C:\EPM\output\Win32\Release\bin\vf_agent.pdb
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
2024-08-24_61169de7e792fb7b32b0a6eb5bca8ef6_avoslocker.exe
Resource
win7-20240708-en
windows7-x64
0 signatures
150 seconds
Behavioral task
behavioral2
Sample
2024-08-24_61169de7e792fb7b32b0a6eb5bca8ef6_avoslocker.exe
Resource
win10v2004-20240802-en
windows10-2004-x64
1 signatures
150 seconds
General
-
Target
2024-08-24_61169de7e792fb7b32b0a6eb5bca8ef6_avoslocker
-
Size
8.2MB
-
MD5
61169de7e792fb7b32b0a6eb5bca8ef6
-
SHA1
a5ab968e987863d7cefb3089df447bc157eeb1c0
-
SHA256
1f11349b51ead5e8fc8630ef7afd71bdc0c1483479fecc5d92d106f480b7a530
-
SHA512
6d27ae555e4cd635194330f58a4bd92da2b6cabf6d6187e793b70c1353957f91c68c4271d4a92051f53fbe13d3246a8bade42d99bf0d57a536dae22795d8c1a7
-
SSDEEP
98304:+664PK8aelpCuwG3U/hlK+7LYQ1ePYFzM53S9SQsEC58:D64PK8aEpCuwfK+70Q9I+J1I8
Score
3/10
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 2024-08-24_61169de7e792fb7b32b0a6eb5bca8ef6_avoslocker
Files
-
2024-08-24_61169de7e792fb7b32b0a6eb5bca8ef6_avoslocker.exe windows:6 windows x86 arch:x86
c1290a91d4300de81a20cae008856b65
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
PDB Paths
Imports
advapi32
GetSecurityDescriptorOwner
InitializeSid
CopySid
GetSecurityDescriptorControl
GetSidLengthRequired
GetSidSubAuthority
GetSecurityDescriptorGroup
GetSecurityDescriptorDacl
GetSecurityDescriptorSacl
RegDeleteKeyW
RegEnumKeyExW
RegSaveKeyExW
RegUnLoadKeyW
RegLoadKeyW
CreateProcessAsUserW
SetSecurityDescriptorGroup
CreateServiceW
ChangeServiceConfig2W
DeleteService
LookupPrivilegeValueA
GetNumberOfEventLogRecords
CloseEventLog
ReadEventLogW
OpenEventLogW
NotifyChangeEventLog
GetOldestEventLogRecord
DeregisterEventSource
RegisterEventSourceW
EnumDependentServicesW
MakeAbsoluteSD
MakeSelfRelativeSD
OpenThreadToken
GetSecurityDescriptorLength
OpenServiceW
InitializeAcl
InitializeSecurityDescriptor
OpenProcessToken
AddAce
ControlService
OpenSCManagerW
CloseServiceHandle
PrivilegeCheck
GetAclInformation
AdjustTokenPrivileges
SetSecurityDescriptorDacl
LookupPrivilegeValueW
GetSecurityInfo
RegQueryValueExW
QueryServiceStatusEx
SetKernelObjectSecurity
QueryServiceConfigW
GetKernelObjectSecurity
SetSecurityInfo
RegOpenKeyExW
ImpersonateSelf
GetNamedSecurityInfoW
SetEntriesInAclW
GetLengthSid
AccessCheck
RegCloseKey
RevertToSelf
GetSidIdentifierAuthority
LookupAccountNameW
LsaClose
LsaAddAccountRights
LsaOpenPolicy
LsaNtStatusToWinError
SetSecurityDescriptorControl
ConvertSidToStringSidW
SetSecurityDescriptorSacl
IsWellKnownSid
ConvertStringSidToSidW
CreateWellKnownSid
ConvertSecurityDescriptorToStringSecurityDescriptorW
LookupPrivilegeNameW
GetSidSubAuthorityCount
LsaRemoveAccountRights
EqualSid
SaferComputeTokenFromLevel
DuplicateTokenEx
DuplicateToken
CheckTokenMembership
SetThreadToken
SaferCreateLevel
ImpersonateLoggedOnUser
SetTokenInformation
IsTokenRestricted
SaferCloseLevel
RegOpenCurrentUser
CryptReleaseContext
CryptGetHashParam
CryptDestroyHash
CryptHashData
CryptDeriveKey
CryptCreateHash
CryptDecrypt
CryptEncrypt
CryptAcquireContextW
CryptGetKeyParam
CryptDestroyKey
RegEnumValueW
RegQueryInfoKeyW
RegSetValueExW
LogonUserW
RegDeleteValueW
RegCreateKeyExW
SetSecurityDescriptorOwner
RegFlushKey
ConvertStringSecurityDescriptorToSecurityDescriptorW
SetNamedSecurityInfoW
StartServiceW
QueryServiceStatus
InitiateSystemShutdownExW
EnumServicesStatusExW
ChangeServiceConfigW
QueryServiceConfig2W
IsValidSid
LookupAccountSidW
GetAce
GetTokenInformation
ReportEventW
vftrace
?Enter@D_Support_c@@SAXXZ
?Leave@D_Support_c@@SAXXZ
??6@YAAAVostream@@AAV0@_J@Z
??6@YAAAVostream@@AAV0@PB_W@Z
??6@YAAAVostream@@AAV0@PAX@Z
?DoPrintFor@D_Support_c@@SAHPBD0I@Z
??1D_StackName_c@@QAE@XZ
??0D_StackName_c@@QAE@PBD0@Z
??1D_LevelName_c@@QAE@XZ
??0D_LevelName_c@@QAE@PBDH@Z
?Prefix@D_Support_c@@SAPBDPBDK0H@Z
?D_Stream@D_Support_c@@SAAAVostream@@XZ
??6@YAAAVostream@@AAV0@ABU_GUID@@@Z
D_C_Support_GetFileName
D_C_Support_SetConfigFile
D_C_Support_GetConfigFile
??6@YAAAVostream@@AAV0@K@Z
??6@YAAAVostream@@AAV0@J@Z
??6@YAAAVostream@@AAV0@PBD@Z
?flush@ostream@@QAEAAV1@XZ
??6@YAAAVostream@@AAV0@_W@Z
??6@YAAAVostream@@AAV0@E@Z
??0CvfIostreamInit@@QAE@XZ
kernel32
SystemTimeToFileTime
WideCharToMultiByte
GetSystemTimeAsFileTime
GetSystemWindowsDirectoryW
GetDateFormatW
IsDebuggerPresent
GetNativeSystemInfo
