D:\pulse\recipes\379847155\base\googleclient\total_recall\build\release\obj\startup\trmon\dll\GoogleServices.pdb
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
407236537f5df7402e7e9201644f43d3_JaffaCakes118.dll
Resource
win7-20240903-en
windows7-x64
2 signatures
150 seconds
Behavioral task
behavioral2
Sample
407236537f5df7402e7e9201644f43d3_JaffaCakes118.dll
Resource
win10v2004-20241007-en
windows10-2004-x64
2 signatures
150 seconds
General
-
Target
407236537f5df7402e7e9201644f43d3_JaffaCakes118
-
Size
2.1MB
-
MD5
407236537f5df7402e7e9201644f43d3
-
SHA1
8768980632e3794c217935adbe83ff7798622b43
-
SHA256
c7af8f3808693f3f2d3512a24f98ceb03d28fafa2c5653905baa54af06722f3c
-
SHA512
dd990419f50d227bdfc787a84a8e348a27e0ef318269f9c3aa6035f67e8e8c54c11cc4bcac38fc76702893df7daa8e213c40001f58ec28254a3baf9b5d290350
-
SSDEEP
49152:z/cUgpKenBOmHlroBpeE7D/jWWq5knNxMp/x/GcFi5MIFecrOHoQFknGBVoiKFcI:Tc1wenBO6lqpeErWR5knNxuxZFsMoec/
Score
3/10
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 407236537f5df7402e7e9201644f43d3_JaffaCakes118
Files
-
407236537f5df7402e7e9201644f43d3_JaffaCakes118.dll windows:4 windows x86 arch:x86
2497123f62235e2c8d8dad4abf4cd7b1
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
PDB Paths
Imports
googledesktopcommon
?ToString@Url@@QBE?AV?$CStringT@_WV?$StrTraitATL@_WV?$ChTraitsOS@_W@ATL@@@ATL@@@ATL@@_N@Z
?SetExtraInfo@Url@@QAE_NPB_W@Z
?CheckAcceptedCn@@YGHPAXPBD@Z
?CreateFastFingerprint32@@YGIPBEH@Z
?ExtractProxy@proxy_auth_hack@@YG?AV?$CStringT@_WV?$StrTraitATL@_WV?$ChTraitsOS@_W@ATL@@@ATL@@@ATL@@ABV23@_N@Z
?GetProxyCredentials@proxy_auth_hack@@YG_N_N0ABV?$CStringT@_WV?$StrTraitATL@_WV?$ChTraitsOS@_W@ATL@@@ATL@@@ATL@@PAV23@2@Z
?EncodeByteStream@@YG?AV?$CStringT@_WV?$StrTraitATL@_WV?$ChTraitsOS@_W@ATL@@@ATL@@@ATL@@PBEI@Z
?UnencodeToByteStream@@YGJPB_WPAEPAI@Z
?CrackLink@Url@@QAE_NPB_W@Z
?IsInternalUrl@Url@@SG_NPB_W@Z
?RecordDefaultIeHomepageInstalled@rlz_utils@@YG_NXZ
?ExpandParameter@rlz_utils@@YG?AV?$CStringT@_WV?$StrTraitATL@_WV?$ChTraitsOS@_W@ATL@@@ATL@@@ATL@@ABV23@W4AccessPoint@rlz_lib@@@Z
?RecordDefaultIeSearchInstalled@rlz_utils@@YG_NXZ
?RecordAccessPointsInstalled@rlz_utils@@YG_NXZ
?CrackFileName@Url@@QAE_NPB_W@Z
?AbbreviateForDisplay@Url@@QAEHH@Z
?IsAcceptableAutoRecPhotoUrl@Url@@SG_NABV?$CStringT@_WV?$StrTraitATL@_WV?$ChTraitsOS@_W@ATL@@@ATL@@@ATL@@@Z
?IsPhotoUrl@Url@@SG_NPB_W@Z
?ComposeAbsoluteUrl@Url@@QBE?AV?$CStringT@_WV?$StrTraitATL@_WV?$ChTraitsOS@_W@ATL@@@ATL@@@ATL@@ABV23@@Z
?IntFlagExists@shared_data@@YG_NW4IntSharedFlags@1@@Z
?Canonicalize@Url@@SG_NPAV?$CStringT@_WV?$StrTraitATL@_WV?$ChTraitsOS@_W@ATL@@@ATL@@@ATL@@@Z
?IsValidUrl@Url@@SG_NPB_W@Z
?GetCodePageFromHTMLWithDefault@@YGHPBDH@Z
?IsTopLevelWebpage@Url@@QBE_NXZ
