@QEAA@AEBV01@@Z

  ??0PathTooLongException@UnBCL@@QEAA@PEBG@Z

  ??0PathTooLongException@UnBCL@@QEAA@PEBVString@1@@Z

  ??0PathTooLongException@UnBCL@@QEAA@XZ

  ??0Process@UnBCL@@IEAA@PEAX0@Z

  ??0Process@UnBCL@@QEAA@AEBV01@@Z

  ??0ProcessStartInfo@UnBCL@@QEAA@$$QEAV01@@Z

  ??0ProcessStartInfo@UnBCL@@QEAA@AEBV01@@Z

  ??0ProcessStartInfo@UnBCL@@QEAA@PEBVString@1@0@Z

  ??0ProcessStartInfo@UnBCL@@QEAA@PEBVString@1@@Z

  ??0RegHandle@UnBCL@@QEAA@AEBV01@@Z

  ??0RegHandle@UnBCL@@QEAA@XZ

  ??0RegSubkeyEnumerator@UnBCL@@QEAA@AEAVRegHandle@1@@Z

  ??0RegSubkeyEnumerator@UnBCL@@QEAA@AEBV01@@Z

  ??0Registry@UnBCL@@QEAA@$$QEAV01@@Z

  ??0Registry@UnBCL@@QEAA@AEBV01@@Z

  ??0Registry@UnBCL@@QEAA@XZ

  ??0RegistryKey@UnBCL@@QEAA@AEBV01@@Z

  ??0RegistryKey@UnBCL@@QEAA@PEAUHKEY__@@H@Z

  ??0SEHException@UnBCL@@QEAA@$$QEAV01@@Z

  ??0SEHException@UnBCL@@QEAA@AEBV01@@Z

  ??0SEHException@UnBCL@@QEAA@I@Z

  ??0ScopedObjectLock@UnBCL@@QEAA@PEAVSyncObject@1@@Z

  ??0SecurityException@UnBCL@@QEAA@$$QEAV01@@Z

  ??0SecurityException@UnBCL@@QEAA@AEBV01@@Z

  ??0SecurityException@UnBCL@@QEAA@PEAVString@1@@Z

  ??0SecurityException@UnBCL@@QEAA@PEAVString@1@PEAVException@1@@Z

  ??0SecurityException@UnBCL@@QEAA@PEBG@Z

  ??0SecurityException@UnBCL@@QEAA@XZ

  ??0SerializationException@UnBCL@@QEAA@$$QEAV01@@Z

  ??0SerializationException@UnBCL@@QEAA@AEBV01@@Z

  ??0SerializationException@UnBCL@@QEAA@PEBG@Z

  ??0SerializationException@UnBCL@@QEAA@PEBVString@1@@Z

  ??0SerializationException@UnBCL@@QEAA@XZ

  ??0SerializationId@UnBCL@@QEAA@AEBV01@@Z

  ??0SerializationId@UnBCL@@QEAA@PEAVString@1@H@Z

  ??0SerializationStream@UnBCL@@AEAA@AEBV01@@Z

  ??0SerializationStream@UnBCL@@QEAA@PEAVStream@1@W4Mode@01@PEAVObject@1@@Z

  ??0Stream@UnBCL@@QEAA@$$QEAV01@@Z

  ??0Stream@UnBCL@@QEAA@AEBV01@@Z

  ??0Stream@UnBCL@@QEAA@XZ

  ??0StreamCounter@UnBCL@@QEAA@XZ

  ??0StreamReader@UnBCL@@QEAA@AEBV01@@Z

  ??0StreamReader@UnBCL@@QEAA@PEAVStream@1@PEAVEncoding@1@@Z

  ??0StreamReader@UnBCL@@QEAA@PEBVString@1@PEAVEncoding@1@@Z

  ??0StreamWriter@UnBCL@@QEAA@AEBV01@@Z

  ??0StreamWriter@UnBCL@@QEAA@PEAVStream@1@H@Z

  ??0StreamWriter@UnBCL@@QEAA@PEAVStream@1@PEAVEncoding@1@HHH@Z

  ??0StreamWriter@UnBCL@@QEAA@PEBVString@1@HPEAVEncoding@1@HH@Z

  ??0String@UnBCL@@QEAA@AEAVSerializationStream@1@@Z

  ??0String@UnBCL@@QEAA@AEBV01@@Z

  ??0String@UnBCL@@QEAA@GH@Z

  ??0String@UnBCL@@QEAA@PEBG@Z

  ??0String@UnBCL@@QEAA@PEBGHH@Z

  ??0String@UnBCL@@QEAA@PEBV01@@Z

  ??0String@UnBCL@@QEAA@XZ

  ??0StringBuilder@UnBCL@@QEAA@AEBV01@@Z

  ??0StringBuilder@UnBCL@@QEAA@H@Z

  ??0StringBuilder@UnBCL@@QEAA@PEBG@Z

  ??0StringBuilder@UnBCL@@QEAA@PEBVString@1@@Z

  ??0StringBuilder@UnBCL@@QEAA@XZ

  ??0StringPtr@UnBCL@@QEAA@AEBV01@@Z

  ??0StringPtr@UnBCL@@QEAA@PEAVString@1@@Z

  ??0StringPtr@UnBCL@@QEAA@PEBG@Z

  ??0StringPtr@UnBCL@@QEAA@V?$SmartPtr@VString@UnBCL@@@1@@Z

  ??0StringPtr@UnBCL@@QEAA@XZ

  ??0SyncObject@UnBCL@@QEAA@AEBV01@@Z

  ??0SyncObject@UnBCL@@QEAA@XZ

  ??0SystemException@UnBCL@@QEAA@$$QEAV01@@Z

  ??0SystemException@UnBCL@@QEAA@AEBV01@@Z

  ??0SystemException@UnBCL@@QEAA@PEBG@Z

  ??0SystemException@UnBCL@@QEAA@PEBGPEAVException@1@@Z

  ??0SystemException@UnBCL@@QEAA@PEBVString@1@@Z

  ??0SystemException@UnBCL@@QEAA@PEBVString@1@PEAVException@1@@Z

  ??0SystemException@UnBCL@@QEAA@XZ

  ??0SystemInfo@UnBCL@@QEAA@$$QEAV01@@Z

  ??0SystemInfo@UnBCL@@QEAA@AEBV01@@Z

  ??0SystemInfo@UnBCL@@QEAA@XZ

  ??0TextReader@UnBCL@@QEAA@$$QEAV01@@Z

  ??0TextReader@UnBCL@@QEAA@AEBV01@@Z

  ??0TextReader@UnBCL@@QEAA@XZ

  ??0TextWriter@UnBCL@@IEAA@XZ

  ??0TextWriter@UnBCL@@QEAA@$$QEAV01@@Z

  ??0TextWriter@UnBCL@@QEAA@AEBV01@@Z

  ??0Thread@UnBCL@@AEAA@PEAX@Z

  ??0Thread@UnBCL@@QEAA@AEBV01@@Z

  ??0Thread@UnBCL@@QEAA@PEAVThreadStartDelegate@1@@Z

  ??0ThreadStateException@UnBCL@@QEAA@$$QEAV01@@Z

  ??0ThreadStateException@UnBCL@@QEAA@AEBV01@@Z

  ??0ThreadStateException@UnBCL@@QEAA@PEBG@Z

  ??0ThreadStateException@UnBCL@@QEAA@PEBVString@1@@Z

  ??0ThreadStateException@UnBCL@@QEAA@PEBVString@1@PEAVException@1@@Z

  ??0ThreadStateException@UnBCL@@QEAA@XZ

  ??0TimeSpan@UnBCL@@QEAA@AEBV01@@Z

  ??0TimeSpan@UnBCL@@QEAA@HHH@Z

  ??0TimeSpan@UnBCL@@QEAA@HHHH@Z

  ??0TimeSpan@UnBCL@@QEAA@HHHHH@Z

  ??0TimeSpan@UnBCL@@QEAA@_J@Z

  ??0Type@UnBCL@@IEAA@PEAVString@1@@Z

  ??0Type@UnBCL@@QEAA@AEBV01@@Z

  ??0UnicodeEncoding@UnBCL@@QEAA@$$QEAV01@@Z

  ??0UnicodeEncoding@UnBCL@@QEAA@AEBV01@@Z

  ??0UnicodeEncoding@UnBCL@@QEAA@XZ

  ??0Version@UnBCL@@QEAA@AEBV01@@Z

  ??0Version@UnBCL@@QEAA@HH@Z

  ??0Version@UnBCL@@QEAA@HHH@Z

  ??0Version@UnBCL@@QEAA@HHHPEAVString@1@@Z

  ??0Version@UnBCL@@QEAA@PEBG@Z

  ??0Version@UnBCL@@QEAA@XZ

  ??0WaitHandle@UnBCL@@IEAA@XZ

  ??0WaitHandle@UnBCL@@QEAA@AEBV01@@Z

  ??0Win32Exception@UnBCL@@QEAA@$$QEAV01@@Z

  ??0Win32Exception@UnBCL@@QEAA@AEBV01@@Z

  ??0Win32Exception@UnBCL@@QEAA@K@Z

  ??0Win32Exception@UnBCL@@QEAA@KPEBG@Z

  ??0Win32Exception@UnBCL@@QEAA@KPEBGPEAVException@1@@Z

  ??0Win32Exception@UnBCL@@QEAA@KPEBVString@1@@Z

  ??0Win32Exception@UnBCL@@QEAA@KPEBVString@1@PEAVException@1@@Z

  ??0Win32Exception@UnBCL@@QEAA@PEBG@Z

  ??0Win32Exception@UnBCL@@QEAA@XZ

  ??0XPathException@UnBCL@@QEAA@$$QEAV01@@Z

  ??0XPathException@UnBCL@@QEAA@AEBV01@@Z

  ??0XPathException@UnBCL@@QEAA@PEAVString@1@PEAVException@1@J@Z

  ??0XmlAttribute@UnBCL@@IEAA@XZ

  ??0XmlAttribute@UnBCL@@QEAA@$$QEAV01@@Z

  ??0XmlAttribute@UnBCL@@QEAA@AEBV01@@Z

  ??0XmlAttribute@UnBCL@@QEAA@PEAUIXMLDOMNode@@@Z

  ??0XmlAttribute@XmlLite@UnBCL@@QEAA@$$QEAV012@@Z

  ??0XmlAttribute@XmlLite@UnBCL@@QEAA@AEBV012@@Z

  ??0XmlAttribute@XmlLite@UnBCL@@QEAA@PEBG000@Z

  ??0XmlAttributeCollection@UnBCL@@IEAA@XZ

  ??0XmlAttributeCollection@UnBCL@@QEAA@AEBV01@@Z

  ??0XmlAttributeCollection@UnBCL@@QEAA@PEAUIXMLDOMNamedNodeMap@@@Z

  ??0XmlAttributeCollection@XmlLite@UnBCL@@QEAA@AEBV012@@Z

  ??0XmlAttributeCollection@XmlLite@UnBCL@@QEAA@XZ

  ??0XmlDocument@UnBCL@@QEAA@AEBV01@@Z

  ??0XmlDocument@UnBCL@@QEAA@PEAUIXMLDOMDocument3@@@Z

  ??0XmlDocument@UnBCL@@QEAA@XZ

  ??0XmlDocument@XmlLite@UnBCL@@QEAA@AEBV012@@Z

  ??0XmlDocument@XmlLite@UnBCL@@QEAA@XZ

  ??0XmlException@UnBCL@@QEAA@$$QEAV01@@Z

  ??0XmlException@UnBCL@@QEAA@AEBV01@@Z

  ??0XmlException@UnBCL@@QEAA@PEAVString@1@PEAVException@1@HHJ@Z

  ??0XmlNamespaceManager@UnBCL@@QEAA@AEBV01@@Z

  ??0XmlNamespaceManager@UnBCL@@QEAA@XZ

  Sections

  .text

  Size: 454KB - Virtual size: 454KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: 547KB - Virtual size: 546KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: 26KB - Virtual size: 28KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .pdata

  Size: 26KB - Virtual size: 25KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .didat

  Size: 512B - Virtual size: 32B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rsrc

  Size: 1024B - Virtual size: 992B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .reloc

  Size: 7KB - Virtual size: 7KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ

• port/cont/rich/kaps/winsetup.dll

  .dll windows x64

  Password: 7575

  13ac5715282cc532d7063b3f0eee1e63

  
  

  Code Sign

  33:00:00:03:3c:89:c6:6a:7b:45:bb:1f:bd:00:00:00:00:03:3c

  Certificate

  Issuer

  CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

  Not Before

  02-09-2021 18:23

  Not After

  01-09-2022 18:23

  Subject

  CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

  Extended Key Usages

  ExtKeyUsageCodeSigning

  61:07:76:56:00:00:00:00:00:08

  Certificate

  Issuer

  CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

  Not Before

  19-10-2011 18:41

  Not After

  19-10-2026 18:51

  Subject

  CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageCertSign

  KeyUsageCRLSign

  76:49:eb:75:82:fc:24:8d:f5:60:7e:ba:e6:d8:06:1c:5a:f4:89:a4:7f:08:2f:ee:49:58:ce:e8:d8:b6:2c:bd

  Signer

  Actual PE Digest

  76:49:eb:75:82:fc:24:8d:f5:60:7e:ba:e6:d8:06:1c:5a:f4:89:a4:7f:08:2f:ee:49:58:ce:e8:d8:b6:2c:bd

  Digest Algorithm

  sha256

  PE Digest Matches

  true

  Signature Validations

  Trusted

  false

  Verification

  Signing Certificate

  CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

  20-02-2023 17:34

  Valid: false

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA

  IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

  IMAGE_DLLCHARACTERISTICS_NX_COMPAT

  IMAGE_DLLCHARACTERISTICS_GUARD_CF

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_LARGE_ADDRESS_AWARE

  IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP

  IMAGE_FILE_NET_RUN_FROM_SWAP

  Imports

  msvcrt

  __crtLCMapStringW

  setlocale

  _wfsopen

  __mb_cur_max

  ___lc_codepage_func

  ___lc_handle_func

  __pctype_func

  _errno

  vswprintf_s

  wcstol

  iswalpha

  wcscspn

  rand

  time

  srand

  getchar

  wprintf

  ?name@type_info@@QEBAPEBDXZ

  abort

  fwrite

  ___mb_cur_max_func

  fputwc

  ungetwc

  ungetc

  fgetc

  fgetwc

  fgetpos

  fseek

  fsetpos

  setvbuf

  iswctype

  _vscwprintf

  _wtoi64

  _purecall

  _itow_s

  fwprintf

  fclose

  __crtGetStringTypeW

  iswdigit

  fflush

  swscanf_s

  wcsspn

  qsort

  _snwscanf_s

  strncmp

  _wcsupr

  wcsnlen

  strcpy_s

  wcsncpy_s

  _vsnwprintf_s

  wcscat_s

  wcscpy_s

  _ultow_s

  bsearch

  _wcsrev

  _strnicmp

  strncpy_s

  _wcstoi64

  wcstok_s

  __iob_func

  realloc

  _wcslwr

  __RTDynamicCast

  memcmp

  memcpy

  memmove

  memset

  _onexit

  __dllonexit

  _unlock

  _lock

  ??1type_info@@UEAA@XZ

  ?terminate@@YAXXZ

  _initterm

  _amsg_exit

  _XcptFilter

  _CxxThrowException

  towupper

  swprintf_s

  _callnewh

  malloc

  _stricmp

  calloc

  free

  _wtoi

  _wcsicmp

  wcsncmp

  _wcsnicmp

  _vsnwprintf

  wcsrchr

  wcschr

  ??0exception@@QEAA@XZ

  memmove_s

  ??0exception@@QEAA@AEBQEBD@Z

  ??1exception@@UEAA@XZ

  ?what@exception@@UEBAPEBDXZ

  ??0exception@@QEAA@AEBV0@@Z

  memcpy_s

  swscanf

  _vsnprintf

  __CxxFrameHandler3

  _wcstoui64

  wcstoul

  _wtol

  wcsstr

  __C_specific_handler

  wcscmp

  kernel32

  TerminateProcess

  GetCurrentProcess

  SetUnhandledExceptionFilter

  UnhandledExceptionFilter

  OutputDebugStringA

  RtlVirtualUnwind

  RtlLookupFunctionEntry

  RtlCaptureContext

  WideCharToMultiByte

  MultiByteToWideChar

  lstrlenA

  GetSystemTimeAsFileTime

  FlushFileBuffers

  FindClose

  FindNextFileW

  FindFirstFileW

  RtlCompareMemory

  WritePrivateProfileStringW

  GetSystemDirectoryW

  Sleep

  GetDiskFreeSpaceExW

  SystemTimeToFileTime

  GetVersionExW

  GetProcAddress

  GetModuleHandleW

  FreeLibrary

  GetModuleHandleExW

  CreateEventW

  CreateThread

  VirtualQuery

  LoadLibraryExA

  VirtualProtect

  AcquireSRWLockExclusive

  WakeAllConditionVariable

  GetCurrentThreadId

  GetCurrentProcessId

  ReleaseSRWLockExclusive

  GetSystemPowerStatus

  OpenEventW

  CreateDirectoryW

  FindResourceW

  MulDiv

  GetLocaleInfoEx

  DebugBreak

  WaitForMultipleObjects

  LockFileEx

  UnlockFileEx

  SetEndOfFile

  SetVolumeLabelW

  MoveFileWithProgressW

  RemoveDirectoryW

  RaiseException

  MapViewOfFileEx

  DefineDosDeviceW

  WaitForSingleObjectEx

  ReleaseMutex

  GetPrivateProfileStringW

  SetComputerNameExW

  GetStartupInfoW

  SleepEx

  ResetEvent

  SetFileInformationByHandle

  GetFileInformationByHandle

  GetFileInformationByHandleEx

  SetThreadPreferredUILanguages

  GetFileTime

  GetFinalPathNameByHandleW

  GetLongPathNameW

  IsWow64Process

  HeapReAlloc

  SetFilePointerEx

  GetDiskFreeSpaceW

  GetFileSize

  LCMapStringW

  GetVersionExA

  CopyFileExW

  ExpandEnvironmentStringsW

  DeleteFileW

  GetTempFileNameW

  SetFilePointer

  ReadFile

  LocalAlloc

  GetVersion

  QueryPerformanceCounter

  IsValidLocale

  IsValidCodePage

  lstrcmpW

  GetFileAttributesExW

  LockResource

  SizeofResource

  lstrcmpiW

  GetCurrentThread

  DeviceIoControl

  GetFileSizeEx

  FindNextVolumeW

  DeleteVolumeMountPointW

  FindVolumeClose

  SetVolumeMountPointW

  FormatMessageW

  FindFirstVolumeW

  GetVolumeNameForVolumeMountPointW

  GetPrivateProfileSectionW

  WriteFile

  GetVolumeInformationW

  QueryDosDeviceW

  GetExitCodeProcess

  CreateProcessW

  LoadLibraryExW

  MapViewOfFile

  CreateFileMappingW

  LoadResource

  FindResourceExW

  UnmapViewOfFile

  GetLocaleInfoW

  GetUserDefaultUILanguage

  GetSystemDefaultUILanguage

  SearchPathW

  GetLocalTime

  GetDateFormatW

  FileTimeToSystemTime

  GetEnvironmentVariableW

  GetLogicalDrives

  SetEnvironmentVariableW

  GetDriveTypeW

  GetNativeSystemInfo

  GetLogicalDriveStringsW

  CreateFileW

  GetSystemDefaultLangID

  GetUserDefaultLangID

  GetPrivateProfileIntW

  GetSystemWindowsDirectoryW

  SetCurrentDirectoryW

  GetCurrentDirectoryW

  GetExitCodeThread

  GetVolumePathNamesForVolumeNameW

  SetFileTime

  LocalFileTimeToFileTime

  DosDateTimeToFileTime

  Wow64RevertWow64FsRedirection

  Wow64DisableWow64FsRedirection

  CreateSemaphoreExW

  WaitForMultipleObjectsEx

  TlsSetValue

  TlsGetValue

  TlsFree

  TlsAlloc

  GetVolumeInformationByHandleW

  CreateSemaphoreW

  ReleaseSemaphore

  DuplicateHandle

  InitializeCriticalSectionAndSpinCount

  OpenProcess

  SetThreadIdealProcessor

  GetOverlappedResult

  GetHandleInformation

  VirtualFree

  VirtualAlloc

  GetLastError

  SetThreadExecutionState

  CreateMutexW

  GetModuleFileNameW

  GetCommandLineW

  CompareStringW

  HeapFree

  GetProcessHeap

  SetEvent

  WaitForSingleObject

  CloseHandle

  GetFileAttributesW

  MoveFileW

  HeapAlloc

  LocalFree

  SetLastError

  GetWindowsDirectoryW

  CopyFileW

  LoadLibraryW

  GetTickCount

  GlobalFree

  GetSystemInfo

  VerifyVersionInfoW

  GetTempPathW

  GlobalMemoryStatusEx

  LeaveCriticalSection

  EnterCriticalSection

  DeleteCriticalSection

  InitializeCriticalSection

  GetVolumePathNameW

  MoveFileExW

  SetFileAttributesW

  GetFullPathNameW

  SleepConditionVariableSRW

  advapi32

  RegisterTraceGuidsW

  GetTraceEnableLevel

  GetTraceEnableFlags

  GetTraceLoggerHandle

  TraceEvent

  UnregisterTraceGuids

  ConvertStringSecurityDescriptorToSecurityDescriptorW

  MakeAbsoluteSD

  InitiateSystemShutdownExW

  OpenSCManagerW

  OpenServiceW

  AllocateAndInitializeSid

  FreeSid

  NotifyServiceStatusChangeW

  ControlService

  EnumDependentServicesW

  StartServiceW

  RegDeleteKeyExW

  RegDeleteTreeW

  RegQueryInfoKeyW

  EqualSid

  RegEnumKeyExW

  PrivilegeCheck

  RegDeleteKeyW

  RegEnumValueW

  EventRegister

  EventUnregister

  EventWriteTransfer

  LookupPrivilegeValueW

  GetSecurityDescriptorSacl

  AdjustTokenPrivileges

  GetSecurityDescriptorGroup

  GetSecurityDescriptorControl

  GetSecurityDescriptorOwner

  OpenProcessToken

  ConvertSidToStringSidW

  OpenThreadToken

  GetTokenInformation

  RegGetValueW

  RegDeleteValueW

  RegOpenKeyExW

  RegQueryValueExW

  QueryServiceStatus

  CloseServiceHandle

  GetSecurityDescriptorDacl

  SetNamedSecurityInfoW

  RegCreateKeyExW

  RegSetValueExW

  RegCloseKey

  RegRestoreKeyW

  RegLoadKeyW

  RegUnLoadKeyW

  RegFlushKey

  SetThreadToken

  ReadEncryptedFileRaw

  CloseEncryptedFileRaw

  WriteEncryptedFileRaw

  GetSecurityDescriptorLength

  OpenEncryptedFileRawW

  RevertToSelf

  GetSecurityInfo

  SetSecurityDescriptorDacl

  AddAccessAllowedAce

  InitializeAcl

  GetLengthSid

  GetAclInformation

  InitializeSecurityDescriptor

  DuplicateTokenEx

  dnsapi

  DnsValidateName_W

  ole32

  CoSetProxyBlanket

  CoCreateInstance

  CLSIDFromString

  StringFromCLSID

  StringFromGUID2

  CoTaskMemFree

  CoInitializeSecurity

  CoInitializeEx

  CoUninitialize

  oleaut32

  VarUI4FromDec

  VarBstrFromDate

  VarI4FromDec

  SysStringLen

  SafeArrayGetElement

  VariantClear

  SysFreeString

  SysAllocString

  rpcrt4

  RpcBindingFromStringBindingW

  RpcStringBindingComposeW

  NdrClientCall3

  I_RpcMapWin32Status

  RpcBindingSetAuthInfoW

  UuidFromStringW

  UuidToStringW

  RpcStringFreeW

  RpcBindingFree

  UuidCreate

  shell32

  CommandLineToArgvW

  shlwapi

  PathFileExistsW

  PathIsUNCW

  PathRemoveBackslashW

  StrStrW

  user32

  CharLowerW

  MessageBoxW

  CharNextW

  LoadStringW

  CharUpperBuffW

  GetSystemMetrics

  GetWindowTextW

  EndPaint

  GetKeyboardLayout

  IsCharAlphaW

  LoadBitmapW

  FillRect

  GetWindowLongW

  GetMessageW

  DefWindowProcW

  BeginPaint

  ReleaseDC

  InvalidateRect

  LoadImageW

  UpdateWindow

  PostQuitMessage

  CharUpperW

  DrawTextW

  GetClientRect

  SetCursor

  TranslateMessage

  SetPropW

  SetFocus

  MapWindowPoints

  SetTimer

  FindWindowExW

  DispatchMessageW

  ShowWindow

  SetThreadDesktop

  RegisterClassExW

  NotifyWinEvent

  SetClassLongPtrW

  SetWindowTextW

  SendMessageW

  CreateWindowExW

  GetPropW

  SetWindowPos

  IsWindowVisible

  GetDC

  DestroyWindow

  KillTimer

  wintrust

  CryptCATAdminCalcHashFromFileHandle

  imagehlp

  CheckSumMappedFile

  wdscore

  WdsInitializeDataStringW

  WdsFreeCollection

  WdsPackCollection

  WdsCollectionAddValue

  WdsAllocCollection

  WdsAddModule

  WdsExitImmediatelyEx

  ConstructPartialMsgVA

  WdsDeleteBlackboardValue

  WdsSetBlackboardValue

  WdsInitializeDataUInt64

  WdsSetNextExecutionGroup

  WdsInitializeDataBinary

  WdsPublishImmediateEx

  WdsFreeData

  WdsSetupLogMessageA

  WdsCopyBlackboardItemsEx

  WdsDestroyBlackboard

  WdsUnpackCollection

  WdsEnableExit

  WdsInitializeDataUInt32

  WdsGetBlackboardValue

  WdsValidBlackboard

  WdsInitialize

  WdsSetupLogMessageW

  CurrentIP

  ConstructPartialMsgVW

  WdsExecuteWorkQueueEx

  WdsSetupLogDestroy

  WdsTerminate

  WdsEnumFirstBlackboardItem

  WdsEnumNextBlackboardItem

  WdsAbortBlackboardItemEnum

  WdsInitializeCallbackArray

  WdsPublish

  WdsSubscribeEx

  WdsCreateBlackboard

  WdsCollectionGetValue

  wdsutil

  WdsPickTempDriveBasedOnInstallDrive

  PublishMessage

  SignalSetupComplianceBlock

  GetDiskKey

  GetRegionKey

  IsCrossArchitectureInstall

  CallbackGetArgumentInt32

  ?IsUpgrade@CUpgradeUserSetting@@SAHXZ

  WdsValidateInstallDrive

  GetApplicableDiskRegionReason

  FreeReason

  GetApplicableDiskReason

  LogDiskRegionReasons

  DiskRegionSupportsCapabilityForType

  LogDiskReasons

  DiskSupportsCapabilityForType

  CallbackGetArgumentUInt64

  ntdll

  NtOpenFile

  NtSetValueKey

  NtDeviceIoControlFile

  NtQuerySymbolicLinkObject

  NtOpenKey

  NtOpenSymbolicLinkObject

  RtlImpersonateSelf

  NtShutdownSystem

  RtlAdjustPrivilege

  RtlNtStatusToDosError

  RtlInitUnicodeString

  NtCreatePagingFile

  ZwQuerySystemInformation

  RtlGUIDFromString

  RtlFreeUnicodeString

  RtlStringFromGUID

  RtlFreeHeap

  RtlAllocateHeap

  RtlAppendUnicodeToString

  ZwQueryAttributesFile

  ZwWaitForSingleObject

  ZwQueryKey

  ZwReleaseMutant

  ZwOpenFile

  ZwOpenMutant

  ZwClose

  RtlLengthSecurityDescriptor

  NtPrivilegeCheck

  RtlSetOwnerSecurityDescriptor

  RtlSetDaclSecurityDescriptor

  ZwCreateFile

  ZwCreateKey

  ZwLoadKey

  RtlAddAccessAllowedAceEx

  RtlAllocateAndInitializeSid

  RtlLengthSid

  ZwFlushKey

  ZwDeleteValueKey

  ZwSaveKey

  RtlFreeSid

  ZwDeleteKey

  ZwEnumerateKey

  ZwQueryValueKey

  RtlCreateAcl

  ZwSetSecurityObject

  ZwUnloadKey

  RtlCreateSecurityDescriptor

  NtClose

  RtlRaiseStatus

  DbgPrintEx

  LdrAccessResource

  LdrFindResource_U

  NtWaitForSingleObject

  NtQueryInformationThread

  NtQueryInformationFile

  NtCreateEvent

  RtlImageNtHeader

  NtOpenProcess

  NtQueryInformationProcess

  NtSetInformationFile

  NtCreateFile

  NtQueryObject

  RtlImageDirectoryEntryToData

  RtlVerifyVersionInfo

  VerSetConditionMask

  LdrResSearchResource

  ZwMapViewOfSection

  ZwUnmapViewOfSection

  RtlAnsiStringToUnicodeString

  RtlxAnsiStringToUnicodeSize

  RtlInitString

  ZwSetInformationProcess

  ZwCreateSection

  RtlFormatCurrentUserKeyPath

  RtlInitUnicodeStringEx

  RtlNtPathNameToDosPathName

  RtlpEnsureBufferSize

  ZwQueryDirectoryFile

  RtlDosPathNameToNtPathName_U_WithStatus

  RtlGetNativeSystemInformation

  RtlUpcaseUnicodeChar

  NtReadFile

  NtWriteFile

  NtQueryValueKey

  RtlRunOnceExecuteOnce

  RtlAppendUnicodeStringToString

  RtlReAllocateHeap

  RtlGetVersion

  NtCreateKey

  NtEnumerateBootEntries

  NtQueryDirectoryObject

  NtOpenDirectoryObject

  NtTranslateFilePath

  NtSetSecurityObject

  NtQueryBootOptions

  NtQueryBootEntryOrder

  NtDeleteKey

  DbgPrint

  NtDeleteFile

  RtlGetThreadErrorMode

  RtlSetThreadErrorMode

  NtFsControlFile

  NtQueryDirectoryFile

  RtlDosPathNameToNtPathName_U

  NtOpenEvent

  RtlValidSid

  EtwEventWrite

  NtQueryKey

  NtFlushKey

  NtDeleteValueKey

  NtSaveKeyEx

  NtQuerySystemTime

  RtlSetEnvironmentVariable

  RtlCreateEnvironment

  RtlDestroyEnvironment

  RtlExpandEnvironmentStrings_U

  RtlGetControlSecurityDescriptor

  RtlConvertSidToUnicodeString

  RtlSetControlSecurityDescriptor

  NtQuerySecurityObject

  NtQuerySystemEnvironmentValueEx

  NtEnumerateKey

  NtEnumerateValueKey

  NtLoadKey

  NtDelayExecution

  NtUnloadKey

  RtlGetAce

  RtlAddAccessAllowedAce

  NtRestoreKey

  RtlEqualUnicodeString

  NtQueryVolumeInformationFile

  NtQueryAttributesFile

  RtlDosPathNameToRelativeNtPathName_U_WithStatus

  NtSetSystemInformation

  RtlGetLastNtStatus

  RtlFindAceByType

  NtUnloadKey2

  NtQueryEaFile

  NtSetEaFile

  RtlInitializeResource

  RtlAcquireResourceExclusive

  RtlAcquireResourceShared

  RtlReleaseResource

  RtlDeleteResource

  RtlInitializeCriticalSection

  ZwSetValueKey

  ZwOpenKey

  ZwAllocateUuids

  ZwQuerySymbolicLinkObject

  ZwDeviceIoControlFile

  ZwQueryDirectoryObject

  ZwOpenSymbolicLinkObject

  ZwOpenDirectoryObject

  LdrGetProcedureAddress

  ZwQueryVolumeInformationFile

  LdrGetDllHandle

  ZwQueryInformationProcess

  RtlInitAnsiString

  ZwDeleteFile

  ZwQueryInformationFile

  ZwOpenProcess

  NtQuerySystemInformation

  NtAdjustPrivilegesToken

  NtOpenProcessTokenEx

  NtSetInformationThread

  NtOpenThreadTokenEx

  input

  ord104

  ord109

  ord112

  ord107

  ord106

  ord105

  unbcl

  ??0?$SmartPtr@V?$Array@PEAVString@UnBCL@@@UnBCL@@@UnBCL@@QEAA@PEAV?$Array@PEAVString@UnBCL@@@1@@Z

