Manalyze report for 12cfa013ab4e19f413b2a001dddb586c

Summary

Architecture	`IMAGE_FILE_MACHINE_AMD64`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	1970-Jul-30 05:12:29
Detected languages	English - United States
Debug artifacts	MoUsoCoreWorker.pdb
CompanyName	Microsoft Corporation
FileDescription	MoUSO Core Worker Process
FileVersion	`10.0.19041.4355 (WinBuild.160101.0800)`
InternalName	MoUSO Core Worker Process
LegalCopyright	© Microsoft Corporation. All rights reserved.
OriginalFilename	MoUSOCoreWorker.exe
ProductName	Microsoft® Windows® Operating System
ProductVersion	`10.0.19041.4355`

Plugin Output

Suspicious	Strings found in the binary may indicate undesirable behavior:	`References the BITS service` `Contains domain names: go.microsoft.com https://go.microsoft.com https://go.microsoft.com/fwlink/?linkid microsoft.com`
Info	Cryptographic algorithms detected in the binary:	`Uses known Mersenne Twister constants`
Malicious	The PE contains functions mostly used by malware.	`[!] The program may be hiding some of its imports: LoadLibraryExW GetProcAddress LoadLibraryW` `Can access the registry: RegEnumValueW RegQueryValueExW RegSetValueExW RegGetValueW RegDeleteValueW RegCloseKey RegQueryInfoKeyW RegCreateKeyExW RegEnumKeyExW RegOpenKeyExW RegSetKeyValueW` `Possibly launches other programs: CreateProcessW` `Uses Windows's Native API: NtQueryWnfStateData NtPowerInformation NtClose` `Can create temporary files: CreateFileW GetTempPathW` `Functions related to the privilege level: OpenProcessToken AdjustTokenPrivileges` `Enumerates local disk drives: GetDriveTypeW GetVolumeInformationW` `Can shut the system down or lock the screen: InitiateShutdownW`
Safe	VirusTotal score: 0/72 (Scanned on 2024-05-14 04:53:44)	`All the AVs think this file is safe.`

Hashes

MD5	`12cfa013ab4e19f413b2a001dddb586c`
SHA1	`5fdf810cf53fbfe18724cfa469d0e641e0acdf70`
SHA256	`ffc7037fb0cd77bfbdaca75c10714eceff6956a79fd1de543b81093d4b238365`
SHA3	`7da78e4d40a0a2f1c5514fe5e437f2c3efac8e6f4fee2e14d3d167e38b81a573`
SSDeep	`24576:cV/uEVs6H6uGUnxLisGuD4aXS/ZOPiW+VgNc1+o5vGSuql:cV/q6aHUnx2sFLh+VgNc1jVu`
Imports Hash	`439a5c5b2d2c1ce6b06d8657e4c63e13`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x110`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_AMD64`
NumberofSections	`7`
TimeDateStamp	1970-Jul-30 05:12:29
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xf0`
Characteristics	`IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE`

Image Optional Header

Magic	`PE32+`
LinkerVersion	`14.0`
SizeOfCode	`0x13f000`
SizeOfInitializedData	`0x76e00`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x0000000000128B70 (Section: .text)`
BaseOfCode	`0x1000`
ImageBase	`0x140000000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`A.0`
ImageVersion	`A.0`
SubsystemVersion	`A.0`
Win32VersionValue	`0`
SizeOfImage	`0x1ba000`
SizeOfHeaders	`0x400`
Checksum	`0x1bd2e5`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_GUARD_CF` `IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x80000`
SizeofStackCommit	`0x2000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`e39acc766a1e4a6ac179c5bb732ecafe`
SHA1	`b7225696038588774f16cf599a66635e088b7bac`
SHA256	`ca209a847f6fe5e87a936e2b840d2f6591758d7b5b612975f36d6fd05b73a8f5`
SHA3	`fe0259bcf4a019f926f852bedd5150200266cef8b6fadfc54b5e2ee8456c3d1a`
VirtualSize	`0x13eefa`
VirtualAddress	`0x1000`
SizeOfRawData	`0x13f000`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.25832`

.rdata

MD5	`36a8ec8271260576add2e4549f34e1f6`
SHA1	`d4dfe200b4f28f1a364152a0fd4c54b3ebd7897e`
SHA256	`f707eab28904f56b48da0998722bc9016020bb63c40965e30af8dde88055c51b`
SHA3	`3f2e7ee8b7b4927e815c427b8d1acb8c32fccacf06e0d7e538646377bb873f13`
VirtualSize	`0x60a32`
VirtualAddress	`0x140000`
SizeOfRawData	`0x60c00`
PointerToRawData	`0x13f400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.40735`

.data

MD5	`a9a0f796e64b686ad2be65ae22270343`
SHA1	`3599dceaf01cf1ed6bacfdb700d75cb4bba33b7a`
SHA256	`39f67d1d5a44eb758f60a5b1034937f575fecfff22ff6917e4e68808058073d1`
SHA3	`77b3e801dfaa708a7ea84e300075386b312be5b4bcdbbe096607edabfa56ff0f`
VirtualSize	`0x5f48`
VirtualAddress	`0x1a1000`
SizeOfRawData	`0x4e00`
PointerToRawData	`0x1a0000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`4.16498`

.pdata

MD5	`1fd9629ee38107c889fdfeb2fc15bf54`
SHA1	`1ba20f343387d6c4833bfd9d1257b45e060a51ad`
SHA256	`d6ed6d85a2628ae03176995a679f419d784592ca6c2e9ce1192acd6992f0d3cd`
SHA3	`86e8282a698b371d8df27c0cb947ffd33955a9cb9d71d900223a28c44ac1eac3`
VirtualSize	`0xd0f8`
VirtualAddress	`0x1a7000`
SizeOfRawData	`0xd200`
PointerToRawData	`0x1a4e00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`6.09709`

