EZTEAM (0[.]0[.]10)[.]7z

Sharing

Copy URL Twitter E-mail

General

Target

EZTEAM (0.0.10).7z
Size

20.0MB
MD5

273ee17305ea7cc41590ed517b11d953
SHA1

9fe105690b414e734b44d06eb97bb0906e996310
SHA256

8dc507e00ff29745a257b93fe03487f2928d927a6d30782a2518b3f55f3fa69e
SHA512

663e37bf749e7895394e15170f29e7466617b80e11788cf3e8f814e873911f880274b509366e1ac06e4a89800dd661e2fd1544319370991ef119f83df91fa90e
SSDEEP

393216:FoiXlgonL6rWr0Q/nznB6BRx2YB2ERqG/XAuoDvlu4P/pi/vsf:qTomQrs99P1ofP/Mvsf

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

themida

resource	yara_rule
static1/unpack001/EZTEAM.exe	themida

Unsigned PE 6 IoCs

Checks for missing Authenticode signature.

resource
unpack001/EZTEAM.exe
unpack001/data/adb/AdbWinApi.dll
unpack001/data/adb/AdbWinUsbApi.dll
unpack001/data/adb/adb.exe
unpack001/dll/opengl32.dll
unpack001/ucrtbased.dll

Files

EZTEAM (0.0.10).7z
.rar

Password: 123
EZTEAM.exe
.exe windows:6 windows x64 arch:x64

Password: 123

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

Size: 631KB - Virtual size: 1.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 163KB - Virtual size: 503KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 736KB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 30KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 15KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 2KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.idata
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 41KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 4.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 2.9MB - Virtual size: 2.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 16B - Virtual size: 4KB

IMAGE_SCN_MEM_READ
active-adb-images-helper/bluestacks4.png
.png

Password: 123
active-adb-images-helper/bluestacks5.png
.png

Password: 123
advapi32.dll
.dll windows:10 windows x86 arch:x86

Password: 123

e8a9a7acdaed089a881bf2ac3a9d3f35

Code Sign

33:00:00:02:32:41:fb:59:99:6d:cc:4d:ff:00:00:00:00:02:32
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

02/05/2019, 21:24

Not After

02/05/2020, 21:24

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

7c:7f:9f:c7:2a:97:82:e4:8b:6e:39:09:0e:5c:7d:5b:72:b2:14:82:cc:e6:66:b5:0a:8e:aa:1a:49:29:f5:cb
Signer

Actual PE Digest

7c:7f:9f:c7:2a:97:82:e4:8b:6e:39:09:0e:5c:7d:5b:72:b2:14:82:cc:e6:66:b5:0a:8e:aa:1a:49:29:f5:cb

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

advapi32.pdb

Imports

msvcrt

wcsncpy_s
wcsstr
wcschr
wcscat_s
swprintf_s
_wcsicmp
_wcsnicmp
tolower
strstr
strchr
_ultow_s
iswctype
wcstoul
_wcstoui64
_wcstoi64
_ultow
wcstok_s
_errno
_ui64tow_s
_i64tow_s
_stricmp
wcsnlen
_resetstkoflw
iswalpha
wcsncmp
_vsnprintf
__CxxFrameHandler3
swscanf_s
_vsnwprintf
wcsrchr
_ftol2
memcmp
memcpy
memmove
_except_handler4_common
wcscpy_s
memset

ntdll

RtlAllocateHandle
RtlIsValidIndexHandle
RtlFreeHandle
NtOpenKey
NtQueryValueKey
NtClose
NtOpenThreadToken
NtOpenProcessToken
RtlEqualSid
RtlLengthSid
RtlAddAccessAllowedAceEx
NtSetInformationToken
RtlCreateSecurityDescriptor
RtlSetOwnerSecurityDescriptor
NtDuplicateToken
NtCompareTokens
RtlAllocateAndInitializeSid
RtlFreeSid
RtlIsGenericTableEmpty
RtlEnumerateGenericTableWithoutSplaying
RtlCopyUnicodeString
RtlDuplicateUnicodeString
RtlExpandEnvironmentStrings_U
NtOpenFile
RtlCreateUnicodeString
NtQueryInformationProcess
RtlGetLastNtStatus
NtQueryKey
RtlValidSid
LdrLoadDll
RtlImageNtHeader
LdrUnloadDll
NtDeviceIoControlFile
NtQuerySystemInformation
EtwEventRegister
EtwEventWrite
NtCreateKey
NtSetValueKey
RtlDeleteElementGenericTable
RtlAppendUnicodeToString
NtDeleteKey
RtlInsertElementGenericTable
RtlCopySid
RtlInitializeHandleTable
RtlDestroyHandleTable
EtwEventUnregister
NtEnumerateKey
RtlIntegerToUnicodeString
RtlStringFromGUID
RtlAppendUnicodeStringToString
RtlFormatCurrentUserKeyPath
RtlInitializeGenericTable
RtlQueryRegistryValuesEx
RtlLookupElementGenericTable
RtlNumberGenericTableElements
RtlGUIDFromString
RtlUpcaseUnicodeChar
NtQueryVolumeInformationFile
NtOpenSymbolicLinkObject
NtQuerySymbolicLinkObject
RtlPrefixUnicodeString
RtlDetermineDosPathNameType_U
NtQueryInformationFile
RtlGetFullPathName_U
RtlUnicodeToMultiByteN
RtlNtStatusToDosErrorNoTeb
RtlUnicodeToMultiByteSize
RtlAnsiCharToUnicodeChar
RtlMultiByteToUnicodeN
NtTraceControl
RtlSetLastWin32Error
RtlInitAnsiStringEx
RtlInitUnicodeStringEx
RtlCreateUnicodeStringFromAsciiz
NtRenameKey
RtlOemStringToUnicodeString
RtlIsTextUnicode
NtSetInformationThread
RtlAddAce
RtlValidAcl
RtlSetSaclSecurityDescriptor
RtlInitializeSid
RtlGetControlSecurityDescriptor
RtlAddAuditAccessObjectAce
RtlSetDaclSecurityDescriptor
RtlGetSaclSecurityDescriptor
RtlGetAce
RtlAddAuditAccessAceEx
RtlxAnsiStringToUnicodeSize
RtlGetOwnerSecurityDescriptor
RtlGetGroupSecurityDescriptor
RtlAbsoluteToSelfRelativeSD
RtlAddAccessDeniedAceEx
RtlAddAccessAllowedObjectAce
RtlAddAccessDeniedObjectAce
RtlUnicodeStringToInteger
RtlSetGroupSecurityDescriptor
RtlGetDaclSecurityDescriptor
RtlDosPathNameToNtPathName_U
EtwEventWriteTransfer
RtlImpersonateSelf
RtlAdjustPrivilege
RtlCopyString
NtQuerySystemTime
RtlTimeToSecondsSince1970
EtwTraceMessage
EtwGetTraceLoggerHandle
EtwGetTraceEnableLevel
EtwGetTraceEnableFlags
EtwRegisterTraceGuidsW
EtwUnregisterTraceGuids
NtWaitForSingleObject
RtlGetVersion
NtQueryInformationThread
NtQuerySecurityObject
EtwEventSetInformation
RtlRunOnceExecuteOnce
RtlRunOnceBeginInitialize
RtlRunOnceInitialize
NtQueryPerformanceCounter
RtlDeleteBoundaryDescriptor
NtCreateMutant
NtOpenPrivateNamespace
NtCreatePrivateNamespace
RtlAddSIDToBoundaryDescriptor
RtlCreateBoundaryDescriptor
NtWaitForMultipleObjects
RtlCreateAcl
RtlValidRelativeSecurityDescriptor
NtCreateFile
NtWriteFile
NtReadFile
RtlWaitOnAddress
RtlWakeAddressAll
RtlQueryPerformanceCounter
RtlDllShutdownInProgress
RtlAcquireSRWLockExclusive
RtlInsertElementGenericTableAvl
RtlReleaseSRWLockExclusive
RtlAcquireSRWLockShared
RtlLookupElementGenericTableAvl
RtlReleaseSRWLockShared
RtlEnumerateGenericTableAvl
RtlDeleteElementGenericTableAvl
RtlInitializeGenericTableAvl
RtlWakeAddressSingle
RtlDosPathNameToRelativeNtPathName_U
RtlReleaseRelativeName
RtlInitializeSRWLock
RtlEqualUnicodeString
RtlDestroyQueryDebugBuffer
RtlQueryProcessDebugInformation
NtAlpcQueryInformation
RtlCreateQueryDebugBuffer
NtQueryObject
NtQueryMutant
RtlAddAccessAllowedAce
RtlOpenCurrentUser
NtOpenKeyEx
NtReplaceKey
NtSaveKey
NtSaveMergedKeys
RtlLengthSecurityDescriptor
RtlValidSecurityDescriptor
RtlGetNtProductType
RtlSubAuthorityCountSid
RtlSubAuthoritySid
RtlGetThreadPreferredUILanguages
RtlMakeSelfRelativeSD
RtlFreeHeap
RtlxUnicodeStringToAnsiSize
NtQueryInformationToken
RtlFreeUnicodeString
RtlAllocateHeap
RtlFirstFreeAce
RtlInitializeCriticalSection
RtlDeleteCriticalSection
NtSetSystemInformation
RtlLeaveCriticalSection
RtlEnterCriticalSection
DbgPrint
RtlNtStatusToDosError
RtlInitAnsiString
RtlUnicodeStringToAnsiString
RtlGetCurrentTransaction
RtlInitUnicodeString
RtlAnsiStringToUnicodeString
RtlFreeAnsiString
RtlConvertSidToUnicodeString

api-ms-win-eventing-controller-l1-1-0

EnableTraceEx2
EventAccessControl
QueryAllTracesW
StopTraceW
StartTraceW
EventAccessQuery
EventAccessRemove
EnumerateTraceGuidsEx
ControlTraceW
TraceSetInformation

api-ms-win-eventing-consumer-l1-1-0

ProcessTrace
OpenTraceW
CloseTrace

api-ms-win-eventing-consumer-l1-1-1

QueryTraceProcessingHandle

kernelbase

LocalAlloc
RegKrnGetHKEY_ClassesRootAddress
RegKrnGetClassesEnumTableAddressInternal
RegKrnGetTermsrvRegistryExtensionFlags
lstrlenW
LocalReAlloc
CreateProcessAsUserW
CreateProcessAsUserA
GetSystemDefaultUILanguage
GetUserDefaultUILanguage
RegDeleteKeyExInternalW
RegCreateKeyExInternalW
RegOpenKeyExInternalW
CLOSE_LOCAL_HANDLE_INTERNAL
MapPredefinedHandleInternal
RegDeleteKeyExInternalA
RemapPredefinedHandleInternal
lstrcmpiW
lstrcmpW
RegCreateKeyExInternalA
DisablePredefinedHandleTableInternal
RegOpenKeyExInternalA
GetStagedPackagePathByFullName
PackageIdFromFullName
Sleep

sechost

ControlTraceA
StartTraceA
QueryAllTracesA

api-ms-win-service-core-l1-1-0

StartServiceCtrlDispatcherW
RegisterServiceCtrlHandlerExW
SetServiceStatus

api-ms-win-service-core-l1-1-1

EnumDependentServicesW
EnumServicesStatusExW
QueryServiceDynamicInformation

api-ms-win-service-core-l1-1-2

GetServiceDisplayNameW
GetServiceKeyNameW

api-ms-win-service-management-l1-1-0

CreateServiceW
OpenServiceW
StartServiceW
ControlServiceExW
DeleteService
OpenSCManagerW
CloseServiceHandle

api-ms-win-service-management-l2-1-0

QueryServiceStatusEx
NotifyServiceStatusChangeW
ChangeServiceConfig2W
QueryServiceConfig2W
ChangeServiceConfigW
QueryServiceConfigW
QueryServiceObjectSecurity
SetServiceObjectSecurity

api-ms-win-service-private-l1-1-4

CreateServiceEx

api-ms-win-service-private-l1-1-2

QueryLocalUserServiceName
I_ScReparseServiceDatabase
QueryUserServiceName

api-ms-win-service-private-l1-1-3

QueryUserServiceNameForContext

api-ms-win-service-private-l1-1-0

I_ScSetServiceBitsW
I_ScSetServiceBitsA
WaitServiceState
I_ScRpcBindW
I_ScRpcBindA

api-ms-win-service-winsvc-l1-1-0

ControlServiceExA
ChangeServiceConfigA
RegisterServiceCtrlHandlerExA
OpenServiceA
RegisterServiceCtrlHandlerA
ControlService
NotifyServiceStatusChangeA
QueryServiceStatus
StartServiceCtrlDispatcherA
CreateServiceA
QueryServiceConfig2A
StartServiceA
QueryServiceConfigA
ChangeServiceConfig2A
RegisterServiceCtrlHandlerW
OpenSCManagerA

api-ms-win-core-namedpipe-l1-1-0

ImpersonateNamedPipeClient

api-ms-win-core-processthreads-l1-1-0

OpenThreadToken
SetThreadToken
OpenProcessToken
GetCurrentProcess
TerminateProcess
GetCurrentProcessId
GetCurrentThreadId
GetCurrentThread
GetPriorityClass
CreateThread
GetProcessId
OpenThread

api-ms-win-core-processthreads-l1-1-1

OpenProcess

api-ms-win-security-base-l1-1-0

ObjectCloseAuditAlarmW
AccessCheck
AdjustTokenGroups
CreatePrivateObjectSecurityEx
GetAclInformation
SetFileSecurityW
AddAuditAccessObjectAce
AllocateLocallyUniqueId
GetSecurityDescriptorDacl
RevertToSelf
QuerySecurityAccessMask
IsValidSecurityDescriptor
SetPrivateObjectSecurity
AddAccessDeniedAce
CreateRestrictedToken
FreeSid
EqualPrefixSid
GetFileSecurityW
AdjustTokenPrivileges
CheckTokenMembership
InitializeSecurityDescriptor
InitializeAcl
DuplicateToken
SetPrivateObjectSecurityEx
AddAccessAllowedObjectAce
GetKernelObjectSecurity
MapGenericMask
SetKernelObjectSecurity
AddAccessAllowedAceEx
GetLengthSid
GetSecurityDescriptorControl
DuplicateTokenEx
IsValidAcl
GetSecurityDescriptorLength
AddAccessAllowedAce
AddAccessDeniedObjectAce
MakeSelfRelativeSD
AccessCheckByType
AddAuditAccessAceEx
MakeAbsoluteSD
SetSecurityDescriptorGroup
GetSidIdentifierAuthority
GetTokenInformation
AccessCheckByTypeResultList
CopySid
ObjectPrivilegeAuditAlarmW
IsWellKnownSid
DeleteAce
PrivilegedServiceAuditAlarmW
InitializeSid
GetSecurityDescriptorOwner
ImpersonateAnonymousToken
ImpersonateSelf
ImpersonateLoggedOnUser
SetSecurityDescriptorSacl
IsValidSid
AddAce
AddAuditAccessAce
AccessCheckByTypeResultListAndAuditAlarmW
AllocateAndInitializeSid
SetSecurityAccessMask
PrivilegeCheck
AddAccessDeniedAceEx
EqualDomainSid
CreatePrivateObjectSecurity
CreateWellKnownSid
GetPrivateObjectSecurity
AreAllAccessesGranted
CreatePrivateObjectSecurityWithMultipleInheritance
GetSidLengthRequired
GetWindowsAccountDomainSid
ConvertToAutoInheritPrivateObjectSecurity
DestroyPrivateObjectSecurity
IsTokenRestricted
SetSecurityDescriptorOwner
GetSecurityDescriptorGroup
GetSidSubAuthority
SetSecurityDescriptorDacl
AccessCheckByTypeResultListAndAuditAlarmByHandleW
ObjectDeleteAuditAlarmW
GetSidSubAuthorityCount
SetTokenInformation
AreAnyAccessesGranted
SetSecurityDescriptorRMControl
EqualSid
GetAce
SetSecurityDescriptorControl
GetSecurityDescriptorRMControl
AccessCheckByTypeAndAuditAlarmW
ObjectOpenAuditAlarmW
GetSecurityDescriptorSacl
AccessCheckAndAuditAlarmW
FindFirstFreeAce
SetAclInformation

api-ms-win-security-base-private-l1-1-0

MakeAbsoluteSD2

api-ms-win-core-registry-l1-1-0

RegDeleteTreeA
RegDisablePredefinedCacheEx
RegNotifyChangeKeyValue
RegGetKeySecurity
RegLoadAppKeyW
RegDeleteKeyExW
RegOpenCurrentUser
RegQueryInfoKeyW
RegGetValueA
RegSaveKeyExA
RegLoadMUIStringA
RegQueryValueExA
RegCreateKeyExA
RegFlushKey
RegCreateKeyExW
RegUnLoadKeyA
RegOpenUserClassesRoot
RegDeleteKeyExA
RegEnumKeyExW
RegSetKeySecurity
RegSaveKeyExW
RegDeleteTreeW
RegLoadMUIStringW
RegSetValueExW
RegLoadAppKeyA
RegSetValueExA
RegCopyTreeW
RegLoadKeyA
RegUnLoadKeyW
RegQueryInfoKeyA
RegLoadKeyW
RegOpenKeyExA
RegGetValueW
RegRestoreKeyW
RegEnumValueA
RegDeleteValueW
RegRestoreKeyA
RegDeleteValueA
RegEnumValueW
RegCloseKey
RegOpenKeyExW
RegQueryValueExW
RegEnumKeyExA

api-ms-win-core-registry-l1-1-1

RegSetKeyValueW
RegSetKeyValueA
RegDeleteKeyValueA
RegDeleteKeyValueW

api-ms-win-core-registry-l1-1-2

RegQueryMultipleValuesA
RegQueryMultipleValuesW

api-ms-win-core-sysinfo-l1-1-0

GetSystemDirectoryW
GetTickCount
GetSystemTimeAsFileTime
GetSystemTime
GetComputerNameExA
GetComputerNameExW
GetSystemWindowsDirectoryW
GetLocalTime

kernel32

GetComputerNameW
MultiByteToWideChar
LocalFree
WideCharToMultiByte
EnterCriticalSection
LeaveCriticalSection
GetLastError
GetProcAddress
FreeLibrary
DelayLoadFailureHook
ResolveDelayLoadedAPI
LoadLibraryExW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
QueryPerformanceCounter
CreateEventW
CloseHandle
GetThreadUILanguage
GetCommandLineW
GetModuleHandleExW
WriteFile
ExpandEnvironmentStringsW
SetFilePointer
CreateFileW
FormatMessageW
GetFileAttributesExW
OutputDebugStringW
DeleteFileW
MoveFileW
GetModuleHandleW
GetFileSizeEx
CreateFileMappingW
HeapAlloc
GetProcessHeap
MapViewOfFile
UnmapViewOfFile
HeapFree
GetLongPathNameW
CompareFileTime
FindResourceExW
LoadResource
GetVolumePathNameW
DeleteCriticalSection
WaitForSingleObject
InitOnceBeginInitialize
CompareStringOrdinal
ReleaseMutex
InitOnceComplete
ExpandEnvironmentStringsA
GetModuleFileNameW
AreFileApisANSI
SearchPathW
GetFullPathNameW
GetFileAttributesW
SleepEx
LoadLibraryExA
LoadLibraryA
CreateMutexW
InitializeCriticalSection
IsWow64Process
Wow64DisableWow64FsRedirection
SizeofResource
LockResource
Wow64RevertWow64FsRedirection
SetEvent
ResetEvent
GetFileTime
FileTimeToDosDateTime
DosDateTimeToFileTime
TermsrvDeleteKey
TermsrvOpenUserClasses
ReadProcessMemory
DecodePointer
LoadLibraryW
DuplicateHandle
FreeLibraryAndExitThread
EncodePointer
FreeLibraryWhenCallbackReturns
CloseThreadpoolIo
CancelIoEx
CancelThreadpoolIo
CreateThreadpoolIo
DeviceIoControl
StartThreadpoolIo
GetFileMUIPath
EnumUILanguagesW
SetErrorMode
RaiseException
SetFileInformationByHandle
CopyFileExW
FindClose
FindNextFileW
FindFirstFileExW
GetFileSize
SetLastError

rpcrt4

RpcBindingBind
RpcBindingCreateW
RpcSsDestroyClientContext
RpcBindingSetAuthInfoExW
RpcBindingFromStringBindingW
RpcStringFreeW
I_RpcMapWin32Status
I_RpcExceptionFilter
RpcBindingSetAuthInfoW
RpcEpResolveBinding
RpcBindingSetAuthInfoA
I_RpcSNCHOption
RpcRaiseException
UuidFromStringW
UuidToStringW
RpcExceptionFilter
RpcStringBindingComposeW
RpcBindingFree
NdrClientCall4

api-ms-win-core-timezone-l1-1-0

EnumDynamicTimeZoneInformation
GetDynamicTimeZoneInformationEffectiveYears

api-ms-win-security-audit-l1-1-1

AuditLookupSubCategoryNameW
AuditEnumeratePerUserPolicy
AuditSetGlobalSaclW
AuditSetPerUserPolicy
AuditEnumerateSubCategories
AuditQueryGlobalSaclW
AuditEnumerateCategories
AuditQuerySecurity
AuditLookupCategoryNameW
AuditSetSecurity
AuditQueryPerUserPolicy

api-ms-win-security-audit-l1-1-0

AuditQuerySystemPolicy
AuditComputeEffectivePolicyBySid
AuditFree
AuditSetSystemPolicy

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

api-ms-win-core-pcw-l1-1-0

PcwCollectData
PcwSetQueryItemUserData
PcwCreateQuery
PcwEnumerateInstances
PcwRemoveQueryItem
PcwCreateNotifier
PcwSendStatelessNotification
PcwAddQueryItem
PcwSendNotification

Exports

Exports

A_SHAFinal
A_SHAInit
A_SHAUpdate
AbortSystemShutdownA
AbortSystemShutdownW
AccessCheck
AccessCheckAndAuditAlarmA
AccessCheckAndAuditAlarmW
AccessCheckByType
AccessCheckByTypeAndAuditAlarmA
AccessCheckByTypeAndAuditAlarmW
AccessCheckByTypeResultList
AccessCheckByTypeResultListAndAuditAlarmA
AccessCheckByTypeResultListAndAuditAlarmByHandleA
AccessCheckByTypeResultListAndAuditAlarmByHandleW
AccessCheckByTypeResultListAndAuditAlarmW
AddAccessAllowedAce
AddAccessAllowedAceEx
AddAccessAllowedObjectAce
AddAccessDeniedAce
AddAccessDeniedAceEx
AddAccessDeniedObjectAce
AddAce
AddAuditAccessAce
AddAuditAccessAceEx
AddAuditAccessObjectAce
AddConditionalAce
AddMandatoryAce
AddUsersToEncryptedFile
AddUsersToEncryptedFileEx
AdjustTokenGroups
AdjustTokenPrivileges
AllocateAndInitializeSid
AllocateLocallyUniqueId
AreAllAccessesGranted
AreAnyAccessesGranted
AuditComputeEffectivePolicyBySid
AuditComputeEffectivePolicyByToken
AuditEnumerateCategories
AuditEnumeratePerUserPolicy
AuditEnumerateSubCategories
AuditFree
AuditLookupCategoryGuidFromCategoryId
AuditLookupCategoryIdFromCategoryGuid
AuditLookupCategoryNameA
AuditLookupCategoryNameW
AuditLookupSubCategoryNameA
AuditLookupSubCategoryNameW
AuditQueryGlobalSaclA
AuditQueryGlobalSaclW
AuditQueryPerUserPolicy
AuditQuerySecurity
AuditQuerySystemPolicy
AuditSetGlobalSaclA
AuditSetGlobalSaclW
AuditSetPerUserPolicy
AuditSetSecurity
AuditSetSystemPolicy
BackupEventLogA
BackupEventLogW
BaseRegCloseKey
BaseRegCreateKey
BaseRegDeleteKeyEx
BaseRegDeleteValue
BaseRegFlushKey
BaseRegGetVersion
BaseRegLoadKey
BaseRegOpenKey
BaseRegRestoreKey
BaseRegSaveKeyEx
BaseRegSetKeySecurity
BaseRegSetValue
BaseRegUnLoadKey
BuildExplicitAccessWithNameA
BuildExplicitAccessWithNameW
BuildImpersonateExplicitAccessWithNameA
BuildImpersonateExplicitAccessWithNameW
BuildImpersonateTrusteeA
BuildImpersonateTrusteeW
BuildSecurityDescriptorA
BuildSecurityDescriptorW
BuildTrusteeWithNameA
BuildTrusteeWithNameW
BuildTrusteeWithObjectsAndNameA
BuildTrusteeWithObjectsAndNameW
BuildTrusteeWithObjectsAndSidA
BuildTrusteeWithObjectsAndSidW
BuildTrusteeWithSidA
BuildTrusteeWithSidW
CancelOverlappedAccess
ChangeServiceConfig2A
ChangeServiceConfig2W
ChangeServiceConfigA
ChangeServiceConfigW
CheckForHiberboot
CheckTokenMembership
ClearEventLogA
ClearEventLogW
CloseCodeAuthzLevel
CloseEncryptedFileRaw
CloseEventLog
CloseServiceHandle
CloseThreadWaitChainSession
CloseTrace
CommandLineFromMsiDescriptor
ComputeAccessTokenFromCodeAuthzLevel
ControlService
ControlServiceExA
ControlServiceExW
ControlTraceA
ControlTraceW
ConvertAccessToSecurityDescriptorA
ConvertAccessToSecurityDescriptorW
ConvertSDToStringSDDomainW
ConvertSDToStringSDRootDomainA
ConvertSDToStringSDRootDomainW
ConvertSecurityDescriptorToAccessA
ConvertSecurityDescriptorToAccessNamedA
ConvertSecurityDescriptorToAccessNamedW
ConvertSecurityDescriptorToAccessW
ConvertSecurityDescriptorToStringSecurityDescriptorA
ConvertSecurityDescriptorToStringSecurityDescriptorW
ConvertSidToStringSidA
ConvertSidToStringSidW
ConvertStringSDToSDDomainA
ConvertStringSDToSDDomainW
ConvertStringSDToSDRootDomainA
ConvertStringSDToSDRootDomainW
ConvertStringSecurityDescriptorToSecurityDescriptorA
ConvertStringSecurityDescriptorToSecurityDescriptorW
ConvertStringSidToSidA
ConvertStringSidToSidW
ConvertToAutoInheritPrivateObjectSecurity
CopySid
CreateCodeAuthzLevel
CreatePrivateObjectSecurity
CreatePrivateObjectSecurityEx
CreatePrivateObjectSecurityWithMultipleInheritance
CreateProcessAsUserA
CreateProcessAsUserW
CreateProcessWithLogonW
CreateProcessWithTokenW
CreateRestrictedToken
CreateServiceA
CreateServiceEx
CreateServiceW
CreateTraceInstanceId
CreateWellKnownSid
CredBackupCredentials
CredDeleteA
CredDeleteW
CredEncryptAndMarshalBinaryBlob
CredEnumerateA
CredEnumerateW
CredFindBestCredentialA
CredFindBestCredentialW
CredFree
CredGetSessionTypes
CredGetTargetInfoA
CredGetTargetInfoW
CredIsMarshaledCredentialA
CredIsMarshaledCredentialW
CredIsProtectedA
CredIsProtectedW
CredMarshalCredentialA
CredMarshalCredentialW
CredProfileLoaded
CredProfileLoadedEx
CredProfileUnloaded
CredProtectA
CredProtectW
CredReadA
CredReadByTokenHandle
CredReadDomainCredentialsA
CredReadDomainCredentialsW
CredReadW
CredRenameA
CredRenameW
CredRestoreCredentials
CredUnmarshalCredentialA
CredUnmarshalCredentialW
CredUnprotectA
CredUnprotectW
CredWriteA
CredWriteDomainCredentialsA
CredWriteDomainCredentialsW
CredWriteW
CredpConvertCredential
CredpConvertOneCredentialSize
CredpConvertTargetInfo
CredpDecodeCredential
CredpEncodeCredential
CredpEncodeSecret
CryptAcquireContextA
CryptAcquireContextW
CryptContextAddRef
CryptCreateHash
CryptDecrypt
CryptDeriveKey
CryptDestroyHash
CryptDestroyKey
CryptDuplicateHash
CryptDuplicateKey
CryptEncrypt
CryptEnumProviderTypesA
CryptEnumProviderTypesW
CryptEnumProvidersA
CryptEnumProvidersW
CryptExportKey
CryptGenKey
CryptGenRandom
CryptGetDefaultProviderA
CryptGetDefaultProviderW
CryptGetHashParam
CryptGetKeyParam
CryptGetProvParam
CryptGetUserKey
CryptHashData
CryptHashSessionKey
CryptImportKey
CryptReleaseContext
CryptSetHashParam
CryptSetKeyParam
CryptSetProvParam
CryptSetProviderA
CryptSetProviderExA
CryptSetProviderExW
CryptSetProviderW
CryptSignHashA
CryptSignHashW
CryptVerifySignatureA
CryptVerifySignatureW
CveEventWrite
DecryptFileA
DecryptFileW
DeleteAce
DeleteService
DeregisterEventSource
DestroyPrivateObjectSecurity
DuplicateEncryptionInfoFile
DuplicateToken
DuplicateTokenEx
ElfBackupEventLogFileA
ElfBackupEventLogFileW
ElfChangeNotify
ElfClearEventLogFileA
ElfClearEventLogFileW
ElfCloseEventLog
ElfDeregisterEventSource
ElfFlushEventLog
ElfNumberOfRecords
ElfOldestRecord
ElfOpenBackupEventLogA
ElfOpenBackupEventLogW
ElfOpenEventLogA
ElfOpenEventLogW
ElfReadEventLogA
ElfReadEventLogW
ElfRegisterEventSourceA
ElfRegisterEventSourceW
ElfReportEventA
ElfReportEventAndSourceW
ElfReportEventW
EnableTrace
EnableTraceEx
EnableTraceEx2
EncryptFileA
EncryptFileW
EncryptedFileKeyInfo
EncryptionDisable
EnumDependentServicesA
EnumDependentServicesW
EnumDynamicTimeZoneInformation
EnumServiceGroupW
EnumServicesStatusA
EnumServicesStatusExA
EnumServicesStatusExW
EnumServicesStatusW
EnumerateTraceGuids
EnumerateTraceGuidsEx
EqualDomainSid
EqualPrefixSid
EqualSid
EventAccessControl
EventAccessQuery
EventAccessRemove
EventActivityIdControl
EventEnabled
EventProviderEnabled
EventRegister
EventSetInformation
EventUnregister
EventWrite
EventWriteEndScenario
EventWriteEx
EventWriteStartScenario
EventWriteString
EventWriteTransfer
FileEncryptionStatusA
FileEncryptionStatusW
FindFirstFreeAce
FlushEfsCache
FlushTraceA
FlushTraceW
FreeEncryptedFileKeyInfo
FreeEncryptedFileMetadata
FreeEncryptionCertificateHashList
FreeInheritedFromArray
FreeSid
GetAccessPermissionsForObjectA
GetAccessPermissionsForObjectW
GetAce
GetAclInformation
GetAuditedPermissionsFromAclA
GetAuditedPermissionsFromAclW
GetCurrentHwProfileA
GetCurrentHwProfileW
GetDynamicTimeZoneInformationEffectiveYears
GetEffectiveRightsFromAclA
GetEffectiveRightsFromAclW
GetEncryptedFileMetadata
GetEventLogInformation
GetExplicitEntriesFromAclA
GetExplicitEntriesFromAclW
GetFileSecurityA
GetFileSecurityW
GetInformationCodeAuthzLevelW
GetInformationCodeAuthzPolicyW
GetInheritanceSourceA
GetInheritanceSourceW
GetKernelObjectSecurity
GetLengthSid
GetLocalManagedApplicationData
GetLocalManagedApplications
GetManagedApplicationCategories
GetManagedApplications
GetMultipleTrusteeA
GetMultipleTrusteeOperationA
GetMultipleTrusteeOperationW
GetMultipleTrusteeW
GetNamedSecurityInfoA
GetNamedSecurityInfoExA
GetNamedSecurityInfoExW
GetNamedSecurityInfoW
GetNumberOfEventLogRecords
GetOldestEventLogRecord
GetOverlappedAccessResults
GetPrivateObjectSecurity
GetSecurityDescriptorControl
GetSecurityDescriptorDacl
GetSecurityDescriptorGroup
GetSecurityDescriptorLength
GetSecurityDescriptorOwner
GetSecurityDescriptorRMControl
GetSecurityDescriptorSacl
GetSecurityInfo
GetSecurityInfoExA
GetSecurityInfoExW
GetServiceDisplayNameA
GetServiceDisplayNameW
GetServiceKeyNameA
GetServiceKeyNameW
GetSidIdentifierAuthority
GetSidLengthRequired
GetSidSubAuthority
GetSidSubAuthorityCount
GetStringConditionFromBinary
GetThreadWaitChain
GetTokenInformation
GetTraceEnableFlags
GetTraceEnableLevel
GetTraceLoggerHandle
GetTrusteeFormA
GetTrusteeFormW
GetTrusteeNameA
GetTrusteeNameW
GetTrusteeTypeA
GetTrusteeTypeW
GetUserNameA
GetUserNameW
GetWindowsAccountDomainSid
I_QueryTagInformation
I_ScGetCurrentGroupStateW
I_ScIsSecurityProcess
I_ScPnPGetServiceName
I_ScQueryServiceConfig
I_ScRegisterPreshutdownRestart
I_ScReparseServiceDatabase
I_ScSendPnPMessage
I_ScSendTSMessage
I_ScSetServiceBitsA
I_ScSetServiceBitsW
I_ScValidatePnPService
IdentifyCodeAuthzLevelW
ImpersonateAnonymousToken
ImpersonateLoggedOnUser
ImpersonateNamedPipeClient
ImpersonateSelf
InitializeAcl
InitializeSecurityDescriptor
InitializeSid
InitiateShutdownA
InitiateShutdownW
InitiateSystemShutdownA
InitiateSystemShutdownExA
InitiateSystemShutdownExW
InitiateSystemShutdownW
InstallApplication
IsTextUnicode
IsTokenRestricted
IsTokenUntrusted
IsValidAcl
IsValidRelativeSecurityDescriptor
IsValidSecurityDescriptor
IsValidSid
IsWellKnownSid
LockServiceDatabase
LogonUserA
LogonUserExA
LogonUserExExW
LogonUserExW
LogonUserW
LookupAccountNameA
LookupAccountNameW
LookupAccountSidA
LookupAccountSidW
LookupPrivilegeDisplayNameA
LookupPrivilegeDisplayNameW
LookupPrivilegeNameA
LookupPrivilegeNameW
LookupPrivilegeValueA
LookupPrivilegeValueW
LookupSecurityDescriptorPartsA
LookupSecurityDescriptorPartsW
LsaAddAccountRights
LsaAddPrivilegesToAccount
LsaClearAuditLog
LsaClose
LsaCreateAccount
LsaCreateSecret
LsaCreateTrustedDomain
LsaCreateTrustedDomainEx
LsaDelete
LsaDeleteTrustedDomain
LsaEnumerateAccountRights
LsaEnumerateAccounts
LsaEnumerateAccountsWithUserRight
LsaEnumeratePrivileges
LsaEnumeratePrivilegesOfAccount
LsaEnumerateTrustedDomains
LsaEnumerateTrustedDomainsEx
LsaFreeMemory
LsaGetAppliedCAPIDs
LsaGetQuotasForAccount
LsaGetRemoteUserName
LsaGetSystemAccessAccount
LsaGetUserName
LsaICLookupNames
LsaICLookupNamesWithCreds
LsaICLookupSids
LsaICLookupSidsWithCreds
LsaLookupNames
LsaLookupNames2
LsaLookupPrivilegeDisplayName
LsaLookupPrivilegeName
LsaLookupPrivilegeValue
LsaLookupSids
LsaLookupSids2
LsaManageSidNameMapping
LsaNtStatusToWinError
LsaOpenAccount
LsaOpenPolicy
LsaOpenPolicySce
LsaOpenSecret
LsaOpenTrustedDomain
LsaOpenTrustedDomainByName
LsaQueryCAPs
LsaQueryDomainInformationPolicy
LsaQueryForestTrustInformation
LsaQueryInfoTrustedDomain
LsaQueryInformationPolicy
LsaQuerySecret
LsaQuerySecurityObject
LsaQueryTrustedDomainInfo
LsaQueryTrustedDomainInfoByName
LsaRemoveAccountRights
LsaRemovePrivilegesFromAccount
LsaRetrievePrivateData
LsaSetCAPs
LsaSetDomainInformationPolicy
LsaSetForestTrustInformation
LsaSetInformationPolicy
LsaSetInformationTrustedDomain
LsaSetQuotasForAccount
LsaSetSecret
LsaSetSecurityObject
LsaSetSystemAccessAccount
LsaSetTrustedDomainInfoByName
LsaSetTrustedDomainInformation
LsaStorePrivateData

Sections

.text
Size: 411KB - Virtual size: 410KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 1024B - Virtual size: 568B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
data/adb/AdbWinApi.dll
.dll windows:6 windows x86 arch:x86

Password: 123

776334619bd19ec23e3a7a275473b5a7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

z:\development\usb\api\objfre_win7_x86\i386\AdbWinApi.pdb

Imports

ole32

CoCreateInstance

kernel32

GetStartupInfoA
SetLastError
CloseHandle
GetLastError
DeviceIoControl
WriteFile
ReadFile
GetOverlappedResult
CreateFileW
WideCharToMultiByte
Sleep
InterlockedIncrement
InterlockedDecrement
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
GetProcAddress
LoadLibraryW
GetFileAttributesW
GetSystemDirectoryW
RaiseException
FreeLibrary
InterlockedExchange
MultiByteToWideChar
InitializeCriticalSectionAndSpinCount
GetCommandLineA
GetVersionExA
RtlUnwind
HeapFree
HeapAlloc
HeapReAlloc
VirtualProtect
VirtualAlloc
GetModuleHandleW
GetSystemInfo
VirtualQuery
GetModuleHandleA
ExitProcess
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
GetCurrentThreadId
SetHandleCount
GetStdHandle
GetFileType
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCPInfo
GetACP
GetOEMCP
OutputDebugStringA
HeapSize
LoadLibraryExA
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
SetFilePointer
GetConsoleCP
GetConsoleMode
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA
FlushFileBuffers

setupapi

SetupDiEnumDeviceInterfaces
SetupDiGetDeviceInterfaceDetailW
SetupDiDestroyDeviceInfoList
SetupDiGetClassDevsW

Exports

Exports

??0AdbEndpointObject@@QAE@ABV0@@Z
??0AdbEndpointObject@@QAE@PAVAdbInterfaceObject@@EE@Z
??0AdbIOCompletion@@QAE@ABV0@@Z
??0AdbIOCompletion@@QAE@PAVAdbEndpointObject@@KPAX@Z
??0AdbInterfaceObject@@QAE@ABV0@@Z
??0AdbInterfaceObject@@QAE@PBG@Z
??0AdbObjectHandle@@QAE@ABV0@@Z
??0AdbObjectHandle@@QAE@W4AdbObjectType@@@Z
??1AdbEndpointObject@@MAE@XZ
??1AdbIOCompletion@@MAE@XZ
??1AdbInterfaceObject@@MAE@XZ
??1AdbObjectHandle@@MAE@XZ
??4AdbEndpointObject@@QAEAAV0@ABV0@@Z
??4AdbIOCompletion@@QAEAAV0@ABV0@@Z
??4AdbInterfaceObject@@QAEAAV0@ABV0@@Z
??4AdbObjectHandle@@QAEAAV0@ABV0@@Z
??_7AdbEndpointObject@@6B@
??_7AdbIOCompletion@@6B@
??_7AdbInterfaceObject@@6B@
??_7AdbObjectHandle@@6B@
?AddRef@AdbObjectHandle@@UAEJXZ
?AsyncRead@AdbEndpointObject@@UAEPAXPAXKPAK0K@Z
?AsyncWrite@AdbEndpointObject@@UAEPAXPAXKPAK0K@Z
?CloseHandle@AdbObjectHandle@@UAE_NXZ
?CreateHandle@AdbObjectHandle@@UAEPAXXZ
?GetEndpointInformation@AdbEndpointObject@@UAE_NPAU_AdbEndpointInformation@@@Z
?GetInterfaceName@AdbInterfaceObject@@UAE_NPAXPAK_N@Z
?GetParentInterfaceHandle@AdbEndpointObject@@QBEPAXXZ
?GetParentObjectHandle@AdbIOCompletion@@QBEPAXXZ
?GetUsbConfigurationDescriptor@AdbInterfaceObject@@UAE_NPAU_USB_CONFIGURATION_DESCRIPTOR@@@Z
?GetUsbDeviceDescriptor@AdbInterfaceObject@@UAE_NPAU_USB_DEVICE_DESCRIPTOR@@@Z
?GetUsbInterfaceDescriptor@AdbInterfaceObject@@UAE_NPAU_USB_INTERFACE_DESCRIPTOR@@@Z
?IsCompleted@AdbIOCompletion@@UAE_NXZ
?IsObjectOfType@AdbObjectHandle@@UBE_NW4AdbObjectType@@@Z
?IsOpened@AdbObjectHandle@@QBE_NXZ
?LastReferenceReleased@AdbObjectHandle@@MAEXXZ
?Lookup@AdbObjectHandle@@SGPAV1@PAX@Z
?Release@AdbObjectHandle@@UAEJXZ
?SyncRead@AdbEndpointObject@@UAE_NPAXKPAKK@Z
?SyncWrite@AdbEndpointObject@@UAE_NPAXKPAKK@Z
?Type@AdbEndpointObject@@SG?AW4AdbObjectType@@XZ
?Type@AdbIOCompletion@@SG?AW4AdbObjectType@@XZ
?Type@AdbInterfaceObject@@SG?AW4AdbObjectType@@XZ
?adb_handle@AdbObjectHandle@@QBEPAXXZ
?endpoint_id@AdbEndpointObject@@QBEEXZ
?endpoint_index@AdbEndpointObject@@QBEEXZ
?interface_name@AdbInterfaceObject@@QBEABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@XZ
?object_type@AdbObjectHandle@@QBE?AW4AdbObjectType@@XZ
?overlapped@AdbIOCompletion@@QAEPAU_OVERLAPPED@@XZ
?parent_interface@AdbEndpointObject@@QBEPAVAdbInterfaceObject@@XZ
?parent_io_object@AdbIOCompletion@@QBEPAVAdbEndpointObject@@XZ
?usb_config_descriptor@AdbInterfaceObject@@QBEPBU_USB_CONFIGURATION_DESCRIPTOR@@XZ
?usb_device_descriptor@AdbInterfaceObject@@QBEPBU_USB_DEVICE_DESCRIPTOR@@XZ
?usb_interface_descriptor@AdbInterfaceObject@@QBEPBU_USB_INTERFACE_DESCRIPTOR@@XZ
AdbCloseHandle
AdbCreateInterface
AdbCreateInterfaceByName
AdbEnumInterfaces
AdbGetDefaultBulkReadEndpointInformation
AdbGetDefaultBulkWriteEndpointInformation
AdbGetEndpointInformation
AdbGetEndpointInterface
AdbGetInterfaceName
AdbGetOvelappedIoResult
AdbGetSerialNumber
AdbGetUsbConfigurationDescriptor
AdbGetUsbDeviceDescriptor
AdbGetUsbInterfaceDescriptor
AdbHasOvelappedIoComplated
AdbNextInterface
AdbOpenDefaultBulkReadEndpoint
AdbOpenDefaultBulkWriteEndpoint
AdbOpenEndpoint
AdbQueryInformationEndpoint
AdbReadEndpointAsync
AdbReadEndpointSync
AdbResetInterfaceEnum
AdbWriteEndpointAsync
AdbWriteEndpointSync

Sections

.text
Size: 81KB - Virtual size: 81KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
data/adb/AdbWinUsbApi.dll
.dll windows:6 windows x86 arch:x86

Password: 123

72b8c869f01047191838df5f58e88dd8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

z:\development\usb\winusb\objfre_win7_x86\i386\AdbWinUsbApi.pdb

Imports

ole32

CoCreateInstance

kernel32

GetCommandLineA
GetVersionExA
RtlUnwind
HeapAlloc
HeapFree
HeapReAlloc
VirtualProtect
VirtualAlloc
GetProcAddress
GetModuleHandleW
GetSystemInfo
VirtualQuery
GetModuleHandleA
ExitProcess
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
GetCurrentThreadId
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
HeapSize
WriteFile
OutputDebugStringA
LoadLibraryExA
GetCPInfo
GetACP
GetOEMCP
GetLocaleInfoA
GetStringTypeA
GetStringTypeW
LCMapStringA
LCMapStringW
MultiByteToWideChar
InterlockedIncrement
RaiseException
CreateFileW
WideCharToMultiByte
CreateEventW
CloseHandle
Sleep
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
GetLastError
SetLastError
InterlockedDecrement
GetEnvironmentStringsW

winusb

WinUsb_GetOverlappedResult
WinUsb_ResetPipe
WinUsb_Free
WinUsb_SetPipePolicy
WinUsb_ReadPipe
WinUsb_WritePipe
WinUsb_GetDescriptor
WinUsb_QueryPipe
WinUsb_QueryInterfaceSettings
WinUsb_GetCurrentAlternateSetting
WinUsb_Initialize
WinUsb_AbortPipe

adbwinapi

??1AdbIOCompletion@@MAE@XZ
??0AdbEndpointObject@@QAE@PAVAdbInterfaceObject@@EE@Z
?AddRef@AdbObjectHandle@@UAEJXZ
?CreateHandle@AdbObjectHandle@@UAEPAXXZ
?IsObjectOfType@AdbObjectHandle@@UBE_NW4AdbObjectType@@@Z
?LastReferenceReleased@AdbObjectHandle@@MAEXXZ
?GetEndpointInformation@AdbEndpointObject@@UAE_NPAU_AdbEndpointInformation@@@Z
?AsyncRead@AdbEndpointObject@@UAEPAXPAXKPAK0K@Z
?AsyncWrite@AdbEndpointObject@@UAEPAXPAXKPAK0K@Z
?SyncRead@AdbEndpointObject@@UAE_NPAXKPAKK@Z
?SyncWrite@AdbEndpointObject@@UAE_NPAXKPAKK@Z
?CloseHandle@AdbObjectHandle@@UAE_NXZ
??0AdbInterfaceObject@@QAE@PBG@Z
?GetInterfaceName@AdbInterfaceObject@@UAE_NPAXPAK_N@Z
?GetUsbDeviceDescriptor@AdbInterfaceObject@@UAE_NPAU_USB_DEVICE_DESCRIPTOR@@@Z
?GetUsbConfigurationDescriptor@AdbInterfaceObject@@UAE_NPAU_USB_CONFIGURATION_DESCRIPTOR@@@Z
?GetUsbInterfaceDescriptor@AdbInterfaceObject@@UAE_NPAU_USB_INTERFACE_DESCRIPTOR@@@Z
??1AdbInterfaceObject@@MAE@XZ
??0AdbIOCompletion@@QAE@PAVAdbEndpointObject@@KPAX@Z
?IsCompleted@AdbIOCompletion@@UAE_NXZ
??1AdbEndpointObject@@MAE@XZ

Exports

Exports

InstantiateWinUsbInterface

Sections

.text
Size: 50KB - Virtual size: 49KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
data/adb/HD-Adb.exe
.exe windows:4 windows x86 arch:x86

Password: 123

6123430d6e6f1558d998011e8f5fb0f5

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

04:f9:d5:0a:6c:79:2c:9f:d3:9d:47:2e:98:37:b5:ff
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

14/03/2023, 00:00

Not After

05/04/2025, 23:59

Subject

SERIALNUMBER=4559077,CN=Now.gg\, INC,O=Now.gg\, INC,L=Campbell,ST=California,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130844656c6177617265,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21/09/2022, 00:00

