cimwin32.pdb
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
98ce02c38b4363fbe61d20d36e9993ec2f34993a0d279b4591dd559b781cda01.dll
Resource
win10v2004-20240611-en
windows10-2004-x64
0 signatures
150 seconds
General
-
Target
98ce02c38b4363fbe61d20d36e9993ec2f34993a0d279b4591dd559b781cda01
-
Size
1.8MB
-
MD5
3dd716f20fbdb5e2d09f1ca152a7db4c
-
SHA1
9e5b06c98d0253e38ecc48f5f0aaa9484cdaed28
-
SHA256
98ce02c38b4363fbe61d20d36e9993ec2f34993a0d279b4591dd559b781cda01
-
SHA512
9f381bb83833cdd53cbb187909ee06260c91461f4bed558c335e18428d39dd1e5941057d9a3f1cd9655ffb44694461ce507e92e5753ff72b6fc72a170e247091
-
SSDEEP
49152:sLErht9IwRbU5z1aZhzYqi9P6mmyS6kFU0F:CpOzOS6
Score
3/10
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 98ce02c38b4363fbe61d20d36e9993ec2f34993a0d279b4591dd559b781cda01
Files
-
98ce02c38b4363fbe61d20d36e9993ec2f34993a0d279b4591dd559b781cda01.dll regsvr32 windows:10 windows x64 arch:x64
29cbee08357447772e273e5949ede956
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
PDB Paths
Imports
msvcrt
?_set_se_translator@@YAP6AXIPEAU_EXCEPTION_POINTERS@@@ZP6AXI0@Z@Z
_itow
mbstowcs
iswdigit
_wsplitpath_s
_wcslwr
toupper
_purecall
_wcsupr
time
isspace
isdigit
wcsspn
iswalpha
wcsrchr
_vsnprintf
wcstol
swscanf_s
memcpy_s
_vsnprintf_s
??0exception@@QEAA@XZ
??1exception@@UEAA@XZ
??0exception@@QEAA@AEBV0@@Z
memmove_s
_beginthreadex
malloc
_wmakepath_s
_wcsdup
_ltow
_wcsnicmp
wcstok_s
_errno
__C_specific_handler
sscanf_s
_waccess
_wtoi
??0exception@@QEAA@AEBQEBD@Z
??0exception@@QEAA@AEBQEBDH@Z
?what@exception@@UEBAPEBDXZ
_CxxThrowException
__CxxFrameHandler3
memcpy
memmove
_lock
wcsncmp
_unlock
_XcptFilter
_amsg_exit
_i64tow_s
_initterm
_wtoi64
__dllonexit
_onexit
??1type_info@@UEAA@XZ
?terminate@@YAXXZ
wcstok
strcmp
memset
wcsstr
wcspbrk
free
_wtol
wcschr
wcstoul
_wcsicmp
_ultow
memcmp
_vsnwprintf
_ui64tow_s
__RTDynamicCast
_ultow_s
swscanf
__CxxFrameHandler4
wcscmp
ntdll
NtQueryValueKey
NtEnumerateValueKey
RtlFreeHeap
RtlAppendUnicodeToString
RtlAppendUnicodeStringToString
RtlAllocateHeap
RtlCreateUnicodeString
NtOpenKey
RtlFormatCurrentUserKeyPath
RtlMultiByteToUnicodeN
RtlMultiByteToUnicodeSize
RtlUnicodeToMultiByteN
RtlEqualString
RtlEqualUnicodeString
NtFreeVirtualMemory
NtEnumerateKey
NtWriteFile
RtlIsTextUnicode
NtReadFile
NtAllocateVirtualMemory
NtUnlockFile
NtLockFile
NtCreateFile
RtlInitAnsiString
RtlFreeAnsiString
