b5750ca42d86b0c648a93543debad056e0a7fb6b726cbee7b949e9e3ac85a479

Sharing

Copy URL Twitter E-mail

General

Target

b5750ca42d86b0c648a93543debad056e0a7fb6b726cbee7b949e9e3ac85a479
Size

3.4MB
MD5

b6442410b136e9d722b9083f6a919ffb
SHA1

7b735c664b66a207314455f88c417d11180df101
SHA256

b5750ca42d86b0c648a93543debad056e0a7fb6b726cbee7b949e9e3ac85a479
SHA512

4ccd3c7284b952800304e49738aff226a63a7037618a85c31334fe1bf7a8ae9efdf69ff3eb73a882d1d1e914138702eca70a3763d468708a34fd783d217fd4e3
SSDEEP

98304:OGcM1+10zOYAHlly3t2fuSW6dTQ9VHId16NaM:u1ly38fuSW6dTZdINaM

Score

N/A

Malware Config

Signatures

Files

b5750ca42d86b0c648a93543debad056e0a7fb6b726cbee7b949e9e3ac85a479
.rar
amd64_microsoft-windows-dui70.resources_31bf3856ad364e35_10.0.22621.1_en-us_c35d897f5745fe37/dui70.dll.mui
.dll windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.rdata
Size: 512B - Virtual size: 224B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
amd64_microsoft-windows-dui70_31bf3856ad364e35_10.0.22621.1_none_b94a7b84f1d8f736/dui70.dll
.dll windows x64

664b7ba37c9bf373236f627fa0def42c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

msvcrt

ceilf
cosf
expf
floor
floorf
memcmp
memcpy
memmove
memset
powf
sin
sinf
sqrt
sqrtf
??1type_info@@UEAA@XZ
_onexit
__dllonexit
acosf
_lock
__CxxFrameHandler3
_initterm
_amsg_exit
_XcptFilter
_callnewh
malloc
wprintf
realloc
_isnan
iswalnum
_wcsnicmp
wcsstr
wcstok_s
iswalpha
wcsrchr
wcscspn
_wtol
iswdigit
_wtof
_snwscanf_s
wcsncmp
iswspace
free
_wcsdup
wcstol
wcschr
memcpy_s
_vsnprintf
__C_specific_handler
_vsnwprintf
__RTDynamicCast
_wcsicmp
_purecall
qsort
_unlock
wcscmp

ntdll

RtlUnsubscribeWnfStateChangeNotification
RtlSubscribeWnfStateChangeNotification
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
RtlPublishWnfStateData
RtlCaptureStackBackTrace
EtwEventWriteTransfer
EtwEventSetInformation
EtwEventRegister
EtwEventUnregister
EtwLogTraceEvent
EtwUnregisterTraceGuids
EtwGetTraceEnableFlags
EtwGetTraceLoggerHandle
EtwGetTraceEnableLevel
EtwRegisterTraceGuidsW
RtlQueryWnfStateData

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemDirectoryW
GetTickCount64
GetVersionExW
GetVersion
GetSystemTimeAsFileTime

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleExW
FreeLibrary
GetModuleFileNameW
FindResourceExW
GetModuleFileNameA
SizeofResource
LoadResource
FreeLibraryAndExitThread
LoadLibraryExW
GetProcAddress
GetModuleHandleW
DisableThreadLibraryCalls
LockResource
LoadStringW

api-ms-win-core-heap-l1-1-0

HeapAlloc
HeapFree
GetProcessHeap
HeapReAlloc

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcessId
TlsFree
TlsAlloc
TerminateProcess
GetCurrentProcess
GetCurrentThreadId
TlsSetValue
TlsGetValue
CreateThread

api-ms-win-core-errorhandling-l1-1-0

RaiseException
SetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetLastError

api-ms-win-core-synch-l1-1-0

InitializeSRWLock
EnterCriticalSection
ReleaseSemaphore
ReleaseMutex
LeaveCriticalSection
WaitForSingleObjectEx
WaitForSingleObject
CreateMutexExW
CreateSemaphoreExW
InitializeCriticalSectionEx
DeleteCriticalSection
ReleaseSRWLockExclusive
InitializeCriticalSectionAndSpinCount
CreateEventW
SetEvent
ResetEvent
InitializeCriticalSection
AcquireSRWLockExclusive
CreateEventExW
OpenMutexW
AcquireSRWLockShared
ReleaseSRWLockShared
OpenSemaphoreW

api-ms-win-core-string-l1-1-0

CompareStringW
WideCharToMultiByte
CompareStringOrdinal
MultiByteToWideChar

api-ms-win-core-registry-l1-1-0

RegCloseKey
RegGetValueW
RegQueryValueExW
RegOpenKeyExW

api-ms-win-core-file-l1-1-0

SetFilePointer
WriteFile
GetFileSize
GetFileSizeEx
CreateFileW
ReadFile

api-ms-win-core-memory-l1-1-0

VirtualQueryEx
CreateFileMappingW
UnmapViewOfFile
MapViewOfFile

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW
FindResourceW

api-ms-win-core-synch-l1-2-0

WakeAllConditionVariable
InitOnceComplete
Sleep
InitOnceBeginInitialize
InitOnceExecuteOnce
SleepConditionVariableSRW

api-ms-win-core-path-l1-1-0

PathCchAppend

api-ms-win-core-debug-l1-1-0

OutputDebugStringA
IsDebuggerPresent
OutputDebugStringW
DebugBreak

api-ms-win-core-localization-l1-2-0

GetThreadLocale
SetThreadPreferredUILanguages
GetLocaleInfoW
GetThreadUILanguage
FormatMessageW
GetThreadPreferredUILanguages

api-ms-win-core-string-l2-1-0

IsCharAlphaNumericW
CharUpperW

api-ms-win-core-memory-l1-1-1

SetProcessWorkingSetSizeEx
PrefetchVirtualMemory

api-ms-win-core-synch-l1-2-1

CreateSemaphoreW
WaitForMultipleObjects

api-ms-win-core-heap-l2-1-0

LocalFree
LocalAlloc
GlobalFree
GlobalAlloc

api-ms-win-core-localization-l1-2-2

LCIDToLocaleName

api-ms-win-core-profile-l1-1-0

QueryPerformanceFrequency
QueryPerformanceCounter

api-ms-win-core-threadpool-l1-2-0

WaitForThreadpoolWaitCallbacks
SetThreadpoolWait
CreateThreadpoolWait
CloseThreadpoolWait

api-ms-win-core-kernel32-legacy-l1-1-0

MulDiv

api-ms-win-core-atoms-l1-1-0

GetAtomNameW
AddAtomW
DeleteAtom
FindAtomW

api-ms-win-core-stringansi-l1-1-0

CharUpperA

api-ms-win-core-localization-obsolete-l1-2-0

GetUserDefaultUILanguage

api-ms-win-core-shlwapi-obsolete-l1-1-0

StrTrimW

api-ms-win-core-heap-obsolete-l1-1-0

GlobalUnlock
GlobalLock

api-ms-win-core-sidebyside-l1-1-0

FindActCtxSectionStringW
QueryActCtxW
CreateActCtxW
DeactivateActCtx
ActivateActCtx

user32

ord2706
ord2705
ord2707
IsTopLevelWindow
ord2565
IsThreadDesktopComposited
UnionRect
RealGetWindowClassW
ord2635
GetSysColorBrush
ReleaseDC
LoadImageW
GetDC
KillTimer
SetTimer
GetSysColor
GetPropW
IsWindow
SetScrollInfo
GetScrollInfo
GetKeyState
GetForegroundWindow
RegisterPowerSettingNotification
UnregisterPowerSettingNotification
SetLayeredWindowAttributes
GetAncestor
GetSystemMetricsForDpi
GetThreadDpiAwarenessContext
AreDpiAwarenessContextsEqual
GetDpiForSystem
MonitorFromRect
RemovePropW
SetPropW
GetActiveWindow
CallNextHookEx
UnhookWindowsHookEx
SetWindowsHookExW
SubtractRect
MoveWindow
SystemParametersInfoW
FillRect
OffsetRect
GetCaretBlinkTime
CopyImage
SetCaretPos
HideCaret
ShowCaret
DestroyCaret
CreateCaret
PtInRect
GetClientRect
RegisterWindowMessageW
MapWindowPoints
RedrawWindow
SetWindowRgn
GetWindowRgnBox
UpdateWindow
GetClassLongW
SetFocus
SetWindowTextW
IsChild
GetFocus
ShowWindow
SetParent
CallWindowProcW
GetDpiForWindow
GetWindowTextW
GetWindowTextLengthW
EnableWindow
GetCursorPos
CreateIconIndirect
LoadCursorFromFileW
DestroyIcon
GetIconInfo
PostQuitMessage
DispatchMessageW
TranslateMessage
GetMessageW
DrawFocusRect
FrameRect
DrawIconEx
CopyRect
SetRect
GetKeyNameTextW
MapVirtualKeyW
DrawFrameControl
InflateRect
GetSystemMetrics
DrawTextW
EqualRect
SetCursor
PostMessageW
EnumChildWindows
InvalidateRect
MonitorFromWindow
GetMonitorInfoW
GetWindowRect
AdjustWindowRectEx
GetParent
SetWindowLongW
GetWindowLongW
ClientToScreen
SetWindowPos
DestroyWindow
GetWindowLongPtrW
SetWindowLongPtrW
CreateWindowExW
RegisterClassExW
DefWindowProcW
LoadCursorW
GetClassInfoExW
SendMessageW
SetRectEmpty
IsRectEmpty
IntersectRect
GetGUIThreadInfo
ScreenToClient
NotifyWinEvent

gdi32

GetCurrentObject
CreateFontIndirectW
CreatePatternBrush
GetDeviceCaps
GetObjectW
CreateCompatibleDC
SelectObject
CreateCompatibleBitmap
CreateHalftonePalette
SelectPalette
RealizePalette
GetBrushOrgEx
SetStretchBltMode
SetBrushOrgEx
StretchBlt
DeleteDC
CreateDIBSection
GetDIBits
GdiGetCharDimensions
CreateBitmap
GetDCBrushColor
GetRgnBox
OffsetRgn
CombineRgn
ExtCreateRegion
GetRegionData
RectVisible
SetWindowOrgEx
OffsetWindowOrgEx
GetBkMode
GetTextMetricsW
DeleteEnhMetaFile
GetEnhMetaFileHeader
GetPixel
GetTextExtentPoint32W
SetPixel
GetTextColor
GdiGradientFill
PlayEnhMetaFile
SetDCBrushColor
SetBkMode
SetTextColor
DeleteObject
GetTextAlign
SetTextAlign
SelectClipRgn
IntersectClipRect
GetClipRgn
CreateRectRgn
GetStockObject
ExtTextOutW
SetBkColor
GetBkColor
PatBlt
LPtoDP
CreateSolidBrush
StretchDIBits
GdiTransparentBlt
GdiAlphaBlend
BitBlt
SetLayout
GetLayout
CreateDIBPatternBrushPt