GetComputerNameW
GetTickCount
IsWow64Process
GetTimeFormatW
FileTimeToLocalFileTime
ResetEvent
FileTimeToSystemTime
LocalFileTimeToFileTime
FormatMessageW
GetSystemDirectoryW
GetTempPathW
LeaveCriticalSection
GetModuleFileNameW
ExpandEnvironmentStringsW
GetModuleHandleExW
EnterCriticalSection
FreeLibrary
FlushFileBuffers
MoveFileExW
SetFilePointerEx
UnlockFile
DeleteFileW
Sleep
SetFileAttributesW
SetEndOfFile
GetCompressedFileSizeW
LockFile
SetFileTime
RemoveDirectoryW
FileTimeToDosDateTime
GetProcessAffinityMask
SetProcessAffinityMask
GlobalMemoryStatusEx
GetLogicalDriveStringsW
GetVolumeNameForVolumeMountPointW
GetVolumeInformationW
CreateRemoteThread
GetExitCodeThread
SleepEx
CancelWaitableTimer
GetSystemTime
LockFileEx
HeapCompact
DeleteFileA
LoadLibraryA
CreateFileA
FlushViewOfFile
GetFileAttributesA
GetDiskFreeSpaceA
GetTempPathA
HeapValidate
UnlockFileEx
GetFullPathNameA
InitializeCriticalSection
OutputDebugStringA
GetDiskFreeSpaceW
HeapCreate
AreFileApisANSI
VirtualAlloc
SetStdHandle
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
GetACP
IsValidCodePage
FindFirstFileExW
SetConsoleCtrlHandler
GetConsoleCP
ReadConsoleW
GetConsoleMode
GetFileType
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
LCMapStringW
CompareStringW
GetStdHandle
ExitProcess
FreeLibraryAndExitThread
ExitThread
GetFileAttributesExW
VirtualProtect
GetSystemInfo
InterlockedFlushSList
InterlockedPushEntrySList
RtlUnwind
InitializeSListHead
GetStartupInfoW
InitializeCriticalSectionAndSpinCount
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCPInfo
CompareStringEx
GetLocaleInfoEx
CreateSymbolicLinkW
GetFileInformationByHandleEx
CloseThreadpoolWait
SetThreadpoolWait
CreateThreadpoolWait
CloseThreadpoolTimer
WaitForThreadpoolTimerCallbacks
SetThreadpoolTimer
CreateThreadpoolTimer
CloseThreadpoolWork
SubmitThreadpoolWork
CreateThreadpoolWork
FreeLibraryWhenCallbackReturns
GetCurrentProcessorNumber
FlushProcessWriteBuffers
CreateSemaphoreExW
CreateEventExW
SleepConditionVariableSRW
SleepConditionVariableCS
WakeAllConditionVariable
WakeConditionVariable
InitializeConditionVariable
InitOnceExecuteOnce
InitializeSRWLock
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
LCMapStringEx
EncodePointer
QueryPerformanceFrequency
QueryPerformanceCounter
GetStringTypeW
FormatMessageA
OutputDebugStringW
WaitNamedPipeW
GetTickCount64
VerifyVersionInfoW
WTSGetActiveConsoleSessionId
SetCurrentDirectoryW
GetCurrentDirectoryW
WaitForMultipleObjectsEx
TryEnterCriticalSection
GetComputerNameExW
TerminateThread
SetThreadPriority
GetCurrentThreadId
ResumeThread
SuspendThread
TlsFree
TlsGetValue
TlsAlloc
TlsSetValue
ProcessIdToSessionId
CreateMutexW
QueueUserAPC
LoadLibraryExW
EnumResourceNamesW
SetFilePointer
ConnectNamedPipe
GetOverlappedResult
DisconnectNamedPipe
CreateNamedPipeW
lstrcatA
GlobalUnlock
GlobalLock
GlobalFree
lstrcpyA
GlobalAlloc
OpenEventW
WaitForMultipleObjects
GetFileTime
SystemTimeToTzSpecificLocalTime
GetFileSize
GetDiskFreeSpaceExW
PeekNamedPipe
CreatePipe
SetHandleInformation
CreateThread
SetProcessWorkingSetSize
GetLocalTime
GetTimeZoneInformation
CreateWaitableTimerW
SetWaitableTimer
DeviceIoControl
WriteFile
FindNextFileW
VirtualFree
GetLogicalDrives
ReadFile
CreateDirectoryW
VirtualQuery
MapViewOfFile
CreateFileMappingW
UnmapViewOfFile
OpenFileMappingW
GetLocaleInfoW
CheckRemoteDebuggerPresent
VirtualQueryEx
OpenThread
GetProcessTimes
VirtualFreeEx
K32EnumProcessModules
Module32NextW
GetThreadTimes
AcquireSRWLockShared
VirtualAllocEx
K32EnumProcesses
Module32FirstW
DeleteProcThreadAttributeList
LoadLibraryW
K32GetModuleInformation
ReleaseSRWLockShared
Process32FirstW
AcquireSRWLockExclusive
Process32NextW
ReleaseSRWLockExclusive
UpdateProcThreadAttribute
CreateToolhelp32Snapshot
K32GetProcessImageFileNameW
lstrlenA
Thread32First
Thread32Next
K32GetModuleFileNameExW
InitializeProcThreadAttributeList
lstrlenW
SetFileInformationByHandle
LocalAlloc
GetFileSizeEx
FindFirstFileW
ReadProcessMemory
OpenMutexW
WaitForSingleObjectEx
GetCurrentThread
SetEvent
CreateEventW
OpenProcess
ReleaseMutex
WriteProcessMemory
GetFileInformationByHandle
FindClose
GetDriveTypeW
FindNextVolumeW
GetVolumePathNamesForVolumeNameW
GetModuleHandleW
FindVolumeClose
GetProcAddress
GetWindowsDirectoryW
GetFileAttributesW
CreateFileW
GetShortPathNameW
GetLongPathNameW