  ?GetFiles@Directory@UnBCL@@SAPEAV?$Array@PEAVString@UnBCL@@@2@PEBVString@2@0H@Z

  ??1?$SmartPtr@V?$Array@PEAVString@UnBCL@@@UnBCL@@@UnBCL@@UEAA@XZ

  ??C?$SmartPtr@V?$Array@PEAVString@UnBCL@@@UnBCL@@@UnBCL@@QEBAPEAV?$Array@PEAVString@UnBCL@@@1@XZ

  ?GetFileName@Path@UnBCL@@SAPEAVString@2@PEBV32@@Z

  ?Combine@Path@UnBCL@@SAPEAVString@2@PEBV32@0@Z

  ?get_P@?$SmartPtr@VString@UnBCL@@@UnBCL@@QEBAPEAVString@2@XZ

  ?Compare@String@UnBCL@@SAHPEBG0H@Z

  ?GetDirectoriesAndFiles@Directory@UnBCL@@SAPEAV?$Array@PEAVString@UnBCL@@@2@PEBVString@2@0W4EnumerationType@12@H@Z

  ?get_IsEmpty@String@UnBCL@@QEBAHXZ

  ??0Win32Exception@UnBCL@@QEAA@KPEBG@Z

  ??1Win32Exception@UnBCL@@UEAA@XZ

  ?CreateDir@Directory@UnBCL@@SAPEAVDirectoryInfo@2@PEBVString@2@@Z

  ??0?$Array@E@UnBCL@@QEAA@HH@Z

  ??_D?$Array@E@UnBCL@@QEAAXXZ

  ?GetBuffer@?$Array@E@UnBCL@@UEAAPEAEH@Z

  ?get_P@?$SmartPtr@V?$Array@PEAVString@UnBCL@@@UnBCL@@@UnBCL@@QEBAPEAV?$Array@PEAVString@UnBCL@@@2@XZ

  ?get_Chars@String@UnBCL@@QEBAAEBGH@Z

  ?Steal@?$SmartPtr@VString@UnBCL@@@UnBCL@@QEAAPEAVString@2@XZ

  ??0String@UnBCL@@QEAA@PEBV01@@Z

  ?EndsWith@String@UnBCL@@QEBAHPEBGH@Z

  ?StartsWith@String@UnBCL@@QEBAHPEBGH@Z

  ??1Exception@UnBCL@@UEAA@XZ

  ?get_Length@String@UnBCL@@QEBAHXZ

  ??1ISerializable@UnBCL@@UEAA@XZ

  ??1?$IList@E@UnBCL@@UEAA@XZ

  ??1?$ICollection@E@UnBCL@@UEAA@XZ

  ?Exists@File@UnBCL@@SAHPEBVString@2@@Z

  ?Nullify@?$SmartPtr@VString@UnBCL@@@UnBCL@@QEAAAEAV12@XZ

  ??D?$SmartPtr@VString@UnBCL@@@UnBCL@@QEBAAEAVString@1@XZ

  ?SetCompressionState@File@UnBCL@@SAHPEBVString@2@G@Z

  ?Delete@File@UnBCL@@SAXPEBVString@2@@Z

  ??0?$Array@E@UnBCL@@QEAA@PEBU?$ICollection@E@1@@Z

  ?Clone@?$Array@E@UnBCL@@UEBAPEAVObject@2@XZ

  ?Equals@?$Array@E@UnBCL@@UEBAHPEBVObject@2@@Z

  ??6SerializationStream@UnBCL@@QEAAAEAV01@H@Z

  ?WriteBytes@SerializationStream@UnBCL@@QEAAXPEBEH@Z

  ??5SerializationStream@UnBCL@@QEAAAEAV01@AEAH@Z

  ?ReadBytes@SerializationStream@UnBCL@@QEAAXPEAEH@Z

  ?SanitizeTypeName@SerializationStream@UnBCL@@SAPEAVString@2@AEBV32@@Z

  ??2Object@UnBCL@@SAPEAX_KI@Z

  ??0String@UnBCL@@QEAA@AEBV01@@Z

  ?GetCallingModule@SerializationStream@UnBCL@@SAPEAUHINSTANCE__@@XZ

  ?CanRegister@SerializationStream@UnBCL@@SAHXZ

  ?RegisterType@SerializationStream@UnBCL@@SAXPEBVString@2@HPEAUHINSTANCE__@@PEAUIInstanceFactory@2@@Z

  ?EnqueueSbRegistration@SbRegistrationList@UnBCL@@SAXPEBDHPEAUHINSTANCE__@@PEAUIInstanceFactory@2@@Z

  ??0Exception@UnBCL@@QEAA@PEBG@Z

  ?UnregisterType@SerializationStream@UnBCL@@SAXPEBVString@2@HPEAUHINSTANCE__@@@Z

  ??0IInstanceFactory@UnBCL@@QEAA@XZ

  ??0ISerializable@UnBCL@@QEAA@XZ

  ??0?$IList@E@UnBCL@@QEAA@XZ

  ??0?$ICollection@E@UnBCL@@QEAA@XZ

  ??0?$IEnumerable@E@UnBCL@@QEAA@XZ

  ?ExpandEnvironmentVariables@Environment@UnBCL@@SAPEAVString@2@PEBV32@@Z

  ?Delete@Directory@UnBCL@@SAXPEBVString@2@H@Z

  ?Concat@String@UnBCL@@SAPEAV12@PEBG0@Z

  ?Substring@String@UnBCL@@QEBAPEAV12@HH@Z

  ?get_Win32ErrorCode@Win32Exception@UnBCL@@QEBAKXZ

  ?GetEnvironmentVar@Environment@UnBCL@@SAPEAVString@2@PEBV32@@Z

  ?Assign@?$SmartPtr@VString@UnBCL@@@UnBCL@@AEAAXPEAVString@2@@Z

  ?get_Item@XmlAttributeCollection@UnBCL@@QEAAPEAVXmlAttribute@2@PEAVString@2@@Z

  ?GetStackTrace@Exception@UnBCL@@QEBAPEAVString@2@XZ

  ?Clone@?$Hashtable@PEAVString@UnBCL@@PEAV12@@UnBCL@@UEBAPEAVObject@2@XZ

  ??0?$Hashtable@PEAVString@UnBCL@@PEAV12@@UnBCL@@QEAA@HH@Z

  ??0InvalidCastException@UnBCL@@QEAA@XZ

  ?SelectSingleNode@XmlNode@UnBCL@@QEAAPEAV12@PEAVString@2@@Z

  ?SelectNodes@XmlNode@UnBCL@@QEAAPEAVXmlNodeList@2@PEAVString@2@@Z

  ?get_Value@XmlNode@UnBCL@@QEAAPEAVString@2@XZ

  ?get_Attributes@XmlNode@UnBCL@@QEAAPEAVXmlAttributeCollection@2@XZ

  ?Load@XmlDocument@UnBCL@@QEAAXPEAVString@2@@Z

  ??1XmlDocument@UnBCL@@UEAA@XZ

  ??0XmlDocument@UnBCL@@QEAA@XZ

  ?get_P@?$SmartPtr@V?$ArrayList@PEAVString@UnBCL@@@UnBCL@@@UnBCL@@QEBAPEAV?$ArrayList@PEAVString@UnBCL@@@2@XZ

  ??C?$SmartPtr@V?$ArrayList@PEAVString@UnBCL@@@UnBCL@@@UnBCL@@QEBAPEAV?$ArrayList@PEAVString@UnBCL@@@1@XZ

  ??4?$SmartPtr@V?$ArrayList@PEAVString@UnBCL@@@UnBCL@@@UnBCL@@QEAAAEAV01@AEBV01@@Z

  ??1?$SmartPtr@V?$ArrayList@PEAVString@UnBCL@@@UnBCL@@@UnBCL@@UEAA@XZ

  ??0?$SmartPtr@V?$ArrayList@PEAVString@UnBCL@@@UnBCL@@@UnBCL@@QEAA@XZ

  ??0?$SmartPtr@V?$ArrayList@PEAVString@UnBCL@@@UnBCL@@@UnBCL@@QEAA@PEAV?$ArrayList@PEAVString@UnBCL@@@1@@Z

  ??5SerializationStream@UnBCL@@QEAAAEAV01@AEAK@Z

  ??5SerializationStream@UnBCL@@QEAAAEAV01@AEAPEAVString@1@@Z

  ??5SerializationStream@UnBCL@@QEAAAEAV01@AEAPEAUISerializable@1@@Z

  ??6SerializationStream@UnBCL@@QEAAAEAV01@K@Z

  ??6SerializationStream@UnBCL@@QEAAAEAV01@PEBVString@1@@Z

  ??6SerializationStream@UnBCL@@QEAAAEAV01@PEBUISerializable@1@@Z

  ?Compare@String@UnBCL@@SAHPEBV12@0H@Z

  ?ToLower@String@UnBCL@@QEBAPEAV12@XZ

  ?Split@String@UnBCL@@QEBAPEAV?$ArrayList@PEAVString@UnBCL@@@2@PEBG@Z

  ?LastIndexOf@String@UnBCL@@QEBAHG@Z

  ?CompareTo@String@UnBCL@@QEBAHPEBG@Z

  ?CompareTo@String@UnBCL@@QEBAHPEBGH@Z

  ?get_Item@XmlNodeList@UnBCL@@QEAAPEAVXmlNode@2@H@Z

  ?get_Count@XmlNodeList@UnBCL@@QEAAHXZ

  ??0Object@UnBCL@@QEAA@AEBV01@@Z

  ??0Win32Exception@UnBCL@@QEAA@K@Z

  ??1InvalidCastException@UnBCL@@UEAA@XZ

  ??1?$IEnumerator@PEAVString@UnBCL@@@UnBCL@@UEAA@XZ

  ??0?$IEnumerator@PEAVString@UnBCL@@@UnBCL@@QEAA@XZ

  ??4Object@UnBCL@@QEAAAEAV01@AEBV01@@Z

  ??0?$ICollection@PEAVString@UnBCL@@@UnBCL@@QEAA@XZ

  ??0?$IEnumerable@PEAVString@UnBCL@@@UnBCL@@QEAA@XZ

  ??1?$ICollection@PEAVString@UnBCL@@@UnBCL@@UEAA@XZ

  ??_D?$Hashtable@PEAVString@UnBCL@@PEAV12@@UnBCL@@QEAAXXZ

  ?Append@MutableString@UnBCL@@QEAAXPEBG@Z

  ?Clone@MultiSz@UnBCL@@UEBAPEAVObject@2@XZ

  ?ToString@MultiSz@UnBCL@@UEBAPEAVString@2@XZ

  ?Add@MultiSz@UnBCL@@QEAAXPEBG@Z

  ?get_Buffer@MultiSz@UnBCL@@QEBAPEBGXZ

  ??0MultiSz@UnBCL@@QEAA@XZ

  ?Trim@String@UnBCL@@QEBAPEAV12@PEBG@Z

  ?Substring@String@UnBCL@@QEBAPEAV12@H@Z

  ?IndexOf@String@UnBCL@@QEBAHPEBGH@Z

  ??_DMultiSz@UnBCL@@QEAAXXZ

  ?MakeTrim@MutableString@UnBCL@@QEAAXPEBG@Z

  ??0MutableString@UnBCL@@QEAA@PEBG@Z

  ?IsEnvironmentVarSetTrue@Environment@UnBCL@@SAHPEBVString@2@H@Z

  ??0OutOfMemoryException@UnBCL@@QEAA@XZ

  ?IndexOf@String@UnBCL@@QEBAHG@Z

  ??0String@UnBCL@@QEAA@PEBGHH@Z

  ??1OutOfMemoryException@UnBCL@@UEAA@XZ

  ?get_ChildNodes@XmlNode@UnBCL@@QEAAPEAVXmlNodeList@2@XZ

  ?get_Name@XmlNode@UnBCL@@QEAAPEAVString@2@XZ

  ?get_Count@XmlAttributeCollection@UnBCL@@QEAAHXZ

  ?FormatV@String@UnBCL@@SAPEAV12@PEBGPEAD@Z

  ??4?$SmartPtr@VString@UnBCL@@@UnBCL@@QEAAAEAV01@AEBV01@@Z

  ?Concat@String@UnBCL@@SAPEAV12@PEBG00@Z

  ?Copy@Directory@UnBCL@@SAXPEBVString@2@0HPEAUICopyDelegate@12@@Z

  ?Exists@Directory@UnBCL@@SAHPEBVString@2@@Z

  ??C?$SmartPtr@VString@UnBCL@@@UnBCL@@QEBAPEAVString@1@XZ

  ??1?$SmartPtr@VString@UnBCL@@@UnBCL@@UEAA@XZ

  ?GetParentPath@Path@UnBCL@@SAPEAVString@2@PEBV32@@Z

  ??0?$SmartPtr@VString@UnBCL@@@UnBCL@@QEAA@PEAVString@1@@Z

  ??4MutableString@UnBCL@@QEAAAEAV01@PEBG@Z

  ??0MutableString@UnBCL@@QEAA@XZ

  ?Tokenize@?$CStringT@GV?$StrTraitATL@GV?$ChTraitsCRT@G@ATL@@@ATL@@@ATL@@QEBA?AV12@PEBGAEAH@Z

  ??4?$CStringT@GV?$StrTraitATL@GV?$ChTraitsCRT@G@ATL@@@ATL@@@ATL@@QEAAAEAV01@AEBV01@@Z

  ?Compare@?$CStringT@GV?$StrTraitATL@GV?$ChTraitsCRT@G@ATL@@@ATL@@@ATL@@QEBAHPEBG@Z

  ??1?$CStringT@GV?$StrTraitATL@GV?$ChTraitsCRT@G@ATL@@@ATL@@@ATL@@QEAA@XZ

  ??0?$CStringT@GV?$StrTraitATL@GV?$ChTraitsCRT@G@ATL@@@ATL@@@ATL@@QEAA@PEBD@Z

  ??0?$CStringT@GV?$StrTraitATL@GV?$ChTraitsCRT@G@ATL@@@ATL@@@ATL@@QEAA@PEBG@Z

  ??0?$CStringT@GV?$StrTraitATL@GV?$ChTraitsCRT@G@ATL@@@ATL@@@ATL@@QEAA@XZ

  ?SetAt@?$CSimpleStringT@G$0A@@ATL@@QEAAXHG@Z

  ?GetManager@?$CStringT@GV?$StrTraitATL@GV?$ChTraitsCRT@G@ATL@@@ATL@@@ATL@@QEBAPEAUIAtlStringMgr@2@XZ

  ??0?$CStringT@GV?$StrTraitATL@GV?$ChTraitsCRT@G@ATL@@@ATL@@@ATL@@QEAA@AEBV01@@Z

  ??0?$CStringT@GV?$StrTraitATL@GV?$ChTraitsCRT@G@ATL@@@ATL@@@ATL@@QEAA@PEAUIAtlStringMgr@1@@Z

  ?Concatenate@?$CSimpleStringT@G$0A@@ATL@@KAXAEAV12@PEBGH1H@Z

  ?Append@?$CSimpleStringT@G$0A@@ATL@@QEAAXPEBG@Z

  ?Empty@?$CSimpleStringT@G$0A@@ATL@@QEAAXXZ

  ??4?$CStringT@GV?$StrTraitATL@GV?$ChTraitsCRT@G@ATL@@@ATL@@@ATL@@QEAAAEAV01@PEBG@Z

  ?Format@?$CStringT@GV?$StrTraitATL@GV?$ChTraitsCRT@G@ATL@@@ATL@@@ATL@@QEAAXPEBGZZ

  ??3Object@UnBCL@@SAXPEAX@Z

  ??1String@UnBCL@@UEAA@XZ

  ??0String@UnBCL@@QEAA@PEBG@Z

  ??0Object@UnBCL@@QEAA@XZ

  ??1Object@UnBCL@@UEAA@XZ

  ??2Object@UnBCL@@SAPEAX_K@Z

  ?AddStackTrace@Exception@UnBCL@@QEAAXPEBD@Z

  ?MemAllocFailed@Allocator@UnBCL@@SAHXZ

  ??0ArgumentOutOfRangeException@UnBCL@@QEAA@PEBG@Z

  ??0ArgumentNullException@UnBCL@@QEAA@PEBG@Z

  ??0ArgumentException@UnBCL@@QEAA@PEBG@Z

  ??0InvalidOperationException@UnBCL@@QEAA@PEBVString@1@PEAVException@1@@Z

  ??0InvalidOperationException@UnBCL@@QEAA@PEBG@Z

  ??0NotSupportedException@UnBCL@@QEAA@PEBG@Z

  ??0InvalidOperationException@UnBCL@@QEAA@PEBVString@1@@Z

  ?Equals@Object@UnBCL@@UEBAHPEBV12@@Z

  ?CompareTo@Object@UnBCL@@UEBAHPEBV12@@Z

  ?AddRef@Object@UnBCL@@QEAAXXZ

  ?DecRef@Object@UnBCL@@QEAAHXZ

  ?SetLiteralStorage@_@UnBCL@@YAXPEAPEBVString@2@PEBG@Z

  ?Equals@String@UnBCL@@UEBAHPEBVObject@2@@Z

  ?GetHashCode@String@UnBCL@@UEBAHXZ

  ?GetType@Object@UnBCL@@UEBAPEAVType@2@XZ

  ?ToString@String@UnBCL@@UEBAPEAV12@XZ

  ?GetObjectID@Object@UnBCL@@UEBAIXZ

  ?CompareTo@String@UnBCL@@UEBAHPEBVObject@2@@Z

  ?Clone@String@UnBCL@@UEBAPEAVObject@2@XZ

  ?GetHashCode@Object@UnBCL@@UEBAHXZ

  ?ToString@Exception@UnBCL@@UEBAPEAVString@2@XZ

  ?Clone@Object@UnBCL@@UEBAPEAV12@XZ

  ?get_InnerException@Exception@UnBCL@@UEBAPEBV12@XZ

  ?get_Message@Exception@UnBCL@@UEBAPEBVString@2@XZ

  ?get_Source@Exception@UnBCL@@UEBAPEBVString@2@XZ

  ?set_Source@Exception@UnBCL@@UEAAXPEBVString@2@@Z

  ?GetBaseException@Exception@UnBCL@@UEBAPEBV12@XZ

  ?get_HResult@Exception@UnBCL@@UEBAJXZ

  ?set_HResult@Exception@UnBCL@@MEAAXJ@Z

  ?SetMessage@Exception@UnBCL@@MEAAXPEAVString@2@@Z

  ?ToString@Object@UnBCL@@UEBAPEAVString@2@XZ

  ?FromASCII@String@UnBCL@@SAPEAV12@PEBD@Z

  ??1NotSupportedException@UnBCL@@UEAA@XZ

  ??1InvalidOperationException@UnBCL@@UEAA@XZ

  ??1ArgumentOutOfRangeException@UnBCL@@UEAA@XZ

  ??1ArgumentException@UnBCL@@UEAA@XZ

  ??1ArgumentNullException@UnBCL@@UEAA@XZ

  ??1MutableString@UnBCL@@UEAA@XZ

  ?get_CString@String@UnBCL@@QEBAPEBGXZ

  ??0ApplicationException@UnBCL@@QEAA@PEBG@Z

  ??1ApplicationException@UnBCL@@UEAA@XZ

  ?Format@String@UnBCL@@SAPEAV12@PEBGZZ

  ??0?$SmartPtr@VString@UnBCL@@@UnBCL@@QEAA@XZ

  unattend

  UnattendEnumFree

  UnattendCtxEnumGet

  UnattendCtxEnumOrderedSubNodes

  UnattendFreeNode

  UnattendCtxOpenNode

  UnattendCtxGetCount

  UnattendFreeResults

  UnattendCtxGetFlag

  UnattendCtxGetString

  UnattendCtxGetShowUI

  UnattendCtxGetCountByNode

  UnattendCtxCommitModify

  UnattendCtxOpenNodeByNode

  UnattendCtxGetUlongByNode

  UnattendCtxDeserializeBuffer

  UnattendCtxCleanup

  UnattendCtxGetEnumValueByNode

  UnattendCtxCancelModify

  UnattendCtxSerializeSettingsStream

  UnattendCtxGetRootNode

  UnattendCtxSerializeToBuffer

  UnattendCtxReplaceNode

  UnattendCtxGetStringByNode

  UnattendCtxSerialize

  UnattendCtxGetUlong

  UnattendCtxSetNodeName

  UnattendCtxPrettyPrint

  UnattendCtxGetLongByNode

  UnattendCtxGetExpandedStringByNode

  UnattendFindAnswerFileWithResults

  UnattendGetImplicitContext

  UnattendGetFirstFailingSetting

  UnattendCleanup

  UnattendCtxGetFlagByNode

  UnattendFreeSetting

  UnattendIsNodeValid

  UnattendCtxSpliceTrees

  UnattendCtxSetStringByNode

  UnattendCtxSerializeToBufferFromNode

  UnattendCtxSetString

  UnattendCtxDeserializeString

  UnattendAddResults

  UnattendCtxDeserialize

  UnattendMarkPassUsedInCtx

  UnattendCtxBeginModify

  UnattendDeserializeWithResults

  UnattendCtxGetLong

  UnattendFormatPath

  UnattendCtxReplaceMatchedNodesWithText

  gdi32

  GdiAlphaBlend

  CreateDIBitmap

  GetTextMetricsW

  SetBkColor

  SetLayout

  GetTextAlign

  SetMapMode

  SetTextAlign

  SetWorldTransform

  SetGraphicsMode

  AddFontMemResourceEx

  SetBrushOrgEx

  BitBlt

  CreateCompatibleBitmap

  SelectObject

  CreateCompatibleDC

  StretchBlt

  GetStockObject

  GetDeviceCaps

  GetTextExtentPoint32W

  SetTextColor

  SetBkMode

  GetObjectW

  TranslateCharsetInfo

  DeleteDC

  CreateDCW

  EnumFontFamiliesExW

  SetTextCharacterExtra

  CreateFontIndirectW

  RemoveFontMemResourceEx

  CreateSolidBrush

  DeleteObject

  SetStretchBltMode

  TextOutW

  mpr

  WNetCancelConnection2W

  WNetAddConnection2W

  version

  GetFileVersionInfoExW

  VerQueryValueW

  GetFileVersionInfoSizeExW

  wininet

  InternetQueryOptionW

  InternetGetConnectedState

  InternetSetOptionW

  cfgmgr32

  CMP_WaitNoPendingInstallEvents

  CM_Get_Parent

  CM_Get_Device_ID_ExW

  CM_Get_DevNode_Registry_PropertyW

  CM_Get_Device_ID_Size_Ex

  bcrypt

  BCryptHashData

  BCryptDestroyHash

  BCryptOpenAlgorithmProvider

  BCryptCloseAlgorithmProvider

  BCryptGetProperty

  BCryptCreateHash

  BCryptDestroyKey

  BCryptVerifySignature

  BCryptImportKeyPair

  BCryptFinishHash

  fltlib

  FilterAttach

  FilterLoad

  cabinet

  ord23

  ord20

  ord22

  Exports

  Exports

  ??4DUMgr@@QEAAAEAV0@AEBV0@@Z

  ?GetModuleId@DUMgr@@QEAAAEBQEAXXZ

  ?Instance@DUMgr@@SAPEAV1@XZ

  ?IsCancelled@DUMgr@@AEAAHXZ

  ?SetModuleId@DUMgr@@QEAAXPEAX@Z

  ?SetPhase@DUMgr@@AEAAXW4DUPhase@@@Z

  FreeResourceHandle

  GetCleanInstallCheckpointSequence

  GetSpaceNeededForWinPE

  InstallCopyCodeUpdate

  InstallSetupUpdates

  InstallWindows

  Module_Init_BootPrepare

  Module_Init_Bootstrap

  Module_Init_CBS

  Module_Init_Cleanup

  Module_Init_Compliance

  Module_Init_ComputerName

  Module_Init_ConfigOfflineImage

  Module_Init_ConfigSet

  Module_Init_CopyImages

  Module_Init_CopyPrivates

  Module_Init_CopySetupFiles

  Module_Init_DU

  Module_Init_DeployImages

  Module_Init_DiskConfiguration

  Module_Init_DiskSpace

  Module_Init_Ems

  Module_Init_Engine

  Module_Init_ErrorHandler

  Module_Init_ExternalDrivers

  Module_Init_Finalize_Image

  Module_Init_FixBBPaths

  Module_Init_GatherDiskInfo

  Module_Init_ImageInstall

  Module_Init_ImageTransfer

  Module_Init_Internal

  Module_Init_LanguagePack

  Module_Init_License

  Module_Init_Locale

  Module_Init_ModuleLoader

  Module_Init_MountedDevices

  Module_Init_MungeBootEntries

  Module_Init_OnlineSettings

  Module_Init_PageFile

  Module_Init_ParseCmdLine

  Module_Init_PickTempDrive

  Module_Init_PrepareInstallDrive

  Module_Init_Productkey

  Module_Init_QFE

  Module_Init_RestartSetup

  Module_Init_Rollback

  Module_Init_ScenarioDetect

  Module_Init_SourceMedia

  Module_Init_Sysprep

  Module_Init_SystemRestore

  Module_Init_Unattend

  PublishDiskInfoOnBlackboard

  SetFileCopyErrorResult

  SetFileCopyErrorResultFromStruct

  SetResourceHandle

  Sysprep_Specialize_Offline_Pnp_Compat

  Sysprep_Specialize_Pnp_Compat

  UnattendErrorFromResults

  g_hwCompatParams

  g_pUnattendCtxIBS

  Sections

  .text

  Size: 2.1MB - Virtual size: 2.1MB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: 1.3MB - Virtual size: 1.3MB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: 44KB - Virtual size: 63KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .pdata

  Size: 48KB - Virtual size: 47KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .didat

  Size: 512B - Virtual size: 264B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rsrc

  Size: 56KB - Virtual size: 55KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .reloc

  Size: 21KB - Virtual size: 21KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ

• port/cont/rich/oope/MBR2GPT.EXE

  .exe windows x64

  Password: 7575

  c1c0d14685e4d5ef5e2b7dd850598d65

  
  