.didat

MD5	`a3af7ac4bd2d7ff680d5f076692b4572`
SHA1	`c9989284466fc45b34270d49ea94ebec37e788fa`
SHA256	`e18e37642b2b7bb182195793b662cec94f4da73788dab64bcd3acb7c6230ec57`
SHA3	`e4d97fa8392b614e7fc387bbf824f40dc5966c3fd61db6aacc2ba69491b7e296`
VirtualSize	`0x170`
VirtualAddress	`0x1b5000`
SizeOfRawData	`0x200`
PointerToRawData	`0x1b2000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`2.19191`

.rsrc

MD5	`5c8c95bbdc2b1c386cb10b33834d8d63`
SHA1	`29f0431a56a16a55561caac1b88aec08c13312a4`
SHA256	`f578fe70e309b67438ef66479010abe118e163887e2ec26a557759fc129af534`
SHA3	`71bb0848492ad7fdc28cd0b963ee0ea6f5de303747dc7b85f33fc71be6ddbcbf`
VirtualSize	`0xbd8`
VirtualAddress	`0x1b6000`
SizeOfRawData	`0xc00`
PointerToRawData	`0x1b2200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`3.72546`

.reloc

MD5	`b5c8002b265240e09076c29f030c9eef`
SHA1	`2cd146760e4f331ee2f90306715f792176c5c95d`
SHA256	`c380bf930ebb4afd8a66308da06da92bdafd85d0184d21aad8ca202eb3cb3f98`
SHA3	`f1288dc1c08c88a58c08938bbf4b58d27a257c706ed5f88b7589f94a4c358af1`
VirtualSize	`0x21bc`
VirtualAddress	`0x1b7000`
SizeOfRawData	`0x2200`
PointerToRawData	`0x1b2e00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`5.42751`

