356718348bcea435440e1eff66f69846adba5bfcd54c0ef651ddc417fc4b768c

Sharing

Copy URL

Twitter E-mail

General

Target

356718348bcea435440e1eff66f69846adba5bfcd54c0ef651ddc417fc4b768c
Size

35.2MB
MD5

9197cc137bc572fd352583a07e72f7d0
SHA1

a01cbc892bcc80b3bfbfd4da71c66b777f895ee5
SHA256

356718348bcea435440e1eff66f69846adba5bfcd54c0ef651ddc417fc4b768c
SHA512

d38ce9638e3318a3f53bdfa842f979706dc6386943d455fc8d857e963ce626f1c0655a1eec3e49e10311edb33e4b25afb2e8116ef5c99bc4225a13879acdca18
SSDEEP

786432:6HsIwWlWG/aPLI507wAfdXSqa/q49k40o84KGN9EYjodJmcZ:KNl4DI5kwAfa/qgjKEb52

Score

3^/10

Malware Config

Signatures

Unsigned PE 19 IoCs

Checks for missing Authenticode signature.

resource
unpack001/x64__setup__build_18957/Sysprep/en-US/sysprep.exe.mui
unpack001/x64__setup__build_18957/Sysprep/sysprep.exe
unpack001/x64__setup__build_18957/fmapi/SEMgrPS.dll
unpack001/x64__setup__build_18957/fmapi/fmapi.dll
unpack001/x64__setup__build_18957/fmapi/sppnp.dll
unpack001/x64__setup__build_18957/fmapi/tzautoupdate.dll
unpack001/x64__setup__build_18957/hal/KBDKOR.DLL
unpack001/x64__setup__build_18957/hal/duser.dll
unpack001/x64__setup__build_18957/hal/fontext.dll
unpack001/x64__setup__build_18957/msvcp140/PeopleAPIs.dll
unpack001/x64__setup__build_18957/msvcp140/ngccredprov.dll
unpack001/x64__setup__build_18957/msvcp140/provdatastore.dll
unpack001/x64__setup__build_18957/spoolss/MSAMRNBSource.dll
unpack001/x64__setup__build_18957/spoolss/ReportingCSP.dll
unpack001/x64__setup__build_18957/spoolss/spoolss.dll
unpack001/x64__setup__build_18957/spoolss/stobject.dll
unpack001/x64__setup__build_18957/sysmain/eapphost.dll
unpack001/x64__setup__build_18957/sysmain/shacct.dll
unpack001/x64__setup__build_18957/sysmain/sysmain.dll

Files

356718348bcea435440e1eff66f69846adba5bfcd54c0ef651ddc417fc4b768c
.zip
x64__setup__build_18957/Sysprep/ActionFiles/Cleanup.xml
x64__setup__build_18957/Sysprep/ActionFiles/Generalize.xml
x64__setup__build_18957/Sysprep/ActionFiles/Respecialize.xml
x64__setup__build_18957/Sysprep/ActionFiles/Specialize.xml
x64__setup__build_18957/Sysprep/en-US/sysprep.exe.mui
.dll windows:10 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.rdata
Size: 512B - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
x64__setup__build_18957/Sysprep/sysprep.exe
.exe windows:10 windows x64 arch:x64

26cecc77a14868febc547a3a952471c1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

sysprep.pdb

Imports

advapi32

RegDeleteValueW
RegOpenKeyExW
UnregisterTraceGuids
RegisterTraceGuidsW
GetTraceEnableLevel
RegSetValueExW
GetTraceEnableFlags
GetTraceLoggerHandle
RegCloseKey
TraceEvent
EventWriteTransfer
EventRegister
EventUnregister
InitiateSystemShutdownExW
EnableTrace
RegSetKeyValueW
StartTraceW
ControlTraceW
RegQueryInfoKeyW
LookupPrivilegeValueW
AdjustTokenPrivileges
OpenProcessToken
RegDeleteKeyExW
RegFlushKey
RegEnumKeyExW
RegDeleteTreeW
RegEnumValueW
RegQueryValueExW
QueryServiceStatus
CloseServiceHandle
NotifyServiceStatusChangeW
ControlService
EnumDependentServicesW
StartServiceW
OpenServiceW
RegCreateKeyExW
OpenSCManagerW

kernel32

CreateMutexW
GetEnvironmentStringsW
GlobalMemoryStatusEx
GetComputerNameW
GetSystemDefaultLangID
FreeEnvironmentStringsW
GetLogicalDrives
GetTempFileNameW
FindNextFileNameW
FindFirstFileNameW
GetFileTime
MoveFileExW
GetWindowsDirectoryW
GetFileAttributesExW
GetSystemDirectoryW
LocalAlloc
SetErrorMode
SetFileTime
RemoveDirectoryW
OutputDebugStringA
DebugBreak
HeapCompact
HeapReAlloc
HeapValidate
ReleaseMutex
GetFileSize
SetEndOfFile
SetFilePointer
WriteFile
GetModuleHandleExW
VirtualQuery
ExitProcess
GlobalAlloc
LoadResource
FindResourceExW
LockResource
MultiByteToWideChar
WideCharToMultiByte
SizeofResource
WritePrivateProfileStringW
GetExitCodeProcess
CreateProcessW
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
GetModuleFileNameW
GetFinalPathNameByHandleW
GetLongPathNameW
GetFullPathNameW
CreateDirectoryW
GetCurrentDirectoryW
IsWow64Process
ReadFile
HeapSize
HeapDestroy
RaiseException
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
WakeAllConditionVariable
SleepConditionVariableSRW
GetModuleHandleW
SetThreadExecutionState
GetProcessHeap
LocalFree
GetProcAddress
GetLocalTime
HeapAlloc
CreateThread
CloseHandle
SetEvent
GetLastError
FormatMessageW
Sleep
CreateEventW
GetVersionExW
WaitForSingleObject
HeapFree
GetFileType
GetStartupInfoW
SetUnhandledExceptionFilter
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
GetTickCount
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetFileAttributesW
FreeLibrary
LoadLibraryW
SetLastError
GetCommandLineW
ExpandEnvironmentStringsW
SetEnvironmentVariableW
GetEnvironmentVariableW
SleepEx
LoadLibraryExW
CompareStringW
GetFileInformationByHandleEx
FindFirstFileW
FindNextFileW
DeviceIoControl
GetTempPathW
FindClose
CreateFileW
SetFileAttributesW
GetFileInformationByHandle
SetFileInformationByHandle
DeleteFileW
CopyFileExW
FlushFileBuffers
GetSystemInfo

user32

SetWindowLongPtrW
CreateDialogParamW
DestroyWindow
SystemParametersInfoW
CharPrevW
SendMessageW
EndDialog
MsgWaitForMultipleObjects
ShowWindow
DispatchMessageW
PeekMessageW
ShutdownBlockReasonCreate
IsDlgButtonChecked
TranslateMessage
GetDlgItem
DialogBoxParamW
ShutdownBlockReasonDestroy
EnableWindow
LoadStringW
UnregisterClassA
CharNextW

msvcrt

wcschr
wcsrchr
_wcsicmp
_wcsnicmp
_vsnprintf
_vscwprintf
towupper
_wcsicoll
memcpy_s
_wcsrev
iswspace
vswprintf_s
wcspbrk
wcsstr
_wcsupr_s
wcsspn
_wcslwr_s
wcscoll
wcscspn
iswprint
wcsncmp
__RTtypeid
malloc
printf
towlower
iswalpha
wcsncpy_s
wcstol
??0exception@@QEAA@AEBV0@@Z
??1exception@@UEAA@XZ
?what@exception@@UEBAPEBDXZ
_callnewh
_CxxThrowException
_XcptFilter
_amsg_exit
__getmainargs
__set_app_type
exit
_exit
_cexit
_ismbblead
__setusermatherr
memmove_s
free
_initterm
__C_specific_handler
??0exception@@QEAA@AEBQEBDH@Z
?name@type_info@@QEBAPEBDXZ
_purecall
calloc
_wtoi64
__CxxFrameHandler3
_acmdln
_fmode
_commode
_lock
_unlock
__dllonexit
_onexit
?terminate@@YAXXZ
??1type_info@@UEAA@XZ
__RTDynamicCast
memcpy
memmove
memset
_vsnwprintf
wcscmp

ntdll

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
RtlGetThreadErrorMode
NtSetSystemInformation
RtlDosPathNameToRelativeNtPathName_U_WithStatus
NtQuerySystemInformation
RtlGetVersion
RtlFreeHeap
RtlAllocateHeap
RtlNtStatusToDosError
NtSetInformationFile
RtlSetThreadErrorMode

ole32

CreateStreamOnHGlobal
CoUninitialize
CoSetProxyBlanket
CoCreateInstance
CoTaskMemFree
CoInitialize
CoInitializeEx

actionqueue

ProcessActionQueue
GenerateActionQueue

unattend

UnattendCtxOpenNode
UnattendAddResults
UnattendCtxSerializeSettingsStream
UnattendCtxSerialize
UnattendCtxDeserializeWithResults
UnattendFreeResults
UnattendFindAnswerFileWithResults
UnattendCtxBeginModify
UnattendFreeNode
UnattendCtxCleanup
UnattendMarkPassUsedInCtx
UnattendCtxCommitModify
UnattendCtxCancelModify
UnattendCtxReplaceMatchedNodesWithText

wdscore

CurrentIP
ConstructPartialMsgVW
WdsTerminate
WdsInitialize
WdsSetupLogMessageW

shlwapi

PathRemoveFileSpecW

oleaut32

SysAllocStringLen
SysFreeString
VariantClear
VariantChangeType
VariantInit
SysReAllocStringLen
SysAllocString