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA

  IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

  IMAGE_DLLCHARACTERISTICS_NX_COMPAT

  IMAGE_DLLCHARACTERISTICS_GUARD_CF

  IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_LARGE_ADDRESS_AWARE

  IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP

  IMAGE_FILE_NET_RUN_FROM_SWAP

  Imports

  advapi32

  RegEnumValueW

  RegOpenKeyExW

  RegLoadKeyW

  RegUnLoadKeyW

  OpenProcessToken

  RegSetValueExW

  RegCreateKeyExW

  RegCloseKey

  AdjustTokenPrivileges

  LookupPrivilegeValueW

  TraceMessage

  CryptReleaseContext

  CryptDestroyHash

  CryptGetHashParam

  CryptHashData

  CryptCreateHash

  CryptAcquireContextW

  SetThreadToken

  DuplicateTokenEx

  RegDeleteKeyW

  RegQueryInfoKeyW

  ReadEncryptedFileRaw

  CloseEncryptedFileRaw

  WriteEncryptedFileRaw

  OpenEncryptedFileRawW

  AddAccessAllowedAceEx

  RevertToSelf

  EventWrite

  GetSecurityInfo

  InitializeAcl

  GetLengthSid

  GetAclInformation

  GetSecurityDescriptorLength

  EventRegister

  EventUnregister

  EventWriteTransfer

  GetSecurityDescriptorSacl

  GetSecurityDescriptorDacl

  GetSecurityDescriptorGroup

  SetNamedSecurityInfoW

  GetSecurityDescriptorControl

  GetSecurityDescriptorOwner

  ConvertSidToStringSidW

  OpenThreadToken

  GetTokenInformation

  RegGetValueW

  AllocateAndInitializeSid

  FreeSid

  RegFlushKey

  RegEnumKeyExW

  RegDeleteValueW

  ConvertStringSecurityDescriptorToSecurityDescriptorW

  RegQueryValueExW

  kernel32

  IsDebuggerPresent

  DebugBreak

  AcquireSRWLockShared

  CreateMutexExW

  CreateThreadpoolTimer

  ReleaseSRWLockShared

  SetThreadpoolTimer

  OpenSemaphoreW

  GetModuleFileNameA

  WaitForSingleObjectEx

  WaitForThreadpoolTimerCallbacks

  ReleaseSRWLockExclusive

  OutputDebugStringW

  CloseThreadpoolTimer

  WakeAllConditionVariable

  SleepConditionVariableSRW

  SearchPathW

  GetSystemDefaultUILanguage

  GetUserDefaultUILanguage

  FindResourceExW

  LoadResource

  GetProcessHeap

  GetWindowsDirectoryW

  HeapAlloc

  CloseHandle

  GetLastError

  GetVolumeNameForVolumeMountPointW

  CreateFileW

  GetVolumePathNameW

  GetTempPathW

  DeviceIoControl

  ExpandEnvironmentStringsW

  GetCurrentProcess

  SetLastError

  HeapFree

  SetConsoleCtrlHandler

  AcquireSRWLockExclusive

  InitializeCriticalSectionEx

  Sleep

  UnhandledExceptionFilter

  SetUnhandledExceptionFilter

  TerminateProcess

  GetModuleHandleW

  QueryPerformanceCounter

  GetCurrentProcessId

  GetCurrentThreadId

  GetSystemTimeAsFileTime

  GetTickCount

  RtlCompareMemory

  GetLogicalDrives

  FindFirstVolumeW

  GetProcAddress

  FindVolumeClose

  FreeLibrary

  FindNextVolumeW

  GetDriveTypeW

  LoadLibraryExW

  CreateDirectoryW

  CompareStringW

  GetFullPathNameW

  GetLongPathNameW

  GetFinalPathNameByHandleW

  GetModuleFileNameW

  GetCurrentDirectoryW

  QueryDosDeviceW

  FindFirstFileW

  GetFileSizeEx

  FindNextFileW

  FindClose

  WaitForSingleObject

  GetFileAttributesW

  SetFileAttributesW

  DeleteFileW

  GetEnvironmentVariableW

  FormatMessageW

  SetEvent

  CreateThread

  ResetEvent

  LocalFree

  GetFileInformationByHandleEx

  GetFileInformationByHandle

  SetFileInformationByHandle

  CopyFileExW

  FlushFileBuffers

  EnterCriticalSection

  LeaveCriticalSection

  InitializeCriticalSection

  UnmapViewOfFile

  GetCurrentThread

  CreateFileMappingW

  MapViewOfFile

  GetVolumeInformationW

  WriteFile

  GetPrivateProfileSectionW

  MoveFileExW

  SetVolumeMountPointW

  GetModuleHandleExW

  GetHandleInformation

  SetFilePointerEx

  SetEndOfFile

  ReadFile

  GetOverlappedResult

  DeleteCriticalSection

  RemoveDirectoryW

  GetSystemInfo

  SetThreadIdealProcessor

  GetTempFileNameW

  GetFileSize

  SetFilePointer

  CreateEventW

  InitializeCriticalSectionAndSpinCount

  LockFileEx

  UnlockFileEx

  LocalAlloc

  ReleaseMutex

  WideCharToMultiByte

  OpenProcess

  HeapReAlloc

  DuplicateHandle

  WaitForMultipleObjects

  ReleaseSemaphore

  CreateSemaphoreW

  GetVolumeInformationByHandleW

  GlobalMemoryStatusEx

  GetSystemDirectoryW

  TlsAlloc

  TlsFree

  TlsGetValue

  TlsSetValue

  WaitForMultipleObjectsEx

  CreateSemaphoreExW

  MultiByteToWideChar

  DosDateTimeToFileTime

  LocalFileTimeToFileTime

  SetFileTime

  LoadLibraryW

  GetVolumePathNamesForVolumeNameW

  VirtualAlloc

  VirtualFree

  GetLocaleInfoW

  GetPrivateProfileStringW

  GetVersionExW

  GetSystemWindowsDirectoryW

  GetFileAttributesExW

  CopyFileW

  GetTickCount64

  GetDiskFreeSpaceExW

  SetFirmwareEnvironmentVariableW

  GetFirmwareEnvironmentVariableW

  msvcrt

  wcstok_s

  bsearch

  memmove_s

  ??3@YAXPEAX@Z

  iswspace

  _purecall

  __CxxFrameHandler3

  malloc

  ??_V@YAXPEAX@Z

  wcsncmp

  ?what@exception@@UEBAPEBDXZ

  ??1exception@@UEAA@XZ

  atol

  _atoi64

  ??0exception@@QEAA@AEBQEBDH@Z

  _callnewh

  _CxxThrowException

  ??1type_info@@UEAA@XZ

  towlower

  _wcsicmp

  _wtoi

  swscanf_s

  fflush

  wcschr

  _wcsnicmp

  wcsrchr

  fwprintf

  _XcptFilter

  qsort

  __wgetmainargs

  __set_app_type

  _exit

  _cexit

  __setusermatherr

  _initterm

  _fmode

  _wcsrev

  _strnicmp

  _commode

  ?terminate@@YAXXZ

  _lock

  memcpy_s

  towupper

  _vscwprintf

  _vsnprintf

  iswctype

  _wcslwr

  _snwscanf_s

  strncmp

  _wcsupr

  wcsnlen

  wcsstr

  strcpy_s

  wcsncpy_s

  _vsnwprintf_s

  swprintf_s

  wcscat_s

  wcscpy_s

  wcstoul

  _ultow_s

  __iob_func

  _unlock

  __dllonexit

  _onexit

  _vsnwprintf

  exit

  wprintf

  __C_specific_handler

  memcmp

  memcpy

  memmove

  memset

  strncpy_s

  _amsg_exit

  strcmp

  ??0exception@@QEAA@AEBV0@@Z

  ntdll

  NtOpenFile

  NtQueryValueKey

  NtQueryBootEntryOrder

  NtQueryBootOptions

  NtSetSecurityObject

  NtTranslateFilePath

  NtOpenDirectoryObject

  NtQueryDirectoryObject

  NtEnumerateBootEntries

  RtlNtStatusToDosError

  NtCreateFile

  RtlGetThreadErrorMode

  RtlSetThreadErrorMode

  NtSetInformationFile

  NtQueryObject

  NtWriteFile

  NtQueryInformationProcess

  NtOpenProcess

  NtReadFile

  RtlImageNtHeader

  NtCreateEvent

  NtQueryInformationFile

  NtQueryInformationThread

  NtWaitForSingleObject

  LdrFindResource_U

  LdrAccessResource

  RtlAdjustPrivilege

  RtlGetLastNtStatus

  RtlSetControlSecurityDescriptor

  RtlFindAceByType

  NtQueryDirectoryFile

  NtQueryVolumeInformationFile

  NtQueryEaFile

  NtSetEaFile

  NtUnloadKey2

  RtlInitializeResource

  RtlAcquireResourceExclusive

  RtlAcquireResourceShared

  RtlReleaseResource

  RtlDeleteResource

  DbgPrintEx

  RtlRaiseStatus

  RtlReAllocateHeap

  RtlDowncaseUnicodeChar

  NtYieldExecution

  NtDeviceIoControlFile

  NtOpenKey

  NtOpenSymbolicLinkObject

  RtlImpersonateSelf

  NtClose

  NtOpenThreadTokenEx

  NtSetInformationThread

  NtOpenProcessTokenEx

  NtAdjustPrivilegesToken

  NtQuerySystemInformation

  ZwOpenProcess

  ZwQueryInformationFile

  RtlInitAnsiString

  ZwQueryInformationProcess

  LdrGetDllHandle

  LdrGetProcedureAddress

  ZwOpenDirectoryObject

  ZwOpenSymbolicLinkObject

  ZwQueryDirectoryObject

  ZwDeviceIoControlFile

  ZwQuerySymbolicLinkObject

  ZwAllocateUuids

  RtlVirtualUnwind

  RtlLookupFunctionEntry

  RtlCaptureContext

  RtlDosPathNameToNtPathName_U

  ZwQuerySystemInformation

  ZwOpenKey

  ZwSetValueKey

  RtlCreateSecurityDescriptor

  ZwUnloadKey

  ZwSetSecurityObject

  RtlCreateAcl

  ZwQueryValueKey

  ZwEnumerateKey

  ZwDeleteKey

  RtlFreeSid

  ZwSaveKey

  ZwDeleteValueKey

  RtlLengthSid

  RtlAllocateAndInitializeSid

  RtlAddAccessAllowedAceEx

  ZwLoadKey

  ZwCreateKey

  ZwCreateFile

  RtlSetDaclSecurityDescriptor

  RtlSetOwnerSecurityDescriptor

  RtlLengthSecurityDescriptor

  ZwClose

  ZwOpenMutant

  ZwOpenFile

  ZwReleaseMutant

  ZwQueryKey

  ZwWaitForSingleObject

  ZwQueryAttributesFile

  RtlAppendUnicodeToString

  RtlAllocateHeap

  RtlFreeHeap

  RtlStringFromGUID

  RtlInitUnicodeString

  RtlFreeUnicodeString

  RtlGUIDFromString

  NtQuerySymbolicLinkObject

  ole32

  CoTaskMemFree

  CoCreateInstance

  CoInitializeEx

  CoUninitialize

  StringFromGUID2

  rpcrt4

  RpcStringFreeW

  UuidFromStringW

  UuidCompare

  UuidToStringW

  UuidCreate

  wdscore

  WdsInitialize

  WdsTerminate

  WdsSetupLogMessageW

  ConstructPartialMsgVW

  CurrentIP

  imagehlp

  CheckSumMappedFile

  bcrypt

  BCryptCloseAlgorithmProvider

  BCryptDestroyHash

  BCryptFinishHash

  BCryptHashData

  BCryptCreateHash

  BCryptGetProperty

  BCryptOpenAlgorithmProvider

  cabinet

  ord23

  ord22

  ord20

  shlwapi

  PathRemoveBackslashW

  user32

  CharUpperW

  LoadStringW

  version

  VerQueryValueW

  GetFileVersionInfoExW

  GetFileVersionInfoSizeExW

  crypt32

  CertVerifyCertificateChainPolicy

  CertGetEnhancedKeyUsage

  wintrust

  WTHelperGetProvSignerFromChain

  WTHelperProvDataFromStateData

  WinVerifyTrust

  Sections

  .text

  Size: 819KB - Virtual size: 818KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: 279KB - Virtual size: 278KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: 13KB - Virtual size: 19KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .pdata

  Size: 21KB - Virtual size: 20KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .reloc

  Size: 3KB - Virtual size: 3KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ

• port/cont/rich/oope/W32UIImg.dll

  .dll windows x64

  Password: 7575

  
  

  Code Sign

  33:00:00:03:3c:89:c6:6a:7b:45:bb:1f:bd:00:00:00:00:03:3c

  Certificate

  Issuer

  CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

  Not Before

  02-09-2021 18:23

  Not After

  01-09-2022 18:23

  Subject

  CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

  Extended Key Usages

  ExtKeyUsageCodeSigning

  61:07:76:56:00:00:00:00:00:08

  Certificate

  Issuer

  CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

  Not Before

  19-10-2011 18:41

  Not After

  19-10-2026 18:51

  Subject

  CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageCertSign

  KeyUsageCRLSign

  db:27:71:0c:73:74:b9:f9:3d:3c:a7:57:18:8a:23:bb:19:24:ef:50:fd:6e:15:c5:fd:d7:4a:93:ad:7a:8a:da

  Signer

  Actual PE Digest

  db:27:71:0c:73:74:b9:f9:3d:3c:a7:57:18:8a:23:bb:19:24:ef:50:fd:6e:15:c5:fd:d7:4a:93:ad:7a:8a:da

  Digest Algorithm

  sha256

  PE Digest Matches

  true

  Signature Validations

  Trusted

  false

  Verification

  Signing Certificate

  CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

  20-02-2023 17:34

  Valid: false

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA

  IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

  IMAGE_DLLCHARACTERISTICS_NX_COMPAT

  IMAGE_DLLCHARACTERISTICS_GUARD_CF

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_LARGE_ADDRESS_AWARE

  IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP

  IMAGE_FILE_NET_RUN_FROM_SWAP

  Sections

  .rdata

  Size: 512B - Virtual size: 208B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .rsrc

  Size: 2.8MB - Virtual size: 2.8MB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

• port/cont/rich/oope/W32UIRes.dll

  .dll windows x64

  Password: 7575

  
  

  Code Sign

  33:00:00:03:3c:89:c6:6a:7b:45:bb:1f:bd:00:00:00:00:03:3c

  Certificate

  Issuer

  CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

  Not Before

  02-09-2021 18:23

  Not After

  01-09-2022 18:23

  Subject

  CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

  Extended Key Usages

  ExtKeyUsageCodeSigning

  61:07:76:56:00:00:00:00:00:08

  Certificate

  Issuer

  CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

  Not Before

  19-10-2011 18:41

  Not After

  19-10-2026 18:51

  Subject

  CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageCertSign

  KeyUsageCRLSign

  9a:83:3d:98:29:fc:d3:16:31:7d:ff:47:d8:79:a7:cc:d0:1e:41:05:3b:90:1e:06:71:f1:14:2f:f3:ec:1b:b3

  Signer

  Actual PE Digest

  9a:83:3d:98:29:fc:d3:16:31:7d:ff:47:d8:79:a7:cc:d0:1e:41:05:3b:90:1e:06:71:f1:14:2f:f3:ec:1b:b3

  Digest Algorithm

  sha256

  PE Digest Matches

  true

  Signature Validations

  Trusted

  false

  Verification

  Signing Certificate

  CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

  20-02-2023 17:34

  Valid: false

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA

  IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

  IMAGE_DLLCHARACTERISTICS_NX_COMPAT

  IMAGE_DLLCHARACTERISTICS_GUARD_CF

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_LARGE_ADDRESS_AWARE

  IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP

  IMAGE_FILE_NET_RUN_FROM_SWAP

  Sections

  .rdata

  Size: 512B - Virtual size: 208B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .rsrc

  Size: 198KB - Virtual size: 197KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

• port/cont/rich/oope/mispace.dll

  .dll regsvr32 windows x64

  Password: 7575

  159c5b4436f252ca1d5d0f980b1fa8b9

  
  

  Code Sign

  33:00:00:03:3c:89:c6:6a:7b:45:bb:1f:bd:00:00:00:00:03:3c

  Certificate

  Issuer

  CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

  Not Before

  02-09-2021 18:23

  Not After

  01-09-2022 18:23

  Subject

  CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

  Extended Key Usages

  ExtKeyUsageCodeSigning

  61:07:76:56:00:00:00:00:00:08

  Certificate

  Issuer

  CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

  Not Before

  19-10-2011 18:41

  Not After

  19-10-2026 18:51

  Subject

  CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageCertSign

  KeyUsageCRLSign

  46:a0:3b:31:31:2b:64:bd:35:d2:2e:c0:8c:3b:71:97:8a:6c:33:e5:f3:a0:af:f2:5a:12:67:42:87:f0:4c:67

  Signer

  Actual PE Digest

  46:a0:3b:31:31:2b:64:bd:35:d2:2e:c0:8c:3b:71:97:8a:6c:33:e5:f3:a0:af:f2:5a:12:67:42:87:f0:4c:67

  Digest Algorithm

  sha256

  PE Digest Matches

  true

  Signature Validations

  Trusted

  false

  Verification

  Signing Certificate

  CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

  20-02-2023 17:34

  Valid: false

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA

  IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

  IMAGE_DLLCHARACTERISTICS_NX_COMPAT

  IMAGE_DLLCHARACTERISTICS_GUARD_CF

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_LARGE_ADDRESS_AWARE

  Imports

  msvcrt

  _onexit

  _CxxThrowException

  _unlock

  _lock

  __C_specific_handler

  _initterm

  _amsg_exit

  _XcptFilter

  isspace

  ??1type_info@@UEAA@XZ

  ?terminate@@YAXXZ

  _callnewh

  memmove_s

  _vsnprintf_s

  ??0exception@@QEAA@AEBV0@@Z

  memset

  _wcsicmp

  ??0exception@@QEAA@XZ

  ??1exception@@UEAA@XZ

  _purecall

  memcpy_s

  _vsnwprintf

  __CxxFrameHandler3

  wcstok_s

  _ui64tow_s

  _wcsnicmp

  wcsnlen

  _itow_s

  _wtoi

  memcmp

  towupper

  wcschr

  wcsncmp

  wcsncat_s

  swscanf_s

  iswalpha

  _wtoi64

  iswspace

  mbtowc

  localeconv

  wcsstr

  _vscwprintf

  memcpy

  memmove

  toupper

  malloc

  free

  swprintf_s

  __dllonexit

  wcscmp

  api-ms-win-eventing-provider-l1-1-0

  EventSetInformation

  EventActivityIdControl

  EventWriteTransfer

  EventUnregister

  EventRegister

  api-ms-win-core-sysinfo-l1-1-0

  GetTickCount

  GetWindowsDirectoryW

  GetComputerNameExW

  GetSystemDirectoryW

  GetSystemTimeAsFileTime

  GetSystemTime

  api-ms-win-core-errorhandling-l1-1-0

  SetUnhandledExceptionFilter

  GetLastError

  SetLastError

  UnhandledExceptionFilter

  api-ms-win-core-libraryloader-l1-2-0

  DisableThreadLibraryCalls

  GetModuleFileNameW

  LoadStringW

  GetModuleHandleW

  FreeLibrary

  GetModuleHandleExW

  LoadLibraryExW

  GetProcAddress

  GetModuleFileNameA

  api-ms-win-core-synch-l1-1-0

  CreateEventW

  InitializeCriticalSection

  WaitForMultipleObjectsEx

  SetEvent

  CreateSemaphoreExW

  EnterCriticalSection

  ReleaseSemaphore

  LeaveCriticalSection

  InitializeCriticalSectionEx

  WaitForSingleObject

  InitializeSRWLock

  ReleaseMutex

  ReleaseSRWLockExclusive

  AcquireSRWLockExclusive

  WaitForSingleObjectEx

  OpenSemaphoreW

  ReleaseSRWLockShared

  CreateMutexExW

  AcquireSRWLockShared

  DeleteCriticalSection

  ResetEvent

  api-ms-win-core-heap-l1-1-0

  HeapAlloc

  GetProcessHeap

  HeapFree

  api-ms-win-core-threadpool-l1-2-0

  CreateThreadpoolTimer

  CloseThreadpoolWork

  SetThreadpoolTimer

  CloseThreadpool

  CreateThreadpool

  CreateThreadpoolWork

  SetThreadpoolThreadMinimum

  SubmitThreadpoolWork

  CloseThreadpoolTimer

  SetThreadpoolThreadMaximum

  WaitForThreadpoolWorkCallbacks

  WaitForThreadpoolTimerCallbacks

  api-ms-win-core-processthreads-l1-1-0

  OpenThreadToken

  ResumeThread

  CreateThread

  GetCurrentProcessId

  TerminateProcess

  SetThreadToken

  TlsGetValue

  GetCurrentThreadId

  OpenProcessToken

  GetCurrentProcess

  GetCurrentThread

  api-ms-win-core-localization-l1-2-0

  FormatMessageW

  api-ms-win-core-debug-l1-1-0

  DebugBreak

  IsDebuggerPresent

  OutputDebugStringW

  api-ms-win-core-profile-l1-1-0

  QueryPerformanceFrequency

  QueryPerformanceCounter

  api-ms-win-core-handle-l1-1-0

  CloseHandle

  rpcrt4

  RpcServerListen

  RpcRevertToSelf

  RpcImpersonateClient

  RpcMgmtStopServerListening

  RpcServerUnregisterIf

  UuidCreate

  RpcServerUseProtseqEpW

  I_RpcServerDisableExceptionFilter

  NdrServerCall2

  NdrServerCallAll

  RpcServerRegisterIfEx

  api-ms-win-core-synch-l1-2-0

  Sleep

  api-ms-win-core-rtlsupport-l1-1-0

  RtlCompareMemory

  RtlCaptureContext

  RtlVirtualUnwind

  RtlLookupFunctionEntry

  RtlCaptureStackBackTrace

  sxshared

  SxTracerDebuggerBreak

  SxTracerShouldTrackFailure

  SxTracerGetThreadContextRetail

  api-ms-win-core-registry-l1-1-0

  RegCloseKey

  RegOpenKeyExW

  RegQueryValueExW

  RegGetValueW

  RegEnumKeyExW

  RegCreateKeyExW

  RegSetValueExW

  RegDeleteKeyExW

  api-ms-win-core-heap-l2-1-0

  LocalAlloc

  LocalFree

  api-ms-win-security-base-l1-1-0

  GetLengthSid

  IsValidSid

  AdjustTokenPrivileges

  CopySid

  FreeSid

  CheckTokenMembership

  AllocateAndInitializeSid

  ImpersonateLoggedOnUser

  DuplicateTokenEx

  RevertToSelf

  GetTokenInformation

  api-ms-win-core-com-l1-1-0

  CoTaskMemFree

  CoCreateGuid

  CLSIDFromString

  CoTaskMemAlloc

  CoDisconnectObject

  CoSetProxyBlanket

  CoUninitialize

  CoCreateInstance

  api-ms-win-core-io-l1-1-0

  DeviceIoControl

  GetOverlappedResult

  api-ms-win-core-file-l1-1-0

  GetVolumePathNameW

  FindNextFileW

  GetDiskFreeSpaceExW

  CreateDirectoryW

  RemoveDirectoryW

  GetLongPathNameW

  DefineDosDeviceW

  FlushFileBuffers

  CreateFileW

  GetDriveTypeW

  DeleteVolumeMountPointW

  SetFilePointerEx

  WriteFile

  SetFilePointer

  FindFirstFileW

  FindNextVolumeW

  GetVolumeInformationW

  GetFinalPathNameByHandleW

  ReadFile

  FindClose

  GetFileAttributesW

  DeleteFileW

  GetFileSizeEx

  GetDiskFreeSpaceW

  FindVolumeClose

  CompareFileTime

  FindFirstVolumeW

  QueryDosDeviceW

  api-ms-win-core-timezone-l1-1-0

  SystemTimeToFileTime

  FileTimeToSystemTime

  sspicli

  LogonUserExExW

  api-ms-win-eventing-controller-l1-1-0

  ControlTraceW

  StartTraceW

  EnableTraceEx2

  api-ms-win-core-processenvironment-l1-1-0

  ExpandEnvironmentStringsW

  api-ms-win-core-file-l2-1-0

  MoveFileWithProgressW

  api-ms-win-security-sddl-l1-1-0

  ConvertSidToStringSidW

  ConvertStringSecurityDescriptorToSecurityDescriptorW

  ConvertSecurityDescriptorToStringSecurityDescriptorW

  api-ms-win-core-string-l1-1-0

  CompareStringOrdinal

  MultiByteToWideChar

  CompareStringW

  api-ms-win-core-file-l1-2-0

  GetVolumePathNamesForVolumeNameW

  GetVolumeNameForVolumeMountPointW

  api-ms-win-core-interlocked-l1-1-0

  InitializeSListHead

  InterlockedPushEntrySList

  InterlockedPopEntrySList

  api-ms-win-core-wow64-l1-1-0

  IsWow64Process

  api-ms-win-devices-config-l1-1-1

  CM_Get_Parent

  srvcli

  NetShareAdd

  NetShareEnum

  NetShareDel

  netutils

  NetApiBufferFree

  api-ms-win-core-perfcounters-l1-1-0

  PerfSetULongCounterValue

  PerfCreateInstance

  PerfStopProvider

  PerfDeleteInstance

  PerfStartProviderEx

  PerfIncrementULongCounterValue

  PerfSetCounterSetInfo

  wmiclnt

  WmiCloseBlock

  WmiQueryAllDataW

  WmiOpenBlock

  devobj

  DevObjEnumDeviceInfo

  DevObjGetDeviceInstanceId

  DevObjDeleteDevice

  DevObjOpenDeviceInterface

  DevObjCreateDeviceInfoList

  DevObjEnumDeviceInterfaces

  DevObjGetDeviceRegistryProperty

  DevObjDestroyDeviceInfoList

  DevObjGetDeviceInterfaceDetail

  DevObjGetClassDevs

  ntdll

  RtlGetLastNtStatus

  RtlSetThreadErrorMode

  NtQueryVolumeInformationFile

  NtPowerInformation

  NtQuerySystemInformation

  RtlFreeHeap

  RtlAllocateHeap

  NtSystemDebugControl

  RtlNtStatusToDosError

  NtCompareTokens

  RtlEnumerateGenericTableAvl

  RtlEnumerateGenericTableWithoutSplayingAvl

  RtlInsertElementGenericTableAvl

  RtlLookupElementGenericTableAvl

  RtlDeleteElementGenericTableAvl

  RtlInitializeGenericTableAvl

  EtwTraceMessage

  RtlDeleteElementGenericTableAvlEx

  RtlAnsiStringToUnicodeString

  RtlxAnsiStringToUnicodeSize

  RtlInitAnsiString

  api-ms-win-core-kernel32-legacy-l1-1-1

  VerifyVersionInfoW

  SetVolumeMountPointW

  wevtapi

  EvtArchiveExportedLog

  EvtExportLog

  mi

  MI_Application_InitializeV1

  virtdisk

  GetStorageDependencyInformation

  resutils

  ResUtilFindSzProperty

  bcrypt

  BCryptGenRandom

  cfgmgr32

  CM_Unregister_Notification

  CM_Reenumerate_DevNode

  CM_MapCrToWin32Err

  CM_Register_Notification

  CM_Reenumerate_DevNode_Ex

  bcd

  BcdOpenSystemStore

  BcdCloseObject

  BcdOpenObject

  BcdDeleteObject

  BcdCloseStore

  BcdEnumerateObjects

  BcdEnumerateElementTypes

  BcdGetElementDataWithFlags

  BcdSetElementData

  BcdDeleteElement

  BcdGetElementData

  api-ms-win-core-version-l1-1-0

  VerQueryValueW

  GetFileVersionInfoSizeExW

  GetFileVersionInfoExW

  api-ms-win-core-sysinfo-l1-2-0

  VerSetConditionMask

  api-ms-win-core-io-l1-1-1

  CancelIo

  api-ms-win-core-memory-l1-1-0

  VirtualFree

  VirtualAlloc

  api-ms-win-core-delayload-l1-1-1

  ResolveDelayLoadedAPI

  api-ms-win-core-delayload-l1-1-0

  DelayLoadFailureHook

  api-ms-win-core-apiquery-l1-1-0

  ApiSetQueryApiSetPresence

  Exports

  Exports

  DllCanUnloadNow

  DllGetClassObject

  DllMain

  DllRegisterServer

  DllUnregisterServer

  GetProviderClassID

  MI_Main

  PreShutdown

  SetShutdownCallback

  SmpUnload

  WspCheckMinimumSubsystemVersion

  WspCompleteMethod

  WspCreateJob

  WspEnumerateRemoteInstances

  WspFreeString

  WspGetClassName

  WspGetRemoteInstance

  WspGetSubsystemFilter

  WspGuidToString

  WspInvokeRemoteMethod

  WspIsAutomaticClusteringEnabled

  WspIsRemoteInstance

  WspIsRemoteRequest

  WspPackObjectId

  WspPostAssociation

  WspPostSubsystemAssociationReferenceObject

  WspProviderEnter

  WspProviderExit

  WspReferencesOfRemoteInstance

  WspRunMethodAsJob

  WspSendIndication

  WspUnpackObjectId

  WspUpdateMethod

  Sections

  .text

  Size: 1.8MB - Virtual size: 1.8MB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: 1005KB - Virtual size: 1005KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: 115KB - Virtual size: 126KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .pdata

  Size: 40KB - Virtual size: 40KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .didat

  Size: 512B - Virtual size: 456B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rsrc

  Size: 11KB - Virtual size: 11KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .reloc

  Size: 96KB - Virtual size: 95KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ

• port/cont/rich/oope/msftedit.dll

  .dll windows x64

  Password: 7575

  3ad9b43610cf02f830e2e8bacdc12b48

  
  