Imports

msvcp_win.dll	`?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z` `?pbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXH@Z` `?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z` `??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ` `??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ` `??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@H@Z` `_Thrd_sleep` `?widen@?$basic_ios@GU?$char_traits@G@std@@@std@@QEBAGD@Z` `??0?$basic_istream@GU?$char_traits@G@std@@@std@@QEAA@PEAV?$basic_streambuf@GU?$char_traits@G@std@@@1@_N@Z` `?sbumpc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QEAAGXZ` `?sgetc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QEAAGXZ` `?snextc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QEAAGXZ` `??1?$basic_istream@GU?$char_traits@G@std@@@std@@UEAA@XZ` `?get@?$time_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QEBA?AV?$istreambuf_iterator@GU?$char_traits@G@std@@@2@V32@0AEAVios_base@2@AEAHPEAUtm@@PEBG4@Z` `?_Getcat@?$time_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z` `?id@?$time_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@2V0locale@2@A` `?_Ipfx@?$basic_istream@GU?$char_traits@G@std@@@std@@QEAA_N_N@Z` `?_Xinvalid_argument@std@@YAXPEBD@Z` `?_LogWorkItemCompleted@_TaskEventLogger@details@Concurrency@@QEAAXXZ` `?_LogWorkItemStarted@_TaskEventLogger@details@Concurrency@@QEAAXXZ` `?_LogTaskCompleted@_TaskEventLogger@details@Concurrency@@QEAAXXZ` `?_LogTaskExecutionCompleted@_TaskEventLogger@details@Concurrency@@QEAAXXZ` `?_LogCancelTask@_TaskEventLogger@details@Concurrency@@QEAAXXZ` `?_LogScheduleTask@_TaskEventLogger@details@Concurrency@@QEAAX_N@Z` `?_Capture@_ContextCallback@details@Concurrency@@AEAAXXZ` `?_CallInContext@_ContextCallback@details@Concurrency@@QEBAXV?$function@$$A6AXXZ@std@@_N@Z` `?_Schedule_chore@details@Concurrency@@YAHPEAU_Threadpool_chore@12@@Z` `?_Release_chore@details@Concurrency@@YAXPEAU_Threadpool_chore@12@@Z` `?GetCurrentThreadId@platform@details@Concurrency@@YAJXZ` `?_XGetLastError@std@@YAXXZ` `??0task_continuation_context@Concurrency@@AEAA@XZ` `?_Reset@_ContextCallback@details@Concurrency@@AEAAXXZ` `?__ExceptionPtrAssign@@YAXPEAXPEBX@Z` `?_ReportUnobservedException@details@Concurrency@@YAXXZ` `?__ExceptionPtrCreate@@YAXPEAX@Z` `?tolower@?$ctype@G@std@@QEBAGG@Z` `?__ExceptionPtrCurrentException@@YAXPEAX@Z` `?__ExceptionPtrRethrow@@YAXPEBX@Z` `?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ` `_Thrd_detach` `??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ` `?always_noconv@codecvt_base@std@@QEBA_NXZ` `?_Throw_future_error@std@@YAXAEBVerror_code@1@@Z` `?__ExceptionPtrToBool@@YA_NPEBX@Z` `?_Rethrow_future_exception@std@@YAXVexception_ptr@1@@Z` `?__ExceptionPtrCopy@@YAXPEAXPEBX@Z` `_Cnd_register_at_thread_exit` `?__ExceptionPtrDestroy@@YAXPEAX@Z` `_Cnd_unregister_at_thread_exit` `?_Xbad_function_call@std@@YAXXZ` `?in@?$codecvt@GDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAG3AEAPEAG@Z` `?out@?$codecvt@GDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBG1AEAPEBGPEAD3AEAPEAD@Z` `?_Init@locale@std@@CAPEAV_Locimp@12@_N@Z` `?_New_Locimp@_Locimp@locale@std@@CAPEAV123@AEBV123@@Z` `?_Addfac@_Locimp@locale@std@@AEAAXPEAVfacet@23@_K@Z` `?id@?$codecvt@GDU_Mbstatet@@@std@@2V0locale@2@A` `??4?$_Yarn@D@std@@QEAAAEAV01@PEBD@Z` `??0?$codecvt@GDU_Mbstatet@@@std@@QEAA@_K@Z` `??1?$codecvt@GDU_Mbstatet@@@std@@MEAA@XZ` `?tolower@?$ctype@G@std@@QEBAPEBGPEAGPEBG@Z` `?_Incref@facet@locale@std@@UEAAXXZ` `?_Decref@facet@locale@std@@UEAAPEAV_Facet_base@3@XZ` `??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@_N@Z` `??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z` `??0?$basic_iostream@GU?$char_traits@G@std@@@std@@QEAA@PEAV?$basic_streambuf@GU?$char_traits@G@std@@@1@@Z` `??0?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAA@PEAV?$basic_streambuf@GU?$char_traits@G@std@@@1@_N@Z` `?_Xbad_alloc@std@@YAXXZ` `?_Fiopen@std@@YAPEAU_iobuf@@PEBGHH@Z` `?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z` `?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A` `?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ` `?_Xlength_error@std@@YAXPEBD@Z` `?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z` `??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ` `?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ` `??0?$basic_ios@GU?$char_traits@G@std@@@std@@IEAA@XZ` `?_Throw_Cpp_error@std@@YAXH@Z` `_Thrd_join` `_Thrd_id` `_Cnd_do_broadcast_at_thread_exit` `?gbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXH@Z` `??0?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAA@XZ` `?sputn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QEAA_JPEBG_J@Z` `?imbue@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAXAEBVlocale@2@@Z` `?setbuf@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAPEAV12@PEAG_J@Z` `?xsgetn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JPEAG_J@Z` `?uflow@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAGXZ` `?showmanyc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JXZ` `_Unlock_shared_ptr_spin_lock` `?_Random_device@std@@YAIXZ` `_Mtx_trylock` `??