Extended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageContentCommitment
Overview
overview
3Static
static
1Recorder_2.3.0/7z.dll
windows7-x64
3Recorder_2.3.0/7z.dll
windows10-2004-x64
3Recorder_2...ab.dll
windows7-x64
3Recorder_2...ab.dll
windows10-2004-x64
3Recorder_2...ta.sys
windows7-x64
1Recorder_2...ta.sys
windows10-2004-x64
1Recorder_2...Xp.sys
windows7-x64
1Recorder_2...Xp.sys
windows10-2004-x64
1Recorder_2...gR.sys
windows7-x64
1Recorder_2...gR.sys
windows10-2004-x64
1Recorder_2...gr.dll
windows7-x64
3Recorder_2...gr.dll
windows10-2004-x64
3Recorder_2...er.exe
windows7-x64
3Recorder_2...er.exe
windows10-2004-x64
3Static task
static1
Behavioral task
behavioral1
Sample
Recorder_2.3.0/7z.dll
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
Recorder_2.3.0/7z.dll
Resource
win10v2004-20240802-en
Behavioral task
behavioral3
Sample
Recorder_2.3.0/Cab.dll
Resource
win7-20240705-en
Behavioral task
behavioral4
Sample
Recorder_2.3.0/Cab.dll
Resource
win10v2004-20240802-en
Behavioral task
behavioral5
Sample
Recorder_2.3.0/Drivers/XiaobaiFsRForVista.sys
Resource
win7-20240704-en
Behavioral task
behavioral6
Sample
Recorder_2.3.0/Drivers/XiaobaiFsRForVista.sys
Resource
win10v2004-20240802-en
Behavioral task
behavioral7
Sample
Recorder_2.3.0/Drivers/XiaobaiFsRForXp.sys
Resource
win7-20240704-en
Behavioral task
behavioral8
Sample
Recorder_2.3.0/Drivers/XiaobaiFsRForXp.sys
Resource
win10v2004-20240802-en
Behavioral task
behavioral9
Sample
Recorder_2.3.0/Drivers/XiaobaiRegR.sys
Resource
win7-20240708-en
Behavioral task
behavioral10
Sample
Recorder_2.3.0/Drivers/XiaobaiRegR.sys
Resource
win10v2004-20240802-en
Behavioral task
behavioral11
Sample
Recorder_2.3.0/DrvMgr.dll
Resource
win7-20240704-en
Behavioral task
behavioral12
Sample
Recorder_2.3.0/DrvMgr.dll
Resource
win10v2004-20240802-en
Behavioral task
behavioral13
Sample
Recorder_2.3.0/Recorder.exe
Resource
win7-20240729-en
Behavioral task
behavioral14
Sample
Recorder_2.3.0/Recorder.exe
Resource
win10v2004-20240802-en
Target
896c52c742a872a99759860784dab201_JaffaCakes118
Size
856KB
MD5
896c52c742a872a99759860784dab201
SHA1
b11f40f0e840a1b476d6787b32c142a01dc146ce
SHA256
9d893f74e470e16642396f15c823a860094689d225a7e16dce2ecb926e05a84c
SHA512
6dbbc30fcff22ad3b6984630c4f22caf766d27cb46060d0dc3b1823251d008f5d02cd14b71a28e56565b1518d9f174612cb8adb4c657467e60619146f6b8ce4d
SSDEEP
24576:vE6K+S2tPnlEsOToKORoCvMfjN244A65fMKtB:vE65S2tvlSTdMoHpn0FNtB
ExtKeyUsageTimeStamping
KeyUsageDigitalSignature
KeyUsageContentCommitment
ExtKeyUsageTimeStamping
KeyUsageCertSign
KeyUsageCRLSign
ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
KeyUsageCertSign
KeyUsageCRLSign
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
SysAllocString
VariantClear
VariantCopy
SysFreeString
SysAllocStringByteLen
CharLowerW
CharUpperA
CharNextA
CharPrevExA
CharUpperW
CharLowerA
_adjust_fdiv