?GetGoogleTLD@@YG?AV?$CStringT@_WV?$StrTraitATL@_WV?$ChTraitsOS@_W@ATL@@@ATL@@@ATL@@ABV12@@Z
?GenerateOneboxGoogleUrl@@YG?AV?$CStringT@_WV?$StrTraitATL@_WV?$ChTraitsOS@_W@ATL@@@ATL@@@ATL@@PB_W0@Z
?GetUrlSignerSecurityToken@@YG?AV?$CStringT@_WV?$StrTraitATL@_WV?$ChTraitsOS@_W@ATL@@@ATL@@@ATL@@ABV12@@Z
?GenTimedQueryUrlNoSign@@YG?AV?$CStringT@_WV?$StrTraitATL@_WV?$ChTraitsOS@_W@ATL@@@ATL@@@ATL@@_K0IIIABV12@@Z
?AddEmailModifiersUrlNoSign@@YG?AV?$CStringT@_WV?$StrTraitATL@_WV?$ChTraitsOS@_W@ATL@@@ATL@@@ATL@@ABV12@PB_W1@Z
?GenPreviewUrl@@YG?AV?$CStringT@_WV?$StrTraitATL@_WV?$ChTraitsOS@_W@ATL@@@ATL@@@ATL@@IW4SchemaId@@ABV12@@Z
?GenTimedQueryUrl@@YG?AV?$CStringT@_WV?$StrTraitATL@_WV?$ChTraitsOS@_W@ATL@@@ATL@@@ATL@@_K0IIIABV12@@Z
?CreateFastFingerprint32@@YGIPB_W@Z
?GenIMUrl@@YG?AV?$CStringT@_WV?$StrTraitATL@_WV?$ChTraitsOS@_W@ATL@@@ATL@@@ATL@@ABV12@@Z
?IsSearchPage@Url@@SG_NPB_W@Z
?IsGoogleSearchPage@Url@@SG_NPB_W@Z
?GenDeleteUrlEx@@YG?AV?$CStringT@_WV?$StrTraitATL@_WV?$ChTraitsOS@_W@ATL@@@ATL@@@ATL@@IIABV12@@Z
?GenEmailActionUrl@@YG?AV?$CStringT@_WV?$StrTraitATL@_WV?$ChTraitsOS@_W@ATL@@@ATL@@@ATL@@HABV12@_W@Z
?MakeUrlsClickable@Url@@SG?AV?$CStringT@_WV?$StrTraitATL@_WV?$ChTraitsOS@_W@ATL@@@ATL@@@ATL@@ABV23@@Z
?GenThreadUrl@@YG?AV?$CStringT@_WV?$StrTraitATL@_WV?$ChTraitsOS@_W@ATL@@@ATL@@@ATL@@IIIIABV12@@Z
?GenThreadUrlNoSign@@YG?AV?$CStringT@_WV?$StrTraitATL@_WV?$ChTraitsOS@_W@ATL@@@ATL@@@ATL@@IIIIABV12@@Z
?GenVersionsUrlNoSign@@YG?AV?$CStringT@_WV?$StrTraitATL@_WV?$ChTraitsOS@_W@ATL@@@ATL@@@ATL@@IIIIABV12@@Z
?GenHomepageUrlParam@@YG?AV?$CStringT@_WV?$StrTraitATL@_WV?$ChTraitsOS@_W@ATL@@@ATL@@@ATL@@ABV12@@Z
?ParseFileUrl@@YG_NABV?$CStringT@_WV?$StrTraitATL@_WV?$ChTraitsOS@_W@ATL@@@ATL@@@ATL@@PAV12@PAIPAW4SchemaId@@1@Z
?IsGdUrl@@YG_NPB_WPA_N111PAV?$CStringT@_WV?$StrTraitATL@_WV?$ChTraitsOS@_W@ATL@@@ATL@@@ATL@@_N@Z
?GenRedirBrowserUrl@@YG?AV?$CStringT@_WV?$StrTraitATL@_WV?$ChTraitsOS@_W@ATL@@@ATL@@@ATL@@ABV12@@Z
?GenVersionsUrl@@YG?AV?$CStringT@_WV?$StrTraitATL@_WV?$ChTraitsOS@_W@ATL@@@ATL@@@ATL@@IIIIABV12@@Z
?GenSetHomepageUrl@@YG?AV?$CStringT@_WV?$StrTraitATL@_WV?$ChTraitsOS@_W@ATL@@@ATL@@@ATL@@XZ
?GenUnsupportedBrowserUrl@@YG?AV?$CStringT@_WV?$StrTraitATL@_WV?$ChTraitsOS@_W@ATL@@@ATL@@@ATL@@ABV12@@Z
?GenDeleteUrl@@YG?AV?$CStringT@_WV?$StrTraitATL@_WV?$ChTraitsOS@_W@ATL@@@ATL@@@ATL@@XZ
?GenSetPrefsUrl@@YG?AV?$CStringT@_WV?$StrTraitATL@_WV?$ChTraitsOS@_W@ATL@@@ATL@@@ATL@@XZ
?GenFileUrlNoSign@@YG?AV?$CStringT@_WV?$StrTraitATL@_WV?$ChTraitsOS@_W@ATL@@@ATL@@@ATL@@ABV12@IW4SchemaId@@0@Z
?GenSetWidthUrl@@YG?AV?$CStringT@_WV?$StrTraitATL@_WV?$ChTraitsOS@_W@ATL@@@ATL@@@ATL@@XZ
?GenQueryUrlAppendString@@YG?AV?$CStringT@_WV?$StrTraitATL@_WV?$ChTraitsOS@_W@ATL@@@ATL@@@ATL@@IIIABV12@PB_W@Z