GetFullPathNameW
FindFirstVolumeW
QueryDosDeviceW
GetExitCodeProcess
CreateProcessW
WaitForSingleObject
GetProcessId
TerminateProcess
GetProcessHeap
GetCurrentProcessId
DeleteCriticalSection
LocalFree
HeapDestroy
DecodePointer
HeapAlloc
FindResourceW
LoadResource
FindResourceExW
RaiseException
CloseHandle
HeapReAlloc
LockResource
GetLastError
MultiByteToWideChar
HeapSize
DuplicateHandle
InitializeCriticalSectionEx
GetCurrentProcess
SetLastError
HeapFree
GetThreadId
SizeofResource
WriteConsoleW
lstrcpynA
user32
SendNotifyMessageW
GetSystemMetrics
IsCharAlphaW
UnregisterClassW
wsprintfW
GetUserObjectInformationW
CloseDesktop
CloseWindowStation
ExitWindowsEx
shell32
SHGetDesktopFolder
SHGetFolderPathW
CommandLineToArgvW
SHGetKnownFolderPath
ole32
CoCreateGuid
CoCreateInstance
CreateStreamOnHGlobal
CLSIDFromString
CoUnmarshalInterface
CoSetProxyBlanket
CoInitializeSecurity
CoInitialize
CoInitializeEx
IIDFromString
CoUninitialize
StringFromGUID2
CoTaskMemFree
oleaut32
VariantInit
GetErrorInfo
SetErrorInfo
CreateErrorInfo
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayCreate
SysAllocStringLen
SysStringLen
SafeArrayLock
SysAllocString
SafeArrayGetVartype
SysFreeString
SafeArrayUnlock
SafeArrayDestroy
VariantClear
VariantChangeType
SysAllocStringByteLen
SafeArrayCopy
SafeArrayUnaccessData
SafeArrayAccessData
VariantCopy
SysStringByteLen
vf_util
?VfUtil_GetAgentDir@@YAPB_WXZ
?VfUtil_ProcessAccessMask2Str@@YAPA_WKAAPA_W@Z
?VfUtilProcMap_SetPolicyData@@YAXKABUSvfProcessPolicyData@@@Z
?GetProcess@CvfFileSrcInstaller@@QBEPBVCvfFileSrcProcess@@K@Z
?IsSoftwareDistributor@CvfFileSrcInstaller@@QBE_NPB_W@Z
?VfUtil_IsSvcHostPid@@YA_NK_N@Z
?VfUtilProcMap_OnProcessStart@@YAXKKKPB_W00K@Z
?VfUtilProcMap_GetAndSetRestrDlgFlag@@YA_NKW4EvfRestrictedAccessTargetType@@AA_N@Z
?CopySignedDataToProcess@CvfProcessPayload@@SA_NPB_WKPBEK@Z
?VfUtil_IsShexEventReady@@YA_NK@Z
?ParseMsuCmdLine@CvfMsuTargetUtil@@SA_NPB_W0AAPA_W@Z
?ParseMsiCmdLine@CvfMsiTargetUtil@@SA_NPB_W0AAPA_W@Z
?IsMsiSvcOrDescendant@CvfMsiTargetUtil@@SA_NK@Z
?IsInProgressInstallInfoFile@CvfMsiTargetUtil@@SA_NPB_W@Z
?IsMsiInstallationInProgress@CvfMsiTargetUtil@@SA_NXZ
?VfUtil_IsSupportUtilPath@@YA_NPB_W@Z
?CompareNoCase@CvfUtilStr@@QBEHPB_W@Z
?DeleteFromToken@CvfTokenPolicyData@@SA_NPAX@Z
?VfUtil_IsIEDebuggedByDevEnv@@YA_NAAVCvfTargetInfoProcess@@H@Z
?AppendDebugString@CvfRemovableMedia@@QBEXAAV?$CStringT@_WV?$StrTraitATL@_WV?$ChTraitsCRT@_W@ATL@@@ATL@@@ATL@@@Z
?ParseScriptCmdLine@CvfScriptTargetUtil@@SA_NPB_W0AAW4EvfScriptEngine@@AAPA_W2@Z
?VfUtil_IsDevEnv@@YA_NABVCvfTargetInfoFile@@_N@Z
?VfUtilProcMap_OnProcessEnd@@YAXK@Z
?VfUtilProcMap_UpdateParentInfo@@YAXKKK@Z
?MSI_SVC_NAME@CvfMsiTargetUtil@@2QB_WB
?VfUtil_IsWindowsExplorer@@YA_NABVCvfTargetInfoFile@@_N@Z
?VfUtil_IsShellReady@@YA_NK@Z
?VfUtil_FileAccessMask2Str@@YAPA_WK_NAAPA_W@Z
?VfUtil_IsControlExe@@YA_NABVCvfTargetInfoFile@@_N@Z
?GetFileOrigin@CvfTargetInfoFile@@QAEPBVCvfFileOrigin@@_N@Z
?GetRequestedExecutionLevel@CvfTargetInfoFile@@QBE_NAAW4EvfRequestedExecutionLevel@@AA_N@Z
?VfUtil_IsGoogleChrome@@YA_NABVCvfTargetInfoFile@@_N@Z
?FromFile@CvfSupplementalFileData@@QAE_NPB_WPAX_N@Z
??0CvfSupplementalFileData@@QAE@XZ
?VfUtilProcMap_GetAndSetRestrEventFlag@@YA_NKW4EvfRestrictedAccessTargetType@@AA_N@Z
?VfUtil_IsActiveXInstallElevator@@YA_NPB_W0AAKAA_K1@Z
?VfUtil_IsConHostPath@@YA_NPB_W_N@Z
?VfUtil_IsVfElevatorProcess@@YA_NPB_W0AAW4EvfElevatorType@@AAPA_W@Z
?SetDescriptionBase@CvfTargetInfo@@QBEXPB_W@Z
?VfUtil_IsVfElevate@@YA_NPB_W@Z
?VfUtil_IsInternetExplorer@@YA_NABVCvfTargetInfoFile@@_N@Z
?VfUtil_IsSvcHostPath@@YA_NPB_W_N@Z
?VfUtil_IsVfAgentMsi@@YA_NABVCvfTargetInfo@@_N@Z
?CheckOpagAction@CvfOPAGHelper@@SA?AW4EvfOpagActionResult@@PB_WPAXAAUSvfOpagAction@@@Z
?IsModuleInStack@CvfThreadStack@@SA_NKKPB_W@Z
?VfUtilProcMap_AddZeroTouchState@@YAXKK@Z
?VfUtilProcMap_GetZeroTouchState@@YA_NKAAK@Z
?VfUtil_IsCMD@@YA_NABVCvfTargetInfoFile@@_N@Z
?GetDuplicatedToken@CvfTargetInfoProcess@@QAEPAXXZ
?GetParentProcessInfo@CvfTargetInfoProcess@@QAEPAV1@XZ
?GetDomainUserName@CvfTargetInfoProcess@@QBEPB_WXZ
?IsUser@CvfTargetInfoProcess@@QBE_NABVCSid@ATL@@@Z
?GetUser@CvfTargetInfoProcess@@QBEPBVCSid@ATL@@XZ
?AdminTaskIdNoCheck@CvfTargetInfoProcess@@QBE?AW4EvfAdminTaskId@@AA_N@Z
?GetEffectiveProcessByType@CvfTargetInfoProcess@@QAEAAV1@W4EvfPolicyTarget@@@Z