_initterm
?terminate@@YAXXZ
_onexit
__dllonexit
??1type_info@@UAE@XZ
_except_handler3
_beginthreadex
memset
strcmp
memcmp
_purecall
strlen
free
malloc
memmove
_CxxThrowException
memcpy
__CxxFrameHandler
InitializeCriticalSection
ReleaseSemaphore
CreateSemaphoreA
ResetEvent
SetEvent
CreateEventA
WaitForSingleObject
VirtualFree
VirtualAlloc
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
FileTimeToLocalFileTime
DeleteCriticalSection
LocalFileTimeToFileTime
GetVersionExA
WaitForMultipleObjects
EnterCriticalSection
LeaveCriticalSection
FileTimeToDosDateTime
DosDateTimeToFileTime
GetModuleHandleA
GetProcAddress
GetSystemInfo
CompareFileTime
WriteFile
ReadFile
MultiByteToWideChar
WideCharToMultiByte
GetLastError
CloseHandle
SetFileAttributesA
DeleteFileA
GetTempPathA
GetTempFileNameA
CreateFileA
CreateObject
GetHandlerProperty
GetHandlerProperty2
GetMethodProperty
GetNumberOfFormats
GetNumberOfMethods
SetLargePageMode
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ExtKeyUsageTimeStamping
KeyUsageDigitalSignature
KeyUsageContentCommitment
ExtKeyUsageTimeStamping
KeyUsageCertSign
KeyUsageCRLSign
ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
KeyUsageCertSign
KeyUsageCRLSign
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
d:\Xiaobai\gui\dll\release\Cab.pdb
PathFileExistsA
PathFileExistsW
SHCreateDirectoryExW
SHCreateDirectoryExA
wsprintfW
MessageBoxW
SendMessageW
CompareStringA
CompareStringW
SetEnvironmentVariableA
FlushFileBuffers
GetStringTypeW
GetStringTypeA
SetEndOfFile
GetLocaleInfoA
LoadLibraryA
HeapSize
GetSystemTimeAsFileTime
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
LCMapStringW
LCMapStringA
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
WriteConsoleW
GetFileInformationByHandle
DeleteFileA
FileTimeToDosDateTime
CreateThread
WaitForSingleObject
FindFirstFileA
FindNextFileA
CreateFileA
GetFileSize
GetFileAttributesA
FindNextFileW
FindClose
FindFirstFileW
CloseHandle
GetModuleFileNameW
CreateFileW
FileTimeToLocalFileTime
DeleteFileW
GetLastError
SetFileTime
LocalFileTimeToFileTime
DosDateTimeToFileTime
SetFileAttributesA
SetThreadPriority
CreateMutexW
ReleaseMutex
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
OutputDebugStringW
WriteFile
lstrlenW
GetPrivateProfileIntW
SetFilePointer
GetLocalTime
TerminateProcess
SetFileAttributesW
ReadFile
GetTickCount
RemoveDirectoryW
GetProcessHeap
MultiByteToWideChar
WideCharToMultiByte
GetProcAddress
HeapAlloc
MoveFileExW
GetCurrentThreadId
Sleep
GetCurrentProcess
HeapFree
GetCurrentProcessId
GetConsoleCP
GetConsoleMode
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
MoveFileW
GetCommandLineA
GetVersionExA
RaiseException
RtlUnwind
GetStdHandle
GetModuleFileNameA
GetModuleHandleA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
InterlockedDecrement
SetStdHandle
GetFileType
SetHandleCount
GetStartupInfoA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