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@I@Z` `??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@J@Z` `?_Getcat@?$codecvt@GDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z` `?unshift@?$codecvt@GDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z` `?getloc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QEBA?AVlocale@2@XZ` `?put@?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV12@G@Z` `?_Init@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXXZ` `?_Gndec@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAPEAGXZ` `??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z` `??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@K@Z` `_Lock_shared_ptr_spin_lock` `_Mtx_current_owns` `_Cnd_timedwait` `?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ` `?xsputn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JPEBG_J@Z` `_Query_perf_frequency` `_Query_perf_counter` `_Cnd_wait` `?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z` `?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z` `??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ` `?widen@?$ctype@G@std@@QEBAGD@Z` `?id@?$ctype@G@std@@2V0locale@2@A` `?_Getcat@?$ctype@G@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z` `??Bid@locale@std@@QEAA_KXZ` `?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ` `??0_Lockit@std@@QEAA@H@Z` `??1_Lockit@std@@QEAA@XZ` `?_Gndec@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ` `?sputc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QEAAGG@Z` `?getloc@ios_base@std@@QEBA?AVlocale@2@XZ` `?_Lock@?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAAXXZ` `?_Unlock@?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAAXXZ` `?uncaught_exception@std@@YA_NXZ` `?_Osfx@?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAXXZ` `?sync@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAHXZ` `?setstate@?$basic_ios@GU?$char_traits@G@std@@@std@@QEAAXH_N@Z` `?flush@?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV12@XZ` `??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@H@Z` `??1?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAA@XZ` `?_Pninc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAPEAGXZ` `?gbump@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXH@Z` `??1?$basic_ostream@GU?$char_traits@G@std@@@std@@UEAA@XZ` `??1?$basic_iostream@GU?$char_traits@G@std@@@std@@UEAA@XZ` `_Cnd_broadcast` `_Xtime_get_ticks` `_Cnd_signal` `_Mtx_unlock` `?_Throw_C_error@std@@YAXH@Z` `_Mtx_lock` `?_Xout_of_range@std@@YAXPEBD@Z` `?_Winerror_message@std@@YAKKPEADK@Z` `?_Winerror_map@std@@YAHH@Z` `?_Execute_once@std@@YAHAEAUonce_flag@1@P6AHPEAX1PEAPEAX@Z1@Z` `?_Syserror_map@std@@YAPEBDH@Z` `_Cnd_destroy_in_situ` `_Cnd_init_in_situ` `_Mtx_init_in_situ` `_Mtx_destroy_in_situ` `??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z` `?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z` `?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z` `??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z` `??1?$basic_ios@GU?$char_traits@G@std@@@std@@UEAA@XZ` `??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ` `??1_Locinfo@std@@QEAA@XZ` `??0_Locinfo@std@@QEAA@PEBD@Z` `?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ` `??1facet@locale@std@@MEAA@XZ` `?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ` `?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ` `??0facet@locale@std@@IEAA@_K@Z` `?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z` `?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ` `?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z` `??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@_K@Z` `?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ` `?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ` `?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ` `?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ` `?is@?$ctype@G@std@@QEBA_NFG@Z` `?id@?$collate@G@std@@2V0locale@2@A` `_Wcsxfrm` `_Wcscoll` `?_Getcoll@_Locinfo@std@@QEBA?AU_Collvec@@XZ` `?_Xregex_error@std@@YAXW4error_type@regex_constants@1@@Z` `??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z` `?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z` `?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z` `?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ` `?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA_N_N@Z` `?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z`
api-ms-win-crt-string-l1-1-0.dll	`wcscmp` `strnlen` `memset` `wcsnlen` `wcsncmp`
api-ms-win-crt-runtime-l1-1-0.dll	`_initterm_e` `_c_exit` `_register_thread_local_exe_atexit_callback` `_initterm`