?GenUrl@@YG?AV?$CStringT@_WV?$StrTraitATL@_WV?$ChTraitsOS@_W@ATL@@@ATL@@@ATL@@ABV12@@Z
?GenTimeUrl@@YG?AV?$CStringT@_WV?$StrTraitATL@_WV?$ChTraitsOS@_W@ATL@@@ATL@@@ATL@@II_KHABV12@@Z
?SignUrl@@YG?AV?$CStringT@_WV?$StrTraitATL@_WV?$ChTraitsOS@_W@ATL@@@ATL@@@ATL@@ABV12@@Z
?UrlEncode@Url@@SGHPB_WPA_WH@Z
?GenRedirUrl@@YG?AV?$CStringT@_WV?$StrTraitATL@_WV?$ChTraitsOS@_W@ATL@@@ATL@@@ATL@@ABV12@W4DisplayComponentId@@I0W4SchemaId@@@Z
?HasFileProtocol@Url@@SG_NPB_W@Z
?GenDeleteDatabaseUrl@@YG?AV?$CStringT@_WV?$StrTraitATL@_WV?$ChTraitsOS@_W@ATL@@@ATL@@@ATL@@XZ
?GenCustomActionUrl@@YG?AV?$CStringT@_WV?$StrTraitATL@_WV?$ChTraitsOS@_W@ATL@@@ATL@@@ATL@@HHABV12@0I@Z
?ValidateUrlHash@@YG_NABV?$CStringT@_WV?$StrTraitATL@_WV?$ChTraitsOS@_W@ATL@@@ATL@@@ATL@@_NPAV12@@Z
?IsHomepage@@YG_NPAV?$CStringT@_WV?$StrTraitATL@_WV?$ChTraitsOS@_W@ATL@@@ATL@@@ATL@@@Z
?SetAsHomepage@@YGJABV?$CStringT@_WV?$StrTraitATL@_WV?$ChTraitsOS@_W@ATL@@@ATL@@@ATL@@@Z
?GenThumbnailUrl@@YG?AV?$CStringT@_WV?$StrTraitATL@_WV?$ChTraitsOS@_W@ATL@@@ATL@@@ATL@@ABV12@@Z
?GenIconUrl@@YG?AV?$CStringT@_WV?$StrTraitATL@_WV?$ChTraitsOS@_W@ATL@@@ATL@@@ATL@@ABV12@@Z
?GenCacheUrl@@YG?AV?$CStringT@_WV?$StrTraitATL@_WV?$ChTraitsOS@_W@ATL@@@ATL@@@ATL@@IW4SchemaId@@ABV12@@Z
?ResetStatsAfterPing@StatusStore@@QAEXXZ
?GetStrForAllStatsTotalAndSlp@StatusStore@@QBE?AV?$CStringT@_WV?$StrTraitATL@_WV?$ChTraitsOS@_W@ATL@@@ATL@@@ATL@@XZ
?GetPingParams@rlz_utils@@YG_NPA_WK@Z
?IncrementStat@StatusStore@@QAEJW4StatId@@ABV?$CStringT@_WV?$StrTraitATL@_WV?$ChTraitsOS@_W@ATL@@@ATL@@@ATL@@H@Z
?InitUrlHashValidator@@YGXXZ
?GenerateGdsSearchUrl@@YGXABV?$CStringT@_WV?$StrTraitATL@_WV?$ChTraitsOS@_W@ATL@@@ATL@@@ATL@@PAV12@@Z
?GetPreferredLanguage@@YG?AV?$CStringT@_WV?$StrTraitATL@_WV?$ChTraitsOS@_W@ATL@@@ATL@@@ATL@@XZ
?DownloadSingleFileCancelable@@YGJPB_W0HKPAKPBD@Z
?Qsort@@YGXPAXIIP6GHPBX1@Z@Z
?CancelDownload@@YGJPAK@Z
?GetCharsetFromMetaTag@@YG_NABV?$CStringT@DV?$StrTraitATL@DV?$ChTraitsOS@D@ATL@@@ATL@@@ATL@@PAV?$CStringT@_WV?$StrTraitATL@_WV?$ChTraitsOS@_W@ATL@@@ATL@@@2@@Z
?IsUrl@Url@@SG_NPB_W@Z
?ApplyHttpScheme@Url@@SG?AV?$CStringT@_WV?$StrTraitATL@_WV?$ChTraitsOS@_W@ATL@@@ATL@@@ATL@@PB_W@Z
?FindDomainStem@Url@@SG?AV?$CStringT@_WV?$StrTraitATL@_WV?$ChTraitsOS@_W@ATL@@@ATL@@@ATL@@ABV23@@Z
?IncrementStat@StatusStore@@QAEJW4StatId@@ABV?$CStringT@_WV?$StrTraitATL@_WV?$ChTraitsOS@_W@ATL@@@ATL@@@ATL@@@Z
?RecordAccessPointFirstSearch@rlz_utils@@YG_NW4AccessPoint@rlz_lib@@PBVSearchItem@@@Z
?GetParameter@rlz_utils@@YG?AV?$CStringT@_WV?$StrTraitATL@_WV?$ChTraitsOS@_W@ATL@@@ATL@@@ATL@@W4AccessPoint@rlz_lib@@@Z
?SendFinancialPing@rlz_utils@@YG_NXZ
?GetStat@StatusStore@@QBEJW4StatId@@ABV?$CStringT@_WV?$StrTraitATL@_WV?$ChTraitsOS@_W@ATL@@@ATL@@@ATL@@_NPA_NPAH@Z