ExitProcess
WriteConsoleA
GetConsoleOutputCP
??0CCab@@QAE@ABV0@@Z
??0CCab@@QAE@XZ
??1CCab@@UAE@XZ
??4CCab@@QAEAAV0@ABV0@@Z
??_7CCab@@6B@
CabGetObject
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ExtKeyUsageTimeStamping
KeyUsageDigitalSignature
KeyUsageContentCommitment
ExtKeyUsageTimeStamping
KeyUsageCertSign
KeyUsageCRLSign
ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
KeyUsageCertSign
KeyUsageCRLSign
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
z:\xiaobai\sys\xiaobaifs\bin6[R]\i386\XiaobaiFsRForVista.pdb
ExFreePoolWithTag
ExInitializeNPagedLookasideList
ExAllocatePoolWithTag
RtlCopyUnicodeString
ObOpenObjectByPointer
PsLookupProcessByProcessId
MmGetSystemRoutineAddress
ZwTerminateProcess
ZwOpenProcess
IoFileObjectType
ExDeleteNPagedLookasideList
IoAllocateErrorLogEntry
ZwQuerySymbolicLinkObject
ZwOpenSymbolicLinkObject
RtlPrefixUnicodeString
ZwQueryDirectoryFile
ProbeForRead
MmMapLockedPagesSpecifyCache
ExAllocatePool
KeTickCount
KeBugCheckEx
RtlUnwind
InterlockedPushEntrySList
InterlockedPopEntrySList
_wcsnicmp
memcpy
memset
_vsnprintf
ZwCreateKey
ZwSetValueKey
IoRaiseInformationalHardError
KeDelayExecutionThread
PsSetCreateProcessNotifyRoutine
ObReferenceObjectByHandle
PsProcessType
ObfDereferenceObject
RtlCreateAcl
RtlAddAccessAllowedAce
RtlSetDaclSecurityDescriptor
RtlValidSecurityDescriptor
RtlInitUnicodeString
ZwClose
_vsnwprintf
ExDeleteResourceLite
ExAcquireResourceSharedLite
RtlEqualUnicodeString
DbgPrint
KeEnterCriticalRegion
ExAcquireResourceExclusiveLite
ExReleaseResourceLite
KeLeaveCriticalRegion
IoWriteErrorLogEntry
ExInitializeResourceLite
FltSetInformationFile
FltCancelFileOpen
FltDoCompletionProcessingWhenSafe
FltLockUserBuffer
FltGetRequestorProcessId
FltSetCallbackDataDirty
FltIsDirectory
FltGetFileNameInformation
FltReleaseFileNameInformation
FltQueryInformationFile
FltQueryDirectoryFile
FltCreateFileEx2
FltCreateFile
FltClose
FltGetStreamContext
FltAllocateContext
FltSetStreamContext
FltDeleteContext
FltReleaseContext
FltGetStreamHandleContext
FltSetStreamHandleContext
FltGetVolumeName
FltRegisterFilter
FltCreateCommunicationPort
FltStartFiltering
FltCloseCommunicationPort
FltUnregisterFilter
FltCloseClientPort
FltDetachVolume
FltBuildDefaultSecurityDescriptor
FltFreeSecurityDescriptor
FltDeletePushLock
FltInitializePushLock
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ExtKeyUsageTimeStamping
KeyUsageDigitalSignature
KeyUsageContentCommitment
ExtKeyUsageTimeStamping
KeyUsageCertSign
KeyUsageCRLSign
ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
KeyUsageCertSign
KeyUsageCRLSign
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
z:\xiaobai\sys\xiaobaifs\bin5[R]\i386\XiaobaiFsRForXp.pdb
ExDeleteNPagedLookasideList
ExFreePoolWithTag
ExInitializeNPagedLookasideList
ExAllocatePoolWithTag
RtlCopyUnicodeString
ObOpenObjectByPointer