RtlCharToInteger
RtlUnicodeStringToAnsiString
NtQueryVolumeInformationFile
RtlInitUnicodeString
NtQueryInformationProcess
RtlNtStatusToDosError
NtCreatePagingFile
NtSetInformationFile
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
RtlValidRelativeSecurityDescriptor
RtlNumberOfSetBitsUlongPtr
NtPowerInformation
NtQuerySystemInformation
RtlIpv6StringToAddressW
RtlIpv4StringToAddressW
NtClose
NtFsControlFile
NtOpenFile
RtlFreeUnicodeString
RtlDosPathNameToNtPathName_U
NtQueryInformationFile
RtlIpv6AddressToStringW
RtlIpv4AddressToStringW
RtlWriteRegistryValue
RtlQueryRegistryValuesEx
RtlCheckPortableOperatingSystem
api-ms-win-core-sysinfo-l1-1-0
GetTickCount64
GetSystemTime
GetComputerNameExW
GetSystemTimeAsFileTime
GetSystemInfo
GetVersionExW
GetTickCount
GetLocalTime
GlobalMemoryStatusEx
GetLogicalProcessorInformationEx
GetWindowsDirectoryW
GetSystemDirectoryW
api-ms-win-core-registry-l1-1-0
RegOpenKeyExW
RegQueryValueExW
RegSetKeySecurity
RegCloseKey
RegEnumValueW
RegGetKeySecurity
RegUnLoadKeyW
RegLoadKeyW
RegQueryInfoKeyW
RegCreateKeyExW
RegDisablePredefinedCacheEx
RegEnumKeyExW
RegDeleteKeyExW
RegSetValueExW
api-ms-win-core-processthreads-l1-1-1
OpenProcess
IsProcessorFeaturePresent
api-ms-win-core-handle-l1-1-0
CloseHandle
api-ms-win-core-errorhandling-l1-1-0
RaiseException
SetUnhandledExceptionFilter
GetLastError
SetLastError
UnhandledExceptionFilter
api-ms-win-core-processthreads-l1-1-0
TerminateProcess
GetExitCodeProcess
GetThreadPriority
GetExitCodeThread
SetPriorityClass
OpenThreadToken
GetCurrentThread
OpenProcessToken
GetCurrentProcess
GetCurrentThreadId
GetCurrentProcessId
CreateThread
SetThreadPriority
CreateProcessAsUserW
SetThreadToken
api-ms-win-security-base-l1-1-0
GetSecurityDescriptorGroup
GetSecurityDescriptorDacl
GetSecurityDescriptorSacl
GetKernelObjectSecurity
PrivilegeCheck
CheckTokenMembership
GetSecurityDescriptorOwner
AllocateAndInitializeSid
MakeSelfRelativeSD
SetSecurityDescriptorSacl
IsValidSid
SetSecurityDescriptorDacl
GetSecurityDescriptorControl
AddAccessAllowedObjectAce
GetSecurityDescriptorLength
GetSidIdentifierAuthority
GetSidSubAuthorityCount
GetTokenInformation
GetSidSubAuthority
ImpersonateLoggedOnUser
RevertToSelf
GetLengthSid
CopySid
AddAccessDeniedObjectAce
FreeSid
AdjustTokenPrivileges
DuplicateTokenEx
CreateWellKnownSid
SetFileSecurityW
EqualSid
AddAuditAccessObjectAce
AddAce
GetAce
