| File Path | Type and Hashes |
|---|---|
|
C:\Users\user\AppData\Local\Temp\{EBDCCEFC-D42B-4724-9037-FDC238639170}\1033.MST |
Type : Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.1, Code page: 1252, Title: Widgi Extension, Subject: Widgi Extension, Author: Spigot, Inc., Keywords: Installer,MSI,Database, Create Time/Date: Thu Mar 30 17:59:34 2017, Name of Creating Application: InstallShield: 2012 Spring - Premier Edition 19, Security: 1, Template: Intel;0,1033,1036,1031,1040,1034, Last Saved By: Intel;1033, Revision Number: {0392136B-5C78-488C-AC29-BECEE6424F05}27.3;{0392136B-5C78-488C-AC29-BECEE6424F05}27.3;{6EC9D506-51A2-4473-A84D-83B046A7F023}, Number of Pages: 200, Number of Characters: 1 MD5 : 65ec22db7d53e977b24d6ad6eb15cb17 SHA-1 : db9076eea73bbbcb6c4438d185420ab1410f8d5e SHA-256 : 1f293139c2cd781095e661156daf958e68bd71f21a633c03adc9ef9faa4c10c0 SHA-512 : f04e7fecef199e1523ece5de0d7f0cac1ceb724a755b48efddf02b5aeb0a36cb9a93e18ea207c084f3c56c76962fd2724f14011fe5513f09b2d2f7bf1706cc12 Size : 20.48 Kilobytes. |
|
C:\Users\user\AppData\Local\Temp\MSI928.tmp |
Type : PE32 executable (DLL) (GUI) Intel 80386, for MS Windows MD5 : edb88affffd67bca3523b41d3e2e4810 SHA-1 : 0055b93907665fed56d22a7614a581a87d060ead SHA-256 : 4c3d85e7c49928af0f43623dcbed474a157ef50af3cba40b7fd7ac3fe3df2f15 SHA-512 : 2b9d99c57bfa9ab00d8582d55b18c5bf155a4ac83cf4c92247be23c35be818b082b3d6fe38fa905d304d2d8b957f3db73428da88e46acc3a7e3fee99d05e4daf Size : 144.784 Kilobytes. |
|
C:\Users\user\AppData\Local\Temp\{EBDCCEFC-D42B-4724-9037-FDC238639170}\ytdExtension.msi |
Type : Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.1, Number of Characters: 0, Last Saved By: InstallShield, Number of Words: 0, Title: Widgi Extension, Keywords: Installer,MSI,Database, Subject: Widgi Extension, Author: Spigot, Inc., Security: 1, Number of Pages: 200, Name of Creating Application: InstallShieldo 2012 Spring - Premier Edition 19, Last Saved Time/Date: Thu Mar 30 17:59:34 2017, Create Time/Date: Thu Mar 30 17:59:34 2017, Last Printed: Thu Mar 30 17:59:34 2017, Revision Number: {6C7E5422-9A75-4E7A-9FAC-FA0C84F9F1FA}, Code page: 0, Template: Intel;0,1033,1036,1031,1040,1034 MD5 : 67b7dc64e9e758670ec0c27cb4063087 SHA-1 : 64d77a6e313bca3dc21fc76764daac98140bc5ae SHA-256 : c9ac663216c396155bf003920c77ee8cc16f22034f4773dec165fd6f1c3a4c26 SHA-512 : 3014f5c82f5524c04800cad99c155ecded31053bc95ddc6737166a20229f7866f802bdc6984e27922148eda41c2e735325859b0f347611df864de72057a10e84 Size : 4667.904 Kilobytes. |
|
C:\Users\user\AppData\Local\Temp\{EBDCCEFC-D42B-4724-9037-FDC238639170}\0x0407.ini |