??0CvfTargetInfoProcess@@QAE@PAXPB_W1@Z
??1CvfTargetInfoElevator@@UAE@XZ
??0CvfTargetInfoElevator@@QAE@PB_WW4EvfElevatorType@@PAX@Z
?CmdLine@CvfProcessData@@QBEABVCvfUtilStr@@XZ
?VfUtil_PolicyActionStrEx@@YAPB_WKABU_GUID@@@Z
?VfUtil_GetProcStartTriggerForUser@@YA?AW4EvfAlertTrigger@@W4EvfPolicyAction@@PAX_N@Z
?RunsInsideAgent@CvfBlFlAcAl@@SAXXZ
?IsEmpty@SvfTriggerPolicyShortInfo@@QBE_NXZ
?IsEmpty@SvfProcessPolicyData@@QBE_NXZ
?IsPolicyAction@SvfTokenPolicyData@@QBE_NW4EvfPolicyAction@@@Z
?IsEmpty@CvfUtilStr@@QBE_NXZ
?SoftwareDistributorName@CvfFileSrcProcess@@QBEABVCvfUtilStr@@XZ
?SetSoftwareDistributorName@CvfFileSrcProcess@@QAEXPB_W@Z
?VarInstallDir@CvfMsiIpiReader@@QBEABVCvfUtilStr@@XZ
?ProductName@CvfMsiIpiReader@@QBEABVCvfUtilStr@@XZ
?ProductId@CvfMsiIpiReader@@QBEABVCvfUtilStr@@XZ
?VfUtilProcMap_GetParentSvcName@@YA_NKAAVCvfUtilStr@@@Z
?VfUtil_IsFileLocationTypeFixed@@YA_NPB_W@Z
?SetAdminTaskId@CvfTargetInfoProcess@@QAEXW4EvfAdminTaskId@@@Z
?CreateInstance@CvfAdminTask@@SAPAV1@W4EvfAdminTaskId@@@Z
?DeleteInstance@CvfAdminTask@@SAXPAV1@@Z
?GetBufferSize@SvfVersion@@QBEKXZ
??0CvfVersionRange@@QAE@XZ
?IsInfinite@CvfVersionRange@@QBE_NXZ
?FromString@CvfVersionRange@@QAEXPB_W0@Z
?GetBufferSize@CvfVersionRange@@QBEKXZ
?ToBuffer@CvfVersionRange@@QBE_NAAPAEAAK@Z
?VfUtil_IsServicesPid@@YA_NK_N@Z
?TargetSvcName@CvfTargetInfoProcess@@QBEPB_WXZ
?SrcPath@CvfFileSrcCopyData@@QBEABVCvfUtilStr@@XZ
?CopySrcData@CvfFileSrcInstaller@@QBEABVCvfFileSrcCopyData@@XZ
?Package@CvfFileSrcInstaller@@QBEPBVCvfFileSrcPackage@@XZ
?ParentSvcName@CvfProcessData@@QBEABVCvfUtilStr@@XZ
?Installer@CvfFileOrigin@@QAEAAVCvfFileSrcInstaller@@XZ
?ParentInstaller@CvfFileOrigin@@QAEAAVCvfFileSrcParentInstaller@@XZ
?SetSoftwareDistributorUpdateHelper@CvfSharedPoliciesData@@SAXP6A_NAAVCvfFileOrigin@@@Z@Z
?UpdateAppCompatFlagsForAll@CvfAdminTaskJavaUpdate@@SAXXZ
?GetDescriptionForEvent@CvfTargetInfo@@QBEPB_WXZ
?VfUtil_IsGoogleChromePid@@YA_NK_N@Z
?_m_theScanFinished@CvfSupplementalFileData@@0_NA
?VfUtil_IsMSEdge@@YA_NABVCvfTargetInfoFile@@_N@Z
?SetParentSvcName@CvfTargetInfoProcess@@QAEXPB_W@Z
?SetTargetSvcName@CvfTargetInfoProcess@@QAEXK@Z
?SetSoftwareDistributorName@CvfTargetInfoProcess@@QAEXPB_W@Z
?_GetFromCache@CvfTargetInfo@@MBEPB_WPB_W@Z
?_IsMissingValue@CvfTargetInfo@@MBE_NPB_W@Z
?_SaveToCache@CvfTargetInfo@@MBEXPB_WABV?$CStringT@_WV?$StrTraitATL@_WV?$ChTraitsCRT@_W@ATL@@@ATL@@@ATL@@@Z
?_RemoveFromCache@CvfTargetInfo@@MBEXPB_W@Z
?_SetMissingValue@CvfTargetInfo@@MBEXPB_W@Z
?Copy@CvfSupplementalFileData@@SAKPB_W0@Z
?IsSystemProcess@CvfTargetInfoFile@@UBE_NXZ
?GetVersion@CvfTargetInfoFile@@UBE?AUSvfVersion@@XZ
?IsMultifileCreator@CvfFileSrcProcess@@QBE_NXZ
?Path@CvfFileSrcProcess@@QBEABVCvfUtilStr@@XZ
?UserEqualsOrBelongsTo@CvfFileOrigin@@QBE_NABVCSid@ATL@@@Z
?VfUtil_MatchServiceName@@YA_NPB_W0@Z
?VfUtil_MatchFilename@@YA_NABVIvfPathProvider@@PB_WW4EvfStrCompareAs@@@Z
?ImageFileModified@CvfTargetInfoFile@@QBE_NXZ
?VfUtil_GetAgentTraceDir@@YAPB_WXZ
?ProcessesCount@CvfFileSrcInstaller@@QBEKXZ
?GetProcess@CvfFileSrcInstaller@@QAEPAVCvfFileSrcProcess@@K@Z
?ClearMap@CvfUserEnvMap@@SAXXZ
?VfUtil_IsValidRegExp@@YA_NPB_W_N@Z
?ParentPid@CvfProcessData@@QBEKXZ
?VfUtil_MatchPublisher@@YA_NABVIvfPublisherProvider@@PB_W_NW4EvfStrCompareAs@@@Z
?NeedFeelWellKnown@CvfFileSrcProcess@@QAE_NXZ
?FillWellKnown@CvfFileSrcProcess@@QAE_NXZ
?VfUtil_FindParentPolicyData@@YA_NABVCvfTargetInfo@@AAUSvfProcessPolicyData@@@Z
?SetOnDemandElevationRequested@CvfTargetInfo@@QAEX_N@Z
?GetDescriptionForAlert@CvfTargetInfo@@QBEPB_WXZ
?VfUtil_ThisOrLinkedHasAdminRights@@YA_NPAX@Z
??0CvfTokenPolicyData@@QAE@_NKABUSvfTriggerPolicyShortInfo@@@Z
?SetToToken@CvfTokenPolicyData@@QBE_NPAX_N@Z
??0SvfTriggerPolicyShortInfo@@QAE@ABU0@@Z
?SessionId@CvfProcessData@@QBEKXZ
?IsPolicyAction@CvfProcessData@@QBE_NW4EvfPolicyAction@@@Z
?HasZeroTouchState@CvfProcessData@@QBEKK@Z
?Path@CvfProcessData@@QBEABVCvfUtilStr@@XZ
??0CvfTargetInfoProcess@@QAE@ABVCvfProcessData@@PAX@Z
??1CvfTargetInfoProcess@@UAE@XZ
?Clone@CvfTargetInfoProcess@@QBEPAV1@XZ
??0CvfTargetInfoActiveX@@QAE@K_KK@Z
??1CvfTargetInfoActiveX@@UAE@XZ
?VfUtil_GetProcessImagePath@@YA_NKAAVCvfUtilStr@@@Z
??0CvfProcessData@@QAE@XZ
??1CvfProcessData@@QAE@XZ
?VfUtilProcMap_FindProcessData@@YA_NKAAVCvfProcessData@@@Z