?SetStat@StatusStore@@QAEJW4StatId@@ABV?$CStringT@_WV?$StrTraitATL@_WV?$ChTraitsOS@_W@ATL@@@ATL@@@ATL@@H@Z
?GenQueryUrl@@YG?AV?$CStringT@_WV?$StrTraitATL@_WV?$ChTraitsOS@_W@ATL@@@ATL@@@ATL@@IIIABV12@@Z
?CommonDllShutdownNetworkListManager@@YGXXZ
?GenSearchUrl@@YG?AV?$CStringT@_WV?$StrTraitATL@_WV?$ChTraitsOS@_W@ATL@@@ATL@@@ATL@@XZ
?GenerateGdsHomeUrl@@YGXPAV?$CStringT@_WV?$StrTraitATL@_WV?$ChTraitsOS@_W@ATL@@@ATL@@@ATL@@@Z
?GetHostName@Url@@QBEPB_WXZ
?GetUrlPath@Url@@QBEPB_WXZ
?GetExtraInfo@Url@@QBEPB_WXZ
?GetPortNumber@Url@@QBEGXZ
?RawInetGet@@YGHABV?$CStringT@_WV?$StrTraitATL@_WV?$ChTraitsOS@_W@ATL@@@ATL@@@ATL@@G0PAXKPB_WPAPAEKPAKPAV12@KKKK2PBD@Z
??0BrowserLauncher@@QAE@XZ
?GenHomepageUrl@@YG?AV?$CStringT@_WV?$StrTraitATL@_WV?$ChTraitsOS@_W@ATL@@@ATL@@@ATL@@XZ
?GenAboutUrl@@YG?AV?$CStringT@_WV?$StrTraitATL@_WV?$ChTraitsOS@_W@ATL@@@ATL@@@ATL@@XZ
?GenStatusUrl@@YG?AV?$CStringT@_WV?$StrTraitATL@_WV?$ChTraitsOS@_W@ATL@@@ATL@@@ATL@@XZ
?GenPrivacyUrl@@YG?AV?$CStringT@_WV?$StrTraitATL@_WV?$ChTraitsOS@_W@ATL@@@ATL@@@ATL@@XZ
?GenRecrawlUrl@@YG?AV?$CStringT@_WV?$StrTraitATL@_WV?$ChTraitsOS@_W@ATL@@@ATL@@@ATL@@XZ
?GenSetPasswordUrl@@YG?AV?$CStringT@_WV?$StrTraitATL@_WV?$ChTraitsOS@_W@ATL@@@ATL@@@ATL@@XZ
?GenPrefsUrl@@YG?AV?$CStringT@_WV?$StrTraitATL@_WV?$ChTraitsOS@_W@ATL@@@ATL@@@ATL@@XZ
?GenPrefsUrlParam@@YG?AV?$CStringT@_WV?$StrTraitATL@_WV?$ChTraitsOS@_W@ATL@@@ATL@@@ATL@@ABV12@@Z
?GenHistoryUrl@@YG?AV?$CStringT@_WV?$StrTraitATL@_WV?$ChTraitsOS@_W@ATL@@@ATL@@@ATL@@XZ
?GenerateGoogleUrl@@YG?AV?$CStringT@_WV?$StrTraitATL@_WV?$ChTraitsOS@_W@ATL@@@ATL@@@ATL@@ABV12@@Z
??1BrowserLauncher@@QAE@XZ
?Launch@BrowserLauncher@@QAE_NPB_W_N1@Z
?IsMachineConnected@@YGJ_N@Z
?InetGet@@YGHABV?$CStringT@_WV?$StrTraitATL@_WV?$ChTraitsOS@_W@ATL@@@ATL@@@ATL@@G0PAXKPB_WPAV12@3KKKK2PBD@Z
?IsHostGoogleWWW@@YG_NABV?$CStringT@_WV?$StrTraitATL@_WV?$ChTraitsOS@_W@ATL@@@ATL@@@ATL@@PA_N@Z
?DownloadSingleFile@@YGJPB_W0H_NPBD@Z
?CreateFingerprint@@YG_KPBEI@Z
?CreateFingerprint32@@YGIPBEI@Z
?SetIntFlag@shared_data@@YGXW4IntSharedFlags@1@H@Z
?IsPopAccountAllowed@group_policy@@YG_NPB_W@Z
?GetSetting@SettingBase@group_policy@@IBEJPAV?$CAtlList@V?$CStringT@_WV?$StrTraitATL@_WV?$ChTraitsOS@_W@ATL@@@ATL@@@ATL@@V?$CElementTraits@V?$CStringT@_WV?$StrTraitATL@_WV?$ChTraitsOS@_W@ATL@@@ATL@@@ATL@@@2@@ATL@@PA_N@Z
?GetPreferredDomain@@YG?AV?$CStringT@_WV?$StrTraitATL@_WV?$ChTraitsOS@_W@ATL@@@ATL@@@ATL@@XZ
?GetSetting@SettingBase@group_policy@@IBEJPA_N0@Z
?GetSetting@SettingBase@group_policy@@IBEJPAV?$CStringT@_WV?$StrTraitATL@_WV?$ChTraitsOS@_W@ATL@@@ATL@@@ATL@@PA_N@Z
?GetSetting@SettingBase@group_policy@@IBEJPAKPA_N@Z
?GetGlobalStatusStore@@YGPAVStatusStore@@XZ
?IncrementStat@StatusStore@@QAEJW4StatId@@@Z
?GetIntFlag@shared_data@@YGHW4IntSharedFlags@1@@Z