SetSecurityDescriptorControl
GetFileSecurityW
SetKernelObjectSecurity
InitializeAcl
SetSecurityDescriptorGroup
IsValidSecurityDescriptor
InitializeSecurityDescriptor
SetSecurityDescriptorOwner
api-ms-win-core-libraryloader-l1-2-0
DisableThreadLibraryCalls
LoadLibraryExW
FindStringOrdinal
GetModuleHandleW
GetProcAddress
GetModuleHandleExW
FreeLibrary
LoadLibraryExA
GetModuleFileNameA
LoadStringW
GetModuleFileNameW
api-ms-win-core-memory-l1-1-0
VirtualProtect
VirtualQuery
VirtualQueryEx
ReadProcessMemory
api-ms-win-core-processenvironment-l1-1-0
ExpandEnvironmentStringsW
api-ms-win-core-string-l1-1-0
MultiByteToWideChar
CompareStringW
WideCharToMultiByte
api-ms-win-core-file-l1-1-0
CreateFileW
GetLogicalDrives
FindNextFileW
GetDiskFreeSpaceExW
GetDiskFreeSpaceW
SetFileAttributesW
GetDriveTypeW
GetFileSize
ReadFile
FindClose
FindFirstFileW
RemoveDirectoryW
GetLogicalDriveStringsW
GetFileAttributesW
GetVolumePathNameW
GetFileType
DeleteFileW
QueryDosDeviceW
GetFileAttributesExW
GetVolumeInformationW
DefineDosDeviceW
api-ms-win-core-synch-l1-2-0
Sleep
api-ms-win-core-io-l1-1-0
DeviceIoControl
api-ms-win-core-string-obsolete-l1-1-0
lstrlenA
lstrcmpiW
lstrlenW
lstrcmpW
api-ms-win-core-file-l2-1-0
MoveFileExW
CopyFileExW
CreateDirectoryExW
api-ms-win-core-heap-l2-1-0
LocalAlloc
LocalFree
api-ms-win-core-kernel32-legacy-l1-1-0
SetVolumeLabelW
GetMaximumProcessorGroupCount
GetTapeParameters
api-ms-win-core-version-l1-1-0
VerQueryValueW
GetFileVersionInfoSizeExW
GetFileVersionInfoExW
api-ms-win-core-processtopology-obsolete-l1-1-0
GetActiveProcessorCount
api-ms-win-power-base-l1-1-0
PowerDeterminePlatformRoleEx
api-ms-win-core-timezone-l1-1-0
GetTimeZoneInformation
GetDynamicTimeZoneInformation
SetDynamicTimeZoneInformation
FileTimeToSystemTime
api-ms-win-core-sysinfo-l1-2-0
SetComputerNameExW
GetProductInfo
SetSystemTime
api-ms-win-core-processtopology-l1-1-0
SetThreadGroupAffinity
api-ms-win-core-profile-l1-1-0
QueryPerformanceFrequency
QueryPerformanceCounter
api-ms-win-core-largeinteger-l1-1-0
MulDiv
api-ms-win-core-synch-l1-1-0
CreateSemaphoreExW
InitializeCriticalSectionAndSpinCount
OpenSemaphoreW
DeleteCriticalSection
InitializeCriticalSectionEx
WaitForSingleObjectEx
ResetEvent
ReleaseSemaphore
InitializeCriticalSection
WaitForSingleObject
CreateEventW
EnterCriticalSection
LeaveCriticalSection
SetEvent
CreateMutexExW