api-ms-win-crt-private-l1-1-0.dll	`_o__localtime64_s` `_o__lock_file` `_o__ltow_s` `_o__mktime64` `_o__purecall` `_o__recalloc` `_o__register_onexit_function` `_o__seh_filter_exe` `_o__set_app_type` `_o__set_errno` `_o__set_fmode` `_o__set_new_mode` `_o__stricmp` `_o__ui64toa_s` `_o__ui64tow_s` `_o__ultow_s` `_o__unlock_file` `_o__wcsicmp` `_o__wcsnicmp` `_o__wcstod_l` `_o__wtoi` `_o__wtol` `_o_exit` `_o_fclose` `_o_fflush` `_o_fgetc` `_o_fgetpos` `_o_fgetwc` `_o_fputc` `_o_fputwc` `_o_fread` `_o_free` `memmove` `_o_fwrite` `_o_iswspace` `_o_malloc` `_o_mbstowcs_s` `_o_pow` `_o_realloc` `_o_setvbuf` `_o_strncpy_s` `_o_strtol` `_o_strtoull` `_o_terminate` `_o_tolower` `_o_towlower` `_o_ungetc` `_o_ungetwc` `_o_wcscat_s` `_o_wcscpy_s` `_o_wcsftime` `_o_wcsncpy_s` `_o_wcstol` `_o_wcstoll` `_o_wcstoull` `__CxxFrameHandler3` `_CxxThrowException` `_o__invalid_parameter_noinfo_noreturn` `_o__invalid_parameter_noinfo` `_o__initialize_wide_environment` `_o__initialize_onexit_table` `_o__i64tow_s` `_o__i64toa_s` `_o__get_wide_winmain_command_line` `_o__get_stream_buffer_pointers` `_o__fseeki64` `_o__free_locale` `_o__exit` `_o__errno` `_o__crt_atexit` `_o__create_locale` `_o__configure_wide_argv` `_o__configthreadlocale` `memcpy` `memcmp` `_o__cexit` `_o__callnewh` `_o__beginthreadex` `_o___stdio_common_vswscanf` `_o___stdio_common_vswprintf_s` `_o___stdio_common_vswprintf` `_o___stdio_common_vsprintf_s` `_o___stdio_common_vsnwprintf_s` `_o___stdio_common_vsnprintf_s` `_o___std_exception_destroy` `_o___std_exception_copy` `_o___pctype_func` `_o___p__commode` `_o____lc_codepage_func` `__C_specific_handler` `__std_terminate` `__CxxFrameHandler4` `_o_fsetpos` `strchr` `strrchr` `__std_type_info_compare`
api-ms-win-core-libraryloader-l1-2-0.dll	`LoadLibraryExW` `GetModuleHandleW` `GetModuleHandleExW` `LoadResource` `FreeLibrary` `GetModuleFileNameA` `GetModuleFileNameW` `FindResourceExW` `GetModuleHandleA` `SizeofResource` `GetProcAddress`
api-ms-win-core-synch-l1-1-0.dll	`InitializeCriticalSectionAndSpinCount` `CreateEventW` `ReleaseSemaphore` `CreateEventExW` `DeleteCriticalSection` `EnterCriticalSection` `LeaveCriticalSection` `ReleaseSRWLockShared` `AcquireSRWLockShared` `ReleaseSRWLockExclusive` `AcquireSRWLockExclusive` `WaitForSingleObject` `CreateSemaphoreExW` `SetEvent` `InitializeCriticalSectionEx` `ReleaseMutex` `OpenEventW` `CreateMutexExW` `ResetEvent` `InitializeSRWLock` `InitializeCriticalSection` `OpenSemaphoreW` `WaitForSingleObjectEx`
api-ms-win-core-heap-l1-1-0.dll	`HeapReAlloc` `GetProcessHeap` `HeapFree` `HeapAlloc`
api-ms-win-core-errorhandling-l1-1-0.dll	`SetUnhandledExceptionFilter` `SetErrorMode` `GetErrorMode` `GetLastError` `UnhandledExceptionFilter` `SetLastError` `RaiseException`
api-ms-win-core-processthreads-l1-1-0.dll	`CreateProcessW` `TerminateProcess` `GetCurrentThread` `GetStartupInfoW` `TlsAlloc` `OpenThreadToken` `GetProcessId` `GetExitCodeThread` `GetCurrentProcess` `OpenProcessToken` `GetCurrentThreadId` `TlsSetValue` `GetCurrentProcessId` `TlsGetValue` `TlsFree` `CreateThread`
api-ms-win-core-localization-l1-2-0.dll	`FormatMessageW`
api-ms-win-core-debug-l1-1-0.dll	`DebugBreak` `OutputDebugStringW` `IsDebuggerPresent`
api-ms-win-core-handle-l1-1-0.dll	`CloseHandle` `DuplicateHandle`
OLEAUT32.dll	`VarUI4FromStr` `VarUI8FromDec` `VariantTimeToSystemTime` `SysStringLen` `SysStringByteLen` `SysAllocString` `UnRegisterTypeLib` `SystemTimeToVariantTime` `VariantInit` `VariantClear` `SysAllocStringByteLen` `SysFreeString` `LoadTypeLib` `RegisterTypeLib`
api-ms-win-core-threadpool-l1-2-0.dll	`WaitForThreadpoolWaitCallbacks` `WaitForThreadpoolTimerCallbacks` `CreateThreadpoolWait` `CreateThreadpoolTimer` `SetThreadpoolTimer` `CloseThreadpoolTimer` `SetThreadpoolWait` `CloseThreadpoolWait`
api-ms-win-eventing-provider-l1-1-0.dll	`EventUnregister` `EventWriteTransfer` `EventActivityIdControl` `EventWriteString` `EventRegister` `EventSetInformation`
api-ms-win-core-com-l1-1-0.dll	`CoWaitForMultipleHandles` `CoTaskMemAlloc` `CoRevokeClassObject` `CoGetMalloc` `CoGetApartmentType` `CoCreateGuid` `CoImpersonateClient` `CoRevertToSelf` `CoIncrementMTAUsage` `CoTaskMemRealloc` `CoInitializeEx` `CoSuspendClassObjects` `CoRegisterClassObject` `StringFromGUID2` `CoResumeClassObjects` `CoTaskMemFree` `CoCreateInstance` `CoUninitialize` `CoCreateFreeThreadedMarshaler`
api-ms-win-core-string-l2-1-0.dll	`CharLowerBuffW` `CharNextW` `CharUpperW`
api-ms-win-core-registry-l1-1-0.dll	`RegEnumValueW` `RegQueryValueExW` `RegSetValueExW` `RegGetValueW` `RegDeleteTreeW` `RegDeleteValueW` `RegCloseKey` `RegQueryInfoKeyW` `RegCreateKeyExW` `RegEnumKeyExW` `RegOpenKeyExW`
api-ms-win-core-string-l1-1-0.dll	`WideCharToMultiByte` `MultiByteToWideChar`
api-ms-win-security-sddl-l1-1-0.dll	`ConvertStringSecurityDescriptorToSecurityDescriptorW`
api-ms-win-core-synch-l1-2-0.dll	`InitOnceComplete` `InitOnceBeginInitialize` `Sleep` `InitOnceExecuteOnce`
api-ms-win-core-processenvironment-l1-1-0.dll	`GetCommandLineW` `ExpandEnvironmentStringsW`
api-ms-win-core-rtlsupport-l1-1-0.dll	`RtlVirtualUnwind` `RtlCaptureContext` `RtlLookupFunctionEntry`
api-ms-win-core-processthreads-l1-1-1.dll	`IsProcessorFeaturePresent`
api-ms-win-core-profile-l1-1-0.dll	`QueryPerformanceCounter`
api-ms-win-core-sysinfo-l1-1-0.dll	`GetSystemTimeAsFileTime` `GetSystemWindowsDirectoryW` `GetTickCount64` `GetSystemDirectoryW` `GetLocalTime` `GetVersionExW`
api-ms-win-core-interlocked-l1-1-0.dll	`InterlockedPushEntrySList` `InitializeSListHead`
api-ms-win-core-string-obsolete-l1-1-0.dll	`lstrcmpiW`
api-ms-win-core-localization-obsolete-l1-2-0.dll	`GetUserDefaultUILanguage`
dmiso8601utils.dll	`SystemTimeToISO8601String`
api-ms-win-eventing-controller-l1-1-0.dll	`ControlTraceW` `EnableTraceEx2` `QueryAllTracesW` `StartTraceW`
api-ms-win-core-heap-l2-1-0.dll	`LocalAlloc` `LocalFree` `LocalReAlloc`
api-ms-win-core-registry-l1-1-1.dll	`RegSetKeyValueW`
api-ms-win-security-base-l1-1-0.dll	`GetTokenInformation` `AdjustTokenPrivileges` `FreeSid` `AllocateAndInitializeSid` `ImpersonateLoggedOnUser` `RevertToSelf`
api-ms-win-core-shutdown-l1-1-1.dll	`InitiateShutdownW`
api-ms-win-power-setting-l1-1-0.dll	`PowerSettingUnregisterNotification` `PowerSettingRegisterNotification`
api-ms-win-power-base-l1-1-0.dll	`CallNtPowerInformation`
api-ms-win-core-winrt-string-l1-1-0.dll	`WindowsCreateString` `WindowsPreallocateStringBuffer` `WindowsDeleteStringBuffer` `WindowsPromoteStringBuffer` `WindowsDuplicateString` `WindowsCreateStringReference` `WindowsDeleteString` `WindowsGetStringRawBuffer`
api-ms-win-core-winrt-error-l1-1-0.dll	`SetRestrictedErrorInfo` `RoTransformError` `RoOriginateError` `GetRestrictedErrorInfo`
api-ms-win-core-winrt-l1-1-0.dll	`RoInitialize` `RoGetActivationFactory` `RoActivateInstance`
RPCRT4.dll	`RpcBindingFree` `RpcStringFreeW` `RpcBindingSetAuthInfoExW` `RpcStringBindingComposeW` `RpcBindingFromStringBindingW` `NdrClientCall3` `UuidCreate`
api-ms-win-core-sysinfo-l1-2-0.dll	`VerSetConditionMask`
api-ms-win-core-file-l1-1-0.dll	`SetFileAttributesW` `GetFileAttributesW` `RemoveDirectoryW` `GetFileAttributesExW` `GetDiskFreeSpaceExW` `FindClose` `GetDriveTypeW` `DeleteVolumeMountPointW` `SetFileInformationByHandle` `FlushFileBuffers` `GetFileSize` `SetEndOfFile` `GetFileInformationByHandle` `GetFinalPathNameByHandleW` `GetVolumeInformationW` `CreateFileW` `CreateDirectoryW` `SetFilePointerEx` `FindNextFileW` `SetFilePointer` `DeleteFileW` `ReadFile` `WriteFile` `FindFirstFileExW`
IPHLPAPI.DLL	`GetNetworkConnectivityHint`
api-ms-win-core-libraryloader-l1-2-1.dll	`LoadLibraryW`
api-ms-win-core-timezone-l1-1-0.dll	`TzSpecificLocalTimeToSystemTime` `FileTimeToSystemTime` `SystemTimeToFileTime`
CRYPT32.dll	`CertVerifyCertificateChainPolicy`
api-ms-win-core-datetime-l1-1-1.dll	`GetDateFormatEx` `GetTimeFormatEx`
api-ms-win-core-delayload-l1-1-1.dll	`ResolveDelayLoadedAPI`
api-ms-win-core-delayload-l1-1-0.dll	`DelayLoadFailureHook`
api-ms-win-core-file-l2-1-0.dll	`CreateSymbolicLinkW` `CreateHardLinkW` `MoveFileExW` `GetFileInformationByHandleEx`
api-ms-win-core-io-l1-1-0.dll	`DeviceIoControl`
api-ms-win-core-file-l1-2-0.dll	`GetVolumePathNamesForVolumeNameW` `GetTempPathW`
api-ms-win-core-file-l2-1-2.dll	`CopyFileW`
api-ms-win-eventing-legacy-l1-1-0.dll	`QueryTraceW` `FlushTraceW`
api-ms-win-core-shlwapi-legacy-l1-1-0.dll	`PathFileExistsW` `PathFindFileNameW`
api-ms-win-core-kernel32-legacy-l1-1-1.dll	`PowerSetRequest` `PowerCreateRequest` `VerifyVersionInfoW` `PowerClearRequest` `SetVolumeMountPointW`
ntdll.dll	`RtlUnsubscribeWnfNotificationWaitForCompletion` `NtQueryWnfStateData` `RtlSubscribeWnfStateChangeNotification` `RtlPublishWnfStateData` `NtPowerInformation` `LdrUnloadDll` `RtlAllocateHeap` `RtlFreeHeap` `RtlNtStatusToDosError` `LdrAddRefDll` `RtlDosPathNameToNtPathName_U` `NtClose` `DbgPrintEx` `RtlRaiseStatus` `RtlReAllocateHeap`
api-ms-win-stateseparation-helpers-l1-1-0.dll	`GetPersistedRegistryLocationW`
api-ms-win-oobe-notification-l1-1-0.dll	`OOBEComplete`
api-ms-win-service-private-l1-1-0.dll	`I_QueryTagInformation`
api-ms-win-core-apiquery-l1-1-0.dll	`ApiSetQueryApiSetPresence`
UMPDC.dll	`PdcTaskClientUnregister` `PdcTaskClientRegister` `PdcTaskClientRequest`
UpdatePolicy.dll	`ReadPolicyWithFallback` `ReadPolicy` `ReleaseEnterprisePolicyValue` `ReleaseUpdatePolicyValue`
DMCmnUtils.dll	`InvStrCmpW` `SafeStringToDword` `DecodeBase64W` `CopyString` `EncodeBase64W`
api-ms-win-core-synch-l1-2-1.dll	`WaitForMultipleObjects`
api-ms-win-devices-config-l1-1-1.dll	`CM_Get_Device_Interface_PropertyW` `CM_Get_Device_Interface_List_SizeW` `CM_Get_Device_Interface_ListW`
api-ms-win-core-memory-l1-1-0.dll	`VirtualFree` `VirtualAlloc`
api-ms-win-core-errorhandling-l1-1-2.dll	`RaiseFailFastException`
api-ms-win-shcore-stream-winrt-l1-1-0.dll	`CreateRandomAccessStreamOnFile`
XmlLite.dll	`CreateXmlReader` `CreateXmlWriter`
winsqlite3.dll	`sqlite3_exec` `sqlite3_open16` `sqlite3_prepare16_v2` `sqlite3_step` `sqlite3_column_int` `sqlite3_initialize` `sqlite3_busy_timeout` `sqlite3_close_v2` `sqlite3_bind_text16` `sqlite3_bind_int` `sqlite3_column_text16` `sqlite3_bind_blob` `sqlite3_column_bytes` `sqlite3_column_blob` `sqlite3_finalize`
bcrypt.dll	`BCryptGetProperty` `BCryptHashData` `BCryptDestroyHash` `BCryptFinishHash` `BCryptOpenAlgorithmProvider` `BCryptCloseAlgorithmProvider` `BCryptCreateHash`
api-ms-win-core-path-l1-1-0.dll	`PathCchAppend` `PathCchRemoveBackslash` `PathAllocCanonicalize` `PathCchCanonicalize` `PathCchSkipRoot`
profapi.dll	`#104`
api-ms-win-core-winrt-error-l1-1-1.dll	`RoOriginateLanguageException`
api-ms-win-crt-math-l1-1-0.dll	`ceilf`
api-ms-win-rtcore-ntuser-window-l1-1-0.dll (delay-loaded)	`GetMessageW` `DispatchMessageW` `TranslateMessage` `PostThreadMessageW`