PsLookupProcessByProcessId
MmGetSystemRoutineAddress
ZwOpenProcess
IoFileObjectType
InterlockedPushEntrySList
IoAllocateErrorLogEntry
ZwQuerySymbolicLinkObject
ZwOpenSymbolicLinkObject
RtlPrefixUnicodeString
ZwQueryDirectoryFile
ProbeForRead
MmMapLockedPagesSpecifyCache
ExAllocatePool
KeTickCount
KeBugCheckEx
InterlockedPopEntrySList
_wcsnicmp
memcpy
memset
_vsnprintf
ZwCreateKey
ZwSetValueKey
IoRaiseInformationalHardError
KeDelayExecutionThread
PsSetCreateProcessNotifyRoutine
KeServiceDescriptorTable
ZwTerminateProcess
PsGetCurrentProcessId
ObReferenceObjectByHandle
PsProcessType
PsGetProcessId
ObfDereferenceObject
RtlCreateAcl
RtlAddAccessAllowedAce
RtlSetDaclSecurityDescriptor
RtlValidSecurityDescriptor
RtlInitUnicodeString
ZwOpenFile
ZwCreateSection
ZwMapViewOfSection
RtlInitString
RtlCompareString
ZwUnmapViewOfSection
ZwClose
_vsnwprintf
ExDeleteResourceLite
ExAcquireResourceSharedLite
RtlEqualUnicodeString
DbgPrint
KeEnterCriticalRegion
ExAcquireResourceExclusiveLite
ExReleaseResourceLite
KeLeaveCriticalRegion
IoWriteErrorLogEntry
ExInitializeResourceLite
RtlUnwind
FltSetInformationFile
FltCancelFileOpen
FltDoCompletionProcessingWhenSafe
FltLockUserBuffer
FltGetRequestorProcessId
FltSetCallbackDataDirty
FltIsDirectory
FltGetFileNameInformation
FltReleaseFileNameInformation
FltQueryInformationFile
FltAllocateCallbackData
FltPerformSynchronousIo
FltFreeCallbackData
FltCreateFile
FltClose
FltGetStreamContext
FltAllocateContext
FltSetStreamContext
FltDeleteContext
FltReleaseContext
FltGetStreamHandleContext
FltSetStreamHandleContext
FltGetVolumeName
FltRegisterFilter
FltCreateCommunicationPort
FltStartFiltering
FltCloseCommunicationPort
FltUnregisterFilter
FltCloseClientPort
FltDetachVolume
FltBuildDefaultSecurityDescriptor
FltFreeSecurityDescriptor
FltDeletePushLock
FltInitializePushLock
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ExtKeyUsageTimeStamping
KeyUsageDigitalSignature
KeyUsageContentCommitment
ExtKeyUsageTimeStamping
KeyUsageCertSign
KeyUsageCRLSign
ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
KeyUsageCertSign
KeyUsageCRLSign
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
y:\unnoo.xiaobai\sys\xiaobairegr\objfre_wxp_x86\i386\XiaobaiRegR.pdb
InterlockedPopEntrySList
InterlockedPushEntrySList
KeGetCurrentThread
strncmp
IoGetCurrentProcess
ObfDereferenceObject
PsLookupProcessByProcessId
ExAllocatePoolWithTag
memset
ExFreePoolWithTag
ZwFreeVirtualMemory
ZwAllocateVirtualMemory
ExGetPreviousMode
memcpy
ObReferenceObjectByHandle
KeReleaseMutex
KeWaitForSingleObject
_wcsnicmp
ObQueryNameString
swprintf
wcschr
ProbeForRead
ProbeForWrite
PsGetCurrentProcessId
IoFreeIrp
KeSetEvent
IofCallDriver
IoAllocateIrp
KeInitializeEvent
RtlVolumeDeviceToDosName
IoGetLowerDeviceObject
IoGetRelatedDeviceObject
MmIsAddressValid
wcsstr
_wcsupr
ZwClose
ZwDeleteValueKey
ZwCreateKey
ZwSetValueKey
ZwDeleteKey