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
AcquireSRWLockShared
ReleaseSRWLockShared
ReleaseMutex
WaitForMultipleObjectsEx
api-ms-win-core-localization-l1-2-0
GetUserDefaultLCID
IsDBCSLeadByte
GetLocaleInfoW
FormatMessageW
api-ms-win-core-com-l1-1-0
StringFromCLSID
StringFromGUID2
CoTaskMemFree
CoGetCallContext
CLSIDFromString
CoCreateInstance
CoUninitialize
CoInitializeEx
CoTaskMemAlloc
api-ms-win-core-file-l1-2-0
GetTempPathW
api-ms-win-core-heap-l1-1-0
HeapAlloc
GetProcessHeap
HeapFree
api-ms-win-core-psapi-l1-1-0
K32GetPerformanceInfo
api-ms-win-core-localization-obsolete-l1-2-0
EnumUILanguagesW
api-ms-win-core-string-l2-1-0
CharNextW
api-ms-win-core-comm-l1-1-0
GetCommProperties
GetCommState
api-ms-win-core-debug-l1-1-0
IsDebuggerPresent
OutputDebugStringW
DebugBreak
api-ms-win-core-threadpool-l1-2-0
CloseThreadpoolTimer
CreateThreadpoolTimer
WaitForThreadpoolTimerCallbacks
SetThreadpoolTimer
api-ms-win-core-apiquery-l1-1-0
ApiSetQueryApiSetPresence
framedynos
?NormalizePath@@YAKPEBG00KAEAVCHString@@@Z
?GetAllDerivedInstances@CWbemProviderGlue@@SAJPEBGPEAV?$TRefPointerCollection@VCInstance@@@@PEAVMethodContext@@0@Z
?GetBufferSetLength@CHString@@QEAAPEAGH@Z
?AddRef@CThreadBase@@QEAAJXZ
?Release@CThreadBase@@QEAAJXZ
??0WBEMTime@@QEAA@AEBUtm@@@Z
?FindOneOf@CHString@@QEBAHPEBG@Z
?RemoveAt@CHStringArray@@QEAAXHH@Z
??4WBEMTime@@QEAAAEBV0@QEAG@Z
?AllocSysString@CHString@@QEBAPEAGXZ
?GetEmptyInstance@CWbemProviderGlue@@SAJPEAVMethodContext@@PEBGPEAPEAVCInstance@@1@Z
?SetDMTF@WBEMTime@@QEAAHQEAG@Z
?GetCurrentBinaryKeyValue@CRegistry@@QEAAKPEBGAEAVCHString@@@Z
?GetDMTF@WBEMTime@@QEBAPEAGH@Z
??4WBEMTime@@QEAAAEBV0@AEBU_SYSTEMTIME@@@Z
?GetAllDerivedInstancesAsynch@CWbemProviderGlue@@SAJPEBGPEAVProvider@@P6AJ1PEAVCInstance@@PEAVMethodContext@@PEAX@Z034@Z
??0CFrameworkQuery@@QEAA@XZ
?GetLongestValueData@CRegistry@@QEAAKXZ
?TrimRight@CHString@@QEAAXXZ
?FormatV@CHString@@QEAAXPEBGPEAD@Z
?TrimLeft@CHString@@QEAAXXZ
?IsDerivedFrom@CWbemProviderGlue@@SA_NPEBG0PEAVMethodContext@@0@Z
?SetStatusObject@MethodContext@@QEAA_NPEAUIWbemClassObject@@@Z
?initFailed@Provider@@SAHXZ
?SetEmbeddedObject@CInstance@@QEAA_NPEBGAEAV1@@Z
?FrameworkLoginDLL@CWbemProviderGlue@@SAHPEBGPEAJ@Z
?FrameworkLogoffDLL@CWbemProviderGlue@@SAHPEBGPEAJ@Z
?Destroy@CWbemGlueFactory@@QEAAXXZ
?UnRegisterMessage@CWinMsgEvent@@IEAA_NIH@Z
?RegisterForMessage@CWinMsgEvent@@IEAAXIH@Z
