x64__installer__x32_[.]zip

Sharing

Copy URL

Twitter E-mail

General

Target

x64__installer__x32_.zip
Size

32.3MB
MD5

0ab6c2f7ce97d542d26decc1446a1c88
SHA1

50f05bbf77a3da7c8c11a73f4da1e70ce463361c
SHA256

eeb937e60cd44b94c9367e4ae66aa6ee0e73f406e9d4c62d783f85de5d2d9654
SHA512

f43ccef39755848827c8c2da810f070a9e037990c98cb3fd0e2e69a4daf196dcfe043f59f21196005f6aa078d4cf27f8513c20ce38cdcbbf17cddd433688d005
SSDEEP

786432:wW9buw7rJmfRZYu9pHel0oXaowsC17TGrFgQ3pe3MEYd/UZNdTs:w5/HmjwnKruQZecZMds

Score

3^/10

Malware Config

Signatures

Unsigned PE 15 IoCs

Checks for missing Authenticode signature.

resource
unpack001/aadtb/DXP.dll
unpack001/aadtb/aadtb.dll
unpack001/aadtb/cabview.dll
unpack001/aadtb/kbd103.dll
unpack001/ppcsnap/filemgmt.dll
unpack001/ppcsnap/htui.dll
unpack001/ppcsnap/mssph.dll
unpack001/ppcsnap/ppcsnap.dll
unpack001/srclient/ReInfo.dll
unpack001/srclient/srclient.dll
unpack001/srclient/usoapi.dll
unpack001/srcore/SettingsHandlers_Region.dll
unpack001/srcore/networkhelper.dll
unpack001/srcore/srcore.dll
unpack001/srcore/uireng.dll

Files

x64__installer__x32_.zip
.zip
aadtb/DXP.dll
.dll regsvr32 windows:10 windows x64 arch:x64

e3713153bb210e0fb2e92eb8ba18ed10

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

DXP.pdb

Imports

msvcrt

iswspace
_unlock
memcpy_s
_vsnprintf_s
__dllonexit
_onexit
_wcsicmp
memcmp
_callnewh
floorf
memset
_wcsnicmp
malloc
_purecall
free
_vsnwprintf
__C_specific_handler
_XcptFilter
_amsg_exit
__CxxFrameHandler3
_initterm
?terminate@@YAXXZ
_errno
memcpy
realloc
memmove_s
_lock
wcscmp

api-ms-win-eventing-provider-l1-1-0

EventRegister
EventWriteTransfer
EventUnregister

api-ms-win-eventing-classicprovider-l1-1-0

RegisterTraceGuidsW
GetTraceEnableFlags
GetTraceEnableLevel
GetTraceLoggerHandle
TraceMessage
UnregisterTraceGuids

api-ms-win-core-libraryloader-l1-2-0

LoadLibraryExW
LockResource
LoadResource
GetModuleFileNameW
GetProcAddress
DisableThreadLibraryCalls
LoadLibraryExA
SizeofResource
LoadStringW
GetModuleHandleExW
FreeLibrary

api-ms-win-core-com-l1-1-0

CoTaskMemAlloc
CoCreateGuid
CoMarshalInterThreadInterfaceInStream
CoUnmarshalInterface
PropVariantClear
CoUninitialize
CoWaitForMultipleHandles
CoInitializeEx
CoTaskMemFree
CoCreateInstance
StringFromGUID2
PropVariantCopy

api-ms-win-core-localization-l1-2-0

LCMapStringW

api-ms-win-core-errorhandling-l1-1-0

RaiseException
GetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter

api-ms-win-core-synch-l1-1-0

EnterCriticalSection
InitializeCriticalSection
ResetEvent
SetEvent
CreateEventW
WaitForSingleObject
LeaveCriticalSection
ReleaseSRWLockExclusive
DeleteCriticalSection
AcquireSRWLockExclusive

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcessId
GetCurrentThreadId
GetCurrentProcess
TerminateProcess

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-string-l1-1-0

CompareStringOrdinal

api-ms-win-core-heap-l1-1-0

HeapFree
HeapAlloc
GetProcessHeap

oleaut32

SysAllocString
VariantInit
VariantClear
SysFreeString
SysAllocStringLen

api-ms-win-core-heap-l2-1-0

LocalFree
LocalAlloc

rpcrt4

UuidFromStringW

api-ms-win-core-registry-l1-1-1

RegSetKeyValueW

api-ms-win-core-registry-l1-1-0

RegOpenKeyExW
RegCloseKey
RegQueryValueExW
RegEnumValueW
RegQueryInfoKeyW

api-ms-win-core-sysinfo-l1-2-0

GetNativeSystemInfo

api-ms-win-core-file-l1-1-0

CreateFileW

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW

api-ms-win-core-libraryloader-l1-2-1

FindResourceW

api-ms-win-core-memory-l1-1-0

VirtualAlloc
VirtualFree

api-ms-win-core-util-l1-1-0

EncodePointer
DecodePointer

api-ms-win-core-processthreads-l1-1-1

FlushInstructionCache

api-ms-win-core-interlocked-l1-1-0

InterlockedPopEntrySList
InterlockedPushEntrySList

api-ms-win-core-synch-l1-2-0

Sleep
SleepConditionVariableSRW
WakeAllConditionVariable

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlVirtualUnwind
RtlCaptureContext

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount

api-ms-win-core-debug-l1-1-0

OutputDebugStringA

api-ms-win-core-shlwapi-legacy-l1-1-0

PathFindExtensionW
PathParseIconLocationW

gdi32

GetStockObject
GetDeviceCaps
DeleteObject
SelectObject
GetTextExtentPoint32W
ExcludeClipRect
CreateSolidBrush
Rectangle
CreatePen

kernel32

InitOnceBeginInitialize
ReleaseSRWLockShared
CreateThreadpoolTimer
OpenSemaphoreW
InitializeCriticalSectionEx
AcquireSRWLockShared
WaitForSingleObjectEx
CloseThreadpoolTimer
WaitForThreadpoolTimerCallbacks
InitOnceComplete
ReleaseMutex
ReleaseSemaphore
SetLastError
OutputDebugStringW
IsDebuggerPresent
DebugBreak
GetModuleFileNameA
FormatMessageW
DeactivateActCtx
ActivateActCtx
ReleaseActCtx
CreateActCtxW
GetModuleHandleW
CreateMutexExW
CreateSemaphoreExW
SetThreadpoolTimer

ntdll

EtwEventRegister
EtwEventUnregister
EtwEventSetInformation
EtwEventWriteTransfer
WinSqmAddToStream
WinSqmSetDWORD
WinSqmEndSession
WinSqmStartSession
WinSqmIsOptedIn
EtwLogTraceEvent

shell32

ord155
SHGetPropertyStoreForWindow
ord71
ord153
ord25
ord256
SHCreateShellItemArrayFromDataObject
SHCreateItemFromIDList
ord18
SHChangeNotify
ShellExecuteW
ord19
SHCreateDefaultContextMenu
SHCreateDefaultExtractIcon
AssocCreateForClasses
SHGetNameFromIDList
ord152
ord67
ord6
ord16
SHGetIDListFromObject
ord265
SHParseDisplayName
SHBindToObject
ShellExecuteExW
SHCreateDirectoryExW
SHGetKnownFolderPath
ord264
SHCreateDataObject

shlwapi

SHStrDupW
ord615
ord199
ord176
StrCmpNW
ord168
ord204
ord256
ord156
ord174
ord158
StrStrW
ord12
ord172
ord538
ord618
ord278
ord24
ord215
StrCmpIW
ord514
ord219

user32

DrawEdge
GetDlgItem
GetWindowTextW
SetWindowTextW
GetSysColorBrush
FillRect
GetWindowRect
WindowFromDC
MapWindowPoints
GetParent
GetComboBoxInfo
EnableWindow
SetWindowPos
CallWindowProcW
RemoveMenu
GetSubMenu
LoadMenuW
EndDialog
DestroyIcon
ReleaseDC
GetDC
DefWindowProcW
GetWindowLongPtrW
PeekMessageW
RegisterDeviceNotificationW
CreateWindowExW
RegisterClassExW
UnregisterClassW
UnregisterDeviceNotification
GetClientRect
IsWindow
GetSystemMetrics
DialogBoxParamW
SetMenuDefaultItem
DestroyMenu
SetMenuItemInfoW
DeleteMenu
AllowSetForegroundWindow
SetWindowLongPtrW
PostMessageW
GetFocus
DestroyWindow
UnregisterClassA
ShowWindow
SendMessageW
SystemParametersInfoW
GetSysColor
DrawTextW

uxtheme

BufferedPaintInit
CloseThemeData
BufferedPaintUnInit
SetWindowTheme
DrawThemeText
DrawThemeBackground
GetThemeBackgroundContentRect
EndBufferedPaint
BeginBufferedPaint
OpenThemeData

setupapi

SetupDiGetDevicePropertyW
SetupDiOpenDeviceInterfaceW
SetupDiGetDeviceInterfaceAlias
SetupDiDestroyDeviceInfoList
SetupDiDeleteDeviceInterfaceData
SetupDiCreateDeviceInfoList
SetupDiGetDeviceInterfaceDetailW

shdocvw

DllRegisterWindowClasses

propsys

PropVariantToStringAlloc
PSGetPropertyDescriptionListFromString
PSPropertyBag_WriteBOOL
PSPropertyBag_WriteUnknown
PSPropertyBag_ReadUnknown
PSFormatForDisplay
PropVariantToBoolean
PropVariantCompareEx
VariantToInt32
VariantToBoolean
PSPropertyBag_WriteStr
PSPropertyBag_WriteDWORD
PSPropertyBag_ReadStrAlloc
PSCreateMemoryPropertyStore
InitPropVariantFromCLSID
PropVariantToGUID
PropVariantToString
PSGetPropertyFromPropertyStorage
PSGetPropertyDescription
PropVariantToVariant
PSPropertyBag_ReadStr
InitPropVariantFromBuffer

api-ms-win-devices-query-l1-1-0

DevGetObjectProperties
DevFreeObjectProperties
DevFindProperty

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 227KB - Virtual size: 226KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 84KB - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 172KB - Virtual size: 171KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
aadtb/aadtb.dll
.dll windows:10 windows x64 arch:x64

70f4288e9e404bb3c7e552766ee39c43

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

aadtb.pdb

Imports

cryptngc

NgcDecryptWithSymmetricPopKey
NgcImportSymmetricPopKey
NgcSignWithSymmetricPopKey
NgcEnumContainers

certenroll

ord51
ord50

dsreg

DsrFreeJoinInfoEx
DsrGetJoinInfoEx

oleaut32

VariantClear
SysFreeString
SysAllocString
VariantInit

crypt32

CryptSignAndEncodeCertificate
CryptExportPublicKeyInfo
CryptProtectData
CryptUnprotectData
CertGetCertificateContextProperty
CryptAcquireCertificatePrivateKey
CryptEncodeObject
CertSetCertificateContextProperty
CryptHashCertificate
CertFreeCertificateContext
CertCreateCertificateContext
CertDuplicateCertificateContext
CertDeleteCertificateFromStore
CertAddCertificateContextToStore
CertFindCertificateInStore
CertCloseStore
CertOpenStore

ncrypt

NCryptOpenStorageProvider
NCryptOpenKey
NCryptFinalizeKey
NCryptSetProperty
NCryptCreatePersistedKey
NCryptDeleteKey
NCryptFreeObject
NCryptSignHash

ntdll

RtlAllocateHeap
RtlFreeHeap
RtlNtStatusToDosError
RtlGetDeviceFamilyInfoEnum
RtlImageNtHeader

gdi32

DeleteObject
GetObjectW

api-ms-win-core-synch-l1-1-0

WaitForSingleObject
ReleaseMutex
AcquireSRWLockExclusive
OpenSemaphoreW
CreateEventExW
ReleaseSemaphore
CreateSemaphoreExW
CreateMutexExW
LeaveCriticalSection
WaitForSingleObjectEx
SetEvent
ResetEvent
DeleteCriticalSection
EnterCriticalSection
AcquireSRWLockShared
ReleaseSRWLockShared
InitializeCriticalSectionEx
ReleaseSRWLockExclusive

api-ms-win-eventing-provider-l1-1-0

EventSetInformation
EventWriteTransfer
EventRegister
EventActivityIdControl
EventUnregister

api-ms-win-core-errorhandling-l1-1-0

SetLastError
GetLastError
RaiseException
UnhandledExceptionFilter
SetUnhandledExceptionFilter

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapFree
HeapReAlloc
HeapSize
HeapAlloc

api-ms-win-core-winrt-string-l1-1-0

WindowsGetStringRawBuffer
HSTRING_UserMarshal64
WindowsStringHasEmbeddedNull
WindowsIsStringEmpty
WindowsGetStringLen
HSTRING_UserSize64
WindowsCompareStringOrdinal
HSTRING_UserUnmarshal
HSTRING_UserFree64
WindowsDuplicateString
WindowsDeleteString
HSTRING_UserMarshal
HSTRING_UserUnmarshal64
HSTRING_UserSize
WindowsCreateStringReference
WindowsConcatString
WindowsCreateString
HSTRING_UserFree

api-ms-win-core-winrt-error-l1-1-0

RoOriginateErrorW
RoOriginateError

api-ms-win-core-com-l1-1-0

CoMarshalInterThreadInterfaceInStream
CoCreateFreeThreadedMarshaler
CoTaskMemFree
CoGetObjectContext
CoCreateGuid
CoCreateInstance
StringFromGUID2
CoTaskMemAlloc
CoGetCallContext
CoGetInterfaceAndReleaseStream
CoGetApartmentType

api-ms-win-security-cryptoapi-l1-1-0

CryptReleaseContext
CryptHashData
CryptCreateHash
CryptGetHashParam
CryptDestroyHash
CryptGetProvParam
CryptAcquireContextW

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcess
GetCurrentProcessId
SetThreadStackGuarantee
CreateProcessW
TerminateProcess
GetCurrentThreadId
OpenProcessToken

api-ms-win-core-sysinfo-l1-1-0

GetSystemInfo
GetTickCount
GetSystemDirectoryW
GetSystemTimeAsFileTime

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
IsDebuggerPresent
DebugBreak

api-ms-win-eventing-classicprovider-l1-1-0

RegisterTraceGuidsW
GetTraceEnableFlags
GetTraceEnableLevel
GetTraceLoggerHandle
TraceMessage
UnregisterTraceGuids

api-ms-win-core-util-l1-1-0

EncodePointer
DecodePointer

api-ms-win-core-synch-l1-2-0

WakeAllConditionVariable
SleepConditionVariableSRW
InitOnceExecuteOnce
Sleep

api-ms-win-core-heap-l2-1-0

LocalAlloc
LocalFree

api-ms-win-security-base-l1-1-0

DuplicateTokenEx
CopySid
GetTokenInformation
GetLengthSid

api-ms-win-security-sddl-l1-1-0

ConvertSidToStringSidW
ConvertStringSecurityDescriptorToSecurityDescriptorW

api-ms-win-shcore-stream-winrt-l1-1-0

CreateStreamOverRandomAccessStream

rpcrt4

NdrOleFree
CStdStubBuffer_IsIIDSupported
IUnknown_Release_Proxy
NdrCStdStubBuffer2_Release
NdrStubCall3
IUnknown_QueryInterface_Proxy
CStdStubBuffer_DebugServerRelease
NdrOleAllocate
CStdStubBuffer_AddRef
NdrDllGetClassObject
NdrDllCanUnloadNow
CStdStubBuffer_DebugServerQueryInterface
CStdStubBuffer_Invoke
IUnknown_AddRef_Proxy
NdrStubForwardingFunction

api-ms-win-core-com-midlproxystub-l1-1-0

NdrProxyForwardingFunction3
CStdStubBuffer2_Disconnect
ObjectStublessClient7
CStdStubBuffer2_QueryInterface
NdrProxyForwardingFunction4
NdrProxyForwardingFunction5
ObjectStublessClient6
ObjectStublessClient8
ObjectStublessClient9
ObjectStublessClient10
CStdStubBuffer2_Connect
CStdStubBuffer2_CountRefs

api-ms-win-core-string-l1-1-0

WideCharToMultiByte
MultiByteToWideChar

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-registry-l1-1-0

RegEnumKeyExW
RegOpenKeyExW
RegCreateKeyExW
RegEnumValueW
RegDeleteTreeW
RegCloseKey
RegGetValueW
RegSetValueExW

api-ms-win-core-libraryloader-l1-2-0

GetModuleFileNameA
GetModuleHandleExW
GetProcAddress
GetModuleHandleW

api-ms-win-core-threadpool-l1-2-0

SetThreadpoolTimer
CloseThreadpoolTimer
CreateThreadpoolTimer
WaitForThreadpoolTimerCallbacks

sspicli

LsaDeregisterLogonProcess
LsaConnectUntrusted
LsaFreeReturnBuffer
LsaCallAuthenticationPackage
LsaLookupAuthenticationPackage