?DecomposeChallengeResponse@CvfOPAGHelper@@SA?AW4EvfOpagActionResult@@PB_W0000_NAAUSvfOpagAction@@@Z
?DecomposeResponseLongToken@CvfOPAGHelper@@SA_NPB_WABV?$CStringT@_WV?$StrTraitATL@_WV?$ChTraitsCRT@_W@ATL@@@ATL@@@ATL@@0K_NAAK@Z
?VfUtil_GetDefaultVfHostPath@@YAPB_WXZ
??0CvfShortcut@@QAE@XZ
??1CvfShortcut@@QAE@XZ
?GetTargetPath@CvfShortcut@@QBEPB_WXZ
?GetDescription@CvfShortcut@@QBEPB_WXZ
?GetWorkingDirectory@CvfShortcut@@QBEPB_WXZ
?GetIconLocation@CvfShortcut@@QBEPB_WAAH@Z
?Load@CvfShortcut@@QAE_NPB_W_NK@Z
?IsSpecificPublisherTrusted@CvfFileSignature@@SA_NPB_W0@Z
?VfUtil_GetAgentConfigDir@@YAPB_WXZ
??0SvfVersion@@QAE@XZ
?IsEmpty@SvfVersion@@QBE_NXZ
?FromString@SvfVersion@@QAEXPB_W@Z
??0SvfProcessPolicyData@@QAE@XZ
?IsTargetType@CvfTargetInfo@@QBE_NW4EvfPolicyTarget@@@Z
?Pid@CvfTargetInfoProcess@@QBEKXZ
?ParentSvcName@CvfTargetInfoProcess@@QBEPB_WXZ
?CreationTime@CvfTargetInfoProcess@@QBE_KXZ
?Action@CvfShBufPolicy@@QBE?AW4EvfPolicyAction@@XZ
?Id@CvfShBufPolicy@@QBEKXZ
?Active@CvfShBufPolicy@@QBE_NXZ
?Order@CvfShBufPolicy@@QBE_KXZ
?IsImplicit@CvfShBufPolicy@@QBE_NXZ
?Name@CvfShBufPolicy@@QBEPB_WXZ
?GuiType@CvfShBufPolicy@@QBEKXZ
?ReportUsageState@CvfShBufPolicy@@QBEKXZ
??0CvfFileFullEaInfo@@QAE@XZ
??1CvfFileFullEaInfo@@QAE@XZ
??0CvfExtFileAttributes@@QAE@XZ
?IsEmpty@CvfExtFileAttributes@@QBE_NXZ
?HasFlags@SvfTokenPolicyData@@QBE_NG@Z
?CreatedByUacElevator@SvfTokenPolicyData@@QBE_NXZ
?GetInheritable@SvfTokenPolicyData@@QBE_NXZ
?GetProtectInstalledFiles@SvfTokenPolicyData@@QBE_NXZ
?GetRestrictFileDlg@SvfTokenPolicyData@@QBE_NXZ
?GetPid@SvfTokenPolicyData@@QBEKXZ
?GetClientPid@SvfTokenPolicyData@@QBEKXZ
?GetPolicyId@SvfTokenPolicyData@@QBEKXZ
?GetPolicyAction@SvfTokenPolicyData@@QBE?AW4EvfPolicyAction@@XZ
?GetOriginalPolicyAction@SvfTokenPolicyData@@QBE?AW4EvfPolicyAction@@XZ
?GetTargetType@SvfTokenPolicyData@@QBE?AW4EvfPolicyTarget@@XZ
?GetPolicyTargetId@SvfTokenPolicyData@@QBEABU_GUID@@XZ
??0CvfTokenPolicyData@@QAE@XZ
??1CvfTokenPolicyData@@QAE@XZ
?GetPolicyById@CvfSharedPoliciesData@@SA_NKAAPAVCvfShBufPolicy@@@Z
?VfUtilProcMap_Dump@@YAXPB_W@Z
?VfUtil_FindPolicyData@@YA_NKAAUSvfProcessPolicyData@@@Z
?EaCacheBuf2DebugStr@CvfFileSignature@@SAXPBEGAAV?$CvfProcHeapPtr@D@@@Z
?CreateFromPid@CvfTargetInfoProcess@@SAPAV1@KKPAX@Z
?GetEffectiveProcess@CvfTargetInfoProcess@@QAEAAV1@XZ
?AdminTaskId@CvfTargetInfoProcess@@QBE?AW4EvfAdminTaskId@@XZ
?IsAdminTask@CvfTargetInfoProcess@@QBE_NXZ
?GetAppPackageFullName@CvfTargetInfoProcess@@QBEPB_WXZ
?GetAppPackageId@CvfTargetInfoProcess@@QBEPBUPACKAGE_ID@@XZ
?GetAppPackageName@CvfTargetInfoProcess@@QBEPB_WXZ
?GetAppPackagePath@CvfTargetInfoProcess@@QBEPB_WXZ
?GetAppPackagePublisher@CvfTargetInfoProcess@@QBEPB_WXZ
?GetAppPackagePublisherDisplayName@CvfTargetInfoProcess@@QBEPB_WXZ
?GetAppPackageVersion@CvfTargetInfoProcess@@QBEABUSvfVersion@@XZ
?GetAppPackageDisplayName@CvfTargetInfoProcess@@QBEPB_WXZ
?GetProcessServiceNames@CvfTargetInfoProcess@@QAEPB_WXZ
?SoftwareDistributorName@CvfTargetInfoProcess@@QBEPB_WXZ
?GetSubsystem@CvfTargetInfoProcess@@QBEHXZ
?GetAt@SvfVersion@@QBEGE@Z
??1CvfExtFileAttributes@@QAE@XZ
?LoadAllFromFile@CvfExtFileAttributes@@QAE_NPB_W@Z
?GetHeadPosition@CvfExtFileAttributes@@QBEPAU__POSITION@@XZ
?GetNext@CvfExtFileAttributes@@QAE_NAAPAU__POSITION@@AAVCvfFileFullEaInfo@@_N@Z
?VfUtil_PolicyActionStr@@YAPB_WK@Z
?GetFileSize@CvfTargetInfoFile@@UBE_JXZ
?GetHashStringUsing@CvfTargetInfoFile@@UBEPB_WPB_W@Z
?GetOwner@CvfTargetInfoFile@@UBEPBVCSid@ATL@@XZ
?GetOwnerDomainUserName@CvfTargetInfoFile@@UBEPB_WXZ
?GetPublisher@CvfTargetInfoFile@@UBEPB_W_NAAW4EvfPublisherStatus@@@Z
?GetVersionInfo@CvfTargetInfoFile@@UBEPB_WPB_W@Z
?GetVersionStr@CvfTargetInfoFile@@UBEPB_WXZ
?GetProductVersionStr@CvfTargetInfoFile@@QBEPB_WXZ
?GetProductName@CvfTargetInfoFile@@QBEPB_WXZ
?GetRequestedExecutionLevel@CvfTargetInfoFile@@QBEPB_WXZ
?GetUrlSecurityZoneId@CvfTargetInfoFile@@QBE?AW4tagURLZONE@@XZ
?IsInTempDir@CvfTargetInfoFile@@QBE_NXZ
?VfUtil_FindVfInjData@@YA_NKAAUSvfInjData@@@Z
?GetDisplayName@CvfAdminTask@@SAPB_WW4EvfAdminTaskId@@@Z
?Name@CvfFileFullEaInfo@@QBEPBDXZ
?ValueLength@CvfFileFullEaInfo@@QBEGXZ
?Value@CvfFileFullEaInfo@@QBEPBEXZ
?VfUtil_PolicyActionHeritageTypeStr@@YAPB_WK@Z
?GetFromToken@CvfTokenPolicyData@@QAE_NPAX@Z
?VfUtil_PolicyTargetTypeStr@@YAPB_WK@Z
?VfUtil_MultifileCreatorTypeStr@@YAPB_WW4EvfMultifileCreatorType@@@Z