ZwEnumerateKey
ZwEnumerateValueKey
ZwQueryValueKey
ZwQueryKey
ZwOpenKey
PsSetCreateProcessNotifyRoutine
IofCompleteRequest
ExDeletePagedLookasideList
IoDeleteDevice
IoDeleteSymbolicLink
RtlInitUnicodeString
ExInitializePagedLookasideList
KeServiceDescriptorTable
KeInitializeMutex
IoCreateSymbolicLink
IoCreateDevice
KeTickCount
KeBugCheckEx
RtlUnwind
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ExtKeyUsageTimeStamping
KeyUsageDigitalSignature
KeyUsageContentCommitment
ExtKeyUsageTimeStamping
KeyUsageCertSign
KeyUsageCRLSign
ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
KeyUsageCertSign
KeyUsageCRLSign
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
g:\Xiaobai\gui\dll\release\DrvMgr.pdb
SHCreateDirectoryExW
SetupCloseInfFile
SetupTermDefaultQueueCallback
SetupOpenInfFileW
SetupInstallServicesFromInfSectionW
SetupInitDefaultQueueCallback
SetupCloseFileQueue
SetupQueueDeleteSectionW
SetupCommitFileQueueW
SetupOpenFileQueue
OpenServiceW
OpenProcessToken
LookupPrivilegeValueW
RegLoadKeyW
RegOpenKeyExW
RegCloseKey
CreateServiceW
CloseServiceHandle
DeleteService
OpenSCManagerW
StartServiceW
QueryServiceStatusEx
AdjustTokenPrivileges
SendMessageW
wsprintfW
GetSystemMetrics
SHDeleteKeyW
FlushFileBuffers
GetStringTypeA
GetStringTypeW
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetPrivateProfileIntW
SetStdHandle
CreateFileA
GetConsoleMode
GetConsoleCP
HeapSize
GetLocaleInfoA
LoadLibraryA
GetSystemTimeAsFileTime
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
SetHandleCount
LCMapStringW
LCMapStringA
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
ExitProcess
HeapReAlloc
VirtualAlloc
GetSystemDirectoryW
GetLastError
SetFileAttributesW
CopyFileW
CreateFileW
DeviceIoControl
CloseHandle
GetWindowsDirectoryW
DeleteFileW
GetProcAddress
LoadLibraryW
FreeLibrary
DeleteCriticalSection
TryEnterCriticalSection
InitializeCriticalSection
Sleep
LeaveCriticalSection
EnterCriticalSection
WriteFile
GetModuleFileNameW
lstrlenW
GetFileSize
SetFilePointer
OutputDebugStringW
WideCharToMultiByte
GetTempPathW
FindClose
FindFirstFileW
Process32NextW
SetLastError
CreateToolhelp32Snapshot
HeapAlloc
GetCurrentThreadId
GetCurrentProcess
GetCurrentProcessId
HeapFree
GetVersionExW
GetLocalTime
Process32FirstW
TerminateProcess
GetModuleHandleW
GetTickCount
GetProcessHeap
MultiByteToWideChar
GetSystemInfo
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
MoveFileW
GetCommandLineA
GetVersionExA
RaiseException
RtlUnwind
GetStdHandle
GetModuleFileNameA
GetModuleHandleA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
InterlockedDecrement
HeapDestroy
HeapCreate
VirtualFree
??0CDriverManager@@QAE@ABV0@@Z
??0CDriverManager@@QAE@XZ
??1CDriverManager@@UAE@XZ
??4CDriverManager@@QAEAAV0@ABV0@@Z
??_7CDriverManager@@6B@
DMGetObject
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ExtKeyUsageTimeStamping
KeyUsageDigitalSignature