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA

  IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

  IMAGE_DLLCHARACTERISTICS_NX_COMPAT

  IMAGE_DLLCHARACTERISTICS_GUARD_CF

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_LARGE_ADDRESS_AWARE

  Imports

  api-ms-win-crt-string-l1-1-0

  wcsnlen

  wcsncmp

  strnlen

  memset

  strncmp

  api-ms-win-crt-runtime-l1-1-0

  _initterm_e

  _initterm

  api-ms-win-crt-private-l1-1-0

  _o__initialize_narrow_environment

  _o__initialize_onexit_table

  _o__invalid_parameter_noinfo

  _o__invalid_parameter_noinfo_noreturn

  _o__itow_s

  _o__register_onexit_function

  _o__seh_filter_dll

  memmove

  _o__wcsicmp

  _o__wcsnicmp

  _o_free

  _o_iswdigit

  _o_iswpunct

  _o_iswspace

  _o_malloc

  _o_memcpy_s

  _o_pow

  _o_qsort

  _o_realloc

  _o_sqrt

  _o_strncpy_s

  _o_wcscat_s

  _o_wcscpy_s

  _o_wcsncpy_s

  _o_wcstod

  _o_wmemcpy_s

  __CxxFrameHandler3

  __std_terminate

  _CxxThrowException

  _o__execute_onexit_table

  _o__errno

  _o__crt_atexit

  _o__configure_narrow_argv

  _o__cexit

  _o__callnewh

  _o___stdio_common_vswscanf

  _o___stdio_common_vswprintf_s

  _o___stdio_common_vswprintf

  _o___stdio_common_vsprintf_s

  _o___stdio_common_vsnprintf_s

  _o___std_type_info_destroy_list

  _o___std_exception_destroy

  _o___std_exception_copy

  __CxxFrameHandler4

  wcschr

  wcsstr

  __C_specific_handler

  memcmp

  memcpy

  api-ms-win-core-errorhandling-l1-1-0

  GetLastError

  SetUnhandledExceptionFilter

  UnhandledExceptionFilter

  RaiseException

  SetLastError

  api-ms-win-core-string-l1-1-0

  WideCharToMultiByte

  GetStringTypeExW

  CompareStringOrdinal

  MultiByteToWideChar

  CompareStringEx

  api-ms-win-core-libraryloader-l1-2-0

  GetProcAddress

  LoadLibraryExW

  GetModuleFileNameW

  GetModuleHandleExW

  GetModuleHandleW

  DisableThreadLibraryCalls

  FreeLibrary

  LoadResource

  GetModuleFileNameA

  GetModuleHandleA

  LoadStringW

  api-ms-win-core-localization-l1-2-0

  FormatMessageW

  GetLocaleInfoW

  IsValidCodePage

  LocaleNameToLCID

  LCMapStringEx

  GetSystemDefaultLangID

  ResolveLocaleName

  GetLocaleInfoEx

  GetSystemDefaultLCID

  GetThreadLocale

  GetUserDefaultLCID

  api-ms-win-core-processthreads-l1-1-0

  TlsSetValue

  GetCurrentProcessId

  GetCurrentThreadId

  TlsGetValue

  TlsFree

  TerminateProcess

  TlsAlloc

  GetCurrentProcess

  api-ms-win-core-string-obsolete-l1-1-0

  lstrcmpiA

  api-ms-win-core-sysinfo-l1-1-0

  GetSystemDirectoryW

  GetTickCount64

  GetSystemTimeAsFileTime

  GetTickCount

  api-ms-win-core-localization-l1-2-2

  LCIDToLocaleName

  api-ms-win-core-winrt-error-l1-1-0

  RoOriginateError

  RoOriginateErrorW

  SetRestrictedErrorInfo

  oleaut32

  SysAllocStringByteLen

  SafeArrayGetElement

  VariantClear

  SysFreeString

  VariantInit

  api-ms-win-core-handle-l1-1-0

  CloseHandle

  api-ms-win-core-file-l1-1-0

  WriteFile

  CreateFileW

  GetFileType

  ReadFile

  SetFilePointer

  api-ms-win-core-atoms-l1-1-0

  FindAtomA

  api-ms-win-core-synch-l1-1-0

  ReleaseSemaphore

  WaitForSingleObject

  ReleaseMutex

  CreateSemaphoreExW

  InitializeSRWLock

  CreateEventW

  ResetEvent

  DeleteCriticalSection

  WaitForSingleObjectEx

  SetEvent

  AcquireSRWLockShared

  InitializeCriticalSectionAndSpinCount

  OpenSemaphoreW

  AcquireSRWLockExclusive

  CreateMutexExW

  LeaveCriticalSection

  CreateEventExW

  ReleaseSRWLockShared

  EnterCriticalSection

  ReleaseSRWLockExclusive

  WaitForMultipleObjectsEx

  api-ms-win-core-util-l1-1-0

  DecodePointer

  EncodePointer

  api-ms-win-core-quirks-l1-1-0

  QuirkIsEnabled

  api-ms-win-core-synch-l1-2-0

  InitOnceComplete

  InitOnceBeginInitialize

  InitOnceExecuteOnce

  api-ms-win-core-sysinfo-l1-2-0

  VerSetConditionMask

  api-ms-win-core-kernel32-legacy-l1-1-1

  VerifyVersionInfoW

  api-ms-win-core-registry-l1-1-0

  RegGetValueW

  RegSetValueExW

  RegQueryValueExW

  RegCreateKeyExW

  RegEnumKeyExW

  RegCloseKey

  RegQueryValueExA

  RegOpenKeyExA

  RegOpenKeyExW

  api-ms-win-core-winrt-error-l1-1-1

  RoGetMatchingRestrictedErrorInfo

  api-ms-win-eventing-provider-l1-1-0

  EventWriteTransfer

  EventSetInformation

  EventUnregister

  EventRegister

  api-ms-win-core-libraryloader-l1-2-1

  FindResourceW

  ntdll

  SbSelectProcedure

  WinSqmIncrementDWORD

  WinSqmIsOptedIn

  api-ms-win-core-heap-l2-1-0

  LocalFree

  GlobalAlloc

  GlobalFree

  api-ms-win-core-heap-obsolete-l1-1-0

  GlobalUnlock

  GlobalFlags

  GlobalReAlloc

  GlobalLock

  GlobalHandle

  GlobalSize

  api-ms-win-core-rtlsupport-l1-1-0

  RtlCaptureContext

  RtlLookupFunctionEntry

  RtlVirtualUnwind

  api-ms-win-core-debug-l1-1-0

  OutputDebugStringW

  DebugBreak

  IsDebuggerPresent

  api-ms-win-core-processthreads-l1-1-1

  IsProcessorFeaturePresent

  api-ms-win-core-profile-l1-1-0

  QueryPerformanceCounter

  api-ms-win-core-interlocked-l1-1-0

  InitializeSListHead

  api-ms-win-core-apiquery-l1-1-0

  ApiSetQueryApiSetPresence

  api-ms-win-core-heap-l1-1-0

  GetProcessHeap

  HeapAlloc

  HeapFree

  api-ms-win-core-threadpool-legacy-l1-1-0

  QueueUserWorkItem

  api-ms-win-core-threadpool-l1-2-0

  WaitForThreadpoolWorkCallbacks

  SubmitThreadpoolWork

  CreateThreadpoolWork

  CloseThreadpoolWork

  api-ms-win-core-path-l1-1-0

  PathCchAppend

  api-ms-win-core-shlwapi-legacy-l1-1-0

  PathFileExistsW

  api-ms-win-security-sddl-l1-1-0

  ConvertStringSecurityDescriptorToSecurityDescriptorW

  api-ms-win-core-registry-l1-1-1

  RegDeleteKeyValueW

  api-ms-win-core-delayload-l1-1-1

  ResolveDelayLoadedAPI

  api-ms-win-core-delayload-l1-1-0

  DelayLoadFailureHook

  api-ms-win-crt-math-l1-1-0

  ceilf

  Exports

  Exports

  CreateTextServices

  DisableOleinitCheck

  DllGetActivationFactory

  DllGetVersion

  GetMathAlphanumeric

  GetMathAlphanumericCode

  IID_IRichEditOle

  IID_IRichEditOleCallback

  IID_IRicheditUiaNotificationOverrides

  IID_IRicheditUiaOverrides

  IID_IRicheditWindowlessAccessibility

  IID_ITextDocument2

  IID_ITextHost

  IID_ITextHost2

  IID_ITextServices

  IID_ITextServices2

  MathBuildDown

  MathBuildUp

  MathTranslate

  RichEdit10ANSIWndProc

  RichEditANSIWndProc

  RichEditWndProc

  SetCustomTextOutHandlerEx

  SetTextServicesDpiCalculationOverride

  ShutdownTextServices

  Sections

  .text

  Size: 2.6MB - Virtual size: 2.6MB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: 421KB - Virtual size: 421KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: 12KB - Virtual size: 27KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .pdata

  Size: 98KB - Virtual size: 97KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .didat

  Size: 2KB - Virtual size: 2KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rsrc

  Size: 102KB - Virtual size: 101KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .reloc

  Size: 25KB - Virtual size: 25KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ

• port/cont/rich/oope/msoobeplugins.dll

  .dll windows x64

  bed546c25a833b59c8c1219501925209

  
  

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA

  IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

  IMAGE_DLLCHARACTERISTICS_NX_COMPAT

  IMAGE_DLLCHARACTERISTICS_GUARD_CF

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_LARGE_ADDRESS_AWARE

  Imports

  msvcrt

  memcmp

  wcsrchr

  iswascii

  iswupper

  towlower

  memmove_s

  iswspace

  wcscspn

  __CxxFrameHandler3

  _set_errno

  _get_errno

  wcstol

  _wcsicmp

  _wtol

  wcschr

  memmove

  memcpy

  _CxxThrowException

  ?what@exception@@UEBAPEBDXZ

  ??0exception@@QEAA@AEBQEBDH@Z

  ??0exception@@QEAA@AEBQEBD@Z

  _callnewh

  bsearch

  _vsnprintf

  _wcsnicmp

  swprintf_s

  toupper

  _wtoi

  rand

  memset

  realloc

  ??1type_info@@UEAA@XZ

  _onexit

  __dllonexit

  _unlock

  _lock

  ?terminate@@YAXXZ

  _initterm

  _amsg_exit

  _XcptFilter

  malloc

  free

  wcscpy_s

  _purecall

  __C_specific_handler

  _vsnprintf_s

  ??0exception@@QEAA@AEBV0@@Z

  ??0exception@@QEAA@XZ

  ??1exception@@UEAA@XZ

  ??3@YAXPEAX@Z

  memcpy_s

  _vsnwprintf

  ??_V@YAXPEAX@Z

  wcstok_s

  wcscmp

  shell32

  ord262

  SHGetFolderPathEx

  SHGetKnownFolderPath

  ShellExecuteExW

  shlwapi

  ord260

  ord219

  ord628

  SHStrDupW

  ord487

  ord278

  SHDeleteValueW

  StrTrimW

  StrChrW

  ord437

  ord12

  StrStrW

  SHCreateStreamOnFileW

  PathAppendW

  winlangdb

  SetUserLanguages

  api-ms-win-core-libraryloader-l1-2-0

  DisableThreadLibraryCalls

  GetModuleHandleW

  LoadLibraryExW

  GetModuleFileNameA

  LoadStringW

  FindResourceExW

  SizeofResource

  LoadResource

  GetModuleHandleExW

  GetProcAddress

  LockResource

  FreeLibrary

  api-ms-win-core-synch-l1-1-0

  ReleaseMutex

  CreateMutexExW

  AcquireSRWLockExclusive

  CreateSemaphoreExW

  InitializeCriticalSectionEx

  ReleaseSRWLockExclusive

  DeleteCriticalSection

  SetEvent

  WaitForSingleObjectEx

  EnterCriticalSection

  InitializeSRWLock

  ResetEvent

  LeaveCriticalSection

  CreateEventExW

  OpenSemaphoreW

  ReleaseSRWLockShared

  InitializeCriticalSection

  ReleaseSemaphore

  WaitForMultipleObjectsEx

  AcquireSRWLockShared

  CreateEventW

  WaitForSingleObject

  api-ms-win-core-heap-l1-1-0

  HeapFree

  HeapSize

  HeapReAlloc

  HeapDestroy

  GetProcessHeap

  HeapAlloc

  api-ms-win-core-errorhandling-l1-1-0

  SetLastError

  GetLastError

  UnhandledExceptionFilter

  RaiseException

  SetUnhandledExceptionFilter

  api-ms-win-core-processthreads-l1-1-0

  OpenProcessToken

  OpenThreadToken

  GetCurrentProcessId

  TerminateProcess

  CreateProcessW

  GetCurrentThreadId

  GetCurrentThread

  GetCurrentProcess

  api-ms-win-core-localization-l1-2-0

  GetUserGeoID

  GetLocaleInfoEx

  GetCPInfo

  SetUserGeoID

  FormatMessageW

  LCMapStringEx

  GetUserDefaultLCID

  SetThreadUILanguage

  EnumSystemGeoID

  EnumSystemLocalesW

  GetSystemPreferredUILanguages

  GetThreadPreferredUILanguages

  LocaleNameToLCID

  SetThreadPreferredUILanguages

  GetACP

  GetUserDefaultLocaleName

  GetLocaleInfoW

  GetGeoInfoW

  GetFileMUIPath

  GetThreadUILanguage

  api-ms-win-core-debug-l1-1-0

  DebugBreak

  IsDebuggerPresent

  OutputDebugStringW

  api-ms-win-core-handle-l1-1-0

  DuplicateHandle

  CloseHandle

  api-ms-win-eventing-provider-l1-1-0

  EventWriteTransfer

  EventUnregister

  EventSetInformation

  EventActivityIdControl

  EventRegister

  api-ms-win-core-winrt-error-l1-1-0

  RoTransformError

  RoOriginateError

  RoOriginateErrorW

  GetRestrictedErrorInfo

  SetRestrictedErrorInfo

  api-ms-win-core-util-l1-1-0

  DecodePointer

  EncodePointer

  api-ms-win-core-synch-l1-2-0

  WakeAllConditionVariable

  Sleep

  SleepConditionVariableSRW

  InitOnceExecuteOnce

  InitOnceComplete

  InitOnceBeginInitialize

  api-ms-win-core-winrt-string-l1-1-0

  HSTRING_UserUnmarshal

  HSTRING_UserSize64

  HSTRING_UserUnmarshal64

  HSTRING_UserFree

  WindowsCreateStringReference

  WindowsDeleteString

  HSTRING_UserFree64

  HSTRING_UserMarshal

  HSTRING_UserSize

  WindowsIsStringEmpty

  WindowsDuplicateString

  HSTRING_UserMarshal64

  WindowsGetStringRawBuffer

  WindowsConcatString

  WindowsCreateString

  WindowsStringHasEmbeddedNull

  api-ms-win-core-file-l1-1-0

  ReadFile

  DeleteFileW

  GetTempFileNameW

  FindNextVolumeW

  FindFirstVolumeW

  WriteFile

  GetFileSize

  CreateFileW

  GetDriveTypeW

  api-ms-win-core-string-l1-1-0

  WideCharToMultiByte

  CompareStringOrdinal

  CompareStringW

  MultiByteToWideChar

  api-ms-win-core-processenvironment-l1-1-0

  ExpandEnvironmentStringsW

  api-ms-win-core-rtlsupport-l1-1-0

  RtlCaptureContext

  RtlLookupFunctionEntry

  RtlVirtualUnwind

  api-ms-win-core-profile-l1-1-0

  QueryPerformanceCounter

  api-ms-win-core-sysinfo-l1-1-0

  GetTickCount

  GetTickCount64

  GetComputerNameExW

  GetSystemDirectoryW

  GetSystemTimeAsFileTime

  api-ms-win-security-base-l1-1-0

  GetSidSubAuthorityCount

  GetSidSubAuthority

  DuplicateTokenEx

  GetTokenInformation

  CopySid

  IsWellKnownSid

  AdjustTokenPrivileges

  GetSidLengthRequired

  api-ms-win-security-sddl-l1-1-0

  ConvertSidToStringSidW

  ConvertStringSidToSidW

  api-ms-win-core-heap-l2-1-0

  LocalAlloc

  LocalFree

  GlobalAlloc

  GlobalFree

  LocalReAlloc

  api-ms-win-core-registry-l1-1-0

  RegEnumKeyExW

  RegGetValueW

  RegSetValueExW

  RegCloseKey

  RegDeleteTreeW

  RegOpenKeyExW

  RegDeleteValueW

  RegEnumValueW

  RegCreateKeyExW

  RegQueryValueExW

  api-ms-win-service-management-l1-1-0

  CloseServiceHandle

  OpenSCManagerW

  StartServiceW

  OpenServiceW

  api-ms-win-service-management-l2-1-0

  QueryServiceStatusEx

  QueryServiceConfigW

  ChangeServiceConfigW

  api-ms-win-service-winsvc-l1-1-0

  ControlService

  QueryServiceStatus

  api-ms-win-core-file-l1-2-0

  GetVolumePathNamesForVolumeNameW

  GetTempPathW

  api-ms-win-core-sysinfo-l1-2-0

  SetComputerNameExW

  api-ms-win-core-threadpool-l1-2-0

  CloseThreadpoolWait

  CloseThreadpoolTimer

  SetThreadpoolTimer

  WaitForThreadpoolWaitCallbacks

  SetThreadpoolWait

  WaitForThreadpoolTimerCallbacks

  CreateThreadpoolTimer

  CreateThreadpoolWait

  api-ms-win-core-localization-l1-2-3

  GetUserDefaultGeoName

  api-ms-win-core-synch-l1-2-1

  WaitForMultipleObjects

  api-ms-win-core-localization-l1-2-2

  GetSystemDefaultLocaleName

  LCIDToLocaleName

  api-ms-win-security-lsalookup-l2-1-0

  LookupPrivilegeValueW

  LookupAccountNameW

  userenv

  UnloadUserProfile

  ord206

  LoadUserProfileW

  DeleteProfileW

  api-ms-win-core-libraryloader-l1-2-1

  LoadLibraryW

  api-ms-win-core-winrt-l1-1-0

  RoInitialize

  RoUninitialize

  RoGetActivationFactory

  RoActivateInstance

  api-ms-win-core-timezone-l1-1-0

  GetDynamicTimeZoneInformation

  SetDynamicTimeZoneInformation

  rpcrt4

  RpcExceptionFilter

  NdrClientCall3

  UuidCreate

  NdrStubCall3

  RpcStringFreeW

  RpcStringBindingComposeW

  NdrStubForwardingFunction

  CStdStubBuffer_Connect

  CStdStubBuffer_IsIIDSupported

  IUnknown_QueryInterface_Proxy

  CStdStubBuffer_Disconnect

  CStdStubBuffer_DebugServerRelease

  NdrOleAllocate

  CStdStubBuffer_QueryInterface

  CStdStubBuffer_CountRefs

  IUnknown_Release_Proxy

  CStdStubBuffer_AddRef

  NdrOleFree

  CStdStubBuffer_DebugServerQueryInterface

  RpcBindingFromStringBindingW

  RpcBindingFree

  IUnknown_AddRef_Proxy

  CStdStubBuffer_Invoke

  NdrCStdStubBuffer_Release

  NdrDllCanUnloadNow

  NdrDllGetClassObject

  NdrCStdStubBuffer2_Release

  api-ms-win-core-com-midlproxystub-l1-1-0

  ObjectStublessClient11

  ObjectStublessClient12

  ObjectStublessClient13

  CStdStubBuffer2_QueryInterface

  ObjectStublessClient6

  NdrProxyForwardingFunction5

  CStdStubBuffer2_Disconnect

  CStdStubBuffer2_CountRefs

  ObjectStublessClient15

  CStdStubBuffer2_Connect

  ObjectStublessClient3

  ObjectStublessClient14

  NdrProxyForwardingFunction3

  ObjectStublessClient16

  NdrProxyForwardingFunction4

  ObjectStublessClient10

  ObjectStublessClient8

  ObjectStublessClient17

  ObjectStublessClient9

  ObjectStublessClient7

  api-ms-win-core-winrt-error-l1-1-1

  RoReportFailedDelegate

  IsErrorPropagationEnabled

  RoGetMatchingRestrictedErrorInfo

  api-ms-win-core-processthreads-l1-1-1

  OpenProcess

  api-ms-win-core-path-l1-1-0

  PathCchAppend

  PathCchRenameExtension

  api-ms-win-core-io-l1-1-0

  DeviceIoControl

  api-ms-win-core-heap-obsolete-l1-1-0

  GlobalLock

  GlobalUnlock

  GlobalSize

  api-ms-win-core-kernel32-legacy-l1-1-0

  DnsHostnameToComputerNameW

  GetComputerNameW

  GetSystemPowerStatus

  api-ms-win-core-kernel32-legacy-l1-1-1

  PowerCreateRequest

  PowerClearRequest

  PowerSetRequest

  api-ms-win-core-kernel32-legacy-l1-1-5

  SetThreadExecutionState

  api-ms-win-stateseparation-helpers-l1-1-0

  GetPersistedRegistryLocationW

  api-ms-win-core-localization-private-l1-1-0

  NlsUpdateLocale

  api-ms-win-core-threadpool-legacy-l1-1-0

  QueueUserWorkItem

  api-ms-win-security-capability-l1-1-0

  CapabilityCheck

  bcp47langs

  Bcp47FromLcid

  AppendUserLanguageInternal

  GetUserLanguageInputMethods

  winbrand

  GetInstalledEULAPath

  EulaFreeBuffer

  GetEULAFile

  InstallEULA

  api-ms-win-security-lsapolicy-l1-1-0

  LsaRetrievePrivateData

  LsaStorePrivateData

  LsaSetInformationPolicy

  LsaOpenPolicy

  LsaClose

  LsaFreeMemory

  LsaQueryInformationPolicy

  cryptsp

  CryptGenKey

  CryptAcquireContextW

  CryptExportKey

  CryptDestroyKey

  CryptReleaseContext

  CryptImportKey

  CryptEncrypt

  api-ms-win-core-apiquery-l1-1-0

  ApiSetQueryApiSetPresence

  advapi32

  LogonUserW

  RegQueryInfoKeyW

  ConvertStringSecurityDescriptorToSecurityDescriptorW

  RegSetKeySecurity

  RegDeleteKeyExW

  DuplicateToken

  CheckTokenMembership

  CreateWellKnownSid

  TraceMessage

  comctl32

  ord328

  ord386

  ord334

  ord337

  ord329

  ord385

  ord338

  credui

  CredPackAuthenticationBufferW

  CredUnPackAuthenticationBufferW

  kernel32

  FindClose

  GetFileAttributesW

  FindNextFileW

  FindFirstFileW

  GetFullPathNameW

  EnumUILanguagesW

  GetModuleFileNameW

  GetPrivateProfileSectionW

  ResolveLocaleName

  GetSystemDefaultUILanguage

  CreateDirectoryW

  ntdll

  WinSqmStartSession

  WinSqmEndSession

  RtlIsMultiSessionSku

  RtlConvertSidToUnicodeString

  RtlSubscribeWnfStateChangeNotification

  NtQueryWnfStateData

  RtlUnsubscribeWnfNotificationWaitForCompletion

  NtOpenFile

  NtClose

  NtDeviceIoControlFile

  NtQueryLicenseValue

  RtlFreeHeap

  NtQueryInformationToken

  RtlAllocateHeap

  RtlGetUILanguageInfo

  NtUpdateWnfStateData

  RtlpVerifyAndCommitUILanguageSettings

  RtlNtStatusToDosError

  RtlpSetPreferredUILanguages

  RtlPublishWnfStateData

  RtlFreeUnicodeString

  RtlEqualUnicodeString

  RtlCanonicalizeDomainName

  RtlInitUnicodeString

  RtlGetDeviceFamilyInfoEnum

  WinSqmAddToStream

  WinSqmIncrementDWORD

  WinSqmSetDWORD

  user32

  PostMessageW

  RegisterWindowMessageW

  GetWindowLongPtrW

  DefWindowProcW

  ExitWindowsEx

  LoadCursorW

  SetCursor

  TranslateMessage

  PostQuitMessage

  PeekMessageW

  MsgWaitForMultipleObjectsEx

  SetWindowLongPtrW

  UnregisterDeviceNotification

  KillTimer

  RegisterDeviceNotificationW

  GetMessageW

  SetTimer

  UnregisterClassA

  DestroyWindow

  GetForegroundWindow

  DispatchMessageW

  GetPointerDevices

  input

  ord110

  ord106

  ord105

  ord107

  ord104

  api-ms-win-core-delayload-l1-1-1

  ResolveDelayLoadedAPI

  api-ms-win-core-delayload-l1-1-0

  DelayLoadFailureHook

  Exports

  Exports

  DllCanUnloadNow

  DllGetActivationFactory

  DllGetClassObject

  Sections

  .text

  Size: 689KB - Virtual size: 688KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: 339KB - Virtual size: 339KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: 8KB - Virtual size: 12KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .pdata

  Size: 28KB - Virtual size: 28KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .didat

  Size: 1024B - Virtual size: 864B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rsrc

  Size: 10KB - Virtual size: 9KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .reloc

  Size: 17KB - Virtual size: 16KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ

• port/det/DMWmiBridgeProv.dll

  .dll regsvr32 windows x64

  3654398321e9ef24847f22d2e5c0feab

  
  

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA

  IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

  IMAGE_DLLCHARACTERISTICS_NX_COMPAT

  IMAGE_DLLCHARACTERISTICS_GUARD_CF

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_LARGE_ADDRESS_AWARE

  Imports

  msvcrt

  sprintf_s

  _wtoi

  _wcsicmp

  _wcsnicmp

  wcsstr

  swprintf_s

  memcpy

  ??1type_info@@UEAA@XZ

  ?terminate@@YAXXZ

  _callnewh

  _vsnprintf_s

  ??0exception@@QEAA@AEBV0@@Z

  ??0exception@@QEAA@XZ

  ??1exception@@UEAA@XZ

  _purecall

  ??3@YAXPEAX@Z

  memcpy_s

  _vsnwprintf

  ??_V@YAXPEAX@Z

  __CxxFrameHandler3

  memmove

  memset

  _onexit

  __dllonexit

  _unlock

  _lock

  __C_specific_handler

  _initterm

  _amsg_exit

  _XcptFilter

  malloc

  free

  _CxxThrowException

  wcscmp

  api-ms-win-core-sysinfo-l1-1-0

  GetSystemDirectoryW

  GetSystemTimeAsFileTime

  GetTickCount

  api-ms-win-core-errorhandling-l1-1-0

  GetLastError

  SetLastError

  SetUnhandledExceptionFilter

  UnhandledExceptionFilter

  api-ms-win-core-libraryloader-l1-2-0

  FreeLibrary

  LoadLibraryExW

  GetModuleHandleExW

  DisableThreadLibraryCalls

  GetModuleHandleW

  GetModuleFileNameA

  GetProcAddress

  api-ms-win-core-synch-l1-2-0

  WakeAllConditionVariable

  Sleep

  SleepConditionVariableSRW

  api-ms-win-core-rtlsupport-l1-1-0

  RtlVirtualUnwind

  RtlLookupFunctionEntry

  RtlCaptureContext

  api-ms-win-core-processthreads-l1-1-0

  GetCurrentProcess

  TerminateProcess

  GetCurrentProcessId

  GetCurrentThreadId

  api-ms-win-core-profile-l1-1-0

  QueryPerformanceCounter

  msvcp110_win

  ?pbump@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXH@Z

  ?_Pninc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAPEAGXZ

  ??0?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAA@PEAV?$basic_streambuf@GU?$char_traits@G@std@@@1@_N@Z

  ?_Osfx@?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAXXZ

  ??1?$basic_ios@GU?$char_traits@G@std@@@std@@UEAA@XZ

  ?_Add_vtordisp1@?$basic_ios@GU?$char_traits@G@std@@@std@@UEAAXXZ

  ?setstate@?$basic_ios@GU?$char_traits@G@std@@@std@@QEAAXH_N@Z

  ?sputc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QEAAGG@Z

  ?_Lock@?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAAXXZ

  ?_Unlock@?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAAXXZ

  ?showmanyc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JXZ

  ?uflow@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAGXZ

  ?xsgetn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JPEAG_J@Z

  ?xsputn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JPEBG_J@Z

  ?setbuf@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAPEAV12@PEAG_J@Z

  ?gbump@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXH@Z

  ?imbue@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAXAEBVlocale@2@@Z

  ??1?$basic_ostream@GU?$char_traits@G@std@@@std@@UEAA@XZ

  ?_Add_vtordisp2@?$basic_ostream@GU?$char_traits@G@std@@@std@@UEAAXXZ

  ??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z

  ?flush@?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV12@XZ

  ?endl@std@@YAAEAV?$basic_ostream@GU?$char_traits@G@std@@@1@AEAV21@@Z

  ??0?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAA@XZ

  ?_BADOFF@std@@3_JB

  ?uncaught_exception@std@@YA_NXZ

  ?_Xbad_alloc@std@@YAXXZ

  ?_Xout_of_range@std@@YAXPEBD@Z

  ?sync@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAHXZ

  ??1?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAA@XZ

  ?_Winerror_map@std@@YAPEBDH@Z

  ?_Syserror_map@std@@YAPEBDH@Z

  ?sputn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QEAA_JPEBG_J@Z

  ?_Xlength_error@std@@YAXPEBD@Z

  ??0?$basic_ios@GU?$char_traits@G@std@@@std@@IEAA@XZ

  api-ms-win-eventing-provider-l1-1-0

  EventActivityIdControl

  EventUnregister

  EventSetInformation

  EventRegister

  EventWriteTransfer

  api-ms-win-core-synch-l1-1-0

  DeleteCriticalSection

  CreateMutexExW

  OpenSemaphoreW

  WaitForSingleObjectEx

  WaitForSingleObject

  ReleaseSemaphore

  CreateSemaphoreExW

  EnterCriticalSection

  InitializeCriticalSection

  LeaveCriticalSection

  ReleaseSRWLockExclusive

  AcquireSRWLockExclusive

  ReleaseMutex

  api-ms-win-core-heap-l1-1-0

  HeapFree

  GetProcessHeap

  HeapAlloc

  api-ms-win-core-localization-l1-2-0

  FormatMessageW

  api-ms-win-core-debug-l1-1-0

  OutputDebugStringW

  IsDebuggerPresent

  DebugBreak

  api-ms-win-core-handle-l1-1-0

  CloseHandle

  coredpus

  ord10

  dmenrollengine

  ord10

  ord12

  EnrollEngineInitialize

  dmcmnutils

  UnicodeToMB

  DmGetCurrentUserSid

  DmIsRunningInSystemContext

  EscapeStringW

  ntdll

  RtlIsStateSeparationEnabled

  oleaut32

  VariantInit

  SysFreeString

  SysAllocStringByteLen

  SysAllocString

  VariantCopy

  VariantClear

  VariantChangeType

  api-ms-win-core-heap-l2-1-0

  LocalFree

  LocalAlloc

  api-ms-win-core-com-l1-1-0

  CoUninitialize

  StringFromGUID2

  CLSIDFromString

  CoInitializeEx

  CoCreateInstance

  rpcrt4

  UuidCreate

  api-ms-win-core-registry-l1-1-0

  RegQueryValueExW

  RegOpenKeyExW

  RegCloseKey

  api-ms-win-core-shlwapi-obsolete-l1-1-0

  StrChrW

  shlwapi

  ord12

  xmllite

  CreateXmlReader

  CreateXmlReaderInputWithEncodingName

  Exports

  Exports

  DllCanUnloadNow

  DllGetClassObject

  DllMain

  DllRegisterServer

  DllUnregisterServer

  GetProviderClassID

  MI_Main

  Sections

  .text

  Size: 2.6MB - Virtual size: 2.6MB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: 1.3MB - Virtual size: 1.3MB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: 119KB - Virtual size: 121KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .pdata