Type : Little-endian UTF-16 Unicode text, with very long lines, with CRLF, CR line terminators MD5 : 9a62da6c523506355c1bf1b30db73edd SHA-1 : ee83114a7d4b995dd4ad7d1781ed66c4727cc121 SHA-256 : 8b5d7bc395d0d6980299702d0573c6019fefea92eb98701d1894a5623b2691a0 SHA-512 : be026517cea5613d834337d83324c383f40b449dd92f338d612048c424ab8bd88c17f766c7d1629a2205a8a068f6dcba1ce3536438018562490ebd7001efbee5 Size : 25.86 Kilobytes. |
|
C:\Users\user\AppData\Local\Temp\{EBDCCEFC-D42B-4724-9037-FDC238639170}\_ISMSIDEL.INI |
Type : Little-endian UTF-16 Unicode text, with CRLF, CR line terminators MD5 : 87bda340f98be32003b45feb20dde3ec SHA-1 : 099a56ef53f649279130dbdbf99f22cc49b99896 SHA-256 : b195de8cdbae3fad70aedc265379340e672f77e4e4c949aa40f8d2d04266bbf8 SHA-512 : 52b96268d98d2eee12dec6ed389942b10143418b1e52fcba5e208b0176970dae7b0d14a7c1f0665095cc551c257143af7d3f59e0f20c4dc1560b3b0f39c87ab6 Size : 1.552 Kilobytes. |
|
C:\Users\user\AppData\Local\Temp\{EBDCCEFC-D42B-4724-9037-FDC238639170}\0x040a.ini |
Type : Little-endian UTF-16 Unicode text, with very long lines, with CRLF, CR line terminators MD5 : e872c54c58eef055bc791d3eead093c3 SHA-1 : fc7ba9cef237686c06dd63fd2ccbfe037518e378 SHA-256 : 1739d42ed181f36ab4f524c01b57a4102c2f7510661d973a1077a4e88ac34b97 SHA-512 : e8512974d4851b7fb504292f3330d318f72c2646ec3db2c54ed7938eb73249ec1ce867916d15c6a36b3feb39f0fe98dd1781e5ec938bb2427059b4ee2dc00e1d Size : 25.14 Kilobytes. |
|
C:\Users\user\AppData\Local\Temp\{EBDCCEFC-D42B-4724-9037-FDC238639170}\0x0409.ini |
Type : Little-endian UTF-16 Unicode text, with very long lines, with CRLF, CR line terminators MD5 : be345d0260ae12c5f2f337b17e07c217 SHA-1 : 0976ba0982fe34f1c35a0974f6178e15c238ed7b SHA-256 : e994689a13b9448c074f9b471edeec9b524890a0d82925e98ab90b658016d8f3 SHA-512 : 77040dbee29be6b136a83b9e444d8b4f71ff739f7157e451778fb4fccb939a67ff881a70483de16bcb6ae1fea64a89e00711a33ec26f4d3eea8e16c9e9553eff Size : 22.492 Kilobytes. |
|
C:\Users\user\AppData\Local\Temp\MSI644a7.LOG |
Type : data MD5 : 252902c626a03c4c476686b43c33d754 SHA-1 : 4ff9ae90e7c68f1ac29a5de8f22ec5e4d44ad3e3 SHA-256 : 4e0493dc1efb69eb5fc359808b7fd3f03aad9d1ac96de6cf0864b880bfcf7be0 SHA-512 : 4c4ffacd45dbd282672ae32b88a3b6997c4ef5a0930643b798b57a56f0d297952c5ab881e7cc4959b04386156ddbdeffedb374320df614fab18f006dea379ae2 Size : 340.024 Kilobytes. |
|
C:\Users\user\AppData\Local\Temp\MSI9C5.tmp C:\Users\user\AppData\Local\Temp\MSIA34.tmp C:\Users\user\AppData\Local\Temp\MSIA64.tmp C:\Users\user\AppData\Local\Temp\MSI109E.tmp C:\Users\user\AppData\Local\Temp\MSI21A7.tmp C:\Users\user\AppData\Local\Temp\MSI2BAA.tmp C:\Users\user\AppData\Local\Temp\MSI35FC.tmp C:\Users\user\AppData\Local\Temp\MSI3F15.tmp C:\Users\user\AppData\Local\Temp\MSI47B1.tmp C:\Users\user\AppData\Local\Temp\MSI505D.tmp C:\Users\user\AppData\Local\Temp\MSI5A80.tmp C:\Users\user\AppData\Local\Temp\MSI64F0.tmp C:\Users\user\AppData\Local\Temp\MSI6E48.tmp