Manalyze report for f02b20e4efecc33de320b7742e927ae7

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2039-Dec-17 16:19:07
Detected languages	English - United States
Debug artifacts	Taskmgr.pdb
CompanyName	Microsoft Corporation
FileDescription	Task Manager
FileVersion	`10.0.19041.1 (WinBuild.160101.0800)`
InternalName	Task Manager
LegalCopyright	© Microsoft Corporation. All rights reserved.
OriginalFilename	Taskmgr.exe
ProductName	Microsoft® Windows® Operating System
ProductVersion	`10.0.19041.1`

Plugin Output

Info	Matching compiler(s):	`Microsoft Visual C++ 6.0 - 8.0`
Suspicious	Strings found in the binary may indicate undesirable behavior:	`Contains references to system / monitoring tools: Taskmgr.exe rundll32.exe taskmgr.exe` `Contains references to internet browsers: chrome.exe firefox.exe iexplore.exe` `Contains references to security software: msmpeng.exe` `Tries to detect virtualized environments: HARDWARE\DESCRIPTION\System` `May have dropper capabilities: CurrentControlSet\Services CurrentVersion\Run` `Miscellaneous malware strings: cmd.exe` `Contains domain names: https://www.bing.com https://www.bing.com/search?q www.bing.com`
Suspicious	The PE is possibly packed.	`Unusual section name found: .imrsiv` `Unusual section name found: .didat`
Malicious	The PE contains functions mostly used by malware.	`[!] The program may be hiding some of its imports: LoadLibraryExW GetProcAddress LoadLibraryA LoadLibraryW` `Functions which can be used for anti-debugging purposes: NtQueryInformationProcess NtQuerySystemInformation FindWindowW` `Code injection capabilities (PowerLoader): GetWindowLongW FindWindowW` `Can access the registry: RegGetValueW RegCloseKey RegSetValueExW RegCreateKeyExW RegOpenKeyExW RegDeleteValueW RegQueryInfoKeyW RegQueryValueExW RegNotifyChangeKeyValue RegEnumValueW` `Possibly launches other programs: CreateProcessW ShellExecuteW` `Uses Windows's Native API: NtQueryInformationProcess ZwQueryWnfStateData NtQueryInformationThread NtSetInformationFile NtSetInformationProcess NtPowerInformation NtQuerySystemInformation NtQueryInformationFile NtQueryObject NtQueryTimerResolution NtQueryInformationToken NtOpenFile` `Can create temporary files: GetTempPathW CreateFileW` `Functions related to the privilege level: OpenProcessToken AdjustTokenPrivileges CheckTokenMembership` `Enumerates local disk drives: GetDriveTypeW GetLogicalDriveStringsW` `Manipulates other processes: OpenProcess ReadProcessMemory` `Can take screenshots: FindWindowW GetDC`
Info	The PE is digitally signed.	`Signer: Microsoft Windows` `Issuer: Microsoft Windows Production PCA 2011`
Safe	VirusTotal score: 0/69 (Scanned on 2020-10-01 10:48:33)	`All the AVs think this file is safe.`

Hashes

MD5	`f02b20e4efecc33de320b7742e927ae7`
SHA1	`c147b80c75170394d85761376fdd5f2fe3b0ff87`
SHA256	`1ab19c256e8141381b16bd17a9673ca6f7802a21e0be11360aef8a01a8cdf9ea`
SHA3	`5b85ab3c14a154581853c847d51e0b28090b7e1116008722faa2f1e458c47e1b`
SSDeep	`24576:3zMMJlLil1qNSrCM37F0D/QFD2ehFk0r+poMf1dKC:ZJlL3SLCQFyujaHf1dKC`
Imports Hash	`61c2d377e1b88f4587dc99334772afcd`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x100`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`7`
TimeDateStamp	2039-Dec-17 16:19:07
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_EXECUTABLE_IMAGE`

Image Optional Header

Magic	`PE32`
LinkerVersion	`14.0`
SizeOfCode	`0xc3200`
SizeOfInitializedData	`0x28e00`
SizeOfUninitializedData	`0x200`
AddressOfEntryPoint	`0x00056D60 (Section: .text)`
BaseOfCode	`0x1000`
BaseOfData	`0xc5000`
ImageBase	`0x400000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`A.0`
ImageVersion	`A.0`
SubsystemVersion	`A.0`
Win32VersionValue	`0`
SizeOfImage	`0xf1000`
SizeOfHeaders	`0x400`
Checksum	`0xec073`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY` `IMAGE_DLLCHARACTERISTICS_GUARD_CF` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x40000`
SizeofStackCommit	`0x2000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`5f4cd857d4b5088e2bcfbdf3148a14e0`
SHA1	`632c0e05dd1290869067eed0804b42de8339fe6e`
SHA256	`f84f8e0b28053ed97a6edf0567e1bc120f34f9606d806686ed26a5ce07304490`
SHA3	`c2d1cb7fcac5ce84765aa38642f6de9bf2d233a50e1d75b7065038955f4d9ae7`
VirtualSize	`0xc3024`
VirtualAddress	`0x1000`
SizeOfRawData	`0xc3200`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.43916`

.imrsiv

MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`
VirtualSize	`0x4`
VirtualAddress	`0xc5000`
SizeOfRawData	`0`
PointerToRawData	`0`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_UNINITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`

.data

MD5	`76953554d64bee34fb986c2cf22cc7fd`
SHA1	`55cc69a878d0058e4623b9dc2e013fafdb66cb28`
SHA256	`b5f46b2592e5cb056a9a27033acd4e8430f330ebbe6b5e4738244c6798c12e62`
SHA3	`f78df09bdd0cd60a6596d33525f061cf018cb18591666b30c4fbdb1f8a0a112d`
VirtualSize	`0xfa2c`
VirtualAddress	`0xc6000`
SizeOfRawData	`0xac00`
PointerToRawData	`0xc3600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`3.86814`

.idata

MD5	`38a41af08da3364cb04aa611a529365b`
SHA1	`282d7e30cfd768774c4a371f97fa754f0885bf92`
SHA256	`92058fbef0102568abaf718b2cca09825ac34fabe3f30ed1ad744658b4a22ce0`
SHA3	`3bc9014fc1c60ba3e37ddb8d9cdece6ed47256a86ef60cc34820f411b4116748`
VirtualSize	`0xa298`
VirtualAddress	`0xd6000`
SizeOfRawData	`0xa400`
PointerToRawData	`0xce200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.81832`

.didat

MD5	`dac1438400038d2e8ce35876ccc939a0`
SHA1	`6ce837a4da50b06b6613d2fa4bb709ee7d0fc219`
SHA256	`acd870423a569e36c1ef4c3281718b3436a27725788a5eff1f2cb225f099d2e1`
SHA3	`e9aa4e097711760f52bd5cf33c68c0f97d8c1dd07333a6ee2d78163e609c5350`
VirtualSize	`0x208`
VirtualAddress	`0xe1000`
SizeOfRawData	`0x400`
PointerToRawData	`0xd8600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`2.14731`

.rsrc

MD5	`669d392ef3c9ed9e000b4fed36608e9a`
SHA1	`b95ec148bc588a83863283b3fb3c4935de11a898`
SHA256	`e239378b994787e62fc6dab5fafdb964f7c69acd8f41e3f8f140b183dc5cea0c`
SHA3	`b2ec1706d46fb8a78e4edf34ebd6b5316be9074df524c2dc87deb931dfba91a0`
VirtualSize	`0xa98`
VirtualAddress	`0xe2000`
SizeOfRawData	`0xc00`
PointerToRawData	`0xd8a00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.31147`

.reloc

MD5	`950bf2ecd8e02bd07a5171754800f1b4`
SHA1	`6a84ee6b4da4afd9b3f994476a587c73deebea49`
SHA256	`7b8acfb4fc36314d8c9017234a373ed762bed702c21aa0c1c5a6acd32e56af86`
SHA3	`a55a84b83ab29def0b14bf14269b5d25931a0eaf3fe403969bcf7a31f27e8826`
VirtualSize	`0xdd64`
VirtualAddress	`0xe3000`
SizeOfRawData	`0xde00`
PointerToRawData	`0xd9600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`6.77074`