Not After

21/11/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

fa:71:3d:d6:af:07:78:6e:77:98:1b:e8:aa:fd:ef:b0:38:a7:4b:52:8b:c6:e5:89:5f:63:f3:91:61:9b:0b:31
Signer

Actual PE Digest

fa:71:3d:d6:af:07:78:6e:77:98:1b:e8:aa:fd:ef:b0:38:a7:4b:52:8b:c6:e5:89:5f:63:f3:91:61:9b:0b:31

Digest Algorithm

sha256

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

adbwinapi

AdbCloseHandle
AdbCreateInterfaceByName
AdbEnumInterfaces
AdbGetEndpointInformation
AdbGetInterfaceName
AdbGetSerialNumber
AdbGetUsbDeviceDescriptor
AdbGetUsbInterfaceDescriptor
AdbNextInterface
AdbOpenDefaultBulkReadEndpoint
AdbOpenDefaultBulkWriteEndpoint
AdbReadEndpointSync
AdbWriteEndpointSync

advapi32

SystemFunction036

kernel32

CloseHandle
CreateFileW
CreatePipe
CreateProcessW
CreateSemaphoreA
DeleteCriticalSection
EnterCriticalSection
FormatMessageW
GetConsoleMode
GetConsoleScreenBufferInfo
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetFileAttributesW
GetFileSize
GetLastError
GetModuleFileNameA
GetModuleFileNameW
GetModuleHandleA
GetModuleHandleW
GetProcAddress
GetStartupInfoW
GetStdHandle
GetSystemTimeAsFileTime
GetTempPathW
GetTickCount
GetTimeZoneInformation
InitializeCriticalSection
InitializeCriticalSectionAndSpinCount
InterlockedCompareExchange
IsDBCSLeadByteEx
LeaveCriticalSection
LoadLibraryW
MultiByteToWideChar
QueryPerformanceCounter
ReadConsoleInputA
ReadFile
ReleaseSemaphore
SetConsoleCtrlHandler
SetConsoleMode
SetFilePointer
SetHandleInformation
SetLastError
SetUnhandledExceptionFilter
Sleep
SwitchToThread
TerminateProcess
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
UnhandledExceptionFilter
VirtualProtect
VirtualQuery
WaitForMultipleObjects
WaitForSingleObject
WideCharToMultiByte
WriteConsoleOutputW
WriteConsoleW
WriteFile

msvcrt

__dllonexit
__doserrno
__lconv_init
__mb_cur_max
__pioinfo
__set_app_type
__setusermatherr
__wgetmainargs
__winitenv
_amsg_exit
_beginthreadex
_cexit
_errno
_exit
_filelengthi64
_fileno
_findclose
_fmode
_fstat64
_get_osfhandle
_initterm
_iob
_lock
_lseeki64
_onexit
_setmode
_stati64
_vscprintf
_wstati64
time
gmtime
_strerror
_stricmp
_strnicmp
_unlock
calloc
exit
fclose
feof
ferror
fflush
fgetpos
fgets
fopen
fputc
fputs
fputwc
fread
free
fseek
fsetpos
ftell
fwrite
getc
getenv
getwc
isalnum
isalpha
isdigit
islower
isprint
isspace
isupper
iswctype
isxdigit
localeconv
malloc
mbstowcs
memchr
memcmp
memcpy
memmove
memset
perror
putc
putwc
qsort
realloc
setlocale
setvbuf
signal
sprintf
strcat
strchr
strcmp
strcoll
strcpy
strerror
strftime
strlen
strncmp
strncpy
strrchr
strstr
strtol
strtoul
strxfrm
_wchmod
_wcmdln
_wenviron
_wfindnext
_wfopen
_wfullpath
_wgetcwd
_wmkdir
_wopen
_write
_wunlink
_wutime
abort
atoi
bsearch
tolower
towlower
towupper
ungetc
ungetwc
wcscat
wcschr
wcscoll
wcscpy
wcsftime
wcslen
wcstombs
wcsxfrm
_wfindfirst
_write
_wcsicmp
_umask
_strdup
_read
_isatty
_getpid
_fileno
_fdopen
_dup2
_dup
_close

shell32

SHGetFolderPathW

user32

CreateWindowExW
DefWindowProcW
DispatchMessageW
GetMessageW
MapVirtualKeyA
RegisterClassExW
ToAscii
TranslateMessage

ws2_32

WSAGetLastError
WSAIoctl
WSAPoll
WSAStartup
accept
bind
closesocket
connect
freeaddrinfo
getaddrinfo
getsockname
htonl
htons
inet_ntoa
ioctlsocket
listen
ntohs
recv
send
setsockopt
shutdown
socket

Exports

Exports

ACCESS_DESCRIPTION_free
ACCESS_DESCRIPTION_it
ACCESS_DESCRIPTION_new
AES_cbc_encrypt
AES_cfb128_encrypt
AES_ctr128_encrypt
AES_decrypt
AES_ecb_encrypt
AES_encrypt
AES_ofb128_encrypt
AES_set_decrypt_key
AES_set_encrypt_key
ASN1_ANY_it
ASN1_BIT_STRING_check
ASN1_BIT_STRING_free
ASN1_BIT_STRING_get_bit
ASN1_BIT_STRING_it
ASN1_BIT_STRING_new
ASN1_BIT_STRING_set
ASN1_BIT_STRING_set_bit
ASN1_BMPSTRING_free
ASN1_BMPSTRING_it
ASN1_BMPSTRING_new
ASN1_BOOLEAN_it
ASN1_ENUMERATED_free
ASN1_ENUMERATED_get
ASN1_ENUMERATED_it
ASN1_ENUMERATED_new
ASN1_ENUMERATED_set
ASN1_ENUMERATED_to_BN
ASN1_FBOOLEAN_it
ASN1_GENERALIZEDTIME_adj
ASN1_GENERALIZEDTIME_check
ASN1_GENERALIZEDTIME_free
ASN1_GENERALIZEDTIME_it
ASN1_GENERALIZEDTIME_new
ASN1_GENERALIZEDTIME_print
ASN1_GENERALIZEDTIME_set
ASN1_GENERALIZEDTIME_set_string
ASN1_GENERALSTRING_free
ASN1_GENERALSTRING_it
ASN1_GENERALSTRING_new
ASN1_IA5STRING_free
ASN1_IA5STRING_it
ASN1_IA5STRING_new
ASN1_INTEGER_cmp
ASN1_INTEGER_dup
ASN1_INTEGER_free
ASN1_INTEGER_get
ASN1_INTEGER_it
ASN1_INTEGER_new
ASN1_INTEGER_set
ASN1_INTEGER_to_BN
ASN1_NULL_free
ASN1_NULL_it
ASN1_NULL_new
ASN1_OBJECT_create
ASN1_OBJECT_free
ASN1_OBJECT_it
ASN1_OBJECT_new
ASN1_OCTET_STRING_NDEF_it
ASN1_OCTET_STRING_cmp
ASN1_OCTET_STRING_dup
ASN1_OCTET_STRING_free
ASN1_OCTET_STRING_it
ASN1_OCTET_STRING_new
ASN1_OCTET_STRING_set
ASN1_PRINTABLESTRING_free
ASN1_PRINTABLESTRING_it
ASN1_PRINTABLESTRING_new
ASN1_PRINTABLE_free
ASN1_PRINTABLE_it
ASN1_PRINTABLE_new
ASN1_PRINTABLE_type
ASN1_SEQUENCE_ANY_it
ASN1_SEQUENCE_it
ASN1_SET_ANY_it
ASN1_STRING_TABLE_add
ASN1_STRING_TABLE_cleanup
ASN1_STRING_TABLE_get
ASN1_STRING_cmp
ASN1_STRING_copy
ASN1_STRING_data
ASN1_STRING_dup
ASN1_STRING_free
ASN1_STRING_get_default_mask
ASN1_STRING_length
ASN1_STRING_length_set
ASN1_STRING_new
ASN1_STRING_print
ASN1_STRING_print_ex
ASN1_STRING_print_ex_fp
ASN1_STRING_set
ASN1_STRING_set0
ASN1_STRING_set_by_NID
ASN1_STRING_set_default_mask
ASN1_STRING_set_default_mask_asc
ASN1_STRING_to_UTF8
ASN1_STRING_type
ASN1_STRING_type_new
ASN1_T61STRING_free
ASN1_T61STRING_it
ASN1_T61STRING_new
ASN1_TBOOLEAN_it
ASN1_TIME_adj
ASN1_TIME_check
ASN1_TIME_diff
ASN1_TIME_free
ASN1_TIME_it
ASN1_TIME_new
ASN1_TIME_print
ASN1_TIME_set
ASN1_TIME_set_string
ASN1_TIME_to_generalizedtime
ASN1_TYPE_cmp
ASN1_TYPE_free
ASN1_TYPE_get
ASN1_TYPE_new
ASN1_TYPE_set
ASN1_TYPE_set1
ASN1_UNIVERSALSTRING_free
ASN1_UNIVERSALSTRING_it
ASN1_UNIVERSALSTRING_new
ASN1_UTCTIME_adj
ASN1_UTCTIME_check
ASN1_UTCTIME_cmp_time_t
ASN1_UTCTIME_free
ASN1_UTCTIME_it
ASN1_UTCTIME_new
ASN1_UTCTIME_print
ASN1_UTCTIME_set
ASN1_UTCTIME_set_string
ASN1_UTF8STRING_free
ASN1_UTF8STRING_it
ASN1_UTF8STRING_new
ASN1_VISIBLESTRING_free
ASN1_VISIBLESTRING_it
ASN1_VISIBLESTRING_new
ASN1_bn_print
ASN1_check_infinite_end
ASN1_const_check_infinite_end
ASN1_d2i_bio
ASN1_d2i_fp
ASN1_digest
ASN1_dup
ASN1_generate_nconf
ASN1_generate_v3
ASN1_get_object
ASN1_i2d_bio
ASN1_i2d_fp
ASN1_item_d2i
ASN1_item_d2i_bio
ASN1_item_d2i_fp
ASN1_item_digest
ASN1_item_dup
ASN1_item_free
ASN1_item_i2d
ASN1_item_i2d_bio
ASN1_item_i2d_fp
ASN1_item_ndef_i2d
ASN1_item_new
ASN1_item_pack
ASN1_item_sign
ASN1_item_sign_ctx
ASN1_item_unpack
ASN1_item_verify
ASN1_mbstring_copy
ASN1_mbstring_ncopy
ASN1_object_size
ASN1_parse
ASN1_parse_dump
ASN1_put_eoc
ASN1_put_object
ASN1_tag2bit
ASN1_tag2str
AUTHORITY_INFO_ACCESS_free
AUTHORITY_INFO_ACCESS_it
AUTHORITY_INFO_ACCESS_new
AUTHORITY_KEYID_free
AUTHORITY_KEYID_it
AUTHORITY_KEYID_new
BASIC_CONSTRAINTS_free
BASIC_CONSTRAINTS_it
BASIC_CONSTRAINTS_new
BIGNUM_it
BIO_append_filename
BIO_callback_ctrl
BIO_clear_flags
BIO_clear_retry_flags
BIO_copy_next_retry
BIO_ctrl
BIO_ctrl_pending
BIO_find_type
BIO_flush
BIO_free
BIO_free_all
BIO_get_callback_arg
BIO_get_fp
BIO_get_retry_flags
BIO_get_retry_reason
BIO_gets
BIO_hexdump
BIO_indent
BIO_int_ctrl
BIO_method_type
BIO_new
BIO_new_file
BIO_new_fp
BIO_next
BIO_number_read
BIO_number_written
BIO_pending
BIO_pop
BIO_print_errors
BIO_printf
BIO_ptr_ctrl
BIO_push
BIO_puts
BIO_read
BIO_read_asn1
BIO_read_filename
BIO_reset
BIO_rw_filename
BIO_s_file
BIO_set_callback
BIO_set_callback_arg
BIO_set_close
BIO_set_flags
BIO_set_fp
BIO_set_retry_read
BIO_set_retry_write
BIO_should_io_special
BIO_should_read
BIO_should_retry
BIO_should_write
BIO_snprintf
BIO_test_flags
BIO_up_ref
BIO_vfree
BIO_vsnprintf
BIO_wpending
BIO_write
BIO_write_filename
BN_CTX_end
BN_CTX_free
BN_CTX_get
BN_CTX_new
BN_CTX_start
BN_GENCB_call
BN_GENCB_set
BN_MONT_CTX_copy
BN_MONT_CTX_free
BN_MONT_CTX_new
BN_MONT_CTX_set
BN_abs_is_word
BN_add
BN_add_word
BN_asc2bn
BN_bin2bn
BN_bn2bin
BN_bn2bin_padded
BN_bn2cbb
BN_bn2cbb_padded
BN_bn2dec
BN_bn2hex
BN_bn2mpi
BN_cbs2unsigned
BN_cbs2unsigned_buggy
BN_clear
BN_clear_bit
BN_clear_free
BN_cmp
BN_copy
BN_dec2bn
BN_div
BN_div_word
BN_dup
BN_exp
BN_free
BN_from_montgomery
BN_gcd
BN_generate_dsa_nonce
BN_generate_prime_ex
BN_get_flags
BN_get_word
BN_hex2bn
BN_init
BN_is_bit_set
BN_is_negative
BN_is_odd
BN_is_one
BN_is_prime_ex
BN_is_prime_fasttest_ex
BN_is_word
BN_is_zero
BN_kronecker
BN_lshift
BN_lshift1
BN_mask_bits
BN_mod_add
BN_mod_add_quick
BN_mod_exp
BN_mod_exp2_mont
BN_mod_exp_mont
BN_mod_exp_mont_consttime
BN_mod_exp_mont_word
BN_mod_inverse
BN_mod_inverse_ex
BN_mod_lshift
BN_mod_lshift1
BN_mod_lshift1_quick
BN_mod_lshift_quick
BN_mod_mul
BN_mod_mul_montgomery
BN_mod_sqr
BN_mod_sqrt
BN_mod_sub
BN_mod_sub_quick
BN_mod_word
BN_mpi2bn
BN_mul
BN_mul_word
BN_new
BN_nnmod
BN_num_bits
BN_num_bits_word
BN_num_bytes
BN_one
BN_primality_test
BN_print
BN_print_fp
BN_pseudo_rand
BN_pseudo_rand_range
BN_rand
BN_rand_range
BN_rshift
BN_rshift1
BN_set_bit
BN_set_flags
BN_set_negative
BN_set_word
BN_sqr
BN_sqrt
BN_sub
BN_sub_word
BN_to_ASN1_ENUMERATED
BN_to_ASN1_INTEGER
BN_to_montgomery
BN_uadd
BN_ucmp
BN_usub
BN_value_one
BN_with_flags
BN_zero
BUF_MEM_free
BUF_MEM_grow
BUF_MEM_grow_clean
BUF_MEM_new
BUF_memdup
BUF_strdup
BUF_strlcat
BUF_strlcpy
BUF_strndup
BUF_strnlen
CBB_add_asn1
CBB_add_asn1_uint64
CBB_add_bytes
CBB_add_space
CBB_add_u16
CBB_add_u16_length_prefixed
CBB_add_u24
CBB_add_u24_length_prefixed
CBB_add_u8
CBB_add_u8_length_prefixed
CBB_cleanup
CBB_data
CBB_did_write
CBB_discard_child
CBB_finish
CBB_flush
CBB_init
CBB_init_fixed
CBB_len
CBB_reserve
CBB_zero
CBIGNUM_it
CBS_asn1_ber_to_der
CBS_contains_zero_byte
CBS_copy_bytes
CBS_data
CBS_get_any_asn1_element
CBS_get_any_ber_asn1_element
CBS_get_asn1
CBS_get_asn1_element
CBS_get_asn1_uint64
CBS_get_bytes
CBS_get_optional_asn1
CBS_get_optional_asn1_bool
CBS_get_optional_asn1_octet_string
CBS_get_optional_asn1_uint64
CBS_get_u16
CBS_get_u16_length_prefixed
CBS_get_u24
CBS_get_u24_length_prefixed
CBS_get_u32
CBS_get_u8
CBS_get_u8_length_prefixed
CBS_init
CBS_len
CBS_mem_equal
CBS_peek_asn1_tag
CBS_skip
CBS_stow
CBS_strdup
CERTIFICATEPOLICIES_free
CERTIFICATEPOLICIES_it
CERTIFICATEPOLICIES_new
CONF_modules_free
CONF_modules_load_file
CRL_DIST_POINTS_free
CRL_DIST_POINTS_it
CRL_DIST_POINTS_new
CRYPTO_MUTEX_cleanup
CRYPTO_MUTEX_init
CRYPTO_MUTEX_lock_read
CRYPTO_MUTEX_lock_write
CRYPTO_MUTEX_unlock
CRYPTO_STATIC_MUTEX_lock_read
CRYPTO_STATIC_MUTEX_lock_write
CRYPTO_STATIC_MUTEX_unlock
CRYPTO_cleanup_all_ex_data
CRYPTO_dup_ex_data
CRYPTO_free_ex_data
CRYPTO_gcm128_aad
CRYPTO_gcm128_decrypt
CRYPTO_gcm128_decrypt_ctr32
CRYPTO_gcm128_encrypt
CRYPTO_gcm128_encrypt_ctr32
CRYPTO_gcm128_finish
CRYPTO_gcm128_init
CRYPTO_gcm128_new
CRYPTO_gcm128_release
CRYPTO_gcm128_setiv
CRYPTO_gcm128_tag
CRYPTO_get_ex_data
CRYPTO_get_ex_new_index
CRYPTO_get_thread_local
CRYPTO_memcmp
CRYPTO_new_ex_data
CRYPTO_once
CRYPTO_refcount_dec_and_test_zero
CRYPTO_refcount_inc
CRYPTO_set_ex_data
CRYPTO_set_thread_local
DES_decrypt3
DES_ecb3_encrypt
DES_ecb_encrypt
DES_ede2_cbc_encrypt
DES_ede3_cbc_encrypt
DES_encrypt3
DES_ncbc_encrypt
DES_set_key
DES_set_key_unchecked
DES_set_odd_parity
DH_check
DH_check_pub_key
DH_compute_key
DH_free
DH_generate_key
DH_generate_parameters_ex
DH_get_1024_160
DH_get_2048_224
DH_get_2048_256
DH_get_ex_data
DH_get_ex_new_index
DH_new
DH_num_bits
DH_set_ex_data
DH_size
DH_up_ref
DHparams_dup
DIRECTORYSTRING_free
DIRECTORYSTRING_it
DIRECTORYSTRING_new
DISPLAYTEXT_free
DISPLAYTEXT_it
DISPLAYTEXT_new
DIST_POINT_NAME_free
DIST_POINT_NAME_it
DIST_POINT_NAME_new
DIST_POINT_free
DIST_POINT_it
DIST_POINT_new
DIST_POINT_set_dpname
DSA_SIG_free
DSA_SIG_new
DSA_check_signature
DSA_do_check_signature
DSA_do_sign
DSA_do_verify

Sections

.text
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 211KB - Virtual size: 210KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 109KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 48KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 52B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 44KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/4
Size: 30KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/19
Size: 6.7MB - Virtual size: 6.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/31
Size: 376KB - Virtual size: 376KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/45
Size: 541KB - Virtual size: 540KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/57
Size: 244KB - Virtual size: 244KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/70
Size: 120KB - Virtual size: 119KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/81
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/92
Size: 279KB - Virtual size: 279KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
data/adb/adb.exe
.exe windows:6 windows x86 arch:x86

Password: 123

dd77033a785324e8f4f4471a98fe5fad

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

PDB Paths

Imports

advapi32

CloseServiceHandle
EnumServicesStatusA
GetUserNameW
OpenSCManagerA
OpenServiceA
SystemFunction036

kernel32

AcquireSRWLockExclusive
AddVectoredExceptionHandler
CancelIo
CloseHandle
CreateEventA
CreateFileA
CreateFileMappingA
CreateFileMappingW
CreateFileW
CreateMutexA
CreatePipe
CreateProcessW
CreateSemaphoreA
CreateThread
DeleteCriticalSection
DeviceIoControl
DuplicateHandle
EnterCriticalSection
FindFirstVolumeW
FindNextVolumeW
FindVolumeClose
FlsAlloc
FlsGetValue
FlsSetValue
FormatMessageA
FormatMessageW
FreeLibrary
GetComputerNameW
GetConsoleMode
GetConsoleScreenBufferInfo
GetCurrentDirectoryW
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
GetCurrentThreadId
GetDiskFreeSpaceExW
GetFileAttributesA
GetFileAttributesW
GetFileInformationByHandle
GetFileSizeEx
GetFileType
GetHandleInformation
GetLastError
GetModuleFileNameA
GetModuleFileNameW
GetModuleHandleW
GetOverlappedResult
GetProcAddress
GetProcessAffinityMask
GetStartupInfoW
GetStdHandle
GetSystemInfo
GetSystemTimeAsFileTime
GetTempPathW
GetThreadContext
GetThreadId
GetThreadPriority
GetTickCount
GetTimeZoneInformation
GetVersionExA
GetVolumeInformationW
InitOnceExecuteOnce
InitializeCriticalSection
IsDBCSLeadByteEx
IsDebuggerPresent
LeaveCriticalSection
LoadLibraryA
MapViewOfFile
MultiByteToWideChar
OutputDebugStringA
QueryPerformanceCounter
QueryPerformanceFrequency
RaiseException
ReadConsoleInputA
ReadFile
ReleaseMutex
ReleaseSRWLockExclusive
ReleaseSemaphore
RemoveVectoredExceptionHandler
ResetEvent
ResumeThread
SetConsoleMode
SetEndOfFile
SetEvent
SetFilePointer
SetFilePointerEx
SetHandleInformation
SetLastError
SetProcessAffinityMask
SetThreadAffinityMask
SetThreadContext
SetThreadPriority
SetUnhandledExceptionFilter
SignalObjectAndWait
Sleep
SleepConditionVariableSRW
SleepEx
SuspendThread
SwitchToThread
TerminateProcess
TerminateThread
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
TryAcquireSRWLockExclusive
TryEnterCriticalSection
UnhandledExceptionFilter
UnmapViewOfFile
VerSetConditionMask
VerifyVersionInfoA
VirtualProtect
VirtualQuery
WaitForMultipleObjects
WaitForSingleObject
WaitForSingleObjectEx
WakeAllConditionVariable
WakeConditionVariable
WideCharToMultiByte
WriteConsoleOutputW
WriteConsoleW
WriteFile

api-ms-win-crt-convert-l1-1-0

_strtod_l
_strtoi64_l
_strtoui64_l
_ultoa
atoi
mbstowcs
strtol
strtoul
wcrtomb_s
wcstol
wcstombs
wcstoul

api-ms-win-crt-environment-l1-1-0

__p__environ
__p__wenviron
_wgetcwd
getenv
_putenv

api-ms-win-crt-filesystem-l1-1-0

_findclose
_findfirst32
_findnext32
_fstat32i64
_fullpath
_lock_file
_stat32
_stat32i64
_unlock_file
_waccess
_wchdir
_wchmod
_wfindfirst32
_wfindnext32
_wfullpath
_wmkdir
_wrename
_wstat32
_wstat32i64
_wunlink
_unlink
_umask
_rmdir

api-ms-win-crt-heap-l1-1-0

_aligned_free
_aligned_malloc
calloc
free
malloc
realloc

api-ms-win-crt-math-l1-1-0

__setusermatherr
_fdopen

api-ms-win-crt-stdio-l1-1-0

__acrt_iob_func
__p__fmode
__stdio_common_vfprintf
__stdio_common_vfwprintf
__stdio_common_vsprintf
__stdio_common_vsscanf
_close
_dup
_fseeki64
_ftelli64
_get_osfhandle
_lseeki64
_open_osfhandle
_telli64
_wfopen
_wmktemp_s
_wopen
_write
fclose
feof
ferror
fflush
fgets
fgetwc
fopen
fputc
fputs
fputwc
fread
fseek
ftell
fwrite
getc
setvbuf
ungetc
_write
_setmode
_read
_read
_lseek
_isatty
_fileno
_dup2
_dup2
_dup
_close

api-ms-win-crt-locale-l1-1-0

___lc_codepage_func
___mb_cur_max_func
__pctype_func
_configthreadlocale
_create_locale
_free_locale
localeconv
setlocale
__initialize_lconv_for_unsigned_char

api-ms-win-crt-string-l1-1-0

_isctype
_isctype_l
_iswalpha_l
_iswcntrl_l
_iswdigit_l
_iswlower_l
_iswprint_l
_iswpunct_l
_iswspace_l
_iswupper_l
_iswxdigit_l
_strcoll_l
_strnicmp
_strxfrm_l
_tolower_l
_toupper_l
_towlower_l
_towupper_l
_wcscoll_l
_wcsxfrm_l
isalnum
isalpha
islower
isprint
isspace
isupper
iswalpha
iswctype
isxdigit
memset
strcmp
strcpy
strcpy_s
strlen
strncmp
strncpy
strpbrk
strtok
tolower
toupper
wcscat
wcscpy
wcslen
_wcsicmp
_stricmp
_strdup
_strdup

api-ms-win-crt-private-l1-1-0

_setjmp3
longjmp
memchr
memcmp
memcpy
memmove
strchr
strrchr
strstr
wcschr

api-ms-win-crt-time-l1-1-0

_wutime32
__daylight
__timezone
__tzname
_ftime32
_gmtime32_s
_localtime32_s
_strftime_l
_time32
_tzset
strftime

api-ms-win-crt-utility-l1-1-0

bsearch
qsort

api-ms-win-crt-runtime-l1-1-0

_set_app_type
__p___argc
__p___argv
__p___wargv
__p__wcmdln
__sys_nerr
_beginthreadex
_cexit
_configure_narrow_argv
_configure_wide_argv
_crt_atexit
_endthreadex
_errno
_exit
_initialize_narrow_environment
_initialize_wide_environment
_initterm
_set_invalid_parameter_handler
_strerror
abort
exit
perror
raise
signal
strerror
strerror_s
_getpid

api-ms-win-crt-multibyte-l1-1-0

_mbtowc_l

shell32

SHGetFolderPathW

user32

CreateWindowExW
DefWindowProcW
DispatchMessageW
GetMessageW
MapVirtualKeyA
RegisterClassExW
ToAscii
TranslateMessage

ws2_32

WSAGetLastError
WSAIoctl
WSAPoll
WSASend
WSASetLastError
WSAStartup
accept
bind
closesocket
connect
freeaddrinfo
getaddrinfo
getsockname
getsockopt
htonl
htons
inet_addr
inet_ntoa
inet_ntop
ioctlsocket
listen
ntohl
ntohs
recv
select
send
setsockopt
shutdown
socket

adbwinapi

AdbCloseHandle
AdbCreateInterfaceByName
AdbEnumInterfaces
AdbGetEndpointInformation
AdbGetInterfaceName
AdbGetSerialNumber
AdbGetUsbDeviceDescriptor
AdbGetUsbInterfaceDescriptor
AdbNextInterface
AdbOpenDefaultBulkReadEndpoint
AdbOpenDefaultBulkWriteEndpoint
AdbReadEndpointSync
AdbWriteEndpointSync

Exports

Exports

ACCESS_DESCRIPTION_free
ACCESS_DESCRIPTION_it
ACCESS_DESCRIPTION_new
AES_cbc_encrypt
AES_cfb128_encrypt
AES_ctr128_encrypt
AES_decrypt
AES_ecb_encrypt
AES_encrypt
AES_ofb128_encrypt
AES_set_decrypt_key
AES_set_encrypt_key
AES_unwrap_key
AES_unwrap_key_padded
AES_wrap_key
AES_wrap_key_padded
ASN1_ANY_it
ASN1_BIT_STRING_check
ASN1_BIT_STRING_free
ASN1_BIT_STRING_get_bit
ASN1_BIT_STRING_it
ASN1_BIT_STRING_new
ASN1_BIT_STRING_set
ASN1_BIT_STRING_set_bit
ASN1_BMPSTRING_free
ASN1_BMPSTRING_it
ASN1_BMPSTRING_new
ASN1_BOOLEAN_it
ASN1_ENUMERATED_free
ASN1_ENUMERATED_get
ASN1_ENUMERATED_it
ASN1_ENUMERATED_new
ASN1_ENUMERATED_set
ASN1_ENUMERATED_to_BN
ASN1_FBOOLEAN_it
ASN1_GENERALIZEDTIME_adj
ASN1_GENERALIZEDTIME_check
ASN1_GENERALIZEDTIME_free
ASN1_GENERALIZEDTIME_it
ASN1_GENERALIZEDTIME_new
ASN1_GENERALIZEDTIME_print
ASN1_GENERALIZEDTIME_set
ASN1_GENERALIZEDTIME_set_string
ASN1_GENERALSTRING_free
ASN1_GENERALSTRING_it
ASN1_GENERALSTRING_new
ASN1_IA5STRING_free
ASN1_IA5STRING_it
ASN1_IA5STRING_new
ASN1_INTEGER_cmp
ASN1_INTEGER_dup
ASN1_INTEGER_free
ASN1_INTEGER_get
ASN1_INTEGER_it
ASN1_INTEGER_new
ASN1_INTEGER_set
ASN1_INTEGER_set_uint64
ASN1_INTEGER_to_BN
ASN1_NULL_free
ASN1_NULL_it
ASN1_NULL_new
ASN1_OBJECT_create
ASN1_OBJECT_free
ASN1_OBJECT_it
ASN1_OBJECT_new
ASN1_OCTET_STRING_NDEF_it
ASN1_OCTET_STRING_cmp
ASN1_OCTET_STRING_dup
ASN1_OCTET_STRING_free
ASN1_OCTET_STRING_it
ASN1_OCTET_STRING_new
ASN1_OCTET_STRING_set
ASN1_PRINTABLESTRING_free
ASN1_PRINTABLESTRING_it
ASN1_PRINTABLESTRING_new
ASN1_PRINTABLE_free
ASN1_PRINTABLE_it
ASN1_PRINTABLE_new
ASN1_PRINTABLE_type
ASN1_SEQUENCE_ANY_it
ASN1_SEQUENCE_it
ASN1_SET_ANY_it
ASN1_STRING_TABLE_add
ASN1_STRING_TABLE_cleanup
ASN1_STRING_TABLE_get
ASN1_STRING_cmp
ASN1_STRING_copy
ASN1_STRING_data
ASN1_STRING_dup
ASN1_STRING_free
ASN1_STRING_get0_data
ASN1_STRING_get_default_mask
ASN1_STRING_length
ASN1_STRING_length_set
ASN1_STRING_new
ASN1_STRING_print
ASN1_STRING_print_ex
ASN1_STRING_print_ex_fp
ASN1_STRING_set
ASN1_STRING_set0
ASN1_STRING_set_by_NID
ASN1_STRING_set_default_mask
ASN1_STRING_set_default_mask_asc
ASN1_STRING_to_UTF8
ASN1_STRING_type
ASN1_STRING_type_new
ASN1_T61STRING_free
ASN1_T61STRING_it
ASN1_T61STRING_new
ASN1_TBOOLEAN_it
ASN1_TIME_adj
ASN1_TIME_check
ASN1_TIME_diff
ASN1_TIME_free
ASN1_TIME_it
ASN1_TIME_new
ASN1_TIME_print
ASN1_TIME_set
ASN1_TIME_set_string
ASN1_TIME_to_generalizedtime
ASN1_TYPE_cmp
ASN1_TYPE_free
ASN1_TYPE_get
ASN1_TYPE_new
ASN1_TYPE_set
ASN1_TYPE_set1
ASN1_UNIVERSALSTRING_free
ASN1_UNIVERSALSTRING_it
ASN1_UNIVERSALSTRING_new
ASN1_UTCTIME_adj
ASN1_UTCTIME_check
ASN1_UTCTIME_cmp_time_t
ASN1_UTCTIME_free
ASN1_UTCTIME_it
ASN1_UTCTIME_new
ASN1_UTCTIME_print
ASN1_UTCTIME_set
ASN1_UTCTIME_set_string
ASN1_UTF8STRING_free
ASN1_UTF8STRING_it
ASN1_UTF8STRING_new
ASN1_VISIBLESTRING_free
ASN1_VISIBLESTRING_it
ASN1_VISIBLESTRING_new
ASN1_digest
ASN1_generate_nconf
ASN1_generate_v3
ASN1_get_object
ASN1_item_d2i
ASN1_item_d2i_bio
ASN1_item_d2i_fp
ASN1_item_digest
ASN1_item_dup
ASN1_item_free
ASN1_item_i2d
ASN1_item_i2d_bio
ASN1_item_i2d_fp
ASN1_item_ndef_i2d
ASN1_item_new
ASN1_item_pack
ASN1_item_sign
ASN1_item_sign_ctx
ASN1_item_unpack
ASN1_item_verify
ASN1_mbstring_copy
ASN1_mbstring_ncopy
ASN1_object_size
ASN1_put_eoc
ASN1_put_object
ASN1_tag2bit
ASN1_tag2str
AUTHORITY_INFO_ACCESS_free
AUTHORITY_INFO_ACCESS_it
AUTHORITY_INFO_ACCESS_new
AUTHORITY_KEYID_free
AUTHORITY_KEYID_it
AUTHORITY_KEYID_new
BASIC_CONSTRAINTS_free
BASIC_CONSTRAINTS_it
BASIC_CONSTRAINTS_new
BIO_append_filename
BIO_callback_ctrl
BIO_clear_flags
BIO_clear_retry_flags
BIO_copy_next_retry
BIO_ctrl
BIO_ctrl_pending
BIO_eof
BIO_find_type
BIO_flush
BIO_free
BIO_free_all
BIO_get_data
BIO_get_fd
BIO_get_fp
BIO_get_init
BIO_get_mem_data
BIO_get_mem_ptr
BIO_get_new_index
BIO_get_retry_flags
BIO_get_retry_reason
BIO_get_shutdown
BIO_gets
BIO_hexdump
BIO_indent
BIO_int_ctrl
BIO_mem_contents
BIO_meth_free
BIO_meth_new
BIO_meth_set_create
BIO_meth_set_ctrl
BIO_meth_set_destroy
BIO_meth_set_gets
BIO_meth_set_puts
BIO_meth_set_read
BIO_meth_set_write
BIO_method_type
BIO_new
BIO_new_fd
BIO_new_file
BIO_new_fp
BIO_new_mem_buf
BIO_new_socket
BIO_next
BIO_number_read
BIO_number_written
BIO_pending
BIO_pop
BIO_printf
BIO_ptr_ctrl
BIO_push
BIO_puts
BIO_read
BIO_read_asn1
BIO_read_filename
BIO_reset
BIO_rw_filename
BIO_s_fd
BIO_s_file
BIO_s_mem
BIO_s_socket
BIO_set_close
BIO_set_data
BIO_set_fd
BIO_set_flags
BIO_set_fp
BIO_set_init
BIO_set_mem_buf
BIO_set_mem_eof_return
BIO_set_retry_read
BIO_set_retry_special
BIO_set_retry_write
BIO_set_shutdown
BIO_set_write_buffer_size
BIO_should_io_special
BIO_should_read
BIO_should_retry
BIO_should_write
BIO_snprintf
BIO_test_flags
BIO_up_ref
BIO_vfree
BIO_vsnprintf
BIO_wpending
BIO_write
BIO_write_all
BIO_write_filename
BN_CTX_end
BN_CTX_free
BN_CTX_get
BN_CTX_new
BN_CTX_start
BN_GENCB_call
BN_GENCB_set
BN_MONT_CTX_copy
BN_MONT_CTX_free
BN_MONT_CTX_new
BN_MONT_CTX_new_consttime
BN_MONT_CTX_new_for_modulus
BN_MONT_CTX_set
BN_abs_is_word
BN_add
BN_add_word
BN_asc2bn
BN_bin2bn
BN_bn2bin
BN_bn2bin_padded
BN_bn2binpad
BN_bn2cbb_padded
BN_bn2dec
BN_bn2hex
BN_bn2le_padded
BN_bn2mpi
BN_clear
BN_clear_bit
BN_clear_free
BN_cmp
BN_cmp_word
BN_copy
BN_count_low_zero_bits
BN_dec2bn
BN_div
BN_div_word
BN_dup
BN_enhanced_miller_rabin_primality_test
BN_equal_consttime
BN_exp
BN_free
BN_from_montgomery
BN_gcd
BN_generate_prime_ex
BN_get_u64
BN_get_word
BN_hex2bn
BN_init
BN_is_bit_set
BN_is_negative
BN_is_odd
BN_is_one
BN_is_pow2
BN_is_prime_ex
BN_is_prime_fasttest_ex
BN_is_word
BN_is_zero
BN_le2bn
BN_lshift
BN_lshift1
BN_marshal_asn1
BN_mask_bits
BN_mod_add
BN_mod_add_quick
BN_mod_exp
BN_mod_exp2_mont
BN_mod_exp_mont
BN_mod_exp_mont_consttime
BN_mod_exp_mont_word
BN_mod_inverse
BN_mod_lshift
BN_mod_lshift1
BN_mod_lshift1_quick
BN_mod_lshift_quick
BN_mod_mul
BN_mod_mul_montgomery
BN_mod_pow2
BN_mod_sqr
BN_mod_sqrt
BN_mod_sub
BN_mod_sub_quick
BN_mod_word
BN_mpi2bn
BN_mul
BN_mul_word
BN_new
BN_nnmod
BN_nnmod_pow2
BN_num_bits
BN_num_bits_word
BN_num_bytes
BN_one
BN_parse_asn1_unsigned
BN_primality_test
BN_print
BN_print_fp
BN_pseudo_rand
BN_pseudo_rand_range
BN_rand
BN_rand_range
BN_rand_range_ex
BN_rshift
BN_rshift1
BN_set_bit
BN_set_negative
BN_set_u64
BN_set_word
BN_sqr
BN_sqrt
BN_sub
BN_sub_word
BN_to_ASN1_ENUMERATED
BN_to_ASN1_INTEGER
BN_to_montgomery
BN_uadd
BN_ucmp
BN_usub
BN_value_one
BN_zero
BORINGSSL_self_test
BUF_MEM_append
BUF_MEM_free
BUF_MEM_grow
BUF_MEM_grow_clean
BUF_MEM_new
BUF_MEM_reserve
BUF_memdup
BUF_strdup
BUF_strlcat
BUF_strlcpy
BUF_strndup
BUF_strnlen
CBB_add_asn1
CBB_add_asn1_bool
CBB_add_asn1_int64
CBB_add_asn1_octet_string
CBB_add_asn1_oid_from_text
CBB_add_asn1_uint64
CBB_add_bytes
CBB_add_space
CBB_add_u16
CBB_add_u16_length_prefixed
CBB_add_u16le
CBB_add_u24
CBB_add_u24_length_prefixed
CBB_add_u32
CBB_add_u32le
CBB_add_u64
CBB_add_u64le
CBB_add_u8
CBB_add_u8_length_prefixed
CBB_cleanup
CBB_data
CBB_did_write
CBB_discard_child
CBB_finish
CBB_flush
CBB_flush_asn1_set_of
CBB_init
CBB_init_fixed
CBB_len
CBB_reserve
CBB_zero
CBS_asn1_ber_to_der
CBS_asn1_bitstring_has_bit
CBS_asn1_oid_to_text
CBS_contains_zero_byte
CBS_copy_bytes
CBS_data
CBS_get_any_asn1
CBS_get_any_asn1_element
CBS_get_any_ber_asn1_element
CBS_get_asn1
CBS_get_asn1_bool
CBS_get_asn1_element
CBS_get_asn1_implicit_string
CBS_get_asn1_int64
CBS_get_asn1_uint64
CBS_get_bytes
CBS_get_last_u8
CBS_get_optional_asn1
CBS_get_optional_asn1_bool
CBS_get_optional_asn1_octet_string
CBS_get_optional_asn1_uint64
CBS_get_u16
CBS_get_u16_length_prefixed
CBS_get_u16le
CBS_get_u24
CBS_get_u24_length_prefixed
CBS_get_u32
CBS_get_u32le
CBS_get_u64
CBS_get_u64le
CBS_get_u8
CBS_get_u8_length_prefixed
CBS_init
CBS_is_valid_asn1_bitstring
CBS_len
CBS_mem_equal
CBS_peek_asn1_tag
CBS_skip
CBS_stow
CBS_strdup
CERTIFICATEPOLICIES_free
CERTIFICATEPOLICIES_it
CERTIFICATEPOLICIES_new
CONF_modules_free
CONF_modules_load_file
CRL_DIST_POINTS_free
CRL_DIST_POINTS_it
CRL_DIST_POINTS_new
CRYPTO_BUFFER_POOL_free
CRYPTO_BUFFER_POOL_new
CRYPTO_BUFFER_alloc
CRYPTO_BUFFER_data
CRYPTO_BUFFER_free
CRYPTO_BUFFER_init_CBS
CRYPTO_BUFFER_len
CRYPTO_BUFFER_new
CRYPTO_BUFFER_new_from_CBS
CRYPTO_BUFFER_up_ref
CRYPTO_MUTEX_cleanup
CRYPTO_MUTEX_init
CRYPTO_MUTEX_lock_read
CRYPTO_MUTEX_lock_write
CRYPTO_MUTEX_unlock_read
CRYPTO_MUTEX_unlock_write
CRYPTO_STATIC_MUTEX_lock_read
CRYPTO_STATIC_MUTEX_lock_write
CRYPTO_STATIC_MUTEX_unlock_read
CRYPTO_STATIC_MUTEX_unlock_write
CRYPTO_chacha_20
CRYPTO_cleanup_all_ex_data

Sections

.text
Size: 3.7MB - Virtual size: 3.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 928KB - Virtual size: 928KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.buildid
Size: 512B - Virtual size: 81B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 228KB - Virtual size: 342KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gcc_exc
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 28B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 111KB - Virtual size: 110KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
data/ezteam
.elf linux arm
dll/opengl32.dll
.dll windows:4 windows x64 arch:x64

508c1ccd20e4ce4f2e66dd50060e2375

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

advapi32

CryptAcquireContextW
CryptGenRandom
CryptReleaseContext

gdi32

GetPixelFormat
SetPixelFormat
StretchDIBits

imagehlp

EnumerateLoadedModules64
StackWalk64
SymFunctionTableAccess64
SymGetLineFromAddr64
SymGetModuleBase64
SymGetSymFromAddr64
SymInitialize
SymSetOptions

kernel32

AssignProcessToJobObject
CloseHandle
CreateDirectoryW
CreateEventA
CreateFileMappingW
CreateFileW
CreateHardLinkW
CreateJobObjectW
CreateProcessW
CreateSemaphoreA
CreateThread
CreateToolhelp32Snapshot
DeleteCriticalSection
DeleteFileW
DuplicateHandle
EnterCriticalSection
FindClose
FindFirstFileW
FindNextFileW
FlushInstructionCache
FormatMessageA
FreeLibrary
GetCommandLineW
GetConsoleMode
GetConsoleScreenBufferInfo
GetConsoleWindow
GetCurrentDirectoryW
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
GetCurrentThreadId
GetEnvironmentVariableW
GetExitCodeProcess
GetFileAttributesW
GetFileInformationByHandle
GetFileType
GetHandleInformation
GetLastError
GetModuleFileNameW
GetModuleHandleW
GetProcAddress
GetProcessAffinityMask
GetProcessTimes
GetStdHandle
GetSystemInfo
GetSystemTimeAsFileTime
GetTempPathW
GetThreadContext
GetThreadPriority
GetTickCount
InitializeCriticalSection
IsDBCSLeadByteEx
IsDebuggerPresent
LeaveCriticalSection
LoadLibraryA
LoadLibraryW
LocalFree
MapViewOfFile
MoveFileExW
MultiByteToWideChar
OutputDebugStringA
QueryPerformanceCounter
QueryPerformanceFrequency
RaiseException
ReadFile
ReleaseSemaphore
RemoveDirectoryW
ResetEvent
ResumeThread
RtlAddFunctionTable
RtlCaptureContext
RtlLookupFunctionEntry
RtlUnwindEx
RtlVirtualUnwind
SearchPathW
SetConsoleCtrlHandler
SetConsoleTextAttribute
SetCriticalSectionSpinCount
SetErrorMode
SetEvent
SetFileTime
SetInformationJobObject
SetLastError
SetProcessAffinityMask
SetThreadContext
SetThreadPriority
SetUnhandledExceptionFilter
Sleep
SuspendThread
TerminateProcess
Thread32First
Thread32Next
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
TryEnterCriticalSection
UnhandledExceptionFilter
UnmapViewOfFile
VirtualAlloc
VirtualFree
VirtualProtect
VirtualQuery
WaitForMultipleObjects
WaitForSingleObject
WideCharToMultiByte
__C_specific_handler

msvcrt

___lc_codepage_func
__dllonexit
__iob_func
__mb_cur_max
__setusermatherr
_aligned_free
_aligned_malloc
_amsg_exit
_beginthreadex
_chsize
_close
_close
_endthreadex
_errno
_exit
_fileno
_fileno
_fpclass
_ftime
_get_osfhandle
_heapwalk
_initterm
_isatty
_localtime64
_lock
_lseek
_onexit
_open_osfhandle
_read
_setjmp
_setmode
_setmode
_stricmp
_stricmp
_strdup
_unlock
_vscprintf
_vsnprintf
_wopen
_write
abort
acos
asin
atan
atan2
atof
atoi
bsearch
calloc
clearerr
cosh
exit
fclose
feof
ferror
fflush
fgets
fopen
fprintf
fputc
fputs
fread
free
frexp
fwrite
getc
getenv
isalnum
isalpha
islower
isprint
isspace
isupper
isxdigit
localeconv
log10
longjmp
malloc
memchr
memcmp
memcpy
memmove
memset
perror
printf
putchar
puts
qsort
rand
realloc
signal
sinh
sprintf
sscanf
strcat
strchr
strcmp
strcpy
strerror
strftime
strlen
strncat
strncmp
strncpy
strpbrk
strstr
strtok
strtol
tan
tanh
tolower
toupper
vfprintf
wcslen

shell32

CommandLineToArgvW

user32

AdjustWindowRectEx
CallNextHookEx
ClientToScreen
CreateWindowExA
DefWindowProcA
DestroyWindow
GetClientRect
GetDC
GetWindowRect
LoadCursorA
LoadIconA
RegisterClassA
ReleaseDC
SetWindowsHookExA
UnhookWindowsHookEx
WindowFromDC