api-ms-win-core-registry-l1-1-1

RegDeleteKeyValueW

wincorlib

?CreateException@Exception@Platform@@SAPE$AAV12@HPE$AAVString@2@@Z
??0ClassNotRegisteredException@Platform@@QE$AAA@PE$AAVString@1@@Z
??0COMException@Platform@@QE$AAA@HPE$AAVString@1@@Z
?get@Message@Exception@Platform@@QE$AAAPE$AAVString@3@XZ
?Allocate@Heap@Details@Platform@@SAPEAX_K@Z
??0Delegate@Platform@@QE$AAA@XZ
?ReCreateException@Exception@Platform@@SAPE$AAV12@H@Z
?EventSourceGetTargetArrayEvent@Details@Platform@@YAPEAXPEAXIPEBXPEA_J@Z
?EventSourceGetTargetArraySize@Details@Platform@@YAIPEAX@Z
?EventSourceGetTargetArray@Details@Platform@@YAPEAXPEAXPEAUEventLock@12@@Z
?EventSourceInitialize@Details@Platform@@YAXPEAPEAX@Z
?EventSourceAdd@Details@Platform@@YA?AVEventRegistrationToken@Foundation@Windows@@PEAPEAXPEAUEventLock@12@PE$AAVDelegate@2@@Z
?EventSourceRemove@Details@Platform@@YAXPEAPEAXPEAUEventLock@12@VEventRegistrationToken@Foundation@Windows@@@Z
?GetIBoxArrayVtable@Details@Platform@@YAPEAXPEAX@Z
?CreateException@Exception@Platform@@SAPE$AAV12@H@Z
??0FailureException@Platform@@QE$AAA@XZ
??0OutOfMemoryException@Platform@@QE$AAA@XZ
?__abi_cast_Object_to_String@__abi_details@@YAPE$AAVString@Platform@@_NPE$AAVObject@3@@Z
??0Object@Platform@@QE$AAA@XZ
??0OutOfBoundsException@Platform@@QE$AAA@XZ
?AllocateException@Heap@Details@Platform@@SAPEAX_K0@Z
??0ChangedStateException@Platform@@QE$AAA@XZ
?ReleaseTarget@ControlBlock@Details@Platform@@AEAAXXZ
?AlignedFree@Heap@Details@Platform@@SAXPEAX@Z
?Free@Heap@Details@Platform@@SAXPEAX@Z
?Allocate@Heap@Details@Platform@@SAPEAX_K0@Z
?__abi_WinRTraiseNotImplementedException@@YAXXZ
?__abi_WinRTraiseInvalidCastException@@YAXXZ
?__abi_WinRTraiseNullReferenceException@@YAXXZ
?__abi_WinRTraiseOperationCanceledException@@YAXXZ
?__abi_WinRTraiseFailureException@@YAXXZ
?__abi_WinRTraiseAccessDeniedException@@YAXXZ
?__abi_WinRTraiseOutOfMemoryException@@YAXXZ
?__abi_WinRTraiseInvalidArgumentException@@YAXXZ
?__abi_WinRTraiseOutOfBoundsException@@YAXXZ
?__abi_WinRTraiseChangedStateException@@YAXXZ
?__abi_WinRTraiseClassNotRegisteredException@@YAXXZ
?__abi_WinRTraiseWrongThreadException@@YAXXZ
?__abi_WinRTraiseDisconnectedException@@YAXXZ
?__abi_WinRTraiseObjectDisposedException@@YAXXZ
?__abi_WinRTraiseCOMException@@YAXJ@Z
?InitializeData@Details@Platform@@YAJH@Z
?UninitializeData@Details@Platform@@YAXH@Z
?__abi_FailFast@@YAXXZ
?ReCreateFromException@Details@Platform@@YAJPE$AAVException@2@@Z
?GetIidsFn@@YAJHPEAKPEBU__s_GUID@@PEAPEAVGuid@Platform@@@Z
?GetActivationFactoryByPCWSTR@@YAJPEAXAEAVGuid@Platform@@PEAPEAX@Z
?EventSourceUninitialize@Details@Platform@@YAXPEAPEAX@Z
?__abi_cast_String_to_Object@__abi_details@@YAPE$AAVObject@Platform@@PE$AAVString@3@@Z

msvcrt

_vscwprintf
_purecall
__ExceptionPtrDestroy
__ExceptionPtrCopy
__ExceptionPtrCurrentException
__ExceptionPtrCreate
?terminate@@YAXXZ
wcsstr
??_V@YAXPEAX@Z
_wcsicmp
??1exception@@UEAA@XZ
??0exception@@QEAA@XZ
??0exception@@QEAA@AEBV0@@Z
__ExceptionPtrRethrow
wcsnlen
wcschr
??2@YAPEAX_KHPEBDH@Z
wcsrchr
?name@type_info@@QEBAPEBDXZ
__RTtypeid
malloc
swprintf_s
_wcslwr_s
wcspbrk
iswspace
__C_specific_handler
time
wcscspn
wcsspn
_wcsicoll
wcsncmp
_wcsnicmp
_wcsupr_s
difftime
_vsnwprintf
_vsnprintf_s
?what@exception@@UEBAPEBDXZ
??0exception@@QEAA@AEBQEBD@Z
__ExceptionPtrCopyException
_wtol
_wtoi
??0exception@@QEAA@AEBQEBDH@Z
memcpy_s
wcslen
_CxxThrowException
_lock
_unlock
__dllonexit
_onexit
??1type_info@@UEAA@XZ
_XcptFilter
_amsg_exit
_initterm
realloc
__CxxFrameHandler3
??3@YAXPEAX@Z
_callnewh
memcpy
memmove
_vsnprintf
wcscat_s
wcsncpy_s
__RTDynamicCast
_gmtime64_s
wcsftime
memcmp
vswprintf_s
memmove_s
_wcsdup
memset
free

api-ms-win-shcore-taskpool-l1-1-0

SHTaskPoolQueueTask

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlVirtualUnwind
RtlCaptureContext

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-memory-l1-1-0

VirtualProtect
VirtualAlloc
VirtualQuery

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-security-capability-l1-1-0

CapabilityCheck

Exports

Exports

AADTBAcquireToken
AADTBAcquireTokenEx
AADTBFreeString
AADTBFreeStruct
DllCanUnloadNow
DllGetActivationFactory
DllGetClassObject

Sections

.text
Size: 797KB - Virtual size: 797KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.orpc
Size: 512B - Virtual size: 222B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 371KB - Virtual size: 370KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 79KB - Virtual size: 85KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 38KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 90KB - Virtual size: 89KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
aadtb/cabview.dll
.dll windows:10 windows x64 arch:x64

291c388b00a8637a91af07dc09b2b201

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

cabview.pdb

Imports

msvcrt

__dllonexit
_unlock
_lock
__C_specific_handler
_initterm
_amsg_exit
_XcptFilter
malloc
free
memcpy_s
memmove
_vsnwprintf
memcpy
_onexit
memset

shell32

SHGetPathFromIDListW
SHGetFileInfoW
ShellExecuteW
AssocGetDetailsOfPropKey
ord743
ord701
ord256
ord744
ord27
ord846
ord152
SHBindToParent
ord19
SHBindToObject
SHGetPathFromIDListA
SHBrowseForFolderW
ord155
ord18

shlwapi

StrRetToBufW
PathSkipRootW
AssocCreate
PathFindExtensionW
ord500
PathAppendW
ord158
ord619
SHStrDupW
PathIsUNCW
ord199
ord172
ord186
PathFindFileNameW
PathCombineW
PathAddBackslashA
ord216
PathFindFileNameA
ord217
ord215
ord219

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcess
GetCurrentThreadId
SetThreadPriority
GetCurrentThread
GetCurrentProcessId
TerminateProcess

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapAlloc
HeapFree

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW
GetProcAddress
LockResource
GetModuleFileNameA
GetModuleHandleExW
GetModuleFileNameW
LoadLibraryExW
FindResourceExW
LoadResource
LoadStringW

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
DebugBreak
OutputDebugStringW

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetLastError
SetLastError

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-synch-l1-1-0

AcquireSRWLockExclusive
ReleaseSRWLockExclusive
OpenSemaphoreW
WaitForSingleObject
CreateSemaphoreExW
WaitForSingleObjectEx
ReleaseMutex
ReleaseSemaphore
CreateMutexExW

api-ms-win-core-heap-l2-1-0

GlobalFree
GlobalAlloc
LocalAlloc

api-ms-win-core-com-l1-1-0

CoTaskMemRealloc
PropVariantClear
CoTaskMemFree
CoTaskMemAlloc
CoCreateInstance
CoInitializeEx
CoUninitialize

api-ms-win-core-file-l1-1-0

SetFilePointer
ReadFile
GetShortPathNameW
CreateFileW
GetFileSizeEx
GetTempFileNameW
LocalFileTimeToFileTime

api-ms-win-core-file-l1-2-0

GetTempPathW

oleaut32

VariantInit
VariantClear
SysAllocString

api-ms-win-core-synch-l1-2-0

InitOnceBeginInitialize
InitOnceComplete
Sleep

api-ms-win-eventing-provider-l1-1-0

EventUnregister
EventSetInformation
EventWriteTransfer
EventActivityIdControl
EventRegister

api-ms-win-core-sysinfo-l1-1-0

GetSystemDirectoryW
GetTickCount
GetSystemTimeAsFileTime

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

kernel32

DosDateTimeToFileTime
DeactivateActCtx
ActivateActCtx
_llseek
_lread
_lwrite
_lclose
ReleaseActCtx
CreateActCtxW
lstrlenA
lstrcmpiW
lstrlenW

ole32

OleSetClipboard

propsys

VariantToPropVariant
PSFormatForDisplay
InitVariantFromFileTime
InitVariantFromStrRet
VariantCompare

user32

LoadCursorW
SendMessageW
RegisterClipboardFormatW
MessageBoxW
DestroyMenu
SetCursor
GetMenuItemCount
GetMenuItemInfoW
DeleteMenu
LoadMenuW
GetSubMenu
RemoveMenu
InsertMenuW
InsertMenuItemW
SetMenuDefaultItem
CreatePopupMenu

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

DllCanUnloadNow
DllGetClassObject
Uninstall

Sections

.text
Size: 50KB - Virtual size: 49KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 93KB - Virtual size: 93KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 368B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
aadtb/kbd103.dll
.dll windows:10 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

kbd103.pdb

Exports

Exports

KbdLayerDescriptor
KbdNlsLayerDescriptor

Sections

.text
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 180B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ppcsnap/filemgmt.dll
.dll regsvr32 windows:10 windows x64 arch:x64

89122c235f124c1d01afc6dc2575d168

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

filemgmt.pdb

Imports

mfc42u

ord2586
ord4741
ord3743
ord822
ord3774
ord867
ord3892
ord1033
ord2329
ord6614
ord6418
ord2661
ord4131
ord1498
ord6351
ord2781
ord2393
ord4860
ord2593
ord4747
ord3501
ord3806
ord912
ord4795
ord4894
ord4846
ord852
ord1035
ord4257
ord4262
ord6395
ord6385
ord2906
ord3396
ord3894
ord337
ord2326
ord4557
ord5245
ord1286
ord3761
ord5702
ord665
ord4612
ord1043
ord3754
ord629
ord599
ord6734
ord3182
ord2801
ord1264
ord5694
ord2666
ord1787
ord3177
ord2377
ord6632
ord2324
ord4344
ord1781
ord2665
ord2379
ord2316
ord4521
ord4127
ord4601
ord3003
ord1657
ord2474
ord1082
ord288
ord812
ord1544
ord1586
ord1555
ord1583
ord1585
ord355
ord1477
ord1553
ord1416
ord1491
ord1577
ord1067
ord3751
ord3535
ord5229
ord5712
ord4743
ord1778
ord6440
ord2589
ord4542
ord1566
ord832
ord2023
ord2422
ord1906
ord1499
ord1442
ord2975
ord625
ord6216
ord5585
ord5583
ord5304
ord5114
ord5352
ord4699
ord5687
ord4722
ord5246
ord5406
ord2517
ord6437
ord4365
ord1777
ord4752
ord5663
ord2399
ord5586
ord6812
ord4694
ord5709
ord4017
ord5227
ord4789
ord2670
ord2060
ord6814
ord3933
ord5484
ord1736
ord5683
ord2457
ord2140
ord5699
ord4988
ord4771
ord3868
ord4548
ord6328
ord6147
ord5584
ord6767
ord5077
ord2764
ord2328
ord2311
ord2384
ord5382
ord999
ord549
ord4582
ord2629
ord6708
ord6705
ord2371
ord6813
ord4836
ord2559
ord2515
ord6071
ord4191
ord1388
ord5615
ord2412
ord3468
ord5722
ord5724
ord4368
ord5065
ord5730
ord5711
ord6053
ord3049
ord3243
ord3362
ord4815
ord3231
ord3366
ord3052
ord3166
ord3046
ord3534
ord4082
ord4083
ord4077
ord3164
ord4371
ord4983
ord4770
ord3916
ord1426
ord2752
ord4214
ord1063
ord659
ord1562
ord1647
ord1441
ord2856
ord6050
ord621
ord4436
ord4523
ord2676
ord1677
ord1463
ord3790
ord3830
ord286
ord1574
ord2427
ord3740
ord1284
ord5887
ord2979
ord1287
ord2846
ord4473
ord5719
ord2408
ord287
ord620
ord1122
ord3873
ord568
ord1355
ord5950
ord1483
ord6880
ord626
ord5935
ord6886
ord1126
ord1040
ord624
ord1006
ord4721
ord6887

msvcrt

__RTDynamicCast
_onexit
__dllonexit
_unlock
_lock
??1type_info@@UEAA@XZ
?terminate@@YAXXZ
_initterm
_amsg_exit
_XcptFilter
memmove
memcpy
_CxxThrowException
?what@exception@@UEBAPEBDXZ
??1exception@@UEAA@XZ
??0exception@@QEAA@AEBV0@@Z
??0exception@@QEAA@AEBQEBDH@Z
??0exception@@QEAA@AEBQEBD@Z
_vsnwprintf
_wtoi64
_wcsnicmp
wcschr
calloc
iswspace
wcsstr
wcsncmp
_wcsicmp
??_V@YAXPEAX@Z
malloc
free
__C_specific_handler
__CxxFrameHandler3
_purecall
memset

atl

ord32
ord16
ord21
ord15
ord18
ord22

ntdll

RtlCaptureContext
RtlIpv6AddressToStringW
RtlIpv4AddressToStringW
RtlLookupFunctionEntry
RtlVirtualUnwind

advapi32

RegCloseKey
RegCreateKeyExW
RegOpenKeyExW
RegQueryValueExW
RegSetValueExW
InitializeSecurityDescriptor
SetSecurityDescriptorOwner
GetLengthSid
CopySid
SetSecurityDescriptorGroup
SetSecurityDescriptorDacl
InitializeAcl
AddAccessAllowedAce
EnumServicesStatusW
RegDeleteValueW
GetUserNameW
RegConnectRegistryW
IsWellKnownSid
RevertToSelf
MapGenericMask
AllocateAndInitializeSid
MakeSelfRelativeSD
FreeSid
GetSecurityDescriptorLength
GetSecurityDescriptorControl
LsaOpenPolicy
LsaFreeMemory
LsaClose
LsaSetSystemAccessAccount
LsaGetSystemAccessAccount
LsaCreateAccount
LsaOpenAccount
GetSidSubAuthority
GetSidSubAuthorityCount
LsaLookupNames

user32

SetWindowsHookExW
GetWindowThreadProcessId
FindWindowExW
GetDlgCtrlID
GetSystemMetrics
GetWindowRect
SetTimer
KillTimer
DispatchMessageW
TranslateMessage
PeekMessageW
MsgWaitForMultipleObjects
EnumThreadWindows
IsWindowVisible
GetDesktopWindow
GetFocus
GetWindowLongW
SetActiveWindow
SetWindowTextW
GetClientRect
ShowWindow
MessageBoxW
PostMessageW
GetParent
LoadImageW
UnhookWindowsHookEx
GetActiveWindow
LoadBitmapW
WinHelpW
EnableWindow
SetDlgItemTextW
EndDialog
GetWindowLongPtrW
GetDlgItemTextW
IsDlgButtonChecked
SetFocus
SetWindowLongPtrW
GetDlgItem
SendMessageW
RegisterClipboardFormatW
LoadStringW
DialogBoxParamW
LoadIconW
CallNextHookEx

version

GetFileVersionInfoExW
GetFileVersionInfoSizeExW
VerQueryValueW

gdi32

DeleteObject

cfgmgr32

CM_Set_HW_Prof_Flags_ExW
CM_Disconnect_Machine
CM_Connect_MachineW
CM_Get_HW_Prof_Flags_ExW

kernel32

GetLastError
GetModuleFileNameW
GetCurrentThreadId
MultiByteToWideChar
LeaveCriticalSection
EnterCriticalSection
lstrcmpiW
GetProcAddress
SetLastError
DeactivateActCtx
LoadLibraryW
ActivateActCtx
FindActCtxSectionStringW
CreateActCtxW
GetModuleHandleExW
QueryActCtxW
GetModuleHandleW
OutputDebugStringA
CreateThread
WaitForSingleObject
DuplicateHandle
GlobalLock
GlobalUnlock
GlobalFree
ResolveDelayLoadedAPI
DelayLoadFailureHook
GetCurrentProcess
CloseHandle
GetCurrentThread
InitializeCriticalSection
DeleteCriticalSection
FormatMessageW
LocalFree
GetSystemWindowsDirectoryW
ResumeThread
LocalAlloc
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
WakeAllConditionVariable
SleepConditionVariableSRW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetTickCount
ReleaseActCtx
lstrlenW
CreateProcessW
GetExitCodeProcess
GetComputerNameExW
CreateEventW
Sleep
GlobalAlloc
LoadLibraryExW
GetCommandLineW
FreeLibrary
CompareStringW
GetComputerNameW
WideCharToMultiByte
SetEvent
lstrcmpW

Exports

Exports

CacheSettingsDlg
CacheSettingsDlg2
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 228KB - Virtual size: 227KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 136KB - Virtual size: 136KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 1024B - Virtual size: 560B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ppcsnap/htui.dll
.dll windows:10 windows x64 arch:x64

21d1e5400522e04edf30278ff3ede414

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

htui.pdb

Imports

msvcrt

_vsnwprintf
_XcptFilter
_amsg_exit
free
malloc
_initterm
strncmp
memmove
memcpy
memcmp
__C_specific_handler
wcstol
memset

ntdll

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind

kernel32

ReadFile
WriteProfileStringW
lstrlenW
WriteFile
SetFilePointer
CreateFileW
GlobalAlloc
GlobalFree
CloseHandle
GlobalLock
GetProfileStringW
GlobalUnlock
Sleep
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
GetTickCount
GetLocaleInfoW
MultiByteToWideChar
LocalAlloc
LocalFree

gdi32

BitBlt
CreateCompatibleBitmap
SaveDC
SelectObject
CreateCompatibleDC
RealizePalette
StretchDIBits
GetStockObject
GetDIBits
DeleteDC
CreateHalftonePalette
SelectPalette
SetColorAdjustment
GetObjectW
ExcludeClipRect
SetStretchBltMode
RestoreDC
DeleteObject

comdlg32

GetOpenFileNameW
GetSaveFileNameW

user32

DefWindowProcW
CallWindowProcW
PostMessageW
GetWindow
GetWindowRect
DestroyWindow
GetWindowLongW
IsWindowVisible
SetWindowPos
SetActiveWindow
EnumChildWindows
SetWindowLongPtrW
FillRect
CreateWindowExW
GetDC
ScreenToClient
SendMessageW
EndDialog
DialogBoxParamW
GetActiveWindow
LoadStringW
GetWindowTextW
EnableWindow
EndPaint
BeginPaint
ReleaseDC
InvalidateRect
GetParent
SetScrollPos
CheckDlgButton
GetDlgItem
GetClientRect
SetWindowLongW
SetScrollRange
SetCursor
EndDeferWindowPos
GetWindowDC
LoadCursorW
SetWindowContextHelpId
SetFocus
WinHelpW
IsDlgButtonChecked
IsWindowEnabled
SendDlgItemMessageW
RegisterClassW
SetDlgItemTextW
ClientToScreen
GetDlgCtrlID
BeginDeferWindowPos
ShowWindow
GetWindowLongPtrW
ChildWindowFromPointEx
SetClassLongPtrW
SetWindowTextW
GetSystemMetrics
DeferWindowPos