comctl32

InitCommonControlsEx

setupapi

pSetupDoesUserHavePrivilege

rpcrt4

UuidFromStringW

xmllite

CreateXmlReader

Exports

Exports

??0?$Array@E@UnBCL@@IEAA@XZ
??0?$Array@E@UnBCL@@QEAA@AEBV01@@Z
??0?$Array@E@UnBCL@@QEAA@HH@Z
??0?$Array@E@UnBCL@@QEAA@PEBU?$ICollection@E@1@@Z
??0?$Array@G@UnBCL@@IEAA@XZ
??0?$Array@G@UnBCL@@QEAA@AEBV01@@Z
??0?$Array@G@UnBCL@@QEAA@HH@Z
??0?$Array@G@UnBCL@@QEAA@PEBU?$ICollection@G@1@@Z
??0?$Array@H@UnBCL@@IEAA@XZ
??0?$Array@H@UnBCL@@QEAA@AEBV01@@Z
??0?$Array@H@UnBCL@@QEAA@HH@Z
??0?$Array@H@UnBCL@@QEAA@PEBU?$ICollection@H@1@@Z
??0?$Array@PEAVObject@UnBCL@@@UnBCL@@IEAA@XZ
??0?$Array@PEAVObject@UnBCL@@@UnBCL@@QEAA@AEBV01@@Z
??0?$Array@PEAVObject@UnBCL@@@UnBCL@@QEAA@HH@Z
??0?$Array@PEAVObject@UnBCL@@@UnBCL@@QEAA@PEBU?$ICollection@PEAVObject@UnBCL@@@1@@Z
??0?$Array@PEAVString@UnBCL@@@UnBCL@@IEAA@XZ
??0?$Array@PEAVString@UnBCL@@@UnBCL@@QEAA@AEBV01@@Z
??0?$Array@PEAVString@UnBCL@@@UnBCL@@QEAA@HH@Z
??0?$Array@PEAVString@UnBCL@@@UnBCL@@QEAA@PEBU?$ICollection@PEAVString@UnBCL@@@1@@Z
??0?$ArrayList@G@UnBCL@@AEAA@AEBV01@@Z
??0?$ArrayList@G@UnBCL@@QEAA@HH@Z
??0?$ArrayList@G@UnBCL@@QEAA@PEBU?$ICollection@G@1@@Z
??0?$ArrayList@G@UnBCL@@QEAA@XZ
??0?$ArrayList@PEAVString@UnBCL@@@UnBCL@@AEAA@AEBV01@@Z
??0?$ArrayList@PEAVString@UnBCL@@@UnBCL@@QEAA@HH@Z
??0?$ArrayList@PEAVString@UnBCL@@@UnBCL@@QEAA@PEBU?$ICollection@PEAVString@UnBCL@@@1@@Z
??0?$ArrayList@PEAVString@UnBCL@@@UnBCL@@QEAA@XZ
??0?$CSimpleStringT@G$0A@@ATL@@QEAA@AEBV01@@Z
??0?$CSimpleStringT@G$0A@@ATL@@QEAA@AEBV?$CSimpleStringT@G$00@1@@Z
??0?$CSimpleStringT@G$0A@@ATL@@QEAA@PEAUIAtlStringMgr@1@@Z
??0?$CSimpleStringT@G$0A@@ATL@@QEAA@PEBGHPEAUIAtlStringMgr@1@@Z
??0?$CSimpleStringT@G$0A@@ATL@@QEAA@PEBGPEAUIAtlStringMgr@1@@Z
??0?$CStringT@GV?$StrTraitATL@GV?$ChTraitsCRT@G@ATL@@@ATL@@@ATL@@QEAA@AEBUtagVARIANT@@@Z
??0?$CStringT@GV?$StrTraitATL@GV?$ChTraitsCRT@G@ATL@@@ATL@@@ATL@@QEAA@AEBUtagVARIANT@@PEAUIAtlStringMgr@1@@Z
??0?$CStringT@GV?$StrTraitATL@GV?$ChTraitsCRT@G@ATL@@@ATL@@@ATL@@QEAA@AEBV01@@Z
??0?$CStringT@GV?$StrTraitATL@GV?$ChTraitsCRT@G@ATL@@@ATL@@@ATL@@QEAA@DH@Z
??0?$CStringT@GV?$StrTraitATL@GV?$ChTraitsCRT@G@ATL@@@ATL@@@ATL@@QEAA@GH@Z
??0?$CStringT@GV?$StrTraitATL@GV?$ChTraitsCRT@G@ATL@@@ATL@@@ATL@@QEAA@PEAUIAtlStringMgr@1@@Z
??0?$CStringT@GV?$StrTraitATL@GV?$ChTraitsCRT@G@ATL@@@ATL@@@ATL@@QEAA@PEBD@Z
??0?$CStringT@GV?$StrTraitATL@GV?$ChTraitsCRT@G@ATL@@@ATL@@@ATL@@QEAA@PEBDH@Z
??0?$CStringT@GV?$StrTraitATL@GV?$ChTraitsCRT@G@ATL@@@ATL@@@ATL@@QEAA@PEBDHPEAUIAtlStringMgr@1@@Z
??0?$CStringT@GV?$StrTraitATL@GV?$ChTraitsCRT@G@ATL@@@ATL@@@ATL@@QEAA@PEBDPEAUIAtlStringMgr@1@@Z
??0?$CStringT@GV?$StrTraitATL@GV?$ChTraitsCRT@G@ATL@@@ATL@@@ATL@@QEAA@PEBE@Z
??0?$CStringT@GV?$StrTraitATL@GV?$ChTraitsCRT@G@ATL@@@ATL@@@ATL@@QEAA@PEBEPEAUIAtlStringMgr@1@@Z
??0?$CStringT@GV?$StrTraitATL@GV?$ChTraitsCRT@G@ATL@@@ATL@@@ATL@@QEAA@PEBG@Z
??0?$CStringT@GV?$StrTraitATL@GV?$ChTraitsCRT@G@ATL@@@ATL@@@ATL@@QEAA@PEBGH@Z
??0?$CStringT@GV?$StrTraitATL@GV?$ChTraitsCRT@G@ATL@@@ATL@@@ATL@@QEAA@PEBGHPEAUIAtlStringMgr@1@@Z
??0?$CStringT@GV?$StrTraitATL@GV?$ChTraitsCRT@G@ATL@@@ATL@@@ATL@@QEAA@PEBGPEAUIAtlStringMgr@1@@Z
??0?$CStringT@GV?$StrTraitATL@GV?$ChTraitsCRT@G@ATL@@@ATL@@@ATL@@QEAA@XZ
??0?$CollectionBase@PEAVObject@UnBCL@@@UnBCL@@IEAA@XZ
??0?$CollectionBase@PEAVObject@UnBCL@@@UnBCL@@QEAA@AEBV01@@Z
??0?$Hashtable@PEAVString@UnBCL@@PEAV12@@UnBCL@@QEAA@AEBV01@@Z
??0?$Hashtable@PEAVString@UnBCL@@PEAV12@@UnBCL@@QEAA@H@Z
??0?$Hashtable@PEAVString@UnBCL@@PEAV12@@UnBCL@@QEAA@HH@Z
??0?$Hashtable@PEAVString@UnBCL@@PEAV12@@UnBCL@@QEAA@PEBU?$IDictionary@PEAVString@UnBCL@@PEAV12@@1@@Z
??0?$Hashtable@PEAVString@UnBCL@@PEAV12@@UnBCL@@QEAA@XZ
??0?$ICollection@E@UnBCL@@QEAA@AEBU01@@Z
??0?$ICollection@E@UnBCL@@QEAA@XZ
??0?$ICollection@G@UnBCL@@QEAA@AEBU01@@Z
??0?$ICollection@G@UnBCL@@QEAA@XZ
??0?$ICollection@H@UnBCL@@QEAA@AEBU01@@Z
??0?$ICollection@H@UnBCL@@QEAA@XZ
??0?$ICollection@PEAVObject@UnBCL@@@UnBCL@@QEAA@AEBU01@@Z
??0?$ICollection@PEAVObject@UnBCL@@@UnBCL@@QEAA@XZ
??0?$ICollection@PEAVString@UnBCL@@@UnBCL@@QEAA@AEBU01@@Z
??0?$ICollection@PEAVString@UnBCL@@@UnBCL@@QEAA@XZ
??0?$ICollection@V?$DictionaryEntry@PEAVString@UnBCL@@PEAV12@@UnBCL@@@UnBCL@@QEAA@AEBU01@@Z
??0?$ICollection@V?$DictionaryEntry@PEAVString@UnBCL@@PEAV12@@UnBCL@@@UnBCL@@QEAA@XZ
??0?$IComparer@PEAVString@UnBCL@@@UnBCL@@QEAA@AEBU01@@Z
??0?$IComparer@PEAVString@UnBCL@@@UnBCL@@QEAA@XZ
??0?$IDictionary@PEAVString@UnBCL@@PEAV12@@UnBCL@@QEAA@AEBU01@@Z
??0?$IDictionary@PEAVString@UnBCL@@PEAV12@@UnBCL@@QEAA@XZ
??0?$IEnumerable@E@UnBCL@@QEAA@AEBU01@@Z
??0?$IEnumerable@E@UnBCL@@QEAA@XZ
??0?$IEnumerable@G@UnBCL@@QEAA@AEBU01@@Z
??0?$IEnumerable@G@UnBCL@@QEAA@XZ
??0?$IEnumerable@H@UnBCL@@QEAA@AEBU01@@Z
??0?$IEnumerable@H@UnBCL@@QEAA@XZ
??0?$IEnumerable@PEAVObject@UnBCL@@@UnBCL@@QEAA@AEBU01@@Z
??0?$IEnumerable@PEAVObject@UnBCL@@@UnBCL@@QEAA@XZ
??0?$IEnumerable@PEAVString@UnBCL@@@UnBCL@@QEAA@AEBU01@@Z
??0?$IEnumerable@PEAVString@UnBCL@@@UnBCL@@QEAA@XZ
??0?$IEnumerable@PEBG@UnBCL@@QEAA@AEBU01@@Z
??0?$IEnumerable@PEBG@UnBCL@@QEAA@XZ
??0?$IEnumerable@V?$DictionaryEntry@PEAVString@UnBCL@@PEAV12@@UnBCL@@@UnBCL@@QEAA@AEBU01@@Z
??0?$IEnumerable@V?$DictionaryEntry@PEAVString@UnBCL@@PEAV12@@UnBCL@@@UnBCL@@QEAA@XZ
??0?$IList@E@UnBCL@@QEAA@AEBU01@@Z
??0?$IList@E@UnBCL@@QEAA@XZ
??0?$IList@G@UnBCL@@QEAA@AEBU01@@Z
??0?$IList@G@UnBCL@@QEAA@XZ
??0?$IList@H@UnBCL@@QEAA@AEBU01@@Z
??0?$IList@H@UnBCL@@QEAA@XZ
??0?$IList@PEAVObject@UnBCL@@@UnBCL@@QEAA@AEBU01@@Z
??0?$IList@PEAVObject@UnBCL@@@UnBCL@@QEAA@XZ
??0?$IList@PEAVString@UnBCL@@@UnBCL@@QEAA@AEBU01@@Z
??0?$IList@PEAVString@UnBCL@@@UnBCL@@QEAA@XZ
??0?$SerializableArrayBase@E@_@UnBCL@@QEAA@AEBV012@@Z
??0?$SerializableArrayBase@E@_@UnBCL@@QEAA@XZ
??0?$SerializableArrayBase@G@_@UnBCL@@QEAA@AEBV012@@Z
??0?$SerializableArrayBase@G@_@UnBCL@@QEAA@XZ
??0?$SerializableArrayBase@H@_@UnBCL@@QEAA@AEBV012@@Z
??0?$SerializableArrayBase@H@_@UnBCL@@QEAA@XZ
??0?$SerializableArrayBase@PEAVString@UnBCL@@@_@UnBCL@@QEAA@AEBV012@@Z
??0?$SerializableArrayBase@PEAVString@UnBCL@@@_@UnBCL@@QEAA@XZ
??0?$SerializableArrayListBase@PEAVString@UnBCL@@@_@UnBCL@@QEAA@AEBV012@@Z
??0?$SerializableArrayListBase@PEAVString@UnBCL@@@_@UnBCL@@QEAA@XZ
??0?$SerializableArrayListPrimitiveBase@G@_@UnBCL@@QEAA@AEBV012@@Z
??0?$SerializableArrayListPrimitiveBase@G@_@UnBCL@@QEAA@XZ
??0?$SerializableBase@V?$Array@E@UnBCL@@$0A@V?$SimpleInstanceFactory@$1?NewLarvalArray@?$StaticArrayOps@E@_@UnBCL@@SAPEAUISerializable@4@XZ@2@@UnBCL@@IEAA@XZ
??0?$SerializableBase@V?$Array@E@UnBCL@@$0A@V?$SimpleInstanceFactory@$1?NewLarvalArray@?$StaticArrayOps@E@_@UnBCL@@SAPEAUISerializable@4@XZ@2@@UnBCL@@QEAA@AEBV01@@Z
??0?$SerializableBase@V?$Array@G@UnBCL@@$0A@V?$SimpleInstanceFactory@$1?NewLarvalArray@?$StaticArrayOps@G@_@UnBCL@@SAPEAUISerializable@4@XZ@2@@UnBCL@@IEAA@XZ
??0?$SerializableBase@V?$Array@G@UnBCL@@$0A@V?$SimpleInstanceFactory@$1?NewLarvalArray@?$StaticArrayOps@G@_@UnBCL@@SAPEAUISerializable@4@XZ@2@@UnBCL@@QEAA@AEBV01@@Z
??0?$SerializableBase@V?$Array@H@UnBCL@@$0A@V?$SimpleInstanceFactory@$1?NewLarvalArray@?$StaticArrayOps@H@_@UnBCL@@SAPEAUISerializable@4@XZ@2@@UnBCL@@IEAA@XZ
??0?$SerializableBase@V?$Array@H@UnBCL@@$0A@V?$SimpleInstanceFactory@$1?NewLarvalArray@?$StaticArrayOps@H@_@UnBCL@@SAPEAUISerializable@4@XZ@2@@UnBCL@@QEAA@AEBV01@@Z
??0?$SerializableBase@V?$Array@PEAVString@UnBCL@@@UnBCL@@$0A@V?$SimpleInstanceFactory@$1?NewLarvalArray@?$StaticArrayOps@PEAVString@UnBCL@@@_@UnBCL@@SAPEAUISerializable@4@XZ@2@@UnBCL@@IEAA@XZ
??0?$SerializableBase@V?$Array@PEAVString@UnBCL@@@UnBCL@@$0A@V?$SimpleInstanceFactory@$1?NewLarvalArray@?$StaticArrayOps@PEAVString@UnBCL@@@_@UnBCL@@SAPEAUISerializable@4@XZ@2@@UnBCL@@QEAA@AEBV01@@Z
??0?$SerializableBase@V?$ArrayList@G@UnBCL@@$0A@V?$SimpleInstanceFactory@$1?OperatorNew@?$StaticOps@V?$ArrayList@G@UnBCL@@@_@UnBCL@@SAPEAUISerializable@4@XZ@2@@UnBCL@@IEAA@XZ
??0?$SerializableBase@V?$ArrayList@G@UnBCL@@$0A@V?$SimpleInstanceFactory@$1?OperatorNew@?$StaticOps@V?$ArrayList@G@UnBCL@@@_@UnBCL@@SAPEAUISerializable@4@XZ@2@@UnBCL@@QEAA@AEBV01@@Z
??0?$SerializableBase@V?$ArrayList@PEAVString@UnBCL@@@UnBCL@@$0A@V?$SimpleInstanceFactory@$1?OperatorNew@?$StaticOps@V?$ArrayList@PEAVString@UnBCL@@@UnBCL@@@_@UnBCL@@SAPEAUISerializable@4@XZ@2@@UnBCL@@IEAA@XZ
??0?$SerializableBase@V?$ArrayList@PEAVString@UnBCL@@@UnBCL@@$0A@V?$SimpleInstanceFactory@$1?OperatorNew@?$StaticOps@V?$ArrayList@PEAVString@UnBCL@@@UnBCL@@@_@UnBCL@@SAPEAUISerializable@4@XZ@2@@UnBCL@@QEAA@AEBV01@@Z
??0?$SerializableBase@V?$Hashtable@PEAVString@UnBCL@@PEAV12@@UnBCL@@$0A@V?$SimpleInstanceFactory@$1?OperatorNew@?$StaticOps@V?$Hashtable@PEAVString@UnBCL@@PEAV12@@UnBCL@@@_@UnBCL@@SAPEAUISerializable@4@XZ@2@@UnBCL@@IEAA@XZ
??0?$SerializableBase@V?$Hashtable@PEAVString@UnBCL@@PEAV12@@UnBCL@@$0A@V?$SimpleInstanceFactory@$1?OperatorNew@?$StaticOps@V?$Hashtable@PEAVString@UnBCL@@PEAV12@@UnBCL@@@_@UnBCL@@SAPEAUISerializable@4@XZ@2@@UnBCL@@QEAA@AEBV01@@Z
??0?$SerializableBase@V?$Stack@H@UnBCL@@$0A@V?$SimpleInstanceFactory@$1?OperatorNew@?$StaticOps@V?$Stack@H@UnBCL@@@_@UnBCL@@SAPEAUISerializable@4@XZ@2@@UnBCL@@IEAA@XZ
??0?$SerializableBase@V?$Stack@H@UnBCL@@$0A@V?$SimpleInstanceFactory@$1?OperatorNew@?$StaticOps@V?$Stack@H@UnBCL@@@_@UnBCL@@SAPEAUISerializable@4@XZ@2@@UnBCL@@QEAA@AEBV01@@Z
??0?$SerializableBase@VMultiSz@UnBCL@@$0A@V?$DefaultInstanceFactory@VMultiSz@UnBCL@@@2@@UnBCL@@IEAA@XZ
??0?$SerializableBase@VMultiSz@UnBCL@@$0A@V?$DefaultInstanceFactory@VMultiSz@UnBCL@@@2@@UnBCL@@QEAA@AEBV01@@Z
??0?$SerializableBase@VOperatingSystem@UnBCL@@$00V?$DefaultInstanceFactory@VOperatingSystem@UnBCL@@@2@@UnBCL@@IEAA@XZ
??0?$SerializableBase@VOperatingSystem@UnBCL@@$00V?$DefaultInstanceFactory@VOperatingSystem@UnBCL@@@2@@UnBCL@@QEAA@AEBV01@@Z
??0?$SerializableBase@VVersion@UnBCL@@$0A@V?$SimpleInstanceFactory@$1?OperatorNew@?$StaticOps@VVersion@UnBCL@@@_@UnBCL@@SAPEAUISerializable@4@XZ@2@@UnBCL@@IEAA@XZ
??0?$SerializableBase@VVersion@UnBCL@@$0A@V?$SimpleInstanceFactory@$1?OperatorNew@?$StaticOps@VVersion@UnBCL@@@_@UnBCL@@SAPEAUISerializable@4@XZ@2@@UnBCL@@QEAA@AEBV01@@Z
??0?$SerializableHashtableBase@PEAVString@UnBCL@@PEAV12@@_@UnBCL@@QEAA@AEBV012@@Z
??0?$SerializableHashtableBase@PEAVString@UnBCL@@PEAV12@@_@UnBCL@@QEAA@XZ
??0?$SerializableStackBase@H@_@UnBCL@@QEAA@AEBV012@@Z
??0?$SerializableStackBase@H@_@UnBCL@@QEAA@XZ
??0?$SmartPtr@V?$Array@E@UnBCL@@@UnBCL@@QEAA@AEBV01@@Z
??0?$SmartPtr@V?$Array@E@UnBCL@@@UnBCL@@QEAA@PEAV?$Array@E@1@@Z
??0?$SmartPtr@V?$Array@E@UnBCL@@@UnBCL@@QEAA@XZ
??0?$SmartPtr@V?$Array@PEAVString@UnBCL@@@UnBCL@@@UnBCL@@QEAA@AEBV01@@Z
??0?$SmartPtr@V?$Array@PEAVString@UnBCL@@@UnBCL@@@UnBCL@@QEAA@PEAV?$Array@PEAVString@UnBCL@@@1@@Z
??0?$SmartPtr@V?$Array@PEAVString@UnBCL@@@UnBCL@@@UnBCL@@QEAA@XZ
??0?$SmartPtr@V?$ArrayList@PEAVString@UnBCL@@@UnBCL@@@UnBCL@@QEAA@AEBV01@@Z
??0?$SmartPtr@V?$ArrayList@PEAVString@UnBCL@@@UnBCL@@@UnBCL@@QEAA@PEAV?$ArrayList@PEAVString@UnBCL@@@1@@Z
??0?$SmartPtr@V?$ArrayList@PEAVString@UnBCL@@@UnBCL@@@UnBCL@@QEAA@XZ
??0?$SmartPtr@VDecoder@UnBCL@@@UnBCL@@QEAA@AEBV01@@Z
??0?$SmartPtr@VDecoder@UnBCL@@@UnBCL@@QEAA@PEAVDecoder@1@@Z
??0?$SmartPtr@VDecoder@UnBCL@@@UnBCL@@QEAA@XZ
??0?$SmartPtr@VEncoding@UnBCL@@@UnBCL@@QEAA@AEBV01@@Z
??0?$SmartPtr@VEncoding@UnBCL@@@UnBCL@@QEAA@PEAVEncoding@1@@Z
??0?$SmartPtr@VEncoding@UnBCL@@@UnBCL@@QEAA@XZ
??0?$SmartPtr@VObject@UnBCL@@@UnBCL@@QEAA@AEBV01@@Z
??0?$SmartPtr@VObject@UnBCL@@@UnBCL@@QEAA@PEAVObject@1@@Z
??0?$SmartPtr@VObject@UnBCL@@@UnBCL@@QEAA@XZ
??0?$SmartPtr@VSerializationId@UnBCL@@@UnBCL@@QEAA@AEBV01@@Z
??0?$SmartPtr@VSerializationId@UnBCL@@@UnBCL@@QEAA@PEAVSerializationId@1@@Z
??0?$SmartPtr@VSerializationId@UnBCL@@@UnBCL@@QEAA@XZ
??0?$SmartPtr@VSerializationStream@UnBCL@@@UnBCL@@QEAA@AEBV01@@Z
??0?$SmartPtr@VSerializationStream@UnBCL@@@UnBCL@@QEAA@PEAVSerializationStream@1@@Z
??0?$SmartPtr@VSerializationStream@UnBCL@@@UnBCL@@QEAA@XZ
??0?$SmartPtr@VStream@UnBCL@@@UnBCL@@QEAA@AEBV01@@Z
??0?$SmartPtr@VStream@UnBCL@@@UnBCL@@QEAA@PEAVStream@1@@Z
??0?$SmartPtr@VStream@UnBCL@@@UnBCL@@QEAA@XZ
??0?$SmartPtr@VString@UnBCL@@@UnBCL@@QEAA@AEBV01@@Z
??0?$SmartPtr@VString@UnBCL@@@UnBCL@@QEAA@PEAVString@1@@Z
??0?$SmartPtr@VString@UnBCL@@@UnBCL@@QEAA@XZ
??0?$SmartPtr@VVersion@UnBCL@@@UnBCL@@QEAA@AEBV01@@Z
??0?$SmartPtr@VVersion@UnBCL@@@UnBCL@@QEAA@PEAVVersion@1@@Z
??0?$SmartPtr@VVersion@UnBCL@@@UnBCL@@QEAA@XZ
??0?$SmartPtr@VXmlNamespaceManager@UnBCL@@@UnBCL@@QEAA@AEBV01@@Z
??0?$SmartPtr@VXmlNamespaceManager@UnBCL@@@UnBCL@@QEAA@PEAVXmlNamespaceManager@1@@Z
??0?$SmartPtr@VXmlNamespaceManager@UnBCL@@@UnBCL@@QEAA@XZ
??0?$Stack@H@UnBCL@@QEAA@AEBV01@@Z
??0?$Stack@H@UnBCL@@QEAA@XZ
??0?$Stack@PEAVObject@UnBCL@@@UnBCL@@QEAA@AEBV01@@Z
??0?$Stack@PEAVObject@UnBCL@@@UnBCL@@QEAA@XZ
??0ASCIIEncoding@UnBCL@@QEAA@$$QEAV01@@Z
??0ASCIIEncoding@UnBCL@@QEAA@AEBV01@@Z
??0ASCIIEncoding@UnBCL@@QEAA@XZ
??0ArgumentException@UnBCL@@QEAA@$$QEAV01@@Z
??0ArgumentException@UnBCL@@QEAA@AEBV01@@Z
??0ArgumentException@UnBCL@@QEAA@PEBG@Z
??0ArgumentException@UnBCL@@QEAA@PEBVString@1@@Z
??0ArgumentException@UnBCL@@QEAA@PEBVString@1@PEAVException@1@@Z
??0ArgumentException@UnBCL@@QEAA@XZ
??0ArgumentNullException@UnBCL@@QEAA@$$QEAV01@@Z
??0ArgumentNullException@UnBCL@@QEAA@AEBV01@@Z
??0ArgumentNullException@UnBCL@@QEAA@PEBG@Z
??0ArgumentNullException@UnBCL@@QEAA@PEBVString@1@@Z
??0ArgumentNullException@UnBCL@@QEAA@PEBVString@1@PEAVException@1@@Z
??0ArgumentNullException@UnBCL@@QEAA@XZ
??0ArgumentOutOfRangeException@UnBCL@@QEAA@$$QEAV01@@Z
??0ArgumentOutOfRangeException@UnBCL@@QEAA@AEBV01@@Z
??0ArgumentOutOfRangeException@UnBCL@@QEAA@PEBG@Z
??0ArgumentOutOfRangeException@UnBCL@@QEAA@PEBVString@1@@Z
??0ArgumentOutOfRangeException@UnBCL@@QEAA@PEBVString@1@PEAVException@1@@Z
??0ArgumentOutOfRangeException@UnBCL@@QEAA@XZ
??0ArithmeticException@UnBCL@@QEAA@$$QEAV01@@Z
??0ArithmeticException@UnBCL@@QEAA@AEBV01@@Z
??0ArithmeticException@UnBCL@@QEAA@PEBG@Z
??0ArithmeticException@UnBCL@@QEAA@PEBVString@1@@Z
??0ArithmeticException@UnBCL@@QEAA@PEBVString@1@PEAVException@1@@Z
??0ArithmeticException@UnBCL@@QEAA@XZ
??0CaseInsensitiveStringComparer@UnBCL@@QEAA@$$QEAV01@@Z
??0CaseInsensitiveStringComparer@UnBCL@@QEAA@AEBV01@@Z
??0CaseInsensitiveStringComparer@UnBCL@@QEAA@XZ
??0ConsoleLogHandler@UnBCL@@QEAA@$$QEAV01@@Z
??0ConsoleLogHandler@UnBCL@@QEAA@AEBV01@@Z
??0ConsoleLogHandler@UnBCL@@QEAA@XZ
??0Decoder@UnBCL@@QEAA@$$QEAV01@@Z
??0Decoder@UnBCL@@QEAA@AEBV01@@Z
??0Decoder@UnBCL@@QEAA@XZ
??0DirectoryInfo@UnBCL@@QEAA@$$QEAV01@@Z
??0DirectoryInfo@UnBCL@@QEAA@AEBV01@@Z
??0DirectoryInfo@UnBCL@@QEAA@XZ
??0Encoding@UnBCL@@IEAA@H@Z
??0Encoding@UnBCL@@QEAA@$$QEAV01@@Z
??0Encoding@UnBCL@@QEAA@AEBV01@@Z
??0Environment@UnBCL@@AEAA@XZ
??0Exception@UnBCL@@QEAA@AEBV01@@Z
??0Exception@UnBCL@@QEAA@PEAV01@PEBG@Z
??0Exception@UnBCL@@QEAA@PEBG@Z
??0Exception@UnBCL@@QEAA@PEBVString@1@@Z
??0Exception@UnBCL@@QEAA@PEBVString@1@PEAV01@@Z
??0Exception@UnBCL@@QEAA@XZ
??0ExternalException@UnBCL@@QEAA@$$QEAV01@@Z
??0ExternalException@UnBCL@@QEAA@AEBV01@@Z
??0ExternalException@UnBCL@@QEAA@PEBG@Z
??0ExternalException@UnBCL@@QEAA@PEBGPEAVException@1@@Z
??0ExternalException@UnBCL@@QEAA@PEBVString@1@@Z
??0ExternalException@UnBCL@@QEAA@PEBVString@1@PEAVException@1@@Z
??0ExternalException@UnBCL@@QEAA@XZ
??0FileStream@UnBCL@@QEAA@AEBV01@@Z
??0FileStream@UnBCL@@QEAA@PEAXW4FileAccess@1@@Z
??0FileStream@UnBCL@@QEAA@PEBVString@1@W4FileMode@1@W4FileAccess@1@W4FileShare@1@K@Z
??0HeapMemoryManager@UnBCL@@QEAA@AEBV01@@Z
??0HeapMemoryManager@UnBCL@@QEAA@XZ
??0IDisposable@UnBCL@@QEAA@$$QEAU01@@Z
??0IDisposable@UnBCL@@QEAA@AEBU01@@Z
??0IDisposable@UnBCL@@QEAA@XZ
??0IInstanceFactory@UnBCL@@QEAA@$$QEAU01@@Z
??0IInstanceFactory@UnBCL@@QEAA@AEBU01@@Z
??0IInstanceFactory@UnBCL@@QEAA@XZ
??0IPoolable@UnBCL@@QEAA@$$QEAU01@@Z
??0IPoolable@UnBCL@@QEAA@AEBU01@@Z
??0IPoolable@UnBCL@@QEAA@XZ
??0ISerializable@UnBCL@@QEAA@$$QEAU01@@Z
??0ISerializable@UnBCL@@QEAA@AEBU01@@Z
??0ISerializable@UnBCL@@QEAA@XZ
??0IndexOutOfRangeException@UnBCL@@QEAA@$$QEAV01@@Z
??0IndexOutOfRangeException@UnBCL@@QEAA@AEBV01@@Z
??0IndexOutOfRangeException@UnBCL@@QEAA@PEAVString@1@@Z
??0IndexOutOfRangeException@UnBCL@@QEAA@PEAVString@1@PEAVException@1@@Z
??0IndexOutOfRangeException@UnBCL@@QEAA@PEBG@Z
??0IndexOutOfRangeException@UnBCL@@QEAA@XZ
??0InvalidCastException@UnBCL@@QEAA@$$QEAV01@@Z
??0InvalidCastException@UnBCL@@QEAA@AEBV01@@Z
??0InvalidCastException@UnBCL@@QEAA@PEAVString@1@@Z
??0InvalidCastException@UnBCL@@QEAA@PEAVString@1@PEAVException@1@@Z
??0InvalidCastException@UnBCL@@QEAA@PEBG@Z
??0InvalidCastException@UnBCL@@QEAA@XZ
??0InvalidOperationException@UnBCL@@QEAA@$$QEAV01@@Z
??0InvalidOperationException@UnBCL@@QEAA@AEBV01@@Z
??0InvalidOperationException@UnBCL@@QEAA@PEBG@Z
??0InvalidOperationException@UnBCL@@QEAA@PEBVString@1@@Z
??0InvalidOperationException@UnBCL@@QEAA@PEBVString@1@PEAVException@1@@Z
??0InvalidOperationException@UnBCL@@QEAA@XZ
??0MemoryStream@UnBCL@@QEAA@AEBV01@@Z
??0MemoryStream@UnBCL@@QEAA@PEAV?$Array@E@1@HH@Z
??0MemoryStream@UnBCL@@QEAA@XZ
??0MultiSz@UnBCL@@QEAA@AEBV01@@Z
??0MultiSz@UnBCL@@QEAA@PEBE_KPEAK@Z
??0MultiSz@UnBCL@@QEAA@PEBG@Z
??0MultiSz@UnBCL@@QEAA@XZ
??0MutableString@UnBCL@@QEAA@$$QEAV01@@Z
??0MutableString@UnBCL@@QEAA@AEBV01@@Z
??0MutableString@UnBCL@@QEAA@AEBVString@1@@Z
??0MutableString@UnBCL@@QEAA@GH@Z
??0MutableString@UnBCL@@QEAA@PEBG@Z
??0MutableString@UnBCL@@QEAA@PEBGHH@Z
??0MutableString@UnBCL@@QEAA@PEBVString@1@@Z
??0MutableString@UnBCL@@QEAA@XZ
??0NotSupportedException@UnBCL@@QEAA@$$QEAV01@@Z
??0NotSupportedException@UnBCL@@QEAA@AEBV01@@Z
??0NotSupportedException@UnBCL@@QEAA@PEBG@Z
??0NotSupportedException@UnBCL@@QEAA@PEBVString@1@@Z
??0NotSupportedException@UnBCL@@QEAA@PEBVString@1@PEAVException@1@@Z
??0NotSupportedException@UnBCL@@QEAA@XZ
??0Object@UnBCL@@QEAA@AEBV01@@Z
??0Object@UnBCL@@QEAA@XZ
??0ObjectDisposedException@UnBCL@@QEAA@$$QEAV01@@Z
??0ObjectDisposedException@UnBCL@@QEAA@AEBV01@@Z
??0ObjectDisposedException@UnBCL@@QEAA@PEBG@Z
??0ObjectDisposedException@UnBCL@@QEAA@PEBVString@1@@Z
??0ObjectDisposedException@UnBCL@@QEAA@PEBVString@1@PEAVException@1@@Z
??0ObjectDisposedException@UnBCL@@QEAA@XZ
??0OperatingSystem@UnBCL@@AEAA@XZ
??0OperatingSystem@UnBCL@@QEAA@AEBV01@@Z
??0OperatingSystem@UnBCL@@QEAA@W4PlatformID@1@KPEAVVersion@1@@Z
??0OperatingSystem@UnBCL@@QEAA@W4PlatformID@1@KW4InstallationType@1@PEAVVersion@1@@Z
??0OperatingSystem@UnBCL@@QEAA@W4PlatformID@1@PEAVVersion@1@@Z
??0OperatingSystem@UnBCL@@QEAA@W4PlatformID@1@W4InstallationType@1@PEAVVersion@1@@Z
??0OutOfMemoryException@UnBCL@@QEAA@$$QEAV01@@Z
??0OutOfMemoryException@UnBCL@@QEAA@AEBV01@@Z
??0OutOfMemoryException@UnBCL@@QEAA@PEAVString@1@@Z
??0OutOfMemoryException@UnBCL@@QEAA@PEAVString@1@PEAVException@1@@Z
??0OutOfMemoryException@UnBCL@@QEAA@PEBG@Z
??0OutOfMemoryException@UnBCL@@QEAA@XZ
??0OverflowException@UnBCL@@QEAA@$$QEAV01@@Z
??0OverflowException@UnBCL@@QEAA@AEBV01@@Z
??0OverflowException@UnBCL@@QEAA@PEBG@Z
??0OverflowException@UnBCL@@QEAA@PEBVString@1@@Z
??0OverflowException@UnBCL@@QEAA@PEBVString@1@PEAVException@1@@Z
??0OverflowException@UnBCL@@QEAA@XZ
??0PathTooLongException@UnBCL@@QEAA@$$QEAV01@@Z
??0PathTooLongException@UnBCL@@QEAA@AEBV01@@Z
??0PathTooLongException@UnBCL@@QEAA@PEBG@Z
??0PathTooLongException@UnBCL@@QEAA@PEBVString@1@@Z
??0PathTooLongException@UnBCL@@QEAA@XZ
??0ScopedObjectLock@UnBCL@@QEAA@PEAVSyncObject@1@@Z
??0SerializationException@UnBCL@@QEAA@$$QEAV01@@Z
??0SerializationException@UnBCL@@QEAA@AEBV01@@Z
??0SerializationException@UnBCL@@QEAA@PEBG@Z
??0SerializationException@UnBCL@@QEAA@PEBVString@1@@Z
??0SerializationException@UnBCL@@QEAA@XZ
??0SerializationId@UnBCL@@QEAA@AEBV01@@Z
??0SerializationId@UnBCL@@QEAA@PEAVString@1@H@Z
??0SerializationStream@UnBCL@@AEAA@AEBV01@@Z
??0SerializationStream@UnBCL@@QEAA@PEAVStream@1@W4Mode@01@PEAVObject@1@@Z
??0Stream@UnBCL@@QEAA@$$QEAV01@@Z
??0Stream@UnBCL@@QEAA@AEBV01@@Z
??0Stream@UnBCL@@QEAA@XZ
??0StreamCounter@UnBCL@@QEAA@XZ
??0String@UnBCL@@QEAA@AEAVSerializationStream@1@@Z
??0String@UnBCL@@QEAA@AEBV01@@Z
??0String@UnBCL@@QEAA@GH@Z
??0String@UnBCL@@QEAA@PEBG@Z
??0String@UnBCL@@QEAA@PEBGHH@Z
??0String@UnBCL@@QEAA@PEBV01@@Z
??0String@UnBCL@@QEAA@XZ
??0StringBuilder@UnBCL@@QEAA@AEBV01@@Z
??0StringBuilder@UnBCL@@QEAA@H@Z
??0StringBuilder@UnBCL@@QEAA@PEBG@Z
??0StringBuilder@UnBCL@@QEAA@PEBVString@1@@Z
??0StringBuilder@UnBCL@@QEAA@XZ
??0StringPtr@UnBCL@@QEAA@AEBV01@@Z
??0StringPtr@UnBCL@@QEAA@PEAVString@1@@Z
??0StringPtr@UnBCL@@QEAA@PEBG@Z
??0StringPtr@UnBCL@@QEAA@V?$SmartPtr@VString@UnBCL@@@1@@Z
??0StringPtr@UnBCL@@QEAA@XZ
??0SyncObject@UnBCL@@QEAA@AEBV01@@Z
??0SyncObject@UnBCL@@QEAA@XZ
??0SystemException@UnBCL@@QEAA@$$QEAV01@@Z
??0SystemException@UnBCL@@QEAA@AEBV01@@Z
??0SystemException@UnBCL@@QEAA@PEBG@Z
??0SystemException@UnBCL@@QEAA@PEBGPEAVException@1@@Z
??0SystemException@UnBCL@@QEAA@PEBVString@1@@Z
??0SystemException@UnBCL@@QEAA@PEBVString@1@PEAVException@1@@Z
??0SystemException@UnBCL@@QEAA@XZ
??0SystemInfo@UnBCL@@QEAA@$$QEAV01@@Z
??0SystemInfo@UnBCL@@QEAA@AEBV01@@Z
??0SystemInfo@UnBCL@@QEAA@XZ
??0Type@UnBCL@@IEAA@PEAVString@1@@Z
??0Type@UnBCL@@QEAA@AEBV01@@Z
??0UnicodeEncoding@UnBCL@@QEAA@$$QEAV01@@Z
??0UnicodeEncoding@UnBCL@@QEAA@AEBV01@@Z
??0UnicodeEncoding@UnBCL@@QEAA@XZ
??0Version@UnBCL@@QEAA@AEBV01@@Z
??0Version@UnBCL@@QEAA@HH@Z
??0Version@UnBCL@@QEAA@HHH@Z
??0Version@UnBCL@@QEAA@HHHPEAVString@1@@Z
??0Version@UnBCL@@QEAA@PEBG@Z
??0Version@UnBCL@@QEAA@XZ
??0Win32Exception@UnBCL@@QEAA@$$QEAV01@@Z
??0Win32Exception@UnBCL@@QEAA@AEBV01@@Z
??0Win32Exception@UnBCL@@QEAA@K@Z
??0Win32Exception@UnBCL@@QEAA@KPEBG@Z
??0Win32Exception@UnBCL@@QEAA@KPEBGPEAVException@1@@Z
??0Win32Exception@UnBCL@@QEAA@KPEBVString@1@@Z
??0Win32Exception@UnBCL@@QEAA@KPEBVString@1@PEAVException@1@@Z
??0Win32Exception@UnBCL@@QEAA@PEBG@Z
??0Win32Exception@UnBCL@@QEAA@XZ
??0XPathException@UnBCL@@QEAA@$$QEAV01@@Z
??0XPathException@UnBCL@@QEAA@AEBV01@@Z
??0XPathException@UnBCL@@QEAA@PEAVString@1@PEAVException@1@J@Z
??0XmlAttribute@UnBCL@@IEAA@XZ
??0XmlAttribute@UnBCL@@QEAA@$$QEAV01@@Z
??0XmlAttribute@UnBCL@@QEAA@AEBV01@@Z
??0XmlAttribute@UnBCL@@QEAA@PEAUIXMLDOMNode@@@Z
??0XmlAttribute@XmlLite@UnBCL@@QEAA@$$QEAV012@@Z
??0XmlAttribute@XmlLite@UnBCL@@QEAA@AEBV012@@Z
??0XmlAttribute@XmlLite@UnBCL@@QEAA@PEBG000@Z
??0XmlAttributeCollection@UnBCL@@IEAA@XZ
??0XmlAttributeCollection@UnBCL@@QEAA@AEBV01@@Z
??0XmlAttributeCollection@UnBCL@@QEAA@PEAUIXMLDOMNamedNodeMap@@@Z
??0XmlAttributeCollection@XmlLite@UnBCL@@QEAA@AEBV012@@Z
??0XmlAttributeCollection@XmlLite@UnBCL@@QEAA@XZ
??0XmlDocument@UnBCL@@QEAA@AEBV01@@Z
??0XmlDocument@UnBCL@@QEAA@PEAUIXMLDOMDocument3@@@Z
??0XmlDocument@UnBCL@@QEAA@XZ
??0XmlDocument@XmlLite@UnBCL@@QEAA@AEBV012@@Z
??0XmlDocument@XmlLite@UnBCL@@QEAA@XZ
??0XmlException@UnBCL@@QEAA@$$QEAV01@@Z
??0XmlException@UnBCL@@QEAA@AEBV01@@Z
??0XmlException@UnBCL@@QEAA@PEAVString@1@PEAVException@1@HHJ@Z
??0XmlNamespaceManager@UnBCL@@QEAA@AEBV01@@Z
??0XmlNamespaceManager@UnBCL@@QEAA@XZ
??0XmlNode@UnBCL@@IEAA@PEAUIXMLDOMNode@@@Z
??0XmlNode@UnBCL@@IEAA@XZ
??0XmlNode@UnBCL@@QEAA@AEBV01@@Z
??0XmlNode@XmlLite@UnBCL@@QEAA@AEBV012@@Z
??0XmlNode@XmlLite@UnBCL@@QEAA@W4XmlNodeType@2@PEBG111@Z
??0XmlNodeList@UnBCL@@IEAA@XZ
??0XmlNodeList@UnBCL@@QEAA@AEBV01@@Z
??0XmlNodeList@UnBCL@@QEAA@PEAUIXMLDOMNodeList@@@Z
??0XmlNodeList@XmlLite@UnBCL@@QEAA@AEBV012@@Z
??0XmlNodeList@XmlLite@UnBCL@@QEAA@XZ
??0XmlSchemaSet@UnBCL@@QEAA@AEBV01@@Z
??0XmlSchemaSet@UnBCL@@QEAA@XZ
??1?$Array@E@UnBCL@@UEAA@XZ
??1?$Array@G@UnBCL@@UEAA@XZ
??1?$Array@H@UnBCL@@UEAA@XZ
??1?$Array@PEAVObject@UnBCL@@@UnBCL@@UEAA@XZ
??1?$Array@PEAVString@UnBCL@@@UnBCL@@UEAA@XZ
??1?$ArrayList@G@UnBCL@@UEAA@XZ
??1?$ArrayList@PEAVString@UnBCL@@@UnBCL@@UEAA@XZ
??1?$CSimpleStringT@G$0A@@ATL@@QEAA@XZ
??1?$CStringT@GV?$StrTraitATL@GV?$ChTraitsCRT@G@ATL@@@ATL@@@ATL@@QEAA@XZ
??1?$CollectionBase@PEAVObject@UnBCL@@@UnBCL@@MEAA@XZ
??1?$Hashtable@PEAVString@UnBCL@@PEAV12@@UnBCL@@UEAA@XZ
??1?$ICollection@E@UnBCL@@UEAA@XZ
??1?$ICollection@G@UnBCL@@UEAA@XZ
??1?$ICollection@H@UnBCL@@UEAA@XZ
??1?$ICollection@PEAVObject@UnBCL@@@UnBCL@@UEAA@XZ
??1?$ICollection@PEAVString@UnBCL@@@UnBCL@@UEAA@XZ
??1?$ICollection@V?$DictionaryEntry@PEAVString@UnBCL@@PEAV12@@UnBCL@@@UnBCL@@UEAA@XZ
??1?$IComparer@PEAVString@UnBCL@@@UnBCL@@UEAA@XZ
??1?$IDictionary@PEAVString@UnBCL@@PEAV12@@UnBCL@@UEAA@XZ
??1?$IList@E@UnBCL@@UEAA@XZ
??1?$IList@G@UnBCL@@UEAA@XZ
??1?$IList@H@UnBCL@@UEAA@XZ
??1?$IList@PEAVObject@UnBCL@@@UnBCL@@UEAA@XZ
??1?$IList@PEAVString@UnBCL@@@UnBCL@@UEAA@XZ
??1?$SerializableArrayBase@E@_@UnBCL@@UEAA@XZ
??1?$SerializableArrayBase@G@_@UnBCL@@UEAA@XZ
??1?$SerializableArrayBase@H@_@UnBCL@@UEAA@XZ
??1?$SerializableArrayBase@PEAVString@UnBCL@@@_@UnBCL@@UEAA@XZ
??1?$SerializableArrayListBase@PEAVString@UnBCL@@@_@UnBCL@@UEAA@XZ
??1?$SerializableArrayListPrimitiveBase@G@_@UnBCL@@UEAA@XZ
??1?$SerializableBase@V?$Array@E@UnBCL@@$0A@V?$SimpleInstanceFactory@$1?NewLarvalArray@?$StaticArrayOps@E@_@UnBCL@@SAPEAUISerializable@4@XZ@2@@UnBCL@@UEAA@XZ
??1?$SerializableBase@V?$Array@G@UnBCL@@$0A@V?$SimpleInstanceFactory@$1?NewLarvalArray@?$StaticArrayOps@G@_@UnBCL@@SAPEAUISerializable@4@XZ@2@@UnBCL@@UEAA@XZ
??1?$SerializableBase@V?$Array@H@UnBCL@@$0A@V?$SimpleInstanceFactory@$1?NewLarvalArray@?$StaticArrayOps@H@_@UnBCL@@SAPEAUISerializable@4@XZ@2@@UnBCL@@UEAA@XZ
??1?$SerializableBase@V?$Array@PEAVString@UnBCL@@@UnBCL@@$0A@V?$SimpleInstanceFactory@$1?NewLarvalArray@?$StaticArrayOps@PEAVString@UnBCL@@@_@UnBCL@@SAPEAUISerializable@4@XZ@2@@UnBCL@@UEAA@XZ
??1?$SerializableBase@V?$ArrayList@G@UnBCL@@$0A@V?$SimpleInstanceFactory@$1?OperatorNew@?$StaticOps@V?$ArrayList@G@UnBCL@@@_@UnBCL@@SAPEAUISerializable@4@XZ@2@@UnBCL@@UEAA@XZ
??1?$SerializableBase@V?$ArrayList@PEAVString@UnBCL@@@UnBCL@@$0A@V?$SimpleInstanceFactory@$1?OperatorNew@?$StaticOps@V?$ArrayList@PEAVString@UnBCL@@@UnBCL@@@_@UnBCL@@SAPEAUISerializable@4@XZ@2@@UnBCL@@UEAA@XZ
??1?$SerializableBase@V?$Hashtable@PEAVString@UnBCL@@PEAV12@@UnBCL@@$0A@V?$SimpleInstanceFactory@$1?OperatorNew@?$StaticOps@V?$Hashtable@PEAVString@UnBCL@@PEAV12@@UnBCL@@@_@UnBCL@@SAPEAUISerializable@4@XZ@2@@UnBCL@@UEAA@XZ
??1?$SerializableBase@V?$Stack@H@UnBCL@@$0A@V?$SimpleInstanceFactory@$1?OperatorNew@?$StaticOps@V?$Stack@H@UnBCL@@@_@UnBCL@@SAPEAUISerializable@4@XZ@2@@UnBCL@@UEAA@XZ
??1?$SerializableBase@VMultiSz@UnBCL@@$0A@V?$DefaultInstanceFactory@VMultiSz@UnBCL@@@2@@UnBCL@@UEAA@XZ
??1?$SerializableBase@VOperatingSystem@UnBCL@@$00V?$DefaultInstanceFactory@VOperatingSystem@UnBCL@@@2@@UnBCL@@UEAA@XZ
??1?$SerializableBase@VVersion@UnBCL@@$0A@V?$SimpleInstanceFactory@$1?OperatorNew@?$StaticOps@VVersion@UnBCL@@@_@UnBCL@@SAPEAUISerializable@4@XZ@2@@UnBCL@@UEAA@XZ
??1?$SerializableHashtableBase@PEAVString@UnBCL@@PEAV12@@_@UnBCL@@UEAA@XZ
??1?$SerializableStackBase@H@_@UnBCL@@UEAA@XZ
??1?$SmartPtr@V?$Array@E@UnBCL@@@UnBCL@@UEAA@XZ
??1?$SmartPtr@V?$Array@PEAVString@UnBCL@@@UnBCL@@@UnBCL@@UEAA@XZ
??1?$SmartPtr@V?$ArrayList@PEAVString@UnBCL@@@UnBCL@@@UnBCL@@UEAA@XZ
??1?$SmartPtr@VDecoder@UnBCL@@@UnBCL@@UEAA@XZ
??1?$SmartPtr@VEncoding@UnBCL@@@UnBCL@@UEAA@XZ
??1?$SmartPtr@VObject@UnBCL@@@UnBCL@@UEAA@XZ
??1?$SmartPtr@VSerializationId@UnBCL@@@UnBCL@@UEAA@XZ
??1?$SmartPtr@VSerializationStream@UnBCL@@@UnBCL@@UEAA@XZ
??1?$SmartPtr@VStream@UnBCL@@@UnBCL@@UEAA@XZ
??1?$SmartPtr@VString@UnBCL@@@UnBCL@@UEAA@XZ
??1?$SmartPtr@VVersion@UnBCL@@@UnBCL@@UEAA@XZ
??1?$SmartPtr@VXmlNamespaceManager@UnBCL@@@UnBCL@@UEAA@XZ
??1?$Stack@H@UnBCL@@UEAA@XZ
??1?$Stack@PEAVObject@UnBCL@@@UnBCL@@UEAA@XZ
??1ASCIIEncoding@UnBCL@@UEAA@XZ
??1ArgumentException@UnBCL@@UEAA@XZ
??1ArgumentNullException@UnBCL@@UEAA@XZ
??1ArgumentOutOfRangeException@UnBCL@@UEAA@XZ
??1ArithmeticException@UnBCL@@UEAA@XZ
??1CaseInsensitiveStringComparer@UnBCL@@UEAA@XZ
??1Decoder@UnBCL@@UEAA@XZ
??1DirectoryInfo@UnBCL@@UEAA@XZ
??1Encoding@UnBCL@@UEAA@XZ
??1Exception@UnBCL@@UEAA@XZ
??1ExternalException@UnBCL@@UEAA@XZ
??1FileStream@UnBCL@@UEAA@XZ
??1HeapMemoryManager@UnBCL@@UEAA@XZ
??1IDisposable@UnBCL@@UEAA@XZ
??1IPoolable@UnBCL@@UEAA@XZ
??1ISerializable@UnBCL@@UEAA@XZ
??1IndexOutOfRangeException@UnBCL@@UEAA@XZ
??1InvalidCastException@UnBCL@@UEAA@XZ
??1InvalidOperationException@UnBCL@@UEAA@XZ
??1MemoryStream@UnBCL@@UEAA@XZ
??1MultiSz@UnBCL@@UEAA@XZ
??1MutableString@UnBCL@@UEAA@XZ
??1NotSupportedException@UnBCL@@UEAA@XZ
??1Object@UnBCL@@UEAA@XZ
??1ObjectDisposedException@UnBCL@@UEAA@XZ