Exports

Exports

DrvCopyContext
DrvCreateContext
DrvCreateLayerContext
DrvDeleteContext
DrvDescribeLayerPlane
DrvDescribePixelFormat
DrvGetLayerPaletteEntries
DrvGetProcAddress
DrvPresentBuffers
DrvRealizeLayerPalette
DrvReleaseContext
DrvSetCallbackProcs
DrvSetContext
DrvSetLayerPaletteEntries
DrvSetPixelFormat
DrvShareLists
DrvSwapBuffers
DrvSwapLayerBuffers
DrvValidateVersion
glAccum
glActiveProgramEXT
glActiveTexture
glActiveTextureARB
glAlphaFragmentOp1ATI
glAlphaFragmentOp2ATI
glAlphaFragmentOp3ATI
glAlphaFunc
glAreProgramsResidentNV
glAreTexturesResident
glAreTexturesResidentEXT
glArrayElement
glArrayElementEXT
glAttachObjectARB
glAttachShader
glBegin
glBeginConditionalRender
glBeginConditionalRenderNV
glBeginFragmentShaderATI
glBeginPerfMonitorAMD
glBeginQuery
glBeginQueryARB
glBeginQueryIndexed
glBeginTransformFeedback
glBeginTransformFeedbackEXT
glBindAttribLocation
glBindAttribLocationARB
glBindBuffer
glBindBufferARB
glBindBufferBase
glBindBufferBaseEXT
glBindBufferOffsetEXT
glBindBufferRange
glBindBufferRangeEXT
glBindFragDataLocation
glBindFragDataLocationEXT
glBindFragDataLocationIndexed
glBindFragmentShaderATI
glBindFramebuffer
glBindFramebufferEXT
glBindProgramARB
glBindProgramNV
glBindRenderbuffer
glBindRenderbufferEXT
glBindSampler
glBindTexture
glBindTextureEXT
glBindTransformFeedback
glBindVertexArray
glBindVertexBuffer
glBitmap
glBlendColor
glBlendColorEXT
glBlendEquation
glBlendEquationEXT
glBlendEquationIndexedAMD
glBlendEquationSeparate
glBlendEquationSeparateIndexedAMD
glBlendEquationSeparateiARB
glBlendEquationiARB
glBlendFunc
glBlendFuncIndexedAMD
glBlendFuncSeparate
glBlendFuncSeparateEXT
glBlendFuncSeparateIndexedAMD
glBlendFuncSeparateiARB
glBlendFunciARB
glBlitFramebuffer
glBufferData
glBufferDataARB
glBufferSubData
glBufferSubDataARB
glCallList
glCallLists
glCheckFramebufferStatus
glCheckFramebufferStatusEXT
glClampColor
glClampColorARB
glClear
glClearAccum
glClearBufferfi
glClearBufferfv
glClearBufferiv
glClearBufferuiv
glClearColor
glClearColorIiEXT
glClearColorIuiEXT
glClearDepth
glClearDepthf
glClearIndex
glClearStencil
glClientActiveTexture
glClientActiveTextureARB
glClientWaitSync
glClipPlane
glColor3b
glColor3bv
glColor3d
glColor3dv
glColor3f
glColor3fv
glColor3i
glColor3iv
glColor3s
glColor3sv
glColor3ub
glColor3ubv
glColor3ui
glColor3uiv
glColor3us
glColor3usv
glColor4b
glColor4bv
glColor4d
glColor4dv
glColor4f
glColor4fv
glColor4i
glColor4iv
glColor4s
glColor4sv
glColor4ub
glColor4ubv
glColor4ui
glColor4uiv
glColor4us
glColor4usv
glColorFragmentOp1ATI
glColorFragmentOp2ATI
glColorFragmentOp3ATI
glColorMask
glColorMaskIndexedEXT
glColorMaski
glColorMaterial
glColorP3ui
glColorP3uiv
glColorP4ui
glColorP4uiv
glColorPointer
glColorPointerEXT
glColorSubTable
glColorTable
glColorTableEXT
glColorTableParameterfv
glColorTableParameteriv
glCompileShader
glCompileShaderARB
glCompressedTexImage1D
glCompressedTexImage1DARB
glCompressedTexImage2D
glCompressedTexImage2DARB
glCompressedTexImage3D
glCompressedTexImage3DARB
glCompressedTexSubImage1D
glCompressedTexSubImage1DARB
glCompressedTexSubImage2D
glCompressedTexSubImage2DARB
glCompressedTexSubImage3D
glCompressedTexSubImage3DARB
glConvolutionFilter1D
glConvolutionFilter2D
glConvolutionParameterf
glConvolutionParameterfv
glConvolutionParameteri
glConvolutionParameteriv
glCopyBufferSubData
glCopyColorSubTable
glCopyColorTable
glCopyConvolutionFilter1D
glCopyConvolutionFilter2D
glCopyPixels
glCopyTexImage1D
glCopyTexImage1DEXT
glCopyTexImage2D
glCopyTexImage2DEXT
glCopyTexSubImage1D
glCopyTexSubImage1DEXT
glCopyTexSubImage2D
glCopyTexSubImage2DEXT
glCopyTexSubImage3D
glCopyTexSubImage3DEXT
glCreateProgram
glCreateProgramObjectARB
glCreateShader
glCreateShaderObjectARB
glCreateShaderProgramEXT
glCullFace
glDebugMessageCallback
glDebugMessageCallbackARB
glDebugMessageControl
glDebugMessageControlARB
glDebugMessageInsert
glDebugMessageInsertARB
glDeleteBuffers
glDeleteBuffersARB
glDeleteFragmentShaderATI
glDeleteFramebuffers
glDeleteFramebuffersEXT
glDeleteLists
glDeleteObjectARB
glDeletePerfMonitorsAMD
glDeleteProgram
glDeleteProgramsARB
glDeleteProgramsNV
glDeleteQueries
glDeleteQueriesARB
glDeleteRenderbuffers
glDeleteRenderbuffersEXT
glDeleteSamplers
glDeleteShader
glDeleteSync
glDeleteTextures
glDeleteTexturesEXT
glDeleteTransformFeedbacks
glDeleteVertexArrays
glDepthFunc
glDepthMask
glDepthRange
glDepthRangef
glDetachObjectARB
glDetachShader
glDisable
glDisableClientState
glDisableIndexedEXT
glDisableVertexAttribArray
glDisableVertexAttribArrayARB
glDisablei
glDrawArrays
glDrawArraysEXT
glDrawArraysInstanced
glDrawArraysInstancedARB
glDrawArraysInstancedBaseInstance
glDrawArraysInstancedEXT
glDrawBuffer
glDrawBuffers
glDrawBuffersARB
glDrawBuffersATI
glDrawElements
glDrawElementsBaseVertex
glDrawElementsInstanced
glDrawElementsInstancedARB
glDrawElementsInstancedBaseInstance
glDrawElementsInstancedBaseVertex
glDrawElementsInstancedBaseVertexBaseInstance
glDrawElementsInstancedEXT
glDrawPixels
glDrawRangeElements
glDrawRangeElementsBaseVertex
glDrawRangeElementsEXT
glDrawTransformFeedback
glDrawTransformFeedbackInstanced
glDrawTransformFeedbackStream
glDrawTransformFeedbackStreamInstanced
glEGLImageTargetRenderbufferStorageOES
glEGLImageTargetTexture2DOES
glEdgeFlag
glEdgeFlagPointer
glEdgeFlagPointerEXT
glEdgeFlagv
glEnable
glEnableClientState
glEnableIndexedEXT
glEnableVertexAttribArray
glEnableVertexAttribArrayARB
glEnablei
glEnd
glEndConditionalRender
glEndConditionalRenderNV
glEndFragmentShaderATI
glEndList
glEndPerfMonitorAMD
glEndQuery
glEndQueryARB
glEndQueryIndexed
glEndTransformFeedback
glEndTransformFeedbackEXT
glEvalCoord1d
glEvalCoord1dv
glEvalCoord1f
glEvalCoord1fv
glEvalCoord2d
glEvalCoord2dv
glEvalCoord2f
glEvalCoord2fv
glEvalMesh1
glEvalMesh2
glEvalPoint1
glEvalPoint2
glExecuteProgramNV
glFeedbackBuffer
glFenceSync
glFinish
glFlush
glFlushMappedBufferRange
glFogCoordPointer
glFogCoordPointerEXT
glFogCoordd
glFogCoorddEXT
glFogCoorddv
glFogCoorddvEXT
glFogCoordf
glFogCoordfEXT
glFogCoordfv
glFogCoordfvEXT
glFogf
glFogfv
glFogi
glFogiv
glFramebufferRenderbuffer
glFramebufferRenderbufferEXT
glFramebufferTexture
glFramebufferTexture1D
glFramebufferTexture1DEXT
glFramebufferTexture2D
glFramebufferTexture2DEXT
glFramebufferTexture3D
glFramebufferTexture3DEXT
glFramebufferTextureARB
glFramebufferTextureFaceARB
glFramebufferTextureLayer
glFramebufferTextureLayerARB
glFramebufferTextureLayerEXT
glFrontFace
glFrustum
glGenBuffers
glGenBuffersARB
glGenFragmentShadersATI
glGenFramebuffers
glGenFramebuffersEXT
glGenLists
glGenPerfMonitorsAMD
glGenProgramsARB
glGenProgramsNV
glGenQueries
glGenQueriesARB
glGenRenderbuffers
glGenRenderbuffersEXT
glGenSamplers
glGenTextures
glGenTexturesEXT
glGenTransformFeedbacks
glGenVertexArrays
glGenerateMipmap
glGenerateMipmapEXT
glGetActiveAtomicCounterBufferiv
glGetActiveAttrib
glGetActiveAttribARB
glGetActiveUniform
glGetActiveUniformARB
glGetActiveUniformBlockName
glGetActiveUniformBlockiv
glGetActiveUniformName
glGetActiveUniformsiv
glGetAttachedObjectsARB
glGetAttachedShaders
glGetAttribLocation
glGetAttribLocationARB
glGetBooleanIndexedvEXT
glGetBooleani_v
glGetBooleanv
glGetBufferParameteri64v
glGetBufferParameteriv
glGetBufferParameterivARB
glGetBufferPointerv
glGetBufferPointervARB
glGetBufferSubData
glGetBufferSubDataARB
glGetClipPlane
glGetColorTable
glGetColorTableEXT
glGetColorTableParameterfv
glGetColorTableParameterfvEXT
glGetColorTableParameteriv
glGetColorTableParameterivEXT
glGetCompressedTexImage
glGetCompressedTexImageARB
glGetConvolutionFilter
glGetConvolutionParameterfv
glGetConvolutionParameteriv
glGetDebugMessageLog
glGetDebugMessageLogARB
glGetDoublev
glGetError
glGetFloatv
glGetFragDataIndex
glGetFragDataLocation
glGetFragDataLocationEXT
glGetFramebufferAttachmentParameteriv
glGetFramebufferAttachmentParameterivEXT
glGetGraphicsResetStatusARB
glGetHandleARB
glGetHistogram
glGetHistogramParameterfv
glGetHistogramParameteriv
glGetInfoLogARB
glGetInteger64i_v
glGetInteger64v
glGetIntegerIndexedvEXT
glGetIntegeri_v
glGetIntegerv
glGetLightfv
glGetLightiv
glGetMapdv
glGetMapfv
glGetMapiv
glGetMaterialfv
glGetMaterialiv
glGetMinmax
glGetMinmaxParameterfv
glGetMinmaxParameteriv
glGetMultisamplefv
glGetObjectLabel
glGetObjectParameterfvARB
glGetObjectParameterivAPPLE
glGetObjectParameterivARB
glGetObjectPtrLabel
glGetPerfMonitorCounterDataAMD
glGetPerfMonitorCounterInfoAMD
glGetPerfMonitorCounterStringAMD
glGetPerfMonitorCountersAMD
glGetPerfMonitorGroupStringAMD
glGetPerfMonitorGroupsAMD
glGetPixelMapfv
glGetPixelMapuiv
glGetPixelMapusv
glGetPointerv
glGetPointervEXT
glGetPolygonStipple
glGetProgramBinary
glGetProgramEnvParameterdvARB
glGetProgramEnvParameterfvARB
glGetProgramInfoLog
glGetProgramLocalParameterdvARB
glGetProgramLocalParameterfvARB
glGetProgramNamedParameterdvNV
glGetProgramNamedParameterfvNV
glGetProgramParameterdvNV
glGetProgramParameterfvNV
glGetProgramStringARB
glGetProgramStringNV
glGetProgramiv
glGetProgramivARB
glGetProgramivNV
glGetQueryIndexediv
glGetQueryObjectiv
glGetQueryObjectivARB
glGetQueryObjectuiv
glGetQueryObjectuivARB
glGetQueryiv
glGetQueryivARB
glGetRenderbufferParameteriv
glGetRenderbufferParameterivEXT
glGetSamplerParameterIiv
glGetSamplerParameterIuiv
glGetSamplerParameterfv
glGetSamplerParameteriv
glGetSeparableFilter
glGetShaderInfoLog
glGetShaderPrecisionFormat
glGetShaderSource
glGetShaderSourceARB
glGetShaderiv
glGetString
glGetStringi
glGetSynciv
glGetTexBumpParameterfvATI
glGetTexBumpParameterivATI
glGetTexEnvfv
glGetTexEnviv
glGetTexGendv
glGetTexGenfv
glGetTexGeniv
glGetTexImage
glGetTexLevelParameterfv
glGetTexLevelParameteriv
glGetTexParameterIiv
glGetTexParameterIivEXT
glGetTexParameterIuiv
glGetTexParameterIuivEXT
glGetTexParameterfv
glGetTexParameteriv

Sections

.text
Size: 13.5MB - Virtual size: 13.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 146KB - Virtual size: 146KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 3.7MB - Virtual size: 3.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 313KB - Virtual size: 313KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 333KB - Virtual size: 333KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 1.9MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 38KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 96B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 104B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 68KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
dwmapi.dll
.dll windows:10 windows x86 arch:x86

68b6dcd962f05c3998994efcf2e2e012

Code Sign

33:00:00:02:66:bd:15:80:ef:a7:5c:d6:d3:00:00:00:00:02:66
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

04/03/2020, 18:30

Not After

03/03/2021, 18:30

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

f1:a2:85:83:e1:62:be:88:27:8e:7d:c4:c8:c3:83:31:b0:59:dc:4e:80:36:60:1f:9b:31:03:06:39:ca:07:81
Signer

Actual PE Digest

f1:a2:85:83:e1:62:be:88:27:8e:7d:c4:c8:c3:83:31:b0:59:dc:4e:80:36:60:1f:9b:31:03:06:39:ca:07:81

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

dwmapi.pdb

Imports

msvcrt

memcmp
floor
_ftol2
memcpy
malloc
free
_amsg_exit
_XcptFilter
_onexit
_initterm
__dllonexit
_unlock
_lock
wcsrchr
_vsnwprintf
memmove_s
_purecall
memcpy_s
_except_handler4_common
memset

ntdll

WinSqmIsOptedIn
EtwEventRegister
EtwEventUnregister
EtwEventSetInformation
EtwEventWriteTransfer
RtlInsertElementGenericTable
NtAlpcSendWaitReceivePort
NtConnectPort
NtMapViewOfSection
NtUnmapViewOfSection
NtCreateSection
NtCreateEvent
RtlInitUnicodeString
DbgPrompt
NtQuerySystemInformation
RtlCaptureStackBackTrace
DbgPrintEx
RtlDeleteElementGenericTable
RtlEnumerateGenericTableWithoutSplaying
RtlNumberGenericTableElements
WinSqmAddToStream
SbSelectProcedure
RtlFreeSid
RtlFreeHeap
RtlSetDaclSecurityDescriptor
RtlAddAccessAllowedAce
RtlCreateAcl
RtlCreateSecurityDescriptor
RtlAllocateHeap
RtlLengthSid
RtlAllocateAndInitializeSid
RtlInitializeGenericTable
RtlLookupElementGenericTable

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW
GetProcAddress
GetModuleHandleExW
GetModuleFileNameW
DisableThreadLibraryCalls
GetModuleFileNameA

api-ms-win-core-synch-l1-1-0

OpenEventW
ReleaseMutex
LeaveCriticalSection
ReleaseSRWLockExclusive
InitializeCriticalSectionEx
WaitForSingleObject
EnterCriticalSection
CreateSemaphoreExW
CreateEventW
DeleteCriticalSection
AcquireSRWLockShared
CreateMutexExW
ReleaseSemaphore
AcquireSRWLockExclusive
ReleaseSRWLockShared
WaitForSingleObjectEx
OpenSemaphoreW
InitializeCriticalSection

api-ms-win-core-heap-l1-1-0

HeapFree
GetProcessHeap
HeapAlloc
HeapReAlloc

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
SetLastError
GetLastError
UnhandledExceptionFilter

api-ms-win-core-threadpool-l1-2-0

CloseThreadpoolTimer
CreateThreadpoolTimer
SetThreadpoolTimer
WaitForThreadpoolTimerCallbacks

api-ms-win-core-processthreads-l1-1-0

GetCurrentThreadId
TerminateProcess
GetCurrentThread
TerminateThread
GetCurrentProcess
GetCurrentProcessId

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
DebugBreak
OutputDebugStringW

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-registry-l1-1-0

RegCreateKeyExW
RegCloseKey
RegSetValueExW
RegDeleteValueW
RegQueryValueExW
RegGetValueW
RegOpenKeyExW

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW

api-ms-win-core-synch-l1-2-0

Sleep
InitOnceBeginInitialize
InitOnceComplete
InitOnceExecuteOnce
WakeAllConditionVariable
SleepConditionVariableSRW

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter
QueryPerformanceFrequency

api-ms-win-core-errorhandling-l1-1-3

TerminateProcessOnMemoryExhaustion

api-ms-win-core-errorhandling-l1-1-2

RaiseFailFastException

api-ms-win-core-heap-l2-1-0

LocalFree

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount

api-ms-win-core-kernel32-legacy-l1-1-0

MulDiv

win32u

NtDCompositionRegisterVirtualDesktopVisual
NtDCompositionSetChildRootVisual
NtDCompositionRegisterThumbnailVisual
NtDCompositionDuplicateSwapchainHandleToDwm

user32

GetDC
TrackMouseEvent
GetAncestor
GetWindowRect
SetWindowCompositionAttribute
GetClientRect
ord2574
RemovePropW
DwmGetDxSharedSurface
IsThreadDesktopComposited
GetSystemMetrics
IsTopLevelWindow
GetPropW
GetWindowCompositionAttribute
SetWindowCompositionTransition
SetWinEventHook
ord2635
UnhookWinEvent
SystemParametersInfoW
GetCapture
GetWindowThreadProcessId
UpdateDefaultDesktopThumbnail
GetShellWindow
GetWindowLongW
MonitorFromWindow
ReleaseDC
GetWindow
GetWindowInfo
ord2557
GetGuiResources
GetPointerInfo

gdi32

SelectObject
Rectangle
ord1005
ScaleValues
ScaleRgn
GetRegionData
GetObjectW
CreateCompatibleDC
CreateDIBSection
StretchDIBits
GdiAlphaBlend
GetStockObject
DeleteDC
DeleteObject
GetDIBits

api-ms-win-core-util-l1-1-0

EncodePointer
DecodePointer

api-ms-win-core-winrt-error-l1-1-0

RoOriginateError

api-ms-win-gdi-dpiinfo-l1-1-0

GetCurrentDpiInfo

api-ms-win-core-quirks-l1-1-0

QuirkIsEnabled

api-ms-win-eventing-provider-l1-1-0

EventWriteTransfer

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DwmAttachMilContent
DwmDefWindowProc
DwmDetachMilContent
DwmEnableBlurBehindWindow
DwmEnableComposition
DwmEnableMMCSS
DwmExtendFrameIntoClientArea
DwmFlush
DwmGetColorizationColor
DwmGetCompositionTimingInfo
DwmGetGraphicsStreamClient
DwmGetGraphicsStreamTransformHint
DwmGetTransportAttributes
DwmGetUnmetTabRequirements
DwmGetWindowAttribute
DwmInvalidateIconicBitmaps
DwmIsCompositionEnabled
DwmModifyPreviousDxFrameDuration
DwmQueryThumbnailSourceSize
DwmRegisterThumbnail
DwmRenderGesture
DwmSetDxFrameDuration
DwmSetIconicLivePreviewBitmap
DwmSetIconicThumbnail
DwmSetPresentParameters
DwmSetWindowAttribute
DwmShowContact
DwmTetherContact
DwmTetherTextContact
DwmTransitionOwnedWindow
DwmUnregisterThumbnail
DwmUpdateThumbnailProperties
DwmpAllocateSecurityDescriptor
DwmpDxGetWindowSharedSurface
DwmpDxUpdateWindowSharedSurface
DwmpDxgiIsThreadDesktopComposited
DwmpEnableDDASupport
DwmpFreeSecurityDescriptor
DwmpGetColorizationParameters
DwmpRenderFlick
DwmpSetColorizationParameters
DwmpUpdateProxyWindowForCapture

Sections

.text
Size: 93KB - Virtual size: 92KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 28B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
gdi32.dll
.dll windows:10 windows x86 arch:x86

e55eb30d6427b62a1b73d4d0300e9681

Code Sign

33:00:00:02:32:41:fb:59:99:6d:cc:4d:ff:00:00:00:00:02:32
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

02/05/2019, 21:24

Not After

02/05/2020, 21:24

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

41:73:d0:94:47:34:40:f4:22:bc:7e:1f:15:30:03:59:cd:6e:b9:68:a8:9a:87:8e:00:e1:19:ec:c6:8b:c4:61
Signer

Actual PE Digest

41:73:d0:94:47:34:40:f4:22:bc:7e:1f:15:30:03:59:cd:6e:b9:68:a8:9a:87:8e:00:e1:19:ec:c6:8b:c4:61

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

gdi32.pdb

Imports

ntdll

toupper
memcpy
memmove
RtlDecodePointer
RtlInitUnicodeString
_wcsicmp
_wcsnicmp
wcsncpy_s
RtlUnsubscribeWnfStateChangeNotification
RtlFreeHeap
RtlSubscribeWnfStateChangeNotification
RtlAllocateHeap
RtlLeaveCriticalSection
RtlEnterCriticalSection
memset

api-ms-win-core-heap-l2-1-0

LocalFree
LocalAlloc

api-ms-win-core-libraryloader-l1-2-0

GetProcAddress
LoadLibraryExW
DisableThreadLibraryCalls
GetModuleFileNameA
GetModuleHandleA

api-ms-win-core-processthreads-l1-1-1

GetProcessMitigationPolicy

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcessId
TerminateProcess
GetCurrentThreadId
GetCurrentProcess

api-ms-win-core-synch-l1-2-0

Sleep
InitOnceExecuteOnce

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
UnhandledExceptionFilter

win32u

NtGdiEngPlgBlt
NtGdiEngStretchBlt
NtGdiEngStretchBltROP
NtGdiEngStrokeAndFillPath
NtGdiEngStrokePath
NtGdiEngTextOut
NtGdiEngTransparentBlt
NtGdiEngUnlockSurface
NtGdiFONTOBJ_cGetAllGlyphHandles
NtGdiFONTOBJ_cGetGlyphs
NtGdiFONTOBJ_pQueryGlyphAttrs
NtGdiFONTOBJ_pfdg
NtGdiFONTOBJ_pifi
NtGdiFONTOBJ_pvTrueTypeFontFile
NtGdiFONTOBJ_pxoGetXform
NtGdiFONTOBJ_vGetInfo
NtGdiFullscreenControl
NtGdiGetSpoolMessage
NtGdiInitSpool
NtGdiQueryFonts
NtGdiGetBitmapDpiScaleValue
NtGdiGetCOPPCompatibleOPMInformation
NtGdiGetCertificate
NtGdiEngMarkBandingSurface
NtGdiGetCertificateSize
NtGdiGetCertificateSizeByHandle
NtGdiGetCharWidthInfo
NtGdiGetFontUnicodeRanges
NtGdiGetNumberOfPhysicalMonitors
NtGdiGetOPMInformation
NtGdiGetOPMRandomNumber
NtGdiGetPhysicalMonitorDescription
NtGdiGetPhysicalMonitors
NtGdiGetStringBitmapW
NtGdiGetSuggestedOPMProtectedOutputArraySize
NtGdiGetTextCharsetInfo
NtGdiHT_Get8BPPFormatPalette
NtGdiHT_Get8BPPMaskPalette
NtGdiPATHOBJ_bEnum
NtGdiPATHOBJ_bEnumClipLines
NtGdiPATHOBJ_vEnumStart
NtGdiPATHOBJ_vEnumStartClipLines
NtGdiPATHOBJ_vGetBounds
NtGdiSTROBJ_bEnum
NtGdiSTROBJ_bEnumPositionsOnly
NtGdiSTROBJ_bGetAdvanceWidths
NtGdiSTROBJ_dwGetCodePage
NtGdiSTROBJ_vEnumStart
NtGdiScaleRgn
NtGdiScaleValues
NtGdiSetMagicColors
NtGdiSetOPMSigningKeyAndSequenceNumbers
NtGdiXFORMOBJ_bApplyXform
NtGdiXFORMOBJ_iGetXform
NtGdiXLATEOBJ_cGetPalette
NtGdiXLATEOBJ_hGetColorTransform
NtGdiXLATEOBJ_iXlate
NtGdiGetDeviceCapsAll
NtGdiGetDeviceCaps
NtGdiGetCurrentDpiInfo
NtGdiDdDDIOpenAdapterFromHdc
NtGdiDdDDICreateAllocation
NtGdiDdDDIOpenResource
NtGdiDdDDICreateSynchronizationObject
NtGdiDdDDIWaitForSynchronizationObject
NtGdiDdDDISignalSynchronizationObject
NtGdiDdDDINetDispStartMiracastDisplayDevice
NtGdiDdDDISetVidPnSourceOwner
NtDxgkPinResources
NtDxgkUnpinResources
NtGdiGetEntry
NtGdiDeleteObjectApp
NtGdiFlush
NtGdiEqualRgn
NtGdiExtCreateRegion
NtGdiCreateHalftonePalette
NtGdiPolyPolyDraw
NtGdiCreateRectRgn
NtGdiRectInRegion
NtGdiCombineRgn
NtGdiOffsetRgn
NtGdiGetRgnBox
NtGdiSetRectRgn
NtGdiGetRegionData
NtGdiEngPaint
NtGdiEngLockSurface
NtGdiEngLineTo
NtGdiEngGradientFill
NtGdiEngFillPath
NtGdiEngEraseSurface
NtGdiEngDeleteSurface
NtGdiEngDeletePath
NtGdiEngDeletePalette
NtGdiEngDeleteClip
NtGdiEngCreatePalette
NtGdiEngCreateDeviceSurface
NtGdiEngCreateDeviceBitmap
NtGdiEngCreateClip
NtGdiEngCreateBitmap
NtGdiEngCopyBits
NtGdiEngCheckAbort
NtGdiEngBitBlt
NtGdiEngAssociateSurface
NtGdiEngAlphaBlend
NtGdiEndGdiRendering
NtGdiEnableEudc
NtGdiDestroyPhysicalMonitor
NtGdiDestroyOPMProtectedOutput
NtGdiDdQueryVisRgnUniqueness
NtGdiDdNotifyFullscreenSpriteUpdate
NtGdiDdDestroyFullscreenSprite
NtGdiDdCreateFullscreenSprite
NtGdiDDCCISetVCPFeature
NtGdiDDCCISaveCurrentSettings
NtGdiDDCCIGetVCPFeature
NtGdiDDCCIGetTimingReport
NtGdiDDCCIGetCapabilitiesStringLength
NtGdiDDCCIGetCapabilitiesString
NtGdiCreateOPMProtectedOutputs
NtGdiCreateOPMProtectedOutput
NtGdiCreateBitmapFromDxSurface
NtGdiCreateBitmapFromDxSurface2
NtGdiConfigureOPMProtectedOutput
NtGdiCLIPOBJ_ppoGetPath
NtGdiCLIPOBJ_cEnumStart
NtGdiCLIPOBJ_bEnum
NtGdiBeginGdiRendering
NtGdiBRUSHOBJ_ulGetBrushColor
NtGdiBRUSHOBJ_pvGetRbrush
NtGdiBRUSHOBJ_pvAllocRbrush
NtGdiBRUSHOBJ_hGetColorTransform
NtGdiGetCertificateByHandle

api-ms-win-gdi-internal-uap-l1-1-0

ModerncoreGdiInit
DeleteColorSpace
GetRandomRgn
GdiSupportsFontChangeEvent
GdiDllInitialize
SetMetaRgn
plinkGet
vFreeUFIHashTable
IcmDeleteLocalDC
UnloadUserModePrinterDriver
DeleteEMFSpoolData
hdcCreateDCW
PtInRegion
DocumentEventEx
MF_DeleteObject
MF16_DeleteObject
FillRgn
CreateRoundRectRgn
SetPolyFillModeImpl
SelectObjectImpl
SelectClipRgnImpl
IntersectClipRectImpl
AbortDocImpl
IcmReleaseCachedColorSpace
vDeleteLOCALFONT

api-ms-win-eventing-provider-l1-1-0

EventWriteTransfer
EventProviderEnabled
EventUnregister
EventRegister
EventSetInformation

api-ms-win-core-synch-l1-1-0

ReleaseSRWLockExclusive
AcquireSRWLockExclusive

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

Exports

Exports

AbortDoc
AbortPath
AddFontMemResourceEx
AddFontResourceA
AddFontResourceExA
AddFontResourceExW
AddFontResourceTracking
AddFontResourceW
AngleArc
AnimatePalette
AnyLinkedFonts
Arc
ArcTo
BRUSHOBJ_hGetColorTransform
BRUSHOBJ_pvAllocRbrush
BRUSHOBJ_pvGetRbrush
BRUSHOBJ_ulGetBrushColor
BeginGdiRendering
BeginPath
BitBlt
CLIPOBJ_bEnum
CLIPOBJ_cEnumStart
CLIPOBJ_ppoGetPath
CancelDC
CheckColorsInGamut
ChoosePixelFormat
Chord
ClearBitmapAttributes
ClearBrushAttributes
CloseEnhMetaFile
CloseFigure
CloseMetaFile
ColorCorrectPalette
ColorMatchToTarget
CombineRgn
CombineTransform
ConfigureOPMProtectedOutput
CopyEnhMetaFileA
CopyEnhMetaFileW
CopyMetaFileA
CopyMetaFileW
CreateBitmap
CreateBitmapFromDxSurface
CreateBitmapFromDxSurface2
CreateBitmapIndirect
CreateBrushIndirect
CreateColorSpaceA
CreateColorSpaceW
CreateCompatibleBitmap
CreateCompatibleDC
CreateDCA
CreateDCExW
CreateDCW
CreateDIBPatternBrush
CreateDIBPatternBrushPt
CreateDIBSection
CreateDIBitmap
CreateDPIScaledDIBSection
CreateDiscardableBitmap
CreateEllipticRgn
CreateEllipticRgnIndirect
CreateEnhMetaFileA
CreateEnhMetaFileW
CreateFontA
CreateFontIndirectA
CreateFontIndirectExA
CreateFontIndirectExW
CreateFontIndirectW
CreateFontW
CreateHalftonePalette
CreateHatchBrush
CreateICA
CreateICW
CreateMetaFileA
CreateMetaFileW
CreateOPMProtectedOutput
CreateOPMProtectedOutputs
CreatePalette
CreatePatternBrush
CreatePen
CreatePenIndirect
CreatePolyPolygonRgn
CreatePolygonRgn
CreateRectRgn
CreateRectRgnIndirect
CreateRoundRectRgn
CreateScalableFontResourceA
CreateScalableFontResourceW
CreateScaledCompatibleBitmap
CreateSessionMappedDIBSection
CreateSolidBrush
D3DKMTAbandonSwapChain
D3DKMTAcquireKeyedMutex
D3DKMTAcquireKeyedMutex2
D3DKMTAcquireSwapChain
D3DKMTAddSurfaceToSwapChain
D3DKMTAdjustFullscreenGamma
D3DKMTCacheHybridQueryValue
D3DKMTChangeVideoMemoryReservation
D3DKMTCheckExclusiveOwnership
D3DKMTCheckMonitorPowerState
D3DKMTCheckMultiPlaneOverlaySupport
D3DKMTCheckMultiPlaneOverlaySupport2
D3DKMTCheckMultiPlaneOverlaySupport3
D3DKMTCheckOcclusion
D3DKMTCheckSharedResourceAccess
D3DKMTCheckVidPnExclusiveOwnership
D3DKMTCloseAdapter
D3DKMTConfigureSharedResource
D3DKMTCreateAllocation
D3DKMTCreateAllocation2
D3DKMTCreateBundleObject
D3DKMTCreateContext
D3DKMTCreateContextVirtual
D3DKMTCreateDCFromMemory
D3DKMTCreateDevice
D3DKMTCreateHwContext
D3DKMTCreateHwQueue
D3DKMTCreateKeyedMutex
D3DKMTCreateKeyedMutex2
D3DKMTCreateOutputDupl
D3DKMTCreateOverlay
D3DKMTCreatePagingQueue
D3DKMTCreateProtectedSession
D3DKMTCreateSwapChain
D3DKMTCreateSynchronizationObject
D3DKMTCreateSynchronizationObject2
D3DKMTCreateTrackedWorkload
D3DKMTDDisplayEnum
D3DKMTDestroyAllocation
D3DKMTDestroyAllocation2
D3DKMTDestroyContext
D3DKMTDestroyDCFromMemory
D3DKMTDestroyDevice
D3DKMTDestroyHwContext
D3DKMTDestroyHwQueue
D3DKMTDestroyKeyedMutex
D3DKMTDestroyOutputDupl
D3DKMTDestroyOverlay
D3DKMTDestroyPagingQueue
D3DKMTDestroyProtectedSession
D3DKMTDestroySynchronizationObject
D3DKMTDestroyTrackedWorkload
D3DKMTDispMgrCreate
D3DKMTDispMgrOperation
D3DKMTDispMgrSourceOperation
D3DKMTDispMgrTargetOperation
D3DKMTDisplayPortOperation
D3DKMTDuplicateHandle
D3DKMTEnumAdapters
D3DKMTEnumAdapters2
D3DKMTEnumAdapters3
D3DKMTEscape
D3DKMTEvict
D3DKMTExtractBundleObject
D3DKMTFlipOverlay
D3DKMTFlushHeapTransitions
D3DKMTFreeGpuVirtualAddress
D3DKMTGetAllocationPriority
D3DKMTGetAvailableTrackedWorkloadIndex
D3DKMTGetCachedHybridQueryValue
D3DKMTGetContextInProcessSchedulingPriority
D3DKMTGetContextSchedulingPriority
D3DKMTGetDWMVerticalBlankEvent
D3DKMTGetDeviceState
D3DKMTGetDisplayModeList
D3DKMTGetMemoryBudgetTarget
D3DKMTGetMultiPlaneOverlayCaps
D3DKMTGetMultisampleMethodList
D3DKMTGetOverlayState
D3DKMTGetPostCompositionCaps
D3DKMTGetPresentHistory
D3DKMTGetPresentQueueEvent
D3DKMTGetProcessDeviceRemovalSupport
D3DKMTGetProcessList
D3DKMTGetProcessSchedulingPriorityBand
D3DKMTGetProcessSchedulingPriorityClass
D3DKMTGetResourcePresentPrivateDriverData
D3DKMTGetRuntimeData
D3DKMTGetScanLine
D3DKMTGetSetSwapChainMetadata
D3DKMTGetSharedPrimaryHandle
D3DKMTGetSharedResourceAdapterLuid
D3DKMTGetTrackedWorkloadStatistics
D3DKMTGetYieldPercentage
D3DKMTInvalidateActiveVidPn
D3DKMTInvalidateCache
D3DKMTLock
D3DKMTLock2
D3DKMTMakeResident
D3DKMTMapGpuVirtualAddress
D3DKMTMarkDeviceAsError
D3DKMTNetDispGetNextChunkInfo
D3DKMTNetDispQueryMiracastDisplayDeviceStatus
D3DKMTNetDispQueryMiracastDisplayDeviceSupport
D3DKMTNetDispStartMiracastDisplayDevice
D3DKMTNetDispStartMiracastDisplayDevice2
D3DKMTNetDispStartMiracastDisplayDeviceEx
D3DKMTNetDispStopMiracastDisplayDevice
D3DKMTOfferAllocations
D3DKMTOpenAdapterFromDeviceName
D3DKMTOpenAdapterFromGdiDisplayName
D3DKMTOpenAdapterFromHdc
D3DKMTOpenAdapterFromLuid
D3DKMTOpenBundleObjectNtHandleFromName
D3DKMTOpenKeyedMutex
D3DKMTOpenKeyedMutex2
D3DKMTOpenKeyedMutexFromNtHandle
D3DKMTOpenNtHandleFromName
D3DKMTOpenProtectedSessionFromNtHandle
D3DKMTOpenResource
D3DKMTOpenResource2
D3DKMTOpenResourceFromNtHandle
D3DKMTOpenSwapChain
D3DKMTOpenSyncObjectFromNtHandle
D3DKMTOpenSyncObjectFromNtHandle2
D3DKMTOpenSyncObjectNtHandleFromName
D3DKMTOpenSynchronizationObject
D3DKMTOutputDuplGetFrameInfo
D3DKMTOutputDuplGetMetaData
D3DKMTOutputDuplGetPointerShapeData
D3DKMTOutputDuplPresent
D3DKMTOutputDuplPresentToHwQueue
D3DKMTOutputDuplReleaseFrame
D3DKMTPinDirectFlipResources
D3DKMTPinResources
D3DKMTPollDisplayChildren
D3DKMTPresent
D3DKMTPresentMultiPlaneOverlay
D3DKMTPresentMultiPlaneOverlay2
D3DKMTPresentMultiPlaneOverlay3
D3DKMTPresentRedirected
D3DKMTQueryAdapterInfo
D3DKMTQueryAllocationResidency
D3DKMTQueryClockCalibration
D3DKMTQueryFSEBlock
D3DKMTQueryProcessOfferInfo
D3DKMTQueryProtectedSessionInfoFromNtHandle
D3DKMTQueryProtectedSessionStatus
D3DKMTQueryRemoteVidPnSourceFromGdiDisplayName
D3DKMTQueryResourceInfo
D3DKMTQueryResourceInfoFromNtHandle
D3DKMTQueryStatistics
D3DKMTQueryVidPnExclusiveOwnership
D3DKMTQueryVideoMemoryInfo
D3DKMTReclaimAllocations
D3DKMTReclaimAllocations2
D3DKMTRegisterTrimNotification
D3DKMTRegisterVailProcess
D3DKMTReleaseKeyedMutex
D3DKMTReleaseKeyedMutex2
D3DKMTReleaseProcessVidPnSourceOwners
D3DKMTReleaseSwapChain
D3DKMTRemoveSurfaceFromSwapChain
D3DKMTRender
D3DKMTReserveGpuVirtualAddress
D3DKMTResetTrackedWorkloadStatistics
D3DKMTSetAllocationPriority
D3DKMTSetContextInProcessSchedulingPriority
D3DKMTSetContextSchedulingPriority
D3DKMTSetDisplayMode
D3DKMTSetDisplayPrivateDriverFormat
D3DKMTSetDodIndirectSwapchain
D3DKMTSetFSEBlock
D3DKMTSetGammaRamp
D3DKMTSetHwProtectionTeardownRecovery
D3DKMTSetMemoryBudgetTarget
D3DKMTSetMonitorColorSpaceTransform
D3DKMTSetProcessDeviceRemovalSupport
D3DKMTSetProcessSchedulingPriorityBand
D3DKMTSetProcessSchedulingPriorityClass
D3DKMTSetQueuedLimit
D3DKMTSetStablePowerState
D3DKMTSetStereoEnabled
D3DKMTSetSyncRefreshCountWaitTarget
D3DKMTSetVidPnSourceHwProtection
D3DKMTSetVidPnSourceOwner
D3DKMTSetVidPnSourceOwner1
D3DKMTSetVidPnSourceOwner2
D3DKMTSetYieldPercentage
D3DKMTShareObjects
D3DKMTSharedPrimaryLockNotification
D3DKMTSharedPrimaryUnLockNotification
D3DKMTSignalSynchronizationObject
D3DKMTSignalSynchronizationObject2
D3DKMTSignalSynchronizationObjectFromCpu
D3DKMTSignalSynchronizationObjectFromGpu
D3DKMTSignalSynchronizationObjectFromGpu2
D3DKMTSubmitCommand
D3DKMTSubmitCommandToHwQueue
D3DKMTSubmitPresentBltToHwQueue
D3DKMTSubmitPresentToHwQueue
D3DKMTSubmitSignalSyncObjectsToHwQueue
D3DKMTSubmitWaitForSyncObjectsToHwQueue
D3DKMTTrimProcessCommitment
D3DKMTUnOrderedPresentSwapChain
D3DKMTUnlock
D3DKMTUnlock2
D3DKMTUnpinDirectFlipResources
D3DKMTUnpinResources
D3DKMTUnregisterTrimNotification
D3DKMTUpdateAllocationProperty
D3DKMTUpdateGpuVirtualAddress
D3DKMTUpdateOverlay
D3DKMTUpdateTrackedWorkload
D3DKMTVailConnect
D3DKMTVailDisconnect
D3DKMTVailPromoteCompositionSurface
D3DKMTWaitForIdle
D3DKMTWaitForSynchronizationObject
D3DKMTWaitForSynchronizationObject2
D3DKMTWaitForSynchronizationObjectFromCpu
D3DKMTWaitForSynchronizationObjectFromGpu
D3DKMTWaitForVerticalBlankEvent
D3DKMTWaitForVerticalBlankEvent2
DDCCIGetCapabilitiesString
DDCCIGetCapabilitiesStringLength
DDCCIGetTimingReport
DDCCIGetVCPFeature
DDCCISaveCurrentSettings
DDCCISetVCPFeature
DPtoLP
DdCreateFullscreenSprite
DdDestroyFullscreenSprite
DdEntry0
DdEntry1
DdEntry10
DdEntry11
DdEntry12
DdEntry13
DdEntry14
DdEntry15
DdEntry16
DdEntry17
DdEntry18
DdEntry19
DdEntry2
DdEntry20
DdEntry21
DdEntry22
DdEntry23
DdEntry24
DdEntry25
DdEntry26
DdEntry27
DdEntry28
DdEntry29
DdEntry3
DdEntry30
DdEntry31
DdEntry32
DdEntry33
DdEntry34
DdEntry35
DdEntry36
DdEntry37
DdEntry38
DdEntry39
DdEntry4
DdEntry40
DdEntry41
DdEntry42
DdEntry43
DdEntry44
DdEntry45
DdEntry46
DdEntry47
DdEntry48
DdEntry49
DdEntry5
DdEntry50
DdEntry51
DdEntry52
DdEntry53
DdEntry54
DdEntry55
DdEntry56
DdEntry6
DdEntry7
DdEntry8
DdEntry9
DdNotifyFullscreenSpriteUpdate
DdQueryVisRgnUniqueness
DeleteColorSpace
DeleteDC
DeleteEnhMetaFile
DeleteMetaFile
DeleteObject
DescribePixelFormat
DestroyOPMProtectedOutput
DestroyPhysicalMonitorInternal
DeviceCapabilitiesExA
DeviceCapabilitiesExW
DrawEscape
DwmCreatedBitmapRemotingOutput
DxTrimNotificationListHead
Ellipse
EnableEUDC
EndDoc
EndFormPage
EndGdiRendering
EndPage
EndPath
EngAcquireSemaphore
EngAlphaBlend
EngAssociateSurface
EngBitBlt
EngCheckAbort
EngComputeGlyphSet
EngCopyBits
EngCreateBitmap
EngCreateClip
EngCreateDeviceBitmap
EngCreateDeviceSurface
EngCreatePalette
EngCreateSemaphore
EngDeleteClip
EngDeletePalette
EngDeletePath
EngDeleteSemaphore
EngDeleteSurface
EngEraseSurface
EngFillPath
EngFindResource
EngFreeModule
EngGetCurrentCodePage
EngGetDriverName
EngGetPrinterDataFileName
EngGradientFill
EngLineTo
EngLoadModule
EngLockSurface
EngMarkBandingSurface
EngMultiByteToUnicodeN
EngMultiByteToWideChar
EngPaint
EngPlgBlt
EngQueryEMFInfo
EngQueryLocalTime
EngReleaseSemaphore
EngStretchBlt
EngStretchBltROP
EngStrokeAndFillPath
EngStrokePath
EngTextOut
EngTransparentBlt
EngUnicodeToMultiByteN
EngUnlockSurface
EngWideCharToMultiByte
EnumEnhMetaFile
EnumFontFamiliesA
EnumFontFamiliesExA
EnumFontFamiliesExW
EnumFontFamiliesW
EnumFontsA
EnumFontsW
EnumICMProfilesA
EnumICMProfilesW
EnumMetaFile
EnumObjects
EqualRgn
Escape
EudcLoadLinkW
EudcUnloadLinkW
ExcludeClipRect
ExtCreatePen
ExtCreateRegion
ExtEscape
ExtFloodFill
ExtSelectClipRgn
ExtTextOutA
ExtTextOutW
FONTOBJ_cGetAllGlyphHandles
FONTOBJ_cGetGlyphs
FONTOBJ_pQueryGlyphAttrs
FONTOBJ_pfdg
FONTOBJ_pifi
FONTOBJ_pvTrueTypeFontFile
FONTOBJ_pxoGetXform
FONTOBJ_vGetInfo
FillPath
FillRgn
FixBrushOrgEx
FlattenPath
FloodFill
FontIsLinked
FrameRgn
Gdi32DllInitialize
GdiAddFontResourceW
GdiAddGlsBounds
GdiAddGlsRecord
GdiAddInitialFonts
GdiAlphaBlend
GdiArtificialDecrementDriver
GdiBatchLimit
GdiCleanCacheDC
GdiComment
GdiConsoleTextOut
GdiConvertAndCheckDC
GdiConvertBitmap

Sections

.text
Size: 103KB - Virtual size: 103KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 984B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
imm32.dll
.dll windows:10 windows x86 arch:x86

b0d324a140a4951c0d151e7ac5391d99

Code Sign

33:00:00:02:32:41:fb:59:99:6d:cc:4d:ff:00:00:00:00:02:32
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

02/05/2019, 21:24

Not After

02/05/2020, 21:24

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

e4:93:ce:df:d1:19:15:2b:f1:0a:67:41:f7:84:56:d5:ac:13:d1:a3:a7:e0:d5:44:01:7d:49:a1:f8:18:e1:4e
Signer

Actual PE Digest

e4:93:ce:df:d1:19:15:2b:f1:0a:67:41:f7:84:56:d5:ac:13:d1:a3:a7:e0:d5:44:01:7d:49:a1:f8:18:e1:4e

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

imm32.pdb

Imports

user32

GetKeyboardLayout
IsWindow
SendMessageW
WCSToMBEx
PostMessageA
PostMessageW
SendMessageA
GetWindowThreadProcessId
GetKeyboardLayoutList
GetClassInfoW
LoadKeyboardLayoutW
GetFocus
GetActiveWindow
User32InitializeImmEntryTable
CharUpperW
UnloadKeyboardLayout
ord2521
LoadBitmapW
SetWindowLongW
GetClientRect
GetDC
ReleaseDC
GetWindowLongW
GetWindow
DrawTextExW
GetSystemMetrics
GetWindowRect
SetCapture
MessageBeep
SetCursor
LoadCursorW
GetCursorPos
ScreenToClient
ReleaseCapture
SetWindowPos
keybd_event
BeginPaint
EndPaint
DefWindowProcW
InvalidateRect
DrawEdge
GetCapture
GetParent
GetClassInfoExW
LoadIconW
RegisterClassExW
SystemParametersInfoW
MonitorFromWindow
GetMonitorInfoW
MapVirtualKeyW
CreateWindowExW
ShowWindow
UpdateWindow
DestroyWindow
GetKeyboardState
ToUnicode
ToAsciiEx
ClientToScreen
MapWindowPoints
GetForegroundWindow
IsWindowUnicode
CharNextA
CharNextW
GetDesktopWindow
SendMessageTimeoutW

ntdll

RtlUnwind
memcpy
RtlCaptureContext
RtlIsThreadWithinLoaderCallout
RtlDllShutdownInProgress
RtlUnicodeToMultiByteSize
wcstol
RtlUnicodeStringToInteger
_wcsicmp
memcmp
RtlInitializeCriticalSection
RtlEnterCriticalSection
RtlLeaveCriticalSection
_vsnwprintf
NtQuerySystemInformation
memset
RtlSetLastWin32Error
RtlDeleteCriticalSection
RtlIntegerToUnicodeString

api-ms-win-core-heap-l1-1-0

HeapAlloc
HeapFree

api-ms-win-core-processthreads-l1-1-0

TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetCurrentProcessId
GetCurrentThreadId
CreateThread
TerminateProcess
GetCurrentProcess

api-ms-win-core-heap-l2-1-0

GlobalFree
GlobalAlloc
LocalUnlock
LocalLock
LocalReAlloc
LocalAlloc
LocalFree

api-ms-win-core-string-l1-1-0

WideCharToMultiByte
MultiByteToWideChar

api-ms-win-core-localization-l1-2-0

IsDBCSLeadByte
GetThreadLocale
GetACP
GetSystemDefaultLCID
GetLocaleInfoW
IsDBCSLeadByteEx