kernelbase

GetCurrentPackageId

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

Exports

Exports

??0?$PatternProvider@VExpandCollapseProvider@DirectUI@@UIExpandCollapseProvider@@$00@DirectUI@@QEAA@XZ
??0?$PatternProvider@VGridItemProvider@DirectUI@@UIGridItemProvider@@$01@DirectUI@@QEAA@XZ
??0?$PatternProvider@VGridProvider@DirectUI@@UIGridProvider@@$02@DirectUI@@QEAA@XZ
??0?$PatternProvider@VInvokeProvider@DirectUI@@UIInvokeProvider@@$0A@@DirectUI@@QEAA@XZ
??0?$PatternProvider@VRangeValueProvider@DirectUI@@UIRangeValueProvider@@$03@DirectUI@@QEAA@XZ
??0?$PatternProvider@VScrollItemProvider@DirectUI@@UIScrollItemProvider@@$05@DirectUI@@QEAA@XZ
??0?$PatternProvider@VScrollProvider@DirectUI@@UIScrollProvider@@$04@DirectUI@@QEAA@XZ
??0?$PatternProvider@VSelectionItemProvider@DirectUI@@UISelectionItemProvider@@$06@DirectUI@@QEAA@XZ
??0?$PatternProvider@VSelectionProvider@DirectUI@@UISelectionProvider@@$07@DirectUI@@QEAA@XZ
??0?$PatternProvider@VTableItemProvider@DirectUI@@UITableItemProvider@@$09@DirectUI@@QEAA@XZ
??0?$PatternProvider@VTableProvider@DirectUI@@UITableProvider@@$08@DirectUI@@QEAA@XZ
??0?$PatternProvider@VToggleProvider@DirectUI@@UIToggleProvider@@$0L@@DirectUI@@QEAA@XZ
??0?$PatternProvider@VValueProvider@DirectUI@@UIValueProvider@@$0M@@DirectUI@@QEAA@XZ
??0?$SafeArrayAccessor@H@DirectUI@@QEAA@XZ
??0AccessibleButton@DirectUI@@QEAA@$$QEAV01@@Z
??0AccessibleButton@DirectUI@@QEAA@AEBV01@@Z
??0AccessibleButton@DirectUI@@QEAA@XZ
??0AnimationStrip@DirectUI@@QEAA@AEBV01@@Z
??0AnimationStrip@DirectUI@@QEAA@XZ
??0AutoButton@DirectUI@@QEAA@$$QEAV01@@Z
??0AutoButton@DirectUI@@QEAA@AEBV01@@Z
??0AutoButton@DirectUI@@QEAA@XZ
??0AutoLock@DirectUI@@QEAA@PEAU_RTL_CRITICAL_SECTION@@@Z
??0AutoThread@DirectUI@@QEAA@XZ
??0AutoVariant@DirectUI@@QEAA@XZ
??0BaseScrollBar@DirectUI@@QEAA@$$QEAV01@@Z
??0BaseScrollBar@DirectUI@@QEAA@AEBV01@@Z
??0BaseScrollBar@DirectUI@@QEAA@XZ
??0BaseScrollViewer@DirectUI@@QEAA@AEBV01@@Z
??0BaseScrollViewer@DirectUI@@QEAA@XZ
??0Bind@DirectUI@@QEAA@$$QEAV01@@Z
??0Bind@DirectUI@@QEAA@AEBV01@@Z
??0Bind@DirectUI@@QEAA@XZ
??0BorderLayout@DirectUI@@QEAA@AEBV01@@Z
??0BorderLayout@DirectUI@@QEAA@XZ
??0Browser@DirectUI@@QEAA@$$QEAV01@@Z
??0Browser@DirectUI@@QEAA@AEBV01@@Z
??0Browser@DirectUI@@QEAA@XZ
??0BrowserSelectionProxy@DirectUI@@QEAA@$$QEAV01@@Z
??0BrowserSelectionProxy@DirectUI@@QEAA@AEBV01@@Z
??0BrowserSelectionProxy@DirectUI@@QEAA@XZ
??0Button@DirectUI@@QEAA@AEBV01@@Z
??0Button@DirectUI@@QEAA@XZ
??0CCAVI@DirectUI@@QEAA@$$QEAV01@@Z
??0CCAVI@DirectUI@@QEAA@AEBV01@@Z
??0CCAVI@DirectUI@@QEAA@XZ
??0CCBase@DirectUI@@QEAA@AEBV01@@Z
??0CCBase@DirectUI@@QEAA@KPEBG@Z
??0CCBaseCheckRadioButton@DirectUI@@QEAA@$$QEAV01@@Z
??0CCBaseCheckRadioButton@DirectUI@@QEAA@AEBV01@@Z
??0CCBaseCheckRadioButton@DirectUI@@QEAA@K@Z
??0CCBaseScrollBar@DirectUI@@QEAA@$$QEAV01@@Z
??0CCBaseScrollBar@DirectUI@@QEAA@AEBV01@@Z
??0CCBaseScrollBar@DirectUI@@QEAA@K@Z
??0CCCheckBox@DirectUI@@QEAA@$$QEAV01@@Z
??0CCCheckBox@DirectUI@@QEAA@AEBV01@@Z
??0CCCheckBox@DirectUI@@QEAA@K@Z
??0CCCommandLink@DirectUI@@QEAA@$$QEAV01@@Z
??0CCCommandLink@DirectUI@@QEAA@AEBV01@@Z
??0CCCommandLink@DirectUI@@QEAA@K@Z
??0CCHScrollBar@DirectUI@@QEAA@$$QEAV01@@Z
??0CCHScrollBar@DirectUI@@QEAA@AEBV01@@Z
??0CCHScrollBar@DirectUI@@QEAA@XZ
??0CCListBox@DirectUI@@QEAA@$$QEAV01@@Z
??0CCListBox@DirectUI@@QEAA@AEBV01@@Z
??0CCListBox@DirectUI@@QEAA@XZ
??0CCListView@DirectUI@@QEAA@$$QEAV01@@Z
??0CCListView@DirectUI@@QEAA@AEBV01@@Z
??0CCListView@DirectUI@@QEAA@XZ
??0CCProgressBar@DirectUI@@QEAA@$$QEAV01@@Z
??0CCProgressBar@DirectUI@@QEAA@AEBV01@@Z
??0CCProgressBar@DirectUI@@QEAA@XZ
??0CCPushButton@DirectUI@@QEAA@$$QEAV01@@Z
??0CCPushButton@DirectUI@@QEAA@AEBV01@@Z
??0CCPushButton@DirectUI@@QEAA@K@Z
??0CCRadioButton@DirectUI@@QEAA@$$QEAV01@@Z
??0CCRadioButton@DirectUI@@QEAA@AEBV01@@Z
??0CCRadioButton@DirectUI@@QEAA@XZ
??0CCSysLink@DirectUI@@QEAA@$$QEAV01@@Z
??0CCSysLink@DirectUI@@QEAA@AEBV01@@Z
??0CCSysLink@DirectUI@@QEAA@XZ
??0CCTrackBar@DirectUI@@QEAA@$$QEAV01@@Z
??0CCTrackBar@DirectUI@@QEAA@AEBV01@@Z
??0CCTrackBar@DirectUI@@QEAA@XZ
??0CCTreeView@DirectUI@@QEAA@$$QEAV01@@Z
??0CCTreeView@DirectUI@@QEAA@AEBV01@@Z
??0CCTreeView@DirectUI@@QEAA@K@Z
??0CCVScrollBar@DirectUI@@QEAA@$$QEAV01@@Z
??0CCVScrollBar@DirectUI@@QEAA@AEBV01@@Z
??0CCVScrollBar@DirectUI@@QEAA@XZ
??0CallstackTracker@DirectUI@@QEAA@XZ
??0CheckBoxGlyph@DirectUI@@QEAA@AEBV01@@Z
??0CheckBoxGlyph@DirectUI@@QEAA@XZ
??0ClassInfoBase@DirectUI@@QEAA@AEBV01@@Z
??0ClassInfoBase@DirectUI@@QEAA@XZ
??0Clipper@DirectUI@@QEAA@$$QEAV01@@Z
??0Clipper@DirectUI@@QEAA@AEBV01@@Z
??0Clipper@DirectUI@@QEAA@XZ
??0Combobox@DirectUI@@QEAA@AEBV01@@Z
??0Combobox@DirectUI@@QEAA@XZ
??0CritSecLock@DirectUI@@QEAA@PEAU_RTL_CRITICAL_SECTION@@@Z
??0DCSurface@DirectUI@@QEAA@AEBV01@@Z
??0DCSurface@DirectUI@@QEAA@PEAUHDC__@@@Z
??0DUIFactory@DirectUI@@QEAA@PEAUHWND__@@@Z
??0DUIXmlParser@DirectUI@@QEAA@AEBV01@@Z
??0DUIXmlParser@DirectUI@@QEAA@XZ
??0DialogElement@DirectUI@@QEAA@$$QEAV01@@Z
??0DialogElement@DirectUI@@QEAA@AEBV01@@Z
??0DialogElement@DirectUI@@QEAA@XZ
??0DuiAccessible@DirectUI@@QEAA@XZ
??0Edit@DirectUI@@QEAA@AEBV01@@Z
??0Edit@DirectUI@@QEAA@XZ
??0Element@DirectUI@@QEAA@AEBV01@@Z
??0Element@DirectUI@@QEAA@XZ
??0ElementProvider@DirectUI@@QEAA@XZ
??0ElementProxy@DirectUI@@IEAA@XZ
??0ElementProxy@DirectUI@@QEAA@$$QEAV01@@Z
??0ElementProxy@DirectUI@@QEAA@AEBV01@@Z
??0ElementWithHWND@DirectUI@@QEAA@$$QEAV01@@Z
??0ElementWithHWND@DirectUI@@QEAA@AEBV01@@Z
??0ElementWithHWND@DirectUI@@QEAA@XZ
??0ExpandCollapseProvider@DirectUI@@QEAA@XZ
??0ExpandCollapseProxy@DirectUI@@QEAA@$$QEAV01@@Z
??0ExpandCollapseProxy@DirectUI@@QEAA@AEBV01@@Z
??0ExpandCollapseProxy@DirectUI@@QEAA@XZ
??0Expandable@DirectUI@@QEAA@$$QEAV01@@Z
??0Expandable@DirectUI@@QEAA@AEBV01@@Z
??0Expandable@DirectUI@@QEAA@XZ
??0Expando@DirectUI@@QEAA@$$QEAV01@@Z
??0Expando@DirectUI@@QEAA@AEBV01@@Z
??0Expando@DirectUI@@QEAA@XZ
??0ExpandoButtonGlyph@DirectUI@@QEAA@AEBV01@@Z
??0ExpandoButtonGlyph@DirectUI@@QEAA@XZ
??0FillLayout@DirectUI@@QEAA@AEBV01@@Z
??0FillLayout@DirectUI@@QEAA@XZ
??0FlowLayout@DirectUI@@QEAA@AEBV01@@Z
??0FlowLayout@DirectUI@@QEAA@XZ
??0FontCache@DirectUI@@QEAA@$$QEAV01@@Z
??0FontCache@DirectUI@@QEAA@AEBV01@@Z
??0FontCache@DirectUI@@QEAA@XZ
??0FontCheckOut@DirectUI@@QEAA@PEAVElement@1@PEAUHDC__@@@Z
??0GridItemProvider@DirectUI@@QEAA@XZ
??0GridItemProxy@DirectUI@@QEAA@$$QEAV01@@Z
??0GridItemProxy@DirectUI@@QEAA@AEBV01@@Z
??0GridItemProxy@DirectUI@@QEAA@XZ
??0GridLayout@DirectUI@@QEAA@AEBV01@@Z
??0GridLayout@DirectUI@@QEAA@XZ
??0GridProvider@DirectUI@@QEAA@XZ
??0GridProxy@DirectUI@@QEAA@$$QEAV01@@Z
??0GridProxy@DirectUI@@QEAA@AEBV01@@Z
??0GridProxy@DirectUI@@QEAA@XZ
??0HWNDElement@DirectUI@@QEAA@AEBV01@@Z
??0HWNDElement@DirectUI@@QEAA@XZ
??0HWNDElementAccessible@DirectUI@@QEAA@XZ
??0HWNDElementProvider@DirectUI@@QEAA@XZ
??0HWNDElementProxy@DirectUI@@IEAA@XZ
??0HWNDElementProxy@DirectUI@@QEAA@$$QEAV01@@Z
??0HWNDElementProxy@DirectUI@@QEAA@AEBV01@@Z
??0HWNDHost@DirectUI@@QEAA@AEBV01@@Z
??0HWNDHost@DirectUI@@QEAA@XZ
??0HWNDHostAccessible@DirectUI@@QEAA@XZ
??0HWNDHostClientAccessible@DirectUI@@QEAA@XZ
??0IDataEngine@DirectUI@@QEAA@AEBU01@@Z
??0IDataEngine@DirectUI@@QEAA@XZ
??0IDataEntry@DirectUI@@QEAA@AEBU01@@Z
??0IDataEntry@DirectUI@@QEAA@XZ
??0IProvider@DirectUI@@QEAA@$$QEAV01@@Z
??0IProvider@DirectUI@@QEAA@AEBV01@@Z
??0IProvider@DirectUI@@QEAA@XZ
??0ISBLeak@DirectUI@@QEAA@$$QEAU01@@Z
??0ISBLeak@DirectUI@@QEAA@AEBU01@@Z
??0ISBLeak@DirectUI@@QEAA@XZ
??0IXElementCP@DirectUI@@QEAA@$$QEAV01@@Z
??0IXElementCP@DirectUI@@QEAA@AEBV01@@Z
??0IXElementCP@DirectUI@@QEAA@XZ
??0IXProviderCP@DirectUI@@QEAA@$$QEAV01@@Z
??0IXProviderCP@DirectUI@@QEAA@AEBV01@@Z
??0IXProviderCP@DirectUI@@QEAA@XZ
??0InvokeHelper@DirectUI@@QEAA@XZ
??0InvokeProvider@DirectUI@@QEAA@XZ
??0InvokeProxy@DirectUI@@QEAA@$$QEAV01@@Z
??0InvokeProxy@DirectUI@@QEAA@AEBV01@@Z
??0InvokeProxy@DirectUI@@QEAA@XZ
??0ItemList@DirectUI@@QEAA@XZ
??0Layout@DirectUI@@QEAA@AEBV01@@Z
??0Layout@DirectUI@@QEAA@XZ
??0LinkedList@DirectUI@@QEAA@XZ
??0Macro@DirectUI@@QEAA@$$QEAV01@@Z
??0Macro@DirectUI@@QEAA@AEBV01@@Z
??0Macro@DirectUI@@QEAA@XZ
??0ModernProgressBar@DirectUI@@QEAA@XZ
??0ModernProgressBarRangeValueProxy@DirectUI@@QEAA@$$QEAV01@@Z
??0ModernProgressBarRangeValueProxy@DirectUI@@QEAA@AEBV01@@Z
??0ModernProgressBarRangeValueProxy@DirectUI@@QEAA@XZ
??0ModernProgressRing@DirectUI@@QEAA@XZ
??0Movie@DirectUI@@QEAA@AEBV01@@Z
??0Movie@DirectUI@@QEAA@XZ
??0NativeHWNDHost@DirectUI@@QEAA@AEBV01@@Z
??0NativeHWNDHost@DirectUI@@QEAA@XZ
??0Navigator@DirectUI@@QEAA@$$QEAV01@@Z
??0Navigator@DirectUI@@QEAA@AEBV01@@Z
??0Navigator@DirectUI@@QEAA@XZ
??0NavigatorSelectionItemProxy@DirectUI@@QEAA@$$QEAV01@@Z
??0NavigatorSelectionItemProxy@DirectUI@@QEAA@AEBV01@@Z
??0NavigatorSelectionItemProxy@DirectUI@@QEAA@XZ
??0NineGridLayout@DirectUI@@QEAA@AEBV01@@Z
??0NineGridLayout@DirectUI@@QEAA@XZ
??0PText@DirectUI@@QEAA@AEBV01@@Z
??0PText@DirectUI@@QEAA@XZ
??0Page@DirectUI@@QEAA@$$QEAV01@@Z
??0Page@DirectUI@@QEAA@AEBV01@@Z
??0Page@DirectUI@@QEAA@XZ
??0Pages@DirectUI@@QEAA@$$QEAV01@@Z
??0Pages@DirectUI@@QEAA@AEBV01@@Z
??0Pages@DirectUI@@QEAA@XZ
??0Progress@DirectUI@@QEAA@AEBV01@@Z
??0Progress@DirectUI@@QEAA@XZ
??0ProgressRangeValueProxy@DirectUI@@QEAA@$$QEAV01@@Z
??0ProgressRangeValueProxy@DirectUI@@QEAA@AEBV01@@Z
??0ProgressRangeValueProxy@DirectUI@@QEAA@XZ
??0ProviderProxy@DirectUI@@IEAA@XZ
??0ProviderProxy@DirectUI@@QEAA@$$QEAV01@@Z
??0ProviderProxy@DirectUI@@QEAA@AEBV01@@Z
??0Proxy@DirectUI@@QEAA@AEBV01@@Z
??0Proxy@DirectUI@@QEAA@XZ
??0PushButton@DirectUI@@QEAA@$$QEAV01@@Z
??0PushButton@DirectUI@@QEAA@AEBV01@@Z
??0PushButton@DirectUI@@QEAA@XZ
??0RadioButtonGlyph@DirectUI@@QEAA@AEBV01@@Z
??0RadioButtonGlyph@DirectUI@@QEAA@XZ
??0RangeValueProvider@DirectUI@@QEAA@XZ
??0RangeValueProxy@DirectUI@@IEAA@XZ
??0RangeValueProxy@DirectUI@@QEAA@$$QEAV01@@Z
??0RangeValueProxy@DirectUI@@QEAA@AEBV01@@Z
??0RefPointElement@DirectUI@@QEAA@AEBV01@@Z
??0RefPointElement@DirectUI@@QEAA@XZ
??0RefcountBase@DirectUI@@QEAA@XZ
??0RepeatButton@DirectUI@@QEAA@AEBV01@@Z
??0RepeatButton@DirectUI@@QEAA@XZ
??0Repeater@DirectUI@@QEAA@$$QEAV01@@Z
??0Repeater@DirectUI@@QEAA@AEBV01@@Z
??0Repeater@DirectUI@@QEAA@XZ
??0ResourceModuleHandles@DirectUI@@QEAA@XZ
??0RichText@DirectUI@@QEAA@XZ
??0RowLayout@DirectUI@@QEAA@AEBV01@@Z
??0RowLayout@DirectUI@@QEAA@XZ
??0ScrollBar@DirectUI@@QEAA@AEBV01@@Z
??0ScrollBar@DirectUI@@QEAA@XZ
??0ScrollBarRangeValueProxy@DirectUI@@QEAA@$$QEAV01@@Z
??0ScrollBarRangeValueProxy@DirectUI@@QEAA@AEBV01@@Z
??0ScrollBarRangeValueProxy@DirectUI@@QEAA@XZ
??0ScrollItemProvider@DirectUI@@QEAA@XZ
??0ScrollItemProxy@DirectUI@@QEAA@$$QEAV01@@Z
??0ScrollItemProxy@DirectUI@@QEAA@AEBV01@@Z
??0ScrollItemProxy@DirectUI@@QEAA@XZ
??0ScrollProvider@DirectUI@@QEAA@XZ
??0ScrollProxy@DirectUI@@QEAA@$$QEAV01@@Z
??0ScrollProxy@DirectUI@@QEAA@AEBV01@@Z
??0ScrollProxy@DirectUI@@QEAA@XZ
??0ScrollViewer@DirectUI@@QEAA@AEBV01@@Z
??0ScrollViewer@DirectUI@@QEAA@XZ
??0SelectionItemProvider@DirectUI@@QEAA@XZ
??0SelectionItemProxy@DirectUI@@IEAA@XZ
??0SelectionItemProxy@DirectUI@@QEAA@$$QEAV01@@Z
??0SelectionItemProxy@DirectUI@@QEAA@AEBV01@@Z
??0SelectionProvider@DirectUI@@QEAA@XZ
??0SelectionProxy@DirectUI@@IEAA@XZ
??0SelectionProxy@DirectUI@@QEAA@$$QEAV01@@Z
??0SelectionProxy@DirectUI@@QEAA@AEBV01@@Z
??0Selector@DirectUI@@QEAA@AEBV01@@Z
??0Selector@DirectUI@@QEAA@XZ
??0SelectorNoDefault@DirectUI@@QEAA@$$QEAV01@@Z
??0SelectorNoDefault@DirectUI@@QEAA@AEBV01@@Z
??0SelectorNoDefault@DirectUI@@QEAA@XZ
??0SelectorSelectionItemProxy@DirectUI@@QEAA@$$QEAV01@@Z
??0SelectorSelectionItemProxy@DirectUI@@QEAA@AEBV01@@Z
??0SelectorSelectionItemProxy@DirectUI@@QEAA@XZ
??0SelectorSelectionProxy@DirectUI@@QEAA@$$QEAV01@@Z
??0SelectorSelectionProxy@DirectUI@@QEAA@AEBV01@@Z
??0SelectorSelectionProxy@DirectUI@@QEAA@XZ
??0ShellBorderLayout@DirectUI@@QEAA@AEBV01@@Z
??0ShellBorderLayout@DirectUI@@QEAA@XZ
??0StyleSheet@DirectUI@@QEAA@$$QEAV01@@Z
??0StyleSheet@DirectUI@@QEAA@AEBV01@@Z
??0StyleSheet@DirectUI@@QEAA@XZ
??0StyledScrollViewer@DirectUI@@QEAA@AEBV01@@Z
??0StyledScrollViewer@DirectUI@@QEAA@XZ
??0Surface@DirectUI@@QEAA@AEBV01@@Z
??0Surface@DirectUI@@QEAA@XZ
??0TableItemProvider@DirectUI@@QEAA@XZ
??0TableItemProxy@DirectUI@@QEAA@$$QEAV01@@Z
??0TableItemProxy@DirectUI@@QEAA@AEBV01@@Z
??0TableItemProxy@DirectUI@@QEAA@XZ
??0TableLayout@DirectUI@@QEAA@AEBV01@@Z
??0TableLayout@DirectUI@@QEAA@XZ
??0TableProvider@DirectUI@@QEAA@XZ
??0TableProxy@DirectUI@@QEAA@$$QEAV01@@Z
??0TableProxy@DirectUI@@QEAA@AEBV01@@Z
??0TableProxy@DirectUI@@QEAA@XZ
??0TaskPage@DirectUI@@QEAA@AEBV01@@Z
??0TaskPage@DirectUI@@QEAA@XZ
??0TextGraphic@DirectUI@@QEAA@$$QEAV01@@Z
??0TextGraphic@DirectUI@@QEAA@AEBV01@@Z
??0TextGraphic@DirectUI@@QEAA@XZ
??0Thumb@DirectUI@@QEAA@AEBV01@@Z
??0Thumb@DirectUI@@QEAA@XZ
??0ToggleProvider@DirectUI@@QEAA@XZ
??0ToggleProxy@DirectUI@@QEAA@$$QEAV01@@Z
??0ToggleProxy@DirectUI@@QEAA@AEBV01@@Z
??0ToggleProxy@DirectUI@@QEAA@XZ
??0TouchButton@DirectUI@@QEAA@XZ
??0TouchCheckBox@DirectUI@@QEAA@XZ
??0TouchCheckBoxGlyph@DirectUI@@QEAA@XZ
??0TouchCommandButton@DirectUI@@QEAA@XZ
??0TouchEdit2@DirectUI@@QEAA@XZ
??0TouchHWNDElement@DirectUI@@QEAA@XZ
??0TouchHyperLink@DirectUI@@QEAA@XZ
??0TouchRepeatButton@DirectUI@@QEAA@XZ
??0TouchScrollBar@DirectUI@@QEAA@XZ
??0TouchSelect@DirectUI@@QEAA@XZ
??0TouchSelectItem@DirectUI@@QEAA@XZ
??0UnknownElement@DirectUI@@QEAA@AEBV01@@Z
??0UnknownElement@DirectUI@@QEAA@XZ
??0ValueProvider@DirectUI@@QEAA@XZ
??0ValueProxy@DirectUI@@QEAA@$$QEAV01@@Z
??0ValueProxy@DirectUI@@QEAA@AEBV01@@Z
??0ValueProxy@DirectUI@@QEAA@XZ
??0VerticalFlowLayout@DirectUI@@QEAA@AEBV01@@Z
??0VerticalFlowLayout@DirectUI@@QEAA@XZ
??0Viewer@DirectUI@@QEAA@AEBV01@@Z
??0Viewer@DirectUI@@QEAA@XZ
??0XBaby@DirectUI@@QEAA@AEBV01@@Z
??0XBaby@DirectUI@@QEAA@XZ
??0XElement@DirectUI@@QEAA@AEBV01@@Z
??0XElement@DirectUI@@QEAA@XZ
??0XHost@DirectUI@@QEAA@XZ
??0XProvider@DirectUI@@QEAA@AEBV01@@Z
??0XProvider@DirectUI@@QEAA@XZ
??0XResourceProvider@DirectUI@@QEAA@$$QEAV01@@Z
??0XResourceProvider@DirectUI@@QEAA@AEBV01@@Z
??0XResourceProvider@DirectUI@@QEAA@XZ
??1?$PatternProvider@VExpandCollapseProvider@DirectUI@@UIExpandCollapseProvider@@$00@DirectUI@@UEAA@XZ
??1?$PatternProvider@VGridItemProvider@DirectUI@@UIGridItemProvider@@$01@DirectUI@@UEAA@XZ
??1?$PatternProvider@VGridProvider@DirectUI@@UIGridProvider@@$02@DirectUI@@UEAA@XZ
??1?$PatternProvider@VInvokeProvider@DirectUI@@UIInvokeProvider@@$0A@@DirectUI@@UEAA@XZ
??1?$PatternProvider@VRangeValueProvider@DirectUI@@UIRangeValueProvider@@$03@DirectUI@@UEAA@XZ
??1?$PatternProvider@VScrollItemProvider@DirectUI@@UIScrollItemProvider@@$05@DirectUI@@UEAA@XZ
??1?$PatternProvider@VScrollProvider@DirectUI@@UIScrollProvider@@$04@DirectUI@@UEAA@XZ
??1?$PatternProvider@VSelectionItemProvider@DirectUI@@UISelectionItemProvider@@$06@DirectUI@@UEAA@XZ
??1?$PatternProvider@VSelectionProvider@DirectUI@@UISelectionProvider@@$07@DirectUI@@UEAA@XZ
??1?$PatternProvider@VTableItemProvider@DirectUI@@UITableItemProvider@@$09@DirectUI@@UEAA@XZ
??1?$PatternProvider@VTableProvider@DirectUI@@UITableProvider@@$08@DirectUI@@UEAA@XZ
??1?$PatternProvider@VToggleProvider@DirectUI@@UIToggleProvider@@$0L@@DirectUI@@UEAA@XZ
??1?$PatternProvider@VValueProvider@DirectUI@@UIValueProvider@@$0M@@DirectUI@@UEAA@XZ
??1?$SafeArrayAccessor@H@DirectUI@@QEAA@XZ
??1AccessibleButton@DirectUI@@UEAA@XZ
??1AnimationStrip@DirectUI@@UEAA@XZ
??1AutoButton@DirectUI@@UEAA@XZ
??1AutoLock@DirectUI@@QEAA@XZ
??1AutoThread@DirectUI@@QEAA@XZ
??1AutoVariant@DirectUI@@QEAA@XZ
??1BaseScrollViewer@DirectUI@@UEAA@XZ
??1Bind@DirectUI@@UEAA@XZ
??1BorderLayout@DirectUI@@UEAA@XZ
??1Browser@DirectUI@@UEAA@XZ
??1Button@DirectUI@@UEAA@XZ
??1CCAVI@DirectUI@@UEAA@XZ
??1CCBase@DirectUI@@UEAA@XZ
??1CCBaseCheckRadioButton@DirectUI@@UEAA@XZ
??1CCBaseScrollBar@DirectUI@@UEAA@XZ
??1CCCheckBox@DirectUI@@UEAA@XZ
??1CCCommandLink@DirectUI@@UEAA@XZ
??1CCHScrollBar@DirectUI@@UEAA@XZ
??1CCListBox@DirectUI@@UEAA@XZ
??1CCListView@DirectUI@@UEAA@XZ
??1CCProgressBar@DirectUI@@UEAA@XZ
??1CCPushButton@DirectUI@@UEAA@XZ
??1CCRadioButton@DirectUI@@UEAA@XZ
??1CCSysLink@DirectUI@@UEAA@XZ
??1CCTrackBar@DirectUI@@UEAA@XZ
??1CCTreeView@DirectUI@@UEAA@XZ
??1CCVScrollBar@DirectUI@@UEAA@XZ
??1CallstackTracker@DirectUI@@QEAA@XZ
??1CheckBoxGlyph@DirectUI@@UEAA@XZ
??1ClassInfoBase@DirectUI@@UEAA@XZ
??1Clipper@DirectUI@@UEAA@XZ
??1Combobox@DirectUI@@UEAA@XZ
??1CritSecLock@DirectUI@@QEAA@XZ
??1DCSurface@DirectUI@@UEAA@XZ
??1DUIFactory@DirectUI@@QEAA@XZ
??1DUIXmlParser@DirectUI@@UEAA@XZ
??1DialogElement@DirectUI@@UEAA@XZ
??1DuiAccessible@DirectUI@@UEAA@XZ
??1Edit@DirectUI@@UEAA@XZ
??1Element@DirectUI@@UEAA@XZ
??1ElementProvider@DirectUI@@UEAA@XZ
??1ElementWithHWND@DirectUI@@UEAA@XZ
??1ExpandCollapseProvider@DirectUI@@UEAA@XZ
??1Expandable@DirectUI@@UEAA@XZ
??1Expando@DirectUI@@UEAA@XZ
??1ExpandoButtonGlyph@DirectUI@@UEAA@XZ
??1FillLayout@DirectUI@@UEAA@XZ
??1FlowLayout@DirectUI@@UEAA@XZ
??1FontCheckOut@DirectUI@@QEAA@XZ
??1GridItemProvider@DirectUI@@UEAA@XZ
??1GridLayout@DirectUI@@UEAA@XZ
??1GridProvider@DirectUI@@UEAA@XZ
??1HWNDElement@DirectUI@@UEAA@XZ
??1HWNDElementAccessible@DirectUI@@UEAA@XZ
??1HWNDElementProvider@DirectUI@@UEAA@XZ
??1HWNDHost@DirectUI@@UEAA@XZ
??1HWNDHostAccessible@DirectUI@@UEAA@XZ
??1HWNDHostClientAccessible@DirectUI@@UEAA@XZ
??1IDataEngine@DirectUI@@UEAA@XZ
??1IDataEntry@DirectUI@@UEAA@XZ
??1InvokeHelper@DirectUI@@UEAA@XZ
??1InvokeProvider@DirectUI@@UEAA@XZ
??1ItemList@DirectUI@@UEAA@XZ
??1Layout@DirectUI@@UEAA@XZ
??1LinkedList@DirectUI@@QEAA@XZ
??1Macro@DirectUI@@UEAA@XZ
??1ModernProgressBar@DirectUI@@UEAA@XZ
??1ModernProgressRing@DirectUI@@UEAA@XZ
??1Movie@DirectUI@@UEAA@XZ
??1NativeHWNDHost@DirectUI@@UEAA@XZ
??1Navigator@DirectUI@@UEAA@XZ
??1NineGridLayout@DirectUI@@UEAA@XZ
??1PText@DirectUI@@UEAA@XZ
??1Page@DirectUI@@UEAA@XZ
??1Pages@DirectUI@@UEAA@XZ
??1Progress@DirectUI@@UEAA@XZ
??1Proxy@DirectUI@@UEAA@XZ
??1PushButton@DirectUI@@UEAA@XZ
??1RadioButtonGlyph@DirectUI@@UEAA@XZ
??1RangeValueProvider@DirectUI@@UEAA@XZ
??1RefPointElement@DirectUI@@UEAA@XZ
??1RefcountBase@DirectUI@@UEAA@XZ
??1RepeatButton@DirectUI@@UEAA@XZ
??1Repeater@DirectUI@@UEAA@XZ
??1ResourceModuleHandles@DirectUI@@QEAA@XZ
??1RichText@DirectUI@@UEAA@XZ
??1RowLayout@DirectUI@@UEAA@XZ
??1ScrollBar@DirectUI@@UEAA@XZ
??1ScrollItemProvider@DirectUI@@UEAA@XZ
??1ScrollProvider@DirectUI@@UEAA@XZ
??1ScrollViewer@DirectUI@@UEAA@XZ
??1SelectionItemProvider@DirectUI@@UEAA@XZ
??1SelectionProvider@DirectUI@@UEAA@XZ
??1Selector@DirectUI@@UEAA@XZ
??1SelectorNoDefault@DirectUI@@UEAA@XZ
??1ShellBorderLayout@DirectUI@@UEAA@XZ
??1StyledScrollViewer@DirectUI@@UEAA@XZ
??1Surface@DirectUI@@UEAA@XZ
??1TableItemProvider@DirectUI@@UEAA@XZ
??1TableLayout@DirectUI@@UEAA@XZ
??1TableProvider@DirectUI@@UEAA@XZ
??1TaskPage@DirectUI@@UEAA@XZ
??1TextGraphic@DirectUI@@UEAA@XZ
??1Thumb@DirectUI@@UEAA@XZ
??1ToggleProvider@DirectUI@@UEAA@XZ
??1TouchButton@DirectUI@@UEAA@XZ
??1TouchCheckBox@DirectUI@@UEAA@XZ
??1TouchCheckBoxGlyph@DirectUI@@UEAA@XZ
??1TouchHWNDElement@DirectUI@@UEAA@XZ
??1TouchHyperLink@DirectUI@@UEAA@XZ
??1TouchScrollBar@DirectUI@@UEAA@XZ
??1TouchSelect@DirectUI@@UEAA@XZ
??1TouchSelectItem@DirectUI@@UEAA@XZ
??1UnknownElement@DirectUI@@UEAA@XZ
??1ValueProvider@DirectUI@@UEAA@XZ
??1VerticalFlowLayout@DirectUI@@UEAA@XZ
??1Viewer@DirectUI@@UEAA@XZ
??1XBaby@DirectUI@@UEAA@XZ
??1XElement@DirectUI@@UEAA@XZ
??1XHost@DirectUI@@QEAA@XZ
??1XProvider@DirectUI@@UEAA@XZ
??4?$FunctionDefinition@H@DUIXmlParser@DirectUI@@QEAAAEAU012@$$QEAU012@@Z
??4?$FunctionDefinition@H@DUIXmlParser@DirectUI@@QEAAAEAU012@AEBU012@@Z
??4?$FunctionDefinition@K@DUIXmlParser@DirectUI@@QEAAAEAU012@$$QEAU012@@Z
??4?$FunctionDefinition@K@DUIXmlParser@DirectUI@@QEAAAEAU012@AEBU012@@Z
??4?$FunctionDefinition@PEAVValue@DirectUI@@@DUIXmlParser@DirectUI@@QEAAAEAU012@$$QEAU012@@Z
??4?$FunctionDefinition@PEAVValue@DirectUI@@@DUIXmlParser@DirectUI@@QEAAAEAU012@AEBU012@@Z
??4?$FunctionDefinition@UScaledRECT@DirectUI@@@DUIXmlParser@DirectUI@@QEAAAEAU012@$$QEAU012@@Z
??4?$FunctionDefinition@UScaledRECT@DirectUI@@@DUIXmlParser@DirectUI@@QEAAAEAU012@AEBU012@@Z
??4?$FunctionDefinition@UScaledSIZE@DirectUI@@@DUIXmlParser@DirectUI@@QEAAAEAU012@$$QEAU012@@Z
??4?$FunctionDefinition@UScaledSIZE@DirectUI@@@DUIXmlParser@DirectUI@@QEAAAEAU012@AEBU012@@Z
??4ACCESSIBLEROLE@AccessibleButton@DirectUI@@QEAAAEAU012@$$QEAU012@@Z
??4ACCESSIBLEROLE@AccessibleButton@DirectUI@@QEAAAEAU012@AEBU012@@Z
??4AccessibleButton@DirectUI@@QEAAAEAV01@$$QEAV01@@Z
??4AccessibleButton@DirectUI@@QEAAAEAV01@AEBV01@@Z
??4AnimationStrip@DirectUI@@QEAAAEAV01@AEBV01@@Z
??4AutoButton@DirectUI@@QEAAAEAV01@$$QEAV01@@Z
??4AutoButton@DirectUI@@QEAAAEAV01@AEBV01@@Z
??4AutoLock@DirectUI@@QEAAAEAV01@AEBV01@@Z
??4AutoThread@DirectUI@@QEAAAEAV01@AEBV01@@Z
??4AutoVariant@DirectUI@@QEAAAEAV01@AEBV01@@Z
??4BaseScrollBar@DirectUI@@QEAAAEAV01@$$QEAV01@@Z
??4BaseScrollBar@DirectUI@@QEAAAEAV01@AEBV01@@Z
??4BaseScrollViewer@DirectUI@@QEAAAEAV01@AEBV01@@Z
??4Bind@DirectUI@@QEAAAEAV01@$$QEAV01@@Z