KeyUsageContentCommitment
ExtKeyUsageTimeStamping
KeyUsageCertSign
KeyUsageCRLSign
ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
KeyUsageCertSign
KeyUsageCRLSign
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
g:\Xiaobai\gui\bin\Recorder\Recorder.pdb
GetOEMCP
IsValidCodePage
VirtualAlloc
LCMapStringA
LCMapStringW
GetTimeZoneInformation
GetConsoleCP
GetConsoleMode
GetLocaleInfoA
GetStringTypeA
GetStringTypeW
GetACP
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetEnvironmentVariableA
TerminateThread
GetCPInfo
GetSystemTimeAsFileTime
QueryPerformanceCounter
VirtualFree
HeapCreate
HeapDestroy
GetStartupInfoA
GetFileType
SetHandleCount
GetCommandLineW
GetCommandLineA
VirtualQuery
VirtualProtect
GetExitCodeThread
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetModuleFileNameA
GetStdHandle
HeapSize
HeapReAlloc
RaiseException
RtlUnwind
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetStartupInfoW
SetFileTime
FileTimeToLocalFileTime
SetErrorMode
GetFullPathNameW
DuplicateHandle
SetEndOfFile
UnlockFile
LockFile
FileTimeToSystemTime
GetThreadLocale
GlobalGetAtomNameW
InterlockedIncrement
GlobalFlags
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
GlobalHandle
GlobalReAlloc
TlsGetValue
LocalAlloc
GetModuleHandleA
GetCurrentThread
ConvertDefaultLocale
GetVersion
EnumResourceLanguagesW
GetLocaleInfoW
CompareStringA
InterlockedExchange
SetThreadPriority
GlobalAlloc
lstrlenA
lstrcmpA
GlobalFree
FreeResource
GlobalAddAtomW
GlobalFindAtomW
GlobalDeleteAtom
CompareStringW
LoadLibraryA
lstrcmpW
GetVersionExA
lstrcmpiW
lstrcatW
WinExec
MulDiv
LoadLibraryExW
EnumResourceNamesW
lstrcpyW
SetFilePointer
GetPrivateProfileIntW
lstrcpynW
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
TryEnterCriticalSection
FlushFileBuffers
FormatMessageW
GlobalUnlock
InterlockedDecrement
GlobalLock
lstrlenW
HeapFree
GetFileAttributesW
HeapAlloc
LoadLibraryW
FreeLibrary
LocalFree
GetProcAddress
GetCurrentThreadId
SetLastError
GetFileTime
GetProcessHeap
GetTickCount
GetModuleHandleW
WritePrivateProfileStringW
GetSystemInfo
MultiByteToWideChar
MoveFileW
GetVersionExW
GetVolumeInformationW
GetCurrentProcessId
GetTempPathW
CopyFileW
WideCharToMultiByte
CreateDirectoryW
RemoveDirectoryW
GetModuleFileNameW
OutputDebugStringW
MoveFileExW
GetFileSize
WriteFile
CreateThread
GetWindowsDirectoryW
FindClose
FindFirstFileW
SetFileAttributesW
ResumeThread
FindNextFileW
CreateProcessW
ExitProcess
DeleteFileW
GetLastError
GetSystemDirectoryW
Sleep
CloseHandle
ReadFile
ReleaseMutex
WaitForSingleObject
CreateMutexW
CreateFileW
SystemTimeToFileTime
GetLocalTime
GetCurrentProcess
FindResourceW
LockResource
SizeofResource
LoadResource
CreateFileA
TerminateProcess
GetSysColorBrush
DestroyMenu
GetMenuItemInfoW
InflateRect
ReleaseCapture
SetCapture
DrawIcon
EndPaint
BeginPaint
GetWindowDC
GrayStringW
DrawTextExW
DrawTextW