?VfUtil_PublisherStatusStr@@YAPB_WK@Z
?VerifyHash@CvfFileHash@@SA_NPB_W00@Z
?ParseAlgAndHash@IvfHashProvider@@SA_NPB_WAAVCvfUtilStr@@1@Z
?VfUtil_IsWindowsExplorerPid@@YA_NK_N@Z
?SetDrvEaHelper@CvfExtFileAttributes@@SAXP6AJPAXPBXK@Z@Z
?VfUtil_MatchFilePublisher@@YA_NPB_W0_NW4EvfStrCompareAs@@@Z
??0SvfTriggerPolicyShortInfo@@QAE@XZ
?UserToken@CvfTargetInfo@@QBEPAXXZ
?Path@CvfTargetInfoFile@@QBEPB_WXZ
?ParentPid@CvfTargetInfoProcess@@QBEKXZ
?SessionId@CvfTargetInfoProcess@@QBEKXZ
?CommandLine@CvfTargetInfoProcess@@QBEPB_WXZ
??0CvfUtilStr@@QAE@XZ
??1CvfUtilStr@@QAE@XZ
??BCvfUtilStr@@QBEPB_WXZ
?Empty@CvfUtilStr@@QAEXXZ
?VfUtil_FillTargetInfo@@YA_NAAVCvfTargetInfo@@AAPAEAAH@Z
?GetHashStringUsing@CvfFileHash@@SA_NPB_W0AAVCvfUtilStr@@@Z
?CreateFromConsentData@CvfTargetInfo@@SAPAV1@ABVCvfConsentData@@K@Z
?Delete@CvfTargetInfo@@SAXPAV1@@Z
??0CvfTargetInfoFile@@QAE@PAXPB_W@Z
??1CvfTargetInfoFile@@UAE@XZ
?GetFileHashStringByProcess@IvfHashProvider@@SA_NPB_WK0AAVCvfUtilStr@@@Z
?VfUtil_FillGuiInfo@@YA_NPAXAAPAEAAH@Z
?_GetDescriptionForAlert@CvfTargetInfoFile@@MBEXAAV?$CStringT@_WV?$StrTraitATL@_WV?$ChTraitsCRT@_W@ATL@@@ATL@@@ATL@@@Z
?_GetDescriptionForEvent@CvfTargetInfoFile@@MBEXAAV?$CStringT@_WV?$StrTraitATL@_WV?$ChTraitsCRT@_W@ATL@@@ATL@@@ATL@@@Z
?VfUtil_IsBrowserBroker@@YA_NABVCvfTargetInfoFile@@_N@Z
?VfUtil_IsMSEdgePid@@YA_NK_N@Z
?FillFromProcess@CvfFileOrigin@@QAE_NPB_WAAVCvfTargetInfoProcess@@0@Z
?FillFromMsi@CvfFileOrigin@@QAE_NPB_WABVCvfMsiIpiReader@@AAVCvfTargetInfoFile@@AAVCvfTargetInfoProcess@@@Z
?FromStr@CvfFileSrcType@@SA?AW4EvfType@1@PB_W@Z
?VfUtil_MatchStr@@YA_NPB_W0_NW4EvfStrCompareAs@@@Z
?FileOrigin@CvfSupplementalFileData@@QAEAAVCvfFileOrigin@@XZ
??1CvfSupplementalFileData@@UAE@XZ
?Installer@CvfFileOrigin@@QBEABVCvfFileSrcInstaller@@XZ
?Preexisted@CvfFileOrigin@@QBE_NXZ
?ServiceNames@CvfFileSrcProcess@@QBEABVCvfUtilStr@@XZ
??4CvfUtilStr@@QAEAAV0@PB_W@Z
?MsiSvcName@CvfMsiTargetUtil@@SAPB_WXZ
?INSTALLER_INPROGRESS_REG_PATH_DRV@CvfMsiTargetUtil@@2QB_WB
?VfUtil_IsBrowserBrokerPid@@YA_NK_N@Z
??0CvfMsiIpiReader@@QAE@XZ
??1CvfMsiIpiReader@@QAE@XZ
?ParseCurrent@CvfMsiIpiReader@@QAEJXZ
?INSTALLER_REG_PATH_DRV@CvfMsiTargetUtil@@2QB_WB
?SafeString@CvfUtilStr@@QBEPB_WXZ
??0CvfSimplePathProvider@@QAE@PB_WPAX@Z
??1CvfSimplePathProvider@@QAE@XZ
?IsGreaterThan@SvfVersion@@QBE_NABU1@@Z
?IsGreaterThan@SvfVersion@@QBE_NKK@Z
?VfUtil_ObfuscateDeObfuscateByteArray@@YA_NPAEI@Z
?VfUtil_ServiceNotificationMask2Str@@YAXKAAPA_W@Z
??0CvfRemovableMedia@@QAE@PB_W00KW4EvfMediaType@0@@Z
??1CvfRemovableMedia@@QAE@XZ
?VfUtil_ServiceState2Str@@YAPB_WK@Z
?DownloadParamsOnly@CvfTargetInfoActiveX@@QBE_NXZ
?GetServiceProcessType@CvfSvcUtil@@SA?AW4EvfSvcProcType@1@K@Z
?VfUtil_MatchCmdLineArguments@@YA_NPB_W00_NW4EvfStrCompareAs@@@Z
?VfUtil_IsPASAgentPid@@YA_NK@Z
?IsPreexisted@CvfTargetInfoFile@@QAE_N_N@Z
?IsEmpty@SvfTokenPolicyData@@QBE_NXZ
?RunPath@CvfTargetInfoProcess@@QBEPB_WXZ
?SetParentPid@CvfTargetInfoProcess@@QAEXK@Z
?ParentPidReal@CvfTargetInfoProcess@@QBEKXZ
?SetDrvFlagsOnFileOpen@CvfTargetInfoFile@@QAEXK@Z
?RequestedFileAccess@CvfTargetInfoFile@@QBEKXZ
?SetRequestedFileAccess@CvfTargetInfoFile@@QAEXK@Z
?SetCallerPid@CvfTargetInfoFile@@QAEXK@Z
?IsPublisherStatus@CvfTargetInfoFile@@QBE_NW4EvfPublisherStatus@@@Z
?GetDescriptionBase@CvfTargetInfo@@QBEPB_WXZ
?SetTriggerPolicyShortInfo@SvfProcessPolicyData@@QAEXABUSvfTriggerPolicyShortInfo@@@Z
??4SvfProcessPolicyData@@QAEAAU0@ABU0@@Z
??4SvfTriggerPolicyShortInfo@@QAEAAU0@ABU0@@Z
??0SvfMatchWinFileParams@@QAE@PB_W0_NK@Z
?VfUtil_IsPASAgentPath@@YA_NPB_W@Z
?VfUtil_IsVfAgenPath@@YA_NPB_W@Z
?VfUtil_IsVfHostPath@@YA_NPB_W@Z
?VfUtil_IsVfHostPid@@YA_NK@Z
?VfUtil_GetFileProcTargetsOfType@@YA_NABVCvfTargetInfo@@W4EvfPolicyTarget@@AAPAVCvfTargetInfoFile@@AAPAVCvfTargetInfoProcess@@@Z
?MediaType@CvfRemovableMedia@@QBE?AW4EvfMediaType@1@XZ
?VfUtil_GetProcTargetOfType@@YA_NABVCvfTargetInfo@@W4EvfPolicyTarget@@AAPAVCvfTargetInfoProcess@@@Z
?GetProductVersion@CvfTargetInfoFile@@QBE?AUSvfVersion@@XZ
?ProcessImageFileModified@CvfTargetInfoProcess@@QBE_NXZ
?Args@CvfFileSrcProcess@@QBEABVCvfUtilStr@@XZ
?VarSetupExeDir@CvfMsiIpiReader@@QBEABVCvfUtilStr@@XZ
?MsiFilePathSource@CvfMsiIpiReader@@QBEABVCvfUtilStr@@XZ
?MsiFilePathLocal@CvfMsiIpiReader@@QBEABVCvfUtilStr@@XZ
?IpiFilePath@CvfMsiIpiReader@@QBEABVCvfUtilStr@@XZ