C:\Users\user\AppData\Local\Temp\MSI7658.tmp C:\Users\user\AppData\Local\Temp\MSI7E86.tmp C:\Users\user\AppData\Local\Temp\MSI8722.tmp C:\Users\user\AppData\Local\Temp\MSI8F51.tmp C:\Users\user\AppData\Local\Temp\MSI9770.tmp C:\Users\user\AppData\Local\Temp\MSI9F80.tmp C:\Users\user\AppData\Local\Temp\MSIA80C.tmp C:\Users\user\AppData\Local\Temp\MSIB02B.tmp C:\Users\user\AppData\Local\Temp\MSIB83B.tmp C:\Users\user\AppData\Local\Temp\MSIC04A.tmp C:\Users\user\AppData\Local\Temp\MSIC86A.tmp C:\Users\user\AppData\Local\Temp\MSID079.tmp C:\Users\user\AppData\Local\Temp\MSID889.tmp C:\Users\user\AppData\Local\Temp\MSIE0A8.tmp C:\Users\user\AppData\Local\Temp\MSIE8B7.tmp C:\Users\user\AppData\Local\Temp\MSIF0C7.tmp C:\Users\user\AppData\Local\Temp\MSIF972.tmp C:\Users\user\AppData\Local\Temp\MSI21E.tmp C:\Users\user\AppData\Local\Temp\MSIC02.tmp C:\Users\user\AppData\Local\Temp\MSI1625.tmp C:\Users\user\AppData\Local\Temp\MSI1F9C.tmp C:\Users\user\AppData\Local\Temp\MSI27BB.tmp C:\Users\user\AppData\Local\Temp\MSI2FCB.tmp C:\Users\user\AppData\Local\Temp\MSI37DA.tmp C:\Users\user\AppData\Local\Temp\MSI3FEA.tmp C:\Users\user\AppData\Local\Temp\MSI48B5.tmp C:\Users\user\AppData\Local\Temp\MSI50C4.tmp C:\Users\user\AppData\Local\Temp\MSI5970.tmp C:\Users\user\AppData\Local\Temp\MSI623B.tmp C:\Users\user\AppData\Local\Temp\MSI6AE7.tmp C:\Users\user\AppData\Local\Temp\MSI7306.tmp C:\Users\user\AppData\Local\Temp\MSI7B25.tmp C:\Users\user\AppData\Local\Temp\MSI8400.tmp C:\Users\user\AppData\Local\Temp\MSI8C1F.tmp C:\Users\user\AppData\Local\Temp\MSI94CA.tmp C:\Users\user\AppData\Local\Temp\MSI9D95.tmp C:\Users\user\AppData\Local\Temp\MSIA651.tmp C:\Users\user\AppData\Local\Temp\MSIAE60.tmp C:\Users\user\AppData\Local\Temp\MSIB670.tmp C:\Users\user\AppData\Local\Temp\MSIBF2B.tmp C:\Users\user\AppData\Local\Temp\MSIC74A.tmp C:\Users\user\AppData\Local\Temp\MSID006.tmp C:\Users\user\AppData\Local\Temp\MSID825.tmp C:\Users\user\AppData\Local\Temp\MSIE0FF.tmp C:\Users\user\AppData\Local\Temp\MSIE9DA.tmp C:\Users\user\AppData\Local\Temp\MSIF1EA.tmp C:\Users\user\AppData\Local\Temp\MSIFA09.tmp C:\Users\user\AppData\Local\Temp\MSI2D4.tmp C:\Users\user\AppData\Local\Temp\MSIAF3.tmp C:\Users\user\AppData\Local\Temp\MSI139F.tmp C:\Users\user\AppData\Local\Temp\MSI1C4A.tmp C:\Users\user\AppData\Local\Temp\MSI245A.tmp C:\Users\user\AppData\Local\Temp\MSI2C79.tmp C:\Users\user\AppData\Local\Temp\MSI3544.tmp C:\Users\user\AppData\Local\Temp\MSI3D53.tmp C:\Users\user\AppData\Local\Temp\MSI4573.tmp C:\Users\user\AppData\Local\Temp\MSI4D92.tmp C:\Users\user\AppData\Local\Temp\MSI564D.tmp C:\Users\user\AppData\Local\Temp\MSI5E6C.tmp C:\Users\user\AppData\Local\Temp\MSI667C.tmp C:\Users\user\AppData\Local\Temp\MSI6E8B.tmp