?IsPolicyControlled@SettingBase@group_policy@@QBE_NXZ
?GetScheme@Url@@QBE?AW4UrlScheme@1@XZ
??0Url@@QAE@XZ
?CrackUrl@Url@@QAE_NPB_W@Z
??1Url@@QAE@XZ
?IsBoolOptionSet@group_policy@@YG_NABV?$Setting@_N@1@@Z
?AppendInformationToUrl@@YGXPAV?$CStringT@_WV?$StrTraitATL@_WV?$ChTraitsOS@_W@ATL@@@ATL@@@ATL@@K@Z
?GetSafeFilename@@YG?AV?$CStringT@_WV?$StrTraitATL@_WV?$ChTraitsOS@_W@ATL@@@ATL@@@ATL@@ABVUrl@@_N@Z
?InetGetSimpleNoResponse@@YGJPB_WG0PAXI0@Z
?GetDomain@Url@@QBEPB_WXZ
kernel32
SetLastError
CloseHandle
SizeofResource
LockResource
LoadResource
FindResourceW
FindResourceExW
LeaveCriticalSection
GetStringTypeExA
SetThreadExecutionState
CreateFileMappingA
GetProcessTimes
FreeConsole
RaiseException
SetInformationJobObject
CreateJobObjectW
ReadDirectoryChangesW
CancelIo
TlsSetValue
TlsAlloc
TlsGetValue
EnterCriticalSection
GetCurrentProcessId
lstrcpynW
ExitProcess
Sleep
GetLastError
DisableThreadLibraryCalls
InterlockedDecrement
InterlockedIncrement
AssignProcessToJobObject
InterlockedCompareExchange
GetCurrentThread
lstrcmpW
GetEnvironmentVariableW
ReadFile
SetFilePointer
GetFileSize
FlushFileBuffers
CreateFileW
CreateDirectoryW
GetProcAddress
LoadLibraryW
GetCurrentProcess
GetCurrentThreadId
GetCommandLineW
ReadProcessMemory
OpenProcess
lstrlenW
SetUnhandledExceptionFilter
SetErrorMode
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
HeapDestroy
GetVersionExA
RtlUnwind
lstrcmpiA
HeapSize
HeapReAlloc
HeapFree
GetProcessHeap
HeapAlloc
TerminateProcess
SetEnvironmentVariableW
SetProcessShutdownParameters
QueryPerformanceFrequency
QueryPerformanceCounter
ExitThread
OpenMutexW
GlobalFree
VirtualAlloc
VirtualProtect
VirtualFree
LoadLibraryExW
GetVersionExW
QueueUserWorkItem
QueueUserAPC
GetThreadPriority
TerminateThread
GetCurrentDirectoryA
CreateDirectoryA
DosDateTimeToFileTime
CreateFileA
GetFileType
GetLogicalDriveStringsW
GetDriveTypeW
GetExitCodeProcess
CreateThread
CreateRemoteThread
GetExitCodeThread
GetModuleFileNameW
VirtualQuery
GetLongPathNameW
GetShortPathNameW
GetComputerNameW
GetTempPathW
GetStringTypeW
lstrcmpiW
lstrcpynA
lstrlenA
GetStringTypeExW
MultiByteToWideChar
IsProcessorFeaturePresent
GetPrivateProfileStringW
GetTimeFormatW
GetUserDefaultLangID
GlobalSize
SetCurrentDirectoryW
InterlockedExchangeAdd
GetFileTime
CreateWaitableTimerW
SetWaitableTimer
CancelWaitableTimer
GlobalAlloc
GlobalLock
GlobalUnlock
GetTempFileNameW
GetThreadContext
GetSystemInfo
lstrcpyW
CompareStringW
GlobalDeleteAtom
GlobalAddAtomW
GlobalFindAtomW
MulDiv
FlushInstructionCache
WideCharToMultiByte
LocalFree
OpenEventW
MoveFileExW
SetFileAttributesW
GetFileAttributesW
DeleteFileW
LocalAlloc
LoadLibraryA
WriteProcessMemory
DuplicateHandle
VirtualFreeEx
VirtualAllocEx
GetSystemTime
GetNumberFormatW
IsValidLanguageGroup