Imports

api-ms-win-crt-runtime-l1-1-0.dll	`_initterm_e` `_c_exit` `_register_thread_local_exe_atexit_callback` `_initterm`
api-ms-win-crt-private-l1-1-0.dll	`_o_exit` `_o_floor` `_o_free` `_o_iswalpha` `_o_iswdigit` `_o_iswspace` `_o_malloc` `_o_realloc` `memmove` `_o_terminate` `_o_toupper` `_o_towupper` `_o_wcstod` `_o_wcstok_s` `_o_wcstoul` `_except_handler4_common` `_o__wtol` `_o__wtoi` `_CxxThrowException` `wcsrchr` `wcsstr` `_o_ceil` `wcschr` `__std_terminate` `_o__wcsnicmp` `__CxxFrameHandler3` `_o__wcsicmp` `_o_bsearch` `_o__ui64tow_s` `_o__strnicmp` `_o__stricmp` `_o__set_new_mode` `_o__set_fmode` `_o__set_errno` `_o__set_app_type` `_o__seh_filter_exe` `_o__register_onexit_function` `_o__purecall` `_o__invalid_parameter_noinfo_noreturn` `_o__invalid_parameter_noinfo` `_o__initialize_wide_environment` `_o__initialize_onexit_table` `_o__i64tow_s` `_o__get_wide_winmain_command_line` `_o__get_errno` `_o__exit` `_o__errno` `_o__crt_atexit` `_o__controlfp_s` `_o__configure_wide_argv` `_o__configthreadlocale` `_o__CIsqrt` `_o__cexit` `_o__callnewh` `_o___stdio_common_vswscanf` `_o___stdio_common_vswprintf` `_o___stdio_common_vsnprintf_s` `_o___stdio_common_vfwprintf_s` `_o___std_exception_destroy` `_o___std_exception_copy` `_o___p__commode` `_o___acrt_iob_func` `memcmp` `memcpy` `_o_memcpy_s`
api-ms-win-crt-string-l1-1-0.dll	`memset`
api-ms-win-core-profile-l1-1-0.dll	`QueryPerformanceFrequency` `QueryPerformanceCounter`
api-ms-win-core-processthreads-l1-1-0.dll	`GetPriorityClass` `GetThreadPriority` `CreateProcessW` `TerminateProcess` `SetPriorityClass` `GetCurrentThread` `SetThreadPriority` `OpenProcessToken` `CreateThread` `GetExitCodeThread` `GetStartupInfoW` `SetProcessShutdownParameters` `GetCurrentProcess` `GetProcessTimes` `GetCurrentProcessId` `ProcessIdToSessionId` `GetCurrentThreadId`
api-ms-win-core-sysinfo-l1-1-0.dll	`GetSystemTime` `GetTickCount64` `GetSystemTimeAsFileTime` `GetLogicalProcessorInformationEx` `GetSystemDirectoryW` `GetTickCount` `GetLocalTime` `GetVersionExW` `GetComputerNameExW` `GetSystemInfo` `GlobalMemoryStatusEx`
api-ms-win-core-interlocked-l1-1-0.dll	`InitializeSListHead`
api-ms-win-core-debug-l1-1-0.dll	`OutputDebugStringA` `DebugBreak` `IsDebuggerPresent` `OutputDebugStringW`
api-ms-win-core-errorhandling-l1-1-0.dll	`GetErrorMode` `UnhandledExceptionFilter` `SetLastError` `GetLastError` `RaiseException` `SetErrorMode` `SetUnhandledExceptionFilter`
api-ms-win-core-processthreads-l1-1-1.dll	`IsProcessorFeaturePresent` `OpenProcess`
api-ms-win-core-libraryloader-l1-2-0.dll	`GetModuleFileNameW` `LoadStringW` `LoadLibraryExW` `GetModuleHandleW` `GetModuleHandleExW` `GetProcAddress` `GetModuleHandleA` `FreeLibrary` `GetModuleFileNameA`
api-ms-win-core-heap-l1-1-0.dll	`HeapFree` `GetProcessHeap` `HeapAlloc` `HeapReAlloc` `HeapSize` `HeapSetInformation`
api-ms-win-core-synch-l1-1-0.dll	`ReleaseSRWLockShared` `SetEvent` `OpenEventW` `ReleaseSRWLockExclusive` `CreateEventExW` `AcquireSRWLockExclusive` `InitializeSRWLock` `InitializeCriticalSection` `CreateMutexW` `CreateMutexExW` `WaitForSingleObjectEx` `ReleaseMutex` `OpenSemaphoreW` `ReleaseSemaphore` `WaitForSingleObject` `CreateSemaphoreExW` `CreateEventW` `InitializeCriticalSectionEx` `DeleteCriticalSection` `EnterCriticalSection` `LeaveCriticalSection` `ResetEvent` `InitializeCriticalSectionAndSpinCount` `TryEnterCriticalSection` `AcquireSRWLockShared`
api-ms-win-core-threadpool-l1-2-0.dll	`SetThreadpoolTimer` `CreateThreadpoolTimer` `WaitForThreadpoolTimerCallbacks` `CloseThreadpoolTimer`
api-ms-win-core-localization-l1-2-0.dll	`FormatMessageW` `GetThreadUILanguage` `GetLocaleInfoEx` `GetLocaleInfoW` `GetThreadPreferredUILanguages`
api-ms-win-eventing-provider-l1-1-0.dll	`EventRegister` `EventWriteTransfer` `EventSetInformation` `EventUnregister` `EventProviderEnabled`
api-ms-win-core-libraryloader-l1-2-1.dll	`LoadLibraryA` `LoadLibraryW`
api-ms-win-core-handle-l1-1-0.dll	`DuplicateHandle` `CloseHandle`
api-ms-win-core-registry-l1-1-0.dll	`RegGetValueW` `RegCloseKey` `RegSetValueExW` `RegCreateKeyExW` `RegOpenKeyExW` `RegDeleteValueW` `RegQueryInfoKeyW` `RegQueryValueExW` `RegNotifyChangeKeyValue` `RegEnumValueW`
api-ms-win-core-string-l1-1-0.dll	`MultiByteToWideChar` `CompareStringOrdinal` `CompareStringEx`
api-ms-win-core-heap-l2-1-0.dll	`LocalFree` `LocalAlloc`
api-ms-win-core-synch-l1-2-0.dll	`InitOnceExecuteOnce` `InitOnceComplete` `InitOnceBeginInitialize` `Sleep`
api-ms-win-security-base-l1-1-0.dll	`GetLengthSid` `AllocateAndInitializeSid` `FreeSid` `CopySid` `AdjustTokenPrivileges` `IsWellKnownSid` `EqualSid` `CreateWellKnownSid` `SetTokenInformation` `GetTokenInformation` `CheckTokenMembership`
api-ms-win-core-sysinfo-l1-2-0.dll	`GetSystemFirmwareTable` `GetNativeSystemInfo`
api-ms-win-core-datetime-l1-1-0.dll	`GetTimeFormatW` `GetDateFormatW`
api-ms-win-core-io-l1-1-1.dll	`CancelSynchronousIo`
api-ms-win-core-synch-l1-2-1.dll	`WaitForMultipleObjects`
api-ms-win-power-setting-l1-1-0.dll	`PowerSettingUnregisterNotification` `PowerSettingRegisterNotification`
api-ms-win-core-processenvironment-l1-1-0.dll	`GetCurrentDirectoryW` `ExpandEnvironmentStringsA` `ExpandEnvironmentStringsW`
api-ms-win-core-timezone-l1-1-0.dll	`FileTimeToSystemTime` `SystemTimeToFileTime` `SystemTimeToTzSpecificLocalTime`
OLEAUT32.dll	`#9` `#8` `#7` `#6` `#26` `#4` `#16` `#411` `#2`