  Size: 72KB - Virtual size: 71KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .rsrc

  Size: 1KB - Virtual size: 1KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .reloc

  Size: 103KB - Virtual size: 102KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ

• port/det/MSVidCtl.dll

  .dll regsvr32 windows x64

  dd5e8a87d388e7f0e0dcb3f9ea5a64ef

  
  

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA

  IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

  IMAGE_DLLCHARACTERISTICS_NX_COMPAT

  IMAGE_DLLCHARACTERISTICS_GUARD_CF

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_LARGE_ADDRESS_AWARE

  Imports

  msvcrt

  _wsplitpath_s

  wcscspn

  swscanf

  _wcsicmp

  wcsncmp

  iswalpha

  ??0exception@@QEAA@AEBQEBDH@Z

  _callnewh

  _XcptFilter

  _amsg_exit

  _initterm

  ?terminate@@YAXXZ

  _lock

  _unlock

  __dllonexit

  _onexit

  ??1type_info@@UEAA@XZ

  memset

  memmove

  memcpy

  memcmp

  floor

  __CxxFrameHandler3

  _ui64tow

  _errno

  wcstol

  wcsstr

  iswspace

  ??8type_info@@QEBAHAEBV0@@Z

  wcstoul

  _vsnprintf

  _wcsnicmp

  _vsnwprintf

  _itow

  _wtoi

  iswdigit

  _purecall

  realloc

  wcscat_s

  malloc

  ??0exception@@QEAA@XZ

  memmove_s

  ??0exception@@QEAA@AEBQEBD@Z

  ??1exception@@UEAA@XZ

  ?what@exception@@UEBAPEBDXZ

  memcpy_s

  ??0exception@@QEAA@AEBV0@@Z

  wcsnlen

  free

  wcscpy_s

  __C_specific_handler

  _CxxThrowException

  wcscmp

  ole32

  GetRunningObjectTable

  MkParseDisplayName

  CreateBindCtx

  OleRegEnumVerbs

  OleRegGetUserType

  CreateOleAdviseHolder

  OleRegGetMiscStatus

  CreateDataAdviseHolder

  CoGetMalloc

  CoInitializeEx

  CoWaitForMultipleHandles

  CoUninitialize

  ProgIDFromCLSID

  StringFromCLSID

  OleSaveToStream

  WriteClassStm

  OleLoadFromStream

  StringFromGUID2

  CoCreateFreeThreadedMarshaler

  CLSIDFromString

  CreateItemMoniker

  CoTaskMemFree

  CoTaskMemRealloc

  CoCreateInstance

  ReadClassStm

  HDC_UserSize64

  HDC_UserMarshal

  HDC_UserUnmarshal64

  HDC_UserFree

  HDC_UserUnmarshal

  HDC_UserMarshal64

  HDC_UserSize

  HDC_UserFree64

  HWND_UserUnmarshal64

  HWND_UserMarshal64

  HWND_UserMarshal

  HWND_UserSize

  HWND_UserSize64

  HWND_UserFree64

  HWND_UserFree

  HWND_UserUnmarshal

  CoTaskMemAlloc

  oleaut32

  SafeArrayUnaccessData

  SysStringByteLen

  SysAllocStringLen

  SafeArrayDestroy

  LoadRegTypeLi

  SafeArrayAccessData

  CreateErrorInfo

  VariantInit

  VariantChangeTypeEx

  VarCmp

  OleCreatePictureIndirect

  OleCreatePropertyFrame

  SetErrorInfo

  VariantChangeType

  SysAllocStringByteLen

  VarUI4FromStr

  VariantClear

  VariantCopy

  LoadTypeLi

  SysAllocString

  SysStringLen

  RegisterTypeLi

  LPSAFEARRAY_UserSize64

  LPSAFEARRAY_UserMarshal

  LPSAFEARRAY_UserUnmarshal64

  LPSAFEARRAY_UserMarshal64

  LPSAFEARRAY_UserFree64

  LPSAFEARRAY_UserUnmarshal

  LPSAFEARRAY_UserFree

  LPSAFEARRAY_UserSize

  BSTR_UserMarshal64

  BSTR_UserSize64

  BSTR_UserFree64

  VARIANT_UserUnmarshal64

  VARIANT_UserFree64

  BSTR_UserMarshal

  VARIANT_UserMarshal

  BSTR_UserUnmarshal

  VARIANT_UserSize

  VARIANT_UserUnmarshal

  VARIANT_UserFree

  BSTR_UserUnmarshal64

  BSTR_UserFree

  VARIANT_UserMarshal64

  VARIANT_UserSize64

  BSTR_UserSize

  SysFreeString

  SafeArrayCreate

  kernel32

  UnhandledExceptionFilter

  RtlVirtualUnwind

  RtlLookupFunctionEntry

  RtlCaptureContext

  InterlockedPopEntrySList

  InterlockedPushEntrySList

  FlushInstructionCache

  GetProcessHeap

  TerminateProcess

  HeapAlloc

  EncodePointer

  LoadLibraryExA

  VirtualFree

  HeapFree

  WriteFile

  ExpandEnvironmentStringsW

  OutputDebugStringA

  GetTempPathW

  GetLocalTime

  SetLastError

  GetCurrentThreadId

  GlobalAlloc

  GlobalLock

  GlobalUnlock

  GetTickCount64

  GetCurrentProcessId

  IsValidLocale

  LoadLibraryW

  GetSystemDirectoryW

  WideCharToMultiByte

  GetVersionExW

  GetDriveTypeW

  DeviceIoControl

  CreateFileW

  Sleep

  GetLocaleInfoW

  SetThreadExecutionState

  DecodeSystemPointer

  SizeofResource

  GetCurrentProcess

  DuplicateHandle

  WaitForMultipleObjects

  CreateThread

  ResetEvent

  SetEvent

  SetUnhandledExceptionFilter

  ReleaseSRWLockExclusive

  AcquireSRWLockExclusive

  WakeAllConditionVariable

  SleepConditionVariableSRW

  QueryPerformanceCounter

  GetSystemTimeAsFileTime

  GetTickCount

  DecodePointer

  CreateMutexW

  LockResource

  LoadResource

  FindResourceW

  ReleaseMutex

  WaitForSingleObject

  CloseHandle

  CreateEventW

  MultiByteToWideChar

  FormatMessageW

  lstrlenA

  OutputDebugStringW

  DebugBreak

  GetSystemInfo

  VirtualQuery

  VirtualAlloc

  VirtualProtect

  GetModuleHandleW

  lstrcpynW

  lstrcmpiW

  lstrlenW

  lstrcpyW

  HeapDestroy

  DisableThreadLibraryCalls

  FreeLibrary

  EncodeSystemPointer

  GetModuleFileNameW

  LoadLibraryExW

  GetProcAddress

  GetLastError

  LeaveCriticalSection

  EnterCriticalSection

  DeleteCriticalSection

  InitializeCriticalSection

  RaiseException

  user32

  SetWindowLongPtrW

  FillRect

  LoadCursorW

  wsprintfW

  GetWindowLongPtrW

  CreateWindowExW

  RegisterClassExW

  DefWindowProcW

  BeginPaint

  EndPaint

  UnionRect

  OffsetRect

  SetWindowRgn

  GetClassInfoExW

  SetWindowPos

  GetClientRect

  PtInRect

  SendMessageW

  DestroyWindow

  SetCursor

  LoadImageW

  DestroyAcceleratorTable

  ShowWindow

  CallWindowProcW

  CharNextW

  LoadStringW

  CharPrevW

  wvsprintfW

  MsgWaitForMultipleObjectsEx

  PeekMessageW

  TranslateMessage

  DispatchMessageW

  PostThreadMessageW

  IsWindow

  CopyRect

  MapWindowPoints

  EqualRect

  ReleaseDC

  GetDC

  SystemParametersInfoW

  GetWindowRect

  GetParent

  IntersectRect

  PostMessageW

  GetKeyState

  SetCapture

  ReleaseCapture

  SetTimer

  KillTimer

  GetDesktopWindow

  InvalidateRect

  SetFocus

  GetFocus

  IsChild

  advapi32

  RegQueryValueW

  CryptGenRandom

  CryptReleaseContext

  RegCloseKey

  RegOpenKeyExW

  RegEnumKeyExW

  RegQueryInfoKeyW

  RegEnumValueW

  CryptGetHashParam

  CryptDestroyHash

  CryptHashData

  CryptCreateHash

  SetSecurityDescriptorDacl

  InitializeSecurityDescriptor

  CryptAcquireContextW

  RegQueryValueExW

  RegSetValueW

  RegDeleteValueW

  RegCreateKeyExW

  RegSetValueExW

  gdi32

  DeleteDC

  CreateCompatibleDC

  SelectObject

  CreateDIBitmap

  DeleteMetaFile

  CloseMetaFile

  GetDeviceCaps

  SetWindowOrgEx

  SaveDC

  SetWindowExtEx

  CreateMetaFileW

  CreateRectRgnIndirect

  CreateSolidBrush

  DeleteObject

  RestoreDC

  shlwapi

  UrlIsW

  PathCreateFromUrlW

  rpcrt4

  NdrCStdStubBuffer_Release

  NdrStubForwardingFunction

  NdrDllCanUnloadNow

  IUnknown_AddRef_Proxy

  NdrOleFree

  IUnknown_Release_Proxy

  NdrOleAllocate

  IUnknown_QueryInterface_Proxy

  NdrStubCall3

  CStdStubBuffer_Invoke

  NdrClientCall3

  CStdStubBuffer_DebugServerQueryInterface

  CStdStubBuffer_AddRef

  CStdStubBuffer_CountRefs

  CStdStubBuffer_QueryInterface

  CStdStubBuffer_DebugServerRelease

  CStdStubBuffer_Disconnect

  CStdStubBuffer_IsIIDSupported

  CStdStubBuffer_Connect

  NdrCStdStubBuffer2_Release

  NdrDllUnregisterProxy

  NdrDllRegisterProxy

  NdrDllGetClassObject

  slc

  SLGetWindowsInformationDWORD

  Exports

  Exports

  DllCanUnloadNow

  DllGetClassObject

  DllRegisterServer

  DllUnregisterServer

  GetProxyDllInfo

  Sections

  .text

  Size: 1.4MB - Virtual size: 1.4MB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: 1.2MB - Virtual size: 1.2MB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: 266KB - Virtual size: 270KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .pdata

  Size: 81KB - Virtual size: 80KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .rsrc

  Size: 314KB - Virtual size: 314KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .reloc

  Size: 60KB - Virtual size: 59KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ

• port/det/migstore.dll

  .dll windows x64

  d114f589d18689470f8720a61912fb22

  
  

  Code Sign

  33:00:00:03:8d:b0:bf:e1:b0:ca:33:b3:d4:00:00:00:00:03:8d

  Certificate

  Issuer

  CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

  Not Before

  05-05-2022 19:23

  Not After

  04-05-2023 19:23

  Subject

  CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

  Extended Key Usages

  ExtKeyUsageCodeSigning

  61:07:76:56:00:00:00:00:00:08

  Certificate

  Issuer

  CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

  Not Before

  19-10-2011 18:41

  Not After

  19-10-2026 18:51

  Subject

  CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageCertSign

  KeyUsageCRLSign

  d6:dc:52:ea:8e:61:4f:2c:93:21:97:c0:c4:a7:44:91:e5:44:c2:5e:cd:f5:20:d0:63:a8:b1:77:d4:26:48:cf

  Signer

  Actual PE Digest

  d6:dc:52:ea:8e:61:4f:2c:93:21:97:c0:c4:a7:44:91:e5:44:c2:5e:cd:f5:20:d0:63:a8:b1:77:d4:26:48:cf

  Digest Algorithm

  sha256

  PE Digest Matches

  true

  Signature Validations

  Trusted

  false

  Verification

  Signing Certificate

  CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

  20-02-2023 17:34

  Valid: false

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA

  IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

  IMAGE_DLLCHARACTERISTICS_NX_COMPAT

  IMAGE_DLLCHARACTERISTICS_GUARD_CF

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_LARGE_ADDRESS_AWARE

  IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP

  IMAGE_FILE_NET_RUN_FROM_SWAP

  Imports

  msvcrt

  __RTDynamicCast

  _setjmp

  memcpy

  memmove

  _onexit

  __dllonexit

  _unlock

  _lock

  ?terminate@@YAXXZ

  ??1type_info@@UEAA@XZ

  __C_specific_handler

  _initterm

  _amsg_exit

  _XcptFilter

  _CxxThrowException

  _callnewh

  ?what@exception@@UEBAPEBDXZ

  ??1exception@@UEAA@XZ

  ??0exception@@QEAA@AEBV0@@Z

  ??0exception@@QEAA@AEBQEBDH@Z

  iswlower

  iswalpha

  longjmp

  swscanf_s

  _wcsnicmp

  _wtoi64

  _purecall

  malloc

  calloc

  memmove_s

  free

  ?name@type_info@@QEBAPEBDXZ

  wcschr

  towlower

  __CxxFrameHandler3

  memset

  kernel32

  GetProcessHeap

  HeapAlloc

  HeapFree

  CloseHandle

  GetLastError

  SetFilePointer

  SetEndOfFile

  CreateFileW

  ReadFile

  SetFileAttributesW

  DeleteFileW

  WriteFile

  FlushFileBuffers

  GetFileSize

  DuplicateHandle

  GetCurrentProcess

  CreateEventW

  SetEvent

  ResetEvent

  WaitForMultipleObjects

  EnterCriticalSection

  LeaveCriticalSection

  WaitForSingleObject

  InitializeCriticalSection

  DeleteCriticalSection

  CreateDirectoryW

  SetLastError

  CreateThread

  GetFileAttributesW

  FindFirstFileW

  FindClose

  SetErrorMode

  GetDriveTypeW

  GetVolumeInformationW

  CreateHardLinkW

  DeviceIoControl

  GetModuleHandleW

  GetProcAddress

  Sleep

  QueryPerformanceCounter

  GetCurrentProcessId

  GetCurrentThreadId

  GetSystemTimeAsFileTime

  GetTickCount

  RtlCaptureContext

  RtlLookupFunctionEntry

  RtlVirtualUnwind

  UnhandledExceptionFilter

  SetUnhandledExceptionFilter

  TerminateProcess

  unbcl

  ?AddRef@Object@UnBCL@@QEAAXXZ

  ?GetCallingModule@SerializationStream@UnBCL@@SAPEAUHINSTANCE__@@XZ

  ?CanRegister@SerializationStream@UnBCL@@SAHXZ

  ?RegisterType@SerializationStream@UnBCL@@SAXPEBVString@2@HPEAUHINSTANCE__@@PEAUIInstanceFactory@2@@Z

  ?EnqueueSbRegistration@SbRegistrationList@UnBCL@@SAXPEBDHPEAUHINSTANCE__@@PEAUIInstanceFactory@2@@Z

  ??0NotSupportedException@UnBCL@@QEAA@PEBG@Z

  ??1NotSupportedException@UnBCL@@UEAA@XZ

  ??0InvalidOperationException@UnBCL@@QEAA@PEBVString@1@@Z

  ?SetLiteralStorage@_@UnBCL@@YAXPEAPEBVString@2@PEBG@Z

  ??1?$ICollection@G@UnBCL@@UEAA@XZ

  ?UnregisterType@SerializationStream@UnBCL@@SAXPEBVString@2@HPEAUHINSTANCE__@@@Z

  ?Clone@?$ArrayList@PEAVString@UnBCL@@@UnBCL@@UEBAPEAVObject@2@XZ

  ?Equals@?$ArrayList@PEAVString@UnBCL@@@UnBCL@@UEBAHPEBVObject@2@@Z

  ??0IInstanceFactory@UnBCL@@QEAA@XZ

  ??1?$IEnumerator@PEAVString@UnBCL@@@UnBCL@@UEAA@XZ

  ??0?$IEnumerator@PEAVString@UnBCL@@@UnBCL@@QEAA@XZ

  ??0?$ICollection@G@UnBCL@@QEAA@XZ

  ??0?$IEnumerable@G@UnBCL@@QEAA@XZ

  ??0?$ICollection@PEAVString@UnBCL@@@UnBCL@@QEAA@XZ

  ??0?$IEnumerable@PEAVString@UnBCL@@@UnBCL@@QEAA@XZ

  ??1InvalidCastException@UnBCL@@UEAA@XZ

  ??_DStringPtr@UnBCL@@QEAAXXZ

  ??_DFileStream@UnBCL@@QEAAXXZ

  ??_D?$ArrayList@PEAVString@UnBCL@@@UnBCL@@QEAAXXZ

  ??4SyncObject@UnBCL@@QEAAAEAV01@AEBV01@@Z

  ??4MemoryStream@UnBCL@@QEAAAEAV01@AEBV01@@Z

  ??_DMemoryStream@UnBCL@@QEAAXXZ

  ??0MemoryStream@UnBCL@@QEAA@AEBV01@@Z

  ??0ISerializable@UnBCL@@QEAA@$$QEAU01@@Z

  ??0ISerializable@UnBCL@@QEAA@AEBU01@@Z

  ??4ISerializable@UnBCL@@QEAAAEAU01@AEBU01@@Z

  ??4ISerializable@UnBCL@@QEAAAEAU01@$$QEAU01@@Z

  ??1InvalidOperationException@UnBCL@@UEAA@XZ

  ??0ISerializable@UnBCL@@QEAA@XZ

  ??0Win32Exception@UnBCL@@QEAA@XZ

  ??0OutOfMemoryException@UnBCL@@QEAA@XZ

  ??1Stream@UnBCL@@UEAA@XZ

  ??_7Stream@UnBCL@@6B01@@

  ??_7Stream@UnBCL@@6BObject@1@@

  ??_7Stream@UnBCL@@6BIDisposable@1@@

  ??0NotSupportedException@UnBCL@@QEAA@XZ

  ?Concat@String@UnBCL@@SAPEAV12@PEBG0@Z

  ??0StringBuilder@UnBCL@@QEAA@XZ

  ??1StringBuilder@UnBCL@@UEAA@XZ

  ?Append@StringBuilder@UnBCL@@QEAAPEAV12@PEBVString@2@@Z

  ?Append@StringBuilder@UnBCL@@QEAAPEAV12@G@Z

  ?get_CString@StringBuilder@UnBCL@@QEBAPEBGXZ

  ?WithoutLongPrefix@Path@UnBCL@@SAPEAVString@2@PEBV32@@Z

  ?WithLongPrefix@Path@UnBCL@@SAPEAVString@2@PEBV32@H@Z

  ??B?$SmartPtr@VString@UnBCL@@@UnBCL@@QEBAPEAVNullTest@01@XZ

  ?set_Length@StringBuilder@UnBCL@@QEAAXH@Z

  ?get_Length@StringBuilder@UnBCL@@QEBAHXZ

  ??0FileStream@UnBCL@@QEAA@PEBVString@1@W4FileMode@1@W4FileAccess@1@W4FileShare@1@K@Z

  ??0?$SmartPtr@VStream@UnBCL@@@UnBCL@@QEAA@XZ

  ??1?$SmartPtr@VStream@UnBCL@@@UnBCL@@UEAA@XZ

  ??4?$SmartPtr@VStream@UnBCL@@@UnBCL@@QEAAAEAV01@AEBV01@@Z

  ??0?$SmartPtr@VStream@UnBCL@@@UnBCL@@QEAA@PEAVStream@1@@Z

  ?get_P@?$SmartPtr@VStream@UnBCL@@@UnBCL@@QEBAPEAVStream@2@XZ

  ??C?$SmartPtr@VStream@UnBCL@@@UnBCL@@QEBAPEAVStream@1@XZ

  ??B?$SmartPtr@VStream@UnBCL@@@UnBCL@@QEBAPEAVNullTest@01@XZ

  ??0ArgumentException@UnBCL@@QEAA@XZ

  ?Append@StringBuilder@UnBCL@@QEAAPEAV12@PEBG@Z

  ?Create@File@UnBCL@@SAPEAVFileStream@2@PEBVString@2@@Z

  ?GetTemporaryFileName@File@UnBCL@@SAPEAVString@2@PEBV32@@Z

  ?Delete@File@UnBCL@@SAXPEBVString@2@@Z

  ?Add@StreamCounter@UnBCL@@QEAAX_J@Z

  ??0Exception@UnBCL@@QEAA@PEBG@Z

  ??0IDisposable@UnBCL@@QEAA@XZ

  ??1IDisposable@UnBCL@@UEAA@XZ

  ??1OutOfMemoryException@UnBCL@@UEAA@XZ

  ?get_Length@String@UnBCL@@QEBAHXZ

  ?GetEnvironmentVar@Environment@UnBCL@@SAPEAVString@2@PEBV32@@Z

  ?MatchI@String@UnBCL@@SAHPEBG0@Z

  ?Steal@?$SmartPtr@VStream@UnBCL@@@UnBCL@@QEAAPEAVStream@2@XZ

  ?GetFileNameWithoutExtension@Path@UnBCL@@SAPEAVString@2@PEBV32@@Z

  ?Concat@String@UnBCL@@SAPEAV12@PEBG000@Z

  ?Exists@File@UnBCL@@SAHPEBVString@2@@Z

  ??0IDisposable@UnBCL@@QEAA@AEBU01@@Z

  ??4Stream@UnBCL@@QEAAAEAV01@$$QEAV01@@Z

  ??4Stream@UnBCL@@QEAAAEAV01@AEBV01@@Z

  ??0Stream@UnBCL@@QEAA@$$QEAV01@@Z

  ??0Stream@UnBCL@@QEAA@AEBV01@@Z

  ?Compare@String@UnBCL@@SAHPEBG0H@Z

  ?GetDirectoryRoot@Directory@UnBCL@@SAPEAVString@2@PEBV32@@Z

  ?ExpandEnvironmentVariables@Environment@UnBCL@@SAPEAVString@2@PEBV32@@Z

  ?GetPathRoot@Path@UnBCL@@SAPEAVString@2@PEBV32@@Z

  ??0IDisposable@UnBCL@@QEAA@$$QEAU01@@Z

  ?Clone@?$Array@E@UnBCL@@UEBAPEAVObject@2@XZ

  ?Equals@?$Array@E@UnBCL@@UEBAHPEBVObject@2@@Z

  ??0?$Hashtable@PEAVString@UnBCL@@PEAV12@@UnBCL@@QEAA@HH@Z

  ??0InvalidOperationException@UnBCL@@QEAA@XZ

  ?Join@String@UnBCL@@SAPEAV12@PEBGPEAV?$Array@PEAVString@UnBCL@@@2@@Z

  ?get_Chars@String@UnBCL@@QEBAAEBGH@Z

  ??0?$SmartPtr@V?$Array@E@UnBCL@@@UnBCL@@QEAA@PEAV?$Array@E@1@@Z

  ??1?$SmartPtr@V?$Array@E@UnBCL@@@UnBCL@@UEAA@XZ

  ?get_P@?$SmartPtr@V?$Array@E@UnBCL@@@UnBCL@@QEBAPEAV?$Array@E@2@XZ

  ??C?$SmartPtr@V?$Array@E@UnBCL@@@UnBCL@@QEBAPEAV?$Array@E@1@XZ

  ?Steal@?$SmartPtr@V?$Array@E@UnBCL@@@UnBCL@@QEAAPEAV?$Array@E@2@XZ

  ?GetFileName@Path@UnBCL@@SAPEAVString@2@PEBV32@@Z

  ?IsPathRooted@Path@UnBCL@@SAHPEBVString@2@@Z

  ?Clone@?$Hashtable@PEAVString@UnBCL@@PEAV12@@UnBCL@@UEBAPEAVObject@2@XZ

  ??_D?$Hashtable@PEAVString@UnBCL@@PEAV12@@UnBCL@@QEAAXXZ

  ??0String@UnBCL@@QEAA@PEBGHH@Z

  ?Exists@Directory@UnBCL@@SAHPEBVString@2@@Z

  ?IsDirectoryEmpty@Directory@UnBCL@@SAHPEBVString@2@@Z

  ??0Win32Exception@UnBCL@@QEAA@PEBG@Z

  ??0?$SmartPtr@VEncoding@UnBCL@@@UnBCL@@QEAA@PEAVEncoding@1@@Z

  ?GetASCII@Encoding@UnBCL@@SAPEAV12@XZ

  ??1?$SmartPtr@VEncoding@UnBCL@@@UnBCL@@UEAA@XZ

  ??0StreamReader@UnBCL@@QEAA@PEBVString@1@PEAVEncoding@1@@Z

  ?get_P@?$SmartPtr@VEncoding@UnBCL@@@UnBCL@@QEBAPEAVEncoding@2@XZ

  ?DeleteNE@Directory@UnBCL@@SAHPEBVString@2@H@Z

  ??0StreamWriter@UnBCL@@QEAA@PEBVString@1@HPEAVEncoding@1@HH@Z

  ?Combine@Path@UnBCL@@SAPEAVString@2@PEBV32@0@Z

  ??0String@UnBCL@@QEAA@XZ

  ?Delete@Directory@UnBCL@@SAXPEBVString@2@H@Z

  ?StartsWith@String@UnBCL@@QEBAHPEBGH@Z

  ?ReadByte@Stream@UnBCL@@UEAAHXZ

  ??_DStreamWriter@UnBCL@@QEAAXXZ

  ??_DStreamReader@UnBCL@@QEAAXXZ

  ??0InvalidCastException@UnBCL@@QEAA@XZ

  ??5SerializationStream@UnBCL@@QEAAAEAV01@AEAPEAUISerializable@1@@Z

  ??0String@UnBCL@@QEAA@AEBV01@@Z

  ??2Object@UnBCL@@SAPEAX_KI@Z

  ??D?$SmartPtr@VString@UnBCL@@@UnBCL@@QEBAAEAVString@1@XZ

  ?SanitizeTypeName@SerializationStream@UnBCL@@SAPEAVString@2@AEBV32@@Z

  ?DecRef@Object@UnBCL@@QEAAHXZ

  ?get_P@?$SmartPtr@V?$Array@PEAVString@UnBCL@@@UnBCL@@@UnBCL@@QEBAPEAV?$Array@PEAVString@UnBCL@@@2@XZ

  ?Substring@String@UnBCL@@QEBAPEAV12@HH@Z

  ?LastIndexOf@String@UnBCL@@QEBAHG@Z

  ?FromASCII@String@UnBCL@@SAPEAV12@PEBD@Z

  ?FormatV@String@UnBCL@@SAPEAV12@PEBGPEAD@Z

  ?Concat@String@UnBCL@@SAPEAV12@PEBG00@Z

  ?Equals@?$Array@PEAVString@UnBCL@@@UnBCL@@UEBAHPEBVObject@2@@Z

  ?Clone@?$Array@PEAVString@UnBCL@@@UnBCL@@UEBAPEAVObject@2@XZ

  ??0?$Array@PEAVString@UnBCL@@@UnBCL@@QEAA@HH@Z

  ??5SerializationStream@UnBCL@@QEAAAEAV01@AEAK@Z

  ??0MemoryStream@UnBCL@@QEAA@PEAV?$Array@E@1@HH@Z

  ?get_Context@SerializationStream@UnBCL@@QEBAPEAVObject@2@XZ

  ?ReadBytes@SerializationStream@UnBCL@@QEAAXPEAEH@Z

  ??5SerializationStream@UnBCL@@QEAAAEAV01@AEAG@Z

  ??6SerializationStream@UnBCL@@QEAAAEAV01@K@Z

  ??0String@UnBCL@@QEAA@PEBG@Z

  ?WriteBytes@SerializationStream@UnBCL@@QEAAXPEBEH@Z

  ??6SerializationStream@UnBCL@@QEAAAEAV01@G@Z

  ??_D?$Array@E@UnBCL@@QEAAXXZ

  ??1String@UnBCL@@UEAA@XZ

  ??0StringPtr@UnBCL@@QEAA@PEAVString@1@@Z

  ??4?$SmartPtr@V?$Array@PEAVString@UnBCL@@@UnBCL@@@UnBCL@@QEAAAEAV01@AEBV01@@Z

  ?Compare@String@UnBCL@@SAHPEBV12@0H@Z

  ??_D?$Array@PEAVString@UnBCL@@@UnBCL@@QEAAXXZ

  ??0FileStream@UnBCL@@QEAA@PEAXW4FileAccess@1@@Z

  ??1ScopedObjectLock@UnBCL@@QEAA@XZ

  ??0ScopedObjectLock@UnBCL@@QEAA@PEAVSyncObject@1@@Z

  ?set_Context@SerializationStream@UnBCL@@QEAAXPEAVObject@2@@Z

  ??1SerializationStream@UnBCL@@UEAA@XZ

  ??0SerializationStream@UnBCL@@QEAA@PEAVStream@1@W4Mode@01@PEAVObject@1@@Z

  ??1?$ICollection@PEAVString@UnBCL@@@UnBCL@@UEAA@XZ

  ?MemAllocFailed@Allocator@UnBCL@@SAHXZ

  ?Steal@?$SmartPtr@VString@UnBCL@@@UnBCL@@QEAAPEAVString@2@XZ

  ?ToLower@String@UnBCL@@QEBAPEAV12@XZ

  ??C?$SmartPtr@V?$ArrayList@PEAVString@UnBCL@@@UnBCL@@@UnBCL@@QEBAPEAV?$ArrayList@PEAVString@UnBCL@@@1@XZ