Sections

.text
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 524KB - Virtual size: 522KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 68KB - Virtual size: 66KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 56KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 24KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
amd64_microsoft-windows-dumpata_31bf3856ad364e35_10.0.22621.1_none_cad3e9b261c72b63/Dumpata.sys
.exe windows x64

934c61c9e57d88cfb65fa0e3abebe7b3

Code Sign

33:00:00:03:3c:89:c6:6a:7b:45:bb:1f:bd:00:00:00:00:03:3c
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

02/09/2021, 18:23

Not After

01/09/2022, 18:23

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

1f:3d:2c:4d:a5:44:05:69:46:2f:52:31:a8:d3:20:43:bd:f2:59:32:ae:34:4d:68:c0:f0:b4:d7:03:16:b4:ac
Signer

Actual PE Digest

1f:3d:2c:4d:a5:44:05:69:46:2f:52:31:a8:d3:20:43:bd:f2:59:32:ae:34:4d:68:c0:f0:b4:d7:03:16:b4:ac

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

08/09/2022, 15:54
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ntoskrnl.exe

PoSetHiberRange
MmMapMemoryDumpMdl
MmMapLockedPagesSpecifyCache
InitializeSListHead
RtlRegisterFeatureConfigurationChangeNotification
RtlQueryFeatureConfiguration
vDbgPrintExWithPrefix
MmGetPhysicalAddress
RtlClearBit
RtlUnregisterFeatureConfigurationChangeNotification
RtlClearBits
EtwWrite
RtlFindClearBitsAndSet
MmGetSystemRoutineAddress
ExpInterlockedPushEntrySList
MmBuildMdlForNonPagedPool
ExpInterlockedPopEntrySList
RtlQueryFeatureConfigurationChangeStamp
RtlSetAllBits
KeGetCurrentIrql
KeInsertQueueDpc
IoAllocateErrorLogEntry
IoWriteErrorLogEntry
ExAllocatePool2
ExFreePoolWithTag
KeInitializeDpc
WmiTraceMessageVa
RtlInitUnicodeString
IoWMIRegistrationControl
WmiQueryTraceInformation
RtlQueryRegistryValues

hal

HalDmaAllocateCrashDumpRegistersEx
KeQueryPerformanceCounter
HalDmaFreeCrashDumpRegistersEx
KeStallExecutionProcessor

Exports

Exports

AtaPortAllocateQueueTag
AtaPortBuildRequestSenseIrb
AtaPortCompleteAllActiveRequests
AtaPortCompleteRequest
AtaPortConvertPhysicalAddressToUlong
AtaPortConvertUlongToPhysicalAddress
AtaPortCopyMemory
AtaPortDebugBreak
AtaPortDebugPrint
AtaPortDeviceStateChange
AtaPortEtwTraceLog
AtaPortGetBusData
AtaPortGetDeviceBase
AtaPortGetParentBusType
AtaPortGetPhysicalAddress
AtaPortGetScatterGatherList
AtaPortGetUnCachedExtension
AtaPortInitialize
AtaPortInitializeEx
AtaPortInitializeQueueTag
AtaPortLogError
AtaPortMoveMemory
AtaPortNotification
AtaPortQuerySystemTime
AtaPortReadPortBufferUchar
AtaPortReadPortBufferUlong
AtaPortReadPortBufferUshort
AtaPortReadPortUchar
AtaPortReadPortUlong
AtaPortReadPortUshort
AtaPortReadRegisterBufferUchar
AtaPortReadRegisterBufferUlong
AtaPortReadRegisterBufferUshort
AtaPortReadRegisterUchar
AtaPortReadRegisterUlong
AtaPortReadRegisterUshort
AtaPortRegistryAllocateBuffer
AtaPortRegistryFreeBuffer
AtaPortRegistryRead
AtaPortRegistryWrite
AtaPortRegistryWriteDeferred
AtaPortReleaseQueueTag
AtaPortReleaseRequestSenseIrb
AtaPortRequestCallback
AtaPortSetBusData
AtaPortStallExecution
AtaPortTraceNotification
AtaPortWritePortBufferUchar
AtaPortWritePortBufferUlong
AtaPortWritePortBufferUshort
AtaPortWritePortUchar
AtaPortWritePortUlong
AtaPortWritePortUshort
AtaPortWriteRegisterBufferUchar
AtaPortWriteRegisterBufferUlong
AtaPortWriteRegisterBufferUshort
AtaPortWriteRegisterUchar
AtaPortWriteRegisterUlong
AtaPortWriteRegisterUshort
DumpPreInitialize
DumpUninitialize
memcpy
memmove
memset

Sections

.text
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 288B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

PAGE
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

fothk
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.edata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 4KB - Virtual size: 668B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

GFIDS
Size: 4KB - Virtual size: 400B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1008B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 612B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
amd64_microsoft-windows-dumpstorport_31bf3856ad364e35_10.0.22621.1_none_9987e9f540823bb8/Dumpstorport.sys
.exe windows x64

84e0c3354ea986e8f50fed997fa7761c

Code Sign

33:00:00:03:3c:89:c6:6a:7b:45:bb:1f:bd:00:00:00:00:03:3c
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

02/09/2021, 18:23

Not After

01/09/2022, 18:23

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

b4:c7:ad:e8:35:99:79:5c:f8:0e:75:7d:86:dd:2b:ef:6b:55:4b:c8:5a:d1:12:0f:c0:12:4e:63:6c:81:53:ea
Signer

Actual PE Digest

b4:c7:ad:e8:35:99:79:5c:f8:0e:75:7d:86:dd:2b:ef:6b:55:4b:c8:5a:d1:12:0f:c0:12:4e:63:6c:81:53:ea

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

08/09/2022, 15:54
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ntoskrnl.exe

MmUnmapIoSpace
RtlQueryFeatureConfigurationChangeStamp
PoSetHiberRange
ExAllocatePool2
KeGetRecommendedSharedDataAlignment
ExQueryDepthSList
MmMapIoSpaceEx
Mm64BitPhysicalAddress
MmMapMemoryDumpMdl
ExFreePoolWithTag
DbgPrint
InitializeSListHead
ExpInterlockedPushEntrySList
ExpInterlockedPopEntrySList
KeBugCheckEx
RtlQueryFeatureConfiguration
RtlRegisterFeatureConfigurationChangeNotification
RtlUnregisterFeatureConfigurationChangeNotification
ExpInterlockedFlushSList

hal

HalTranslateBusAddress
KeQueryPerformanceCounter
HalDmaFreeCrashDumpRegistersEx
KeStallExecutionProcessor
HalGetBusDataByOffset
HalDmaAllocateCrashDumpRegistersEx