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleExW
LoadLibraryExW
GetModuleHandleW
FreeLibrary
GetProcAddress

api-ms-win-core-processthreads-l1-1-1

GetProcessMitigationPolicy

api-ms-win-core-registry-l1-1-0

RegSetValueExW
RegDeleteKeyExW
RegQueryValueExW
RegOpenKeyExW
RegCreateKeyExW
RegEnumKeyExW
RegCloseKey

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemTimeAsFileTime
GetSystemDirectoryW

api-ms-win-core-file-l1-1-0

GetFullPathNameW

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-errorhandling-l1-1-0

SetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetLastError

api-ms-win-core-memory-l1-1-0

UnmapViewOfFile
OpenFileMappingW
MapViewOfFile
CreateFileMappingW

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-security-base-l1-1-0

AllocateAndInitializeSid
CheckTokenMembership
FreeSid

api-ms-win-security-base-l1-2-0

CheckTokenMembershipEx

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-kernel32-legacy-l1-1-0

OpenFile

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpW
lstrlenA
lstrlenW

api-ms-win-core-heap-obsolete-l1-1-0

GlobalLock
GlobalSize
LocalSize
GlobalUnlock
LocalFlags

api-ms-win-core-privateprofile-l1-1-0

GetProfileIntW

api-ms-win-core-appcompat-l1-1-0

BaseCheckAppcompatCache

win32u

NtUserGetImeInfoEx
NtUserGetAppImeLevel
NtUserSetAppImeLevel
NtUserUpdateInputContext
NtUserDisableThreadIme
NtUserSetThreadLayoutHandles
NtUserSetImeInfoEx
NtUserGetImeHotKey
NtUserBuildHimcList
NtUserNotifyIMEStatus
NtUserQueryWindow
NtUserAssociateInputContext
NtUserQueryInputContext
NtUserGetThreadState
NtUserCallOneParam
NtUserCreateInputContext
NtUserDestroyInputContext

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

CtfImmAppCompatEnableIMEonProtectedCode
CtfImmCoUninitialize
CtfImmDispatchDefImeMessage
CtfImmEnterCoInitCountSkipMode
CtfImmGenerateMessage
CtfImmGetCompatibleKeyboardLayout
CtfImmGetGlobalIMEStatus
CtfImmGetGuidAtom
CtfImmGetIMEFileName
CtfImmGetTMAEFlags
CtfImmHideToolbarWnd
CtfImmIsCiceroEnabled
CtfImmIsCiceroStartedInThread
CtfImmIsComStartedInThread
CtfImmIsGuidMapEnable
CtfImmIsTextFrameServiceDisabled
CtfImmLastEnabledWndDestroy
CtfImmLeaveCoInitCountSkipMode
CtfImmNotify
CtfImmRestoreToolbarWnd
CtfImmSetAppCompatFlags
CtfImmSetCiceroStartInThread
CtfImmSetDefaultRemoteKeyboardLayout
CtfImmTIMActivate
GetKeyboardLayoutCP
ImmActivateLayout
ImmAssociateContext
ImmAssociateContextEx
ImmCallImeConsoleIME
ImmConfigureIMEA
ImmConfigureIMEW
ImmCreateContext
ImmCreateIMCC
ImmCreateSoftKeyboard
ImmDestroyContext
ImmDestroyIMCC
ImmDestroySoftKeyboard
ImmDisableIME
ImmDisableIme
ImmDisableLegacyIME
ImmDisableTextFrameService
ImmEnumInputContext
ImmEnumRegisterWordA
ImmEnumRegisterWordW
ImmEscapeA
ImmEscapeW
ImmFreeLayout
ImmGenerateMessage
ImmGetAppCompatFlags
ImmGetCandidateListA
ImmGetCandidateListCountA
ImmGetCandidateListCountW
ImmGetCandidateListW
ImmGetCandidateWindow
ImmGetCompositionFontA
ImmGetCompositionFontW
ImmGetCompositionStringA
ImmGetCompositionStringW
ImmGetCompositionWindow
ImmGetContext
ImmGetConversionListA
ImmGetConversionListW
ImmGetConversionStatus
ImmGetDefaultIMEWnd
ImmGetDescriptionA
ImmGetDescriptionW
ImmGetGuideLineA
ImmGetGuideLineW
ImmGetHotKey
ImmGetIMCCLockCount
ImmGetIMCCSize
ImmGetIMCLockCount
ImmGetIMEFileNameA
ImmGetIMEFileNameW
ImmGetImeInfoEx
ImmGetImeMenuItemsA
ImmGetImeMenuItemsW
ImmGetOpenStatus
ImmGetProperty
ImmGetRegisterWordStyleA
ImmGetRegisterWordStyleW
ImmGetStatusWindowPos
ImmGetVirtualKey
ImmIMPGetIMEA
ImmIMPGetIMEW
ImmIMPQueryIMEA
ImmIMPQueryIMEW
ImmIMPSetIMEA
ImmIMPSetIMEW
ImmInstallIMEA
ImmInstallIMEW
ImmIsIME
ImmIsUIMessageA
ImmIsUIMessageW
ImmLoadIME
ImmLoadLayout
ImmLockClientImc
ImmLockIMC
ImmLockIMCC
ImmLockImeDpi
ImmNotifyIME
ImmProcessKey
ImmPutImeMenuItemsIntoMappedFile
ImmReSizeIMCC
ImmRegisterClient
ImmRegisterWordA
ImmRegisterWordW
ImmReleaseContext
ImmRequestMessageA
ImmRequestMessageW
ImmSendIMEMessageExA
ImmSendIMEMessageExW
ImmSetActiveContext
ImmSetActiveContextConsoleIME
ImmSetCandidateWindow
ImmSetCompositionFontA
ImmSetCompositionFontW
ImmSetCompositionStringA
ImmSetCompositionStringW
ImmSetCompositionWindow
ImmSetConversionStatus
ImmSetHotKey
ImmSetOpenStatus
ImmSetStatusWindowPos
ImmShowSoftKeyboard
ImmSimulateHotKey
ImmSystemHandler
ImmTranslateMessage
ImmUnlockClientImc
ImmUnlockIMC
ImmUnlockIMCC
ImmUnlockImeDpi
ImmUnregisterWordA
ImmUnregisterWordW
ImmWINNLSEnableIME
ImmWINNLSGetEnableStatus
ImmWINNLSGetIMEHotkey

Sections

.text
Size: 101KB - Virtual size: 100KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 252B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
kernel32.dll
.dll windows:10 windows x64 arch:x64

ae2aff1212e7e94d362256016bc93328

Code Sign

33:00:00:02:5d:74:2a:12:5a:15:1b:70:74:00:00:00:00:02:5d
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

31/01/2020, 19:26

Not After

22/01/2021, 19:26

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

f4:90:22:96:2e:25:a9:c3:0a:fd:fc:f0:3e:3c:32:d2:2f:10:14:88:19:39:61:73:d6:78:98:b6:3a:cc:33:c8
Signer

Actual PE Digest

f4:90:22:96:2e:25:a9:c3:0a:fd:fc:f0:3e:3c:32:d2:2f:10:14:88:19:39:61:73:d6:78:98:b6:3a:cc:33:c8

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

kernel32.pdb

Imports

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlRaiseException
RtlVirtualUnwind
RtlRestoreContext
RtlLookupFunctionEntry
RtlInstallFunctionTableCallback
RtlCompareMemory
RtlDeleteFunctionTable
RtlAddFunctionTable
RtlPcToFileHeader
RtlUnwind
RtlCaptureStackBackTrace
RtlUnwindEx

ntdll

_wcslwr
RtlGetUILanguageInfo
EtwEventEnabled
RtlpConvertLCIDsToCultureNames
NtEnumerateKey
RtlIntegerToUnicodeString
RtlTimeToTimeFields
RtlTimeFieldsToTime
RtlUnhandledExceptionFilter
NtTerminateProcess
wcsncmp
wcsncpy
LdrFindResourceEx_U
RtlReadThreadProfilingData
RtlQueryThreadProfiling
RtlDisableThreadProfiling
RtlNtStatusToDosErrorNoTeb
RtlEnableThreadProfiling
NtMapUserPhysicalPagesScatter
RtlDecodeSystemPointer
bsearch
RtlComputeImportTableHash
RtlFindActivationContextSectionGuid
RtlQueryActivationContextApplicationSettings
RtlSubAuthorityCountSid
LdrResFindResourceDirectory
RtlQueryInformationActivationContext
RtlSetThreadPreferredUILanguages
TpQueryPoolStackInformation
TpAllocPool
TpSetPoolMinThreads
TpSetPoolStackInformation
TpAllocWait
NtDeleteValueKey
NtSetValueKey
towlower
RtlLCIDToCultureName
RtlSizeHeap
RtlpConvertCultureNamesToLCIDs
NtQueryInstallUILanguage
EtwEventUnregister
EtwEventWrite
EtwEventRegister
RtlExpandEnvironmentStrings_U
RtlPublishWnfStateData
NtQueryLicenseValue
_wtol
memmove_s
RtlUnicodeStringToInteger
RtlGUIDFromString
RtlMultiAppendUnicodeStringBuffer
swprintf_s
RtlImageNtHeaderEx
NtMapViewOfSection
NtCreateSection
RtlDosPathNameToNtPathName_U_WithStatus
RtlGetActiveActivationContext
RtlDeactivateActivationContext
RtlActivateActivationContext
RtlZombifyActivationContext
RtlReleaseActivationContext
RtlAddRefActivationContext
RtlCreateActivationContext
RtlGetLengthWithoutLastFullDosOrNtPathElement
RtlpApplyLengthFunction
RtlGetFullPathName_U
RtlDoesFileExists_U
RtlDetermineDosPathNameType_U
RtlpEnsureBufferSize
DbgPrintEx
NtUnmapViewOfSection
RtlQueryPackageClaims
tolower
atol
toupper
isdigit
NtQueryInformationThread
RtlEnterUmsSchedulingMode
RtlCreateUmsThreadContext
RtlDeleteUmsThreadContext
RtlSetUmsThreadInformation
sin
RtlGetNextUmsListItem
RtlGetCurrentUmsThread
RtlDeleteUmsCompletionList
RtlUmsThreadYield
RtlExecuteUmsThread
RtlGetUmsCompletionListEvent
RtlDequeueUmsCompletionListItems
RtlSetLastWin32ErrorAndNtStatusFromNtStatus
RtlCreateUmsCompletionList
RtlDestroyEnvironment
RtlCreateEnvironmentEx
RtlCreateEnvironment
NtQueryEvent
RtlCreateUnicodeString
NtRaiseHardError
RtlFreeAnsiString
RtlFreeOemString
RtlGetCurrentDirectory_U
wcsrchr
_wcsnicmp
RtlUnicodeStringToOemString
NtQueryVolumeInformationFile
CsrFreeCaptureBuffer
CsrAllocateMessagePointer
CsrAllocateCaptureBuffer
RtlEqualUnicodeString
RtlUnicodeStringToAnsiString
RtlExitUserThread
RtlAddIntegrityLabelToBoundaryDescriptor
RtlQueryProtectedPolicy
NtReplacePartitionUnit
RtlCompareUnicodeString
RtlExitUserProcess
RtlInitUnicodeStringEx
RtlQueryPackageIdentity
EtwEventWriteNoRegistration
RtlWow64LogMessageInEventLogger
LdrUnloadDll
LdrGetProcedureAddress
LdrLoadDll
RtlAppendUnicodeToString
RtlAppendUnicodeStringToString
RtlFormatCurrentUserKeyPath
NtQueryValueKey
RtlEqualSid
RtlSubAuthoritySid
RtlInitializeSid
NtQueryInformationToken
NtOpenProcessToken
NtSetInformationThread
NtOpenThreadToken
RtlReleaseSRWLockExclusive
RtlQueryRegistryValuesEx
NtOpenKey
RtlAcquireSRWLockExclusive
RtlAnsiStringToUnicodeString
RtlxAnsiStringToUnicodeSize
RtlInitAnsiStringEx
NtIsSystemResumeAutomatic
NtInitiatePowerAction
RtlIsNameLegalDOS8Dot3
RtlGetCurrentProcessorNumberEx
NtWaitForSingleObject
NtCreateEvent
RtlSetSearchPathMode
LdrGetDllDirectory
RtlUnlockHeap
RtlGetUserInfoHeap
RtlLockHeap
RtlDeregisterSecureMemoryCacheCallback
RtlRegisterSecureMemoryCacheCallback
RtlCompactHeap
NtFsControlFile
NtOpenFile
NtClose
LdrAddRefDll
NtQueryInformationFile
NtSetInformationFile
wcscpy_s
RtlGetActiveConsoleId
RtlDeactivateActivationContextUnsafeFast
RtlActivateActivationContextUnsafeFast
RtlNtStatusToDosError
RtlFreeUnicodeString
RtlWow64GetThreadSelectorEntry
NtSetInformationDebugObject
DbgUiGetThreadDebugObject
DbgUiIssueRemoteBreakin
NtSetSystemInformation
NtQueryInformationProcess
RtlSetCurrentTransaction
RtlGetCurrentTransaction
RtlSetLastWin32Error
CsrClientCallServer
LdrDisableThreadCalloutsForDll
RtlGetSuiteMask
TpAllocTimer
TpAllocIoCompletion
TpAllocWork
TpCallbackMayRunLong
TpAllocCleanupGroup
RtlQueryUmsThreadInformation
TpSimpleTryPost
CsrVerifyRegion
RtlCharToInteger
RtlInitAnsiString
RtlUpcaseUnicodeChar
RtlUnicodeToMultiByteSize
RtlDestroyAtomTable
NtFindAtom
NtQueryInformationAtom
RtlAddAtomToAtomTable
NtAddAtomEx
NtDeleteAtom
RtlCreateAtomTable
RtlDeleteAtomFromAtomTable
RtlLookupAtomInAtomTable
RtlQueryAtomInAtomTable
RtlDnsHostNameToComputerName
RtlPrefixString
NtFlushKey
_memicmp
RtlxUnicodeStringToAnsiSize
RtlEnterCriticalSection
wcschr
wcsstr
RtlLeaveCriticalSection
NtCreateKey
NtCreateFile
RtlCreateUnicodeStringFromAsciiz
wcsncpy_s
wcscspn
NtCreateJobSet
RtlReleasePrivilege
NtSetInformationJobObject
NtQueryInformationJobObject
NtCreateJobObject
RtlAcquirePrivilege
NtAssignProcessToJobObject
NtTerminateJobObject
NtOpenJobObject
RtlLengthSecurityDescriptor
NtSetEaFile
NtSetSecurityObject
NtQueryEaFile
NtQuerySecurityObject
LdrQueryImageFileKeyOption
LdrOpenImageFileOptionsKey
RtlQueryElevationFlags
NtSetInformationProcess
RtlRaiseStatus
NtQuerySection
NtFreeVirtualMemory
NtWriteFile
NtEnumerateValueKey
RtlEqualString
RtlUnicodeToMultiByteN
strncpy_s
NtUnlockFile
RtlDosPathNameToNtPathName_U
NtReadFile
NtLockFile
RtlCopyUnicodeString
CsrCaptureMessageString
RtlIsTextUnicode
NtAllocateVirtualMemory
RtlGetLongestNtPathLength
RtlPrefixUnicodeString
RtlMultiByteToUnicodeN
RtlMultiByteToUnicodeSize
RtlDosPathNameToRelativeNtPathName_U
RtlReleaseRelativeName
RtlSetIoCompletionCallback
RtlDeregisterWait
RtlRegisterWait
RtlImageDirectoryEntryToData
NtQueryVirtualMemory
RtlCreateBoundaryDescriptor
NtProtectVirtualMemory
RtlGetThreadErrorMode
NtCreateMailslotFile
RtlDestroyQueryDebugBuffer
RtlQueryProcessDebugInformation
RtlCreateQueryDebugBuffer
NtQueryDirectoryFile
strcpy_s
RtlFindActivationContextSectionString
LdrSetDllDirectory
LdrFindResource_U
RtlSwitchedVVI
NtQueryWnfStateData
NtPowerInformation
NtGetDevicePowerState
NtSetThreadExecutionState
NtSetSystemEnvironmentValueEx
NtQuerySystemEnvironmentValueEx
RtlInitString
NtSetVolumeInformationFile
NtDeviceIoControlFile
RtlIsValidHandle
RtlAllocateHandle
RtlReAllocateHeap
RtlFreeHandle
RtlSetUserValueHeap
RtlUnsubscribeWnfStateChangeNotification
RtlSubscribeWnfStateChangeNotification
RtlQueryWnfStateData
strchr
RtlSetEnvironmentStrings
RtlOemStringToUnicodeString
wcscat_s
RtlAllocateAndInitializeSid
RtlQueryEnvironmentVariable_U
NtQueryAttributesFile
RtlFreeSid
strrchr
NtQueryFullAttributesFile
TpCaptureCaller
RtlWow64EnableFsRedirection
_stricmp
NtSetTimerResolution
NtQueryTimerResolution
RtlGetAppContainerSidType
RtlConvertSidToUnicodeString
RtlSetEnvironmentVariable
RtlGetAppContainerParent
RtlQueryEnvironmentVariable
CsrCaptureMessageMultiUnicodeStringsInPlace
wcsnlen
strcat_s
strnlen
NlsMbCodePageTag
RtlRunOnceExecuteOnce
RtlInitializeCriticalSection
RtlGetThreadPreferredUILanguages
NtReadVirtualMemory
LdrResSearchResource
_strnicmp
strncmp
RtlTryAcquirePebLock
RtlReleasePebLock
RtlEncodeSystemPointer
RtlGetNtSystemRoot
NtWaitForMultipleObjects
NtClearEvent
RtlWerpReportException
DbgPrint
RtlGetDeviceFamilyInfoEnum
RtlHashUnicodeString
NtApphelpCacheControl
RtlGetFullPathName_UEx
ZwClose
ZwOpenFile
ZwOpenKey
ZwEnumerateKey
ZwQueryValueKey
ZwCreateFile
ZwQueryInformationFile
ZwCreateSection
ZwQueryDirectoryFile
RtlNtPathNameToDosPathName
RtlGetNativeSystemInformation
ZwQuerySystemInformation
ZwUnmapViewOfSection
ZwMapViewOfSection
VerSetConditionMask
RtlVerifyVersionInfo
RtlGetVersion
RtlGetCurrentServiceSessionId
LdrQueryImageFileExecutionOptions
RtlInitUnicodeString
_vsnwprintf
RtlSetProtectedPolicy
LdrSetDllManifestProber
RtlSetThreadPoolStartFunc
RtlImageNtHeader
NtQuerySystemInformation
RtlFreeHeap
RtlSetDaclSecurityDescriptor
RtlSetGroupSecurityDescriptor
RtlSetOwnerSecurityDescriptor
RtlCreateSecurityDescriptor
RtlAddAccessAllowedAce
RtlCreateAcl
RtlAllocateHeap
_wcsicmp
__C_specific_handler
memmove
RtlGetPersistedStateLocation
_local_unwind
cos
floor
memcmp
memcpy
memset
wcscmp

kernelbase

GetLocaleInfoHelper
BaseFormatObjectAttributes
GetVolumeNameForVolumeMountPointW
lstrcmpW
lstrcmpiW
GetRegistryExtensionFlags
KernelBaseGetGlobalData
GlobalFree
LoadStringBaseExW
GetUnicodeStringToEightBitStringRoutine
GetUnicodeStringToEightBitSizeRoutine
CompareStringA
GetNamedPipeAttribute
AppXPreCreationExtension
AppXPostSuccessExtension
AppXReleaseAppXContext
AreFileApisANSI
CreateProcessInternalA
CreateProcessInternalW
CreateProcessAsUserW
CreateProcessAsUserA
EnumLanguageGroupLocalesW
AppContainerLookupMoniker
EnumSystemLanguageGroupsW
EnumSystemLocalesEx
PackageIdFromFullName
GetPackageFullName
GetCurrentPackageFullName
ClosePackageInfo
AppXGetOSMaxVersionTested
GetPackageTargetPlatformProperty
GetTargetPlatformContext
OpenPackageInfoByFullNameForUser
AppContainerFreeMemory
BasepNotifyTrackingService
MoveFileWithProgressTransactedW
BasepAdjustObjectAttributesForPrivateNamespace
GetEightBitStringToUnicodeStringRoutine
GetStringTableEntry
CheckGroupPolicyEnabled
OpenRegKey
InternalLcidToName
NlsIsUserDefaultLocale
GetPtrCalDataArray
GetUserOverrideString
GetPtrCalData
Internal_EnumCalendarInfo
Internal_EnumLanguageGroupLocales
Internal_EnumSystemCodePages
Internal_EnumDateFormats
Internal_EnumUILanguages
Internal_EnumSystemLanguageGroups
NlsValidateLocale
Internal_EnumTimeFormats
GetNamedLocaleHashNode
GetUserOverrideWord
EnumUILanguagesW
GetCalendar
BaseDllFreeResourceId
BaseDllMapResourceIdW
CheckAllowDecryptedRemoteDestinationPolicy
PrivCopyFileExW
NotifyMountMgr
LCIDToLocaleName
GetUserDefaultLocaleName
GetSystemDefaultLocaleName
GetEraNameCountedString
FatalAppExitW
FatalAppExitA
lstrlenW
lstrlenA
lstrcpynW
lstrcpynA
Sleep
SetFileApisToOEM
SetFileApisToANSI
PulseEvent
MapViewOfFileExNuma
LocalUnlock
LocalReAlloc
LocalLock
LocalAlloc
HeapSummary
GlobalAlloc
GetUserDefaultUILanguage
GetSystemDefaultUILanguage
GetStringTypeA
GetProcAddressForCaller
BaseGetNamedObjectDirectory

api-ms-win-core-processthreads-l1-1-0

SetProcessShutdownParameters
SetPriorityClass
ResumeThread
QueueUserAPC
OpenThread
GetThreadPriorityBoost
GetThreadPriority
GetThreadId
SetThreadPriority
SetThreadPriorityBoost
SetThreadStackGuarantee
SuspendThread
SwitchToThread
TerminateProcess
TerminateThread
TlsAlloc
TlsFree
TlsSetValue
SetProcessAffinityUpdateMode
QueryProcessAffinityUpdateMode
GetStartupInfoW
GetProcessTimes
DeleteProcThreadAttributeList
UpdateProcThreadAttribute
InitializeProcThreadAttributeList
CreateRemoteThread
GetProcessId
GetProcessIdOfThread
GetPriorityClass
GetProcessVersion
GetExitCodeThread
CreateRemoteThreadEx
CreateProcessW
CreateProcessA
GetExitCodeProcess
OpenProcessToken
GetCurrentProcessId
GetCurrentProcess
ProcessIdToSessionId

api-ms-win-core-processthreads-l1-1-3

SetThreadIdealProcessor
SetProcessInformation
GetProcessInformation
GetProcessShutdownParameters

api-ms-win-core-processthreads-l1-1-2

GetThreadInformation
GetProcessPriorityBoost
GetThreadIOPendingFlag
SetProcessPriorityBoost
SetThreadInformation
GetSystemTimes

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent
SetThreadContext
GetThreadTimes
GetThreadIdealProcessorEx
GetThreadContext
GetProcessHandleCount
GetProcessMitigationPolicy
SetProcessMitigationPolicy
FlushInstructionCache
SetThreadIdealProcessorEx
OpenProcess

api-ms-win-core-registry-l1-1-0

RegDeleteValueA
RegSetValueExW
RegCreateKeyExA
RegSetValueExA
RegDeleteTreeW
RegCopyTreeW
RegSetKeySecurity
RegSaveKeyExW
RegCloseKey
RegLoadAppKeyW
RegRestoreKeyW
RegRestoreKeyA
RegGetValueW
RegQueryValueExW
RegUnLoadKeyW
RegOpenKeyExW
RegCreateKeyExW
RegDeleteKeyExA
RegUnLoadKeyA
RegDeleteKeyExW
RegDeleteValueW
RegQueryValueExA
RegQueryInfoKeyW
RegQueryInfoKeyA
RegOpenUserClassesRoot
RegSaveKeyExA
RegOpenKeyExA
RegOpenCurrentUser
RegNotifyChangeKeyValue
RegLoadMUIStringW
RegLoadMUIStringA
RegLoadKeyW
RegLoadKeyA
RegGetValueA
RegGetKeySecurity
RegDisablePredefinedCacheEx
RegEnumKeyExA
RegEnumKeyExW
RegFlushKey
RegEnumValueW
RegEnumValueA
RegDeleteTreeA

api-ms-win-core-heap-l1-1-0

HeapFree
HeapReAlloc
HeapAlloc
HeapWalk
HeapValidate
HeapUnlock
HeapSetInformation
HeapQueryInformation
HeapLock
GetProcessHeap
HeapDestroy
HeapCreate
HeapCompact
GetProcessHeaps

api-ms-win-core-heap-l2-1-0

LocalFree

api-ms-win-core-memory-l1-1-1

GetWriteWatch
ResetWriteWatch
SetSystemFileCacheSize
SetProcessWorkingSetSizeEx
QueryMemoryResourceNotification
VirtualLock
CreateFileMappingNumaW
GetSystemFileCacheSize
GetProcessWorkingSetSizeEx
GetLargePageMinimum
CreateMemoryResourceNotification
VirtualUnlock

api-ms-win-core-memory-l1-1-0

OpenFileMappingW
MapViewOfFileEx
MapViewOfFile
VirtualFreeEx
WriteProcessMemory
VirtualAlloc
ReadProcessMemory
VirtualQuery
VirtualProtectEx
VirtualProtect
VirtualFree
UnmapViewOfFile
FlushViewOfFile
VirtualAllocEx
VirtualQueryEx
CreateFileMappingW

api-ms-win-core-memory-l1-1-2

VirtualAllocExNuma
AllocateUserPhysicalPages
AllocateUserPhysicalPagesNuma
FreeUserPhysicalPages
MapUserPhysicalPages
RegisterBadMemoryNotification
UnregisterBadMemoryNotification
GetMemoryErrorHandlingCapabilities

api-ms-win-core-handle-l1-1-0

SetHandleInformation
CloseHandle
GetHandleInformation
DuplicateHandle

api-ms-win-core-synch-l1-1-0

SetEvent
ResetEvent
ReleaseSemaphore
ReleaseMutex
InitializeCriticalSection
DeleteCriticalSection
SetWaitableTimer
WaitForMultipleObjectsEx
WaitForSingleObject
WaitForSingleObjectEx
EnterCriticalSection
LeaveCriticalSection
SleepEx
OpenWaitableTimerW
OpenSemaphoreW
OpenMutexW
CancelWaitableTimer
CreateEventA
CreateEventExA
CreateEventExW
CreateEventW
CreateMutexA
CreateMutexExA
CreateMutexExW
CreateMutexW
CreateSemaphoreExW
OpenEventW
CreateWaitableTimerExW
InitializeCriticalSectionAndSpinCount
InitializeCriticalSectionEx
OpenEventA

api-ms-win-core-synch-l1-2-1

WaitForMultipleObjects
CreateSemaphoreW

api-ms-win-core-synch-l1-2-0

InitOnceExecuteOnce
DeleteSynchronizationBarrier
InitializeSynchronizationBarrier
EnterSynchronizationBarrier
SignalObjectAndWait

api-ms-win-core-file-l1-1-0

FindFirstChangeNotificationW
FindFirstFileA
FindFirstFileExA
FindFirstFileExW
WriteFileEx
FindFirstFileW
FindFirstVolumeW
FindNextChangeNotification
FindNextFileA
FindFirstChangeNotificationA
FindCloseChangeNotification
WriteFileGather
FindNextFileW
FindNextVolumeW
FindVolumeClose
FlushFileBuffers
GetDiskFreeSpaceA
GetDiskFreeSpaceExA
GetDiskFreeSpaceExW
GetDiskFreeSpaceW
GetDriveTypeA
GetDriveTypeW
GetFileAttributesA
GetFileAttributesExA
GetFileAttributesExW
GetFileAttributesW
FindClose
GetFileInformationByHandle
FileTimeToLocalFileTime
DeleteVolumeMountPointW
DeleteFileW
DeleteFileA
DefineDosDeviceW
CreateFileW
CreateFileA
WriteFile
CreateDirectoryW
CreateDirectoryA
CompareFileTime
GetFinalPathNameByHandleA
GetFinalPathNameByHandleW
GetFullPathNameA
GetFullPathNameW
GetLogicalDriveStringsW
UnlockFileEx
GetTempFileNameW
UnlockFile
SetFileValidData
SetFileTime
GetVolumeInformationByHandleW
GetVolumeInformationW
GetVolumePathNameW
SetFilePointerEx
LocalFileTimeToFileTime
LockFile
LockFileEx
QueryDosDeviceW
ReadFile
ReadFileEx
ReadFileScatter
GetFileSize
RemoveDirectoryA
RemoveDirectoryW
GetFileSizeEx
GetFileTime
GetFileType
SetEndOfFile
SetFileAttributesA
SetFilePointer
SetFileInformationByHandle
SetFileAttributesW

api-ms-win-core-file-l1-2-0

CreateFile2
GetVolumePathNamesForVolumeNameW
GetTempPathW

api-ms-win-core-file-l1-2-2

FindFirstStreamW
GetTempFileNameA
GetTempPathA
FindNextFileNameW
FindFirstFileNameW
GetVolumeInformationA

api-ms-win-core-file-l1-2-1

SetFileIoOverlappedRange
GetCompressedFileSizeA
GetCompressedFileSizeW

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-io-l1-1-0

DeviceIoControl
PostQueuedCompletionStatus
GetQueuedCompletionStatusEx
GetQueuedCompletionStatus
GetOverlappedResult
CreateIoCompletionPort
CancelIoEx

api-ms-win-core-io-l1-1-1

CancelIo
CancelSynchronousIo

api-ms-win-core-job-l1-1-0

IsProcessInJob

api-ms-win-core-threadpool-legacy-l1-1-0

CreateTimerQueueTimer
CreateTimerQueue
DeleteTimerQueueTimer
DeleteTimerQueueEx
UnregisterWaitEx
QueueUserWorkItem
ChangeTimerQueueTimer

api-ms-win-core-threadpool-private-l1-1-0

RegisterWaitForSingleObjectEx

api-ms-win-core-largeinteger-l1-1-0

MulDiv

api-ms-win-core-libraryloader-l1-2-2

EnumResourceNamesW

api-ms-win-core-libraryloader-l1-2-0

GetModuleFileNameA
FreeResource
FreeLibraryAndExitThread
GetModuleFileNameW
GetModuleHandleA
GetModuleHandleW
LoadLibraryExW
GetModuleHandleExA
GetModuleHandleExW
EnumResourceTypesExW
EnumResourceTypesExA
EnumResourceNamesExA
EnumResourceLanguagesExW
EnumResourceLanguagesExA
DisableThreadLibraryCalls
EnumResourceNamesExW
SizeofResource
LockResource
LoadResource
LoadLibraryExA
FindResourceExW
FreeLibrary
GetProcAddress
FindStringOrdinal

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW
FindResourceW
LoadLibraryA

api-ms-win-core-libraryloader-l2-1-0

LoadPackagedLibrary

api-ms-win-core-namedpipe-l1-2-2

CallNamedPipeW

api-ms-win-core-namedpipe-l1-1-0

TransactNamedPipe
PeekNamedPipe
WaitNamedPipeW
ConnectNamedPipe
CreateNamedPipeW
CreatePipe
DisconnectNamedPipe
GetNamedPipeClientComputerNameW
SetNamedPipeHandleState

api-ms-win-core-namedpipe-l1-2-1

GetNamedPipeHandleStateW

api-ms-win-core-datetime-l1-1-0

GetTimeFormatA
GetTimeFormatW
GetDateFormatW
GetDateFormatA

api-ms-win-core-datetime-l1-1-1

GetTimeFormatEx
GetDateFormatEx

api-ms-win-core-datetime-l1-1-2

GetDurationFormatEx

api-ms-win-core-sysinfo-l1-2-0

SetComputerNameExW
SetSystemTime
GetSystemFirmwareTable
EnumSystemFirmwareTables
GetSystemTimePreciseAsFileTime
GetNativeSystemInfo
GetProductInfo

api-ms-win-core-sysinfo-l1-1-0

GetVersionExW
GetWindowsDirectoryA
GetWindowsDirectoryW
GetSystemTimeAsFileTime
GlobalMemoryStatusEx
SetLocalTime
GetLogicalProcessorInformation
GetVersionExA
GetSystemTime
GetSystemInfo
GetLocalTime
GetComputerNameExW
GetLogicalProcessorInformationEx
GetTickCount
GetComputerNameExA
GetSystemTimeAdjustment
GetVersion

api-ms-win-core-sysinfo-l1-2-3

SetComputerNameExA
SetComputerNameA
SetComputerNameW

api-ms-win-core-sysinfo-l1-2-1

DnsHostnameToComputerNameExW
GetPhysicallyInstalledSystemMemory
SetComputerNameEx2W

api-ms-win-core-timezone-l1-1-0

FileTimeToSystemTime
GetTimeZoneInformation
GetTimeZoneInformationForYear
SystemTimeToFileTime
TzSpecificLocalTimeToSystemTime
GetDynamicTimeZoneInformation
SetDynamicTimeZoneInformation
SetTimeZoneInformation
SystemTimeToTzSpecificLocalTime

api-ms-win-core-localization-l1-2-0

FindNLSStringEx
IsValidLocaleName
LCMapStringEx
LocaleNameToLCID
ResolveLocaleName
SetCalendarInfoW
SetThreadLocale
IdnToUnicode
LCMapStringW
LCMapStringA
IsValidLocale
IsValidLanguageGroup
IsValidCodePage
ConvertDefaultLocale
IsNLSDefinedString
IsDBCSLeadByteEx
IsDBCSLeadByte
GetUserDefaultLCID
GetUserDefaultLangID
VerLanguageNameW
VerLanguageNameA
SetLocaleInfoW
IdnToAscii
GetUserPreferredUILanguages
GetUILanguageInfo
GetThreadUILanguage
SetProcessPreferredUILanguages
GetThreadPreferredUILanguages
GetSystemPreferredUILanguages
GetNLSVersionEx
GetLocaleInfoEx
GetFileMUIPath
GetFileMUIInfo
GetThreadLocale
GetSystemDefaultLCID
GetSystemDefaultLangID
GetProcessPreferredUILanguages
GetCalendarInfoEx
GetCalendarInfoW
EnumSystemLocalesA
EnumSystemLocalesW
FindNLSString
FormatMessageA
FormatMessageW
GetACP
GetCPInfo
GetCPInfoExW
GetNLSVersion
IsValidNLSVersion
SetThreadPreferredUILanguages
SetThreadUILanguage
GetLocaleInfoA
GetLocaleInfoW
GetOEMCP

api-ms-win-core-processsnapshot-l1-1-0

PssWalkMarkerFree
PssWalkMarkerSeekToBeginning
PssWalkMarkerSetPosition
PssWalkMarkerGetPosition
PssDuplicateSnapshot
PssWalkSnapshot
PssQuerySnapshot
PssFreeSnapshot
PssWalkMarkerCreate
PssCaptureSnapshot

api-ms-win-core-processenvironment-l1-1-0

GetEnvironmentVariableW
GetEnvironmentStrings
SetCurrentDirectoryA
ExpandEnvironmentStringsW
FreeEnvironmentStringsA
GetCommandLineW
FreeEnvironmentStringsW
GetCommandLineA
SearchPathW
SetCurrentDirectoryW
GetStdHandle
GetEnvironmentVariableA
SetEnvironmentStringsW
GetEnvironmentStringsW
GetCurrentDirectoryW
ExpandEnvironmentStringsA
GetCurrentDirectoryA
SetEnvironmentVariableA
SetEnvironmentVariableW
SetStdHandle
SetStdHandleEx

api-ms-win-core-processenvironment-l1-2-0

NeedCurrentDirectoryForExePathW
SearchPathA
NeedCurrentDirectoryForExePathA

api-ms-win-core-string-l1-1-0

CompareStringEx
WideCharToMultiByte
MultiByteToWideChar
GetStringTypeW
CompareStringW
GetStringTypeExW
CompareStringOrdinal
FoldStringW

api-ms-win-core-debug-l1-1-1

WaitForDebugEvent
CheckRemoteDebuggerPresent
ContinueDebugEvent
DebugActiveProcessStop
DebugActiveProcess

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
IsDebuggerPresent
OutputDebugStringA
DebugBreak

api-ms-win-core-errorhandling-l1-1-0

GetErrorMode
UnhandledExceptionFilter
RaiseException
SetErrorMode
SetUnhandledExceptionFilter
GetLastError
SetLastError

api-ms-win-core-errorhandling-l1-1-3

GetThreadErrorMode
SetThreadErrorMode

api-ms-win-core-fibers-l1-1-0

FlsGetValue
FlsAlloc
FlsSetValue
FlsFree

api-ms-win-core-util-l1-1-0

Beep

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter
QueryPerformanceFrequency

api-ms-win-security-base-l1-1-0

CreateWellKnownSid
GetTokenInformation
FreeSid
AllocateAndInitializeSid
EqualSid
DuplicateToken
AccessCheck

api-ms-win-security-base-l1-2-0

CheckTokenMembershipEx
CheckTokenCapability
SetCachedSigningLevel
GetAppContainerAce
AddScopedPolicyIDAce
AddResourceAttributeAce
GetCachedSigningLevel

api-ms-win-security-appcontainer-l1-1-0

GetAppContainerNamedObjectPath

api-ms-win-core-comm-l1-1-0

SetCommBreak
SetCommConfig
GetCommTimeouts
GetCommState
WaitCommEvent
GetCommModemStatus
GetCommMask
GetCommConfig
EscapeCommFunction
ClearCommError
GetCommProperties
TransmitCommChar
SetupComm
SetCommTimeouts
SetCommState
SetCommMask
PurgeComm
ClearCommBreak

api-ms-win-core-realtime-l1-1-0

QueryIdleProcessorCycleTimeEx
QueryIdleProcessorCycleTime
QueryProcessCycleTime
QueryThreadCycleTime
QueryUnbiasedInterruptTime

api-ms-win-core-wow64-l1-1-1

GetSystemWow64DirectoryA
GetSystemWow64Directory2W
IsWow64Process2
GetSystemWow64DirectoryW

api-ms-win-core-wow64-l1-1-0

Wow64DisableWow64FsRedirection
IsWow64Process
Wow64RevertWow64FsRedirection

api-ms-win-core-wow64-l1-1-3

Wow64GetThreadContext
Wow64SetThreadContext
Wow64SuspendThread

api-ms-win-core-systemtopology-l1-1-1

GetNumaProximityNodeEx

api-ms-win-core-systemtopology-l1-1-0

GetNumaNodeProcessorMaskEx
GetNumaHighestNodeNumber

api-ms-win-core-processtopology-l1-1-0

GetProcessGroupAffinity
GetThreadGroupAffinity
SetThreadGroupAffinity

api-ms-win-core-namespace-l1-1-0

ClosePrivateNamespace
DeleteBoundaryDescriptor
OpenPrivateNamespaceW
CreatePrivateNamespaceW
CreateBoundaryDescriptorW
AddSIDToBoundaryDescriptor

api-ms-win-core-file-l2-1-2

CopyFileW
CreateHardLinkA

api-ms-win-core-file-l2-1-0

CopyFileExW
CopyFile2
ReadDirectoryChangesW
ReOpenFile
CreateSymbolicLinkW
CreateHardLinkW
GetFileInformationByHandleEx
CreateDirectoryExW
MoveFileWithProgressW
MoveFileExW
ReplaceFileW

api-ms-win-core-file-l2-1-3

ReadDirectoryChangesExW

api-ms-win-core-file-l2-1-1

OpenFileById

api-ms-win-core-xstate-l2-1-0

LocateXStateFeature
SetXStateFeaturesMask
GetXStateFeaturesMask
InitializeContext
GetEnabledXStateFeatures
CopyContext

api-ms-win-core-xstate-l2-1-1

InitializeContext2

api-ms-win-core-localization-l2-1-0

EnumTimeFormatsEx
GetCurrencyFormatEx
GetNumberFormatEx
EnumCalendarInfoW
EnumDateFormatsExEx
EnumCalendarInfoExEx
EnumTimeFormatsW
EnumSystemCodePagesW
EnumCalendarInfoExW
EnumDateFormatsW
EnumDateFormatsExW

api-ms-win-core-normalization-l1-1-0

VerifyScripts
NormalizeString
IdnToNameprepUnicode
GetStringScripts
IsNormalizedString

api-ms-win-core-fibers-l2-1-0

CreateFiber
SwitchToFiber
DeleteFiber
ConvertThreadToFiber
ConvertFiberToThread

api-ms-win-core-fibers-l2-1-1

ConvertThreadToFiberEx
CreateFiberEx

api-ms-win-core-localization-private-l1-1-0

NlsCheckPolicy
NlsUpdateSystemLocale
NlsGetCacheUpdateCount
NlsUpdateLocale

api-ms-win-core-sidebyside-l1-1-0

QueryActCtxSettingsW
QueryActCtxW
GetCurrentActCtx
FindActCtxSectionStringW
FindActCtxSectionGuid
DeactivateActCtx
CreateActCtxW
ZombifyActCtx
AddRefActCtx
ActivateActCtx
ReleaseActCtx

api-ms-win-core-appcompat-l1-1-0

BaseUpdateAppcompatCache
BaseFlushAppcompatCache
BaseDumpAppcompatCache
BaseInitAppcompatCacheSupport
BaseCleanupAppcompatCacheSupport
BaseCheckAppcompatCacheEx
BaseCheckAppcompatCache

api-ms-win-core-windowserrorreporting-l1-1-0

WerUnregisterMemoryBlock
WerRegisterMemoryBlock
GetApplicationRestartSettings
WerRegisterFile
WerUnregisterFile
WerRegisterRuntimeExceptionModule
WerUnregisterRuntimeExceptionModule
GetApplicationRecoveryCallback

api-ms-win-core-windowserrorreporting-l1-1-3

RegisterApplicationRestart
UnregisterApplicationRestart

api-ms-win-core-windowserrorreporting-l1-1-1

WerUnregisterExcludedMemoryBlock
WerRegisterAdditionalProcess
WerUnregisterCustomMetadata
WerRegisterCustomMetadata
WerRegisterExcludedMemoryBlock
WerUnregisterAdditionalProcess

api-ms-win-core-windowserrorreporting-l1-1-2

WerRegisterAppLocalDump
WerUnregisterAppLocalDump

api-ms-win-core-console-l1-1-0

AllocConsole
GetConsoleCP
GetConsoleMode
GetConsoleOutputCP
GetNumberOfConsoleInputEvents
ReadConsoleA
ReadConsoleInputA
ReadConsoleInputW
ReadConsoleW
SetConsoleCtrlHandler
SetConsoleMode
WriteConsoleA
WriteConsoleW

api-ms-win-core-console-l1-2-0

FreeConsole
PeekConsoleInputA
PeekConsoleInputW
AttachConsole

api-ms-win-core-console-l1-2-1

CreatePseudoConsole
ClosePseudoConsole
ResizePseudoConsole

api-ms-win-core-console-l2-1-0

SetConsoleWindowInfo
FlushConsoleInputBuffer
GetConsoleScreenBufferInfo
GetConsoleScreenBufferInfoEx
FillConsoleOutputCharacterW
GenerateConsoleCtrlEvent
GetConsoleCursorInfo
SetConsoleScreenBufferSize
SetConsoleScreenBufferInfoEx
GetLargestConsoleWindowSize
ReadConsoleOutputA
CreateConsoleScreenBuffer
FillConsoleOutputAttribute
ReadConsoleOutputCharacterA
SetConsoleTextAttribute
ReadConsoleOutputAttribute
ReadConsoleOutputCharacterW
ReadConsoleOutputW
ScrollConsoleScreenBufferA
ScrollConsoleScreenBufferW
SetConsoleActiveScreenBuffer
SetConsoleCP
SetConsoleCursorInfo
SetConsoleCursorPosition
WriteConsoleInputA
WriteConsoleInputW
WriteConsoleOutputA
WriteConsoleOutputAttribute
WriteConsoleOutputCharacterA
FillConsoleOutputCharacterA
WriteConsoleOutputCharacterW
WriteConsoleOutputW
SetConsoleOutputCP

api-ms-win-core-console-l2-2-0

GetConsoleTitleA
GetConsoleOriginalTitleW
SetConsoleTitleA
SetConsoleTitleW
GetConsoleOriginalTitleA
GetConsoleTitleW

api-ms-win-core-console-l3-2-0

GetConsoleAliasExesA
GetConsoleAliasExesLengthW
GetConsoleAliasA
ExpungeConsoleCommandHistoryW
GetConsoleAliasExesW
ExpungeConsoleCommandHistoryA
AddConsoleAliasW
AddConsoleAliasA
GetConsoleAliasExesLengthA
GetConsoleAliasW
SetCurrentConsoleFontEx
SetConsoleNumberOfCommandsW
SetConsoleNumberOfCommandsA
SetConsoleHistoryInfo
SetConsoleDisplayMode
GetNumberOfConsoleMouseButtons
GetCurrentConsoleFontEx
GetCurrentConsoleFont
GetConsoleWindow
GetConsoleSelectionInfo
GetConsoleProcessList
GetConsoleHistoryInfo
GetConsoleFontSize
GetConsoleDisplayMode
GetConsoleCommandHistoryW
GetConsoleCommandHistoryLengthW
GetConsoleCommandHistoryLengthA
GetConsoleCommandHistoryA
GetConsoleAliasesW
GetConsoleAliasesLengthW
GetConsoleAliasesLengthA
GetConsoleAliasesA

api-ms-win-core-psapi-l1-1-0

K32GetModuleBaseNameW
K32EnumProcessModulesEx
K32EnumPageFilesW
K32GetPerformanceInfo
K32EnumProcesses
K32GetProcessMemoryInfo
K32GetModuleFileNameExW
K32EnumProcessModules
K32GetProcessImageFileNameW
K32GetModuleInformation
K32GetDeviceDriverFileNameW
K32GetDeviceDriverBaseNameW
K32EnumDeviceDrivers
K32GetMappedFileNameW
K32GetWsChangesEx
QueryFullProcessImageNameW
K32EmptyWorkingSet
K32QueryWorkingSet
K32GetWsChanges
K32InitializeProcessForWsWatch
K32QueryWorkingSetEx

api-ms-win-core-psapi-ansi-l1-1-0

K32EnumPageFilesA
K32GetDeviceDriverFileNameA
K32GetDeviceDriverBaseNameA
K32GetMappedFileNameA
K32GetModuleFileNameExA
K32GetProcessImageFileNameA
QueryFullProcessImageNameA
K32GetModuleBaseNameA