??1CWinMsgEvent@@QEAA@XZ
?Create@CWbemGlueFactory@@SAPEAV1@PEAJ@Z
??0CWinMsgEvent@@QEAA@XZ
?SetAt@CHString@@QEAAXHG@Z
?GetSYSTEMTIME@WBEMTime@@QEBAHPEAU_SYSTEMTIME@@@Z
?IsOk@WBEMTime@@QEBA_NXZ
?GetDateTime@CInstance@@QEBA_NPEBGAEAVWBEMTime@@@Z
??0WBEMTime@@QEAA@XZ
??1CFrameworkQuery@@QEAA@XZ
?GetLocalOffsetForDate@WBEMTime@@SAJPEBU_SYSTEMTIME@@@Z
??0WBEMTime@@QEAA@AEBU_SYSTEMTIME@@@Z
?SetDOUBLE@CInstance@@QEAA_NPEBGN@Z
?SetCurrentKeyValue@CRegistry@@QEAAKPEBGAEAVCHStringArray@@@Z
?GetCurrentKeyValue@CRegistry@@QEAAKPEBGAEAVCHStringArray@@@Z
?LocalLogMessage@ProviderLog@@QEAAXPEBGHW4LogLevel@1@0ZZ
?captainsLog@@3VProviderLog@@A
?LocalLogMessage@ProviderLog@@QEAAXPEBG0HW4LogLevel@1@@Z
??0Provider@@QEAA@PEBG0@Z
??1Provider@@UEAA@XZ
??0CHString@@QEAA@XZ
?GetAt@CHString@@QEBAGH@Z
?GetCHString@CInstance@@QEBA_NPEBGAEAVCHString@@@Z
?CompareNoCase@CHString@@QEBAHPEBG@Z
??BCHString@@QEBAPEBGXZ
?SetDWORD@CInstance@@QEAA_NPEBGK@Z
?SetCHString@CInstance@@QEAA_NPEBGAEBVCHString@@@Z
?Setbool@CInstance@@QEAA_NPEBG_N@Z
?CreateNewInstance@Provider@@IEAAPEAVCInstance@@PEAVMethodContext@@@Z
?Commit@CInstance@@QEAAJXZ
?GetBuffer@CHString@@QEAAPEAGH@Z
?ReleaseBuffer@CHString@@QEAAXH@Z
?Find@CHString@@QEBAHPEBG@Z
??4CHString@@QEAAAEBV0@AEBV0@@Z
?Mid@CHString@@QEBA?AV1@H@Z
?GetLength@CHString@@QEBAHXZ
?GetMethodContext@CInstance@@QEBAPEAVMethodContext@@XZ
?Format@CHString@@QEAAXPEBGZZ
?GetInstancesByQuery@CWbemProviderGlue@@SAJPEBGPEAV?$TRefPointerCollection@VCInstance@@@@PEAVMethodContext@@0@Z
?GetNamespace@Provider@@IEAAAEBVCHString@@XZ
??0CRegistry@@QEAA@XZ
??1CRegistry@@QEAA@XZ
?Open@CRegistry@@QEAAJPEAUHKEY__@@PEBGK@Z
?GetCurrentKeyValue@CRegistry@@QEAAKPEBGAEAK@Z
?IsPropertyRequired@CFrameworkQuery@@QEAA_NPEBG@Z
?Left@CHString@@QEBA?AV1@H@Z
?ReverseFind@CHString@@QEBAHG@Z
??0CHString@@QEAA@AEBV0@@Z
??YCHString@@QEAAAEBV0@PEBG@Z
?Release@CInstance@@QEAAJXZ
??0CThreadBase@@QEAA@W4THREAD_SAFETY_MECHANISM@0@@Z
??1CThreadBase@@UEAA@XZ
??0CHPtrArray@@QEAA@XZ
??1CHPtrArray@@QEAA@XZ
?BeginRead@CThreadBase@@QEAAHK@Z
?GetSize@CHPtrArray@@QEBAHXZ
?GetAt@CHPtrArray@@QEBAPEAXH@Z
?AddRef@CInstance@@QEAAJXZ
?EndRead@CThreadBase@@QEAAXXZ
?BeginWrite@CThreadBase@@QEAAHK@Z
??ACHPtrArray@@QEAAAEAPEAXH@Z
?RemoveAll@CHPtrArray@@QEAAXXZ
?EndWrite@CThreadBase@@QEAAXXZ
?OnFinalRelease@CThreadBase@@MEAAXXZ
?PutInstance@Provider@@MEAAJAEBVCInstance@@J@Z
?DeleteInstance@Provider@@MEAAJAEBVCInstance@@J@Z