C:\Users\user\AppData\Local\Temp\MSI7737.tmp C:\Users\user\AppData\Local\Temp\MSI8002.tmp C:\Users\user\AppData\Local\Temp\MSI8811.tmp C:\Users\user\AppData\Local\Temp\MSI9050.tmp C:\Users\user\AppData\Local\Temp\MSI98FC.tmp C:\Users\user\AppData\Local\Temp\MSIA1A7.tmp C:\Users\user\AppData\Local\Temp\MSIAA34.tmp C:\Users\user\AppData\Local\Temp\MSIB2FF.tmp C:\Users\user\AppData\Local\Temp\MSIBBBA.tmp C:\Users\user\AppData\Local\Temp\MSIC3CA.tmp C:\Users\user\AppData\Local\Temp\MSICBE9.tmp C:\Users\user\AppData\Local\Temp\MSID4A4.tmp C:\Users\user\AppData\Local\Temp\MSIDD60.tmp C:\Users\user\AppData\Local\Temp\MSIE5AE.tmp C:\Users\user\AppData\Local\Temp\MSIEDCD.tmp C:\Users\user\AppData\Local\Temp\MSIF5EC.tmp C:\Users\user\AppData\Local\Temp\MSIFEB7.tmp C:\Users\user\AppData\Local\Temp\MSI753.tmp C:\Users\user\AppData\Local\Temp\MSIF72.tmp C:\Users\user\AppData\Local\Temp\MSI183D.tmp C:\Users\user\AppData\Local\Temp\MSI206C.tmp C:\Users\user\AppData\Local\Temp\MSI2927.tmp C:\Users\user\AppData\Local\Temp\MSI3146.tmp C:\Users\user\AppData\Local\Temp\MSI39A4.tmp C:\Users\user\AppData\Local\Temp\MSI426F.tmp C:\Users\user\AppData\Local\Temp\MSI4A7E.tmp C:\Users\user\AppData\Local\Temp\MSI52AD.tmp C:\Users\user\AppData\Local\Temp\MSI5ABD.tmp C:\Users\user\AppData\Local\Temp\MSI62CC.tmp C:\Users\user\AppData\Local\Temp\MSI6B88.tmp C:\Users\user\AppData\Local\Temp\MSI7472.tmp C:\Users\user\AppData\Local\Temp\MSI7C91.tmp C:\Users\user\AppData\Local\Temp\MSI84A0.tmp C:\Users\user\AppData\Local\Temp\MSI8DBA.tmp C:\Users\user\AppData\Local\Temp\MSI95C9.tmp C:\Users\user\AppData\Local\Temp\MSI9E94.tmp C:\Users\user\AppData\Local\Temp\MSIA74F.tmp C:\Users\user\AppData\Local\Temp\MSIAF5F.tmp C:\Users\user\AppData\Local\Temp\MSIB81A.tmp C:\Users\user\AppData\Local\Temp\MSIC039.tmp C:\Users\user\AppData\Local\Temp\MSIC878.tmp C:\Users\user\AppData\Local\Temp\MSID097.tmp C:\Users\user\AppData\Local\Temp\MSID952.tmp C:\Users\user\AppData\Local\Temp\MSIE171.tmp C:\Users\user\AppData\Local\Temp\MSIE981.tmp C:\Users\user\AppData\Local\Temp\MSIF190.tmp C:\Users\user\AppData\Local\Temp\MSIFAAA.tmp C:\Users\user\AppData\Local\Temp\MSI2B9.tmp C:\Users\user\AppData\Local\Temp\MSIAC9.tmp C:\Users\user\AppData\Local\Temp\MSI1394.tmp C:\Users\user\AppData\Local\Temp\MSI1C9D.tmp C:\Users\user\AppData\Local\Temp\MSI2587.tmp C:\Users\user\AppData\Local\Temp\MSI2DA6.tmp C:\Users\user\AppData\Local\Temp\MSI36A0.tmp C:\Users\user\AppData\Local\Temp\MSI3F7B.tmp C:\Users\user\AppData\Local\Temp\MSI4846.tmp C:\Users\user\AppData\Local\Temp\MSI5055.tmp C:\Users\user\AppData\Local\Temp\MSI5911.tmp C:\Users\user\AppData\Local\Temp\MSI61BD.tmp C:\Users\user\AppData\Local\Temp\MSI69CC.tmp C:\Users\user\AppData\Local\Temp\MSI72C6.tmp