TabbedTextOutW
InvalidateRect
ShowOwnedPopups
PostQuitMessage
GetMessageW
TranslateMessage
ValidateRect
AppendMenuW
InsertMenuW
GetDesktopWindow
GetActiveWindow
CreateDialogIndirectParamW
GetNextDlgTabItem
EndDialog
MoveWindow
SetWindowTextW
IsDialogMessageW
SetDlgItemTextW
DestroyIcon
SendMessageW
MessageBoxW
EnableWindow
GetWindowRect
SetForegroundWindow
SetMenuItemBitmaps
CharUpperW
LoadBitmapW
ModifyMenuW
EnableMenuItem
CheckMenuItem
RegisterWindowMessageW
SendDlgItemMessageW
SendDlgItemMessageA
WinHelpW
IsChild
GetCapture
SetWindowsHookExW
CallNextHookEx
GetClassLongW
SetPropW
GetPropW
RemovePropW
GetFocus
SetFocus
GetWindowTextLengthW
GetForegroundWindow
GetLastActivePopup
SetActiveWindow
DispatchMessageW
BeginDeferWindowPos
EndDeferWindowPos
GetDlgItem
GetTopWindow
DestroyWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
PeekMessageW
MapWindowPoints
ScrollWindow
TrackPopupMenu
HideCaret
SetScrollRange
GetScrollRange
SetScrollPos
GetScrollPos
ShowScrollBar
IsWindowVisible
UpdateWindow
GetClientRect
GetMenu
UnregisterClassW
TranslateAcceleratorW
SetMenu
BringWindowToTop
CreatePopupMenu
InsertMenuItemW
LoadAcceleratorsW
LoadMenuW
ReuseDDElParam
UnpackDDElParam
GetSystemMenu
DrawFrameControl
FrameRect
DrawIconEx
GetSubMenu
CreateWindowExW
GetClassInfoExW
RegisterClassW
AdjustWindowRectEx
DeferWindowPos
ClipCursor
SetMenuItemInfoW
IsMenu
DrawStateW
IsClipboardFormatAvailable
GetMenuCheckMarkDimensions
CallWindowProcA
ShowWindow
SetTimer
KillTimer
LoadIconW
PostMessageW
PostThreadMessageW
GetNextDlgGroupItem
RegisterClipboardFormatW
SetWindowContextHelpId
MapDialogRect
CharNextW
InvalidateRgn
CopyAcceleratorTableW
MessageBeep
GetAsyncKeyState
RedrawWindow
TranslateMDISysAccel
DrawMenuBar
DefMDIChildProcW
DefFrameProcW
UnregisterClassA
GetWindowThreadProcessId
wsprintfW
FindWindowW
GetSystemMetrics
ReleaseDC
GetDC
FillRect
GetScrollInfo
SetScrollInfo
GetDlgCtrlID
CallWindowProcW
SetWindowLongW
SetWindowPos
IntersectRect
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetWindow
SetRect
EqualRect
SetWindowRgn
GetMenuState
ClientToScreen
GetMenuItemCount
GetMenuItemRect
IsWindow
DefWindowProcW
GetClassInfoW
WindowFromPoint
GetWindowLongW
PtInRect
GetCursorPos
IsRectEmpty
GetParent
IsWindowEnabled
ScreenToClient
GetClassNameW
GetMenuItemID
CopyRect
ChildWindowFromPoint
GetWindowTextW
SetRectEmpty
OffsetRect
SetCursor
LoadImageW
GetSysColor
LoadCursorW
DestroyCursor
SystemParametersInfoW
UpdateLayeredWindow
RegisterClassExW
GetKeyState
GetIconInfo
CopyIcon
CreateIconIndirect
GetMapMode
SetRectRgn
Ellipse
LPtoDP
DPtoLP
CreateEllipticRgn
CreateFontW
GetStockObject
CreatePatternBrush
ExtSelectClipRgn
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
Escape
ExtTextOutW
RectVisible
PtVisible
GetPixel
GetWindowExtEx
GetViewportExtEx
GetBitmapBits
SetPixel
GetTextColor
GetCurrentObject
Rectangle
SetROP2
RestoreDC
SaveDC