Sections

.text
Size: 607KB - Virtual size: 607KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 632KB - Virtual size: 632KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 37KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 29KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
x64__setup__build_18957/fmapi/SEMgrPS.dll
.dll windows:10 windows x64 arch:x64

7dcc2d309d96727b06e1bbb65b6597f9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

SEMgrPS.pdb

Imports

msvcrt

__C_specific_handler
malloc
_initterm
free
_amsg_exit
_XcptFilter

rpcrt4

CStdStubBuffer_IsIIDSupported
CStdStubBuffer_Connect
NdrCStdStubBuffer2_Release
NdrStubForwardingFunction
NdrDllGetClassObject
NdrDllCanUnloadNow
NdrCStdStubBuffer_Release
CStdStubBuffer_Invoke
IUnknown_QueryInterface_Proxy
CStdStubBuffer_Disconnect
CStdStubBuffer_DebugServerRelease
NdrOleAllocate
CStdStubBuffer_QueryInterface
IUnknown_AddRef_Proxy
CStdStubBuffer_DebugServerQueryInterface
CStdStubBuffer_CountRefs
IUnknown_Release_Proxy
CStdStubBuffer_AddRef
NdrOleFree
NdrStubCall3

api-ms-win-core-libraryloader-l1-2-0

DisableThreadLibraryCalls

api-ms-win-core-winrt-string-l1-1-0

HSTRING_UserUnmarshal64
HSTRING_UserSize
HSTRING_UserSize64
HSTRING_UserFree
HSTRING_UserMarshal64
HSTRING_UserUnmarshal
HSTRING_UserFree64
HSTRING_UserMarshal

api-ms-win-core-com-midlproxystub-l1-1-0

ObjectStublessClient7
ObjectStublessClient15
NdrProxyForwardingFunction23
ObjectStublessClient6
ObjectStublessClient8
ObjectStublessClient9
NdrProxyForwardingFunction21
ObjectStublessClient3
ObjectStublessClient10
ObjectStublessClient5
ObjectStublessClient11
ObjectStublessClient14
ObjectStublessClient12
ObjectStublessClient30
ObjectStublessClient16
NdrProxyForwardingFunction9
ObjectStublessClient18
NdrProxyForwardingFunction11
NdrProxyForwardingFunction13
NdrProxyForwardingFunction29
NdrProxyForwardingFunction12
ObjectStublessClient4
NdrProxyForwardingFunction10
CStdStubBuffer2_CountRefs
NdrProxyForwardingFunction6
CStdStubBuffer2_Disconnect
CStdStubBuffer2_QueryInterface
NdrProxyForwardingFunction4
NdrProxyForwardingFunction5
NdrProxyForwardingFunction3
NdrProxyForwardingFunction7
ObjectStublessClient13
CStdStubBuffer2_Connect
ObjectStublessClient22
ObjectStublessClient27
NdrProxyForwardingFunction19
ObjectStublessClient28
ObjectStublessClient20
ObjectStublessClient23
ObjectStublessClient19
ObjectStublessClient26
ObjectStublessClient17
ObjectStublessClient29
ObjectStublessClient21
ObjectStublessClient24
ObjectStublessClient25
NdrProxyForwardingFunction27
NdrProxyForwardingFunction26
NdrProxyForwardingFunction24
NdrProxyForwardingFunction18
NdrProxyForwardingFunction22
NdrProxyForwardingFunction17
NdrProxyForwardingFunction14
ObjectStublessClient31
NdrProxyForwardingFunction15
NdrProxyForwardingFunction20
NdrProxyForwardingFunction28
NdrProxyForwardingFunction8
NdrProxyForwardingFunction16
NdrProxyForwardingFunction25

oleaut32

BSTR_UserUnmarshal
BSTR_UserFree
BSTR_UserUnmarshal64
BSTR_UserSize
BSTR_UserMarshal
BSTR_UserFree64
BSTR_UserMarshal64
BSTR_UserSize64

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-processthreads-l1-1-0

TerminateProcess
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlVirtualUnwind
RtlLookupFunctionEntry

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
UnhandledExceptionFilter

Exports

Exports

DllCanUnloadNow
DllGetClassObject

Sections

.text
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 30KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 264B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1000B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
x64__setup__build_18957/fmapi/fmapi.dll
.dll windows:10 windows x64 arch:x64

9285e8e2dcde852bfe955deee3b50adb

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

fmapi.pdb

Imports

msvcrt

??1type_info@@UEAA@XZ
_initterm
_amsg_exit
_XcptFilter
_callnewh
?what@exception@@UEBAPEBDXZ
??1exception@@UEAA@XZ
??0exception@@QEAA@AEBV0@@Z
??0exception@@QEAA@AEBQEBDH@Z
malloc
memmove
_CxxThrowException
free
__C_specific_handler
wcsncmp
wcscpy_s
_wcsicmp
memcpy_s
wcschr
_purecall
_vsnwprintf
memcpy
memcmp
memset

kernel32

GetTickCount
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
Sleep
GetVersionExW
DebugBreak
GetCurrentThreadId
InitializeCriticalSectionAndSpinCount
WriteFile
CreateFileW
GetLastError
DeleteFileW
CloseHandle
MultiByteToWideChar
DosDateTimeToFileTime
SetLastError
LeaveCriticalSection
DeleteCriticalSection
ReadFile
DeviceIoControl
EnterCriticalSection
SetFilePointerEx

user32

CharUpperW

advapi32

GetTraceEnableFlags
RegCloseKey
RegOpenKeyExW
GetTraceLoggerHandle
TraceMessage
GetTraceEnableLevel
RegisterTraceGuidsW
UnregisterTraceGuids

ntdll

RtlDecompressBuffer

Exports

Exports

CloseFileRestoreContext
CreateFileRestoreContext
DetectBootSector
DetectEncryptedVolume
DetectEncryptedVolumeEx
RestoreFile
ScanRestorableFiles
SupplyDecryptionInfo

Sections

.text
Size: 60KB - Virtual size: 60KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1008B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 188B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
x64__setup__build_18957/fmapi/sppnp.dll
.dll windows:10 windows x64 arch:x64

6701f021b3c20d373c51755a736bbc37

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

sppnp.pdb

Imports

msvcrt

_vsnwprintf_s
swprintf_s
__CxxFrameHandler3
_vsnwprintf
?terminate@@YAXXZ
wcscpy_s
wcschr
toupper
_vsnprintf
_resetstkoflw
memcmp
memcpy
memmove
_onexit
__dllonexit
_unlock
_lock
_initterm
_amsg_exit
_XcptFilter
free
_callnewh
malloc
swscanf
__C_specific_handler
wcsrchr
_wcsnicmp
iswalpha
qsort
swscanf_s
_wcsicmp
wcsncpy_s
memset

ntdll

RtlFreeHeap
RtlAllocateHeap
DbgPrint
RtlAdjustPrivilege
NtDeleteValueKey
NtSetValueKey
NtQueryValueKey
RtlRaiseStatus
NtOpenKey
RtlFreeUnicodeString
RtlFormatCurrentUserKeyPath
RtlMultiByteToUnicodeN
RtlMultiByteToUnicodeSize
RtlUnicodeToMultiByteN
RtlUnicodeToMultiByteSize
NtSetInformationFile
NtQueryInformationFile
RtlGetVersion
NtDeleteKey
DbgPrintEx
NtCreateKey
NtOpenKeyEx
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
RtlNtStatusToDosError
RtlInitUnicodeString
NtUnloadKeyEx
NtQuerySystemInformation
RtlNtStatusToDosErrorNoTeb
RtlInitUnicodeStringEx
NtClose
NtQueryWnfStateData

user32

GetPropW
SetWindowPos
IsWindowVisible
GetDC
DestroyWindow
FindWindowExW
DefWindowProcW
GetMessageW
GetWindowLongW
FillRect
LoadBitmapW
SendMessageW
CreateWindowExW
LoadStringW
GetSystemMetrics
SetWindowTextW
SetClassLongPtrW
NotifyWinEvent
RegisterClassExW
SetThreadDesktop
ShowWindow
DispatchMessageW
SetTimer
MapWindowPoints
SetFocus
SetPropW
TranslateMessage
GetWindowTextW
EndPaint
BeginPaint
ReleaseDC
InvalidateRect
LoadImageW
UpdateWindow
PostQuitMessage
KillTimer
DrawTextW
GetClientRect
SetCursor

cfgmgr32

CM_Get_DevNode_Status
CMP_GetServerSideDeviceInstallFlags
CMP_WaitNoPendingInstallEvents
CM_MapCrToWin32Err
CM_Reenumerate_DevNode

setupapi

SetupDiSetDeviceRegistryPropertyW
SetupDiGetDeviceRegistryPropertyW
SetupUninstallOEMInfW
SetupGetInfPublishedNameW
SetupGetInfDriverStoreLocationW
SetupDiOpenDeviceInfoW
SetupVerifyInfFileW
SetupDiRemoveDevice
SetupDiSetDeviceInstallParamsW
SetupDiGetDevicePropertyW
SetupDiCallClassInstaller
SetupDiGetDeviceInfoListDetailW
SetupDiEnumDeviceInfo
SetupDiGetDeviceInstanceIdW
SetupDiCreateDeviceInfoList
SetupDiGetClassDevsExW
SetupDiGetDeviceInstallParamsW
PnpEnumDrpFile
PnpRepairWindowsProtectedDriver
pSetupInfGetDigitalSignatureInfo
pSetupInfSetDigitalSignatureInfo
pSetupInfIsInbox
pSetupFree
SetupWriteTextLogError
SetupWriteTextLog
SetupSetNonInteractiveMode
SetupSetThreadLogToken
SetupDiDestroyDeviceInfoList
SetupDiGetClassDevsW
SetupGetThreadLogToken

newdev

DiInstallDevice
DiInstallDriverW

oleaut32

SysAllocString
SysFreeString

wevtapi

EvtClearLog

wdscore

WdsInitialize
WdsTerminate
WdsSetupLogMessageW
ConstructPartialMsgVW
CurrentIP

drvstore

DriverStoreReflectCriticalW
DriverPackageGetVersionInfoW
DriverStoreSetLogContext
DriverStoreFindW
DriverPackageClose
DriverPackageOpenW
DriverStoreEnumW
DriverStoreEnumDeviceDriversW
DriverStoreOpenW
DriverStoreSetObjectPropertyW
DriverStoreGetObjectPropertyW
DriverStoreClose

api-ms-win-devices-query-l1-1-0

DevFreeObjects
DevGetObjects
DevSetObjectProperties

api-ms-win-core-registry-l1-1-0

RegUnLoadKeyW
RegDeleteValueW
RegOpenKeyExW
RegCreateKeyExW
RegDeleteTreeW
RegEnumKeyExW
RegQueryValueExW
RegDeleteKeyExW
RegSetValueExW
RegLoadKeyW
RegCloseKey
RegNotifyChangeKeyValue

api-ms-win-core-processthreads-l1-1-0

TerminateProcess
GetCurrentThread
GetCurrentProcess
OpenProcessToken
OpenThreadToken
SetThreadToken
GetExitCodeProcess
CreateProcessW
GetExitCodeThread
CreateThread
QueueUserAPC
ExitProcess
GetCurrentThreadId
GetCurrentProcessId

api-ms-win-core-processthreads-l1-1-1

OpenProcess

api-ms-win-security-base-l1-1-0

EqualSid
AdjustTokenPrivileges
GetSecurityDescriptorGroup
GetSecurityDescriptorOwner
IsValidSecurityDescriptor
GetSecurityDescriptorDacl
GetKernelObjectSecurity
DuplicateTokenEx
GetSecurityDescriptorSacl

api-ms-win-eventing-provider-l1-1-0

EventWriteTransfer
EventRegister
EventUnregister

api-ms-win-eventing-classicprovider-l1-1-0

GetTraceLoggerHandle
GetTraceEnableFlags
GetTraceEnableLevel
RegisterTraceGuidsW
UnregisterTraceGuids
TraceEvent

api-ms-win-service-management-l1-1-0

OpenSCManagerW
OpenServiceW
StartServiceW
CloseServiceHandle

api-ms-win-security-sddl-l1-1-0

ConvertStringSidToSidW
ConvertStringSecurityDescriptorToSecurityDescriptorW

api-ms-win-service-core-l1-1-2

GetServiceKeyNameW

api-ms-win-service-winsvc-l1-1-0

QueryServiceStatus

api-ms-win-core-errorhandling-l1-1-0

GetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter
RaiseException
SetErrorMode
SetLastError

api-ms-win-core-string-l1-1-0

CompareStringW
CompareStringOrdinal
WideCharToMultiByte

api-ms-win-core-synch-l1-1-0

WaitForMultipleObjectsEx
ReleaseMutex
CreateMutexW
EnterCriticalSection
InitializeCriticalSection
DeleteCriticalSection
ResetEvent
WaitForSingleObjectEx
SetEvent
OpenEventW
CreateEventW
WaitForSingleObject
LeaveCriticalSection
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
SleepEx

api-ms-win-core-synch-l1-2-0

SleepConditionVariableSRW
WakeAllConditionVariable
Sleep

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-processenvironment-l1-1-0

GetCommandLineA
GetEnvironmentVariableW
ExpandEnvironmentStringsW

api-ms-win-core-heap-l1-1-0

HeapAlloc
HeapReAlloc
HeapFree
GetProcessHeap

api-ms-win-core-file-l1-1-0

SetEndOfFile
CreateFileW
SetFileAttributesW
GetFileInformationByHandle
SetFilePointer
FlushFileBuffers
GetFileSize
WriteFile
FileTimeToLocalFileTime
GetFullPathNameW
DeleteFileW
GetFileAttributesW
FindNextFileW
FindFirstFileW
CompareFileTime
FindClose
CreateDirectoryW

api-ms-win-core-file-l2-1-0

MoveFileExW
CreateHardLinkW

api-ms-win-core-kernel32-legacy-l1-1-0

MulDiv
FindResourceW
LoadLibraryW

api-ms-win-security-provider-l1-1-0

SetNamedSecurityInfoW
GetNamedSecurityInfoW

api-ms-win-security-lsalookup-l2-1-0

LookupPrivilegeValueW

api-ms-win-core-libraryloader-l1-2-0

LoadResource
GetModuleHandleExW
GetProcAddress
FreeLibrary
GetModuleHandleW
GetModuleFileNameW
GetModuleFileNameA
LoadLibraryExW
SizeofResource
LockResource

api-ms-win-core-localization-l1-2-0

GetLocaleInfoEx
FormatMessageW
LCMapStringW
GetLocaleInfoW
GetThreadLocale

api-ms-win-core-memory-l1-1-0

MapViewOfFile
UnmapViewOfFile
CreateFileMappingW

api-ms-win-core-sysinfo-l1-1-0

GetSystemWindowsDirectoryW
GetTickCount64
GetTickCount
GetSystemTimeAsFileTime
GetVersionExW
GetLocalTime

api-ms-win-core-io-l1-1-0

DeviceIoControl

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

kernel32

IsDebuggerPresent
QueryFullProcessImageNameW
LocalFree
K32EnumProcesses
GetSystemDefaultUILanguage
FileTimeToSystemTime

api-ms-win-core-com-l1-1-0

CoInitializeEx
CoCreateInstance
CoUninitialize

gdi32

SetWorldTransform
SetTextAlign
SetMapMode
TextOutW
SetBrushOrgEx
BitBlt
CreateCompatibleBitmap
SelectObject
CreateCompatibleDC
StretchBlt
GetStockObject
GetDeviceCaps
GetTextAlign
GetTextExtentPoint32W
SetTextColor
SetBkMode
GetObjectW
SetBkColor
SetStretchBltMode
DeleteObject
CreateSolidBrush
CreateFontIndirectW
GdiAlphaBlend
AddFontMemResourceEx
CreateDIBitmap
GetTextMetricsW
SetGraphicsMode
SetLayout
RemoveFontMemResourceEx
DeleteDC
SetTextCharacterExtra

Exports

Exports

Sysprep_Generalize_Pnp
Sysprep_Generalize_Pnp_Drivers
Sysprep_Respecialize_Pnp
Sysprep_RunDll_PnpW
Sysprep_Specialize_Offline_Pnp
Sysprep_Specialize_Pnp

Sections

.text
Size: 184KB - Virtual size: 183KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 77KB - Virtual size: 77KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 320B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
x64__setup__build_18957/fmapi/tzautoupdate.dll
.dll windows:10 windows x64 arch:x64

79d8dcb505a614789dc36dfffec04c74

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

tzautoupdate.pdb

Imports

msvcrt

memcpy
__dllonexit
_wtoi
_itow_s
wcschr
_wcsicmp
bsearch
cos
_vsnprintf_s
_callnewh
_CxxThrowException
_unlock
_onexit
memmove
malloc
sqrt
_XcptFilter
??0exception@@QEAA@AEBQEBD@Z
sin
memset
memcmp
_amsg_exit
?name@type_info@@QEBAPEBDXZ
??0exception@@QEAA@AEBV0@@Z
pow
free
_initterm
__CxxFrameHandler3
??0exception@@QEAA@XZ
__C_specific_handler
??1exception@@UEAA@XZ
_purecall
??3@YAXPEAX@Z
?terminate@@YAXXZ
memcpy_s
_vsnwprintf
memmove_s
_lock
?what@exception@@UEBAPEBDXZ
swprintf_s
??1type_info@@UEAA@XZ
??0exception@@QEAA@AEBQEBDH@Z
asin
atan2
wcscmp

api-ms-win-core-libraryloader-l1-2-0

GetProcAddress
GetModuleHandleExW
FreeLibrary
LoadStringW
GetModuleHandleW
LoadLibraryExW
LockResource
LoadResource
FindResourceExW
GetModuleFileNameA

api-ms-win-core-synch-l1-1-0

CreateSemaphoreExW
CreateMutexExW
SetEvent
AcquireSRWLockShared
InitializeSRWLock
DeleteCriticalSection
ReleaseSRWLockShared
EnterCriticalSection
ReleaseSRWLockExclusive
WaitForSingleObject
LeaveCriticalSection
AcquireSRWLockExclusive
InitializeCriticalSectionEx
OpenSemaphoreW
ReleaseSemaphore
CreateEventW
WaitForSingleObjectEx
ReleaseMutex

api-ms-win-core-heap-l1-1-0

HeapFree
GetProcessHeap
HeapAlloc

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
SetLastError
RaiseException
SetUnhandledExceptionFilter
GetLastError

ntdll

RtlQueryWnfStateData
RtlSubscribeWnfStateChangeNotification
RtlUnsubscribeWnfNotificationWaitForCompletion
RtlIsMultiUsersInSessionSku

api-ms-win-core-com-l1-1-0

CoWaitForMultipleHandles
CoDisconnectContext
CoCreateInstance

api-ms-win-eventing-provider-l1-1-0

EventUnregister
EventSetInformation
EventWriteTransfer
EventRegister

api-ms-win-core-threadpool-l1-2-0

CloseThreadpoolTimer
SetThreadpoolTimer
CreateThreadpoolTimer
WaitForThreadpoolTimerCallbacks

api-ms-win-core-processthreads-l1-1-0

GetCurrentThreadId
OpenProcessToken
TerminateProcess
GetCurrentProcess
GetCurrentProcessId