api-ms-win-core-memory-l1-1-1.dll	`VirtualUnlock`
api-ms-win-core-file-l1-2-0.dll	`GetVolumePathNamesForVolumeNameW` `GetTempPathW`
api-ms-win-core-path-l1-1-0.dll	`PathCchAppend` `PathCchCombine` `PathCchCanonicalize`
api-ms-win-core-file-l1-1-0.dll	`FindVolumeClose` `CreateFileW` `FindNextVolumeW` `GetFileType` `FindFirstVolumeW` `FindCloseChangeNotification` `FindNextFileW` `GetLongPathNameW` `FindFirstFileW` `GetDriveTypeW` `QueryDosDeviceW` `FindClose` `GetLogicalDriveStringsW` `FindFirstChangeNotificationW` `FindNextChangeNotification` `CompareFileTime` `GetFileAttributesExW`
api-ms-win-core-wow64-l1-1-0.dll	`IsWow64Process`
api-ms-win-core-version-l1-1-0.dll	`GetFileVersionInfoSizeExW` `GetFileVersionInfoExW` `VerQueryValueW`
api-ms-win-core-string-l2-1-0.dll	`CharLowerW` `CharUpperBuffW`
api-ms-win-core-memory-l1-1-0.dll	`ReadProcessMemory`
api-ms-win-core-version-l1-1-1.dll	`GetFileVersionInfoSizeW` `GetFileVersionInfoW`
api-ms-win-core-datetime-l1-1-2.dll	`GetDurationFormatEx`
api-ms-win-core-datetime-l1-1-1.dll	`GetDateFormatEx`
api-ms-win-core-psapi-l1-1-0.dll	`QueryFullProcessImageNameW`
api-ms-win-core-sysinfo-l1-2-2.dll	`GetProcessorSystemCycleTime`
api-ms-win-core-io-l1-1-0.dll	`DeviceIoControl`
api-ms-win-core-sysinfo-l1-2-1.dll	`GetPhysicallyInstalledSystemMemory`
api-ms-win-core-localization-l2-1-0.dll	`GetNumberFormatEx`
api-ms-win-core-string-l2-1-1.dll	`SHLoadIndirectString`
api-ms-win-core-winrt-error-l1-1-0.dll	`RoTransformError` `GetRestrictedErrorInfo` `RoOriginateError` `SetRestrictedErrorInfo`
api-ms-win-core-kernel32-legacy-l1-1-0.dll	`GetComputerNameW` `MulDiv`
api-ms-win-core-threadpool-legacy-l1-1-0.dll	`QueueUserWorkItem` `CreateTimerQueueTimer` `DeleteTimerQueueTimer`
api-ms-win-core-shlwapi-legacy-l1-1-0.dll	`PathGetArgsW` `PathIsPrefixW` `PathIsRelativeW` `SHExpandEnvironmentStringsW` `PathStripPathW` `PathRemoveExtensionW` `PathRemoveBlanksW` `PathRemoveBackslashW` `PathFileExistsW`
api-ms-win-core-windowserrorreporting-l1-1-3.dll	`RegisterApplicationRestart`
api-ms-win-core-pcw-l1-1-0.dll	`PcwCollectData` `PcwCreateQuery` `PcwAddQueryItem`
NSI.dll	`NsiGetParameter`
COMCTL32.dll	`ImageList_CoCreateInstance`
ntdll.dll	`NtQueryInformationProcess` `RtlImageNtHeader` `RtlFreeHeap` `RtlAllocateHeap` `RtlTimeToElapsedTimeFields` `RtlSecondsSince1970ToTime` `ZwQueryWnfStateData` `RtlNtStatusToDosError` `NtQueryInformationThread` `NtSetInformationFile` `NtSetInformationProcess` `EtwCheckCoverage` `RtlNumberOfSetBitsUlongPtr` `NtPowerInformation` `LdrQueryProcessModuleInformation` `NtQuerySystemInformation` `RtlIpv6AddressToStringExW` `RtlIpv4AddressToStringExW` `NtQueryInformationFile` `NtQueryObject` `RtlCheckPortableOperatingSystem` `RtlInitUnicodeString` `NtQueryTimerResolution` `RtlCompareUnicodeString` `RtlNtStatusToDosErrorNoTeb` `NtQueryInformationToken` `NtOpenFile`
UxTheme.dll	`SetWindowTheme` `GetThemeInt` `GetThemeColor` `CloseThemeData` `EndPanningFeedback` `BeginPanningFeedback` `UpdatePanningFeedback` `OpenThemeData`
SHLWAPI.dll	`StrStrW` `#629` `#437` `PathIsNetworkPathW` `AssocQueryStringW` `#16` `#176` `StrTrimW` `StrRetToBufW` `#278` `SHCreateStreamOnFileEx` `PathRemoveArgsW` `StrRChrIW` `#219` `#199` `#548` `StrToIntExW` `SHCreateStreamOnFileW` `#618` `StrStrIW`
SHELL32.dll	`#2` `#4` `SHGetSpecialFolderPathW` `SHGetPropertyStoreForWindow` `Shell_NotifyIconW` `SHBindToParent` `#61` `SHGetKnownFolderIDList` `SHOpenFolderAndSelectItems` `SHParseDisplayName` `#75` `ShellExecuteExW` `ShellExecuteW` `SHEvaluateSystemCommandTemplate` `CommandLineToArgvW` `Shell_GetCachedImageIndexW` `SHGetKnownFolderItem` `#155` `DuplicateIcon` `#727`
credui.dll	`CredUIPromptForCredentialsW`
GDI32.dll	`GetDeviceCaps` `SelectObject` `GetTextExtentPointW` `DeleteObject` `CreatePen` `MoveToEx` `LineTo` `Rectangle` `D3DKMTCloseAdapter` `D3DKMTOpenAdapterFromLuid` `D3DKMTQueryAdapterInfo` `CreateDIBSection`
USER32.dll	`GetKeyState` `GetSystemMetrics` `KillTimer` `PostQuitMessage` `DestroyWindow` `IsWindowEnabled` `OpenIcon` `SetFocus` `IsWindow` `GetFocus` `PostMessageW` `DefWindowProcW` `IsIconic` `SetTimer` `SendMessageW` `LoadIconW` `GetClientRect` `UpdateWindow` `ShowWindow` `SetMenu` `GetMenu` `ChangeWindowMessageFilterEx` `SetForegroundWindow` `CreateWindowInBand` `RegisterClassExW` `CheckMenuRadioItem` `GetSubMenu` `GetParent` `GetMenuItemCount` `CheckMenuItem` `EnableMenuItem` `DeleteMenu` `SetWindowPos` `GetMonitorInfoW` `MonitorFromPoint` `GetWindowRect` `DispatchMessageW` `TranslateMessage` `TranslateAcceleratorW` `GetWindowLongW` `LoadAcceleratorsW` `MessageBoxW` `SendMessageTimeoutW` `AllowSetForegroundWindow` `GetWindowThreadProcessId` `FindWindowW` `ShowWindowAsync` `GetLastActivePopup` `MessageBeep` `SwitchToThisWindow` `DialogBoxParamW` `SetDlgItemTextW` `EndDialog` `GetDlgItemTextW` `GetWindowTextW` `GetDlgItem` `EnableWindow` `GetWindowTextLengthW` `CreateDialogParamW` `TrackPopupMenu` `LoadImageW` `GetCurrentInputMessageSource` `GetDoubleClickTime` `#2521` `MapWindowPoints` `PtInRect` `GetScrollPos` `RegisterWindowMessageW` `GetMessagePos` `OpenClipboard` `EmptyClipboard` `SetClipboardData` `CloseClipboard` `InvalidateRect` `LoadMenuW` `SetWindowTextW` `AppendMenuW` `GetMenuItemInfoW` `GetMenuState` `SetMenuDefaultItem` `GetSysColor` `DestroyIcon` `GetDC` `ReleaseDC` `IsZoomed` `EqualRect` `CopyRect` `SystemParametersInfoW` `SetGestureConfig` `