?ClientPid@CvfMsiIpiReader@@QBEKXZ
?LastParseResult@CvfMsiIpiReader@@QBEJXZ
?PreexistedScanFinished@CvfSupplementalFileData@@SA_NXZ
?TargetType@CvfTargetInfoFile@@UBE?AW4EvfPolicyTarget@@XZ
?QueryVersionInfoProvider@CvfTargetInfoFile@@UBEPBVIvfVersionInfoProvider@@XZ
?QueryOwnerProvider@CvfTargetInfoFile@@UBEPBVIvfOwnerProvider@@XZ
?QueryPublisherProvider@CvfTargetInfoFile@@UBEPBVIvfPublisherProvider@@XZ
?QueryHashProvider@CvfTargetInfoFile@@UBEPBVIvfHashProvider@@XZ
?QueryPathProvider@CvfTargetInfoFile@@UBEPBVIvfPathProvider@@XZ
?IsTargetInfoFile@CvfTargetInfoFile@@UBE_NXZ
?GetEffectiveTarget@CvfTargetInfo@@UAEAAV1@XZ
?IsTargetInfoUacCOM@CvfTargetInfo@@UBE_NXZ
?IsTargetInfoProcess@CvfTargetInfo@@UBE_NXZ
?IsTargetInfoActiveX@CvfTargetInfo@@UBE_NXZ
?IsTargetInfoElevator@CvfTargetInfo@@UBE_NXZ
?CopyPayloadToProcessByPid@CvfProcessPayload@@SA_NKPB_WPAXK@Z
?GetHashStringUsing@CvfFileHash@@SA_NPAXPB_WAAVCvfUtilStr@@@Z
?OnDemandElevationRequested@CvfTargetInfo@@QBE_NXZ
?VfUtil_MatchHash@@YA_NABVIvfHashProvider@@PB_W1_J@Z
?ExpandEnvStringsForUser@CvfUserEnvMap@@SA_NPAXPB_WAAVCvfUtilStr@@@Z
??0SvfTriggerPolicyShortInfo@@QAE@ABUSvfTokenPolicyData@@@Z
?CallerPid@CvfTargetInfoFile@@QBEKXZ
?Clsid@CvfTargetInfoActiveX@@QBEABU_GUID@@XZ
?CodeURL@CvfTargetInfoActiveX@@QBEPB_WXZ
?MimeType@CvfTargetInfoActiveX@@QBEPB_WXZ
?VfUtil_MatchWindowsFile@@YA_NABVCvfTargetInfoFile@@ABUSvfMatchWinFileParams@@@Z
?VfUtil_MatchFileVersionInfo@@YA_NABVIvfVersionInfoProvider@@PB_W1_NW4EvfStrCompareAs@@@Z
?VfUtil_GetVfHostPath@@YAPB_WW4EvfImageType@@@Z
?IsClsidInUserHive@CvfTargetInfoUacCOM@@QBE_NXZ
?VfUtil_ParseRegPath@@YAPB_WPB_WAAPAUHKEY__@@@Z
?GetDebugString@SvfTokenPolicyData@@QBEPB_WAAV?$CStringT@_WV?$StrTraitATL@_WV?$ChTraitsCRT@_W@ATL@@@ATL@@@ATL@@@Z
?Version@CvfTargetInfoActiveX@@QBEABUSvfVersion@@XZ
?CleanCacheFileName@CvfTargetInfoActiveX@@QBEPB_WXZ
?Url@CvfTargetInfoElevator@@QBEPB_WXZ
?Clsid@CvfTargetInfoUacCOM@@QBEABU_GUID@@XZ
?AdminTaskId@CvfTargetInfoUacCOM@@QBE?AW4EvfAdminTaskId@@XZ
?AdminTaskId@CvfTargetInfoElevator@@QBE?AW4EvfAdminTaskId@@XZ
?VfUtil_GetFileLocationType@@YAPB_WPAXPB_W@Z
?VfUtil_GetFileLocationType@@YAPB_WABVIvfPathProvider@@@Z
?GetMsiInfo@CvfTargetInfoFile@@QBEPB_WPB_W@Z
?ToXml@CvfFileOrigin@@QBE_NAAV?$CStringT@_WV?$StrTraitATL@_WV?$ChTraitsCRT@_W@ATL@@@ATL@@@ATL@@_N1@Z
?VfUtil_GetProcessImagePathAndCmdLine@@YA_NKAAVCvfUtilStr@@0@Z
?InstallTime@CvfFileSrcInstaller@@QBE_KXZ
?Hash@CvfFileSrcFile@@QBEABVCvfUtilStr@@XZ
?File@CvfFileOrigin@@QBEABVCvfFileSrcFile@@XZ
?File@CvfFileOrigin@@QAEAAVCvfFileSrcFile@@XZ
?LastError@CvfSupplementalFileData@@QBEKXZ
?m_thePreexisted@CvfFileOrigin@@2V1@B
?IsElevatorType@CvfTargetInfoElevator@@QBE_NW4EvfElevatorType@@@Z
?Fill@CvfFileSrcFile@@QAE_NAAVCvfTargetInfoFile@@@Z
??0CvfSupplementalFileData@@QAE@ABVCvfFileOrigin@@@Z
?ToFile@CvfSupplementalFileData@@QAE_NPB_WPAX@Z
?ReadScanFinishedFlag@CvfSupplementalFileData@@SA_NXZ
?GetCallerProcessInfo@CvfTargetInfoFile@@QAEPAVCvfTargetInfoProcess@@XZ
?GetSourcePath@CvfFileSrcInstaller@@QBEPB_WXZ
?GetMainSourceType@CvfFileSrcInstaller@@QBE?AW4EvfType@CvfFileSrcType@@XZ
?IsPackageType@CvfFileSrcPackage@@QBE_NPB_W@Z
?VfUtil_MatchFileOwner@@YA_NAAVIvfOwnerProvider@@ABVCSid@ATL@@@Z
?Contains@CvfVersionRange@@QBE_NABUSvfVersion@@@Z
?VfUtil_MatchFilenameAndHash@@YA_NABVIvfHashProvider@@PB_WW4EvfStrCompareAs@@11_J@Z
?ExpandCommonEnvStringsOnly@CvfUserEnvMap@@SA_NPB_WAAVCvfUtilStr@@@Z
?_SetScanFinished@CvfSupplementalFileData@@CA_N_N@Z
?VfUtil_MatchFileMsiInfo@@YA_NABVCvfTargetInfoFile@@PB_W1_NW4EvfStrCompareAs@@@Z
?VfUtil_MatchFileLocation@@YA_NABVIvfPathProvider@@PB_W1_N@Z
?VfUtil_MatchBitmask@@YA_NKKW4EvfBitmaskCompareAs@@@Z
?FilePath2TargetType@CvfTargetInfoFile@@SA?AW4EvfPolicyTarget@@PB_W@Z
?VfUtilProcMap_GetProcParamsForNetAccess@@YA_NKAAV?$CStringT@_WV?$StrTraitATL@_WV?$ChTraitsCRT@_W@ATL@@@ATL@@@ATL@@0AA_K@Z
?IsDefaultPolicy@SvfTriggerPolicyShortInfo@@QBE_NXZ
??0CvfTargetInfoActiveX@@QAE@ABVCvfConsentData@@@Z
?_m_theInsideAgent@CvfBlFlAcAl@@0_NA
??0CvfTargetInfoFile@@QAE@ABVCvfConsentData@@@Z
??0CvfTargetInfoUacCOM@@QAE@ABVCvfConsentDataCOM@@K@Z
??1CvfTargetInfoUacCOM@@UAE@XZ
?ParentTid@CvfTargetInfoProcess@@QBEKXZ
?VfUtil_IsSipPath@@YA_NPB_W@Z
?GetProperty@CvfRemovableMedia@@QBE_NPB_WAAVCvfUtilStr@@@Z
?IsLocationType@CvfFileSrcCopyData@@QBE_NPB_W@Z
shlwapi
PathIsRelativeW