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
DebugBreak
IsDebuggerPresent

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-timezone-l1-1-0

GetTimeZoneInformation
GetDynamicTimeZoneInformation
SetDynamicTimeZoneInformation
SystemTimeToFileTime
SystemTimeToTzSpecificLocalTimeEx
FileTimeToSystemTime
EnumDynamicTimeZoneInformation

api-ms-win-core-winrt-error-l1-1-0

SetRestrictedErrorInfo
RoOriginateError
RoOriginateErrorW

api-ms-win-core-registry-l1-1-0

RegSetValueExW
RegGetValueW
RegEnumKeyExW
RegCreateKeyExW
RegOpenKeyExW
RegQueryValueExW
RegCloseKey

api-ms-win-core-winrt-string-l1-1-0

WindowsStringHasEmbeddedNull
WindowsCreateStringReference
WindowsGetStringRawBuffer
WindowsIsStringEmpty

api-ms-win-core-winrt-error-l1-1-1

RoGetMatchingRestrictedErrorInfo

api-ms-win-core-winrt-l1-1-0

RoGetActivationFactory
RoActivateInstance

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW
SearchPathW

api-ms-win-shcore-stream-l1-1-0

SHCreateStreamOnFileW

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW

xmllite

CreateXmlReader

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetSystemDirectoryW
GetVersionExW
GetSystemTime
GetTickCount

api-ms-win-security-base-l1-1-0

AllocateAndInitializeSid
GetTokenInformation
AdjustTokenPrivileges
CheckTokenMembership
FreeSid
DuplicateToken

api-ms-win-security-capability-l1-1-0

CapabilityCheck

api-ms-win-security-lsalookup-l2-1-0

LookupPrivilegeValueW

api-ms-win-service-winsvc-l1-1-0

RegisterServiceCtrlHandlerW
ControlService

api-ms-win-service-core-l1-1-0

SetServiceStatus

api-ms-win-core-threadpool-legacy-l1-1-0

UnregisterWaitEx

api-ms-win-core-file-l1-1-0

GetFileSizeEx
CreateFileW

api-ms-win-core-memory-l1-1-0

MapViewOfFile
CreateFileMappingW
UnmapViewOfFile

api-ms-win-core-string-l1-1-0

CompareStringW
CompareStringOrdinal

api-ms-win-core-synch-l1-2-0

Sleep
InitOnceExecuteOnce

api-ms-win-core-util-l1-1-0

DecodePointer
EncodePointer

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

ext-ms-win-session-usermgr-l1-1-0

UMgrFreeSessionUsers
UMgrEnumerateSessionUsers
UMgrQueryUserToken

combase

ord154

api-ms-win-service-management-l1-1-0

OpenServiceW
StartServiceW
OpenSCManagerW
CloseServiceHandle

api-ms-win-service-management-l2-1-0

QueryServiceConfigW
ChangeServiceConfigW

api-ms-win-service-private-l1-1-0

WaitServiceState

Exports

Exports

AttemptToUpdateTimeZone
AttemptToUpdateTimeZoneAndEnableChangeDetection
DllCanUnloadNow
DllGetActivationFactory
DllGetClassObject
ServiceMain
SvchostPushServiceGlobals

Sections

.text
Size: 107KB - Virtual size: 107KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 59KB - Virtual size: 59KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
x64__setup__build_18957/hal/KBDKOR.DLL
.dll windows:10 windows x64 arch:x64

f9c39f16f0e4c3759948a588de4efe93

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

kbdkor.pdb

Imports

ntdll

LdrDisableThreadCalloutsForDll
NtTerminateProcess
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
RtlUnhandledExceptionFilter
RtlAnsiStringToUnicodeString
RtlAppendUnicodeStringToString
NtEnumerateValueKey
RtlAppendUnicodeToString
RtlIntegerToChar
NtOpenKey
RtlInitUnicodeString
RtlCopyUnicodeString
NtClose
wcschr
NtQueryValueKey

Exports

Exports

KbdLayerDescriptor
KbdLayerMultiDescriptor
KbdLayerRealDllFile
KbdLayerRealDllFileNT4
KbdNlsLayerDescriptor

Sections

.text
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 204B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 1024B - Virtual size: 740B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 204B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
x64__setup__build_18957/hal/duser.dll
.dll windows:10 windows x64 arch:x64

a58eea7a520b65403d6a57f563000a63

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

DUser.pdb

Imports

msvcrt

memset
memmove
_beginthreadex
__CxxFrameHandler3
_isnan
_finite
pow
_wcsnicmp
realloc
_resetstkoflw
sqrt
_onexit
_wcsicmp
_unlock
_lock
__C_specific_handler
_initterm
malloc
free
_amsg_exit
_XcptFilter
memcpy
?terminate@@YAXXZ
??1type_info@@UEAA@XZ
log10f
sinf
powf
_purecall
log
fmod
floorf
floor
cosf
ceil
atan2f
atan2
_CxxThrowException
qsort
__dllonexit
sqrtf

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemTimeAsFileTime
GetVersionExA
GetSystemInfo

api-ms-win-core-libraryloader-l1-2-0

LoadLibraryExA
GetProcAddress
FreeLibrary
GetModuleHandleW
DisableThreadLibraryCalls
GetModuleFileNameA
LoadLibraryExW

api-ms-win-core-registry-l1-1-0

RegQueryValueExW
RegGetValueW
RegOpenKeyExA
RegQueryValueExA
RegOpenKeyExW
RegCloseKey

api-ms-win-core-processthreads-l1-1-0

TlsGetValue
GetCurrentProcess
GetCurrentThreadId
TlsAlloc
TlsSetValue
TlsFree
GetCurrentProcessId
GetExitCodeThread
TerminateProcess

api-ms-win-core-errorhandling-l1-1-0

SetLastError
GetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter

api-ms-win-core-com-l1-1-0

CoCreateInstance

api-ms-win-core-profile-l1-1-0

QueryPerformanceFrequency
QueryPerformanceCounter

api-ms-win-core-synch-l1-1-0

InitializeCriticalSection
DeleteCriticalSection
WaitForSingleObject
EnterCriticalSection
LeaveCriticalSection
WaitForMultipleObjectsEx
SetEvent
InitializeCriticalSectionAndSpinCount
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
CreateEventA
ResetEvent

api-ms-win-core-synch-l1-2-0

WakeAllConditionVariable
InitOnceExecuteOnce
SleepConditionVariableSRW
Sleep

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlRaiseException
RtlVirtualUnwind
RtlLookupFunctionEntry

api-ms-win-core-atoms-l1-1-0

AddAtomW
GetAtomNameW
FindAtomW
DeleteAtom

ntdll

NtSetInformationVirtualMemory
EtwLogTraceEvent
EtwUnregisterTraceGuids
EtwGetTraceEnableFlags
EtwGetTraceLoggerHandle
EtwRegisterTraceGuidsA
EtwGetTraceEnableLevel
NtQueryInformationThread

user32

DispatchMessageA
TranslateMessage
GetKeyboardState
GetParent
SendMessageW
EndPaint
IsWindow
GetClientRect
ClientToScreen
GetMonitorInfoW
SystemParametersInfoA
SendMessageA
SetRectEmpty
GetMessageA
GetMessageW
PeekMessageA
PeekMessageW
WaitMessage
GetWindowLongPtrA
SetWindowLongPtrW
DefWindowProcA
CallWindowProcW
BeginPaint
DrawTextW
WindowFromDC
SystemParametersInfoW
GetPointerDeviceRects
PostThreadMessageA
IsThreadDesktopComposited
FillRect
MsgWaitForMultipleObjectsEx
GetQueueStatus
GetMessageTime
IntersectRect
IsRectEmpty
UnionRect
OffsetRect
GetSystemMetrics
GetKeyState
PtInRect
GetDoubleClickTime
ReleaseDC
GetWindowRect
GetFocus
SetFocus
GetCursorPos
ScreenToClient
GetCapture
ChildWindowFromPointEx
ReleaseCapture
GetWindowDC
RegisterWindowMessageA
SetWindowLongPtrA
CallWindowProcA
GetWindowLongPtrW
GetDC
InvalidateRect
SetCapture
TrackMouseEvent
GetCursorInfo
GetMessagePos
PostMessageA
GetPointerType

gdi32

CreatePolygonRgn
CombineRgn
GetPixel
GetSystemPaletteEntries
GetDIBits
GetObjectType
CreateDCA
CreateRectRgn
SetWindowOrgEx
SelectClipRgn
StretchDIBits
SetViewportOrgEx
GetObjectA
OffsetRgn
GetViewportOrgEx
GetRandomRgn
SetBrushOrgEx
GetBrushOrgEx
GetCurrentObject
GetDeviceCaps
RestoreDC
SaveDC
ModifyWorldTransform
GetTextExtentExPointW
GetTextExtentPoint32W
CreateFontIndirectW
ExtTextOutW
TextOutW
D3DKMTDestroyDCFromMemory
D3DKMTCreateDCFromMemory
CreateDCW
GdiFlush
CreateDIBSection
GetClipBox
SetRectRgn
BitBlt
ExtSelectClipRgn
IntersectClipRect
GetClipRgn
GetWorldTransform
RealizePalette
SelectPalette
SetWorldTransform
SetGraphicsMode
GetWindowExtEx
GetViewportExtEx
DeleteDC
PatBlt
SelectObject
CreateCompatibleDC
CreateCompatibleBitmap
CreatePen
CreateSolidBrush
DeleteObject
GdiAlphaBlend

api-ms-win-core-heap-l1-1-0

HeapAlloc
GetProcessHeap
HeapReAlloc
HeapFree

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-interlocked-l1-1-0

QueryDepthSList
InterlockedFlushSList
InitializeSListHead
InterlockedPushEntrySList
InterlockedPopEntrySList

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryA

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-memory-l1-1-0

VirtualAlloc
VirtualFree

api-ms-win-core-util-l1-1-0

DecodePointer
EncodePointer

api-ms-win-core-processthreads-l1-1-1

FlushInstructionCache

api-ms-win-core-kernel32-legacy-l1-1-0

MulDiv

api-ms-win-core-memory-l1-1-1

VirtualUnlock

Exports

Exports

AddGadgetMessageHandler
AddLayeredRef
AdjustClipInsideRef
AttachWndProcA
AttachWndProcW
AutoTrace
BeginHideInputPaneAnimation
BeginShowInputPaneAnimation
BuildAnimation
BuildDropTarget
BuildInterpolation
CacheDWriteRenderTarget
ChangeCurrentAnimationScenario
ClearPushedOpacitiesFromGadgetTree
ClearTopmostVisual
CreateAction
CreateGadget
CustomGadgetHitTestQuery
DUserBuildGadget
DUserCastClass
DUserCastDirect
DUserCastHandle
DUserDeleteGadget
DUserFindClass
DUserFlushDeferredMessages
DUserFlushMessages
DUserGetAlphaPRID
DUserGetGutsData
DUserGetRectPRID
DUserGetRotatePRID
DUserGetScalePRID
DUserInstanceOf
DUserPostEvent
DUserPostMethod
DUserRegisterGuts
DUserRegisterStub
DUserRegisterSuper
DUserSendEvent
DUserSendMethod
DUserStopAnimation
DUserStopPVLAnimation
DeleteHandle
DestroyPendingDCVisuals
DetachGadgetVisuals
DetachWndProc
DisableContainerHwnd
DllMain
DrawGadgetTree
EndInputPaneAnimation
EnsureAnimationsEnabled
EnsureGadgetTransInitialized
EnumGadgets
FindGadgetFromPoint
FindGadgetMessages
FindGadgetTargetingInfo
FindStdColor
FireGadgetMessages
ForwardGadgetMessage
FreeGdiDxInteropStagingBuffer
GadgetTransCompositionChanged
GadgetTransSettingChanged
GetActionTimeslice
GetCachedDWriteRenderTarget
GetDUserModule
GetDebug
GetFinalAnimatingPosition
GetGadget
GetGadgetAnimation
GetGadgetBitmap
GetGadgetBufferInfo
GetGadgetCenterPoint
GetGadgetFlags
GetGadgetFocus
GetGadgetLayerInfo
GetGadgetMessageFilter
GetGadgetProperty
GetGadgetRect
GetGadgetRgn
GetGadgetRootInfo
GetGadgetRotation
GetGadgetScale
GetGadgetSize
GetGadgetStyle
GetGadgetTicket
GetGadgetVisual
GetMessageExA
GetMessageExW
GetStdColorBrushF
GetStdColorBrushI
GetStdColorF
GetStdColorI
GetStdColorName
GetStdColorPenF
GetStdColorPenI
GetStdPalette
InitGadgetComponent
InitGadgets
InvalidateGadget
InvalidateLayeredDescendants
IsGadgetParentChainStyle
IsInsideContext
IsStartDelete
LookupGadgetTicket
MapGadgetPoints
PeekMessageExA
PeekMessageExW
RegisterGadgetMessage
RegisterGadgetMessageString
RegisterGadgetProperty
ReleaseDetachedObjects
ReleaseLayeredRef
ReleaseMouseCapture
RemoveClippingImmunityFromVisual
RemoveGadgetMessageHandler
RemoveGadgetProperty
ResetDUserDevice
ScheduleGadgetTransitions
SetActionTimeslice
SetAtlasingHints
SetGadgetBufferInfo
SetGadgetCenterPoint
SetGadgetFillF
SetGadgetFillI
SetGadgetFlags
SetGadgetFocus
SetGadgetFocusEx
SetGadgetLayerInfo
SetGadgetMessageFilter
SetGadgetOrder
SetGadgetParent
SetGadgetProperty
SetGadgetRect
SetGadgetRootInfo
SetGadgetRotation
SetGadgetScale
SetGadgetStyle
SetHardwareDeviceUsage
SetMinimumDCompVersion
SetRestoreCachedLayeredRefFlag
SetTransitionVisualProperties
SetWindowResizeFlag
UnregisterGadgetMessage
UnregisterGadgetMessageString
UnregisterGadgetProperty
UtilBuildFont
UtilDrawBlendRect
UtilDrawOutlineRect
UtilGetColor
UtilSetBackground
WaitMessageEx

Sections

.text
Size: 423KB - Virtual size: 422KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 75KB - Virtual size: 75KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 440B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
x64__setup__build_18957/hal/fontext.dll
.dll windows:10 windows x64 arch:x64

15d10ff5cde51d34d0483b38e6ef093a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

fontext.pdb

Imports

msvcrt

_vsnwprintf
__CxxFrameHandler3
memcpy
memcmp
memmove
??1type_info@@UEAA@XZ
_onexit
__dllonexit
_unlock
_lock
_initterm
malloc
free
_amsg_exit
_XcptFilter
bsearch_s
_wcsnset_s
wcsstr
_wtoi
wcstok_s
_wcsicmp
__C_specific_handler
iswxdigit
wcschr
swprintf_s
memcpy_s
_CxxThrowException
memmove_s
_stricmp
_strcmpi
_vsnprintf
_vsnprintf_s
memset

propsys

VariantCompare
VariantToPropVariant
PropVariantToVariant
PSGetPropertyFromPropertyStorage
PSPropertyBag_ReadType
PSPropertyBag_ReadInt
InitPropVariantFromStringVector
InitPropVariantFromFileTime
PSCreateMemoryPropertyStore
VariantGetStringElem
VariantGetElementCount
PSFormatForDisplay
PSPropertyBag_ReadStr

shell32

ord155
ord19
SHBindToParent
SHGetPathFromIDListW
SHGetKnownFolderPath
SHGetFolderPathW
ord256
ord702
SHCreateShellItemArrayFromIDLists
SHParseDisplayName
ord25
ord701
SHCreateDataObject
ord16
SHGetIconOverlayIndexW
SHCreateDefaultContextMenu
SHGetSpecialFolderLocation
ord680
ord152
AssocCreateForClasses
ord727
ShellExecuteExW
SHChangeNotify
ord763
ord17
ord18
SHBindToObject

shlwapi

PathFindFileNameA
ord204
ord156
ord618
ord24
ord514
PathRemoveExtensionA
ord197
ord12
ord639
ord174
ord215
ord16
StrDupW
StrStrW
PathRenameExtensionW
AssocCreate
ord158
ord538
ord172
ord176
ord256
PathFileExistsW
PathCompactPathExW
StrChrW
PathStripPathW
ord619
ord268
ord199
PathRemoveFileSpecA
StrRetToBufW
PathFindExtensionW
PathRemoveFileSpecW
PathRemoveExtensionW
PathCombineW
PathIsPrefixW
SHCreateStreamOnFileW
ord219
PathAppendW
PathAddBackslashW
PathStripToRootW
PathIsUNCW
SHStrDupW
PathFindFileNameW

api-ms-win-core-libraryloader-l1-2-0

LoadStringW
LoadResource
GetProcAddress
GetModuleHandleExW
DisableThreadLibraryCalls
GetModuleFileNameA
LoadLibraryExW
FindResourceExW
LockResource
GetModuleHandleW
SizeofResource
GetModuleFileNameW

api-ms-win-core-synch-l1-1-0

WaitForSingleObjectEx
ReleaseSemaphore
WaitForSingleObject
ReleaseSRWLockExclusive
InitializeCriticalSectionEx
ReleaseSRWLockShared
AcquireSRWLockShared
ReleaseMutex
LeaveCriticalSection
AcquireSRWLockExclusive
DeleteCriticalSection
CreateSemaphoreExW
CreateMutexExW
EnterCriticalSection
OpenSemaphoreW

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapFree
HeapAlloc

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetLastError
SetLastError

api-ms-win-core-processthreads-l1-1-0

GetCurrentThreadId
GetCurrentProcessId
TerminateProcess
OpenProcessToken
GetCurrentProcess

api-ms-win-core-localization-l1-2-0

GetLocaleInfoEx
IsDBCSLeadByte
FormatMessageW
GetLocaleInfoW

api-ms-win-core-debug-l1-1-0

OutputDebugStringA
IsDebuggerPresent
DebugBreak
OutputDebugStringW

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-file-l1-1-0

GetFileAttributesW
CreateFileA
GetFileSize
CompareFileTime
GetDiskFreeSpaceExW
SetEndOfFile
CreateFileW
GetDriveTypeW
ReadFile
SetFilePointer
FindNextFileW
DeleteFileW
SetFileAttributesW
CreateDirectoryW
FindFirstFileW
FindClose

api-ms-win-core-file-l2-1-0

MoveFileExW

api-ms-win-security-base-l1-1-0

GetFileSecurityW
DuplicateToken
AccessCheck
SetSecurityDescriptorDacl
CreateWellKnownSid
InitializeSecurityDescriptor
MapGenericMask

api-ms-win-core-file-l2-1-2

CopyFileW

api-ms-win-core-string-l1-1-0

WideCharToMultiByte
CompareStringW
MultiByteToWideChar
CompareStringOrdinal
CompareStringEx

api-ms-win-core-com-l1-1-0

CoSetProxyBlanket
CoTaskMemFree
CoTaskMemAlloc
CreateStreamOnHGlobal
CoTaskMemRealloc
CoGetMalloc
StringFromGUID2
PropVariantClear
CoCreateInstance
CoUninitialize
CoInitializeEx

mpr

WNetGetConnectionW

api-ms-win-eventing-provider-l1-1-0

EventUnregister
EventActivityIdControl
EventSetInformation
EventRegister
EventWriteTransfer

api-ms-win-core-timezone-l1-1-0

SystemTimeToFileTime

api-ms-win-core-synch-l1-2-0

InitOnceComplete
InitOnceBeginInitialize
Sleep
SleepConditionVariableSRW
WakeAllConditionVariable

api-ms-win-core-heap-l2-1-0

LocalAlloc
GlobalFree
LocalFree
GlobalAlloc

api-ms-win-core-registry-l1-1-0

RegEnumValueW
RegDeleteValueW
RegQueryInfoKeyW
RegSetValueExW
RegCloseKey
RegQueryValueExW
RegCreateKeyExW
RegOpenKeyExW

api-ms-win-security-sddl-l1-1-0

ConvertStringSidToSidW

oleaut32

VariantClear
SysAllocString
VariantInit

api-ms-win-core-libraryloader-l1-2-1

FindResourceW
LoadLibraryW

api-ms-win-core-sysinfo-l1-1-0

GetSystemDirectoryW
GetSystemTime
GetSystemTimeAsFileTime
GetTickCount

api-ms-win-core-path-l1-1-0

PathCchAppend

api-ms-win-core-version-l1-1-1

GetFileVersionInfoSizeW
GetFileVersionInfoW

api-ms-win-core-version-l1-1-0

VerQueryValueW

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW

api-ms-win-core-localization-l2-1-0

GetNumberFormatEx

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlVirtualUnwind
RtlCaptureContext

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-threadpool-l1-2-0

CloseThreadpoolTimer
SetThreadpoolTimer
CreateThreadpoolTimer
WaitForThreadpoolTimerCallbacks

api-ms-win-core-memory-l1-1-0

UnmapViewOfFile
MapViewOfFile

api-ms-win-security-provider-l1-1-0

GetNamedSecurityInfoW
SetEntriesInAclW

gdi32

RemoveFontResourceExW
AddFontResourceW
RemoveFontResourceW
DeleteObject
AddFontResourceExW
EnumFontFamiliesExW
GetFontResourceInfoW
GetDeviceCaps
SetTextColor
CreateFontIndirectW
SelectObject
GetTextExtentPoint32W
GetTextMetricsW
CreateSolidBrush
CreateCompatibleDC
DeleteDC
MoveToEx
LineTo
GetTextExtentPointI
ExtTextOutW
GetTextExtentExPointI
GetTextExtentExPointW
GetGlyphIndicesW
SetBkColor
GetLayout
CreateDIBSection
SetBkMode
SetTextAlign
GetTextCharsetInfo

kernel32

CreateFileMappingA
ReleaseActCtx
_lclose
LZOpenFileW
LZClose
_lopen
LZRead
LZSeek
lstrcmpW
GlobalSize
QueryActCtxW
CreateActCtxW
FindActCtxSectionStringW
ActivateActCtx
DeactivateActCtx
GlobalUnlock
GlobalLock
lstrcmpiA
lstrlenW
MulDiv

ntdll

EtwLogTraceEvent
WinSqmAddToStream
EtwEventWriteTransfer

ole32

ReleaseStgMedium
CoGetObject
CreateBindCtx

user32

PeekMessageW
GetSysColorBrush
GetParent
GetDlgItem
CreateDialogParamW
DrawTextW
DefWindowProcW
InvalidateRect
ScrollWindowEx
SetRect
SetScrollInfo
GetClientRect
EndPaint
GetMessageW
BeginPaint
IsDialogMessageW
TranslateMessage
DispatchMessageW
SetWindowTextW
ShowWindow
SendMessageW
SetWindowLongPtrW
GetWindowLongPtrW
LoadImageW
FillRect
CreateWindowExW
RegisterClassW
GetFocus
SetWindowPos
UnregisterClassW
DestroyWindow
DrawIconEx
MessageBoxW
ReleaseDC
GetDC
GetDesktopWindow
PostMessageW
DestroyIcon
DrawTextExW
GetActiveWindow
RegisterClipboardFormatW
GetSystemMetrics
GetWindowRect
InsertMenuItemW
LoadCursorW
SetCursor
SetMenuItemInfoW
GetMenuItemInfoW
MoveWindow
SetPropW
GetPropW
SetTimer
KillTimer
RemovePropW

uxtheme

BufferedPaintInit
EndBufferedPaint
BeginBufferedPaint
BufferedPaintUnInit

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DownloadAndInstallOptionalFontsAsync
InstallFontFile

Sections

.text
Size: 217KB - Virtual size: 216KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 72KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 1024B - Virtual size: 1016B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 660KB - Virtual size: 659KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
x64__setup__build_18957/hal/hal.dll
.dll windows:10 windows x64 arch:x64

Code Sign

33:00:00:03:8d:b0:bf:e1:b0:ca:33:b3:d4:00:00:00:00:03:8d
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

05/05/2022, 19:23

Not After

04/05/2023, 19:23

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

34:25:a5:72:46:7c:d8:53:12:38:0c:aa:83:2f:60:81:92:2f:e8:86:7d:b7:1d:3d:3d:0e:35:b6:ec:9b:c2:8d
Signer

Actual PE Digest

34:25:a5:72:46:7c:d8:53:12:38:0c:aa:83:2f:60:81:92:2f:e8:86:7d:b7:1d:3d:3d:0e:35:b6:ec:9b:c2:8d

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

hal.pdb

Exports

Exports

HalAcpiGetTableEx
HalAcquireDisplayOwnership
HalAdjustResourceList
HalAllProcessorsStarted
HalAllocateAdapterChannel
HalAllocateCommonBuffer
HalAllocateCrashDumpRegisters
HalAllocateHardwareCounters
HalAssignSlotResources
HalBugCheckSystem
HalCalibratePerformanceCounter
HalClearSoftwareInterrupt
HalConvertDeviceIdtToIrql
HalDisableInterrupt
HalDisplayString
HalDmaAllocateCrashDumpRegistersEx
HalDmaFreeCrashDumpRegistersEx
HalEnableInterrupt
HalEnumerateEnvironmentVariablesEx
HalEnumerateProcessors
HalFlushCommonBuffer
HalFreeCommonBuffer
HalFreeHardwareCounters
HalGetAdapter
HalGetBusData
HalGetBusDataByOffset
HalGetEnvironmentVariable
HalGetEnvironmentVariableEx
HalGetInterruptTargetInformation
HalGetInterruptVector
HalGetMemoryCachingRequirements
HalGetMessageRoutingInfo
HalGetProcessorIdByNtNumber
HalGetVectorInput
HalHandleMcheck
HalHandleNMI
HalInitSystem
HalInitializeBios
HalInitializeOnResume
HalInitializeProcessor
HalIsHyperThreadingEnabled
HalMakeBeep
HalPerformEndOfInterrupt
HalProcessorIdle
HalQueryDisplayParameters
HalQueryEnvironmentVariableInfoEx
HalQueryMaximumProcessorCount
HalQueryRealTimeClock
HalReadDmaCounter
HalRegisterDynamicProcessor
HalRegisterErrataCallbacks
HalReportResourceUsage
HalRequestClockInterrupt
HalRequestDeferredRecoveryServiceInterrupt
HalRequestIpi
HalRequestIpiSpecifyVector
HalRequestSoftwareInterrupt
HalReturnToFirmware
HalSendNMI
HalSendSoftwareInterrupt
HalSetBusData
HalSetBusDataByOffset
HalSetDisplayParameters
HalSetEnvironmentVariable
HalSetEnvironmentVariableEx
HalSetProfileInterval
HalSetRealTimeClock
HalStartDynamicProcessor
HalStartNextProcessor
HalStartProfileInterrupt
HalStopProfileInterrupt
HalSystemVectorDispatchEntry
HalTranslateBusAddress
HalWheaUpdateCmciPolicy
IoFlushAdapterBuffers
IoFreeAdapterChannel
IoFreeMapRegisters
IoMapTransfer
IoReadPartitionTable
IoSetPartitionInformation
IoWritePartitionTable
KdComPortInUse
KdHvComPortInUse
KeFlushWriteBuffer
KeQueryPerformanceCounter
KeStallExecutionProcessor
x86BiosAllocateBuffer
x86BiosCall
x86BiosFreeBuffer
x86BiosReadMemory
x86BiosWriteMemory