GetLocaleInfoW
GetUserDefaultLCID
GetUserDefaultUILanguage
GetSystemDefaultUILanguage
FileTimeToLocalFileTime
GetLocalTime
LocalFileTimeToFileTime
SystemTimeToFileTime
lstrcmpA
GetTimeZoneInformation
SystemTimeToTzSpecificLocalTime
SetEndOfFile
GetSystemTimeAsFileTime
SetFileTime
GetFileSizeEx
CompareFileTime
FileTimeToSystemTime
GetOverlappedResult
SetFilePointerEx
SleepEx
DeviceIoControl
SetThreadPriority
GlobalMemoryStatusEx
GetSystemPowerStatus
GetModuleHandleW
SetProcessWorkingSetSize
GetProcessWorkingSetSize
GetDiskFreeSpaceExW
CreateSemaphoreW
ReleaseSemaphore
WaitForMultipleObjects
ResetEvent
SetEvent
TryEnterCriticalSection
ReleaseMutex
WaitForSingleObject
CreateMutexW
GetVolumeInformationW
DeleteCriticalSection
InitializeCriticalSection
MoveFileW
CopyFileW
CreateEventW
GetFileAttributesExW
CreateProcessW
OpenThread
ResumeThread
FreeResource
GetTickCount
FindFirstFileW
FindNextFileW
FindClose
CreateFileMappingW
MapViewOfFile
WaitForMultipleObjectsEx
RemoveDirectoryW
UnmapViewOfFile
WriteFile
FreeLibrary
FormatMessageW
ExpandEnvironmentStringsW
user32
EqualRect
IntersectRect
EndPaint
GetClientRect
BeginPaint
PtInRect
UnionRect
SetFocus
IsChild
GetFocus
InvalidateRect
GetKeyState
PostQuitMessage
MessageBoxW
SetRect
CopyRect
RegisterHotKey
VkKeyScanExW
GetKeyboardLayout
MsgWaitForMultipleObjectsEx
IsIconic
KillTimer
SetCursor
BringWindowToTop
GetWindowRect
SetCapture
ReleaseCapture
FillRect
UnregisterHotKey
DialogBoxParamW
GetMonitorInfoW
MonitorFromRect
RegisterWindowMessageW
GetDesktopWindow
GetAsyncKeyState
GetDoubleClickTime
CallNextHookEx
SetWindowTextW
CheckDlgButton
EnableWindow
EndDialog
IsDlgButtonChecked
SetWindowsHookExW
UnhookWindowsHookEx
DestroyIcon
LoadImageW
GetSystemMetrics
SendDlgItemMessageW
SetDlgItemTextW
GetWindowTextLengthW
MoveWindow
ScreenToClient
MapWindowPoints
GetWindow
ClientToScreen
SetRectEmpty
UpdateWindow
IsWindowEnabled
GetDlgCtrlID
GetCursorPos
DrawFocusRect
GetCapture
CreateDialogParamW
CheckMenuItem
CheckMenuRadioItem
DrawMenuBar
RemoveMenu
AppendMenuW
SetMenuItemInfoW
InsertMenuItemW
CreateAcceleratorTableW
DestroyAcceleratorTable
GetCaretPos
GetGUIThreadInfo
GetSysColorBrush
GetWindowDC
ActivateKeyboardLayout
NotifyWinEvent
TranslateAcceleratorW
SetCaretPos
TrackMouseEvent
CreatePopupMenu
DestroyMenu
GetMenuState
GetMenuItemCount
TrackPopupMenuEx
EnableMenuItem
GetMenuItemID
MapDialogRect
GetDC
GetWindowRgn
InflateRect
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
CopyImage
LoadStringW
RedrawWindow
IsRectEmpty
GetIconInfo
InsertMenuW
GetCursor
TrackPopupMenu
GetMenuItemInfoW
GetMenuDefaultItem
UpdateLayeredWindow
DrawAnimatedRects
OffsetRect
GetScrollBarInfo
HideCaret
InvalidateRgn
ReplyMessage
InSendMessage
MonitorFromPoint