Exports

Exports

DllMain
HTUI_ColorAdjustment
HTUI_ColorAdjustmentA
HTUI_ColorAdjustmentW
HTUI_DeviceColorAdjustment
HTUI_DeviceColorAdjustmentA
HTUI_DeviceColorAdjustmentW

Sections

.text
Size: 30KB - Virtual size: 29KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1024B - Virtual size: 732B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 56B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ppcsnap/mssph.dll
.dll regsvr32 windows:10 windows x64 arch:x64

5dfbf61ae94045240f766cbfaff03ede

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

mssph.pdb

Imports

msvcrt

__CxxFrameHandler3
??1type_info@@UEAA@XZ
realloc
_errno
memset
_initterm
toupper
_wcsnicmp
wcsncmp
?terminate@@YAXXZ
_wcsicmp
towupper
iswspace
_onexit
_wtol
_lock
memmove_s
_amsg_exit
wcsncpy_s
__dllonexit
_unlock
wcschr
??0exception@@QEAA@AEBQEBD@Z
??0exception@@QEAA@AEBQEBDH@Z
?what@exception@@UEBAPEBDXZ
_CxxThrowException
_XcptFilter
memcpy
malloc
free
_vsnprintf_s
??0exception@@QEAA@AEBV0@@Z
??0exception@@QEAA@XZ
??1exception@@UEAA@XZ
_purecall
wcscat_s
wcscpy_s
memcpy_s
_vsnwprintf
__C_specific_handler
memcmp
memmove
wcscmp

oleaut32

VarUI4FromStr

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW
LoadLibraryExW
GetModuleFileNameA
GetProcAddress
SizeofResource
FreeLibrary
DisableThreadLibraryCalls
GetModuleFileNameW
GetModuleHandleExW
LoadResource
FindResourceExW

api-ms-win-core-synch-l1-2-0

InitOnceBeginInitialize
Sleep
InitOnceComplete
WakeAllConditionVariable
InitOnceExecuteOnce
SleepConditionVariableSRW

api-ms-win-core-synch-l1-1-0

OpenMutexW
DeleteCriticalSection
InitializeCriticalSectionEx
WaitForSingleObjectEx
ReleaseMutex
CreateEventW
SetEvent
CreateSemaphoreExW
AcquireSRWLockShared
ReleaseSRWLockShared
EnterCriticalSection
ReleaseSemaphore
LeaveCriticalSection
InitializeCriticalSection
CreateMutexExW
WaitForSingleObject
ReleaseSRWLockExclusive
OpenSemaphoreW
AcquireSRWLockExclusive

api-ms-win-core-heap-l1-1-0

HeapAlloc
HeapFree
GetProcessHeap

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
GetLastError
SetLastError
SetUnhandledExceptionFilter
RaiseException

api-ms-win-core-com-l1-1-0

CoCreateInstance
PropVariantCopy
CoTaskMemFree
CoTaskMemRealloc
CoTaskMemAlloc
CoUnmarshalInterface
StringFromGUID2

api-ms-win-core-registry-l1-1-0

RegDeleteKeyExW
RegDeleteValueW
RegEnumValueW
RegQueryValueExW
RegSetValueExW
RegOpenKeyExW
RegEnumKeyExW
RegCreateKeyExW
RegGetValueW
RegCloseKey
RegQueryInfoKeyW

api-ms-win-core-processthreads-l1-1-0

TerminateProcess
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId

api-ms-win-core-string-l2-1-0

CharNextW

api-ms-win-core-string-l1-1-0

CompareStringOrdinal
WideCharToMultiByte
CompareStringW
MultiByteToWideChar

api-ms-win-core-localization-l1-2-0

FormatMessageW
GetSystemDefaultLCID
LCMapStringW

api-ms-win-core-debug-l1-1-0

OutputDebugStringA
DebugBreak
OutputDebugStringW
IsDebuggerPresent

ntdll

RtlIsCloudFilesPlaceholder
RtlIsNonEmptyDirectoryReparsePointAllowed
RtlInitUnicodeString
EtwEventEnabled
ZwQueryInformationFile
NtCreateFile
RtlNtStatusToDosError
RtlIsStateSeparationEnabled
RtlGetPersistedStateLocation
EtwEventRegister
EtwEventUnregister
EtwEventWriteTransfer
EtwEventSetInformation
RtlIsPartialPlaceholder

api-ms-win-core-handle-l1-1-0

DuplicateHandle
CloseHandle

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpiW

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW

api-ms-win-core-file-l1-1-0

GetDriveTypeW
SetFilePointer
LockFile
DeleteFileW
ReadFile
SetEndOfFile
WriteFile
SetFileTime
UnlockFile
GetFileAttributesW
CreateFileW
CompareFileTime
GetFileSize
GetFileTime
FlushFileBuffers

api-ms-win-security-base-l1-1-0

IsValidSid
GetSecurityDescriptorOwner
GetSecurityDescriptorLength
SetSecurityDescriptorOwner
MakeSelfRelativeSD
MakeAbsoluteSD
SetSecurityDescriptorGroup
GetLengthSid
InitializeAcl
InitializeSecurityDescriptor
GetSecurityDescriptorDacl
SetSecurityDescriptorDacl
GetSecurityDescriptorGroup
IsValidSecurityDescriptor

api-ms-win-core-sysinfo-l1-1-0

GetVersionExA
GetSystemInfo
GetTickCount
GetSystemTimeAsFileTime
GetSystemTime

api-ms-win-core-kernel32-legacy-l1-1-0

RegisterWaitForSingleObject

api-ms-win-shcore-registry-l1-1-0

SHEnumKeyExW
SHEnumValueW

api-ms-win-shcore-obsolete-l1-1-0

SHStrDupW

api-ms-win-security-sddl-l1-1-0

ConvertStringSecurityDescriptorToSecurityDescriptorW
ConvertStringSidToSidW

api-ms-win-core-heap-l2-1-0

LocalAlloc
LocalFree

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-memory-l1-1-0

UnmapViewOfFile
VirtualFree
VirtualAlloc

api-ms-win-eventing-provider-l1-1-0

EventWriteTransfer
EventUnregister
EventSetInformation
EventProviderEnabled
EventRegister

shcore

ord190
SHCreateMemStream

api-ms-win-core-shlwapi-legacy-l1-1-0

PathStripToRootW
PathFindExtensionW
PathGetDriveNumberW
PathFileExistsW

api-ms-win-core-file-l2-1-0

GetFileInformationByHandleEx

api-ms-win-core-io-l1-1-0

DeviceIoControl

api-ms-win-core-threadpool-l1-2-0

CreateThreadpoolTimer
CloseThreadpoolTimer
SetThreadpoolTimer
WaitForThreadpoolTimerCallbacks

api-ms-win-core-threadpool-legacy-l1-1-0

UnregisterWaitEx

api-ms-win-core-sysinfo-l1-2-0

VerSetConditionMask

api-ms-win-core-kernel32-legacy-l1-1-1

VerifyVersionInfoW

api-ms-win-core-timezone-l1-1-0

SystemTimeToFileTime

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 134KB - Virtual size: 133KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 57KB - Virtual size: 57KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 208B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ppcsnap/ppcsnap.dll
.dll regsvr32 windows:10 windows x64 arch:x64

4c8643e25d8890880fa02c675c74a56f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

ppcsnap.pdb

Imports

msvcrt

free
memmove
_amsg_exit
_CxxThrowException
?what@exception@@UEBAPEBDXZ
??1exception@@UEAA@XZ
_XcptFilter
__CxxFrameHandler3
_lock
_unlock
__dllonexit
??0exception@@QEAA@AEBV0@@Z
??0exception@@QEAA@AEBQEBDH@Z
??0exception@@QEAA@AEBQEBD@Z
_onexit
??1type_info@@UEAA@XZ
memset
memcmp
??_V@YAXPEAX@Z
_callnewh
malloc
_purecall
__C_specific_handler
??3@YAXPEAX@Z
_vsnwprintf
wcschr
_wcsicmp
memcpy
_initterm
wcscmp

kernel32

DisableThreadLibraryCalls
DeleteCriticalSection
InitializeCriticalSection
HeapDestroy
GetLastError
SetLastError
LeaveCriticalSection
EnterCriticalSection
GetCurrentThreadId
RaiseException
DeactivateActCtx
ActivateActCtx
LoadLibraryW
FindActCtxSectionStringW
CreateActCtxW
GetModuleFileNameW
GetModuleHandleExW
QueryActCtxW
OutputDebugStringA
VirtualFree
GetCurrentProcess
VirtualAlloc
LoadLibraryExA
EncodePointer
HeapAlloc
DecodePointer
GetProcAddress
GetProcessHeap
FlushInstructionCache
InterlockedPushEntrySList
InterlockedPopEntrySList
Sleep
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetTickCount
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
CreateEventW
SetThreadpoolTimer
WaitForSingleObject
CloseHandle
InitializeCriticalSectionAndSpinCount
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
WakeAllConditionVariable
SleepConditionVariableSRW
SetEvent
HeapFree

ole32

CoCreateInstance
CoTaskMemAlloc
GetHGlobalFromStream
StringFromIID
CoCreateGuid
CreateStreamOnHGlobal
CoUninitialize
CoTaskMemFree
CoInitialize

user32

PeekMessageW
PostQuitMessage
IsWindow
RegisterClassExW
GetClassInfoExW
GetWindowTextLengthW
GetDlgItemTextW
LoadIconW
SetWindowTextW
SetWindowLongPtrW
EnableWindow
GetDlgItem
MessageBoxW
PostMessageW
CallWindowProcW
GetActiveWindow
CreateWindowExW
GetWindowLongPtrW
DefWindowProcW
DestroyWindow
LoadCursorW
SetFocus
DialogBoxParamW
GetLastActivePopup
wsprintfW
GetWindow
GetParent
GetGUIThreadInfo
EndDialog
RegisterClipboardFormatW
SendMessageW

oleaut32

VariantInit
SysAllocString
SysAllocStringLen
VariantClear
SysFreeString

shlwapi

ord219
ord174
ord209
ord211
ord208
ord210
ord256

puiapi

STRAPI_LoadString
PUIAPI_CreateInstance
PUIAPI_ShowBrowseForPrinterDialog
STRAPI_TrimString
STRAPI_GUID2String
STRAPI_Format

advapi32

RegDeleteKeyExW
RegQueryValueExW
RegOpenKeyExW
RegQueryInfoKeyW
RegEnumKeyExW
RegCreateKeyExW
RegCloseKey
RegSetValueExW

ntdll

TpReleaseAlpcCompletion
TpWaitForAlpcCompletion
TpReleaseIoCompletion
TpWaitForIoCompletion
TpReleaseTimer
TpWaitForTimer
TpReleaseWait
TpWaitForWait
TpReleaseWork
TpWaitForWork
TpAllocAlpcCompletion
TpStartAsyncIoOperation
TpAllocIoCompletion
TpSetTimer
TpReleasePool
TpCallbackMayRunLong
TpSetWait
TpAllocTimer
TpAllocWait
TpPostWork
TpAllocWork
RtlNtStatusToDosError
TpSimpleTryPost

activeds

ord3

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 92KB - Virtual size: 92KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 135KB - Virtual size: 135KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
setup.msi
.msi
srclient/ReInfo.dll
.dll windows:10 windows x64 arch:x64

a9b073efbb798425ec12638924bf2b2e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

ReInfo.pdb

Imports

msvcrt

_amsg_exit
_XcptFilter
free
_vsnprintf
malloc
atol
_initterm
__C_specific_handler
_wcsicmp
wcschr
memcmp
??3@YAXPEAX@Z
_vsnwprintf
_purecall
??1type_info@@UEAA@XZ
?terminate@@YAXXZ
__CxxFrameHandler3
memcpy
_atoi64
memcpy_s
??0exception@@QEAA@AEBQEBDH@Z
??0exception@@QEAA@AEBV0@@Z
??1exception@@UEAA@XZ
?what@exception@@UEBAPEBDXZ
_callnewh
_CxxThrowException
memset

api-ms-win-core-errorhandling-l1-1-0

GetLastError
SetUnhandledExceptionFilter
SetLastError
UnhandledExceptionFilter

api-ms-win-core-heap-l1-1-0

HeapAlloc
HeapFree
GetProcessHeap

api-ms-win-core-registry-l1-1-0

RegOpenKeyExW
RegQueryValueExW
RegCloseKey

api-ms-win-core-com-l1-1-0

CoTaskMemFree

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcessId
TlsSetValue
GetCurrentThreadId
GetCurrentProcess
TerminateProcess
TlsAlloc
TlsFree
TlsGetValue

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount
GetSystemDirectoryW

api-ms-win-core-file-l1-1-0

GetFileSize
FindNextVolumeW
GetDiskFreeSpaceExW
FlushFileBuffers
GetDriveTypeW
FindVolumeClose
FindFirstVolumeW
CreateFileW
WriteFile
GetFileAttributesExW
ReadFile
SetEndOfFile

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-file-l1-2-0

GetVolumeNameForVolumeMountPointW

api-ms-win-core-io-l1-1-0

DeviceIoControl

api-ms-win-core-string-l1-1-0

MultiByteToWideChar

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

ntdll

RtlRaiseStatus
RtlGUIDFromString
NtYieldExecution
RtlAllocateHeap
RtlFreeHeap
NtClose
DbgPrintEx
RtlReAllocateHeap
RtlNtStatusToDosError

Exports

Exports

WinReGetConfig

Sections

.text
Size: 132KB - Virtual size: 131KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 37KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 620B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
srclient/spwizeng.dll
.dll windows:10 windows x64 arch:x64

b9b5a59046cfc37a3a8e7318584d3e5d

Code Sign

33:00:00:02:66:bd:15:80:ef:a7:5c:d6:d3:00:00:00:00:02:66
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

04/03/2020, 18:30

Not After

03/03/2021, 18:30

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

35:96:e9:d0:56:ca:ad:96:bd:7a:93:03:de:5f:1c:ad:14:c2:6c:58:e8:ab:69:19:1b:a6:1e:96:1b:09:3a:6a
Signer

Actual PE Digest

35:96:e9:d0:56:ca:ad:96:bd:7a:93:03:de:5f:1c:ad:14:c2:6c:58:e8:ab:69:19:1b:a6:1e:96:1b:09:3a:6a

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP
IMAGE_FILE_NET_RUN_FROM_SWAP
IMAGE_FILE_DLL

PDB Paths

spwizeng.pdb

Imports

msvcrt

__CxxFrameHandler3
__RTDynamicCast
memcmp
_wcsnicmp
wcsncmp
bsearch
_vsnwprintf
memmove
??1type_info@@UEAA@XZ
_onexit
__dllonexit
_unlock
_lock
realloc
_errno
_initterm
_amsg_exit
_XcptFilter
wcscpy_s
_callnewh
wcsncpy_s
swprintf_s
__C_specific_handler
wcscspn
malloc
memmove_s
wcsrchr
memcpy
_wcsicoll
wcscoll
free
_wcslwr_s
wcsspn
_wcsupr_s
wcsstr
wcschr
_vscwprintf
wcspbrk
_purecall
vswprintf_s
iswspace
_wcsrev
_wcsicmp
memcpy_s
calloc
?terminate@@YAXXZ
memset

wdscore

ConstructPartialMsgVW
WdsSetupLogMessageW
CurrentIP

user32

GetMessageW
DispatchMessageW
PeekMessageW
MsgWaitForMultipleObjectsEx
TranslateMessage
SetForegroundWindow
GetKeyState
IsWindowEnabled
LoadBitmapW
CreateDialogIndirectParamW
GetNextDlgTabItem
SetWindowRgn
CreateDialogParamW
PostMessageW
UnregisterClassW
GetClassInfoW
DefFrameProcW
IsDialogMessageW
RegisterClassW
DefMDIChildProcW
SetLayeredWindowAttributes
DialogBoxParamW
IsWindowVisible
EnableWindow
MonitorFromWindow
GetSystemMetrics
GetMonitorInfoW
PostQuitMessage
SystemParametersInfoW
EnumChildWindows
GetIconInfo
ShowWindow
SetTimer
GetWindowDC
DrawIconEx
LoadImageW
GetDlgCtrlID
GetWindowTextLengthW
GetWindow
DestroyWindow
FillRect
GetDlgItem
GetClientRect
CreateWindowExW
ScreenToClient
EndDialog
RegisterClassExW
LoadStringW
IsWindow
InvalidateRgn
RedrawWindow
ClientToScreen
DestroyAcceleratorTable
IsChild
SendDlgItemMessageW
DialogBoxIndirectParamW
MoveWindow
CreateAcceleratorTableW
SetFocus
CharNextW
SetPropW
SetWindowContextHelpId
GetClassNameW
SetCapture
UnregisterClassA
GetCursor
CreateIconIndirect
SetWindowLongPtrW
SetWindowPos
GetDC
GetFocus
GetWindowRect
CallWindowProcW
DefWindowProcW
GetWindowLongW
SetCursor
LoadCursorW
TrackMouseEvent
EndPaint
BeginPaint
GetParent
GetWindowTextW
ReleaseCapture
RegisterWindowMessageW
GetClassInfoExW
GetDesktopWindow
SetWindowLongW
MapDialogRect
FindWindowExW
GetPropW
SetClassLongPtrW
NotifyWinEvent
SetThreadDesktop
ReleaseDC
InvalidateRect
UpdateWindow
DrawTextW
GetSysColor
FrameRect
MapWindowPoints
CopyRect
GetWindowLongPtrW
SetWindowTextW
KillTimer
SendMessageW