?ExecMethod@Provider@@MEAAJAEBVCInstance@@QEAGPEAV2@2J@Z
?GetObject@Provider@@MEAAJPEAVCInstance@@J@Z
?Flush@Provider@@MEAAXXZ
?ValidateEnumerationFlags@Provider@@MEAAJJ@Z
?ValidateGetObjFlags@Provider@@MEAAJJ@Z
?ValidateMethodFlags@Provider@@MEAAJJ@Z
?ValidateQueryFlags@Provider@@MEAAJJ@Z
?ValidateDeletionFlags@Provider@@MEAAJJ@Z
?ValidatePutInstanceFlags@Provider@@MEAAJJ@Z
?SetCharSplat@CInstance@@QEAA_NPEBG0@Z
??0WBEMTime@@QEAA@AEB_J@Z
?SetDateTime@CInstance@@QEAA_NPEBGAEBVWBEMTime@@@Z
?IsNull@CInstance@@QEBA_NPEBG@Z
?GetDWORD@CInstance@@QEBA_NPEBGAEAK@Z
?GethKey@CRegistry@@QEAAPEAUHKEY__@@XZ
?GetObject@Provider@@MEAAJPEAVCInstance@@JAEAVCFrameworkQuery@@@Z
?ExecQuery@Provider@@MEAAJPEAVMethodContext@@AEAVCFrameworkQuery@@J@Z
?KeysOnly@CFrameworkQuery@@QEAA_NXZ
?SetWCHARSplat@CInstance@@QEAA_NPEBG0@Z
?SetCreationClassName@Provider@@IEAA_NPEAVCInstance@@@Z
?GetLocalComputerName@Provider@@IEAAAEBVCHString@@XZ
?SetWBEMINT64@CInstance@@QEAA_NPEBG_K@Z
??0WBEMTime@@QEAA@AEBU_FILETIME@@@Z
??0CHString@@QEAA@PEBG@Z
?IsEmpty@CHString@@QEBAHXZ
?Compare@CHString@@QEBAHPEBG@Z
??H@YA?AVCHString@@AEBV0@0@Z
?Close@CRegistry@@QEAAXXZ
?GetStatus@CInstance@@QEBA_NPEBGAEA_NAEAG@Z
?GetEmbeddedObject@CInstance@@QEBA_NPEBGPEAPEAV1@PEAVMethodContext@@@Z
?GetStringArray@CInstance@@QEBA_NPEBGAEAPEAUtagSAFEARRAY@@@Z
??H@YA?AVCHString@@AEBV0@PEBG@Z
??H@YA?AVCHString@@PEBGAEBV0@@Z
?GetInstanceByPath@CWbemProviderGlue@@SAJPEBGPEAPEAVCInstance@@PEAVMethodContext@@@Z
??4CHString@@QEAAAEBV0@PEBD@Z
??0CHStringArray@@QEAA@XZ
??1CHStringArray@@QEAA@XZ
?Add@CHStringArray@@QEAAHPEBG@Z
?GetSize@CHStringArray@@QEBAHXZ
?GetAt@CHStringArray@@QEBA?AVCHString@@H@Z
?GetValueCount@CRegistry@@QEAAKXZ
?EnumerateAndGetValues@CRegistry@@QEAAJAEAKAEAPEAGAEAPEAE@Z
??ACHStringArray@@QEAAAEAVCHString@@H@Z
??4CHString@@QEAAAEBV0@PEBG@Z
?SetStatusObject@CWbemProviderGlue@@SA_NPEAVMethodContext@@PEBG1JPEBUtagSAFEARRAY@@2@Z
?MakeUpper@CHString@@QEAAXXZ
?SetWBEMINT64@CInstance@@QEAA_NPEBG_J@Z
?SetCHString@CInstance@@QEAA_NPEBG0@Z
?MakeLower@CHString@@QEAAXXZ
?Getbool@CInstance@@QEBA_NPEBGAEA_N@Z
?GetWCHAR@CInstance@@QEBA_NPEBGPEAPEAG@Z
?SetSize@CHPtrArray@@QEAAXHH@Z
?GetPropertyBitMask@CFrameworkQueryEx@@QEAAXAEBVCHPtrArray@@PEAX@Z
?GetValuesForProp@CFrameworkQuery@@QEAAJPEBGAEAV?$vector@V_bstr_t@@V?$allocator@V_bstr_t@@@std@@@std@@@Z