Exports

Exports

DumpPreInitialize
DumpUninitialize
StorPortAllocateRegistryBuffer
StorPortBusy
StorPortCompleteRequest
StorPortConvertUlongToPhysicalAddress
StorPortDebugPrint
StorPortDeviceBusy
StorPortDeviceReady
StorPortExtendedFunction
StorPortFreeDeviceBase
StorPortFreeRegistryBuffer
StorPortGetBusData
StorPortGetDeviceBase
StorPortGetLogicalUnit
StorPortGetPhysicalAddress
StorPortGetScatterGatherList
StorPortGetSrb
StorPortGetUncachedExtension
StorPortGetVirtualAddress
StorPortInitialize
StorPortLogError
StorPortMoveMemory
StorPortNotification
StorPortPause
StorPortPauseDevice
StorPortQuerySystemTime
StorPortReadPortBufferUchar
StorPortReadPortBufferUlong
StorPortReadPortBufferUshort
StorPortReadPortUchar
StorPortReadPortUlong
StorPortReadPortUshort
StorPortReadRegisterBufferUchar
StorPortReadRegisterBufferUlong
StorPortReadRegisterBufferUshort
StorPortReadRegisterUchar
StorPortReadRegisterUlong
StorPortReadRegisterUshort
StorPortReady
StorPortRegistryRead
StorPortRegistryWrite
StorPortResume
StorPortResumeDevice
StorPortSetBusDataByOffset
StorPortSetDeviceQueueDepth
StorPortStallExecution
StorPortSynchronizeAccess
StorPortValidateRange
StorPortWritePortBufferUchar
StorPortWritePortBufferUlong
StorPortWritePortBufferUshort
StorPortWritePortUchar
StorPortWritePortUlong
StorPortWritePortUshort
StorPortWriteRegisterBufferUchar
StorPortWriteRegisterBufferUlong
StorPortWriteRegisterBufferUshort
StorPortWriteRegisterUchar
StorPortWriteRegisterUlong
StorPortWriteRegisterUshort

Sections

.text
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 256B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

PAGE
Size: 4KB - Virtual size: 737B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

fothk
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.edata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 4KB - Virtual size: 680B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

GFIDS
Size: 4KB - Virtual size: 312B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 608B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
amd64_microsoft-windows-dumpusbstor_31bf3856ad364e35_10.0.22621.1_none_42de740d6432943b/Dmpusbstor.sys
.exe windows x64

829e84087b10ee2468a37b6dbfa4ce5b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ntoskrnl.exe

RtlQueryFeatureConfiguration
RtlQueryFeatureConfigurationChangeStamp
RtlUnregisterFeatureConfigurationChangeNotification
KeBugCheckEx
RtlRegisterFeatureConfigurationChangeNotification

storport.sys

StorPortGetPhysicalAddress
StorPortStallExecution
StorPortNotification
StorPortInitialize
StorPortExtendedFunction

Exports

Exports

DumpPreInitialize
DumpUninitialize

Sections

.text
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 192B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 696B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 4KB - Virtual size: 658B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

PAGE
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.edata
Size: 4KB - Virtual size: 110B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 4KB - Virtual size: 698B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

GFIDS
Size: 4KB - Virtual size: 80B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 208B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
amd64_microsoft-windows-duser.resources_31bf3856ad364e35_10.0.22621.1_en-us_d6c64457168e2f91/duser.dll.mui
.dll windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.rdata
Size: 512B - Virtual size: 224B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
amd64_microsoft-windows-duser_31bf3856ad364e35_10.0.22621.1_none_bc0a79fcf038b238/duser.dll
.dll windows x64

cd0b1bc6ff6f67a214b502c9e9c6a049

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

msvcrt

_wcsnicmp
_purecall
__CxxFrameHandler4
_isnan
_wcsicmp
realloc
sinf
powf
??1type_info@@UEAA@XZ
_beginthreadex
log10f
_finite
pow
memset
memmove
_resetstkoflw
sqrt
_onexit
__dllonexit
_unlock
_lock
__C_specific_handler
_initterm
malloc
free
_amsg_exit
_XcptFilter
qsort
memcpy
_CxxThrowException
atan2
atan2f
ceil
cosf
floor
floorf
fmod
log
sqrtf

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount
GetVersionExA
GetSystemInfo

api-ms-win-core-libraryloader-l1-2-0

GetProcAddress
GetModuleHandleW
DisableThreadLibraryCalls
GetModuleFileNameA
FreeLibrary
LoadLibraryExW
LoadLibraryExA

api-ms-win-core-registry-l1-1-0

RegOpenKeyExA
RegQueryValueExA
RegQueryValueExW
RegCloseKey
RegOpenKeyExW
RegGetValueW

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcess
TlsAlloc
GetCurrentProcessId
GetCurrentThreadId
TlsGetValue
GetExitCodeThread
TlsFree
TlsSetValue
TerminateProcess

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
GetLastError
UnhandledExceptionFilter
SetLastError

api-ms-win-core-com-l1-1-0

CoCreateInstance

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter
QueryPerformanceFrequency

api-ms-win-core-synch-l1-1-0

AcquireSRWLockExclusive
InitializeCriticalSection
SetEvent
EnterCriticalSection
CreateEventA
WaitForSingleObject
LeaveCriticalSection
ResetEvent
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
ReleaseSRWLockExclusive
WaitForMultipleObjectsEx

api-ms-win-core-synch-l1-2-0

Sleep
SleepConditionVariableSRW
InitOnceExecuteOnce
WakeAllConditionVariable

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext

api-ms-win-core-atoms-l1-1-0

GetAtomNameW
DeleteAtom
FindAtomW
AddAtomW

ntdll

EtwGetTraceEnableFlags
EtwGetTraceLoggerHandle
EtwRegisterTraceGuidsA
EtwGetTraceEnableLevel
EtwUnregisterTraceGuids
EtwLogTraceEvent

user32

TranslateMessage
GetKeyboardState
GetParent
SendMessageW
EndPaint
BeginPaint
IsWindow
GetClientRect
ClientToScreen
GetMonitorInfoW
SystemParametersInfoA
SendMessageA
SetRectEmpty
GetMessageA
GetMessageW
PeekMessageA
PeekMessageW
WaitMessage
GetWindowLongPtrA
SetWindowLongPtrW
DefWindowProcA
CallWindowProcW
GetPointerType
PostThreadMessageA
DrawTextW
WindowFromDC
SystemParametersInfoW
DispatchMessageA
IsThreadDesktopComposited
FillRect
MsgWaitForMultipleObjectsEx
GetQueueStatus
GetMessageTime
IntersectRect
IsRectEmpty
UnionRect
OffsetRect
GetSystemMetrics
GetKeyState
PtInRect
GetDoubleClickTime
ReleaseDC
GetWindowRect
GetFocus
SetFocus
GetCursorPos
ScreenToClient
GetCapture
ChildWindowFromPointEx
ReleaseCapture
GetWindowDC
RegisterWindowMessageA
SetWindowLongPtrA
CallWindowProcA
GetWindowLongPtrW
GetDC
InvalidateRect
SetCapture
TrackMouseEvent
GetCursorInfo
GetMessagePos
PostMessageA
GetPointerDeviceRects

gdi32

CombineRgn
CreatePolygonRgn
GetPixel
GetSystemPaletteEntries
GetDIBits
GetObjectType
CreateDCA
CreateRectRgn
SetWindowOrgEx
SelectClipRgn
StretchDIBits
SetViewportOrgEx
GetObjectA
OffsetRgn
GetViewportOrgEx
GetRandomRgn
SetBrushOrgEx
GetBrushOrgEx
GetCurrentObject
GetDeviceCaps
RestoreDC
SaveDC
ModifyWorldTransform
GetTextExtentExPointW
GetTextExtentPoint32W
CreateFontIndirectW
ExtTextOutW
TextOutW
D3DKMTDestroyDCFromMemory
D3DKMTCreateDCFromMemory
CreateDCW
GdiFlush
CreateDIBSection
GetClipBox
SetRectRgn
BitBlt
ExtSelectClipRgn
IntersectClipRect
GetClipRgn
GetWorldTransform
RealizePalette
SelectPalette
SetWorldTransform
SetGraphicsMode
GetWindowExtEx
GetViewportExtEx
DeleteDC
PatBlt
SelectObject
CreateCompatibleDC
CreateCompatibleBitmap
CreatePen
CreateSolidBrush
DeleteObject
GdiAlphaBlend

api-ms-win-core-heap-l1-1-0

HeapFree
GetProcessHeap
HeapAlloc
HeapReAlloc

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-interlocked-l1-1-0

InterlockedFlushSList
QueryDepthSList
InterlockedPushEntrySList
InitializeSListHead
InterlockedPopEntrySList

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryA

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-memory-l1-1-0

VirtualFree
VirtualAlloc

api-ms-win-core-util-l1-1-0

DecodePointer
EncodePointer

api-ms-win-core-processthreads-l1-1-1

FlushInstructionCache

api-ms-win-core-kernel32-legacy-l1-1-0

MulDiv

Exports

Exports

AddGadgetMessageHandler
AddLayeredRef
AdjustClipInsideRef
AttachWndProcA
AttachWndProcW
AutoTrace
BeginHideInputPaneAnimation
BeginShowInputPaneAnimation
BuildAnimation
BuildDropTarget
BuildInterpolation
CacheDWriteRenderTarget
ChangeCurrentAnimationScenario
ClearPushedOpacitiesFromGadgetTree
ClearTopmostVisual
CreateAction
CreateGadget
CustomGadgetHitTestQuery
DUserBuildGadget
DUserCastClass
DUserCastDirect
DUserCastHandle
DUserDeleteGadget
DUserFindClass
DUserFlushDeferredMessages
DUserFlushMessages
DUserGetAlphaPRID
DUserGetGutsData
DUserGetRectPRID
DUserGetRotatePRID
DUserGetScalePRID
DUserInstanceOf
DUserPostEvent
DUserPostMethod
DUserRegisterGuts
DUserRegisterStub
DUserRegisterSuper
DUserSendEvent
DUserSendMethod
DUserStopAnimation
DUserStopPVLAnimation
DeleteHandle
DestroyPendingDCVisuals
DetachGadgetVisuals
DetachWndProc
DisableContainerHwnd
DllMain
DrawGadgetTree
EndInputPaneAnimation
EnsureAnimationsEnabled
EnsureGadgetTransInitialized
EnumGadgets
FindGadgetFromPoint
FindGadgetMessages
FindGadgetTargetingInfo
FindStdColor
FireGadgetMessages
ForwardGadgetMessage
FreeGdiDxInteropStagingBuffer
GadgetTransCompositionChanged
GadgetTransSettingChanged
GetActionTimeslice
GetCachedDWriteRenderTarget
GetDUserModule
GetDebug
GetFinalAnimatingPosition
GetGadget
GetGadgetAnimation
GetGadgetBitmap
GetGadgetBufferInfo
GetGadgetCenterPoint
GetGadgetFlags
GetGadgetFocus
GetGadgetLayerInfo
GetGadgetMessageFilter
GetGadgetProperty
GetGadgetRect
GetGadgetRgn
GetGadgetRootInfo
GetGadgetRotation
GetGadgetScale
GetGadgetSize
GetGadgetStyle
GetGadgetTicket
GetGadgetVisual
GetMessageExA
GetMessageExW
GetStdColorBrushF
GetStdColorBrushI
GetStdColorF
GetStdColorI
GetStdColorName
GetStdColorPenF
GetStdColorPenI
GetStdPalette
InitGadgetComponent
InitGadgets
InvalidateGadget
InvalidateLayeredDescendants
IsGadgetParentChainStyle
IsInsideContext
IsStartDelete
LookupGadgetTicket
MapGadgetPoints
PeekMessageExA
PeekMessageExW
RegisterGadgetMessage
RegisterGadgetMessageString
RegisterGadgetProperty
ReleaseDetachedObjects
ReleaseLayeredRef
ReleaseMouseCapture
RemoveClippingImmunityFromVisual
RemoveGadgetMessageHandler
RemoveGadgetProperty
ResetDUserDevice
ScheduleGadgetTransitions
SetActionTimeslice
SetAtlasingHints
SetGadgetBufferInfo
SetGadgetCenterPoint
SetGadgetFillF
SetGadgetFillI
SetGadgetFlags
SetGadgetFocus
SetGadgetFocusEx
SetGadgetLayerInfo
SetGadgetMessageFilter
SetGadgetOrder
SetGadgetParent
SetGadgetProperty
SetGadgetRect
SetGadgetRootInfo
SetGadgetRotation
SetGadgetScale
SetGadgetStyle
SetHardwareDeviceUsage
SetMinimumDCompVersion
SetRestoreCachedLayeredRefFlag
SetTransitionVisualProperties
SetWindowResizeFlag
UnregisterGadgetMessage
UnregisterGadgetMessageString
UnregisterGadgetProperty
UtilBuildFont
UtilDrawBlendRect
UtilDrawOutlineRect
UtilGetColor
UtilSetBackground
WaitMessageEx

Sections

.text
Size: 444KB - Virtual size: 442KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 72KB - Virtual size: 69KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 28KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 456B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 36KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
amd64_microsoft-windows-dynamicvolumemanager_31bf3856ad364e35_10.0.22621.1_none_3e988db679e7072b/volmgrx.sys
.exe windows x64

b7e03bc8e1e28af47db6919dc499ee25

Code Sign

33:00:00:03:3c:89:c6:6a:7b:45:bb:1f:bd:00:00:00:00:03:3c
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

02/09/2021, 18:23

Not After

01/09/2022, 18:23

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

b9:a8:4d:98:c7:91:31:8c:a3:3a:d9:36:ed:b6:f3:3b:4b:eb:62:e3:7b:cc:d6:f2:29:8f:9a:02:32:c8:35:c9
Signer

Actual PE Digest

b9:a8:4d:98:c7:91:31:8c:a3:3a:d9:36:ed:b6:f3:3b:4b:eb:62:e3:7b:cc:d6:f2:29:8f:9a:02:32:c8:35:c9

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

08/09/2022, 15:54
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ntoskrnl.exe

KeDelayExecutionThread
RtlWriteRegistryValue
_vsnwprintf
KeAcquireSpinLockRaiseToDpc
ZwQueryLicenseValue
KdDebuggerEnabled
RtlGUIDFromString
RtlDeleteRegistryValue
RtlEqualUnicodeString
ExIsSoftBoot
KdDebuggerNotPresent
ObfDereferenceObject
_ultow_s
RtlFreeUnicodeString
RtlInitUnicodeString
ExQueueWorkItem
IoOpenDeviceRegistryKey
IoForwardIrpSynchronously
IoBuildDeviceIoControlRequest
IoGetDevicePropertyData
IoGetDeviceObjectPointer
RtlQueryRegistryValues
KeReleaseSpinLock
ZwFlushKey
ExAllocatePool2
ZwDeleteKey
RtlStringFromGUID
_ui64tow_s
MmGetSystemRoutineAddress
IofCallDriver
ZwQueryValueKey
IoAcquireCancelSpinLock
ExFreePoolWithTag
IoWMIRegistrationControl
ExUuidCreate
KeInitializeEvent
IofCompleteRequest
KeWaitForSingleObject
IoReleaseCancelSpinLock
IoGetDeviceInterfaces
ZwClose
IoGetAttachedDeviceReference
ZwOpenKey
RtlInt64ToUnicodeString
_vsnprintf
_purecall
_stricmp
isspace
RtlCharToInteger
IoBuildSynchronousFsdRequest
RtlCompareMemory
IoBuildPartialMdl
MmMapLockedPagesWithReservedMapping
ExFreeToNPagedLookasideList
IoFreeIrp
MmBuildMdlForNonPagedPool
IoAllocateMdl
KeInitializeSpinLock
IoDeleteSymbolicLink
KeSetEvent
KeAcquireSpinLockAtDpcLevel
MmUnmapReservedMapping
KeClearEvent
IoFreeMdl
ObfReferenceObject
ExInitializeNPagedLookasideList
FsRtlIsTotalDeviceFailure
ExAllocateFromNPagedLookasideList
IoAllocateIrp
IoReuseIrp
KeReleaseSpinLockFromDpcLevel
MmFreeMappingAddress
MmUnmapLockedPages
MmMapLockedPagesSpecifyCache
IoCreateSymbolicLink
MmUnlockPages
IoBuildAsynchronousFsdRequest
KeInitializeSemaphore
KeReleaseSemaphore
KeBugCheckEx
MmAllocateMappingAddress
strcmp

Sections

.text
Size: 108KB - Virtual size: 106KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 428B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

PAGE
Size: 220KB - Virtual size: 219KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

fothk
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

GFIDS
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
amd64_microsoft-windows-e..-protocol-host-peer_31bf3856ad364e35_10.0.22621.1_none_c5a956e0b72858aa/EapGenericUserCredentials.xsd
.xml
amd64_microsoft-windows-e..-protocol-host-peer_31bf3856ad364e35_10.0.22621.1_none_c5a956e0b72858aa/baseeapmethodconfig.xsd
.xml
amd64_microsoft-windows-e..-protocol-host-peer_31bf3856ad364e35_10.0.22621.1_none_c5a956e0b72858aa/baseeapmethodusercredentials.xsd
.xml
amd64_microsoft-windows-e..-protocol-host-peer_31bf3856ad364e35_10.0.22621.1_none_c5a956e0b72858aa/eapcommon.xsd
.xml
amd64_microsoft-windows-e..-protocol-host-peer_31bf3856ad364e35_10.0.22621.1_none_c5a956e0b72858aa/eaphostconfig.xsd
.xml
amd64_microsoft-windows-e..-protocol-host-peer_31bf3856ad364e35_10.0.22621.1_none_c5a956e0b72858aa/eaphostusercredentials.xsd
.xml
amd64_microsoft-windows-e..-protocol-host-peer_31bf3856ad364e35_10.0.22621.1_none_c5a956e0b72858aa/eapp3hst.dll
.dll regsvr32 windows x64