api-ms-win-eventing-provider-l1-1-0

EventRegister
EventWriteTransfer
EventSetInformation
EventUnregister

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-appcompat-l1-1-1

BaseReadAppCompatDataForProcess
BaseFreeAppCompatDataForProcess

Exports

Exports

AcquireSRWLockExclusive
AcquireSRWLockShared
ActivateActCtx
ActivateActCtxWorker
AddAtomA
AddAtomW
AddConsoleAliasA
AddConsoleAliasW
AddDllDirectory
AddIntegrityLabelToBoundaryDescriptor
AddLocalAlternateComputerNameA
AddLocalAlternateComputerNameW
AddRefActCtx
AddRefActCtxWorker
AddResourceAttributeAce
AddSIDToBoundaryDescriptor
AddScopedPolicyIDAce
AddSecureMemoryCacheCallback
AddVectoredContinueHandler
AddVectoredExceptionHandler
AdjustCalendarDate
AllocConsole
AllocateUserPhysicalPages
AllocateUserPhysicalPagesNuma
AppPolicyGetClrCompat
AppPolicyGetCreateFileAccess
AppPolicyGetLifecycleManagement
AppPolicyGetMediaFoundationCodecLoading
AppPolicyGetProcessTerminationMethod
AppPolicyGetShowDeveloperDiagnostic
AppPolicyGetThreadInitializationType
AppPolicyGetWindowingModel
AppXGetOSMaxVersionTested
ApplicationRecoveryFinished
ApplicationRecoveryInProgress
AreFileApisANSI
AssignProcessToJobObject
AttachConsole
BackupRead
BackupSeek
BackupWrite
BaseCheckAppcompatCache
BaseCheckAppcompatCacheEx
BaseCheckAppcompatCacheExWorker
BaseCheckAppcompatCacheWorker
BaseCheckElevation
BaseCleanupAppcompatCacheSupport
BaseCleanupAppcompatCacheSupportWorker
BaseDestroyVDMEnvironment
BaseDllReadWriteIniFile
BaseDumpAppcompatCache
BaseDumpAppcompatCacheWorker
BaseElevationPostProcessing
BaseFlushAppcompatCache
BaseFlushAppcompatCacheWorker
BaseFormatObjectAttributes
BaseFormatTimeOut
BaseFreeAppCompatDataForProcessWorker
BaseGenerateAppCompatData
BaseGetNamedObjectDirectory
BaseInitAppcompatCacheSupport
BaseInitAppcompatCacheSupportWorker
BaseIsAppcompatInfrastructureDisabled
BaseIsAppcompatInfrastructureDisabledWorker
BaseIsDosApplication
BaseQueryModuleData
BaseReadAppCompatDataForProcessWorker
BaseSetLastNTError
BaseThreadInitThunk
BaseUpdateAppcompatCache
BaseUpdateAppcompatCacheWorker
BaseUpdateVDMEntry
BaseVerifyUnicodeString
BaseWriteErrorElevationRequiredEvent
Basep8BitStringToDynamicUnicodeString
BasepAllocateActivationContextActivationBlock
BasepAnsiStringToDynamicUnicodeString
BasepAppContainerEnvironmentExtension
BasepAppXExtension
BasepCheckAppCompat
BasepCheckWebBladeHashes
BasepCheckWinSaferRestrictions
BasepConstructSxsCreateProcessMessage
BasepCopyEncryption
BasepFinishPackageActivationForSxS
BasepFreeActivationContextActivationBlock
BasepFreeAppCompatData
BasepGetAppCompatData
BasepGetComputerNameFromNtPath
BasepGetExeArchType
BasepGetPackageActivationTokenForSxS
BasepInitAppCompatData
BasepIsProcessAllowed
BasepMapModuleHandle
BasepNotifyLoadStringResource
BasepPostSuccessAppXExtension
BasepProcessInvalidImage
BasepQueryAppCompat
BasepQueryModuleChpeSettings
BasepReleaseAppXContext
BasepReleaseSxsCreateProcessUtilityStruct
BasepReportFault
BasepSetFileEncryptionCompression
Beep
BeginUpdateResourceA
BeginUpdateResourceW
BindIoCompletionCallback
BuildCommDCBA
BuildCommDCBAndTimeoutsA
BuildCommDCBAndTimeoutsW
BuildCommDCBW
CallNamedPipeA
CallNamedPipeW
CallbackMayRunLong
CancelDeviceWakeupRequest
CancelIo
CancelIoEx
CancelSynchronousIo
CancelThreadpoolIo
CancelTimerQueueTimer
CancelWaitableTimer
CeipIsOptedIn
ChangeTimerQueueTimer
CheckAllowDecryptedRemoteDestinationPolicy
CheckElevation
CheckElevationEnabled
CheckForReadOnlyResource
CheckForReadOnlyResourceFilter
CheckNameLegalDOS8Dot3A
CheckNameLegalDOS8Dot3W
CheckRemoteDebuggerPresent
CheckTokenCapability
CheckTokenMembershipEx
ClearCommBreak
ClearCommError
CloseConsoleHandle
CloseHandle
ClosePackageInfo
ClosePrivateNamespace
CloseProfileUserMapping
ClosePseudoConsole
CloseState
CloseThreadpool
CloseThreadpoolCleanupGroup
CloseThreadpoolCleanupGroupMembers
CloseThreadpoolIo
CloseThreadpoolTimer
CloseThreadpoolWait
CloseThreadpoolWork
CmdBatNotification
CommConfigDialogA
CommConfigDialogW
CompareCalendarDates
CompareFileTime
CompareStringA
CompareStringEx
CompareStringOrdinal
CompareStringW
ConnectNamedPipe
ConsoleMenuControl
ContinueDebugEvent
ConvertCalDateTimeToSystemTime
ConvertDefaultLocale
ConvertFiberToThread
ConvertNLSDayOfWeekToWin32DayOfWeek
ConvertSystemTimeToCalDateTime
ConvertThreadToFiber
ConvertThreadToFiberEx
CopyContext
CopyFile2
CopyFileA
CopyFileExA
CopyFileExW
CopyFileTransactedA
CopyFileTransactedW
CopyFileW
CopyLZFile
CreateActCtxA
CreateActCtxW
CreateActCtxWWorker
CreateBoundaryDescriptorA
CreateBoundaryDescriptorW
CreateConsoleScreenBuffer
CreateDirectoryA
CreateDirectoryExA
CreateDirectoryExW
CreateDirectoryTransactedA
CreateDirectoryTransactedW
CreateDirectoryW
CreateEnclave
CreateEventA
CreateEventExA
CreateEventExW
CreateEventW
CreateFiber
CreateFiberEx
CreateFile2
CreateFileA
CreateFileMappingA
CreateFileMappingFromApp
CreateFileMappingNumaA
CreateFileMappingNumaW
CreateFileMappingW
CreateFileTransactedA
CreateFileTransactedW
CreateFileW
CreateHardLinkA
CreateHardLinkTransactedA
CreateHardLinkTransactedW
CreateHardLinkW
CreateIoCompletionPort
CreateJobObjectA
CreateJobObjectW
CreateJobSet
CreateMailslotA
CreateMailslotW
CreateMemoryResourceNotification
CreateMutexA
CreateMutexExA
CreateMutexExW
CreateMutexW
CreateNamedPipeA
CreateNamedPipeW
CreatePipe
CreatePrivateNamespaceA
CreatePrivateNamespaceW
CreateProcessA
CreateProcessAsUserA
CreateProcessAsUserW
CreateProcessInternalA
CreateProcessInternalW
CreateProcessW
CreatePseudoConsole
CreateRemoteThread
CreateRemoteThreadEx
CreateSemaphoreA
CreateSemaphoreExA
CreateSemaphoreExW
CreateSemaphoreW
CreateSymbolicLinkA
CreateSymbolicLinkTransactedA
CreateSymbolicLinkTransactedW
CreateSymbolicLinkW
CreateTapePartition
CreateThread
CreateThreadpool
CreateThreadpoolCleanupGroup
CreateThreadpoolIo
CreateThreadpoolTimer
CreateThreadpoolWait
CreateThreadpoolWork
CreateTimerQueue
CreateTimerQueueTimer
CreateToolhelp32Snapshot
CreateUmsCompletionList
CreateUmsThreadContext
CreateWaitableTimerA
CreateWaitableTimerExA
CreateWaitableTimerExW
CreateWaitableTimerW
CtrlRoutine
DeactivateActCtx
DeactivateActCtxWorker
DebugActiveProcess
DebugActiveProcessStop
DebugBreak
DebugBreakProcess
DebugSetProcessKillOnExit
DecodePointer
DecodeSystemPointer
DefineDosDeviceA
DefineDosDeviceW
DelayLoadFailureHook
DeleteAtom
DeleteBoundaryDescriptor
DeleteCriticalSection
DeleteFiber
DeleteFileA
DeleteFileTransactedA
DeleteFileTransactedW
DeleteFileW
DeleteProcThreadAttributeList
DeleteSynchronizationBarrier
DeleteTimerQueue
DeleteTimerQueueEx
DeleteTimerQueueTimer
DeleteUmsCompletionList
DeleteUmsThreadContext
DeleteVolumeMountPointA
DeleteVolumeMountPointW
DequeueUmsCompletionListItems
DeviceIoControl
DisableThreadLibraryCalls
DisableThreadProfiling
DisassociateCurrentThreadFromCallback
DiscardVirtualMemory
DisconnectNamedPipe
DnsHostnameToComputerNameA
DnsHostnameToComputerNameExW
DnsHostnameToComputerNameW
DosDateTimeToFileTime
DosPathToSessionPathA
DosPathToSessionPathW
DuplicateConsoleHandle
DuplicateEncryptionInfoFileExt
DuplicateHandle
EnableThreadProfiling
EncodePointer
EncodeSystemPointer
EndUpdateResourceA
EndUpdateResourceW
EnterCriticalSection
EnterSynchronizationBarrier
EnterUmsSchedulingMode
EnumCalendarInfoA
EnumCalendarInfoExA
EnumCalendarInfoExEx
EnumCalendarInfoExW
EnumCalendarInfoW
EnumDateFormatsA
EnumDateFormatsExA
EnumDateFormatsExEx
EnumDateFormatsExW
EnumDateFormatsW
EnumLanguageGroupLocalesA
EnumLanguageGroupLocalesW
EnumResourceLanguagesA
EnumResourceLanguagesExA
EnumResourceLanguagesExW
EnumResourceLanguagesW
EnumResourceNamesA
EnumResourceNamesExA
EnumResourceNamesExW
EnumResourceNamesW
EnumResourceTypesA
EnumResourceTypesExA
EnumResourceTypesExW
EnumResourceTypesW
EnumSystemCodePagesA
EnumSystemCodePagesW
EnumSystemFirmwareTables
EnumSystemGeoID
EnumSystemGeoNames
EnumSystemLanguageGroupsA
EnumSystemLanguageGroupsW
EnumSystemLocalesA
EnumSystemLocalesEx
EnumSystemLocalesW
EnumTimeFormatsA
EnumTimeFormatsEx
EnumTimeFormatsW
EnumUILanguagesA
EnumUILanguagesW
EnumerateLocalComputerNamesA
EnumerateLocalComputerNamesW
EraseTape
EscapeCommFunction
ExecuteUmsThread
ExitProcess
ExitThread
ExitVDM
ExpandEnvironmentStringsA
ExpandEnvironmentStringsW
ExpungeConsoleCommandHistoryA
ExpungeConsoleCommandHistoryW
FatalAppExitA
FatalAppExitW
FatalExit
FileTimeToDosDateTime
FileTimeToLocalFileTime
FileTimeToSystemTime
FillConsoleOutputAttribute
FillConsoleOutputCharacterA
FillConsoleOutputCharacterW
FindActCtxSectionGuid
FindActCtxSectionGuidWorker
FindActCtxSectionStringA
FindActCtxSectionStringW
FindActCtxSectionStringWWorker
FindAtomA
FindAtomW
FindClose
FindCloseChangeNotification
FindFirstChangeNotificationA
FindFirstChangeNotificationW
FindFirstFileA
FindFirstFileExA
FindFirstFileExW
FindFirstFileNameTransactedW
FindFirstFileNameW
FindFirstFileTransactedA
FindFirstFileTransactedW
FindFirstFileW
FindFirstStreamTransactedW
FindFirstStreamW
FindFirstVolumeA
FindFirstVolumeMountPointA
FindFirstVolumeMountPointW
FindFirstVolumeW
FindNLSString
FindNLSStringEx
FindNextChangeNotification
FindNextFileA
FindNextFileNameW
FindNextFileW
FindNextStreamW
FindNextVolumeA
FindNextVolumeMountPointA
FindNextVolumeMountPointW
FindNextVolumeW
FindPackagesByPackageFamily
FindResourceA
FindResourceExA
FindResourceExW
FindResourceW
FindStringOrdinal
FindVolumeClose
FindVolumeMountPointClose
FlsAlloc
FlsFree
FlsGetValue
FlsSetValue
FlushConsoleInputBuffer
FlushFileBuffers
FlushInstructionCache
FlushProcessWriteBuffers
FlushViewOfFile
FoldStringA
FoldStringW
FormatApplicationUserModelId
FormatMessageA
FormatMessageW
FreeConsole
FreeEnvironmentStringsA
FreeEnvironmentStringsW
FreeLibrary
FreeLibraryAndExitThread
FreeLibraryWhenCallbackReturns
FreeMemoryJobObject
FreeResource
FreeUserPhysicalPages
GenerateConsoleCtrlEvent
GetACP
GetActiveProcessorCount
GetActiveProcessorGroupCount
GetAppContainerAce
GetAppContainerNamedObjectPath
GetApplicationRecoveryCallback
GetApplicationRecoveryCallbackWorker
GetApplicationRestartSettings
GetApplicationRestartSettingsWorker
GetApplicationUserModelId
GetAtomNameA
GetAtomNameW
GetBinaryType
GetBinaryTypeA
GetBinaryTypeW
GetCPInfo
GetCPInfoExA
GetCPInfoExW
GetCachedSigningLevel
GetCalendarDateFormat
GetCalendarDateFormatEx
GetCalendarDaysInMonth
GetCalendarDifferenceInDays
GetCalendarInfoA
GetCalendarInfoEx
GetCalendarInfoW
GetCalendarMonthsInYear
GetCalendarSupportedDateRange
GetCalendarWeekNumber
GetComPlusPackageInstallStatus
GetCommConfig
GetCommMask
GetCommModemStatus
GetCommProperties
GetCommState
GetCommTimeouts
GetCommandLineA
GetCommandLineW
GetCompressedFileSizeA
GetCompressedFileSizeTransactedA
GetCompressedFileSizeTransactedW
GetCompressedFileSizeW
GetComputerNameA
GetComputerNameExA
GetComputerNameExW
GetComputerNameW
GetConsoleAliasA
GetConsoleAliasExesA
GetConsoleAliasExesLengthA
GetConsoleAliasExesLengthW
GetConsoleAliasExesW
GetConsoleAliasW
GetConsoleAliasesA
GetConsoleAliasesLengthA
GetConsoleAliasesLengthW
GetConsoleAliasesW
GetConsoleCP
GetConsoleCharType

Sections

.text
Size: 501KB - Virtual size: 500KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 203KB - Virtual size: 203KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 104B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 764B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
msvcp140d.dll
.dll windows:6 windows x86 arch:x86

f9c6cb3add798c4967ef04e6ed11d107

Code Sign

33:00:00:00:9d:42:68:ee:31:1c:d7:56:bd:00:00:00:00:00:9d
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

30/03/2016, 19:21

Not After

30/06/2017, 19:21

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:148C-C4B9-2066,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

33:00:00:01:40:96:a9:ee:70:56:fe:cc:07:00:01:00:00:01:40
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

18/08/2016, 20:17

Not After

02/11/2017, 20:17

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:33:26:1a:00:00:00:00:00:31
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

31/08/2010, 22:19

Not After

31/08/2020, 22:29

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03/04/2007, 12:53

Not After

03/04/2021, 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:64:47:84:94:86:db:41:19:38:00:00:00:00:00:64
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

28/10/2015, 20:31

Not After

28/01/2017, 20:31

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08/07/2011, 20:59

Not After

08/07/2026, 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

fe:e0:ec:cc:d7:97:5a:e1:e9:d6:66:8d:73:c4:d1:b0:ac:9e:7e:1d:27:fd:d4:98:cc:86:1c:15:a0:30:27:c0
Signer

Actual PE Digest

fe:e0:ec:cc:d7:97:5a:e1:e9:d6:66:8d:73:c4:d1:b0:ac:9e:7e:1d:27:fd:d4:98:cc:86:1c:15:a0:30:27:c0

Digest Algorithm

sha256

PE Digest Matches

true

99:93:3e:fa:9d:b3:18:e9:d0:ae:23:22:80:5d:73:5d:27:fd:5c:91
Signer

Actual PE Digest

99:93:3e:fa:9d:b3:18:e9:d0:ae:23:22:80:5d:73:5d:27:fd:5c:91

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

msvcp140d.i386.pdb

Imports

vcruntime140d

__std_type_info_destroy_list
_except_handler4_common
__uncaught_exceptions
__uncaught_exception
memmove
memset
__CxxFrameHandler3
_CxxThrowException
__AdjustPointer
__processing_throw
__current_exception
__std_exception_destroy
__std_exception_copy
_purecall
memcmp
memchr
memcpy

ucrtbased

strtof
strtod
strcmp
strcspn
fabs
pow
frexp
abs
setlocale
_set_new_handler
fgetwc
fputwc
ungetwc
_Wcsftime
log
_Strftime
_lock_locales
_unlock_locales
rand_s
_callnewh
_seh_filter_dll
_configure_narrow_argv
_initialize_narrow_environment
_initialize_onexit_table
_register_onexit_function
_execute_onexit_table
_crt_atexit
_cexit
_initterm
_initterm_e
_realloc_dbg
fseek
_fsopen
_wfsopen
wcslen
_wremove
_wrename
_wrmdir
_wchdir
_wgetcwd
_W_Gettnames
_W_Getmonths
_W_Getdays
_Gettnames
_Getmonths
_Getdays
strlen
_unlock_file
_lock_file
ungetc
setvbuf
fwrite
_fseeki64
fsetpos
fgetpos
fgetc
fflush
fclose
_get_stream_buffer_pointers
_invalid_parameter_noinfo
_invalid_parameter
wcscpy_s
wcsnlen
__strncnt
terminate
malloc
free
btowc
iswctype
_ismbblead
___mb_cur_max_func
_malloc_dbg
_free_dbg
___lc_collate_cp_func
tolower
isalnum
isxdigit
isspace
localeconv
isdigit
_CrtDbgReportW
ldexp
_errno
calloc
_endthreadex
_beginthreadex
fputs
fputc
__acrt_iob_func
abort
islower
___lc_codepage_func
___lc_locale_name_func
isupper
__pctype_func
_wcsdup_dbg
_calloc_dbg
__stdio_common_vsprintf_s

kernel32

DuplicateHandle
WaitForSingleObjectEx
Sleep
GetCurrentProcess
GetCurrentThread
GetCurrentThreadId
GetExitCodeThread
GetNativeSystemInfo
QueryPerformanceCounter
QueryPerformanceFrequency
GetStringTypeW
MultiByteToWideChar
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
WideCharToMultiByte
EncodePointer
LoadLibraryExA
FreeLibrary
VirtualQuery
VirtualProtect
GetSystemInfo
InitializeSListHead
GetCurrentProcessId
IsDebuggerPresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetProcAddress
GetModuleHandleW
GetTickCount
GetSystemTimeAsFileTime
CreateEventW
InitializeCriticalSectionAndSpinCount
SetLastError
QueueUserWorkItem
IsProcessorFeaturePresent
RtlCaptureStackBackTrace
TryEnterCriticalSection
FormatMessageW
AreFileApisANSI
CreateHardLinkW
CopyFileW
GetLastError
GetTempPathW
SetFilePointerEx
SetFileAttributesW
SetEndOfFile
GetFileInformationByHandle
GetFileAttributesExW
GetDiskFreeSpaceExW
FindNextFileW
FindFirstFileExW
FindClose
CreateFileW
CreateDirectoryW
GetLocaleInfoW
LCMapStringW
CompareStringW
GetCPInfo
RaiseException
DecodePointer
CloseHandle

Exports

Exports

??$_Getvals@_W@?$time_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@IAEX_WABV_Locinfo@1@@Z
??$_Getvals@_W@?$time_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@IAEX_WABV_Locinfo@1@@Z
??$_Getvals@_W@?$time_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@IAEX_WABV_Locinfo@1@@Z
??0?$_Yarn@D@std@@QAE@ABV01@@Z
??0?$_Yarn@D@std@@QAE@PBD@Z
??0?$_Yarn@D@std@@QAE@XZ
??0?$_Yarn@G@std@@QAE@ABV01@@Z
??0?$_Yarn@G@std@@QAE@PBG@Z
??0?$_Yarn@G@std@@QAE@XZ
??0?$_Yarn@_W@std@@QAE@ABV01@@Z
??0?$_Yarn@_W@std@@QAE@PB_W@Z
??0?$_Yarn@_W@std@@QAE@XZ
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
??0?$basic_ios@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??0?$basic_ios@GU?$char_traits@G@std@@@std@@IAE@XZ
??0?$basic_ios@GU?$char_traits@G@std@@@std@@QAE@PAV?$basic_streambuf@GU?$char_traits@G@std@@@1@@Z
??0?$basic_ios@_WU?$char_traits@_W@std@@@std@@IAE@XZ
??0?$basic_ios@_WU?$char_traits@_W@std@@@std@@QAE@PAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@@Z
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@IAE@$$QAV01@@Z
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??0?$basic_iostream@GU?$char_traits@G@std@@@std@@IAE@$$QAV01@@Z
??0?$basic_iostream@GU?$char_traits@G@std@@@std@@QAE@PAV?$basic_streambuf@GU?$char_traits@G@std@@@1@@Z
??0?$basic_iostream@_WU?$char_traits@_W@std@@@std@@IAE@$$QAV01@@Z
??0?$basic_iostream@_WU?$char_traits@_W@std@@@std@@QAE@PAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@@Z
??0?$basic_istream@DU?$char_traits@D@std@@@std@@IAE@$$QAV01@@Z
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N1@Z
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QAE@W4_Uninitialized@1@@Z
??0?$basic_istream@GU?$char_traits@G@std@@@std@@IAE@$$QAV01@@Z
??0?$basic_istream@GU?$char_traits@G@std@@@std@@QAE@PAV?$basic_streambuf@GU?$char_traits@G@std@@@1@_N1@Z
??0?$basic_istream@GU?$char_traits@G@std@@@std@@QAE@PAV?$basic_streambuf@GU?$char_traits@G@std@@@1@_N@Z
??0?$basic_istream@GU?$char_traits@G@std@@@std@@QAE@W4_Uninitialized@1@@Z
??0?$basic_istream@_WU?$char_traits@_W@std@@@std@@IAE@$$QAV01@@Z
??0?$basic_istream@_WU?$char_traits@_W@std@@@std@@QAE@PAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@_N1@Z
??0?$basic_istream@_WU?$char_traits@_W@std@@@std@@QAE@PAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@_N@Z
??0?$basic_istream@_WU?$char_traits@_W@std@@@std@@QAE@W4_Uninitialized@1@@Z
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@IAE@$$QAV01@@Z
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@W4_Uninitialized@1@_N@Z
??0?$basic_ostream@GU?$char_traits@G@std@@@std@@IAE@$$QAV01@@Z
??0?$basic_ostream@GU?$char_traits@G@std@@@std@@QAE@PAV?$basic_streambuf@GU?$char_traits@G@std@@@1@_N@Z
??0?$basic_ostream@GU?$char_traits@G@std@@@std@@QAE@W4_Uninitialized@1@_N@Z
??0?$basic_ostream@_WU?$char_traits@_W@std@@@std@@IAE@$$QAV01@@Z
??0?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAE@PAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@_N@Z
??0?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAE@W4_Uninitialized@1@_N@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@ABV01@@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@W4_Uninitialized@1@@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
??0?$basic_streambuf@GU?$char_traits@G@std@@@std@@IAE@ABV01@@Z
??0?$basic_streambuf@GU?$char_traits@G@std@@@std@@IAE@W4_Uninitialized@1@@Z
??0?$basic_streambuf@GU?$char_traits@G@std@@@std@@IAE@XZ
??0?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAE@ABV01@@Z
??0?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAE@W4_Uninitialized@1@@Z
??0?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAE@XZ
??0?$codecvt@DDU_Mbstatet@@@std@@QAE@ABV_Locinfo@1@I@Z
??0?$codecvt@DDU_Mbstatet@@@std@@QAE@I@Z
??0?$codecvt@GDU_Mbstatet@@@std@@QAE@ABV_Locinfo@1@I@Z
??0?$codecvt@GDU_Mbstatet@@@std@@QAE@I@Z
??0?$codecvt@_SDU_Mbstatet@@@std@@QAE@ABV_Locinfo@1@I@Z
??0?$codecvt@_SDU_Mbstatet@@@std@@QAE@ABV_Locinfo@1@KW4_Codecvt_mode@1@I@Z
??0?$codecvt@_SDU_Mbstatet@@@std@@QAE@I@Z
??0?$codecvt@_UDU_Mbstatet@@@std@@QAE@ABV_Locinfo@1@I@Z
??0?$codecvt@_UDU_Mbstatet@@@std@@QAE@ABV_Locinfo@1@KW4_Codecvt_mode@1@I@Z
??0?$codecvt@_UDU_Mbstatet@@@std@@QAE@I@Z
??0?$codecvt@_WDU_Mbstatet@@@std@@QAE@ABV_Locinfo@1@I@Z
??0?$codecvt@_WDU_Mbstatet@@@std@@QAE@I@Z
??0?$ctype@D@std@@QAE@ABV_Locinfo@1@I@Z
??0?$ctype@D@std@@QAE@PBF_NI@Z
??0?$ctype@G@std@@QAE@ABV_Locinfo@1@I@Z
??0?$ctype@G@std@@QAE@I@Z
??0?$ctype@_W@std@@QAE@ABV_Locinfo@1@I@Z
??0?$ctype@_W@std@@QAE@I@Z
??0?$num_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QAE@ABV_Locinfo@1@I@Z
??0?$num_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QAE@I@Z
??0?$num_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QAE@ABV_Locinfo@1@I@Z
??0?$num_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QAE@I@Z
??0?$num_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@QAE@ABV_Locinfo@1@I@Z
??0?$num_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@QAE@I@Z
??0?$num_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QAE@ABV_Locinfo@1@I@Z
??0?$num_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QAE@I@Z
??0?$num_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QAE@ABV_Locinfo@1@I@Z
??0?$num_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QAE@I@Z
??0?$num_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@QAE@ABV_Locinfo@1@I@Z
??0?$num_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@QAE@I@Z
??0?$time_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@IAE@PBDI@Z
??0?$time_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QAE@ABV_Locinfo@1@I@Z
??0?$time_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QAE@I@Z
??0?$time_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@IAE@PBDI@Z
??0?$time_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QAE@ABV_Locinfo@1@I@Z
??0?$time_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QAE@I@Z
??0?$time_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@IAE@PBDI@Z
??0?$time_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@QAE@ABV_Locinfo@1@I@Z
??0?$time_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@QAE@I@Z
??0?$time_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QAE@ABV_Locinfo@1@I@Z
??0?$time_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QAE@I@Z
??0?$time_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@IAE@PBDI@Z
??0?$time_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QAE@ABV_Locinfo@1@I@Z
??0?$time_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QAE@I@Z
??0?$time_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@IAE@PBDI@Z
??0?$time_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@QAE@ABV_Locinfo@1@I@Z
??0?$time_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@QAE@I@Z
??0Init@ios_base@std@@QAE@XZ
??0_Facet_base@std@@QAE@ABV01@@Z
??0_Facet_base@std@@QAE@XZ
??0_Init_locks@std@@QAE@XZ
??0_Locimp@locale@std@@AAE@ABV012@@Z
??0_Locimp@locale@std@@AAE@_N@Z
??0_Locinfo@std@@QAE@HPBD@Z
??0_Locinfo@std@@QAE@PBD@Z
??0_Lockit@std@@QAE@H@Z
??0_Lockit@std@@QAE@XZ
??0_Timevec@std@@QAE@ABV01@@Z
??0_Timevec@std@@QAE@PAX@Z
??0_UShinit@std@@QAE@XZ
??0_Winit@std@@QAE@XZ
??0codecvt_base@std@@QAE@I@Z
??0ctype_base@std@@QAE@I@Z
??0facet@locale@std@@IAE@I@Z
??0id@locale@std@@QAE@I@Z
??0ios_base@std@@IAE@XZ
??0task_continuation_context@Concurrency@@AAE@XZ
??0time_base@std@@QAE@I@Z
??1?$_Yarn@D@std@@QAE@XZ
??1?$_Yarn@G@std@@QAE@XZ
??1?$_Yarn@_W@std@@QAE@XZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_ios@GU?$char_traits@G@std@@@std@@UAE@XZ
??1?$basic_ios@_WU?$char_traits@_W@std@@@std@@UAE@XZ
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_iostream@GU?$char_traits@G@std@@@std@@UAE@XZ
??1?$basic_iostream@_WU?$char_traits@_W@std@@@std@@UAE@XZ
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_istream@GU?$char_traits@G@std@@@std@@UAE@XZ
??1?$basic_istream@_WU?$char_traits@_W@std@@@std@@UAE@XZ
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_ostream@GU?$char_traits@G@std@@@std@@UAE@XZ
??1?$basic_ostream@_WU?$char_traits@_W@std@@@std@@UAE@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_streambuf@GU?$char_traits@G@std@@@std@@UAE@XZ
??1?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UAE@XZ
??1?$codecvt@DDU_Mbstatet@@@std@@MAE@XZ
??1?$codecvt@GDU_Mbstatet@@@std@@MAE@XZ
??1?$codecvt@_SDU_Mbstatet@@@std@@MAE@XZ
??1?$codecvt@_UDU_Mbstatet@@@std@@MAE@XZ
??1?$codecvt@_WDU_Mbstatet@@@std@@MAE@XZ
??1?$ctype@D@std@@MAE@XZ
??1?$ctype@G@std@@MAE@XZ
??1?$ctype@_W@std@@MAE@XZ
??1?$num_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@MAE@XZ
??1?$num_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@MAE@XZ
??1?$num_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@MAE@XZ
??1?$num_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@MAE@XZ
??1?$num_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@MAE@XZ
??1?$num_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@MAE@XZ
??1?$time_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@MAE@XZ
??1?$time_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@MAE@XZ
??1?$time_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@MAE@XZ
??1?$time_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@MAE@XZ
??1?$time_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@MAE@XZ
??1?$time_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@MAE@XZ
??1Init@ios_base@std@@QAE@XZ
??1_Facet_base@std@@UAE@XZ
??1_Init_locks@std@@QAE@XZ
??1_Locimp@locale@std@@MAE@XZ
??1_Locinfo@std@@QAE@XZ
??1_Lockit@std@@QAE@XZ
??1_Timevec@std@@QAE@XZ
??1_UShinit@std@@QAE@XZ
??1_Winit@std@@QAE@XZ
??1codecvt_base@std@@UAE@XZ
??1ctype_base@std@@UAE@XZ
??1facet@locale@std@@MAE@XZ
??1ios_base@std@@UAE@XZ
??1time_base@std@@UAE@XZ
??2_Crt_new_delete@std@@SAPAXI@Z
??2_Crt_new_delete@std@@SAPAXIABUnothrow_t@1@@Z
??2_Crt_new_delete@std@@SAPAXIPAX@Z
??3_Crt_new_delete@std@@SAXPAX0@Z
??3_Crt_new_delete@std@@SAXPAX@Z
??3_Crt_new_delete@std@@SAXPAXABUnothrow_t@1@@Z
??4?$_Iosb@H@std@@QAEAAV01@$$QAV01@@Z
??4?$_Iosb@H@std@@QAEAAV01@ABV01@@Z
??4?$_Yarn@D@std@@QAEAAV01@ABV01@@Z
??4?$_Yarn@D@std@@QAEAAV01@PBD@Z
??4?$_Yarn@G@std@@QAEAAV01@ABV01@@Z
??4?$_Yarn@G@std@@QAEAAV01@PBG@Z
??4?$_Yarn@_W@std@@QAEAAV01@ABV01@@Z
??4?$_Yarn@_W@std@@QAEAAV01@PB_W@Z
??4?$basic_iostream@DU?$char_traits@D@std@@@std@@IAEAAV01@$$QAV01@@Z
??4?$basic_iostream@GU?$char_traits@G@std@@@std@@IAEAAV01@$$QAV01@@Z
??4?$basic_iostream@_WU?$char_traits@_W@std@@@std@@IAEAAV01@$$QAV01@@Z
??4?$basic_istream@DU?$char_traits@D@std@@@std@@IAEAAV01@$$QAV01@@Z
??4?$basic_istream@GU?$char_traits@G@std@@@std@@IAEAAV01@$$QAV01@@Z
??4?$basic_istream@_WU?$char_traits@_W@std@@@std@@IAEAAV01@$$QAV01@@Z
??4?$basic_ostream@DU?$char_traits@D@std@@@std@@IAEAAV01@$$QAV01@@Z
??4?$basic_ostream@GU?$char_traits@G@std@@@std@@IAEAAV01@$$QAV01@@Z
??4?$basic_ostream@_WU?$char_traits@_W@std@@@std@@IAEAAV01@$$QAV01@@Z
??4?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEAAV01@ABV01@@Z
??4?$basic_streambuf@GU?$char_traits@G@std@@@std@@IAEAAV01@ABV01@@Z
??4?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAEAAV01@ABV01@@Z
??4Init@ios_base@std@@QAEAAV012@ABV012@@Z
??4_Crt_new_delete@std@@QAEAAU01@$$QAU01@@Z
??4_Crt_new_delete@std@@QAEAAU01@ABU01@@Z
??4_Facet_base@std@@QAEAAV01@ABV01@@Z
??4_Init_locks@std@@QAEAAV01@ABV01@@Z
??4_Timevec@std@@QAEAAV01@ABV01@@Z
??4_UShinit@std@@QAEAAV01@ABV01@@Z
??4_Winit@std@@QAEAAV01@ABV01@@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AAF@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AAG@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AAH@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AAI@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AAJ@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AAK@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AAM@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AAN@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AAO@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AAPAX@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AA_J@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AA_K@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AA_N@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV?$basic_ios@DU?$char_traits@D@std@@@1@AAV21@@Z@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAVios_base@1@AAV21@@Z@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QAEAAV01@AAF@Z
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QAEAAV01@AAG@Z
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QAEAAV01@AAH@Z
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QAEAAV01@AAI@Z
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QAEAAV01@AAJ@Z
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QAEAAV01@AAK@Z
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QAEAAV01@AAM@Z
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QAEAAV01@AAN@Z
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QAEAAV01@AAO@Z
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QAEAAV01@AAPAX@Z
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QAEAAV01@AA_J@Z
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QAEAAV01@AA_K@Z
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QAEAAV01@AA_N@Z
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QAEAAV01@P6AAAV?$basic_ios@GU?$char_traits@G@std@@@1@AAV21@@Z@Z
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QAEAAV01@P6AAAVios_base@1@AAV21@@Z@Z
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QAEAAV01@PAV?$basic_streambuf@GU?$char_traits@G@std@@@1@@Z
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@AAF@Z
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@AAG@Z
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@AAH@Z
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@AAI@Z
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@AAJ@Z
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@AAK@Z
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@AAM@Z
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@AAN@Z
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@AAO@Z
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@AAPAX@Z
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@AA_J@Z
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@AA_K@Z
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@AA_N@Z
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@P6AAAV?$basic_ios@_WU?$char_traits@_W@std@@@1@AAV21@@Z@Z
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@P6AAAVios_base@1@AAV21@@Z@Z
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@PAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@F@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@G@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@H@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@I@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@J@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@K@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@M@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@N@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@O@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV?$basic_ios@DU?$char_traits@D@std@@@1@AAV21@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAVios_base@1@AAV21@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@PBX@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@_J@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@_K@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@_N@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEAAV01@F@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEAAV01@G@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEAAV01@H@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEAAV01@I@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEAAV01@J@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEAAV01@K@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEAAV01@M@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEAAV01@N@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEAAV01@O@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEAAV01@P6AAAV?$basic_ios@GU?$char_traits@G@std@@@1@AAV21@@Z@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEAAV01@P6AAAVios_base@1@AAV21@@Z@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEAAV01@PAV?$basic_streambuf@GU?$char_traits@G@std@@@1@@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEAAV01@PBX@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEAAV01@_J@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEAAV01@_K@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEAAV01@_N@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@F@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@G@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@H@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@I@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@J@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@K@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@M@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@N@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@O@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@P6AAAV?$basic_ios@_WU?$char_traits@_W@std@@@1@AAV21@@Z@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@P6AAAVios_base@1@AAV21@@Z@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@PAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@PBX@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@_J@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@_K@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@_N@Z
??7ios_base@std@@QBE_NXZ
??Bid@locale@std@@QAEIXZ
??Bios_base@std@@QBE_NXZ
??_7?$basic_ios@DU?$char_traits@D@std@@@std@@6B@
??_7?$basic_ios@GU?$char_traits@G@std@@@std@@6B@
??_7?$basic_ios@_WU?$char_traits@_W@std@@@std@@6B@
??_7?$basic_iostream@DU?$char_traits@D@std@@@std@@6B@
??_7?$basic_iostream@GU?$char_traits@G@std@@@std@@6B@
??_7?$basic_iostream@_WU?$char_traits@_W@std@@@std@@6B@
??_7?$basic_istream@DU?$char_traits@D@std@@@std@@6B@
??_7?$basic_istream@GU?$char_traits@G@std@@@std@@6B@
??_7?$basic_istream@_WU?$char_traits@_W@std@@@std@@6B@
??_7?$basic_ostream@DU?$char_traits@D@std@@@std@@6B@
??_7?$basic_ostream@GU?$char_traits@G@std@@@std@@6B@
??_7?$basic_ostream@_WU?$char_traits@_W@std@@@std@@6B@
??_7?$basic_streambuf@DU?$char_traits@D@std@@@std@@6B@
??_7?$basic_streambuf@GU?$char_traits@G@std@@@std@@6B@
??_7?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@6B@
??_7?$codecvt@DDU_Mbstatet@@@std@@6B@
??_7?$codecvt@GDU_Mbstatet@@@std@@6B@
??_7?$codecvt@_SDU_Mbstatet@@@std@@6B@
??_7?$codecvt@_UDU_Mbstatet@@@std@@6B@
??_7?$codecvt@_WDU_Mbstatet@@@std@@6B@
??_7?$ctype@D@std@@6B@
??_7?$ctype@G@std@@6B@
??_7?$ctype@_W@std@@6B@
??_7?$num_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@6B@
??_7?$num_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@6B@
??_7?$num_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@6B@
??_7?$num_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@6B@
??_7?$num_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@6B@
??_7?$num_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@6B@
??_7?$time_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@6B@
??_7?$time_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@6B@
??_7?$time_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@6B@
??_7?$time_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@6B@
??_7?$time_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@6B@
??_7?$time_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@6B@
??_7_Facet_base@std@@6B@
??_7_Locimp@locale@std@@6B@
??_7codecvt_base@std@@6B@
??_7ctype_base@std@@6B@
??_7facet@locale@std@@6B@
??_7ios_base@std@@6B@
??_7time_base@std@@6B@
??_8?$basic_iostream@DU?$char_traits@D@std@@@std@@7B?$basic_istream@DU?$char_traits@D@std@@@1@@
??_8?$basic_iostream@DU?$char_traits@D@std@@@std@@7B?$basic_ostream@DU?$char_traits@D@std@@@1@@
??_8?$basic_iostream@GU?$char_traits@G@std@@@std@@7B?$basic_istream@GU?$char_traits@G@std@@@1@@
??_8?$basic_iostream@GU?$char_traits@G@std@@@std@@7B?$basic_ostream@GU?$char_traits@G@std@@@1@@
??_8?$basic_iostream@_WU?$char_traits@_W@std@@@std@@7B?$basic_istream@_WU?$char_traits@_W@std@@@1@@
??_8?$basic_iostream@_WU?$char_traits@_W@std@@@std@@7B?$basic_ostream@_WU?$char_traits@_W@std@@@1@@
??_8?$basic_istream@DU?$char_traits@D@std@@@std@@7B@
??_8?$basic_istream@GU?$char_traits@G@std@@@std@@7B@
??_8?$basic_istream@_WU?$char_traits@_W@std@@@std@@7B@
??_8?$basic_ostream@DU?$char_traits@D@std@@@std@@7B@
??_8?$basic_ostream@GU?$char_traits@G@std@@@std@@7B@
??_8?$basic_ostream@_WU?$char_traits@_W@std@@@std@@7B@
??_D?$basic_iostream@DU?$char_traits@D@std@@@std@@QAEXXZ
??_D?$basic_iostream@GU?$char_traits@G@std@@@std@@QAEXXZ
??_D?$basic_iostream@_WU?$char_traits@_W@std@@@std@@QAEXXZ
??_D?$basic_istream@DU?$char_traits@D@std@@@std@@QAEXXZ
??_D?$basic_istream@GU?$char_traits@G@std@@@std@@QAEXXZ
??_D?$basic_istream@_WU?$char_traits@_W@std@@@std@@QAEXXZ
??_D?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
??_D?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEXXZ
??_D?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEXXZ
??_F?$codecvt@DDU_Mbstatet@@@std@@QAEXXZ
??_F?$codecvt@GDU_Mbstatet@@@std@@QAEXXZ
??_F?$codecvt@_SDU_Mbstatet@@@std@@QAEXXZ
??_F?$codecvt@_UDU_Mbstatet@@@std@@QAEXXZ
??_F?$codecvt@_WDU_Mbstatet@@@std@@QAEXXZ
??_F?$ctype@D@std@@QAEXXZ
??_F?$ctype@G@std@@QAEXXZ
??_F?$ctype@_W@std@@QAEXXZ
??_F?$num_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QAEXXZ
??_F?$num_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QAEXXZ
??_F?$num_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@QAEXXZ
??_F?$num_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QAEXXZ
??_F?$num_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QAEXXZ
??_F?$num_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@QAEXXZ
??_F?$time_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QAEXXZ
??_F?$time_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QAEXXZ
??_F?$time_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@QAEXXZ
??_F?$time_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QAEXXZ
??_F?$time_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QAEXXZ
??_F?$time_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@QAEXXZ
??_F_Locinfo@std@@QAEXXZ
??_F_Timevec@std@@QAEXXZ
??_Fcodecvt_base@std@@QAEXXZ
??_Fctype_base@std@@QAEXXZ
??_Ffacet@locale@std@@QAEXXZ
??_Fid@locale@std@@QAEXXZ
??_Ftime_base@std@@QAEXXZ
?CaptureCallstack@platform@details@Concurrency@@YAIPAPAXII@Z
?GetCurrentThreadId@platform@details@Concurrency@@YAJXZ
?GetNextAsyncId@platform@details@Concurrency@@YAIXZ
?ReportUnhandledError@_ExceptionHolder@details@Concurrency@@AAEXXZ
?_Addcats@_Locinfo@std@@QAEAAV12@HPBD@Z
?_Addfac@_Locimp@locale@std@@AAEXPAVfacet@23@I@Z
?_Addstd@ios_base@std@@SAXPAV12@@Z
?_Assign@_ContextCallback@details@Concurrency@@AAEXPAX@Z
?_Atexit@@YAXP6AXXZ@Z
?_BADOFF@std@@3_JB
?_C_str@?$_Yarn@D@std@@QBEPBDXZ
?_C_str@?$_Yarn@G@std@@QBEPBGXZ
?_C_str@?$_Yarn@_W@std@@QBEPB_WXZ
?_CallInContext@_ContextCallback@details@Concurrency@@QBEXV?$function@$$A6AXXZ@std@@_N@Z
?_Callfns@ios_base@std@@AAEXW4event@12@@Z
?_Capture@_ContextCallback@details@Concurrency@@AAEXXZ
?_Clocptr@_Locimp@locale@std@@0PAV123@A
?_Debug_message@std@@YAXPBG0I@Z
?_Debug_message@std@@YAXPB_W0I@Z
?_Decref@facet@locale@std@@UAEPAV_Facet_base@3@XZ
?_Donarrow@?$ctype@G@std@@IBEDGD@Z
?_Donarrow@?$ctype@_W@std@@IBED_WD@Z
?_Dowiden@?$ctype@G@std@@IBEGD@Z
?_Dowiden@?$ctype@_W@std@@IBE_WD@Z
?_Empty@?$_Yarn@D@std@@QBE_NXZ
?_Empty@?$_Yarn@G@std@@QBE_NXZ
?_Empty@?$_Yarn@_W@std@@QBE_NXZ
?_Execute_once@std@@YAHAAUonce_flag@1@P6GHPAX1PAPAX@Z1@Z
?_Ffmt@?$num_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@ABAPADPADDH@Z
?_Ffmt@?$num_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@ABAPADPADDH@Z
?_Ffmt@?$num_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@ABAPADPADDH@Z
?_Findarr@ios_base@std@@AAEAAU_Iosarray@12@H@Z
?_Fiopen@std@@YAPAU_iobuf@@PBDHH@Z
?_Fiopen@std@@YAPAU_iobuf@@PBGHH@Z
?_Fiopen@std@@YAPAU_iobuf@@PB_WHH@Z
?_Fput@?$num_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@ABA?AV?$ostreambuf_iterator@DU?$char_traits@D@std@@@2@V32@AAVios_base@2@DPBDI@Z
?_Fput@?$num_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@ABA?AV?$ostreambuf_iterator@GU?$char_traits@G@std@@@2@V32@AAVios_base@2@GPBDI@Z
?_Fput@?$num_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@ABA?AV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@2@V32@AAVios_base@2@_WPBDI@Z
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?_Getcat@?$codecvt@GDU_Mbstatet@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?_Getcat@?$codecvt@_SDU_Mbstatet@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?_Getcat@?$codecvt@_UDU_Mbstatet@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?_Getcat@?$codecvt@_WDU_Mbstatet@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?_Getcat@?$ctype@D@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?_Getcat@?$ctype@G@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?_Getcat@?$ctype@_W@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?_Getcat@?$num_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?_Getcat@?$num_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?_Getcat@?$num_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?_Getcat@?$num_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?_Getcat@?$num_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?_Getcat@?$num_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?_Getcat@?$time_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?_Getcat@?$time_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?_Getcat@?$time_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?_Getcat@?$time_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?_Getcat@?$time_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?_Getcat@?$time_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?_Getcat@facet@locale@std@@SAIPAPBV123@PBV23@@Z
?_Getcoll@_Locinfo@std@@QBE?AU_Collvec@@XZ
?_Getctype@_Locinfo@std@@QBE?AU_Ctypevec@@XZ
?_Getcvt@_Locinfo@std@@QBE?AU_Cvtvec@@XZ
?_Getdateorder@_Locinfo@std@@QBEHXZ
?_Getdays@_Locinfo@std@@QBEPBDXZ
?_Getfalse@_Locinfo@std@@QBEPBDXZ
?_Getffld@?$num_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@ABAHPADAAV?$istreambuf_iterator@DU?$char_traits@D@std@@@2@1AAVios_base@2@PAH@Z
?_Getffld@?$num_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@ABAHPADAAV?$istreambuf_iterator@GU?$char_traits@G@std@@@2@1AAVios_base@2@PAH@Z
?_Getffld@?$num_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@ABAHPADAAV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@2@1AAVios_base@2@PAH@Z
?_Getffldx@?$num_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@ABAHPADAAV?$istreambuf_iterator@DU?$char_traits@D@std@@@2@1AAVios_base@2@PAH@Z
?_Getffldx@?$num_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@ABAHPADAAV?$istreambuf_iterator@GU?$char_traits@G@std@@@2@1AAVios_base@2@PAH@Z
?_Getffldx@?$num_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@ABAHPADAAV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@2@1AAVios_base@2@PAH@Z
?_Getfmt@?$time_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@IBE?AV?$istreambuf_iterator@DU?$char_traits@D@std@@@2@V32@0AAVios_base@2@AAHPAUtm@@PBD@Z
?_Getfmt@?$time_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@IBE?AV?$istreambuf_iterator@GU?$char_traits@G@std@@@2@V32@0AAVios_base@2@AAHPAUtm@@PBD@Z
?_Getfmt@?$time_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@IBE?AV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@2@V32@0AAVios_base@2@AAHPAUtm@@PBD@Z
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ
?_Getifld@?$num_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@ABAHPADAAV?$istreambuf_iterator@DU?$char_traits@D@std@@@2@1HABVlocale@2@@Z
?_Getifld@?$num_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@ABAHPADAAV?$istreambuf_iterator@GU?$char_traits@G@std@@@2@1HABVlocale@2@@Z
?_Getifld@?$num_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@ABAHPADAAV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@2@1HABVlocale@2@@Z
?_Getint@?$time_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@ABAHAAV?$istreambuf_iterator@DU?$char_traits@D@std@@@2@0HHAAHABV?$ctype@D@2@@Z
?_Getint@?$time_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@ABAHAAV?$istreambuf_iterator@GU?$char_traits@G@std@@@2@0HHAAHABV?$ctype@G@2@@Z
?_Getint@?$time_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@ABAHAAV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@2@0HHAAHABV?$ctype@_W@2@@Z
?_Getlconv@_Locinfo@std@@QBEPBUlconv@@XZ
?_Getmonths@_Locinfo@std@@QBEPBDXZ
?_Getname@_Locinfo@std@@QBEPBDXZ
?_Getptr@_Timevec@std@@QBEPAXXZ
?_Gettnames@_Locinfo@std@@QBE?AV_Timevec@2@XZ
?_Gettrue@_Locinfo@std@@QBEPBDXZ
?_Gnavail@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBE_JXZ
?_Gnavail@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IBE_JXZ
?_Gnavail@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IBE_JXZ
?_Gndec@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
?_Gndec@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IAEPAGXZ
?_Gndec@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAEPA_WXZ
?_Gninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
?_Gninc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IAEPAGXZ
?_Gninc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAEPA_WXZ
?_Gnpreinc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ

Sections

.text
Size: 682KB - Virtual size: 681KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 52B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
shell32.dll
.dll regsvr32 windows:10 windows x64 arch:x64

a02efedf4c202611ae05011a2c74cc7b

Code Sign

33:00:00:02:65:51:ae:1b:bd:00:5c:bf:bd:00:00:00:00:02:65
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

04/03/2020, 18:30

Not After

03/03/2021, 18:30

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

76:f7:7b:79:eb:46:5f:9f:ce:1a:81:1b:42:a8:72:d1:ae:8e:22:61:2c:b4:e0:ad:98:6d:ae:e0:dd:24:59:0a
Signer

Actual PE Digest

76:f7:7b:79:eb:46:5f:9f:ce:1a:81:1b:42:a8:72:d1:ae:8e:22:61:2c:b4:e0:ad:98:6d:ae:e0:dd:24:59:0a

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

shell32.pdb

Imports

msvcp_win

?egptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
?eback@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
??0?$basic_ios@GU?$char_traits@G@std@@@std@@IEAA@XZ
?setp@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXPEAG0@Z
?pbase@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
??0?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAA@XZ
?sputn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QEAA_JPEBG_J@Z
?imbue@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAXAEBVlocale@2@@Z
?setbuf@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAPEAV12@PEAG_J@Z
?xsgetn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JPEAG_J@Z
?uflow@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAGXZ
?showmanyc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JXZ
?xsputn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JPEBG_J@Z
?setg@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXPEAG00@Z
?gbump@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXH@Z
?pptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
?epptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
??0?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAA@PEAV?$basic_streambuf@GU?$char_traits@G@std@@@1@_N@Z
?gptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
??1?$basic_ostream@GU?$char_traits@G@std@@@std@@UEAA@XZ
?tellp@?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAA?AV?$fpos@U_Mbstatet@@@2@XZ
??1?$basic_ios@GU?$char_traits@G@std@@@std@@UEAA@XZ
?_Lock@?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAAXXZ
?flush@?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV12@XZ
?tie@?$basic_ios@GU?$char_traits@G@std@@@std@@QEBAPEAV?$basic_ostream@GU?$char_traits@G@std@@@2@XZ
?_Unlock@?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAAXXZ
?uncaught_exception@std@@YA_NXZ
?good@ios_base@std@@QEBA_NXZ
?sync@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAHXZ
??1?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAA@XZ
?_Osfx@?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAXXZ
?width@ios_base@std@@QEBA_JXZ
?flags@ios_base@std@@QEBAHXZ
?_Pninc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAPEAGXZ
?sputc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QEAAGG@Z
?_Xlength_error@std@@YAXPEBD@Z
?rdbuf@?$basic_ios@GU?$char_traits@G@std@@@std@@QEBAPEAV?$basic_streambuf@GU?$char_traits@G@std@@@2@XZ
?fill@?$basic_ios@GU?$char_traits@G@std@@@std@@QEBAGXZ
?width@ios_base@std@@QEAA_J_J@Z
?setstate@?$basic_ios@GU?$char_traits@G@std@@@std@@QEAAXH_N@Z
?setp@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXPEAG00@Z

api-ms-win-crt-string-l1-1-0

wcsspn
wcspbrk
wcscmp
wcscspn
wcsncmp
memset

api-ms-win-crt-runtime-l1-1-0

_initterm
_initterm_e

api-ms-win-crt-private-l1-1-0

_o_pow
_o_qsort
_o_rand
_o_realloc
_o_sqrt
_o_srand
_o_strncpy_s
_o_terminate
_o_toupper
_o_wcscat_s
_o_wcscpy_s
_o_wcsncpy_s
_o_wcstok_s
_o_wcstol
_o_wcstoul
strchr
wcsrchr
__CxxFrameHandler3
_o_malloc
memmove
_o__ui64tow_s
_o_log
_o_iswspace
_o__strnicmp
_o_isdigit
_o_isalpha
_o__set_errno
_o__seh_filter_dll
_o__resetstkoflw
_o_free
_o__register_onexit_function
_o_floor
_o__purecall
_o_ceil
_o_calloc
_o_bsearch
_o__wtoi
_o__wcsupr
_o__wcstoui64
_o__wcsnicmp
_o__wcsicmp
_o__itow
_o__invalid_parameter_noinfo_noreturn
_o__invalid_parameter_noinfo
_o__initialize_onexit_table
_o__initialize_narrow_environment
_o__get_errno
_o__execute_onexit_table
_o__errno
_o__difftime64
_o__crt_atexit
_o__configure_narrow_argv
_o__cexit
_o___stdio_common_vswscanf
_o___stdio_common_vswprintf
_o___stdio_common_vsprintf_s
_o___stdio_common_vsprintf
_o___stdio_common_vsnprintf_s
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
__std_terminate
__CxxFrameHandler4
wcschr
wcsstr
__C_specific_handler
_CxxThrowException
memcmp
memcpy

api-ms-win-core-heap-l2-1-0

GlobalFree
LocalReAlloc
LocalFree
LocalAlloc
GlobalAlloc

api-ms-win-core-registry-l1-1-0

RegCloseKey
RegOpenCurrentUser
RegOpenKeyExW
RegCreateKeyExW
RegSetValueExW
RegGetKeySecurity
RegDeleteKeyExW
RegOpenKeyExA
RegNotifyChangeKeyValue
RegQueryValueExA
RegQueryInfoKeyW
RegEnumValueW
RegGetValueW
RegDeleteValueW
RegQueryInfoKeyA
RegDeleteTreeW
RegQueryValueExW
RegEnumKeyExW

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleExW
EnumResourceNamesExW
SizeofResource
LoadResource
FreeLibrary
LoadStringW
LoadStringA
GetModuleHandleW
FindStringOrdinal
GetModuleFileNameW
LoadLibraryExA
LoadLibraryExW
FindResourceExW
GetModuleFileNameA
GetProcAddress
FreeResource
LockResource
DisableThreadLibraryCalls

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemInfo
GetComputerNameExW
GetSystemTimeAsFileTime
GetSystemWindowsDirectoryW
GetSystemDirectoryW
GlobalMemoryStatusEx
GetTickCount64
GetLocalTime
GetVersionExW
GetSystemTime
GetWindowsDirectoryW

api-ms-win-core-memory-l1-1-0

VirtualQuery
VirtualAlloc
VirtualProtect
OpenFileMappingW
VirtualFree
WriteProcessMemory
MapViewOfFile
ReadProcessMemory
CreateFileMappingW
UnmapViewOfFile

api-ms-win-core-file-l1-1-0

CreateFileW
GetFileSizeEx
QueryDosDeviceW
GetFileAttributesW
SetEndOfFile
LocalFileTimeToFileTime
DeleteFileW
SetFileAttributesW
RemoveDirectoryW
WriteFile
GetFullPathNameW
GetShortPathNameW
GetLongPathNameW
GetFileSize
ReadFile
GetDriveTypeW
FindClose
CreateDirectoryW
GetLogicalDrives
GetVolumeInformationW
GetFileAttributesExW
FileTimeToLocalFileTime
FindFirstFileW
FindNextFileW
CompareFileTime
SetFileTime
FindFirstVolumeW
SetFileInformationByHandle
SetFilePointer
GetDiskFreeSpaceW
FlushFileBuffers
GetDiskFreeSpaceExW
GetVolumePathNameW
SetFilePointerEx
FindVolumeClose
GetTempFileNameW
FindNextVolumeW
FindFirstFileExW
GetFileInformationByHandle
DefineDosDeviceW

api-ms-win-core-handle-l1-1-0

CloseHandle
DuplicateHandle

api-ms-win-core-libraryloader-l1-2-1

FindResourceW
LoadLibraryW

api-ms-win-core-string-l1-1-0

GetStringTypeExW
CompareStringEx
CompareStringOrdinal
GetStringTypeW
MultiByteToWideChar
WideCharToMultiByte
CompareStringW

api-ms-win-core-synch-l1-1-0

InitializeCriticalSection
CreateMutexW
EnterCriticalSection
CreateEventExW
TryAcquireSRWLockShared
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
InitializeCriticalSectionEx
CreateSemaphoreExW
TryAcquireSRWLockExclusive
DeleteCriticalSection
ReleaseSemaphore
WaitForSingleObject
ReleaseMutex
OpenMutexW
InitializeSRWLock
ReleaseSRWLockExclusive
WaitForMultipleObjectsEx
AcquireSRWLockExclusive
WaitForSingleObjectEx
OpenSemaphoreW
ReleaseSRWLockShared
SetWaitableTimer
CreateWaitableTimerExW
ResetEvent
TryEnterCriticalSection
CreateMutexExW
AcquireSRWLockShared
SetEvent
OpenEventW
CreateEventW

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
RaiseException
UnhandledExceptionFilter
SetErrorMode
SetLastError
GetLastError

api-ms-win-core-processthreads-l1-1-0

GetThreadId
SetPriorityClass
OpenProcessToken
ResumeThread
GetExitCodeProcess
CreateProcessAsUserW
CreateProcessW
GetExitCodeThread
GetCurrentProcessId
CreateThread
TlsFree
TlsGetValue
TlsSetValue
SetThreadToken
OpenThread
GetCurrentThreadId
TlsAlloc
GetCurrentProcess
GetThreadPriority
SetThreadPriority
OpenThreadToken
GetCurrentThread
ProcessIdToSessionId
ExitProcess
TerminateProcess
GetProcessId

api-ms-win-core-string-l2-1-0

CharUpperW
CharLowerBuffW
CharPrevW
CharNextW
CharUpperBuffW
IsCharAlphaW
CharLowerW

api-ms-win-core-file-l2-1-0

CopyFile2
CreateHardLinkW
ReplaceFileW
GetFileInformationByHandleEx
MoveFileExW
ReadDirectoryChangesW

api-ms-win-core-processenvironment-l1-1-0

GetCommandLineW
SetEnvironmentVariableW
SearchPathW
GetEnvironmentVariableW
GetCurrentDirectoryW
SetCurrentDirectoryW
ExpandEnvironmentStringsW
ExpandEnvironmentStringsA

api-ms-win-security-base-l1-1-0

AllocateAndInitializeSid
AddAccessDeniedAceEx
FreeSid
DeleteAce
AddAccessAllowedAceEx
AddAce
GetAce
GetAclInformation
CopySid
GetLengthSid
IsValidSid
DuplicateTokenEx
GetSecurityDescriptorOwner
ImpersonateSelf
RevertToSelf
GetSecurityDescriptorDacl
GetSecurityDescriptorSacl
GetSidSubAuthorityCount
IsWellKnownSid
GetSidIdentifierAuthority
SetTokenInformation
GetSecurityDescriptorGroup
SetSecurityDescriptorOwner
DuplicateToken
GetSecurityDescriptorControl
GetTokenInformation
GetSidLengthRequired
EqualSid
CreateWellKnownSid
CheckTokenMembership
GetFileSecurityW
AccessCheck
AdjustTokenPrivileges
GetSidSubAuthority
InitializeSid
InitializeAcl
SetFileSecurityW

api-ms-win-core-synch-l1-2-0

InitOnceExecuteOnce
InitOnceComplete
InitOnceBeginInitialize
Sleep

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapReAlloc
HeapDestroy
HeapFree
HeapAlloc

api-ms-win-core-util-l1-1-0

EncodePointer
DecodePointer

api-ms-win-core-localization-l1-2-0

LocaleNameToLCID
GetUserDefaultLCID
GetSystemPreferredUILanguages
GetUserPreferredUILanguages
FormatMessageW
ResolveLocaleName
GetSystemDefaultLCID
GetUserDefaultLangID
IsDBCSLeadByte
GetThreadUILanguage
FindNLSStringEx
VerLanguageNameW
GetCPInfo
FindNLSString
LCMapStringEx
GetLocaleInfoW
LCMapStringW
IsValidLocaleName
GetThreadLocale
GetSystemDefaultLangID
GetACP

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
IsDebuggerPresent
DebugBreak

api-ms-win-core-timezone-l1-1-0

SystemTimeToTzSpecificLocalTime
TzSpecificLocalTimeToSystemTime
GetTimeZoneInformationForYear
SystemTimeToFileTime
FileTimeToSystemTime

api-ms-win-core-threadpool-l1-2-0

CloseThreadpoolWork
CloseThreadpoolWait
WaitForThreadpoolTimerCallbacks
CloseThreadpoolTimer
SetThreadpoolWait
WaitForThreadpoolWaitCallbacks
SubmitThreadpoolWork
CreateThreadpoolWork
CreateThreadpoolWait
SetThreadpoolTimer
CreateThreadpoolTimer

api-ms-win-core-processthreads-l1-1-1

OpenProcess
FlushInstructionCache
IsProcessorFeaturePresent

api-ms-win-core-psapi-l1-1-0

QueryFullProcessImageNameW
K32GetProcessImageFileNameW

api-ms-win-core-path-l1-1-0

PathCchRemoveBackslash
PathCchCombineEx
PathCchStripPrefix
PathAllocCanonicalize
PathCchRemoveExtension
PathCchAddBackslashEx
PathCchAppend
PathIsUNCEx
PathCchRenameExtension
PathCchStripToRoot
PathCchCombine
PathCchRemoveFileSpec
PathCchCanonicalize
PathCchAddExtension
PathAllocCombine
PathCchAppendEx
PathCchSkipRoot
PathCchAddBackslash

api-ms-win-core-file-l1-2-0

GetVolumePathNamesForVolumeNameW
GetTempPathW
GetVolumeNameForVolumeMountPointW

api-ms-win-core-io-l1-1-0

CancelIoEx
DeviceIoControl
CreateIoCompletionPort
GetOverlappedResult
GetQueuedCompletionStatus

api-ms-win-core-datetime-l1-1-0

GetDateFormatW

api-ms-win-core-profile-l1-1-0

QueryPerformanceFrequency
QueryPerformanceCounter

api-ms-win-core-registry-l1-1-1

RegDeleteKeyValueW
RegSetKeyValueW

api-ms-win-core-string-l2-1-1

SHLoadIndirectString

api-ms-win-core-sysinfo-l1-2-0

GetProductInfo

api-ms-win-core-file-l2-1-2

CopyFileW

api-ms-win-core-file-l1-2-1

GetCompressedFileSizeW

api-ms-win-core-wow64-l1-1-1

IsWow64Process2
GetSystemWow64DirectoryW
Wow64SetThreadDefaultGuestMachine

api-ms-win-core-wow64-l1-1-0

Wow64DisableWow64FsRedirection
Wow64RevertWow64FsRedirection

api-ms-win-core-localization-l1-2-2

LCIDToLocaleName

api-ms-win-core-synch-l1-2-1

WaitForMultipleObjects

api-ms-win-core-realtime-l1-1-0

QueryUnbiasedInterruptTime

api-ms-win-core-localization-l2-1-0

GetNumberFormatEx

api-ms-win-core-io-l1-1-1

CancelSynchronousIo

api-ms-win-core-version-l1-1-0

GetFileVersionInfoExW
VerQueryValueW
GetFileVersionInfoSizeExW

api-ms-win-core-sysinfo-l1-2-3

GetIntegratedDisplaySize

api-ms-win-core-memory-l1-1-1

PrefetchVirtualMemory

api-ms-win-eventing-provider-l1-1-0

EventWriteTransfer
EventUnregister
EventRegister
EventSetInformation
EventProviderEnabled

api-ms-win-eventing-classicprovider-l1-1-0

RegisterTraceGuidsW
GetTraceLoggerHandle
GetTraceEnableLevel
UnregisterTraceGuids
GetTraceEnableFlags

api-ms-win-core-interlocked-l1-1-0

InterlockedPopEntrySList
InitializeSListHead
InterlockedPushEntrySList

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlVirtualUnwind
RtlCaptureContext

api-ms-win-core-shlwapi-obsolete-l1-1-0

StrSpnW
StrPBrkW
StrCpyNXW
StrCSpnW
StrCmpLogicalW
StrChrA
StrCmpNICW
StrCmpW
StrDupA
StrTrimW
StrDupW
StrToIntExW
StrCmpIW
StrCmpICA
QISearch
StrToIntA
StrChrIA
StrChrIW
StrChrW
StrCmpNA
StrCmpNIA
StrCmpCW
StrToIntW
StrCmpNIW
StrCmpICW
StrStrW
StrStrIW
StrStrIA
StrStrA
StrRStrIW
StrRStrIA
StrRChrW
StrRChrIW
StrRChrIA
StrRChrA
StrCmpNW
StrCmpNCW

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpiW
lstrcmpA
lstrcmpW
lstrcmpiA
lstrlenW
lstrlenA

api-ms-win-core-stringansi-l1-1-0

CharPrevA
CharNextA

api-ms-win-core-heap-obsolete-l1-1-0

GlobalSize
GlobalFlags
GlobalReAlloc
LocalSize
GlobalLock
GlobalUnlock

api-ms-win-core-localization-obsolete-l1-2-0

GetNumberFormatW
EnumUILanguagesW
GetSystemDefaultUILanguage
GetUserDefaultUILanguage

api-ms-win-core-privateprofile-l1-1-0

GetProfileSectionW
GetPrivateProfileSectionW
GetPrivateProfileStringW
WritePrivateProfileStringW

api-ms-win-core-atoms-l1-1-0

GlobalAddAtomW
GlobalDeleteAtom
GlobalGetAtomNameW
FindAtomW
GetAtomNameW

api-ms-win-core-shlwapi-legacy-l1-1-0

PathAppendA
PathIsRootA
PathRemoveFileSpecA
PathRemoveBackslashW
PathGetCharTypeW
PathIsFileSpecW
PathIsValidCharW
PathStripPathW
PathGetArgsW
PathRemoveBlanksW
PathMatchSpecExW
IsCharSpaceW
PathIsPrefixW
PathFindNextComponentW
PathIsRelativeW
PathIsRootW
PathStripToRootW
PathMatchSpecW
PathRemoveFileSpecW
PathFileExistsW
PathSkipRootW
PathGetDriveNumberW
PathAppendW
PathIsUNCW
PathIsSameRootW
PathFindFileNameW
PathRemoveExtensionW
PathParseIconLocationW
PathUnExpandEnvStringsW
PathUnquoteSpacesW
PathIsUNCServerShareW
PathIsUNCServerW
PathFindExtensionW
SHExpandEnvironmentStringsW
SHExpandEnvironmentStringsA
PathCommonPrefixW
PathCombineW
PathAddBackslashW
PathQuoteSpacesW

api-ms-win-core-kernel32-legacy-l1-1-0

GetComputerNameW
SetVolumeLabelW
WTSGetActiveConsoleSessionId
RegisterWaitForSingleObject
MulDiv
GetSystemPowerStatus
UnregisterWait
GetShortPathNameA

api-ms-win-core-kernel32-legacy-l1-1-1

PowerSetRequest
PowerClearRequest
PowerCreateRequest

api-ms-win-core-threadpool-legacy-l1-1-0

DeleteTimerQueueTimer
CreateTimerQueueTimer
UnregisterWaitEx
QueueUserWorkItem

api-ms-win-core-kernel32-legacy-l1-1-2

GetBinaryTypeW

api-ms-win-core-url-l1-1-0

UrlIsW
PathCreateFromUrlW
ParseURLW
UrlCompareW
UrlUnescapeW
UrlGetPartW
UrlUnescapeA
PathCreateFromUrlAlloc
UrlCreateFromPathW
UrlEscapeW
UrlCanonicalizeW
UrlFixupW
PathIsURLW
UrlApplySchemeW
HashData

api-ms-win-core-registryuserspecific-l1-1-0

SHRegEnumUSKeyW
SHRegGetUSValueW
SHRegOpenUSKeyA
SHRegCloseUSKey
SHRegQueryUSValueW
SHRegOpenUSKeyW
SHRegGetBoolUSValueW

api-ms-win-core-kernel32-private-l1-1-0

CheckElevationEnabled
CheckElevation

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

api-ms-win-core-sidebyside-l1-1-0

ActivateActCtx
ReleaseActCtx
CreateActCtxW
DeactivateActCtx
QueryActCtxW

api-ms-win-shell-shellcom-l1-1-0

SHCoCreateInstance

kernelbase

GetPackageFullName
GetPackagesByPackageFamily
GetCurrentPackageInfo
OpenStateExplicit
GetStateFolder
CloseState
ExtensionProgIdExists
GetExtensionProgIds
GetEffectivePackageStatusForUser
PackageNameAndPublisherIdFromFamilyName
NotifyRedirectedStringChange
GetStagedPackagePathByFullName2
IsMrtResourceRedirectionEnabled
OpenPackageInfoByFullName
GetPackageInfo
ClosePackageInfo
GetSystemAppDataKey
OpenState

user32

GetDisplayConfigBufferSizes
EmptyClipboard
GetMenuInfo
IsWinEventHookInstalled
UnhookWinEvent
SetWinEventHook
SetShellWindow
SystemParametersInfoForDpi
DisplayConfigGetDeviceInfo
SetSysColors
wsprintfW
UnpackDDElParam
DdeInitializeW
DdeUninitialize
DdeNameService
DdeDisconnect
DdeQueryStringW
DdeFreeStringHandle
DdeCreateStringHandleW
DdeCreateDataHandle
DdeGetLastError
DdeGetData
DdeQueryConvInfo
WaitMessage
LockWindowUpdate
ord2707
EnumDisplaySettingsW
GetClassLongPtrW
SetShellWindowEx
EnumDisplayMonitors
CreateAcceleratorTableW
GetMessageTime
LoadBitmapW
CheckRadioButton
GetDlgItemInt
SetDlgItemInt
ClientToScreen
IsRectEmpty
SetParent
WindowFromPoint
GetSystemMenu
PostThreadMessageW
SetDialogDpiChangeBehavior
IsDialogMessageW
SetCapture
ReleaseCapture
GetCapture
TrackPopupMenuEx
MonitorFromRect
GetClassInfoExW
SetMenuInfo
SetCoalescableTimer
CallNextHookEx
CallWindowProcW
SetScrollPos
ord2705
ShowScrollBar
SetScrollInfo
SetWindowRgn
SetWindowsHookExW
UnhookWindowsHookEx
GetDialogBaseUnits
GetLastInputInfo
SystemParametersInfoA
WinHelpW
CreateWindowExW
FindWindowExW
RegisterWindowMessageA
DrawTextExW
ActivateKeyboardLayout
AdjustWindowRectExForDpi
SubtractRect
CreateWindowIndirect
SetLayeredWindowAttributes
GetWindowDC
GetPointerDevices
SetRectEmpty
DialogBoxParamW
GetDpiForWindow
BroadcastSystemMessageW
SetThreadDpiAwarenessContext
EnumChildWindows
CloseClipboard
SetClipboardData
GetClipboardData
OpenClipboard
EnumPropsExW
RedrawWindow
IsWindowEnabled
CloseDesktop
OpenInputDesktop
CreateWindowInBand
GetDpiForSystem
GetSystemMetricsForDpi
EndDeferWindowPos
BeginDeferWindowPos
AdjustWindowRect
GetDlgCtrlID
SetDlgItemTextA
SetShellChangeNotifyWindow
GetShellChangeNotifyWindow
RegisterDeviceNotificationW
UnregisterDeviceNotification
SendMessageCallbackW
MessageBoxW
DeferWindowPos
CopyAcceleratorTableW
MoveWindow
AttachThreadInput
DefWindowProcA
IsWindowUnicode
RegisterShellHookWindow
DeregisterShellHookWindow
SetTaskmanWindow
GetTaskmanWindow
GetClassInfoW
GetWindowTextLengthW
CopyImage
MapDialogRect
SetActiveWindow
GetWindowBand
DrawIconEx
IsProcessDPIAware
GetProcessDefaultLayout
AllowSetForegroundWindow
IsSETEnabled
EqualRect
IntersectRect
MonitorFromWindow
GetAsyncKeyState
ord2521
UpdateLayeredWindow
IsChild
UnionRect
EnumDisplayDevicesW
SetWindowCompositionAttribute
RegisterClassExW
UnregisterPowerSettingNotification
SendMessageTimeoutW
IsIconic
CopyIcon
GetPropW
RemovePropW
SetPropW
DrawTextW
IsMenu
ModifyMenuW
GetMenuState
CountClipboardFormats
IsHungAppWindow
GetClipboardOwner
GetWindowPlacement
MsgWaitForMultipleObjects
ExitWindowsEx
LoadImageW
SetRect
CopyRect
GetMonitorInfoW
MonitorFromPoint
GetUserObjectInformationW
GetThreadDesktop
GetProcessWindowStation
ChangeWindowMessageFilterEx
RegisterWindowMessageW
GetMessagePos
GetKeyboardLayout
OffsetRect
SetClipboardViewer
TranslateAcceleratorW
CreateMenu
InsertMenuW
EndMenu
DestroyAcceleratorTable
GetMessageExtraInfo
SetGestureConfig
CloseGestureInfoHandle
GetGestureInfo
ChangeClipboardChain
MapWindowPoints
GetMenuItemID
EnableMenuItem
InsertMenuItemW
GetFocus
CheckMenuItem
CheckMenuRadioItem
AppendMenuW
GetDoubleClickTime
MessageBeep
TrackPopupMenu
SetMessageExtraInfo
SetMenuDefaultItem
SetMenuItemInfoW
LoadAcceleratorsW
PtInRect
GetMenuStringW
GetDesktopWindow
GetForegroundWindow
ReleaseDC
GetDC
NotifyWinEvent
SendNotifyMessageW
SystemParametersInfoW
GetMenuItemInfoW
GetMenuItemCount
EnumWindows
IsWindow
WaitForInputIdle
GetWindowThreadProcessId
GetMenuDefaultItem
GetLastActivePopup
SwitchToThisWindow
GetCursorPos
RegisterClipboardFormatW
GetWindow
FindWindowW
GetClassNameW
GetAncestor
EnableWindow
MsgWaitForMultipleObjectsEx
PeekMessageW
PostQuitMessage
SetForegroundWindow
ShutdownBlockReasonDestroy
ShutdownBlockReasonCreate
LoadMenuW
GetSubMenu
RemoveMenu
GetParent
IsDlgButtonChecked
CheckDlgButton
DeleteMenu
DestroyMenu
CreatePopupMenu
PostMessageW
SetProcessDPIAware
DispatchMessageW
TranslateMessage
GetMessageW
SetFocus
IsWindowVisible
DrawEdge
GetSysColorBrush
FillRect
EndPaint
BeginPaint
GetUpdateRect
TrackMouseEvent
UpdateWindow
GetWindowRect
DefWindowProcW
RegisterClassW
KillTimer
SetTimer
GetKeyState
InflateRect
AdjustWindowRectEx
DestroyWindow
SetWindowLongW
GetWindowLongW
DrawFocusRect
DrawIcon
GetSysColor
EndDialog
GetWindowLongPtrW
SetWindowLongPtrW
GetWindowTextW
SetWindowPos
GetClientRect
ShowWindow
SetWindowTextW
GetDlgItem
InvalidateRect
LoadCursorW
SetCursor
SetDlgItemTextW
GetDlgItemTextW
SendDlgItemMessageW
ScreenToClient
SendMessageW
LookupIconIdFromDirectory
CreateIconIndirect
GetIconInfo
DestroyIcon
PrivateExtractIconsW
LoadIconW
GetSystemMetrics
QueryDisplayConfig
RegisterPowerSettingNotification
GetClassLongW
CreateDialogParamW
ChildWindowFromPoint
SetMenu
LockSetForegroundWindow
ShowCaret
HideCaret
GetCursor
AnimateWindow
GetScrollInfo
GetCurrentInputMessageSource
GetWindowDpiAwarenessContext
AreDpiAwarenessContextsEqual
GetShellWindow

ntdll

RtlAreLongPathsEnabled
RtlQueryResourcePolicy
EtwEventWriteTransfer
RtlInitUnicodeString
RtlPrefixString
NtQueryInformationFile
RtlNtStatusToDosError
NtCreateFile
NtClose
NtFsControlFile
RtlUnicodeStringToOemString
NtSetInformationFile
NtOpenFile
RtlDosPathNameToNtPathName_U_WithStatus
RtlFreeHeap
NtQueryVolumeInformationFile
RtlDosPathNameToRelativeNtPathName_U_WithStatus
RtlReleaseRelativeName
RtlFreeUnicodeString
RtlInitializeResource
RtlAcquireResourceExclusive
RtlReleaseResource
RtlDeleteResource
RtlGetLastNtStatus
RtlInitUnicodeStringEx
RtlQueryEnvironmentVariable_U
RtlSetEnvironmentVariable
RtlExpandEnvironmentStrings_U
RtlCreateEnvironment
RtlSetCurrentEnvironment
RtlDestroyEnvironment
EtwEventUnregister
EtwEventRegister
EtwEventSetInformation
EtwEventActivityIdControl
EtwEventEnabled
EtwEventWrite
EtwTraceMessage
WinSqmAddToStream
WinSqmIncrementDWORD
WinSqmSetDWORD
RtlMapGenericMask
NtGetCachedSigningLevel
NtCompareSigningLevels
NtSetCachedSigningLevel
WinSqmAddToStreamEx
RtlGetDeviceFamilyInfoEnum
RtlDllShutdownInProgress
NtQueryInformationToken
NtOpenProcessToken
RtlDosPathNameToRelativeNtPathName_U
NtQueryAttributesFile
NtQueryInformationProcess
NtPowerInformation
EtwGetTraceLoggerHandle
EtwGetTraceEnableLevel
RtlFlushHeaps
EtwGetTraceEnableFlags
EtwRegisterTraceGuidsW
EtwUnregisterTraceGuids
RtlGetNtProductType
RtlLengthRequiredSid
RtlCreateServiceSid
NtQueryWnfStateData
RtlPublishWnfStateData
RtlCreateUnicodeString
RtlRandomEx
RtlUnsubscribeWnfNotificationWaitForCompletion
RtlSubscribeWnfStateChangeNotification
ZwQueryWnfStateData
RtlIsNonEmptyDirectoryReparsePointAllowed
ShipAssert
NtQuerySecurityObject
NtOpenThreadToken
EtwLogTraceEvent
NtQuerySystemInformationEx
RtlCompareUnicodeString
RtlNtStatusToDosErrorNoTeb
NtQueryInformationThread
RtlAllocateHeap
NtSetInformationToken
RtlQueryWnfStateData
RtlGetNtSystemRoot
RtlQueryRegistryValuesEx
RtlCheckRegistryKey
NtQuerySystemInformation
NtQueryObject
RtlIsPartialPlaceholder
NtQueryKey
NtSetSecurityObject
RtlDosPathNameToNtPathName_U

gdi32

DeleteObject
SetBkColor
GetLayout
SetLayout
GetStockObject
SetBkMode
SelectObject
SetTextColor
GetDeviceCaps
ExcludeClipRect
SetDIBits
ExtTextOutW
GetObjectType
GetDIBColorTable
GetWindowOrgEx
GetRegionData
GetRgnBox
CombineRgn
SaveDC
RestoreDC
CreateRectRgnIndirect
SetDCBrushColor
PlgBlt
ExtSelectClipRgn
GetViewportOrgEx
DeleteMetaFile
PlayMetaFile
SetMetaFileBitsEx
LPtoDP
SelectClipRgn
IntersectClipRect
GetClipRgn
CreateRectRgn
GetClipBox
StretchDIBits
SetViewportExtEx
SetViewportOrgEx
SetWindowExtEx
SetMapMode
GetTextAlign
TextOutA
GetTextExtentPoint32A
CreateFontW
GetPixel
CreateSolidBrush
OffsetWindowOrgEx
SetWindowOrgEx
GetObjectW
GetTextExtentPointW
CreateDIBSection
CreateCompatibleDC
DeleteDC
CreateDCW
GdiAlphaBlend
BitBlt
CreateCompatibleBitmap
CreateBitmap
GetDIBits
StretchBlt
GdiTransparentBlt
GetTextColor
GetCurrentObject
CreateFontIndirectW
CreatePen
Rectangle
GetTextMetricsW
GetTextExtentPoint32W
SetTextAlign
SetStretchBltMode
PatBlt
MoveToEx
LineTo
CreatePolygonRgn

api-ms-win-stateseparation-helpers-l1-1-0

GetPersistedRegistryLocationW

api-ms-win-core-job-l2-1-0

AssignProcessToJobObject
CreateJobObjectW
SetInformationJobObject

api-ms-win-crt-time-l1-1-0

_time64

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-crt-math-l1-1-0

expf
sqrtf
floorf
logf
ceilf

Exports

Exports

AppCompat_RunDLLW
AssocCreateForClasses
AssocElemCreateForKey
AssocGetDetailsOfPropKey
CDefFolderMenu_Create2
CIDLData_CreateFromIDArray
CStorageItem_GetValidatedStorageItemObject
CheckEscapesW
CommandLineToArgvW
Control_RunDLL
Control_RunDLLA
Control_RunDLLAsUserW
Control_RunDLLW
CreateStorageItemFromPath_FullTrustCaller
CreateStorageItemFromPath_FullTrustCaller_ForPackage
CreateStorageItemFromPath_PartialTrustCaller
CreateStorageItemFromShellItem_FullTrustCaller
CreateStorageItemFromShellItem_FullTrustCaller_ForPackage
CreateStorageItemFromShellItem_FullTrustCaller_ForPackage_WithProcessHandle
CreateStorageItemFromShellItem_FullTrustCaller_UseImplicitFlagsAndPackage
DAD_AutoScroll
DAD_DragEnterEx
DAD_DragEnterEx2
DAD_DragLeave
DAD_DragMove
DAD_SetDragImage
DAD_ShowDragImage
DllCanUnloadNow
DllGetActivationFactory
DllGetClassObject
DllGetVersion
DllInstall
DllRegisterServer
DllUnregisterServer
DoEnvironmentSubstA
DoEnvironmentSubstW
DragAcceptFiles
DragFinish
DragQueryFile
DragQueryFileA
DragQueryFileAorW
DragQueryFileW
DragQueryPoint
DriveType
DuplicateIcon
ExtractAssociatedIconA
ExtractAssociatedIconExA
ExtractAssociatedIconExW
ExtractAssociatedIconW
ExtractIconA
ExtractIconEx
ExtractIconExA
ExtractIconExW
ExtractIconW
FindExecutableA
FindExecutableW
FreeIconList
GetCurrentProcessExplicitAppUserModelID
GetFileNameFromBrowse
GetSystemPersistedStorageItemList
ILAppendID
ILClone
ILCloneFirst
ILCombine
ILCreateFromPath
ILCreateFromPathA
ILCreateFromPathW
ILFindChild
ILFindLastID
ILFree
ILGetNext
ILGetSize
ILIsEqual
ILIsParent
ILLoadFromStreamEx
ILRemoveLastID
ILSaveToStream
InitNetworkAddressControl
InternalExtractIconListA
InternalExtractIconListW
IsDesktopExplorerProcess
IsLFNDrive
IsLFNDriveA
IsLFNDriveW
IsNetDrive
IsProcessAnExplorer
IsUserAnAdmin
LaunchMSHelp_RunDLLW
OpenAs_RunDLL
OpenAs_RunDLLA
OpenAs_RunDLLW
OpenRegStream
Options_RunDLL
Options_RunDLLA
Options_RunDLLW
PathCleanupSpec
PathGetShortPath
PathIsExe
PathIsSlowA
PathIsSlowW
PathMakeUniqueName
PathQualify
PathResolve
PathYetAnotherMakeUniqueName
PickIconDlg
PifMgr_CloseProperties
PifMgr_GetProperties
PifMgr_OpenProperties
PifMgr_SetProperties
PrepareDiscForBurnRunDllW
PrintersGetCommand_RunDLL
PrintersGetCommand_RunDLLA
PrintersGetCommand_RunDLLW
ReadCabinetState
RealDriveType
RealShellExecuteA
RealShellExecuteExA
RealShellExecuteExW
RealShellExecuteW
RegenerateUserEnvironment
RestartDialog
RestartDialogEx
RunAsNewUser_RunDLLW
SHAddDefaultPropertiesByExt
SHAddFromPropSheetExtArray
SHAddToRecentDocs
SHAlloc
SHAppBarMessage
SHAssocEnumHandlers
SHAssocEnumHandlersForProtocolByApplication
SHBindToFolderIDListParent
SHBindToFolderIDListParentEx
SHBindToObject
SHBindToParent
SHBrowseForFolder
SHBrowseForFolderA
SHBrowseForFolderW
SHCLSIDFromString
SHChangeNotification_Lock
SHChangeNotification_Unlock
SHChangeNotify
SHChangeNotifyDeregister
SHChangeNotifyRegister
SHChangeNotifyRegisterThread
SHChangeNotifySuspendResume
SHCloneSpecialIDList
SHCoCreateInstance
SHCoCreateInstanceWorker
SHCreateAssociationRegistration
SHCreateCategoryEnum
SHCreateDataObject
SHCreateDefaultContextMenu
SHCreateDefaultExtractIcon
SHCreateDefaultPropertiesOp
SHCreateDirectory
SHCreateDirectoryExA
SHCreateDirectoryExW
SHCreateDrvExtIcon
SHCreateFileExtractIconW
SHCreateItemFromIDList
SHCreateItemFromParsingName
SHCreateItemFromRelativeName
SHCreateItemInKnownFolder
SHCreateItemWithParent
SHCreateLocalServerRunDll
SHCreateProcessAsUserW
SHCreatePropSheetExtArray
SHCreateQueryCancelAutoPlayMoniker
SHCreateShellFolderView
SHCreateShellFolderViewEx
SHCreateShellItem
SHCreateShellItemArray
SHCreateShellItemArrayFromDataObject
SHCreateShellItemArrayFromIDLists
SHCreateShellItemArrayFromShellItem
SHCreateStdEnumFmtEtc
SHDefExtractIconA
SHDefExtractIconW
SHDestroyPropSheetExtArray
SHDoDragDrop
SHELL32_AddToBackIconTable
SHELL32_AddToFrontIconTable
SHELL32_AreAllItemsAvailable
SHELL32_CCommonPlacesFolder_CreateInstance
SHELL32_CDBurn_CloseSession
SHELL32_CDBurn_DriveSupportedForDataBurn
SHELL32_CDBurn_Erase
SHELL32_CDBurn_GetCDInfo
SHELL32_CDBurn_GetLiveFSDiscInfo
SHELL32_CDBurn_GetStagingPathOrNormalPath
SHELL32_CDBurn_GetTaskInfo
SHELL32_CDBurn_IsBlankDisc
SHELL32_CDBurn_IsBlankDisc2
SHELL32_CDBurn_IsLiveFS
SHELL32_CDBurn_OnDeviceChange
SHELL32_CDBurn_OnEject
SHELL32_CDBurn_OnMediaChange
SHELL32_CDefFolderMenu_Create2
SHELL32_CDefFolderMenu_Create2Ex
SHELL32_CDefFolderMenu_MergeMenu
SHELL32_CDrivesContextMenu_Create
SHELL32_CDrivesDropTarget_Create
SHELL32_CDrives_CreateSFVCB
SHELL32_CFSDropTarget_CreateInstance
SHELL32_CFSFolderCallback_Create
SHELL32_CFillPropertiesTask_CreateInstance
SHELL32_CLibraryDropTarget_CreateInstance
SHELL32_CLocationContextMenu_Create
SHELL32_CLocationFolderUI_CreateInstance
SHELL32_CMountPoint_DoAutorun
SHELL32_CMountPoint_DoAutorunPrompt
SHELL32_CMountPoint_IsAutoRunDriveAndEnabledByPolicy
SHELL32_CMountPoint_ProcessAutoRunFile
SHELL32_CMountPoint_WantAutorunUI
SHELL32_CMountPoint_WantAutorunUIGetReady
SHELL32_CNetFolderUI_CreateInstance
SHELL32_CPL_CategoryIdArrayFromVariant
SHELL32_CPL_IsLegacyCanonicalNameListedUnderKey
SHELL32_CPL_ModifyWowDisplayName
SHELL32_CRecentDocsContextMenu_CreateInstance
SHELL32_CTransferConfirmation_CreateInstance
SHELL32_CallFileCopyHooks
SHELL32_CanDisplayWin8CopyDialog
SHELL32_CloseAutoplayPrompt
SHELL32_CommandLineFromMsiDescriptor
SHELL32_CopySecondaryTiles
SHELL32_CreateConfirmationInterrupt
SHELL32_CreateConflictInterrupt
SHELL32_CreateDefaultOperationDataProvider
SHELL32_CreateFileFolderContextMenu
SHELL32_CreateLinkInfoW
SHELL32_CreateQosRecorder
SHELL32_CreateSharePointView
SHELL32_Create_IEnumUICommand
SHELL32_DestroyLinkInfo
SHELL32_EncryptDirectory
SHELL32_EncryptedFileKeyInfo
SHELL32_EnumCommonTasks
SHELL32_FreeEncryptedFileKeyInfo
SHELL32_GenerateAppID
SHELL32_GetAppIDRoot
SHELL32_GetCommandProviderForFolderType
SHELL32_GetDPIAdjustedLogicalSize
SHELL32_GetDiskCleanupPath
SHELL32_GetFileNameFromBrowse
SHELL32_GetIconOverlayManager
SHELL32_GetLinkInfoData
SHELL32_GetRatingBucket
SHELL32_GetSqmableFileName
SHELL32_GetThumbnailAdornerFromFactory
SHELL32_GetThumbnailAdornerFromFactory2
SHELL32_HandleUnrecognizedFileSystem
SHELL32_IconCacheCreate
SHELL32_IconCacheDestroy
SHELL32_IconCacheHandleAssociationChanged
SHELL32_IconCacheRestore
SHELL32_IconCache_AboutToExtractIcons
SHELL32_IconCache_DoneExtractingIcons
SHELL32_IconCache_ExpandEnvAndSearchPath
SHELL32_IconCache_RememberRecentlyExtractedIconsW
SHELL32_IconOverlayManagerInit
SHELL32_IsGetKeyboardLayoutPresent
SHELL32_IsSystemUpgradeInProgress
SHELL32_IsValidLinkInfo
SHELL32_LegacyEnumSpecialTasksByType
SHELL32_LegacyEnumTasks
SHELL32_LookupBackIconIndex
SHELL32_LookupFrontIconIndex
SHELL32_NormalizeRating
SHELL32_NotifyLinkTrackingServiceOfMove
SHELL32_PifMgr_CloseProperties
SHELL32_PifMgr_GetProperties
SHELL32_PifMgr_OpenProperties
SHELL32_PifMgr_SetProperties
SHELL32_Printers_CreateBindInfo
SHELL32_Printjob_GetPidl
SHELL32_PurgeSystemIcon
SHELL32_RefreshOverlayImages
SHELL32_ResolveLinkInfoW
SHELL32_SHAddSparseIcon
SHELL32_SHCreateByValueOperationInterrupt
SHELL32_SHCreateDefaultContextMenu
SHELL32_SHCreateLocalServer
SHELL32_SHCreateShellFolderView
SHELL32_SHDuplicateEncryptionInfoFile
SHELL32_SHEncryptFile
SHELL32_SHFormatDriveAsync
SHELL32_SHGetThreadUndoManager
SHELL32_SHGetUserNameW
SHELL32_SHIsVirtualDevice
SHELL32_SHLaunchPropSheet
SHELL32_SHLogILFromFSIL
SHELL32_SHOpenWithDialog
SHELL32_SHStartNetConnectionDialogW
SHELL32_SHUICommandFromGUID
SHELL32_SendToMenu_InvokeTargetedCommand
SHELL32_SendToMenu_VerifyTargetedCommand
SHELL32_ShowHideIconOnlyOnDesktop
SHELL32_SimpleRatingToFilterCondition
SHELL32_StampIconForFile
SHELL32_SuspendUndo
SHELL32_TryVirtualDiscImageDriveEject
SHELL32_VerifySaferTrust
SHEmptyRecycleBinA
SHEmptyRecycleBinW
SHEnableServiceObject
SHEnumerateUnreadMailAccountsW
SHEvaluateSystemCommandTemplate
SHExecuteErrorMessageBox
SHExtractIconsW
SHFileOperation
SHFileOperationA
SHFileOperationW
SHFindFiles
SHFind_InitMenuPopup
SHFlushSFCache
SHFormatDrive
SHFree
SHFreeNameMappings
SHGetAttributesFromDataObject
SHGetDataFromIDListA
SHGetDataFromIDListW
SHGetDesktopFolder
SHGetDiskFreeSpaceA
SHGetDiskFreeSpaceExA
SHGetDiskFreeSpaceExW
SHGetDriveMedia
SHGetFileInfo
SHGetFileInfoA
SHGetFileInfoW
SHGetFolderLocation
SHGetFolderPathA
SHGetFolderPathAndSubDirA
SHGetFolderPathAndSubDirW
SHGetFolderPathEx
SHGetFolderPathW
SHGetIDListFromObject
SHGetIconOverlayIndexA
SHGetIconOverlayIndexW
SHGetImageList
SHGetInstanceExplorer
SHGetItemFromDataObject
SHGetItemFromObject
SHGetKnownFolderIDList
SHGetKnownFolderItem
SHGetKnownFolderPath
SHGetLocalizedName
SHGetMalloc
SHGetNameFromIDList
SHGetNewLinkInfo
SHGetNewLinkInfoA
SHGetNewLinkInfoW
SHGetPathFromIDList
SHGetPathFromIDListA
SHGetPathFromIDListEx
SHGetPathFromIDListW
SHGetPropertyStoreForWindow
SHGetPropertyStoreFromIDList
SHGetPropertyStoreFromParsingName
SHGetRealIDL
SHGetSetFolderCustomSettings
SHGetSetSettings
SHGetSettings
SHGetSpecialFolderLocation
SHGetSpecialFolderPathA
SHGetSpecialFolderPathW
SHGetStockIconInfo
SHGetTemporaryPropertyForItem
SHGetUnreadMailCountW
SHHandleUpdateImage
SHHelpShortcuts_RunDLL
SHHelpShortcuts_RunDLLA
SHHelpShortcuts_RunDLLW
SHILCreateFromPath
SHInvokePrinterCommandA
SHInvokePrinterCommandW
SHIsFileAvailableOffline
SHLimitInputEdit
SHLoadInProc
SHLoadNonloadedIconOverlayIdentifiers
SHMapPIDLToSystemImageListIndex
SHMultiFileProperties
SHObjectProperties
SHOpenFolderAndSelectItems
SHOpenPropSheetW
SHOpenWithDialog
SHParseDisplayName
SHPathPrepareForWriteA
SHPathPrepareForWriteW
SHPropStgCreate
SHPropStgReadMultiple
SHPropStgWriteMultiple
SHQueryRecycleBinA
SHQueryRecycleBinW
SHQueryUserNotificationState
SHRemoveLocalizedName
SHReplaceFromPropSheetExtArray
SHResolveLibrary
SHRestricted
SHSetDefaultProperties
SHSetFolderPathA
SHSetFolderPathW
SHSetInstanceExplorer
SHSetKnownFolderPath
SHSetLocalizedName
SHSetTemporaryPropertyForItem
SHSetUnreadMailCountW
SHShellFolderView_Message
SHShowManageLibraryUI
SHSimpleIDListFromPath
SHStartNetConnectionDialogW
SHTestTokenMembership
SHUpdateImageA
SHUpdateImageW
SHUpdateRecycleBinIcon
SHValidateUNC
SetCurrentProcessExplicitAppUserModelID
SheChangeDirA
SheChangeDirExW
SheGetDirA
SheSetCurDrive
ShellAboutA
ShellAboutW
ShellExec_RunDLL
ShellExec_RunDLLA
ShellExec_RunDLLW
ShellExecuteA
ShellExecuteEx
ShellExecuteExA
ShellExecuteExW
ShellExecuteW
ShellHookProc
ShellMessageBoxA
ShellMessageBoxW
Shell_GetCachedImageIndex
Shell_GetCachedImageIndexA
Shell_GetCachedImageIndexW
Shell_GetImageLists
Shell_MergeMenus
Shell_NotifyIcon
Shell_NotifyIconA
Shell_NotifyIconGetRect
Shell_NotifyIconW
SignalFileOpen
StateRepoNewMenuCache_EnsureCacheAsync
StateRepoNewMenuCache_RebuildCacheAsync
StgMakeUniqueName
StrChrA
StrChrIA
StrChrIW
StrChrW
StrCmpNA
StrCmpNIA
StrCmpNIW
StrCmpNW
StrNCmpA
StrNCmpIA
StrNCmpIW
StrNCmpW
StrRChrA
StrRChrIA
StrRChrIW
StrRChrW
StrRStrA
StrRStrIA
StrRStrIW
StrRStrW
StrStrA
StrStrIA
StrStrIW
StrStrW
UsersLibrariesFolderUI_CreateInstance
WOWShellExecute
WaitForExplorerRestartW
Win32DeleteFile
WriteCabinetState