GetGestureInfo` `CloseGestureInfoHandle` `CreateWindowExW` `GetCursorPos` `SetWindowLongW` `RedrawWindow` `RemoveMenu` `TrackPopupMenuEx` `DestroyMenu` `CreatePopupMenu` `InsertMenuW` `GetMessageW` `GetForegroundWindow` `#2569` `#2573` `GetWindowCompositionAttribute` `#2574` `GetWindowBand` `InternalGetWindowText` `GetPropW` `UnregisterDeviceNotification` `RegisterDeviceNotificationW` `GetGuiResources` `AreDpiAwarenessContextsEqual` `MsgWaitForMultipleObjectsEx` `PeekMessageW` `CopyIcon` `UnregisterClassW` `GetClassNameW` `GetClassLongW` `GetWindow` `IsWindowVisible` `GhostWindowFromHungWindow` `IsHungAppWindow` `HungWindowFromGhostWindow` `OpenDesktopW` `GetThreadDesktop` `SetThreadDesktop` `EnumDesktopWindows` `CloseDesktop` `EnumDesktopsW` `GetProcessWindowStation` `GetDpiAwarenessContextForProcess` `GetMenuItemID`
DUser.dll	`SetGadgetStyle` `ForwardGadgetMessage` `GetGadgetRect`
DUI70.dll	`?HasChildren@Element@DirectUI@@QAE_NXZ` `??0IProvider@DirectUI@@QAE@XZ` `?AdviseEventRemoved@ElementProvider@DirectUI@@UAGJHPAUtagSAFEARRAY@@@Z` `?AdviseEventAdded@ElementProvider@DirectUI@@UAGJHPAUtagSAFEARRAY@@@Z` `?get_FragmentRoot@ElementProvider@DirectUI@@UAGJPAPAUIRawElementProviderFragmentRoot@@@Z` `?SetFocus@ElementProvider@DirectUI@@UAGJXZ` `?GetEmbeddedFragmentRoots@ElementProvider@DirectUI@@UAGJPAPAUtagSAFEARRAY@@@Z` `?get_BoundingRectangle@ElementProvider@DirectUI@@UAGJPAUUiaRect@@@Z` `?GetRuntimeId@ElementProvider@DirectUI@@UAGJPAPAUtagSAFEARRAY@@@Z` `?Navigate@ElementProvider@DirectUI@@UAGJW4NavigateDirection@@PAPAUIRawElementProviderFragment@@@Z` `?ShowContextMenu@ElementProvider@DirectUI@@UAGJXZ` `?get_HostRawElementProvider@ElementProvider@DirectUI@@UAGJPAPAUIRawElementProviderSimple@@@Z` `?GetPropertyValue@ElementProvider@DirectUI@@UAGJHPAUtagVARIANT@@@Z` `?get_ProviderOptions@ElementProvider@DirectUI@@UAGJPAW4ProviderOptions@@@Z` `?TossElement@ElementProvider@DirectUI@@UAEXXZ` `?QueryInterface@ElementProvider@DirectUI@@UAGJABU_GUID@@PAPAX@Z` `?Create@ElementProvider@DirectUI@@SGJPAVElement@2@PAVInvokeHelper@2@PAPAV12@@Z` `?Create@HWNDElementProvider@DirectUI@@SGJPAVHWNDElement@2@PAVInvokeHelper@2@PAPAV12@@Z` `?Find@ElementProviderManager@DirectUI@@SGPAVElementProvider@2@PAVElement@2@@Z` `??1ElementProvider@DirectUI@@UAE@XZ` `??0RefcountBase@DirectUI@@QAE@XZ` `??0ElementProvider@DirectUI@@QAE@XZ` `??0ProviderProxy@DirectUI@@IAE@XZ` `??0ElementProxy@DirectUI@@IAE@XZ` `?GetInvokeHelper@InvokeManager@DirectUI@@SGJPAPAVInvokeHelper@2@@Z` `?Init@ProviderProxy@DirectUI@@MAEXPAVElement@2@@Z` `?CreatePatternProvider@Schema@DirectUI@@SGJW4Pattern@12@PAVElementProvider@2@PAPAUIUnknown@@@Z` `?IsPatternSupported@ElementProxy@DirectUI@@IAEJW4Pattern@Schema@2@PA_N@Z` `?AddRef@RefcountBase@DirectUI@@QAEJXZ` `?Release@RefcountBase@DirectUI@@QAEJXZ` `?AddRef@ElementProvider@DirectUI@@UAGKXZ` `?TossPatternProvider@ElementProvider@DirectUI@@QAEXW4Pattern@Schema@2@@Z` `??1RefcountBase@DirectUI@@UAE@XZ` `?DoInvokeArgs@ElementProvider@DirectUI@@QAEJHP6GPAVProviderProxy@2@PAVElement@2@@ZPAD@Z` `?GetElement@ElementProvider@DirectUI@@UAEPDVElement@2@XZ` `?Init@ElementProxy@DirectUI@@MAEXPAVElement@2@@Z` `?DoMethod@ElementProxy@DirectUI@@UAEJHPAD@Z` `?GetProperty@ElementProxy@DirectUI@@IAEJPAUtagVARIANT@@H@Z` `?Release@ElementProvider@DirectUI@@UAGKXZ` `?Init@ElementProvider@DirectUI@@MAEJPAVElement@2@PAVInvokeHelper@2@@Z` `??1AutoLock@DirectUI@@QAE@XZ` `??0AutoLock@DirectUI@@QAE@PAU_RTL_CRITICAL_SECTION@@@Z` `?DoInvoke@ElementProvider@DirectUI@@IAAJHZZ` `?PatternFromPatternId@Schema@DirectUI@@SG?AW4Pattern@12@H@Z` `?DataGridControlType@Schema@DirectUI@@2HA` `?SelectionPattern@Schema@DirectUI@@2HA` `?TablePattern@Schema@DirectUI@@2HA` `?InvokePattern@Schema@DirectUI@@2HA` `?TableItemPattern@Schema@DirectUI@@2HA` `?IsControlElementProperty@Schema@DirectUI@@2HA` `?IsContentElementProperty@Schema@DirectUI@@2HA` `?TreeItemControlType@Schema@DirectUI@@2HA` `?ListItemControlType@Schema@DirectUI@@2HA` `?ControlTypeProperty@Schema@DirectUI@@2HA` `?GridPattern@Schema@DirectUI@@2HA` `?SelectionItemPattern@Schema@DirectUI@@2HA` `?ExpandCollapsePattern@Schema@DirectUI@@2HA` `?GridItemPattern@Schema@DirectUI@@2HA` `?UiaRaiseAutomationPropertyChangedEvent@Schema@DirectUI@@2P6GJPAUIRawElementProviderSimple@@HUtagVARIANT@@1@ZA` `?GetAccessible@Element@DirectUI@@QAE_NXZ` `?WantPropertyEvent@EventManager@DirectUI@@SG_NH@Z` `?FWantAnyEvent@EventManager@DirectUI@@SG_NPAVElement@2@@Z` `?OnReceivedDialogFocus@Button@DirectUI@@UAE_NPAUIDialogElement@2@@Z` `?OnLostDialogFocus@Button@DirectUI@@UAE_NPAUIDialogElement@2@@Z` `?DefaultAction@Button@DirectUI@@UAEJXZ` `?OnInput@Button@DirectUI@@UAEXPAUInputEvent@2@@Z` `??1Button@DirectUI@@UAE@XZ` `??0Button@DirectUI@@QAE@XZ` `?GetClassInfoPtr@Button@DirectUI@@SGPAUIClassInfo@2@XZ` `?Register@Button@DirectUI@@SGJXZ` `?KeyFocusedProp@Element@DirectUI@@SGPBUPropertyInfo@2@XZ` `?OnPropertyChanged@Button@DirectUI@@UAEXPBUPropertyInfo@2@HPAVValue@2@1@Z` `?MouseWithinProp@Element@DirectUI@@SGPBUPropertyInfo@2@XZ` `?GetBackgroundColor@Element@DirectUI@@QAEPBUFill@2@PAPAVValue@2@@Z` `?Initialize@Button@DirectUI@@QAEJIPAVElement@2@PAK@Z` `?SetFontStyle@Element@DirectUI@@QAEJH@Z` `?SetFontWeight@Element@DirectUI@@QAEJH@Z` `?GetFontStyle@Element@DirectUI@@QAEHXZ` `?GetMouseWithin@Element@DirectUI@@QAE_NXZ` `?SetActive@Element@DirectUI@@QAEJH@Z` `?SetID@Element@DirectUI@@QAEJPBG@