UrlCanonicalizeA
PathFindOnPathW
PathFindFileNameW
PathRemoveFileSpecW
PathRelativePathToW
StrStrIW
PathIsPrefixW
PathFileExistsW
PathAddBackslashW
PathUnquoteSpacesW
StrCmpW
StrCpyNW
StrStrW
PathRemoveExtensionW
StrCmpIW
PathAppendW
ord487
PathRenameExtensionW
PathFindExtensionW
PathRemoveBackslashW
PathIsDirectoryW
StrCpyW
PathSearchAndQualifyW
PathIsFileSpecW
userenv
GetAllUsersProfileDirectoryW
GetProfilesDirectoryW
GetDefaultUserProfileDirectoryW
DestroyEnvironmentBlock
CreateEnvironmentBlock
ExpandEnvironmentStringsForUserW
LoadUserProfileW
UnloadUserProfile
bcrypt
BCryptImportKeyPair
BCryptCloseAlgorithmProvider
BCryptExportKey
BCryptGenRandom
BCryptOpenAlgorithmProvider
BCryptGenerateKeyPair
BCryptDecrypt
BCryptDeriveKeyCapi
BCryptGenerateSymmetricKey
BCryptCreateHash
BCryptSetProperty
BCryptHashData
BCryptFinalizeKeyPair
BCryptFinishHash
BCryptGetProperty
BCryptDeriveKeyPBKDF2
BCryptEncrypt
BCryptDestroyKey
BCryptDestroyHash
ws2_32
WSAStartup
WSAGetLastError
gethostbyaddr
gethostbyname
accept
bind
closesocket
WSASend
getsockname
listen
WSACloseEvent
WSACreateEvent
WSASocketW
getaddrinfo
inet_addr
shutdown
setsockopt
ioctlsocket
freeaddrinfo
WSAEnumNetworkEvents
WSARecv
connect
ntohs
WSAEventSelect
WSACleanup
htonl
inet_ntoa
GetAddrInfoW
ntohl
FreeAddrInfoW
iphlpapi
GetNetworkParams
Icmp6ParseReplies
IcmpSendEcho2
GetIfTable
Icmp6CreateFile
Icmp6SendEcho2
IcmpCreateFile
IcmpCloseHandle
IcmpSendEcho
GetPerAdapterInfo
GetAdaptersInfo
GetAdaptersAddresses
GetIpAddrTable
IcmpParseReplies
wtsapi32
WTSFreeMemory
WTSEnumerateSessionsW
WTSQueryUserToken
WTSQuerySessionInformationW
WTSLogoffSession
WTSEnumerateProcessesW
WTSSendMessageW
msi
ord181
ord70
ord246
ord41
ord118
ord173
ord159
ord94
ord34
ord92
ord74
ord160
ord8
ord80
ord116
ord158
ord20
ord32
ord37
ord45
ord179
fltlib
FilterFindFirst
FilterSendMessage
FilterConnectCommunicationPort
FilterUnload
FilterLoad
FilterGetDosName
FilterFindNext
FilterFindClose
activeds
ord4
ord13
ord9
ord3
mpr
WNetGetConnectionW
WNetEnumResourceW
WNetOpenEnumW
WNetCancelConnection2W
WNetCloseEnum
WNetAddConnection3W
WNetGetResourceInformationW
WNetAddConnection2W
winhttp
WinHttpWriteData
WinHttpSetTimeouts
WinHttpQueryDataAvailable
WinHttpReceiveResponse
WinHttpAddRequestHeaders
WinHttpDetectAutoProxyConfigUrl
WinHttpReadData
WinHttpOpenRequest
WinHttpSetOption
WinHttpCloseHandle
WinHttpSendRequest
WinHttpSetStatusCallback
WinHttpConnect
WinHttpQueryHeaders
WinHttpOpen
WinHttpGetIEProxyConfigForCurrentUser
WinHttpGetProxyForUrl
WinHttpCrackUrl
WinHttpGetDefaultProxyConfiguration
crypt32
CryptProtectMemory
CryptUnprotectData
CryptProtectData
CertCloseStore
CryptUnprotectMemory
CertFreeCertificateContext
CertOpenStore
CertFindCertificateInStore
netapi32
NetLocalGroupAddMembers
NetLocalGroupDelMembers
NetUserModalsGet
NetUserAdd
NetUserDel
NetApiBufferFree
NetUserGetInfo
NetLocalGroupGetMembers
DsGetDcNameW
NetLocalGroupEnum
NetGetJoinInformation
NetQueryDisplayInformation
powrprof
SetSuspendState
wininet
InternetCanonicalizeUrlW
InternetGetCookieExW
HttpOpenRequestW
InternetQueryOptionW
InternetQueryDataAvailable
InternetReadFile
InternetSetOptionW
InternetConnectW
InternetCloseHandle
HttpSendRequestW
HttpSendRequestExW
HttpEndRequestW
InternetCrackUrlW
InternetSetCookieW
HttpQueryInfoW
InternetGetCookieW
InternetOpenW
InternetSetStatusCallbackW
InternetWriteFile
setupapi
SetupInitDefaultQueueCallback
InstallHinfSectionW
SetupTermDefaultQueueCallback
SetupInstallServicesFromInfSectionW
CM_Locate_DevNodeW
CM_Get_Sibling
CM_Get_Device_IDW
CM_Get_Child
SetupOpenInfFileW
SetupCloseInfFile
SetupInstallFilesFromInfSectionW
SetupDefaultQueueCallbackW
SetupInstallFromInfSectionW
SetupOpenFileQueue
SetupCloseFileQueue
SetupCommitFileQueueW
secur32
LsaFreeReturnBuffer
DecryptMessage
InitSecurityInterfaceW
LsaEnumerateLogonSessions
TranslateNameW
LsaGetLogonSessionData
version
VerQueryValueW
Sections
.text Size: 6.1MB - Virtual size: 6.1MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 1.5MB - Virtual size: 1.5MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 45KB - Virtual size: 139KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 16KB - Virtual size: 16KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 517KB - Virtual size: 516KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