gdi32

Rectangle
CreateRoundRectRgn
CreatePen
RoundRect
AddFontResourceExW
RemoveFontResourceExW
CreatePatternBrush
GetStockObject
GetDeviceCaps
CreateDIBSection
GetLayout
StretchBlt
SetLayout
GetPixel
SetBkColor
CreateBitmap
BitBlt
CreateCompatibleBitmap
SelectObject
CreateCompatibleDC
GetTextMetricsW
DeleteDC
GetTextExtentPoint32W
SetTextColor
SetBkMode
GetObjectW
DeleteObject
CreateSolidBrush
CreateFontIndirectW
SetTextAlign
SetTextCharacterExtra
RemoveFontMemResourceEx
SetStretchBltMode
SetBrushOrgEx
GdiAlphaBlend
AddFontMemResourceEx
CreateDIBitmap
SetGraphicsMode
GetTextAlign
TextOutW
SetMapMode
SetWorldTransform

comctl32

InitCommonControlsEx

comdlg32

GetSaveFileNameW

oleaut32

LoadRegTypeLi
LoadTypeLi
OleCreateFontIndirect
SysStringByteLen
SysAllocString
VarBstrCmp
VarUI4FromStr
VariantInit
SysFreeString
SysReAllocStringLen
SysAllocStringLen
VariantChangeType
VariantClear
SysStringLen

kernel32

GetLocaleInfoW
SetThreadPreferredUILanguages
GetFullPathNameW
OutputDebugStringA
GetSystemTimeAsFileTime
GetCurrentProcessId
SleepConditionVariableSRW
WakeAllConditionVariable
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
InterlockedPopEntrySList
InterlockedPushEntrySList
FlushInstructionCache
DecodePointer
EncodePointer
LoadLibraryExA
VirtualAlloc
GetCurrentProcess
VirtualFree
HeapDestroy
HeapSize
GetTickCount
WaitForSingleObject
CreateMutexW
SetThreadPriority
GetProcessHeap
HeapAlloc
HeapReAlloc
HeapFree
GetTempFileNameW
CloseHandle
DeleteFileW
SetFileAttributesW
CreateFileW
GetTempPathW
WriteFile
CompareStringW
GetFileSizeEx
ReadFile
WideCharToMultiByte
GetVersionExW
VerSetConditionMask
LocalAlloc
GetSystemDirectoryW
GetModuleHandleExW
GetSystemDefaultUILanguage
GetLocaleInfoEx
ReleaseMutex
CreateEventW
GetExitCodeThread
SetEvent
SearchPathW
GetUserDefaultUILanguage
UnmapViewOfFile
CreateFileMappingW
MapViewOfFile
QueryPerformanceCounter
GetFileAttributesW
CreateThread
GetWindowsDirectoryW
LoadLibraryW
GetPrivateProfileStringW
ExpandEnvironmentStringsW
LoadLibraryExW
lstrcmpiW
FreeLibrary
GetModuleHandleW
GetProcAddress
DisableThreadLibraryCalls
MulDiv
lstrcmpW
GlobalUnlock
CopyFileW
GlobalLock
SizeofResource
GetEnvironmentVariableW
MultiByteToWideChar
FormatMessageW
LockResource
RaiseException
FindResourceExW
LoadResource
LocalFree
FindResourceW
Sleep
GetLastError
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
GlobalHandle
SetLastError
GetModuleFileNameW
GetCurrentThreadId
GlobalAlloc
GlobalFree

ole32

CoTaskMemRealloc
CoUninitialize
CoInitializeEx
OleLockRunning
CLSIDFromString
OleInitialize
CreateStreamOnHGlobal
CLSIDFromProgID
CoCreateInstance
StringFromGUID2
CoTaskMemAlloc
OleUninitialize
CoGetClassObject
CoTaskMemFree

advapi32

RegQueryInfoKeyW
RegCreateKeyExW
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
RegDeleteValueW
RegSetValueExW
RegEnumKeyExW

shell32

ShellExecuteW

rpcrt4

RpcStringFreeW
UuidToStringW
UuidCreate

uxlib

?GetLocaleName@CLocale@@QEAA?AV?$CStringT@GV?$StrTraitATL@GV?$ChTraitsCRT@G@ATL@@@ATL@@@ATL@@XZ
??1CLayeredDriver@@QEAA@XZ
?GetName@CLayeredDriver@@QEAA?AV?$CStringT@GV?$StrTraitATL@GV?$ChTraitsCRT@G@ATL@@@ATL@@@ATL@@XZ
?GetID@CLayeredDriver@@QEAA?AV?$CStringT@GV?$StrTraitATL@GV?$ChTraitsCRT@G@ATL@@@ATL@@@ATL@@XZ
?GetAbbrevName@CLocale@@QEAA?AV?$CStringT@GV?$StrTraitATL@GV?$ChTraitsCRT@G@ATL@@@ATL@@@ATL@@XZ
??1CLayeredDrivers@@QEAA@XZ
??1CKeyboardLayout@@QEAA@XZ
?GetLayoutID@CKeyboardLayout@@QEAA?AV?$CStringT@GV?$StrTraitATL@GV?$ChTraitsCRT@G@ATL@@@ATL@@@ATL@@XZ
?GetLayoutName@CKeyboardLayout@@QEAA?AV?$CStringT@GV?$StrTraitATL@GV?$ChTraitsCRT@G@ATL@@@ATL@@@ATL@@XZ
??0CLayeredDrivers@@QEAA@XZ
??1CLocales@@QEAA@XZ
?GetLocalizedName@CLanguage@@QEAA?AV?$CStringT@GV?$StrTraitATL@GV?$ChTraitsCRT@G@ATL@@@ATL@@@ATL@@XZ
??0CKeyboardLayouts@@QEAA@XZ
??1CKeyboardLayouts@@QEAA@XZ
?GetDefaultLayout@CKeyboardLayouts@@QEAA?AVCKeyboardLayout@@XZ
?IsLanguageEnabled@CInternationalUtils@@SAHV?$CStringT@GV?$StrTraitATL@GV?$ChTraitsCRT@G@ATL@@@ATL@@@ATL@@0@Z
??1CLanguage@@QEAA@XZ
?GetAbbrevName@CLanguage@@QEAA?AV?$CStringT@GV?$StrTraitATL@GV?$ChTraitsCRT@G@ATL@@@ATL@@@ATL@@XZ
?GetNativeDisplayName@CLanguage@@QEAA?AV?$CStringT@GV?$StrTraitATL@GV?$ChTraitsCRT@G@ATL@@@ATL@@@ATL@@XZ
??0CLanguages@@QEAA@XZ
??1CLanguages@@QEAA@XZ
?GetLanguageNativeDisplayNameCount@CLanguages@@QEAAHXZ
??0CInternationalUtils@@QEAA@XZ
??1CInternationalUtils@@QEAA@XZ
??1CLocale@@QEAA@XZ
??0CLocales@@QEAA@XZ