Z` `?SetPressed@Button@DirectUI@@QAEJ_N@Z` `?GetBoolFalse@Value@DirectUI@@SGPAV12@XZ` `?SetBorderThickness@Element@DirectUI@@QAEJHHHH@Z` `?GetContentString@Element@DirectUI@@QAEPBGPAPAVValue@2@@Z` `?SetAnimation@Element@DirectUI@@QAEJH@Z` `?HeightProp@Element@DirectUI@@SGPBUPropertyInfo@2@XZ` `?LayoutPosProp@Element@DirectUI@@SGPBUPropertyInfo@2@XZ` `?RemoveLocalValue@Element@DirectUI@@QAEJP6GPBUPropertyInfo@2@XZ@Z` `?HasPadding@Element@DirectUI@@QAE_NXZ` `?SetBorderColor@Element@DirectUI@@QAEJK@Z` `?HasBorder@Element@DirectUI@@QAE_NXZ` `?GetType@Value@DirectUI@@QBEHXZ` `?CustomProp@Element@DirectUI@@SGPBUPropertyInfo@2@XZ` `?GetValue@Element@DirectUI@@QAEPAVValue@2@P6GPBUPropertyInfo@2@XZHPAUUpdateCache@2@@Z` `?SetClass@Element@DirectUI@@QAEJPBG@Z` `?CreateInt@Value@DirectUI@@SGPAV12@HW4DynamicScaleValue@@@Z` `?IsDestroyed@Element@DirectUI@@QAE_NXZ` `?OnNotify@HWNDHost@DirectUI@@UAE_NIIJPAJ@Z` `?OnPropertyChanged@HWNDHost@DirectUI@@UAEXPBUPropertyInfo@2@HPAVValue@2@1@Z` `?GetClassInfoPtr@HWNDHost@DirectUI@@SGPAUIClassInfo@2@XZ` `?Register@HWNDHost@DirectUI@@SGJXZ` `?OnInput@HWNDHost@DirectUI@@UAEXPAUInputEvent@2@@Z` `?Release@Element@DirectUI@@QAGKXZ` `?Initialize@HWNDHost@DirectUI@@QAEJIIPAVElement@2@PAK@Z` `??1HWNDHost@DirectUI@@UAE@XZ` `??0HWNDHost@DirectUI@@QAE@XZ` `?GetEnabled@Element@DirectUI@@QAE_NXZ` `?SetAccName@Element@DirectUI@@QAEJPBG@Z` `?GetDPI@Element@DirectUI@@QAEHXZ` `?SetEnabled@Element@DirectUI@@QAEJ_N@Z` `?UpdateSheets@DUIXmlParser@DirectUI@@QAEJPAVElement@2@@Z` `?SetMinSize@Element@DirectUI@@QAEJHH@Z` `?IsDescendent@Element@DirectUI@@QAE_NPAV12@@Z` `?Add@Element@DirectUI@@QAEJPAV12@@Z` `?SetAccDesc@Element@DirectUI@@QAEJPBG@Z` `?SetTooltip@Element@DirectUI@@QAEJ_N@Z` `?GetLocation@Element@DirectUI@@QAEPBUtagPOINT@@PAPAVValue@2@@Z` `?SetX@Element@DirectUI@@QAEJH@Z` `?GetPadding@Element@DirectUI@@QAEPBUtagRECT@@PAPAVValue@2@@Z` `?GetBorderThickness@Element@DirectUI@@QAEPBUtagRECT@@PAPAVValue@2@@Z` `?SetContentAlign@Element@DirectUI@@QAEJH@Z` `?ContentProp@Element@DirectUI@@SGPBUPropertyInfo@2@XZ` `?SetValue@Element@DirectUI@@QAEJP6GPBUPropertyInfo@2@XZHPAVValue@2@@Z` `?CreateGraphic@Value@DirectUI@@SGPAV12@PAUHICON__@@_N11@Z` `??1CCListView@DirectUI@@UAE@XZ` `?PostCreate@CCBase@DirectUI@@MAEXPAUHWND__@@@Z` `?OnReceivedDialogFocus@CCBase@DirectUI@@UAE_NPAUIDialogElement@2@@Z` `?OnLostDialogFocus@CCBase@DirectUI@@UAE_NPAUIDialogElement@2@@Z` `?OnCustomDraw@CCBase@DirectUI@@UAE_NPAUtagNMCUSTOMDRAWINFO@@PAJ@Z` `?EraseBkgnd@HWNDHost@DirectUI@@MAE_NPAUHDC__@@PAJ@Z` `?SetWindowDirection@HWNDHost@DirectUI@@UAEXPAUHWND__@@@Z` `?OnWindowStyleChanged@HWNDHost@DirectUI@@UAEXIPBUtagSTYLESTRUCT@@@Z` `?OnCtrlThemeChanged@HWNDHost@DirectUI@@UAE_NIIJPAJ@Z` `?OnSinkThemeChanged@HWNDHost@DirectUI@@UAE_NIIJPAJ@Z` `?OnSysChar@HWNDHost@DirectUI@@UAE_NG@Z` `?DefaultAction@CCBase@DirectUI@@UAEJXZ` `?GetAccessibleImpl@HWNDHost@DirectUI@@UAEJPAPAUIAccessible@@@Z` `?GetKeyFocused@HWNDHost@DirectUI@@UAE_NXZ` `?OnUnHosted@HWNDHost@DirectUI@@MAEXPAVElement@2@@Z` `?OnHosted@HWNDHost@DirectUI@@MAEXPAVElement@2@@Z` `?MessageCallback@HWNDHost@DirectUI@@UAEIPAUtagGMSG@@@Z` `?GetContentSize@CCListView@DirectUI@@UAE?AUtagSIZE@@HHPAVSurface@2@@Z` `?Paint@HWNDHost@DirectUI@@UAEXPAUHDC__@@PBUtagRECT@@1PAU4@2@Z` `?OnEvent@HWNDHost@DirectUI@@UAEXPAUEvent@2@@Z` `?OnDestroy@HWNDHost@DirectUI@@UAEXXZ` `?OnPropertyChanged@CCBase@DirectUI@@UAEXPBUPropertyInfo@2@HPAVValue@2@1@Z` `?GetClassInfoPtr@CCListView@DirectUI@@SGPAUIClassInfo@2@XZ` `?Register@CCListView@DirectUI@@SGJXZ` `?OnInput@CCBase@DirectUI@@UAEXPAUInputEvent@2@@Z` `?SetKeyFocus@HWNDHost@DirectUI@@UAEXXZ` `?OnNotify@CCBase@DirectUI@@UAE_NIIJPAJ@Z` `?OnMessage@HWNDHost@DirectUI@@UAE_NIIJPAJ@Z` `?GetRootRelativeBounds@Element@DirectUI@@QAEJPAUtagRECT@@@Z` `?OnAdjustWindowSize@HWNDHost@DirectUI@@UAEHHHI@Z` `?GetHWND@HWNDHost@DirectUI@@UAEPAUHWND__@@XZ` `?SetWinStyle@CCBase@DirectUI@@QAEJH@Z` `?Initialize@CCListView@DirectUI@@QAEJIPAVElement@2@PAK@Z` `?CreateHWND@CCBase@DirectUI@@UAEPAUHWND__@@PAU3@@Z` `??0CCListView@DirectUI@@QAE@XZ` `??0ScrollViewer@DirectUI@@QAE@XZ` `??1ScrollViewer@DirectUI@@UAE@XZ` `?OnPropertyChanging@BaseScrollViewer@DirectUI@@UAE_NPBUPropertyInfo@2@HPAVValue@2@1@Z` `?OnPropertyChanged@ScrollViewer@DirectUI@@UAEXPBUPropertyInfo@2@HPAVValue@2@1@Z` `?OnInput@BaseScrollViewer@DirectUI@@UAEXPAUInputEvent@2@@Z` `?OnEvent@BaseScrollViewer@DirectUI@@UAEXPAUEvent@2@@Z` `?Add@BaseScrollViewer@DirectUI@@UAEJPAPAVElement@2@I@Z` `?CreateScrollBars@ScrollViewer@DirectUI@@MAEJXZ` `?AddChildren@ScrollViewer@DirectUI@@MAEJXZ` `?OnListenerAttach@BaseScrollViewer@DirectUI@@UAEXPAVElement@2@@Z` `?OnListenerDetach@BaseScrollViewer@DirectUI@@UAEXPAVElement@2@@Z` `?OnListenedPropertyChanging@BaseScrollViewer@DirectUI@@UAE_NPAVElement@2@PBUPropertyInfo@2@HPAVValue@2@2@Z` `?OnListenedPropertyChanged@ScrollViewer@DirectUI@@UAEXPAVElement@2@PBUPropertyInfo@2@HPAVValue@2@2@Z` `?OnListenedInput@BaseScrollViewer@DirectUI@@UAEXPAVElement@2@PAUInputEvent@2@@Z` `?OnListenedEvent@BaseScrollViewer@DirectUI@@UAEXPAVElement@2@PAUEvent@2@@Z` `?GetClassInfoPtr@Expando@DirectUI@@SGPAUIClassInfo@2@XZ` `?GetClassInfoPtr@ScrollViewer@DirectUI@@SGPAUIClassInfo@2@XZ` `?Create@GridLayout@DirectUI@@SGJHHPAPAVLayout@2@@Z` `??0Element@DirectUI@@QAE@XZ` `?