C:\Users\user\AppData\Local\Temp\MSI7B91.tmp C:\Users\user\AppData\Local\Temp\MSI847B.tmp C:\Users\user\AppData\Local\Temp\MSI8CC9.tmp C:\Users\user\AppData\Local\Temp\MSI9594.tmp C:\Users\user\AppData\Local\Temp\MSI9E40.tmp C:\Users\user\AppData\Local\Temp\MSIA65F.tmp C:\Users\user\AppData\Local\Temp\MSIAF1A.tmp C:\Users\user\AppData\Local\Temp\MSIB7F5.tmp C:\Users\user\AppData\Local\Temp\MSIC005.tmp C:\Users\user\AppData\Local\Temp\MSIC833.tmp C:\Users\user\AppData\Local\Temp\MSID11E.tmp C:\Users\user\AppData\Local\Temp\MSID9C9.tmp C:\Users\user\AppData\Local\Temp\MSIE2F2.tmp C:\Users\user\AppData\Local\Temp\MSIEBCD.tmp C:\Users\user\AppData\Local\Temp\MSIF4A7.tmp C:\Users\user\AppData\Local\Temp\MSIFCB7.tmp C:\Users\user\AppData\Local\Temp\MSI4F5.tmp C:\Users\user\AppData\Local\Temp\MSICF5.tmp C:\Users\user\AppData\Local\Temp\MSI15C0.tmp C:\Users\user\AppData\Local\Temp\MSI1DDF.tmp C:\Users\user\AppData\Local\Temp\MSI26D9.tmp C:\Users\user\AppData\Local\Temp\MSI2F08.tmp C:\Users\user\AppData\Local\Temp\MSI37E2.tmp C:\Users\user\AppData\Local\Temp\MSI4030.tmp C:\Users\user\AppData\Local\Temp\MSI4850.tmp C:\Users\user\AppData\Local\Temp\MSI512A.tmp C:\Users\user\AppData\Local\Temp\MSI5978.tmp C:\Users\user\AppData\Local\Temp\MSI61C6.tmp C:\Users\user\AppData\Local\Temp\MSI6A14.tmp C:\Users\user\AppData\Local\Temp\MSI7233.tmp C:\Users\user\AppData\Local\Temp\MSI7B0E.tmp |
Type : PE32 executable (DLL) (GUI) Intel 80386, for MS Windows MD5 : 83c8556d406326881b0f02098ffb2e69 SHA-1 : 00812e42f39f92ba17bda9debc3fe0ea67768431 SHA-256 : 6d5a0dcebc16e79476f1ddcf7a6528dd39021cbcafaf2ccd633e6887c4b01641 SHA-512 : 4ac30ca8063d50521bc2afc2837ff5699dd5105d35678e3fa189ac2e7a98165f2d5152955653e7158e26b3e5b8c9c389ca23484ed9e4cbcab902072cba559f9a Size : 1181.48 Kilobytes. |
|
C:\Users\user\AppData\Local\Temp\{EBDCCEFC-D42B-4724-9037-FDC238639170}\0x0410.ini |
Type : Little-endian UTF-16 Unicode text, with very long lines, with CRLF, CR line terminators MD5 : f89fc24fce7b72a6c9a6e1f9e7b22d8a SHA-1 : cd13c5dbd8c58ddc1f1727d45362358afac7fcf2 SHA-256 : 2970bb63e5bc3de4c693de313d715c0c5f93bd35e18cdaec56954034cc7653a6 SHA-512 : a55209b9419b9fef4d6107956131e6bda36bd281c94416c39788aa8e926a7a44dae19544a46c84cd2337678a3a4af753fad73e024bae19da4d536186a061013a Size : 25.188 Kilobytes. |
|
C:\Users\user\AppData\Local\Temp\{EBDCCEFC-D42B-4724-9037-FDC238639170}\0x040c.ini |
Type : Little-endian UTF-16 Unicode text, with very long lines, with CRLF, CR line terminators MD5 : 35989450c8121207917f04d1ebe4ca2a SHA-1 : 0037ec09f27d222cad447288bd2462d63aba2520 SHA-256 : b14d9d7afc505868407c425cb5a78c891baa8a6ac8eb35cfb3d71c71f5bee1fa SHA-512 : 1cf2a0130679ab238c5e41bb1de21f6f915595af7cc9b90ecfce2d05075cf3ba92ccab464a7291efd1ee4cdba54a01d61beb75b919ad687fba178a95486b26f8 Size : 26.27 Kilobytes. |