  ??0?$ArrayList@PEAVString@UnBCL@@@UnBCL@@QEAA@XZ

  ?get_Win32ErrorCode@Win32Exception@UnBCL@@QEBAKXZ

  ?CreateDir@Directory@UnBCL@@SAPEAVDirectoryInfo@2@PEBVString@2@@Z

  ?GetParentPath@Path@UnBCL@@SAPEAVString@2@PEBV32@@Z

  ??0SyncObject@UnBCL@@QEAA@XZ

  ??0MemoryStream@UnBCL@@QEAA@XZ

  ??0Exception@UnBCL@@QEAA@XZ

  ??C?$SmartPtr@VString@UnBCL@@@UnBCL@@QEBAPEAVString@1@XZ

  ??5SerializationStream@UnBCL@@QEAAAEAV01@AEAH@Z

  ??6SerializationStream@UnBCL@@QEAAAEAV01@PEBUISerializable@1@@Z

  ??6SerializationStream@UnBCL@@QEAAAEAV01@H@Z

  ??5SerializationStream@UnBCL@@QEAAAEAV01@AEA_K@Z

  ??5SerializationStream@UnBCL@@QEAAAEAV01@AEAPEAVString@1@@Z

  ??6SerializationStream@UnBCL@@QEAAAEAV01@_K@Z

  ??6SerializationStream@UnBCL@@QEAAAEAV01@PEBVString@1@@Z

  ??C?$SmartPtr@V?$Array@PEAVString@UnBCL@@@UnBCL@@@UnBCL@@QEBAPEAV?$Array@PEAVString@UnBCL@@@1@XZ

  ??1?$SmartPtr@V?$Array@PEAVString@UnBCL@@@UnBCL@@@UnBCL@@UEAA@XZ

  ??0?$SmartPtr@V?$Array@PEAVString@UnBCL@@@UnBCL@@@UnBCL@@QEAA@PEAV?$Array@PEAVString@UnBCL@@@1@@Z

  ?get_CString@String@UnBCL@@QEBAPEBGXZ

  ??1SyncObject@UnBCL@@UEAA@XZ

  ??0SyncObject@UnBCL@@QEAA@AEBV01@@Z

  ??0?$SmartPtr@VString@UnBCL@@@UnBCL@@QEAA@AEBV01@@Z

  ??0Win32Exception@UnBCL@@QEAA@KPEBGPEAVException@1@@Z

  ??0Win32Exception@UnBCL@@QEAA@KPEBG@Z

  ?ReAlloc@Allocator@UnBCL@@SAPEAXPEAX_KI@Z

  ??0ArgumentNullException@UnBCL@@QEAA@PEBG@Z

  ??1Exception@UnBCL@@UEAA@XZ

  ??1Win32Exception@UnBCL@@UEAA@XZ

  ??1ArgumentException@UnBCL@@UEAA@XZ

  ??1ArgumentNullException@UnBCL@@UEAA@XZ

  ??0ArgumentNullException@UnBCL@@QEAA@XZ

  ??0?$SmartPtr@VString@UnBCL@@@UnBCL@@QEAA@XZ

  ??0Object@UnBCL@@QEAA@AEBV01@@Z

  ?ToString@Object@UnBCL@@UEBAPEAVString@2@XZ

  ??0?$Array@E@UnBCL@@QEAA@HH@Z

  ?GetBuffer@?$Array@E@UnBCL@@UEAAPEAEH@Z

  ??0ArgumentException@UnBCL@@QEAA@PEBG@Z

  ??1ISerializable@UnBCL@@UEAA@XZ

  ??1Object@UnBCL@@UEAA@XZ

  ??0Object@UnBCL@@QEAA@XZ

  ?Equals@String@UnBCL@@UEBAHPEBVObject@2@@Z

  ?GetHashCode@String@UnBCL@@UEBAHXZ

  ?ToString@String@UnBCL@@UEBAPEAV12@XZ

  ?CompareTo@String@UnBCL@@UEBAHPEBVObject@2@@Z

  ?Clone@String@UnBCL@@UEBAPEAVObject@2@XZ

  ??0String@UnBCL@@QEAA@PEBV01@@Z

  ?Format@String@UnBCL@@SAPEAV12@PEBGZZ

  ??0Win32Exception@UnBCL@@QEAA@K@Z

  ??1?$SmartPtr@V?$ArrayList@PEAVString@UnBCL@@@UnBCL@@@UnBCL@@UEAA@XZ

  ??0?$SmartPtr@V?$ArrayList@PEAVString@UnBCL@@@UnBCL@@@UnBCL@@QEAA@PEAV?$ArrayList@PEAVString@UnBCL@@@1@@Z

  ?get_P@?$SmartPtr@V?$ArrayList@PEAVString@UnBCL@@@UnBCL@@@UnBCL@@QEBAPEAV?$ArrayList@PEAVString@UnBCL@@@2@XZ

  ??1?$SmartPtr@VString@UnBCL@@@UnBCL@@UEAA@XZ

  ??0?$SmartPtr@VString@UnBCL@@@UnBCL@@QEAA@PEAVString@1@@Z

  ??4?$SmartPtr@VString@UnBCL@@@UnBCL@@QEAAAEAV01@AEBV01@@Z

  ?get_P@?$SmartPtr@VString@UnBCL@@@UnBCL@@QEBAPEAVString@2@XZ

  ?Free@Allocator@UnBCL@@SAXPEAXI@Z

  ??1ArgumentOutOfRangeException@UnBCL@@UEAA@XZ

  ?Equals@Object@UnBCL@@UEBAHPEBV12@@Z

  ?GetHashCode@Object@UnBCL@@UEBAHXZ

  ?GetType@Object@UnBCL@@UEBAPEAVType@2@XZ

  ?ToString@Exception@UnBCL@@UEBAPEAVString@2@XZ

  ?GetObjectID@Object@UnBCL@@UEBAIXZ

  ?WritePhantomObject@SerializationStream@UnBCL@@QEAAHPEBVObject@2@@Z

  ??0SerializationException@UnBCL@@QEAA@PEBG@Z

  ?ToArray@MemoryStream@UnBCL@@UEBAPEAV?$Array@E@2@XZ

  ?ReadPhantomObject@SerializationStream@UnBCL@@QEAAXAEAPEAVObject@2@@Z

  ??1SerializationException@UnBCL@@UEAA@XZ

  ??0InvalidOperationException@UnBCL@@QEAA@PEBG@Z

  ??0InvalidOperationException@UnBCL@@QEAA@PEBVString@1@PEAVException@1@@Z

  ?CompareTo@Object@UnBCL@@UEBAHPEBV12@@Z

  ?Clone@Object@UnBCL@@UEBAPEAV12@XZ

  ?get_InnerException@Exception@UnBCL@@UEBAPEBV12@XZ

  ?get_Message@Exception@UnBCL@@UEBAPEBVString@2@XZ

  ?get_Source@Exception@UnBCL@@UEBAPEBVString@2@XZ

  ?set_Source@Exception@UnBCL@@UEAAXPEBVString@2@@Z

  ?GetBaseException@Exception@UnBCL@@UEBAPEBV12@XZ

  ?get_HResult@Exception@UnBCL@@UEBAJXZ

  ?set_HResult@Exception@UnBCL@@MEAAXJ@Z

  ?SetMessage@Exception@UnBCL@@MEAAXPEAVString@2@@Z

  ??0ArgumentOutOfRangeException@UnBCL@@QEAA@PEBG@Z

  ??3Object@UnBCL@@SAXPEAX@Z

  ??2Object@UnBCL@@SAPEAX_K@Z

  ?AddStackTrace@Exception@UnBCL@@QEAAXPEBD@Z

  ?Alloc@Allocator@UnBCL@@SAPEAX_KI@Z

  ??4Object@UnBCL@@QEAAAEAV01@AEBV01@@Z

  migcore

  ??1IFileStreamProxy@Mig@@UEAA@XZ

  ??4IOptimizedFileStreamProxy@Mig@@QEAAAEAU01@AEBU01@@Z

  ??1IOptimizedFileStreamProxy@Mig@@UEAA@XZ

  ??0IOptimizedFileStreamProxy@Mig@@QEAA@XZ

  ??1CAbortException@Mig@@UEAA@XZ

  ??1SideAwareWin32Exception@Mig@@UEAA@XZ

  ??0CAbortException@Mig@@QEAA@PEBG@Z

  ?get_Name@CStorageType@Mig@@QEAAPEAVString@UnBCL@@XZ

  ?CopyStream@Mig@@YAXPEAVStream@UnBCL@@0PEAUILocalProgress@@H_J@Z

  ??C?$SmartPtr@UIMigLocation@Mig@@@UnBCL@@QEBAPEAUIMigLocation@Mig@@XZ

  ?get_P@?$SmartPtr@UIMigLocation@Mig@@@UnBCL@@QEBAPEAUIMigLocation@Mig@@XZ

  ?GetTypeFromString@CStorageType@Mig@@SAPEAV12@PEAVString@UnBCL@@@Z

  ??0SideAwareWin32Exception@Mig@@QEAA@HK@Z

  ??1IStreamProxy@Mig@@UEAA@XZ

  ?MappedFileSystemPath@CFileSystemRootMapping@Mig@@QEAAPEAVString@UnBCL@@PEAV34@@Z

  ??0?$SmartPtr@UIMigLocation@Mig@@@UnBCL@@QEAA@PEAUIMigLocation@Mig@@@Z

  ??1?$SmartPtr@UIMigLocation@Mig@@@UnBCL@@UEAA@XZ

  ?Clone@CFileLocation@Mig@@UEBAPEAVObject@UnBCL@@XZ

  ?CompareTo@CFilePattern@Mig@@UEBAHPEBVObject@UnBCL@@@Z

  ?ToString@CFileLocation@Mig@@UEBAPEAVString@UnBCL@@XZ

  ?GetHashCode@CFilePattern@Mig@@UEBAHXZ

  ??0IStreamProxy@Mig@@QEAA@XZ

  ?CreateFolder@IOptimizedFileStreamProxy@Mig@@UEAAXPEAVString@UnBCL@@HPEAHPEAUILocalProgress@@@Z

  ?CanCreateFolder@IOptimizedFileStreamProxy@Mig@@UEAAHXZ

  ??0IDataStoreNavigator@Mig@@QEAA@AEBU01@@Z

  ??1IDataStoreNavigator@Mig@@UEAA@XZ

  ??4IDataStoreNavigator@Mig@@QEAAAEAU01@AEBU01@@Z

  ??0IDataStoreNavigator@Mig@@QEAA@XZ

  ?CreateInstance@CLocationFactory@Mig@@SAPEAUIMigLocation@2@PEAVCStorageType@2@PEAV?$Array@PEAVString@UnBCL@@@UnBCL@@@Z

  ??1NavigatorRootAbsentException@Mig@@UEAA@XZ

  ??0NavigatorRootAbsentException@Mig@@QEAA@PEAUIMigLocation@1@@Z

  ??0?$SmartPtr@VCFileLocation@Mig@@@UnBCL@@QEAA@PEAVCFileLocation@Mig@@@Z

  ??1?$SmartPtr@VCFileLocation@Mig@@@UnBCL@@UEAA@XZ

  ?get_IsDirectory@CFileLocation@Mig@@QEBAHXZ

  ??0CFileLocation@Mig@@QEAA@HPEAVString@UnBCL@@@Z

  ??0IFileStreamProxy@Mig@@QEAA@XZ

  ??4?$SmartPtr@VCFileLocation@Mig@@@UnBCL@@QEAAAEAV01@AEBV01@@Z

  ?GetFullPath@CFileLocation@Mig@@QEBAPEAVString@UnBCL@@XZ

  ??0SideAwareWin32Exception@Mig@@QEAA@HKQEBGPEAVException@UnBCL@@@Z

  ?Equals@CFilePattern@Mig@@UEBAHPEBVObject@UnBCL@@@Z

  ?MakeSureDirectoryExists@CNativeFileUtils@Mig@@SAKPEAGPEAH@Z

  ?get_Location@CPhysicalFile@Mig@@QEAAPEAVCFileLocation@2@XZ

  ?CanCreateFile@IOptimizedFileStreamProxy@Mig@@UEAAHXZ

  ?CreateFileW@IOptimizedFileStreamProxy@Mig@@UEAAXPEAVString@UnBCL@@KPEAH1PEAUILocalProgress@@@Z

  ??_DCBlobStreamProxy@Mig@@QEAAXXZ

  ??1CPhysicalFile@Mig@@UEAA@XZ

  ??_DCEfsFileReadStream@Mig@@QEAAXXZ

  ?Clone@CBlobStreamProxy@Mig@@UEBAPEAVObject@UnBCL@@XZ

  ??0CEfsFileReadStream@Mig@@QEAA@PEBVString@UnBCL@@HW4FileMode@3@W4FileAccess@3@W4FileShare@3@K@Z

  ??0CPhysicalFile@Mig@@QEAA@PEAVCFileLocation@1@H@Z

  ?Clone@CPhysicalFile@Mig@@UEBAPEAVObject@UnBCL@@XZ

  ?Steal@?$SmartPtr@UIMigLocation@Mig@@@UnBCL@@QEAAPEAUIMigLocation@Mig@@XZ

  ??0CBlobStreamProxy@Mig@@QEAA@PEAV?$Array@E@UnBCL@@H@Z

  ?GetStateType@CStorageType@Mig@@SAPEAV12@XZ

  ?GetRegistryType@CStorageType@Mig@@SAPEAV12@XZ

  ?GetFileType@CStorageType@Mig@@SAPEAV12@XZ

  ??0SideAwareWin32Exception@Mig@@QEAA@HPEAVWin32Exception@UnBCL@@@Z

  ?GetTempDir@CFacadeState@Mig@@SAPEAVString@UnBCL@@XZ

  ?GetInitialized@CFacadeState@Mig@@SAHXZ

  ?GetIOBufferSet@CFacadeState@Mig@@SAAEAVCIOBufferSet@2@XZ

  ??C?$SmartPtr@VCFileLocation@Mig@@@UnBCL@@QEBAPEAVCFileLocation@Mig@@XZ

  ?get_P@?$SmartPtr@VCFileLocation@Mig@@@UnBCL@@QEBAPEAVCFileLocation@Mig@@XZ

  ??_DCFileLocation@Mig@@QEAAXXZ

  wdscore

  CurrentIP

  ConstructPartialMsgVW

  WdsSetupLogMessageW

  user32

  GetMessageW

  PostThreadMessageW

  PeekMessageW

  advapi32

  CryptEncrypt

  CryptDuplicateKey

  CryptDestroyKey

  CryptDecrypt

  CryptSetKeyParam

  CryptGetKeyParam

  rpcrt4

  UuidToStringW

  UuidCreate

  RpcStringFreeW

  Exports

  Exports

  ??0?$ArrayList@PEAVCCatalogUser@Mig@@@UnBCL@@AEAA@AEBV01@@Z

  ??0?$ArrayList@PEAVCCatalogUser@Mig@@@UnBCL@@QEAA@HH@Z

  ??0?$ArrayList@PEAVCCatalogUser@Mig@@@UnBCL@@QEAA@PEBU?$ICollection@PEAVCCatalogUser@Mig@@@1@@Z

  ??0?$ArrayList@PEAVCCatalogUser@Mig@@@UnBCL@@QEAA@XZ

  ??0?$Hashtable@IPEAUIDevice@Mig@@@UnBCL@@QEAA@AEBV01@@Z

  ??0?$Hashtable@IPEAUIDevice@Mig@@@UnBCL@@QEAA@H@Z

  ??0?$Hashtable@IPEAUIDevice@Mig@@@UnBCL@@QEAA@HH@Z

  ??0?$Hashtable@IPEAUIDevice@Mig@@@UnBCL@@QEAA@PEBU?$IDictionary@IPEAUIDevice@Mig@@@1@@Z

  ??0?$Hashtable@IPEAUIDevice@Mig@@@UnBCL@@QEAA@XZ

  ??0?$ICollection@PEAVCCatalogUser@Mig@@@UnBCL@@QEAA@AEBU01@@Z

  ??0?$ICollection@PEAVCCatalogUser@Mig@@@UnBCL@@QEAA@XZ

  ??0?$ICollection@V?$DictionaryEntry@IPEAUIDevice@Mig@@@UnBCL@@@UnBCL@@QEAA@AEBU01@@Z

  ??0?$ICollection@V?$DictionaryEntry@IPEAUIDevice@Mig@@@UnBCL@@@UnBCL@@QEAA@XZ

  ??0?$IDictionary@IPEAUIDevice@Mig@@@UnBCL@@QEAA@AEBU01@@Z

  ??0?$IDictionary@IPEAUIDevice@Mig@@@UnBCL@@QEAA@XZ

  ??0?$IEnumerable@PEAVCCatalogUser@Mig@@@UnBCL@@QEAA@AEBU01@@Z

  ??0?$IEnumerable@PEAVCCatalogUser@Mig@@@UnBCL@@QEAA@XZ

  ??0?$IEnumerable@V?$DictionaryEntry@IPEAUIDevice@Mig@@@UnBCL@@@UnBCL@@QEAA@AEBU01@@Z

  ??0?$IEnumerable@V?$DictionaryEntry@IPEAUIDevice@Mig@@@UnBCL@@@UnBCL@@QEAA@XZ

  ??0?$IList@PEAVCCatalogUser@Mig@@@UnBCL@@QEAA@AEBU01@@Z

  ??0?$IList@PEAVCCatalogUser@Mig@@@UnBCL@@QEAA@XZ

  ??0?$SerializableArrayListBase@PEAVCCatalogUser@Mig@@@_@UnBCL@@QEAA@AEBV012@@Z

  ??0?$SerializableArrayListBase@PEAVCCatalogUser@Mig@@@_@UnBCL@@QEAA@XZ

  ??0?$SerializableBase@V?$ArrayList@PEAVCCatalogUser@Mig@@@UnBCL@@$0A@V?$SimpleInstanceFactory@$1?OperatorNew@?$StaticOps@V?$ArrayList@PEAVCCatalogUser@Mig@@@UnBCL@@@_@UnBCL@@SAPEAUISerializable@4@XZ@2@@UnBCL@@IEAA@XZ

  ??0?$SerializableBase@V?$ArrayList@PEAVCCatalogUser@Mig@@@UnBCL@@$0A@V?$SimpleInstanceFactory@$1?OperatorNew@?$StaticOps@V?$ArrayList@PEAVCCatalogUser@Mig@@@UnBCL@@@_@UnBCL@@SAPEAUISerializable@4@XZ@2@@UnBCL@@QEAA@AEBV01@@Z

  ??0?$SerializableBase@VCCatalogEntry@Mig@@$0A@V?$DefaultInstanceFactory@VCCatalogEntry@Mig@@@UnBCL@@@UnBCL@@IEAA@XZ

  ??0?$SerializableBase@VCCatalogEntry@Mig@@$0A@V?$DefaultInstanceFactory@VCCatalogEntry@Mig@@@UnBCL@@@UnBCL@@QEAA@AEBV01@@Z

  ??0?$SerializableBase@VCCatalogUser@Mig@@$0A@V?$DefaultInstanceFactory@VCCatalogUser@Mig@@@UnBCL@@@UnBCL@@IEAA@XZ

  ??0?$SerializableBase@VCCatalogUser@Mig@@$0A@V?$DefaultInstanceFactory@VCCatalogUser@Mig@@@UnBCL@@@UnBCL@@QEAA@AEBV01@@Z

  ??0?$SerializableBase@VCCatalogUserList@Mig@@$0A@V?$DefaultInstanceFactory@VCCatalogUserList@Mig@@@UnBCL@@@UnBCL@@IEAA@XZ

  ??0?$SerializableBase@VCCatalogUserList@Mig@@$0A@V?$DefaultInstanceFactory@VCCatalogUserList@Mig@@@UnBCL@@@UnBCL@@QEAA@AEBV01@@Z

  ??0?$SmartPtr@UITrimableStream@Mig@@@UnBCL@@QEAA@AEBV01@@Z

  ??0?$SmartPtr@UITrimableStream@Mig@@@UnBCL@@QEAA@PEAUITrimableStream@Mig@@@Z

  ??0?$SmartPtr@UITrimableStream@Mig@@@UnBCL@@QEAA@XZ

  ??0?$SmartPtr@V?$ArrayList@G@UnBCL@@@UnBCL@@QEAA@AEBV01@@Z

  ??0?$SmartPtr@V?$ArrayList@G@UnBCL@@@UnBCL@@QEAA@PEAV?$ArrayList@G@1@@Z

  ??0?$SmartPtr@V?$ArrayList@G@UnBCL@@@UnBCL@@QEAA@XZ

  ??0?$SmartPtr@V?$ArrayList@PEAV?$DictionaryEntry@PEAVCFileLocation@Mig@@PEAV12@@UnBCL@@@UnBCL@@@UnBCL@@QEAA@AEBV01@@Z

  ??0?$SmartPtr@V?$ArrayList@PEAV?$DictionaryEntry@PEAVCFileLocation@Mig@@PEAV12@@UnBCL@@@UnBCL@@@UnBCL@@QEAA@PEAV?$ArrayList@PEAV?$DictionaryEntry@PEAVCFileLocation@Mig@@PEAV12@@UnBCL@@@1@@Z

  ??0?$SmartPtr@V?$ArrayList@PEAV?$DictionaryEntry@PEAVCFileLocation@Mig@@PEAV12@@UnBCL@@@UnBCL@@@UnBCL@@QEAA@XZ

  ??0?$SmartPtr@VCLibrarian@Mig@@@UnBCL@@QEAA@AEBV01@@Z

  ??0?$SmartPtr@VCLibrarian@Mig@@@UnBCL@@QEAA@PEAVCLibrarian@Mig@@@Z

  ??0?$SmartPtr@VCLibrarian@Mig@@@UnBCL@@QEAA@XZ

  ??0?$SmartPtr@VSendState@Mig@@@UnBCL@@QEAA@AEBV01@@Z

  ??0?$SmartPtr@VSendState@Mig@@@UnBCL@@QEAA@PEAVSendState@Mig@@@Z

  ??0?$SmartPtr@VSendState@Mig@@@UnBCL@@QEAA@XZ

  ??0CAlternateStreamHolder@Mig@@QEAA@AEBV01@@Z

  ??0CAlternateStreamHolder@Mig@@QEAA@PEAVStream@UnBCL@@@Z

  ??0CAlternateStreamHolder@Mig@@QEAA@PEAVString@UnBCL@@@Z

  ??0CCatalog@Mig@@QEAA@AEBV01@@Z

  ??0CCatalog@Mig@@QEAA@PEAVString@UnBCL@@HHPEAV?$Array@PEAVString@UnBCL@@@3@HHH@Z

  ??0CCatalogEntry@Mig@@IEAA@XZ

  ??0CCatalogEntry@Mig@@QEAA@AEAV?$CBitVector2D@$01@1@PEAVString@UnBCL@@PEAUIMigLocation@1@22PEAVStream@4@PEAV?$Array@E@4@41PEAU?$IDictionary@PEAVString@UnBCL@@PEAVCAlternateStreamHolder@Mig@@@4@K@Z

  ??0CCatalogEntry@Mig@@QEAA@AEBV01@@Z

  ??0CCatalogLinearIterator@Mig@@AEAA@AEAVCCatalog@1@@Z

  ??0CCatalogLinearIterator@Mig@@QEAA@AEBV01@@Z

  ??0CCatalogNavigator@Mig@@IEAA@PEAUIMigLocation@1@PEAVString@UnBCL@@PEBVCCatalogTreeData@1@PEAV?$CTreeNode@VCCatalogTreeData@Mig@@@1@@Z

  ??0CCatalogNavigator@Mig@@QEAA@AEBV01@@Z

  ??0CCatalogUser@Mig@@QEAA@$$QEAV01@@Z

  ??0CCatalogUser@Mig@@QEAA@AEBV01@@Z

  ??0CCatalogUser@Mig@@QEAA@PEAVString@UnBCL@@@Z

  ??0CCatalogUser@Mig@@QEAA@XZ

  ??0CCatalogUserList@Mig@@QEAA@XZ

  ??0CConnectionPipeTransportStreamProxy@Mig@@IEAA@AEBV01@@Z

  ??0CConnectionPipeTransportStreamProxy@Mig@@QEAA@PEAVCConnectionPipeTransport@1@PEAVString@UnBCL@@1PEAVCFileSystemRootMapping@1@PEAVCDeviceProgressAdapter@1@PEAX@Z

  ??0CDeviceLockedObject@Mig@@IEAA@AEBV01@@Z

  ??0CDeviceLockedObject@Mig@@QEAA@PEAVString@UnBCL@@H@Z

  ??0CDeviceProgressAdapter@Mig@@QEAA@$$QEAV01@@Z

  ??0CDeviceProgressAdapter@Mig@@QEAA@AEBV01@@Z

  ??0CDeviceProgressAdapter@Mig@@QEAA@XZ

  ??0CExternalTransport@Mig@@QEAA@AEBV01@@Z

  ??0CExternalTransport@Mig@@QEAA@XZ

  ??0CExternalTransportInitializationData@Mig@@QEAA@$$QEAV01@@Z

  ??0CExternalTransportInitializationData@Mig@@QEAA@AEBV01@@Z

  ??0CExternalTransportInitializationData@Mig@@QEAA@PEAVCPlatform@1@PEAUIExternalStore@@PEAVString@UnBCL@@@Z

  ??0CExternalTransportStreamProxy@Mig@@IEAA@AEBV01@@Z

  ??0CExternalTransportStreamProxy@Mig@@QEAA@PEAVCExternalTransport@1@PEAUIExternalStore@@PEAVString@UnBCL@@PEAVCFileSystemRootMapping@1@PEAVCDeviceProgressAdapter@1@@Z

  ??0CHardLinkTransportStreamProxy@Mig@@IEAA@AEBV01@@Z

  ??0CHardLinkTransportStreamProxy@Mig@@QEAA@PEAVCUNCTransport@1@PEAVString@UnBCL@@1PEAVCFileSystemRootMapping@1@PEAVCDeviceProgressAdapter@1@@Z

  ??0CIMGTransport@Mig@@QEAA@AEBV01@@Z

  ??0CIMGTransport@Mig@@QEAA@XZ

  ??0CLibTransport@Mig@@QEAA@$$QEAV01@@Z

  ??0CLibTransport@Mig@@QEAA@AEBV01@@Z

  ??0CLibTransport@Mig@@QEAA@XZ

  ??0CLibTransportInitializationData@Mig@@QEAA@$$QEAV01@@Z

  ??0CLibTransportInitializationData@Mig@@QEAA@AEBV01@@Z

  ??0CLibTransportInitializationData@Mig@@QEAA@PEBG0PEAUITransportUI@@PEAUIMigStreamSizeRecorder@@@Z

  ??0CLibrarian@Mig@@QEAA@AEBV01@@Z

  ??0CLibrarian@Mig@@QEAA@PEAUITrimableStream@1@HH_K@Z

  ??0CLibrarian@Mig@@QEAA@PEAUITrimableStream@1@HH_KPEAH2@Z

  ??0CMediaManager@Mig@@QEAA@AEBV01@@Z

  ??0CMediaManager@Mig@@QEAA@PEAVCPlatform@1@@Z

  ??0CMediaManagerStreamProxy@Mig@@IEAA@AEBV01@@Z

  ??0CMediaManagerStreamProxy@Mig@@QEAA@PEAUIDevice@1@PEAVString@UnBCL@@PEAVCDeviceProgressAdapter@1@@Z

  ??0CNonTrimableFileStream@Mig@@QEAA@AEBV01@@Z

  ??0CNonTrimableFileStream@Mig@@QEAA@PEBVString@UnBCL@@W4FileMode@3@W4FileAccess@3@W4FileShare@3@KPEAUIDevice@1@@Z

  ??0CSimulationTableStream@@QEAA@AEBV0@@Z

  ??0CSimulationTableStream@@QEAA@PEAUIMigStreamSizeRecorder@@PEBG@Z

  ??0CSimulationTrimableStream@Mig@@QEAA@$$QEAV01@@Z

  ??0CSimulationTrimableStream@Mig@@QEAA@AEBV01@@Z

  ??0CSimulationTrimableStream@Mig@@QEAA@PEAUIMigStreamSizeRecorder@@@Z

  ??0CSplitFileStream@Mig@@QEAA@AEBV01@@Z

  ??0CSplitFileStream@Mig@@QEAA@PEAVString@UnBCL@@IP6AXPEAEIH@ZP6AH1IH@Z_JHPEAUIDevice@1@@Z