_PostEvent@Element@DirectUI@@AAEXPAUEvent@2@H@Z` `?Register@Element@DirectUI@@SGJXZ` `?Register@ScrollViewer@DirectUI@@SGJXZ` `?GetHScroll@ScrollViewer@DirectUI@@MAEPAVBaseScrollBar@2@XZ` `?GetVScroll@ScrollViewer@DirectUI@@MAEPAVBaseScrollBar@2@XZ` `?SetXScrollable@BaseScrollViewer@DirectUI@@QAEJ_N@Z` `?SetPadding@Element@DirectUI@@QAEJHHHH@Z` `?SetXOffset@BaseScrollViewer@DirectUI@@QAEJH@Z` `?XOffsetProp@BaseScrollViewer@DirectUI@@SGPBUPropertyInfo@2@XZ` `?ShiftChild@Element@DirectUI@@QAEJII@Z` `?SetForegroundColor@Element@DirectUI@@QAEJK@Z` `?SetBackgroundColor@Element@DirectUI@@QAEJK@Z` `?GetSelected@Element@DirectUI@@QAE_NXZ` `?GetVisible@Element@DirectUI@@QAE_NXZ` `?Initialize@Element@DirectUI@@QAEJIPAV12@PAK@Z` `?SetHeight@Element@DirectUI@@QAEJH@Z` `?Insert@Element@DirectUI@@QAEJPAV12@I@Z` `?GetSize@Value@DirectUI@@QAEPBUtagSIZE@@XZ` `?ExtentProp@Element@DirectUI@@SGPBUPropertyInfo@2@XZ` `?OnInput@Element@DirectUI@@UAEXPAUInputEvent@2@@Z` `?GetDesiredSize@Element@DirectUI@@QAEPBUtagSIZE@@XZ` `?GetInt@Value@DirectUI@@QAEHXZ` `?GetWidth@Element@DirectUI@@QAEHXZ` `??1DCSurface@DirectUI@@UAE@XZ` `??0DCSurface@DirectUI@@QAE@PAUHDC__@@@Z` `?SetValue@Element@DirectUI@@QAEJPBUPropertyInfo@2@HPAVValue@2@@Z` `?SetAccValue@Element@DirectUI@@QAEJPBG@Z` `?SetWidth@Element@DirectUI@@QAEJH@Z` `?RemoveListener@Element@DirectUI@@QAEXPAUIElementListener@2@@Z` `?SetContentString@Element@DirectUI@@QAEJPBG@Z` `?GetDisplayNode@Element@DirectUI@@QAEPAUHGADGET__@@XZ` `?Init@NavReference@DirectUI@@QAEXPAVElement@2@PAUtagRECT@@@Z` `?GetKeyWithin@Element@DirectUI@@QAE_NXZ` `?OnEvent@Element@DirectUI@@UAEXPAUEvent@2@@Z` `?Remove@Element@DirectUI@@QAEJPAV12@@Z` `?AddListener@Element@DirectUI@@QAEJPAUIElementListener@2@@Z` `??1Element@DirectUI@@UAE@XZ` `?OnPropertyChanged@Element@DirectUI@@UAEXPBUPropertyInfo@2@HPAVValue@2@1@Z` `?OnGroupChanged@Element@DirectUI@@UAEXH_N@Z` `?OnDestroy@Element@DirectUI@@UAEXXZ` `?UpdateTooltip@Element@DirectUI@@MAEXPAV12@@Z` `?ActivateTooltip@Element@DirectUI@@MAEXPAV12@K@Z` `?RemoveTooltip@Element@DirectUI@@MAEXPAV12@@Z` `?GetAccessibleImpl@Element@DirectUI@@UAEJPAPAUIAccessible@@@Z` `?ExpandCollapse_ExpandCollapseState_Property@Schema@DirectUI@@2HA` `?SetSelected@Element@DirectUI@@QAEJ_N@Z` `?CreateBool@Value@DirectUI@@SGPAV12@_N@Z` `?SetExpanded@Expandable@DirectUI@@QAEJ_N@Z` `?GetExpanded@Expandable@DirectUI@@QAE_NXZ` `?SortChildren@Element@DirectUI@@QAEJP6AHPBX0@Z@Z` `?GetBool@Value@DirectUI@@QAE_NXZ` `?GetValue@Element@DirectUI@@QAEPAVValue@2@PBUPropertyInfo@2@HPAUUpdateCache@2@@Z` `?GetChildren@Element@DirectUI@@QAEPAV?$DynamicArray@PAVElement@DirectUI@@$0A@@2@PAPAVValue@2@@Z` `?GetClassInfoPtr@Element@DirectUI@@SGPAUIClassInfo@2@XZ` `?GetParent@Element@DirectUI@@QAEPAV12@XZ` `?GetClass@Element@DirectUI@@QAEPBGPAPAVValue@2@@Z` `?GetIndex@Element@DirectUI@@QAEHXZ` `?AssertPIZeroRef@ClassInfoBase@DirectUI@@UBEXXZ` `?GetChildren@ClassInfoBase@DirectUI@@UBEHXZ` `?RemoveChild@ClassInfoBase@DirectUI@@UAEXXZ` `?AddChild@ClassInfoBase@DirectUI@@UAEXXZ` `?IsGlobal@ClassInfoBase@DirectUI@@UBE_NXZ` `?GetModule@ClassInfoBase@DirectUI@@UBEPAUHINSTANCE__@@XZ` `?IsSubclassOf@ClassInfoBase@DirectUI@@UBE_NPAUIClassInfo@2@@Z` `?IsValidProperty@ClassInfoBase@DirectUI@@UBE_NPBUPropertyInfo@2@@Z` `?GetName@ClassInfoBase@DirectUI@@UBEPBGXZ` `?GetGlobalIndex@ClassInfoBase@DirectUI@@UBEIXZ` `?GetPICount@ClassInfoBase@DirectUI@@UBEIXZ` `?GetByClassIndex@ClassInfoBase@DirectUI@@UAEPBUPropertyInfo@2@I@Z` `?EnumPropertyInfo@ClassInfoBase@DirectUI@@UAEPBUPropertyInfo@2@I@Z` `?Release@ClassInfoBase@DirectUI@@UAEHXZ` `?AddRef@ClassInfoBase@DirectUI@@UAEXXZ` `?_OnUIStateChanged@HWNDElement@DirectUI@@MAEXGG@Z` `?GetWindowClassNameAndStyle@HWNDElement@DirectUI@@UAEXPAPBGPAI@Z` `?IsMSAAEnabled@HWNDElement@DirectUI@@UAE_NXZ` `?CanSetFocus@HWNDElement@DirectUI@@UAE_NXZ` `?OnCompositionChanged@HWNDElement@DirectUI@@UAEXXZ` `?OnWmSettingChanged@HWNDElement@DirectUI@@UAEXIJ@Z` `?OnWmThemeChanged@HWNDElement@DirectUI@@UAEXIJ@Z` `?OnGetDlgCode@HWNDElement@DirectUI@@UAEXPAUtagMSG@@PAJ@Z` `?OnNoChildWithShortcutFound@HWNDElement@DirectUI@@UAEXPAUKeyboardEvent@2@@Z` `?OnImmersiveColorSchemeChanged@HWNDElement@DirectUI@@UAEXXZ` `?GetUiaFocusDelegate@Element@DirectUI@@UAEPAV12@XZ` `?HandleUiaEventListener@Element@DirectUI@@UAEXPAUEvent@2@@Z` `?HandleUiaPropertyChangingListener@Element@DirectUI@@UAEXPBUPropertyInfo@2@@Z` `?HandleUiaPropertyListener@Element@DirectUI@@UAEXPBUPropertyInfo@2@HPAVValue@2@1@Z` `?HandleUiaDestroyListener@Element@DirectUI@@UAEXXZ` `?GetElementProviderImpl@Element@DirectUI@@UAEJPAVInvokeHelper@2@PAPAVElementProvider@2@@Z` `?GetUIAElementProvider@Element@DirectUI@@UAEJABU_GUID@@PAPAX@Z` `?DefaultAction@Element@DirectUI@@UAEJXZ` `?GetAccessibleImpl@HWNDElement@DirectUI@@UAEJPAPAUIAccessible@@@Z` `?GetKeyFocused@Element@DirectUI@@UAE_NXZ` `?RemoveTooltip@HWNDElement@DirectUI@@UAEXPAVElement@2@@Z` `?ActivateTooltip@HWNDElement@DirectUI@@UAEXPAVElement@2@K@Z` `?UpdateTooltip@HWNDElement@DirectUI@@UAEXPAVElement@2@@Z` `?OnUnHosted@Element@DirectUI@@MAEXPAV12@@Z` `?OnHosted@Element@DirectUI@@MAEXPAV12@@Z` `?_SelfLayoutUpdateDesiredSize@Element@DirectUI@@MAE?AUtagSIZE@@HHPAVSurface@2@@Z` `?