Sections

.rdata
Size: 512B - Virtual size: 268B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 128B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
x64__setup__build_18957/msvcp140/PeopleAPIs.dll
.dll windows:10 windows x64 arch:x64

3708ceebfbd76f5ee22456bf33333cac

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

PeopleAPIs.pdb

Imports

msvcrt

memcpy_s
memmove
memcpy
_amsg_exit
_initterm
__C_specific_handler
_lock
_unlock
_XcptFilter
__dllonexit
?what@exception@@UEBAPEBDXZ
_CxxThrowException
??1exception@@UEAA@XZ
??0exception@@QEAA@XZ
_purecall
_onexit
??0exception@@QEAA@AEBQEBDH@Z
_callnewh
realloc
memmove_s
memcmp
__CxxFrameHandler3
?terminate@@YAXXZ
??1type_info@@UEAA@XZ
??0exception@@QEAA@AEBQEBD@Z
??_V@YAXPEAX@Z
_vsnwprintf
free
??3@YAXPEAX@Z
malloc
_vsnprintf_s
??0exception@@QEAA@AEBV0@@Z
memset

api-ms-win-core-synch-l1-2-0

InitOnceExecuteOnce
Sleep

api-ms-win-core-util-l1-1-0

DecodePointer
EncodePointer

api-ms-win-core-synch-l1-1-0

AcquireSRWLockShared
ReleaseSRWLockShared
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
InitializeSRWLock

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW
GetModuleFileNameA
FreeLibrary
DisableThreadLibraryCalls
GetModuleHandleExW
GetProcAddress

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
IsDebuggerPresent
DebugBreak

api-ms-win-core-processthreads-l1-1-0

OpenThreadToken
TerminateProcess
SetThreadToken
GetCurrentThread
GetCurrentProcess
OpenProcessToken
GetCurrentThreadId
GetCurrentProcessId

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapFree
HeapAlloc

api-ms-win-core-errorhandling-l1-1-0

GetLastError
RaiseException
UnhandledExceptionFilter
SetUnhandledExceptionFilter

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-threadpool-l1-2-0

FreeLibraryWhenCallbackReturns
CreateThreadpoolWork
CloseThreadpoolWork
SubmitThreadpoolWork

api-ms-win-shcore-sysinfo-l1-1-0

IsOS

api-ms-win-core-processthreads-l1-1-1

OpenProcess

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemTimeAsFileTime

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

DllCanUnloadNow
DllGetActivationFactory
DllGetClassObject

Sections

.text
Size: 71KB - Virtual size: 71KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 37KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 320B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1016B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
x64__setup__build_18957/msvcp140/msvcp140.dll
.dll windows:6 windows x64 arch:x64

2ba11fd5a511c8a409e705e9ab6b5dc1

Code Sign

33:00:00:01:e2:f1:7d:92:02:0e:49:f8:7f:00:00:00:00:01:e2
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/12/2020, 21:31

Not After

02/12/2021, 21:31

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08/07/2011, 20:59

Not After

08/07/2026, 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

63:ab:57:c6:16:09:87:f9:71:60:e7:ca:29:19:43:bf:bd:49:6d:37:28:c2:a0:28:54:20:42:d7:58:dd:02:bc
Signer

Actual PE Digest

63:ab:57:c6:16:09:87:f9:71:60:e7:ca:29:19:43:bf:bd:49:6d:37:28:c2:a0:28:54:20:42:d7:58:dd:02:bc

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

d:\a01\_work\2\s\\binaries\amd64ret\bin\amd64\\msvcp140.amd64.pdb

Imports

vcruntime140

__current_exception_context
__C_specific_handler
memcmp
__uncaught_exceptions
__uncaught_exception
memchr
memmove
__std_terminate
_purecall
memset
memcpy
_CxxThrowException
__AdjustPointer
__current_exception
__std_exception_destroy
__std_type_info_destroy_list
__std_exception_copy

vcruntime140_1

__CxxFrameHandler4

api-ms-win-crt-heap-l1-1-0

_callnewh
realloc
calloc
free
malloc

api-ms-win-crt-runtime-l1-1-0

_seh_filter_dll
_configure_narrow_argv
abort
_initterm_e
_initialize_narrow_environment
_execute_onexit_table
_endthreadex
_beginthreadex
terminate
_set_new_handler
_invalid_parameter_noinfo_noreturn
_register_onexit_function
_initialize_onexit_table
_initterm
_crt_atexit
_cexit
_errno

api-ms-win-crt-string-l1-1-0

isdigit
isspace
isxdigit
iswxdigit
__strncnt
wcsnlen
iswspace
isupper
wcscpy_s
iswalnum
iswdigit
isalnum
islower
_wcsdup
tolower
strcspn

api-ms-win-crt-locale-l1-1-0

_lock_locales
__pctype_func
___lc_locale_name_func
setlocale
___lc_codepage_func
___mb_cur_max_func
___lc_collate_cp_func
_unlock_locales
localeconv

api-ms-win-crt-stdio-l1-1-0

fputs
fgetwc
fseek
_fsopen
_wfsopen
fputwc
ungetwc
__stdio_common_vsprintf_s
__acrt_iob_func
_get_stream_buffer_pointers
fclose
fflush
fgetc
fgetpos
fputc
fread
fsetpos
_fseeki64
fwrite
setvbuf
ungetc

api-ms-win-crt-filesystem-l1-1-0

_unlock_file
_lock_file
_wrmdir
_wrename
_wchdir
_wremove

api-ms-win-crt-time-l1-1-0

_W_Getmonths
_W_Getdays
_Gettnames
_Getmonths
_W_Gettnames
_Wcsftime
_Getdays
_Strftime

api-ms-win-crt-environment-l1-1-0

_wgetcwd

api-ms-win-crt-math-l1-1-0

pow
powf
ldexp
frexp
logf
log

api-ms-win-crt-convert-l1-1-0

btowc
strtod
strtof

api-ms-win-crt-utility-l1-1-0

rand_s

kernel32

SubmitThreadpoolWork
RaiseException
CompareStringEx
MultiByteToWideChar
GetCPInfo
InitializeSListHead
WideCharToMultiByte
LCMapStringEx
GetLocaleInfoEx
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
CreateDirectoryW
CreateFileW
FindClose
FindFirstFileExW
FindNextFileW
GetDiskFreeSpaceExW
GetFileAttributesExW
GetCurrentProcessId
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetFileInformationByHandleEx
GetProcAddress
GetModuleHandleW
CloseThreadpoolWait
SetThreadpoolWait
CreateThreadpoolWait
CloseThreadpoolTimer
WaitForThreadpoolTimerCallbacks
SetThreadpoolTimer
CreateThreadpoolTimer
GetTickCount64
GetSystemTimeAsFileTime
GetCurrentProcessorNumber
FlushProcessWriteBuffers
CreateSemaphoreExW
CreateEventExW
SetFileInformationByHandle
InitOnceExecuteOnce
GetStringTypeW
QueryPerformanceFrequency
QueryPerformanceCounter
GetModuleHandleExW
CloseThreadpoolWork
RtlPcToFileHeader
CreateThreadpoolWork
FreeLibraryWhenCallbackReturns
IsProcessorFeaturePresent
RtlCaptureStackBackTrace
DeleteCriticalSection
TryEnterCriticalSection
InitializeCriticalSectionEx
LeaveCriticalSection
EnterCriticalSection
InitializeSRWLock
GetNativeSystemInfo
GetExitCodeThread
GetCurrentThreadId
SwitchToThread
Sleep
WaitForSingleObjectEx
SleepConditionVariableSRW
SleepConditionVariableCS
WakeAllConditionVariable
WakeConditionVariable
InitializeConditionVariable
FormatMessageA
LocalFree
DecodePointer
EncodePointer
CreateSymbolicLinkW
CreateHardLinkW
CopyFileW
GetLastError
CloseHandle
AreFileApisANSI
GetTempPathW
SetFileTime
SetFilePointerEx
SetFileAttributesW
SetEndOfFile
GetFileInformationByHandle

Exports

Exports

??$_Getvals@_W@?$time_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@IEAAX_WAEBV_Locinfo@1@@Z
??$_Getvals@_W@?$time_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@IEAAX_WAEBV_Locinfo@1@@Z
??$_Getvals@_W@?$time_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@IEAAX_WAEBV_Locinfo@1@@Z
??0?$_Yarn@D@std@@QEAA@AEBV01@@Z
??0?$_Yarn@D@std@@QEAA@PEBD@Z
??0?$_Yarn@D@std@@QEAA@XZ
??0?$_Yarn@G@std@@QEAA@AEBV01@@Z
??0?$_Yarn@G@std@@QEAA@PEBG@Z
??0?$_Yarn@G@std@@QEAA@XZ
??0?$_Yarn@_W@std@@QEAA@AEBV01@@Z
??0?$_Yarn@_W@std@@QEAA@PEB_W@Z
??0?$_Yarn@_W@std@@QEAA@XZ
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
??0?$basic_ios@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??0?$basic_ios@GU?$char_traits@G@std@@@std@@IEAA@XZ
??0?$basic_ios@GU?$char_traits@G@std@@@std@@QEAA@PEAV?$basic_streambuf@GU?$char_traits@G@std@@@1@@Z
??0?$basic_ios@_WU?$char_traits@_W@std@@@std@@IEAA@XZ
??0?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEAA@PEAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@@Z
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@IEAA@$$QEAV01@@Z
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??0?$basic_iostream@GU?$char_traits@G@std@@@std@@IEAA@$$QEAV01@@Z
??0?$basic_iostream@GU?$char_traits@G@std@@@std@@QEAA@PEAV?$basic_streambuf@GU?$char_traits@G@std@@@1@@Z
??0?$basic_iostream@_WU?$char_traits@_W@std@@@std@@IEAA@$$QEAV01@@Z
??0?$basic_iostream@_WU?$char_traits@_W@std@@@std@@QEAA@PEAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@@Z
??0?$basic_istream@DU?$char_traits@D@std@@@std@@IEAA@$$QEAV01@@Z
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N1@Z
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@W4_Uninitialized@1@@Z
??0?$basic_istream@GU?$char_traits@G@std@@@std@@IEAA@$$QEAV01@@Z
??0?$basic_istream@GU?$char_traits@G@std@@@std@@QEAA@PEAV?$basic_streambuf@GU?$char_traits@G@std@@@1@_N1@Z
??0?$basic_istream@GU?$char_traits@G@std@@@std@@QEAA@PEAV?$basic_streambuf@GU?$char_traits@G@std@@@1@_N@Z
??0?$basic_istream@GU?$char_traits@G@std@@@std@@QEAA@W4_Uninitialized@1@@Z
??0?$basic_istream@_WU?$char_traits@_W@std@@@std@@IEAA@$$QEAV01@@Z
??0?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAA@PEAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@_N1@Z
??0?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAA@PEAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@_N@Z
??0?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAA@W4_Uninitialized@1@@Z
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@IEAA@$$QEAV01@@Z
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@W4_Uninitialized@1@_N@Z
??0?$basic_ostream@GU?$char_traits@G@std@@@std@@IEAA@$$QEAV01@@Z
??0?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAA@PEAV?$basic_streambuf@GU?$char_traits@G@std@@@1@_N@Z
??0?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAA@W4_Uninitialized@1@_N@Z
??0?$basic_ostream@_WU?$char_traits@_W@std@@@std@@IEAA@$$QEAV01@@Z
??0?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAA@PEAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@_N@Z
??0?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAA@W4_Uninitialized@1@_N@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@AEBV01@@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@W4_Uninitialized@1@@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
??0?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAA@AEBV01@@Z
??0?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAA@W4_Uninitialized@1@@Z
??0?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAA@XZ
??0?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAA@AEBV01@@Z
??0?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAA@W4_Uninitialized@1@@Z
??0?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAA@XZ
??0?$codecvt@DDU_Mbstatet@@@std@@QEAA@AEBV_Locinfo@1@_K@Z
??0?$codecvt@DDU_Mbstatet@@@std@@QEAA@_K@Z
??0?$codecvt@GDU_Mbstatet@@@std@@QEAA@AEBV_Locinfo@1@_K@Z
??0?$codecvt@GDU_Mbstatet@@@std@@QEAA@_K@Z
??0?$codecvt@_SDU_Mbstatet@@@std@@QEAA@AEBV_Locinfo@1@KW4_Codecvt_mode@1@_K@Z
??0?$codecvt@_SDU_Mbstatet@@@std@@QEAA@AEBV_Locinfo@1@_K@Z
??0?$codecvt@_SDU_Mbstatet@@@std@@QEAA@_K@Z
??0?$codecvt@_UDU_Mbstatet@@@std@@QEAA@AEBV_Locinfo@1@KW4_Codecvt_mode@1@_K@Z
??0?$codecvt@_UDU_Mbstatet@@@std@@QEAA@AEBV_Locinfo@1@_K@Z
??0?$codecvt@_UDU_Mbstatet@@@std@@QEAA@_K@Z
??0?$codecvt@_WDU_Mbstatet@@@std@@QEAA@AEBV_Locinfo@1@_K@Z
??0?$codecvt@_WDU_Mbstatet@@@std@@QEAA@_K@Z
??0?$ctype@D@std@@QEAA@AEBV_Locinfo@1@_K@Z
??0?$ctype@D@std@@QEAA@PEBF_N_K@Z
??0?$ctype@G@std@@QEAA@AEBV_Locinfo@1@_K@Z
??0?$ctype@G@std@@QEAA@_K@Z
??0?$ctype@_W@std@@QEAA@AEBV_Locinfo@1@_K@Z
??0?$ctype@_W@std@@QEAA@_K@Z
??0?$num_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QEAA@AEBV_Locinfo@1@_K@Z
??0?$num_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QEAA@_K@Z
??0?$num_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QEAA@AEBV_Locinfo@1@_K@Z
??0?$num_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QEAA@_K@Z
??0?$num_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@QEAA@AEBV_Locinfo@1@_K@Z
??0?$num_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@QEAA@_K@Z
??0?$num_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QEAA@AEBV_Locinfo@1@_K@Z
??0?$num_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QEAA@_K@Z
??0?$num_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QEAA@AEBV_Locinfo@1@_K@Z
??0?$num_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QEAA@_K@Z
??0?$num_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@QEAA@AEBV_Locinfo@1@_K@Z
??0?$num_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@QEAA@_K@Z
??0?$time_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@IEAA@PEBD_K@Z
??0?$time_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QEAA@AEBV_Locinfo@1@_K@Z
??0?$time_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QEAA@_K@Z
??0?$time_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@IEAA@PEBD_K@Z
??0?$time_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QEAA@AEBV_Locinfo@1@_K@Z
??0?$time_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QEAA@_K@Z
??0?$time_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@IEAA@PEBD_K@Z
??0?$time_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@QEAA@AEBV_Locinfo@1@_K@Z
??0?$time_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@QEAA@_K@Z
??0?$time_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QEAA@AEBV_Locinfo@1@_K@Z
??0?$time_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QEAA@_K@Z
??0?$time_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@IEAA@PEBD_K@Z
??0?$time_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QEAA@AEBV_Locinfo@1@_K@Z
??0?$time_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QEAA@_K@Z
??0?$time_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@IEAA@PEBD_K@Z
??0?$time_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@QEAA@AEBV_Locinfo@1@_K@Z
??0?$time_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@QEAA@_K@Z
??0Init@ios_base@std@@QEAA@XZ
??0_Facet_base@std@@QEAA@AEBV01@@Z
??0_Facet_base@std@@QEAA@XZ
??0_Init_locks@std@@QEAA@XZ
??0_Locimp@locale@std@@AEAA@AEBV012@@Z
??0_Locimp@locale@std@@AEAA@_N@Z
??0_Locinfo@std@@QEAA@HPEBD@Z
??0_Locinfo@std@@QEAA@PEBD@Z
??0_Lockit@std@@QEAA@H@Z
??0_Lockit@std@@QEAA@XZ
??0_Timevec@std@@QEAA@AEBV01@@Z
??0_Timevec@std@@QEAA@PEAX@Z
??0_UShinit@std@@QEAA@XZ
??0_Winit@std@@QEAA@XZ
??0codecvt_base@std@@QEAA@_K@Z
??0ctype_base@std@@QEAA@_K@Z
??0facet@locale@std@@IEAA@_K@Z
??0id@locale@std@@QEAA@_K@Z
??0ios_base@std@@IEAA@XZ
??0task_continuation_context@Concurrency@@AEAA@XZ
??0time_base@std@@QEAA@_K@Z
??1?$_Yarn@D@std@@QEAA@XZ
??1?$_Yarn@G@std@@QEAA@XZ
??1?$_Yarn@_W@std@@QEAA@XZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1?$basic_ios@GU?$char_traits@G@std@@@std@@UEAA@XZ
??1?$basic_ios@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1?$basic_iostream@GU?$char_traits@G@std@@@std@@UEAA@XZ
??1?$basic_iostream@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1?$basic_istream@GU?$char_traits@G@std@@@std@@UEAA@XZ
??1?$basic_istream@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1?$basic_ostream@GU?$char_traits@G@std@@@std@@UEAA@XZ
??1?$basic_ostream@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAA@XZ
??1?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
??1?$codecvt@DDU_Mbstatet@@@std@@MEAA@XZ
??1?$codecvt@GDU_Mbstatet@@@std@@MEAA@XZ
??1?$codecvt@_SDU_Mbstatet@@@std@@MEAA@XZ
??1?$codecvt@_UDU_Mbstatet@@@std@@MEAA@XZ
??1?$codecvt@_WDU_Mbstatet@@@std@@MEAA@XZ
??1?$ctype@D@std@@MEAA@XZ
??1?$ctype@G@std@@MEAA@XZ
??1?$ctype@_W@std@@MEAA@XZ
??1?$num_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@MEAA@XZ
??1?$num_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@MEAA@XZ
??1?$num_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@MEAA@XZ
??1?$num_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@MEAA@XZ
??1?$num_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@MEAA@XZ
??1?$num_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@MEAA@XZ
??1?$time_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@MEAA@XZ
??1?$time_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@MEAA@XZ
??1?$time_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@MEAA@XZ
??1?$time_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@MEAA@XZ
??1?$time_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@MEAA@XZ
??1?$time_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@MEAA@XZ
??1Init@ios_base@std@@QEAA@XZ
??1_Facet_base@std@@UEAA@XZ
??1_Init_locks@std@@QEAA@XZ
??1_Locimp@locale@std@@MEAA@XZ
??1_Locinfo@std@@QEAA@XZ
??1_Lockit@std@@QEAA@XZ
??1_Timevec@std@@QEAA@XZ
??1_UShinit@std@@QEAA@XZ
??1_Winit@std@@QEAA@XZ
??1codecvt_base@std@@UEAA@XZ
??1ctype_base@std@@UEAA@XZ
??1facet@locale@std@@MEAA@XZ
??1ios_base@std@@UEAA@XZ
??1time_base@std@@UEAA@XZ
??4?$_Iosb@H@std@@QEAAAEAV01@$$QEAV01@@Z
??4?$_Iosb@H@std@@QEAAAEAV01@AEBV01@@Z
??4?$_Yarn@D@std@@QEAAAEAV01@AEBV01@@Z
??4?$_Yarn@D@std@@QEAAAEAV01@PEBD@Z
??4?$_Yarn@G@std@@QEAAAEAV01@AEBV01@@Z
??4?$_Yarn@G@std@@QEAAAEAV01@PEBG@Z
??4?$_Yarn@_W@std@@QEAAAEAV01@AEBV01@@Z
??4?$_Yarn@_W@std@@QEAAAEAV01@PEB_W@Z
??4?$basic_iostream@DU?$char_traits@D@std@@@std@@IEAAAEAV01@$$QEAV01@@Z
??4?$basic_iostream@GU?$char_traits@G@std@@@std@@IEAAAEAV01@$$QEAV01@@Z
??4?$basic_iostream@_WU?$char_traits@_W@std@@@std@@IEAAAEAV01@$$QEAV01@@Z
??4?$basic_istream@DU?$char_traits@D@std@@@std@@IEAAAEAV01@$$QEAV01@@Z
??4?$basic_istream@GU?$char_traits@G@std@@@std@@IEAAAEAV01@$$QEAV01@@Z
??4?$basic_istream@_WU?$char_traits@_W@std@@@std@@IEAAAEAV01@$$QEAV01@@Z
??4?$basic_ostream@DU?$char_traits@D@std@@@std@@IEAAAEAV01@$$QEAV01@@Z
??4?$basic_ostream@GU?$char_traits@G@std@@@std@@IEAAAEAV01@$$QEAV01@@Z
??4?$basic_ostream@_WU?$char_traits@_W@std@@@std@@IEAAAEAV01@$$QEAV01@@Z
??4?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAAEAV01@AEBV01@@Z
??4?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAAEAV01@AEBV01@@Z
??4?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAAAEAV01@AEBV01@@Z
??4Init@ios_base@std@@QEAAAEAV012@AEBV012@@Z
??4_Crt_new_delete@std@@QEAAAEAU01@$$QEAU01@@Z
??4_Crt_new_delete@std@@QEAAAEAU01@AEBU01@@Z
??4_Facet_base@std@@QEAAAEAV01@AEBV01@@Z
??4_Init_locks@std@@QEAAAEAV01@AEBV01@@Z
??4_Timevec@std@@QEAAAEAV01@AEBV01@@Z
??4_UShinit@std@@QEAAAEAV01@AEBV01@@Z
??4_Winit@std@@QEAAAEAV01@AEBV01@@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEAF@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEAG@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEAH@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEAI@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEAJ@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEAK@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEAM@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEAN@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEAO@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEAPEAX@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEA_J@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEA_K@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEA_N@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV?$basic_ios@DU?$char_traits@D@std@@@1@AEAV21@@Z@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@AEAF@Z
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@AEAG@Z
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@AEAH@Z
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@AEAI@Z
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@AEAJ@Z
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@AEAK@Z
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@AEAM@Z
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@AEAN@Z
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@AEAO@Z
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@AEAPEAX@Z
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@AEA_J@Z
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@AEA_K@Z
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@AEA_N@Z
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@P6AAEAV?$basic_ios@GU?$char_traits@G@std@@@1@AEAV21@@Z@Z
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@PEAV?$basic_streambuf@GU?$char_traits@G@std@@@1@@Z
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@AEAF@Z
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@AEAG@Z
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@AEAH@Z
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@AEAI@Z
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@AEAJ@Z
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@AEAK@Z
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@AEAM@Z
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@AEAN@Z
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@AEAO@Z
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@AEAPEAX@Z
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@AEA_J@Z
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@AEA_K@Z
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@AEA_N@Z
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@P6AAEAV?$basic_ios@_WU?$char_traits@_W@std@@@1@AEAV21@@Z@Z
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@PEAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@F@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@G@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@H@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@I@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@J@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@K@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@M@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@N@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@O@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV?$basic_ios@DU?$char_traits@D@std@@@1@AEAV21@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@PEBX@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@_J@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@_K@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@_N@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@F@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@G@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@H@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@I@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@J@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@K@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@M@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@N@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@O@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@P6AAEAV?$basic_ios@GU?$char_traits@G@std@@@1@AEAV21@@Z@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@PEAV?$basic_streambuf@GU?$char_traits@G@std@@@1@@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@PEBX@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@_J@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@_K@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@_N@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@F@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@G@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@H@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@I@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@J@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@K@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@M@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@N@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@O@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@P6AAEAV?$basic_ios@_WU?$char_traits@_W@std@@@1@AEAV21@@Z@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@PEAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@PEBX@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@_J@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@_K@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@_N@Z
??7ios_base@std@@QEBA_NXZ
??Bid@locale@std@@QEAA_KXZ
??Bios_base@std@@QEBA_NXZ
??_7?$basic_ios@DU?$char_traits@D@std@@@std@@6B@
??_7?$basic_ios@GU?$char_traits@G@std@@@std@@6B@
??_7?$basic_ios@_WU?$char_traits@_W@std@@@std@@6B@
??_7?$basic_iostream@DU?$char_traits@D@std@@@std@@6B@
??_7?$basic_iostream@GU?$char_traits@G@std@@@std@@6B@
??_7?$basic_iostream@_WU?$char_traits@_W@std@@@std@@6B@
??_7?$basic_istream@DU?$char_traits@D@std@@@std@@6B@
??_7?$basic_istream@GU?$char_traits@G@std@@@std@@6B@
??_7?$basic_istream@_WU?$char_traits@_W@std@@@std@@6B@
??_7?$basic_ostream@DU?$char_traits@D@std@@@std@@6B@
??_7?$basic_ostream@GU?$char_traits@G@std@@@std@@6B@
??_7?$basic_ostream@_WU?$char_traits@_W@std@@@std@@6B@
??_7?$basic_streambuf@DU?$char_traits@D@std@@@std@@6B@
??_7?$basic_streambuf@GU?$char_traits@G@std@@@std@@6B@
??_7?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@6B@
??_7?$codecvt@DDU_Mbstatet@@@std@@6B@
??_7?$codecvt@GDU_Mbstatet@@@std@@6B@
??_7?$codecvt@_SDU_Mbstatet@@@std@@6B@
??_7?$codecvt@_UDU_Mbstatet@@@std@@6B@
??_7?$codecvt@_WDU_Mbstatet@@@std@@6B@
??_7?$ctype@D@std@@6B@
??_7?$ctype@G@std@@6B@
??_7?$ctype@_W@std@@6B@
??_7?$num_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@6B@
??_7?$num_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@6B@
??_7?$num_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@6B@
??_7?$num_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@6B@
??_7?$num_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@6B@
??_7?$num_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@6B@
??_7?$time_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@6B@
??_7?$time_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@6B@
??_7?$time_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@6B@
??_7?$time_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@6B@
??_7?$time_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@6B@
??_7?$time_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@6B@
??_7_Facet_base@std@@6B@
??_7_Locimp@locale@std@@6B@
??_7codecvt_base@std@@6B@
??_7ctype_base@std@@6B@
??_7facet@locale@std@@6B@
??_7ios_base@std@@6B@
??_7time_base@std@@6B@
??_8?$basic_iostream@DU?$char_traits@D@std@@@std@@7B?$basic_istream@DU?$char_traits@D@std@@@1@@
??_8?$basic_iostream@DU?$char_traits@D@std@@@std@@7B?$basic_ostream@DU?$char_traits@D@std@@@1@@
??_8?$basic_iostream@GU?$char_traits@G@std@@@std@@7B?$basic_istream@GU?$char_traits@G@std@@@1@@
??_8?$basic_iostream@GU?$char_traits@G@std@@@std@@7B?$basic_ostream@GU?$char_traits@G@std@@@1@@
??_8?$basic_iostream@_WU?$char_traits@_W@std@@@std@@7B?$basic_istream@_WU?$char_traits@_W@std@@@1@@
??_8?$basic_iostream@_WU?$char_traits@_W@std@@@std@@7B?$basic_ostream@_WU?$char_traits@_W@std@@@1@@
??_8?$basic_istream@DU?$char_traits@D@std@@@std@@7B@
??_8?$basic_istream@GU?$char_traits@G@std@@@std@@7B@
??_8?$basic_istream@_WU?$char_traits@_W@std@@@std@@7B@
??_8?$basic_ostream@DU?$char_traits@D@std@@@std@@7B@
??_8?$basic_ostream@GU?$char_traits@G@std@@@std@@7B@
??_8?$basic_ostream@_WU?$char_traits@_W@std@@@std@@7B@
??_D?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
??_D?$basic_iostream@GU?$char_traits@G@std@@@std@@QEAAXXZ
??_D?$basic_iostream@_WU?$char_traits@_W@std@@@std@@QEAAXXZ
??_D?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAXXZ
??_D?$basic_istream@GU?$char_traits@G@std@@@std@@QEAAXXZ
??_D?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAAXXZ
??_D?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
??_D?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAXXZ
??_D?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAXXZ
??_F?$codecvt@DDU_Mbstatet@@@std@@QEAAXXZ
??_F?$codecvt@GDU_Mbstatet@@@std@@QEAAXXZ
??_F?$codecvt@_SDU_Mbstatet@@@std@@QEAAXXZ
??_F?$codecvt@_UDU_Mbstatet@@@std@@QEAAXXZ
??_F?$codecvt@_WDU_Mbstatet@@@std@@QEAAXXZ
??_F?$ctype@D@std@@QEAAXXZ
??_F?$ctype@G@std@@QEAAXXZ
??_F?$ctype@_W@std@@QEAAXXZ
??_F?$num_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QEAAXXZ
??_F?$num_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QEAAXXZ
??_F?$num_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@QEAAXXZ
??_F?$num_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QEAAXXZ
??_F?$num_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QEAAXXZ
??_F?$num_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@QEAAXXZ
??_F?$time_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QEAAXXZ
??_F?$time_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QEAAXXZ
??_F?$time_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@QEAAXXZ
??_F?$time_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QEAAXXZ
??_F?$time_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QEAAXXZ
??_F?$time_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@QEAAXXZ
??_F_Locinfo@std@@QEAAXXZ
??_F_Timevec@std@@QEAAXXZ
??_Fcodecvt_base@std@@QEAAXXZ
??_Fctype_base@std@@QEAAXXZ
??_Ffacet@locale@std@@QEAAXXZ
??_Fid@locale@std@@QEAAXXZ
??_Ftime_base@std@@QEAAXXZ
?CaptureCallstack@platform@details@Concurrency@@YA_KPEAPEAX_K1@Z
?GetCurrentThreadId@platform@details@Concurrency@@YAJXZ
?GetNextAsyncId@platform@details@Concurrency@@YAIXZ
?ReportUnhandledError@_ExceptionHolder@details@Concurrency@@AEAAXXZ
?_Addcats@_Locinfo@std@@QEAAAEAV12@HPEBD@Z
?_Addfac@_Locimp@locale@std@@AEAAXPEAVfacet@23@_K@Z
?_Addstd@ios_base@std@@SAXPEAV12@@Z
?_Assign@_ContextCallback@details@Concurrency@@AEAAXPEAX@Z
?_Atexit@@YAXP6AXXZ@Z
?_BADOFF@std@@3_JB
?_C_str@?$_Yarn@D@std@@QEBAPEBDXZ
?_C_str@?$_Yarn@G@std@@QEBAPEBGXZ
?_C_str@?$_Yarn@_W@std@@QEBAPEB_WXZ
?_CallInContext@_ContextCallback@details@Concurrency@@QEBAXV?$function@$$A6AXXZ@std@@_N@Z
?_Callfns@ios_base@std@@AEAAXW4event@12@@Z
?_Capture@_ContextCallback@details@Concurrency@@AEAAXXZ
?_Clocptr@_Locimp@locale@std@@0PEAV123@EA
?_Decref@facet@locale@std@@UEAAPEAV_Facet_base@3@XZ
?_Donarrow@?$ctype@G@std@@IEBADGD@Z
?_Donarrow@?$ctype@_W@std@@IEBAD_WD@Z
?_Dowiden@?$ctype@G@std@@IEBAGD@Z
?_Dowiden@?$ctype@_W@std@@IEBA_WD@Z
?_Empty@?$_Yarn@D@std@@QEBA_NXZ
?_Empty@?$_Yarn@G@std@@QEBA_NXZ
?_Empty@?$_Yarn@_W@std@@QEBA_NXZ
?_Execute_once@std@@YAHAEAUonce_flag@1@P6AHPEAX1PEAPEAX@Z1@Z
?_Ffmt@?$num_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@AEBAPEADPEADDH@Z
?_Ffmt@?$num_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@AEBAPEADPEADDH@Z
?_Ffmt@?$num_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@AEBAPEADPEADDH@Z
?_Findarr@ios_base@std@@AEAAAEAU_Iosarray@12@H@Z
?_Fiopen@std@@YAPEAU_iobuf@@PEBDHH@Z
?_Fiopen@std@@YAPEAU_iobuf@@PEBGHH@Z
?_Fiopen@std@@YAPEAU_iobuf@@PEB_WHH@Z
?_Fput@?$num_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@AEBA?AV?$ostreambuf_iterator@DU?$char_traits@D@std@@@2@V32@AEAVios_base@2@DPEBD_K@Z
?_Fput@?$num_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@AEBA?AV?$ostreambuf_iterator@GU?$char_traits@G@std@@@2@V32@AEAVios_base@2@GPEBD_K@Z
?_Fput@?$num_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@AEBA?AV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@2@V32@AEAVios_base@2@_WPEBD_K@Z
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?_Getcat@?$codecvt@GDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?_Getcat@?$codecvt@_SDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?_Getcat@?$codecvt@_UDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?_Getcat@?$codecvt@_WDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?_Getcat@?$ctype@D@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?_Getcat@?$ctype@G@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?_Getcat@?$ctype@_W@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?_Getcat@?$num_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?_Getcat@?$num_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?_Getcat@?$num_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?_Getcat@?$num_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?_Getcat@?$num_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?_Getcat@?$num_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?_Getcat@?$time_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?_Getcat@?$time_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?_Getcat@?$time_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?_Getcat@?$time_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?_Getcat@?$time_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?_Getcat@?$time_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?_Getcat@facet@locale@std@@SA_KPEAPEBV123@PEBV23@@Z
?_Getcoll@_Locinfo@std@@QEBA?AU_Collvec@@XZ
?_Getctype@_Locinfo@std@@QEBA?AU_Ctypevec@@XZ
?_Getcvt@_Locinfo@std@@QEBA?AU_Cvtvec@@XZ
?_Getdateorder@_Locinfo@std@@QEBAHXZ
?_Getdays@_Locinfo@std@@QEBAPEBDXZ
?_Getfalse@_Locinfo@std@@QEBAPEBDXZ
?_Getffld@?$num_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@AEBAHPEADAEAV?$istreambuf_iterator@DU?$char_traits@D@std@@@2@1AEAVios_base@2@PEAH@Z
?_Getffld@?$num_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@AEBAHPEADAEAV?$istreambuf_iterator@GU?$char_traits@G@std@@@2@1AEAVios_base@2@PEAH@Z
?_Getffld@?$num_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@AEBAHPEADAEAV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@2@1AEAVios_base@2@PEAH@Z
?_Getffldx@?$num_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@AEBAHPEADAEAV?$istreambuf_iterator@DU?$char_traits@D@std@@@2@1AEAVios_base@2@PEAH@Z
?_Getffldx@?$num_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@AEBAHPEADAEAV?$istreambuf_iterator@GU?$char_traits@G@std@@@2@1AEAVios_base@2@PEAH@Z
?_Getffldx@?$num_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@AEBAHPEADAEAV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@2@1AEAVios_base@2@PEAH@Z
?_Getfmt@?$time_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@IEBA?AV?$istreambuf_iterator@DU?$char_traits@D@std@@@2@V32@0AEAVios_base@2@AEAHPEAUtm@@PEBD@Z
?_Getfmt@?$time_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@IEBA?AV?$istreambuf_iterator@GU?$char_traits@G@std@@@2@V32@0AEAVios_base@2@AEAHPEAUtm@@PEBD@Z
?_Getfmt@?$time_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@IEBA?AV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@2@V32@0AEAVios_base@2@AEAHPEAUtm@@PEBD@Z
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
?_Getifld@?$num_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@AEBAHPEADAEAV?$istreambuf_iterator@DU?$char_traits@D@std@@@2@1HAEBVlocale@2@@Z
?_Getifld@?$num_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@AEBAHPEADAEAV?$istreambuf_iterator@GU?$char_traits@G@std@@@2@1HAEBVlocale@2@@Z
?_Getifld@?$num_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@AEBAHPEADAEAV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@2@1HAEBVlocale@2@@Z
?_Getint@?$time_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@AEBAHAEAV?$istreambuf_iterator@DU?$char_traits@D@std@@@2@0HHAEAHAEBV?$ctype@D@2@@Z
?_Getint@?$time_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@AEBAHAEAV?$istreambuf_iterator@GU?$char_traits@G@std@@@2@0HHAEAHAEBV?$ctype@G@2@@Z
?_Getint@?$time_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@AEBAHAEAV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@2@0HHAEAHAEBV?$ctype@_W@2@@Z
?_Getlconv@_Locinfo@std@@QEBAPEBUlconv@@XZ
?_Getmonths@_Locinfo@std@@QEBAPEBDXZ
?_Getname@_Locinfo@std@@QEBAPEBDXZ
?_Getptr@_Timevec@std@@QEBAPEAXXZ
?_Gettnames@_Locinfo@std@@QEBA?AV_Timevec@2@XZ
?_Gettrue@_Locinfo@std@@QEBAPEBDXZ
?_Gnavail@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBA_JXZ
?_Gnavail@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBA_JXZ
?_Gnavail@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEBA_JXZ
?_Gndec@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?_Gndec@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAPEAGXZ
?_Gndec@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAAPEA_WXZ
?_Gninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?_Gninc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAPEAGXZ
?_Gninc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAAPEA_WXZ
?_Gnpreinc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?_Gnpreinc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAPEAGXZ
?_Gnpreinc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAAPEA_WXZ
?_Id_cnt@id@locale@std@@0HA
?_Ifmt@?$num_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@AEBAPEADPEADPEBDH@Z
?_Ifmt@?$num_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@AEBAPEADPEADPEBDH@Z
?_Ifmt@?$num_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@AEBAPEADPEADPEBDH@Z
?_Incref@facet@locale@std@@UEAAXXZ
?_Index@ios_base@std@@0HA