ntdll

RtlFreeHeap
RtlAllocateHeap
RtlVerifyVersionInfo
NtQuerySystemInformation

Exports

Exports

??0?$CSimpleArray@PEAGV?$CSimpleArrayEqualHelper@PEAG@ATL@@@ATL@@QEAA@AEBV01@@Z
??0?$CSimpleArray@PEAGV?$CSimpleArrayEqualHelper@PEAG@ATL@@@ATL@@QEAA@XZ
??0?$CSimpleArray@PEAUIResourceModuleEvent@@V?$CSimpleArrayEqualHelper@PEAUIResourceModuleEvent@@@ATL@@@ATL@@QEAA@AEBV01@@Z
??0?$CSimpleArray@PEAUIResourceModuleEvent@@V?$CSimpleArrayEqualHelper@PEAUIResourceModuleEvent@@@ATL@@@ATL@@QEAA@XZ
??0?$CSimpleArray@PEAUKEYBOARD@@V?$CSimpleArrayEqualHelper@PEAUKEYBOARD@@@ATL@@@ATL@@QEAA@AEBV01@@Z
??0?$CSimpleArray@PEAUKEYBOARD@@V?$CSimpleArrayEqualHelper@PEAUKEYBOARD@@@ATL@@@ATL@@QEAA@XZ
??0?$CSimpleArray@PEAULANGUAGE@@V?$CSimpleArrayEqualHelper@PEAULANGUAGE@@@ATL@@@ATL@@QEAA@AEBV01@@Z
??0?$CSimpleArray@PEAULANGUAGE@@V?$CSimpleArrayEqualHelper@PEAULANGUAGE@@@ATL@@@ATL@@QEAA@XZ
??0?$CSimpleArray@PEAULOCALE@@V?$CSimpleArrayEqualHelper@PEAULOCALE@@@ATL@@@ATL@@QEAA@AEBV01@@Z
??0?$CSimpleArray@PEAULOCALE@@V?$CSimpleArrayEqualHelper@PEAULOCALE@@@ATL@@@ATL@@QEAA@XZ
??0?$CSimpleStringT@G$0A@@ATL@@QEAA@AEBV01@@Z
??0?$CSimpleStringT@G$0A@@ATL@@QEAA@AEBV?$CSimpleStringT@G$00@1@@Z
??0?$CSimpleStringT@G$0A@@ATL@@QEAA@PEAUIAtlStringMgr@1@@Z
??0?$CSimpleStringT@G$0A@@ATL@@QEAA@PEBGHPEAUIAtlStringMgr@1@@Z
??0?$CSimpleStringT@G$0A@@ATL@@QEAA@PEBGPEAUIAtlStringMgr@1@@Z
??0?$CStringT@GV?$StrTraitATL@GV?$ChTraitsCRT@G@ATL@@@ATL@@@ATL@@QEAA@AEBUtagVARIANT@@@Z
??0?$CStringT@GV?$StrTraitATL@GV?$ChTraitsCRT@G@ATL@@@ATL@@@ATL@@QEAA@AEBUtagVARIANT@@PEAUIAtlStringMgr@1@@Z
??0?$CStringT@GV?$StrTraitATL@GV?$ChTraitsCRT@G@ATL@@@ATL@@@ATL@@QEAA@AEBV01@@Z
??0?$CStringT@GV?$StrTraitATL@GV?$ChTraitsCRT@G@ATL@@@ATL@@@ATL@@QEAA@DH@Z
??0?$CStringT@GV?$StrTraitATL@GV?$ChTraitsCRT@G@ATL@@@ATL@@@ATL@@QEAA@GH@Z
??0?$CStringT@GV?$StrTraitATL@GV?$ChTraitsCRT@G@ATL@@@ATL@@@ATL@@QEAA@PEAUIAtlStringMgr@1@@Z
??0?$CStringT@GV?$StrTraitATL@GV?$ChTraitsCRT@G@ATL@@@ATL@@@ATL@@QEAA@PEBD@Z
??0?$CStringT@GV?$StrTraitATL@GV?$ChTraitsCRT@G@ATL@@@ATL@@@ATL@@QEAA@PEBDH@Z
??0?$CStringT@GV?$StrTraitATL@GV?$ChTraitsCRT@G@ATL@@@ATL@@@ATL@@QEAA@PEBDHPEAUIAtlStringMgr@1@@Z
??0?$CStringT@GV?$StrTraitATL@GV?$ChTraitsCRT@G@ATL@@@ATL@@@ATL@@QEAA@PEBDPEAUIAtlStringMgr@1@@Z
??0?$CStringT@GV?$StrTraitATL@GV?$ChTraitsCRT@G@ATL@@@ATL@@@ATL@@QEAA@PEBE@Z
??0?$CStringT@GV?$StrTraitATL@GV?$ChTraitsCRT@G@ATL@@@ATL@@@ATL@@QEAA@PEBEPEAUIAtlStringMgr@1@@Z
??0?$CStringT@GV?$StrTraitATL@GV?$ChTraitsCRT@G@ATL@@@ATL@@@ATL@@QEAA@PEBG@Z
??0?$CStringT@GV?$StrTraitATL@GV?$ChTraitsCRT@G@ATL@@@ATL@@@ATL@@QEAA@PEBGH@Z
??0?$CStringT@GV?$StrTraitATL@GV?$ChTraitsCRT@G@ATL@@@ATL@@@ATL@@QEAA@PEBGHPEAUIAtlStringMgr@1@@Z
??0?$CStringT@GV?$StrTraitATL@GV?$ChTraitsCRT@G@ATL@@@ATL@@@ATL@@QEAA@PEBGPEAUIAtlStringMgr@1@@Z
??0?$CStringT@GV?$StrTraitATL@GV?$ChTraitsCRT@G@ATL@@@ATL@@@ATL@@QEAA@XZ
??0AppWindow@@QEAA@AEBV0@@Z
??0AppWindow@@QEAA@PEAVWizardUI@@I@Z
??0BranchWizStrategy@@QEAA@$$QEAV0@@Z
??0BranchWizStrategy@@QEAA@AEBV0@@Z
??0BranchWizStrategy@@QEAA@PEAVWizardEx@@@Z
??0CAnimation@@QEAA@AEBV0@@Z
??0CAnimation@@QEAA@XZ
??0CAnimationControl@@QEAA@AEBV0@@Z
??0CAnimationControl@@QEAA@XZ
??0CAttachDataDlg@@QEAA@AEBV0@@Z
??0CAttachDataDlg@@QEAA@PEAUHINSTANCE__@@0@Z
??0CCritSec@@QEAA@AEBV0@@Z
??0CCritSec@@QEAA@XZ
??0CCtlText@@QEAA@AEBV0@@Z
??0CCtlText@@QEAA@XZ
??0CCursor@@AEAA@XZ
??0CCursor@@QEAA@AEBV0@@Z
??0CCustomButtonEx@@AEAA@XZ
??0CCustomButtonEx@@QEAA@AEBV0@@Z
??0CCustomGraphicEx@@QEAA@AEBV0@@Z
??0CCustomGraphicEx@@QEAA@XZ
??0CDIB@@QEAA@XZ
??0CDrawBackground@@QEAA@AEBV0@@Z
??0CDrawBackground@@QEAA@XZ
??0CDrawItem@@QEAA@AEBV0@@Z
??0CDrawItem@@QEAA@XZ
??0CDrawItemComposite@@QEAA@AEBV0@@Z
??0CDrawItemComposite@@QEAA@XZ
??0CGenericNavWindow@@QEAA@AEBV0@@Z
??0CGenericNavWindow@@QEAA@PEAVAppWindow@@@Z
??0CHighContrast@@AEAA@XZ
??0CHighContrast@@QEAA@AEBV0@@Z
??0CResourceModule@@QEAA@AEBV0@@Z
??0CResourceModule@@QEAA@PEAUHINSTANCE__@@@Z
??0CResourceModule@@QEAA@PEAUHINSTANCE__@@PEBG@Z
??0CResourceModule@@QEAA@PEBG@Z
??0CRichEditControl@@QEAA@XZ
??0CScreenDIB@@QEAA@$$QEAV0@@Z
??0CScreenDIB@@QEAA@AEBV0@@Z
??0CScreenDIB@@QEAA@XZ
??0CScreenText@@QEAA@AEBV0@@Z
??0CScreenText@@QEAA@XZ
??0CWndObj@@QEAA@AEBV0@@Z
??0CWndObj@@QEAA@XZ
??0ChoiceWizStrategy@@QEAA@$$QEAV0@@Z
??0ChoiceWizStrategy@@QEAA@AEBV0@@Z
??0ChoiceWizStrategy@@QEAA@PEAVWizardEx@@@Z
??0ICreateNavbarWnd@@QEAA@AEBV0@@Z
??0ICreateNavbarWnd@@QEAA@XZ
??0ICreateProgressWnd@@QEAA@AEBV0@@Z
??0ICreateProgressWnd@@QEAA@XZ
??0IResourceModuleEvent@@QEAA@$$QEAU0@@Z
??0IResourceModuleEvent@@QEAA@AEBU0@@Z
??0IResourceModuleEvent@@QEAA@XZ
??0LanguageNeutralSelectionDialogBase@@QEAA@AEBV0@@Z
??0LanguageNeutralSelectionDialogBase@@QEAA@XZ
??0LanguageSelectionDialogBase@@QEAA@AEBV0@@Z
??0LanguageSelectionDialogBase@@QEAA@XZ
??0MyString@@QEAA@XZ
??0NavWindow@@QEAA@AEBV0@@Z
??0NavWindow@@QEAA@PEAVAppWindow@@@Z
??0NavigationStack@@QEAA@AEBV0@@Z
??0NavigationStack@@QEAA@XZ
??0Navigator@@AEAA@XZ
??0Navigator@@QEAA@AEBV0@@Z
??0PIDStringView@@QEAA@AEBV0@@Z
??0PIDStringView@@QEAA@XZ
??0PageContainer@@QEAA@AEBV0@@Z
??0PageContainer@@QEAA@XZ
??0ProtoPageDimensions@@QEAA@USimpleRect@@USimpleSize@@HH11MM@Z
??0ProtoPageDimensions@@QEAA@XZ
??0ProtoPageList@@QEAA@AEBV0@@Z
??0ProtoPageList@@QEAA@PEAVWizardDesciption@@KKKHPEAVICreateProgressWnd@@HPEAUtagSIZE@@PEAVICreateNavbarWnd@@UProtoPageDimensions@@KKH@Z
??0ProtoPageList@@QEAA@XZ
??0ScrWindow@@QEAA@AEBV0@@Z
??0ScrWindow@@QEAA@PEAVWizardUI@@I@Z
??0SimpleDialogBase@@QEAA@$$QEAV0@@Z
??0SimpleDialogBase@@QEAA@AEBV0@@Z
??0SimpleDialogBase@@QEAA@XZ
??0SimpleRect@@QEAA@HHHH@Z
??0SimpleRect@@QEAA@XZ
??0SimpleSize@@QEAA@HH@Z
??0SimpleSize@@QEAA@XZ
??0SimpleWizStrategy@@QEAA@$$QEAV0@@Z
??0SimpleWizStrategy@@QEAA@AEBV0@@Z
??0SimpleWizStrategy@@QEAA@PEAVWizardEx@@@Z
??0SummaryWizStrategy@@QEAA@$$QEAV0@@Z
??0SummaryWizStrategy@@QEAA@AEBV0@@Z
??0SummaryWizStrategy@@QEAA@PEAVWizardEx@@@Z
??0VariationWizStrategy@@QEAA@$$QEAV0@@Z
??0VariationWizStrategy@@QEAA@AEBV0@@Z
??0VariationWizStrategy@@QEAA@PEAVWizardEx@@AEBV?$CSimpleMap@HHV?$CSimpleMapEqualHelper@HH@ATL@@@ATL@@H@Z
??0Win32Navigator@@AEAA@XZ
??0Win32Navigator@@QEAA@AEBV0@@Z
??0Wiz_Node@@QEAA@AEBV0@@Z
??0Wiz_Node@@QEAA@I@Z
??0WizardBranch@@QEAA@$$QEAV0@@Z
??0WizardBranch@@QEAA@AEBV0@@Z
??0WizardBranch@@QEAA@IPEAPEAVWiz_Node@@@Z
??0WizardCollection@@QEAA@$$QEAV0@@Z
??0WizardCollection@@QEAA@AEBV0@@Z
??0WizardCollection@@QEAA@IIPEAPEAVWiz_Node@@@Z
??0WizardDesciption@@QEAA@$$QEAV0@@Z
??0WizardDesciption@@QEAA@AEBV0@@Z
??0WizardDesciption@@QEAA@IPEAPEAVWiz_Node@@@Z
??0WizardDialogPost@@QEAA@$$QEAV0@@Z
??0WizardDialogPost@@QEAA@AEBV0@@Z
??0WizardDialogPost@@QEAA@XZ
??0WizardDialogPre@@QEAA@$$QEAV0@@Z
??0WizardDialogPre@@QEAA@AEBV0@@Z
??0WizardDialogPre@@QEAA@XZ
??0WizardEx@@QEAA@AEBV0@@Z
??0WizardEx@@QEAA@XZ
??0WizardHandler@@QEAA@$$QEAV0@@Z
??0WizardHandler@@QEAA@AEBV0@@Z
??0WizardHandler@@QEAA@XZ
??0WizardNode@@QEAA@AEBV0@@Z
??0WizardNode@@QEAA@IIPEAVWizardEx@@PEAVWizardUI@@@Z
??0WizardNode@@QEAA@XZ
??0WizardPage@@QEAA@AEBV0@@Z
??0WizardPage@@QEAA@IIPEAVWizardEx@@PEAVWizardUI@@@Z
??0WizardRoot@@QEAA@AEBV0@@Z
??0WizardRoot@@QEAA@XZ
??0WizardStrategy@@QEAA@AEBV0@@Z
??0WizardStrategy@@QEAA@PEAVWizardEx@@@Z
??0WizardSummary@@QEAA@$$QEAV0@@Z
??0WizardSummary@@QEAA@AEBV0@@Z
??0WizardSummary@@QEAA@IPEAPEAVWiz_Node@@@Z
??0WizardUI@@QEAA@XZ
??0WizardVariation@@QEAA@AEBV0@@Z
??0WizardVariation@@QEAA@IPEAPEAVWiz_Node@@AEBV?$CSimpleMap@HHV?$CSimpleMapEqualHelper@HH@ATL@@@ATL@@PEBG@Z
??0Wizard_PageDesciption@@QEAA@AEBV0@@Z
??0Wizard_PageDesciption@@QEAA@KPEBG0KP6APEAVWizardRoot@@PEAVWizardPage@@@ZK@Z
??1?$CSimpleArray@PEAGV?$CSimpleArrayEqualHelper@PEAG@ATL@@@ATL@@QEAA@XZ
??1?$CSimpleArray@PEAUIResourceModuleEvent@@V?$CSimpleArrayEqualHelper@PEAUIResourceModuleEvent@@@ATL@@@ATL@@QEAA@XZ
??1?$CSimpleArray@PEAUKEYBOARD@@V?$CSimpleArrayEqualHelper@PEAUKEYBOARD@@@ATL@@@ATL@@QEAA@XZ
??1?$CSimpleArray@PEAULANGUAGE@@V?$CSimpleArrayEqualHelper@PEAULANGUAGE@@@ATL@@@ATL@@QEAA@XZ
??1?$CSimpleArray@PEAULOCALE@@V?$CSimpleArrayEqualHelper@PEAULOCALE@@@ATL@@@ATL@@QEAA@XZ
??1?$CSimpleStringT@G$0A@@ATL@@QEAA@XZ
??1?$CStringT@GV?$StrTraitATL@GV?$ChTraitsCRT@G@ATL@@@ATL@@@ATL@@QEAA@XZ
??1AppWindow@@UEAA@XZ
??1BranchWizStrategy@@UEAA@XZ
??1CAnimation@@UEAA@XZ
??1CAnimationControl@@UEAA@XZ
??1CAttachDataDlg@@QEAA@XZ
??1CCritSec@@UEAA@XZ
??1CCtlText@@UEAA@XZ
??1CCursor@@EEAA@XZ
??1CCustomButtonEx@@EEAA@XZ
??1CCustomGraphicEx@@UEAA@XZ
??1CDIB@@QEAA@XZ
??1CDrawBackground@@UEAA@XZ
??1CDrawItem@@UEAA@XZ
??1CDrawItemComposite@@UEAA@XZ
??1CGenericNavWindow@@UEAA@XZ
??1CHighContrast@@EEAA@XZ
??1CResourceModule@@QEAA@XZ
??1CScreenDIB@@UEAA@XZ
??1CScreenText@@UEAA@XZ
??1CWndObj@@UEAA@XZ
??1ChoiceWizStrategy@@UEAA@XZ
??1ICreateNavbarWnd@@UEAA@XZ
??1ICreateProgressWnd@@UEAA@XZ
??1LanguageNeutralSelectionDialogBase@@QEAA@XZ
??1LanguageSelectionDialogBase@@QEAA@XZ
??1NavWindow@@UEAA@XZ
??1NavigationStack@@UEAA@XZ
??1Navigator@@EEAA@XZ
??1PIDStringView@@UEAA@XZ
??1PageContainer@@UEAA@XZ
??1ScrWindow@@UEAA@XZ
??1SimpleWizStrategy@@UEAA@XZ
??1SummaryWizStrategy@@UEAA@XZ
??1VariationWizStrategy@@UEAA@XZ
??1Win32Navigator@@EEAA@XZ
??1Wiz_Node@@UEAA@XZ
??1WizardBranch@@UEAA@XZ
??1WizardCollection@@UEAA@XZ
??1WizardDesciption@@UEAA@XZ
??1WizardEx@@UEAA@XZ
??1WizardNode@@UEAA@XZ
??1WizardPage@@UEAA@XZ
??1WizardRoot@@UEAA@XZ
??1WizardStrategy@@UEAA@XZ
??1WizardSummary@@UEAA@XZ
??1WizardUI@@QEAA@XZ
??1WizardVariation@@UEAA@XZ
??1Wizard_PageDesciption@@UEAA@XZ
??4?$CSimpleArray@PEAGV?$CSimpleArrayEqualHelper@PEAG@ATL@@@ATL@@QEAAAEAV01@AEBV01@@Z
??4?$CSimpleArray@PEAUIResourceModuleEvent@@V?$CSimpleArrayEqualHelper@PEAUIResourceModuleEvent@@@ATL@@@ATL@@QEAAAEAV01@AEBV01@@Z
??4?$CSimpleArray@PEAUKEYBOARD@@V?$CSimpleArrayEqualHelper@PEAUKEYBOARD@@@ATL@@@ATL@@QEAAAEAV01@AEBV01@@Z
??4?$CSimpleArray@PEAULANGUAGE@@V?$CSimpleArrayEqualHelper@PEAULANGUAGE@@@ATL@@@ATL@@QEAAAEAV01@AEBV01@@Z
??4?$CSimpleArray@PEAULOCALE@@V?$CSimpleArrayEqualHelper@PEAULOCALE@@@ATL@@@ATL@@QEAAAEAV01@AEBV01@@Z
??4?$CSimpleStringT@G$0A@@ATL@@QEAAAEAV01@AEBV01@@Z
??4?$CSimpleStringT@G$0A@@ATL@@QEAAAEAV01@AEBV?$CSimpleStringT@G$00@1@@Z
??4?$CSimpleStringT@G$0A@@ATL@@QEAAAEAV01@PEBG@Z
??4?$CStringT@GV?$StrTraitATL@GV?$ChTraitsCRT@G@ATL@@@ATL@@@ATL@@QEAAAEAV01@AEBUtagVARIANT@@@Z
??4?$CStringT@GV?$StrTraitATL@GV?$ChTraitsCRT@G@ATL@@@ATL@@@ATL@@QEAAAEAV01@AEBV01@@Z
??4?$CStringT@GV?$StrTraitATL@GV?$ChTraitsCRT@G@ATL@@@ATL@@@ATL@@QEAAAEAV01@D@Z
??4?$CStringT@GV?$StrTraitATL@GV?$ChTraitsCRT@G@ATL@@@ATL@@@ATL@@QEAAAEAV01@G@Z
??4?$CStringT@GV?$StrTraitATL@GV?$ChTraitsCRT@G@ATL@@@ATL@@@ATL@@QEAAAEAV01@PEBD@Z
??4?$CStringT@GV?$StrTraitATL@GV?$ChTraitsCRT@G@ATL@@@ATL@@@ATL@@QEAAAEAV01@PEBE@Z
??4?$CStringT@GV?$StrTraitATL@GV?$ChTraitsCRT@G@ATL@@@ATL@@@ATL@@QEAAAEAV01@PEBG@Z
??4AppWindow@@QEAAAEAV0@AEBV0@@Z
??4BranchWizStrategy@@QEAAAEAV0@$$QEAV0@@Z
??4BranchWizStrategy@@QEAAAEAV0@AEBV0@@Z
??4CAnimation@@QEAAAEAV0@AEBV0@@Z
??4CAnimationControl@@QEAAAEAV0@AEBV0@@Z
??4CAttachDataDlg@@QEAAAEAV0@AEBV0@@Z
??4CCritSec@@QEAAAEAV0@AEBV0@@Z
??4CCtlText@@QEAAAEAV0@AEBV0@@Z
??4CCursor@@QEAAAEAV0@AEBV0@@Z
??4CCustomButtonEx@@QEAAAEAV0@AEBV0@@Z
??4CCustomGraphicEx@@QEAAAEAV0@AEBV0@@Z
??4CDIB@@QEAAAEAV0@AEBV0@@Z
??4CDrawBackground@@QEAAAEAV0@AEBV0@@Z
??4CDrawItem@@QEAAAEAV0@AEBV0@@Z
??4CDrawItemComposite@@QEAAAEAV0@AEBV0@@Z
??4CGenericNavWindow@@QEAAAEAV0@AEBV0@@Z
??4CHighContrast@@QEAAAEAV0@AEBV0@@Z
??4CResourceModule@@QEAAAEAV0@AEBV0@@Z
??4CResourceModuleFactory@@QEAAAEAV0@$$QEAV0@@Z
??4CResourceModuleFactory@@QEAAAEAV0@AEBV0@@Z
??4CRichEditControl@@QEAAAEAV0@$$QEAV0@@Z
??4CRichEditControl@@QEAAAEAV0@AEBV0@@Z
??4CScreenDIB@@QEAAAEAV0@$$QEAV0@@Z
??4CScreenDIB@@QEAAAEAV0@AEBV0@@Z
??4CScreenText@@QEAAAEAV0@AEBV0@@Z
??4CWndObj@@QEAAAEAV0@AEBV0@@Z
??4ChoiceWizStrategy@@QEAAAEAV0@$$QEAV0@@Z
??4ChoiceWizStrategy@@QEAAAEAV0@AEBV0@@Z
??4ICreateNavbarWnd@@QEAAAEAV0@AEBV0@@Z
??4ICreateProgressWnd@@QEAAAEAV0@AEBV0@@Z
??4IResourceModuleEvent@@QEAAAEAU0@$$QEAU0@@Z
??4IResourceModuleEvent@@QEAAAEAU0@AEBU0@@Z