61fc4db94575189a33ca159d85a59f6d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

msvcp_win

?_Xlength_error@std@@YAXPEBD@Z

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__purecall
_o__recalloc
_o__register_onexit_function
_o__seh_filter_dll
memmove
_o__wtol
_o_free
_o_malloc
_o_wcscat_s
_o_wcscpy_s
_o_wcsncpy_s
_o_wmemcpy_s
_o__crt_atexit
_o__configure_narrow_argv
_o__cexit
_o__beginthreadex
wcsrchr
_o___stdio_common_vswprintf_s
_o___stdio_common_vswprintf
_o___stdio_common_vsprintf
_o___stdio_common_vsnprintf_s
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
_o__execute_onexit_table
_o__errno
__C_specific_handler
__std_terminate
__CxxFrameHandler4
_CxxThrowException
__C_specific_handler_noexcept
memcmp
_o__endthreadex
memcpy

api-ms-win-crt-string-l1-1-0

memset
wcsnlen

ntdll

RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
EtwTraceMessage
EtwEventUnregister
EtwEventRegister
EtwUnregisterTraceGuids
EtwRegisterTraceGuidsW
EtwGetTraceEnableFlags
EtwGetTraceEnableLevel
EtwGetTraceLoggerHandle
DbgPrint
EtwEventWriteTransfer
EtwEventEnabled

oleaut32

SysAllocString
VarUI4FromStr
ord452
ord450
ord446
ord447
SysFreeString
ord451
ord449
ord445
ord448

api-ms-win-core-libraryloader-l1-2-0

LoadResource
GetModuleHandleW
GetProcAddress
FreeLibrary
DisableThreadLibraryCalls
GetModuleFileNameW
FindResourceExW
GetModuleHandleExW
SizeofResource
LoadLibraryExW
GetModuleFileNameA

api-ms-win-core-synch-l1-1-0

ReleaseMutex
WaitForMultipleObjectsEx
CreateSemaphoreExW
CreateMutexExW
InitializeCriticalSectionEx
OpenSemaphoreW
ReleaseSemaphore
WaitForSingleObject
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
AcquireSRWLockShared
ReleaseSRWLockShared
WaitForSingleObjectEx

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcess
TerminateProcess
GetCurrentThreadId
GetProcessId
GetCurrentProcessId

rpcrt4

NdrDllGetClassObject
NdrDllCanUnloadNow
NdrOleFree
NdrOleAllocate
NdrDllRegisterProxy
NdrDllUnregisterProxy

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemInfo
GetSystemDirectoryW
GetVersionExW
GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
DebugBreak
OutputDebugStringW

api-ms-win-core-errorhandling-l1-1-0

GetLastError
UnhandledExceptionFilter
RaiseException
SetUnhandledExceptionFilter
SetLastError

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent
OpenProcess

combase

GetErrorInfo

api-ms-win-core-localization-l1-2-0

FormatMessageW
GetThreadLocale
SetThreadLocale

api-ms-win-core-registry-l1-1-0

RegCloseKey
RegQueryInfoKeyW
RegCreateKeyExW
RegEnumKeyExW
RegSetValueExW
RegOpenKeyExW
RegLoadMUIStringW
RegDeleteValueW
RegQueryValueExW

api-ms-win-core-string-l2-1-0

CharNextW

api-ms-win-core-string-l1-1-0

MultiByteToWideChar
WideCharToMultiByte

api-ms-win-core-heap-l1-1-0

HeapFree
GetProcessHeap
HeapSize
HeapAlloc

api-ms-win-core-heap-l2-1-0

LocalAlloc
LocalFree

api-ms-win-core-file-l1-1-0

CreateFileW

api-ms-win-core-handle-l1-1-0

DuplicateHandle
GetHandleInformation
CloseHandle

api-ms-win-core-memory-l1-1-0

MapViewOfFile
CreateFileMappingW
UnmapViewOfFile

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW

api-ms-win-security-base-l1-1-0

RevertToSelf
ImpersonateLoggedOnUser

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpiW

api-ms-win-core-threadpool-l1-2-0

WaitForThreadpoolTimerCallbacks
SetThreadpoolTimer
CreateThreadpoolTimer
CloseThreadpoolTimer

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 212KB - Virtual size: 211KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 80KB - Virtual size: 78KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 160B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
amd64_microsoft-windows-e..-protocol-host-peer_31bf3856ad364e35_10.0.22621.1_none_c5a956e0b72858aa/eappcfg.dll
.dll windows x64

3f915741c7e4582f8829187ee8a811a6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

msvcp_win

?_Xlength_error@std@@YAXPEBD@Z

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__purecall
_o__register_onexit_function
_o__seh_filter_dll
memmove
_o__wtol
_o_wcscat_s
_o_wmemcpy_s
__C_specific_handler
_o__crt_atexit
_o__configure_narrow_argv
_o__cexit
_o__beginthreadex
_o__endthreadex
_o___stdio_common_vswprintf_s
_o___stdio_common_vswprintf
_o___stdio_common_vsprintf
_o___stdio_common_vsnwprintf_s
_o___stdio_common_vsnprintf_s
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
_o__execute_onexit_table
_o__errno
wcsrchr
__std_terminate
__CxxFrameHandler4
_CxxThrowException
__C_specific_handler_noexcept
memcmp
memcpy

api-ms-win-crt-string-l1-1-0

wcsnlen
memset

ntdll

RtlLookupFunctionEntry
RtlVirtualUnwind
EtwEventEnabled
EtwEventWriteTransfer
EtwTraceMessage
EtwEventRegister
EtwEventUnregister
EtwUnregisterTraceGuids
EtwGetTraceEnableFlags
EtwGetTraceLoggerHandle
EtwGetTraceEnableLevel
EtwRegisterTraceGuidsW
DbgPrint
RtlCaptureContext

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW
GetProcAddress
GetModuleFileNameA
GetModuleHandleExW
FreeLibrary
GetModuleFileNameW
DisableThreadLibraryCalls

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW

api-ms-win-core-errorhandling-l1-1-0

GetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter
SetLastError

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-heap-l2-1-0

LocalFree

api-ms-win-core-synch-l1-1-0

ReleaseMutex
ReleaseSemaphore
WaitForSingleObjectEx
WaitForSingleObject
LeaveCriticalSection
OpenSemaphoreW
AcquireSRWLockExclusive
CreateMutexExW
ReleaseSRWLockExclusive
EnterCriticalSection
DeleteCriticalSection
AcquireSRWLockShared
ReleaseSRWLockShared
InitializeCriticalSectionEx
InitializeCriticalSectionAndSpinCount
CreateSemaphoreExW
WaitForMultipleObjectsEx

api-ms-win-core-processthreads-l1-1-0

GetCurrentThreadId
GetCurrentProcess
GetCurrentProcessId
TerminateProcess

api-ms-win-core-heap-l1-1-0

HeapFree
GetProcessHeap
HeapSize
HeapAlloc

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
OutputDebugStringW
DebugBreak

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetSystemInfo
GetTickCount
GetSystemDirectoryW
GetVersionExW

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW

api-ms-win-core-string-l1-1-0

WideCharToMultiByte

api-ms-win-core-file-l1-1-0

CreateFileW

api-ms-win-core-memory-l1-1-0

UnmapViewOfFile
CreateFileMappingW
MapViewOfFile

api-ms-win-core-threadpool-l1-2-0

WaitForThreadpoolTimerCallbacks
CreateThreadpoolTimer
SetThreadpoolTimer
CloseThreadpoolTimer

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-registry-l1-1-0

RegLoadMUIStringW
RegQueryInfoKeyW
RegCloseKey
RegCreateKeyExW
RegQueryValueExW
RegOpenKeyExW
RegEnumKeyExW

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

Exports

Exports

EapHostPeerConfigBlob2Xml
EapHostPeerConfigXml2Blob
EapHostPeerCreateMethodConfiguration
EapHostPeerCredentialsXml2Blob
EapHostPeerFreeErrorMemory
EapHostPeerFreeMemory
EapHostPeerGetMethodProperties
EapHostPeerGetMethods
EapHostPeerInvokeConfigUI
EapHostPeerInvokeIdentityUI
EapHostPeerInvokeInteractiveUI
EapHostPeerQueryCredentialInputFields
EapHostPeerQueryInteractiveUIInputFields
EapHostPeerQueryUIBlobFromInteractiveUIInputFields
EapHostPeerQueryUserBlobFromCredentialInputFields

Sections

.text
Size: 184KB - Virtual size: 180KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 56KB - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 208B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 564B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
amd64_microsoft-windows-e..-protocol-host-peer_31bf3856ad364e35_10.0.22621.1_none_c5a956e0b72858aa/eappgnui.dll
.dll windows x64

a81653ea431bdfecd2fcdcc7c6a4931a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

msvcp_win

?_Xlength_error@std@@YAXPEBD@Z

api-ms-win-crt-string-l1-1-0

memset
wcsnlen

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o__crt_atexit
_o__execute_onexit_table
_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__register_onexit_function
_o__seh_filter_dll
memmove
_o_wcscat_s
_o_wcscpy_s
_o_wmemcpy_s
wcsrchr
__C_specific_handler
_o___std_type_info_destroy_list
_o__configure_narrow_argv
_o___std_exception_destroy
_o___std_exception_copy
_o__cexit
__CxxFrameHandler4
_CxxThrowException
memcmp
memcpy

ntdll

EtwEventWriteTransfer
EtwUnregisterTraceGuids
EtwRegisterTraceGuidsW
EtwGetTraceEnableFlags
EtwGetTraceEnableLevel
EtwGetTraceLoggerHandle
DbgPrint
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
EtwTraceMessage

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
GetLastError
UnhandledExceptionFilter

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleExW
GetModuleFileNameW
GetModuleHandleW
FreeLibrary
DisableThreadLibraryCalls

api-ms-win-core-heap-l2-1-0

LocalFree

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-com-l1-1-0

StringFromGUID2

api-ms-win-core-synch-l1-1-0

DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection

api-ms-win-core-heap-l1-1-0

HeapSize
HeapFree
HeapAlloc
GetProcessHeap

api-ms-win-core-sysinfo-l1-1-0

GetSystemInfo
GetSystemDirectoryW
GetVersionExW
GetSystemTimeAsFileTime

api-ms-win-core-processthreads-l1-1-0

TerminateProcess
GetCurrentThreadId
GetCurrentProcess
GetCurrentProcessId

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
DebugBreak

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

EapPeerFreeErrorMemory
EapPeerFreeMemory
EapPeerInvokeIdentityUI

Sections

.text
Size: 28KB - Virtual size: 26KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 120B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 48KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 220B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
amd64_microsoft-windows-e..-protocol-host-peer_31bf3856ad364e35_10.0.22621.1_none_c5a956e0b72858aa/eapphost.dll
.dll regsvr32 windows x64

d4fdb36188e109c426f79c5e042078e6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

msvcp_win

?pbase@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD0@Z
?tie@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_ostream@DU?$char_traits@D@std@@@2@XZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?eback@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?uncaught_exception@std@@YA_NXZ
?flags@ios_base@std@@QEBAHXZ
?width@ios_base@std@@QEBA_JXZ
?width@ios_base@std@@QEAA_J_J@Z
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@K@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?egptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?gbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXH@Z
?good@ios_base@std@@QEBA_NXZ
?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD00@Z
?epptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD00@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ
?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
?_Xlength_error@std@@YAXPEBD@Z
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ

api-ms-win-crt-string-l1-1-0

memset
wcsnlen

api-ms-win-crt-runtime-l1-1-0

_initterm
_initterm_e

api-ms-win-crt-private-l1-1-0

_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__purecall
_o__recalloc
_o__register_onexit_function
_o__seh_filter_dll
memmove
_o__wcsicmp
_o__wtol
_o_free
_o_malloc
_o_memcpy_s
_o_wcscpy_s
_o_wcsncpy_s
__RTtypeid
wcsrchr
_o___stdio_common_vswprintf_s
_o__cexit
_o___stdio_common_vswprintf
_o___stdio_common_vsprintf
_o___stdio_common_vsnprintf_s
_o___std_type_info_name
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
_o__execute_onexit_table
_o__errno
__C_specific_handler
__std_terminate
__CxxFrameHandler4
_o__crt_atexit
_o__configure_narrow_argv
_CxxThrowException
__C_specific_handler_noexcept
memcmp
memcpy

ntdll

EtwEventWriteTransfer
WinSqmSetDWORD
DbgPrint
WinSqmAddToStream
RtlCaptureContext
EtwEventSetInformation
EtwEventRegister
RtlLookupFunctionEntry
EtwEventUnregister
EtwEventEnabled
EtwUnregisterTraceGuids
RtlVirtualUnwind
EtwRegisterTraceGuidsW
EtwGetTraceEnableFlags
EtwGetTraceEnableLevel
EtwGetTraceLoggerHandle
EtwTraceMessage

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-processthreads-l1-1-0

GetCurrentThreadId
TerminateProcess
GetCurrentProcessId
GetCurrentProcess

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapAlloc
HeapFree
HeapSize

api-ms-win-core-libraryloader-l1-2-0

GetProcAddress
LoadLibraryExW
FreeLibrary
LoadResource
FindResourceExW
GetModuleHandleW
GetModuleFileNameW
SizeofResource
GetModuleFileNameA
DisableThreadLibraryCalls
GetModuleHandleExA
GetModuleHandleExW

api-ms-win-core-debug-l1-1-0

DebugBreak
IsDebuggerPresent
OutputDebugStringW

api-ms-win-core-errorhandling-l1-1-0

GetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter
SetLastError
RaiseException

api-ms-win-core-handle-l1-1-0

CloseHandle
GetHandleInformation
DuplicateHandle

api-ms-win-core-synch-l1-1-0

InitializeCriticalSection
CreateSemaphoreExW
LeaveCriticalSection
AcquireSRWLockExclusive
DeleteCriticalSection
CreateMutexExW
ReleaseSRWLockExclusive
InitializeCriticalSectionEx
AcquireSRWLockShared
ReleaseSemaphore
InitializeCriticalSectionAndSpinCount
ReleaseSRWLockShared
WaitForSingleObject
EnterCriticalSection
ReleaseMutex
WaitForSingleObjectEx
OpenSemaphoreW

api-ms-win-core-processthreads-l1-1-1

OpenProcess
IsProcessorFeaturePresent

api-ms-win-security-base-l1-1-0

ImpersonateLoggedOnUser
RevertToSelf

api-ms-win-security-credentials-l1-1-0

CredFree
CredDeleteW
CredProtectW
CredReadW

api-ms-win-core-registry-l1-1-0

RegCreateKeyExW
RegSetValueExW
RegQueryInfoKeyW
RegLoadMUIStringW
RegQueryValueExW
RegDeleteValueW
RegCloseKey
RegOpenKeyExW
RegEnumKeyExW

api-ms-win-core-string-l2-1-0

CharNextW

api-ms-win-core-string-l1-1-0

MultiByteToWideChar
WideCharToMultiByte

rpcrt4

NdrOleFree
NdrDllRegisterProxy
NdrDllUnregisterProxy
NdrDllCanUnloadNow
NdrOleAllocate
NdrDllGetClassObject

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW

api-ms-win-core-threadpool-l1-2-0

CloseThreadpoolTimer
CreateThreadpoolTimer
WaitForThreadpoolTimerCallbacks
SetThreadpoolTimer

api-ms-win-core-heap-l2-1-0

LocalFree
LocalAlloc

api-ms-win-core-synch-l1-2-0

InitOnceComplete
InitOnceBeginInitialize

api-ms-win-core-sysinfo-l1-1-0

GetSystemDirectoryW
GetSystemInfo
GetVersionExW
GetSystemTimeAsFileTime
GetTickCount

ncrypt

NCryptSetProperty
NCryptOpenStorageProvider
NCryptFreeObject

api-ms-win-core-file-l1-1-0

CreateFileW

api-ms-win-core-memory-l1-1-0

CreateFileMappingW
UnmapViewOfFile
MapViewOfFile

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpiW

wkscli

NetGetJoinInformation

netutils

NetApiBufferFree

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
InitializeEapHost
OnSessionChange
StopServiceOnLowPower
UninitializeEapHost

Sections

.text
Size: 204KB - Virtual size: 201KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 76KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 168B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
amd64_microsoft-windows-e..-protocol-host-peer_31bf3856ad364e35_10.0.22621.1_none_c5a956e0b72858aa/eappprxy.dll
.dll windows x64

ef76b54f1cadfc83b8391e8747ddb87f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

msvcp_win

?_Xlength_error@std@@YAXPEBD@Z

api-ms-win-crt-string-l1-1-0

memset
wcsnlen

api-ms-win-crt-runtime-l1-1-0

_initterm
_initterm_e

api-ms-win-crt-private-l1-1-0

_o__configure_narrow_argv
_o__crt_atexit
_o__errno
_o__execute_onexit_table
_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__register_onexit_function
_o__seh_filter_dll
_o_wmemcpy_s
wcsrchr
_o___stdio_common_vswprintf
_o___stdio_common_vsprintf
_o___stdio_common_vsnprintf_s
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
_o__cexit
_o__beginthreadex
__C_specific_handler
__std_terminate
__CxxFrameHandler4
_CxxThrowException
__C_specific_handler_noexcept
memcpy

ntdll

EtwGetTraceEnableFlags
EtwGetTraceEnableLevel
EtwRegisterTraceGuidsW
EtwEventWriteTransfer
EtwEventRegister
EtwEventUnregister
EtwUnregisterTraceGuids
EtwTraceMessage
EtwEventEnabled
DbgPrint
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
EtwGetTraceLoggerHandle

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-heap-l1-1-0

HeapAlloc
HeapSize
HeapFree
GetProcessHeap

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
GetLastError
SetUnhandledExceptionFilter
SetLastError

api-ms-win-core-synch-l1-1-0

ReleaseMutex
ReleaseSemaphore
WaitForSingleObjectEx
WaitForSingleObject
OpenSemaphoreW
LeaveCriticalSection
EnterCriticalSection
CreateEventW
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
SetEvent
CreateSemaphoreExW
CreateMutexExW
WaitForMultipleObjectsEx

api-ms-win-core-processthreads-l1-1-0

TerminateProcess
GetCurrentProcess
GetCurrentThreadId
GetCurrentProcessId

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleExW
DisableThreadLibraryCalls
GetModuleFileNameW
GetProcAddress
GetModuleHandleW
GetModuleFileNameA

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
IsDebuggerPresent
DebugBreak

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-sysinfo-l1-1-0

GetSystemInfo
GetVersionExW
GetTickCount
GetSystemTimeAsFileTime

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

EapHostPeerBeginSession
EapHostPeerClearConnection
EapHostPeerEndSession
EapHostPeerFreeEapError
EapHostPeerFreeRuntimeMemory
EapHostPeerGetAuthStatus
EapHostPeerGetDataToUnplumbCredentials
EapHostPeerGetEncryptedPassword
EapHostPeerGetIdentity
EapHostPeerGetResponseAttributes
EapHostPeerGetResult
EapHostPeerGetSendPacket
EapHostPeerGetUIContext
EapHostPeerInitialize
EapHostPeerProcessReceivedPacket
EapHostPeerSetResponseAttributes
EapHostPeerSetUIContext
EapHostPeerUninitialize