Sections

.text
Size: 337KB - Virtual size: 336KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 182KB - Virtual size: 182KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1000B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
x64__setup__build_18957/msvcp140/ngccredprov.dll
.dll windows:10 windows x64 arch:x64

991296ebc87d927e456b677ae4022ab5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

ngccredprov.pdb

Imports

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__purecall
_o__register_onexit_function
_o__seh_filter_dll
_o__configure_narrow_argv
_o__wcsicmp
memmove
_o_free
_o_iswascii
_o_iswcntrl
_o_iswdigit
_o_iswlower
_o_iswprint
_o_iswpunct
_o_iswspace
_o_iswupper
_o_malloc
_o_terminate
_o_wcsncpy_s
_o_wmemcpy_s
__C_specific_handler
__CxxFrameHandler3
_CxxThrowException
_o__cexit
_o__callnewh
_o__execute_onexit_table
_o__errno
_o___stdio_common_vswprintf
_o___stdio_common_vsprintf_s
_o___stdio_common_vsnprintf_s
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
_o__crt_atexit
wcschr
wcsstr
__std_terminate
__CxxFrameHandler4
memcmp
_o__wcserror
memcpy

api-ms-win-crt-string-l1-1-0

strcmp
memset
wcsnlen

api-ms-win-core-libraryloader-l1-2-0

SizeofResource
LockResource
LoadResource
FindResourceExW
GetModuleHandleExW
GetProcAddress
GetModuleHandleW
DisableThreadLibraryCalls
LoadStringW
GetModuleFileNameA
FreeLibrary

api-ms-win-core-synch-l1-1-0

WaitForSingleObjectEx
ReleaseMutex
InitializeSRWLock
TryAcquireSRWLockExclusive
CreateMutexExW
WaitForSingleObject
CreateEventW
ResetEvent
ReleaseSRWLockExclusive
SetEvent
DeleteCriticalSection
AcquireSRWLockExclusive
ReleaseSRWLockShared
AcquireSRWLockShared
InitializeCriticalSectionAndSpinCount
InitializeCriticalSectionEx
LeaveCriticalSection
EnterCriticalSection
ReleaseSemaphore
OpenSemaphoreW
CreateSemaphoreExW

api-ms-win-core-heap-l1-1-0

HeapFree
HeapAlloc
GetProcessHeap

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
UnhandledExceptionFilter
RaiseException
SetLastError
GetLastError

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcessId
GetCurrentThreadId
TerminateProcess
GetCurrentProcess

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
DebugBreak
OutputDebugStringW

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-eventing-provider-l1-1-0

EventActivityIdControl
EventRegister
EventUnregister
EventSetInformation
EventWriteTransfer

api-ms-win-core-synch-l1-2-0

Sleep
InitOnceBeginInitialize
InitOnceExecuteOnce
InitOnceComplete

api-ms-win-core-winrt-error-l1-1-0

RoOriginateError
SetRestrictedErrorInfo
GetRestrictedErrorInfo

api-ms-win-core-util-l1-1-0

DecodePointer
EncodePointer

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetComputerNameExW
GetTickCount64

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-threadpool-l1-2-0

SetThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CreateThreadpoolTimer
CloseThreadpoolTimer

api-ms-win-core-com-l1-1-0

CoGetMalloc
CoInitializeEx
CoUninitialize
CoTaskMemFree
CoTaskMemAlloc

api-ms-win-security-sddl-l1-1-0

ConvertStringSidToSidW
ConvertSidToStringSidW
ConvertStringSecurityDescriptorToSecurityDescriptorW

api-ms-win-security-base-l1-1-0

CopySid
GetLengthSid
IsValidSid
EqualSid
GetTokenInformation

api-ms-win-core-heap-l2-1-0

LocalFree
LocalAlloc

api-ms-win-core-registry-l1-1-1

RegSetKeyValueW

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW

api-ms-win-core-libraryloader-l2-1-0

QueryOptionalDelayLoadedAPI

api-ms-win-core-registry-l1-1-0

RegOpenKeyExW
RegGetValueW
RegSetValueExW
RegQueryValueExW
RegLoadKeyW
RegDeleteValueW
RegEnumKeyExW
RegFlushKey
RegCreateKeyExW
RegCloseKey
RegQueryInfoKeyW
RegOpenCurrentUser
RegUnLoadKeyW
RegDeleteTreeW

rpcrt4

UuidIsNil
UuidFromStringW
UuidCreate
RpcStringFreeW
UuidToStringW
RpcBindingFree
RpcBindingBind
RpcBindingCreateW
NdrClientCall3
RpcExceptionFilter

api-ms-win-security-lsapolicy-l1-1-0

LsaClose
LsaLookupSids2
LsaFreeMemory
LsaQueryInformationPolicy
LsaOpenPolicy

ntdll

RtlUnicodeStringToAnsiString
RtlFreeAnsiString
RtlInitString
RtlIsMultiUsersInSessionSku
RtlInitUnicodeString
RtlUnsubscribeWnfNotificationWaitForCompletion
NtQueryWnfStateData
RtlSubscribeWnfStateChangeNotification
RtlPublishWnfStateData
RtlNtStatusToDosErrorNoTeb
RtlIsMultiSessionSku
RtlNtStatusToDosError
RtlGetPersistedStateLocation

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

msvcp_win

?_Xbad_function_call@std@@YAXXZ
?_Xout_of_range@std@@YAXPEBD@Z
?_Xlength_error@std@@YAXPEBD@Z
?_Decref@facet@locale@std@@UEAAPEAV_Facet_base@3@XZ
??1?$codecvt@GDU_Mbstatet@@@std@@MEAA@XZ
??0?$codecvt@GDU_Mbstatet@@@std@@QEAA@_K@Z
?do_length@?$codecvt@GDU_Mbstatet@@@std@@MEBAHAEAU_Mbstatet@@PEBD1_K@Z
?do_unshift@?$codecvt@GDU_Mbstatet@@@std@@MEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z
?do_out@?$codecvt@GDU_Mbstatet@@@std@@MEBAHAEAU_Mbstatet@@PEBG1AEAPEBGPEAD3AEAPEAD@Z
?do_encoding@?$codecvt@GDU_Mbstatet@@@std@@MEBAHXZ
?do_max_length@?$codecvt@GDU_Mbstatet@@@std@@MEBAHXZ
?do_always_noconv@?$codecvt@GDU_Mbstatet@@@std@@MEBA_NXZ
?_Incref@facet@locale@std@@UEAAXXZ
?out@?$codecvt@GDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBG1AEAPEBGPEAD3AEAPEAD@Z
?_New_Locimp@_Locimp@locale@std@@CAPEAV123@AEBV123@@Z
?_Addfac@_Locimp@locale@std@@AEAAXPEAVfacet@23@_K@Z
??Bid@locale@std@@QEAA_KXZ
?id@?$codecvt@GDU_Mbstatet@@@std@@2V0locale@2@A
??4?$_Yarn@D@std@@QEAAAEAV01@PEBD@Z
?_Init@locale@std@@CAPEAV_Locimp@12@_N@Z
?do_in@?$codecvt@GDU_Mbstatet@@@std@@MEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAG3AEAPEAG@Z

api-ms-win-core-string-l1-1-0

CompareStringEx

api-ms-win-core-file-l1-1-0

CompareFileTime

api-ms-win-core-timezone-l1-1-0

FileTimeToSystemTime

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW

api-ms-win-security-credentials-l1-1-0

CredIsMarshaledCredentialW
CredFree
CredUnmarshalCredentialW

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpiW

api-ms-win-security-lsalookup-l1-1-2

LsaLookupUserAccountType

api-ms-win-security-lsalookup-l1-1-0

LookupAccountSidLocalW
LookupAccountNameLocalW

api-ms-win-stateseparation-helpers-l1-1-0

GetPersistedRegistryLocationW

api-ms-win-core-winrt-string-l1-1-0

WindowsCreateString
WindowsGetStringRawBuffer
WindowsDeleteString

api-ms-win-core-winrt-error-l1-1-1

RoOriginateLanguageException

Exports

Exports

DllCanUnloadNow
DllGetClassObject

Sections

.text
Size: 414KB - Virtual size: 413KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 155KB - Virtual size: 155KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 1024B - Virtual size: 896B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 64KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
x64__setup__build_18957/msvcp140/provdatastore.dll
.dll windows:10 windows x64 arch:x64

825fcc442f4c6fe44c33ee1cbfd603f3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

ProvDataStore.pdb

Imports

msvcp110_win

?_Syserror_map@std@@YAPEBDH@Z
?_Xlength_error@std@@YAXPEBD@Z
?_Winerror_map@std@@YAPEBDH@Z
?_Xout_of_range@std@@YAXPEBD@Z
?_Xbad_alloc@std@@YAXXZ

msvcrt

_wcsnicmp
_wcsicmp
memmove
memcpy
_CxxThrowException
??1type_info@@UEAA@XZ
_onexit
__dllonexit
_unlock
_lock
__C_specific_handler
_initterm
free
_amsg_exit
_XcptFilter
_callnewh
malloc
_vsnprintf_s
??0exception@@QEAA@AEBV0@@Z
??0exception@@QEAA@XZ
??1exception@@UEAA@XZ
_purecall
??3@YAXPEAX@Z
memcpy_s
_vsnwprintf
??_V@YAXPEAX@Z
__CxxFrameHandler3
toupper
memset

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleExW
GetProcAddress
GetModuleHandleW
DisableThreadLibraryCalls
GetModuleFileNameA

api-ms-win-core-synch-l1-2-0

InitOnceExecuteOnce
Sleep

api-ms-win-core-synch-l1-1-0

CreateSemaphoreExW
OpenSemaphoreW
AcquireSRWLockExclusive
ReleaseMutex
CreateMutexExW
WaitForSingleObject
ReleaseSRWLockExclusive
ReleaseSRWLockShared
ReleaseSemaphore
AcquireSRWLockShared
WaitForSingleObjectEx

api-ms-win-core-heap-l1-1-0

HeapFree
HeapAlloc
GetProcessHeap

api-ms-win-core-errorhandling-l1-1-0

GetLastError
UnhandledExceptionFilter
SetLastError
SetUnhandledExceptionFilter

api-ms-win-core-winrt-string-l1-1-0

WindowsStringHasEmbeddedNull
WindowsGetStringRawBuffer
WindowsIsStringEmpty

api-ms-win-eventing-provider-l1-1-0

EventUnregister
EventRegister
EventSetInformation
EventActivityIdControl
EventWriteTransfer
EventProviderEnabled

api-ms-win-core-util-l1-1-0

DecodePointer
EncodePointer

api-ms-win-core-registry-l1-1-0

RegCloseKey
RegOpenKeyExW
RegGetValueW

api-ms-win-core-processthreads-l1-1-0

GetCurrentThreadId
GetCurrentProcessId
GetCurrentProcess
TerminateProcess

api-ms-win-core-winrt-error-l1-1-0

RoOriginateErrorW
RoOriginateError

api-ms-win-core-localization-l1-2-0

GetUserGeoID
FormatMessageW

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
DebugBreak
OutputDebugStringW

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlVirtualUnwind
RtlLookupFunctionEntry

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemTimeAsFileTime

xmllite

CreateXmlReader

provpackageapidll

OpenProvisioningPackageForRead

api-ms-win-core-com-l1-1-0

CoTaskMemRealloc
CoTaskMemFree
CoCreateGuid
CoTaskMemAlloc
CoGetClassObject

api-ms-win-core-file-l1-1-0

DeleteFileW
GetFileAttributesW

crypt32

CryptBinaryToStringW

api-ms-win-core-path-l1-1-0

PathCchAppendEx

api-ms-win-core-heap-l2-1-0

LocalAlloc

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-shlwapi-legacy-l1-1-0

PathFindExtensionW

Exports

Exports

DllCanUnloadNow
DllGetActivationFactory
DllGetClassObject
MvDsGetInfoFromMcc
MvGetMccFromGeoId
ValidateMnc

Sections

.text
Size: 66KB - Virtual size: 65KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 56B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
x64__setup__build_18957/setup.msi
.msi
x64__setup__build_18957/spoolss/MSAMRNBSource.dll
.dll regsvr32 windows:10 windows x64 arch:x64

9938a0c96978fc844aae5977e4f9f9ae

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

MSAMRNBSource.pdb

Imports

msvcrt

memcpy
__CxxFrameHandler3
_CxxThrowException
??1exception@@UEAA@XZ
??0exception@@QEAA@AEBV0@@Z
??0exception@@QEAA@AEBQEBDH@Z
??0exception@@QEAA@AEBQEBD@Z
_callnewh
memmove
malloc
_XcptFilter
_vsnwprintf
_amsg_exit
_purecall
free
__C_specific_handler
_lock
_unlock
__dllonexit
_onexit
??3@YAXPEAX@Z
??1type_info@@UEAA@XZ
memset
?what@exception@@UEBAPEBDXZ
_initterm
wcscmp

api-ms-win-core-com-l1-1-0

PropVariantCopy
StringFromGUID2
PropVariantClear

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleExW
FreeLibrary
GetModuleFileNameW
DisableThreadLibraryCalls
GetProcAddress

api-ms-win-core-registry-l1-1-0

RegDeleteKeyExW
RegCloseKey
RegSetValueExW
RegDeleteTreeW
RegCreateKeyExW

api-ms-win-core-errorhandling-l1-1-0

GetLastError
UnhandledExceptionFilter
SetLastError
SetUnhandledExceptionFilter

api-ms-win-core-synch-l1-1-0

LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
DeleteCriticalSection

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcessId
GetCurrentProcess
TerminateProcess
GetCurrentThreadId

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemTimeAsFileTime

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlVirtualUnwind
RtlLookupFunctionEntry

mfplat

MFCreateSample
MFCreateAsyncResult
MFInvokeCallback
MFPutWorkItem
MFCreateMemoryBuffer
MFCreateMediaType
MFInitMediaTypeFromWaveFormatEx
MFCreateMediaEvent
MFCreateStreamDescriptor
MFCreateEventQueue
MFCreatePresentationDescriptor

api-ms-win-core-heap-l1-1-0

HeapAlloc
HeapFree
GetProcessHeap

api-ms-win-core-processthreads-l1-1-1

GetProcessMitigationPolicy

api-ms-win-core-heap-l2-1-0

LocalAlloc
LocalFree

api-ms-win-core-handle-l1-1-0

CloseHandle

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 68KB - Virtual size: 68KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 828B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
x64__setup__build_18957/spoolss/ReportingCSP.dll
.dll windows:10 windows x64 arch:x64

a48b745e0d547af7722cb5a616f86278

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

ReportingCSP.pdb

Imports

msvcp110_win

?_BADOFF@std@@3_JB
??0?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAA@XZ
??0?$basic_ios@GU?$char_traits@G@std@@@std@@IEAA@XZ
?gbump@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXH@Z
?pbump@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXH@Z
?_Pninc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAPEAGXZ
??0?$basic_iostream@GU?$char_traits@G@std@@@std@@QEAA@PEAV?$basic_streambuf@GU?$char_traits@G@std@@@1@@Z
??1?$basic_ios@GU?$char_traits@G@std@@@std@@UEAA@XZ
??1?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAA@XZ
?_Xout_of_range@std@@YAXPEBD@Z
?_Unlock@?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAAXXZ
?showmanyc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JXZ
?uflow@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAGXZ
?xsgetn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JPEAG_J@Z
?xsputn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JPEBG_J@Z
?setbuf@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAPEAV12@PEAG_J@Z
?sync@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAHXZ
?imbue@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAXAEBVlocale@2@@Z
?_Add_vtordisp1@?$basic_istream@GU?$char_traits@G@std@@@std@@UEAAXXZ
?_Add_vtordisp2@?$basic_ostream@GU?$char_traits@G@std@@@std@@UEAAXXZ
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@H@Z
??1?$basic_iostream@GU?$char_traits@G@std@@@std@@UEAA@XZ
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@_K@Z
?_Winerror_map@std@@YAPEBDH@Z
?_Xlength_error@std@@YAXPEBD@Z
?_Xbad_alloc@std@@YAXXZ
?_Syserror_map@std@@YAPEBDH@Z
?_Lock@?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAAXXZ

msvcrt

_wcsnicmp
_wcsicmp
memmove
memcpy
_CxxThrowException
toupper
??1type_info@@UEAA@XZ
?terminate@@YAXXZ
_onexit
__dllonexit
_unlock
_lock
__C_specific_handler
_initterm
free
_amsg_exit
_XcptFilter
_callnewh
malloc
_vsnprintf_s
??0exception@@QEAA@AEBV0@@Z
??0exception@@QEAA@XZ
??1exception@@UEAA@XZ
_purecall
??3@YAXPEAX@Z
memcpy_s
_vsnwprintf
__CxxFrameHandler3
memset

api-ms-win-core-libraryloader-l1-2-0

GetProcAddress
LoadLibraryExW
GetModuleFileNameA
FreeLibrary
GetModuleHandleW
GetModuleHandleExW

api-ms-win-core-synch-l1-1-0

CreateMutexExW
AcquireSRWLockExclusive
ReleaseMutex
OpenSemaphoreW
WaitForSingleObjectEx
WaitForSingleObject
ReleaseSemaphore
ReleaseSRWLockExclusive
CreateSemaphoreExW

api-ms-win-core-heap-l1-1-0

HeapFree
HeapAlloc
GetProcessHeap

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
SetLastError
GetLastError
UnhandledExceptionFilter