??4LanguageNeutralSelectionDialogBase@@QEAAAEAV0@AEBV0@@Z
??4LanguageSelectionDialogBase@@QEAAAEAV0@AEBV0@@Z
??4MyString@@QEAAAEAV0@$$QEAV0@@Z
??4MyString@@QEAAAEAV0@AEBV0@@Z
??4NavWindow@@QEAAAEAV0@AEBV0@@Z
??4NavigationStack@@QEAAAEAV0@AEBV0@@Z
??4Navigator@@QEAAAEAV0@AEBV0@@Z
??4PIDStringView@@QEAAAEAV0@AEBV0@@Z
??4PageContainer@@QEAAAEAV0@AEBV0@@Z
??4PageDef@@QEAAAEAU0@$$QEAU0@@Z
??4PageDef@@QEAAAEAU0@AEBU0@@Z
??4ProgressCreateStruct@@QEAAAEAU0@$$QEAU0@@Z
??4ProgressCreateStruct@@QEAAAEAU0@AEBU0@@Z
??4ProtoPageDimensions@@QEAAAEAU0@$$QEAU0@@Z
??4ProtoPageDimensions@@QEAAAEAU0@AEBU0@@Z
??4ProtoPageList@@QEAAAEAV0@AEBV0@@Z
??4ScrWindow@@QEAAAEAV0@AEBV0@@Z
??4SimpleDialogBase@@QEAAAEAV0@$$QEAV0@@Z
??4SimpleDialogBase@@QEAAAEAV0@AEBV0@@Z
??4SimpleRect@@QEAAAEAU0@$$QEAU0@@Z
??4SimpleRect@@QEAAAEAU0@AEBU0@@Z
??4SimpleSize@@QEAAAEAU0@$$QEAU0@@Z
??4SimpleSize@@QEAAAEAU0@AEBU0@@Z
??4SimpleWizStrategy@@QEAAAEAV0@$$QEAV0@@Z
??4SimpleWizStrategy@@QEAAAEAV0@AEBV0@@Z
??4SummaryWizStrategy@@QEAAAEAV0@$$QEAV0@@Z
??4SummaryWizStrategy@@QEAAAEAV0@AEBV0@@Z
??4Win32Navigator@@QEAAAEAV0@AEBV0@@Z
??4Wiz_Node@@QEAAAEAV0@AEBV0@@Z
??4WizardBranch@@QEAAAEAV0@$$QEAV0@@Z
??4WizardBranch@@QEAAAEAV0@AEBV0@@Z
??4WizardCollection@@QEAAAEAV0@$$QEAV0@@Z
??4WizardCollection@@QEAAAEAV0@AEBV0@@Z
??4WizardDesciption@@QEAAAEAV0@$$QEAV0@@Z
??4WizardDesciption@@QEAAAEAV0@AEBV0@@Z
??4WizardDialogPost@@QEAAAEAV0@$$QEAV0@@Z
??4WizardDialogPost@@QEAAAEAV0@AEBV0@@Z
??4WizardDialogPre@@QEAAAEAV0@$$QEAV0@@Z
??4WizardDialogPre@@QEAAAEAV0@AEBV0@@Z
??4WizardEx@@QEAAAEAV0@AEBV0@@Z
??4WizardHandler@@QEAAAEAV0@$$QEAV0@@Z
??4WizardHandler@@QEAAAEAV0@AEBV0@@Z
??4WizardNode@@QEAAAEAV0@AEBV0@@Z
??4WizardPage@@QEAAAEAV0@AEBV0@@Z
??4WizardRoot@@QEAAAEAV0@AEBV0@@Z
??4WizardStrategy@@QEAAAEAV0@AEBV0@@Z
??4WizardSummary@@QEAAAEAV0@$$QEAV0@@Z
??4WizardSummary@@QEAAAEAV0@AEBV0@@Z
??4WizardUI@@QEAAAEAV0@AEBV0@@Z
??4Wizard_PageDesciption@@QEAAAEAV0@AEBV0@@Z
??A?$CSimpleArray@PEAGV?$CSimpleArrayEqualHelper@PEAG@ATL@@@ATL@@QEAAAEAPEAGH@Z
??A?$CSimpleArray@PEAGV?$CSimpleArrayEqualHelper@PEAG@ATL@@@ATL@@QEBAAEBQEAGH@Z
??A?$CSimpleArray@PEAUIResourceModuleEvent@@V?$CSimpleArrayEqualHelper@PEAUIResourceModuleEvent@@@ATL@@@ATL@@QEAAAEAPEAUIResourceModuleEvent@@H@Z
??A?$CSimpleArray@PEAUIResourceModuleEvent@@V?$CSimpleArrayEqualHelper@PEAUIResourceModuleEvent@@@ATL@@@ATL@@QEBAAEBQEAUIResourceModuleEvent@@H@Z
??A?$CSimpleArray@PEAUKEYBOARD@@V?$CSimpleArrayEqualHelper@PEAUKEYBOARD@@@ATL@@@ATL@@QEAAAEAPEAUKEYBOARD@@H@Z
??A?$CSimpleArray@PEAUKEYBOARD@@V?$CSimpleArrayEqualHelper@PEAUKEYBOARD@@@ATL@@@ATL@@QEBAAEBQEAUKEYBOARD@@H@Z
??A?$CSimpleArray@PEAULANGUAGE@@V?$CSimpleArrayEqualHelper@PEAULANGUAGE@@@ATL@@@ATL@@QEAAAEAPEAULANGUAGE@@H@Z
??A?$CSimpleArray@PEAULANGUAGE@@V?$CSimpleArrayEqualHelper@PEAULANGUAGE@@@ATL@@@ATL@@QEBAAEBQEAULANGUAGE@@H@Z
??A?$CSimpleArray@PEAULOCALE@@V?$CSimpleArrayEqualHelper@PEAULOCALE@@@ATL@@@ATL@@QEAAAEAPEAULOCALE@@H@Z
??A?$CSimpleArray@PEAULOCALE@@V?$CSimpleArrayEqualHelper@PEAULOCALE@@@ATL@@@ATL@@QEBAAEBQEAULOCALE@@H@Z
??A?$CSimpleStringT@G$0A@@ATL@@QEBAGH@Z
??B?$CSimpleStringT@G$0A@@ATL@@QEAAAEAV?$CSimpleStringT@G$00@1@XZ
??B?$CSimpleStringT@G$0A@@ATL@@QEBAPEBGXZ
??B?$CStringT@GV?$StrTraitATL@GV?$ChTraitsCRT@G@ATL@@@ATL@@@ATL@@QEAAAEAV?$CSimpleStringT@G$00@1@XZ
??Y?$CSimpleStringT@G$0A@@ATL@@QEAAAEAV01@AEBV01@@Z
??Y?$CSimpleStringT@G$0A@@ATL@@QEAAAEAV01@D@Z
??Y?$CSimpleStringT@G$0A@@ATL@@QEAAAEAV01@E@Z
??Y?$CSimpleStringT@G$0A@@ATL@@QEAAAEAV01@G@Z
??Y?$CSimpleStringT@G$0A@@ATL@@QEAAAEAV01@PEBG@Z
??Y?$CStringT@GV?$StrTraitATL@GV?$ChTraitsCRT@G@ATL@@@ATL@@@ATL@@QEAAAEAV01@AEBUtagVARIANT@@@Z
??Y?$CStringT@GV?$StrTraitATL@GV?$ChTraitsCRT@G@ATL@@@ATL@@@ATL@@QEAAAEAV01@AEBV?$CSimpleStringT@G$0A@@1@@Z
??Y?$CStringT@GV?$StrTraitATL@GV?$ChTraitsCRT@G@ATL@@@ATL@@@ATL@@QEAAAEAV01@D@Z
??Y?$CStringT@GV?$StrTraitATL@GV?$ChTraitsCRT@G@ATL@@@ATL@@@ATL@@QEAAAEAV01@E@Z
??Y?$CStringT@GV?$StrTraitATL@GV?$ChTraitsCRT@G@ATL@@@ATL@@@ATL@@QEAAAEAV01@G@Z
??Y?$CStringT@GV?$StrTraitATL@GV?$ChTraitsCRT@G@ATL@@@ATL@@@ATL@@QEAAAEAV01@PEBD@Z
??Y?$CStringT@GV?$StrTraitATL@GV?$ChTraitsCRT@G@ATL@@@ATL@@@ATL@@QEAAAEAV01@PEBG@Z
??_7AppWindow@@6BIWndObj@@@
??_7AppWindow@@6BIWndProp@@@
??_7BranchWizStrategy@@6B@
??_7CAnimation@@6B@
??_7CAnimationControl@@6B@
??_7CAttachDataDlg@@6B@
??_7CCritSec@@6B@
??_7CCtlText@@6B@
??_7CCursor@@6B@
??_7CCustomButtonEx@@6B@
??_7CCustomGraphicEx@@6B@
??_7CDrawBackground@@6B@
??_7CDrawItem@@6B@
??_7CDrawItemComposite@@6B@
??_7CGenericNavWindow@@6B@
??_7CHighContrast@@6B@
??_7CScreenDIB@@6B@
??_7CScreenText@@6B@
??_7CWndObj@@6BIWndObj@@@
??_7CWndObj@@6BIWndProp@@@
??_7ChoiceWizStrategy@@6B@
??_7ICreateNavbarWnd@@6B@
??_7ICreateProgressWnd@@6B@
??_7IResourceModuleEvent@@6B@
??_7LanguageNeutralSelectionDialogBase@@6B@
??_7LanguageSelectionDialogBase@@6B@
??_7NavWindow@@6B@
??_7NavigationStack@@6B@
??_7Navigator@@6B@
??_7PIDStringView@@6B@
??_7PageContainer@@6B@
??_7ScrWindow@@6BIWndObj@@@
??_7ScrWindow@@6BIWndProp@@@
??_7SimpleDialogBase@@6B@
??_7SimpleWizStrategy@@6B@
??_7SummaryWizStrategy@@6B@
??_7VariationWizStrategy@@6B@
??_7Win32Navigator@@6B@
??_7Wiz_Node@@6B@
??_7WizardBranch@@6B@
??_7WizardCollection@@6B@
??_7WizardDesciption@@6B@
??_7WizardDialogPost@@6B@
??_7WizardDialogPre@@6B@
??_7WizardEx@@6BINavigationNode@@@
??_7WizardEx@@6BWizardNode@@@
??_7WizardHandler@@6B@
??_7WizardNode@@6B@
??_7WizardPage@@6B@
??_7WizardRoot@@6B@
??_7WizardStrategy@@6B@
??_7WizardSummary@@6B@
??_7WizardVariation@@6B@
??_7Wizard_PageDesciption@@6B@
?Add@?$CSimpleArray@PEAGV?$CSimpleArrayEqualHelper@PEAG@ATL@@@ATL@@QEAAHAEBQEAG@Z
?Add@?$CSimpleArray@PEAUIResourceModuleEvent@@V?$CSimpleArrayEqualHelper@PEAUIResourceModuleEvent@@@ATL@@@ATL@@QEAAHAEBQEAUIResourceModuleEvent@@@Z
?Add@?$CSimpleArray@PEAUKEYBOARD@@V?$CSimpleArrayEqualHelper@PEAUKEYBOARD@@@ATL@@@ATL@@QEAAHAEBQEAUKEYBOARD@@@Z
?Add@?$CSimpleArray@PEAULANGUAGE@@V?$CSimpleArrayEqualHelper@PEAULANGUAGE@@@ATL@@@ATL@@QEAAHAEBQEAULANGUAGE@@@Z
?Add@?$CSimpleArray@PEAULOCALE@@V?$CSimpleArrayEqualHelper@PEAULOCALE@@@ATL@@@ATL@@QEAAHAEBQEAULOCALE@@@Z
?AddItem@CDrawItemComposite@@QEAAXPEAVCDrawItem@@@Z
?AddPage@PageContainer@@QEAAXPEAVWizardPage@@@Z
?AddPage@WizardUI@@QEAAHPEAVWizardPage@@@Z
?AddRef@CWndObj@@UEAAKXZ
?AllocSysString@?$CStringT@GV?$StrTraitATL@GV?$ChTraitsCRT@G@ATL@@@ATL@@@ATL@@QEBAPEAGXZ
?Append@?$CSimpleStringT@G$0A@@ATL@@QEAAXAEBV12@@Z
?Append@?$CSimpleStringT@G$0A@@ATL@@QEAAXPEBG@Z
?Append@?$CSimpleStringT@G$0A@@ATL@@QEAAXPEBGH@Z
?AppendChar@?$CSimpleStringT@G$0A@@ATL@@QEAAXG@Z
?AppendFormat@?$CStringT@GV?$StrTraitATL@GV?$ChTraitsCRT@G@ATL@@@ATL@@@ATL@@QEAAXIZZ
?AppendFormat@?$CStringT@GV?$StrTraitATL@GV?$ChTraitsCRT@G@ATL@@@ATL@@@ATL@@QEAAXPEBGZZ
?AppendFormatV@?$CStringT@GV?$StrTraitATL@GV?$ChTraitsCRT@G@ATL@@@ATL@@@ATL@@QEAAXPEBGPEAD@Z
?Attach@?$CSimpleStringT@G$0A@@ATL@@AEAAXPEAUCStringData@2@@Z
?Back@Navigator@@UEAAPEAVWizardPage@@PEAVWizardNode@@@Z
?Back@WizardEx@@UEAAPEAVWizardPage@@PEAVWizardNode@@@Z
?BlendNormal32@CDIB@@CAXPEAV1@0@Z
?ButtonContinue@WizardHandler@@QEAAPEAVCCustomButtonEx@@XZ
?ButtonContinue@WizardRoot@@QEAAAEAPEAVCCustomButtonEx@@XZ
?ButtonFinish@WizardHandler@@QEAAPEAVCCustomButtonEx@@XZ
?ButtonFinish@WizardRoot@@QEAAAEAPEAVCCustomButtonEx@@XZ
?CStringExpandEnvironmentStrings@@YA?AV?$CStringT@GV?$StrTraitATL@GV?$ChTraitsCRT@G@ATL@@@ATL@@@ATL@@V12@@Z
?CStringGetModuleFileName@@YA?AV?$CStringT@GV?$StrTraitATL@GV?$ChTraitsCRT@G@ATL@@@ATL@@@ATL@@PEAUHINSTANCE__@@@Z
?CStringGetPrivateProfileString@@YA?AV?$CStringT@GV?$StrTraitATL@GV?$ChTraitsCRT@G@ATL@@@ATL@@@ATL@@PEBG000@Z
?CStringGetWindowText@@YA?AV?$CStringT@GV?$StrTraitATL@GV?$ChTraitsCRT@G@ATL@@@ATL@@@ATL@@PEAUHWND__@@@Z
?CStringGetWindowsDirectory@@YA?AV?$CStringT@GV?$StrTraitATL@GV?$ChTraitsCRT@G@ATL@@@ATL@@@ATL@@XZ
?CalcAppSize@WizardUI@@AEAAXXZ
?CanPageBeActivated@LanguageNeutralSelectionDialogBase@@UEAAHW4Direction@@PEAH@Z
?CanPageBeActivated@LanguageSelectionDialogBase@@UEAAHW4Direction@@PEAH@Z
?CanPageBeActivated@WizardHandler@@EEAAHW4Direction@@PEAH@Z
?CanPageBeActivated@WizardRoot@@UEAAHW4Direction@@PEAH@Z
?CanPageBeActivatedWrapper@WizardHandler@@QEAAHW4Direction@@PEAH@Z
?Cancel@Navigator@@UEAAPEAVWizardPage@@XZ
?CenterApp@WizardUI@@AEAAXPEAUHWND__@@UtagRECT@@@Z
?ChangeUiLanguage@CResourceModule@@SAHPEBG@Z
?CharToOemA@?$CStringT@GV?$StrTraitATL@GV?$ChTraitsCRT@G@ATL@@@ATL@@@ATL@@QEAAXXZ
?CheckImplicitLoad@?$CStringT@GV?$StrTraitATL@GV?$ChTraitsCRT@G@ATL@@@ATL@@@ATL@@AEAA_NPEBX@Z
?ClearCursorWait@CCursor@@QEAAXXZ
?ClearString@MyString@@QEAAXXZ
?ClearString@PIDStringView@@QEAAXXZ
?CloneData@?$CSimpleStringT@G$0A@@ATL@@CAPEAUCStringData@2@PEAU32@@Z
?Collate@?$CStringT@GV?$StrTraitATL@GV?$ChTraitsCRT@G@ATL@@@ATL@@@ATL@@QEBAHPEBG@Z
?CollateNoCase@?$CStringT@GV?$StrTraitATL@GV?$ChTraitsCRT@G@ATL@@@ATL@@@ATL@@QEBAHPEBG@Z
?CommandHandled@WizardRoot@@QEAAAEAHXZ
?Compare@?$CStringT@GV?$StrTraitATL@GV?$ChTraitsCRT@G@ATL@@@ATL@@@ATL@@QEBAHPEBG@Z
?CompareNoCase@?$CStringT@GV?$StrTraitATL@GV?$ChTraitsCRT@G@ATL@@@ATL@@@ATL@@QEBAHPEBG@Z
?ComposeOffscreen@CDrawItem@@UEAAXPEAUHWND__@@@Z
?ComposeOffscreen@CDrawItemComposite@@UEAAXPEAUHWND__@@@Z
?ComposeOffscreen@CScreenText@@UEAAXPEAUHWND__@@@Z
?Concatenate@?$CSimpleStringT@G$0A@@ATL@@KAXAEAV12@PEBGH1H@Z
?Construct@?$CStringT@GV?$StrTraitATL@GV?$ChTraitsCRT@G@ATL@@@ATL@@@ATL@@SAXPEAV12@@Z
?ConvertColorKeyToAlpha@CDIB@@QEAAXXZ
?CopyChars@?$CSimpleStringT@G$0A@@ATL@@SAXPEAGPEBGH@Z
?CopyChars@?$CSimpleStringT@G$0A@@ATL@@SAXPEAG_KPEBGH@Z
?CopyCharsOverlapped@?$CSimpleStringT@G$0A@@ATL@@SAXPEAGPEBGH@Z
?CopyCharsOverlapped@?$CSimpleStringT@G$0A@@ATL@@SAXPEAG_KPEBGH@Z
?Create@CCustomButtonEx@@SAPEAV1@PEAUHINSTANCE__@@0PEAUHWND__@@@Z
?Create@CCustomButtonEx@@SAPEAV1@PEAUHINSTANCE__@@0PEAUHWND__@@I@Z
?Create@CCustomButtonEx@@SAPEAV1@PEAUHINSTANCE__@@0PEAUHWND__@@IPEAUHDC__@@1@Z
?Create@CCustomButtonEx@@SAPEAV1@PEAUHINSTANCE__@@0PEAUHWND__@@PEAUHDC__@@1@Z
?CreateAppWindow@WizardUI@@AEAAXXZ
?CreateEx@CCustomButtonEx@@SAPEAV1@PEAUHINSTANCE__@@0PEAUHWND__@@IQEAU_Button_Data@@PEAUHDC__@@1@Z
?CreateEx@CCustomButtonEx@@SAPEAV1@PEAUHINSTANCE__@@0PEAUHWND__@@QEAU_Button_Data@@PEAUHDC__@@1@Z
?CreateFromHwnd@CDIB@@QEAAHPEAUHWND__@@@Z
?CreateIndirect@CCustomButtonEx@@SAPEAV1@PEAUHINSTANCE__@@0PEAUHWND__@@IQEAU_Button_Data@@@Z
?CreateIndirect@CCustomButtonEx@@SAPEAV1@PEAUHINSTANCE__@@0PEAUHWND__@@QEAU_Button_Data@@@Z
?CreateNavWindow@WizardUI@@AEAAHXZ
?CreateNode@WizardBranch@@UEAAPEAVWizardNode@@IPEAVWizardEx@@PEAVWizardUI@@@Z
?CreateNode@WizardDesciption@@UEAAPEAVWizardNode@@IPEAVWizardEx@@PEAVWizardUI@@@Z
?CreateNode@WizardSummary@@UEAAPEAVWizardNode@@IPEAVWizardEx@@PEAVWizardUI@@@Z
?CreateNode@WizardVariation@@UEAAPEAVWizardNode@@IPEAVWizardEx@@PEAVWizardUI@@@Z
?CreateNode@Wizard_PageDesciption@@UEAAPEAVWizardNode@@IPEAVWizardEx@@PEAVWizardUI@@@Z
?CreateNodeHelper@WizardCollection@@QEAAPEAVWizardEx@@IPEAV2@PEAVWizardUI@@@Z
?CreateProgressWindow@WizardUI@@AEAAHXZ
?CreatePropertySheet@WizardUI@@AEAAXXZ
?CreateScrWindow@WizardUI@@AEAAXXZ
?CreateWindows@WizardUI@@AEAAXXZ
?Delete@?$CStringT@GV?$StrTraitATL@GV?$ChTraitsCRT@G@ATL@@@ATL@@@ATL@@QEAAHHH@Z
?DeleteBackground@WizardUI@@CAXXZ
?Destroy@CCustomButtonEx@@SAXPEAV1@@Z
?DestroyAllStandardButtons@WizardRoot@@QEAAXXZ
?DestroyAppWindow@WizardUI@@AEAAXXZ
?DestroyDialog@CAttachDataDlg@@QEAAXI_K_J@Z
?DestroyDialog@CGenericNavWindow@@AEAAXXZ
?DestroyNavWindow@WizardUI@@AEAAXXZ
?DestroyProgressWindow@WizardUI@@AEAAXXZ
?DestroyPropertySheet@WizardUI@@AEAAXXZ
?DestroyScrWindow@WizardUI@@AEAAXXZ
?DestroyStandardButton@WizardRoot@@QEAAXPEAVCCustomButtonEx@@@Z
?DestroyWindows@WizardUI@@AEAAXXZ
?DibHeight@CDIB@@QEBAJXZ
?DibWidth@CDIB@@QEBAJXZ
?DoCancel@Win32Navigator@@UEAAXXZ
?DoGoToPageIndex@Win32Navigator@@UEAAXH@Z
?Draw@CAnimation@@UEAAHPEAUHDC__@@@Z
?Draw@CDIB@@QEAAHPEAUHDC__@@HH@Z
?Draw@CDIB@@QEAAHPEAUHDC__@@HHUtagRECT@@@Z
?Draw@CDrawBackground@@UEAAHPEAUHDC__@@@Z
?Draw@CDrawItem@@QEAAHPEAUHWND__@@@Z