Sections

.text
Size: 60KB - Virtual size: 56KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 224B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
amd64_microsoft-windows-e..ageengine-utilities_31bf3856ad364e35_10.0.22621.1_none_3b21b8b1b8ff516c/esentutl.exe
.exe windows x64

fe6591b11402803deebb84294c5a81bb

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

msvcrt

__set_app_type
_exit
_amsg_exit
_XcptFilter
_wtol
_wcsnicmp
strchr
_wfullpath
_wcsupr_s
wcsstr
swprintf_s
_fmode
wcscat_s
wcscpy_s
__C_specific_handler
_commode
_cexit
_lock
_getch
_unlock
_snwscanf_s
_wsplitpath_s
__dllonexit
_onexit
?terminate@@YAXXZ
__setusermatherr
_wmakepath_s
swscanf_s
wcstol
_vsnwprintf
malloc
free
memcpy
wprintf
memcmp
wcschr
_purecall
exit
_initterm
iswascii
fwprintf
isprint
_vsnprintf
strtoul
strcspn
strrchr
wcsncmp
wcsrchr
memmove_s
iswalpha
rand_s
wcspbrk
vprintf
strstr
_wcsicmp
__iob_func
__wgetmainargs
memset

esent

JetSetSystemParameterA
JetDBUtilitiesW
JetGetSystemParameterW
JetTerm2
JetGetErrorInfoW
JetTestHook
JetDetachDatabaseW
JetInit
JetBeginSessionW
JetAttachDatabase3W
JetInit4W
JetSetSystemParameterW
JetGetLogFileInfoW
JetRestore2W
JetEndSession
JetGetDatabaseFileInfoW

ntdll

RtlLookupFunctionEntry
RtlCaptureContext
RtlVirtualUnwind
RtlCaptureStackBackTrace

api-ms-win-core-file-l1-1-0

FindClose
CreateFileW
FindVolumeClose
FlushFileBuffers
SetFileValidData
SetFileInformationByHandle
FindNextVolumeW
ReadFile
WriteFileGather
ReadFileScatter
GetFileInformationByHandle
RemoveDirectoryW
CreateDirectoryW
GetTempFileNameW
SetEndOfFile
GetFileAttributesExW
WriteFile
GetDiskFreeSpaceExW
GetVolumePathNameW
GetFinalPathNameByHandleW
GetFileAttributesW
DeleteFileW
SetFilePointerEx
GetDiskFreeSpaceW
GetFullPathNameW
GetDriveTypeW
FindNextFileW
FindFirstVolumeW
GetVolumeInformationW
FindFirstFileW
GetFileSizeEx

api-ms-win-core-heap-l1-1-0

HeapDestroy
HeapSetInformation
GetProcessHeap
HeapFree
HeapAlloc

api-ms-win-core-io-l1-1-0

CreateIoCompletionPort
GetQueuedCompletionStatus
DeviceIoControl
GetOverlappedResult
PostQueuedCompletionStatus

api-ms-win-core-heap-l2-1-0

LocalAlloc
LocalFree

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
SetLastError
UnhandledExceptionFilter
GetLastError

api-ms-win-core-handle-l1-1-0

CloseHandle
DuplicateHandle
SetHandleInformation

api-ms-win-core-sysinfo-l1-1-0

GetLocalTime
GetVersionExW
GetLogicalProcessorInformationEx
GlobalMemoryStatusEx
GetTickCount
GetSystemInfo
GetWindowsDirectoryW
GetSystemTimeAsFileTime
GetSystemTime
GetSystemWindowsDirectoryW

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW
GetModuleFileNameW
LoadLibraryExW
FreeLibrary
LoadLibraryExA
GetProcAddress

api-ms-win-core-file-l2-1-0

MoveFileExW
GetFileInformationByHandleEx
CopyFileExW

api-ms-win-core-processthreads-l1-1-0

SetThreadPriorityBoost
GetCurrentProcessId
SetThreadPriority
CreateThread
GetCurrentProcess
TlsAlloc
TerminateProcess
GetCurrentThread
TlsFree
TlsGetValue
GetExitCodeThread
GetCurrentThreadId
ResumeThread
CreateProcessW
TlsSetValue
OpenThread

api-ms-win-core-synch-l1-2-0

Sleep
SleepConditionVariableSRW
WakeAllConditionVariable

api-ms-win-core-profile-l1-1-0

QueryPerformanceFrequency
QueryPerformanceCounter

api-ms-win-core-synch-l1-1-0

EnterCriticalSection
LeaveCriticalSection
CreateMutexW
SetEvent
ReleaseSemaphore
WaitForSingleObject
WaitForSingleObjectEx
DeleteCriticalSection
ReleaseSRWLockExclusive
CreateEventW
AcquireSRWLockExclusive
InitializeCriticalSectionAndSpinCount
SleepEx
ReleaseMutex

api-ms-win-core-memory-l1-1-0

CreateFileMappingW
MapViewOfFileEx
UnmapViewOfFile
VirtualProtect
VirtualFree
VirtualAlloc
VirtualQueryEx

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent
GetThreadIdealProcessorEx

api-ms-win-core-debug-l1-1-0

OutputDebugStringA
DebugBreak

api-ms-win-core-localization-l1-2-0

FormatMessageW
LCMapStringW
LCMapStringEx

api-ms-win-core-sysinfo-l1-2-0

GetNativeSystemInfo

api-ms-win-core-timezone-l1-1-0

FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime

api-ms-win-core-datetime-l1-1-0

GetTimeFormatW
GetDateFormatW

api-ms-win-core-file-l1-2-0

GetVolumeNameForVolumeMountPointW

api-ms-win-core-file-l2-1-1

OpenFileById

api-ms-win-core-console-l1-1-0

SetConsoleCtrlHandler

api-ms-win-core-errorhandling-l1-1-3

SetThreadErrorMode

api-ms-win-core-privateprofile-l1-1-0

GetProfileStringW

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Sections

.text
Size: 312KB - Virtual size: 308KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 116KB - Virtual size: 112KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
amd64_microsoft-windows-e..e-library.resources_31bf3856ad364e35_10.0.22621.1_en-us_73ff8802074dbe40/efscore.dll.mui
.dll windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.rdata
Size: 512B - Virtual size: 224B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 23KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
amd64_microsoft-windows-e..estorageengine-isam_31bf3856ad364e35_10.0.22621.1_none_537a12951fc9ef48/esent.dll
.dll regsvr32 windows x64

b24ff7866552a6b9769133201a264c27

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

msvcrt

_strtoui64
time
memmove_s
_wfullpath
iswalpha
strtoul
strtok_s
isupper
wcspbrk
_vsnwprintf
strstr
bsearch
qsort
realloc
wcsncmp
_wmakepath_s
_wsplitpath_s
isdigit
wcsrchr
modf
_wcsnicmp
wprintf
_itoa_s
isprint
_vsnprintf
rand_s
wcstok_s
_wcstoi64
_wtoi64
tolower
_lock
_unlock
vprintf
__dllonexit
_onexit
_amsg_exit
fclose
fflush
fprintf
swprintf_s
strpbrk
_initterm
memset
_wfopen_s
wcsstr
wcstol
strncmp
_wcstoui64
sprintf_s
wcscspn
wcschr
strrchr
_wcsicmp
_snprintf_s
memmove
_strnicmp
_ultoa_s
_stricmp
swscanf_s
memcpy
strchr
malloc
free
isalpha
memcmp
strcspn
printf
iswprint
rand
_wtol
iscntrl
memcpy_s
__iob_func
__C_specific_handler
_purecall
isxdigit
strcmp

ntdll

RtlCaptureContext
RtlCaptureStackBackTrace
RtlLookupFunctionEntry
RtlVirtualUnwind

api-ms-win-core-processthreads-l1-1-0

GetCurrentThread
TerminateProcess
CreateThread
CreateProcessW
GetExitCodeThread
TlsFree
GetCurrentProcessId
TlsSetValue
GetCurrentProcess
GetCurrentThreadId
TlsAlloc
SetThreadPriority
SetThreadPriorityBoost
TlsGetValue
OpenThread
ResumeThread

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleExW
GetModuleFileNameW
GetModuleHandleW
GetProcAddress
LoadLibraryExW
DisableThreadLibraryCalls
FreeLibrary

api-ms-win-core-heap-l1-1-0

HeapSetInformation
HeapDestroy
HeapFree
HeapAlloc
GetProcessHeap

api-ms-win-core-errorhandling-l1-1-0

SetLastError
GetLastError
SetUnhandledExceptionFilter
UnhandledExceptionFilter

api-ms-win-core-sysinfo-l1-2-0

GetNativeSystemInfo

api-ms-win-core-sysinfo-l1-1-0

GetLogicalProcessorInformationEx
GetSystemWindowsDirectoryW
GetLocalTime
GetSystemInfo
GetVersionExW
GetTickCount
GlobalMemoryStatusEx
GetWindowsDirectoryW
GetSystemTimeAsFileTime
GetSystemTime

api-ms-win-core-memory-l1-1-0

OpenFileMappingW
UnmapViewOfFile
MapViewOfFile
VirtualProtect
VirtualFree
CreateFileMappingW
VirtualAlloc
VirtualQueryEx
MapViewOfFileEx

api-ms-win-core-memory-l1-1-1

CreateMemoryResourceNotification
VirtualUnlock
QueryMemoryResourceNotification

api-ms-win-core-handle-l1-1-0

CloseHandle
SetHandleInformation
DuplicateHandle

api-ms-win-core-heap-l2-1-0

LocalAlloc
LocalFree

api-ms-win-core-file-l1-1-0

ReadFileScatter
WriteFile
WriteFileGather
CreateFileW
GetFileSizeEx
SetFileInformationByHandle
SetFileValidData
GetFileAttributesW
GetFinalPathNameByHandleW
GetVolumePathNameW
GetDiskFreeSpaceExW
GetFileAttributesExW
GetTempFileNameW
SetEndOfFile
CreateDirectoryW
RemoveDirectoryW
DeleteFileW
ReadFile
SetFilePointerEx
GetDriveTypeW
GetFullPathNameW
GetFileInformationByHandle
FindFirstVolumeW
GetVolumeInformationW
FindNextVolumeW
FindVolumeClose
FlushFileBuffers
FindFirstFileW
FindNextFileW
FindClose

api-ms-win-core-synch-l1-1-0

CreateMutexW
SetEvent
ReleaseMutex
CreateEventW
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
ReleaseSemaphore
SleepEx
WaitForSingleObjectEx
ResetEvent
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
OpenMutexW
WaitForSingleObject
OpenEventW
WaitForMultipleObjectsEx

api-ms-win-core-io-l1-1-0

GetQueuedCompletionStatus
PostQueuedCompletionStatus
DeviceIoControl
GetOverlappedResult
CreateIoCompletionPort

api-ms-win-core-string-l1-1-0

WideCharToMultiByte
MultiByteToWideChar

api-ms-win-core-debug-l1-1-0

DebugBreak
OutputDebugStringA

api-ms-win-core-localization-l1-2-0

GetLocaleInfoEx
LCMapStringW
LocaleNameToLCID
GetLocaleInfoW
FormatMessageW
LCMapStringEx

api-ms-win-core-synch-l1-2-0

WakeAllConditionVariable
SleepConditionVariableSRW
Sleep

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent
GetThreadIdealProcessorEx

api-ms-win-core-console-l1-1-0

SetConsoleCtrlHandler

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter
QueryPerformanceFrequency

api-ms-win-core-timezone-l1-1-0

SystemTimeToFileTime
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime

api-ms-win-core-datetime-l1-1-0

GetDateFormatW
GetTimeFormatW

api-ms-win-core-file-l1-2-0

GetVolumeNameForVolumeMountPointW

api-ms-win-core-file-l2-1-0

GetFileInformationByHandleEx
MoveFileExW
CopyFileExW

api-ms-win-core-file-l2-1-1

OpenFileById

api-ms-win-core-processenvironment-l1-1-0

GetStdHandle

api-ms-win-core-console-l2-1-0

GetConsoleScreenBufferInfo

api-ms-win-core-errorhandling-l1-1-3

SetThreadErrorMode

api-ms-win-core-localization-l1-2-2

LCIDToLocaleName

api-ms-win-eventing-provider-l1-1-0

EventRegister
EventUnregister
EventWriteTransfer

api-ms-win-core-privateprofile-l1-1-0

GetProfileStringW

api-ms-win-core-kernel32-legacy-l1-1-0

RegisterWaitForSingleObject
GetSystemPowerStatus

api-ms-win-core-threadpool-legacy-l1-1-0

UnregisterWaitEx

api-ms-win-core-windowserrorreporting-l1-1-0

WerRegisterMemoryBlock

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

DebugExtensionInitialize
DebugExtensionNotify
DebugExtensionUninitialize
DllRegisterServer
JetAddColumn
JetAddColumnA
JetAddColumnW
JetAttachDatabase
JetAttachDatabase2
JetAttachDatabase2A
JetAttachDatabase2W
JetAttachDatabase3
JetAttachDatabase3A
JetAttachDatabase3W
JetAttachDatabaseA
JetAttachDatabaseW
JetAttachDatabaseWithStreaming
JetAttachDatabaseWithStreamingA
JetAttachDatabaseWithStreamingW
JetBackup
JetBackupA
JetBackupInstance
JetBackupInstanceA
JetBackupInstanceW
JetBackupW
JetBeginDatabaseIncrementalReseed
JetBeginDatabaseIncrementalReseedA
JetBeginDatabaseIncrementalReseedW
JetBeginExternalBackup
JetBeginExternalBackupInstance
JetBeginSession
JetBeginSessionA
JetBeginSessionW
JetBeginSurrogateBackup
JetBeginTransaction
JetBeginTransaction2
JetBeginTransaction3
JetCloseDatabase
JetCloseFile
JetCloseFileInstance
JetCloseTable
JetCommitTransaction
JetCommitTransaction2
JetCompact
JetCompactA
JetCompactW
JetComputeStats
JetConfigureProcessForCrashDump
JetConsumeLogData
JetConvertDDL
JetConvertDDLA
JetConvertDDLW
JetCreateDatabase
JetCreateDatabase2
JetCreateDatabase2A
JetCreateDatabase2W
JetCreateDatabase3
JetCreateDatabase3A
JetCreateDatabase3W
JetCreateDatabaseA
JetCreateDatabaseW
JetCreateDatabaseWithStreaming
JetCreateDatabaseWithStreamingA
JetCreateDatabaseWithStreamingW
JetCreateEncryptionKey
JetCreateIndex
JetCreateIndex2
JetCreateIndex2A
JetCreateIndex2W
JetCreateIndex3A
JetCreateIndex3W
JetCreateIndex4A
JetCreateIndex4W
JetCreateIndexA
JetCreateIndexW
JetCreateInstance
JetCreateInstance2
JetCreateInstance2A
JetCreateInstance2W
JetCreateInstanceA
JetCreateInstanceW
JetCreateTable
JetCreateTableA
JetCreateTableColumnIndex
JetCreateTableColumnIndex2
JetCreateTableColumnIndex2A
JetCreateTableColumnIndex2W
JetCreateTableColumnIndex3A
JetCreateTableColumnIndex3W
JetCreateTableColumnIndex4A
JetCreateTableColumnIndex4W
JetCreateTableColumnIndex5A
JetCreateTableColumnIndex5W
JetCreateTableColumnIndexA
JetCreateTableColumnIndexW
JetCreateTableW
JetDBUtilities
JetDBUtilitiesA
JetDBUtilitiesW
JetDatabaseScan
JetDefragment
JetDefragment2
JetDefragment2A
JetDefragment2W
JetDefragment3
JetDefragment3A
JetDefragment3W
JetDefragmentA
JetDefragmentW
JetDelete
JetDeleteColumn
JetDeleteColumn2
JetDeleteColumn2A
JetDeleteColumn2W
JetDeleteColumnA
JetDeleteColumnW
JetDeleteIndex
JetDeleteIndexA
JetDeleteIndexW
JetDeleteTable
JetDeleteTable2
JetDeleteTable2A
JetDeleteTable2W
JetDeleteTableA
JetDeleteTableW
JetDetachDatabase
JetDetachDatabase2
JetDetachDatabase2A
JetDetachDatabase2W
JetDetachDatabaseA
JetDetachDatabaseW
JetDupCursor
JetDupSession
JetEnableMultiInstance
JetEnableMultiInstanceA
JetEnableMultiInstanceW
JetEndDatabaseIncrementalReseed
JetEndDatabaseIncrementalReseedA
JetEndDatabaseIncrementalReseedW
JetEndExternalBackup
JetEndExternalBackupInstance
JetEndExternalBackupInstance2
JetEndSession
JetEndSurrogateBackup
JetEnumerateColumns
JetEscrowUpdate
JetExternalRestore
JetExternalRestore2
JetExternalRestore2A
JetExternalRestore2W
JetExternalRestoreA
JetExternalRestoreW
JetFreeBuffer
JetGetAttachInfo
JetGetAttachInfoA
JetGetAttachInfoInstance
JetGetAttachInfoInstanceA
JetGetAttachInfoInstanceW
JetGetAttachInfoW
JetGetBookmark
JetGetColumnInfo
JetGetColumnInfoA
JetGetColumnInfoW
JetGetCounter
JetGetCurrentIndex
JetGetCurrentIndexA
JetGetCurrentIndexW
JetGetCursorInfo
JetGetDatabaseFileInfo
JetGetDatabaseFileInfoA
JetGetDatabaseFileInfoW
JetGetDatabaseInfo
JetGetDatabaseInfoA
JetGetDatabaseInfoW
JetGetDatabasePages
JetGetErrorInfoW
JetGetIndexInfo
JetGetIndexInfoA
JetGetIndexInfoW
JetGetInstanceInfo
JetGetInstanceInfoA
JetGetInstanceInfoW
JetGetInstanceMiscInfo
JetGetLS
JetGetLock
JetGetLogFileInfo
JetGetLogFileInfoA
JetGetLogFileInfoW
JetGetLogInfo
JetGetLogInfoA
JetGetLogInfoInstance
JetGetLogInfoInstance2
JetGetLogInfoInstance2A
JetGetLogInfoInstance2W
JetGetLogInfoInstanceA
JetGetLogInfoInstanceW
JetGetLogInfoW
JetGetMaxDatabaseSize
JetGetObjectInfo
JetGetObjectInfoA
JetGetObjectInfoW
JetGetPageInfo
JetGetPageInfo2
JetGetRBSFileInfoA
JetGetRBSFileInfoW
JetGetRecordPosition
JetGetRecordSize
JetGetRecordSize2
JetGetRecordSize3
JetGetResourceParam
JetGetSecondaryIndexBookmark
JetGetSessionInfo
JetGetSessionParameter
JetGetSystemParameter
JetGetSystemParameterA
JetGetSystemParameterW
JetGetTableColumnInfo
JetGetTableColumnInfoA
JetGetTableColumnInfoW
JetGetTableIndexInfo
JetGetTableIndexInfoA
JetGetTableIndexInfoW
JetGetTableInfo
JetGetTableInfoA
JetGetTableInfoW
JetGetThreadStats
JetGetTruncateLogInfoInstance
JetGetTruncateLogInfoInstanceA
JetGetTruncateLogInfoInstanceW
JetGetVersion
JetGotoBookmark
JetGotoPosition
JetGotoSecondaryIndexBookmark
JetGrowDatabase
JetIdle
JetIndexRecordCount
JetIndexRecordCount2
JetInit
JetInit2
JetInit3
JetInit3A
JetInit3W
JetInit4
JetInit4A
JetInit4W
JetIntersectIndexes
JetMakeKey
JetMove
JetOSSnapshotAbort
JetOSSnapshotEnd
JetOSSnapshotFreeze
JetOSSnapshotFreezeA
JetOSSnapshotFreezeW
JetOSSnapshotGetFreezeInfo
JetOSSnapshotGetFreezeInfoA
JetOSSnapshotGetFreezeInfoW
JetOSSnapshotPrepare
JetOSSnapshotPrepareInstance
JetOSSnapshotThaw
JetOSSnapshotTruncateLog
JetOSSnapshotTruncateLogInstance
JetOnlinePatchDatabasePage
JetOpenDatabase
JetOpenDatabaseA
JetOpenDatabaseW
JetOpenFile
JetOpenFileA
JetOpenFileInstance
JetOpenFileInstanceA
JetOpenFileInstanceW
JetOpenFileSectionInstance
JetOpenFileSectionInstanceA
JetOpenFileSectionInstanceW
JetOpenFileW
JetOpenTable
JetOpenTableA
JetOpenTableW
JetOpenTempTable
JetOpenTempTable2
JetOpenTempTable3
JetOpenTemporaryTable
JetOpenTemporaryTable2
JetPatchDatabasePages
JetPatchDatabasePagesA
JetPatchDatabasePagesW
JetPrepareToCommitTransaction
JetPrepareUpdate
JetPrereadColumnsByReference
JetPrereadIndexRange
JetPrereadIndexRanges
JetPrereadKeys
JetPrereadTablesW
JetRBSCancelRevert
JetRBSExecuteRevert
JetRBSPrepareRevert
JetReadFile
JetReadFileInstance
JetRegisterCallback
JetRemoveLogfileA
JetRemoveLogfileW
JetRenameColumn
JetRenameColumnA
JetRenameColumnW
JetRenameTable
JetRenameTableA
JetRenameTableW
JetResetCounter
JetResetSessionContext
JetResetTableSequential
JetResizeDatabase
JetRestore
JetRestore2
JetRestore2A
JetRestore2W
JetRestoreA
JetRestoreInstance
JetRestoreInstanceA
JetRestoreInstanceW
JetRestoreW
JetRetrieveColumn
JetRetrieveColumnByReference
JetRetrieveColumnFromRecordStream
JetRetrieveColumns
JetRetrieveKey
JetRetrieveTaggedColumnList
JetRollback
JetSeek
JetSetColumn
JetSetColumnDefaultValue
JetSetColumnDefaultValueA
JetSetColumnDefaultValueW
JetSetColumns
JetSetCurrentIndex
JetSetCurrentIndex2
JetSetCurrentIndex2A
JetSetCurrentIndex2W
JetSetCurrentIndex3
JetSetCurrentIndex3A
JetSetCurrentIndex3W
JetSetCurrentIndex4
JetSetCurrentIndex4A
JetSetCurrentIndex4W
JetSetCurrentIndexA
JetSetCurrentIndexW
JetSetCursorFilter
JetSetDatabaseSize
JetSetDatabaseSizeA
JetSetDatabaseSizeW
JetSetIndexRange
JetSetLS
JetSetMaxDatabaseSize
JetSetResourceParam
JetSetSessionContext
JetSetSessionParameter
JetSetSystemParameter
JetSetSystemParameterA
JetSetSystemParameterW
JetSetTableInfo
JetSetTableInfoA
JetSetTableInfoW
JetSetTableSequential
JetSnapshotStart
JetSnapshotStartA
JetSnapshotStartW
JetSnapshotStop
JetStopBackup
JetStopBackupInstance
JetStopService
JetStopServiceInstance
JetStopServiceInstance2
JetStreamRecords
JetTerm
JetTerm2
JetTestHook
JetTracing
JetTruncateLog
JetTruncateLogInstance
JetUnregisterCallback
JetUpdate
JetUpdate2
JetUpgradeDatabase
JetUpgradeDatabaseA
JetUpgradeDatabaseW
ese
rgEDBGGlobals