  ??0CUNCTransport@Mig@@QEAA@AEBV01@@Z

  ??0CUNCTransport@Mig@@QEAA@XZ

  ??0CUNCTransportInitializationData@Mig@@QEAA@$$QEAV01@@Z

  ??0CUNCTransportInitializationData@Mig@@QEAA@AEBV01@@Z

  ??0CUNCTransportInitializationData@Mig@@QEAA@PEBGPEAUIMigHardLinkPolicy@@PEAV?$ArrayList@G@UnBCL@@PEAVCPlatform@1@PEAUIMigStreamSizeRecorder@@@Z

  ??0IDevice@Mig@@QEAA@$$QEAU01@@Z

  ??0IDevice@Mig@@QEAA@AEBU01@@Z

  ??0IDevice@Mig@@QEAA@XZ

  ??0IDeviceInitializationData@Mig@@QEAA@$$QEAU01@@Z

  ??0IDeviceInitializationData@Mig@@QEAA@AEBU01@@Z

  ??0IDeviceInitializationData@Mig@@QEAA@XZ

  ??0IStoreInterface@Mig@@QEAA@$$QEAU01@@Z

  ??0IStoreInterface@Mig@@QEAA@AEBU01@@Z

  ??0IStoreInterface@Mig@@QEAA@XZ

  ??0ITrimableStream@Mig@@QEAA@$$QEAU01@@Z

  ??0ITrimableStream@Mig@@QEAA@AEBU01@@Z

  ??0ITrimableStream@Mig@@QEAA@XZ

  ??0SendState@Mig@@QEAA@$$QEAV01@@Z

  ??0SendState@Mig@@QEAA@AEBV01@@Z

  ??0SendState@Mig@@QEAA@XZ

  ??1?$ArrayList@PEAVCCatalogUser@Mig@@@UnBCL@@UEAA@XZ

  ??1?$Hashtable@IPEAUIDevice@Mig@@@UnBCL@@UEAA@XZ

  ??1?$ICollection@PEAVCCatalogUser@Mig@@@UnBCL@@UEAA@XZ

  ??1?$ICollection@V?$DictionaryEntry@IPEAUIDevice@Mig@@@UnBCL@@@UnBCL@@UEAA@XZ

  ??1?$IDictionary@IPEAUIDevice@Mig@@@UnBCL@@UEAA@XZ

  ??1?$IList@PEAVCCatalogUser@Mig@@@UnBCL@@UEAA@XZ

  ??1?$SerializableArrayListBase@PEAVCCatalogUser@Mig@@@_@UnBCL@@UEAA@XZ

  ??1?$SerializableBase@V?$ArrayList@PEAVCCatalogUser@Mig@@@UnBCL@@$0A@V?$SimpleInstanceFactory@$1?OperatorNew@?$StaticOps@V?$ArrayList@PEAVCCatalogUser@Mig@@@UnBCL@@@_@UnBCL@@SAPEAUISerializable@4@XZ@2@@UnBCL@@UEAA@XZ

  ??1?$SerializableBase@VCCatalogEntry@Mig@@$0A@V?$DefaultInstanceFactory@VCCatalogEntry@Mig@@@UnBCL@@@UnBCL@@UEAA@XZ

  ??1?$SerializableBase@VCCatalogUser@Mig@@$0A@V?$DefaultInstanceFactory@VCCatalogUser@Mig@@@UnBCL@@@UnBCL@@UEAA@XZ

  ??1?$SerializableBase@VCCatalogUserList@Mig@@$0A@V?$DefaultInstanceFactory@VCCatalogUserList@Mig@@@UnBCL@@@UnBCL@@UEAA@XZ

  ??1?$SmartPtr@UITrimableStream@Mig@@@UnBCL@@UEAA@XZ

  ??1?$SmartPtr@V?$ArrayList@G@UnBCL@@@UnBCL@@UEAA@XZ

  ??1?$SmartPtr@V?$ArrayList@PEAV?$DictionaryEntry@PEAVCFileLocation@Mig@@PEAV12@@UnBCL@@@UnBCL@@@UnBCL@@UEAA@XZ

  ??1?$SmartPtr@VCLibrarian@Mig@@@UnBCL@@UEAA@XZ

  ??1?$SmartPtr@VSendState@Mig@@@UnBCL@@UEAA@XZ

  ??1CAlternateStreamHolder@Mig@@UEAA@XZ

  ??1CCatalog@Mig@@UEAA@XZ

  ??1CCatalogEntry@Mig@@UEAA@XZ

  ??1CCatalogLinearIterator@Mig@@UEAA@XZ

  ??1CCatalogNavigator@Mig@@UEAA@XZ

  ??1CCatalogUser@Mig@@UEAA@XZ

  ??1CCatalogUserList@Mig@@UEAA@XZ

  ??1CConnectionPipeTransportStreamProxy@Mig@@UEAA@XZ

  ??1CDeviceLockedObject@Mig@@UEAA@XZ

  ??1CDeviceProgressAdapter@Mig@@UEAA@XZ

  ??1CExternalTransport@Mig@@UEAA@XZ

  ??1CExternalTransportInitializationData@Mig@@UEAA@XZ

  ??1CExternalTransportStreamProxy@Mig@@UEAA@XZ

  ??1CHardLinkTransportStreamProxy@Mig@@UEAA@XZ

  ??1CIMGTransport@Mig@@UEAA@XZ

  ??1CLibTransport@Mig@@UEAA@XZ

  ??1CLibTransportInitializationData@Mig@@UEAA@XZ

  ??1CLibrarian@Mig@@UEAA@XZ

  ??1CMediaManager@Mig@@UEAA@XZ

  ??1CMediaManagerStreamProxy@Mig@@UEAA@XZ

  ??1CNonTrimableFileStream@Mig@@UEAA@XZ

  ??1CSimulationTableStream@@UEAA@XZ

  ??1CSimulationTrimableStream@Mig@@UEAA@XZ

  ??1CSplitFileStream@Mig@@UEAA@XZ

  ??1CUNCTransport@Mig@@UEAA@XZ

  ??1CUNCTransportInitializationData@Mig@@UEAA@XZ

  ??1IDevice@Mig@@UEAA@XZ

  ??1IDeviceInitializationData@Mig@@UEAA@XZ

  ??1IStoreInterface@Mig@@UEAA@XZ

  ??1ITrimableStream@Mig@@UEAA@XZ

  ??1SendState@Mig@@UEAA@XZ

  ??4?$ArrayList@PEAVCCatalogUser@Mig@@@UnBCL@@QEAAAEAV01@AEBV01@@Z

  ??4?$Hashtable@IPEAUIDevice@Mig@@@UnBCL@@QEAAAEAV01@AEBV01@@Z

  ??4?$ICollection@PEAVCCatalogUser@Mig@@@UnBCL@@QEAAAEAU01@$$QEAU01@@Z

  ??4?$ICollection@PEAVCCatalogUser@Mig@@@UnBCL@@QEAAAEAU01@AEBU01@@Z

  ??4?$ICollection@V?$DictionaryEntry@IPEAUIDevice@Mig@@@UnBCL@@@UnBCL@@QEAAAEAU01@$$QEAU01@@Z

  ??4?$ICollection@V?$DictionaryEntry@IPEAUIDevice@Mig@@@UnBCL@@@UnBCL@@QEAAAEAU01@AEBU01@@Z

  ??4?$IDictionary@IPEAUIDevice@Mig@@@UnBCL@@QEAAAEAU01@$$QEAU01@@Z

  ??4?$IDictionary@IPEAUIDevice@Mig@@@UnBCL@@QEAAAEAU01@AEBU01@@Z

  ??4?$IEnumerable@PEAVCCatalogUser@Mig@@@UnBCL@@QEAAAEAU01@$$QEAU01@@Z

  ??4?$IEnumerable@PEAVCCatalogUser@Mig@@@UnBCL@@QEAAAEAU01@AEBU01@@Z

  ??4?$IEnumerable@V?$DictionaryEntry@IPEAUIDevice@Mig@@@UnBCL@@@UnBCL@@QEAAAEAU01@$$QEAU01@@Z

  ??4?$IEnumerable@V?$DictionaryEntry@IPEAUIDevice@Mig@@@UnBCL@@@UnBCL@@QEAAAEAU01@AEBU01@@Z

  ??4?$IList@PEAVCCatalogUser@Mig@@@UnBCL@@QEAAAEAU01@$$QEAU01@@Z

  ??4?$IList@PEAVCCatalogUser@Mig@@@UnBCL@@QEAAAEAU01@AEBU01@@Z

  ??4?$SerializableArrayListBase@PEAVCCatalogUser@Mig@@@_@UnBCL@@QEAAAEAV012@$$QEAV012@@Z

  ??4?$SerializableArrayListBase@PEAVCCatalogUser@Mig@@@_@UnBCL@@QEAAAEAV012@AEBV012@@Z

  ??4?$SerializableBase@V?$ArrayList@PEAVCCatalogUser@Mig@@@UnBCL@@$0A@V?$SimpleInstanceFactory@$1?OperatorNew@?$StaticOps@V?$ArrayList@PEAVCCatalogUser@Mig@@@UnBCL@@@_@UnBCL@@SAPEAUISerializable@4@XZ@2@@UnBCL@@QEAAAEAV01@$$QEAV01@@Z

  ??4?$SerializableBase@V?$ArrayList@PEAVCCatalogUser@Mig@@@UnBCL@@$0A@V?$SimpleInstanceFactory@$1?OperatorNew@?$StaticOps@V?$ArrayList@PEAVCCatalogUser@Mig@@@UnBCL@@@_@UnBCL@@SAPEAUISerializable@4@XZ@2@@UnBCL@@QEAAAEAV01@AEBV01@@Z

  ??4?$SerializableBase@VCCatalogEntry@Mig@@$0A@V?$DefaultInstanceFactory@VCCatalogEntry@Mig@@@UnBCL@@@UnBCL@@QEAAAEAV01@$$QEAV01@@Z

  ??4?$SerializableBase@VCCatalogEntry@Mig@@$0A@V?$DefaultInstanceFactory@VCCatalogEntry@Mig@@@UnBCL@@@UnBCL@@QEAAAEAV01@AEBV01@@Z

  ??4?$SerializableBase@VCCatalogUser@Mig@@$0A@V?$DefaultInstanceFactory@VCCatalogUser@Mig@@@UnBCL@@@UnBCL@@QEAAAEAV01@$$QEAV01@@Z

  ??4?$SerializableBase@VCCatalogUser@Mig@@$0A@V?$DefaultInstanceFactory@VCCatalogUser@Mig@@@UnBCL@@@UnBCL@@QEAAAEAV01@AEBV01@@Z

  ??4?$SerializableBase@VCCatalogUserList@Mig@@$0A@V?$DefaultInstanceFactory@VCCatalogUserList@Mig@@@UnBCL@@@UnBCL@@QEAAAEAV01@$$QEAV01@@Z

  ??4?$SerializableBase@VCCatalogUserList@Mig@@$0A@V?$DefaultInstanceFactory@VCCatalogUserList@Mig@@@UnBCL@@@UnBCL@@QEAAAEAV01@AEBV01@@Z

  ??4?$SmartPtr@UITrimableStream@Mig@@@UnBCL@@QEAAAEAV01@AEBV01@@Z

  ??4?$SmartPtr@V?$ArrayList@G@UnBCL@@@UnBCL@@QEAAAEAV01@AEBV01@@Z

  ??4?$SmartPtr@V?$ArrayList@PEAV?$DictionaryEntry@PEAVCFileLocation@Mig@@PEAV12@@UnBCL@@@UnBCL@@@UnBCL@@QEAAAEAV01@AEBV01@@Z

  ??4?$SmartPtr@VCLibrarian@Mig@@@UnBCL@@QEAAAEAV01@AEBV01@@Z

  ??4?$SmartPtr@VSendState@Mig@@@UnBCL@@QEAAAEAV01@AEBV01@@Z

  ??4CAlternateStreamHolder@Mig@@QEAAAEAV01@AEBV01@@Z

  ??4CCatalog@Mig@@QEAAAEAV01@AEBV01@@Z

  ??4CCatalogEntry@Mig@@QEAAAEAV01@AEBV01@@Z

  ??4CCatalogNavigator@Mig@@QEAAAEAV01@AEBV01@@Z

  ??4CCatalogUser@Mig@@QEAAAEAV01@$$QEAV01@@Z

  ??4CCatalogUser@Mig@@QEAAAEAV01@AEBV01@@Z

  ??4CCatalogUserList@Mig@@QEAAAEAV01@$$QEAV01@@Z

  ??4CCatalogUserList@Mig@@QEAAAEAV01@AEBV01@@Z

  ??4CConnectionPipeTransportStreamProxy@Mig@@QEAAAEAV01@AEBV01@@Z

  ??4CDeviceLockedObject@Mig@@QEAAAEAV01@AEBV01@@Z

  ??4CDeviceProgressAdapter@Mig@@QEAAAEAV01@$$QEAV01@@Z

  ??4CDeviceProgressAdapter@Mig@@QEAAAEAV01@AEBV01@@Z

  ??4CExternalTransport@Mig@@QEAAAEAV01@AEBV01@@Z

  ??4CExternalTransportInitializationData@Mig@@QEAAAEAV01@$$QEAV01@@Z

  ??4CExternalTransportInitializationData@Mig@@QEAAAEAV01@AEBV01@@Z

  ??4CExternalTransportStreamProxy@Mig@@QEAAAEAV01@AEBV01@@Z

  ??4CHardLinkTransportStreamProxy@Mig@@QEAAAEAV01@AEBV01@@Z

  ??4CIMGTransport@Mig@@QEAAAEAV01@AEBV01@@Z

  ??4CLibTransport@Mig@@QEAAAEAV01@$$QEAV01@@Z

  ??4CLibTransport@Mig@@QEAAAEAV01@AEBV01@@Z

  ??4CLibTransportInitializationData@Mig@@QEAAAEAV01@$$QEAV01@@Z

  ??4CLibTransportInitializationData@Mig@@QEAAAEAV01@AEBV01@@Z

  ??4CLibrarian@Mig@@QEAAAEAV01@AEBV01@@Z

  ??4CMediaManager@Mig@@QEAAAEAV01@AEBV01@@Z

  ??4CMediaManagerStreamProxy@Mig@@QEAAAEAV01@AEBV01@@Z

  ??4CNonTrimableFileStream@Mig@@QEAAAEAV01@AEBV01@@Z

  ??4CSimulationTableStream@@QEAAAEAV0@AEBV0@@Z

  ??4CSimulationTrimableStream@Mig@@QEAAAEAV01@$$QEAV01@@Z

  ??4CSimulationTrimableStream@Mig@@QEAAAEAV01@AEBV01@@Z

  ??4CSplitFileStream@Mig@@QEAAAEAV01@AEBV01@@Z

  ??4CUNCTransport@Mig@@QEAAAEAV01@AEBV01@@Z

  ??4CUNCTransportInitializationData@Mig@@QEAAAEAV01@$$QEAV01@@Z

  ??4CUNCTransportInitializationData@Mig@@QEAAAEAV01@AEBV01@@Z

  ??4IDevice@Mig@@QEAAAEAU01@$$QEAU01@@Z

  ??4IDevice@Mig@@QEAAAEAU01@AEBU01@@Z

  ??4IDeviceInitializationData@Mig@@QEAAAEAU01@$$QEAU01@@Z

  ??4IDeviceInitializationData@Mig@@QEAAAEAU01@AEBU01@@Z

  ??4IStoreInterface@Mig@@QEAAAEAU01@$$QEAU01@@Z

  ??4IStoreInterface@Mig@@QEAAAEAU01@AEBU01@@Z

  ??4ITrimableStream@Mig@@QEAAAEAU01@$$QEAU01@@Z

  ??4ITrimableStream@Mig@@QEAAAEAU01@AEBU01@@Z

  ??4SendState@Mig@@QEAAAEAV01@$$QEAV01@@Z

  ??4SendState@Mig@@QEAAAEAV01@AEBV01@@Z

  ??7?$SmartPtr@UITrimableStream@Mig@@@UnBCL@@QEBA_NXZ

  ??7?$SmartPtr@V?$ArrayList@G@UnBCL@@@UnBCL@@QEBA_NXZ

  ??7?$SmartPtr@V?$ArrayList@PEAV?$DictionaryEntry@PEAVCFileLocation@Mig@@PEAV12@@UnBCL@@@UnBCL@@@UnBCL@@QEBA_NXZ

  ??7?$SmartPtr@VCLibrarian@Mig@@@UnBCL@@QEBA_NXZ

  ??7?$SmartPtr@VSendState@Mig@@@UnBCL@@QEBA_NXZ

  ??B?$SmartPtr@UITrimableStream@Mig@@@UnBCL@@QEBAPEAVNullTest@01@XZ

  ??B?$SmartPtr@V?$ArrayList@G@UnBCL@@@UnBCL@@QEBAPEAVNullTest@01@XZ

  ??B?$SmartPtr@V?$ArrayList@PEAV?$DictionaryEntry@PEAVCFileLocation@Mig@@PEAV12@@UnBCL@@@UnBCL@@@UnBCL@@QEBAPEAVNullTest@01@XZ

  ??B?$SmartPtr@VCLibrarian@Mig@@@UnBCL@@QEBAPEAVNullTest@01@XZ

  ??B?$SmartPtr@VSendState@Mig@@@UnBCL@@QEBAPEAVNullTest@01@XZ

  ??C?$SmartPtr@UITrimableStream@Mig@@@UnBCL@@QEBAPEAUITrimableStream@Mig@@XZ

  ??C?$SmartPtr@V?$ArrayList@G@UnBCL@@@UnBCL@@QEBAPEAV?$ArrayList@G@1@XZ

  ??C?$SmartPtr@V?$ArrayList@PEAV?$DictionaryEntry@PEAVCFileLocation@Mig@@PEAV12@@UnBCL@@@UnBCL@@@UnBCL@@QEBAPEAV?$ArrayList@PEAV?$DictionaryEntry@PEAVCFileLocation@Mig@@PEAV12@@UnBCL@@@1@XZ

  ??C?$SmartPtr@VCLibrarian@Mig@@@UnBCL@@QEBAPEAVCLibrarian@Mig@@XZ

  ??C?$SmartPtr@VSendState@Mig@@@UnBCL@@QEBAPEAVSendState@Mig@@XZ

  ??D?$SmartPtr@UITrimableStream@Mig@@@UnBCL@@QEBAAEAUITrimableStream@Mig@@XZ

  ??D?$SmartPtr@V?$ArrayList@G@UnBCL@@@UnBCL@@QEBAAEAV?$ArrayList@G@1@XZ

  ??D?$SmartPtr@V?$ArrayList@PEAV?$DictionaryEntry@PEAVCFileLocation@Mig@@PEAV12@@UnBCL@@@UnBCL@@@UnBCL@@QEBAAEAV?$ArrayList@PEAV?$DictionaryEntry@PEAVCFileLocation@Mig@@PEAV12@@UnBCL@@@1@XZ

  ??D?$SmartPtr@VCLibrarian@Mig@@@UnBCL@@QEBAAEAVCLibrarian@Mig@@XZ

  ??D?$SmartPtr@VSendState@Mig@@@UnBCL@@QEBAAEAVSendState@Mig@@XZ

  ??_7?$ArrayList@PEAVCCatalogUser@Mig@@@UnBCL@@6B01@@

  ??_7?$ArrayList@PEAVCCatalogUser@Mig@@@UnBCL@@6B?$ICollection@PEAVCCatalogUser@Mig@@@1@@

  ??_7?$ArrayList@PEAVCCatalogUser@Mig@@@UnBCL@@6B?$IEnumerable@PEAVCCatalogUser@Mig@@@1@@

  ??_7?$ArrayList@PEAVCCatalogUser@Mig@@@UnBCL@@6B?$IList@PEAVCCatalogUser@Mig@@@1@@

  ??_7?$ArrayList@PEAVCCatalogUser@Mig@@@UnBCL@@6B?$SerializableBase@V?$ArrayList@PEAVCCatalogUser@Mig@@@UnBCL@@$0A@V?$SimpleInstanceFactory@$1?OperatorNew@?$StaticOps@V?$ArrayList@PEAVCCatalogUser@Mig@@@UnBCL@@@_@UnBCL@@SAPEAUISerializable@4@XZ@2@@1@@

  ??_7?$ArrayList@PEAVCCatalogUser@Mig@@@UnBCL@@6BISerializable@1@@

  ??_7?$ArrayList@PEAVCCatalogUser@Mig@@@UnBCL@@6BObject@1@@

  ??_7?$Hashtable@IPEAUIDevice@Mig@@@UnBCL@@6B01@@

  ??_7?$Hashtable@IPEAUIDevice@Mig@@@UnBCL@@6B?$ICollection@V?$DictionaryEntry@IPEAUIDevice@Mig@@@UnBCL@@@1@@

  ??_7?$Hashtable@IPEAUIDevice@Mig@@@UnBCL@@6B?$IDictionary@IPEAUIDevice@Mig@@@1@@

  ??_7?$Hashtable@IPEAUIDevice@Mig@@@UnBCL@@6B?$IEnumerable@V?$DictionaryEntry@IPEAUIDevice@Mig@@@UnBCL@@@1@@

  ??_7?$Hashtable@IPEAUIDevice@Mig@@@UnBCL@@6BObject@1@@

  ??_7?$SerializableArrayListBase@PEAVCCatalogUser@Mig@@@_@UnBCL@@6B?$ICollection@PEAVCCatalogUser@Mig@@@2@@

  ??_7?$SerializableArrayListBase@PEAVCCatalogUser@Mig@@@_@UnBCL@@6B?$IEnumerable@PEAVCCatalogUser@Mig@@@2@@

  ??_7?$SerializableArrayListBase@PEAVCCatalogUser@Mig@@@_@UnBCL@@6B?$IList@PEAVCCatalogUser@Mig@@@2@@

  ??_7?$SerializableArrayListBase@PEAVCCatalogUser@Mig@@@_@UnBCL@@6B?$SerializableBase@V?$ArrayList@PEAVCCatalogUser@Mig@@@UnBCL@@$0A@V?$SimpleInstanceFactory@$1?OperatorNew@?$StaticOps@V?$ArrayList@PEAVCCatalogUser@Mig@@@UnBCL@@@_@UnBCL@@SAPEAUISerializable@4@XZ@2@@2@@

  ??_7?$SerializableArrayListBase@PEAVCCatalogUser@Mig@@@_@UnBCL@@6BISerializable@2@@

  ??_7?$SerializableArrayListBase@PEAVCCatalogUser@Mig@@@_@UnBCL@@6BObject@2@@

  ??_7?$SerializableBase@V?$ArrayList@PEAVCCatalogUser@Mig@@@UnBCL@@$0A@V?$SimpleInstanceFactory@$1?OperatorNew@?$StaticOps@V?$ArrayList@PEAVCCatalogUser@Mig@@@UnBCL@@@_@UnBCL@@SAPEAUISerializable@4@XZ@2@@UnBCL@@6B01@@

  ??_7?$SerializableBase@V?$ArrayList@PEAVCCatalogUser@Mig@@@UnBCL@@$0A@V?$SimpleInstanceFactory@$1?OperatorNew@?$StaticOps@V?$ArrayList@PEAVCCatalogUser@Mig@@@UnBCL@@@_@UnBCL@@SAPEAUISerializable@4@XZ@2@@UnBCL@@6BISerializable@1@@

  ??_7?$SerializableBase@V?$ArrayList@PEAVCCatalogUser@Mig@@@UnBCL@@$0A@V?$SimpleInstanceFactory@$1?OperatorNew@?$StaticOps@V?$ArrayList@PEAVCCatalogUser@Mig@@@UnBCL@@@_@UnBCL@@SAPEAUISerializable@4@XZ@2@@UnBCL@@6BObject@1@@

  ??_7?$SerializableBase@VCCatalogEntry@Mig@@$0A@V?$DefaultInstanceFactory@VCCatalogEntry@Mig@@@UnBCL@@@UnBCL@@6B01@@

  ??_7?$SerializableBase@VCCatalogEntry@Mig@@$0A@V?$DefaultInstanceFactory@VCCatalogEntry@Mig@@@UnBCL@@@UnBCL@@6BISerializable@1@@

  ??_7?$SerializableBase@VCCatalogEntry@Mig@@$0A@V?$DefaultInstanceFactory@VCCatalogEntry@Mig@@@UnBCL@@@UnBCL@@6BObject@1@@

  ??_7?$SerializableBase@VCCatalogUser@Mig@@$0A@V?$DefaultInstanceFactory@VCCatalogUser@Mig@@@UnBCL@@@UnBCL@@6B01@@

  ??_7?$SerializableBase@VCCatalogUser@Mig@@$0A@V?$DefaultInstanceFactory@VCCatalogUser@Mig@@@UnBCL@@@UnBCL@@6BISerializable@1@@

  ??_7?$SerializableBase@VCCatalogUser@Mig@@$0A@V?$DefaultInstanceFactory@VCCatalogUser@Mig@@@UnBCL@@@UnBCL@@6BObject@1@@

  ??_7?$SerializableBase@VCCatalogUserList@Mig@@$0A@V?$DefaultInstanceFactory@VCCatalogUserList@Mig@@@UnBCL@@@UnBCL@@6B01@@

  ??_7?$SerializableBase@VCCatalogUserList@Mig@@$0A@V?$DefaultInstanceFactory@VCCatalogUserList@Mig@@@UnBCL@@@UnBCL@@6BISerializable@1@@

  ??_7?$SerializableBase@VCCatalogUserList@Mig@@$0A@V?$DefaultInstanceFactory@VCCatalogUserList@Mig@@@UnBCL@@@UnBCL@@6BObject@1@@

  ??_7?$SmartPtr@UITrimableStream@Mig@@@UnBCL@@6B@

  ??_7?$SmartPtr@V?$ArrayList@G@UnBCL@@@UnBCL@@6B@

  ??_7?$SmartPtr@V?$ArrayList@PEAV?$DictionaryEntry@PEAVCFileLocation@Mig@@PEAV12@@UnBCL@@@UnBCL@@@UnBCL@@6B@

  ??_7?$SmartPtr@VCLibrarian@Mig@@@UnBCL@@6B@

  ??_7?$SmartPtr@VSendState@Mig@@@UnBCL@@6B@

  ??_7CAlternateStreamHolder@Mig@@6B@

  ??_7CCatalog@Mig@@6B@

  ??_7CCatalogEntry@Mig@@6B?$SerializableBase@VCCatalogEntry@Mig@@$0A@V?$DefaultInstanceFactory@VCCatalogEntry@Mig@@@UnBCL@@@UnBCL@@@

  ??_7CCatalogEntry@Mig@@6B@

  ??_7CCatalogEntry@Mig@@6BISerializable@UnBCL@@@

  ??_7CCatalogLinearIterator@Mig@@6B@

  ??_7CCatalogNavigator@Mig@@6B@

  ??_7CCatalogNavigator@Mig@@6BIDataStoreNavigator@1@@

  ??_7CCatalogUser@Mig@@6B?$SerializableBase@VCCatalogUser@Mig@@$0A@V?$DefaultInstanceFactory@VCCatalogUser@Mig@@@UnBCL@@@UnBCL@@@

  ??_7CCatalogUser@Mig@@6B@

  ??_7CCatalogUser@Mig@@6BISerializable@UnBCL@@@

  ??_7CCatalogUserList@Mig@@6B?$ArrayList@PEAVCCatalogUser@Mig@@@UnBCL@@@

  ??_7CCatalogUserList@Mig@@6B?$ICollection@PEAVCCatalogUser@Mig@@@UnBCL@@@

  ??_7CCatalogUserList@Mig@@6B?$IEnumerable@PEAVCCatalogUser@Mig@@@UnBCL@@@

  ??_7CCatalogUserList@Mig@@6B?$IList@PEAVCCatalogUser@Mig@@@UnBCL@@@

  ??_7CCatalogUserList@Mig@@6B?$SerializableBase@V?$ArrayList@PEAVCCatalogUser@Mig@@@UnBCL@@$0A@V?$SimpleInstanceFactory@$1?OperatorNew@?$StaticOps@V?$ArrayList@PEAVCCatalogUser@Mig@@@UnBCL@@@_@UnBCL@@SAPEAUISerializable@4@XZ@2@@UnBCL@@@

  ??_7CCatalogUserList@Mig@@6B?$SerializableBase@VCCatalogUserList@Mig@@$0A@V?$DefaultInstanceFactory@VCCatalogUserList@Mig@@@UnBCL@@@UnBCL@@@