Sections

.text
Size: 301KB - Virtual size: 300KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 178KB - Virtual size: 178KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 140KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
srclient/srclient.dll
.dll windows:10 windows x64 arch:x64

64156df8ca5ead107cb03bb6ce0c24fa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

srclient.pdb

Imports

msvcrt

_vscwprintf
memcmp
memcpy
_vsnwprintf
_onexit
__dllonexit
_unlock
_lock
__C_specific_handler
_initterm
_amsg_exit
_XcptFilter
_callnewh
malloc
free
_wcsicmp
wcschr
memmove_s
wcsrchr
_wcsnicmp
strchr
_purecall
memcpy_s
memset

spp

SxTracerGetThreadContextRetail
SxTracerShouldTrackFailure
SxTracerDebuggerBreak
SppFreeGroupPropArray

kernel32

GetLastError
ReleaseSRWLockExclusive
OutputDebugStringW
CloseThreadpoolTimer
AcquireSRWLockExclusive
WaitForSingleObjectEx
OpenSemaphoreW
CloseHandle
SetThreadpoolTimer
ReleaseSRWLockShared
CreateThreadpoolTimer
HeapAlloc
GetProcAddress
CreateMutexExW
AcquireSRWLockShared
DeleteCriticalSection
GetCurrentProcessId
GetProcessHeap
GetModuleHandleW
DebugBreak
IsDebuggerPresent
DisableThreadLibraryCalls
GetModuleFileNameW
GetCommandLineW
MultiByteToWideChar
FormatMessageW
GetSystemTimeAsFileTime
FindFirstFileW
FindNextFileW
FindClose
Sleep
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
QueryPerformanceCounter
GetTickCount
CreateFileW
GetCurrentThread
IsWow64Process
GetDriveTypeW
GetVolumeInformationW
GetDiskFreeSpaceExW
ExpandEnvironmentStringsW
DeleteFileW
GetSystemDirectoryW
DeviceIoControl
GetVolumePathNameW
GetVolumeNameForVolumeMountPointW
QueryDosDeviceW
ReleaseMutex
GetCurrentThreadId
WaitForSingleObject
WaitForThreadpoolTimerCallbacks
InitializeCriticalSectionEx
LeaveCriticalSection
GetModuleHandleExW
ReleaseSemaphore
EnterCriticalSection
SetLastError
HeapFree
CreateSemaphoreExW
GetModuleFileNameA
LocalFree

ntdll

RtlInitializeCriticalSection
RtlDeleteCriticalSection
NtQueryValueKey
NtCreateFile
NtQueryVolumeInformationFile
RtlGetSuiteMask
RtlGetNtSystemRoot
NtClose
WinSqmAddToStreamEx
NtSetInformationFile
NtQueryInformationFile
RtlGetLastNtStatus
RtlSetThreadErrorMode
RtlNtStatusToDosError
EtwTraceMessage
RtlGetCurrentTransaction
RtlSetCurrentTransaction
NtOpenKey
RtlRunOnceExecuteOnce

ole32

CoTaskMemFree
CoInitializeEx
CoUninitialize
CoCreateInstance
CoTaskMemRealloc
CoTaskMemAlloc
StringFromGUID2

advapi32

GetTraceEnableFlags
GetTraceEnableLevel
GetTraceLoggerHandle
RegisterTraceGuidsW
UnregisterTraceGuids
TraceMessage
RegOpenKeyExW
RegCreateKeyExW
RegCloseKey
ConvertStringSecurityDescriptorToSecurityDescriptorW
CreateWellKnownSid
SetNamedSecurityInfoW
GetSecurityDescriptorDacl
RegQueryValueExW
RegSetValueExW
RegDeleteTreeW
RegDeleteValueW
AllocateAndInitializeSid
CheckTokenMembership
FreeSid
DeregisterEventSource
ReportEventW
RegisterEventSourceW
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
OpenThreadToken

powrprof

CallNtPowerInformation

Exports

Exports

DisableSR
DisableSRInternal
EnableSR
EnableSREx
EnableSRInternal
SRNewSystemId
SRRemoveRestorePoint
SRSetRestorePointA
SRSetRestorePointInternal
SRSetRestorePointW
SetSRStateAfterSetup
SysprepCleanup
SysprepGeneralize

Sections

.text
Size: 82KB - Virtual size: 81KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 88B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
srclient/usoapi.dll
.dll windows:10 windows x64 arch:x64

ce527af7beb86c4b904f558ed44fd6c5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

UsoApi.pdb

Imports

api-ms-win-crt-string-l1-1-0

memset

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__purecall
_o__recalloc
_o__register_onexit_function
_o__seh_filter_dll
memcmp
_o__wcsicmp
_o_free
_o_malloc
_o_terminate
_o_wcsncpy_s
_CxxThrowException
_o__execute_onexit_table
_o__errno
_o__crt_atexit
_o__configure_narrow_argv
_o__cexit
_o__callnewh
_o___stdio_common_vswprintf
_o___stdio_common_vsnprintf_s
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
memcpy
__C_specific_handler
__std_terminate
__CxxFrameHandler4

oleaut32

SysFreeString
VARIANT_UserMarshal64
BSTR_UserFree
SysStringLen
LoadRegTypeLi
BSTR_UserUnmarshal64
VARIANT_UserFree
VariantInit
VariantClear
VARIANT_UserUnmarshal
VarUI4FromStr
VARIANT_UserSize
LoadTypeLi
BSTR_UserMarshal64
BSTR_UserUnmarshal
VARIANT_UserMarshal
BSTR_UserMarshal
BSTR_UserSize
VARIANT_UserFree64
SystemTimeToVariantTime
VARIANT_UserUnmarshal64
BSTR_UserFree64
BSTR_UserSize64
VARIANT_UserSize64

rpcrt4

NdrOleAllocate
CStdStubBuffer_QueryInterface
IUnknown_QueryInterface_Proxy
CStdStubBuffer_IsIIDSupported
CStdStubBuffer_DebugServerRelease
CStdStubBuffer_Invoke
CStdStubBuffer_CountRefs
IUnknown_Release_Proxy
CStdStubBuffer_Connect
NdrStubForwardingFunction
NdrStubCall3
NdrCStdStubBuffer_Release
NdrCStdStubBuffer2_Release
CStdStubBuffer_AddRef
NdrOleFree
CStdStubBuffer_DebugServerQueryInterface
IUnknown_AddRef_Proxy
CStdStubBuffer_Disconnect
NdrDllGetClassObject
NdrDllCanUnloadNow

api-ms-win-core-com-midlproxystub-l1-1-0

ObjectStublessClient31
CStdStubBuffer2_Disconnect
CStdStubBuffer2_CountRefs
ObjectStublessClient14
ObjectStublessClient12
CStdStubBuffer2_QueryInterface
ObjectStublessClient25
ObjectStublessClient4
ObjectStublessClient11
ObjectStublessClient24
ObjectStublessClient21
ObjectStublessClient29
ObjectStublessClient16
ObjectStublessClient22
ObjectStublessClient3
ObjectStublessClient27
ObjectStublessClient18
ObjectStublessClient28
ObjectStublessClient20
ObjectStublessClient30
ObjectStublessClient10
ObjectStublessClient17
ObjectStublessClient26
ObjectStublessClient15
ObjectStublessClient23
CStdStubBuffer2_Connect
ObjectStublessClient7
ObjectStublessClient13
ObjectStublessClient5
ObjectStublessClient19
ObjectStublessClient9
ObjectStublessClient6
ObjectStublessClient8

api-ms-win-core-libraryloader-l1-2-0

LoadLibraryExW
GetProcAddress
FindResourceExW
LoadResource
SizeofResource
GetModuleFileNameW
GetModuleHandleW
GetModuleFileNameA
DisableThreadLibraryCalls
GetModuleHandleExW
FreeLibrary

api-ms-win-core-com-l1-1-0

CoTaskMemRealloc
CoTaskMemFree
CoCreateFreeThreadedMarshaler
CoTaskMemAlloc
CoCreateInstance

api-ms-win-core-string-l2-1-0

CharNextW

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
SetUnhandledExceptionFilter
RaiseException
GetLastError
SetLastError

api-ms-win-core-registry-l1-1-0

RegCreateKeyExW
RegOpenKeyExW
RegDeleteValueW
RegCloseKey
RegEnumKeyExW
RegQueryInfoKeyW
RegSetValueExW

api-ms-win-core-synch-l1-1-0

CreateMutexExW
LeaveCriticalSection
OpenSemaphoreW
WaitForSingleObjectEx
ReleaseMutex
ReleaseSemaphore
EnterCriticalSection
CreateSemaphoreExW
DeleteCriticalSection
InitializeCriticalSection
WaitForSingleObject

api-ms-win-core-string-l1-1-0

MultiByteToWideChar

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlVirtualUnwind
RtlLookupFunctionEntry

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
DebugBreak
OutputDebugStringW

api-ms-win-core-processthreads-l1-1-0

GetCurrentThreadId
TerminateProcess
GetCurrentProcessId
GetCurrentProcess

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpiW

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-service-management-l2-1-0

ChangeServiceConfig2W
ChangeServiceConfigW
QueryServiceConfig2W
QueryServiceConfigW

api-ms-win-service-management-l1-1-0

OpenServiceW
OpenSCManagerW
CloseServiceHandle
StartServiceW

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapAlloc
HeapFree

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-sysinfo-l1-2-0

VerSetConditionMask

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-service-winsvc-l1-1-0

QueryServiceStatus

api-ms-win-security-base-l1-1-0

FreeSid
AllocateAndInitializeSid
CheckTokenMembership

api-ms-win-core-timezone-l1-1-0

FileTimeToSystemTime

api-ms-win-core-kernel32-legacy-l1-1-1

VerifyVersionInfoW

Exports

Exports

DllCanUnloadNow
DllGetClassObject

Sections

.text
Size: 48KB - Virtual size: 47KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 76KB - Virtual size: 75KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
srcore/SettingsHandlers_Region.dll
.dll windows:10 windows x64 arch:x64

95bd90ee02c4f844813fa104647a2ee4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

SettingsHandlers_Region.pdb

Imports

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__purecall
_o__register_onexit_function
_o__seh_filter_dll
memmove
_o_bsearch_s
_o_free
_o_malloc
_o_realloc
_o_terminate
_o_toupper
_o_wcstol
__C_specific_handler
_o__configure_narrow_argv
_o__cexit
_o__callnewh
_o__execute_onexit_table
_o__errno
__CxxFrameHandler3
_CxxThrowException
_o___stdio_common_vswprintf
_o__crt_atexit
_o___stdio_common_vsnprintf_s
__std_terminate
_o___std_type_info_destroy_list
_o___std_exception_destroy
__CxxFrameHandler4
memcmp
memcpy
_o___std_exception_copy

api-ms-win-crt-string-l1-1-0

memset

api-ms-win-core-libraryloader-l1-2-0

GetModuleFileNameA
FreeLibrary
DisableThreadLibraryCalls
GetProcAddress
GetModuleHandleExW
GetModuleHandleW

api-ms-win-core-synch-l1-2-0

Sleep
InitOnceBeginInitialize
InitOnceComplete
InitOnceExecuteOnce

api-ms-win-core-synch-l1-1-0

LeaveCriticalSection
ReleaseSemaphore
WaitForSingleObjectEx
CreateEventW
InitializeSRWLock
CreateSemaphoreExW
OpenSemaphoreW
EnterCriticalSection
ResetEvent
InitializeCriticalSectionEx
SetEvent
AcquireSRWLockExclusive
WaitForSingleObject
ReleaseSRWLockShared
ReleaseMutex
CreateMutexExW
CreateEventExW
ReleaseSRWLockExclusive
DeleteCriticalSection
AcquireSRWLockShared

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapAlloc
HeapFree

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
GetLastError
RaiseException
SetLastError
UnhandledExceptionFilter

api-ms-win-core-util-l1-1-0

DecodePointer
EncodePointer

api-ms-win-core-string-l1-1-0

CompareStringEx
CompareStringOrdinal

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcess
GetCurrentThreadId
GetCurrentProcessId
CreateThread
OpenThreadToken
GetCurrentThread
TerminateProcess

api-ms-win-core-localization-l1-2-0

GetUserDefaultLocaleName
FormatMessageW
GetCalendarInfoEx
GetLocaleInfoEx
GetCalendarInfoW
SetLocaleInfoW

api-ms-win-core-debug-l1-1-0

DebugBreak
IsDebuggerPresent
OutputDebugStringW

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-winrt-error-l1-1-0

RoOriginateError
RoTransformError

api-ms-win-core-winrt-string-l1-1-0

WindowsIsStringEmpty
WindowsCreateStringReference
WindowsDeleteString
WindowsDuplicateString
WindowsGetStringRawBuffer
WindowsCreateString

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlCaptureContext
RtlVirtualUnwind

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetLocalTime
GetTickCount
GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

winlangdb

SetUserLanguages
SetUserLanguagesCore
GetRegionalFormatList
EnsureLanguageProfileExists

bcp47langs

Bcp47GetMuiForm
AppendUserLanguageInputMethods
GetAppropriateUserLocaleForUserLanguages
GetUserLanguages
GetUserLocaleFromLanguageProfileOptOut
Bcp47Normalize
ClearUserLocaleFromLanguageProfileOptOut
SetUserLocaleFromLanguageProfileOptOut
GetPendingUserDisplayLanguage
Bcp47GetDistance
Bcp47GetIsoLanguageCode
Bcp47GetIsoScriptCode

shcore

SHStrDupW
ord162

msvcp_win

?_Xbad_function_call@std@@YAXXZ
?_Xlength_error@std@@YAXPEBD@Z

api-ms-win-eventing-provider-l1-1-0

EventActivityIdControl
EventRegister
EventSetInformation
EventUnregister
EventWriteTransfer
EventProviderEnabled

api-ms-win-core-localization-l1-2-3

SetUserGeoName
GetGeoInfoEx
GetUserDefaultGeoName
EnumSystemGeoNames

api-ms-win-core-winrt-error-l1-1-1

RoReportFailedDelegate
RoGetMatchingRestrictedErrorInfo
IsErrorPropagationEnabled

api-ms-win-core-com-l1-1-0

CoUninitialize
CoGetMalloc
CoTaskMemAlloc
CoTaskMemFree
CoInitializeEx
CoCreateFreeThreadedMarshaler
CoCreateInstance
CoDecrementMTAUsage
CoWaitForMultipleHandles
CoIncrementMTAUsage
CoGetApartmentType
CoTaskMemRealloc

api-ms-win-core-heap-l2-1-0

LocalAlloc
LocalFree

api-ms-win-core-winrt-l1-1-0

RoGetActivationFactory
RoUninitialize
RoInitialize

api-ms-win-core-datetime-l1-1-1

GetDateFormatEx
GetTimeFormatEx

api-ms-win-core-localization-l2-1-0

EnumCalendarInfoExEx
EnumTimeFormatsEx

api-ms-win-core-threadpool-legacy-l1-1-0

QueueUserWorkItem

api-ms-win-security-base-l1-1-0

RevertToSelf
ImpersonateLoggedOnUser

api-ms-win-core-threadpool-l1-2-0

WaitForThreadpoolTimerCallbacks
CloseThreadpoolTimer
CreateThreadpoolTimer
SetThreadpoolTimer

api-ms-win-core-localization-obsolete-l1-2-0

GetUserDefaultUILanguage
EnumUILanguagesW

coremessaging

CoreUICreate

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-localization-private-l1-1-0

NlsUpdateLocale
NlsCheckPolicy

ntdll

RtlIsMultiUsersInSessionSku

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

Exports

Exports

DllCanUnloadNow
DllGetClassObject
GetSetting

Sections

.text
Size: 161KB - Virtual size: 161KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 50KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 88B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
srcore/networkhelper.dll
.dll windows:10 windows x64 arch:x64

a27bcbd490e1101d8155e000cd94272f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

NetworkHelper.pdb

Imports

msvcrt

memmove
realloc
_onexit
__dllonexit
_unlock
memcpy
_purecall
_wsplitpath_s
swprintf_s
wcsncpy_s
_vsnwprintf
memcpy_s
__CxxFrameHandler3
_lock
_initterm
_amsg_exit
_XcptFilter
_callnewh
malloc
free
memcmp
_strnicmp
__C_specific_handler
memset

ntdll

NtQuerySystemInformation
RtlReportException
RtlFreeHeap
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
RtlLengthSid
RtlAllocateHeap

api-ms-win-core-com-l1-1-0

CoInitializeEx
CoUninitialize
CoCreateInstance

api-ms-win-eventing-provider-l1-1-0

EventWriteTransfer
EventRegister
EventUnregister
EventSetInformation

api-ms-win-core-synch-l1-1-0

OpenSemaphoreW
WaitForSingleObject
WaitForSingleObjectEx
ResetEvent
ReleaseSRWLockShared
DeleteCriticalSection
InitializeCriticalSection
AcquireSRWLockShared
ReleaseSemaphore
SetEvent
CreateEventW
EnterCriticalSection
InitializeCriticalSectionEx
LeaveCriticalSection
CreateSemaphoreExW
ReleaseSRWLockExclusive
CreateMutexExW
AcquireSRWLockExclusive
ReleaseMutex

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
SetUnhandledExceptionFilter
SetLastError
RaiseException
GetLastError

api-ms-win-core-synch-l1-2-0

WakeAllConditionVariable
SleepConditionVariableSRW
Sleep
InitOnceBeginInitialize
InitOnceComplete

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-processthreads-l1-1-0

TerminateProcess
GetCurrentThreadId
GetCurrentProcess
OpenProcessToken
GetCurrentProcessId

api-ms-win-core-sysinfo-l1-1-0

GetSystemTime
GetTickCount
GetSystemTimeAsFileTime
GetTickCount64

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
IsDebuggerPresent
DebugBreak

api-ms-win-core-winrt-l1-1-0

RoGetActivationFactory

api-ms-win-core-winrt-string-l1-1-0

WindowsCreateStringReference

api-ms-win-core-threadpool-l1-2-0

CreateThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CloseThreadpoolTimer
SetThreadpoolTimer

api-ms-win-security-base-l1-1-0

GetTokenInformation

api-ms-win-core-heap-l2-1-0

LocalFree
LocalAlloc

api-ms-win-core-handle-l1-1-0

DuplicateHandle
CloseHandle

api-ms-win-core-registry-l1-1-0

RegCloseKey
RegNotifyChangeKeyValue
RegCreateKeyExW
RegQueryValueExW
RegGetValueW
RegOpenKeyExW
RegSetValueExW

api-ms-win-core-timezone-l1-1-0

SystemTimeToFileTime

api-ms-win-core-libraryloader-l1-2-0

GetProcAddress
GetModuleHandleExW
GetModuleFileNameA
GetModuleFileNameW
FreeLibrary
GetModuleHandleW

api-ms-win-core-file-l1-1-0

CreateFileW

api-ms-win-core-io-l1-1-0

DeviceIoControl

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapFree
HeapAlloc

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-kernel32-legacy-l1-1-0

RegisterWaitForSingleObject

umpdc

Pdcv2ActivationClientDeactivate
Pdcv2ActivationClientActivate
Pdcv2ActivationClientRegister
Pdcv2ActivationClientUnregister
Pdcv2ActivationClientRenewActivation

syncutil

ord9

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW

api-ms-win-core-threadpool-legacy-l1-1-0

UnregisterWaitEx

Exports

Exports

CHttpTransport_CreateInstance
CheckPdcRenewal
CreateControlChannelTriggerConnectionManager
GetOrCreateNullPowerDependencyCoordinatorManager
GetSerializedAppMetadata
InitializePowerDependencyCoordinatorManager
IsNetworkConnectionCostRestricted
ProgressStatus
ReleasePowerDependencyCoordinatorManager
ReportSyncProgress
SyncPdcReference_WatchdogReport
SyncPdcReference_WatchdogsEnabled
SyncWerReportComponentName
SyncWerReportGenerator