?GetInstanceKeysByPath@CWbemProviderGlue@@SAJPEBGPEAPEAVCInstance@@PEAVMethodContext@@@Z
?GetValuesForProp@CFrameworkQuery@@QEAAJPEBGAEAVCHStringArray@@@Z
?SpanExcluding@CHString@@QEBA?AV1@PEBG@Z
?SetWBEMINT16@CInstance@@QEAA_NPEBGAEBF@Z
?SetVariant@CInstance@@QEAA_NPEBGAEBUtagVARIANT@@@Z
?GetLocalInstancePath@Provider@@IEAA_NPEBVCInstance@@AEAVCHString@@@Z
?Find@CHString@@QEBAHG@Z
?Mid@CHString@@QEBA?AV1@HH@Z
?GetCurrentKeyValue@CRegistry@@QEAAKPEBGAEAVCHString@@@Z
?SetStringArray@CInstance@@QEAA_NPEBGAEBUtagSAFEARRAY@@@Z
?Empty@CHString@@QEAAXXZ
?SetByte@CInstance@@QEAA_NPEBGE@Z
?GetWBEMINT64@CInstance@@QEBA_NPEBGAEA_K@Z
?OpenCurrentUser@CRegistry@@QEAAKPEBGK@Z
?GetByte@CInstance@@QEBA_NPEBGAEAE@Z
?Right@CHString@@QEBA?AV1@H@Z
?Add@CHPtrArray@@QEAAHPEAX@Z
??0CHString@@QEAA@PEBD@Z
?SetWBEMINT64@CInstance@@QEAA_NPEBGAEBVCHString@@@Z
?OpenAndEnumerateSubKeys@CRegistry@@QEAAJPEAUHKEY__@@PEBGK@Z
?GetCurrentSubKeyName@CRegistry@@QEAAKAEAVCHString@@@Z
?NextSubKey@CRegistry@@QEAAKXZ
??YCHString@@QEAAAEBV0@AEBV0@@Z
??YCHString@@QEAAAEBV0@G@Z
??0CObjectPathParser@@QEAA@W4ObjectParserFlags@@@Z
??1CObjectPathParser@@QEAA@XZ
?Parse@CObjectPathParser@@QEAAHPEBGPEAPEAUParsedObjectPath@@@Z
?IsInstance@ParsedObjectPath@@QEAAHXZ
?Free@CObjectPathParser@@QEAAXPEAUParsedObjectPath@@@Z
??0CHString@@QEAA@GH@Z
?CreateOpen@CRegistry@@QEAAJPEAUHKEY__@@PEBGPEAGKKPEAU_SECURITY_ATTRIBUTES@@PEAK@Z
?SetCurrentKeyValue@CRegistry@@QEAAKPEBGAEAK@Z
?OpenLocalMachineKeyAndReadValue@CRegistry@@QEAAJPEBG0AEAVCHString@@@Z
?GetWBEMINT16@CInstance@@QEBA_NPEBGAEAF@Z
?DeleteValue@CRegistry@@QEAAJPEBG@Z
?GetVariant@CInstance@@QEBA_NPEBGAEAUtagVARIANT@@@Z
?Is3TokenOR@CFrameworkQueryEx@@QEAAHPEBG0AEAUtagVARIANT@@1@Z
??ACHStringArray@@QEBA?AVCHString@@H@Z
?SetSize@CHStringArray@@QEAAXHH@Z
?GetCurrentSubKeyCount@CRegistry@@QEAAKXZ
?SetAt@CHStringArray@@QEAAXHPEBG@Z
?RemoveAll@CHStringArray@@QEAAXXZ
?GetCurrentBinaryKeyValue@CRegistry@@QEAAKPEBGPEAEPEAK@Z
?GetWBEMINT64@CInstance@@QEBA_NPEBGAEA_J@Z
?GetInstancePropertiesByPath@CWbemProviderGlue@@SAJPEBGPEAPEAVCInstance@@PEAVMethodContext@@AEAVCHStringArray@@@Z
??ACHString@@QEBAGH@Z
?SetCHString@CInstance@@QEAA_NPEBGPEBD@Z
?IsLoggingOn@ProviderLog@@QEAA?AW4LogLevel@1@PEAVCHString@@@Z
??0ParsedObjectPath@@QEAA@XZ
??1ParsedObjectPath@@QEAA@XZ
?SetClassName@ParsedObjectPath@@QEAAHPEBG@Z
?AddKeyRef@ParsedObjectPath@@QEAAHPEBGPEBUtagVARIANT@@@Z