GetBkColor
DeleteObject
CreateCompatibleDC
DeleteDC
BitBlt
SelectObject
CreateDIBSection
CreateCompatibleBitmap
CreatePen
MoveToEx
SetTextColor
CreateSolidBrush
GetObjectW
CreateBitmap
StretchBlt
LineTo
GetTextMetricsW
GetDeviceCaps
SetBkColor
SetBkMode
CreateFontIndirectW
TextOutW
GetTextExtentPoint32W
SetTextJustification
CreatePolygonRgn
CombineRgn
SelectClipRgn
FillRgn
CreateRoundRectRgn
FrameRgn
OffsetRgn
SetMapMode
GetTextExtentPointW
GetRgnBox
PatBlt
CreateRectRgn
GetClipBox
CreateRectRgnIndirect
ExcludeClipRect
GradientFill
GetFileTitleW
DocumentPropertiesW
OpenPrinterW
ClosePrinter
RegEnumKeyW
RegOpenKeyW
RegQueryValueW
GetUserNameW
RegSetValueExW
RegCloseKey
RegOpenKeyExW
RegDeleteKeyW
RegQueryValueExW
RegCreateKeyExW
OpenServiceW
OpenSCManagerW
DeleteService
CloseServiceHandle
QueryServiceStatusEx
SHGetPathFromIDListW
DragQueryFileW
DragFinish
SHChangeNotify
SHBrowseForFolderW
SHGetMalloc
SHGetFileInfoW
SHGetSpecialFolderPathW
SHCreateDirectoryExW
SHFileOperationW
ShellExecuteW
DragAcceptFiles
ImageList_GetImageCount
ImageList_GetIcon
ord17
StrStrIW
PathFindExtensionW
PathFindFileNameW
PathStripToRootW
SHDeleteKeyW
PathIsUNCW
OleInitialize
CLSIDFromString
CoDisconnectObject
CoTaskMemAlloc
CoTaskMemFree
CreateStreamOnHGlobal
GetHGlobalFromStream
OleRun
CoCreateInstance
CoCreateGuid
CoInitialize
CoUninitialize
OleUninitialize
CreateILockBytesOnHGlobal
OleIsCurrentClipboard
OleFlushClipboard
CoGetClassObject
StgOpenStorageOnILockBytes
CLSIDFromProgID
CoFreeUnusedLibraries
CoRevokeClassObject
CoRegisterMessageFilter
StgCreateDocfileOnILockBytes
VariantInit
SysAllocString
VariantClear
VariantCopy
SafeArrayGetUBound
LoadTypeLi
VariantChangeType
SysAllocStringLen
SysStringLen
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayGetLBound
SafeArrayGetElemsize
SafeArrayGetDim
SafeArrayCreate
SafeArrayRedim
SysFreeString
SafeArrayDestroy
VariantTimeToSystemTime
SystemTimeToVariantTime
GetErrorInfo
OleCreateFontIndirect
DMGetObject
CabGetObject
GdipCloneImage
GdipDrawImageRectI
GdipSetSmoothingMode
GdiplusShutdown
GdipSetClipRectI
GdipSaveImageToFile
GdiplusStartup
GdipGetImageEncodersSize
GdipLoadImageFromStream
GdipCreateBitmapFromScan0
GdipGetImageHeight
GdipSetInterpolationMode
GdipGetImageWidth
GdipCreateBitmapFromHICON
GdipGetImageEncoders
GdipGraphicsClear
GdipDisposeImageAttributes
GdipBitmapSetPixel
GdipCreateFromHDC
GdipDeleteGraphics
GdipDisposeImage
GdipCreateImageAttributes
GdipFree
GdipGetImageGraphicsContext
GdipBitmapGetPixel
GdipSetImageAttributesColorMatrix
GdipAlloc
GdipDrawImageRectRectI
InternetGetCookieW
InternetSetCookieW
OleUIBusyW
??0CXB7z@_7zInterface@@QAE@ABV01@@Z
??0CXB7z@_7zInterface@@QAE@XZ
??1CXB7z@_7zInterface@@UAE@XZ
??4CXB7z@_7zInterface@@QAEAAV01@ABV01@@Z
??_7CXB7z@_7zInterface@@6B@
?_7zGetObject@_7zInterface@@YAPAVCXB7z@1@PA_W@Z
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