|
C:\Users\user\AppData\Local\Temp\~F051.tmp C:\Users\user\AppData\Local\Temp\~F0DE.tmp C:\Users\user\AppData\Local\Temp\{EBDCCEFC-D42B-4724-9037-FDC238639170}\Setup.INI |
Type : Little-endian UTF-16 Unicode text, with CRLF, CR line terminators MD5 : 16e627fc59b4624af90ebc681972239d SHA-1 : 8c48731767afb2d4e181d105d6024c87568dd0f8 SHA-256 : f5be85846ddc34fedc7e36190d60f28a9ff2211dc683f2155cfcabf7b70e906a SHA-512 : 77f600af0eb13492ef5fb32fe6dc7db7d6f06f76fb15b53df1fa5e8411b616d750ead82b7210371af99bc91539d2cb8df5105067249caed906fba98c581f8f22 Size : 5.482 Kilobytes. |
| Match Rules |
|---|
| File Name: | ytdExtension.exe |
| File Type: | PE32 executable (GUI) Intel 80386, for MS Windows |
| SHA1: | 97bb018562de4854ad68e542c7685c4f39dedda7 |
| MD5: | f4a1c71167bb541e34d5e54012acf7f6 |
| First Seen Date: | 2017-05-04 23:02:14.349442 ( ) |
| Number of Clients Seen: | 7 |
| Last Analysis Date: | 2017-05-04 23:02:14.349442 ( ) |
| Human Expert Analysis Result: | No human expert analysis verdict given to this sample yet. |
| Property | Value |
|---|---|
| number of sections | 4 |
| compilation time stamp | 0x4F97505C [Wed Apr 25 01:16:12 2012 UTC] |
| LegalCopyright | Copyright \xa9 2005-2015 Spigot, Inc. |
| ISInternalVersion | 19.0.160 |
| InternalName | Setup |
| FileVersion | 27.3 |
| CompanyName | Spigot, Inc. |
| Internal Build Number | 115289 |
| ProductName | YTD Extension v27.3 |
| ProductVersion | 27.3 |
| FileDescription | Setup Launcher Unicode |
| ISInternalDescription | Setup Launcher Unicode |
| OriginalFilename | InstallShield Setup.exe |
| Translation | 0x0409 0x04b0 |
| entry point | 0x46aabb (.text) |
| machine type | Intel 386 or later - 32Bit |
| file size | 4913656 |
| sha256 | 9c7d11177c3b4423d952247336160f134e641c6023330087b6b277ecc3f9ad6d |
| mime type | application/x-dosexec |
| Name | Virtual Address | Virtual Size | Raw Size | Entropy | MD5 |
|---|---|---|---|---|---|
| .text | 0x1000 | 0xae20d | 0xae400 | 6.588312 | - |
| .rdata | 0xb0000 | 0x291e0 | 0x29200 | 4.913290 | - |
| .data | 0xda000 | 0x8828 | 0x2800 | 4.541632 | - |
| .rsrc | 0xe3000 | 0x4df04 | 0x4e000 | 6.574915 | - |
-
VERSION.dll
- VerQueryValueW
- GetFileVersionInfoSizeW
- GetFileVersionInfoW
-
COMCTL32.dll
- None
-
KERNEL32.dll
- SizeofResource
- LoadResource
- FindResourceW
- GlobalUnlock
- GlobalLock
- GlobalFree
- GetTickCount
- GetExitCodeThread
- CreateThread
- CopyFileW
- InterlockedIncrement
- GetVersionExW
- CompareStringA
- CompareStringW
- CreateEventW
- InterlockedDecrement
- QueryPerformanceFrequency
- lstrcatW
- GetTempFileNameW
- LoadLibraryW
- FreeLibrary
- GetProcAddress
- GetSystemDefaultLangID
- GetUserDefaultLangID