?Unparse@CObjectPathParser@@SAHPEAUParsedObjectPath@@PEAPEAG@Z
??H@YA?AVCHString@@AEBV0@G@Z
?SetCurrentKeyValue@CRegistry@@QEAAKPEBGAEAVCHString@@@Z
?DeleteCurrentKeyValue@CRegistry@@QEAAKPEBG@Z
?EnumerateInstances@Provider@@MEAAJPEAVMethodContext@@J@Z
?GetValuesForProp@CFrameworkQueryEx@@QEAAJPEBGAEAV?$vector@V_variant_t@@V?$allocator@V_variant_t@@@std@@@std@@@Z
?MakeLocalPath@Provider@@IEAA?AVCHString@@AEBV2@@Z
?GetInstancesByQueryAsynch@CWbemProviderGlue@@SAJPEBGPEAVProvider@@P6AJ1PEAVCInstance@@PEAVMethodContext@@PEAX@Z034@Z
?IsNTokenAnd@CFrameworkQueryEx@@QEAAHAEAVCHStringArray@@AEAVCHPtrArray@@@Z
?GetDMTFNonNtfs@WBEMTime@@QEBAPEAGXZ
?GetProviderName@Provider@@IEAAAEBVCHString@@XZ
??YCHString@@QEAAAEBV0@D@Z
?SetAtGrow@CHStringArray@@QEAAXHPEBG@Z
?GetCurrentSubKeyPath@CRegistry@@QEAAKAEAVCHString@@@Z
?GetValuesForProp@CFrameworkQueryEx@@QEAAJPEBGAEAV?$vector@HV?$allocator@H@std@@@std@@@Z
?SetWORD@CInstance@@QEAA_NPEBGG@Z
?GetAllInstances@CWbemProviderGlue@@SAJPEBGPEAV?$TRefPointerCollection@VCInstance@@@@0PEAVMethodContext@@@Z
?GetClassObjectInterface@CInstance@@QEAAPEAUIWbemClassObject@@XZ
??0CInstance@@QEAA@PEAUIWbemClassObject@@PEAVMethodContext@@@Z
??1CInstance@@UEAA@XZ
?SetTimeSpan@CInstance@@QEAA_NPEBGAEBVWBEMTimeSpan@@@Z
??0WBEMTimeSpan@@QEAA@HHHHHHH@Z
?GetCurrentSubKeyValue@CRegistry@@QEAAKPEBGAEAVCHString@@@Z
?GetWORD@CInstance@@QEBA_NPEBGAEAG@Z
??1CHString@@QEAA@XZ
api-ms-win-core-shlwapi-legacy-l1-1-0
PathFileExistsW
api-ms-win-security-lsapolicy-l1-1-0
LsaOpenPolicy
LsaFreeMemory
LsaQueryInformationPolicy
LsaClose
Exports
Exports
??0CTcpMib@@QEAA@AEBV0@@Z
??0CTcpMib@@QEAA@XZ
??1CTcpMib@@UEAA@XZ
??4CTcpMib@@QEAAAEAV0@AEBV0@@Z
??_7CTcpMib@@6B@
?MySecurityDescriptor@@3VWin32SecurityDescriptor@@A
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
GetSDFromWin32SecurityDescriptor
SetWin32SecurityDescriptorFromSD
Sections
.text Size: 1.3MB - Virtual size: 1.3MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 480KB - Virtual size: 479KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 16KB - Virtual size: 38KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 52KB - Virtual size: 49KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.didat Size: 4KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 4KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 12KB - Virtual size: 10KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