_SelfLayoutDoLayout@Element@DirectUI@@MAEXHH@Z` `?GetImmersiveFocusRectOffsets@Element@DirectUI@@UAEXPAUtagRECT@@@Z` `?QueryInterface@Element@DirectUI@@UAGJABU_GUID@@PAPAX@Z` `?MessageCallback@Element@DirectUI@@UAEIPAUtagGMSG@@@Z` `?RemoveBehavior@Element@DirectUI@@UAEJPAUIDuiBehavior@@@Z` `?AddBehavior@Element@DirectUI@@UAEJPAUIDuiBehavior@@@Z` `?SetKeyFocus@Element@DirectUI@@UAEXXZ` `?EnsureVisible@Element@DirectUI@@UAE_NHHHH@Z` `?GetAdjacent@Element@DirectUI@@UAEPAV12@PAV12@HPBUNavReference@2@K@Z` `?Remove@Element@DirectUI@@UAEJPAPAV12@I@Z` `?Insert@Element@DirectUI@@UAEJPAPAV12@II@Z` `?Add@Element@DirectUI@@UAEJPAPAV12@I@Z` `?GetContentSize@Element@DirectUI@@UAE?AUtagSIZE@@HHPAVSurface@2@@Z` `?Paint@Element@DirectUI@@UAEXPAUHDC__@@PBUtagRECT@@1PAU4@2@Z` `?OnMouseFocusMoved@Element@DirectUI@@UAEXPAV12@0@Z` `?OnKeyFocusMoved@Element@DirectUI@@UAEXPAV12@0@Z` `?OnGroupChanged@HWNDElement@DirectUI@@UAEXH_N@Z` `?OnPropertyChanged@Element@DirectUI@@UAEXPAUPropertyInfo@2@HPAVValue@2@1@Z` `?OnPropertyChanged@HWNDElement@DirectUI@@UAEXPBUPropertyInfo@2@HPAVValue@2@1@Z` `?OnPropertyChanging@Element@DirectUI@@UAE_NPAUPropertyInfo@2@HPAVValue@2@1@Z` `?OnPropertyChanging@Element@DirectUI@@UAE_NPBUPropertyInfo@2@HPAVValue@2@1@Z` `?GetContentStringAsDisplayed@Element@DirectUI@@UAEPBGPAPAVValue@2@@Z` `?IsContentProtected@Element@DirectUI@@UAE_NXZ` `?IsRTL@Element@DirectUI@@QAE_NXZ` `?IsRTLReading@Element@DirectUI@@UAE_NXZ` `??1ClassInfoBase@DirectUI@@UAE@XZ` `??0ClassInfoBase@DirectUI@@QAE@XZ` `?GetClassInfoPtr@HWNDElement@DirectUI@@SGPAUIClassInfo@2@XZ` `?Initialize@ClassInfoBase@DirectUI@@QAEJPAUHINSTANCE__@@PBG_NPBQBUPropertyInfo@2@I@Z` `?Register@ClassInfoBase@DirectUI@@QAEJXZ` `?ClassExist@ClassInfoBase@DirectUI@@SG_NPAPAUIClassInfo@2@PBQBUPropertyInfo@2@IPAU32@PAUHINSTANCE__@@PBG_N@Z` `??1CritSecLock@DirectUI@@QAE@XZ` `?GetFactoryLock@Element@DirectUI@@SGPAU_RTL_CRITICAL_SECTION@@XZ` `??0CritSecLock@DirectUI@@QAE@PAU_RTL_CRITICAL_SECTION@@@Z` `?Register@HWNDElement@DirectUI@@SGJXZ` `?OnThemeChanged@HWNDElement@DirectUI@@UAEXPAUThemeChangedEvent@2@@Z` `?GetLayoutPos@Element@DirectUI@@QAEHXZ` `EnableAnimations` `?FireEvent@Element@DirectUI@@QAEXPAUEvent@2@_N1@Z` `?StartNavigate@Browser@DirectUI@@SG?AVUID@@XZ` `DisableAnimations` `?Destroy@DUIXmlParser@DirectUI@@QAEXXZ` `?SetXMLFromResource@DUIXmlParser@DirectUI@@QAEJIPAUHINSTANCE__@@0@Z` `?Create@DUIXmlParser@DirectUI@@SGJPAPAV12@P6GPAVValue@2@PBGPAX@Z2P6GX11H2@Z2@Z` `?CreateElement@DUIXmlParser@DirectUI@@QAEJPBGPAVElement@2@1PAKPAPAV32@@Z` `?ShowWindow@NativeHWNDHost@DirectUI@@QAEXH@Z` `?Host@NativeHWNDHost@DirectUI@@QAEXPAVElement@2@@Z` `?SetVisible@Element@DirectUI@@QAEJ_N@Z` `?SetAccRole@Element@DirectUI@@QAEJH@Z` `?SetAccessible@Element@DirectUI@@QAEJ_N@Z` `?Initialize@HWNDElement@DirectUI@@QAEJPAUHWND__@@_NIPAVElement@2@PAK@Z` `?GetHWND@NativeHWNDHost@DirectUI@@QAEPAUHWND__@@XZ` `?Create@NativeHWNDHost@DirectUI@@SGJPBGPAUHWND__@@PAUHICON__@@HHHHHHIPAPAV12@@Z` `?Destroy@Element@DirectUI@@QAEJ_N@Z` `?OnDestroy@HWNDElement@DirectUI@@UAEXXZ` `?OnEvent@HWNDElement@DirectUI@@UAEXPAUEvent@2@@Z` `?KeyboardNavigate@Element@DirectUI@@SG?AVUID@@XZ` `?GetID@Element@DirectUI@@QAEGXZ` `?Click@Button@DirectUI@@SG?AVUID@@XZ` `?GetExtent@Element@DirectUI@@QAEPBUtagSIZE@@PAPAVValue@2@@Z` `?Release@Value@DirectUI@@QAEXXZ` `?SetLayoutPos@Element@DirectUI@@QAEJH@Z` `?OnInput@HWNDElement@DirectUI@@UAEXPAUInputEvent@2@@Z` `?EndDefer@Element@DirectUI@@QAEXK@Z` `?StartDefer@Element@DirectUI@@QAEXPAK@Z` `?GetHWND@HWNDElement@DirectUI@@UAEPAUHWND__@@XZ` `StrToID` `?GetRoot@Element@DirectUI@@QAEPAV12@XZ` `?FindDescendent@Element@DirectUI@@QAEPAV12@G@Z` `?WndProc@HWNDElement@DirectUI@@UAEJPAUHWND__@@IIJ@Z` `?Destroy@NativeHWNDHost@DirectUI@@QAEXXZ` `??1HWNDElement@DirectUI@@UAE@XZ` `??0HWNDElement@DirectUI@@QAE@XZ` `?GetKeyFocusedElement@HWNDElement@DirectUI@@SGPAVElement@2@XZ` `UnInitProcessPriv` `UnInitThread` `InitThread` `InitProcessPriv` `?KeyWithinProp@Element@DirectUI@@SGPBUPropertyInfo@2@XZ` `?Initialize@BaseScrollViewer@DirectUI@@QAEJPAVElement@2@PAK@Z` `?Destroy@Layout@DirectUI@@QAEXXZ` `?SetLayout@Element@DirectUI@@QAEJPAVLayout@2@@Z`
VDMDBG.dll	`VDMTerminateTaskWOW` `VDMEnumProcessWOW` `VDMEnumTaskWOWEx`
api-ms-win-core-appcompat-l1-1-1.dll	`BaseReadAppCompatDataForProcess` `BaseFreeAppCompatDataForProcess`
pdh.dll	`PdhCloseQuery` `PdhCollectQueryData` `PdhGetRawCounterArrayW` `PdhAddCounterW` `PdhGetFormattedCounterArrayW` `PdhOpenQueryW`
dxcore.dll	`DXCoreCreateAdapterFactory`
dxgi.dll	`CreateDXGIFactory2` `DXGIDeclareAdapterRemovalSupport`
SETUPAPI.dll	`SetupDiGetDevicePropertyW` `SetupDiEnumDeviceInfo` `SetupDiGetClassDevsW`
d3d11.dll	`D3D11CreateDevice`
d3d12.dll	`#101`
KERNEL32.dll	`GetPackageFamilyName` `GetPackageFullName` `GetActiveProcessorGroupCount` `ParseApplicationUserModelId` `PackageFamilyNameFromFullName` `SetProcessWorkingSetSize` `GetNumberFormatW`
msvcp_win.dll	`?_Random_device@std@@YAIXZ` `?_Xlength_error@std@@YAXPBD@Z`
api-ms-win-eventing-classicprovider-l1-1-0.dll	`TraceMessage`
api-ms-win-core-delayload-l1-1-1.dll	`ResolveDelayLoadedAPI`
api-ms-win-core-delayload-l1-1-0.dll	`DelayLoadFailureHook`
api-ms-win-core-apiquery-l1-1-0.dll	`ApiSetQueryApiSetPresence`
api-ms-win-core-winrt-error-l1-1-1.dll	`RoOriginateLanguageException`
api-ms-win-core-com-l1-1-0.dll (delay-loaded)	`CoTaskMemRealloc` `CoGetApartmentType` `CoWaitForMultipleHandles` `CoCreateFreeThreadedMarshaler` `CoCancelCall` `CoInitializeEx` `CoEnableCallCancellation` `CoUninitialize` `CoCreateInstance` `StringFromCLSID` `CoDisableCallCancellation` `CoTaskMemFree` `CreateStreamOnHGlobal` `CoTaskMemAlloc` `GetHGlobalFromStream` `PropVariantClear`