- lstrcmpW
- lstrcmpiW
- VerLanguageNameW
- FindClose
- FindNextFileW
- CompareFileTime
- FindFirstFileW
- MoveFileW
- GetPrivateProfileStringW
- CreateDirectoryW
- SetFileAttributesW
- GetSystemTimeAsFileTime
- LocalFree
- FormatMessageW
- GetSystemInfo
- MulDiv
- RaiseException
- InitializeCriticalSection
- DeleteCriticalSection
- EnterCriticalSection
- LeaveCriticalSection
- LoadLibraryExW
- GetModuleHandleW
- GetVersion
- GetLocalTime
- IsValidLocale
- GetFileAttributesW
- GetCommandLineW
- lstrcpyA
- VirtualQuery
- IsBadReadPtr
- FlushFileBuffers
- SetEndOfFile
- GetDriveTypeW
- GetLocaleInfoW
- GetCurrentThread
- GetDiskFreeSpaceW
- GetExitCodeProcess
- LocalAlloc
- GetModuleFileNameW
- GlobalAlloc
- SetStdHandle
- GetTimeZoneInformation
- GetConsoleMode
- GetConsoleCP
- LCMapStringA
- InitializeCriticalSectionAndSpinCount
- SetConsoleCtrlHandler
- SetThreadContext
- GetStringTypeA
- EnumSystemLocalesA
- GetLocaleInfoA
- GetUserDefaultLCID
- GetDateFormatA
- GetTimeFormatA
- GetStartupInfoA
- GetFileType
- SetHandleCount
- GetEnvironmentStringsW
- FreeEnvironmentStringsW
- HeapDestroy
- HeapCreate
- HeapReAlloc
- VirtualAlloc
- VirtualFree
- FatalAppExitA
- GetModuleHandleA
- LCMapStringW
- IsValidCodePage
- GetOEMCP
- GetACP
- GetCPInfo
- HeapSize
- GetCurrentThreadId
- TlsFree
- TlsSetValue
- TlsAlloc
- TlsGetValue
- GetModuleFileNameA
- GetStdHandle
- GetStartupInfoW
- IsDebuggerPresent
- SetUnhandledExceptionFilter
- UnhandledExceptionFilter
- RtlUnwind
- lstrcpynA
- lstrcmpA
- SearchPathW
- lstrlenW
- VirtualProtect
- SystemTimeToFileTime
- QueryPerformanceCounter
- SetEvent
- ResetEvent
- GetCurrentProcessId
- GetEnvironmentVariableW
- CreateToolhelp32Snapshot
- Process32FirstW
- Process32NextW
- GetDateFormatW
- GetTimeFormatW
- GetCurrentDirectoryW
- FindResourceExW
- OpenProcess
- GetProcessTimes
- LockResource
- ExpandEnvironmentStringsW
- GetTempPathW
- SetErrorMode
- GetWindowsDirectoryW
- lstrcpyW
- GetSystemDirectoryW
- SetCurrentDirectoryW
- CreateProcessW
- WaitForSingleObject
- DeleteFileW
- RemoveDirectoryW
- Sleep
- ExitProcess
- GetCurrentProcess
- DuplicateHandle
- TerminateProcess
- MoveFileExW
- GetThreadContext
- VirtualProtectEx
- WriteProcessMemory
- LoadLibraryA
- FlushInstructionCache
- lstrcpynW
- GetProcessHeap
- HeapAlloc
- HeapFree
- WriteFile
- ReadFile
- SetFilePointer
- MultiByteToWideChar
- WideCharToMultiByte
- CreateFileW
- GetFileSize
- CreateFileMappingW
- MapViewOfFile
- UnmapViewOfFile
- CloseHandle
- lstrlenA
- GetLastError
- SetLastError
- GetStringTypeW
- ResumeThread
- SetEnvironmentVariableA
- CreateFileA
- WriteConsoleW
- InterlockedExchange
- WriteConsoleA
- GetConsoleOutputCP
-
USER32.dll
- ExitWindowsEx
- CharUpperW
- wvsprintfW