Sections

.text
Size: 3.0MB - Virtual size: 3.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 620KB - Virtual size: 617KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 44KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 108KB - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 88B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

cachelin
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
amd64_microsoft-windows-e..gine-isam.resources_31bf3856ad364e35_10.0.22621.1_en-us_cd6f59af68ea22b3/ESENT.dll.mui
.dll windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.rdata
Size: 512B - Virtual size: 224B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 79KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
amd64_microsoft-windows-e..host-peer.resources_31bf3856ad364e35_10.0.22621.1_en-us_8bb66cd4143fce05/eappgnui.dll.mui
.dll windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.rdata
Size: 512B - Virtual size: 224B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
amd64_microsoft-windows-e..host-peer.resources_31bf3856ad364e35_10.0.22621.1_en-us_8bb66cd4143fce05/eapphost.dll.mui
.dll windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.rdata
Size: 512B - Virtual size: 224B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 14KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
amd64_microsoft-windows-e..ingfaults.resources_31bf3856ad364e35_10.0.22621.1_en-us_d8222b7f227b795d/WerFault.exe.mui
.dll windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.rdata
Size: 512B - Virtual size: 224B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 18KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
amd64_microsoft-windows-e..ingfaults.resources_31bf3856ad364e35_10.0.22621.1_en-us_d8222b7f227b795d/WerFaultSecure.exe.mui
.dll windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.rdata
Size: 512B - Virtual size: 224B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
amd64_microsoft-windows-e..ingfaults.resources_31bf3856ad364e35_10.0.22621.1_en-us_d8222b7f227b795d/faultrep.dll.mui
.dll windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.rdata
Size: 512B - Virtual size: 224B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
amd64_microsoft-windows-e..lestorageengine-vss_31bf3856ad364e35_10.0.22621.1_none_1a204cc84ba4f598/esevss.dll
.dll windows x64

7954ca5576aefd644cd0b7ee48815eda

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

msvcrt

free
_unlock
_XcptFilter
_purecall
wcsrchr
wcscpy_s
_wcsicmp
_vsnwprintf
__dllonexit
_onexit
memcpy
malloc
wcsncmp
_vsnprintf
strrchr
memmove_s
_wfullpath
_wsplitpath_s
_initterm
iswalpha
_wcsnicmp
swprintf_s
rand_s
wcspbrk
_wtol
strcspn
isprint
vprintf
strstr
strtoul
__C_specific_handler
_wmakepath_s
_lock
_amsg_exit
wprintf
memset

api-ms-win-core-file-l1-1-0

FindFirstFileW
GetFinalPathNameByHandleW
GetVolumePathNameW
CreateFileW
FindClose

api-ms-win-core-com-l1-1-0

CoUninitialize
CoInitializeEx

rpcrt4

RpcStringFreeW
UuidToStringW

api-ms-win-core-errorhandling-l1-1-0

GetLastError
SetUnhandledExceptionFilter
UnhandledExceptionFilter

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-libraryloader-l1-2-0

DisableThreadLibraryCalls

api-ms-win-core-synch-l1-2-0

SleepConditionVariableSRW
Sleep
WakeAllConditionVariable

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-processthreads-l1-1-0

TerminateProcess
GetCurrentProcess
GetCurrentThreadId
GetCurrentProcessId

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlCaptureContext
RtlVirtualUnwind

esent

JetInit3W
JetGetDatabaseFileInfoW
JetTerm2
JetSetSystemParameterW

kernel32

GetQueuedCompletionStatus
PostQueuedCompletionStatus
CreateIoCompletionPort
ReadFileScatter
WriteFileGather
ReadFile
SetEndOfFile
GetFileSizeEx
SetFileInformationByHandle
SetFileValidData
RtlCaptureStackBackTrace
SetEvent
CreateMutexW
GetSystemWindowsDirectoryW
ReleaseMutex
WriteFile
SetFilePointerEx
OutputDebugStringA
GetLocalTime
GetModuleHandleW
SetThreadErrorMode
FreeLibrary
GetProcAddress
LoadLibraryExW
GetModuleFileNameW
GetVersionExW
SetConsoleCtrlHandler
ReleaseSemaphore
GetThreadIdealProcessorEx
GetLogicalProcessorInformationEx
InitializeCriticalSectionAndSpinCount
VirtualQueryEx
GetProcessHeap
HeapDestroy
HeapSetInformation
SetLastError
GetNativeSystemInfo
GetSystemInfo
GlobalMemoryStatusEx
HeapAlloc
HeapFree
VirtualAlloc
VirtualFree
VirtualProtect
CreateFileMappingW
MapViewOfFileEx
UnmapViewOfFile
FormatMessageW
LocalFree
GetFileAttributesW
GetDiskFreeSpaceExW
GetVolumeNameForVolumeMountPointW
DeviceIoControl
GetFileAttributesExW
GetTempFileNameW
CreateDirectoryW
RemoveDirectoryW
DeleteFileW
MoveFileExW
CopyFileExW
SetHandleInformation
GetFileInformationByHandle
CreateEventW
GetOverlappedResult
FlushFileBuffers
FindNextFileW
LCMapStringEx
OpenFileById
FindVolumeClose
FindNextVolumeW
GetVolumeInformationW
FindFirstVolumeW
GetFileInformationByHandleEx
GetFullPathNameW
WaitForSingleObject
OpenThread
GetDriveTypeW
GetWindowsDirectoryW
DebugBreak
WaitForSingleObjectEx
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
TlsAlloc
TlsSetValue
TlsFree
GetExitCodeThread
TlsGetValue
LocalAlloc
DuplicateHandle
GetCurrentThread
SleepEx
CreateThread
SetThreadPriority
SetThreadPriorityBoost
ResumeThread
IsProcessorFeaturePresent
QueryPerformanceFrequency
GetSystemTime

vssapi

CreateWriter
CreateVssBackupComponentsInternal
VssFreeSnapshotPropertiesInternal

api-ms-win-core-synch-l1-1-0

ReleaseSRWLockExclusive
AcquireSRWLockExclusive

Exports

Exports

EseShadowCreateShadow
EseShadowCreateSimpleShadow
EseShadowInit
EseShadowMountShadow
EseShadowMountSimpleShadow
EseShadowPurgeShadow
EseShadowTerm
VssIdToString

Sections

.text
Size: 244KB - Virtual size: 241KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 56KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
amd64_microsoft-windows-e..mmandline.resources_31bf3856ad364e35_10.0.22621.1_en-us_962f152deafcbe8a/wevtutil.exe.mui
.dll windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.rdata
Size: 512B - Virtual size: 224B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 44KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
amd64_microsoft-windows-e..ocol-legacy-schemas_31bf3856ad364e35_10.0.22621.1_none_19a3e26d3cd72257/baseeapconnectionpropertiesv1.xsd
.xml
amd64_microsoft-windows-e..ocol-legacy-schemas_31bf3856ad364e35_10.0.22621.1_none_19a3e26d3cd72257/baseeapuserpropertiesv1.xsd
.xml
amd64_microsoft-windows-e..ocol-legacy-schemas_31bf3856ad364e35_10.0.22621.1_none_19a3e26d3cd72257/eapconnectionpropertiesv1.xsd
.xml
amd64_microsoft-windows-e..ocol-legacy-schemas_31bf3856ad364e35_10.0.22621.1_none_19a3e26d3cd72257/eapuserpropertiesv1.xsd
.xml
amd64_microsoft-windows-e..otocol-host-service_31bf3856ad364e35_10.0.22621.1_none_ebdfb394f1dc4049/Eap3Host.exe
.exe windows x64

4e592bc1cd35b54d7c2f7a5e75c3b5e0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_c_exit
_register_thread_local_exe_atexit_callback
_initterm

api-ms-win-crt-private-l1-1-0

_o__callnewh
_o__cexit
_o__configthreadlocale
_o__configure_narrow_argv
_o__crt_atexit
_o__exit
_o__get_narrow_winmain_command_line
_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__register_onexit_function
_o__seh_filter_exe
_o__set_app_type
_o__set_new_mode
_o_exit
_o_free
_o_malloc
_o_terminate
__C_specific_handler
__CxxFrameHandler3
__current_exception
__current_exception_context
_CxxThrowException
_o___p__commode
_o___stdio_common_vfprintf
_o___std_exception_destroy
_o___std_exception_copy
_o___acrt_iob_func
wcschr
_o__set_fmode

api-ms-win-crt-string-l1-1-0

memset

ntdll

RtlCaptureContext
RtlVirtualUnwind
RtlLookupFunctionEntry

api-ms-win-core-com-l1-1-0

CoGetClassObject
CoRegisterClassObject
CoRevokeClassObject
CoInitializeEx
CoTaskMemAlloc
CLSIDFromString
CoInitializeSecurity
CoRegisterSurrogate
CoUninitialize

api-ms-win-core-synch-l1-1-0

CreateEventW
SetEvent

api-ms-win-core-string-l1-1-0

MultiByteToWideChar

api-ms-win-service-management-l1-1-0

CloseServiceHandle
OpenServiceW
OpenSCManagerW

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
GetLastError
SetUnhandledExceptionFilter

api-ms-win-service-management-l2-1-0

QueryServiceStatusEx

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-processthreads-l1-1-0

GetStartupInfoW
GetCurrentThreadId
GetCurrentProcessId
GetCurrentProcess
TerminateProcess

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW

user32

DispatchMessageW
TranslateMessage
PeekMessageW
MsgWaitForMultipleObjects
PostQuitMessage

Sections

.text
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 648B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 108B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
amd64_microsoft-windows-e..otocol-host-service_31bf3856ad364e35_10.0.22621.1_none_ebdfb394f1dc4049/eapsvc.dll
.dll windows x64

ee7945f26f0caac4aaa740903633b7c5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

msvcp_win

?_Xlength_error@std@@YAXPEBD@Z
?_Xout_of_range@std@@YAXPEBD@Z

api-ms-win-crt-string-l1-1-0

wcsnlen
memset

api-ms-win-crt-runtime-l1-1-0

_initterm
_initterm_e

api-ms-win-crt-private-l1-1-0

_o__errno
_o__execute_onexit_table
_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo_noreturn
_o__register_onexit_function
_o__seh_filter_dll
_o__beginthreadex
memmove
_o__wcstoui64
_o_wmemcpy_s
__C_specific_handler
wcsrchr
_o__crt_atexit
_o__configure_narrow_argv
_o___stdio_common_vsprintf
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
_o__cexit
__std_terminate
__CxxFrameHandler4
_CxxThrowException
memcpy

ntdll

EtwUnregisterTraceGuids
EtwRegisterTraceGuidsW
EtwGetTraceEnableFlags
EtwGetTraceEnableLevel
EtwGetTraceLoggerHandle
EtwTraceMessage
DbgPrint
EtwEventWriteTransfer
EtwEventEnabled
EtwEventUnregister
EtwEventRegister

api-ms-win-core-libraryloader-l1-2-0

GetProcAddress
GetModuleFileNameW
GetModuleHandleExW
DisableThreadLibraryCalls
FreeLibrary

api-ms-win-core-registry-l1-1-0

RegOpenKeyExW
RegQueryValueExW
RegCloseKey
RegNotifyChangeKeyValue
RegEnumKeyExW
RegCreateKeyExW
RegQueryInfoKeyW

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetLastError

api-ms-win-core-synch-l1-1-0

InitializeCriticalSectionAndSpinCount
WaitForMultipleObjectsEx
CreateEventW
WaitForSingleObject
LeaveCriticalSection
DeleteCriticalSection
EnterCriticalSection
SetEvent
ResetEvent

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcessId
GetCurrentProcess
GetCurrentThreadId
TerminateProcess

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW

api-ms-win-core-heap-l1-1-0

HeapAlloc
HeapSize
HeapFree
GetProcessHeap

api-ms-win-core-sysinfo-l1-1-0

GetVersionExW
GetSystemInfo
GetSystemTimeAsFileTime

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
DebugBreak

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpW

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

ServiceMain

Sections

.text
Size: 52KB - Virtual size: 48KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 72B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 272B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
amd64_microsoft-windows-e..rtingcore.resources_31bf3856ad364e35_10.0.22621.1_en-us_64a956ca2a8ab811/wer.dll.mui
.dll windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.rdata
Size: 512B - Virtual size: 224B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 10KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
amd64_microsoft-windows-e..t-service.resources_31bf3856ad364e35_10.0.22621.1_en-us_00d9d7a4a500ba88/eapsvc.dll.mui
.dll windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.rdata
Size: 512B - Virtual size: 224B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 15KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
amd64_microsoft-windows-e..tservices.resources_31bf3856ad364e35_10.0.22621.1_en-us_243cb4717a21adc6/sacdrv.sys.mui
.dll windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.rdata
Size: 512B - Virtual size: 224B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 18KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
amd64_microsoft-windows-e..tservices.resources_31bf3856ad364e35_10.0.22621.1_en-us_243cb4717a21adc6/sacsess.exe.mui
.dll windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.rdata
Size: 512B - Virtual size: 224B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
amd64_microsoft-windows-e..tservices.resources_31bf3856ad364e35_10.0.22621.1_en-us_243cb4717a21adc6/sacsvr.dll.mui
.dll windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.rdata
Size: 512B - Virtual size: 224B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
amd64_microsoft-windows-e..ymanagementservices_31bf3856ad364e35_10.0.22621.1_none_550a9176ead31bb7/sacdrv.sys
.exe windows x64