EnumDisplayMonitors
ModifyMenuW
MonitorFromWindow
IsZoomed
DrawIcon
SetActiveWindow
IsMenu
UnhookWinEvent
SetWinEventHook
WindowFromPoint
AttachThreadInput
GetTopWindow
GetMenu
AdjustWindowRectEx
DrawIconEx
GetQueueStatus
ShowCaret
FrameRect
GetDialogBaseUnits
WinHelpW
IsDialogMessageW
SetScrollPos
ShowScrollBar
GetScrollInfo
SetScrollInfo
GetDlgItemInt
SetDlgItemInt
InSendMessageEx
DestroyCursor
SetMenuDefaultItem
GetCaretBlinkTime
LoadMenuW
GetSubMenu
wsprintfW
wvsprintfW
PostMessageW
SendMessageW
FindWindowW
CharLowerW
IsCharUpperW
IsCharLowerW
CharUpperW
GetMenuStringW
DeleteMenu
LoadIconW
UnregisterClassA
WaitForInputIdle
SetTimer
EnumThreadWindows
GetDlgItem
GetWindowInfo
RealGetWindowClassW
GetWindowTextW
GetParent
SetForegroundWindow
IsWindowVisible
GetWindowLongW
GetSysColor
GetMessageW
SetWindowLongW
CallWindowProcW
EnumWindows
EnumChildWindows
GetClassNameW
GetActiveWindow
CharNextA
OpenInputDesktop
GetUserObjectInformationW
IsCharAlphaW
wvsprintfA
IsCharAlphaNumericW
GetWindowThreadProcessId
GetForegroundWindow
IsWindow
FindWindowExW
CharUpperBuffW
CharLowerBuffW
PostThreadMessageW
AllowSetForegroundWindow
DispatchMessageW
TranslateMessage
PeekMessageW
MsgWaitForMultipleObjects
GetLastInputInfo
SystemParametersInfoW
CloseDesktop
ReleaseDC
ShowWindow
CreateWindowExW
RegisterClassExW
DestroyWindow
DefWindowProcW
LoadCursorW
GetClassInfoExW
CharNextW
SendMessageTimeoutW
SetWindowRgn
SetParent
SetWindowPos
DrawTextW
advapi32
OpenThreadToken
RegDeleteKeyW
RegDeleteValueW
RegCloseKey
RegCreateKeyExW
RegOpenKeyExW
RegSetValueExW
RegQueryInfoKeyW
RegEnumKeyExW
RegEnumValueW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
AdjustTokenPrivileges
PrivilegeCheck
LookupPrivilegeValueW
OpenProcessToken
CreateProcessAsUserW
SetTokenInformation
GetLengthSid
ConvertStringSidToSidW
DuplicateTokenEx
EncryptFileW
GetNamedSecurityInfoW
SetFileSecurityW
GetTokenInformation
ConvertSidToStringSidW
LookupAccountSidW
DecryptFileW
CryptGenRandom
AddAce
GetSidSubAuthority
InitializeSid
InitializeAcl
GetSidLengthRequired
SetNamedSecurityInfoW
CryptAcquireContextW
CryptReleaseContext
CopySid
FreeSid
CheckTokenMembership
AllocateAndInitializeSid
RegQueryValueExW
CloseServiceHandle
QueryServiceStatus
OpenServiceW
OpenSCManagerW
IsValidSid
DeregisterEventSource
ReportEventW
RegisterEventSourceW
SetServiceStatus
DeleteService
ControlService
RegisterServiceCtrlHandlerW
CryptSetHashParam
CryptGetHashParam
CryptCreateHash
CryptHashData
CryptDeriveKey
CryptDestroyHash
RegNotifyChangeKeyValue
GetUserNameA
StartServiceCtrlDispatcherW
ChangeServiceConfig2W
ChangeServiceConfigW
CreateServiceW
SetThreadToken
GetAclInformation
GetSecurityDescriptorControl
MakeSelfRelativeSD
MakeAbsoluteSD
GetSecurityDescriptorSacl