- SendDlgItemMessageW
- CharPrevW
- LoadImageW
- CreateDialogParamW
- MoveWindow
- SetCursor
- GetDlgItemTextW
- GetWindow
- SetFocus
- EnableWindow
- SetDlgItemTextW
- SetForegroundWindow
- SetActiveWindow
- GetDlgCtrlID
- FillRect
- GetSysColor
- GetSysColorBrush
- SendMessageW
- IsDialogMessageW
- GetWindowRect
- GetSystemMetrics
- SetRect
- FindWindowW
- IntersectRect
- SubtractRect
- IsWindow
- DestroyWindow
- CreateDialogIndirectParamW
- CharNextW
- MessageBoxW
- WaitForInputIdle
- GetWindowLongW
- SetWindowLongW
- GetClientRect
- ClientToScreen
- SetWindowPos
- GetWindowDC
- ReleaseDC
- EndPaint
- BeginPaint
- EndDialog
- SetWindowTextW
- GetDlgItem
- ShowWindow
- DialogBoxIndirectParamW
- GetDesktopWindow
- MsgWaitForMultipleObjects
- PeekMessageW
- wsprintfW
- LoadIconW
- LoadCursorW
- RegisterClassW
- CreateWindowExW
- GetMessageW
- TranslateMessage
- DispatchMessageW
- DefWindowProcW
- PostMessageW
- KillTimer
- PostQuitMessage
- SetTimer
- GetDC
-
GDI32.dll
- GetDIBColorTable
- GetSystemPaletteEntries
- CreatePalette
- CreateHalftonePalette
- UnrealizeObject
- SelectPalette
- RealizePalette
- CreateFontW
- SetBkMode
- SetTextColor
- GetObjectW
- GetDeviceCaps
- CreateFontIndirectW
- CreateSolidBrush
- CreateCompatibleDC
- SelectObject
- BitBlt
- CreateDIBitmap
- DeleteDC
- DeleteObject
- GetStockObject
- TranslateCharsetInfo
-
ADVAPI32.dll
- RegEnumKeyW
- RegCreateKeyW
- LookupPrivilegeValueW
- OpenThreadToken
- OpenProcessToken
- GetTokenInformation
- AllocateAndInitializeSid
- EqualSid
- FreeSid
- InitializeSecurityDescriptor
- SetSecurityDescriptorOwner
- SetSecurityDescriptorGroup
- SetSecurityDescriptorDacl
- RegEnumKeyExW
- RegQueryInfoKeyW
- RegDeleteKeyW
- RegEnumValueW
- RegSetValueExW
- RegCreateKeyExW
- RegDeleteValueW
- RegQueryValueExW
- RegOpenKeyExW
- RegCloseKey
- AdjustTokenPrivileges
- RegOpenKeyW
-
SHELL32.dll
- SHBrowseForFolderW
- SHGetPathFromIDListW
- SHGetMalloc
- SHGetSpecialFolderLocation
- ShellExecuteExW
- ShellExecuteW
- CommandLineToArgvW
-
ole32.dll
- CoTaskMemFree
- CoTaskMemRealloc
- CoTaskMemAlloc
- CLSIDFromProgID
- CoInitialize
- CoCreateGuid
- CreateItemMoniker
- GetRunningObjectTable
- StringFromGUID2
- ProgIDFromCLSID
- CoUninitialize
- CoInitializeSecurity
- CoCreateInstance
-
OLEAUT32.dll
- VariantClear
- VarBstrFromDate
- SysStringByteLen
- GetErrorInfo
- VarUI4FromStr
- SystemTimeToVariantTime
- CreateErrorInfo
- SysAllocStringByteLen
- SysAllocString
- LoadTypeLib
- RegisterTypeLib
- SetErrorInfo
- VariantChangeType
- SysFreeString
- SysAllocStringLen
- SysReAllocStringLen
- SysStringLen
- VarBstrCat
-
RPCRT4.dll
- UuidCreate
- RpcStringFreeW
- UuidFromStringW
- UuidToStringW
RT_BITMAP
RT_ICON
RT_DIALOG
RT_STRING
RT_GROUP_ICON
RT_VERSION
RT_MANIFEST