8719c24722c73ce98f5b32aad45b340a

Code Sign

33:00:00:03:3c:89:c6:6a:7b:45:bb:1f:bd:00:00:00:00:03:3c
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

02/09/2021, 18:23

Not After

01/09/2022, 18:23

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

86:68:1a:2a:51:40:ac:d0:c4:95:f0:0f:b9:57:e3:5c:ee:85:00:7b:1b:57:55:d6:eb:1d:5b:2c:2a:8f:16:35
Signer

Actual PE Digest

86:68:1a:2a:51:40:ac:d0:c4:95:f0:0f:b9:57:e3:5c:ee:85:00:7b:1b:57:55:d6:eb:1d:5b:2c:2a:8f:16:35

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

08/09/2022, 15:54
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ntoskrnl.exe

KeInitializeSemaphore
KeReleaseSemaphore
KeWaitForSingleObject
ObfDereferenceObject
KeSetEvent
KeClearEvent
ZwQuerySystemInformation
RtlTimeFieldsToTime
KeBugCheckEx
ZwAssignProcessToJobObject
ZwCreateFile
RtlTimeToTimeFields
ZwMakeTemporaryObject
ZwQueryInformationProcess
_vsnprintf
RtlInitUnicodeString
RtlTimeToElapsedTimeFields
ZwCreateJobObject
ZwSetSystemTime
ZwOpenJobObject
KeReleaseMutex
ZwSetInformationProcess
ZwIsProcessInJob
strncmp
NtShutdownSystem
_atoi64
ZwQueryInformationJobObject
ZwSetInformationJobObject
KeQueryTimeIncrement
atoi
ZwTerminateProcess
ZwSystemDebugControl
ZwTerminateJobObject
ZwClose
KeReadStateTimer
ZwOpenProcess
KeAcquireSpinLockRaiseToDpc
KeInitializeMutex
KeReleaseSpinLock
PsTerminateSystemThread
HeadlessDispatch
RtlLengthSecurityDescriptor
KeSetTimer
ObGetObjectSecurity
KeInitializeDpc
ExRegisterCallback
RtlSetDaclSecurityDescriptor
KeSetTimerEx
IoGetFileObjectGenericMapping
ExCreateCallback
PsCreateSystemThread
_vsnwprintf
NtSetInformationThread
ObSetSecurityObjectByPointer
KeInitializeTimer
IoGetCurrentProcess
IoDeleteSymbolicLink
RtlLengthSid
RtlAddAccessAllowedAce
PsThreadType
ExAllocatePool2
ObReleaseObjectSecurity
ObReferenceObjectByHandle
KeCancelTimer
IoUnregisterShutdownNotification
RtlCreateAcl
ExFreePoolWithTag
KeInitializeEvent
SeSetSecurityDescriptorInfo
RtlCreateSecurityDescriptor
IoCreateSymbolicLink
KeFlushQueuedDpcs
SeExports
IoCreateSynchronizationEvent
ExUnregisterCallback
IofCompleteRequest
IoDeleteDevice
IoRegisterShutdownNotification
IoCreateDevice
ExAllocatePool3
swprintf_s
RtlIpv6AddressToStringW
ExVerifySuite
ExDeleteResourceLite
KeEnterCriticalRegion
KeWaitForMultipleObjects
ExAcquireResourceExclusiveLite
ObReferenceObjectByPointer
IoFileObjectType
NtClose
RtlGetVersion
ExReleaseResourceLite
RtlFindMessage
ExAcquireSharedWaitForExclusive
ZwQueryValueKey
ExUuidCreate
ExGetPreviousMode
ExEventObjectType
RtlGetProductInfo
ZwSetValueKey
ExInitializeResourceLite
ZwOpenKey
KeLeaveCriticalRegion
wcsncmp
_wcsicmp
KeInitializeSpinLock
KeDelayExecutionThread
strcmp

netio.sys

NsiGetAllParametersEx
NsiSetAllParameters

Sections

.text
Size: 56KB - Virtual size: 52KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

PAGE
Size: 4KB - Virtual size: 805B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

fothk
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

GFIDS
Size: 4KB - Virtual size: 164B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 20KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
amd64_microsoft-windows-e..ymanagementservices_31bf3856ad364e35_10.0.22621.1_none_550a9176ead31bb7/sacsess.exe
.exe windows x64

c49c76b5c4cd9a166838f3103b7f8f6f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_c_exit
_register_thread_local_exe_atexit_callback
_initterm

api-ms-win-crt-private-l1-1-0

_o__beginthreadex
_o__callnewh
_o__cexit
_o__configthreadlocale
_o__configure_narrow_argv
_o__crt_atexit
_o__exit
_o__get_initial_narrow_environment
_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__purecall
_o__register_onexit_function
_o__seh_filter_exe
_o__set_app_type
_o__set_fmode
_o__set_new_handler
_o__set_new_mode
memcpy
_o_exit
_o_free
_o_malloc
_o_strcpy_s
_o_strncpy_s
_o_terminate
__current_exception
__current_exception_context
_o___stdio_common_vswprintf_s
_o___stdio_common_vsscanf
wcsstr
_o___p__commode
__C_specific_handler
_o___p___argv
_o___p___argc

api-ms-win-crt-string-l1-1-0

memset

ntdll

RtlInitAnsiString
NtQueryInformationToken
RtlUTF8StringToUnicodeString
RtlInitUTF8String
RtlAnsiStringToUnicodeString
RtlCreateUnicodeString
RtlUnsubscribeWnfStateChangeNotification
RtlCompareMemory
RtlFindMessage
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
RtlSubscribeWnfStateChangeNotification

api-ms-win-core-synch-l1-1-0

ResetEvent
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
SetEvent
CreateEventW
WaitForSingleObject
WaitForMultipleObjectsEx
InitializeCriticalSection

api-ms-win-core-handle-l1-1-0

DuplicateHandle
CloseHandle

api-ms-win-core-registry-l1-1-0

RegOpenKeyExW
RegCloseKey
RegQueryValueExW

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemDirectoryW
GetTickCount64
GetSystemTimeAsFileTime

api-ms-win-core-string-l1-1-0

WideCharToMultiByte
MultiByteToWideChar

api-ms-win-core-processthreads-l1-1-0

GetCurrentThreadId
OpenProcessToken
GetCurrentProcess
TerminateProcess
InitializeProcThreadAttributeList
GetCurrentProcessId
GetExitCodeProcess
DeleteProcThreadAttributeList
UpdateProcThreadAttribute
CreateProcessAsUserW
ExitProcess

api-ms-win-core-io-l1-1-1

CancelSynchronousIo

api-ms-win-core-file-l1-1-0

CreateFileW
WriteFile
ReadFile

api-ms-win-core-console-l1-1-0

SetConsoleCtrlHandler

api-ms-win-core-heap-l1-1-0

HeapFree
GetProcessHeap
HeapAlloc

api-ms-win-core-namedpipe-l1-1-0

CreatePipe

api-ms-win-core-console-l1-2-1

ResizePseudoConsole
ClosePseudoConsole

api-ms-win-security-base-l1-1-0

GetLengthSid
InitializeAcl
GetTokenInformation
InitializeSecurityDescriptor
FreeSid
AddAce
ImpersonateLoggedOnUser
CopySid
AllocateAndInitializeSid
SetSecurityDescriptorDacl
RevertToSelf
AddAccessAllowedAce

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
GetLastError
UnhandledExceptionFilter

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW

api-ms-win-core-console-internal-l1-1-0

CreatePseudoConsoleAsUser

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-io-l1-1-0

DeviceIoControl

Sections

.text
Size: 24KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 168B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 180B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
amd64_microsoft-windows-e..ymanagementservices_31bf3856ad364e35_10.0.22621.1_none_550a9176ead31bb7/sacsvr.dll
.dll regsvr32 windows x64

4c67ae6f58bd3adeca58f10c2de5ef1f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

api-ms-win-crt-string-l1-1-0

strncmp
memset
strcmp

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o___stdio_common_vswprintf_s
_o__cexit
_o__configure_narrow_argv
_o__execute_onexit_table
_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__seh_filter_dll
_o__wcsicmp
_o_atoi
_o_free
_o_malloc
_o_wcscpy_s
__C_specific_handler
_o___std_type_info_destroy_list
wcsstr

ntdll

RtlCreateUnicodeString
RtlFindMessage
RtlInitAnsiString
RtlCaptureContext
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlInitUnicodeString
RtlUTF8StringToUnicodeString
RtlInitUTF8String
RtlAnsiStringToUnicodeString
RtlPublishWnfStateData
NtCreateFile

api-ms-win-core-libraryloader-l1-2-0

DisableThreadLibraryCalls
GetModuleHandleW
GetModuleHandleExW

api-ms-win-core-registry-l1-1-0

RegSetValueExW
RegCloseKey
RegOpenKeyExW
RegCreateKeyExW
RegQueryValueExW

api-ms-win-core-synch-l1-1-0

WaitForSingleObject
CreateEventW
WaitForMultipleObjectsEx
SetEvent

api-ms-win-core-sysinfo-l1-1-0

GetSystemDirectoryW
GetSystemTimeAsFileTime

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-heap-l2-1-0

LocalFree

api-ms-win-core-processthreads-l1-1-0

TerminateProcess
GetExitCodeProcess
GetCurrentProcessId
CreateProcessW
CreateThread
GetCurrentThreadId
GetCurrentProcess

api-ms-win-service-core-l1-1-0

SetServiceStatus

api-ms-win-core-debug-minidump-l1-1-0

MiniDumpWriteDump

api-ms-win-core-heap-l1-1-0

HeapFree
HeapAlloc
GetProcessHeap

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent
OpenProcess

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
SetErrorMode
GetLastError
SetUnhandledExceptionFilter

api-ms-win-core-file-l1-1-0

CreateFileW
CreateFileA

api-ms-win-service-management-l1-1-0

OpenServiceW
CloseServiceHandle
StartServiceW
OpenSCManagerW

api-ms-win-service-winsvc-l1-1-0

RegisterServiceCtrlHandlerW

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent

api-ms-win-core-io-l1-1-0

DeviceIoControl

Exports

Exports

DllRegisterServer
DllUnregisterServer
ServiceMain

Sections

.text
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 696B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 44B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
amd64_microsoft-windows-eapmethods_31bf3856ad364e35_10.0.22621.1_none_0821800374fc908f/eaptlsconnectionpropertiesv1.xsd
.xml
amd64_microsoft-windows-eapmethods_31bf3856ad364e35_10.0.22621.1_none_0821800374fc908f/eaptlsconnectionpropertiesv2.xsd
.xml
amd64_microsoft-windows-eapmethods_31bf3856ad364e35_10.0.22621.1_none_0821800374fc908f/eaptlsconnectionpropertiesv3.xsd
.xml
amd64_microsoft-windows-eapmethods_31bf3856ad364e35_10.0.22621.1_none_0821800374fc908f/eaptlsuserpropertiesv1.xsd
.xml
amd64_microsoft-windows-eapmethods_31bf3856ad364e35_10.0.22621.1_none_0821800374fc908f/mschapv2connectionpropertiesv1.xsd
.xml
amd64_microsoft-windows-eapmethods_31bf3856ad364e35_10.0.22621.1_none_0821800374fc908f/mschapv2userpropertiesv1.xsd
.xml
amd64_microsoft-windows-eapmethods_31bf3856ad364e35_10.0.22621.1_none_0821800374fc908f/mspeapconnectionpropertiesv1.xsd
.xml
amd64_microsoft-windows-eapmethods_31bf3856ad364e35_10.0.22621.1_none_0821800374fc908f/mspeapconnectionpropertiesv2.xsd
.xml
amd64_microsoft-windows-eapmethods_31bf3856ad364e35_10.0.22621.1_none_0821800374fc908f/mspeapconnectionpropertiesv3.xsd
.xml
amd64_microsoft-windows-eapmethods_31bf3856ad364e35_10.0.22621.1_none_0821800374fc908f/mspeapuserpropertiesv1.xsd
.xml
amd64_microsoft-windows-eappcfgui.resources_31bf3856ad364e35_10.0.22621.1_en-us_2c5b1cca3da50b60/eappcfgui.dll.mui
.dll windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.rdata
Size: 512B - Virtual size: 224B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.rdata Size: 512B - Virtual size: 224B

.rsrc Size: 4KB - Virtual size: 4KB

664b7ba37c9bf373236f627fa0def42c

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

ntdll

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-heap-l1-1-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-synch-l1-1-0

api-ms-win-core-string-l1-1-0

api-ms-win-core-registry-l1-1-0

api-ms-win-core-file-l1-1-0

api-ms-win-core-memory-l1-1-0

api-ms-win-core-handle-l1-1-0

api-ms-win-core-libraryloader-l1-2-1

api-ms-win-core-synch-l1-2-0

api-ms-win-core-path-l1-1-0

api-ms-win-core-debug-l1-1-0

api-ms-win-core-localization-l1-2-0

api-ms-win-core-string-l2-1-0

api-ms-win-core-memory-l1-1-1

api-ms-win-core-synch-l1-2-1

api-ms-win-core-heap-l2-1-0

api-ms-win-core-localization-l1-2-2

api-ms-win-core-profile-l1-1-0

api-ms-win-core-threadpool-l1-2-0

api-ms-win-core-kernel32-legacy-l1-1-0

api-ms-win-core-atoms-l1-1-0

api-ms-win-core-stringansi-l1-1-0

api-ms-win-core-localization-obsolete-l1-2-0

api-ms-win-core-shlwapi-obsolete-l1-1-0

api-ms-win-core-heap-obsolete-l1-1-0

api-ms-win-core-sidebyside-l1-1-0

user32

gdi32

kernelbase

api-ms-win-core-delayload-l1-1-1

api-ms-win-core-delayload-l1-1-0

api-ms-win-core-apiquery-l1-1-0

Exports

Exports

Sections

.text Size: 1.1MB - Virtual size: 1.1MB

.rdata Size: 524KB - Virtual size: 522KB

.data Size: 8KB - Virtual size: 16KB

.pdata Size: 68KB - Virtual size: 66KB

.didat Size: 4KB - Virtual size: 1KB

.rsrc Size: 56KB - Virtual size: 52KB

.reloc Size: 24KB - Virtual size: 22KB

934c61c9e57d88cfb65fa0e3abebe7b3

Code Sign

33:00:00:03:3c:89:c6:6a:7b:45:bb:1f:bd:00:00:00:00:03:3cCertificate

Extended Key Usages

61:07:76:56:00:00:00:00:00:08Certificate

Key Usages

1f:3d:2c:4d:a5:44:05:69:46:2f:52:31:a8:d3:20:43:bd:f2:59:32:ae:34:4d:68:c0:f0:b4:d7:03:16:b4:acSigner

Signature Validations

Verification

08/09/2022, 15:54 Valid: false

Headers

DLL Characteristics

File Characteristics

Imports

ntoskrnl.exe

hal

.rdata
Size: 512B - Virtual size: 224B

.rsrc
Size: 4KB - Virtual size: 4KB

.text
Size: 1.1MB - Virtual size: 1.1MB

.rdata
Size: 524KB - Virtual size: 522KB

.data
Size: 8KB - Virtual size: 16KB

.pdata
Size: 68KB - Virtual size: 66KB

.didat
Size: 4KB - Virtual size: 1KB

.rsrc
Size: 56KB - Virtual size: 52KB

.reloc
Size: 24KB - Virtual size: 22KB

33:00:00:03:3c:89:c6:6a:7b:45:bb:1f:bd:00:00:00:00:03:3c
Certificate

61:07:76:56:00:00:00:00:00:08
Certificate

1f:3d:2c:4d:a5:44:05:69:46:2f:52:31:a8:d3:20:43:bd:f2:59:32:ae:34:4d:68:c0:f0:b4:d7:03:16:b4:ac
Signer

08/09/2022, 15:54
Valid: false

.text
Size: 20KB - Virtual size: 16KB

.rdata
Size: 4KB - Virtual size: 2KB

.data
Size: 4KB - Virtual size: 288B

.pdata
Size: 4KB - Virtual size: 1KB

.idata
Size: 4KB - Virtual size: 1KB

PAGE
Size: 4KB - Virtual size: 1KB

fothk
Size: 4KB - Virtual size: 4KB

.edata
Size: 4KB - Virtual size: 2KB

INIT
Size: 4KB - Virtual size: 668B

GFIDS
Size: 4KB - Virtual size: 400B

.rsrc
Size: 4KB - Virtual size: 1008B

.reloc
Size: 4KB - Virtual size: 612B

33:00:00:03:3c:89:c6:6a:7b:45:bb:1f:bd:00:00:00:00:03:3c
Certificate

61:07:76:56:00:00:00:00:00:08
Certificate

b4:c7:ad:e8:35:99:79:5c:f8:0e:75:7d:86:dd:2b:ef:6b:55:4b:c8:5a:d1:12:0f:c0:12:4e:63:6c:81:53:ea
Signer

08/09/2022, 15:54
Valid: false

.text
Size: 20KB - Virtual size: 17KB

.rdata
Size: 4KB - Virtual size: 2KB

.data
Size: 4KB - Virtual size: 256B

.pdata
Size: 4KB - Virtual size: 1KB

.idata
Size: 4KB - Virtual size: 1KB

PAGE
Size: 4KB - Virtual size: 737B

fothk
Size: 4KB - Virtual size: 4KB

.edata
Size: 4KB - Virtual size: 2KB

INIT
Size: 4KB - Virtual size: 680B

GFIDS
Size: 4KB - Virtual size: 312B

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 4KB - Virtual size: 608B

.text
Size: 12KB - Virtual size: 8KB

.rdata
Size: 4KB - Virtual size: 1KB

.data
Size: 4KB - Virtual size: 192B

.pdata
Size: 4KB - Virtual size: 696B

.idata
Size: 4KB - Virtual size: 658B

PAGE
Size: 4KB - Virtual size: 2KB

.edata
Size: 4KB - Virtual size: 110B

INIT
Size: 4KB - Virtual size: 698B

GFIDS
Size: 4KB - Virtual size: 80B

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 4KB - Virtual size: 208B