Sections

.text
Size: 5.5MB - Virtual size: 5.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 280KB - Virtual size: 280KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 76KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ucrtbased.dll
.dll windows:10 windows x64 arch:x64

b55fd631afff103d396e8e1df0093baa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

ucrtbased.pdb

Imports

api-ms-win-core-string-l1-1-0

MultiByteToWideChar
GetStringTypeW
WideCharToMultiByte
CompareStringW

api-ms-win-core-errorhandling-l1-1-0

RaiseException
SetUnhandledExceptionFilter
UnhandledExceptionFilter
SetErrorMode
SetLastError
GetLastError

api-ms-win-core-file-l1-1-0

GetDiskFreeSpaceW
FlushFileBuffers
SetEndOfFile
LockFileEx
SetFileTime
UnlockFileEx
DeleteFileW
RemoveDirectoryW
CreateDirectoryW
FindClose
GetFullPathNameA
SetFileAttributesW
GetFullPathNameW
GetFileAttributesExW
WriteFile
FindNextFileA
FindFirstFileExA
FindNextFileW
GetLogicalDrives
FindFirstFileExW
SetFilePointerEx
GetFileType
GetDriveTypeW
CreateFileW
ReadFile

api-ms-win-core-timezone-l1-1-0

SystemTimeToTzSpecificLocalTime
SystemTimeToFileTime
GetTimeZoneInformation
FileTimeToSystemTime
TzSpecificLocalTimeToSystemTime

api-ms-win-core-handle-l1-1-0

DuplicateHandle
CloseHandle

api-ms-win-core-namedpipe-l1-1-0

CreatePipe
PeekNamedPipe

api-ms-win-core-file-l2-1-0

MoveFileExW

api-ms-win-core-heap-l1-1-0

HeapFree
HeapQueryInformation
HeapReAlloc
HeapCompact
HeapWalk
GetProcessHeap
HeapValidate
HeapSize
HeapAlloc

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
SetLocalTime
GetSystemInfo
GetLocalTime
GetSystemTimeAsFileTime

api-ms-win-core-libraryloader-l1-1-0

LoadLibraryExA
FreeLibrary
GetModuleHandleW
GetProcAddress
LoadLibraryExW
GetModuleFileNameW
GetModuleHandleExW
GetModuleFileNameA
FreeLibraryAndExitThread

api-ms-win-core-synch-l1-1-0

EnterCriticalSection
WaitForSingleObjectEx
WaitForSingleObject
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount

api-ms-win-core-processthreads-l1-1-0

ResumeThread
ExitThread
ExitProcess
TerminateProcess
GetCurrentProcessId
CreateProcessW
CreateProcessA
CreateThread
GetStartupInfoW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
GetExitCodeProcess
GetCurrentThreadId
GetCurrentThread
GetCurrentProcess

api-ms-win-core-processenvironment-l1-1-0

SetCurrentDirectoryA
GetCurrentDirectoryW
GetStdHandle
SetCurrentDirectoryW
SetEnvironmentVariableW
GetCommandLineW
GetCommandLineA
FreeEnvironmentStringsW
GetCurrentDirectoryA
GetEnvironmentStringsW
SetEnvironmentVariableA
SetStdHandle

api-ms-win-core-datetime-l1-1-0

GetTimeFormatW
GetDateFormatW

api-ms-win-core-localization-l1-2-0

GetCPInfo
IsValidCodePage
GetUserDefaultLCID
GetACP
GetLocaleInfoW
LCMapStringW
GetOEMCP
EnumSystemLocalesW
IsValidLocale

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-console-l1-1-0

SetConsoleMode
GetConsoleMode
ReadConsoleW
GetConsoleCP
WriteConsoleW
ReadConsoleInputW
SetConsoleCtrlHandler
PeekConsoleInputA
ReadConsoleInputA
GetNumberOfConsoleInputEvents

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
OutputDebugStringA
IsDebuggerPresent

api-ms-win-core-rtlsupport-l1-1-0

RtlUnwindEx
RtlPcToFileHeader
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-file-l1-2-0

GetTempPathW

api-ms-win-core-profile-l1-1-0

QueryPerformanceFrequency
QueryPerformanceCounter

api-ms-win-core-memory-l1-1-0

VirtualProtect
VirtualQuery
VirtualAlloc

api-ms-win-core-util-l1-1-0

EncodePointer
Beep

api-ms-win-core-interlocked-l1-1-0

InterlockedPushEntrySList
InterlockedFlushSList

Exports

Exports

_Cbuild
_Cmulcc
_Cmulcr
_CreateFrameInfo
_CrtCheckMemory
_CrtDbgReport
_CrtDbgReportW
_CrtDoForAllClientObjects
_CrtDumpMemoryLeaks
_CrtGetAllocHook
_CrtGetDebugFillThreshold
_CrtGetDumpClient
_CrtGetReportHook
_CrtIsMemoryBlock
_CrtIsValidHeapPointer
_CrtIsValidPointer
_CrtMemCheckpoint
_CrtMemDifference
_CrtMemDumpAllObjectsSince
_CrtMemDumpStatistics
_CrtReportBlockType
_CrtSetAllocHook
_CrtSetBreakAlloc
_CrtSetDbgBlockType
_CrtSetDbgFlag
_CrtSetDebugFillThreshold
_CrtSetDumpClient
_CrtSetReportFile
_CrtSetReportHook
_CrtSetReportHook2
_CrtSetReportHookW2
_CrtSetReportMode
_CxxThrowException
_Exit
_FCbuild
_FCmulcc
_FCmulcr
_FindAndUnlinkFrame
_GetImageBase
_GetThrowImageBase
_Getdays
_Getmonths
_Gettnames
_IsExceptionObjectToBeDestroyed
_LCbuild
_LCmulcc
_LCmulcr
_SetImageBase
_SetThrowImageBase
_SetWinRTOutOfMemoryExceptionCallback
_Strftime
_VCrtDbgReportA
_VCrtDbgReportW
_W_Getdays
_W_Getmonths
_W_Gettnames
_Wcsftime
__AdjustPointer
__BuildCatchObject
__BuildCatchObjectHelper
__C_specific_handler
__CxxDetectRethrow
__CxxExceptionFilter
__CxxFrameHandler
__CxxFrameHandler2
__CxxFrameHandler3
__CxxQueryExceptionSize
__CxxRegisterExceptionObject
__CxxUnregisterExceptionObject
__DestructExceptionObject
__FrameUnwindFilter
__GetPlatformExceptionInfo
__NLG_Dispatch2
__NLG_Return2
__RTCastToVoid
__RTDynamicCast
__RTtypeid
__TypeMatch
___lc_codepage_func
___lc_collate_cp_func
___lc_locale_name_func
___mb_cur_max_func
___mb_cur_max_l_func
__acrt_iob_func
__conio_common_vcprintf
__conio_common_vcprintf_p
__conio_common_vcprintf_s
__conio_common_vcscanf
__conio_common_vcwprintf
__conio_common_vcwprintf_p
__conio_common_vcwprintf_s
__conio_common_vcwscanf
__current_exception
__current_exception_context
__daylight
__dcrt_get_wide_environment_from_os
__dcrt_initial_narrow_environment
__doserrno
__dstbias
__fpe_flt_rounds
__fpecode
__initialize_lconv_for_unsigned_char
__intrinsic_setjmp
__intrinsic_setjmpex
__isascii
__iscsym
__iscsymf
__iswcsym
__iswcsymf
__p___argc
__p___argv
__p___wargv
__p__acmdln
__p__commode
__p__crtBreakAlloc
__p__crtDbgFlag
__p__environ
__p__fmode
__p__mbcasemap
__p__mbctype
__p__pgmptr
__p__wcmdln
__p__wenviron
__p__wpgmptr
__pctype_func
__processing_throw
__pwctype_func
__pxcptinfoptrs
__report_gsfailure
__setusermatherr
__std_exception_copy
__std_exception_destroy
__std_type_info_compare
__std_type_info_destroy_list
__std_type_info_hash
__std_type_info_name
__stdio_common_vfprintf
__stdio_common_vfprintf_p
__stdio_common_vfprintf_s
__stdio_common_vfscanf
__stdio_common_vfwprintf
__stdio_common_vfwprintf_p
__stdio_common_vfwprintf_s
__stdio_common_vfwscanf
__stdio_common_vsnprintf_s
__stdio_common_vsnwprintf_s
__stdio_common_vsprintf
__stdio_common_vsprintf_p
__stdio_common_vsprintf_s
__stdio_common_vsscanf
__stdio_common_vswprintf
__stdio_common_vswprintf_p
__stdio_common_vswprintf_s
__stdio_common_vswscanf
__strncnt
__sys_errlist
__sys_nerr
__threadhandle
__threadid
__timezone
__toascii
__tzname
__unDName
__unDNameEx
__uncaught_exception
__wcserror
__wcserror_s
__wcsncnt
_abs64
_access
_access_s
_aligned_free
_aligned_free_dbg
_aligned_malloc
_aligned_malloc_dbg
_aligned_msize
_aligned_msize_dbg
_aligned_offset_malloc
_aligned_offset_malloc_dbg
_aligned_offset_realloc
_aligned_offset_realloc_dbg
_aligned_offset_recalloc
_aligned_offset_recalloc_dbg
_aligned_realloc
_aligned_realloc_dbg
_aligned_recalloc
_aligned_recalloc_dbg
_assert
_atodbl
_atodbl_l
_atof_l
_atoflt
_atoflt_l
_atoi64
_atoi64_l
_atoi_l
_atol_l
_atoldbl
_atoldbl_l
_atoll_l
_beep
_beginthread
_beginthreadex
_byteswap_uint64
_byteswap_ulong
_byteswap_ushort
_c_exit
_cabs
_callnewh
_calloc_base
_calloc_dbg
_cexit
_cgets
_cgets_s
_cgetws
_cgetws_s
_chdir
_chdrive
_chgsign
_chgsignf
_chmod
_chsize
_chsize_s
_chvalidator
_chvalidator_l
_clearfp
_close
_commit
_configthreadlocale
_configure_narrow_argv
_configure_wide_argv
_control87
_controlfp
_controlfp_s
_copysign
_copysignf
_cputs
_cputws
_creat
_create_locale
_crt_at_quick_exit
_crt_atexit
_ctime32
_ctime32_s
_ctime64
_ctime64_s
_cwait
_d_int
_dclass
_dexp
_difftime32
_difftime64
_dlog
_dnorm
_dpcomp
_dpoly
_dscale
_dsign
_dsin
_dtest
_dunscale
_dup
_dup2
_dupenv_s
_dupenv_s_dbg
_ecvt
_ecvt_s
_endthread
_endthreadex
_eof
_errno
_except1
_execl
_execle
_execlp
_execlpe
_execute_onexit_table
_execv
_execve
_execvp
_execvpe
_exit
_expand
_expand_dbg
_fclose_nolock
_fcloseall
_fcvt
_fcvt_s
_fd_int
_fdclass
_fdexp
_fdlog
_fdnorm
_fdopen
_fdpcomp
_fdpoly
_fdscale
_fdsign
_fdsin
_fdtest
_fdunscale
_fflush_nolock
_fgetc_nolock
_fgetchar
_fgetwc_nolock
_fgetwchar
_filelength
_filelengthi64
_fileno
_findclose
_findfirst32
_findfirst32i64
_findfirst64
_findfirst64i32
_findnext32
_findnext32i64
_findnext64
_findnext64i32
_finite
_finitef
_flushall
_fpclass
_fpclassf
_fpieee_flt
_fpreset
_fputc_nolock
_fputchar
_fputwc_nolock
_fputwchar
_fread_nolock
_fread_nolock_s
_free_base
_free_dbg
_free_locale
_fseek_nolock
_fseeki64
_fseeki64_nolock
_fsopen
_fstat32
_fstat32i64
_fstat64
_fstat64i32
_ftell_nolock
_ftelli64
_ftelli64_nolock
_ftime32
_ftime32_s
_ftime64
_ftime64_s
_fullpath
_fullpath_dbg
_futime32
_futime64
_fwrite_nolock
_gcvt
_gcvt_s
_get_FMA3_enable
_get_current_locale
_get_daylight
_get_doserrno
_get_dstbias
_get_errno
_get_fmode
_get_heap_handle
_get_initial_narrow_environment
_get_initial_wide_environment
_get_invalid_parameter_handler
_get_narrow_winmain_command_line
_get_osfhandle
_get_pgmptr
_get_printf_count_output
_get_purecall_handler
_get_stream_buffer_pointers
_get_terminate
_get_thread_local_invalid_parameter_handler
_get_timezone
_get_tzname
_get_unexpected
_get_wide_winmain_command_line
_get_wpgmptr
_getc_nolock
_getch
_getch_nolock
_getche
_getche_nolock
_getcwd
_getcwd_dbg
_getdcwd
_getdcwd_dbg
_getdiskfree
_getdllprocaddr
_getdrive
_getdrives
_getmaxstdio
_getmbcp
_getpid
_getsystime
_getw
_getwc_nolock
_getwch
_getwch_nolock
_getwche
_getwche_nolock
_getws
_getws_s
_gmtime32
_gmtime32_s
_gmtime64
_gmtime64_s
_heapchk
_heapmin
_heapwalk
_hypot
_hypotf
_i64toa
_i64toa_s
_i64tow
_i64tow_s
_initialize_narrow_environment
_initialize_onexit_table
_initialize_wide_environment
_initterm
_initterm_e
_invalid_parameter
_invalid_parameter_noinfo
_invalid_parameter_noinfo_noreturn
_invoke_watson
_is_exception_typeof
_isalnum_l
_isalpha_l
_isatty
_isblank_l
_iscntrl_l
_isctype
_isctype_l
_isdigit_l
_isgraph_l
_isleadbyte_l
_islower_l
_ismbbalnum
_ismbbalnum_l
_ismbbalpha
_ismbbalpha_l
_ismbbblank
_ismbbblank_l
_ismbbgraph
_ismbbgraph_l
_ismbbkalnum
_ismbbkalnum_l
_ismbbkana
_ismbbkana_l
_ismbbkprint
_ismbbkprint_l
_ismbbkpunct
_ismbbkpunct_l
_ismbblead
_ismbblead_l
_ismbbprint
_ismbbprint_l
_ismbbpunct
_ismbbpunct_l
_ismbbtrail
_ismbbtrail_l
_ismbcalnum
_ismbcalnum_l
_ismbcalpha
_ismbcalpha_l
_ismbcblank
_ismbcblank_l
_ismbcdigit
_ismbcdigit_l
_ismbcgraph
_ismbcgraph_l
_ismbchira
_ismbchira_l
_ismbckata
_ismbckata_l
_ismbcl0
_ismbcl0_l
_ismbcl1
_ismbcl1_l
_ismbcl2
_ismbcl2_l
_ismbclegal
_ismbclegal_l
_ismbclower
_ismbclower_l
_ismbcprint
_ismbcprint_l
_ismbcpunct
_ismbcpunct_l
_ismbcspace
_ismbcspace_l
_ismbcsymbol
_ismbcsymbol_l
_ismbcupper
_ismbcupper_l
_ismbslead
_ismbslead_l
_ismbstrail

Sections

.text
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 350KB - Virtual size: 350KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 49KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
user32.dll
.dll windows:10 windows x64 arch:x64

4c2feda3d715107818b9354ec0c836b2

Code Sign

33:00:00:02:66:bd:15:80:ef:a7:5c:d6:d3:00:00:00:00:02:66
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

04/03/2020, 18:30

Not After

03/03/2021, 18:30

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

a0:52:b8:8a:0c:a7:f2:55:59:f6:2d:19:e6:e4:03:66:74:ef:93:ff:8e:52:2a:bf:1c:e9:25:29:48:e4:9e:b4
Signer

Actual PE Digest

a0:52:b8:8a:0c:a7:f2:55:59:f6:2d:19:e6:e4:03:66:74:ef:93:ff:8e:52:2a:bf:1c:e9:25:29:48:e4:9e:b4

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

user32.pdb

Imports

win32u

NtUserSetClassLongPtr
NtUserGetClipboardFormatName
NtUserRegisterWindowMessage
NtUserGetKeyNameText
NtUserMapVirtualKeyEx
NtUserEnumDisplayDevices
NtUserGetClassInfoEx
NtUserChangeDisplaySettings
NtUserRemoveProp
NtUserUnregisterClass
NtUserEnumDisplaySettings
NtUserGetAltTabInfo
NtUserSetClassLong
NtUserGetMessage
NtUserGetKeyboardLayoutName
NtUserDrawCaptionTemp
NtUserSetProp
NtUserVkKeyScanEx
NtUserCallMsgFilter
NtUserCallHwndLockSafe
NtUserSetImeOwnerWindow
NtUserNotifyIMEStatus
NtUserUpdateInputContext
NtUserCountClipboardFormats
NtUserGetPriorityClipboardFormat
NtUserGetClipboardOwner
NtUserGetClipboardSequenceNumber
NtUserGetClipboardViewer
NtUserSetClipboardViewer
NtUserChangeClipboardChain
NtUserAddClipboardFormatListener
NtUserRemoveClipboardFormatListener
NtUserGetUpdatedClipboardFormats
NtUserSetWindowCompositionAttribute
NtUserWOWCleanup
NtUserTranslateAccelerator
NtUserGetClipboardData
NtUserSetClipboardData
NtUserDrawIconEx
NtUserGetUpdateRgn
NtUserGetUpdateRect
NtUserWaitForInputIdle
NtUserMsgWaitForMultipleObjectsEx
NtUserWaitForMsgAndEvent
NtUserSetObjectInformation
NtUserCreateWindowStation
NtUserOpenWindowStation
NtUserCreateDesktopEx
NtUserOpenDesktop
NtUserSwitchDesktop
NtUserYieldTask
NtUserGetMenuIndex
NtUserCallHwndOpt
NtUserUnloadKeyboardLayout
NtUserGetKeyboardLayout
NtUserRegisterClassExWOW
NtUserGetProcessDpiAwarenessContext
NtUserSetProcessDpiAwarenessContext
NtUserGetDpiForMonitor
NtUserShutdownBlockReasonCreate
NtUserGetCurrentDpiInfoForWindow
NtUserCallHwndSafe
NtUserTransformPoint
NtUserSystemParametersInfoForDpi
NtCreateCompositionInputSink
NtUserCreatePalmRejectionDelayZone
NtUserDestroyPalmRejectionDelayZone
NtUserSystemParametersInfo
NtUserGetProp
NtUserGetHDevName
NtUserGetRawInputDeviceInfo
NtUserUpdatePerUserSystemParameters
NtUserEvent
NtUserGetWOWClass
NtUserConvertMemHandle
NtUserCreateLocalMemHandle
NtUserSetWindowsHookEx
NtUserSetWinEventHook
NtUserNotifyWinEvent
NtUserRegisterUserApiHook
NtUserDrawCaption
NtUserGetAsyncKeyState
NtUserGetKeyState
NtUserOpenClipboard
NtUserPeekMessage
NtUserSetWindowLong
NtUserTranslateMessage
NtUserSetWindowRgn
NtUserSetWindowRgnEx
NtUserInternalGetWindowText
NtUserInternalGetWindowIcon
NtUserSetWindowStationUser
NtUserSetSystemCursor
NtUserFindExistingCursorIcon
NtUserSetCursorIconData
NtUserDefSetText
NtUserToUnicodeEx
NtUserLoadKeyboardLayoutEx
NtUserModifyWindowTouchCapability
NtUserPaintDesktop
NtUserEnableMenuItem
NtUserCallNextHookEx
NtGdiDdDDIEscape
NtUserDisplayConfigGetDeviceInfo
NtUserGetDisplayConfigBufferSizes
NtUserSetDisplayConfig
NtUserQueryDisplayConfig
NtUserDisplayConfigSetDeviceInfo
NtUserFunctionalizeDisplayConfig
NtUserFindWindowEx
NtUserUpdateLayeredWindow
NtUserSBGetParms
NtUserSetScrollInfo
NtUserGetClassName
NtUserTransformRect
NtUserTestForInteractiveUser
NtUserEnableScrollBar
NtMITSetLastInputRecipient
NtMITSetInputDelegationMode
NtMITGetCursorUpdateHandle
NtMITSynthesizeTouchInput
NtUserHwndSetRedirectionInfo
NtUserHwndQueryRedirectionInfo
NtUserSetSysColors
NtUserGetOpenClipboardWindow
NtUserActivateKeyboardLayout
NtUserSetThreadDesktop
NtUserCallTwoParam
NtUserCallNoParam
NtUserCallHwnd
NtUserModifyUserStartupInfoFlags
NtUserMNDragLeave
NtUserMNDragOver
NtUserDrawMenuBarTemp
NtUserThunkedMenuInfo
NtUserCheckMenuItem
NtUserMinMaximize
NtUserSetWindowLongPtr
NtUserCheckAccessForIntegrityLevel
NtUserScrollWindowEx
NtUserCallHwndParamLock
NtUserDeferWindowPosAndBand
NtUserInitializeClientPfnArrays
NtUserProcessConnect
gDispatchTableValues
NtUserDisableProcessWindowFiltering
NtUserSetProcessUIAccessZorder
NtUserGetRawInputBuffer
NtUserScrollDC
NtUserSetSystemTimer
NtUserCloseClipboard
NtUserEmptyClipboard
NtUserIsClipboardFormatAvailable
NtUserShowCaret
NtUserCreateCaret
NtUserHideCaret
NtUserGetControlColor
NtUserSetCursor
NtUserSetThreadState
NtUserQueryWindow
NtUserFillWindow
NtUserDdeInitialize
NtUserUpdateInstance
NtUserConsoleControl
NtUserSetInformationThread
NtUserSetParent
NtUserReleaseDC
NtUserCallHwndParamLockSafe
NtUserPostMessage
NtUserGetTouchInputInfo
NtUserLockCursor
NtUserLinkDpiCursor
NtUserGetRequiredCursorSizes
NtUserGetCursorFrameInfo
NtUserGetIconInfo
NtUserDestroyAcceleratorTable
NtUserReportInertia
NtUserGetHimetricScaleFactorFromPixelLocation
NtUserRegisterEdgy
NtUserRegisterPointerInputTarget
NtUserGetPointerInfoList
NtUserGetCPD
NtUserCallOneParam
NtUserValidateTimerCallback
NtUserDispatchMessage
NtUserAutoPromoteMouseInPointer
NtUserGetDManipHookInitFunction
NtUserCallHwndLock
NtUserSetMenu
NtUserSetMenuFlagRtoL
NtUserThunkedMenuItemInfo
NtUserSetWindowsHookAW
NtUserUnhookWindowsHookEx
NtUserRealWaitMessageEx
NtUserRealInternalGetMessage
NtUserMessageCall
NtUserInjectGesture
NtUserGetGestureExtArgs
NtUserGetGestureInfo
NtUserBuildNameList
NtUserBuildPropList
NtUserBuildHwndList
NtUserGetAtomName
NtUserCallHwndParam
NtUserAlterWindowStyle
NtUserSetWindowFNID
NtUserBitBltSysBmp
NtUserGetOemBitmapSize
NtUserGetIconSize
NtUserGetThreadState
NtUserGetDC
NtUserGetControlBrush
NtUserDestroyCursor
NtUserCreateEmptyCursorObject
NtUserSetImeHotKey
NtUserGetImeHotKey
NtUserWindowFromPoint
NtUserWindowFromPhysicalPoint
NtUserWindowFromDC
NtUserWaitMessage
NtUserWaitForRedirectionStartComplete
NtUserWaitAvailableMessageEx
NtUserValidateRect
NtUserPostThreadMessage
NtUserUserHandleGrantAccess
NtUserUpdateWindowTrackingInfo
NtUserUpdateWindowInputSinkHints
NtUserUpdateDefaultDesktopThumbnail
NtUserUnregisterUserApiHook
NtUserUnregisterSessionPort
NtUserUnregisterHotKey
NtUserUnlockWindowStation
NtUserUnhookWinEvent
NtUserUndelegateInput
NtUserTrackPopupMenuEx
NtUserTrackMouseEvent
NtUserSoundSentry
NtUserSlicerControl
NtUserDiscardPointerFrameMessages
NtUserSignalRedirectionStartComplete
NtUserShutdownBlockReasonQuery
NtUserShutdownReasonDestroy
NtUserShowWindowAsync
NtUserShowWindow
NtUserShowSystemCursor
NtUserShowScrollBar
NtUserShowCursor
NtUserSetWindowWord
NtUserSetWindowShowState
NtUserSetWindowPos
NtUserSetWindowPlacement
NtUserSetWindowGroup
NtUserSetWindowFeedbackSetting
NtUserSetWindowDisplayAffinity
NtUserSetWindowCompositionTransition
NtUserSetWindowBand
NtUserSetWindowArrangement
NtUserSetThreadInputBlocked
NtUserSetTargetForResourceBrokering
NtUserSetSystemMenu
NtUserSetShellWindowEx
NtSetShellCursorState
NtUserSetProcessWindowStation
NtUserSetProcessRestrictionExemption
NtUserSetProcessMousewheelRoutingMode
NtUserSetProcessInteractionFlags
NtUserSetPrecisionTouchPadConfiguration
NtSetPointerDeviceInputSpace
NtUserSetMirrorRendering
NtUserSetMenuDefaultItem
NtUserSetMenuContextHelpId
NtUserMagSetContextInformation
NtUserSetMagnificationDesktopMagnifierOffsetsDWMUpdated
NtUserSetLayeredWindowAttributes
NtUserSetKeyboardState
NtUserSetInternalWindowPos
NtUserSetInteractiveCtrlRotationAngle
NtUserSetInteractiveControlFocus
NtUserSetGestureConfig
NtUserSetForegroundWindowForApplication
NtUserSetFocus
NtUserSetFeatureReportResponse
NtUserSetFallbackForeground
NtUserSetDisplayMapping
NtUserSetDisplayAutoRotationPreferences
NtUserSetDialogControlDpiChangeBehavior
NtUserSetDesktopColorTransform
NtUserSetCursorPos
NtSetCursorInputSpace
NtUserSetCursorContents
NtUserSetCoreWindowPartner
NtUserSetCoreWindow
NtUserSetTimer
NtUserSetClassWord
NtUserSetChildWindowNoActivate
NtUserSetCapture
NtUserSetCalibrationData
NtUserSetBrokeredForeground
NtUserSetBridgeWindowChild
NtUserSetAutoRotation
NtUserSetActiveWindow
NtUserSetActiveProcessForMonitor
NtUserSetActivationFilter
NtUserSendInteractiveControlHapticsReport
NtUserSendInput
NtUserSendEventMessage
NtUserRestoreWindowDpiChanges
NtUserResolveDesktopForWOW
NtUserRequestMoveSizeOperation
NtUserRemoveVisualIdentifier
NtUserRemoveMenu
NtUserReleaseDwmHitTestWaiters
NtUserRegisterTouchPadCapable
NtUserRegisterTouchHitTestingWindow
NtUserRegisterTasklist
NtUserRegisterShellPTPListener
NtUserRegisterSessionPort
NtUserRegisterServicesProcess
NtUserRegisterRawInputDevices
NtUserRegisterPointerDeviceNotifications
NtUserRegisterHotKey
NtUserRegisterErrorReportingDialog
NtUserRegisterDManipHook
NtUserRegisterBSDRWindow
NtUserRedrawWindow
NtUserRealChildWindowFromPoint
NtRIMUpdateInputObserverRegistration
NtRIMUnregisterForInput
NtRIMSetTestModeStatus
NtRIMSetExtendedDeviceProperty
NtRIMRemoveInputObserver
NtRIMRegisterForInput
NtRIMReadInput
NtRIMOnTimerNotification
NtRIMOnPnpNotification
NtRIMObserveNextInput
NtRIMGetSourceProcessId
NtRIMGetPhysicalDeviceRect
NtRIMGetDevicePropertiesLockfree
NtRIMGetDeviceProperties
NtRIMGetDevicePreparsedDataLockfree
NtRIMGetDevicePreparsedData
NtRIMFreeInputBuffer
NtRIMEnableMonitorMappingForDevice
NtRIMDeviceIoControl
NtRIMAreSiblingDevices
NtRIMAddInputObserver
NtUserQuerySendMessage
NtUserQueryBSDRWindow
NtUserQueryActivationObject
NtUserPromotePointer
NtUserProcessInkFeedbackCommand
NtUserPrintWindow
NtUserPerMonitorDPIPhysicalToLogicalPoint
NtUserPhysicalToLogicalPoint
NtUserPhysicalToLogicalDpiPointForWindow
NtUserPaintMonitor
NtUserPaintMenuBar
NtUserOpenThreadDesktop
NtUserOpenInputDesktop
NtUserNavigateFocus
NtUserMoveWindow
NtUserMenuItemFromPoint
NtMapVisualRelativePoints
NtUserMapPointsByVisualIdentifier
NtUserLogicalToPerMonitorDPIPhysicalPoint
NtUserLogicalToPhysicalPoint
NtUserLogicalToPhysicalDpiPointForWindow
NtUserLockWorkStation
NtUserLockWindowUpdate
NtUserLockWindowStation
NtUserLayoutCompleted
NtUserKillTimer
NtUserIsWindowGDIScaledDpiMessageEnabled
NtUserIsWindowBroadcastingDpiToChildren
NtUserIsTouchWindow
NtUserIsTopLevelWindow
NtUserIsResizeLayoutSynchronizationEnabled
NtIsOneCoreTransformMode
NtUserIsNonClientDpiScalingEnabled
NtUserIsMouseInputEnabled
NtUserIsMouseInPointerEnabled
NtUserIsChildWindowDpiMessageEnabled
NtUserInvalidateRgn
NtUserInvalidateRect
NtUserInteractiveControlQueryUsage
NtUserInjectTouchInput
NtUserInjectPointerInput
NtUserInjectMouseInput
NtUserInjectKeyboardInput
NtUserInjectGenericHidInput
NtUserInjectDeviceInput
NtUserInitializeTouchInjection
NtUserInitializePointerDeviceInjectionEx
NtUserInitializePointerDeviceInjection
NtUserInitializeInputDeviceInjection
NtUserInitializeGenericHidInjection
NtUserInheritWindowMonitor
NtUserImpersonateDdeClientWindow
NtUserHungWindowFromGhostWindow
NtUserHiliteMenuItem
NtUserHidePointerContactVisualization
NtUserHandleDelegatedInput
NtUserGhostWindowFromHungWindow
NtUserGetWindowRgnEx
NtUserGetWindowProcessHandle
NtUserGetWindowPlacement
NtUserGetWindowMinimizeRect
NtUserGetWindowGroupId
NtUserGetWindowFeedbackSetting
NtUserGetWindowDisplayAffinity
NtUserGetWindowDC
NtUserGetWindowCompositionInfo
NtUserGetWindowCompositionAttribute
NtUserGetWindowBand
NtUserGetObjectInformation
NtUserGetUniformSpaceMapping
NtUserGetTouchValidationStatus
NtUserGetTopLevelWindow
NtUserGetTitleBarInfo
NtUserGetThreadDesktop
NtUserGetSystemMenu
NtUserGetSystemDpiForProcess
NtUserGetScrollBarInfo
NtUserGetResizeDCompositionSynchronizationObject
NtUserGetRegisteredRawInputDevices
NtUserGetRawPointerDeviceData
NtUserGetRawInputDeviceList
NtUserGetRawInputData
NtUserGetQueueStatusReadonly
NtUserGetProcessWindowStation
NtUserGetProcessUIContextInformation
NtUserGetPrecisionTouchPadConfiguration
NtUserGetPointerType
NtUserGetPointerProprietaryId
NtUserGetPointerInputTransform
NtUserGetPointerFrameTimes
NtUserGetPointerDevices
NtUserGetPointerDeviceRects
NtUserGetPointerDeviceProperties
NtUserGetPointerDeviceOrientation
NtUserGetPointerDeviceCursors
NtUserGetPointerDevice
NtUserGetPointerCursorId
NtUserGetPhysicalDeviceRect
NtUserGetOwnerTransformedMonitorRect
NtUserGetMouseMovePointsEx
NtUserGetMenuItemRect
NtUserGetMenuBarInfo
NtUserMagGetContextInformation
NtUserGetListBoxInfo
NtUserGetLayeredWindowAttributes
NtUserGetKeyboardState
NtUserGetKeyboardLayoutList
NtUserGetInternalWindowPos
NtUserGetInteractiveCtrlSupportedWaveforms
NtUserGetInteractiveControlInfo
NtUserGetInteractiveControlDeviceInfo
NtUserGetInputLocaleInfo
NtUserGetInputContainerId
NtUserGetGuiResources
NtUserGetGestureConfig
NtUserGetGUIThreadInfo
NtUserGetForegroundWindow
NtUserGetExtendedPointerDeviceProperty
NtUserGetDoubleClickTime
NtUserGetDisplayAutoRotationPreferencesByProcessId
NtUserGetDisplayAutoRotationPreferences
NtUserGetDesktopID
NtUserGetDCEx
NtUserGetCursorInfo
NtUserGetCursor
NtUserGetCurrentInputMessageSource
NtUserGetComboBoxInfo
NtUserGetClipboardAccessToken
NtUserGetClipCursor
NtUserGetCaretPos
NtUserGetCaretBlinkTime
NtUserGetCIMSSM
NtUserGetAutoRotationState
NtUserGetAncestor
NtUserGetActiveProcessesDpis
NtUserFrostCrashedWindow
NtUserForceWindowToDpiForTest
NtUserFlashWindowEx
NtUserExcludeUpdateRgn
NtUserEnumDisplayMonitors
NtUserEndPaint
NtUserEndMenu
NtUserEndDeferWindowPosEx
NtUserEnableWindowResizeOptimization
NtUserEnableWindowGroupPolicy
NtUserEnableWindowGDIScaledDpiMessage
NtUserEnableTouchPad
NtUserEnableSoftwareCursorForScreenCapture
NtUserEnableResizeLayoutSynchronization
NtEnableOneCoreTransformMode
NtUserEnableNonClientDpiScaling
NtUserEnableMouseInputForCursorSuppression
NtUserEnableMouseInPointer

ntdll

memcmp
memcpy
wcscmp
toupper
RtlSetLastWin32Error
NlsAnsiCodePage
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
_wtoi
NtPowerInformation
RtlMultiByteToUnicodeSize
LdrFlushAlternateResourceModules
RtlRaiseException
NtYieldExecution
NtDeleteValueKey
NtSetValueKey
NtCreateKey
wcstoul
NtVdmControl
RtlFreeUnicodeString
RtlCreateUnicodeStringFromAsciiz
NtOpenDirectoryObject
NtSetSecurityObject
NtQuerySecurityObject
NtQueryInformationProcess
wcstol
ZwQueryWnfStateData
wcsncmp
wcsnlen
RtlDeleteHashTable
RtlInitStrongEnumerationHashTable
RtlLookupEntryHashTable
RtlStronglyEnumerateEntryHashTable
strnlen
RtlInsertEntryHashTable
RtlInitEnumerationHashTable
RtlRemoveEntryHashTable
strncmp
RtlEndStrongEnumerationHashTable
RtlCreateHashTable
RtlEndEnumerationHashTable
RtlEnumerateEntryHashTable
RtlQueryPackageClaims
RtlInitAnsiString
RtlAnsiStringToUnicodeString
RtlCompareUnicodeString
wcsncpy_s
memcpy_s
iswspace
qsort
RtlImageNtHeader
wcsrchr
RtlPcToFileHeader
NtRaiseHardError
NtCallbackReturn
wcsncat_s
RtlRetrieveNtUserPfn
RtlInitializeNtUserPfn
_stricmp
RtlGetIntegerAtom
RtlDeleteCriticalSection
RtlResetNtUserPfn
RtlQueryInformationActiveActivationContext
RtlQueryElevationFlags
NtQuerySystemInformation
RtlInitializeCriticalSection
RtlEqualUnicodeString
LdrQueryImageFileExecutionOptions
isspace
CsrClientConnectToServer
sscanf_s
strrchr
strcpy_s
RtlSizeHeap
RtlGetThreadLangIdByIndex
RtlRunEncodeUnicodeString
RtlRunDecodeUnicodeString
_wcsicmp
RtlReAllocateHeap
RtlNtStatusToDosError
RtlGetActiveConsoleId
CsrFreeCaptureBuffer
CsrClientCallServer
CsrAllocateMessagePointer
CsrAllocateCaptureBuffer
NtOpenProcessToken
NtOpenThreadToken
RtlFreeSid
NtQueryInformationToken
RtlAllocateAndInitializeSid
NtQueryVirtualMemory
_vsnwprintf
RtlUnicodeToMultiByteSize
RtlIsThreadWithinLoaderCallout
RtlReleaseActivationContext
RtlFindActivationContextSectionString
RtlDeactivateActivationContextUnsafeFast
RtlActivateActivationContextUnsafeFast
RtlUnicodeToMultiByteN
RtlMultiByteToUnicodeN
RtlEnterCriticalSection
RtlLeaveCriticalSection
__C_specific_handler
wcscat_s
wcscpy_s
NtQueryValueKey
NtEnumerateKey
NtClose
NtOpenKey
RtlOpenCurrentUser
RtlUnicodeStringToInteger
RtlInitUnicodeString
swprintf_s
RtlFreeHeap
RtlAllocateHeap
memset
memmove

api-ms-win-core-localization-l1-2-0

IsValidLocale
GetThreadLocale
GetUserDefaultLCID
GetLocaleInfoW
ConvertDefaultLocale
GetOEMCP
GetCPInfo
IsDBCSLeadByteEx
GetSystemDefaultLangID
GetACP
IsDBCSLeadByte

api-ms-win-core-registry-l1-1-0

RegEnumValueW
RegOpenKeyExW
RegGetValueW
RegSetValueExW
RegDeleteKeyExW
RegCreateKeyExW
RegQueryValueExW
RegCloseKey
RegQueryInfoKeyW

api-ms-win-core-heap-l2-1-0

LocalLock
LocalUnlock
LocalAlloc
LocalFree
GlobalFree
GlobalAlloc
LocalReAlloc

api-ms-win-core-libraryloader-l1-2-0

FindResourceExW
GetModuleFileNameW
GetModuleFileNameA
SizeofResource
GetModuleHandleExW
LoadResource
EnumResourceNamesExW
FreeLibrary
GetProcAddress
GetModuleHandleW
GetModuleHandleA
DisableThreadLibraryCalls
LoadLibraryExW

api-ms-win-eventing-provider-l1-1-0

EventWrite
EventProviderEnabled
EventActivityIdControl
EventWriteTransfer
EventSetInformation
EventRegister
EventUnregister

api-ms-win-core-processthreads-l1-1-0

GetCurrentThread
CreateThread
CreateProcessW
GetCurrentProcess
GetExitCodeThread
ExitThread
GetCurrentProcessId
GetCurrentThreadId
ProcessIdToSessionId
TerminateProcess

api-ms-win-core-synch-l1-1-0

InitializeSRWLock
ReleaseSRWLockExclusive
LeaveCriticalSection
EnterCriticalSection
SetEvent
OpenEventW
AcquireSRWLockExclusive
ReleaseSRWLockShared
AcquireSRWLockShared

api-ms-win-core-string-l1-1-0

GetStringTypeW
CompareStringW
MultiByteToWideChar
FoldStringW
WideCharToMultiByte
CompareStringOrdinal

api-ms-win-core-sysinfo-l1-1-0

GetSystemDirectoryW
GetTickCount
GetSystemTimeAsFileTime
GetSystemWindowsDirectoryW
GetVersionExW

api-ms-win-security-base-l1-1-0

CheckTokenMembership

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-errorhandling-l1-1-0

SetLastError
UnhandledExceptionFilter
GetLastError
SetUnhandledExceptionFilter

api-ms-win-core-string-l2-1-0

CharLowerBuffW
CharUpperBuffW
IsCharLowerW
CharLowerW
CharNextW
CharUpperW
IsCharAlphaNumericW
IsCharAlphaW
CharPrevW
IsCharUpperW

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW
SetCurrentDirectoryW
SearchPathW
GetCurrentDirectoryW

api-ms-win-core-file-l1-1-0

CreateFileW
ReadFile
SetFileTime
GetLogicalDrives
FindClose
FindNextFileW
FindFirstFileW
GetFileSize

api-ms-win-core-processthreads-l1-1-1

GetProcessMitigationPolicy

api-ms-win-core-heap-l1-1-0

HeapAlloc
GetProcessHeap
HeapFree

api-ms-win-core-memory-l1-1-0

UnmapViewOfFile
CreateFileMappingW
MapViewOfFile

api-ms-win-core-profile-l1-1-0

QueryPerformanceFrequency
QueryPerformanceCounter

api-ms-win-core-memory-l1-1-3

SetProcessValidCallTargets

api-ms-win-core-privateprofile-l1-1-0

GetPrivateProfileStringW
WritePrivateProfileStringW

api-ms-win-core-atoms-l1-1-0

GlobalAddAtomA
GetAtomNameW
AddAtomW
AddAtomA
GlobalAddAtomW
GlobalFindAtomA
GetAtomNameA
GlobalDeleteAtom
GlobalGetAtomNameW
GlobalGetAtomNameA
GlobalFindAtomW
DeleteAtom

api-ms-win-core-heap-obsolete-l1-1-0

LocalSize
GlobalFlags
GlobalUnlock
GlobalHandle
GlobalLock
GlobalReAlloc
GlobalSize

api-ms-win-core-string-obsolete-l1-1-0

lstrlenA
lstrlenW
lstrcmpiW

api-ms-win-core-localization-obsolete-l1-2-0

GetStringTypeA

api-ms-win-core-stringansi-l1-1-0

CharNextA
CharPrevA
CharPrevExA
IsCharUpperA
IsCharAlphaA
IsCharAlphaNumericA
CharLowerA
CharNextExA
IsCharLowerA
CharUpperBuffA
CharLowerBuffA
CharUpperA

api-ms-win-core-sidebyside-l1-1-0

QueryActCtxSettingsW

api-ms-win-core-kernel32-private-l1-1-0

RegisterWaitForInputIdle

kernelbase

WTSGetServiceSessionId
LoadStringBaseExW

api-ms-win-core-kernel32-legacy-l1-1-0

FindResourceExA
MulDiv

api-ms-win-core-appinit-l1-1-0

LoadAppInitDlls

gdi32

SetStretchBltMode
SetBkMode
SelectObject
IntersectClipRect
SetTextAlign
GetTextAlign
GetStockObject
SetBkColor
SetTextColor
GetObjectW
GetBkColor
GetLayout
GdiGetBitmapBitsSize
GetMapMode
GetHFONT
ExtSelectClipRgn
GetClipRgn
SetGraphicsMode
GetDCOrgEx
GdiTrackHDelete
GdiFixUpHandle
GdiPrinterThunk
GdiLoadType1Fonts
GdiAddFontResourceW
GetRgnBox
ExtCreateRegion
GetRegionData
EnableEUDC
TextOutA
GdiReleaseDC
GdiConvertBitmapV5
GdiConvertToDevmodeW
GetClipBox
MirrorRgn
OffsetRgn
CreateRectRgnIndirect
SetRectRgn
CombineRgn
CreateRectRgn
GetBoundsRect
SetLayout
PlayEnhMetaFile
ExcludeClipRect
StretchBlt
Ellipse
CreateEllipticRgn
Rectangle
CreatePen
CreateBrushIndirect
PolyPatBlt
SetViewportOrgEx
GetViewportOrgEx
GetCurrentObject
GetTextCharacterExtra
SetTextCharacterExtra
SetLayoutWidth
GdiConvertAndCheckDC
SetBoundsRect
CreateSolidBrush
GdiProcessSetup
GdiDllInitialize
CopyEnhMetaFileW
CopyMetaFileW
SetPaletteEntries
CreatePalette
GetPaletteEntries
DeleteEnhMetaFile
DeleteMetaFile
GetPixel
GetTextCharsetInfo
QueryFontAssocStatus
ExtTextOutA
GetCharWidthInfo
GetCharWidthA
GetTextExtentPointA
GetTextFaceW
GetCharABCWidthsW
GetCharABCWidthsA
SetBrushOrgEx
GetDCDpiScaleValue
GetTextFaceAliasW
EnumFontsW
CreateFontIndirectW
TranslateCharsetInfo
GdiCreateLocalEnhMetaFile
GdiCreateLocalMetaFilePict
GdiConvertEnhMetaFile
GdiConvertMetaFilePict
GetTextColor
GetTextMetricsW
TextOutW
GetWindowExtEx
GetViewportExtEx
GetBkMode
GdiGetCharDimensions
GetTextCharset
GdiGetCodePage
GetTextExtentPointW
ExtTextOutW
RestoreDC
OffsetWindowOrgEx
SaveDC
GetObjectType
GetDIBits
SetDIBits
GetDIBColorTable
CreateDIBSection
PatBlt
CreateCompatibleBitmap
CreateDIBitmap
CreateDCW
GdiTrackHCreate
DeleteDC
BitBlt
CreateCompatibleDC
DeleteObject
CreateBitmap
GdiValidateHandle
StretchDIBits
GetDeviceCaps