GetSecurityDescriptorDacl
GetSecurityDescriptorGroup
GetSecurityDescriptorOwner
IsTextUnicode
LogonUserW
CryptDestroyKey
GetSecurityDescriptorLength
SetSecurityDescriptorGroup
SetSecurityDescriptorOwner
ole32
OleGetClipboard
CoInitializeSecurity
ReleaseStgMedium
CoCreateGuid
OleRegGetMiscStatus
OleRegEnumVerbs
CreateOleAdviseHolder
CoTaskMemRealloc
CoInitialize
PropVariantClear
CoRevertToSelf
CoImpersonateClient
CoSuspendClassObjects
CoResumeClassObjects
OleUninitialize
OleInitialize
CoDisconnectObject
OleLockRunning
CoGetClassObject
RegisterDragDrop
RevokeDragDrop
CLSIDFromString
CoCreateInstance
CoTaskMemFree
CLSIDFromProgID
CreateBindCtx
CoTaskMemAlloc
StringFromGUID2
OleRegGetUserType
CoInitializeEx
CoUninitialize
CoRegisterClassObject
CoRevokeClassObject
WriteClassStm
OleSaveToStream
OleLoadFromStream
CoCreateFreeThreadedMarshaler
CreateILockBytesOnHGlobal
StgOpenStorageOnILockBytes
StgOpenStorageEx
StgCreateStorageEx
CreateStreamOnHGlobal
CoFreeUnusedLibraries
StringFromCLSID
oleaut32
UnRegisterTypeLi
LoadTypeLi
RegisterTypeLi
SafeArrayCopy
VariantCopyInd
VariantInit
SafeArrayRedim
SafeArrayDestroy
SafeArrayCreate
SafeArrayUnlock
SafeArrayLock
SafeArrayGetLBound
SafeArrayGetUBound
VariantChangeType
SafeArrayGetVartype
VariantClear
SysStringByteLen
SysAllocStringByteLen
VarBstrCmp
SysStringLen
SysAllocString
VariantTimeToSystemTime
SystemTimeToVariantTime
SysFreeString
SysAllocStringLen
OleCreatePropertyFrame
LoadRegTypeLi
OleLoadPictureEx
OleLoadPicturePath
OleLoadPicture
SafeArrayUnaccessData
SafeArrayAccessData
OleCreatePictureIndirect
DispCallFunc
VariantCopy
SafeArrayGetDim
OleCreateFontIndirect
VarCmp
OleTranslateColor
VarBstrCat
VarUI4FromStr
comctl32
_TrackMouseEvent
ord17
ImageList_ReplaceIcon
ImageList_Destroy
ImageList_Create
ImageList_SetImageCount
ImageList_Draw
imm32
ImmGetCompositionStringW
ImmGetContext
ImmSetCompositionWindow
ImmReleaseContext
ws2_32
WSACleanup
WSAStartup
closesocket
recv
inet_ntoa
send
WSAGetLastError
accept
listen
bind
htons
socket
ntohs
getsockname
shutdown
userenv
LoadUserProfileW
UnloadUserProfile
psapi
QueryWorkingSet
GetProcessMemoryInfo
Exports
Exports
?SetFlagUnittest@StatusStore@@QAEX_N@Z
KeyboardProcMainW
OutOfProcMetadataMainW
Sections
.text Size: 1.6MB - Virtual size: 1.6MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 231KB - Virtual size: 230KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 36KB - Virtual size: 62KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 69KB - Virtual size: 69KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 82KB - Virtual size: 81KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.text Size: 163KB - Virtual size: 164KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE