Manalyze report for c50b8eb554a62fafee6d012f76458839

Summary

Architecture	`IMAGE_FILE_MACHINE_AMD64`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2013-Aug-22 09:10:08
Detected languages	English - United States
Debug artifacts	spoolsv.pdb
CompanyName	Microsoft Corporation
FileDescription	Spooler SubSystem App
FileVersion	`6.3.9600.16384 (winblue_rtm.130821-1623)`
InternalName	spoolsv.exe
LegalCopyright	© Microsoft Corporation. All rights reserved.
OriginalFilename	spoolsv.exe
ProductName	Microsoft® Windows® Operating System
ProductVersion	`6.3.9600.16384`

Plugin Output

Info	Interesting strings found in the binary:	`Contains domain names: .ipv6-literal.net ipv6-literal.net literal.net`
Malicious	The PE contains functions mostly used by malware.	`[!] The program may be hiding some of its imports: GetProcAddress LoadLibraryExW LoadLibraryW` `Functions which can be used for anti-debugging purposes: NtQuerySystemInformation` `Can access the registry: RegQueryInfoKeyW RegGetKeySecurity RegDeleteKeyExW RegCloseKey RegCreateKeyExW RegEnumValueW RegOpenKeyExW RegGetValueW RegSetKeySecurity RegDeleteValueW RegQueryValueExW RegSetValueExW RegEnumKeyExW` `Possibly launches other programs: CreateProcessAsUserW` `Uses Windows's Native API: NtOpenProcessToken NtClose NtSetInformationThread NtOpenThreadToken NtQuerySystemInformation` `Functions related to the privilege level: OpenProcessToken DuplicateToken DuplicateTokenEx CheckTokenMembership` `Manipulates other processes: OpenProcess`
Safe	VirusTotal score: 0/71 (Scanned on 2020-11-20 17:42:39)	`All the AVs think this file is safe.`

Hashes

MD5	`c50b8eb554a62fafee6d012f76458839`
SHA1	`f3e7de5629b953c68f0a6135b1942bcb0749717a`
SHA256	`410dff59ad641e343e9d81b6dc8fd80ee6b4970bcfd20e1becc57b36c3aa3cc1`
SHA3	`074a6ff3b45226939753691820fa9311ecd3139290e0ac500291e2341355c630`
SSDeep	`3072:ZzfpUWS/4gO8u73UuSnJZodKhTKdYTKwpoHbtazFLXCmPe/pVHRoWPAcZzwUuUo:ZViwXRSJas4dopsqUmuDHRnBuUG`
Imports Hash	`656e4697aaa8e55978ba328ef805c8ce`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x100`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_AMD64`
NumberofSections	`6`
TimeDateStamp	2013-Aug-22 09:10:08
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xf0`
Characteristics	`IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE`

Image Optional Header

Magic	`PE32+`
LinkerVersion	`11.3`
SizeOfCode	`0xa5400`
SizeOfInitializedData	`0x1d600`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x0000000000052E0C (Section: .text)`
BaseOfCode	`0x1000`
ImageBase	`0x7ff6d8830000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`6.3`
ImageVersion	`6.3`
SubsystemVersion	`6.3`
Win32VersionValue	`0`
SizeOfImage	`0xc6000`
SizeOfHeaders	`0x400`
Checksum	`0xca79e`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x40000`
SizeofStackCommit	`0xc000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`a7c0c967c72ee0c6e6d6fbc3b26ba511`
SHA1	`907ce02a2940ba6993f2c64d78b521fea6425e0c`
SHA256	`11bea0fd2de4a24a2afeb8584a2aeb55b60901aeb352a01168576240488d9402`
SHA3	`75b6bc39450f1acddcd08e7c755917fc9c92e6ae286764617b955a194f0b211f`
VirtualSize	`0xa5260`
VirtualAddress	`0x1000`
SizeOfRawData	`0xa5400`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`2.55194`

.data

MD5	`df55aad40f5dbd1fcb79a0155d770743`
SHA1	`cbde334ecc8b07fa0076e17f63e67db636990a07`
SHA256	`704b41e3f9dece97c58113162861abd6571234523335336f2b37e8c85c21ed18`
SHA3	`a171cbc8e4f9731c3ed0b9fecb459b06c719019d9994fc2f0ebe7d8b83b97852`
VirtualSize	`0x25d0`
VirtualAddress	`0xa7000`
SizeOfRawData	`0x2600`
PointerToRawData	`0xa5800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`3.52599`

.pdata

MD5	`cf26b39e7e03767333e01134b2429010`
SHA1	`66512bc3fdca6f85f9b9d05bfdef8665aaddbae3`
SHA256	`13789f635319f79895d1c3e35b754d414ef09921ae32a88c701528e3ae1b351c`
SHA3	`a4574268c31b5a59b0aab04df642a2f920a6e0abd150275704edf3895ade05ba`
VirtualSize	`0x6cb4`
VirtualAddress	`0xaa000`
SizeOfRawData	`0x6e00`
PointerToRawData	`0xa7e00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`0`

.idata

MD5	`2b8ac1b0ff5371b9e8f65b7e279f8979`
SHA1	`2f6bbd52abe05778b926d23eb44a8a91cb884a3f`
SHA256	`736ad93fbd74b4033bdde2433b4264f609d23b4e54535c7c178474f633ceb3ef`
SHA3	`c905c9f7a53cf24e8304703454c59b70578ac404d27eb51f52e06ff317fa4d11`
VirtualSize	`0x2caa`
VirtualAddress	`0xb1000`
SizeOfRawData	`0x2e00`
PointerToRawData	`0xaec00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.24749`

.rsrc

MD5	`72461ade0f4bb4859ba90958cd0c1009`
SHA1	`cf58f713bbf96c2d93cbd8c0296b02b635136fa4`
SHA256	`48889232bb9f3539114ba8195355b3b864477fc1e6980e99c1594d4f0c023cf9`
SHA3	`fb9ddcbf8ab3571a7111f346ea7079a33b74215e4ac3f8d9ddbfb5fd0526da7b`
VirtualSize	`0xe2f0`
VirtualAddress	`0xb4000`
SizeOfRawData	`0xe400`
PointerToRawData	`0xb1a00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`0.498644`

.reloc

MD5	`4072783b8efb99a9e5817067d68f61c6`
SHA1	`7cb41fea50720b48be0c145e1473982b23e9ab77`
SHA256	`f3cc103136423a57975750907ebc1d367e2985ac6338976d4d5a439f50323f4a`
SHA3	`d81e93d78ee49e5510f5070123ead131699cce4f302a7573a3a68249f08c2499`
VirtualSize	`0x2fe8`
VirtualAddress	`0xc3000`
SizeOfRawData	`0x3000`
PointerToRawData	`0xbfe00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`0`

Imports

USER32.dll	`DispatchMessageW` `PeekMessageW` `TranslateMessage` `MsgWaitForMultipleObjects` `UnregisterDeviceNotification` `RegisterDeviceNotificationW` `SendNotifyMessageW` `UnregisterPowerSettingNotification` `RegisterPowerSettingNotification`
msvcrt.dll	`_commode` `_unlock` `memcpy` `__dllonexit` `_onexit` `_fmode` `_lock` `__CxxFrameHandler3` `_strnicmp` `__C_specific_handler` `_initterm` `__setusermatherr` `_cexit` `_exit` `exit` `__set_app_type` `__getmainargs` `_amsg_exit` `wcsncmp` `memmove` `_XcptFilter` `_wcsnicmp` `_vsnwprintf` `wcsstr` `??3@YAXPEAX@Z` `_purecall` `?terminate@@YAXXZ` `strchr` `wcschr` `towlower` `_stricmp` `_wcsicmp` `??2@YAPEAX_K@Z` `towupper` `memset`
ntdll.dll	`RtlIpv4AddressToStringW` `NtOpenProcessToken` `NtClose` `NtSetInformationThread` `NtOpenThreadToken` `RtlIpv4StringToAddressExW` `RtlIpv6StringToAddressExW` `EtwEventEnabled` `RtlReportException` `TpAllocPool` `TpReleaseAlpcCompletion` `TpWaitForAlpcCompletion` `TpReleaseIoCompletion` `TpWaitForIoCompletion` `TpReleaseTimer` `TpWaitForTimer` `TpReleaseWait` `TpWaitForWait` `TpReleaseWork` `TpWaitForWork` `TpAllocAlpcCompletion` `TpStartAsyncIoOperation` `TpAllocIoCompletion` `TpSetTimer` `TpAllocTimer` `TpAllocWait` `TpPostWork` `TpAllocWork` `RtlNtStatusToDosError` `TpSimpleTryPost` `TpSetWait` `TpCallbackMayRunLong` `TpReleasePool` `RtlVirtualUnwind` `RtlLookupFunctionEntry` `RtlCaptureContext` `RtlValidRelativeSecurityDescriptor` `EtwEventWrite` `NtQuerySystemInformation` `EtwGetTraceLoggerHandle` `EtwUnregisterTraceGuids` `EtwEventUnregister` `WinSqmIsOptedIn` `WinSqmSetDWORD` `WinSqmAddToStreamEx` `WinSqmIncrementDWORD` `EtwRegisterTraceGuidsW` `EtwTraceMessage` `EtwEventRegister` `EtwGetTraceEnableFlags` `EtwGetTraceEnableLevel` `RtlIpv6AddressToStringW`
api-ms-win-core-synch-l1-2-0.dll	`ReleaseMutex` `AcquireSRWLockExclusive` `ReleaseSRWLockExclusive` `InitializeCriticalSection` `CreateMutexW` `AcquireSRWLockShared` `InitializeSRWLock` `SetEvent` `CreateEventW` `OpenEventW` `EnterCriticalSection` `ReleaseSRWLockShared` `LeaveCriticalSection` `WaitForSingleObject` `Sleep` `InitializeCriticalSectionAndSpinCount`
api-ms-win-core-libraryloader-l1-2-0.dll	`GetModuleHandleW` `DisableThreadLibraryCalls`
api-ms-win-core-processthreads-l1-1-2.dll	`TerminateProcess` `GetCurrentProcess` `ExitThread` `GetCurrentThreadId` `TlsAlloc` `CreateThread` `TlsGetValue` `CreateProcessAsUserW` `TlsSetValue` `SetPriorityClass` `TlsFree` `SetThreadToken` `OpenProcess` `GetCurrentProcessId` `OpenProcessToken` `GetCurrentThread` `OpenThreadToken` `ExitProcess`
api-ms-win-core-errorhandling-l1-1-1.dll	`SetLastError` `GetLastError` `RaiseException` `SetErrorMode` `SetUnhandledExceptionFilter` `GetErrorMode` `UnhandledExceptionFilter`
api-ms-win-core-handle-l1-1-0.dll	`CloseHandle` `DuplicateHandle`
api-ms-win-service-core-l1-1-1.dll	`SetServiceStatus` `StartServiceCtrlDispatcherW` `RegisterServiceCtrlHandlerExW`
api-ms-win-core-sysinfo-l1-2-1.dll	`GetSystemWindowsDirectoryW` `GetSystemTimeAsFileTime` `GetVersionExW` `GetSystemTime` `GetTickCount`
api-ms-win-core-heap-l1-2-0.dll	`HeapDestroy` `GetProcessHeap` `HeapSetInformation` `HeapCreate`
api-ms-win-core-registry-l1-1-0.dll	`RegQueryInfoKeyW` `RegGetKeySecurity` `RegDeleteTreeW` `RegDeleteKeyExW` `RegCloseKey` `RegCreateKeyExW` `RegEnumValueW` `RegOpenKeyExW` `RegGetValueW` `RegSetKeySecurity` `RegOpenCurrentUser` `RegDeleteValueW` `RegQueryValueExW` `RegDisablePredefinedCacheEx` `RegSetValueExW` `RegEnumKeyExW`
api-ms-win-core-debug-l1-1-1.dll	`OutputDebugStringW` `DebugBreak` `IsDebuggerPresent`
RPCRT4.dll	`RpcBindingFromStringBindingW` `RpcStringBindingComposeW` `I_RpcExceptionFilter` `RpcServerSubscribeForNotification` `RpcServerUnsubscribeForNotification` `Ndr64AsyncClientCall` `NdrClientCall3` `RpcBindingServerFromClient` `RpcBindingFree` `RpcStringBindingParseW` `RpcObjectSetType` `RpcServerInqBindingHandle` `RpcBindingVectorFree` `RpcBindingToStringBindingW` `RpcServerInterfaceGroupDeactivate` `RpcServerInterfaceGroupActivate` `RpcServerInterfaceGroupCreateW` `RpcEpRegisterW` `RpcServerTestCancel` `RpcServerRegisterAuthInfoW` `RpcSsContextLockExclusive` `RpcServerInqBindings` `RpcImpersonateClient` `RpcServerInqDefaultPrincNameW` `RpcServerRegisterIf` `RpcRevertToSelf` `I_RpcSessionStrictContextHandle` `I_RpcBindingIsClientLocal` `RpcRaiseException` `NdrServerCallAll` `RpcStringFreeW` `RpcMgmtSetServerStackSize` `RpcServerRegisterIf2` `RpcAsyncCompleteCall` `RpcRevertToSelfEx` `RpcSmDestroyClientContext` `I_RpcBindingInqTransportType` `RpcAsyncAbortCall` `NdrAsyncServerCall` `NdrServerCall2` `Ndr64AsyncServerCallAll`
api-ms-win-security-base-l1-2-0.dll	`CopySid` `DuplicateToken` `AddAccessDeniedAceEx` `GetLengthSid` `AddAce` `GetSecurityDescriptorDacl` `RevertToSelf` `IsWellKnownSid` `CreateWellKnownSid` `InitializeAcl` `GetAce` `SetSecurityDescriptorDacl` `InitializeSecurityDescriptor` `FreeSid` `GetAclInformation` `AddAccessAllowedAceEx` `SetTokenInformation` `ImpersonateLoggedOnUser` `GetSidSubAuthority` `GetSidSubAuthorityCount` `EqualSid` `DuplicateTokenEx` `GetTokenInformation` `CheckTokenMembership` `AllocateAndInitializeSid`
api-ms-win-core-profile-l1-1-0.dll	`QueryPerformanceCounter`
KERNEL32.dll	`GetProcAddress` `LocalFree` `SetThreadpoolTimer` `AddVectoredExceptionHandler` `ResetEvent` `HeapAlloc` `FreeLibrary` `LoadLibraryExW` `HeapFree` `GetModuleHandleExW` `DeleteCriticalSection` `GetComputerNameW` `lstrcmpiW` `QueueUserWorkItem` `ResolveDelayLoadedAPI` `CreateThreadpoolTimer` `WaitForThreadpoolTimerCallbacks` `CloseThreadpoolTimer` `GetTickCount64` `LoadLibraryW` `LocalAlloc`
api-ms-win-core-string-l1-1-0.dll	`CompareStringW` `WideCharToMultiByte`
api-ms-win-core-file-l1-2-1.dll	`DeleteFileW` `CreateFileW` `ReadFile` `GetTempFileNameW`
api-ms-win-core-file-l2-1-1.dll	`MoveFileExW`
api-ms-win-core-console-l1-1-0.dll	`SetConsoleCtrlHandler`
DNSAPI.dll	`DnsQuery_W` `DnsFree`
api-ms-win-power-base-l1-1-0.dll	`GetPwrCapabilities`
POWRPROF.dll	`PowerDeterminePlatformRole`
api-ms-win-core-com-l1-1-1.dll (delay-loaded)	`IIDFromString` `CoGetObjectContext` `CoTaskMemFree` `StringFromCLSID` `CoCreateInstance` `CoCreateGuid` `CoInitializeEx` `CoUninitialize` `StringFromIID` `CoFreeUnusedLibrariesEx`

Delayed Imports

Attributes	`0x1`
Name	`api-ms-win-core-com-l1-1-1.dll`
ModuleHandle	`0xa76d0`
DelayImportAddressTable	`0xa7000`
DelayImportNameTable	`0xa1c10`
BoundDelayImportTable	`0`
UnloadDelayImportTable	`0`
TimeStamp	`1970-Jan-01 00:00:00`

PrvOpenPrinterExW

Ordinal	`1`
Address	`0x8ff64`

PrvPackStrings

Ordinal	`2`
Address	`0x1b80`

PrvRouterCorePrinterDriverInstalled

Ordinal	`3`
Address	`0x90bc4`

PrvRouterCreatePrintAsyncNotificationChannel

Ordinal	`4`
Address	`0x95390`

PrvRouterDeletePrinterDriverPackage

Ordinal	`5`
Address	`0x90c88`

PrvRouterGetCorePrinterDrivers

Ordinal	`6`
Address	`0x90d14`

PrvRouterGetPrintClassObject

Ordinal	`7`
Address	`0x59f8`

PrvRouterGetPrinterDriverPackagePath

Ordinal	`8`
Address	`0x90dc4`

PrvRouterInstallPrinterDriverFromPackage

Ordinal	`9`
Address	`0xa6f0`

PrvRouterRegisterForPrintAsyncNotifications

Ordinal	`10`
Address	`0x4b724`

PrvRouterUnregisterForPrintAsyncNotifications

Ordinal	`11`
Address	`0x954e0`

PrvRouterUploadPrinterDriverPackage

Ordinal	`12`
Address	`0x90ea0`

ServerGetPrintClassObject

Ordinal	`13`
Address	`0x771b4`

YAbortPrinter

Ordinal	`14`
Address	`0x733f8`

YAddJob

Ordinal	`15`
Address	`0x73534`

YDriverUnloadComplete

Ordinal	`16`
Address	`0x74bfc`

YEndDocPrinter

Ordinal	`17`
Address	`0x3eb88`

YEndPagePrinter

Ordinal	`18`
Address	`0x3e64c`

YFlushPrinter

Ordinal	`19`
Address	`0x75818`

YGetPrinter

Ordinal	`20`
Address	`0x2c90`

YGetPrinterDriver2

Ordinal	`21`
Address	`0x74fc`

YGetPrinterDriverDirectory

Ordinal	`22`
Address	`0xb508`

YReadPrinter

Ordinal	`23`
Address	`0x76280`

YSeekPrinter

Ordinal	`24`
Address	`0x7651c`

YSetJob

Ordinal	`25`
Address	`0x76640`

YSetPort

Ordinal	`26`
Address	`0x76740`

YSetPrinter

Ordinal	`27`
Address	`0x8534`

YSplReadPrinter

Ordinal	`28`
Address	`0x768cc`

YStartDocPrinter

Ordinal	`29`
Address	`0x42568`

YStartPagePrinter

Ordinal	`30`
Address	`0x3e744`

YWritePrinter

Ordinal	`31`
Address	`0x76aa8`

GetSpoolerTlsIndexes

Ordinal	`32`
Address	`0x48718`

PrvAbortPrinter

Ordinal	`33`
Address	`0x92118`

PrvAddFormW

Ordinal	`34`
Address	`0x910ec`

PrvAddJobW

Ordinal	`35`
Address	`0x89790`

PrvAddMonitorW

Ordinal	`36`
Address	`0x93024`

PrvAddPerMachineConnectionW

Ordinal	`37`
Address	`0x95004`

PrvAddPortExW

Ordinal	`38`
Address	`0x930b0`

PrvAddPortW

Ordinal	`39`
Address	`0x9313c`

PrvAddPrintProcessorW

Ordinal	`40`
Address	`0x91128`

PrvAddPrintProvidorW

Ordinal	`41`
Address	`0x911fc`

PrvAddPrinterConnectionW

Ordinal	`42`
Address	`0x3db50`

PrvAddPrinterDriverExW

Ordinal	`43`
Address	`0x91310`

PrvAddPrinterDriverW

Ordinal	`44`
Address	`0x91430`

PrvAddPrinterExW

Ordinal	`45`
Address	`0x8e38`

PrvAddPrinterW

Ordinal	`46`
Address	`0x90140`

PrvAdjustPointers

Ordinal	`47`
Address	`0x86918`

PrvAdjustPointersInStructuresArray

Ordinal	`48`
Address	`0x86974`

PrvAlignKMPtr

Ordinal	`49`
Address	`0x87b00`

PrvAlignRpcPtr

Ordinal	`50`
Address	`0x1fdc`

PrvAllocSplStr

Ordinal	`51`
Address	`0x1f00`

PrvAllowRemoteCalls

Ordinal	`52`
Address	`0x95598`

PrvAppendPrinterNotifyInfoData

Ordinal	`53`
Address	`0x35b4`

PrvBuildOtherNamesFromMachineName

Ordinal	`54`
Address	`0x480c4`

PrvCacheAddName

Ordinal	`55`
Address	`0x17f0`

PrvCacheCreateAndAddNode

Ordinal	`56`
Address	`0x48acc`

PrvCacheCreateAndAddNodeWithIPAddresses

Ordinal	`57`
Address	`0x956a4`

PrvCacheDeleteNode

Ordinal	`58`
Address	`0x956c8`

PrvCacheIsNameCluster

Ordinal	`59`
Address	`0x956e0`

PrvCacheIsNameInNodeList

Ordinal	`60`
Address	`0x95780`

PrvCallDrvDevModeConversion

Ordinal	`61`
Address	`0x92d0`

PrvCallRouterFindFirstPrinterChangeNotification

Ordinal	`62`
Address	`0x88da0`

PrvCheckLocalCall

Ordinal	`63`
Address	`0x1a20`

PrvClosePrinter

Ordinal	`64`
Address	`0x29f0`

PrvConfigurePortW

Ordinal	`65`
Address	`0x93228`

PrvCreatePrinterIC

Ordinal	`66`
Address	`0x45c54`

PrvDeleteFormW

Ordinal	`67`
Address	`0x914ac`

PrvDeleteMonitorW

Ordinal	`68`
Address	`0x9331c`

PrvDeletePerMachineConnectionW

Ordinal	`69`
Address	`0x950b8`

PrvDeletePortW

Ordinal	`70`
Address	`0x93398`

PrvDeletePrintProcessorW

Ordinal	`71`
Address	`0x914e8`

PrvDeletePrintProvidorW

Ordinal	`72`
Address	`0x91570`

PrvDeletePrinter

Ordinal	`73`
Address	`0x8800`

PrvDeletePrinterConnectionW

Ordinal	`74`
Address	`0x9514c`

PrvDeletePrinterDataExW

Ordinal	`75`
Address	`0x9015c`

PrvDeletePrinterDataW

Ordinal	`76`
Address	`0x90198`

PrvDeletePrinterDriverExW

Ordinal	`77`
Address	`0x917cc`

PrvDeletePrinterDriverW

Ordinal	`78`
Address	`0x918a0`

PrvDeletePrinterIC

Ordinal	`79`
Address	`0x45f24`

PrvDeletePrinterKeyW

Ordinal	`80`
Address	`0x901d4`

PrvDllAllocSplMem

Ordinal	`81`
Address	`0x1190`

PrvDllAllocSplStr

Ordinal	`82`
Address	`0xedd0`

PrvDllFreeSplMem

Ordinal	`83`
Address	`0x1200`

PrvDllFreeSplStr

Ordinal	`84`
Address	`0x1320`

PrvDllReallocSplMem

Ordinal	`85`
Address	`0xee4c`

PrvDllReallocSplStr

Ordinal	`86`
Address	`0x87b58`

PrvEndDocPrinter

Ordinal	`87`
Address	`0x3ebd4`

PrvEndPagePrinter

Ordinal	`88`
Address	`0x3e6ac`

PrvEnumFormsW

Ordinal	`89`
Address	`0x9195c`

PrvEnumJobsW

Ordinal	`90`
Address	`0x42350`

PrvEnumMonitorsW

Ordinal	`91`
Address	`0x9348c`

PrvEnumPerMachineConnectionsW

Ordinal	`92`
Address	`0xd40c`

PrvEnumPortsW

Ordinal	`93`
Address	`0xa4a4`

PrvEnumPrintProcessorDatatypesW

Ordinal	`94`
Address	`0x919ac`

PrvEnumPrintProcessorsW

Ordinal	`95`
Address	`0x91a7c`

PrvEnumPrinterDataExW

Ordinal	`96`
Address	`0x90210`

PrvEnumPrinterDataW

Ordinal	`97`
Address	`0x9024c`

PrvEnumPrinterDriversW

Ordinal	`98`
Address	`0xebf4`

PrvEnumPrinterKeyW

Ordinal	`99`
Address	`0x902c8`

PrvEnumPrintersW

Ordinal	`100`
Address	`0x4158`

PrvFindClosePrinterChangeNotification

Ordinal	`101`
Address	`0x5c08`

PrvFlushPrinter

Ordinal	`102`
Address	`0x92154`

PrvFormatPrinterForRegistryKey

Ordinal	`103`
Address	`0x2c30`

PrvFormatRegistryKeyForPrinter

Ordinal	`104`
Address	`0x90304`

PrvFreeOtherNames

Ordinal	`105`
Address	`0x92dc4`

PrvGetFormW

Ordinal	`106`
Address	`0x41ed4`

PrvGetJobAttributes

Ordinal	`107`
Address	`0x91ba0`

PrvGetJobAttributesEx

Ordinal	`108`
Address	`0x91bd0`

PrvGetJobW

Ordinal	`109`
Address	`0x8f698`

PrvGetNetworkId

Ordinal	`110`
Address	`0x95a1c`

PrvGetPrintProcessorDirectoryW

Ordinal	`111`
Address	`0x91e28`

PrvGetPrinterDataExW

Ordinal	`112`
Address	`0x9120`

PrvGetPrinterDataW

Ordinal	`113`
Address	`0x90350`

PrvGetPrinterDriverDirectoryW

Ordinal	`114`
Address	`0xb59c`

PrvGetPrinterDriverExW

Ordinal	`115`
Address	`0x7670`

PrvGetPrinterDriverW

Ordinal	`116`
Address	`0x33f0`

PrvGetPrinterW

Ordinal	`117`
Address	`0x2e50`

PrvGetServerPolicy

Ordinal	`118`
Address	`0xecb8`

PrvGetShrinkedSize

Ordinal	`119`
Address	`0x2030`

PrvGetSpoolerTlsIndexes

Ordinal	`120`
Address	`0x48718`

PrvImpersonatePrinterClient

Ordinal	`121`
Address	`0x1db0`

PrvInitializeRouter

Ordinal	`122`
Address	`0x47bac`

PrvIsNameTheLocalMachineOrAClusterSpooler

Ordinal	`123`
Address	`0xb170`

PrvIsNamedPipeRpcCall

Ordinal	`124`
Address	`0x46214`

PrvMIDL_user_allocate

Ordinal	`125`
Address	`0x1c80`

PrvMIDL_user_allocate1

Ordinal	`126`
Address	`0x1c80`

PrvMIDL_user_free

Ordinal	`127`
Address	`0x1200`

PrvMIDL_user_free1

Ordinal	`128`
Address	`0x1200`

PrvMarshallDownStructure

Ordinal	`129`
Address	`0x2bf8`

PrvMarshallDownStructuresArray

Ordinal	`130`
Address	`0x53b0`

PrvMarshallUpStructure

Ordinal	`131`
Address	`0x869fc`

PrvMarshallUpStructuresArray

Ordinal	`132`
Address	`0x86a7c`

PrvOldGetPrinterDriverW

Ordinal	`133`
Address	`0x91f38`

PrvOpenPrinter2W

Ordinal	`134`
Address	`0x4d3c`

PrvOpenPrinterPort2W

Ordinal	`135`
Address	`0x9038c`

PrvOpenPrinterW

Ordinal	`136`
Address	`0x2980`

PrvPartialReplyPrinterChangeNotification

Ordinal	`137`
Address	`0x3758`

PrvPlayGdiScriptOnPrinterIC

Ordinal	`138`
Address	`0x45e10`

PrvPrinterHandleRundown

Ordinal	`139`
Address	`0x3db00`

PrvPrinterMessageBoxW

Ordinal	`140`
Address	`0x92198`

PrvProvidorFindClosePrinterChangeNotification

Ordinal	`141`
Address	`0x874b0`

PrvProvidorFindFirstPrinterChangeNotification

Ordinal	`142`
Address	`0x874c8`

PrvReadPrinter

Ordinal	`143`
Address	`0x921d0`

PrvReallocSplMem

Ordinal	`144`
Address	`0xee44`

PrvReallocSplStr

Ordinal	`145`
Address	`0x87ba8`

PrvRemoteFindFirstPrinterChangeNotification

Ordinal	`146`
Address	`0x87570`

PrvReplyClosePrinter

Ordinal	`147`
Address	`0x88f50`

PrvReplyOpenPrinter

Ordinal	`148`
Address	`0x8905c`

PrvReplyPrinterChangeNotification

Ordinal	`149`
Address	`0x3840`

PrvReplyPrinterChangeNotificationEx

Ordinal	`150`
Address	`0x89558`

PrvReportJobProcessingProgress

Ordinal	`151`
Address	`0x920f0`

PrvResetPrinterW

Ordinal	`152`
Address	`0x41e70`

PrvRevertToPrinterSelf

Ordinal	`153`
Address	`0x1e60`

PrvRouterAddPrinterConnection2

Ordinal	`154`
Address	`0x9519c`

PrvRouterAllocBidiMem

Ordinal	`155`
Address	`0x1c80`

PrvRouterAllocBidiResponseContainer

Ordinal	`156`
Address	`0x92e10`

PrvRouterAllocPrinterNotifyInfo

Ordinal	`157`
Address	`0x3700`

PrvRouterBroadcastMessage

Ordinal	`158`
Address	`0x672c`

PrvRouterFindCompatibleDriver

Ordinal	`159`
Address	`0x91fb0`

PrvRouterFindFirstPrinterChangeNotification

Ordinal	`160`
Address	`0x3ea0`

PrvRouterFindNextPrinterChangeNotification

Ordinal	`161`
Address	`0x3a80`

PrvRouterFreeBidiMem

Ordinal	`162`
Address	`0x1200`

PrvRouterFreeBidiResponseContainer

Ordinal	`163`
Address	`0x92e38`

PrvRouterFreePrinterNotifyInfo

Ordinal	`164`
Address	`0x82d0`

PrvRouterInternalGetPrinterDriver

Ordinal	`165`
Address	`0x9200c`

PrvRouterRefreshPrinterChangeNotification

Ordinal	`166`
Address	`0x423f0`

PrvRouterReplyPrinter

Ordinal	`167`
Address	`0x89190`

PrvRouterSpoolerSetPolicy

Ordinal	`168`
Address	`0x8fec8`

PrvScheduleJob

Ordinal	`169`
Address	`0x8f728`

PrvSeekPrinter

Ordinal	`170`
Address	`0x9220c`

PrvSendRecvBidiData

Ordinal	`171`
Address	`0x7864`

PrvSetFormW

Ordinal	`172`
Address	`0x92078`

PrvSetJobW

Ordinal	`173`
Address	`0x3eab0`

PrvSetPortW

Ordinal	`174`
Address	`0x936a8`

PrvSetPrinterDataExW

Ordinal	`175`
Address	`0x90408`

PrvSetPrinterDataW

Ordinal	`176`
Address	`0x9274`

PrvSetPrinterW

Ordinal	`177`
Address	`0x8630`

PrvSplCloseSpoolFileHandle

Ordinal	`178`
Address	`0x41ca0`

PrvSplCommitSpoolData

Ordinal	`179`
Address	`0x3ef48`

PrvSplDriverUnloadComplete

Ordinal	`180`
Address	`0x90444`

PrvSplGetClientUserHandle

Ordinal	`181`
Address	`0x10314`

PrvSplGetSpoolFileInfo

Ordinal	`182`
Address	`0x46110`

PrvSplGetUserSidStringFromToken

Ordinal	`183`
Address	`0x5128`

PrvSplInitializeWinSpoolDrv

Ordinal	`184`
Address	`0xee9c`

PrvSplIsSessionZero

Ordinal	`185`
Address	`0x92260`

PrvSplIsUpgrade

Ordinal	`186`
Address	`0x1ed0`

PrvSplProcessPnPEvent

Ordinal	`187`
Address	`0x7d00`

PrvSplProcessSessionEvent

Ordinal	`188`
Address	`0x1068c`

PrvSplPromptUIInUsersSession

Ordinal	`189`
Address	`0x922e8`

PrvSplQueryUserInfo

Ordinal	`190`
Address	`0xdcec`

PrvSplReadPrinter

Ordinal	`191`
Address	`0x923a8`

PrvSplRegisterForDeviceEvents

Ordinal	`192`
Address	`0x88104`

PrvSplRegisterForSessionEvents

Ordinal	`193`
Address	`0x4c340`

PrvSplShutDownRouter

Ordinal	`194`
Address	`0x878c0`

PrvSplUnregisterForDeviceEvents

Ordinal	`195`
Address	`0x881f8`

PrvSplUnregisterForSessionEvents

Ordinal	`196`
Address	`0x87f1c`

PrvSpoolerFindClosePrinterChangeNotification

Ordinal	`197`
Address	`0x876c4`

PrvSpoolerFindFirstPrinterChangeNotification

Ordinal	`198`
Address	`0x876d0`

PrvSpoolerFindNextPrinterChangeNotification

Ordinal	`199`
Address	`0x87780`

PrvSpoolerFreePrinterNotifyInfo

Ordinal	`200`
Address	`0x877b0`

PrvSpoolerHasInitialized

Ordinal	`201`
Address	`0x87af0`

PrvSpoolerInit

Ordinal	`202`
Address	`0xb8e0`

PrvSpoolerRefreshPrinterChangeNotification

Ordinal	`203`
Address	`0x877bc`

PrvStartDocPrinterW

Ordinal	`204`
Address	`0x42650`

PrvStartPagePrinter

Ordinal	`205`
Address	`0x3e7a4`

PrvUndoAlignKMPtr

Ordinal	`206`
Address	`0x87bb0`

PrvUndoAlignRpcPtr

Ordinal	`207`
Address	`0x1fa0`

PrvUpdateBufferSize

Ordinal	`208`
Address	`0x86be4`

PrvUpdatePrinterRegAll

Ordinal	`209`
Address	`0x790c`

PrvUpdatePrinterRegUser

Ordinal	`210`
Address	`0x7a20`

PrvWaitForPrinterChange

Ordinal	`211`
Address	`0x9074c`

PrvWaitForSpoolerInitialization

Ordinal	`212`
Address	`0x1c54`

PrvWritePrinter

Ordinal	`213`
Address	`0x92540`

PrvXcvDataW

Ordinal	`214`
Address	`0x920b4`

PrvbGetDevModePerUser

Ordinal	`215`
Address	`0x3df70`

PrvbSetDevModePerUser

Ordinal	`216`
Address	`0x8350`

RouterLogJobInfoForBranchOffice

Ordinal	`217`
Address	`0x8f6ec`

SplUalCollectData

Ordinal	`218`
Address	`0x70684`

1

Type	`MUI`
Language	English - United States
Codepage	UNKNOWN
Size	`0xd0`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.71514`
MD5	`f906a97b8f437f1d6dafd650778c0b03`
SHA1	`b8f7e8ae283ec0937e7abb3970b69d5412880f62`
SHA256	`c27f16fca9a94252feea5493008229716069a03b49f4c9aacb635114077343f0`
SHA3	`5785d84b2dd93b5adcb10117c200a4049808cacdaa6208e5283e06b263483e54`

1 (#2)

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x128`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.14859`
MD5	`3afe244746ad2284376c76c49a0d413d`
SHA1	`80b429d4e53aea07c49aee2981850e6ba312e20d`
SHA256	`0c604f14238e4e2f20e1678e31c7c26504789ae650812df7c84698dacb7a67bf`
SHA3	`1ae7d0afa6857b7b63b921f3d5869b2d58fa8a0db87baca429f037303a47a132`

2

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x568`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`1.69366`
MD5	`89ec396637ec37ed6aae43a7bb805430`
SHA1	`3dab339b6dec0573f305d84f3ba9de84bda7d46d`
SHA256	`9f3292828fc395c333efa19744ca50c059c96a4304e38a56ba73e73dcbbcb096`
SHA3	`cc32e6f9b194f452e16bd0ae17d76fe6f7acbcdfd5fe97f8bc8d698990dbf516`

3

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x1e8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`0`
MD5	`cc47869e3b4a5dedfc1831bb15dee3a9`
SHA1	`b3eca1862c3ea0da9b9a5ebba1f2f9d1789f0e9f`
SHA256	`f8afcaf4ddde4b7d144069a66a2a5f6ee05b9652f6de33095ae49251486216af`
SHA3	`7efdc4ef6ed4576da2626bf5cf624812cc945e6c8957f51a10d463337ca2a462`

4

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x6c8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`0`
MD5	`a2820cae8201eadc4f97314c0f38bd56`
SHA1	`d07ccf6e76d35ccc35ac3b00afb9013717a6f6bc`
SHA256	`5143e23147bfac51c54586986c429d702b87f5dffb2cc307ddb1b54a0b082250`
SHA3	`623edf57cca3dd10a5f11fb085687467b014a13dccd5ca59907eddecc41bb6a8`

5

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x2e8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`0`
MD5	`809457c05fe696f5d34ac5ac8768cdd4`
SHA1	`a2c3e4966415100c7d24f7f3dc7e27d2a60d20c9`
SHA256	`1b66520d471367f736d50c070a2e2bba8ad88ac58743394a764b888e9cb6f6be`
SHA3	`002d1b10f28d74c7572fc7c5b403eb32f2a0540c4958d7878ef67edfd17c8109`

6

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x8a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`0`
MD5	`28f8d082df931688124f25f23c688904`
SHA1	`2f057655ecdd3ab25cfe985714e270786ce16cae`
SHA256	`4e7a8c59942ff527ff680aa88cc66bb8c8e7b6c02a018bc85ba36794e278670f`
SHA3	`99f004163a598b6df87372bd9b7d5e7704dbfdf7cfb3ec96da9e31c0275f7465`

7

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x668`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`0`
MD5	`7371e95ba5fa6610d14c061379672043`
SHA1	`b89b3859959484bf522a89e5fbb1f3b2f328c348`
SHA256	`b8883734e15688eb76e149e782b649a1cb93e3d651423484cc2b2a3594154aa8`
SHA3	`4d4a9ae220fbfcb549d40c2cc59ca08fe518cec24373667670031b6cd105ec1b`

8

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0xea8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`0`
MD5	`0d3a12fd3f68decc694da04b57e61d8c`
SHA1	`f73d4d591f6ef0b2b04fc90d2e840329f7590743`
SHA256	`ee0352f75df1009fa6f5eaf323a1ed55c127cc679ac6b9de70b1b3f8dc9ece76`
SHA3	`42ec79da319d9c0b1f8ee21fbb28002d15857d9af0c8a1f2db5e41f6c5e23c88`

9

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x468`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`0`
MD5	`7e1b34650fb04bc15a494a1d712cffee`
SHA1	`43e1808e4308baf093556946552f4fabc05278d8`
SHA256	`3731b0a75ab19d96b774da62d37eccacd517c6593af20aa66525dc0b951cdba9`
SHA3	`79a9c096a1a56ae4f98f1e8ad4c44fa5c08e5d98e745898df9031e3b3a13c46c`

10

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x988`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`0`
MD5	`3462b7a2cb5f489f9e9012eb56787cc8`
SHA1	`7f3770ad113e424f8191654cd2fc5ff451a46ad9`
SHA256	`e3341c3186e13ce5b81511d3aa442c73c704a38f108b73cb41e1ae3490ceb346`
SHA3	`2f2a3475eab6b1ad1854fa88088f456fa5dc0ba3ae36c27c68b07835c76a2f54`

11

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x10a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`0`
MD5	`90d19bb4d7b1bd1f5622b062bc0891cf`
SHA1	`91510007472b7a3315cedbda969a5be3b5cde65d`
SHA256	`6389684b4c4ad12dc53c8cbbce4cf65f283c8fb4d8b98d90df7485a9424873fa`
SHA3	`d14149dadcdecf72a0be141f3642cceaf76d53cdf92bc5558735d47dd9b03805`

12

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x25a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`0`
MD5	`5f47a9d9640cc99d066c5784ba9df434`
SHA1	`816875cae3e19301f90358469c53cdd91d33af34`
SHA256	`559eb05d39a8e243be3e4b051e94f6572a487cc6f90c4847f333d61fe887b28d`
SHA3	`fc26364868396d506e74e7070d46e4704b69e6b1a2a50ac14c10542c18892e76`

13

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x6328`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`0.188184`
MD5	`15629c05d9cc313fda54aadd221b1415`
SHA1	`cf7fb1600321557fe3108321c3268ca3c44cacff`
SHA256	`e6fb7b684491949a29e5baf68937b29aafea95e720e09edbdcd109469e8ff38a`
SHA3	`b352908eae7fc4d5ec0835f6c447cec8acb1b2a50a09d8f14b15b9559ed0046f`

1 (#3)

Type	`RT_GROUP_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0xbc`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.05839`
Detected Filetype	Icon file
MD5	`d8add58c69f4a41f24cb7a68109f0165`
SHA1	`0d0f64f128e71a4e2cff0a0fe879df3f3974bbf6`
SHA256	`003d500d5331b0a1711c818c44b64abd9870a689745e800ca1061bfa6d786304`
SHA3	`900ffe0c28b259a7ec323924d8e4317706f144dc1bdcb6c0f9bfb4361e4d0bdb`

1 (#4)

Type	`RT_VERSION`
Language	English - United States
Codepage	UNKNOWN
Size	`0x398`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.54436`
MD5	`a949dca42593718e31395c456f8cab18`
SHA1	`036a108174f9f17a95357d90b84d89916260a009`
SHA256	`c434a10917d7f20f8b61f5c74898256ab3ba38fdab9de8e63d5f937e851a8fb3`
SHA3	`91b8a3a272e250f5d200a12d8f6534520759489bd2f32c3a372fbe8c0c88b1a9`

1 (#5)

Type	`RT_MANIFEST`
Language	English - United States
Codepage	UNKNOWN
Size	`0x2ba`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.91634`
MD5	`731e9f24e0b63fe8657751db95a200ed`
SHA1	`4dc9b546c8231da0581f178fe3c881e204119d64`
SHA256	`d986db76914bbcec08880c9753e047f2226f9890fd2170ae9c688e9507b3d271`
SHA3	`450521e9c0641cc895c9ddef6658b167369ab1e72bdcf5fb66fc425a385f3b4b`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	6.3.9600.16384
ProductVersion	6.3.9600.16384
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT` `VOS_NT_WINDOWS32` `VOS_WINCE` `VOS__WINDOWS32`
FileType	`VFT_APP`
Language	English - United States
CompanyName	Microsoft Corporation
FileDescription	Spooler SubSystem App
FileVersion (#2)	6.3.9600.16384 (winblue_rtm.130821-1623)
InternalName	spoolsv.exe
LegalCopyright	© Microsoft Corporation. All rights reserved.
OriginalFilename	spoolsv.exe
ProductName	Microsoft® Windows® Operating System
ProductVersion (#2)	6.3.9600.16384

Resource LangID	English - United States

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics	`0`
TimeDateStamp	2013-Aug-22 09:10:08
Version	`0.0`
SizeofData	`36`
AddressOfRawData	`0xa20c0`
PointerToRawData	`0xa14c0`
Referenced File	spoolsv.pdb

IMAGE_DEBUG_TYPE_RESERVED

Characteristics	`0`
TimeDateStamp	2013-Aug-22 09:10:08
Version	`565.30117`
SizeofData	`8`
AddressOfRawData	`0xa20b8`
PointerToRawData	`0xa14b8`

TLS Callbacks

Load Configuration

Size	`0x94`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x7ff6d88d76c8`

RICH Header

XOR Key	`0x5d054d7f`
Unmarked objects	`0`
Imports (VS2008 SP1 build 30729)	`42`
ASM objects (65501)	`1`
C++ objects (65501)	`2`
C objects (65501)	`24`
Imports (65501)	`11`
Total imports	`338`
216 (65501)	`158`
Exports (65501)	`1`
Resource objects (65501)	`1`
Linker (65501)	`1`