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcessId
GetCurrentThreadId
GetCurrentProcess
TerminateProcess

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

DebugBreak
OutputDebugStringW
IsDebuggerPresent

api-ms-win-core-handle-l1-1-0

CloseHandle

oleaut32

SysFreeString
SysAllocStringByteLen
VariantInit
SysAllocString
VariantClear

api-ms-win-core-heap-l2-1-0

LocalFree
LocalAlloc

api-ms-win-core-registry-l1-1-0

RegDeleteTreeW
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
RegQueryInfoKeyW
RegCreateKeyExW
RegEnumKeyExW
RegSetValueExW
RegGetValueW

api-ms-win-core-com-l1-1-0

StringFromGUID2
CoTaskMemFree
CoTaskMemAlloc

api-ms-win-eventing-provider-l1-1-0

EventRegister
EventSetInformation
EventProviderEnabled
EventUnregister
EventWriteTransfer

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount

xmllite

CreateXmlWriter
CreateXmlWriterOutputWithEncodingName

policymanager

PolicyManager_GetPolicyStringGivenEnrollmentId
PolicyManager_FreeStringValue

dmiso8601utils

FileTimeToISO8601String
ISO8601StringToFileTime

dmcmnutils

IsPhoneOS

api-ms-win-core-string-l1-1-0

MultiByteToWideChar

api-ms-win-security-sddl-l1-1-0

ConvertSidToStringSidW

rpcrt4

UuidFromStringW

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

ntdll

RtlIsStateSeparationEnabled

Exports

Exports

DllCanUnloadNow
DllGetClassObject

Sections

.text
Size: 78KB - Virtual size: 77KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1016B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 708B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
x64__setup__build_18957/spoolss/spoolss.dll
.dll windows:10 windows x64 arch:x64

320c29f756c13613598fbf585762f23b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

spoolss.pdb

Imports

msvcrt

memcpy_s
memcpy
_onexit
__dllonexit
_unlock
_lock
_initterm
_amsg_exit
_XcptFilter
free
_callnewh
malloc
_vsnwprintf
__C_specific_handler
__CxxFrameHandler3
wcsrchr
memset

api-ms-win-security-base-l1-1-0

SetSecurityDescriptorDacl
SetSecurityDescriptorOwner
GetSecurityDescriptorGroup
FreeSid
AddAce
SetSecurityDescriptorGroup
MakeSelfRelativeSD
GetAce
InitializeAcl
GetLengthSid
GetAclInformation
GetSecurityDescriptorDacl
AllocateAndInitializeSid
GetSecurityDescriptorOwner
GetTokenInformation
InitializeSecurityDescriptor
GetSecurityDescriptorLength
AddAccessAllowedAce

api-ms-win-core-errorhandling-l1-1-0

SetLastError
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetLastError

api-ms-win-core-processthreads-l1-1-0

GetCurrentThreadId
ExitProcess
SetThreadToken
GetCurrentProcess
OpenThreadToken
OpenProcessToken
GetCurrentThread
GetCurrentProcessId
TerminateProcess
TlsGetValue

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
OutputDebugStringA
OutputDebugStringW
DebugBreak

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-libraryloader-l1-2-0

GetProcAddress
GetModuleFileNameA
GetModuleHandleExW
GetModuleHandleW
LoadLibraryExW
GetModuleFileNameW
FreeLibrary

api-ms-win-core-string-l1-1-0

CompareStringW

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetSystemDirectoryW
GetTickCount

api-ms-win-core-synch-l1-1-0

LeaveCriticalSection
CreateEventW
WaitForSingleObjectEx
EnterCriticalSection
ReleaseMutex
InitializeCriticalSection
SetEvent
WaitForSingleObject
DeleteCriticalSection
CreateMutexExW
CreateSemaphoreExW
ReleaseSemaphore
OpenSemaphoreW
InitializeCriticalSectionAndSpinCount

api-ms-win-core-heap-l2-1-0

LocalFree
LocalAlloc

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlCaptureContext
RtlVirtualUnwind

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapFree
HeapAlloc

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

ntdll

EtwEventWrite
EtwEventEnabled
EtwEventRegister
EtwTraceMessage
EtwEventUnregister

Exports

Exports

AbortPrinter
AddFormW
AddJobW
AddMonitorW
AddPerMachineConnectionW
AddPortExW
AddPortW
AddPrintDeviceObject
AddPrintProcessorW
AddPrintProvidorW
AddPrinterConnectionW
AddPrinterDriverExW
AddPrinterDriverW
AddPrinterExW
AddPrinterW
AdjustPointers
AdjustPointersInStructuresArray
AlignKMPtr
AlignRpcPtr
AllocSplStr
AllowRemoteCalls
AppendPrinterNotifyInfoData
BuildOtherNamesFromMachineName
CacheAddName
CacheCreateAndAddNode
CacheCreateAndAddNodeWithIPAddresses
CacheDeleteNode
CacheIsNameCluster
CacheIsNameInNodeList
CallDrvDevModeConversion
CallRouterFindFirstPrinterChangeNotification
CheckLocalCall
ClosePrinter
ConfigurePortW
CreatePrinterIC
DeleteFormW
DeleteJobNamedProperty
DeleteMonitorW
DeletePerMachineConnectionW
DeletePortW
DeletePrintProcessorW
DeletePrintProvidorW
DeletePrinter
DeletePrinterConnectionW
DeletePrinterDataExW
DeletePrinterDataW
DeletePrinterDriverExW
DeletePrinterDriverW
DeletePrinterIC
DeletePrinterKeyW
DllAllocSplMem
DllAllocSplStr
DllFreeSplMem
DllFreeSplStr
DllMain
DllReallocSplMem
DllReallocSplStr
EndDocPrinter
EndPagePrinter
EnumFormsW
EnumJobsW
EnumMonitorsW
EnumPerMachineConnectionsW
EnumPortsW
EnumPrintProcessorDatatypesW
EnumPrintProcessorsW
EnumPrinterDataExW
EnumPrinterDataW
EnumPrinterDriversW
EnumPrinterKeyW
EnumPrintersW
FindClosePrinterChangeNotification
FlushPrinter
FormatPrinterForRegistryKey
FormatRegistryKeyForPrinter
FreeOtherNames
FreePrintPropertyValue
GetFormW
GetJobAttributes
GetJobAttributesEx
GetJobNamedPropertyValue
GetJobW
GetNetworkId
GetPrintProcessorDirectoryW
GetPrinterDataExW
GetPrinterDataW
GetPrinterDriverDirectoryW
GetPrinterDriverExW
GetPrinterDriverW
GetPrinterW
GetServerPolicy
GetShrinkedSize
GetSpoolerTlsIndexes
ImpersonatePrinterClient
InitializeRouter
IsNameTheLocalMachineOrAClusterSpooler
IsNamedPipeRpcCall
MIDL_user_allocate1
MIDL_user_free1
MakeOffset
MakePTR
MarshallDownStructure
MarshallDownStructuresArray
MarshallUpStructure
MarshallUpStructuresArray
OldGetPrinterDriverW
OpenPrinter2W
OpenPrinterExW
OpenPrinterPort2W
OpenPrinterW
PackStringToEOB
PackStrings
PartialReplyPrinterChangeNotification
PlayGdiScriptOnPrinterIC
PrinterHandleRundown
PrinterMessageBoxW
ProvidorFindClosePrinterChangeNotification
ProvidorFindFirstPrinterChangeNotification
ReadPrinter
ReallocSplMem
ReallocSplStr
RemoteFindFirstPrinterChangeNotification
RemovePrintDeviceObject
ReplyClosePrinter
ReplyOpenPrinter
ReplyPrinterChangeNotification
ReplyPrinterChangeNotificationEx
ReportJobProcessingProgress
ResetPrinterW
RevertToPrinterSelf
RouterAddPrinterConnection2
RouterAllocBidiMem
RouterAllocBidiResponseContainer
RouterAllocPrinterNotifyInfo
RouterBroadcastMessage
RouterCorePrinterDriverInstalled
RouterCreatePrintAsyncNotificationChannel
RouterDeletePrinterDriverPackage
RouterFindCompatibleDriver
RouterFindFirstPrinterChangeNotification
RouterFindNextPrinterChangeNotification
RouterFreeBidiMem
RouterFreeBidiResponseContainer
RouterFreePrinterNotifyInfo
RouterGetCorePrinterDrivers
RouterGetPrintClassObject
RouterGetPrinterDriverPackagePath
RouterInstallPrinterDriverFromPackage
RouterInstallPrinterDriverPackageFromConnection
RouterInternalGetPrinterDriver
RouterRefreshPrinterChangeNotification
RouterRegisterForPrintAsyncNotifications
RouterReplyPrinter
RouterSpoolerSetPolicy
RouterUnregisterForPrintAsyncNotifications
RouterUploadPrinterDriverPackage
ScheduleJob
SeekPrinter
SendRecvBidiData
SetFormW
SetJobNamedProperty
SetJobW
SetPortW
SetPrinterDataExW
SetPrinterDataW
SetPrinterW
SplCloseSpoolFileHandle
SplCommitSpoolData
SplDriverUnloadComplete
SplGetClientUserHandle
SplGetSpoolFileInfo
SplGetUserSidStringFromToken
SplInitializeWinSpoolDrv
SplIsSessionZero
SplIsUpgrade
SplProcessPnPEvent
SplProcessSessionEvent
SplPromptUIInUsersSession
SplQueryUserInfo
SplReadPrinter
SplRegisterForDeviceEvents
SplRegisterForSessionEvents
SplShutDownRouter
SplUalCollectData
SplUnregisterForDeviceEvents
SplUnregisterForSessionEvents
SpoolerFindClosePrinterChangeNotification
SpoolerFindFirstPrinterChangeNotification
SpoolerFindNextPrinterChangeNotification
SpoolerFreePrinterNotifyInfo
SpoolerHasInitialized
SpoolerInit
SpoolerRefreshPrinterChangeNotification
StartDocPrinterW
StartPagePrinter
UndoAlignKMPtr
UndoAlignRpcPtr
UpdateBufferSize
UpdatePrintDeviceObject
UpdatePrinterRegAll
UpdatePrinterRegAllEx
UpdatePrinterRegUser
WaitForPrinterChange
WaitForSpoolerInitialization
WritePrinter
XcvDataW
bGetDevModePerUser
bSetDevModePerUser

Sections

.text
Size: 60KB - Virtual size: 60KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 30KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 288B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1016B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 124B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
x64__setup__build_18957/spoolss/stobject.dll
.dll windows:10 windows x64 arch:x64

a32fe5a1034152935ac210559cf9894f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

stobject.pdb

Imports

msvcrt

memmove
memcpy
_vsnwprintf
memset
__CxxFrameHandler3
_onexit
__dllonexit
_unlock
_lock
__C_specific_handler
_initterm
malloc
free
_amsg_exit
_XcptFilter
wcsncmp
_wtoi
_get_errno
_set_errno
_wcsicmp
memmove_s
memcpy_s
memcmp
wcscmp

shell32

ord25
SHBindToFolderIDListParent
SHBindToObject
SHGetPathFromIDListW
SHCreateItemFromIDList
SHGetKnownFolderPath
ord850
ord102
SHChangeNotifyRegisterThread
Shell_NotifyIconW
ord727
ord19
ord16
SHCreateItemWithParent
SHCreateShellItemArrayFromShellItem
DuplicateIcon
ord68
Shell_NotifyIconGetRect
ord645
ord644
ord155
ord4
ord2
ord89
ord829
ord828
ord100
ShellExecuteExW
Shell_GetCachedImageIndexW
SHEnableServiceObject
SHCreateItemFromParsingName
SHGetIDListFromObject

shlwapi

ord278
ord615
SHSetThreadRef
ord197
StrStrIW
PathIsURLW
PathSkipRootW
PathFindNextComponentW
ord437
ord219
PathParseIconLocationW
PathFileExistsW
SHCreateStreamOnFileEx
PathIsUNCW
StrRetToStrW
ord199
ord176
SHGetThreadRef
ord635
ord260
ord618
ord16

api-ms-win-core-libraryloader-l1-2-0

LoadStringW
FreeResource
DisableThreadLibraryCalls
FreeLibrary
LockResource
GetProcAddress
SizeofResource
GetModuleFileNameA
GetModuleHandleW
LoadResource
GetModuleFileNameW
LoadLibraryExW
GetModuleHandleExW

api-ms-win-core-synch-l1-1-0

AcquireSRWLockShared
CreateEventW
ResetEvent
CreateMutexExW
WaitForMultipleObjectsEx
InitializeCriticalSectionEx
OpenSemaphoreW
WaitForSingleObjectEx
ReleaseSRWLockShared
SetEvent
ReleaseSRWLockExclusive
ReleaseMutex
EnterCriticalSection
WaitForSingleObject
LeaveCriticalSection
ReleaseSemaphore
InitializeCriticalSection
DeleteCriticalSection
CreateSemaphoreExW
AcquireSRWLockExclusive

api-ms-win-core-heap-l1-1-0

HeapAlloc
GetProcessHeap
HeapFree

api-ms-win-core-errorhandling-l1-1-0

SetLastError
SetUnhandledExceptionFilter
RaiseException
UnhandledExceptionFilter
GetLastError

api-ms-win-core-processthreads-l1-1-0

GetCurrentThreadId
TerminateProcess
GetCurrentProcess
GetCurrentProcessId
CreateProcessW

api-ms-win-core-localization-l1-2-0

FindNLSStringEx
GetFileMUIPath
GetLocaleInfoW
FormatMessageW

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
DebugBreak
IsDebuggerPresent

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-com-l1-1-0

CoReleaseMarshalData
CoGetInterfaceAndReleaseStream
CoTaskMemRealloc
CoInitializeEx
CLSIDFromString
CoCreateInstance
StringFromGUID2
CoTaskMemAlloc
CoGetMalloc
CoWaitForMultipleHandles
CoGetApartmentType
StringFromCLSID
CoUninitialize
CoMarshalInterThreadInterfaceInStream
PropVariantClear
CoTaskMemFree

api-ms-win-core-heap-l2-1-0

LocalAlloc
LocalFree

api-ms-win-core-registry-l1-1-0

RegCloseKey
RegEnumKeyExW
RegGetValueW
RegOpenKeyExW
RegQueryValueExW
RegSetValueExW
RegQueryInfoKeyW
RegLoadMUIStringW
RegCreateKeyExW

api-ms-win-core-util-l1-1-0

EncodePointer
DecodePointer

api-ms-win-core-file-l1-1-0

CreateFileW

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW
FindResourceW

api-ms-win-core-sysinfo-l1-1-0

GetSystemDirectoryW
GetSystemTimeAsFileTime
GetVersionExW
GetTickCount
GetTickCount64

api-ms-win-core-winrt-string-l1-1-0

WindowsCreateStringReference

api-ms-win-core-threadpool-l1-2-0

WaitForThreadpoolTimerCallbacks
CreateThreadpoolTimer
SetThreadpoolTimer
CloseThreadpoolTimer

api-ms-win-core-io-l1-1-0

DeviceIoControl
GetOverlappedResult

api-ms-win-core-io-l1-1-1

CancelIo

api-ms-win-devices-config-l1-1-1

CM_Get_Device_Interface_List_SizeW
CM_Get_Device_Interface_ListW

api-ms-win-core-synch-l1-2-0

SleepConditionVariableSRW
WakeAllConditionVariable
InitOnceBeginInitialize
InitOnceComplete
Sleep

api-ms-win-core-winrt-l1-1-0

RoActivateInstance
RoGetActivationFactory

api-ms-win-core-winrt-error-l1-1-0

SetRestrictedErrorInfo

api-ms-win-core-winrt-error-l1-1-1

RoGetMatchingRestrictedErrorInfo

api-ms-win-power-base-l1-1-0

GetPwrCapabilities

api-ms-win-power-setting-l1-1-0

PowerSetActiveScheme
PowerReadACValue
PowerReadDCValue
PowerGetActiveScheme

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW

api-ms-win-core-string-l1-1-0

CompareStringOrdinal

api-ms-win-core-registry-l1-1-1

RegSetKeyValueW

api-ms-win-core-path-l1-1-0

PathCchRemoveFileSpec

api-ms-win-core-com-l1-1-1

RoGetAgileReference

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlCaptureContext
RtlVirtualUnwind

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

wmiclnt

WmiReceiveNotificationsW
WmiCloseBlock
WmiOpenBlock

devobj

DevObjDestroyDeviceInfoList
DevObjGetClassDevs
DevObjCreateDeviceInfoList

api-ms-win-devices-query-l1-1-0

DevCreateObjectQuery
DevFindProperty
DevFreeObjectProperties
DevFreeObjects
DevCloseObjectQuery
DevGetObjectProperties
DevGetObjects

api-ms-win-core-atoms-l1-1-0

AddAtomW

api-ms-win-core-sidebyside-l1-1-0

CreateActCtxW
ReleaseActCtx
ActivateActCtx
DeactivateActCtx

api-ms-win-security-lsalookup-l1-1-1

GetDefaultIdentityProvider
GetIdentityProviderInfoByGUID
ReleaseIdentityProviderEnumContext
EnumerateIdentityProviders

api-ms-win-core-kernel32-legacy-l1-1-0

UnregisterWait
RegisterWaitForSingleObject
MulDiv

api-ms-win-core-kernel32-legacy-l1-1-5

SetThreadExecutionState

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpiW
lstrcmpW

api-ms-win-core-localization-obsolete-l1-2-0

GetUserDefaultUILanguage

api-ms-win-core-threadpool-legacy-l1-1-0

UnregisterWaitEx
QueueUserWorkItem

api-ms-win-shcore-thread-l1-1-0

SetProcessReference
GetProcessReference

api-ms-win-shcore-scaling-l1-1-2

GetDpiForShellUIComponent

ntdll

NtClose
NtQueryInformationToken
NtOpenProcessToken
RtlCheckPortableOperatingSystem
EtwUnregisterTraceGuids
EtwRegisterTraceGuidsW
EtwGetTraceEnableFlags
EtwGetTraceEnableLevel
EtwGetTraceLoggerHandle
WinSqmIncrementDWORD
RtlUnsubscribeWnfNotificationWaitForCompletion
NtOpenThreadToken
RtlQueryWnfStateData
RtlNtStatusToDosError
RtlUnicodeStringToInteger
RtlInitUnicodeStringEx
NtPowerInformation
WinSqmEventEnabled
WinSqmAddToStream
EtwEventActivityIdControl
NtQuerySystemInformation
EtwEventWriteTransfer
EtwEventSetInformation
EtwTraceMessage
EtwEventUnregister
EtwEventRegister
RtlSubscribeWnfStateChangeNotification

cfgmgr32

CM_Is_Dock_Station_Present_Ex

kernel32

GetPackagesByPackageFamily

powrprof

PowerReadFriendlyName
PowerReadDescription
PowerReadDCDefaultIndex
PowerSettingAccessCheck
PowerDeterminePlatformRole

propsys

VariantToBuffer
PSPropertyBag_WriteGUID
PSPropertyBag_ReadGUID
PropVariantToUInt32
PSCreateMemoryPropertyStore

gdi32

CreateDIBSection
CreateBitmap
DeleteObject
GetObjectW
DeleteDC
GetPixel
SetPixel
CreateCompatibleDC
SelectObject
BitBlt
GetDeviceCaps

user32

GetSystemMetricsForDpi
LoadImageW
RegisterWindowMessageW
SystemParametersInfoW
CreateIconIndirect
DestroyIcon
GetIconInfo
DeregisterShellHookWindow
RegisterShellHookWindow
IsSETEnabled
IsDialogMessageW
LoadIconW
GetSystemMetrics
InsertMenuItemW
SetMenuDefaultItem
AppendMenuW
PostMessageW
GetMessageW
CreatePopupMenu
SetForegroundWindow
PostThreadMessageW
TrackPopupMenu
PostQuitMessage
SetCursor
SendMessageCallbackW
GetWindowLongPtrW
DestroyMenu
DispatchMessageW
TranslateMessage
PeekMessageW
MsgWaitForMultipleObjectsEx
CalculatePopupWindowPosition
InflateRect
GetWindowRect
AdjustWindowRectEx
SetWindowLongPtrW
ReleaseDC
SetTimer
KillTimer
SetWindowPos
SendMessageW
IsWindowVisible
GetDoubleClickTime
DefWindowProcW
GetMenuItemInfoW
CreateWindowExW
DeleteMenu
InsertMenuW
GetMenuItemCount
TrackPopupMenuEx
RegisterDeviceNotificationW
UnregisterDeviceNotification
RegisterPowerSettingNotification
UnregisterPowerSettingNotification
ShowWindow
FindWindowW
GetWindowBand
GetDesktopWindow
GetDC
SendNotifyMessageW
SetWindowTextW
CreateWindowInBand
RegisterClassExW
LoadCursorW
DestroyWindow
NotifyWinEvent

api-ms-win-stateseparation-helpers-l1-1-0

GetPersistedRegistryLocationW

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-processthreads-l1-1-1

GetProcessMitigationPolicy

Exports

Exports

DllCanUnloadNow
DllGetClassObject

Sections

.text
Size: 214KB - Virtual size: 214KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 71KB - Virtual size: 71KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
x64__setup__build_18957/sysmain/devobj.dll
.dll windows:10 windows x64 arch:x64

61e1dcbf3466a7ea64f08a5b873582f8

Code Sign

33:00:00:03:3c:89:c6:6a:7b:45:bb:1f:bd:00:00:00:00:03:3c
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

02/09/2021, 18:23

Not After

01/09/2022, 18:23

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

d0:bf:0b:48:00:6a:27:18:b0:e0:64:23:14:89:4b:37:40:d4:59:a0:37:46:2a:51:54:e5:b3:23:e9:45:d2:6c
Signer

Actual PE Digest

d0:bf:0b:48:00:6a:27:18:b0:e0:64:23:14:89:4b:37:40:d4:59:a0:37:46:2a:51:54:e5:b3:23:e9:45:d2:6c

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

devobj.pdb

Imports

api-ms-win-crt-runtime-l1-1-0

_initterm
_initterm_e

api-ms-win-crt-private-l1-1-0

_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__resetstkoflw
_o__seh_filter_dll
_o__wcsicmp
_o_toupper
_o__execute_onexit_table
_o___stdio_common_vswprintf
_o___stdio_common_vsprintf
_o___std_type_info_destroy_list
wcsrchr
wcschr
_o__configure_narrow_argv
_o__cexit
__C_specific_handler
memcmp
memmove
memcpy

api-ms-win-crt-string-l1-1-0

memset

ntdll

NtDeleteValueKey
RtlGetVersion
RtlNtStatusToDosError
NtQuerySystemInformation
RtlNtStatusToDosErrorNoTeb
RtlFormatCurrentUserKeyPath
RtlFreeUnicodeString
NtOpenKey
NtCreateKey
NtQueryInformationFile
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
NtClose
RtlCompareUnicodeString
NtQueryDirectoryObject
NtQueryObject
NtOpenDirectoryObject
RtlInitUnicodeString
EtwTraceMessage
NtQueryValueKey
NtSetValueKey
NtSetInformationFile
RtlGUIDFromString
RtlInitUnicodeStringEx

api-ms-win-core-errorhandling-l1-1-0

GetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter
SetLastError
RaiseException

api-ms-win-core-synch-l1-1-0

SetEvent
WaitForSingleObjectEx
WaitForSingleObject
WaitForMultipleObjectsEx
ReleaseMutex
SleepEx
CreateMutexW
CreateEventW

api-ms-win-devices-config-l1-1-1

CM_Set_Class_Registry_PropertyW
CM_MapCrToWin32Err
CM_Get_Device_IDW
CM_Get_DevNode_Status
CM_Set_DevNode_PropertyW
CM_Get_Class_Registry_PropertyW
CM_Get_DevNode_PropertyW

api-ms-win-core-registry-l1-1-0

RegCloseKey
RegOpenKeyExW
RegQueryValueExW
RegEnumKeyExW
RegSetValueExW

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-libraryloader-l1-2-0

GetProcAddress
LoadLibraryExW
DisableThreadLibraryCalls
GetModuleFileNameA
FreeLibrary

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcessId
GetCurrentProcess
TerminateProcess
GetCurrentThreadId

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetLocalTime
GetSystemTimeAsFileTime
GetSystemWindowsDirectoryW
GetTickCount