  ??_7CCatalogUserList@Mig@@6BISerializable@UnBCL@@@

  ??_7CCatalogUserList@Mig@@6BObject@UnBCL@@@

  ??_7CConnectionPipeTransportStreamProxy@Mig@@6B@

  ??_7CConnectionPipeTransportStreamProxy@Mig@@6BIFileStreamProxy@1@@

  ??_7CConnectionPipeTransportStreamProxy@Mig@@6BIOptimizedFileStreamProxy@1@@

  ??_7CConnectionPipeTransportStreamProxy@Mig@@6BIStreamProxy@1@@

  ??_7CConnectionPipeTransportStreamProxy@Mig@@6BObject@UnBCL@@@

  ??_7CDeviceLockedObject@Mig@@6B@

  ??_7CDeviceProgressAdapter@Mig@@6B@

  ??_7CExternalTransport@Mig@@6B@

  ??_7CExternalTransportInitializationData@Mig@@6B@

  ??_7CExternalTransportStreamProxy@Mig@@6B@

  ??_7CExternalTransportStreamProxy@Mig@@6BIFileStreamProxy@1@@

  ??_7CExternalTransportStreamProxy@Mig@@6BIOptimizedFileStreamProxy@1@@

  ??_7CExternalTransportStreamProxy@Mig@@6BIStreamProxy@1@@

  ??_7CExternalTransportStreamProxy@Mig@@6BObject@UnBCL@@@

  ??_7CHardLinkTransportStreamProxy@Mig@@6B@

  ??_7CHardLinkTransportStreamProxy@Mig@@6BIFileStreamProxy@1@@

  ??_7CHardLinkTransportStreamProxy@Mig@@6BIOptimizedFileStreamProxy@1@@

  ??_7CHardLinkTransportStreamProxy@Mig@@6BIStreamProxy@1@@

  ??_7CHardLinkTransportStreamProxy@Mig@@6BObject@UnBCL@@@

  ??_7CIMGTransport@Mig@@6B@

  ??_7CLibTransport@Mig@@6B@

  ??_7CLibTransportInitializationData@Mig@@6B@

  ??_7CLibrarian@Mig@@6B@

  ??_7CMediaManager@Mig@@6B@

  ??_7CMediaManager@Mig@@6BIStoreInterface@1@@

  ??_7CMediaManagerStreamProxy@Mig@@6B@

  ??_7CMediaManagerStreamProxy@Mig@@6BIFileStreamProxy@1@@

  ??_7CMediaManagerStreamProxy@Mig@@6BIOptimizedFileStreamProxy@1@@

  ??_7CMediaManagerStreamProxy@Mig@@6BIStreamProxy@1@@

  ??_7CMediaManagerStreamProxy@Mig@@6BObject@UnBCL@@@

  ??_7CNonTrimableFileStream@Mig@@6BIDisposable@UnBCL@@@

  ??_7CNonTrimableFileStream@Mig@@6BObject@UnBCL@@@

  ??_7CNonTrimableFileStream@Mig@@6BStream@UnBCL@@@

  ??_7CSimulationTableStream@@6BIDisposable@UnBCL@@@

  ??_7CSimulationTableStream@@6BObject@UnBCL@@@

  ??_7CSimulationTableStream@@6BStream@UnBCL@@@

  ??_7CSimulationTrimableStream@Mig@@6BIDisposable@UnBCL@@@

  ??_7CSimulationTrimableStream@Mig@@6BObject@UnBCL@@@

  ??_7CSimulationTrimableStream@Mig@@6BStream@UnBCL@@@

  ??_7CSplitFileStream@Mig@@6BIDisposable@UnBCL@@@

  ??_7CSplitFileStream@Mig@@6BObject@UnBCL@@@

  ??_7CSplitFileStream@Mig@@6BStream@UnBCL@@@

  ??_7CUNCTransport@Mig@@6B@

  ??_7CUNCTransportInitializationData@Mig@@6B@

  ??_7SendState@Mig@@6B@

  ??_8?$ArrayList@PEAVCCatalogUser@Mig@@@UnBCL@@7B?$ICollection@PEAVCCatalogUser@Mig@@@1@@

  ??_8?$ArrayList@PEAVCCatalogUser@Mig@@@UnBCL@@7B?$IList@PEAVCCatalogUser@Mig@@@1@@

  ??_8?$ArrayList@PEAVCCatalogUser@Mig@@@UnBCL@@7B?$SerializableArrayListBase@PEAVCCatalogUser@Mig@@@_@1@@

  ??_8?$ArrayList@PEAVCCatalogUser@Mig@@@UnBCL@@7B?$SerializableBase@V?$ArrayList@PEAVCCatalogUser@Mig@@@UnBCL@@$0A@V?$SimpleInstanceFactory@$1?OperatorNew@?$StaticOps@V?$ArrayList@PEAVCCatalogUser@Mig@@@UnBCL@@@_@UnBCL@@SAPEAUISerializable@4@XZ@2@@1@@

  ??_8?$ArrayList@PEAVCCatalogUser@Mig@@@UnBCL@@7B@

  ??_8?$ArrayList@PEAVCCatalogUser@Mig@@@UnBCL@@7BISerializable@1@@

  ??_8?$Hashtable@IPEAUIDevice@Mig@@@UnBCL@@7B?$ICollection@V?$DictionaryEntry@IPEAUIDevice@Mig@@@UnBCL@@@1@@

  ??_8?$Hashtable@IPEAUIDevice@Mig@@@UnBCL@@7B?$IDictionary@IPEAUIDevice@Mig@@@1@@

  ??_8?$Hashtable@IPEAUIDevice@Mig@@@UnBCL@@7B@

  ??_8CCatalogEntry@Mig@@7B01@@

  ??_8CCatalogEntry@Mig@@7B?$SerializableBase@VCCatalogEntry@Mig@@$0A@V?$DefaultInstanceFactory@VCCatalogEntry@Mig@@@UnBCL@@@UnBCL@@@

  ??_8CCatalogEntry@Mig@@7BISerializable@UnBCL@@@

  ??_8CCatalogNavigator@Mig@@7B01@@

  ??_8CCatalogNavigator@Mig@@7BIDataStoreNavigator@1@@

  ??_8CCatalogUser@Mig@@7B?$SerializableBase@VCCatalogUser@Mig@@$0A@V?$DefaultInstanceFactory@VCCatalogUser@Mig@@@UnBCL@@@UnBCL@@@

  ??_8CCatalogUser@Mig@@7B@

  ??_8CCatalogUser@Mig@@7BISerializable@UnBCL@@@

  ??_8CCatalogUserList@Mig@@7B01@@

  ??_8CCatalogUserList@Mig@@7B?$ArrayList@PEAVCCatalogUser@Mig@@@UnBCL@@@

  ??_8CCatalogUserList@Mig@@7B?$ICollection@PEAVCCatalogUser@Mig@@@UnBCL@@@

  ??_8CCatalogUserList@Mig@@7B?$IList@PEAVCCatalogUser@Mig@@@UnBCL@@@

  ??_8CCatalogUserList@Mig@@7B?$SerializableArrayListBase@PEAVCCatalogUser@Mig@@@_@UnBCL@@@

  ??_8CCatalogUserList@Mig@@7B?$SerializableBase@V?$ArrayList@PEAVCCatalogUser@Mig@@@UnBCL@@$0A@V?$SimpleInstanceFactory@$1?OperatorNew@?$StaticOps@V?$ArrayList@PEAVCCatalogUser@Mig@@@UnBCL@@@_@UnBCL@@SAPEAUISerializable@4@XZ@2@@UnBCL@@@

  ??_8CCatalogUserList@Mig@@7B?$SerializableBase@VCCatalogUserList@Mig@@$0A@V?$DefaultInstanceFactory@VCCatalogUserList@Mig@@@UnBCL@@@UnBCL@@@

  ??_8CCatalogUserList@Mig@@7BISerializable@UnBCL@@@

  ??_8CConnectionPipeTransportStreamProxy@Mig@@7B@

  ??_8CConnectionPipeTransportStreamProxy@Mig@@7BCMediaManagerStreamProxy@1@@

  ??_8CConnectionPipeTransportStreamProxy@Mig@@7BIFileStreamProxy@1@@

  ??_8CConnectionPipeTransportStreamProxy@Mig@@7BIOptimizedFileStreamProxy@1@@

  ??_8CConnectionPipeTransportStreamProxy@Mig@@7BIStreamProxy@1@@

  ??_8CExternalTransportStreamProxy@Mig@@7B@

  ??_8CExternalTransportStreamProxy@Mig@@7BCMediaManagerStreamProxy@1@@

  ??_8CExternalTransportStreamProxy@Mig@@7BIFileStreamProxy@1@@

  ??_8CExternalTransportStreamProxy@Mig@@7BIOptimizedFileStreamProxy@1@@

  ??_8CExternalTransportStreamProxy@Mig@@7BIStreamProxy@1@@

  ??_8CHardLinkTransportStreamProxy@Mig@@7B@

  ??_8CHardLinkTransportStreamProxy@Mig@@7BCMediaManagerStreamProxy@1@@

  ??_8CHardLinkTransportStreamProxy@Mig@@7BIFileStreamProxy@1@@

  ??_8CHardLinkTransportStreamProxy@Mig@@7BIOptimizedFileStreamProxy@1@@

  ??_8CHardLinkTransportStreamProxy@Mig@@7BIStreamProxy@1@@

  ??_8CMediaManager@Mig@@7B01@@

  ??_8CMediaManager@Mig@@7BIStoreInterface@1@@

  ??_8CMediaManagerStreamProxy@Mig@@7B01@@

  ??_8CMediaManagerStreamProxy@Mig@@7BIFileStreamProxy@1@@

  ??_8CMediaManagerStreamProxy@Mig@@7BIOptimizedFileStreamProxy@1@@

  ??_8CMediaManagerStreamProxy@Mig@@7BIStreamProxy@1@@

  ??_8CNonTrimableFileStream@Mig@@7BIDisposable@UnBCL@@@

  ??_8CNonTrimableFileStream@Mig@@7BStream@UnBCL@@@

  ??_8CSimulationTableStream@@7BIDisposable@UnBCL@@@

  ??_8CSimulationTableStream@@7BStream@UnBCL@@@

  ??_8CSimulationTrimableStream@Mig@@7BIDisposable@UnBCL@@@

  ??_8CSimulationTrimableStream@Mig@@7BStream@UnBCL@@@

  ??_8CSplitFileStream@Mig@@7BIDisposable@UnBCL@@@

  ??_8CSplitFileStream@Mig@@7BStream@UnBCL@@@

  ??_D?$ArrayList@PEAVCCatalogUser@Mig@@@UnBCL@@QEAAXXZ

  ??_D?$Hashtable@IPEAUIDevice@Mig@@@UnBCL@@QEAAXXZ

  ??_DCCatalogEntry@Mig@@QEAAXXZ

  ??_DCCatalogNavigator@Mig@@QEAAXXZ

  ??_DCCatalogUser@Mig@@QEAAXXZ

  ??_DCCatalogUserList@Mig@@QEAAXXZ

  ??_DCConnectionPipeTransportStreamProxy@Mig@@QEAAXXZ

  ??_DCExternalTransportStreamProxy@Mig@@QEAAXXZ

  ??_DCHardLinkTransportStreamProxy@Mig@@QEAAXXZ

  ??_DCMediaManager@Mig@@QEAAXXZ

  ??_DCMediaManagerStreamProxy@Mig@@QEAAXXZ

  ??_DCNonTrimableFileStream@Mig@@QEAAXXZ

  ??_DCSimulationTableStream@@QEAAXXZ

  ??_DCSimulationTrimableStream@Mig@@QEAAXXZ

  ??_DCSplitFileStream@Mig@@QEAAXXZ

  ?AbandonCommited@CNonTrimableFileStream@Mig@@UEAAXXZ

  ?AbandonCommited@CSimulationTrimableStream@Mig@@UEAAXXZ

  ?AbandonCommited@CSplitFileStream@Mig@@UEAAXXZ

  ?Add@?$ArrayList@PEAVCCatalogUser@Mig@@@UnBCL@@UEAAHPEAVCCatalogUser@Mig@@@Z

  ?Add@?$Hashtable@IPEAUIDevice@Mig@@@UnBCL@@UEAAXIPEAUIDevice@Mig@@@Z

  ?AddComplexNode@CCatalog@Mig@@AEAAXPEAPEAV?$CTreeNode@VCCatalogTreeData@Mig@@@2@0PEAVString@UnBCL@@PEAUIMigLocation@2@2@Z

  ?AddDictionary@?$Hashtable@IPEAUIDevice@Mig@@@UnBCL@@AEAAXPEBU?$IDictionary@IPEAUIDevice@Mig@@@2@@Z

  ?AddNonExistEntry@CCatalog@Mig@@QEAAHW4CatalogNamespace@2@PEAVString@UnBCL@@PEAUIMigLocation@2@@Z

  ?AddObject@CCatalog@Mig@@QEAAHW4CatalogNamespace@2@PEAVString@UnBCL@@PEAUIMigLocation@2@22PEAVStream@5@PEAV?$Array@E@5@41KPEAU?$IDictionary@PEAVString@UnBCL@@PEAVCAlternateStreamHolder@Mig@@@5@@Z

  ?AddObject@CLibrarian@Mig@@QEAAXPEAVStream@UnBCL@@PEAVString@4@PEAUILocalProgress@@PEA_J@Z

  ?AddObject@CMediaManager@Mig@@UEAAXPEAVCUserContext@2@PEAVCFileSystemRootMapping@2@PEAVCDataUnit@2@PEAUIMigLocation@2@3PEAUILocalProgress@@HH@Z

  ?AddObjectNode@CCatalog@Mig@@AEAAPEAV?$CTreeNode@VCCatalogTreeData@Mig@@@2@PEAVString@UnBCL@@PEAUIMigLocation@2@@Z

  ?AddObjectToUserView@CCatalog@Mig@@QEAAHW4CatalogNamespace@2@PEAVString@UnBCL@@PEAUIMigLocation@2@@Z

  ?AddRange@?$ArrayList@PEAVCCatalogUser@Mig@@@UnBCL@@UEAAXPEBU?$ICollection@PEAVCCatalogUser@Mig@@@2@@Z

  ?Assign@?$SmartPtr@UITrimableStream@Mig@@@UnBCL@@AEAAXAEBV12@@Z

  ?Assign@?$SmartPtr@UITrimableStream@Mig@@@UnBCL@@AEAAXPEAUITrimableStream@Mig@@@Z

  ?Assign@?$SmartPtr@V?$ArrayList@G@UnBCL@@@UnBCL@@AEAAXAEBV12@@Z

  ?Assign@?$SmartPtr@V?$ArrayList@G@UnBCL@@@UnBCL@@AEAAXPEAV?$ArrayList@G@2@@Z

  ?Assign@?$SmartPtr@V?$ArrayList@PEAV?$DictionaryEntry@PEAVCFileLocation@Mig@@PEAV12@@UnBCL@@@UnBCL@@@UnBCL@@AEAAXAEBV12@@Z

  ?Assign@?$SmartPtr@V?$ArrayList@PEAV?$DictionaryEntry@PEAVCFileLocation@Mig@@PEAV12@@UnBCL@@@UnBCL@@@UnBCL@@AEAAXPEAV?$ArrayList@PEAV?$DictionaryEntry@PEAVCFileLocation@Mig@@PEAV12@@UnBCL@@@2@@Z

  ?Assign@?$SmartPtr@VCLibrarian@Mig@@@UnBCL@@AEAAXAEBV12@@Z

  ?Assign@?$SmartPtr@VCLibrarian@Mig@@@UnBCL@@AEAAXPEAVCLibrarian@Mig@@@Z

  ?Assign@?$SmartPtr@VSendState@Mig@@@UnBCL@@AEAAXAEBV12@@Z

  ?Assign@?$SmartPtr@VSendState@Mig@@@UnBCL@@AEAAXPEAVSendState@Mig@@@Z

  ?BeginContext@CDeviceProgressAdapter@Mig@@UEAAXPEAVString@UnBCL@@@Z

  ?BeginMigrationUnit@CDeviceProgressAdapter@Mig@@UEAAXPEAUIMigUnit@@W4EXECUTION_PHASE@@@Z

  ?BinarySearch@?$ArrayList@PEAVCCatalogUser@Mig@@@UnBCL@@AEAAHHHPEAVCCatalogUser@Mig@@PEAU?$IComparer@PEAVCCatalogUser@Mig@@@2@@Z

  ?BinarySearch@?$ArrayList@PEAVCCatalogUser@Mig@@@UnBCL@@SAHPEAV12@PEAVCCatalogUser@Mig@@PEAU?$IComparer@PEAVCCatalogUser@Mig@@@2@@Z

  ?BinarySearch@?$ArrayList@PEAVCCatalogUser@Mig@@@UnBCL@@UEAAHPEAVCCatalogUser@Mig@@PEAU?$IComparer@PEAVCCatalogUser@Mig@@@2@@Z

  ?BuildObjectFilePath@CUNCTransport@Mig@@IEAAPEAVString@UnBCL@@PEBGGG@Z

  ?BuildObjectFilePath@CUNCTransport@Mig@@IEAAPEAVString@UnBCL@@PEBGHPEAPEAV34@@Z

  ?BuildSearchTree@CCatalog@Mig@@AEAAXT_ULARGE_INTEGER@@HPEAVString@UnBCL@@@Z

  ?BuildUserMap@CCatalog@Mig@@AEAAXPEAV?$ArrayList@PEAVString@UnBCL@@@UnBCL@@@Z

  ?BuildUserMap@CCatalog@Mig@@AEAAXPEAVCCatalogUserList@2@@Z

  ?CanCreateFile@CConnectionPipeTransportStreamProxy@Mig@@UEAAHXZ

  ?CanCreateFile@CExternalTransportStreamProxy@Mig@@UEAAHXZ

  ?CanCreateFile@CHardLinkTransportStreamProxy@Mig@@UEAAHXZ

  ?CheckForDeviceErrors@CNonTrimableFileStream@Mig@@IEBAXPEAVException@UnBCL@@@Z

  ?CheckForDeviceErrors@CSplitFileStream@Mig@@IEBAXPEAVException@UnBCL@@@Z

  ?Clear@?$ArrayList@PEAVCCatalogUser@Mig@@@UnBCL@@UEAAXXZ

  ?Clear@?$Hashtable@IPEAUIDevice@Mig@@@UnBCL@@UEAAXXZ

  ?Clone@?$ArrayList@PEAVCCatalogUser@Mig@@@UnBCL@@UEBAPEAVObject@2@XZ

  ?Clone@?$Hashtable@IPEAUIDevice@Mig@@@UnBCL@@UEBAPEAVObject@2@XZ

  ?Clone@CConnectionPipeTransportStreamProxy@Mig@@UEBAPEAVObject@UnBCL@@XZ

  ?Clone@CDeviceLockedObject@Mig@@UEBAPEAVObject@UnBCL@@XZ

  ?Clone@CExternalTransportStreamProxy@Mig@@UEBAPEAVObject@UnBCL@@XZ

  ?Clone@CHardLinkTransportStreamProxy@Mig@@UEBAPEAVObject@UnBCL@@XZ

  ?Clone@CMediaManagerStreamProxy@Mig@@UEBAPEAVObject@UnBCL@@XZ

  ?Close@CExternalTransport@Mig@@UEAAXH@Z

  ?Close@CIMGTransport@Mig@@UEAAXH@Z

  ?Close@CLibTransport@Mig@@UEAAXH@Z

  ?Close@CLibrarian@Mig@@QEAAXH@Z

  ?Close@CNonTrimableFileStream@Mig@@UEAAXXZ

  ?Close@CSimulationTableStream@@UEAAXXZ

  ?Close@CSimulationTrimableStream@Mig@@UEAAXXZ

  ?Close@CSplitFileStream@Mig@@UEAAXXZ

  ?Close@CUNCTransport@Mig@@UEAAXH@Z

  ?CloseTransport@CMediaManager@Mig@@UEAAXH@Z

  ?Commit@CNonTrimableFileStream@Mig@@UEAAX_J@Z

  ?Commit@CSimulationTrimableStream@Mig@@UEAAX_J@Z

  ?Commit@CSplitFileStream@Mig@@UEAAX_J@Z

  ?CompressAndEncryptBuffer@CLibrarian@Mig@@IEAAXKH@Z

  ?Contains@?$ArrayList@PEAVCCatalogUser@Mig@@@UnBCL@@UEBAHQEAVCCatalogUser@Mig@@@Z

  ?Contains@?$Hashtable@IPEAUIDevice@Mig@@@UnBCL@@UEBAHI@Z

  ?ContainsKey@?$Hashtable@IPEAUIDevice@Mig@@@UnBCL@@UEBAHI@Z

  ?ContainsValue@?$Hashtable@IPEAUIDevice@Mig@@@UnBCL@@UEBAHPEAUIDevice@Mig@@@Z

  ?Copy@?$ArrayList@PEAVCCatalogUser@Mig@@@UnBCL@@SAXPEBV12@HPEAV12@HH@Z

  ?Copy@?$ArrayList@PEAVCCatalogUser@Mig@@@UnBCL@@SAXPEBV12@PEAV12@H@Z

  ?CopyTo@?$ArrayList@PEAVCCatalogUser@Mig@@@UnBCL@@UEBAXPEAV?$Array@PEAVCCatalogUser@Mig@@@2@H@Z

  ?CopyTo@?$Hashtable@IPEAUIDevice@Mig@@@UnBCL@@UEBAXPEAV?$Array@V?$DictionaryEntry@IPEAUIDevice@Mig@@@UnBCL@@@2@H@Z

  Sections

  .text

  Size: 572KB - Virtual size: 572KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: 545KB - Virtual size: 545KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: 46KB - Virtual size: 47KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .pdata

  Size: 23KB - Virtual size: 23KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .rsrc

  Size: 1KB - Virtual size: 1KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .reloc

  Size: 10KB - Virtual size: 9KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ

• port/det/msftedit.dll

  .dll windows x64

  3ad9b43610cf02f830e2e8bacdc12b48

  
  

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA

  IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

  IMAGE_DLLCHARACTERISTICS_NX_COMPAT

  IMAGE_DLLCHARACTERISTICS_GUARD_CF

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_LARGE_ADDRESS_AWARE

  Imports

  api-ms-win-crt-string-l1-1-0

  wcsnlen

  wcsncmp

  strnlen

  memset

  strncmp

  api-ms-win-crt-runtime-l1-1-0

  _initterm_e

  _initterm

  api-ms-win-crt-private-l1-1-0

  _o__initialize_narrow_environment

  _o__initialize_onexit_table

  _o__invalid_parameter_noinfo

  _o__invalid_parameter_noinfo_noreturn

  _o__itow_s

  _o__register_onexit_function

  _o__seh_filter_dll

  memmove

  _o__wcsicmp

  _o__wcsnicmp

  _o_free

  _o_iswdigit

  _o_iswpunct

  _o_iswspace

  _o_malloc

  _o_memcpy_s

  _o_pow

  _o_qsort

  _o_realloc

  _o_sqrt

  _o_strncpy_s

  _o_wcscat_s

  _o_wcscpy_s

  _o_wcsncpy_s

  _o_wcstod

  _o_wmemcpy_s

  __CxxFrameHandler3

  __std_terminate

  _CxxThrowException

  _o__execute_onexit_table

  _o__errno

  _o__crt_atexit

  _o__configure_narrow_argv

  _o__cexit

  _o__callnewh

  _o___stdio_common_vswscanf

  _o___stdio_common_vswprintf_s

  _o___stdio_common_vswprintf

  _o___stdio_common_vsprintf_s

  _o___stdio_common_vsnprintf_s

  _o___std_type_info_destroy_list

  _o___std_exception_destroy

  _o___std_exception_copy

  __CxxFrameHandler4

  wcschr

  wcsstr

  __C_specific_handler

  memcmp

  memcpy

  api-ms-win-core-errorhandling-l1-1-0

  GetLastError

  SetUnhandledExceptionFilter

  UnhandledExceptionFilter

  RaiseException

  SetLastError

  api-ms-win-core-string-l1-1-0

  WideCharToMultiByte

  GetStringTypeExW

  CompareStringOrdinal

  MultiByteToWideChar

  CompareStringEx

  api-ms-win-core-libraryloader-l1-2-0

  GetProcAddress

  LoadLibraryExW

  GetModuleFileNameW

  GetModuleHandleExW

  GetModuleHandleW

  DisableThreadLibraryCalls

  FreeLibrary

  LoadResource

  GetModuleFileNameA

  GetModuleHandleA

  LoadStringW

  api-ms-win-core-localization-l1-2-0

  FormatMessageW

  GetLocaleInfoW

  IsValidCodePage

  LocaleNameToLCID

  LCMapStringEx

  GetSystemDefaultLangID

  ResolveLocaleName

  GetLocaleInfoEx

  GetSystemDefaultLCID

  GetThreadLocale

  GetUserDefaultLCID

  api-ms-win-core-processthreads-l1-1-0

  TlsSetValue

  GetCurrentProcessId

  GetCurrentThreadId

  TlsGetValue

  TlsFree

  TerminateProcess

  TlsAlloc

  GetCurrentProcess

  api-ms-win-core-string-obsolete-l1-1-0

  lstrcmpiA

  api-ms-win-core-sysinfo-l1-1-0

  GetSystemDirectoryW

  GetTickCount64

  GetSystemTimeAsFileTime

  GetTickCount

  api-ms-win-core-localization-l1-2-2

  LCIDToLocaleName

  api-ms-win-core-winrt-error-l1-1-0

  RoOriginateError

  RoOriginateErrorW

  SetRestrictedErrorInfo

  oleaut32

  SysAllocStringByteLen

  SafeArrayGetElement

  VariantClear

  SysFreeString

  VariantInit

  api-ms-win-core-handle-l1-1-0

  CloseHandle

  api-ms-win-core-file-l1-1-0

  WriteFile

  CreateFileW

  GetFileType

  ReadFile

  SetFilePointer

  api-ms-win-core-atoms-l1-1-0

  FindAtomA

  api-ms-win-core-synch-l1-1-0

  ReleaseSemaphore

  WaitForSingleObject

  ReleaseMutex

  CreateSemaphoreExW

  InitializeSRWLock

  CreateEventW

  ResetEvent

  DeleteCriticalSection

  WaitForSingleObjectEx

  SetEvent

  AcquireSRWLockShared

  InitializeCriticalSectionAndSpinCount

  OpenSemaphoreW

  AcquireSRWLockExclusive

  CreateMutexExW

  LeaveCriticalSection

  CreateEventExW

  ReleaseSRWLockShared

  EnterCriticalSection

  ReleaseSRWLockExclusive

  WaitForMultipleObjectsEx

  api-ms-win-core-util-l1-1-0

  DecodePointer

  EncodePointer

  api-ms-win-core-quirks-l1-1-0

  QuirkIsEnabled

  api-ms-win-core-synch-l1-2-0

  InitOnceComplete

  InitOnceBeginInitialize

  InitOnceExecuteOnce

  api-ms-win-core-sysinfo-l1-2-0

  VerSetConditionMask

  api-ms-win-core-kernel32-legacy-l1-1-1

  VerifyVersionInfoW

  api-ms-win-core-registry-l1-1-0

  RegGetValueW

  RegSetValueExW

  RegQueryValueExW

  RegCreateKeyExW

  RegEnumKeyExW

  RegCloseKey

  RegQueryValueExA

  RegOpenKeyExA

  RegOpenKeyExW

  api-ms-win-core-winrt-error-l1-1-1

  RoGetMatchingRestrictedErrorInfo

  api-ms-win-eventing-provider-l1-1-0

  EventWriteTransfer

  EventSetInformation

  EventUnregister

  EventRegister

  api-ms-win-core-libraryloader-l1-2-1

  FindResourceW

  ntdll

  SbSelectProcedure

  WinSqmIncrementDWORD

  WinSqmIsOptedIn

  api-ms-win-core-heap-l2-1-0

  LocalFree

  GlobalAlloc

  GlobalFree

  api-ms-win-core-heap-obsolete-l1-1-0

  GlobalUnlock

  GlobalFlags

  GlobalReAlloc

  GlobalLock

  GlobalHandle

  GlobalSize

  api-ms-win-core-rtlsupport-l1-1-0

  RtlCaptureContext

  RtlLookupFunctionEntry

  RtlVirtualUnwind

  api-ms-win-core-debug-l1-1-0

  OutputDebugStringW

  DebugBreak

  IsDebuggerPresent

  api-ms-win-core-processthreads-l1-1-1

  IsProcessorFeaturePresent

  api-ms-win-core-profile-l1-1-0

  QueryPerformanceCounter

  api-ms-win-core-interlocked-l1-1-0

  InitializeSListHead

  api-ms-win-core-apiquery-l1-1-0

  ApiSetQueryApiSetPresence

  api-ms-win-core-heap-l1-1-0

  GetProcessHeap

  HeapAlloc

  HeapFree

  api-ms-win-core-threadpool-legacy-l1-1-0

  QueueUserWorkItem

  api-ms-win-core-threadpool-l1-2-0

  WaitForThreadpoolWorkCallbacks

  SubmitThreadpoolWork

  CreateThreadpoolWork

  CloseThreadpoolWork

  api-ms-win-core-path-l1-1-0

  PathCchAppend

  api-ms-win-core-shlwapi-legacy-l1-1-0

  PathFileExistsW

  api-ms-win-security-sddl-l1-1-0

  ConvertStringSecurityDescriptorToSecurityDescriptorW

  api-ms-win-core-registry-l1-1-1

  RegDeleteKeyValueW

  api-ms-win-core-delayload-l1-1-1

  ResolveDelayLoadedAPI

  api-ms-win-core-delayload-l1-1-0

  DelayLoadFailureHook

  api-ms-win-crt-math-l1-1-0

  ceilf

  Exports

  Exports

  CreateTextServices

  DisableOleinitCheck

  DllGetActivationFactory

  DllGetVersion

  GetMathAlphanumeric

  GetMathAlphanumericCode

  IID_IRichEditOle

  IID_IRichEditOleCallback

  IID_IRicheditUiaNotificationOverrides

  IID_IRicheditUiaOverrides

  IID_IRicheditWindowlessAccessibility

  IID_ITextDocument2

  IID_ITextHost

  IID_ITextHost2

  IID_ITextServices

  IID_ITextServices2

  MathBuildDown

  MathBuildUp

  MathTranslate

  RichEdit10ANSIWndProc

  RichEditANSIWndProc

  RichEditWndProc

  SetCustomTextOutHandlerEx

  SetTextServicesDpiCalculationOverride

  ShutdownTextServices

  Sections

  .text

  Size: 2.6MB - Virtual size: 2.6MB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: 421KB - Virtual size: 421KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: 12KB - Virtual size: 27KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .pdata

  Size: 98KB - Virtual size: 97KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .didat

  Size: 2KB - Virtual size: 2KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rsrc

  Size: 102KB - Virtual size: 101KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .reloc

  Size: 25KB - Virtual size: 25KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