Delayed Imports

Attributes	`0x1`
Name	`api-ms-win-rtcore-ntuser-window-l1-1-0.dll`
ModuleHandle	`0x1a6228`
DelayImportAddressTable	`0x1b50d8`
DelayImportNameTable	`0x199218`
BoundDelayImportTable	`0x1995f8`
UnloadDelayImportTable	`0`
TimeStamp	`1970-Jan-01 00:00:00`

CloseImageStorageService

Ordinal	`1`
Address	`0x112990`

CloseVolumeHandle

Ordinal	`2`
Address	`0x114f50`

CreateJunction

Ordinal	`3`
Address	`0x1187f0`

CreateStorageService

Ordinal	`4`
Address	`0x112760`

FlushPartition

Ordinal	`5`
Address	`0x114bb0`

FormatPartition

Ordinal	`6`
Address	`0x116e40`

FormatPartitionWithPath

Ordinal	`7`
Address	`0x116e80`

FormatPartitions

Ordinal	`8`
Address	`0x116460`

FormatPartitions2

Ordinal	`9`
Address	`0x116920`

GetDiskLayout

Ordinal	`10`
Address	`0x1187b0`

GetDiskName

Ordinal	`11`
Address	`0x113060`

GetDiskNumAndPartitionCount

Ordinal	`12`
Address	`0x1136c0`

GetDiskSize

Ordinal	`13`
Address	`0x1133f0`

GetETWLogPath

Ordinal	`14`
Address	`0x112bc0`

GetFreeBytesOnVolume

Ordinal	`15`
Address	`0x115f20`

GetMainOSStoreId

Ordinal	`16`
Address	`0x112cc0`

GetPartitionAttributes

Ordinal	`17`
Address	`0x113cc0`

GetPartitionFileSystem

Ordinal	`18`
Address	`0x116110`

GetPartitionOffset

Ordinal	`19`
Address	`0x1149e0`

GetPartitionPath

Ordinal	`20`
Address	`0x113950`

GetPartitionPath2

Ordinal	`21`
Address	`0x113b00`

GetPartitionPathNoContext

Ordinal	`22`
Address	`0x113a50`

GetPartitionSizeInSectors

Ordinal	`23`
Address	`0x114ac0`

GetPartitionStyle

Ordinal	`24`
Address	`0x113870`

GetPartitionType

Ordinal	`25`
Address	`0x114380`

GetSectorCount

Ordinal	`26`
Address	`0x1134d0`

GetSectorSize

Ordinal	`27`
Address	`0x113200`

GetSectorSizeFromHandle

Ordinal	`28`
Address	`0x113310`

GetStorageAllocationBitmap

Ordinal	`29`
Address	`0x119000`

GetStoreIdAndInfoFromPartitionName

Ordinal	`30`
Address	`0x112eb0`

GetStoreIdByPath

Ordinal	`31`
Address	`0x118e00`

GetStoreIdFromPartitionName

Ordinal	`32`
Address	`0x112db0`

LockAndDismountDiskVolumes

Ordinal	`33`
Address	`0x1156d0`

LockAndDismountDiskVolumes2

Ordinal	`34`
Address	`0x115a90`

LockAndDismountVolumeByHandle

Ordinal	`35`
Address	`0x1153b0`

OpenVolume

Ordinal	`36`
Address	`0x114dd0`

RefreshImageStorageService

Ordinal	`37`
Address	`0x112a00`

SafeFreeDiskLayout

Ordinal	`38`
Address	`0x1187c0`

ScanPartitionPath

Ordinal	`39`
Address	`0x114d00`

SetLoggingFunction

Ordinal	`40`
Address	`0x112a80`

SetPartitionAttributes

Ordinal	`41`
Address	`0x113e00`

SetPartitionType

Ordinal	`42`
Address	`0x114460`

StoreIsSpace

Ordinal	`43`
Address	`0x119390`

UnlockVolumeByHandle

Ordinal	`44`
Address	`0x1155d0`

UpdateDiskLayout

Ordinal	`45`
Address	`0x1135c0`

WaitForPartition

Ordinal	`46`
Address	`0x114fe0`

WaitForPartitions

Ordinal	`47`
Address	`0x115100`

WriteVolumeMountPoints

Ordinal	`48`
Address	`0x116ec0`

1

Type	`MUI`
Language	English - United States
Codepage	UNKNOWN
Size	`0xe8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.91018`
MD5	`5825bf2fe3c78108da32794c60a92b47`
SHA1	`81a91a4595a650e5905d5da1020de3cc825ed43c`
SHA256	`4489b3cf0b9e7df6c22b3c70811ba02df88b073326d7a0b8a310420044189f40`
SHA3	`9ff77c1dd6948010b8e56da81d80435795b8992e9c26aeb69fced0a6b4ced0d0`

101

Type	`REGISTRY`
Language	English - United States
Codepage	UNKNOWN
Size	`0xc`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.79248`
MD5	`0faf7d9daad9eaf6481b7bb69bdb26b7`
SHA1	`f487bfff48f35946a8ae9cff98bcc5219e0a6cf4`
SHA256	`07d923e8f7f69e6f36e2226723e8c1abed527b999942669a8eff8c50a0be65f6`
SHA3	`5e8f495602f8c55786615e8d1898609eb7328208ce406dcc9bb8927feb64a60c`

102

Type	`REGISTRY`
Language	English - United States
Codepage	UNKNOWN
Size	`0x182`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.46173`
MD5	`7fa99d3af3dcc798e10c35ffd751ea18`
SHA1	`87de75c3d13e97cbea5c145774ff59b8c3b31804`
SHA256	`49eb2e2953dc91d977589de2e9d2476ae44c18d95f48252fefc95db440b48bdc`
SHA3	`e7c220ef711137bd8c0d09dbddbfa41c6db0b3bd79367662727b64c67f74f8eb`

1 (#2)

Type	`TYPELIB`
Language	English - United States
Codepage	UNKNOWN
Size	`0x3f4`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`1.36182`
MD5	`d19f624a289632bc133a84e88f7274a6`
SHA1	`d7276d348a4f5e1f2f8ab7dad7cfccb255b77a62`
SHA256	`92161f651fe85a11d8ff78374d100c92ad1cb9f378991324b28cc9c5e8ec4c2c`
SHA3	`a0bbecb29ff8aa7553c65096626cce55087016ef4bad03463928275e48ff36cd`