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpiW

cfgmgr32

CM_Register_Device_Interface_ExW
CM_Get_DevNode_Property_ExW
CM_Get_First_Log_Conf_Ex
CM_Get_Next_Res_Des_Ex
CM_Connect_MachineW
CM_Enumerate_Classes_Ex
CM_Get_Class_Name_ExW
CM_Disconnect_Machine
CM_Get_Res_Des_Data_Size_Ex
CM_Locate_DevNode_ExW
CM_Create_DevNode_ExW
CM_Set_DevNode_Property_ExW
CM_Uninstall_DevNode_Ex
CM_Get_Device_Interface_List_ExW
CM_Get_Device_ID_List_ExW
CM_Get_Device_Interface_List_Size_ExW
CM_Get_Device_ID_List_Size_ExW
CM_Get_Class_Property_ExW
CM_Get_Res_Des_Data_Ex
CM_Delete_Device_Interface_Key_ExW
CM_Open_Device_Interface_Key_ExW
CM_Delete_DevNode_Key_Ex
CM_Get_Class_Property_Keys_Ex
CM_Set_Device_Interface_Property_ExW
CM_Get_Device_Interface_Property_ExW
CM_Get_Device_Interface_Property_Keys_ExW
CM_Get_DevNode_Property_Keys_Ex
CM_Set_DevNode_Registry_Property_ExW
CM_Get_DevNode_Registry_Property_ExW
CM_Open_DevNode_Key_Ex
CM_Disable_DevNode_Ex
CM_Set_HW_Prof_Flags_ExW
CM_Get_HW_Prof_Flags_ExW
CM_Enable_DevNode_Ex
CM_Setup_DevNode_Ex
CM_Query_And_Remove_SubTree_ExW
CM_Get_DevNode_Status_Ex
CM_Set_DevNode_Problem_Ex
CM_Open_Class_Key_ExW
CM_Unregister_Device_Interface_ExW
CM_Get_Parent_Ex
CM_Get_Device_Interface_Alias_ExW
CM_Get_Device_ID_ExW
CM_Get_Device_ID_Size_Ex
CM_Free_Log_Conf_Handle
CM_Free_Res_Des_Handle
CM_Set_Class_Property_ExW

api-ms-win-devices-query-l1-1-0

DevCloseObjectQuery
DevCreateObjectQuery

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW
GetCommandLineA

api-ms-win-core-localization-l1-2-0

LCMapStringW
GetThreadLocale

api-ms-win-core-string-l1-1-0

CompareStringOrdinal
WideCharToMultiByte

api-ms-win-core-memory-l1-1-0

UnmapViewOfFile
MapViewOfFile
CreateFileMappingW

api-ms-win-core-file-l1-1-0

WriteFile
GetFileSize
FindNextFileW
CreateDirectoryW
FileTimeToLocalFileTime
SetFileAttributesW
FindClose
CreateFileW
SetFilePointer
GetFullPathNameW
SetEndOfFile
GetFileInformationByHandle
FlushFileBuffers
GetFileAttributesW
FindFirstFileW
DeleteFileW

api-ms-win-core-timezone-l1-1-0

FileTimeToSystemTime

api-ms-win-core-file-l2-1-0

MoveFileExW
CreateHardLinkW

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapReAlloc
HeapAlloc
HeapFree

api-ms-win-core-io-l1-1-0

DeviceIoControl

api-ms-win-security-base-l1-1-0

AllocateAndInitializeSid
CheckTokenMembership
FreeSid

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

DevObjBuildClassInfoList
DevObjChangeState
DevObjClassGuidsFromName
DevObjClassNameFromGuid
DevObjCreateClassDeviceInfoList
DevObjCreateDevRegKey
DevObjCreateDeviceInfo
DevObjCreateDeviceInfoList
DevObjCreateDeviceInterface
DevObjCreateDeviceInterfaceRegKey
DevObjDeleteAllInterfacesForDevice
DevObjDeleteDevRegKey
DevObjDeleteDevice
DevObjDeleteDeviceInfo
DevObjDeleteDeviceInterfaceData
DevObjDeleteDeviceInterfaceRegKey
DevObjDestroyDeviceInfoList
DevObjEnumDeviceInfo
DevObjEnumDeviceInterfaces
DevObjGetClassDescription
DevObjGetClassDevs
DevObjGetClassProperty
DevObjGetClassPropertyKeys
DevObjGetClassRegistryProperty
DevObjGetDeviceInfoDetail
DevObjGetDeviceInfoListClass
DevObjGetDeviceInfoListDetail
DevObjGetDeviceInstanceId
DevObjGetDeviceInterfaceAlias
DevObjGetDeviceInterfaceDetail
DevObjGetDeviceInterfaceProperty
DevObjGetDeviceInterfacePropertyKeys
DevObjGetDeviceProperty
DevObjGetDevicePropertyKeys
DevObjGetDeviceRegistryProperty
DevObjLocateDevice
DevObjOpenClassRegKey
DevObjOpenDevRegKey
DevObjOpenDeviceInfo
DevObjOpenDeviceInterface
DevObjOpenDeviceInterfaceRegKey
DevObjRegisterDeviceInfo
DevObjRemoveDeviceInterface
DevObjRestartDevices
DevObjSetClassProperty
DevObjSetClassRegistryProperty
DevObjSetDeviceInfoDetail
DevObjSetDeviceInterfaceDefault
DevObjSetDeviceInterfaceProperty
DevObjSetDeviceProperty
DevObjSetDeviceRegistryProperty
DevObjUninstallDevice

Sections

.text
Size: 106KB - Virtual size: 106KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 37KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 40B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 328B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
x64__setup__build_18957/sysmain/eapphost.dll
.dll regsvr32 windows:10 windows x64 arch:x64

c1be2869228a9da49ea9511dfcb98eb2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

eapphost.pdb

Imports

msvcrt

__dllonexit
_onexit
??1type_info@@UEAA@XZ
__uncaught_exception
__pctype_func
isupper
islower
abort
memcpy
_CxxThrowException
calloc
realloc
wcsrchr
__RTtypeid
memset
?name@type_info@@QEBAPEBDXZ
_wcsdup
_ismbblead
strcspn
localeconv
??0bad_cast@@QEAA@PEBD@Z
??1bad_cast@@UEAA@XZ
??0bad_cast@@QEAA@AEBV0@@Z
sprintf_s
??0exception@@QEAA@AEBQEBD@Z
_wcsicmp
??0exception@@QEAA@AEBQEBDH@Z
?what@exception@@UEBAPEBDXZ
_wtol
swprintf_s
__crtLCMapStringA
_wsetlocale
___lc_codepage_func
memmove_s
??0exception@@QEAA@AEBV0@@Z
__CxxFrameHandler3
??1exception@@UEAA@XZ
??0exception@@QEAA@XZ
_vsnprintf_s
wcsncpy_s
malloc
free
_lock
___lc_handle_func
?terminate@@YAXXZ
_unlock
___mb_cur_max_func
_vsnwprintf
_vsnprintf
memcmp
memcpy_s
__C_specific_handler
wcscpy_s
_initterm
_purecall
_XcptFilter
memmove
_amsg_exit
setlocale
_errno

ntdll

RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
DbgPrint
EtwTraceMessage
WinSqmSetDWORD
WinSqmAddToStream
EtwEventEnabled
EtwUnregisterTraceGuids
EtwRegisterTraceGuidsW
EtwGetTraceEnableFlags
EtwGetTraceEnableLevel
EtwGetTraceLoggerHandle
EtwEventSetInformation
EtwEventRegister
EtwEventUnregister
EtwEventWriteTransfer

api-ms-win-core-processthreads-l1-1-1

OpenProcess

api-ms-win-core-errorhandling-l1-1-0

RaiseException
SetLastError
GetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter

api-ms-win-core-handle-l1-1-0

CloseHandle
DuplicateHandle
GetHandleInformation

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcess
GetCurrentThreadId
TerminateProcess
GetCurrentProcessId

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-security-base-l1-1-0

ImpersonateLoggedOnUser
RevertToSelf

api-ms-win-security-credentials-l1-1-0

CredDeleteW
CredReadW
CredProtectW
CredFree

api-ms-win-core-synch-l1-1-0

WaitForSingleObjectEx
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
AcquireSRWLockShared
ReleaseSRWLockShared
InitializeCriticalSection
LeaveCriticalSection
ReleaseSemaphore
ReleaseMutex
EnterCriticalSection
CreateSemaphoreExW
OpenSemaphoreW
InitializeCriticalSectionEx
WaitForSingleObject
CreateMutexExW

api-ms-win-core-libraryloader-l1-2-0

GetModuleFileNameW
FreeLibrary
LoadLibraryExW
SizeofResource
GetModuleHandleW
GetProcAddress
FindResourceExW
LoadResource
GetModuleHandleExW
DisableThreadLibraryCalls
GetModuleFileNameA

api-ms-win-core-registry-l1-1-0

RegQueryInfoKeyW
RegSetValueExW
RegDeleteValueW
RegOpenKeyExW
RegEnumKeyExW
RegCloseKey
RegCreateKeyExW
RegLoadMUIStringW
RegQueryValueExW

api-ms-win-core-string-l2-1-0

CharNextW

api-ms-win-core-string-l1-1-0

WideCharToMultiByte
MultiByteToWideChar

rpcrt4

NdrDllCanUnloadNow
NdrCStdStubBuffer_Release
NdrOleAllocate
CStdStubBuffer_Invoke
CStdStubBuffer_QueryInterface
CStdStubBuffer_CountRefs
IUnknown_Release_Proxy
CStdStubBuffer_AddRef
NdrDllGetClassObject
NdrOleFree
NdrDllRegisterProxy
NdrDllUnregisterProxy
CStdStubBuffer_Disconnect
CStdStubBuffer_Connect
CStdStubBuffer_IsIIDSupported
CStdStubBuffer_DebugServerRelease
IUnknown_AddRef_Proxy
IUnknown_QueryInterface_Proxy
CStdStubBuffer_DebugServerQueryInterface

api-ms-win-core-com-midlproxystub-l1-1-0

ObjectStublessClient15
ObjectStublessClient3
ObjectStublessClient16
ObjectStublessClient7
ObjectStublessClient12
ObjectStublessClient5
ObjectStublessClient10
ObjectStublessClient4
ObjectStublessClient9
ObjectStublessClient14
ObjectStublessClient13
ObjectStublessClient6
ObjectStublessClient8
ObjectStublessClient11

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW

api-ms-win-core-heap-l1-1-0

HeapFree
GetProcessHeap
HeapSize
HeapAlloc

api-ms-win-core-debug-l1-1-0

DebugBreak
OutputDebugStringW
OutputDebugStringA
IsDebuggerPresent

api-ms-win-core-threadpool-l1-2-0

CreateThreadpoolTimer
CloseThreadpoolTimer
SetThreadpoolTimer
WaitForThreadpoolTimerCallbacks

api-ms-win-core-heap-l2-1-0

LocalAlloc
LocalFree

api-ms-win-core-sysinfo-l1-1-0

GetSystemDirectoryW
GetTickCount
GetSystemInfo
GetVersionExW
GetSystemTimeAsFileTime

ncrypt

NCryptSetProperty
NCryptFreeObject
NCryptOpenStorageProvider

api-ms-win-core-file-l1-1-0

CreateFileW

api-ms-win-core-memory-l1-1-0

UnmapViewOfFile
CreateFileMappingW
MapViewOfFile

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW

api-ms-win-core-util-l1-1-0

EncodePointer
DecodePointer

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpiW

wkscli

NetGetJoinInformation

netutils

NetApiBufferFree

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
InitializeEapHost
OnSessionChange
StopServiceOnLowPower
UninitializeEapHost

Sections

.text
Size: 227KB - Virtual size: 226KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 92KB - Virtual size: 92KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 168B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
x64__setup__build_18957/sysmain/shacct.dll
.dll windows:10 windows x64 arch:x64

5c5c7769a1a7201d3354124c49ee6806

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

shacct.pdb

Imports

msvcrt

memmove
_onexit
_unlock
malloc
memcpy
_lock
__C_specific_handler
_initterm
_amsg_exit
_XcptFilter
free
_vsnwprintf
_purecall
memcpy_s
wcschr
__CxxFrameHandler3
_callnewh
__dllonexit
memset

shcore

SHCreateThread
ord190
SHEnumKeyExW
ord200
SHStrDupW

api-ms-win-eventing-provider-l1-1-0

EventWriteTransfer
EventSetInformation
EventRegister
EventUnregister

api-ms-win-core-heap-l1-1-0

HeapReAlloc
HeapFree
HeapAlloc
GetProcessHeap

api-ms-win-core-libraryloader-l1-2-0

DisableThreadLibraryCalls

api-ms-win-core-synch-l1-2-0

Sleep
InitOnceExecuteOnce

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcessId
GetCurrentProcess
GetCurrentThreadId
TerminateProcess

api-ms-win-core-sysinfo-l1-1-0

GetComputerNameExW
GetTickCount
GetSystemTimeAsFileTime

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlCaptureContext
RtlLookupFunctionEntry

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetLastError

api-ms-win-security-base-l1-1-0

GetSidSubAuthority
EqualDomainSid
CopySid
CreateWellKnownSid
GetSidSubAuthorityCount
EqualSid
IsValidSid
GetLengthSid

api-ms-win-core-heap-l2-1-0

LocalAlloc
LocalFree

api-ms-win-core-synch-l1-1-0

EnterCriticalSection
CreateEventW
LeaveCriticalSection
DeleteCriticalSection
WaitForSingleObject
InitializeCriticalSection
ResetEvent

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-string-l1-1-0

CompareStringW
CompareStringOrdinal

api-ms-win-core-registry-l1-1-0

RegQueryInfoKeyW
RegGetValueW
RegOpenKeyExW
RegCloseKey
RegEnumValueW

api-ms-win-core-file-l1-1-0

CompareFileTime
GetFileSize
ReadFile
CreateFileW

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW

api-ms-win-core-kernel32-legacy-l1-1-0

GetComputerNameW

api-ms-win-core-shlwapi-obsolete-l1-1-0

QISearch
StrChrW

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpiW

ntdll

RtlInitializeSid
RtlInitUnicodeString
RtlNtStatusToDosError
EtwTraceMessage
RtlSubAuthoritySid
RtlInitString

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

DllCanUnloadNow
DllGetClassObject

Sections

.text
Size: 97KB - Virtual size: 96KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 29KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 1024B - Virtual size: 688B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1016B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 732B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
x64__setup__build_18957/sysmain/sysmain.dll
.dll regsvr32 windows:10 windows x64 arch:x64

089727ae43b1b6b75782a8d9978d03f3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

sysmain.pdb

Imports

msvcrt

wcstok
rand
??1exception@@UEAA@XZ
powf
_onexit
malloc
sqrt
_initterm
_lock
_amsg_exit
_wtof
_wtoi
memmove_s
_unlock
?what@exception@@UEBAPEBDXZ
isprint
??0exception@@QEAA@AEBV0@@Z
iswascii
strcmp
towupper
_wcslwr
wcstoul
tolower
iswspace
wcsncmp
_strupr
??0exception@@QEAA@AEBQEBDH@Z
_wcsupr_s
swscanf_s
wcsstr
_purecall
_wcsnicmp
feof
fgetws
wcschr
strnlen
strchr
free
strstr
_wfopen
_wcsupr
__dllonexit
_callnewh
_XcptFilter
__iob_func
_errno
exp
??0exception@@QEAA@AEBQEBD@Z
log
_wcsicmp
??3@YAXPEAX@Z
srand
memcpy
wcsnlen
bsearch
memmove
qsort
fclose
fopen
fprintf
_vsnprintf
_vsnwprintf
??1type_info@@UEAA@XZ
memset
memcpy_s
memcmp
__C_specific_handler
__CxxFrameHandler3
_CxxThrowException
wcscmp

ntdll

RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
RtlCompareMemory
ZwSetValueKey
ZwClose
ZwQueryValueKey
ZwCreateKey
RtlRandom
RtlInitUnicodeStringEx
RtlFreeUnicodeString
NtReadFile
NtSetInformationFile
RtlRbInsertNodeEx
NtQueryValueKey
RtlGetPersistedStateLocation
RtlRandomEx
RtlImageRvaToVa
RtlImageDirectoryEntryToData
RtlFindClearBitsAndSet
RtlInitializeBitMap
RtlClearBits
NtAllocateVirtualMemory
RtlFindLastBackwardRunClear
NtFreeVirtualMemory
NtSetInformationProcess
NtQueryDirectoryFile
RtlFreeHeap
RtlDosPathNameToNtPathName_U
NtCreateKey
NtQueryInformationThread
RtlQueryWnfStateData
RtlDecompressBufferEx
RtlRbRemoveNode
RtlCompressBuffer
RtlGetCompressionWorkSpaceSize
NtSetInformationThread
NtQueryInformationProcess
RtlQueryPackageIdentity
NtEnumerateValueKey
NtQueryVirtualMemory
NtDeleteKey
NtOpenFile
NtCreateFile
NtQueryObject
NtQueryVolumeInformationFile
RtlAreBitsClear
RtlRaiseException
RtlFindClearBits
RtlSetAllBits
RtlFindSetBits
RtlInterlockedSetBitRun
RtlNumberOfClearBitsInRange
RtlAreBitsSet
ZwAllocateVirtualMemory
ZwFreeVirtualMemory
RtlNumberOfSetBits
RtlSetBits
RtlTestBit
RtlClearAllBits
RtlNumberOfSetBitsInRange
RtlGetSuiteMask
NtQueryLicenseValue
NtQueryInformationFile
RtlGetVersion
RtlImageNtHeader
NtDeviceIoControlFile
NtPowerInformation
RtlInitUnicodeString
RtlUpcaseUnicodeString
RtlUpcaseUnicodeChar
NtOpenEvent
NtOpenKey
NtQuerySystemInformation
RtlComputeCrc32
NtSetSystemInformation
RtlReleaseSRWLockShared
RtlAcquireSRWLockShared
RtlInitializeSRWLock
RtlAcquireSRWLockExclusive
RtlReleaseSRWLockExclusive
RtlNtStatusToDosError
NtClose
RtlQueryResourcePolicy

api-ms-win-core-synch-l1-1-0

ReleaseSemaphore
CreateMutexExW
AcquireSRWLockShared
InitializeCriticalSectionEx
CreateEventW
CreateSemaphoreExW
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
WaitForSingleObjectEx
CreateWaitableTimerExW
EnterCriticalSection
WaitForSingleObject
ReleaseSRWLockShared
DeleteCriticalSection
SetEvent
ReleaseMutex
OpenSemaphoreW
WaitForMultipleObjectsEx
LeaveCriticalSection
ResetEvent
InitializeCriticalSection

api-ms-win-core-registry-l1-1-0

RegGetValueW
RegDeleteTreeW
RegEnumKeyExW
RegCopyTreeW
RegCreateKeyExW
RegDeleteValueW
RegCloseKey
RegOpenKeyExW
RegQueryInfoKeyW
RegEnumValueW
RegSetValueExW
RegEnumValueA
RegQueryValueExW

api-ms-win-eventing-provider-l1-1-0

EventUnregister
EventWrite
EventWriteTransfer
EventEnabled
EventSetInformation
EventRegister

api-ms-win-core-synch-l1-2-0

Sleep
InitOnceExecuteOnce

api-ms-win-core-errorhandling-l1-1-0

SetLastError
GetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter

api-ms-win-core-libraryloader-l1-2-0

GetModuleFileNameW
SizeofResource
FreeLibraryAndExitThread
LoadResource
GetModuleHandleW
FreeLibrary
LockResource
LoadLibraryExW
GetModuleHandleExW
GetProcAddress
GetModuleFileNameA
DisableThreadLibraryCalls
LoadStringW

api-ms-win-core-handle-l1-1-0

CloseHandle
DuplicateHandle

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
OutputDebugStringW
OutputDebugStringA
DebugBreak

api-ms-win-core-sysinfo-l1-1-0

GetLocalTime
GetTickCount
GetSystemWindowsDirectoryW
GetSystemTime
GetSystemDirectoryW
GetSystemTimeAsFileTime
GetWindowsDirectoryW
GetTickCount64

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW
LoadLibraryA
FindResourceW

api-ms-win-core-processthreads-l1-1-0

OpenThread
TerminateProcess
GetCurrentProcess
OpenProcessToken
GetCurrentProcessId
OpenThreadToken
CreateThread
GetCurrentThread
SetThreadPriority
GetExitCodeProcess
CreateProcessW
GetCurrentThreadId
ResumeThread
GetThreadPriority

api-ms-win-core-heap-l2-1-0

LocalFree

api-ms-win-core-memory-l1-1-0

CreateFileMappingW
VirtualProtect
UnmapViewOfFile
VirtualFree
FlushViewOfFile
MapViewOfFile
VirtualAlloc

api-ms-win-core-processthreads-l1-1-1

OpenProcess

api-ms-win-security-base-l1-1-0

CheckTokenMembership
RevertToSelf
AdjustTokenPrivileges
DuplicateTokenEx
ImpersonateSelf
GetTokenInformation
EqualSid
IsValidSid
ImpersonateLoggedOnUser
FreeSid
GetLengthSid
InitializeAcl
AddAccessAllowedAceEx
CopySid
AllocateAndInitializeSid

api-ms-win-core-file-l1-1-0

GetFileTime
GetFullPathNameW
SetFilePointer
FindFirstVolumeW
GetFileSizeEx
FindVolumeClose
ReadFile
FindNextVolumeW
QueryDosDeviceW
FileTimeToLocalFileTime
GetFileSize
LocalFileTimeToFileTime
FlushFileBuffers
SetEndOfFile
SetFileAttributesW
SetFilePointerEx
GetFileAttributesW
CreateFileW
FindClose
GetFinalPathNameByHandleW
WriteFile
FindNextFileW
CompareFileTime
DeleteFileW
FindFirstFileW
FindFirstFileExW
SetFileInformationByHandle

api-ms-win-core-heap-l1-1-0

HeapFree
GetProcessHeap
HeapAlloc
HeapDestroy
HeapCreate

api-ms-win-core-string-l1-1-0

WideCharToMultiByte
MultiByteToWideChar

api-ms-win-core-profile-l1-1-0

QueryPerformanceFrequency
QueryPerformanceCounter

api-ms-win-core-timezone-l1-1-0

SystemTimeToFileTime
FileTimeToSystemTime

api-ms-win-core-synch-l1-2-1

WaitForMultipleObjects

api-ms-win-core-io-l1-1-0

DeviceIoControl
GetOverlappedResult

api-ms-win-core-psapi-l1-1-0

QueryFullProcessImageNameW

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW

api-ms-win-eventing-classicprovider-l1-1-0

RegisterTraceGuidsW
UnregisterTraceGuids
GetTraceLoggerHandle
GetTraceEnableFlags
GetTraceEnableLevel
TraceEvent

api-ms-win-devices-config-l1-1-1

CM_Get_Device_Interface_ListW
CM_Get_Device_Interface_List_SizeW

api-ms-win-core-threadpool-l1-2-0

CloseThreadpoolTimer
CreateThreadpoolWait
SetThreadpoolTimer
SetThreadpoolWait
CreateThreadpoolTimer
CallbackMayRunLong
WaitForThreadpoolTimerCallbacks
CloseThreadpoolWait
WaitForThreadpoolWaitCallbacks

api-ms-win-core-file-l1-2-0

GetVolumePathNamesForVolumeNameW

api-ms-win-eventing-controller-l1-1-0

ControlTraceW

rpcrt4

RpcBindingSetAuthInfoExW
RpcStringBindingParseW
RpcBindingFromStringBindingW
RpcBindingFree
NdrClientCall3
RpcStringBindingComposeW
RpcServerUseProtseqEpW
RpcImpersonateClient
RpcRevertToSelf
NdrServerCall2
RpcBindingVectorFree
RpcStringFreeW
RpcServerUnregisterIfEx
NdrServerCallAll
RpcBindingToStringBindingW
RpcServerRegisterIf3
RpcServerRegisterAuthInfoW
RpcEpUnregister
RpcServerInqBindings
RpcEpRegisterW

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-io-l1-1-1

CancelIo

api-ms-win-eventing-consumer-l1-1-0

OpenTraceW
ProcessTrace
CloseTrace

api-ms-win-core-datetime-l1-1-0

GetDateFormatW
GetTimeFormatW

api-ms-win-core-file-l2-1-0

MoveFileExW

api-ms-win-core-kernel32-legacy-l1-1-0

GetSystemPowerStatus
WTSGetActiveConsoleSessionId

api-ms-win-core-sidebyside-l1-1-0

DeactivateActCtx
FindActCtxSectionStringW
ActivateActCtx
CreateActCtxW
QueryActCtxW

umpdc

PdcActivationClientRegister
PdcActivationClientUnregister
PdcActivationClientActivityRequest

powrprof

PowerSettingRegisterNotificationEx
PowerClearUserAwayPrediction
PowerSetUserAwayPrediction

api-ms-win-core-psm-key-l1-1-0

PsmGetPackageFullNameFromKey
PsmGetApplicationNameFromKey

api-ms-win-core-featurestaging-l1-1-0

UnsubscribeFeatureStateChangeNotification
SubscribeFeatureStateChangeNotification

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

Exports

Exports

AgGlLoad
AgPdLoad
AgTwLoad
CloseReadyBoostPerfData
CollectReadyBoostPerfData
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
GetProviderClassID
MI_Main
OpenReadyBoostPerfData
PfSvSysprepCleanup
PfSvUnattendCallback
PfSvWsSwapAssessmentTask
SysMtServiceMain

Sections

.text
Size: 786KB - Virtual size: 785KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 114KB - Virtual size: 113KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 1024B - Virtual size: 696B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 42KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.rdata Size: 512B - Virtual size: 176B

.rsrc Size: 8KB - Virtual size: 8KB

26cecc77a14868febc547a3a952471c1

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

advapi32

kernel32

user32

msvcrt

ntdll

ole32

actionqueue

unattend

wdscore

shlwapi

oleaut32

comctl32

setupapi

rpcrt4

xmllite

Exports

Exports

Sections

.text Size: 607KB - Virtual size: 607KB

.rdata Size: 632KB - Virtual size: 632KB

.data Size: 37KB - Virtual size: 39KB

.pdata Size: 29KB - Virtual size: 28KB

.rsrc Size: 28KB - Virtual size: 28KB

.reloc Size: 9KB - Virtual size: 8KB

7dcc2d309d96727b06e1bbb65b6597f9

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

rpcrt4

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-winrt-string-l1-1-0

api-ms-win-core-com-midlproxystub-l1-1-0

oleaut32

api-ms-win-core-synch-l1-2-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-core-rtlsupport-l1-1-0

api-ms-win-core-errorhandling-l1-1-0

Exports

Exports

Sections

.text Size: 5KB - Virtual size: 5KB

.rdata Size: 30KB - Virtual size: 29KB

.data Size: 512B - Virtual size: 1KB

.pdata Size: 512B - Virtual size: 264B

.rsrc Size: 1024B - Virtual size: 1000B

.reloc Size: 2KB - Virtual size: 1KB

9285e8e2dcde852bfe955deee3b50adb

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

kernel32

user32

advapi32

ntdll

Exports

.rdata
Size: 512B - Virtual size: 176B

.rsrc
Size: 8KB - Virtual size: 8KB

.text
Size: 607KB - Virtual size: 607KB

.rdata
Size: 632KB - Virtual size: 632KB

.data
Size: 37KB - Virtual size: 39KB

.pdata
Size: 29KB - Virtual size: 28KB

.rsrc
Size: 28KB - Virtual size: 28KB

.reloc
Size: 9KB - Virtual size: 8KB

.text
Size: 5KB - Virtual size: 5KB

.rdata
Size: 30KB - Virtual size: 29KB

.data
Size: 512B - Virtual size: 1KB

.pdata
Size: 512B - Virtual size: 264B

.rsrc
Size: 1024B - Virtual size: 1000B

.reloc
Size: 2KB - Virtual size: 1KB

.text
Size: 60KB - Virtual size: 60KB

.rdata
Size: 7KB - Virtual size: 7KB

.data
Size: 512B - Virtual size: 1KB

.pdata
Size: 2KB - Virtual size: 2KB

.rsrc
Size: 1024B - Virtual size: 1008B

.reloc
Size: 512B - Virtual size: 188B

.text
Size: 184KB - Virtual size: 183KB

.rdata
Size: 77KB - Virtual size: 77KB

.data
Size: 512B - Virtual size: 2KB

.pdata
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 320B