Sections

.text
Size: 79KB - Virtual size: 79KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 160B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 524B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
srcore/srcore.dll
.dll regsvr32 windows:10 windows x64 arch:x64

4b0696026fb387c2fee04b5aa55758e8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

srcore.pdb

Imports

msvcrt

memcmp
memcpy
memmove
wcsnlen
iswspace
wcsrchr
_vscwprintf
_wcslwr
wcsstr
strchr
wcspbrk
memset
_onexit
__dllonexit
_unlock
_lock
_initterm
_amsg_exit
_XcptFilter
_callnewh
_vsnwprintf
wcstoul
_wcsupr
wcsncmp
wcschr
_wcsicmp
realloc
wcscat_s
malloc
free
__C_specific_handler
_purecall
_wcsnicmp
wcscmp

kernel32

SetThreadExecutionState
DebugBreak
CloseHandle
ReadFile
WriteFile
GetFileSizeEx
SetLastError
DeleteFileW
CreateDirectoryW
SetFileAttributesW
SetFileShortNameW
QueryPerformanceCounter
MoveFileExW
RemoveDirectoryW
GetSystemTimeAsFileTime
BackupRead
QueryPerformanceFrequency
WerRegisterFile
FindFirstFileW
FindNextFileW
FindClose
SetEvent
WaitForSingleObject
CreateEventW
CreateThread
WaitForMultipleObjects
Sleep
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
CreateFileW
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
UnmapViewOfFile
GetCurrentThread
DuplicateHandle
MapViewOfFile
CreateFileMappingW
CreateProcessW
SetThreadErrorMode
SetErrorMode
VirtualFree
DeleteProcThreadAttributeList
UpdateProcThreadAttribute
LocalFree
HeapDestroy
DisableThreadLibraryCalls
InitializeProcThreadAttributeList
DeleteCriticalSection
InitializeCriticalSection
GetModuleFileNameW
FindResourceExW
LoadResource
SizeofResource
MultiByteToWideChar
EnterCriticalSection
LeaveCriticalSection
GetSystemInfo
VirtualQuery
VirtualAlloc
VirtualProtect
lstrcpynW
lstrcmpiW
GetModuleHandleW
GetProcessId
GetSystemDirectoryW
IsWow64Process2
FindVolumeClose
FormatMessageW
HeapFree
DeviceIoControl
LoadLibraryExW
SleepConditionVariableSRW
WakeAllConditionVariable
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
GetProcessHeap
HeapAlloc
VirtualUnlock
GetProcAddress
GetLastError
FreeLibrary
GetFileAttributesW
GetFileType
BackupWrite
GetVolumePathNameW
CreateDirectoryExW
GetVolumePathNamesForVolumeNameW
GetVolumeNameForVolumeMountPointW
ExpandEnvironmentStringsW
GetDiskFreeSpaceExW
GetFullPathNameW
GetDriveTypeW
FindFirstVolumeW
FindNextVolumeW
TerminateProcess

user32

CharPrevW
CharNextW
GetSystemMetrics
LoadStringW

ktmw32

CommitTransaction
RollbackTransaction
CreateTransaction

ntdll

RtlInitializeCriticalSection
RtlDeleteCriticalSection
RtlSetCurrentTransaction
RtlGetCurrentTransaction
WinSqmAddToStream
RtlDeleteElementGenericTableAvl
RtlEnumerateGenericTableAvl
RtlInitializeGenericTableAvl
RtlLookupElementGenericTableAvl
RtlInsertElementGenericTableAvl
RtlComputeCrc32
RtlDosPathNameToNtPathName_U
DbgPrintEx
NtClose
RtlWerpReportException
NtSetSystemInformation
RtlTryAcquirePebLock
RtlReleasePebLock
NtClearEvent
RtlDecodeSystemPointer
RtlEnumerateGenericTableWithoutSplayingAvl
EtwTraceMessage
NtQuerySecurityObject
RtlValidRelativeSecurityDescriptor
RtlGetControlSecurityDescriptor
RtlSetControlSecurityDescriptor
RtlGetDaclSecurityDescriptor
RtlGetSaclSecurityDescriptor
NtSetSecurityObject
RtlNtStatusToDosError
RtlInitUnicodeString
RtlCreateSystemVolumeInformationFolder
RtlFreeHeap
RtlGetLastNtStatus
RtlLockBootStatusData
RtlGetSetBootStatusData
RtlFreeUnicodeString
RtlSetBits
RtlInitializeBitMap
NtSetInformationProcess
NtQueryInformationProcess
WinSqmAddToStreamEx
RtlUnlockBootStatusData
NtQueryInformationFile
NtOpenFile
NtSetInformationFile

rpcrt4

NdrMesTypeEncode3
NdrMesTypeDecode3
MesEncodeDynBufferHandleCreate
I_RpcExceptionFilter
MesDecodeBufferHandleCreate
MesHandleFree

ole32

CoGetMalloc
CoTaskMemFree
CoCreateGuid
CoTaskMemAlloc
CoTaskMemRealloc
CoCreateInstance
StringFromCLSID
StringFromGUID2
CLSIDFromString

oleaut32

SysAllocString
VarUI4FromStr
SysFreeString

advapi32

RegDeleteValueW
ConvertStringSecurityDescriptorToSecurityDescriptorW
RegDeleteKeyExW
RegOpenKeyTransactedW
RegSetValueExW
RegEnumValueW
RegQueryInfoKeyW
UnregisterTraceGuids
RegisterTraceGuidsW
GetTraceEnableFlags
GetTraceEnableLevel
GetTraceLoggerHandle
RegCloseKey
RegReplaceKeyW
RegCreateKeyExW
RegEnumKeyExW
RegOpenKeyExW
RegLoadKeyW
RegUnLoadKeyW
TraceMessage
RegQueryValueExW
LookupPrivilegeValueW
EventRegister
EventEnabled
EventWrite
EventUnregister
OpenEncryptedFileRawW
ReadEncryptedFileRaw
CloseEncryptedFileRaw
WriteEncryptedFileRaw
OpenThreadToken
OpenProcessToken
ControlTraceW
StartTraceW
EnableTraceEx2
RegisterEventSourceW
ReportEventW
DeregisterEventSource
AdjustTokenPrivileges

vssapi

GetProviderMgmtInterfaceInternal

wer

WerReportAddFile
WerReportSetParameter
WerReportSubmit
WerReportCloseHandle
WerReportCreate

spp

SxTracerDebuggerBreak
SxTracerShouldTrackFailure
SxTracerGetThreadContextRetail
SppFreeGroupPropArray

bcd

BcdEnumerateObjects
BcdOpenSystemStore
BcdCloseObject
BcdGetElementData
BcdOpenObject
BcdCloseStore

api-ms-win-core-wow64-l1-1-1

GetSystemWow64Directory2W

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
ShutdownContinuation
SrFreeRestoreStatus
SrFreeRpPropArray

Sections

.text
Size: 336KB - Virtual size: 336KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 83KB - Virtual size: 83KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 49KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
srcore/uireng.dll
.dll windows:10 windows x64 arch:x64

c2ca58b2270719afbdbaea723f8d2d76

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

uireng.pdb

Imports

msvcrt

wcsrchr
wcschr
memcpy
memmove
_wcsnicmp
_CxxThrowException
_wtoi
wcstol
_wcsupr
wcsstr
wcstoul
_wcstoui64
_itow_s
wcscpy_s
__CxxFrameHandler3
memset
??1type_info@@UEAA@XZ
_onexit
__dllonexit
_unlock
_lock
?terminate@@YAXXZ
__C_specific_handler
_initterm
_amsg_exit
_XcptFilter
_callnewh
malloc
free
_purecall
_vsnprintf
_wcsicmp
_vsnprintf_s
??0exception@@QEAA@AEBV0@@Z
??0exception@@QEAA@XZ
??1exception@@UEAA@XZ
memcpy_s
_vsnwprintf
_snwscanf_s
_vscwprintf
wcscmp

advapi32

RegQueryValueExW
RegOpenKeyExW
RegCloseKey
EventRegister
EventUnregister
StartTraceW
UnregisterTraceGuids
RegOpenKeyW
RegisterTraceGuidsW
GetTraceEnableFlags
EnableTrace
FlushTraceW
EnableTraceEx
ControlTraceW
EventWriteString
OpenTraceW
ProcessTrace
CloseTrace
ConvertStringSecurityDescriptorToSecurityDescriptorW
GetTraceEnableLevel
GetTraceLoggerHandle
TraceMessage

gdi32

CreateSolidBrush
StretchBlt
CreateCompatibleDC
CreateDCW
ExcludeClipRect
DeleteObject
CreatePen
SelectObject
GetStockObject
Rectangle
ExtCreatePen
MoveToEx
LineTo
PolyBezier
SetDCBrushColor
Ellipse
DeleteDC
GetCurrentObject
CreateCompatibleBitmap
BitBlt
GetObjectW

gdiplus

GdipAlloc
GdipFree
GdipDisposeImage
GdipSaveImageToFile
GdipCreateBitmapFromHBITMAP
GdipGetImageEncoders
GdipGetImageEncodersSize
GdiplusStartup
GdiplusShutdown
GdipCloneImage

kernel32

GetModuleFileNameA
CreateSemaphoreExW
HeapFree
SetLastError
ReleaseSemaphore
GetModuleHandleExW
WaitForSingleObject
GetCurrentThreadId
ReleaseMutex
FormatMessageW
GetLastError
OutputDebugStringW
WaitForSingleObjectEx
OpenSemaphoreW
CloseHandle
HeapAlloc
GetProcAddress
CreateMutexExW
GetCurrentProcessId
GetProcessHeap
GetModuleHandleW
DebugBreak
IsDebuggerPresent
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetTickCount
ExitProcess
OpenProcess
K32GetModuleFileNameExW
LocalFree
GetSystemTimeAsFileTime
ReadProcessMemory
GetTimeFormatW
GetFileAttributesW
RemoveDirectoryW
ExpandEnvironmentStringsW
CreateDirectoryW
WaitForMultipleObjects
CreateThread
Sleep
UnregisterWait
RegisterWaitForSingleObject
FindFirstFileW
CreateFileW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
QueryPerformanceCounter
ReadFile
FreeLibrary
GetWindowsDirectoryW
LoadLibraryW
ResumeThread
GetSystemDirectoryW
FindNextFileW
GetDriveTypeW
GetLongPathNameW
SizeofResource
WriteFile
UnmapViewOfFile
MultiByteToWideChar
LockResource
DeleteFileW
LoadResource
FindResourceW
GetFileSize
WideCharToMultiByte
CreateFileMappingW
SearchPathW
DuplicateHandle
ResetEvent
GetThreadPriority
GetCurrentThread
MapViewOfFile
SetEvent
CreateEventW
InitializeConditionVariable
SetThreadPriority
WakeConditionVariable
WakeAllConditionVariable
SleepConditionVariableCS
HeapReAlloc
DeleteCriticalSection
LoadLibraryExW
FindClose
GetVersionExW
GetProductInfo
FileTimeToSystemTime
MoveFileExW
GetDateFormatW
SystemTimeToTzSpecificLocalTime
QueryFullProcessImageNameW

msdrm

DRMIsWindowProtected

ntdll

RtlFreeUnicodeString
RtlDosPathNameToNtPathName_U_WithStatus
RtlGetFullPathName_UEx
RtlInitUnicodeString
NtApphelpCacheControl
NtQueryValueKey
NtClose
RtlFreeHeap
RtlAllocateHeap
RtlInitUnicodeStringEx
NtQueryInformationProcess
ZwClose
ZwOpenKey
RtlAppendUnicodeStringToString
RtlAppendUnicodeToString
RtlFormatCurrentUserKeyPath
ZwCreateFile

ole32

CoCreateInstance
StringFromGUID2
CoInitializeEx
CoInitialize
CoUninitialize
CoCreateGuid
CLSIDFromString

oleacc

GetRoleTextW

oleaut32

SysFreeString
VariantClear
VariantInit
SysAllocString
SysStringLen

shell32

CommandLineToArgvW
ShellExecuteW
SHFileOperationW

shlwapi

PathRemoveBlanksW
PathRemoveExtensionW
SHCreateStreamOnFileEx
PathFindFileNameW
PathCombineW

user32

CallNextHookEx
SetWindowsHookExW
GetClientRect
SetLayeredWindowAttributes
MsgWaitForMultipleObjectsEx
PeekMessageW
SetTimer
ShowWindow
RegisterWindowMessageW
PostThreadMessageW
DispatchMessageW
TranslateMessage
GetMessageW
WindowFromPoint
GetWindowThreadProcessId
GetGUIThreadInfo
GetCursorInfo
ReleaseDC
UnhookWindowsHookEx
GetDC
GetDesktopWindow
DrawIcon
GetIconInfo
LoadCursorW
GetWindowRect
GetClassNameW
InternalGetWindowText
GetParent
GetWindowLongPtrW
GetKeyState
GetKeyNameTextW
MapVirtualKeyW
GetWindowInfo
PtInRect
GetAsyncKeyState
LoadImageW
GetSystemMetrics
GetDoubleClickTime
IsHungAppWindow
GetRawInputDeviceInfoW
GetPointerDevices
DestroyWindow
RegisterRawInputDevices
RegisterClassExW
CreateWindowExW
UnregisterClassW
FillRect
SetWindowLongPtrW
CopyImage
SetWindowPos
GetWindowTextW
EnableWindow
ReleaseCapture
SystemParametersInfoW
GetDlgItem
SwitchDesktop
SetCapture
GetProcessDefaultLayout
FindWindowW
LoadIconW
IsRectEmpty
CreateDesktopW
ClientToScreen
IsDialogMessageW
CloseDesktop
GetThreadDesktop
SetThreadDesktop
SendMessageW
SetProcessDefaultLayout
CreateDialogParamW
GetWindowTextLengthW
GetCursorPos
InvalidateRect
UpdateWindow
FindWindowExW
WindowFromPhysicalPoint
DefWindowProcW
GetRawInputData
EndPaint
SetWinEventHook
GetWindowLongW
ShowWindowAsync
UnhookWinEvent
PhysicalToLogicalPointForPerMonitorDPI
EnumWindows
BeginPaint

aepic

PicFreeFileInfo
PicRetrieveFileInfo

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

xmllite

CreateXmlWriter

hid

HidP_GetLinkCollectionNodes
HidP_GetValueCaps
HidP_GetUsageValue
HidP_GetUsages
HidP_GetCaps

msimg32

AlphaBlend

rpcrt4

RpcServerListen
RpcServerRegisterIf2
NdrServerCall2
RpcServerUseProtseqEpW
NdrServerCallAll

Exports

Exports

UirGetScreenComment
UirInitializeEngine
UirIsRecordingActive
UirOutCreateOutputFile
UirPauseRecordingSession
UirResumeRecordingSession
UirStartRecordingSession
UirStopRecordingSession
UirUninitializeEngine
UirUpdateRecordingSession

Sections

.text
Size: 156KB - Virtual size: 155KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 84KB - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 188B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e3713153bb210e0fb2e92eb8ba18ed10

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

api-ms-win-eventing-provider-l1-1-0

api-ms-win-eventing-classicprovider-l1-1-0

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-com-l1-1-0

api-ms-win-core-localization-l1-2-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-synch-l1-1-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-handle-l1-1-0

api-ms-win-core-string-l1-1-0

api-ms-win-core-heap-l1-1-0

oleaut32

api-ms-win-core-heap-l2-1-0

rpcrt4

api-ms-win-core-registry-l1-1-1

api-ms-win-core-registry-l1-1-0

api-ms-win-core-sysinfo-l1-2-0

api-ms-win-core-file-l1-1-0

api-ms-win-core-processenvironment-l1-1-0

api-ms-win-core-libraryloader-l1-2-1

api-ms-win-core-memory-l1-1-0

api-ms-win-core-util-l1-1-0

api-ms-win-core-processthreads-l1-1-1

api-ms-win-core-interlocked-l1-1-0

api-ms-win-core-synch-l1-2-0

api-ms-win-core-rtlsupport-l1-1-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-core-debug-l1-1-0

api-ms-win-core-shlwapi-legacy-l1-1-0

gdi32

kernel32

ntdll

shell32

shlwapi

user32

uxtheme

setupapi

shdocvw

propsys

api-ms-win-devices-query-l1-1-0

api-ms-win-core-delayload-l1-1-1

api-ms-win-core-delayload-l1-1-0

Exports

Exports

Sections

.text Size: 227KB - Virtual size: 226KB

.rdata Size: 84KB - Virtual size: 84KB

.data Size: 1KB - Virtual size: 5KB

.pdata Size: 12KB - Virtual size: 11KB

.didat Size: 2KB - Virtual size: 1KB

.rsrc Size: 172KB - Virtual size: 171KB

.reloc Size: 4KB - Virtual size: 4KB

70f4288e9e404bb3c7e552766ee39c43

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

cryptngc

certenroll

dsreg

oleaut32

crypt32

ncrypt

ntdll

gdi32

api-ms-win-core-synch-l1-1-0

.text
Size: 227KB - Virtual size: 226KB

.rdata
Size: 84KB - Virtual size: 84KB

.data
Size: 1KB - Virtual size: 5KB

.pdata
Size: 12KB - Virtual size: 11KB

.didat
Size: 2KB - Virtual size: 1KB

.rsrc
Size: 172KB - Virtual size: 171KB

.reloc
Size: 4KB - Virtual size: 4KB

.text
Size: 797KB - Virtual size: 797KB

.orpc
Size: 512B - Virtual size: 222B

.rdata
Size: 371KB - Virtual size: 370KB

.data
Size: 79KB - Virtual size: 85KB

.pdata
Size: 38KB - Virtual size: 38KB

.didat
Size: 512B - Virtual size: 16B

.rsrc
Size: 90KB - Virtual size: 89KB

.reloc
Size: 8KB - Virtual size: 8KB