1 (#3)

Type	`RT_VERSION`
Language	English - United States
Codepage	UNKNOWN
Size	`0x3cc`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.51569`
MD5	`2341e66f30436298cec03556391e92ef`
SHA1	`9445a75ac18284b3880ea65dd76470cf05b6bf72`
SHA256	`9d7ca4a4683a42801f772a16f3440bb7c3f6fd4cd8c92ef84caf4a0fe5d53adc`
SHA3	`646d7bedf9b63ff3713b284b31bca7b8493ea52e2d096082eda9787b04befbfd`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	10.0.19041.4355
ProductVersion	10.0.19041.4355
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT` `VOS_NT_WINDOWS32` `VOS_WINCE` `VOS__WINDOWS32`
FileType	`VFT_DLL`
Language	English - United States
CompanyName	Microsoft Corporation
FileDescription	MoUSO Core Worker Process
FileVersion (#2)	10.0.19041.4355 (WinBuild.160101.0800)
InternalName	MoUSO Core Worker Process
LegalCopyright	© Microsoft Corporation. All rights reserved.
OriginalFilename	MoUSOCoreWorker.exe
ProductName	Microsoft® Windows® Operating System
ProductVersion (#2)	10.0.19041.4355

Resource LangID	English - United States

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics	`0`
TimeDateStamp	1970-Jul-30 05:12:29
Version	`0.0`
SizeofData	`44`
AddressOfRawData	`0x179c5c`
PointerToRawData	`0x17905c`
Referenced File	MoUsoCoreWorker.pdb

IMAGE_DEBUG_TYPE_POGO

Characteristics	`0`
TimeDateStamp	1970-Jul-30 05:12:29
Version	`0.0`
SizeofData	`1284`
AddressOfRawData	`0x179c88`
PointerToRawData	`0x179088`

UNKNOWN

Characteristics	`0`
TimeDateStamp	1970-Jul-30 05:12:29
Version	`0.0`
SizeofData	`36`
AddressOfRawData	`0x17a18c`
PointerToRawData	`0x17958c`

TLS Callbacks

StartAddressOfRawData	`0x14017a1d0`
EndAddressOfRawData	`0x14017a1d8`
AddressOfIndex	`0x1401a62a8`
AddressOfCallbacks	`0x140149688`
SizeOfZeroFill	`0`
Characteristics	`IMAGE_SCN_ALIGN_4BYTES`
Callbacks	`(EMPTY)`

Load Configuration

Size	`0x118`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x1401a4ed0`
GuardCFCheckFunctionPointer	`5370057416`
GuardCFDispatchFunctionPointer	`0`
GuardCFFunctionTable	`0`
GuardCFFunctionCount	`0`
GuardFlags	`(EMPTY)`
CodeIntegrity.Flags	`0`
CodeIntegrity.Catalog	`0`
CodeIntegrity.CatalogOffset	`0`
CodeIntegrity.Reserved	`0`
GuardAddressTakenIatEntryTable	`0`
GuardAddressTakenIatEntryCount	`0`
GuardLongJumpTargetTable	`0`
GuardLongJumpTargetCount	`0`

RICH Header

XOR Key	`0xfcdb4baf`
Unmarked objects	`0`
Imports (33135)	`2`
Imports (VS2008 SP1 build 30729)	`152`
C objects (27412)	`17`
ASM objects (27412)	`3`
Total imports	`1689`
Imports (27412)	`11`
C objects (LTCG) (27412)	`144`
C++ objects (27412)	`41`
253 (27412)	`1`
Exports (27412)	`1`
Resource objects (27412)	`1`
Linker (27412)	`1`

12cfa013ab4e19f413b2a001dddb586c

Summary

Plugin Output

Hashes

DOS Header

PE Header

Image Optional Header

.text

.rdata

.data

.pdata

.didat

.rsrc

.reloc

Imports

Delayed Imports

CloseImageStorageService

CloseVolumeHandle

CreateJunction

CreateStorageService

FlushPartition

FormatPartition

FormatPartitionWithPath

FormatPartitions

FormatPartitions2

GetDiskLayout

GetDiskName

GetDiskNumAndPartitionCount

GetDiskSize

GetETWLogPath

GetFreeBytesOnVolume

GetMainOSStoreId

GetPartitionAttributes

GetPartitionFileSystem

GetPartitionOffset

GetPartitionPath

GetPartitionPath2

GetPartitionPathNoContext

GetPartitionSizeInSectors

GetPartitionStyle

GetPartitionType

GetSectorCount

GetSectorSize

GetSectorSizeFromHandle

GetStorageAllocationBitmap

GetStoreIdAndInfoFromPartitionName

GetStoreIdByPath

GetStoreIdFromPartitionName

LockAndDismountDiskVolumes

LockAndDismountDiskVolumes2

LockAndDismountVolumeByHandle

OpenVolume

RefreshImageStorageService

SafeFreeDiskLayout

ScanPartitionPath

SetLoggingFunction

SetPartitionAttributes

SetPartitionType

StoreIsSpace

UnlockVolumeByHandle

UpdateDiskLayout

WaitForPartition

WaitForPartitions

WriteVolumeMountPoints

1

101

102

1 (#2)

1 (#3)

Version Info

IMAGE_DEBUG_TYPE_CODEVIEW

IMAGE_DEBUG_TYPE_POGO

UNKNOWN

TLS Callbacks

Load Configuration

RICH Header

Errors