Delayed Imports

Attributes	`0x1`
Name	`api-ms-win-core-com-l1-1-0.dll`
ModuleHandle	`0xd0dc8`
DelayImportAddressTable	`0xe10bc`
DelayImportNameTable	`0xc3400`
BoundDelayImportTable	`0xc3e1c`
UnloadDelayImportTable	`0`
TimeStamp	`1970-Jan-01 00:00:00`

1

Type	`MUI`
Language	English - United States
Codepage	UNKNOWN
Size	`0x118`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.90302`
MD5	`4c141483c33d211e62b8233bed9b0b27`
SHA1	`8082e286f6a3ac9ba76b795f2eba0bc3b899a881`
SHA256	`7932392a7b74128fc26647375f47978c264c86837b0c80265f69481c33a7f5a4`
SHA3	`ecc384004f0031754083aedf49a41abfe0cde4b167f37e34bb8025dce7eabde1`

1 (#2)

Type	`RT_VERSION`
Language	English - United States
Codepage	UNKNOWN
Size	`0x38c`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.42586`
MD5	`982d6e648114f0e7fef73656f4f5d7a8`
SHA1	`14b2d8691179b1f47e83922686ea9e60ca547e71`
SHA256	`c62858e25285f7f82481902961552aa29670fd17cf5d4dd6f899c002c7fdd401`
SHA3	`aa13e2b7ebf54d554bd714501b40c5c23793800cafa8cc531fd7b75c4b3d4f35`

1 (#3)

Type	`RT_MANIFEST`
Language	English - United States
Codepage	UNKNOWN
Size	`0x500`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.95959`
MD5	`52d86fe7ec163464dc419ebec906f1d3`
SHA1	`50f59f2ffeb2a0751cec157d73a1c9483a645952`
SHA256	`7332933c9dbec34244e40820330516c7394465603d0b3383dff6ee914a367d7d`
SHA3	`4025a3fc2f2cc9b39fe555946878d874cda36d803113c57bb34586ca86a06d91`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	10.0.19041.1
ProductVersion	10.0.19041.1
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT` `VOS_NT_WINDOWS32` `VOS_WINCE` `VOS__WINDOWS32`
FileType	`VFT_APP`
Language	English - United States
CompanyName	Microsoft Corporation
FileDescription	Task Manager
FileVersion (#2)	10.0.19041.1 (WinBuild.160101.0800)
InternalName	Task Manager
LegalCopyright	© Microsoft Corporation. All rights reserved.
OriginalFilename	Taskmgr.exe
ProductName	Microsoft® Windows® Operating System
ProductVersion (#2)	10.0.19041.1

Resource LangID	English - United States

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics	`0`
TimeDateStamp	2039-Dec-17 16:19:07
Version	`0.0`
SizeofData	`36`
AddressOfRawData	`0x1e4e0`
PointerToRawData	`0x1d8e0`
Referenced File	Taskmgr.pdb

IMAGE_DEBUG_TYPE_POGO

Characteristics	`0`
TimeDateStamp	2039-Dec-17 16:19:07
Version	`0.0`
SizeofData	`1592`
AddressOfRawData	`0x1e504`
PointerToRawData	`0x1d904`

UNKNOWN

Characteristics	`0`
TimeDateStamp	2039-Dec-17 16:19:07
Version	`0.0`
SizeofData	`36`
AddressOfRawData	`0x1eb3c`
PointerToRawData	`0x1df3c`

TLS Callbacks

StartAddressOfRawData	`0x4c0798`
EndAddressOfRawData	`0x4c07a0`
AddressOfIndex	`0x4d0e90`
AddressOfCallbacks	`0x40a490`
SizeOfZeroFill	`0`
Characteristics	`IMAGE_SCN_ALIGN_4BYTES`
Callbacks	`(EMPTY)`

Load Configuration

Size	`0xac`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x4cdd34`
SEHandlerTable	`0x418bd0`
SEHandlerCount	`159`
GuardCFCheckFunctionPointer	`5074788`
GuardCFDispatchFunctionPointer	`0`
GuardCFFunctionTable	`0`
GuardCFFunctionCount	`0`
GuardFlags	`(EMPTY)`
CodeIntegrity.Flags	`0`
CodeIntegrity.Catalog	`0`
CodeIntegrity.CatalogOffset	`0`
CodeIntegrity.Reserved	`0`
GuardAddressTakenIatEntryTable	`0`
GuardAddressTakenIatEntryCount	`0`
GuardLongJumpTargetTable	`0`
GuardLongJumpTargetCount	`0`

RICH Header

XOR Key	`0x11620785`
Unmarked objects	`0`
Imports (VS2008 SP1 build 30729)	`123`
ASM objects (27412)	`11`
C objects (27412)	`24`
Total imports	`2066`
Imports (27412)	`38`
269 (27412)	`87`
C++ objects (27412)	`38`
253 (27412)	`1`
Resource objects (27412)	`1`
Linker (27412)	`1`

Errors

[*] Warning: Section .imrsiv has a size of 0!