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

Exports

Exports

ActivateKeyboardLayout
AddClipboardFormatListener
AddVisualIdentifier
AdjustWindowRect
AdjustWindowRectEx
AdjustWindowRectExForDpi
AlignRects
AllowForegroundActivation
AllowSetForegroundWindow
AnimateWindow
AnyPopup
AppendMenuA
AppendMenuW
AreDpiAwarenessContextsEqual
ArrangeIconicWindows
AttachThreadInput
BeginDeferWindowPos
BeginPaint
BlockInput
BringWindowToTop
BroadcastSystemMessage
BroadcastSystemMessageA
BroadcastSystemMessageExA
BroadcastSystemMessageExW
BroadcastSystemMessageW
BuildReasonArray
CalcMenuBar
CalculatePopupWindowPosition
CallMsgFilter
CallMsgFilterA
CallMsgFilterW
CallNextHookEx
CallWindowProcA
CallWindowProcW
CancelShutdown
CascadeChildWindows
CascadeWindows
ChangeClipboardChain
ChangeDisplaySettingsA
ChangeDisplaySettingsExA
ChangeDisplaySettingsExW
ChangeDisplaySettingsW
ChangeMenuA
ChangeMenuW
ChangeWindowMessageFilter
ChangeWindowMessageFilterEx
CharLowerA
CharLowerBuffA
CharLowerBuffW
CharLowerW
CharNextA
CharNextExA
CharNextW
CharPrevA
CharPrevExA
CharPrevW
CharToOemA
CharToOemBuffA
CharToOemBuffW
CharToOemW
CharUpperA
CharUpperBuffA
CharUpperBuffW
CharUpperW
CheckBannedOneCoreTransformApi
CheckDBCSEnabledExt
CheckDlgButton
CheckMenuItem
CheckMenuRadioItem
CheckProcessForClipboardAccess
CheckProcessSession
CheckRadioButton
CheckWindowThreadDesktop
ChildWindowFromPoint
ChildWindowFromPointEx
CliImmSetHotKey
ClientThreadSetup
ClientToScreen
ClipCursor
CloseClipboard
CloseDesktop
CloseGestureInfoHandle
CloseTouchInputHandle
CloseWindow
CloseWindowStation
ConsoleControl
ControlMagnification
CopyAcceleratorTableA
CopyAcceleratorTableW
CopyIcon
CopyImage
CopyRect
CountClipboardFormats
CreateAcceleratorTableA
CreateAcceleratorTableW
CreateCaret
CreateCursor
CreateDCompositionHwndTarget
CreateDesktopA
CreateDesktopExA
CreateDesktopExW
CreateDesktopW
CreateDialogIndirectParamA
CreateDialogIndirectParamAorW
CreateDialogIndirectParamW
CreateDialogParamA
CreateDialogParamW
CreateIcon
CreateIconFromResource
CreateIconFromResourceEx
CreateIconIndirect
CreateMDIWindowA
CreateMDIWindowW
CreateMenu
CreatePopupMenu
CreateSyntheticPointerDevice
CreateSystemThreads
CreateWindowExA
CreateWindowExW
CreateWindowInBand
CreateWindowInBandEx
CreateWindowIndirect
CreateWindowStationA
CreateWindowStationW
CsrBroadcastSystemMessageExW
CtxInitUser32
DdeAbandonTransaction
DdeAccessData
DdeAddData
DdeClientTransaction
DdeCmpStringHandles
DdeConnect
DdeConnectList
DdeCreateDataHandle
DdeCreateStringHandleA
DdeCreateStringHandleW
DdeDisconnect
DdeDisconnectList
DdeEnableCallback
DdeFreeDataHandle
DdeFreeStringHandle
DdeGetData
DdeGetLastError
DdeGetQualityOfService
DdeImpersonateClient
DdeInitializeA
DdeInitializeW
DdeKeepStringHandle
DdeNameService
DdePostAdvise
DdeQueryConvInfo
DdeQueryNextServer
DdeQueryStringA
DdeQueryStringW
DdeReconnect
DdeSetQualityOfService
DdeSetUserHandle
DdeUnaccessData
DdeUninitialize
DefDlgProcA
DefDlgProcW
DefFrameProcA
DefFrameProcW
DefMDIChildProcA
DefMDIChildProcW
DefRawInputProc
DefWindowProcA
DefWindowProcW
DeferWindowPos
DeferWindowPosAndBand
DelegateInput
DeleteMenu
DeregisterShellHookWindow
DestroyAcceleratorTable
DestroyCaret
DestroyCursor
DestroyDCompositionHwndTarget
DestroyIcon
DestroyMenu
DestroyReasons
DestroySyntheticPointerDevice
DestroyWindow
DialogBoxIndirectParamA
DialogBoxIndirectParamAorW
DialogBoxIndirectParamW
DialogBoxParamA
DialogBoxParamW
DisableProcessWindowsGhosting
DispatchMessageA
DispatchMessageW
DisplayConfigGetDeviceInfo
DisplayConfigSetDeviceInfo
DisplayExitWindowsWarnings
DlgDirListA
DlgDirListComboBoxA
DlgDirListComboBoxW
DlgDirListW
DlgDirSelectComboBoxExA
DlgDirSelectComboBoxExW
DlgDirSelectExA
DlgDirSelectExW
DoSoundConnect
DoSoundDisconnect
DragDetect
DragObject
DrawAnimatedRects
DrawCaption
DrawCaptionTempA
DrawCaptionTempW
DrawEdge
DrawFocusRect
DrawFrame
DrawFrameControl
DrawIcon
DrawIconEx
DrawMenuBar
DrawMenuBarTemp
DrawStateA
DrawStateW
DrawTextA
DrawTextExA
DrawTextExW
DrawTextW
DwmGetDxRgn
DwmGetDxSharedSurface
DwmGetRemoteSessionOcclusionEvent
DwmGetRemoteSessionOcclusionState
DwmKernelShutdown
DwmKernelStartup
DwmLockScreenUpdates
DwmValidateWindow
EditWndProc
EmptyClipboard
EnableMenuItem
EnableMouseInPointer
EnableNonClientDpiScaling
EnableOneCoreTransformMode
EnableScrollBar
EnableSessionForMMCSS
EnableWindow
EndDeferWindowPos
EndDeferWindowPosEx
EndDialog
EndMenu
EndPaint
EndTask
EnterReaderModeHelper
EnumChildWindows
EnumClipboardFormats
EnumDesktopWindows
EnumDesktopsA
EnumDesktopsW
EnumDisplayDevicesA
EnumDisplayDevicesW
EnumDisplayMonitors
EnumDisplaySettingsA
EnumDisplaySettingsExA
EnumDisplaySettingsExW
EnumDisplaySettingsW
EnumPropsA
EnumPropsExA
EnumPropsExW
EnumPropsW
EnumThreadWindows
EnumWindowStationsA
EnumWindowStationsW
EnumWindows
EqualRect
EvaluateProximityToPolygon
EvaluateProximityToRect
ExcludeUpdateRgn
ExitWindowsEx
FillRect
FindWindowA
FindWindowExA
FindWindowExW
FindWindowW
FlashWindow
FlashWindowEx
FrameRect
FreeDDElParam
FrostCrashedWindow
GetActiveWindow
GetAltTabInfo
GetAltTabInfoA
GetAltTabInfoW
GetAncestor
GetAppCompatFlags
GetAppCompatFlags2
GetAsyncKeyState
GetAutoRotationState
GetAwarenessFromDpiAwarenessContext
GetCIMSSM
GetCapture
GetCaretBlinkTime
GetCaretPos
GetClassInfoA
GetClassInfoExA
GetClassInfoExW
GetClassInfoW
GetClassLongA
GetClassLongPtrA
GetClassLongPtrW
GetClassLongW
GetClassNameA
GetClassNameW
GetClassWord
GetClientRect
GetClipCursor
GetClipboardAccessToken
GetClipboardData
GetClipboardFormatNameA
GetClipboardFormatNameW
GetClipboardOwner
GetClipboardSequenceNumber
GetClipboardViewer
GetComboBoxInfo
GetCurrentInputMessageSource
GetCursor
GetCursorFrameInfo
GetCursorInfo
GetCursorPos
GetDC
GetDCEx
GetDesktopID
GetDesktopWindow
GetDialogBaseUnits
GetDialogControlDpiChangeBehavior
GetDialogDpiChangeBehavior
GetDisplayAutoRotationPreferences
GetDisplayConfigBufferSizes
GetDlgCtrlID
GetDlgItem
GetDlgItemInt
GetDlgItemTextA
GetDlgItemTextW
GetDoubleClickTime
GetDpiAwarenessContextForProcess
GetDpiForMonitorInternal
GetDpiForSystem
GetDpiForWindow
GetDpiFromDpiAwarenessContext
GetExtendedPointerDeviceProperty
GetFocus
GetForegroundWindow
GetGUIThreadInfo
GetGestureConfig
GetGestureExtraArgs
GetGestureInfo
GetGuiResources
GetIconInfo
GetIconInfoExA
GetIconInfoExW
GetInputDesktop
GetInputLocaleInfo
GetInputState
GetInternalWindowPos
GetKBCodePage
GetKeyNameTextA
GetKeyNameTextW
GetKeyState
GetKeyboardLayout
GetKeyboardLayoutList
GetKeyboardLayoutNameA
GetKeyboardLayoutNameW
GetKeyboardState
GetKeyboardType
GetLastActivePopup
GetLastInputInfo
GetLayeredWindowAttributes
GetListBoxInfo
GetMagnificationDesktopColorEffect
GetMagnificationDesktopMagnification
GetMagnificationDesktopSamplingMode
GetMagnificationLensCtxInformation
GetMenu
GetMenuBarInfo
GetMenuCheckMarkDimensions
GetMenuContextHelpId
GetMenuDefaultItem
GetMenuInfo
GetMenuItemCount
GetMenuItemID
GetMenuItemInfoA
GetMenuItemInfoW
GetMenuItemRect
GetMenuState
GetMenuStringA
GetMenuStringW
GetMessageA
GetMessageExtraInfo
GetMessagePos
GetMessageTime
GetMessageW
GetMonitorInfoA
GetMonitorInfoW
GetMouseMovePointsEx
GetNextDlgGroupItem
GetNextDlgTabItem
GetOpenClipboardWindow
GetParent
GetPhysicalCursorPos
GetPointerCursorId
GetPointerDevice
GetPointerDeviceCursors
GetPointerDeviceOrientation
GetPointerDeviceProperties
GetPointerDeviceRects
GetPointerDevices
GetPointerFrameArrivalTimes
GetPointerFrameInfo
GetPointerFrameInfoHistory
GetPointerFramePenInfo
GetPointerFramePenInfoHistory
GetPointerFrameTimes
GetPointerFrameTouchInfo
GetPointerFrameTouchInfoHistory
GetPointerInfo
GetPointerInfoHistory
GetPointerInputTransform
GetPointerPenInfo
GetPointerPenInfoHistory
GetPointerTouchInfo
GetPointerTouchInfoHistory
GetPointerType
GetPriorityClipboardFormat
GetProcessDefaultLayout
GetProcessDpiAwarenessInternal
GetProcessUIContextInformation
GetProcessWindowStation
GetProgmanWindow
GetPropA
GetPropW
GetQueueStatus
GetRawInputBuffer
GetRawInputData
GetRawInputDeviceInfoA
GetRawInputDeviceInfoW
GetRawInputDeviceList
GetRawPointerDeviceData
GetReasonTitleFromReasonCode
GetRegisteredRawInputDevices
GetScrollBarInfo
GetScrollInfo
GetScrollPos
GetScrollRange
GetSendMessageReceiver
GetShellChangeNotifyWindow
GetShellWindow
GetSubMenu
GetSysColor
GetSysColorBrush
GetSystemDpiForProcess
GetSystemMenu
GetSystemMetrics
GetSystemMetricsForDpi
GetTabbedTextExtentA
GetTabbedTextExtentW
GetTaskmanWindow
GetThreadDesktop
GetThreadDpiAwarenessContext
GetThreadDpiHostingBehavior
GetTitleBarInfo
GetTopLevelWindow
GetTopWindow
GetTouchInputInfo
GetUnpredictedMessagePos
GetUpdateRect
GetUpdateRgn
GetUpdatedClipboardFormats
GetUserObjectInformationA
GetUserObjectInformationW
GetUserObjectSecurity
GetWinStationInfo
GetWindow
GetWindowBand
GetWindowCompositionAttribute
GetWindowCompositionInfo
GetWindowContextHelpId
GetWindowDC
GetWindowDisplayAffinity
GetWindowDpiAwarenessContext
GetWindowDpiHostingBehavior
GetWindowFeedbackSetting
GetWindowInfo
GetWindowLongA
GetWindowLongPtrA
GetWindowLongPtrW
GetWindowLongW
GetWindowMinimizeRect
GetWindowModuleFileName
GetWindowModuleFileNameA
GetWindowModuleFileNameW
GetWindowPlacement
GetWindowProcessHandle
GetWindowRect
GetWindowRgn
GetWindowRgnBox
GetWindowRgnEx
GetWindowTextA

Sections

.text
Size: 537KB - Virtual size: 537KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 128KB - Virtual size: 127KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 240B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 900KB - Virtual size: 900KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
vcruntime140_1d.dll
.dll windows:6 windows x64 arch:x64

30c26d0c0b20ce0c9f73508ad9ade67f

Code Sign

33:00:00:00:eb:69:aa:cc:3e:29:9f:2d:39:00:00:00:00:00:eb
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/08/2018, 20:19

Not After

23/11/2019, 20:19

Subject

CN=Microsoft Time-Stamp Service,OU=Microsoft Operations Puerto Rico+OU=Thales TSS ESN:B8EC-30A4-7144,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

33:00:00:01:51:9e:8d:8f:40:71:a3:0e:41:00:00:00:00:01:51
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

02/05/2019, 21:37

Not After

02/05/2020, 21:37

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03/04/2007, 12:53

Not After

03/04/2021, 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08/07/2011, 20:59

Not After

08/07/2026, 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:01:51:9e:8d:8f:40:71:a3:0e:41:00:00:00:00:01:51
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

02/05/2019, 21:37

Not After

02/05/2020, 21:37

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08/07/2011, 20:59

Not After

08/07/2026, 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

8f:04:24:c3:ff:35:e2:c8:d8:b5:3c:47:28:6e:c2:12:a8:cc:98:c8:aa:81:53:2d:ee:0e:3b:58:6a:0e:00:9f
Signer

Actual PE Digest

8f:04:24:c3:ff:35:e2:c8:d8:b5:3c:47:28:6e:c2:12:a8:cc:98:c8:aa:81:53:2d:ee:0e:3b:58:6a:0e:00:9f

Digest Algorithm

sha256

PE Digest Matches

true

f0:bc:50:62:37:a1:dd:11:e3:8f:26:6c:77:f9:e3:c8:26:2f:f4:45
Signer

Actual PE Digest

f0:bc:50:62:37:a1:dd:11:e3:8f:26:6c:77:f9:e3:c8:26:2f:f4:45

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

d:\agent\_work\3\s\\binaries\amd64ret\bin\amd64\\vcruntime140_1d.amd64.pdb

Imports

ucrtbased

strcmp
wcsncmp
abort
_calloc_dbg
_free_dbg
strlen
strcpy_s
malloc
free
_CrtDbgReportW
memset
terminate

vcruntime140d

__processing_throw
__current_exception
memmove
__C_specific_handler

kernel32

IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlCaptureContext
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
RtlUnwindEx
RtlLookupFunctionEntry
LoadLibraryExW
GetProcAddress
FreeLibrary
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
EncodePointer
RaiseException
RtlPcToFileHeader
GetLastError
DeleteCriticalSection
SetLastError

Exports

Exports

__CxxFrameHandler4
__NLG_Dispatch2
__NLG_Return2

Sections

.text
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 280B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
vcruntime140d.dll
.dll windows:6 windows x86 arch:x86

d8f98452b39a37d5550827bba0302809

Code Sign

33:00:00:00:d7:78:5e:7e:ac:3f:2a:41:8b:00:00:00:00:00:d7
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

02/10/2017, 22:57

Not After

02/01/2019, 22:57

Subject

CN=Microsoft Time-Stamp Service,OU=AOC+OU=Thales TSS ESN:96FF-4BC5-A7DC,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

33:00:00:01:79:7c:2e:57:4e:52:e1:ca:d6:00:01:00:00:01:79
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

11/08/2017, 20:11

Not After

11/08/2018, 20:11

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:33:26:1a:00:00:00:00:00:31
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

31/08/2010, 22:19

Not After

31/08/2020, 22:29

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03/04/2007, 12:53

Not After

03/04/2021, 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:c4:e9:89:f8:7a:81:50:e9:ff:00:00:00:00:00:c4
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

11/08/2017, 20:20

Not After

11/08/2018, 20:20

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08/07/2011, 20:59

Not After

08/07/2026, 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

f7:68:c6:0c:e4:a7:81:87:15:60:92:99:e1:58:e7:32:05:18:b5:09:9a:9d:09:d8:28:e4:b1:f4:df:1e:b7:48
Signer

Actual PE Digest

f7:68:c6:0c:e4:a7:81:87:15:60:92:99:e1:58:e7:32:05:18:b5:09:9a:9d:09:d8:28:e4:b1:f4:df:1e:b7:48

Digest Algorithm

sha256

PE Digest Matches

true

a4:69:e6:ba:c4:3a:12:2b:47:62:2f:a7:b2:f6:03:84:3d:a0:d9:f3
Signer

Actual PE Digest

a4:69:e6:ba:c4:3a:12:2b:47:62:2f:a7:b2:f6:03:84:3d:a0:d9:f3

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

vcruntime140d.i386.pdb

Imports

ucrtbased

_free_dbg
atol
__stdio_common_vsprintf_s
wcsncmp
abort
_calloc_dbg
_malloc_dbg
_CrtDbgReport
strlen
strcpy_s
malloc
free
strcmp
terminate
_CrtDbgReportW

kernel32

LeaveCriticalSection
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
GetModuleHandleW
GetModuleFileNameW
LoadLibraryExW
GetProcAddress
FreeLibrary
TlsFree
TlsSetValue
RtlUnwind
VirtualQuery
EncodePointer
InterlockedPushEntrySList
InterlockedFlushSList
RaiseException
EnterCriticalSection
TlsAlloc
DeleteCriticalSection
GetLastError
SetLastError
InitializeCriticalSectionAndSpinCount
TlsGetValue

Exports

Exports

_CreateFrameInfo
_CxxThrowException
_EH_prolog
_FindAndUnlinkFrame
_IsExceptionObjectToBeDestroyed
_NLG_Dispatch2
_NLG_Return
_NLG_Return2
_SetWinRTOutOfMemoryExceptionCallback
__AdjustPointer
__BuildCatchObject
__BuildCatchObjectHelper
__CxxDetectRethrow
__CxxExceptionFilter
__CxxFrameHandler
__CxxFrameHandler2
__CxxFrameHandler3
__CxxLongjmpUnwind
__CxxQueryExceptionSize
__CxxRegisterExceptionObject
__CxxUnregisterExceptionObject
__DestructExceptionObject
__FrameUnwindFilter
__GetPlatformExceptionInfo
__RTCastToVoid
__RTDynamicCast
__RTtypeid
__TypeMatch
__current_exception
__current_exception_context
__intrinsic_setjmp
__processing_throw
__report_gsfailure
__std_exception_copy
__std_exception_destroy
__std_terminate
__std_type_info_compare
__std_type_info_destroy_list
__std_type_info_hash
__std_type_info_name
__telemetry_main_invoke_trigger
__telemetry_main_return_trigger
__unDName
__unDNameEx
__uncaught_exception
__uncaught_exceptions
__vcrt_GetModuleFileNameW
__vcrt_GetModuleHandleW
__vcrt_InitializeCriticalSectionEx
__vcrt_LoadLibraryExW
_chkesp
_except_handler2
_except_handler3
_except_handler4_common
_get_purecall_handler
_get_unexpected
_global_unwind2
_is_exception_typeof
_local_unwind2
_local_unwind4
_longjmpex
_purecall
_seh_longjmp_unwind
_seh_longjmp_unwind4
_set_purecall_handler
_set_se_translator
_setjmp3
longjmp
memchr
memcmp
memcpy
memmove
memset
set_unexpected
strchr
strrchr
strstr
unexpected
wcschr
wcsrchr
wcsstr

Sections

.text
Size: 84KB - Virtual size: 83KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
winmm.dll
.dll windows:10 windows x86 arch:x86

a5822ac7c4c7193e8bf07579426ef16f

Code Sign

33:00:00:01:c4:22:b2:f7:9b:79:3d:ac:b2:00:00:00:00:01:c4
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

03/07/2018, 20:45

Not After

26/07/2019, 20:45

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

77:f3:ab:bd:2e:4d:03:80:f7:b3:43:5e:1c:80:82:8c:03:aa:f3:5c:35:11:3f:e3:de:4a:95:e1:7d:c6:1e:f0
Signer

Actual PE Digest

77:f3:ab:bd:2e:4d:03:80:f7:b3:43:5e:1c:80:82:8c:03:aa:f3:5c:35:11:3f:e3:de:4a:95:e1:7d:c6:1e:f0

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

winmm.pdb

Imports

ntdll

memset
RtlUnwind
EtwUnregisterTraceGuids
EtwGetTraceEnableFlags
RtlGetActiveConsoleId
EtwGetTraceLoggerHandle
EtwGetTraceEnableLevel
EtwRegisterTraceGuidsW
RtlMultiByteToUnicodeN
RtlUnicodeToMultiByteN
wcschr
iswdigit
towlower
_vsnwprintf
NtQueryTimerResolution
NtCreateTimer
NtWaitForMultipleObjects
NtSetEvent
NtCreateEvent
NtCancelTimer
NtClose
NtSetTimer
strstr
strspn
atoi
strncmp
_vsnprintf
_allmul
_aulldiv
memcmp
memcpy
memmove
EtwTraceMessage

winmmbase

DefDriverProc
winmmbaseGetWOWHandle
winmmbaseHandle32FromHandle16
winmmbaseSetWOWHandle
mmTaskBlock
winmmbaseFreeMMEHandles
DrvGetModuleHandle
mmTaskCreate
SendDriverMessage
GetDriverModuleHandle
OpenDriver
CloseDriver
mmTaskSignal
mmGetCurrentTask
mmTaskYield

api-ms-win-mm-mme-l1-1-0

midiOutReset
midiInStop
mixerGetLineControlsW
midiOutGetErrorTextA
mixerMessage
waveOutBreakLoop
waveOutGetPosition
midiOutGetVolume
auxGetDevCapsA
waveInAddBuffer
midiInMessage
waveOutGetDevCapsA
mixerClose
midiInUnprepareHeader
midiInOpen
waveOutPrepareHeader
mixerGetNumDevs
midiOutPrepareHeader
mixerSetControlDetails
waveOutOpen
midiOutOpen
auxGetNumDevs
waveInOpen
midiInPrepareHeader
midiOutUnprepareHeader
waveOutGetPlaybackRate
mixerGetDevCapsA
midiInClose
waveOutGetVolume
waveInGetDevCapsA
waveOutClose
waveOutUnprepareHeader
waveOutGetErrorTextA
waveInStop
midiStreamRestart
waveInGetErrorTextW
waveOutGetErrorTextW
waveOutGetID
midiStreamPosition
mixerGetControlDetailsW
midiOutGetID
midiInGetID
mixerGetDevCapsW
midiStreamOut
midiInGetErrorTextA
mixerGetID
waveOutGetDevCapsW
mixerGetLineInfoW
waveInReset
waveInGetDevCapsW
midiStreamClose
waveOutRestart
midiInGetErrorTextW
waveOutReset
midiStreamPause
waveOutGetPitch
midiStreamProperty
midiStreamOpen
waveOutSetPlaybackRate
midiInStart
midiInGetDevCapsW
midiOutCachePatches
waveOutPause
auxGetDevCapsW
midiStreamStop
midiInReset
midiDisconnect
midiOutGetDevCapsW
waveInStart
midiOutCacheDrumPatches
midiConnect
waveInGetErrorTextA
waveInGetID
waveOutSetPitch
midiOutGetErrorTextW
mixerOpen
midiOutGetDevCapsA
midiInGetDevCapsA
waveInClose
waveInPrepareHeader
waveOutWrite
auxOutMessage
midiOutClose
midiOutLongMsg
midiOutGetNumDevs
midiOutShortMsg
auxSetVolume
mixerGetLineInfoA
mixerGetLineControlsA
mixerGetControlDetailsA
waveOutMessage
midiOutSetVolume
waveOutSetVolume
waveOutGetNumDevs
midiInGetNumDevs
midiOutMessage
waveInGetNumDevs
midiInAddBuffer
waveInGetPosition
waveInMessage
auxGetVolume
waveInUnprepareHeader

api-ms-win-mm-misc-l1-1-0

mmioRenameW
mmioStringToFOURCCW
mmioAdvance
mmioDescend
mmioFlush
mmioOpenA
mmioInstallIOProcW
mmioStringToFOURCCA
mmioWrite
mmDrvInstall
mmioRenameA
mmioOpenW
mmioRead
mmioGetInfo
mmioInstallIOProcA
mmioSeek
mmioClose
mmioSetBuffer
mmioSendMessage
mmioCreateChunk
mmioSetInfo
mmioAscend

msvcrt

_onexit
__dllonexit
_unlock
_lock
_initterm
_amsg_exit
_XcptFilter
_callnewh
malloc
free
__CxxFrameHandler3
?terminate@@YAXXZ

api-ms-win-mm-time-l1-1-0

timeBeginPeriod
timeGetTime
timeEndPeriod
timeGetDevCaps
timeGetSystemTime

api-ms-win-core-heap-l1-1-0

HeapSize
HeapFree
HeapAlloc

api-ms-win-core-synch-l1-1-0

CreateEventA
ResetEvent
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
SetEvent
CreateEventW
WaitForSingleObject
DeleteCriticalSection

api-ms-win-core-processthreads-l1-1-0

ProcessIdToSessionId
TlsAlloc
CreateThread
TlsFree
SetThreadPriority
GetCurrentProcessId
GetCurrentProcess
TerminateProcess
GetCurrentThreadId
ExitThread
GetCurrentThread

api-ms-win-core-libraryloader-l1-2-0

GetModuleFileNameW
LoadLibraryExW
GetProcAddress
FreeLibrary
DisableThreadLibraryCalls
GetModuleHandleW
LoadStringW
FreeResource
LoadResource
LockResource
LoadStringA
SizeofResource
GetModuleFileNameA
LoadLibraryExA

api-ms-win-core-stringansi-l1-1-0

CharLowerBuffA

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-kernel32-legacy-l1-1-0

PulseEvent

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-registry-l1-1-0

RegOpenCurrentUser
RegOpenKeyExW
RegGetValueW
RegCloseKey

api-ms-win-core-processenvironment-l1-1-0

SearchPathW
SetCurrentDirectoryW
GetCurrentDirectoryW

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpiW
lstrcmpW

api-ms-win-core-errorhandling-l1-1-0

SetErrorMode
SetUnhandledExceptionFilter
GetLastError
UnhandledExceptionFilter
RaiseException

api-ms-win-core-libraryloader-l1-2-1

FindResourceW

api-ms-win-core-privateprofile-l1-1-0

GetPrivateProfileStringW
GetProfileStringW

api-ms-win-core-heap-l2-1-0

LocalFree
LocalAlloc

api-ms-win-core-file-l1-1-0

GetFileSize
CreateFileW
GetFileAttributesW
CompareFileTime
GetFileTime

api-ms-win-core-path-l1-1-0

PathCchIsRoot
PathCchStripToRoot

api-ms-win-core-util-l1-1-0

Beep

api-ms-win-core-kernel32-private-l1-1-2

CheckForReadOnlyResource

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemInfo
GetSystemTimeAsFileTime

api-ms-win-core-kernel32-private-l1-1-0

_lread

api-ms-win-core-localization-l1-2-0

GetACP

api-ms-win-core-string-l1-1-0

MultiByteToWideChar

api-ms-win-eventing-provider-l1-1-0

EventUnregister
EventRegister

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

Exports

Exports

CloseDriver
DefDriverProc
DriverCallback
DrvGetModuleHandle
GetDriverModuleHandle
NotifyCallbackData
OpenDriver
PlaySound
PlaySoundA
PlaySoundW
SendDriverMessage
WOW32DriverCallback
WOW32ResolveMultiMediaHandle
WOWAppExit
aux32Message
auxGetDevCapsA
auxGetDevCapsW
auxGetNumDevs
auxGetVolume
auxOutMessage
auxSetVolume
joy32Message
joyConfigChanged
joyGetDevCapsA
joyGetDevCapsW
joyGetNumDevs
joyGetPos
joyGetPosEx
joyGetThreshold
joyReleaseCapture
joySetCapture
joySetThreshold
mci32Message
mciDriverNotify
mciDriverYield
mciExecute
mciFreeCommandResource
mciGetCreatorTask
mciGetDeviceIDA
mciGetDeviceIDFromElementIDA
mciGetDeviceIDFromElementIDW
mciGetDeviceIDW
mciGetDriverData
mciGetErrorStringA
mciGetErrorStringW
mciGetYieldProc
mciLoadCommandResource
mciSendCommandA
mciSendCommandW
mciSendStringA
mciSendStringW
mciSetDriverData
mciSetYieldProc
mid32Message
midiConnect
midiDisconnect
midiInAddBuffer
midiInClose
midiInGetDevCapsA
midiInGetDevCapsW
midiInGetErrorTextA
midiInGetErrorTextW
midiInGetID
midiInGetNumDevs
midiInMessage
midiInOpen
midiInPrepareHeader
midiInReset
midiInStart
midiInStop
midiInUnprepareHeader
midiOutCacheDrumPatches
midiOutCachePatches
midiOutClose
midiOutGetDevCapsA
midiOutGetDevCapsW
midiOutGetErrorTextA
midiOutGetErrorTextW
midiOutGetID
midiOutGetNumDevs
midiOutGetVolume
midiOutLongMsg
midiOutMessage
midiOutOpen
midiOutPrepareHeader
midiOutReset
midiOutSetVolume
midiOutShortMsg
midiOutUnprepareHeader
midiStreamClose
midiStreamOpen
midiStreamOut
midiStreamPause
midiStreamPosition
midiStreamProperty
midiStreamRestart
midiStreamStop
mixerClose
mixerGetControlDetailsA
mixerGetControlDetailsW
mixerGetDevCapsA
mixerGetDevCapsW
mixerGetID
mixerGetLineControlsA
mixerGetLineControlsW
mixerGetLineInfoA
mixerGetLineInfoW
mixerGetNumDevs
mixerMessage
mixerOpen
mixerSetControlDetails
mmDrvInstall
mmGetCurrentTask
mmTaskBlock
mmTaskCreate
mmTaskSignal
mmTaskYield
mmioAdvance
mmioAscend
mmioClose
mmioCreateChunk
mmioDescend
mmioFlush
mmioGetInfo
mmioInstallIOProcA
mmioInstallIOProcW
mmioOpenA
mmioOpenW
mmioRead
mmioRenameA
mmioRenameW
mmioSeek
mmioSendMessage
mmioSetBuffer
mmioSetInfo
mmioStringToFOURCCA
mmioStringToFOURCCW
mmioWrite
mmsystemGetVersion
mod32Message
mxd32Message
sndPlaySoundA
sndPlaySoundW
tid32Message
timeBeginPeriod
timeEndPeriod
timeGetDevCaps
timeGetSystemTime
timeGetTime
timeKillEvent
timeSetEvent
waveInAddBuffer
waveInClose
waveInGetDevCapsA
waveInGetDevCapsW
waveInGetErrorTextA
waveInGetErrorTextW
waveInGetID
waveInGetNumDevs
waveInGetPosition
waveInMessage
waveInOpen
waveInPrepareHeader
waveInReset
waveInStart
waveInStop
waveInUnprepareHeader
waveOutBreakLoop
waveOutClose
waveOutGetDevCapsA
waveOutGetDevCapsW
waveOutGetErrorTextA
waveOutGetErrorTextW
waveOutGetID
waveOutGetNumDevs
waveOutGetPitch
waveOutGetPlaybackRate
waveOutGetPosition
waveOutGetVolume
waveOutMessage
waveOutOpen
waveOutPause
waveOutPrepareHeader
waveOutReset
waveOutRestart
waveOutSetPitch
waveOutSetPlaybackRate
waveOutSetVolume
waveOutUnprepareHeader
waveOutWrite
wid32Message
wod32Message

Sections

.text
Size: 86KB - Virtual size: 85KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 224B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.guids
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ws2_32.dll
.dll windows:10 windows x64 arch:x64

6eee61ef7874aa59d1a3452c72e61d5c

Code Sign

33:00:00:02:29:e8:93:3c:c4:14:fa:f5:7c:00:00:00:00:02:29
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

27/03/2019, 19:21

Not After

27/03/2020, 19:21

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

f7:2d:ea:1b:f4:f8:16:43:1e:00:85:04:2e:19:2d:10:3a:fa:8a:63:4d:7e:d1:9c:5b:34:56:d8:d9:00:08:5e
Signer

Actual PE Digest

f7:2d:ea:1b:f4:f8:16:43:1e:00:85:04:2e:19:2d:10:3a:fa:8a:63:4d:7e:d1:9c:5b:34:56:d8:d9:00:08:5e

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

ws2_32.pdb

Imports

api-ms-win-core-crt-l1-1-0

memcmp
strrchr
memcpy
memset
strcmp
_wcsicmp
wcsncmp
towupper
wcscpy_s
strcpy_s
atoi
strchr
_stricmp
wcsstr
_vsnprintf_s
strtoul
sprintf_s
memcpy_s
_wcsnicmp
wcschr
_vsnwprintf_s
isspace
__isascii
__C_specific_handler

api-ms-win-core-crt-l2-1-0

__dllonexit3
exit
hgets
_initterm_e
_initterm
_onexit

ntdll

EtwEventUnregister
EtwEventRegister
EtwUnregisterTraceGuids
EtwRegisterTraceGuidsW
EtwGetTraceEnableFlags
EtwGetTraceEnableLevel
EtwGetTraceLoggerHandle
RtlCompareMemory
EtwEventEnabled
EtwEventWrite
RtlIpv6StringToAddressExW
RtlIpv4AddressToStringExW
RtlIpv6AddressToStringExW
RtlIpv4AddressToStringExA
RtlIpv6AddressToStringExA
RtlIpv4StringToAddressW
RtlIpv6StringToAddressW
RtlIpv6StringToAddressA
RtlIpv4StringToAddressA
EtwTraceMessageVa
EtwTraceMessage
NtCreateFile
RtlUnhandledExceptionFilter
RtlAllocateHeap
WinSqmIsOptedIn
RtlFreeHeap
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
RtlUnicodeStringToInteger
RtlInitUnicodeStringEx
RtlGetNtProductType
NtQueryDirectoryFile
NtOpenFile
NtWaitForSingleObject
NtFsControlFile
NtCreateNamedPipeFile
NtLoadDriver
RtlAdjustPrivilege
RtlImpersonateSelf
NtDelayExecution
NtDeviceIoControlFile
NtClose
RtlNtStatusToDosError
RtlInitUnicodeString

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
GetLastError
SetLastError
UnhandledExceptionFilter

api-ms-win-core-processthreads-l1-1-0

TlsSetValue
OpenThreadToken
ResumeThread
GetCurrentProcessId
SwitchToThread
GetCurrentThread
GetCurrentThreadId
GetCurrentProcess
QueueUserAPC
CreateThread
TerminateProcess
TlsAlloc
SetThreadToken
TerminateThread
OpenProcessToken
TlsGetValue
TlsFree

api-ms-win-core-string-l1-1-0

CompareStringW
MultiByteToWideChar
WideCharToMultiByte

api-ms-win-core-synch-l1-2-0

WakeAllConditionVariable
InitOnceExecuteOnce
SleepConditionVariableCS
Sleep
InitializeConditionVariable

api-ms-win-core-handle-l1-1-0

GetHandleInformation
DuplicateHandle
CloseHandle

api-ms-win-core-synch-l1-1-0

InitializeCriticalSectionAndSpinCount
CreateEventW
ReleaseMutex
CreateMutexA
SetEvent
ResetEvent
CreateEventA
WaitForSingleObject
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
TryEnterCriticalSection
LeaveCriticalSection
WaitForMultipleObjectsEx

api-ms-win-core-libraryloader-l1-2-0

LoadStringA
FreeLibraryAndExitThread
GetModuleHandleExA
LoadLibraryExW
GetProcAddress
GetModuleFileNameW
LoadLibraryExA
GetModuleFileNameA
FreeLibrary
GetModuleHandleA
LoadStringW

api-ms-win-core-threadpool-l1-2-0

CreateThreadpoolTimer
CloseThreadpoolTimer
SetThreadpoolTimer
TrySubmitThreadpoolCallback
WaitForThreadpoolTimerCallbacks

api-ms-win-security-base-l1-1-0

AddAccessDeniedAce
SetSecurityDescriptorDacl
GetTokenInformation
InitializeSecurityDescriptor
EqualSid
GetAce
GetAclInformation
GetLengthSid
AddAccessAllowedAce
FreeSid
AllocateAndInitializeSid
RevertToSelf
IsValidSid
GetSecurityDescriptorDacl
ImpersonateLoggedOnUser
InitializeAcl
CopySid
CheckTokenMembership

api-ms-win-eventing-provider-l1-1-0

EventWriteTransfer
EventSetInformation
EventUnregister
EventRegister

api-ms-win-core-heap-l1-1-0

HeapFree
HeapAlloc
GetProcessHeap
HeapDestroy
HeapReAlloc

api-ms-win-core-registry-l1-1-0

RegSetValueExW
RegQueryValueExA
RegOpenKeyExW
RegEnumKeyExA
RegDeleteKeyExA
RegOpenKeyExA
RegCreateKeyExW
RegCloseKey
RegQueryValueExW
RegDeleteTreeA
RegCreateKeyExA
RegNotifyChangeKeyValue
RegSetValueExA
RegGetKeySecurity

api-ms-win-core-processenvironment-l1-1-0

GetEnvironmentVariableW
ExpandEnvironmentStringsA
GetCommandLineW
GetEnvironmentVariableA
ExpandEnvironmentStringsW

api-ms-win-core-heap-l2-1-0

LocalFree
GlobalAlloc
LocalAlloc
GlobalFree

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemInfo
GetSystemTimeAsFileTime
GetComputerNameExA
GetSystemDirectoryA
GetComputerNameExW

api-ms-win-core-file-l1-1-0

CreateFileA

api-ms-win-core-wow64-l1-1-0

IsWow64Process

api-ms-win-core-io-l1-1-0

DeviceIoControl

api-ms-win-core-processthreads-l1-1-1

GetProcessMitigationPolicy

api-ms-win-core-util-l1-1-0

EncodePointer
DecodePointer

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpA
lstrlenA

api-ms-win-core-kernel32-legacy-l1-1-0

PulseEvent

rpcrt4

UuidCreate
RpcBindingVectorFree
RpcServerUnregisterIfEx
RpcServerUseProtseqW
RpcBindingInqObject
RpcServerUnregisterIf
RpcAsyncCompleteCall
RpcServerRegisterIfEx
RpcServerListen
RpcEpUnregister
RpcEpRegisterW
RpcServerInqBindings
NdrAsyncServerCall
NdrServerCallAll
Ndr64AsyncServerCallAll
NdrServerCall2
I_RpcBindingInqTransportType
RpcRevertToSelfEx
RpcImpersonateClient
RpcRevertToSelf
RpcServerInqCallAttributesW

api-ms-win-core-debug-l1-1-0

OutputDebugStringA

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

Exports

Exports

FreeAddrInfoEx
FreeAddrInfoExW
FreeAddrInfoW
GetAddrInfoExA
GetAddrInfoExCancel
GetAddrInfoExOverlappedResult
GetAddrInfoExW
GetAddrInfoW
GetHostNameW
GetNameInfoW
InetNtopW
InetPtonW
SetAddrInfoExA
SetAddrInfoExW
WEP
WPUCompleteOverlappedRequest
WPUGetProviderPathEx
WSAAccept
WSAAddressToStringA
WSAAddressToStringW
WSAAdvertiseProvider
WSAAsyncGetHostByAddr
WSAAsyncGetHostByName
WSAAsyncGetProtoByName
WSAAsyncGetProtoByNumber
WSAAsyncGetServByName
WSAAsyncGetServByPort
WSAAsyncSelect
WSACancelAsyncRequest
WSACancelBlockingCall
WSACleanup
WSACloseEvent
WSAConnect
WSAConnectByList
WSAConnectByNameA
WSAConnectByNameW
WSACreateEvent
WSADuplicateSocketA
WSADuplicateSocketW
WSAEnumNameSpaceProvidersA
WSAEnumNameSpaceProvidersExA
WSAEnumNameSpaceProvidersExW
WSAEnumNameSpaceProvidersW
WSAEnumNetworkEvents
WSAEnumProtocolsA
WSAEnumProtocolsW
WSAEventSelect
WSAGetLastError
WSAGetOverlappedResult
WSAGetQOSByName
WSAGetServiceClassInfoA
WSAGetServiceClassInfoW
WSAGetServiceClassNameByClassIdA
WSAGetServiceClassNameByClassIdW
WSAHtonl
WSAHtons
WSAInstallServiceClassA
WSAInstallServiceClassW
WSAIoctl
WSAIsBlocking
WSAJoinLeaf
WSALookupServiceBeginA
WSALookupServiceBeginW
WSALookupServiceEnd
WSALookupServiceNextA
WSALookupServiceNextW
WSANSPIoctl
WSANtohl
WSANtohs
WSAPoll
WSAProviderCompleteAsyncCall
WSAProviderConfigChange
WSARecv
WSARecvDisconnect
WSARecvFrom
WSARemoveServiceClass
WSAResetEvent
WSASend
WSASendDisconnect
WSASendMsg
WSASendTo
WSASetBlockingHook
WSASetEvent
WSASetLastError
WSASetServiceA
WSASetServiceW
WSASocketA
WSASocketW
WSAStartup
WSAStringToAddressA
WSAStringToAddressW
WSAUnadvertiseProvider
WSAUnhookBlockingHook
WSAWaitForMultipleEvents
WSApSetPostRoutine
WSCDeinstallProvider
WSCDeinstallProvider32
WSCDeinstallProviderEx
WSCEnableNSProvider
WSCEnableNSProvider32
WSCEnumNameSpaceProviders32
WSCEnumNameSpaceProvidersEx32
WSCEnumProtocols
WSCEnumProtocols32
WSCEnumProtocolsEx
WSCGetApplicationCategory
WSCGetApplicationCategoryEx
WSCGetProviderInfo
WSCGetProviderInfo32
WSCGetProviderPath
WSCGetProviderPath32
WSCInstallNameSpace
WSCInstallNameSpace32
WSCInstallNameSpaceEx
WSCInstallNameSpaceEx2
WSCInstallNameSpaceEx32
WSCInstallProvider
WSCInstallProvider64_32
WSCInstallProviderAndChains64_32
WSCInstallProviderEx
WSCSetApplicationCategory
WSCSetApplicationCategoryEx
WSCSetProviderInfo
WSCSetProviderInfo32
WSCUnInstallNameSpace
WSCUnInstallNameSpace32
WSCUnInstallNameSpaceEx2
WSCUpdateProvider
WSCUpdateProvider32
WSCUpdateProviderEx
WSCWriteNameSpaceOrder
WSCWriteNameSpaceOrder32
WSCWriteProviderOrder
WSCWriteProviderOrder32
WSCWriteProviderOrderEx
WahCloseApcHelper
WahCloseHandleHelper
WahCloseNotificationHandleHelper
WahCloseSocketHandle
WahCloseThread
WahCompleteRequest
WahCreateHandleContextTable
WahCreateNotificationHandle
WahCreateSocketHandle
WahDestroyHandleContextTable
WahDisableNonIFSHandleSupport
WahEnableNonIFSHandleSupport
WahEnumerateHandleContexts
WahInsertHandleContext
WahNotifyAllProcesses
WahOpenApcHelper
WahOpenCurrentThread
WahOpenHandleHelper
WahOpenNotificationHandleHelper
WahQueueUserApc
WahReferenceContextByHandle
WahRemoveHandleContext
WahWaitForNotification
WahWriteLSPEvent
__WSAFDIsSet
accept
bind
closesocket
connect
freeaddrinfo
getaddrinfo
gethostbyaddr
gethostbyname
gethostname
getnameinfo
getpeername
getprotobyname
getprotobynumber
getservbyname
getservbyport
getsockname
getsockopt
htonl
htons
inet_addr
inet_ntoa
inet_ntop
inet_pton
ioctlsocket
listen
ntohl
ntohs
recv
recvfrom
select
send
sendto
setsockopt
shutdown
socket

Sections

.text
Size: 257KB - Virtual size: 256KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.wpp_sf
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 51KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 144B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 69KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 336B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: 123

Password: 123

Headers

DLL Characteristics

File Characteristics

Sections

Size: 631KB - Virtual size: 1.4MB

Size: 163KB - Virtual size: 503KB

Size: 736KB - Virtual size: 1.3MB

Size: 30KB - Virtual size: 50KB

Size: 15KB - Virtual size: 41KB

Size: 2KB - Virtual size: 7KB

.idata Size: 2KB - Virtual size: 4KB

.tls Size: 1024B - Virtual size: 4KB

.rsrc Size: 41KB - Virtual size: 41KB

.themida Size: - Virtual size: 4.9MB

.boot Size: 2.9MB - Virtual size: 2.9MB

.reloc Size: 16B - Virtual size: 4KB

Password: 123

Password: 123

Password: 123

e8a9a7acdaed089a881bf2ac3a9d3f35

Code Sign

33:00:00:02:32:41:fb:59:99:6d:cc:4d:ff:00:00:00:00:02:32Certificate

Extended Key Usages

61:07:76:56:00:00:00:00:00:08Certificate

Key Usages

7c:7f:9f:c7:2a:97:82:e4:8b:6e:39:09:0e:5c:7d:5b:72:b2:14:82:cc:e6:66:b5:0a:8e:aa:1a:49:29:f5:cbSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

ntdll

api-ms-win-eventing-controller-l1-1-0

api-ms-win-eventing-consumer-l1-1-0

api-ms-win-eventing-consumer-l1-1-1

kernelbase

sechost

api-ms-win-service-core-l1-1-0

api-ms-win-service-core-l1-1-1

api-ms-win-service-core-l1-1-2

api-ms-win-service-management-l1-1-0

api-ms-win-service-management-l2-1-0

api-ms-win-service-private-l1-1-4

api-ms-win-service-private-l1-1-2

api-ms-win-service-private-l1-1-3

api-ms-win-service-private-l1-1-0

api-ms-win-service-winsvc-l1-1-0

api-ms-win-core-namedpipe-l1-1-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-processthreads-l1-1-1

api-ms-win-security-base-l1-1-0

api-ms-win-security-base-private-l1-1-0

api-ms-win-core-registry-l1-1-0

api-ms-win-core-registry-l1-1-1

api-ms-win-core-registry-l1-1-2

api-ms-win-core-sysinfo-l1-1-0

kernel32

rpcrt4

api-ms-win-core-timezone-l1-1-0

api-ms-win-security-audit-l1-1-1

api-ms-win-security-audit-l1-1-0

api-ms-win-core-apiquery-l1-1-0

api-ms-win-core-pcw-l1-1-0

Exports

Exports

Sections

.text Size: 411KB - Virtual size: 410KB

.data Size: 9KB - Virtual size: 14KB

.idata Size: 20KB - Virtual size: 20KB

.didat Size: 1024B - Virtual size: 568B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 19KB - Virtual size: 18KB

.idata
Size: 2KB - Virtual size: 4KB

.tls
Size: 1024B - Virtual size: 4KB

.rsrc
Size: 41KB - Virtual size: 41KB

.themida
Size: - Virtual size: 4.9MB

.boot
Size: 2.9MB - Virtual size: 2.9MB

.reloc
Size: 16B - Virtual size: 4KB

33:00:00:02:32:41:fb:59:99:6d:cc:4d:ff:00:00:00:00:02:32
Certificate

61:07:76:56:00:00:00:00:00:08
Certificate

7c:7f:9f:c7:2a:97:82:e4:8b:6e:39:09:0e:5c:7d:5b:72:b2:14:82:cc:e6:66:b5:0a:8e:aa:1a:49:29:f5:cb
Signer

.text
Size: 411KB - Virtual size: 410KB

.data
Size: 9KB - Virtual size: 14KB

.idata
Size: 20KB - Virtual size: 20KB

.didat
Size: 1024B - Virtual size: 568B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 19KB - Virtual size: 18KB

.text
Size: 81KB - Virtual size: 81KB

.data
Size: 4KB - Virtual size: 11KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 7KB - Virtual size: 6KB

.text
Size: 50KB - Virtual size: 49KB

.data
Size: 3KB - Virtual size: 6KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 5KB - Virtual size: 5KB

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

04:f9:d5:0a:6c:79:2c:9f:d3:9d:47:2e:98:37:b5:ff
Certificate

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

fa:71:3d:d6:af:07:78:6e:77:98:1b:e8:aa:fd:ef:b0:38:a7:4b:52:8b:c6:e5:89:5f:63:f3:91:61:9b:0b:31
Signer

.text
Size: 1.1MB - Virtual size: 1.1MB

.data
Size: 25KB - Virtual size: 25KB

.rdata
Size: 211KB - Virtual size: 210KB